commit bcf876870b95592b52519ed4aafcf9d95999bc9c Author: Linus Torvalds Date: Sun Aug 2 14:21:45 2020 -0700 Linux 5.8 commit 5a30a78924ecd97b0335d2e1d3e01a5023c1a3d8 Merge: 142c3326b055 bdd65589593e Author: Linus Torvalds Date: Sun Aug 2 13:10:42 2020 -0700 Merge tag 'x86-urgent-2020-08-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fix from Ingo Molnar: "A single fix for a potential deadlock when printing a message about spurious interrupts" * tag 'x86-urgent-2020-08-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/i8259: Use printk_deferred() to prevent deadlock commit 142c3326b055a278c303bfef8dc6a105fff18ca6 Merge: 628e04dfeb4f 28ab576ba8de Author: Linus Torvalds Date: Sun Aug 2 11:23:51 2020 -0700 Merge tag 'kbuild-fixes-v5.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes from Masahiro Yamada: - clean the generated moc file for xconfig - fix xconfig bugs, and revert some bad commits * tag 'kbuild-fixes-v5.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kbuild: remove redundant FORCE definition in scripts/Makefile.modpost kconfig: qconf: remove wrong ConfigList::firstChild() Revert "kconfig: qconf: don't show goback button on splitMode" Revert "kconfig: qconf: Change title for the item window" kconfig: qconf: remove "goBack" debug message kconfig: qconf: use delete[] instead of delete to free array kconfig: qconf: compile moc object separately kconfig: qconf: use if_changed for qconf.moc rule modpost: explain why we can't use strsep commit 628e04dfeb4f66635c0d22cf1ad0cf427406e129 Merge: ac3a0c847296 830f01b089b1 Author: Linus Torvalds Date: Sun Aug 2 10:41:00 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Paolo Bonzini: "Bugfixes and strengthening the validity checks on inputs from new userspace APIs. Now I know why I shouldn't prepare pull requests on the weekend, it's hard to concentrate if your son is shouting about his latest Minecraft builds in your ear. Fortunately all the patches were ready and I just had to check the test results..." * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled KVM: arm64: Don't inherit exec permission across page-table levels KVM: arm64: Prevent vcpu_has_ptrauth from generating OOL functions KVM: nVMX: check for invalid hdr.vmx.flags KVM: nVMX: check for required but missing VMCS12 in KVM_SET_NESTED_STATE selftests: kvm: do not set guest mode flag commit 28ab576ba8de934ee3145b6d75119f016de567cb Author: Masahiro Yamada Date: Sun Aug 2 22:54:40 2020 +0900 kbuild: remove redundant FORCE definition in scripts/Makefile.modpost The same code exists a few lines above. Fixes: 436b2ac603d5 ("modpost: invoke modpost only when input files are updated") Signed-off-by: Masahiro Yamada commit ccf56e5fe3d208883cd6db982197eac9b70a0bf9 Author: Masahiro Yamada Date: Sat Aug 1 16:08:50 2020 +0900 kconfig: qconf: remove wrong ConfigList::firstChild() This function returns the first child object, but the returned pointer is not compatible with (ConfigItem *). Commit cc1c08edccaf ("kconfig: qconf: don't show goback button on splitMode") uncovered this issue because using the pointer from this function would make qconf crash. (https://lkml.org/lkml/2020/7/18/411) This function does not work. Remove. Signed-off-by: Masahiro Yamada commit ac3a0c8472969a03c0496ae774b3a29eb26c8d5a Merge: 0ae3495b6502 fda2ec62cf1a Author: Linus Torvalds Date: Sat Aug 1 16:47:24 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from David Miller: 1) Encap offset calculation is incorrect in esp6, from Sabrina Dubroca. 2) Better parameter validation in pfkey_dump(), from Mark Salyzyn. 3) Fix several clang issues on powerpc in selftests, from Tanner Love. 4) cmsghdr_from_user_compat_to_kern() uses the wrong length, from Al Viro. 5) Out of bounds access in mlx5e driver, from Raed Salem. 6) Fix transfer buffer memleak in lan78xx, from Johan Havold. 7) RCU fixups in rhashtable, from Herbert Xu. 8) Fix ipv6 nexthop refcnt leak, from Xiyu Yang. 9) vxlan FDB dump must be done under RCU, from Ido Schimmel. 10) Fix use after free in mlxsw, from Ido Schimmel. 11) Fix map leak in HASH_OF_MAPS bpf code, from Andrii Nakryiko. 12) Fix bug in mac80211 Tx ack status reporting, from Vasanthakumar Thiagarajan. 13) Fix memory leaks in IPV6_ADDRFORM code, from Cong Wang. 14) Fix bpf program reference count leaks in mlx5 during mlx5e_alloc_rq(), from Xin Xiong. * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (86 commits) vxlan: fix memleak of fdb rds: Prevent kernel-infoleak in rds_notify_queue_get() net/sched: The error lable position is corrected in ct_init_module net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq net/mlx5e: E-Switch, Specify flow_source for rule with no in_port net/mlx5e: E-Switch, Add misc bit when misc fields changed for mirroring net/mlx5e: CT: Support restore ipv6 tunnel net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() ionic: unlock queue mutex in error path atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent net: ethernet: mtk_eth_soc: fix MTU warnings net: nixge: fix potential memory leak in nixge_probe() devlink: ignore -EOPNOTSUPP errors on dumpit rxrpc: Fix race between recvmsg and sendmsg on immediate call failure MAINTAINERS: Replace Thor Thayer as Altera Triple Speed Ethernet maintainer selftests/bpf: fix netdevsim trap_flow_action_cookie read ipv6: fix memory leaks on IPV6_ADDRFORM path net/bpfilter: Initialize pos in __bpfilter_process_sockopt igb: reinit_locked() should be called with rtnl_lock e1000e: continue to init PHY even when failed to disable ULP ... commit 0ae3495b6502cf93634cbd027cb2f6f9f83a406f Merge: bf121a0bda29 7665a47f70b3 Author: Linus Torvalds Date: Sat Aug 1 16:40:59 2020 -0700 Merge tag 'for-linus-2020-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux Pull thread fix from Christian Brauner: "A simple spelling fix for dequeue_synchronous_signal()" * tag 'for-linus-2020-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux: signal: fix typo in dequeue_synchronous_signal() commit bf121a0bda29daa67a1fcedbdf479f6b03c9f977 Merge: d52daa8620c6 39efdd94e314 Author: Linus Torvalds Date: Sat Aug 1 13:08:50 2020 -0700 Merge tag 'perf-tools-fixes-2020-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux Pull perf tooling fixes from Arnaldo Carvalho de Melo: - Fix libtraceevent build with binutils 2.35 - Fix memory leak in process_dynamic_array_len in libtraceevent - Fix 'perf test 68' zstd compression for s390 - Fix record failure when mixed with ARM SPE event * tag 'perf-tools-fixes-2020-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: libtraceevent: Fix build with binutils 2.35 perf tools: Fix record failure when mixed with ARM SPE event perf tests: Fix test 68 zstd compression for s390 tools lib traceevent: Fix memory leak in process_dynamic_array_len commit fda2ec62cf1aa7cbee52289dc8059cd3662795da Author: Taehee Yoo Date: Sat Aug 1 07:07:50 2020 +0000 vxlan: fix memleak of fdb When vxlan interface is deleted, all fdbs are deleted by vxlan_flush(). vxlan_flush() flushes fdbs but it doesn't delete fdb, which contains all-zeros-mac because it is deleted by vxlan_uninit(). But vxlan_uninit() deletes only the fdb, which contains both all-zeros-mac and default vni. So, the fdb, which contains both all-zeros-mac and non-default vni will not be deleted. Test commands: ip link add vxlan0 type vxlan dstport 4789 external ip link set vxlan0 up bridge fdb add to 00:00:00:00:00:00 dst 172.0.0.1 dev vxlan0 via lo \ src_vni 10000 self permanent ip link del vxlan0 kmemleak reports as follows: unreferenced object 0xffff9486b25ced88 (size 96): comm "bridge", pid 2151, jiffies 4294701712 (age 35506.901s) hex dump (first 32 bytes): 02 00 00 00 ac 00 00 01 40 00 09 b1 86 94 ff ff ........@....... 46 02 00 00 00 00 00 00 a7 03 00 00 12 b5 6a 6b F.............jk backtrace: [<00000000c10cf651>] vxlan_fdb_append.part.51+0x3c/0xf0 [vxlan] [<000000006b31a8d9>] vxlan_fdb_create+0x184/0x1a0 [vxlan] [<0000000049399045>] vxlan_fdb_update+0x12f/0x220 [vxlan] [<0000000090b1ef00>] vxlan_fdb_add+0x12a/0x1b0 [vxlan] [<0000000056633c2c>] rtnl_fdb_add+0x187/0x270 [<00000000dd5dfb6b>] rtnetlink_rcv_msg+0x264/0x490 [<00000000fc44dd54>] netlink_rcv_skb+0x4a/0x110 [<00000000dff433e7>] netlink_unicast+0x18e/0x250 [<00000000b87fb421>] netlink_sendmsg+0x2e9/0x400 [<000000002ed55153>] ____sys_sendmsg+0x237/0x260 [<00000000faa51c66>] ___sys_sendmsg+0x88/0xd0 [<000000006c3982f1>] __sys_sendmsg+0x4e/0x80 [<00000000a8f875d2>] do_syscall_64+0x56/0xe0 [<000000003610eefa>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff9486b1c40080 (size 128): comm "bridge", pid 2157, jiffies 4294701754 (age 35506.866s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 f8 dc 42 b2 86 94 ff ff ..........B..... 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk backtrace: [<00000000a2981b60>] vxlan_fdb_create+0x67/0x1a0 [vxlan] [<0000000049399045>] vxlan_fdb_update+0x12f/0x220 [vxlan] [<0000000090b1ef00>] vxlan_fdb_add+0x12a/0x1b0 [vxlan] [<0000000056633c2c>] rtnl_fdb_add+0x187/0x270 [<00000000dd5dfb6b>] rtnetlink_rcv_msg+0x264/0x490 [<00000000fc44dd54>] netlink_rcv_skb+0x4a/0x110 [<00000000dff433e7>] netlink_unicast+0x18e/0x250 [<00000000b87fb421>] netlink_sendmsg+0x2e9/0x400 [<000000002ed55153>] ____sys_sendmsg+0x237/0x260 [<00000000faa51c66>] ___sys_sendmsg+0x88/0xd0 [<000000006c3982f1>] __sys_sendmsg+0x4e/0x80 [<00000000a8f875d2>] do_syscall_64+0x56/0xe0 [<000000003610eefa>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 3ad7a4b141eb ("vxlan: support fdb and learning in COLLECT_METADATA mode") Signed-off-by: Taehee Yoo Acked-by: Roopa Prabhu Signed-off-by: David S. Miller commit d52daa8620c65960e1ef882adc1f92061326bd7a Merge: 7dc6fd0f3b84 c3c0c2e18d94 Author: Linus Torvalds Date: Sat Aug 1 10:11:42 2020 -0700 Merge tag 'pinctrl-v5.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fix from Linus Walleij: "A single last minute pin control fix to the Qualcomm driver fixing missing dual edge PCH interrupts" * tag 'pinctrl-v5.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: qcom: Handle broken/missing PDC dual edge IRQs on sc7180 commit 4b20e103a63d056fb7a594b23d42ef8e0dbfc5ff Author: Masahiro Yamada Date: Sat Aug 1 16:08:49 2020 +0900 Revert "kconfig: qconf: don't show goback button on splitMode" This reverts commit cc1c08edccaf5317d99a17a3231fe06381044e83. Maxim Levitsky reports 'make xconfig' crashes since that commit (https://lkml.org/lkml/2020/7/18/411) Or, the following is simple test code that makes it crash: menu "Menu" config FOO bool "foo" default y menuconfig BAR bool "bar" depends on FOO endmenu Select the Split View mode, and double-click "bar" in the right window, then you will see Segmentation fault. When 'last' is not set for symbolMode, the following code in ConfigList::updateList() calls firstChild(). item = last ? last->nextSibling() : firstChild(); However, the pointer returned by ConfigList::firstChild() does not seem to be compatible with (ConfigItem *), which seems another bug. I'd rather want to reconsider whether hiding the goback icon is the right thing to do. In the following test code, the Split View shows "Menu2" and "Menu3" in the right window. You can descend into "Menu3", but there is no way to ascend back to "Menu2" from "Menu3". menu "Menu1" config FOO bool "foo" default y menu "Menu2" depends on FOO menu "Menu3" config BAZ bool "baz" endmenu endmenu endmenu It is true that the goback button is currently not functional due to yet another bug, but hiding the problem is not the right way to go. Anyway, Segmentation fault is fatal. Revert the offending commit for now, and we should find the right solution. Reported-by: Maxim Levitsky Signed-off-by: Masahiro Yamada commit 97bebbcd8b9368212e08913461bb511e35b46627 Author: Masahiro Yamada Date: Thu Jul 30 02:46:17 2020 +0900 Revert "kconfig: qconf: Change title for the item window" This reverts commit 5752ff07fd90d764d96e3c586cc95c09598abfdd. It added dead code to ConfigList:ConfigList(). The constructor of ConfigList has the initializer, mode(singleMode). if (mode == symbolMode) setHeaderLabels(QStringList() << "Item" << "Name" << "N" << "M" << "Y" << "Value"); else setHeaderLabels(QStringList() << "Option" << "Name" << "N" << "M" << "Y" << "Value"); ... always takes the else part. The change to ConfigList::updateSelection() is strange too. When you click the split view icon for the first time, the titles in both windows show "Option". After you click something in the right window, the title suddenly changes to "Item". ConfigList::updateSelection() is not the right place to do this, at least. It was not a good idea, I think. Signed-off-by: Masahiro Yamada commit ce02397f44e9ad36b14a29f3eeef252a6a8575c4 Author: Masahiro Yamada Date: Thu Jul 30 02:12:40 2020 +0900 kconfig: qconf: remove "goBack" debug message Every time the goback icon is clicked, the annoying message "goBack" is displayed on the console. I guess this line is the left-over debug code of commit af737b4defe1 ("kconfig: qconf: simplify the goBack() logic"). Signed-off-by: Masahiro Yamada commit c9b09a9249e6db802013c37a24af1fe45824cd3a Author: Masahiro Yamada Date: Thu Jul 30 02:02:39 2020 +0900 kconfig: qconf: use delete[] instead of delete to free array cppcheck reports "Mismatching allocation and deallocation". $ cppcheck scripts/kconfig/qconf.cc Checking scripts/kconfig/qconf.cc ... scripts/kconfig/qconf.cc:1242:10: error: Mismatching allocation and deallocation: data [mismatchAllocDealloc] delete data; ^ scripts/kconfig/qconf.cc:1236:15: note: Mismatching allocation and deallocation: data char *data = new char[count + 1]; ^ scripts/kconfig/qconf.cc:1242:10: note: Mismatching allocation and deallocation: data delete data; ^ scripts/kconfig/qconf.cc:1255:10: error: Mismatching allocation and deallocation: data [mismatchAllocDealloc] delete data; ^ scripts/kconfig/qconf.cc:1236:15: note: Mismatching allocation and deallocation: data char *data = new char[count + 1]; ^ scripts/kconfig/qconf.cc:1255:10: note: Mismatching allocation and deallocation: data delete data; ^ Fixes: c4f7398bee9c ("kconfig: qconf: make debug links work again") Reported-by: David Binderman Signed-off-by: Masahiro Yamada commit 0e912c03208075b95ea726076bf1b45db8419bc2 Author: Masahiro Yamada Date: Thu Jul 30 02:02:38 2020 +0900 kconfig: qconf: compile moc object separately Currently, qconf.moc is included from qconf.cc but they can be compiled independently. When you modify qconf.cc, qconf.moc does not need recompiling. Rename qconf.moc to qconf-moc.cc, and split it out as an independent compilation unit. Signed-off-by: Masahiro Yamada commit c3cd7cfad51ab521bf4c3edd050f3dcf275e9ee8 Author: Masahiro Yamada Date: Thu Jul 30 02:02:37 2020 +0900 kconfig: qconf: use if_changed for qconf.moc rule Regenerate qconf.moc when the moc command is changed. This also allows 'make mrproper' to clean it up. Previously, it was not cleaned up because 'clean-files += qconf.moc' was missing. Now 'make mrproper' correctly cleans it up because files listed in 'targets' are cleaned. Signed-off-by: Masahiro Yamada commit 69138b34a7248d2396ab85c8652e20c0c39beaba Merge: 8d46215a1ff3 4f010246b408 Author: David S. Miller Date: Fri Jul 31 17:19:47 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2020-07-31 The following pull-request contains BPF updates for your *net* tree. We've added 5 non-merge commits during the last 21 day(s) which contain a total of 5 files changed, 126 insertions(+), 18 deletions(-). The main changes are: 1) Fix a map element leak in HASH_OF_MAPS map type, from Andrii Nakryiko. 2) Fix a NULL pointer dereference in __btf_resolve_helper_id() when no btf_vmlinux is available, from Peilin Ye. 3) Init pos variable in __bpfilter_process_sockopt(), from Christoph Hellwig. 4) Fix a cgroup sockopt verifier test by specifying expected attach type, from Jean-Philippe Brucker. Note that when net gets merged into net-next later on, there is a small merge conflict in kernel/bpf/btf.c between commit 5b801dfb7feb ("bpf: Fix NULL pointer dereference in __btf_resolve_helper_id()") from the bpf tree and commit 138b9a0511c7 ("bpf: Remove btf_id helpers resolving") from the net-next tree. Resolve as follows: remove the old hunk with the __btf_resolve_helper_id() function. Change the btf_resolve_helper_id() so it actually tests for a NULL btf_vmlinux and bails out: int btf_resolve_helper_id(struct bpf_verifier_log *log, const struct bpf_func_proto *fn, int arg) { int id; if (fn->arg_type[arg] != ARG_PTR_TO_BTF_ID || !btf_vmlinux) return -EINVAL; id = fn->btf_id[arg]; if (!id || id > btf_vmlinux->nr_types) return -EINVAL; return id; } Let me know if you run into any others issues (CC'ing Jiri Olsa so he's in the loop with regards to merge conflict resolution). ==================== Signed-off-by: David S. Miller commit 8d46215a1ff37b83e80e573563066548fc82084d Merge: e535d87d8b4f 71b59bf482b2 Author: David S. Miller Date: Fri Jul 31 17:10:53 2020 -0700 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2020-07-31 1) Fix policy matching with mark and mask on userspace interfaces. From Xin Long. 2) Several fixes for the new ESP in TCP encapsulation. From Sabrina Dubroca. 3) Fix crash when the hold queue is used. The assumption that xdst->path and dst->child are not a NULL pointer only if dst->xfrm is not a NULL pointer is true with the exception of using the hold queue. Fix this by checking for hold queue usage before dereferencing xdst->path or dst->child. 4) Validate pfkey_dump parameter before sending them. From Mark Salyzyn. 5) Fix the location of the transport header with ESP in UDPv6 encapsulation. From Sabrina Dubroca. ==================== Signed-off-by: David S. Miller commit e535d87d8b4f85fe1659aa38c8fb75226b56eec5 Merge: bbc8a99e9522 e692139e6af3 Author: David S. Miller Date: Fri Jul 31 17:05:54 2020 -0700 Merge tag 'mlx5-fixes-2020-07-30' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== Mellanox, mlx5 fixes 2020-07-30 This small patchset introduces some fixes to mlx5 driver. Please pull and let me know if there is any problem. For -stable v4.18: ('net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq') For -stable v5.7: ('net/mlx5e: E-Switch, Add misc bit when misc fields changed for mirroring') ==================== Signed-off-by: David S. Miller commit bbc8a99e952226c585ac17477a85ef1194501762 Author: Peilin Ye Date: Thu Jul 30 15:20:26 2020 -0400 rds: Prevent kernel-infoleak in rds_notify_queue_get() rds_notify_queue_get() is potentially copying uninitialized kernel stack memory to userspace since the compiler may leave a 4-byte hole at the end of `cmsg`. In 2016 we tried to fix this issue by doing `= { 0 };` on `cmsg`, which unfortunately does not always initialize that 4-byte hole. Fix it by using memset() instead. Cc: stable@vger.kernel.org Fixes: f037590fff30 ("rds: fix a leak of kernel memory") Fixes: bdbe6fbc6a2f ("RDS: recv.c") Suggested-by: Dan Carpenter Signed-off-by: Peilin Ye Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller commit dc096288d579c82efbf6f82a5d895fed6e41e5a6 Merge: 8c5c51f5cac6 024a8168b749 Author: David S. Miller Date: Fri Jul 31 16:51:58 2020 -0700 Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue Tony Nguyen says: ==================== Intel Wired LAN Driver Updates 2020-07-30 This series contains updates to the e1000e and igb drivers. Aaron Ma allows PHY initialization to continue if ULP disable failed for e1000e. Francesco Ruggeri fixes race conditions in igb reset that could cause panics. ==================== Signed-off-by: David S. Miller commit 8c5c51f5cac676e9065cb6de9feaa3a16a462675 Author: liujian Date: Thu Jul 30 16:14:28 2020 +0800 net/sched: The error lable position is corrected in ct_init_module Exchange the positions of the err_tbl_init and err_register labels in ct_init_module function. Fixes: c34b961a2492 ("net/sched: act_ct: Create nf flow table per zone") Signed-off-by: liujian Signed-off-by: David S. Miller commit 7dc6fd0f3b8404542718039f5de19fe56e474578 Merge: deacdb3e3979 8808981baf96 Author: Linus Torvalds Date: Fri Jul 31 12:50:54 2020 -0700 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Some I2C core improvements to prevent NULL pointer usage and a MAINTAINERS update" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: slave: add sanity check when unregistering i2c: slave: improve sanity check when registering MAINTAINERS: Update GENI I2C maintainers list i2c: also convert placeholder function to return errno commit deacdb3e3979979016fcd0ffd518c320a62ad166 Merge: 14aab7eeb9f0 909adfc66b9a Author: Linus Torvalds Date: Fri Jul 31 09:38:39 2020 -0700 Merge tag 'powerpc-5.8-8' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fix from Michael Ellerman: "Fix a bug introduced by the changes we made to lockless page table walking this cycle. When using the hash MMU, and perf with callchain recording, we can deadlock if the PMI interrupts a hash fault, and the callchain recording then takes a hash fault on the same page. Thanks to Nicholas Piggin, Aneesh Kumar K.V, Anton Blanchard, and Athira Rajeev" * tag 'powerpc-5.8-8' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/64s/hash: Fix hash_preload running with interrupts enabled commit 14aab7eeb9f0b9c424aab0f07eb82b1baf2e5bbd Merge: c1954ca6abdc 6a7389f0312f Author: Linus Torvalds Date: Fri Jul 31 09:36:03 2020 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "The main one is to fix the build after Willy's per-cpu entropy changes this week. Although that was already resolved elsewhere, the arm64 fix here is useful cleanup anyway. Other than that, we've got a fix for building with Clang's integrated assembler and a fix to make our IPv4 checksumming robust against invalid header lengths (this only seems to be triggerable by injected errors). - Fix build breakage due to circular headers - Fix build regression when using Clang's integrated assembler - Fix IPv4 header checksum code to deal with invalid length field - Fix broken path for Arm PMU entry in MAINTAINERS" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: MAINTAINERS: Include drivers subdirs for ARM PMU PROFILING AND DEBUGGING entry arm64: csum: Fix handling of bad packets arm64: Drop unnecessary include from asm/smp.h arm64/alternatives: move length validation inside the subsection commit c1954ca6abdc69a02a768368eb31882e92cf5bfa Merge: ae2911de2eb5 5c6360ee4a0e Author: Linus Torvalds Date: Fri Jul 31 09:33:45 2020 -0700 Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fixes from Russell King: - avoid invoking overflow handler for uaccess watchpoints - fix incorrect clock_gettime64 availability - fix EFI crash in create_mapping_late() * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: 8988/1: mmu: fix crash in EFI calls due to p4d typo in create_mapping_late() ARM: 8987/1: VDSO: Fix incorrect clock_gettime64 ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints commit ae2911de2eb5dc9ccb88c6502c776a8fbb7acc67 Merge: 78431ab723aa fb448ce87a4a Author: Linus Torvalds Date: Fri Jul 31 09:22:10 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull rdma fixes from Jason Gunthorpe: "Two more merge window regressions, a corruption bug in hfi1 and a few other small fixes. - Missing user input validation regression in ucma - Disallowing a previously allowed user combination regression in mlx5 - ODP prefetch memory leaking triggerable by userspace - Memory corruption in hf1 due to faulty ring buffer logic - Missed mutex initialization crash in mlx5 - Two small defects with RDMA DIM" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: RDMA/core: Free DIM memory in error unwind RDMA/core: Stop DIM before destroying CQ RDMA/mlx5: Initialize QP mutex for the debug kernels IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE RDMA/mlx5: Allow providing extra scatter CQE QP flag RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails RDMA/cm: Add min length checks to user structure copies commit 78431ab723aa6f10258979acf88d9aaac2462cbe Merge: d8b9faec54ae 5649625344fe Author: Linus Torvalds Date: Fri Jul 31 09:17:24 2020 -0700 Merge tag 'sound-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "A few wrap-up small fixes for the usual HD-audio and USB-audio stuff: - A regression fix for S3 suspend on old Intel platforms - A fix for possible Oops in ASoC HD-audio binding - Trivial quirks for various devices" * tag 'sound-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek - Fixed HP right speaker no sound ALSA: hda: fix NULL pointer dereference during suspend ALSA: hda/hdmi: Fix keep_power assignment for non-component devices ALSA: hda: Workaround for spurious wakeups on some Intel platforms ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 ALSA: usb-audio: Add implicit feedback quirk for SSL2 commit 39efdd94e314336f4acbac4c07e0f37bdc3bef71 Author: Ben Hutchings Date: Sat Jul 25 02:06:23 2020 +0100 libtraceevent: Fix build with binutils 2.35 In binutils 2.35, 'nm -D' changed to show symbol versions along with symbol names, with the usual @@ separator. When generating libtraceevent-dynamic-list we need just the names, so strip off the version suffix if present. Signed-off-by: Ben Hutchings Tested-by: Salvatore Bonaccorso Reviewed-by: Steven Rostedt Cc: linux-trace-devel@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit bd3c628f8fafa6cbd6a1ca440034b841f0080160 Author: Wei Li Date: Fri Jul 24 15:11:10 2020 +0800 perf tools: Fix record failure when mixed with ARM SPE event When recording with cache-misses and arm_spe_x event, I found that it will just fail without showing any error info if i put cache-misses after 'arm_spe_x' event. [root@localhost 0620]# perf record -e cache-misses \ -e arm_spe_0/ts_enable=1,pct_enable=1,pa_enable=1,load_filter=1,jitter=1,store_filter=1,min_latency=0/ sleep 1 [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.067 MB perf.data ] [root@localhost 0620]# [root@localhost 0620]# perf record -e arm_spe_0/ts_enable=1,pct_enable=1,pa_enable=1,load_filter=1,jitter=1,store_filter=1,min_latency=0/ \ -e cache-misses sleep 1 [root@localhost 0620]# The current code can only work if the only event to be traced is an 'arm_spe_x', or if it is the last event to be specified. Otherwise the last event type will be checked against all the arm_spe_pmus[i]->types, none will match and an out of bound 'i' index will be used in arm_spe_recording_init(). We don't support concurrent multiple arm_spe_x events currently, that is checked in arm_spe_recording_options(), and it will show the relevant info. So add the check and record of the first found 'arm_spe_pmu' to fix this issue here. Fixes: ffd3d18c20b8 ("perf tools: Add ARM Statistical Profiling Extensions (SPE) support") Signed-off-by: Wei Li Reviewed-by: Mathieu Poirier Tested-by-by: Leo Yan Cc: Alexander Shishkin Cc: Hanjun Guo Cc: Jiri Olsa Cc: Kim Phillips Cc: Mark Rutland Cc: Mike Leach Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Suzuki Poulouse Cc: linux-arm-kernel@lists.infradead.org Link: http://lore.kernel.org/lkml/20200724071111.35593-2-liwei391@huawei.com Signed-off-by: Arnaldo Carvalho de Melo commit 463538a383a27337cb83ae195e432a839a52d639 Author: Thomas Richter Date: Wed Jul 29 15:53:14 2020 +0200 perf tests: Fix test 68 zstd compression for s390 Commit 5aa98879efe7 ("s390/cpum_sf: prohibit callchain data collection") prohibits call graph sampling for hardware events on s390. The information recorded is out of context and does not match. On s390 this commit now breaks test case 68 Zstd perf.data compression/decompression. Therefore omit call graph sampling on s390 in this test. Output before: [root@t35lp46 perf]# ./perf test -Fv 68 68: Zstd perf.data compression/decompression : --- start --- Collecting compressed record file: Error: cycles: PMU Hardware doesn't support sampling/overflow-interrupts. Try 'perf stat' ---- end ---- Zstd perf.data compression/decompression: FAILED! [root@t35lp46 perf]# Output after: [root@t35lp46 perf]# ./perf test -Fv 68 68: Zstd perf.data compression/decompression : --- start --- Collecting compressed record file: 500+0 records in 500+0 records out 256000 bytes (256 kB, 250 KiB) copied, 0.00615638 s, 41.6 MB/s [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.004 MB /tmp/perf.data.X3M, compressed (original 0.002 MB, ratio is 3.609) ] Checking compressed events stats: # compressed : Zstd, level = 1, ratio = 4 COMPRESSED events: 1 2ELIFREPh---- end ---- Zstd perf.data compression/decompression: Ok [root@t35lp46 perf]# Signed-off-by: Thomas Richter Reviewed-by: Sumanth Korikkar Cc: Heiko Carstens Cc: Sven Schnelle Cc: Vasily Gorbik Link: http://lore.kernel.org/lkml/20200729135314.91281-1-tmricht@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo commit e24c6447ccb7b1a01f9bf0aec94939e6450c0b4d Author: Philippe Duplessis-Guindon Date: Thu Jul 30 11:02:36 2020 -0400 tools lib traceevent: Fix memory leak in process_dynamic_array_len I compiled with AddressSanitizer and I had these memory leaks while I was using the tep_parse_format function: Direct leak of 28 byte(s) in 4 object(s) allocated from: #0 0x7fb07db49ffe in __interceptor_realloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dffe) #1 0x7fb07a724228 in extend_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:985 #2 0x7fb07a724c21 in __read_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1140 #3 0x7fb07a724f78 in read_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1206 #4 0x7fb07a725191 in __read_expect_type /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1291 #5 0x7fb07a7251df in read_expect_type /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1299 #6 0x7fb07a72e6c8 in process_dynamic_array_len /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:2849 #7 0x7fb07a7304b8 in process_function /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3161 #8 0x7fb07a730900 in process_arg_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3207 #9 0x7fb07a727c0b in process_arg /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1786 #10 0x7fb07a731080 in event_read_print_args /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3285 #11 0x7fb07a731722 in event_read_print /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3369 #12 0x7fb07a740054 in __tep_parse_format /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6335 #13 0x7fb07a74047a in __parse_event /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6389 #14 0x7fb07a740536 in tep_parse_format /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6431 #15 0x7fb07a785acf in parse_event ../../../src/fs-src/fs.c:251 #16 0x7fb07a785ccd in parse_systems ../../../src/fs-src/fs.c:284 #17 0x7fb07a786fb3 in read_metadata ../../../src/fs-src/fs.c:593 #18 0x7fb07a78760e in ftrace_fs_source_init ../../../src/fs-src/fs.c:727 #19 0x7fb07d90c19c in add_component_with_init_method_data ../../../../src/lib/graph/graph.c:1048 #20 0x7fb07d90c87b in add_source_component_with_initialize_method_data ../../../../src/lib/graph/graph.c:1127 #21 0x7fb07d90c92a in bt_graph_add_source_component ../../../../src/lib/graph/graph.c:1152 #22 0x55db11aa632e in cmd_run_ctx_create_components_from_config_components ../../../src/cli/babeltrace2.c:2252 #23 0x55db11aa6fda in cmd_run_ctx_create_components ../../../src/cli/babeltrace2.c:2347 #24 0x55db11aa780c in cmd_run ../../../src/cli/babeltrace2.c:2461 #25 0x55db11aa8a7d in main ../../../src/cli/babeltrace2.c:2673 #26 0x7fb07d5460b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) The token variable in the process_dynamic_array_len function is allocated in the read_expect_type function, but is not freed before calling the read_token function. Free the token variable before calling read_token in order to plug the leak. Signed-off-by: Philippe Duplessis-Guindon Reviewed-by: Steven Rostedt (VMware) Link: https://lore.kernel.org/linux-trace-devel/20200730150236.5392-1-pduplessis@efficios.com Signed-off-by: Arnaldo Carvalho de Melo commit 830f01b089b12bbe93bd55f2d62837253012a30e Author: Wanpeng Li Date: Fri Jul 31 11:12:21 2020 +0800 KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM 'Commit 8566ac8b8e7c ("KVM: SVM: Implement pause loop exit logic in SVM")' drops disable pause loop exit/pause filtering capability completely, I guess it is a merge fault by Radim since disable vmexits capabilities and pause loop exit for SVM patchsets are merged at the same time. This patch reintroduces the disable pause loop exit/pause filtering capability support. Reported-by: Haiwei Li Tested-by: Haiwei Li Fixes: 8566ac8b ("KVM: SVM: Implement pause loop exit logic in SVM") Signed-off-by: Wanpeng Li Message-Id: <1596165141-28874-3-git-send-email-wanpengli@tencent.com> Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini commit d2286ba7d574ba3103a421a2f9ec17cb5b0d87a1 Author: Wanpeng Li Date: Fri Jul 31 11:12:19 2020 +0800 KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled Prevent setting the tscdeadline timer if the lapic is hw disabled. Fixes: bce87cce88 (KVM: x86: consolidate different ways to test for in-kernel LAPIC) Cc: Signed-off-by: Wanpeng Li Message-Id: <1596165141-28874-1-git-send-email-wanpengli@tencent.com> Signed-off-by: Paolo Bonzini commit d8b9faec54ae4bc2fff68bcd0befa93ace8256ce Merge: a2ec905d1e16 887c909dd5d5 Author: Linus Torvalds Date: Thu Jul 30 21:26:42 2020 -0700 Merge tag 'drm-fixes-2020-07-31' of git://anongit.freedesktop.org/drm/drm Pull more drm fixes from Dave Airlie: "As mentioned previously this contains the nouveau regression fix. amdgpu had three fixes outstanding as well, one revert, an info leak and use after free. The use after free is a bit trickier than I'd like, and I've personally gone over it to confirm I'm happy that it is doing what it says. nouveau: - final modifiers regression fix amdgpu: - Revert a fix which caused other regressions - Fix potential kernel info leak - Fix a use-after-free bug that was uncovered by another change in 5.7" * tag 'drm-fixes-2020-07-31' of git://anongit.freedesktop.org/drm/drm: drm/nouveau: Accept 'legacy' format modifiers Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" drm/amd/display: Clear dm_state for fast updates drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() commit 887c909dd5d557c203a233ebbe238c18438a680a Merge: faa0fcf943d2 87004abfbc27 Author: Dave Airlie Date: Fri Jul 31 13:04:00 2020 +1000 Merge tag 'amd-drm-fixes-5.8-2020-07-30' of git://people.freedesktop.org/~agd5f/linux into drm-fixes amd-drm-fixes-5.8-2020-07-30: amdgpu: - Revert a fix which caused other regressions - Fix potential kernel info leak - Fix a use-after-free bug that was uncovered by another change in 5.7 Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20200730154338.244104-1-alexander.deucher@amd.com commit faa0fcf943d2d53992b3c73752df9a0547cb4797 Author: James Jones Date: Thu Jul 30 16:58:23 2020 -0700 drm/nouveau: Accept 'legacy' format modifiers Accept the DRM_FORMAT_MOD_NVIDIA_16BX2_BLOCK() family of modifiers to handle broken userspace Xorg modesetting and Mesa drivers. Existing Mesa drivers are still aware of only these older format modifiers which do not differentiate between different variations of the block linear layout. When the format modifier support flag was flipped in the nouveau kernel driver, the X.org modesetting driver began attempting to use its format modifier-enabled framebuffer path. Because the set of format modifiers advertised by the kernel prior to this change do not intersect with the set of format modifiers advertised by Mesa, allocating GBM buffers using format modifiers fails and the modesetting driver falls back to non-modifier allocation. However, it still later queries the modifier of the GBM buffer when creating its DRM-KMS framebuffer object, receives the old-format modifier from Mesa, and attempts to create a framebuffer with it. Since the kernel is still not aware of these formats, this fails. Userspace should not be attempting to query format modifiers of GBM buffers allocated with a non- format-modifier-aware allocation path, but to avoid breaking existing userspace behavior, this change accepts the old-style format modifiers when creating framebuffers and applying them to planes by translating them to the equivalent new-style modifier. To accomplish this, some layout parameters must be assumed to match properties of the device targeted by the relevant ioctls. To avoid perpetuating misuse of the old-style modifiers, this change does not advertise support for them. Doing so would imply compatibility between devices with incompatible memory layouts. Tested with Xorg 1.20 modesetting driver, weston@c46c70dac84a4b3030cd05b380f9f410536690fc, gnome & KDE wayland desktops from Ubuntu 18.04, and sway 1.5 Reported-by: Kirill A. Shutemov Fixes: fa4f4c213f5f ("drm/nouveau/kms: Support NVIDIA format modifiers") Link: https://lkml.org/lkml/2020/6/30/1251 Signed-off-by: James Jones Acked-by: Ben Skeggs Signed-off-by: Dave Airlie commit e692139e6af339a1495ef401b2d95f7f9d1c7a44 Author: Xin Xiong Date: Thu Jul 30 18:29:41 2020 +0800 net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq The function invokes bpf_prog_inc(), which increases the reference count of a bpf_prog object "rq->xdp_prog" if the object isn't NULL. The refcount leak issues take place in two error handling paths. When either mlx5_wq_ll_create() or mlx5_wq_cyc_create() fails, the function simply returns the error code and forgets to drop the reference count increased earlier, causing a reference count leak of "rq->xdp_prog". Fix this issue by jumping to the error handling path err_rq_wq_destroy while either function fails. Fixes: 422d4c401edd ("net/mlx5e: RX, Split WQ objects for different RQ types") Signed-off-by: Xin Xiong Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Signed-off-by: Saeed Mahameed commit 6f7bbad18e8343da6318654f408dea0ccd6efb00 Author: Jianbo Liu Date: Fri Jul 3 02:34:23 2020 +0000 net/mlx5e: E-Switch, Specify flow_source for rule with no in_port The flow_source must be specified, even for rule without matching source vport, because some actions are only allowed in uplink. Otherwise, rule can't be offloaded and firmware syndrome happens. Fixes: 6fb0701a9cfa ("net/mlx5: E-Switch, Add support for offloading rules with no in_port") Signed-off-by: Jianbo Liu Reviewed-by: Chris Mi Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed commit 0faddfe6b7953e224a1283f89f671ef6a9ba73de Author: Jianbo Liu Date: Thu Jul 2 01:06:37 2020 +0000 net/mlx5e: E-Switch, Add misc bit when misc fields changed for mirroring The modified flow_context fields in FTE must be indicated in modify_enable bitmask. Previously, the misc bit in modify_enable is always set as source vport must be set for each rule. So, when parsing vxlan/gre/geneve/qinq rules, this bit is not set because those are all from the same misc fileds that source vport fields are located at, and we don't need to set the indicator twice. After adding per vport tables for mirroring, misc bit is not set, then firmware syndrome happens. To fix it, set the bit wherever misc fileds are changed. This also makes it unnecessary to check misc fields and set the misc bit accordingly in metadata matching, so here remove it. Besides, flow_source must be specified for uplink because firmware will check it and some actions are only allowed for packets received from uplink. Fixes: 96e326878fa5 ("net/mlx5e: Eswitch, Use per vport tables for mirroring") Signed-off-by: Jianbo Liu Reviewed-by: Chris Mi Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed commit 01cefbbe2c51fa94d4221ca63d236907c5e19fe3 Author: Jianbo Liu Date: Mon Jul 20 01:36:45 2020 +0000 net/mlx5e: CT: Support restore ipv6 tunnel Currently the driver restores only IPv4 tunnel headers. Add support for restoring IPv6 tunnel header. Fixes: b8ce90370977 ("net/mlx5e: Restore tunnel metadata on miss") Signed-off-by: Jianbo Liu Reviewed-by: Roi Dayan Reviewed-by: Oz Shlomo Signed-off-by: Saeed Mahameed commit d0c3c75d5d8911b0e92e48ce79b827ad869d5c93 Merge: 85496a292241 04e35caa32ec Author: David S. Miller Date: Thu Jul 30 17:47:34 2020 -0700 Merge tag 'mac80211-for-davem-2020-07-30' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== A couple of more changes: * remove a warning that can trigger in certain races * check a function pointer before using it * check before adding 6 GHz to avoid a warning in mesh * fix two memory leaks in mesh * fix a TX status bug leading to a memory leak ==================== Signed-off-by: David S. Miller commit 85496a29224188051b6135eb38da8afd4c584765 Author: Wang Hai Date: Thu Jul 30 15:30:00 2020 +0800 net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() Fix the missing clk_disable_unprepare() before return from gemini_ethernet_port_probe() in the error handling case. Fixes: 4d5ae32f5e1e ("net: ethernet: Add a driver for Gemini gigabit ethernet") Reported-by: Hulk Robot Signed-off-by: Wang Hai Signed-off-by: David S. Miller commit 59929fbb45e06da7d501d3a97f10a91912181f7c Author: Shannon Nelson Date: Wed Jul 29 10:52:17 2020 -0700 ionic: unlock queue mutex in error path On an error return, jump to the unlock at the end to be sure to unlock the queue_lock mutex. Fixes: 0925e9db4dc8 ("ionic: use mutex to protect queue operations") Reported-by: kernel test robot Reported-by: Julia Lawall Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller commit 51875dad43b44241b46a569493f1e4bfa0386d86 Author: Xin Xiong Date: Wed Jul 29 21:06:59 2020 +0800 atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent atmtcp_remove_persistent() invokes atm_dev_lookup(), which returns a reference of atm_dev with increased refcount or NULL if fails. The refcount leaks issues occur in two error handling paths. If dev_data->persist is zero or PRIV(dev)->vcc isn't NULL, the function returns 0 without decreasing the refcount kept by a local variable, resulting in refcount leaks. Fix the issue by adding atm_dev_put() before returning 0 both when dev_data->persist is zero or PRIV(dev)->vcc isn't NULL. Signed-off-by: Xin Xiong Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Signed-off-by: David S. Miller commit 555a893303872e044fb86f0a5834ce78d41ad2e2 Author: Landen Chao Date: Wed Jul 29 10:15:17 2020 +0200 net: ethernet: mtk_eth_soc: fix MTU warnings in recent kernel versions there are warnings about incorrect MTU size like these: eth0: mtu greater than device maximum mtk_soc_eth 1b100000.ethernet eth0: error -22 setting MTU to include DSA overhead Fixes: bfcb813203e6 ("net: dsa: configure the MTU for switch ports") Fixes: 72579e14a1d3 ("net: dsa: don't fail to probe if we couldn't set the MTU") Fixes: 7a4c53bee332 ("net: report invalid mtu value via netlink extack") Signed-off-by: Landen Chao Signed-off-by: Frank Wunderlich Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 366228ed01f6882cc203e3d5b40010dfae0be1c3 Author: Lu Wei Date: Wed Jul 29 11:50:05 2020 +0800 net: nixge: fix potential memory leak in nixge_probe() If some processes in nixge_probe() fail, free_netdev(dev) needs to be called to aviod a memory leak. Fixes: 87ab207981ec ("net: nixge: Separate ctrl and dma resources") Fixes: abcd3d6fc640 ("net: nixge: Fix error path for obtaining mac address") Reported-by: Hulk Robot Signed-off-by: Lu Wei Signed-off-by: David S. Miller commit 82274d075536322368ce710b211c41c37c4740b9 Author: Jakub Kicinski Date: Tue Jul 28 16:15:07 2020 -0700 devlink: ignore -EOPNOTSUPP errors on dumpit Number of .dumpit functions try to ignore -EOPNOTSUPP errors. Recent change missed that, and started reporting all errors but -EMSGSIZE back from dumps. This leads to situation like this: $ devlink dev info devlink answers: Operation not supported Dump should not report an error just because the last device to be queried could not provide an answer. To fix this and avoid similar confusion make sure we clear err properly, and not leave it set to an error if we don't terminate the iteration. Fixes: c62c2cfb801b ("net: devlink: don't ignore errors during dumpit") Signed-off-by: Jakub Kicinski Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit 65550098c1c4db528400c73acf3e46bfa78d9264 Author: David Howells Date: Wed Jul 29 00:03:56 2020 +0100 rxrpc: Fix race between recvmsg and sendmsg on immediate call failure There's a race between rxrpc_sendmsg setting up a call, but then failing to send anything on it due to an error, and recvmsg() seeing the call completion occur and trying to return the state to the user. An assertion fails in rxrpc_recvmsg() because the call has already been released from the socket and is about to be released again as recvmsg deals with it. (The recvmsg_q queue on the socket holds a ref, so there's no problem with use-after-free.) We also have to be careful not to end up reporting an error twice, in such a way that both returns indicate to userspace that the user ID supplied with the call is no longer in use - which could cause the client to malfunction if it recycles the user ID fast enough. Fix this by the following means: (1) When sendmsg() creates a call after the point that the call has been successfully added to the socket, don't return any errors through sendmsg(), but rather complete the call and let recvmsg() retrieve them. Make sendmsg() return 0 at this point. Further calls to sendmsg() for that call will fail with ESHUTDOWN. Note that at this point, we haven't send any packets yet, so the server doesn't yet know about the call. (2) If sendmsg() returns an error when it was expected to create a new call, it means that the user ID wasn't used. (3) Mark the call disconnected before marking it completed to prevent an oops in rxrpc_release_call(). (4) recvmsg() will then retrieve the error and set MSG_EOR to indicate that the user ID is no longer known by the kernel. An oops like the following is produced: kernel BUG at net/rxrpc/recvmsg.c:605! ... RIP: 0010:rxrpc_recvmsg+0x256/0x5ae ... Call Trace: ? __init_waitqueue_head+0x2f/0x2f ____sys_recvmsg+0x8a/0x148 ? import_iovec+0x69/0x9c ? copy_msghdr_from_user+0x5c/0x86 ___sys_recvmsg+0x72/0xaa ? __fget_files+0x22/0x57 ? __fget_light+0x46/0x51 ? fdget+0x9/0x1b do_recvmmsg+0x15e/0x232 ? _raw_spin_unlock+0xa/0xb ? vtime_delta+0xf/0x25 __x64_sys_recvmmsg+0x2c/0x2f do_syscall_64+0x4c/0x78 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 357f5ef64628 ("rxrpc: Call rxrpc_release_call() on error in rxrpc_new_client_call()") Reported-by: syzbot+b54969381df354936d96@syzkaller.appspotmail.com Signed-off-by: David Howells Reviewed-by: Marc Dionne Signed-off-by: David S. Miller commit 591eee6d0783d4a0d7f0e7c4effdba9cf6c1e2c5 Author: Joyce Ooi Date: Mon Jul 27 17:46:41 2020 +0800 MAINTAINERS: Replace Thor Thayer as Altera Triple Speed Ethernet maintainer This patch is to replace Thor Thayer as Altera Triple Speed Ethernet maintainer as he is moving to a different role. Signed-off-by: Joyce Ooi Signed-off-by: David S. Miller commit 4bbca662df2523ff7ad3224463f1f28e6a118044 Author: Hangbin Liu Date: Mon Jul 27 19:04:55 2020 +0800 selftests/bpf: fix netdevsim trap_flow_action_cookie read When read netdevsim trap_flow_action_cookie, we need to init it first, or we will get "Invalid argument" error. Fixes: d3cbb907ae57 ("netdevsim: add ACL trap reporting cookie as a metadata") Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller commit 8c0de6e96c9794cb523a516c465991a70245da1c Author: Cong Wang Date: Sat Jul 25 15:40:53 2020 -0700 ipv6: fix memory leaks on IPV6_ADDRFORM path IPV6_ADDRFORM causes resource leaks when converting an IPv6 socket to IPv4, particularly struct ipv6_ac_socklist. Similar to struct ipv6_mc_socklist, we should just close it on this path. This bug can be easily reproduced with the following C program: #include #include #include #include #include int main() { int s, value; struct sockaddr_in6 addr; struct ipv6_mreq m6; s = socket(AF_INET6, SOCK_DGRAM, 0); addr.sin6_family = AF_INET6; addr.sin6_port = htons(5000); inet_pton(AF_INET6, "::ffff:192.168.122.194", &addr.sin6_addr); connect(s, (struct sockaddr *)&addr, sizeof(addr)); inet_pton(AF_INET6, "fe80::AAAA", &m6.ipv6mr_multiaddr); m6.ipv6mr_interface = 5; setsockopt(s, SOL_IPV6, IPV6_JOIN_ANYCAST, &m6, sizeof(m6)); value = AF_INET; setsockopt(s, SOL_IPV6, IPV6_ADDRFORM, &value, sizeof(value)); close(s); return 0; } Reported-by: ch3332xr@gmail.com Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 4f010246b4087ab931b060481014ec110e6a8a46 Author: Christoph Hellwig Date: Thu Jul 30 18:09:00 2020 +0200 net/bpfilter: Initialize pos in __bpfilter_process_sockopt __bpfilter_process_sockopt never initialized the pos variable passed to the pipe write. This has been mostly harmless in the past as pipes ignore the offset, but the switch to kernel_write now verified the position, which can lead to a failure depending on the exact stack initialization pattern. Initialize the variable to zero to make rw_verify_area happy. Fixes: 6955a76fbcd5 ("bpfilter: switch to kernel_write") Reported-by: Christian Brauner Reported-by: Rodrigo Madera Signed-off-by: Christoph Hellwig Signed-off-by: Daniel Borkmann Tested-by: Rodrigo Madera Tested-by: Christian Brauner Reviewed-by: Christian Brauner Link: https://lore.kernel.org/bpf/20200730160900.187157-1-hch@lst.de commit d741dcae5562259841bd2211a0bd7e6c0f909f1e Merge: 5e105c88ab48 b757b47a2fcb Author: Paolo Bonzini Date: Thu Jul 30 18:10:26 2020 -0400 Merge tag 'kvmarm-fixes-5.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into kvm-master KVM/arm64 fixes for Linux 5.8, take #3 - Fix a corner case of a new mapping inheriting exec permission without and yet bypassing invalidation of the I-cache - Make sure PtrAuth predicates oinly generate inline code for the non-VHE hypervisor code commit a2ec905d1e160a33b2e210e45ad30445ef26ce0e Author: Alain Michaud Date: Mon Jul 27 20:48:55 2020 +0000 Bluetooth: fix kernel oops in store_pending_adv_report Fix kernel oops observed when an ext adv data is larger than 31 bytes. This can be reproduced by setting up an advertiser with advertisement larger than 31 bytes. The issue is not sensitive to the advertisement content. In particular, this was reproduced with an advertisement of 229 bytes filled with 'A'. See stack trace below. This is fixed by not catching ext_adv as legacy adv are only cached to be able to concatenate a scanable adv with its scan response before sending it up through mgmt. With ext_adv, this is no longer necessary. general protection fault: 0000 [#1] SMP PTI CPU: 6 PID: 205 Comm: kworker/u17:0 Not tainted 5.4.0-37-generic #41-Ubuntu Hardware name: Dell Inc. XPS 15 7590/0CF6RR, BIOS 1.7.0 05/11/2020 Workqueue: hci0 hci_rx_work [bluetooth] RIP: 0010:hci_bdaddr_list_lookup+0x1e/0x40 [bluetooth] Code: ff ff e9 26 ff ff ff 0f 1f 44 00 00 0f 1f 44 00 00 55 48 8b 07 48 89 e5 48 39 c7 75 0a eb 24 48 8b 00 48 39 f8 74 1c 44 8b 06 <44> 39 40 10 75 ef 44 0f b7 4e 04 66 44 39 48 14 75 e3 38 50 16 75 RSP: 0018:ffffbc6a40493c70 EFLAGS: 00010286 RAX: 4141414141414141 RBX: 000000000000001b RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff9903e76c100f RDI: ffff9904289d4b28 RBP: ffffbc6a40493c70 R08: 0000000093570362 R09: 0000000000000000 R10: 0000000000000000 R11: ffff9904344eae38 R12: ffff9904289d4000 R13: 0000000000000000 R14: 00000000ffffffa3 R15: ffff9903e76c100f FS: 0000000000000000(0000) GS:ffff990434580000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feed125a000 CR3: 00000001b860a003 CR4: 00000000003606e0 Call Trace: process_adv_report+0x12e/0x560 [bluetooth] hci_le_meta_evt+0x7b2/0xba0 [bluetooth] hci_event_packet+0x1c29/0x2a90 [bluetooth] hci_rx_work+0x19b/0x360 [bluetooth] process_one_work+0x1eb/0x3b0 worker_thread+0x4d/0x400 kthread+0x104/0x140 Fixes: c215e9397b00 ("Bluetooth: Process extended ADV report event") Reported-by: Andy Nguyen Reported-by: Linus Torvalds Reported-by: Balakrishna Godavarthi Signed-off-by: Alain Michaud Tested-by: Sonny Sasaka Acked-by: Marcel Holtmann Signed-off-by: Linus Torvalds commit 417385c47ef7ee0d4f48f63f70cca6c1ed6355f4 Merge: aa54ea903abb a96b0d061d47 Author: Linus Torvalds Date: Thu Jul 30 13:34:07 2020 -0700 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio fixes from Michael Tsirkin: "A couple of last minute bugfixes" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio-mem: Fix build error due to improper use 'select' virtio_balloon: fix up endian-ness for free cmd id virtio-balloon: Document byte ordering of poison_val vhost/scsi: fix up req type endian-ness firmware: Fix a reference count leak. commit aa54ea903abb02303bf55855fb51e3fcee135d70 Author: Grygorii Strashko Date: Thu Jul 30 22:05:01 2020 +0300 ARM: percpu.h: fix build error Fix build error for the case: defined(CONFIG_SMP) && !defined(CONFIG_CPU_V6) config: keystone_defconfig CC arch/arm/kernel/signal.o In file included from ../include/linux/random.h:14, from ../arch/arm/kernel/signal.c:8: ../arch/arm/include/asm/percpu.h: In function ‘__my_cpu_offset’: ../arch/arm/include/asm/percpu.h:29:34: error: ‘current_stack_pointer’ undeclared (first use in this function); did you mean ‘user_stack_pointer’? : "Q" (*(const unsigned long *)current_stack_pointer)); ^~~~~~~~~~~~~~~~~~~~~ user_stack_pointer Fixes: f227e3ec3b5c ("random32: update the net random state on interrupt and activity") Signed-off-by: Grygorii Strashko Signed-off-by: Linus Torvalds commit d9644712a243ac47af4fe9cf65472d85c57753c7 Merge: e2c46b5762c6 b361663c5a40 Author: Linus Torvalds Date: Thu Jul 30 12:01:42 2020 -0700 Merge tag 'pci-v5.8-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fix from Bjorn Helgaas: "Disable ASPM on ASM1083/1085 PCIe-to-PCI bridge (Robert Hancock)" * tag 'pci-v5.8-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge commit 024a8168b749db7a4aa40a5fbdfa04bf7e77c1c0 Author: Francesco Ruggeri Date: Thu Jul 2 15:39:06 2020 -0700 igb: reinit_locked() should be called with rtnl_lock We observed two panics involving races with igb_reset_task. The first panic is caused by this race condition: kworker reboot -f igb_reset_task igb_reinit_locked igb_down napi_synchronize __igb_shutdown igb_clear_interrupt_scheme igb_free_q_vectors igb_free_q_vector adapter->q_vector[v_idx] = NULL; napi_disable Panics trying to access adapter->q_vector[v_idx].napi_state The second panic (a divide error) is caused by this race: kworker reboot -f tx packet igb_reset_task __igb_shutdown rtnl_lock() ... igb_clear_interrupt_scheme igb_free_q_vectors adapter->num_tx_queues = 0 ... rtnl_unlock() rtnl_lock() igb_reinit_locked igb_down igb_up netif_tx_start_all_queues dev_hard_start_xmit igb_xmit_frame igb_tx_queue_mapping Panics on r_idx % adapter->num_tx_queues This commit applies to igb_reset_task the same changes that were applied to ixgbe in commit 2f90b8657ec9 ("ixgbe: this patch adds support for DCB to the kernel and ixgbe driver"), commit 8f4c5c9fb87a ("ixgbe: reinit_locked() should be called with rtnl_lock") and commit 88adce4ea8f9 ("ixgbe: fix possible race in reset subtask"). Signed-off-by: Francesco Ruggeri Tested-by: Aaron Brown Signed-off-by: Tony Nguyen commit 1050242fa657093d3788c3ffa0bd9b42e4d7d1ab Author: Aaron Ma Date: Thu Jun 18 14:54:53 2020 +0800 e1000e: continue to init PHY even when failed to disable ULP After 'commit e086ba2fccda4 ("e1000e: disable s0ix entry and exit flows for ME systems")', ThinkPad P14s always failed to disable ULP by ME. 'commit 0c80cdbf3320 ("e1000e: Warn if disabling ULP failed")' break out of init phy: error log: [ 42.364753] e1000e 0000:00:1f.6 enp0s31f6: Failed to disable ULP [ 42.524626] e1000e 0000:00:1f.6 enp0s31f6: PHY Wakeup cause - Unicast Packet [ 42.822476] e1000e 0000:00:1f.6 enp0s31f6: Hardware Error When disable s0ix, E1000_FWSM_ULP_CFG_DONE will never be 1. If continue to init phy like before, it can work as before. iperf test result good too. Fixes: 0c80cdbf3320 ("e1000e: Warn if disabling ULP failed") Signed-off-by: Aaron Ma Tested-by: Aaron Brown Signed-off-by: Tony Nguyen commit e2c46b5762c616c249201688d3b9846627f78d2c Merge: 0513b9d75c07 d6364a867ccb Author: Linus Torvalds Date: Thu Jul 30 09:48:51 2020 -0700 Merge tag 'block-5.8-2020-07-30' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Three NVMe fixes" * tag 'block-5.8-2020-07-30' of git://git.kernel.dk/linux-block: nvme: add a Identify Namespace Identification Descriptor list quirk nvme-pci: prevent SK hynix PC400 from using Write Zeroes command nvme-tcp: fix possible hang waiting for icresp response commit 0513b9d75c07cbcdfda3778b636d3d131d679eb1 Merge: 1c9df907da83 4ae6dbd68386 Author: Linus Torvalds Date: Thu Jul 30 09:47:07 2020 -0700 Merge tag 'io_uring-5.8-2020-07-30' of git://git.kernel.dk/linux-block Pull io_uring fixes from Jens Axboe: "Two small fixes for corner/error cases" * tag 'io_uring-5.8-2020-07-30' of git://git.kernel.dk/linux-block: io_uring: fix lockup in io_fail_links() io_uring: fix ->work corruption with poll_add commit 1c9df907da83812e4f33b59d3d142c864d9da57f Author: Willy Tarreau Date: Thu Jul 30 07:59:24 2020 +0200 random: fix circular include dependency on arm64 after addition of percpu.h Daniel Díaz and Kees Cook independently reported that commit f227e3ec3b5c ("random32: update the net random state on interrupt and activity") broke arm64 due to a circular dependency on include files since the addition of percpu.h in random.h. The correct fix would definitely be to move all the prandom32 stuff out of random.h but for backporting, a smaller solution is preferred. This one replaces linux/percpu.h with asm/percpu.h, and this fixes the problem on x86_64, arm64, arm, and mips. Note that moving percpu.h around didn't change anything and that removing it entirely broke differently. When backporting, such options might still be considered if this patch fails to help. [ It turns out that an alternate fix seems to be to just remove the troublesome remove from the arm64 that causes the circular dependency. But we might as well do the whole belt-and-suspenders thing, and minimize inclusion in too. Either will fix the problem, and both are good changes. - Linus ] Reported-by: Daniel Díaz Reported-by: Kees Cook Tested-by: Marc Zyngier Fixes: f227e3ec3b5c Cc: Stephen Rothwell Signed-off-by: Willy Tarreau Signed-off-by: Linus Torvalds commit 6a7389f0312f01bb6641d37b395548a2922a057c Author: John Garry Date: Wed Jun 17 19:17:28 2020 +0800 MAINTAINERS: Include drivers subdirs for ARM PMU PROFILING AND DEBUGGING entry Ensure that the ARM PMU PROFILING AND DEBUGGING maintainers are included for the HiSilicon PMU driver. Signed-off-by: John Garry Link: https://lore.kernel.org/r/1592392648-128331-1-git-send-email-john.garry@huawei.com Signed-off-by: Will Deacon commit 05fb3dbda187bbd9cc1cd0e97e5d6595af570ac6 Author: Robin Murphy Date: Thu Jul 30 10:56:49 2020 +0100 arm64: csum: Fix handling of bad packets Although iph is expected to point to at least 20 bytes of valid memory, ihl may be bogus, for example on reception of a corrupt packet. If it happens to be less than 5, we really don't want to run away and dereference 16GB worth of memory until it wraps back to exactly zero... Fixes: 0e455d8e80aa ("arm64: Implement optimised IP checksum helpers") Reported-by: guodeqing Signed-off-by: Robin Murphy Signed-off-by: Will Deacon commit 835d1c3a98799914db8aee0973018af21128cd1e Author: Marc Zyngier Date: Thu Jul 30 10:53:05 2020 +0100 arm64: Drop unnecessary include from asm/smp.h asm/pointer_auth.h is not needed anymore in asm/smp.h, as 62a679cb2825 ("arm64: simplify ptrauth initialization") removed the keys from the secondary_data structure. This also cures a compilation issue introduced by f227e3ec3b5c ("random32: update the net random state on interrupt and activity"). Fixes: 62a679cb2825 ("arm64: simplify ptrauth initialization") Fixes: f227e3ec3b5c ("random32: update the net random state on interrupt and activity") Acked-by: Catalin Marinas Signed-off-by: Marc Zyngier Signed-off-by: Will Deacon commit 966a0acce2fca776391823381dba95c40e03c339 Author: Sami Tolvanen Date: Thu Jul 30 08:37:01 2020 -0700 arm64/alternatives: move length validation inside the subsection Commit f7b93d42945c ("arm64/alternatives: use subsections for replacement sequences") breaks LLVM's integrated assembler, because due to its one-pass design, it cannot compute instruction sequence lengths before the layout for the subsection has been finalized. This change fixes the build by moving the .org directives inside the subsection, so they are processed after the subsection layout is known. Fixes: f7b93d42945c ("arm64/alternatives: use subsections for replacement sequences") Signed-off-by: Sami Tolvanen Link: https://github.com/ClangBuiltLinux/linux/issues/1078 Link: https://lore.kernel.org/r/20200730153701.3892953-1-samitolvanen@google.com Signed-off-by: Will Deacon commit a96b0d061d476093cf86ca1c2de06fc57163588d Author: Weilong Chen Date: Fri Jun 19 16:03:33 2020 +0800 virtio-mem: Fix build error due to improper use 'select' As noted in: https://www.kernel.org/doc/Documentation/kbuild/kconfig-language.txt "select should be used with care. select will force a symbol to a value without visiting the dependencies." Config VIRTIO_MEM should not select CONTIG_ALLOC directly. Otherwise it will cause an error: https://bugzilla.kernel.org/show_bug.cgi?id=208245 Signed-off-by: Weilong Chen Link: https://lore.kernel.org/r/20200619080333.194753-1-chenweilong@huawei.com Acked-by: Randy Dunlap # build-tested Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang Acked-by: David Hildenbrand commit 87004abfbc27261edd15716515d89ab42198b405 Author: Alex Deucher Date: Thu Jul 30 11:02:30 2020 -0400 Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" This regressed some working configurations so revert it. Will fix this properly for 5.9 and backport then. This reverts commit 38e0c89a19fd13f28d2b4721035160a3e66e270b. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit fde9f39ac7f1ffd799a96ffa1e06b2051f0898f1 Author: Mazin Rezk Date: Mon Jul 27 05:40:46 2020 +0000 drm/amd/display: Clear dm_state for fast updates This patch fixes a race condition that causes a use-after-free during amdgpu_dm_atomic_commit_tail. This can occur when 2 non-blocking commits are requested and the second one finishes before the first. Essentially, this bug occurs when the following sequence of events happens: 1. Non-blocking commit #1 is requested w/ a new dm_state #1 and is deferred to the workqueue. 2. Non-blocking commit #2 is requested w/ a new dm_state #2 and is deferred to the workqueue. 3. Commit #2 starts before commit #1, dm_state #1 is used in the commit_tail and commit #2 completes, freeing dm_state #1. 4. Commit #1 starts after commit #2 completes, uses the freed dm_state 1 and dereferences a freelist pointer while setting the context. Since this bug has only been spotted with fast commits, this patch fixes the bug by clearing the dm_state instead of using the old dc_state for fast updates. In addition, since dm_state is only used for its dc_state and amdgpu_dm_atomic_commit_tail will retain the dc_state if none is found, removing the dm_state should not have any consequences in fast updates. This use-after-free bug has existed for a while now, but only caused a noticeable issue starting from 5.7-rc1 due to 3202fa62f ("slub: relocate freelist pointer to middle of object") moving the freelist pointer from dm_state->base (which was unused) to dm_state->context (which is dereferenced). Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=207383 Fixes: bd200d190f45 ("drm/amd/display: Don't replace the dc_state for fast updates") Reported-by: Duncan <1i5t5.duncan@cox.net> Signed-off-by: Mazin Rezk Reviewed-by: Nicholas Kazlauskas Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 543e8669ed9bfb30545fd52bc0e047ca4df7fb31 Author: Peilin Ye Date: Tue Jul 28 15:29:24 2020 -0400 drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() Compiler leaves a 4-byte hole near the end of `dev_info`, causing amdgpu_info_ioctl() to copy uninitialized kernel stack memory to userspace when `size` is greater than 356. In 2015 we tried to fix this issue by doing `= {};` on `dev_info`, which unfortunately does not initialize that 4-byte hole. Fix it by using memset() instead. Cc: stable@vger.kernel.org Fixes: c193fa91b918 ("drm/amdgpu: information leak in amdgpu_info_ioctl()") Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)") Suggested-by: Dan Carpenter Reviewed-by: Christian König Signed-off-by: Peilin Ye Signed-off-by: Alex Deucher commit fb448ce87a4a9482b084e67faf804aec79ed9b43 Author: Leon Romanovsky Date: Thu Jul 30 11:27:19 2020 +0300 RDMA/core: Free DIM memory in error unwind The memory allocated for the DIM wasn't freed in in error unwind path, fix it by calling to rdma_dim_destroy(). Fixes: da6629793aa6 ("RDMA/core: Provide RDMA DIM support for ULPs") Link: https://lore.kernel.org/r/20200730082719.1582397-4-leon@kernel.org Signed-off-by: Leon Romanovsky Reviewed-by: Max Gurtovoy > Signed-off-by: Jason Gunthorpe commit 5d46b289d04b98eb992b2f8b67745cc0953e16b1 Author: Leon Romanovsky Date: Thu Jul 30 11:27:18 2020 +0300 RDMA/core: Stop DIM before destroying CQ HW destroy operation should be last operation after all possible CQ users completed their work, so move DIM work cancellation before such destroy call. Fixes: da6629793aa6 ("RDMA/core: Provide RDMA DIM support for ULPs") Link: https://lore.kernel.org/r/20200730082719.1582397-3-leon@kernel.org Reviewed-by: Max Gurtovoy Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 7fa84b5708cf359efe43ce99fd1f3c8765cacd23 Author: Leon Romanovsky Date: Thu Jul 30 11:27:17 2020 +0300 RDMA/mlx5: Initialize QP mutex for the debug kernels In DCT and RSS RAW QP creation flows, the QP mutex wasn't initialized and the magic field inside lock was missing. This caused to the following kernel warning for kernels build with CONFIG_DEBUG_MUTEXES. DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 3 PID: 16261 at kernel/locking/mutex.c:938 __mutex_lock+0x60e/0x940 Modules linked in: bonding nf_tables ipip tunnel4 geneve ip6_udp_tunnel udp_tunnel ip6_gre ip6_tunnel tunnel6 ip_gre gre ip_tunnel mlx5_ib mlx5_core mlxfw ptp pps_core rdma_ucm ib_uverbs ib_ipoib ib_umad openvswitch nsh xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter overlay ib_srp scsi_transport_srp rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core [last unloaded: mlxfw] CPU: 3 PID: 16261 Comm: ib_send_bw Not tainted 5.8.0-rc4_for_upstream_min_debug_2020_07_08_22_04 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 RIP: 0010:__mutex_lock+0x60e/0x940 Code: c0 0f 84 6d fa ff ff 44 8b 15 4e 9d ba 00 45 85 d2 0f 85 5d fa ff ff 48 c7 c6 f2 de 2b 82 48 c7 c7 f1 8a 2b 82 e8 d2 4d 72 ff <0f> 0b 4c 8b 4d 88 e9 3f fa ff ff f6 c2 04 0f 84 37 fe ff ff 48 89 RSP: 0018:ffff88810bb8b870 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff88829f1dd880 RSI: 0000000000000000 RDI: ffffffff81192afa RBP: ffff88810bb8b910 R08: 0000000000000000 R09: 0000000000000028 R10: 0000000000000000 R11: 0000000000003f85 R12: 0000000000000002 R13: ffff88827d8d3ce0 R14: ffffffffa059f615 R15: ffff8882a4d02610 FS: 00007f3f6988e740(0000) GS:ffff8882f5b80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556556158000 CR3: 000000010a63c005 CR4: 0000000000360ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? cmd_exec+0x947/0xe60 [mlx5_core] ? __mutex_lock+0x76/0x940 ? mlx5_ib_qp_set_counter+0x25/0xa0 [mlx5_ib] mlx5_ib_qp_set_counter+0x25/0xa0 [mlx5_ib] mlx5_ib_counter_bind_qp+0x9b/0xe0 [mlx5_ib] __rdma_counter_bind_qp+0x6b/0xa0 [ib_core] rdma_counter_bind_qp_auto+0x363/0x520 [ib_core] _ib_modify_qp+0x316/0x580 [ib_core] ib_modify_qp_with_udata+0x19/0x30 [ib_core] modify_qp+0x4c4/0x600 [ib_uverbs] ib_uverbs_ex_modify_qp+0x87/0xe0 [ib_uverbs] ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x129/0x1c0 [ib_uverbs] ib_uverbs_cmd_verbs.isra.5+0x5d5/0x11f0 [ib_uverbs] ? ib_uverbs_handler_UVERBS_METHOD_QUERY_CONTEXT+0x120/0x120 [ib_uverbs] ? lock_acquire+0xb9/0x3a0 ? ib_uverbs_ioctl+0xd0/0x210 [ib_uverbs] ? ib_uverbs_ioctl+0x175/0x210 [ib_uverbs] ib_uverbs_ioctl+0x14b/0x210 [ib_uverbs] ? ib_uverbs_ioctl+0xd0/0x210 [ib_uverbs] ksys_ioctl+0x234/0x7d0 ? exc_page_fault+0x202/0x640 ? do_syscall_64+0x1f/0x2e0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x59/0x2e0 ? asm_exc_page_fault+0x8/0x30 ? rcu_read_lock_sched_held+0x52/0x60 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: b4aaa1f0b415 ("IB/mlx5: Handle type IB_QPT_DRIVER when creating a QP") Link: https://lore.kernel.org/r/20200730082719.1582397-2-leon@kernel.org Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 04e35caa32ec9aae6b306d07f07dc2ee6d69166c Author: Felix Fietkau Date: Sat Jul 25 10:45:33 2020 +0200 mac80211: remove STA txq pending airtime underflow warning This warning can trigger if there is a mismatch between frames that were sent with the sta pointer set vs tx status frames reported for the sta address. This can happen due to race conditions on re-creating stations, or even in the case of .sta_add/remove being used instead of .sta_state, which can cause frames to be sent to a station that has not been uploaded yet. If there is an actual underflow issue, it should show up in the device airtime warning below, so it is better to remove this one. Signed-off-by: Felix Fietkau Link: https://lore.kernel.org/r/20200725084533.13829-1-nbd@nbd.name Signed-off-by: Johannes Berg commit e61fbfca8055eef18f11727f431e1e3e5221291e Author: Vasanthakumar Thiagarajan Date: Wed Jul 22 19:50:17 2020 +0530 mac80211: Fix bug in Tx ack status reporting in 802.3 xmit path Allocated ack_frame id from local->ack_status_frames is not really stored in the tx_info for 802.3 Tx path. Due to this, tx ack status is not reported and ack_frame id is not freed for the buffers requiring tx ack status. Also move the memset to 0 of tx_info before IEEE80211_TX_CTL_REQ_TX_STATUS flag assignment. Fixes: 50ff477a8639 ("mac80211: add 802.11 encapsulation offloading support") Signed-off-by: Vasanthakumar Thiagarajan Link: https://lore.kernel.org/r/1595427617-1713-1-git-send-email-vthiagar@codeaurora.org Signed-off-by: Johannes Berg commit 4052d3d2e8f47a15053320bbcbe365d15610437d Author: Julian Squires Date: Mon Jul 6 17:13:53 2020 -0400 cfg80211: check vendor command doit pointer before use In the case where a vendor command does not implement doit, and has no flags set, doit would not be validated and a NULL pointer dereference would occur, for example when invoking the vendor command via iw. I encountered this while developing new vendor commands. Perhaps in practice it is advisable to always implement doit along with dumpit, but it seems reasonable to me to always check doit anyway, not just when NEED_WDEV. Signed-off-by: Julian Squires Link: https://lore.kernel.org/r/20200706211353.2366470-1-julian@cipht.net Signed-off-by: Johannes Berg commit 5e43540c2af0a0c0a18e39579b1ad49541f87506 Author: Remi Pommarel Date: Sat Jul 4 15:54:19 2020 +0200 mac80211: mesh: Free pending skb when destroying a mpath A mpath object can hold reference on a list of skb that are waiting for mpath resolution to be sent. When destroying a mpath this skb list should be cleaned up in order to not leak memory. Fixing that kind of leak: unreferenced object 0xffff0000181c9300 (size 1088): comm "openvpn", pid 1782, jiffies 4295071698 (age 80.416s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 f9 80 36 00 00 00 00 00 ..........6..... 02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ backtrace: [<000000004bc6a443>] kmem_cache_alloc+0x1a4/0x2f0 [<000000002caaef13>] sk_prot_alloc.isra.39+0x34/0x178 [<00000000ceeaa916>] sk_alloc+0x34/0x228 [<00000000ca1f1d04>] inet_create+0x198/0x518 [<0000000035626b1c>] __sock_create+0x134/0x328 [<00000000a12b3a87>] __sys_socket+0xb0/0x158 [<00000000ff859f23>] __arm64_sys_socket+0x40/0x58 [<00000000263486ec>] el0_svc_handler+0xd0/0x1a0 [<0000000005b5157d>] el0_svc+0x8/0xc unreferenced object 0xffff000012973a40 (size 216): comm "openvpn", pid 1782, jiffies 4295082137 (age 38.660s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 c0 06 16 00 00 ff ff 00 93 1c 18 00 00 ff ff ................ backtrace: [<000000004bc6a443>] kmem_cache_alloc+0x1a4/0x2f0 [<0000000023c8c8f9>] __alloc_skb+0xc0/0x2b8 [<000000007ad950bb>] alloc_skb_with_frags+0x60/0x320 [<00000000ef90023a>] sock_alloc_send_pskb+0x388/0x3c0 [<00000000104fb1a3>] sock_alloc_send_skb+0x1c/0x28 [<000000006919d2dd>] __ip_append_data+0xba4/0x11f0 [<0000000083477587>] ip_make_skb+0x14c/0x1a8 [<0000000024f3d592>] udp_sendmsg+0xaf0/0xcf0 [<000000005aabe255>] inet_sendmsg+0x5c/0x80 [<000000008651ea08>] __sys_sendto+0x15c/0x218 [<000000003505c99b>] __arm64_sys_sendto+0x74/0x90 [<00000000263486ec>] el0_svc_handler+0xd0/0x1a0 [<0000000005b5157d>] el0_svc+0x8/0xc Fixes: 2bdaf386f99c (mac80211: mesh: move path tables into if_mesh) Signed-off-by: Remi Pommarel Link: https://lore.kernel.org/r/20200704135419.27703-1-repk@triplefau.lt Signed-off-by: Johannes Berg commit 6a01afcf8468d3ca2bd8bbb27503f60dcf643b20 Author: Remi Pommarel Date: Sat Jul 4 15:50:07 2020 +0200 mac80211: mesh: Free ie data when leaving mesh At ieee80211_join_mesh() some ie data could have been allocated (see copy_mesh_setup()) and need to be cleaned up when leaving the mesh. This fixes the following kmemleak report: unreferenced object 0xffff0000116bc600 (size 128): comm "wpa_supplicant", pid 608, jiffies 4294898983 (age 293.484s) hex dump (first 32 bytes): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 0............... 00 0f ac 08 00 00 00 00 c4 65 40 00 00 00 00 00 .........e@..... backtrace: [<00000000bebe439d>] __kmalloc_track_caller+0x1c0/0x330 [<00000000a349dbe1>] kmemdup+0x28/0x50 [<0000000075d69baa>] ieee80211_join_mesh+0x6c/0x3b8 [mac80211] [<00000000683bb98b>] __cfg80211_join_mesh+0x1e8/0x4f0 [cfg80211] [<0000000072cb507f>] nl80211_join_mesh+0x520/0x6b8 [cfg80211] [<0000000077e9bcf9>] genl_family_rcv_msg+0x374/0x680 [<00000000b1bd936d>] genl_rcv_msg+0x78/0x108 [<0000000022c53788>] netlink_rcv_skb+0xb0/0x1c0 [<0000000011af8ec9>] genl_rcv+0x34/0x48 [<0000000069e41f53>] netlink_unicast+0x268/0x2e8 [<00000000a7517316>] netlink_sendmsg+0x320/0x4c0 [<0000000069cba205>] ____sys_sendmsg+0x354/0x3a0 [<00000000e06bab0f>] ___sys_sendmsg+0xd8/0x120 [<0000000037340728>] __sys_sendmsg+0xa4/0xf8 [<000000004fed9776>] __arm64_sys_sendmsg+0x44/0x58 [<000000001c1e5647>] el0_svc_handler+0xd0/0x1a0 Fixes: c80d545da3f7 (mac80211: Let userspace enable and configure vendor specific path selection.) Signed-off-by: Remi Pommarel Link: https://lore.kernel.org/r/20200704135007.27292-1-repk@triplefau.lt Signed-off-by: Johannes Berg commit 65ad3ef9fced4062dfd74e2f89443fb5ce184321 Author: Rajkumar Manoharan Date: Wed Jul 1 19:20:24 2020 -0700 mac80211: fix warning in 6 GHz IE addition in mesh mode The commit 24a2042cb22f ("mac80211: add HE 6 GHz Band Capability element") failed to check device capability before adding HE 6 GHz capability element. Below warning is reported in 11ac device in mesh. Fix that by checking device capability at HE 6 GHz cap IE addition in mesh beacon and association request. WARNING: CPU: 1 PID: 1897 at net/mac80211/util.c:2878 ieee80211_ie_build_he_6ghz_cap+0x149/0x150 [mac80211] [ 3138.720358] Call Trace: [ 3138.720361] ieee80211_mesh_build_beacon+0x462/0x530 [mac80211] [ 3138.720363] ieee80211_start_mesh+0xa8/0xf0 [mac80211] [ 3138.720365] __cfg80211_join_mesh+0x122/0x3e0 [cfg80211] [ 3138.720368] nl80211_join_mesh+0x3d3/0x510 [cfg80211] Fixes: 24a2042cb22f ("mac80211: add HE 6 GHz Band Capability element") Reported-by: Markus Theil Signed-off-by: Rajkumar Manoharan Link: https://lore.kernel.org/r/1593656424-18240-1-git-send-email-rmanohar@codeaurora.org Signed-off-by: Johannes Berg commit 5649625344fe1f4695eace7c37d011e317bf66d5 Author: Kailang Yang Date: Wed Jul 29 15:09:27 2020 +0800 ALSA: hda/realtek - Fixed HP right speaker no sound HP NB right speaker had no sound output. This platform was connected to I2S Amp for speaker out.(None Realtek I2S Amp IC) EC need to check codec GPIO1 pin to initial I2S Amp. Signed-off-by: Kailang Yang Cc: Link: https://lore.kernel.org/r/01285f623ac7447187482fb4a8ecaa7c@realtek.com Signed-off-by: Takashi Iwai commit 71b59bf482b2dd662774f34108c5b904efa9e02b Author: Sabrina Dubroca Date: Wed Jul 29 18:38:43 2020 +0200 espintcp: count packets dropped in espintcp_rcv Currently, espintcp_rcv drops packets silently, which makes debugging issues difficult. Count packets as either XfrmInHdrError (when the packet was too short or contained invalid data) or XfrmInError (for other issues). Signed-off-by: Sabrina Dubroca Signed-off-by: Steffen Klassert commit fadd1a63a7b4df295a01fa50b2f4e447542bee59 Author: Sabrina Dubroca Date: Wed Jul 29 18:38:42 2020 +0200 espintcp: handle short messages instead of breaking the encap socket Currently, short messages (less than 4 bytes after the length header) will break the stream of messages. This is unnecessary, since we can still parse messages even if they're too short to contain any usable data. This is also bogus, as keepalive messages (a single 0xff byte), though not needed with TCP encapsulation, should be allowed. This patch changes the stream parser so that short messages are accepted and dropped in the kernel. Messages that contain a valid SPI or non-ESP header are processed as before. Fixes: e27cca96cd68 ("xfrm: add espintcp (RFC 8229)") Reported-by: Andrew Cagney Signed-off-by: Sabrina Dubroca Signed-off-by: Steffen Klassert commit 83bdc7275e6206f560d247be856bceba3e1ed8f2 Author: Linus Torvalds Date: Wed Jul 29 19:11:00 2020 -0700 random32: remove net_rand_state from the latent entropy gcc plugin It turns out that the plugin right now ends up being really unhappy about the change from 'static' to 'extern' storage that happened in commit f227e3ec3b5c ("random32: update the net random state on interrupt and activity"). This is probably a trivial fix for the latent_entropy plugin, but for now, just remove net_rand_state from the list of things the plugin worries about. Reported-by: Stephen Rothwell Cc: Emese Revfy Cc: Kees Cook Cc: Willy Tarreau Signed-off-by: Linus Torvalds commit b361663c5a40c8bc758b7f7f2239f7a192180e7c Author: Robert Hancock Date: Tue Jul 21 20:18:03 2020 -0600 PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge Recently ASPM handling was changed to allow ASPM on PCIe-to-PCI/PCI-X bridges. Unfortunately the ASMedia ASM1083/1085 PCIe to PCI bridge device doesn't seem to function properly with ASPM enabled. On an Asus PRIME H270-PRO motherboard, it causes errors like these: pcieport 0000:00:1c.0: AER: PCIe Bus Error: severity=Corrected, type=Data Link Layer, (Transmitter ID) pcieport 0000:00:1c.0: AER: device [8086:a292] error status/mask=00003000/00002000 pcieport 0000:00:1c.0: AER: [12] Timeout pcieport 0000:00:1c.0: AER: Corrected error received: 0000:00:1c.0 pcieport 0000:00:1c.0: AER: can't find device of ID00e0 In addition to flooding the kernel log, this also causes the machine to wake up immediately after suspend is initiated. The device advertises ASPM L0s and L1 support in the Link Capabilities register, but the ASMedia web page for ASM1083 [1] claims "No PCIe ASPM support". Windows 10 (build 2004) enables L0s, but it also logs correctable PCIe errors. Add a quirk to disable ASPM for this device. [1] https://www.asmedia.com.tw/eng/e_show_products.php?cate_index=169&item=114 [bhelgaas: commit log] Fixes: 66ff14e59e8a ("PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges") Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=208667 Link: https://lore.kernel.org/r/20200722021803.17958-1-hancockrwd@gmail.com Signed-off-by: Robert Hancock Signed-off-by: Bjorn Helgaas commit 0ba58348414eb10249480635545758b40b3c33b6 Author: Andrii Nakryiko Date: Tue Jul 28 21:09:13 2020 -0700 selftests/bpf: Extend map-in-map selftest to detect memory leaks Add test validating that all inner maps are released properly after skeleton is destroyed. To ensure determinism, trigger kernel-side synchronize_rcu() before checking map existence by their IDs. Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Acked-by: Song Liu Link: https://lore.kernel.org/bpf/20200729040913.2815687-2-andriin@fb.com commit 1d4e1eab456e1ee92a94987499b211db05f900ea Author: Andrii Nakryiko Date: Tue Jul 28 21:09:12 2020 -0700 bpf: Fix map leak in HASH_OF_MAPS map Fix HASH_OF_MAPS bug of not putting inner map pointer on bpf_map_elem_update() operation. This is due to per-cpu extra_elems optimization, which bypassed free_htab_elem() logic doing proper clean ups. Make sure that inner map is put properly in optimized case as well. Fixes: 8c290e60fa2a ("bpf: fix hashmap extra_elems logic") Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Acked-by: Song Liu Link: https://lore.kernel.org/bpf/20200729040913.2815687-1-andriin@fb.com commit 27a2145d6f826d1fad9de06ac541b1016ced3427 Author: Thomas Falcon Date: Wed Jul 29 16:36:32 2020 -0500 ibmvnic: Fix IRQ mapping disposal in error path RX queue IRQ mappings are disposed in both the TX IRQ and RX IRQ error paths. Fix this and dispose of TX IRQ mappings correctly in case of an error. Fixes: ea22d51a7831 ("ibmvnic: simplify and improve driver probe function") Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller commit d3590ebf6f91350192737dd1d1b219c05277f067 Merge: 21391520cbb5 8ac68dc455d9 Author: Linus Torvalds Date: Wed Jul 29 12:35:36 2020 -0700 Merge tag 'audit-pr-20200729' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit Pull audit fixes from Paul Moore: "One small audit fix that you can hopefully merge before v5.8 is released. Unfortunately it is a revert of a patch that went in during the v5.7 window and we just recently started to see some bug reports relating to that commit. We are working on a proper fix, but I'm not yet clear on when that will be ready and we need to fix the v5.7 kernels anyway, so in the interest of time a revert seemed like the best solution right now" * tag 'audit-pr-20200729' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: revert: 1320a4052ea1 ("audit: trigger accompanying records when no rules present") commit 21391520cbb597823050ac1bc343a0df3222ac90 Merge: c2f3850df7f9 74d6a5d56629 Author: Linus Torvalds Date: Wed Jul 29 12:29:24 2020 -0700 Merge tag '9p-for-5.8-2' of git://github.com/martinetd/linux into master Pull 9p fixes from Dominique Martinet: "A couple of syzcaller fixes for 5.8 The first one in particular has been quite noisy ("broke" in -rc5) so this would be worth landing even this late even if users likely won't see a difference" * tag '9p-for-5.8-2' of git://github.com/martinetd/linux: 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work net/9p: validate fds in p9_fd_open commit 5d104a5f325e16ef92ffc05b93eabdf6f0818c9f Merge: 83f3522860f7 10fef9ca6a87 Author: David S. Miller Date: Wed Jul 29 12:16:21 2020 -0700 Merge branch 'mlxsw-fixes' Ido Schimmel says: ==================== mlxsw fixes This patch set contains various fixes for mlxsw. Patches #1-#2 fix two trap related issues introduced in previous cycle. Patches #3-#5 fix rare use-after-frees discovered by syzkaller. After over a week of fuzzing with the fixes, the bugs did not reproduce. Patch #6 from Amit fixes an issue in the ethtool selftest that was recently discovered after running the test on a new platform that supports only 1Gbps and 10Gbps speeds. ==================== Signed-off-by: David S. Miller commit 10fef9ca6a879e7bee090b8e51c9812d438d3fb1 Author: Amit Cohen Date: Wed Jul 29 12:26:48 2020 +0300 selftests: ethtool: Fix test when only two speeds are supported The test case check_highest_speed_is_chosen() configures $h1 to advertise a subset of its supported speeds and checks that $h2 chooses the highest speed from the subset. To find the common advertised speeds between $h1 and $h2, common_speeds_get() is called. Currently, the first speed returned from common_speeds_get() is removed claiming "h1 does not advertise this speed". The claim is wrong because the function is called after $h1 already advertised a subset of speeds. In case $h1 supports only two speeds, it will advertise a single speed which will be later removed because of previously mentioned bug. This results in the test needlessly failing. When more than two speeds are supported this is not an issue because the first advertised speed is the lowest one. Fix this by not removing any speed from the list of commonly advertised speeds. Fixes: 64916b57c0b1 ("selftests: forwarding: Add speed and auto-negotiation test") Reported-by: Danielle Ratson Signed-off-by: Amit Cohen Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 5515c3448d55bdcb5ff8a1778aa84f34e4205596 Author: Ido Schimmel Date: Wed Jul 29 12:26:47 2020 +0300 mlxsw: spectrum_router: Fix use-after-free in router init / de-init Several notifiers are registered as part of router initialization. Since some of these notifiers are registered before the end of the initialization, it is possible for them to access uninitialized or freed memory when processing notifications [1]. Additionally, some of these notifiers queue work items on a workqueue. If these work items are executed after the router was de-initialized, they will access freed memory. Fix both problems by moving the registration of the notifiers to the end of the router initialization and flush the work queue after they are unregistered. [1] BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:938 [inline] BUG: KASAN: use-after-free in __mutex_lock+0xeea/0x1340 kernel/locking/mutex.c:1103 Read of size 8 at addr ffff888038c3a6e0 by task kworker/u4:1/61 CPU: 1 PID: 61 Comm: kworker/u4:1 Not tainted 5.8.0-rc2+ #36 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Workqueue: mlxsw_core_ordered mlxsw_sp_inet6addr_event_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xf6/0x16e lib/dump_stack.c:118 print_address_description.constprop.0+0x1c/0x250 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 __mutex_lock_common kernel/locking/mutex.c:938 [inline] __mutex_lock+0xeea/0x1340 kernel/locking/mutex.c:1103 mlxsw_sp_inet6addr_event_work+0xb3/0x1b0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7123 process_one_work+0xa3e/0x17a0 kernel/workqueue.c:2269 worker_thread+0x9e/0x1050 kernel/workqueue.c:2415 kthread+0x355/0x470 kernel/kthread.c:291 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:293 Allocated by task 1298: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc mm/kasan/common.c:494 [inline] __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:467 kmalloc include/linux/slab.h:555 [inline] kzalloc include/linux/slab.h:669 [inline] mlxsw_sp_router_init+0xb2/0x1d20 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:8074 mlxsw_sp_init+0xbd8/0x3ac0 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:2932 __mlxsw_core_bus_device_register+0x657/0x10d0 drivers/net/ethernet/mellanox/mlxsw/core.c:1375 mlxsw_core_bus_device_register drivers/net/ethernet/mellanox/mlxsw/core.c:1436 [inline] mlxsw_devlink_core_bus_device_reload_up+0xcd/0x150 drivers/net/ethernet/mellanox/mlxsw/core.c:1133 devlink_reload net/core/devlink.c:2959 [inline] devlink_reload+0x281/0x3b0 net/core/devlink.c:2944 devlink_nl_cmd_reload+0x2f1/0x7c0 net/core/devlink.c:2987 genl_family_rcv_msg_doit net/netlink/genetlink.c:691 [inline] genl_family_rcv_msg net/netlink/genetlink.c:736 [inline] genl_rcv_msg+0x611/0x9d0 net/netlink/genetlink.c:753 netlink_rcv_skb+0x152/0x440 net/netlink/af_netlink.c:2469 genl_rcv+0x24/0x40 net/netlink/genetlink.c:764 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x53a/0x750 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x850/0xd90 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0x150/0x190 net/socket.c:672 ____sys_sendmsg+0x6d8/0x840 net/socket.c:2363 ___sys_sendmsg+0xff/0x170 net/socket.c:2417 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2450 do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 1348: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] kasan_set_free_info mm/kasan/common.c:316 [inline] __kasan_slab_free+0x12c/0x170 mm/kasan/common.c:455 slab_free_hook mm/slub.c:1474 [inline] slab_free_freelist_hook mm/slub.c:1507 [inline] slab_free mm/slub.c:3072 [inline] kfree+0xe6/0x320 mm/slub.c:4063 mlxsw_sp_fini+0x340/0x4e0 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3132 mlxsw_core_bus_device_unregister+0x16c/0x6d0 drivers/net/ethernet/mellanox/mlxsw/core.c:1474 mlxsw_devlink_core_bus_device_reload_down+0x8e/0xc0 drivers/net/ethernet/mellanox/mlxsw/core.c:1123 devlink_reload+0xc6/0x3b0 net/core/devlink.c:2952 devlink_nl_cmd_reload+0x2f1/0x7c0 net/core/devlink.c:2987 genl_family_rcv_msg_doit net/netlink/genetlink.c:691 [inline] genl_family_rcv_msg net/netlink/genetlink.c:736 [inline] genl_rcv_msg+0x611/0x9d0 net/netlink/genetlink.c:753 netlink_rcv_skb+0x152/0x440 net/netlink/af_netlink.c:2469 genl_rcv+0x24/0x40 net/netlink/genetlink.c:764 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x53a/0x750 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x850/0xd90 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0x150/0x190 net/socket.c:672 ____sys_sendmsg+0x6d8/0x840 net/socket.c:2363 ___sys_sendmsg+0xff/0x170 net/socket.c:2417 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2450 do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The buggy address belongs to the object at ffff888038c3a000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 1760 bytes inside of 2048-byte region [ffff888038c3a000, ffff888038c3a800) The buggy address belongs to the page: page:ffffea0000e30e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea0000e30e00 order:3 compound_mapcount:0 compound_pincount:0 flags: 0x100000000010200(slab|head) raw: 0100000000010200 dead000000000100 dead000000000122 ffff88806c40c000 raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888038c3a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888038c3a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888038c3a680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888038c3a700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888038c3a780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: 965fa8e600d2 ("mlxsw: spectrum_router: Make RIF deletion more robust") Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit 3c8ce24b037648a5a15b85888b259a74b05ff97d Author: Ido Schimmel Date: Wed Jul 29 12:26:46 2020 +0300 mlxsw: core: Free EMAD transactions using kfree_rcu() The lifetime of EMAD transactions (i.e., 'struct mlxsw_reg_trans') is managed using RCU. They are freed using kfree_rcu() once the transaction ends. However, in case the transaction failed it is freed immediately after being removed from the active transactions list. This is problematic because it is still possible for a different CPU to dereference the transaction from an RCU read-side critical section while traversing the active transaction list in mlxsw_emad_rx_listener_func(). In which case, a use-after-free is triggered [1]. Fix this by freeing the transaction after a grace period by calling kfree_rcu(). [1] BUG: KASAN: use-after-free in mlxsw_emad_rx_listener_func+0x969/0xac0 drivers/net/ethernet/mellanox/mlxsw/core.c:671 Read of size 8 at addr ffff88800b7964e8 by task syz-executor.2/2881 CPU: 0 PID: 2881 Comm: syz-executor.2 Not tainted 5.8.0-rc4+ #44 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xf6/0x16e lib/dump_stack.c:118 print_address_description.constprop.0+0x1c/0x250 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 mlxsw_emad_rx_listener_func+0x969/0xac0 drivers/net/ethernet/mellanox/mlxsw/core.c:671 mlxsw_core_skb_receive+0x571/0x700 drivers/net/ethernet/mellanox/mlxsw/core.c:2061 mlxsw_pci_cqe_rdq_handle drivers/net/ethernet/mellanox/mlxsw/pci.c:595 [inline] mlxsw_pci_cq_tasklet+0x12a6/0x2520 drivers/net/ethernet/mellanox/mlxsw/pci.c:651 tasklet_action_common.isra.0+0x13f/0x3e0 kernel/softirq.c:550 __do_softirq+0x223/0x964 kernel/softirq.c:292 asm_call_on_stack+0x12/0x20 arch/x86/entry/entry_64.S:711 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x109/0x140 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:387 [inline] __irq_exit_rcu kernel/softirq.c:417 [inline] irq_exit_rcu+0x16f/0x1a0 kernel/softirq.c:429 sysvec_apic_timer_interrupt+0x4e/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:587 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:85 [inline] RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x3b/0x40 kernel/locking/spinlock.c:191 Code: e8 2a c3 f4 fc 48 89 ef e8 12 96 f5 fc f6 c7 02 75 11 53 9d e8 d6 db 11 fd 65 ff 0d 1f 21 b3 56 5b 5d c3 e8 a7 d7 11 fd 53 9d ed 0f 1f 00 55 48 89 fd 65 ff 05 05 21 b3 56 ff 74 24 08 48 8d RSP: 0018:ffff8880446ffd80 EFLAGS: 00000286 RAX: 0000000000000006 RBX: 0000000000000286 RCX: 0000000000000006 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffa94ecea9 RBP: ffff888012934408 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: fffffbfff57be301 R12: 1ffff110088dffc1 R13: ffff888037b817c0 R14: ffff88802442415a R15: ffff888024424000 __do_sys_perf_event_open+0x1b5d/0x2bd0 kernel/events/core.c:11874 do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:384 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x473dbd Code: Bad RIP value. RSP: 002b:00007f21e5e9cc28 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 000000000057bf00 RCX: 0000000000473dbd RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 RBP: 000000000057bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000246 R12: 000000000057bf0c R13: 00007ffd0493503f R14: 00000000004d0f46 R15: 00007f21e5e9cd80 Allocated by task 871: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc mm/kasan/common.c:494 [inline] __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:467 kmalloc include/linux/slab.h:555 [inline] kzalloc include/linux/slab.h:669 [inline] mlxsw_core_reg_access_emad+0x70/0x1410 drivers/net/ethernet/mellanox/mlxsw/core.c:1812 mlxsw_core_reg_access+0xeb/0x540 drivers/net/ethernet/mellanox/mlxsw/core.c:1991 mlxsw_sp_port_get_hw_xstats+0x335/0x7e0 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:1130 update_stats_cache+0xf4/0x140 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:1173 process_one_work+0xa3e/0x17a0 kernel/workqueue.c:2269 worker_thread+0x9e/0x1050 kernel/workqueue.c:2415 kthread+0x355/0x470 kernel/kthread.c:291 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:293 Freed by task 871: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] kasan_set_free_info mm/kasan/common.c:316 [inline] __kasan_slab_free+0x12c/0x170 mm/kasan/common.c:455 slab_free_hook mm/slub.c:1474 [inline] slab_free_freelist_hook mm/slub.c:1507 [inline] slab_free mm/slub.c:3072 [inline] kfree+0xe6/0x320 mm/slub.c:4052 mlxsw_core_reg_access_emad+0xd45/0x1410 drivers/net/ethernet/mellanox/mlxsw/core.c:1819 mlxsw_core_reg_access+0xeb/0x540 drivers/net/ethernet/mellanox/mlxsw/core.c:1991 mlxsw_sp_port_get_hw_xstats+0x335/0x7e0 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:1130 update_stats_cache+0xf4/0x140 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:1173 process_one_work+0xa3e/0x17a0 kernel/workqueue.c:2269 worker_thread+0x9e/0x1050 kernel/workqueue.c:2415 kthread+0x355/0x470 kernel/kthread.c:291 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:293 The buggy address belongs to the object at ffff88800b796400 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 232 bytes inside of 512-byte region [ffff88800b796400, ffff88800b796600) The buggy address belongs to the page: page:ffffea00002de500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea00002de500 order:2 compound_mapcount:0 compound_pincount:0 flags: 0x100000000010200(slab|head) raw: 0100000000010200 dead000000000100 dead000000000122 ffff88806c402500 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88800b796380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88800b796400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88800b796480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88800b796500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88800b796580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: caf7297e7ab5 ("mlxsw: core: Introduce support for asynchronous EMAD register access") Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit 7d8e8f3433dc8d1dc87c1aabe73a154978fb4c4d Author: Ido Schimmel Date: Wed Jul 29 12:26:45 2020 +0300 mlxsw: core: Increase scope of RCU read-side critical section The lifetime of the Rx listener item ('rxl_item') is managed using RCU, but is dereferenced outside of RCU read-side critical section, which can lead to a use-after-free. Fix this by increasing the scope of the RCU read-side critical section. Fixes: 93c1edb27f9e ("mlxsw: Introduce Mellanox switch driver core") Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit ec4f5b3617049d474b3263792785b638640f2dbe Author: Ido Schimmel Date: Wed Jul 29 12:26:44 2020 +0300 mlxsw: spectrum: Use different trap group for externally routed packets Cited commit mistakenly removed the trap group for externally routed packets (e.g., via the management interface) and grouped locally routed and externally routed packet traps under the same group, thereby subjecting them to the same policer. This can result in problems, for example, when FRR is restarted and suddenly all transient traffic is trapped to the CPU because of a default route through the management interface. Locally routed packets required to re-establish a BGP connection will never reach the CPU and the routing tables will not be re-populated. Fix this by using a different trap group for externally routed packets. Fixes: 8110668ecd9a ("mlxsw: spectrum_trap: Register layer 3 control traps") Reported-by: Alex Veber Tested-by: Alex Veber Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit 89ab53313543b18640eb5d25a1e74bf9eee889b0 Author: Ido Schimmel Date: Wed Jul 29 12:26:43 2020 +0300 mlxsw: spectrum_router: Allow programming link-local host routes Cited commit added the ability to program link-local prefix routes to the ASIC so that relevant packets are routed and trapped correctly. However, host routes were not included in the change and thus not programmed to the ASIC. This can result in packets being trapped via an external route trap instead of a local route trap as in IPv4. Fix this by programming all the link-local routes to the ASIC. Fixes: 10d3757fcb07 ("mlxsw: spectrum_router: Allow programming link-local prefix routes") Reported-by: Alex Veber Tested-by: Alex Veber Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit 83f3522860f702748143e022f1a546547314c715 Author: Ido Schimmel Date: Wed Jul 29 11:37:13 2020 +0300 ipv4: Silence suspicious RCU usage warning fib_trie_unmerge() is called with RTNL held, but not from an RCU read-side critical section. This leads to the following warning [1] when the FIB alias list in a leaf is traversed with hlist_for_each_entry_rcu(). Since the function is always called with RTNL held and since modification of the list is protected by RTNL, simply use hlist_for_each_entry() and silence the warning. [1] WARNING: suspicious RCU usage 5.8.0-rc4-custom-01520-gc1f937f3f83b #30 Not tainted ----------------------------- net/ipv4/fib_trie.c:1867 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by ip/164: #0: ffffffff85a27850 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x49a/0xbd0 stack backtrace: CPU: 0 PID: 164 Comm: ip Not tainted 5.8.0-rc4-custom-01520-gc1f937f3f83b #30 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-2.fc32 04/01/2014 Call Trace: dump_stack+0x100/0x184 lockdep_rcu_suspicious+0x153/0x15d fib_trie_unmerge+0x608/0xdb0 fib_unmerge+0x44/0x360 fib4_rule_configure+0xc8/0xad0 fib_nl_newrule+0x37a/0x1dd0 rtnetlink_rcv_msg+0x4f7/0xbd0 netlink_rcv_skb+0x17a/0x480 rtnetlink_rcv+0x22/0x30 netlink_unicast+0x5ae/0x890 netlink_sendmsg+0x98a/0xf40 ____sys_sendmsg+0x879/0xa00 ___sys_sendmsg+0x122/0x190 __sys_sendmsg+0x103/0x1d0 __x64_sys_sendmsg+0x7d/0xb0 do_syscall_64+0x54/0xa0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fc80a234e97 Code: Bad RIP value. RSP: 002b:00007ffef8b66798 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc80a234e97 RDX: 0000000000000000 RSI: 00007ffef8b66800 RDI: 0000000000000003 RBP: 000000005f141b1c R08: 0000000000000001 R09: 0000000000000000 R10: 00007fc80a2a8ac0 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 00007ffef8b67008 R15: 0000556fccb10020 Fixes: 0ddcf43d5d4a ("ipv4: FIB Local/MAIN table collapse") Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit b5141915b5aec3b29a63db869229e3741ebce258 Author: Ido Schimmel Date: Wed Jul 29 11:34:36 2020 +0300 vxlan: Ensure FDB dump is performed under RCU The commit cited below removed the RCU read-side critical section from rtnl_fdb_dump() which means that the ndo_fdb_dump() callback is invoked without RCU protection. This results in the following warning [1] in the VXLAN driver, which relied on the callback being invoked from an RCU read-side critical section. Fix this by calling rcu_read_lock() in the VXLAN driver, as already done in the bridge driver. [1] WARNING: suspicious RCU usage 5.8.0-rc4-custom-01521-g481007553ce6 #29 Not tainted ----------------------------- drivers/net/vxlan.c:1379 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by bridge/166: #0: ffffffff85a27850 (rtnl_mutex){+.+.}-{3:3}, at: netlink_dump+0xea/0x1090 stack backtrace: CPU: 1 PID: 166 Comm: bridge Not tainted 5.8.0-rc4-custom-01521-g481007553ce6 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-2.fc32 04/01/2014 Call Trace: dump_stack+0x100/0x184 lockdep_rcu_suspicious+0x153/0x15d vxlan_fdb_dump+0x51e/0x6d0 rtnl_fdb_dump+0x4dc/0xad0 netlink_dump+0x540/0x1090 __netlink_dump_start+0x695/0x950 rtnetlink_rcv_msg+0x802/0xbd0 netlink_rcv_skb+0x17a/0x480 rtnetlink_rcv+0x22/0x30 netlink_unicast+0x5ae/0x890 netlink_sendmsg+0x98a/0xf40 __sys_sendto+0x279/0x3b0 __x64_sys_sendto+0xe6/0x1a0 do_syscall_64+0x54/0xa0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fe14fa2ade0 Code: Bad RIP value. RSP: 002b:00007fff75bb5b88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00005614b1ba0020 RCX: 00007fe14fa2ade0 RDX: 000000000000011c RSI: 00007fff75bb5b90 RDI: 0000000000000003 RBP: 00007fff75bb5b90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00005614b1b89160 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Fixes: 5e6d24358799 ("bridge: netlink dump interface at par with brctl") Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit 54a485e9ec084da1a4b32dcf7749c7d760ed8aa5 Author: Mike Marciniszyn Date: Tue Jul 28 14:38:48 2020 -0400 IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE The lookaside count is improperly initialized to the size of the Receive Queue with the additional +1. In the traces below, the RQ size is 384, so the count was set to 385. The lookaside count is then rarely refreshed. Note the high and incorrect count in the trace below: rvt_get_rwqe: [hfi1_0] wqe ffffc900078e9008 wr_id 55c7206d75a0 qpn c qpt 2 pid 3018 num_sge 1 head 1 tail 0, count 385 rvt_get_rwqe: (hfi1_rc_rcv+0x4eb/0x1480 [hfi1] <- rvt_get_rwqe) ret=0x1 The head,tail indicate there is only one RWQE posted although the count says 385 and we correctly return the element 0. The next call to rvt_get_rwqe with the decremented count: rvt_get_rwqe: [hfi1_0] wqe ffffc900078e9058 wr_id 0 qpn c qpt 2 pid 3018 num_sge 0 head 1 tail 1, count 384 rvt_get_rwqe: (hfi1_rc_rcv+0x4eb/0x1480 [hfi1] <- rvt_get_rwqe) ret=0x1 Note that the RQ is empty (head == tail) yet we return the RWQE at tail 1, which is not valid because of the bogus high count. Best case, the RWQE has never been posted and the rc logic sees an RWQE that is too small (all zeros) and puts the QP into an error state. In the worst case, a server slow at posting receive buffers might fool rvt_get_rwqe() into fetching an old RWQE and corrupt memory. Fix by deleting the faulty initialization code and creating an inline to fetch the posted count and convert all callers to use new inline. Fixes: f592ae3c999f ("IB/rdmavt: Fracture single lock used for posting and processing RWQEs") Link: https://lore.kernel.org/r/20200728183848.22226.29132.stgit@awfm-01.aw.intel.com Reported-by: Zhaojuan Guo Cc: # 5.4.x Reviewed-by: Kaike Wan Signed-off-by: Mike Marciniszyn Tested-by: Honggang Li Signed-off-by: Jason Gunthorpe commit c2f3850df7f95537e79c561f7be49df2e4ad8060 Merge: f227e3ec3b5c a4a2739beb89 Author: Linus Torvalds Date: Wed Jul 29 11:39:20 2020 -0700 Merge tag 'drm-fixes-2020-07-29' of git://anongit.freedesktop.org/drm/drm into master Pull drm fixes from Dave Airlie: "The nouveau fixes missed the last pull by a few hours, and we had a few arm driver/panel/bridge fixes come in. This is possibly a bit more than I'm comfortable sending at this stage, but I've looked at each patch, the core + nouveau patches fix regressions, and the arm related ones are all around screens turning on and working, and are mostly trivial patches, the line count is mostly in comments. core: - fix possible use-after-free drm_fb_helper: - regression fix to use memcpy_io on bochs' sparc64 nouveau: - format modifiers fixes - HDA regression fix - turing modesetting race fix of: - fix a double free dbi: - fix SPI Type 1 transfer mcde: - fix screen stability crash panel: - panel: fix display noise on auo,kd101n80-45na - panel: delay HPD checks for boe_nv133fhm_n61 bridge: - bridge: drop connector check in nwl-dsi bridge - bridge: set proper bridge type for adv7511" * tag 'drm-fixes-2020-07-29' of git://anongit.freedesktop.org/drm/drm: drm: hold gem reference until object is no longer accessed drm/dbi: Fix SPI Type 1 (9-bit) transfer drm/drm_fb_helper: fix fbdev with sparc64 drm/mcde: Fix stability issue drm/bridge: nwl-dsi: Drop DRM_BRIDGE_ATTACH_NO_CONNECTOR check. drm/panel: Fix auo, kd101n80-45na horizontal noise on edges of panel drm: panel: simple: Delay HPD checking on boe_nv133fhm_n61 for 15 ms drm/bridge/adv7511: set the bridge type properly drm: of: Fix double-free bug drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason drm/nouveau/kms/tu102: wait for core update to complete when assigning windows drm/nouveau/kms/gf100: use correct format modifiers drm/nouveau/disp/gm200-: fix regression from HDA SOR selection changes commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 Author: Willy Tarreau Date: Fri Jul 10 15:23:19 2020 +0200 random32: update the net random state on interrupt and activity This modifies the first 32 bits out of the 128 bits of a random CPU's net_rand_state on interrupt or CPU activity to complicate remote observations that could lead to guessing the network RNG's internal state. Note that depending on some network devices' interrupt rate moderation or binding, this re-seeding might happen on every packet or even almost never. In addition, with NOHZ some CPUs might not even get timer interrupts, leaving their local state rarely updated, while they are running networked processes making use of the random state. For this reason, we also perform this update in update_process_times() in order to at least update the state when there is user or system activity, since it's the only case we care about. Reported-by: Amit Klein Suggested-by: Linus Torvalds Cc: Eric Dumazet Cc: "Jason A. Donenfeld" Cc: Andy Lutomirski Cc: Kees Cook Cc: Thomas Gleixner Cc: Peter Zijlstra Cc: Signed-off-by: Willy Tarreau Signed-off-by: Linus Torvalds commit 168c358af2f8c5a37f8b5f877ba2cc93995606ee Author: Michael S. Tsirkin Date: Mon Jul 27 12:01:27 2020 -0400 virtio_balloon: fix up endian-ness for free cmd id free cmd id is read using virtio endian, spec says all fields in balloon are LE. Fix it up. Fixes: 86a559787e6f ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT") Cc: stable@vger.kernel.org Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang Reviewed-by: Wei Wang Acked-by: David Hildenbrand commit ca72cc348355fbc969f5fa00fa94d584920d403b Author: Alexander Duyck Date: Mon Jul 13 13:35:39 2020 -0700 virtio-balloon: Document byte ordering of poison_val The poison_val field in the virtio_balloon_config is treated as a little-endian field by the host. Since we are currently only having to deal with a single byte poison value this isn't a problem, however if the value should ever expand it would cause byte ordering issues. Document that in the code so that we know that if the value should ever expand we need to byte swap the value on big-endian architectures. Signed-off-by: Alexander Duyck Link: https://lore.kernel.org/r/20200713203539.17140.71425.stgit@localhost.localdomain Signed-off-by: Michael S. Tsirkin Acked-by: David Hildenbrand commit 295c1b9852d000580786375304a9800bd9634d15 Author: Michael S. Tsirkin Date: Fri Jul 10 06:36:16 2020 -0400 vhost/scsi: fix up req type endian-ness vhost/scsi doesn't handle type conversion correctly for request type when using virtio 1.0 and up for BE, or cross-endian platforms. Fix it up using vhost_32_to_cpu. Cc: stable@vger.kernel.org Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang Reviewed-by: Stefan Hajnoczi commit d6364a867ccbf34a6afe0d57721ff64aa43befcd Merge: 1f273e255b28 5bedd3afee8e Author: Jens Axboe Date: Wed Jul 29 11:21:14 2020 -0600 Merge branch 'nvme-5.8' of git://git.infradead.org/nvme into block-5.8 Pull NVMe fixes from Christoph. * 'nvme-5.8' of git://git.infradead.org/nvme: nvme: add a Identify Namespace Identification Descriptor list quirk nvme-pci: prevent SK hynix PC400 from using Write Zeroes command nvme-tcp: fix possible hang waiting for icresp response commit 81530ab08ef002f90b7dc68f5a69816b0e3be803 Author: Leon Romanovsky Date: Tue Jul 28 15:02:55 2020 +0300 RDMA/mlx5: Allow providing extra scatter CQE QP flag Scatter CQE feature relies on two flags MLX5_QP_FLAG_SCATTER_CQE and MLX5_QP_FLAG_ALLOW_SCATTER_CQE, both of them can be provided without relation to device capability. Relax global validity check to allow MLX5_QP_FLAG_ALLOW_SCATTER_CQE QP flag. Existing user applications are failing on this new validity check. Fixes: 90ecb37a751b ("RDMA/mlx5: Change scatter CQE flag to be set like other vendor flags") Fixes: 37518fa49f76 ("RDMA/mlx5: Process all vendor flags in one place") Link: https://lore.kernel.org/r/20200728120255.805733-1-leon@kernel.org Reviewed-by: Artemy Kovalyov Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit fe3c60684377d5ad9b0569b87ed3e26e12c8173b Author: Qiushi Wu Date: Sat Jun 13 14:05:33 2020 -0500 firmware: Fix a reference count leak. kobject_init_and_add() takes reference even when it fails. If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Callback function fw_cfg_sysfs_release_entry() in kobject_put() can handle the pointer "entry" properly. Signed-off-by: Qiushi Wu Link: https://lore.kernel.org/r/20200613190533.15712-1-wu000273@umn.edu Signed-off-by: Michael S. Tsirkin commit bdd65589593edd79b6a12ce86b3b7a7c6dae5208 Author: Thomas Gleixner Date: Wed Jul 29 10:53:28 2020 +0200 x86/i8259: Use printk_deferred() to prevent deadlock 0day reported a possible circular locking dependency: Chain exists of: &irq_desc_lock_class --> console_owner --> &port_lock_key Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&port_lock_key); lock(console_owner); lock(&port_lock_key); lock(&irq_desc_lock_class); The reason for this is a printk() in the i8259 interrupt chip driver which is invoked with the irq descriptor lock held, which reverses the lock operations vs. printk() from arbitrary contexts. Switch the printk() to printk_deferred() to avoid that. Reported-by: kernel test robot Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/87365abt2v.fsf@nanos.tec.linutronix.de commit 8ac68dc455d9d18241d44b96800d73229029ed34 Author: Paul Moore Date: Tue Jul 28 15:33:21 2020 -0400 revert: 1320a4052ea1 ("audit: trigger accompanying records when no rules present") Unfortunately the commit listed in the subject line above failed to ensure that the task's audit_context was properly initialized/set before enabling the "accompanying records". Depending on the situation, the resulting audit_context could have invalid values in some of it's fields which could cause a kernel panic/oops when the task/syscall exists and the audit records are generated. We will revisit the original patch, with the necessary fixes, in a future kernel but right now we just want to fix the kernel panic with the least amount of added risk. Cc: stable@vger.kernel.org Fixes: 1320a4052ea1 ("audit: trigger accompanying records when no rules present") Reported-by: j2468h@googlemail.com Signed-off-by: Paul Moore commit 7fcd9bb5acd01250bcae1ecc0cb8b8d4bb5b7e63 Author: Ranjani Sridharan Date: Tue Jul 28 16:10:11 2020 -0700 ALSA: hda: fix NULL pointer dereference during suspend When the ASoC card registration fails and the codec component driver never probes, the codec device is not initialized and therefore memory for codec->wcaps is not allocated. This results in a NULL pointer dereference when the codec driver suspend callback is invoked during system suspend. Fix this by returning without performing any actions during codec suspend/resume if the card was not registered successfully. Reviewed-by: Pierre-Louis Bossart Signed-off-by: Ranjani Sridharan Link: https://lore.kernel.org/r/20200728231011.1454066-1-ranjani.sridharan@linux.intel.com Signed-off-by: Takashi Iwai commit 5bedd3afee8eb01ccd256f0cd2cc0fa6f841417a Author: Christoph Hellwig Date: Tue Jul 28 13:09:03 2020 +0200 nvme: add a Identify Namespace Identification Descriptor list quirk Add a quirk for a device that does not support the Identify Namespace Identification Descriptor list despite claiming 1.3 compliance. Fixes: ea43d9709f72 ("nvme: fix identify error status silent ignore") Reported-by: Ingo Brunberg Signed-off-by: Christoph Hellwig Tested-by: Ingo Brunberg Reviewed-by: Sagi Grimberg commit a4a2739beb8933a19281bca077fdb852598803ed Merge: 0d7869805a82 8490d6a7e0a0 Author: Dave Airlie Date: Wed Jul 29 12:44:45 2020 +1000 Merge tag 'drm-misc-fixes-2020-07-28' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes * drm: fix possible use-after-free * dbi: fix SPI Type 1 transfer * drm_fb_helper: use memcpy_io on bochs' sparc64 * mcde: fix stability * panel: fix display noise on auo,kd101n80-45na * panel: delay HPD checks for boe_nv133fhm_n61 * bridge: drop connector check in nwl-dsi bridge * bridge: set proper bridge type for adv7511 * of: fix a double free Signed-off-by: Dave Airlie From: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20200728110446.GA8076@linux-uq9g commit 1ed06dbc213e1408ab60faa3ac0c0855a3ddc52d Author: Martin Varghese Date: Tue Jul 28 22:35:52 2020 +0530 Documentation: bareudp: Corrected description of bareudp module. Removed redundant words. Fixes: 571912c69f0e ("net: UDP tunnel encapsulation module for tunnelling different protocols like MPLS, IP, NSH etc.") Signed-off-by: Martin Varghese Signed-off-by: David S. Miller commit 302d201b5cdf6f4781ee6cd9862f377f975d6c43 Author: Guillaume Nault Date: Sat Jul 25 15:06:47 2020 +0200 bareudp: forbid mixing IP and MPLS in multiproto mode In multiproto mode, bareudp_xmit() accepts sending multicast MPLS and IPv6 packets regardless of the bareudp ethertype. In practice, this let an IP tunnel send multicast MPLS packets, or an MPLS tunnel send IPv6 packets. We need to restrict the test further, so that the multiproto mode only enables * IPv6 for IPv4 tunnels, * or multicast MPLS for unicast MPLS tunnels. To improve clarity, the protocol validation is moved to its own function, where each logical test has its own condition. v2: s/ntohs/htons/ Fixes: 4b5f67232d95 ("net: Special handling for IP & MPLS.") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 706ec919164622ff5ce822065472d0f30a9e9dd2 Author: Xiyu Yang Date: Sat Jul 25 16:02:18 2020 +0800 ipv6: Fix nexthop refcnt leak when creating ipv6 route info ip6_route_info_create() invokes nexthop_get(), which increases the refcount of the "nh". When ip6_route_info_create() returns, local variable "nh" becomes invalid, so the refcount should be decreased to keep refcount balanced. The reference counting issue happens in one exception handling path of ip6_route_info_create(). When nexthops can not be used with source routing, the function forgets to decrease the refcnt increased by nexthop_get(), causing a refcnt leak. Fix this issue by pulling up the error source routing handling when nexthops can not be used with source routing. Fixes: f88d8ea67fbd ("ipv6: Plumb support for nexthop object in a fib6_info") Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Reviewed-by: David Ahern Signed-off-by: David S. Miller commit fa662d7816a5a3790f3ee49f27e5f65991d3347d Merge: 3cab8c655259 ed543f5c6a98 Author: David S. Miller Date: Tue Jul 28 17:14:48 2020 -0700 Merge branch 'Fix-bugs-in-Octeontx2-netdev-driver' Subbaraya Sundeep says: ==================== Fix bugs in Octeontx2 netdev driver There are problems in the existing Octeontx2 netdev drivers like missing cancel_work for the reset task, missing lock in reset task and missing unergister_netdev in driver remove. This patch set fixes the above problems. ==================== Signed-off-by: David S. Miller commit ed543f5c6a988d8a863d2436794230cef2c82389 Author: Subbaraya Sundeep Date: Sat Jul 25 10:13:54 2020 +0530 octeontx2-pf: Unregister netdev at driver remove Added unregister_netdev in the driver remove function. Generally unregister_netdev is called after disabling all the device interrupts but here it is called before disabling device mailbox interrupts. The reason behind this is VF needs mailbox interrupt to communicate with its PF to clean up its resources during otx2_stop. otx2_stop disables packet I/O and queue interrupts first and by using mailbox interrupt communicates to PF to free VF resources. Hence this patch calls unregister_device just before disabling mailbox interrupts. Fixes: 3184fb5ba96e ("octeontx2-vf: Virtual function driver support") Signed-off-by: Subbaraya Sundeep Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller commit c0376f473c5cc2ef94f8e1e055d173293cc3698c Author: Subbaraya Sundeep Date: Sat Jul 25 10:13:53 2020 +0530 octeontx2-pf: cancel reset_task work During driver exit cancel the queued reset_task work in VF driver. Fixes: 3184fb5ba96e ("octeontx2-vf: Virtual function driver support") Signed-off-by: Subbaraya Sundeep Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller commit 948a66338f44c16f52c0f03f6ad81a6f59eb5604 Author: Subbaraya Sundeep Date: Sat Jul 25 10:13:52 2020 +0530 octeontx2-pf: Fix reset_task bugs Two bugs exist in the code related to reset_task in PF driver one is the missing protection against network stack ndo_open and ndo_close. Other one is the missing cancel_work. This patch fixes those problems. Fixes: 4ff7d1488a84 ("octeontx2-pf: Error handling support") Signed-off-by: Subbaraya Sundeep Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller commit 3cab8c65525920f00d8f4997b3e9bb73aecb3a8e Author: Jakub Kicinski Date: Fri Jul 24 16:15:43 2020 -0700 mlx4: disable device on shutdown It appears that not disabling a PCI device on .shutdown may lead to a Hardware Error with particular (perhaps buggy) BIOS versions: mlx4_en: eth0: Close port called mlx4_en 0000:04:00.0: removed PHC reboot: Restarting system {1}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 1 {1}[Hardware Error]: event severity: fatal {1}[Hardware Error]: Error 0, type: fatal {1}[Hardware Error]: section_type: PCIe error {1}[Hardware Error]: port_type: 4, root port {1}[Hardware Error]: version: 1.16 {1}[Hardware Error]: command: 0x4010, status: 0x0143 {1}[Hardware Error]: device_id: 0000:00:02.2 {1}[Hardware Error]: slot: 0 {1}[Hardware Error]: secondary_bus: 0x04 {1}[Hardware Error]: vendor_id: 0x8086, device_id: 0x2f06 {1}[Hardware Error]: class_code: 000604 {1}[Hardware Error]: bridge: secondary_status: 0x2000, control: 0x0003 {1}[Hardware Error]: aer_uncor_status: 0x00100000, aer_uncor_mask: 0x00000000 {1}[Hardware Error]: aer_uncor_severity: 0x00062030 {1}[Hardware Error]: TLP Header: 40000018 040000ff 791f4080 00000000 [hw error repeats] Kernel panic - not syncing: Fatal hardware error! CPU: 0 PID: 2189 Comm: reboot Kdump: loaded Not tainted 5.6.x-blabla #1 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 05/05/2017 Fix the mlx4 driver. This is a very similar problem to what had been fixed in: commit 0d98ba8d70b0 ("scsi: hpsa: disable device during shutdown") to address https://bugzilla.kernel.org/show_bug.cgi?id=199779. Fixes: 2ba5fbd62b25 ("net/mlx4_core: Handle AER flow properly") Reported-by: Jake Lawrence Signed-off-by: Jakub Kicinski Reviewed-by: Saeed Mahameed Signed-off-by: David S. Miller commit a7ef23e56864ad7720b3a38ef408bc7c9a74c58d Merge: 19016d93bfc3 ce9b362bf6db Author: David S. Miller Date: Tue Jul 28 17:09:49 2020 -0700 Merge branch 'rhashtable-Fix-unprotected-RCU-dereference-in-__rht_ptr' Herbert Xu says: ==================== rhashtable: Fix unprotected RCU dereference in __rht_ptr This patch series fixes an unprotected dereference in __rht_ptr. The first patch is a minimal fix that does not use the correct RCU markings but is suitable for backport, and the second patch cleans up the RCU markings. ==================== Signed-off-by: David S. Miller commit ce9b362bf6db51a083c4221ef0f93c16cfb1facf Author: Herbert Xu Date: Fri Jul 24 20:14:34 2020 +1000 rhashtable: Restore RCU marking on rhash_lock_head This patch restores the RCU marking on bucket_table->buckets as it really does need RCU protection. Its removal had led to a fatal bug. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller commit 1748f6a2cbc4694523f16da1c892b59861045b9d Author: Herbert Xu Date: Fri Jul 24 20:12:53 2020 +1000 rhashtable: Fix unprotected RCU dereference in __rht_ptr The rcu_dereference call in rht_ptr_rcu is completely bogus because we've already dereferenced the value in __rht_ptr and operated on it. This causes potential double readings which could be fatal. The RCU dereference must occur prior to the comparison in __rht_ptr. This patch changes the order of RCU dereference so that it is done first and the result is then fed to __rht_ptr. The RCU marking changes have been minimised using casts which will be removed in a follow-up patch. Fixes: ba6306e3f648 ("rhashtable: Remove RCU marking from...") Reported-by: "Gong, Sishuai" Signed-off-by: Herbert Xu Signed-off-by: David S. Miller commit 19016d93bfc335f0c158c0d9e3b9d06c4dd53d39 Author: René van Dorst Date: Thu Jul 23 20:07:10 2020 +0100 net: ethernet: mtk_eth_soc: Always call mtk_gmac0_rgmii_adjust() for mt7623 Modify mtk_gmac0_rgmii_adjust() so it can always be called. mtk_gmac0_rgmii_adjust() sets-up the TRGMII clocks. Signed-off-by: René van Dorst Signed-off-By: David Woodhouse Tested-by: Frank Wunderlich Signed-off-by: David S. Miller commit b5cd55b334f3cdb2562c84626600f3728151ee29 Merge: 2ff34c909f75 350a63249d27 Author: David S. Miller Date: Tue Jul 28 16:55:13 2020 -0700 Merge tag 'mlx5-fixes-2020-07-28' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== mlx5 fixes-2020-07-28 This series introduces some fixes to mlx5 driver. v1->v2: - Drop the "Hold reference on mirred devices" patch, until Or's comments are addressed. - Imporve "Modify uplink state" patch commit message per Or's request. Please pull and let me know if there is any problem. For -Stable: For -stable v4.9 ('net/mlx5e: Fix error path of device attach') For -stable v4.15 ('net/mlx5: Verify Hardware supports requested ptp function on a given pin') For -stable v5.3 ('net/mlx5e: Modify uplink state on interface up/down') For -stable v5.4 ('net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev') ('net/mlx5: E-switch, Destroy TSAR when fail to enable the mode') For -stable v5.5 ('net/mlx5: E-switch, Destroy TSAR after reload interface') For -stable v5.7 ('net/mlx5: Fix a bug of using ptp channel index as pin index') ==================== Acked-by: Jakub Kicinski Signed-off-by: David S. Miller commit 2ff34c909f75d2d145a27b84e2ee6710a6b43446 Merge: e911e99a0770 ea060b352654 Author: David S. Miller Date: Tue Jul 28 13:35:44 2020 -0700 Merge branch 'net-lan78xx-fix-NULL-deref-and-memory-leak' Johan Hovold says: ==================== net: lan78xx: fix NULL deref and memory leak The first two patches fix a NULL-pointer dereference at probe that can be triggered by a malicious device and a small transfer-buffer memory leak, respectively. For another subsystem I would have marked them: Cc: stable@vger.kernel.org # 4.3 The third one replaces the driver's current broken endpoint lookup helper, which could end up accepting incomplete interfaces and whose results weren't even useeren Johan ==================== Signed-off-by: David S. Miller commit ea060b352654a8de1e070140d25fe1b7e4d50310 Author: Johan Hovold Date: Tue Jul 28 14:10:31 2020 +0200 net: lan78xx: replace bogus endpoint lookup Drop the bogus endpoint-lookup helper which could end up accepting interfaces based on endpoints belonging to unrelated altsettings. Note that the returned bulk pipes and interrupt endpoint descriptor were never actually used. Instead the bulk-endpoint numbers are hardcoded to 1 and 2 (matching the specification), while the interrupt- endpoint descriptor was assumed to be the third descriptor created by USB core. Try to bring some order to this by dropping the bogus lookup helper and adding the missing endpoint sanity checks while keeping the interrupt- descriptor assumption for now. Signed-off-by: Johan Hovold Signed-off-by: David S. Miller commit 63634aa679ba8b5e306ad0727120309ae6ba8a8e Author: Johan Hovold Date: Tue Jul 28 14:10:30 2020 +0200 net: lan78xx: fix transfer-buffer memory leak The interrupt URB transfer-buffer was never freed on disconnect or after probe errors. Fixes: 55d7de9de6c3 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver") Cc: Woojung.Huh@microchip.com Signed-off-by: Johan Hovold Signed-off-by: David S. Miller commit 8d8e95fd6d69d774013f51e5f2ee10c6e6d1fc14 Author: Johan Hovold Date: Tue Jul 28 14:10:29 2020 +0200 net: lan78xx: add missing endpoint sanity check Add the missing endpoint sanity check to prevent a NULL-pointer dereference should a malicious device lack the expected endpoints. Note that the driver has a broken endpoint-lookup helper, lan78xx_get_endpoints(), which can end up accepting interfaces in an altsetting without endpoints as long as *some* altsetting has a bulk-in and a bulk-out endpoint. Fixes: 55d7de9de6c3 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver") Cc: Woojung.Huh@microchip.com Signed-off-by: Johan Hovold Signed-off-by: David S. Miller commit e911e99a0770f760377c263bc7bac1b1593c6147 Author: Rustam Kovhaev Date: Mon Jul 27 23:42:17 2020 -0700 usb: hso: check for return value in hso_serial_common_create() in case of an error tty_register_device_attr() returns ERR_PTR(), add IS_ERR() check Reported-and-tested-by: syzbot+67b2bd0e34f952d0321e@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=67b2bd0e34f952d0321e Signed-off-by: Rustam Kovhaev Reviewed-by: Greg Kroah-Hartman Signed-off-by: David S. Miller commit 350a63249d270b1f5bd05c7e2a24cd8de0f9db20 Author: Alaa Hleihel Date: Wed Jul 15 11:46:30 2020 +0300 net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev After the cited commit, function 'mlx5_eswitch_set_vport_vlan' started to acquire esw->state_lock. However, esw is not defined for VF devices, hence attempting to set vf VLANID on a VF dev will cause a kernel panic. Fix it by moving up the (redundant) esw validation from function '__mlx5_eswitch_set_vport_vlan' since the rest of the callers now have and use a valid esw. For example with vf device eth4: # ip link set dev eth4 vf 0 vlan 0 Trace of the panic: [ 411.409842] BUG: unable to handle page fault for address: 00000000000011b8 [ 411.449745] #PF: supervisor read access in kernel mode [ 411.452348] #PF: error_code(0x0000) - not-present page [ 411.454938] PGD 80000004189c9067 P4D 80000004189c9067 PUD 41899a067 PMD 0 [ 411.458382] Oops: 0000 [#1] SMP PTI [ 411.460268] CPU: 4 PID: 5711 Comm: ip Not tainted 5.8.0-rc4_for_upstream_min_debug_2020_07_08_22_04 #1 [ 411.462447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [ 411.464158] RIP: 0010:__mutex_lock+0x4e/0x940 [ 411.464928] Code: fd 41 54 49 89 f4 41 52 53 89 d3 48 83 ec 70 44 8b 1d ee 03 b0 01 65 48 8b 04 25 28 00 00 00 48 89 45 c8 31 c0 45 85 db 75 0a <48> 3b 7f 60 0f 85 7e 05 00 00 49 8d 45 68 41 56 41 b8 01 00 00 00 [ 411.467678] RSP: 0018:ffff88841fcd74b0 EFLAGS: 00010246 [ 411.468562] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 411.469715] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000001158 [ 411.470812] RBP: ffff88841fcd7550 R08: ffffffffa00fa1ce R09: 0000000000000000 [ 411.471835] R10: ffff88841fcd7570 R11: 0000000000000000 R12: 0000000000000002 [ 411.472862] R13: 0000000000001158 R14: ffffffffa00fa1ce R15: 0000000000000000 [ 411.474004] FS: 00007faee7ca6b80(0000) GS:ffff88846fc00000(0000) knlGS:0000000000000000 [ 411.475237] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 411.476129] CR2: 00000000000011b8 CR3: 000000041909c006 CR4: 0000000000360ea0 [ 411.477260] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 411.478340] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 411.479332] Call Trace: [ 411.479760] ? __nla_validate_parse.part.6+0x57/0x8f0 [ 411.482825] ? mlx5_eswitch_set_vport_vlan+0x3e/0xa0 [mlx5_core] [ 411.483804] mlx5_eswitch_set_vport_vlan+0x3e/0xa0 [mlx5_core] [ 411.484733] mlx5e_set_vf_vlan+0x41/0x50 [mlx5_core] [ 411.485545] do_setlink+0x613/0x1000 [ 411.486165] __rtnl_newlink+0x53d/0x8c0 [ 411.486791] ? mark_held_locks+0x49/0x70 [ 411.487429] ? __lock_acquire+0x8fe/0x1eb0 [ 411.488085] ? rcu_read_lock_sched_held+0x52/0x60 [ 411.488998] ? kmem_cache_alloc_trace+0x16d/0x2d0 [ 411.489759] rtnl_newlink+0x47/0x70 [ 411.490357] rtnetlink_rcv_msg+0x24e/0x450 [ 411.490978] ? netlink_deliver_tap+0x92/0x3d0 [ 411.491631] ? validate_linkmsg+0x330/0x330 [ 411.492262] netlink_rcv_skb+0x47/0x110 [ 411.492852] netlink_unicast+0x1ac/0x270 [ 411.493551] netlink_sendmsg+0x336/0x450 [ 411.494209] sock_sendmsg+0x30/0x40 [ 411.494779] ____sys_sendmsg+0x1dd/0x1f0 [ 411.495378] ? copy_msghdr_from_user+0x5c/0x90 [ 411.496082] ___sys_sendmsg+0x87/0xd0 [ 411.496683] ? lock_acquire+0xb9/0x3a0 [ 411.497322] ? lru_cache_add+0x5/0x170 [ 411.497944] ? find_held_lock+0x2d/0x90 [ 411.498568] ? handle_mm_fault+0xe46/0x18c0 [ 411.499205] ? __sys_sendmsg+0x51/0x90 [ 411.499784] __sys_sendmsg+0x51/0x90 [ 411.500341] do_syscall_64+0x59/0x2e0 [ 411.500938] ? asm_exc_page_fault+0x8/0x30 [ 411.501609] ? rcu_read_lock_sched_held+0x52/0x60 [ 411.502350] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 411.503093] RIP: 0033:0x7faee73b85a7 [ 411.503654] Code: Bad RIP value. Fixes: 0e18134f4f9f ("net/mlx5e: Eswitch, use state_lock to synchronize vlan change") Signed-off-by: Alaa Hleihel Reviewed-by: Roi Dayan Reviewed-by: Vlad Buslov Signed-off-by: Saeed Mahameed commit 7d0314b11cdd92bca8b89684c06953bf114605fc Author: Ron Diskin Date: Sun Apr 5 13:58:40 2020 +0300 net/mlx5e: Modify uplink state on interface up/down When setting the PF interface up/down, notify the firmware to update uplink state via MODIFY_VPORT_STATE, when E-Switch is enabled. This behavior will prevent sending traffic out on uplink port when PF is down, such as sending traffic from a VF interface which is still up. Currently when calling mlx5e_open/close(), the driver only sends PAOS command to notify the firmware to set the physical port state to up/down, however, it is not sufficient. When VF is in "auto" state, it follows the uplink state, which was not updated on mlx5e_open/close() before this patch. When switchdev mode is enabled and uplink representor is first enabled, set the uplink port state value back to its FW default "AUTO". Fixes: 63bfd399de55 ("net/mlx5e: Send PAOS command on interface up/down") Signed-off-by: Ron Diskin Reviewed-by: Roi Dayan Reviewed-by: Moshe Shemesh Signed-off-by: Saeed Mahameed commit ed56d749c366be269d58b29597392e4a0ae71c0a Author: Eran Ben Elisha Date: Mon Jul 20 18:34:37 2020 +0300 net/mlx5: Query PPS pin operational status before registering it In a special configuration, a ConnectX6-Dx pin pps-out might be activated when driver is loaded. Fix the driver to always read the operational pin mode when registering it, and advertise it accordingly. Fixes: ee7f12205abc ("net/mlx5e: Implement 1PPS support") Signed-off-by: Eran Ben Elisha Signed-off-by: Saeed Mahameed commit 21083309cab1a66877b410cd61340b5dd7cf4875 Author: Raed Salem Date: Thu Jul 9 15:51:53 2020 +0300 net/mlx5e: Fix slab-out-of-bounds in mlx5e_rep_is_lag_netdev mlx5e_rep_is_lag_netdev is used as first check as part of netdev events handler for bond device of non-uplink representors, this handler can get any netdevice under the same network namespace of mlx5e netdevice. Current code treats the netdev as mlx5e netdev and only later on verifies this, hence causes the following Kasan trace: [15402.744990] ================================================================== [15402.746942] BUG: KASAN: slab-out-of-bounds in mlx5e_rep_is_lag_netdev+0xcb/0xf0 [mlx5_core] [15402.749009] Read of size 8 at addr ffff880391f3f6b0 by task ovs-vswitchd/5347 [15402.752065] CPU: 7 PID: 5347 Comm: ovs-vswitchd Kdump: loaded Tainted: G B O --------- -t - 4.18.0-g3dcc204d291d-dirty #1 [15402.755349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [15402.757600] Call Trace: [15402.758968] dump_stack+0x71/0xab [15402.760427] print_address_description+0x6a/0x270 [15402.761969] kasan_report+0x179/0x2d0 [15402.763445] ? mlx5e_rep_is_lag_netdev+0xcb/0xf0 [mlx5_core] [15402.765121] mlx5e_rep_is_lag_netdev+0xcb/0xf0 [mlx5_core] [15402.766782] mlx5e_rep_esw_bond_netevent+0x129/0x620 [mlx5_core] Fix by deferring the violating access to be post the netdev verify check. Fixes: 7e51891a237f ("net/mlx5e: Use netdev events to set/del egress acl forward-to-vport rule") Signed-off-by: Raed Salem Reviewed-by: Roi Dayan Reviewed-by: Vu Pham Signed-off-by: Saeed Mahameed commit 071995c877a8646209d55ff8edddd2b054e7424c Author: Eran Ben Elisha Date: Wed Jul 8 11:10:01 2020 +0300 net/mlx5: Verify Hardware supports requested ptp function on a given pin Fix a bug where driver did not verify Hardware pin capabilities for PTP functions. Fixes: ee7f12205abc ("net/mlx5e: Implement 1PPS support") Signed-off-by: Eran Ben Elisha Reviewed-by: Ariel Levkovich Signed-off-by: Saeed Mahameed commit 88c8cf92db48b2e359fe3051ad8e09829c1bee5d Author: Eran Ben Elisha Date: Wed Jul 8 18:53:19 2020 +0300 net/mlx5: Fix a bug of using ptp channel index as pin index On PTP mlx5_ptp_enable(on=0) flow, driver mistakenly used channel index as pin index. After ptp patch marked in fixes tag was introduced, driver can freely call ptp_find_pin() as part of the .enable() callback. Fix driver mlx5_ptp_enable(on=0) flow to always use ptp_find_pin(). With that, Driver will use the correct pin index in mlx5_ptp_enable(on=0) flow. In addition, when initializing the pins, always set channel to zero. As all pins can be attached to all channels, let ptp_set_pinfunc() to move them between the channels. For stable branches, this fix to be applied only on kernels that includes both patches in fixes tag. Otherwise, mlx5_ptp_enable(on=0) will be stuck on pincfg_mux. Fixes: 62582a7ee783 ("ptp: Avoid deadlocks in the programmable pin code.") Fixes: ee7f12205abc ("net/mlx5e: Implement 1PPS support") Signed-off-by: Eran Ben Elisha Reviewed-by: Ariel Levkovich Signed-off-by: Saeed Mahameed commit 0e2e7aa57b8060ee357839dc4f1731a724ba387b Author: Maor Dickman Date: Wed Jul 8 13:01:36 2020 +0300 net/mlx5e: Fix missing cleanup of ethtool steering during rep rx cleanup The cited commit add initialization of ethtool steering during representor rx initializations without cleaning it up in representor rx cleanup, this may cause for stale ethtool flows to remain after moving back from switchdev mode to legacy mode. Fixed by calling ethtool steering cleanup during rep rx cleanup. Fixes: 6783e8b29f63 ("net/mlx5e: Init ethtool steering for representors") Signed-off-by: Maor Dickman Reviewed-by: Roi Dayan Reviewed-by: Vlad Buslov Signed-off-by: Saeed Mahameed commit 5cd39b6e9a420329a9a408894be7ba8aa7dd755e Author: Aya Levin Date: Wed Jul 1 12:21:53 2020 +0300 net/mlx5e: Fix error path of device attach On failure to attach the netdev, fix the rollback by re-setting the device's state back to MLX5E_STATE_DESTROYING. Failing to attach doesn't stop statistics polling via .ndo_get_stats64. In this case, although the device is not attached, it falsely continues to query the firmware for counters. Setting the device's state back to MLX5E_STATE_DESTROYING prevents the firmware counters query. Fixes: 26e59d8077a3 ("net/mlx5e: Implement mlx5e interface attach/detach callbacks") Signed-off-by: Aya Levin Reviewed-by: Tariq Toukan Signed-off-by: Saeed Mahameed commit 59f8f7c84c506cd4fafbfa47acd23ebdb6256dac Author: Maor Gottlieb Date: Thu Jun 25 10:56:07 2020 +0300 net/mlx5: Fix forward to next namespace The steering tree is as follow (nic RX as example): --------- |root_ns| --------- | -------------------------------- | | | ---------- ---------- --------- |p(prio)0| | p1 | | pn | ---------- ---------- --------- | | ---------------- --------------- |ns(e.g bypass)| |ns(e.g. lag) | ---------------- --------------- | | | ---- ---- ---- |p0| |p1| |pn| ---- ---- ---- | ---- |FT| ---- find_next_chained_ft(prio) returns the first flow table in the next priority. If prio is a parent of a flow table then it returns the first flow table in the next priority in the same namespace, else if prio is parent of namespace, then it should return the first flow table in the next namespace. Currently if the user requests to forward to next namespace, the code calls to find_next_chained_ft with the prio of the next namespace and not the prio of the namesapce itself. Fixes: 9254f8ed15b6 ("net/mlx5: Add support in forward to namespace") Signed-off-by: Maor Gottlieb Reviewed-by: Mark Bloch Signed-off-by: Saeed Mahameed commit 0c2600c619578f759cf3d5192b01bd14e281f24c Author: Parav Pandit Date: Sat Jun 27 13:11:56 2020 +0300 net/mlx5: E-switch, Destroy TSAR after reload interface When eswitch offloads is enabled, TSAR is created before reloading the interfaces. However when eswitch offloads mode is disabled, TSAR is disabled before reloading the interfaces. To keep the eswitch enable/disable sequence as mirror, destroy TSAR after reloading the interfaces. Fixes: 1bd27b11c1df ("net/mlx5: Introduce E-switch QoS management") Signed-off-by: Parav Pandit Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed commit 2b8e9c7c3fd0e31091edb1c66cc06ffe4988ca21 Author: Parav Pandit Date: Sat Jun 27 13:29:28 2020 +0300 net/mlx5: E-switch, Destroy TSAR when fail to enable the mode When either esw_legacy_enable() or esw_offloads_enable() fails, code missed to destroy the created TSAR. Hence, add the missing call to destroy the TSAR. Fixes: 610090ebce92 ("net/mlx5: E-switch, Initialize TSAR Qos hardware block before its user vports") Signed-off-by: Parav Pandit Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed commit 7a9212d1783192eb087a24f7ef47e777e1d1a790 Merge: 181964e619b7 b7b5d25bdd7b Author: David S. Miller Date: Tue Jul 28 12:54:48 2020 -0700 Merge branch 'hns3-fixes' Huazhong Tan says: ==================== net: hns3: fixes for -net There are some bugfixes for the HNS3 ethernet driver. patch#1 fixes a desc filling bug, patch#2 fixes a false TX timeout issue, and patch#3~#5 fixes some bugs related to VLAN and FD. ==================== Signed-off-by: David S. Miller commit b7b5d25bdd7bdea7d72a41e0a97b1b8f3dea2ee7 Author: Guojia Liao Date: Tue Jul 28 10:16:52 2020 +0800 net: hns3: fix for VLAN config when reset failed When device is resetting or reset failed, firmware is unable to handle mailbox. VLAN should not be configured in this case. Fixes: fe4144d47eef ("net: hns3: sync VLAN filter entries when kill VLAN ID failed") Signed-off-by: Guojia Liao Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit efe3fa45f770f1d66e2734ee7a3523c75694ff04 Author: Guojia Liao Date: Tue Jul 28 10:16:51 2020 +0800 net: hns3: fix aRFS FD rules leftover after add a user FD rule When user had created a FD rule, all the aRFS rules should be clear up. HNS3 process flow as below: 1.get spin lock of fd_ruls_list 2.clear up all aRFS rules 3.release lock 4.get spin lock of fd_ruls_list 5.creat a rules 6.release lock; There is a short period of time between step 3 and step 4, which would creatting some new aRFS FD rules if driver was receiving packet. So refactor the fd_rule_lock to fix it. Fixes: 441228875706 ("net: hns3: refine the flow director handle") Signed-off-by: Guojia Liao Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit a6f7bfdc78ddd8d719d108fef973b4e4a5a6ac6b Author: Jian Shen Date: Tue Jul 28 10:16:50 2020 +0800 net: hns3: add reset check for VF updating port based VLAN Currently hclgevf_update_port_base_vlan_info() may be called when VF is resetting, which may cause hns3_nic_net_open() being called twice unexpectedly. So fix it by adding a reset check for it, and extend critical region for rntl_lock in hclgevf_update_port_base_vlan_info(). Fixes: 92f11ea177cd ("net: hns3: fix set port based VLAN issue for VF") Signed-off-by: Jian Shen Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit a7e90ee5965fafc53d36e8b3205f08c88d7bc11f Author: Yonglong Liu Date: Tue Jul 28 10:16:49 2020 +0800 net: hns3: fix a TX timeout issue When the queue depth and queue parameters are modified, there is a low probability that TX timeout occurs. The two operations cause the link to be down or up when the watchdog is still working. All queues are stopped when the link is down. After the carrier is on, all queues are woken up. If the watchdog detects the link between the carrier on and wakeup queues, a false TX timeout occurs. So fix this issue by modifying the sequence of carrier on and queue wakeup, which is symmetrical to the link down action. Fixes: 76ad4f0ee747 ("net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC") Signed-off-by: Yonglong Liu Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit cfdaeba5ddc98b303639a3265c2031ac5db249d6 Author: Yunsheng Lin Date: Tue Jul 28 10:16:48 2020 +0800 net: hns3: fix desc filling bug when skb is expanded or lineared The linear and frag data part may be changed when the skb is expanded or lineared in skb_cow_head() or skb_checksum_help(), which is called by hns3_fill_skb_desc(), so the linear len return by skb_headlen() before the calling of hns3_fill_skb_desc() is unreliable. Move hns3_fill_skb_desc() before the calling of skb_headlen() to fix this bug. Fixes: 76ad4f0ee747 ("net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC") Signed-off-by: Yunsheng Lin Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit 6ba1b005ffc388c2aeaddae20da29e4810dea298 Merge: fb896c910712 214ba3584b2e Author: Linus Torvalds Date: Tue Jul 28 11:55:53 2020 -0700 Merge tag 'asm-generic-fixes-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic into master Pull asm-generic bugfix from Arnd Bergmann: "A single bugfix for a regression introduced through a typo in the v5.8 merge window, leading to incorrect data returned from inl() on some architectures" * tag 'asm-generic-fixes-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic: io: Fix return type of _inb and _inl commit fb896c9107127ec80263225dc060d9622697d76b Merge: 4764e61e1d57 fe1d899f4212 Author: Linus Torvalds Date: Tue Jul 28 11:44:44 2020 -0700 Merge tag 'arm-fixes-5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc into master Pull ARM SoC DT fixes from Arnd Bergmann: "These are the latest device tree fixes for Arm SoCs: - TI Keystone2 ethernet regressed after a driver change broke with incorrect phy-mode in a board's DT source. - A similar fix is needed for two i.MX boards that were missed in an earlier bugfix. - DT change for Armada 38x allowing to add the register needed to fix NETA lockup when repeatedly switching speed. - One fix on imx6qdl-icore pin muxing to get USB OTG_ID and SD card detect work correctly. - Two fixes for the Allwinner SoCs, one to relax the CMA allocation ranges that were failing on older SoCs and one to fix Cedrus on the H6" * tag 'arm-fixes-5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: ARM: dts: keystone-k2g-evm: fix rgmii phy-mode for ksz9031 phy ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 arm64: dts: allwinner: h6: Fix Cedrus IOMMU usage ARM: dts sunxi: Relax a bit the CMA pool allocation range commit 8808981baf96e1b3dea1f08461e4d958aa0dbde1 Author: Wolfram Sang Date: Sat Jul 25 21:50:53 2020 +0200 i2c: slave: add sanity check when unregistering Signed-off-by: Wolfram Sang Reviewed-by: Alain Volmat Signed-off-by: Wolfram Sang commit 1b1be3bf27b62f5abcf85c6f3214bdb9c7526685 Author: Wolfram Sang Date: Sat Jul 25 21:50:52 2020 +0200 i2c: slave: improve sanity check when registering Add check for ERR_PTR and simplify code while here. Signed-off-by: Wolfram Sang Reviewed-by: Alain Volmat Signed-off-by: Wolfram Sang commit c2c3657f0aedb8736a0fb7b2b1985adfb86e7802 Author: Takashi Iwai Date: Tue Jul 28 10:20:33 2020 +0200 ALSA: hda/hdmi: Fix keep_power assignment for non-component devices It's been reported that, when neither nouveau nor Nvidia graphics driver is used, the screen starts flickering. And, after comparing between the working case (stable 4.4.x) and the broken case, it turned out that the problem comes from the audio component binding. The Nvidia and AMD audio binding code clears the bus->keep_power flag whenever snd_hdac_acomp_init() succeeds. But this doesn't mean that the component is actually bound, but it merely indicates that it's ready for binding. So, when both nouveau and Nvidia are blacklisted or not ready, the driver keeps running without the audio component but also with bus->keep_power = false. This made the driver runtime PM kicked in and powering down when unused, which results in flickering in the graphics side, as it seems. For fixing the bug, this patch moves the bus->keep_power flag change into generic_acomp_notifier_set() that is the function called from the master_bind callback of component ops; i.e. it's guaranteed that the binding succeeded. BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208609 Fixes: 5a858e79c911 ("ALSA: hda - Disable audio component for legacy Nvidia HDMI codecs") Cc: Link: https://lore.kernel.org/r/20200728082033.23933-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit b757b47a2fcba584d4a32fd7ee68faca510ab96f Author: Will Deacon Date: Thu Jul 23 11:17:14 2020 +0100 KVM: arm64: Don't inherit exec permission across page-table levels If a stage-2 page-table contains an executable, read-only mapping at the pte level (e.g. due to dirty logging being enabled), a subsequent write fault to the same page which tries to install a larger block mapping (e.g. due to dirty logging having been disabled) will erroneously inherit the exec permission and consequently skip I-cache invalidation for the rest of the block. Ensure that exec permission is only inherited by write faults when the new mapping is of the same size as the existing one. A subsequent instruction abort will result in I-cache invalidation for the entire block mapping. Signed-off-by: Will Deacon Signed-off-by: Marc Zyngier Tested-by: Quentin Perret Reviewed-by: Quentin Perret Cc: Marc Zyngier Cc: Link: https://lore.kernel.org/r/20200723101714.15873-1-will@kernel.org commit bf4086b1a1efa3d3a2c17582e00bbd2176dfe177 Author: Marc Zyngier Date: Wed Jul 22 17:22:31 2020 +0100 KVM: arm64: Prevent vcpu_has_ptrauth from generating OOL functions So far, vcpu_has_ptrauth() is implemented in terms of system_supports_*_auth() calls, which are declared "inline". In some specific conditions (clang and SCS), the "inline" very much turns into an "out of line", which leads to a fireworks when this predicate is evaluated on a non-VHE system (right at the beginning of __hyp_handle_ptrauth). Instead, make sure vcpu_has_ptrauth gets expanded inline by directly using the cpus_have_final_cap() helpers, which are __always_inline, generate much better code, and are the only thing that make sense when running at EL2 on a nVHE system. Fixes: 29eb5a3c57f7 ("KVM: arm64: Handle PtrAuth traps early") Reported-by: Nathan Chancellor Reported-by: Nick Desaulniers Signed-off-by: Marc Zyngier Tested-by: Nathan Chancellor Reviewed-by: Nathan Chancellor Link: https://lore.kernel.org/r/20200722162231.3689767-1-maz@kernel.org commit d5dba1376e2bafec0f4408dc65706c5908964083 Author: Sabrina Dubroca Date: Mon Jul 27 16:03:47 2020 +0200 xfrm: esp6: fix the location of the transport header with encapsulation commit 17175d1a27c6 ("xfrm: esp6: fix encapsulation header offset computation") changed esp6_input_done2 to correctly find the size of the IPv6 header that precedes the TCP/UDP encapsulation header, but didn't adjust the final call to skb_set_transport_header, which I assumed was correct in using skb_network_header_len. Xiumei Mu reported that when we create xfrm states that include port numbers in the selector, traffic from the user sockets is dropped. It turns out that we get a state mismatch in __xfrm_policy_check, because we end up trying to compare the encapsulation header's ports with the selector that's based on user traffic ports. Fixes: 0146dca70b87 ("xfrm: add support for UDPv6 encapsulation of ESP") Fixes: 26333c37fc28 ("xfrm: add IPv6 support for espintcp") Reported-by: Xiumei Mu Signed-off-by: Sabrina Dubroca Signed-off-by: Steffen Klassert commit 4764e61e1d57c0bc3569dbc540af8bb28e18d2e6 Merge: 92ed30191993 04a8a3d0a73f Author: Linus Torvalds Date: Mon Jul 27 17:04:45 2020 -0700 Merge tag 'sh-for-5.8-part2' of git://git.libc.org/linux-sh into master Pull arch/sh fixes from Rich Felker: "Two last-minute fixes: one is for a boot regression (mmu code broken) and the other fixes a long-standing broken syscall number bounds check" * tag 'sh-for-5.8-part2' of git://git.libc.org/linux-sh: sh: Fix validation of system call number sh/tlb: Fix PGTABLE_LEVELS > 2 commit 181964e619b76ae2e71bcdc6001cf977bec4cf6e Author: Al Viro Date: Mon Jul 27 19:22:20 2020 +0100 fix a braino in cmsghdr_from_user_compat_to_kern() commit 547ce4cfb34c ("switch cmsghdr_from_user_compat_to_kern() to copy_from_user()") missed one of the places where ucmlen should've been replaced with cmsg.cmsg_len, now that we are fetching the entire struct rather than doing it field-by-field. As the result, compat sendmsg() with several different-sized cmsg attached started to fail with EINVAL. Trivial to fix, fortunately. Fixes: 547ce4cfb34c ("switch cmsghdr_from_user_compat_to_kern() to copy_from_user()") Reported-by: Nick Bowler Tested-by: Nick Bowler Signed-off-by: Al Viro Signed-off-by: David S. Miller commit 04a8a3d0a73f51c7c2da84f494db7ec1df230e69 Author: Michael Karcher Date: Thu Jul 23 01:13:19 2020 +0200 sh: Fix validation of system call number The slow path for traced system call entries accessed a wrong memory location to get the number of the maximum allowed system call number. Renumber the numbered "local" label for the correct location to avoid collisions with actual local labels. Signed-off-by: Michael Karcher Tested-by: John Paul Adrian Glaubitz Fixes: f3a8308864f920d2 ("sh: Add a few missing irqflags tracing markers.") Signed-off-by: Rich Felker commit c7bcbc8ab9cb20536b8f50c62a48cebda965fdba Author: Peter Zijlstra Date: Fri Jul 17 13:10:07 2020 +0200 sh/tlb: Fix PGTABLE_LEVELS > 2 Geert reported that his SH7722-based Migo-R board failed to boot after commit: c5b27a889da9 ("sh/tlb: Convert SH to generic mmu_gather") That commit fell victim to copying the wrong pattern -- __pmd_free_tlb() used to be implemented with pmd_free(). Fixes: c5b27a889da9 ("sh/tlb: Convert SH to generic mmu_gather") Reported-by: Geert Uytterhoeven Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Geert Uytterhoeven Tested-by: Geert Uytterhoeven Signed-off-by: Rich Felker commit 8490d6a7e0a0a6fab5c2d82d57a3937306660864 Author: Steve Cohen Date: Mon Jul 20 18:30:50 2020 -0400 drm: hold gem reference until object is no longer accessed A use-after-free in drm_gem_open_ioctl can happen if the GEM object handle is closed between the idr lookup and retrieving the size from said object since a local reference is not being held at that point. Hold the local reference while the object can still be accessed to fix this and plug the potential security hole. Signed-off-by: Steve Cohen Cc: stable@vger.kernel.org Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/1595284250-31580-1-git-send-email-cohens@codeaurora.org commit 11d268107ad4c7d694148269e3b23ef43dd0e8ba Merge: 5fd82200d870 94b6c13be57c Author: David S. Miller Date: Mon Jul 27 12:56:59 2020 -0700 Merge branch 'selftests-net-Fix-clang-warnings-on-powerpc' Tanner Love says: ==================== selftests/net: Fix clang warnings on powerpc This is essentially a v2 of http://patchwork.ozlabs.org/project/netdev/patch/20200724181757.2331172-1-tannerlove.kernel@gmail.com/, but it has been split up in order to have only one "Fixes" tag per patch. ==================== Signed-off-by: David S. Miller commit 94b6c13be57cdedb7cf4d33dbcd066fad133f22b Author: Tanner Love Date: Mon Jul 27 12:25:31 2020 -0400 selftests/net: tcp_mmap: fix clang warning for target arch PowerPC When size_t maps to unsigned int (e.g. on 32-bit powerpc), then the comparison with 1<<35 is always true. Clang 9 threw: warning: result of comparison of constant 34359738368 with \ expression of type 'size_t' (aka 'unsigned int') is always true \ [-Wtautological-constant-out-of-range-compare] while (total < FILE_SZ) { Tested: make -C tools/testing/selftests TARGETS="net" run_tests Fixes: 192dc405f308 ("selftests: net: add tcp_mmap program") Signed-off-by: Tanner Love Acked-by: Willem de Bruijn Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit b4da96ffd30bd4a305045ba5c9b0de5d4aa20dc7 Author: Tanner Love Date: Mon Jul 27 12:25:30 2020 -0400 selftests/net: so_txtime: fix clang issues for target arch PowerPC On powerpcle, int64_t maps to long long. Clang 9 threw: warning: absolute value function 'labs' given an argument of type \ 'long long' but has parameter of type 'long' which may cause \ truncation of value [-Wabsolute-value] if (labs(tstop - texpect) > cfg_variance_us) Tested: make -C tools/testing/selftests TARGETS="net" run_tests Fixes: af5136f95045 ("selftests/net: SO_TXTIME with ETF and FQ") Signed-off-by: Tanner Love Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 64f9ede2274980076423583683d44480909b7a40 Author: Tanner Love Date: Mon Jul 27 12:25:29 2020 -0400 selftests/net: psock_fanout: fix clang issues for target arch PowerPC Clang 9 threw: warning: format specifies type 'unsigned short' but the argument has \ type 'int' [-Wformat] typeflags, PORT_BASE, PORT_BASE + port_off); Tested: make -C tools/testing/selftests TARGETS="net" run_tests Fixes: 77f65ebdca50 ("packet: packet fanout rollover during socket overload") Signed-off-by: Tanner Love Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 955cbe91bcf782c09afe369c95a20f0a4b6dcc3c Author: Tanner Love Date: Mon Jul 27 12:25:28 2020 -0400 selftests/net: rxtimestamp: fix clang issues for target arch PowerPC The signedness of char is implementation-dependent. Some systems (including PowerPC and ARM) use unsigned char. Clang 9 threw: warning: result of comparison of constant -1 with expression of type \ 'char' is always true [-Wtautological-constant-out-of-range-compare] &arg_index)) != -1) { Tested: make -C tools/testing/selftests TARGETS="net" run_tests Fixes: 16e781224198 ("selftests/net: Add a test to validate behavior of rx timestamps") Signed-off-by: Tanner Love Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 5fd82200d870a5dd3e509c98ef2041f580b2c0e1 Author: laurent brando Date: Mon Jul 27 18:26:14 2020 +0800 net: mscc: ocelot: fix hardware timestamp dequeue logic The next hw timestamp should be snapshoot to the read registers only once the current timestamp has been read. If none of the pending skbs matches the current HW timestamp just gracefully flush the available timestamp by reading it. Signed-off-by: laurent brando Signed-off-by: Vladimir Oltean Signed-off-by: Yangbo Lu Signed-off-by: David S. Miller commit 367fe04eb64760fab400bdc990cc6067071e1e39 Author: Matthieu Baerts Date: Mon Jul 27 12:24:33 2020 +0200 mptcp: fix joined subflows with unblocking sk Unblocking sockets used for outgoing connections were not containing inet info about the initial connection due to a typo there: the value of "err" variable is negative in the kernelspace. This fixes the creation of additional subflows where the remote port has to be reused if the other host didn't announce another one. This also fixes inet_diag showing blank info about MPTCP sockets from unblocking sockets doing a connect(). Fixes: 41be81a8d3d0 ("mptcp: fix unblocking connect()") Signed-off-by: Matthieu Baerts Acked-by: Paolo Abeni Signed-off-by: David S. Miller commit 900ab59e2621053b009f707f80b2c19ce0af5dee Author: Paul Cercueil Date: Fri Jul 3 16:13:41 2020 +0200 drm/dbi: Fix SPI Type 1 (9-bit) transfer The function mipi_dbi_spi1_transfer() will transfer its payload as 9-bit data, the 9th (MSB) bit being the data/command bit. In order to do that, it unpacks the 8-bit values into 16-bit values, then sets the 9th bit if the byte corresponds to data, clears it otherwise. The 7 MSB are padding. The array of now 16-bit values is then passed to the SPI core for transfer. This function was broken since its introduction, as the length of the SPI transfer was set to the payload size before its conversion, but the payload doubled in size due to the 8-bit -> 16-bit conversion. Fixes: 02dd95fe3169 ("drm/tinydrm: Add MIPI DBI support") Cc: # 5.4+ Signed-off-by: Paul Cercueil Reviewed-by: Sam Ravnborg Reviewed-by: Noralf Trønnes Signed-off-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/20200703141341.1266263-1-paul@crapouillou.net commit d076947912696efc1e223b25799a025cd73d6a22 Author: Akash Asthana Date: Mon Jul 27 13:56:00 2020 +0530 MAINTAINERS: Update GENI I2C maintainers list Alok Chauhan has moved out of GENI team, he no longer supports GENI I2C driver, remove him from maintainer list. Add Akash Asthana & Mukesh Savaliya as maintainers for GENI I2C drivers. Signed-off-by: Akash Asthana Signed-off-by: Wolfram Sang commit 8be23aec0ee151de731626d5578973fde25b2285 Author: Wolfram Sang Date: Sat Jul 25 16:07:36 2020 +0200 i2c: also convert placeholder function to return errno All i2c_new_device-alike functions return ERR_PTR these days, but this fallback function was missed. Fixes: 2dea645ffc21 ("i2c: acpi: Return error pointers from i2c_acpi_new_device()") Signed-off-by: Wolfram Sang Reviewed-by: Andy Shevchenko [wsa: changed from 'ENOSYS' to 'ENODEV'] Signed-off-by: Wolfram Sang commit a6630529aecb5a3e84370c376ed658e892e6261e Author: Takashi Iwai Date: Mon Jul 27 18:44:43 2020 +0200 ALSA: hda: Workaround for spurious wakeups on some Intel platforms We've received a regression report on Intel HD-audio controller that wakes up immediately after S3 suspend. The bisection leads to the commit c4c8dd6ef807 ("ALSA: hda: Skip controller resume if not needed"). This commit replaces the system-suspend to use pm_runtime_force_suspend() instead of the direct call of __azx_runtime_suspend(). However, by some really mysterious reason, pm_runtime_force_suspend() causes a spurious wakeup (although it calls the same __azx_runtime_suspend() internally). As an ugly workaround for now, revert the behavior to call __azx_runtime_suspend() and __azx_runtime_resume() for those old Intel platforms that may exhibit such a problem, while keeping the new standard pm_runtime_force_suspend() and pm_runtime_force_resume() pair for the remaining chips. Fixes: c4c8dd6ef807 ("ALSA: hda: Skip controller resume if not needed") BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208649 Cc: Link: https://lore.kernel.org/r/20200727164443.4233-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit 5351a56b1a4ceafd7a17ebfdf3cda430cdfd365d Author: Jason Gunthorpe Date: Mon Jul 27 12:57:12 2020 +0300 RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails destroy_prefetch_work() must always be called if the work is not going to be queued. The num_sge also should have been set to i, not i-1 which avoids the condition where it shouldn't have been called in the first place. Cc: stable@vger.kernel.org Fixes: fb985e278a30 ("RDMA/mlx5: Use SRCU properly in ODP prefetch") Link: https://lore.kernel.org/r/20200727095712.495652-1-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 31142a4ba617f5aa8aefdf1c65561ca30d43f360 Author: Jason Gunthorpe Date: Fri Jul 24 10:19:29 2020 -0300 RDMA/cm: Add min length checks to user structure copies These are missing throughout ucma, it harmlessly copies garbage from userspace, but in this new code which uses min to compute the copy length it can result in uninitialized stack memory. Check for minimum length at the very start. BUG: KMSAN: uninit-value in ucma_connect+0x2aa/0xab0 drivers/infiniband/core/ucma.c:1091 CPU: 0 PID: 8457 Comm: syz-executor069 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1df/0x240 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 ucma_connect+0x2aa/0xab0 drivers/infiniband/core/ucma.c:1091 ucma_write+0x5c5/0x630 drivers/infiniband/core/ucma.c:1764 do_loop_readv_writev fs/read_write.c:737 [inline] do_iter_write+0x710/0xdc0 fs/read_write.c:1020 vfs_writev fs/read_write.c:1091 [inline] do_writev+0x42d/0x8f0 fs/read_write.c:1134 __do_sys_writev fs/read_write.c:1207 [inline] __se_sys_writev+0x9b/0xb0 fs/read_write.c:1204 __x64_sys_writev+0x4a/0x70 fs/read_write.c:1204 do_syscall_64+0xb0/0x150 arch/x86/entry/common.c:386 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 34e2ab57a911 ("RDMA/ucma: Extend ucma_connect to receive ECE parameters") Fixes: 0cb15372a615 ("RDMA/cma: Connect ECE to rdma_accept") Link: https://lore.kernel.org/r/0-v1-d5b86dab17dc+28c25-ucma_syz_min_jgg@nvidia.com Reported-by: syzbot+086ab5ca9eafd2379aa6@syzkaller.appspotmail.com Reported-by: syzbot+7446526858b83c8828b2@syzkaller.appspotmail.com Reviewed-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 2a1658bf922ffd9b7907e270a7d9cdc9643fc45d Author: Sam Ravnborg Date: Thu Jul 9 21:30:16 2020 +0200 drm/drm_fb_helper: fix fbdev with sparc64 Recent kernels have been reported to panic using the bochs_drm framebuffer under qemu-system-sparc64 which was bisected to commit 7a0483ac4ffc ("drm/bochs: switch to generic drm fbdev emulation"). The backtrace indicates that the shadow framebuffer copy in drm_fb_helper_dirty_blit_real() is trying to access the real framebuffer using a virtual address rather than use an IO access typically implemented using a physical (ASI_PHYS) access on SPARC. The fix is to replace the memcpy with memcpy_toio() from io.h. memcpy_toio() uses writeb() where the original fbdev code used sbus_memcpy_toio(). The latter uses sbus_writeb(). The difference between writeb() and sbus_memcpy_toio() is that writeb() writes bytes in little-endian, where sbus_writeb() writes bytes in big-endian. As endian does not matter for byte writes they are the same. So we can safely use memcpy_toio() here. Note that this only fixes bochs, in general fbdev helpers still have issues with mixing up system memory and __iomem space. Fixing that will require a lot more work. v3: - Improved changelog (Daniel) - Added FIXME to fbdev_use_iomem (Daniel) v2: - Added missing __iomem cast (kernel test robot) - Made changelog readable and fix typos (Mark) - Add flag to select iomem - and set it in the bochs driver Signed-off-by: Sam Ravnborg Reported-by: Mark Cave-Ayland Reported-by: kernel test robot Tested-by: Mark Cave-Ayland Reviewed-by: Daniel Vetter Cc: Mark Cave-Ayland Cc: Thomas Zimmermann Cc: Gerd Hoffmann Cc: "David S. Miller" Cc: sparclinux@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20200709193016.291267-1-sam@ravnborg.org Link: https://patchwork.freedesktop.org/patch/msgid/20200725191012.GA434957@ravnborg.org commit 5e105c88ab4859bc1aedd29e8d2f55e599427035 Author: Paolo Bonzini Date: Mon Jul 27 08:55:09 2020 -0400 KVM: nVMX: check for invalid hdr.vmx.flags hdr.vmx.flags is meant for future extensions to the ABI, rejecting invalid flags is necessary to avoid broken half-loads of the nVMX state. Signed-off-by: Paolo Bonzini commit 0f02bd0ade9a552492463c0159abbe26c4d92b40 Author: Paolo Bonzini Date: Mon Jul 27 09:00:37 2020 -0400 KVM: nVMX: check for required but missing VMCS12 in KVM_SET_NESTED_STATE A missing VMCS12 was not causing -EINVAL (it was just read with copy_from_user, so it is not a security issue, but it is still wrong). Test for VMCS12 validity and reject the nested state if a VMCS12 is required but not present. Signed-off-by: Paolo Bonzini commit 9319676595a2da8022327119e89c8b13f934835e Author: Paolo Bonzini Date: Mon Jul 27 08:45:00 2020 -0400 selftests: kvm: do not set guest mode flag Setting KVM_STATE_NESTED_GUEST_MODE enables various consistency checks on VMCS12 and therefore causes KVM_SET_NESTED_STATE to fail spuriously with -EINVAL. Do not set the flag so that we're sure to cover the conditions included by the test, and cover the case where VMCS12 is set and KVM_SET_NESTED_STATE is called with invalid VMCS12 contents. Signed-off-by: Paolo Bonzini commit 6fa38ef1534e7e9320aa15e329eb1404ab2f70ac Author: PeiSen Hou Date: Mon Jul 27 13:56:47 2020 +0200 ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) Intel requires to enable power saving mode for intel reference board (alc256) Signed-off-by: PeiSen Hou Cc: Link: https://lore.kernel.org/r/20200727115647.10967-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit 214ba3584b2e2c57536fa8aed52521ac59c5b448 Author: Stafford Horne Date: Sun Jul 26 12:11:54 2020 +0900 io: Fix return type of _inb and _inl The return type of functions _inb, _inw and _inl are all u16 which looks wrong. This patch makes them u8, u16 and u32 respectively. The original commit text for these does not indicate that these should be all forced to u16. Fixes: f009c89df79a ("io: Provide _inX() and _outX()") Signed-off-by: Stafford Horne Reviewed-by: John Garry Signed-off-by: Arnd Bergmann commit 909adfc66b9a1db21b5e8733e9ebfa6cd5135d74 Author: Nicholas Piggin Date: Mon Jul 27 16:09:47 2020 +1000 powerpc/64s/hash: Fix hash_preload running with interrupts enabled Commit 2f92447f9f96 ("powerpc/book3s64/hash: Use the pte_t address from the caller") removed the local_irq_disable from hash_preload, but it was required for more than just the page table walk: the hash pte busy bit is effectively a lock which may be taken in interrupt context, and the local update flag test must not be preempted before it's used. This solves apparent lockups with perf interrupting __hash_page_64K. If get_perf_callchain then also takes a hash fault on the same page while it is already locked, it will loop forever taking hash faults, which looks like this: cpu 0x49e: Vector: 100 (System Reset) at [c00000001a4f7d70] pc: c000000000072dc8: hash_page_mm+0x8/0x800 lr: c00000000000c5a4: do_hash_page+0x24/0x38 sp: c0002ac1cc69ac70 msr: 8000000000081033 current = 0xc0002ac1cc602e00 paca = 0xc00000001de1f280 irqmask: 0x03 irq_happened: 0x01 pid = 20118, comm = pread2_processe Linux version 5.8.0-rc6-00345-g1fad14f18bc6 49e:mon> t [c0002ac1cc69ac70] c00000000000c5a4 do_hash_page+0x24/0x38 (unreliable) --- Exception: 300 (Data Access) at c00000000008fa60 __copy_tofrom_user_power7+0x20c/0x7ac [link register ] c000000000335d10 copy_from_user_nofault+0xf0/0x150 [c0002ac1cc69af70] c00032bf9fa3c880 (unreliable) [c0002ac1cc69afa0] c000000000109df0 read_user_stack_64+0x70/0xf0 [c0002ac1cc69afd0] c000000000109fcc perf_callchain_user_64+0x15c/0x410 [c0002ac1cc69b060] c000000000109c00 perf_callchain_user+0x20/0x40 [c0002ac1cc69b080] c00000000031c6cc get_perf_callchain+0x25c/0x360 [c0002ac1cc69b120] c000000000316b50 perf_callchain+0x70/0xa0 [c0002ac1cc69b140] c000000000316ddc perf_prepare_sample+0x25c/0x790 [c0002ac1cc69b1a0] c000000000317350 perf_event_output_forward+0x40/0xb0 [c0002ac1cc69b220] c000000000306138 __perf_event_overflow+0x88/0x1a0 [c0002ac1cc69b270] c00000000010cf70 record_and_restart+0x230/0x750 [c0002ac1cc69b620] c00000000010d69c perf_event_interrupt+0x20c/0x510 [c0002ac1cc69b730] c000000000027d9c performance_monitor_exception+0x4c/0x60 [c0002ac1cc69b750] c00000000000b2f8 performance_monitor_common_virt+0x1b8/0x1c0 --- Exception: f00 (Performance Monitor) at c0000000000cb5b0 pSeries_lpar_hpte_insert+0x0/0x160 [link register ] c0000000000846f0 __hash_page_64K+0x210/0x540 [c0002ac1cc69ba50] 0000000000000000 (unreliable) [c0002ac1cc69bb00] c000000000073ae0 update_mmu_cache+0x390/0x3a0 [c0002ac1cc69bb70] c00000000037f024 wp_page_copy+0x364/0xce0 [c0002ac1cc69bc20] c00000000038272c do_wp_page+0xdc/0xa60 [c0002ac1cc69bc70] c0000000003857bc handle_mm_fault+0xb9c/0x1b60 [c0002ac1cc69bd50] c00000000006c434 __do_page_fault+0x314/0xc90 [c0002ac1cc69be20] c00000000000c5c8 handle_page_fault+0x10/0x2c --- Exception: 300 (Data Access) at 00007fff8c861fe8 SP (7ffff6b19660) is in userspace Fixes: 2f92447f9f96 ("powerpc/book3s64/hash: Use the pte_t address from the caller") Reported-by: Athira Rajeev Reported-by: Anton Blanchard Signed-off-by: Nicholas Piggin Reviewed-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200727060947.10060-1-npiggin@gmail.com commit 6020db504cece0d93cc31c6f73609ef1304607e2 Author: Wolfram Sang Date: Sun Jul 26 23:44:19 2020 +0200 modpost: explain why we can't use strsep Mention why we open-code strsep, so it is clear that it is intentional. Fixes: 736bb11898ef ("modpost: remove use of non-standard strsep() in HOSTCC code") Signed-off-by: Wolfram Sang Signed-off-by: Masahiro Yamada commit 0d7869805a82b91abdc1a56bddeaa374969af310 Merge: 92ed30191993 15fbc3b93853 Author: Dave Airlie Date: Mon Jul 27 11:05:01 2020 +1000 Merge branch 'linux-5.8' of git://github.com/skeggsb/linux into drm-fixes A couple of fixes for issues relating to format modifiers (there's still a patch pending from James Jones to hopefully address the remaining ones), regression fix from the recent HDA nightmare, and a race fix for Turing modesetting. Signed-off-by: Dave Airlie From: Ben Skeggs Link: https://patchwork.freedesktop.org/patch/msgid/ Date: Fri Jul 24 11:05:31 2020 +0200 signal: fix typo in dequeue_synchronous_signal() s/postive/positive/ Signed-off-by: Pavel Machek (CIP) Link: https://lore.kernel.org/r/20200724090531.GA14409@amd [christian.brauner@ubuntu.com: tweak commit message] Signed-off-by: Christian Brauner commit 92ed301919932f777713b9172e525674157e983d Author: Linus Torvalds Date: Sun Jul 26 14:14:06 2020 -0700 Linux 5.8-rc7 commit 1c8594b8427290c178c5d39885eacd9e41f68743 Merge: 40c60ac32174 ca9b31f6bb9c Author: Linus Torvalds Date: Sun Jul 26 13:46:57 2020 -0700 Merge tag 'kbuild-fixes-v5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild into master Pull Kbuild fixes from Masahiro Yamada: - do not use non-portable strsep() in a host program - fix single target builds for external modules - change Clang's --prefix option to make it work for the latest Clang * tag 'kbuild-fixes-v5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation kbuild: fix single target builds for external modules modpost: remove use of non-standard strsep() in HOSTCC code commit aa7bf898d4bf921f61fab078040e8baec3f28126 Author: Linus Walleij Date: Sun Jul 19 01:33:22 2020 +0200 drm/mcde: Fix stability issue Whenever a display update was sent, apart from updating the memory base address, we called mcde_display_send_one_frame() which also sent a command to the display requesting the TE IRQ and enabling the FIFO. When continuous updates are running this is wrong: we need to only send this to start the flow to the display on the very first update. This lead to the display pipeline locking up and crashing. Check if the flow is already running and in that case do not call mcde_display_send_one_frame(). This fixes crashes on the Samsung GT-S7710 (Skomer). Signed-off-by: Linus Walleij Acked-by: Sam Ravnborg Acked-by: Stephan Gerhold Cc: Stephan Gerhold Cc: stable@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20200718233323.3407670-1-linus.walleij@linaro.org commit 40c60ac32174f0c0c090cd31d0d1712f2478e689 Merge: 1ada9010e578 be6577af0cef Author: Linus Torvalds Date: Sun Jul 26 12:14:46 2020 -0700 Merge branch 'parisc-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux into master Pull parisc fixes from Helge Deller: "Two fixes: - Add the cmpxchg() function for pointers to u8 values. This fixes a kernel linking error when building the tusb1210 driver (from Liam Beguin). - Add a define for atomic64_set_release() to fix CPU soft lockups which happen because of missing unlocks while processing bit operations (from John David Anglin)" * 'parisc-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Add atomic64_set_release() define to avoid CPU soft lockups parisc: add support for cmpxchg on u8 pointers commit 07c08f5210e08dd6d4e0c3f8df2cf1c7de6d4ea4 Author: Guido Günther Date: Sat Jul 18 20:26:37 2020 +0200 drm/bridge: nwl-dsi: Drop DRM_BRIDGE_ATTACH_NO_CONNECTOR check. We don't create a connector but let panel_bridge handle that so there's no point in rejecting DRM_BRIDGE_ATTACH_NO_CONNECTOR. Signed-off-by: Guido Günther Reviewed-by: Laurent Pinchart Signed-off-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/8b6545b991afce6add0a24f5f5d116778b0cb763.1595096667.git.agx@sigxcpu.org commit d76acc9fcddeda53b985b029c890976a87fcc3fc Author: Jitao Shi Date: Tue Jul 14 20:33:32 2020 +0800 drm/panel: Fix auo, kd101n80-45na horizontal noise on edges of panel Fine tune the HBP and HFP to avoid the dot noise on the left and right edges. Signed-off-by: Jitao Shi Signed-off-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/20200714123332.37609-1-jitao.shi@mediatek.com commit 667d73d72f3188909914c60e97a1db33edc21971 Author: Douglas Anderson Date: Thu Jul 16 13:21:22 2020 -0700 drm: panel: simple: Delay HPD checking on boe_nv133fhm_n61 for 15 ms On boe_nv133fhm_n62 (and presumably on boe_nv133fhm_n61) a scope shows a small spike on the HPD line right when you power the panel on. The picture looks something like this: +-------------------------------------- | | | Power ---+ +--- | ++ | +----+| | HPD -----+ +---------------------------+ So right when power is applied there's a little bump in HPD and then there's small spike right before it goes low. The total time of the little bump plus the spike was measured on one panel as being 8 ms long. The total time for the HPD to go high on the same panel was 51.2 ms, though the datasheet only promises it is < 200 ms. When asked about this glitch, BOE indicated that it was expected and persisted until the TCON has been initialized. If this was a real hotpluggable DP panel then this wouldn't matter a whole lot. We'd debounce the HPD signal for a really long time and so the little blip wouldn't hurt. However, this is not a hotpluggable DP panel and the the debouncing logic isn't needed and just shows down the time needed to get the display working. This is why the code in panel_simple_prepare() doesn't do debouncing and just waits for HPD to go high once. Unfortunately if we get unlucky and happen to poll the HPD line right at the spike we can try talking to the panel before it's ready. Let's handle this situation by putting in a 15 ms prepare delay and decreasing the "hpd absent delay" by 15 ms. That means: * If you don't have HPD hooked up at all you've still got the hardcoded 200 ms delay. * If you've got HPD hooked up you will always wait at least 15 ms before checking HPD. The only case where this could be bad is if the panel is sharing a voltage rail with something else in the system and was already turned on long before the panel came up. In such a case we'll be delaying 15 ms for no reason, but it's not a huge delay and I don't see any other good solution to handle that case. Even though the delay was measured as 8 ms, 15 ms was chosen to give a bit of margin. Signed-off-by: Douglas Anderson Reviewed-by: Bjorn Andersson Signed-off-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/20200716132120.1.I01e738cd469b61fc9b28b3ef1c6541a4f48b11bf@changeid commit f10761c9df96a882438faa09dcd25261281d69ca Author: Laurentiu Palcu Date: Mon Jul 20 15:42:27 2020 +0300 drm/bridge/adv7511: set the bridge type properly After the drm_bridge_connector_init() helper function has been added, the ADV driver has been changed accordingly. However, the 'type' field of the bridge structure was left unset, which makes the helper function always return -EINVAL. Signed-off-by: Laurentiu Palcu Reviewed-by: Laurent Pinchart Reviewed-by: Vinod Koul Tested-by: Vinod Koul # tested on DragonBoard 410c Signed-off-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/20200720124228.12552-1-laurentiu.palcu@oss.nxp.com commit 1ada9010e578150984039a770c98f41799b30bc4 Merge: 7f2e231c3165 92d232d17604 Author: Linus Torvalds Date: Sun Jul 26 09:33:25 2020 -0700 Merge tag 'char-misc-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc into master Pull char/misc driver fixes from Greg KH: "Here are a few small driver fixes for 5.8-rc7 They include: - habanalabs fixes - tiny fpga driver fixes - /dev/mem fixup from previous changes - interconnect driver fixes - binder fix All of these have been in linux-next for a while with no reported issues" * tag 'char-misc-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: interconnect: msm8916: Fix buswidth of pcnoc_s nodes interconnect: Do not skip aggregation for disabled paths /dev/mem: Add missing memory barriers for devmem_inode binder: Don't use mmput() from shrinker function. habanalabs: prevent possible out-of-bounds array access fpga: dfl: fix bug in port reset handshake fpga: dfl: pci: reduce the scope of variable 'ret' habanalabs: set 4s timeout for message to device CPU habanalabs: set clock gating per engine habanalabs: block WREG_BULK packet on PDMA commit 7f2e231c316591246284b10b008cadfc953f16d3 Merge: f208a76fcb57 29c4a54bc645 Author: Linus Torvalds Date: Sun Jul 26 09:29:22 2020 -0700 Merge tag 'driver-core-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core into master Pull driver core fix from Greg KH: "A single driver core fix for 5.8-rc7. It resolves a problem found in the previous fix for this code made in 5.8-rc6. Hopefully this is all now cleared up, as this seems to be the last of the reported issues in this area, and was tested on the problem hardware. This patch has been in linux-next with no reported problems" * tag 'driver-core-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: device property: Avoid NULL pointer dereference in device_get_next_child_node() commit f208a76fcb5700a0c5104e5888679acc31d1ce41 Merge: 7d22af6c5bdb faaff9765664 Author: Linus Torvalds Date: Sun Jul 26 09:14:59 2020 -0700 Merge tag 'staging-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging into master Pull staging driver fixes from Greg KH: "Five small staging driver fixes for 5.8-rc7 to resolve some reported problems: - four comedi driver fixes for problems found with them - a syzbot-found fix for the wlang-ng driver that resolves a much reported problem. All of these have been in linux-next with no reported issues" * tag 'staging-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: wlan-ng: properly check endpoint types staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support commit 7d22af6c5bdb001c5ed0a20185138304ad2af91b Merge: 17f50e28a858 5fdbe136ae19 Author: Linus Torvalds Date: Sun Jul 26 09:09:43 2020 -0700 Merge tag 'tty-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty into master Pull tty/serial/fbcon fixes from Greg KH: "Here are some small tty and serial and fbcon fixes for 5.8-rc7 to resolve some reported issues. The fbcon fix is in here as it was simpler to take it this way (and it was acked by the maintainer) as it was related to the vt console fix as well, both of which resolve syzbot-found issues in the console handling code. The other serial driver fixes are for small issues reported in the -rc releases. All of these have been in linux-next with no reported issues" * tag 'tty-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. serial: 8250_mtk: Fix high-speed baud rates clamping serial: 8250: fix null-ptr-deref in serial8250_start_tx() serial: tegra: drop bogus NULL tty-port checks serial: tegra: fix CREAD handling for PIO tty: xilinx_uartps: Really fix id assignment vt: Reject zero-sized screen buffer size. commit 4ee48cc5586bf519df19894273002aa8ef7b70ad Author: Biju Das Date: Thu Jul 23 12:10:54 2020 +0100 drm: of: Fix double-free bug Fix double-free bug in the error path. Fixes: 6529007522de ("drm: of: Add drm_of_lvds_get_dual_link_pixel_order") Reported-by: Pavel Machek Signed-off-by: Biju Das Reviewed-by: Laurent Pinchart Cc: stable@vger.kernel.org Signed-off-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/1595502654-40595-1-git-send-email-biju.das.jz@bp.renesas.com commit 17f50e28a858e4bab808733339995133390aae54 Merge: cf48f79b74de 0b987032f8b5 Author: Linus Torvalds Date: Sun Jul 26 09:02:29 2020 -0700 Merge tag 'usb-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb into master Pull USB fixes from Greg KH: "Three small USB XHCI driver fixes for 5.8-rc7. They all resolve some minor issues that have been reported on some different platforms. All of these have been in linux-next with no reported issues" * tag 'usb-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb: tegra: Fix allocation for the FPCI context usb: xhci: Fix ASM2142/ASM3142 DMA addressing usb: xhci-mtk: fix the failure of bandwidth allocation commit cf48f79b74de2bf900d27c924528bb41d73689c3 Merge: 04300d66f0a0 3f0dcfbcd2e1 Author: Linus Torvalds Date: Sun Jul 26 08:59:15 2020 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi into master Pull SCSI fix from James Bottomley: "Small core patch to fix a corner case bug: we forgot to run the queues to handle starvation in the error exit from the scsi_queue_rq routine, which can lead to hangs on error conditions" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: core: Run queue in case of I/O resource contention failure commit 5611ec2b9814bc91f7b0a8d804c1fc152e2025d9 Author: Kai-Heng Feng Date: Fri Jul 24 01:29:10 2020 +0800 nvme-pci: prevent SK hynix PC400 from using Write Zeroes command After commit 6e02318eaea5 ("nvme: add support for the Write Zeroes command"), SK hynix PC400 becomes very slow with the following error message: [ 224.567695] blk_update_request: operation not supported error, dev nvme1n1, sector 499384320 op 0x9:(WRITE_ZEROES) flags 0x1000000 phys_seg 0 prio class 0] SK Hynix PC400 has a buggy firmware that treats NLB as max value instead of a range, so the NLB passed isn't a valid value to the firmware. According to SK hynix there are three commands are affected: - Write Zeroes - Compare - Write Uncorrectable Right now only Write Zeroes is implemented, so disable it completely on SK hynix PC400. BugLink: https://bugs.launchpad.net/bugs/1872383 Cc: kyounghwan sohn Signed-off-by: Kai-Heng Feng Signed-off-by: Christoph Hellwig commit adc99fd378398f4c58798a1c57889872967d56a6 Author: Sagi Grimberg Date: Thu Jul 23 16:42:26 2020 -0700 nvme-tcp: fix possible hang waiting for icresp response If the controller died exactly when we are receiving icresp we hang because icresp may never return. Make sure to set a high finite limit. Fixes: 3f2304f8c6d6 ("nvme-tcp: add NVMe over TCP host driver") Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit 04300d66f0a06d572d9f2ad6768c38cabde22179 Merge: fbe0d451bcea fa5a19835905 Author: Linus Torvalds Date: Sat Jul 25 14:42:11 2020 -0700 Merge tag 'riscv-for-linus-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux into master Pull RISC-V fixes from Palmer Dabbelt: "A few more fixes this week: - A fix to avoid using SBI calls during kasan initialization, as the SBI calls themselves have not been probed yet. - Three fixes related to systems with multiple memory regions" * tag 'riscv-for-linus-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: riscv: Parse all memory blocks to remove unusable memory RISC-V: Do not rely on initrd_start/end computed during early dt parsing RISC-V: Set maximum number of mapped pages correctly riscv: kasan: use local_tlb_flush_all() to avoid uninitialized __sbi_rfence commit fbe0d451bcea569fc0ed3455511a90646c8a9c81 Merge: 78b1afe22d51 d181d2da0141 Author: Linus Torvalds Date: Sat Jul 25 14:25:47 2020 -0700 Merge tag 'x86-urgent-2020-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master Pull x86 fixes from Ingo Molnar: "Misc fixes: - Fix a section end page alignment assumption that was causing crashes - Fix ORC unwinding on freshly forked tasks which haven't executed yet and which have empty user task stacks - Fix the debug.exception-trace=1 sysctl dumping of user stacks, which was broken by recent maccess changes" * tag 'x86-urgent-2020-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/dumpstack: Dump user space code correctly again x86/stacktrace: Fix reliable check for empty user task stacks x86/unwind/orc: Fix ORC for newly forked tasks x86, vmlinux.lds: Page-align end of ..page_aligned sections commit 78b1afe22d51996c1916a332d43b853ff2b10ade Merge: a7b36c2b134f fe5ed7ab99c6 Author: Linus Torvalds Date: Sat Jul 25 13:55:38 2020 -0700 Merge tag 'perf-urgent-2020-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master Pull uprobe fix from Ingo Molnar: "Fix an interaction/regression between uprobes based shared library tracing & GDB" * tag 'perf-urgent-2020-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression commit a7b36c2b134f7ca75789d174b97d07acccbf6b93 Merge: 3077805eebb6 b4a25fb0e629 Author: Linus Torvalds Date: Sat Jul 25 13:27:12 2020 -0700 Merge tag 'timers-urgent-2020-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master Pull timer fix from Ingo Molnar: "Fix a suspend/resume regression (crash) on TI AM3/AM4 SoC's" * tag 'timers-urgent-2020-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: clocksource/drivers/timer-ti-dm: Fix suspend and resume for am3 and am4 commit 3077805eebb63d75ad716e36777a54a3321d34a5 Merge: 17baa4428642 062d3f95b630 Author: Linus Torvalds Date: Sat Jul 25 13:24:40 2020 -0700 Merge tag 'sched-urgent-2020-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master Pull scheduler fixes from Ingo Molnar: "Fix a race introduced by the recent loadavg race fix, plus add a debug check for a hard to debug case of bogus wakeup function flags" * tag 'sched-urgent-2020-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched: Warn if garbage is passed to default_wake_function() sched: Fix race against ptrace_freeze_trace() commit 17baa442864254cb2aadf3a4d668c0f81d2f07c5 Merge: 7cb3a5c5f647 74f85551666f Author: Linus Torvalds Date: Sat Jul 25 13:18:42 2020 -0700 Merge tag 'efi-urgent-2020-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master Pull EFI fixes from Ingo Molnar: "Various EFI fixes: - Fix the layering violation in the use of the EFI runtime services availability mask in users of the 'efivars' abstraction - Revert build fix for GCC v4.8 which is no longer supported - Clean up some x86 EFI stub details, some of which are borderline bugs that copy around garbage into padding fields - let's fix these out of caution. - Fix build issues while working on RISC-V support - Avoid --whole-archive when linking the stub on arm64" * tag 'efi-urgent-2020-07-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi: Revert "efi/x86: Fix build with gcc 4" efi/efivars: Expose RT service availability via efivars abstraction efi/libstub: Move the function prototypes to header file efi/libstub: Fix gcc error around __umoddi3 for 32 bit builds efi/libstub/arm64: link stub lib.a conditionally efi/x86: Only copy upto the end of setup_header efi/x86: Remove unused variables commit 7cb3a5c5f6478ac0c14d01e35bc49e0ba7525e21 Merge: 1b64b2e2444c 0e6705182d4e Author: Linus Torvalds Date: Sat Jul 25 12:53:46 2020 -0700 Merge tag '5.8-rc6-cifs-fix' of git://git.samba.org/sfrench/cifs-2.6 into master Pull cifs fix from Steve French: "A fix for a recently discovered regression in rename to older servers caused by a recent patch" * tag '5.8-rc6-cifs-fix' of git://git.samba.org/sfrench/cifs-2.6: Revert "cifs: Fix the target file was deleted when rename failed." commit 1b64b2e2444c11b8dd2b657f8538c05cb699ed25 Merge: 23ee3e4e5bd2 8754e1379e70 Author: Linus Torvalds Date: Sat Jul 25 11:50:59 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net into master Pull networking fixes from David Miller: 1) Fix RCU locaking in iwlwifi, from Johannes Berg. 2) mt76 can access uninitialized NAPI struct, from Felix Fietkau. 3) Fix race in updating pause settings in bnxt_en, from Vasundhara Volam. 4) Propagate error return properly during unbind failures in ax88172a, from George Kennedy. 5) Fix memleak in adf7242_probe, from Liu Jian. 6) smc_drv_probe() can leak, from Wang Hai. 7) Don't muck with the carrier state if register_netdevice() fails in the bonding driver, from Taehee Yoo. 8) Fix memleak in dpaa_eth_probe, from Liu Jian. 9) Need to check skb_put_padto() return value in hsr_fill_tag(), from Murali Karicheri. 10) Don't lose ionic RSS hash settings across FW update, from Shannon Nelson. 11) Fix clobbered SKB control block in act_ct, from Wen Xu. 12) Missing newlink in "tx_timeout" sysfs output, from Xiongfeng Wang. 13) IS_UDPLITE cleanup a long time ago, incorrectly handled transformations involving UDPLITE_RECV_CC. From Miaohe Lin. 14) Unbalanced locking in netdevsim, from Taehee Yoo. 15) Suppress false-positive error messages in qed driver, from Alexander Lobakin. 16) Out of bounds read in ax25_connect and ax25_sendmsg, from Peilin Ye. 17) Missing SKB release in cxgb4's uld_send(), from Navid Emamdoost. 18) Uninitialized value in geneve_changelink(), from Cong Wang. 19) Fix deadlock in xen-netfront, from Andera Righi. 19) flush_backlog() frees skbs with IRQs disabled, so should use dev_kfree_skb_irq() instead of kfree_skb(). From Subash Abhinov Kasiviswanathan. * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (111 commits) drivers/net/wan: lapb: Corrected the usage of skb_cow dev: Defer free of skbs in flush_backlog qrtr: orphan socket in qrtr_release() xen-netfront: fix potential deadlock in xennet_remove() flow_offload: Move rhashtable inclusion to the source file geneve: fix an uninitialized value in geneve_changelink() bonding: check return value of register_netdevice() in bond_newlink() tcp: allow at most one TLP probe per flight AX.25: Prevent integer overflows in connect and sendmsg cxgb4: add missing release on skb in uld_send() net: atlantic: fix PTP on AQC10X AX.25: Prevent out-of-bounds read in ax25_sendmsg() sctp: shrink stream outq when fails to do addstream reconf sctp: shrink stream outq only when new outcnt < old outcnt AX.25: Fix out-of-bounds read in ax25_connect() enetc: Remove the mdio bus on PF probe bailout net: ethernet: ti: add NETIF_F_HW_TC hw feature flag for taprio offload net: ethernet: ave: Fix error returns in ave_init drivers/net/wan/x25_asy: Fix to make it work ipvs: fix the connection sync failed in some cases ... commit fe1d899f4212a08dad98accb47cd335b58cc9085 Author: Grygorii Strashko Date: Sat Jul 25 00:42:21 2020 +0300 ARM: dts: keystone-k2g-evm: fix rgmii phy-mode for ksz9031 phy Since commit bcf3440c6dd7 ("net: phy: micrel: add phy-mode support for the KSZ9031 PHY") the networking is broken on keystone-k2g-evm board. The above board have phy-mode = "rgmii-id" and it is worked before because KSZ9031 PHY started with default RGMII internal delays configuration (TX off, RX on 1.2 ns) and MAC provided TX delay by default. After above commit, the KSZ9031 PHY starts handling phy mode properly and enables both RX and TX delays, as result networking is become broken. Fix it by switching to phy-mode = "rgmii-rxid" to reflect previous behavior. Fixes: bcf3440c6dd7 ("net: phy: micrel: add phy-mode support for the KSZ9031 PHY") Signed-off-by: Grygorii Strashko Cc: Oleksij Rempel Cc: Andrew Lunn Cc: Philippe Schenker Signed-off-by: Arnd Bergmann commit fa5a198359053c8e21dcc2b39c0e13871059bc9f Author: Atish Patra Date: Wed Jul 15 16:30:09 2020 -0700 riscv: Parse all memory blocks to remove unusable memory Currently, maximum physical memory allowed is equal to -PAGE_OFFSET. That's why we remove any memory blocks spanning beyond that size. However, it is done only for memblock containing linux kernel which will not work if there are multiple memblocks. Process all memory blocks to figure out how much memory needs to be removed and remove at the end instead of updating the memblock list in place. Signed-off-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 4400231c8acc7e513204c8470c6d796ba47dc169 Author: Atish Patra Date: Wed Jul 15 16:30:08 2020 -0700 RISC-V: Do not rely on initrd_start/end computed during early dt parsing Currently, initrd_start/end are computed during early_init_dt_scan but used during arch_setup. We will get the following panic if initrd is used and CONFIG_DEBUG_VIRTUAL is turned on. [ 0.000000] ------------[ cut here ]------------ [ 0.000000] kernel BUG at arch/riscv/mm/physaddr.c:33! [ 0.000000] Kernel BUG [#1] [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.8.0-rc4-00015-ged0b226fed02 #886 [ 0.000000] epc: ffffffe0002058d2 ra : ffffffe0000053f0 sp : ffffffe001001f40 [ 0.000000] gp : ffffffe00106e250 tp : ffffffe001009d40 t0 : ffffffe00107ee28 [ 0.000000] t1 : 0000000000000000 t2 : ffffffe000a2e880 s0 : ffffffe001001f50 [ 0.000000] s1 : ffffffe0001383e8 a0 : ffffffe00c087e00 a1 : 0000000080200000 [ 0.000000] a2 : 00000000010bf000 a3 : ffffffe00106f3c8 a4 : ffffffe0010bf000 [ 0.000000] a5 : ffffffe000000000 a6 : 0000000000000006 a7 : 0000000000000001 [ 0.000000] s2 : ffffffe00106f068 s3 : ffffffe00106f070 s4 : 0000000080200000 [ 0.000000] s5 : 0000000082200000 s6 : 0000000000000000 s7 : 0000000000000000 [ 0.000000] s8 : 0000000080011010 s9 : 0000000080012700 s10: 0000000000000000 [ 0.000000] s11: 0000000000000000 t3 : 000000000001fe30 t4 : 000000000001fe30 [ 0.000000] t5 : 0000000000000000 t6 : ffffffe00107c471 [ 0.000000] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 0.000000] random: get_random_bytes called from print_oops_end_marker+0x22/0x46 with crng_init=0 To avoid the error, initrd_start/end can be computed from phys_initrd_start/size in setup itself. It also improves the initrd placement by aligning the start and size with the page size. Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code") Signed-off-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 8754e1379e7089516a449821f88e1fe1ebbae5e1 Author: Xie He Date: Fri Jul 24 09:33:47 2020 -0700 drivers/net/wan: lapb: Corrected the usage of skb_cow This patch fixed 2 issues with the usage of skb_cow in LAPB drivers "lapbether" and "hdlc_x25": 1) After skb_cow fails, kfree_skb should be called to drop a reference to the skb. But in both drivers, kfree_skb is not called. 2) skb_cow should be called before skb_push so that is can ensure the safety of skb_push. But in "lapbether", it is incorrectly called after skb_push. More details about these 2 issues: 1) The behavior of calling kfree_skb on failure is also the behavior of netif_rx, which is called by this function with "return netif_rx(skb);". So this function should follow this behavior, too. 2) In "lapbether", skb_cow is called after skb_push. This results in 2 logical issues: a) skb_push is not protected by skb_cow; b) An extra headroom of 1 byte is ensured after skb_push. This extra headroom has no use in this function. It also has no use in the upper-layer function that this function passes the skb to (x25_lapb_receive_frame in net/x25/x25_dev.c). So logically skb_cow should instead be called before skb_push. Cc: Eric Dumazet Cc: Martin Schiller Signed-off-by: Xie He Signed-off-by: David S. Miller commit 7df5cb75cfb8acf96c7f2342530eb41e0c11f4c3 Author: Subash Abhinov Kasiviswanathan Date: Thu Jul 23 11:31:48 2020 -0600 dev: Defer free of skbs in flush_backlog IRQs are disabled when freeing skbs in input queue. Use the IRQ safe variant to free skbs here. Fixes: 145dd5f9c88f ("net: flush the softnet backlog in process context") Signed-off-by: Subash Abhinov Kasiviswanathan Signed-off-by: David S. Miller commit d0d8aae64566b753c4330fbd5944b88af035f299 Author: Atish Patra Date: Wed Jul 15 16:30:07 2020 -0700 RISC-V: Set maximum number of mapped pages correctly Currently, maximum number of mapper pages are set to the pfn calculated from the memblock size of the memblock containing kernel. This will work until that memblock spans the entire memory. However, it will be set to a wrong value if there are multiple memblocks defined in kernel (e.g. with efi runtime services). Set the the maximum value to the pfn calculated from dram size. Signed-off-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 23ee3e4e5bd27bdbc0f1785eef7209ce872794c7 Merge: 5876aa073f52 d08c30d7a0d1 Author: Linus Torvalds Date: Fri Jul 24 18:30:24 2020 -0700 Merge tag 'pci-v5.8-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci into master Pull PCI fixes from Bjorn Helgaas: - Reject invalid IRQ 0 command line argument for virtio_mmio because IRQ 0 now generates warnings (Bjorn Helgaas) - Revert "PCI/PM: Assume ports without DLL Link Active train links in 100 ms", which broke nouveau (Bjorn Helgaas) * tag 'pci-v5.8-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: Revert "PCI/PM: Assume ports without DLL Link Active train links in 100 ms" virtio-mmio: Reject invalid IRQ 0 command line argument commit af9f691f0f5bdd1ade65a7b84927639882d7c3e5 Author: Cong Wang Date: Fri Jul 24 09:45:51 2020 -0700 qrtr: orphan socket in qrtr_release() We have to detach sock from socket in qrtr_release(), otherwise skb->sk may still reference to this socket when the skb is released in tun->queue, particularly sk->sk_wq still points to &sock->wq, which leads to a UAF. Reported-and-tested-by: syzbot+6720d64f31c081c2f708@syzkaller.appspotmail.com Fixes: 28fb4e59a47d ("net: qrtr: Expose tunneling endpoint to user space") Cc: Bjorn Andersson Cc: Eric Dumazet Signed-off-by: Cong Wang Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit 657237f56b26be2784cbf82867d65ebddff16539 Merge: c2c633106453 1cfd3426ef98 Author: David S. Miller Date: Fri Jul 24 17:26:09 2020 -0700 Merge tag 'wireless-drivers-2020-07-24' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for v5.8 Second set of fixes for v5.8, and hopefully also the last. Three important regressions fixed. ath9k * fix a regression which broke support for all ath9k usb devices ath10k * fix a regression which broke support for all QCA4019 AHB devices iwlwifi * fix a regression which broke support for some Killer Wireless-AC 1550 cards ==================== Signed-off-by: David S. Miller commit c2c633106453611be07821f53dff9e93a9d1c3f0 Author: Andrea Righi Date: Fri Jul 24 10:59:10 2020 +0200 xen-netfront: fix potential deadlock in xennet_remove() There's a potential race in xennet_remove(); this is what the driver is doing upon unregistering a network device: 1. state = read bus state 2. if state is not "Closed": 3. request to set state to "Closing" 4. wait for state to be set to "Closing" 5. request to set state to "Closed" 6. wait for state to be set to "Closed" If the state changes to "Closed" immediately after step 1 we are stuck forever in step 4, because the state will never go back from "Closed" to "Closing". Make sure to check also for state == "Closed" in step 4 to prevent the deadlock. Also add a 5 sec timeout any time we wait for the bus state to change, to avoid getting stuck forever in wait_event(). Signed-off-by: Andrea Righi Signed-off-by: David S. Miller commit 5876aa073f52541f4787b6111c8494ea9cfcde15 Merge: 68845a55c31b 9affa4358177 Author: Linus Torvalds Date: Fri Jul 24 16:27:54 2020 -0700 Merge tag 'nfsd-5.8-2' of git://linux-nfs.org/~bfields/linux into master Pull nfsd fix from Bruce Fields: "Just one fix for a NULL dereference if someone happens to read /proc/fs/nfsd/client/../state at the wrong moment" * tag 'nfsd-5.8-2' of git://linux-nfs.org/~bfields/linux: nfsd4: fix NULL dereference in nfsd/clients display code commit c2b69f24ebd166a13cdc9909b50f33228895998b Author: Herbert Xu Date: Fri Jul 24 10:50:22 2020 +1000 flow_offload: Move rhashtable inclusion to the source file I noticed that touching linux/rhashtable.h causes lib/vsprintf.c to be rebuilt. This dependency came through a bogus inclusion in the file net/flow_offload.h. This patch moves it to the right place. This patch also removes a lingering rhashtable inclusion in cls_api created by the same commit. Fixes: 4e481908c51b ("flow_offload: move tc indirect block to...") Signed-off-by: Herbert Xu Signed-off-by: David S. Miller commit 68845a55c31bd4e00107c6b6585ab0c707782c5c Merge: c953d60b1180 7359608a271c Author: Linus Torvalds Date: Fri Jul 24 14:24:35 2020 -0700 Merge branch 'akpm' into master (patches from Andrew) Merge misc fixes from Andrew Morton: "Subsystems affected by this patch series: mm/pagemap, mm/shmem, mm/hotfixes, mm/memcg, mm/hugetlb, mailmap, squashfs, scripts, io-mapping, MAINTAINERS, and gdb" * emailed patches from Andrew Morton : scripts/gdb: fix lx-symbols 'gdb.error' while loading modules MAINTAINERS: add KCOV section io-mapping: indicate mapping failure scripts/decode_stacktrace: strip basepath from all paths squashfs: fix length field overlap check in metadata reading mailmap: add entry for Mike Rapoport khugepaged: fix null-pointer dereference due to race mm/hugetlb: avoid hardcoding while checking if cma is enabled mm: memcg/slab: fix memory leak at non-root kmem_cache destroy mm/memcg: fix refcount error while moving and swapping mm/memcontrol: fix OOPS inside mem_cgroup_get_nr_swap_pages() mm: initialize return of vm_insert_pages vfs/xattr: mm/shmem: kernfs: release simple xattr entry in a right way mm/mmap.c: close race between munmap() and expand_upwards()/downwards() commit c953d60b1180c4a59a55b72fecd278d264d60f5b Merge: c6d686047456 5fff09bc1415 Author: Linus Torvalds Date: Fri Jul 24 14:19:00 2020 -0700 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs into master Pull xtensa csum regression fix from Al Viro: "Max Filippov caught a breakage introduced in xtensa this cycle by the csum_and_copy_..._user() series. Cut'n'paste from the wrong source - the check that belongs in csum_and_copy_to_user() ended up both there and in csum_and_copy_from_user()" * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: xtensa: fix access check in csum_and_copy_from_user commit c6d686047456bd3e36dce7de95375890fb8b7dd9 Merge: 0669704270e1 7b7891c7bdfd Author: Linus Torvalds Date: Fri Jul 24 14:16:12 2020 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux into master Pull arm64 fix from Will Deacon: "Fix compat vDSO build flags for recent versions of clang to tell it where to find the assembler" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: vdso32: Fix '--prefix=' value for newer versions of clang commit 0669704270e142483d80cfda5c526426c1a89711 Merge: 6a343656d302 48cfa61b58a1 Author: Linus Torvalds Date: Fri Jul 24 14:11:43 2020 -0700 Merge tag 'for-5.8-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into master Pull btrfs fixes from David Sterba: "A few resouce leak fixes from recent patches, all are stable material. The problems have been observed during testing or have a reproducer" * tag 'for-5.8-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: fix mount failure caused by race with umount btrfs: fix page leaks after failure to lock page for delalloc btrfs: qgroup: fix data leak caused by race between writeback and truncate btrfs: fix double free on ulist after backref resolution failure commit 6a343656d30229a424458f8111e55df336375382 Merge: 1f68f31b5150 89ee72376be2 Author: Linus Torvalds Date: Fri Jul 24 14:09:19 2020 -0700 Merge tag 'zonefs-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs into master Pull zonefs fixes from Damien Le Moal: "Two fixes, the first one to remove compilation warnings and the second to avoid potentially inefficient allocation of BIOs for direct writes into sequential zones" * tag 'zonefs-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs: zonefs: count pages after truncating the iterator zonefs: Fix compilation warning commit 1f68f31b51507e1ad647aa3a43c295eb024490ad Merge: 5a0b8af0719f 3e863ea3bb1a Author: Linus Torvalds Date: Fri Jul 24 14:02:41 2020 -0700 Merge tag 'io_uring-5.8-2020-07-24' of git://git.kernel.dk/linux-block into master Pull io_uring fixes from Jens Axboe: - Fix discrepancy in how sqe->flags are treated for a few requests, this makes it consistent (Daniele) - Ensure that poll driven retry works with double waitqueue poll users - Fix a missing io_req_init_async() (Pavel) * tag 'io_uring-5.8-2020-07-24' of git://git.kernel.dk/linux-block: io_uring: missed req_init_async() for IOSQE_ASYNC io_uring: always allow drain/link/hardlink/async sqe flags io_uring: ensure double poll additions work with both request types commit 5a0b8af0719fd0710d9d1a9ad83b7fbdf4bfca66 Merge: fcef1046eb1b 1014a2f8d76b Author: Linus Torvalds Date: Fri Jul 24 13:58:05 2020 -0700 Merge tag 'iommu-fix-v5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu into master Pull iommu fix from Joerg Roedel: "Fix a NULL-ptr dereference in the QCOM IOMMU driver" * tag 'iommu-fix-v5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/qcom: Use domain rather than dev as tlb cookie commit fcef1046eb1b78c98105e9b68e48df6022c23a06 Merge: a38a19efcd9b a862192e9227 Author: Linus Torvalds Date: Fri Jul 24 13:48:57 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma into master Pull rdma fixes from Jason Gunthorpe: "One merge window regression, some corruption bugs in HNS and a few more syzkaller fixes: - Two long standing syzkaller races - Fix incorrect HW configuration in HNS - Restore accidentally dropped locking in IB CM - Fix ODP prefetch bug added in the big rework several versions ago" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: RDMA/mlx5: Prevent prefetch from racing with implicit destruction RDMA/cm: Protect access to remote_sidr_table RDMA/core: Fix race in rdma_alloc_commit_uobject() RDMA/hns: Fix wrong PBL offset when VA is not aligned to PAGE_SIZE RDMA/hns: Fix wrong assignment of lp_pktn_ini in QPC RDMA/mlx5: Use xa_lock_irq when access to SRQ table commit a38a19efcd9b7b536e2820df91e9f0be806f9a42 Merge: c615035b29c3 5df96f2b9f58 Author: Linus Torvalds Date: Fri Jul 24 13:44:14 2020 -0700 Merge tag 'for-5.8/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm into master Pull device mapper fix from Mike Snitzer: "A stable fix for DM integrity target's integrity recalculation that gets skipped when resuming a device. This is a fix for a previous stable@ fix" * tag 'for-5.8/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm integrity: fix integrity recalculation that is improperly skipped commit c615035b29c3628a35ece192046e0e6658d96ab3 Merge: b85bcb784fd8 02b9aec59243 Author: Linus Torvalds Date: Fri Jul 24 13:41:13 2020 -0700 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux into master Pull i2c fixes from Wolfram Sang: "Again some driver bugfixes and some documentation fixes" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: i2c-qcom-geni: Fix DMA transfer race i2c: rcar: always clear ICSAR to avoid side effects MAINTAINERS: i2c: at91: handover maintenance to Codrin Ciubotariu i2c: drop duplicated word in the header file i2c: cadence: Clear HOLD bit at correct time in Rx path Revert "i2c: cadence: Fix the hold bit setting" commit b85bcb784fd84ef854f6a6d03a0c48c207d0b0ec Merge: 88fff0b7dcc1 ebd4050c6144 Author: Linus Torvalds Date: Fri Jul 24 13:37:38 2020 -0700 Merge tag 'mmc-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc into master Pull MMC fix from Ulf Hansson: "Fix clock divider calculation in the ASPEED SDHCI controller" * tag 'mmc-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci-of-aspeed: Fix clock divider calculation commit 88fff0b7dcc132c924d710d75d1401264b6d0ef6 Merge: f37e99aca03f d8904ca9d338 Author: Linus Torvalds Date: Fri Jul 24 13:35:55 2020 -0700 Merge tag 'drm-fixes-2020-07-24' of git://anongit.freedesktop.org/drm/drm into master Pull drm fixes from Dave Airlie: "Quiet fixes, I may have a single regression fix follow up to this for nouveau, but it might be next week, Ben was testing it a bit more . Otherwise two amdgpu fixes, one lima and one sun4i: amdgpu: - Fix crash when overclocking VegaM - Fix possible crash when editing dpm levels sun4i: - Fix inverted HPD result; fixes an earlier fix lima: - fix timeout during reset" * tag 'drm-fixes-2020-07-24' of git://anongit.freedesktop.org/drm/drm: drm/amdgpu: Fix NULL dereference in dpm sysfs handlers drm/amd/powerplay: fix a crash when overclocking Vega M drm/lima: fix wait pp reset timeout drm: sun4i: hdmi: Fix inverted HPD result commit 7359608a271ce81803de148befefd309baf88c76 Author: Stefano Garzarella Date: Thu Jul 23 21:15:52 2020 -0700 scripts/gdb: fix lx-symbols 'gdb.error' while loading modules Commit ed66f991bb19 ("module: Refactor section attr into bin attribute") removed the 'name' field from 'struct module_sect_attr' triggering the following error when invoking lx-symbols: (gdb) lx-symbols loading vmlinux scanning for modules in linux/build loading @0xffffffffc014f000: linux/build/drivers/net/tun.ko Python Exception There is no member named name.: Error occurred in Python: There is no member named name. This patch fixes the issue taking the module name from the 'struct attribute'. Fixes: ed66f991bb19 ("module: Refactor section attr into bin attribute") Signed-off-by: Stefano Garzarella Signed-off-by: Andrew Morton Reviewed-by: Jan Kiszka Reviewed-by: Kieran Bingham Link: http://lkml.kernel.org/r/20200722102239.313231-1-sgarzare@redhat.com Signed-off-by: Linus Torvalds commit bb9715379abfeddea86343b748b62410e20ef037 Author: Andrey Konovalov Date: Thu Jul 23 21:15:49 2020 -0700 MAINTAINERS: add KCOV section To link KCOV to the kasan-dev@ mailing list. Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Acked-by: Dmitry Vyukov Cc: Alexander Potapenko Cc: Marco Elver Link: http://lkml.kernel.org/r/5fa344db7ac4af2213049e5656c0f43d6ecaa379.1595331682.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit e0b3e0b1a04367fc15c07f44e78361545b55357c Author: Michael J. Ruhl Date: Thu Jul 23 21:15:46 2020 -0700 io-mapping: indicate mapping failure The !ATOMIC_IOMAP version of io_maping_init_wc will always return success, even when the ioremap fails. Since the ATOMIC_IOMAP version returns NULL when the init fails, and callers check for a NULL return on error this is unexpected. During a device probe, where the ioremap failed, a crash can look like this: BUG: unable to handle page fault for address: 0000000000210000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page Oops: 0002 [#1] PREEMPT SMP CPU: 0 PID: 177 Comm: RIP: 0010:fill_page_dma [i915] gen8_ppgtt_create [i915] i915_ppgtt_create [i915] intel_gt_init [i915] i915_gem_init [i915] i915_driver_probe [i915] pci_device_probe really_probe driver_probe_device The remap failure occurred much earlier in the probe. If it had been propagated, the driver would have exited with an error. Return NULL on ioremap failure. [akpm@linux-foundation.org: detect ioremap_wc() errors earlier] Fixes: cafaf14a5d8f ("io-mapping: Always create a struct to hold metadata about the io-mapping") Signed-off-by: Michael J. Ruhl Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Mike Rapoport Cc: Andy Shevchenko Cc: Chris Wilson Cc: Daniel Vetter Cc: Link: http://lkml.kernel.org/r/20200721171936.81563-1-michael.j.ruhl@intel.com Signed-off-by: Linus Torvalds commit d178770d8d21489abf5bafefcbb6d5243b482e9a Author: Pi-Hsun Shih Date: Thu Jul 23 21:15:43 2020 -0700 scripts/decode_stacktrace: strip basepath from all paths Currently the basepath is removed only from the beginning of the string. When the symbol is inlined and there's multiple line outputs of addr2line, only the first line would have basepath removed. Change to remove the basepath prefix from all lines. Fixes: 31013836a71e ("scripts/decode_stacktrace: match basepath using shell prefix operator, not regex") Co-developed-by: Shik Chen Signed-off-by: Pi-Hsun Shih Signed-off-by: Shik Chen Signed-off-by: Andrew Morton Reviewed-by: Stephen Boyd Cc: Sasha Levin Cc: Nicolas Boichat Cc: Jiri Slaby Link: http://lkml.kernel.org/r/20200720082709.252805-1-pihsun@chromium.org Signed-off-by: Linus Torvalds commit 2910c59fd0423f87aca3a669b156a2325da63745 Author: Phillip Lougher Date: Thu Jul 23 21:15:40 2020 -0700 squashfs: fix length field overlap check in metadata reading This is a regression introduced by the "migrate from ll_rw_block usage to BIO" patch. Squashfs packs structures on byte boundaries, and due to that the length field (of the metadata block) may not be fully in the current block. The new code rewrote and introduced a faulty check for that edge case. Fixes: 93e72b3c612adcaca1 ("squashfs: migrate from ll_rw_block usage to BIO") Reported-by: Bernd Amend Signed-off-by: Phillip Lougher Signed-off-by: Andrew Morton Cc: Christoph Hellwig Cc: Adrien Schildknecht Cc: Guenter Roeck Cc: Daniel Rosenberg Link: http://lkml.kernel.org/r/20200717195536.16069-1-phillip@squashfs.org.uk Signed-off-by: Linus Torvalds commit e57942c5630f86880f2cefa61f4a1ab10d4864af Author: Mike Rapoport Date: Thu Jul 23 21:15:37 2020 -0700 mailmap: add entry for Mike Rapoport Add an entry to correct my email addresses. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200708095414.12275-1-rppt@kernel.org Signed-off-by: Linus Torvalds commit 594cced14ad3903166c8b091ff96adac7552f0b3 Author: Kirill A. Shutemov Date: Thu Jul 23 21:15:34 2020 -0700 khugepaged: fix null-pointer dereference due to race khugepaged has to drop mmap lock several times while collapsing a page. The situation can change while the lock is dropped and we need to re-validate that the VMA is still in place and the PMD is still subject for collapse. But we miss one corner case: while collapsing an anonymous pages the VMA could be replaced with file VMA. If the file VMA doesn't have any private pages we get NULL pointer dereference: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] anon_vma_lock_write include/linux/rmap.h:120 [inline] collapse_huge_page mm/khugepaged.c:1110 [inline] khugepaged_scan_pmd mm/khugepaged.c:1349 [inline] khugepaged_scan_mm_slot mm/khugepaged.c:2110 [inline] khugepaged_do_scan mm/khugepaged.c:2193 [inline] khugepaged+0x3bba/0x5a10 mm/khugepaged.c:2238 The fix is to make sure that the VMA is anonymous in hugepage_vma_revalidate(). The helper is only used for collapsing anonymous pages. Fixes: 99cb0dbd47a1 ("mm,thp: add read-only THP support for (non-shmem) FS") Reported-by: syzbot+ed318e8b790ca72c5ad0@syzkaller.appspotmail.com Signed-off-by: Kirill A. Shutemov Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Acked-by: Yang Shi Cc: Link: http://lkml.kernel.org/r/20200722121439.44328-1-kirill.shutemov@linux.intel.com Signed-off-by: Linus Torvalds commit dbda8feadfa46b3d8dd7a2304f84ccbc036effe9 Author: Barry Song Date: Thu Jul 23 21:15:30 2020 -0700 mm/hugetlb: avoid hardcoding while checking if cma is enabled hugetlb_cma[0] can be NULL due to various reasons, for example, node0 has no memory. so NULL hugetlb_cma[0] doesn't necessarily mean cma is not enabled. gigantic pages might have been reserved on other nodes. This patch fixes possible double reservation and CMA leak. [akpm@linux-foundation.org: fix CONFIG_CMA=n warning] [sfr@canb.auug.org.au: better checks before using hugetlb_cma] Link: http://lkml.kernel.org/r/20200721205716.6dbaa56b@canb.auug.org.au Fixes: cf11e85fc08c ("mm: hugetlb: optionally allocate gigantic hugepages using cma") Signed-off-by: Barry Song Signed-off-by: Andrew Morton Reviewed-by: Mike Kravetz Acked-by: Roman Gushchin Cc: Jonathan Cameron Cc: Link: http://lkml.kernel.org/r/20200710005726.36068-1-song.bao.hua@hisilicon.com Signed-off-by: Linus Torvalds commit d38a2b7a9c939e6d7329ab92b96559ccebf7b135 Author: Muchun Song Date: Thu Jul 23 21:15:27 2020 -0700 mm: memcg/slab: fix memory leak at non-root kmem_cache destroy If the kmem_cache refcount is greater than one, we should not mark the root kmem_cache as dying. If we mark the root kmem_cache dying incorrectly, the non-root kmem_cache can never be destroyed. It resulted in memory leak when memcg was destroyed. We can use the following steps to reproduce. 1) Use kmem_cache_create() to create a new kmem_cache named A. 2) Coincidentally, the kmem_cache A is an alias for kmem_cache B, so the refcount of B is just increased. 3) Use kmem_cache_destroy() to destroy the kmem_cache A, just decrease the B's refcount but mark the B as dying. 4) Create a new memory cgroup and alloc memory from the kmem_cache B. It leads to create a non-root kmem_cache for allocating memory. 5) When destroy the memory cgroup created in the step 4), the non-root kmem_cache can never be destroyed. If we repeat steps 4) and 5), this will cause a lot of memory leak. So only when refcount reach zero, we mark the root kmem_cache as dying. Fixes: 92ee383f6daa ("mm: fix race between kmem_cache destroy, create and deactivate") Signed-off-by: Muchun Song Signed-off-by: Andrew Morton Reviewed-by: Shakeel Butt Acked-by: Roman Gushchin Cc: Vlastimil Babka Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Shakeel Butt Cc: Link: http://lkml.kernel.org/r/20200716165103.83462-1-songmuchun@bytedance.com Signed-off-by: Linus Torvalds commit 8d22a9351035ef2ff12ef163a1091b8b8cf1e49c Author: Hugh Dickins Date: Thu Jul 23 21:15:24 2020 -0700 mm/memcg: fix refcount error while moving and swapping It was hard to keep a test running, moving tasks between memcgs with move_charge_at_immigrate, while swapping: mem_cgroup_id_get_many()'s refcount is discovered to be 0 (supposedly impossible), so it is then forced to REFCOUNT_SATURATED, and after thousands of warnings in quick succession, the test is at last put out of misery by being OOM killed. This is because of the way moved_swap accounting was saved up until the task move gets completed in __mem_cgroup_clear_mc(), deferred from when mem_cgroup_move_swap_account() actually exchanged old and new ids. Concurrent activity can free up swap quicker than the task is scanned, bringing id refcount down 0 (which should only be possible when offlining). Just skip that optimization: do that part of the accounting immediately. Fixes: 615d66c37c75 ("mm: memcontrol: fix memcg id ref counter on swap charge move") Signed-off-by: Hugh Dickins Signed-off-by: Andrew Morton Reviewed-by: Alex Shi Cc: Johannes Weiner Cc: Alex Shi Cc: Shakeel Butt Cc: Michal Hocko Cc: Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2007071431050.4726@eggly.anvils Signed-off-by: Linus Torvalds commit 82ff165cd35110d4e380b55927bbd74dcb564998 Author: Bhupesh Sharma Date: Thu Jul 23 21:15:21 2020 -0700 mm/memcontrol: fix OOPS inside mem_cgroup_get_nr_swap_pages() Prabhakar reported an OOPS inside mem_cgroup_get_nr_swap_pages() function in a corner case seen on some arm64 boards when kdump kernel runs with "cgroup_disable=memory" passed to the kdump kernel via bootargs. The root-cause behind the same is that currently mem_cgroup_swap_init() function is implemented as a subsys_initcall() call instead of a core_initcall(), this means 'cgroup_memory_noswap' still remains set to the default value (false) even when memcg is disabled via "cgroup_disable=memory" boot parameter. This may result in premature OOPS inside mem_cgroup_get_nr_swap_pages() function in corner cases: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000188 Mem abort info: ESR = 0x96000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 [0000000000000188] user address but active_mm is swapper Internal error: Oops: 96000006 [#1] SMP Modules linked in: <..snip..> Call trace: mem_cgroup_get_nr_swap_pages+0x9c/0xf4 shrink_lruvec+0x404/0x4f8 shrink_node+0x1a8/0x688 do_try_to_free_pages+0xe8/0x448 try_to_free_pages+0x110/0x230 __alloc_pages_slowpath.constprop.106+0x2b8/0xb48 __alloc_pages_nodemask+0x2ac/0x2f8 alloc_page_interleave+0x20/0x90 alloc_pages_current+0xdc/0xf8 atomic_pool_expand+0x60/0x210 __dma_atomic_pool_init+0x50/0xa4 dma_atomic_pool_init+0xac/0x158 do_one_initcall+0x50/0x218 kernel_init_freeable+0x22c/0x2d0 kernel_init+0x18/0x110 ret_from_fork+0x10/0x18 Code: aa1403e3 91106000 97f82a27 14000011 (f940c663) ---[ end trace 9795948475817de4 ]--- Kernel panic - not syncing: Fatal exception Rebooting in 10 seconds.. Fixes: eccb52e78809 ("mm: memcontrol: prepare swap controller setup for integration") Reported-by: Prabhakar Kushwaha Signed-off-by: Bhupesh Sharma Signed-off-by: Andrew Morton Acked-by: Michal Hocko Cc: Johannes Weiner Cc: Vladimir Davydov Cc: James Morse Cc: Mark Rutland Cc: Will Deacon Cc: Catalin Marinas Link: http://lkml.kernel.org/r/1593641660-13254-2-git-send-email-bhsharma@redhat.com Signed-off-by: Linus Torvalds commit 45779b036d3d2870633443a9f9bd03c177befbf5 Author: Tom Rix Date: Thu Jul 23 21:15:18 2020 -0700 mm: initialize return of vm_insert_pages clang static analysis reports a garbage return In file included from mm/memory.c:84: mm/memory.c:1612:2: warning: Undefined or garbage value returned to caller [core.uninitialized.UndefReturn] return err; ^~~~~~~~~~ The setting of err depends on a loop executing. So initialize err. Signed-off-by: Tom Rix Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200703155354.29132-1-trix@redhat.com Signed-off-by: Linus Torvalds commit 3bef735ad7b7d987069181e7b58588043cbd1509 Author: Chengguang Xu Date: Thu Jul 23 21:15:14 2020 -0700 vfs/xattr: mm/shmem: kernfs: release simple xattr entry in a right way After commit fdc85222d58e ("kernfs: kvmalloc xattr value instead of kmalloc"), simple xattr entry is allocated with kvmalloc() instead of kmalloc(), so we should release it with kvfree() instead of kfree(). Fixes: fdc85222d58e ("kernfs: kvmalloc xattr value instead of kmalloc") Signed-off-by: Chengguang Xu Signed-off-by: Andrew Morton Acked-by: Hugh Dickins Acked-by: Tejun Heo Cc: Daniel Xu Cc: Chris Down Cc: Andreas Dilger Cc: Greg Kroah-Hartman Cc: Al Viro Cc: [5.7] Link: http://lkml.kernel.org/r/20200704051608.15043-1-cgxu519@mykernel.net Signed-off-by: Linus Torvalds commit 246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c Author: Kirill A. Shutemov Date: Thu Jul 23 21:15:11 2020 -0700 mm/mmap.c: close race between munmap() and expand_upwards()/downwards() VMA with VM_GROWSDOWN or VM_GROWSUP flag set can change their size under mmap_read_lock(). It can lead to race with __do_munmap(): Thread A Thread B __do_munmap() detach_vmas_to_be_unmapped() mmap_write_downgrade() expand_downwards() vma->vm_start = address; // The VMA now overlaps with // VMAs detached by the Thread A // page fault populates expanded part // of the VMA unmap_region() // Zaps pagetables partly // populated by Thread B Similar race exists for expand_upwards(). The fix is to avoid downgrading mmap_lock in __do_munmap() if detached VMAs are next to VM_GROWSDOWN or VM_GROWSUP VMA. [akpm@linux-foundation.org: s/mmap_sem/mmap_lock/ in comment] Fixes: dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap") Reported-by: Jann Horn Signed-off-by: Kirill A. Shutemov Signed-off-by: Andrew Morton Reviewed-by: Yang Shi Acked-by: Vlastimil Babka Cc: Oleg Nesterov Cc: Matthew Wilcox Cc: [4.20+] Link: http://lkml.kernel.org/r/20200709105309.42495-1-kirill.shutemov@linux.intel.com Signed-off-by: Linus Torvalds commit 4ae6dbd683860b9edc254ea8acf5e04b5ae242e5 Author: Pavel Begunkov Date: Fri Jul 24 20:07:21 2020 +0300 io_uring: fix lockup in io_fail_links() io_fail_links() doesn't consider REQ_F_COMP_LOCKED leading to nested spin_lock(completion_lock) and lockup. [ 197.680409] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 6-... } 18239 jiffies s: 1421 root: 0x40/. [ 197.680411] rcu: blocking rcu_node structures: [ 197.680412] Task dump for CPU 6: [ 197.680413] link-timeout R running task 0 1669 1 0x8000008a [ 197.680414] Call Trace: [ 197.680420] ? io_req_find_next+0xa0/0x200 [ 197.680422] ? io_put_req_find_next+0x2a/0x50 [ 197.680423] ? io_poll_task_func+0xcf/0x140 [ 197.680425] ? task_work_run+0x67/0xa0 [ 197.680426] ? do_exit+0x35d/0xb70 [ 197.680429] ? syscall_trace_enter+0x187/0x2c0 [ 197.680430] ? do_group_exit+0x43/0xa0 [ 197.680448] ? __x64_sys_exit_group+0x18/0x20 [ 197.680450] ? do_syscall_64+0x52/0xa0 [ 197.680452] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit d5e16d8e23825304c6a9945116cc6b6f8d51f28c Author: Pavel Begunkov Date: Fri Jul 24 20:07:20 2020 +0300 io_uring: fix ->work corruption with poll_add req->work might be already initialised by the time it gets into __io_arm_poll_handler(), which will corrupt it by using fields that are in an union with req->work. Luckily, the only side effect is missing put_creds(). Clean req->work before going there. Suggested-by: Jens Axboe Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 293a92c1d9913248b9987b68f3a5d6d2f0aae62b Author: Armas Spann Date: Fri Jul 24 16:08:37 2020 +0200 ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 This patch fixes a small typo I accidently submitted with the initial patch. The board should be named GA401 not G401. Fixes: ff53664daff2 ("ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289") Signed-off-by: Armas Spann Cc: Link: https://lore.kernel.org/r/20200724140837.302763-1-zappel@retarded.farm Signed-off-by: Takashi Iwai commit 4b43d05a1978a93a19374c6e6b817c9c1ff4ba4b Author: Armas Spann Date: Fri Jul 24 16:06:16 2020 +0200 ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 This patch adds support for headset mic to the ASUS ROG Zephyrus G15(GA502) notebook series by adding the corresponding vendor/pci_device id, as well as adding a new fixup for the used realtek ALC289. The fixup stets the correct pin to get the headset mic correctly recognized on audio-jack. Signed-off-by: Armas Spann Cc: Link: https://lore.kernel.org/r/20200724140616.298892-1-zappel@retarded.farm Signed-off-by: Takashi Iwai commit b0fef5edff0330eb6de267acd3b6cccb32a43633 Merge: 7c8c70ba5c15 09781ba0395c Author: Arnd Bergmann Date: Fri Jul 24 16:14:24 2020 +0200 Merge tag 'mvebu-fixes-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/gclement/mvebu into arm/fixes mvebu fixes for 5.8 (part 1) - DT change for Armada 38x allowing to add the register needed to fix NETA lockup when repeatedly switching speed. * tag 'mvebu-fixes-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/gclement/mvebu: ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds commit fe5ed7ab99c656bd2f5b79b49df0e9ebf2cead8a Author: Oleg Nesterov Date: Thu Jul 23 17:44:20 2020 +0200 uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression If a tracee is uprobed and it hits int3 inserted by debugger, handle_swbp() does send_sig(SIGTRAP, current, 0) which means si_code == SI_USER. This used to work when this code was written, but then GDB started to validate si_code and now it simply can't use breakpoints if the tracee has an active uprobe: # cat test.c void unused_func(void) { } int main(void) { return 0; } # gcc -g test.c -o test # perf probe -x ./test -a unused_func # perf record -e probe_test:unused_func gdb ./test -ex run GNU gdb (GDB) 10.0.50.20200714-git ... Program received signal SIGTRAP, Trace/breakpoint trap. 0x00007ffff7ddf909 in dl_main () from /lib64/ld-linux-x86-64.so.2 (gdb) The tracee hits the internal breakpoint inserted by GDB to monitor shared library events but GDB misinterprets this SIGTRAP and reports a signal. Change handle_swbp() to use force_sig(SIGTRAP), this matches do_int3_user() and fixes the problem. This is the minimal fix for -stable, arch/x86/kernel/uprobes.c is equally wrong; it should use send_sigtrap(TRAP_TRACE) instead of send_sig(SIGTRAP), but this doesn't confuse GDB and needs another x86-specific patch. Reported-by: Aaron Merey Signed-off-by: Oleg Nesterov Signed-off-by: Ingo Molnar Reviewed-by: Srikar Dronamraju Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200723154420.GA32043@redhat.com commit 062d3f95b630113e1156a31f376ad36e25da29a7 Author: Chris Wilson Date: Thu Jul 23 21:10:42 2020 +0100 sched: Warn if garbage is passed to default_wake_function() Since the default_wake_function() passes its flags onto try_to_wake_up(), warn if those flags collide with internal values. Given that the supplied flags are garbage, no repair can be done but at least alert the user to the damage they are causing. In the belief that these errors should be picked up during testing, the warning is only compiled in under CONFIG_SCHED_DEBUG. Signed-off-by: Chris Wilson Signed-off-by: Ingo Molnar Acked-by: Peter Zijlstra Link: https://lore.kernel.org/r/20200723201042.18861-1-chris@chris-wilson.co.uk commit 5fdbe136ae19ab751daaa4d08d9a42f3e30d17f9 Author: Matthew Howell Date: Wed Jul 22 16:11:24 2020 -0400 serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X Sealevel XR17V35X based devices are inoperable on kernel versions 4.11 and above due to a change in the GPIO preconfiguration introduced in commit 7dea8165f1d. This patch fixes this by preconfiguring the GPIO on Sealevel cards to the value (0x00) used prior to commit 7dea8165f1d With GPIOs preconfigured as per commit 7dea8165f1d all ports on Sealevel XR17V35X based devices become stuck in high impedance mode, regardless of dip-switch or software configuration. This causes the device to become effectively unusable. This patch (in various forms) has been distributed to our customers and no issues related to it have been reported. Fixes: 7dea8165f1d6 ("serial: exar: Preconfigure xr17v35x MPIOs as output") Signed-off-by: Matthew Howell Link: https://lore.kernel.org/r/alpine.DEB.2.21.2007221605270.13247@tstest-VirtualBox Signed-off-by: Greg Kroah-Hartman commit 15fbc3b938534cc8eaac584a7b0c1183fc968b86 Author: Ben Skeggs Date: Fri Jul 24 17:02:48 2020 +1000 drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure This is tripping up the format modifier patches. Signed-off-by: Ben Skeggs commit 498595abf5bd51f0ae074cec565d888778ea558f Author: Ben Skeggs Date: Fri Jul 24 17:01:39 2020 +1000 drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason Stale pointer was tripping up the unload path. Signed-off-by: Ben Skeggs commit 705d9d022949e3cdae82d89db6a8fc773eb23dad Author: Ben Skeggs Date: Thu Jul 23 20:10:42 2020 +1000 drm/nouveau/kms/tu102: wait for core update to complete when assigning windows Fixes a race on Turing between the core cross-channel error checks and the following window update. Signed-off-by: Ben Skeggs commit 0508831470fb5ba02485156cb8bea9aeda74248b Author: Ben Skeggs Date: Fri Jul 24 13:26:40 2020 +1000 drm/nouveau/kms/gf100: use correct format modifiers The disp015x classes are used by both gt21x and gf1xx (aside from gf119), but page kinds differ between Tesla and Fermi. Signed-off-by: Ben Skeggs commit 163d5446c37af92c85e6d58f87fe9840abac71ea Author: Ben Skeggs Date: Wed Jul 8 17:28:09 2020 +1000 drm/nouveau/disp/gm200-: fix regression from HDA SOR selection changes Fixes: 9b5ca547bb8 ("drm/nouveau/disp/gm200-: detect and potentially disable HDA support on some SORs") Signed-off-by: Ben Skeggs commit 09781ba0395c46b1c844f47e405e3ce7856f5989 Author: Russell King Date: Tue Jul 21 15:40:38 2020 +0100 ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds To support the change in "phy: armada-38x: fix NETA lockup when repeatedly switching speeds" we need to update the DT with the additional register. Fixes: 14dc100b4411 ("phy: armada38x: add common phy support") Signed-off-by: Russell King Reviewed-by: Andrew Lunn Signed-off-by: Gregory CLEMENT commit 8e8135862ccb5082347e2137b8a33edaf51427ce Merge: 32818c075c54 8210e344ccb7 Author: David S. Miller Date: Thu Jul 23 17:22:09 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter/IPVS fixes for net The following patchset contains Netfilter/IPVS fixes for net: 1) Fix NAT hook deletion when table is dormant, from Florian Westphal. 2) Fix IPVS sync stalls, from guodeqing. ==================== Signed-off-by: David S. Miller commit 32818c075c54bb0cae44dd6f7ab00b01c52b8372 Author: Cong Wang Date: Wed Jul 22 18:56:25 2020 -0700 geneve: fix an uninitialized value in geneve_changelink() geneve_nl2info() sets 'df' conditionally, so we have to initialize it by copying the value from existing geneve device in geneve_changelink(). Fixes: 56c09de347e4 ("geneve: allow changing DF behavior after creation") Reported-by: syzbot+7ebc2e088af5e4c0c9fa@syzkaller.appspotmail.com Cc: Sabrina Dubroca Signed-off-by: Cong Wang Reviewed-by: Sabrina Dubroca Signed-off-by: David S. Miller commit c75d1d5248c0c97996051809ad0e9f154ba5d76e Author: Cong Wang Date: Wed Jul 22 16:31:54 2020 -0700 bonding: check return value of register_netdevice() in bond_newlink() Very similar to commit 544f287b8495 ("bonding: check error value of register_netdevice() immediately"), we should immediately check the return value of register_netdevice() before doing anything else. Fixes: 005db31d5f5f ("bonding: set carrier off for devices created through netlink") Reported-and-tested-by: syzbot+bbc3a11c4da63c1b74d6@syzkaller.appspotmail.com Cc: Beniamino Galvani Cc: Taehee Yoo Cc: Jay Vosburgh Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 0e6705182d4e1b77248a93470d6d7b3013d59b30 Author: Steve French Date: Thu Jul 23 14:41:29 2020 -0500 Revert "cifs: Fix the target file was deleted when rename failed." This reverts commit 9ffad9263b467efd8f8dc7ae1941a0a655a2bab2. Upon additional testing with older servers, it was found that the original commit introduced a regression when using the old SMB1 dialect and rsyncing over an existing file. The patch will need to be respun to address this, likely including a larger refactoring of the SMB1 and SMB3 rename code paths to make it less confusing and also to address some additional rename error cases that SMB3 may be able to workaround. Signed-off-by: Steve French Reported-by: Patrick Fernie CC: Stable Acked-by: Ronnie Sahlberg Acked-by: Pavel Shilovsky Acked-by: Zhang Xiaoxu commit f37e99aca03f63aa3f2bd13ceaf769455d12c4b0 Merge: d15be546031c 0cfa112b33ab Author: Linus Torvalds Date: Thu Jul 23 13:42:46 2020 -0700 Merge tag 's390-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux into master Pull s390 fixes from Heiko Carstens: - Change cpum_cf/perf counter name from DFLT_CCERROR to DFLT_CCFINISH to reflect reality and avoid further confusion. This is a user space visible change therefore the commit has also a stable tag for 5.7, where this counter was introduced. - Add Matthew Rosato as s390 IOMMU maintainer. * tag 's390-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: MAINTAINERS: add Matthew for s390 IOMMU s390/cpum_cf,perf: change DFLT_CCERROR counter name commit 02b9aec59243c6240fc42884acc958602146ddf6 Author: Douglas Anderson Date: Wed Jul 22 15:00:21 2020 -0700 i2c: i2c-qcom-geni: Fix DMA transfer race When I have KASAN enabled on my kernel and I start stressing the touchscreen my system tends to hang. The touchscreen is one of the only things that does a lot of big i2c transfers and ends up hitting the DMA paths in the geni i2c driver. It appears that KASAN adds enough delay in my system to tickle a race condition in the DMA setup code. When the system hangs, I found that it was running the geni_i2c_irq() over and over again. It had these: m_stat = 0x04000080 rx_st = 0x30000011 dm_tx_st = 0x00000000 dm_rx_st = 0x00000000 dma = 0x00000001 Notably we're in DMA mode but are getting M_RX_IRQ_EN and M_RX_FIFO_WATERMARK_EN over and over again. Putting some traces in geni_i2c_rx_one_msg() showed that when we failed we were getting to the start of geni_i2c_rx_one_msg() but were never executing geni_se_rx_dma_prep(). I believe that the problem here is that we are starting the geni command before we run geni_se_rx_dma_prep(). If a transfer makes it far enough before we do that then we get into the state I have observed. Let's change the order, which seems to work fine. Although problems were seen on the RX path, code inspection suggests that the TX should be changed too. Change it as well. Fixes: 37692de5d523 ("i2c: i2c-qcom-geni: Add bus driver for the Qualcomm GENI I2C controller") Signed-off-by: Douglas Anderson Tested-by: Sai Prakash Ranjan Reviewed-by: Akash Asthana Reviewed-by: Stephen Boyd Reviewed-by: Mukesh Kumar Savaliya Signed-off-by: Wolfram Sang commit eb01597158ffb1853a7a7fc2c57d4c844640f75e Author: Wolfram Sang Date: Sat Jul 4 15:38:29 2020 +0200 i2c: rcar: always clear ICSAR to avoid side effects On R-Car Gen2, we get a timeout when reading from the address set in ICSAR, even though the slave interface is disabled. Clearing it fixes this situation. Note that Gen3 is not affected. To reproduce: bind and undbind an I2C slave on some bus, run 'i2cdetect' on that bus. Fixes: de20d1857dd6 ("i2c: rcar: add slave support") Signed-off-by: Wolfram Sang Signed-off-by: Wolfram Sang commit 76be93fc0702322179bb0ea87295d820ee46ad14 Author: Yuchung Cheng Date: Thu Jul 23 12:00:06 2020 -0700 tcp: allow at most one TLP probe per flight Previously TLP may send multiple probes of new data in one flight. This happens when the sender is cwnd limited. After the initial TLP containing new data is sent, the sender receives another ACK that acks partial inflight. It may re-arm another TLP timer to send more, if no further ACK returns before the next TLP timeout (PTO) expires. The sender may send in theory a large amount of TLP until send queue is depleted. This only happens if the sender sees such irregular uncommon ACK pattern. But it is generally undesirable behavior during congestion especially. The original TLP design restrict only one TLP probe per inflight as published in "Reducing Web Latency: the Virtue of Gentle Aggression", SIGCOMM 2013. This patch changes TLP to send at most one probe per inflight. Note that if the sender is app-limited, TLP retransmits old data and did not have this issue. Signed-off-by: Yuchung Cheng Signed-off-by: Neal Cardwell Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit 17ad73e941b71f3bec7523ea4e9cbc3752461c2d Author: Dan Carpenter Date: Thu Jul 23 17:49:57 2020 +0300 AX.25: Prevent integer overflows in connect and sendmsg We recently added some bounds checking in ax25_connect() and ax25_sendmsg() and we so we removed the AX25_MAX_DIGIS checks because they were no longer required. Unfortunately, I believe they are required to prevent integer overflows so I have added them back. Fixes: 8885bb0621f0 ("AX.25: Prevent out-of-bounds read in ax25_sendmsg()") Fixes: 2f2a7ffad5c6 ("AX.25: Fix out-of-bounds read in ax25_connect()") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller commit 5df96f2b9f58a5d2dc1f30fe7de75e197f2c25f2 Author: Mikulas Patocka Date: Thu Jul 23 10:42:09 2020 -0400 dm integrity: fix integrity recalculation that is improperly skipped Commit adc0daad366b62ca1bce3e2958a40b0b71a8b8b3 ("dm: report suspended device during destroy") broke integrity recalculation. The problem is dm_suspended() returns true not only during suspend, but also during resume. So this race condition could occur: 1. dm_integrity_resume calls queue_work(ic->recalc_wq, &ic->recalc_work) 2. integrity_recalc (&ic->recalc_work) preempts the current thread 3. integrity_recalc calls if (unlikely(dm_suspended(ic->ti))) goto unlock_ret; 4. integrity_recalc exits and no recalculating is done. To fix this race condition, add a function dm_post_suspending that is only true during the postsuspend phase and use it instead of dm_suspended(). Signed-off-by: Mikulas Patocka Fixes: adc0daad366b ("dm: report suspended device during destroy") Cc: stable vger kernel org # v4.18+ Signed-off-by: Mike Snitzer commit 3e863ea3bb1a2203ae648eb272db0ce6a1a2072c Author: Pavel Begunkov Date: Thu Jul 23 20:17:20 2020 +0300 io_uring: missed req_init_async() for IOSQE_ASYNC IOSQE_ASYNC branch of io_queue_sqe() is another place where an unitialised req->work can be accessed (i.e. prior io_req_init_async()). Nothing really bad though, it just looses IO_WQ_WORK_CONCURRENT flag. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 29c4a54bc645c8b6745eeb58519e9ad794ceb419 Author: Andy Shevchenko Date: Thu Jul 16 21:27:47 2020 +0300 device property: Avoid NULL pointer dereference in device_get_next_child_node() When we have no primary fwnode or when it's a software node, we may end up in the situation when fwnode is a NULL pointer. There is no point to look for secondary fwnode in such case. Add a necessary check to a condition. Fixes: 114dbb4fa7c4 ("drivers property: When no children in primary, try secondary") Reported-by: Maxim Levitsky Signed-off-by: Andy Shevchenko Tested-by: Maxim Levitsky Link: https://lore.kernel.org/r/20200716182747.54929-1-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit 033724d6864245a11f8e04c066002e6ad22b3fd0 Author: Tetsuo Handa Date: Wed Jul 15 10:51:02 2020 +0900 fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. syzbot is reporting general protection fault in bitfill_aligned() [1] caused by integer underflow in bit_clear_margins(). The cause of this problem is when and how do_vc_resize() updates vc->vc_{cols,rows}. If vc_do_resize() fails (e.g. kzalloc() fails) when var.xres or var.yres is going to shrink, vc->vc_{cols,rows} will not be updated. This allows bit_clear_margins() to see info->var.xres < (vc->vc_cols * cw) or info->var.yres < (vc->vc_rows * ch). Unexpectedly large rw or bh will try to overrun the __iomem region and causes general protection fault. Also, vc_resize(vc, 0, 0) does not set vc->vc_{cols,rows} = 0 due to new_cols = (cols ? cols : vc->vc_cols); new_rows = (lines ? lines : vc->vc_rows); exception. Since cols and lines are calculated as cols = FBCON_SWAP(ops->rotate, info->var.xres, info->var.yres); rows = FBCON_SWAP(ops->rotate, info->var.yres, info->var.xres); cols /= vc->vc_font.width; rows /= vc->vc_font.height; vc_resize(vc, cols, rows); in fbcon_modechanged(), var.xres < vc->vc_font.width makes cols = 0 and var.yres < vc->vc_font.height makes rows = 0. This means that const int fd = open("/dev/fb0", O_ACCMODE); struct fb_var_screeninfo var = { }; ioctl(fd, FBIOGET_VSCREENINFO, &var); var.xres = var.yres = 1; ioctl(fd, FBIOPUT_VSCREENINFO, &var); easily reproduces integer underflow bug explained above. Of course, callers of vc_resize() are not handling vc_do_resize() failure is bad. But we can't avoid vc_resize(vc, 0, 0) which returns 0. Therefore, as a band-aid workaround, this patch checks integer underflow in "struct fbcon_ops"->clear_margins call, assuming that vc->vc_cols * vc->vc_font.width and vc->vc_rows * vc->vc_font.heigh do not cause integer overflow. [1] https://syzkaller.appspot.com/bug?id=a565882df74fa76f10d3a6fec4be31098dbb37c6 Reported-and-tested-by: syzbot Signed-off-by: Tetsuo Handa Acked-by: Daniel Vetter Cc: stable Link: https://lore.kernel.org/r/20200715015102.3814-1-penguin-kernel@I-love.SAKURA.ne.jp Signed-off-by: Greg Kroah-Hartman commit 0b987032f8b58ef51cc8a042f46cc0cf1f277172 Author: Jon Hunter Date: Wed Jul 15 12:38:42 2020 +0100 usb: tegra: Fix allocation for the FPCI context Commit 5c4e8d3781bc ("usb: host: xhci-tegra: Add support for XUSB context save/restore") is using the IPFS 'num_offsets' value when allocating memory for FPCI context instead of the FPCI 'num_offsets'. After commit cad064f1bd52 ("devres: handle zero size in devm_kmalloc()") was added system suspend started failing on Tegra186. The kernel log showed that the Tegra XHCI driver was crashing on entry to suspend when attempting the save the USB context. On Tegra186, the IPFS context has a zero length but the FPCI content has a non-zero length, and because of the bug in the Tegra XHCI driver we are incorrectly allocating a zero length array for the FPCI context. The crash seen on entering suspend when we attempt to save the FPCI context and following commit cad064f1bd52 ("devres: handle zero size in devm_kmalloc()") this now causes a NULL pointer deference when we access the memory. Fix this by correcting the amount of memory we are allocating for FPCI contexts. Cc: stable@vger.kernel.org Fixes: 5c4e8d3781bc ("usb: host: xhci-tegra: Add support for XUSB context save/restore") Signed-off-by: Jon Hunter Acked-by: Thierry Reding Link: https://lore.kernel.org/r/20200715113842.30680-1-jonathanh@nvidia.com Signed-off-by: Greg Kroah-Hartman commit 7b7891c7bdfd61fc9ed6747a0a05efe2394dddc6 Author: Nathan Chancellor Date: Wed Jul 22 21:15:10 2020 -0700 arm64: vdso32: Fix '--prefix=' value for newer versions of clang Newer versions of clang only look for $(COMPAT_GCC_TOOLCHAIN_DIR)as [1], rather than $(COMPAT_GCC_TOOLCHAIN_DIR)$(CROSS_COMPILE_COMPAT)as, resulting in the following build error: $ make -skj"$(nproc)" ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- \ CROSS_COMPILE_COMPAT=arm-linux-gnueabi- LLVM=1 O=out/aarch64 distclean \ defconfig arch/arm64/kernel/vdso32/ ... /home/nathan/cbl/toolchains/llvm-binutils/bin/as: unrecognized option '-EL' clang-12: error: assembler command failed with exit code 1 (use -v to see invocation) make[3]: *** [arch/arm64/kernel/vdso32/Makefile:181: arch/arm64/kernel/vdso32/note.o] Error 1 ... Adding the value of CROSS_COMPILE_COMPAT (adding notdir to account for a full path for CROSS_COMPILE_COMPAT) fixes this issue, which matches the solution done for the main Makefile [2]. [1]: https://github.com/llvm/llvm-project/commit/3452a0d8c17f7166f479706b293caf6ac76ffd90 [2]: https://lore.kernel.org/lkml/20200721173125.1273884-1-maskray@google.com/ Signed-off-by: Nathan Chancellor Cc: stable@vger.kernel.org Link: https://github.com/ClangBuiltLinux/linux/issues/1099 Link: https://lore.kernel.org/r/20200723041509.400450-1-natechancellor@gmail.com Signed-off-by: Will Deacon commit 92d232d176041db5b033dd7b7f7f2cf343f82237 Author: Georgi Djakov Date: Thu Jul 23 11:37:35 2020 +0300 interconnect: msm8916: Fix buswidth of pcnoc_s nodes The buswidth of the pcnoc_s_* nodes is actually not 8, but 4 bytes. Let's fix it. Reported-by: Jun Nie Reviewed-by: Mike Tipton Fixes: 30c8fa3ec61a ("interconnect: qcom: Add MSM8916 interconnect provider driver") Link: https://lore.kernel.org/r/20200709130004.12462-1-georgi.djakov@linaro.org Signed-off-by: Georgi Djakov Cc: stable Link: https://lore.kernel.org/r/20200723083735.5616-3-georgi.djakov@linaro.org Signed-off-by: Greg Kroah-Hartman commit 91b44981a2316e7b00574d32dec4fae356444dcf Author: Georgi Djakov Date: Thu Jul 23 11:37:34 2020 +0300 interconnect: Do not skip aggregation for disabled paths When an interconnect path is being disabled, currently we don't aggregate the requests for it afterwards. But the re-aggregation step shouldn't be skipped, as it may leave the nodes with outdated bandwidth data. This outdated data may actually keep the path still enabled and prevent the device from going into lower power states. Reported-by: Atul Dhudase Fixes: 7d374b209083 ("interconnect: Add helpers for enabling/disabling a path") Reviewed-by: Sibi Sankar Tested-by: Atul Dhudase Reviewed-by: Atul Dhudase Link: https://lore.kernel.org/r/20200721120740.3436-1-georgi.djakov@linaro.org Signed-off-by: Georgi Djakov Link: https://lore.kernel.org/r/20200723083735.5616-2-georgi.djakov@linaro.org Signed-off-by: Greg Kroah-Hartman commit b34e7e298d7a5ed76b3aa327c240c29f1ef6dd22 Author: Eric Biggers Date: Wed Jul 15 23:05:53 2020 -0700 /dev/mem: Add missing memory barriers for devmem_inode WRITE_ONCE() isn't the correct way to publish a pointer to a data structure, since it doesn't include a write memory barrier. Therefore other tasks may see that the pointer has been set but not see that the pointed-to memory has finished being initialized yet. Instead a primitive with "release" semantics is needed. Use smp_store_release() for this. The use of READ_ONCE() on the read side is still potentially correct if there's no control dependency, i.e. if all memory being "published" is transitively reachable via the pointer itself. But this pairing is somewhat confusing and error-prone. So just upgrade the read side to smp_load_acquire() so that it clearly pairs with smp_store_release(). Cc: Arnd Bergmann Cc: Ingo Molnar Cc: Kees Cook Cc: Matthew Wilcox Cc: Russell King Cc: Andrew Morton Fixes: 3234ac664a87 ("/dev/mem: Revoke mappings when a driver claims the region") Signed-off-by: Eric Biggers Cc: stable Acked-by: Dan Williams Link: https://lore.kernel.org/r/20200716060553.24618-1-ebiggers@kernel.org Signed-off-by: Greg Kroah-Hartman commit f867c771f98891841c217fa8459244ed0dd28921 Author: Tetsuo Handa Date: Fri Jul 17 00:12:15 2020 +0900 binder: Don't use mmput() from shrinker function. syzbot is reporting that mmput() from shrinker function has a risk of deadlock [1], for delayed_uprobe_add() from update_ref_ctr() calls kzalloc(GFP_KERNEL) with delayed_uprobe_lock held, and uprobe_clear_state() from __mmput() also holds delayed_uprobe_lock. Commit a1b2289cef92ef0e ("android: binder: drop lru lock in isolate callback") replaced mmput() with mmput_async() in order to avoid sleeping with spinlock held. But this patch replaces mmput() with mmput_async() in order not to start __mmput() from shrinker context. [1] https://syzkaller.appspot.com/bug?id=bc9e7303f537c41b2b0cc2dfcea3fc42964c2d45 Reported-by: syzbot Reported-by: syzbot Signed-off-by: Tetsuo Handa Reviewed-by: Michal Hocko Acked-by: Todd Kjos Acked-by: Christian Brauner Cc: stable Link: https://lore.kernel.org/r/4ba9adb2-43f5-2de0-22de-f6075c1fab50@i-love.sakura.ne.jp Signed-off-by: Greg Kroah-Hartman commit d8904ca9d338cdaa67e3bd06d7a7d418e426648c Merge: 26a2be0789a7 38e0c89a19fd Author: Dave Airlie Date: Thu Jul 23 14:06:14 2020 +1000 Merge tag 'amd-drm-fixes-5.8-2020-07-22' of git://people.freedesktop.org/~agd5f/linux into drm-fixes amd-drm-fixes-5.8-2020-07-22: amdgpu: - Fix crash when overclocking VegaM - Fix possible crash when editing dpm levels Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20200723032608.3865-1-alexander.deucher@amd.com commit 26a2be0789a7c0d1c6d7d86d9ed8d25e2efd94a8 Merge: ba47d845d715 f3f90c6db188 Author: Dave Airlie Date: Thu Jul 23 14:05:28 2020 +1000 Merge tag 'drm-misc-fixes-2020-07-22' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes * sun4i: Fix inverted HPD result; fixes an earlier fix * lima: fix timeout during reset Signed-off-by: Dave Airlie From: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20200722070321.GA29190@linux-uq9g commit e6827d1abdc9b061a57d7b7d3019c4e99fabea2f Author: Navid Emamdoost Date: Wed Jul 22 21:58:39 2020 -0500 cxgb4: add missing release on skb in uld_send() In the implementation of uld_send(), the skb is consumed on all execution paths except one. Release skb when returning NET_XMIT_DROP. Signed-off-by: Navid Emamdoost Signed-off-by: David S. Miller commit ca9b31f6bb9c6aa9b4e5f0792f39a97bbffb8c51 Author: Fangrui Song Date: Tue Jul 21 10:31:23 2020 -0700 Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation When CROSS_COMPILE is set (e.g. aarch64-linux-gnu-), if $(CROSS_COMPILE)elfedit is found at /usr/bin/aarch64-linux-gnu-elfedit, GCC_TOOLCHAIN_DIR will be set to /usr/bin/. --prefix= will be set to /usr/bin/ and Clang as of 11 will search for both $(prefix)aarch64-linux-gnu-$needle and $(prefix)$needle. GCC searchs for $(prefix)aarch64-linux-gnu/$version/$needle, $(prefix)aarch64-linux-gnu/$needle and $(prefix)$needle. In practice, $(prefix)aarch64-linux-gnu/$needle rarely contains executables. To better model how GCC's -B/--prefix takes in effect in practice, newer Clang (since https://github.com/llvm/llvm-project/commit/3452a0d8c17f7166f479706b293caf6ac76ffd90) only searches for $(prefix)$needle. Currently it will find /usr/bin/as instead of /usr/bin/aarch64-linux-gnu-as. Set --prefix= to $(GCC_TOOLCHAIN_DIR)$(notdir $(CROSS_COMPILE)) (/usr/bin/aarch64-linux-gnu-) so that newer Clang can find the appropriate cross compiling GNU as (when -no-integrated-as is in effect). Cc: stable@vger.kernel.org Reported-by: Nathan Chancellor Signed-off-by: Fangrui Song Reviewed-by: Nathan Chancellor Tested-by: Nathan Chancellor Tested-by: Nick Desaulniers Link: https://github.com/ClangBuiltLinux/linux/issues/1099 Reviewed-by: Nick Desaulniers Signed-off-by: Masahiro Yamada commit 901f3cc1639e5103a8997f6ab243785d292e2074 Author: Egor Pomozov Date: Wed Jul 22 22:09:58 2020 +0300 net: atlantic: fix PTP on AQC10X This patch fixes PTP on AQC10X. PTP support on AQC10X requires FW involvement and FW configures the TPS data arb mode itself. So we must make sure driver doesn't touch TPS data arb mode on AQC10x if PTP is enabled. Otherwise, there are no timestamps even though packets are flowing. Fixes: 2deac71ac492a ("net: atlantic: QoS implementation: min_rate") Signed-off-by: Egor Pomozov Signed-off-by: Mark Starovoytov Signed-off-by: Igor Russkikh Signed-off-by: David S. Miller commit 8885bb0621f01a6c82be60a91e5fc0f6e2f71186 Author: Peilin Ye Date: Wed Jul 22 12:05:12 2020 -0400 AX.25: Prevent out-of-bounds read in ax25_sendmsg() Checks on `addr_len` and `usax->sax25_ndigis` are insufficient. ax25_sendmsg() can go out of bounds when `usax->sax25_ndigis` equals to 7 or 8. Fix it. It is safe to remove `usax->sax25_ndigis > AX25_MAX_DIGIS`, since `addr_len` is guaranteed to be less than or equal to `sizeof(struct full_sockaddr_ax25)` Signed-off-by: Peilin Ye Signed-off-by: David S. Miller commit f659173364c64d3276b8aba62368e7e732fab309 Merge: 2f2a7ffad5c6 3ecdda3e9ad8 Author: David S. Miller Date: Wed Jul 22 18:00:12 2020 -0700 Merge branch 'sctp-shrink-stream-outq-in-the-right-place' Xin Long says: ==================== sctp: shrink stream outq in the right place Patch 1 is an improvement, and Patch 2 is a bug fix. ==================== Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller commit 3ecdda3e9ad837cf9cb41b6faa11b1af3a5abc0c Author: Xin Long Date: Wed Jul 22 23:52:12 2020 +0800 sctp: shrink stream outq when fails to do addstream reconf When adding a stream with stream reconf, the new stream firstly is in CLOSED state but new out chunks can still be enqueued. Then once gets the confirmation from the peer, the state will change to OPEN. However, if the peer denies, it needs to roll back the stream. But when doing that, it only sets the stream outcnt back, and the chunks already in the new stream don't get purged. It caused these chunks can still be dequeued in sctp_outq_dequeue_data(). As its stream is still in CLOSE, the chunk will be enqueued to the head again by sctp_outq_head_data(). This chunk will never be sent out, and the chunks after it can never be dequeued. The assoc will be 'hung' in a dead loop of sending this chunk. To fix it, this patch is to purge these chunks already in the new stream by calling sctp_stream_shrink_out() when failing to do the addstream reconf. Fixes: 11ae76e67a17 ("sctp: implement receiver-side procedures for the Reconf Response Parameter") Reported-by: Ying Xu Signed-off-by: Xin Long Signed-off-by: David S. Miller commit 8f13399db22f909a35735bf8ae2f932e0c8f0e30 Author: Xin Long Date: Wed Jul 22 23:52:11 2020 +0800 sctp: shrink stream outq only when new outcnt < old outcnt It's not necessary to go list_for_each for outq->out_chunk_list when new outcnt >= old outcnt, as no chunk with higher sid than new (outcnt - 1) exists in the outqueue. While at it, also move the list_for_each code in a new function sctp_stream_shrink_out(), which will be used in the next patch. Signed-off-by: Xin Long Signed-off-by: David S. Miller commit 2f2a7ffad5c6cbf3d438e813cfdc88230e185ba6 Author: Peilin Ye Date: Wed Jul 22 11:19:01 2020 -0400 AX.25: Fix out-of-bounds read in ax25_connect() Checks on `addr_len` and `fsa->fsa_ax25.sax25_ndigis` are insufficient. ax25_connect() can go out of bounds when `fsa->fsa_ax25.sax25_ndigis` equals to 7 or 8. Fix it. This issue has been reported as a KMSAN uninit-value bug, because in such a case, ax25_connect() reaches into the uninitialized portion of the `struct sockaddr_storage` statically allocated in __sys_connect(). It is safe to remove `fsa->fsa_ax25.sax25_ndigis > AX25_MAX_DIGIS` because `addr_len` is guaranteed to be less than or equal to `sizeof(struct full_sockaddr_ax25)`. Reported-by: syzbot+c82752228ed975b0a623@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?id=55ef9d629f3b3d7d70b69558015b63b48d01af66 Signed-off-by: Peilin Ye Signed-off-by: David S. Miller commit 26cb7085c8984e5b71d65c374a135134ed8cabb3 Author: Claudiu Manoil Date: Wed Jul 22 17:40:12 2020 +0300 enetc: Remove the mdio bus on PF probe bailout For ENETC ports that register an external MDIO bus, the bus doesn't get removed on the error bailout path of enetc_pf_probe(). This issue became much more visible after recent: commit 07095c025ac2 ("net: enetc: Use DT protocol information to set up the ports") Before this commit, one could make probing fail on the error path only by having register_netdev() fail, which is unlikely. But after this commit, because it moved the enetc_of_phy_get() call up in the probing sequence, now we can trigger an mdiobus_free() bug just by forcing enetc_alloc_msix() to return error, i.e. with the 'pci=nomsi' kernel bootarg (since ENETC relies on MSI support to work), as the calltrace below shows: kernel BUG at /home/eiz/work/enetc/net/drivers/net/phy/mdio_bus.c:648! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [...] Hardware name: LS1028A RDB Board (DT) pstate: 80000005 (Nzcv daif -PAN -UAO BTYPE=--) pc : mdiobus_free+0x50/0x58 lr : devm_mdiobus_free+0x14/0x20 [...] Call trace: mdiobus_free+0x50/0x58 devm_mdiobus_free+0x14/0x20 release_nodes+0x138/0x228 devres_release_all+0x38/0x60 really_probe+0x1c8/0x368 driver_probe_device+0x5c/0xc0 device_driver_attach+0x74/0x80 __driver_attach+0x8c/0xd8 bus_for_each_dev+0x7c/0xd8 driver_attach+0x24/0x30 bus_add_driver+0x154/0x200 driver_register+0x64/0x120 __pci_register_driver+0x44/0x50 enetc_pf_driver_init+0x24/0x30 do_one_initcall+0x60/0x1c0 kernel_init_freeable+0x1fc/0x274 kernel_init+0x14/0x110 ret_from_fork+0x10/0x34 Fixes: ebfcb23d62ab ("enetc: Add ENETC PF level external MDIO support") Signed-off-by: Claudiu Manoil Signed-off-by: David S. Miller commit 74f85551666fe40bd739e95b5ecb20f53f8ad4df Merge: 2a55280a3675 769e0fe1171e Author: Thomas Gleixner Date: Thu Jul 23 00:46:44 2020 +0200 Merge tag 'efi-urgent-for-v5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi into efi/urgent Pull EFI fixes from Ard Biesheuvel: - Fix the layering violation in the use of the EFI runtime services availability mask in users of the 'efivars' abstraction - Revert build fix for GCC v4.8 which is no longer supported - Some fixes for build issues found by Atish while working on RISC-V support - Avoid --whole-archive when linking the stub on arm64 - Some x86 EFI stub cleanups from Arvind commit d181d2da0141371bbc360eaea78719203e165e1c Author: Thomas Gleixner Date: Wed Jul 22 10:39:54 2020 +0200 x86/dumpstack: Dump user space code correctly again H.J. reported that post 5.7 a segfault of a user space task does not longer dump the Code bytes when /proc/sys/debug/exception-trace is enabled. It prints 'Code: Bad RIP value.' instead. This was broken by a recent change which made probe_kernel_read() reject non-kernel addresses. Update show_opcodes() so it retrieves user space opcodes via copy_from_user_nmi(). Fixes: 98a23609b103 ("maccess: always use strict semantics for probe_kernel_read") Reported-by: H.J. Lu Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/87h7tz306w.fsf@nanos.tec.linutronix.de commit 039a7a30ec102ec866d382a66f87f6f7654f8140 Author: Josh Poimboeuf Date: Fri Jul 17 09:04:26 2020 -0500 x86/stacktrace: Fix reliable check for empty user task stacks If a user task's stack is empty, or if it only has user regs, ORC reports it as a reliable empty stack. But arch_stack_walk_reliable() incorrectly treats it as unreliable. That happens because the only success path for user tasks is inside the loop, which only iterates on non-empty stacks. Generally, a user task must end in a user regs frame, but an empty stack is an exception to that rule. Thanks to commit 71c95825289f ("x86/unwind/orc: Fix error handling in __unwind_start()"), unwind_start() now sets state->error appropriately. So now for both ORC and FP unwinders, unwind_done() and !unwind_error() always means the end of the stack was successfully reached. So the success path for kthreads is no longer needed -- it can also be used for empty user tasks. Reported-by: Wang ShaoBo Signed-off-by: Josh Poimboeuf Signed-off-by: Thomas Gleixner Tested-by: Wang ShaoBo Link: https://lkml.kernel.org/r/f136a4e5f019219cbc4f4da33b30c2f44fa65b84.1594994374.git.jpoimboe@redhat.com commit 372a8eaa05998cd45b3417d0e0ffd3a70978211a Author: Josh Poimboeuf Date: Fri Jul 17 09:04:25 2020 -0500 x86/unwind/orc: Fix ORC for newly forked tasks The ORC unwinder fails to unwind newly forked tasks which haven't yet run on the CPU. It correctly reads the 'ret_from_fork' instruction pointer from the stack, but it incorrectly interprets that value as a call stack address rather than a "signal" one, so the address gets incorrectly decremented in the call to orc_find(), resulting in bad ORC data. Fix it by forcing 'ret_from_fork' frames to be signal frames. Reported-by: Wang ShaoBo Signed-off-by: Josh Poimboeuf Signed-off-by: Thomas Gleixner Tested-by: Wang ShaoBo Link: https://lkml.kernel.org/r/f91a8778dde8aae7f71884b5df2b16d552040441.1594994374.git.jpoimboe@redhat.com commit 9affa435817711861d774f5626c393c80f16d044 Author: J. Bruce Fields Date: Wed Jul 15 13:31:36 2020 -0400 nfsd4: fix NULL dereference in nfsd/clients display code We hold the cl_lock here, and that's enough to keep stateid's from going away, but it's not enough to prevent the files they point to from going away. Take fi_lock and a reference and check for NULL, as we do in other code. Reported-by: NeilBrown Fixes: 78599c42ae3c ("nfsd4: add file to display list of client's opens") Reviewed-by: NeilBrown Signed-off-by: J. Bruce Fields commit 7c8c70ba5c15adcd9785aa7b17431a9d3fe7f717 Merge: 21a59e0bf5e0 4a601da92c2a Author: Arnd Bergmann Date: Wed Jul 22 21:41:36 2020 +0200 Merge tag 'imx-fixes-5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/fixes i.MX fixes for 5.8, round 3: - A couple of FEC2 phy-mode fixes on imx6sx-sabreauto and imx6sx-sdb board. - One fix on imx6qdl-icore pin muxing to get USB OTG_ID and SD card detect work correctly. * tag 'imx-fixes-5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 Link: https://lore.kernel.org/r/20200720040148.GA20462@dragon Signed-off-by: Arnd Bergmann commit 21a59e0bf5e00d69303a0ab61729c514ef067c3b Merge: 2648298a06ba 62a8ccf3a248 Author: Arnd Bergmann Date: Wed Jul 22 21:40:40 2020 +0200 Merge tag 'sunxi-fixes-for-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux into arm/fixes Two fixes for the Allwinner SoCs, one to relax the CMA allocation ranges that were failing on older SoCs and one to fix Cedrus on the H6. * tag 'sunxi-fixes-for-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux: arm64: dts: allwinner: h6: Fix Cedrus IOMMU usage ARM: dts sunxi: Relax a bit the CMA pool allocation range Link: https://lore.kernel.org/r/e24f0608-6a4f-4163-b99e-a5f48e796184.lettre@localhost Signed-off-by: Arnd Bergmann commit d15be546031cf65a0fc34879beca02fd90fe7ac7 Merge: 071fb1bcd727 0d6db85131e0 Author: Linus Torvalds Date: Wed Jul 22 11:56:00 2020 -0700 Merge tag 'media/v5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media into master Pull media fixes from Mauro Carvalho Chehab: "A series of fixes for the upcoming atomisp driver. They solve issues when probing atomisp on devices with multiple cameras and get rid of warnings when built with W=1. The diffstat is a bit long, as this driver has several abstractions. The patches that solved the issues with W=1 had to get rid of some duplicated code (there used to have 2 versions of the same code, one for ISP2401 and another one for ISP2400). As this driver is not in 5.7, such changes won't cause regressions" * tag 'media/v5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (38 commits) Revert "media: atomisp: keep the ISP powered on when setting it" media: atomisp: fix mask and shift operation on ISPSSPM0 media: atomisp: move system_local consts into a C file media: atomisp: get rid of version-specific system_local.h media: atomisp: move global stuff into a common header media: atomisp: remove non-used 32-bits consts at system_local media: atomisp: get rid of some unused static vars media: atomisp: Fix error code in ov5693_probe() media: atomisp: Replace trace_printk by pr_info media: atomisp: Fix __func__ style warnings media: atomisp: fix help message for ISP2401 selection media: atomisp: i2c: atomisp-ov2680.c: fixed a brace coding style issue. media: atomisp: make const arrays static, makes object smaller media: atomisp: Clean up non-existing folders from Makefile media: atomisp: Get rid of ACPI specifics in gmin_subdev_add() media: atomisp: Provide Gmin subdev as parameter to gmin_subdev_add() media: atomisp: Use temporary variable for device in gmin_subdev_add() media: atomisp: Refactor PMIC detection to a separate function media: atomisp: Deduplicate return ret in gmin_i2c_write() media: atomisp: Make pointer to PMIC client global ... commit 071fb1bcd727e306f3e5911e53e7222fc4efab35 Merge: 8c26c87b0532 db415f7aae07 Author: Linus Torvalds Date: Wed Jul 22 11:30:07 2020 -0700 Merge tag 'exfat-for-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat into master Pull exfat fixes from Namjae Jeon: - fix overflow issue at sector calculation - fix wrong hint_stat initialization - fix wrong size update of stream entry - fix endianness of upname in name_hash computation * tag 'exfat-for-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat: exfat: fix name_hash computation on big endian systems exfat: fix wrong size update of stream entry by typo exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() exfat: fix overflow issue in exfat_cluster_to_sector() commit faaff9765664009c1c7c65551d32e9ed3b1dda8f Author: Rustam Kovhaev Date: Wed Jul 22 09:10:52 2020 -0700 staging: wlan-ng: properly check endpoint types As syzkaller detected, wlan-ng driver does not do sanity check of endpoints in prism2sta_probe_usb(), add check for xfer direction and type Reported-and-tested-by: syzbot+c2a1fa67c02faa0de723@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=c2a1fa67c02faa0de723 Signed-off-by: Rustam Kovhaev Cc: stable Link: https://lore.kernel.org/r/20200722161052.999754-1-rkovhaev@gmail.com Signed-off-by: Greg Kroah-Hartman commit d08c30d7a0d1826f771f16cde32bd86e48401791 Author: Bjorn Helgaas Date: Fri Jul 17 17:21:28 2020 -0500 Revert "PCI/PM: Assume ports without DLL Link Active train links in 100 ms" This reverts commit ec411e02b7a2e785a4ed9ed283207cd14f48699d. Patrick reported that this commit broke hybrid graphics on a ThinkPad X1 Extreme 2nd with Intel UHD Graphics 630 and NVIDIA GeForce GTX 1650 Mobile: nouveau 0000:01:00.0: fifo: PBDMA0: 01000000 [] ch 0 [00ff992000 DRM] subc 0 mthd 0008 data 00000000 Karol reported that this commit broke Nouveau firmware loading on a Lenovo P1G2 with Intel UHD Graphics 630 and NVIDIA TU117GLM [Quadro T1000 Mobile]: nouveau 0000:01:00.0: acr: AHESASC binary failed In both cases, reverting ec411e02b7a2 solved the problem. Unfortunately, this revert will reintroduce the "Thunderbolt bridges take long time to resume from D3cold" problem: https://bugzilla.kernel.org/show_bug.cgi?id=206837 Link: https://lore.kernel.org/r/CAErSpo5sTeK_my1dEhWp7aHD0xOp87+oHYWkTjbL7ALgDbXo-Q@mail.gmail.com Link: https://lore.kernel.org/r/CACO55tsAEa5GXw5oeJPG=mcn+qxNvspXreJYWDJGZBy5v82JDA@mail.gmail.com Link: https://bugzilla.kernel.org/show_bug.cgi?id=208597 Reported-by: Patrick Volkerding Reported-by: Karol Herbst Fixes: ec411e02b7a2 ("PCI/PM: Assume ports without DLL Link Active train links in 100 ms") Signed-off-by: Bjorn Helgaas commit 62ca18a0896f5590806e6aee7bce39f130a2d9d5 Author: Bjorn Helgaas Date: Wed Jul 1 15:53:15 2020 -0500 virtio-mmio: Reject invalid IRQ 0 command line argument The "virtio_mmio.device=" command line argument allows a user to specify the size, address, and IRQ of a virtio device. Previously the only requirement for the IRQ was that it be an unsigned integer. Zero is an unsigned integer but an invalid IRQ number, and after a85a6c86c25be ("driver core: platform: Clarify that IRQ 0 is invalid"), attempts to use IRQ 0 cause warnings. If the user specifies IRQ 0, return failure instead of registering a device with IRQ 0. Fixes: a85a6c86c25be ("driver core: platform: Clarify that IRQ 0 is invalid") Signed-off-by: Bjorn Helgaas Acked-by: Jason Wang Acked-by: Michael S. Tsirkin commit 1014a2f8d76b05e0f228dd097ac1a249c5934232 Author: Rob Clark Date: Mon Jul 20 08:52:17 2020 -0700 iommu/qcom: Use domain rather than dev as tlb cookie The device may be torn down, but the domain should still be valid. Lets use that as the tlb flush ops cookie. Fixes a problem reported in [1] [1] https://lkml.org/lkml/2020/7/20/104 Reported-by: Naresh Kamboju Signed-off-by: Rob Clark Tested-by: Naresh Kamboju Fixes: 09b5dfff9ad6 ("iommu/qcom: Use accessor functions for iommu private data") Link: https://lore.kernel.org/r/20200720155217.274994-1-robdclark@gmail.com Signed-off-by: Joerg Roedel commit 0cfa112b33aba4473b00151c75b87818a835702a Author: Gerald Schaefer Date: Tue Jul 21 15:04:30 2020 +0200 MAINTAINERS: add Matthew for s390 IOMMU Acked-By: Matthew Rosato Signed-off-by: Gerald Schaefer Signed-off-by: Heiko Carstens commit 37bd22420f856fcd976989f1d4f1f7ad28e1fcac Author: Mark Salyzyn Date: Wed Jul 22 04:00:53 2020 -0700 af_key: pfkey_dump needs parameter validation In pfkey_dump() dplen and splen can both be specified to access the xfrm_address_t structure out of bounds in__xfrm_state_filter_match() when it calls addr_match() with the indexes. Return EINVAL if either are out of range. Signed-off-by: Mark Salyzyn Cc: netdev@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: kernel-team@android.com Cc: Steffen Klassert Cc: Herbert Xu Cc: "David S. Miller" Cc: Jakub Kicinski Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Steffen Klassert commit 436d17675be1c090f08d4eddf1d7193cacf0e9be Author: Ludovic Desroches Date: Thu Jul 9 10:42:33 2020 +0200 MAINTAINERS: i2c: at91: handover maintenance to Codrin Ciubotariu My colleague Codrin Ciubotariu, now, maintains this driver internally. Then I handover the mainline maintenance to him. Signed-off-by: Ludovic Desroches Signed-off-by: Wolfram Sang commit aca7ed091117d9b4ce499855c383119afb2819a2 Author: Randy Dunlap Date: Fri Jul 17 16:38:15 2020 -0700 i2c: drop duplicated word in the header file Drop the doubled word "be" in a comment. Signed-off-by: Randy Dunlap Signed-off-by: Wolfram Sang commit 12d4d9ec5eeecd712c73772e422b6d082e66b046 Author: Raviteja Narayanam Date: Fri Jul 3 19:26:12 2020 +0530 i2c: cadence: Clear HOLD bit at correct time in Rx path There are few issues on Zynq SOC observed in the stress tests causing timeout errors. Even though all the data is received, timeout error is thrown. This is due to an IP bug in which the COMP bit in ISR is not set at end of transfer and completion interrupt is not generated. This bug is seen on Zynq platforms when the following condition occurs: Master read & HOLD bit set & Transfer size register reaches '0'. One workaround is to clear the HOLD bit before the transfer size register reaches '0'. The current implementation checks for this at the start of the loop and also only for less than FIFO DEPTH case (ignoring the equal to case). So clear the HOLD bit when the data yet to receive is less than or equal to the FIFO DEPTH. This avoids the IP bug condition. Signed-off-by: Raviteja Narayanam Acked-by: Michal Simek Signed-off-by: Wolfram Sang commit 0db9254d6b896b587759e2c844c277fb1a6da5b9 Author: Raviteja Narayanam Date: Fri Jul 3 19:25:49 2020 +0530 Revert "i2c: cadence: Fix the hold bit setting" This reverts commit d358def706880defa4c9e87381c5bf086a97d5f9. There are two issues with "i2c: cadence: Fix the hold bit setting" commit. 1. In case of combined message request from user space, when the HOLD bit is cleared in cdns_i2c_mrecv function, a STOP condition is sent on the bus even before the last message is started. This is because when the HOLD bit is cleared, the FIFOS are empty and there is no pending transfer. The STOP condition should occur only after the last message is completed. 2. The code added by the commit is redundant. Driver is handling the setting/clearing of HOLD bit in right way before the commit. The setting of HOLD bit based on 'bus_hold_flag' is taken care in cdns_i2c_master_xfer function even before cdns_i2c_msend/cdns_i2c_recv functions. The clearing of HOLD bit is taken care at the end of cdns_i2c_msend and cdns_i2c_recv functions based on bus_hold_flag and byte count. Since clearing of HOLD bit is done after the slave address is written to the register (writing to address register triggers the message transfer), it is ensured that STOP condition occurs at the right time after completion of the pending transfer (last message). Signed-off-by: Raviteja Narayanam Acked-by: Michal Simek Signed-off-by: Wolfram Sang commit 3da87ec67a491b9633a82045896c076b794bf938 Author: Laurence Tratt Date: Sun Jun 21 08:50:05 2020 +0100 ALSA: usb-audio: Add implicit feedback quirk for SSL2 As expected, this requires the same quirk as the SSL2+ in order for the clock to sync. This was suggested by, and tested on an SSL2, by Dmitry. Suggested-by: Dmitry Signed-off-by: Laurence Tratt Cc: Link: https://lore.kernel.org/r/20200621075005.52mjjfc6dtdjnr3h@overdrive.tratt.net Signed-off-by: Takashi Iwai commit d136122f58458479fd8926020ba2937de61d7f65 Author: Peter Zijlstra Date: Mon Jul 20 17:20:21 2020 +0200 sched: Fix race against ptrace_freeze_trace() There is apparently one site that violates the rule that only current and ttwu() will modify task->state, namely ptrace_{,un}freeze_traced() will change task->state for a remote task. Oleg explains: "TASK_TRACED/TASK_STOPPED was always protected by siglock. In particular, ttwu(__TASK_TRACED) must be always called with siglock held. That is why ptrace_freeze_traced() assumes it can safely do s/TASK_TRACED/__TASK_TRACED/ under spin_lock(siglock)." This breaks the ordering scheme introduced by commit: dbfb089d360b ("sched: Fix loadavg accounting race") Specifically, the reload not matching no longer implies we don't have to block. Simply things by noting that what we need is a LOAD->STORE ordering and this can be provided by a control dependency. So replace: prev_state = prev->state; raw_spin_lock(&rq->lock); smp_mb__after_spinlock(); /* SMP-MB */ if (... && prev_state && prev_state == prev->state) deactivate_task(); with: prev_state = prev->state; if (... && prev_state) /* CTRL-DEP */ deactivate_task(); Since that already implies the 'prev->state' load must be complete before allowing the 'prev->on_rq = 0' store to become visible. Fixes: dbfb089d360b ("sched: Fix loadavg accounting race") Reported-by: Jiri Slaby Signed-off-by: Peter Zijlstra (Intel) Acked-by: Oleg Nesterov Tested-by: Paul Gortmaker Tested-by: Christian Brauner commit de2b41be8fcccb2f5b6c480d35df590476344201 Author: Joerg Roedel Date: Tue Jul 21 11:34:48 2020 +0200 x86, vmlinux.lds: Page-align end of ..page_aligned sections On x86-32 the idt_table with 256 entries needs only 2048 bytes. It is page-aligned, but the end of the .bss..page_aligned section is not guaranteed to be page-aligned. As a result, objects from other .bss sections may end up on the same 4k page as the idt_table, and will accidentially get mapped read-only during boot, causing unexpected page-faults when the kernel writes to them. This could be worked around by making the objects in the page aligned sections page sized, but that's wrong. Explicit sections which store only page aligned objects have an implicit guarantee that the object is alone in the page in which it is placed. That works for all objects except the last one. That's inconsistent. Enforcing page sized objects for these sections would wreckage memory sanitizers, because the object becomes artificially larger than it should be and out of bound access becomes legit. Align the end of the .bss..page_aligned and .data..page_aligned section on page-size so all objects places in these sections are guaranteed to have their own page. [ tglx: Amended changelog ] Signed-off-by: Joerg Roedel Signed-off-by: Thomas Gleixner Reviewed-by: Kees Cook Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20200721093448.10417-1-joro@8bytes.org commit 2c4dc31486034fa8929a571e7a59677e92b5d6c5 Author: Murali Karicheri Date: Fri Jul 17 15:19:32 2020 +0300 net: ethernet: ti: add NETIF_F_HW_TC hw feature flag for taprio offload Currently drive supports taprio offload which is a tc feature offloaded to cpsw hardware. So driver has to set the hw feature flag, NETIF_F_HW_TC in the net device to be compliant. This patch adds the flag. Fixes: 8127224c2708 ("ethernet: ti: am65-cpsw-qos: add TAPRIO offload support") Signed-off-by: Murali Karicheri Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller commit 1264d7fa3a64d8bea7aebb77253f917947ffda25 Author: Wang Hai Date: Fri Jul 17 10:50:49 2020 +0800 net: ethernet: ave: Fix error returns in ave_init When regmap_update_bits failed in ave_init(), calls of the functions reset_control_assert() and clk_disable_unprepare() were missed. Add goto out_reset_assert to do this. Fixes: 57878f2f4697 ("net: ethernet: ave: add support for phy-mode setting of system controller") Reported-by: Hulk Robot Signed-off-by: Wang Hai Reviewed-by: Kunihiko Hayashi Signed-off-by: David S. Miller commit 8fdcabeac39824fe67480fd9508d80161c541854 Author: Xie He Date: Thu Jul 16 16:44:33 2020 -0700 drivers/net/wan/x25_asy: Fix to make it work This driver is not working because of problems of its receiving code. This patch fixes it to make it work. When the driver receives an LAPB frame, it should first pass the frame to the LAPB module to process. After processing, the LAPB module passes the data (the packet) back to the driver, the driver should then add a one-byte pseudo header and pass the data to upper layers. The changes to the "x25_asy_bump" function and the "x25_asy_data_indication" function are to correctly implement this procedure. Also, the "x25_asy_unesc" function ignores any frame that is shorter than 3 bytes. However the shortest frames are 2-byte long. So we need to change it to allow 2-byte frames to pass. Cc: Eric Dumazet Cc: Martin Schiller Signed-off-by: Xie He Reviewed-by: Martin Schiller Signed-off-by: David S. Miller commit 8210e344ccb798c672ab237b1a4f241bda08909b Author: guodeqing Date: Thu Jul 16 16:12:08 2020 +0800 ipvs: fix the connection sync failed in some cases The sync_thread_backup only checks sk_receive_queue is empty or not, there is a situation which cannot sync the connection entries when sk_receive_queue is empty and sk_rmem_alloc is larger than sk_rcvbuf, the sync packets are dropped in __udp_enqueue_schedule_skb, this is because the packets in reader_queue is not read, so the rmem is not reclaimed. Here I add the check of whether the reader_queue of the udp sock is empty or not to solve this problem. Fixes: 2276f58ac589 ("udp: use a separate rx queue for packet reception") Reported-by: zhouxudong Signed-off-by: guodeqing Acked-by: Julian Anastasov Signed-off-by: Pablo Neira Ayuso commit b346c0c85892cb8c53e8715734f71ba5bbec3387 Author: Paolo Pisati Date: Tue Jul 21 18:17:10 2020 +0200 selftest: txtimestamp: fix net ns entry logic According to 'man 8 ip-netns', if `ip netns identify` returns an empty string, there's no net namespace associated with current PID: fix the net ns entrance logic. Signed-off-by: Paolo Pisati Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 5fff09bc141570cd15c118b097b17dec832b517f Author: Max Filippov Date: Tue Jul 21 15:00:35 2020 -0700 xtensa: fix access check in csum_and_copy_from_user Commit d341659f470b ("xtensa: switch to providing csum_and_copy_from_user()") introduced access check, but incorrectly tested dst instead of src. Fix access_ok argument in csum_and_copy_from_user. Cc: Al Viro Fixes: d341659f470b ("xtensa: switch to providing csum_and_copy_from_user()") Signed-off-by: Max Filippov Signed-off-by: Al Viro commit 785ed9c32aa1e709e62a475e44139bd875b00c9d Merge: 2c9d8e01f0c6 eb61c2d69903 Author: David S. Miller Date: Tue Jul 21 16:07:34 2020 -0700 Merge branch 'qed-suppress-irrelevant-error-messages-on-HW-init' Alexander Lobakin says: ==================== qed: suppress irrelevant error messages on HW init This raises the verbosity level of several error/warning messages on driver/module initialization, most of which are false-positives, and the one actively spamming the log for no reason. ==================== Signed-off-by: David S. Miller commit eb61c2d69903e977ffa2b80b1da9d1f758cf228d Author: Alexander Lobakin Date: Tue Jul 21 17:41:43 2020 +0300 qed: suppress false-positives interrupt error messages on HW init It was found that qed_pglueb_rbc_attn_handler() can produce a lot of false-positive error detections on driver load/reload (especially after crashes/recoveries) and spam the kernel log: [ 4.958275] [qed_pglueb_rbc_attn_handler:324()]ICPL error - 00d00ff0 [ 2079.146764] [qed_pglueb_rbc_attn_handler:324()]ICPL error - 00d80ff0 [ 2116.374631] [qed_pglueb_rbc_attn_handler:324()]ICPL error - 00d80ff0 [ 2135.250564] [qed_pglueb_rbc_attn_handler:324()]ICPL error - 00d80ff0 [...] Reduce the logging level of two false-positive prone error messages from notice to verbose on initialization (only) to not mix it with real error attentions while debugging. Fixes: 666db4862f2d ("qed: Revise load sequence to avoid PCI errors") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit 1ea999039fe7c7953da2fbb7ca7c3ef00064d328 Author: Alexander Lobakin Date: Tue Jul 21 17:41:42 2020 +0300 qed: suppress "don't support RoCE & iWARP" flooding on HW init Change the verbosity of the "don't support RoCE & iWARP simultaneously" warning to debug level to stop flooding on driver/hardware initialization: [ 4.783230] qede 01:00.00: Storm FW 8.37.7.0, Management FW 8.52.9.0 [MBI 15.10.6] [eth0] [ 4.810020] [qed_rdma_set_pf_params:2076()]Current day drivers don't support RoCE & iWARP simultaneously on the same PF. Default to RoCE-only [ 4.861186] qede 01:00.01: Storm FW 8.37.7.0, Management FW 8.52.9.0 [MBI 15.10.6] [eth1] [ 4.893311] [qed_rdma_set_pf_params:2076()]Current day drivers don't support RoCE & iWARP simultaneously on the same PF. Default to RoCE-only [ 5.181713] qede a1:00.00: Storm FW 8.37.7.0, Management FW 8.52.9.0 [MBI 15.10.6] [eth2] [ 5.224740] [qed_rdma_set_pf_params:2076()]Current day drivers don't support RoCE & iWARP simultaneously on the same PF. Default to RoCE-only [ 5.276449] qede a1:00.01: Storm FW 8.37.7.0, Management FW 8.52.9.0 [MBI 15.10.6] [eth3] [ 5.318671] [qed_rdma_set_pf_params:2076()]Current day drivers don't support RoCE & iWARP simultaneously on the same PF. Default to RoCE-only [ 5.369548] qede a1:00.02: Storm FW 8.37.7.0, Management FW 8.52.9.0 [MBI 15.10.6] [eth4] [ 5.411645] [qed_rdma_set_pf_params:2076()]Current day drivers don't support RoCE & iWARP simultaneously on the same PF. Default to RoCE-only Fixes: e0a8f9de16fc ("qed: Add iWARP enablement support") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit 2c9d8e01f0c6017317eee7638496173d4a64e6bc Author: Taehee Yoo Date: Tue Jul 21 14:51:50 2020 +0000 netdevsim: fix unbalaced locking in nsim_create() In the nsim_create(), rtnl_lock() is called before nsim_bpf_init(). If nsim_bpf_init() is failed, rtnl_unlock() should be called, but it isn't called. So, unbalanced locking would occur. Fixes: e05b2d141fef ("netdevsim: move netdev creation/destruction to dev probe") Signed-off-by: Taehee Yoo Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit 3506b2f42dff66ea6814c3dfa1988bafb79e6f88 Author: Helmut Grohne Date: Tue Jul 21 13:07:39 2020 +0200 net: dsa: microchip: call phy_remove_link_mode during probe When doing "ip link set dev ... up" for a ksz9477 backed link, ksz9477_phy_setup is called and it calls phy_remove_link_mode to remove 1000baseT HDX. During phy_remove_link_mode, phy_advertise_supported is called. Doing so reverts any previous change to advertised link modes e.g. using a udevd .link file. phy_remove_link_mode is not meant to be used while opening a link and should be called during phy probe when the link is not yet available to userspace. Therefore move the phy_remove_link_mode calls into ksz9477_switch_register. It indirectly calls dsa_register_switch, which creates the relevant struct phy_devices and we update the link modes right after that. At that time dev->features is already initialized by ksz9477_switch_detect. Remove phy_setup from ksz_dev_ops as no users remain. Link: https://lore.kernel.org/netdev/20200715192722.GD1256692@lunn.ch/ Fixes: 42fc6a4c613019 ("net: dsa: microchip: prepare PHY for proper advertisement") Signed-off-by: Helmut Grohne Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 2dc3bd74d7214914fa911a9772fb5ed1164707bf Merge: b0a422772fec fac24df7b9a6 Author: David S. Miller Date: Tue Jul 21 15:49:17 2020 -0700 Merge branch 'hns3-fixes' Huazhong Tan says: ==================== net: hns3: fixes for -net There are some bugfixes for the HNS3 ethernet driver. ==================== Signed-off-by: David S. Miller commit fac24df7b9a6d9363abdff0e351ade041dd16daa Author: Jian Shen Date: Tue Jul 21 19:03:54 2020 +0800 net: hns3: fix return value error when query MAC link status fail Currently, PF queries the MAC link status per second by calling function hclge_get_mac_link_status(). It return the error code when failed to send cmdq command to firmware. It's incorrect, because this return value is used as the MAC link status, which 0 means link down, and none-zero means link up. So fixes it. Fixes: 46a3df9f9718 ("net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support") Signed-off-by: Jian Shen Signed-off-by: Huazhong tan Signed-off-by: David S. Miller commit 8ceca59fb3ed48a693171bd571c4fcbd555b7f1f Author: Yunsheng Lin Date: Tue Jul 21 19:03:53 2020 +0800 net: hns3: fix error handling for desc filling The content of the TX desc is automatically cleared by the HW when the HW has sent out the packet to the wire. When desc filling fails in hns3_nic_net_xmit(), it will call hns3_clear_desc() to do the error handling, which miss zeroing of the TX desc and the checking if a unmapping is needed. So add the zeroing and checking in hns3_clear_desc() to avoid the above problem. Also add DESC_TYPE_UNKNOWN to indicate the info in desc_cb is not valid, because hns3_nic_reclaim_desc() may treat the desc_cb->type of zero as packet and add to the sent pkt statistics accordingly. Fixes: 76ad4f0ee747 ("net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC") Signed-off-by: Yunsheng Lin Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit 48ae74c9d89f827b39b5c07a1f02fc13637a3cd6 Author: Yunsheng Lin Date: Tue Jul 21 19:03:52 2020 +0800 net: hns3: fix for not calculating TX BD send size correctly With GRO and fraglist support, the SKB can be aggregated to a total size of 65535, and when that SKB is forwarded through a bridge, the size of the SKB may be pushed to exceed the size of 65535 when br_dev_queue_push_xmit() is called. The max send size of BD supported by the HW is 65535, when a SKB with a headlen of over 65535 is sent to the driver, the driver needs to use multi BD to send the linear data, and the send size of the last BD is calculated incorrectly by the driver who is using '&' operation, which causes a TX error. Use '%' operation to fix this problem. Fixes: 3fe13ed95dd3 ("net: hns3: avoid mult + div op in critical data path") Signed-off-by: Yunsheng Lin Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit 0ec3b6a7c026e8f404f76d6dda5dae8d262312a0 Author: Yunsheng Lin Date: Tue Jul 21 19:03:51 2020 +0800 net: hns3: fix for not unmapping TX buffer correctly When a big TX buffer is sent using multi BD, the driver maps the whole TX buffer, and unmaps it using info in desc_cb corresponding to each BD, but only the info in the desc_cb of first BD is correct, other info in desc_cb is wrong, which causes TX unmapping problem when SMMU is on. Only set the mapping and freeing info in the desc_cb of first BD to fix this problem, because the TX buffer only need to be unmapped and freed once. Fixes: 1e8a7977d09f("net: hns3: add handling for big TX fragment") Signed-off-by: Yunsheng Lin Signed-off-by: Huzhong Tan Signed-off-by: David S. Miller commit b0a422772fec29811e293c7c0e6f991c0fd9241d Author: Miaohe Lin Date: Tue Jul 21 17:11:44 2020 +0800 net: udp: Fix wrong clean up for IS_UDPLITE macro We can't use IS_UDPLITE to replace udp_sk->pcflag when UDPLITE_RECV_CC is checked. Fixes: b2bf1e2659b1 ("[UDP]: Clean up for IS_UDPLITE macro") Signed-off-by: Miaohe Lin Signed-off-by: David S. Miller commit 9bb5fbea59f36a589ef886292549ca4052fe676c Author: Xiongfeng Wang Date: Tue Jul 21 15:02:57 2020 +0800 net-sysfs: add a newline when printing 'tx_timeout' by sysfs When I cat 'tx_timeout' by sysfs, it displays as follows. It's better to add a newline for easy reading. root@syzkaller:~# cat /sys/devices/virtual/net/lo/queues/tx-0/tx_timeout 0root@syzkaller:~# Signed-off-by: Xiongfeng Wang Signed-off-by: David S. Miller commit 015c5d5e6aa3523c758a70eb87b291cece2dbbb4 Author: Yoshihiro Shimoda Date: Tue Jul 21 15:23:12 2020 +0900 net: ethernet: ravb: exit if re-initialization fails in tx timeout According to the report of [1], this driver is possible to cause the following error in ravb_tx_timeout_work(). ravb e6800000.ethernet ethernet: failed to switch device to config mode This error means that the hardware could not change the state from "Operation" to "Configuration" while some tx and/or rx queue are operating. After that, ravb_config() in ravb_dmac_init() will fail, and then any descriptors will be not allocaled anymore so that NULL pointer dereference happens after that on ravb_start_xmit(). To fix the issue, the ravb_tx_timeout_work() should check the return values of ravb_stop_dma() and ravb_dmac_init(). If ravb_stop_dma() fails, ravb_tx_timeout_work() re-enables TX and RX and just exits. If ravb_dmac_init() fails, just exits. [1] https://lore.kernel.org/linux-renesas-soc/20200518045452.2390-1-dirk.behme@de.bosch.com/ Reported-by: Dirk Behme Signed-off-by: Yoshihiro Shimoda Reviewed-by: Sergei Shtylyov Signed-off-by: David S. Miller commit ca673235523019ac58dda5287d9c819e19702860 Merge: 6ef9dcb78046 efc6b6f6c311 Author: David S. Miller Date: Tue Jul 21 15:31:03 2020 -0700 Merge branch 'udp-Fix-reuseport-selection-with-connected-sockets' Kuniyuki Iwashima says: ==================== udp: Fix reuseport selection with connected sockets. This patch set addresses two issues which happen when both connected and unconnected sockets are in the same UDP reuseport group. ==================== Signed-off-by: David S. Miller commit efc6b6f6c3113e8b203b9debfb72d81e0f3dcace Author: Kuniyuki Iwashima Date: Tue Jul 21 15:15:31 2020 +0900 udp: Improve load balancing for SO_REUSEPORT. Currently, SO_REUSEPORT does not work well if connected sockets are in a UDP reuseport group. Then reuseport_has_conns() returns true and the result of reuseport_select_sock() is discarded. Also, unconnected sockets have the same score, hence only does the first unconnected socket in udp_hslot always receive all packets sent to unconnected sockets. So, the result of reuseport_select_sock() should be used for load balancing. The noteworthy point is that the unconnected sockets placed after connected sockets in sock_reuseport.socks will receive more packets than others because of the algorithm in reuseport_select_sock(). index | connected | reciprocal_scale | result --------------------------------------------- 0 | no | 20% | 40% 1 | no | 20% | 20% 2 | yes | 20% | 0% 3 | no | 20% | 40% 4 | yes | 20% | 0% If most of the sockets are connected, this can be a problem, but it still works better than now. Fixes: acdcecc61285 ("udp: correct reuseport selection with connected sockets") CC: Willem de Bruijn Reviewed-by: Benjamin Herrenschmidt Signed-off-by: Kuniyuki Iwashima Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit f2b2c55e512879a05456eaf5de4d1ed2f7757509 Author: Kuniyuki Iwashima Date: Tue Jul 21 15:15:30 2020 +0900 udp: Copy has_conns in reuseport_grow(). If an unconnected socket in a UDP reuseport group connect()s, has_conns is set to 1. Then, when a packet is received, udp[46]_lib_lookup2() scans all sockets in udp_hslot looking for the connected socket with the highest score. However, when the number of sockets bound to the port exceeds max_socks, reuseport_grow() resets has_conns to 0. It can cause udp[46]_lib_lookup2() to return without scanning all sockets, resulting in that packets sent to connected sockets may be distributed to unconnected sockets. Therefore, reuseport_grow() should copy has_conns. Fixes: acdcecc61285 ("udp: correct reuseport selection with connected sockets") CC: Willem de Bruijn Reviewed-by: Benjamin Herrenschmidt Signed-off-by: Kuniyuki Iwashima Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 48cfa61b58a1fee0bc49eef04f8ccf31493b7cdd Author: Boris Burkov Date: Thu Jul 16 13:29:46 2020 -0700 btrfs: fix mount failure caused by race with umount It is possible to cause a btrfs mount to fail by racing it with a slow umount. The crux of the sequence is generic_shutdown_super not yet calling sop->put_super before btrfs_mount_root calls btrfs_open_devices. If that occurs, btrfs_open_devices will decide the opened counter is non-zero, increment it, and skip resetting fs_devices->total_rw_bytes to 0. From here, mount will call sget which will result in grab_super trying to take the super block umount semaphore. That semaphore will be held by the slow umount, so mount will block. Before up-ing the semaphore, umount will delete the super block, resulting in mount's sget reliably allocating a new one, which causes the mount path to dutifully fill it out, and increment total_rw_bytes a second time, which causes the mount to fail, as we see double the expected bytes. Here is the sequence laid out in greater detail: CPU0 CPU1 down_write sb->s_umount btrfs_kill_super kill_anon_super(sb) generic_shutdown_super(sb); shrink_dcache_for_umount(sb); sync_filesystem(sb); evict_inodes(sb); // SLOW btrfs_mount_root btrfs_scan_one_device fs_devices = device->fs_devices fs_info->fs_devices = fs_devices // fs_devices-opened makes this a no-op btrfs_open_devices(fs_devices, mode, fs_type) s = sget(fs_type, test, set, flags, fs_info); find sb in s_instances grab_super(sb); down_write(&s->s_umount); // blocks sop->put_super(sb) // sb->fs_devices->opened == 2; no-op spin_lock(&sb_lock); hlist_del_init(&sb->s_instances); spin_unlock(&sb_lock); up_write(&sb->s_umount); return 0; retry lookup don't find sb in s_instances (deleted by CPU0) s = alloc_super return s; btrfs_fill_super(s, fs_devices, data) open_ctree // fs_devices total_rw_bytes improperly set! btrfs_read_chunk_tree read_one_dev // increment total_rw_bytes again!! super_total_bytes < fs_devices->total_rw_bytes // ERROR!!! To fix this, we clear total_rw_bytes from within btrfs_read_chunk_tree before the calls to read_one_dev, while holding the sb umount semaphore and the uuid mutex. To reproduce, it is sufficient to dirty a decent number of inodes, then quickly umount and mount. for i in $(seq 0 500) do dd if=/dev/zero of="/mnt/foo/$i" bs=1M count=1 done umount /mnt/foo& mount /mnt/foo does the trick for me. CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Boris Burkov Reviewed-by: David Sterba Signed-off-by: David Sterba commit 5909ca110b29aa16b23b52b8de8d3bb1035fd738 Author: Robbie Ko Date: Mon Jul 20 09:42:09 2020 +0800 btrfs: fix page leaks after failure to lock page for delalloc When locking pages for delalloc, we check if it's dirty and mapping still matches. If it does not match, we need to return -EAGAIN and release all pages. Only the current page was put though, iterate over all the remaining pages too. CC: stable@vger.kernel.org # 4.14+ Reviewed-by: Filipe Manana Reviewed-by: Nikolay Borisov Signed-off-by: Robbie Ko Reviewed-by: David Sterba Signed-off-by: David Sterba commit fa91e4aa1716004ea8096d5185ec0451e206aea0 Author: Qu Wenruo Date: Fri Jul 17 15:12:05 2020 +0800 btrfs: qgroup: fix data leak caused by race between writeback and truncate [BUG] When running tests like generic/013 on test device with btrfs quota enabled, it can normally lead to data leak, detected at unmount time: BTRFS warning (device dm-3): qgroup 0/5 has unreleased space, type 0 rsv 4096 ------------[ cut here ]------------ WARNING: CPU: 11 PID: 16386 at fs/btrfs/disk-io.c:4142 close_ctree+0x1dc/0x323 [btrfs] RIP: 0010:close_ctree+0x1dc/0x323 [btrfs] Call Trace: btrfs_put_super+0x15/0x17 [btrfs] generic_shutdown_super+0x72/0x110 kill_anon_super+0x18/0x30 btrfs_kill_super+0x17/0x30 [btrfs] deactivate_locked_super+0x3b/0xa0 deactivate_super+0x40/0x50 cleanup_mnt+0x135/0x190 __cleanup_mnt+0x12/0x20 task_work_run+0x64/0xb0 __prepare_exit_to_usermode+0x1bc/0x1c0 __syscall_return_slowpath+0x47/0x230 do_syscall_64+0x64/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ---[ end trace caf08beafeca2392 ]--- BTRFS error (device dm-3): qgroup reserved space leaked [CAUSE] In the offending case, the offending operations are: 2/6: writev f2X[269 1 0 0 0 0] [1006997,67,288] 0 2/7: truncate f2X[269 1 0 0 48 1026293] 18388 0 The following sequence of events could happen after the writev(): CPU1 (writeback) | CPU2 (truncate) ----------------------------------------------------------------- btrfs_writepages() | |- extent_write_cache_pages() | |- Got page for 1003520 | | 1003520 is Dirty, no writeback | | So (!clear_page_dirty_for_io()) | | gets called for it | |- Now page 1003520 is Clean. | | | btrfs_setattr() | | |- btrfs_setsize() | | |- truncate_setsize() | | New i_size is 18388 |- __extent_writepage() | | |- page_offset() > i_size | |- btrfs_invalidatepage() | |- Page is clean, so no qgroup | callback executed This means, the qgroup reserved data space is not properly released in btrfs_invalidatepage() as the page is Clean. [FIX] Instead of checking the dirty bit of a page, call btrfs_qgroup_free_data() unconditionally in btrfs_invalidatepage(). As qgroup rsv are completely bound to the QGROUP_RESERVED bit of io_tree, not bound to page status, thus we won't cause double freeing anyway. Fixes: 0b34c261e235 ("btrfs: qgroup: Prevent qgroup->reserved from going subzero") CC: stable@vger.kernel.org # 4.14+ Reviewed-by: Josef Bacik Signed-off-by: Qu Wenruo Signed-off-by: David Sterba commit 38e0c89a19fd13f28d2b4721035160a3e66e270b Author: Paweł Gronowski Date: Sun Jul 19 17:54:53 2020 +0200 drm/amdgpu: Fix NULL dereference in dpm sysfs handlers NULL dereference occurs when string that is not ended with space or newline is written to some dpm sysfs interface (for example pp_dpm_sclk). This happens because strsep replaces the tmp with NULL if the delimiter is not present in string, which is then dereferenced by tmp[0]. Reproduction example: sudo sh -c 'echo -n 1 > /sys/class/drm/card0/device/pp_dpm_sclk' Signed-off-by: Paweł Gronowski Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 88bb16ad998a0395fe4b346b7d3f621aaa0a2324 Author: Qiu Wenbo Date: Fri Jul 17 15:09:57 2020 +0800 drm/amd/powerplay: fix a crash when overclocking Vega M Avoid kernel crash when vddci_control is SMU7_VOLTAGE_CONTROL_NONE and vddci_voltage_table is empty. It has been tested on Intel Hades Canyon (i7-8809G). Bug: https://bugzilla.kernel.org/show_bug.cgi?id=208489 Fixes: ac7822b0026f ("drm/amd/powerplay: add smumgr support for VEGAM (v2)") Reviewed-by: Evan Quan Signed-off-by: Qiu Wenbo Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 580c079b5766ac706f56eec5c79aee4bf929fef6 Author: Filipe Manana Date: Mon Jul 13 15:11:56 2020 +0100 btrfs: fix double free on ulist after backref resolution failure At btrfs_find_all_roots_safe() we allocate a ulist and set the **roots argument to point to it. However if later we fail due to an error returned by find_parent_nodes(), we free that ulist but leave a dangling pointer in the **roots argument. Upon receiving the error, a caller of this function can attempt to free the same ulist again, resulting in an invalid memory access. One such scenario is during qgroup accounting: btrfs_qgroup_account_extents() --> calls btrfs_find_all_roots() passes &new_roots (a stack allocated pointer) to btrfs_find_all_roots() --> btrfs_find_all_roots() just calls btrfs_find_all_roots_safe() passing &new_roots to it --> allocates ulist and assigns its address to **roots (which points to new_roots from btrfs_qgroup_account_extents()) --> find_parent_nodes() returns an error, so we free the ulist and leave **roots pointing to it after returning --> btrfs_qgroup_account_extents() sees btrfs_find_all_roots() returned an error and jumps to the label 'cleanup', which just tries to free again the same ulist Stack trace example: ------------[ cut here ]------------ BTRFS: tree first key check failed WARNING: CPU: 1 PID: 1763215 at fs/btrfs/disk-io.c:422 btrfs_verify_level_key+0xe0/0x180 [btrfs] Modules linked in: dm_snapshot dm_thin_pool (...) CPU: 1 PID: 1763215 Comm: fsstress Tainted: G W 5.8.0-rc3-btrfs-next-64 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:btrfs_verify_level_key+0xe0/0x180 [btrfs] Code: 28 5b 5d (...) RSP: 0018:ffffb89b473779a0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff90397759bf08 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000027 RDI: 00000000ffffffff RBP: ffff9039a419c000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffffb89b43301000 R12: 000000000000005e R13: ffffb89b47377a2e R14: ffffb89b473779af R15: 0000000000000000 FS: 00007fc47e1e1000(0000) GS:ffff9039ac200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc47e1df000 CR3: 00000003d9e4e001 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: read_block_for_search+0xf6/0x350 [btrfs] btrfs_next_old_leaf+0x242/0x650 [btrfs] resolve_indirect_refs+0x7cf/0x9e0 [btrfs] find_parent_nodes+0x4ea/0x12c0 [btrfs] btrfs_find_all_roots_safe+0xbf/0x130 [btrfs] btrfs_qgroup_account_extents+0x9d/0x390 [btrfs] btrfs_commit_transaction+0x4f7/0xb20 [btrfs] btrfs_sync_file+0x3d4/0x4d0 [btrfs] do_fsync+0x38/0x70 __x64_sys_fdatasync+0x13/0x20 do_syscall_64+0x5c/0xe0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fc47e2d72e3 Code: Bad RIP value. RSP: 002b:00007fffa32098c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004b RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc47e2d72e3 RDX: 00007fffa3209830 RSI: 00007fffa3209830 RDI: 0000000000000003 RBP: 000000000000072e R08: 0000000000000001 R09: 0000000000000003 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000003e8 R13: 0000000051eb851f R14: 00007fffa3209970 R15: 00005607c4ac8b50 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [] copy_process+0x755/0x1eb0 softirqs last enabled at (0): [] copy_process+0x755/0x1eb0 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace 8639237550317b48 ]--- BTRFS error (device sdc): tree first key mismatch detected, bytenr=62324736 parent_transid=94 key expected=(262,108,1351680) has=(259,108,1921024) general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 2 PID: 1763215 Comm: fsstress Tainted: G W 5.8.0-rc3-btrfs-next-64 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:ulist_release+0x14/0x60 [btrfs] Code: c7 07 00 (...) RSP: 0018:ffffb89b47377d60 EFLAGS: 00010282 RAX: 6b6b6b6b6b6b6b6b RBX: ffff903959b56b90 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000270024 RDI: ffff9036e2adc840 RBP: ffff9036e2adc848 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff9036e2adc840 R13: 0000000000000015 R14: ffff9039a419ccf8 R15: ffff90395d605840 FS: 00007fc47e1e1000(0000) GS:ffff9039ac600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8c1c0a51c8 CR3: 00000003d9e4e004 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ulist_free+0x13/0x20 [btrfs] btrfs_qgroup_account_extents+0xf3/0x390 [btrfs] btrfs_commit_transaction+0x4f7/0xb20 [btrfs] btrfs_sync_file+0x3d4/0x4d0 [btrfs] do_fsync+0x38/0x70 __x64_sys_fdatasync+0x13/0x20 do_syscall_64+0x5c/0xe0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fc47e2d72e3 Code: Bad RIP value. RSP: 002b:00007fffa32098c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004b RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc47e2d72e3 RDX: 00007fffa3209830 RSI: 00007fffa3209830 RDI: 0000000000000003 RBP: 000000000000072e R08: 0000000000000001 R09: 0000000000000003 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000003e8 R13: 0000000051eb851f R14: 00007fffa3209970 R15: 00005607c4ac8b50 Modules linked in: dm_snapshot dm_thin_pool (...) ---[ end trace 8639237550317b49 ]--- RIP: 0010:ulist_release+0x14/0x60 [btrfs] Code: c7 07 00 (...) RSP: 0018:ffffb89b47377d60 EFLAGS: 00010282 RAX: 6b6b6b6b6b6b6b6b RBX: ffff903959b56b90 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000270024 RDI: ffff9036e2adc840 RBP: ffff9036e2adc848 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff9036e2adc840 R13: 0000000000000015 R14: ffff9039a419ccf8 R15: ffff90395d605840 FS: 00007fc47e1e1000(0000) GS:ffff9039ad200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6a776f7d40 CR3: 00000003d9e4e002 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Fix this by making btrfs_find_all_roots_safe() set *roots to NULL after it frees the ulist. Fixes: 8da6d5815c592b ("Btrfs: added btrfs_find_all_roots()") CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Josef Bacik Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba commit 551e553f0d4ab623e2a6f424ab5834f9c7b5229c Author: Serge Semin Date: Tue Jul 14 15:41:12 2020 +0300 serial: 8250_mtk: Fix high-speed baud rates clamping Commit 7b668c064ec3 ("serial: 8250: Fix max baud limit in generic 8250 port") fixed limits of a baud rate setting for a generic 8250 port. In other words since that commit the baud rate has been permitted to be within [uartclk / 16 / UART_DIV_MAX; uartclk / 16], which is absolutely normal for a standard 8250 UART port. But there are custom 8250 ports, which provide extended baud rate limits. In particular the Mediatek 8250 port can work with baud rates up to "uartclk" speed. Normally that and any other peculiarity is supposed to be handled in a custom set_termios() callback implemented in the vendor-specific 8250-port glue-driver. Currently that is how it's done for the most of the vendor-specific 8250 ports, but for some reason for Mediatek a solution has been spread out to both the glue-driver and to the generic 8250-port code. Due to that a bug has been introduced, which permitted the extended baud rate limit for all even for standard 8250-ports. The bug has been fixed by the commit 7b668c064ec3 ("serial: 8250: Fix max baud limit in generic 8250 port") by narrowing the baud rates limit back down to the normal bounds. Unfortunately by doing so we also broke the Mediatek-specific extended bauds feature. A fix of the problem described above is twofold. First since we can't get back the extended baud rate limits feature to the generic set_termios() function and that method supports only a standard baud rates range, the requested baud rate must be locally stored before calling it and then restored back to the new termios structure after the generic set_termios() finished its magic business. By doing so we still use the serial8250_do_set_termios() method to set the LCR/MCR/FCR/etc. registers, while the extended baud rate setting procedure will be performed later in the custom Mediatek-specific set_termios() callback. Second since a true baud rate is now fully calculated in the custom set_termios() method we need to locally update the port timeout by calling the uart_update_timeout() function. After the fixes described above are implemented in the 8250_mtk.c driver, the Mediatek 8250-port should get back to normally working with extended baud rates. Link: https://lore.kernel.org/linux-serial/20200701211337.3027448-1-danielwinkler@google.com Fixes: 7b668c064ec3 ("serial: 8250: Fix max baud limit in generic 8250 port") Reported-by: Daniel Winkler Signed-off-by: Serge Semin Cc: stable Tested-by: Claire Chang Link: https://lore.kernel.org/r/20200714124113.20918-1-Sergey.Semin@baikalelectronics.ru Signed-off-by: Greg Kroah-Hartman commit f4c23a140d80ef5e6d3d1f8f57007649014b60fa Author: Yang Yingliang Date: Tue Jul 21 14:38:52 2020 +0000 serial: 8250: fix null-ptr-deref in serial8250_start_tx() I got null-ptr-deref in serial8250_start_tx(): [ 78.114630] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 78.123778] Mem abort info: [ 78.126560] ESR = 0x86000007 [ 78.129603] EC = 0x21: IABT (current EL), IL = 32 bits [ 78.134891] SET = 0, FnV = 0 [ 78.137933] EA = 0, S1PTW = 0 [ 78.141064] user pgtable: 64k pages, 48-bit VAs, pgdp=00000027d41a8600 [ 78.147562] [0000000000000000] pgd=00000027893f0003, p4d=00000027893f0003, pud=00000027893f0003, pmd=00000027c9a20003, pte=0000000000000000 [ 78.160029] Internal error: Oops: 86000007 [#1] SMP [ 78.164886] Modules linked in: sunrpc vfat fat aes_ce_blk crypto_simd cryptd aes_ce_cipher crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce ses enclosure sg sbsa_gwdt ipmi_ssif spi_dw_mmio sch_fq_codel vhost_net tun vhost vhost_iotlb tap ip_tables ext4 mbcache jbd2 ahci hisi_sas_v3_hw libahci hisi_sas_main libsas hns3 scsi_transport_sas hclge libata megaraid_sas ipmi_si hnae3 ipmi_devintf ipmi_msghandler br_netfilter bridge stp llc nvme nvme_core xt_sctp sctp libcrc32c dm_mod nbd [ 78.207383] CPU: 11 PID: 23258 Comm: null-ptr Not tainted 5.8.0-rc6+ #48 [ 78.214056] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B210.01 03/12/2020 [ 78.222888] pstate: 80400089 (Nzcv daIf +PAN -UAO BTYPE=--) [ 78.228435] pc : 0x0 [ 78.230618] lr : serial8250_start_tx+0x160/0x260 [ 78.235215] sp : ffff800062eefb80 [ 78.238517] x29: ffff800062eefb80 x28: 0000000000000fff [ 78.243807] x27: ffff800062eefd80 x26: ffff202fd83b3000 [ 78.249098] x25: ffff800062eefd80 x24: ffff202fd83b3000 [ 78.254388] x23: ffff002fc5e50be8 x22: 0000000000000002 [ 78.259679] x21: 0000000000000001 x20: 0000000000000000 [ 78.264969] x19: ffffa688827eecc8 x18: 0000000000000000 [ 78.270259] x17: 0000000000000000 x16: 0000000000000000 [ 78.275550] x15: ffffa68881bc67a8 x14: 00000000000002e6 [ 78.280841] x13: ffffa68881bc67a8 x12: 000000000000c539 [ 78.286131] x11: d37a6f4de9bd37a7 x10: ffffa68881cccff0 [ 78.291421] x9 : ffffa68881bc6000 x8 : ffffa688819daa88 [ 78.296711] x7 : ffffa688822a0f20 x6 : ffffa688819e0000 [ 78.302002] x5 : ffff800062eef9d0 x4 : ffffa68881e707a8 [ 78.307292] x3 : 0000000000000000 x2 : 0000000000000002 [ 78.312582] x1 : 0000000000000001 x0 : ffffa688827eecc8 [ 78.317873] Call trace: [ 78.320312] 0x0 [ 78.322147] __uart_start.isra.9+0x64/0x78 [ 78.326229] uart_start+0xb8/0x1c8 [ 78.329620] uart_flush_chars+0x24/0x30 [ 78.333442] n_tty_receive_buf_common+0x7b0/0xc30 [ 78.338128] n_tty_receive_buf+0x44/0x2c8 [ 78.342122] tty_ioctl+0x348/0x11f8 [ 78.345599] ksys_ioctl+0xd8/0xf8 [ 78.348903] __arm64_sys_ioctl+0x2c/0xc8 [ 78.352812] el0_svc_common.constprop.2+0x88/0x1b0 [ 78.357583] do_el0_svc+0x44/0xd0 [ 78.360887] el0_sync_handler+0x14c/0x1d0 [ 78.364880] el0_sync+0x140/0x180 [ 78.368185] Code: bad PC value SERIAL_PORT_DFNS is not defined on each arch, if it's not defined, serial8250_set_defaults() won't be called in serial8250_isa_init_ports(), so the p->serial_in pointer won't be initialized, and it leads a null-ptr-deref. Fix this problem by calling serial8250_set_defaults() after init uart port. Signed-off-by: Yang Yingliang Cc: stable Link: https://lore.kernel.org/r/20200721143852.4058352-1-yangyingliang@huawei.com Signed-off-by: Greg Kroah-Hartman commit 707631ce639651e51bfed9e56326cde86f9e97b8 Author: Johan Hovold Date: Fri Jul 10 15:59:47 2020 +0200 serial: tegra: drop bogus NULL tty-port checks The struct tty_port is part of the uart state and will never be NULL in the receive helpers. Drop the bogus NULL checks and rename the pointer-variables "port" to differentiate them from struct tty_struct pointers (which can be NULL). Fixes: 962963e4ee23 ("serial: tegra: Switch to using struct tty_port") Signed-off-by: Johan Hovold Acked-by: Thierry Reding Link: https://lore.kernel.org/r/20200710135947.2737-3-johan@kernel.org Signed-off-by: Greg Kroah-Hartman commit b374c562ee7ab3f3a1daf959c01868bae761571c Author: Johan Hovold Date: Fri Jul 10 15:59:46 2020 +0200 serial: tegra: fix CREAD handling for PIO Commit 33ae787b74fc ("serial: tegra: add support to ignore read") added support for dropping input in case CREAD isn't set, but for PIO the ignore_status_mask wasn't checked until after the character had been put in the receive buffer. Note that the NULL tty-port test is bogus and will be removed by a follow-on patch. Fixes: 33ae787b74fc ("serial: tegra: add support to ignore read") Cc: stable # 5.4 Cc: Shardar Shariff Md Cc: Krishna Yarlagadda Signed-off-by: Johan Hovold Acked-by: Thierry Reding Link: https://lore.kernel.org/r/20200710135947.2737-2-johan@kernel.org Signed-off-by: Greg Kroah-Hartman commit a862192e9227ad46e0447fd0a03869ba1b30d16f Author: Jason Gunthorpe Date: Sun Jul 19 09:54:35 2020 +0300 RDMA/mlx5: Prevent prefetch from racing with implicit destruction Prefetch work in mlx5_ib_prefetch_mr_work can be queued and able to run concurrently with destruction of the implicit MR. The num_deferred_work was intended to serialize this, but there is a race: CPU0 CPU1 mlx5_ib_free_implicit_mr() xa_erase(odp_mkeys) synchronize_srcu() __xa_erase(implicit_children) mlx5_ib_prefetch_mr_work() pagefault_mr() pagefault_implicit_mr() implicit_get_child_mr() xa_cmpxchg() atomic_dec_and_test(num_deferred_mr) wait_event(imr->q_deferred_work) ib_umem_odp_release(odp_imr) kfree(odp_imr) At this point in mlx5_ib_free_implicit_mr() the implicit_children list is supposed to be empty forever so that destroy_unused_implicit_child_mr() and related are not and will not be running. Since it is not empty the destroy_unused_implicit_child_mr() flow ends up touching deallocated memory as mlx5_ib_free_implicit_mr() already tore down the imr parent. The solution is to flush out the prefetch wq by driving num_deferred_work to zero after creation of new prefetch work is blocked. Fixes: 5256edcb98a1 ("RDMA/mlx5: Rework implicit ODP destroy") Link: https://lore.kernel.org/r/20200719065435.130722-1-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 22a82fa7d6c3e16d56a036b1fa697a39b954adf0 Author: Helmut Grohne Date: Mon Jul 13 09:32:28 2020 +0200 tty: xilinx_uartps: Really fix id assignment The problems started with the revert (18cc7ac8a28e28). The cdns_uart_console.index is statically assigned -1. When the port is registered, Linux assigns consecutive numbers to it. It turned out that when using ttyPS1 as console, the index is not updated as we are reusing the same cdns_uart_console instance for multiple ports. When registering ttyPS0, it gets updated from -1 to 0, but when registering ttyPS1, it already is 0 and not updated. That led to 2ae11c46d5fdc4. It assigns the index prior to registering the uart_driver once. Unfortunately, that ended up breaking the situation where the probe order does not match the id order. When using the same device tree for both uboot and linux, it is important that the serial0 alias points to the console. So some boards reverse those aliases. This was reported by Jan Kiszka. The proposed fix was reverting the index assignment and going back to the previous iteration. However such a reversed assignement (serial0 -> uart1, serial1 -> uart0) was already partially broken by the revert (18cc7ac8a28e28). While the ttyPS device works, the kmsg connection is already broken and kernel messages go missing. Reverting the id assignment does not fix this. >From the xilinx_uartps driver pov (after reverting the refactoring commits), there can be only one console. This manifests in static variables console_pprt and cdns_uart_console. These variables are not properly linked and can go out of sync. The cdns_uart_console.index is important for uart_add_one_port. We call that function for each port - one of which hopefully is the console. If it isn't, the CON_ENABLED flag is not set and console_port is cleared. The next cdns_uart_probe call then tries to register the next port using that same cdns_uart_console. It is important that console_port and cdns_uart_console (and its index in particular) stay in sync. The index assignment implemented by Shubhrajyoti Datta is correct in principle. It just may have to happen a second time if the first cdns_uart_probe call didn't encounter the console device. And we shouldn't change the index once the console uart is registered. Reported-by: Shubhrajyoti Datta Reported-by: Jan Kiszka Link: https://lore.kernel.org/linux-serial/f4092727-d8f5-5f91-2c9f-76643aace993@siemens.com/ Fixes: 18cc7ac8a28e28 ("Revert "serial: uartps: Register own uart console and driver structures"") Fixes: 2ae11c46d5fdc4 ("tty: xilinx_uartps: Fix missing id assignment to the console") Fixes: 76ed2e10579671 ("Revert "tty: xilinx_uartps: Fix missing id assignment to the console"") Signed-off-by: Helmut Grohne Cc: stable Link: https://lore.kernel.org/r/20200713073227.GA3805@laureti-dev Signed-off-by: Greg Kroah-Hartman commit ce684552a266cb1c7cc2f7e623f38567adec6653 Author: Tetsuo Handa Date: Sun Jul 12 20:10:12 2020 +0900 vt: Reject zero-sized screen buffer size. syzbot is reporting general protection fault in do_con_write() [1] caused by vc->vc_screenbuf == ZERO_SIZE_PTR caused by vc->vc_screenbuf_size == 0 caused by vc->vc_cols == vc->vc_rows == vc->vc_size_row == 0 caused by fb_set_var() from ioctl(FBIOPUT_VSCREENINFO) on /dev/fb0 , for gotoxy(vc, 0, 0) from reset_terminal() from vc_init() from vc_allocate() from con_install() from tty_init_dev() from tty_open() on such console causes vc->vc_pos == 0x10000000e due to ((unsigned long) ZERO_SIZE_PTR) + -1U * 0 + (-1U << 1). I don't think that a console with 0 column or 0 row makes sense. And it seems that vc_do_resize() does not intend to allow resizing a console to 0 column or 0 row due to new_cols = (cols ? cols : vc->vc_cols); new_rows = (lines ? lines : vc->vc_rows); exception. Theoretically, cols and rows can be any range as long as 0 < cols * rows * 2 <= KMALLOC_MAX_SIZE is satisfied (e.g. cols == 1048576 && rows == 2 is possible) because of vc->vc_size_row = vc->vc_cols << 1; vc->vc_screenbuf_size = vc->vc_rows * vc->vc_size_row; in visual_init() and kzalloc(vc->vc_screenbuf_size) in vc_allocate(). Since we can detect cols == 0 or rows == 0 via screenbuf_size = 0 in visual_init(), we can reject kzalloc(0). Then, vc_allocate() will return an error, and con_write() will not be called on a console with 0 column or 0 row. We need to make sure that integer overflow in visual_init() won't happen. Since vc_do_resize() restricts cols <= 32767 and rows <= 32767, applying 1 <= cols <= 32767 and 1 <= rows <= 32767 restrictions to vc_allocate() will be practically fine. This patch does not touch con_init(), for returning -EINVAL there does not help when we are not returning -ENOMEM. [1] https://syzkaller.appspot.com/bug?extid=017265e8553724e514e8 Reported-and-tested-by: syzbot Signed-off-by: Tetsuo Handa Cc: stable Link: https://lore.kernel.org/r/20200712111013.11881-1-penguin-kernel@I-love.SAKURA.ne.jp Signed-off-by: Greg Kroah-Hartman commit 5c6360ee4a0e7f62de34341ad5d3c936f49b391d Author: Ard Biesheuvel Date: Wed Jun 24 08:51:49 2020 +0100 ARM: 8988/1: mmu: fix crash in EFI calls due to p4d typo in create_mapping_late() Commit 84e6ffb2c49c7901 ("arm: add support for folded p4d page tables") updated create_mapping_late() to take folded P4Ds into account when creating mappings, but inverted the p4d_alloc() failure test, resulting in no mapping to be created at all. When the EFI rtc driver subsequently tries to invoke the EFI GetTime() service, the memory regions covering the EFI data structures are missing from the page tables, resulting in a crash like Unable to handle kernel paging request at virtual address 5ae0cf28 pgd = (ptrval) [5ae0cf28] *pgd=80000040205003, *pmd=00000000 Internal error: Oops: 207 [#1] SMP THUMB2 Modules linked in: CPU: 0 PID: 7 Comm: kworker/u32:0 Not tainted 5.7.0+ #92 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 Workqueue: efi_rts_wq efi_call_rts PC is at efi_call_rts+0x94/0x294 LR is at efi_call_rts+0x83/0x294 pc : [] lr : [] psr: 30000033 sp : e6219ef0 ip : 00000000 fp : ffffe000 r10: 00000000 r9 : 00000000 r8 : 30000013 r7 : e6201dd0 r6 : e6201ddc r5 : 00000000 r4 : c181f264 r3 : 5ae0cf10 r2 : 00000001 r1 : e6201dd0 r0 : e6201ddc Flags: nzCV IRQs on FIQs on Mode SVC_32 ISA Thumb Segment none Control: 70c5383d Table: 661cc840 DAC: 00000001 Process kworker/u32:0 (pid: 7, stack limit = 0x(ptrval)) ... [] (efi_call_rts) from [] (process_one_work+0x16d/0x3d8) [] (process_one_work) from [] (worker_thread+0xfd/0x408) [] (worker_thread) from [] (kthread+0x103/0x104) ... Fixes: 84e6ffb2c49c7901 ("arm: add support for folded p4d page tables") Reviewed-by: Mike Rapoport Signed-off-by: Ard Biesheuvel Signed-off-by: Russell King commit 4405bdf3c57ec28d606bdf5325f1167505bfdcd4 Author: Jaedon Shin Date: Thu Jun 18 18:15:30 2020 +0100 ARM: 8987/1: VDSO: Fix incorrect clock_gettime64 __vdso_*() should be removed and fallback used if CNTCVT is not available by cntvct_functional(). __vdso_clock_gettime64 when added previous commit is using the incorrect CNTCVT value in that state. __vdso_clock_gettime64 is also added to remove it's symbol. Cc: stable@vger.kernel.org Fixes: 74d06efb9c2f ("ARM: 8932/1: Add clock_gettime64 entry point") Signed-off-by: Jaedon Shin Tested-by: Robin Murphy Signed-off-by: Robin Murphy Signed-off-by: Russell King commit eec13b42d41b0f3339dcf0c4da43734427c68620 Author: Will Deacon Date: Thu Jun 18 11:16:45 2020 +0100 ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints Unprivileged memory accesses generated by the so-called "translated" instructions (e.g. LDRT) in kernel mode can cause user watchpoints to fire unexpectedly. In such cases, the hw_breakpoint logic will invoke the user overflow handler which will typically raise a SIGTRAP back to the current task. This is futile when returning back to the kernel because (a) the signal won't have been delivered and (b) userspace can't handle the thing anyway. Avoid invoking the user overflow handler for watchpoints triggered by kernel uaccess routines, and instead single-step over the faulting instruction as we would if no overflow handler had been installed. Cc: Fixes: f81ef4a920c8 ("ARM: 6356/1: hw-breakpoint: add ARM backend for the hw-breakpoint framework") Reported-by: Luis Machado Tested-by: Luis Machado Signed-off-by: Will Deacon Signed-off-by: Russell King commit b4a25fb0e62990df467451744b22e0e24960a5e6 Merge: e2a71bdea816 6cfcd5563b4f Author: Thomas Gleixner Date: Tue Jul 21 17:18:32 2020 +0200 Merge tag 'timers-v5.8-rc7' of https://git.linaro.org/people/daniel.lezcano/linux into timers/urgent Pull a timer chip fix from Daniel Lezcano: - Fix kernel panic at suspend / resume time on TI am3/am4 (Tony Lindgren) commit be6577af0cef934ccb036445314072e8cb9217b9 Author: John David Anglin Date: Tue Jul 21 07:36:59 2020 -0400 parisc: Add atomic64_set_release() define to avoid CPU soft lockups Stalls are quite frequent with recent kernels. I enabled CONFIG_SOFTLOCKUP_DETECTOR and I caught the following stall: watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [cc1:22803] CPU: 0 PID: 22803 Comm: cc1 Not tainted 5.6.17+ #3 Hardware name: 9000/800/rp3440 IAOQ[0]: d_alloc_parallel+0x384/0x688 IAOQ[1]: d_alloc_parallel+0x388/0x688 RP(r2): d_alloc_parallel+0x134/0x688 Backtrace: [<000000004036974c>] __lookup_slow+0xa4/0x200 [<0000000040369fc8>] walk_component+0x288/0x458 [<000000004036a9a0>] path_lookupat+0x88/0x198 [<000000004036e748>] filename_lookup+0xa0/0x168 [<000000004036e95c>] user_path_at_empty+0x64/0x80 [<000000004035d93c>] vfs_statx+0x104/0x158 [<000000004035dfcc>] __do_sys_lstat64+0x44/0x80 [<000000004035e5a0>] sys_lstat64+0x20/0x38 [<0000000040180054>] syscall_exit+0x0/0x14 The code was stuck in this loop in d_alloc_parallel: 4037d414: 0e 00 10 dc ldd 0(r16),ret0 4037d418: c7 fc 5f ed bb,< ret0,1f,4037d414 4037d41c: 08 00 02 40 nop This is the inner loop of bit_spin_lock which is called by hlist_bl_unlock in d_alloc_parallel: static inline void bit_spin_lock(int bitnum, unsigned long *addr) { /* * Assuming the lock is uncontended, this never enters * the body of the outer loop. If it is contended, then * within the inner loop a non-atomic test is used to * busywait with less bus contention for a good time to * attempt to acquire the lock bit. */ preempt_disable(); #if defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK) while (unlikely(test_and_set_bit_lock(bitnum, addr))) { preempt_enable(); do { cpu_relax(); } while (test_bit(bitnum, addr)); preempt_disable(); } #endif __acquire(bitlock); } After consideration, I realized that we must be losing bit unlocks. Then, I noticed that we missed defining atomic64_set_release(). Adding this define fixes the stalls in bit operations. Signed-off-by: Dave Anglin Cc: stable@vger.kernel.org Signed-off-by: Helge Deller commit 8c26c87b05323a7ccdc632820b85253e0bf47fd9 Merge: 4fa640dc5230 568e4e82128a Author: Linus Torvalds Date: Tue Jul 21 08:06:45 2020 -0700 Merge tag 'sound-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound into master Pull sound fixes from Takashi Iwai: "This became fairly large, containing mostly the collection of ASoC fixes that slipped from the previous request, so I sent now a bit earlier than usual. But all changes look small and mostly device-specific, hence nothing to worry too much. Majority of changes are for x86 based platforms and their CODEC drivers, in order to address some issues hit by their recent tests and fuzzing. The rest are other ASoC device-specific fixes (imx, qcom, wm8974, amd, rockchip) as well as a trivial fix for a kernel WARNING hit by syzkaller" * tag 'sound-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (28 commits) ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S ALSA: info: Drop WARN_ON() from buffer NULL sanity check ASoC: rt5682: Report the button event in the headset type only ASoC: Intel: bytcht_es8316: Add missed put_device() ASoC: rt5682: Enable Vref2 under using PLL2 ASoC: rt286: fix unexpected interrupt happens ASoC: wm8974: remove unsupported clock mode ASoC: wm8974: fix Boost Mixer Aux Switch ASoC: SOF: core: fix null-ptr-deref bug during device removal ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend ASoC: codecs: max98373: Removed superfluous volume control from chip default ASoC: topology: fix tlvs in error handling for widget_dmixer ASoC: topology: fix kernel oops on route addition error ASoC: SOF: imx: add min/max channels for SAI/ESAI on i.MX8/i.MX8M ASoC: Intel: bdw-rt5677: fix non BE conversion ASoC: soc-dai: set dai_link dpcm_ flags with a helper MAINTAINERS: Add Shengjiu to reviewer list of sound/soc/fsl ASoC: core: Remove only the registered component in devm functions MAINTAINERS: Change Maintainer for some at91 drivers ASoC: dt-bindings: simple-card: Fix 'make dt_binding_check' warnings ... commit 6cfcd5563b4fadbf49ba8fa481978e5e86d30322 Author: Tony Lindgren Date: Mon Jul 13 09:26:01 2020 -0700 clocksource/drivers/timer-ti-dm: Fix suspend and resume for am3 and am4 Carlos Hernandez reported that we now have a suspend and resume regresssion on am3 and am4 compared to the earlier kernels. While suspend and resume works with v5.8-rc3, we now get errors with rtcwake: pm33xx pm33xx: PM: Could not transition all powerdomains to target state ... rtcwake: write error This is because we now fail to idle the system timer clocks that the idle code checks and the error gets propagated to the rtcwake. Turns out there are several issues that need to be fixed: 1. Ignore no-idle and no-reset configured timers for the ti-sysc interconnect target driver as otherwise it will keep the system timer clocks enabled 2. Toggle the system timer functional clock for suspend for am3 and am4 (but not for clocksource on am3) 3. Only reconfigure type1 timers in dmtimer_systimer_disable() 4. Use of_machine_is_compatible() instead of of_device_is_compatible() for checking the SoC type Fixes: 52762fbd1c47 ("clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support") Reported-by: Carlos Hernandez Signed-off-by: Tony Lindgren Tested-by: Carlos Hernandez Signed-off-by: Daniel Lezcano Link: https://lore.kernel.org/r/20200713162601.6829-1-tony@atomide.com commit dbb0897e805f2ab1b8bc358f6c3d878a376b8897 Author: Forest Crossman Date: Fri Jul 17 06:27:34 2020 -0500 usb: xhci: Fix ASM2142/ASM3142 DMA addressing The ASM2142/ASM3142 (same PCI IDs) does not support full 64-bit DMA addresses, which can cause silent memory corruption or IOMMU errors on platforms that use the upper bits. Add the XHCI_NO_64BIT_SUPPORT quirk to fix this issue. Signed-off-by: Forest Crossman Cc: stable Link: https://lore.kernel.org/r/20200717112734.328432-1-cyrozap@gmail.com Signed-off-by: Greg Kroah-Hartman commit 5ce1a24dd98c00a57a8fa13660648abf7e08e3ef Author: Chunfeng Yun Date: Fri Jul 10 13:57:52 2020 +0800 usb: xhci-mtk: fix the failure of bandwidth allocation The wMaxPacketSize field of endpoint descriptor may be zero as default value in alternate interface, and they are not actually selected when start stream, so skip them when try to allocate bandwidth. Cc: stable Fixes: 0cbd4b34cda9 ("xhci: mediatek: support MTK xHCI host controller") Signed-off-by: Chunfeng Yun Link: https://lore.kernel.org/r/1594360672-2076-1-git-send-email-chunfeng.yun@mediatek.com Signed-off-by: Greg Kroah-Hartman commit 3d3af181d370069861a3be94608464e2ff3682e2 Author: Thomas Richter Date: Fri Jul 17 11:27:22 2020 +0200 s390/cpum_cf,perf: change DFLT_CCERROR counter name Change the counter name DLFT_CCERROR to DLFT_CCFINISH on IBM z15. This counter counts completed DEFLATE instructions with exit code 0, 1 or 2. Since exit code 0 means success and exit code 1 or 2 indicate errors, change the counter name to avoid confusion. This counter is incremented each time the DEFLATE instruction completed regardless if an error was detected or not. Fixes: d68d5d51dc89 ("s390/cpum_cf: Add new extended counters for IBM z15") Fixes: e7950166e402 ("perf vendor events s390: Add new deflate counters for IBM z15") Cc: stable@vger.kernel.org # v5.7 Signed-off-by: Thomas Richter Reviewed-by: Sumanth Korikkar Signed-off-by: Heiko Carstens commit 101dde4207f1daa1fda57d714814a03835dccc3f Author: Steffen Klassert Date: Fri Jul 17 10:34:27 2020 +0200 xfrm: Fix crash when the hold queue is used. The commits "xfrm: Move dst->path into struct xfrm_dst" and "net: Create and use new helper xfrm_dst_child()." changed xfrm bundle handling under the assumption that xdst->path and dst->child are not a NULL pointer only if dst->xfrm is not a NULL pointer. That is true with one exception. If the xfrm hold queue is used to wait until a SA is installed by the key manager, we create a dummy bundle without a valid dst->xfrm pointer. The current xfrm bundle handling crashes in that case. Fix this by extending the NULL check of dst->xfrm with a test of the DST_XFRM_QUEUE flag. Fixes: 0f6c480f23f4 ("xfrm: Move dst->path into struct xfrm_dst") Fixes: b92cf4aab8e6 ("net: Create and use new helper xfrm_dst_child().") Signed-off-by: Steffen Klassert commit b344d6a83d01c52fddbefa6b3b4764da5b1022a0 Author: Liam Beguin Date: Sat Jul 18 16:10:21 2020 -0400 parisc: add support for cmpxchg on u8 pointers The kernel test bot reported[1] that using set_mask_bits on a u8 causes the following issue on parisc: hppa-linux-ld: drivers/phy/ti/phy-tusb1210.o: in function `tusb1210_probe': >> (.text+0x2f4): undefined reference to `__cmpxchg_called_with_bad_pointer' >> hppa-linux-ld: (.text+0x324): undefined reference to `__cmpxchg_called_with_bad_pointer' hppa-linux-ld: (.text+0x354): undefined reference to `__cmpxchg_called_with_bad_pointer' Add support for cmpxchg on u8 pointers. [1] https://lore.kernel.org/patchwork/patch/1272617/#1468946 Reported-by: kernel test robot Signed-off-by: Liam Beguin Tested-by: Dave Anglin Signed-off-by: Helge Deller commit 0a266f8954e29139654dcca529be099f3404b61c Merge: 17175d1a27c6 95a35b42bc6e Author: Steffen Klassert Date: Tue Jul 21 08:03:04 2020 +0200 Merge remote-tracking branch 'origin/testing' Sabrina Dubroca says: ==================== xfrm: a few fixes for espintc Andrew Cagney reported some issues when trying to use async operations on the encapsulation socket. Patches 1 and 2 take care of these bugs. In addition, I missed a spot when adding IPv6 support and converting to the common config option. ==================== Signed-off-by: Steffen Klassert commit 4cb699d0447be8e0906539f93cbe41e19598ee5a Author: Vincent Chen Date: Fri Jul 10 10:40:54 2020 +0800 riscv: kasan: use local_tlb_flush_all() to avoid uninitialized __sbi_rfence It fails to boot the v5.8-rc4 kernel with CONFIG_KASAN because kasan_init and kasan_early_init use uninitialized __sbi_rfence as executing the tlb_flush_all(). Actually, at this moment, only the CPU which is responsible for the system initialization enables the MMU. Other CPUs are parking at the .Lsecondary_start. Hence the tlb_flush_all() is able to be replaced by local_tlb_flush_all() to avoid using uninitialized __sbi_rfence. Signed-off-by: Vincent Chen Signed-off-by: Palmer Dabbelt commit 6ef9dcb78046b346b5508ca1659848b136a343c2 Author: Tung Nguyen Date: Tue Jul 21 08:57:05 2020 +0700 tipc: allow to build NACK message in link timeout function Commit 02288248b051 ("tipc: eliminate gap indicator from ACK messages") eliminated sending of the 'gap' indicator in regular ACK messages and only allowed to build NACK message with enabled probe/probe_reply. However, necessary correction for building NACK message was missed in tipc_link_timeout() function. This leads to significant delay and link reset (due to retransmission failure) in lossy environment. This commit fixes it by setting the 'probe' flag to 'true' when the receive deferred queue is not empty. As a result, NACK message will be built to send back to another peer. Fixes: 02288248b051 ("tipc: eliminate gap indicator from ACK messages") Acked-by: Jon Maloy Signed-off-by: Tung Nguyen Signed-off-by: David S. Miller commit db415f7aae07cadcabd5d2a659f8ad825c905299 Author: Ilya Ponetayev Date: Thu Jul 16 17:27:53 2020 +0900 exfat: fix name_hash computation on big endian systems On-disk format for name_hash field is LE, so it must be explicitly transformed on BE system for proper result. Fixes: 370e812b3ec1 ("exfat: add nls operations") Cc: stable@vger.kernel.org # v5.7 Signed-off-by: Chen Minqiang Signed-off-by: Ilya Ponetayev Reviewed-by: Sungjong Seo Signed-off-by: Namjae Jeon commit 41e3928f8c58184fcf0bb22e822af39a436370c7 Author: Hyeongseok Kim Date: Wed Jul 8 18:52:33 2020 +0900 exfat: fix wrong size update of stream entry by typo The stream.size field is updated to the value of create timestamp of the file entry. Fix this to use correct stream entry pointer. Fixes: 29bbb14bfc80 ("exfat: fix incorrect update of stream entry in __exfat_truncate()") Signed-off-by: Hyeongseok Kim Signed-off-by: Namjae Jeon commit d2fa0c337d97a5490190b9f3b9c73c8f9f3602a1 Author: Namjae Jeon Date: Fri Jul 3 11:19:46 2020 +0900 exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() We found the wrong hint_stat initialization in exfat_find_dir_entry(). It should be initialized when cluster is EXFAT_EOF_CLUSTER. Fixes: ca06197382bd ("exfat: add directory operations") Cc: stable@vger.kernel.org # v5.7 Reviewed-by: Sungjong Seo Signed-off-by: Namjae Jeon commit 43946b70494beefe40ec1b2ba4744c0f294d7736 Author: Namjae Jeon Date: Fri Jul 3 11:16:32 2020 +0900 exfat: fix overflow issue in exfat_cluster_to_sector() An overflow issue can occur while calculating sector in exfat_cluster_to_sector(). It needs to cast clus's type to sector_t before left shifting. Fixes: 1acf1a564b60 ("exfat: add in-memory and on-disk structures and headers") Cc: stable@vger.kernel.org # v5.7 Reviewed-by: Sungjong Seo Signed-off-by: Namjae Jeon commit db44c60c45aa533c92394c778247cfe8bdd66134 Author: Bixuan Cui Date: Mon Jul 20 09:58:39 2020 +0800 net: neterion: vxge: reduce stack usage in VXGE_COMPLETE_VPATH_TX Fix the warning: [-Werror=-Wframe-larger-than=] drivers/net/ethernet/neterion/vxge/vxge-main.c: In function'VXGE_COMPLETE_VPATH_TX.isra.37': drivers/net/ethernet/neterion/vxge/vxge-main.c:119:1: warning: the frame size of 1056 bytes is larger than 1024 bytes Dropping the NR_SKB_COMPLETED to 16 is appropriate that won't have much impact on performance and functionality. Signed-off-by: Bixuan Cui Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller commit 3f0dcfbcd2e162fc0a11c1f59b7acd42ee45f126 Author: Ming Lei Date: Mon Jul 20 10:54:35 2020 +0800 scsi: core: Run queue in case of I/O resource contention failure I/O requests may be held in scheduler queue because of resource contention. The starvation scenario was handled properly in the regular completion path but we failed to account for it during I/O submission. This lead to the hang captured below. Make sure we run the queue when resource contention is encountered in the submission path. [ 39.054963] scsi 13:0:0:0: rejecting I/O to dead device [ 39.058700] scsi 13:0:0:0: rejecting I/O to dead device [ 39.087855] sd 13:0:0:1: [sdd] Synchronizing SCSI cache [ 39.088909] scsi 13:0:0:1: rejecting I/O to dead device [ 39.095351] scsi 13:0:0:1: rejecting I/O to dead device [ 39.096962] scsi 13:0:0:1: rejecting I/O to dead device [ 247.021859] INFO: task scsi-stress-rem:813 blocked for more than 122 seconds. [ 247.023258] Not tainted 5.8.0-rc2 #8 [ 247.024069] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 247.025331] scsi-stress-rem D 0 813 802 0x00004000 [ 247.025334] Call Trace: [ 247.025354] __schedule+0x504/0x55f [ 247.027987] schedule+0x72/0xa8 [ 247.027991] blk_mq_freeze_queue_wait+0x63/0x8c [ 247.027994] ? do_wait_intr_irq+0x7a/0x7a [ 247.027996] blk_cleanup_queue+0x4b/0xc9 [ 247.028000] __scsi_remove_device+0xf6/0x14e [ 247.028002] scsi_remove_device+0x21/0x2b [ 247.029037] sdev_store_delete+0x58/0x7c [ 247.029041] kernfs_fop_write+0x10d/0x14f [ 247.031281] vfs_write+0xa2/0xdf [ 247.032670] ksys_write+0x6b/0xb3 [ 247.032673] do_syscall_64+0x56/0x82 [ 247.034053] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 247.034059] RIP: 0033:0x7f69f39e9008 [ 247.036330] Code: Bad RIP value. [ 247.036331] RSP: 002b:00007ffdd8116498 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 247.037613] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f69f39e9008 [ 247.039714] RDX: 0000000000000002 RSI: 000055cde92a0ab0 RDI: 0000000000000001 [ 247.039715] RBP: 000055cde92a0ab0 R08: 000000000000000a R09: 00007f69f3a79e80 [ 247.039716] R10: 000000000000000a R11: 0000000000000246 R12: 00007f69f3abb780 [ 247.039717] R13: 0000000000000002 R14: 00007f69f3ab6740 R15: 0000000000000002 Link: https://lore.kernel.org/r/20200720025435.812030-1-ming.lei@redhat.com Cc: linux-block@vger.kernel.org Cc: Christoph Hellwig Reviewed-by: Bart Van Assche Reviewed-by: Christoph Hellwig Signed-off-by: Ming Lei Signed-off-by: Martin K. Petersen commit befc113c56a76ae7be3986034a0e476d3385e265 Author: Huang Guobin Date: Sun Jul 19 21:46:14 2020 -0400 net: ag71xx: add missed clk_disable_unprepare in error path of probe The ag71xx_mdio_probe() forgets to call clk_disable_unprepare() when of_reset_control_get_exclusive() failed. Add the missed call to fix it. Fixes: d51b6ce441d3 ("net: ethernet: add ag71xx driver") Reported-by: Hulk Robot Signed-off-by: Huang Guobin Signed-off-by: David S. Miller commit ae372cb1750f6c95370f92fe5f5620e0954663ba Author: wenxu Date: Sun Jul 19 20:30:37 2020 +0800 net/sched: act_ct: fix restore the qdisc_skb_cb after defrag The fragment packets do defrag in tcf_ct_handle_fragments will clear the skb->cb which make the qdisc_skb_cb clear too. So the qdsic_skb_cb should be store before defrag and restore after that. It also update the pkt_len after all the fragments finish the defrag to one packet and make the following actions counter correct. Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct") Signed-off-by: wenxu Signed-off-by: David S. Miller commit 1e8fd3a97f2d83a7197876ceb4f37b4c2b00a0f3 Author: Navid Emamdoost Date: Sat Jul 18 00:31:49 2020 -0500 nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame The implementation of s3fwrn5_recv_frame() is supposed to consume skb on all execution paths. Release skb before returning -ENODEV. Signed-off-by: Navid Emamdoost Signed-off-by: David S. Miller commit 30d9e5057ac01dd6982adace221bfcafb1f8186e Author: Vinay Kumar Yadav Date: Sat Jul 18 00:41:07 2020 +0530 crypto/chtls: correct net_device reference count ip_dev_find() call holds net_device reference which is not needed, use __ip_dev_find() which does not hold reference. v1->v2: - Correct submission tree. - Add fixes tag. Fixes: cc35c88ae4db ("crypto : chtls - CPL handler definition") Signed-off-by: Vinay Kumar Yadav Signed-off-by: David S. Miller commit c271042eb6a031d1333cf57422ec1d20726901ab Author: Vinay Kumar Yadav Date: Sat Jul 18 00:31:42 2020 +0530 crypto/chtls: fix tls alert messages corrupted by tls data When tls data skb is pending for Tx and tls alert comes , It is wrongly overwrite the record type of tls data to tls alert record type. fix the issue correcting it. v1->v2: - Correct submission tree. - Add fixes tag. Fixes: 6919a8264a32 ("Crypto/chtls: add/delete TLS header in driver") Signed-off-by: Vinay Kumar Yadav Signed-off-by: David S. Miller commit 4932893924e9b9cdca8fcee2b87a4fa241cd95e8 Merge: 5d93518e06b2 0925e9db4dc8 Author: David S. Miller Date: Mon Jul 20 18:09:38 2020 -0700 Merge branch 'ionic-locking-and-filter-fixes' Shannon Nelson says: ==================== ionic: locking and filter fixes These patches address an ethtool show regs problem, some locking sightings, and issues with RSS hash and filter_id tracking after a managed FW update. ==================== Signed-off-by: David S. Miller commit 0925e9db4dc86daf666d9a3d53c7db14ac6d5d00 Author: Shannon Nelson Date: Mon Jul 20 16:00:17 2020 -0700 ionic: use mutex to protect queue operations The ionic_wait_on_bit_lock() was a open-coded mutex knock-off used only for protecting the queue reset operations, and there was no reason not to use the real thing. We can use the lock more correctly and to better protect the queue stop and start operations from cross threading. We can also remove a useless and expensive bit operation from the Rx path. This fixes a case found where the link_status_check from a link flap could run into an MTU change and cause a crash. Fixes: beead698b173 ("ionic: Add the basic NDO callbacks for netdev support") Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller commit bdff46665ee655600d0fe2a0e5f62ec7853d3b22 Author: Shannon Nelson Date: Mon Jul 20 16:00:16 2020 -0700 ionic: keep rss hash after fw update Make sure the RSS hash key is kept across a fw update by not de-initing it when an update is happening. Fixes: c672412f6172 ("ionic: remove lifs on fw reset") Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller commit cc4428c4de8c31f12e4690d0409e0432fe05702f Author: Shannon Nelson Date: Mon Jul 20 16:00:15 2020 -0700 ionic: update filter id after replay When we replay the rx filters after a fw-upgrade we get new filter_id values from the FW, which we need to save and update in our local filter list. This allows us to delete the filters with the correct filter_id when we're done. Fixes: 7e4d47596b68 ("ionic: replay filters after fw upgrade") Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller commit cbec2153a9a68d011454960ba84887e46e40b37d Author: Shannon Nelson Date: Mon Jul 20 16:00:14 2020 -0700 ionic: fix up filter locks and debug msgs Add in a couple of forgotten spinlocks and fix up some of the debug messages around filter management. Fixes: c1e329ebec8d ("ionic: Add management of rx filters") Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller commit f85ae16f924f92a370b81b4e77862c1c59882fce Author: Shannon Nelson Date: Mon Jul 20 16:00:13 2020 -0700 ionic: use offset for ethtool regs data Use an offset to write the second half of the regs data into the second half of the buffer instead of overwriting the first half. Fixes: 4d03e00a2140 ("ionic: Add initial ethtool support") Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller commit 5d93518e06b2102253d465e523f16bd4cb5ce859 Author: Murali Karicheri Date: Mon Jul 20 12:43:27 2020 -0400 net: hsr: check for return value of skb_put_padto() skb_put_padto() can fail. So check for return type and return NULL for skb. Caller checks for skb and acts correctly if it is NULL. Fixes: 6d6148bc78d2 ("net: hsr: fix incorrect lsdu size in the tag of HSR frames for small frames") Signed-off-by: Murali Karicheri Signed-off-by: David S. Miller commit 34b85adad831547cdd349ce9a05bbe751f9f4d46 Author: Guillaume Nault Date: Mon Jul 20 17:46:58 2020 +0200 Documentation: bareudp: update iproute2 sample commands bareudp.rst was written before iproute2 gained support for this new type of tunnel. Therefore, the sample command lines didn't match the final iproute2 implementation. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 5dbaeb87f2b309936be0aeae00cbc9e7f20ab296 Author: Liu Jian Date: Mon Jul 20 22:31:49 2020 +0800 mlxsw: destroy workqueue when trap_register in mlxsw_emad_init When mlxsw_core_trap_register fails in mlxsw_emad_init, destroy_workqueue() shouled be called to destroy mlxsw_core->emad_wq. Fixes: d965465b60ba ("mlxsw: core: Fix possible deadlock") Signed-off-by: Liu Jian Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller commit 6790711f8ac5faabc43237c0d05d93db431a1ecc Author: Liu Jian Date: Mon Jul 20 22:28:29 2020 +0800 dpaa_eth: Fix one possible memleak in dpaa_eth_probe When dma_coerce_mask_and_coherent() fails, the alloced netdev need to be freed. Fixes: 060ad66f9795 ("dpaa_eth: change DMA device") Signed-off-by: Liu Jian Acked-by: Madalin Bucur Signed-off-by: David S. Miller commit d49e2c9e54ddc072fe38dcd838a78067757b13c8 Merge: 639f181f0ee2 a9e445029570 Author: David S. Miller Date: Mon Jul 20 17:52:25 2020 -0700 Merge branch 'smc-fixes' Karsten Graul says: ==================== net/smc: fixes 2020-07-20 Please apply the following patch series for smc to netdev's net tree. Patch 1 fixes a problem with a buffer that is not put back when the connection was killed in the meantime. Patch 2 fixes a wrong behaviour when the maximum dmb buffer count exceeded. ==================== Signed-off-by: David S. Miller commit a9e445029570ab691a44389d68b9c544338586b5 Author: Karsten Graul Date: Mon Jul 20 16:24:29 2020 +0200 net/smc: fix dmb buffer shortage There is a current limit of 1920 registered dmb buffers per ISM device for smc-d. One link group can contain 255 connections, each connection is using one dmb buffer. When the connection is closed then the registered buffer is held in a queue and is reused by the next connection. When a link group is 'full' then another link group is created and uses an own buffer pool. The link groups are added to a list using list_add() which puts a new link group to the first position in the list. In the situation that many connections are opened (>1920) and a few of them stay open while others are closed quickly we end up with at least 8 link groups. For a new connection a matching link group is looked up, iterating over the list of link groups. The trailing 7 link groups all have registered dmb buffers which could be reused, while the first link group has only a few dmb buffers and then hit the 1920 limit. Because the first link group is not full (255 connection limit not reached) it is chosen and finally the connection falls back to TCP because there is no dmb buffer available in this link group. There are multiple ways to fix that: using list_add_tail() allows to scan older link groups first for free buffers which ensures that buffers are reused first. This fixes the problem for smc-r link groups as well. For smc-d there is an even better way to address this problem because smc-d does not have the 255 connections per link group limit. So fix the problem for smc-d by allowing large link groups. Fixes: c6ba7c9ba43d ("net/smc: add base infrastructure for SMC-D and ISM") Reviewed-by: Ursula Braun Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 2bced6aefa3d0347e11efc610759e1317bfca7a7 Author: Karsten Graul Date: Mon Jul 20 16:24:28 2020 +0200 net/smc: put slot when connection is killed To get a send slot smc_wr_tx_get_free_slot() is called, which might wait for a free slot. When smc_wr_tx_get_free_slot() returns there is a check if the connection was killed in the meantime. In that case don't only return an error, but also put back the free slot. Fixes: b290098092e4 ("net/smc: cancel send and receive for terminated socket") Reviewed-by: Ursula Braun Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 639f181f0ee20d3249dbc55f740f0167267180f0 Author: David Howells Date: Mon Jul 20 12:41:46 2020 +0100 rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA rxrpc_sendmsg() returns EPIPE if there's an outstanding error, such as if rxrpc_recvmsg() indicating ENODATA if there's nothing for it to read. Change rxrpc_recvmsg() to return EAGAIN instead if there's nothing to read as this particular error doesn't get stored in ->sk_err by the networking core. Also change rxrpc_sendmsg() so that it doesn't fail with delayed receive errors (there's no way for it to report which call, if any, the error was caused by). Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both") Signed-off-by: David Howells Signed-off-by: David S. Miller commit 7d85396c4c72de12df76d6b9853fd871dbfdf2ec Merge: 53a92889ec0e 19dc36548be2 Author: David S. Miller Date: Mon Jul 20 17:04:35 2020 -0700 Merge tag 'ieee802154-for-davem-2020-07-20' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan Stefan Schmidt says: ==================== pull-request: ieee802154 for net 2020-07-20 An update from ieee802154 for your *net* tree. A potential memory leak fix for adf7242 from Liu Jian, and one more HTTPS link change from Alexander A. Klimov. ==================== Signed-off-by: David S. Miller commit 53a92889ec0e6d968a7f4098a16031a672b6fd51 Author: Zhang Changzhong Date: Mon Jul 20 17:36:34 2020 +0800 net: bcmgenet: add missed clk_disable_unprepare in bcmgenet_probe The driver forgets to call clk_disable_unprepare() in error path after a success calling for clk_prepare_enable(). Fix to goto err_clk_disable if clk_prepare_enable() is successful. Fixes: c80d36ff63a5 ("net: bcmgenet: Use devm_clk_get_optional() to get the clocks") Signed-off-by: Zhang Changzhong Acked-by: Doug Berger Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit 24a63fe6d45d6527db5ab87bcd1da6921f10e89e Author: Zhang Changzhong Date: Mon Jul 20 15:18:43 2020 +0800 net: bcmgenet: fix error returns in bcmgenet_probe() The driver forgets to call clk_disable_unprepare() in error path after a success calling for clk_prepare_enable(). Fix to goto err_clk_disable if clk_prepare_enable() is successful. Fixes: 99d55638d4b0 ("net: bcmgenet: enable NETIF_F_HIGHDMA flag") Signed-off-by: Zhang Changzhong Acked-by: Doug Berger Acked-by: Florian fainelli Signed-off-by: David S. Miller commit 4fa640dc52302b5e62b01b05c755b055549633ae Merge: 5714ee50bb43 b872d0640840 Author: Linus Torvalds Date: Mon Jul 20 13:30:59 2020 -0700 Merge tag 'vfio-v5.8-rc7' of git://github.com/awilliam/linux-vfio into master Pull VFIO fix from Alex Williamson: "Fix race with eventfd ctx cleared outside of mutex (Zeng Tao)" * tag 'vfio-v5.8-rc7' of git://github.com/awilliam/linux-vfio: vfio/pci: fix racy on error and request eventfd ctx commit 1cfd3426ef989b83fa6176490a38777057e57f6c Author: Hauke Mehrtens Date: Tue Jul 14 22:58:02 2020 +0200 ath10k: Fix NULL pointer dereference in AHB device probe This fixes a NULL pointer dereference in the probe path for AHB devices. There attr parameter in the ath10k_ce_alloc_pipe() function is not initialized, but accessed. This function is called by ath10k_pci_setup_resource() which is called by ath10k_ahb_probe(). The struct ath10k_pci is also used for AHB devices and not only for PCI devices. The initialization of the new members of struct ath10k_pci is moved to ath10k_pci_setup_resource() which is used by the PCI and the AHB code. This also fixes a use after free bug in ath10k_pci_remove() when ar_pci is accessed after ath10k_core_destroy() was called, which calls ieee80211_free_hw() and frees this memory. This fixes the following bug seen with backports-5.8-rc2 on OpenWrt on a IPQ4019 device: [ 11.117462] 8<--- cut here --- [ 11.117494] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 11.119510] pgd = f377fd58 [ 11.127657] [00000000] *pgd=8e9a0835, *pte=00000000, *ppte=00000000 [ 11.130206] Internal error: Oops: 17 [#1] SMP ARM [ 11.136339] Modules linked in: ath10k_pci(+) ath10k_core ath xt_state xt_nat xt_conntrack xt_REDIRECT xt_MASQUERADE xt_FLOWOFFLOAD pppox ppp_generic nf_nat nf_flow_table_hw nf_flow_table nf_conntrack_rtcache nf_conntrack mac80211 ipt_REJECT cfg80211 xt_time xt_tcpudp xt_multiport xt_mark xt_mac xt_limit xt_comment xt_TCPMSS xt_LOG slhc nf_reject_ipv4 nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_filter ip_tables crc_ccitt compat nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_qcom gpio_button_hotplug [ 11.174355] CPU: 2 PID: 257 Comm: kmodloader Not tainted 5.4.51 #0 [ 11.196585] Hardware name: Generic DT based system [ 11.202746] PC is at ath10k_ce_alloc_pipe+0x58/0x180 [ath10k_core] [ 11.207459] LR is at ath10k_pci_alloc_pipes+0x94/0xc8 [ath10k_pci] [ 11.213600] pc : [] lr : [] psr: 80000013 [ 11.219760] sp : cea0dc90 ip : cf4001f0 fp : 00000001 [ 11.225923] r10: 00000000 r9 : 00000018 r8 : ce4963b4 [ 11.231133] r7 : 00000000 r6 : ce491ea0 r5 : 00000000 r4 : ce4963b4 [ 11.236342] r3 : 0004a000 r2 : 0004a000 r1 : bf2d0d70 r0 : 00000006 [ 11.242942] Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 11.249452] Control: 10c5387d Table: 8e9c006a DAC: 00000051 [ 11.256656] Process kmodloader (pid: 257, stack limit = 0xaba286ca) [ 11.262386] Stack: (0xcea0dc90 to 0xcea0e000) [ 11.268462] dc80: 00000000 ce49629c ce491ea0 ce4963bc [ 11.272984] dca0: ce495ea0 bf2fbf98 00000002 ce4963a8 ce495ea0 00000000 ce491ea0 cf95d800 [ 11.281142] dcc0: cf95d810 cf95d810 00000001 bf2fc854 00000000 cf95d800 bf300748 ce495ea0 [ 11.289304] dce0: ce491ea0 d1300000 cf95d800 bf2fde8c 00000000 00000001 ce49cea0 00000000 [ 11.297462] dd00: 00000000 00000000 bf3010a0 cf95d810 bf3010a0 c0b61580 00000000 00000000 [ 11.305624] dd20: bf3010a0 0000000b c0b04e48 c06110c8 c0b61588 cf95d810 c0b61580 c060f740 [ 11.313781] dd40: cf95d810 00000000 bf3010a0 00000000 00000000 ce49d2a4 bf301100 c060fc90 [ 11.321943] dd60: 00000000 bf3010a0 cf95d810 c060fcf0 cf95d810 bf3010a0 c060fc98 c060dca4 [ 11.330101] dd80: cf809d58 cf952cb4 bf3010a0 ce967900 c0b1f2c8 c060ec28 bf3007b8 bf301038 [ 11.338263] dda0: bf3010a0 bf3010a0 c0b2d4d4 ffffe000 bf304000 c0610278 c0b04e48 c0b2d4d4 [ 11.346422] ddc0: ffffe000 bf2fe2b4 c0b04e48 bf30403c c0b04e48 c0302764 8040003f 00000001 [ 11.354582] dde0: 38e38e39 ce513580 c0b2cb50 cf801e00 cffbc6ac ce513600 cf801e00 cffbc6ac [ 11.362740] de00: 8040003e ce49d280 00000001 c0428d54 00000001 cf801e00 cffbc6ac ce513580 [ 11.370900] de20: ce49d280 0e391998 bf301100 ce49d340 d12d2000 ce49d280 00000001 c0398c2c [ 11.379061] de40: 00000001 cea0df34 cea0df34 00000001 d12d2000 c039ae48 bf30110c 00007fff [ 11.387221] de60: bf301100 c0398044 cf804028 bf301148 c0397674 bf30126c c08ee5c0 c08ee70c [ 11.395380] de80: bf30110c c0b04e48 c08ee518 00000000 c08ee570 c0b04e48 ce513600 fffff000 [ 11.403540] dea0: 00000001 ce513580 0000000d 0000000d 00000000 00000000 00000000 00000000 [ 11.411698] dec0: 00000000 00000000 6e72656b 00006c65 00000000 00000000 00000000 00000000 [ 11.419858] dee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 11.428018] df00: 00000000 0e391998 00000000 0000c610 d12de610 00000000 0062c620 ffffe000 [ 11.436180] df20: 000129d1 00000051 00000000 c039b228 00000000 d12d7afd d12d8e80 d12d2000 [ 11.444337] df40: 0000c610 d12de0e8 d12ddfa8 d12dab74 00009000 00009570 00003a2c 00009cae [ 11.452498] df60: 00000000 00000000 00000000 00003a1c 0000001e 0000001f 00000018 00000000 [ 11.460656] df80: 00000010 00000000 00000000 00000000 00000003 00000080 c0301204 cea0c000 [ 11.468817] dfa0: 00000080 c0301000 00000000 00000000 00620010 0000c610 000129d1 00000014 [ 11.476975] dfc0: 00000000 00000000 00000003 00000080 0000c610 00000000 b6fc1d20 00000000 [ 11.485137] dfe0: bef0ad14 bef0acf8 00011e14 b6f74c94 60000010 00620010 00000000 00000000 [ 11.493390] [] (ath10k_ce_alloc_pipe [ath10k_core]) from [] (ath10k_pci_alloc_pipes+0x94/0xc8 [ath10k_pci]) [ 11.501498] [] (ath10k_pci_alloc_pipes [ath10k_pci]) from [] (ath10k_pci_setup_resource+0xb8/0xf0 [ath10k_pci]) [ 11.512773] [] (ath10k_pci_setup_resource [ath10k_pci]) from [] (ath10k_ahb_probe+0x32c/0x670 [ath10k_pci]) [ 11.524566] [] (ath10k_ahb_probe [ath10k_pci]) from [] (platform_drv_probe+0x34/0x70) [ 11.536016] [] (platform_drv_probe) from [] (really_probe+0x1f0/0x358) [ 11.545729] [] (really_probe) from [] (device_driver_attach+0x58/0x60) [ 11.553886] [] (device_driver_attach) from [] (__driver_attach+0x58/0xcc) [ 11.562134] [] (__driver_attach) from [] (bus_for_each_dev+0x68/0x8c) [ 11.570731] [] (bus_for_each_dev) from [] (bus_add_driver+0x1c8/0x1d8) [ 11.578886] [] (bus_add_driver) from [] (driver_register+0x74/0x108) [ 11.587060] [] (driver_register) from [] (ath10k_ahb_init+0x18/0x38 [ath10k_pci]) [ 11.595320] [] (ath10k_ahb_init [ath10k_pci]) from [] (init_module+0x3c/0x1000 [ath10k_pci]) [ 11.604432] [] (init_module [ath10k_pci]) from [] (do_one_initcall+0x84/0x1d8) [ 11.614657] [] (do_one_initcall) from [] (do_init_module+0x5c/0x228) [ 11.623421] [] (do_init_module) from [] (load_module+0x1fc8/0x224c) [ 11.631663] [] (load_module) from [] (sys_init_module+0x15c/0x17c) [ 11.639390] [] (sys_init_module) from [] (ret_fast_syscall+0x0/0x54) [ 11.647370] Exception stack(0xcea0dfa8 to 0xcea0dff0) [ 11.655615] dfa0: 00000000 00000000 00620010 0000c610 000129d1 00000014 [ 11.660569] dfc0: 00000000 00000000 00000003 00000080 0000c610 00000000 b6fc1d20 00000000 [ 11.668725] dfe0: bef0ad14 bef0acf8 00011e14 b6f74c94 [ 11.676886] Code: e1c321d4 e0433002 e0232397 e5843014 (e5953000) [ 11.681958] ---[ end trace 8f35917de2e76854 ]--- Fixes: 521fc37be3d8 ("ath10k: Avoid override CE5 configuration for QCA99X0 chipsets") Reported-by: Stefan Lippers-Hollmann [ipq40xx/ map-ac2200] Signed-off-by: Hauke Mehrtens Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20200714205802.17688-1-hauke@hauke-m.de commit b5ba46b81c2fef00bcf110777fb6d51befa4a23e Author: Alessio Bonfiglio Date: Tue Jul 14 11:19:11 2020 +0200 iwlwifi: Make some Killer Wireless-AC 1550 cards work again Fix the regression introduced by commit c8685937d07f ("iwlwifi: move pu devices to new table") by adding the ids and the configurations of two missing Killer 1550 cards in order to configure and let them work correctly again (following the new table convention). Resolve bug 208141 ("Wireless ac 9560 not working kernel 5.7.2", https://bugzilla.kernel.org/show_bug.cgi?id=208141). Fixes: c8685937d07f ("iwlwifi: move pu devices to new table") Signed-off-by: Alessio Bonfiglio Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20200714091911.4442-1-alessio.bonfiglio@mail.polimi.it commit 92f53e2fda8bb9a559ad61d57bfb397ce67ed0ab Author: Mark O'Donovan Date: Sat Jul 11 05:33:24 2020 +0100 ath9k: Fix regression with Atheros 9271 This fix allows ath9k_htc modules to connect to WLAN once again. Fixes: 2bbcaaee1fcb ("ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb") Link: https://bugzilla.kernel.org/show_bug.cgi?id=208251 Signed-off-by: Mark O'Donovan Reported-by: Roman Mamedov Tested-by: Viktor Jägersküpper Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20200711043324.8079-1-shiftee@posteo.net commit 89ee72376be23a1029a0c65eff8838c262b01d65 Author: Johannes Thumshirn Date: Thu Jul 16 19:37:23 2020 +0900 zonefs: count pages after truncating the iterator Count pages after possibly truncating the iterator to the maximum zone append size, not before. Signed-off-by: Johannes Thumshirn Signed-off-by: Damien Le Moal commit 01b2651cfb20ba38429cdb47c68f36e56a2d3cb4 Author: Damien Le Moal Date: Mon Jul 20 17:52:52 2020 +0900 zonefs: Fix compilation warning Avoid the compilation warning "Variable 'ret' is reassigned a value before the old one has been used." in zonefs_create_zgroup() by setting ret for the error path only if an error happens. Reported-by: kernel test robot Signed-off-by: Damien Le Moal commit 926234f1b8434c4409aa4c53637aa3362ca07cea Author: Ian Abbott Date: Fri Jul 17 15:52:56 2020 +0100 staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift The `INSN_CONFIG` comedi instruction with sub-instruction code `INSN_CONFIG_DIGITAL_TRIG` includes a base channel in `data[3]`. This is used as a right shift amount for other bitmask values without being checked. Shift amounts greater than or equal to 32 will result in undefined behavior. Add code to deal with this. Fixes: 1e15687ea472 ("staging: comedi: addi_apci_1564: add Change-of-State interrupt subdevice and required functions") Cc: #3.17+ Signed-off-by: Ian Abbott Link: https://lore.kernel.org/r/20200717145257.112660-4-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman commit fc846e9db67c7e808d77bf9e2ef3d49e3820ce5d Author: Ian Abbott Date: Fri Jul 17 15:52:57 2020 +0100 staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift The `INSN_CONFIG` comedi instruction with sub-instruction code `INSN_CONFIG_DIGITAL_TRIG` includes a base channel in `data[3]`. This is used as a right shift amount for other bitmask values without being checked. Shift amounts greater than or equal to 32 will result in undefined behavior. Add code to deal with this, adjusting the checks for invalid channels so that enabled channel bits that would have been lost by shifting are also checked for validity. Only channels 0 to 15 are valid. Fixes: a8c66b684efaf ("staging: comedi: addi_apci_1500: rewrite the subdevice support functions") Cc: #4.0+: ef75e14a6c93: staging: comedi: verify array index is correct before using it Cc: #4.0+ Signed-off-by: Ian Abbott Link: https://lore.kernel.org/r/20200717145257.112660-5-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman commit 0bd0db42a030b75c20028c7ba6e327b9cb554116 Author: Ian Abbott Date: Fri Jul 17 15:52:55 2020 +0100 staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift The `INSN_CONFIG` comedi instruction with sub-instruction code `INSN_CONFIG_DIGITAL_TRIG` includes a base channel in `data[3]`. This is used as a right shift amount for other bitmask values without being checked. Shift amounts greater than or equal to 32 will result in undefined behavior. Add code to deal with this. Fixes: 33cdce6293dcc ("staging: comedi: addi_apci_1032: conform to new INSN_CONFIG_DIGITAL_TRIG") Cc: #3.8+ Signed-off-by: Ian Abbott Link: https://lore.kernel.org/r/20200717145257.112660-3-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman commit f07804ec77d77f8a9dcf570a24154e17747bc82f Author: Ian Abbott Date: Fri Jul 17 15:52:54 2020 +0100 staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support `ni6527_intr_insn_config()` processes `INSN_CONFIG` comedi instructions for the "interrupt" subdevice. When `data[0]` is `INSN_CONFIG_DIGITAL_TRIG` it is configuring the digital trigger. When `data[2]` is `COMEDI_DIGITAL_TRIG_ENABLE_EDGES` it is configuring rising and falling edge detection for the digital trigger, using a base channel number (or shift amount) in `data[3]`, a rising edge bitmask in `data[4]` and falling edge bitmask in `data[5]`. If the base channel number (shift amount) is greater than or equal to the number of channels (24) of the digital input subdevice, there are no changes to the rising and falling edges, so the mask of channels to be changed can be set to 0, otherwise the mask of channels to be changed, and the rising and falling edge bitmasks are shifted by the base channel number before calling `ni6527_set_edge_detection()` to change the appropriate registers. Unfortunately, the code is comparing the base channel (shift amount) to the interrupt subdevice's number of channels (1) instead of the digital input subdevice's number of channels (24). Fix it by comparing to 32 because all shift amounts for an `unsigned int` must be less than that and everything from bit 24 upwards is ignored by `ni6527_set_edge_detection()` anyway. Fixes: 110f9e687c1a8 ("staging: comedi: ni_6527: support INSN_CONFIG_DIGITAL_TRIG") Cc: # 3.17+ Signed-off-by: Ian Abbott Link: https://lore.kernel.org/r/20200717145257.112660-2-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman commit b62e185184e9d210000fcf2af39aac52d73562c8 Merge: 120c8a4939f9 cea7a0449ea3 Author: Greg Kroah-Hartman Date: Mon Jul 20 10:01:58 2020 +0200 Merge tag 'misc-habanalabs-fixes-2020-07-19' of git://people.freedesktop.org/~gabbayo/linux into char-misc-linus Oded writes: This tag contains a single bug fix for 5.8-rc7: - Check that an index is in valid range before using it to access an array. The index is received from the user. This is to prevent a possible out-of-bounds access error. * tag 'misc-habanalabs-fixes-2020-07-19' of git://people.freedesktop.org/~gabbayo/linux: habanalabs: prevent possible out-of-bounds array access commit 120c8a4939f9aac672a84ed9a81ed12b0b005db3 Merge: b279b1fe5799 8614afd689df Author: Greg Kroah-Hartman Date: Mon Jul 20 09:59:53 2020 +0200 Merge tag 'fpga-late-fixes-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mdf/linux-fpga into char-misc-linus Moritz writes: FPGA manager fixes for 5.8 Here are two (late) dfl fixes for the the 5.8 release. Matthew's fix addresses an issue in the reset of a port. Xu'x fix addresses a linter warning. All patches have been reviewed on the mailing list, and have been in the last few linux-next releases (as part of my fixes branch) without issues. Signed-off-by: Moritz Fischer * tag 'fpga-late-fixes-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mdf/linux-fpga: fpga: dfl: fix bug in port reset handshake fpga: dfl: pci: reduce the scope of variable 'ret' commit 19dc36548be2027cb5a491511bc152493c1244bb Author: Alexander A. Klimov Date: Sun Jul 19 13:31:42 2020 +0200 net: ieee802154: adf7242: Replace HTTP links with HTTPS ones Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov Link: https://lore.kernel.org/r/20200719113142.58304-1-grandmaster@al2klimov.de Signed-off-by: Stefan Schmidt commit 4a601da92c2a782e5c022680d476104586b74994 Author: Michael Trimarchi Date: Fri Jul 17 13:33:52 2020 +0530 ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect The current pin muxing scheme muxes GPIO_1 pad for USB_OTG_ID because of which when card is inserted, usb otg is enumerated and the card is never detected. [ 64.492645] cfg80211: failed to load regulatory.db [ 64.492657] imx-sdma 20ec000.sdma: external firmware not found, using ROM firmware [ 76.343711] ci_hdrc ci_hdrc.0: EHCI Host Controller [ 76.349742] ci_hdrc ci_hdrc.0: new USB bus registered, assigned bus number 2 [ 76.388862] ci_hdrc ci_hdrc.0: USB 2.0 started, EHCI 1.00 [ 76.396650] usb usb2: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.08 [ 76.405412] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 76.412763] usb usb2: Product: EHCI Host Controller [ 76.417666] usb usb2: Manufacturer: Linux 5.8.0-rc1-next-20200618 ehci_hcd [ 76.424623] usb usb2: SerialNumber: ci_hdrc.0 [ 76.431755] hub 2-0:1.0: USB hub found [ 76.435862] hub 2-0:1.0: 1 port detected The TRM mentions GPIO_1 pad should be muxed/assigned for card detect and ENET_RX_ER pad for USB_OTG_ID for proper operation. This patch fixes pin muxing as per TRM and is tested on a i.Core 1.5 MX6 DL SOM. [ 22.449165] mmc0: host does not support reading read-only switch, assuming write-enable [ 22.459992] mmc0: new high speed SDHC card at address 0001 [ 22.469725] mmcblk0: mmc0:0001 EB1QT 29.8 GiB [ 22.478856] mmcblk0: p1 p2 Fixes: 6df11287f7c9 ("ARM: dts: imx6q: Add Engicam i.CoreM6 Quad/Dual initial support") Cc: stable@vger.kernel.org Signed-off-by: Michael Trimarchi Signed-off-by: Suniel Mahesh Signed-off-by: Shawn Guo commit d36f260718d83928e6012247a7e1b9791cdb12ff Author: Fabio Estevam Date: Mon Jul 13 11:23:25 2020 -0300 ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 Commit 0672d22a1924 ("ARM: dts: imx: Fix the AR803X phy-mode") fixed the phy-mode for fec1, but missed to fix it for the fec2 node. Fix fec2 to also use "rgmii-id" as the phy-mode. Cc: Fixes: 0672d22a1924 ("ARM: dts: imx: Fix the AR803X phy-mode") Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo commit c696afd331be1acb39206aba53048f2386b781fc Author: Fabio Estevam Date: Mon Jul 13 11:23:24 2020 -0300 ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 Commit 0672d22a1924 ("ARM: dts: imx: Fix the AR803X phy-mode") fixed the phy-mode for fec1, but missed to fix it for the fec2 node. Fix fec2 to also use "rgmii-id" as the phy-mode. Cc: Fixes: 0672d22a1924 ("ARM: dts: imx: Fix the AR803X phy-mode") Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo commit 544f287b84959203367cd29e16e772717612fab4 Author: Taehee Yoo Date: Sun Jul 19 12:11:24 2020 +0000 bonding: check error value of register_netdevice() immediately If register_netdevice() is failed, net_device should not be used because variables are uninitialized or freed. So, the routine should be stopped immediately. But, bond_create() doesn't check return value of register_netdevice() immediately. That will result in a panic because of using uninitialized or freed memory. Test commands: modprobe netdev-notifier-error-inject echo -22 > /sys/kernel/debug/notifier-error-inject/netdev/\ actions/NETDEV_REGISTER/error modprobe bonding max_bonds=3 Splat looks like: [ 375.028492][ T193] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] SMP DEBUG_PAGEALLOC PTI [ 375.033207][ T193] CPU: 2 PID: 193 Comm: kworker/2:2 Not tainted 5.8.0-rc4+ #645 [ 375.036068][ T193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 [ 375.039673][ T193] Workqueue: events linkwatch_event [ 375.041557][ T193] RIP: 0010:dev_activate+0x4a/0x340 [ 375.043381][ T193] Code: 40 a8 04 0f 85 db 00 00 00 8b 83 08 04 00 00 85 c0 0f 84 0d 01 00 00 31 d2 89 d0 48 8d 04 40 48 c1 e0 07 48 03 83 00 04 00 00 <48> 8b 48 10 f6 41 10 01 75 08 f0 80 a1 a0 01 00 00 fd 48 89 48 08 [ 375.050267][ T193] RSP: 0018:ffff9f8facfcfdd8 EFLAGS: 00010202 [ 375.052410][ T193] RAX: 6b6b6b6b6b6b6b6b RBX: ffff9f8fae6ea000 RCX: 0000000000000006 [ 375.055178][ T193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9f8fae6ea000 [ 375.057762][ T193] RBP: ffff9f8fae6ea000 R08: 0000000000000000 R09: 0000000000000000 [ 375.059810][ T193] R10: 0000000000000001 R11: 0000000000000000 R12: ffff9f8facfcfe08 [ 375.061892][ T193] R13: ffffffff883587e0 R14: 0000000000000000 R15: ffff9f8fae6ea580 [ 375.063931][ T193] FS: 0000000000000000(0000) GS:ffff9f8fbae00000(0000) knlGS:0000000000000000 [ 375.066239][ T193] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 375.067841][ T193] CR2: 00007f2f542167a0 CR3: 000000012cee6002 CR4: 00000000003606e0 [ 375.069657][ T193] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 375.071471][ T193] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 375.073269][ T193] Call Trace: [ 375.074005][ T193] linkwatch_do_dev+0x4d/0x50 [ 375.075052][ T193] __linkwatch_run_queue+0x10b/0x200 [ 375.076244][ T193] linkwatch_event+0x21/0x30 [ 375.077274][ T193] process_one_work+0x252/0x600 [ 375.078379][ T193] ? process_one_work+0x600/0x600 [ 375.079518][ T193] worker_thread+0x3c/0x380 [ 375.080534][ T193] ? process_one_work+0x600/0x600 [ 375.081668][ T193] kthread+0x139/0x150 [ 375.082567][ T193] ? kthread_park+0x90/0x90 [ 375.083567][ T193] ret_from_fork+0x22/0x30 Fixes: e826eafa65c6 ("bonding: Call netif_carrier_off after register_netdevice") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit 7c6719a1aaca51ffd7cdf3905e70aa8313f6ef26 Author: Russell King Date: Sun Jul 19 12:00:40 2020 +0100 arm64: dts: clearfog-gt-8k: fix switch link configuration The commit below caused a regression for clearfog-gt-8k, where the link between the switch and the host does not come up. Investigation revealed two issues: - MV88E6xxx DSA no longer allows an in-band link to come up as the link is programmed to be forced down. Commit "net: dsa: mv88e6xxx: fix in-band AN link establishment" addresses this. - The dts configured dissimilar link modes at each end of the host to switch link; the host was configured using a fixed link (so has no in-band status) and the switch was configured to expect in-band status. With both issues fixed, the regression is resolved. Fixes: 34b5e6a33c1a ("net: dsa: mv88e6xxx: Configure MAC when using fixed link") Reported-by: Martin Rowe Signed-off-by: Russell King Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit fad58190c0ffd72c394722928cd3e919b6e18357 Author: Russell King Date: Sun Jul 19 12:00:35 2020 +0100 net: dsa: mv88e6xxx: fix in-band AN link establishment If in-band negotiation or fixed-link modes are specified for a DSA port, the DSA code will force the link down during initialisation. For fixed-link mode, this is fine, as phylink will manage the link state. However, for in-band mode, phylink expects the PCS to detect link, which will not happen if the link is forced down. There is a related issue that in in-band mode, the link could come up while we are making configuration changes, so we should force the link down prior to reconfiguring the interface mode. This patch addresses both issues. Fixes: 3be98b2d5fbc ("net: dsa: Down cpu/dsa ports phylink will control") Signed-off-by: Russell King Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit f3f90c6db188d437add55aaffadd5ad5bcb8cda6 Author: Qiang Yu Date: Sun Jul 19 15:30:50 2020 +0800 drm/lima: fix wait pp reset timeout PP bcast is marked as doing async reset after job is done. When resume after suspend, each PP is reset individually, so no need to reset in PP bcast resume. But I forgot to clear the PP bcast async reset mark so call into async wait before job run and gets timeout. Closes: https://gitlab.freedesktop.org/lima/linux/-/issues/34 Fixes: 3446d7e9883d ("drm/lima: add resume/suspend callback for each ip") Reviewed-by: Erico Nunes Signed-off-by: Qiang Yu Link: https://patchwork.freedesktop.org/patch/msgid/20200719073050.776962-1-yuq825@gmail.com commit 5714ee50bb4375bd586858ad800b1d9772847452 Author: Kevin Buettner Date: Sat Jul 18 00:20:03 2020 -0700 copy_xstate_to_kernel: Fix typo which caused GDB regression This fixes a regression encountered while running the gdb.base/corefile.exp test in GDB's test suite. In my testing, the typo prevented the sw_reserved field of struct fxregs_state from being output to the kernel XSAVES area. Thus the correct mask corresponding to XCR0 was not present in the core file for GDB to interrogate, resulting in the following behavior: [kev@f32-1 gdb]$ ./gdb -q testsuite/outputs/gdb.base/corefile/corefile testsuite/outputs/gdb.base/corefile/corefile.core Reading symbols from testsuite/outputs/gdb.base/corefile/corefile... [New LWP 232880] warning: Unexpected size of section `.reg-xstate/232880' in core file. With the typo fixed, the test works again as expected. Signed-off-by: Kevin Buettner Fixes: 9e4636545933 ("copy_xstate_to_kernel(): don't leave parts of destination uninitialized") Cc: Al Viro Cc: Dave Airlie Signed-off-by: Linus Torvalds commit ba47d845d715a010f7b51f6f89bae32845e6acb7 Author: Linus Torvalds Date: Sun Jul 19 15:41:18 2020 -0700 Linux 5.8-rc6 commit a463fa2cda5641c12da76d115a3490aee01d0377 Merge: 9b8737788af6 1ad240583354 Author: David S. Miller Date: Sun Jul 19 15:30:23 2020 -0700 Merge branch 'net-smc-fixes' Karsten Graul says: ==================== net/smc: fixes 2020-07-16 Please apply the following patch series for smc to netdev's net tree. The patches address problems caused by late or unexpected link layer control packets, dma sync calls for unmapped memory, freed buffers that are not removed from the buffer list and a possible null pointer access that results in a crash. v1->v2: in patch 4, improve patch description and correct the comment for the new mutex ==================== Signed-off-by: David S. Miller commit 1ad24058335427d046b2e5666bcd15a62ad9e242 Author: Karsten Graul Date: Sat Jul 18 15:06:18 2020 +0200 net/smc: fix restoring of fallback changes When a listen socket is closed then all non-accepted sockets in its accept queue are to be released. Inside __smc_release() the helper smc_restore_fallback_changes() restores the changes done to the socket without to check if the clcsocket has a file set. This can result in a crash. Fix this by checking the file pointer first. Reviewed-by: Ursula Braun Fixes: f536dffc0b79 ("net/smc: fix closing of fallback SMC sockets") Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit fd7f3a746582e8b17c48d4d8087d38c91f59ba67 Author: Karsten Graul Date: Sat Jul 18 15:06:17 2020 +0200 net/smc: remove freed buffer from list Two buffers are allocated for each SMC connection. Each buffer is added to a buffer list after creation. When the second buffer allocation fails, the first buffer is freed but not deleted from the list. This might result in crashes when another connection picks up the freed buffer later and starts to work with it. Reviewed-by: Ursula Braun Fixes: 6511aad3f039 ("net/smc: change smc_buf_free function parameters") Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 741a49a4dc5fd7e61b37b259dde915083c2c5327 Author: Karsten Graul Date: Sat Jul 18 15:06:16 2020 +0200 net/smc: do not call dma sync for unmapped memory The dma related ...sync_sg... functions check the link state before the dma function is actually called. But the check in smc_link_usable() allows links in ACTIVATING state which are not yet mapped to dma memory. Under high load it may happen that the sync_sg functions are called for such a link which results in an debug output like DMA-API: mlx5_core 0002:00:00.0: device driver tries to sync DMA memory it has not allocated [device address=0x0000000103370000] [size=65536 bytes] To fix that introduce a helper to check for the link state ACTIVE and use it where appropriate. And move the link state update to ACTIVATING to the end of smcr_link_init() when most initial setup is done. Reviewed-by: Ursula Braun Fixes: d854fcbfaeda ("net/smc: add new link state and related helpers") Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit b9979c2e837926c87358024a95c67988477909b1 Author: Karsten Graul Date: Sat Jul 18 15:06:15 2020 +0200 net/smc: fix handling of delete link requests As smc client the delete link requests are assigned to the flow when _any_ flow is active. This may break other flows that do not expect delete link requests during their handling. Fix that by assigning the request only when an add link flow is active. With that fix the code for smc client and smc server is the same, so remove the separate handling. Reviewed-by: Ursula Braun Fixes: 9ec6bf19ec8b ("net/smc: llc_del_link_work and use the LLC flow for delete link") Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit c48254fa48e5bad589fbbf1578dae960cedcafcf Author: Karsten Graul Date: Sat Jul 18 15:06:14 2020 +0200 net/smc: move add link processing for new device into llc layer When a new ib device is up smc will send an add link invitation to the peer if needed. This is currently done with rudimentary flow control. Under high workload these add link invitations can disturb other llc flows because they arrive unexpected. Fix this by integrating the invitations into the normal llc event flow and handle them as a flow. While at it, check for already assigned requests in the flow before the new add link request is assigned. Reviewed-by: Ursula Braun Fixes: 1f90a05d9ff9 ("net/smc: add smcr_port_add() and smcr_link_up() processing") Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 2ff0867851a21ea1ccb0c275ae1df2fe7787e1b9 Author: Karsten Graul Date: Sat Jul 18 15:06:13 2020 +0200 net/smc: drop out-of-flow llc response messages To be save from unexpected or late llc response messages check if the arrived message fits to the current flow type and drop out-of-flow messages. And drop it when there is already a response assigned to the flow. Reviewed-by: Ursula Braun Fixes: ef79d439cd12 ("net/smc: process llc responses in tasklet context") Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 63673597cca93ef6fa12414933da01d5806547af Author: Karsten Graul Date: Sat Jul 18 15:06:12 2020 +0200 net/smc: protect smc ib device initialization Before an smc ib device is used the first time for an smc link it is lazily initialized. When there are 2 active link groups and a new ib device is brought online then it might happen that 2 link creations run in parallel and enter smc_ib_setup_per_ibdev(). Both allocate new send and receive completion queues on the device, but only one set of them keeps assigned and the other leaks. Fix that by protecting the setup and cleanup code using a mutex. Reviewed-by: Ursula Braun Fixes: f3c1deddb21c ("net/smc: separate function for link initialization") Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 7df8bcb56053173e5e5c0e566391fa601e3e4778 Author: Karsten Graul Date: Sat Jul 18 15:06:11 2020 +0200 net/smc: fix link lookup for new rdma connections For new rdma connections the SMC server assigns the link and sends the link data in the clc accept message. To match the correct link use not only the qp_num but also the gid and the mac of the links. If there are equal qp_nums for different links the wrong link would be chosen. Reviewed-by: Ursula Braun Fixes: 0fb0b02bd6fd ("net/smc: adapt SMC client code to use the LLC flow") Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 68fd8942038f30dbb64a594dc15d9948289de42a Author: Karsten Graul Date: Sat Jul 18 15:06:10 2020 +0200 net/smc: clear link during SMC client link down processing In a link-down condition we notify the SMC server and expect that the server will finally trigger the link clear processing on the client side. This could fail when anything along this notification path goes wrong. Clear the link as part of SMC client link-down processing to prevent dangling links. Reviewed-by: Ursula Braun Fixes: 541afa10c126 ("net/smc: add smcr_port_err() and smcr_link_down() processing") Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit a35fffbf98189ba8359f19073286b2ea816255c5 Author: Karsten Graul Date: Sat Jul 18 15:06:09 2020 +0200 net/smc: handle unexpected response types for confirm link A delete link could arrive during confirm link processing. Handle this situation directly in smc_llc_srv_conf_link() rather than using the logic in smc_llc_wait() to avoid the unexpected message handling there. Reviewed-by: Ursula Braun Fixes: 1551c95b6124 ("net/smc: final part of add link processing as SMC server") Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 92188b41f1394d5e4399fcb28c13a2933f255255 Merge: efb9666e900b 25d4e7f513d4 Author: Linus Torvalds Date: Sun Jul 19 12:35:07 2020 -0700 Merge tag 'perf-tools-fixes-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into master Pull perf tooling fixes from Arnaldo Carvalho de Melo: - Update hashmap.h from libbpf and kvm.h from x86's kernel UAPI. - Set opt->set in libsubcmd's OPT_CALLBACK_SET(). This fixes 'perf record --switch-output-event event-name' usage" * tag 'perf-tools-fixes-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: tools arch kvm: Sync kvm headers with the kernel sources perf tools: Sync hashmap.h with libbpf's libsubcmd: Fix OPT_CALLBACK_SET() commit efb9666e900b6f8f079adb2ab18a7be266434cd3 Merge: 66e4b63624fc da05b143a308 Author: Linus Torvalds Date: Sun Jul 19 12:16:09 2020 -0700 Merge tag 'x86-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master Pull x86 fixes from Thomas Gleixner: "A pile of fixes for x86: - Fix the I/O bitmap invalidation on XEN PV, which was overlooked in the recent ioperm/iopl rework. This caused the TSS and XEN's I/O bitmap to get out of sync. - Use the proper vectors for HYPERV. - Make disabling of stack protector for the entry code work with GCC builds which enable stack protector by default. Removing the option is not sufficient, it needs an explicit -fno-stack-protector to shut it off. - Mark check_user_regs() noinstr as it is called from noinstr code. The missing annotation causes it to be placed in the text section which makes it instrumentable. - Add the missing interrupt disable in exc_alignment_check() - Fixup a XEN_PV build dependency in the 32bit entry code - A few fixes to make the Clang integrated assembler happy - Move EFI stub build to the right place for out of tree builds - Make prepare_exit_to_usermode() static. It's not longer called from ASM code" * tag 'x86-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/boot: Don't add the EFI stub to targets x86/entry: Actually disable stack protector x86/ioperm: Fix io bitmap invalidation on Xen PV x86: math-emu: Fix up 'cmp' insn for clang ias x86/entry: Fix vectors to IDTENTRY_SYSVEC for CONFIG_HYPERV x86/entry: Add compatibility with IAS x86/entry/common: Make prepare_exit_to_usermode() static x86/entry: Mark check_user_regs() noinstr x86/traps: Disable interrupts in exc_aligment_check() x86/entry/32: Fix XEN_PV build dependency commit 66e4b63624fcfa47f4d4e0d451f22a8f67902426 Merge: 43768f7ce099 e2a71bdea816 Author: Linus Torvalds Date: Sun Jul 19 12:06:08 2020 -0700 Merge tag 'timers-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master Pull timer fixes from Thomas Gleixner: "Two fixes for the timer wheel: - A timer which is already expired at enqueue time can set the base->next_expiry value backwards. As a consequence base->clk can be set back as well. This can lead to timers expiring early. Add a sanity check to prevent this. - When a timer is queued with an expiry time beyond the wheel capacity then it should be queued in the bucket of the last wheel level which is expiring last. The code adjusted the expiry time to the maximum wheel capacity, which is only correct when the wheel clock is 0. Aside of that the check whether the delta is larger than wheel capacity does not check the delta, it checks the expiry value itself. As a result timers can expire at random. Fix this by checking the right variable and adjust expiry time so it becomes base->clock plus capacity which places it into the outmost bucket in the last wheel level" * tag 'timers-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: timer: Fix wheel index calculation on last level timer: Prevent base->clk from moving backward commit 43768f7ce0996590cb9588de71f026f30fb35581 Merge: 9413cd7792dc 01cfcde9c26d Author: Linus Torvalds Date: Sun Jul 19 11:55:24 2020 -0700 Merge tag 'sched-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master Pull scheduler fixes from Thomas Gleixner: "A set of scheduler fixes: - Plug a load average accounting race which was introduced with a recent optimization casing load average to show bogus numbers. - Fix the rseq CPU id initialization for new tasks. sched_fork() does not update the rseq CPU id so the id is the stale id of the parent task, which can cause user space data corruption. - Handle a 0 return value of task_h_load() correctly in the load balancer, which does not decrease imbalance and therefore pulls until the maximum number of loops is reached, which might be all tasks just created by a fork bomb" * tag 'sched-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: handle case of task_h_load() returning 0 sched: Fix unreliable rseq cpu_id for new tasks sched: Fix loadavg accounting race commit 9413cd7792dc03608ec9b1f1f5c74fc54e714ed3 Merge: ce20d7bf6e00 baedb87d1b53 Author: Linus Torvalds Date: Sun Jul 19 11:53:08 2020 -0700 Merge tag 'irq-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip into master Pull irq fixes from Thomas Gleixner: "Two fixes for the interrupt subsystem: - Make the handling of the firmware node consistent and do not free the node after the domain has been created successfully. The core code stores a pointer to it which can lead to a use after free or double free. This used to "work" because the pointer was not stored when the initial code was written, but at some point later it was required to store it. Of course nobody noticed that the existing users break that way. - Handle affinity setting on inactive interrupts correctly when hierarchical irq domains are enabled. When interrupts are inactive with the modern hierarchical irqdomain design, the interrupt chips are not necessarily in a state where affinity changes can be handled. The legacy irq chip design allowed this because interrupts are immediately fully initialized at allocation time. X86 has a hacky workaround for this, but other implementations do not. This cased malfunction on GIC-V3. Instead of playing whack a mole to find all affected drivers, change the core code to store the requested affinity setting and then establish it when the interrupt is allocated, which makes the X86 hack go away" * tag 'irq-urgent-2020-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: genirq/affinity: Handle affinity setting on inactive interrupts correctly irqdomain/treewide: Keep firmware node unconditionally allocated commit ce20d7bf6e00997496d8d5322b1253584d2a0908 Merge: 8c18fc634456 c7300cdf8f68 Author: Linus Torvalds Date: Sun Jul 19 11:46:32 2020 -0700 Merge tag 'usb-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb into master Pull USB fixes from Greg KH: "Here are a few small USB fixes, and one thunderbolt fix, for 5.8-rc6. Nothing huge in here, just the normal collection of gadget, dwc2/3, serial, and other minor USB driver fixes and id additions. Full details are in the shortlog. All of these have been in linux-next for a while with no reported issues" * tag 'usb-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: USB: serial: iuu_phoenix: fix memory corruption USB: c67x00: fix use after free in c67x00_giveback_urb usb: gadget: function: fix missing spinlock in f_uac1_legacy usb: gadget: udc: atmel: fix uninitialized read in debug printk usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() usb: dwc2: Fix shutdown callback in platform usb: cdns3: trace: fix some endian issues usb: cdns3: ep0: fix some endian issues usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() usb: gadget: fix langid kernel-doc warning in usbstring.c usb: dwc3: pci: add support for the Intel Jasper Lake usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant usb: chipidea: core: add wakeup support for extcon USB: serial: option: add Quectel EG95 LTE modem thunderbolt: Fix path indices used in USB3 tunnel discovery USB: serial: ch341: add new Product ID for CH340 USB: serial: option: add GosunCn GM500 series USB: serial: cypress_m8: enable Simply Automated UPB PIM commit 8c18fc6344568bdc131436be0345d82da512bfef Merge: f932d58abc38 d9765e41d8e9 Author: Linus Torvalds Date: Sun Jul 19 11:28:23 2020 -0700 Merge tag 'dma-mapping-5.8-6' of git://git.infradead.org/users/hch/dma-mapping into master Pull dma-mapping fixes from Christoph Hellwig: "Ensure we always have fully addressable memory in the dma coherent pool (Nicolas Saenz Julienne)" * tag 'dma-mapping-5.8-6' of git://git.infradead.org/users/hch/dma-mapping: dma-pool: do not allocate pool memory from CMA dma-pool: make sure atomic pool suits device dma-pool: introduce dma_guess_pool() dma-pool: get rid of dma_in_atomic_pool() dma-direct: provide function to check physical memory area validity commit 74d6a5d5662975aed7f25952f62efbb6f6dadd29 Author: Wang Hai Date: Fri Jun 12 17:08:33 2020 +0800 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work p9_read_work and p9_fd_cancelled may be called concurrently. In some cases, req->req_list may be deleted by both p9_read_work and p9_fd_cancelled. We can fix it by ignoring replies associated with a cancelled request and ignoring cancelled request if message has been received before lock. Link: http://lkml.kernel.org/r/20200612090833.36149-1-wanghai38@huawei.com Fixes: 60ff779c4abb ("9p: client: remove unused code and any reference to "cancelled" function") Cc: # v3.12+ Reported-by: syzbot+77a25acfa0382e06ab23@syzkaller.appspotmail.com Signed-off-by: Wang Hai Signed-off-by: Dominique Martinet commit a39c46067c845a8a2d7144836e9468b7f072343e Author: Christoph Hellwig Date: Fri Jul 10 10:57:22 2020 +0200 net/9p: validate fds in p9_fd_open p9_fd_open just fgets file descriptors passed in from userspace, but doesn't verify that they are valid for read or writing. This gets cought down in the VFS when actually attempting a read or write, but a new warning added in linux-next upsets syzcaller. Fix this by just verifying the fds early on. Link: http://lkml.kernel.org/r/20200710085722.435850-1-hch@lst.de Reported-by: syzbot+e6f77e16ff68b2434a2c@syzkaller.appspotmail.com Signed-off-by: Christoph Hellwig [Dominique: amend goto as per Doug Nazar's review] Signed-off-by: Dominique Martinet commit 0d6db85131e014c128e57649793aff5aa96e065f Author: Mauro Carvalho Chehab Date: Sun Jul 19 13:29:18 2020 +0200 Revert "media: atomisp: keep the ISP powered on when setting it" changeset d0213061a501 ("media: atomisp: fix mask and shift operation on ISPSSPM0") solved the existing issue with the IUNIT power on code. So, the driver can now use the right code again. This reverts commit 95d1f398c4dc3f55e9007c89452ccc16301205fc. Signed-off-by: Mauro Carvalho Chehab commit 23988c9704f0e341d2e860476430aaf378efd129 Author: Colin Ian King Date: Thu Jul 16 15:51:38 2020 +0100 media: atomisp: fix mask and shift operation on ISPSSPM0 Currently the check on bits 25:24 on ISPSSPM0 is always 0 because the mask and shift operations are incorrect. Fix this by shifting by MRFLD_ISPSSPM0_ISPSSS_OFFSET (24 bits right) and then masking with RFLD_ISPSSPM0_ISPSSC_MASK (0x03) to get the appropriate 2 bits to check. Addresses-Coverity: ("Operands don't affect result") Fixes: 0f441fd70b1e ("media: atomisp: simplify the power down/up code") Signed-off-by: Colin Ian King Signed-off-by: Mauro Carvalho Chehab commit da05b143a308bd6a7a444401f9732678ae63fc70 Author: Arvind Sankar Date: Tue Jul 14 23:26:31 2020 -0400 x86/boot: Don't add the EFI stub to targets vmlinux-objs-y is added to targets, which currently means that the EFI stub gets added to the targets as well. It shouldn't be added since it is built elsewhere. This confuses Makefile.build which interprets the EFI stub as a target $(obj)/$(objtree)/drivers/firmware/efi/libstub/lib.a and will create drivers/firmware/efi/libstub/ underneath arch/x86/boot/compressed, to hold this supposed target, if building out-of-tree. [0] Fix this by pulling the stub out of vmlinux-objs-y into efi-obj-y. [0] See scripts/Makefile.build near the end: # Create directories for object files if they do not exist Signed-off-by: Arvind Sankar Signed-off-by: Thomas Gleixner Reviewed-by: Masahiro Yamada Acked-by: Ard Biesheuvel Link: https://lkml.kernel.org/r/20200715032631.1562882-1-nivedita@alum.mit.edu commit 58ac3154b83938515129c20aa76d456a4c9202a8 Author: Kees Cook Date: Fri Jun 26 13:34:25 2020 -0700 x86/entry: Actually disable stack protector Some builds of GCC enable stack protector by default. Simply removing the arguments is not sufficient to disable stack protector, as the stack protector for those GCC builds must be explicitly disabled. Remove the argument removals and add -fno-stack-protector. Additionally include missed x32 argument updates, and adjust whitespace for readability. Fixes: 20355e5f73a7 ("x86/entry: Exclude low level entry code from sanitizing") Signed-off-by: Kees Cook Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/202006261333.585319CA6B@keescook commit 85ebb8eb12e6fb1abdff774d9cfc926d2dc3246d Author: Mauro Carvalho Chehab Date: Sun Jul 19 07:11:00 2020 +0200 media: atomisp: move system_local consts into a C file Instead of declaring all those consts everywhere when the headers are included, just place them on a single place. This change shuts up lots of warnings when built with W=1: In file included from drivers/staging/media/atomisp/pci/ia_css_acc_types.h:23, from drivers/staging/media/atomisp/pci/ia_css.h:26, from drivers/staging/media/atomisp/pci/atomisp_compat_css20.h:24, from drivers/staging/media/atomisp/pci/atomisp_compat.h:22, from drivers/staging/media/atomisp/pci/atomisp_drvfs.c:23: ./drivers/staging/media/atomisp//pci/system_local.h:193:26: warning: ‘STREAM2MMIO_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 193 | static const hrt_address STREAM2MMIO_CTRL_BASE[N_STREAM2MMIO_ID] = { | ^~~~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:186:26: warning: ‘PIXELGEN_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 186 | static const hrt_address PIXELGEN_CTRL_BASE[N_PIXELGEN_ID] = { | ^~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:179:26: warning: ‘CSI_RX_BE_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 179 | static const hrt_address CSI_RX_BE_CTRL_BASE[N_CSI_RX_BACKEND_ID] = { | ^~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:172:26: warning: ‘CSI_RX_FE_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 172 | static const hrt_address CSI_RX_FE_CTRL_BASE[N_CSI_RX_FRONTEND_ID] = { | ^~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:165:26: warning: ‘ISYS_IRQ_BASE’ defined but not used [-Wunused-const-variable=] 165 | static const hrt_address ISYS_IRQ_BASE[N_ISYS_IRQ_ID] = { | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:158:26: warning: ‘IBUF_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 158 | static const hrt_address IBUF_CTRL_BASE[N_IBUF_CTRL_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:153:26: warning: ‘RX_BASE’ defined but not used [-Wunused-const-variable=] 153 | static const hrt_address RX_BASE[N_RX_ID] = { | ^~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:138:26: warning: ‘INPUT_SYSTEM_BASE’ defined but not used [-Wunused-const-variable=] 138 | static const hrt_address INPUT_SYSTEM_BASE[N_INPUT_SYSTEM_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:130:26: warning: ‘INPUT_FORMATTER_BASE’ defined but not used [-Wunused-const-variable=] 130 | static const hrt_address INPUT_FORMATTER_BASE[N_INPUT_FORMATTER_ID] = { | ^~~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:125:26: warning: ‘TIMED_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 125 | static const hrt_address TIMED_CTRL_BASE[N_TIMED_CTRL_ID] = { | ^~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:120:26: warning: ‘GPIO_BASE’ defined but not used [-Wunused-const-variable=] 120 | static const hrt_address GPIO_BASE[N_GPIO_ID] = { | ^~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:116:26: warning: ‘GP_TIMER_BASE’ defined but not used [-Wunused-const-variable=] 116 | static const hrt_address GP_TIMER_BASE = | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:109:26: warning: ‘GP_DEVICE_BASE’ defined but not used [-Wunused-const-variable=] 109 | static const hrt_address GP_DEVICE_BASE[N_GP_DEVICE_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:96:26: warning: ‘FIFO_MONITOR_BASE’ defined but not used [-Wunused-const-variable=] 96 | static const hrt_address FIFO_MONITOR_BASE[N_FIFO_MONITOR_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:90:26: warning: ‘GDC_BASE’ defined but not used [-Wunused-const-variable=] 90 | static const hrt_address GDC_BASE[N_GDC_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:78:26: warning: ‘IRQ_BASE’ defined but not used [-Wunused-const-variable=] 78 | static const hrt_address IRQ_BASE[N_IRQ_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:73:26: warning: ‘ISYS2401_DMA_BASE’ defined but not used [-Wunused-const-variable=] 73 | static const hrt_address ISYS2401_DMA_BASE[N_ISYS2401_DMA_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:69:26: warning: ‘DMA_BASE’ defined but not used [-Wunused-const-variable=] 69 | static const hrt_address DMA_BASE[N_DMA_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:63:26: warning: ‘MMU_BASE’ defined but not used [-Wunused-const-variable=] 63 | static const hrt_address MMU_BASE[N_MMU_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:54:26: warning: ‘SP_DMEM_BASE’ defined but not used [-Wunused-const-variable=] 54 | static const hrt_address SP_DMEM_BASE[N_SP_ID] = { | ^~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:50:26: warning: ‘SP_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 50 | static const hrt_address SP_CTRL_BASE[N_SP_ID] = { | ^~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:45:26: warning: ‘ISP_BAMEM_BASE’ defined but not used [-Wunused-const-variable=] 45 | static const hrt_address ISP_BAMEM_BASE[N_BAMEM_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:41:26: warning: ‘ISP_DMEM_BASE’ defined but not used [-Wunused-const-variable=] 41 | static const hrt_address ISP_DMEM_BASE[N_ISP_ID] = { | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:37:26: warning: ‘ISP_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 37 | static const hrt_address ISP_CTRL_BASE[N_ISP_ID] = { | ^~~~~~~~~~~~~ In file included from drivers/staging/media/atomisp/pci/ia_css_acc_types.h:23, from drivers/staging/media/atomisp/pci/ia_css.h:26, from drivers/staging/media/atomisp/pci/atomisp_file.c:27: ./drivers/staging/media/atomisp//pci/system_local.h:193:26: warning: ‘STREAM2MMIO_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 193 | static const hrt_address STREAM2MMIO_CTRL_BASE[N_STREAM2MMIO_ID] = { | ^~~~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:186:26: warning: ‘PIXELGEN_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 186 | static const hrt_address PIXELGEN_CTRL_BASE[N_PIXELGEN_ID] = { | ^~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:179:26: warning: ‘CSI_RX_BE_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 179 | static const hrt_address CSI_RX_BE_CTRL_BASE[N_CSI_RX_BACKEND_ID] = { | ^~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:172:26: warning: ‘CSI_RX_FE_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 172 | static const hrt_address CSI_RX_FE_CTRL_BASE[N_CSI_RX_FRONTEND_ID] = { | ^~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:165:26: warning: ‘ISYS_IRQ_BASE’ defined but not used [-Wunused-const-variable=] 165 | static const hrt_address ISYS_IRQ_BASE[N_ISYS_IRQ_ID] = { | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:158:26: warning: ‘IBUF_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 158 | static const hrt_address IBUF_CTRL_BASE[N_IBUF_CTRL_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:153:26: warning: ‘RX_BASE’ defined but not used [-Wunused-const-variable=] 153 | static const hrt_address RX_BASE[N_RX_ID] = { | ^~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:138:26: warning: ‘INPUT_SYSTEM_BASE’ defined but not used [-Wunused-const-variable=] 138 | static const hrt_address INPUT_SYSTEM_BASE[N_INPUT_SYSTEM_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:130:26: warning: ‘INPUT_FORMATTER_BASE’ defined but not used [-Wunused-const-variable=] 130 | static const hrt_address INPUT_FORMATTER_BASE[N_INPUT_FORMATTER_ID] = { | ^~~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:125:26: warning: ‘TIMED_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 125 | static const hrt_address TIMED_CTRL_BASE[N_TIMED_CTRL_ID] = { | ^~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:120:26: warning: ‘GPIO_BASE’ defined but not used [-Wunused-const-variable=] 120 | static const hrt_address GPIO_BASE[N_GPIO_ID] = { | ^~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:116:26: warning: ‘GP_TIMER_BASE’ defined but not used [-Wunused-const-variable=] 116 | static const hrt_address GP_TIMER_BASE = | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:109:26: warning: ‘GP_DEVICE_BASE’ defined but not used [-Wunused-const-variable=] 109 | static const hrt_address GP_DEVICE_BASE[N_GP_DEVICE_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:96:26: warning: ‘FIFO_MONITOR_BASE’ defined but not used [-Wunused-const-variable=] 96 | static const hrt_address FIFO_MONITOR_BASE[N_FIFO_MONITOR_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:90:26: warning: ‘GDC_BASE’ defined but not used [-Wunused-const-variable=] 90 | static const hrt_address GDC_BASE[N_GDC_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:78:26: warning: ‘IRQ_BASE’ defined but not used [-Wunused-const-variable=] 78 | static const hrt_address IRQ_BASE[N_IRQ_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:73:26: warning: ‘ISYS2401_DMA_BASE’ defined but not used [-Wunused-const-variable=] 73 | static const hrt_address ISYS2401_DMA_BASE[N_ISYS2401_DMA_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:69:26: warning: ‘DMA_BASE’ defined but not used [-Wunused-const-variable=] 69 | static const hrt_address DMA_BASE[N_DMA_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:63:26: warning: ‘MMU_BASE’ defined but not used [-Wunused-const-variable=] 63 | static const hrt_address MMU_BASE[N_MMU_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:54:26: warning: ‘SP_DMEM_BASE’ defined but not used [-Wunused-const-variable=] 54 | static const hrt_address SP_DMEM_BASE[N_SP_ID] = { | ^~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:50:26: warning: ‘SP_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 50 | static const hrt_address SP_CTRL_BASE[N_SP_ID] = { | ^~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:45:26: warning: ‘ISP_BAMEM_BASE’ defined but not used [-Wunused-const-variable=] 45 | static const hrt_address ISP_BAMEM_BASE[N_BAMEM_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:41:26: warning: ‘ISP_DMEM_BASE’ defined but not used [-Wunused-const-variable=] 41 | static const hrt_address ISP_DMEM_BASE[N_ISP_ID] = { | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:37:26: warning: ‘ISP_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 37 | static const hrt_address ISP_CTRL_BASE[N_ISP_ID] = { | ^~~~~~~~~~~~~ In file included from ./drivers/staging/media/atomisp//pci/ia_css_acc_types.h:23, from ./drivers/staging/media/atomisp//pci/ia_css_pipe_public.h:29, from drivers/staging/media/atomisp/pci/sh_css_legacy.h:23, from drivers/staging/media/atomisp/pci/atomisp_internal.h:34, from drivers/staging/media/atomisp/pci/atomisp_cmd.h:30, from drivers/staging/media/atomisp/pci/atomisp_csi2.c:21: ./drivers/staging/media/atomisp//pci/system_local.h:193:26: warning: ‘STREAM2MMIO_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 193 | static const hrt_address STREAM2MMIO_CTRL_BASE[N_STREAM2MMIO_ID] = { | ^~~~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:186:26: warning: ‘PIXELGEN_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 186 | static const hrt_address PIXELGEN_CTRL_BASE[N_PIXELGEN_ID] = { | ^~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:179:26: warning: ‘CSI_RX_BE_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 179 | static const hrt_address CSI_RX_BE_CTRL_BASE[N_CSI_RX_BACKEND_ID] = { | ^~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:172:26: warning: ‘CSI_RX_FE_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 172 | static const hrt_address CSI_RX_FE_CTRL_BASE[N_CSI_RX_FRONTEND_ID] = { | ^~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:165:26: warning: ‘ISYS_IRQ_BASE’ defined but not used [-Wunused-const-variable=] 165 | static const hrt_address ISYS_IRQ_BASE[N_ISYS_IRQ_ID] = { | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:158:26: warning: ‘IBUF_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 158 | static const hrt_address IBUF_CTRL_BASE[N_IBUF_CTRL_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:153:26: warning: ‘RX_BASE’ defined but not used [-Wunused-const-variable=] 153 | static const hrt_address RX_BASE[N_RX_ID] = { | ^~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:138:26: warning: ‘INPUT_SYSTEM_BASE’ defined but not used [-Wunused-const-variable=] 138 | static const hrt_address INPUT_SYSTEM_BASE[N_INPUT_SYSTEM_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:130:26: warning: ‘INPUT_FORMATTER_BASE’ defined but not used [-Wunused-const-variable=] 130 | static const hrt_address INPUT_FORMATTER_BASE[N_INPUT_FORMATTER_ID] = { | ^~~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:125:26: warning: ‘TIMED_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 125 | static const hrt_address TIMED_CTRL_BASE[N_TIMED_CTRL_ID] = { | ^~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:120:26: warning: ‘GPIO_BASE’ defined but not used [-Wunused-const-variable=] 120 | static const hrt_address GPIO_BASE[N_GPIO_ID] = { | ^~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:116:26: warning: ‘GP_TIMER_BASE’ defined but not used [-Wunused-const-variable=] 116 | static const hrt_address GP_TIMER_BASE = | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:109:26: warning: ‘GP_DEVICE_BASE’ defined but not used [-Wunused-const-variable=] 109 | static const hrt_address GP_DEVICE_BASE[N_GP_DEVICE_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:96:26: warning: ‘FIFO_MONITOR_BASE’ defined but not used [-Wunused-const-variable=] 96 | static const hrt_address FIFO_MONITOR_BASE[N_FIFO_MONITOR_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:90:26: warning: ‘GDC_BASE’ defined but not used [-Wunused-const-variable=] 90 | static const hrt_address GDC_BASE[N_GDC_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:78:26: warning: ‘IRQ_BASE’ defined but not used [-Wunused-const-variable=] 78 | static const hrt_address IRQ_BASE[N_IRQ_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:73:26: warning: ‘ISYS2401_DMA_BASE’ defined but not used [-Wunused-const-variable=] 73 | static const hrt_address ISYS2401_DMA_BASE[N_ISYS2401_DMA_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:69:26: warning: ‘DMA_BASE’ defined but not used [-Wunused-const-variable=] 69 | static const hrt_address DMA_BASE[N_DMA_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:63:26: warning: ‘MMU_BASE’ defined but not used [-Wunused-const-variable=] 63 | static const hrt_address MMU_BASE[N_MMU_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:54:26: warning: ‘SP_DMEM_BASE’ defined but not used [-Wunused-const-variable=] 54 | static const hrt_address SP_DMEM_BASE[N_SP_ID] = { | ^~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:50:26: warning: ‘SP_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 50 | static const hrt_address SP_CTRL_BASE[N_SP_ID] = { | ^~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:45:26: warning: ‘ISP_BAMEM_BASE’ defined but not used [-Wunused-const-variable=] 45 | static const hrt_address ISP_BAMEM_BASE[N_BAMEM_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:41:26: warning: ‘ISP_DMEM_BASE’ defined but not used [-Wunused-const-variable=] 41 | static const hrt_address ISP_DMEM_BASE[N_ISP_ID] = { | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:37:26: warning: ‘ISP_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 37 | static const hrt_address ISP_CTRL_BASE[N_ISP_ID] = { | ^~~~~~~~~~~~~ In file included from ./drivers/staging/media/atomisp//pci/ia_css_acc_types.h:23, from ./drivers/staging/media/atomisp//pci/ia_css_pipe_public.h:29, from drivers/staging/media/atomisp/pci/sh_css_legacy.h:23, from drivers/staging/media/atomisp/pci/atomisp_internal.h:34, from drivers/staging/media/atomisp/pci/atomisp_acc.h:23, from drivers/staging/media/atomisp/pci/atomisp_acc.c:29: ./drivers/staging/media/atomisp//pci/system_local.h:193:26: warning: ‘STREAM2MMIO_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 193 | static const hrt_address STREAM2MMIO_CTRL_BASE[N_STREAM2MMIO_ID] = { | ^~~~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:186:26: warning: ‘PIXELGEN_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 186 | static const hrt_address PIXELGEN_CTRL_BASE[N_PIXELGEN_ID] = { | ^~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:179:26: warning: ‘CSI_RX_BE_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 179 | static const hrt_address CSI_RX_BE_CTRL_BASE[N_CSI_RX_BACKEND_ID] = { | ^~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:172:26: warning: ‘CSI_RX_FE_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 172 | static const hrt_address CSI_RX_FE_CTRL_BASE[N_CSI_RX_FRONTEND_ID] = { | ^~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:165:26: warning: ‘ISYS_IRQ_BASE’ defined but not used [-Wunused-const-variable=] 165 | static const hrt_address ISYS_IRQ_BASE[N_ISYS_IRQ_ID] = { | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:158:26: warning: ‘IBUF_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 158 | static const hrt_address IBUF_CTRL_BASE[N_IBUF_CTRL_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:153:26: warning: ‘RX_BASE’ defined but not used [-Wunused-const-variable=] 153 | static const hrt_address RX_BASE[N_RX_ID] = { | ^~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:138:26: warning: ‘INPUT_SYSTEM_BASE’ defined but not used [-Wunused-const-variable=] 138 | static const hrt_address INPUT_SYSTEM_BASE[N_INPUT_SYSTEM_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:130:26: warning: ‘INPUT_FORMATTER_BASE’ defined but not used [-Wunused-const-variable=] 130 | static const hrt_address INPUT_FORMATTER_BASE[N_INPUT_FORMATTER_ID] = { | ^~~~~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:125:26: warning: ‘TIMED_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 125 | static const hrt_address TIMED_CTRL_BASE[N_TIMED_CTRL_ID] = { | ^~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:120:26: warning: ‘GPIO_BASE’ defined but not used [-Wunused-const-variable=] 120 | static const hrt_address GPIO_BASE[N_GPIO_ID] = { | ^~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:116:26: warning: ‘GP_TIMER_BASE’ defined but not used [-Wunused-const-variable=] 116 | static const hrt_address GP_TIMER_BASE = | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:109:26: warning: ‘GP_DEVICE_BASE’ defined but not used [-Wunused-const-variable=] 109 | static const hrt_address GP_DEVICE_BASE[N_GP_DEVICE_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:96:26: warning: ‘FIFO_MONITOR_BASE’ defined but not used [-Wunused-const-variable=] 96 | static const hrt_address FIFO_MONITOR_BASE[N_FIFO_MONITOR_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:90:26: warning: ‘GDC_BASE’ defined but not used [-Wunused-const-variable=] 90 | static const hrt_address GDC_BASE[N_GDC_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:78:26: warning: ‘IRQ_BASE’ defined but not used [-Wunused-const-variable=] 78 | static const hrt_address IRQ_BASE[N_IRQ_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:73:26: warning: ‘ISYS2401_DMA_BASE’ defined but not used [-Wunused-const-variable=] 73 | static const hrt_address ISYS2401_DMA_BASE[N_ISYS2401_DMA_ID] = { | ^~~~~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:69:26: warning: ‘DMA_BASE’ defined but not used [-Wunused-const-variable=] 69 | static const hrt_address DMA_BASE[N_DMA_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:63:26: warning: ‘MMU_BASE’ defined but not used [-Wunused-const-variable=] 63 | static const hrt_address MMU_BASE[N_MMU_ID] = { | ^~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:54:26: warning: ‘SP_DMEM_BASE’ defined but not used [-Wunused-const-variable=] 54 | static const hrt_address SP_DMEM_BASE[N_SP_ID] = { | ^~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:50:26: warning: ‘SP_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 50 | static const hrt_address SP_CTRL_BASE[N_SP_ID] = { | ^~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:45:26: warning: ‘ISP_BAMEM_BASE’ defined but not used [-Wunused-const-variable=] 45 | static const hrt_address ISP_BAMEM_BASE[N_BAMEM_ID] = { | ^~~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:41:26: warning: ‘ISP_DMEM_BASE’ defined but not used [-Wunused-const-variable=] 41 | static const hrt_address ISP_DMEM_BASE[N_ISP_ID] = { | ^~~~~~~~~~~~~ ./drivers/staging/media/atomisp//pci/system_local.h:37:26: warning: ‘ISP_CTRL_BASE’ defined but not used [-Wunused-const-variable=] 37 | static const hrt_address ISP_CTRL_BASE[N_ISP_ID] = { | ^~~~~~~~~~~~~ Signed-off-by: Mauro Carvalho Chehab commit 08b2bcc665eac1d53bc1394f08b0bdd3440a57cb Author: Mauro Carvalho Chehab Date: Sat Jul 18 09:51:14 2020 +0200 media: atomisp: get rid of version-specific system_local.h After removing the unused 32-bits data, the isp2401_system_local.h now contains everything that it is needed, either by isp2401 or by isp2400. So, remove code duplication. Signed-off-by: Mauro Carvalho Chehab commit 4b28ded7634cbfc37c224ae20423924e43580f3b Author: Mauro Carvalho Chehab Date: Sat Jul 18 10:26:26 2020 +0200 media: atomisp: move global stuff into a common header Right now, there are two versions of system_global.h headers. Both share a lot of common code. There are some ISP2401 specific types on one of the headers, but it doesn't conflict with the ISP2400 ones. Also, the common code is identical. So, remove code duplication by moving such code into a common header. Signed-off-by: Mauro Carvalho Chehab commit a6154805d0735bdd9149a2f44bb7433f3ef37ff9 Author: Mauro Carvalho Chehab Date: Sat Jul 18 09:30:56 2020 +0200 media: atomisp: remove non-used 32-bits consts at system_local There is an abstraction at the code in order to support 32 or 64 bits address/data length. However, for all Atom chipsets supported by this version, the size is fixed. So, cleanup the mess, removing the uused code and placing the data sizes on a single place. The end goal is to completely remove those local/global headers, replacing them by some ISP-version dependent struct, in order for the driver to decide what version it would need in runtime. Signed-off-by: Mauro Carvalho Chehab commit ecf1b4ca97117201c5e41b0e8ac6cb3c9a49cd57 Author: Mauro Carvalho Chehab Date: Sat Jul 18 09:18:10 2020 +0200 media: atomisp: get rid of some unused static vars There are several static vars declared inside the system local headers. This causes lots of warnings when W=1. Remove the unused ones. Signed-off-by: Mauro Carvalho Chehab commit ac8284569e9746c474102aaa1618c40b225a698d Author: Dan Carpenter Date: Tue Jul 14 12:55:29 2020 +0200 media: atomisp: Fix error code in ov5693_probe() If gmin_camera_platform_data() returns NULL then we should return a negative error instead of success. Fixes: 90ebe55ab886 ("media: staging: atomisp: Add driver prefix to Kconfig option and module names") Signed-off-by: Dan Carpenter Signed-off-by: Mauro Carvalho Chehab commit 3d81099c75a685d0e72cac58b96cc39a6784ff54 Author: Nicolas Boichat Date: Fri Jul 10 08:45:29 2020 +0200 media: atomisp: Replace trace_printk by pr_info trace_printk should not be used in production code, replace it call with pr_info. Signed-off-by: Nicolas Boichat Acked-by: Greg Kroah-Hartman Signed-off-by: Mauro Carvalho Chehab commit d8ebd811415117ac86418d6b987381059bb3c6e5 Author: Baidyanath Kundu Date: Wed Jul 1 18:48:42 2020 +0200 media: atomisp: Fix __func__ style warnings This patch fixes the checkpatch.pl warning: Prefer using '"%s...", __func__' to using '', this function's name, in a string Signed-off-by: Baidyanath Kundu Signed-off-by: Mauro Carvalho Chehab commit 52c6f42fed25683ee26cebe50ee7af006dfb9b29 Author: Mauro Carvalho Chehab Date: Wed Jun 17 20:52:12 2020 +0200 media: atomisp: fix help message for ISP2401 selection I'm pretty sure I named this right, but it sounds that I ended doing something weird maybe while solving some conflict. So, fix the title of this config var. Signed-off-by: Mauro Carvalho Chehab commit cea7a0449ea3fa4883bf5dc8397f000d6b67d6cd Author: Oded Gabbay Date: Sun Jul 12 23:34:57 2020 +0300 habanalabs: prevent possible out-of-bounds array access Queue index is received from the user. Therefore, we must validate it before using it to access the queue props array. Signed-off-by: Oded Gabbay Reviewed-by: Tomer Tayar commit f932d58abc38c898d7d3fe635ecb2b821a256f54 Merge: e26aeee89f54 07d3f0455002 Author: Linus Torvalds Date: Sat Jul 18 13:22:03 2020 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi into master Pull SCSI fix from James Bottomley: "One small driver fix. Although the one liner makes it sound like a cosmetic change, it's a regression fix for the megaraid_sas driver" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro commit 61710e437f2807e26a3402543bdbb7217a9c8620 Author: Daniele Albano Date: Sat Jul 18 14:15:16 2020 -0600 io_uring: always allow drain/link/hardlink/async sqe flags We currently filter these for timeout_remove/async_cancel/files_update, but we only should be filtering for fixed file and buffer select. This also causes a second read of sqe->flags, which isn't needed. Just check req->flags for the relevant bits. This then allows these commands to be used in links, for example, like everything else. Signed-off-by: Daniele Albano Signed-off-by: Jens Axboe commit e26aeee89f54e2e5867836231b4dc6448e45248b Merge: 6cf7ccba29dc c66ef39eb27f Author: Linus Torvalds Date: Sat Jul 18 12:06:11 2020 -0700 Merge tag 'hwmon-for-v5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging into master Pull hwmon fixes from Guenter Roeck: - Using SCT on some Tohsiba drives causes firmware hangs. Disable its use in the drivetemp driver. - Handle potential buffer overflows in scmi and aspeed-pwm-tacho driver. - Energy reporting does not work well on all AMD CPUs. Restrict amd_energy to known working models. - Enable reading the CPU temperature on NCT6798D using undocumented registers. - Fix read errors seen if PEC is enabled in adm1275 driver. - Fix setting the pwm1_enable in emc2103 driver. * tag 'hwmon-for-v5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (drivetemp) Avoid SCT usage on Toshiba DT01ACA family drives hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D hwmon: (adm1275) Make sure we are reading enough data for different chips hwmon: (emc2103) fix unable to change fan pwm1_enable attribute hwmon: (amd_energy) match for supported models hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow commit 6cf7ccba29dcf39ab27630c383a3844078a6d5cd Merge: 721db9dfb106 38b7c2a3ffb1 Author: Linus Torvalds Date: Sat Jul 18 11:10:06 2020 -0700 Merge tag 'riscv-for-linus-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux into master Pull RISC-V fixes from Palmer Dabbelt: "Two fixes: - 16KiB kernel stacks on rv64, which fixes a lot of crashes. - Rolling an mmiowb() into the scheduler, which when combined with Will's fix to the mmiowb()-on-spinlock should fix the PREEMPT issues we've been seeing" * tag 'riscv-for-linus-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw riscv: use 16KB kernel stack on 64-bit commit 721db9dfb106f042294f40d2dbbd6c3613c3cd61 Merge: 6a70f89cc58f f0479c4bcbd9 Author: Linus Torvalds Date: Sat Jul 18 10:45:17 2020 -0700 Merge tag 'powerpc-5.8-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux into master Pull powerpc fixes from Michael Ellerman: "Some more powerpc fixes for 5.8: - A fix to the VAS code we merged this cycle, to report the proper error code to userspace for address translation failures. And a selftest update to match. - Another fix for our pkey handling of PROT_EXEC mappings. - A fix for a crash when booting a "secure VM" under an ultravisor with certain numbers of CPUs. Thanks to: Aneesh Kumar K.V, Haren Myneni, Laurent Dufour, Sandipan Das, Satheesh Rajendran, Thiago Jung Bauermann" * tag 'powerpc-5.8-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: selftests/powerpc: Use proper error code to check fault address powerpc/vas: Report proper error code for address translation failure powerpc/pseries/svm: Fix incorrect check for shared_lppaca_size powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey commit c66ef39eb27fe123ee05082b90eb2985c33c7715 Author: Maciej S. Szmigiero Date: Sat Jul 18 14:32:10 2020 +0200 hwmon: (drivetemp) Avoid SCT usage on Toshiba DT01ACA family drives It has been observed that Toshiba DT01ACA family drives have WRITE FPDMA QUEUED command timeouts and sometimes just freeze until power-cycled under heavy write loads when their temperature is getting polled in SCT mode. The SMART mode seems to be fine, though. Let's make sure we don't use SCT mode for these drives then. While only the 3 TB model was actually caught exhibiting the problem let's play safe here to avoid data corruption and extend the ban to the whole family. Fixes: 5b46903d8bf3 ("hwmon: Driver for disk and solid state drives with temperature sensors") Cc: stable@vger.kernel.org Signed-off-by: Maciej S. Szmigiero Link: https://lore.kernel.org/r/0cb2e7022b66c6d21d3f189a12a97878d0e7511b.1595075458.git.mail@maciej.szmigiero.name Signed-off-by: Guenter Roeck commit 568e4e82128aac2c62c2c359ebebb6007fd794f9 Author: Joonho Wohn Date: Sat Jul 18 17:23:15 2020 +0900 ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S Fixed no headphone sound bug on laptop Samsung Notebook Pen S (950SBE-951SBE), by using existing patch in Linus' tree, commit 14425f1f521f (ALSA: hda/realtek: Add quirk for Samsung Notebook). This laptop uses the same ALC298 but different subsystem id 0x144dc812. I added SND_PCI_QUIRK at sound/pci/hda/patch_realtek.c Signed-off-by: Joonho Wohn Cc: Link: https://lore.kernel.org/r/CAHcbMh291aWDKiWSZoxXB4-Eru6OYRwGA4AVEdCZeYmVLo5ZxQ@mail.gmail.com Signed-off-by: Takashi Iwai commit cadfad870154e14f745ec845708bc17d166065f2 Author: Andy Lutomirski Date: Fri Jul 17 16:53:55 2020 -0700 x86/ioperm: Fix io bitmap invalidation on Xen PV tss_invalidate_io_bitmap() wasn't wired up properly through the pvop machinery, so the TSS and Xen's io bitmap would get out of sync whenever disabling a valid io bitmap. Add a new pvop for tss_invalidate_io_bitmap() to fix it. This is XSA-329. Fixes: 22fe5b0439dd ("x86/ioperm: Move TSS bitmap update to exit to user work") Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Reviewed-by: Juergen Gross Reviewed-by: Thomas Gleixner Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/d53075590e1f91c19f8af705059d3ff99424c020.1595030016.git.luto@kernel.org commit b6b415a80150ef712ab8d510cc7a8a299b88902e Author: B K Karthik Date: Sun Jun 28 06:38:33 2020 +0200 media: atomisp: i2c: atomisp-ov2680.c: fixed a brace coding style issue. Fixed a coding style issue. Signed-off-by: B K Karthik Signed-off-by: Mauro Carvalho Chehab commit fb2595456d75d688305690fb555fe8d31b18f673 Author: Colin Ian King Date: Thu Jun 11 16:08:31 2020 +0200 media: atomisp: make const arrays static, makes object smaller Don't populate const arrays on the stack but instead make them static. Makes the object code smaller by 150 bytes. Before: text data bss dec hex filename 111083 23692 64 134839 20eb7 atomisp/pci/atomisp_compat_css20.o After: text data bss dec hex filename 110773 23852 64 134689 20e21 atomisp/pci/atomisp_compat_css20.o After: (gcc version 9.3.0, amd64) Signed-off-by: Colin Ian King Signed-off-by: Mauro Carvalho Chehab commit 3a0744603a042fc2dae70845923bce0e50d634fb Author: Andy Shevchenko Date: Mon Jun 29 12:57:39 2020 +0200 media: atomisp: Clean up non-existing folders from Makefile Compiler is not happy about leftovers: cc1: warning: .../pci/hrt/: No such file or directory [-Wmissing-include-dirs] cc1: warning: .../pci/hive_isp_css_include/memory_access/: No such file or directory [-Wmissing-include-dirs] cc1: warning: .../pci/css_2400_system/hrt/: No such file or directory [-Wmissing-include-dirs] Drop them from Makefile. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit e8b4a890eddb95b8acc2073def0231ef0c77ceb0 Author: Andy Shevchenko Date: Mon Jun 29 12:57:38 2020 +0200 media: atomisp: Get rid of ACPI specifics in gmin_subdev_add() First of all ACPI HID is a part of the device name which is printed as a part of the dev_info(dev, ...); line. Second, since the only BID is left, it's a part of ACPI path, which can be printed via %pfw. Besides that, drop ACPI handle from atomisp_get_acpi_power() parameters. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 5cb30aed643545af0e6eb687eb4262e4e2583695 Author: Andy Shevchenko Date: Mon Jun 29 12:57:37 2020 +0200 media: atomisp: Provide Gmin subdev as parameter to gmin_subdev_add() Provide Gmin subdev as parameter to gmin_subdev_add() to avoid direct global variable usage. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit fecd8833cc480559a50bf2532254c2e4d3a07240 Author: Andy Shevchenko Date: Mon Jun 29 12:57:36 2020 +0200 media: atomisp: Use temporary variable for device in gmin_subdev_add() Use temporary variable for device in gmin_subdev_add(). While here, drop unused temporary variable for device in other places. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit c30f4cb2d4c785b8bd0ea1710af7a542aeca1bbe Author: Andy Shevchenko Date: Mon Jun 29 12:57:35 2020 +0200 media: atomisp: Refactor PMIC detection to a separate function Refactor PMIC detection to a separate function. In the future we may move this code somewhere else where it's more suitable. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit e4fb745c9575b0d02548ebd024c95b75fd038c03 Author: Andy Shevchenko Date: Fri Jun 26 14:19:25 2020 +0200 media: atomisp: Deduplicate return ret in gmin_i2c_write() Deduplicate return ret in gmin_i2c_write(). While here, replace 'Kernel' by 'kernel' in the message and reduce amount of LOCs. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 2e31e6f89c728ddbfc803f213823917dc705c330 Author: Andy Shevchenko Date: Fri Jun 26 14:19:21 2020 +0200 media: atomisp: Make pointer to PMIC client global When we enumerate second device when PMIC has been successfully detected to AXP, we got into troubles dereferencing NULL pointer. It seems we have to detect PMIC only once because pmic_id is a global variable and code doesn't expect the change of it: Two PMICs on one platform? It's impossible. Crash excerpt: [ 34.335237] BUG: kernel NULL pointer dereference, address: 0000000000000002 ... [ 35.652036] RIP: 0010:gmin_subdev_add.cold+0x32f/0x33e [atomisp_gmin_platform] So, as a quick fix make power a global variable. In next patches we move PMIC detection to be more independent from subdevices. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 0f46ab461e3a15ba6f9c5e0c12233b3339abc42e Author: Andy Shevchenko Date: Fri Jun 26 14:19:20 2020 +0200 media: atomisp: Don't try to parse unexpected ACPI object type There are devices with completely different _DSM() format, and accessing object as a package leads to crashes. Bail out in the case of unexpected object type. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 96310fd873897dc08274f4dfd6f8a5c3e009a5a4 Author: Andy Shevchenko Date: Fri Jun 26 14:19:19 2020 +0200 media: atomisp: make platform data more readable Add few blank lines to make platform data more readable. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 250977de59340d2bdaa83bb78e03c4c38957b998 Author: Andy Shevchenko Date: Fri Jun 26 14:19:18 2020 +0200 media: atomisp: Drop global atomisp_dev variable (easy cases) Refactor code to avoid use of atomisp_dev global variable where it's easy to achieve. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 71aecd5d63eea41bc5f6a03e3a868bbe44c2acef Author: Andy Shevchenko Date: Fri Jun 26 14:19:17 2020 +0200 media: atomisp: Replace direct access to MMIO with proper helpers We have special helpers to access MMIO. Use them. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 89027fea0d04146e6df5e5bff4672655faeb43fb Author: Andy Shevchenko Date: Fri Jun 26 14:19:16 2020 +0200 media: atomisp: Unify pdev to be pointer to struct pci_device Unify pdev to be pointer to struct pci_device. While here, reindent some (touched) lines for better readability. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 1cfc8593f42085b469fe167eec615527a84fe793 Author: Andy Shevchenko Date: Fri Jun 26 14:19:15 2020 +0200 media: atomisp: Get rid of struct pci_dev in struct atomisp_device struct atomisp device has struct device and struct pci_dev pointers which are basically duplicates of each other. Drop the latter in favour of the former. While here, unify pdev to be pointer to struct pci_device and reindent some (touched) lines for better readability. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 0697fd92e7f1fc2b0783491e3fd40d5a7e77d011 Author: Andy Shevchenko Date: Fri Jun 26 14:19:14 2020 +0200 media: atomisp: don't pass struct device_driver as parameter There is no need to pass a pointer to struct device_driver when we have an access to struct device already. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 4f307131f376e92fc038677a655a495dcb1d8ada Author: Andy Shevchenko Date: Fri Jun 26 14:19:13 2020 +0200 media: atomisp: Use proper APIs to find I²C client device by ACPI HID There are specific ACPI and I\xB2C APIs to match device by different parameters, such as ACPI HID, and retrieve an I\xB2C client. Use them instead of home grown approach. Note, it fixes a resource leak as well. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 5f55dd54994a596ce3bdb9e2a73164907ca46c03 Author: Andy Shevchenko Date: Fri Jun 26 14:19:12 2020 +0200 media: atomisp: move CCK endpoint address to generic header IOSF MBI header contains a lot of definitions, such as end point addresses of IPs. Move CCK address from AtomISP driver to generic header. While here, drop unused one. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit e651cc385a2b4b5f361468f6fe11e6199fe2ae5f Author: Andy Shevchenko Date: Fri Jun 26 14:19:11 2020 +0200 media: atomisp: Replace last use of Intel MID APIs Intel MID special header is not in use in this driver. Replace it with a better macro for now on. Signed-off-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 79317baaaea22b2b7d8bdfc1e0718f6579da88ac Author: Mauro Carvalho Chehab Date: Sun Jun 21 10:04:16 2020 +0200 media: atomisp: place all gpio parsing together Instead of parsing GPIO for two exceptions inside the logic which would be trying to use the GPIO, move the init code to the routine which adds a new gmin device. Move the notes to it too, as this helps to identify where those two GPIO settings are used, explaining why they're defaulting to -1 when not found. Tested-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 2b5b3221060cf7a694188929b362d7a6e41af928 Author: Mauro Carvalho Chehab Date: Sun Jun 21 09:42:47 2020 +0200 media: atomisp: split add from find subdev There's only one place where a subdev can be added: when the sensor driver registers it. Trying to do it elsewhere will cause problems, as the detection code needs to access the I2C bus in order to probe some things. Tested-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 1153cb48d657388d27752fecdc1bc53432942882 Author: Mauro Carvalho Chehab Date: Sun Jun 21 09:07:24 2020 +0200 media: atomisp: print info if gpio0 and gpio2 were detected If the ACPI DSDT tables provide _CRS for the camera, the GPIO core code should be able to handle them automatically. Tested-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit d6ad1c9bbadd83889080350489bc63f7ff9207f0 Author: Mauro Carvalho Chehab Date: Sun Jun 21 08:32:27 2020 +0200 media: atomisp: fix call to g_frame_interval The media core has now a check if fi->pad is bigger than zero or bigger than sd->entity.num_pads, if the media controller is defined. This causes a call to g_frame_interval to return -EINVAL. Fix it by first cleaning up the struct. Tested-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit e2c57942382dd1ace16b90c73febdd31666f2ad3 Author: Mauro Carvalho Chehab Date: Sat Jun 20 12:25:10 2020 +0200 media: atomisp: properly parse CLK PMIC on newer devices Newer devices don't place the PMIC CLK line inside an EFI var. Instead, those are found at the _PR0 table. Add a parser for it, using info stored via the DSDT table. Tested-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit d6697288d8c4b4174b77f29d302bd5f69354659b Author: Mauro Carvalho Chehab Date: Sun Jun 14 09:02:01 2020 +0200 media: atomisp: Prepare sensor support for ACPI PM Add support code for this driver to use ACPI power management. Yet, at least with known devices, this won't work without further changes. The rationale is that the ACPI handling code checks for the _PR? tables in order to know what is required to switch the device from power state D0 (_PR0) up to D3COLD (_PR3). The adev->flags.power_manageable is set to true if the device has a _PR0 table, which can be checked by calling acpi_device_power_manageable(adev). However, this only says that the device can be set to power off mode. At least on the DSDT tables we've seen so far, there's no _PR3 nor _PS3 (which would have a somewhat similar effect). So, using ACPI for power management won't work, except if adding an ACPI override logic somewhere. Tested-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 6391c63e61a76dfe4020432368cc2a7aa1273b41 Author: Mauro Carvalho Chehab Date: Sun Jun 14 08:36:23 2020 +0200 media: atomisp: reorganize the code under gmin_subdev_add() The gmin_subdev_add() currently doesn't use ACPI device power management. In order to prepare for adding support for it, let's shift some things, placing the PM-related stuff at the end of the probing logic. Let's also store the current gs on a temporary var, in order to simplify the source code. Tested-by: Andy Shevchenko Signed-off-by: Mauro Carvalho Chehab commit 9b8737788af6c76ef93e3161ee2cdc4ddcc034ca Author: Vadim Pasternak Date: Fri Jul 17 22:01:43 2020 +0300 mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 Fix wrong reading of upper pages for SFP EEPROM. According to "Memory Organization" figure in SFF-8472 spec: When reading upper pages 1, 2 and 3 the offset should be set relative to zero and I2C high address 0x51 [1010001X (A2h)] is to be used. Fixes: a45bfb5a5070 ("mlxsw: core: Extend QSFP EEPROM size for ethtool") Signed-off-by: Vadim Pasternak Reviewed-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit eea9f73e1ff9b99fbb937d41bb07c5bb2ae9ea2f Author: Murali Karicheri Date: Fri Jul 17 10:55:10 2020 -0400 net: hsr: validate address B before copying to skb Validate MAC address before copying the same to outgoing frame skb destination address. Since a node can have zero mac address for Link B until a valid frame is received over that link, this fix address the issue of a zero MAC address being in the packet. Signed-off-by: Murali Karicheri Signed-off-by: David S. Miller commit 6d6148bc78d2f002ecc67b801c5f55a0cc5184c8 Author: Murali Karicheri Date: Fri Jul 17 10:55:09 2020 -0400 net: hsr: fix incorrect lsdu size in the tag of HSR frames for small frames For small Ethernet frames with size less than minimum size 66 for HSR vs 60 for regular Ethernet frames, hsr driver currently doesn't pad the frame to make it minimum size. This results in incorrect LSDU size being populated in the HSR tag for these frames. Fix this by padding the frame to the minimum size applicable for HSR. Signed-off-by: Murali Karicheri Signed-off-by: David S. Miller commit 807abcb0883439af5ead73f3308310453b97b624 Author: Jens Axboe Date: Fri Jul 17 17:09:27 2020 -0600 io_uring: ensure double poll additions work with both request types The double poll additions were centered around doing POLL_ADD on file descriptors that use more than one waitqueue (typically one for read, one for write) when being polled. However, it can also end up being triggered for when we use poll triggered retry. For that case, we cannot safely use req->io, as that could be used by the request type itself. Add a second io_poll_iocb pointer in the structure we allocate for poll based retry, and ensure we use the right one from the two paths. Fixes: 18bceab101ad ("io_uring: allow POLL_ADD with double poll_wait() users") Signed-off-by: Jens Axboe commit 7f5f81406e2b36785f1e25fe5209edd9dd3610d7 Author: Randy Dunlap Date: Fri Jul 17 16:37:25 2020 -0700 rhashtable: drop duplicated word in Drop the doubled word "be" in a comment. Signed-off-by: Randy Dunlap Cc: Thomas Graf Cc: Herbert Xu Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller commit 2ccb0161a0e9eb06f538557d38987e436fc39b8d Author: Alexandre Belloni Date: Sat Jul 18 01:32:21 2020 +0200 net: macb: use phy_interface_mode_is_rgmii everywhere There is one RGMII check not using the phy_interface_mode_is_rgmii() helper. This prevents the driver from configuring the MAC properly when using a phy-mode that is not just rgmii, e.g. rgmii-rxid. This became an issue on sama5d3 xplained since the ksz9031 driver is hadling phy-mode properly and the phy-mode has to be set to rgmii-rxid. Fixes: bcf3440c6dd78bfe ("net: phy: micrel: add phy-mode support for the KSZ9031 PHY") Signed-off-by: Alexandre Belloni Signed-off-by: David S. Miller commit 23e500e88723f243c27e1b26c9d035d4cdd1b24a Author: Nikita Danilov Date: Fri Jul 17 23:39:49 2020 +0300 net: atlantic: disable PTP on AQC111, AQC112 This patch disables PTP on AQC111 and AQC112 due to a known HW issue, which can cause datapath issues. Ideally PTP block should have been disabled via PHY provisioning, but unfortunately many units have been shipped with enabled PTP block. Thus, we have to work around this in the driver. Fixes: dbcd6806af420 ("net: aquantia: add support for Phy access") Signed-off-by: Nikita Danilov Signed-off-by: Mark Starovoytov Signed-off-by: Igor Russkikh Signed-off-by: David S. Miller commit 6a70f89cc58f2368efa055cbcbd8b37384f6c588 Merge: 630c183b2de1 65caafd0d214 Author: Linus Torvalds Date: Fri Jul 17 16:37:52 2020 -0700 Merge tag 'nfs-for-5.8-3' of git://git.linux-nfs.org/projects/anna/linux-nfs into master Pull NFS client fixes from Anna Schumaker: "A few more NFS client bugfixes for Linux 5.8: NFS: - Fix interrupted slots by using the SEQUENCE operation SUNRPC: - revert d03727b248d0 to fix unkillable IOs xprtrdma: - Fix double-free in rpcrdma_ep_create() - Fix recursion into rpcrdma_xprt_disconnect() - Fix return code from rpcrdma_xprt_connect() - Fix handling of connect errors - Fix incorrect header size calculations" * tag 'nfs-for-5.8-3' of git://git.linux-nfs.org/projects/anna/linux-nfs: SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") xprtrdma: fix incorrect header size calculations NFS: Fix interrupted slots by sending a solo SEQUENCE operation xprtrdma: Fix handling of connect errors xprtrdma: Fix return code from rpcrdma_xprt_connect() xprtrdma: Fix recursion into rpcrdma_xprt_disconnect() xprtrdma: Fix double-free in rpcrdma_ep_create() commit 630c183b2de1a94f442564664362fc0171428640 Merge: a570f4198906 2648298a06ba Author: Linus Torvalds Date: Fri Jul 17 15:38:22 2020 -0700 Merge tag 'arm-fixes-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc into master Pull ARM SoC fixes from Arnd Bergmann: "This time there are a number of actual code fixes, plus a small set of device tree issues getting addressed: Renesas: - one defconfig cleanup to allow a later Kconfig change Intel socfpga: - enable QSPI devices on some machines - fix DTC validation warnings TI OMAP: - Two DEBUG_ATOMIC_SLEEP fixes for ti-sysc interconnect target module driver - A regression fix for ti-sysc no-idle handling that caused issues compared to earlier platform data based booting - A fix for memory leak for omap_hwmod_allocate_module - Fix d_can driver probe for am437x NXP i.MX: - A couple of fixes on i.MX platform device registration code to stop the use of invalid IRQ 0. - Fix a regression seen on ls1021a platform, caused by commit 52102a3ba6a61 ("soc: imx: move cpu code to drivers/soc/imx"). - Fix a misconfiguration of audio SSI on imx6qdl-gw551x board. Amlogic Meson: - misc DT fixes - SoC ID fixes to detect all chips correctly" * tag 'arm-fixes-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: arm64: dts: spcfpga: Align GIC, NAND and UART nodenames with dtschema ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema arm64: dts: stratix10: increase QSPI reg address in nand dts file arm64: dts: stratix10: add status to qspi dts node arm64: dts: agilex: add status to qspi dts node ARM: dts: Fix dcan driver probe failed on am437x platform ARM: OMAP2+: Fix possible memory leak in omap_hwmod_allocate_module arm64: defconfig: Enable CONFIG_PCIE_RCAR_HOST soc: imx: check ls1021a ARM: imx: Remove imx_add_imx_dma() unused irq_err argument ARM: imx: Provide correct number of resources when registering gpio devices ARM: dts: imx6qdl-gw551x: fix audio SSI bus: ti-sysc: Do not disable on suspend for no-idle bus: ti-sysc: Fix sleeping function called from invalid context for RTC quirk bus: ti-sysc: Fix wakeirq sleeping function called from invalid context ARM: dts: meson: Align L2 cache-controller nodename with dtschema arm64: dts: meson-gxl-s805x: reduce initial Mali450 core frequency arm64: dts: meson: add missing gxl rng clock soc: amlogic: meson-gx-socinfo: Fix S905X3 and S905D3 ID's commit a570f4198906a88b959ddcc56ddabc634397e810 Merge: 4ebf8d7649cd f32ed8eb0e3f Author: Linus Torvalds Date: Fri Jul 17 15:27:52 2020 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux into master Pull arm64 fixes from Will Deacon: "A batch of arm64 fixes. Although the diffstat is a bit larger than we'd usually have at this stage, a decent amount of it is the addition of comments describing our syscall tracing behaviour, and also a sweep across all the modular arm64 PMU drivers to make them rebust against unloading and unbinding. There are a couple of minor things kicking around at the moment (CPU errata and module PLTs for very large modules), but I'm not expecting any significant changes now for us in 5.8. - Fix kernel text addresses for relocatable images booting using EFI and with KASLR disabled so that they match the vmlinux ELF binary. - Fix unloading and unbinding of PMU driver modules. - Fix generic mmiowb() when writeX() is called from preemptible context (reported by the riscv folks). - Fix ptrace hardware single-step interactions with signal handlers, system calls and reverse debugging. - Fix reporting of 64-bit x0 register for 32-bit tasks via 'perf_regs'. - Add comments describing syscall entry/exit tracing ABI" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: drivers/perf: Prevent forced unbinding of PMU drivers asm-generic/mmiowb: Allow mmiowb_set_pending() when preemptible() arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() arm64: syscall: Expand the comment about ptrace and syscall(-1) arm64: ptrace: Add a comment describing our syscall entry/exit trap ABI arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return arm64: ptrace: Override SPSR.SS when single-stepping is enabled arm64: ptrace: Consistently use pseudo-singlestep exceptions drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling efi/libstub/arm64: Retain 2MB kernel Image alignment if !KASLR commit baedb87d1b53532f81b4bd0387f83b05d4f7eb9a Author: Thomas Gleixner Date: Fri Jul 17 18:00:02 2020 +0200 genirq/affinity: Handle affinity setting on inactive interrupts correctly Setting interrupt affinity on inactive interrupts is inconsistent when hierarchical irq domains are enabled. The core code should just store the affinity and not call into the irq chip driver for inactive interrupts because the chip drivers may not be in a state to handle such requests. X86 has a hacky workaround for that but all other irq chips have not which causes problems e.g. on GIC V3 ITS. Instead of adding more ugly hacks all over the place, solve the problem in the core code. If the affinity is set on an inactive interrupt then: - Store it in the irq descriptors affinity mask - Update the effective affinity to reflect that so user space has a consistent view - Don't call into the irq chip driver This is the core equivalent of the X86 workaround and works correctly because the affinity setting is established in the irq chip when the interrupt is activated later on. Note, that this is only effective when hierarchical irq domains are enabled by the architecture. Doing it unconditionally would break legacy irq chip implementations. For hierarchial irq domains this works correctly as none of the drivers can have a dependency on affinity setting in inactive state by design. Remove the X86 workaround as it is not longer required. Fixes: 02edee152d6e ("x86/apic/vector: Ignore set_affinity call for inactive interrupts") Reported-by: Ali Saidi Signed-off-by: Thomas Gleixner Tested-by: Ali Saidi Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200529015501.15771-1-alisaidi@amazon.com Link: https://lkml.kernel.org/r/877dv2rv25.fsf@nanos.tec.linutronix.de commit 0b4a66a389d1ff5dab29f688fcfe36482bc889a2 Author: Wang Hai Date: Fri Jul 17 15:10:16 2020 +0800 nfc: nci: add missed destroy_workqueue in nci_register_device When nfc_register_device fails in nci_register_device, destroy_workqueue() shouled be called to destroy ndev->tx_wq. Fixes: 3c1c0f5dc80b ("NFC: NCI: Fix nci_register_device init sequence") Reported-by: Hulk Robot Signed-off-by: Wang Hai Signed-off-by: David S. Miller commit 1291517462f7fc667ab780d92955f5796f4fd6af Merge: aba69d49fb49 a8c64542b478 Author: David S. Miller Date: Fri Jul 17 13:00:28 2020 -0700 Merge branch 'bcmgenet-WAKE_FILTER' Doug Berger says: ==================== net: bcmgenet: fix WAKE_FILTER resume from deep sleep The WAKE_FILTER logic can only wake the system from the standby power state. However, some systems that include the GENET IP support deeper power saving states and the driver should suspend and resume correctly from those states as well. This commit set squashes a few issues uncovered while testing suspend and resume from these deep sleep states. ==================== Signed-off-by: David S. Miller commit a8c64542b478e61fa17661803b590ed276205914 Author: Doug Berger Date: Thu Jul 16 16:38:17 2020 -0700 net: bcmgenet: restore HFB filters on resume The Hardware Filter Block RAM may not be preserved when the GENET block is reset during a deep sleep, so it is not sufficient to only backup and restore the enables. This commit clears out the HFB block and reprograms the rxnfc rules when the system resumes from a suspended state. To support this the bcmgenet_hfb_create_rxnfc_filter() function is modified to access the register space directly so that it can't fail due to memory allocation issues. Fixes: f50932cca632 ("net: bcmgenet: add WAKE_FILTER support") Signed-off-by: Doug Berger Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit 3d653adb4b4955addad8c3accd33e22cb99a445b Author: Doug Berger Date: Thu Jul 16 16:38:16 2020 -0700 net: bcmgenet: test RBUF_ACPI_EN when resuming When the GENET driver resumes from deep sleep the UMAC_CMD register may not be accessible and therefore should not be accessed from bcmgenet_wol_power_up_cfg() if the GENET has been reset. This commit adds a check of the RBUF_ACPI_EN flag when Wake on Filter is enabled. A clear flag indicates that the GENET hardware must have been reset so the remainder of the hardware programming is bypassed. Fixes: f50932cca632 ("net: bcmgenet: add WAKE_FILTER support") Signed-off-by: Doug Berger Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit 2f11f0df8474b2206c8cf2d5d5b98e7eff240cdf Author: Doug Berger Date: Thu Jul 16 16:38:15 2020 -0700 net: bcmgenet: test MPD_EN when resuming When the GENET driver resumes from deep sleep the UMAC_CMD register may not be accessible and therefore should not be accessed from bcmgenet_wol_power_up_cfg() if the GENET has been reset. This commit adds a check of the MPD_EN flag when Wake on Magic Packet is enabled. A clear flag indicates that the GENET hardware must have been reset so the remainder of the hardware programming is bypassed. Fixes: 1a1d5106c1e3 ("net: bcmgenet: move clk_wol management to bcmgenet_wol") Signed-off-by: Doug Berger Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit aba69d49fb49c9166596dd78926514173b7f9ab5 Author: Paolo Pisati Date: Thu Jul 16 17:51:14 2020 +0200 selftests: net: ip_defrag: modprobe missing nf_defrag_ipv6 support Fix ip_defrag.sh when CONFIG_NF_DEFRAG_IPV6=m: $ sudo ./ip_defrag.sh + set -e + mktemp -u XXXXXX + readonly NETNS=ns-rGlXcw + trap cleanup EXIT + setup + ip netns add ns-rGlXcw + ip -netns ns-rGlXcw link set lo up + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_high_thresh=9000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_low_thresh=7000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_time=1 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_high_thresh=9000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_low_thresh=7000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_time=1 + ip netns exec ns-rGlXcw sysctl -w net.netfilter.nf_conntrack_frag6_high_thresh=9000000 + cleanup + ip netns del ns-rGlXcw $ ls -la /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh ls: cannot access '/proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh': No such file or directory $ sudo modprobe nf_defrag_ipv6 $ ls -la /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh -rw-r--r-- 1 root root 0 Jul 14 12:34 /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh Signed-off-by: Paolo Pisati Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit bca9749b1aa23d964d3ab930938af66dbf887f15 Author: Wang Hai Date: Thu Jul 16 11:50:38 2020 +0800 net: smc91x: Fix possible memory leak in smc_drv_probe() If try_toggle_control_gpio() failed in smc_drv_probe(), free_netdev(ndev) should be called to free the ndev created earlier. Otherwise, a memleak will occur. Fixes: 7d2911c43815 ("net: smc91x: Fix gpios for device tree based booting") Reported-by: Hulk Robot Signed-off-by: Wang Hai Signed-off-by: David S. Miller commit e2a71bdea81690b6ef11f4368261ec6f5b6891aa Author: Frederic Weisbecker Date: Fri Jul 17 16:05:40 2020 +0200 timer: Fix wheel index calculation on last level When an expiration delta falls into the last level of the wheel, that delta has be compared against the maximum possible delay and reduced to fit in if necessary. However instead of comparing the delta against the maximum, the code compares the actual expiry against the maximum. Then instead of fixing the delta to fit in, it sets the maximum delta as the expiry value. This can result in various undesired outcomes, the worst possible one being a timer expiring 15 days ahead to fire immediately. Fixes: 500462a9de65 ("timers: Switch to a non-cascading wheel") Signed-off-by: Frederic Weisbecker Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20200717140551.29076-2-frederic@kernel.org commit cebb69754f37d68e1355a5e726fdac317bcda302 Author: Weilong Chen Date: Wed Jul 15 20:58:10 2020 +0800 rtnetlink: Fix memory(net_device) leak when ->newlink fails When vlan_newlink call register_vlan_dev fails, it might return error with dev->reg_state = NETREG_UNREGISTERED. The rtnl_newlink should free the memory. But currently rtnl_newlink only free the memory which state is NETREG_UNINITIALIZED. BUG: memory leak unreferenced object 0xffff8881051de000 (size 4096): comm "syz-executor139", pid 560, jiffies 4294745346 (age 32.445s) hex dump (first 32 bytes): 76 6c 61 6e 32 00 00 00 00 00 00 00 00 00 00 00 vlan2........... 00 45 28 03 81 88 ff ff 00 00 00 00 00 00 00 00 .E(............. backtrace: [<0000000047527e31>] kmalloc_node include/linux/slab.h:578 [inline] [<0000000047527e31>] kvmalloc_node+0x33/0xd0 mm/util.c:574 [<000000002b59e3bc>] kvmalloc include/linux/mm.h:753 [inline] [<000000002b59e3bc>] kvzalloc include/linux/mm.h:761 [inline] [<000000002b59e3bc>] alloc_netdev_mqs+0x83/0xd90 net/core/dev.c:9929 [<000000006076752a>] rtnl_create_link+0x2c0/0xa20 net/core/rtnetlink.c:3067 [<00000000572b3be5>] __rtnl_newlink+0xc9c/0x1330 net/core/rtnetlink.c:3329 [<00000000e84ea553>] rtnl_newlink+0x66/0x90 net/core/rtnetlink.c:3397 [<0000000052c7c0a9>] rtnetlink_rcv_msg+0x540/0x990 net/core/rtnetlink.c:5460 [<000000004b5cb379>] netlink_rcv_skb+0x12b/0x3a0 net/netlink/af_netlink.c:2469 [<00000000c71c20d3>] netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] [<00000000c71c20d3>] netlink_unicast+0x4c6/0x690 net/netlink/af_netlink.c:1329 [<00000000cca72fa9>] netlink_sendmsg+0x735/0xcc0 net/netlink/af_netlink.c:1918 [<000000009221ebf7>] sock_sendmsg_nosec net/socket.c:652 [inline] [<000000009221ebf7>] sock_sendmsg+0x109/0x140 net/socket.c:672 [<000000001c30ffe4>] ____sys_sendmsg+0x5f5/0x780 net/socket.c:2352 [<00000000b71ca6f3>] ___sys_sendmsg+0x11d/0x1a0 net/socket.c:2406 [<0000000007297384>] __sys_sendmsg+0xeb/0x1b0 net/socket.c:2439 [<000000000eb29b11>] do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:359 [<000000006839b4d0>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: cb626bf566eb ("net-sysfs: Fix reference count leak") Reported-by: Hulk Robot Signed-off-by: Weilong Chen Signed-off-by: David S. Miller commit 65caafd0d2145d1dd02072c4ced540624daeab40 Author: Olga Kornievskaia Date: Wed Jul 15 13:04:15 2020 -0400 SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") Reverting commit d03727b248d0 "NFSv4 fix CLOSE not waiting for direct IO compeletion". This patch made it so that fput() by calling inode_dio_done() in nfs_file_release() would wait uninterruptably for any outstanding directIO to the file (but that wait on IO should be killable). The problem the patch was also trying to address was REMOVE returning ERR_ACCESS because the file is still opened, is supposed to be resolved by server returning ERR_FILE_OPEN and not ERR_ACCESS. Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit 4ebf8d7649cd86c41c41bf48da4b7761da2d5009 Merge: c9ea87dc6c3f 681fda8d27a6 Author: Linus Torvalds Date: Fri Jul 17 10:47:51 2020 -0700 Merge tag 'io_uring-5.8-2020-07-17' of git://git.kernel.dk/linux-block into master Pull io_uring fix from Jens Axboe: "Fix for a case where, with automatic buffer selection, we can leak the buffer descriptor for recvmsg" * tag 'io_uring-5.8-2020-07-17' of git://git.kernel.dk/linux-block: io_uring: fix recvmsg memory leak with buffer selection commit c9ea87dc6c3f48a8de02019fe52472a6cdfedd65 Merge: 0dd68a34eccd 1f273e255b28 Author: Linus Torvalds Date: Fri Jul 17 10:45:36 2020 -0700 Merge tag 'block-5.8-2020-07-17' of git://git.kernel.dk/linux-block into master Pull block fix from Jens Axboe: "Single NVMe multipath capacity fix" * tag 'block-5.8-2020-07-17' of git://git.kernel.dk/linux-block: nvme: explicitly update mpath disk capacity on revalidation commit 0dd68a34eccd598109eb845d107a7e8e196745db Merge: 44fea37378bf 31070f6ccec0 Author: Linus Torvalds Date: Fri Jul 17 10:36:19 2020 -0700 Merge tag 'fuse-fixes-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse into master Pull fuse fixes from Miklos Szeredi: - two regressions in this cycle caused by the conversion of writepage list to an rb_tree - two regressions in v5.4 cause by the conversion to the new mount API - saner behavior of fsconfig(2) for the reconfigure case - an ancient issue with FS_IOC_{GET,SET}FLAGS ioctls * tag 'fuse-fixes-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS fuse: don't ignore errors from fuse_writepages_fill() fuse: clean up condition for writepage sending fuse: reject options on reconfigure via fsconfig(2) fuse: ignore 'data' argument of mount(..., MS_REMOUNT) fuse: use ->reconfigure() instead of ->remount_fs() fuse: fix warning in tree_insert() and clean up writepage insertion fuse: move rb_erase() before tree_insert() commit 44fea37378bf735de63263d558763ce50fca05ef Merge: 33b9108f0429 4518dfcf761e Author: Linus Torvalds Date: Fri Jul 17 10:29:19 2020 -0700 Merge tag 'ovl-fixes-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs into master Pull overlayfs fixes from Miklos Szeredi: - fix a regression introduced in v4.20 in handling a regenerated squashfs lower layer - two regression fixes for this cycle, one of which is Oops inducing - miscellaneous issues * tag 'ovl-fixes-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: fix lookup of indexed hardlinks with metacopy ovl: fix unneeded call to ovl_change_flags() ovl: fix mount option checks for nfs_export with no upperdir ovl: force read-only sb on failure to create index dir ovl: fix regression with re-formatted lower squashfs ovl: fix oops in ovl_indexdir_cleanup() with nfs_export=on ovl: relax WARN_ON() when decoding lower directory file handle ovl: remove not used argument in ovl_check_origin ovl: change ovl_copy_up_flags static ovl: inode reference leak in ovl_is_inuse true case. commit 56a1c778c7663a3068a59b4cb8c8fd27506b3eca Author: Min Li Date: Tue Jul 14 13:15:20 2020 -0400 docs: ptp.rst: add support for Renesas (IDT) ClockMatrix Add below to “Ancillary clock features” section - Low Pass Filter (LPF) access from user space Add below to list of “Supported hardware” section + Renesas (IDT) ClockMatrix™ Signed-off-by: Min Li Signed-off-by: David S. Miller commit 33b9108f04298bab93d41a452a0551db8ee9eec7 Merge: 8da822e8a573 ed7815db70d1 Author: Linus Torvalds Date: Fri Jul 17 10:24:09 2020 -0700 Merge tag 'spi-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into master Pull spi fixes from Mark Brown: "A couple of small driver specific fixes for fairly minor issues" * tag 'spi-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate spi: mediatek: use correct SPI_CFG2_REG MACRO commit 8da822e8a573767c4777a4b3f11ee12954a8cd0e Merge: ee43695571c2 412847fb4733 Author: Linus Torvalds Date: Fri Jul 17 10:20:26 2020 -0700 Merge tag 'regulator-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator into master Pull regulator fixes from Mark Brown: "The more substantial fix here is the rename of the da903x driver which fixes a collision with the parent MFD driver name which caused issues when things were built as modules. There's also a fix for a mislableled regulator on the pmi8994 which is quite important for systems with that device" * tag 'regulator-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: MAINTAINERS: remove obsolete entry after file renaming regulator: rename da903x to da903x-regulator regulator: qcom_smd: Fix pmi8994 label commit ee43695571c258c0945d4c456ea85b2af9aafdf4 Merge: 60541fb62438 299632e54b2e Author: Linus Torvalds Date: Fri Jul 17 09:58:18 2020 -0700 Merge tag 'regmap-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap into master Pull regmap fixes from Mark Brown: "A couple of substantial fixes here, one from Doug which fixes the debugfs code for MMIO regmaps (fortunately not the common case) and one from Marc fixing lookups of multiple regmaps for the same device (a very unusual case). There's also a fix for Kconfig to ensure we enable SoundWire properly" * tag 'regmap-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap: regmap: debugfs: Don't sleep while atomic for fast_io regmaps regmap: add missing dependency on SoundWire regmap: dev_get_regmap_match(): fix string comparison commit 60541fb62438c6abd821874cfc3a24d280d1cbbf Merge: a238ac2d6aa5 e13762abf38e Author: Linus Torvalds Date: Fri Jul 17 09:43:13 2020 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid into master Pull HID fixes from Jiri Kosina: - linked list race condition fix in hid-steam driver from Rodrigo Rivas Costa - assorted deviceID-specific quirks and other small cosmetic cleanups * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid: HID: logitech-hidpp: avoid repeated "multiplier = " log messages HID: logitech: Use HIDPP_RECEIVER_INDEX instead of 0xff HID: quirks: Ignore Simply Automated UPB PIM HID: apple: Disable Fn-key key-re-mapping on clone keyboards MAINTAINERS: update uhid and hid-wiimote entry HID: steam: fixes race in handling device list. HID: magicmouse: do not set up autorepeat HID: alps: support devices with report id 2 HID: quirks: Always poll Obins Anne Pro 2 keyboard HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override commit 38b7c2a3ffb1fce8358ddc6006cfe5c038ff9963 Author: Palmer Dabbelt Date: Thu Jul 16 11:57:26 2020 -0700 RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw While digging through the recent mmiowb preemption issue it came up that we aren't actually preventing IO from crossing a scheduling boundary. While it's a bit ugly to overload smp_mb__after_spinlock() with this behavior, it's what PowerPC is doing so there's some precedent. Signed-off-by: Palmer Dabbelt commit d3bbc28bd3457d3629cf6b325478f7ec7e3da96c Merge: 60379ba08532 fe0a53044b4b Author: Takashi Iwai Date: Fri Jul 17 18:19:02 2020 +0200 Merge tag 'asoc-fix-v5.8-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v5.8 An awful lot of mostly small fixes here, mainly for x86 based platforms and the CODEC drivers mainly used on them. For the most part this is either minor device specific stuff which seems to come from detailed testing or robustness against errors which comes from people having done some fuzzing runs aginst the topology code. commit 2648298a06ba7e902c4489a15c0db26032813c7b Merge: f7d96b86e0c1 681a5c71fb82 Author: Arnd Bergmann Date: Fri Jul 17 18:01:41 2020 +0200 Merge tag 'socfpga_fixes_for_v5.8_v2' of git://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux into arm/fixes arm/arm64: dts: socfpga: fixes for v5.8 - Add status = "okay" in QSPI - Increase QSPI size in reg property - Fix dtschema for SoCFPGA platforms * tag 'socfpga_fixes_for_v5.8_v2' of git://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux: arm64: dts: spcfpga: Align GIC, NAND and UART nodenames with dtschema ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema arm64: dts: stratix10: increase QSPI reg address in nand dts file arm64: dts: stratix10: add status to qspi dts node arm64: dts: agilex: add status to qspi dts node Link: https://lore.kernel.org/r/20200717155758.18233-1-dinguyen@kernel.org Signed-off-by: Arnd Bergmann commit f7d96b86e0c15f22dbfad2997e12a072d6d25b18 Merge: b041ef0e58d1 fecc5cfcd55f Author: Arnd Bergmann Date: Fri Jul 17 15:35:23 2020 +0200 Merge tag 'renesas-fixes-for-v5.8-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel into arm/fixes Renesas fixes for v5.8 - Replace CONFIG_PCIE_RCAR by CONFIG_PCIE_RCAR_HOST in the defconfig, to unblock a planned Kconfig change. * tag 'renesas-fixes-for-v5.8-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel: arm64: defconfig: Enable CONFIG_PCIE_RCAR_HOST Link: https://lore.kernel.org/r/20200717100523.15418-1-geert+renesas@glider.be Signed-off-by: Arnd Bergmann commit a238ac2d6aa587168db943661646883126f3c3fd Merge: 8882572675c1 5734e509d5d5 Author: Linus Torvalds Date: Fri Jul 17 08:48:19 2020 -0700 Merge tag 'sound-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound into master Pull sound fixes from Takashi Iwai: "No surprise here, just a few device-specific small fixes: two fixes for USB LINE6 and one for USB-audio drivers wrt syzkaller fuzzer issues, while the rest are all HD-audio Realtek quirks" * tag 'sound-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek - fixup for yet another Intel reference board ALSA: hda/realtek - Enable Speaker for ASUS UX563 ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 ALSA: hda/realtek - change to suitable link model for ASUS platform ALSA: usb-audio: Fix race against the error recovery URB submission ALSA: line6: Sync the pending work cancel at disconnection ALSA: line6: Perform sanity check for each URB creation commit b872d0640840018669032b20b6375a478ed1f923 Author: Zeng Tao Date: Wed Jul 15 15:34:41 2020 +0800 vfio/pci: fix racy on error and request eventfd ctx The vfio_pci_release call will free and clear the error and request eventfd ctx while these ctx could be in use at the same time in the function like vfio_pci_request, and it's expected to protect them under the vdev->igate mutex, which is missing in vfio_pci_release. This issue is introduced since commit 1518ac272e78 ("vfio/pci: fix memory leaks of eventfd ctx"),and since commit 5c5866c593bb ("vfio/pci: Clear error and request eventfd ctx after releasing"), it's very easily to trigger the kernel panic like this: [ 9513.904346] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 [ 9513.913091] Mem abort info: [ 9513.915871] ESR = 0x96000006 [ 9513.918912] EC = 0x25: DABT (current EL), IL = 32 bits [ 9513.924198] SET = 0, FnV = 0 [ 9513.927238] EA = 0, S1PTW = 0 [ 9513.930364] Data abort info: [ 9513.933231] ISV = 0, ISS = 0x00000006 [ 9513.937048] CM = 0, WnR = 0 [ 9513.940003] user pgtable: 4k pages, 48-bit VAs, pgdp=0000007ec7d12000 [ 9513.946414] [0000000000000008] pgd=0000007ec7d13003, p4d=0000007ec7d13003, pud=0000007ec728c003, pmd=0000000000000000 [ 9513.956975] Internal error: Oops: 96000006 [#1] PREEMPT SMP [ 9513.962521] Modules linked in: vfio_pci vfio_virqfd vfio_iommu_type1 vfio hclge hns3 hnae3 [last unloaded: vfio_pci] [ 9513.972998] CPU: 4 PID: 1327 Comm: bash Tainted: G W 5.8.0-rc4+ #3 [ 9513.980443] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B270.01 05/08/2020 [ 9513.989274] pstate: 80400089 (Nzcv daIf +PAN -UAO BTYPE=--) [ 9513.994827] pc : _raw_spin_lock_irqsave+0x48/0x88 [ 9513.999515] lr : eventfd_signal+0x6c/0x1b0 [ 9514.003591] sp : ffff800038a0b960 [ 9514.006889] x29: ffff800038a0b960 x28: ffff007ef7f4da10 [ 9514.012175] x27: ffff207eefbbfc80 x26: ffffbb7903457000 [ 9514.017462] x25: ffffbb7912191000 x24: ffff007ef7f4d400 [ 9514.022747] x23: ffff20be6e0e4c00 x22: 0000000000000008 [ 9514.028033] x21: 0000000000000000 x20: 0000000000000000 [ 9514.033321] x19: 0000000000000008 x18: 0000000000000000 [ 9514.038606] x17: 0000000000000000 x16: ffffbb7910029328 [ 9514.043893] x15: 0000000000000000 x14: 0000000000000001 [ 9514.049179] x13: 0000000000000000 x12: 0000000000000002 [ 9514.054466] x11: 0000000000000000 x10: 0000000000000a00 [ 9514.059752] x9 : ffff800038a0b840 x8 : ffff007ef7f4de60 [ 9514.065038] x7 : ffff007fffc96690 x6 : fffffe01faffb748 [ 9514.070324] x5 : 0000000000000000 x4 : 0000000000000000 [ 9514.075609] x3 : 0000000000000000 x2 : 0000000000000001 [ 9514.080895] x1 : ffff007ef7f4d400 x0 : 0000000000000000 [ 9514.086181] Call trace: [ 9514.088618] _raw_spin_lock_irqsave+0x48/0x88 [ 9514.092954] eventfd_signal+0x6c/0x1b0 [ 9514.096691] vfio_pci_request+0x84/0xd0 [vfio_pci] [ 9514.101464] vfio_del_group_dev+0x150/0x290 [vfio] [ 9514.106234] vfio_pci_remove+0x30/0x128 [vfio_pci] [ 9514.111007] pci_device_remove+0x48/0x108 [ 9514.115001] device_release_driver_internal+0x100/0x1b8 [ 9514.120200] device_release_driver+0x28/0x38 [ 9514.124452] pci_stop_bus_device+0x68/0xa8 [ 9514.128528] pci_stop_and_remove_bus_device+0x20/0x38 [ 9514.133557] pci_iov_remove_virtfn+0xb4/0x128 [ 9514.137893] sriov_disable+0x3c/0x108 [ 9514.141538] pci_disable_sriov+0x28/0x38 [ 9514.145445] hns3_pci_sriov_configure+0x48/0xb8 [hns3] [ 9514.150558] sriov_numvfs_store+0x110/0x198 [ 9514.154724] dev_attr_store+0x44/0x60 [ 9514.158373] sysfs_kf_write+0x5c/0x78 [ 9514.162018] kernfs_fop_write+0x104/0x210 [ 9514.166010] __vfs_write+0x48/0x90 [ 9514.169395] vfs_write+0xbc/0x1c0 [ 9514.172694] ksys_write+0x74/0x100 [ 9514.176079] __arm64_sys_write+0x24/0x30 [ 9514.179987] el0_svc_common.constprop.4+0x110/0x200 [ 9514.184842] do_el0_svc+0x34/0x98 [ 9514.188144] el0_svc+0x14/0x40 [ 9514.191185] el0_sync_handler+0xb0/0x2d0 [ 9514.195088] el0_sync+0x140/0x180 [ 9514.198389] Code: b9001020 d2800000 52800022 f9800271 (885ffe61) [ 9514.204455] ---[ end trace 648de00c8406465f ]--- [ 9514.212308] note: bash[1327] exited with preempt_count 1 Cc: Qian Cai Cc: Alex Williamson Fixes: 1518ac272e78 ("vfio/pci: fix memory leaks of eventfd ctx") Signed-off-by: Zeng Tao Signed-off-by: Alex Williamson commit c2942c4363ceb8bbce12c2db8f42d8bbbf5bb0ef Author: Mauro Carvalho Chehab Date: Sat Jun 13 08:46:25 2020 +0200 media: atomisp: fix the handling of clock number Right now, the driver is not doing the right thing to detect the clock like used by the sensor, at least on devices without the gmin's EFI vars. Add some notes at the code to explain why and skip the wrong value provided by the _DSM table. Signed-off-by: Mauro Carvalho Chehab commit 25d4e7f513d4f8afcf81cb6f00edf1248b0ff8fc Author: Arnaldo Carvalho de Melo Date: Fri Jul 17 09:39:16 2020 -0300 tools arch kvm: Sync kvm headers with the kernel sources To pick up the changes from: 83d31e5271ac ("KVM: nVMX: fixes for preemption timer migration") That don't entail changes in tooling. This silences these tools/perf build warnings: Warning: Kernel ABI header at 'tools/arch/x86/include/uapi/asm/kvm.h' differs from latest version at 'arch/x86/include/uapi/asm/kvm.h' diff -u tools/arch/x86/include/uapi/asm/kvm.h arch/x86/include/uapi/asm/kvm.h Cc: Adrian Hunter Cc: Jiri Olsa Cc: Namhyung Kim Cc: Paolo Bonzini Signed-off-by: Arnaldo Carvalho de Melo commit 94fddb7ad019ad9f14d33cd0a6cd159a52a082b8 Author: Arnaldo Carvalho de Melo Date: Fri Jul 17 09:35:18 2020 -0300 perf tools: Sync hashmap.h with libbpf's To pick up the changes in: b2f9f1535bb9 ("libbpf: Fix libbpf hashmap on (I)LP32 architectures") Silencing this warning: Warning: Kernel ABI header at 'tools/perf/util/hashmap.h' differs from latest version at 'tools/lib/bpf/hashmap.h' diff -u tools/perf/util/hashmap.h tools/lib/bpf/hashmap.h I'll eventually update the warning to remove the "Kernel ABI" part and instead state libbpf when noticing that the original is at "tools/lib/something". Cc: Adrian Hunter Cc: Alexei Starovoitov Cc: Andrii Nakryiko Cc: Jakub Bogusz Cc: Jiri Olsa Cc: Namhyung Kim Ian Rogers Signed-off-by: Arnaldo Carvalho de Melo commit a2db71b9123492e67210985867b332db09eec0cf Author: Ravi Bangoria Date: Fri Jun 19 19:04:11 2020 +0530 libsubcmd: Fix OPT_CALLBACK_SET() Any option macro with _SET suffix should set opt->set variable which is not happening for OPT_CALLBACK_SET(). This is causing issues with perf record --switch-output-event. Fix that. Before: # ./perf record --overwrite -e sched:*switch,syscalls:sys_enter_mmap \ --switch-output-event syscalls:sys_enter_mmap ^C[ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.297 MB perf.data (657 samples) ] After: $ ./perf record --overwrite -e sched:*switch,syscalls:sys_enter_mmap \ --switch-output-event syscalls:sys_enter_mmap [ perf record: dump data: Woken up 1 times ] [ perf record: Dump perf.data.2020061918144542 ] [ perf record: dump data: Woken up 1 times ] [ perf record: Dump perf.data.2020061918144608 ] [ perf record: dump data: Woken up 1 times ] [ perf record: Dump perf.data.2020061918144660 ] ^C[ perf record: dump data: Woken up 1 times ] [ perf record: Dump perf.data.2020061918144784 ] [ perf record: Woken up 0 times to write data ] [ perf record: Dump perf.data.2020061918144803 ] [ perf record: Captured and wrote 0.419 MB perf.data. ] Fixes: 636eb4d001b1 ("libsubcmd: Introduce OPT_CALLBACK_SET()") Signed-off-by: Ravi Bangoria Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Link: http://lore.kernel.org/lkml/20200619133412.50705-1-ravi.bangoria@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo commit baa1841eb797eadce6c907bdaed7cd6f01815404 Author: Chen-Yu Tsai Date: Sat Jul 11 09:10:30 2020 +0800 drm: sun4i: hdmi: Fix inverted HPD result When the extra HPD polling in sun4i_hdmi was removed, the result of HPD was accidentally inverted. Fix this by inverting the check. Fixes: bda8eaa6dee7 ("drm: sun4i: hdmi: Remove extra HPD polling") Signed-off-by: Chen-Yu Tsai Tested-by: Mans Rullgard Signed-off-by: Maxime Ripard Link: https://patchwork.freedesktop.org/patch/msgid/20200711011030.21997-1-wens@kernel.org commit b279b1fe5799cf653de3822ca253f5d21639d90a Merge: 3e543a4d3001 788cacf30887 Author: Greg Kroah-Hartman Date: Fri Jul 17 11:56:58 2020 +0200 Merge tag 'misc-habanalabs-fixes-2020-07-10' of git://people.freedesktop.org/~gabbayo/linux into char-misc-linus This tag contains the following fixes for 5.8-rc4/5: - Prevent user from using command WREG_BULK in PCI DMA channel. The command won't be parsed correctly by the driver and will cause unknown behavior. As the user doesn't need to use that command in that channel, its better to just prevent it completely. - Change the interface of the clock gating debugfs property from true/false to bitmask with bit per engine. This will allow the user to debug the ASIC while disabling the clock gating feature with fine-grain granularity. - Increase message-to-ASIC-CPU timeout to 4s (from 100ms/1s). The ASIC CPU might respond sometimes after a large delay due to slow external interfaces (such as temperature sensors) and that will result in a driver timeout which will lead to ASIC reset. * tag 'misc-habanalabs-fixes-2020-07-10' of git://people.freedesktop.org/~gabbayo/linux: habanalabs: set 4s timeout for message to device CPU habanalabs: set clock gating per engine habanalabs: block WREG_BULK packet on PDMA commit f32ed8eb0e3f0d0ef4ddb854554d60ca5863a9f9 Author: Qi Liu Date: Fri Jul 17 16:49:23 2020 +0800 drivers/perf: Prevent forced unbinding of PMU drivers Forcefully unbinding PMU drivers during perf sampling will lead to a kernel panic, because the perf upper-layer framework call a NULL pointer in this situation. To solve this issue, "suppress_bind_attrs" should be set to true, so that bind/unbind can be disabled via sysfs and prevent unbinding PMU drivers during perf sampling. Signed-off-by: Qi Liu Reviewed-by: John Garry Link: https://lore.kernel.org/r/1594975763-32966-1-git-send-email-liuqi115@huawei.com Signed-off-by: Will Deacon commit 66673f96f0f968b991dc38be06102246919c663c Author: Liu Jian Date: Fri Jul 17 17:01:21 2020 +0800 ieee802154: fix one possible memleak in adf7242_probe When probe fail, we should destroy the workqueue. Fixes: 2795e8c25161 ("net: ieee802154: fix a potential NULL pointer dereference") Signed-off-by: Liu Jian Acked-by: Michael Hennerich Link: https://lore.kernel.org/r/20200717090121.2143-1-liujian56@huawei.com Signed-off-by: Stefan Schmidt commit bd024e82e4cd95c7f1a475a55f99871936c2b2db Author: Will Deacon Date: Thu Jul 16 12:28:16 2020 +0100 asm-generic/mmiowb: Allow mmiowb_set_pending() when preemptible() Although mmiowb() is concerned only with serialising MMIO writes occuring in contexts where a spinlock is held, the call to mmiowb_set_pending() from the MMIO write accessors can occur in preemptible contexts, such as during driver probe() functions where ordering between CPUs is not usually a concern, assuming that the task migration path provides the necessary ordering guarantees. Unfortunately, the default implementation of mmiowb_set_pending() is not preempt-safe, as it makes use of a a per-cpu variable to track its internal state. This has been reported to generate the following splat on riscv: | BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1 | caller is regmap_mmio_write32le+0x1c/0x46 | CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.8.0-rc3-hfu+ #1 | Call Trace: | walk_stackframe+0x0/0x7a | dump_stack+0x6e/0x88 | regmap_mmio_write32le+0x18/0x46 | check_preemption_disabled+0xa4/0xaa | regmap_mmio_write32le+0x18/0x46 | regmap_mmio_write+0x26/0x44 | regmap_write+0x28/0x48 | sifive_gpio_probe+0xc0/0x1da Although it's possible to fix the driver in this case, other splats have been seen from other drivers, including the infamous 8250 UART, and so it's better to address this problem in the mmiowb core itself. Fix mmiowb_set_pending() by using the raw_cpu_ptr() to get at the mmiowb state and then only updating the 'mmiowb_pending' field if we are not preemptible (i.e. we have a non-zero nesting count). Cc: Arnd Bergmann Cc: Paul Walmsley Cc: Guo Ren Cc: Michael Ellerman Reported-by: Palmer Dabbelt Reported-by: Emil Renner Berthing Tested-by: Emil Renner Berthing Reviewed-by: Palmer Dabbelt Acked-by: Palmer Dabbelt Link: https://lore.kernel.org/r/20200716112816.7356-1-will@kernel.org Signed-off-by: Will Deacon commit 60379ba08532eca861e933b389526a4dc89e0c42 Author: Takashi Iwai Date: Fri Jul 17 10:40:23 2020 +0200 ALSA: info: Drop WARN_ON() from buffer NULL sanity check snd_info_get_line() has a sanity check of NULL buffer -- both buffer itself being NULL and buffer->buffer being NULL. Basically both checks are valid and necessary, but the problem is that it's with snd_BUG_ON() macro that triggers WARN_ON(). The latter condition (NULL buffer->buffer) can be met arbitrarily by user since the buffer is allocated at the first write, so it means that user can trigger WARN_ON() at will. This patch addresses it by simply moving buffer->buffer NULL check out of snd_BUG_ON() so that spurious WARNING is no longer triggered. Reported-by: syzbot+e42d0746c3c3699b6061@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/20200717084023.5928-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit 95a35b42bc6e5d8ce7baff8aefed10e9829e7ae5 Author: Sabrina Dubroca Date: Thu Jul 16 10:09:03 2020 +0200 xfrm: policy: fix IPv6-only espintcp compilation In case we're compiling espintcp support only for IPv6, we should still initialize the common code. Fixes: 26333c37fc28 ("xfrm: add IPv6 support for espintcp") Signed-off-by: Sabrina Dubroca Signed-off-by: Steffen Klassert commit e229c877cde141a4c46cb603a341ce8c909e9a98 Author: Sabrina Dubroca Date: Thu Jul 16 10:09:02 2020 +0200 espintcp: recv() should return 0 when the peer socket is closed man 2 recv says: RETURN VALUE When a stream socket peer has performed an orderly shutdown, the return value will be 0 (the traditional "end-of-file" return). Currently, this works for blocking reads, but non-blocking reads will return -EAGAIN. This patch overwrites that return value when the peer won't send us any more data. Fixes: e27cca96cd68 ("xfrm: add espintcp (RFC 8229)") Reported-by: Andrew Cagney Tested-by: Andrew Cagney Signed-off-by: Sabrina Dubroca Signed-off-by: Steffen Klassert commit ac1321efb14284f5572dcba57aa9da362faba751 Author: Sabrina Dubroca Date: Thu Jul 16 10:09:01 2020 +0200 espintcp: support non-blocking sends Currently, non-blocking sends from userspace result in EOPNOTSUPP. To support this, we need to tell espintcp_sendskb_locked() and espintcp_sendskmsg_locked() that non-blocking operation was requested from espintcp_sendmsg(). Fixes: e27cca96cd68 ("xfrm: add espintcp (RFC 8229)") Reported-by: Andrew Cagney Tested-by: Andrew Cagney Signed-off-by: Sabrina Dubroca Signed-off-by: Steffen Klassert commit 8882572675c1bb1cc544f4e229a11661f1fc52e4 Merge: 07a56bb875af adbe8a3cae94 Author: Linus Torvalds Date: Thu Jul 16 21:39:51 2020 -0700 Merge tag 'drm-fixes-2020-07-17-1' of git://anongit.freedesktop.org/drm/drm into master Pull drm fixes from Dave Airlie: "Weekly fixes pull, big bigger than I'd normally like, but they are fairly scattered and small individually. The vmwgfx one is a black screen regression, otherwise the largest is an MST encoder fix for amdgpu which results in a WARN in some cases, and a scattering of i915 fixes. I'm tracking two regressions at the moment that hopefully we get nailed down this week for rc7. dma-buf: - sleeping atomic fix amdgpu: - Fix a race condition with KIQ - Preemption fix - Fix handling of fake MST encoders - OLED panel fix - Handle allocation failure in stream construction - Renoir SMC fix - SDMA 5.x fix i915: - FBC w/a stride fix - Fix use-after-free fix on module reload - Ignore irq enabling on the virtual engines to fix device sleep - Use GTT when saving/restoring engine GPR - Fix selftest sort function vmwgfx: - black screen fix aspeed: - fbcon init warn fix" * tag 'drm-fixes-2020-07-17-1' of git://anongit.freedesktop.org/drm/drm: drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() drm/amdgpu/powerplay: Modify SMC message name for setting power profile mode drm/amd/display: handle failed allocation during stream construction drm/amd/display: OLED panel backlight adjust not work with external display connected drm/amdgpu/display: create fake mst encoders ahead of time (v4) drm/amdgpu: fix preemption unit test drm/amdgpu/gfx10: fix race condition for kiq drm/i915: Recalculate FBC w/a stride when needed drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. drm/i915/gt: Only swap to a random sibling once upon creation drm/i915/gt: Ignore irq enabling on the virtual engines drm/i915/perf: Use GTT when saving/restoring engine GPR drm/i915/selftests: Fix compare functions provided for sorting drm/vmwgfx: fix update of display surface when resolution changes dmabuf: use spinlock to access dmabuf->name drm/aspeed: Call drm_fbdev_generic_setup after drm_dev_register commit adbe8a3cae94a63e9f416795c750237a9b789124 Merge: 524d4f71e755 05051496b262 Author: Dave Airlie Date: Fri Jul 17 13:29:00 2020 +1000 Merge tag 'amd-drm-fixes-5.8-2020-07-15' of git://people.freedesktop.org/~agd5f/linux into drm-fixes amd-drm-fixes-5.8-2020-07-15: amdgpu: - Fix a race condition with KIQ - Preemption fix - Fix handling of fake MST encoders - OLED panel fix - Handle allocation failure in stream construction - Renoir SMC fix - SDMA 5.x fix Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20200715213914.3994-1-alexander.deucher@amd.com commit 01cfcde9c26d8555f0e6e9aea9d6049f87683998 Author: Vincent Guittot Date: Fri Jul 10 17:24:26 2020 +0200 sched/fair: handle case of task_h_load() returning 0 task_h_load() can return 0 in some situations like running stress-ng mmapfork, which forks thousands of threads, in a sched group on a 224 cores system. The load balance doesn't handle this correctly because env->imbalance never decreases and it will stop pulling tasks only after reaching loop_max, which can be equal to the number of running tasks of the cfs. Make sure that imbalance will be decreased by at least 1. misfit task is the other feature that doesn't handle correctly such situation although it's probably more difficult to face the problem because of the smaller number of CPUs and running tasks on heterogenous system. We can't simply ensure that task_h_load() returns at least one because it would imply to handle underflow in other places. Signed-off-by: Vincent Guittot Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Valentin Schneider Reviewed-by: Dietmar Eggemann Tested-by: Dietmar Eggemann Cc: # v4.4+ Link: https://lkml.kernel.org/r/20200710152426.16981-1-vincent.guittot@linaro.org commit 473309fb8372365ad211f425bca760af800e10a7 Author: Sergey Organov Date: Wed Jul 15 19:10:00 2020 +0300 net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration From Documentation/networking/timestamping.txt: A driver which supports hardware time stamping shall update the struct with the actual, possibly more permissive configuration. Do update the struct passed when we upscale the requested time stamping mode. Fixes: cb646e2b02b2 ("ptp: Added a clock driver for the National Semiconductor PHYTER.") Signed-off-by: Sergey Organov Acked-by: Richard Cochran Signed-off-by: Jakub Kicinski commit b041ef0e58d1b8efc6cc7956808a2b80dbf58316 Merge: d943a9c83e3d 2a4117df9b43 Author: Arnd Bergmann Date: Thu Jul 16 22:08:21 2020 +0200 Merge tag 'omap-for-v5.8/fixes-rc5-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/fixes Fixes for omaps for v5.8-rc cycle Few fixes for issues noticed during testing: - Two DEBUG_ATOMIC_SLEEP fixes for ti-sysc interconnect target module driver - A regression fix for ti-sysc no-idle handling that caused issues compared to earlier platform data based booting - A fix for memory leak for omap_hwmod_allocate_module - Fix d_can driver probe for am437x * tag 'omap-for-v5.8/fixes-rc5-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: dts: Fix dcan driver probe failed on am437x platform ARM: OMAP2+: Fix possible memory leak in omap_hwmod_allocate_module bus: ti-sysc: Do not disable on suspend for no-idle bus: ti-sysc: Fix sleeping function called from invalid context for RTC quirk bus: ti-sysc: Fix wakeirq sleeping function called from invalid context Link: https://lore.kernel.org/r/pull-1594840100-132735@atomide.com Signed-off-by: Arnd Bergmann commit d943a9c83e3dd42fb1c6f9cf5ff706effeb19fc5 Merge: c07e902a511e 7f6e8dffc30b Author: Arnd Bergmann Date: Thu Jul 16 22:08:07 2020 +0200 Merge tag 'imx-fixes-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/fixes i.MX fixes for 5.8, round 2: - A couple of fixes on i.MX platform device registration code to stop the use of invalid IRQ 0. - Fix a regression seen on ls1021a platform, caused by commit 52102a3ba6a61 ("soc: imx: move cpu code to drivers/soc/imx"). - Fix a misconfiguration of audio SSI on imx6qdl-gw551x board. * tag 'imx-fixes-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: soc: imx: check ls1021a ARM: imx: Remove imx_add_imx_dma() unused irq_err argument ARM: imx: Provide correct number of resources when registering gpio devices ARM: dts: imx6qdl-gw551x: fix audio SSI Link: https://lore.kernel.org/r/20200714145649.GP15718@dragon Signed-off-by: Arnd Bergmann commit c07e902a511eb80ae116184dcf17c647a02f2316 Merge: 11ba468877bb 54320dcaa252 Author: Arnd Bergmann Date: Thu Jul 16 22:07:47 2020 +0200 Merge tag 'amlogic-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic into arm/fixes Amlogic fixes for v5.8-rc - misc DT fixes, and SoC ID fixes * tag 'amlogic-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic: ARM: dts: meson: Align L2 cache-controller nodename with dtschema arm64: dts: meson-gxl-s805x: reduce initial Mali450 core frequency arm64: dts: meson: add missing gxl rng clock soc: amlogic: meson-gx-socinfo: Fix S905X3 and S905D3 ID's Link: https://lore.kernel.org/r/7hk0zc1ujc.fsf@baylibre.com Signed-off-by: Arnd Bergmann commit 299632e54b2e692d2830af84be51172480dc1e26 Author: Douglas Anderson Date: Wed Jul 15 16:46:15 2020 -0700 regmap: debugfs: Don't sleep while atomic for fast_io regmaps If a regmap has "fast_io" set then its lock function uses a spinlock. That doesn't work so well with the functions: * regmap_cache_only_write_file() * regmap_cache_bypass_write_file() Both of the above functions have the pattern: 1. Lock the regmap. 2. Call: debugfs_write_file_bool() copy_from_user() __might_fault() __might_sleep() Let's reorder things a bit so that we do all of our sleepable functions before we grab the lock. Fixes: d3dc5430d68f ("regmap: debugfs: Allow writes to cache state settings") Signed-off-by: Douglas Anderson Link: https://lore.kernel.org/r/20200715164611.1.I35b3533e8a80efde0cec1cc70f71e1e74b2fa0da@changeid Signed-off-by: Mark Brown commit fe0a53044b4bce947045eadd7fa1adbc4685afab Author: Oder Chiou Date: Thu Jul 16 11:01:23 2020 +0800 ASoC: rt5682: Report the button event in the headset type only The irq work will be manipulated by resume function, and it will report the wrong jack type while the jack type is headphone in the button event. Signed-off-by: Oder Chiou Link: https://lore.kernel.org/r/20200716030123.27122-1-oder_chiou@realtek.com Signed-off-by: Mark Brown commit b3df80ab6d147d4738be242e1c91e5fdbb6b03ef Author: Jing Xiangfeng Date: Tue Jul 14 16:09:18 2020 +0800 ASoC: Intel: bytcht_es8316: Add missed put_device() snd_byt_cht_es8316_mc_probe() misses to call put_device() in an error path. Add the missed function call to fix it. Fixes: ba49cf6f8e4a ("ASoC: Intel: bytcht_es8316: Add quirk for inverted jack detect") Signed-off-by: Jing Xiangfeng Reviewed-by: Hans de Goede Acked-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/20200714080918.148196-1-jingxiangfeng@huawei.com Signed-off-by: Mark Brown commit 07a56bb875afbe39dabbf6ba7b83783d166863db Merge: 3e543a4d3001 1740f21af58b Author: Linus Torvalds Date: Thu Jul 16 11:57:43 2020 -0700 Merge tag 'pm-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm into master Pull power management fixes from Rafael Wysocki: "Add missing handling of a command line switch to the intel_pstate driver (Rafael Wysocki) and fix the freeing of the operating performance point (OPP) entries for the legacy (v1) OPP table type (Walter Lozano)" * tag 'pm-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: opp: Increase parsed_static_opps in _of_add_opp_table_v1() cpufreq: intel_pstate: Fix active mode setting from command line commit 3e543a4d30014d45b6bb5d2095554be02153cefc Merge: 50ad1c2155a3 897c44f0bae5 Author: Linus Torvalds Date: Thu Jul 16 11:26:40 2020 -0700 Merge tag 'char-misc-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc into master Pull char/misc fixes from Greg KH: "Here are number of small char/misc driver fixes for 5.8-rc6 Not that many complex fixes here, just a number of small fixes for reported issues, and some new device ids. Nothing fancy. All of these have been in linux-next for a while with no reported issues" * tag 'char-misc-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits) virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial intel_th: Fix a NULL dereference when hub driver is not loaded intel_th: pci: Add Emmitsburg PCH support intel_th: pci: Add Tiger Lake PCH-H support intel_th: pci: Add Jasper Lake CPU support virt: vbox: Fix guest capabilities mask check virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream uio_pdrv_genirq: fix use without device tree and no interrupt uio_pdrv_genirq: Remove warning when irq is not specified coresight: etmv4: Fix CPU power management setup in probe() function coresight: cti: Fix error handling in probe Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" mei: bus: don't clean driver pointer misc: atmel-ssc: lock with mutex instead of spinlock phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked phy: rockchip: Fix return value of inno_dsidphy_probe() phy: ti: j721e-wiz: Constify structs phy: ti: am654-serdes: Constify regmap_config phy: intel: fix enum type mismatch warning phy: intel: Fix compilation error on FIELD_PREP usage ... commit 340746398b67e3ce5019698748ebaa7adf048114 Author: Sergey Organov Date: Tue Jul 14 19:28:02 2020 +0300 net: fec: fix hardware time stamping by external devices Fix support for external PTP-aware devices such as DSA or PTP PHY: Make sure we never time stamp tx packets when hardware time stamping is disabled. Check for PTP PHY being in use and then pass ioctls related to time stamping of Ethernet packets to the PTP PHY rather than handle them ourselves. In addition, disable our own hardware time stamping in this case. Fixes: 6605b730c061 ("FEC: Add time stamping code and a PTP hardware clock") Signed-off-by: Sergey Organov Acked-by: Richard Cochran Acked-by: Vladimir Oltean Signed-off-by: Jakub Kicinski commit 50ad1c2155a32dc68e0da8efcc6d95429869076e Merge: 6a058f0be518 2451e746478a Author: Linus Torvalds Date: Thu Jul 16 11:20:23 2020 -0700 Merge tag 'driver-core-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core into master Pull driver core fixes from Greg KH: "Here are 3 driver core fixes for 5.8-rc6. They resolve some issues found with the deferred probe code for some types of devices on some embedded systems. They have been tested a bunch and have been in linux-next for a while with no reported issues" * tag 'driver-core-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: driver core: Avoid deferred probe due to fw_devlink_pause/resume() driver core: Rename dev_links_info.defer_sync to defer_hook driver core: Don't do deferred probe in parallel with kernel_init thread commit 6a058f0be518bbb10aadd3c5d18516f91b1a4a04 Merge: 7531ee3147ed ef75e14a6c93 Author: Linus Torvalds Date: Thu Jul 16 11:17:41 2020 -0700 Merge tag 'staging-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging into master Pull IIO and staging driver fixes from Greg KH: "Here are some IIO and staging driver fixes for 5.8-rc6. The majority of fixes are for IIO drivers, resolving a number of small reported issues, and there are some counter fixes in here too that were tied to the IIO fixes. There's only one staging driver fix here, a comedi fix found by code inspection. All of these have been in linux-next for a while with no reported issues" * tag 'staging-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: comedi: verify array index is correct before using it iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' iio:pressure:ms5611 Fix buffer element alignment iio:humidity:hts221 Fix alignment and data leak issues iio:humidity:hdc100x Fix alignment and data leak issues iio:magnetometer:ak8974: Fix alignment and data leak issues iio: adc: adi-axi-adc: Fix object reference counting iio: pressure: zpa2326: handle pm_runtime_get_sync failure counter: 104-quad-8: Add lock guards - filter clock prescaler counter: 104-quad-8: Add lock guards - differential encoder iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers iio: magnetometer: ak8974: Fix runtime PM imbalance on error iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() iio:health:afe4404 Fix timestamp alignment and prevent data leak. iio:health:afe4403 Fix timestamp alignment and prevent data leak. commit 7531ee3147ed2fad5d5bbbd22880eea969dfc291 Merge: 7e8d2f6d4d8f f743061a85f5 Author: Linus Torvalds Date: Thu Jul 16 11:10:27 2020 -0700 Merge tag 'tty-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty into master Pull tty/serial driver fixes from Greg KH: :Here are some small tty and serial driver fixes for 5.8-rc6. The largest set of patches in here is a revert of the sysrq changes that went into 5.8-rc1 but turned out to cause a noticable overhead and cpu usage. Other than that, there's a few small serial driver fixes to resolve reported issues, and finally resolving the spinlock init problem on many serial driver consoles. All of these have been in linux-next for a while with no reported issues" * tag 'tty-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: serial: core: Initialise spin lock before use in uart_configure_port() serial: mxs-auart: add missed iounmap() in probe failure and remove serial: sh-sci: Initialize spinlock for uart console Revert "tty: xilinx_uartps: Fix missing id assignment to the console" serial: core: drop redundant sysrq checks serial: core: fix sysrq overhead regression Revert "serial: core: Refactor uart_unlock_and_check_sysrq()" tty/serial: fix serial_core.c kernel-doc warnings tty: serial: cpm_uart: Fix behaviour for non existing GPIOs commit 7e8d2f6d4d8fa6adc5075d39184c2ce713ce168e Merge: f8456690ba8e a8f62f183021 Author: Linus Torvalds Date: Thu Jul 16 11:08:54 2020 -0700 Merge tag 'thermal-v5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux into master Pull thermal fixes from Daniel Lezcano: - Fix invalid index array access on int340x_thermal leading to a kernel panic (Bartosz Szczepanek) - Fix debug message level to prevent flooding on some platform (Alex Hung) - Fix invalid bank access by reverting "thermal: mediatek: fix register index error" (Enric Balletbo i Serra) * tag 'thermal-v5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux: Revert "thermal: mediatek: fix register index error" thermal: int3403_thermal: Downgrade error message thermal/int340x_thermal: Prevent page fault on .set_mode() op commit 1740f21af58b89a072f33ae0912d5acf95314f22 Merge: a6c99daa8c9b 39a188b88332 Author: Rafael J. Wysocki Date: Thu Jul 16 19:17:01 2020 +0200 Merge branch 'pm-cpufreq' * pm-cpufreq: cpufreq: intel_pstate: Fix active mode setting from command line commit c7300cdf8f683ae00cf74616b5fd14ffac327979 Merge: d1c0d96535d7 e7b931bee739 Author: Greg Kroah-Hartman Date: Thu Jul 16 17:30:59 2020 +0200 Merge tag 'usb-serial-5.8-rc6' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for 5.8-rc6 Here's a fix for 5.8 addressing a long-standing bug in iuu_phoenix. * tag 'usb-serial-5.8-rc6' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial: USB: serial: iuu_phoenix: fix memory corruption commit 81e96851ea32deb2c921c870eecabf335f598aeb Author: Arnd Bergmann Date: Wed May 27 15:53:46 2020 +0200 x86: math-emu: Fix up 'cmp' insn for clang ias The clang integrated assembler requires the 'cmp' instruction to have a length prefix here: arch/x86/math-emu/wm_sqrt.S:212:2: error: ambiguous instructions require an explicit suffix (could be 'cmpb', 'cmpw', or 'cmpl') cmp $0xffffffff,-24(%ebp) ^ Make this a 32-bit comparison, which it was clearly meant to be. Signed-off-by: Arnd Bergmann Signed-off-by: Thomas Gleixner Reviewed-by: Nick Desaulniers Link: https://lkml.kernel.org/r/20200527135352.1198078-1-arnd@arndb.de commit 5769fe26f389b0002ed48fd16d642a1d86edaf79 Author: Sedat Dilek Date: Tue Jul 14 21:47:40 2020 +0200 x86/entry: Fix vectors to IDTENTRY_SYSVEC for CONFIG_HYPERV When assembling with Clang via `make LLVM_IAS=1` and CONFIG_HYPERV enabled, we observe the following error: :9:6: error: expected absolute expression .if HYPERVISOR_REENLIGHTENMENT_VECTOR == 3 ^ :1:1: note: while in macro instantiation idtentry HYPERVISOR_REENLIGHTENMENT_VECTOR asm_sysvec_hyperv_reenlightenment sysvec_hyperv_reenlightenment has_error_code=0 ^ ./arch/x86/include/asm/idtentry.h:627:1: note: while in macro instantiation idtentry_sysvec HYPERVISOR_REENLIGHTENMENT_VECTOR sysvec_hyperv_reenlightenment; ^ :9:6: error: expected absolute expression .if HYPERVISOR_STIMER0_VECTOR == 3 ^ :1:1: note: while in macro instantiation idtentry HYPERVISOR_STIMER0_VECTOR asm_sysvec_hyperv_stimer0 sysvec_hyperv_stimer0 has_error_code=0 ^ ./arch/x86/include/asm/idtentry.h:628:1: note: while in macro instantiation idtentry_sysvec HYPERVISOR_STIMER0_VECTOR sysvec_hyperv_stimer0; This is caused by typos in arch/x86/include/asm/idtentry.h: HYPERVISOR_REENLIGHTENMENT_VECTOR -> HYPERV_REENLIGHTENMENT_VECTOR HYPERVISOR_STIMER0_VECTOR -> HYPERV_STIMER0_VECTOR For more details see ClangBuiltLinux issue #1088. Fixes: a16be368dd3f ("x86/entry: Convert various hypervisor vectors to IDTENTRY_SYSVEC") Suggested-by: Nick Desaulniers Signed-off-by: Sedat Dilek Signed-off-by: Thomas Gleixner Reviewed-by: Nathan Chancellor Reviewed-by: Wei Liu Reviewed-by: Nick Desaulniers Link: https://github.com/ClangBuiltLinux/linux/issues/1088 Link: https://github.com/ClangBuiltLinux/linux/issues/1043 Link: https://lore.kernel.org/patchwork/patch/1272115/ Link: https://lkml.kernel.org/r/20200714194740.4548-1-sedat.dilek@gmail.com commit 6ee93f8df09c470da1a4af11e394c52d7b62418c Author: Jian Cai Date: Tue Jul 14 16:30:21 2020 -0700 x86/entry: Add compatibility with IAS Clang's integrated assembler does not allow symbols with non-absolute values to be reassigned. Modify the interrupt entry loop macro to be compatible with IAS by using a label and an offset. Reported-by: Nick Desaulniers Reported-by: Sedat Dilek Suggested-by: Nick Desaulniers Suggested-by: Brian Gerst Suggested-by: Arvind Sankar Signed-off-by: Jian Cai Signed-off-by: Thomas Gleixner Tested-by: Sedat Dilek # Link: https://github.com/ClangBuiltLinux/linux/issues/1043 Link: https://lkml.kernel.org/r/20200714233024.1789985-1-caij2003@gmail.com commit 1f273e255b285282707fa3246391f66e9dc4178f Merge: 579dd91ab3a5 05b29021fba5 Author: Jens Axboe Date: Thu Jul 16 08:58:14 2020 -0600 Merge branch 'nvme-5.8' of git://git.infradead.org/nvme into block-5.8 Pull NVMe fix from Christoph. * 'nvme-5.8' of git://git.infradead.org/nvme: nvme: explicitly update mpath disk capacity on revalidation commit a6c99daa8c9bbed28a459fd9e6cf62a5fef623d8 Merge: 11ba468877bb 6544abc520f0 Author: Rafael J. Wysocki Date: Thu Jul 16 16:48:13 2020 +0200 Merge branch 'opp/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm Pull an operating performance points (OPP) framework fix for 5.8-rc6 from Viresh Kumar: "This fixes freeing of the OPP entries for the legacy OPP table type (v1)." * 'opp/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm: opp: Increase parsed_static_opps in _of_add_opp_table_v1() commit 05b29021fba5e725dd385151ef00b6340229b500 Author: Anthony Iliopoulos Date: Tue Jul 14 13:11:59 2020 +0200 nvme: explicitly update mpath disk capacity on revalidation Commit 3b4b19721ec652 ("nvme: fix possible deadlock when I/O is blocked") reverted multipath head disk revalidation due to deadlocks caused by holding the bd_mutex during revalidate. Updating the multipath disk blockdev size is still required though for userspace to be able to observe any resizing while the device is mounted. Directly update the bdev inode size to avoid unnecessarily holding the bdev->bd_mutex. Fixes: 3b4b19721ec652 ("nvme: fix possible deadlock when I/O is blocked") Signed-off-by: Anthony Iliopoulos Signed-off-by: Christoph Hellwig commit c3c0c2e18d943ec4a84162ac679970b592555a4a Author: Douglas Anderson Date: Tue Jul 14 08:04:17 2020 -0700 pinctrl: qcom: Handle broken/missing PDC dual edge IRQs on sc7180 Depending on how you look at it, you can either say that: a) There is a PDC hardware issue (with the specific IP rev that exists on sc7180) that causes the PDC not to work properly when configured to handle dual edges. b) The dual edge feature of the PDC hardware was only added in later HW revisions and thus isn't in all hardware. Regardless of how you look at it, let's work around the lack of dual edge support by only ever letting our parent see requests for single edge interrupts on affected hardware. NOTE: it's possible that a driver requesting a dual edge interrupt might get several edges coalesced into a single IRQ. For instance if a line starts low and then goes high and low again, the driver that requested the IRQ is not guaranteed to be called twice. However, it is guaranteed that once the driver's interrupt handler starts running its first instruction that any new edges coming in will cause the interrupt to fire again. This is relatively commonplace for dual-edge gpio interrupts (many gpio controllers require software to emulate dual edge with single edge) so client drivers should be setup to handle it. Fixes: e35a6ae0eb3a ("pinctrl/msm: Setup GPIO chip in hierarchy") Signed-off-by: Douglas Anderson Reviewed-by: Marc Zyngier Link: https://lore.kernel.org/r/20200714080254.v3.1.Ie0d730120b232a86a4eac1e2909bcbec844d1766@changeid Signed-off-by: Linus Walleij commit 87c4c774cbef5c68b3df96827c2fb07f1aa80152 Author: Maor Gottlieb Date: Thu Jul 16 13:55:19 2020 +0300 RDMA/cm: Protect access to remote_sidr_table cm.lock must be held while accessing remote_sidr_table. This fixes the below NULL pointer dereference. BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP PTI CPU: 2 PID: 7288 Comm: udaddy Not tainted 5.7.0_for_upstream_perf_2020_06_09_15_14_20_38 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 RIP: 0010:rb_erase+0x10d/0x360 Code: 00 00 00 48 89 c1 48 89 d0 48 8b 50 08 48 39 ca 74 48 f6 02 01 75 af 48 8b 7a 10 48 89 c1 48 83 c9 01 48 89 78 08 48 89 42 10 <48> 89 0f 48 8b 08 48 89 0a 48 83 e1 fc 48 89 10 0f 84 b1 00 00 00 RSP: 0018:ffffc90000f77c30 EFLAGS: 00010086 RAX: ffff8883df27d458 RBX: ffff8883df27da58 RCX: ffff8883df27d459 RDX: ffff8883d183fa58 RSI: ffffffffa01e8d00 RDI: 0000000000000000 RBP: ffff8883d62ac800 R08: 0000000000000000 R09: 00000000000000ce R10: 000000000000000a R11: 0000000000000000 R12: ffff8883df27da00 R13: ffffc90000f77c98 R14: 0000000000000130 R15: 0000000000000000 FS: 00007f009f877740(0000) GS:ffff8883f1a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000003d467e003 CR4: 0000000000160ee0 Call Trace: cm_send_sidr_rep_locked+0x15a/0x1a0 [ib_cm] ib_send_cm_sidr_rep+0x2b/0x50 [ib_cm] cma_send_sidr_rep+0x8b/0xe0 [rdma_cm] __rdma_accept+0x21d/0x2b0 [rdma_cm] ? ucma_get_ctx+0x2b/0xe0 [rdma_ucm] ? _copy_from_user+0x30/0x60 ucma_accept+0x13e/0x1e0 [rdma_ucm] ucma_write+0xb4/0x130 [rdma_ucm] vfs_write+0xad/0x1a0 ksys_write+0x9d/0xb0 do_syscall_64+0x48/0x130 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f009ef60924 Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 80 00 00 00 00 8b 05 2a ef 2c 00 48 63 ff 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 55 53 48 89 d5 48 89 f3 48 83 RSP: 002b:00007fff843edf38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000055743042e1d0 RCX: 00007f009ef60924 RDX: 0000000000000130 RSI: 00007fff843edf40 RDI: 0000000000000003 RBP: 00007fff843ee0e0 R08: 0000000000000000 R09: 0000557430433090 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff843edf40 R14: 000000000000038c R15: 00000000ffffff00 CR2: 0000000000000000 Fixes: 6a8824a74bc9 ("RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock") Link: https://lore.kernel.org/r/20200716105519.1424266-1-leon@kernel.org Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 0d1fd39bb27e479fb1de3dd4b4c247c7c9a1fabf Author: Leon Romanovsky Date: Thu Jul 16 13:20:59 2020 +0300 RDMA/core: Fix race in rdma_alloc_commit_uobject() The FD should not be installed until all of the setup is completed as the fd_install() transfers ownership of the kref to the FD table. A thread can race a close() and trigger concurrent rdma_alloc_commit_uobject() and uverbs_uobject_fd_release() which, at least, triggers a safety WARN_ON: WARNING: CPU: 4 PID: 6913 at drivers/infiniband/core/rdma_core.c:768 uverbs_uobject_fd_release+0x202/0x230 Kernel panic - not syncing: panic_on_warn set ... CPU: 4 PID: 6913 Comm: syz-executor.3 Not tainted 5.7.0-rc2 #22 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [..] RIP: 0010:uverbs_uobject_fd_release+0x202/0x230 Code: fe 4c 89 e7 e8 af 23 fe ff e9 2a ff ff ff e8 c5 fa 61 fe be 03 00 00 00 4c 89 e7 e8 68 eb f5 fe e9 13 ff ff ff e8 ae fa 61 fe <0f> 0b eb ac e8 e5 aa 3c fe e8 50 2b 86 fe e9 6a fe ff ff e8 46 2b RSP: 0018:ffffc90008117d88 EFLAGS: 00010293 RAX: ffff88810e146580 RBX: 1ffff92001022fb1 RCX: ffffffff82d5b902 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88811951b040 RBP: ffff88811951b000 R08: ffffed10232a3609 R09: ffffed10232a3609 R10: ffff88811951b043 R11: 0000000000000001 R12: ffff888100a7c600 R13: ffff888100a7c650 R14: ffffc90008117da8 R15: ffffffff82d5b700 ? __uverbs_cleanup_ufile+0x270/0x270 ? uverbs_uobject_fd_release+0x202/0x230 ? uverbs_uobject_fd_release+0x202/0x230 ? __uverbs_cleanup_ufile+0x270/0x270 ? locks_remove_file+0x282/0x3d0 ? security_file_free+0xaa/0xd0 __fput+0x2be/0x770 task_work_run+0x10e/0x1b0 exit_to_usermode_loop+0x145/0x170 do_syscall_64+0x2d0/0x390 ? prepare_exit_to_usermode+0x17a/0x230 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x414da7 Code: 00 00 0f 05 48 3d 00 f0 ff ff 77 3f f3 c3 0f 1f 44 00 00 53 89 fb 48 83 ec 10 e8 f4 fb ff ff 89 df 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2b 89 d7 89 44 24 0c e8 36 fc ff ff 8b 44 24 RSP: 002b:00007fff39d379d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000414da7 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000003 RBP: 00007fff39d37a3c R08: 0000000400000000 R09: 0000000400000000 R10: 00007fff39d37910 R11: 0000000000000293 R12: 0000000000000001 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000003 Reorder so that fd_install() is the last thing done in rdma_alloc_commit_uobject(). Fixes: aba94548c9e4 ("IB/uverbs: Move the FD uobj type struct file allocation to alloc_commit") Link: https://lore.kernel.org/r/20200716102059.1420681-1-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 79d5208386523183ae5cd359a9d1c024f46b1202 Author: Xi Wang Date: Tue Jul 14 19:42:15 2020 +0800 RDMA/hns: Fix wrong PBL offset when VA is not aligned to PAGE_SIZE ROCE uses "VA % buf_page_size" to caclulate the offset in the PBL's first page, the actual PA corresponding to the MR's VA is equal to MR's PA plus this offset. The first PA in PBL has already been aligned to PAGE_SIZE after calling ib_umem_get(), but the MR's VA may not. If the buf_page_size is smaller than the PAGE_SIZE, this will lead the HW to access the wrong memory because the offset is smaller than expected. Fixes: 9b2cf76c9f05 ("RDMA/hns: Optimize PBL buffer allocation process") Link: https://lore.kernel.org/r/1594726935-45666-1-git-send-email-liweihang@huawei.com Signed-off-by: Xi Wang Signed-off-by: Weihang Li Signed-off-by: Jason Gunthorpe commit 7b9bd73ed13d3c399f76bb7578cbe1b9e5a8e8b0 Author: Weihang Li Date: Tue Jul 14 19:28:58 2020 +0800 RDMA/hns: Fix wrong assignment of lp_pktn_ini in QPC The RoCE Engine will schedule to another QP after one has sent (2 ^ lp_pktn_ini) packets. lp_pktn_ini is set in QPC and should be calculated from 2 factors: 1. current MTU as a integer 2. the RoCE Engine's maximum slice length 64KB But the driver use MTU as a enum ib_mtu and the max inline capability, the lp_pktn_ini will be much bigger than expected which may cause traffic of some QPs to never get scheduled. Fixes: b713128de7a1 ("RDMA/hns: Adjust lp_pktn_ini dynamically") Link: https://lore.kernel.org/r/1594726138-49294-1-git-send-email-liweihang@huawei.com Signed-off-by: Weihang Li Signed-off-by: Jason Gunthorpe commit c3d6057e07a5d15be7c69ea545b3f91877808c96 Author: Maor Gottlieb Date: Sun Jul 12 13:26:41 2020 +0300 RDMA/mlx5: Use xa_lock_irq when access to SRQ table SRQ table is accessed both from interrupt and process context, therefore we must use xa_lock_irq. inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. kworker/u17:9/8573 takes: ffff8883e3503d30 (&xa->xa_lock#13){?...}-{2:2}, at: mlx5_cmd_get_srq+0x18/0x70 [mlx5_ib] {IN-HARDIRQ-W} state was registered at: lock_acquire+0xb9/0x3a0 _raw_spin_lock+0x25/0x30 srq_event_notifier+0x2b/0xc0 [mlx5_ib] notifier_call_chain+0x45/0x70 __atomic_notifier_call_chain+0x69/0x100 forward_event+0x36/0xc0 [mlx5_core] notifier_call_chain+0x45/0x70 __atomic_notifier_call_chain+0x69/0x100 mlx5_eq_async_int+0xc5/0x160 [mlx5_core] notifier_call_chain+0x45/0x70 __atomic_notifier_call_chain+0x69/0x100 mlx5_irq_int_handler+0x19/0x30 [mlx5_core] __handle_irq_event_percpu+0x43/0x2a0 handle_irq_event_percpu+0x30/0x70 handle_irq_event+0x34/0x60 handle_edge_irq+0x7c/0x1b0 do_IRQ+0x60/0x110 ret_from_intr+0x0/0x2a default_idle+0x34/0x160 do_idle+0x1ec/0x220 cpu_startup_entry+0x19/0x20 start_secondary+0x153/0x1a0 secondary_startup_64+0xa4/0xb0 irq event stamp: 20907 hardirqs last enabled at (20907): _raw_spin_unlock_irq+0x24/0x30 hardirqs last disabled at (20906): _raw_spin_lock_irq+0xf/0x40 softirqs last enabled at (20746): __do_softirq+0x2c9/0x436 softirqs last disabled at (20681): irq_exit+0xb3/0xc0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&xa->xa_lock#13); lock(&xa->xa_lock#13); *** DEADLOCK *** 2 locks held by kworker/u17:9/8573: #0: ffff888295218d38 ((wq_completion)mlx5_ib_page_fault){+.+.}-{0:0}, at: process_one_work+0x1f1/0x5f0 #1: ffff888401647e78 ((work_completion)(&pfault->work)){+.+.}-{0:0}, at: process_one_work+0x1f1/0x5f0 stack backtrace: CPU: 0 PID: 8573 Comm: kworker/u17:9 Tainted: GO 5.7.0_for_upstream_min_debug_2020_06_14_11_31_46_41 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib] Call Trace: dump_stack+0x71/0x9b mark_lock+0x4f2/0x590 ? print_shortest_lock_dependencies+0x200/0x200 __lock_acquire+0xa00/0x1eb0 lock_acquire+0xb9/0x3a0 ? mlx5_cmd_get_srq+0x18/0x70 [mlx5_ib] _raw_spin_lock+0x25/0x30 ? mlx5_cmd_get_srq+0x18/0x70 [mlx5_ib] mlx5_cmd_get_srq+0x18/0x70 [mlx5_ib] mlx5_ib_eqe_pf_action+0x257/0xa30 [mlx5_ib] ? process_one_work+0x209/0x5f0 process_one_work+0x27b/0x5f0 ? __schedule+0x280/0x7e0 worker_thread+0x2d/0x3c0 ? process_one_work+0x5f0/0x5f0 kthread+0x111/0x130 ? kthread_park+0x90/0x90 ret_from_fork+0x24/0x30 Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") Link: https://lore.kernel.org/r/20200712102641.15210-1-leon@kernel.org Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 5afc78551bf5d53279036e0bf63314e35631d79f Author: Will Deacon Date: Thu Feb 13 12:12:26 2020 +0000 arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP Rather than open-code test_tsk_thread_flag() at each callsite, simply replace the couple of offenders with calls to test_tsk_thread_flag() directly. Signed-off-by: Will Deacon commit d83ee6e3e75db6f518ef2b0858f163849f2ddeb7 Author: Will Deacon Date: Fri Jul 10 13:20:57 2020 +0100 arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() Setting a system call number of -1 is special, as it indicates that the current system call should be skipped. Use NO_SYSCALL instead of -1 when checking for this scenario, which is different from the -1 returned due to a seccomp failure. Cc: Mark Rutland Cc: Keno Fischer Cc: Luis Machado Signed-off-by: Will Deacon commit 139dbe5d8ed383cbd1ada56c78dbbbd35bf6a9d3 Author: Will Deacon Date: Fri Jul 3 09:41:24 2020 +0100 arm64: syscall: Expand the comment about ptrace and syscall(-1) If a task executes syscall(-1), we intercept this early and force x0 to be -ENOSYS so that we don't need to distinguish this scenario from one where the scno is -1 because a tracer wants to skip the system call using ptrace. With the return value set, the return path is the same as the skip case. Although there is a one-line comment noting this in el0_svc_common(), it misses out most of the detail. Expand the comment to describe a bit more about what is going on. Cc: Mark Rutland Cc: Keno Fischer Cc: Luis Machado Signed-off-by: Will Deacon commit 59ee987ea47caff8c1e7ba4b89932c6900a35d0c Author: Will Deacon Date: Thu Jul 2 21:14:20 2020 +0100 arm64: ptrace: Add a comment describing our syscall entry/exit trap ABI Our tracehook logic for syscall entry/exit raises a SIGTRAP back to the tracer following a ptrace request such as PTRACE_SYSCALL. As part of this procedure, we clobber the reported value of one of the tracee's general purpose registers (x7 for native tasks, r12 for compat) to indicate whether the stop occurred on syscall entry or exit. This is a slightly unfortunate ABI, as it prevents the tracer from accessing the real register value and is at odds with other similar stops such as seccomp traps. Since we're stuck with this ABI, expand the comment in our tracehook logic to acknowledge the issue and describe the behaviour in more detail. Cc: Mark Rutland Cc: Luis Machado Reported-by: Keno Fischer Signed-off-by: Will Deacon commit 15956689a0e60aa0c795174f3c310b60d8794235 Author: Will Deacon Date: Fri Jul 3 12:08:42 2020 +0100 arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return Although we zero the upper bits of x0 on entry to the kernel from an AArch32 task, we do not clear them on the exception return path and can therefore expose 64-bit sign extended syscall return values to userspace via interfaces such as the 'perf_regs' ABI, which deal exclusively with 64-bit registers. Explicitly clear the upper 32 bits of x0 on return from a compat system call. Cc: Cc: Mark Rutland Cc: Keno Fischer Cc: Luis Machado Signed-off-by: Will Deacon commit 3a5a4366cecc25daa300b9a9174f7fdd352b9068 Author: Will Deacon Date: Thu Feb 13 12:06:26 2020 +0000 arm64: ptrace: Override SPSR.SS when single-stepping is enabled Luis reports that, when reverse debugging with GDB, single-step does not function as expected on arm64: | I've noticed, under very specific conditions, that a PTRACE_SINGLESTEP | request by GDB won't execute the underlying instruction. As a consequence, | the PC doesn't move, but we return a SIGTRAP just like we would for a | regular successful PTRACE_SINGLESTEP request. The underlying problem is that when the CPU register state is restored as part of a reverse step, the SPSR.SS bit is cleared and so the hardware single-step state can transition to the "active-pending" state, causing an unexpected step exception to be taken immediately if a step operation is attempted. In hindsight, we probably shouldn't have exposed SPSR.SS in the pstate accessible by the GPR regset, but it's a bit late for that now. Instead, simply prevent userspace from configuring the bit to a value which is inconsistent with the TIF_SINGLESTEP state for the task being traced. Cc: Cc: Mark Rutland Cc: Keno Fischer Link: https://lore.kernel.org/r/1eed6d69-d53d-9657-1fc9-c089be07f98c@linaro.org Reported-by: Luis Machado Tested-by: Luis Machado Signed-off-by: Will Deacon commit ac2081cdc4d99c57f219c1a6171526e0fa0a6fff Author: Will Deacon Date: Thu Jul 2 21:16:20 2020 +0100 arm64: ptrace: Consistently use pseudo-singlestep exceptions Although the arm64 single-step state machine can be fast-forwarded in cases where we wish to generate a SIGTRAP without actually executing an instruction, this has two major limitations outside of simply skipping an instruction due to emulation. 1. Stepping out of a ptrace signal stop into a signal handler where SIGTRAP is blocked. Fast-forwarding the stepping state machine in this case will result in a forced SIGTRAP, with the handler reset to SIG_DFL. 2. The hardware implicitly fast-forwards the state machine when executing an SVC instruction for issuing a system call. This can interact badly with subsequent ptrace stops signalled during the execution of the system call (e.g. SYSCALL_EXIT or seccomp traps), as they may corrupt the stepping state by updating the PSTATE for the tracee. Resolve both of these issues by injecting a pseudo-singlestep exception on entry to a signal handler and also on return to userspace following a system call. Cc: Cc: Mark Rutland Tested-by: Luis Machado Reported-by: Keno Fischer Signed-off-by: Will Deacon commit bdc5c744c7b6457d18a95c26769dad0e7f480a08 Author: Qi Liu Date: Thu Jul 16 17:19:25 2020 +0800 drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling When users try to remove PMU modules during perf sampling, kernel panic will happen because the pmu->read() is a NULL pointer here. INFO on HiSilicon hip08 platform as follow: pc : hisi_uncore_pmu_event_update+0x30/0xa4 [hisi_uncore_pmu] lr : hisi_uncore_pmu_read+0x20/0x2c [hisi_uncore_pmu] sp : ffff800010103e90 x29: ffff800010103e90 x28: ffff0027db0c0e40 x27: ffffa29a76f129d8 x26: ffffa29a77ceb000 x25: ffffa29a773a5000 x24: ffffa29a77392000 x23: ffffddffe5943f08 x22: ffff002784285960 x21: ffff002784285800 x20: ffff0027d2e76c80 x19: ffff0027842859e0 x18: ffff80003498bcc8 x17: ffffa29a76afe910 x16: ffffa29a7583f530 x15: 16151a1512061a1e x14: 0000000000000000 x13: ffffa29a76f1e238 x12: 0000000000000001 x11: 0000000000000400 x10: 00000000000009f0 x9 : ffff8000107b3e70 x8 : ffff0027db0c1890 x7 : ffffa29a773a7000 x6 : 00000007f5131013 x5 : 00000007f5131013 x4 : 09f257d417c00000 x3 : 00000002187bd7ce x2 : ffffa29a38f0f0d8 x1 : ffffa29a38eae268 x0 : ffff0027d2e76c80 Call trace: hisi_uncore_pmu_event_update+0x30/0xa4 [hisi_uncore_pmu] hisi_uncore_pmu_read+0x20/0x2c [hisi_uncore_pmu] __perf_event_read+0x1a0/0x1f8 flush_smp_call_function_queue+0xa0/0x160 generic_smp_call_function_single_interrupt+0x18/0x20 handle_IPI+0x31c/0x4dc gic_handle_irq+0x2c8/0x310 el1_irq+0xcc/0x180 arch_cpu_idle+0x4c/0x20c default_idle_call+0x20/0x30 do_idle+0x1b4/0x270 cpu_startup_entry+0x28/0x30 secondary_start_kernel+0x1a4/0x1fc To solve the above issue, current module should be registered to kernel, so that try_module_get() can be invoked when perf sampling starts. This adds the reference counting of module and could prevent users from removing modules during sampling. Reported-by: Haifeng Wang Signed-off-by: Qi Liu Reviewed-by: John Garry Link: https://lore.kernel.org/r/1594891165-8228-1-git-send-email-liuqi115@huawei.com Signed-off-by: Will Deacon commit 5734e509d5d515c187f642937ef2de1e58d7715d Author: PeiSen Hou Date: Thu Jul 16 11:01:34 2020 +0200 ALSA: hda/realtek - fixup for yet another Intel reference board Add headset_jack for the intel reference board support with 10ec:1230. Signed-off-by: PeiSen Hou Link: https://lore.kernel.org/r/20200716090134.9811-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit e7b931bee739e8a77ae216e613d3b99342b6dec0 Author: Johan Hovold Date: Wed Jul 15 11:02:45 2020 +0200 USB: serial: iuu_phoenix: fix memory corruption The driver would happily overwrite its write buffer with user data in 256 byte increments due to a removed buffer-space sanity check. Fixes: 5fcf62b0f1f2 ("tty: iuu_phoenix: fix locking.") Cc: stable # 2.6.31 Signed-off-by: Johan Hovold commit 62a8ccf3a248cd222985ee5568b6bd6217282dbc Author: Maxime Ripard Date: Sun Jun 28 20:08:04 2020 +0200 arm64: dts: allwinner: h6: Fix Cedrus IOMMU usage Now that the IOMMU driver has been introduced, it prevents any access from a DMA master going through it that hasn't properly mapped the pages, and that link is set up through the iommus property. Unfortunately we forgot to add that property to the video engine node when adding the IOMMU node, so now any DMA access is broken. Fixes: b3a0a2f910c7 ("arm64: dts: allwinner: h6: Add IOMMU") Signed-off-by: Maxime Ripard Link: https://lore.kernel.org/r/20200628180804.79026-1-maxime@cerno.tech commit 158ae2f5e6fead30be1f0c203037f5556871513b Author: Kailang Yang Date: Thu Jul 16 15:21:59 2020 +0800 ALSA: hda/realtek - Enable Speaker for ASUS UX563 ASUS UX563 speaker can't output. Add quirk to link suitable model will enable it. This model also could enable headset Mic. Signed-off-by: Kailang Yang Cc: Link: https://lore.kernel.org/r/96dee3ab01a04c28a7b44061e88009dd@realtek.com Signed-off-by: Takashi Iwai commit 473fbe13fd6f9082e413aea37e624ecbce5463cc Author: Kailang Yang Date: Thu Jul 16 14:42:33 2020 +0800 ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 ASUS UX533 and UX534 speaker still can't output. End User feedback speaker didn't have output. Add this COEF value will enable it. Fixes: 4e051106730d ("ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294") Cc: Signed-off-by: Kailang Yang Link: https://lore.kernel.org/r/80334402a93b48e385f8f4841b59ae09@realtek.com Signed-off-by: Takashi Iwai commit 4518dfcf761e3c44632855abcf433236cf7ab6c6 Author: Amir Goldstein Date: Wed Jul 15 16:38:08 2020 +0300 ovl: fix lookup of indexed hardlinks with metacopy We recently moved setting inode flag OVL_UPPERDATA to ovl_lookup(). When looking up an overlay dentry, upperdentry may be found by index and not by name. In that case, we fail to read the metacopy xattr and falsly set the OVL_UPPERDATA on the overlay inode. This caused a regression in xfstest overlay/033 when run with OVERLAY_MOUNT_OPTIONS="-o metacopy=on". Fixes: 28166ab3c875 ("ovl: initialize OVL_UPPERDATA in ovl_lookup()") Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 81a33c1ee941c3bb9ffc6bac8f676be13351344e Author: Amir Goldstein Date: Thu Jun 18 18:43:53 2020 +0300 ovl: fix unneeded call to ovl_change_flags() The check if user has changed the overlay file was wrong, causing unneeded call to ovl_change_flags() including taking f_lock on every file access. Fixes: d989903058a8 ("ovl: do not generate duplicate fsnotify events for "fake" path") Cc: # v4.19+ Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 6544abc520f0fff701e9da382110dc29676c683a Author: Walter Lozano Date: Wed Jul 15 23:54:52 2020 -0300 opp: Increase parsed_static_opps in _of_add_opp_table_v1() Currently, when using _of_add_opp_table_v2 parsed_static_opps is increased and this value is used in _opp_remove_all_static() to check if there are static opp entries that need to be freed. Unfortunately this does not happen when using _of_add_opp_table_v1(), which leads to warnings. This patch increases parsed_static_opps in _of_add_opp_table_v1() in a similar way as in _of_add_opp_table_v2(). Fixes: 03758d60265c ("opp: Replace list_kref with a local counter") Cc: v5.6+ # v5.6+ Signed-off-by: Walter Lozano [ Viresh: Do the operation with lock held and set the value to 1 instead of incrementing it ] Signed-off-by: Viresh Kumar commit f8456690ba8eb18ea4714e68554e242a04f65cff Merge: 994e99a96c9b 1e7468bd9d30 Author: Linus Torvalds Date: Wed Jul 15 19:00:12 2020 -0700 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux into master Pull clk fixes from Stephen Boyd: "A couple build fixes for issues exposed this merge window and a fix for the eMMC clk on AST2600 SoCs that fixes the rate that is calculated by the clk framework" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: Specify IOMEM dependency for HSDK pll driver clk: AST2600: Add mux for EMMC clock clk: mvebu: ARMADA_AP_CPU_CLK needs to select ARMADA_AP_CP_HELPER commit c28d9a285668c799eeae2f7f93e929a6028a4d6d Author: George Kennedy Date: Wed Jul 15 09:59:31 2020 -0400 ax88172a: fix ax88172a_unbind() failures If ax88172a_unbind() fails, make sure that the return code is less than zero so that cleanup is done properly and avoid UAF. Fixes: a9a51bd727d1 ("ax88172a: fix information leak on short answers") Signed-off-by: George Kennedy Reported-by: syzbot+4cd84f527bf4a10fc9c1@syzkaller.appspotmail.com Signed-off-by: Jakub Kicinski commit f961134a612c793d5901a93d85a29337c74af978 Author: Stefano Garzarella Date: Fri Jul 10 14:12:43 2020 +0200 vsock/virtio: annotate 'the_virtio_vsock' RCU pointer Commit 0deab087b16a ("vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock") starts to use RCU to protect 'the_virtio_vsock' pointer, but we forgot to annotate it. This patch adds the annotation to fix the following sparse errors: net/vmw_vsock/virtio_transport.c:73:17: error: incompatible types in comparison expression (different address spaces): net/vmw_vsock/virtio_transport.c:73:17: struct virtio_vsock [noderef] __rcu * net/vmw_vsock/virtio_transport.c:73:17: struct virtio_vsock * net/vmw_vsock/virtio_transport.c:171:17: error: incompatible types in comparison expression (different address spaces): net/vmw_vsock/virtio_transport.c:171:17: struct virtio_vsock [noderef] __rcu * net/vmw_vsock/virtio_transport.c:171:17: struct virtio_vsock * net/vmw_vsock/virtio_transport.c:207:17: error: incompatible types in comparison expression (different address spaces): net/vmw_vsock/virtio_transport.c:207:17: struct virtio_vsock [noderef] __rcu * net/vmw_vsock/virtio_transport.c:207:17: struct virtio_vsock * net/vmw_vsock/virtio_transport.c:561:13: error: incompatible types in comparison expression (different address spaces): net/vmw_vsock/virtio_transport.c:561:13: struct virtio_vsock [noderef] __rcu * net/vmw_vsock/virtio_transport.c:561:13: struct virtio_vsock * net/vmw_vsock/virtio_transport.c:612:9: error: incompatible types in comparison expression (different address spaces): net/vmw_vsock/virtio_transport.c:612:9: struct virtio_vsock [noderef] __rcu * net/vmw_vsock/virtio_transport.c:612:9: struct virtio_vsock * net/vmw_vsock/virtio_transport.c:631:9: error: incompatible types in comparison expression (different address spaces): net/vmw_vsock/virtio_transport.c:631:9: struct virtio_vsock [noderef] __rcu * net/vmw_vsock/virtio_transport.c:631:9: struct virtio_vsock * Fixes: 0deab087b16a ("vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock") Reported-by: Michael S. Tsirkin Signed-off-by: Stefano Garzarella Reviewed-by: Stefan Hajnoczi Acked-by: Michael S. Tsirkin Signed-off-by: Jakub Kicinski commit 841eb4012cef84820e5906527b31a854f42b0748 Author: Ioana Ciornei Date: Tue Jul 14 15:08:16 2020 +0300 dpaa2-eth: check fsl_mc_get_endpoint for IS_ERR_OR_NULL() The fsl_mc_get_endpoint() function can return an error or directly a NULL pointer in case the peer device is not under the root DPRC container. Treat this case also, otherwise it would lead to a NULL pointer when trying to access the peer fsl_mc_device. Fixes: 719479230893 ("dpaa2-eth: add MAC/PHY support through phylink") Signed-off-by: Ioana Ciornei Signed-off-by: Jakub Kicinski commit 524d4f71e75503a8f707bfb5d74c7b58fb5eb181 Merge: 03d54ef0a1d5 92e0575b9983 Author: Dave Airlie Date: Thu Jul 16 10:10:15 2020 +1000 Merge tag 'drm-intel-fixes-2020-07-15' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes drm/i915 fixes for v5.8-rc6: - FBC w/a stride fix - Fix use-after-free fix on module reload - Ignore irq enabling on the virtual engines to fix device sleep - Use GTT when saving/restoring engine GPR - Fix selftest sort function Signed-off-by: Dave Airlie From: Jani Nikula Link: https://patchwork.freedesktop.org/patch/msgid/87ft9t0vtt.fsf@intel.com commit 03d54ef0a1d5e5115744cb7dc7058e9852228114 Merge: 8257a0d91310 6348dd291e36 Author: Dave Airlie Date: Thu Jul 16 10:09:55 2020 +1000 Merge tag 'drm-misc-fixes-2020-07-15' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes * aspeed: setup fbdev console after registering device; avoids warning and stacktrace in dmesg log * dmabuf: protect dmabuf->name with a spinlock; avoids sleeping in atomic context Signed-off-by: Dave Airlie From: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20200715171756.GA18606@linux-uq9g commit 8257a0d91310a71e4fa04b9aef8f2c4173ec9fb5 Merge: 11ba468877bb 1f054fd26e29 Author: Dave Airlie Date: Thu Jul 16 10:07:57 2020 +1000 Merge branch 'vmwgfx-fixes-5.8' of git://people.freedesktop.org/~sroland/linux into drm-fixes fix for black screens Signed-off-by: Dave Airlie From: "Roland Scheidegger (VMware)" Link: https://patchwork.freedesktop.org/patch/msgid/20200715161843.21118-1-rscheidegger.oss@gmail.com commit 994e99a96c9b502b3f6ee411457007cd52051cf5 Merge: 0665a4e9a1d6 9a33e375d98e Author: Linus Torvalds Date: Wed Jul 15 16:05:19 2020 -0700 Merge tag 'platform-drivers-x86-v5.8-2' of git://git.infradead.org/linux-platform-drivers-x86 into master Pull x86 platform driver fixes from Andriy Shevchenko: "Small fixes for this cycle: - Fix procfs handling in Thinkpad ACPI driver - Fix battery management on new ASUS laptops - New IDs (Sapphire Rapids) in ISST tool" * tag 'platform-drivers-x86-v5.8-2' of git://git.infradead.org/linux-platform-drivers-x86: platform/x86: asus-wmi: allow BAT1 battery name platform/x86: ISST: Add new PCI device ids platform/x86: thinkpad_acpi: Revert "Use strndup_user() in dispatch_proc_write()" commit 0665a4e9a1d6a51b6a25d5a5de6c623d380d853b Merge: 6cbba1f9114a 87730ccbddcb Author: Linus Torvalds Date: Wed Jul 15 15:58:11 2020 -0700 Merge tag 'dmaengine-fix-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine into master Pull dmaengine fixes from Vinod Koul: - update dmaengine tree location to kernel.org - dmatest fix for completing threads - driver fixes for k3dma, fsl-dma, idxd, ,tegra, and few other drivers * tag 'dmaengine-fix-5.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine: (21 commits) dmaengine: ioat setting ioat timeout as module parameter dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu dmaengine: dmatest: stop completed threads when running without set channel dmaengine: fsl-edma-common: correct DSIZE_32BYTE dmaengine: dw: Initialize channel before each transfer dmaengine: idxd: fix misc interrupt handler thread unmasking dmaengine: idxd: cleanup workqueue config after disabling dmaengine: tegra210-adma: Fix runtime PM imbalance on error dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler dmaengine: fsl-edma: Add lockdep assert for exported function dmaengine: idxd: fix hw descriptor fields for delta record dmaengine: ti: k3-udma: add missing put_device() call in of_xudma_dev_get() dmaengine: sh: usb-dmac: set tx_result parameters dmaengine: ti: k3-udma: Fix delayed_work usage for tx drain workaround dmaengine: idxd: fix cdev locking for open and release dmaengine: imx-sdma: Fix: Remove 'always true' comparison MAINTAINERS: switch dmaengine tree to kernel.org dmaengine: ti: k3-udma: Fix the running channel handling in alloc_chan_resources dmaengine: ti: k3-udma: Fix cleanup code for alloc_chan_resources ... commit 6cbba1f9114a8134cff9138c79add15012fd52b9 Author: Wei Yongjun Date: Wed Jul 15 23:28:38 2020 +0100 keys: asymmetric: fix error return code in software_key_query() Fix to return negative error code -ENOMEM from kmalloc() error handling case instead of 0, as done elsewhere in this function. Fixes: f1774cb8956a ("X.509: parse public key parameters from x509 for akcipher") Signed-off-by: Wei Yongjun Signed-off-by: David Howells Signed-off-by: Linus Torvalds commit 811f04bac15181a3351ef1d1aaa377954056e93b Author: David Howells Date: Wed Jul 8 09:27:07 2020 +0100 afs: Fix interruption of operations The afs filesystem driver allows unstarted operations to be cancelled by signal, but most of these can easily be restarted (mkdir for example). The primary culprits for reproducing this are those applications that use SIGALRM to display a progress counter. File lock-extension operation is marked uninterruptible as we have a limited time in which to do it, and the release op is marked uninterruptible also as if we fail to unlock a file, we'll have to wait 20 mins before anyone can lock it again. The store operation logs a warning if it gets interruption, e.g.: kAFS: Unexpected error from FS.StoreData -4 because it's run from the background - but it can also be run from fdatasync()-type things. However, store options aren't marked interruptible at the moment. Fix this in the following ways: (1) Mark store operations as uninterruptible. It might make sense to relax this for certain situations, but I'm not sure how to make sure that background store ops aren't affected by signals to foreground processes that happen to trigger them. (2) In afs_get_io_locks(), where we're getting the serialisation lock for talking to the fileserver, return ERESTARTSYS rather than EINTR because a lot of the operations (e.g. mkdir) are restartable if we haven't yet started sending the op to the server. Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept") Signed-off-by: David Howells Signed-off-by: Linus Torvalds commit f0e1266ed24b8a69655e1ab7fb618dbf6730879b Author: Amir Goldstein Date: Mon Jul 13 17:19:44 2020 +0300 ovl: fix mount option checks for nfs_export with no upperdir Without upperdir mount option, there is no index dir and the dependency checks nfs_export => index for mount options parsing are incorrect. Allow the combination nfs_export=on,index=off with no upperdir and move the check for dependency redirect_dir=nofollow for non-upper mount case to mount options parsing. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 470c15636125d1591bc901f6aa2d8e4a60ed2190 Author: Amir Goldstein Date: Mon Jul 13 17:19:43 2020 +0300 ovl: force read-only sb on failure to create index dir With index feature enabled, on failure to create index dir, overlay is being mounted read-only. However, we do not forbid user to remount overlay read-write. Fix that by setting ofs->workdir to NULL, which prevents remount read-write. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit a888db310195400f050b89c47673f0f8babfbb41 Author: Amir Goldstein Date: Wed Jul 8 16:16:13 2020 +0300 ovl: fix regression with re-formatted lower squashfs Commit 9df085f3c9a2 ("ovl: relax requirement for non null uuid of lower fs") relaxed the requirement for non null uuid with single lower layer to allow enabling index and nfs_export features with single lower squashfs. Fabian reported a regression in a setup when overlay re-uses an existing upper layer and re-formats the lower squashfs image. Because squashfs has no uuid, the origin xattr in upper layer are decoded from the new lower layer where they may resolve to a wrong origin file and user may get an ESTALE or EIO error on lookup. To avoid the reported regression while still allowing the new features with single lower squashfs, do not allow decoding origin with lower null uuid unless user opted-in to one of the new features that require following the lower inode of non-dir upper (index, xino, metacopy). Reported-by: Fabian Link: https://lore.kernel.org/linux-unionfs/32532923.JtPX5UtSzP@fgdesktop/ Fixes: 9df085f3c9a2 ("ovl: relax requirement for non null uuid of lower fs") Cc: stable@vger.kernel.org # v4.20+ Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 20396365a16dae4b4e3967fc7115d5336feb30ee Author: Amir Goldstein Date: Sun Jun 21 09:37:59 2020 +0300 ovl: fix oops in ovl_indexdir_cleanup() with nfs_export=on Mounting with nfs_export=on, xfstests overlay/031 triggers a kernel panic since v5.8-rc1 overlayfs updates. overlayfs: orphan index entry (index/00fb1..., ftype=4000, nlink=2) BUG: kernel NULL pointer dereference, address: 0000000000000030 RIP: 0010:ovl_cleanup_and_whiteout+0x28/0x220 [overlay] Bisect point at commit c21c839b8448 ("ovl: whiteout inode sharing") Minimal reproducer: -------------------------------------------------- rm -rf l u w m mkdir -p l u w m mkdir -p l/testdir touch l/testdir/testfile mount -t overlay -o lowerdir=l,upperdir=u,workdir=w,nfs_export=on overlay m echo 1 > m/testdir/testfile umount m rm -rf u/testdir mount -t overlay -o lowerdir=l,upperdir=u,workdir=w,nfs_export=on overlay m umount m -------------------------------------------------- When mount with nfs_export=on, and fail to verify an orphan index, we're cleaning this index from indexdir by calling ovl_cleanup_and_whiteout(). This dereferences ofs->workdir, that was earlier set to NULL. The design was that ovl->workdir will point at ovl->indexdir, but we are assigning ofs->indexdir to ofs->workdir only after ovl_indexdir_cleanup(). There is no reason not to do it sooner, because once we get success from ofs->indexdir = ovl_workdir_create(... there is no turning back. Reported-and-tested-by: Murphy Zhou Fixes: c21c839b8448 ("ovl: whiteout inode sharing") Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 124c2de2c0aee96271e4ddab190083d8aa7aa71a Author: Amir Goldstein Date: Wed Jun 17 09:57:11 2020 +0300 ovl: relax WARN_ON() when decoding lower directory file handle Decoding a lower directory file handle to overlay path with cold inode/dentry cache may go as follows: 1. Decode real lower file handle to lower dir path 2. Check if lower dir is indexed (was copied up) 3. If indexed, get the upper dir path from index 4. Lookup upper dir path in overlay 5. If overlay path found, verify that overlay lower is the lower dir from step 1 On failure to verify step 5 above, user will get an ESTALE error and a WARN_ON will be printed. A mismatch in step 5 could be a result of lower directory that was renamed while overlay was offline, after that lower directory has been copied up and indexed. This is a scripted reproducer based on xfstest overlay/052: # Create lower subdir create_dirs create_test_files $lower/lowertestdir/subdir mount_dirs # Copy up lower dir and encode lower subdir file handle touch $SCRATCH_MNT/lowertestdir test_file_handles $SCRATCH_MNT/lowertestdir/subdir -p -o $tmp.fhandle # Rename lower dir offline unmount_dirs mv $lower/lowertestdir $lower/lowertestdir.new/ mount_dirs # Attempt to decode lower subdir file handle test_file_handles $SCRATCH_MNT -p -i $tmp.fhandle Since this WARN_ON() can be triggered by user we need to relax it. Fixes: 4b91c30a5a19 ("ovl: lookup connected ancestor of dir in inode cache") Cc: # v4.16+ Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit d78a0dcf64cb94ffdd5253722caed3f044a92a78 Author: youngjun Date: Sun Jun 21 05:50:01 2020 -0700 ovl: remove not used argument in ovl_check_origin ovl_check_origin outparam 'ctrp' argument not used by caller. So remove this argument. Signed-off-by: youngjun Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 5ac8e8025aedd2ea832ae3fe3ca0f920697f45c7 Author: youngjun Date: Sun Jun 21 07:30:59 2020 -0700 ovl: change ovl_copy_up_flags static "ovl_copy_up_flags" is used in copy_up.c. so, change it static. Signed-off-by: youngjun Signed-off-by: Miklos Szeredi commit 24f14009b8f1754ec2ae4c168940c01259b0f88a Author: youngjun Date: Tue Jun 16 17:30:43 2020 +0900 ovl: inode reference leak in ovl_is_inuse true case. When "ovl_is_inuse" true case, trap inode reference not put. plus adding the comment explaining sequence of ovl_is_inuse after ovl_setup_trap. Fixes: 0be0bfd2de9d ("ovl: fix regression caused by overlapping layers detection") Cc: # v4.19+ Reviewed-by: Amir Goldstein Signed-off-by: youngjun Signed-off-by: Miklos Szeredi commit 5b801dfb7feb2738975d80223efc2fc193e55573 Author: Peilin Ye Date: Tue Jul 14 14:09:04 2020 -0400 bpf: Fix NULL pointer dereference in __btf_resolve_helper_id() Prevent __btf_resolve_helper_id() from dereferencing `btf_vmlinux` as NULL. This patch fixes the following syzbot bug: https://syzkaller.appspot.com/bug?id=f823224ada908fa5c207902a5a62065e53ca0fcc Reported-by: syzbot+ee09bda7017345f1fbe6@syzkaller.appspotmail.com Signed-off-by: Peilin Ye Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200714180904.277512-1-yepeilin.cs@gmail.com commit 07d3f04550023395bbf34b99ec7e00fc50d9859f Author: Chandrakanth Patil Date: Wed Jul 15 17:31:53 2020 +0530 scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro As the ENABLE_IRQ_POLL macro is undefined, the check for ENABLE_IRQ_POLL macro in ISR will always be false. This leads to irq polling being non-functional. Remove ENABLE_IRQ_POLL check from ISR. Link: https://lore.kernel.org/r/20200715120153.20512-1-chandrakanth.patil@broadcom.com Fixes: a6ffd5bf6819 ("scsi: megaraid_sas: Call disable_irq from process IRQ") Cc: # v5.3+ Signed-off-by: Chandrakanth Patil Signed-off-by: Kashyap Desai Signed-off-by: Martin K. Petersen commit 681fda8d27a66f7e65ff7f2d200d7635e64a8d05 Author: Pavel Begunkov Date: Wed Jul 15 22:20:45 2020 +0300 io_uring: fix recvmsg memory leak with buffer selection io_recvmsg() doesn't free memory allocated for struct io_buffer. This can causes a leak when used with automatic buffer selection. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 681a5c71fb829fc2193e3bb524af41525477f5c3 Author: Krzysztof Kozlowski Date: Mon Jun 29 10:16:29 2020 +0200 arm64: dts: spcfpga: Align GIC, NAND and UART nodenames with dtschema Fix dtschema validator warnings like: intc@fffc1000: $nodename:0: 'intc@fffc1000' does not match '^interrupt-controller(@[0-9a-f,]+)*$' Fixes: 78cd6a9d8e15 ("arm64: dts: Add base stratix 10 dtsi") Signed-off-by: Krzysztof Kozlowski Signed-off-by: Dinh Nguyen commit d7adfe5ffed9faa05f8926223086b101e14f700d Author: Krzysztof Kozlowski Date: Fri Jun 26 10:06:02 2020 +0200 ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema Fix dtschema validator warnings like: l2-cache@fffff000: $nodename:0: 'l2-cache@fffff000' does not match '^(cache-controller|cpu)(@[0-9a-f,]+)*$' Fixes: 475dc86d08de ("arm: dts: socfpga: Add a base DTSI for Altera's Arria10 SOC") Signed-off-by: Krzysztof Kozlowski Signed-off-by: Dinh Nguyen commit 3bf9b8ffc8980c1090bdd3a5570cf42420620838 Author: Dinh Nguyen Date: Mon Jun 29 12:47:35 2020 -0500 arm64: dts: stratix10: increase QSPI reg address in nand dts file Match the QSPI reg address in the socfpga_stratix10_socdk.dts file. Fixes: 80f132d73709 ("arm64: dts: increase the QSPI reg address for Stratix10 and Agilex") Cc: linux-stable # >= v5.6 Signed-off-by: Dinh Nguyen commit 263a0269a59c0b4145829462a107fe7f7327105f Author: Dinh Nguyen Date: Mon Jun 29 11:25:43 2020 -0500 arm64: dts: stratix10: add status to qspi dts node Add status = "okay" to QSPI node. Fixes: 0cb140d07fc75 ("arm64: dts: stratix10: Add QSPI support for Stratix10") Cc: linux-stable # >= v5.6 Signed-off-by: Dinh Nguyen commit 60176e6be0bb6f629b15aea7dcab5a95ecb158e9 Author: Dinh Nguyen Date: Mon Jun 29 11:19:21 2020 -0500 arm64: dts: agilex: add status to qspi dts node Add status = "okay" to QSPI node. Fixes: c4c8757b2d895 ("arm64: dts: agilex: add QSPI support for Intel Agilex") Cc: linux-stable # >= v5.5 Signed-off-by: Dinh Nguyen commit 1e9451cbda456a170518b2bfd643e2cb980880bf Author: Florian Westphal Date: Tue Jul 14 18:51:39 2020 +0200 netfilter: nf_tables: fix nat hook table deletion sybot came up with following transaction: add table ip syz0 add chain ip syz0 syz2 { type nat hook prerouting priority 0; policy accept; } add table ip syz0 { flags dormant; } delete chain ip syz0 syz2 delete table ip syz0 which yields: hook not found, pf 2 num 0 WARNING: CPU: 0 PID: 6775 at net/netfilter/core.c:413 __nf_unregister_net_hook+0x3e6/0x4a0 net/netfilter/core.c:413 [..] nft_unregister_basechain_hooks net/netfilter/nf_tables_api.c:206 [inline] nft_table_disable net/netfilter/nf_tables_api.c:835 [inline] nf_tables_table_disable net/netfilter/nf_tables_api.c:868 [inline] nf_tables_commit+0x32d3/0x4d70 net/netfilter/nf_tables_api.c:7550 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:486 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:544 [inline] nfnetlink_rcv+0x14a5/0x1e50 net/netfilter/nfnetlink.c:562 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] Problem is that when I added ability to override base hook registration to make nat basechains register with the nat core instead of netfilter core, I forgot to update nft_table_disable() to use that instead of the 'raw' hook register interface. In syzbot transaction, the basechain is of 'nat' type. Its registered with the nat core. The switch to 'dormant mode' attempts to delete from netfilter core instead. After updating nft_table_disable/enable to use the correct helper, nft_(un)register_basechain_hooks can be folded into the only remaining caller. Because nft_trans_table_enable() won't do anything when the DORMANT flag is set, remove the flag first, then re-add it in case re-enablement fails, else this patch breaks sequence: add table ip x { flags dormant; } /* add base chains */ add table ip x The last 'add' will remove the dormant flags, but won't have any other effect -- base chains are not registered. Then, next 'set dormant flag' will create another 'hook not found' splat. Reported-by: syzbot+2570f2c036e3da5db176@syzkaller.appspotmail.com Fixes: 4e25ceb80b58 ("netfilter: nf_tables: allow chain type to override hook register") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit 912288442cb2f431bf3c8cb097a5de83bc6dbac1 Author: Colin Ian King Date: Wed Jul 15 17:26:04 2020 +0100 xprtrdma: fix incorrect header size calculations Currently the header size calculations are using an assignment operator instead of a += operator when accumulating the header size leading to incorrect sizes. Fix this by using the correct operator. Addresses-Coverity: ("Unused value") Fixes: 302d3deb2068 ("xprtrdma: Prevent inline overflow") Signed-off-by: Colin Ian King Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker commit 3ce17cd2b94907f6d91b81b32848044b84c97606 Author: Cristian Marussi Date: Wed Jul 15 13:13:38 2020 +0100 hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() SMATCH detected a potential buffer overflow in the manipulation of hwmon_attributes array inside the scmi_hwmon_probe function: drivers/hwmon/scmi-hwmon.c:226 scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9 Fix it by statically declaring the size of the array as the maximum possible as defined by hwmon_max define. Signed-off-by: Cristian Marussi Reviewed-by: Sudeep Holla Link: https://lore.kernel.org/r/20200715121338.GA18761@e119603-lin.cambridge.arm.com Signed-off-by: Guenter Roeck commit f0479c4bcbd92d1a457d4a43bcab79f29d11334a Author: Haren Myneni Date: Fri Jul 10 16:49:58 2020 -0700 selftests/powerpc: Use proper error code to check fault address ERR_NX_TRANSLATION(CSB.CC=5) is for internal to VAS for fault handling and should not used by OS. ERR_NX_AT_FAULT(CSB.CC=250) is the proper error code should be reported by OS when NX encounters address translation failure. This patch uses CC=250 to determine the fault address when the request is not successful. Signed-off-by: Haren Myneni Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/0315251705baff94f678c33178491b5008723511.camel@linux.ibm.com commit 6068e1a4427e88f5cc62f238d1baf94a8b824ef4 Author: Haren Myneni Date: Fri Jul 10 16:47:19 2020 -0700 powerpc/vas: Report proper error code for address translation failure P9 DD2 NX workbook (Table 4-36) says DMA controller uses CC=5 internally for translation fault handling. NX reserves CC=250 for OS to notify user space when NX encounters address translation failure on the request buffer. Not an issue in earlier releases as NX does not get faults on kernel addresses. This patch defines CSB_CC_FAULT_ADDRESS(250) and updates CSB.CC with this proper error code for user space. Fixes: c96c4436aba4 ("powerpc/vas: Update CSB and notify process for fault CRBs") Signed-off-by: Haren Myneni [mpe: Added Fixes tag and fix typo in comment] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/019fd53e7538c6f8f332d175df74b1815ef5aa8c.camel@linux.ibm.com commit 31070f6ccec09f3bd4f1e28cd1e592fa4f3ba0b6 Author: Chirantan Ekbote Date: Tue Jul 14 19:26:39 2020 +0900 fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS The ioctl encoding for this parameter is a long but the documentation says it should be an int and the kernel drivers expect it to be an int. If the fuse driver treats this as a long it might end up scribbling over the stack of a userspace process that only allocated enough space for an int. This was previously discussed in [1] and a patch for fuse was proposed in [2]. From what I can tell the patch in [2] was nacked in favor of adding new, "fixed" ioctls and using those from userspace. However there is still no "fixed" version of these ioctls and the fact is that it's sometimes infeasible to change all userspace to use the new one. Handling the ioctls specially in the fuse driver seems like the most pragmatic way for fuse servers to support them without causing crashes in userspace applications that call them. [1]: https://lore.kernel.org/linux-fsdevel/20131126200559.GH20559@hall.aurel32.net/T/ [2]: https://sourceforge.net/p/fuse/mailman/message/31771759/ Signed-off-by: Chirantan Ekbote Fixes: 59efec7b9039 ("fuse: implement ioctl support") Cc: Signed-off-by: Miklos Szeredi commit 9a33e375d98ece5ea40c576eabd3257acb90c509 Author: Vasiliy Kupriakov Date: Tue Jun 30 20:56:01 2020 +0300 platform/x86: asus-wmi: allow BAT1 battery name The battery on my laptop ASUS TUF Gaming FX706II is named BAT1. This patch allows battery extension to load. Signed-off-by: Vasiliy Kupriakov Signed-off-by: Andy Shevchenko commit e1eea3f839f41368d7cb4eb2d872d5b288677e94 Author: Srinivas Pandruvada Date: Wed Jun 24 10:51:38 2020 -0700 platform/x86: ISST: Add new PCI device ids Added new PCI device ids for supporting mailbox and MMIO interface for Sapphire Rapids. Signed-off-by: Srinivas Pandruvada Signed-off-by: Andy Shevchenko commit e2e90804dc1c190dcc00e4ca481bfd847ee5efcd Author: Andy Shevchenko Date: Wed Jul 15 12:40:07 2020 +0300 platform/x86: thinkpad_acpi: Revert "Use strndup_user() in dispatch_proc_write()" This reverts commit 35d13c7a05126a5a54a1ef40aff4c6984474e604. This broke procfs interface due to neglecting the fact that the strings are not coming NULL terminated. Revert the change till we will have a better clean up. Fixes: 35d13c7a0512 ("platform/x86: thinkpad_acpi: Use strndup_user() in dispatch_proc_write()") Reported-by: Hans de Goede Signed-off-by: Andy Shevchenko commit a8f62f183021be389561570ab5f8c701a5e70298 Author: Enric Balletbo i Serra Date: Tue Jul 7 12:34:12 2020 +0200 Revert "thermal: mediatek: fix register index error" This reverts commit eb9aecd90d1a39601e91cd08b90d5fee51d321a6 The above patch is supposed to fix a register index error on mt2701. It is not clear if the problem solved is a hang or just an invalid value returned, my guess is the second. The patch introduces, though, a new hang on MT8173 device making them unusable. So, seems reasonable, revert the patch because introduces a worst issue. The reason I send a revert instead of trying to fix the issue for MT8173 is because the information needed to fix the issue is in the datasheet and is not public. So I am not really able to fix it. Fixes the following bug when CONFIG_MTK_THERMAL is set on MT8173 devices. [ 2.222488] Unable to handle kernel paging request at virtual address ffff8000125f5001 [ 2.230421] Mem abort info: [ 2.233207] ESR = 0x96000021 [ 2.236261] EC = 0x25: DABT (current EL), IL = 32 bits [ 2.241571] SET = 0, FnV = 0 [ 2.244623] EA = 0, S1PTW = 0 [ 2.247762] Data abort info: [ 2.250640] ISV = 0, ISS = 0x00000021 [ 2.254473] CM = 0, WnR = 0 [ 2.257544] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041850000 [ 2.264251] [ffff8000125f5001] pgd=000000013ffff003, pud=000000013fffe003, pmd=000000013fff9003, pte=006800001100b707 [ 2.274867] Internal error: Oops: 96000021 [#1] PREEMPT SMP [ 2.280432] Modules linked in: [ 2.283483] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.7.0-rc6+ #162 [ 2.289914] Hardware name: Google Elm (DT) [ 2.294003] pstate: 20000005 (nzCv daif -PAN -UAO) [ 2.298792] pc : mtk_read_temp+0xb8/0x1c8 [ 2.302793] lr : mtk_read_temp+0x7c/0x1c8 [ 2.306794] sp : ffff80001003b930 [ 2.310100] x29: ffff80001003b930 x28: 0000000000000000 [ 2.315404] x27: 0000000000000002 x26: ffff0000f9550b10 [ 2.320709] x25: ffff0000f9550a80 x24: 0000000000000090 [ 2.326014] x23: ffff80001003ba24 x22: 00000000610344c0 [ 2.331318] x21: 0000000000002710 x20: 00000000000001f4 [ 2.336622] x19: 0000000000030d40 x18: ffff800011742ec0 [ 2.341926] x17: 0000000000000001 x16: 0000000000000001 [ 2.347230] x15: ffffffffffffffff x14: ffffff0000000000 [ 2.352535] x13: ffffffffffffffff x12: 0000000000000028 [ 2.357839] x11: 0000000000000003 x10: ffff800011295ec8 [ 2.363143] x9 : 000000000000291b x8 : 0000000000000002 [ 2.368447] x7 : 00000000000000a8 x6 : 0000000000000004 [ 2.373751] x5 : 0000000000000000 x4 : ffff800011295cb0 [ 2.379055] x3 : 0000000000000002 x2 : ffff8000125f5001 [ 2.384359] x1 : 0000000000000001 x0 : ffff0000f9550a80 [ 2.389665] Call trace: [ 2.392105] mtk_read_temp+0xb8/0x1c8 [ 2.395760] of_thermal_get_temp+0x2c/0x40 [ 2.399849] thermal_zone_get_temp+0x78/0x160 [ 2.404198] thermal_zone_device_update.part.0+0x3c/0x1f8 [ 2.409589] thermal_zone_device_update+0x34/0x48 [ 2.414286] of_thermal_set_mode+0x58/0x88 [ 2.418375] thermal_zone_of_sensor_register+0x1a8/0x1d8 [ 2.423679] devm_thermal_zone_of_sensor_register+0x64/0xb0 [ 2.429242] mtk_thermal_probe+0x690/0x7d0 [ 2.433333] platform_drv_probe+0x5c/0xb0 [ 2.437335] really_probe+0xe4/0x448 [ 2.440901] driver_probe_device+0xe8/0x140 [ 2.445077] device_driver_attach+0x7c/0x88 [ 2.449252] __driver_attach+0xac/0x178 [ 2.453082] bus_for_each_dev+0x78/0xc8 [ 2.456909] driver_attach+0x2c/0x38 [ 2.460476] bus_add_driver+0x14c/0x230 [ 2.464304] driver_register+0x6c/0x128 [ 2.468131] __platform_driver_register+0x50/0x60 [ 2.472831] mtk_thermal_driver_init+0x24/0x30 [ 2.477268] do_one_initcall+0x50/0x298 [ 2.481098] kernel_init_freeable+0x1ec/0x264 [ 2.485450] kernel_init+0x1c/0x110 [ 2.488931] ret_from_fork+0x10/0x1c [ 2.492502] Code: f9401081 f9400402 b8a67821 8b010042 (b9400042) [ 2.498599] ---[ end trace e43e3105ed27dc99 ]--- [ 2.503367] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 2.511020] SMP: stopping secondary CPUs [ 2.514941] Kernel Offset: disabled [ 2.518421] CPU features: 0x090002,25006005 [ 2.522595] Memory Limit: none [ 2.525644] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]-- Cc: Michael Kao Fixes: eb9aecd90d1a ("thermal: mediatek: fix register index error") Signed-off-by: Enric Balletbo i Serra Reviewed-by: Matthias Brugger Signed-off-by: Daniel Lezcano Link: https://lore.kernel.org/r/20200707103412.1010823-1-enric.balletbo@collabora.com commit f3d7fb38976b1b0a8462ba1c7cbd404ddfaad086 Author: Alex Hung Date: Mon Jun 15 16:39:57 2020 -0600 thermal: int3403_thermal: Downgrade error message Downgrade "Unsupported event" message from dev_err to dev_dbg to avoid flooding with this message on some platforms. Cc: stable@vger.kernel.org # v5.4+ Suggested-by: Zhang Rui Signed-off-by: Alex Hung [ rzhang: fix typo in changelog ] Signed-off-by: Zhang Rui Link: https://lore.kernel.org/r/20200615223957.183153-1-alex.hung@canonical.com commit 1d61e21852d3161f234b9656797669fe185c251b Author: Laurence Oberman Date: Tue Jul 14 18:08:05 2020 -0400 qed: Disable "MFW indication via attention" SPAM every 5 minutes This is likely firmware causing this but its starting to annoy customers. Change the message level to verbose to prevent the spam. Note that this seems to only show up with ISCSI enabled on the HBA via the qedi driver. Signed-off-by: Laurence Oberman Signed-off-by: David S. Miller commit 651149f60376758a4759f761767965040f9e4464 Author: Paolo Pisati Date: Tue Jul 14 17:40:55 2020 +0200 selftests: fib_nexthop_multiprefix: fix cleanup() netns deletion During setup(): ... for ns in h0 r1 h1 h2 h3 do create_ns ${ns} done ... while in cleanup(): ... for n in h1 r1 h2 h3 h4 do ip netns del ${n} 2>/dev/null done ... and after removing the stderr redirection in cleanup(): $ sudo ./fib_nexthop_multiprefix.sh ... TEST: IPv4: host 0 to host 3, mtu 1400 [ OK ] TEST: IPv6: host 0 to host 3, mtu 1400 [ OK ] Cannot remove namespace file "/run/netns/h4": No such file or directory $ echo $? 1 and a non-zero return code, make kselftests fail (even if the test itself is fine): ... not ok 34 selftests: net: fib_nexthop_multiprefix.sh # exit=1 ... Signed-off-by: Paolo Pisati Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 8a03746c8baf82e1616f05a1a716d34378dcf780 Author: Guenter Roeck Date: Tue Jul 14 14:31:11 2020 -0700 hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D Stefan Dietrich reports invalid temperature source messages on Asus Formula XII Z490. nct6775 nct6775.656: Invalid temperature source 28 at index 0, source register 0x100, temp register 0x73 Debugging suggests that temperature source 28 reports the CPU temperature. Let's assume that temperature sources 28 and 29 reflect "PECI Agent {0,1} Calibration", similar to other chips of the series. Reported-by: Stefan Dietrich Cc: Stefan Dietrich Signed-off-by: Guenter Roeck commit ff021f22ea8f1388ced048243c6e06ca5cfbd62a Author: Maxim Kochetkov Date: Tue Jul 14 15:01:04 2020 +0300 gianfar: Use random MAC address when none is given If there is no valid MAC address in the device tree, use a random MAC address. Signed-off-by: Maxim Kochetkov Signed-off-by: David S. Miller commit 3195c4706b00106aa82c73acd28340fa8fc2bfc1 Author: Christophe JAILLET Date: Tue Jul 14 13:00:27 2020 +0200 hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path The size used when calling 'pci_alloc_consistent()' and 'pci_free_consistent()' should match. Fix it and have it consistent with the corresponding call in 'rr_close()'. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Christophe JAILLET Signed-off-by: David S. Miller commit 0cac21b02ba5f3095fd2dcc77c26a25a0b2432ed Author: Andreas Schwab Date: Mon Jul 6 14:32:26 2020 +0200 riscv: use 16KB kernel stack on 64-bit With the current 8KB stack size there are frequent overflows in a 64-bit configuration. We may split IRQ stacks off in the future, but this fixes a number of issues right now. Signed-off-by: Andreas Schwab Reviewed-by: Anup Patel [Palmer: mention irqstack in the commit text] Fixes: 7db91e57a0ac ("RISC-V: Task implementation") Cc: stable@vger.kernel.org Signed-off-by: Palmer Dabbelt commit 05051496b2622e4d12e2036b35165969aa502f89 Author: Xiaojie Yuan Date: Tue Jul 14 15:47:31 2020 +0800 drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() "u64 *wptr" points to the the wptr value in write back buffer and "*wptr = (*wptr) >> 2;" results in the value being overwritten each time when ->get_wptr() is called. umr uses /sys/kernel/debug/dri/0/amdgpu_ring_sdma0 to get rptr/wptr and decode ring content and it is affected by this issue. fix and simplify the logic similar as sdma_v4_0_ring_get_wptr(). v2: fix for sdma5.2 as well v3: drop sdma 5.2 changes for 5.8 and stable Suggested-by: Le Ma Signed-off-by: Xiaojie Yuan Reviewed-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 98a34cf931e848f8489d3fb15a8f5fc03802ad65 Author: chen gong Date: Mon Jul 13 16:11:24 2020 +0800 drm/amdgpu/powerplay: Modify SMC message name for setting power profile mode I consulted Cai Land(Chuntian.Cai@amd.com), he told me corresponding smc message name to fSMC_MSG_SetWorkloadMask() is "PPSMC_MSG_ActiveProcessNotify" in firmware code of Renoir. Strange though it may seem, but it's a fact. Signed-off-by: chen gong Reviewed-by: Evan Quan Acked-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit be73e608ae2711dc8a1ab8b9549d9e348061b2ee Author: Josip Pavic Date: Mon Jul 6 15:43:39 2020 -0400 drm/amd/display: handle failed allocation during stream construction [Why] Failing to allocate a transfer function during stream construction leads to a null pointer dereference [How] Handle the failed allocation by failing the stream construction Cc: stable@vger.kernel.org Signed-off-by: Josip Pavic Reviewed-by: Aric Cyr Acked-by: Rodrigo Siqueira Signed-off-by: Alex Deucher commit b448d30b0c303d5454ea572b772d1ffae96bc6e7 Author: hersen wu Date: Mon Jun 22 13:29:16 2020 -0400 drm/amd/display: OLED panel backlight adjust not work with external display connected [Why] amdgpu_dm->backlight_caps is for single eDP only. the caps are upddated for very connector. Real eDP caps will be overwritten by other external display. For OLED panel, caps->aux_support is set to 1 for OLED pnael. after external connected, caps+.aux_support is set to 0. This causes OLED backlight adjustment not work. [How] within update_conector_ext_caps, backlight caps will be updated only for eDP connector. Cc: stable@vger.kernel.org Signed-off-by: hersen wu Reviewed-by: Nicholas Kazlauskas Acked-by: Rodrigo Siqueira Signed-off-by: Alex Deucher commit 3168470142e0a82b5732c04ed4c031a9322ae170 Author: Alex Deucher Date: Fri Jul 10 17:50:00 2020 -0400 drm/amdgpu/display: create fake mst encoders ahead of time (v4) Prevents a warning in the MST create connector case. v2: create global fake encoders rather per connector fake encoders to avoid running out of encoder indices. v3: use the actual number of crtcs on the asic rather than the max to conserve encoders. v4: v3 plus missing hunk I forgot to git add. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1108 Fixes: c6385e503aeaf9 ("drm/amdgpu: drop legacy drm load and unload callbacks") Reviewed-by: Nicholas Kazlauskas Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org # 5.7.x commit d845a2051b6b673fab4229b920ea04c7c4352b51 Author: Jack Xiao Date: Fri Jul 10 12:34:52 2020 +0800 drm/amdgpu: fix preemption unit test Remove signaled jobs from job list and ensure the job was indeed preempted. Signed-off-by: Jack Xiao Reviewed-by: Hawking Zhang Signed-off-by: Alex Deucher commit 7d65a577bb58d4f27a3398a4c0cb0b00ab7d0511 Author: Jack Xiao Date: Fri Jul 10 12:18:22 2020 +0800 drm/amdgpu/gfx10: fix race condition for kiq During preemption test for gfx10, it uses kiq to trigger gfx preemption, which would result in race condition with flushing TLB for kiq. Signed-off-by: Jack Xiao Reviewed-by: Hawking Zhang Acked-by: Christian König Signed-off-by: Alex Deucher commit 92e0575b99835b5b3aaab2132dd551e0e04eb96a Author: Ville Syrjälä Date: Sat Jul 11 11:03:36 2020 +0300 drm/i915: Recalculate FBC w/a stride when needed Currently we're failing to recalculate the gen9 FBC w/a stride unless something more drastic than just the modifier itself has changed. This often leaves us with FBC enabled with the linear fbdev framebuffer without the w/a stride enabled. That will cause an immediate underrun and FBC will get promptly disabled. Fix the problem by checking if the w/a stride is about to change, and go through the full dance if so. This part of the FBC code is still pretty much a disaster and will need lots more work. But this should at least fix the immediate issue. v2: Deactivate FBC when the modifier changes since that will likely require resetting the w/a CFB stride Cc: stable@vger.kernel.org Signed-off-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20200711080336.13423-1-ville.syrjala@linux.intel.com Reviewed-by: José Roberto de Souza (cherry picked from commit 0428ab013fdd39dbfb8f4cd8ad2b60af3776c6b9) Signed-off-by: Jani Nikula commit 6647e6cdba753e71170be7da2acfead7154f56d8 Author: Maarten Lankhorst Date: Wed Feb 12 14:54:45 2020 +0100 drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. This fixes the following KASAN splash on module reload: [ 145.136327] ================================================================== [ 145.136502] BUG: KASAN: use-after-free in intel_hdmi_destroy+0x74/0x80 [i915] [ 145.136514] Read of size 8 at addr ffff888216641830 by task kworker/1:1/134 [ 145.136535] CPU: 1 PID: 134 Comm: kworker/1:1 Tainted: G U T 5.5.0-rc7-valkyria+ #5783 [ 145.136539] Hardware name: GIGABYTE GB-BKi3A-7100/MFLP3AP-00, BIOS F1 07/27/2016 [ 145.136546] Workqueue: events drm_connector_free_work_fn [ 145.136551] Call Trace: [ 145.136560] dump_stack+0xa1/0xe0 [ 145.136571] print_address_description.constprop.0+0x1e/0x210 [ 145.136639] ? intel_hdmi_destroy+0x74/0x80 [i915] [ 145.136703] ? intel_hdmi_destroy+0x74/0x80 [i915] [ 145.136710] __kasan_report.cold+0x1b/0x37 [ 145.136790] ? intel_hdmi_destroy+0x74/0x80 [i915] [ 145.136863] ? intel_hdmi_destroy+0x74/0x80 [i915] [ 145.136870] kasan_report+0x27/0x30 [ 145.136881] __asan_report_load8_noabort+0x1c/0x20 [ 145.136946] intel_hdmi_destroy+0x74/0x80 [i915] [ 145.136954] drm_connector_free_work_fn+0xd1/0x100 [ 145.136967] process_one_work+0x86e/0x1610 [ 145.136987] ? pwq_dec_nr_in_flight+0x2f0/0x2f0 [ 145.137004] ? move_linked_works+0x128/0x2c0 [ 145.137021] worker_thread+0x63e/0xc90 [ 145.137048] kthread+0x2f6/0x3f0 [ 145.137054] ? calculate_sigpending+0x81/0xa0 [ 145.137059] ? process_one_work+0x1610/0x1610 [ 145.137064] ? kthread_bind+0x40/0x40 [ 145.137075] ret_from_fork+0x24/0x30 [ 145.137111] Allocated by task 0: [ 145.137119] (stack is not available) [ 145.137137] Freed by task 5053: [ 145.137147] save_stack+0x28/0x90 [ 145.137152] __kasan_slab_free+0x136/0x180 [ 145.137157] kasan_slab_free+0x26/0x30 [ 145.137161] kfree+0xe6/0x350 [ 145.137242] intel_ddi_encoder_destroy+0x60/0x80 [i915] [ 145.137252] drm_mode_config_cleanup+0x11d/0x8f0 [ 145.137329] intel_modeset_driver_remove+0x1f5/0x350 [i915] [ 145.137403] i915_driver_remove+0xc4/0x130 [i915] [ 145.137482] i915_pci_remove+0x3e/0x90 [i915] [ 145.137489] pci_device_remove+0x108/0x2d0 [ 145.137494] device_release_driver_internal+0x1e6/0x4a0 [ 145.137499] driver_detach+0xcb/0x198 [ 145.137503] bus_remove_driver+0xde/0x204 [ 145.137508] driver_unregister+0x6d/0xa0 [ 145.137513] pci_unregister_driver+0x2e/0x230 [ 145.137576] i915_exit+0x1f/0x26 [i915] [ 145.137157] kasan_slab_free+0x26/0x30 [ 145.137161] kfree+0xe6/0x350 [ 145.137242] intel_ddi_encoder_destroy+0x60/0x80 [i915] [ 145.137252] drm_mode_config_cleanup+0x11d/0x8f0 [ 145.137329] intel_modeset_driver_remove+0x1f5/0x350 [i915] [ 145.137403] i915_driver_remove+0xc4/0x130 [i915] [ 145.137482] i915_pci_remove+0x3e/0x90 [i915] [ 145.137489] pci_device_remove+0x108/0x2d0 [ 145.137494] device_release_driver_internal+0x1e6/0x4a0 [ 145.137499] driver_detach+0xcb/0x198 [ 145.137503] bus_remove_driver+0xde/0x204 [ 145.137508] driver_unregister+0x6d/0xa0 [ 145.137513] pci_unregister_driver+0x2e/0x230 [ 145.137576] i915_exit+0x1f/0x26 [i915] [ 145.137581] __x64_sys_delete_module+0x35b/0x470 [ 145.137586] do_syscall_64+0x99/0x4e0 [ 145.137591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 145.137606] The buggy address belongs to the object at ffff888216640000 which belongs to the cache kmalloc-8k of size 8192 [ 145.137618] The buggy address is located 6192 bytes inside of 8192-byte region [ffff888216640000, ffff888216642000) [ 145.137630] The buggy address belongs to the page: [ 145.137640] page:ffffea0008599000 refcount:1 mapcount:0 mapping:ffff888107c02a80 index:0xffff888216644000 compound_mapcount: 0 [ 145.137647] raw: 0200000000010200 0000000000000000 0000000100000001 ffff888107c02a80 [ 145.137652] raw: ffff888216644000 0000000080020001 00000001ffffffff 0000000000000000 [ 145.137656] page dumped because: kasan: bad access detected [ 145.137668] Memory state around the buggy address: [ 145.137678] ffff888216641700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 145.137687] ffff888216641780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 145.137697] >ffff888216641800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 145.137706] ^ [ 145.137715] ffff888216641880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 145.137724] ffff888216641900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 145.137733] ================================================================== [ 145.137742] Disabling lock debugging due to kernel taint Changes since v1: - Add fixes tags. - Use early unregister. Signed-off-by: Maarten Lankhorst Fixes: 9c229127aee2 ("drm/i915: hdmi: add CEC notifier to intel_hdmi") Cc: # v4.19+ Reviewed-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20200212135445.1469133-1-maarten.lankhorst@linux.intel.com (cherry picked from commit a581483b1e5466d28fc50ff623fba31cea2cccb6) Signed-off-by: Jani Nikula commit 110f9efa858f584c6bed177cd48d0c0f526940e1 Author: Chris Wilson Date: Mon Jul 13 17:05:49 2020 +0100 drm/i915/gt: Only swap to a random sibling once upon creation The danger in switching at random upon intel_context_pin is that the context may still actually be inflight, as it will not be scheduled out until a context switch after it is complete -- that may be a long time after we do a final intel_context_unpin. Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/2118 Fixes: 6d06779e8672 ("drm/i915: Load balancing across a virtual engine") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: # v5.3+ Reviewed-by: Tvrtko Ursulin Link: https://patchwork.freedesktop.org/patch/msgid/20200713160549.17344-1-chris@chris-wilson.co.uk (cherry picked from commit 90a987205c6cf74116a102ed446d22d92cdaf915) Signed-off-by: Jani Nikula commit 858f1299fd6f7518ddef19ddd304c8398ac79fa5 Author: Chris Wilson Date: Sat Jul 11 21:32:36 2020 +0100 drm/i915/gt: Ignore irq enabling on the virtual engines We do not use the virtual engines for interrupts (they have physical components), but we do use them to decouple the fence signaling during submission. Currently, when we submit a completed request, we try to enable the interrupt handler for the virtual engine, but we never disarm it. A quick fix is then to mark the irq as enabled, and it will then remain enabled -- and this prevents us from waking the device and never letting it sleep again. Fixes: f8db4d051b5e ("drm/i915: Initialise breadcrumb lists on the virtual engine") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: Tvrtko Ursulin Cc: # v5.5+ Reviewed-by: Tvrtko Ursulin Link: https://patchwork.freedesktop.org/patch/msgid/20200711203236.12330-1-chris@chris-wilson.co.uk (cherry picked from commit 4fe6abb8f51355224808ab02a9febf65d184c40b) Signed-off-by: Jani Nikula commit aee62e02c48bd62b9b07f5e297ecfc9aaa964937 Author: Umesh Nerlige Ramappa Date: Thu Jul 9 23:45:03 2020 +0100 drm/i915/perf: Use GTT when saving/restoring engine GPR MI_STORE_REGISTER_MEM and MI_LOAD_REGISTER_MEM need to know which translation to use when saving restoring the engine general purpose registers to and from the GT scratch. Since GT scratch is mapped to ggtt, we need to set an additional bit in the command to use GTT. Fixes: daed3e44396d17 ("drm/i915/perf: implement active wait for noa configurations") Suggested-by: Prathap Kumar Valsan Signed-off-by: Umesh Nerlige Ramappa Reviewed-by: Lionel Landwerlin Reviewed-by: Chris Wilson Link: https://patchwork.freedesktop.org/patch/msgid/20200709224504.11345-1-chris@chris-wilson.co.uk Signed-off-by: Chris Wilson (cherry picked from commit e43ff99c8deda85234e6233e0f4af6cb09566a37) Signed-off-by: Jani Nikula commit 42de9b0a2bb29238d316bd56407c0e727d6d7ff9 Author: Sudeep Holla Date: Thu Jul 9 16:49:31 2020 +0100 drm/i915/selftests: Fix compare functions provided for sorting Both cmp_u32 and cmp_u64 are comparing the pointers instead of the value at those pointers. This will result in incorrect/unsorted list. Fix it by deferencing the pointers before comparison. Fixes: 4ba74e53ada3 ("drm/i915/selftests: Verify frequency scaling with RPS") Fixes: 8757797ff9c9 ("drm/i915/selftests: Repeat the rps clock frequency measurement") Cc: Chris Wilson Cc: Mika Kuoppala Signed-off-by: Sudeep Holla Reviewed-by: Chris Wilson Signed-off-by: Chris Wilson Link: https://patchwork.freedesktop.org/patch/msgid/20200709154931.23310-1-sudeep.holla@arm.com (cherry picked from commit 2196dfea896f7027b43bae848890ce4aec5c8724) Signed-off-by: Jani Nikula commit e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb Author: Thomas Gleixner Date: Thu Jul 9 11:53:06 2020 +0200 irqdomain/treewide: Keep firmware node unconditionally allocated Quite some non OF/ACPI users of irqdomains allocate firmware nodes of type IRQCHIP_FWNODE_NAMED or IRQCHIP_FWNODE_NAMED_ID and free them right after creating the irqdomain. The only purpose of these FW nodes is to convey name information. When this was introduced the core code did not store the pointer to the node in the irqdomain. A recent change stored the firmware node pointer in irqdomain for other reasons and missed to notice that the usage sites which do the alloc_fwnode/create_domain/free_fwnode sequence are broken by this. Storing a dangling pointer is dangerous itself, but in case that the domain is destroyed later on this leads to a double free. Remove the freeing of the firmware node after creating the irqdomain from all affected call sites to cure this. Fixes: 711419e504eb ("irqdomain: Add the missing assignment of domain->fwnode for named fwnode") Reported-by: Andy Shevchenko Signed-off-by: Thomas Gleixner Acked-by: Bjorn Helgaas Acked-by: Marc Zyngier Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/873661qakd.fsf@nanos.tec.linutronix.de commit 2a4117df9b436a0e4c79d211284ab2097bcd00dc Author: dillon min Date: Tue Jul 14 14:35:07 2020 +0800 ARM: dts: Fix dcan driver probe failed on am437x platform Got following d_can probe errors with kernel 5.8-rc1 on am437x [ 10.730822] CAN device driver interface Starting Wait for Network to be Configured... [ OK ] Reached target Network. [ 10.787363] c_can_platform 481cc000.can: probe failed [ 10.792484] c_can_platform: probe of 481cc000.can failed with error -2 [ 10.799457] c_can_platform 481d0000.can: probe failed [ 10.804617] c_can_platform: probe of 481d0000.can failed with error -2 actually, Tony has fixed this issue on am335x with the patch [3] Since am437x has the same clock structure with am335x [1][2], so reuse the code from Tony Lindgren's patch [3] to fix it. [1]: https://www.ti.com/lit/pdf/spruh73 Chapter-23, Figure 23-1. DCAN Integration [2]: https://www.ti.com/lit/pdf/spruhl7 Chapter-25, Figure 25-1. DCAN Integration [3]: commit 516f1117d0fb ("ARM: dts: Configure osc clock for d_can on am335x") Fixes: 1a5cd7c23cc5 ("bus: ti-sysc: Enable all clocks directly during init to read revision") Signed-off-by: dillon min [tony@atomide.com: aligned commit message a bit for readability] Signed-off-by: Tony Lindgren commit a18fb07623813aaee1a69873c785865695a32c9e Author: Chen Tao Date: Fri Jun 19 18:42:40 2020 +0800 ARM: OMAP2+: Fix possible memory leak in omap_hwmod_allocate_module Fix memory leak in omap_hwmod_allocate_module not freeing in handling error path. Fixes: 8c87970543b17("ARM: OMAP2+: Add functions to allocate module data from device tree") Signed-off-by: Chen Tao Reviewed-by: Paul Walmsley [tony@atomide.com: fix call iounmap for missing regs] Signed-off-by: Tony Lindgren commit fa291331cb24bd9665096d660b917998285aae17 Author: derek.fang Date: Tue Jul 14 18:13:20 2020 +0800 ASoC: rt5682: Enable Vref2 under using PLL2 Enable Vref2 under long term using PLL2 to avoid clock unstable. Signed-off-by: derek.fang Link: https://lore.kernel.org/r/1594721600-29994-1-git-send-email-derek.fang@realtek.com Signed-off-by: Mark Brown commit 3ce315a704b4568616d1b14166cff3430ef07d12 Author: Bartosz Szczepanek Date: Wed Jul 8 15:46:13 2020 +0200 thermal/int340x_thermal: Prevent page fault on .set_mode() op Starting from commit "thermal/int340x_thermal: Don't require IDSP to exist", priv->current_uuid_index is initialized to -1. This value may be passed to int3400_thermal_run_osc() from int3400_thermal_set_mode, contributing to page fault when accessing int3400_thermal_uuids array at index -1. This commit adds a check on uuid value to int3400_thermal_run_osc. Fixes: 8d485da0ddee ("thermal/int340x_thermal: Don't require IDSP to exist") Signed-off-by: Bartosz Szczepanek Reviewed-by: Pandruvada, Srinivas [ rzhang: Add Fixes tag ] Signed-off-by: Zhang Rui Link: https://lore.kernel.org/r/20200708134613.131555-1-bsz@semihalf.com commit d9765e41d8e9ea2251bf73735a2895c8bad546fc Author: Nicolas Saenz Julienne Date: Wed Jul 8 18:49:39 2020 +0200 dma-pool: do not allocate pool memory from CMA There is no guarantee to CMA's placement, so allocating a zone specific atomic pool from CMA might return memory from a completely different memory zone. So stop using it. Fixes: c84dc6e68a1d ("dma-pool: add additional coherent pools to map to gfp mask") Reported-by: Jeremy Linton Signed-off-by: Nicolas Saenz Julienne Tested-by: Jeremy Linton Acked-by: David Rientjes Signed-off-by: Christoph Hellwig commit 81e9d894e03f9a279102c7aac62ea7cbf9949f4b Author: Nicolas Saenz Julienne Date: Tue Jul 14 14:39:28 2020 +0200 dma-pool: make sure atomic pool suits device When allocating DMA memory from a pool, the core can only guess which atomic pool will fit a device's constraints. If it doesn't, get a safer atomic pool and try again. Fixes: c84dc6e68a1d ("dma-pool: add additional coherent pools to map to gfp mask") Reported-by: Jeremy Linton Suggested-by: Robin Murphy Signed-off-by: Nicolas Saenz Julienne Signed-off-by: Christoph Hellwig commit 48b6703858dd5526c82d8ff2dbac59acab3a9dda Author: Nicolas Saenz Julienne Date: Tue Jul 14 14:39:27 2020 +0200 dma-pool: introduce dma_guess_pool() dma-pool's dev_to_pool() creates the false impression that there is a way to grantee a mapping between a device's DMA constraints and an atomic pool. It tuns out it's just a guess, and the device might need to use an atomic pool containing memory from a 'safer' (or lower) memory zone. To help mitigate this, introduce dma_guess_pool() which can be fed a device's DMA constraints and atomic pools already known to be faulty, in order for it to provide an better guess on which pool to use. Signed-off-by: Nicolas Saenz Julienne Signed-off-by: Christoph Hellwig commit 23e469be6239d9cf3d921fc3e38545491df56534 Author: Nicolas Saenz Julienne Date: Tue Jul 14 14:39:26 2020 +0200 dma-pool: get rid of dma_in_atomic_pool() The function is only used once and can be simplified to a one-liner. Signed-off-by: Nicolas Saenz Julienne Signed-off-by: Christoph Hellwig commit 567f6a6eba0c09e5f502e0290e57651befa8aacb Author: Nicolas Saenz Julienne Date: Tue Jul 14 14:39:25 2020 +0200 dma-direct: provide function to check physical memory area validity dma_coherent_ok() checks if a physical memory area fits a device's DMA constraints. Signed-off-by: Nicolas Saenz Julienne Signed-off-by: Christoph Hellwig commit 7779b047a57f6824a43d0e1f70de2741b7426b9d Author: Vasily Averin Date: Thu Jun 25 12:39:51 2020 +0300 fuse: don't ignore errors from fuse_writepages_fill() fuse_writepages() ignores some errors taken from fuse_writepages_fill() I believe it is a bug: if .writepages is called with WB_SYNC_ALL it should either guarantee that all data was successfully saved or return error. Fixes: 26d614df1da9 ("fuse: Implement writepages callback") Signed-off-by: Vasily Averin Signed-off-by: Miklos Szeredi commit 6ddf3af93e32b996cfc30477ea1509960d4ba669 Author: Miklos Szeredi Date: Tue Jul 14 14:45:41 2020 +0200 fuse: clean up condition for writepage sending fuse_writepages_fill uses following construction: if (wpa && ap->num_pages && (A || B || C)) { action; } else if (wpa && D) { if (E) { the same action; } } - ap->num_pages check is always true and can be removed - "if" and "else if" calls the same action and can be merged. Move checking A, B, C, D, E conditions to a helper, add comments. Original-patch-by: Vasily Averin Signed-off-by: Miklos Szeredi commit b330966f79fb4fdc49183f58db113303695a750f Author: Miklos Szeredi Date: Tue Jul 14 14:45:41 2020 +0200 fuse: reject options on reconfigure via fsconfig(2) Previous patch changed handling of remount/reconfigure to ignore all options, including those that are unknown to the fuse kernel fs. This was done for backward compatibility, but this likely only affects the old mount(2) API. The new fsconfig(2) based reconfiguration could possibly be improved. This would make the new API less of a drop in replacement for the old, OTOH this is a good chance to get rid of some weirdnesses in the old API. Several other behaviors might make sense: 1) unknown options are rejected, known options are ignored 2) unknown options are rejected, known options are rejected if the value is changed, allowed otherwise 3) all options are rejected Prior to the backward compatibility fix to ignore all options all known options were accepted (1), even if they change the value of a mount parameter; fuse_reconfigure() does not look at the config values set by fuse_parse_param(). To fix that we'd need to verify that the value provided is the same as set in the initial configuration (2). The major drawback is that this is much more complex than just rejecting all attempts at changing options (3); i.e. all options signify initial configuration values and don't make sense on reconfigure. This patch opts for (3) with the rationale that no mount options are reconfigurable in fuse. Signed-off-by: Miklos Szeredi commit e8b20a474cf2c42698d1942f939ff2128819f151 Author: Miklos Szeredi Date: Tue Jul 14 14:45:41 2020 +0200 fuse: ignore 'data' argument of mount(..., MS_REMOUNT) The command mount -o remount -o unknownoption /mnt/fuse succeeds on kernel versions prior to v5.4 and fails on kernel version at or after. This is because fuse_parse_param() rejects any unrecognised options in case of FS_CONTEXT_FOR_RECONFIGURE, just as for FS_CONTEXT_FOR_MOUNT. This causes a regression in case the fuse filesystem is in fstab, since remount sends all options found there to the kernel; even ones that are meant for the initial mount and are consumed by the userspace fuse server. Fix this by ignoring mount options, just as fuse_remount_fs() did prior to the conversion to the new API. Reported-by: Stefan Priebe Fixes: c30da2e981a7 ("fuse: convert to use the new mount API") Cc: # v5.4 Signed-off-by: Miklos Szeredi commit 0189a2d367f49729622fdafaef5da73161591859 Author: Miklos Szeredi Date: Tue Jul 14 14:45:41 2020 +0200 fuse: use ->reconfigure() instead of ->remount_fs() s_op->remount_fs() is only called from legacy_reconfigure(), which is not used after being converted to the new API. Convert to using ->reconfigure(). This restores the previous behavior of syncing the filesystem and rejecting MS_MANDLOCK on remount. Fixes: c30da2e981a7 ("fuse: convert to use the new mount API") Cc: # v5.4 Signed-off-by: Miklos Szeredi commit c146024ec44c2946de7c6c45ddd3402abcab17f9 Author: Miklos Szeredi Date: Tue Jul 14 14:45:41 2020 +0200 fuse: fix warning in tree_insert() and clean up writepage insertion fuse_writepages_fill() calls tree_insert() with ap->num_pages = 0 which triggers the following warning: WARNING: CPU: 1 PID: 17211 at fs/fuse/file.c:1728 tree_insert+0xab/0xc0 [fuse] RIP: 0010:tree_insert+0xab/0xc0 [fuse] Call Trace: fuse_writepages_fill+0x5da/0x6a0 [fuse] write_cache_pages+0x171/0x470 fuse_writepages+0x8a/0x100 [fuse] do_writepages+0x43/0xe0 Fix up the warning and clean up the code around rb-tree insertion: - Rename tree_insert() to fuse_insert_writeback() and make it return the conflicting entry in case of failure - Re-add tree_insert() as a wrapper around fuse_insert_writeback() - Rename fuse_writepage_in_flight() to fuse_writepage_add() and reverse the meaning of the return value to mean + "true" in case the writepage entry was successfully added + "false" in case it was in-fligt queued on an existing writepage entry's auxiliary list or the existing writepage entry's temporary page updated Switch from fuse_find_writeback() + tree_insert() to fuse_insert_writeback() - Move setting orig_pages to before inserting/updating the entry; this may result in the orig_pages value being discarded later in case of an in-flight request - In case of a new writepage entry use fuse_writepage_add() unconditionally, only set data->wpa if the entry was added. Fixes: 6b2fb79963fb ("fuse: optimize writepages search") Reported-by: kernel test robot Original-path-by: Vasily Averin Signed-off-by: Miklos Szeredi commit 69a6487ac0ea1bbc8d8b654cb5a4541f2d922f91 Author: Miklos Szeredi Date: Tue Jul 14 14:45:41 2020 +0200 fuse: move rb_erase() before tree_insert() In fuse_writepage_end() the old writepages entry needs to be removed from the rbtree before inserting the new one, otherwise tree_insert() would fail. This is a very rare codepath and no reproducer exists. Signed-off-by: Miklos Szeredi commit b710d27bf72068b15b2f0305d825988183e2ff28 Author: Satheesh Rajendran Date: Fri Jun 19 12:31:13 2020 +0530 powerpc/pseries/svm: Fix incorrect check for shared_lppaca_size Early secure guest boot hits the below crash while booting with vcpus numbers aligned with page boundary for PAGE size of 64k and LPPACA size of 1k i.e 64, 128 etc. Partition configured for 64 cpus. CPU maps initialized for 1 thread per core ------------[ cut here ]------------ kernel BUG at arch/powerpc/kernel/paca.c:89! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries This is due to the BUG_ON() for shared_lppaca_total_size equal to shared_lppaca_size. Instead the code should only BUG_ON() if we have exceeded the total_size, which indicates we've overflowed the array. Fixes: bd104e6db6f0 ("powerpc/pseries/svm: Use shared memory for LPPACA structures") Cc: stable@vger.kernel.org # v5.4+ Signed-off-by: Satheesh Rajendran Reviewed-by: Laurent Dufour Reviewed-by: Thiago Jung Bauermann [mpe: Reword change log to clarify we're fixing not removing the check] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200619070113.16696-1-sathnaga@linux.vnet.ibm.com commit 8614afd689df59d9ce019439389be20bd788a897 Author: Matthew Gerlach Date: Mon Jul 13 14:10:03 2020 +0800 fpga: dfl: fix bug in port reset handshake When putting the port in reset, driver must wait for the soft reset acknowledgment bit instead of the soft reset bit. Fixes: 47c1b19c160f (fpga: dfl: afu: add port ops support) Signed-off-by: Matthew Gerlach Signed-off-by: Xu Yilun Acked-by: Wu Hao Reviewed-by: Tom Rix Signed-off-by: Moritz Fischer commit e19485dc7a0d210b428a249c0595769bd495fb71 Author: Xu Yilun Date: Mon Jul 13 14:10:02 2020 +0800 fpga: dfl: pci: reduce the scope of variable 'ret' This is to fix lkp cppcheck warnings: drivers/fpga/dfl-pci.c:230:6: warning: The scope of the variable 'ret' can be reduced. [variableScope] int ret = 0; ^ drivers/fpga/dfl-pci.c:230:10: warning: Variable 'ret' is assigned a value that is never used. [unreadVariable] int ret = 0; ^ Fixes: 3c2760b78f90 ("fpga: dfl: pci: fix return value of cci_pci_sriov_configure") Reported-by: kbuild test robot Signed-off-by: Xu Yilun Acked-by: Wu Hao Reviewed-by: Tom Rix Signed-off-by: Moritz Fischer commit 1f054fd26e29784d373c3d29c348ee48f1c41fb2 Author: Roland Scheidegger Date: Thu Jul 9 18:54:14 2020 +0200 drm/vmwgfx: fix update of display surface when resolution changes The assignment of metadata overwrote the new display resolution values, hence we'd miss the size actually changed and wouldn't redefine the surface. This would then lead to command buffer error when trying to update the screen target (due to the size mismatch), and result in a VM with black screen. Fixes: 504901dbb0b5 ("drm/vmwgfx: Refactor surface_define to use vmw_surface_metadata") Reviewed-by: Charmaine Lee Signed-off-by: Roland Scheidegger Cc: stable@vger.kernel.org commit e9919e11e219eaa5e8041b7b1a196839143e9125 Merge: 0dc589da873b a50ca29523b1 Author: Linus Torvalds Date: Mon Jul 13 18:31:15 2020 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input fixes from Dmitry Torokhov: "A few quirks for the Elan touchpad driver, another Thinkpad is being switched over from PS/2 to native RMI4 interface, and we gave a brand new SW_MACHINE_COVER switch definition" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: elan_i2c - add more hardware ID for Lenovo laptops Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list Revert "Input: elants_i2c - report resolution information for touch major" Input: elan_i2c - only increment wakeup count on touch Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen ARM: dts: n900: remove mmc1 card detect gpio Input: add `SW_MACHINE_COVER` commit d113c0f2e0d2e04e088a9f27ca29c64c3f44c49d Merge: 46ef5b89ec0e dc7bd30b97aa Author: David S. Miller Date: Mon Jul 13 17:43:31 2020 -0700 Merge tag 'wireless-drivers-2020-07-13' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for v5.8 First set of fixes for v5.8. Various important fixes for iwlwifi and mt76. iwlwifi * fix sleeping under RCU * fix a kernel crash when using compressed firmware images mt76 * tx queueing fixes for mt7615/22/63 * locking fix * fix a crash during watchdog reset * fix memory leaks ==================== Signed-off-by: David S. Miller commit 46ef5b89ec0ecf290d74c4aee844f063933c4da4 Author: Wei Yongjun Date: Mon Jul 13 23:59:50 2020 +0800 ip6_gre: fix null-ptr-deref in ip6gre_init_net() KASAN report null-ptr-deref error when register_netdev() failed: KASAN: null-ptr-deref in range [0x00000000000003c0-0x00000000000003c7] CPU: 2 PID: 422 Comm: ip Not tainted 5.8.0-rc4+ #12 Call Trace: ip6gre_init_net+0x4ab/0x580 ? ip6gre_tunnel_uninit+0x3f0/0x3f0 ops_init+0xa8/0x3c0 setup_net+0x2de/0x7e0 ? rcu_read_lock_bh_held+0xb0/0xb0 ? ops_init+0x3c0/0x3c0 ? kasan_unpoison_shadow+0x33/0x40 ? __kasan_kmalloc.constprop.0+0xc2/0xd0 copy_net_ns+0x27d/0x530 create_new_namespaces+0x382/0xa30 unshare_nsproxy_namespaces+0xa1/0x1d0 ksys_unshare+0x39c/0x780 ? walk_process_tree+0x2a0/0x2a0 ? trace_hardirqs_on+0x4a/0x1b0 ? _raw_spin_unlock_irq+0x1f/0x30 ? syscall_trace_enter+0x1a7/0x330 ? do_syscall_64+0x1c/0xa0 __x64_sys_unshare+0x2d/0x40 do_syscall_64+0x56/0xa0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ip6gre_tunnel_uninit() has set 'ign->fb_tunnel_dev' to NULL, later access to ign->fb_tunnel_dev cause null-ptr-deref. Fix it by saving 'ign->fb_tunnel_dev' to local variable ndev. Fixes: dafabb6590cb ("ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()") Reported-by: Hulk Robot Signed-off-by: Wei Yongjun Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit e0484010ec05191a8edf980413fc92f28050c1cc Author: Geert Uytterhoeven Date: Mon Jul 13 13:05:13 2020 +0200 usb: hso: Fix debug compile warning on sparc32 On sparc32, tcflag_t is "unsigned long", unlike on all other architectures, where it is "unsigned int": drivers/net/usb/hso.c: In function ‘hso_serial_set_termios’: include/linux/kern_levels.h:5:18: warning: format ‘%d’ expects argument of type ‘unsigned int’, but argument 4 has type ‘tcflag_t {aka long unsigned int}’ [-Wformat=] drivers/net/usb/hso.c:1393:3: note: in expansion of macro ‘hso_dbg’ hso_dbg(0x16, "Termios called with: cflags new[%d] - old[%d]\n", ^~~~~~~ include/linux/kern_levels.h:5:18: warning: format ‘%d’ expects argument of type ‘unsigned int’, but argument 5 has type ‘tcflag_t {aka long unsigned int}’ [-Wformat=] drivers/net/usb/hso.c:1393:3: note: in expansion of macro ‘hso_dbg’ hso_dbg(0x16, "Termios called with: cflags new[%d] - old[%d]\n", ^~~~~~~ As "unsigned long" is 32-bit on sparc32, fix this by casting all tcflag_t parameters to "unsigned int". While at it, use "%u" to format unsigned numbers. Signed-off-by: Geert Uytterhoeven Signed-off-by: David S. Miller commit 0dc589da873b58b70f4caf4b070fb0cf70fdd1dc Merge: f81fdd0c4ab7 a082121b55ba Author: Linus Torvalds Date: Mon Jul 13 12:34:05 2020 -0700 Merge tag 'iommu-fixes-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull iommu fixes from Joerg Roedel: - Fix a use-after-free of the device iommu-group. Found in the arm-smmu driver, but the fix is in generic code. - Fix for the new Allwinner IOMMU driver to use the atomic readl_timeout() variant in IO/TLB flushing code. - A couple of cleanups to fix various compile warnings. * tag 'iommu-fixes-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/arm-smmu: Mark qcom_smmu_client_of_match as possibly unused iommu: Fix use-after-free in iommu_release_device iommu/amd: Make amd_iommu_apply_ivrs_quirks() static inline iommu: SUN50I_IOMMU should depend on HAS_DMA iommu/sun50i: Remove unused variable iommu/sun50i: Change the readl timeout to the atomic variant commit f81fdd0c4ab7ac2c57302283309bf776557d35ff Author: Linus Torvalds Date: Mon Jul 13 11:37:39 2020 -0700 mm: document warning in move_normal_pmd() and make it warn only once Naresh Kamboju reported that the LTP tests can cause warnings on i386 going back all the way to v5.0, and bisected it to commit 2c91bd4a4e2e ("mm: speed up mremap by 20x on large regions"). The warning in move_normal_pmd() is actually mostly correct, but we have a very unusual special case at process creation time, when we may move the stack down with an overlapping mode (kind of like a "memmove()" except using the page tables). And when you have just the right condition of "move a large initial stack by the right alignment in the end, but with the early part of the move being only page-aligned", we'll be in a situation where we're trying to move a normal PMD entry on top of an already existing - but now empty - PMD entry. The warning is still worth having, in case it ever triggers other cases, and perhaps as a reminder that we could do the stack move case more efficiently (although it's clearly rare enough that it probably doesn't matter). But make it do WARN_ON_ONCE(), so that you can't flood the logs with it. And add a *big* comment above it to explain and remind us what's going on, because it took some figuring out to see how this could trigger. Kudos to Joel Fernandes for debugging this. Reported-by: Naresh Kamboju Debugged-and-acked-by: Joel Fernandes Cc: Arnd Bergmann Cc: Kirill A. Shutemov Signed-off-by: Linus Torvalds commit 39a188b88332545073b8e07633f5e3298e066b61 Author: Rafael J. Wysocki Date: Mon Jul 13 15:58:38 2020 +0200 cpufreq: intel_pstate: Fix active mode setting from command line If intel_pstate starts in the passive mode by default (that happens when the processor in the system doesn't support HWP), passing intel_pstate=active in the kernel command line doesn't work, so fix that. Fixes: 33aa46f252c7 ("cpufreq: intel_pstate: Use passive mode by default without HWP") Reported-by: Doug Smythies Signed-off-by: Rafael J. Wysocki Acked-by: Doug Smythies commit 913fadc5b105c3619d9e8d0fe8899ff1593cc737 Author: Anna Schumaker Date: Wed Jul 8 10:33:40 2020 -0400 NFS: Fix interrupted slots by sending a solo SEQUENCE operation We used to do this before 3453d5708b33, but this was changed to better handle the NFS4ERR_SEQ_MISORDERED error code. This commit fixed the slot re-use case when the server doesn't receive the interrupted operation, but if the server does receive the operation then it could still end up replying to the client with mis-matched operations from the reply cache. We can fix this by sending a SEQUENCE to the server while recovering from a SEQ_MISORDERED error when we detect that we are in an interrupted slot situation. Fixes: 3453d5708b33 (NFSv4.1: Avoid false retries when RPC calls are interrupted) Signed-off-by: Anna Schumaker commit af667527b0e34912d2cb3586d585f66db4e4f486 Author: Chuck Lever Date: Sat Jun 27 12:35:20 2020 -0400 xprtrdma: Fix handling of connect errors Ensure that the connect worker is awoken if an attempt to establish a connection is unsuccessful. Otherwise the worker waits forever and the transport workload hangs. Connect errors should not attempt to destroy the ep, since the connect worker continues to use it after the handler runs, so these errors are now handled independently of DISCONNECTED events. Reported-by: Dan Aloni Fixes: e28ce90083f0 ("xprtrdma: kmalloc rpcrdma_ep separate from rpcrdma_xprt") Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit dda9a951dd6dd6073bbaf2c8d3119da2f8fe2d5b Author: Chuck Lever Date: Sat Jun 27 12:35:15 2020 -0400 xprtrdma: Fix return code from rpcrdma_xprt_connect() I noticed that when rpcrdma_xprt_connect() returns -ENOMEM, instead of retrying the connect, the RPC client kills the RPC task that requested the connection. We want a retry here. Fixes: cb586decbb88 ("xprtrdma: Make sendctx queue lifetime the same as connection lifetime") Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 4cf44be6f1e86da302085bf3e1dc2c86f3cdaaaa Author: Chuck Lever Date: Sat Jun 27 12:35:09 2020 -0400 xprtrdma: Fix recursion into rpcrdma_xprt_disconnect() Both Dan and I have observed two processes invoking rpcrdma_xprt_disconnect() concurrently. In my case: 1. The connect worker invokes rpcrdma_xprt_disconnect(), which drains the QP and waits for the final completion 2. This causes the newly posted Receive to flush and invoke xprt_force_disconnect() 3. xprt_force_disconnect() sets CLOSE_WAIT and wakes up the RPC task that is holding the transport lock 4. The RPC task invokes xprt_connect(), which calls ->ops->close 5. xprt_rdma_close() invokes rpcrdma_xprt_disconnect(), which tries to destroy the QP. Deadlock. To prevent xprt_force_disconnect() from waking anything, handle the clean up after a failed connection attempt in the xprt's sndtask. The retry loop is removed from rpcrdma_xprt_connect() to ensure that the newly allocated ep and id are properly released before a REJECTED connection attempt can be retried. Reported-by: Dan Aloni Fixes: e28ce90083f0 ("xprtrdma: kmalloc rpcrdma_ep separate from rpcrdma_xprt") Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 85bfd71bc34e20d9fadb745131f6314c36d0f75b Author: Chuck Lever Date: Sat Jun 27 12:35:04 2020 -0400 xprtrdma: Fix double-free in rpcrdma_ep_create() In the error paths, there's no need to call kfree(ep) after calling rpcrdma_ep_put(ep). Fixes: e28ce90083f0 ("xprtrdma: kmalloc rpcrdma_ep separate from rpcrdma_xprt") Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 7c116db24d944ff04a67c8bd89cb32c5cd0894ff Author: Will Deacon Date: Thu Jul 9 21:48:41 2020 +0100 efi/libstub/arm64: Retain 2MB kernel Image alignment if !KASLR Since commit 82046702e288 ("efi/libstub/arm64: Replace 'preferred' offset with alignment check"), loading a relocatable arm64 kernel at a physical address which is not 2MB aligned and subsequently booting with EFI will leave the Image in-place, relying on the kernel to relocate itself early during boot. In conjunction with commit dd4bc6076587 ("arm64: warn on incorrect placement of the kernel by the bootloader"), which enables CONFIG_RELOCATABLE by default, this effectively means that entering an arm64 kernel loaded at an alignment smaller than 2MB with EFI (e.g. using QEMU) will result in silent relocation at runtime. Unfortunately, this has a subtle but confusing affect for developers trying to inspect the PC value during a crash and comparing it to the symbol addresses in vmlinux using tools such as 'nm' or 'addr2line'; all text addresses will be displaced by a sub-2MB offset, resulting in the wrong symbol being identified in many cases. Passing "nokaslr" on the command line or disabling "CONFIG_RANDOMIZE_BASE" does not help, since the EFI stub only copies the kernel Image to a 2MB boundary if it is not relocatable. Adjust the EFI stub for arm64 so that the minimum Image alignment is 2MB unless KASLR is in use. Cc: Mark Rutland Cc: Catalin Marinas Cc: Marc Zyngier Cc: David Brazdil Acked-by: Ard Biesheuvel Signed-off-by: Will Deacon commit ebd4050c6144b38098d8eed34df461e5e3fa82a9 Author: Eddie James Date: Thu Jul 9 14:57:06 2020 -0500 mmc: sdhci-of-aspeed: Fix clock divider calculation When calculating the clock divider, start dividing at 2 instead of 1. The divider is divided by two at the end of the calculation, so starting at 1 may result in a divider of 0, which shouldn't happen. Signed-off-by: Eddie James Reviewed-by: Andrew Jeffery Acked-by: Joel Stanley Acked-by: Adrian Hunter Link: https://lore.kernel.org/r/20200709195706.12741-3-eajames@linux.ibm.com Cc: stable@vger.kernel.org # v5.4+ Signed-off-by: Ulf Hansson commit fecc5cfcd55f7aacc483726c405a951bd6aaaf2e Author: Lad Prabhakar Date: Thu May 14 23:10:38 2020 +0100 arm64: defconfig: Enable CONFIG_PCIE_RCAR_HOST config option PCIE_RCAR internally selects PCIE_RCAR_HOST which builds the same driver. So this patch renames CONFIG_PCIE_RCAR to CONFIG_PCIE_RCAR_HOST so that PCIE_RCAR can be safely dropped from Kconfig file. Signed-off-by: Lad Prabhakar Reviewed-by: Yoshihiro Shimoda Link: https://lore.kernel.org/r/1589494238-2933-1-git-send-email-prabhakar.mahadev-lad.rj@bp.renesas.com Signed-off-by: Geert Uytterhoeven commit 7f6e8dffc30bd22b15ad810fb90ea741c15e6d54 Author: Peng Fan Date: Thu Jul 9 16:25:45 2020 +0800 soc: imx: check ls1021a fsl,ls1021a is a mach under arch/arm/mach-imx/, however it could not use the soc driver which will break caam on ls1021a platform. So directly return if it is compatible with fsl,ls1021a. Fixes: 52102a3ba6a61 ("soc: imx: move cpu code to drivers/soc/imx") Signed-off-by: Peng Fan Tested-by: Horia Geantă Reviewed-by: Fabio Estevam Signed-off-by: Shawn Guo commit f50a121d2f32bccc1d6b94df925a1ce44ea7eff7 Author: Jian-Hong Pan Date: Mon Jul 13 14:04:22 2020 +0800 ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 The Acer TravelMate B311R-31 laptop's audio (1025:1430) with ALC256 cannot detect the headset microphone until ALC256_FIXUP_ACER_MIC_NO_PRESENCE quirk maps the NID 0x19 as the headset mic pin. Signed-off-by: Jian-Hong Pan Cc: Link: https://lore.kernel.org/r/20200713060421.62435-1-jian-hong@endlessm.com Signed-off-by: Takashi Iwai commit 192b6a780598976feb7321ff007754f8511a4129 Author: Aneesh Kumar K.V Date: Sun Jul 12 18:50:47 2020 +0530 powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey Even if the IAMR value denies execute access, the current code returns true from pkey_access_permitted() for an execute permission check, if the AMR read pkey bit is cleared. This results in repeated page fault loop with a test like below: #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #ifdef SYS_pkey_mprotect #undef SYS_pkey_mprotect #endif #ifdef SYS_pkey_alloc #undef SYS_pkey_alloc #endif #ifdef SYS_pkey_free #undef SYS_pkey_free #endif #undef PKEY_DISABLE_EXECUTE #define PKEY_DISABLE_EXECUTE 0x4 #define SYS_pkey_mprotect 386 #define SYS_pkey_alloc 384 #define SYS_pkey_free 385 #define PPC_INST_NOP 0x60000000 #define PPC_INST_BLR 0x4e800020 #define PROT_RWX (PROT_READ | PROT_WRITE | PROT_EXEC) static int sys_pkey_mprotect(void *addr, size_t len, int prot, int pkey) { return syscall(SYS_pkey_mprotect, addr, len, prot, pkey); } static int sys_pkey_alloc(unsigned long flags, unsigned long access_rights) { return syscall(SYS_pkey_alloc, flags, access_rights); } static int sys_pkey_free(int pkey) { return syscall(SYS_pkey_free, pkey); } static void do_execute(void *region) { /* jump to region */ asm volatile( "mtctr %0;" "bctrl" : : "r"(region) : "ctr", "lr"); } static void do_protect(void *region) { size_t pgsize; int i, pkey; pgsize = getpagesize(); pkey = sys_pkey_alloc(0, PKEY_DISABLE_EXECUTE); assert (pkey > 0); /* perform mprotect */ assert(!sys_pkey_mprotect(region, pgsize, PROT_RWX, pkey)); do_execute(region); /* free pkey */ assert(!sys_pkey_free(pkey)); } int main(int argc, char **argv) { size_t pgsize, numinsns; unsigned int *region; int i; /* allocate memory region to protect */ pgsize = getpagesize(); region = memalign(pgsize, pgsize); assert(region != NULL); assert(!mprotect(region, pgsize, PROT_RWX)); /* fill page with NOPs with a BLR at the end */ numinsns = pgsize / sizeof(region[0]); for (i = 0; i < numinsns - 1; i++) region[i] = PPC_INST_NOP; region[i] = PPC_INST_BLR; do_protect(region); return EXIT_SUCCESS; } The fix is to only check the IAMR for an execute check, the AMR value is not relevant. Fixes: f2407ef3ba22 ("powerpc: helper to validate key-access permissions of a pte") Cc: stable@vger.kernel.org # v4.16+ Reported-by: Sandipan Das Signed-off-by: Aneesh Kumar K.V [mpe: Add detail to change log, tweak wording & formatting] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200712132047.1038594-1-aneesh.kumar@linux.ibm.com commit f8951dce10c092075e39ef12c29022548e4c63db Author: Bjorn Helgaas Date: Wed Jul 1 17:10:39 2020 -0500 ARM: imx: Remove imx_add_imx_dma() unused irq_err argument No callers of imx_add_imx_dma() need an error IRQ, so they supply 0 as "irq_err", which means we register a resource of IRQ 0, which is invalid and causes a warning if used. Remove the "irq_err" argument altogether so there's no chance of trying to use the invalid IRQ 0. Fixes: a85a6c86c25be ("driver core: platform: Clarify that IRQ 0 is invalid") Signed-off-by: Bjorn Helgaas Cc: Russell King Cc: Shawn Guo Cc: Sascha Hauer Cc: kernel@pengutronix.de Cc: Fabio Estevam Cc: linux-imx@nxp.com Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Shawn Guo commit 2a83544007aba792167615c393e6154824f3a175 Author: Guenter Roeck Date: Tue Jun 30 20:26:51 2020 -0700 ARM: imx: Provide correct number of resources when registering gpio devices Since commit a85a6c86c25be ("driver core: platform: Clarify that IRQ 0 is invalid"), the kernel is a bit touchy when it encounters interrupt 0. As a result, there are lots of warnings such as the following when booting systems such as 'kzm'. WARNING: CPU: 0 PID: 1 at drivers/base/platform.c:224 platform_get_irq_optional+0x118/0x128 0 is an invalid IRQ number Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.8.0-rc3 #1 Hardware name: Kyoto Microcomputer Co., Ltd. KZM-ARM11-01 [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (dump_stack+0xe8/0x120) [] (dump_stack) from [] (__warn+0xe4/0x108) [] (__warn) from [] (warn_slowpath_fmt+0x74/0xbc) [] (warn_slowpath_fmt) from [] (platform_get_irq_optional+0x118/0x128) [] (platform_get_irq_optional) from [] (platform_irq_count+0x20/0x3c) [] (platform_irq_count) from [] (mxc_gpio_probe+0x8c/0x494) [] (mxc_gpio_probe) from [] (platform_drv_probe+0x48/0x98) [] (platform_drv_probe) from [] (really_probe+0x214/0x344) [] (really_probe) from [] (driver_probe_device+0x58/0xb4) [] (driver_probe_device) from [] (device_driver_attach+0x58/0x60) [] (device_driver_attach) from [] (__driver_attach+0x84/0xc0) [] (__driver_attach) from [] (bus_for_each_dev+0x78/0xb8) [] (bus_for_each_dev) from [] (bus_add_driver+0x154/0x1e0) [] (bus_add_driver) from [] (driver_register+0x74/0x108) [] (driver_register) from [] (do_one_initcall+0x80/0x3b4) [] (do_one_initcall) from [] (kernel_init_freeable+0x170/0x208) [] (kernel_init_freeable) from [] (kernel_init+0x8/0x11c) [] (kernel_init) from [] (ret_from_fork+0x14/0x20) As it turns out, mxc_register_gpio() is a bit lax when setting the number of resources: it registers a resource with interrupt 0 when in reality there is no such interrupt. Fix the problem by not declaring the second interrupt resource if there is no second interrupt. Fixes: a85a6c86c25be ("driver core: platform: Clarify that IRQ 0 is invalid") Cc: Bjorn Helgaas Signed-off-by: Guenter Roeck Signed-off-by: Shawn Guo commit 11ba468877bb23f28956a35e896356252d63c983 Author: Linus Torvalds Date: Sun Jul 12 16:34:50 2020 -0700 Linux 5.8-rc5 commit d99c6fa49e06d3b05a970e4f4895469f2c7c3d38 Merge: 1df0d8960499 27640ce68d21 Author: David S. Miller Date: Sun Jul 12 15:29:01 2020 -0700 Merge branch 'bnxt_en-fixes' Michael Chan says: ==================== bnxt_en: 3 bug fixes. 2 Fixes related to PHY/link settings. The last one fixes the sizing of the completion ring. Please also queue for -stable. Thanks. ==================== Signed-off-by: David S. Miller commit 27640ce68d21e556b66bc5fa022aacd26e53c947 Author: Michael Chan Date: Sat Jul 11 20:48:25 2020 -0400 bnxt_en: Fix completion ring sizing with TPA enabled. The current completion ring sizing formula is wrong with TPA enabled. The formula assumes that the number of TPA completions are bound by the RX ring size, but that's not true. TPA_START completions are immediately recycled so they are not bound by the RX ring size. We must add bp->max_tpa to the worst case maximum RX and TPA completions. The completion ring can overflow because of this mistake. This will cause hardware to disable the completion ring when this happens, leading to RX and TX traffic to stall on that ring. This issue is generally exposed only when the RX ring size is set very small. Fix the formula by adding bp->max_tpa to the number of RX completions if TPA is enabled. Fixes: c0c050c58d84 ("bnxt_en: New Broadcom ethernet driver."); Reviewed-by: Vasundhara Volam Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit ca0c753815fe4786b79a80abf0412eb5d52090b8 Author: Vasundhara Volam Date: Sat Jul 11 20:48:24 2020 -0400 bnxt_en: Init ethtool link settings after reading updated PHY configuration. In a shared port PHY configuration, async event is received when any of the port modifies the configuration. Ethtool link settings should be initialised after updated PHY configuration from firmware. Fixes: b1613e78e98d ("bnxt_en: Add async. event logic for PHY configuration changes.") Signed-off-by: Vasundhara Volam Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 163e9ef63641a02de4c95cd921577265c52e1ce2 Author: Vasundhara Volam Date: Sat Jul 11 20:48:23 2020 -0400 bnxt_en: Fix race when modifying pause settings. The driver was modified to not rely on rtnl lock to protect link settings about 2 years ago. The pause setting was missed when making that change. Fix it by acquiring link_lock mutex before calling bnxt_hwrm_set_pause(). Fixes: e2dc9b6e38fa ("bnxt_en: Don't use rtnl lock to protect link change logic in workqueue.") Signed-off-by: Vasundhara Volam Reviewed-by: Edwin Peer Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 5c38b7d3c48bbbec043913354b5974f998373efa Merge: 4437dd6e8f71 ee769ebbe9e5 Author: Linus Torvalds Date: Sun Jul 12 13:29:07 2020 -0700 Merge tag 'xtensa-20200712' of git://github.com/jcmvbkbc/linux-xtensa Pull Xtensa fixes from Max Filippov: - fix __sync_fetch_and_{and,or}_4 declarations to avoid build warning - update *pos in cpuinfo_op.next to avoid runtime warning - use for_each_set_bit in xtensa_pmu_irq_handler instead of open-coding it * tag 'xtensa-20200712' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: simplify xtensa_pmu_irq_handler xtensa: update *pos in cpuinfo_op.next xtensa: fix __sync_fetch_and_{and,or}_4 declarations commit 4437dd6e8f71e8b4b5546924a6e48e7edaf4a8dc Merge: 72c34e8d7099 16d598030a37 Author: Linus Torvalds Date: Sun Jul 12 12:17:58 2020 -0700 Merge tag 'io_uring-5.8-2020-07-12' of git://git.kernel.dk/linux-block Pull io_uring fixes from Jens Axboe: "Two late fixes again: - Fix missing msg_name assignment in certain cases (Pavel) - Correct a previous fix for full coverage (Pavel)" * tag 'io_uring-5.8-2020-07-12' of git://git.kernel.dk/linux-block: io_uring: fix not initialised work->flags io_uring: fix missing msg_name assignment commit 72c34e8d7099c329c2934c2ac9c886f638b6edaf Merge: 9901a6bd1577 d77765911385 Author: Linus Torvalds Date: Sun Jul 12 10:58:35 2020 -0700 Merge tag 'for-5.8-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs fixes from David Sterba: "Two refcounting fixes and one prepartory patch for upcoming splice cleanup: - fix double put of block group with nodatacow - fix missing block group put when remounting with discard=async - explicitly set splice callback (no functional change), to ease integrating splice cleanup patches" * tag 'for-5.8-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: wire up iter_file_splice_write btrfs: fix double put of block group with nocow btrfs: discard: add missing put when grabbing block group from unused list commit 16d598030a37853a7a6b4384cad19c9c0af2f021 Author: Pavel Begunkov Date: Sun Jul 12 16:16:47 2020 +0300 io_uring: fix not initialised work->flags 59960b9deb535 ("io_uring: fix lazy work init") tried to fix missing io_req_init_async(), but left out work.flags and hash. Do it earlier. Fixes: 7cdaf587de7c ("io_uring: avoid whole io_wq_work copy for requests completed inline") Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit dd821e0c95a64b5923a0c57f07d3f7563553e756 Author: Pavel Begunkov Date: Sun Jul 12 13:23:08 2020 +0300 io_uring: fix missing msg_name assignment Ensure to set msg.msg_name for the async portion of send/recvmsg, as the header copy will copy to/from it. Cc: stable@vger.kernel.org # v5.5+ Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 9901a6bd157719f9f93186868c527c5ba5edf8e5 Merge: 9599e9e7e3ee 70ee5731a40b Author: Linus Torvalds Date: Sat Jul 11 19:22:46 2020 -0700 Merge tag 'riscv-for-linus-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux Pull RISC-V fixes from Palmer Dabbelt: "I have a few KGDB-related fixes. They're mostly fixes for build warnings, but there's also: - Support for the qSupported and qXfer packets, which are necessary to pass around GDB XML information which we need for the RISC-V GDB port to fully function. - Users can now select STRICT_KERNEL_RWX instead of forcing it on" * tag 'riscv-for-linus-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: riscv: Avoid kgdb.h including gdb_xml.h to solve unused-const-variable warning kgdb: Move the extern declaration kgdb_has_hit_break() to generic kgdb.h riscv: Fix "no previous prototype" compile warning in kgdb.c file riscv: enable the Kconfig prompt of STRICT_KERNEL_RWX kgdb: enable arch to support XML packet. commit 9599e9e7e3ee3a5afcdf00b05d4e86d256a98ae3 Merge: 0aea6d5c5be3 e094fd346021 Author: Linus Torvalds Date: Sat Jul 11 18:15:17 2020 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Five small fixes, four in driver and one in the SCSI Parallel transport, which fixes an incredibly old bug so I suspect no-one has actually used the functionality it fixes" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: dh: Add Fujitsu device to devinfo and dh lists scsi: mpt3sas: Fix error returns in BRM_status_show scsi: mpt3sas: Fix unlock imbalance scsi: iscsi: Change iSCSI workqueue max_active back to 1 scsi: scsi_transport_spi: Fix function pointer check commit 0aea6d5c5be33ce94c16f9ab2f64de1f481f424b Merge: 997c4431f04d ba8c42348897 Author: Linus Torvalds Date: Sat Jul 11 11:16:46 2020 -0700 Merge tag 'for-linus-5.8b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fix from Juergen Gross: "Just one fix of a recent patch (double free in an error path)" * tag 'for-linus-5.8b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/xenbus: Fix a double free in xenbus_map_ring_pv() commit 997c4431f04d8f0d6063bac3bcdceba8d939b879 Merge: 1df0d8960499 4557ac6b344b Author: Linus Torvalds Date: Sat Jul 11 10:24:38 2020 -0700 Merge tag 'powerpc-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fix from Michael Ellerman: "One fix for a crash/soft lockup on Power8, caused by the exception rework we did in v5.7. Thanks to Paul Menzel and Nicholas Piggin" * tag 'powerpc-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/64s/exception: Fix 0x1500 interrupt handler crash commit 1e7468bd9d30a21e059af477106dc5588ae52dff Author: David Gow Date: Mon Jun 29 21:32:14 2020 -0700 clk: Specify IOMEM dependency for HSDK pll driver The HSDK pll driver uses the devm_ioremap_resource function, but does not specify a dependency on IOMEM in Kconfig. This causes a build failure on architectures without IOMEM, for example, UML (notably with make allyesconfig). Fix this by making CONFIG_CLK_HSDK depend on CONFIG_IOMEM. Signed-off-by: David Gow Link: https://lore.kernel.org/r/20200630043214.1080961-1-davidgow@google.com Signed-off-by: Stephen Boyd commit c2407ab3bd55064d459bc822efd1c134e852798c Author: Eddie James Date: Thu Jul 9 14:57:05 2020 -0500 clk: AST2600: Add mux for EMMC clock The EMMC clock can be derived from either the HPLL or the MPLL. Register a clock mux so that the rate is calculated correctly based upon the parent. Signed-off-by: Eddie James Reviewed-by: Andrew Jeffery Link: https://lore.kernel.org/r/20200709195706.12741-2-eajames@linux.ibm.com Acked-by: Joel Stanley Fixes: d3d04f6c330a ("clk: Add support for AST2600 SoC") Signed-off-by: Stephen Boyd commit 8e3709d7e3a67e2d3f42bd1fc2052353a5678944 Author: Nathan Chancellor Date: Wed Jul 1 13:11:29 2020 -0700 clk: mvebu: ARMADA_AP_CPU_CLK needs to select ARMADA_AP_CP_HELPER When building arm32 allmodconfig: ld.lld: error: undefined symbol: ap_cp_unique_name >>> referenced by ap-cpu-clk.c >>> clk/mvebu/ap-cpu-clk.o:(ap_cpu_clock_probe) in archive drivers/built-in.a ap_cp_unique_name is only compiled into the kernel image when CONFIG_ARMADA_AP_CP_HELPER is selected (as it is not user selectable). However, CONFIG_ARMADA_AP_CPU_CLK does not select it. This has been a problem since the driver was added to the kernel but it was not built before commit c318ea261749 ("cpufreq: ap806: fix cpufreq driver needs ap cpu clk") so it was never noticed. Fixes: f756e362d938 ("clk: mvebu: add CPU clock driver for Armada 7K/8K") Signed-off-by: Nathan Chancellor Link: https://lore.kernel.org/r/20200701201128.2448427-1-natechancellor@gmail.com Signed-off-by: Stephen Boyd commit 20b1be59528295e5c2a8812059b8560753dd8e68 Author: Masahiro Yamada Date: Wed Jul 8 01:35:08 2020 +0900 kbuild: fix single target builds for external modules Commit f566e1fbadb6 ("kbuild: make multiple directory targets work") broke single target builds for external modules. Fix this. Fixes: f566e1fbadb6 ("kbuild: make multiple directory targets work") Reported-by: Bjørn Mork Signed-off-by: Masahiro Yamada Tested-by: Bjørn Mork commit 4237c625304b212a3f30adf787901082082511ec Author: Tim Harvey Date: Tue Jun 23 12:06:54 2020 -0700 ARM: dts: imx6qdl-gw551x: fix audio SSI The audio codec on the GW551x routes to ssi1. It fixes audio capture on the device. Cc: stable@vger.kernel.org Fixes: 3117e851cef1 ("ARM: dts: imx: Add TDA19971 HDMI Receiver to GW551x") Signed-off-by: Tim Harvey Signed-off-by: Shawn Guo commit ff53664daff2a65f4bf2479ac56dfb3e908deff0 Author: Armas Spann Date: Sat Jul 11 13:05:57 2020 +0200 ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 This patch adds support for headset mic to the ASUS ROG Zephyrus G14(GA401) notebook series by adding the corresponding vendor/pci_device id, as well as adding a new fixup for the used realtek ALC289. The fixup stets the correct pin to get the headset mic correctly recognized on audio-jack. Signed-off-by: Armas Spann Cc: Link: https://lore.kernel.org/r/20200711110557.18681-1-zappel@retarded.farm Signed-off-by: Takashi Iwai commit ef9ddb9dc4f8b1da3b975918cd1fd98ec055b918 Author: Kailang Yang Date: Fri Jul 10 15:31:11 2020 +0800 ALSA: hda/realtek - change to suitable link model for ASUS platform ASUS platform couldn't need to use Headset Mode model. It changes to the suitable model. Signed-off-by: Kailang Yang Cc: Link: https://lore.kernel.org/r/d05bcff170784ec7bb35023407148161@realtek.com Signed-off-by: Takashi Iwai commit 1df0d8960499e58963fd6c8ac75e544f2b417b29 Merge: 5ab39e08ff15 813357fead4a Author: Linus Torvalds Date: Fri Jul 10 21:23:10 2020 -0700 Merge tag 'libnvdimm-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm fix from Dan Williams: "A one-line Fix for key ring search permissions to address a regression from -rc1" * tag 'libnvdimm-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm/security: Fix key lookup permissions commit 5ab39e08ff1558ed80d93f5c5217338f19369a40 Merge: 49decddd39e5 a8dab63ea623 Author: Linus Torvalds Date: Fri Jul 10 21:16:48 2020 -0700 Merge tag '5.8-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "Four cifs/smb3 fixes: the three for stable fix problems found recently with change notification including a reference count leak" * tag '5.8-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: update internal module version number cifs: fix reference leak for tlink smb3: fix unneeded error message on change notify cifs: remove the retry in cifs_poxis_lock_set smb3: fix access denied on change notify request to some servers commit 49decddd39e5f6132ccd7d9fdc3d7c470b0061bb Merge: 5a764898afec a5f526ecb075 Author: Linus Torvalds Date: Fri Jul 10 21:15:25 2020 -0700 Merge tag 'inclusive-terminology' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux Pull coding style terminology documentation from Dan Williams: "The discussion has tapered off as well as the incoming ack, review, and sign-off tags. I did not see a reason to wait for the next merge window" * tag 'inclusive-terminology' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux: CodingStyle: Inclusive Terminology commit 5a764898afec0bc097003e8c3e727792289f76d6 Merge: 9321f1aaf63e 1195c7cebb95 Author: Linus Torvalds Date: Fri Jul 10 18:16:22 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from David Miller: 1) Restore previous behavior of CAP_SYS_ADMIN wrt loading networking BPF programs, from Maciej Żenczykowski. 2) Fix dropped broadcasts in mac80211 code, from Seevalamuthu Mariappan. 3) Slay memory leak in nl80211 bss color attribute parsing code, from Luca Coelho. 4) Get route from skb properly in ip_route_use_hint(), from Miaohe Lin. 5) Don't allow anything other than ARPHRD_ETHER in llc code, from Eric Dumazet. 6) xsk code dips too deeply into DMA mapping implementation internals. Add dma_need_sync and use it. From Christoph Hellwig 7) Enforce power-of-2 for BPF ringbuf sizes. From Andrii Nakryiko. 8) Check for disallowed attributes when loading flow dissector BPF programs. From Lorenz Bauer. 9) Correct packet injection to L3 tunnel devices via AF_PACKET, from Jason A. Donenfeld. 10) Don't advertise checksum offload on ipa devices that don't support it. From Alex Elder. 11) Resolve several issues in TCP MD5 signature support. Missing memory barriers, bogus options emitted when using syncookies, and failure to allow md5 key changes in established states. All from Eric Dumazet. 12) Fix interface leak in hsr code, from Taehee Yoo. 13) VF reset fixes in hns3 driver, from Huazhong Tan. 14) Make loopback work again with ipv6 anycast, from David Ahern. 15) Fix TX starvation under high load in fec driver, from Tobias Waldekranz. 16) MLD2 payload lengths not checked properly in bridge multicast code, from Linus Lüssing. 17) Packet scheduler code that wants to find the inner protocol currently only works for one level of VLAN encapsulation. Allow Q-in-Q situations to work properly here, from Toke Høiland-Jørgensen. 18) Fix route leak in l2tp, from Xin Long. 19) Resolve conflict between the sk->sk_user_data usage of bpf reuseport support and various protocols. From Martin KaFai Lau. 20) Fix socket cgroup v2 reference counting in some situations, from Cong Wang. 21) Cure memory leak in mlx5 connection tracking offload support, from Eli Britstein. * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (146 commits) mlxsw: pci: Fix use-after-free in case of failed devlink reload mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() net: macb: fix call to pm_runtime in the suspend/resume functions net: macb: fix macb_suspend() by removing call to netif_carrier_off() net: macb: fix macb_get/set_wol() when moving to phylink net: macb: mark device wake capable when "magic-packet" property present net: macb: fix wakeup test in runtime suspend/resume routines bnxt_en: fix NULL dereference in case SR-IOV configuration fails libbpf: Fix libbpf hashmap on (I)LP32 architectures net/mlx5e: CT: Fix memory leak in cleanup net/mlx5e: Fix port buffers cell size value net/mlx5e: Fix 50G per lane indication net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash net/mlx5e: Fix VXLAN configuration restore after function reload net/mlx5e: Fix usage of rcu-protected pointer net/mxl5e: Verify that rpriv is not NULL net/mlx5: E-Switch, Fix vlan or qos setting in legacy mode net/mlx5: Fix eeprom support for SFP module cgroup: Fix sock_cgroup_data on big-endian. selftests: bpf: Fix detach from sockmap tests ... commit 55b244221c3f17eb2ed51c8e39e4a01c523e4eee Author: Jean-Philippe Brucker Date: Fri Jul 10 17:04:40 2020 +0200 selftests/bpf: Fix cgroup sockopt verifier test Since the BPF_PROG_TYPE_CGROUP_SOCKOPT verifier test does not set an attach type, bpf_prog_load_check_attach() disallows loading the program and the test is always skipped: #434/p perfevent for cgroup sockopt SKIP (unsupported program type 25) Fix the issue by setting a valid attach type. Fixes: 0456ea170cd6 ("bpf: Enable more helpers for BPF_PROG_TYPE_CGROUP_{DEVICE,SYSCTL,SOCKOPT}") Signed-off-by: Jean-Philippe Brucker Signed-off-by: Daniel Borkmann Reviewed-by: Jakub Sitnicki Link: https://lore.kernel.org/bpf/20200710150439.126627-1-jean-philippe@linaro.org commit 9321f1aaf63e74ec3884347490e4ebb039f01b6e Author: Nathan Chancellor Date: Fri Jul 10 15:34:41 2020 -0700 mips: Remove compiler check in unroll macro CONFIG_CC_IS_GCC is undefined when Clang is used, which breaks the build (see our Travis link below). Clang 8 was chosen as a minimum version for this check because there were some improvements around __builtin_constant_p in that release. In reality, MIPS was not even buildable until clang 9 so that check was not technically necessary. Just remove all compiler checks and just assume that we have a working compiler. Fixes: d4e60453266b ("Restore gcc check in mips asm/unroll.h") Link: https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/jobs/359642821 Signed-off-by: Nathan Chancellor Signed-off-by: Linus Torvalds commit 1195c7cebb95081d809f81a27b21829573cbd4a8 Merge: f9f41e3db40e c4317b11675b Author: David S. Miller Date: Fri Jul 10 14:33:34 2020 -0700 Merge branch 'mlxsw-Various-fixes' Ido Schimmel says: ==================== mlxsw: Various fixes Fix two issues found by syzkaller. Patch #1 removes inappropriate usage of WARN_ON() following memory allocation failure. Constantly triggered when syzkaller injects faults. Patch #2 fixes a use-after-free that can be triggered by 'devlink dev info' following a failed devlink reload. ==================== Signed-off-by: David S. Miller commit c4317b11675b99af6641662ebcbd3c6010600e64 Author: Ido Schimmel Date: Fri Jul 10 16:41:39 2020 +0300 mlxsw: pci: Fix use-after-free in case of failed devlink reload In case devlink reload failed, it is possible to trigger a use-after-free when querying the kernel for device info via 'devlink dev info' [1]. This happens because as part of the reload error path the PCI command interface is de-initialized and its mailboxes are freed. When the devlink '->info_get()' callback is invoked the device is queried via the command interface and the freed mailboxes are accessed. Fix this by initializing the command interface once during probe and not during every reload. This is consistent with the other bus used by mlxsw (i.e., 'mlxsw_i2c') and also allows user space to query the running firmware version (for example) from the device after a failed reload. [1] BUG: KASAN: use-after-free in memcpy include/linux/string.h:406 [inline] BUG: KASAN: use-after-free in mlxsw_pci_cmd_exec+0x177/0xa60 drivers/net/ethernet/mellanox/mlxsw/pci.c:1675 Write of size 4096 at addr ffff88810ae32000 by task syz-executor.1/2355 CPU: 1 PID: 2355 Comm: syz-executor.1 Not tainted 5.8.0-rc2+ #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xf6/0x16e lib/dump_stack.c:118 print_address_description.constprop.0+0x1c/0x250 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 check_memory_region_inline mm/kasan/generic.c:186 [inline] check_memory_region+0x14e/0x1b0 mm/kasan/generic.c:192 memcpy+0x39/0x60 mm/kasan/common.c:106 memcpy include/linux/string.h:406 [inline] mlxsw_pci_cmd_exec+0x177/0xa60 drivers/net/ethernet/mellanox/mlxsw/pci.c:1675 mlxsw_cmd_exec+0x249/0x550 drivers/net/ethernet/mellanox/mlxsw/core.c:2335 mlxsw_cmd_access_reg drivers/net/ethernet/mellanox/mlxsw/cmd.h:859 [inline] mlxsw_core_reg_access_cmd drivers/net/ethernet/mellanox/mlxsw/core.c:1938 [inline] mlxsw_core_reg_access+0x2f6/0x540 drivers/net/ethernet/mellanox/mlxsw/core.c:1985 mlxsw_reg_query drivers/net/ethernet/mellanox/mlxsw/core.c:2000 [inline] mlxsw_devlink_info_get+0x17f/0x6e0 drivers/net/ethernet/mellanox/mlxsw/core.c:1090 devlink_nl_info_fill.constprop.0+0x13c/0x2d0 net/core/devlink.c:4588 devlink_nl_cmd_info_get_dumpit+0x246/0x460 net/core/devlink.c:4648 genl_lock_dumpit+0x85/0xc0 net/netlink/genetlink.c:575 netlink_dump+0x515/0xe50 net/netlink/af_netlink.c:2245 __netlink_dump_start+0x53d/0x830 net/netlink/af_netlink.c:2353 genl_family_rcv_msg_dumpit.isra.0+0x296/0x300 net/netlink/genetlink.c:638 genl_family_rcv_msg net/netlink/genetlink.c:733 [inline] genl_rcv_msg+0x78d/0x9d0 net/netlink/genetlink.c:753 netlink_rcv_skb+0x152/0x440 net/netlink/af_netlink.c:2469 genl_rcv+0x24/0x40 net/netlink/genetlink.c:764 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x53a/0x750 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x850/0xd90 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0x150/0x190 net/socket.c:672 ____sys_sendmsg+0x6d8/0x840 net/socket.c:2363 ___sys_sendmsg+0xff/0x170 net/socket.c:2417 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2450 do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: a9c8336f6544 ("mlxsw: core: Add support for devlink info command") Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit d9d5420273997664a1c09151ca86ac993f2f89c1 Author: Ido Schimmel Date: Fri Jul 10 16:41:38 2020 +0300 mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() We should not trigger a warning when a memory allocation fails. Remove the WARN_ON(). The warning is constantly triggered by syzkaller when it is injecting faults: [ 2230.758664] FAULT_INJECTION: forcing a failure. [ 2230.758664] name failslab, interval 1, probability 0, space 0, times 0 [ 2230.762329] CPU: 3 PID: 1407 Comm: syz-executor.0 Not tainted 5.8.0-rc2+ #28 ... [ 2230.898175] WARNING: CPU: 3 PID: 1407 at drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:6265 mlxsw_sp_router_fib_event+0xfad/0x13e0 [ 2230.898179] Kernel panic - not syncing: panic_on_warn set ... [ 2230.898183] CPU: 3 PID: 1407 Comm: syz-executor.0 Not tainted 5.8.0-rc2+ #28 [ 2230.898190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Fixes: 3057224e014c ("mlxsw: spectrum_router: Implement FIB offload in deferred work") Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit f9f41e3db40ee8d61b427d4d88c7365d968052a9 Merge: c8b1d7436045 6c8f85cac98a Author: David S. Miller Date: Fri Jul 10 14:29:38 2020 -0700 Merge branch 'macb-WOL-fixes' Nicolas Ferre says: ==================== net: macb: Wake-on-Lan magic packet fixes and GEM handling Here is a split series to fix WoL magic-packet on the current macb driver. Only fixes in this one based on current net/master. Changes in v5: - Addressed the error code returned by phylink_ethtool_set_wol() as suggested by Russell. If PHY handles WoL, MAC doesn't stay in the way. - Removed Florian's tag on 3/5 because of the above changes. - Correct the "Fixes" tag on 1/5. Changes in v4: - Pure bug fix series for 'net'. GEM addition and MACB update removed: will be sent later. Changes in v3: - Revert some of the v2 changes done in macb_resume(). Now the resume function supports in-depth re-configuration of the controller in order to deal with deeper sleep states. Basically as it was before changes introduced by this series - Tested for non-regression with our deeper Power Management mode which cuts power to the controller completely Changes in v2: - Add patch 4/7 ("net: macb: fix macb_suspend() by removing call to netif_carrier_off()") needed for keeping phy state consistent - Add patch 5/7 ("net: macb: fix call to pm_runtime in the suspend/resume functions") that prevent putting the macb in runtime pm suspend mode when WoL is used - Collect review tags on 3 first patches from Florian: Thanks! - Review of macb_resume() function - Addition of pm_wakeup_event() in both MACB and GEM WoL IRQ handlers ==================== Signed-off-by: David S. Miller commit 6c8f85cac98a4c6b767c4c4f6af7283724c32b47 Author: Nicolas Ferre Date: Fri Jul 10 14:46:45 2020 +0200 net: macb: fix call to pm_runtime in the suspend/resume functions The calls to pm_runtime_force_suspend/resume() functions are only relevant if the device is not configured to act as a WoL wakeup source. Add the device_may_wakeup() test before calling them. Fixes: 3e2a5e153906 ("net: macb: add wake-on-lan support via magic packet") Cc: Claudiu Beznea Cc: Harini Katakam Cc: Sergio Prado Reviewed-by: Florian Fainelli Signed-off-by: Nicolas Ferre Signed-off-by: David S. Miller commit 64febc5e56c9a748162f206dcc5be1a44436087a Author: Nicolas Ferre Date: Fri Jul 10 14:46:44 2020 +0200 net: macb: fix macb_suspend() by removing call to netif_carrier_off() As we now use the phylink call to phylink_stop() in the non-WoL path, there is no need for this call to netif_carrier_off() anymore. It can disturb the underlying phylink FSM. Fixes: 7897b071ac3b ("net: macb: convert to phylink") Cc: Claudiu Beznea Cc: Harini Katakam Cc: Antoine Tenart Reviewed-by: Florian Fainelli Signed-off-by: Nicolas Ferre Signed-off-by: David S. Miller commit 253fe09435045ab9346a8e364299d971185ae031 Author: Nicolas Ferre Date: Fri Jul 10 14:46:43 2020 +0200 net: macb: fix macb_get/set_wol() when moving to phylink Keep previous function goals and integrate phylink actions to them. phylink_ethtool_get_wol() is not enough to figure out if Ethernet driver supports Wake-on-Lan. Initialization of "supported" and "wolopts" members is done in phylink function, no need to keep them in calling function. phylink_ethtool_set_wol() return value is considered and determines if the MAC has to handle WoL or not. The case where the PHY doesn't implement WoL leads to the MAC configuring it to provide this feature. Fixes: 7897b071ac3b ("net: macb: convert to phylink") Cc: Claudiu Beznea Cc: Harini Katakam Cc: Antoine Tenart Cc: Florian Fainelli Signed-off-by: Nicolas Ferre Signed-off-by: David S. Miller commit ced4799d06375929e013eea04ba6908207afabbe Author: Nicolas Ferre Date: Fri Jul 10 14:46:42 2020 +0200 net: macb: mark device wake capable when "magic-packet" property present Change the way the "magic-packet" DT property is handled in the macb_probe() function, matching DT binding documentation. Now we mark the device as "wakeup capable" instead of calling the device_init_wakeup() function that would enable the wakeup source. For Ethernet WoL, enabling the wakeup_source is done by using ethtool and associated macb_set_wol() function that already calls device_set_wakeup_enable() for this purpose. That would reduce power consumption by cutting more clocks if "magic-packet" property is set but WoL is not configured by ethtool. Fixes: 3e2a5e153906 ("net: macb: add wake-on-lan support via magic packet") Cc: Claudiu Beznea Cc: Harini Katakam Cc: Sergio Prado Reviewed-by: Florian Fainelli Signed-off-by: Nicolas Ferre Signed-off-by: David S. Miller commit 515a10a701d570e26dfbe6ee373f77c8bf11053f Author: Nicolas Ferre Date: Fri Jul 10 14:46:41 2020 +0200 net: macb: fix wakeup test in runtime suspend/resume routines Use the proper struct device pointer to check if the wakeup flag and wakeup source are positioned. Use the one passed by function call which is equivalent to &bp->dev->dev.parent. It's preventing the trigger of a spurious interrupt in case the Wake-on-Lan feature is used. Fixes: d54f89af6cc4 ("net: macb: Add pm runtime support") Cc: Claudiu Beznea Cc: Harini Katakam Reviewed-by: Florian Fainelli Signed-off-by: Nicolas Ferre Signed-off-by: David S. Miller commit c8b1d7436045d3599bae56aef1682813ecccaad7 Author: Davide Caratti Date: Fri Jul 10 12:55:08 2020 +0200 bnxt_en: fix NULL dereference in case SR-IOV configuration fails we need to set 'active_vfs' back to 0, if something goes wrong during the allocation of SR-IOV resources: otherwise, further VF configurations will wrongly assume that bp->pf.vf[x] are valid memory locations, and commands like the ones in the following sequence: # echo 2 >/sys/bus/pci/devices/${ADDR}/sriov_numvfs # ip link set dev ens1f0np0 up # ip link set dev ens1f0np0 vf 0 trust on will cause a kernel crash similar to this: bnxt_en 0000:3b:00.0: not enough MMIO resources for SR-IOV BUG: kernel NULL pointer dereference, address: 0000000000000014 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 43 PID: 2059 Comm: ip Tainted: G I 5.8.0-rc2.upstream+ #871 Hardware name: Dell Inc. PowerEdge R740/08D89F, BIOS 2.2.11 06/13/2019 RIP: 0010:bnxt_set_vf_trust+0x5b/0x110 [bnxt_en] Code: 44 24 58 31 c0 e8 f5 fb ff ff 85 c0 0f 85 b6 00 00 00 48 8d 1c 5b 41 89 c6 b9 0b 00 00 00 48 c1 e3 04 49 03 9c 24 f0 0e 00 00 <8b> 43 14 89 c2 83 c8 10 83 e2 ef 45 84 ed 49 89 e5 0f 44 c2 4c 89 RSP: 0018:ffffac6246a1f570 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000b RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff98b28f538900 RBP: ffff98b28f538900 R08: 0000000000000000 R09: 0000000000000008 R10: ffffffffb9515be0 R11: ffffac6246a1f678 R12: ffff98b28f538000 R13: 0000000000000001 R14: 0000000000000000 R15: ffffffffc05451e0 FS: 00007fde0f688800(0000) GS:ffff98baffd40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000014 CR3: 000000104bb0a003 CR4: 00000000007606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: do_setlink+0x994/0xfe0 __rtnl_newlink+0x544/0x8d0 rtnl_newlink+0x47/0x70 rtnetlink_rcv_msg+0x29f/0x350 netlink_rcv_skb+0x4a/0x110 netlink_unicast+0x21d/0x300 netlink_sendmsg+0x329/0x450 sock_sendmsg+0x5b/0x60 ____sys_sendmsg+0x204/0x280 ___sys_sendmsg+0x88/0xd0 __sys_sendmsg+0x5e/0xa0 do_syscall_64+0x47/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: c0c050c58d840 ("bnxt_en: New Broadcom ethernet driver.") Reported-by: Fei Liu CC: Jonathan Toppins CC: Michael Chan Signed-off-by: Davide Caratti Reviewed-by: Michael Chan Acked-by: Jonathan Toppins Signed-off-by: David S. Miller commit 45ae836f8a257599ae11873e2642101a96b40a4c Merge: ca68d5637aaf b2f9f1535bb9 Author: David S. Miller Date: Fri Jul 10 14:07:43 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Alexei Starovoitov says: ==================== pull-request: bpf 2020-07-09 The following pull-request contains BPF updates for your *net* tree. We've added 4 non-merge commits during the last 1 day(s) which contain a total of 4 files changed, 26 insertions(+), 15 deletions(-). The main changes are: 1) fix crash in libbpf on 32-bit archs, from Jakub and Andrii. 2) fix crash when l2tp and bpf_sk_reuseport conflict, from Martin. ==================== Signed-off-by: David S. Miller commit ca68d5637aaff64d4838f609708ecf592d67bfe0 Merge: 14b032b8f8fc eb32b3f53d28 Author: David S. Miller Date: Fri Jul 10 14:02:01 2020 -0700 Merge tag 'mlx5-fixes-2020-07-02' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== mlx5 fixes 2020-07-02 This series introduces some fixes to mlx5 driver. V1->v2: - Drop "ip -s" patch and mirred device hold reference patch. - Will revise them in a later submission. Please pull and let me know if there is any problem. For -stable v5.2 ('net/mlx5: Fix eeprom support for SFP module') For -stable v5.4 ('net/mlx5e: Fix 50G per lane indication') For -stable v5.5 ('net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash') ('net/mlx5e: Fix VXLAN configuration restore after function reload') For -stable v5.7 ('net/mlx5e: CT: Fix memory leak in cleanup') ==================== Signed-off-by: David S. Miller commit aa0c9086b40c17a7ad94425b3b70dd1fdd7497bf Merge: 0f318cba1e08 0a0371506879 Author: Linus Torvalds Date: Fri Jul 10 13:09:41 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull rdma fixes from Jason Gunthorpe: "Small update, a few more merge window bugs and normal driver bug fixes: - Two merge window regressions in mlx5: a error path bug found by syzkaller and some lost code during a rework preventing ipoib from working in some configurations - Silence clang compilation warning in OPA related code - Fix a long standing race condition in ib_nl for ACM - Resolve when the HFI1 is shutdown" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: RDMA/mlx5: Set PD pointers for the error flow unwind IB/mlx5: Fix 50G per lane indication RDMA/siw: Fix reporting vendor_part_id IB/sa: Resolv use-after-free in ib_nl_make_request() IB/hfi1: Do not destroy link_wq when the device is shut down IB/hfi1: Do not destroy hfi1_wq when the device is shut down RDMA/mlx5: Fix legacy IPoIB QP initialization IB/hfi1: Add explicit cast OPA_MTU_8192 to 'enum ib_mtu' commit 0f318cba1e08a2e18494eec847f6caf94f13129b Merge: a581387e415b 3c01655ac82e Author: Linus Torvalds Date: Fri Jul 10 10:15:37 2020 -0700 Merge tag 'linux-kselftest-fixes-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kselftest fixes from Shuah Khan: "TPM2 test changes to run on python3 and kselftest framework fix to incorrect return type" * tag 'linux-kselftest-fixes-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: kselftest: ksft_test_num return type should be unsigned selftests: tpm: upgrade TPM2 tests from Python 2 to Python 3 commit a581387e415bbb0085e7e67906c8f4a99746590e Merge: d33db702745b 309fc03a3284 Author: Linus Torvalds Date: Fri Jul 10 09:57:57 2020 -0700 Merge tag 'io_uring-5.8-2020-07-10' of git://git.kernel.dk/linux-block Pull io_uring fixes from Jens Axboe: - Fix memleak for error path in registered files (Yang) - Export CQ overflow state in flags, necessary to fix a case where liburing doesn't know if it needs to enter the kernel (Xiaoguang) - Fix for a regression in when user memory is accounted freed, causing issues with back-to-back ring exit + init if the ulimit -l setting is very tight. * tag 'io_uring-5.8-2020-07-10' of git://git.kernel.dk/linux-block: io_uring: account user memory freed when exit has been queued io_uring: fix memleak in io_sqe_files_register() io_uring: fix memleak in __io_sqe_files_update() io_uring: export cq overflow status to userspace commit d33db702745b84fd553d9a5f5db85e122aa45020 Merge: b1b11d0063aa 579dd91ab3a5 Author: Linus Torvalds Date: Fri Jul 10 09:55:46 2020 -0700 Merge tag 'block-5.8-2020-07-10' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: - Fix for inflight accounting, which affects only dm (Ming) - Fix documentation error for bfq (Yufen) - Fix memory leak for nbd (Zheng) * tag 'block-5.8-2020-07-10' of git://git.kernel.dk/linux-block: nbd: Fix memory leak in nbd_add_socket blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight() docs: block: update and fix tiny error for bfq commit 788cacf308871db0a619952321bedfec8f1773e2 Author: Oded Gabbay Date: Tue Jul 7 17:30:13 2020 +0300 habanalabs: set 4s timeout for message to device CPU We see that sometimes the CPU in GOYA and GAUDI is occupied by the power/thermal loop and can't answer requests from the driver fast enough. Therefore, to avoid false notifications on timeouts, increase the timeout to 4 seconds on each message sent to the device CPU. Signed-off-by: Oded Gabbay Reviewed-by: Tomer Tayar commit e38bfd30e08802d9661efffb8c048bd53a3acfc4 Author: Oded Gabbay Date: Fri Jul 3 20:46:12 2020 +0300 habanalabs: set clock gating per engine For debugging purposes, we need to allow the root user better control of the clock gating feature of the DMA and compute engines. Therefore, change the clock gating debugfs interface to be bitmask instead of true/false. Each bit represents a different engine, according to gaudi_engine_id enum. See debugfs documentation for more details. Signed-off-by: Oded Gabbay Reviewed-by: Omer Shpigelman commit 2edc66e22ba1af33020ff8b75fe1a2b055cdb73f Author: Oded Gabbay Date: Fri Jul 3 19:28:54 2020 +0300 habanalabs: block WREG_BULK packet on PDMA WREG_BULK is a special packet that has a variable length. Therefore, we can't parse it when validating CBs that go to the PCI DMA queue. In case the user needs to use it, it can put multiple WREG32 packets instead. Signed-off-by: Oded Gabbay Reviewed-by: Omer Shpigelman commit b1b11d0063aab28aaf65f63cff56470bc01dc290 Merge: 1bfde037425d 775802c0571f Author: Linus Torvalds Date: Fri Jul 10 09:45:15 2020 -0700 Merge tag 'cleanup-kernel_read_write' of git://git.infradead.org/users/hch/misc Pull in-kernel read and write op cleanups from Christoph Hellwig: "Cleanup in-kernel read and write operations Reshuffle the (__)kernel_read and (__)kernel_write helpers, and ensure all users of in-kernel file I/O use them if they don't use iov_iter based methods already. The new WARN_ONs in combination with syzcaller already found a missing input validation in 9p. The fix should be on your way through the maintainer ASAP". [ This is prep-work for the real changes coming 5.9 ] * tag 'cleanup-kernel_read_write' of git://git.infradead.org/users/hch/misc: fs: remove __vfs_read fs: implement kernel_read using __kernel_read integrity/ima: switch to using __kernel_read fs: add a __kernel_read helper fs: remove __vfs_write fs: implement kernel_write using __kernel_write fs: check FMODE_WRITE in __kernel_write fs: unexport __kernel_write bpfilter: switch to kernel_write autofs: switch to kernel_write cachefiles: switch to kernel_write commit 1bfde037425d91d1d615d30ec362f5f5c1ca0dd2 Merge: 25aadbd2a8ad 68d237056e00 Author: Linus Torvalds Date: Fri Jul 10 09:36:03 2020 -0700 Merge tag 'dma-mapping-5.8-5' of git://git.infradead.org/users/hch/dma-mapping Pull dma-mapping fixes from Christoph Hellwig: - add a warning when the atomic pool is depleted (David Rientjes) - protect the parameters of the new scatterlist helper macros (Marek Szyprowski ) * tag 'dma-mapping-5.8-5' of git://git.infradead.org/users/hch/dma-mapping: scatterlist: protect parameters of the sg_table related macros dma-mapping: warn when coherent pool is depleted commit 25aadbd2a8ad05ed0477cb94c7659075f540d158 Merge: 3f8834327ae7 f8e99dde2199 Author: Linus Torvalds Date: Fri Jul 10 09:28:52 2020 -0700 Merge tag 'pinctrl-v5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: - Fix an issue in the AMD driver for the UART0 group - Fix a glitch issue in the Baytrail pin controller * tag 'pinctrl-v5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) pinctrl: amd: fix npins for uart0 in kerncz_groups commit 3f8834327ae7d8bfc34793cfce72663af35133d0 Merge: d02b0478c1ac 93e0272a4395 Author: Linus Torvalds Date: Fri Jul 10 09:19:39 2020 -0700 Merge tag 'gpio-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO fixes from Linus Walleij: "Some GPIO fixes, most of them for the PCA953x that Andy worked hard to fix up. - Fix two runtime PM errorpath problems in the Arizona GPIO driver. - Fix three interrupt issues in the PCA953x driver. - Fix the automatic address increment handling in the PCA953x driver again. - Add a quirk to the PCA953x that fixes a problem in the Intel Galileo Gen 2" * tag 'gpio-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 gpio: pca953x: disable regmap locking for automatic address incrementing gpio: pca953x: Fix direction setting when configure an IRQ gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 gpio: pca953x: Synchronize interrupt handler properly gpio: arizona: put pm_runtime in case of failure gpio: arizona: handle pm_runtime_get_sync failure case commit 9b7e5208a941e2e491a83eb5fa83d889e888fa2f Author: Takashi Iwai Date: Fri Jul 10 18:06:56 2020 +0200 ALSA: usb-audio: Fix race against the error recovery URB submission USB MIDI driver has an error recovery mechanism to resubmit the URB in the delayed timer handler, and this may race with the standard start / stop operations. Although both start and stop operations themselves don't race with each other due to the umidi->mutex protection, but this isn't applied to the timer handler. For fixing this potential race, the following changes are applied: - Since the timer handler can't use the mutex, we apply the umidi->disc_lock protection at each input stream URB submission; this also needs to change the GFP flag to GFP_ATOMIC - Add a check of the URB refcount and skip if already submitted - Move the timer cancel call at disconnection to the beginning of the procedure; this assures the in-flight timer handler is gone properly before killing all pending URBs Reported-by: syzbot+0f4ecfe6a2c322c81728@syzkaller.appspotmail.com Reported-by: syzbot+5f1d24c49c1d2c427497@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/20200710160656.16819-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit d02b0478c1acb00e9d9ee40810627eba5745d94b Merge: f4c8824cbcc6 20f829999c38 Author: Linus Torvalds Date: Fri Jul 10 08:53:21 2020 -0700 Merge tag 'gfs2-v5.8-rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Pull gfs2 fixes from Andreas Gruenbacher: "Fix gfs2 readahead deadlocks by adding a IOCB_NOIO flag that allows gfs2 to use the generic fiel read iterator functions without having to worry about being called back while holding locks". * tag 'gfs2-v5.8-rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: Rework read and page fault locking fs: Add IOCB_NOIO flag for generic_file_read_iter commit f4c8824cbcc64524905f83388eb1139747829756 Merge: e8749d068855 5679b2814219 Author: Linus Torvalds Date: Fri Jul 10 08:42:17 2020 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "An unfortunately large collection of arm64 fixes for -rc5. Some of this is absolutely trivial, but the alternatives, vDSO and CPU errata workaround fixes are significant. At least people are finding and fixing these things, I suppose. - Fix workaround for CPU erratum #1418040 to disable the compat vDSO - Fix Oops when single-stepping with KGDB - Fix memory attributes for hypervisor device mappings at EL2 - Fix memory leak in PSCI and remove useless variable assignment - Fix up some comments and asm labels in our entry code - Fix broken register table formatting in our generated html docs - Fix missing NULL sentinel in CPU errata workaround list - Fix patching of branches in alternative instruction sections" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64/alternatives: don't patch up internal branches arm64: Add missing sentinel to erratum_1463225 arm64: Documentation: Fix broken table in generated HTML arm64: kgdb: Fix single-step exception handling oops arm64: entry: Tidy up block comments and label numbers arm64: Rework ARM_ERRATUM_1414080 handling arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040 arm64: arch_timer: Allow an workaround descriptor to disable compat vdso arm64: Introduce a way to disable the 32bit vdso arm64: entry: Fix the typo in the comment of el1_dbg() drivers/firmware/psci: Assign @err directly in hotplug_tests() drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() KVM: arm64: Fix definition of PAGE_HYP_DEVICE commit e8749d068855c2b075b3de1985e6af836a02b257 Merge: cb24c61b53c3 dd9ce2d6eeae Author: Linus Torvalds Date: Fri Jul 10 08:39:33 2020 -0700 Merge tag 's390-5.8-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Heiko Carstens: "This is mainly due to the fact that Gerald Schaefer's and also my old email addresses currently do not work any longer. Therefore we decided to switch to new email addresses and reflect that in the MAINTAINERS file. - Update email addresses in MAINTAINERS file and add .mailmap entries for Gerald Schaefer and Heiko Carstens. - Fix huge pte soft dirty copying" * tag 's390-5.8-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: MAINTAINERS: update email address for Gerald Schaefer MAINTAINERS: update email address for Heiko Carstens s390/mm: fix huge pte soft dirty copying commit cb24c61b53c3f47d4ba596fe37076202f7189676 Merge: d45f47a46854 3d9fdc252b52 Author: Linus Torvalds Date: Fri Jul 10 08:34:12 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull vkm fixes from Paolo Bonzini: "Two simple but important bugfixes" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: MIPS: Fix build errors for 32bit kernel KVM: nVMX: fixes for preemption timer migration commit d45f47a46854b304ebda238b6121f95370b195ec Merge: 42f82040ee66 3ec2d5113ea5 Author: Linus Torvalds Date: Fri Jul 10 08:28:49 2020 -0700 Merge tag 'mmc-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: - Override DLL_CONFIG only with valid values in sdhci-msm - Get rid of of_match_ptr() macro to fix warning in owl-mmc - Limit segments to 1 to fix meson-gx G12A/G12B SoCs * tag 'mmc-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci-msm: Override DLL_CONFIG only if the valid value is supplied mmc: owl-mmc: Get rid of of_match_ptr() macro mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed commit 309fc03a3284af62eb6082fb60327045a1dabf57 Author: Jens Axboe Date: Fri Jul 10 09:13:34 2020 -0600 io_uring: account user memory freed when exit has been queued We currently account the memory after the exit work has been run, but that leaves a gap where a process has closed its ring and until the memory has been accounted as freed. If the memlocked ulimit is borderline, then that can introduce spurious setup errors returning -ENOMEM because the free work hasn't been run yet. Account this as freed when we close the ring, as not to expose a tiny gap where setting up a new ring can fail. Fixes: 85faa7b8346e ("io_uring: punt final io_ring_ctx wait-and-free to workqueue") Cc: stable@vger.kernel.org # v5.7 Signed-off-by: Jens Axboe commit 68359a1ad8447c99732ebeab8c169bfed543667a Author: Takashi Iwai Date: Fri Jul 10 15:59:59 2020 +0200 ALSA: line6: Sync the pending work cancel at disconnection Recently syzkaller reported a UAF in LINE6 driver, and it's likely because we call cancel_delayed_work() at the disconnect callback instead of cancel_delayed_work_sync(). Let's use the correct one instead. Reported-by: syzbot+145012a46658ac00fc9e@syzkaller.appspotmail.com Suggested-by: Alan Stern Cc: Link: https://lore.kernel.org/r/s5hlfjr4gio.wl-tiwai@suse.de Signed-off-by: Takashi Iwai commit 6e8a914ad619042c5f25a4feb663357c4170fd8d Author: Takashi Iwai Date: Fri Jul 10 15:33:51 2020 +0200 ALSA: line6: Perform sanity check for each URB creation LINE6 drivers create stream URBs with a fixed pipe without checking its validity, and this may lead to a kernel WARNING at the submission when a malformed USB descriptor is passed. For avoiding the kernel warning, perform the similar sanity checks for each pipe type at creating a URB. Reported-by: syzbot+c190f6858a04ea7fbc52@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/s5hv9iv4hq8.wl-tiwai@suse.de Signed-off-by: Takashi Iwai commit 667e57da358f61b6966e12e925a69e42d912e8bb Author: Yang Yingliang Date: Fri Jul 10 14:14:20 2020 +0000 io_uring: fix memleak in io_sqe_files_register() I got a memleak report when doing some fuzz test: BUG: memory leak unreferenced object 0x607eeac06e78 (size 8): comm "test", pid 295, jiffies 4294735835 (age 31.745s) hex dump (first 8 bytes): 00 00 00 00 00 00 00 00 ........ backtrace: [<00000000932632e6>] percpu_ref_init+0x2a/0x1b0 [<0000000092ddb796>] __io_uring_register+0x111d/0x22a0 [<00000000eadd6c77>] __x64_sys_io_uring_register+0x17b/0x480 [<00000000591b89a6>] do_syscall_64+0x56/0xa0 [<00000000864a281d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Call percpu_ref_exit() on error path to avoid refcount memleak. Fixes: 05f3fb3c5397 ("io_uring: avoid ring quiesce for fixed file set unregister and update") Cc: stable@vger.kernel.org Reported-by: Hulk Robot Signed-off-by: Yang Yingliang Signed-off-by: Jens Axboe commit 2451e746478a6a6e981cfa66b62b791ca93b90c8 Author: Saravana Kannan Date: Wed Jul 1 12:42:59 2020 -0700 driver core: Avoid deferred probe due to fw_devlink_pause/resume() With the earlier patch in this series, all devices that deferred probe due to fw_devlink_pause() will have their probes delayed till the deferred probe thread is kicked off during late_initcall. This will also affect all their consumers. This delayed probing in unnecessary. So this patch just keeps track of the devices that had their probe deferred due to fw_devlink_pause() and attempts to probe them once during fw_devlink_resume(). Fixes: 716a7a259690 ("driver core: fw_devlink: Add support for batching fwnode parsing") Signed-off-by: Saravana Kannan Tested-by: Geert Uytterhoeven Link: https://lore.kernel.org/r/20200701194259.3337652-4-saravanak@google.com Signed-off-by: Greg Kroah-Hartman commit ec7bd78498f29680f536451fbdf9464e851273ed Author: Saravana Kannan Date: Wed Jul 1 12:42:58 2020 -0700 driver core: Rename dev_links_info.defer_sync to defer_hook The defer_sync field is used as a hook to add the device to the deferred_sync list. Rename it so that it's more meaningful for the next patch that'll also use this field as a hook to a deferred_fw_devlink list. Signed-off-by: Saravana Kannan Reviewed-by: Rafael J. Wysocki Tested-by: Geert Uytterhoeven Link: https://lore.kernel.org/r/20200701194259.3337652-3-saravanak@google.com Signed-off-by: Greg Kroah-Hartman commit cec72f3efc6272420c2c2c699607f03d09b93e41 Author: Saravana Kannan Date: Wed Jul 1 12:42:57 2020 -0700 driver core: Don't do deferred probe in parallel with kernel_init thread The current deferred probe implementation can mess up suspend/resume ordering if deferred probe thread is kicked off in parallel with the main initcall thread (kernel_init thread) [1]. For example: Say device-B is a consumer of device-A. Initcall thread Deferred probe thread =============== ===================== 1. device-A is added. 2. device-B is added. 3. dpm_list is now [device-A, device-B]. 4. driver-A defers probe of device-A. 5. device-A is moved to end of dpm_list 6. dpm_list is now [device-B, device-A] 7. driver-B is registereed and probes device-B. 8. dpm_list stays as [device-B, device-A]. The reverse order of dpm_list is used for suspend. So in this case device-A would incorrectly get suspended before device-B. Commit 716a7a259690 ("driver core: fw_devlink: Add support for batching fwnode parsing") kicked off the deferred probe thread early during boot to run in parallel with the initcall thread and caused suspend/resume regressions. This patch removes the parallel run of the deferred probe thread to avoid the suspend/resume regressions. [1] - https://lore.kernel.org/lkml/CAGETcx8W96KAw-d_siTX4qHB_-7ddk0miYRDQeHE6E0_8qx-6Q@mail.gmail.com/ Fixes: 716a7a259690 ("driver core: fw_devlink: Add support for batching fwnode parsing") Signed-off-by: Saravana Kannan Tested-by: Geert Uytterhoeven Link: https://lore.kernel.org/r/20200701194259.3337652-2-saravanak@google.com Signed-off-by: Greg Kroah-Hartman commit 897c44f0bae574c5fb318c759b060bebf9dd6013 Author: Alexander Lobakin Date: Tue Jun 23 11:09:33 2020 +0000 virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial rproc_serial_id_table lacks an exposure to module devicetable, so when remoteproc firmware requests VIRTIO_ID_RPROC_SERIAL, no uevent is generated and no module autoloading occurs. Add missing MODULE_DEVICE_TABLE() annotation and move the existing one for VIRTIO_ID_CONSOLE right to the table itself. Fixes: 1b6370463e88 ("virtio_console: Add support for remoteproc serial") Cc: # v3.8+ Signed-off-by: Alexander Lobakin Reviewed-by: Amit Shah Link: https://lore.kernel.org/r/x7C_CbeJtoGMy258nwAXASYz3xgFMFpyzmUvOyZzRnQrgWCREBjaqBOpAUS7ol4NnZYvSVwmTsCG0Ohyfvta-ygw6HMHcoeKK0C3QFiAO_Q=@pm.me Signed-off-by: Greg Kroah-Hartman commit e78e1fdb282726beaf88aa75943682217e6ded0e Author: Alexander Shishkin Date: Mon Jul 6 19:13:39 2020 +0300 intel_th: Fix a NULL dereference when hub driver is not loaded Connecting master to an output port when GTH driver module is not loaded triggers a NULL dereference: > RIP: 0010:intel_th_set_output+0x35/0x70 [intel_th] > Call Trace: > ? sth_stm_link+0x12/0x20 [intel_th_sth] > stm_source_link_store+0x164/0x270 [stm_core] > dev_attr_store+0x17/0x30 > sysfs_kf_write+0x3e/0x50 > kernfs_fop_write+0xda/0x1b0 > __vfs_write+0x1b/0x40 > vfs_write+0xb9/0x1a0 > ksys_write+0x67/0xe0 > __x64_sys_write+0x1a/0x20 > do_syscall_64+0x57/0x1d0 > entry_SYSCALL_64_after_hwframe+0x44/0xa9 Make sure the module in question is loaded and return an error if not. Signed-off-by: Alexander Shishkin Fixes: 39f4034693b7c ("intel_th: Add driver infrastructure for Intel(R) Trace Hub devices") Reviewed-by: Andy Shevchenko Reported-by: Ammy Yi Tested-by: Ammy Yi Cc: stable@vger.kernel.org # v4.4 Link: https://lore.kernel.org/r/20200706161339.55468-5-alexander.shishkin@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit fd73d74a32bfaaf259441322cc5a1c83caaa94f2 Author: Alexander Shishkin Date: Mon Jul 6 19:13:38 2020 +0300 intel_th: pci: Add Emmitsburg PCH support This adds support for the Trace Hub in Emmitsburg PCH. Signed-off-by: Alexander Shishkin Reviewed-by: Andy Shevchenko Cc: stable@vger.kernel.org # v4.14+ Link: https://lore.kernel.org/r/20200706161339.55468-4-alexander.shishkin@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit 6227585dc7b6a5405fc08dc322f98cb95e2f0eb4 Author: Alexander Shishkin Date: Mon Jul 6 19:13:37 2020 +0300 intel_th: pci: Add Tiger Lake PCH-H support This adds support for the Trace Hub in Tiger Lake PCH-H. Signed-off-by: Alexander Shishkin Reviewed-by: Andy Shevchenko Cc: stable@vger.kernel.org # v4.14+ Link: https://lore.kernel.org/r/20200706161339.55468-3-alexander.shishkin@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit 203c1f615052921901b7a8fbe2005d8ea6add076 Author: Alexander Shishkin Date: Mon Jul 6 19:13:36 2020 +0300 intel_th: pci: Add Jasper Lake CPU support This adds support for the Trace Hub in Jasper Lake CPU. Signed-off-by: Alexander Shishkin Reviewed-by: Andy Shevchenko Cc: stable@vger.kernel.org # v4.14+ Link: https://lore.kernel.org/r/20200706161339.55468-2-alexander.shishkin@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit dd9ce2d6eeaebbdd342cbe095b7a195d569f18d3 Author: Gerald Schaefer Date: Fri Jul 10 13:36:26 2020 +0200 MAINTAINERS: update email address for Gerald Schaefer Signed-off-by: Gerald Schaefer Signed-off-by: Heiko Carstens commit 2c08f65fd71cc2c96042c14fd3847a79262e1757 Author: Heiko Carstens Date: Thu Jul 9 10:37:54 2020 +0200 MAINTAINERS: update email address for Heiko Carstens Signed-off-by: Heiko Carstens commit f743061a85f5e9989df22ccbf07c80c98fc90e08 Author: Andy Shevchenko Date: Tue Jul 7 00:49:03 2020 +0300 serial: core: Initialise spin lock before use in uart_configure_port() The comment near to uart_port_spin_lock_init() says: Ensure that the serial console lock is initialised early. If this port is a console, then the spinlock is already initialised. and there is nothing about enabled or disabled consoles. The commit a3cb39d258ef ("serial: core: Allow detach and attach serial device for console") made a change, which follows the comment, and also to prevent reinitialisation of the lock in use, when user detaches and attaches back the same console device. But this change discovers another issue, that uart_add_one_port() tries to access a spin lock that now may be uninitialised. This happens when a driver expects the serial core to register a console on its behalf. In this case we must initialise a spin lock before use. Fixes: a3cb39d258ef ("serial: core: Allow detach and attach serial device for console") Reported-by: Marc Zyngier Reported-by: Lad Prabhakar Reported-by: Guenter Roeck Reported-by: Anatoly Pugachev Acked-by: Marc Zyngier Tested-by: Tony Lindgren Cc: Geert Uytterhoeven Signed-off-by: Andy Shevchenko Tested-by: Lad Prabhakar Link: https://lore.kernel.org/r/20200706214903.56148-1-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit d8edf8eb5f6e921fe6389f96d2cd05862730a6ff Author: Chuhong Yuan Date: Thu Jul 9 21:56:08 2020 +0800 serial: mxs-auart: add missed iounmap() in probe failure and remove This driver calls ioremap() in probe, but it misses calling iounmap() in probe's error handler and remove. Add the missed calls to fix it. Fixes: 47d37d6f94cc ("serial: Add auart driver for i.MX23/28") Signed-off-by: Chuhong Yuan Cc: stable Link: https://lore.kernel.org/r/20200709135608.68290-1-hslester96@gmail.com Signed-off-by: Greg Kroah-Hartman commit ba8c423488974f02b538e9dc1730f0334f9b85aa Author: Dan Carpenter Date: Fri Jul 10 14:36:10 2020 +0300 xen/xenbus: Fix a double free in xenbus_map_ring_pv() When there is an error the caller frees "info->node" so the free here will result in a double free. We should just delete first kfree(). Fixes: 3848e4e0a32a ("xen/xenbus: avoid large structs and arrays on the stack") Signed-off-by: Dan Carpenter Link: https://lore.kernel.org/r/20200710113610.GA92345@mwanda Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit ef75e14a6c935eec82abac07ab68e388514e39bc Author: Dan Carpenter Date: Thu Jul 9 13:29:36 2020 +0300 staging: comedi: verify array index is correct before using it This code reads from the array before verifying that "trig" is a valid index. If the index is wildly out of bounds then reading from an invalid address could lead to an Oops. Fixes: a8c66b684efa ("staging: comedi: addi_apci_1500: rewrite the subdevice support functions") Signed-off-by: Dan Carpenter Reviewed-by: Ian Abbott Link: https://lore.kernel.org/r/20200709102936.GA20875@mwanda Signed-off-by: Greg Kroah-Hartman commit 59d1d2e8e1e7c50d2657d5e4812b53f71f507968 Author: Hans de Goede Date: Thu Jul 9 14:08:52 2020 +0200 virt: vbox: Fix guest capabilities mask check Check the passed in capabilities against VMMDEV_GUEST_CAPABILITIES_MASK instead of against VMMDEV_EVENT_VALID_EVENT_MASK. This tightens the allowed mask from 0x7ff to 0x7. Fixes: 0ba002bc4393 ("virt: Add vboxguest driver for Virtual Box Guest integration") Cc: stable@vger.kernel.org Acked-by: Arnd Bergmann Signed-off-by: Hans de Goede Link: https://lore.kernel.org/r/20200709120858.63928-3-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman commit f794db6841e5480208f0c3a3ac1df445a96b079e Author: Hans de Goede Date: Thu Jul 9 14:08:51 2020 +0200 virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream Until this commit the mainline kernel version (this version) of the vboxguest module contained a bug where it defined VBGL_IOCTL_VMMDEV_REQUEST_BIG and VBGL_IOCTL_LOG using _IOC(_IOC_READ | _IOC_WRITE, 'V', ...) instead of _IO(V, ...) as the out of tree VirtualBox upstream version does. Since the VirtualBox userspace bits are always built against VirtualBox upstream's headers, this means that so far the mainline kernel version of the vboxguest module has been failing these 2 ioctls with -ENOTTY. I guess that VBGL_IOCTL_VMMDEV_REQUEST_BIG is never used causing us to not hit that one and sofar the vboxguest driver has failed to actually log any log messages passed it through VBGL_IOCTL_LOG. This commit changes the VBGL_IOCTL_VMMDEV_REQUEST_BIG and VBGL_IOCTL_LOG defines to match the out of tree VirtualBox upstream vboxguest version, while keeping compatibility with the old wrong request defines so as to not break the kernel ABI in case someone has been using the old request defines. Fixes: f6ddd094f579 ("virt: Add vboxguest driver for Virtual Box Guest integration UAPI") Cc: stable@vger.kernel.org Acked-by: Arnd Bergmann Reviewed-by: Arnd Bergmann Signed-off-by: Hans de Goede Link: https://lore.kernel.org/r/20200709120858.63928-2-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman commit d1c0d96535d7464d1111727c79d6dac274b8bc4f Merge: 211f08347355 8778eb0927dd Author: Greg Kroah-Hartman Date: Fri Jul 10 12:40:04 2020 +0200 Merge tag 'fixes-for-v5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: USB: fixes for v5.8-rc3 Adding support for recent Intel devices (Tiger Lake and Jasper Lake) on dwc3. We have some endianess fixes in cdns3, a memleak fix in gr_udc and lock API usage fix in the legacy f_uac1 Signed-off-by: Felipe Balbi * tag 'fixes-for-v5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb: usb: gadget: function: fix missing spinlock in f_uac1_legacy usb: gadget: udc: atmel: fix uninitialized read in debug printk usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() usb: dwc2: Fix shutdown callback in platform usb: cdns3: trace: fix some endian issues usb: cdns3: ep0: fix some endian issues usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() usb: gadget: fix langid kernel-doc warning in usbstring.c usb: dwc3: pci: add support for the Intel Jasper Lake usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant commit 3d9fdc252b52023260de1d12399cb3157ed28c07 Author: Huacai Chen Date: Fri Jul 10 15:23:17 2020 +0800 KVM: MIPS: Fix build errors for 32bit kernel Commit dc6d95b153e78ed70b1b2c04a ("KVM: MIPS: Add more MMIO load/store instructions emulation") introduced some 64bit load/store instructions emulation which are unavailable on 32bit platform, and it causes build errors: arch/mips/kvm/emulate.c: In function 'kvm_mips_emulate_store': arch/mips/kvm/emulate.c:1734:6: error: right shift count >= width of type [-Werror] ((vcpu->arch.gprs[rt] >> 56) & 0xff); ^ arch/mips/kvm/emulate.c:1738:6: error: right shift count >= width of type [-Werror] ((vcpu->arch.gprs[rt] >> 48) & 0xffff); ^ arch/mips/kvm/emulate.c:1742:6: error: right shift count >= width of type [-Werror] ((vcpu->arch.gprs[rt] >> 40) & 0xffffff); ^ arch/mips/kvm/emulate.c:1746:6: error: right shift count >= width of type [-Werror] ((vcpu->arch.gprs[rt] >> 32) & 0xffffffff); ^ arch/mips/kvm/emulate.c:1796:6: error: left shift count >= width of type [-Werror] (vcpu->arch.gprs[rt] << 32); ^ arch/mips/kvm/emulate.c:1800:6: error: left shift count >= width of type [-Werror] (vcpu->arch.gprs[rt] << 40); ^ arch/mips/kvm/emulate.c:1804:6: error: left shift count >= width of type [-Werror] (vcpu->arch.gprs[rt] << 48); ^ arch/mips/kvm/emulate.c:1808:6: error: left shift count >= width of type [-Werror] (vcpu->arch.gprs[rt] << 56); ^ cc1: all warnings being treated as errors make[3]: *** [arch/mips/kvm/emulate.o] Error 1 So, use #if defined(CONFIG_64BIT) && defined(CONFIG_KVM_MIPS_VZ) to guard the 64bit load/store instructions emulation. Reported-by: kernel test robot Fixes: dc6d95b153e78ed70b1b2c04a ("KVM: MIPS: Add more MMIO load/store instructions emulation") Signed-off-by: Huacai Chen Message-Id: <1594365797-536-1-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 83d31e5271ac74aad14b5a1a2ed26923e1446329 Author: Paolo Bonzini Date: Thu Jul 9 13:12:09 2020 -0400 KVM: nVMX: fixes for preemption timer migration Commit 850448f35aaf ("KVM: nVMX: Fix VMX preemption timer migration", 2020-06-01) accidentally broke nVMX live migration from older version by changing the userspace ABI. Restore it and, while at it, ensure that vmx->nested.has_preemption_timer_deadline is always initialized according to the KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE flag. Cc: Makarand Sonare Fixes: 850448f35aaf ("KVM: nVMX: Fix VMX preemption timer migration") Reviewed-by: Jim Mattson Signed-off-by: Paolo Bonzini commit 6348dd291e3653534a9e28e6917569bc9967b35b Author: Charan Teja Kalla Date: Fri Jun 19 17:27:19 2020 +0530 dmabuf: use spinlock to access dmabuf->name There exists a sleep-while-atomic bug while accessing the dmabuf->name under mutex in the dmabuffs_dname(). This is caused from the SELinux permissions checks on a process where it tries to validate the inherited files from fork() by traversing them through iterate_fd() (which traverse files under spin_lock) and call match_file(security/selinux/hooks.c) where the permission checks happen. This audit information is logged using dump_common_audit_data() where it calls d_path() to get the file path name. If the file check happen on the dmabuf's fd, then it ends up in ->dmabuffs_dname() and use mutex to access dmabuf->name. The flow will be like below: flush_unauthorized_files() iterate_fd() spin_lock() --> Start of the atomic section. match_file() file_has_perm() avc_has_perm() avc_audit() slow_avc_audit() common_lsm_audit() dump_common_audit_data() audit_log_d_path() d_path() dmabuffs_dname() mutex_lock()--> Sleep while atomic. Call trace captured (on 4.19 kernels) is below: ___might_sleep+0x204/0x208 __might_sleep+0x50/0x88 __mutex_lock_common+0x5c/0x1068 __mutex_lock_common+0x5c/0x1068 mutex_lock_nested+0x40/0x50 dmabuffs_dname+0xa0/0x170 d_path+0x84/0x290 audit_log_d_path+0x74/0x130 common_lsm_audit+0x334/0x6e8 slow_avc_audit+0xb8/0xf8 avc_has_perm+0x154/0x218 file_has_perm+0x70/0x180 match_file+0x60/0x78 iterate_fd+0x128/0x168 selinux_bprm_committing_creds+0x178/0x248 security_bprm_committing_creds+0x30/0x48 install_exec_creds+0x1c/0x68 load_elf_binary+0x3a4/0x14e0 search_binary_handler+0xb0/0x1e0 So, use spinlock to access dmabuf->name to avoid sleep-while-atomic. Cc: [5.3+] Signed-off-by: Charan Teja Kalla Reviewed-by: Michael J. Ruhl Acked-by: Christian König [sumits: added comment to spinlock_t definition to avoid warning] Signed-off-by: Sumit Semwal Link: https://patchwork.freedesktop.org/patch/msgid/a83e7f0d-4e54-9848-4b58-e1acdbe06735@codeaurora.org commit 211f08347355cba1f769bbf3355816a12b3ddd55 Author: Tom Rix Date: Wed Jul 8 06:12:43 2020 -0700 USB: c67x00: fix use after free in c67x00_giveback_urb clang static analysis flags this error c67x00-sched.c:489:55: warning: Use of memory after it is freed [unix.Malloc] usb_hcd_giveback_urb(c67x00_hcd_to_hcd(c67x00), urb, urbp->status); ^~~~~~~~~~~~ Problem happens in this block of code c67x00_release_urb(c67x00, urb); usb_hcd_unlink_urb_from_ep(c67x00_hcd_to_hcd(c67x00), urb); spin_unlock(&c67x00->lock); usb_hcd_giveback_urb(c67x00_hcd_to_hcd(c67x00), urb, urbp->status); In the call to c67x00_release_urb has this freeing of urbp urbp = urb->hcpriv; urb->hcpriv = NULL; list_del(&urbp->hep_node); kfree(urbp); And so urbp is freed before usb_hcd_giveback_urb uses it as its 3rd parameter. Since all is required is the status, pass the status directly as is done in c64x00_urb_dequeue Fixes: e9b29ffc519b ("USB: add Cypress c67x00 OTG controller HCD driver") Signed-off-by: Tom Rix Cc: stable Link: https://lore.kernel.org/r/20200708131243.24336-1-trix@redhat.com Signed-off-by: Greg Kroah-Hartman commit 70ee5731a40b1f07f151e52c3c4ed27d70d4f9fe Author: Vincent Chen Date: Tue Jun 23 13:37:35 2020 +0800 riscv: Avoid kgdb.h including gdb_xml.h to solve unused-const-variable warning The constant arrays in gdb_xml.h are only used in arch/riscv/kernel/kgdb.c, but other c files may include the gdb_xml.h indirectly via including the kgdb.h. Hence, It will cause many unused-const-variable warnings. This patch makes the kgdb.h not to include the gdb_xml.h to solve this problem. Signed-off-by: Vincent Chen Signed-off-by: Palmer Dabbelt commit def0aa218e6d42231540329e6f5741fdec9e7da4 Author: Vincent Chen Date: Tue Jun 23 13:37:25 2020 +0800 kgdb: Move the extern declaration kgdb_has_hit_break() to generic kgdb.h Currently, only riscv kgdb.c uses the kgdb_has_hit_break() to identify the kgdb breakpoint. It causes other architectures will encounter the "no previous prototype" warnings if the compile option has W=1. Moving the declaration of extern kgdb_has_hit_break() from risc-v kgdb.h to generic kgdb.h to avoid generating these warnings. Signed-off-by: Vincent Chen Acked-by: Daniel Thompson Signed-off-by: Palmer Dabbelt commit f7fc752815f8e2337548497b3afb4aef791db4ef Author: Vincent Chen Date: Tue Jun 23 13:37:10 2020 +0800 riscv: Fix "no previous prototype" compile warning in kgdb.c file Some functions are only used in the kgdb.c file. Add static properities to these functions to avoid "no previous prototype" compile warnings Signed-off-by: Vincent Chen Signed-off-by: Palmer Dabbelt commit fc0c769ffd926312848912a7c2296e1c503898c3 Author: Vincent Chen Date: Tue Jun 23 13:36:59 2020 +0800 riscv: enable the Kconfig prompt of STRICT_KERNEL_RWX Due to lack of hardware breakpoint support, the kernel option CONFIG_STRICT_KERNEL_RWX should be disabled when using KGDB. However, CONFIG_STRICT_KERNEL_RWX is always enabled now. Therefore, select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT to enable CONFIG_STRICT_KERNEL_RWX by default, and then select ARCH_OPTIONAL_KERNEL_RWX to enable the Kconfig prompt of CONFIG_STRICT_KERNEL_RWX so that users can turn it off. Signed-off-by: Vincent Chen Signed-off-by: Palmer Dabbelt commit 8c080d3a974ad471d8324825851044284f1886c9 Author: Vincent Chen Date: Tue Jun 23 13:36:42 2020 +0800 kgdb: enable arch to support XML packet. The XML packet could be supported by required architecture if the architecture defines CONFIG_HAVE_ARCH_KGDB_QXFER_PKT and implement its own kgdb_arch_handle_qxfer_pkt(). Except for the kgdb_arch_handle_qxfer_pkt(), the architecture also needs to record the feature supported by gdb stub into the kgdb_arch_gdb_stub_feature, and these features will be reported to host gdb when gdb stub receives the qSupported packet. Signed-off-by: Vincent Chen Acked-by: Daniel Thompson Signed-off-by: Palmer Dabbelt commit b2f9f1535bb93ee5fa2ea30ac1c26fa0d676154c Author: Jakub Bogusz Date: Thu Jul 9 15:57:23 2020 -0700 libbpf: Fix libbpf hashmap on (I)LP32 architectures On ILP32, 64-bit result was shifted by value calculated for 32-bit long type and returned value was much outside hashmap capacity. As advised by Andrii Nakryiko, this patch uses different hashing variant for architectures with size_t shorter than long long. Fixes: e3b924224028 ("libbpf: add resizable non-thread safe internal hashmap") Signed-off-by: Jakub Bogusz Signed-off-by: Andrii Nakryiko Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200709225723.1069937-1-andriin@fb.com commit eb32b3f53d283e8d68b6d86c3a6ed859b24dacae Author: Eli Britstein Date: Sun Jun 28 15:42:26 2020 +0300 net/mlx5e: CT: Fix memory leak in cleanup CT entries are deleted via a workqueue from netfilter. If removing the module before that, the rules are cleaned by the driver itself, but the memory entries for them are not freed. Fix that. Fixes: ac991b48d43c ("net/mlx5e: CT: Offload established flows") Signed-off-by: Eli Britstein Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed commit 88b3d5c90e9685be54dd5bc441970044020eca76 Author: Eran Ben Elisha Date: Mon Jun 22 09:03:31 2020 +0300 net/mlx5e: Fix port buffers cell size value Device unit for port buffers size, xoff_threshold and xon_threshold is cells. Fix a bug in driver where cell unit size was hard-coded to 128 bytes. This hard-coded value is buggy, as it is wrong for some hardware versions. Driver to read cell size from SBCAM register and translate bytes to cell units accordingly. In order to fix the bug, this patch exposes SBCAM (Shared buffer capabilities mask) layout and defines. If SBCAM.cap_cell_size is valid, use it for all bytes to cells calculations. If not valid, fallback to 128. Cell size do not change on the fly per device. Instead of issuing SBCAM access reg command every time such translation is needed, cache it in mlx5e_dcbx as part of mlx5e_dcbnl_initialize(). Pass dcbx.port_buff_cell_sz as a param to every function that needs bytes to cells translation. While fixing the bug, move MLX5E_BUFFER_CELL_SHIFT macro to en_dcbnl.c, as it is only used by that file. Fixes: 0696d60853d5 ("net/mlx5e: Receive buffer configuration") Signed-off-by: Eran Ben Elisha Reviewed-by: Huy Nguyen Signed-off-by: Saeed Mahameed commit 6a1cf4e443a3b0a4d690d3c93b84b1e9cbfcb1bd Author: Aya Levin Date: Mon Jun 15 12:48:47 2020 +0300 net/mlx5e: Fix 50G per lane indication Some released FW versions mistakenly don't set the capability that 50G per lane link-modes are supported for VFs (ptys_extended_ethernet capability bit). When the capability is unset, read PTYS.ext_eth_proto_capability (always reliable). If PTYS.ext_eth_proto_capability is valid (has a non-zero value) conclude that the HCA supports 50G per lane. Otherwise, conclude that the HCA doesn't support 50G per lane. Fixes: a08b4ed1373d ("net/mlx5: Add support to ext_* fields introduced in Port Type and Speed register") Signed-off-by: Aya Levin Reviewed-by: Eran Ben Elisha Signed-off-by: Saeed Mahameed commit f4aebbfb56ed0c186adbeb2799df836da50f78e3 Author: Aya Levin Date: Wed May 20 10:37:42 2020 +0300 net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash After function reload, CPU mapping used by aRFS RX is broken, leading to a kernel panic. Fix by moving initialization of rx_cpu_rmap from netdev_init to netdev_attach. IRQ table is re-allocated on mlx5_load, but netdev is not re-initialize. Trace of the panic: [ 22.055672] general protection fault, probably for non-canonical address 0x785634120000ff1c: 0000 [#1] SMP PTI [ 22.065010] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 5.7.0-rc2-for-upstream-perf-2020-04-21_16-34-03-31 #1 [ 22.067967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [ 22.071174] RIP: 0010:get_rps_cpu+0x267/0x300 [ 22.075692] RSP: 0018:ffffc90000244d60 EFLAGS: 00010202 [ 22.076888] RAX: ffff888459b0e400 RBX: 0000000000000000 RCX:0000000000000007 [ 22.078364] RDX: 0000000000008884 RSI: ffff888467cb5b00 RDI:0000000000000000 [ 22.079815] RBP: 00000000ff342b27 R08: 0000000000000007 R09:0000000000000003 [ 22.081289] R10: ffffffffffffffff R11: 00000000000070cc R12:ffff888454900000 [ 22.082767] R13: ffffc90000e5a950 R14: ffffc90000244dc0 R15:0000000000000007 [ 22.084190] FS: 0000000000000000(0000) GS:ffff88846fc80000(0000)knlGS:0000000000000000 [ 22.086161] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.087427] CR2: ffffffffffffffff CR3: 0000000464426003 CR4:0000000000760ee0 [ 22.088888] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000 [ 22.090336] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400 [ 22.091764] PKRU: 55555554 [ 22.092618] Call Trace: [ 22.093442] [ 22.094211] ? kvm_clock_get_cycles+0xd/0x10 [ 22.095272] netif_receive_skb_list_internal+0x258/0x2a0 [ 22.096460] gro_normal_list.part.137+0x19/0x40 [ 22.097547] napi_complete_done+0xc6/0x110 [ 22.098685] mlx5e_napi_poll+0x190/0x670 [mlx5_core] [ 22.099859] net_rx_action+0x2a0/0x400 [ 22.100848] __do_softirq+0xd8/0x2a8 [ 22.101829] irq_exit+0xa5/0xb0 [ 22.102750] do_IRQ+0x52/0xd0 [ 22.103654] common_interrupt+0xf/0xf [ 22.104641] Fixes: 4383cfcc65e7 ("net/mlx5: Add devlink reload") Signed-off-by: Aya Levin Reviewed-by: Eran Ben Elisha Signed-off-by: Saeed Mahameed commit b3c2ed21c0bdf35ba498a9974aa587f99a03b658 Author: Aya Levin Date: Wed Jun 24 19:04:03 2020 +0300 net/mlx5e: Fix VXLAN configuration restore after function reload When detaching netdev, remove vxlan port configuration using udp_tunnel_drop_rx_info. During function reload, configuration will be restored using udp_tunnel_get_rx_info. This ensures sync between firmware and driver. Use udp_tunnel_get_rx_info even if its physical interface is down. Fixes: 4383cfcc65e7 ("net/mlx5: Add devlink reload") Signed-off-by: Aya Levin Reviewed-by: Eran Ben Elisha Signed-off-by: Saeed Mahameed commit c1aea9e1765a047c7397da30f52315c43e3501fb Author: Vlad Buslov Date: Wed Jun 17 17:51:53 2020 +0300 net/mlx5e: Fix usage of rcu-protected pointer In mlx5e_configure_flower() flow pointer is protected by rcu read lock. However, after cited commit the pointer is being used outside of rcu read block. Extend the block to protect all pointer accesses. Fixes: 553f9328385d ("net/mlx5e: Support tc block sharing for representors") Signed-off-by: Vlad Buslov Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed commit 2fb15e72c0d7fc5fb05aefd3a7f0d70cf39d3ad4 Author: Vlad Buslov Date: Wed Jun 17 17:26:33 2020 +0300 net/mxl5e: Verify that rpriv is not NULL In helper function is_flow_rule_duplicate_allowed() verify that rpviv pointer is not NULL before dereferencing it. This can happen when device is in NIC mode and leads to following crash: [90444.046419] BUG: kernel NULL pointer dereference, address: 0000000000000000 [90444.048149] #PF: supervisor read access in kernel mode [90444.049781] #PF: error_code(0x0000) - not-present page [90444.051386] PGD 80000003d35a4067 P4D 80000003d35a4067 PUD 3d35a3067 PMD 0 [90444.053051] Oops: 0000 [#1] SMP PTI [90444.054683] CPU: 16 PID: 31736 Comm: tc Not tainted 5.8.0-rc1+ #1157 [90444.056340] Hardware name: Supermicro SYS-2028TP-DECR/X10DRT-P, BIOS 2.0b 03/30/2017 [90444.058079] RIP: 0010:mlx5e_configure_flower+0x3aa/0x9b0 [mlx5_core] [90444.059753] Code: 24 50 49 8b 95 08 02 00 00 48 b8 00 08 00 00 04 00 00 00 48 21 c2 48 39 c2 74 0a 41 f6 85 0d 02 00 00 20 74 16 48 8b 44 24 20 <48> 8b 00 66 83 78 20 ff 74 07 4d 89 aa e0 00 00 00 48 83 7d 28 00 [90444.063232] RSP: 0018:ffffabe9c61ff768 EFLAGS: 00010246 [90444.065014] RAX: 0000000000000000 RBX: ffff9b13c4c91e80 RCX: 00000000000093fa [90444.066784] RDX: 0000000400000800 RSI: 0000000000000000 RDI: 000000000002d5e0 [90444.068533] RBP: ffff9b174d308468 R08: 0000000000000000 R09: ffff9b17d63003f0 [90444.070285] R10: ffff9b17ea288600 R11: 0000000000000000 R12: ffffabe9c61ff878 [90444.072032] R13: ffff9b174d300000 R14: ffffabe9c61ffbb8 R15: ffff9b174d300880 [90444.073760] FS: 00007f3c23775480(0000) GS:ffff9b13efc80000(0000) knlGS:0000000000000000 [90444.075492] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [90444.077266] CR2: 0000000000000000 CR3: 00000003e2a60002 CR4: 00000000001606e0 [90444.079024] Call Trace: [90444.080753] tc_setup_cb_add+0xca/0x1e0 [90444.082415] fl_hw_replace_filter+0x15f/0x1f0 [cls_flower] [90444.084119] fl_change+0xa59/0x13dc [cls_flower] [90444.085772] ? wait_for_completion+0xa8/0xf0 [90444.087364] tc_new_tfilter+0x3f5/0xa60 [90444.088960] rtnetlink_rcv_msg+0xeb/0x360 [90444.090514] ? __d_lookup_done+0x76/0xe0 [90444.092034] ? proc_alloc_inode+0x16/0x70 [90444.093560] ? prep_new_page+0x8c/0xf0 [90444.095048] ? _cond_resched+0x15/0x30 [90444.096483] ? rtnl_calcit.isra.0+0x110/0x110 [90444.097907] netlink_rcv_skb+0x49/0x110 [90444.099289] netlink_unicast+0x191/0x230 [90444.100629] netlink_sendmsg+0x243/0x480 [90444.101984] sock_sendmsg+0x5e/0x60 [90444.103305] ____sys_sendmsg+0x1f3/0x260 [90444.104597] ? copy_msghdr_from_user+0x5c/0x90 [90444.105916] ? __mod_lruvec_state+0x3c/0xe0 [90444.107210] ___sys_sendmsg+0x81/0xc0 [90444.108484] ? do_filp_open+0xa5/0x100 [90444.109732] ? handle_mm_fault+0x117b/0x1e00 [90444.110970] ? __check_object_size+0x46/0x147 [90444.112205] ? __check_object_size+0x136/0x147 [90444.113402] __sys_sendmsg+0x59/0xa0 [90444.114587] do_syscall_64+0x4d/0x90 [90444.115782] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [90444.116953] RIP: 0033:0x7f3c2393b7b8 [90444.118101] Code: Bad RIP value. [90444.119240] RSP: 002b:00007ffc6ad8e6c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [90444.120408] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3c2393b7b8 [90444.121583] RDX: 0000000000000000 RSI: 00007ffc6ad8e740 RDI: 0000000000000003 [90444.122750] RBP: 000000005eea0c3a R08: 0000000000000001 R09: 00007ffc6ad8e68c [90444.123928] R10: 0000000000404fa8 R11: 0000000000000246 R12: 0000000000000001 [90444.125073] R13: 0000000000000000 R14: 00007ffc6ad92a00 R15: 00000000004866a0 [90444.126221] Modules linked in: act_skbedit act_tunnel_key act_mirred bonding vxlan ip6_udp_tunnel udp_tunnel nfnetlink act_gact cls_flower sch_ingress openvswitch nsh nf_conncount nfsv3 nfs_acl nfs lockd grace fscache tun bridge stp llc sunrpc rdma_ucm rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5_core intel_r apl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel mlxfw kvm act_ct nf_flow_table nf_nat nf_conntrack irqbypass crct10dif_pclmul nf_defrag_ipv6 igb ipmi_ssif libcrc32c crc32_pclmul crc32c_intel ipmi_si nf_defrag_ipv4 ptp ghash_clmulni_intel mei_me ses iTCO_wdt i2c_i801 pps_core ioatdma iTCO_vendor_support joydev mei enclosure intel_cstate i2c_smbus wmi dca ipmi_devintf intel_uncore lpc_ich ipmi_msghandler pcspkr acpi_pad acpi_power_meter ast i2c_algo_bit drm_vram_helper drm_kms_helper drm_ttm_helper ttm drm mpt3sas raid_class scsi_transport_sas [90444.136253] CR2: 0000000000000000 [90444.137621] ---[ end trace 924af62aa2b151bd ]--- Fixes: 553f9328385d ("net/mlx5e: Support tc block sharing for representors") Reported-by: David Ahern Signed-off-by: Vlad Buslov Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed commit 01f3d5db4a9add67f53630a7f71664538b3b9783 Author: Vu Pham Date: Wed Jun 17 15:11:24 2020 -0700 net/mlx5: E-Switch, Fix vlan or qos setting in legacy mode Refactoring eswitch ingress acl codes accidentally inserts extra memset zero that removes vlan and/or qos setting in legacy mode. Fixes: 07bab9502641 ("net/mlx5: E-Switch, Refactor eswitch ingress acl codes") Signed-off-by: Vu Pham Signed-off-by: Saeed Mahameed commit 47afbdd2fa4c5775c383ba376a3d1da7d7f694dc Author: Eran Ben Elisha Date: Sun Jun 14 17:31:26 2020 +0300 net/mlx5: Fix eeprom support for SFP module Fix eeprom SFP query support by setting i2c_addr, offset and page number correctly. Unlike QSFP modules, SFP eeprom params are as follow: - i2c_addr is 0x50 for offset 0 - 255 and 0x51 for offset 256 - 511. - Page number is always zero. - Page offset is always relative to zero. As part of eeprom query, query the module ID (SFP / QSFP*) via helper function to set the params accordingly. In addition, change mlx5_qsfp_eeprom_page() input type to be u16 to avoid unnecessary casting. Fixes: a708fb7b1f8d ("net/mlx5e: ethtool, Add support for EEPROM high pages query") Signed-off-by: Eran Ben Elisha Signed-off-by: Huy Nguyen Signed-off-by: Saeed Mahameed commit 42f82040ee66db13525dc6f14b8559890b2f4c1c Merge: d4e60453266b 38794a5465b7 Author: Linus Torvalds Date: Thu Jul 9 18:20:19 2020 -0700 Merge tag 'drm-fixes-2020-07-10' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "I've been off most of the week, but some fixes have piled up. Seems a bit busier than last week, but they are pretty spread out across a bunch of drivers, none of them seem that big or worried me too much. amdgpu: - Fix a suspend/resume issue with PSP - Backlight fix for Renoir - Fix for gpu recovery debugging radeon: - Fix a double free in error path i915: - fbc fencing fix - debugfs panic fix - gem vma constuction fix - gem pin under vm->nutex fix nouveau: - SVM fixes - display fixes meson: - OSD burst length fixes hibmc: - runtime warning fix mediatek: - cmdq, mmsys fixes - visibility check fixes" * tag 'drm-fixes-2020-07-10' of git://anongit.freedesktop.org/drm/drm: (24 commits) drm/amdgpu: don't do soft recovery if gpu_recovery=0 drm/radeon: fix double free drm/amd/display: add dmcub check on RENOIR drm/amdgpu: add TMR destory function for psp drm/amdgpu: asd function needs to be unloaded in suspend phase drm/hisilicon/hibmc: Move drm_fbdev_generic_setup() down to avoid the splat drm/nouveau/nouveau: fix page fault on device private memory drm/nouveau/svm: fix migrate page regression drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout drm/nouveau/kms/nv50-: bail from nv50_audio_disable() early if audio not enabled drm/i915/gt: Pin the rings before marking active drm/i915: Also drop vm.ref along error paths for vma construction drm/i915: Drop vm.ref for duplicate vma on construction drm/i915/fbc: Fix fence_y_offset handling drm/i915: Skip stale object handle for debugfs per-file-stats drm/mediatek: mtk_hdmi: Remove debug messages for function calls drm/mediatek: mtk_mt8173_hdmi_phy: Remove unnused const variables drm/mediatek: Delete not used of_device_get_match_data drm/mediatek: Remove unnecessary conversion to bool drm/meson: viu: fix setting the OSD burst length in VIU_OSD1_FIFO_CTRL_STAT ... commit d4e60453266b95b9dc19e0af2a819617e556bc4e Author: Cesar Eduardo Barros Date: Thu Jul 9 19:11:02 2020 -0300 Restore gcc check in mips asm/unroll.h While raising the gcc version requirement to 4.9, the compile-time check in the unroll macro was accidentally changed from being used on gcc and clang to being used on clang only. Restore the gcc check, changing it from "gcc >= 4.7" to "all gcc". [ We should probably remove this all entirely: if we remove the check for CLANG, then the check for GCC can go away. Older versions of clang are not really appropriate or supported for kernel builds - Linus ] Fixes: 6ec4476ac825 ("Raise gcc version requirement to 4.9") Signed-off-by: Cesar Eduardo Barros Signed-off-by: Linus Torvalds commit 355a3587d4ca09f2b1014778a7c8908351a91468 Author: Rikard Falkeborn Date: Wed Jul 8 21:07:56 2020 +0200 kbuild: Move -Wtype-limits to W=2 -Wtype-limits is included in -Wextra which is added at W=1. It warns (among other things) that 'comparison of an unsigned variable `< 0` is always false. This causes noisy warnings, especially when used in macros, hence it is more suitable for W=2. Link: https://lore.kernel.org/lkml/CAHk-=wiKCXEWKJ9dWUimGbrVRo_N2RosESUw8E7m9AEtyZcu=w@mail.gmail.com/ Signed-off-by: Rikard Falkeborn Suggested-by: Arnd Bergmann Acked-by: Andy Shevchenko Signed-off-by: Linus Torvalds commit 14b032b8f8fce03a546dcf365454bec8c4a58d7d Author: Cong Wang Date: Thu Jul 9 16:28:44 2020 -0700 cgroup: Fix sock_cgroup_data on big-endian. In order for no_refcnt and is_data to be the lowest order two bits in the 'val' we have to pad out the bitfield of the u8. Fixes: ad0f75e5f57c ("cgroup: fix cgroup_sk_alloc() for sk_clone_lock()") Reported-by: Guenter Roeck Signed-off-by: David S. Miller commit f43cb0d672aa8eb09bfdb779de5900c040487d1d Author: Lorenz Bauer Date: Thu Jul 9 12:51:51 2020 +0100 selftests: bpf: Fix detach from sockmap tests Fix sockmap tests which rely on old bpf_prog_dispatch behaviour. In the first case, the tests check that detaching without giving a program succeeds. Since these are not the desired semantics, invert the condition. In the second case, the clean up code doesn't supply the necessary program fds. Fixes: bb0de3131f4c ("bpf: sockmap: Require attach_bpf_fd when detaching a program") Reported-by: Martin KaFai Lau Signed-off-by: Lorenz Bauer Signed-off-by: Daniel Borkmann Reviewed-by: Jakub Sitnicki Link: https://lore.kernel.org/bpf/20200709115151.75829-1-lmb@cloudflare.com commit 38794a5465b752118098e36cf95c59083f9f1f88 Merge: 1328af842d70 f4892c327a8e Author: Dave Airlie Date: Fri Jul 10 07:02:02 2020 +1000 Merge tag 'amd-drm-fixes-5.8-2020-07-09' of git://people.freedesktop.org/~agd5f/linux into drm-fixes amd-drm-fixes-5.8-2020-07-09: amdgpu: - Fix a suspend/resume issue with PSP - Backlight fix for Renoir - Fix for gpu recovery debugging radeon: - Fix a double free in error path Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20200709185221.44895-1-alexander.deucher@amd.com commit 1328af842d703d6d7ae6bfc7b2218abb1781eafc Merge: 76cfab9c8cad 5a383d443b29 Author: Dave Airlie Date: Fri Jul 10 07:01:24 2020 +1000 Merge tag 'drm-intel-fixes-2020-07-08' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes One display's fbc patch fixing fence_y_offset calculation from Ville and 4 patches from Chris on GEM: 1 fixing a debugfs panic and others fixing vma construction and pin under vm->mutex. Signed-off-by: Dave Airlie From: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20200708190654.GA3924867@intel.com commit 76cfab9c8cad1cbd1ac9590afcd9235a2d3851d2 Merge: a088eb0faf4f ed710a6ed797 Author: Dave Airlie Date: Fri Jul 10 06:59:05 2020 +1000 Merge branch 'linux-5.8' of git://github.com/skeggsb/linux into drm-fixes - SVM fixes - display fixes Signed-off-by: Dave Airlie From: Ben Skeggs Link: https://patchwork.freedesktop.org/patch/msgid/ Date: Fri Jul 10 06:46:47 2020 +1000 Merge tag 'drm-misc-fixes-2020-07-08' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes * meson: OSD burst-length fixes * hibmc: fix runtime warning by setting up generic fbdev after registering device Signed-off-by: Dave Airlie From: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20200708121050.GA29420@linux-uq9g commit 46a20c9aaab37d6a4afd7ae6fa49259d7a6c8665 Merge: dcb7fd82c75e 5ab546f5e630 Author: Dave Airlie Date: Fri Jul 10 06:43:31 2020 +1000 Merge tag 'mediatek-drm-fixes-5.8' of https://git.kernel.org/pub/scm/linux/kernel/git/chunkuang.hu/linux into drm-fixes Mediatek DRM Fixes for Linux 5.8 This include fixup for cmdq, mmsys, visibility checking and some refinement. Signed-off-by: Dave Airlie From: Chun-Kuang Hu Link: https://patchwork.freedesktop.org/patch/msgid/20200707153944.604-1-chunkuang.hu@kernel.org commit 2a89b99f580371b86ae9bafd6cbeccd3bfab524a Merge: ce69fb3b392f 6958c1c640af Author: Linus Torvalds Date: Thu Jul 9 13:14:51 2020 -0700 Merge tag 'for-5.8/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - A request-based DM fix to not use a waitqueue to wait for blk-mq IO completion because doing so is racey. - A couple more DM zoned target fixes to address issues introduced during the 5.8 cycle. - A DM core fix to use proper interface to cleanup DM's static flush bio. - A DM core fix to prevent mm recursion during memory allocation needed by dm_kobject_uevent. * tag 'for-5.8/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm: use noio when sending kobject event dm zoned: Fix zone reclaim trigger dm zoned: fix unused but set variable warnings dm writecache: reject asynchronous pmem devices dm: use bio_uninit instead of bio_disassociate_blkg dm: do not use waitqueue for request-based DM commit ce69fb3b392fbfd6c255aeb0ee371652478c716f Merge: 0bddd227f3dc 2c79583927bb Author: Linus Torvalds Date: Thu Jul 9 13:09:30 2020 -0700 Merge tag 'kallsyms_show_value-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull kallsyms fix from Kees Cook: "Refactor kallsyms_show_value() users for correct cred. I'm not delighted by the timing of getting these changes to you, but it does fix a handful of kernel address exposures, and no one has screamed yet at the patches. Several users of kallsyms_show_value() were performing checks not during "open". Refactor everything needed to gain proper checks against file->f_cred for modules, kprobes, and bpf" * tag 'kallsyms_show_value-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: selftests: kmod: Add module address visibility test bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() kprobes: Do not expose probe addresses to non-CAP_SYSLOG module: Do not expose section addresses to non-CAP_SYSLOG module: Refactor section attr into bin attribute kallsyms: Refactor kallsyms_show_value() to take cred commit ce69e563b325f620863830c246a8698ccea52048 Author: Christoph Paasch Date: Wed Jul 8 16:18:34 2020 -0700 tcp: make sure listeners don't initialize congestion-control state syzkaller found its way into setsockopt with TCP_CONGESTION "cdg". tcp_cdg_init() does a kcalloc to store the gradients. As sk_clone_lock just copies all the memory, the allocated pointer will be copied as well, if the app called setsockopt(..., TCP_CONGESTION) on the listener. If now the socket will be destroyed before the congestion-control has properly been initialized (through a call to tcp_init_transfer), we will end up freeing memory that does not belong to that particular socket, opening the door to a double-free: [ 11.413102] ================================================================== [ 11.414181] BUG: KASAN: double-free or invalid-free in tcp_cleanup_congestion_control+0x58/0xd0 [ 11.415329] [ 11.415560] CPU: 3 PID: 4884 Comm: syz-executor.5 Not tainted 5.8.0-rc2 #80 [ 11.416544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [ 11.418148] Call Trace: [ 11.418534] [ 11.418834] dump_stack+0x7d/0xb0 [ 11.419297] print_address_description.constprop.0+0x1a/0x210 [ 11.422079] kasan_report_invalid_free+0x51/0x80 [ 11.423433] __kasan_slab_free+0x15e/0x170 [ 11.424761] kfree+0x8c/0x230 [ 11.425157] tcp_cleanup_congestion_control+0x58/0xd0 [ 11.425872] tcp_v4_destroy_sock+0x57/0x5a0 [ 11.426493] inet_csk_destroy_sock+0x153/0x2c0 [ 11.427093] tcp_v4_syn_recv_sock+0xb29/0x1100 [ 11.427731] tcp_get_cookie_sock+0xc3/0x4a0 [ 11.429457] cookie_v4_check+0x13d0/0x2500 [ 11.433189] tcp_v4_do_rcv+0x60e/0x780 [ 11.433727] tcp_v4_rcv+0x2869/0x2e10 [ 11.437143] ip_protocol_deliver_rcu+0x23/0x190 [ 11.437810] ip_local_deliver+0x294/0x350 [ 11.439566] __netif_receive_skb_one_core+0x15d/0x1a0 [ 11.441995] process_backlog+0x1b1/0x6b0 [ 11.443148] net_rx_action+0x37e/0xc40 [ 11.445361] __do_softirq+0x18c/0x61a [ 11.445881] asm_call_on_stack+0x12/0x20 [ 11.446409] [ 11.446716] do_softirq_own_stack+0x34/0x40 [ 11.447259] do_softirq.part.0+0x26/0x30 [ 11.447827] __local_bh_enable_ip+0x46/0x50 [ 11.448406] ip_finish_output2+0x60f/0x1bc0 [ 11.450109] __ip_queue_xmit+0x71c/0x1b60 [ 11.451861] __tcp_transmit_skb+0x1727/0x3bb0 [ 11.453789] tcp_rcv_state_process+0x3070/0x4d3a [ 11.456810] tcp_v4_do_rcv+0x2ad/0x780 [ 11.457995] __release_sock+0x14b/0x2c0 [ 11.458529] release_sock+0x4a/0x170 [ 11.459005] __inet_stream_connect+0x467/0xc80 [ 11.461435] inet_stream_connect+0x4e/0xa0 [ 11.462043] __sys_connect+0x204/0x270 [ 11.465515] __x64_sys_connect+0x6a/0xb0 [ 11.466088] do_syscall_64+0x3e/0x70 [ 11.466617] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 11.467341] RIP: 0033:0x7f56046dc469 [ 11.467844] Code: Bad RIP value. [ 11.468282] RSP: 002b:00007f5604dccdd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 11.469326] RAX: ffffffffffffffda RBX: 000000000068bf00 RCX: 00007f56046dc469 [ 11.470379] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000004 [ 11.471311] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 11.472286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 11.473341] R13: 000000000041427c R14: 00007f5604dcd5c0 R15: 0000000000000003 [ 11.474321] [ 11.474527] Allocated by task 4884: [ 11.475031] save_stack+0x1b/0x40 [ 11.475548] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 11.476182] tcp_cdg_init+0xf0/0x150 [ 11.476744] tcp_init_congestion_control+0x9b/0x3a0 [ 11.477435] tcp_set_congestion_control+0x270/0x32f [ 11.478088] do_tcp_setsockopt.isra.0+0x521/0x1a00 [ 11.478744] __sys_setsockopt+0xff/0x1e0 [ 11.479259] __x64_sys_setsockopt+0xb5/0x150 [ 11.479895] do_syscall_64+0x3e/0x70 [ 11.480395] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 11.481097] [ 11.481321] Freed by task 4872: [ 11.481783] save_stack+0x1b/0x40 [ 11.482230] __kasan_slab_free+0x12c/0x170 [ 11.482839] kfree+0x8c/0x230 [ 11.483240] tcp_cleanup_congestion_control+0x58/0xd0 [ 11.483948] tcp_v4_destroy_sock+0x57/0x5a0 [ 11.484502] inet_csk_destroy_sock+0x153/0x2c0 [ 11.485144] tcp_close+0x932/0xfe0 [ 11.485642] inet_release+0xc1/0x1c0 [ 11.486131] __sock_release+0xc0/0x270 [ 11.486697] sock_close+0xc/0x10 [ 11.487145] __fput+0x277/0x780 [ 11.487632] task_work_run+0xeb/0x180 [ 11.488118] __prepare_exit_to_usermode+0x15a/0x160 [ 11.488834] do_syscall_64+0x4a/0x70 [ 11.489326] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Wei Wang fixed a part of these CDG-malloc issues with commit c12014440750 ("tcp: memset ca_priv data to 0 properly"). This patch here fixes the listener-scenario: We make sure that listeners setting the congestion-control through setsockopt won't initialize it (thus CDG never allocates on listeners). For those who use AF_UNSPEC to reuse a socket, tcp_disconnect() is changed to cleanup afterwards. (The issue can be reproduced at least down to v4.4.x.) Cc: Wei Wang Cc: Eric Dumazet Fixes: 2b0a8c9eee81 ("tcp: add CDG congestion control") Signed-off-by: Christoph Paasch Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit c9a368f1c0fbe2e3a21ebf231caeae58b18b2681 Author: Martin KaFai Lau Date: Wed Jul 8 23:11:10 2020 -0700 bpf: net: Avoid incorrect bpf_sk_reuseport_detach call bpf_sk_reuseport_detach is currently called when sk->sk_user_data is not NULL. It is incorrect because sk->sk_user_data may not be managed by the bpf's reuseport_array. It has been reported in [1] that, the bpf_sk_reuseport_detach() which is called from udp_lib_unhash() has corrupted the sk_user_data managed by l2tp. This patch solves it by using another bit (defined as SK_USER_DATA_BPF) of the sk_user_data pointer value. It marks that a sk_user_data is managed/owned by BPF. The patch depends on a PTRMASK introduced in commit f1ff5ce2cd5e ("net, sk_msg: Clear sk_user_data pointer on clone if tagged"). [ Note: sk->sk_user_data is used by bpf's reuseport_array only when a sk is added to the bpf's reuseport_array. i.e. doing setsockopt(SO_REUSEPORT) and having "sk->sk_reuseport == 1" alone will not stop sk->sk_user_data being used by other means. ] [1]: https://lore.kernel.org/netdev/20200706121259.GA20199@katalix.com/ Fixes: 5dc4c4b7d4e8 ("bpf: Introduce BPF_MAP_TYPE_REUSEPORT_SOCKARRAY") Reported-by: James Chapman Reported-by: syzbot+9f092552ba9a5efca5df@syzkaller.appspotmail.com Signed-off-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann Tested-by: James Chapman Acked-by: James Chapman Link: https://lore.kernel.org/bpf/20200709061110.4019316-1-kafai@fb.com commit f3dda7a679df183e798b86e7b6ec05ab35476de3 Author: Martin KaFai Lau Date: Wed Jul 8 23:11:04 2020 -0700 bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone It makes little sense for copying sk_user_data of reuseport_array during sk_clone_lock(). This patch reuses the SK_USER_DATA_NOCOPY bit introduced in commit f1ff5ce2cd5e ("net, sk_msg: Clear sk_user_data pointer on clone if tagged"). It is used to mark the sk_user_data is not supposed to be copied to its clone. Although the cloned sk's sk_user_data will not be used/freed in bpf_sk_reuseport_detach(), this change can still allow the cloned sk's sk_user_data to be used by some other means. Freeing the reuseport_array's sk_user_data does not require a rcu grace period. Thus, the existing rcu_assign_sk_user_data_nocopy() is not used. Fixes: 5dc4c4b7d4e8 ("bpf: Introduce BPF_MAP_TYPE_REUSEPORT_SOCKARRAY") Signed-off-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann Reviewed-by: Jakub Sitnicki Link: https://lore.kernel.org/bpf/20200709061104.4018798-1-kafai@fb.com commit 365f9ae4ee36037e2a9268fe7296065356840b4c Author: Michal Kubecek Date: Thu Jul 9 12:11:50 2020 +0200 ethtool: fix genlmsg_put() failure handling in ethnl_default_dumpit() If the genlmsg_put() call in ethnl_default_dumpit() fails, we bail out without checking if we already have some messages in current skb like we do with ethnl_default_dump_one() failure later. Therefore if existing messages almost fill up the buffer so that there is not enough space even for netlink and genetlink header, we lose all prepared messages and return and error. Rather than duplicating the skb->len check, move the genlmsg_put(), genlmsg_cancel() and genlmsg_end() calls into ethnl_default_dump_one(). This is also more logical as all message composition will be in ethnl_default_dump_one() and only iteration logic will be left in ethnl_default_dumpit(). Fixes: 728480f12442 ("ethtool: default handlers for GET requests") Reported-by: Jakub Kicinski Signed-off-by: Michal Kubecek Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit 306381aec7c2b5a658eebca008c8a1b666536cba Author: Cong Wang Date: Wed Jul 8 20:13:59 2020 -0700 net_sched: fix a memory leak in atm_tc_init() When tcf_block_get() fails inside atm_tc_init(), atm_tc_put() is called to release the qdisc p->link.q. But the flow->ref prevents it to do so, as the flow->ref is still zero. Fix this by moving the p->link.ref initialization before tcf_block_get(). Fixes: 6529eaba33f0 ("net: sched: introduce tcf block infractructure") Reported-and-tested-by: syzbot+d411cff6ab29cc2c311b@syzkaller.appspotmail.com Cc: Jamal Hadi Salim Cc: Jiri Pirko Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 13cf8aab7425a253070433b5a55b4209ceac8b19 Author: Sudarsana Reddy Kalluru Date: Wed Jul 8 20:14:29 2020 -0700 qed: Populate nvm-file attributes while reading nvm config partition. NVM config file address will be modified when the MBI image is upgraded. Driver would return stale config values if user reads the nvm-config (via ethtool -d) in this state. The fix is to re-populate nvm attribute info while reading the nvm config values/partition. Changes from previous version: ------------------------------- v3: Corrected the formatting in 'Fixes' tag. v2: Added 'Fixes' tag. Fixes: 1ac4329a1cff ("qed: Add configuration information to register dump and debug data") Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Igor Russkikh Signed-off-by: David S. Miller commit 12eb3ad0638c2a6af72de866e9d7837de16ee82f Author: Shuming Fan Date: Thu Jul 9 18:13:45 2020 +0800 ASoC: rt286: fix unexpected interrupt happens The HV/VREF should not turn off if the headphone jack plug-in. This patch could solve the unexpected interrupt issue in some devices. Signed-off-by: Shuming Fan Tested-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/20200709101345.11449-1-shumingf@realtek.com Signed-off-by: Mark Brown commit 01283d56f0ea0040b64dc785542f3ad3fb8b3e68 Author: Puyou Lu Date: Thu Jul 2 10:30:56 2020 +0800 ASoC: wm8974: remove unsupported clock mode In DSP_A mode, BIT7 of IFACE should bit 0 according to datasheet (ie. inverted frame clock is not support in this mode). Signed-off-by: Puyou Lu Acked-by: Charles Keepax Link: https://lore.kernel.org/r/1593657056-4989-1-git-send-email-puyou.lu@gmail.com Signed-off-by: Mark Brown commit 574ea5c80eb18edd0d93864985650efec63347c0 Author: Puyou Lu Date: Thu Jul 2 10:30:25 2020 +0800 ASoC: wm8974: fix Boost Mixer Aux Switch Clear BIT6 of INPPGA means not muted (Switch On). Signed-off-by: Puyou Lu Acked-by: Charles Keepax Link: https://lore.kernel.org/r/1593657025-4903-1-git-send-email-puyou.lu@gmail.com Signed-off-by: Mark Brown commit f4892c327a8e5df7ce16cab40897daf90baf6bec Author: Marek Olšák Date: Mon Jul 6 18:23:17 2020 -0400 drm/amdgpu: don't do soft recovery if gpu_recovery=0 It's impossible to debug shader hangs with soft recovery. Signed-off-by: Marek Olšák Reviewed-by: Alex Deucher Reviewed-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 41855a898650803e24b284173354cc3e44d07725 Author: Tom Rix Date: Mon Jul 6 05:28:57 2020 -0700 drm/radeon: fix double free clang static analysis flags this error drivers/gpu/drm/radeon/ci_dpm.c:5652:9: warning: Use of memory after it is freed [unix.Malloc] kfree(rdev->pm.dpm.ps[i].ps_priv); ^~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/radeon/ci_dpm.c:5654:2: warning: Attempt to free released memory [unix.Malloc] kfree(rdev->pm.dpm.ps); ^~~~~~~~~~~~~~~~~~~~~~ problem is reported in ci_dpm_fini, with these code blocks. for (i = 0; i < rdev->pm.dpm.num_ps; i++) { kfree(rdev->pm.dpm.ps[i].ps_priv); } kfree(rdev->pm.dpm.ps); The first free happens in ci_parse_power_table where it cleans up locally on a failure. ci_dpm_fini also does a cleanup. ret = ci_parse_power_table(rdev); if (ret) { ci_dpm_fini(rdev); return ret; } So remove the cleanup in ci_parse_power_table and move the num_ps calculation to inside the loop so ci_dpm_fini will know how many array elements to free. Fixes: cc8dbbb4f62a ("drm/radeon: add dpm support for CI dGPUs (v2)") Signed-off-by: Tom Rix Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 3b2e973dff59d88bee1d814ddf8762a24fc02b60 Author: Aaron Ma Date: Wed Jul 8 04:16:22 2020 -0400 drm/amd/display: add dmcub check on RENOIR RENOIR loads dmub fw not dmcu, check dmcu only will prevent loading iram, it breaks backlight control. Bug: https://bugzilla.kernel.org/show_bug.cgi?id=208277 Acked-by: Alex Deucher Reviewed-by: Nicholas Kazlauskas Signed-off-by: Aaron Ma Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit c564b8601ae917086751d90f464d5f19d731ece7 Author: Huang Rui Date: Tue Jun 30 12:32:57 2020 +0800 drm/amdgpu: add TMR destory function for psp TMR is required to be destoried with GFX_CMD_ID_DESTROY_TMR while the system goes to suspend. Otherwise, PSP may return the failure state (0xFFFF007) on Gfx-2-PSP command GFX_CMD_ID_SETUP_TMR after do multiple times suspend/resume. Signed-off-by: Huang Rui Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 20303ec5d2165ee6344190274bc59118921f71d9 Author: Huang Rui Date: Tue Jun 30 10:43:21 2020 +0800 drm/amdgpu: asd function needs to be unloaded in suspend phase Unload ASD function in suspend phase. Signed-off-by: Huang Rui Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit d77765911385b65fc82d74ab71b8983cddfe0b58 Author: Christoph Hellwig Date: Thu Jul 9 18:22:06 2020 +0200 btrfs: wire up iter_file_splice_write btrfs implements the iter_write op and thus can use the more efficient iov_iter based splice implementation. For now falling back to the less efficient default is pretty harmless, but I have a pending series that removes the default, and thus would cause btrfs to not support splice at all. Reported-by: Andy Lavr Tested-by: Andy Lavr Signed-off-by: Christoph Hellwig Reviewed-by: David Sterba Signed-off-by: David Sterba commit 230ed397435e85b54f055c524fcb267ae2ce3bc4 Author: Josef Bacik Date: Mon Jul 6 09:14:12 2020 -0400 btrfs: fix double put of block group with nocow While debugging a patch that I wrote I was hitting use-after-free panics when accessing block groups on unmount. This turned out to be because in the nocow case if we bail out of doing the nocow for whatever reason we need to call btrfs_dec_nocow_writers() if we called the inc. This puts our block group, but a few error cases does if (nocow) { btrfs_dec_nocow_writers(); goto error; } unfortunately, error is error: if (nocow) btrfs_dec_nocow_writers(); so we get a double put on our block group. Fix this by dropping the error cases calling of btrfs_dec_nocow_writers(), as it's handled at the error label now. Fixes: 762bf09893b4 ("btrfs: improve error handling in run_delalloc_nocow") CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana Signed-off-by: Josef Bacik Reviewed-by: David Sterba Signed-off-by: David Sterba commit a082121b55bac125f7d09d78de00607ea75a6903 Author: Jordan Crouse Date: Thu Jun 4 14:39:04 2020 -0600 iommu/arm-smmu: Mark qcom_smmu_client_of_match as possibly unused When CONFIG_OF=n of_match_device() gets pre-processed out of existence leaving qcom-smmu_client_of_match unused. Mark it as possibly unused to keep the compiler from warning in that case. Fixes: 0e764a01015d ("iommu/arm-smmu: Allow client devices to select direct mapping") Reported-by: kbuild test robot Signed-off-by: Jordan Crouse Acked-by: Will Deacon Link: https://lore.kernel.org/r/20200604203905.31964-1-jcrouse@codeaurora.org Signed-off-by: Joerg Roedel commit 9ac8545199a1b711f5643f535b82981faa0b4bf1 Author: Qian Cai Date: Fri Jul 3 20:10:03 2020 -0400 iommu: Fix use-after-free in iommu_release_device In pci_disable_sriov(), i.e., # echo 0 > /sys/class/net/enp11s0f1np1/device/sriov_numvfs iommu_release_device iommu_group_remove_device arm_smmu_domain_free kfree(smmu_domain) Later, iommu_release_device arm_smmu_release_device arm_smmu_detach_dev spin_lock_irqsave(&smmu_domain->devices_lock, would trigger an use-after-free. Fixed it by call arm_smmu_release_device() first before iommu_group_remove_device(). BUG: KASAN: use-after-free in __lock_acquire+0x3458/0x4440 __lock_acquire at kernel/locking/lockdep.c:4250 Read of size 8 at addr ffff0089df1a6f68 by task bash/3356 CPU: 5 PID: 3356 Comm: bash Not tainted 5.8.0-rc3-next-20200630 #2 Hardware name: HPE Apollo 70 /C01_APACHE_MB , BIOS L50_5.13_1.11 06/18/2019 Call trace: dump_backtrace+0x0/0x398 show_stack+0x14/0x20 dump_stack+0x140/0x1b8 print_address_description.isra.12+0x54/0x4a8 kasan_report+0x134/0x1b8 __asan_report_load8_noabort+0x2c/0x50 __lock_acquire+0x3458/0x4440 lock_acquire+0x204/0xf10 _raw_spin_lock_irqsave+0xf8/0x180 arm_smmu_detach_dev+0xd8/0x4a0 arm_smmu_detach_dev at drivers/iommu/arm-smmu-v3.c:2776 arm_smmu_release_device+0xb4/0x1c8 arm_smmu_disable_pasid at drivers/iommu/arm-smmu-v3.c:2754 (inlined by) arm_smmu_release_device at drivers/iommu/arm-smmu-v3.c:3000 iommu_release_device+0xc0/0x178 iommu_release_device at drivers/iommu/iommu.c:302 iommu_bus_notifier+0x118/0x160 notifier_call_chain+0xa4/0x128 __blocking_notifier_call_chain+0x70/0xa8 blocking_notifier_call_chain+0x14/0x20 device_del+0x618/0xa00 pci_remove_bus_device+0x108/0x2d8 pci_stop_and_remove_bus_device+0x1c/0x28 pci_iov_remove_virtfn+0x228/0x368 sriov_disable+0x8c/0x348 pci_disable_sriov+0x5c/0x70 mlx5_core_sriov_configure+0xd8/0x260 [mlx5_core] sriov_numvfs_store+0x240/0x318 dev_attr_store+0x38/0x68 sysfs_kf_write+0xdc/0x128 kernfs_fop_write+0x23c/0x448 __vfs_write+0x54/0xe8 vfs_write+0x124/0x3f0 ksys_write+0xe8/0x1b8 __arm64_sys_write+0x68/0x98 do_el0_svc+0x124/0x220 el0_sync_handler+0x260/0x408 el0_sync+0x140/0x180 Allocated by task 3356: save_stack+0x24/0x50 __kasan_kmalloc.isra.13+0xc4/0xe0 kasan_kmalloc+0xc/0x18 kmem_cache_alloc_trace+0x1ec/0x318 arm_smmu_domain_alloc+0x54/0x148 iommu_group_alloc_default_domain+0xc0/0x440 iommu_probe_device+0x1c0/0x308 iort_iommu_configure+0x434/0x518 acpi_dma_configure+0xf0/0x128 pci_dma_configure+0x114/0x160 really_probe+0x124/0x6d8 driver_probe_device+0xc4/0x180 __device_attach_driver+0x184/0x1e8 bus_for_each_drv+0x114/0x1a0 __device_attach+0x19c/0x2a8 device_attach+0x10/0x18 pci_bus_add_device+0x70/0xf8 pci_iov_add_virtfn+0x7b4/0xb40 sriov_enable+0x5c8/0xc30 pci_enable_sriov+0x64/0x80 mlx5_core_sriov_configure+0x58/0x260 [mlx5_core] sriov_numvfs_store+0x1c0/0x318 dev_attr_store+0x38/0x68 sysfs_kf_write+0xdc/0x128 kernfs_fop_write+0x23c/0x448 __vfs_write+0x54/0xe8 vfs_write+0x124/0x3f0 ksys_write+0xe8/0x1b8 __arm64_sys_write+0x68/0x98 do_el0_svc+0x124/0x220 el0_sync_handler+0x260/0x408 el0_sync+0x140/0x180 Freed by task 3356: save_stack+0x24/0x50 __kasan_slab_free+0x124/0x198 kasan_slab_free+0x10/0x18 slab_free_freelist_hook+0x110/0x298 kfree+0x128/0x668 arm_smmu_domain_free+0xf4/0x1a0 iommu_group_release+0xec/0x160 kobject_put+0xf4/0x238 kobject_del+0x110/0x190 kobject_put+0x1e4/0x238 iommu_group_remove_device+0x394/0x938 iommu_release_device+0x9c/0x178 iommu_release_device at drivers/iommu/iommu.c:300 iommu_bus_notifier+0x118/0x160 notifier_call_chain+0xa4/0x128 __blocking_notifier_call_chain+0x70/0xa8 blocking_notifier_call_chain+0x14/0x20 device_del+0x618/0xa00 pci_remove_bus_device+0x108/0x2d8 pci_stop_and_remove_bus_device+0x1c/0x28 pci_iov_remove_virtfn+0x228/0x368 sriov_disable+0x8c/0x348 pci_disable_sriov+0x5c/0x70 mlx5_core_sriov_configure+0xd8/0x260 [mlx5_core] sriov_numvfs_store+0x240/0x318 dev_attr_store+0x38/0x68 sysfs_kf_write+0xdc/0x128 kernfs_fop_write+0x23c/0x448 __vfs_write+0x54/0xe8 vfs_write+0x124/0x3f0 ksys_write+0xe8/0x1b8 __arm64_sys_write+0x68/0x98 do_el0_svc+0x124/0x220 el0_sync_handler+0x260/0x408 el0_sync+0x140/0x180 The buggy address belongs to the object at ffff0089df1a6e00 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 360 bytes inside of 512-byte region [ffff0089df1a6e00, ffff0089df1a7000) The buggy address belongs to the page: page:ffffffe02257c680 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0089df1a1400 flags: 0x7ffff800000200(slab) raw: 007ffff800000200 ffffffe02246b8c8 ffffffe02257ff88 ffff000000320680 raw: ffff0089df1a1400 00000000002a000e 00000001ffffffff ffff0089df1a5001 page dumped because: kasan: bad access detected page->mem_cgroup:ffff0089df1a5001 Memory state around the buggy address: ffff0089df1a6e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff0089df1a6e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff0089df1a6f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff0089df1a6f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff0089df1a7000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Fixes: a6a4c7e2c5b8 ("iommu: Add probe_device() and release_device() call-backs") Signed-off-by: Qian Cai Link: https://lore.kernel.org/r/20200704001003.2303-1-cai@lca.pw Signed-off-by: Joerg Roedel commit a8dab63ea623610bb258d93649e30330dd1b7c8b Author: Steve French Date: Tue Jul 7 23:52:07 2020 -0500 cifs: update internal module version number To 2.28 Signed-off-by: Steve French commit a77592a70081edb58a95b9da18fd5a2882a25666 Author: Ronnie Sahlberg Date: Thu Jul 9 20:39:49 2020 +1000 cifs: fix reference leak for tlink Don't leak a reference to tlink during the NOTIFY ioctl Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French Reviewed-by: Aurelien Aptel CC: Stable # v5.6+ commit 6d1d41c075a1a54ba03370e268171fec20e06563 Author: Chu Lin Date: Thu Jul 9 04:06:12 2020 +0000 hwmon: (adm1275) Make sure we are reading enough data for different chips Issue: When PEC is enabled, binding adm1272 to the adm1275 would fail due to PEC error. See below: adm1275: probe of xxxx failed with error -74 Diagnosis: Per the datasheet of adm1272, adm1278, adm1293 and amd1294, PMON_CONFIG (0xd4) is 16bits wide. On the other hand, PMON_CONFIG (0xd4) for adm1275 is 8bits wide. The driver should not assume everything is 8bits wide and read only 8bits from it. Solution: If it is adm1272, adm1278, adm1293 and adm1294, use i2c_read_word. Else, use i2c_read_byte Testing: Binding adm1272 to the driver. The change is only tested on adm1272. Signed-off-by: Chu Lin Link: https://lore.kernel.org/r/20200709040612.3977094-1-linchuyuan@google.com Signed-off-by: Guenter Roeck commit 5679b28142193a62f6af93249c0477be9f0c669b Author: Ard Biesheuvel Date: Thu Jul 9 15:59:53 2020 +0300 arm64/alternatives: don't patch up internal branches Commit f7b93d42945c ("arm64/alternatives: use subsections for replacement sequences") moved the alternatives replacement sequences into subsections, in order to keep the as close as possible to the code that they replace. Unfortunately, this broke the logic in branch_insn_requires_update, which assumed that any branch into kernel executable code was a branch that required updating, which is no longer the case now that the code sequences that are patched in are in the same section as the patch site itself. So the only way to discriminate branches that require updating and ones that don't is to check whether the branch targets the replacement sequence itself, and so we can drop the call to kernel_text_address() entirely. Fixes: f7b93d42945c ("arm64/alternatives: use subsections for replacement sequences") Reported-by: Alexandru Elisei Signed-off-by: Ard Biesheuvel Tested-by: Alexandru Elisei Link: https://lore.kernel.org/r/20200709125953.30918-1-ardb@kernel.org Signed-off-by: Will Deacon commit 528a9539348a0234375dfaa1ca5dbbb2f8f8e8d2 Author: Janosch Frank Date: Tue Jul 7 15:38:54 2020 +0200 s390/mm: fix huge pte soft dirty copying If the pmd is soft dirty we must mark the pte as soft dirty (and not dirty). This fixes some cases for guest migration with huge page backings. Cc: # 4.8 Fixes: bc29b7ac1d9f ("s390/mm: clean up pte/pmd encoding") Reviewed-by: Christian Borntraeger Reviewed-by: Gerald Schaefer Signed-off-by: Janosch Frank Signed-off-by: Heiko Carstens commit 30c66fc30ee7a98c4f3adf5fb7e213b61884474f Author: Frederic Weisbecker Date: Fri Jul 3 03:06:57 2020 +0200 timer: Prevent base->clk from moving backward When a timer is enqueued with a negative delta (ie: expiry is below base->clk), it gets added to the wheel as expiring now (base->clk). Yet the value that gets stored in base->next_expiry, while calling trigger_dyntick_cpu(), is the initial timer->expires value. The resulting state becomes: base->next_expiry < base->clk On the next timer enqueue, forward_timer_base() may accidentally rewind base->clk. As a possible outcome, timers may expire way too early, the worst case being that the highest wheel levels get spuriously processed again. To prevent from that, make sure that base->next_expiry doesn't get below base->clk. Fixes: a683f390b93f ("timers: Forward the wheel clock whenever possible") Signed-off-by: Frederic Weisbecker Signed-off-by: Thomas Gleixner Reviewed-by: Anna-Maria Behnsen Tested-by: Juri Lelli Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20200703010657.2302-1-frederic@kernel.org commit bd87e6f6610aa96fde01ee6653e162213f7ec836 Author: Thomas Gleixner Date: Wed Jul 8 21:28:07 2020 +0200 x86/entry/common: Make prepare_exit_to_usermode() static No users outside this file anymore. Signed-off-by: Thomas Gleixner Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200708192934.301116609@linutronix.de commit 006e1ced516d2bfd9db63a32b5dba3c2abf43b04 Author: Thomas Gleixner Date: Wed Jul 8 21:28:06 2020 +0200 x86/entry: Mark check_user_regs() noinstr It's called from the non-instrumentable section. Fixes: c9c26150e61d ("x86/entry: Assert that syscalls are on the right stack") Signed-off-by: Thomas Gleixner Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200708192934.191497962@linutronix.de commit bce9b042ec73e8662b8119d4ca47e7c78b20d0bf Author: Thomas Gleixner Date: Wed Jul 8 21:28:05 2020 +0200 x86/traps: Disable interrupts in exc_aligment_check() exc_alignment_check() fails to disable interrupts before returning to the entry code. Fixes: ca4c6a9858c2 ("x86/traps: Make interrupt enable/disable symmetric in C code") Reported-by: syzbot+0889df9502bc0f112b31@syzkaller.appspotmail.com Signed-off-by: Thomas Gleixner Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200708192934.076519438@linutronix.de commit 09c717c92b52df54918e12cbfe6a4658233fda69 Author: Florian Fainelli Date: Wed Jul 8 22:13:40 2020 -0700 arm64: Add missing sentinel to erratum_1463225 When the erratum_1463225 array was introduced a sentinel at the end was missing thus causing a KASAN: global-out-of-bounds in is_affected_midr_range_list on arm64 error. Fixes: a9e821b89daa ("arm64: Add KRYO4XX gold CPU cores to erratum list 1463225 and 1418040") Signed-off-by: Florian Fainelli Reviewed-by: Sai Prakash Ranjan Link: https://lore.kernel.org/linux-arm-kernel/CA+G9fYs3EavpU89-rTQfqQ9GgxAMgMAk7jiiVrfP0yxj5s+Q6g@mail.gmail.com/ Link: https://lore.kernel.org/r/20200709051345.14544-1-f.fainelli@gmail.com Signed-off-by: Will Deacon commit 769e0fe1171e95d90ea5a2d6d0b2bdc7d5d2e7b2 Author: Ard Biesheuvel Date: Thu Jul 9 09:59:57 2020 +0300 efi: Revert "efi/x86: Fix build with gcc 4" This reverts commit 5435f73d5c4a1b75, which is no longer needed now that the minimum GCC version has been bumped to v4.9 Signed-off-by: Ard Biesheuvel commit f88814cc2578c121e6edef686365036db72af0ed Author: Ard Biesheuvel Date: Wed Jul 8 13:01:57 2020 +0300 efi/efivars: Expose RT service availability via efivars abstraction Commit bf67fad19e493b ("efi: Use more granular check for availability for variable services") introduced a check into the efivarfs, efi-pstore and other drivers that aborts loading of the module if not all three variable runtime services (GetVariable, SetVariable and GetNextVariable) are supported. However, this results in efivarfs being unavailable entirely if only SetVariable support is missing, which is only needed if you want to make any modifications. Also, efi-pstore and the sysfs EFI variable interface could be backed by another implementation of the 'efivars' abstraction, in which case it is completely irrelevant which services are supported by the EFI firmware. So make the generic 'efivars' abstraction dependent on the availibility of the GetVariable and GetNextVariable EFI runtime services, and add a helper 'efivar_supports_writes()' to find out whether the currently active efivars abstraction supports writes (and wire it up to the availability of SetVariable for the generic one). Then, use the efivar_supports_writes() helper to decide whether to permit efivarfs to be mounted read-write, and whether to enable efi-pstore or the sysfs EFI variable interface altogether. Fixes: bf67fad19e493b ("efi: Use more granular check for availability for variable services") Reported-by: Heinrich Schuchardt Acked-by: Ilias Apalodimas Tested-by: Ilias Apalodimas Signed-off-by: Ard Biesheuvel commit 8778eb0927ddcd3f431805c37b78fa56481aeed9 Author: Zhang Qiang Date: Mon Jul 6 13:14:55 2020 +0800 usb: gadget: function: fix missing spinlock in f_uac1_legacy Add a missing spinlock protection for play_queue, because the play_queue may be destroyed when the "playback_work" work func and "f_audio_out_ep_complete" callback func operate this paly_queue at the same time. Fixes: c6994e6f067cf ("USB: gadget: add USB Audio Gadget driver") Cc: stable Signed-off-by: Zhang Qiang Signed-off-by: Felipe Balbi commit 30517ffeb3bff842e1355cbc32f1959d9dbb5414 Author: Michał Mirosław Date: Thu May 28 20:35:54 2020 +0200 usb: gadget: udc: atmel: fix uninitialized read in debug printk Fixed commit moved the assignment of 'req', but did not update a reference in the DBG() call. Use the argument as it was renamed. Fixes: 5fb694f96e7c ("usb: gadget: udc: atmel: fix possible oops when unloading module") Signed-off-by: Michał Mirosław Signed-off-by: Felipe Balbi commit 9706247d94165ef9d6f7f00308e1cd7e0cc9251d Author: Michał Mirosław Date: Thu May 28 20:35:53 2020 +0200 usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() Fixed commit removed the offending behaviour from the driver, but missed the comment and associated test. Remove them now. Fixes: 38e58986e6fc ("usb: gadget: udc: atmel: don't disable enpdoints we don't own") Signed-off-by: Michał Mirosław Signed-off-by: Felipe Balbi commit 4fdf228cdf6925af45a2066d403821e0977bfddb Author: Minas Harutyunyan Date: Sat May 30 11:41:50 2020 +0400 usb: dwc2: Fix shutdown callback in platform To avoid lot of interrupts from dwc2 core, which can be asserted in specific conditions need to disable interrupts on HW level instead of disable IRQs on Kernel level, because of IRQ can be shared between drivers. Cc: stable@vger.kernel.org Fixes: a40a00318c7fc ("usb: dwc2: add shutdown callback to platform variant") Tested-by: Frank Mori Hess Reviewed-by: Alan Stern Reviewed-by: Doug Anderson Reviewed-by: Frank Mori Hess Signed-off-by: Minas Harutyunyan Signed-off-by: Felipe Balbi commit 65b7cf48c211ece5e2560a334eb9608e48775a8f Author: Peter Chen Date: Wed Jun 3 14:53:55 2020 +0800 usb: cdns3: trace: fix some endian issues It is found by sparse. Reported-by: kbuild test robot Signed-off-by: Peter Chen Signed-off-by: Felipe Balbi commit 9f81d45c79271def8a9b90447b04b9c6323291f9 Author: Peter Chen Date: Wed Jun 3 14:53:54 2020 +0800 usb: cdns3: ep0: fix some endian issues It is found by sparse. Reported-by: kbuild test robot Signed-off-by: Peter Chen Signed-off-by: Felipe Balbi commit c8f8529e2c4141afa2ebb487ad48e8a6ec3e8c99 Author: Evgeny Novikov Date: Fri Jun 26 16:17:47 2020 +0300 usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() gr_ep_init() does not assign the allocated request anywhere if allocation of memory for the buffer fails. This is a memory leak fixed by the given patch. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Evgeny Novikov Signed-off-by: Felipe Balbi commit 4a0f5a7f2bab80348ca1e4b996648a20746a2407 Author: Randy Dunlap Date: Sun Jun 28 20:08:03 2020 -0700 usb: gadget: fix langid kernel-doc warning in usbstring.c Fix spelling of the 'langid' function argument in the kernel-doc notation to quieten a kernel-doc warning. ../drivers/usb/gadget/usbstring.c:77: warning: Function parameter or member 'langid' not described in 'usb_validate_langid' ../drivers/usb/gadget/usbstring.c:77: warning: Excess function parameter 'lang' description in 'usb_validate_langid' Fixes: 17309a6a4356 ("usb: gadget: add "usb_validate_langid" function") Signed-off-by: Randy Dunlap Reviewed-by: Tao Ren Cc: Tao Ren Cc: Felipe Balbi Signed-off-by: Felipe Balbi commit e25d1e8532c3d84f075deca1580a7d61e0f43ce6 Author: Heikki Krogerus Date: Tue Jun 30 15:24:59 2020 +0300 usb: dwc3: pci: add support for the Intel Jasper Lake This patch adds the necessary PCI ID for Intel Jasper Lake devices. Signed-off-by: Heikki Krogerus Signed-off-by: Felipe Balbi commit c3f595a8119207cc0f82b3dc6ec5bbf6f3e6b135 Author: Heikki Krogerus Date: Thu Jun 25 10:34:32 2020 +0300 usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant This patch adds the necessary PCI ID for TGP-H devices. Signed-off-by: Heikki Krogerus Signed-off-by: Felipe Balbi commit 2249357459c0a52608678c27ebc74c4238204057 Author: Guenter Roeck Date: Tue Jun 30 17:10:02 2020 -0700 drm/aspeed: Call drm_fbdev_generic_setup after drm_dev_register The following backtrace is seen when running aspeed G5 kernels. WARNING: CPU: 0 PID: 1 at drivers/gpu/drm/drm_fb_helper.c:2233 drm_fbdev_generic_setup+0x138/0x198 aspeed_gfx 1e6e6000.display: Device has not been registered. CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.8.0-rc3 #1 Hardware name: Generic DT based system Backtrace: [<8010d6d0>] (dump_backtrace) from [<8010d9b8>] (show_stack+0x20/0x24) r7:00000009 r6:60000153 r5:00000000 r4:8119fa94 [<8010d998>] (show_stack) from [<80b8cb98>] (dump_stack+0xcc/0xec) [<80b8cacc>] (dump_stack) from [<80123ef0>] (__warn+0xd8/0xfc) r7:00000009 r6:80e62ed0 r5:00000000 r4:974c3ccc [<80123e18>] (__warn) from [<80123f98>] (warn_slowpath_fmt+0x84/0xc4) r9:00000009 r8:806a0140 r7:000008b9 r6:80e62ed0 r5:80e631f8 r4:974c2000 [<80123f18>] (warn_slowpath_fmt) from [<806a0140>] (drm_fbdev_generic_setup+0x138/0x198) r9:00000001 r8:9758fc10 r7:9758fc00 r6:00000000 r5:00000020 r4:9768a000 [<806a0008>] (drm_fbdev_generic_setup) from [<806d4558>] (aspeed_gfx_probe+0x204/0x32c) r7:9758fc00 r6:00000000 r5:00000000 r4:9768a000 [<806d4354>] (aspeed_gfx_probe) from [<806dfca0>] (platform_drv_probe+0x58/0xa8) Since commit 1aed9509b29a6 ("drm/fb-helper: Remove return value from drm_fbdev_generic_setup()"), drm_fbdev_generic_setup() must be called after drm_dev_register() to avoid the warning. Do that. Fixes: 1aed9509b29a6 ("drm/fb-helper: Remove return value from drm_fbdev_generic_setup()") Signed-off-by: Guenter Roeck Acked-by: Sam Ravnborg Acked-by: Joel Stanley Signed-off-by: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20200701001002.74997-1-linux@roeck-us.net commit 3230d95cea0515a6acf3f5ff360663de4c40fd07 Author: Atish Patra Date: Mon Jul 6 10:25:59 2020 -0700 efi/libstub: Move the function prototypes to header file The prototype of the functions handle_kernel_image & efi_enter_kernel are defined in efi-stub.c which may result in a compiler warnings if -Wmissing-prototypes is set in gcc compiler. Move the prototype to efistub.h to make the compiler happy. Signed-off-by: Atish Patra Link: https://lore.kernel.org/r/20200706172609.25965-2-atish.patra@wdc.com Signed-off-by: Ard Biesheuvel commit 950accbabd4cfa83519fa920f99428bcc131c3c9 Author: Atish Patra Date: Thu Jun 25 16:45:06 2020 -0700 efi/libstub: Fix gcc error around __umoddi3 for 32 bit builds 32bit gcc doesn't support modulo operation on 64 bit data. It results in a __umoddi3 error while building EFI for 32 bit. Use bitwise operations instead of modulo operations to fix the issue. Signed-off-by: Atish Patra Link: https://lore.kernel.org/r/20200625234516.31406-2-atish.patra@wdc.com Signed-off-by: Ard Biesheuvel commit c1aac64ddc01112e137121a43645b96c3633c41b Author: Masahiro Yamada Date: Thu Jun 4 11:20:30 2020 +0900 efi/libstub/arm64: link stub lib.a conditionally Since commit 799c43415442 ("kbuild: thin archives make default for all archs"), core-y is passed to the linker with --whole-archive. Hence, the whole of stub library is linked to vmlinux. Use libs-y so that lib.a is passed after --no-whole-archive for conditional linking. The unused drivers/firmware/efi/libstub/relocate.o will be dropped for ARCH=arm64. Signed-off-by: Masahiro Yamada Link: https://lore.kernel.org/r/20200604022031.164207-1-masahiroy@kernel.org Signed-off-by: Ard Biesheuvel commit a50ca29523b18baea548bdf5df9b4b923c2bb4f6 Author: Dave Wang Date: Wed Jul 8 22:25:03 2020 -0700 Input: elan_i2c - add more hardware ID for Lenovo laptops This adds more hardware IDs for Elan touchpads found in various Lenovo laptops. Signed-off-by: Dave Wang Link: https://lore.kernel.org/r/000201d5a8bd$9fead3f0$dfc07bd0$@emc.com.tw Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov commit f3bd9dae3708a0ff6b067e766073ffeb853301f9 Author: Yang Yingliang Date: Thu Jul 9 10:11:41 2020 +0000 io_uring: fix memleak in __io_sqe_files_update() I got a memleak report when doing some fuzz test: BUG: memory leak unreferenced object 0xffff888113e02300 (size 488): comm "syz-executor401", pid 356, jiffies 4294809529 (age 11.954s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ a0 a4 ce 19 81 88 ff ff 60 ce 09 0d 81 88 ff ff ........`....... backtrace: [<00000000129a84ec>] kmem_cache_zalloc include/linux/slab.h:659 [inline] [<00000000129a84ec>] __alloc_file+0x25/0x310 fs/file_table.c:101 [<000000003050ad84>] alloc_empty_file+0x4f/0x120 fs/file_table.c:151 [<000000004d0a41a3>] alloc_file+0x5e/0x550 fs/file_table.c:193 [<000000002cb242f0>] alloc_file_pseudo+0x16a/0x240 fs/file_table.c:233 [<00000000046a4baa>] anon_inode_getfile fs/anon_inodes.c:91 [inline] [<00000000046a4baa>] anon_inode_getfile+0xac/0x1c0 fs/anon_inodes.c:74 [<0000000035beb745>] __do_sys_perf_event_open+0xd4a/0x2680 kernel/events/core.c:11720 [<0000000049009dc7>] do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:359 [<00000000353731ca>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff8881152dd5e0 (size 16): comm "syz-executor401", pid 356, jiffies 4294809529 (age 11.954s) hex dump (first 16 bytes): 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000074caa794>] kmem_cache_zalloc include/linux/slab.h:659 [inline] [<0000000074caa794>] lsm_file_alloc security/security.c:567 [inline] [<0000000074caa794>] security_file_alloc+0x32/0x160 security/security.c:1440 [<00000000c6745ea3>] __alloc_file+0xba/0x310 fs/file_table.c:106 [<000000003050ad84>] alloc_empty_file+0x4f/0x120 fs/file_table.c:151 [<000000004d0a41a3>] alloc_file+0x5e/0x550 fs/file_table.c:193 [<000000002cb242f0>] alloc_file_pseudo+0x16a/0x240 fs/file_table.c:233 [<00000000046a4baa>] anon_inode_getfile fs/anon_inodes.c:91 [inline] [<00000000046a4baa>] anon_inode_getfile+0xac/0x1c0 fs/anon_inodes.c:74 [<0000000035beb745>] __do_sys_perf_event_open+0xd4a/0x2680 kernel/events/core.c:11720 [<0000000049009dc7>] do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:359 [<00000000353731ca>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 If io_sqe_file_register() failed, we need put the file that get by fget() to avoid the memleak. Fixes: c3a31e605620 ("io_uring: add support for IORING_REGISTER_FILES_UPDATE") Cc: stable@vger.kernel.org Reported-by: Hulk Robot Signed-off-by: Yang Yingliang Signed-off-by: Jens Axboe commit 6d5f904904608a9cd32854d7d0a4dd65b27f9935 Author: Xiaoguang Wang Date: Thu Jul 9 09:15:29 2020 +0800 io_uring: export cq overflow status to userspace For those applications which are not willing to use io_uring_enter() to reap and handle cqes, they may completely rely on liburing's io_uring_peek_cqe(), but if cq ring has overflowed, currently because io_uring_peek_cqe() is not aware of this overflow, it won't enter kernel to flush cqes, below test program can reveal this bug: static void test_cq_overflow(struct io_uring *ring) { struct io_uring_cqe *cqe; struct io_uring_sqe *sqe; int issued = 0; int ret = 0; do { sqe = io_uring_get_sqe(ring); if (!sqe) { fprintf(stderr, "get sqe failed\n"); break;; } ret = io_uring_submit(ring); if (ret <= 0) { if (ret != -EBUSY) fprintf(stderr, "sqe submit failed: %d\n", ret); break; } issued++; } while (ret > 0); assert(ret == -EBUSY); printf("issued requests: %d\n", issued); while (issued) { ret = io_uring_peek_cqe(ring, &cqe); if (ret) { if (ret != -EAGAIN) { fprintf(stderr, "peek completion failed: %s\n", strerror(ret)); break; } printf("left requets: %d\n", issued); continue; } io_uring_cqe_seen(ring, cqe); issued--; printf("left requets: %d\n", issued); } } int main(int argc, char *argv[]) { int ret; struct io_uring ring; ret = io_uring_queue_init(16, &ring, 0); if (ret) { fprintf(stderr, "ring setup failed: %d\n", ret); return 1; } test_cq_overflow(&ring); return 0; } To fix this issue, export cq overflow status to userspace by adding new IORING_SQ_CQ_OVERFLOW flag, then helper functions() in liburing, such as io_uring_peek_cqe, can be aware of this cq overflow and do flush accordingly. Signed-off-by: Xiaoguang Wang Signed-off-by: Jens Axboe commit 813357fead4adee73f7eca6bbe0e69dfcf514dc6 Author: Dan Williams Date: Tue Jun 23 21:35:26 2020 -0700 libnvdimm/security: Fix key lookup permissions As of commit 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather than a mask") lookup_user_key() needs an explicit declaration of what it wants to do with the key. Add KEY_NEED_SEARCH to fix a warning with the below signature, and fixes the inability to retrieve a key. WARNING: CPU: 15 PID: 6276 at security/keys/permission.c:35 key_task_permission+0xd3/0x140 [..] RIP: 0010:key_task_permission+0xd3/0x140 [..] Call Trace: lookup_user_key+0xeb/0x6b0 ? vsscanf+0x3df/0x840 ? key_validate+0x50/0x50 ? key_default_cmp+0x20/0x20 nvdimm_get_user_key_payload.part.0+0x21/0x110 [libnvdimm] nvdimm_security_store+0x67d/0xb20 [libnvdimm] security_store+0x67/0x1a0 [libnvdimm] kernfs_fop_write+0xcf/0x1c0 vfs_write+0xde/0x1d0 ksys_write+0x68/0xe0 do_syscall_64+0x5c/0xa0 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Fixes: 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather than a mask") Suggested-by: David Howells Reviewed-by: Dave Jiang Reviewed-by: Ira Weiny Cc: Dan Williams Cc: Vishal Verma Cc: Dave Jiang Cc: Ira Weiny Link: https://lore.kernel.org/r/159297332630.1304143.237026690015653759.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Dan Williams commit 0a03715068794e4b524f66ebbf412ab1f2933f3f Author: Leon Romanovsky Date: Tue Jul 7 14:06:12 2020 +0300 RDMA/mlx5: Set PD pointers for the error flow unwind ib_pd is accessed internally during destroy of the TIR/TIS, but PD can be not set yet. This leading to the following kernel panic. BUG: kernel NULL pointer dereference, address: 0000000000000074 PGD 8000000079eaa067 P4D 8000000079eaa067 PUD 7ae81067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 1 PID: 709 Comm: syz-executor.0 Not tainted 5.8.0-rc3 #41 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 RIP: 0010:destroy_raw_packet_qp_tis drivers/infiniband/hw/mlx5/qp.c:1189 [inline] RIP: 0010:destroy_raw_packet_qp drivers/infiniband/hw/mlx5/qp.c:1527 [inline] RIP: 0010:destroy_qp_common+0x2ca/0x4f0 drivers/infiniband/hw/mlx5/qp.c:2397 Code: 00 85 c0 74 2e e8 56 18 55 ff 48 8d b3 28 01 00 00 48 89 ef e8 d7 d3 ff ff 48 8b 43 08 8b b3 c0 01 00 00 48 8b bd a8 0a 00 00 <0f> b7 50 74 e8 0d 6a fe ff e8 28 18 55 ff 49 8d 55 50 4c 89 f1 48 RSP: 0018:ffffc900007bbac8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88807949e800 RCX: 0000000000000998 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88807c180140 RBP: ffff88807b50c000 R08: 000000000002d379 R09: ffffc900007bba00 R10: 0000000000000001 R11: 000000000002d358 R12: ffff888076f37000 R13: ffff88807949e9c8 R14: ffffc900007bbe08 R15: ffff888076f37000 FS: 00000000019bf940(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000074 CR3: 0000000076d68004 CR4: 0000000000360ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mlx5_ib_create_qp+0xf36/0xf90 drivers/infiniband/hw/mlx5/qp.c:3014 _ib_create_qp drivers/infiniband/core/core_priv.h:333 [inline] create_qp+0x57f/0xd20 drivers/infiniband/core/uverbs_cmd.c:1443 ib_uverbs_create_qp+0xcf/0x100 drivers/infiniband/core/uverbs_cmd.c:1564 ib_uverbs_write+0x5fa/0x780 drivers/infiniband/core/uverbs_main.c:664 __vfs_write+0x3f/0x90 fs/read_write.c:495 vfs_write+0xc7/0x1f0 fs/read_write.c:559 ksys_write+0x5e/0x110 fs/read_write.c:612 do_syscall_64+0x3e/0x70 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x466479 Code: Bad RIP value. RSP: 002b:00007ffd057b62b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000466479 RDX: 0000000000000070 RSI: 0000000020000240 RDI: 0000000000000003 RBP: 00000000019bf8fc R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000bf6 R14: 00000000004cb859 R15: 00000000006fefc0 Fixes: 6c41965d647a ("RDMA/mlx5: Don't access ib_qp fields in internal destroy QP path") Link: https://lore.kernel.org/r/20200707110612.882962-4-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 530c8632b547ff72f11ff83654b22462a73f1f7b Author: Aya Levin Date: Tue Jul 7 14:06:11 2020 +0300 IB/mlx5: Fix 50G per lane indication Some released FW versions mistakenly don't set the capability that 50G per lane link-modes are supported for VFs (ptys_extended_ethernet capability bit). Use PTYS.ext_eth_proto_capability instead, as this indication is always accurate. If PTYS.ext_eth_proto_capability is valid (has a non-zero value) conclude that the HCA supports 50G per lane. Otherwise, conclude that the HCA doesn't support 50G per lane. Fixes: 08e8676f1607 ("IB/mlx5: Add support for 50Gbps per lane link modes") Link: https://lore.kernel.org/r/20200707110612.882962-3-leon@kernel.org Signed-off-by: Aya Levin Reviewed-by: Eran Ben Elisha Reviewed-by: Saeed Mahameed Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 2c79583927bb8154ecaa45a67dde97661d895ecd Author: Kees Cook Date: Fri Jul 3 11:25:09 2020 -0700 selftests: kmod: Add module address visibility test Make sure we don't regress the CAP_SYSLOG behavior of the module address visibility via /proc/modules nor /sys/module/*/sections/*. Reviewed-by: Luis Chamberlain Signed-off-by: Kees Cook commit 63960260457a02af2a6cb35d75e6bdb17299c882 Author: Kees Cook Date: Thu Jul 2 15:45:23 2020 -0700 bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() When evaluating access control over kallsyms visibility, credentials at open() time need to be used, not the "current" creds (though in BPF's case, this has likely always been the same). Plumb access to associated file->f_cred down through bpf_dump_raw_ok() and its callers now that kallsysm_show_value() has been refactored to take struct cred. Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: bpf@vger.kernel.org Cc: stable@vger.kernel.org Fixes: 7105e828c087 ("bpf: allow for correlation of maps and helpers in dump") Signed-off-by: Kees Cook commit 60f7bb66b88b649433bf700acfc60c3f24953871 Author: Kees Cook Date: Thu Jul 2 15:20:22 2020 -0700 kprobes: Do not expose probe addresses to non-CAP_SYSLOG The kprobe show() functions were using "current"'s creds instead of the file opener's creds for kallsyms visibility. Fix to use seq_file->file->f_cred. Cc: Masami Hiramatsu Cc: stable@vger.kernel.org Fixes: 81365a947de4 ("kprobes: Show address of kprobes if kallsyms does") Fixes: ffb9bd68ebdb ("kprobes: Show blacklist addresses as same as kallsyms does") Signed-off-by: Kees Cook commit b25a7c5af9051850d4f3d93ca500056ab6ec724b Author: Kees Cook Date: Thu Jul 2 14:43:59 2020 -0700 module: Do not expose section addresses to non-CAP_SYSLOG The printing of section addresses in /sys/module/*/sections/* was not using the correct credentials to evaluate visibility. Before: # cat /sys/module/*/sections/.*text 0xffffffffc0458000 ... # capsh --drop=CAP_SYSLOG -- -c "cat /sys/module/*/sections/.*text" 0xffffffffc0458000 ... After: # cat /sys/module/*/sections/*.text 0xffffffffc0458000 ... # capsh --drop=CAP_SYSLOG -- -c "cat /sys/module/*/sections/.*text" 0x0000000000000000 ... Additionally replaces the existing (safe) /proc/modules check with file->f_cred for consistency. Reported-by: Dominik Czarnota Fixes: be71eda5383f ("module: Fix display of wrong module .text address") Cc: stable@vger.kernel.org Tested-by: Jessica Yu Acked-by: Jessica Yu Signed-off-by: Kees Cook commit ed66f991bb19d94cae5d38f77de81f96aac7813f Author: Kees Cook Date: Thu Jul 2 13:47:20 2020 -0700 module: Refactor section attr into bin attribute In order to gain access to the open file's f_cred for kallsym visibility permission checks, refactor the module section attributes to use the bin_attribute instead of attribute interface. Additionally removes the redundant "name" struct member. Cc: stable@vger.kernel.org Reviewed-by: Greg Kroah-Hartman Tested-by: Jessica Yu Acked-by: Jessica Yu Signed-off-by: Kees Cook commit 160251842cd35a75edfb0a1d76afa3eb674ff40a Author: Kees Cook Date: Thu Jul 2 11:49:23 2020 -0700 kallsyms: Refactor kallsyms_show_value() to take cred In order to perform future tests against the cred saved during open(), switch kallsyms_show_value() to operate on a cred, and have all current callers pass current_cred(). This makes it very obvious where callers are checking the wrong credential in their "read" contexts. These will be fixed in the coming patches. Additionally switch return value to bool, since it is always used as a direct permission check, not a 0-on-success, negative-on-error style function return. Cc: stable@vger.kernel.org Signed-off-by: Kees Cook commit 76c4d85c9260c3d741cbd194c30c61983d0a4303 Author: Rahul Lakkireddy Date: Thu Jul 9 03:14:27 2020 +0530 cxgb4: fix all-mask IP address comparison Convert all-mask IP address to Big Endian, instead, for comparison. Fixes: f286dd8eaad5 ("cxgb4: use correct type for all-mask IP address comparison") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit a34f829164f3c70d7f53bb532ddcc39fa890b722 Author: Hamish Martin Date: Thu Jul 9 09:06:44 2020 +1200 tipc: fix retransmission on unicast links A scenario has been observed where a 'bc_init' message for a link is not retransmitted if it fails to be received by the peer. This leads to the peer never establishing the link fully and it discarding all other data received on the link. In this scenario the message is lost in transit to the peer. The issue is traced to the 'nxt_retr' field of the skb not being initialised for links that aren't a bc_sndlink. This leads to the comparison in tipc_link_advance_transmq() that gates whether to attempt retransmission of a message performing in an undesirable way. Depending on the relative value of 'jiffies', this comparison: time_before(jiffies, TIPC_SKB_CB(skb)->nxt_retr) may return true or false given that 'nxt_retr' remains at the uninitialised value of 0 for non bc_sndlinks. This is most noticeable shortly after boot when jiffies is initialised to a high value (to flush out rollover bugs) and we compare a jiffies of, say, 4294940189 to zero. In that case time_before returns 'true' leading to the skb not being retransmitted. The fix is to ensure that all skbs have a valid 'nxt_retr' time set for them and this is achieved by refactoring the setting of this value into a central function. With this fix, transmission losses of 'bc_init' messages do not stall the link establishment forever because the 'bc_init' message is retransmitted and the link eventually establishes correctly. Fixes: 382f598fb66b ("tipc: reduce duplicate packets for unicast traffic") Acked-by: Jon Maloy Signed-off-by: Hamish Martin Signed-off-by: David S. Miller commit 27d53323664c549b5bb2dfaaf6f7ad6e0376a64e Author: Xin Long Date: Tue Jul 7 02:02:32 2020 +0800 l2tp: remove skb_dst_set() from l2tp_xmit_skb() In the tx path of l2tp, l2tp_xmit_skb() calls skb_dst_set() to set skb's dst. However, it will eventually call inet6_csk_xmit() or ip_queue_xmit() where skb's dst will be overwritten by: skb_dst_set_noref(skb, dst); without releasing the old dst in skb. Then it causes dst/dev refcnt leak: unregister_netdevice: waiting for eth0 to become free. Usage count = 1 This can be reproduced by simply running: # modprobe l2tp_eth && modprobe l2tp_ip # sh ./tools/testing/selftests/net/l2tp.sh So before going to inet6_csk_xmit() or ip_queue_xmit(), skb's dst should be dropped. This patch is to fix it by removing skb_dst_set() from l2tp_xmit_skb() and moving skb_dst_drop() into l2tp_xmit_core(). Fixes: 3557baabf280 ("[L2TP]: PPP over L2TP driver core") Reported-by: Hangbin Liu Signed-off-by: Xin Long Acked-by: James Chapman Tested-by: James Chapman Signed-off-by: David S. Miller commit 579dd91ab3a5446b148e7f179b6596b270dace46 Author: Zheng Bin Date: Mon Jun 29 09:23:49 2020 +0800 nbd: Fix memory leak in nbd_add_socket When adding first socket to nbd, if nsock's allocation failed, the data structure member "config->socks" was reallocated, but the data structure member "config->num_connections" was not updated. A memory leak will occur then because the function "nbd_config_put" will free "config->socks" only when "config->num_connections" is not zero. Fixes: 03bf73c315ed ("nbd: prevent memory leak") Reported-by: syzbot+934037347002901b8d2a@syzkaller.appspotmail.com Signed-off-by: Zheng Bin Reviewed-by: Eric Biggers Signed-off-by: Jens Axboe commit 581fce373581772470af8fb4fe13505dc66281e6 Author: Suzuki K Poulose Date: Tue Jul 7 15:31:52 2020 +0100 arm64: Documentation: Fix broken table in generated HTML cpu-feature-registers.rst is missing a new line before a couple of tables listing the visible fields, causing broken tables in the HTML documentation generated by "make htmldocs". Fix this by adding the missing new line. Reported-by: Peter Maydell Signed-off-by: Suzuki K Poulose Cc: Mark Rutland Cc: Will Deacon Cc: Catalin Marinas Link: https://lore.kernel.org/r/20200707143152.154541-1-suzuki.poulose@arm.com Signed-off-by: Will Deacon commit 8523c006264df65aac7d77284cc69aac46a6f842 Author: Wei Li Date: Sun May 10 05:41:56 2020 +0800 arm64: kgdb: Fix single-step exception handling oops After entering kdb due to breakpoint, when we execute 'ss' or 'go' (will delay installing breakpoints, do single-step first), it won't work correctly, and it will enter kdb due to oops. It's because the reason gotten in kdb_stub() is not as expected, and it seems that the ex_vector for single-step should be 0, like what arch powerpc/sh/parisc has implemented. Before the patch: Entering kdb (current=0xffff8000119e2dc0, pid 0) on processor 0 due to Keyboard Entry [0]kdb> bp printk Instruction(i) BP #0 at 0xffff8000101486cc (printk) is enabled addr at ffff8000101486cc, hardtype=0 installed=0 [0]kdb> g / # echo h > /proc/sysrq-trigger Entering kdb (current=0xffff0000fa878040, pid 266) on processor 3 due to Breakpoint @ 0xffff8000101486cc [3]kdb> ss Entering kdb (current=0xffff0000fa878040, pid 266) on processor 3 Oops: (null) due to oops @ 0xffff800010082ab8 CPU: 3 PID: 266 Comm: sh Not tainted 5.7.0-rc4-13839-gf0e5ad491718 #6 Hardware name: linux,dummy-virt (DT) pstate: 00000085 (nzcv daIf -PAN -UAO) pc : el1_irq+0x78/0x180 lr : __handle_sysrq+0x80/0x190 sp : ffff800015003bf0 x29: ffff800015003d20 x28: ffff0000fa878040 x27: 0000000000000000 x26: ffff80001126b1f0 x25: ffff800011b6a0d8 x24: 0000000000000000 x23: 0000000080200005 x22: ffff8000101486cc x21: ffff800015003d30 x20: 0000ffffffffffff x19: ffff8000119f2000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : ffff800015003e50 x7 : 0000000000000002 x6 : 00000000380b9990 x5 : ffff8000106e99e8 x4 : ffff0000fadd83c0 x3 : 0000ffffffffffff x2 : ffff800011b6a0d8 x1 : ffff800011b6a000 x0 : ffff80001130c9d8 Call trace: el1_irq+0x78/0x180 printk+0x0/0x84 write_sysrq_trigger+0xb0/0x118 proc_reg_write+0xb4/0xe0 __vfs_write+0x18/0x40 vfs_write+0xb0/0x1b8 ksys_write+0x64/0xf0 __arm64_sys_write+0x14/0x20 el0_svc_common.constprop.2+0xb0/0x168 do_el0_svc+0x20/0x98 el0_sync_handler+0xec/0x1a8 el0_sync+0x140/0x180 [3]kdb> After the patch: Entering kdb (current=0xffff8000119e2dc0, pid 0) on processor 0 due to Keyboard Entry [0]kdb> bp printk Instruction(i) BP #0 at 0xffff8000101486cc (printk) is enabled addr at ffff8000101486cc, hardtype=0 installed=0 [0]kdb> g / # echo h > /proc/sysrq-trigger Entering kdb (current=0xffff0000fa852bc0, pid 268) on processor 0 due to Breakpoint @ 0xffff8000101486cc [0]kdb> g Entering kdb (current=0xffff0000fa852bc0, pid 268) on processor 0 due to Breakpoint @ 0xffff8000101486cc [0]kdb> ss Entering kdb (current=0xffff0000fa852bc0, pid 268) on processor 0 due to SS trap @ 0xffff800010082ab8 [0]kdb> Fixes: 44679a4f142b ("arm64: KGDB: Add step debugging support") Signed-off-by: Wei Li Tested-by: Douglas Anderson Reviewed-by: Douglas Anderson Link: https://lore.kernel.org/r/20200509214159.19680-2-liwei391@huawei.com Signed-off-by: Will Deacon commit 8c3001b9252d8dbf72289d3590a723eea8cfe824 Author: Will Deacon Date: Wed Jul 8 22:10:01 2020 +0100 arm64: entry: Tidy up block comments and label numbers Continually butchering our entry code with CPU errata workarounds has led to it looking a little scruffy. Consistently used /* */ comment style for multi-line block comments and ensure that small numeric labels use consecutive integers. No functional change, but the state of things was irritating. Signed-off-by: Will Deacon commit dc802f2bc0208f4abca420705a860c5175db4bee Author: Marc Zyngier Date: Mon Jul 6 17:38:02 2020 +0100 arm64: Rework ARM_ERRATUM_1414080 handling The current handling of erratum 1414080 has the side effect that cntkctl_el1 can get changed for both 32 and 64bit tasks. This isn't a problem so far, but if we ever need to mitigate another of these errata on the 64bit side, we'd better keep the messing with cntkctl_el1 local to 32bit tasks. For that, make sure that on entering the kernel from a 32bit tasks, userspace access to cntvct gets enabled, and disabled returning to userspace, while it never gets changed for 64bit tasks. Signed-off-by: Marc Zyngier Reviewed-by: Mark Rutland Link: https://lore.kernel.org/r/20200706163802.1836732-5-maz@kernel.org [will: removed branch instructions per Mark's review comments] Signed-off-by: Will Deacon commit 4b661d6133c5d3a7c9aca0b4ee5a78c7766eff3f Author: Marc Zyngier Date: Mon Jul 6 17:38:01 2020 +0100 arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040 ARM64_WORKAROUND_1418040 requires that AArch32 EL0 accesses to the virtual counter register are trapped and emulated by the kernel. This makes the vdso pretty pointless, and in some cases livelock prone. Provide a workaround entry that limits the vdso to 64bit tasks. Signed-off-by: Marc Zyngier Acked-by: Mark Rutland Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200706163802.1836732-4-maz@kernel.org Signed-off-by: Will Deacon commit c1fbec4ac0d701f350a581941d35643d5a9cd184 Author: Marc Zyngier Date: Mon Jul 6 17:38:00 2020 +0100 arm64: arch_timer: Allow an workaround descriptor to disable compat vdso As we are about to disable the vdso for compat tasks in some circumstances, let's allow a workaround descriptor to express exactly that. Signed-off-by: Marc Zyngier Acked-by: Mark Rutland Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200706163802.1836732-3-maz@kernel.org Signed-off-by: Will Deacon commit 97884ca8c2925d14c32188e865069f21378b4b4f Author: Marc Zyngier Date: Mon Jul 6 17:37:59 2020 +0100 arm64: Introduce a way to disable the 32bit vdso We have a class of errata (grouped under the ARM64_WORKAROUND_1418040 banner) that force the trapping of counter access from 32bit EL0. We would normally disable the whole vdso for such defect, except that it would disable it for 64bit userspace as well, which is a shame. Instead, add a new vdso_clock_mode, which signals that the vdso isn't usable for compat tasks. This gets checked in the new vdso_clocksource_ok() helper, now provided for the 32bit vdso. Signed-off-by: Marc Zyngier Acked-by: Mark Rutland Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200706163802.1836732-2-maz@kernel.org Signed-off-by: Will Deacon commit b8c1c9fe6a042dfbb169d14ab2000d9163f06d10 Author: Kevin Hao Date: Fri Apr 17 18:32:11 2020 +0800 arm64: entry: Fix the typo in the comment of el1_dbg() The function name should be local_daif_mask(). Signed-off-by: Kevin Hao Acked-by: Mark Rutlamd Link: https://lore.kernel.org/r/20200417103212.45812-2-haokexin@gmail.com Signed-off-by: Will Deacon commit 132330f8044c8e0cfa83b5eee41ade52708390dc Author: Gavin Shan Date: Tue Jun 30 17:59:43 2020 +1000 drivers/firmware/psci: Assign @err directly in hotplug_tests() The return value of down_and_up_cpus() can be assigned to @err directly. With that, the useless assignment to @err with zero can be dropped. Signed-off-by: Gavin Shan Reviewed-by: Sudeep Holla Link: https://lore.kernel.org/r/20200630075943.203954-1-gshan@redhat.com Signed-off-by: Will Deacon commit c377e67c6271954969384f9be1b1b71de13eba30 Author: Gavin Shan Date: Tue Jun 30 17:52:27 2020 +1000 drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() The CPU mask (@tmp) should be released on failing to allocate @cpu_groups or any of its elements. Otherwise, it leads to memory leakage because the CPU mask variable is dynamically allocated when CONFIG_CPUMASK_OFFSTACK is enabled. Signed-off-by: Gavin Shan Reviewed-by: Sudeep Holla Link: https://lore.kernel.org/r/20200630075227.199624-1-gshan@redhat.com Signed-off-by: Will Deacon commit 68cf617309b5f6f3a651165f49f20af1494753ae Author: Will Deacon Date: Wed Jul 8 17:25:46 2020 +0100 KVM: arm64: Fix definition of PAGE_HYP_DEVICE PAGE_HYP_DEVICE is intended to encode attribute bits for an EL2 stage-1 pte mapping a device. Unfortunately, it includes PROT_DEVICE_nGnRE which encodes attributes for EL1 stage-1 mappings such as UXN and nG, which are RES0 for EL2, and DBM which is meaningless as TCR_EL2.HD is not set. Fix the definition of PAGE_HYP_DEVICE so that it doesn't set RES0 bits at EL2. Acked-by: Marc Zyngier Cc: Marc Zyngier Cc: Catalin Marinas Cc: James Morse Cc: Link: https://lore.kernel.org/r/20200708162546.26176-1-will@kernel.org Signed-off-by: Will Deacon commit 1412bb2b4bb7e05b694742748b0f315664d91450 Merge: a42e6aee7f47 fb4f79264c0f Author: David S. Miller Date: Wed Jul 8 12:35:15 2020 -0700 Merge branch 'net-smc-fixes' Karsten Graul says: ==================== net/smc: fixes 2020-07-08 Please apply the following patch series for smc to netdev's net tree. The patches fix problems found during more testing of SMC functionality, resulting in hang conditions and unneeded link deactivations. The clc module was hardened to be prepared for possible future SMCD versions. ==================== Signed-off-by: David S. Miller commit fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1 Author: Ursula Braun Date: Wed Jul 8 17:05:15 2020 +0200 net/smc: tolerate future SMCD versions CLC proposal messages of future SMCD versions could be larger than SMCD V1 CLC proposal messages. To enable toleration in SMC V1 the receival of CLC proposal messages is adapted: * accept larger length values in CLC proposal * check trailing eye catcher for incoming CLC proposal with V1 length only * receive the whole CLC proposal even in cases it does not fit into the V1 buffer Fixes: e7b7a64a8493d ("smc: support variable CLC proposal messages") Signed-off-by: Ursula Braun Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 82087c0330534d18e6db25869871e589d214b7fa Author: Ursula Braun Date: Wed Jul 8 17:05:14 2020 +0200 net/smc: switch smcd_dev_list spinlock to mutex The similar smc_ib_devices spinlock has been converted to a mutex. Protecting the smcd_dev_list by a mutex is possible as well. This patch converts the smcd_dev_list spinlock to a mutex. Fixes: c6ba7c9ba43d ("net/smc: add base infrastructure for SMC-D and ISM") Signed-off-by: Ursula Braun Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 92f3cb0e11dda530d1daa42d7a11af5a92ed89e4 Author: Ursula Braun Date: Wed Jul 8 17:05:13 2020 +0200 net/smc: fix sleep bug in smc_pnet_find_roce_resource() Tests showed this BUG: [572555.252867] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:935 [572555.252876] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 131031, name: smcapp [572555.252879] INFO: lockdep is turned off. [572555.252883] CPU: 1 PID: 131031 Comm: smcapp Tainted: G O 5.7.0-rc3uschi+ #356 [572555.252885] Hardware name: IBM 3906 M03 703 (LPAR) [572555.252887] Call Trace: [572555.252896] [<00000000ac364554>] show_stack+0x94/0xe8 [572555.252901] [<00000000aca1f400>] dump_stack+0xa0/0xe0 [572555.252906] [<00000000ac3c8c10>] ___might_sleep+0x260/0x280 [572555.252910] [<00000000acdc0c98>] __mutex_lock+0x48/0x940 [572555.252912] [<00000000acdc15c2>] mutex_lock_nested+0x32/0x40 [572555.252975] [<000003ff801762d0>] mlx5_lag_get_roce_netdev+0x30/0xc0 [mlx5_core] [572555.252996] [<000003ff801fb3aa>] mlx5_ib_get_netdev+0x3a/0xe0 [mlx5_ib] [572555.253007] [<000003ff80063848>] smc_pnet_find_roce_resource+0x1d8/0x310 [smc] [572555.253011] [<000003ff800602f0>] __smc_connect+0x1f0/0x3e0 [smc] [572555.253015] [<000003ff80060634>] smc_connect+0x154/0x190 [smc] [572555.253022] [<00000000acbed8d4>] __sys_connect+0x94/0xd0 [572555.253025] [<00000000acbef620>] __s390x_sys_socketcall+0x170/0x360 [572555.253028] [<00000000acdc6800>] system_call+0x298/0x2b8 [572555.253030] INFO: lockdep is turned off. Function smc_pnet_find_rdma_dev() might be called from smc_pnet_find_roce_resource(). It holds the smc_ib_devices list spinlock while calling infiniband op get_netdev(). At least for mlx5 the get_netdev operation wants mutex serialization, which conflicts with the smc_ib_devices spinlock. This patch switches the smc_ib_devices spinlock into a mutex to allow sleeping when calling get_netdev(). Fixes: a4cf0443c414 ("smc: introduce SMC as an IB-client") Signed-off-by: Ursula Braun Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit b7eede757883a9892dcb7bf0280f4890fc74bcf6 Author: Karsten Graul Date: Wed Jul 8 17:05:12 2020 +0200 net/smc: fix work request handling Wait for pending sends only when smc_switch_conns() found a link to move the connections to. Do not wait during link freeing, this can lead to permanent hang situations. And refuse to provide a new tx slot on an unusable link. Fixes: c6f02ebeea3a ("net/smc: switch connections to alternate link") Reviewed-by: Ursula Braun Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit 6778a6bed09b58beca936a675e9dd195c0986580 Author: Karsten Graul Date: Wed Jul 8 17:05:11 2020 +0200 net/smc: separate LLC wait queues for flow and messages There might be races in scenarios where both SMC link groups are on the same system. Prevent that by creating separate wait queues for LLC flows and messages. Switch to non-interruptable versions of wait_event() and wake_up() for the llc flow waiter to make sure the waiters get control sequentially. Fine tune the llc_flow_lock to include the assignment of the message. Write to system log when an unexpected message was dropped. And remove an extra indirection and use the existing local variable lgr in smc_llc_enqueue(). Fixes: 555da9af827d ("net/smc: add event-based llc_flow framework") Reviewed-by: Ursula Braun Signed-off-by: Karsten Graul Signed-off-by: David S. Miller commit a42e6aee7f47a8a68d09923c720fc8f605a04207 Author: Dmitry Bogdanov Date: Wed Jul 8 17:17:10 2020 +0300 net: atlantic: fix ip dst and ipv6 address filters This patch fixes ip dst and ipv6 address filters. There were 2 mistakes in the code, which led to the issue: * invalid register was used for ipv4 dst address; * incorrect write order of dwords for ipv6 addresses. Fixes: 23e7a718a49b ("net: aquantia: add rx-flow filter definitions") Signed-off-by: Dmitry Bogdanov Signed-off-by: Mark Starovoytov Signed-off-by: Alexander Lobakin Signed-off-by: David S. Miller commit 0bddd227f3dc55975e2b8dfa7fc6f959b062a2c7 Author: Randy Dunlap Date: Wed Jul 8 11:44:59 2020 -0700 Documentation: update for gcc 4.9 requirement Update Documentation for the gcc v4.9 upgrade requirement. Fixes: 5429ef62bcf3 ("compiler/gcc: Raise minimum GCC version for kernel builds to 4.8") Fixes: 6ec4476ac825 ("Raise gcc version requirement to 4.9") Signed-off-by: Randy Dunlap Acked-by: Jonathan Corbet Signed-off-by: Linus Torvalds commit 63e1968a2c87e9461e9694a96991935116e0cec7 Merge: 6ec4476ac825 f79a732a8325 Author: Linus Torvalds Date: Wed Jul 8 11:07:09 2020 -0700 Merge tag 'sound-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "A collection of small, mostly device-specific fixes. The significant one is the regression fix for USB-audio implicit feedback devices due to the incorrect frame size calculation, which landed in 5.8 and stable trees. In addition, a few usual HD-audio and USB-audio quirks, Intel HDMI fixes, ASoC fsl and rt5682 fixes, as well as the fix in compress-offload partial drain operation" * tag 'sound-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: compress: fix partial_drain completion state ALSA: usb-audio: Add implicit feedback quirk for RTX6001 ALSA: usb-audio: add quirk for MacroSilicon MS2109 ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id ALSA: hda/hdmi: improve debug traces for stream lookups ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later ALSA: opl3: fix infoleak in opl3 ALSA: usb-audio: Replace s/frame/packet/ where appropriate ALSA: usb-audio: Fix packet size calculation AsoC: amd: add missing snd- module prefix to the acp3x-rn driver kernel module ALSA: hda - let hs_mic be picked ahead of hp_mic ASoC: rt5682: fix the pop noise while OMTP type headset plugin ASoC: fsl_mqs: Fix unchecked return value for clk_prepare_enable ASoC: fsl_mqs: Don't check clock is NULL before calling clk API commit 6ec4476ac82512f09c94aff5972654b70f3772b2 Author: Linus Torvalds Date: Wed Jul 8 10:48:35 2020 -0700 Raise gcc version requirement to 4.9 I realize that we fairly recently raised it to 4.8, but the fact is, 4.9 is a much better minimum version to target. We have a number of workarounds for actual bugs in pre-4.9 gcc versions (including things like internal compiler errors on ARM), but we also have some syntactic workarounds for lacking features. In particular, raising the minimum to 4.9 means that we can now just assume _Generic() exists, which is likely the much better replacement for a lot of very convoluted built-time magic with conditionals on sizeof and/or __builtin_choose_expr() with same_type() etc. Using _Generic also means that you will need to have a very recent version of 'sparse', but thats easy to build yourself, and much less of a hassle than some old gcc version can be. The latest (in a long string) of reasons for minimum compiler version upgrades was commit 5435f73d5c4a ("efi/x86: Fix build with gcc 4"). Ard points out that RHEL 7 uses gcc-4.8, but the people who stay back on old RHEL versions persumably also don't build their own kernels anyway. And maybe they should cross-built or just have a little side affair with a newer compiler? Acked-by: Ard Biesheuvel Acked-by: Peter Zijlstra Signed-off-by: Linus Torvalds commit 6958c1c640af8c3f40fa8a2eee3b5b905d95b677 Author: Mikulas Patocka Date: Wed Jul 8 12:25:20 2020 -0400 dm: use noio when sending kobject event kobject_uevent may allocate memory and it may be called while there are dm devices suspended. The allocation may recurse into a suspended device, causing a deadlock. We must set the noio flag when sending a uevent. The observed deadlock was reported here: https://www.redhat.com/archives/dm-devel/2020-March/msg00025.html Reported-by: Khazhismel Kumykov Reported-by: Tahsin Erdogan Reported-by: Gabriel Krisman Bertazi Signed-off-by: Mikulas Patocka Cc: stable@vger.kernel.org Signed-off-by: Mike Snitzer commit 174364f6a8979655f71b04b6492657aec3762703 Author: Damien Le Moal Date: Wed Jul 8 09:20:22 2020 +0900 dm zoned: Fix zone reclaim trigger Only triggering reclaim based on the percentage of unmapped cache zones can fail to detect cases where reclaim is needed, e.g. if the target has only 2 or 3 cache zones and only one unmapped cache zone, the percentage of free cache zones is higher than DMZ_RECLAIM_LOW_UNMAP_ZONES (30%) and reclaim does not trigger. This problem, combined with the fact that dmz_schedule_reclaim() is called from dmz_handle_bio() without the map lock held, leads to a race between zone allocation and dmz_should_reclaim() result. Depending on the workload applied, this race can lead to the write path waiting forever for a free zone without reclaim being triggered. Fix this by moving dmz_schedule_reclaim() inside dmz_alloc_zone() under the map lock. This results in checking the need for zone reclaim whenever a new data or buffer zone needs to be allocated. Also fix dmz_reclaim_percentage() to always return 0 if the number of unmapped cache (or random) zones is less than or equal to 1. Suggested-by: Shin'ichiro Kawasaki Signed-off-by: Damien Le Moal Reviewed-by: Hannes Reinecke Signed-off-by: Mike Snitzer commit bcf003be750a888a002f909b1043e43ac6997e2d Merge: 76ea60f77161 38b1927e5bf9 Author: Greg Kroah-Hartman Date: Wed Jul 8 18:00:07 2020 +0200 Merge tag 'phy-fixes-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy into char-misc-next Vinod writes: phy: fixes for 5.8 *) Fix for intel combo driver for warns or errors *) Constify symbols for am654-serdes & j721e-wiz *) Return value fix for rockchip driver *) Null pointer dereference fix for sun4i-usb * tag 'phy-fixes-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy: phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked phy: rockchip: Fix return value of inno_dsidphy_probe() phy: ti: j721e-wiz: Constify structs phy: ti: am654-serdes: Constify regmap_config phy: intel: fix enum type mismatch warning phy: intel: Fix compilation error on FIELD_PREP usage commit 76ea60f771615d32c0c5caed81991b25a87e0137 Merge: bf12fdf0ab72 bf6d6e68d202 Author: Greg Kroah-Hartman Date: Wed Jul 8 17:59:14 2020 +0200 Merge tag 'soundwire-5.8-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire into char--misc-linus Vinod writes: soundwire fixes for v5.8 - Intel driver memory leak fix * tag 'soundwire-5.8-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire: soundwire: intel: fix memory leak with devm_kasprintf commit ce34c9b461b50001892b0b348e024d2275014ede Author: Wei Yongjun Date: Thu Jul 2 23:11:40 2020 +0800 dm zoned: fix unused but set variable warnings Fix unused but set variable warnings: drivers/md/dm-zoned-reclaim.c:504:42: warning: variable nr_rnd set but not used [-Wunused-but-set-variable] 504 | unsigned int p_unmap, nr_unmap_rnd = 0, nr_rnd = 0; | ^~~~~~ drivers/md/dm-zoned-reclaim.c:504:24: warning: variable nr_unmap_rnd set but not used [-Wunused-but-set-variable] 504 | unsigned int p_unmap, nr_unmap_rnd = 0, nr_rnd = 0; | ^~~~~~~~~~~~ Fixes: f97809aec589 ("dm zoned: per-device reclaim") Signed-off-by: Wei Yongjun Signed-off-by: Mike Snitzer commit af3cf0ac6805a36740089a5f200c28a04d452404 Merge: 876d4e1e8298 da6902e5b6db Author: Greg Kroah-Hartman Date: Wed Jul 8 17:10:17 2020 +0200 Merge tag 'usb-serial-5.8-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for 5.8-rc5 Here are some new device ids for 5.8. All have been in linux-next with no reported issues. * tag 'usb-serial-5.8-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial: USB: serial: option: add Quectel EG95 LTE modem USB: serial: ch341: add new Product ID for CH340 USB: serial: option: add GosunCn GM500 series USB: serial: cypress_m8: enable Simply Automated UPB PIM commit a46624580376a3a0beb218d94cbc7f258696e29f Author: Michal Suchanek Date: Tue Jun 30 17:49:24 2020 +0200 dm writecache: reject asynchronous pmem devices DM writecache does not handle asynchronous pmem. Reject it when supplied as cache. Link: https://lore.kernel.org/linux-nvdimm/87lfk5hahc.fsf@linux.ibm.com/ Fixes: 6e84200c0a29 ("virtio-pmem: Add virtio pmem driver") Signed-off-by: Michal Suchanek Acked-by: Mikulas Patocka Cc: stable@vger.kernel.org # 5.3+ Signed-off-by: Mike Snitzer commit 382761dc6312965a11f82f2217e16ec421bf17ae Author: Christoph Hellwig Date: Sat Jun 27 09:31:46 2020 +0200 dm: use bio_uninit instead of bio_disassociate_blkg bio_uninit is the proper API to clean up a BIO that has been allocated on stack or inside a structure that doesn't come from the BIO allocator. Switch dm to use that instead of bio_disassociate_blkg, which really is an implementation detail. Note that the bio_uninit calls are also moved to the two callers of __send_empty_flush, so that they better pair with the bio_init calls used to initialize them. Signed-off-by: Christoph Hellwig Reviewed-by: Johannes Thumshirn Signed-off-by: Mike Snitzer commit 443a34ba68e8a627c15f9987b11cfa01f3e1ba0a Author: Pierre-Louis Bossart Date: Tue Jul 7 15:26:28 2020 -0500 regmap: add missing dependency on SoundWire CONFIG_REGMAP is not selected when no other serial bus is supported. It's largely academic since CONFIG_I2C is usually selected e.g. by DRM, but still this can break randconfig so let's be explicit. Signed-off-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/20200707202628.113142-1-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 37d65a26c9630af5263039dc36bedf878b5680cf Merge: 1e9c7ce7ad82 4e7f8cac1171 Author: Mark Brown Date: Wed Jul 8 15:02:06 2020 +0100 Merge series "ASoC: more fixes for dpcm checks" from Pierre-Louis Bossart : This is hopefully the last set of fixes to avoid probe errors due to stricter checks of DAI capabilities introduced late in the 5.8 cycle. Daniel Baluta (1): ASoC: SOF: imx: add min/max channels for SAI/ESAI on i.MX8/i.MX8M Pierre-Louis Bossart (2): ASoC: soc-dai: set dai_link dpcm_ flags with a helper ASoC: Intel: bdw-rt5677: fix non BE conversion include/sound/soc-dai.h | 1 + sound/soc/generic/audio-graph-card.c | 4 +-- sound/soc/generic/simple-card.c | 4 +-- sound/soc/intel/boards/bdw-rt5677.c | 1 + sound/soc/soc-dai.c | 38 ++++++++++++++++++++++++++++ sound/soc/sof/imx/imx8.c | 8 ++++++ sound/soc/sof/imx/imx8m.c | 8 ++++++ 7 files changed, 60 insertions(+), 4 deletions(-) base-commit: a5911ac5790acaf98c929b826b3f7b4a438f9759 -- 2.25.1 commit 1e9c7ce7ad829f901549547a83fc7130ae9d3379 Merge: 5f886d7d2c06 8edac489e7c3 Author: Mark Brown Date: Wed Jul 8 15:02:04 2020 +0100 Merge series "ASoC: topology: fix error handling flow" from Pierre-Louis Bossart : While experimenting and introducing errors in Baytrail topology files until I got them right, I encountered multiple kernel oopses and memory leaks. This is a first batch to harden the code, but we should probably think of a tool to fuzz the topology... Pierre-Louis Bossart (5): ASoC: topology: fix kernel oops on route addition error ASoC: topology: fix tlvs in error handling for widget_dmixer ASoC: topology: use break on errors, not continue ASoC: topology: factor kfree(se) in error handling ASoC: topology: add more logs when topology load fails. sound/soc/soc-topology.c | 97 ++++++++++++++++++++++++---------------- 1 file changed, 58 insertions(+), 39 deletions(-) base-commit: a5911ac5790acaf98c929b826b3f7b4a438f9759 -- 2.25.1 commit 5f886d7d2c06a06650d41c37a02257c55f23a10e Merge: eceb5437ed0d 0fd3935ef888 Author: Mark Brown Date: Wed Jul 8 15:02:03 2020 +0100 Merge series "ASoC: codecs: add MAX98373 Soundwire driver" from Pierre-Louis Bossart : V2 with a number of cleanups: split between I2C and SoundWire modes, as done for rt5682, and updated Kconfigs. removed useless initializations common to both modes removed idle_bias on fixed register classified as volatile in error fixed SPDX comments Pierre-Louis Bossart (2): ASoC: codecs: max98373: split I2C and common parts ASoC: Intel: sof-sdw: add MAX98373 I2C dependencies Ryan Lee (2): ASoC: codecs: max98373: Removed superfluous volume control from chip default ASoC: codecs: max98373: add SoundWire support randerwang (2): ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend ASoC: Intel: sdw_max98373: add card_late_probe support sound/soc/codecs/Kconfig | 20 +- sound/soc/codecs/Makefile | 4 + sound/soc/codecs/max98373-i2c.c | 612 +++++++++++++++ sound/soc/codecs/max98373-sdw.c | 887 ++++++++++++++++++++++ sound/soc/codecs/max98373-sdw.h | 72 ++ sound/soc/codecs/max98373.c | 619 +-------------- sound/soc/codecs/max98373.h | 17 +- sound/soc/intel/boards/Kconfig | 7 +- sound/soc/intel/boards/sof_sdw.c | 19 +- sound/soc/intel/boards/sof_sdw_common.h | 6 + sound/soc/intel/boards/sof_sdw_max98373.c | 12 + 11 files changed, 1668 insertions(+), 607 deletions(-) create mode 100644 sound/soc/codecs/max98373-i2c.c create mode 100644 sound/soc/codecs/max98373-sdw.c create mode 100644 sound/soc/codecs/max98373-sdw.h base-commit: a5911ac5790acaf98c929b826b3f7b4a438f9759 -- 2.25.1 commit eceb5437ed0d41be5d12af3add58b3be2d5719e5 Author: Ranjani Sridharan Date: Tue Jul 7 15:40:27 2020 -0500 ASoC: SOF: core: fix null-ptr-deref bug during device removal The DSP should be notified for device removal only if the probe was successful. Fixes the following KASAN bug: BUG: KASAN: null-ptr-deref in sof_ipc_tx_message+0x80/0x160 [snd_sof] Signed-off-by: Ranjani Sridharan Signed-off-by: Pierre-Louis Bossart Reviewed-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200707204027.114169-1-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 0fd3935ef888b7231fde87eba3fdf613c4923b4a Author: randerwang Date: Tue Jul 7 15:57:37 2020 -0500 ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend Idle_bias_on is used to decide bias on/off in standby state by dapm. When Idle_bias_on is set to one, dapm will keep max98373 active at idle time. Max98373 is doing nothing in this state, so remove idle_bias_on setting to let max98373 get suspended when it is idle. Signed-off-by: randerwang Signed-off-by: Pierre-Louis Bossart Reviewed-by: Ryan Lee Reviewed-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200707205740.114927-4-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit a53bacc04d7e2b813ebe0ca4dae38716c00d7953 Author: Ryan Lee Date: Tue Jul 7 15:57:36 2020 -0500 ASoC: codecs: max98373: Removed superfluous volume control from chip default Volume control in probe function is not necessary. Signed-off-by: Ryan Lee Signed-off-by: Pierre-Louis Bossart Reviewed-by: Rander Wang Reviewed-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200707205740.114927-3-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 3ec2d5113ea5e182b759b613dc1f7108ba7aac9e Author: Veerabhadrarao Badiganti Date: Wed Jul 8 18:41:19 2020 +0530 mmc: sdhci-msm: Override DLL_CONFIG only if the valid value is supplied During DLL initialization, the DLL_CONFIG register value would be updated with the value supplied from the device-tree. Override this register only if a valid value is supplied. Fixes: 03591160ca19 ("mmc: sdhci-msm: Read and use DLL Config property from device tree file") Signed-off-by: Veerabhadrarao Badiganti Link: https://lore.kernel.org/r/1594213888-2780-1-git-send-email-vbadigan@codeaurora.org Signed-off-by: Ulf Hansson commit 8edac489e7c3fce44208373bb3e7b5835a672c66 Author: Pierre-Louis Bossart Date: Tue Jul 7 15:37:46 2020 -0500 ASoC: topology: fix tlvs in error handling for widget_dmixer we need to free all allocated tlvs, not just the one allocated in the loop before releasing kcontrols - other the tlvs references will leak. Fixes: 9f90af3a995298 ('ASoC: topology: Consolidate and fix asoc_tplg_dapm_widget_*_create flow') Signed-off-by: Pierre-Louis Bossart Reviewed-by: Ranjani Sridharan Reviewed-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200707203749.113883-3-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 6f0307df83f2aa6bdf656c2219c89ce96502d20e Author: Pierre-Louis Bossart Date: Tue Jul 7 15:37:45 2020 -0500 ASoC: topology: fix kernel oops on route addition error When errors happens while loading graph components, the kernel oopses while trying to remove all topology components. This can be root-caused to a list pointing to memory that was already freed on error. remove_route() is already called on errors and will perform the required cleanups so there's no need to free the route memory in soc_tplg_dapm_graph_elems_load() if the route was added to the list. We do however want to free the routes allocated but not added to the list. Fixes: 7df04ea7a31ea ('ASoC: topology: modify dapm route loading routine and add dapm route unloading') Signed-off-by: Pierre-Louis Bossart Reviewed-by: Ranjani Sridharan Reviewed-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200707203749.113883-2-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 4e7f8cac1171ba369a9209a8d949732a4d3b939a Author: Daniel Baluta Date: Tue Jul 7 16:04:39 2020 -0500 ASoC: SOF: imx: add min/max channels for SAI/ESAI on i.MX8/i.MX8M This is identical with change for Intel platforms done with commit 8c05246c0b58 ("ASoC: SOF: Intel: add min/max channels for SSP on Baytrail/Broadwell") and fixes a regression on i.MX8/i.MX8M: [ 25.705750] esai-Codec: ASoC: no backend playback stream [ 27.923378] esai-Codec: ASoC: no users playback at close - state This is root-caused to the introduction of the DAI capability checks with snd_soc_dai_stream_valid(). Its use in soc-pcm.c makes it a requirement for all DAIs to report at least a non-zero min_channels field. Fixes: 9b5db059366ae2 ("ASoC: soc-pcm: dpcm: Only allow playback/capture if supported") Signed-off-by: Daniel Baluta Signed-off-by: Pierre-Louis Bossart Reviewed-by: Ranjani Sridharan Link: https://lore.kernel.org/r/20200707210439.115300-4-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit fffebe8a8339c7e56db4126653a3bc0c0c5592cf Author: Pierre-Louis Bossart Date: Tue Jul 7 16:04:38 2020 -0500 ASoC: Intel: bdw-rt5677: fix non BE conversion When SOF is used, the normal links are converted into DPCM ones. This generates an error [ 58.276668] bdw-rt5677 bdw-rt5677: CPU DAI spi-RT5677AA:00 for rtd Wake on Voice does not support playback [ 58.276676] bdw-rt5677 bdw-rt5677: ASoC: can't create pcm Wake on Voice :-22 Fix by forcing the capture direction. Fixes: b73287f0b0745 ('ASoC: soc-pcm: dpcm: fix playback/capture checks') Signed-off-by: Pierre-Louis Bossart Reviewed-by: Guennadi Liakhovetski Reviewed-by: Curtis Malainey Link: https://lore.kernel.org/r/20200707210439.115300-3-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 25612477d20b522a3203707ff23575b99f639fff Author: Pierre-Louis Bossart Date: Tue Jul 7 16:04:37 2020 -0500 ASoC: soc-dai: set dai_link dpcm_ flags with a helper Add a helper to walk through all the DAIs and set dpcm_playback and dpcm_capture flags based on the DAIs capabilities, and use this helper to avoid setting these flags arbitrarily in generic cards. The commit referenced in the Fixes tag did not introduce the configuration issue but will prevent the card from probing when detecting invalid configurations. Fixes: b73287f0b0745 ('ASoC: soc-pcm: dpcm: fix playback/capture checks') Signed-off-by: Pierre-Louis Bossart Reviewed-by: Kai Vehmanen Reviewed-by: Guennadi Liakhovetski Link: https://lore.kernel.org/r/20200707210439.115300-2-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 04340645f69ab7abb6f9052688a60f0213b3f79c Author: Kamal Heib Date: Tue Jul 7 16:09:31 2020 +0300 RDMA/siw: Fix reporting vendor_part_id Move the initialization of the vendor_part_id to be before calling ib_register_device(), this is needed because the query_device() callback is called from the context of ib_register_device() before initializing the vendor_part_id, so the reported value is wrong. Fixes: bdcf26bf9b3a ("rdma/siw: network and RDMA core interface") Link: https://lore.kernel.org/r/20200707130931.444724-1-kamalheib1@gmail.com Signed-off-by: Kamal Heib Reviewed-by: Bernard Metzler Signed-off-by: Jason Gunthorpe commit 4557ac6b344b8cdf948ff8b007e8e1de34832f2e Author: Nicholas Piggin Date: Wed Jul 8 17:49:42 2020 +1000 powerpc/64s/exception: Fix 0x1500 interrupt handler crash A typo caused the interrupt handler to branch immediately to the common "unknown interrupt" handler and skip the special case test for denormal cause. This does not affect KVM softpatch handling (e.g., for POWER9 TM assist) because the KVM test was moved to common code by commit 9600f261acaa ("powerpc/64s/exception: Move KVM test to common code") just before this bug was introduced. Fixes: 3f7fbd97d07d ("powerpc/64s/exception: Clean up SRR specifiers") Reported-by: Paul Menzel Signed-off-by: Nicholas Piggin Tested-by: Paul Menzel [mpe: Split selftest into a separate patch] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200708074942.1713396-1-npiggin@gmail.com commit ce3614daabea8a2d01c1dd17ae41d1ec5e5ae7db Author: Mathieu Desnoyers Date: Mon Jul 6 16:49:10 2020 -0400 sched: Fix unreliable rseq cpu_id for new tasks While integrating rseq into glibc and replacing glibc's sched_getcpu implementation with rseq, glibc's tests discovered an issue with incorrect __rseq_abi.cpu_id field value right after the first time a newly created process issues sched_setaffinity. For the records, it triggers after building glibc and running tests, and then issuing: for x in {1..2000} ; do posix/tst-affinity-static & done and shows up as: error: Unexpected CPU 2, expected 0 error: Unexpected CPU 2, expected 0 error: Unexpected CPU 2, expected 0 error: Unexpected CPU 2, expected 0 error: Unexpected CPU 138, expected 0 error: Unexpected CPU 138, expected 0 error: Unexpected CPU 138, expected 0 error: Unexpected CPU 138, expected 0 This is caused by the scheduler invoking __set_task_cpu() directly from sched_fork() and wake_up_new_task(), thus bypassing rseq_migrate() which is done by set_task_cpu(). Add the missing rseq_migrate() to both functions. The only other direct use of __set_task_cpu() is done by init_idle(), which does not involve a user-space task. Based on my testing with the glibc test-case, just adding rseq_migrate() to wake_up_new_task() is sufficient to fix the observed issue. Also add it to sched_fork() to keep things consistent. The reason why this never triggered so far with the rseq/basic_test selftest is unclear. The current use of sched_getcpu(3) does not typically require it to be always accurate. However, use of the __rseq_abi.cpu_id field within rseq critical sections requires it to be accurate. If it is not accurate, it can cause corruption in the per-cpu data targeted by rseq critical sections in user-space. Reported-By: Florian Weimer Signed-off-by: Mathieu Desnoyers Signed-off-by: Peter Zijlstra (Intel) Tested-By: Florian Weimer Cc: stable@vger.kernel.org # v4.18+ Link: https://lkml.kernel.org/r/20200707201505.2632-1-mathieu.desnoyers@efficios.com commit dbfb089d360b1cc623c51a2c7cf9b99eff78e0e7 Author: Peter Zijlstra Date: Fri Jul 3 12:40:33 2020 +0200 sched: Fix loadavg accounting race The recent commit: c6e7bd7afaeb ("sched/core: Optimize ttwu() spinning on p->on_cpu") moved these lines in ttwu(): p->sched_contributes_to_load = !!task_contributes_to_load(p); p->state = TASK_WAKING; up before: smp_cond_load_acquire(&p->on_cpu, !VAL); into the 'p->on_rq == 0' block, with the thinking that once we hit schedule() the current task cannot change it's ->state anymore. And while this is true, it is both incorrect and flawed. It is incorrect in that we need at least an ACQUIRE on 'p->on_rq == 0' to avoid weak hardware from re-ordering things for us. This can fairly easily be achieved by relying on the control-dependency already in place. The second problem, which makes the flaw in the original argument, is that while schedule() will not change prev->state, it will read it a number of times (arguably too many times since it's marked volatile). The previous condition 'p->on_cpu == 0' was sufficient because that indicates schedule() has completed, and will no longer read prev->state. So now the trick is to make this same true for the (much) earlier 'prev->on_rq == 0' case. Furthermore, in order to make the ordering stick, the 'prev->on_rq = 0' assignment needs to he a RELEASE, but adding additional ordering to schedule() is an unwelcome proposition at the best of times, doubly so for mere accounting. Luckily we can push the prev->state load up before rq->lock, with the only caveat that we then have to re-read the state after. However, we know that if it changed, we no longer have to worry about the blocking path. This gives us the required ordering, if we block, we did the prev->state load before an (effective) smp_mb() and the p->on_rq store needs not change. With this we end up with the effective ordering: LOAD p->state LOAD-ACQUIRE p->on_rq == 0 MB STORE p->on_rq, 0 STORE p->state, TASK_WAKING which ensures the TASK_WAKING store happens after the prev->state load, and all is well again. Fixes: c6e7bd7afaeb ("sched/core: Optimize ttwu() spinning on p->on_cpu") Reported-by: Dave Jones Reported-by: Paul Gortmaker Signed-off-by: Peter Zijlstra (Intel) Tested-by: Dave Jones Tested-by: Paul Gortmaker Link: https://lkml.kernel.org/r/20200707102957.GN117543@hirez.programming.kicks-ass.net commit 00debf8109e5fad3db31375be2a3c515e1461b4a Author: Zenghui Yu Date: Mon Jul 6 22:47:13 2020 +0800 drm/hisilicon/hibmc: Move drm_fbdev_generic_setup() down to avoid the splat The HiSilicon hibmc driver triggers a splat at boot time as below [ 14.137806] ------------[ cut here ]------------ [ 14.142405] hibmc-drm 0000:0a:00.0: Device has not been registered. [ 14.148661] WARNING: CPU: 0 PID: 496 at drivers/gpu/drm/drm_fb_helper.c:2233 drm_fbdev_generic_setup+0x15c/0x1b8 [ 14.158787] [...] [ 14.278307] Call trace: [ 14.280742] drm_fbdev_generic_setup+0x15c/0x1b8 [ 14.285337] hibmc_pci_probe+0x354/0x418 [ 14.289242] local_pci_probe+0x44/0x98 [ 14.292974] work_for_cpu_fn+0x20/0x30 [ 14.296708] process_one_work+0x1c4/0x4e0 [ 14.300698] worker_thread+0x2c8/0x528 [ 14.304431] kthread+0x138/0x140 [ 14.307646] ret_from_fork+0x10/0x18 [ 14.311205] ---[ end trace a2000ec2d838af4d ]--- This turned out to be due to the fbdev device hasn't been registered when drm_fbdev_generic_setup() is invoked. Let's fix the splat by moving it down after drm_dev_register() which will follow the "Display driver example" documented by commit de99f0600a79 ("drm/drv: DOC: Add driver example code"). Signed-off-by: Zenghui Yu Reviewed-by: Thomas Zimmermann Signed-off-by: Xinliang Liu Link: https://patchwork.freedesktop.org/patch/msgid/20200706144713.1123-1-yuzenghui@huawei.com commit 8668115cf2db40e22e7be02652a3673d8d30c9f0 Author: Steve French Date: Tue Jul 7 23:43:39 2020 -0500 smb3: fix unneeded error message on change notify We should not be logging a warning repeatedly on change notify. CC: Stable # v5.6+ Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit 617894cd848f592fa84d7cf561dc80929afc66ff Merge: 9ebcfadb0610 b0536f9826a5 Author: Greg Kroah-Hartman Date: Wed Jul 8 09:20:50 2020 +0200 Merge tag 'iio-fixes-for-5.8a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus Jonathan writes: First set of IIO and counter fixes in the 5.8 cycle. The buffer alignment fixes continue to trickle through as we get reviews in. The rest are the standard mixed bag of long term issues just discovered an things we missed in this cycle. IIO fixes * core - Add missing IIO_MOD_H2 and ETHANOL strings. Somehow got missed when drivers were added using these in attribute names. * afe4403, afe4404, ak8974, hdc100x, hts221, ms5611 - Fix a recently identified issue with alignment when using iio_push_to_buffers_with_timestamp which assumes the timestamp is 8 byte aligned. * ad7780 - Fix a some premature / excess cleanup in an error path. * adi-axi-adc - Fix reference counting on the wrong object. * ak8974 - Fix unbalance runtime pm. * mma8452 - Fix missing iio_device_unregister in error path. * zp2326 - Error handling for pm_runtime_get_sync failing. counter fixes * Add lock guards in 104-quad-8 to protect against races - done in 2 patches to allow easy back porting. * tag 'iio-fixes-for-5.8a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio: iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' iio:pressure:ms5611 Fix buffer element alignment iio:humidity:hts221 Fix alignment and data leak issues iio:humidity:hdc100x Fix alignment and data leak issues iio:magnetometer:ak8974: Fix alignment and data leak issues iio: adc: adi-axi-adc: Fix object reference counting iio: pressure: zpa2326: handle pm_runtime_get_sync failure counter: 104-quad-8: Add lock guards - filter clock prescaler counter: 104-quad-8: Add lock guards - differential encoder iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers iio: magnetometer: ak8974: Fix runtime PM imbalance on error iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() iio:health:afe4404 Fix timestamp alignment and prevent data leak. iio:health:afe4403 Fix timestamp alignment and prevent data leak. commit ee769ebbe9e5fc7219e979fb7c5ed5bb5722649e Author: Xu Wang Date: Wed Jul 8 06:20:23 2020 +0000 xtensa: simplify xtensa_pmu_irq_handler Use for_each_set_bit() instead of open-coding it to simplify the code. Signed-off-by: Xu Wang Message-Id: <20200708062023.7986-1-vulab@iscas.ac.cn> Signed-off-by: Max Filippov commit 775802c0571fb438cd4f6548a323f9e4cb89f5aa Author: Christoph Hellwig Date: Fri May 8 11:17:46 2020 +0200 fs: remove __vfs_read Fold it into the two callers. Signed-off-by: Christoph Hellwig commit 6209dd9132e8ea5545cffc84483841e88ea8cc5b Author: Christoph Hellwig Date: Fri May 8 09:00:28 2020 +0200 fs: implement kernel_read using __kernel_read Consolidate the two in-kernel read helpers to make upcoming changes easier. The only difference are the missing call to rw_verify_area in kernel_read, and an access_ok check that doesn't make sense for kernel buffers to start with. Signed-off-by: Christoph Hellwig commit a1f9b1c0439db47ea10418b8ee7092a0d970cc2d Author: Christoph Hellwig Date: Fri May 8 08:54:27 2020 +0200 integrity/ima: switch to using __kernel_read __kernel_read has a bunch of additional sanity checks, and this moves the set_fs out of non-core code. Signed-off-by: Christoph Hellwig commit 61a707c543e2afe3aa7e88f87267c5dafa4b5afa Author: Christoph Hellwig Date: Fri May 8 08:54:16 2020 +0200 fs: add a __kernel_read helper This is the counterpart to __kernel_write, and skip the rw_verify_area call compared to kernel_read. Signed-off-by: Christoph Hellwig commit 53ad86266bda973b526078227997ca3fcb92c9be Author: Christoph Hellwig Date: Wed May 13 08:51:46 2020 +0200 fs: remove __vfs_write Fold it into the two callers. Signed-off-by: Christoph Hellwig commit 81238b2cff1469ff5b94390d026cd075105d6dcd Author: Christoph Hellwig Date: Thu May 7 19:33:03 2020 +0200 fs: implement kernel_write using __kernel_write Consolidate the two in-kernel write helpers to make upcoming changes easier. The only difference are the missing call to rw_verify_area in kernel_write, and an access_ok check that doesn't make sense for kernel buffers to start with. Signed-off-by: Christoph Hellwig commit a01ac27be4729f80176a45c54611b768dfbdc840 Author: Christoph Hellwig Date: Fri May 8 08:55:03 2020 +0200 fs: check FMODE_WRITE in __kernel_write Add a WARN_ON_ONCE if the file isn't actually open for write. This matches the check done in vfs_write, but actually warn warns as a kernel user calling write on a file not opened for writing is a pretty obvious programming error. Signed-off-by: Christoph Hellwig commit 9db97752244919c604eb21df7ef2da3bf58aec73 Author: Christoph Hellwig Date: Wed May 13 08:47:17 2020 +0200 fs: unexport __kernel_write This is a very special interface that skips sb_writes protection, and not used by modules anymore. Signed-off-by: Christoph Hellwig commit 6955a76fbcd56d27c84c01353101048e366d070f Author: Christoph Hellwig Date: Wed May 13 08:46:58 2020 +0200 bpfilter: switch to kernel_write While pipes don't really need sb_writers projection, __kernel_write is an interface better kept private, and the additional rw_verify_area does not hurt here. Signed-off-by: Christoph Hellwig commit 13c164b1a186dfe17d104d9638b86a06be1e40bf Author: Christoph Hellwig Date: Wed May 13 08:45:59 2020 +0200 autofs: switch to kernel_write While pipes don't really need sb_writers projection, __kernel_write is an interface better kept private, and the additional rw_verify_area does not hurt here. Signed-off-by: Christoph Hellwig Acked-by: Ian Kent commit 97c7990c4bf6423578f5b7317027ff8b6fb7cdf6 Author: Christoph Hellwig Date: Wed May 13 08:42:36 2020 +0200 cachefiles: switch to kernel_write __kernel_write doesn't take a sb_writers references, which we need here. Signed-off-by: Christoph Hellwig Reviewed-by: David Howells commit e094fd346021b820f37188aaa6b502c7490ab5b5 Author: Steve Schremmer Date: Tue Jul 7 17:07:22 2020 +0000 scsi: dh: Add Fujitsu device to devinfo and dh lists Add FUJITSU ETERNUS_AHB Link: https://lore.kernel.org/r/DM6PR06MB5276CCA765336BD312C4282E8C660@DM6PR06MB5276.namprd06.prod.outlook.com Signed-off-by: Steve Schremmer Signed-off-by: Martin K. Petersen commit 2e98c01846b2ce96cc41f60b70fd03cd47d3ac77 Author: yangerkun Date: Thu Jul 2 15:25:26 2020 +0800 cifs: remove the retry in cifs_poxis_lock_set The caller of cifs_posix_lock_set will do retry(like fcntl_setlk64->do_lock_file_wait) if we will wait for any file_lock. So the retry in cifs_poxis_lock_set seems duplicated, remove it to make a cleanup. Signed-off-by: yangerkun Signed-off-by: Steve French Reviewed-by: NeilBrown commit 0fd181456aa0826057adbfb6c79c40f4083cfd75 Author: Johannes Thumshirn Date: Wed Jul 1 22:14:54 2020 +0900 scsi: mpt3sas: Fix error returns in BRM_status_show BRM_status_show() has several error branches, but none of them record the error in the error return. Also while at it remove the manual mutex_unlock() of the pci_access_mutex in case of an ongoing pci error recovery or host removal and jump to the cleanup label instead. Note: We can safely jump to out from here as io_unit_pg3 is initialized to NULL and if it hasn't been allocated, kfree() skips the NULL pointer. [mkp: compilation warning] Link: https://lore.kernel.org/r/20200701131454.5255-1-johannes.thumshirn@wdc.com Reviewed-by: Damien Le Moal Acked-by: Sreekanth Reddy Signed-off-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen commit ed710a6ed797430026aa5116dd0ab22378798b69 Author: Ralph Campbell Date: Fri Jun 26 14:03:37 2020 -0700 drm/nouveau/nouveau: fix page fault on device private memory If system memory is migrated to device private memory and no GPU MMU page table entry exists, the GPU will fault and call hmm_range_fault() to get the PFN for the page. Since the .dev_private_owner pointer in struct hmm_range is not set, hmm_range_fault returns an error which results in the GPU program stopping with a fatal fault. Fix this by setting .dev_private_owner appropriately. Fixes: 08ddddda667b ("mm/hmm: check the device private page owner in hmm_range_fault()") Cc: stable@vger.kernel.org Signed-off-by: Ralph Campbell Reviewed-by: Jason Gunthorpe Signed-off-by: Ben Skeggs commit ad61f5f5e02e0aaf667efcd0c44ba5d70ea0b356 Author: Ralph Campbell Date: Mon Jun 22 16:38:52 2020 -0700 drm/nouveau/svm: fix migrate page regression The patch to add zero page migration to GPU memory inadvertently included part of a future change which broke normal page migration to GPU memory by copying too much data and corrupting GPU memory. Fix this by only copying one page instead of a byte count. Fixes: 9d4296a7d4b3 ("drm/nouveau/nouveau/hmm: fix migrate zero page to GPU") Signed-off-by: Ralph Campbell Reviewed-by: John Hubbard Signed-off-by: Ben Skeggs commit 0156e76d388310a490aeb0f2fbb5b284ded3aecc Author: Ben Skeggs Date: Tue Jun 23 16:39:13 2020 +1000 drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout Tegra TRM says worst-case reply time is 1216us, and this should fix some spurious timeouts that have been popping up. Signed-off-by: Ben Skeggs commit 72923e24f98aa5d99adeb83b7b4f0ec1496e5b5e Author: Ben Skeggs Date: Wed Jun 17 11:08:41 2020 +1000 drm/nouveau/kms/nv50-: bail from nv50_audio_disable() early if audio not enabled Prevents "snd_hda_codec_hdmi hdaudioC1D0: HDMI: pin nid 5 not registered" that occur on some configurations. Signed-off-by: Ben Skeggs commit 5a383d443b29a140094430f3ad1d02fa1acc2b80 Author: Chris Wilson Date: Mon Jul 6 18:01:38 2020 +0100 drm/i915/gt: Pin the rings before marking active On eviction, we acquire the vm->mutex and then wait on the vma->active. Therefore when binding and pinning the vma, we must follow the same sequence, lock/pin the vma then mark it active. Otherwise, we mark the vma as active, then wait for the vm->mutex, and meanwhile the evictor holding the mutex waits upon us to complete our activity. Fixes: 8ccfc20a7d56 ("drm/i915/gt: Mark ring->vma as active while pinned") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: # v5.6+ Reviewed-by: Matthew Auld Link: https://patchwork.freedesktop.org/patch/msgid/20200706170138.8993-1-chris@chris-wilson.co.uk (cherry picked from commit 8567774e87e23a57155e5102f81208729b992ae6) Signed-off-by: Rodrigo Vivi commit 4ef9b4f1a76ea2370fbfe20e80fef141ab92b65e Author: Steve French Date: Tue Jul 7 18:08:46 2020 -0500 smb3: fix access denied on change notify request to some servers read permission, not just read attributes permission, is required on the directory. See MS-SMB2 (protocol specification) section 3.3.5.19. Signed-off-by: Steve French CC: Stable # v5.6+ Reviewed-by: Pavel Shilovsky commit 086c18f2452d0028f81e319f098bcb8e53133dbf Author: Shannon Nelson Date: Tue Jul 7 14:13:26 2020 -0700 ionic: centralize queue reset code The queue reset pattern is used in a couple different places, only slightly different from each other, and could cause issues if one gets changed and the other didn't. This puts them together so that only one version is needed, yet each can have slighty different effects by passing in a pointer to a work function to do whatever configuration twiddling is needed in the middle of the reset. This specifically addresses issues seen where under loops of changing ring size or queue count parameters we could occasionally bump into the netdev watchdog. v2: added more commit message commentary Fixes: 4d03e00a2140 ("ionic: Add initial ethtool support") Signed-off-by: Shannon Nelson Acked-by: Jakub Kicinski Signed-off-by: David S. Miller commit 469aceddfa3ed16e17ee30533fae45e90f62efd8 Author: Toke Høiland-Jørgensen Date: Tue Jul 7 13:03:25 2020 +0200 vlan: consolidate VLAN parsing code and limit max parsing depth Toshiaki pointed out that we now have two very similar functions to extract the L3 protocol number in the presence of VLAN tags. And Daniel pointed out that the unbounded parsing loop makes it possible for maliciously crafted packets to loop through potentially hundreds of tags. Fix both of these issues by consolidating the two parsing functions and limiting the VLAN tag parsing to a max depth of 8 tags. As part of this, switch over __vlan_get_protocol() to use skb_header_pointer() instead of pskb_may_pull(), to avoid the possible side effects of the latter and keep the skb pointer 'const' through all the parsing functions. v2: - Use limit of 8 tags instead of 32 (matching XMIT_RECURSION_LIMIT) Reported-by: Toshiaki Makita Reported-by: Daniel Borkmann Fixes: d7bf2ebebc2b ("sched: consistently handle layer3 header accesses in the presence of VLANs") Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller commit da3287111ab43b32cec54d7ca6b48640f210a196 Author: Alexander Lobakin Date: Mon Jul 6 12:25:53 2020 +0300 net: qed: fix buffer overflow on ethtool -d When generating debug dump, driver firstly collects all data in binary form, and then performs per-feature formatting to human-readable if it is supported. For ethtool -d, this is roughly incorrect for two reasons. First of all, drivers should always provide only original raw dumps to Ethtool without any changes. The second, and more critical, is that Ethtool's output buffer size is strictly determined by ethtool_ops::get_regs_len(), and all data *must* fit in it. The current version of driver always returns the size of raw data, but the size of the formatted buffer exceeds it in most cases. This leads to out-of-bound writes and memory corruption. Address both issues by adding an option to return original, non-formatted debug data, and using it for Ethtool case. v2: - Expand commit message to make it more clear; - No functional changes. Fixes: c965db444629 ("qed: Add support for debug data collection") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: David S. Miller commit dcde237b9b0eb1d19306e6f48c0a4e058907619f Merge: 6d12075ddeed bee9ca1c8a23 Author: Linus Torvalds Date: Tue Jul 7 15:38:53 2020 -0700 Merge tag 'perf-tools-fixes-2020-07-07' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux Pull perf tooling fixes from Arnaldo Carvalho de Melo: - Intel PT fixes for PEBS-via-PT with registers - Fixes for Intel PT python based GUI - Avoid duplicated sideband events with Intel PT in system wide tracing - Remove needless 'dummy' event from TUI menu, used when synthesizing meta data events for pre-existing processes - Fix corner case segfault when pressing enter in a screen without entries in the TUI for report/top - Fixes for time stamp handling in libtraceevent - Explicitly set utf-8 encoding in perf flamegraph - Update arch/x86/lib/memcpy_64.S copy used in 'perf bench mem memcpy', silencing perf build warning * tag 'perf-tools-fixes-2020-07-07' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: perf report TUI: Remove needless 'dummy' event from menu perf intel-pt: Fix PEBS sample for XMM registers perf intel-pt: Fix displaying PEBS-via-PT with registers perf intel-pt: Fix recording PEBS-via-PT with registers perf report TUI: Fix segmentation fault in perf_evsel__hists_browse() tools lib traceevent: Add proper KBUFFER_TYPE_TIME_STAMP handling tools lib traceevent: Add API to read time information from kbuffer perf scripts python: exported-sql-viewer.py: Fix time chart call tree perf scripts python: exported-sql-viewer.py: Fix zero id in call tree 'Find' result perf scripts python: exported-sql-viewer.py: Fix zero id in call graph 'Find' result perf scripts python: exported-sql-viewer.py: Fix unexpanded 'Find' result perf record: Fix duplicated sideband events with Intel PT system wide tracing perf scripts python: export-to-postgresql.py: Fix struct.pack() int argument tools arch: Update arch/x86/lib/memcpy_64.S copy used in 'perf bench mem memcpy' perf flamegraph: Explicitly set utf-8 encoding commit 5fc6266af7b427243da24f3443a50cd4584aac06 Author: Linus Lüssing Date: Sun Jul 5 21:10:17 2020 +0200 bridge: mcast: Fix MLD2 Report IPv6 payload length check Commit e57f61858b7c ("net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling") introduced a bug in the IPv6 header payload length check which would potentially lead to rejecting a valid MLD2 Report: The check needs to take into account the 2 bytes for the "Number of Sources" field in the "Multicast Address Record" before reading it. And not the size of a pointer to this field. Fixes: e57f61858b7c ("net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling") Acked-by: Nikolay Aleksandrov Signed-off-by: Linus Lüssing Signed-off-by: David S. Miller commit 394de110a73395de2ca4516b0de435e91b11b604 Author: Martin Varghese Date: Sun Jul 5 14:23:49 2020 +0530 net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb The packets from tunnel devices (eg bareudp) may have only metadata in the dst pointer of skb. Hence a pointer check of neigh_lookup is needed in dst_neigh_lookup_skb Kernel crashes when packets from bareudp device is processed in the kernel neighbour subsytem. [ 133.384484] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 133.385240] #PF: supervisor instruction fetch in kernel mode [ 133.385828] #PF: error_code(0x0010) - not-present page [ 133.386603] PGD 0 P4D 0 [ 133.386875] Oops: 0010 [#1] SMP PTI [ 133.387275] CPU: 0 PID: 5045 Comm: ping Tainted: G W 5.8.0-rc2+ #15 [ 133.388052] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 133.391076] RIP: 0010:0x0 [ 133.392401] Code: Bad RIP value. [ 133.394029] RSP: 0018:ffffb79980003d50 EFLAGS: 00010246 [ 133.396656] RAX: 0000000080000102 RBX: ffff9de2fe0d6600 RCX: ffff9de2fe5e9d00 [ 133.399018] RDX: 0000000000000000 RSI: ffff9de2fe5e9d00 RDI: ffff9de2fc21b400 [ 133.399685] RBP: ffff9de2fe5e9d00 R08: 0000000000000000 R09: 0000000000000000 [ 133.400350] R10: ffff9de2fbc6be22 R11: ffff9de2fe0d6600 R12: ffff9de2fc21b400 [ 133.401010] R13: ffff9de2fe0d6628 R14: 0000000000000001 R15: 0000000000000003 [ 133.401667] FS: 00007fe014918740(0000) GS:ffff9de2fec00000(0000) knlGS:0000000000000000 [ 133.402412] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.402948] CR2: ffffffffffffffd6 CR3: 000000003bb72000 CR4: 00000000000006f0 [ 133.403611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 133.404270] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 133.404933] Call Trace: [ 133.405169] [ 133.405367] __neigh_update+0x5a4/0x8f0 [ 133.405734] arp_process+0x294/0x820 [ 133.406076] ? __netif_receive_skb_core+0x866/0xe70 [ 133.406557] arp_rcv+0x129/0x1c0 [ 133.406882] __netif_receive_skb_one_core+0x95/0xb0 [ 133.407340] process_backlog+0xa7/0x150 [ 133.407705] net_rx_action+0x2af/0x420 [ 133.408457] __do_softirq+0xda/0x2a8 [ 133.408813] asm_call_on_stack+0x12/0x20 [ 133.409290] [ 133.409519] do_softirq_own_stack+0x39/0x50 [ 133.410036] do_softirq+0x50/0x60 [ 133.410401] __local_bh_enable_ip+0x50/0x60 [ 133.410871] ip_finish_output2+0x195/0x530 [ 133.411288] ip_output+0x72/0xf0 [ 133.411673] ? __ip_finish_output+0x1f0/0x1f0 [ 133.412122] ip_send_skb+0x15/0x40 [ 133.412471] raw_sendmsg+0x853/0xab0 [ 133.412855] ? insert_pfn+0xfe/0x270 [ 133.413827] ? vvar_fault+0xec/0x190 [ 133.414772] sock_sendmsg+0x57/0x80 [ 133.415685] __sys_sendto+0xdc/0x160 [ 133.416605] ? syscall_trace_enter+0x1d4/0x2b0 [ 133.417679] ? __audit_syscall_exit+0x1d9/0x280 [ 133.418753] ? __prepare_exit_to_usermode+0x5d/0x1a0 [ 133.419819] __x64_sys_sendto+0x24/0x30 [ 133.420848] do_syscall_64+0x4d/0x90 [ 133.421768] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 133.422833] RIP: 0033:0x7fe013689c03 [ 133.423749] Code: Bad RIP value. [ 133.424624] RSP: 002b:00007ffc7288f418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 133.425940] RAX: ffffffffffffffda RBX: 000056151fc63720 RCX: 00007fe013689c03 [ 133.427225] RDX: 0000000000000040 RSI: 000056151fc63720 RDI: 0000000000000003 [ 133.428481] RBP: 00007ffc72890b30 R08: 000056151fc60500 R09: 0000000000000010 [ 133.429757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040 [ 133.431041] R13: 000056151fc636e0 R14: 000056151fc616bc R15: 0000000000000080 [ 133.432481] Modules linked in: mpls_iptunnel act_mirred act_tunnel_key cls_flower sch_ingress veth mpls_router ip_tunnel bareudp ip6_udp_tunnel udp_tunnel macsec udp_diag inet_diag unix_diag af_packet_diag netlink_diag binfmt_misc xt_MASQUERADE iptable_nat xt_addrtype xt_conntrack nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc ebtable_filter ebtables overlay ip6table_filter ip6_tables iptable_filter sunrpc ext4 mbcache jbd2 pcspkr i2c_piix4 virtio_balloon joydev ip_tables xfs libcrc32c ata_generic qxl pata_acpi drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm ata_piix libata virtio_net net_failover virtio_console failover virtio_blk i2c_core virtio_pci virtio_ring serio_raw floppy virtio dm_mirror dm_region_hash dm_log dm_mod [ 133.444045] CR2: 0000000000000000 [ 133.445082] ---[ end trace f4aeee1958fd1638 ]--- [ 133.446236] RIP: 0010:0x0 [ 133.447180] Code: Bad RIP value. [ 133.448152] RSP: 0018:ffffb79980003d50 EFLAGS: 00010246 [ 133.449363] RAX: 0000000080000102 RBX: ffff9de2fe0d6600 RCX: ffff9de2fe5e9d00 [ 133.450835] RDX: 0000000000000000 RSI: ffff9de2fe5e9d00 RDI: ffff9de2fc21b400 [ 133.452237] RBP: ffff9de2fe5e9d00 R08: 0000000000000000 R09: 0000000000000000 [ 133.453722] R10: ffff9de2fbc6be22 R11: ffff9de2fe0d6600 R12: ffff9de2fc21b400 [ 133.455149] R13: ffff9de2fe0d6628 R14: 0000000000000001 R15: 0000000000000003 [ 133.456520] FS: 00007fe014918740(0000) GS:ffff9de2fec00000(0000) knlGS:0000000000000000 [ 133.458046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.459342] CR2: ffffffffffffffd6 CR3: 000000003bb72000 CR4: 00000000000006f0 [ 133.460782] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 133.462240] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 133.463697] Kernel panic - not syncing: Fatal exception in interrupt [ 133.465226] Kernel Offset: 0xfa00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 133.467025] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- Fixes: aaa0c23cb901 ("Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug") Signed-off-by: Martin Varghese Signed-off-by: David S. Miller commit 8367b3ab6e9a26dec5d5d07ea3eae17a21035322 Author: wenxu Date: Sat Jul 4 15:42:47 2020 +0800 net/sched: act_ct: add miss tcf_lastuse_update. When tcf_ct_act execute the tcf_lastuse_update should be update or the used stats never update filter protocol ip pref 3 flower chain 0 filter protocol ip pref 3 flower chain 0 handle 0x1 eth_type ipv4 dst_ip 1.1.1.1 ip_flags frag/firstfrag skip_hw not_in_hw action order 1: ct zone 1 nat pipe index 1 ref 1 bind 1 installed 103 sec used 103 sec Action statistics: Sent 151500 bytes 101 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 4519c04dc64a1a295787aab13b6a50fb Signed-off-by: wenxu Signed-off-by: David S. Miller commit f0b594dfa47555d8d69e6865c882d65a9054cb81 Author: Sebastian Andrzej Siewior Date: Fri Jul 3 18:44:32 2020 +0200 net/mlx5e: Do not include rwlock.h directly rwlock.h should not be included directly. Instead linux/splinlock.h should be included. Including it directly will break the RT build. Fixes: 549c243e4e010 ("net/mlx5e: Extract neigh-specific code from en_rep.c to rep/neigh.c") Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Leon Romanovsky Acked-by: Saeed Mahameed Signed-off-by: David S. Miller commit 9c29e36152748fd623fcff6cc8f538550f9eeafc Author: Paolo Abeni Date: Fri Jul 3 18:06:04 2020 +0200 mptcp: fix DSS map generation on fin retransmission The RFC 8684 mandates that no-data DATA FIN packets should carry a DSS with 0 sequence number and data len equal to 1. Currently, on FIN retransmission we re-use the existing mapping; if the previous fin transmission was part of a partially acked data packet, we could end-up writing in the egress packet a non-compliant DSS. The above will be detected by a "Bad mapping" warning on the receiver side. This change addresses the issue explicitly checking for 0 len packet when adding the DATA_FIN option. Fixes: 6d0060f600ad ("mptcp: Write MPTCP DSS headers to outgoing data packets") Reported-by: syzbot+42a07faa5923cfaeb9c9@syzkaller.appspotmail.com Tested-by: Christoph Paasch Reviewed-by: Christoph Paasch Reviewed-by: Mat Martineau Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller commit 5eff06902394425c722f0a44d9545909a8800f79 Author: Sabrina Dubroca Date: Fri Jul 3 17:00:32 2020 +0200 ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg IPv4 ping sockets don't set fl4.fl4_icmp_{type,code}, which leads to incomplete IPsec ACQUIRE messages being sent to userspace. Currently, both raw sockets and IPv6 ping sockets set those fields. Expected output of "ip xfrm monitor": acquire proto esp sel src 10.0.2.15/32 dst 8.8.8.8/32 proto icmp type 8 code 0 dev ens4 policy src 10.0.2.15/32 dst 8.8.8.8/32 Currently with ping sockets: acquire proto esp sel src 10.0.2.15/32 dst 8.8.8.8/32 proto icmp type 0 code 0 dev ens4 policy src 10.0.2.15/32 dst 8.8.8.8/32 The Libreswan test suite found this problem after Fedora changed the value for the sysctl net.ipv4.ping_group_range. Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind") Reported-by: Paul Wouters Tested-by: Paul Wouters Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller commit 7cdaa4cc4bdfa252d515b307863f5a1972246dd6 Author: Tobias Waldekranz Date: Fri Jul 3 16:10:58 2020 +0200 net: ethernet: fec: prevent tx starvation under high rx load In the ISR, we poll the event register for the queues in need of service and then enter polled mode. After this point, the event register will never be read again until we exit polled mode. In a scenario where a UDP flow is routed back out through the same interface, i.e. "router-on-a-stick" we'll typically only see an rx queue event initially. Once we start to process the incoming flow we'll be locked polled mode, but we'll never clean the tx rings since that event is never caught. Eventually the netdev watchdog will trip, causing all buffers to be dropped and then the process starts over again. Rework the NAPI poll to keep trying to consome the entire budget as long as new events are coming in, making sure to service all rx/tx queues, in priority order, on each pass. Fixes: 4d494cdc92b3 ("net: fec: change data structure to support multiqueue") Signed-off-by: Tobias Waldekranz Tested-by: Fugang Duan Reviewed-by: Fugang Duan Signed-off-by: David S. Miller commit 28b18e4eb515af7c6661c3995c6e3c34412c2874 Author: Tom Rix Date: Fri Jul 3 06:33:59 2020 -0700 net: sky2: initialize return of gm_phy_read clang static analysis flags this garbage return drivers/net/ethernet/marvell/sky2.c:208:2: warning: Undefined or garbage value returned to caller [core.uninitialized.UndefReturn] return v; ^~~~~~~~ static inline u16 gm_phy_read( ... { u16 v; __gm_phy_read(hw, port, reg, &v); return v; } __gm_phy_read can return without setting v. So handle similar to skge.c's gm_phy_read, initialize v. Signed-off-by: Tom Rix Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 6d12075ddeedc38d25c5b74e929e686158da728c Merge: aa27b32b76d0 880bc529bae2 Author: Linus Torvalds Date: Tue Jul 7 14:54:02 2020 -0700 Merge tag 'mtd/fixes-for-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux Pull MTD fixes from Miquel Raynal: "MTD: - Set a missing master partition panic write flag Raw NAND: - Fix build issue in the xway driver - Fix a wrong return code" * tag 'mtd/fixes-for-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux: mtd: rawnand: xway: Fix build issue mtd: set master partition panic write flag nandsim: Fix return code testing of ns_find_operation() commit 20f829999c38b18e3d17f9e40dea3a28f721fac4 Author: Andreas Gruenbacher Date: Wed Jul 1 19:25:19 2020 +0200 gfs2: Rework read and page fault locking So far, gfs2 has taken the inode glocks inside the ->readpage and ->readahead address space operations. Since commit d4388340ae0b ("fs: convert mpage_readpages to mpage_readahead"), gfs2_readahead is passed the pages to read ahead locked. With that, the current holder of the inode glock may be trying to lock one of those pages while gfs2_readahead is trying to take the inode glock, resulting in a deadlock. Fix that by moving the lock taking to the higher-level ->read_iter file and ->fault vm operations. This also gets rid of an ugly lock inversion workaround in gfs2_readpage. The cache consistency model of filesystems like gfs2 is such that if data is found in the page cache, the data is up to date and can be used without taking any filesystem locks. If a page is not cached, filesystem locks must be taken before populating the page cache. To avoid taking the inode glock when the data is already cached, gfs2_file_read_iter first tries to read the data with the IOCB_NOIO flag set. If that fails, the inode glock is taken and the operation is retried with the IOCB_NOIO flag cleared. Signed-off-by: Andreas Gruenbacher commit 41da51bce36f44eefc1e3d0f47d18841cbd065ba Author: Andreas Gruenbacher Date: Thu Nov 21 23:25:07 2019 +0000 fs: Add IOCB_NOIO flag for generic_file_read_iter Add an IOCB_NOIO flag that indicates to generic_file_read_iter that it shouldn't trigger any filesystem I/O for the actual request or for readahead. This allows to do tentative reads out of the page cache as some filesystems allow, and to take the appropriate locks and retry the reads only if the requested pages are not cached. Signed-off-by: Andreas Gruenbacher commit aa27b32b76d0b1b242d43977da0e5358da1c825f Merge: 9e4d7696213f 0465337c5599 Author: Linus Torvalds Date: Tue Jul 7 14:10:33 2020 -0700 Merge tag 'for-5.8-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs fixes from David Sterba: - regression fix of a leak in global block reserve accounting - fix a (hard to hit) race of readahead vs releasepage that could lead to crash - convert all remaining uses of comment fall through annotations to the pseudo keyword - fix crash when mounting a fuzzed image with -o recovery * tag 'for-5.8-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: reset tree root pointer after error in init_tree_roots btrfs: fix reclaim_size counter leak after stealing from global reserve btrfs: fix fatal extent_buffer readahead vs releasepage race btrfs: convert comments to fallthrough annotations commit 9e4d7696213f0231f7a54512da4b8514eb316edb Merge: a6bc851ffe0b 10011f7d95de Author: Linus Torvalds Date: Tue Jul 7 13:43:43 2020 -0700 Merge tag 'arc-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC fixes from Vineet Gupta: - User build systems to pass -mcpu - Fix potential EFA clobber in syscall handler - Fix ARCompact 2 levels of interrupts build - Detect newer HS CPU releases - misc other fixes * tag 'arc-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARCv2: support loop buffer (LPB) disabling ARC: build: remove deprecated toggle for arc700 builds ARC: build: allow users to specify -mcpu ARCv2: boot log: detect newer/upconing HS3x/HS4x releases ARC: elf: use right ELF_ARCH ARC: [arcompact] fix bitrot with 2 levels of interrupt ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE commit ad0f75e5f57ccbceec13274e1e242f2b5a6397ed Author: Cong Wang Date: Thu Jul 2 11:52:56 2020 -0700 cgroup: fix cgroup_sk_alloc() for sk_clone_lock() When we clone a socket in sk_clone_lock(), its sk_cgrp_data is copied, so the cgroup refcnt must be taken too. And, unlike the sk_alloc() path, sock_update_netprioidx() is not called here. Therefore, it is safe and necessary to grab the cgroup refcnt even when cgroup_sk_alloc is disabled. sk_clone_lock() is in BH context anyway, the in_interrupt() would terminate this function if called there. And for sk_alloc() skcd->val is always zero. So it's safe to factor out the code to make it more readable. The global variable 'cgroup_sk_alloc_disabled' is used to determine whether to take these reference counts. It is impossible to make the reference counting correct unless we save this bit of information in skcd->val. So, add a new bit there to record whether the socket has already taken the reference counts. This obviously relies on kmalloc() to align cgroup pointers to at least 4 bytes, ARCH_KMALLOC_MINALIGN is certainly larger than that. This bug seems to be introduced since the beginning, commit d979a39d7242 ("cgroup: duplicate cgroup reference when cloning sockets") tried to fix it but not compeletely. It seems not easy to trigger until the recent commit 090e28b229af ("netprio_cgroup: Fix unlimited memory leak of v2 cgroups") was merged. Fixes: bd1060a1d671 ("sock, cgroup: add sock->sk_cgroup") Reported-by: Cameron Berkenpas Reported-by: Peter Geis Reported-by: Lu Fengqi Reported-by: Daniël Sonck Reported-by: Zhang Qiang Tested-by: Cameron Berkenpas Tested-by: Peter Geis Tested-by: Thomas Lamprecht Cc: Daniel Borkmann Cc: Zefan Li Cc: Tejun Heo Cc: Roman Gushchin Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit a6bc851ffe0b246ab4f8aa0d01620fbc08d0441f Merge: bfe91da29bfa 786a2aa281f4 Author: Linus Torvalds Date: Tue Jul 7 13:26:00 2020 -0700 Merge tag 'tpmdd-next-v5.8-rc5' of git://git.infradead.org/users/jjs/linux-tpmdd Pull tpm fix from Jarkko Sakkinen: "Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102"). Removing IFX0102 from tpm_tis was not a right move because both tpm_tis and tpm_infineon use the same device ID. A real fix requires quirks added to both drivers. It can probably wait until v5.9 as the bug has existed since 2006" * tag 'tpmdd-next-v5.8-rc5' of git://git.infradead.org/users/jjs/linux-tpmdd: Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") commit aea23c323d89836bcdcee67e49def997ffca043b Author: David Ahern Date: Tue Jul 7 07:39:24 2020 -0600 ipv6: Fix use of anycast address with loopback Thomas reported a regression with IPv6 and anycast using the following reproducer: echo 1 > /proc/sys/net/ipv6/conf/all/forwarding ip -6 a add fc12::1/16 dev lo sleep 2 echo "pinging lo" ping6 -c 2 fc12:: The conversion of addrconf_f6i_alloc to use ip6_route_info_create missed the use of fib6_is_reject which checks addresses added to the loopback interface and sets the REJECT flag as needed. Update fib6_is_reject for loopback checks to handle RTF_ANYCAST addresses. Fixes: c7a1ce397ada ("ipv6: Change addrconf_f6i_alloc to use ip6_route_info_create") Reported-by: thomas.gambier@nexedi.com Signed-off-by: David Ahern Signed-off-by: David S. Miller commit f815dd5cf48b905eeecf0a2b990e9b7ab048b4f1 Author: AceLan Kao Date: Tue Jul 7 16:14:45 2020 +0800 net: usb: qmi_wwan: add support for Quectel EG95 LTE modem Add support for Quectel Wireless Solutions Co., Ltd. EG95 LTE modem T: Bus=01 Lev=01 Prnt=01 Port=02 Cnt=02 Dev#= 5 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=2c7c ProdID=0195 Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#=0x0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#=0x1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) I: If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) Signed-off-by: AceLan Kao Acked-by: Bjørn Mork Signed-off-by: David S. Miller commit 92cffd48bfb3647552e73c41c4a95bbd04385b08 Merge: 34fe5a1cf95c a21c1f028fba Author: David S. Miller Date: Tue Jul 7 12:43:18 2020 -0700 Merge branch 'net-ipa-fix-warning-reported-errors' Alex Elder says: ==================== net: ipa: fix warning-reported errors Building the kernel with W=1 produces numerous warnings for the IPA code. Some of those warnings turn out to flag real problems, and this series fixes them. The first patch fixes the most important ones, but the second and third are problems I think are worth treating as bugs as well. Note: I'll happily combine any of these if someone prefers that. ==================== Signed-off-by: David S. Miller commit a21c1f028fbae8c8e2e2602d3ea206fefa448d73 Author: Alex Elder Date: Mon Jul 6 18:10:10 2020 -0500 net: ipa: include declarations in "ipa_gsi.c" Include "ipa_gsi.h" in "ipa_gsi.c", so the public functions are defined before they are used in "ipa_gsi.c". This addresses some warnings that are reported with a "W=1" build. Fixes: c3f398b141a8 ("soc: qcom: ipa: IPA interface to GSI") Signed-off-by: Alex Elder Signed-off-by: David S. Miller commit 3c90e95bd958285d416e83cffda82ddc92d91294 Author: Alex Elder Date: Mon Jul 6 18:10:09 2020 -0500 net: ipa: declare struct types in "ipa_gsi.h" Pointers to two struct types are used in "ipa_gsi.h", without those struct types being forward-declared. Add these declarations. Fixes: c3f398b141a8 ("soc: qcom: ipa: IPA interface to GSI") Signed-off-by: Alex Elder Signed-off-by: David S. Miller commit 74478ea4ded519db35cb1f059948b1e713bb4abf Author: Alex Elder Date: Mon Jul 6 18:10:08 2020 -0500 net: ipa: fix QMI structure definition bugs Building with "W=1" did exactly what it was supposed to do, namely point out some suspicious-looking code to be verified not to contain bugs. Some QMI message structures defined in "ipa_qmi_msg.c" contained some bad field names (duplicating the "elem_size" field instead of defining the "offset" field), almost certainly due to copy/paste errors that weren't obvious in a scan of the code. Fix these bugs. Fixes: 530f9216a953 ("soc: qcom: ipa: AP/modem communications") Signed-off-by: Alex Elder Signed-off-by: David S. Miller commit 880bc529bae2257d05a767f7f5c24fd61a47b605 Author: Miquel Raynal Date: Fri Jun 26 08:55:11 2020 +0200 mtd: rawnand: xway: Fix build issue This MIPS driver does not support COMPILE_TEST yet and failed to build under my radar. Replace 'mtd' chich is not defined in the scope of xway_nand_remove() by nand_to_mtd(chip). The mistake has been added in the long series dropping nand_release(). Tested with a 7.3.0 MIPS GCC toolchain built with Buildroot. Fixes: 9fdd78f7bcda ("mtd: rawnand: xway: Stop using nand_release()") Reported-by: kernel test robot Signed-off-by: Miquel Raynal Link: https://lore.kernel.org/linux-mtd/20200626065511.16424-1-miquel.raynal@bootlin.com commit 17d51429da722cd8fc77a365a112f008abf4f8b3 Author: David Pedersen Date: Mon Jul 6 18:48:51 2020 -0700 Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list This fixes two finger trackpad scroll on the Lenovo XiaoXin Air 12. Without nomux, the trackpad behaves as if only one finger is present and moves the cursor when trying to scroll. Signed-off-by: David Pedersen Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200625133754.291325-1-limero1337@gmail.com Signed-off-by: Dmitry Torokhov commit 876d4e1e8298ad1f94d9e9392fc90486755437b4 Author: Peter Chen Date: Tue Jul 7 14:06:01 2020 +0800 usb: chipidea: core: add wakeup support for extcon If wakeup event occurred by extcon event, it needs to call ci_irq again since the first ci_irq calling at extcon notifier only wakes up controller, but do noop for event handling, it causes the extcon use case can't work well from low power mode. Cc: Fixes: 3ecb3e09b042 ("usb: chipidea: Use extcon framework for VBUS and ID detect") Reported-by: Philippe Schenker Tested-by: Philippe Schenker Signed-off-by: Peter Chen Link: https://lore.kernel.org/r/20200707060601.31907-2-peter.chen@kernel.org Signed-off-by: Greg Kroah-Hartman commit 85067747cf9888249fa11fa49ef75af5192d3988 Author: Ming Lei Date: Wed Jun 24 16:00:58 2020 -0400 dm: do not use waitqueue for request-based DM Given request-based DM now uses blk-mq's blk_mq_queue_inflight() to determine if outstanding IO has completed (and DM has no control over the blk-mq state machine used to track outstanding IO) it is unsafe to wakeup waiter (dm_wait_for_completion) before blk-mq has cleared a request's state bits (e.g. MQ_RQ_IN_FLIGHT or MQ_RQ_COMPLETE). As such dm_wait_for_completion() could be left to wait indefinitely if no other requests complete. Fix this by eliminating request-based DM's use of waitqueue to wait for blk-mq requests to complete in dm_wait_for_completion. Signed-off-by: Ming Lei Depends-on: 3c94d83cb3526 ("blk-mq: change blk_mq_queue_busy() to blk_mq_queue_inflight()") Cc: stable@vger.kernel.org Signed-off-by: Mike Snitzer commit da6902e5b6dbca9081e3d377f9802d4fd0c5ea59 Author: AceLan Kao Date: Tue Jul 7 16:15:53 2020 +0800 USB: serial: option: add Quectel EG95 LTE modem Add support for Quectel Wireless Solutions Co., Ltd. EG95 LTE modem T: Bus=01 Lev=01 Prnt=01 Port=02 Cnt=02 Dev#= 5 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=2c7c ProdID=0195 Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#=0x0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#=0x1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) I: If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) Signed-off-by: AceLan Kao Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold commit 05a4fed69ff00a8bd83538684cb602a4636b07a7 Author: Ming Lei Date: Tue Jul 7 11:04:33 2020 -0400 blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight() dm-multipath is the only user of blk_mq_queue_inflight(). When dm-multipath calls blk_mq_queue_inflight() to check if it has outstanding IO it can get a false negative. The reason for this is blk_mq_rq_inflight() doesn't consider requests that are no longer MQ_RQ_IN_FLIGHT but that are now MQ_RQ_COMPLETE (->complete isn't called or finished yet) as "inflight". This causes request-based dm-multipath's dm_wait_for_completion() to return before all outstanding dm-multipath requests have actually completed. This breaks DM multipath's suspend functionality because blk-mq requests complete after DM's suspend has finished -- which shouldn't happen. Fix this by considering any request not in the MQ_RQ_IDLE state (so either MQ_RQ_COMPLETE or MQ_RQ_IN_FLIGHT) as "inflight" in blk_mq_rq_inflight(). Fixes: 3c94d83cb3526 ("blk-mq: change blk_mq_queue_busy() to blk_mq_queue_inflight()") Signed-off-by: Ming Lei Signed-off-by: Mike Snitzer Cc: stable@vger.kernel.org Signed-off-by: Jens Axboe commit 14b0e83dc4f1e52b94acaeb85a18fd7fdd46d2dc Author: Vishwas M Date: Tue Jul 7 19:57:47 2020 +0530 hwmon: (emc2103) fix unable to change fan pwm1_enable attribute This patch fixes a bug which does not let FAN mode to be changed from sysfs(pwm1_enable). i.e pwm1_enable can not be set to 3, it will always remain at 0. This is caused because the device driver handles the result of "read_u8_from_i2c(client, REG_FAN_CONF1, &conf_reg)" incorrectly. The driver thinks an error has occurred if the (result != 0). This has been fixed by changing the condition to (result < 0). Signed-off-by: Vishwas M Link: https://lore.kernel.org/r/20200707142747.118414-1-vishwas.reddy.vr@gmail.com Fixes: 9df7305b5a86 ("hwmon: Add driver for SMSC EMC2103 temperature monitor and fan controller") Cc: stable@vger.kernel.org Signed-off-by: Guenter Roeck commit f28e360f29031fdef8df3a1bcad666243bd6872d Author: Naveen Krishna Chatradhi Date: Mon Jul 6 22:47:15 2020 +0530 hwmon: (amd_energy) match for supported models The energy counters of certain models seems to be reporting inconsistent values. Hence, match for the supported models. Signed-off-by: Naveen Krishna Chatradhi Fixes: 8abee9566b7e ("hwmon: Add amd_energy driver to report energy counters") Link: https://lore.kernel.org/r/20200706171715.124993-1-nchatrad@amd.com Signed-off-by: Guenter Roeck commit 04e484c5973ed0f9234c97685c3c5e1ebf0d6eb6 Author: Qu Wenruo Date: Fri Jul 3 15:05:50 2020 +0800 btrfs: discard: add missing put when grabbing block group from unused list [BUG] The following small test script can trigger ASSERT() at unmount time: mkfs.btrfs -f $dev mount $dev $mnt mount -o remount,discard=async $mnt umount $mnt The call trace: assertion failed: atomic_read(&block_group->count) == 1, in fs/btrfs/block-group.c:3431 ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.h:3204! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 10389 Comm: umount Tainted: G O 5.8.0-rc3-custom+ #68 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: btrfs_free_block_groups.cold+0x22/0x55 [btrfs] close_ctree+0x2cb/0x323 [btrfs] btrfs_put_super+0x15/0x17 [btrfs] generic_shutdown_super+0x72/0x110 kill_anon_super+0x18/0x30 btrfs_kill_super+0x17/0x30 [btrfs] deactivate_locked_super+0x3b/0xa0 deactivate_super+0x40/0x50 cleanup_mnt+0x135/0x190 __cleanup_mnt+0x12/0x20 task_work_run+0x64/0xb0 __prepare_exit_to_usermode+0x1bc/0x1c0 __syscall_return_slowpath+0x47/0x230 do_syscall_64+0x64/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The code: ASSERT(atomic_read(&block_group->count) == 1); btrfs_put_block_group(block_group); [CAUSE] Obviously it's some btrfs_get_block_group() call doesn't get its put call. The offending btrfs_get_block_group() happens here: void btrfs_mark_bg_unused(struct btrfs_block_group *bg) { if (list_empty(&bg->bg_list)) { btrfs_get_block_group(bg); list_add_tail(&bg->bg_list, &fs_info->unused_bgs); } } So every call sites removing the block group from unused_bgs list should reduce the ref count of that block group. However for async discard, it didn't follow the call convention: void btrfs_discard_punt_unused_bgs_list(struct btrfs_fs_info *fs_info) { list_for_each_entry_safe(block_group, next, &fs_info->unused_bgs, bg_list) { list_del_init(&block_group->bg_list); btrfs_discard_queue_work(&fs_info->discard_ctl, block_group); } } And in btrfs_discard_queue_work(), it doesn't call btrfs_put_block_group() either. [FIX] Fix the problem by reducing the reference count when we grab the block group from unused_bgs list. Reported-by: Marcos Paulo de Souza Fixes: 6e80d4f8c422 ("btrfs: handle empty block_group removal for async discard") CC: stable@vger.kernel.org # 5.6+ Tested-by: Marcos Paulo de Souza Reviewed-by: Anand Jain Signed-off-by: Qu Wenruo Reviewed-by: David Sterba Signed-off-by: David Sterba commit 503ed52225ed3d369c8e0dedf13556a7bc1e5c2b Author: Nicolin Chen Date: Mon Jul 6 21:58:29 2020 -0700 MAINTAINERS: Add Shengjiu to reviewer list of sound/soc/fsl Add Shengjiu who's actively working on the latest fsl/nxp audio drivers. Signed-off-by: Nicolin Chen Reviewed-by: Fabio Estevam Acked-by: Shengjiu Wang Link: https://lore.kernel.org/r/20200707045829.10002-1-nicoleotsuka@gmail.com Signed-off-by: Mark Brown commit 58f30150ffd6d95efa524ff05bbcee4e95bfa870 Author: Maxime Ripard Date: Tue Jul 7 09:42:37 2020 +0200 ASoC: core: Remove only the registered component in devm functions The ASoC devm_ functions that register a component (devm_snd_soc_register_component and devm_snd_dmaengine_pcm_register) will clean their component by running snd_soc_unregister_component. snd_soc_unregister_component will then remove all the components for the device that was used to register the component in the first place. However, some drivers register several components (such as a DAI and a dmaengine PCM) on the same device, and if the dmaengine PCM is registered first, then the DAI will be cleaned up first and snd_dmaengine_pcm_unregister will be called next. snd_dmaengine_pcm_unregister will then lookup the dmaengine PCM component on the device, and if there's one unregister that component and release its dmaengine channels. That doesn't happen in practice though since the first call to snd_soc_unregister_component removed all the components, so we never get the chance to release the dmaengine channels. In order to fix this, instead of removing all the components for a given device, we can simply remove the component that was registered in the first place. We should have the same number of component registration than we have components, so it should work just fine. Signed-off-by: Maxime Ripard Link: https://lore.kernel.org/r/20200707074237.287171-1-maxime@cerno.tech Signed-off-by: Mark Brown commit e13762abf38ead29071407f32b9dcec38f21dc34 Author: Maciej S. Szmigiero Date: Sun Jul 5 19:34:57 2020 +0200 HID: logitech-hidpp: avoid repeated "multiplier = " log messages These messages appear each time the mouse wakes from sleep, in my case (Logitech M705), every minute or so. Let's downgrade them to the "debug" level so they don't fill the kernel log by default. While we are at it, let's make clear that this is a wheel multiplier (and not, for example, XY movement multiplier). Fixes: 4435ff2f09a2 ("HID: logitech: Enable high-resolution scrolling on Logitech mice") Cc: stable@vger.kernel.org Signed-off-by: Maciej S. Szmigiero Reviewed-by: Harry Cutts Signed-off-by: Jiri Kosina commit 7f02bb6239f5e443cfe8af923ab2764561a833f6 Author: Mazin Rezk Date: Sun Jul 5 02:48:17 2020 +0000 HID: logitech: Use HIDPP_RECEIVER_INDEX instead of 0xff Some parts of hid-logitech-dj explicitly referred to 0xff for the receiver index. This patch changes those references to the HIDPP_RECEIVER_INDEX definition. Signed-off-by: Mazin Rezk Reviewed-by: Filipe Laíns Signed-off-by: Jiri Kosina commit f79a732a8325dfbd570d87f1435019d7e5501c6d Author: Vinod Koul Date: Mon Jun 29 19:17:37 2020 +0530 ALSA: compress: fix partial_drain completion state On partial_drain completion we should be in SNDRV_PCM_STATE_RUNNING state, so set that for partially draining streams in snd_compr_drain_notify() and use a flag for partially draining streams While at it, add locks for stream state change in snd_compr_drain_notify() as well. Fixes: f44f2a5417b2 ("ALSA: compress: fix drain calls blocking other compress functions (v6)") Reviewed-by: Srinivas Kandagatla Tested-by: Srinivas Kandagatla Reviewed-by: Charles Keepax Tested-by: Charles Keepax Signed-off-by: Vinod Koul Link: https://lore.kernel.org/r/20200629134737.105993-4-vkoul@kernel.org Signed-off-by: Takashi Iwai commit b6a1e78b96a5d7f312f08b3a470eb911ab5feec0 Author: Pavel Hofman Date: Fri Jul 3 12:04:33 2020 +0200 ALSA: usb-audio: Add implicit feedback quirk for RTX6001 USB Audio analyzer RTX6001 uses the same implicit feedback quirk as other XMOS-based devices. Signed-off-by: Pavel Hofman Tested-by: Pavel Hofman Cc: Link: https://lore.kernel.org/r/822f0f20-1886-6884-a6b2-d11c685cbafa@ivitera.com Signed-off-by: Takashi Iwai commit e337bf19f6af38d5c3fa6d06cd594e0f890ca1ac Author: Hector Martin Date: Thu Jul 2 16:14:33 2020 +0900 ALSA: usb-audio: add quirk for MacroSilicon MS2109 These devices claim to be 96kHz mono, but actually are 48kHz stereo with swapped channels and unaligned transfers. Cc: stable@vger.kernel.org Signed-off-by: Hector Martin Link: https://lore.kernel.org/r/20200702071433.237843-1-marcan@marcan.st Signed-off-by: Takashi Iwai commit 781c90c034d994c6a4e2badf189128a95ed864c2 Author: Jian-Hong Pan Date: Mon Jul 6 15:18:29 2020 +0800 ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC The Acer Veriton N4660G desktop's audio (1025:1248) with ALC269VC cannot detect the headset microphone until ALC269VC_FIXUP_ACER_MIC_NO_PRESENCE quirk maps the NID 0x18 as the headset mic pin. Signed-off-by: Jian-Hong Pan Cc: Link: https://lore.kernel.org/r/20200706071826.39726-3-jian-hong@endlessm.com Signed-off-by: Takashi Iwai commit 6e15d1261d522d1d222f8f89b23c6966905e9049 Author: Jian-Hong Pan Date: Mon Jul 6 15:18:27 2020 +0800 ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC The Acer Aspire C20-820 AIO's audio (1025:1065) with ALC269VC can't detect the headset microphone until ALC269VC_FIXUP_ACER_HEADSET_MIC quirk maps the NID 0x18 as the headset mic pin. Signed-off-by: Jian-Hong Pan Signed-off-by: Daniel Drake Cc: Link: https://lore.kernel.org/r/20200706071826.39726-2-jian-hong@endlessm.com Signed-off-by: Takashi Iwai commit 8eae7e9b3967f08efaa4d70403aec513cbe45ad0 Author: Jian-Hong Pan Date: Mon Jul 6 15:18:25 2020 +0800 ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC The Acer desktop vCopperbox with ALC269VC cannot detect the MIC of headset, the line out and internal speaker until ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS quirk applied. Signed-off-by: Jian-Hong Pan Signed-off-by: Chris Chiu Cc: Link: https://lore.kernel.org/r/20200706071826.39726-1-jian-hong@endlessm.com Signed-off-by: Takashi Iwai commit 9774dc218bb628974dcbc76412f970e9258e5f27 Author: Benjamin Poirier Date: Fri Jul 3 17:00:04 2020 +0900 ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id 1) In snd_hda_pick_fixup(), quirks are first matched by PCI SSID and then, if there is no match, by codec SSID. The Lenovo "ThinkPad X1 Carbon 7th" has an audio chip with PCI SSID 0x2292 and codec SSID 0x2293[1]. Therefore, fix the quirk meant for that device to match on .subdevice == 0x2292. 2) The "Thinkpad X1 Yoga 7th" does not exist. The companion product to the Carbon 7th is the Yoga 4th. That device has an audio chip with PCI SSID 0x2292 and codec SSID 0x2292[2]. Given the behavior of snd_hda_pick_fixup(), it is not possible to have a separate quirk for the Yoga based on SSID. Therefore, merge the quirks meant for the Carbon and Yoga. This preserves the current behavior for the Yoga. [1] This is the case on my own machine and can also be checked here https://github.com/linuxhw/LsPCI/tree/master/Notebook/Lenovo/ThinkPad https://gist.github.com/hamidzr/dd81e429dc86f4327ded7a2030e7d7d9#gistcomment-3225701 [2] https://github.com/linuxhw/LsPCI/tree/master/Convertible/Lenovo/ThinkPad https://gist.github.com/hamidzr/dd81e429dc86f4327ded7a2030e7d7d9#gistcomment-3176355 Fixes: d2cd795c4ece ("ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen") Fixes: 54a6a7dc107d ("ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen") Cc: Jaroslav Kysela Cc: Kailang Yang Tested-by: Vincent Bernat Tested-by: Even Brenden Signed-off-by: Benjamin Poirier Cc: Link: https://lore.kernel.org/r/20200703080005.8942-2-benjamin.poirier@gmail.com Signed-off-by: Takashi Iwai commit 90670fdfcf210f997c18490922bd3603b248f349 Author: Kai Vehmanen Date: Fri Jul 3 18:38:18 2020 +0300 ALSA: hda/hdmi: improve debug traces for stream lookups The HDMI codec driver has two debug traces printed from different functions but with identical message content: "HDMI: hinfo 000000006a6b84d9 not registered" Fix this duplication and also add a bit more context in addition to raw object pointer, to help analysis of kernel logs. Reviewed-by: Ranjani Sridharan Reviewed-by: Pierre-Louis Bossart Signed-off-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200703153818.2808592-2-kai.vehmanen@linux.intel.com Signed-off-by: Takashi Iwai commit 56275036d8185f92eceac7479d48b858ee3dab84 Author: Kai Vehmanen Date: Fri Jul 3 18:38:17 2020 +0300 ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later When HDMI PCM devices are opened in a specific order, with at least one HDMI/DP receiver connected, ALSA PCM open fails to -EBUSY on the connected monitor, on recent Intel platforms (ICL/JSL and newer). While this is not a typical sequence, at least Pulseaudio does this every time when it is started, to discover the available PCMs. The rootcause is an invalid assumption in hdmi_add_pin(), where the total number of converters is assumed to be known at the time the function is called. On older Intel platforms this held true, but after ICL/JSL, the order how pins and converters are in the subnode list as returned by snd_hda_get_sub_nodes(), was changed. As a result, information for some converters was not stored to per_pin->mux_nids. And this means some pins cannot be connected to all converters, and application instead gets -EBUSY instead at open. The assumption that converters are always before pins in the subnode list, is not really a valid one. Fix the problem in hdmi_parse_codec() by introducing separate loops for discovering converters and pins. BugLink: https://github.com/thesofproject/linux/issues/1978 BugLink: https://github.com/thesofproject/linux/issues/2216 BugLink: https://github.com/thesofproject/linux/issues/2217 Reviewed-by: Ranjani Sridharan Reviewed-by: Pierre-Louis Bossart Signed-off-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200703153818.2808592-1-kai.vehmanen@linux.intel.com Signed-off-by: Takashi Iwai commit ad155712bb1ea2151944cf06a0e08c315c70c1e3 Author: xidongwang Date: Sun Jul 5 20:27:38 2020 -0700 ALSA: opl3: fix infoleak in opl3 The stack object “info” in snd_opl3_ioctl() has a leaking problem. It has 2 padding bytes which are not initialized and leaked via “copy_to_user”. Signed-off-by: xidongwang Cc: Link: https://lore.kernel.org/r/1594006058-30362-1-git-send-email-wangxidong_97@163.com Signed-off-by: Takashi Iwai commit 17175d1a27c618e214555b91eca8a0be4cf07f45 Author: Sabrina Dubroca Date: Fri Jul 3 16:57:09 2020 +0200 xfrm: esp6: fix encapsulation header offset computation In commit 0146dca70b87, I incorrectly adapted the code that computes the location of the UDP or TCP encapsulation header from IPv4 to IPv6. In esp6_input_done2, skb->transport_header points to the ESP header, so by adding skb_network_header_len, uh and th will point to the ESP header, not the encapsulation header that's in front of it. Since the TCP header's size can change with options, we have to start from the IPv6 header and walk past possible extensions. Fixes: 0146dca70b87 ("xfrm: add support for UDPv6 encapsulation of ESP") Fixes: 26333c37fc28 ("xfrm: add IPv6 support for espintcp") Reported-by: Tobias Brunner Tested-by: Tobias Brunner Signed-off-by: Sabrina Dubroca Signed-off-by: Steffen Klassert commit 736bb11898ef748da1d805f40d485b66ceac9a3c Author: H. Nikolaus Schaller Date: Wed Jul 1 08:18:27 2020 +0200 modpost: remove use of non-standard strsep() in HOSTCC code strsep() is neither standard C nor POSIX and used outside the kernel code here. Using it here requires that the build host supports it out of the box which is e.g. not true for a Darwin build host and using a cross-compiler. This leads to: scripts/mod/modpost.c:145:2: warning: implicit declaration of function 'strsep' [-Wimplicit-function-declaration] return strsep(stringp, "\n"); ^ and a segfault when running MODPOST. See also: https://stackoverflow.com/a/7219504 So let's replace this by strchr() instead of using strsep(). It does not hurt kernel size or speed since this code is run on the build host. Fixes: ac5100f5432967 ("modpost: add read_text_file() and get_line() helpers") Co-developed-by: Masahiro Yamada Signed-off-by: H. Nikolaus Schaller Signed-off-by: Masahiro Yamada commit 786a2aa281f4c4ba424ea8b8ea1e85ab62c4a57c Author: Jarkko Sakkinen Date: Mon Jul 6 23:53:42 2020 +0300 Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") Removing IFX0102 from tpm_tis was not a right move because both tpm_tis and tpm_infineon use the same device ID. Revert the commit and add a remark about a bug caused by commit 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter"). Fixes: e918e570415c ("tpm_tis: Remove the HID IFX0102") Reported-by: Peter Huewe Reviewed-by: Jerry Snitselaar Signed-off-by: Jarkko Sakkinen commit 93b9de223c0135db495c25334e66cb669bef13e2 Author: Dmitry Torokhov Date: Mon Jul 6 17:47:35 2020 -0700 Revert "Input: elants_i2c - report resolution information for touch major" This reverts commit 061706716384f1633d3d5090b22a99f33f1fcf2f - it turns out that the resolution of 1 unit per mm was not correct for a number of touch screens, causing touch sizes to be reported as way too large. See https://crbug.com/1085648 Reported-by: Harry Cutts Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov commit 966334dfc472bdfa67bed864842943b19755d192 Author: Derek Basehore Date: Mon Jul 6 17:39:41 2020 -0700 Input: elan_i2c - only increment wakeup count on touch This moves the wakeup increment for elan devices to the touch report. This prevents the drivers from incorrectly reporting a wakeup when the resume callback resets then device, which causes an interrupt to occur. Signed-off-by: Derek Basehore Link: https://lore.kernel.org/r/20200706235046.1984283-1-dbasehore@chromium.org Signed-off-by: Dmitry Torokhov commit dcb00fc799dc03fd320e123e4c81b3278c763ea5 Author: Ilya Katsnelson Date: Mon Jul 6 15:27:43 2020 -0700 Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen Tested on my own laptop, touchpad feels slightly more responsive with this on, though it might just be placebo. Signed-off-by: Ilya Katsnelson Reviewed-by: Lyude Paul Link: https://lore.kernel.org/r/20200703143457.132373-1-me@0upti.me Signed-off-by: Dmitry Torokhov commit cf1976b11372cac3b57fbae1831f66a4486355d3 Author: Chris Wilson Date: Thu Jul 2 22:10:15 2020 +0100 drm/i915: Also drop vm.ref along error paths for vma construction Not only do we need to release the vm.ref we acquired for the vma on the duplicate insert branch, but also for the normal error paths, so roll them all into one. Reported-by: Andi Shyti Suggested-by: Andi Shyti Fixes: 2850748ef876 ("drm/i915: Pull i915_vma_pin under the vm->mutex") Signed-off-by: Chris Wilson Cc: Andi Shyti Cc: # v5.5+ Reviewed-by: Andi Shyti Link: https://patchwork.freedesktop.org/patch/msgid/20200702211015.29604-1-chris@chris-wilson.co.uk (cherry picked from commit 03fca66b7a36b52da8915341eee388267f6d5b73) Signed-off-by: Rodrigo Vivi commit 42723673a193d5f8e30dba6ea9826d42262a502b Author: Chris Wilson Date: Thu Jul 2 09:32:03 2020 +0100 drm/i915: Drop vm.ref for duplicate vma on construction As we allow for parallel threads to create the same vma instance concurrently, and we only filter out the duplicates upon reacquiring the spinlock for the rbtree, we have to free the loser of the constructors' race. When freeing, we should also drop any resource references acquired for the redundant vma. Fixes: 2850748ef876 ("drm/i915: Pull i915_vma_pin under the vm->mutex") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: # v5.5+ Reviewed-by: Tvrtko Ursulin Link: https://patchwork.freedesktop.org/patch/msgid/20200702083225.20044-1-chris@chris-wilson.co.uk (cherry picked from commit 2377427cdd2b7514eb4c40241cf5c4dec63c1bec) Signed-off-by: Rodrigo Vivi commit 9eb0463cfe65d826c97fa26b904a64f52c94300d Author: Ville Syrjälä Date: Wed Apr 29 13:10:25 2020 +0300 drm/i915/fbc: Fix fence_y_offset handling The current fence_y_offset calculation is broken. I think it more or less used to do the right thing, but then I changed the plane code to put the final x/y source offsets back into the src rectangle so now it's just subtraacting the same value from itself. The code would never have worked if we allowed the framebuffer to have a non-zero offset. Let's do this in a better way by just calculating the fence_y_offset from the final plane surface offset. Note that we don't align the plane surface address to fence rows so with horizontal panning there's often a horizontal offset from the fence start to the surface address as well. We have no way to tell the hardware about that so we just ignore it. Based on some quick tests the invlidation still happens correctly. I presume due to the invalidation nuking at least the full line (or a segment of multiple lines). Fixes: 54d4d719fa11 ("drm/i915: Overcome display engine stride limits via GTT remapping") Signed-off-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20200429101034.8208-4-ville.syrjala@linux.intel.com Reviewed-by: Matt Roper (cherry picked from commit 5331889b5ffb11d6257953e418291a9f04c02bed) Signed-off-by: Rodrigo Vivi commit 7dfbf8a07cf8c936b0d6cc810df6ae7923954d5b Author: Chris Wilson Date: Tue Jun 30 16:27:24 2020 +0100 drm/i915: Skip stale object handle for debugfs per-file-stats As we close a handle GEM object, we update the drm_file's idr with an error^W NULL pointer to indicate the in-progress closure, and finally removing it. If we read the idr directly, we may then see an invalid object pointer, and in our debugfs per_file_stats() we therefore need to protect against the entry being invalid. [ 1016.651637] RIP: 0010:per_file_stats+0xe/0x16e [ 1016.651646] Code: d2 41 0f b6 8e 69 8c 00 00 48 89 df 48 c7 c6 7b 74 8c be 31 c0 e8 0c 89 cf ff eb d2 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 <8b> 06 85 c0 0f 84 4d 01 00 00 49 89 d6 48 89 f3 3d ff ff ff 7f 73 [ 1016.651651] RSP: 0018:ffffad3a01337ba0 EFLAGS: 00010293 [ 1016.651656] RAX: 0000000000000018 RBX: ffff96fe040d65e0 RCX: 0000000000000002 [ 1016.651660] RDX: ffffad3a01337c50 RSI: 0000000000000000 RDI: 00000000000001e8 [ 1016.651663] RBP: ffffad3a01337bb8 R08: 0000000000000000 R09: 00000000000001c0 [ 1016.651667] R10: 0000000000000000 R11: ffffffffbdbe5fce R12: 0000000000000000 [ 1016.651671] R13: ffffffffbdbe5fce R14: ffffad3a01337c50 R15: 0000000000000001 [ 1016.651676] FS: 00007a597e2d7480(0000) GS:ffff96ff3bb00000(0000) knlGS:0000000000000000 [ 1016.651680] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1016.651683] CR2: 0000000000000000 CR3: 0000000171fc2001 CR4: 00000000003606e0 [ 1016.651687] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1016.651690] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1016.651693] Call Trace: [ 1016.651693] Call Trace: [ 1016.651703] idr_for_each+0x8a/0xe8 [ 1016.651711] i915_gem_object_info+0x2a3/0x3eb [ 1016.651720] seq_read+0x162/0x3ca [ 1016.651727] full_proxy_read+0x5b/0x8d [ 1016.651733] __vfs_read+0x45/0x1bb [ 1016.651741] vfs_read+0xc9/0x15e [ 1016.651746] ksys_read+0x7e/0xde [ 1016.651752] do_syscall_64+0x54/0x68 [ 1016.651758] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reported-by: Guenter Roeck Fixes: a8c15954d64a ("drm/i915: Protect debugfs per_file_stats with RCU lock") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: Guenter Roeck Cc: stable@vger.kernel.org Reviewed-by: Mika Kuoppala Link: https://patchwork.freedesktop.org/patch/msgid/20200630152724.3734-1-chris@chris-wilson.co.uk (cherry picked from commit c1b9fd3d310177b31621d5e661f06885869cae12) Signed-off-by: Rodrigo Vivi commit 3c01655ac82eb6d1cc2cfe9507031f1b5e0a6df1 Author: Paolo Bonzini Date: Mon Jun 22 20:07:37 2020 -0400 kselftest: ksft_test_num return type should be unsigned Fixes a compiler warning: In file included from sync_test.c:37: ../kselftest.h: In function ‘ksft_print_cnts’: ../kselftest.h:78:16: warning: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Wsign-compare] if (ksft_plan != ksft_test_num()) ^~ Signed-off-by: Paolo Bonzini Signed-off-by: Shuah Khan commit 34fe5a1cf95c3f114068fc16d919c9cf4b00e428 Author: David Ahern Date: Mon Jul 6 11:45:07 2020 -0600 ipv6: fib6_select_path can not use out path for nexthop objects Brian reported a crash in IPv6 code when using rpfilter with a setup running FRR and external nexthop objects. The root cause of the crash is fib6_select_path setting fib6_nh in the result to NULL because of an improper check for nexthop objects. More specifically, rpfilter invokes ip6_route_lookup with flowi6_oif set causing fib6_select_path to be called with have_oif_match set. fib6_select_path has early check on have_oif_match and jumps to the out label which presumes a builtin fib6_nh. This path is invalid for nexthop objects; for external nexthops fib6_select_path needs to just return if the fib6_nh has already been set in the result otherwise it returns after the call to nexthop_path_fib6_result. Update the check on have_oif_match to not bail on external nexthops. Update selftests for this problem. Fixes: f88d8ea67fbd ("ipv6: Plumb support for nexthop object in a fib6_info") Reported-by: Brian Rak Signed-off-by: David Ahern Signed-off-by: David S. Miller commit 0b78c9e8c19b57bf2081cd432841c7fe3f800633 Author: Pengfei Xu Date: Fri Jun 26 11:40:52 2020 +0800 selftests: tpm: upgrade TPM2 tests from Python 2 to Python 3 Python 2 is no longer supported by the Python upstream project, so upgrade TPM2 tests to Python 3. Fixed minor merge conflicts Shuah Khan Signed-off-by: Pengfei Xu Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Shuah Khan commit bfe91da29bfad9941d5d703d45e29f0812a20724 Merge: 5c82ec00dd00 8038a922cf9a Author: Linus Torvalds Date: Mon Jul 6 12:48:04 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull kvm fixes from Paolo Bonzini: "Bugfixes and a one-liner patch to silence a sparse warning" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART KVM: arm64: PMU: Fix per-CPU access in preemptible context KVM: VMX: Use KVM_POSSIBLE_CR*_GUEST_BITS to initialize guest/host masks KVM: x86: Mark CR4.TSD as being possibly owned by the guest KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode kvm: use more precise cast and do not drop __user KVM: x86: bit 8 of non-leaf PDPEs is not reserved KVM: X86: Fix async pf caused null-ptr-deref KVM: arm64: vgic-v4: Plug race between non-residency and v4.1 doorbell KVM: arm64: pvtime: Ensure task delay accounting is enabled KVM: arm64: Fix kvm_reset_vcpu() return code being incorrect with SVE KVM: arm64: Annotate hyp NMI-related functions as __always_inline KVM: s390: reduce number of IO pins to 1 commit eadede5f936276e93e62834ffbe1550d305e0921 Merge: 2294ca7a47d7 a06656211304 Author: David S. Miller Date: Mon Jul 6 12:33:28 2020 -0700 Merge branch 'hns3-fixes' Huazhong Tan says: ==================== net: hns3: fixes for -net There are some fixes about reset issue and a use-after-free of self-test. ==================== Signed-off-by: David S. Miller commit a06656211304fec653c1931c2ca6d644013b5bbb Author: Yonglong Liu Date: Mon Jul 6 19:26:02 2020 +0800 net: hns3: fix use-after-free when doing self test Enable promisc mode of PF, set VF link state to enable, and run iperf of the VF, then do self test of the PF. The self test will fail with a low frequency, and may cause a use-after-free problem. [ 87.142126] selftest:000004a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 87.159722] ================================================================== [ 87.174187] BUG: KASAN: use-after-free in hex_dump_to_buffer+0x140/0x608 [ 87.187600] Read of size 1 at addr ffff003b22828000 by task ethtool/1186 [ 87.201012] [ 87.203978] CPU: 7 PID: 1186 Comm: ethtool Not tainted 5.5.0-rc4-gfd51c473-dirty #4 [ 87.219306] Hardware name: Huawei TaiShan 2280 V2/BC82AMDA, BIOS TA BIOS 2280-A CS V2.B160.01 01/15/2020 [ 87.238292] Call trace: [ 87.243173] dump_backtrace+0x0/0x280 [ 87.250491] show_stack+0x24/0x30 [ 87.257114] dump_stack+0xe8/0x140 [ 87.263911] print_address_description.isra.8+0x70/0x380 [ 87.274538] __kasan_report+0x12c/0x230 [ 87.282203] kasan_report+0xc/0x18 [ 87.288999] __asan_load1+0x60/0x68 [ 87.295969] hex_dump_to_buffer+0x140/0x608 [ 87.304332] print_hex_dump+0x140/0x1e0 [ 87.312000] hns3_lb_check_skb_data+0x168/0x170 [ 87.321060] hns3_clean_rx_ring+0xa94/0xfe0 [ 87.329422] hns3_self_test+0x708/0x8c0 The length of packet sent by the selftest process is only 128 + 14 bytes, and the min buffer size of a BD is 256 bytes, and the receive process will make sure the packet sent by the selftest process is in the linear part, so only check the linear part in hns3_lb_check_skb_data(). So fix this use-after-free by using skb_headlen() to dump skb->data instead of skb->len. Fixes: c39c4d98dc65 ("net: hns3: Add mac loopback selftest support in hns3 driver") Signed-off-by: Yonglong Liu Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit e22b5e728bbb179b912d3a3cd5c25894a89a26a2 Author: Huazhong Tan Date: Mon Jul 6 19:26:01 2020 +0800 net: hns3: add a missing uninit debugfs when unload driver When unloading driver, if flag HNS3_NIC_STATE_INITED has been already cleared, the debugfs will not be uninitialized, so fix it. Fixes: b2292360bb2a ("net: hns3: Add debugfs framework registration") Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit cddd5648926d7a6e84526dadd8bfb21609a14fb7 Author: Huazhong Tan Date: Mon Jul 6 19:26:00 2020 +0800 net: hns3: fix for mishandle of asserting VF reset fail When asserts VF reset fail, flag HCLGEVF_STATE_CMD_DISABLE and handshake status should not set, otherwise the retry will fail. So adds a check for asserting VF reset and returns directly when fails. Fixes: ef5f8e507ec9 ("net: hns3: stop handling command queue while resetting VF") Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit bb3d866882c280a85e8950d4d72af1e294d2e69c Author: Huazhong Tan Date: Mon Jul 6 19:25:59 2020 +0800 net: hns3: check reset pending after FLR prepare If there is a PF reset pending before FLR prepare, FLR's preparatory work will not fail, but the FLR rebuild procedure will fail for this pending. So this PF reset pending should be handled in the FLR preparatory. Fixes: 8627bdedc435 ("net: hns3: refactor the precedure of PF FLR") Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit 2294ca7a47d7094706450d641b243fa3a61843a3 Merge: 9dc829a135fb 3ed58f96a70b Author: David S. Miller Date: Mon Jul 6 12:22:24 2020 -0700 Merge branch 'smsc95xx-fix-smsc95xx_bind' Andre Edich says: ==================== smsc95xx: fix smsc95xx_bind The patchset fixes two problems in the function smsc95xx_bind: - return of false success - memory leak Changes in v2: - added "Fixes" tags to both patches ==================== Signed-off-by: David S. Miller commit 3ed58f96a70b85ef646d5427258f677f1395b62f Author: Andre Edich Date: Mon Jul 6 10:39:35 2020 +0200 smsc95xx: avoid memory leak in smsc95xx_bind In a case where the ID_REV register read is failed, the memory for a private data structure has to be freed before returning error from the function smsc95xx_bind. Fixes: bbd9f9ee69242 ("smsc95xx: add wol support for more frame types") Signed-off-by: Andre Edich Signed-off-by: Parthiban Veerasooran Signed-off-by: David S. Miller commit 7c8b1e855f94f88a0c569be6309fc8d5c8844cd1 Author: Andre Edich Date: Mon Jul 6 10:39:34 2020 +0200 smsc95xx: check return value of smsc95xx_reset The return value of the function smsc95xx_reset() must be checked to avoid returning false success from the function smsc95xx_bind(). Fixes: 2f7ca802bdae2 ("net: Add SMSC LAN9500 USB2.0 10/100 ethernet adapter driver") Signed-off-by: Andre Edich Signed-off-by: Parthiban Veerasooran Signed-off-by: David S. Miller commit 9dc829a135fb5927f1519de11286e2bbb79f5b66 Author: Xie He Date: Sun Jul 5 17:45:21 2020 -0700 drivers/net/wan/lapbether: Fixed the value of hard_header_len When this driver transmits data, first this driver will remove a pseudo header of 1 byte, then the lapb module will prepend the LAPB header of 2 or 3 bytes, then this driver will prepend a length field of 2 bytes, then the underlying Ethernet device will prepend its own header. So, the header length required should be: -1 + 3 + 2 + "the header length needed by the underlying device". This patch fixes kernel panic when this driver is used with AF_PACKET SOCK_DGRAM sockets. Signed-off-by: Xie He Signed-off-by: David S. Miller commit 5c82ec00dd00c7a2b02d4b42cf59ae87592cb75f Merge: dcb7fd82c75e 075ebfe19fa3 Author: Linus Torvalds Date: Mon Jul 6 10:16:16 2020 -0700 Merge tag 's390-5.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Heiko Carstens: - Initialize jump labels before early command line parsing in order to make init_on_alloc and init_on_free options work - Fix vfio-ccw build error due to missing include - Prevent callchain data collection with hardware sampling, since the callchains simply do not exist - Prevent multiple registrations of the same zPCI function - Update defconfigs * tag 's390-5.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: vfio-ccw: Fix a build error due to missing include of linux/slab.h s390: update defconfigs s390/cpum_sf: prohibit callchain data collection s390/setup: init jump labels before command line parsing s390/maccess: add no DAT mode to kernel_write s390/pci: fix enabling a reserved PCI function commit 8038a922cf9af5266eaff29ce996a0d1b788fc0d Merge: fa71e9527f6a b9e10d4a6c9f Author: Paolo Bonzini Date: Mon Jul 6 13:05:38 2020 -0400 Merge tag 'kvmarm-fixes-5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into kvm-master KVM/arm fixes for 5.8, take #3 - Disable preemption on context-switching PMU EL0 state happening on system register trap - Don't clobber X0 when tearing down KVM via a soft reset (kexec) commit ed7815db70d17b1741883f2da8e1d80bc2efe517 Author: Marc Kleine-Budde Date: Mon Jul 6 16:34:34 2020 +0200 spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate A SPI transfer defines the _maximum_ speed of the SPI transfer. However the driver doesn't take into account that the clock divider is always rounded down (due to integer arithmetics). This results in a too high clock rate for the SPI transfer. E.g.: with a mclk_rate of 24 MHz and a SPI transfer speed of 10 MHz, the original code calculates a reg of "0", which results in a effective divider of "2" and a 12 MHz clock for the SPI transfer. This patch fixes the issue by using DIV_ROUND_UP() instead of a plain integer division. While there simplify the divider calculation for the CDR1 case, use order_base_2() instead of two ilog2() calculations. Fixes: 3558fe900e8a ("spi: sunxi: Add Allwinner A31 SPI controller driver") Signed-off-by: Marc Kleine-Budde Acked-by: Maxime Ripard Link: https://lore.kernel.org/r/20200706143443.9855-2-mkl@pengutronix.de Signed-off-by: Mark Brown commit 68d237056e007c88031d80900cdba0945121a287 Author: Marek Szyprowski Date: Tue Jun 30 10:16:02 2020 +0200 scatterlist: protect parameters of the sg_table related macros Add brackets to protect parameters of the recently added sg_table related macros from side-effects. Fixes: 709d6d73c756 ("scatterlist: add generic wrappers for iterating over sgtable objects") Signed-off-by: Marek Szyprowski Signed-off-by: Christoph Hellwig commit 65752aef0a407e1ef17ec78a7fc31ba4e0b360f9 Author: Yufen Yu Date: Fri Jul 3 02:13:23 2020 -0400 docs: block: update and fix tiny error for bfq The max value of blkio.bfq.weight is 1000, rather than 10000. And 'weights' have been remove from /sys/block/XXX/queue/iosched. Signed-off-by: Yufen Yu Acked-by: Paolo Valente Signed-off-by: Jens Axboe commit f8884711f78fa946041cf04492e218c377479a9c Author: Manivannan Sadhasivam Date: Sun Jun 21 08:23:30 2020 +0530 mmc: owl-mmc: Get rid of of_match_ptr() macro Remove the 'of_match_ptr()' macro to fix the warning when CONFIG_OF is not selected. drivers/mmc/host/owl-mmc.c:677:34: warning: unused variable 'owl_mmc_of_match' [-Wunused-const-variable] Reported-by: kernel test robot Signed-off-by: Manivannan Sadhasivam Link: https://lore.kernel.org/r/20200621025330.10561-1-mani@kernel.org Fixes: ff65ffe46d28 ("mmc: Add Actions Semi Owl SoCs SD/MMC driver") Cc: stable@vger.kernel.org Signed-off-by: Ulf Hansson commit 92025b90f18d45e26b7f17d68756b1abd771b9d3 Author: Maxime Ripard Date: Sat Jul 4 15:08:29 2020 +0200 ARM: dts sunxi: Relax a bit the CMA pool allocation range The hardware codec on the A10, A10s, A13 and A20 needs buffer in the first 256MB of RAM. This was solved by setting the CMA pool at a fixed address in that range. However, in recent kernels there's something else that comes in and reserve some range that end up conflicting with our default pool requirement, and thus makes its reservation fail. The video codec will then use buffers from the usual default pool, outside of the range it can access, and will fail to decode anything. Since we're only concerned about that 256MB, we can however relax the allocation to just specify the range that's allowed, and not try to enforce a specific address. Fixes: 5949bc5602cc ("ARM: dts: sun4i-a10: Add Video Engine and reserved memory nodes") Fixes: 960432010156 ("ARM: dts: sun5i: Add Video Engine and reserved memory nodes") Fixes: c2a641a74850 ("ARM: dts: sun7i-a20: Add Video Engine and reserved memory nodes") Signed-off-by: Maxime Ripard Acked-by: Chen-Yu Tsai Link: https://lore.kernel.org/r/20200704130829.34297-1-maxime@cerno.tech commit bee9ca1c8a237ca178f281062bf162637071ab04 Author: Arnaldo Carvalho de Melo Date: Fri Jul 3 09:29:57 2020 -0300 perf report TUI: Remove needless 'dummy' event from menu Fixing the common case of: perf record perf report And getting just the cycles events. We now have a 'dummy' event to get perf metadata events that take place while we synthesize metadata records for pre-existing processes by traversing procfs, so we always have this extra 'dummy' evsel, but we don't have to offer it as there will be no samples on it, remove this distraction. Cc: Adrian Hunter Cc: Ian Rogers Cc: Jiri Olsa Cc: Namhyung Kim Link: https://lore.kernel.org/lkml/20200706115452.GA2772@redhat.com/ Signed-off-by: Arnaldo Carvalho de Melo commit 4c95ad261cfac120dd66238fcae222766754c219 Author: Adrian Hunter Date: Tue Jun 30 16:39:35 2020 +0300 perf intel-pt: Fix PEBS sample for XMM registers The condition to add XMM registers was missing, the regs array needed to be in the outer scope, and the size of the regs array was too small. Fixes: 143d34a6b387b ("perf intel-pt: Add XMM registers to synthesized PEBS sample") Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Luwei Kang Link: http://lore.kernel.org/lkml/20200630133935.11150-4-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit add07ccd9222ba0944df2a6d39c6e38de90cd0c5 Author: Adrian Hunter Date: Tue Jun 30 16:39:34 2020 +0300 perf intel-pt: Fix displaying PEBS-via-PT with registers After recording PEBS-via-PT, perf script will not accept 'iregs' field e.g. # perf record -c 10000 -e '{intel_pt/branch=0/,branch-loads/aux-output/ppp}' -I -- ls -l ... [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.062 MB perf.data ] # ./perf script --itrace=eop -F+iregs Samples for 'dummy:u' event do not have IREGS attribute set. Cannot print 'iregs' field. Fix by using allow_user_set, which is true when recording AUX area data. Fixes: 9e64cefe4335b ("perf intel-pt: Process options for PEBS event synthesis") Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Luwei Kang Link: http://lore.kernel.org/lkml/20200630133935.11150-3-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 75bcb8776dc987538f267ba4ba05ca43fc2b1676 Author: Adrian Hunter Date: Tue Jun 30 16:39:33 2020 +0300 perf intel-pt: Fix recording PEBS-via-PT with registers When recording PEBS-via-PT, the kernel will not accept the intel_pt event with register sampling e.g. # perf record --kcore -c 10000 -e '{intel_pt/branch=0/,branch-loads/aux-output/ppp}' -I -- ls -l Error: intel_pt/branch=0/: PMU Hardware doesn't support sampling/overflow-interrupts. Try 'perf stat' Fix by suppressing register sampling on the intel_pt evsel. Committer notes: Adrian informed that this is only available from Tremont onwards, so on older processors the error continues the same as before. Fixes: 9e64cefe4335b ("perf intel-pt: Process options for PEBS event synthesis") Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Luwei Kang Link: http://lore.kernel.org/lkml/20200630133935.11150-2-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit d61cbb859b45fdb6b4997f2d51834fae41af0e94 Author: Wei Li Date: Fri Jun 12 17:43:22 2020 +0800 perf report TUI: Fix segmentation fault in perf_evsel__hists_browse() The segmentation fault can be reproduced as following steps: 1) Executing perf report in tui. 2) Typing '/xxxxx' to filter the symbol to get nothing matched. 3) Pressing enter with no entry selected. Then it will report a segmentation fault. It is caused by the lack of check of browser->he_selection when accessing it's member res_samples in perf_evsel__hists_browse(). These processes are meaningful for specified samples, so we can skip these when nothing is selected. Fixes: 4968ac8fb7c3 ("perf report: Implement browsing of individual samples") Signed-off-by: Wei Li Acked-by: Jiri Olsa Acked-by: Namhyung Kim Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: Andi Kleen Cc: Hanjun Guo Cc: Jin Yao Cc: Mark Rutland Link: http://lore.kernel.org/lkml/20200612094322.39565-1-liwei391@huawei.com Signed-off-by: Arnaldo Carvalho de Melo commit b9e10d4a6c9f5cbe6369ce2c17ebc67d2e5a4be5 Author: Andrew Scull Date: Mon Jul 6 10:52:59 2020 +0100 KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART HVC_SOFT_RESTART is given values for x0-2 that it should installed before exiting to the new address so should not set x0 to stub HVC success or failure code. Fixes: af42f20480bf1 ("arm64: hyp-stub: Zero x0 on successful stub handling") Cc: stable@vger.kernel.org Signed-off-by: Andrew Scull Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20200706095259.1338221-1-ascull@google.com commit 146f76cc84b787c4eec6ed73ebeec708a06e4ae4 Author: Marc Zyngier Date: Sat Jul 4 13:30:55 2020 +0100 KVM: arm64: PMU: Fix per-CPU access in preemptible context Commit 07da1ffaa137 ("KVM: arm64: Remove host_cpu_context member from vcpu structure") has, by removing the host CPU context pointer, exposed that kvm_vcpu_pmu_restore_guest is called in preemptible contexts: [ 266.932442] BUG: using smp_processor_id() in preemptible [00000000] code: qemu-system-aar/779 [ 266.939721] caller is debug_smp_processor_id+0x20/0x30 [ 266.944157] CPU: 2 PID: 779 Comm: qemu-system-aar Tainted: G E 5.8.0-rc3-00015-g8d4aa58b2fe3 #1374 [ 266.954268] Hardware name: amlogic w400/w400, BIOS 2020.04 05/22/2020 [ 266.960640] Call trace: [ 266.963064] dump_backtrace+0x0/0x1e0 [ 266.966679] show_stack+0x20/0x30 [ 266.969959] dump_stack+0xe4/0x154 [ 266.973338] check_preemption_disabled+0xf8/0x108 [ 266.977978] debug_smp_processor_id+0x20/0x30 [ 266.982307] kvm_vcpu_pmu_restore_guest+0x2c/0x68 [ 266.986949] access_pmcr+0xf8/0x128 [ 266.990399] perform_access+0x8c/0x250 [ 266.994108] kvm_handle_sys_reg+0x10c/0x2f8 [ 266.998247] handle_exit+0x78/0x200 [ 267.001697] kvm_arch_vcpu_ioctl_run+0x2ac/0xab8 Note that the bug was always there, it is only the switch to using percpu accessors that made it obvious. The fix is to wrap these accesses in a preempt-disabled section, so that we sample a coherent context on trap from the guest. Fixes: 435e53fb5e21 ("arm64: KVM: Enable VHE support for :G/:H perf event modifiers") Cc:: Andrew Murray Signed-off-by: Marc Zyngier commit 87730ccbddcb48478b1b88e88b14e73424130764 Author: Leonid Ravich Date: Wed Jul 1 21:48:12 2020 +0300 dmaengine: ioat setting ioat timeout as module parameter DMA transaction time to completion is a function of PCI bandwidth, transaction size and a queue depth. So hard coded value for timeouts might be wrong for some scenarios. Signed-off-by: Leonid Ravich Reviewed-by: Dave Jiang Link: https://lore.kernel.org/r/20200701184816.29138-1-leonid.ravich@dell.com Signed-off-by: Vinod Koul commit 8678c71c17721e0f771f135967ef0cce8f69ce9a Author: Angelo Dureghello Date: Thu Jul 2 00:52:05 2020 +0200 dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu Due to recent fixes in m68k arch-specific I/O accessor macros, this driver is not working anymore for ColdFire. Fix wrong tcd endianness removing additional swaps, since edma_writex() functions should already take care of any eventual swap if needed. Note, i could only test the change in ColdFire mcf54415 and Vybrid vf50 / Colibri where i don't see any issue. So, every feedback and test for all other SoCs involved is really appreciated. Signed-off-by: Angelo Dureghello Reported-by: kbuild test robot Link: https://lore.kernel.org/r/20200701225205.1674463-1-angelo.dureghello@timesys.com Signed-off-by: Vinod Koul commit fd17d1abce426b4224a916a242b57be94272771b Author: Peter Ujfalusi Date: Wed Jul 1 13:12:25 2020 +0300 dmaengine: dmatest: stop completed threads when running without set channel The completed threads were not cleared and consequent run would result threads accumulating: echo 800000 > /sys/module/dmatest/parameters/test_buf_size echo 2000 > /sys/module/dmatest/parameters/timeout echo 50 > /sys/module/dmatest/parameters/iterations echo 1 > /sys/module/dmatest/parameters/max_channels echo "" > /sys/module/dmatest/parameters/channel [ 237.507265] dmatest: Added 1 threads using dma1chan2 echo 1 > /sys/module/dmatest/parameters/run [ 244.713360] dmatest: Started 1 threads using dma1chan2 [ 246.117680] dmatest: dma1chan2-copy0: summary 50 tests, 0 failures 2437.47 iops 977623 KB/s (0) echo 1 > /sys/module/dmatest/parameters/run [ 292.381471] dmatest: No channels configured, continue with any [ 292.389307] dmatest: Added 1 threads using dma1chan3 [ 292.394302] dmatest: Started 1 threads using dma1chan2 [ 292.399454] dmatest: Started 1 threads using dma1chan3 [ 293.800835] dmatest: dma1chan3-copy0: summary 50 tests, 0 failures 2624.53 iops 975014 KB/s (0) echo 1 > /sys/module/dmatest/parameters/run [ 307.301429] dmatest: No channels configured, continue with any [ 307.309212] dmatest: Added 1 threads using dma1chan4 [ 307.314197] dmatest: Started 1 threads using dma1chan2 [ 307.319343] dmatest: Started 1 threads using dma1chan3 [ 307.324492] dmatest: Started 1 threads using dma1chan4 [ 308.730773] dmatest: dma1chan4-copy0: summary 50 tests, 0 failures 2390.28 iops 965436 KB/s (0) Fixes: 6b41030fdc79 ("dmaengine: dmatest: Restore default for channel") Reported-by: Grygorii Strashko Signed-off-by: Peter Ujfalusi Link: https://lore.kernel.org/r/20200701101225.8607-1-peter.ujfalusi@ti.com Signed-off-by: Vinod Koul commit e142087b15960a4e1e5932942e5abae1f49d2318 Author: Robin Gong Date: Tue Jun 30 00:59:58 2020 +0800 dmaengine: fsl-edma-common: correct DSIZE_32BYTE Correct EDMA_TCD_ATTR_DSIZE_32BYTE define since it's broken by the below: '0x0005 --> BIT(3) | BIT(0))' Fixes: 4d6d3a90e4ac ("dmaengine: fsl-edma: fix macros") Signed-off-by: Robin Gong Tested-by: Angelo Dureghello Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/1593449998-32091-1-git-send-email-yibin.gong@nxp.com Signed-off-by: Vinod Koul commit 99ba8b9b0d9780e9937eb1d488d120e9e5c2533d Author: Andy Shevchenko Date: Sun Jul 5 14:56:20 2020 +0300 dmaengine: dw: Initialize channel before each transfer In some cases DMA can be used only with a consumer which does runtime power management and on the platforms, that have DMA auto power gating logic (see comments in the drivers/acpi/acpi_lpss.c), may result in DMA losing its context. Simple mitigation of this issue is to initialize channel each time the consumer initiates a transfer. Fixes: cfdf5b6cc598 ("dw_dmac: add support for Lynxpoint DMA controllers") Reported-by: Tsuchiya Yuto Signed-off-by: Andy Shevchenko Acked-by: Viresh Kumar BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206403 Link: https://lore.kernel.org/r/20200705115620.51929-1-andriy.shevchenko@linux.intel.com Signed-off-by: Vinod Koul commit bc4071aafcf4d0535ee423b69167696d6c03207d Author: Evgeny Novikov Date: Fri Jul 3 14:15:18 2020 +0300 hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow aspeed_create_fan() reads a pwm_port value using of_property_read_u32(). If pwm_port will be more than ARRAY_SIZE(pwm_port_params), there will be a buffer overflow in aspeed_create_pwm_port()->aspeed_set_pwm_port_enable(). The patch fixes the potential buffer overflow. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Evgeny Novikov Link: https://lore.kernel.org/r/20200703111518.9644-1-novikov@ispras.ru Signed-off-by: Guenter Roeck commit dcb7fd82c75ee2d6e6f9d8cc71c52519ed52e258 Author: Linus Torvalds Date: Sun Jul 5 16:20:22 2020 -0700 Linux 5.8-rc4 commit bb5a93aaf25261321db0c499cde7da6ee9d8b164 Author: Linus Torvalds Date: Sun Jul 5 12:50:20 2020 -0700 x86/ldt: use "pr_info_once()" instead of open-coding it badly Using a mutex for "print this warning only once" is so overdesigned as to be actively offensive to my sensitive stomach. Just use "pr_info_once()" that already does this, although in a (harmlessly) racy manner that can in theory cause the message to be printed twice if more than one CPU races on that "is this the first time" test. [ If somebody really cares about that harmless data race (which sounds very unlikely indeed), that person can trivially fix printk_once() by using a simple atomic access, preferably with an optimistic non-atomic test first before even bothering to treat the pointless "make sure it is _really_ just once" case. A mutex is most definitely never the right primitive to use for something like this. ] Yes, this is a small and meaningless detail in a code path that hardly matters. But let's keep some code quality standards here, and not accept outrageously bad code. Link: https://lore.kernel.org/lkml/CAHk-=wgV9toS7GU3KmNpj8hCS9SeF+A0voHS8F275_mgLhL4Lw@mail.gmail.com/ Cc: Andy Lutomirski Cc: Thomas Gleixner Cc: Peter Zijlstra (Intel) Signed-off-by: Linus Torvalds commit a4c0e91d1d65bc58f928b80ed824e10e165da22c Author: Ingo Molnar Date: Sun Jul 5 21:33:11 2020 +0200 x86/entry/32: Fix XEN_PV build dependency xenpv_exc_nmi() and xenpv_exc_debug() are only defined on 64-bit kernels, but they snuck into the 32-bit build via , causing the link to fail: ld: arch/x86/entry/entry_32.o: in function `asm_xenpv_exc_nmi': (.entry.text+0x817): undefined reference to `xenpv_exc_nmi' ld: arch/x86/entry/entry_32.o: in function `asm_xenpv_exc_debug': (.entry.text+0x827): undefined reference to `xenpv_exc_debug' Only use them on 64-bit kernels. Fixes: f41f0824224e: ("x86/entry/xen: Route #DB correctly on Xen PV") Cc: Andy Lutomirski Cc: Thomas Gleixner Cc: Peter Zijlstra (Intel) Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar commit 72674d480076067d627e708c0a062dd900438bd7 Merge: f23dbe18930b cc801833a171 Author: Linus Torvalds Date: Sun Jul 5 12:23:49 2020 -0700 Merge tag 'x86-urgent-2020-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: "A series of fixes for x86: - Reset MXCSR in kernel_fpu_begin() to prevent using a stale user space value. - Prevent writing MSR_TEST_CTRL on CPUs which are not explicitly whitelisted for split lock detection. Some CPUs which do not support it crash even when the MSR is written to 0 which is the default value. - Fix the XEN PV fallout of the entry code rework - Fix the 32bit fallout of the entry code rework - Add more selftests to ensure that these entry problems don't come back. - Disable 16 bit segments on XEN PV. It's not supported because XEN PV does not implement ESPFIX64" * tag 'x86-urgent-2020-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/ldt: Disable 16-bit segments on Xen PV x86/entry/32: Fix #MC and #DB wiring on x86_32 x86/entry/xen: Route #DB correctly on Xen PV x86/entry, selftests: Further improve user entry sanity checks x86/entry/compat: Clear RAX high bits on Xen PV SYSENTER selftests/x86: Consolidate and fix get/set_eflags() helpers selftests/x86/syscall_nt: Clear weird flags after each test selftests/x86/syscall_nt: Add more flag combinations x86/entry/64/compat: Fix Xen PV SYSENTER frame setup x86/entry: Move SYSENTER's regs->sp and regs->flags fixups into C x86/entry: Assert that syscalls are on the right stack x86/split_lock: Don't write MSR_TEST_CTRL on CPUs that aren't whitelisted x86/fpu: Reset MXCSR to default in kernel_fpu_begin() commit f23dbe18930ba992f5c8c7b31e80f40dd6716081 Merge: 5465a324af6a 98817a84ff1c Author: Linus Torvalds Date: Sun Jul 5 12:22:35 2020 -0700 Merge tag 'irq-urgent-2020-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Thomas Gleixner: "A set of interrupt chip driver fixes: - Ensure the atomicity of affinity updates in the GIC driver - Don't try to sleep in atomic context when waiting for the GICv4.1 to respond. Use polling instead. - Typo fixes in Kconfig and warnings" * tag 'irq-urgent-2020-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/gic: Atomically update affinity irqchip/riscv-intc: Fix a typo in a pr_warn() irqchip/gic-v4.1: Use readx_poll_timeout_atomic() to fix sleep in atomic irqchip/loongson-pci-msi: Fix a typo in Kconfig commit 5465a324af6af2f2debd23a9336650457d6cb0fd Merge: 4bc927367db1 5fdeefa053df Author: Linus Torvalds Date: Sun Jul 5 12:21:28 2020 -0700 Merge tag 'core-urgent-2020-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull rcu fixlet from Thomas Gleixner: "A single fix for a printk format warning in RCU" * tag 'core-urgent-2020-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: rcuperf: Fix printk format warning commit 4bc927367db11d8c5b1e20d05729f1ee748791b9 Merge: 19a61a753d07 ba77dca584f5 Author: Linus Torvalds Date: Sun Jul 5 12:14:24 2020 -0700 Merge tag 'kbuild-fixes-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes frin Masahiro Yamada: - fix various bugs in xconfig - fix some issues in cross-compilation using Clang - fix documentation * tag 'kbuild-fixes-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: .gitignore: Do not track `defconfig` from `make savedefconfig` kbuild: make Clang build userprogs for target architecture kbuild: fix CONFIG_CC_CAN_LINK(_STATIC) for cross-compilation with Clang kconfig: qconf: parse newer types at debug info kconfig: qconf: navigate menus on hyperlinks kconfig: qconf: don't show goback button on splitMode kconfig: qconf: simplify the goBack() logic kconfig: qconf: re-implement setSelected() kconfig: qconf: make debug links work again kconfig: qconf: make search fully work again on split mode kconfig: qconf: cleanup includes docs: kbuild: fix ReST formatting gcc-plugins: fix gcc-plugins directory path in documentation commit 19a61a753d0705fcb41e7aa130351e0a0a54c3bd Merge: 29206c6314a3 311950f8b8d8 Author: Linus Torvalds Date: Sun Jul 5 10:56:44 2020 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Four small fixes in three drivers. The mptfusion one has actually caused user visible issues in certain kernel configurations" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: mptfusion: Don't use GFP_ATOMIC for larger DMA allocations scsi: libfc: Skip additional kref updating work event scsi: libfc: Handling of extra kref scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() commit 29206c6314a3e5242b23b61cd1270cba9e93b415 Merge: 9fbe565cb78d 3197d48a7c04 Author: Linus Torvalds Date: Sun Jul 5 10:45:31 2020 -0700 Merge tag 'block-5.8-2020-07-05' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: - NVMe fixes from Christoph: - Fix crash in multi-path disk add (Christoph) - Fix ignore of identify error (Sagi) - Fix a compiler complaint that a function should be static (Wei) * tag 'block-5.8-2020-07-05' of git://git.kernel.dk/linux-block: block: make function __bio_integrity_free() static nvme: fix a crash in nvme_mpath_add_disk nvme: fix identify error status silent ignore commit 9fbe565cb78d10ca2619ee23eac27262cff45629 Merge: 7783485401e8 b7db41c9e03b Author: Linus Torvalds Date: Sun Jul 5 10:41:33 2020 -0700 Merge tag 'io_uring-5.8-2020-07-05' of git://git.kernel.dk/linux-block Pull io_uring fix from Jens Axboe: "Andres reported a regression with the fix that was merged earlier this week, where his setup of using signals to interrupt io_uring CQ waits no longer worked correctly. Fix this, and also limit our use of TWA_SIGNAL to the case where we need it, and continue using TWA_RESUME for task_work as before. Since the original is marked for 5.7 stable, let's flush this one out early" * tag 'io_uring-5.8-2020-07-05' of git://git.kernel.dk/linux-block: io_uring: fix regression with always ignoring signals in io_cqring_wait() commit 7783485401e802b4802c93cb1b23deb7f0d168a4 Merge: 45a5ac7a5cc3 597911287fcd Author: Linus Torvalds Date: Sun Jul 5 10:35:01 2020 -0700 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "The usual driver fixes and documentation updates" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: mlxcpld: check correct size of maximum RECV_LEN packet i2c: add Kconfig help text for slave mode i2c: slave-eeprom: update documentation i2c: eg20t: Load module automatically if ID matches i2c: designware: platdrv: Set class based on DMI i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 commit 45a5ac7a5cc3c71739d240c422c3818a5bc97fc4 Merge: 9bc0b029a888 5868347a192a Author: Linus Torvalds Date: Sun Jul 5 10:29:32 2020 -0700 Merge tag 'mips_fixes_5.8_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS fixes from Thomas Bogendoerfer: - fix for missing hazard barrier - DT fix for ingenic - DT fix of GPHY names for lantiq - fix usage of smp_processor_id() while preemption is enabled * tag 'mips_fixes_5.8_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: Do not use smp_processor_id() in preemptible code MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen MIPS: ingenic: gcw0: Fix HP detection GPIO. MIPS: lantiq: xway: sysctrl: fix the GPHY clock alias names commit b0536f9826a5ed3328d527b4fc1686867a9f3041 Author: Christophe JAILLET Date: Sun May 17 11:59:53 2020 +0200 iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' If 'ad7780_init_gpios()' fails, we must not release some resources that have not been allocated yet. Return directly instead. Fixes: 5bb30e7daf00 ("staging: iio: ad7780: move regulator to after GPIO init") Fixes: 9085daa4abcc ("staging: iio: ad7780: add gain & filter gpio support") Signed-off-by: Christophe JAILLET Acked-by: Renato Lui Geh Signed-off-by: Jonathan Cameron commit 8db4afe163bbdd93dca6fcefbb831ef12ecc6b4d Author: Jonathan Cameron Date: Sun Jun 7 16:53:57 2020 +0100 iio:pressure:ms5611 Fix buffer element alignment One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses an array of smaller elements on the stack. Here there is no data leak possibility so use an explicit structure on the stack to ensure alignment and nice readable fashion. The forced alignment of ts isn't strictly necessary in this driver as the padding will be correct anyway (there isn't any). However it is probably less fragile to have it there and it acts as documentation of the requirement. Fixes: 713bbb4efb9dc ("iio: pressure: ms5611: Add triggered buffer support") Reported-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron Acked-by: Tomasz Duszynski Cc: commit 5c49056ad9f3c786f7716da2dd47e4488fc6bd25 Author: Jonathan Cameron Date: Sun Jun 7 16:53:53 2020 +0100 iio:humidity:hts221 Fix alignment and data leak issues One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses an array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data. This data is allocated with kzalloc so no data can leak apart from previous readings. Explicit alignment of ts needed to ensure consistent padding on all architectures (particularly x86_32 with it's 4 byte alignment of s64) Fixes: e4a70e3e7d84 ("iio: humidity: add support to hts221 rh/temp combo device") Reported-by: Lars-Peter Clausen Acked-by: Lorenzo Bianconi Signed-off-by: Jonathan Cameron Cc: commit ea5e7a7bb6205d24371373cd80325db1bc15eded Author: Jonathan Cameron Date: Sun Jun 7 16:53:52 2020 +0100 iio:humidity:hdc100x Fix alignment and data leak issues One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses an array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data. This data is allocated with kzalloc so no data can leak apart from previous readings. Fixes: 16bf793f86b2 ("iio: humidity: hdc100x: add triggered buffer support for HDC100X") Reported-by: Lars-Peter Clausen Acked-by: Matt Ranostay Cc: Alison Schofield Signed-off-by: Jonathan Cameron Cc: commit 838e00b13bfd4cac8b24df25bfc58e2eb99bcc70 Author: Jonathan Cameron Date: Sun Jun 7 16:53:49 2020 +0100 iio:magnetometer:ak8974: Fix alignment and data leak issues One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses an array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data. This data is allocated with kzalloc so no data can leak appart from previous readings. Fixes: 7c94a8b2ee8cf ("iio: magn: add a driver for AK8974") Reported-by: Lars-Peter Clausen Reviewed-by: Linus Walleij Signed-off-by: Jonathan Cameron Cc: commit 5868347a192afb99b189d72946ab6a321b6115ac Author: Xingxing Su Date: Fri Jul 3 12:11:58 2020 +0800 MIPS: Do not use smp_processor_id() in preemptible code Use preempt_disable() to fix the following bug under CONFIG_DEBUG_PREEMPT. [ 21.915305] BUG: using smp_processor_id() in preemptible [00000000] code: qemu-system-mip/1056 [ 21.923996] caller is do_ri+0x1d4/0x690 [ 21.927921] CPU: 0 PID: 1056 Comm: qemu-system-mip Not tainted 5.8.0-rc2 #3 [ 21.934913] Stack : 0000000000000001 ffffffff81370000 ffffffff8071cd60 a80f926d5ac95694 [ 21.942984] a80f926d5ac95694 0000000000000000 98000007f0043c88 ffffffff80f2fe40 [ 21.951054] 0000000000000000 0000000000000000 0000000000000001 0000000000000000 [ 21.959123] ffffffff802d60cc 98000007f0043dd8 ffffffff81f4b1e8 ffffffff81f60000 [ 21.967192] ffffffff81f60000 ffffffff80fe0000 ffff000000000000 0000000000000000 [ 21.975261] fffffffff500cce1 0000000000000001 0000000000000002 0000000000000000 [ 21.983331] ffffffff80fe1a40 0000000000000006 ffffffff8077f940 0000000000000000 [ 21.991401] ffffffff81460000 98000007f0040000 98000007f0043c80 000000fffba8cf20 [ 21.999471] ffffffff8071cd60 0000000000000000 0000000000000000 0000000000000000 [ 22.007541] 0000000000000000 0000000000000000 ffffffff80212ab4 a80f926d5ac95694 [ 22.015610] ... [ 22.018086] Call Trace: [ 22.020562] [] show_stack+0xa4/0x138 [ 22.025732] [] dump_stack+0xf0/0x150 [ 22.030903] [] check_preemption_disabled+0xf4/0x100 [ 22.037375] [] do_ri+0x1d4/0x690 [ 22.042198] [] handle_ri_int+0x44/0x5c [ 24.359386] BUG: using smp_processor_id() in preemptible [00000000] code: qemu-system-mip/1072 [ 24.368204] caller is do_ri+0x1a8/0x690 [ 24.372169] CPU: 4 PID: 1072 Comm: qemu-system-mip Not tainted 5.8.0-rc2 #3 [ 24.379170] Stack : 0000000000000001 ffffffff81370000 ffffffff8071cd60 a80f926d5ac95694 [ 24.387246] a80f926d5ac95694 0000000000000000 98001007ef06bc88 ffffffff80f2fe40 [ 24.395318] 0000000000000000 0000000000000000 0000000000000001 0000000000000000 [ 24.403389] ffffffff802d60cc 98001007ef06bdd8 ffffffff81f4b818 ffffffff81f60000 [ 24.411461] ffffffff81f60000 ffffffff80fe0000 ffff000000000000 0000000000000000 [ 24.419533] fffffffff500cce1 0000000000000001 0000000000000002 0000000000000000 [ 24.427603] ffffffff80fe0000 0000000000000006 ffffffff8077f940 0000000000000020 [ 24.435673] ffffffff81460020 98001007ef068000 98001007ef06bc80 000000fffbbbb370 [ 24.443745] ffffffff8071cd60 0000000000000000 0000000000000000 0000000000000000 [ 24.451816] 0000000000000000 0000000000000000 ffffffff80212ab4 a80f926d5ac95694 [ 24.459887] ... [ 24.462367] Call Trace: [ 24.464846] [] show_stack+0xa4/0x138 [ 24.470029] [] dump_stack+0xf0/0x150 [ 24.475208] [] check_preemption_disabled+0xf4/0x100 [ 24.481682] [] do_ri+0x1a8/0x690 [ 24.486509] [] handle_ri_int+0x44/0x5c Signed-off-by: Xingxing Su Signed-off-by: Thomas Bogendoerfer commit fcec538ef8cca0ad0b84432235dccd9059c8e6f8 Author: Hauke Mehrtens Date: Fri Jul 3 00:53:34 2020 +0200 MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen This resolves the hazard between the mtc0 in the change_c0_status() and the mfc0 in configure_exception_vector(). Without resolving this hazard configure_exception_vector() could read an old value and would restore this old value again. This would revert the changes change_c0_status() did. I checked this by printing out the read_c0_status() at the end of per_cpu_trap_init() and the ST0_MX is not set without this patch. The hazard is documented in the MIPS Architecture Reference Manual Vol. III: MIPS32/microMIPS32 Privileged Resource Architecture (MD00088), rev 6.03 table 8.1 which includes: Producer | Consumer | Hazard ----------|----------|---------------------------- mtc0 | mfc0 | any coprocessor 0 register I saw this hazard on an Atheros AR9344 rev 2 SoC with a MIPS 74Kc CPU. There the change_c0_status() function would activate the DSPen by setting ST0_MX in the c0_status register. This was reverted and then the system got a DSP exception when the DSP registers were saved in save_dsp() in the first process switch. The crash looks like this: [ 0.089999] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes, linear) [ 0.097796] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes, linear) [ 0.107070] Kernel panic - not syncing: Unexpected DSP exception [ 0.113470] Rebooting in 1 seconds.. We saw this problem in OpenWrt only on the MIPS 74Kc based Atheros SoCs, not on the 24Kc based SoCs. We only saw it with kernel 5.4 not with kernel 4.19, in addition we had to use GCC 8.4 or 9.X, with GCC 8.3 it did not happen. In the kernel I bisected this problem to commit 9012d011660e ("compiler: allow all arches to enable CONFIG_OPTIMIZE_INLINING"), but when this was reverted it also happened after commit 172dcd935c34b ("MIPS: Always allocate exception vector for MIPSr2+"). Commit 0b24cae4d535 ("MIPS: Add missing EHB in mtc0 -> mfc0 sequence.") does similar changes to a different file. I am not sure if there are more places affected by this problem. Signed-off-by: Hauke Mehrtens Cc: Signed-off-by: Thomas Bogendoerfer commit ba77dca584f5abf30340672bc752fe7912731af5 Author: Paul Menzel Date: Thu Jul 2 13:12:00 2020 +0200 .gitignore: Do not track `defconfig` from `make savedefconfig` Running `make savedefconfig` creates by default `defconfig`, which is, currently, on git’s radar, for example, `git status` lists this file as untracked. So, add the file to `.gitignore`, so it’s ignored by git. Signed-off-by: Paul Menzel Acked-by: Greg Kroah-Hartman Signed-off-by: Masahiro Yamada commit 0f57a1e522f413e87852e632f55de4723e511939 Merge: ccfc9df1352b 2fb2799a2abb Author: David S. Miller Date: Sat Jul 4 18:04:56 2020 -0700 Merge branch 'net-rmnet-fix-interface-leak-for-rmnet-module' Taehee Yoo says: ==================== net: rmnet: fix interface leak for rmnet module There are two problems in rmnet module that they occur the leak of a lower interface. The symptom is the same, which is the leak of a lower interface. But there are two different real problems. This patchset is to fix these real problems. 1. Do not allow to have different two modes. As a lower interface of rmnet, there are two modes that they are VND and BRIDGE. One interface can have only one mode. But in the current rmnet, there is no code to prevent to have two modes in one lower interface. So, interface leak occurs. 2. Do not allow to add multiple bridge interfaces. rmnet can have only two bridge interface. If an additional bridge interface is tried to be attached, rmnet should deny it. But there is no code to do that. So, interface leak occurs. ==================== Signed-off-by: David S. Miller commit 2fb2799a2abb39d7dbb48abb3baa1133bf5e921a Author: Taehee Yoo Date: Thu Jul 2 17:08:55 2020 +0000 net: rmnet: do not allow to add multiple bridge interfaces rmnet can have only two bridge interface. One of them is a link interface and another one is added by the master operation. rmnet interface shouldn't allow adding additional bridge interfaces by mater operation. But, there is no code to deny additional interfaces. So, interface leak occurs. Test commands: ip link add dummy0 type dummy ip link add dummy1 type dummy ip link add dummy2 type dummy ip link add rmnet0 link dummy0 type rmnet mux_id 1 ip link set dummy1 master rmnet0 ip link set dummy2 master rmnet0 ip link del rmnet0 In the above test command, the dummy0 was attached to rmnet as VND mode. Then, dummy1 was attached to rmnet0 as BRIDGE mode. At this point, dummy0 mode is switched from VND to BRIDGE automatically. Then, dummy2 is attached to rmnet as BRIDGE mode. At this point, rmnet0 should deny this operation. But, rmnet0 doesn't deny this. So that below splat occurs when the rmnet0 interface is deleted. Splat looks like: [ 186.684787][ C2] WARNING: CPU: 2 PID: 1009 at net/core/dev.c:8992 rollback_registered_many+0x986/0xcf0 [ 186.684788][ C2] Modules linked in: rmnet dummy openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_x [ 186.684805][ C2] CPU: 2 PID: 1009 Comm: ip Not tainted 5.8.0-rc1+ #621 [ 186.684807][ C2] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 186.684808][ C2] RIP: 0010:rollback_registered_many+0x986/0xcf0 [ 186.684811][ C2] Code: 41 8b 4e cc 45 31 c0 31 d2 4c 89 ee 48 89 df e8 e0 47 ff ff 85 c0 0f 84 cd fc ff ff 5 [ 186.684812][ C2] RSP: 0018:ffff8880cd9472e0 EFLAGS: 00010287 [ 186.684815][ C2] RAX: ffff8880cc56da58 RBX: ffff8880ab21c000 RCX: ffffffff9329d323 [ 186.684816][ C2] RDX: 1ffffffff2be6410 RSI: 0000000000000008 RDI: ffffffff95f32080 [ 186.684818][ C2] RBP: dffffc0000000000 R08: fffffbfff2be6411 R09: fffffbfff2be6411 [ 186.684819][ C2] R10: ffffffff95f32087 R11: 0000000000000001 R12: ffff8880cd947480 [ 186.684820][ C2] R13: ffff8880ab21c0b8 R14: ffff8880cd947400 R15: ffff8880cdf10640 [ 186.684822][ C2] FS: 00007f00843890c0(0000) GS:ffff8880d4e00000(0000) knlGS:0000000000000000 [ 186.684823][ C2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 186.684825][ C2] CR2: 000055b8ab1077b8 CR3: 00000000ab612006 CR4: 00000000000606e0 [ 186.684826][ C2] Call Trace: [ 186.684827][ C2] ? lockdep_hardirqs_on_prepare+0x379/0x540 [ 186.684829][ C2] ? netif_set_real_num_tx_queues+0x780/0x780 [ 186.684830][ C2] ? rmnet_unregister_real_device+0x56/0x90 [rmnet] [ 186.684831][ C2] ? __kasan_slab_free+0x126/0x150 [ 186.684832][ C2] ? kfree+0xdc/0x320 [ 186.684834][ C2] ? rmnet_unregister_real_device+0x56/0x90 [rmnet] [ 186.684835][ C2] unregister_netdevice_many.part.135+0x13/0x1b0 [ 186.684836][ C2] rtnl_delete_link+0xbc/0x100 [ ... ] [ 238.440071][ T1009] unregister_netdevice: waiting for rmnet0 to become free. Usage count = 1 Fixes: 037f9cdf72fb ("net: rmnet: use upper/lower device infrastructure") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit 2a762e9e8cd1cf1242e4269a2244666ed02eecd1 Author: Taehee Yoo Date: Thu Jul 2 17:08:18 2020 +0000 net: rmnet: fix lower interface leak There are two types of the lower interface of rmnet that are VND and BRIDGE. Each lower interface can have only one type either VND or BRIDGE. But, there is a case, which uses both lower interface types. Due to this unexpected behavior, lower interface leak occurs. Test commands: ip link add dummy0 type dummy ip link add dummy1 type dummy ip link add rmnet0 link dummy0 type rmnet mux_id 1 ip link set dummy1 master rmnet0 ip link add rmnet1 link dummy1 type rmnet mux_id 2 ip link del rmnet0 The dummy1 was attached as BRIDGE interface of rmnet0. Then, it also was attached as VND interface of rmnet1. This is unexpected behavior and there is no code for handling this case. So that below splat occurs when the rmnet0 interface is deleted. Splat looks like: [ 53.254112][ C1] WARNING: CPU: 1 PID: 1192 at net/core/dev.c:8992 rollback_registered_many+0x986/0xcf0 [ 53.254117][ C1] Modules linked in: rmnet dummy openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nfx [ 53.254182][ C1] CPU: 1 PID: 1192 Comm: ip Not tainted 5.8.0-rc1+ #620 [ 53.254188][ C1] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 53.254192][ C1] RIP: 0010:rollback_registered_many+0x986/0xcf0 [ 53.254200][ C1] Code: 41 8b 4e cc 45 31 c0 31 d2 4c 89 ee 48 89 df e8 e0 47 ff ff 85 c0 0f 84 cd fc ff ff 0f 0b e5 [ 53.254205][ C1] RSP: 0018:ffff888050a5f2e0 EFLAGS: 00010287 [ 53.254214][ C1] RAX: ffff88805756d658 RBX: ffff88804d99c000 RCX: ffffffff8329d323 [ 53.254219][ C1] RDX: 1ffffffff0be6410 RSI: 0000000000000008 RDI: ffffffff85f32080 [ 53.254223][ C1] RBP: dffffc0000000000 R08: fffffbfff0be6411 R09: fffffbfff0be6411 [ 53.254228][ C1] R10: ffffffff85f32087 R11: 0000000000000001 R12: ffff888050a5f480 [ 53.254233][ C1] R13: ffff88804d99c0b8 R14: ffff888050a5f400 R15: ffff8880548ebe40 [ 53.254238][ C1] FS: 00007f6b86b370c0(0000) GS:ffff88806c200000(0000) knlGS:0000000000000000 [ 53.254243][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.254248][ C1] CR2: 0000562c62438758 CR3: 000000003f600005 CR4: 00000000000606e0 [ 53.254253][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.254257][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.254261][ C1] Call Trace: [ 53.254266][ C1] ? lockdep_hardirqs_on_prepare+0x379/0x540 [ 53.254270][ C1] ? netif_set_real_num_tx_queues+0x780/0x780 [ 53.254275][ C1] ? rmnet_unregister_real_device+0x56/0x90 [rmnet] [ 53.254279][ C1] ? __kasan_slab_free+0x126/0x150 [ 53.254283][ C1] ? kfree+0xdc/0x320 [ 53.254288][ C1] ? rmnet_unregister_real_device+0x56/0x90 [rmnet] [ 53.254293][ C1] unregister_netdevice_many.part.135+0x13/0x1b0 [ 53.254297][ C1] rtnl_delete_link+0xbc/0x100 [ 53.254301][ C1] ? rtnl_af_register+0xc0/0xc0 [ 53.254305][ C1] rtnl_dellink+0x2dc/0x840 [ 53.254309][ C1] ? find_held_lock+0x39/0x1d0 [ 53.254314][ C1] ? valid_fdb_dump_strict+0x620/0x620 [ 53.254318][ C1] ? rtnetlink_rcv_msg+0x457/0x890 [ 53.254322][ C1] ? lock_contended+0xd20/0xd20 [ 53.254326][ C1] rtnetlink_rcv_msg+0x4a8/0x890 [ ... ] [ 73.813696][ T1192] unregister_netdevice: waiting for rmnet0 to become free. Usage count = 1 Fixes: 037f9cdf72fb ("net: rmnet: use upper/lower device infrastructure") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit ccfc9df1352be5b2f391091e18c4b2395d30ce78 Author: Taehee Yoo Date: Thu Jul 2 17:06:19 2020 +0000 hsr: fix interface leak in error path of hsr_dev_finalize() To release hsr(upper) interface, it should release its own lower interfaces first. Then, hsr(upper) interface can be released safely. In the current code of error path of hsr_dev_finalize(), it releases hsr interface before releasing a lower interface. So, a warning occurs, which warns about the leak of lower interfaces. In order to fix this problem, changing the ordering of the error path of hsr_dev_finalize() is needed. Test commands: ip link add dummy0 type dummy ip link add dummy1 type dummy ip link add dummy2 type dummy ip link add hsr0 type hsr slave1 dummy0 slave2 dummy1 ip link add hsr1 type hsr slave1 dummy2 slave2 dummy0 Splat looks like: [ 214.923127][ C2] WARNING: CPU: 2 PID: 1093 at net/core/dev.c:8992 rollback_registered_many+0x986/0xcf0 [ 214.923129][ C2] Modules linked in: hsr dummy openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipx [ 214.923154][ C2] CPU: 2 PID: 1093 Comm: ip Not tainted 5.8.0-rc2+ #623 [ 214.923156][ C2] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 214.923157][ C2] RIP: 0010:rollback_registered_many+0x986/0xcf0 [ 214.923160][ C2] Code: 41 8b 4e cc 45 31 c0 31 d2 4c 89 ee 48 89 df e8 e0 47 ff ff 85 c0 0f 84 cd fc ff ff 5 [ 214.923162][ C2] RSP: 0018:ffff8880c5156f28 EFLAGS: 00010287 [ 214.923165][ C2] RAX: ffff8880d1dad458 RBX: ffff8880bd1b9000 RCX: ffffffffb929d243 [ 214.923167][ C2] RDX: 1ffffffff77e63f0 RSI: 0000000000000008 RDI: ffffffffbbf31f80 [ 214.923168][ C2] RBP: dffffc0000000000 R08: fffffbfff77e63f1 R09: fffffbfff77e63f1 [ 214.923170][ C2] R10: ffffffffbbf31f87 R11: 0000000000000001 R12: ffff8880c51570a0 [ 214.923172][ C2] R13: ffff8880bd1b90b8 R14: ffff8880c5157048 R15: ffff8880d1dacc40 [ 214.923174][ C2] FS: 00007fdd257a20c0(0000) GS:ffff8880da200000(0000) knlGS:0000000000000000 [ 214.923175][ C2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 214.923177][ C2] CR2: 00007ffd78beb038 CR3: 00000000be544005 CR4: 00000000000606e0 [ 214.923179][ C2] Call Trace: [ 214.923180][ C2] ? netif_set_real_num_tx_queues+0x780/0x780 [ 214.923182][ C2] ? dev_validate_mtu+0x140/0x140 [ 214.923183][ C2] ? synchronize_rcu.part.79+0x85/0xd0 [ 214.923185][ C2] ? synchronize_rcu_expedited+0xbb0/0xbb0 [ 214.923187][ C2] rollback_registered+0xc8/0x170 [ 214.923188][ C2] ? rollback_registered_many+0xcf0/0xcf0 [ 214.923190][ C2] unregister_netdevice_queue+0x18b/0x240 [ 214.923191][ C2] hsr_dev_finalize+0x56e/0x6e0 [hsr] [ 214.923192][ C2] hsr_newlink+0x36b/0x450 [hsr] [ 214.923194][ C2] ? hsr_dellink+0x70/0x70 [hsr] [ 214.923195][ C2] ? rtnl_create_link+0x2e4/0xb00 [ 214.923197][ C2] ? __netlink_ns_capable+0xc3/0xf0 [ 214.923198][ C2] __rtnl_newlink+0xbdb/0x1270 [ ... ] Fixes: e0a4b99773d3 ("hsr: use upper/lower device infrastructure") Reported-by: syzbot+7f1c020f68dab95aab59@syzkaller.appspotmail.com Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit 6dbb89014dc303facc54d33ae64419d2f9c8ff32 Author: Luo bin Date: Sat Jul 4 15:32:43 2020 +0800 hinic: fix sending mailbox timeout in aeq event work When sending mailbox in the work of aeq event, another aeq event will be triggered. because the last aeq work is not exited and only one work can be excuted simultaneously in the same workqueue, mailbox sending function will return failure of timeout. We create and use another workqueue to fix this. Signed-off-by: Luo bin Signed-off-by: David S. Miller commit c00e858d550c141169cde01c0d220d9eb21321a8 Merge: 4d572545543e d005fbb855d3 Author: David S. Miller Date: Sat Jul 4 17:47:35 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Use kvfree() to release vmalloc()'ed areas in ipset, from Eric Dumazet. 2) UAF in nfnetlink_queue from the nf_conntrack_update() path. ==================== Signed-off-by: David S. Miller commit 4d572545543e7b54d3f9721e54cb71d02d026209 Merge: d7bf2ebebc2b e54ac95afb2f Author: David S. Miller Date: Sat Jul 4 17:46:21 2020 -0700 Merge branch 'Documentation-networking-eliminate-doubled-words' Randy Dunlap says: ==================== Documentation: networking: eliminate doubled words Drop all duplicated words in Documentation/networking/ files. ==================== Signed-off-by: David S. Miller commit e54ac95afb2fe9dabcbb139b1705d5a8fe96345a Author: Randy Dunlap Date: Fri Jul 3 15:41:15 2020 -0700 Documentation: networking: rxrpc: drop doubled word Drop the doubled word "have". Signed-off-by: Randy Dunlap Cc: Jonathan Corbet Cc: linux-doc@vger.kernel.org Cc: "David S. Miller" Cc: Jakub Kicinski Cc: netdev@vger.kernel.org Cc: David Howells Cc: linux-afs@lists.infradead.org Signed-off-by: David S. Miller commit 474112d57c70520ebd81a5ca578fee1d93fafd07 Author: Randy Dunlap Date: Fri Jul 3 15:41:14 2020 -0700 Documentation: networking: ipvs-sysctl: drop doubled word Drop the doubled word "that". Signed-off-by: Randy Dunlap Cc: Jonathan Corbet Cc: linux-doc@vger.kernel.org Cc: "David S. Miller" Cc: Jakub Kicinski Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller commit a7db3c766916e8a9a054925d036a2746d3e93596 Author: Randy Dunlap Date: Fri Jul 3 15:41:13 2020 -0700 Documentation: networking: ip-sysctl: drop doubled word Drop the doubled word "that". Signed-off-by: Randy Dunlap Cc: Jonathan Corbet Cc: linux-doc@vger.kernel.org Cc: "David S. Miller" Cc: Jakub Kicinski Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller commit 4f6a009c8bdd69b611cf3a807128314992d07bf9 Author: Randy Dunlap Date: Fri Jul 3 15:41:12 2020 -0700 Documentation: networking: dsa: drop doubled word Drop the doubled word "in". Signed-off-by: Randy Dunlap Cc: Jonathan Corbet Cc: linux-doc@vger.kernel.org Cc: "David S. Miller" Cc: Jakub Kicinski Cc: netdev@vger.kernel.org Cc: Andrew Lunn Cc: Vivien Didelot Cc: Florian Fainelli Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 6d0fe3aea4a815929118a002a342849e6b9f0cfd Author: Randy Dunlap Date: Fri Jul 3 15:41:11 2020 -0700 Documentation: networking: can_ucan_protocol: drop doubled words Drop the doubled words "the" and "of". Signed-off-by: Randy Dunlap Cc: Jonathan Corbet Cc: linux-doc@vger.kernel.org Cc: "David S. Miller" Cc: Jakub Kicinski Cc: netdev@vger.kernel.org Cc: Wolfgang Grandegger Cc: Marc Kleine-Budde Cc: linux-can@vger.kernel.org Acked-by: Marc Kleine-Budde Signed-off-by: David S. Miller commit e99094856d0ab192501c3e6e2ff77b3ae44f6445 Author: Randy Dunlap Date: Fri Jul 3 15:41:10 2020 -0700 Documentation: networking: ax25: drop doubled word Drop the doubled word "and". Signed-off-by: Randy Dunlap Cc: Jonathan Corbet Cc: linux-doc@vger.kernel.org Cc: "David S. Miller" Cc: Jakub Kicinski Cc: netdev@vger.kernel.org Cc: Ralf Baechle Cc: linux-hams@vger.kernel.org Signed-off-by: David S. Miller commit caebecb0326907e978b064926836b48f94fec62f Author: Randy Dunlap Date: Fri Jul 3 15:41:09 2020 -0700 Documentation: networking: arcnet: drop doubled word Drop the doubled word "to". Signed-off-by: Randy Dunlap Cc: Jonathan Corbet Cc: linux-doc@vger.kernel.org Cc: "David S. Miller" Cc: Jakub Kicinski Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller commit 5ab546f5e6309373aef01a8d398e163ab7a78431 Author: Enric Balletbo i Serra Date: Tue May 19 11:41:15 2020 +0200 drm/mediatek: mtk_hdmi: Remove debug messages for function calls Equivalent information can be nowadays obtained using function tracer Signed-off-by: Enric Balletbo i Serra Signed-off-by: Chun-Kuang Hu commit 3a7826cc24e56ba8d3d18a202968553bdf687d98 Author: Enric Balletbo i Serra Date: Tue May 19 11:40:45 2020 +0200 drm/mediatek: mtk_mt8173_hdmi_phy: Remove unnused const variables There are some `static const u8` variables that are not used, this triggers a warning building with `make W=1`, it is safe to remove them, so do it and make the compiler more happy. Signed-off-by: Enric Balletbo i Serra Signed-off-by: Chun-Kuang Hu commit deb0f88b2208e9e6dbe39a0cbb3cdc458580d999 Author: Matthias Brugger Date: Mon May 18 13:22:54 2020 +0200 drm/mediatek: Delete not used of_device_get_match_data The driver will be loaded by via a platform device. So we will need to get the device_node from the parent device. Depending on this we will set the driver data. As all this is done later already, just delete the call to of_device_get_match_data. Signed-off-by: Matthias Brugger Reviewed-by: Enric Balletbo i Serra Signed-off-by: Chun-Kuang Hu commit e9052927941d393b4bed6f295da763172b7829f0 Author: Bernard Zhao Date: Tue Jun 16 14:51:01 2020 +0800 drm/mediatek: Remove unnecessary conversion to bool In function mtk_dsi_clk_hs_state, remove unnecessary conversion to bool return, this change is to make the code a bit readable. Signed-off-by: Bernard Zhao Signed-off-by: Chun-Kuang Hu commit 9bc0b029a8889f2c67c988760aba66a8d7b22af5 Merge: ec84c3f6ef71 19ab500edb5d Author: Linus Torvalds Date: Sat Jul 4 14:46:11 2020 -0700 Merge tag 'powerpc-5.8-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "One fix for a regression in our pkey handling, which exhibits as PROT_EXEC mappings taking continuous page faults. Thanks to: Jan Stancek, Aneesh Kumar K.V" * tag 'powerpc-5.8-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/mm/pkeys: Make pkey access check work on execute_only_key commit ec84c3f6ef710661c8d14e3f63e540b795dc0a51 Merge: 35e884f89df4 9b23d95c539e Author: Linus Torvalds Date: Sat Jul 4 14:43:26 2020 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "Nothing earth-shattering, really - some CPU errata workarounds (one day they'll get it right, ha!) and a fix for a boot failure with very large kernel images where the alternative patching gets confused when patching relative branches using veneers. - Fix alternative patching for very large kernel images and modules - Hook up existing CPU errata workarounds for Qualcomm Kryo CPUs" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: Add KRYO4XX silver CPU cores to erratum list 1530923 and 1024718 arm64: Add KRYO4XX gold CPU cores to erratum list 1463225 and 1418040 arm64: Add MIDR value for KRYO4XX gold CPU cores arm64/alternatives: use subsections for replacement sequences commit b7db41c9e03b5189bc94993bd50e4506ac9e34c1 Author: Jens Axboe Date: Sat Jul 4 08:55:50 2020 -0600 io_uring: fix regression with always ignoring signals in io_cqring_wait() When switching to TWA_SIGNAL for task_work notifications, we also made any signal based condition in io_cqring_wait() return -ERESTARTSYS. This breaks applications that rely on using signals to abort someone waiting for events. Check if we have a signal pending because of queued task_work, and repeat the signal check once we've run the task_work. This provides a reliable way of telling the two apart. Additionally, only use TWA_SIGNAL if we are using an eventfd. If not, we don't have the dependency situation described in the original commit, and we can get by with just using TWA_RESUME like we previously did. Fixes: ce593a6c480a ("io_uring: use signal based task_work running") Cc: stable@vger.kernel.org # v5.7 Reported-by: Andres Freund Tested-by: Andres Freund Signed-off-by: Jens Axboe commit cc801833a171163edb6385425349ba8903bd1b20 Author: Andy Lutomirski Date: Fri Jul 3 10:02:57 2020 -0700 x86/ldt: Disable 16-bit segments on Xen PV Xen PV doesn't implement ESPFIX64, so they don't work right. Disable them. Also print a warning the first time anyone tries to use a 16-bit segment on a Xen PV guest that would otherwise allow it to help people diagnose this change in behavior. This gets us closer to having all x86 selftests pass on Xen PV. Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/92b2975459dfe5929ecf34c3896ad920bd9e3f2d.1593795633.git.luto@kernel.org commit 13cbc0cd4a30c815984ad88e3a2e5976493516a3 Author: Andy Lutomirski Date: Fri Jul 3 10:02:56 2020 -0700 x86/entry/32: Fix #MC and #DB wiring on x86_32 DEFINE_IDTENTRY_MCE and DEFINE_IDTENTRY_DEBUG were wired up as non-RAW on x86_32, but the code expected them to be RAW. Get rid of all the macro indirection for them on 32-bit and just use DECLARE_IDTENTRY_RAW and DEFINE_IDTENTRY_RAW directly. Also add a warning to make sure that we only hit the _kernel paths in kernel mode. Reported-by: Naresh Kamboju Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/9e90a7ee8e72fd757db6d92e1e5ff16339c1ecf9.1593795633.git.luto@kernel.org commit f41f0824224eb12ad84de8972962dd54be5abe3b Author: Andy Lutomirski Date: Fri Jul 3 10:02:55 2020 -0700 x86/entry/xen: Route #DB correctly on Xen PV On Xen PV, #DB doesn't use IST. It still needs to be correctly routed depending on whether it came from user or kernel mode. Get rid of DECLARE/DEFINE_IDTENTRY_XEN -- it was too hard to follow the logic. Instead, route #DB and NMI through DECLARE/DEFINE_IDTENTRY_RAW on Xen, and do the right thing for #DB. Also add more warnings to the exc_debug* handlers to make this type of failure more obvious. This fixes various forms of corruption that happen when usermode triggers #DB on Xen PV. Fixes: 4c0dcd8350a0 ("x86/entry: Implement user mode C entry points for #DB and #MCE") Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/4163e733cce0b41658e252c6c6b3464f33fdff17.1593795633.git.luto@kernel.org commit 3c73b81a9164d0c1b6379d6672d2772a9e95168e Author: Andy Lutomirski Date: Fri Jul 3 10:02:54 2020 -0700 x86/entry, selftests: Further improve user entry sanity checks Chasing down a Xen bug caused me to realize that the new entry sanity checks are still fairly weak. Add some more checks. Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/881de09e786ab93ce56ee4a2437ba2c308afe7a9.1593795633.git.luto@kernel.org commit db5b2c5a90a111618f071d231a8b945cf522313e Author: Andy Lutomirski Date: Fri Jul 3 10:02:53 2020 -0700 x86/entry/compat: Clear RAX high bits on Xen PV SYSENTER Move the clearing of the high bits of RAX after Xen PV joins the SYSENTER path so that Xen PV doesn't skip it. Arguably this code should be deleted instead, but that would belong in the merge window. Fixes: ffae641f5747 ("x86/entry/64/compat: Fix Xen PV SYSENTER frame setup") Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/9d33b3f3216dcab008070f1c28b6091ae7199969.1593795633.git.luto@kernel.org commit e9c6004eef0019375e4b0339f1f88d9d6ed99018 Author: Nuno Sá Date: Wed Jul 1 14:04:41 2020 +0200 iio: adc: adi-axi-adc: Fix object reference counting When looking for a registered client to attach with, the wrong reference counters are being grabbed. The idea is to increment the module and device counters of the client device and not the counters of the axi device being probed. Fixes: ef04070692a2 (iio: adc: adi-axi-adc: add support for AXI ADC IP core) Signed-off-by: Nuno Sá Acked-by: Alexandru Ardelean Signed-off-by: Jonathan Cameron commit 35e884f89df4c48566d745dc5a97a0d058d04263 Merge: 8b082a41dae7 578c1bb90562 Author: Linus Torvalds Date: Fri Jul 3 23:58:12 2020 -0700 Merge tag 'for-linus-5.8b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes from Juergen Gross: "One small cleanup patch for ARM and two patches for the xenbus driver fixing latent problems (large stack allocations and bad return code settings)" * tag 'for-linus-5.8b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/xenbus: let xenbus_map_ring_valloc() return errno values only xen/xenbus: avoid large structs and arrays on the stack arm/xen: remove the unused macro GRANT_TABLE_PHYSADDR commit a5f526ecb075a08c4a082355020166c7fe13ae27 Author: Dan Williams Date: Fri Jul 3 23:54:35 2020 -0700 CodingStyle: Inclusive Terminology Linux maintains a coding-style and its own idiomatic set of terminology. Update the style guidelines to recommend replacements for the terms master/slave and blacklist/whitelist. Link: http://lore.kernel.org/r/159389297140.2210796.13590142254668787525.stgit@dwillia2-desk3.amr.corp.intel.com Acked-by: Randy Dunlap Acked-by: Dave Airlie Acked-by: SeongJae Park Acked-by: Christian Brauner Acked-by: James Bottomley Acked-by: Daniel Vetter Acked-by: Andy Lutomirski Acked-by: Laura Abbott Acked-by: Gustavo A. R. Silva Reviewed-by: Matthias Brugger Reviewed-by: Mark Brown Signed-off-by: Stephen Hemminger Signed-off-by: Theodore Ts'o Signed-off-by: Shuah Khan Signed-off-by: Dan Carpenter Signed-off-by: Kees Cook Signed-off-by: Olof Johansson Signed-off-by: Jonathan Corbet Signed-off-by: Chris Mason Signed-off-by: Greg Kroah-Hartman Signed-off-by: Dan Williams commit 597911287fcd13c3a4b4aa3e0a52b33d431e0a8e Author: Wolfram Sang Date: Sun Jun 28 13:52:44 2020 +0200 i2c: mlxcpld: check correct size of maximum RECV_LEN packet I2C_SMBUS_BLOCK_MAX defines already the maximum number as defined in the SMBus 2.0 specs. I don't see a reason to add 1 here. Also, fix the errno to what is suggested for this error. Fixes: c9bfdc7c16cb ("i2c: mlxcpld: Add support for smbus block read transaction") Signed-off-by: Wolfram Sang Reviewed-by: Michael Shych Tested-by: Michael Shych Signed-off-by: Wolfram Sang commit 8b082a41dae7d420db649bffe86cf5af62121f11 Merge: b8e516b36748 d4d80e69927a Author: Linus Torvalds Date: Fri Jul 3 23:20:14 2020 -0700 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull sysctl fix from Al Viro: "Another regression fix for sysctl changes this cycle..." * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: Call sysctl_head_finish on error commit 58e64b050d09836a39b4339c9f46757f1616b2e6 Author: Wolfram Sang Date: Sun Jun 28 20:55:22 2020 +0200 i2c: add Kconfig help text for slave mode I can't recall why there was none, but we surely want to have it. Signed-off-by: Wolfram Sang Reviewed-by: Niklas Söderlund Reviewed-by: Geert Uytterhoeven Signed-off-by: Wolfram Sang commit 59d3d6042d432f36e206127de0dab7f9319762d5 Author: Wolfram Sang Date: Sun Jun 28 20:54:26 2020 +0200 i2c: slave-eeprom: update documentation Add more details which have either been missing ever since or describe recent additions. Signed-off-by: Wolfram Sang Reviewed-by: Niklas Söderlund Reviewed-by: Luca Ceresoli Signed-off-by: Wolfram Sang commit 5f90786b31fb7d1e199a8999d46c4e3aea672e11 Author: Andy Shevchenko Date: Thu Jul 2 13:15:27 2020 +0300 i2c: eg20t: Load module automatically if ID matches The driver can't be loaded automatically because it misses module alias to be provided. Add corresponding MODULE_DEVICE_TABLE() call to the driver. Signed-off-by: Andy Shevchenko Signed-off-by: Wolfram Sang commit db2a8b6f1df93d5311970cca03052c01178de674 Author: Ricardo Ribalda Date: Thu Jul 2 12:33:21 2020 +0200 i2c: designware: platdrv: Set class based on DMI Current AMD's zen-based APUs use this core for some of its i2c-buses. With this patch we re-enable autodetection of hwmon-alike devices, so lm-sensors will be able to work automatically. It does not affect the boot-time of embedded devices, as the class is set based on the DMI information. DMI is probed only on Qtechnology QT5222 Industrial Camera Platform. DocLink: https://qtec.com/camera-technology-camera-platforms/ Fixes: 3eddad96c439 ("i2c: designware: reverts "i2c: designware: Add support for AMD I2C controller"") Signed-off-by: Ricardo Ribalda Reviewed-by: Andy Shevchenko Acked-by: Jarkko Nikula Signed-off-by: Wolfram Sang commit cd217f2300793a106b49c7dfcbfb26e348bc7593 Author: Chris Packham Date: Thu Jul 2 10:39:11 2020 +1200 i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 The PCA9665 datasheet says that I2CSTA = 78h indicates that SCL is stuck low, this differs to the PCA9564 which uses 90h for this indication. Treat either 0x78 or 0x90 as an indication that the SCL line is stuck. Based on looking through the PCA9564 and PCA9665 datasheets this should be safe for both chips. The PCA9564 should not return 0x78 for any valid state and the PCA9665 should not return 0x90. Fixes: eff9ec95efaa ("i2c-algo-pca: Add PCA9665 support") Signed-off-by: Chris Packham Reviewed-by: Andy Shevchenko Signed-off-by: Wolfram Sang commit b8e516b36748fd87943e54596a8a6f04ec05f1a5 Merge: 6f216714a690 19e888678bac Author: Linus Torvalds Date: Fri Jul 3 23:03:45 2020 -0700 Merge tag '5.8-rc3-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "Eight cifs/smb3 fixes, most when specifying the multiuser mount flag. Five of the fixes are for stable" * tag '5.8-rc3-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: prevent truncation from long to int in wait_for_free_credits cifs: Fix the target file was deleted when rename failed. SMB3: Honor 'posix' flag for multiuser mounts SMB3: Honor 'handletimeout' flag for multiuser mounts SMB3: Honor lease disabling for multiuser mounts SMB3: Honor persistent/resilient handle flags for multiuser mounts SMB3: Honor 'seal' flag for multiuser mounts cifs: Display local UID details for SMB sessions in DebugData commit 6f216714a6906d6d5d0654313d9f9a47613bb473 Merge: bc2391e7bdfe 0d242479b3e6 Author: Linus Torvalds Date: Fri Jul 3 17:28:16 2020 -0700 Merge tag 'hwmon-for-v5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: - Fix typo in Kconfig SENSORS_IR35221 option - Fix potential memory leak in acpi_power_meter_add() - Make sure the OVERT mask is set correctly in max6697 driver - In PMBus core, fix page vs. register when accessing fans - Mark is_visible functions static in bt1-pvt driver - Define Temp- and Volt-to-N poly as maybe-unused in bt1-pvt driver * tag 'hwmon-for-v5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() hwmon: (max6697) Make sure the OVERT mask is set correctly hwmon: (pmbus) Fix page vs. register when accessing fans hwmon: (bt1-pvt) Mark is_visible functions static hwmon: (bt1-pvt) Define Temp- and Volt-to-N poly as maybe-unused commit bc2391e7bdfe7318b077f0d257d6ee1a77dda452 Merge: 0c7d7d1fada7 8beeae86b8e1 Author: Linus Torvalds Date: Fri Jul 3 17:23:50 2020 -0700 Merge branch 'akpm' (patches from Andrew) Merge misc fixes from Andrew Morton: "Subsystems affected by this patch series: mm/hugetlb, samples, mm/cma, mm/vmalloc, mm/pagealloc" * emailed patches from Andrew Morton : mm/page_alloc: fix documentation error vmalloc: fix the owner argument for the new __vmalloc_node_range callers mm/cma.c: use exact_nid true to fix possible per-numa cma leak samples/vfs: avoid warning in statx override mm/hugetlb.c: fix pages per hugetlb calculation commit 8beeae86b8e19a4714531f8764b68bd828ffba2a Author: Joel Savitz Date: Fri Jul 3 15:15:30 2020 -0700 mm/page_alloc: fix documentation error When I increased the upper bound of the min_free_kbytes value in ee8eb9a5fe863 ("mm/page_alloc: increase default min_free_kbytes bound") I forgot to tweak the above comment to reflect the new value. This patch fixes that mistake. Signed-off-by: Joel Savitz Signed-off-by: Andrew Morton Cc: Matthew Wilcox Cc: Rafael Aquini Cc: Fabrizio D'Angelo Link: http://lkml.kernel.org/r/20200624221236.29560-1-jsavitz@redhat.com Signed-off-by: Linus Torvalds commit a3a66c3822e03692ed7c5888e8f2d384cc698d34 Author: Christoph Hellwig Date: Fri Jul 3 15:15:27 2020 -0700 vmalloc: fix the owner argument for the new __vmalloc_node_range callers Fix the recently added new __vmalloc_node_range callers to pass the correct values as the owner for display in /proc/vmallocinfo. Fixes: 800e26b81311 ("x86/hyperv: allocate the hypercall page with only read and execute bits") Fixes: 10d5e97c1bf8 ("arm64: use PAGE_KERNEL_ROX directly in alloc_insn_page") Fixes: 7a0e27b2a0ce ("mm: remove vmalloc_exec") Reported-by: Ard Biesheuvel Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200627075649.2455097-1-hch@lst.de Signed-off-by: Linus Torvalds commit 40366bd70bbbbf822ca224dfc227a8c8e868c44f Author: Barry Song Date: Fri Jul 3 15:15:24 2020 -0700 mm/cma.c: use exact_nid true to fix possible per-numa cma leak Calling cma_declare_contiguous_nid() with false exact_nid for per-numa reservation can easily cause cma leak and various confusion. For example, mm/hugetlb.c is trying to reserve per-numa cma for gigantic pages. But it can easily leak cma and make users confused when system has memoryless nodes. In case the system has 4 numa nodes, and only numa node0 has memory. if we set hugetlb_cma=4G in bootargs, mm/hugetlb.c will get 4 cma areas for 4 different numa nodes. since exact_nid=false in current code, all 4 numa nodes will get cma successfully from node0, but hugetlb_cma[1 to 3] will never be available to hugepage will only allocate memory from hugetlb_cma[0]. In case the system has 4 numa nodes, both numa node0&2 has memory, other nodes have no memory. if we set hugetlb_cma=4G in bootargs, mm/hugetlb.c will get 4 cma areas for 4 different numa nodes. since exact_nid=false in current code, all 4 numa nodes will get cma successfully from node0 or 2, but hugetlb_cma[1] and [3] will never be available to hugepage as mm/hugetlb.c will only allocate memory from hugetlb_cma[0] and hugetlb_cma[2]. This causes permanent leak of the cma areas which are supposed to be used by memoryless node. Of cource we can workaround the issue by letting mm/hugetlb.c scan all cma areas in alloc_gigantic_page() even node_mask includes node0 only. that means when node_mask includes node0 only, we can get page from hugetlb_cma[1] to hugetlb_cma[3]. But this will cause kernel crash in free_gigantic_page() while it wants to free page by: cma_release(hugetlb_cma[page_to_nid(page)], page, 1 << order) On the other hand, exact_nid=false won't consider numa distance, it might be not that useful to leverage cma areas on remote nodes. I feel it is much simpler to make exact_nid true to make everything clear. After that, memoryless nodes won't be able to reserve per-numa CMA from other nodes which have memory. Fixes: cf11e85fc08c ("mm: hugetlb: optionally allocate gigantic hugepages using cma") Signed-off-by: Barry Song Signed-off-by: Andrew Morton Acked-by: Roman Gushchin Cc: Jonathan Cameron Cc: Aslan Bakirov Cc: Michal Hocko Cc: Andreas Schaufler Cc: Mike Kravetz Cc: Rik van Riel Cc: Joonsoo Kim Cc: Robin Murphy Cc: Link: http://lkml.kernel.org/r/20200628074345.27228-1-song.bao.hua@hisilicon.com Signed-off-by: Linus Torvalds commit c3eeaae9fd736b7f2afbda8d3cbb1cbae06decf3 Author: Kees Cook Date: Fri Jul 3 15:15:21 2020 -0700 samples/vfs: avoid warning in statx override Something changed recently to uncover this warning: samples/vfs/test-statx.c:24:15: warning: `struct foo' declared inside parameter list will not be visible outside of this definition or declaration 24 | #define statx foo | ^~~ Which is due the use of "struct statx" (here, "struct foo") in a function prototype argument list before it has been defined: int # 56 "/usr/include/x86_64-linux-gnu/bits/statx-generic.h" foo # 56 "/usr/include/x86_64-linux-gnu/bits/statx-generic.h" 3 4 (int __dirfd, const char *__restrict __path, int __flags, unsigned int __mask, struct # 57 "/usr/include/x86_64-linux-gnu/bits/statx-generic.h" foo # 57 "/usr/include/x86_64-linux-gnu/bits/statx-generic.h" 3 4 *__restrict __buf) __attribute__ ((__nothrow__ , __leaf__)) __attribute__ ((__nonnull__ (2, 5))); Add explicit struct before #include to avoid warning. Fixes: f1b5618e013a ("vfs: Add a sample program for the new mount API") Signed-off-by: Kees Cook Signed-off-by: Andrew Morton Cc: Miklos Szeredi Cc: Al Viro Cc: David Howells Link: http://lkml.kernel.org/r/202006282213.C516EA6@keescook Signed-off-by: Linus Torvalds commit 1139d336fff425f9a20374945cdd28eb44d09fa8 Author: Mike Kravetz Date: Fri Jul 3 15:15:18 2020 -0700 mm/hugetlb.c: fix pages per hugetlb calculation The routine hpage_nr_pages() was incorrectly used to calculate the number of base pages in a hugetlb page. hpage_nr_pages is designed to be called for THP pages and will return HPAGE_PMD_NR for hugetlb pages of any size. Due to the context in which hpage_nr_pages was called, it is unlikely to produce a user visible error. The routine with the incorrect call is only exercised in the case of hugetlb memory error or migration. In addition, this would need to be on an architecture which supports huge page sizes less than PMD_SIZE. And, the vma containing the huge page would also need to smaller than PMD_SIZE. Fixes: c0d0381ade79 ("hugetlbfs: use i_mmap_rwsem for more pmd sharing synchronization") Reported-by: Matthew Wilcox (Oracle) Signed-off-by: Mike Kravetz Signed-off-by: Andrew Morton Reviewed-by: Matthew Wilcox (Oracle) Cc: Michal Hocko Cc: "Kirill A . Shutemov" Cc: Link: http://lkml.kernel.org/r/20200629185003.97202-1-mike.kravetz@oracle.com Signed-off-by: Linus Torvalds commit 0c7d7d1fada70420851b63f2e2669cb4976a303b Merge: 7fec3ce50a5d c7f87f3984cf Author: Linus Torvalds Date: Fri Jul 3 14:46:46 2020 -0700 Merge tag 'xfs-5.8-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fix from Darrick Wong: "Fix a use-after-free bug when the fs shuts down" * tag 'xfs-5.8-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: fix use-after-free on CIL context on shutdown commit d7bf2ebebc2bd61ab95e2a8e33541ef282f303d4 Author: Toke Høiland-Jørgensen Date: Fri Jul 3 22:26:43 2020 +0200 sched: consistently handle layer3 header accesses in the presence of VLANs There are a couple of places in net/sched/ that check skb->protocol and act on the value there. However, in the presence of VLAN tags, the value stored in skb->protocol can be inconsistent based on whether VLAN acceleration is enabled. The commit quoted in the Fixes tag below fixed the users of skb->protocol to use a helper that will always see the VLAN ethertype. However, most of the callers don't actually handle the VLAN ethertype, but expect to find the IP header type in the protocol field. This means that things like changing the ECN field, or parsing diffserv values, stops working if there's a VLAN tag, or if there are multiple nested VLAN tags (QinQ). To fix this, change the helper to take an argument that indicates whether the caller wants to skip the VLAN tags or not. When skipping VLAN tags, we make sure to skip all of them, so behaviour is consistent even in QinQ mode. To make the helper usable from the ECN code, move it to if_vlan.h instead of pkt_sched.h. v3: - Remove empty lines - Move vlan variable definitions inside loop in skb_protocol() - Also use skb_protocol() helper in IP{,6}_ECN_decapsulate() and bpf_skb_ecn_set_ce() v2: - Use eth_type_vlan() helper in skb_protocol() - Also fix code that reads skb->protocol directly - Change a couple of 'if/else if' statements to switch constructs to avoid calling the helper twice Reported-by: Ilya Ponetayev Fixes: d8b9605d2697 ("net: sched: fix skb->protocol use in case of accelerated vlan path") Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller commit 7fec3ce50a5d3fc54de9c0e9d43682ea9320b199 Merge: 718b7a570a34 5396956cc7c6 Author: Linus Torvalds Date: Fri Jul 3 12:14:51 2020 -0700 Merge tag 'pci-v5.8-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fix from Bjorn Helgaas: "Fix a pcie_find_root_port() simplification that broke power management because it didn't handle the edge case of finding the Root Port of a Root Port itself (Mika Westerberg)"" * tag 'pci-v5.8-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: Make pcie_find_root_port() work for Root Ports commit 718b7a570a346323cd80dc28d0a41892036b050b Merge: bf2d63694e9e ef0c44c3e51b Author: Linus Torvalds Date: Fri Jul 3 12:11:18 2020 -0700 Merge tag 'acpi-5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI updates from Rafael Wysocki: "Add a new device ID for Intel Tiger Lake to the DPTF battery participant driver (Srinivas Pandruvada) and fix the Tiger Lake fan device ID (Sumeet Pawnikar)" * tag 'acpi-5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: fan: Fix Tiger Lake ACPI device ID ACPI: DPTF: Add battery participant for TigerLake commit bf2d63694e9ed5142711325e0039b017d40fae4c Merge: 1d4287146529 c860f8ffbea8 Author: Linus Torvalds Date: Fri Jul 3 12:01:04 2020 -0700 Merge tag 'gfs2-v5.8-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Pull gfs2 fixes from Andreas Gruenbacher: "Various gfs2 fixes" * tag 'gfs2-v5.8-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: The freeze glock should never be frozen gfs2: When freezing gfs2, use GL_EXACT and not GL_NOCACHE gfs2: read-only mounts should grab the sd_freeze_gl glock gfs2: freeze should work on read-only mounts gfs2: eliminate GIF_ORDERED in favor of list_empty gfs2: Don't sleep during glock hash walk gfs2: fix trans slab error when withdraw occurs inside log_flush gfs2: Don't return NULL from gfs2_inode_lookup commit 1d42871465291c3f117ea3c9fbce8d4a603c303b Merge: cdd3bb54332f 1298a549e22a Author: Linus Torvalds Date: Fri Jul 3 11:39:30 2020 -0700 Merge tag 'drm-fixes-2020-07-03' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Pretty usual rc4 pull: two usual amdgpu, i915 pulls, and some misc arm driver fixes. The bigger bit is including the asm sources for some GPU shaders that were contained in the i915 driver, otherwise it's pretty much business as usual. dma-buf: - fix a use-after-free bug amdgpu: - Fix for vega20 boards without RAS support - DC bandwidth revalidation fix - Fix Renoir vram info fetching - Fix hwmon freq printing i915: - GVT fixes - Two missed MMIO handler fixes for SKL/CFL - Fix mask register bits check - Fix one lockdep error for debugfs entry access - Include asm sources for render cache clear batches msm: - memleak fix - display block fix - address space fixes exynos: - error value and reference count fix - error print removal sun4i: - remove HPD polling" * tag 'drm-fixes-2020-07-03' of git://anongit.freedesktop.org/drm/drm: (22 commits) drm/amdgpu: use %u rather than %d for sclk/mclk drm/amdgpu/atomfirmware: fix vram_info fetching for renoir drm/amd/display: Only revalidate bandwidth on medium and fast updates drm: sun4i: hdmi: Remove extra HPD polling drm/i915: Include asm sources for {ivb, hsw}_clear_kernel.c drm/exynos: fix ref count leak in mic_pre_enable drm/exynos: Properly propagate return value in drm_iommu_attach_device() drm/exynos: Remove dev_err() on platform_get_irq() failure drm/amd/powerplay: Fix NULL dereference in lock_bus() on Vega20 w/o RAS dma-buf: Move dma_buf_release() from fops to dentry_ops drm/msm: Fix up the rest of the messed up address sizes drm/msm: Fix setup of a6xx create_address_space. drm/msm: Fix address space size after refactor. drm/i915/gvt: Use GFP_ATOMIC instead of GFP_KERNEL in atomic context drm/i915/gvt: Fix incorrect check of enabled bits in mask registers drm/i915/gvt: Fix two CFL MMIO handling caused by regression. drm/i915/gvt: Add one missing MMIO handler for D_SKL_PLUS drm/msm: Fix 0xfffflub in "Refactor address space initialization" drm/msm/dpu: allow initialization of encoder locks during encoder init drm/msm/dpu: fix error return code in dpu_encoder_init ... commit d4d80e69927ab5da67026c1c94e23c305dbc799e Author: Matthew Wilcox (Oracle) Date: Fri Jul 3 14:10:14 2020 -0400 Call sysctl_head_finish on error This error path returned directly instead of calling sysctl_head_finish(). Fixes: ef9d965bc8b6 ("sysctl: reject gigantic reads/write to sysctl files") Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Al Viro commit fa71e9527f6a0153ae6a880031b902818af1bdaf Author: Sean Christopherson Date: Thu Jul 2 21:04:22 2020 -0700 KVM: VMX: Use KVM_POSSIBLE_CR*_GUEST_BITS to initialize guest/host masks Use the "common" KVM_POSSIBLE_CR*_GUEST_BITS defines to initialize the CR0/CR4 guest host masks instead of duplicating most of the CR4 mask and open coding the CR0 mask. SVM doesn't utilize the masks, i.e. the masks are effectively VMX specific even if they're not named as such. This avoids duplicate code, better documents the guest owned CR0 bit, and eliminates the need for a build-time assertion to keep VMX and x86 synchronized. Signed-off-by: Sean Christopherson Message-Id: <20200703040422.31536-3-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit 7c83d096aed055a7763a03384f92115363448b71 Author: Sean Christopherson Date: Thu Jul 2 21:04:21 2020 -0700 KVM: x86: Mark CR4.TSD as being possibly owned by the guest Mark CR4.TSD as being possibly owned by the guest as that is indeed the case on VMX. Without TSD being tagged as possibly owned by the guest, a targeted read of CR4 to get TSD could observe a stale value. This bug is benign in the current code base as the sole consumer of TSD is the emulator (for RDTSC) and the emulator always "reads" the entirety of CR4 when grabbing bits. Add a build-time assertion in to ensure VMX doesn't hand over more CR4 bits without also updating x86. Fixes: 52ce3c21aec3 ("x86,kvm,vmx: Don't trap writes to CR4.TSD") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Message-Id: <20200703040422.31536-2-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit d74fcfc1f0ff4b6c26ecef1f9e48d8089ab4eaac Author: Sean Christopherson Date: Thu Jul 2 19:17:14 2020 -0700 KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode Inject a #GP on MOV CR4 if CR4.LA57 is toggled in 64-bit mode, which is illegal per Intel's SDM: CR4.LA57 57-bit linear addresses (bit 12 of CR4) ... blah blah blah ... This bit cannot be modified in IA-32e mode. Note, the pseudocode for MOV CR doesn't call out the fault condition, which is likely why the check was missed during initial development. This is arguably an SDM bug and will hopefully be fixed in future release of the SDM. Fixes: fd8cb433734ee ("KVM: MMU: Expose the LA57 feature to VM.") Cc: stable@vger.kernel.org Reported-by: Sebastien Boeuf Signed-off-by: Sean Christopherson Message-Id: <20200703021714.5549-1-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit 075ebfe19fa3fa8838d2afdde5e87c86b7953b1e Merge: 9e9f85e029a2 d8ca55addb93 Author: Heiko Carstens Date: Fri Jul 3 18:02:09 2020 +0200 Merge tag 'vfio-ccw-20200703' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw into fixes add a missing include Signed-off-by: Heiko Carstens commit 9b23d95c539ebc5d6d6b5d6f20d2d7922384e76e Author: Sai Prakash Ranjan Date: Tue Jun 30 23:30:55 2020 +0530 arm64: Add KRYO4XX silver CPU cores to erratum list 1530923 and 1024718 KRYO4XX silver/LITTLE CPU cores with revision r1p0 are affected by erratum 1530923 and 1024718, so add them to the respective list. The variant and revision bits are implementation defined and are different from the their Cortex CPU counterparts on which they are based on, i.e., r1p0 is equivalent to rdpe. Signed-off-by: Sai Prakash Ranjan Link: https://lore.kernel.org/r/7013e8a3f857ca7e82863cc9e34a614293d7f80c.1593539394.git.saiprakash.ranjan@codeaurora.org Signed-off-by: Will Deacon commit a9e821b89daa55cc940c546b124101939d3f0451 Author: Sai Prakash Ranjan Date: Tue Jun 30 23:30:54 2020 +0530 arm64: Add KRYO4XX gold CPU cores to erratum list 1463225 and 1418040 KRYO4XX gold/big CPU core revisions r0p0 to r3p1 are affected by erratum 1463225 and 1418040, so add them to the respective list. The variant and revision bits are implementation defined and are different from the their Cortex CPU counterparts on which they are based on, i.e., (r0p0 to r3p1) is equivalent to (rcpe to rfpf). Signed-off-by: Sai Prakash Ranjan Link: https://lore.kernel.org/r/83780e80c6377c12ca51b5d53186b61241685e49.1593539394.git.saiprakash.ranjan@codeaurora.org Signed-off-by: Will Deacon commit dce4f2807f6920bb907eb4cd4f95e7f42d918bc6 Author: Sai Prakash Ranjan Date: Tue Jun 30 23:30:53 2020 +0530 arm64: Add MIDR value for KRYO4XX gold CPU cores Add MIDR value for KRYO4XX gold/big CPU cores which are used in Qualcomm Technologies, Inc. SoCs. This will be used to identify and apply erratum which are applicable for these CPU cores. Signed-off-by: Sai Prakash Ranjan Link: https://lore.kernel.org/r/9093fb82e22441076280ca1b729242ffde80c432.1593539394.git.saiprakash.ranjan@codeaurora.org Signed-off-by: Will Deacon commit ef0c44c3e51ba051c500620685ee0b476ef2cbdf Merge: 1e05daca83bb 0318e8374e87 Author: Rafael J. Wysocki Date: Fri Jul 3 16:15:31 2020 +0200 Merge branch 'acpi-fan' * acpi-fan: ACPI: fan: Fix Tiger Lake ACPI device ID commit e84861fec32dee8a2e62bbaa52cded6b05a2a456 Author: Marc Kleine-Budde Date: Fri Jul 3 12:33:15 2020 +0200 regmap: dev_get_regmap_match(): fix string comparison This function is used by dev_get_regmap() to retrieve a regmap for the specified device. If the device has more than one regmap, the name parameter can be used to specify one. The code here uses a pointer comparison to check for equal strings. This however will probably always fail, as the regmap->name is allocated via kstrdup_const() from the regmap's config->name. Fix this by using strcmp() instead. Signed-off-by: Marc Kleine-Budde Link: https://lore.kernel.org/r/20200703103315.267996-1-mkl@pengutronix.de Signed-off-by: Mark Brown commit c0dadd298faca771f749a01848fa86567c5afa35 Author: Nicolas Ferre Date: Thu Jul 2 15:42:24 2020 +0200 MAINTAINERS: Change Maintainer for some at91 drivers I hand over the maintenance of these drivers to my colleagues. Claudiu, Codrin and Tudor already have experience with these controllers and sub-systems. Signed-off-by: Nicolas Ferre Link: https://lore.kernel.org/r/20200702134224.3750-1-nicolas.ferre@microchip.com Signed-off-by: Mark Brown commit d005fbb855d3b5660d62ee5a6bd2d99c13ff8cf3 Author: Pablo Neira Ayuso Date: Wed Jul 1 13:17:40 2020 +0200 netfilter: conntrack: refetch conntrack after nf_conntrack_update() __nf_conntrack_update() might refresh the conntrack object that is attached to the skbuff. Otherwise, this triggers UAF. [ 633.200434] ================================================================== [ 633.200472] BUG: KASAN: use-after-free in nf_conntrack_update+0x34e/0x770 [nf_conntrack] [ 633.200478] Read of size 1 at addr ffff888370804c00 by task nfqnl_test/6769 [ 633.200487] CPU: 1 PID: 6769 Comm: nfqnl_test Not tainted 5.8.0-rc2+ #388 [ 633.200490] Hardware name: LENOVO 23259H1/23259H1, BIOS G2ET32WW (1.12 ) 05/30/2012 [ 633.200491] Call Trace: [ 633.200499] dump_stack+0x7c/0xb0 [ 633.200526] ? nf_conntrack_update+0x34e/0x770 [nf_conntrack] [ 633.200532] print_address_description.constprop.6+0x1a/0x200 [ 633.200539] ? _raw_write_lock_irqsave+0xc0/0xc0 [ 633.200568] ? nf_conntrack_update+0x34e/0x770 [nf_conntrack] [ 633.200594] ? nf_conntrack_update+0x34e/0x770 [nf_conntrack] [ 633.200598] kasan_report.cold.9+0x1f/0x42 [ 633.200604] ? call_rcu+0x2c0/0x390 [ 633.200633] ? nf_conntrack_update+0x34e/0x770 [nf_conntrack] [ 633.200659] nf_conntrack_update+0x34e/0x770 [nf_conntrack] [ 633.200687] ? nf_conntrack_find_get+0x30/0x30 [nf_conntrack] Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1436 Fixes: ee04805ff54a ("netfilter: conntrack: make conntrack userspace helpers work again") Signed-off-by: Pablo Neira Ayuso commit 2160d6c8a13e685b7b2bacbe9cd1e9600506a05f Author: Tom Zanussi Date: Thu Jul 2 14:53:46 2020 -0400 tools lib traceevent: Add proper KBUFFER_TYPE_TIME_STAMP handling Kernel commit dc4e2801d400 (ring-buffer: Redefine the unimplemented RINGBUF_TYPE_TIME_STAMP) changed the way the ring buffer timestamps work - after that commit the previously unimplemented RINGBUF_TYPE_TIME_STAMP type causes the time delta to be used as a timestamp rather than a delta to be added to the timestamp. The trace-cmd code didn't get updated to handle this, so misinterprets the event data for this case, which causes a cascade of errors, including trace-report not being able to identify synthetic (or any other) events generated by the histogram code (which uses TIME_STAMP mode). For example, the following triggers along with the trace-cmd shown cause an UNKNOWN_EVENT error and trace-cmd report crash: # echo 'wakeup_latency u64 lat pid_t pid char comm[16]' > /sys/kernel/debug/tracing/synthetic_events # echo 'hist:keys=pid:ts0=common_timestamp.usecs if comm=="ping"' > /sys/kernel/debug/tracing/events/sched/sched_wakeup/trigger # echo 'hist:keys=next_pid:wakeup_lat=common_timestamp.usecs-$ts0:onmatch(sched.sched_wakeup).trace(wakeup_latency,$wakeup_lat,next_pid,next_comm) if next_comm=="ping"' > /sys/kernel/debug/tracing/events/sched/sched_switch/trigger # echo 'hist:keys=comm,pid,lat:wakeup_lat=lat:sort=lat' > /sys/kernel/debug/tracing/events/synthetic/wakeup_latency/trigger # trace-cmd record -e wakeup_latency -e sched_wakeup -f comm==\"ping\" ping localhost -c 5 # trace-cmd report CPU 0 is empty CPU 1 is empty CPU 2 is empty CPU 3 is empty CPU 5 is empty CPU 6 is empty CPU 7 is empty cpus=8 ug! no event found for type 0 [UNKNOWN TYPE 0] ug! no event found for type 11520 Segmentation fault (core dumped) After this patch we get the correct interpretation and the events are shown properly: # trace-cmd report CPU 0 is empty CPU 1 is empty CPU 2 is empty CPU 3 is empty CPU 5 is empty CPU 6 is empty CPU 7 is empty cpus=8 -0 [004] 23284.341392: sched_wakeup: ping:12031 [120] success=1 CPU:004 -0 [004] 23284.341464: wakeup_latency: lat=58, pid=12031, comm=ping -0 [004] 23285.365303: sched_wakeup: ping:12031 [120] success=1 CPU:004 -0 [004] 23285.365382: wakeup_latency: lat=64, pid=12031, comm=ping -0 [004] 23286.389290: sched_wakeup: ping:12031 [120] success=1 CPU:004 -0 [004] 23286.389378: wakeup_latency: lat=72, pid=12031, comm=ping -0 [004] 23287.413213: sched_wakeup: ping:12031 [120] success=1 CPU:004 -0 [004] 23287.413291: wakeup_latency: lat=64, pid=12031, comm=ping Link: http://lkml.kernel.org/r/1567628224.13841.4.camel@kernel.org Link: http://lore.kernel.org/linux-trace-devel/20200625100516.365338-3-tz.stoyanov@gmail.com Signed-off-by: Tom Zanussi [ Ported from trace-cmd.git ] Cc: Andrew Morton Cc: Jiri Olsa Cc: Namhyung Kim Cc: linux-trace-devel@vger.kernel.org Link: http://lore.kernel.org/lkml/20200702185703.785094515@goodmis.org Signed-off-by: Tzvetomir Stoyanov (VMware) Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Arnaldo Carvalho de Melo commit 374855c5e4a76f7cc7f9aeb613c54929510eff18 Author: Steven Rostedt (Red Hat) Date: Thu Jul 2 14:53:45 2020 -0400 tools lib traceevent: Add API to read time information from kbuffer Add the functions kbuffer_subbuf_timestamp() and kbuffer_ptr_delta() to get the timing data stored in the ring buffer that is used to produced the time stamps of the records. This is useful for tools like trace-cmd to be able to display the content of the read data to understand why the records show the time stamps that they do. Link: http://lore.kernel.org/linux-trace-devel/20200625100516.365338-2-tz.stoyanov@gmail.com Signed-off-by: Steven Rostedt (VMware) [ Ported from trace-cmd.git ] Cc: Andrew Morton Cc: Jiri Olsa Cc: Namhyung Kim Cc: linux-trace-devel@vger.kernel.org Link: http://lore.kernel.org/lkml/20200702185703.619656282@goodmis.org Signed-off-by: Tzvetomir Stoyanov (VMware) Signed-off-by: Arnaldo Carvalho de Melo commit f18d5cf86cdb58eb50cafb5a5e20943ec7a61b1f Author: Adrian Hunter Date: Mon Jun 29 12:19:55 2020 +0300 perf scripts python: exported-sql-viewer.py: Fix time chart call tree Using Python version 3.8.2 and PySide2 version 5.14.0, time chart call tree would not expand the tree to the result. Fix by using setExpanded(). Example: $ perf record -e intel_pt//u uname Linux [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.034 MB perf.data ] $ perf script --itrace=bep -s ~/libexec/perf-core/scripts/python/export-to-sqlite.py perf.data.db branches calls 2020-06-26 15:32:14.928997 Creating database ... 2020-06-26 15:32:14.933971 Writing records... 2020-06-26 15:32:15.535251 Adding indexes 2020-06-26 15:32:15.542993 Dropping unused tables 2020-06-26 15:32:15.549716 Done $ python3 ~/libexec/perf-core/scripts/python/exported-sql-viewer.py perf.data.db Select: Charts -> Time chart by CPU Move mouse over middle of chart Right-click and select Show Call Tree Before: displays Call Tree but not expanded to selected time After: displays Call Tree expanded to selected time Fixes: e69d5df75d74d ("perf scripts python: exported-sql-viewer.py: Add ability for Call tree to open at a specified task and time") Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: stable@vger.kernel.org Link: http://lore.kernel.org/lkml/20200629091955.17090-7-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 031c8d5edb1ddeb6d398f7942ce2a01a1a51ada9 Author: Adrian Hunter Date: Mon Jun 29 12:19:54 2020 +0300 perf scripts python: exported-sql-viewer.py: Fix zero id in call tree 'Find' result Using ctrl-F ('Find') would not find 'unknown' because it matches id zero. Fix by excluding id zero from selection. Example: $ perf record -e intel_pt//u uname Linux [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.034 MB perf.data ] $ perf script --itrace=bep -s ~/libexec/perf-core/scripts/python/export-to-sqlite.py perf.data.db branches calls 2020-06-26 15:32:14.928997 Creating database ... 2020-06-26 15:32:14.933971 Writing records... 2020-06-26 15:32:15.535251 Adding indexes 2020-06-26 15:32:15.542993 Dropping unused tables 2020-06-26 15:32:15.549716 Done $ python3 ~/libexec/perf-core/scripts/python/exported-sql-viewer.py perf.data.db Select: Reports -> Call Tree Press: Ctrl-F Enter: unknown Press: Enter Before: displays 'unknown' not found After: tree is expanded to line showing 'unknown' Fixes: ae8b887c00d3f ("perf scripts python: exported-sql-viewer.py: Add call tree") Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: stable@vger.kernel.org Link: http://lore.kernel.org/lkml/20200629091955.17090-6-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 7ff520b0a71dd2db695b52ad117d81b7eaf6ff9d Author: Adrian Hunter Date: Mon Jun 29 12:19:53 2020 +0300 perf scripts python: exported-sql-viewer.py: Fix zero id in call graph 'Find' result Using ctrl-F ('Find') would not find 'unknown' because it matches id zero. Fix by excluding id zero from selection. Example: $ perf record -e intel_pt//u uname Linux [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.034 MB perf.data ] $ perf script --itrace=bep -s ~/libexec/perf-core/scripts/python/export-to-sqlite.py perf.data.db branches calls 2020-06-26 15:32:14.928997 Creating database ... 2020-06-26 15:32:14.933971 Writing records... 2020-06-26 15:32:15.535251 Adding indexes 2020-06-26 15:32:15.542993 Dropping unused tables 2020-06-26 15:32:15.549716 Done $ python3 ~/libexec/perf-core/scripts/python/exported-sql-viewer.py perf.data.db Select: Reports -> Context-Sensitive Call Graph Press: Ctrl-F Enter: unknown Press: Enter Before: gets stuck After: tree is expanded to line showing 'unknown' Fixes: 254c0d820b86d ("perf scripts python: exported-sql-viewer.py: Factor out CallGraphModelBase") Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: stable@vger.kernel.org Link: http://lore.kernel.org/lkml/20200629091955.17090-5-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 3a3cf7c570a486b07d9a6e68a77548aea6a8421f Author: Adrian Hunter Date: Mon Jun 29 12:19:52 2020 +0300 perf scripts python: exported-sql-viewer.py: Fix unexpanded 'Find' result Using Python version 3.8.2 and PySide2 version 5.14.0, ctrl-F ('Find') would not expand the tree to the result. Fix by using setExpanded(). Example: $ perf record -e intel_pt//u uname Linux [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.034 MB perf.data ] $ perf script --itrace=bep -s ~/libexec/perf-core/scripts/python/export-to-sqlite.py perf.data.db branches calls 2020-06-26 15:32:14.928997 Creating database ... 2020-06-26 15:32:14.933971 Writing records... 2020-06-26 15:32:15.535251 Adding indexes 2020-06-26 15:32:15.542993 Dropping unused tables 2020-06-26 15:32:15.549716 Done $ python3 ~/libexec/perf-core/scripts/python/exported-sql-viewer.py perf.data.db Select: Reports -> Context-Sensitive Call Graph or Reports -> Call Tree Press: Ctrl-F Enter: main Press: Enter Before: line showing 'main' does not display After: tree is expanded to line showing 'main' Fixes: ebd70c7dc2f5f ("perf scripts python: exported-sql-viewer.py: Add ability to find symbols in the call-graph") Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: stable@vger.kernel.org Link: http://lore.kernel.org/lkml/20200629091955.17090-4-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 442ad2254ac56b39870c0cfed96d500921fea5d5 Author: Adrian Hunter Date: Mon Jun 29 12:19:51 2020 +0300 perf record: Fix duplicated sideband events with Intel PT system wide tracing Commit 0a892c1c9472 ("perf record: Add dummy event during system wide synthesis") reveals an issue with Intel PT system wide tracing. Specifically that Intel PT already adds a dummy tracking event, and it is not the first event. Adding another dummy tracking event causes duplicated sideband events. Fix by checking for an existing dummy tracking event first. Example showing duplicated switch events: Before: # perf record -a -e intel_pt//u uname Linux [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.895 MB perf.data ] # perf script --no-itrace --show-switch-events | head swapper 0 [007] 6390.516222: PERF_RECORD_SWITCH_CPU_WIDE OUT preempt next pid/tid: 11/11 swapper 0 [007] 6390.516222: PERF_RECORD_SWITCH_CPU_WIDE OUT preempt next pid/tid: 11/11 rcu_sched 11 [007] 6390.516223: PERF_RECORD_SWITCH_CPU_WIDE IN prev pid/tid: 0/0 rcu_sched 11 [007] 6390.516224: PERF_RECORD_SWITCH_CPU_WIDE IN prev pid/tid: 0/0 rcu_sched 11 [007] 6390.516227: PERF_RECORD_SWITCH_CPU_WIDE OUT next pid/tid: 0/0 rcu_sched 11 [007] 6390.516227: PERF_RECORD_SWITCH_CPU_WIDE OUT next pid/tid: 0/0 swapper 0 [007] 6390.516228: PERF_RECORD_SWITCH_CPU_WIDE IN prev pid/tid: 11/11 swapper 0 [007] 6390.516228: PERF_RECORD_SWITCH_CPU_WIDE IN prev pid/tid: 11/11 swapper 0 [002] 6390.516415: PERF_RECORD_SWITCH_CPU_WIDE OUT preempt next pid/tid: 5556/5559 swapper 0 [002] 6390.516416: PERF_RECORD_SWITCH_CPU_WIDE OUT preempt next pid/tid: 5556/5559 After: # perf record -a -e intel_pt//u uname Linux [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.868 MB perf.data ] # perf script --no-itrace --show-switch-events | head swapper 0 [005] 6450.567013: PERF_RECORD_SWITCH_CPU_WIDE OUT preempt next pid/tid: 7179/7181 perf 7181 [005] 6450.567014: PERF_RECORD_SWITCH_CPU_WIDE IN prev pid/tid: 0/0 perf 7181 [005] 6450.567028: PERF_RECORD_SWITCH_CPU_WIDE OUT next pid/tid: 0/0 swapper 0 [005] 6450.567029: PERF_RECORD_SWITCH_CPU_WIDE IN prev pid/tid: 7179/7181 swapper 0 [005] 6450.571699: PERF_RECORD_SWITCH_CPU_WIDE OUT preempt next pid/tid: 11/11 rcu_sched 11 [005] 6450.571700: PERF_RECORD_SWITCH_CPU_WIDE IN prev pid/tid: 0/0 rcu_sched 11 [005] 6450.571702: PERF_RECORD_SWITCH_CPU_WIDE OUT next pid/tid: 0/0 swapper 0 [005] 6450.571703: PERF_RECORD_SWITCH_CPU_WIDE IN prev pid/tid: 11/11 swapper 0 [005] 6450.579703: PERF_RECORD_SWITCH_CPU_WIDE OUT preempt next pid/tid: 11/11 rcu_sched 11 [005] 6450.579704: PERF_RECORD_SWITCH_CPU_WIDE IN prev pid/tid: 0/0 Signed-off-by: Adrian Hunter Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Link: http://lore.kernel.org/lkml/20200629091955.17090-3-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 640432e6bed08e9d5d2ba26856ba3f55008b07e3 Author: Adrian Hunter Date: Mon Jun 29 12:19:50 2020 +0300 perf scripts python: export-to-postgresql.py: Fix struct.pack() int argument Python 3.8 is requiring that arguments being packed as integers are also integers. Add int() accordingly. Before: $ perf record -e intel_pt//u uname $ perf script --itrace=bep -s ~/libexec/perf-core/scripts/python/export-to-postgresql.py perf_data_db branches calls 2020-06-25 16:09:10.547256 Creating database... 2020-06-25 16:09:10.733185 Writing to intermediate files... Traceback (most recent call last): File "/home/ahunter/libexec/perf-core/scripts/python/export-to-postgresql.py", line 1106, in synth_data cbr(id, raw_buf) File "/home/ahunter/libexec/perf-core/scripts/python/export-to-postgresql.py", line 1058, in cbr value = struct.pack("!hiqiiiiii", 4, 8, id, 4, cbr, 4, MHz, 4, percent) struct.error: required argument is not an integer Fatal Python error: problem in Python trace event handler Python runtime state: initialized Current thread 0x00007f35d3695780 (most recent call first): Aborted (core dumped) After: $ dropdb perf_data_db $ rm -rf perf_data_db-perf-data $ perf script --itrace=bep -s ~/libexec/perf-core/scripts/python/export-to-postgresql.py perf_data_db branches calls 2020-06-25 16:09:40.990267 Creating database... 2020-06-25 16:09:41.207009 Writing to intermediate files... 2020-06-25 16:09:41.270915 Copying to database... 2020-06-25 16:09:41.382030 Removing intermediate files... 2020-06-25 16:09:41.384630 Adding primary keys 2020-06-25 16:09:41.541894 Adding foreign keys 2020-06-25 16:09:41.677044 Dropping unused tables 2020-06-25 16:09:41.703761 Done Fixes: aba44287a224 ("perf scripts python: export-to-postgresql.py: Export Intel PT power and ptwrite events") Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: stable@vger.kernel.org Link: http://lore.kernel.org/lkml/20200629091955.17090-2-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit eb25de276505c664c6ee838e60c6e5ad1837f55e Author: Arnaldo Carvalho de Melo Date: Fri Jul 3 08:11:16 2020 -0300 tools arch: Update arch/x86/lib/memcpy_64.S copy used in 'perf bench mem memcpy' To bring in the change made in this cset: e3a9e681adb7 ("x86/entry: Fixup bad_iret vs noinstr") This doesn't cause any functional changes to tooling, just a rebuild. Addresses this perf build warning: Warning: Kernel ABI header at 'tools/arch/x86/lib/memcpy_64.S' differs from latest version at 'arch/x86/lib/memcpy_64.S' diff -u tools/arch/x86/lib/memcpy_64.S arch/x86/lib/memcpy_64.S Cc: Adrian Hunter Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Signed-off-by: Arnaldo Carvalho de Melo commit 9434628fcee63b1f3c6a6881b70e8f69a1f68e88 Merge: c42ad5d43582 cdd3bb54332f Author: Arnaldo Carvalho de Melo Date: Fri Jul 3 08:05:59 2020 -0300 Merge remote-tracking branch 'torvalds/master' into perf/urgent To synchronize UAPI headers. Signed-off-by: Arnaldo Carvalho de Melo commit c860f8ffbea8924de05a281b937128773d30a77c Author: Bob Peterson Date: Thu Jun 25 14:42:17 2020 -0500 gfs2: The freeze glock should never be frozen Before this patch, some gfs2 code locked the freeze glock with LM_FLAG_NOEXP (Do not freeze) flag, and some did not. We never want to freeze the freeze glock, so this patch makes it consistently use LM_FLAG_NOEXP always. Signed-off-by: Bob Peterson commit 623ba664b74a20f22a2ef7ebd71e171d2d7c626f Author: Bob Peterson Date: Thu Jun 25 13:30:52 2020 -0500 gfs2: When freezing gfs2, use GL_EXACT and not GL_NOCACHE Before this patch, the freeze code in gfs2 specified GL_NOCACHE in several places. That's wrong because we always want to know the state of whether the file system is frozen. There was also a problem with freeze/thaw transitioning the glock from frozen (EX) to thawed (SH) because gfs2 will normally grant glocks in EX to processes that request it in SH mode, unless GL_EXACT is specified. Therefore, the freeze/thaw code, which tried to reacquire the glock in SH mode would get the glock in EX mode, and miss the transition from EX to SH. That made it think the thaw had completed normally, but since the glock was still cached in EX, other nodes could not freeze again. This patch removes the GL_NOCACHE flag to allow the freeze glock to be cached. It also adds the GL_EXACT flag so the glock is fully transitioned from EX to SH, thereby allowing future freeze operations. Signed-off-by: Bob Peterson commit b780cc615ba4795a7ef0e93b19424828a5ad456a Author: Bob Peterson Date: Thu Jun 25 13:30:18 2020 -0500 gfs2: read-only mounts should grab the sd_freeze_gl glock Before this patch, only read-write mounts would grab the freeze glock in read-only mode, as part of gfs2_make_fs_rw. So the freeze glock was never initialized. That meant requests to freeze, which request the glock in EX, were granted without any state transition. That meant you could mount a gfs2 file system, which is currently frozen on a different cluster node, in read-only mode. This patch makes read-only mounts lock the freeze glock in SH mode, which will block for file systems that are frozen on another node. Signed-off-by: Bob Peterson commit 541656d3a5136ae830d604e237f29f406d42c592 Author: Bob Peterson Date: Thu Jun 25 13:29:44 2020 -0500 gfs2: freeze should work on read-only mounts Before this patch, function freeze_go_sync, called when promoting the freeze glock, was testing for the SDF_JOURNAL_LIVE superblock flag. That's only set for read-write mounts. Read-only mounts don't use a journal, so the bit is never set, so the freeze never happened. This patch removes the check for SDF_JOURNAL_LIVE for freeze requests but still checks it when deciding whether to flush a journal. Signed-off-by: Bob Peterson commit 7542486b89b2e321ffe0de82163b425d6a38bc72 Author: Bob Peterson Date: Wed Jun 17 07:47:34 2020 -0500 gfs2: eliminate GIF_ORDERED in favor of list_empty In several places, we used the GIF_ORDERED inode flag to determine if an inode was on the ordered writes list. However, since we always held the sd_ordered_lock spin_lock during the manipulation, we can just as easily check list_empty(&ip->i_ordered) instead. This allows us to keep more than one ordered writes list to make journal writing improvements. This patch eliminates GIF_ORDERED in favor of checking list_empty. Signed-off-by: Bob Peterson commit d8ca55addb9315ecd9fc4397f4c94d3f1980161c Author: Sean Christopherson Date: Thu Jul 2 19:26:28 2020 -0700 vfio-ccw: Fix a build error due to missing include of linux/slab.h Include linux/slab.h to fix a build error due to kfree() being undefined. Fixes: 3f02cb2fd9d2 ("vfio-ccw: Wire up the CRW irq and CRW region") Signed-off-by: Sean Christopherson Message-Id: <20200703022628.6036-1-sean.j.christopherson@intel.com> Signed-off-by: Cornelia Huck commit bf12fdf0ab728ca8e5933aac46dd972c0dd0421e Author: Esben Haabendal Date: Wed Jul 1 16:56:58 2020 +0200 uio_pdrv_genirq: fix use without device tree and no interrupt While e3a3c3a20555 ("UIO: fix uio_pdrv_genirq with device tree but no interrupt") added support for using uio_pdrv_genirq for devices without interrupt for device tree platforms, the removal of uio_pdrv in 26dac3c49d56 ("uio: Remove uio_pdrv and use uio_pdrv_genirq instead") broke the support for non device tree platforms. This change fixes this, so that uio_pdrv_genirq can be used without interrupt on all platforms. This still leaves the support that uio_pdrv had for custom interrupt handler lacking, as uio_pdrv_genirq does not handle it (yet). Fixes: 26dac3c49d56 ("uio: Remove uio_pdrv and use uio_pdrv_genirq instead") Signed-off-by: Esben Haabendal Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200701145659.3978-3-esben@geanix.com Signed-off-by: Greg Kroah-Hartman commit 324ac45f25e634eca6346953ae531e8da3e0c73d Author: Esben Haabendal Date: Wed Jul 1 16:56:57 2020 +0200 uio_pdrv_genirq: Remove warning when irq is not specified Since e3a3c3a20555 ("UIO: fix uio_pdrv_genirq with device tree but no interrupt"), the uio_pdrv_genirq has supported use without interrupt, so the change in 7723f4c5ecdb ("driver core: platform: Add an error message to") added false warnings for those cases. Fixes: 7723f4c5ecdb ("driver core: platform: Add an error message to platform_get_irq*()") Signed-off-by: Esben Haabendal Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200701145659.3978-2-esben@geanix.com Signed-off-by: Greg Kroah-Hartman commit f38278e9b810b06aff2981d505267be984423ba3 Author: Lad Prabhakar Date: Wed Jul 1 16:41:40 2020 +0100 serial: sh-sci: Initialize spinlock for uart console serial core expects the spinlock to be initialized by the controller driver for serial console, this patch makes sure the spinlock is initialized, fixing the below issue: [ 0.865928] BUG: spinlock bad magic on CPU#0, swapper/0/1 [ 0.865945] lock: sci_ports+0x0/0x4c80, .magic: 00000000, .owner: /-1, .owner_cpu: 0 [ 0.865955] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.8.0-rc1+ #112 [ 0.865961] Hardware name: HopeRun HiHope RZ/G2H with sub board (DT) [ 0.865968] Call trace: [ 0.865979] dump_backtrace+0x0/0x1d8 [ 0.865985] show_stack+0x14/0x20 [ 0.865996] dump_stack+0xe8/0x130 [ 0.866006] spin_dump+0x6c/0x88 [ 0.866012] do_raw_spin_lock+0xb0/0xf8 [ 0.866023] _raw_spin_lock_irqsave+0x80/0xa0 [ 0.866032] uart_add_one_port+0x3a4/0x4e0 [ 0.866039] sci_probe+0x504/0x7c8 [ 0.866048] platform_drv_probe+0x50/0xa0 [ 0.866059] really_probe+0xdc/0x330 [ 0.866066] driver_probe_device+0x58/0xb8 [ 0.866072] device_driver_attach+0x6c/0x90 [ 0.866078] __driver_attach+0x88/0xd0 [ 0.866085] bus_for_each_dev+0x74/0xc8 [ 0.866091] driver_attach+0x20/0x28 [ 0.866098] bus_add_driver+0x14c/0x1f8 [ 0.866104] driver_register+0x60/0x110 [ 0.866109] __platform_driver_register+0x40/0x48 [ 0.866119] sci_init+0x2c/0x34 [ 0.866127] do_one_initcall+0x88/0x428 [ 0.866137] kernel_init_freeable+0x2c0/0x328 [ 0.866143] kernel_init+0x10/0x108 [ 0.866150] ret_from_fork+0x10/0x18 Signed-off-by: Lad Prabhakar Reviewed-by: Biju Das Fixes: a3cb39d258ef ("serial: core: Allow detach and attach serial device for console") Cc: stable Link: https://lore.kernel.org/r/1593618100-2151-1-git-send-email-prabhakar.mahadev-lad.rj@bp.renesas.com Signed-off-by: Greg Kroah-Hartman commit cdd3bb54332f82295ed90cd0c09c78cd0c0ee822 Merge: 684c8ccc40d7 c43e55796dd4 Author: Linus Torvalds Date: Thu Jul 2 22:56:29 2020 -0700 Merge tag 'm68knommu-for-v5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu Pull m68knommu mm fixes from Greg Ungerer: "Two critical mm related fixes that affect booting of m68k/ColdFire devices. Both fix problems caused by recent system init memblock changes" * tag 'm68knommu-for-v5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68k: mm: fix node memblock init m68k: nommu: register start of the memory with memblock commit 684c8ccc40d7e5408d597a43712bad3827d3fb94 Merge: 45564bcd5704 0115e6c98c22 Author: Linus Torvalds Date: Thu Jul 2 22:46:05 2020 -0700 Merge tag 'devicetree-fixes-for-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull devicetree fixes from Rob Herring: - Sync dtc to upstream to pick up fixes for I2C bus checks and quiet warnings - Various fixes for DT binding check warnings - A couple of build fixes/improvements for binding checks - ReST formatting improvements for writing-schema.rst - Document reference fixes * tag 'devicetree-fixes-for-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: dt-bindings: clock: imx: Fix e-mail address dt-bindings: thermal: k3: Fix the reg property dt-bindings: thermal: Remove soc unit address dt-bindings: display: arm: versatile: Pass the sysreg unit name dt-bindings: usb: aspeed: Remove the leading zeroes dt-bindings: copy process-schema-examples.yaml to process-schema.yaml dt-bindings: do not build processed-schema.yaml for 'make dt_binding_check' dt-bindings: fix error in 'make clean' after 'make dt_binding_check' dt-bindings: mailbox: zynqmp_ipi: fix unit address dt-bindings: bus: uniphier-system-bus: fix warning in example scripts/dtc: Update to upstream version v1.6.0-11-g9d7888cbf19c doc: devicetree: bindings: fix spelling mistake docs: dt: minor adjustments at writing-schema.rst dt: fix reference to olpc,xo1.75-ec.txt dt: Fix broken references to renamed docs dt: fix broken links due to txt->yaml renames dt: update a reference for reneases pcar file renamed to yaml commit 45564bcd57046ebe8c9309527c114dcd042cb7e5 Merge: 0c7415c31ea9 c17d1a3a8ee4 Author: Linus Torvalds Date: Thu Jul 2 22:40:06 2020 -0700 Merge tag 'for-linus-2020-07-02' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux Pull data race annotation from Christian Brauner: "This contains an annotation patch for a data race in copy_process() reported by KCSAN when reading and writing nr_threads. The data race is intentional and benign. This is obvious from the comment above the relevant code and based on general consensus when discussing this issue. So simply using data_race() to annotate this as an intentional race seems the best option" * tag 'for-linus-2020-07-02' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux: fork: annotate data race in copy_process() commit 0c7415c31ea9482c4377287af5f459778bf64d2a Merge: 0dce88451f9c e918e570415c Author: Linus Torvalds Date: Thu Jul 2 22:36:19 2020 -0700 Merge tag 'tpmdd-next-v5.8-rc4' of git://git.infradead.org/users/jjs/linux-tpmdd Pull tpm fixes from Jarkko Sakkinen: "These are just fixes for bugs found lately. All of them are small scale things here and there, and all of them are for previous kernel releases (the oldest appeared in v2.6.17)" * tag 'tpmdd-next-v5.8-rc4' of git://git.infradead.org/users/jjs/linux-tpmdd: tpm_tis: Remove the HID IFX0102 tpm_tis_spi: Prefer async probe tpm: ibmvtpm: Wait for ready buffer before probing for TPM2 attributes tpm/st33zp24: fix spelling mistake "drescription" -> "description" tpm_tis: extra chip->ops check on error path in tpm_tis_core_init tpm_tis_spi: Don't send anything during flow control tpm: Fix TIS locality timeout problems commit 0dce88451f9c1cc5f1b73818e0608d5f84499e9a Merge: 55844741a1e7 377ff83083c9 Author: Linus Torvalds Date: Thu Jul 2 21:53:16 2020 -0700 Merge tag 'linux-kselftest-fixes-5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kselftest fixes from Shuah Khan: "tpm test fixes from Jarkko Sakkinen" * tag 'linux-kselftest-fixes-5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests: tpm: Use /bin/sh instead of /bin/bash selftests: tpm: Use 'test -e' instead of 'test -f' Revert "tpm: selftest: cleanup after unseal with wrong auth/policy test" commit 55844741a1e74bd41b4cea57502c2efedc99bf47 Merge: 083176c86ffa c63d2dd7e134 Author: Linus Torvalds Date: Thu Jul 2 21:49:26 2020 -0700 Merge tag 'linux-kselftest-kunit-fixes-5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kunit fixes from Shuah Khan "Fixes for build and run-times failures. Also includes troubleshooting tips updates to kunit user documentation" * tag 'linux-kselftest-kunit-fixes-5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: Documentation: kunit: Add some troubleshooting tips to the FAQ kunit: kunit_tool: Fix invalid result when build fails kunit: show error if kunit results are not present kunit: kunit_config: Fix parsing of CONFIG options with space commit 083176c86ffae8c9b467358eca5ba05a54a27898 Merge: 7cc2a8ea1048 becd2014923f Author: Linus Torvalds Date: Thu Jul 2 20:35:33 2020 -0700 Merge tag 'nfsd-5.8-1' of git://linux-nfs.org/~bfields/linux Pull nfsd fixes from Bruce Fields: "Fixes for a umask bug on exported filesystems lacking ACL support, a leak and a module unloading bug in the /proc/fs/nfsd/clients/ code, and a compile warning" * tag 'nfsd-5.8-1' of git://linux-nfs.org/~bfields/linux: SUNRPC: Add missing definition of ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE nfsd: fix nfsdfs inode reference count leak nfsd4: fix nfsdfs reference count loop nfsd: apply umask on fs without ACL support commit cb551b8dc079d2ef189145782627c99cb68c0255 Author: Damien Le Moal Date: Wed Jul 1 17:52:54 2020 +0900 scsi: mpt3sas: Fix unlock imbalance In BRM_status_show(), if the condition "!ioc->is_warpdrive" tested on entry to the function is true, a "goto out" is called. This results in unlocking ioc->pci_access_mutex without this mutex lock being taken. This generates the following splat: [ 1148.539883] mpt3sas_cm2: BRM_status_show: BRM attribute is only for warpdrive [ 1148.547184] [ 1148.548708] ===================================== [ 1148.553501] WARNING: bad unlock balance detected! [ 1148.558277] 5.8.0-rc3+ #827 Not tainted [ 1148.562183] ------------------------------------- [ 1148.566959] cat/5008 is trying to release lock (&ioc->pci_access_mutex) at: [ 1148.574035] [] BRM_status_show+0xd3/0x100 [mpt3sas] [ 1148.580574] but there are no more locks to release! [ 1148.585524] [ 1148.585524] other info that might help us debug this: [ 1148.599624] 3 locks held by cat/5008: [ 1148.607085] #0: ffff92aea3e392c0 (&p->lock){+.+.}-{3:3}, at: seq_read+0x34/0x480 [ 1148.618509] #1: ffff922ef14c4888 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x2a/0xb0 [ 1148.630729] #2: ffff92aedb5d7310 (kn->active#224){.+.+}-{0:0}, at: kernfs_seq_start+0x32/0xb0 [ 1148.643347] [ 1148.643347] stack backtrace: [ 1148.655259] CPU: 73 PID: 5008 Comm: cat Not tainted 5.8.0-rc3+ #827 [ 1148.665309] Hardware name: HGST H4060-S/S2600STB, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [ 1148.678394] Call Trace: [ 1148.684750] dump_stack+0x78/0xa0 [ 1148.691802] lock_release.cold+0x45/0x4a [ 1148.699451] __mutex_unlock_slowpath+0x35/0x270 [ 1148.707675] BRM_status_show+0xd3/0x100 [mpt3sas] [ 1148.716092] dev_attr_show+0x19/0x40 [ 1148.723664] sysfs_kf_seq_show+0x87/0x100 [ 1148.731193] seq_read+0xbc/0x480 [ 1148.737882] vfs_read+0xa0/0x160 [ 1148.744514] ksys_read+0x58/0xd0 [ 1148.751129] do_syscall_64+0x4c/0xa0 [ 1148.757941] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1148.766240] RIP: 0033:0x7f1230566542 [ 1148.772957] Code: Bad RIP value. [ 1148.779206] RSP: 002b:00007ffeac1bcac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1148.790063] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f1230566542 [ 1148.800284] RDX: 0000000000020000 RSI: 00007f1223460000 RDI: 0000000000000003 [ 1148.810474] RBP: 00007f1223460000 R08: 00007f122345f010 R09: 0000000000000000 [ 1148.820641] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000000 [ 1148.830728] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000 Fix this by returning immediately instead of jumping to the out label. Link: https://lore.kernel.org/r/20200701085254.51740-1-damien.lemoal@wdc.com Reviewed-by: Johannes Thumshirn Acked-by: Sreekanth Reddy Signed-off-by: Damien Le Moal Signed-off-by: Martin K. Petersen commit 1a9826204109acd3f8e926394b16bd4cdc4c5dbb Author: Bob Liu Date: Wed Jul 1 11:07:44 2020 +0800 scsi: iscsi: Change iSCSI workqueue max_active back to 1 Commit 3ce419662dd4 ("scsi: iscsi: Register sysfs for iscsi workqueue") enabled 'cpumask' support for iSCSI workqueues. However, it is unnecessary to set max_active = 2 since 'cpumask' can still be modified when max_active is 1. This patch sets max_active to 1 so as to keep the same behaviour as before. Link: https://lore.kernel.org/r/20200701030745.16897-1-bob.liu@oracle.com Reviewed-by: Mike Christie Signed-off-by: Bob Liu Signed-off-by: Martin K. Petersen commit 1298a549e22abe36c82208406c7069280553c7dd Merge: 80e89901e5a5 bda8eaa6dee7 Author: Dave Airlie Date: Fri Jul 3 11:18:06 2020 +1000 Merge tag 'drm-misc-fixes-2020-07-02' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes * dma-buf: fix a use-after-free bug * sun4i: remove HPD polling Signed-off-by: Dave Airlie From: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20200702075143.GA25040@linux-uq9g commit 0d242479b3e6f7b5aebea3ef07b8a73c4f45b50c Author: Tao Ren Date: Thu Jul 2 15:13:49 2020 -0700 hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option Fix a typo in SENSORS_IR35221 option: module name should be "ir35221" instead of "ir35521". Fixes: 8991ebd9c9a6 ("hwmon: (pmbus) Add client driver for IR35221") Cc: Samuel Mendoza-Jonas Signed-off-by: Tao Ren Link: https://lore.kernel.org/r/20200702221349.18139-1-rentao.bupt@gmail.com Signed-off-by: Guenter Roeck commit 7cc2a8ea104820dd9e702202621e8fd4d9f6c8cf Merge: c93493b7cd40 e7eea44eefbd Author: Linus Torvalds Date: Thu Jul 2 15:13:51 2020 -0700 Merge tag 'block-5.8-2020-07-01' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: - Use kvfree_sensitive() for the block keyslot free (Eric) - Sync blk-mq debugfs flags (Hou) - Memory leak fix in virtio-blk error path (Hou) * tag 'block-5.8-2020-07-01' of git://git.kernel.dk/linux-block: virtio-blk: free vblk-vqs in error path of virtblk_probe() block/keyslot-manager: use kvfree_sensitive() blk-mq-debugfs: update blk_queue_flag_name[] accordingly for new flags commit c93493b7cd40c20708e3373a7cc8e8049460d7ce Merge: cd77006e01b3 ce593a6c480a Author: Linus Torvalds Date: Thu Jul 2 14:56:22 2020 -0700 Merge tag 'io_uring-5.8-2020-07-01' of git://git.kernel.dk/linux-block Pull io_uring fixes from Jens Axboe: "One fix in here, for a regression in 5.7 where a task is waiting in the kernel for a condition, but that condition won't become true until task_work is run. And the task_work can't be run exactly because the task is waiting in the kernel, so we'll never make any progress. One example of that is registering an eventfd and queueing io_uring work, and then the task goes and waits in eventfd read with the expectation that it'll get woken (and read an event) when the io_uring request completes. The io_uring request is finished through task_work, which won't get run while the task is looping in eventfd read" * tag 'io_uring-5.8-2020-07-01' of git://git.kernel.dk/linux-block: io_uring: use signal based task_work running task_work: teach task_work_add() to do signal_wake_up() commit ad4e2b64839710e3b6e17a11b2684ceaaeae795e Author: Nicolas Ferre Date: Thu Jul 2 15:00:21 2020 +0200 MAINTAINERS: net: macb: add Claudiu as co-maintainer I would like that Claudiu becomes co-maintainer of the Cadence macb driver. He's already participating to lots of reviews and enhancements to this driver and knows the different versions of this controller. Signed-off-by: Nicolas Ferre Signed-off-by: David S. Miller commit af199a1a9cb02ec0194804bd46c174b6db262075 Author: Codrin Ciubotariu Date: Thu Jul 2 12:44:50 2020 +0300 net: dsa: microchip: set the correct number of ports The number of ports is incorrectly set to the maximum available for a DSA switch. Even if the extra ports are not used, this causes some functions to be called later, like port_disable() and port_stp_state_set(). If the driver doesn't check the port index, it will end up modifying unknown registers. Fixes: b987e98e50ab ("dsa: add DSA switch driver for Microchip KSZ9477") Signed-off-by: Codrin Ciubotariu Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 578c1bb9056263ad3c9e09746b3d6e4daf63bdb0 Author: Juergen Gross Date: Wed Jul 1 14:16:38 2020 +0200 xen/xenbus: let xenbus_map_ring_valloc() return errno values only Today xenbus_map_ring_valloc() can return either a negative errno value (-ENOMEM or -EINVAL) or a grant status value. This is a mess as e.g -ENOMEM and GNTST_eagain have the same numeric value. Fix that by turning all grant mapping errors into -ENOENT. This is no problem as all callers of xenbus_map_ring_valloc() only use the return value to print an error message, and in case of mapping errors the grant status value has already been printed by __xenbus_map_ring() before. Signed-off-by: Juergen Gross Reviewed-by: Boris Ostrovsky Link: https://lore.kernel.org/r/20200701121638.19840-3-jgross@suse.com Signed-off-by: Boris Ostrovsky commit 3848e4e0a32afb96dc3b84e1358c3b9d103c6a2c Author: Juergen Gross Date: Wed Jul 1 14:16:37 2020 +0200 xen/xenbus: avoid large structs and arrays on the stack xenbus_map_ring_valloc() and its sub-functions are putting quite large structs and arrays on the stack. This is problematic at runtime, but might also result in build failures (e.g. with clang due to the option -Werror,-Wframe-larger-than=... used). Fix that by moving most of the data from the stack into a dynamically allocated struct. Performance is no issue here, as xenbus_map_ring_valloc() is used only when adding a new PV device to a backend driver. While at it move some duplicated code from pv/hvm specific mapping functions to the single caller. Reported-by: Arnd Bergmann Signed-off-by: Juergen Gross Reviewed-by: Boris Ostrovsky Link: https://lore.kernel.org/r/20200701121638.19840-2-jgross@suse.com Signed-off-by: Boris Ostrovsky commit 1ca0fafd73c5268e8fc4b997094b8bb2bfe8deea Author: Eric Dumazet Date: Wed Jul 1 18:39:33 2020 -0700 tcp: md5: allow changing MD5 keys in all socket states This essentially reverts commit 721230326891 ("tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets") Mathieu reported that many vendors BGP implementations can actually switch TCP MD5 on established flows. Quoting Mathieu : Here is a list of a few network vendors along with their behavior with respect to TCP MD5: - Cisco: Allows for password to be changed, but within the hold-down timer (~180 seconds). - Juniper: When password is initially set on active connection it will reset, but after that any subsequent password changes no network resets. - Nokia: No notes on if they flap the tcp connection or not. - Ericsson/RedBack: Allows for 2 password (old/new) to co-exist until both sides are ok with new passwords. - Meta-Switch: Expects the password to be set before a connection is attempted, but no further info on whether they reset the TCP connection on a change. - Avaya: Disable the neighbor, then set password, then re-enable. - Zebos: Would normally allow the change when socket connected. We can revert my prior change because commit 9424e2e7ad93 ("tcp: md5: fix potential overestimation of TCP option space") removed the leak of 4 kernel bytes to the wire that was the main reason for my patch. While doing my investigations, I found a bug when a MD5 key is changed, leading to these commits that stable teams want to consider before backporting this revert : Commit 6a2febec338d ("tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()") Commit e6ced831ef11 ("tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers") Fixes: 721230326891 "tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets" Signed-off-by: Eric Dumazet Reported-by: Mathieu Desnoyers Signed-off-by: David S. Miller commit a55de412228cc5a2b4bf8d2a09849898102633e2 Author: Tony Lindgren Date: Thu Jul 2 13:57:14 2020 -0700 bus: ti-sysc: Do not disable on suspend for no-idle If we have "ti,no-idle" specified for a module we must not disable the the module on suspend to keep things backwards compatible. Fixes: 386cb76681ca ("bus: ti-sysc: Handle missed no-idle property in addition to no-idle-on-init") Reported-by: Grygorii Strashko Signed-off-by: Tony Lindgren commit f427f4d6214c183c474eeb46212d38e6c7223d6a Author: Divya Indi Date: Tue Jun 23 19:13:09 2020 -0700 IB/sa: Resolv use-after-free in ib_nl_make_request() There is a race condition where ib_nl_make_request() inserts the request data into the linked list but the timer in ib_nl_request_timeout() can see it and destroy it before ib_nl_send_msg() is done touching it. This could happen, for instance, if there is a long delay allocating memory during nlmsg_new() This causes a use-after-free in the send_mad() thread: [] ? ib_pack+0x17b/0x240 [ib_core] [ ] ib_sa_path_rec_get+0x181/0x200 [ib_sa] [] rdma_resolve_route+0x3c0/0x8d0 [rdma_cm] [] ? cma_bind_port+0xa0/0xa0 [rdma_cm] [] ? rds_rdma_cm_event_handler_cmn+0x850/0x850 [rds_rdma] [] rds_rdma_cm_event_handler_cmn+0x22c/0x850 [rds_rdma] [] rds_rdma_cm_event_handler+0x10/0x20 [rds_rdma] [] addr_handler+0x9e/0x140 [rdma_cm] [] process_req+0x134/0x190 [ib_addr] [] process_one_work+0x169/0x4a0 [] worker_thread+0x5b/0x560 [] ? flush_delayed_work+0x50/0x50 [] kthread+0xcb/0xf0 [] ? __schedule+0x24a/0x810 [] ? __schedule+0x24a/0x810 [] ? kthread_create_on_node+0x180/0x180 [] ret_from_fork+0x47/0x90 [] ? kthread_create_on_node+0x180/0x180 The ownership rule is once the request is on the list, ownership transfers to the list and the local thread can't touch it any more, just like for the normal MAD case in send_mad(). Thus, instead of adding before send and then trying to delete after on errors, move the entire thing under the spinlock so that the send and update of the lists are atomic to the conurrent threads. Lightly reoganize things so spinlock safe memory allocations are done in the final NL send path and the rest of the setup work is done before and outside the lock. Fixes: 3ebd2fd0d011 ("IB/sa: Put netlink request into the request list before sending") Link: https://lore.kernel.org/r/1592964789-14533-1-git-send-email-divya.indi@oracle.com Signed-off-by: Divya Indi Signed-off-by: Jason Gunthorpe commit 3197d48a7c04eee3e50bd54ef7e17e383b8a919e Author: Wei Yongjun Date: Thu Jul 2 13:35:43 2020 +0800 block: make function __bio_integrity_free() static Fix sparse build warning: block/bio-integrity.c:27:6: warning: symbol '__bio_integrity_free' was not declared. Should it be static? Signed-off-by: Wei Yongjun Signed-off-by: Jens Axboe commit b3c58fcd0e2c3cf2af30a766191431b4d69aafc2 Merge: e7eea44eefbd 72d447113bb7 Author: Jens Axboe Date: Thu Jul 2 12:11:23 2020 -0600 Merge branch 'nvme-5.8' of git://git.infradead.org/nvme into block-5.8 Pull NVMe fixes from Christoph. * 'nvme-5.8' of git://git.infradead.org/nvme: nvme: fix a crash in nvme_mpath_add_disk nvme: fix identify error status silent ignore commit afe6f1eeb08f85e57f0a02b71efb5a0839606aac Author: Tony Lindgren Date: Thu Jul 2 10:41:02 2020 -0700 bus: ti-sysc: Fix sleeping function called from invalid context for RTC quirk With CONFIG_DEBUG_ATOMIC_SLEEP enabled we can see the following with RTC probe: BUG: sleeping function called from invalid context at drivers/bus/ti-sysc.c:1736 ... (sysc_quirk_rtc) from [] (sysc_write_sysconfig+0x1c/0x60) (sysc_write_sysconfig) from [] (sysc_enable_module+0x11c/0x274) (sysc_enable_module) from [] (sysc_probe+0xe9c/0x1380) (sysc_probe) from [] (platform_drv_probe+0x48/0x98) Fixes: e8639e1c986a ("bus: ti-sysc: Handle module unlock quirk needed for some RTC") Signed-off-by: Tony Lindgren commit 9f9113925018d500a95df539014d9ff11ac2c02d Author: Tony Lindgren Date: Thu Jul 2 10:44:20 2020 -0700 bus: ti-sysc: Fix wakeirq sleeping function called from invalid context With CONFIG_DEBUG_ATOMIC_SLEEP enabled we can see the following with wakeirqs and serial console idled: BUG: sleeping function called from invalid context at drivers/bus/ti-sysc.c:242 ... (sysc_wait_softreset) from [] (sysc_enable_module+0x48/0x274) (sysc_enable_module) from [] (sysc_runtime_resume+0x19c/0x1d8) (sysc_runtime_resume) from [] (sysc_child_runtime_resume+0x58/0x84) (sysc_child_runtime_resume) from [] (__rpm_callback+0x30/0x12c) (__rpm_callback) from [] (rpm_callback+0x20/0x80) (rpm_callback) from [] (rpm_resume+0x638/0x7fc) (rpm_resume) from [] (__pm_runtime_resume+0x60/0x9c) (__pm_runtime_resume) from [] (handle_threaded_wake_irq+0x24/0x60) (handle_threaded_wake_irq) from [] (irq_thread_fn+0x1c/0x78) (irq_thread_fn) from [] (irq_thread+0x140/0x26c) We have __pm_runtime_resume() call the sysc_runtime_resume() with spinlock held and interrupts disabled. Fixes: d46f9fbec719 ("bus: ti-sysc: Use optional clocks on for enable and wait for softreset bit") Signed-off-by: Tony Lindgren commit 2315ec12ee8e8257bb335654c62e0cae71dc278d Author: Kaike Wan Date: Tue Jun 23 16:40:53 2020 -0400 IB/hfi1: Do not destroy link_wq when the device is shut down The workqueue link_wq should only be destroyed when the hfi1 driver is unloaded, not when the device is shut down. Fixes: 71d47008ca1b ("IB/hfi1: Create workqueue for link events") Link: https://lore.kernel.org/r/20200623204053.107638.70315.stgit@awfm-01.aw.intel.com Cc: Reviewed-by: Mike Marciniszyn Signed-off-by: Kaike Wan Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit 28b70cd9236563e1a88a6094673fef3c08db0d51 Author: Kaike Wan Date: Tue Jun 23 16:40:47 2020 -0400 IB/hfi1: Do not destroy hfi1_wq when the device is shut down The workqueue hfi1_wq is destroyed in function shutdown_device(), which is called by either shutdown_one() or remove_one(). The function shutdown_one() is called when the kernel is rebooted while remove_one() is called when the hfi1 driver is unloaded. When the kernel is rebooted, hfi1_wq is destroyed while all qps are still active, leading to a kernel crash: BUG: unable to handle kernel NULL pointer dereference at 0000000000000102 IP: [] __queue_work+0x32/0x3e0 PGD 0 Oops: 0000 [#1] SMP Modules linked in: dm_round_robin nvme_rdma(OE) nvme_fabrics(OE) nvme_core(OE) ib_isert iscsi_target_mod target_core_mod ib_ucm mlx4_ib iTCO_wdt iTCO_vendor_support mxm_wmi sb_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm rpcrdma sunrpc irqbypass crc32_pclmul ghash_clmulni_intel rdma_ucm aesni_intel ib_uverbs lrw gf128mul opa_vnic glue_helper ablk_helper ib_iser cryptd ib_umad rdma_cm iw_cm ses enclosure libiscsi scsi_transport_sas pcspkr joydev ib_ipoib(OE) scsi_transport_iscsi ib_cm sg ipmi_ssif mei_me lpc_ich i2c_i801 mei ioatdma ipmi_si dm_multipath ipmi_devintf ipmi_msghandler wmi acpi_pad acpi_power_meter hangcheck_timer ip_tables ext4 mbcache jbd2 mlx4_en sd_mod crc_t10dif crct10dif_generic mgag200 drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm hfi1(OE) crct10dif_pclmul crct10dif_common crc32c_intel drm ahci mlx4_core libahci rdmavt(OE) igb megaraid_sas ib_core libata drm_panel_orientation_quirks ptp pps_core devlink dca i2c_algo_bit dm_mirror dm_region_hash dm_log dm_mod CPU: 19 PID: 0 Comm: swapper/19 Kdump: loaded Tainted: G OE ------------ 3.10.0-957.el7.x86_64 #1 Hardware name: Phegda X2226A/S2600CW, BIOS SE5C610.86B.01.01.0024.021320181901 02/13/2018 task: ffff8a799ba0d140 ti: ffff8a799bad8000 task.ti: ffff8a799bad8000 RIP: 0010:[] [] __queue_work+0x32/0x3e0 RSP: 0018:ffff8a90dde43d80 EFLAGS: 00010046 RAX: 0000000000000082 RBX: 0000000000000086 RCX: 0000000000000000 RDX: ffff8a90b924fcb8 RSI: 0000000000000000 RDI: 000000000000001b RBP: ffff8a90dde43db8 R08: ffff8a799ba0d6d8 R09: ffff8a90dde53900 R10: 0000000000000002 R11: ffff8a90dde43de8 R12: ffff8a90b924fcb8 R13: 000000000000001b R14: 0000000000000000 R15: ffff8a90d2890000 FS: 0000000000000000(0000) GS:ffff8a90dde40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000102 CR3: 0000001a70410000 CR4: 00000000001607e0 Call Trace: [] queue_work_on+0x45/0x50 [] _hfi1_schedule_send+0x6e/0xc0 [hfi1] [] hfi1_schedule_send+0x32/0x70 [hfi1] [] rvt_rc_timeout+0xe9/0x130 [rdmavt] [] ? trigger_load_balance+0x6a/0x280 [] ? rvt_free_qpn+0x40/0x40 [rdmavt] [] call_timer_fn+0x38/0x110 [] ? rvt_free_qpn+0x40/0x40 [rdmavt] [] run_timer_softirq+0x24d/0x300 [] __do_softirq+0xf5/0x280 [] call_softirq+0x1c/0x30 [] do_softirq+0x65/0xa0 [] irq_exit+0x105/0x110 [] smp_apic_timer_interrupt+0x48/0x60 [] apic_timer_interrupt+0x162/0x170 [] ? cpuidle_enter_state+0x57/0xd0 [] cpuidle_idle_call+0xde/0x230 [] arch_cpu_idle+0xe/0xc0 [] cpu_startup_entry+0x14a/0x1e0 [] start_secondary+0x1f7/0x270 [] start_cpu+0x5/0x14 The solution is to destroy the workqueue only when the hfi1 driver is unloaded, not when the device is shut down. In addition, when the device is shut down, no more work should be scheduled on the workqueues and the workqueues are flushed. Fixes: 8d3e71136a08 ("IB/{hfi1, qib}: Add handling of kernel restart") Link: https://lore.kernel.org/r/20200623204047.107638.77646.stgit@awfm-01.aw.intel.com Cc: Reviewed-by: Mike Marciniszyn Signed-off-by: Kaike Wan Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit 0d5ab144429e8bd80889b856a44d56ab4a5cd59b Author: Max Filippov Date: Thu Jul 2 08:32:25 2020 -0700 xtensa: update *pos in cpuinfo_op.next Increment *pos in the cpuinfo_op.next to fix the following warning triggered by cat /proc/cpuinfo: seq_file: buggy .next function c_next did not update position index Signed-off-by: Max Filippov commit 73f9941306d5ce030f3ffc7db425c7b2a798cf8e Author: Max Filippov Date: Thu Jun 4 13:37:10 2020 -0700 xtensa: fix __sync_fetch_and_{and,or}_4 declarations Building xtensa kernel with gcc-10 produces the following warnings: arch/xtensa/kernel/xtensa_ksyms.c:90:15: warning: conflicting types for built-in function ‘__sync_fetch_and_and_4’; expected ‘unsigned int(volatile void *, unsigned int)’ [-Wbuiltin-declaration-mismatch] arch/xtensa/kernel/xtensa_ksyms.c:96:15: warning: conflicting types for built-in function ‘__sync_fetch_and_or_4’; expected ‘unsigned int(volatile void *, unsigned int)’ [-Wbuiltin-declaration-mismatch] Fix declarations of these functions to avoid the warning. Signed-off-by: Max Filippov commit e918e570415ced9898a51109000a3f39a6e03be5 Author: Jarkko Sakkinen Date: Thu Jun 25 05:31:11 2020 +0300 tpm_tis: Remove the HID IFX0102 Acer C720 running Linux v5.3 reports this in klog: tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16) tpm tpm0: tpm_try_transmit: send(): error -5 tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts tpm_tis tpm_tis: Could not get TPM timeouts and durations tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16) tpm tpm0: tpm_try_transmit: send(): error -5 tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts tpm_tis 00:08: Could not get TPM timeouts and durations ima: No TPM chip found, activating TPM-bypass! tpm_inf_pnp 00:08: Found TPM with ID IFX0102 % git --no-pager grep IFX0102 drivers/char/tpm drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0}, drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */ Obviously IFX0102 was added to the HID table for the TCG TIS driver by mistake. Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter") Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877 Cc: stable@vger.kernel.org Cc: Kylene Jo Hall Reported-by: Ferry Toth: Reviewed-by: Jerry Snitselaar Signed-off-by: Jarkko Sakkinen commit 7187bf7f6297a8cfc74512a4493e06028626482d Author: Douglas Anderson Date: Fri Jun 19 14:20:01 2020 -0700 tpm_tis_spi: Prefer async probe On a Chromebook I'm working on I noticed a big (~1 second) delay during bootup where nothing was happening. Right around this big delay there were messages about the TPM: [ 2.311352] tpm_tis_spi spi0.0: TPM ready IRQ confirmed on attempt 2 [ 3.332790] tpm_tis_spi spi0.0: Cr50 firmware version: ... I put a few printouts in and saw that tpm_tis_spi_init() (specifically tpm_chip_register() in that function) was taking the lion's share of this time, though ~115 ms of the time was in cr50_print_fw_version(). Let's make a one-line change to prefer async probe for tpm_tis_spi. There's no reason we need to block other drivers from probing while we load. NOTES: * It's possible that other hardware runs through the init sequence faster than Cr50 and this isn't such a big problem for them. However, even if they are faster they are still doing _some_ transfers over a SPI bus so this should benefit everyone even if to a lesser extent. * It's possible that there are extra delays in the code that could be optimized out. I didn't dig since once I enabled async probe they no longer impacted me. Signed-off-by: Douglas Anderson Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen commit 72d0556dca39f45eca6c4c085e9eb0fc70aec025 Author: David Gibson Date: Fri Jun 19 13:30:40 2020 +1000 tpm: ibmvtpm: Wait for ready buffer before probing for TPM2 attributes The tpm2_get_cc_attrs_tbl() call will result in TPM commands being issued, which will need the use of the internal command/response buffer. But, we're issuing this *before* we've waited to make sure that buffer is allocated. This can result in intermittent failures to probe if the hypervisor / TPM implementation doesn't respond quickly enough. I find it fails almost every time with an 8 vcpu guest under KVM with software emulated TPM. To fix it, just move the tpm2_get_cc_attrs_tlb() call after the existing code to wait for initialization, which will ensure the buffer is allocated. Fixes: 18b3670d79ae9 ("tpm: ibmvtpm: Add support for TPM2") Signed-off-by: David Gibson Reviewed-by: Jerry Snitselaar Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen commit 82efeb161c090072ab493ab8c8f8a551727f586e Author: Binbin Zhou Date: Wed Jun 17 09:00:38 2020 +0800 tpm/st33zp24: fix spelling mistake "drescription" -> "description" Trivial fix, the spelling of "drescription" is incorrect in function comment. Fix this. Signed-off-by: Binbin Zhou Acked-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen commit ccf6fb858e17a8f8a914a1c6444d277cfedfeae6 Author: Vasily Averin Date: Sat Jun 13 17:18:33 2020 +0300 tpm_tis: extra chip->ops check on error path in tpm_tis_core_init Found by smatch: drivers/char/tpm/tpm_tis_core.c:1088 tpm_tis_core_init() warn: variable dereferenced before check 'chip->ops' (see line 979) 'chip->ops' is assigned in the beginning of function in tpmm_chip_alloc->tpm_chip_alloc and is used before first possible goto to error path. Signed-off-by: Vasily Averin Reviewed-by: Jerry Snitselaar Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen commit eac9347d932b96c09f089ac0673ebe588983e59b Author: Douglas Anderson Date: Thu May 28 15:19:30 2020 -0700 tpm_tis_spi: Don't send anything during flow control During flow control we are just reading from the TPM, yet our spi_xfer has the tx_buf and rx_buf both non-NULL which means we're requesting a full duplex transfer. SPI is always somewhat of a full duplex protocol anyway and in theory the other side shouldn't really be looking at what we're sending it during flow control, but it's still a bit ugly to be sending some "random" data when we shouldn't. The default tpm_tis_spi_flow_control() tries to address this by setting 'phy->iobuf[0] = 0'. This partially avoids the problem of sending "random" data, but since our tx_buf and rx_buf both point to the same place I believe there is the potential of us sending the TPM's previous byte back to it if we hit the retry loop. Another flow control implementation, cr50_spi_flow_control(), doesn't address this at all. Let's clean this up and just make the tx_buf NULL before we call flow_control(). Not only does this ensure that we're not sending any "random" bytes but it also possibly could make the SPI controller behave in a slightly more optimal way. NOTE: no actual observed problems are fixed by this patch--it's was just made based on code inspection. Signed-off-by: Douglas Anderson Reviewed-by: Paul Menzel Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen commit 7862840219058436b80029a0263fd1ef065fb1b3 Author: James Bottomley Date: Thu May 28 11:10:57 2020 -0700 tpm: Fix TIS locality timeout problems It has been reported that some TIS based TPMs are giving unexpected errors when using the O_NONBLOCK path of the TPM device. The problem is that some TPMs don't like it when you get and then relinquish a locality (as the tpm_try_get_ops()/tpm_put_ops() pair does) without sending a command. This currently happens all the time in the O_NONBLOCK write path. Fix this by moving the tpm_try_get_ops() further down the code to after the O_NONBLOCK determination is made. This is safe because the priv->buffer_mutex still protects the priv state being modified. BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206275 Fixes: d23d12484307 ("tpm: fix invalid locking in NONBLOCKING mode") Reported-by: Mario Limonciello Tested-by: Alex Guzman Cc: stable@vger.kernel.org Reviewed-by: Jerry Snitselaar Signed-off-by: James Bottomley Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen commit f81b4565c1108fb954f344e6b4a153c8189e57fe Author: Leon Romanovsky Date: Tue Jun 30 15:21:47 2020 +0300 RDMA/mlx5: Fix legacy IPoIB QP initialization Legacy IPoIB sets IB_QP_CREATE_NETIF_QP QP create flag and because mlx5 doesn't use this flag, the process_create_flags() failed to create IPoIB QPs. Fixes: 2978975ce7f1 ("RDMA/mlx5: Process create QP flags in one place") Link: https://lore.kernel.org/r/20200630122147.445847-1-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit e18321acfb9f14d01c03578e1c498e3f815d20a3 Author: Nathan Chancellor Date: Mon Jun 22 17:52:24 2020 -0700 IB/hfi1: Add explicit cast OPA_MTU_8192 to 'enum ib_mtu' Clang warns: drivers/infiniband/hw/hfi1/qp.c:198:9: warning: implicit conversion from enumeration type 'enum opa_mtu' to different enumeration type 'enum ib_mtu' [-Wenum-conversion] mtu = OPA_MTU_8192; ~ ^~~~~~~~~~~~ enum opa_mtu extends enum ib_mtu. There are typically two ways to deal with this: * Remove the expected types and just use 'int' for all parameters and types. * Explicitly cast the enums between each other. This driver chooses to do the later so do the same thing here. Fixes: 6d72344cf6c4 ("IB/ipoib: Increase ipoib Datagram mode MTU's upper limit") Link: https://lore.kernel.org/r/20200623005224.492239-1-natechancellor@gmail.com Link: https://github.com/ClangBuiltLinux/linux/issues/1062 Link: https://lore.kernel.org/linux-rdma/20200527040350.GA3118979@ubuntu-s3-xlarge-x86/ Signed-off-by: Nathan Chancellor Acked-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit e3122822a74033ba8d6d9af855078f9ab741e33f Author: Dave Jiang Date: Thu Jun 25 12:16:54 2020 -0700 dmaengine: idxd: fix misc interrupt handler thread unmasking Fix unmasking of misc interrupt handler when completing normal. It exits early and skips the unmasking with the current implementation. Fix to unmask interrupt when exiting normally. Fixes: bfe1d56091c1 ("dmaengine: idxd: Init and probe for Intel data accelerators") Signed-off-by: Dave Jiang Link: https://lore.kernel.org/r/159311256528.855.11527922406329728512.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Vinod Koul commit da32b28c95a79e399e18c03f8178f41aec9c66e4 Author: Dave Jiang Date: Thu Jun 25 12:17:42 2020 -0700 dmaengine: idxd: cleanup workqueue config after disabling After disabling a device, we should clean up the internal state for the wqs and zero out the configuration registers. Without doing so can cause issues when the user reprogram the wqs. Fixes: c52ca478233c ("dmaengine: idxd: add configuration component of driver") Reported-by: Yixin Zhang Signed-off-by: Dave Jiang Tested-by: Yixin Zhang Link: https://lore.kernel.org/r/159311264246.1198.11955791213681679428.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Vinod Koul commit 5aaec71d605426d5963e17a88d0d9db97ccd3345 Author: Fabio Estevam Date: Tue Jun 30 19:30:20 2020 -0300 ASoC: dt-bindings: simple-card: Fix 'make dt_binding_check' warnings The following build warnings are seen with 'make dt_binding_check': Documentation/devicetree/bindings/sound/simple-card.example.dts:209.46-211.15: Warning (unit_address_vs_reg): /example-4/sound/simple-audio-card,cpu@0: node has a unit name, but no reg or ranges property Documentation/devicetree/bindings/sound/simple-card.example.dts:213.37-215.15: Warning (unit_address_vs_reg): /example-4/sound/simple-audio-card,cpu@1: node has a unit name, but no reg or ranges property Documentation/devicetree/bindings/sound/simple-card.example.dts:250.42-261.15: Warning (unit_address_vs_reg): /example-5/sound/simple-audio-card,dai-link@0: node has a unit name, but no reg or ranges property Documentation/devicetree/bindings/sound/simple-card.example.dts:263.42-288.15: Warning (unit_address_vs_reg): /example-5/sound/simple-audio-card,dai-link@1: node has a unit name, but no reg or ranges property Documentation/devicetree/bindings/sound/simple-card.example.dts:270.32-272.19: Warning (unit_address_vs_reg): /example-5/sound/simple-audio-card,dai-link@1/cpu@0: node has a unit name, but no reg or ranges property Documentation/devicetree/bindings/sound/simple-card.example.dts:273.23-275.19: Warning (unit_address_vs_reg): /example-5/sound/simple-audio-card,dai-link@1/cpu@1: node has a unit name, but no reg or ranges property Documentation/devicetree/bindings/sound/simple-card.example.dts:276.23-278.19: Warning (unit_address_vs_reg): /example-5/sound/simple-audio-card,dai-link@1/cpu@2: node has a unit name, but no reg or ranges property Documentation/devicetree/bindings/sound/simple-card.example.dts:279.23-281.19: Warning (unit_address_vs_reg): /example-5/sound/simple-audio-card,dai-link@1/cpu@3: node has a unit name, but no reg or ranges property Documentation/devicetree/bindings/sound/simple-card.example.dts:290.42-303.15: Warning (unit_address_vs_reg): /example-5/sound/simple-audio-card,dai-link@2: node has a unit name, but no reg or ranges property Fix them all. Signed-off-by: Fabio Estevam Link: https://lore.kernel.org/r/20200630223020.25546-1-festevam@gmail.com Signed-off-by: Mark Brown commit f7b93d42945cc71e1346dd5ae07c59061d56745e Author: Ard Biesheuvel Date: Tue Jun 30 10:19:21 2020 +0200 arm64/alternatives: use subsections for replacement sequences When building very large kernels, the logic that emits replacement sequences for alternatives fails when relative branches are present in the code that is emitted into the .altinstr_replacement section and patched in at the original site and fixed up. The reason is that the linker will insert veneers if relative branches go out of range, and due to the relative distance of the .altinstr_replacement from the .text section where its branch targets usually live, veneers may be emitted at the end of the .altinstr_replacement section, with the relative branches in the sequence pointed at the veneers instead of the actual target. The alternatives patching logic will attempt to fix up the branch to point to its original target, which will be the veneer in this case, but given that the patch site is likely to be far away as well, it will be out of range and so patching will fail. There are other cases where these veneers are problematic, e.g., when the target of the branch is in .text while the patch site is in .init.text, in which case putting the replacement sequence inside .text may not help either. So let's use subsections to emit the replacement code as closely as possible to the patch site, to ensure that veneers are only likely to be emitted if they are required at the patch site as well, in which case they will be in range for the replacement sequence both before and after it is transported to the patch site. This will prevent alternative sequences in non-init code from being released from memory after boot, but this is tolerable given that the entire section is only 512 KB on an allyesconfig build (which weighs in at 500+ MB for the entire Image). Also, note that modules today carry the replacement sequences in non-init sections as well, and any of those that target init code will be emitted into init sections after this change. This fixes an early crash when booting an allyesconfig kernel on a system where any of the alternatives sequences containing relative branches are activated at boot (e.g., ARM64_HAS_PAN on TX2) Signed-off-by: Ard Biesheuvel Cc: Suzuki K Poulose Cc: James Morse Cc: Andre Przywara Cc: Dave P Martin Link: https://lore.kernel.org/r/20200630081921.13443-1-ardb@kernel.org Signed-off-by: Will Deacon commit 1393b4aaf9e1e803d59726053d542cebd4e2b5b2 Author: Paolo Bonzini Date: Thu Jul 2 05:39:31 2020 -0400 kvm: use more precise cast and do not drop __user Sparse complains on a call to get_compat_sigset, fix it. The "if" right above explains that sigmask_arg->sigset is basically a compat_sigset_t. Signed-off-by: Paolo Bonzini commit 72d447113bb751ded97b2e2c38f886e4a4139082 Author: Christoph Hellwig Date: Mon Jun 29 16:30:19 2020 +0200 nvme: fix a crash in nvme_mpath_add_disk For private namespaces ns->head_disk is NULL, so add a NULL check before updating the BDI capabilities. Fixes: b2ce4d90690b ("nvme-multipath: set bdi capabilities once") Reported-by: Avinash M N Signed-off-by: Christoph Hellwig Reviewed-by: Sagi Grimberg Reviewed-by: Max Gurtovoy commit ea43d9709f727e728e933a8157a7a7ca1a868281 Author: Sagi Grimberg Date: Fri Jun 26 10:46:29 2020 -0700 nvme: fix identify error status silent ignore Commit 59c7c3caaaf8 intended to only silently ignore non retry-able errors (DNR bit set) such that we can still identify misbehaving controllers, and in the other hand propagate retry-able errors (DNR bit cleared) so we don't wrongly abandon a namespace just because it happens to be temporarily inaccessible. The goal remains the same as the original commit where this was introduced but unfortunately had the logic backwards. Fixes: 59c7c3caaaf8 ("nvme: fix possible hang when ns scanning fails during error recovery") Reported-by: Keith Busch Signed-off-by: Sagi Grimberg Reviewed-by: Keith Busch Signed-off-by: Christoph Hellwig commit 17f64701ea6f541db7eb5d7423a830cb929b3052 Author: Martin Blumenstingl Date: Sat Jun 20 17:57:52 2020 +0200 drm/meson: viu: fix setting the OSD burst length in VIU_OSD1_FIFO_CTRL_STAT The burst length is configured in VIU_OSD1_FIFO_CTRL_STAT[31] and VIU_OSD1_FIFO_CTRL_STAT[11:10]. The public S905D3 datasheet describes this as: - 0x0 = up to 24 per burst - 0x1 = up to 32 per burst - 0x2 = up to 48 per burst - 0x3 = up to 64 per burst - 0x4 = up to 96 per burst - 0x5 = up to 128 per burst The lower two bits map to VIU_OSD1_FIFO_CTRL_STAT[11:10] while the upper bit maps to VIU_OSD1_FIFO_CTRL_STAT[31]. Replace meson_viu_osd_burst_length_reg() with pre-defined macros which set these values. meson_viu_osd_burst_length_reg() always returned 0 (for the two used values: 32 and 64 at least) and thus incorrectly set the burst size to 24. Fixes: 147ae1cbaa1842 ("drm: meson: viu: use proper macros instead of magic constants") Signed-off-by: Martin Blumenstingl Signed-off-by: Neil Armstrong Reviewed-by: Neil Armstrong Tested-by: Christian Hewitt Link: https://patchwork.freedesktop.org/patch/msgid/20200620155752.21065-1-martin.blumenstingl@googlemail.com commit 0465337c5599bbe360cdcff452992a1a6b7ed2d4 Author: Josef Bacik Date: Tue Jun 30 14:53:02 2020 -0400 btrfs: reset tree root pointer after error in init_tree_roots Eric reported an issue where mounting -o recovery with a fuzzed fs resulted in a kernel panic. This is because we tried to free the tree node, except it was an error from the read. Fix this by properly resetting the tree_root->node == NULL in this case. The panic was the following BTRFS warning (device loop0): failed to read tree root BUG: kernel NULL pointer dereference, address: 000000000000001f RIP: 0010:free_extent_buffer+0xe/0x90 [btrfs] Call Trace: free_root_extent_buffers.part.0+0x11/0x30 [btrfs] free_root_pointers+0x1a/0xa2 [btrfs] open_ctree+0x1776/0x18a5 [btrfs] btrfs_mount_root.cold+0x13/0xfa [btrfs] ? selinux_fs_context_parse_param+0x37/0x80 legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 fc_mount+0xe/0x30 vfs_kern_mount.part.0+0x71/0x90 btrfs_mount+0x147/0x3e0 [btrfs] ? cred_has_capability+0x7c/0x120 ? legacy_get_tree+0x27/0x40 legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 do_mount+0x735/0xa40 __x64_sys_mount+0x8e/0xd0 do_syscall_64+0x4d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Nik says: this is problematic only if we fail on the last iteration of the loop as this results in init_tree_roots returning err value with tree_root->node = -ERR. Subsequently the caller does: fail_tree_roots which calls free_root_pointers on the bogus value. Reported-by: Eric Sandeen Fixes: b8522a1e5f42 ("btrfs: Factor out tree roots initialization during mount") CC: stable@vger.kernel.org # 5.5+ Reviewed-by: Nikolay Borisov Signed-off-by: Josef Bacik Reviewed-by: David Sterba [ add details how the pointer gets dereferenced ] Signed-off-by: David Sterba commit 6d548b9e5d56067cff17ff77585167cd65375e4b Author: Filipe Manana Date: Sat Jun 27 11:40:44 2020 +0100 btrfs: fix reclaim_size counter leak after stealing from global reserve Commit 7f9fe614407692 ("btrfs: improve global reserve stealing logic"), added in the 5.8 merge window, introduced another leak for the space_info's reclaim_size counter. This is very often triggered by the test cases generic/269 and generic/416 from fstests, producing a stack trace like the following during unmount: [37079.155499] ------------[ cut here ]------------ [37079.156844] WARNING: CPU: 2 PID: 2000423 at fs/btrfs/block-group.c:3422 btrfs_free_block_groups+0x2eb/0x300 [btrfs] [37079.158090] Modules linked in: dm_snapshot btrfs dm_thin_pool (...) [37079.164440] CPU: 2 PID: 2000423 Comm: umount Tainted: G W 5.7.0-rc7-btrfs-next-62 #1 [37079.165422] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), (...) [37079.167384] RIP: 0010:btrfs_free_block_groups+0x2eb/0x300 [btrfs] [37079.168375] Code: bd 58 ff ff ff 00 4c 8d (...) [37079.170199] RSP: 0018:ffffaa53875c7de0 EFLAGS: 00010206 [37079.171120] RAX: ffff98099e701cf8 RBX: ffff98099e2d4000 RCX: 0000000000000000 [37079.172057] RDX: 0000000000000001 RSI: ffffffffc0acc5b1 RDI: 00000000ffffffff [37079.173002] RBP: ffff98099e701cf8 R08: 0000000000000000 R09: 0000000000000000 [37079.173886] R10: 0000000000000000 R11: 0000000000000000 R12: ffff98099e701c00 [37079.174730] R13: ffff98099e2d5100 R14: dead000000000122 R15: dead000000000100 [37079.175578] FS: 00007f4d7d0a5840(0000) GS:ffff9809ec600000(0000) knlGS:0000000000000000 [37079.176434] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [37079.177289] CR2: 0000559224dcc000 CR3: 000000012207a004 CR4: 00000000003606e0 [37079.178152] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [37079.178935] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [37079.179675] Call Trace: [37079.180419] close_ctree+0x291/0x2d1 [btrfs] [37079.181162] generic_shutdown_super+0x6c/0x100 [37079.181898] kill_anon_super+0x14/0x30 [37079.182641] btrfs_kill_super+0x12/0x20 [btrfs] [37079.183371] deactivate_locked_super+0x31/0x70 [37079.184012] cleanup_mnt+0x100/0x160 [37079.184650] task_work_run+0x68/0xb0 [37079.185284] exit_to_usermode_loop+0xf9/0x100 [37079.185920] do_syscall_64+0x20d/0x260 [37079.186556] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [37079.187197] RIP: 0033:0x7f4d7d2d9357 [37079.187836] Code: eb 0b 00 f7 d8 64 89 01 48 (...) [37079.189180] RSP: 002b:00007ffee4e0d368 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [37079.189845] RAX: 0000000000000000 RBX: 00007f4d7d3fb224 RCX: 00007f4d7d2d9357 [37079.190515] RDX: ffffffffffffff78 RSI: 0000000000000000 RDI: 0000559224dc5c90 [37079.191173] RBP: 0000559224dc1970 R08: 0000000000000000 R09: 00007ffee4e0c0e0 [37079.191815] R10: 0000559224dc7b00 R11: 0000000000000246 R12: 0000000000000000 [37079.192451] R13: 0000559224dc5c90 R14: 0000559224dc1a80 R15: 0000559224dc1ba0 [37079.193096] irq event stamp: 0 [37079.193729] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [37079.194379] hardirqs last disabled at (0): [] copy_process+0x755/0x1ea0 [37079.195033] softirqs last enabled at (0): [] copy_process+0x755/0x1ea0 [37079.195700] softirqs last disabled at (0): [<0000000000000000>] 0x0 [37079.196318] ---[ end trace b32710d864dea887 ]--- In the past commit d611add48b717a ("btrfs: fix reclaim counter leak of space_info objects") fixed similar cases. That commit however has a date more recent (April 7 2020) then the commit mentioned before (March 13 2020), however it was merged in kernel 5.7 while the older commit, which introduces a new leak, was merged only in the 5.8 merge window. So the leak sneaked in unnoticed. Fix this by making steal_from_global_rsv() remove the ticket using the helper remove_ticket(), which decrements the reclaim_size counter of the space_info object. Fixes: 7f9fe614407692 ("btrfs: improve global reserve stealing logic") Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba commit 6bf9cd2eed9aee6d742bb9296c994a91f5316949 Author: Boris Burkov Date: Wed Jun 17 11:35:19 2020 -0700 btrfs: fix fatal extent_buffer readahead vs releasepage race Under somewhat convoluted conditions, it is possible to attempt to release an extent_buffer that is under io, which triggers a BUG_ON in btrfs_release_extent_buffer_pages. This relies on a few different factors. First, extent_buffer reads done as readahead for searching use WAIT_NONE, so they free the local extent buffer reference while the io is outstanding. However, they should still be protected by TREE_REF. However, if the system is doing signficant reclaim, and simultaneously heavily accessing the extent_buffers, it is possible for releasepage to race with two concurrent readahead attempts in a way that leaves TREE_REF unset when the readahead extent buffer is released. Essentially, if two tasks race to allocate a new extent_buffer, but the winner who attempts the first io is rebuffed by a page being locked (likely by the reclaim itself) then the loser will still go ahead with issuing the readahead. The loser's call to find_extent_buffer must also race with the reclaim task reading the extent_buffer's refcount as 1 in a way that allows the reclaim to re-clear the TREE_REF checked by find_extent_buffer. The following represents an example execution demonstrating the race: CPU0 CPU1 CPU2 reada_for_search reada_for_search readahead_tree_block readahead_tree_block find_create_tree_block find_create_tree_block alloc_extent_buffer alloc_extent_buffer find_extent_buffer // not found allocates eb lock pages associate pages to eb insert eb into radix tree set TREE_REF, refs == 2 unlock pages read_extent_buffer_pages // WAIT_NONE not uptodate (brand new eb) lock_page if !trylock_page goto unlock_exit // not an error free_extent_buffer release_extent_buffer atomic_dec_and_test refs to 1 find_extent_buffer // found try_release_extent_buffer take refs_lock reads refs == 1; no io atomic_inc_not_zero refs to 2 mark_buffer_accessed check_buffer_tree_ref // not STALE, won't take refs_lock refs == 2; TREE_REF set // no action read_extent_buffer_pages // WAIT_NONE clear TREE_REF release_extent_buffer atomic_dec_and_test refs to 1 unlock_page still not uptodate (CPU1 read failed on trylock_page) locks pages set io_pages > 0 submit io return free_extent_buffer release_extent_buffer dec refs to 0 delete from radix tree btrfs_release_extent_buffer_pages BUG_ON(io_pages > 0)!!! We observe this at a very low rate in production and were also able to reproduce it in a test environment by introducing some spurious delays and by introducing probabilistic trylock_page failures. To fix it, we apply check_tree_ref at a point where it could not possibly be unset by a competing task: after io_pages has been incremented. All the codepaths that clear TREE_REF check for io, so they would not be able to clear it after this point until the io is done. Stack trace, for reference: [1417839.424739] ------------[ cut here ]------------ [1417839.435328] kernel BUG at fs/btrfs/extent_io.c:4841! [1417839.447024] invalid opcode: 0000 [#1] SMP [1417839.502972] RIP: 0010:btrfs_release_extent_buffer_pages+0x20/0x1f0 [1417839.517008] Code: ed e9 ... [1417839.558895] RSP: 0018:ffffc90020bcf798 EFLAGS: 00010202 [1417839.570816] RAX: 0000000000000002 RBX: ffff888102d6def0 RCX: 0000000000000028 [1417839.586962] RDX: 0000000000000002 RSI: ffff8887f0296482 RDI: ffff888102d6def0 [1417839.603108] RBP: ffff88885664a000 R08: 0000000000000046 R09: 0000000000000238 [1417839.619255] R10: 0000000000000028 R11: ffff88885664af68 R12: 0000000000000000 [1417839.635402] R13: 0000000000000000 R14: ffff88875f573ad0 R15: ffff888797aafd90 [1417839.651549] FS: 00007f5a844fa700(0000) GS:ffff88885f680000(0000) knlGS:0000000000000000 [1417839.669810] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1417839.682887] CR2: 00007f7884541fe0 CR3: 000000049f609002 CR4: 00000000003606e0 [1417839.699037] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1417839.715187] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1417839.731320] Call Trace: [1417839.737103] release_extent_buffer+0x39/0x90 [1417839.746913] read_block_for_search.isra.38+0x2a3/0x370 [1417839.758645] btrfs_search_slot+0x260/0x9b0 [1417839.768054] btrfs_lookup_file_extent+0x4a/0x70 [1417839.778427] btrfs_get_extent+0x15f/0x830 [1417839.787665] ? submit_extent_page+0xc4/0x1c0 [1417839.797474] ? __do_readpage+0x299/0x7a0 [1417839.806515] __do_readpage+0x33b/0x7a0 [1417839.815171] ? btrfs_releasepage+0x70/0x70 [1417839.824597] extent_readpages+0x28f/0x400 [1417839.833836] read_pages+0x6a/0x1c0 [1417839.841729] ? startup_64+0x2/0x30 [1417839.849624] __do_page_cache_readahead+0x13c/0x1a0 [1417839.860590] filemap_fault+0x6c7/0x990 [1417839.869252] ? xas_load+0x8/0x80 [1417839.876756] ? xas_find+0x150/0x190 [1417839.884839] ? filemap_map_pages+0x295/0x3b0 [1417839.894652] __do_fault+0x32/0x110 [1417839.902540] __handle_mm_fault+0xacd/0x1000 [1417839.912156] handle_mm_fault+0xaa/0x1c0 [1417839.921004] __do_page_fault+0x242/0x4b0 [1417839.930044] ? page_fault+0x8/0x30 [1417839.937933] page_fault+0x1e/0x30 [1417839.945631] RIP: 0033:0x33c4bae [1417839.952927] Code: Bad RIP value. [1417839.960411] RSP: 002b:00007f5a844f7350 EFLAGS: 00010206 [1417839.972331] RAX: 000000000000006e RBX: 1614b3ff6a50398a RCX: 0000000000000000 [1417839.988477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [1417840.004626] RBP: 00007f5a844f7420 R08: 000000000000006e R09: 00007f5a94aeccb8 [1417840.020784] R10: 00007f5a844f7350 R11: 0000000000000000 R12: 00007f5a94aecc79 [1417840.036932] R13: 00007f5a94aecc78 R14: 00007f5a94aecc90 R15: 00007f5a94aecc40 CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Filipe Manana Signed-off-by: Boris Burkov Signed-off-by: David Sterba commit c730ae0c6bb3125ccb776fb2ab6abbdff500c02c Author: Marcos Paulo de Souza Date: Tue Jun 16 15:54:29 2020 -0300 btrfs: convert comments to fallthrough annotations Convert fall through comments to the pseudo-keyword which is now the preferred way. Signed-off-by: Marcos Paulo de Souza Reviewed-by: David Sterba Signed-off-by: David Sterba commit 80e89901e5a5ef0688a3ba457ed37bc2e625eb79 Merge: 370678c5fd82 beaf10efca64 Author: Dave Airlie Date: Thu Jul 2 14:50:59 2020 +1000 Merge tag 'amd-drm-fixes-5.8-2020-07-01' of git://people.freedesktop.org/~agd5f/linux into drm-fixes amd-drm-fixes-5.8-2020-07-01: amdgpu: - Fix for vega20 boards without RAS support - DC bandwidth revalidation fix - Fix Renoir vram info fetching - Fix hwmon freq printing Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20200701194415.4065-1-alexander.deucher@amd.com commit 370678c5fd82a892a3b4b2cdaaf1de4dc1185b2d Merge: a0d9dc022124 55fd7e0222ea Author: Dave Airlie Date: Thu Jul 2 14:42:35 2020 +1000 Merge tag 'drm-intel-fixes-2020-07-01' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes drm/i915 fixes for v5.8-rc4: - GVT fixes - Include asm sources for render cache clear batches Signed-off-by: Dave Airlie From: Jani Nikula Link: https://patchwork.freedesktop.org/patch/msgid/87imf7l6ee.fsf@intel.com commit 19e888678bac8c82206eb915eaf72741b2a2615c Author: Ronnie Sahlberg Date: Thu Jul 2 10:55:41 2020 +1000 cifs: prevent truncation from long to int in wait_for_free_credits The wait_event_... defines evaluate to long so we should not assign it an int as this may truncate the value. Reported-by: Marshall Midden Signed-off-by: Ronnie Sahlberg Signed-off-by: Steve French commit e4b9a72d76a47c11677b4bb0dee24a1fb6efb3e9 Author: Helmut Grohne Date: Wed Jul 1 13:22:20 2020 +0200 net: dsa: microchip: enable ksz9893 via i2c in the ksz9477 driver The KSZ9893 3-Port Gigabit Ethernet Switch can be controlled via SPI, I²C or MDIO (very limited and not supported by this driver). While there is already a compatible entry for the SPI bus, it was missing for I²C. Signed-off-by: Helmut Grohne Reviewed-by: Andrew Lunn Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit ba3bb0e76ccd464bb66665a1941fabe55dadb3ba Author: Eric Dumazet Date: Tue Jun 30 13:51:28 2020 -0700 tcp: fix SO_RCVLOWAT possible hangs under high mem pressure Whenever tcp_try_rmem_schedule() returns an error, we are under trouble and should make sure to wakeup readers so that they can drain socket queues and eventually make room. Fixes: 03f45c883c6f ("tcp: avoid extra wakeups for SO_RCVLOWAT users") Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit 9ffad9263b467efd8f8dc7ae1941a0a655a2bab2 Author: Zhang Xiaoxu Date: Sun Jun 28 21:06:38 2020 -0400 cifs: Fix the target file was deleted when rename failed. When xfstest generic/035, we found the target file was deleted if the rename return -EACESS. In cifs_rename2, we unlink the positive target dentry if rename failed with EACESS or EEXIST, even if the target dentry is positived before rename. Then the existing file was deleted. We should just delete the target file which created during the rename. Reported-by: Hulk Robot Signed-off-by: Zhang Xiaoxu Cc: stable@vger.kernel.org Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit 5391b8e1b7b7e5cfa2dd4ffdc4b8c6b64dfd1866 Author: Paul Aurich Date: Fri Jun 26 12:58:09 2020 -0700 SMB3: Honor 'posix' flag for multiuser mounts The flag from the primary tcon needs to be copied into the volume info so that cifs_get_tcon will try to enable extensions on the per-user tcon. At that point, since posix extensions must have already been enabled on the superblock, don't try to needlessly adjust the mount flags. Fixes: ce558b0e17f8 ("smb3: Add posix create context for smb3.11 posix mounts") Fixes: b326614ea215 ("smb3: allow "posix" mount option to enable new SMB311 protocol extensions") Signed-off-by: Paul Aurich Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit 6b356f6cf941d5054d7fab072cae4a5f8658e3db Author: Paul Aurich Date: Fri Jun 26 12:58:08 2020 -0700 SMB3: Honor 'handletimeout' flag for multiuser mounts Fixes: ca567eb2b3f0 ("SMB3: Allow persistent handle timeout to be configurable on mount") Signed-off-by: Paul Aurich CC: Stable Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit ad35f169db6cd5a4c5c0a5a42fb0cad3efeccb83 Author: Paul Aurich Date: Fri Jun 26 12:58:07 2020 -0700 SMB3: Honor lease disabling for multiuser mounts Fixes: 3e7a02d47872 ("smb3: allow disabling requesting leases") Signed-off-by: Paul Aurich CC: Stable Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit 00dfbc2f9c61185a2e662f27c45a0bb29b2a134f Author: Paul Aurich Date: Fri Jun 26 12:58:06 2020 -0700 SMB3: Honor persistent/resilient handle flags for multiuser mounts Without this: - persistent handles will only be enabled for per-user tcons if the server advertises the 'Continuous Availabity' capability - resilient handles would never be enabled for per-user tcons Signed-off-by: Paul Aurich CC: Stable Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit cc15461c73d7d044d56c47e869a215e49bd429c8 Author: Paul Aurich Date: Fri Jun 26 12:58:05 2020 -0700 SMB3: Honor 'seal' flag for multiuser mounts Ensure multiuser SMB3 mounts use encryption for all users' tcons if the mount options are configured to require encryption. Without this, only the primary tcon and IPC tcons are guaranteed to be encrypted. Per-user tcons would only be encrypted if the server was configured to require encryption. Signed-off-by: Paul Aurich CC: Stable Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit 0da7536fb47f51df89ccfcb1fa09f249d9accec5 Author: Willem de Bruijn Date: Wed Jul 1 16:00:06 2020 -0400 ip: Fix SO_MARK in RST, ACK and ICMP packets When no full socket is available, skbs are sent over a per-netns control socket. Its sk_mark is temporarily adjusted to match that of the real (request or timewait) socket or to reflect an incoming skb, so that the outgoing skb inherits this in __ip_make_skb. Introduction of the socket cookie mark field broke this. Now the skb is set through the cookie and cork: # init sockc.mark from sk_mark or cmsg ip_append_data ip_setup_cork # convert sockc.mark to cork mark ip_push_pending_frames ip_finish_skb __ip_make_skb # set skb->mark to cork mark But I missed these special control sockets. Update all callers of __ip(6)_make_skb that were originally missed. For IPv6, the same two icmp(v6) paths are affected. The third case is not, as commit 92e55f412cff ("tcp: don't annotate mark on control socket from tcp_v6_send_response()") replaced the ctl_sk->sk_mark with passing the mark field directly as a function argument. That commit predates the commit that introduced the bug. Fixes: c6af0c227a22 ("ip: support SO_MARK cmsg") Signed-off-by: Willem de Bruijn Reported-by: Martin KaFai Lau Reviewed-by: Martin KaFai Lau Signed-off-by: David S. Miller commit aadd69cad07b4afe9e4c260bfcfcd954c6e696e1 Author: Paul Aurich Date: Fri Jun 26 12:58:04 2020 -0700 cifs: Display local UID details for SMB sessions in DebugData This is useful for distinguishing SMB sessions on a multiuser mount. Signed-off-by: Paul Aurich Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit e114e1e8ac9d31f25b9dd873bab5d80c1fc482ca Author: Eric Dumazet Date: Wed Jul 1 12:41:23 2020 -0700 tcp: md5: do not send silly options in SYNCOOKIES Whenever cookie_init_timestamp() has been used to encode ECN,SACK,WSCALE options, we can not remove the TS option in the SYNACK. Otherwise, tcp_synack_options() will still advertize options like WSCALE that we can not deduce later when receiving the packet from the client to complete 3WHS. Note that modern linux TCP stacks wont use MD5+TS+SACK in a SYN packet, but we can not know for sure that all TCP stacks have the same logic. Before the fix a tcpdump would exhibit this wrong exchange : 10:12:15.464591 IP C > S: Flags [S], seq 4202415601, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 456965269 ecr 0,nop,wscale 8], length 0 10:12:15.464602 IP S > C: Flags [S.], seq 253516766, ack 4202415602, win 65535, options [nop,nop,md5 valid,mss 1400,nop,nop,sackOK,nop,wscale 8], length 0 10:12:15.464611 IP C > S: Flags [.], ack 1, win 256, options [nop,nop,md5 valid], length 0 10:12:15.464678 IP C > S: Flags [P.], seq 1:13, ack 1, win 256, options [nop,nop,md5 valid], length 12 10:12:15.464685 IP S > C: Flags [.], ack 13, win 65535, options [nop,nop,md5 valid], length 0 After this patch the exchange looks saner : 11:59:59.882990 IP C > S: Flags [S], seq 517075944, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 1751508483 ecr 0,nop,wscale 8], length 0 11:59:59.883002 IP S > C: Flags [S.], seq 1902939253, ack 517075945, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 1751508479 ecr 1751508483,nop,wscale 8], length 0 11:59:59.883012 IP C > S: Flags [.], ack 1, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508479], length 0 11:59:59.883114 IP C > S: Flags [P.], seq 1:13, ack 1, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508479], length 12 11:59:59.883122 IP S > C: Flags [.], ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508483], length 0 11:59:59.883152 IP S > C: Flags [P.], seq 1:13, ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508484 ecr 1751508483], length 12 11:59:59.883170 IP C > S: Flags [.], ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508484 ecr 1751508484], length 0 Of course, no SACK block will ever be added later, but nothing should break. Technically, we could remove the 4 nops included in MD5+TS options, but again some stacks could break seeing not conventional alignment. Fixes: 4957faade11b ("TCPCT part 1g: Responder Cookie => Initiator") Signed-off-by: Eric Dumazet Cc: Florian Westphal Cc: Mathieu Desnoyers Signed-off-by: David S. Miller commit 9ef845f894c93416a1cbcbc6ec42525fb06aaf4e Author: Rao Shoaib Date: Wed Jul 1 12:23:38 2020 -0700 rds: If one path needs re-connection, check all and re-connect In testing with mprds enabled, Oracle Cluster nodes after reboot were not able to communicate with others nodes and so failed to rejoin the cluster. Peers with lower IP address initiated connection but the node could not respond as it choose a different path and could not initiate a connection as it had a higher IP address. With this patch, when a node sends out a packet and the selected path is down, all other paths are also checked and any down paths are re-connected. Reviewed-by: Ka-cheong Poon Reviewed-by: David Edmondson Signed-off-by: Somasundaram Krishnasamy Signed-off-by: Rao Shoaib Signed-off-by: David S. Miller commit e6ced831ef11a2a06e8d00aad9d4fc05b610bf38 Author: Eric Dumazet Date: Wed Jul 1 11:43:04 2020 -0700 tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers My prior fix went a bit too far, according to Herbert and Mathieu. Since we accept that concurrent TCP MD5 lookups might see inconsistent keys, we can use READ_ONCE()/WRITE_ONCE() instead of smp_rmb()/smp_wmb() Clearing all key->key[] is needed to avoid possible KMSAN reports, if key->keylen is increased. Since tcp_md5_do_add() is not fast path, using __GFP_ZERO to clear all struct tcp_md5sig_key is simpler. data_race() was added in linux-5.8 and will prevent KCSAN reports, this can safely be removed in stable backports, if data_race() is not yet backported. v2: use data_race() both in tcp_md5_hash_key() and tcp_md5_do_add() Fixes: 6a2febec338d ("tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()") Signed-off-by: Eric Dumazet Cc: Mathieu Desnoyers Cc: Herbert Xu Cc: Marco Elver Reviewed-by: Mathieu Desnoyers Acked-by: Herbert Xu Signed-off-by: David S. Miller commit 1e82a62fec613844da9e558f3493540a5b7a7b67 Author: Sean Tranchetti Date: Tue Jun 30 11:50:17 2020 -0600 genetlink: remove genl_bind A potential deadlock can occur during registering or unregistering a new generic netlink family between the main nl_table_lock and the cb_lock where each thread wants the lock held by the other, as demonstrated below. 1) Thread 1 is performing a netlink_bind() operation on a socket. As part of this call, it will call netlink_lock_table(), incrementing the nl_table_users count to 1. 2) Thread 2 is registering (or unregistering) a genl_family via the genl_(un)register_family() API. The cb_lock semaphore will be taken for writing. 3) Thread 1 will call genl_bind() as part of the bind operation to handle subscribing to GENL multicast groups at the request of the user. It will attempt to take the cb_lock semaphore for reading, but it will fail and be scheduled away, waiting for Thread 2 to finish the write. 4) Thread 2 will call netlink_table_grab() during the (un)registration call. However, as Thread 1 has incremented nl_table_users, it will not be able to proceed, and both threads will be stuck waiting for the other. genl_bind() is a noop, unless a genl_family implements the mcast_bind() function to handle setting up family-specific multicast operations. Since no one in-tree uses this functionality as Cong pointed out, simply removing the genl_bind() function will remove the possibility for deadlock, as there is no attempt by Thread 1 above to take the cb_lock semaphore. Fixes: c380d9a7afff ("genetlink: pass multicast bind/unbind to families") Suggested-by: Cong Wang Acked-by: Johannes Berg Reported-by: kernel test robot Signed-off-by: Sean Tranchetti Signed-off-by: David S. Miller commit 0115e6c98c22f3fc7ff7da2a41480483abe95b37 Author: Fabio Estevam Date: Tue Jun 30 21:53:46 2020 -0300 dt-bindings: clock: imx: Fix e-mail address The freescale.com domain is gone for quite some time. Use the nxp.com domain instead. Signed-off-by: Fabio Estevam Link: https://lore.kernel.org/r/20200701005346.1008-1-festevam@gmail.com Signed-off-by: Rob Herring commit cd77006e01b3198c75fb7819b3d0ff89709539bb Merge: edb543cfe5db 77b48bea2fee Author: Linus Torvalds Date: Wed Jul 1 12:56:05 2020 -0700 Merge tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux Pull hyperv fix from Wei Liu: "One patch from Joseph to make panic reporting contain more useful information" * tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux: Drivers: hv: Change flag to write log level in panic msg to false commit d3c54f7f18cb82283777998c4bec52e49241c783 Author: Luo bin Date: Wed Jul 1 11:16:33 2020 +0800 hinic: fix passing non negative value to ERR_PTR get_dev_cap and set_resources_state functions may return a positive value because of hardware failure, and the positive return value can not be passed to ERR_PTR directly. Fixes: 7dd29ee12865 ("hinic: add sriov feature support") Signed-off-by: Luo bin Signed-off-by: David S. Miller commit beaf10efca64ac824240838ab1f054dfbefab5e6 Author: Alex Deucher Date: Wed Jul 1 12:00:08 2020 -0400 drm/amdgpu: use %u rather than %d for sclk/mclk Large clock values may overflow and show up as negative. Reported by prOMiNd on IRC. Acked-by: Nirmoy Das Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit d7a6634a4cfba073ff6a526cb4265d6e58ece234 Author: Alex Deucher Date: Thu Jun 25 17:55:57 2020 -0400 drm/amdgpu/atomfirmware: fix vram_info fetching for renoir Renoir uses integrated_system_info table v12. The table has the same layout as v11 with respect to this data. Just reuse the existing code for v12 for stable. Fixes incorrectly reported vram info in the driver output. Acked-by: Evan Quan Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 9e9f85e029a2ee4167aacf3ff04e4288a5e5c74e Author: Heiko Carstens Date: Wed Jul 1 07:32:13 2020 +0200 s390: update defconfigs Signed-off-by: Heiko Carstens commit 5aa98879efe77d33d1639e006d4b0c1579cde9f6 Author: Thomas Richter Date: Fri Jun 26 11:24:34 2020 +0200 s390/cpum_sf: prohibit callchain data collection CPU Measurement sampling facility on s390 does not support perf tool collection of callchain data using --call-graph option. The sampling facility collects samples in a ring buffer which includes only the instruction address the samples were taken. When the ring buffer hits a watermark, a measurement alert interrupt is triggered and handled by the performance measurement unit (PMU) device driver. It collects the samples and feeds each sample to the perf ring buffer in the common code via functions perf_prepare_sample()/perf_output_sample(). When function perf_prepare_sample() is called to collect sample data's callchain, user register values or stack area, invalid data is picked, because the context of the collected information does not match the context when the sample was taken. There is currently no way to provide the callchain and other information, because the hardware sampler does not collect this information. Therefore prohibit sampling when the user requests a callchain graph from the hardware sampler. Return -EOPNOTSUPP to the user in this case. If call chains are really wanted, users need to specify software event cpu-clock to get the callchain information from a software event. Signed-off-by: Thomas Richter Reviewed-by: Sumanth Korikkar Signed-off-by: Heiko Carstens commit 9b6a3f3633a5cc928b78627764793b60cb62e0f6 Author: Mike Leach Date: Wed Jul 1 10:08:52 2020 -0600 coresight: etmv4: Fix CPU power management setup in probe() function The current probe() function calls a pair of cpuhp_xxx API functions to setup CPU hotplug handling. The hotplug lock is held for the duration of the two calls and other CPU related code using cpus_read_lock() / cpus_read_unlock() calls. The problem is that on error states, goto: statements bypass the cpus_read_unlock() call. This code has increased in complexity as the driver has developed. This patch introduces a pair of helper functions etm4_pm_setup_cpuslocked() and etm4_pm_clear() which correct the issues above and group the PM code a little better. The two functions etm4_cpu_pm_register() and etm4_cpu_pm_unregister() are dropped as these call cpu_pm_register_notifier() / ..unregister_notifier() dependent on CONFIG_CPU_PM - but this define is used to nop these functions out in the pm headers - so the wrapper functions are superfluous. Fixes: f188b5e76aae ("coresight: etm4x: Save/restore state across CPU low power states") Fixes: e9f5d63f84fe ("hwtracing/coresight-etm4x: Use cpuhp_setup_state_nocalls_cpuslocked()") Fixes: 58eb457be028 ("hwtracing/coresight-etm4x: Convert to hotplug state machine") Signed-off-by: Mike Leach Cc: stable Reviewed-by: Mathieu Poirier Link: https://lore.kernel.org/r/20200701160852.2782823-3-mathieu.poirier@linaro.org Signed-off-by: Greg Kroah-Hartman commit 6740de9433556d5e3f94c4901dce120d27677be1 Author: Dan Carpenter Date: Wed Jul 1 10:08:51 2020 -0600 coresight: cti: Fix error handling in probe There were a couple problems with error handling in the probe function: 1) If the "drvdata" allocation failed then it lead to a NULL dereference. 2) On several error paths we decremented "nr_cti_cpu" before it was incremented which lead to a reference counting bug. There were also some parts of the error handling which were not bugs but were messy. The error handling was confusing to read. It printed some unnecessary error messages. The simplest way to fix these problems was to create a cti_pm_setup() function that did all the power management setup in one go. That way when we call cti_pm_release() we don't have to deal with the complications of a partially configured power management config. I reversed the "if (drvdata->ctidev.cpu >= 0)" condition in cti_pm_release() so that it mirros the new cti_pm_setup() function. Fixes: 6a0953ce7de9 ("coresight: cti: Add CPU idle pm notifer to CTI devices") Signed-off-by: Dan Carpenter Reviewed-by: Mike Leach Reviewed-by: Mathieu Poirier Link: https://lore.kernel.org/r/20200701160852.2782823-2-mathieu.poirier@linaro.org Signed-off-by: Greg Kroah-Hartman commit 7f58b487e9ff3ff0f5f29a57172295a41f08a6b5 Author: Masahiro Yamada Date: Wed Jul 1 00:06:25 2020 +0900 kbuild: make Clang build userprogs for target architecture Programs added 'userprogs' should be compiled for the target architecture i.e. the same architecture as the kernel. GCC does this correctly since the target architecture is implied by the toolchain prefix. Clang builds userspace programs always for the host architecture because the target triple is currently missing. Fix this. Fixes: 7f3a59db274c ("kbuild: add infrastructure to build userspace programs") Signed-off-by: Masahiro Yamada Reviewed-by: Nick Desaulniers Reviewed-by: Nathan Chancellor commit b816b3db15f68690ee72a4a414624f8e82942b25 Author: Masahiro Yamada Date: Wed Jul 1 00:06:24 2020 +0900 kbuild: fix CONFIG_CC_CAN_LINK(_STATIC) for cross-compilation with Clang scripts/cc-can-link.sh tests if the compiler can link userspace programs. When $(CC) is GCC, it is checked against the target architecture because the toolchain prefix is specified as a part of $(CC). When $(CC) is Clang, it is checked against the host architecture because --target option is missing. Pass $(CLANG_FLAGS) to scripts/cc-can-link.sh to evaluate the link capability for the target architecture. Signed-off-by: Masahiro Yamada Reviewed-by: Nathan Chancellor commit 853eab68afc80f59f36bbdeb715e5c88c501e680 Author: Wade Mealing Date: Wed Jun 17 13:49:47 2020 +0200 Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" Turns out that the permissions for 0400 really are what we want here, otherwise any user can read from this file. [fixed formatting, added changelog, and made attribute static - gregkh] Reported-by: Wade Mealing Cc: stable Fixes: f40609d1591f ("zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()") Link: https://bugzilla.redhat.com/show_bug.cgi?id=1847832 Reviewed-by: Steffen Maier Acked-by: Minchan Kim Link: https://lore.kernel.org/r/20200617114946.GA2131650@kroah.com Signed-off-by: Greg Kroah-Hartman commit 8f8499a910e63f9973b95c183e2d3bccfe9845ac Author: Mauro Carvalho Chehab Date: Tue Jun 30 08:48:53 2020 +0200 kconfig: qconf: parse newer types at debug info There are 3 types that are not parsed by the debug info logic. Add support for them. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Masahiro Yamada commit 8a3b6e5687836cd16bfdfec38c7313c95492169c Author: Mauro Carvalho Chehab Date: Tue Jun 30 08:48:35 2020 +0200 kconfig: qconf: navigate menus on hyperlinks Instead of just changing the helper window to show a dependency, also navigate to it at the config and menu widgets. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Masahiro Yamada commit cc1c08edccaf5317d99a17a3231fe06381044e83 Author: Mauro Carvalho Chehab Date: Tue Jun 30 08:26:40 2020 +0200 kconfig: qconf: don't show goback button on splitMode the goback button does nothing on splitMode. So, why display it? Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Masahiro Yamada commit af737b4defe14eb4a2e4d6016973cc90df1d77d6 Author: Mauro Carvalho Chehab Date: Tue Jun 30 08:26:39 2020 +0200 kconfig: qconf: simplify the goBack() logic The goBack() logic is used only for the configList, as it only makes sense on singleMode. So, let's simplify the code. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Masahiro Yamada commit b06c3ec3bd184e8bbd3e37d53a3d27c4ab9ccd09 Author: Mauro Carvalho Chehab Date: Tue Jun 30 08:26:38 2020 +0200 kconfig: qconf: re-implement setSelected() The default implementation for setSelected() at QTreeWidgetItem allows multiple items to be selected. Well, this should never be possible for the configItem lists. So, implement a function that will automatically clean any previous selection. This simplifies the logic somewhat, while making the selection logic to be applied atomically, avoiding future issues on that. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Masahiro Yamada commit c4f7398bee9c49bd79930d4a856fb6291d20cde3 Author: Mauro Carvalho Chehab Date: Tue Jun 30 08:26:37 2020 +0200 kconfig: qconf: make debug links work again The Qt5 conversion broke support for debug info links. Restore the behaviour added by changeset ab45d190fd4a ("kconfig: create links in info window"). The original approach was to pass a pointer for a data struct via an . That doesn't sound a good idea, as, if something gets wrong, the app could crash. So, instead, pass the name of the symbol, and validate such symbol at the hyperlink handling logic. Link: https://lore.kernel.org/lkml/20200628125421.12458086@coco.lan/ Reported-by: Maxim Levitsky Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Masahiro Yamada commit c699eaaba98322872adbf4a55e7d679016d27b2d Author: Mauro Carvalho Chehab Date: Tue Jun 30 08:26:36 2020 +0200 kconfig: qconf: make search fully work again on split mode When the search dialog box finds symbols/menus that match the search criteria, it presents all results at the window. Clicking on a search result should make qconf to navigate to the selected item. This works on singleMode and on fullMode, but on splitMode, the navigation is broken. This was partially caused by an incomplete Qt5 conversion and by the followup patches that restored the original behavior. When qconf is on split mode, it has to update both the config and the menu views. Right now, such logic is broken, as it is not seeking using the right structures. On qconf, the screen is split into 3 parts: +------------+-------+ | | | | Config | Menu | | | | +------------+-------+ | | | ConfigInfo | | | +--------------------+ On singleMode and on fullMode, the menuView is hidden, and search updates only the configList (which controls the ConfigView). On SplitMode, the search logic should detect if the variable is a leaf or not. If it is a leaf, it should be presented at the menuView, and both configList and menuList should be updated. Otherwise, just the configList should be updated. Link: https://lore.kernel.org/lkml/a98b0f0ebe0c23615a76f1d23f25fd0c84835e6b.camel@redhat.com/ Reported-by: Maxim Levitsky Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Masahiro Yamada commit cf81dfa479e6c80c1b55208cd380f7b770645d52 Author: Mauro Carvalho Chehab Date: Tue Jun 30 08:26:35 2020 +0200 kconfig: qconf: cleanup includes The usage of c-like include is deprecated on modern Qt versions. Use the c++ style includes. While here, remove uneeded and redundant ones, sorting them on alphabetic order. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Masahiro Yamada commit 6e1d72f1ea212b0614b499aa8164a45622690877 Merge: 5ecad245de2a a3f574cd6548 Author: Paolo Bonzini Date: Wed Jul 1 10:24:35 2020 -0400 Merge tag 'kvmarm-fixes-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into kvm-master KVM/arm fixes for 5.8, take #2 - Make sure a vcpu becoming non-resident doesn't race against the doorbell delivery - Only advertise pvtime if accounting is enabled - Return the correct error code if reset fails with SVE - Make sure that pseudo-NMI functions are annotated as __always_inline commit 44b37eb79e16a56cb30ba55b2da452396b941e7a Author: leilk.liu Date: Wed Jul 1 17:00:20 2020 +0800 spi: mediatek: use correct SPI_CFG2_REG MACRO this patch use correct SPI_CFG2_REG offset. Signed-off-by: leilk.liu Link: https://lore.kernel.org/r/20200701090020.7935-1-leilk.liu@mediatek.com Signed-off-by: Mark Brown commit 1eb96c198aff13162de4857e19f9488d59c4acb1 Author: Yu-Hsuan Hsu Date: Tue Jun 30 17:16:15 2020 +0800 ASoC: rockchip: add format and rate constraints on rk3399 S8 and S24 formats does not work on this machine driver so force to use S16_LE instead. In addition, add constraint to limit the max value of rate because the rate higher than 96000(172000, 192000) is not stable either. Signed-off-by: Yu-Hsuan Hsu Link: https://lore.kernel.org/r/20200630091615.4020059-1-yuhsuan@chromium.org Signed-off-by: Mark Brown commit ad922ca199b38974dbe392e2faeba3aadf461ac2 Author: Ravulapati Vishnu vardhan rao Date: Tue Jun 30 14:52:38 2020 +0530 ASoC: amd: Rectifying Unbalanced pm_runtime_enable! issue When snd_pci_acp3x driver loads we see: WARNING kernel:snd_pci_acp3x 0000:04:00.5: Unbalanced pm_runtime_enable! at boot time. same can be observed in /var/log/messages/. Modifying pm runtime sequence for fixing unbalanced pm issue. Signed-off-by: Ravulapati Vishnu vardhan rao Link: https://lore.kernel.org/r/20200630092242.7799-1-Vishnuvardhanrao.Ravulapati@amd.com Signed-off-by: Mark Brown commit bc4be656471b39af8f2ad57ee372012c55da1da7 Author: Oder Chiou Date: Wed Jul 1 15:16:45 2020 +0800 ASoC: rt5682: cancel jack_detect_work if hs_jack is set to null even soundwire mode Base on https://patchwork.kernel.org/patch/11237953/ Soundwire mode also should follow it. Signed-off-by: Oder Chiou Link: https://lore.kernel.org/r/20200701071645.32061-1-oder_chiou@realtek.com Signed-off-by: Mark Brown commit 3660d0b8380e7c490a31d2eb669b4c02ccddaf3f Merge: 9ebcfadb0610 8b94a4b92327 Author: Greg Kroah-Hartman Date: Wed Jul 1 13:52:21 2020 +0200 Merge tag 'thunderbolt-fix-for-v5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/westeri/thunderbolt into usb-linus Mika writes: thunderbolt: Fix for v5.8-rc4 This includes a single patch that corrects path indices used in USB3 tunnel discovery. * tag 'thunderbolt-fix-for-v5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/westeri/thunderbolt: thunderbolt: Fix path indices used in USB3 tunnel discovery commit cced0b24bb545bfe74fea96de84adc23c0146b05 Author: Andy Lutomirski Date: Fri Jun 26 10:21:16 2020 -0700 selftests/x86: Consolidate and fix get/set_eflags() helpers There are several copies of get_eflags() and set_eflags() and they all are buggy. Consolidate them and fix them. The fixes are: Add memory clobbers. These are probably unnecessary but they make sure that the compiler doesn't move something past one of these calls when it shouldn't. Respect the redzone on x86_64. There has no failure been observed related to this, but it's definitely a bug. Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/982ce58ae8dea2f1e57093ee894760e35267e751.1593191971.git.luto@kernel.org commit a61fa2799ef9bf6c4f54cf7295036577cececc72 Author: Andy Lutomirski Date: Fri Jun 26 10:21:15 2020 -0700 selftests/x86/syscall_nt: Clear weird flags after each test Clear the weird flags before logging to improve strace output -- logging results while, say, TF is set does no one any favors. Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/907bfa5a42d4475b8245e18b67a04b13ca51ffdb.1593191971.git.luto@kernel.org commit e4ef7de160c6b12639c4fc49bcacb25b860ac76d Author: Andy Lutomirski Date: Fri Jun 26 10:21:14 2020 -0700 selftests/x86/syscall_nt: Add more flag combinations Add EFLAGS.AC to the mix. Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/12924e2fe2c5826568b7fc9436d85ca7f5eb1743.1593191971.git.luto@kernel.org commit ffae641f57476369b4d503402b37ebe489d23395 Author: Andy Lutomirski Date: Fri Jun 26 10:21:13 2020 -0700 x86/entry/64/compat: Fix Xen PV SYSENTER frame setup The SYSENTER frame setup was nonsense. It worked by accident because the normal code into which the Xen asm jumped (entry_SYSENTER_32/compat) threw away SP without touching the stack. entry_SYSENTER_compat was recently modified such that it relied on having a valid stack pointer, so now the Xen asm needs to invoke it with a valid stack. Fix it up like SYSCALL: use the Xen-provided frame and skip the bare metal prologue. Fixes: 1c3e5d3f60e2 ("x86/entry: Make entry_64_compat.S objtool clean") Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Reviewed-by: Boris Ostrovsky Link: https://lkml.kernel.org/r/947880c41ade688ff4836f665d0c9fcaa9bd1201.1593191971.git.luto@kernel.org commit d1721250f3ffed9afba3e1fb729947cec64c5a8a Author: Andy Lutomirski Date: Fri Jun 26 10:21:12 2020 -0700 x86/entry: Move SYSENTER's regs->sp and regs->flags fixups into C The SYSENTER asm (32-bit and compat) contains fixups for regs->sp and regs->flags. Move the fixups into C and fix some comments while at it. This is a valid cleanup all by itself, and it also simplifies the subsequent patch that will fix Xen PV SYSENTER. Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/fe62bef67eda7fac75b8f3dbafccf571dc4ece6b.1593191971.git.luto@kernel.org commit c9c26150e61de441ab58b25c1f64afc049ee0fee Author: Andy Lutomirski Date: Fri Jun 26 10:21:11 2020 -0700 x86/entry: Assert that syscalls are on the right stack Now that the entry stack is a full page, it's too easy to regress the system call entry code and end up on the wrong stack without noticing. Assert that all system calls (SYSCALL64, SYSCALL32, SYSENTER, and INT80) are on the right stack and have pt_regs in the right place. Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/52059e42bb0ab8551153d012d68f7be18d72ff8e.1593191971.git.luto@kernel.org commit a0d9dc0221241c529e15905465c145a7439b5def Merge: b325b5ed5e0a d4f5a095daf0 Author: Dave Airlie Date: Wed Jul 1 15:40:52 2020 +1000 Merge tag 'exynos-drm-fixes-for-v5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes Two fixups - It fixes wrong return value by returing proper error value instead of fixed one. - It fixes ref count leak in mic_pre_enable. One cleanup - It removes dev_err() call on platform_get_irq() failure because platform_get_irq() call dev_err() itself on failure. Signed-off-by: Dave Airlie From: Inki Dae Link: https://patchwork.freedesktop.org/patch/msgid/1593395988-4612-1-git-send-email-inki.dae@samsung.com commit b325b5ed5e0a553f4e502bc58cf83cf012167699 Merge: 9ebcfadb0610 30480e6ed508 Author: Dave Airlie Date: Wed Jul 1 15:01:29 2020 +1000 Merge tag 'drm-msm-fixes-2020-06-25' of https://gitlab.freedesktop.org/drm/msm into drm-fixes A few fixes, mostly fallout from the address space refactor and dpu color processing. Signed-off-by: Dave Airlie From: Rob Clark Link: https://patchwork.freedesktop.org/patch/msgid/ Date: Mon Jun 29 13:03:52 2020 -0400 drm/amd/display: Only revalidate bandwidth on medium and fast updates [Why] Changes that are fast don't require updating DLG parameters making this call unnecessary. Considering this is an expensive call it should not be done on every flip. DML touches clocks, p-state support, DLG params and a few other DC internal flags and these aren't expected during fast. A hang has been reported with this change when called on every flip which suggests that modifying these fields is not recommended behavior on fast updates. [How] Guard the validation to only happen if update type isn't FAST. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1191 Fixes: a24eaa5c51255b ("drm/amd/display: Revalidate bandwidth before commiting DC updates") Signed-off-by: Nicholas Kazlauskas Acked-by: Alex Deucher Reviewed-by: Roman Li Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 8ff41cc21714704ef0158a546c3c4d07fae2c952 Author: Dan Carpenter Date: Tue Jun 30 14:46:15 2020 +0300 net: qrtr: Fix an out of bounds read qrtr_endpoint_post() This code assumes that the user passed in enough data for a qrtr_hdr_v1 or qrtr_hdr_v2 struct, but it's not necessarily true. If the buffer is too small then it will read beyond the end. Reported-by: Manivannan Sadhasivam Reported-by: syzbot+b8fe393f999a291a9ea6@syzkaller.appspotmail.com Fixes: 194ccc88297a ("net: qrtr: Support decoding incoming v2 packets") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller commit 6a2febec338df7e7699a52d00b2e1207dcf65b28 Author: Eric Dumazet Date: Tue Jun 30 16:41:01 2020 -0700 tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() MD5 keys are read with RCU protection, and tcp_md5_do_add() might update in-place a prior key. Normally, typical RCU updates would allocate a new piece of memory. In this case only key->key and key->keylen might be updated, and we do not care if an incoming packet could see the old key, the new one, or some intermediate value, since changing the key on a live flow is known to be problematic anyway. We only want to make sure that in the case key->keylen is changed, cpus in tcp_md5_hash_key() wont try to use uninitialized data, or crash because key->keylen was read twice to feed sg_init_one() and ahash_request_set_crypt() Fixes: 9ea88a153001 ("tcp: md5: check md5 signature without socket lock") Signed-off-by: Eric Dumazet Cc: Mathieu Desnoyers Signed-off-by: David S. Miller commit e7eea44eefbdd5f0345a0a8b80a3ca1c21030d06 Author: Hou Tao Date: Mon Jun 15 12:14:59 2020 +0800 virtio-blk: free vblk-vqs in error path of virtblk_probe() Else there will be memory leak if alloc_disk() fails. Fixes: 6a27b656fc02 ("block: virtio-blk: support multi virt queues per virtio-blk device") Signed-off-by: Hou Tao Reviewed-by: Stefano Garzarella Reviewed-by: Ming Lei Signed-off-by: Jens Axboe commit 28541f3d324f6de1e545e2875283b6cef95c5d36 Author: Carl Huang Date: Tue Jun 30 14:52:51 2020 +0800 net: qrtr: free flow in __qrtr_node_release The flow is allocated in qrtr_tx_wait, but not freed when qrtr node is released. (*slot) becomes NULL after radix_tree_iter_delete is called in __qrtr_node_release. The fix is to save (*slot) to a vairable and then free it. This memory leak is catched when kmemleak is enabled in kernel, the report looks like below: unreferenced object 0xffffa0de69e08420 (size 32): comm "kworker/u16:3", pid 176, jiffies 4294918275 (age 82858.876s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 28 84 e0 69 de a0 ff ff ........(..i.... 28 84 e0 69 de a0 ff ff 03 00 00 00 00 00 00 00 (..i............ backtrace: [<00000000e252af0a>] qrtr_node_enqueue+0x38e/0x400 [qrtr] [<000000009cea437f>] qrtr_sendmsg+0x1e0/0x2a0 [qrtr] [<000000008bddbba4>] sock_sendmsg+0x5b/0x60 [<0000000003beb43a>] qmi_send_message.isra.3+0xbe/0x110 [qmi_helpers] [<000000009c9ae7de>] qmi_send_request+0x1c/0x20 [qmi_helpers] Signed-off-by: Carl Huang Signed-off-by: David S. Miller commit 8a259e6b73ad8181b0b2ef338b35043433db1075 Author: Li Heng Date: Mon Jun 29 18:49:51 2020 +0800 net: cxgb4: fix return error value in t4_prep_fw t4_prep_fw goto bye tag with positive return value when something bad happened and which can not free resource in adap_init0. so fix it to return negative value. Fixes: 16e47624e76b ("cxgb4: Add new scheme to update T4/T5 firmware") Reported-by: Hulk Robot Signed-off-by: Li Heng Signed-off-by: David S. Miller commit 5396956cc7c6874180c9bfc1ceceb02b739a6a87 Author: Mika Westerberg Date: Mon Jun 22 19:12:48 2020 +0300 PCI: Make pcie_find_root_port() work for Root Ports Commit 6ae72bfa656e ("PCI: Unify pcie_find_root_port() and pci_find_pcie_root_port()") broke acpi_pci_bridge_d3() because calling pcie_find_root_port() on a Root Port returned NULL when it should return the Root Port, which in turn broke power management of PCIe hierarchies. Rework pcie_find_root_port() so it returns its argument when it is already a Root Port. [bhelgaas: test device only once, test for PCIe] Fixes: 6ae72bfa656e ("PCI: Unify pcie_find_root_port() and pci_find_pcie_root_port()") Link: https://lore.kernel.org/r/20200622161248.51099-1-mika.westerberg@linux.intel.com Signed-off-by: Mika Westerberg Signed-off-by: Bjorn Helgaas commit e708e2bd55c921f5bb554fa5837d132a878951cf Merge: 0433c93dff14 d923021c2ce1 Author: David S. Miller Date: Tue Jun 30 14:20:45 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2020-06-30 The following pull-request contains BPF updates for your *net* tree. We've added 28 non-merge commits during the last 9 day(s) which contain a total of 35 files changed, 486 insertions(+), 232 deletions(-). The main changes are: 1) Fix an incorrect verifier branch elimination for PTR_TO_BTF_ID pointer types, from Yonghong Song. 2) Fix UAPI for sockmap and flow_dissector progs that were ignoring various arguments passed to BPF_PROG_{ATTACH,DETACH}, from Lorenz Bauer & Jakub Sitnicki. 3) Fix broken AF_XDP DMA hacks that are poking into dma-direct and swiotlb internals and integrate it properly into DMA core, from Christoph Hellwig. 4) Fix RCU splat from recent changes to avoid skipping ingress policy when kTLS is enabled, from John Fastabend. 5) Fix BPF ringbuf map to enforce size to be the power of 2 in order for its position masking to work, from Andrii Nakryiko. 6) Fix regression from CAP_BPF work to re-allow CAP_SYS_ADMIN for loading of network programs, from Maciej Żenczykowski. 7) Fix libbpf section name prefix for devmap progs, from Jesper Dangaard Brouer. 8) Fix formatting in UAPI documentation for BPF helpers, from Quentin Monnet. ==================== Signed-off-by: David S. Miller commit d923021c2ce12acb50dc7086a1bf66eed82adf6a Author: Yonghong Song Date: Tue Jun 30 10:12:41 2020 -0700 bpf: Add tests for PTR_TO_BTF_ID vs. null comparison Add two tests for PTR_TO_BTF_ID vs. null ptr comparison, one for PTR_TO_BTF_ID in the ctx structure and the other for PTR_TO_BTF_ID after one level pointer chasing. In both cases, the test ensures condition is not removed. For example, for this test struct bpf_fentry_test_t { struct bpf_fentry_test_t *a; }; int BPF_PROG(test7, struct bpf_fentry_test_t *arg) { if (arg == 0) test7_result = 1; return 0; } Before the previous verifier change, we have xlated codes: int test7(long long unsigned int * ctx): ; int BPF_PROG(test7, struct bpf_fentry_test_t *arg) 0: (79) r1 = *(u64 *)(r1 +0) ; int BPF_PROG(test7, struct bpf_fentry_test_t *arg) 1: (b4) w0 = 0 2: (95) exit After the previous verifier change, we have: int test7(long long unsigned int * ctx): ; int BPF_PROG(test7, struct bpf_fentry_test_t *arg) 0: (79) r1 = *(u64 *)(r1 +0) ; if (arg == 0) 1: (55) if r1 != 0x0 goto pc+4 ; test7_result = 1; 2: (18) r1 = map[id:6][0]+48 4: (b7) r2 = 1 5: (7b) *(u64 *)(r1 +0) = r2 ; int BPF_PROG(test7, struct bpf_fentry_test_t *arg) 6: (b4) w0 = 0 7: (95) exit Signed-off-by: Yonghong Song Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20200630171241.2523875-1-yhs@fb.com commit 01c66c48d4f0825a202d4163800b706a1d2ec7ad Author: Yonghong Song Date: Tue Jun 30 10:12:40 2020 -0700 bpf: Fix an incorrect branch elimination by verifier Wenbo reported an issue in [1] where a checking of null pointer is evaluated as always false. In this particular case, the program type is tp_btf and the pointer to compare is a PTR_TO_BTF_ID. The current verifier considers PTR_TO_BTF_ID always reprents a non-null pointer, hence all PTR_TO_BTF_ID compares to 0 will be evaluated as always not-equal, which resulted in the branch elimination. For example, struct bpf_fentry_test_t { struct bpf_fentry_test_t *a; }; int BPF_PROG(test7, struct bpf_fentry_test_t *arg) { if (arg == 0) test7_result = 1; return 0; } int BPF_PROG(test8, struct bpf_fentry_test_t *arg) { if (arg->a == 0) test8_result = 1; return 0; } In above bpf programs, both branch arg == 0 and arg->a == 0 are removed. This may not be what developer expected. The bug is introduced by Commit cac616db39c2 ("bpf: Verifier track null pointer branch_taken with JNE and JEQ"), where PTR_TO_BTF_ID is considered to be non-null when evaluting pointer vs. scalar comparison. This may be added considering we have PTR_TO_BTF_ID_OR_NULL in the verifier as well. PTR_TO_BTF_ID_OR_NULL is added to explicitly requires a non-NULL testing in selective cases. The current generic pointer tracing framework in verifier always assigns PTR_TO_BTF_ID so users does not need to check NULL pointer at every pointer level like a->b->c->d. We may not want to assign every PTR_TO_BTF_ID as PTR_TO_BTF_ID_OR_NULL as this will require a null test before pointer dereference which may cause inconvenience for developers. But we could avoid branch elimination to preserve original code intention. This patch simply removed PTR_TO_BTD_ID from reg_type_not_null() in verifier, which prevented the above branches from being eliminated. [1]: https://lore.kernel.org/bpf/79dbb7c0-449d-83eb-5f4f-7af0cc269168@fb.com/T/ Fixes: cac616db39c2 ("bpf: Verifier track null pointer branch_taken with JNE and JEQ") Reported-by: Wenbo Zhang Signed-off-by: Yonghong Song Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20200630171240.2523722-1-yhs@fb.com commit 0433c93dff147fac488d39956ef1ddf34fd76044 Merge: f2ca673d2cd5 6cb63ea6a39e Author: David S. Miller Date: Tue Jun 30 13:10:57 2020 -0700 Merge branch 'net-ipa-three-bug-fixes' Alex Elder says: ==================== net: ipa: three bug fixes This series contains three bug fixes for the Qualcomm IPA driver. In practice these bugs are unlikke.y to be harmful, but they do represent incorrect code. Version 2 adds "Fixes" tags to two of the patches and fixes a typo in one (found by checkpatch.pl). ==================== Signed-off-by: David S. Miller commit 6cb63ea6a39eac9640d109f274a237b34350c183 Author: Alex Elder Date: Tue Jun 30 07:44:44 2020 -0500 net: ipa: introduce ipa_cmd_tag_process() Create a new function ipa_cmd_tag_process() that simply allocates a transaction, adds a tag process command to it to clear the hardware pipeline, and commits the transaction. Call it in from ipa_endpoint_suspend(), after suspending the modem endpoints but before suspending the AP command TX and AP LAN RX endpoints (which are used by the tag sequence). Signed-off-by: Alex Elder Signed-off-by: David S. Miller commit 41af5436e857ec64f302fcc9b6e4a8c526b6b402 Author: Alex Elder Date: Tue Jun 30 07:44:43 2020 -0500 net: ipa: no checksum offload for SDM845 LAN RX The AP LAN RX endpoint should not have download checksum offload enabled. The receive handler does properly accommodate the trailer that's added by the hardware, but we ignore it. Fixes: 1ed7d0c0fdba ("soc: qcom: ipa: configuration data") Signed-off-by: Alex Elder Signed-off-by: David S. Miller commit 5468cbcddf47f674829c6ada190283108a63d7b5 Author: Alex Elder Date: Tue Jun 30 07:44:42 2020 -0500 net: ipa: always check for stopped channel In gsi_channel_stop(), there's a check to see if the channel might have entered STOPPED state since a previous call, which might have timed out before stopping completed. That check actually belongs in gsi_channel_stop_command(), which is called repeatedly by gsi_channel_stop() for RX channels. Fixes: 650d1603825d ("soc: qcom: ipa: the generic software interface") Signed-off-by: Alex Elder Signed-off-by: David S. Miller commit f2ca673d2cd5df9a76247b670e9ffd4d63682b3f Author: Russell King Date: Tue Jun 30 11:04:40 2020 +0100 net: mvneta: fix use of state->speed When support for short preambles was added, it incorrectly keyed its decision off state->speed instead of state->interface. state->speed is not guaranteed to be correct for in-band modes, which can lead to short preambles being unexpectedly disabled. Fix this by keying off the interface mode, which is the only way that mvneta can operate at 2.5Gbps. Fixes: da58a931f248 ("net: mvneta: Add support for 2500Mbps SGMII") Signed-off-by: Russell King Signed-off-by: David S. Miller commit edb543cfe5db6148935a383aeef4d0bfd240216c Merge: 615bc218d628 5267456e953f Author: Linus Torvalds Date: Tue Jun 30 12:35:11 2020 -0700 Merge tag 'exfat-for-5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat Pull exfat fixes from Namjae Jeon: - Zero out unused characters of FileName field to avoid a complaint from some fsck tool. - Fix memory leak on error paths. - Fix unnecessary VOL_DIRTY set when calling rmdir on non-empty directory. - Call sync_filesystem() for read-only remount (Fix generic/452 test in xfstests) - Add own fsync() to flush dirty metadata. * tag 'exfat-for-5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat: exfat: flush dirty metadata in fsync exfat: move setting VOL_DIRTY over exfat_remove_entries() exfat: call sync_filesystem for read-only remount exfat: add missing brelse() calls on error paths exfat: Set the unused characters of FileName field to the value 0000h commit b9fcf0a0d826a3a556ae368a42461c920928c6c5 Merge: bf64ff4c2aac 8f9a1fa43083 Author: David S. Miller Date: Tue Jun 30 12:29:39 2020 -0700 Merge branch 'support-AF_PACKET-for-layer-3-devices' Jason A. Donenfeld says: ==================== support AF_PACKET for layer 3 devices Hans reported that packets injected by a correct-looking and trivial libpcap-based program were not being accepted by wireguard. In investigating that, I noticed that a few devices weren't properly handling AF_PACKET-injected packets, and so this series introduces a bit of shared infrastructure to support that. The basic problem begins with socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)) sockets. When sendto is called, AF_PACKET examines the headers of the packet with this logic: static void packet_parse_headers(struct sk_buff *skb, struct socket *sock) { if ((!skb->protocol || skb->protocol == htons(ETH_P_ALL)) && sock->type == SOCK_RAW) { skb_reset_mac_header(skb); skb->protocol = dev_parse_header_protocol(skb); } skb_probe_transport_header(skb); } The middle condition there triggers, and we jump to dev_parse_header_protocol. Note that this is the only caller of dev_parse_header_protocol in the kernel, and I assume it was designed for this purpose: static inline __be16 dev_parse_header_protocol(const struct sk_buff *skb) { const struct net_device *dev = skb->dev; if (!dev->header_ops || !dev->header_ops->parse_protocol) return 0; return dev->header_ops->parse_protocol(skb); } Since AF_PACKET already knows which netdev the packet is going to, the dev_parse_header_protocol function can see if that netdev has a way it prefers to figure out the protocol from the header. This, again, is the only use of parse_protocol in the kernel. At the moment, it's only used with ethernet devices, via eth_header_parse_protocol. This makes sense, as mostly people are used to AF_PACKET-injecting ethernet frames rather than layer 3 frames. But with nothing in place for layer 3 netdevs, this function winds up returning 0, and skb->protocol then is set to 0, and then by the time it hits the netdev's ndo_start_xmit, the driver doesn't know what to do with it. This is a problem because drivers very much rely on skb->protocol being correct, and routinely reject packets where it's incorrect. That's why having this parsing happen for injected packets is quite important. In wireguard, ipip, and ipip6, for example, packets from AF_PACKET are just dropped entirely. For tun devices, it's sort of uglier, with the tun "packet information" header being passed to userspace containing a bogus protocol value. Some userspace programs are ill-equipped to deal with that. (But of course, that doesn't happen with tap devices, which benefit from the similar shared infrastructure for layer 2 netdevs, further motiviating this patchset for layer 3 netdevs.) This patchset addresses the issue by first adding a layer 3 header parse function, much akin to the existing one for layer 2 packets, and then adds a shared header_ops structure that, also much akin to the existing one for layer 2 packets. Then it wires it up to a few immediate places that stuck out as requiring it, and does a bit of cleanup. This patchset seems like it's fixing real bugs, so it might be appropriate for stable. But they're also very old bugs, so if you'd rather not backport to stable, that'd make sense to me too. ==================== Signed-off-by: David S. Miller commit 8f9a1fa4308363944ba94a961f69646c4b0ff26b Author: Jason A. Donenfeld Date: Mon Jun 29 19:06:25 2020 -0600 net: xfrmi: implement header_ops->parse_protocol for AF_PACKET The xfrm interface uses skb->protocol to determine packet type, and bails out if it's not set. For AF_PACKET injection, we need to support its call chain of: packet_sendmsg -> packet_snd -> packet_parse_headers -> dev_parse_header_protocol -> parse_protocol Without a valid parse_protocol, this returns zero, and xfrmi rejects the skb. So, this wires up the ip_tunnel handler for layer 3 packets for that case. Reported-by: Willem de Bruijn Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit 75ea1f4773c09730bf8a364a367f6e7211484e12 Author: Jason A. Donenfeld Date: Mon Jun 29 19:06:24 2020 -0600 net: sit: implement header_ops->parse_protocol for AF_PACKET Sit uses skb->protocol to determine packet type, and bails out if it's not set. For AF_PACKET injection, we need to support its call chain of: packet_sendmsg -> packet_snd -> packet_parse_headers -> dev_parse_header_protocol -> parse_protocol Without a valid parse_protocol, this returns zero, and sit rejects the skb. So, this wires up the ip_tunnel handler for layer 3 packets for that case. Reported-by: Willem de Bruijn Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit ab59d2b6982b69a9728296ee3a1f330a72c0383e Author: Jason A. Donenfeld Date: Mon Jun 29 19:06:23 2020 -0600 net: vti: implement header_ops->parse_protocol for AF_PACKET Vti uses skb->protocol to determine packet type, and bails out if it's not set. For AF_PACKET injection, we need to support its call chain of: packet_sendmsg -> packet_snd -> packet_parse_headers -> dev_parse_header_protocol -> parse_protocol Without a valid parse_protocol, this returns zero, and vti rejects the skb. So, this wires up the ip_tunnel handler for layer 3 packets for that case. Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit b9815eb1d13f0dc088ee8afb6e6d0683ea551098 Author: Jason A. Donenfeld Date: Mon Jun 29 19:06:22 2020 -0600 tun: implement header_ops->parse_protocol for AF_PACKET The tun driver passes up skb->protocol to userspace in the form of PI headers. For AF_PACKET injection, we need to support its call chain of: packet_sendmsg -> packet_snd -> packet_parse_headers -> dev_parse_header_protocol -> parse_protocol Without a valid parse_protocol, this returns zero, and the tun driver then gives userspace bogus values that it can't deal with. Note that this isn't the case with tap, because tap already benefits from the shared infrastructure for ethernet headers. But with tun, there's nothing. Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit 1a574074ae7d1d745c16f7710655f38a53174c27 Author: Jason A. Donenfeld Date: Mon Jun 29 19:06:21 2020 -0600 wireguard: queueing: make use of ip_tunnel_parse_protocol Now that wg_examine_packet_protocol has been added for general consumption as ip_tunnel_parse_protocol, it's possible to remove wg_examine_packet_protocol and simply use the new ip_tunnel_parse_protocol function directly. Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit 01a4967c71c004f8ecad4ab57021348636502fa9 Author: Jason A. Donenfeld Date: Mon Jun 29 19:06:20 2020 -0600 wireguard: implement header_ops->parse_protocol for AF_PACKET WireGuard uses skb->protocol to determine packet type, and bails out if it's not set or set to something it's not expecting. For AF_PACKET injection, we need to support its call chain of: packet_sendmsg -> packet_snd -> packet_parse_headers -> dev_parse_header_protocol -> parse_protocol Without a valid parse_protocol, this returns zero, and wireguard then rejects the skb. So, this wires up the ip_tunnel handler for layer 3 packets for that case. Reported-by: Hans Wippel Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit e53ac93220e002fdf26b2874af6a74f393cd3872 Author: Jason A. Donenfeld Date: Mon Jun 29 19:06:19 2020 -0600 net: ipip: implement header_ops->parse_protocol for AF_PACKET Ipip uses skb->protocol to determine packet type, and bails out if it's not set. For AF_PACKET injection, we need to support its call chain of: packet_sendmsg -> packet_snd -> packet_parse_headers -> dev_parse_header_protocol -> parse_protocol Without a valid parse_protocol, this returns zero, and ipip rejects the skb. So, this wires up the ip_tunnel handler for layer 3 packets for that case. Signed-off-by: Jason A. Donenfeld Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 2606aff916854b61234bf85001be9777bab2d5f8 Author: Jason A. Donenfeld Date: Mon Jun 29 19:06:18 2020 -0600 net: ip_tunnel: add header_ops for layer 3 devices Some devices that take straight up layer 3 packets benefit from having a shared header_ops so that AF_PACKET sockets can inject packets that are recognized. This shared infrastructure will be used by other drivers that currently can't inject packets using AF_PACKET. It also exposes the parser function, as it is useful in standalone form too. Signed-off-by: Jason A. Donenfeld Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 615bc218d628d90a3afebcfa772aa41865acd301 Merge: b13f40bc69a1 23e390cdbe6f Author: Linus Torvalds Date: Tue Jun 30 12:21:53 2020 -0700 Merge tag 'fixes-v5.8-rc3-a' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem fixes from James Morris: "Two simple fixes for v5.8: - Fix hook iteration and default value for inode_copy_up_xattr (KP Singh) - Fix the key_permission LSM hook function type (Sami Tolvanen)" * tag 'fixes-v5.8-rc3-a' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: Fix hook iteration and default value for inode_copy_up_xattr security: fix the key_permission LSM hook function type commit b13f40bc69a16e465d21e23ca5adf4bf26365815 Merge: 7c30b859a947 20c59ce010f8 Author: Linus Torvalds Date: Tue Jun 30 12:17:21 2020 -0700 Merge tag 'integrity-v5.8-fix-2' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity Pull integrity updates from Mimi Zohar: "Include PCRs 8 & 9 in per TPM 2.0 bank boot_aggregate calculation. Prior to Linux 5.8 the SHA1 "boot_aggregate" value was padded with 0's and extended into the other TPM 2.0 banks. Included in the Linux 5.8 open window, TPM 2.0 PCR bank specific "boot_aggregate" values (PCRs 0 - 7) are calculated and extended into the TPM banks. Distro releases are now shipping grub2 with TPM support, which extend PCRs 8 & 9. I'd like for PCRs 8 & 9 to be included in the new "boot_aggregate" calculations. For backwards compatibility, if the hash is SHA1, these new PCRs are not included in the boot aggregate" * tag 'integrity-v5.8-fix-2' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: extend boot_aggregate with kernel measurements commit ed3e98e919aaaa47e9d9f8a40c3f6f4a22577842 Author: Merlijn Wajer Date: Tue Jun 30 11:47:40 2020 -0700 ARM: dts: n900: remove mmc1 card detect gpio Instead, expose the key via the input framework, as SW_MACHINE_COVER The chip-detect GPIO is actually detecting if the cover is closed. Technically it's possible to use the SD card with open cover. The only downside is risk of battery falling out and user being able to physically remove the card. The behaviour of SD card not being available when the device is open is unexpected and creates more problems than it solves. There is a high chance, that more people accidentally break their rootfs by opening the case without physically removing the card. Reviewed-by: Sebastian Reichel Acked-by: Tony Lindgren Signed-off-by: Merlijn Wajer Link: https://lore.kernel.org/r/20200612125402.18393-3-merlijn@wizzup.org Signed-off-by: Dmitry Torokhov commit c463bb2a8f8d7d97aa414bf7714fc77e9d3b10df Author: Merlijn Wajer Date: Tue Jun 30 11:47:04 2020 -0700 Input: add `SW_MACHINE_COVER` This event code represents the state of a removable cover of a device. Value 0 means that the cover is open or removed, value 1 means that the cover is closed. Reviewed-by: Sebastian Reichel Acked-by: Tony Lindgren Signed-off-by: Merlijn Wajer Link: https://lore.kernel.org/r/20200612125402.18393-2-merlijn@wizzup.org Signed-off-by: Dmitry Torokhov commit ce593a6c480a22acba08795be313c0c6d49dd35d Author: Jens Axboe Date: Tue Jun 30 12:39:05 2020 -0600 io_uring: use signal based task_work running Since 5.7, we've been using task_work to trigger async running of requests in the context of the original task. This generally works great, but there's a case where if the task is currently blocked in the kernel waiting on a condition to become true, it won't process task_work. Even though the task is woken, it just checks whatever condition it's waiting on, and goes back to sleep if it's still false. This is a problem if that very condition only becomes true when that task_work is run. An example of that is the task registering an eventfd with io_uring, and it's now blocked waiting on an eventfd read. That read could depend on a completion event, and that completion event won't get trigged until task_work has been run. Use the TWA_SIGNAL notification for task_work, so that we ensure that the task always runs the work when queued. Cc: stable@vger.kernel.org # v5.7 Signed-off-by: Jens Axboe commit e91b48162332480f5840902268108bb7fb7a44c7 Author: Oleg Nesterov Date: Tue Jun 30 17:32:54 2020 +0200 task_work: teach task_work_add() to do signal_wake_up() So that the target task will exit the wait_event_interruptible-like loop and call task_work_run() asap. The patch turns "bool notify" into 0,TWA_RESUME,TWA_SIGNAL enum, the new TWA_SIGNAL flag implies signal_wake_up(). However, it needs to avoid the race with recalc_sigpending(), so the patch also adds the new JOBCTL_TASK_WORK bit included in JOBCTL_PENDING_MASK. TODO: once this patch is merged we need to change all current users of task_work_add(notify = true) to use TWA_RESUME. Cc: stable@vger.kernel.org # v5.7 Acked-by: Peter Zijlstra (Intel) Signed-off-by: Oleg Nesterov Signed-off-by: Jens Axboe commit 2576f87066dc08a11cb1c05f11d1eaa02148ef9e Author: Jakub Sitnicki Date: Tue Jun 30 18:45:41 2020 +0200 bpf, netns: Fix use-after-free in pernet pre_exit callback Iterating over BPF links attached to network namespace in pre_exit hook is not safe, even if there is just one. Once link gets auto-detached, that is its back-pointer to net object is set to NULL, the link can be released and freed without waiting on netns_bpf_mutex, effectively causing the list element we are operating on to be freed. This leads to use-after-free when trying to access the next element on the list, as reported by KASAN. Bug can be triggered by destroying a network namespace, while also releasing a link attached to this network namespace. | ================================================================== | BUG: KASAN: use-after-free in netns_bpf_pernet_pre_exit+0xd9/0x130 | Read of size 8 at addr ffff888119e0d778 by task kworker/u8:2/177 | | CPU: 3 PID: 177 Comm: kworker/u8:2 Not tainted 5.8.0-rc1-00197-ga0c04c9d1008-dirty #776 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014 | Workqueue: netns cleanup_net | Call Trace: | dump_stack+0x9e/0xe0 | print_address_description.constprop.0+0x3a/0x60 | ? netns_bpf_pernet_pre_exit+0xd9/0x130 | kasan_report.cold+0x1f/0x40 | ? netns_bpf_pernet_pre_exit+0xd9/0x130 | netns_bpf_pernet_pre_exit+0xd9/0x130 | cleanup_net+0x30b/0x5b0 | ? unregister_pernet_device+0x50/0x50 | ? rcu_read_lock_bh_held+0xb0/0xb0 | ? _raw_spin_unlock_irq+0x24/0x50 | process_one_work+0x4d1/0xa10 | ? lock_release+0x3e0/0x3e0 | ? pwq_dec_nr_in_flight+0x110/0x110 | ? rwlock_bug.part.0+0x60/0x60 | worker_thread+0x7a/0x5c0 | ? process_one_work+0xa10/0xa10 | kthread+0x1e3/0x240 | ? kthread_create_on_node+0xd0/0xd0 | ret_from_fork+0x1f/0x30 | | Allocated by task 280: | save_stack+0x1b/0x40 | __kasan_kmalloc.constprop.0+0xc2/0xd0 | netns_bpf_link_create+0xfe/0x650 | __do_sys_bpf+0x153a/0x2a50 | do_syscall_64+0x59/0x300 | entry_SYSCALL_64_after_hwframe+0x44/0xa9 | | Freed by task 198: | save_stack+0x1b/0x40 | __kasan_slab_free+0x12f/0x180 | kfree+0xed/0x350 | process_one_work+0x4d1/0xa10 | worker_thread+0x7a/0x5c0 | kthread+0x1e3/0x240 | ret_from_fork+0x1f/0x30 | | The buggy address belongs to the object at ffff888119e0d700 | which belongs to the cache kmalloc-192 of size 192 | The buggy address is located 120 bytes inside of | 192-byte region [ffff888119e0d700, ffff888119e0d7c0) | The buggy address belongs to the page: | page:ffffea0004678340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 | flags: 0x2fffe0000000200(slab) | raw: 02fffe0000000200 ffffea00045ba8c0 0000000600000006 ffff88811a80ea80 | raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 | page dumped because: kasan: bad access detected | | Memory state around the buggy address: | ffff888119e0d600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb | ffff888119e0d680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc | >ffff888119e0d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb | ^ | ffff888119e0d780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc | ffff888119e0d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb | ================================================================== Remove the "fast-path" for releasing a link that got auto-detached by a dying network namespace to fix it. This way as long as link is on the list and netns_bpf mutex is held, we have a guarantee that link memory can be accessed. An alternative way to fix this issue would be to safely iterate over the list of links and ensure there is no access to link object after detaching it. But, at the moment, optimizing synchronization overhead on link release without a workload in mind seems like an overkill. Fixes: ab53cad90eb1 ("bpf, netns: Keep a list of attached bpf_link's") Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Acked-by: Yonghong Song Link: https://lore.kernel.org/bpf/20200630164541.1329993-1-jakub@cloudflare.com commit d02b10590953429a6dd2d6245df4d8a0a869df66 Merge: b9fd2007c974 bc5c7f55f5ea Author: Takashi Iwai Date: Tue Jun 30 19:49:38 2020 +0200 Merge tag 'asoc-fix-v5.8-rc3' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v5.8 A few small driver specific fixes, nothing particularly dramatic. commit b9fd2007c97413154e16bda01a6d5d5fc0c3bd44 Author: Alexander Tsoy Date: Mon Jun 29 05:59:34 2020 +0300 ALSA: usb-audio: Replace s/frame/packet/ where appropriate Replace several occurences of "frame" with a "packet" where appropriate. Signed-off-by: Alexander Tsoy Link: https://lore.kernel.org/r/20200629025934.154288-2-alexander@tsoy.me Signed-off-by: Takashi Iwai commit 695cf5ab401c1a368fed228ee4a624784cd17fc5 Author: Alexander Tsoy Date: Mon Jun 29 05:59:33 2020 +0300 ALSA: usb-audio: Fix packet size calculation Commit f0bd62b64016 ("ALSA: usb-audio: Improve frames size computation") introduced a regression for devices which have playback endpoints with bInterval > 1. Fix this by taking ep->datainterval into account. Note that frame and fps are actually mean packet and packets per second in the code introduces by the mentioned commit. This will be fixed in a follow-up patch. Fixes: f0bd62b64016 ("ALSA: usb-audio: Improve frames size computation") BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208353 Signed-off-by: Alexander Tsoy Link: https://lore.kernel.org/r/20200629025934.154288-1-alexander@tsoy.me Signed-off-by: Takashi Iwai commit 084af57c51cfff7bb455311ac7b9fe6da8955d58 Merge: 951f38cf0835 1a1ad3c20a6f Author: Alexei Starovoitov Date: Tue Jun 30 10:46:39 2020 -0700 Merge branch 'fix-sockmap-flow_dissector-uapi' Lorenz Bauer says: ==================== Both sockmap and flow_dissector ingnore various arguments passed to BPF_PROG_ATTACH and BPF_PROG_DETACH. We can fix the attach case by checking that the unused arguments are zero. I considered requiring target_fd to be -1 instead of 0, but this leads to a lot of churn in selftests. There is also precedent in that bpf_iter already expects 0 for a similar field. I think that we can come up with a work around for fd 0 should we need to in the future. The detach case is more problematic: both cgroups and lirc2 verify that attach_bpf_fd matches the currently attached program. This way you need access to the program fd to be able to remove it. Neither sockmap nor flow_dissector do this. flow_dissector even has a check for CAP_NET_ADMIN because of this. The patch set addresses this by implementing the desired behaviour. There is a possibility for user space breakage: any callers that don't provide the correct fd will fail with ENOENT. For sockmap the risk is low: even the selftests assume that sockmap works the way I described. For flow_dissector the story is less straightforward, and the selftests use a variety of arguments. I've includes fixes tags for the oldest commits that allow an easy backport, however the behaviour dates back to when sockmap and flow_dissector were introduced. What is the best way to handle these? This set is based on top of Jakub's work "bpf, netns: Prepare for multi-prog attachment" available at https://lore.kernel.org/bpf/87k0zwmhtb.fsf@cloudflare.com/T/ Since v1: - Adjust selftests - Implement detach behaviour ==================== Signed-off-by: Alexei Starovoitov commit 1a1ad3c20a6fe0e8a4b570fbf835d7cc6e87a9d8 Author: Lorenz Bauer Date: Mon Jun 29 10:56:30 2020 +0100 selftests: bpf: Pass program to bpf_prog_detach in flow_dissector Calling bpf_prog_detach is incorrect, since it takes target_fd as its argument. The intention here is to pass it as attach_bpf_fd, so use bpf_prog_detach2 and pass zero for target_fd. Fixes: 06716e04a043 ("selftests/bpf: Extend test_flow_dissector to cover link creation") Signed-off-by: Lorenz Bauer Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200629095630.7933-7-lmb@cloudflare.com commit 0434296c72486881c2a71cd33876e4e6342001b5 Author: Lorenz Bauer Date: Mon Jun 29 10:56:29 2020 +0100 selftests: bpf: Pass program and target_fd in flow_dissector_reattach Pass 0 as target_fd when attaching and detaching flow dissector. Additionally, pass the expected program when detaching. Fixes: 1f043f87bb59 ("selftests/bpf: Add tests for attaching bpf_link to netns") Signed-off-by: Lorenz Bauer Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200629095630.7933-6-lmb@cloudflare.com commit bb0de3131f4c60a9bf976681e0fe4d1e55c7a821 Author: Lorenz Bauer Date: Mon Jun 29 10:56:28 2020 +0100 bpf: sockmap: Require attach_bpf_fd when detaching a program The sockmap code currently ignores the value of attach_bpf_fd when detaching a program. This is contrary to the usual behaviour of checking that attach_bpf_fd represents the currently attached program. Ensure that attach_bpf_fd is indeed the currently attached program. It turns out that all sockmap selftests already do this, which indicates that this is unlikely to cause breakage. Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Lorenz Bauer Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200629095630.7933-5-lmb@cloudflare.com commit 9b2b09717e1812e450782a43ca0c2790651cf380 Author: Lorenz Bauer Date: Mon Jun 29 10:56:27 2020 +0100 bpf: sockmap: Check value of unused args to BPF_PROG_ATTACH Using BPF_PROG_ATTACH on a sockmap program currently understands no flags or replace_bpf_fd, but accepts any value. Return EINVAL instead. Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Lorenz Bauer Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200629095630.7933-4-lmb@cloudflare.com commit 4ac2add65974e4efafb8d4ccd8fc5660417ea312 Author: Lorenz Bauer Date: Mon Jun 29 10:56:26 2020 +0100 bpf: flow_dissector: Check value of unused flags to BPF_PROG_DETACH Using BPF_PROG_DETACH on a flow dissector program supports neither attach_flags nor attach_bpf_fd. Yet no value is enforced for them. Enforce that attach_flags are zero, and require the current program to be passed via attach_bpf_fd. This allows us to remove the check for CAP_SYS_ADMIN, since userspace can now no longer remove arbitrary flow dissector programs. Fixes: b27f7bb590ba ("flow_dissector: Move out netns_bpf prog callbacks") Signed-off-by: Lorenz Bauer Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200629095630.7933-3-lmb@cloudflare.com commit 1b514239e85965cc4df085180a73dd91733135f7 Author: Lorenz Bauer Date: Mon Jun 29 10:56:25 2020 +0100 bpf: flow_dissector: Check value of unused flags to BPF_PROG_ATTACH Using BPF_PROG_ATTACH on a flow dissector program supports neither target_fd, attach_flags or replace_bpf_fd but accepts any value. Enforce that all of them are zero. This is fine for replace_bpf_fd since its presence is indicated by BPF_F_REPLACE. It's more problematic for target_fd, since zero is a valid fd. Should we want to use the flag later on we'd have to add an exception for fd 0. The alternative is to force a value like -1. This requires more changes to tests. There is also precedent for using 0, since bpf_iter uses this for target_fd as well. Fixes: b27f7bb590ba ("flow_dissector: Move out netns_bpf prog callbacks") Signed-off-by: Lorenz Bauer Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200629095630.7933-2-lmb@cloudflare.com commit 951f38cf08350884e72e0936adf147a8d764cc5d Merge: 517bbe1994a3 6ebb85c83aaf Author: Alexei Starovoitov Date: Tue Jun 30 10:45:08 2020 -0700 Merge branch 'bpf-multi-prog-prep' Jakub Sitnicki says: ==================== This patch set prepares ground for link-based multi-prog attachment for future netns attach types, with BPF_SK_LOOKUP attach type in mind [0]. Two changes are needed in order to attach and run a series of BPF programs: 1) an bpf_prog_array of programs to run (patch #2), and 2) a list of attached links to keep track of attachments (patch #3). Nothing changes for BPF flow_dissector. Just as before only one program can be attached to netns. In v3 I've simplified patch #2 that introduces bpf_prog_array to take advantage of the fact that it will hold at most one program for now. In particular, I'm no longer using bpf_prog_array_copy. It turned out to be less suitable for link operations than I thought as it fails to append the same BPF program. bpf_prog_array_replace_item is also gone, because we know we always want to replace the first element in prog_array. Naturally the code that handles bpf_prog_array will need change once more when there is a program type that allows multi-prog attachment. But I feel it will be better to do it gradually and present it together with tests that actually exercise multi-prog code paths. [0] https://lore.kernel.org/bpf/20200511185218.1422406-1-jakub@cloudflare.com/ v2 -> v3: - Don't check if run_array is null in link update callback. (Martin) - Allow updating the link with the same BPF program. (Andrii) - Add patch #4 with a test for the above case. - Kill bpf_prog_array_replace_item. Access the run_array directly. - Switch from bpf_prog_array_copy() to bpf_prog_array_alloc(1, ...). - Replace rcu_deref_protected & RCU_INIT_POINTER with rcu_replace_pointer. - Drop Andrii's Ack from patch #2. Code changed. v1 -> v2: - Show with a (void) cast that bpf_prog_array_replace_item() return value is ignored on purpose. (Andrii) - Explain why bpf-cgroup cannot replace programs in bpf_prog_array based on bpf_prog pointer comparison in patch #2 description. (Andrii) ==================== Signed-off-by: Alexei Starovoitov commit 6ebb85c83aaf6ae75b920ef45d2a9eee42079265 Author: Jakub Sitnicki Date: Thu Jun 25 16:13:57 2020 +0200 selftests/bpf: Test updating flow_dissector link with same program This case, while not particularly useful, is worth covering because we expect the operation to succeed as opposed when re-attaching the same program directly with PROG_ATTACH. While at it, update the tests summary that fell out of sync when tests extended to cover links. Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Acked-by: Martin KaFai Lau Link: https://lore.kernel.org/bpf/20200625141357.910330-5-jakub@cloudflare.com commit ab53cad90eb10c9991f501ba08904680a074ef3d Author: Jakub Sitnicki Date: Thu Jun 25 16:13:56 2020 +0200 bpf, netns: Keep a list of attached bpf_link's To support multi-prog link-based attachments for new netns attach types, we need to keep track of more than one bpf_link per attach type. Hence, convert net->bpf.links into a list, that currently can be either empty or have just one item. Instead of reusing bpf_prog_list from bpf-cgroup, we link together bpf_netns_link's themselves. This makes list management simpler as we don't have to allocate, initialize, and later release list elements. We can do this because multi-prog attachment will be available only for bpf_link, and we don't need to build a list of programs attached directly and indirectly via links. No functional changes intended. Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Acked-by: Andrii Nakryiko Acked-by: Martin KaFai Lau Link: https://lore.kernel.org/bpf/20200625141357.910330-4-jakub@cloudflare.com commit 695c12147a40181fe9221d321c3f2de33c9574ed Author: Jakub Sitnicki Date: Thu Jun 25 16:13:55 2020 +0200 bpf, netns: Keep attached programs in bpf_prog_array Prepare for having multi-prog attachments for new netns attach types by storing programs to run in a bpf_prog_array, which is well suited for iterating over programs and running them in sequence. After this change bpf(PROG_QUERY) may block to allocate memory in bpf_prog_array_copy_to_user() for collected program IDs. This forces a change in how we protect access to the attached program in the query callback. Because bpf_prog_array_copy_to_user() can sleep, we switch from an RCU read lock to holding a mutex that serializes updaters. Because we allow only one BPF flow_dissector program to be attached to netns at all times, the bpf_prog_array pointed by net->bpf.run_array is always either detached (null) or one element long. No functional changes intended. Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Acked-by: Martin KaFai Lau Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20200625141357.910330-3-jakub@cloudflare.com commit 3b7016996c4c44db5d499d98759b82fb714bb912 Author: Jakub Sitnicki Date: Thu Jun 25 16:13:54 2020 +0200 flow_dissector: Pull BPF program assignment up to bpf-netns Prepare for using bpf_prog_array to store attached programs by moving out code that updates the attached program out of flow dissector. Managing bpf_prog_array is more involved than updating a single bpf_prog pointer. This will let us do it all from one place, bpf/net_namespace.c, in the subsequent patch. No functional change intended. Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Acked-by: Andrii Nakryiko Acked-by: Martin KaFai Lau Link: https://lore.kernel.org/bpf/20200625141357.910330-2-jakub@cloudflare.com commit 0318e8374e87b32def1d5c279013ca7730a74982 Author: Sumeet Pawnikar Date: Tue Jun 30 21:11:49 2020 +0530 ACPI: fan: Fix Tiger Lake ACPI device ID Tiger Lake's new unique ACPI device ID for Fan is not valid because of missing 'C' in the ID. Use correct fan device ID. Fixes: c248dfe7e0ca ("ACPI: fan: Add Tiger Lake ACPI device ID") Signed-off-by: Sumeet Pawnikar Cc: 5.6+ # 5.6+ [ rjw: Subject and changelog edits ] Signed-off-by: Rafael J. Wysocki commit c4e8fa9074ad94f80e5c0dcaa16b313e50e958c5 Author: Eric Dumazet Date: Mon Jun 29 17:04:17 2020 -0700 netfilter: ipset: call ip_set_free() instead of kfree() Whenever ip_set_alloc() is used, allocated memory can either use kmalloc() or vmalloc(). We should call kvfree() or ip_set_free() invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 21935 Comm: syz-executor.3 Not tainted 5.8.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:28 Code: 1d 7a 09 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 d0 58 3f 00 48 85 db 75 0d e8 26 5c 3f 00 4c 89 e0 5b 5d 41 5c c3 e8 19 5c 3f 00 <0f> 0b e8 12 5c 3f 00 48 c7 c0 10 10 a8 89 48 ba 00 00 00 00 00 fc RSP: 0000:ffffc900018572c0 EFLAGS: 00010046 RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc9000fac3000 RDX: 0000000000040000 RSI: ffffffff8133f437 RDI: 0000000000000007 RBP: ffffc90098aff000 R08: 0000000000000000 R09: ffff8880ae636cdb R10: 0000000000000000 R11: 0000000000000000 R12: 0000408018aff000 R13: 0000000000080000 R14: 000000000000001d R15: ffffc900018573d8 FS: 00007fc540c66700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc9dcd67200 CR3: 0000000059411000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: virt_to_head_page include/linux/mm.h:841 [inline] virt_to_cache mm/slab.h:474 [inline] kfree+0x77/0x2c0 mm/slab.c:3749 hash_net_create+0xbb2/0xd70 net/netfilter/ipset/ip_set_hash_gen.h:1536 ip_set_create+0x6a2/0x13c0 net/netfilter/ipset/ip_set_core.c:1128 nfnetlink_rcv_msg+0xbe8/0xea0 net/netfilter/nfnetlink.c:230 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2469 nfnetlink_rcv+0x1ac/0x420 net/netfilter/nfnetlink.c:564 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2352 ___sys_sendmsg+0xf3/0x170 net/socket.c:2406 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45cb19 Code: Bad RIP value. RSP: 002b:00007fc540c65c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00000000004fed80 RCX: 000000000045cb19 RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 000000000000095e R14: 00000000004cc295 R15: 00007fc540c666d4 Fixes: f66ee0410b1c ("netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports") Fixes: 03c8b234e61a ("netfilter: ipset: Generalize extensions support") Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: Pablo Neira Ayuso commit 341404415e76501543b4255506d4d9da09493c3a Author: Fabio Estevam Date: Tue Jun 30 09:25:27 2020 -0300 dt-bindings: thermal: k3: Fix the reg property Adjust the reg property to fix the following warning seen with 'make dt_binding_check': Documentation/devicetree/bindings/thermal/ti,am654-thermal.example.dt.yaml: example-0: thermal@42050000:reg:0: [0, 1107623936, 0, 604] is too long Signed-off-by: Fabio Estevam Link: https://lore.kernel.org/r/20200630122527.28640-1-festevam@gmail.com Signed-off-by: Rob Herring commit 34b9610609baf07048b127a9bdd33829ff0edd4b Author: Fabio Estevam Date: Tue Jun 30 09:18:04 2020 -0300 dt-bindings: thermal: Remove soc unit address Remove the soc unit address to fix the following warnings seen with 'make dt_binding_check': Documentation/devicetree/bindings/thermal/thermal-sensor.example.dts:22.20-49.11: Warning (unit_address_vs_reg): /example-0/soc@0: node has a unit name, but no reg or ranges property Documentation/devicetree/bindings/thermal/thermal-zones.example.dts:23.20-50.11: Warning (unit_address_vs_reg): /example-0/soc@0: node has a unit name, but no reg or ranges property Signed-off-by: Fabio Estevam Link: https://lore.kernel.org/r/20200630121804.27887-1-festevam@gmail.com [robh: also fix thermal-zones.yaml example] Signed-off-by: Rob Herring commit 0b3f3ad3fe19dc56ec6689032cbf76d033f3e37d Author: Fabio Estevam Date: Mon Jun 29 18:55:00 2020 -0300 dt-bindings: display: arm: versatile: Pass the sysreg unit name Pass the sysreg unit name to fix the following warning seen with 'make dt_binding_check': Warning (unit_address_vs_reg): /example-0/sysreg: node has a reg or ranges property, but no unit name Signed-off-by: Fabio Estevam Link: https://lore.kernel.org/r/20200629215500.18037-1-festevam@gmail.com Signed-off-by: Rob Herring commit dd075b664c491d7dd86c4587d11c56bd98bb28be Author: Fabio Estevam Date: Mon Jun 29 18:40:27 2020 -0300 dt-bindings: usb: aspeed: Remove the leading zeroes Remove the leading zeroes to fix the following warning seen with 'make dt_binding_check': Documentation/devicetree/bindings/usb/aspeed,usb-vhub.example.dts:37.33-42.23: Warning (unit_address_format): /example-0/usb-vhub@1e6a0000/vhub-strings/string@0409: unit name should not have leading 0s Reviewed-by: Tao Ren Signed-off-by: Fabio Estevam Link: https://lore.kernel.org/r/20200629214027.16768-1-festevam@gmail.com Signed-off-by: Rob Herring commit dee9c0b57594834fdd65dc476ea2890592bcf35c Author: Masahiro Yamada Date: Fri Jun 26 02:04:33 2020 +0900 dt-bindings: copy process-schema-examples.yaml to process-schema.yaml There are two processed schema files: - processed-schema-examples.yaml Used for 'make dt_binding_check'. This is always a full schema. - processed-schema.yaml Used for 'make dtbs_check'. This may be a full schema, or a smaller subset if DT_SCHEMA_FILES is given by a user. If DT_SCHEMA_FILES is not specified, they are the same. You can copy the former to the latter instead of running dt-mk-schema twice. This saves the cpu time a lot when you do 'make dt_binding_check dtbs_check' because building the full schema takes a couple of seconds. If DT_SCHEMA_FILES is specified, processed-schema.yaml is generated based on the specified yaml files. Signed-off-by: Masahiro Yamada Link: https://lore.kernel.org/r/20200625170434.635114-4-masahiroy@kernel.org Signed-off-by: Rob Herring commit ce810eeb6540f1210fc78eb430d447b5b93337ab Author: Masahiro Yamada Date: Fri Jun 26 02:04:32 2020 +0900 dt-bindings: do not build processed-schema.yaml for 'make dt_binding_check' Currently, processed-schema.yaml is always built, but it is actually used only for 'make dtbs_check'. 'make dt_binding_check' uses processed-schema-example.yaml instead. Build processed-schema.yaml only for 'make dtbs_check'. Signed-off-by: Masahiro Yamada Link: https://lore.kernel.org/r/20200625170434.635114-3-masahiroy@kernel.org Signed-off-by: Rob Herring commit fa714cf58c7c09a454ff9fda2ee8318591128eb6 Author: Masahiro Yamada Date: Fri Jun 26 02:04:31 2020 +0900 dt-bindings: fix error in 'make clean' after 'make dt_binding_check' We are having more and more schema files. Commit 8b6b80218b01 ("dt-bindings: Fix command line length limit calling dt-mk-schema") fixed the 'Argument list too long' error of the schema checks, but the same error happens while cleaning too. 'make clean' after 'make dt_binding_check' fails as follows: $ make dt_binding_check [ snip ] $ make clean make[2]: execvp: /bin/sh: Argument list too long make[2]: *** [scripts/Makefile.clean:52: __clean] Error 127 make[1]: *** [scripts/Makefile.clean:66: Documentation/devicetree/bindings] Error 2 make: *** [Makefile:1763: _clean_Documentation] Error 2 'make dt_binding_check' generates so many .example.dts, .dt.yaml files, which are passed to the 'rm' command when you run 'make clean'. I added a small hack to use the 'find' command to clean up most of the build artifacts before they are processed by scripts/Makefile.clean Signed-off-by: Masahiro Yamada Link: https://lore.kernel.org/r/20200625170434.635114-2-masahiroy@kernel.org Signed-off-by: Rob Herring commit 35b9c0fdb9f666628ecda02b1fc44306933a2d97 Author: Kangmin Park Date: Thu Jun 25 22:51:58 2020 +0900 dt-bindings: mailbox: zynqmp_ipi: fix unit address Fix unit address to match the first address specified in the reg property of the node in example. Signed-off-by: Kangmin Park Link: https://lore.kernel.org/r/20200625135158.5861-1-l4stpr0gr4m@gmail.com Signed-off-by: Rob Herring commit 0fb24d1e5a6cf3b7ca0df325fbfb10895df41bec Author: Masahiro Yamada Date: Tue Jun 23 20:32:42 2020 +0900 dt-bindings: bus: uniphier-system-bus: fix warning in example Since commit e69f5dc623f9 ("dt-bindings: serial: Convert 8250 to json-schema"), the schema for "ns16550a" is checked. 'make dt_binding_check' emits the following warning: uart@5,00200000: $nodename:0: 'uart@5,00200000' does not match '^serial(@[0-9a-f,]+)*$' Rename the node to follow the pattern defined in Documentation/devicetree/bindings/serial/serial.yaml While I was here, I removed leading zeros from unit names. Signed-off-by: Masahiro Yamada Link: https://lore.kernel.org/r/20200623113242.779241-1-yamada.masahiro@socionext.com Signed-off-by: Rob Herring commit 3eb619b2f7d8a98a86a48de8dfa613a205c0eaab Author: Rob Herring Date: Mon Jun 29 12:15:13 2020 -0600 scripts/dtc: Update to upstream version v1.6.0-11-g9d7888cbf19c Sync with upstream dtc primarily to pickup the I2C bus check fixes. The interrupt_provider check is noisy, so turn it off for now. This adds the following commits from upstream: 9d7888cbf19c dtc: Consider one-character strings as strings 8259d59f59de checks: Improve i2c reg property checking fdabcf2980a4 checks: Remove warning for I2C_OWN_SLAVE_ADDRESS 2478b1652c8d libfdt: add extern "C" for C++ f68bfc2668b2 libfdt: trivial typo fix 7be250b4d059 libfdt: Correct condition for reordering blocks 81e0919a3e21 checks: Add interrupt provider test 85e5d839847a Makefile: when building libfdt only, do not add unneeded deps b28464a550c5 Fix some potential unaligned accesses in dtc Signed-off-by: Rob Herring commit 517bbe1994a3cee29a35c730662277bb5daff582 Author: Andrii Nakryiko Date: Mon Jun 29 23:15:00 2020 -0700 bpf: Enforce BPF ringbuf size to be the power of 2 BPF ringbuf assumes the size to be a multiple of page size and the power of 2 value. The latter is important to avoid division while calculating position inside the ring buffer and using (N-1) mask instead. This patch fixes omission to enforce power-of-2 size rule. Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200630061500.1804799-1-andriin@fb.com commit 7e0245753f1794f17de472dcf4694fa5ed527384 Author: Christoph Hellwig Date: Mon Jun 29 15:03:59 2020 +0200 xsk: Use dma_need_sync instead of reimplenting it Use the dma_need_sync helper instead of (not always entirely correctly) poking into the dma-mapping internals. Signed-off-by: Christoph Hellwig Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200629130359.2690853-5-hch@lst.de commit 53937ff7bc776aac647d0b3004d7cd21861b0f78 Author: Christoph Hellwig Date: Mon Jun 29 15:03:58 2020 +0200 xsk: Remove a double pool->dev assignment in xp_dma_map ->dev is already assigned at the top of the function, remove the duplicate one at the end. Signed-off-by: Christoph Hellwig Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200629130359.2690853-4-hch@lst.de commit 91d5b70273267bbae6f5d1fb4cf3510bd31ef9ff Author: Christoph Hellwig Date: Mon Jun 29 15:03:57 2020 +0200 xsk: Replace the cheap_dma flag with a dma_need_sync flag Invert the polarity and better name the flag so that the use case is properly documented. Signed-off-by: Christoph Hellwig Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200629130359.2690853-3-hch@lst.de commit 3aa91625007807bfca4155df1867a5c924a08662 Author: Christoph Hellwig Date: Mon Jun 29 15:03:56 2020 +0200 dma-mapping: Add a new dma_need_sync API Add a new API to check if calls to dma_sync_single_for_{device,cpu} are required for a given DMA streaming mapping. Signed-off-by: Christoph Hellwig Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200629130359.2690853-2-hch@lst.de commit e7fc23838ebbdbb227c8d45fe02904d0d67a0540 Author: Joerg Roedel Date: Tue Jun 30 14:46:11 2020 +0200 iommu/amd: Make amd_iommu_apply_ivrs_quirks() static inline At least the version in the header file to fix a compile warning about the function being unused. Reported-by: Borislav Petkov Signed-off-by: Joerg Roedel Link: https://lore.kernel.org/r/20200630124611.23153-1-joro@8bytes.org commit 009bce1df0bb5eb970b9eb98d963861f7fe353c7 Author: Sean Christopherson Date: Fri Jun 5 12:26:05 2020 -0700 x86/split_lock: Don't write MSR_TEST_CTRL on CPUs that aren't whitelisted Choo! Choo! All aboard the Split Lock Express, with direct service to Wreckage! Skip split_lock_verify_msr() if the CPU isn't whitelisted as a possible SLD-enabled CPU model to avoid writing MSR_TEST_CTRL. MSR_TEST_CTRL exists, and is writable, on many generations of CPUs. Writing the MSR, even with '0', can result in bizarre, undocumented behavior. This fixes a crash on Haswell when resuming from suspend with a live KVM guest. Because APs use the standard SMP boot flow for resume, they will go through split_lock_init() and the subsequent RDMSR/WRMSR sequence, which runs even when sld_state==sld_off to ensure SLD is disabled. On Haswell (at least, my Haswell), writing MSR_TEST_CTRL with '0' will succeed and _may_ take the SMT _sibling_ out of VMX root mode. When KVM has an active guest, KVM performs VMXON as part of CPU onlining (see kvm_starting_cpu()). Because SMP boot is serialized, the resulting flow is effectively: on_each_ap_cpu() { WRMSR(MSR_TEST_CTRL, 0) VMXON } As a result, the WRMSR can disable VMX on a different CPU that has already done VMXON. This ultimately results in a #UD on VMPTRLD when KVM regains control and attempt run its vCPUs. The above voodoo was confirmed by reworking KVM's VMXON flow to write MSR_TEST_CTRL prior to VMXON, and to serialize the sequence as above. Further verification of the insanity was done by redoing VMXON on all APs after the initial WRMSR->VMXON sequence. The additional VMXON, which should VM-Fail, occasionally succeeded, and also eliminated the unexpected #UD on VMPTRLD. The damage done by writing MSR_TEST_CTRL doesn't appear to be limited to VMX, e.g. after suspend with an active KVM guest, subsequent reboots almost always hang (even when fudging VMXON), a #UD on a random Jcc was observed, suspend/resume stability is qualitatively poor, and so on and so forth. kernel BUG at arch/x86/kvm/x86.c:386! CPU: 1 PID: 2592 Comm: CPU 6/KVM Tainted: G D Hardware name: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014 RIP: 0010:kvm_spurious_fault+0xf/0x20 Call Trace: vmx_vcpu_load_vmcs+0x1fb/0x2b0 vmx_vcpu_load+0x3e/0x160 kvm_arch_vcpu_load+0x48/0x260 finish_task_switch+0x140/0x260 __schedule+0x460/0x720 _cond_resched+0x2d/0x40 kvm_arch_vcpu_ioctl_run+0x82e/0x1ca0 kvm_vcpu_ioctl+0x363/0x5c0 ksys_ioctl+0x88/0xa0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x4c/0x170 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: dbaba47085b0c ("x86/split_lock: Rework the initialization flow of split lock detection") Signed-off-by: Sean Christopherson Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20200605192605.7439-1-sean.j.christopherson@intel.com commit 5ecad245de2ae23dc4e2dbece92f8ccfbaed2fa7 Author: Paolo Bonzini Date: Tue Jun 30 07:07:20 2020 -0400 KVM: x86: bit 8 of non-leaf PDPEs is not reserved Bit 8 would be the "global" bit, which does not quite make sense for non-leaf page table entries. Intel ignores it; AMD ignores it in PDEs and PDPEs, but reserves it in PML4Es. Probably, earlier versions of the AMD manual documented it as reserved in PDPEs as well, and that behavior made it into KVM as well as kvm-unit-tests; fix it. Cc: stable@vger.kernel.org Reported-by: Nadav Amit Fixes: a0c0feb57992 ("KVM: x86: reserve bit 8 of non-leaf PDPEs and PML4Es in 64-bit mode on AMD", 2014-09-03) Signed-off-by: Paolo Bonzini commit 34244d711dea568f4a42c5b0d6b3d620f8cb6971 Author: Andreas Gruenbacher Date: Wed Jun 10 18:31:56 2020 +0200 gfs2: Don't sleep during glock hash walk In flush_delete_work, instead of flushing each individual pending delayed work item, cancel and re-queue them for immediate execution. The waiting isn't needed here because we're already waiting for all queued work items to complete in gfs2_flush_delete_work. This makes the code more efficient, but more importantly, it avoids sleeping during a rhashtable walk, inside rcu_read_lock(). Signed-off-by: Andreas Gruenbacher commit 58e08e8d83ab03a1ca25d53420bd0b87f2dfe458 Author: Bob Peterson Date: Tue Jun 9 09:55:11 2020 -0400 gfs2: fix trans slab error when withdraw occurs inside log_flush Log flush operations (gfs2_log_flush()) can target a specific transaction. But if the function encounters errors (e.g. io errors) and withdraws, the transaction was only freed it if was queued to one of the ail lists. If the withdraw occurred before the transaction was queued to the ail1 list, function ail_drain never freed it. The result was: BUG gfs2_trans: Objects remaining in gfs2_trans on __kmem_cache_shutdown() This patch makes log_flush() add the targeted transaction to the ail1 list so that function ail_drain() will find and free it properly. Cc: stable@vger.kernel.org # v5.7+ Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit 5902f4dd6e666c4d160b2f5c4505f7e58642d2bf Author: Andreas Gruenbacher Date: Tue Jun 9 14:33:11 2020 +0200 gfs2: Don't return NULL from gfs2_inode_lookup Callers expect gfs2_inode_lookup to return an inode pointer or ERR_PTR(error). Commit b66648ad6dcf caused it to return NULL instead of ERR_PTR(-ESTALE) in some cases. Fix that. Reported-by: Dan Carpenter Fixes: b66648ad6dcf ("gfs2: Move inode generation number check into gfs2_inode_lookup") Signed-off-by: Andreas Gruenbacher commit c7451e495b2abfc35b2bb4347c8d0aaa7699df26 Author: Geert Uytterhoeven Date: Mon Jun 29 14:11:46 2020 +0200 iommu: SUN50I_IOMMU should depend on HAS_DMA If NO_DMA=y (e.g. Sun-3 all{mod,yes}-config): drivers/iommu/dma-iommu.o: In function `iommu_dma_mmap': dma-iommu.c:(.text+0x92e): undefined reference to `dma_pgprot' IOMMU_DMA must not be selected, unless HAS_DMA=y. Hence fix this by making SUN50I_IOMMU depend on HAS_DMA. Fixes: 4100b8c229b32835 ("iommu: Add Allwinner H6 IOMMU driver") Signed-off-by: Geert Uytterhoeven Acked-by: Maxime Ripard Link: https://lore.kernel.org/r/20200629121146.24011-1-geert@linux-m68k.org Signed-off-by: Joerg Roedel commit 98817a84ff1c755c347ac633ff017a623a631fad Merge: 0e698dfa2822 005c34ae4b44 Author: Thomas Gleixner Date: Tue Jun 30 12:07:51 2020 +0200 Merge tag 'irqchip-fixes-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent Pull irqchip fixes from Marc Zyngier: - Fix atomicity of affinity update in the GIC driver - Don't sleep in atomic when waiting for a GICv4.1 RD to respond - Fix a couple of typos in user-visible messages commit ce0fd3892bfafca7cd352638ba84e8c17658b803 Author: Maxime Ripard Date: Sun Jun 28 20:08:44 2020 +0200 iommu/sun50i: Remove unused variable The pte_dma variable in the unmap callback is set but never used. Remove it. Fixes: 4100b8c229b3 ("iommu: Add Allwinner H6 IOMMU driver") Reported-by: kernel test robot Signed-off-by: Maxime Ripard Link: https://lore.kernel.org/r/20200628180844.79205-2-maxime@cerno.tech Signed-off-by: Joerg Roedel commit bc8784f348836ab8967e6116486c5079c7025999 Author: Maxime Ripard Date: Sun Jun 28 20:08:43 2020 +0200 iommu/sun50i: Change the readl timeout to the atomic variant The flush_all_tlb call back can be called from an atomic context, so using readl_poll_timeout that embeds a udelay doesn't work. Fixes: 4100b8c229b3 ("iommu: Add Allwinner H6 IOMMU driver") Signed-off-by: Maxime Ripard Link: https://lore.kernel.org/r/20200628180844.79205-1-maxime@cerno.tech Signed-off-by: Joerg Roedel commit bda8eaa6dee7525f4dac950810a85a88bf6c2ba0 Author: Chen-Yu Tsai Date: Mon Jun 29 14:00:32 2020 +0800 drm: sun4i: hdmi: Remove extra HPD polling The HPD sense mechanism in Allwinner's old HDMI encoder hardware is more or less an input-only GPIO. Other GPIO-based HPD implementations directly return the current state, instead of polling for a specific state and returning the other if that times out. Remove the I/O polling from sun4i_hdmi_connector_detect() and directly return a known state based on the current reading. This also gets rid of excessive CPU usage by kworker as reported on Stack Exchange [1] and Armbian forums [2]. [1] https://superuser.com/questions/1515001/debian-10-buster-on-cubietruck-with-bug-in-sun4i-drm-hdmi [2] https://forum.armbian.com/topic/14282-headless-systems-and-sun4i_drm_hdmi-a10a20/ Fixes: 9c5681011a0c ("drm/sun4i: Add HDMI support") Signed-off-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard Link: https://patchwork.freedesktop.org/patch/msgid/20200629060032.24134-1-wens@kernel.org commit 5aee52c44d9170591df65fafa1cd408acc1225ce Author: Tom Rix Date: Sat Jun 27 06:32:42 2020 -0700 scsi: scsi_transport_spi: Fix function pointer check clang static analysis flags several null function pointer problems. drivers/scsi/scsi_transport_spi.c:374:1: warning: Called function pointer is null (null dereference) [core.CallAndMessage] spi_transport_max_attr(offset, "%d\n"); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reviewing the store_spi_store_max macro if (i->f->set_##field) return -EINVAL; should be if (!i->f->set_##field) return -EINVAL; Link: https://lore.kernel.org/r/20200627133242.21618-1-trix@redhat.com Reviewed-by: James Bottomley Signed-off-by: Tom Rix Signed-off-by: Martin K. Petersen commit bf64ff4c2aac65d680dc639a511c781cf6b6ec08 Author: Cong Wang Date: Sat Jun 27 00:12:24 2020 -0700 genetlink: get rid of family->attrbuf genl_family_rcv_msg_attrs_parse() reuses the global family->attrbuf when family->parallel_ops is false. However, family->attrbuf is not protected by any lock on the genl_family_rcv_msg_doit() code path. This leads to several different consequences, one of them is UAF, like the following: genl_family_rcv_msg_doit(): genl_start(): genl_family_rcv_msg_attrs_parse() attrbuf = family->attrbuf __nlmsg_parse(attrbuf); genl_family_rcv_msg_attrs_parse() attrbuf = family->attrbuf __nlmsg_parse(attrbuf); info->attrs = attrs; cb->data = info; netlink_unicast_kernel(): consume_skb() genl_lock_dumpit(): genl_dumpit_info(cb)->attrs Note family->attrbuf is an array of pointers to the skb data, once the skb is freed, any dereference of family->attrbuf will be a UAF. Maybe we could serialize the family->attrbuf with genl_mutex too, but that would make the locking more complicated. Instead, we can just get rid of family->attrbuf and always allocate attrbuf from heap like the family->parallel_ops==true code path. This may add some performance overhead but comparing with taking the global genl_mutex, it still looks better. Fixes: 75cdbdd08900 ("net: ieee802154: have genetlink code to parse the attrs during dumpit") Fixes: 057af7071344 ("net: tipc: have genetlink code to parse the attrs during dumpit") Reported-and-tested-by: syzbot+3039ddf6d7b13daf3787@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+80cad1e3cb4c41cde6ff@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+736bcbcb11b60d0c0792@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+520f8704db2b68091d44@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+c96e4dfb32f8987fdeed@syzkaller.appspotmail.com Cc: Jiri Pirko Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 33c568ba49e2b0ff7c3daead5d9427be797a4c43 Merge: a9b111016235 60a0121f8fa6 Author: David S. Miller Date: Mon Jun 29 16:58:30 2020 -0700 Merge tag 'mac80211-for-net-2020-06-29' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Couple of fixes/small things: * TX control port status check fixed to not assume frame format * mesh control port fixes * error handling/leak fixes when starting AP, with HE attributes * fix broadcast packet handling with encapsulation offload * add new AKM suites * and a small code cleanup ==================== Signed-off-by: David S. Miller commit caef73cf207074a62701c95c317a97b2f8c1e04e Author: Xiaofei Tan Date: Sun Jun 28 08:57:06 2020 +0800 arm/xen: remove the unused macro GRANT_TABLE_PHYSADDR Fix the following sparse warning: arch/arm64/xen/../../arm/xen/enlighten.c:244: warning: macro "GRANT_TABLE_PHYSADDR" is not used [-Wunused-macros] It is an isolated macro, and should be removed when its last user was deleted in the following commit 3cf4095d7446 ("arm/xen: Use xen_xlate_map_ballooned_pages to setup grant table") Signed-off-by: Xiaofei Tan Reviewed-by: Stefano Stabellini Signed-off-by: Stefano Stabellini commit 54320dcaa2522db3222c02d68b52cfed32a2e95b Author: Krzysztof Kozlowski Date: Fri Jun 26 10:06:26 2020 +0200 ARM: dts: meson: Align L2 cache-controller nodename with dtschema Fix dtschema validator warnings like: l2-cache-controller@c4200000: $nodename:0: 'l2-cache-controller@c4200000' does not match '^(cache-controller|cpu)(@[0-9a-f,]+)*$' Signed-off-by: Krzysztof Kozlowski Signed-off-by: Kevin Hilman Reviewed-by: Martin Blumenstingl Link: https://lore.kernel.org/r/20200626080626.4080-1-krzk@kernel.org commit b2037dafcf082cd24b88ae9283af628235df36e1 Author: Neil Armstrong Date: Thu Jun 18 15:27:37 2020 +0200 arm64: dts: meson-gxl-s805x: reduce initial Mali450 core frequency When starting at 744MHz, the Mali 450 core crashes on S805X based boards: lima d00c0000.gpu: IRQ ppmmu3 not found lima d00c0000.gpu: IRQ ppmmu4 not found lima d00c0000.gpu: IRQ ppmmu5 not found lima d00c0000.gpu: IRQ ppmmu6 not found lima d00c0000.gpu: IRQ ppmmu7 not found Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.7.2+ #492 Hardware name: Libre Computer AML-S805X-AC (DT) pstate: 40000005 (nZcv daif -PAN -UAO) pc : lima_gp_init+0x28/0x188 ... Call trace: lima_gp_init+0x28/0x188 lima_device_init+0x334/0x534 lima_pdev_probe+0xa4/0xe4 ... Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b Reverting to a safer 666Mhz frequency on the S805X that doesn't use the GP0 PLL makes it more stable. Fixes: fd47716479f5 ("ARM64: dts: add S805X based P241 board") Fixes: 0449b8e371ac ("arm64: dts: meson: add libretech aml-s805x-ac board") Signed-off-by: Neil Armstrong Signed-off-by: Kevin Hilman Link: https://lore.kernel.org/r/20200618132737.14243-1-narmstrong@baylibre.com commit 95ca6f06dd4827ff63be5154120c7a8511cd9a41 Author: Jerome Brunet Date: Wed Jun 17 14:53:46 2020 +0200 arm64: dts: meson: add missing gxl rng clock The peripheral clock of the RNG is missing for gxl while it is present for gxbb. Fixes: 1b3f6d148692 ("ARM64: dts: meson-gx: add clock CLKID_RNG0 to hwrng node") Signed-off-by: Jerome Brunet Signed-off-by: Kevin Hilman Reviewed-by: Neil Armstrong Link: https://lore.kernel.org/r/20200617125346.1163527-1-jbrunet@baylibre.com commit d16d0481e6bab5a916450e4ef0e1c958b550880c Author: Christian Hewitt Date: Tue Jun 9 08:13:18 2020 +0000 soc: amlogic: meson-gx-socinfo: Fix S905X3 and S905D3 ID's Correct the SoC revision and package bits/mask values for S905D3/X3 to detect a wider range of observed SoC IDs, and tweak sort order for A311D/S922X. S905X3 05 0000 0101 (SEI610 initial devices) S905X3 10 0001 0000 (ODROID-C4 and recent Android boxes) S905X3 50 0101 0000 (SEI610 later revisions) S905D3 04 0000 0100 (VIM3L devices in kernelci) S905D3 b0 1011 0000 (VIM3L initial production) Fixes commit c9cc9bec36d0 ("soc: amlogic: meson-gx-socinfo: Add SM1 and S905X3 IDs") Suggested-by: Neil Armstrong Signed-off-by: Christian Hewitt Signed-off-by: Kevin Hilman Acked-by: Neil Armstrong Link: https://lore.kernel.org/r/20200609081318.28023-1-christianshewitt@gmail.com commit 377ff83083c953dd58c5a030b3c9b5b85d8cc727 Author: Jarkko Sakkinen Date: Tue Jun 23 00:20:22 2020 +0300 selftests: tpm: Use /bin/sh instead of /bin/bash It's better to use /bin/sh instead of /bin/bash in order to run the tests in the BusyBox shell. Fixes: 6ea3dfe1e073 ("selftests: add TPM 2.0 tests") Cc: stable@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Signed-off-by: Jarkko Sakkinen Signed-off-by: Shuah Khan commit 88a16840f462f96d3a1808aff1d6479f87a02147 Author: Jarkko Sakkinen Date: Tue Jun 23 00:20:21 2020 +0300 selftests: tpm: Use 'test -e' instead of 'test -f' 'test -f' is suitable only for *regular* files. Use 'test -e' instead. Cc: Nikita Sobolev Cc: linux-integrity@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Fixes: 5627f9cffee7 ("Kernel selftests: Add check if TPM devices are supported") Signed-off-by: Jarkko Sakkinen Signed-off-by: Shuah Khan commit 5be206eaac9a68992fc3b06fb5dd5634e323de86 Author: Jarkko Sakkinen Date: Tue Jun 23 00:20:20 2020 +0300 Revert "tpm: selftest: cleanup after unseal with wrong auth/policy test" The reverted commit illegitly uses tpm2-tools. External dependencies are absolutely forbidden from these tests. There is also the problem that clearing is not necessarily wanted behavior if the test/target computer is not used only solely for testing. Fixes: a9920d3bad40 ("tpm: selftest: cleanup after unseal with wrong auth/policy test") Cc: Tadeusz Struk Cc: stable@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Signed-off-by: Jarkko Sakkinen Signed-off-by: Shuah Khan commit 3f31f7d9b5404a10648abe536c8b408bfb4502e1 Author: Hans de Goede Date: Sun Jun 28 17:52:29 2020 +0200 ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 The adc_vol_tlv volume-control has a range from -17.625 dB to +30 dB, not -176.25 dB to + 300 dB. This wrong scale is esp. a problem in userspace apps which translate the dB scale to a linear scale. With the logarithmic dB scale being of by a factor of 10 we loose all precision in the lower area of the range when apps translate things to a linear scale. E.g. the 0 dB default, which corresponds with a value of 47 of the 0 - 127 range for the control, would be shown as 0/100 in alsa-mixer. Since the centi-dB values used in the TLV struct cannot represent the 0.375 dB step size used by these controls, change the TLV definition for them to specify a min and max value instead of min + stepsize. Signed-off-by: Hans de Goede Link: https://lore.kernel.org/r/20200628155231.71089-5-hdegoede@redhat.com Signed-off-by: Mark Brown commit 85ca6b17e2bb96b19caac3b02c003d670b66de96 Author: Hans de Goede Date: Sun Jun 28 17:52:28 2020 +0200 ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 The Lenovo Miix 2 10 has a keyboard dock with extra speakers in the dock. Rather then the ACL5672's GPIO1 pin being used as IRQ to the CPU, it is actually used to enable the amplifier for these speakers (the IRQ to the CPU comes directly from the jack-detect switch). Add a quirk for having an ext speaker-amplifier enable pin on GPIO1 and replace the Lenovo Miix 2 10's dmi_system_id table entry's wrong GPIO_DEV quirk (which needs to be renamed to GPIO1_IS_IRQ) with the new RT5670_GPIO1_IS_EXT_SPK_EN quirk, so that we enable the external speaker-amplifier as necessary. Also update the ident field for the dmi_system_id table entry, the Miix models are not Thinkpads. Fixes: 67e03ff3f32f ("ASoC: codecs: rt5670: add Thinkpad Tablet 10 quirk") Signed-off-by: Hans de Goede BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1786723 Link: https://lore.kernel.org/r/20200628155231.71089-4-hdegoede@redhat.com Signed-off-by: Mark Brown commit 5cacc6f5764e94fa753b2c1f5f7f1f3f74286e82 Author: Hans de Goede Date: Sun Jun 28 17:52:27 2020 +0200 ASoC: rt5670: Correct RT5670_LDO_SEL_MASK The RT5670_PWR_ANLG1 register has 3 bits to select the LDO voltage, so the correct mask is 0x7 not 0x3. Because of this wrong mask we were programming the ldo bits to a setting of binary 001 (0x05 & 0x03) instead of binary 101 when moving to SND_SOC_BIAS_PREPARE. According to the datasheet 001 is a reserved value, so no idea what it did, since the driver was working fine before I guess we got lucky and it does something which is ok. Fixes: 5e8351de740d ("ASoC: add RT5670 CODEC driver") Signed-off-by: Hans de Goede Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200628155231.71089-3-hdegoede@redhat.com Signed-off-by: Mark Brown commit 0ceb8a36d023d4bb4ffca3474a452fb1dfaa0ef2 Author: Hans de Goede Date: Sun Jun 28 17:52:26 2020 +0200 ASoC: Intel: cht_bsw_rt5672: Change bus format to I2S 2 channel The default mode for SSP configuration is TDM 4 slot and so far we were using this for the bus format on cht-bsw-rt56732 boards. One board, the Lenovo Miix 2 10 uses not 1 but 2 codecs connected to SSP2. The second piggy-backed, output-only codec is inside the keyboard-dock (which has extra speakers). Unlike the main rt5672 codec, we cannot configure this codec, it is hard coded to use 2 channel 24 bit I2S. Using 4 channel TDM leads to the dock speakers codec (which listens in on the data send from the SSP to the rt5672 codec) emiting horribly distorted sound. Since we only support 2 channels anyways, there is no need for TDM on any cht-bsw-rt5672 designs. So we can simply use I2S 2ch everywhere. This commit fixes the Lenovo Miix 2 10 dock speakers issue by changing the bus format set in cht_codec_fixup() to I2S 2 channel. This change has been tested on the following devices with a rt5672 codec: Lenovo Miix 2 10 Lenovo Thinkpad 8 Lenovo Thinkpad 10 (gen 1) Signed-off-by: Hans de Goede Cc: stable@vger.kernel.org BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1786723 Link: https://lore.kernel.org/r/20200628155231.71089-2-hdegoede@redhat.com Signed-off-by: Mark Brown commit 3e20aa9630e5bcef4f1b9dcb7b50c5491867fd89 Author: Eric Biggers Date: Tue Jun 16 08:56:54 2020 -0700 block/keyslot-manager: use kvfree_sensitive() Make blk_ksm_destroy() use the kvfree_sensitive() function (which was introduced in v5.8-rc1) instead of open-coding it. Signed-off-by: Eric Biggers Signed-off-by: Jens Axboe commit becd2014923ff259b8155df58199f605dd50cb8f Author: Christophe Leroy Date: Mon Jun 15 06:25:23 2020 +0000 SUNRPC: Add missing definition of ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE Even if that's only a warning, not including asm/cacheflush.h leads to svc_flush_bvec() being empty allthough powerpc defines ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE. CC net/sunrpc/svcsock.o net/sunrpc/svcsock.c:227:5: warning: "ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE" is not defined [-Wundef] #if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE ^ Include linux/highmem.h so that asm/cacheflush.h will be included. Reported-by: Christophe Leroy Reported-by: kernel test robot Fixes: ca07eda33e01 ("SUNRPC: Refactor svc_recvfrom()") Signed-off-by: Christophe Leroy Acked-by: Chuck Lever Signed-off-by: J. Bruce Fields commit bf2654017e0268cc83dc88d56f0e67ff4406631d Author: J. Bruce Fields Date: Tue Jun 23 21:01:19 2020 -0400 nfsd: fix nfsdfs inode reference count leak I don't understand this code well, but I'm seeing a warning about a still-referenced inode on unmount, and every other similar filesystem does a dput() here. Fixes: e8a79fb14f6b ("nfsd: add nfsd/clients directory") Signed-off-by: J. Bruce Fields commit 681370f4b00af0fcc65bbfb9f82de526ab7ceb0a Author: J. Bruce Fields Date: Tue Jun 23 16:00:33 2020 -0400 nfsd4: fix nfsdfs reference count loop We don't drop the reference on the nfsdfs filesystem with mntput(nn->nfsd_mnt) until nfsd_exit_net(), but that won't be called until the nfsd module's unloaded, and we can't unload the module as long as there's a reference on nfsdfs. So this prevents module unloading. Fixes: 2c830dd7209b ("nfsd: persist nfsd filesystem across mounts") Reported-and-Tested-by: Luo Xiaogang Signed-off-by: J. Bruce Fields commit 412847fb47336c58885ac6231a5f34ac7ac862a0 Author: Lukas Bulwahn Date: Sun Jun 28 20:02:29 2020 +0200 MAINTAINERS: remove obsolete entry after file renaming Commit f16861b12fa0 ("regulator: rename da903x to da903x-regulator") missed to adjust the DIALOG SEMICONDUCTOR DRIVERS section in MAINTAINERS. Hence, ./scripts/get_maintainer.pl --self-test=patterns complains: warning: no file matches F: drivers/regulator/da903x.c The da903x-regulator.c file is already covered by the pattern drivers/regulator/da9???-regulator.[ch] in the section. So, simply remove the non-matching file entry in MAINTAINERS. Signed-off-by: Lukas Bulwahn Link: https://lore.kernel.org/r/20200628180229.5068-1-lukas.bulwahn@gmail.com Signed-off-by: Mark Brown commit e852c2c251ed9c23ae6e3efebc5ec49adb504207 Author: Alexander Usyskin Date: Mon Jun 29 01:53:59 2020 +0300 mei: bus: don't clean driver pointer It's not needed to set driver to NULL in mei_cl_device_remove() which is bus_type remove() handler as this is done anyway in __device_release_driver(). Actually this is causing an endless loop in driver_detach() on ubuntu patched kernel, while removing (rmmod) the mei_hdcp module. The reason list_empty(&drv->p->klist_devices.k_list) is always not-empty. as the check is always true in __device_release_driver() if (dev->driver != drv) return; The non upstream patch is causing this behavior, titled: 'vfio -- release device lock before userspace requests' Nevertheless the fix is correct also for the upstream. Link: https://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20180912085046.3401-2-apw@canonical.com/ Cc: Cc: Andy Whitcroft Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Link: https://lore.kernel.org/r/20200628225359.2185929-1-tomas.winkler@intel.com Signed-off-by: Greg Kroah-Hartman commit b037d60a3b1d1227609fd858fa34321f41829911 Author: Michał Mirosław Date: Wed Jun 24 13:35:41 2020 +0200 misc: atmel-ssc: lock with mutex instead of spinlock Uninterruptible context is not needed in the driver and causes lockdep warning because of mutex taken in of_alias_get_id(). Convert the lock to mutex to avoid the issue. Cc: stable@vger.kernel.org Fixes: 099343c64e16 ("ARM: at91: atmel-ssc: add device tree support") Signed-off-by: Michał Mirosław Link: https://lore.kernel.org/r/50f0d7fa107f318296afb49477c3571e4d6978c5.1592998403.git.mirq-linux@rere.qmqm.pl Signed-off-by: Greg Kroah-Hartman commit 7c30b859a947535f2213277e827d7ac7dcff9c84 Merge: be88fef34f78 cf961fce30f8 Author: Linus Torvalds Date: Mon Jun 29 10:10:16 2020 -0700 Merge tag 'spi-fix-v5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi fixes from Mark Brown: "A batch of fixes for the Freescale DSPI driver fixing some serious issues with removal of active devices and one resume case, plus a few new PCI IDs for Intel platforms" * tag 'spi-fix-v5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: pxa2xx: Add support for Intel Tiger Lake PCH-H spi: spi-fsl-dspi: Initialize completion before possible interrupt spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer commit be88fef34f784a8d612366e7ebb149785de7f928 Merge: 2cfa46dadd20 5f8f06425a0d Author: Linus Torvalds Date: Mon Jun 29 10:08:15 2020 -0700 Merge tag 'thermal-v5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux Pull thermal fixes from Daniel Lezcano: - Fix undefined temperature if negative on the rcar_gen3 (Dien Pham) - Fix wrong frequency converted from power for the cpufreq cooling device (Finley Xiao) - Fix compilation warnings by making functions static in the tsens driver (Amit Kucheria) - Fix return value of sprd_thm_probe for the Spreadtrum driver (Tiezhu Yang) - Fix bank number settings on the Mediatek mt8183 (Michael Kao) - Fix missing of_node_put() at probe time i.MX (Anson Huang) * tag 'thermal-v5.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux: thermal/drivers/rcar_gen3: Fix undefined temperature if negative thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power thermal/drivers/tsens: Fix compilation warnings by making functions static thermal/drivers/sprd: Fix return value of sprd_thm_probe() thermal/drivers/mediatek: Fix bank number settings on mt8183 thermal/drivers: imx: Fix missing of_node_put() at probe time commit 2cfa46dadd203eef88cc70131df7a81ebc34b8ff Merge: b6509f6a8c43 e04ec0de61c1 Author: Linus Torvalds Date: Mon Jun 29 10:06:26 2020 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes two race conditions, one in padata and one in af_alg" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: padata: upgrade smp_mb__after_atomic to smp_mb in padata_do_serial crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock() commit b6aa06de7757667bac88997a8807b143b8436035 Author: Geert Uytterhoeven Date: Mon Jun 29 14:24:43 2020 +0200 ASoC: qcom: Drop HAS_DMA dependency to fix link failure When building on allyesconfig kernel for a NO_DMA=y platform (e.g. Sun-3), CONFIG_SND_SOC_QCOM_COMMON=y, but CONFIG_SND_SOC_QDSP6_AFE=n, leading to a link failure: sound/soc/qcom/common.o: In function `qcom_snd_parse_of': common.c:(.text+0x2e2): undefined reference to `q6afe_is_rx_port' While SND_SOC_QDSP6 depends on HAS_DMA, SND_SOC_MSM8996 and SND_SOC_SDM845 don't, so the following warning is seen: WARNING: unmet direct dependencies detected for SND_SOC_QDSP6 Depends on [n]: SOUND [=y] && !UML && SND [=y] && SND_SOC [=y] && QCOM_APR [=y] && HAS_DMA [=n] Selected by [y]: - SND_SOC_MSM8996 [=y] && SOUND [=y] && !UML && SND [=y] && SND_SOC [=y] && QCOM_APR [=y] - SND_SOC_SDM845 [=y] && SOUND [=y] && !UML && SND [=y] && SND_SOC [=y] && QCOM_APR [=y] && CROS_EC [=y] && I2C [=y] && SOUNDWIRE [=y] Until recently, this warning was harmless (from a compile-testing point-of-view), but the new user of q6afe_is_rx_port() turned this into a hard failure. As the QDSP6 driver itself builds fine if NO_DMA=y, and it depends on QCOM_APR (which in turns depends on ARCH_QCOM || COMPILE_TEST), it is safe to increase compile testing coverage. Hence fix the link failure by dropping the HAS_DMA dependency of SND_SOC_QDSP6. Fixes: a2120089251f1fe2 ("ASoC: qcom: common: set correct directions for dailinks") Fixes: 6b1687bf76ef84cb ("ASoC: qcom: add sdm845 sound card support") Fixes: a6f933f63f2ffdb2 ("ASoC: qcom: apq8096: Add db820c machine driver") Signed-off-by: Geert Uytterhoeven Link: https://lore.kernel.org/r/20200629122443.21736-1-geert@linux-m68k.org Signed-off-by: Mark Brown commit b6509f6a8c4313c068c69785c001451415969e44 Author: Mel Gorman Date: Mon Jun 29 15:41:45 2020 +0100 Revert "fs: Do not check if there is a fsnotify watcher on pseudo inodes" This reverts commit e9c15badbb7b ("fs: Do not check if there is a fsnotify watcher on pseudo inodes"). The commit intended to eliminate fsnotify-related overhead for pseudo inodes but it is broken in concept. inotify can receive events of pipe files under /proc/X/fd and chromium relies on close and open events for sandboxing. Maxim Levitsky reported the following Chromium starts as a white rectangle, shows few white rectangles that resemble its notifications and then crashes. The stdout output from chromium: [mlevitsk@starship ~]$chromium-freeworld mesa: for the --simplifycfg-sink-common option: may only occur zero or one times! mesa: for the --global-isel-abort option: may only occur zero or one times! [3379:3379:0628/135151.440930:ERROR:browser_switcher_service.cc(238)] XXX Init() ../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall 0072 Received signal 11 SEGV_MAPERR 0000004a9048 Crashes are not universal but even if chromium does not crash, it certainly does not work properly. While filtering just modify and access might be safe, the benefit is not worth the risk hence the revert. Reported-by: Maxim Levitsky Fixes: e9c15badbb7b ("fs: Do not check if there is a fsnotify watcher on pseudo inodes") Signed-off-by: Mel Gorman Signed-off-by: Linus Torvalds commit 9d3c447c72fb2337ca39f245c6ae89f2369de216 Author: Wanpeng Li Date: Mon Jun 29 18:26:31 2020 +0800 KVM: X86: Fix async pf caused null-ptr-deref Syzbot reported that: CPU: 1 PID: 6780 Comm: syz-executor153 Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__apic_accept_irq+0x46/0xb80 Call Trace: kvm_arch_async_page_present+0x7de/0x9e0 kvm_check_async_pf_completion+0x18d/0x400 kvm_arch_vcpu_ioctl_run+0x18bf/0x69f0 kvm_vcpu_ioctl+0x46a/0xe20 ksys_ioctl+0x11a/0x180 __x64_sys_ioctl+0x6f/0xb0 do_syscall_64+0xf6/0x7d0 entry_SYSCALL_64_after_hwframe+0x49/0xb3 The testcase enables APF mechanism in MSR_KVM_ASYNC_PF_EN with ASYNC_PF_INT enabled w/o setting MSR_KVM_ASYNC_PF_INT before, what's worse, interrupt based APF 'page ready' event delivery depends on in kernel lapic, however, we didn't bail out when lapic is not in kernel during guest setting MSR_KVM_ASYNC_PF_EN which causes the null-ptr-deref in host later. This patch fixes it. Reported-by: syzbot+1bf777dfdde86d64b89b@syzkaller.appspotmail.com Fixes: 2635b5c4a0 (KVM: x86: interrupt based APF 'page ready' event delivery) Signed-off-by: Wanpeng Li Message-Id: <1593426391-8231-1-git-send-email-wanpengli@tencent.com> Signed-off-by: Paolo Bonzini commit 95e61b1b5d6394b53d147c0fcbe2ae70fbe09446 Author: Vasily Gorbik Date: Thu Jun 18 17:17:19 2020 +0200 s390/setup: init jump labels before command line parsing Command line parameters might set static keys. This is true for s390 at least since commit 6471384af2a6 ("mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options"). To avoid the following WARN: static_key_enable_cpuslocked(): static key 'init_on_alloc+0x0/0x40' used before call to jump_label_init() call jump_label_init() just before parse_early_param(). jump_label_init() is safe to call multiple times (x86 does that), doesn't do any memory allocations and hence should be safe to call that early. Fixes: 6471384af2a6 ("mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options") Cc: # 5.3: d6df52e9996d: s390/maccess: add no DAT mode to kernel_write Cc: # 5.3 Reviewed-by: Heiko Carstens Signed-off-by: Vasily Gorbik Signed-off-by: Heiko Carstens commit d6df52e9996dcc2062c3d9c9123288468bb95b52 Author: Vasily Gorbik Date: Wed Jun 24 17:39:14 2020 +0200 s390/maccess: add no DAT mode to kernel_write To be able to patch kernel code before paging is initialized do plain memcpy if DAT is off. This is required to enable early jump label initialization. Reviewed-by: Heiko Carstens Signed-off-by: Vasily Gorbik Signed-off-by: Heiko Carstens commit 3047766bc6ec9c6bc9ece85b45a41ff401e8d988 Author: Niklas Schnelle Date: Thu Jun 18 17:16:27 2020 +0200 s390/pci: fix enabling a reserved PCI function In usual IPL or hot plug scenarios a zPCI function transitions directly from reserved (invisible to Linux) to configured state or is configured by Linux itself using an SCLP, however it can also first go from reserved to standby and then from standby to configured without Linux initiative. In this scenario we first get a PEC event 0x302 and then 0x301. This may happen for example when the device is deconfigured at another LPAR and made available for this LPAR. It may also happen under z/VM when a device is attached while in some inconsistent state. However when we get the 0x301 the device is already known to zPCI so calling zpci_create() will add it twice resulting in the below BUG. Instead we should only enable the existing device and finally scan it through the PCI subsystem. list_add double add: new=00000000ed5a9008, prev=00000000ed5a9008, next=0000000083502300. kernel BUG at lib/list_debug.c:31! Krnl PSW : 0704c00180000000 0000000082dc2db8 (__list_add_valid+0x70/0xa8) Call Trace: [<0000000082dc2db8>] __list_add_valid+0x70/0xa8 ([<0000000082dc2db4>] __list_add_valid+0x6c/0xa8) [<00000000828ea920>] zpci_create_device+0x60/0x1b0 [<00000000828ef04a>] zpci_event_availability+0x282/0x2f0 [<000000008315f848>] chsc_process_crw+0x2b8/0xa18 [<000000008316735c>] crw_collect_info+0x254/0x348 [<00000000829226ea>] kthread+0x14a/0x168 [<000000008319d5c0>] ret_from_fork+0x24/0x2c Fixes: f606b3ef47c9 ("s390/pci: adapt events for zbus") Reported-by: Alexander Egorenkov Tested-by: Alexander Egorenkov Signed-off-by: Niklas Schnelle Signed-off-by: Heiko Carstens commit c43e55796dd4d13f4855971a4d7970ce2cd94db4 Author: Angelo Dureghello Date: Wed Jun 17 09:53:41 2020 +0300 m68k: mm: fix node memblock init After pulling 5.7.0 (linux-next merge), mcf5441x mmu boot was hanging silently. memblock_add() seems not appropriate, since using MAX_NUMNODES as node id, while memblock_add_node() sets up memory for node id 0. Signed-off-by: Angelo Dureghello Signed-off-by: Mike Rapoport Signed-off-by: Greg Ungerer commit d63bd8c81d8ab64db506ffde569cc8ff197516e2 Author: Mike Rapoport Date: Wed Jun 17 09:53:40 2020 +0300 m68k: nommu: register start of the memory with memblock The m68k nommu setup code didn't register the beginning of the physical memory with memblock because it was anyway occupied by the kernel. However, commit fa3354e4ea39 ("mm: free_area_init: use maximal zone PFNs rather than zone sizes") changed zones initialization to use memblock.memory to detect the zone extents and this caused inconsistency between zone PFNs and the actual PFNs: BUG: Bad page state in process swapper pfn:20165 page:41fe0ca0 refcount:0 mapcount:1 mapping:00000000 index:0x0 flags: 0x0() raw: 00000000 00000100 00000122 00000000 00000000 00000000 00000000 00000000 page dumped because: nonzero mapcount CPU: 0 PID: 1 Comm: swapper Not tainted 5.8.0-rc1-00001-g3a38f8a60c65-dirty #1 Stack from 404c9ebc: 404c9ebc 4029ab28 4029ab28 40088470 41fe0ca0 40299e21 40299df1 404ba2a4 00020165 00000000 41fd2c10 402c7ba0 41fd2c04 40088504 41fe0ca0 40299e21 00000000 40088a12 41fe0ca0 41fe0ca4 0000020a 00000000 00000001 402ca000 00000000 41fe0ca0 41fd2c10 41fd2c10 00000000 00000000 402b2388 00000001 400a0934 40091056 404c9f44 404c9f44 40088db4 402c7ba0 00000001 41fd2c04 41fe0ca0 41fd2000 41fe0ca0 40089e02 4026ecf4 40089e4e 41fe0ca0 ffffffff Call Trace: [<40088470>] 0x40088470 [<40088504>] 0x40088504 [<40088a12>] 0x40088a12 [<402ca000>] 0x402ca000 [<400a0934>] 0x400a0934 Adjust the memory registration with memblock to include the beginning of the physical memory and make sure that the area occupied by the kernel is marked as reserved. Signed-off-by: Mike Rapoport Signed-off-by: Greg Ungerer commit bfe373f608cf81b7626dfeb904001b0e867c5110 Author: Hou Tao Date: Tue Apr 28 09:54:56 2020 +0800 blk-mq-debugfs: update blk_queue_flag_name[] accordingly for new flags Else there may be magic numbers in /sys/kernel/debug/block/*/state. Signed-off-by: Hou Tao Reviewed-by: Bart Van Assche Signed-off-by: Jens Axboe commit 1e05daca83bb42cde569f75f3bd7c8828b1ef30f Author: Srinivas Pandruvada Date: Wed Jun 24 11:51:40 2020 -0700 ACPI: DPTF: Add battery participant for TigerLake Add DPTF battery participant ACPI ID for platforms based on the Intel TigerLake SoC. Signed-off-by: Srinivas Pandruvada [ rjw: Changelog ] Signed-off-by: Rafael J. Wysocki commit 77b48bea2fee47c15a835f6725dd8df0bc38375a Author: Joseph Salisbury Date: Fri Jun 26 15:28:17 2020 -0700 Drivers: hv: Change flag to write log level in panic msg to false When the kernel panics, one page of kmsg data may be collected and sent to Hyper-V to aid in diagnosing the failure. The collected kmsg data typically contains 50 to 100 lines, each of which has a log level prefix that isn't very useful from a diagnostic standpoint. So tell kmsg_dump_get_buffer() to not include the log level, enabling more information that *is* useful to fit in the page. Requesting in stable kernels, since many kernels running in production are stable releases. Cc: stable@vger.kernel.org Signed-off-by: Joseph Salisbury Reviewed-by: Michael Kelley Link: https://lore.kernel.org/r/1593210497-114310-1-git-send-email-joseph.salisbury@microsoft.com Signed-off-by: Wei Liu commit 5f8f06425a0dcdad7bedbb77e67f5c65ab4dacfc Author: Dien Pham Date: Thu Jun 25 20:38:19 2020 +0900 thermal/drivers/rcar_gen3: Fix undefined temperature if negative As description for DIV_ROUND_CLOSEST in file include/linux/kernel.h. "Result is undefined for negative divisors if the dividend variable type is unsigned and for negative dividends if the divisor variable type is unsigned." In current code, the FIXPT_DIV uses DIV_ROUND_CLOSEST but has not checked sign of divisor before using. It makes undefined temperature value in case the value is negative. This patch fixes to satisfy DIV_ROUND_CLOSEST description and fix bug too. Note that the variable name "reg" is not good because it should be the same type as rcar_gen3_thermal_read(). However, it's better to rename the "reg" in a further patch as cleanup. Signed-off-by: Van Do Signed-off-by: Dien Pham [shimoda: minor fixes, add Fixes tag] Fixes: 564e73d283af ("thermal: rcar_gen3_thermal: Add R-Car Gen3 thermal driver") Signed-off-by: Yoshihiro Shimoda Reviewed-by: Niklas Soderlund Tested-by: Niklas Soderlund Reviewed-by: Amit Kucheria Signed-off-by: Daniel Lezcano Link: https://lore.kernel.org/r/1593085099-2057-1-git-send-email-yoshihiro.shimoda.uh@renesas.com commit 371a3bc79c11b707d7a1b7a2c938dc3cc042fffb Author: Finley Xiao Date: Fri Jun 19 17:08:25 2020 +0800 thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power The function cpu_power_to_freq is used to find a frequency and set the cooling device to consume at most the power to be converted. For example, if the power to be converted is 80mW, and the em table is as follow. struct em_cap_state table[] = { /* KHz mW */ { 1008000, 36, 0 }, { 1200000, 49, 0 }, { 1296000, 59, 0 }, { 1416000, 72, 0 }, { 1512000, 86, 0 }, }; The target frequency should be 1416000KHz, not 1512000KHz. Fixes: 349d39dc5739 ("thermal: cpu_cooling: merge frequency and power tables") Cc: # v4.13+ Signed-off-by: Finley Xiao Acked-by: Viresh Kumar Reviewed-by: Amit Kucheria Signed-off-by: Daniel Lezcano Link: https://lore.kernel.org/r/20200619090825.32747-1-finley.xiao@rock-chips.com commit 3ecc82926be729cb107a287cb6b1f07a2adb44bb Author: Amit Kucheria Date: Wed May 27 16:38:46 2020 +0530 thermal/drivers/tsens: Fix compilation warnings by making functions static After merging tsens-common.c into tsens.c, we can now mark some functions static so they don't need any prototype declarations. This fixes the following issue reported by lkp. >> drivers/thermal/qcom/tsens.c:385:13: warning: no previous prototype for 'tsens_critical_irq_thread' [-Wmissing-prototypes] 385 | irqreturn_t tsens_critical_irq_thread(int irq, void *data) | ^~~~~~~~~~~~~~~~~~~~~~~~~ >> drivers/thermal/qcom/tsens.c:455:13: warning: no previous prototype for 'tsens_irq_thread' [-Wmissing-prototypes] 455 | irqreturn_t tsens_irq_thread(int irq, void *data) | ^~~~~~~~~~~~~~~~ >> drivers/thermal/qcom/tsens.c:523:5: warning: no previous prototype for 'tsens_set_trips' [-Wmissing-prototypes] 523 | int tsens_set_trips(void *_sensor, int low, int high) | ^~~~~~~~~~~~~~~ >> drivers/thermal/qcom/tsens.c:560:5: warning: no previous prototype for 'tsens_enable_irq' [-Wmissing-prototypes] 560 | int tsens_enable_irq(struct tsens_priv *priv) | ^~~~~~~~~~~~~~~~ >> drivers/thermal/qcom/tsens.c:573:6: warning: no previous prototype for 'tsens_disable_irq' [-Wmissing-prototypes] 573 | void tsens_disable_irq(struct tsens_priv *priv) | ^~~~~~~~~~~~~~~~~ Signed-off-by: Amit Kucheria Reported-by: kbuild test robot Signed-off-by: Daniel Lezcano Link: https://lore.kernel.org/r/6757a26876b29922929abf64b1c11fa3b3033d03.1590579709.git.amit.kucheria@linaro.org commit b4147917ad4ff2c755e01a7ca296b14030d2d507 Author: Tiezhu Yang Date: Mon May 25 09:59:01 2020 +0800 thermal/drivers/sprd: Fix return value of sprd_thm_probe() When call function devm_platform_ioremap_resource(), we should use IS_ERR() to check the return value and return PTR_ERR() if failed. Fixes: 554fdbaf19b1 ("thermal: sprd: Add Spreadtrum thermal driver support") Signed-off-by: Tiezhu Yang Reviewed-by: Baolin Wang Signed-off-by: Daniel Lezcano Link: https://lore.kernel.org/r/1590371941-25430-1-git-send-email-yangtiezhu@loongson.cn commit 14533a5a6c12e8d7de79d309d4085bf186058fe1 Author: Michael Kao Date: Mon Mar 23 20:15:35 2020 +0800 thermal/drivers/mediatek: Fix bank number settings on mt8183 MT8183_NUM_ZONES should be set to 1 because MT8183 doesn't have multiple banks. Fixes: a4ffe6b52d27 ("thermal: mediatek: add support for MT8183") Signed-off-by: Michael Kao Signed-off-by: Hsin-Yi Wang Signed-off-by: Daniel Lezcano Link: https://lore.kernel.org/r/20200323121537.22697-6-michael.kao@mediatek.com commit b45fd13be340e4ed0a2a9673ba299eb2a71ba829 Author: Anson Huang Date: Thu Mar 26 22:29:05 2020 +0800 thermal/drivers: imx: Fix missing of_node_put() at probe time After finishing using cpu node got from of_get_cpu_node(), of_node_put() needs to be called. Signed-off-by: Anson Huang Signed-off-by: Daniel Lezcano Link: https://lore.kernel.org/r/1585232945-23368-1-git-send-email-Anson.Huang@nxp.com commit 55fd7e0222ea01246ef3e6aae28b5721fdfb790f Author: Rodrigo Vivi Date: Wed Jun 10 13:18:07 2020 -0700 drm/i915: Include asm sources for {ivb, hsw}_clear_kernel.c Alexandre Oliva has recently removed these files from Linux Libre with concerns that the sources weren't available. The sources are available on IGT repository, and only open source tools are used to generate the {ivb,hsw}_clear_kernel.c files. However, the remaining concern from Alexandre Oliva was around GPL license and the source not been present when distributing the code. So, it looks like 2 alternatives are possible, the use of linux-firmware.git repository to store the blob or making sure that the source is also present in our tree. Since the goal is to limit the i915 firmware to only the micro-controller blobs let's make sure that we do include the asm sources here in our tree. Btw, I tried to have some diligence here and make sure that the asms that these commits are adding are truly the source for the mentioned files: igt$ ./scripts/generate_clear_kernel.sh -g ivb \ -m ~/mesa/build/src/intel/tools/i965_asm Output file not specified - using default file "ivb-cb_assembled" Generating gen7 CB Kernel assembled file "ivb_clear_kernel.c" for i915 driver... igt$ diff ~/i915/drm-tip/drivers/gpu/drm/i915/gt/ivb_clear_kernel.c \ ivb_clear_kernel.c < * Generated by: IGT Gpu Tools on Fri 21 Feb 2020 05:29:32 AM UTC > * Generated by: IGT Gpu Tools on Mon 08 Jun 2020 10:00:54 AM PDT 61c61 < }; > }; \ No newline at end of file igt$ ./scripts/generate_clear_kernel.sh -g hsw \ -m ~/mesa/build/src/intel/tools/i965_asm Output file not specified - using default file "hsw-cb_assembled" Generating gen7.5 CB Kernel assembled file "hsw_clear_kernel.c" for i915 driver... igt$ diff ~/i915/drm-tip/drivers/gpu/drm/i915/gt/hsw_clear_kernel.c \ hsw_clear_kernel.c 5c5 < * Generated by: IGT Gpu Tools on Fri 21 Feb 2020 05:30:13 AM UTC > * Generated by: IGT Gpu Tools on Mon 08 Jun 2020 10:01:42 AM PDT 61c61 < }; > }; \ No newline at end of file Used IGT and Mesa master repositories from Fri Jun 5 2020) IGT: 53e8c878a6fb ("tests/kms_chamelium: Force reprobe after replugging the connector") Mesa: 5d13c7477eb1 ("radv: set keep_statistic_info with RADV_DEBUG=shaderstats") Mesa built with: meson build -D platforms=drm,x11 -D dri-drivers=i965 \ -D gallium-drivers=iris -D prefix=/usr \ -D libdir=/usr/lib64/ -Dtools=intel \ -Dkulkan-drivers=intel && ninja -C build v2: Header clean-up and include build instructions in a readme (Chris) Modified commit message to respect check-patch Reference: http://www.fsfla.org/pipermail/linux-libre/2020-June/003374.html Reference: http://www.fsfla.org/pipermail/linux-libre/2020-June/003375.html Fixes: 47f8253d2b89 ("drm/i915/gen7: Clear all EU/L3 residual contexts") Cc: # v5.7+ Cc: Alexandre Oliva Cc: Prathap Kumar Valsan Cc: Akeem G Abodunrin Cc: Mika Kuoppala Cc: Chris Wilson Cc: Jani Nikula Cc: Joonas Lahtinen Signed-off-by: Rodrigo Vivi Reviewed-by: Jon Bloomfield Link: https://patchwork.freedesktop.org/patch/msgid/20200610201807.191440-1-rodrigo.vivi@intel.com (cherry picked from commit 5a7eeb8ba143d860050ecea924a8f074f02d8023) Signed-off-by: Jani Nikula commit 5267456e953fd8c5abd8e278b1cc6a9f9027ac0a Author: Sungjong Seo Date: Thu Jun 18 20:43:26 2020 +0900 exfat: flush dirty metadata in fsync generic_file_fsync() exfat used could not guarantee the consistency of a file because it has flushed not dirty metadata but only dirty data pages for a file. Instead of that, use exfat_file_fsync() for files and directories so that it guarantees to commit both the metadata and data pages for a file. Signed-off-by: Sungjong Seo Signed-off-by: Namjae Jeon commit 3bcfb701099acf96b0e883bf5544f96af473aa1d Author: Namjae Jeon Date: Wed Jun 17 12:17:18 2020 +0900 exfat: move setting VOL_DIRTY over exfat_remove_entries() Move setting VOL_DIRTY over exfat_remove_entries() to avoid unneeded leaving VOL_DIRTY on -ENOTEMPTY. Fixes: 5f2aa075070c ("exfat: add inode operations") Cc: stable@vger.kernel.org # v5.7 Reported-by: Tetsuhiro Kohada Reviewed-by: Sungjong Seo Signed-off-by: Namjae Jeon commit a0271a15cf2cf907ea5b0f2ba611123f1b7935ec Author: Hyunchul Lee Date: Tue Jun 16 14:34:45 2020 +0900 exfat: call sync_filesystem for read-only remount We need to commit dirty metadata and pages to disk before remounting exfat as read-only. This fixes a failure in xfstests generic/452 generic/452 does the following: cp something / mount -o remount,ro the /something is corrupted. because while exfat is remounted as read-only, exfat doesn't have a chance to commit metadata and vfs invalidates page caches in a block device. Signed-off-by: Hyunchul Lee Acked-by: Sungjong Seo Signed-off-by: Namjae Jeon commit e8dd3cda8667118b70d9fe527f61fe22623de04d Author: Dan Carpenter Date: Wed Jun 10 20:22:13 2020 +0300 exfat: add missing brelse() calls on error paths If the second exfat_get_dentry() call fails then we need to release "old_bh" before returning. There is a similar bug in exfat_move_file(). Fixes: 5f2aa075070c ("exfat: add inode operations") Reported-by: Markus Elfring Signed-off-by: Dan Carpenter Signed-off-by: Namjae Jeon commit 4ba6ccd695f5ed3ae851e59b443b757bbe4557fe Author: Hyeongseok.Kim Date: Tue Jun 9 14:30:44 2020 +0900 exfat: Set the unused characters of FileName field to the value 0000h Some fsck tool complain that padding part of the FileName field is not set to the value 0000h. So let's maintain filesystem cleaner, as exfat's spec. recommendation. Signed-off-by: Hyeongseok.Kim Reviewed-by: Sungjong Seo Signed-off-by: Namjae Jeon commit cd65bbb4d8c90079f2f4d114bd0a967718d53476 Merge: 9ebcfadb0610 a291e4fba259 Author: Jani Nikula Date: Mon Jun 29 11:09:53 2020 +0300 Merge tag 'gvt-fixes-2020-06-17' of https://github.com/intel/gvt-linux into drm-intel-fixes gvt-fixes-2020-06-17 - Two missed MMIO handler fixes for SKL/CFL (Colin) - Fix mask register bits check (Colin) - Fix one lockdep error for debugfs entry access (Colin) Signed-off-by: Jani Nikula From: Zhenyu Wang Link: https://patchwork.freedesktop.org/patch/msgid/20200617043418.GQ5687@zhen-hp.sh.intel.com commit 71cdec4fab76667dabdbb2ca232b039004ebd40f Author: David Rientjes Date: Sun Jun 21 13:43:02 2020 -0700 dma-mapping: warn when coherent pool is depleted When a DMA coherent pool is depleted, allocation failures may or may not get reported in the kernel log depending on the allocator. The admin does have a workaround, however, by using coherent_pool= on the kernel command line. Provide some guidance on the failure and a recommended minimum size for the pools (double the size). Signed-off-by: David Rientjes Tested-by: Guenter Roeck Signed-off-by: Christoph Hellwig commit 7ad816762f9bf89e940e618ea40c43138b479e10 Author: Petteri Aimonen Date: Tue Jun 16 11:12:57 2020 +0200 x86/fpu: Reset MXCSR to default in kernel_fpu_begin() Previously, kernel floating point code would run with the MXCSR control register value last set by userland code by the thread that was active on the CPU core just before kernel call. This could affect calculation results if rounding mode was changed, or a crash if a FPU/SIMD exception was unmasked. Restore MXCSR to the kernel's default value. [ bp: Carve out from a bigger patch by Petteri, add feature check, add FNINIT call too (amluto). ] Signed-off-by: Petteri Aimonen Signed-off-by: Borislav Petkov Link: https://bugzilla.kernel.org/show_bug.cgi?id=207979 Link: https://lkml.kernel.org/r/20200624114646.28953-2-bp@alien8.de commit 19ab500edb5d6020010caba48ce3b4ce4182ab63 Author: Aneesh Kumar K.V Date: Sat Jun 27 12:31:46 2020 +0530 powerpc/mm/pkeys: Make pkey access check work on execute_only_key Jan reported that LTP mmap03 was getting stuck in a page fault loop after commit c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user"), as well as a minimised reproducer: #include #include #include #include #include int main(int ac, char **av) { int page_sz = getpagesize(); int fildes; char *addr; fildes = open("tempfile", O_WRONLY | O_CREAT, 0666); write(fildes, &fildes, sizeof(fildes)); close(fildes); fildes = open("tempfile", O_RDONLY); unlink("tempfile"); addr = mmap(0, page_sz, PROT_EXEC, MAP_FILE | MAP_PRIVATE, fildes, 0); printf("%d\n", *addr); return 0; } And noticed that access_pkey_error() in page fault handler now always seem to return false: __do_page_fault access_pkey_error(is_pkey: 1, is_exec: 0, is_write: 0) arch_vma_access_permitted pkey_access_permitted if (!is_pkey_enabled(pkey)) return true return false pkey_access_permitted() should not check if the pkey is available in UAMOR (using is_pkey_enabled()). The kernel needs to do that check only when allocating keys. This also makes sure the execute_only_key which is marked as non-manageable via UAMOR is handled correctly in pkey_access_permitted(), and fixes the bug. Fixes: c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user") Reported-by: Jan Stancek Signed-off-by: Aneesh Kumar K.V [mpe: Include bug report details etc. in the change log] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200627070147.297535-1-aneesh.kumar@linux.ibm.com commit a9b1110162357689a34992d5c925852948e5b9fd Author: Eric Dumazet Date: Sat Jun 27 13:31:50 2020 -0700 llc: make sure applications use ARPHRD_ETHER syzbot was to trigger a bug by tricking AF_LLC with non sensible addr->sllc_arphrd It seems clear LLC requires an Ethernet device. Back in commit abf9d537fea2 ("llc: add support for SO_BINDTODEVICE") Octavian Purdila added possibility for application to use a zero value for sllc_arphrd, convert it to ARPHRD_ETHER to not cause regressions on existing applications. BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:199 [inline] BUG: KASAN: use-after-free in list_empty include/linux/list.h:268 [inline] BUG: KASAN: use-after-free in waitqueue_active include/linux/wait.h:126 [inline] BUG: KASAN: use-after-free in wq_has_sleeper include/linux/wait.h:160 [inline] BUG: KASAN: use-after-free in skwq_has_sleeper include/net/sock.h:2092 [inline] BUG: KASAN: use-after-free in sock_def_write_space+0x642/0x670 net/core/sock.c:2813 Read of size 8 at addr ffff88801e0b4078 by task ksoftirqd/3/27 CPU: 3 PID: 27 Comm: ksoftirqd/3 Not tainted 5.5.0-rc1-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c:374 __kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506 kasan_report+0x12/0x20 mm/kasan/common.c:639 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135 __read_once_size include/linux/compiler.h:199 [inline] list_empty include/linux/list.h:268 [inline] waitqueue_active include/linux/wait.h:126 [inline] wq_has_sleeper include/linux/wait.h:160 [inline] skwq_has_sleeper include/net/sock.h:2092 [inline] sock_def_write_space+0x642/0x670 net/core/sock.c:2813 sock_wfree+0x1e1/0x260 net/core/sock.c:1958 skb_release_head_state+0xeb/0x260 net/core/skbuff.c:652 skb_release_all+0x16/0x60 net/core/skbuff.c:663 __kfree_skb net/core/skbuff.c:679 [inline] consume_skb net/core/skbuff.c:838 [inline] consume_skb+0xfb/0x410 net/core/skbuff.c:832 __dev_kfree_skb_any+0xa4/0xd0 net/core/dev.c:2967 dev_kfree_skb_any include/linux/netdevice.h:3650 [inline] e1000_unmap_and_free_tx_resource.isra.0+0x21b/0x3a0 drivers/net/ethernet/intel/e1000/e1000_main.c:1963 e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3854 [inline] e1000_clean+0x4cc/0x1d10 drivers/net/ethernet/intel/e1000/e1000_main.c:3796 napi_poll net/core/dev.c:6532 [inline] net_rx_action+0x508/0x1120 net/core/dev.c:6600 __do_softirq+0x262/0x98c kernel/softirq.c:292 run_ksoftirqd kernel/softirq.c:603 [inline] run_ksoftirqd+0x8e/0x110 kernel/softirq.c:595 smpboot_thread_fn+0x6a3/0xa40 kernel/smpboot.c:165 kthread+0x361/0x430 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Allocated by task 8247: save_stack+0x23/0x90 mm/kasan/common.c:72 set_track mm/kasan/common.c:80 [inline] __kasan_kmalloc mm/kasan/common.c:513 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:486 kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:521 slab_post_alloc_hook mm/slab.h:584 [inline] slab_alloc mm/slab.c:3320 [inline] kmem_cache_alloc+0x121/0x710 mm/slab.c:3484 sock_alloc_inode+0x1c/0x1d0 net/socket.c:240 alloc_inode+0x68/0x1e0 fs/inode.c:230 new_inode_pseudo+0x19/0xf0 fs/inode.c:919 sock_alloc+0x41/0x270 net/socket.c:560 __sock_create+0xc2/0x730 net/socket.c:1384 sock_create net/socket.c:1471 [inline] __sys_socket+0x103/0x220 net/socket.c:1513 __do_sys_socket net/socket.c:1522 [inline] __se_sys_socket net/socket.c:1520 [inline] __ia32_sys_socket+0x73/0xb0 net/socket.c:1520 do_syscall_32_irqs_on arch/x86/entry/common.c:337 [inline] do_fast_syscall_32+0x27b/0xe16 arch/x86/entry/common.c:408 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 Freed by task 17: save_stack+0x23/0x90 mm/kasan/common.c:72 set_track mm/kasan/common.c:80 [inline] kasan_set_free_info mm/kasan/common.c:335 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/common.c:474 kasan_slab_free+0xe/0x10 mm/kasan/common.c:483 __cache_free mm/slab.c:3426 [inline] kmem_cache_free+0x86/0x320 mm/slab.c:3694 sock_free_inode+0x20/0x30 net/socket.c:261 i_callback+0x44/0x80 fs/inode.c:219 __rcu_reclaim kernel/rcu/rcu.h:222 [inline] rcu_do_batch kernel/rcu/tree.c:2183 [inline] rcu_core+0x570/0x1540 kernel/rcu/tree.c:2408 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2417 __do_softirq+0x262/0x98c kernel/softirq.c:292 The buggy address belongs to the object at ffff88801e0b4000 which belongs to the cache sock_inode_cache of size 1152 The buggy address is located 120 bytes inside of 1152-byte region [ffff88801e0b4000, ffff88801e0b4480) The buggy address belongs to the page: page:ffffea0000782d00 refcount:1 mapcount:0 mapping:ffff88807aa59c40 index:0xffff88801e0b4ffd raw: 00fffe0000000200 ffffea00008e6c88 ffffea0000782d48 ffff88807aa59c40 raw: ffff88801e0b4ffd ffff88801e0b4000 0000000100000003 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88801e0b3f00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ffff88801e0b3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88801e0b4000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88801e0b4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88801e0b4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: abf9d537fea2 ("llc: add support for SO_BINDTODEVICE") Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit e8280338c778a3f81477624267c9fa47f931477b Author: Cong Wang Date: Fri Jun 26 11:25:27 2020 -0700 net: explain the lockdep annotations for dev_uc_unsync() The lockdep annotations for dev_uc_unsync() and dev_mc_unsync() are not easy to understand, so add some comments to explain why they are correct. Similar for the rest netif_addr_lock_bh() cases, they don't need nested version. Cc: Taehee Yoo Cc: Dmitry Vyukov Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit be74294ffa24f5fbc0d6643842e3e095447e17a2 Author: Cong Wang Date: Fri Jun 26 11:24:22 2020 -0700 net: get rid of lockdep_set_class_and_subclass() lockdep_set_class_and_subclass() is meant to reduce the _nested() annotations by assigning a default subclass. For addr_list_lock, we have to compute the subclass at run-time as the netdevice topology changes after creation. So, we should just get rid of these lockdep_set_class_and_subclass() and stick with our _nested() annotations. Fixes: 845e0ebb4408 ("net: change addr_list_lock back to static key") Suggested-by: Taehee Yoo Cc: Dmitry Vyukov Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 7dea927f702df030c02bd0c9e6e320a8315e3efa Author: Vladimir Oltean Date: Sun Jun 28 17:49:35 2020 +0300 lib: packing: add documentation for pbuflen argument Fixes sparse warning: Function parameter or member 'pbuflen' not described in 'packing' Fixes: 554aae35007e ("lib: Add support for generic packing operations") Signed-off-by: Vladimir Oltean Signed-off-by: David S. Miller commit 9b14d1f8a76682124c5e465196685a9833ff526e Author: Horatiu Vultur Date: Sun Jun 28 15:45:16 2020 +0200 bridge: mrp: Fix endian conversion and some other warnings The following sparse warnings are fixed: net/bridge/br_mrp.c:106:18: warning: incorrect type in assignment (different base types) net/bridge/br_mrp.c:106:18: expected unsigned short [usertype] net/bridge/br_mrp.c:106:18: got restricted __be16 [usertype] net/bridge/br_mrp.c:281:23: warning: incorrect type in argument 1 (different modifiers) net/bridge/br_mrp.c:281:23: expected struct list_head *entry net/bridge/br_mrp.c:281:23: got struct list_head [noderef] * net/bridge/br_mrp.c:332:28: warning: incorrect type in argument 1 (different modifiers) net/bridge/br_mrp.c:332:28: expected struct list_head *new net/bridge/br_mrp.c:332:28: got struct list_head [noderef] * net/bridge/br_mrp.c:332:40: warning: incorrect type in argument 2 (different modifiers) net/bridge/br_mrp.c:332:40: expected struct list_head *head net/bridge/br_mrp.c:332:40: got struct list_head [noderef] * net/bridge/br_mrp.c:682:29: warning: incorrect type in argument 1 (different modifiers) net/bridge/br_mrp.c:682:29: expected struct list_head const *head net/bridge/br_mrp.c:682:29: got struct list_head [noderef] * Reported-by: kernel test robot Fixes: 2f1a11ae11d222 ("bridge: mrp: Add MRP interface.") Fixes: 4b8d7d4c599182 ("bridge: mrp: Extend bridge interface") Fixes: 9a9f26e8f7ea30 ("bridge: mrp: Connect MRP API with the switchdev API") Signed-off-by: Horatiu Vultur Acked-by: Nikolay Aleksandrov Signed-off-by: David S. Miller commit d4f5a095daf0d25f0b385e1ef26338608433a4c5 Author: Navid Emamdoost Date: Mon Jun 15 00:49:28 2020 -0500 drm/exynos: fix ref count leak in mic_pre_enable in mic_pre_enable, pm_runtime_get_sync is called which increments the counter even in case of failure, leading to incorrect ref count. In case of failure, decrement the ref count before returning. Signed-off-by: Navid Emamdoost Signed-off-by: Inki Dae commit b9c633882de4601015625f9136f248e9abca8a7a Author: Marek Szyprowski Date: Mon Jun 1 17:06:30 2020 +0900 drm/exynos: Properly propagate return value in drm_iommu_attach_device() Propagate the proper error codes from the called functions instead of unconditionally returning 0. Reported-by: kbuild test robot Signed-off-by: Marek Szyprowski Merge conflict so merged it manually. Signed-off-by: Inki Dae commit aee83fbdbfa112c72fef3b91cd38ae93841d1075 Author: Tamseel Shams Date: Thu May 21 19:52:10 2020 +0530 drm/exynos: Remove dev_err() on platform_get_irq() failure platform_get_irq() will call dev_err() itself on failure, so there is no need for the driver to also do this. This is detected by coccinelle. Signed-off-by: Tamseel Shams Signed-off-by: Inki Dae commit 9ebcfadb0610322ac537dd7aa5d9cbc2b2894c68 Author: Linus Torvalds Date: Sun Jun 28 15:00:24 2020 -0700 Linux 5.8-rc3 commit f7db192b2d71ea42627a32349d59a5f99f2aafcc Merge: e44b59cd758a d528945d7762 Author: Linus Torvalds Date: Sun Jun 28 14:57:14 2020 -0700 Merge tag 'arm-omap-fixes-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM OMAP fixes from Arnd Bergmann: "The OMAP developers are particularly active at hunting down regressions, so this is a separate branch with OMAP specific fixes for v5.8: As Tony explains "The recent display subsystem (DSS) related platform data changes caused display related regressions for suspend and resume. Looks like I only tested suspend and resume before dropping the legacy platform data, and forgot to test it after dropping it. Turns out the main issue was that we no longer have platform code calling pm_runtime_suspend for DSS like we did for the legacy platform data case, and that fix is still being discussed on the dri-devel list and will get merged separately. The DSS related testing exposed a pile other other display related issues that also need fixing though": - Fix ti-sysc optional clock handling and reset status checks for devices that reset automatically in idle like DSS - Ignore ti-sysc clockactivity bit unless separately requested to avoid unexpected performance issues - Init ti-sysc framedonetv_irq to true and disable for am4 - Avoid duplicate DSS reset for legacy mode with dts data - Remove LCD timings for am4 as they cause warnings now that we're using generic panels Other OMAP changes from Tony include: - Fix omap_prm reset deassert as we still have drivers setting the pm_runtime_irq_safe() flag - Flush posted write for ti-sysc enable and disable - Fix droid4 spi related errors with spi flags - Fix am335x USB range and a typo for softreset - Fix dra7 timer nodes for clocks for IPU and DSP - Drop duplicate mailboxes after mismerge for dra7 - Prevent pocketgeagle header line signal from accidentally setting micro-SD write protection signal by removing the default mux - Fix NFSroot flakeyness after resume for duover by switching the smsc911x gpio interrupt to back to level sensitive - Fix regression for omap4 clockevent source after recent system timer changes - Yet another ethernet regression fix for the "rgmii" vs "rgmii-rxid" phy-mode - One patch to convert am3/am4 DT files to use the regular sdhci-omap driver instead of the old hsmmc driver, this was meant for the merge window but got lost in the process" * tag 'arm-omap-fixes-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (21 commits) ARM: dts: am5729: beaglebone-ai: fix rgmii phy-mode ARM: dts: Fix omap4 system timer source clocks ARM: dts: Fix duovero smsc interrupt for suspend ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect Revert "bus: ti-sysc: Increase max softreset wait" ARM: dts: am437x-epos-evm: remove lcd timings ARM: dts: am437x-gp-evm: remove lcd timings ARM: dts: am437x-sk-evm: remove lcd timings ARM: dts: dra7-evm-common: Fix duplicate mailbox nodes ARM: dts: dra7: Fix timer nodes properly for timer_sys_ck clocks ARM: dts: Fix am33xx.dtsi ti,sysc-mask wrong softreset flag ARM: dts: Fix am33xx.dtsi USB ranges length bus: ti-sysc: Increase max softreset wait ARM: OMAP2+: Fix legacy mode dss_reset bus: ti-sysc: Fix uninitialized framedonetv_irq bus: ti-sysc: Ignore clockactivity unless specified as a quirk bus: ti-sysc: Use optional clocks on for enable and wait for softreset bit ARM: dts: omap4-droid4: Fix spi configuration and increase rate bus: ti-sysc: Flush posted write on enable and disable soc: ti: omap-prm: use atomic iopoll instead of sleeping one ... commit e44b59cd758acdd413512d4597a1fabdadfe3abf Merge: 668f532da480 42d3f7e8da1b Author: Linus Torvalds Date: Sun Jun 28 14:55:18 2020 -0700 Merge tag 'arm-fixes-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM SoC fixes from Arnd Bergmann: "Here are a couple of bug fixes, mostly for devicetree files NXP i.MX: - Use correct voltage on some i.MX8M board device trees to avoid hardware damage - Code fixes for a compiler warning and incorrect reference counting, both harmless. - Fix the i.MX8M SoC driver to correctly identify imx8mp - Fix watchdog configuration in imx6ul-kontron device tree. Broadcom: - A small regression fix for the Raspberry-Pi firmware driver - A Kconfig change to use the correct timer driver on Northstar - A DT fix for the Luxul XWC-2000 machine - Two more DT fixes for NSP SoCs STmicroelectronics STI - Revert one broken patch for L2 cache configuration ARM Versatile Express: - Fix a regression by reverting a broken DT cleanup TEE drivers: - MAINTAINERS: change tee mailing list" * tag 'arm-fixes-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: Revert "ARM: sti: Implement dummy L2 cache's write_sec" soc: imx8m: fix build warning ARM: imx6: add missing put_device() call in imx6q_suspend_init() ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() soc: imx8m: Correct i.MX8MP UID fuse offset ARM: dts: imx6ul-kontron: Change WDOG_ANY signal from push-pull to open-drain ARM: dts: imx6ul-kontron: Move watchdog from Kontron i.MX6UL/ULL board to SoM arm64: dts: imx8mm-beacon: Fix voltages on LDO1 and LDO2 arm64: dts: imx8mn-ddr4-evk: correct ldo1/ldo2 voltage range arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range ARM: dts: NSP: Correct FA2 mailbox node ARM: bcm2835: Fix integer overflow in rpi_firmware_print_firmware_revision() MAINTAINERS: change tee mailing list ARM: dts: NSP: Disable PL330 by default, add dma-coherent property ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP ARM: dts: BCM5301X: Add missing memory "device_type" for Luxul XWC-2000 arm: dts: vexpress: Move mcc node back into motherboard node commit 668f532da4808688f5162cec6a38875390e1a91d Merge: ae71d4bf0074 f097eb38f713 Author: Linus Torvalds Date: Sun Jun 28 11:59:08 2020 -0700 Merge tag 'timers-urgent-2020-06-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fix from Ingo Molnar: "A single DocBook fix" * tag 'timers-urgent-2020-06-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: timekeeping: Fix kerneldoc system_device_crosststamp & al commit ae71d4bf0074a81cc04255c96e3de0a49b1d95fa Merge: bc53f67d247a 16accae3d97f Author: Linus Torvalds Date: Sun Jun 28 11:58:14 2020 -0700 Merge tag 'perf-urgent-2020-06-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fix from Ingo Molnar: "A single Kbuild dependency fix" * tag 'perf-urgent-2020-06-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/rapl: Fix RAPL config variable bug commit bc53f67d247a38d43e081faa7e63690a1279f5c7 Merge: 91a9a90d040e 2a55280a3675 Author: Linus Torvalds Date: Sun Jun 28 11:42:16 2020 -0700 Merge tag 'efi-urgent-2020-06-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI fixes from Ingo Molnar: - Fix build regression on v4.8 and older - Robustness fix for TPM log parsing code - kobject refcount fix for the ESRT parsing code - Two efivarfs fixes to make it behave more like an ordinary file system - Style fixup for zero length arrays - Fix a regression in path separator handling in the initrd loader - Fix a missing prototype warning - Add some kerneldoc headers for newly introduced stub routines - Allow support for SSDT overrides via EFI variables to be disabled - Report CPU mode and MMU state upon entry for 32-bit ARM - Use the correct stack pointer alignment when entering from mixed mode * tag 'efi-urgent-2020-06-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi/libstub: arm: Print CPU boot mode and MMU state at boot efi/libstub: arm: Omit arch specific config table matching array on arm64 efi/x86: Setup stack correctly for efi_pe_entry efi: Make it possible to disable efivar_ssdt entirely efi/libstub: Descriptions for stub helper functions efi/libstub: Fix path separator regression efi/libstub: Fix missing-prototype warning for skip_spaces() efi: Replace zero-length array and use struct_size() helper efivarfs: Don't return -EINTR when rate-limiting reads efivarfs: Update inode modification time for successful writes efi/esrt: Fix reference count leak in esre_create_sysfs_entry. efi/tpm: Verify event log header before parsing efi/x86: Fix build with gcc 4 commit 91a9a90d040e8b9ff63d48ea71468e0f4db764ff Merge: 098c7938217d e21cf43406a1 Author: Linus Torvalds Date: Sun Jun 28 10:37:39 2020 -0700 Merge tag 'sched_urgent_for_5.8_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fixes from Borislav Petkov: "The most anticipated fix in this pull request is probably the horrible build fix for the RANDSTRUCT fail that didn't make -rc2. Also included is the cleanup that removes those BUILD_BUG_ON()s and replaces it with ugly unions. Also included is the try_to_wake_up() race fix that was first triggered by Paul's RCU-torture runs, but was independently hit by Dave Chinner's fstest runs as well" * tag 'sched_urgent_for_5.8_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/cfs: change initial value of runnable_avg smp, irq_work: Continue smp_call_function*() and irq_work*() integration sched/core: s/WF_ON_RQ/WQ_ON_CPU/ sched/core: Fix ttwu() race sched/core: Fix PI boosting between RT and DEADLINE tasks sched/deadline: Initialize ->dl_boosted sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption sched/core: Fix CONFIG_GCC_PLUGIN_RANDSTRUCT build fail commit 098c7938217dfd5ef61720bb93d08cc836274b55 Merge: c141b30e9960 bb5570ad3b54 Author: Linus Torvalds Date: Sun Jun 28 10:35:01 2020 -0700 Merge tag 'x86_urgent_for_5.8_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Borislav Petkov: - AMD Memory bandwidth counter width fix, by Babu Moger. - Use the proper length type in the 32-bit truncate() syscall variant, by Jiri Slaby. - Reinit IA32_FEAT_CTL during wakeup to fix the case where after resume, VMXON would #GP due to VMX not being properly enabled, by Sean Christopherson. - Fix a static checker warning in the resctrl code, by Dan Carpenter. - Add a CR4 pinning mask for bits which cannot change after boot, by Kees Cook. - Align the start of the loop of __clear_user() to 16 bytes, to improve performance on AMD zen1 and zen2 microarchitectures, by Matt Fleming. * tag 'x86_urgent_for_5.8_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/asm/64: Align start of __clear_user() loop to 16-bytes x86/cpu: Use pinning mask for CR4 bits needing to be 0 x86/resctrl: Fix a NULL vs IS_ERR() static checker warning in rdt_cdp_peer_get() x86/cpu: Reinitialize IA32_FEAT_CTL MSR on BSP during wakeup syscalls: Fix offset type of ksys_ftruncate() x86/resctrl: Fix memory bandwidth counter width for AMD commit c141b30e9960e81455ad9c3658c079051eea7e2d Merge: 7ecb59a56666 b58e733fd774 Author: Linus Torvalds Date: Sun Jun 28 10:29:38 2020 -0700 Merge tag 'rcu_urgent_for_5.8_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RCU-vs-KCSAN fixes from Borislav Petkov: "A single commit that uses "arch_" atomic operations to avoid the instrumentation that comes with the non-"arch_" versions. In preparation for that commit, it also has another commit that makes these "arch_" atomic operations available to generic code. Without these commits, KCSAN uses can see pointless errors" * tag 'rcu_urgent_for_5.8_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: rcu: Fixup noinstr warnings locking/atomics: Provide the arch_atomic_ interface to generic code commit 7ecb59a56666506ebb1197f89ca7d587bd83309e Merge: a358505d8af3 0f1441b44e82 Author: Linus Torvalds Date: Sun Jun 28 10:16:15 2020 -0700 Merge tag 'objtool_urgent_for_5.8_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull objtool fixes from Borislav Petkov: "Three fixes from Peter Zijlstra suppressing KCOV instrumentation in noinstr sections. Peter Zijlstra says: "Address KCOV vs noinstr. There is no function attribute to selectively suppress KCOV instrumentation, instead teach objtool to NOP out the calls in noinstr functions" This cures a bunch of KCOV crashes (as used by syzcaller)" * tag 'objtool_urgent_for_5.8_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Fix noinstr vs KCOV objtool: Provide elf_write_{insn,reloc}() objtool: Clean up elf_write() condition commit a358505d8af3ab43763e1b49549619528783d2bf Merge: 719fdd32921f 2c92d787cc9f Author: Linus Torvalds Date: Sun Jun 28 09:42:47 2020 -0700 Merge tag 'x86_entry_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 entry fixes from Borislav Petkov: "This is the x86/entry urgent pile which has accumulated since the merge window. It is not the smallest but considering the almost complete entry core rewrite, the amount of fixes to follow is somewhat higher than usual, which is to be expected. Peter Zijlstra says: 'These patches address a number of instrumentation issues that were found after the x86/entry overhaul. When combined with rcu/urgent and objtool/urgent, these patches make UBSAN/KASAN/KCSAN happy again. Part of making this all work is bumping the minimum GCC version for KASAN builds to gcc-8.3, the reason for this is that the __no_sanitize_address function attribute is broken in GCC releases before that. No known GCC version has a working __no_sanitize_undefined, however because the only noinstr violation that results from this happens when an UB is found, we treat it like WARN. That is, we allow it to violate the noinstr rules in order to get the warning out'" * tag 'x86_entry_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/entry: Fix #UD vs WARN more x86/entry: Increase entry_stack size to a full page x86/entry: Fixup bad_iret vs noinstr objtool: Don't consider vmlinux a C-file kasan: Fix required compiler version compiler_attributes.h: Support no_sanitize_undefined check with GCC 4 x86/entry, bug: Comment the instrumentation_begin() usage for WARN() x86/entry, ubsan, objtool: Whitelist __ubsan_handle_*() x86/entry, cpumask: Provide non-instrumented variant of cpu_is_offline() compiler_types.h: Add __no_sanitize_{address,undefined} to noinstr kasan: Bump required compiler version x86, kcsan: Add __no_kcsan to noinstr kcsan: Remove __no_kcsan_or_inline x86, kcsan: Remove __no_kcsan_or_inline usage commit 2bdeb3ed547d8822b2566797afa6c2584abdb119 Merge: 7a64135f3229 53792fa45b1b Author: Alexei Starovoitov Date: Sun Jun 28 08:33:28 2020 -0700 Merge branch 'fix-sockmap' John Fastabend says: ==================== Fix a splat introduced by recent changes to avoid skipping ingress policy when kTLS is enabled. The RCU splat was introduced because in the non-TLS case the caller is wrapped in an rcu_read_lock/unlock. But, in the TLS case we have a reference to the psock and the caller did not wrap its call in rcu_read_lock/unlock. To fix extend the RCU section to include the redirect case which was missed. From v1->v2 I changed the location a bit to simplify the code some. See patch 1. But, then Martin asked why it was not needed in the non-TLS case. The answer for patch 1 was, as stated above, because the caller has the rcu read lock. However, there was still a missing case where a BPF user could in-theory line up a set of parameters to hit a case where the code was entered from strparser side from a different context then the initial caller. To hit this user would need a parser program to return value greater than skb->len then an ENOMEM error could happen in the strparser codepath triggering strparser to retry from a workqueue and without rcu_read_lock original caller used. See patch 2 for details. Finally, we don't actually have any selftests for parser returning a value geater than skb->len so add one in patch 3. This is especially needed because at least I don't have any code that uses the parser to return value greater than skb->len. So I wouldn't have caught any errors here in my own testing. Thanks, John v1->v2: simplify code in patch 1 some and add patches 2 and 3. ==================== Signed-off-by: Alexei Starovoitov commit 53792fa45b1b17f78f18bcd0bd167674341297e8 Author: John Fastabend Date: Thu Jun 25 16:13:38 2020 -0700 bpf, sockmap: Add ingres skb tests that utilize merge skbs Add a test to check strparser merging skbs is working. Signed-off-by: John Fastabend Signed-off-by: Alexei Starovoitov Acked-by: Martin KaFai Lau Link: https://lore.kernel.org/bpf/159312681884.18340.4922800172600252370.stgit@john-XPS-13-9370 commit 8025751d4d55a2f32be6bdf825b6a80c299875f5 Author: John Fastabend Date: Thu Jun 25 16:13:18 2020 -0700 bpf, sockmap: RCU dereferenced psock may be used outside RCU block If an ingress verdict program specifies message sizes greater than skb->len and there is an ENOMEM error due to memory pressure we may call the rcv_msg handler outside the strp_data_ready() caller context. This is because on an ENOMEM error the strparser will retry from a workqueue. The caller currently protects the use of psock by calling the strp_data_ready() inside a rcu_read_lock/unlock block. But, in above workqueue error case the psock is accessed outside the read_lock/unlock block of the caller. So instead of using psock directly we must do a look up against the sk again to ensure the psock is available. There is an an ugly piece here where we must handle the case where we paused the strp and removed the psock. On psock removal we first pause the strparser and then remove the psock. If the strparser is paused while an skb is scheduled on the workqueue the skb will be dropped on the flow and kfree_skb() is called. If the workqueue manages to get called before we pause the strparser but runs the rcvmsg callback after the psock is removed we will hit the unlikely case where we run the sockmap rcvmsg handler but do not have a psock. For now we will follow strparser logic and drop the skb on the floor with skb_kfree(). This is ugly because the data is dropped. To date this has not caused problems in practice because either the application controlling the sockmap is coordinating with the datapath so that skbs are "flushed" before removal or we simply wait for the sock to be closed before removing it. This patch fixes the describe RCU bug and dropping the skb doesn't make things worse. Future patches will improve this by allowing the normal case where skbs are not merged to skip the strparser altogether. In practice many (most?) use cases have no need to merge skbs so its both a code complexity hit as seen above and a performance issue. For example, in the Cilium case we always set the strparser up to return sbks 1:1 without any merging and have avoided above issues. Fixes: e91de6afa81c1 ("bpf: Fix running sk_skb program types with ktls") Signed-off-by: John Fastabend Signed-off-by: Alexei Starovoitov Acked-by: Martin KaFai Lau Link: https://lore.kernel.org/bpf/159312679888.18340.15248924071966273998.stgit@john-XPS-13-9370 commit 93dd5f185916b05e931cffae636596f21f98546e Author: John Fastabend Date: Thu Jun 25 16:12:59 2020 -0700 bpf, sockmap: RCU splat with redirect and strparser error or TLS There are two paths to generate the below RCU splat the first and most obvious is the result of the BPF verdict program issuing a redirect on a TLS socket (This is the splat shown below). Unlike the non-TLS case the caller of the *strp_read() hooks does not wrap the call in a rcu_read_lock/unlock. Then if the BPF program issues a redirect action we hit the RCU splat. However, in the non-TLS socket case the splat appears to be relatively rare, because the skmsg caller into the strp_data_ready() is wrapped in a rcu_read_lock/unlock. Shown here, static void sk_psock_strp_data_ready(struct sock *sk) { struct sk_psock *psock; rcu_read_lock(); psock = sk_psock(sk); if (likely(psock)) { if (tls_sw_has_ctx_rx(sk)) { psock->parser.saved_data_ready(sk); } else { write_lock_bh(&sk->sk_callback_lock); strp_data_ready(&psock->parser.strp); write_unlock_bh(&sk->sk_callback_lock); } } rcu_read_unlock(); } If the above was the only way to run the verdict program we would be safe. But, there is a case where the strparser may throw an ENOMEM error while parsing the skb. This is a result of a failed skb_clone, or alloc_skb_for_msg while building a new merged skb when the msg length needed spans multiple skbs. This will in turn put the skb on the strp_wrk workqueue in the strparser code. The skb will later be dequeued and verdict programs run, but now from a different context without the rcu_read_lock()/unlock() critical section in sk_psock_strp_data_ready() shown above. In practice I have not seen this yet, because as far as I know most users of the verdict programs are also only working on single skbs. In this case no merge happens which could trigger the above ENOMEM errors. In addition the system would need to be under memory pressure. For example, we can't hit the above case in selftests because we missed having tests to merge skbs. (Added in later patch) To fix the below splat extend the rcu_read_lock/unnlock block to include the call to sk_psock_tls_verdict_apply(). This will fix both TLS redirect case and non-TLS redirect+error case. Also remove psock from the sk_psock_tls_verdict_apply() function signature its not used there. [ 1095.937597] WARNING: suspicious RCU usage [ 1095.940964] 5.7.0-rc7-02911-g463bac5f1ca79 #1 Tainted: G W [ 1095.944363] ----------------------------- [ 1095.947384] include/linux/skmsg.h:284 suspicious rcu_dereference_check() usage! [ 1095.950866] [ 1095.950866] other info that might help us debug this: [ 1095.950866] [ 1095.957146] [ 1095.957146] rcu_scheduler_active = 2, debug_locks = 1 [ 1095.961482] 1 lock held by test_sockmap/15970: [ 1095.964501] #0: ffff9ea6b25de660 (sk_lock-AF_INET){+.+.}-{0:0}, at: tls_sw_recvmsg+0x13a/0x840 [tls] [ 1095.968568] [ 1095.968568] stack backtrace: [ 1095.975001] CPU: 1 PID: 15970 Comm: test_sockmap Tainted: G W 5.7.0-rc7-02911-g463bac5f1ca79 #1 [ 1095.977883] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1095.980519] Call Trace: [ 1095.982191] dump_stack+0x8f/0xd0 [ 1095.984040] sk_psock_skb_redirect+0xa6/0xf0 [ 1095.986073] sk_psock_tls_strp_read+0x1d8/0x250 [ 1095.988095] tls_sw_recvmsg+0x714/0x840 [tls] v2: Improve commit message to identify non-TLS redirect plus error case condition as well as more common TLS case. In the process I decided doing the rcu_read_unlock followed by the lock/unlock inside branches was unnecessarily complex. We can just extend the current rcu block and get the same effeective without the shuffling and branching. Thanks Martin! Fixes: e91de6afa81c1 ("bpf: Fix running sk_skb program types with ktls") Reported-by: Jakub Sitnicki Reported-by: kernel test robot Signed-off-by: John Fastabend Signed-off-by: Alexei Starovoitov Acked-by: Martin KaFai Lau Acked-by: Jakub Sitnicki Link: https://lore.kernel.org/bpf/159312677907.18340.11064813152758406626.stgit@john-XPS-13-9370 commit e21cf43406a190adfcc4bfe592768066fb3aaa9b Author: Vincent Guittot Date: Wed Jun 24 17:44:22 2020 +0200 sched/cfs: change initial value of runnable_avg Some performance regression on reaim benchmark have been raised with commit 070f5e860ee2 ("sched/fair: Take into account runnable_avg to classify group") The problem comes from the init value of runnable_avg which is initialized with max value. This can be a problem if the newly forked task is finally a short task because the group of CPUs is wrongly set to overloaded and tasks are pulled less agressively. Set initial value of runnable_avg equals to util_avg to reflect that there is no waiting time so far. Fixes: 070f5e860ee2 ("sched/fair: Take into account runnable_avg to classify group") Reported-by: kernel test robot Signed-off-by: Vincent Guittot Signed-off-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20200624154422.29166-1-vincent.guittot@linaro.org commit 8c4890d1c3358fb8023d46e1e554c41d54f02878 Author: Peter Zijlstra Date: Mon Jun 22 12:01:25 2020 +0200 smp, irq_work: Continue smp_call_function*() and irq_work*() integration Instead of relying on BUG_ON() to ensure the various data structures line up, use a bunch of horrible unions to make it all automatic. Much of the union magic is to ensure irq_work and smp_call_function do not (yet) see the members of their respective data structures change name. Suggested-by: Linus Torvalds Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Reviewed-by: Frederic Weisbecker Link: https://lkml.kernel.org/r/20200622100825.844455025@infradead.org commit 739f70b476cf05c5a424b42a8b5728914345610c Author: Peter Zijlstra Date: Mon Jun 22 12:01:24 2020 +0200 sched/core: s/WF_ON_RQ/WQ_ON_CPU/ Use a better name for this poorly named flag, to avoid confusion... Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Acked-by: Mel Gorman Link: https://lkml.kernel.org/r/20200622100825.785115830@infradead.org commit b6e13e85829f032411b896bd2f0d6cbe4b0a3c4a Author: Peter Zijlstra Date: Mon Jun 22 12:01:23 2020 +0200 sched/core: Fix ttwu() race Paul reported rcutorture occasionally hitting a NULL deref: sched_ttwu_pending() ttwu_do_wakeup() check_preempt_curr() := check_preempt_wakeup() find_matching_se() is_same_group() if (se->cfs_rq == pse->cfs_rq) <-- *BOOM* Debugging showed that this only appears to happen when we take the new code-path from commit: 2ebb17717550 ("sched/core: Offload wakee task activation if it the wakee is descheduling") and only when @cpu == smp_processor_id(). Something which should not be possible, because p->on_cpu can only be true for remote tasks. Similarly, without the new code-path from commit: c6e7bd7afaeb ("sched/core: Optimize ttwu() spinning on p->on_cpu") this would've unconditionally hit: smp_cond_load_acquire(&p->on_cpu, !VAL); and if: 'cpu == smp_processor_id() && p->on_cpu' is possible, this would result in an instant live-lock (with IRQs disabled), something that hasn't been reported. The NULL deref can be explained however if the task_cpu(p) load at the beginning of try_to_wake_up() returns an old value, and this old value happens to be smp_processor_id(). Further assume that the p->on_cpu load accurately returns 1, it really is still running, just not here. Then, when we enqueue the task locally, we can crash in exactly the observed manner because p->se.cfs_rq != rq->cfs_rq, because p's cfs_rq is from the wrong CPU, therefore we'll iterate into the non-existant parents and NULL deref. The closest semi-plausible scenario I've managed to contrive is somewhat elaborate (then again, actual reproduction takes many CPU hours of rcutorture, so it can't be anything obvious): X->cpu = 1 rq(1)->curr = X CPU0 CPU1 CPU2 // switch away from X LOCK rq(1)->lock smp_mb__after_spinlock dequeue_task(X) X->on_rq = 9 switch_to(Z) X->on_cpu = 0 UNLOCK rq(1)->lock // migrate X to cpu 0 LOCK rq(1)->lock dequeue_task(X) set_task_cpu(X, 0) X->cpu = 0 UNLOCK rq(1)->lock LOCK rq(0)->lock enqueue_task(X) X->on_rq = 1 UNLOCK rq(0)->lock // switch to X LOCK rq(0)->lock smp_mb__after_spinlock switch_to(X) X->on_cpu = 1 UNLOCK rq(0)->lock // X goes sleep X->state = TASK_UNINTERRUPTIBLE smp_mb(); // wake X ttwu() LOCK X->pi_lock smp_mb__after_spinlock if (p->state) cpu = X->cpu; // =? 1 smp_rmb() // X calls schedule() LOCK rq(0)->lock smp_mb__after_spinlock dequeue_task(X) X->on_rq = 0 if (p->on_rq) smp_rmb(); if (p->on_cpu && ttwu_queue_wakelist(..)) [*] smp_cond_load_acquire(&p->on_cpu, !VAL) cpu = select_task_rq(X, X->wake_cpu, ...) if (X->cpu != cpu) switch_to(Y) X->on_cpu = 0 UNLOCK rq(0)->lock However I'm having trouble convincing myself that's actually possible on x86_64 -- after all, every LOCK implies an smp_mb() there, so if ttwu observes ->state != RUNNING, it must also observe ->cpu != 1. (Most of the previous ttwu() races were found on very large PowerPC) Nevertheless, this fully explains the observed failure case. Fix it by ordering the task_cpu(p) load after the p->on_cpu load, which is easy since nothing actually uses @cpu before this. Fixes: c6e7bd7afaeb ("sched/core: Optimize ttwu() spinning on p->on_cpu") Reported-by: Paul E. McKenney Tested-by: Paul E. McKenney Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Link: https://lkml.kernel.org/r/20200622125649.GC576871@hirez.programming.kicks-ass.net commit 740797ce3a124b7dd22b7fb832d87bc8fba1cf6f Author: Juri Lelli Date: Mon Nov 19 16:32:01 2018 +0100 sched/core: Fix PI boosting between RT and DEADLINE tasks syzbot reported the following warning: WARNING: CPU: 1 PID: 6351 at kernel/sched/deadline.c:628 enqueue_task_dl+0x22da/0x38a0 kernel/sched/deadline.c:1504 At deadline.c:628 we have: 623 static inline void setup_new_dl_entity(struct sched_dl_entity *dl_se) 624 { 625 struct dl_rq *dl_rq = dl_rq_of_se(dl_se); 626 struct rq *rq = rq_of_dl_rq(dl_rq); 627 628 WARN_ON(dl_se->dl_boosted); 629 WARN_ON(dl_time_before(rq_clock(rq), dl_se->deadline)); [...] } Which means that setup_new_dl_entity() has been called on a task currently boosted. This shouldn't happen though, as setup_new_dl_entity() is only called when the 'dynamic' deadline of the new entity is in the past w.r.t. rq_clock and boosted tasks shouldn't verify this condition. Digging through the PI code I noticed that what above might in fact happen if an RT tasks blocks on an rt_mutex hold by a DEADLINE task. In the first branch of boosting conditions we check only if a pi_task 'dynamic' deadline is earlier than mutex holder's and in this case we set mutex holder to be dl_boosted. However, since RT 'dynamic' deadlines are only initialized if such tasks get boosted at some point (or if they become DEADLINE of course), in general RT 'dynamic' deadlines are usually equal to 0 and this verifies the aforementioned condition. Fix it by checking that the potential donor task is actually (even if temporary because in turn boosted) running at DEADLINE priority before using its 'dynamic' deadline value. Fixes: 2d3d891d3344 ("sched/deadline: Add SCHED_DEADLINE inheritance logic") Reported-by: syzbot+119ba87189432ead09b4@syzkaller.appspotmail.com Signed-off-by: Juri Lelli Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Reviewed-by: Daniel Bristot de Oliveira Tested-by: Daniel Wagner Link: https://lkml.kernel.org/r/20181119153201.GB2119@localhost.localdomain commit ce9bc3b27f2a21a7969b41ffb04df8cf61bd1592 Author: Juri Lelli Date: Wed Jun 17 09:29:19 2020 +0200 sched/deadline: Initialize ->dl_boosted syzbot reported the following warning triggered via SYSC_sched_setattr(): WARNING: CPU: 0 PID: 6973 at kernel/sched/deadline.c:593 setup_new_dl_entity /kernel/sched/deadline.c:594 [inline] WARNING: CPU: 0 PID: 6973 at kernel/sched/deadline.c:593 enqueue_dl_entity /kernel/sched/deadline.c:1370 [inline] WARNING: CPU: 0 PID: 6973 at kernel/sched/deadline.c:593 enqueue_task_dl+0x1c17/0x2ba0 /kernel/sched/deadline.c:1441 This happens because the ->dl_boosted flag is currently not initialized by __dl_clear_params() (unlike the other flags) and setup_new_dl_entity() rightfully complains about it. Initialize dl_boosted to 0. Fixes: 2d3d891d3344 ("sched/deadline: Add SCHED_DEADLINE inheritance logic") Reported-by: syzbot+5ac8bac25f95e8b221e7@syzkaller.appspotmail.com Signed-off-by: Juri Lelli Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Tested-by: Daniel Wagner Link: https://lkml.kernel.org/r/20200617072919.818409-1-juri.lelli@redhat.com commit fd844ba9ae59b51e34e77105d79f8eca780b3bd6 Author: Scott Wood Date: Wed Jun 17 14:17:42 2020 +0200 sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption This function is concerned with the long-term CPU mask, not the transitory mask the task might have while migrate disabled. Before this patch, if a task was migrate-disabled at the time __set_cpus_allowed_ptr() was called, and the new mask happened to be equal to the CPU that the task was running on, then the mask update would be lost. Signed-off-by: Scott Wood Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar Link: https://lkml.kernel.org/r/20200617121742.cpxppyi7twxmpin7@linutronix.de commit 4f311afc2035f7b33d97e69ffaa2e6cd67fca16d Author: Peter Zijlstra Date: Wed Jun 10 12:14:09 2020 +0200 sched/core: Fix CONFIG_GCC_PLUGIN_RANDSTRUCT build fail As a temporary build fix, the proper cleanup needs more work. Reported-by: Guenter Roeck Reported-by: Eric Biggers Suggested-by: Eric Biggers Suggested-by: Kees Cook Fixes: a148866489fb ("sched: Replace rq::wake_list") Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar commit 42d3f7e8da1bc55e3109f612c519c945f6587194 Merge: 2596ce4b4ded a72132144643 Author: Arnd Bergmann Date: Sun Jun 28 14:48:19 2020 +0200 Merge tag 'imx-fixes-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/fixes i.MX fixes for 5.8: - Fix LDO1 and LDO2 voltage range for a couple of i.MX8M board device trees. - Fix i.MX8MP UID fuse offset in i.MX8M SoC driver. - Fix watchdog configuration in imx6ul-kontron device tree. - Fix one build warning seen on building soc-imx8m driver with x86_64-randconfig. - Add missing put_device() call for a couple of mach-imx PM functions. * tag 'imx-fixes-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: soc: imx8m: fix build warning ARM: imx6: add missing put_device() call in imx6q_suspend_init() ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() soc: imx8m: Correct i.MX8MP UID fuse offset ARM: dts: imx6ul-kontron: Change WDOG_ANY signal from push-pull to open-drain ARM: dts: imx6ul-kontron: Move watchdog from Kontron i.MX6UL/ULL board to SoM arm64: dts: imx8mm-beacon: Fix voltages on LDO1 and LDO2 arm64: dts: imx8mn-ddr4-evk: correct ldo1/ldo2 voltage range arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range Link: https://lore.kernel.org/r/20200624111725.GA24312@dragon Signed-off-by: Arnd Bergmann commit 2596ce4b4ded685b67fed407aed2bfe6ebcc39cb Merge: 6d89c73ca581 e92bc059e7fa Author: Arnd Bergmann Date: Sun Jun 28 14:48:06 2020 +0200 Merge tag 'arm-soc/for-5.8/drivers-fixes' of https://github.com/Broadcom/stblinux into arm/fixes This pull request contains Broadcom ARM/ARM64/MIPS SoCs drivers fixes for 5.8, please pull the following: - Andy provides a fix for the Raspberry Pi firmware driver to print the correct time upon boot. This is a fallout from a converstion to use the ptT format * tag 'arm-soc/for-5.8/drivers-fixes' of https://github.com/Broadcom/stblinux: ARM: bcm2835: Fix integer overflow in rpi_firmware_print_firmware_revision() Link: https://lore.kernel.org/r/20200619202250.19029-2-f.fainelli@gmail.com Signed-off-by: Arnd Bergmann commit 6d89c73ca5813768a2cc66f7420ac0cbddf4f37d Merge: 275087fc3ef5 0386e9ce5877 Author: Arnd Bergmann Date: Sun Jun 28 14:47:40 2020 +0200 Merge tag 'arm-soc/for-5.8/soc-fixes' of https://github.com/Broadcom/stblinux into arm/fixes This pull request contains Broadcom ARM-based SoCs machine/Kconfig fixes for 5.8, please pull the following: - Matthew adds a missing select to permit the use of the standard ARM SP804 timers on Norsthstar Plus (NSP) * tag 'arm-soc/for-5.8/soc-fixes' of https://github.com/Broadcom/stblinux: ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP Link: https://lore.kernel.org/r/20200619202250.19029-3-f.fainelli@gmail.com Signed-off-by: Arnd Bergmann commit 275087fc3ef5af5d20b5cab1403bd29d12311c6a Merge: 0f77ce26ebcf ac4e106d8934 Author: Arnd Bergmann Date: Sun Jun 28 14:47:24 2020 +0200 Merge tag 'arm-soc/for-5.8/devicetree-fixes' of https://github.com/Broadcom/stblinux into arm/fixes This pull request contains Broadcom ARM-based SoCs Device Tree fixes for 5.8, please pull the following: - Rafal adds a missing 'device_type' property to the Luxul XWC-2000 required for the memory nodes to be correctly parsed by Linux - Matthew provides two fixes for the NSP SoCs, one to disable the PL330 DMA controller by default since it can be left in reset by the bootloader and the second to correct the flow accelerator mailbox node * tag 'arm-soc/for-5.8/devicetree-fixes' of https://github.com/Broadcom/stblinux: ARM: dts: NSP: Correct FA2 mailbox node ARM: dts: NSP: Disable PL330 by default, add dma-coherent property ARM: dts: BCM5301X: Add missing memory "device_type" for Luxul XWC-2000 Link: https://lore.kernel.org/r/20200619202250.19029-1-f.fainelli@gmail.com Signed-off-by: Arnd Bergmann commit 0f77ce26ebcf6ea384421d2dd47b924b83649692 Author: Patrice Chotard Date: Thu Jun 18 19:24:56 2020 +0200 Revert "ARM: sti: Implement dummy L2 cache's write_sec" This reverts commit 7b8e0188fa717cd9abc4fb52587445b421835c2a. Initially, STiH410-B2260 was supposed to be secured, that's why l2c_write_sec was stubbed to avoid secure register access from non secure world. But by default, STiH410-B2260 is running in non secure mode, so L2 cache register accesses are authorized, l2c_write_sec stub is not needed. With this patch, L2 cache is configured and performance are enhanced. Link: https://lore.kernel.org/r/20200618172456.29475-1-patrice.chotard@st.com Signed-off-by: Patrice Chotard Cc: Alain Volmat Signed-off-by: Arnd Bergmann commit d528945d7762be94beca4c111bb95dcc9a9f39c0 Merge: 8705ed2f725b a352fe371053 Author: Arnd Bergmann Date: Sun Jun 28 14:45:05 2020 +0200 Merge tag 'omap-for-v5.8/fixes-rc1-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/omap-fixes Few dts fixes for omaps for v5.8 Few fixes for various devices: - Prevent pocketgeagle header line signal from accidentally setting micro-SD write protection signal by removing the default mux - Fix NFSroot flakeyness after resume for duover by switching the smsc911x gpio interrupt to back to level sensitive - Fix regression for omap4 clockevent source after recent system timer changes - Yet another ethernet regression fix for the "rgmii" vs "rgmii-rxid" phy-mode * tag 'omap-for-v5.8/fixes-rc1-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: dts: am5729: beaglebone-ai: fix rgmii phy-mode ARM: dts: Fix omap4 system timer source clocks ARM: dts: Fix duovero smsc interrupt for suspend ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect Link: https://lore.kernel.org/r/pull-1592499282-121092@atomide.com Signed-off-by: Arnd Bergmann commit 8705ed2f725b4d2bcc1c2474a906c9ade0dfa28f Merge: 5b75f16f13d3 0b4edf111870 Author: Arnd Bergmann Date: Sun Jun 28 14:44:39 2020 +0200 Merge tag 'omap-for-v5.8/dt-missed-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/omap-fixes Missed sdhci patch for am3 and am4 I forgot to send a pull request earlier for converting am3 and am4 to use sdhci-omap driver instead of the old omap_hsmmc driver. There was a display subsystem related suspend and resume regression found recently and looks like I forgot to send a pull request for this patch while debugging the regression. This patch has been tested without the display subsystem, and has been in Linux next for several weeks now, so would be good to have merged for v5.8. * tag 'omap-for-v5.8/dt-missed-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver Link: https://lore.kernel.org/r/pull-1591637467-607254@atomide.com Signed-off-by: Arnd Bergmann commit 4c9f47ce57b807003e83d7cbeee77e3c10a26ac6 Merge: d68ec1644dd5 cf5057e169f4 Author: Arnd Bergmann Date: Sat Jun 27 00:20:55 2020 +0200 Merge tag 'tee-ml-for-v5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes Change the TEE mailing list in MAINTAINERS * tag 'tee-ml-for-v5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee: MAINTAINERS: change tee mailing list Link: https://lore.kernel.org/r/20200616075948.GA2288211@jade Signed-off-by: Arnd Bergmann commit 5b75f16f13d38cd5ad5ac959bf71ead7635611c5 Merge: 48778464bb7d e4a8fc054340 Author: Arnd Bergmann Date: Sat Jun 27 00:17:23 2020 +0200 Merge tag 'omap-for-v5.8/fixes-merge-window-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/fixes Fixes for omaps for v5.8 The recent display subsystem (DSS) related platform data changes caused display related regressions for suspend and resume. Looks like I only tested suspend and resume before dropping the legacy platform data, and forgot to test it after dropping it. Turns out the main issue was that we no longer have platform code calling pm_runtime_suspend for DSS like we did for the legacy platform data case, and that fix is still being discussed on the dri-devel list and will get merged separately. The DSS related testing exposed a pile other other display related issues that also need fixing though: - Fix ti-sysc optional clock handling and reset status checks for devices that reset automatically in idle like DSS - Ignore ti-sysc clockactivity bit unless separately requested to avoid unexpected performance issues - Init ti-sysc framedonetv_irq to true and disable for am4 - Avoid duplicate DSS reset for legacy mode with dts data - Remove LCD timings for am4 as they cause warnings now that we're using generic panels Then there is a pile of other fixes not related to the DSS: - Fix omap_prm reset deassert as we still have drivers setting the pm_runtime_irq_safe() flag - Flush posted write for ti-sysc enable and disable - Fix droid4 spi related errors with spi flags - Fix am335x USB range and a typo for softreset - Fix dra7 timer nodes for clocks for IPU and DSP - Drop duplicate mailboxes after mismerge for dra7 * tag 'omap-for-v5.8/fixes-merge-window-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: Revert "bus: ti-sysc: Increase max softreset wait" ARM: dts: am437x-epos-evm: remove lcd timings ARM: dts: am437x-gp-evm: remove lcd timings ARM: dts: am437x-sk-evm: remove lcd timings ARM: dts: dra7-evm-common: Fix duplicate mailbox nodes ARM: dts: dra7: Fix timer nodes properly for timer_sys_ck clocks ARM: dts: Fix am33xx.dtsi ti,sysc-mask wrong softreset flag ARM: dts: Fix am33xx.dtsi USB ranges length bus: ti-sysc: Increase max softreset wait ARM: OMAP2+: Fix legacy mode dss_reset bus: ti-sysc: Fix uninitialized framedonetv_irq bus: ti-sysc: Ignore clockactivity unless specified as a quirk bus: ti-sysc: Use optional clocks on for enable and wait for softreset bit ARM: dts: omap4-droid4: Fix spi configuration and increase rate bus: ti-sysc: Flush posted write on enable and disable soc: ti: omap-prm: use atomic iopoll instead of sleeping one Link: https://lore.kernel.org/r/pull-1591889257-410830@atomide.com Signed-off-by: Arnd Bergmann commit 719fdd32921fb7e3208db8832d32ae1c2d68900f Author: David Howells Date: Wed Jun 24 17:00:24 2020 +0100 afs: Fix storage of cell names The cell name stored in the afs_cell struct is a 64-char + NUL buffer - when it needs to be able to handle up to AFS_MAXCELLNAME (256 chars) + NUL. Fix this by changing the array to a pointer and allocating the string. Found using Coverity. Fixes: 989782dcdc91 ("afs: Overhaul cell database management") Reported-by: Colin Ian King Signed-off-by: David Howells Signed-off-by: Linus Torvalds commit 758abb5a60244a8fa121259bd0666eb88aee07fe Author: Dov Murik Date: Mon Jun 22 12:43:43 2020 +0000 docs: kbuild: fix ReST formatting Commit cd238effefa2 ("docs: kbuild: convert docs to ReST and rename to *.rst") missed a ReST header and a verbatim file content area. Signed-off-by: Dov Murik Signed-off-by: Masahiro Yamada commit 6975031a31f0c72a20e464c1df4c607d6bb44fb8 Author: Masahiro Yamada Date: Thu Feb 13 21:24:10 2020 +0900 gcc-plugins: fix gcc-plugins directory path in documentation Fix typos "plgins" -> "plugins". Signed-off-by: Masahiro Yamada Acked-by: Kees Cook commit 2ce578ca9444bb44da66b9a494f56e7ec12e6466 Author: Miaohe Lin Date: Sat Jun 27 15:47:51 2020 +0800 net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() We can't cast sk_buff to rtable by (struct rtable *)hint. Use skb_rtable(). Fixes: 02b24941619f ("ipv4: use dst hint for ipv4 list receive") Signed-off-by: Miaohe Lin Signed-off-by: David S. Miller commit f8e99dde21995d185e2379e34ea2b96acf85702b Merge: 69339d083dfb 45c11a927606 Author: Linus Walleij Date: Sun Jun 28 01:08:21 2020 +0200 Merge tag 'intel-pinctrl-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pinctrl/intel into fixes intel-pinctrl for v5.8-2 * Fix output pin value handling on Intel Baytrail The following is an automated git shortlog grouped by driver: baytrail: - Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) commit 916a3b0fc1206f7e7ae8d00a21a3114b1dc67794 Merge: 3cd1c5d582f4 bf1028a41eaf Author: Linus Torvalds Date: Sat Jun 27 15:24:04 2020 -0700 Merge tag '5.8-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "Six cifs/smb3 fixes, three of them for stable. Fixes xfstests 451, 313 and 316" * tag '5.8-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: misc: Use array_size() in if-statement controlling expression cifs: update ctime and mtime during truncate cifs/smb3: Fix data inconsistent when punch hole cifs/smb3: Fix data inconsistent when zero file range cifs: Fix double add page to memcg when cifs_readpages cifs: Fix cached_fid refcnt leak in open_shroot commit 3cd1c5d582f42fead949947a6e3c8f51797580c9 Merge: c322f5399fc3 afe89f115e84 Author: Linus Torvalds Date: Sat Jun 27 15:20:03 2020 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Six small fixes, five in drivers and one to correct another minor regression from cc97923a5bcc ("block: move dma drain handling to scsi") where we still need the drain stub to be built in to the kernel for the modular libata, non-modular SAS driver case" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: mptscsih: Fix read sense data size scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() scsi: libata: Fix the ata_scsi_dma_need_drain stub scsi: qla2xxx: Keep initiator ports after RSCN scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request commit c322f5399fc36300ae870db8fbcf793e063aaae5 Merge: 8bf9865187f6 ebfa440ce38b Author: Linus Torvalds Date: Sat Jun 27 15:17:21 2020 -0700 Merge tag 'vfio-v5.8-rc3' of git://github.com/awilliam/linux-vfio Pull VFIO fixes from Alex Williamson: - Fix double free of eventfd ctx (Alex Williamson) - Fix duplicate use of capability ID (Alex Williamson) - Fix SR-IOV VF memory enable handling (Alex Williamson) * tag 'vfio-v5.8-rc3' of git://github.com/awilliam/linux-vfio: vfio/pci: Fix SR-IOV VF handling with MMIO blocking vfio/type1: Fix migration info capability ID vfio/pci: Clear error and request eventfd ctx after releasing commit 8bf9865187f6c3130b5c748a3212d591c9d563de Merge: 42afe7d1c6ef 40e05200593a Author: Linus Torvalds Date: Sat Jun 27 15:15:37 2020 -0700 Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "This contains a 5.8 regression fix for the Designware driver, a register bitfield fix for the fsi driver, and a missing sanity check for the I2C core" * 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: core: check returned size of emulated smbus block read i2c: fsi: Fix the port number field in status register i2c: designware: Adjust bus speed independently of ACPI commit 42afe7d1c6ef77212250af3459e549d1a944cc8a Merge: 7eb8f53b8afe b65a2d8c8614 Author: Linus Torvalds Date: Sat Jun 27 13:14:15 2020 -0700 Merge tag 'staging-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging driver fixes from Greg KH: "Here are a small number of tiny staging driver fixes for 5.8-rc3. Not much here, but there were some reported problems to be fixed: - three wfx driver fixes - rtl8723bs driver fix All of these have been in linux-next with no reported issues" * tag 'staging-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() staging: wfx: fix coherency of hif_scan() prototype staging: wfx: drop useless loop staging: wfx: fix AC priority commit 7eb8f53b8afe87a7993c9d71d3d01bb97c50bd0a Merge: fc3ebc3c647a ed8fa04243e2 Author: Linus Torvalds Date: Sat Jun 27 13:12:10 2020 -0700 Merge tag 'usb-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some small USB fixes for 5.8-rc3 to resolve some reported issues. Nothing major here: - gadget driver fixes - cdns3 driver fixes - xhci fixes - renesas_usbhs driver fixes - some new device support with ids - documentation update All of these have been in linux-next with no reported issues" * tag 'usb-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (27 commits) usb: renesas_usbhs: getting residue from callback_result Revert "usb: dwc3: exynos: Add support for Exynos5422 suspend clk" xhci: Poll for U0 after disabling USB2 LPM xhci: Return if xHCI doesn't support LPM usb: host: xhci-mtk: avoid runtime suspend when removing hcd xhci: Fix enumeration issue when setting max packet size for FS devices. xhci: Fix incorrect EP_STATE_MASK usb: cdns3: ep0: add spinlock for cdns3_check_new_setup usb: cdns3: trace: using correct dir value usb: cdns3: ep0: fix the test mode set incorrectly Revert "usb: dwc3: exynos: Add support for Exynos5422 suspend clk" usb: gadget: udc: Potential Oops in error handling code usb: phy: tegra: Fix unnecessary check in tegra_usb_phy_probe() usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work usb: cdns3: ep0: add spinlock for cdns3_check_new_setup usb: cdns3: trace: using correct dir value usb: cdns3: ep0: fix the test mode set incorrectly usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs USB: ohci-sm501: Add missed iounmap() in remove cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip ... commit fc3ebc3c647a15940f3371740e14bb0d1ad7fd9e Merge: 42f8f9bc5cb7 70b23b87b2d3 Author: Linus Torvalds Date: Sat Jun 27 13:10:31 2020 -0700 Merge tag 'char-misc-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc fixes from Greg KH: "Some tiny char/misc driver fixes for 5.8-rc3. The "largest" changes are in the mei driver, to resolve some reported problems and add some new device ids. There's also a binder bugfix, an fpga driver build fix, and some assorted habanalabs fixes. All of these, except for the habanalabs fixes, have been in linux-next with no reported issues. The habanalabs driver changes showed up in my tree on Friday, but as they are totally self-contained, all should be good there" * tag 'char-misc-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: habanalabs: increase h/w timer when checking idle habanalabs: Correct handling when failing to enqueue CB habanalabs: increase GAUDI QMAN ARB WDT timeout habanalabs: rename mmu_write() to mmu_asid_va_write() habanalabs: use PI in MMU cache invalidation habanalabs: block scalar load_and_exe on external queue mei: me: add tiger lake point device ids for H platforms. mei: me: disable mei interface on Mehlow server platforms binder: fix null deref of proc->context fpga: zynqmp: fix modular build commit 42f8f9bc5cb7c35ca04a6867cc01c24538d59f7f Merge: f05baa066d0f ee470bb25d0d Author: Linus Torvalds Date: Sat Jun 27 13:08:14 2020 -0700 Merge tag 'edac_urgent_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras Pull EDAC fix from Borislav Petkov: "A single fix for amd64_edac restoring the reporting of the DRAM scrub rate on family 0x15 CPUs" * tag 'edac_urgent_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras: EDAC/amd64: Read back the scrub rate PCI register on F15h commit f05baa066d0f6a38f0624c28008fb2f53cd00e17 Merge: 4e99b32169e8 8e36baf97b25 Author: Linus Torvalds Date: Sat Jun 27 13:06:22 2020 -0700 Merge tag 'dma-mapping-5.8-4' of git://git.infradead.org/users/hch/dma-mapping Pull dma-mapping fixes from Christoph Hellwig: - fix dma coherent mmap in nommu (me) - more AMD SEV fallout (David Rientjes, me) - fix alignment in dma_common_*_remap (Eric Auger) * tag 'dma-mapping-5.8-4' of git://git.infradead.org/users/hch/dma-mapping: dma-remap: align the size in dma_common_*_remap() dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR dma-direct: add missing set_memory_decrypted() for coherent mapping dma-direct: check return value when encrypting or decrypting memory dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails dma-direct: always align allocation size in dma_direct_alloc_pages() dma-direct: mark __dma_direct_alloc_pages static dma-direct: re-enable mmap for !CONFIG_MMU commit 4e99b32169e84b4ece5a1d74eb0b7e4ef07866b3 Merge: ab0f2473d374 89a3c9f5b9f0 Author: Linus Torvalds Date: Sat Jun 27 09:35:47 2020 -0700 Merge tag 'nfs-for-5.8-2' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client bugfixes from Anna Schumaker: "Stable Fixes: - xprtrdma: Fix handling of RDMA_ERROR replies - sunrpc: Fix rollback in rpc_gssd_dummy_populate() - pNFS/flexfiles: Fix list corruption if the mirror count changes - NFSv4: Fix CLOSE not waiting for direct IO completion - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() Other Fixes: - xprtrdma: Fix a use-after-free with r_xprt->rx_ep - Fix other xprtrdma races during disconnect - NFS: Fix memory leak of export_path" * tag 'nfs-for-5.8-2' of git://git.linux-nfs.org/projects/anna/linux-nfs: SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() NFSv4 fix CLOSE not waiting for direct IO compeletion pNFS/flexfiles: Fix list corruption if the mirror count changes nfs: Fix memory leak of export_path sunrpc: fixed rollback in rpc_gssd_dummy_populate() xprtrdma: Fix handling of RDMA_ERROR replies xprtrdma: Clean up disconnect xprtrdma: Clean up synopsis of rpcrdma_flush_disconnect() xprtrdma: Use re_connect_status safely in rpcrdma_xprt_connect() xprtrdma: Prevent dereferencing r_xprt->rx_ep after it is freed commit ab0f2473d374f0dc4e3cc3f386abfafd8cf08ed2 Merge: 9b8d02079643 d60b5fbc1ce8 Author: Linus Torvalds Date: Sat Jun 27 09:02:49 2020 -0700 Merge tag 'io_uring-5.8-2020-06-26' of git://git.kernel.dk/linux-block Pull io_uring fixes from Jens Axboe: "Three small fixes: - Close a corner case for polled IO resubmission (Pavel) - Toss commands when exiting (Pavel) - Fix SQPOLL conditional reschedule on perpetually busy submit (Xuan)" * tag 'io_uring-5.8-2020-06-26' of git://git.kernel.dk/linux-block: io_uring: fix current->mm NULL dereference on exit io_uring: fix hanging iopoll in case of -EAGAIN io_uring: fix io_sq_thread no schedule when busy commit 9b8d02079643b55343b41fb07ce7eb3d25472ce5 Merge: 5e8eed279f28 1b52671d79c4 Author: Linus Torvalds Date: Sat Jun 27 08:59:32 2020 -0700 Merge tag 'block-5.8-2020-06-26' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: - NVMe pull request from Christoph: - multipath deadlock fixes (Anton) - NUMA fixes (Max) - RDMA completion vector fix (Max) - IO deadlock fix (Sagi) - multipath reference fix (Sagi) - NS mutation fix (Sagi) - Use right allocator when freeing bip in error path (Chengguang) * tag 'block-5.8-2020-06-26' of git://git.kernel.dk/linux-block: nvme-multipath: fix bogus request queue reference put nvme-multipath: fix deadlock due to head->lock nvme: don't protect ns mutation with ns->head->lock nvme-multipath: fix deadlock between ana_work and scan_work nvme: fix possible deadlock when I/O is blocked nvme-rdma: assign completion vector correctly nvme-loop: initialize tagset numa value to the value of the ctrl nvme-tcp: initialize tagset numa value to the value of the ctrl nvme-pci: initialize tagset numa value to the value of the ctrl nvme-pci: override the value of the controller's numa node nvme: set initial value for controller's numa node block: release bip in a right way in error path commit 5e8eed279f280d6ad4cf59b3330d5d6d7b9de733 Merge: 6116dea80dfd d35bd764e689 Author: Linus Torvalds Date: Sat Jun 27 08:57:16 2020 -0700 Merge tag 'for-5.8/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - Quite a few DM zoned target fixes and a Zone append fix in DM core. Considering the amount of dm-zoned changes that went in during the 5.8 merge window these fixes are not that surprising. - A few DM writecache target fixes. - A fix to Documentation index to include DM ebs target docs. - Small cleanup to use struct_size() in DM core's retrieve_deps(). * tag 'for-5.8/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm writecache: add cond_resched to loop in persistent_memory_claim() dm zoned: Fix reclaim zone selection dm zoned: Fix random zone reclaim selection dm: update original bio sector on Zone Append dm zoned: Fix metadata zone size check docs: device-mapper: add dm-ebs.rst to an index file dm ioctl: use struct_size() helper in retrieve_deps() dm writecache: skip writecache_wait when using pmem mode dm writecache: correct uncommitted_block when discarding uncommitted entry dm zoned: assign max_io_len correctly dm zoned: fix uninitialized pointer dereference commit 6116dea80dfd5b8d3825bf7f2e44a8bc2730f3d0 Merge: 21d2f6850c09 440ab9e10e2e Author: Linus Torvalds Date: Sat Jun 27 08:53:49 2020 -0700 Merge tag 'kgdb-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux Pull kgdb fixes from Daniel Thompson: "The main change here is a fix for a number of unsafe interactions between kdb and the console system. The fixes are specific to kdb (pure kgdb debugging does not use the console system at all). On systems with an NMI then kdb, if it is enabled, must get messages to the user despite potentially running from some "difficult" calling contexts. These fixes avoid using the console system where we have been provided an alternative (safer) way to interact with the user and, if using the console system in unavoidable, use oops_in_progress for deadlock avoidance. These fixes also ensure kdb honours the console enable flag. Also included is a fix that wraps kgdb trap handling in an RCU read lock to avoids triggering diagnostic warnings. This is a wide lock scope but this is OK because kgdb is a stop-the-world debugger. When we stop the world we put all the CPUs into holding pens and this inhibits RCU update anyway" * tag 'kgdb-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux: kgdb: Avoid suspicious RCU usage warning kdb: Switch to use safer dbg_io_ops over console APIs kdb: Make kdb_printf() console handling more robust kdb: Check status of console prior to invoking handlers kdb: Re-factor kdb_printf() message write code commit 21d2f6850c09fdec730c11d35406da1dc541432d Merge: 3b6ab1012cbc 896066aa0685 Author: Linus Torvalds Date: Sat Jun 27 08:51:35 2020 -0700 Merge tag 'powerpc-5.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: - A fix for a crash in nested KVM when CONFIG_DEBUG_VIRTUAL=y. - Two minor build fixes. Thanks to: Aneesh Kumar K.V, Arseny Solokha, Harish. * tag 'powerpc-5.8-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: selftests/powerpc: Fix build failure in ebb tests powerpc/kvm/book3s64: Fix kernel crash with nested kvm & DEBUG_VIRTUAL powerpc/fsl_booke/32: Fix build with CONFIG_RANDOMIZE_BASE commit 3b6ab1012cbcabf31db9c3a0c329d07dbcff4fd7 Merge: 8530684fd37c e05d57dcb8c7 Author: Linus Torvalds Date: Sat Jun 27 08:49:12 2020 -0700 Merge tag 'riscv-for-linus-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux Pull RISC-V fixes from Palmer Dabbelt: "This contains a handful of fixes I'd like to target for rc3. Most of them fix issues with the conversion of our vDSO to C. There is also one fix to the SiFive PRCI driver that I picked up as it's causing boot issues on the hardware. - A fix to allow kernels with dynamic ftrace to use the vDSO. - Some build fixes for the C vDSO functions. - A fix to the PRCI driver's memory allocation, which was the cause of some boot panics with FREELIST_RANDOM" * tag 'riscv-for-linus-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: riscv: Fixup __vdso_gettimeofday broke dynamic ftrace riscv: Add extern declarations for vDSO time-related functions clk: sifive: allocate sufficient memory for struct __prci_data riscv: Add -fPIC option to CFLAGS_vgettimeofday.o commit 8530684fd37c151bbcf6c101ea3d0d784e221d98 Merge: 1590a2e1c681 108447fd0d1a Author: Linus Torvalds Date: Sat Jun 27 08:47:18 2020 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "The big fix here is to our vDSO sigreturn trampoline as, after a painfully long stint of debugging, it turned out that fixing some of our CFI directives in the merge window lit up a bunch of logic in libgcc which has been shown to SEGV in some cases during asynchronous pthread cancellation. It looks like we can fix this by extending the directives to restore most of the interrupted register state from the sigcontext, but it's risky and hard to test so we opted to remove the CFI directives for now and rely on the unwinder fallback path like we used to. - Fix unwinding through vDSO sigreturn trampoline - Fix build warnings by raising minimum LD version for PAC - Whitelist some Kryo Cortex-A55 derivatives for Meltdown and SSB - Fix perf register PC reporting for compat tasks - Fix 'make clean' warning for arm64 signal selftests - Fix ftrace when BTI is compiled in - Avoid building the compat vDSO using GCC plugins" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: Add KRYO{3,4}XX silver CPU cores to SSB safelist arm64: perf: Report the PC value in REGS_ABI_32 mode kselftest: arm64: Remove redundant clean target arm64: kpti: Add KRYO{3, 4}XX silver CPU cores to kpti safelist arm64: Don't insert a BTI instruction at inner labels arm64: vdso: Don't use gcc plugins for building vgettimeofday.c arm64: vdso: Only pass --no-eh-frame-hdr when linker supports it arm64: Depend on newer binutils when building PAC arm64: compat: Remove 32-bit sigreturn code from the vDSO arm64: compat: Always use sigpage for sigreturn trampoline arm64: compat: Allow 32-bit vdso and sigpage to co-exist arm64: vdso: Disable dwarf unwinding through the sigreturn trampoline commit 76ed2e105796710cf5b8a4ba43c81eceed948b70 Author: Jan Kiszka Date: Thu Jun 18 10:11:40 2020 +0200 Revert "tty: xilinx_uartps: Fix missing id assignment to the console" This reverts commit 2ae11c46d5fdc46cb396e35911c713d271056d35. It turned out to break the ultra96-rev1, e.g., which uses uart1 as serial0 (and stdout-path = "serial0:115200n8"). Fixes: 2ae11c46d5fd ("tty: xilinx_uartps: Fix missing id assignment to the console") Cc: stable Signed-off-by: Jan Kiszka Reviewed-by: Michal Simek Tested-by: Michal Simek Link: https://lore.kernel.org/r/f4092727-d8f5-5f91-2c9f-76643aace993@siemens.com Signed-off-by: Greg Kroah-Hartman commit 225385657b7d81a99e17e04cd01f9ed5bb3109a8 Author: Johan Hovold Date: Wed Jun 10 17:22:32 2020 +0200 serial: core: drop redundant sysrq checks The sysrq timestamp will never be set unless port->has_sysrq is set (see uart_handle_break()) so drop the redundant checks that were added by commit 1997e9dfdc84 ("serial_core: Un-ifdef sysrq SUPPORT_SYSRQ"). Signed-off-by: Johan Hovold Reviewed-by: Andy Shevchenko Reviewed-by: Dmitry Safonov <0x7f454c46@gmail.com> Link: https://lore.kernel.org/r/20200610152232.16925-4-johan@kernel.org Signed-off-by: Greg Kroah-Hartman commit 08d5470308ac3598e7709d08b8979ce6e9de8da2 Author: Johan Hovold Date: Wed Jun 10 17:22:31 2020 +0200 serial: core: fix sysrq overhead regression Commit 8e20fc391711 ("serial_core: Move sysrq functions from header file") converted the inline sysrq helpers to exported functions which are now called for every received character, interrupt and break signal also on systems without CONFIG_MAGIC_SYSRQ_SERIAL instead of being optimised away by the compiler. Inlining these helpers again also avoids the function call overhead when CONFIG_MAGIC_SYSRQ_SERIAL is enabled (e.g. when the port is not used as a console). Fixes: 8e20fc391711 ("serial_core: Move sysrq functions from header file") Cc: Dmitry Safonov <0x7f454c46@gmail.com> Signed-off-by: Johan Hovold Cc: stable Reviewed-by: Andy Shevchenko Reviewed-by: Dmitry Safonov <0x7f454c46@gmail.com> Link: https://lore.kernel.org/r/20200610152232.16925-3-johan@kernel.org Signed-off-by: Greg Kroah-Hartman commit 10652a9e9fe3fbcaca090f99cd3060ac3fee2913 Author: Johan Hovold Date: Wed Jun 10 17:22:30 2020 +0200 Revert "serial: core: Refactor uart_unlock_and_check_sysrq()" This reverts commit da9a5aa3402db0ff3b57216d8dbf2478e1046cae. In order to ease backporting a fix for a sysrq regression, revert this rewrite which was since added on top. The other sysrq helpers now bail out early when sysrq is not enabled; it's better to keep that pattern here as well. Note that the __releases() attribute won't be needed after the follow-on fix either. Fixes: da9a5aa3402d ("serial: core: Refactor uart_unlock_and_check_sysrq()") Cc: stable Signed-off-by: Johan Hovold Reviewed-by: Andy Shevchenko Link: https://lore.kernel.org/r/20200610152232.16925-2-johan@kernel.org Signed-off-by: Greg Kroah-Hartman commit a71725619ff63ccd41d5084094db53efc2286aae Author: Randy Dunlap Date: Mon Jun 15 12:24:36 2020 -0700 tty/serial: fix serial_core.c kernel-doc warnings Fix kernel-doc warnings in serial_core.c: ../drivers/tty/serial/serial_core.c:3300: warning: Function parameter or member 'port' not described in 'uart_get_rs485_mode' ../drivers/tty/serial/serial_core.c:3300: warning: Excess function parameter 'dev' description in 'uart_get_rs485_mode' ../drivers/tty/serial/serial_core.c:3300: warning: Excess function parameter 'rs485conf' description in 'uart_get_rs485_mode' Fixes: c150c0f362c1 ("serial: Allow uart_get_rs485_mode() to return errno") Signed-off-by: Randy Dunlap Cc: Lukas Wunner Cc: Heiko Stuebner Cc: Greg Kroah-Hartman Cc: linux-serial@vger.kernel.org Link: https://lore.kernel.org/r/e170db8e-5c8b-27ac-79a4-81b96ac0ca2d@infradead.org Signed-off-by: Greg Kroah-Hartman commit 311eab8d5900ea9088513d4c6b4570058958edb5 Author: Christophe Leroy Date: Fri Jun 12 18:26:07 2020 +0000 tty: serial: cpm_uart: Fix behaviour for non existing GPIOs devm_gpiod_get_index() doesn't return NULL but -ENOENT when the requested GPIO doesn't exist, leading to the following messages: [ 2.742468] gpiod_direction_input: invalid GPIO (errorpointer) [ 2.748147] can't set direction for gpio #2: -2 [ 2.753081] gpiod_direction_input: invalid GPIO (errorpointer) [ 2.758724] can't set direction for gpio #3: -2 [ 2.763666] gpiod_direction_output: invalid GPIO (errorpointer) [ 2.769394] can't set direction for gpio #4: -2 [ 2.774341] gpiod_direction_input: invalid GPIO (errorpointer) [ 2.779981] can't set direction for gpio #5: -2 [ 2.784545] ff000a20.serial: ttyCPM1 at MMIO 0xfff00a20 (irq = 39, base_baud = 8250000) is a CPM UART Use devm_gpiod_get_index_optional() instead. At the same time, handle the error case and properly exit with an error. Fixes: 97cbaf2c829b ("tty: serial: cpm_uart: Convert to use GPIO descriptors") Cc: stable@vger.kernel.org Cc: Linus Walleij Signed-off-by: Christophe Leroy Reviewed-by: Linus Walleij Link: https://lore.kernel.org/r/694a25fdce548c5ee8b060ef6a4b02746b8f25c0.1591986307.git.christophe.leroy@csgroup.eu Signed-off-by: Greg Kroah-Hartman commit 311950f8b8d80ba41aa09a26bcaf0c2231f8d264 Author: Christoph Hellwig Date: Wed Jun 24 18:57:24 2020 +0200 scsi: mptfusion: Don't use GFP_ATOMIC for larger DMA allocations The mpt fusion driver still uses the legacy PCI DMA API which hardcodes atomic allocations. This caused the driver to fail to load on some powerpc VMs with incoherent DMA and small memory sizes. Switch to use the modern DMA API and sleeping allocations for large allocations instead. This is not a full cleanup of the PCI DMA API usage yet, but just enough to fix the regression caused by reducing the default atomic pool size. Link: https://lore.kernel.org/r/20200624165724.1818496-1-hch@lst.de Fixes: 3ee06a6d532f ("dma-pool: fix too large DMA pools on medium memory size systems") Reported-by: Guenter Roeck Tested-by: Guenter Roeck Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen commit 823a65409c8990f64c5693af98ce0e7819975cba Author: Javed Hasan Date: Fri Jun 26 02:49:59 2020 -0700 scsi: libfc: Skip additional kref updating work event When an rport event (RPORT_EV_READY) is updated without work being queued, avoid taking an additional reference. This issue was leading to memory leak. Trace from KMEMLEAK tool: unreferenced object 0xffff8888259e8780 (size 512): comm "kworker/2:1", jiffies 4433237386 (age 113021.971s) hex dump (first 32 bytes): 58 0a ec cf 83 88 ff ff 00 00 00 00 00 00 00 00 01 00 00 00 08 00 00 00 13 7d f0 1e 0e 00 00 10 backtrace: [<000000006b25760f>] fc_rport_recv_req+0x3c6/0x18f0 [libfc] [<00000000f208d994>] fc_lport_recv_els_req+0x120/0x8a0 [libfc] [<00000000a9c437b8>] fc_lport_recv+0xb9/0x130 [libfc] [<00000000a9c437b8>] fc_lport_recv+0xb9/0x130 [libfc] [<00000000ad5be37b>] qedf_ll2_process_skb+0x73d/0xad0 [qedf] [<00000000e0eb6893>] process_one_work+0x382/0x6c0 [<000000002dfd9e21>] worker_thread+0x57/0x5c0 [<00000000b648204f>] kthread+0x1a0/0x1c0 [<0000000072f5ab20>] ret_from_fork+0x35/0x40 [<000000001d5c05d8>] 0xffffffffffffffff Below is the log sequence which leads to memory leak. Here we get the RPORT_EV_READY and RPORT_EV_STOP back to back, which lead to overwrite the event RPORT_EV_READY by event RPORT_EV_STOP. Because of this, kref_count gets incremented by 1. kernel: host0: rport fffce5: Received PLOGI request kernel: host0: rport fffce5: Received PLOGI in INIT state kernel: host0: rport fffce5: Port is Ready kernel: host0: rport fffce5: Received PRLI request while in state Ready kernel: host0: rport fffce5: PRLI rspp type 8 active 1 passive 0 kernel: host0: rport fffce5: Received LOGO request while in state Ready kernel: host0: rport fffce5: Delete port kernel: host0: rport fffce5: Received PLOGI request kernel: host0: rport fffce5: Received PLOGI in state Delete - send busy kernel: host0: rport fffce5: work event 3 kernel: host0: rport fffce5: lld callback ev 3 kernel: host0: rport fffce5: work delete Link: https://lore.kernel.org/r/20200626094959.32151-1-jhasan@marvell.com Reviewed-by: Girish Basrur Reviewed-by: Saurav Kashyap Reviewed-by: Shyam Sundar Signed-off-by: Javed Hasan Signed-off-by: Martin K. Petersen commit 71f2bf85e90d938d4a9ef9dd9bfa8d9b0b6a03f7 Author: Javed Hasan Date: Mon Jun 22 03:12:11 2020 -0700 scsi: libfc: Handling of extra kref Handling of extra kref which is done by lookup table in case rdata is already present in list. This issue was leading to memory leak. Trace from KMEMLEAK tool: unreferenced object 0xffff8888259e8780 (size 512): comm "kworker/2:1", pid 182614, jiffies 4433237386 (age 113021.971s) hex dump (first 32 bytes): 58 0a ec cf 83 88 ff ff 00 00 00 00 00 00 00 00 01 00 00 00 08 00 00 00 13 7d f0 1e 0e 00 00 10 backtrace: [<000000006b25760f>] fc_rport_recv_req+0x3c6/0x18f0 [libfc] [<00000000f208d994>] fc_lport_recv_els_req+0x120/0x8a0 [libfc] [<00000000a9c437b8>] fc_lport_recv+0xb9/0x130 [libfc] [<00000000ad5be37b>] qedf_ll2_process_skb+0x73d/0xad0 [qedf] [<00000000e0eb6893>] process_one_work+0x382/0x6c0 [<000000002dfd9e21>] worker_thread+0x57/0x5c0 [<00000000b648204f>] kthread+0x1a0/0x1c0 [<0000000072f5ab20>] ret_from_fork+0x35/0x40 [<000000001d5c05d8>] 0xffffffffffffffff Below is the log sequence which leads to memory leak. Here we get the nested "Received PLOGI request" for same port and this request leads to call the fc_rport_create() twice for the same rport. kernel: host1: rport fffce5: Received PLOGI request kernel: host1: rport fffce5: Received PLOGI in INIT state kernel: host1: rport fffce5: Port is Ready kernel: host1: rport fffce5: Received PRLI request while in state Ready kernel: host1: rport fffce5: PRLI rspp type 8 active 1 passive 0 kernel: host1: rport fffce5: Received LOGO request while in state Ready kernel: host1: rport fffce5: Delete port kernel: host1: rport fffce5: Received PLOGI request kernel: host1: rport fffce5: Received PLOGI in state Delete - send busy Link: https://lore.kernel.org/r/20200622101212.3922-2-jhasan@marvell.com Reviewed-by: Girish Basrur Reviewed-by: Saurav Kashyap Reviewed-by: Shyam Sundar Signed-off-by: Javed Hasan Signed-off-by: Martin K. Petersen commit 1fc98aaf7f85fadcca57c4a86ef17e1940cad2d3 Author: Dan Carpenter Date: Fri Jun 19 17:30:41 2020 +0300 scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() This code doesn't make sense unless the correct "fcport" was found. Link: https://lore.kernel.org/r/20200619143041.GD267142@mwanda Fixes: 9dd9686b1419 ("scsi: qla2xxx: Add changes for devloss timeout in driver") Reviewed-by: Himanshu Madhani Reviewed-by: Shyam Sundar Signed-off-by: Dan Carpenter Signed-off-by: Martin K. Petersen commit c0b8892e2461b5fa740e47efbb1269a487b04020 Author: Hsin-Yi Wang Date: Mon Jun 22 23:57:53 2020 +0800 drm/mediatek: Check plane visibility in atomic_update Disable the plane if it's not visible. Otherwise mtk_ovl_layer_config() would proceed with invalid plane and we may see vblank timeout. Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.") Signed-off-by: Hsin-Yi Wang Reviewed-by: Tomasz Figa Signed-off-by: Chun-Kuang Hu commit c79484f68b164a4b59c85b7a5008455ddd7af6fb Author: YueHaibing Date: Wed Apr 29 15:13:37 2020 +0800 drm/mediatek: Fix Kconfig warning WARNING: unmet direct dependencies detected for MTK_MMSYS Depends on [n]: (ARCH_MEDIATEK [=y] || COMPILE_TEST [=n]) && COMMON_CLK_MT8173_MMSYS [=n] Selected by [y]: - DRM_MEDIATEK [=y] && HAS_IOMEM [=y] && DRM [=y] && (ARCH_MEDIATEK [=y] || ARM && COMPILE_TEST [=n]) && COMMON_CLK [=y] && HAVE_ARM_SMCCC [=y] && OF [=y] Make DRM_MEDIATEK depend on MTK_MMSYS to fix this. Fixes: 2c758e301ed9 ("soc / drm: mediatek: Move routing control to mmsys device") Signed-off-by: YueHaibing Reviewed-by: Enric Balletbo i Serra Signed-off-by: Chun-Kuang Hu commit a11398ef87ae38e008c69bea143513e9a36a6577 Author: Enric Balletbo i Serra Date: Wed Feb 26 12:27:23 2020 +0100 drm/mediatek: Remove debug messages for function calls Equivalent information can be nowadays obtained using function tracer. Signed-off-by: Enric Balletbo i Serra Reviewed-by: CK Hu Signed-off-by: Chun-Kuang Hu commit e09a7f87e5cb3b564ad1d98d4d2f678504d6df19 Author: Hsin-Yi Wang Date: Thu Apr 9 14:02:09 2020 +0800 drm/mediatek: Fix device passed to cmdq drm device is now probed from mmsys. We need to use mmsys device to get gce nodes. Fix following errors: [ 0.740068] mediatek-drm mediatek-drm.1.auto: error -2 can't parse gce-client-reg property (0) [ 0.748721] mediatek-drm mediatek-drm.1.auto: error -2 can't parse gce-client-reg property (0) ... [ 2.659645] mediatek-drm mediatek-drm.1.auto: failed to request channel [ 2.666270] mediatek-drm mediatek-drm.1.auto: failed to request channel Fixes: 667c769246b0 ("soc / drm: mediatek: Fix mediatek-drm device probing") Signed-off-by: Hsin-Yi Wang Reviewed-by: Enric Balletbo i Serra Tested-by: Enric Balletbo i Serra Signed-off-by: Chun-Kuang Hu commit d68ec1644dd546851d651787a638aead32a60a6f Merge: 48778464bb7d 38ac46002d1d Author: Arnd Bergmann Date: Sat Jun 27 00:16:42 2020 +0200 Merge tag 'juno-fix-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into arm/fixes ARMv8 Juno/Vexpress/Fast Models fix for v5.8 Partial revert of some recent fixes to silence DTC warning which broke clocks on some Vexpress platforms resulting in boot issues. * tag 'juno-fix-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux: arm: dts: vexpress: Move mcc node back into motherboard node Link: https://lore.kernel.org/r/20200609180447.GB5732@bogus Signed-off-by: Arnd Bergmann commit 0574e2000fc3103cbc69ba82ec1175ce171fdf5e Author: Claudiu Manoil Date: Fri Jun 26 19:17:29 2020 +0300 enetc: Fix tx rings bitmap iteration range, irq handling The rings bitmap of an interrupt vector encodes which of the device's rings were assigned to that interrupt vector. Hence the iteration range of the tx rings bitmap (for_each_set_bit()) should be the total number of Tx rings of that netdevice instead of the number of rings assigned to the interrupt vector. Since there are 2 cores, and one interrupt vector for each core, the number of rings asigned to an interrupt vector is half the number of available rings. The impact of this error is that the upper half of the tx rings could still generate interrupts during napi polling. Fixes: d4fd0404c1c9 ("enetc: Introduce basic PF and VF ENETC ethernet drivers") Signed-off-by: Claudiu Manoil Signed-off-by: David S. Miller commit 93e0272a4395819d51c7501b3cde771863ccecd2 Merge: 861254d82649 5d8913504ccf Author: Linus Walleij Date: Fri Jun 26 23:53:25 2020 +0200 Merge tag 'gpio-fixes-for-v5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux into fixes gpio fixes for v5.8-rc3 - several fixes for gpio-pca953x commit c63d2dd7e134ebddce4745c51f9572b3f0d92b26 Author: David Gow Date: Tue Jun 2 20:37:25 2020 -0700 Documentation: kunit: Add some troubleshooting tips to the FAQ Add an FAQ entry to the KUnit documentation with some tips for troubleshooting KUnit and kunit_tool. These suggestions largely came from an email thread: https://lore.kernel.org/linux-kselftest/41db8bbd-3ba0-8bde-7352-083bf4b947ff@intel.com/T/#m23213d4e156db6d59b0b460a9014950f5ff6eb03 Signed-off-by: David Gow Reviewed-by: Alan Maguire Reviewed-by: Brendan Higgins Signed-off-by: Shuah Khan commit ee61492ab92b108b7db66acfd2c5f794244466b9 Author: David Gow Date: Mon Jun 15 23:47:30 2020 -0700 kunit: kunit_tool: Fix invalid result when build fails When separating out different phases of running tests[1] (build/exec/parse/etc), the format of the KunitResult tuple changed (adding an elapsed_time variable). This is not populated during a build failure, causing kunit.py to crash. This fixes [1] to probably populate the result variable, causing a failing build to be reported properly. [1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=45ba7a893ad89114e773b3dc32f6431354c465d6 Signed-off-by: David Gow Reviewed-by: Brendan Higgins Tested-by: Brendan Higgins Signed-off-by: Shuah Khan commit e173b8b8c419897eabe0e337a0125c6d87ef1644 Author: Uriel Guajardo Date: Thu Jun 11 21:05:45 2020 +0000 kunit: show error if kunit results are not present Currently, if the kernel is configured incorrectly or if it crashes before any kunit tests are run, kunit finishes without error, reporting that 0 test cases were run. To fix this, an error is shown when the tap header is not found, which indicates that kunit was not able to run at all. Signed-off-by: Uriel Guajardo Reviewed-by: Brendan Higgins Signed-off-by: Shuah Khan commit 3f37d14b8a3152441f36b6bc74000996679f0998 Author: Rikard Falkeborn Date: Sun Jun 7 23:57:15 2020 +0200 kunit: kunit_config: Fix parsing of CONFIG options with space Commit 8b59cd81dc5e ("kbuild: ensure full rebuild when the compiler is updated") introduced a new CONFIG option CONFIG_CC_VERSION_TEXT. On my system, this is set to "gcc (GCC) 10.1.0" which breaks KUnit config parsing which did not like the spaces in the string. Fix this by updating the regex to allow strings containing spaces. Fixes: 8b59cd81dc5e ("kbuild: ensure full rebuild when the compiler is updated") Signed-off-by: Rikard Falkeborn Reviewed-by: Brendan Higgins Signed-off-by: Shuah Khan commit 1590a2e1c681b0991bd42c992cabfd380e0338f2 Merge: ed3e00e7d6a8 0f29c20bf434 Author: Linus Torvalds Date: Fri Jun 26 12:33:48 2020 -0700 Merge tag 'acpi-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "Prevent bypassing kernel lockdown via the ACPI tables loading interface (Jason A. Donenfeld) and fix the handling of an ACPI sysfs attribute (Nathan Chancellor)" * tag 'acpi-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: sysfs: Fix pm_profile_attr type ACPI: configfs: Disallow loading ACPI tables when locked down commit ed3e00e7d6a87c60fcbc5a571b451891d365134e Merge: bd37cdf8ba1b 0e3fb2a128d8 Author: Linus Torvalds Date: Fri Jun 26 12:32:11 2020 -0700 Merge tag 'pm-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These fix a recent regression that broke suspend-to-idle on some x86 systems, fix the intel_pstate driver to correctly let the platform firmware control CPU performance in some cases and add __init annotations to a couple of functions. Specifics: - Make sure that the _TIF_POLLING_NRFLAG is clear before entering the last phase of suspend-to-idle to avoid wakeup issues on some x86 systems (Chen Yu, Rafael Wysocki). - Cover one more case in which the intel_pstate driver should let the platform firmware control the CPU frequency and refuse to load (Srinivas Pandruvada). - Add __init annotations to 2 functions in the power management core (Christophe JAILLET)" * tag 'pm-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpuidle: Rearrange s2idle-specific idle state entry code PM: sleep: core: mark 2 functions as __init to save some memory cpufreq: intel_pstate: Add one more OOB control bit PM: s2idle: Clear _TIF_POLLING_NRFLAG before suspend to idle commit bd37cdf8ba1b56a968173560314398d5d3b2d37a Merge: 6a6c9b220a7f 48f0bcfb7aad Author: Linus Torvalds Date: Fri Jun 26 12:30:07 2020 -0700 Merge tag 'iommu-fixes-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull iommu fixes from Joerg Roedel: "A couple of Intel VT-d fixes: - Make Intel SVM code 64bit only. The code uses pgd_t* and the IOMMU only supports long-mode page-table formats, so its broken on 32bit anyway. - Make sure GFX quirks in for Intel VT-d are not applied to untrusted devices. Those devices might gain full memory access otherwise. - Identity mapping setup fix. - Fix ACS enabling when Intel IOMMU is off and untrusted devices are detected. - Two smaller fixes for coherency and IO page-table setup" * tag 'iommu-fixes-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/vt-d: Fix misuse of iommu_domain_identity_map() iommu/vt-d: Update scalable mode paging structure coherency iommu/vt-d: Enable PCI ACS for platform opt in hint iommu/vt-d: Don't apply gfx quirks to untrusted devices iommu/vt-d: Set U/S bit in first level page table by default iommu/vt-d: Make Intel SVM code 64-bit only commit 6a6c9b220a7fb7c8285ad1739ac3c909584feb43 Merge: 7c902e273019 687a0ed33736 Author: Linus Torvalds Date: Fri Jun 26 12:27:25 2020 -0700 Merge tag 'drm-fixes-2020-06-26' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Usual rc3 pickup, lots of little fixes all over. The core VT registration regression fix is probably the largest, otherwise ttm, amdgpu and tegra are the bulk, with some minor driver fixes. No i915 pull this week which may or may not mean I get 2x of it next week, we'll see how it goes. core: - fix VT registration regression ttm: - fix two fence leaks amdgpu: - Fix missed mutex unlock in DC error path - Fix firmware leak for sdma5 - DC bpc property fixes amdkfd: - Fix memleak in an error path radeon: - Fix copy paste typo in NI DPM spll validation rcar-du: - build fix tegra: - add missing zpos property - child driver registeration fix - debugfs cleanup fix - doc fix mcde: - reorder fbdev setup panel: - fix connector type - fix orienation for some panels sun4i: - fix dma/iommu configuration uvesafb: - respect blank flag" * tag 'drm-fixes-2020-06-26' of git://anongit.freedesktop.org/drm/drm: (25 commits) drm/amd: fix potential memleak in err branch drm/amd/display: Fix ineffective setting of max bpc property drm/amd/display: Enable output_bpc property on all outputs drm/amdgpu: add fw release for sdma v5_0 drm/fb-helper: Fix vt restore drm/radeon: fix fb_div check in ni_init_smc_spll_table() drm/amdgpu/display: Unlock mutex on error drm/sun4i: mixer: Call of_dma_configure if there's an IOMMU drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 drm: panel-orientation-quirks: Add quirk for Asus T101HA panel video: fbdev: uvesafb: fix "noblank" option handling drm/panel-simple: fix connector type for newhaven_nhd_43_480272ef_atxl drm/panel-simple: fix connector type for LogicPD Type28 Display drm: rcar-du: Fix build error drm: mcde: Fix forgotten user of drm->dev_private drm: mcde: Fix display initialization problem drm/tegra: Add zpos property for cursor planes gpu: host1x: Detach driver on unregister gpu: host1x: Correct trivial kernel-doc inconsistencies drm/tegra: hub: Register child devices ... commit fa48494cce5f6360b0f8683cdf258fb45c666287 Author: Shannon Nelson Date: Thu Jun 25 22:58:37 2020 -0700 ionic: update the queue count on open Let the network stack know the real number of queues that we are using. v2: added error checking Fixes: 49d3b493673a ("ionic: disable the queues on link down") Signed-off-by: Shannon Nelson Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit 7c902e273019ce60c1cb4d195e3cfd803969fd04 Merge: 4a21185cda0f 19ef1f9dfeff Author: Linus Torvalds Date: Fri Jun 26 12:19:36 2020 -0700 Merge branch 'akpm' (patches from Andrew) Merge misx fixes from Andrew Morton: "31 patches. Subsystems affected by this patch series: hotfixes, mm/pagealloc, kexec, ocfs2, lib, mm/slab, mm/slab, mm/slub, mm/swap, mm/pagemap, mm/vmalloc, mm/memcg, mm/gup, mm/thp, mm/vmscan, x86, mm/memory-hotplug, MAINTAINERS" * emailed patches from Andrew Morton : (31 commits) MAINTAINERS: update info for sparse mm/memory_hotplug.c: fix false softlockup during pfn range removal mm: remove vmalloc_exec arm64: use PAGE_KERNEL_ROX directly in alloc_insn_page x86/hyperv: allocate the hypercall page with only read and execute bits mm/memory: fix IO cost for anonymous page mm/swap: fix for "mm: workingset: age nonresident information alongside anonymous pages" mm: workingset: age nonresident information alongside anonymous pages doc: THP CoW fault no longer allocate THP docs: mm/gup: minor documentation update mm/memcontrol.c: prevent missed memory.low load tears mm/memcontrol.c: add missed css_put() mm: memcontrol: handle div0 crash race condition in memory.low mm/vmalloc.c: fix a warning while make xmldocs media: omap3isp: remove cacheflush.h make asm-generic/cacheflush.h more standalone mm/debug_vm_pgtable: fix build failure with powerpc 8xx mm/memory.c: properly pte_offset_map_lock/unlock in vm_insert_pages() mm: fix swap cache node allocation mask slub: cure list_slab_objects() from double fix ... commit 70b23b87b2d32e608f97e06425853331f17fbda9 Merge: 56e287759b9a 6a47d6efc693 Author: Greg Kroah-Hartman Date: Fri Jun 26 17:26:31 2020 +0200 Merge tag 'fpga-fixes-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mdf/linux-fpga into char-misc-next FPGA Manager fixes for 5.8-rc1 Here is one (late) fix for 5.8-rc1 merge window. Arnd's change addresses a missing build dependency. All patches have been reviewed on the mailing list, and have been in the last few linux-next releases (as part of my fixes branch) without issues. Signed-off-by: Moritz Fischer * tag 'fpga-fixes-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mdf/linux-fpga: fpga: zynqmp: fix modular build commit 56e287759b9a4ecd87b783a6daac65f59254a7c4 Merge: 8c289ea06416 ce04326edd59 Author: Greg Kroah-Hartman Date: Fri Jun 26 17:24:20 2020 +0200 Merge tag 'misc-habanalabs-fixes-2020-06-24' of git://people.freedesktop.org/~gabbayo/linux into char-misc-linus Oded writes: This tag contains the following fixes for kernel 5.8-rc2: - close security hole in GAUDI command buffer parsing by blocking an instruction that might allow user to run command buffer that wasn't parsed on a secured engine. - Fix bug in GAUDI MMU cache invalidation code. - Rename a function to resolve conflict with a static inline function in arch/m68k/include/asm/mcfmmu.h - Increase watchdog timeout of GAUDI QMAN arbitration H/W to prevent false reports on timeouts - Fix bug of dereferencing NULL pointer when an error occurs during command submission - Increase H/W timer for checking if PDMA engine is IDLE in GAUDI. * tag 'misc-habanalabs-fixes-2020-06-24' of git://people.freedesktop.org/~gabbayo/linux: habanalabs: increase h/w timer when checking idle habanalabs: Correct handling when failing to enqueue CB habanalabs: increase GAUDI QMAN ARB WDT timeout habanalabs: rename mmu_write() to mmu_asid_va_write() habanalabs: use PI in MMU cache invalidation habanalabs: block scalar load_and_exe on external queue commit ed8fa04243e22f7b8f470d08e5806c9f8c6a460a Merge: 603ea288dc53 cd37c6976f6a Author: Greg Kroah-Hartman Date: Fri Jun 26 17:16:52 2020 +0200 Merge tag 'fixes-for-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v5.8-rc2 A revert of Exynos5422 suspend clock support, it turns out it wasn't ready to be merged. CDNS3 got a fix for test mode initialization. Signed-off-by: Felipe Balbi * tag 'fixes-for-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb: Revert "usb: dwc3: exynos: Add support for Exynos5422 suspend clk" usb: gadget: udc: Potential Oops in error handling code usb: phy: tegra: Fix unnecessary check in tegra_usb_phy_probe() usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work usb: cdns3: ep0: add spinlock for cdns3_check_new_setup usb: cdns3: trace: using correct dir value usb: cdns3: ep0: fix the test mode set incorrectly commit 0e3fb2a128d81bc5baee76dddcc8ddbc8ccae95c Merge: 0659d4205db4 589bab6bb30c 10e8b11eb319 Author: Rafael J. Wysocki Date: Fri Jun 26 17:09:49 2020 +0200 Merge branches 'pm-cpufreq' and 'pm-cpuidle' * pm-cpufreq: cpufreq: intel_pstate: Add one more OOB control bit * pm-cpuidle: cpuidle: Rearrange s2idle-specific idle state entry code PM: s2idle: Clear _TIF_POLLING_NRFLAG before suspend to idle commit 0f29c20bf4342c7757d9f4bf81159b02498b1b0d Merge: 75b0cea7bf30 e6d701dca989 Author: Rafael J. Wysocki Date: Fri Jun 26 17:06:29 2020 +0200 Merge branch 'acpi-sysfs' * acpi-sysfs: ACPI: sysfs: Fix pm_profile_attr type commit 603ea288dc53dfabf823bf7d38e401a945309492 Merge: ea0efd687b01 48778464bb7d Author: Greg Kroah-Hartman Date: Fri Jun 26 16:51:14 2020 +0200 Merge 5.8-rc2 into usb-linus Felipe has based his patches on that tag, so update my usb-linus branch to it as well so that I can pull his patches in here easier. Signed-off-by: Greg Kroah-Hartman commit 440ab9e10e2e6e5fd677473ee6f9e3af0f6904d6 Author: Douglas Anderson Date: Tue Jun 2 15:47:39 2020 -0700 kgdb: Avoid suspicious RCU usage warning At times when I'm using kgdb I see a splat on my console about suspicious RCU usage. I managed to come up with a case that could reproduce this that looked like this: WARNING: suspicious RCU usage 5.7.0-rc4+ #609 Not tainted ----------------------------- kernel/pid.c:395 find_task_by_pid_ns() needs rcu_read_lock() protection! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by swapper/0/1: #0: ffffff81b6b8e988 (&dev->mutex){....}-{3:3}, at: __device_attach+0x40/0x13c #1: ffffffd01109e9e8 (dbg_master_lock){....}-{2:2}, at: kgdb_cpu_enter+0x20c/0x7ac #2: ffffffd01109ea90 (dbg_slave_lock){....}-{2:2}, at: kgdb_cpu_enter+0x3ec/0x7ac stack backtrace: CPU: 7 PID: 1 Comm: swapper/0 Not tainted 5.7.0-rc4+ #609 Hardware name: Google Cheza (rev3+) (DT) Call trace: dump_backtrace+0x0/0x1b8 show_stack+0x1c/0x24 dump_stack+0xd4/0x134 lockdep_rcu_suspicious+0xf0/0x100 find_task_by_pid_ns+0x5c/0x80 getthread+0x8c/0xb0 gdb_serial_stub+0x9d4/0xd04 kgdb_cpu_enter+0x284/0x7ac kgdb_handle_exception+0x174/0x20c kgdb_brk_fn+0x24/0x30 call_break_hook+0x6c/0x7c brk_handler+0x20/0x5c do_debug_exception+0x1c8/0x22c el1_sync_handler+0x3c/0xe4 el1_sync+0x7c/0x100 rpmh_rsc_probe+0x38/0x420 platform_drv_probe+0x94/0xb4 really_probe+0x134/0x300 driver_probe_device+0x68/0x100 __device_attach_driver+0x90/0xa8 bus_for_each_drv+0x84/0xcc __device_attach+0xb4/0x13c device_initial_probe+0x18/0x20 bus_probe_device+0x38/0x98 device_add+0x38c/0x420 If I understand properly we should just be able to blanket kgdb under one big RCU read lock and the problem should go away. We'll add it to the beast-of-a-function known as kgdb_cpu_enter(). With this I no longer get any splats and things seem to work fine. Signed-off-by: Douglas Anderson Link: https://lore.kernel.org/r/20200602154729.v2.1.I70e0d4fd46d5ed2aaf0c98a355e8e1b7a5bb7e4e@changeid Signed-off-by: Daniel Thompson commit 5946d1f5b309381805bad3ddc3054c04f4ae9c24 Author: Sumit Garg Date: Thu Jun 4 15:31:19 2020 +0530 kdb: Switch to use safer dbg_io_ops over console APIs In kgdb context, calling console handlers aren't safe due to locks used in those handlers which could in turn lead to a deadlock. Although, using oops_in_progress increases the chance to bypass locks in most console handlers but it might not be sufficient enough in case a console uses more locks (VT/TTY is good example). Currently when a driver provides both polling I/O and a console then kdb will output using the console. We can increase robustness by using the currently active polling I/O driver (which should be lockless) instead of the corresponding console. For several common cases (e.g. an embedded system with a single serial port that is used both for console output and debugger I/O) this will result in no console handler being used. In order to achieve this we need to reverse the order of preference to use dbg_io_ops (uses polling I/O mode) over console APIs. So we just store "struct console" that represents debugger I/O in dbg_io_ops and while emitting kdb messages, skip console that matches dbg_io_ops console in order to avoid duplicate messages. After this change, "is_console" param becomes redundant and hence removed. Suggested-by: Daniel Thompson Signed-off-by: Sumit Garg Link: https://lore.kernel.org/r/1591264879-25920-5-git-send-email-sumit.garg@linaro.org Reviewed-by: Douglas Anderson Reviewed-by: Petr Mladek Acked-by: Greg Kroah-Hartman Signed-off-by: Daniel Thompson commit 89a3c9f5b9f0bcaa9aea3e8b2a616fcaea9aad78 Author: Chuck Lever Date: Thu Jun 25 11:32:34 2020 -0400 SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() @subbuf is an output parameter of xdr_buf_subsegment(). A survey of call sites shows that @subbuf is always uninitialized before xdr_buf_segment() is invoked by callers. There are some execution paths through xdr_buf_subsegment() that do not set all of the fields in @subbuf, leaving some pointer fields containing garbage addresses. Subsequent processing of that buffer then results in a page fault. Signed-off-by: Chuck Lever Cc: Signed-off-by: Anna Schumaker commit d03727b248d0dae6199569a8d7b629a681154633 Author: Olga Kornievskaia Date: Wed Jun 24 13:54:08 2020 -0400 NFSv4 fix CLOSE not waiting for direct IO compeletion Figuring out the root case for the REMOVE/CLOSE race and suggesting the solution was done by Neil Brown. Currently what happens is that direct IO calls hold a reference on the open context which is decremented as an asynchronous task in the nfs_direct_complete(). Before reference is decremented, control is returned to the application which is free to close the file. When close is being processed, it decrements its reference on the open_context but since directIO still holds one, it doesn't sent a close on the wire. It returns control to the application which is free to do other operations. For instance, it can delete a file. Direct IO is finally releasing its reference and triggering an asynchronous close. Which races with the REMOVE. On the server, REMOVE can be processed before the CLOSE, failing the REMOVE with EACCES as the file is still opened. Signed-off-by: Olga Kornievskaia Suggested-by: Neil Brown CC: stable@vger.kernel.org Signed-off-by: Anna Schumaker commit 8b04013737341442ed914b336cde866b902664ae Author: Trond Myklebust Date: Mon Jun 22 15:04:15 2020 -0400 pNFS/flexfiles: Fix list corruption if the mirror count changes If the mirror count changes in the new layout we pick up inside ff_layout_pg_init_write(), then we can end up adding the request to the wrong mirror and corrupting the mirror->pg_list. Fixes: d600ad1f2bdb ("NFS41: pop some layoutget errors to application") Cc: stable@vger.kernel.org Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 4659ed7cc8514369043053463514408ca16ad6f3 Author: Tom Rix Date: Fri Jun 12 15:45:49 2020 -0700 nfs: Fix memory leak of export_path The try_location function is called within a loop by nfs_follow_referral. try_location calls nfs4_pathname_string to created the export_path. nfs4_pathname_string allocates the memory. export_path is stored in the nfs_fs_context/fs_context structure similarly as hostname and source. But whereas the ctx hostname and source are freed before assignment, export_path is not. So if there are multiple loops, the new export_path will overwrite the old without the old being freed. So call kfree for export_path. Signed-off-by: Tom Rix Signed-off-by: Anna Schumaker commit b7ade38165ca0001c5a3bd5314a314abbbfbb1b7 Author: Vasily Averin Date: Mon Jun 1 11:54:57 2020 +0300 sunrpc: fixed rollback in rpc_gssd_dummy_populate() __rpc_depopulate(gssd_dentry) was lost on error path cc: stable@vger.kernel.org Fixes: commit 4b9a445e3eeb ("sunrpc: create a new dummy pipe for gssd to hold open") Signed-off-by: Vasily Averin Reviewed-by: Jeff Layton Signed-off-by: Anna Schumaker commit 45c11a927606c612e4898a9484867b71318699f6 Author: Hans de Goede Date: Sat Jun 6 11:31:50 2020 +0200 pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) The pins on the Bay Trail SoC have separate input-buffer and output-buffer enable bits and a read of the level bit of the value register will always return the value from the input-buffer. The BIOS of a device may configure a pin in output-only mode, only enabling the output buffer, and write 1 to the level bit to drive the pin high. This 1 written to the level bit will be stored inside the data-latch of the output buffer. But a subsequent read of the value register will return 0 for the level bit because the input-buffer is disabled. This causes a read-modify-write as done by byt_gpio_set_direction() to write 0 to the level bit, driving the pin low! Before this commit byt_gpio_direction_output() relied on pinctrl_gpio_direction_output() to set the direction, followed by a call to byt_gpio_set() to apply the selected value. This causes the pin to go low between the pinctrl_gpio_direction_output() and byt_gpio_set() calls. Change byt_gpio_direction_output() to directly make the register modifications itself instead. Replacing the 2 subsequent writes to the value register with a single write. Note that the pinctrl code does not keep track internally of the direction, so not going through pinctrl_gpio_direction_output() is not an issue. This issue was noticed on a Trekstor SurfTab Twin 10.1. When the panel is already on at boot (no external monitor connected), then the i915 driver does a gpiod_get(..., GPIOD_OUT_HIGH) for the panel-enable GPIO. The temporarily going low of that GPIO was causing the panel to reset itself after which it would not show an image until it was turned off and back on again (until a full modeset was done on it). This commit fixes this. This commit also updates the byt_gpio_direction_input() to use direct register accesses instead of going through pinctrl_gpio_direction_input(), to keep it consistent with byt_gpio_direction_output(). Note for backporting, this commit depends on: commit e2b74419e5cc ("pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output") Cc: stable@vger.kernel.org Fixes: 86e3ef812fe3 ("pinctrl: baytrail: Update gpio chip operations") Signed-off-by: Hans de Goede Acked-by: Mika Westerberg Signed-off-by: Andy Shevchenko commit 2c92d787cc9fad57d05c96bd117782183768258a Merge: 145a773aef83 8be3a53e18e0 Author: Ingo Molnar Date: Fri Jun 26 12:24:42 2020 +0200 Merge branch 'linus' into x86/entry, to resolve conflicts Conflicts: arch/x86/kernel/traps.c Signed-off-by: Ingo Molnar commit 60a0121f8fa64b0f4297aa6fef8207500483a874 Author: Luca Coelho Date: Fri Jun 26 12:49:40 2020 +0300 nl80211: fix memory leak when parsing NL80211_ATTR_HE_BSS_COLOR If there is an error when parsing the NL80211_ATTR_HE_BSS_COLOR attribute, we return immediately without freeing param.acl. Fit it by using goto out instead of returning immediately. Fixes: 5c5e52d1bb96 ("nl80211: add handling for BSS color") Signed-off-by: Luca Coelho Link: https://lore.kernel.org/r/iwlwifi.20200626124931.7ad2a3eb894f.I60905fb70bd20389a3b170db515a07275e31845e@changeid Signed-off-by: Johannes Berg commit bc7a39b4272b9672d806d422b6850e8c1a09914c Author: Luca Coelho Date: Fri Jun 26 12:49:39 2020 +0300 nl80211: don't return err unconditionally in nl80211_start_ap() When a memory leak was fixed, a return err was changed to goto err, but, accidentally, the if (err) was removed, so now we always exit at this point. Fix it by adding if (err) back. Fixes: 9951ebfcdf2b ("nl80211: fix potential leak in AP start") Signed-off-by: Luca Coelho Link: https://lore.kernel.org/r/iwlwifi.20200626124931.871ba5b31eee.I97340172d92164ee92f3c803fe20a8a6e97714e1@changeid Signed-off-by: Johannes Berg commit 40e05200593af06633f64ab0effff052eee6f076 Author: Mans Rullgard Date: Sat Jun 13 11:41:09 2020 +0100 i2c: core: check returned size of emulated smbus block read If the i2c bus driver ignores the I2C_M_RECV_LEN flag (as some of them do), it is possible for an I2C_SMBUS_BLOCK_DATA read issued on some random device to return an arbitrary value in the first byte (and nothing else). When this happens, i2c_smbus_xfer_emulated() will happily write past the end of the supplied data buffer, thus causing Bad Things to happen. To prevent this, check the size before copying the data block and return an error if it is too large. Fixes: 209d27c3b167 ("i2c: Emulate SMBus block read over I2C") Signed-off-by: Mans Rullgard [wsa: use better errno] Signed-off-by: Wolfram Sang commit 19ef1f9dfeffe2bfbeaf624277a179b1c0eef201 Author: Luc Van Oostenryck Date: Thu Jun 25 20:30:54 2020 -0700 MAINTAINERS: update info for sparse Update the info for sparse. More specifically: - change W entry to point to sparse.docs.kernel.org - add Q & B entry (patchwork & bugzilla) Link: http://lkml.kernel.org/r/20200621144204.53938-1-luc.vanoostenryck@gmail.com Signed-off-by: Luc Van Oostenryck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b7e3debdd0408c0dca5d4750371afa5003f792dc Author: Ben Widawsky Date: Thu Jun 25 20:30:51 2020 -0700 mm/memory_hotplug.c: fix false softlockup during pfn range removal When working with very large nodes, poisoning the struct pages (for which there will be very many) can take a very long time. If the system is using voluntary preemptions, the software watchdog will not be able to detect forward progress. This patch addresses this issue by offering to give up time like __remove_pages() does. This behavior was introduced in v5.6 with: commit d33695b16a9f ("mm/memory_hotplug: poison memmap in remove_pfn_range_from_zone()") Alternately, init_page_poison could do this cond_resched(), but it seems to me that the caller of init_page_poison() is what actually knows whether or not it should relax its own priority. Based on Dan's notes, I think this is perfectly safe: commit f931ab479dd2 ("mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done}") Aside from fixing the lockup, it is also a friendlier thing to do on lower core systems that might wipe out large chunks of hotplug memory (probably not a very common case). Fixes this kind of splat: watchdog: BUG: soft lockup - CPU#46 stuck for 22s! [daxctl:9922] irq event stamp: 138450 hardirqs last enabled at (138449): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (138450): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (138448): [] __do_softirq+0x347/0x456 softirqs last disabled at (138443): [] irq_exit+0x7d/0xb0 CPU: 46 PID: 9922 Comm: daxctl Not tainted 5.7.0-BEN-14238-g373c6049b336 #30 Hardware name: Intel Corporation PURLEY/PURLEY, BIOS PLYXCRB1.86B.0578.D07.1902280810 02/28/2019 RIP: 0010:memset_erms+0x9/0x10 Code: c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 aa 4c 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 Call Trace: remove_pfn_range_from_zone+0x3a/0x380 memunmap_pages+0x17f/0x280 release_nodes+0x22a/0x260 __device_release_driver+0x172/0x220 device_driver_detach+0x3e/0xa0 unbind_store+0x113/0x130 kernfs_fop_write+0xdc/0x1c0 vfs_write+0xde/0x1d0 ksys_write+0x58/0xd0 do_syscall_64+0x5a/0x120 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Built 2 zonelists, mobility grouping on. Total pages: 49050381 Policy zone: Normal Built 3 zonelists, mobility grouping on. Total pages: 49312525 Policy zone: Normal David said: "It really only is an issue for devmem. Ordinary hotplugged system memory is not affected (onlined/offlined in memory block granularity)." Link: http://lkml.kernel.org/r/20200619231213.1160351-1-ben.widawsky@intel.com Fixes: commit d33695b16a9f ("mm/memory_hotplug: poison memmap in remove_pfn_range_from_zone()") Signed-off-by: Ben Widawsky Reported-by: "Scargall, Steve" Reported-by: Ben Widawsky Acked-by: David Hildenbrand Cc: Dan Williams Cc: Vishal Verma Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7a0e27b2a0ce2735e27e21ebc8b777550fe0ed81 Author: Christoph Hellwig Date: Thu Jun 25 20:30:47 2020 -0700 mm: remove vmalloc_exec Merge vmalloc_exec into its only caller. Note that for !CONFIG_MMU __vmalloc_node_range maps to __vmalloc, which directly clears the __GFP_HIGHMEM added by the vmalloc_exec stub anyway. Link: http://lkml.kernel.org/r/20200618064307.32739-4-hch@lst.de Signed-off-by: Christoph Hellwig Reviewed-by: David Hildenbrand Acked-by: Peter Zijlstra (Intel) Cc: Catalin Marinas Cc: Dexuan Cui Cc: Jessica Yu Cc: Vitaly Kuznetsov Cc: Wei Liu Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 10d5e97c1bf816facbc7c431c6caf47ee35fc1ed Author: Christoph Hellwig Date: Thu Jun 25 20:30:43 2020 -0700 arm64: use PAGE_KERNEL_ROX directly in alloc_insn_page Use PAGE_KERNEL_ROX directly instead of allocating RWX and setting the page read-only just after the allocation. Link: http://lkml.kernel.org/r/20200618064307.32739-3-hch@lst.de Signed-off-by: Christoph Hellwig Acked-by: David Hildenbrand Acked-by: Peter Zijlstra (Intel) Cc: Catalin Marinas Cc: Dexuan Cui Cc: Jessica Yu Cc: Vitaly Kuznetsov Cc: Wei Liu Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 800e26b81311dcc0080b8784f80620bb8f2baaa5 Author: Christoph Hellwig Date: Thu Jun 25 20:30:40 2020 -0700 x86/hyperv: allocate the hypercall page with only read and execute bits Patch series "fix a hyperv W^X violation and remove vmalloc_exec" Dexuan reported a W^X violation due to the fact that the hyper hypercall page due switching it to be allocated using vmalloc_exec. The problem is that PAGE_KERNEL_EXEC as used by vmalloc_exec actually sets writable permissions in the pte. This series fixes the issue by switching to the low-level __vmalloc_node_range interface that allows specifing more detailed permissions instead. It then also open codes the other two callers and removes the somewhat confusing vmalloc_exec interface. Peter noted that the hyper hypercall page allocation also has another long standing issue in that it shouldn't use the full vmalloc but just the module space. This issue is so far theoretical as the allocation is done early in the boot process. I plan to fix it with another bigger series for 5.9. This patch (of 3): Avoid a W^X violation cause by the fact that PAGE_KERNEL_EXEC includes the writable bit. For this resurrect the removed PAGE_KERNEL_RX definition, but as PAGE_KERNEL_ROX to match arm64 and powerpc. Link: http://lkml.kernel.org/r/20200618064307.32739-2-hch@lst.de Fixes: 78bb17f76edc ("x86/hyperv: use vmalloc_exec for the hypercall page") Signed-off-by: Christoph Hellwig Reported-by: Dexuan Cui Tested-by: Vitaly Kuznetsov Acked-by: Wei Liu Acked-by: Peter Zijlstra (Intel) Cc: Catalin Marinas Cc: Will Deacon Cc: Jessica Yu Cc: David Hildenbrand Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 0076f029cb2906d32baf3bf4401ef09663071d16 Author: Joonsoo Kim Date: Thu Jun 25 20:30:37 2020 -0700 mm/memory: fix IO cost for anonymous page With synchronous IO swap device, swap-in is directly handled in fault code. Since IO cost notation isn't added there, with synchronous IO swap device, LRU balancing could be wrongly biased. Fix it to count it in fault code. Link: http://lkml.kernel.org/r/1592288204-27734-4-git-send-email-iamjoonsoo.kim@lge.com Fixes: 314b57fb0460001 ("mm: balance LRU lists based on relative thrashing cache sizing") Signed-off-by: Joonsoo Kim Acked-by: Johannes Weiner Cc: Joonsoo Kim Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit cb6868832ede5cd73b346ec11cf89814d26ff7c7 Author: Joonsoo Kim Date: Thu Jun 25 20:30:34 2020 -0700 mm/swap: fix for "mm: workingset: age nonresident information alongside anonymous pages" Non-file-lru page could also be activated in mark_page_accessed() and we need to count this activation for nonresident_age. Note that it's better for this patch to be squashed into the patch "mm: workingset: age nonresident information alongside anonymous pages". Link: http://lkml.kernel.org/r/1592288204-27734-3-git-send-email-iamjoonsoo.kim@lge.com Signed-off-by: Joonsoo Kim Acked-by: Johannes Weiner Cc: Joonsoo Kim Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 31d8fcac00fcf4007f3921edc69ab4dcb3abcd4d Author: Johannes Weiner Date: Thu Jun 25 20:30:31 2020 -0700 mm: workingset: age nonresident information alongside anonymous pages Patch series "fix for "mm: balance LRU lists based on relative thrashing" patchset" This patchset fixes some problems of the patchset, "mm: balance LRU lists based on relative thrashing", which is now merged on the mainline. Patch "mm: workingset: let cache workingset challenge anon fix" is the result of discussion with Johannes. See following link. http://lkml.kernel.org/r/20200520232525.798933-6-hannes@cmpxchg.org And, the other two are minor things which are found when I try to rebase my patchset. This patch (of 3): After ("mm: workingset: let cache workingset challenge anon fix"), we compare refault distances to active_file + anon. But age of the non-resident information is only driven by the file LRU. As a result, we may overestimate the recency of any incoming refaults and activate them too eagerly, causing unnecessary LRU churn in certain situations. Make anon aging drive nonresident age as well to address that. Link: http://lkml.kernel.org/r/1592288204-27734-1-git-send-email-iamjoonsoo.kim@lge.com Link: http://lkml.kernel.org/r/1592288204-27734-2-git-send-email-iamjoonsoo.kim@lge.com Fixes: 34e58cac6d8f2a ("mm: workingset: let cache workingset challenge anon") Reported-by: Joonsoo Kim Signed-off-by: Johannes Weiner Signed-off-by: Joonsoo Kim Cc: Rik van Riel Cc: Minchan Kim Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2a8bef321749219a6f236dc9f5ee5571a5f1efc6 Author: Yang Shi Date: Thu Jun 25 20:30:28 2020 -0700 doc: THP CoW fault no longer allocate THP Since commit 3917c80280c9 ("thp: change CoW semantics for anon-THP"), THP CoW page fault is rewritten. Now it just splits pmd then fallback to base page fault, it doesn't try to allocate THP anymore. So it is no longer counted in THP_FAULT_ALLOC. Remove the obsolete statement in documentation about THP CoW allocation to avoid confusion. Link: http://lkml.kernel.org/r/1592424895-5421-1-git-send-email-yang.shi@linux.alibaba.com Signed-off-by: Yang Shi Cc: Kirill A. Shutemov Cc: Zi Yan Cc: Jonathan Corbet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f9e559703d0899cc74684128244682182157aa64 Author: Souptick Joarder Date: Thu Jun 25 20:30:25 2020 -0700 docs: mm/gup: minor documentation update Now there are 5 cases. Updated the same. Link: http://lkml.kernel.org/r/1592422023-7401-1-git-send-email-jrdr.linux@gmail.com Signed-off-by: Souptick Joarder Reviewed-by: John Hubbard Cc: Jonathan Corbet Cc: Jan Kara Cc: Kirill A. Shutemov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 03960e33187ae969187281c3aa6c308d7282c468 Author: Chris Down Date: Thu Jun 25 20:30:22 2020 -0700 mm/memcontrol.c: prevent missed memory.low load tears Looks like one of these got missed when massaging in f86b810c2610 ("mm, memcg: prevent memory.low load/store tearing") with other linux-mm changes. Link: http://lkml.kernel.org/r/20200612174437.GA391453@chrisdown.name Signed-off-by: Chris Down Reported-by: Michal Koutny Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3a98990ae2150277ed34d3b248c60e68bf2244b2 Author: Muchun Song Date: Thu Jun 25 20:30:19 2020 -0700 mm/memcontrol.c: add missed css_put() We should put the css reference when memory allocation failed. Link: http://lkml.kernel.org/r/20200614122653.98829-1-songmuchun@bytedance.com Fixes: f0a3a24b532d ("mm: memcg/slab: rework non-root kmem_cache lifecycle management") Signed-off-by: Muchun Song Acked-by: Roman Gushchin Acked-by: Michal Hocko Cc: Johannes Weiner Cc: Vladimir Davydov Cc: Qian Cai Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit cd324edce598ebddde44162a2aa01321c1261b9e Author: Johannes Weiner Date: Thu Jun 25 20:30:16 2020 -0700 mm: memcontrol: handle div0 crash race condition in memory.low Tejun reports seeing rare div0 crashes in memory.low stress testing: RIP: 0010:mem_cgroup_calculate_protection+0xed/0x150 Code: 0f 46 d1 4c 39 d8 72 57 f6 05 16 d6 42 01 40 74 1f 4c 39 d8 76 1a 4c 39 d1 76 15 4c 29 d1 4c 29 d8 4d 29 d9 31 d2 48 0f af c1 <49> f7 f1 49 01 c2 4c 89 96 38 01 00 00 5d c3 48 0f af c7 31 d2 49 RSP: 0018:ffffa14e01d6fcd0 EFLAGS: 00010246 RAX: 000000000243e384 RBX: 0000000000000000 RCX: 0000000000008f4b RDX: 0000000000000000 RSI: ffff8b89bee84000 RDI: 0000000000000000 RBP: ffffa14e01d6fcd0 R08: ffff8b89ca7d40f8 R09: 0000000000000000 R10: 0000000000000000 R11: 00000000006422f7 R12: 0000000000000000 R13: ffff8b89d9617000 R14: ffff8b89bee84000 R15: ffffa14e01d6fdb8 FS: 0000000000000000(0000) GS:ffff8b8a1f1c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f93b1fc175b CR3: 000000016100a000 CR4: 0000000000340ea0 Call Trace: shrink_node+0x1e5/0x6c0 balance_pgdat+0x32d/0x5f0 kswapd+0x1d7/0x3d0 kthread+0x11c/0x160 ret_from_fork+0x1f/0x30 This happens when parent_usage == siblings_protected. We check that usage is bigger than protected, which should imply parent_usage being bigger than siblings_protected. However, we don't read (or even update) these values atomically, and they can be out of sync as the memory state changes under us. A bit of fluctuation around the target protection isn't a big deal, but we need to handle the div0 case. Check the parent state explicitly to make sure we have a reasonable positive value for the divisor. Link: http://lkml.kernel.org/r/20200615140658.601684-1-hannes@cmpxchg.org Fixes: 8a931f801340 ("mm: memcontrol: recursive memory.low protection") Signed-off-by: Johannes Weiner Reported-by: Tejun Heo Acked-by: Michal Hocko Acked-by: Chris Down Cc: Roman Gushchin Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8eab7035b231aa3ac27b20ec77f85375e4413083 Author: Masanari Iida Date: Thu Jun 25 20:30:13 2020 -0700 mm/vmalloc.c: fix a warning while make xmldocs This patch fixes following warning while "make xmldocs" mm/vmalloc.c:1877: warning: Excess function parameter 'prot' description in 'vm_map_ram' This warning started since commit d4efd79a81ab ("mm: remove the prot argument from vm_map_ram"). Link: http://lkml.kernel.org/r/20200622152850.140871-1-standby24x7@gmail.com Fixes: d4efd79a81ab ("mm: remove the prot argument from vm_map_ram") Signed-off-by: Masanari Iida Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3c7858268411dc6473e73965a23854d8f9825424 Author: Nathan Chancellor Date: Thu Jun 25 20:30:11 2020 -0700 media: omap3isp: remove cacheflush.h After mm.h was removed from the asm-generic version of cacheflush.h, s390 allyesconfig shows several warnings of the following nature: In file included from arch/s390/include/generated/asm/cacheflush.h:1, from drivers/media/platform/omap3isp/isp.c:42: include/asm-generic/cacheflush.h:16:42: warning: 'struct mm_struct' declared inside parameter list will not be visible outside of this definition or declaration As Geert and Laurent point out, this driver does not need this header in the two files that include it. Remove it so there are no warnings. Link: http://lkml.kernel.org/r/20200622234740.72825-2-natechancellor@gmail.com Fixes: e0cf615d725c ("asm-generic: don't include in cacheflush.h") Signed-off-by: Nathan Chancellor Suggested-by: Geert Uytterhoeven Suggested-by: Laurent Pinchart Reviewed-by: Laurent Pinchart Reviewed-by: Christoph Hellwig Reviewed-by: Mauro Carvalho Chehab Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8dbdd5049cfa8f8848711ba83c9bbf67e08f5b2d Author: Stephen Rothwell Date: Thu Jun 25 20:30:07 2020 -0700 make asm-generic/cacheflush.h more standalone Some s390 builds get these warnings: include/asm-generic/cacheflush.h:16:42: warning: 'struct mm_struct' declared inside parameter list will not be visible outside of this definition or declaration include/asm-generic/cacheflush.h:22:46: warning: 'struct mm_struct' declared inside parameter list will not be visible outside of this definition or declaration include/asm-generic/cacheflush.h:28:45: warning: 'struct vm_area_struct' declared inside parameter list will not be visible outside of this definition or declaration include/asm-generic/cacheflush.h:36:44: warning: 'struct vm_area_struct' declared inside parameter list will not be visible outside of this definition or declaration include/asm-generic/cacheflush.h:44:45: warning: 'struct page' declared inside parameter list will not be visible outside of this definition or declaration include/asm-generic/cacheflush.h:52:50: warning: 'struct address_space' declared inside parameter list will not be visible outside of this definition or declaration include/asm-generic/cacheflush.h:58:52: warning: 'struct address_space' declared inside parameter list will not be visible outside of this definition or declaration include/asm-generic/cacheflush.h:75:17: warning: 'struct page' declared inside parameter list will not be visible outside of this definition or declaration include/asm-generic/cacheflush.h:74:45: warning: 'struct vm_area_struct' declared inside parameter list will not be visible outside of this definition or declaration include/asm-generic/cacheflush.h:82:16: warning: 'struct page' declared inside parameter list will not be visible outside of this definition or declaration include/asm-generic/cacheflush.h:81:50: warning: 'struct vm_area_struct' declared inside parameter list will not be visible outside of this definition or declaration Forward declare the named structs to get rid of these. Link: http://lkml.kernel.org/r/20200623135714.4dae4b8a@canb.auug.org.au Fixes: e0cf615d725c ("asm-generic: don't include in cacheflush.h") Signed-off-by: Stephen Rothwell Reviewed-by: Christoph Hellwig Acked-by: Arnd Bergmann Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Christian Borntraeger Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9449c9cb420b249eb6d7dad3953e4686443d7bd9 Author: Christophe Leroy Date: Thu Jun 25 20:30:04 2020 -0700 mm/debug_vm_pgtable: fix build failure with powerpc 8xx Since commit 9e343b467c70 ("READ_ONCE: Enforce atomicity for {READ,WRITE}_ONCE() memory accesses"), READ_ONCE() cannot be used anymore to read complex page table entries. This leads to: CC mm/debug_vm_pgtable.o In file included from ./include/asm-generic/bug.h:5, from ./arch/powerpc/include/asm/bug.h:109, from ./include/linux/bug.h:5, from ./include/linux/mmdebug.h:5, from ./include/linux/gfp.h:5, from mm/debug_vm_pgtable.c:13: In function 'pte_clear_tests', inlined from 'debug_vm_pgtable' at mm/debug_vm_pgtable.c:363:2: ./include/linux/compiler.h:392:38: error: Unsupported access size for {READ,WRITE}_ONCE(). mm/debug_vm_pgtable.c:249:14: note: in expansion of macro 'READ_ONCE' 249 | pte_t pte = READ_ONCE(*ptep); | ^~~~~~~~~ make[2]: *** [mm/debug_vm_pgtable.o] Error 1 Fix it by using the recently added ptep_get() helper. Link: http://lkml.kernel.org/r/6ca8c972e6c920dc4ae0d4affbed9703afa4d010.1592490570.git.christophe.leroy@csgroup.eu Fixes: 9e343b467c70 ("READ_ONCE: Enforce atomicity for {READ,WRITE}_ONCE() memory accesses") Signed-off-by: Christophe Leroy Acked-by: Will Deacon Reviewed-by: Anshuman Khandual Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: "Peter Zijlstra (Intel)" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7f70c2a68a51496289df163f6969d4db7c383f30 Author: Arjun Roy Date: Thu Jun 25 20:30:01 2020 -0700 mm/memory.c: properly pte_offset_map_lock/unlock in vm_insert_pages() Calls to pte_offset_map() in vm_insert_pages() are erroneously not matched with a call to pte_unmap(). This would cause problems on architectures where that is not a no-op. This patch does away with the non-traditional locking in the existing code, and instead uses pte_offset_map_lock/unlock() as usual, incrementing PTE as necessary. The PTE pointer is kept within bounds since we clamp it with PTRS_PER_PTE. Link: http://lkml.kernel.org/r/20200618220446.20284-1-arjunroy.kdev@gmail.com Fixes: 8cd3984d81d5 ("mm/memory.c: add vm_insert_pages()") Signed-off-by: Arjun Roy Acked-by: David Rientjes Cc: Eric Dumazet Cc: Hugh Dickins Cc: Soheil Hassas Yeganeh Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 243bce09c91b0145aeaedd5afba799d81841c030 Author: Hugh Dickins Date: Thu Jun 25 20:29:59 2020 -0700 mm: fix swap cache node allocation mask Chris Murphy reports that a slightly overcommitted load, testing swap and zram along with i915, splats and keeps on splatting, when it had better fail less noisily: gnome-shell: page allocation failure: order:0, mode:0x400d0(__GFP_IO|__GFP_FS|__GFP_COMP|__GFP_RECLAIMABLE), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 2 PID: 1155 Comm: gnome-shell Not tainted 5.7.0-1.fc33.x86_64 #1 Call Trace: dump_stack+0x64/0x88 warn_alloc.cold+0x75/0xd9 __alloc_pages_slowpath.constprop.0+0xcfa/0xd30 __alloc_pages_nodemask+0x2df/0x320 alloc_slab_page+0x195/0x310 allocate_slab+0x3c5/0x440 ___slab_alloc+0x40c/0x5f0 __slab_alloc+0x1c/0x30 kmem_cache_alloc+0x20e/0x220 xas_nomem+0x28/0x70 add_to_swap_cache+0x321/0x400 __read_swap_cache_async+0x105/0x240 swap_cluster_readahead+0x22c/0x2e0 shmem_swapin+0x8e/0xc0 shmem_swapin_page+0x196/0x740 shmem_getpage_gfp+0x3a2/0xa60 shmem_read_mapping_page_gfp+0x32/0x60 shmem_get_pages+0x155/0x5e0 [i915] __i915_gem_object_get_pages+0x68/0xa0 [i915] i915_vma_pin+0x3fe/0x6c0 [i915] eb_add_vma+0x10b/0x2c0 [i915] i915_gem_do_execbuffer+0x704/0x3430 [i915] i915_gem_execbuffer2_ioctl+0x1ea/0x3e0 [i915] drm_ioctl_kernel+0x86/0xd0 [drm] drm_ioctl+0x206/0x390 [drm] ksys_ioctl+0x82/0xc0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x5b/0xf0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reported on 5.7, but it goes back really to 3.1: when shmem_read_mapping_page_gfp() was implemented for use by i915, and allowed for __GFP_NORETRY and __GFP_NOWARN flags in most places, but missed swapin's "& GFP_KERNEL" mask for page tree node allocation in __read_swap_cache_async() - that was to mask off HIGHUSER_MOVABLE bits from what page cache uses, but GFP_RECLAIM_MASK is now what's needed. Link: https://bugzilla.kernel.org/show_bug.cgi?id=208085 Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2006151330070.11064@eggly.anvils Fixes: 68da9f055755 ("tmpfs: pass gfp to shmem_getpage_gfp") Signed-off-by: Hugh Dickins Reviewed-by: Vlastimil Babka Reviewed-by: Matthew Wilcox (Oracle) Reported-by: Chris Murphy Analyzed-by: Vlastimil Babka Analyzed-by: Matthew Wilcox Tested-by: Chris Murphy Cc: [3.1+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 55860d96ca59265d35427da0ee7d7f61e404f8e7 Author: Sebastian Andrzej Siewior Date: Thu Jun 25 20:29:55 2020 -0700 slub: cure list_slab_objects() from double fix According to Christopher Lameter two fixes have been merged for the same problem. As far as I can tell, the code does not acquire the list_lock and invoke kmalloc(). list_slab_objects() misses an unlock (the counterpart to get_map()) and the memory allocated in free_partial() isn't used. Revert the mentioned commit. Link: http://lkml.kernel.org/r/20200618201234.795692-1-bigeasy@linutronix.de Fixes: aa456c7aebb14 ("slub: remove kmalloc under list_lock from list_slab_objects() V2") Link: https://lkml.kernel.org/r/alpine.DEB.2.22.394.2006181501480.12014@www.lameter.com Signed-off-by: Sebastian Andrzej Siewior Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Thomas Gleixner Cc: Yu Zhao Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8982ae527fbef170ef298650c15d55a9ccd33973 Author: Waiman Long Date: Thu Jun 25 20:29:52 2020 -0700 mm/slab: use memzero_explicit() in kzfree() The kzfree() function is normally used to clear some sensitive information, like encryption keys, in the buffer before freeing it back to the pool. Memset() is currently used for buffer clearing. However unlikely, there is still a non-zero probability that the compiler may choose to optimize away the memory clearing especially if LTO is being used in the future. To make sure that this optimization will never happen, memzero_explicit(), which is introduced in v3.18, is now used in kzfree() to future-proof it. Link: http://lkml.kernel.org/r/20200616154311.12314-2-longman@redhat.com Fixes: 3ef0e5ba4673 ("slab: introduce kzfree()") Signed-off-by: Waiman Long Acked-by: Michal Hocko Cc: David Howells Cc: Jarkko Sakkinen Cc: James Morris Cc: "Serge E. Hallyn" Cc: Joe Perches Cc: Matthew Wilcox Cc: David Rientjes Cc: Johannes Weiner Cc: Dan Carpenter Cc: "Jason A . Donenfeld" Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d7670879c5c4aa443d518fb234a9e5f30931efa3 Author: Waiman Long Date: Thu Jun 25 20:29:49 2020 -0700 mm, slab: fix sign conversion problem in memcg_uncharge_slab() It was found that running the LTP test on a PowerPC system could produce erroneous values in /proc/meminfo, like: MemTotal: 531915072 kB MemFree: 507962176 kB MemAvailable: 1100020596352 kB Using bisection, the problem is tracked down to commit 9c315e4d7d8c ("mm: memcg/slab: cache page number in memcg_(un)charge_slab()"). In memcg_uncharge_slab() with a "int order" argument: unsigned int nr_pages = 1 << order; : mod_lruvec_state(lruvec, cache_vmstat_idx(s), -nr_pages); The mod_lruvec_state() function will eventually call the __mod_zone_page_state() which accepts a long argument. Depending on the compiler and how inlining is done, "-nr_pages" may be treated as a negative number or a very large positive number. Apparently, it was treated as a large positive number in that PowerPC system leading to incorrect stat counts. This problem hasn't been seen in x86-64 yet, perhaps the gcc compiler there has some slight difference in behavior. It is fixed by making nr_pages a signed value. For consistency, a similar change is applied to memcg_charge_slab() as well. Link: http://lkml.kernel.org/r/20200620184719.10994-1-longman@redhat.com Fixes: 9c315e4d7d8c ("mm: memcg/slab: cache page number in memcg_(un)charge_slab()"). Signed-off-by: Waiman Long Acked-by: Roman Gushchin Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Shakeel Butt Cc: Johannes Weiner Cc: Michal Hocko Cc: Vladimir Davydov Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 786ae133e07f2a6b352a0efad16b555ee45a2898 Author: Randy Dunlap Date: Thu Jun 25 20:29:43 2020 -0700 lib: fix test_hmm.c reference after free Coccinelle scripts report the following errors: lib/test_hmm.c:523:20-26: ERROR: reference preceded by free on line 521 lib/test_hmm.c:524:21-27: ERROR: reference preceded by free on line 521 lib/test_hmm.c:523:28-35: ERROR: devmem is NULL but dereferenced. lib/test_hmm.c:524:29-36: ERROR: devmem is NULL but dereferenced. Fix these by using the local variable 'res' instead of devmem. Link: http://lkml.kernel.org/r/c845c158-9c65-9665-0d0b-00342846dd07@infradead.org Signed-off-by: Randy Dunlap Reviewed-by: Ralph Campbell Cc: Jérôme Glisse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9277f8334ffc719fe922d776444d6e4e884dbf30 Author: Junxiao Bi Date: Thu Jun 25 20:29:40 2020 -0700 ocfs2: fix value of OCFS2_INVALID_SLOT In the ocfs2 disk layout, slot number is 16 bits, but in ocfs2 implementation, slot number is 32 bits. Usually this will not cause any issue, because slot number is converted from u16 to u32, but OCFS2_INVALID_SLOT was defined as -1, when an invalid slot number from disk was obtained, its value was (u16)-1, and it was converted to u32. Then the following checking in get_local_system_inode will be always skipped: static struct inode **get_local_system_inode(struct ocfs2_super *osb, int type, u32 slot) { BUG_ON(slot == OCFS2_INVALID_SLOT); ... } Link: http://lkml.kernel.org/r/20200616183829.87211-5-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi Reviewed-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Changwei Ge Cc: Gang He Cc: Jun Piao Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e5a15e17a78d58f933d17cafedfcf7486a29f5b4 Author: Junxiao Bi Date: Thu Jun 25 20:29:37 2020 -0700 ocfs2: fix panic on nfs server over ocfs2 The following kernel panic was captured when running nfs server over ocfs2, at that time ocfs2_test_inode_bit() was checking whether one inode locating at "blkno" 5 was valid, that is ocfs2 root inode, its "suballoc_slot" was OCFS2_INVALID_SLOT(65535) and it was allocted from //global_inode_alloc, but here it wrongly assumed that it was got from per slot inode alloctor which would cause array overflow and trigger kernel panic. BUG: unable to handle kernel paging request at 0000000000001088 IP: [] _raw_spin_lock+0x18/0xf0 PGD 1e06ba067 PUD 1e9e7d067 PMD 0 Oops: 0002 [#1] SMP CPU: 6 PID: 24873 Comm: nfsd Not tainted 4.1.12-124.36.1.el6uek.x86_64 #2 Hardware name: Huawei CH121 V3/IT11SGCA1, BIOS 3.87 02/02/2018 RIP: _raw_spin_lock+0x18/0xf0 RSP: e02b:ffff88005ae97908 EFLAGS: 00010206 RAX: ffff88005ae98000 RBX: 0000000000001088 RCX: 0000000000000000 RDX: 0000000000020000 RSI: 0000000000000009 RDI: 0000000000001088 RBP: ffff88005ae97928 R08: 0000000000000000 R09: ffff880212878e00 R10: 0000000000007ff0 R11: 0000000000000000 R12: 0000000000001088 R13: ffff8800063c0aa8 R14: ffff8800650c27d0 R15: 000000000000ffff FS: 0000000000000000(0000) GS:ffff880218180000(0000) knlGS:ffff880218180000 CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000001088 CR3: 00000002033d0000 CR4: 0000000000042660 Call Trace: igrab+0x1e/0x60 ocfs2_get_system_file_inode+0x63/0x3a0 [ocfs2] ocfs2_test_inode_bit+0x328/0xa00 [ocfs2] ocfs2_get_parent+0xba/0x3e0 [ocfs2] reconnect_path+0xb5/0x300 exportfs_decode_fh+0xf6/0x2b0 fh_verify+0x350/0x660 [nfsd] nfsd4_putfh+0x4d/0x60 [nfsd] nfsd4_proc_compound+0x3d3/0x6f0 [nfsd] nfsd_dispatch+0xe0/0x290 [nfsd] svc_process_common+0x412/0x6a0 [sunrpc] svc_process+0x123/0x210 [sunrpc] nfsd+0xff/0x170 [nfsd] kthread+0xcb/0xf0 ret_from_fork+0x61/0x90 Code: 83 c2 02 0f b7 f2 e8 18 dc 91 ff 66 90 eb bf 0f 1f 40 00 55 48 89 e5 41 56 41 55 41 54 53 0f 1f 44 00 00 48 89 fb ba 00 00 02 00 0f c1 17 89 d0 45 31 e4 45 31 ed c1 e8 10 66 39 d0 41 89 c6 RIP _raw_spin_lock+0x18/0xf0 CR2: 0000000000001088 ---[ end trace 7264463cd1aac8f9 ]--- Kernel panic - not syncing: Fatal exception Link: http://lkml.kernel.org/r/20200616183829.87211-4-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi Reviewed-by: Joseph Qi Cc: Changwei Ge Cc: Gang He Cc: Joel Becker Cc: Jun Piao Cc: Mark Fasheh Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7569d3c754e452769a5747eeeba488179e38a5da Author: Junxiao Bi Date: Thu Jun 25 20:29:33 2020 -0700 ocfs2: load global_inode_alloc Set global_inode_alloc as OCFS2_FIRST_ONLINE_SYSTEM_INODE, that will make it load during mount. It can be used to test whether some global/system inodes are valid. One use case is that nfsd will test whether root inode is valid. Link: http://lkml.kernel.org/r/20200616183829.87211-3-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi Reviewed-by: Joseph Qi Cc: Changwei Ge Cc: Gang He Cc: Joel Becker Cc: Jun Piao Cc: Mark Fasheh Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4cd9973f9ff69e37dd0ba2bd6e6423f8179c329a Author: Junxiao Bi Date: Thu Jun 25 20:29:30 2020 -0700 ocfs2: avoid inode removal while nfsd is accessing it Patch series "ocfs2: fix nfsd over ocfs2 issues", v2. This is a series of patches to fix issues on nfsd over ocfs2. patch 1 is to avoid inode removed while nfsd access it patch 2 & 3 is to fix a panic issue. This patch (of 4): When nfsd is getting file dentry using handle or parent dentry of some dentry, one cluster lock is used to avoid inode removed from other node, but it still could be removed from local node, so use a rw lock to avoid this. Link: http://lkml.kernel.org/r/20200616183829.87211-1-junxiao.bi@oracle.com Link: http://lkml.kernel.org/r/20200616183829.87211-2-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi Reviewed-by: Joseph Qi Cc: Changwei Ge Cc: Gang He Cc: Joel Becker Cc: Jun Piao Cc: Mark Fasheh Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit fd7af71be54271a9f03b2e6f63e4b3ac1ecd113d Author: Lianbo Jiang Date: Thu Jun 25 20:29:27 2020 -0700 kexec: do not verify the signature without the lockdown or mandatory signature Signature verification is an important security feature, to protect system from being attacked with a kernel of unknown origin. Kexec rebooting is a way to replace the running kernel, hence need be secured carefully. In the current code of handling signature verification of kexec kernel, the logic is very twisted. It mixes signature verification, IMA signature appraising and kexec lockdown. If there is no KEXEC_SIG_FORCE, kexec kernel image doesn't have one of signature, the supported crypto, and key, we don't think this is wrong, Unless kexec lockdown is executed. IMA is considered as another kind of signature appraising method. If kexec kernel image has signature/crypto/key, it has to go through the signature verification and pass. Otherwise it's seen as verification failure, and won't be loaded. Seems kexec kernel image with an unqualified signature is even worse than those w/o signature at all, this sounds very unreasonable. E.g. If people get a unsigned kernel to load, or a kernel signed with expired key, which one is more dangerous? So, here, let's simplify the logic to improve code readability. If the KEXEC_SIG_FORCE enabled or kexec lockdown enabled, signature verification is mandated. Otherwise, we lift the bar for any kernel image. Link: http://lkml.kernel.org/r/20200602045952.27487-1-lijiang@redhat.com Signed-off-by: Lianbo Jiang Reviewed-by: Jiri Bohac Acked-by: Dave Young Acked-by: Baoquan He Cc: James Morris Cc: Matthew Garrett Cc: "Eric W. Biederman" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b9e20f0da1f5c9c68689450a8cb436c9486434c8 Author: Vlastimil Babka Date: Thu Jun 25 20:29:24 2020 -0700 mm, compaction: make capture control handling safe wrt interrupts Hugh reports: "While stressing compaction, one run oopsed on NULL capc->cc in __free_one_page()'s task_capc(zone): compact_zone_order() had been interrupted, and a page was being freed in the return from interrupt. Though you would not expect it from the source, both gccs I was using (4.8.1 and 7.5.0) had chosen to compile compact_zone_order() with the ".cc = &cc" implemented by mov %rbx,-0xb0(%rbp) immediately before callq compact_zone - long after the "current->capture_control = &capc". An interrupt in between those finds capc->cc NULL (zeroed by an earlier rep stos). This could presumably be fixed by a barrier() before setting current->capture_control in compact_zone_order(); but would also need more care on return from compact_zone(), in order not to risk leaking a page captured by interrupt just before capture_control is reset. Maybe that is the preferable fix, but I felt safer for task_capc() to exclude the rather surprising possibility of capture at interrupt time" I have checked that gcc10 also behaves the same. The advantage of fix in compact_zone_order() is that we don't add another test in the page freeing hot path, and that it might prevent future problems if we stop exposing pointers to uninitialized structures in current task. So this patch implements the suggestion for compact_zone_order() with barrier() (and WRITE_ONCE() to prevent store tearing) for setting current->capture_control, and prevents page leaking with WRITE_ONCE/READ_ONCE in the proper order. Link: http://lkml.kernel.org/r/20200616082649.27173-1-vbabka@suse.cz Fixes: 5e1f0f098b46 ("mm, compaction: capture a page under direct compaction") Signed-off-by: Vlastimil Babka Reported-by: Hugh Dickins Suggested-by: Hugh Dickins Acked-by: Hugh Dickins Cc: Alex Shi Cc: Li Wang Cc: Mel Gorman Cc: [5.1+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 545b1b077ca6b359820436af097bc65e3f6f6cc9 Author: Michal Hocko Date: Thu Jun 25 20:29:21 2020 -0700 mm: do_swap_page(): fix up the error code do_swap_page() returns error codes from the VM_FAULT* space. try_charge() might return -ENOMEM, though, and then do_swap_page() simply returns 0 which means a success. We almost never return ENOMEM for GFP_KERNEL single page charge. Except for async OOM handling (oom_disabled v1). So this needs translation to VM_FAULT_OOM otherwise the the page fault path will not notify the userspace and wait for an action. Link: http://lkml.kernel.org/r/20200617090238.GL9499@dhcp22.suse.cz Fixes: 4c6355b25e8b ("mm: memcontrol: charge swapin pages on instantiation") Signed-off-by: Michal Hocko Acked-by: Johannes Weiner Cc: Alex Shi Cc: Joonsoo Kim Cc: Shakeel Butt Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Roman Gushchin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 313a5257b84c26b7f080c5d294aabe7d38ca439c Author: Stafford Horne Date: Thu Jun 25 20:29:17 2020 -0700 openrisc: fix boot oops when DEBUG_VM is enabled Since v5.8-rc1 OpenRISC Linux fails to boot when DEBUG_VM is enabled. This has been bisected to commit 42fc541404f2 ("mmap locking API: add mmap_assert_locked() and mmap_assert_write_locked()"). The added locking checks exposed the issue that OpenRISC was not taking this mmap lock when during page walks for DMA operations. This patch locks and unlocks the mmap lock for page walking. Link: http://lkml.kernel.org/r/20200617090247.1680188-1-shorne@gmail.com Fixes: 42fc541404f2 ("mmap locking API: add mmap_assert_locked() and mmap_assert_write_locked()" Signed-off-by: Stafford Horne Reviewed-by: Michel Lespinasse Cc: Jonas Bonn Cc: Stefan Kristiansson Cc: Jason Gunthorpe Cc: Steven Price Cc: Thomas Hellstrom Cc: Robin Murphy Cc: Vlastimil Babka Cc: Daniel Jordan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 687a0ed337367be5267652af5f6dbcfc954b8732 Merge: 5b83c254571b dc5bdb68b5b3 Author: Dave Airlie Date: Fri Jun 26 13:49:05 2020 +1000 Merge tag 'drm-misc-fixes-2020-06-25' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes Short summary of fixes pull (less than what git shortlog provides): * In mcde, set up fbdev after device registration and removde the last access to dev->dev_private. Fixes an error message and a segmentation fault. * Set the connector type for LogicPT Type 28 and newhaven_nhd_43_480272ef_atxl panels. * In uvesafb, fix the handling of the noblank option. * Fix panel orientation for Asus T101HA and Acer S1003. * Fix DMA configuration for sun4i if IOMMU is present. * Fix regression in VT restoration. Unbreaks userspace (i.e., Xorg) VT handling. Signed-off-by: Dave Airlie From: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20200625082717.GA14856@linux-uq9g commit 896066aa0685af3434637998b76218c2045142a8 Author: Harish Date: Thu Jun 25 22:27:21 2020 +0530 selftests/powerpc: Fix build failure in ebb tests We use OUTPUT directory as TMPOUT for checking no-pie option. Since commit f2f02ebd8f38 ("kbuild: improve cc-option to clean up all temporary files") when building powerpc/ from selftests directory, the OUTPUT directory points to powerpc/pmu/ebb/ and gets removed when checking for -no-pie option in try-run routine, subsequently build fails with the following: $ make -C powerpc ... TARGET=ebb; BUILD_TARGET=$OUTPUT/$TARGET; mkdir -p $BUILD_TARGET; make OUTPUT=$BUILD_TARGET -k -C $TARGET all make[2]: Entering directory '/home/linux-master/tools/testing/selftests/powerpc/pmu/ebb' make[2]: *** No rule to make target 'Makefile'. make[2]: Failed to remake makefile 'Makefile'. make[2]: *** No rule to make target 'ebb.c', needed by '/home/linux-master/tools/testing/selftests/powerpc/pmu/ebb/reg_access_test'. make[2]: *** No rule to make target 'ebb_handler.S', needed by '/home/linux-master/tools/testing/selftests/powerpc/pmu/ebb/reg_access_test'. make[2]: *** No rule to make target 'trace.c', needed by '/home/linux-master/tools/testing/selftests/powerpc/pmu/ebb/reg_access_test'. make[2]: *** No rule to make target 'busy_loop.S', needed by '/home/linux-master/tools/testing/selftests/powerpc/pmu/ebb/reg_access_test'. make[2]: Target 'all' not remade because of errors. Fix this by adding a suffix to the OUTPUT directory so that the failure is avoided. Fixes: 9686813f6e9d ("selftests/powerpc: Fix try-run when source tree is not writable") Signed-off-by: Harish [mpe: Mention that commit that triggered the breakage] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200625165721.264904-1-harish@linux.ibm.com commit 4a21185cda0fbb860580eeeb4f1a70a9cda332a4 Merge: 42e9c85f5c72 4c342f778fe2 Author: Linus Torvalds Date: Thu Jun 25 18:27:40 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from David Miller: 1) Don't insert ESP trailer twice in IPSEC code, from Huy Nguyen. 2) The default crypto algorithm selection in Kconfig for IPSEC is out of touch with modern reality, fix this up. From Eric Biggers. 3) bpftool is missing an entry for BPF_MAP_TYPE_RINGBUF, from Andrii Nakryiko. 4) Missing init of ->frame_sz in xdp_convert_zc_to_xdp_frame(), from Hangbin Liu. 5) Adjust packet alignment handling in ax88179_178a driver to match what the hardware actually does. From Jeremy Kerr. 6) register_netdevice can leak in the case one of the notifiers fail, from Yang Yingliang. 7) Use after free in ip_tunnel_lookup(), from Taehee Yoo. 8) VLAN checks in sja1105 DSA driver need adjustments, from Vladimir Oltean. 9) tg3 driver can sleep forever when we get enough EEH errors, fix from David Christensen. 10) Missing {READ,WRITE}_ONCE() annotations in various Intel ethernet drivers, from Ciara Loftus. 11) Fix scanning loop break condition in of_mdiobus_register(), from Florian Fainelli. 12) MTU limit is incorrect in ibmveth driver, from Thomas Falcon. 13) Endianness fix in mlxsw, from Ido Schimmel. 14) Use after free in smsc95xx usbnet driver, from Tuomas Tynkkynen. 15) Missing bridge mrp configuration validation, from Horatiu Vultur. 16) Fix circular netns references in wireguard, from Jason A. Donenfeld. 17) PTP initialization on recovery is not done properly in qed driver, from Alexander Lobakin. 18) Endian conversion of L4 ports in filters of cxgb4 driver is wrong, from Rahul Lakkireddy. 19) Don't clear bound device TX queue of socket prematurely otherwise we get problems with ktls hw offloading, from Tariq Toukan. 20) ipset can do atomics on unaligned memory, fix from Russell King. 21) Align ethernet addresses properly in bridging code, from Thomas Martitz. 22) Don't advertise ipv4 addresses on SCTP sockets having ipv6only set, from Marcelo Ricardo Leitner. * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (149 commits) rds: transport module should be auto loaded when transport is set sch_cake: fix a few style nits sch_cake: don't call diffserv parsing code when it is not needed sch_cake: don't try to reallocate or unshare skb unconditionally ethtool: fix error handling in linkstate_prepare_data() wil6210: account for napi_gro_receive never returning GRO_DROP hns: do not cast return value of napi_gro_receive to null socionext: account for napi_gro_receive never returning GRO_DROP wireguard: receive: account for napi_gro_receive never returning GRO_DROP vxlan: fix last fdb index during dump of fdb with nhid sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket tc-testing: avoid action cookies with odd length. bpf: tcp: bpf_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT net: dsa: sja1105: fix tc-gate schedule with single element net: dsa: sja1105: recalculate gating subschedule after deleting tc-gate rules net: dsa: sja1105: unconditionally free old gating config net: dsa: sja1105: move sja1105_compose_gating_subschedule at the top net: macb: free resources on failure path of at91ether_open() net: macb: call pm_runtime_put_sync on failure path ... commit 4c342f778fe234e0c2a2601d87fec8ba42f0d2c6 Author: Rao Shoaib Date: Thu Jun 25 13:46:00 2020 -0700 rds: transport module should be auto loaded when transport is set This enhancement auto loads transport module when the transport is set via SO_RDS_TRANSPORT socket option. Reviewed-by: Ka-Cheong Poon Reviewed-by: Håkon Bugge Signed-off-by: Rao Shoaib Signed-off-by: Somasundaram Krishnasamy Signed-off-by: David S. Miller commit 6aeaf26222b230b3ab21f42e1e0d30738044ec69 Merge: 1ae71d997a67 3f608f0c4136 Author: David S. Miller Date: Thu Jun 25 16:24:05 2020 -0700 Merge branch 'sched-A-couple-of-fixes-for-sch_cake' Toke Høiland-Jørgensen says: ==================== sched: A couple of fixes for sch_cake This series contains a couple of fixes for diffserv handling in sch_cake that provide a nice speedup (with a somewhat pedantic nit fix tacked on to the end). Not quite sure about whether this should go to stable; it does provide a nice speedup, but it's not strictly a fix in the "correctness" sense. I lean towards including this in stable as well, since our most important consumer of that (OpenWrt) is likely to backport the series anyway. ==================== Signed-off-by: David S. Miller commit 3f608f0c41360b11b04c763f348b712f651c8bac Author: Toke Høiland-Jørgensen Date: Thu Jun 25 22:12:09 2020 +0200 sch_cake: fix a few style nits I spotted a few nits when comparing the in-tree version of sch_cake with the out-of-tree one: A redundant error variable declaration shadowing an outer declaration, and an indentation alignment issue. Fix both of these. Fixes: 046f6fd5daef ("sched: Add Common Applications Kept Enhanced (cake) qdisc") Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller commit 8c95eca0bb8c4bd2231a0d581f1ad0d50c90488c Author: Toke Høiland-Jørgensen Date: Thu Jun 25 22:12:08 2020 +0200 sch_cake: don't call diffserv parsing code when it is not needed As a further optimisation of the diffserv parsing codepath, we can skip it entirely if CAKE is configured to neither use diffserv-based classification, nor to zero out the diffserv bits. Fixes: c87b4ecdbe8d ("sch_cake: Make sure we can write the IP header before changing DSCP bits") Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller commit 9208d2863ac689a563b92f2161d8d1e7127d0add Author: Ilya Ponetayev Date: Thu Jun 25 22:12:07 2020 +0200 sch_cake: don't try to reallocate or unshare skb unconditionally cake_handle_diffserv() tries to linearize mac and network header parts of skb and to make it writable unconditionally. In some cases it leads to full skb reallocation, which reduces throughput and increases CPU load. Some measurements of IPv4 forward + NAPT on MIPS router with 580 MHz single-core CPU was conducted. It appears that on kernel 4.9 skb_try_make_writable() reallocates skb, if skb was allocated in ethernet driver via so-called 'build skb' method from page cache (it was discovered by strange increase of kmalloc-2048 slab at first). Obtain DSCP value via read-only skb_header_pointer() call, and leave linearization only for DSCP bleaching or ECN CE setting. And, as an additional optimisation, skip diffserv parsing entirely if it is not needed by the current configuration. Fixes: c87b4ecdbe8d ("sch_cake: Make sure we can write the IP header before changing DSCP bits") Signed-off-by: Ilya Ponetayev [ fix a few style issues, reflow commit message ] Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller commit 1ae71d997a672739b22572cbe72d61a0eed8c42c Author: Michal Kubecek Date: Thu Jun 25 00:09:08 2020 +0200 ethtool: fix error handling in linkstate_prepare_data() When getting SQI or maximum SQI value fails in linkstate_prepare_data(), we must not return without calling ethnl_ops_complete(dev) as that could result in imbalance between ethtool_ops ->begin() and ->complete() calls. Fixes: 806602191592 ("ethtool: provide UAPI for PHY Signal Quality Index (SQI)") Signed-off-by: Michal Kubecek Signed-off-by: David S. Miller commit 42e9c85f5c7296c4ec02644a2b3debc7120e2bf4 Merge: 52366a107bf0 20dc3847cc2f Author: Linus Torvalds Date: Thu Jun 25 16:16:49 2020 -0700 Merge tag 'trace-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: "Four small fixes: - Fix a ringbuffer bug for nested events having time go backwards - Fix a config dependency for boot time tracing to depend on synthetic events instead of histograms. - Fix trigger format parsing to handle multiple spaces - Fix bootconfig to handle failures in multiple events" * tag 'trace-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing/boottime: Fix kprobe multiple events tracing: Fix event trigger to accept redundant spaces tracing/boot: Fix config dependency for synthedic event ring-buffer: Zero out time extend if it is nested and not absolute commit 0e00c05fa72554c86d7c7e0f538ec83bfe277c91 Merge: b18e9834f7b2 045790b7bc66 Author: David S. Miller Date: Thu Jun 25 16:16:21 2020 -0700 Merge branch 'napi_gro_receive-caller-return-value-cleanups' Jason A. Donenfeld says: ==================== napi_gro_receive caller return value cleanups In 6570bc79c0df ("net: core: use listified Rx for GRO_NORMAL in napi_gro_receive()"), the GRO_NORMAL case stopped calling netif_receive_skb_internal, checking its return value, and returning GRO_DROP in case it failed. Instead, it calls into netif_receive_skb_list_internal (after a bit of indirection), which doesn't return any error. Therefore, napi_gro_receive will never return GRO_DROP, making handling GRO_DROP dead code. I emailed the author of 6570bc79c0df on netdev [1] to see if this change was intentional, but the dlink.ru email address has been disconnected, and looking a bit further myself, it seems somewhat infeasible to start propagating return values backwards from the internal machinations of netif_receive_skb_list_internal. Taking a look at all the callers of napi_gro_receive, it appears that three are checking the return value for the purpose of comparing it to the now never-happening GRO_DROP, and one just casts it to (void), a likely historical leftover. Every other of the 120 callers does not bother checking the return value. And it seems like these remaining 116 callers are doing the right thing: after calling napi_gro_receive, the packet is now in the hands of the upper layers of the newtworking, and the device driver itself has no business now making decisions based on what the upper layers choose to do. Incrementing stats counters on GRO_DROP seems like a mistake, made by these three drivers, but not by the remaining 117. It would seem, therefore, that after rectifying these four callers of napi_gro_receive, that I should go ahead and just remove returning the value from napi_gro_receive all together. However, napi_gro_receive has a function event tracer, and being able to introspect into the networking stack to see how often napi_gro_receive is returning whatever interesting GRO status (aside from _DROP) remains an interesting data point worth keeping for debugging. So, this series simply gets rid of the return value checking for the four useless places where that check never evaluates to anything meaningful. [1] https://lore.kernel.org/netdev/20200624210606.GA1362687@zx2c4.com/ ==================== Acked-by: Edward Cree Signed-off-by: David S. Miller commit 045790b7bc66a75070c112a61558c639cef2263e Author: Jason A. Donenfeld Date: Wed Jun 24 16:06:06 2020 -0600 wil6210: account for napi_gro_receive never returning GRO_DROP The napi_gro_receive function no longer returns GRO_DROP ever, making handling GRO_DROP dead code. This commit removes that dead code. Further, it's not even clear that device drivers have any business in taking action after passing off received packets; that's arguably out of their hands. In this case, too, the non-gro path didn't bother checking the return value. Plus, this had some clunky debugging functions that duplicated code from elsewhere and was generally pretty messy. So, this commit cleans that all up too. Fixes: 6570bc79c0df ("net: core: use listified Rx for GRO_NORMAL in napi_gro_receive()") Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit 93ab48a97af50c7c62c3c94996002949ffebf004 Author: Jason A. Donenfeld Date: Wed Jun 24 16:06:05 2020 -0600 hns: do not cast return value of napi_gro_receive to null Basically no drivers care about the return value here, and there's no __must_check that would make casting to void sensible, so remove it. Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit e5e7d8052f6140985c03bd49ebaa0af9c2944bc6 Author: Jason A. Donenfeld Date: Wed Jun 24 16:06:04 2020 -0600 socionext: account for napi_gro_receive never returning GRO_DROP The napi_gro_receive function no longer returns GRO_DROP ever, making handling GRO_DROP dead code. This commit removes that dead code. Further, it's not even clear that device drivers have any business in taking action after passing off received packets; that's arguably out of their hands. Fixes: 6570bc79c0df ("net: core: use listified Rx for GRO_NORMAL in napi_gro_receive()") Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit df08126e3833e9dca19e2407db5f5860a7c194fb Author: Jason A. Donenfeld Date: Wed Jun 24 16:06:03 2020 -0600 wireguard: receive: account for napi_gro_receive never returning GRO_DROP The napi_gro_receive function no longer returns GRO_DROP ever, making handling GRO_DROP dead code. This commit removes that dead code. Further, it's not even clear that device drivers have any business in taking action after passing off received packets; that's arguably out of their hands. Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Fixes: 6570bc79c0df ("net: core: use listified Rx for GRO_NORMAL in napi_gro_receive()") Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit b18e9834f7b248b41e8179a039ec80803bb3d67a Author: Roopa Prabhu Date: Wed Jun 24 14:02:36 2020 -0700 vxlan: fix last fdb index during dump of fdb with nhid This patch fixes last saved fdb index in fdb dump handler when handling fdb's with nhid. Fixes: 1274e1cc4226 ("vxlan: ecmp support for mac fdb entries") Signed-off-by: Roopa Prabhu Signed-off-by: David S. Miller commit 471e39df96b9a4c4ba88a2da9e25a126624d7a9c Author: Marcelo Ricardo Leitner Date: Wed Jun 24 17:34:18 2020 -0300 sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket If a socket is set ipv6only, it will still send IPv4 addresses in the INIT and INIT_ACK packets. This potentially misleads the peer into using them, which then would cause association termination. The fix is to not add IPv4 addresses to ipv6only sockets. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Corey Minyard Signed-off-by: Marcelo Ricardo Leitner Tested-by: Corey Minyard Signed-off-by: David S. Miller commit b6186d413b1d50f45fe2415d760947576ef3691a Author: Briana Oursler Date: Wed Jun 24 12:29:14 2020 -0700 tc-testing: avoid action cookies with odd length. Update odd length cookie hexstrings in csum.json, tunnel_key.json and bpf.json to be even length to comply with check enforced in commit 0149dabf2a1b ("tc: m_actions: check cookie hexstring len") in iproute2. Signed-off-by: Briana Oursler Reviewed-by: Stefano Brivio Reviewed-by: Davide Caratti Signed-off-by: David S. Miller commit 3b0e7dc0be62c6de0dbda68ac2961f27796919fb Merge: 29a30bac5642 7d21d54d6247 Author: David S. Miller Date: Thu Jun 25 16:08:47 2020 -0700 Merge branch 'tcp_cubic-fix-spurious-HYSTART_DELAY-on-RTT-decrease' Neal Cardwell says: ==================== tcp_cubic: fix spurious HYSTART_DELAY on RTT decrease This series fixes a long-standing bug in the TCP CUBIC HYSTART_DELAY mechanim recently reported by Mirja Kuehlewind. The code can cause a spurious exit of slow start in some particular cases: upon an RTT decrease that happens on the 9th or later ACK in a round trip. This series fixes the original Hystart code and also the recent BPF implementation. ==================== Signed-off-by: David S. Miller commit 7d21d54d624777358ab6c7be7ff778808fef70ba Author: Neal Cardwell Date: Wed Jun 24 12:42:03 2020 -0400 bpf: tcp: bpf_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT Apply the fix from: "tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT" to the BPF implementation of TCP CUBIC congestion control. Repeating the commit description here for completeness: Mirja Kuehlewind reported a bug in Linux TCP CUBIC Hystart, where Hystart HYSTART_DELAY mechanism can exit Slow Start spuriously on an ACK when the minimum rtt of a connection goes down. From inspection it is clear from the existing code that this could happen in an example like the following: o The first 8 RTT samples in a round trip are 150ms, resulting in a curr_rtt of 150ms and a delay_min of 150ms. o The 9th RTT sample is 100ms. The curr_rtt does not change after the first 8 samples, so curr_rtt remains 150ms. But delay_min can be lowered at any time, so delay_min falls to 100ms. The code executes the HYSTART_DELAY comparison between curr_rtt of 150ms and delay_min of 100ms, and the curr_rtt is declared far enough above delay_min to force a (spurious) exit of Slow start. The fix here is simple: allow every RTT sample in a round trip to lower the curr_rtt. Fixes: 6de4a9c430b5 ("bpf: tcp: Add bpf_cubic example") Reported-by: Mirja Kuehlewind Signed-off-by: Neal Cardwell Signed-off-by: Eric Dumazet Acked-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller commit b344579ca8478598937215f7005d6c7b84d28aee Author: Neal Cardwell Date: Wed Jun 24 12:42:02 2020 -0400 tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT Mirja Kuehlewind reported a bug in Linux TCP CUBIC Hystart, where Hystart HYSTART_DELAY mechanism can exit Slow Start spuriously on an ACK when the minimum rtt of a connection goes down. From inspection it is clear from the existing code that this could happen in an example like the following: o The first 8 RTT samples in a round trip are 150ms, resulting in a curr_rtt of 150ms and a delay_min of 150ms. o The 9th RTT sample is 100ms. The curr_rtt does not change after the first 8 samples, so curr_rtt remains 150ms. But delay_min can be lowered at any time, so delay_min falls to 100ms. The code executes the HYSTART_DELAY comparison between curr_rtt of 150ms and delay_min of 100ms, and the curr_rtt is declared far enough above delay_min to force a (spurious) exit of Slow start. The fix here is simple: allow every RTT sample in a round trip to lower the curr_rtt. Fixes: ae27e98a5152 ("[TCP] CUBIC v2.3") Reported-by: Mirja Kuehlewind Signed-off-by: Neal Cardwell Signed-off-by: Eric Dumazet Acked-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller commit 29a30bac564252d732f6c387617a3456e038bdf6 Merge: 33fdef24c9ac 43ce887c5050 Author: David S. Miller Date: Thu Jun 25 16:06:56 2020 -0700 Merge branch 'Fixes-for-SJA1105-DSA-tc-gate-action' Vladimir Oltean says: ==================== Fixes for SJA1105 DSA tc-gate action This small series fixes 2 bugs in the tc-gate implementation: 1. The TAS state machine keeps getting rescheduled even after removing tc-gate actions on all ports. 2. tc-gate actions with only one gate control list entry are installed to hardware with an incorrect interval of zero, which makes the switch erroneously drop those packets (since the configuration is invalid). To keep the code palatable, a forward-declaration was avoided by moving some code around in patch 1/4. I hope that isn't too much of an issue. ==================== Signed-off-by: David S. Miller commit 43ce887c5050a3c213450a3058505f6a06519dd4 Author: Vladimir Oltean Date: Wed Jun 24 16:54:47 2020 +0300 net: dsa: sja1105: fix tc-gate schedule with single element The sja1105_gating_cfg_time_to_interval function does this, as per the comments: /* The gate entries contain absolute times in their e->interval field. Convert * that to proper intervals (i.e. "0, 5, 10, 15" to "5, 5, 5, 5"). */ To perform that task, it iterates over gating_cfg->entries, at each step updating the interval of the _previous_ entry. So one interval remains to be updated at the end of the loop: the last one (since it isn't "prev" for anyone else). But there was an erroneous check, that the last element's interval should not be updated if it's also the only element. I'm not quite sure why that check was there, but it's clearly incorrect, as a tc-gate schedule with a single element would get an e->interval of zero, regardless of the duration requested by the user. The switch wouldn't even consider this configuration as valid: it will just drop all traffic that matches the rule. Fixes: 834f8933d5dd ("net: dsa: sja1105: implement tc-gate using time-triggered virtual links") Reported-by: Xiaoliang Yang Signed-off-by: Vladimir Oltean Signed-off-by: David S. Miller commit 82f6896a25ee2471fdf039eb7b286a692d78f504 Author: Vladimir Oltean Date: Wed Jun 24 16:54:46 2020 +0300 net: dsa: sja1105: recalculate gating subschedule after deleting tc-gate rules Currently, tas_data->enabled would remain true even after deleting all tc-gate rules from the switch ports, which would cause the sja1105_tas_state_machine to get unnecessarily scheduled. Also, if there were any errors which would prevent the hardware from enabling the gating schedule, the sja1105_tas_state_machine would continuously detect and print that, spamming the kernel log, even if the rules were subsequently deleted. The rules themselves are _not_ active, because sja1105_init_scheduling does enough of a job to not install the gating schedule in the static config. But the virtual link rules themselves are still present. So call the functions that remove the tc-gate configuration from priv->tas_data.gating_cfg, so that tas_data->enabled can be set to false, and sja1105_tas_state_machine will stop from being scheduled. Fixes: 834f8933d5dd ("net: dsa: sja1105: implement tc-gate using time-triggered virtual links") Signed-off-by: Vladimir Oltean Signed-off-by: David S. Miller commit 026bdb2b96525edd1fb5cc6f24587ff08d277d5c Author: Vladimir Oltean Date: Wed Jun 24 16:54:45 2020 +0300 net: dsa: sja1105: unconditionally free old gating config Currently sja1105_compose_gating_subschedule is not prepared to be called for the case where we want to recompute the global tc-gate configuration after we've deleted those actions on a port. After deleting the tc-gate actions on the last port, max_cycle_time would become zero, and that would incorrectly prevent sja1105_free_gating_config from getting called. So move the freeing function above the check for the need to apply a new configuration. Fixes: 834f8933d5dd ("net: dsa: sja1105: implement tc-gate using time-triggered virtual links") Signed-off-by: Vladimir Oltean Signed-off-by: David S. Miller commit e39109f59614e5646e6c53100a3e7e8f63dd1d2b Author: Vladimir Oltean Date: Wed Jun 24 16:54:44 2020 +0300 net: dsa: sja1105: move sja1105_compose_gating_subschedule at the top It turns out that sja1105_compose_gating_subschedule must also be called from sja1105_vl_delete, to recalculate the overall tc-gate configuration. Currently this is not possible without introducing a forward declaration. So move the function at the top of the file, along with its dependencies. Signed-off-by: Vladimir Oltean Signed-off-by: David S. Miller commit 8b97f9922211c44a739c5cbd9502ecbb9f17f6d1 Author: Misono Tomohiro Date: Thu Jun 25 13:32:42 2020 +0900 hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() Although it rarely happens, we should call free_capabilities() if error happens after read_capabilities() to free allocated strings. Fixes: de584afa5e188 ("hwmon driver for ACPI 4.0 power meters") Signed-off-by: Misono Tomohiro Link: https://lore.kernel.org/r/20200625043242.31175-1-misono.tomohiro@jp.fujitsu.com Signed-off-by: Guenter Roeck commit c17d1a3a8ee4dac7539d5c976b45d9300f6f10bc Author: Weilong Chen Date: Tue Jun 23 12:12:40 2020 +0800 fork: annotate data race in copy_process() KCSAN reported data race reading and writing nr_threads and max_threads. The data race is intentional and benign. This is obvious from the comment above it and based on general consensus when discussing this issue. So there's no need for any heavy atomic or *_ONCE() machinery here. In accordance with the newly introduced data_race() annotation consensus, mark the offending line with data_race(). Here it's actually useful not just to silence KCSAN but to also clearly communicate that the race is intentional. This is especially helpful since nr_threads is otherwise protected by tasklist_lock. BUG: KCSAN: data-race in copy_process / copy_process write to 0xffffffff86205cf8 of 4 bytes by task 14779 on cpu 1: copy_process+0x2eba/0x3c40 kernel/fork.c:2273 _do_fork+0xfe/0x7a0 kernel/fork.c:2421 __do_sys_clone kernel/fork.c:2576 [inline] __se_sys_clone kernel/fork.c:2557 [inline] __x64_sys_clone+0x130/0x170 kernel/fork.c:2557 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x44/0xa9 read to 0xffffffff86205cf8 of 4 bytes by task 6944 on cpu 0: copy_process+0x94d/0x3c40 kernel/fork.c:1954 _do_fork+0xfe/0x7a0 kernel/fork.c:2421 __do_sys_clone kernel/fork.c:2576 [inline] __se_sys_clone kernel/fork.c:2557 [inline] __x64_sys_clone+0x130/0x170 kernel/fork.c:2557 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Link: https://groups.google.com/forum/#!msg/syzkaller-upstream-mo deration/thvp7AHs5Ew/aPdYLXfYBQAJ Reported-by: syzbot+52fced2d288f8ecd2b20@syzkaller.appspotmail.com Signed-off-by: Zefan Li Signed-off-by: Weilong Chen Acked-by: Christian Brauner Cc: Qian Cai Cc: Oleg Nesterov Cc: Christian Brauner Cc: Marco Elver [christian.brauner@ubuntu.com: rewrite commit message] Link: https://lore.kernel.org/r/20200623041240.154294-1-chenweilong@huawei.com Signed-off-by: Christian Brauner commit 33fdef24c9ac20c68b71b363e423fbf9ad2bfc1e Author: Claudiu Beznea Date: Wed Jun 24 13:08:18 2020 +0300 net: macb: free resources on failure path of at91ether_open() DMA buffers were not freed on failure path of at91ether_open(). Along with changes for freeing the DMA buffers the enable/disable interrupt instructions were moved to at91ether_start()/at91ether_stop() functions and the operations on at91ether_stop() were done in their reverse order (compared with how is done in at91ether_start()): before this patch the operation order on interface open path was as follows: 1/ alloc DMA buffers 2/ enable tx, rx 3/ enable interrupts and the order on interface close path was as follows: 1/ disable tx, rx 2/ disable interrupts 3/ free dma buffers. Fixes: 7897b071ac3b ("net: macb: convert to phylink") Signed-off-by: Claudiu Beznea Signed-off-by: David S. Miller commit 0eaf228d574bd82a9aed73e3953bfb81721f4227 Author: Claudiu Beznea Date: Wed Jun 24 13:08:17 2020 +0300 net: macb: call pm_runtime_put_sync on failure path Call pm_runtime_put_sync() on failure path of at91ether_open. Fixes: e6a41c23df0d ("net: macb: ensure interface is not suspended on at91rm9200") Signed-off-by: Claudiu Beznea Signed-off-by: David S. Miller commit e05d57dcb8c71492268ff46ba9bfe9a9cfb1f95d Author: Guo Ren Date: Tue Jun 23 09:50:54 2020 +0000 riscv: Fixup __vdso_gettimeofday broke dynamic ftrace For linux-5.8-rc1, enable ftrace of riscv will cause boot panic: [ 2.388980] Run /sbin/init as init process [ 2.529938] init[39]: unhandled signal 4 code 0x1 at 0x0000003ff449e000 [ 2.531078] CPU: 0 PID: 39 Comm: init Not tainted 5.8.0-rc1-dirty #13 [ 2.532719] epc: 0000003ff449e000 ra : 0000003ff449e954 sp : 0000003fffedb900 [ 2.534005] gp : 00000000000e8528 tp : 0000003ff449d800 t0 : 000000000000001e [ 2.534965] t1 : 000000000000000a t2 : 0000003fffedb89e s0 : 0000003fffedb920 [ 2.536279] s1 : 0000003fffedb940 a0 : 0000003ff43d4b2c a1 : 0000000000000000 [ 2.537334] a2 : 0000000000000001 a3 : 0000000000000000 a4 : fffffffffbad8000 [ 2.538466] a5 : 0000003ff449e93a a6 : 0000000000000000 a7 : 0000000000000000 [ 2.539511] s2 : 0000000000000000 s3 : 0000003ff448412c s4 : 0000000000000010 [ 2.541260] s5 : 0000000000000016 s6 : 00000000000d0a30 s7 : 0000003fffedba70 [ 2.542152] s8 : 0000000000000000 s9 : 0000000000000000 s10: 0000003fffedb960 [ 2.543335] s11: 0000000000000000 t3 : 0000000000000000 t4 : 0000003fffedb8a0 [ 2.544471] t5 : 0000000000000000 t6 : 0000000000000000 [ 2.545730] status: 0000000000004020 badaddr: 00000000464c457f cause: 0000000000000002 [ 2.549867] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004 [ 2.551267] CPU: 0 PID: 1 Comm: init Not tainted 5.8.0-rc1-dirty #13 [ 2.552061] Call Trace: [ 2.552626] [] walk_stackframe+0x0/0xc4 [ 2.553486] [] show_stack+0x40/0x4c [ 2.553995] [] dump_stack+0x7a/0x98 [ 2.554615] [] panic+0x114/0x2f4 [ 2.555395] [] do_exit+0x89c/0x8c2 [ 2.555949] [] do_group_exit+0x3a/0x90 [ 2.556715] [] get_signal+0xe2/0x6e6 [ 2.557388] [] do_notify_resume+0x6a/0x37a [ 2.558089] [] ret_from_exception+0x0/0xc "ra:0x3ff449e954" is the return address of "call _mcount" in the prologue of __vdso_gettimeofday(). Without proper relocate, pc jmp to 0x0000003ff449e000 (vdso map base) with a illegal instruction trap. The solution comes from arch/arm64/kernel/vdso/Makefile: CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) - CC_FLAGS_SCS is ShadowCallStack feature in Clang and only implemented for arm64, no use for riscv. Fixes: ad5d1122b82f ("riscv: use vDSO common flow to reduce the latency of the time-related functions") Cc: stable@vger.kernel.org Signed-off-by: Guo Ren Reviewed-by: Vincent Chen Signed-off-by: Palmer Dabbelt commit 502035e284cc7e9efef22b01771d822d49698ab9 Author: Eddie James Date: Tue Jun 9 15:15:54 2020 -0500 i2c: fsi: Fix the port number field in status register The port number field in the status register was not correct, so fix it. Fixes: d6ffb6300116 ("i2c: Add FSI-attached I2C master algorithm") Signed-off-by: Eddie James Signed-off-by: Joel Stanley Signed-off-by: Wolfram Sang commit e93b327dbf3d37f0dfb123b58f9627ad17be652e Author: Vincent Chen Date: Tue Jun 23 13:40:21 2020 +0800 riscv: Add extern declarations for vDSO time-related functions Add extern declarations for vDSO time-related functions to notify the compiler these functions will be used in somewhere to avoid "no previous prototype" compile warning. Reported-by: kernel test robot Signed-off-by: Vincent Chen Signed-off-by: Palmer Dabbelt commit d0a5fdf4cc83dabcdea668f971b8a2e916437711 Author: Vincent Chen Date: Tue Jun 23 09:24:17 2020 +0800 clk: sifive: allocate sufficient memory for struct __prci_data The (struct __prci_data).hw_clks.hws is an array with dynamic elements. Using struct_size(pd, hw_clks.hws, ARRAY_SIZE(__prci_init_clocks)) instead of sizeof(*pd) to get the correct memory size of struct __prci_data for sifive/fu540-prci. After applying this modifications, the kernel runs smoothly with CONFIG_SLAB_FREELIST_RANDOM enabled on the HiFive unleashed board. Fixes: 30b8e27e3b58 ("clk: sifive: add a driver for the SiFive FU540 PRCI IP block") Signed-off-by: Vincent Chen Signed-off-by: Palmer Dabbelt commit a0fc3b32893b29a7b3a2771b6d63bae16cb1e8de Author: Vincent Chen Date: Tue Jun 23 09:13:22 2020 +0800 riscv: Add -fPIC option to CFLAGS_vgettimeofday.o The time related vDSO functions use a variable, vdso_data, to access the vDSO data page to get the system time information. Because the vdso_data for CFLAGS_vgettimeofday.o is an external variable defined in vdso.o, the CFLAGS_vgettimeofday.o should be compiled with -fPIC to ensure that vdso_data is addressable. Reported-by: kernel test robot Signed-off-by: Vincent Chen Signed-off-by: Palmer Dabbelt commit 7a64135f3229a808067e4bd29be15fe6856a9ae6 Author: Jesper Dangaard Brouer Date: Thu Jun 25 16:26:58 2020 +0200 libbpf: Adjust SEC short cut for expected attach type BPF_XDP_DEVMAP Adjust the SEC("xdp_devmap/") prog type prefix to contain a slash "/" for expected attach type BPF_XDP_DEVMAP. This is consistent with other prog types like tracing. Fixes: 2778797037a6 ("libbpf: Add SEC name for xdp programs attached to device map") Suggested-by: Andrii Nakryiko Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/159309521882.821855.6873145686353617509.stgit@firesoul commit 52366a107bf0600cf366f5ff3ea1f147b285e41f Merge: 87d93e9a91c7 e9c15badbb7b Author: Linus Torvalds Date: Thu Jun 25 13:02:58 2020 -0700 Merge tag 'fsnotify_for_v5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull fsnotify fixlet from Jan Kara: "A performance improvement to reduce impact of fsnotify for inodes where it isn't used" * tag 'fsnotify_for_v5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: fs: Do not check if there is a fsnotify watcher on pseudo inodes commit f4926d513b4c753c3e831dc619466c82ba192fed Merge: 206e732323c2 619ae8e0697a Author: David S. Miller Date: Thu Jun 25 12:52:41 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net, they are: 1) Unaligned atomic access in ipset, from Russell King. 2) Missing module description, from Rob Gill. 3) Patches to fix a module unload causing NULL pointer dereference in xtables, from David Wilder. For the record, I posting here his cover letter explaining the problem: A crash happened on ppc64le when running ltp network tests triggered by "rmmod iptable_mangle". See previous discussion in this thread: https://lists.openwall.net/netdev/2020/06/03/161 . In the crash I found in iptable_mangle_hook() that state->net->ipv4.iptable_mangle=NULL causing a NULL pointer dereference. net->ipv4.iptable_mangle is set to NULL in +iptable_mangle_net_exit() and called when ip_mangle modules is unloaded. A rmmod task was found running in the crash dump. A 2nd crash showed the same problem when running "rmmod iptable_filter" (net->ipv4.iptable_filter=NULL). To fix this I added .pre_exit hook in all iptable_foo.c. The pre_exit will un-register the underlying hook and exit would do the table freeing. The netns core does an unconditional +synchronize_rcu after the pre_exit hooks insuring no packets are in flight that have picked up the pointer before completing the un-register. These patches include changes for both iptables and ip6tables. We tested this fix with ltp running iptables01.sh and iptables01.sh -6 a loop for 72 hours. 4) Add a selftest for conntrack helper assignment, from Florian Westphal. ==================== Signed-off-by: David S. Miller commit 206e732323c2a8e6d11f4125a62c27e60a50a850 Author: Thomas Martitz Date: Thu Jun 25 14:26:03 2020 +0200 net: bridge: enfore alignment for ethernet address The eth_addr member is passed to ether_addr functions that require 2-byte alignment, therefore the member must be properly aligned to avoid unaligned accesses. The problem is in place since the initial merge of multicast to unicast: commit 6db6f0eae6052b70885562e1733896647ec1d807 bridge: multicast to unicast Fixes: 6db6f0eae605 ("bridge: multicast to unicast") Cc: Roopa Prabhu Cc: Nikolay Aleksandrov Cc: David S. Miller Cc: Jakub Kicinski Cc: Felix Fietkau Signed-off-by: Thomas Martitz Acked-by: Nikolay Aleksandrov Signed-off-by: David S. Miller commit 87d93e9a91c76bcb45112d863ef72aab41e01879 Merge: 908f7d12d3ba 38fd98afeeb7 Author: Linus Torvalds Date: Thu Jun 25 12:38:09 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull rdma fixes from Jason Gunthorpe: "Several regression fixes from work that landed in the merge window, particularly in the mlx5 driver: - Various static checker and warning fixes - General bug fixes in rvt, qedr, hns, mlx5 and hfi1 - Several regression fixes related to the ECE and QP changes in last cycle - Fixes for a few long standing crashers in CMA, uverbs ioctl, and xrc" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: (25 commits) IB/hfi1: Add atomic triggered sleep/wakeup IB/hfi1: Correct -EBUSY handling in tx code IB/hfi1: Fix module use count flaw due to leftover module put calls IB/hfi1: Restore kfree in dummy_netdev cleanup IB/mad: Fix use after free when destroying MAD agent RDMA/mlx5: Protect from kernel crash if XRC_TGT doesn't have udata RDMA/counter: Query a counter before release RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() RDMA/mlx5: Fix integrity enabled QP creation RDMA/mlx5: Remove ECE limitation from the RAW_PACKET QPs RDMA/mlx5: Fix remote gid value in query QP RDMA/mlx5: Don't access ib_qp fields in internal destroy QP path RDMA/core: Check that type_attrs is not NULL prior access RDMA/hns: Fix an cmd queue issue when resetting RDMA/hns: Fix a calltrace when registering MR from userspace RDMA/mlx5: Add missed RST2INIT and INIT2INIT steps during ECE handshake RDMA/cma: Protect bind_list and listen_list while finding matching cm id RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 RDMA/efa: Set maximum pkeys device attribute RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq ... commit 2570284060b48f3f79d8f1a2698792f36c385e9a Author: Denis Kirjanov Date: Thu Jun 25 14:51:06 2020 +0300 tcp: don't ignore ECN CWR on pure ACK there is a problem with the CWR flag set in an incoming ACK segment and it leads to the situation when the ECE flag is latched forever the following packetdrill script shows what happens: // Stack receives incoming segments with CE set +0.1 <[ect0] . 11001:12001(1000) ack 1001 win 65535 +0.0 <[ce] . 12001:13001(1000) ack 1001 win 65535 +0.0 <[ect0] P. 13001:14001(1000) ack 1001 win 65535 // Stack repsonds with ECN ECHO +0.0 >[noecn] . 1001:1001(0) ack 12001 +0.0 >[noecn] E. 1001:1001(0) ack 13001 +0.0 >[noecn] E. 1001:1001(0) ack 14001 // Write a packet +0.1 write(3, ..., 1000) = 1000 +0.0 >[ect0] PE. 1001:2001(1000) ack 14001 // Pure ACK received +0.01 <[noecn] W. 14001:14001(0) ack 2001 win 65535 // Since CWR was sent, this packet should NOT have ECE set +0.1 write(3, ..., 1000) = 1000 +0.0 >[ect0] P. 2001:3001(1000) ack 14001 // but Linux will still keep ECE latched here, with packetdrill // flagging a missing ECE flag, expecting // >[ect0] PE. 2001:3001(1000) ack 14001 // in the script In the situation above we will continue to send ECN ECHO packets and trigger the peer to reduce the congestion window. To avoid that we can check CWR on pure ACKs received. v3: - Add a sequence check to avoid sending an ACK to an ACK v2: - Adjusted the comment - move CWR check before checking for unacknowledged packets Signed-off-by: Denis Kirjanov Acked-by: Neal Cardwell Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller commit 108447fd0d1a34b0929cd26dc637c917a734ebab Author: Sai Prakash Ranjan Date: Thu Jun 25 16:01:23 2020 +0530 arm64: Add KRYO{3,4}XX silver CPU cores to SSB safelist QCOM KRYO{3,4}XX silver/LITTLE CPU cores are based on Cortex-A55 and are SSB safe, hence add them to SSB safelist -> arm64_ssb_cpus[]. Reported-by: Stephen Boyd Signed-off-by: Sai Prakash Ranjan Reviewed-by: Douglas Anderson Link: https://lore.kernel.org/r/20200625103123.7240-1-saiprakash.ranjan@codeaurora.org Signed-off-by: Will Deacon commit 5a3235e50c0e3219d8659cbec996dae960acfee8 Author: Ard Biesheuvel Date: Thu Jun 25 09:18:16 2020 +0200 net: phy: mscc: avoid skcipher API for single block AES encryption The skcipher API dynamically instantiates the transformation object on request that implements the requested algorithm optimally on the given platform. This notion of optimality only matters for cases like bulk network or disk encryption, where performance can be a bottleneck, or in cases where the algorithm itself is not known at compile time. In the mscc case, we are dealing with AES encryption of a single block, and so neither concern applies, and we are better off using the AES library interface, which is lightweight and safe for this kind of use. Note that the scatterlist API does not permit references to buffers that are located on the stack, so the existing code is incorrect in any case, but avoiding the skcipher and scatterlist APIs entirely is the most straight-forward approach to fixing this. Cc: Antoine Tenart Cc: Andrew Lunn Cc: Florian Fainelli Cc: Heiner Kallweit Cc: "David S. Miller" Cc: Jakub Kicinski Fixes: 28c5107aa904e ("net: phy: mscc: macsec support") Reviewed-by: Eric Biggers Signed-off-by: Ard Biesheuvel Tested-by: Antoine Tenart Signed-off-by: David S. Miller commit 1b52671d79c4b9fdc91a85f99f69b7c91a3b1b71 Merge: 0b8eb629a700 c31244669f57 Author: Jens Axboe Date: Thu Jun 25 12:57:17 2020 -0600 Merge branch 'nvme-5.8' of git://git.infradead.org/nvme into block-5.8 Pull NVMe fixes from Christoph. * 'nvme-5.8' of git://git.infradead.org/nvme: nvme-multipath: fix bogus request queue reference put nvme-multipath: fix deadlock due to head->lock nvme: don't protect ns mutation with ns->head->lock nvme-multipath: fix deadlock between ana_work and scan_work nvme: fix possible deadlock when I/O is blocked nvme-rdma: assign completion vector correctly nvme-loop: initialize tagset numa value to the value of the ctrl nvme-tcp: initialize tagset numa value to the value of the ctrl nvme-pci: initialize tagset numa value to the value of the ctrl nvme-pci: override the value of the controller's numa node nvme: set initial value for controller's numa node commit 7e89e4aaa9ae83107d059c186955484b3aa6eb23 Author: Ivan Mironov Date: Thu Jun 25 21:50:42 2020 +0500 drm/amd/powerplay: Fix NULL dereference in lock_bus() on Vega20 w/o RAS I updated my system with Radeon VII from kernel 5.6 to kernel 5.7, and following started to happen on each boot: ... BUG: kernel NULL pointer dereference, address: 0000000000000128 ... CPU: 9 PID: 1940 Comm: modprobe Tainted: G E 5.7.2-200.im0.fc32.x86_64 #1 Hardware name: System manufacturer System Product Name/PRIME X570-P, BIOS 1407 04/02/2020 RIP: 0010:lock_bus+0x42/0x60 [amdgpu] ... Call Trace: i2c_smbus_xfer+0x3d/0xf0 i2c_default_probe+0xf3/0x130 i2c_detect.isra.0+0xfe/0x2b0 ? kfree+0xa3/0x200 ? kobject_uevent_env+0x11f/0x6a0 ? i2c_detect.isra.0+0x2b0/0x2b0 __process_new_driver+0x1b/0x20 bus_for_each_dev+0x64/0x90 ? 0xffffffffc0f34000 i2c_register_driver+0x73/0xc0 do_one_initcall+0x46/0x200 ? _cond_resched+0x16/0x40 ? kmem_cache_alloc_trace+0x167/0x220 ? do_init_module+0x23/0x260 do_init_module+0x5c/0x260 __do_sys_init_module+0x14f/0x170 do_syscall_64+0x5b/0xf0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ... Error appears when some i2c device driver tries to probe for devices using adapter registered by `smu_v11_0_i2c_eeprom_control_init()`. Code supporting this adapter requires `adev->psp.ras.ras` to be not NULL, which is true only when `amdgpu_ras_init()` detects HW support by calling `amdgpu_ras_check_supported()`. Before 9015d60c9ee1, adapter was registered by -> amdgpu_device_ip_init() -> amdgpu_ras_recovery_init() -> amdgpu_ras_eeprom_init() -> smu_v11_0_i2c_eeprom_control_init() after verifying that `adev->psp.ras.ras` is not NULL in `amdgpu_ras_recovery_init()`. Currently it is registered unconditionally by -> amdgpu_device_ip_init() -> pp_sw_init() -> hwmgr_sw_init() -> vega20_smu_init() -> smu_v11_0_i2c_eeprom_control_init() Fix simply adds HW support check (ras == NULL => no support) before calling `smu_v11_0_i2c_eeprom_control_{init,fini}()`. Please note that there is a chance that similar fix is also required for CHIP_ARCTURUS. I do not know whether any actual Arcturus hardware without RAS exist, and whether calling `smu_i2c_eeprom_init()` makes any sense when there is no HW support. Cc: stable@vger.kernel.org Fixes: 9015d60c9ee1 ("drm/amdgpu: Move EEPROM I2C adapter to amdgpu_device") Signed-off-by: Ivan Mironov Tested-by: Bjorn Nostvold Signed-off-by: Alex Deucher commit ebfa440ce38b7e2e04c3124aa89c8a9f4094cf21 Author: Alex Williamson Date: Thu Jun 25 11:04:23 2020 -0600 vfio/pci: Fix SR-IOV VF handling with MMIO blocking SR-IOV VFs do not implement the memory enable bit of the command register, therefore this bit is not set in config space after pci_enable_device(). This leads to an unintended difference between PF and VF in hand-off state to the user. We can correct this by setting the initial value of the memory enable bit in our virtualized config space. There's really no need however to ever fault a user on a VF though as this would only indicate an error in the user's management of the enable bit, versus a PF where the same access could trigger hardware faults. Fixes: abafbc551fdd ("vfio-pci: Invalidate mmaps and block MMIO access on disabled memory") Signed-off-by: Alex Williamson commit 908f7d12d3ba51dfe0449b9723199b423f97ca9a Merge: a4d3712b5105 827c4913923e Author: Linus Torvalds Date: Thu Jun 25 09:24:28 2020 -0700 Merge tag 's390-5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Heiko Carstens: - Fix kernel crash on system call single stepping. - Make sure early program check handler is executed with DAT on to avoid an endless program check loop. - Add __GFP_NOWARN flag to debug feature to avoid user triggerable allocation failure messages. * tag 's390-5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/debug: avoid kernel warning on too large number of pages s390/kasan: fix early pgm check handler execution s390: fix system call single stepping commit a4d3712b510534ef2ab5b15429aa94283c233a31 Merge: 8be3a53e18e0 220345e98f1c Author: Linus Torvalds Date: Thu Jun 25 09:15:24 2020 -0700 Merge tag 'sound-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "A collection of small fixes gathered in the last two weeks. The major changes here are fixes for the recent DPCM regressions found on i.MX and Qualcomm platforms and fixes for resource leaks in ASoC DAI registrations. Other than those are mostly device-specific fixes including the usual USB- and HD-audio quirks, and a fix for syzkaller case and ID updates for new Intel platforms" * tag 'sound-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (32 commits) ALSA: usb-audio: Fix OOB access of mixer element list ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S ASoC: rockchip: Fix a reference count leak. ASoC: amd: closing specific instance. ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL ASoC: hdac_hda: fix memleak with regmap not freed on remove ASoC: SOF: Intel: add PCI IDs for ICL-H and TGL-H ASoC: SOF: Intel: add PCI ID for CometLake-S ASoC: Intel: SOF: merge COMETLAKE_LP and COMETLAKE_H ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems ALSA: usb-audio: Fix potential use-after-free of streams ALSA: hda/realtek - Add quirk for MSI GE63 laptop ASoC: fsl_ssi: Fix bclk calculation for mono channel ASoC: SOF: Intel: hda: Clear RIRB status before reading WP ASoC: rt1015: Update rt1015 default register value according to spec modification. ASoC: qcom: common: set correct directions for dailinks ASoc: q6afe: add support to get port direction ASoC: soc-pcm: fix checks for multi-cpu FE dailinks ASoC: rt5682: Let dai clks be registered whether mclk exists or not ... commit 59476f80d8781a84e25f0cbcf378ccab1ad7abf8 Author: Arvind Sankar Date: Thu Jun 18 16:43:15 2020 -0400 efi/x86: Only copy upto the end of setup_header When copying the setup_header into the boot_params buffer, only the data that is actually part of the setup_header should be copied. efi_pe_entry() currently copies the entire second sector, which initializes some of the fields in boot_params beyond the setup_header with garbage (i.e. part of the real-mode boot code gets copied into those fields). This does not cause any issues currently because the fields that are overwritten are padding, BIOS EDD information that won't get used, and the E820 table which will get properly filled in later. Fix this to only copy data that is actually part of the setup_header structure. Signed-off-by: Arvind Sankar Signed-off-by: Ard Biesheuvel commit 0bda49f30ca48998102eb0a0b53970c3a3558be0 Author: Arvind Sankar Date: Thu Jun 18 15:10:59 2020 -0400 efi/x86: Remove unused variables Commit 987053a30016 ("efi/x86: Move command-line initrd loading to efi_main") made the ramdisk_addr/ramdisk_size variables in efi_pe_entry unused, but neglected to delete them. Delete these unused variables. Signed-off-by: Arvind Sankar Signed-off-by: Ard Biesheuvel commit b58e733fd774f3f4b49d9e7640d172a57e35200e Author: Peter Zijlstra Date: Mon Jun 15 18:24:27 2020 +0200 rcu: Fixup noinstr warnings A KCSAN build revealed we have explicit annoations through atomic_*() usage, switch to arch_atomic_*() for the respective functions. vmlinux.o: warning: objtool: rcu_nmi_exit()+0x4d: call to __kcsan_check_access() leaves .noinstr.text section vmlinux.o: warning: objtool: rcu_dynticks_eqs_enter()+0x25: call to __kcsan_check_access() leaves .noinstr.text section vmlinux.o: warning: objtool: rcu_nmi_enter()+0x4f: call to __kcsan_check_access() leaves .noinstr.text section vmlinux.o: warning: objtool: rcu_dynticks_eqs_exit()+0x2a: call to __kcsan_check_access() leaves .noinstr.text section vmlinux.o: warning: objtool: __rcu_is_watching()+0x25: call to __kcsan_check_access() leaves .noinstr.text section Additionally, without the NOP in instrumentation_begin(), objtool would not detect the lack of the 'else instrumentation_begin();' branch in rcu_nmi_enter(). Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Paul E. McKenney commit 5faafd5685764e4d75376aceac91fdf75b3b16f8 Author: Peter Zijlstra Date: Thu Jun 25 15:55:14 2020 +0200 locking/atomics: Provide the arch_atomic_ interface to generic code Architectures with instrumented (KASAN/KCSAN) atomic operations natively provide arch_atomic_ variants that are not instrumented. It turns out that some generic code also requires arch_atomic_ in order to avoid instrumentation, so provide the arch_atomic_ interface as a direct map into the regular atomic_ interface for non-instrumented architectures. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Paul E. McKenney commit cf961fce30f8269d0c2662c48b2618005b67dfd4 Author: Jarkko Nikula Date: Thu Jun 25 17:00:41 2020 +0300 spi: pxa2xx: Add support for Intel Tiger Lake PCH-H Add Intel Tiger Lake PCH-H PCI IDs. Signed-off-by: Jarkko Nikula Link: https://lore.kernel.org/r/20200625140041.745804-1-jarkko.nikula@linux.intel.com Signed-off-by: Mark Brown commit f16861b12fa05717489e0c8fbe93a0b9346a6839 Author: Seth Forshee Date: Wed Jun 24 12:10:10 2020 -0500 regulator: rename da903x to da903x-regulator This module shares the same name as its parent PMIC driver, which confuses tools like kmod. Rename the regulator driver to avoid such problems. Signed-off-by: Seth Forshee Link: https://lore.kernel.org/r/20200624171010.845271-1-seth.forshee@canonical.com Signed-off-by: Mark Brown commit a9b59159d338d414acaa8e2f569d129d51c76452 Author: John Fastabend Date: Wed Jun 24 15:20:39 2020 -0700 bpf: Do not allow btf_ctx_access with __int128 types To ensure btf_ctx_access() is safe the verifier checks that the BTF arg type is an int, enum, or pointer. When the function does the BTF arg lookup it uses the calculation 'arg = off / 8' using the fact that registers are 8B. This requires that the first arg is in the first reg, the second in the second, and so on. However, for __int128 the arg will consume two registers by default LLVM implementation. So this will cause the arg layout assumed by the 'arg = off / 8' calculation to be incorrect. Because __int128 is uncommon this patch applies the easiest fix and will force int types to be sizeof(u64) or smaller so that they will fit in a single register. v2: remove unneeded parens per Andrii's feedback Fixes: 9e15db66136a1 ("bpf: Implement accurate raw_tp context access via BTF") Signed-off-by: John Fastabend Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/159303723962.11287.13309537171132420717.stgit@john-Precision-5820-Tower commit bc5c7f55f5ea91e137fc7939435ed2e2bb6e5a15 Author: Jaroslav Kysela Date: Thu Jun 25 13:58:29 2020 +0200 AsoC: amd: add missing snd- module prefix to the acp3x-rn driver kernel module Signed-off-by: Jaroslav Kysela Acked-by: Alex Deucher Cc: Mark Brown Cc: vijendar.mukunda@amd.com Cc: Alexander.Deucher@amd.com Link: https://lore.kernel.org/r/20200625115829.791750-1-perex@perex.cz Signed-off-by: Mark Brown commit 8dfe804a4031ca6ba3a3efb2048534249b64f3a5 Author: Jiping Ma Date: Mon May 11 10:52:07 2020 +0800 arm64: perf: Report the PC value in REGS_ABI_32 mode A 32-bit perf querying the registers of a compat task using REGS_ABI_32 will receive zeroes from w15, when it expects to find the PC. Return the PC value for register dwarf register 15 when returning register values for a compat task to perf. Cc: Acked-by: Mark Rutland Signed-off-by: Jiping Ma Link: https://lore.kernel.org/r/1589165527-188401-1-git-send-email-jiping.ma2@windriver.com [will: Shuffled code and added a comment] Signed-off-by: Will Deacon commit d60b5fbc1ce8210759b568da49d149b868e7c6d3 Author: Pavel Begunkov Date: Thu Jun 25 12:37:11 2020 +0300 io_uring: fix current->mm NULL dereference on exit Don't reissue requests from io_iopoll_reap_events(), the task may not have mm, which ends up with NULL. It's better to kill everything off on exit anyway. [ 677.734670] RIP: 0010:io_iopoll_complete+0x27e/0x630 ... [ 677.734679] Call Trace: [ 677.734695] ? __send_signal+0x1f2/0x420 [ 677.734698] ? _raw_spin_unlock_irqrestore+0x24/0x40 [ 677.734699] ? send_signal+0xf5/0x140 [ 677.734700] io_iopoll_getevents+0x12f/0x1a0 [ 677.734702] io_iopoll_reap_events.part.0+0x5e/0xa0 [ 677.734703] io_ring_ctx_wait_and_kill+0x132/0x1c0 [ 677.734704] io_uring_release+0x20/0x30 [ 677.734706] __fput+0xcd/0x230 [ 677.734707] ____fput+0xe/0x10 [ 677.734709] task_work_run+0x67/0xa0 [ 677.734710] do_exit+0x35d/0xb70 [ 677.734712] do_group_exit+0x43/0xa0 [ 677.734713] get_signal+0x140/0x900 [ 677.734715] do_signal+0x37/0x780 [ 677.734717] ? enqueue_hrtimer+0x41/0xb0 [ 677.734718] ? recalibrate_cpu_khz+0x10/0x10 [ 677.734720] ? ktime_get+0x3e/0xa0 [ 677.734721] ? lapic_next_deadline+0x26/0x30 [ 677.734723] ? tick_program_event+0x4d/0x90 [ 677.734724] ? __hrtimer_get_next_event+0x4d/0x80 [ 677.734726] __prepare_exit_to_usermode+0x126/0x1c0 [ 677.734741] prepare_exit_to_usermode+0x9/0x40 [ 677.734742] idtentry_exit_cond_rcu+0x4c/0x60 [ 677.734743] sysvec_reschedule_ipi+0x92/0x160 [ 677.734744] ? asm_sysvec_reschedule_ipi+0xa/0x20 [ 677.734745] asm_sysvec_reschedule_ipi+0x12/0x20 Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit cd664b0e35cb1202f40c259a1a5ea791d18c879d Author: Pavel Begunkov Date: Thu Jun 25 12:37:10 2020 +0300 io_uring: fix hanging iopoll in case of -EAGAIN io_do_iopoll() won't do anything with a request unless req->iopoll_completed is set. So io_complete_rw_iopoll() has to set it, otherwise io_do_iopoll() will poll a file again and again even though the request of interest was completed long time ago. Also, remove -EAGAIN check from io_issue_sqe() as it races with the changed lines. The request will take the long way and be resubmitted from io_iopoll*(). io_kiocb's result and iopoll_completed") Fixes: bbde017a32b3 ("io_uring: add memory barrier to synchronize Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 6a6ca7881b1ab1c13fe0d70bae29211a65dd90de Author: Hui Wang Date: Thu Jun 25 16:38:33 2020 +0800 ALSA: hda - let hs_mic be picked ahead of hp_mic We have a Dell AIO, there is neither internal speaker nor internal mic, only a multi-function audio jack on it. Users reported that after freshly installing the OS and plug a headset to the audio jack, the headset can't output sound. I reproduced this bug, at that moment, the Input Source is as below: Simple mixer control 'Input Source',0 Capabilities: cenum Items: 'Headphone Mic' 'Headset Mic' Item0: 'Headphone Mic' That is because the patch_realtek will set this audio jack as mic_in mode if Input Source's value is hp_mic. If it is not fresh installing, this issue will not happen since the systemd will run alsactl restore -f /var/lib/alsa/asound.state, this will set the 'Input Source' according to history value. If there is internal speaker or internal mic, this issue will not happen since there is valid sink/source in the pulseaudio, the PA will set the 'Input Source' according to active_port. To fix this issue, change the parser function to let the hs_mic be stored ahead of hp_mic. Cc: stable@vger.kernel.org Signed-off-by: Hui Wang Link: https://lore.kernel.org/r/20200625083833.11264-1-hui.wang@canonical.com Signed-off-by: Takashi Iwai commit 38b1927e5bf9bcad4a2e33189ef1c5569f9599ba Author: Colin Ian King Date: Thu Jun 25 13:44:28 2020 +0100 phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked Currently pointer phy0 is being dereferenced via the assignment of phy on the call to phy_get_drvdata before phy0 is null checked, this can lead to a null pointer dereference. Fix this by performing the null check on phy0 before the call to phy_get_drvdata. Also replace the phy0 == NULL check with the more usual !phy0 idiom. Addresses-Coverity: ("Dereference before null check") Fixes: e6f32efb1b12 ("phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode") Signed-off-by: Colin Ian King Link: https://lore.kernel.org/r/20200625124428.83564-1-colin.king@canonical.com Signed-off-by: Vinod Koul commit 8b94a4b92327d061327117e127d7d44a4a43e639 Author: Mika Westerberg Date: Thu Apr 2 12:45:34 2020 +0300 thunderbolt: Fix path indices used in USB3 tunnel discovery The USB3 discovery used wrong indices when tunnel is discovered. It should use TB_USB3_PATH_DOWN for path that flows downstream and TB_USB3_PATH_UP when it flows upstream. This should not affect the functionality but better to fix it. Fixes: e6f818585713 ("thunderbolt: Add support for USB 3.x tunnels") Signed-off-by: Mika Westerberg Cc: stable@vger.kernel.org # v5.6+ commit 10e8b11eb3195e11450c509d4dd3984d707a4167 Author: Rafael J. Wysocki Date: Thu Jun 25 13:52:53 2020 +0200 cpuidle: Rearrange s2idle-specific idle state entry code Implement call_cpuidle_s2idle() in analogy with call_cpuidle() for the s2idle-specific idle state entry and invoke it from cpuidle_idle_call() to make the s2idle-specific idle entry code path look more similar to the "regular" idle entry one. No intentional functional impact. Signed-off-by: Rafael J. Wysocki Acked-by: Chen Yu commit 145a773aef83181d47ebab21bb33c89233aadb1e Author: Peter Zijlstra Date: Tue Jun 16 13:28:36 2020 +0200 x86/entry: Fix #UD vs WARN more vmlinux.o: warning: objtool: exc_invalid_op()+0x47: call to probe_kernel_read() leaves .noinstr.text section Since we use UD2 as a short-cut for 'CALL __WARN', treat it as such. Have the bare exception handler do the report_bug() thing. Fixes: 15a416e8aaa7 ("x86/entry: Treat BUG/WARN as NMI-like entries") Signed-off-by: Peter Zijlstra (Intel) Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200622114713.GE577403@hirez.programming.kicks-ass.net commit c7aadc09321d8f9a1d3bd1e6d8a47222ecddf6c5 Author: Peter Zijlstra Date: Wed Jun 17 18:25:57 2020 +0200 x86/entry: Increase entry_stack size to a full page Marco crashed in bad_iret with a Clang11/KCSAN build due to overflowing the stack. Now that we run C code on it, expand it to a full page. Suggested-by: Andy Lutomirski Reported-by: Marco Elver Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Lai Jiangshan Tested-by: Marco Elver Link: https://lkml.kernel.org/r/20200618144801.819246178@infradead.org commit e3a9e681adb779b39565a28b3252c3be1033f994 Author: Peter Zijlstra Date: Wed Jun 17 18:21:16 2020 +0200 x86/entry: Fixup bad_iret vs noinstr vmlinux.o: warning: objtool: fixup_bad_iret()+0x8e: call to memcpy() leaves .noinstr.text section Worse, when KASAN there is no telling what memcpy() actually is. Force the use of __memcpy() which is our assmebly implementation. Reported-by: Marco Elver Suggested-by: Marco Elver Signed-off-by: Peter Zijlstra (Intel) Tested-by: Marco Elver Link: https://lkml.kernel.org/r/20200618144801.760070502@infradead.org commit 734d099ba644f5a92c70efa3d54d0ba2500ce162 Author: Peter Zijlstra Date: Wed Jun 17 18:22:31 2020 +0200 objtool: Don't consider vmlinux a C-file Avoids issuing C-file warnings for vmlinux. Signed-off-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20200618144801.701257527@infradead.org commit acf7b0bf7dcf5a96d9b44a0997227c7210d995c1 Author: Marco Elver Date: Tue Jun 23 13:24:48 2020 +0200 kasan: Fix required compiler version The first working GCC version to satisfy CC_HAS_WORKING_NOSANITIZE_ADDRESS is GCC 8.3.0. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 Reported-by: Stephen Rothwell Signed-off-by: Marco Elver Signed-off-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20200623112448.GA208112@elver.google.com commit 2a78b85b70f9c3d450619d369d349ba861320510 Author: Sumit Garg Date: Thu Jun 4 15:31:18 2020 +0530 kdb: Make kdb_printf() console handling more robust While rounding up CPUs via NMIs, its possible that a rounded up CPU maybe holding a console port lock leading to kgdb master CPU stuck in a deadlock during invocation of console write operations. A similar deadlock could also be possible while using synchronous breakpoints. So in order to avoid such a deadlock, set oops_in_progress to encourage the console drivers to disregard their internal spin locks: in the current calling context the risk of deadlock is a bigger problem than risks due to re-entering the console driver. We operate directly on oops_in_progress rather than using bust_spinlocks() because the calls bust_spinlocks() makes on exit are not appropriate for this calling context. Suggested-by: Sergey Senozhatsky Signed-off-by: Sumit Garg Reviewed-by: Douglas Anderson Reviewed-by: Petr Mladek Link: https://lore.kernel.org/r/1591264879-25920-4-git-send-email-sumit.garg@linaro.org Signed-off-by: Daniel Thompson commit e8857288bb620d594c94a219148d18562e52b06e Author: Sumit Garg Date: Thu Jun 4 15:31:17 2020 +0530 kdb: Check status of console prior to invoking handlers Check if a console is enabled prior to invoking corresponding write handler. Suggested-by: Sergey Senozhatsky Signed-off-by: Sumit Garg Reviewed-by: Daniel Thompson Reviewed-by: Douglas Anderson Reviewed-by: Petr Mladek Link: https://lore.kernel.org/r/1591264879-25920-3-git-send-email-sumit.garg@linaro.org Signed-off-by: Daniel Thompson commit 9d71b344f86f4264a5fae43c997a630e93c0de9b Author: Sumit Garg Date: Thu Jun 4 15:31:16 2020 +0530 kdb: Re-factor kdb_printf() message write code Re-factor kdb_printf() message write code in order to avoid duplication of code and thereby increase readability. Signed-off-by: Sumit Garg Reviewed-by: Douglas Anderson Reviewed-by: Petr Mladek Link: https://lore.kernel.org/r/1591264879-25920-2-git-send-email-sumit.garg@linaro.org Signed-off-by: Daniel Thompson commit 0b467b63870d9c05c81456aa9bfee894ab2db3b6 Author: Markus Theil Date: Thu Jun 25 12:42:14 2020 +0200 mac80211: allow rx of mesh eapol frames with default rx key Without this patch, eapol frames cannot be received in mesh mode, when 802.1X should be used. Initially only a MGTK is defined, which is found and set as rx->key, when there are no other keys set. ieee80211_drop_unencrypted would then drop these eapol frames, as they are data frames without encryption and there exists some rx->key. Fix this by differentiating between mesh eapol frames and other data frames with existing rx->key. Allow mesh mesh eapol frames only if they are for our vif address. With this patch in-place, ieee80211_rx_h_mesh_fwding continues after the ieee80211_drop_unencrypted check and notices, that these eapol frames have to be delivered locally, as they should. Signed-off-by: Markus Theil Link: https://lore.kernel.org/r/20200625104214.50319-1-markus.theil@tu-ilmenau.de [small code cleanups] Signed-off-by: Johannes Berg commit 4ab59c3c638c6c8952bf07739805d20eb6358a4d Author: Sumit Semwal Date: Thu Jun 11 17:14:18 2020 +0530 dma-buf: Move dma_buf_release() from fops to dentry_ops Charan Teja reported a 'use-after-free' in dmabuffs_dname [1], which happens if the dma_buf_release() is called while the userspace is accessing the dma_buf pseudo fs's dmabuffs_dname() in another process, and dma_buf_release() releases the dmabuf object when the last reference to the struct file goes away. I discussed with Arnd Bergmann, and he suggested that rather than tying the dma_buf_release() to the file_operations' release(), we can tie it to the dentry_operations' d_release(), which will be called when the last ref to the dentry is removed. The path exercised by __fput() calls f_op->release() first, and then calls dput, which eventually calls d_op->d_release(). In the 'normal' case, when no userspace access is happening via dma_buf pseudo fs, there should be exactly one fd, file, dentry and inode, so closing the fd will kill of everything right away. In the presented case, the dentry's d_release() will be called only when the dentry's last ref is released. Therefore, lets move dma_buf_release() from fops->release() to d_ops->d_release() Many thanks to Arnd for his FS insights :) [1]: https://lore.kernel.org/patchwork/patch/1238278/ Fixes: bb2bb9030425 ("dma-buf: add DMA_BUF_SET_NAME ioctls") Reported-by: syzbot+3643a18836bce555bff6@syzkaller.appspotmail.com Cc: [5.3+] Cc: Arnd Bergmann Reported-by: Charan Teja Reddy Reviewed-by: Arnd Bergmann Signed-off-by: Sumit Semwal Tested-by: Charan Teja Reddy Link: https://patchwork.freedesktop.org/patch/msgid/20200611114418.19852-1-sumit.semwal@linaro.org commit 5af7fef39d7952c0f5551afa7b821ee7b6c9dd3d Author: Markus Theil Date: Wed Jun 17 10:26:36 2020 +0200 mac80211: skip mpath lookup also for control port tx When using 802.1X over mesh networks, at first an ordinary mesh peering is established, then the 802.1X EAPOL dialog happens, afterwards an authenticated mesh peering exchange (AMPE) happens, finally the peering is complete and we can set the STA authorized flag. As 802.1X is an intermediate step here and key material is not yet exchanged for stations we have to skip mesh path lookup for these EAPOL frames. Otherwise the already configure mesh group encryption key would be used to send a mesh path request which no one can decipher, because we didn't already establish key material on both peers, like with SAE and directly using AMPE. Signed-off-by: Markus Theil Link: https://lore.kernel.org/r/20200617082637.22670-2-markus.theil@tu-ilmenau.de [remove pointless braces, remove unnecessary local variable, the list can only process one such frame (or its fragments)] Signed-off-by: Johannes Berg commit 78fb5b541b7ae57ac39187ccb3097e606004cf9b Author: Seevalamuthu Mariappan Date: Tue Jun 9 15:45:54 2020 +0530 mac80211: Fix dropping broadcast packets in 802.11 encap Broadcast pkts like arp are getting dropped in 'ieee80211_8023_xmit'. Fix this by replacing is_valid_ether_addr api with is_zero_ether_addr. Fixes: 50ff477a8639 ("mac80211: add 802.11 encapsulation offloading support") Signed-off-by: Seevalamuthu Mariappan Link: https://lore.kernel.org/r/1591697754-4975-1-git-send-email-seevalam@codeaurora.org Signed-off-by: Johannes Berg commit 01da2e059dc326d02091a62b81a795a393e3719f Author: Pavel Machek Date: Thu Jun 4 23:41:57 2020 +0200 mac80211: simplify mesh code Doing mod_timer() conditionaly is easier than conditionally unlocking and jumping around... Signed-off-by: Pavel Machek (CIP) Acked-by: Linus Lüssing Link: https://lore.kernel.org/r/20200604214157.GA9737@amd Signed-off-by: Johannes Berg commit 86a1b9d7c275a3dba69e7ab099f8d5f71f69f6a8 Author: Markus Theil Date: Mon Jun 22 14:35:42 2020 +0200 mac80211: fix control port tx status check The initial control port tx status patch assumed, that we have IEEE 802.11 frames, but actually ethernet frames are stored in the ack skb. Fix this by checking for the correct ethertype and skb protocol 802.3. Also allow tx status reports for ETH_P_PREAUTH, as preauth frames can also be send over the nl80211 control port. Fixes: a7528198add8 ("mac80211: support control port TX status reporting") Reported-by: Jouni Malinen Signed-off-by: Markus Theil Reported-by: kernel test robot Link: https://lore.kernel.org/r/20200622123542.173695-1-markus.theil@tu-ilmenau.de Signed-off-by: Johannes Berg commit 0c1a7f13c9ec1ceb18d97ef4b1dd20ec71ffba31 Author: Veerendranath Jakkam Date: Wed Jun 17 17:01:32 2020 +0530 ieee80211: Add missing and new AKM suite selector definitions Add the definitions for missing AKM selectors defined in IEEE P802.11-REVmd/D3.0, table 9-151. These definitions will be used by various drivers that support these new AKM suites. Signed-off-by: Veerendranath Jakkam Link: https://lore.kernel.org/r/20200617113132.13477-1-vjakkam@codeaurora.org Signed-off-by: Johannes Berg commit 9fbbb7ddd96ed68e75a4e8f194225b5297f62bd4 Author: João H. Spies Date: Tue Jun 23 18:19:45 2020 -0300 MIPS: ingenic: gcw0: Fix HP detection GPIO. Previously marked as active high, but is in reality active low. Cc: stable@vger.kernel.org Fixes: b1bfdb660516 ("MIPS: ingenic: DTS: Update GCW0 support") Signed-off-by: João H. Spies Tested-by: Paul Cercueil Reviewed-by: Paul Cercueil Signed-off-by: Thomas Bogendoerfer commit 5b83c254571b26e6b6110019929dc9729e5c59d1 Merge: a1cd3486d7b3 b5b78a6c8d8c Author: Dave Airlie Date: Thu Jun 25 14:51:14 2020 +1000 Merge tag 'amd-drm-fixes-5.8-2020-06-24' of git://people.freedesktop.org/~agd5f/linux into drm-fixes amd-drm-fixes-5.8-2020-06-24: amdgpu: - Fix missed mutex unlock in DC error path - Fix firmware leak for sdma5 - DC bpc property fixes amdkfd: - Fix memleak in an error path radeon: - Fix copy paste typo in NI DPM spll validation Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20200624221207.17773-1-alexander.deucher@amd.com commit eb2932b00fc75a154bb4607773dc0666924116ad Merge: a51243860893 20d1f2d1b024 Author: David S. Miller Date: Wed Jun 24 21:51:03 2020 -0700 Merge branch 'net-bcmgenet-use-hardware-padding-of-runt-frames' Doug Berger says: ==================== net: bcmgenet: use hardware padding of runt frames Now that scatter-gather and tx-checksumming are enabled by default it revealed a packet corruption issue that can occur for very short fragmented packets. When padding these frames to the minimum length it is possible for the non-linear (fragment) data to be added to the end of the linear header in an SKB. Since the number of fragments is read before the padding and used afterward without reloading, the fragment that should have been consumed can be tacked on in place of part of the padding. The third commit in this set corrects this by removing the software padding and allowing the hardware to add the pad bytes if necessary. The first two commits resolve warnings observed by the kbuild test robot and are included here for simplicity of application. ==================== Signed-off-by: David S. Miller commit 20d1f2d1b024f6be199a3bedf1578a1d21592bc5 Author: Doug Berger Date: Wed Jun 24 18:14:55 2020 -0700 net: bcmgenet: use hardware padding of runt frames When commit 474ea9cafc45 ("net: bcmgenet: correctly pad short packets") added the call to skb_padto() it should have been located before the nr_frags parameter was read since that value could be changed when padding packets with lengths between 55 and 59 bytes (inclusive). The use of a stale nr_frags value can cause corruption of the pad data when tx-scatter-gather is enabled. This corruption of the pad can cause invalid checksum computation when hardware offload of tx-checksum is also enabled. Since the original reason for the padding was corrected by commit 7dd399130efb ("net: bcmgenet: fix skb_len in bcmgenet_xmit_single()") we can remove the software padding all together and make use of hardware padding of short frames as long as the hardware also always appends the FCS value to the frame. Fixes: 474ea9cafc45 ("net: bcmgenet: correctly pad short packets") Signed-off-by: Doug Berger Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit d966d2efb643a8ba925e910bfc10e19c8b018de7 Author: Doug Berger Date: Wed Jun 24 18:14:54 2020 -0700 net: bcmgenet: use __be16 for htons(ETH_P_IP) The 16-bit value that holds a short in network byte order should be declared as a restricted big endian type to allow type checks to succeed during assignment. Fixes: 3e370952287c ("net: bcmgenet: add support for ethtool rxnfc flows") Reported-by: kbuild test robot Signed-off-by: Doug Berger Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit 673bafd5b8b0ec9b1e2eedca2a2be6b44ee5ba9c Author: Doug Berger Date: Wed Jun 24 18:14:53 2020 -0700 net: bcmgenet: re-remove bcmgenet_hfb_add_filter This function was originally removed by Baoyou Xie in commit e2072600a241 ("net: bcmgenet: remove unused function in bcmgenet.c") to prevent a build warning. Some of the functions removed by Baoyou Xie are now used for WAKE_FILTER support so his commit was reverted, but this function is still unused and the kbuild test robot dutifully reported the warning. This commit once again removes the remaining unused hfb functions. Fixes: 14da1510fedc ("Revert "net: bcmgenet: remove unused function in bcmgenet.c"") Reported-by: kbuild test robot Signed-off-by: Doug Berger Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit a1cd3486d7b37dbdc76ac0770a22e763c4d4271f Merge: 5107683f24d4 fce3a51d9b31 Author: Dave Airlie Date: Thu Jun 25 14:17:18 2020 +1000 Merge tag 'drm/tegra/for-5.8-rc3' of git://anongit.freedesktop.org/tegra/linux into drm-fixes drm/tegra: Fixes for v5.8-rc3 This contains a fairly random assortment of fixes for various minor issues. Signed-off-by: Dave Airlie From: Thierry Reding Link: https://patchwork.freedesktop.org/patch/msgid/20200624165254.2763104-1-thierry.reding@gmail.com commit 5107683f24d458afd94f56f7d7e256b1aa5a673d Merge: 48778464bb7d 5f9af404eec8 Author: Dave Airlie Date: Thu Jun 25 12:46:51 2020 +1000 Merge tag 'du-fixes-20200621' of git://linuxtv.org/pinchartl/media into drm-fixes Build fix for the R-Car DU DRM driver Signed-off-by: Dave Airlie From: Laurent Pinchart Link: https://patchwork.freedesktop.org/patch/msgid/20200621021720.GA1569@pendragon.ideasonboard.com commit 20c59ce010f84300f6c655d32db2610d3433f85c Author: Maurizio Drocco Date: Tue Jun 23 11:57:32 2020 -0400 ima: extend boot_aggregate with kernel measurements Registers 8-9 are used to store measurements of the kernel and its command line (e.g., grub2 bootloader with tpm module enabled). IMA should include them in the boot aggregate. Registers 8-9 should be only included in non-SHA1 digests to avoid ambiguity. Signed-off-by: Maurizio Drocco Reviewed-by: Bruno Meneguele Tested-by: Bruno Meneguele (TPM 1.2, TPM 2.0) Signed-off-by: Mimi Zohar commit 8be3a53e18e0e1a98f288f6c7f5e9da3adbe9c49 Merge: fc10807db5ce 3c597282887f Author: Linus Torvalds Date: Wed Jun 24 17:39:30 2020 -0700 Merge tag 'erofs-for-5.8-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs Pull erofs fix from Gao Xiang: "Fix a regression which uses potential uninitialized high 32-bit value unexpectedly recently observed with specific compiler options" * tag 'erofs-for-5.8-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs: erofs: fix partially uninitialized misuse in z_erofs_onlinepage_fixup commit 619ae8e0697a6fb85b99b19137590c7c337c579e Author: Florian Westphal Date: Mon Jun 22 10:28:32 2020 +0200 selftests: netfilter: add test case for conntrack helper assignment check that 'nft ... ct helper set ' works: 1. configure ftp helper via nft and assign it to connections on port 2121 2. check with 'conntrack -L' that the next connection has the ftp helper attached to it. Also add a test for auto-assign (old behaviour). Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit 5f027bc74a9be2e53233de4ebcd2f90390b50a62 Author: David Wilder Date: Mon Jun 22 10:10:14 2020 -0700 netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c. Using new helpers ip6t_unregister_table_pre_exit() and ip6t_unregister_table_exit(). Fixes: b9e69e127397 ("netfilter: xtables: don't hook tables by default") Signed-off-by: David Wilder Signed-off-by: Pablo Neira Ayuso commit 57ea5f18882a3d7cf6135fa8c949a37c89395837 Author: David Wilder Date: Mon Jun 22 10:10:13 2020 -0700 netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers. The pre_exit will un-register the underlying hook and .exit will do the table freeing. The netns core does an unconditional synchronize_rcu after the pre_exit hooks insuring no packets are in flight that have picked up the pointer before completing the un-register. Fixes: b9e69e127397 ("netfilter: xtables: don't hook tables by default") Signed-off-by: David Wilder Signed-off-by: Pablo Neira Ayuso commit cf4cbc610bfa29a88cd71ca638a890f8c565a22e Author: David Wilder Date: Mon Jun 22 10:10:12 2020 -0700 netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. Using new helpers ipt_unregister_table_pre_exit() and ipt_unregister_table_exit(). Fixes: b9e69e127397 ("netfilter: xtables: don't hook tables by default") Signed-off-by: David Wilder Signed-off-by: Pablo Neira Ayuso commit 1cbf90985f7448f1b0dd630e17ee1070f7d58665 Author: David Wilder Date: Mon Jun 22 10:10:11 2020 -0700 netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers. The pre_exit will un-register the underlying hook and .exit will do the table freeing. The netns core does an unconditional synchronize_rcu after the pre_exit hooks insuring no packets are in flight that have picked up the pointer before completing the un-register. Fixes: b9e69e127397 ("netfilter: xtables: don't hook tables by default") Signed-off-by: David Wilder Signed-off-by: Pablo Neira Ayuso commit 4cacc39516784670aa09833a9ec8bf3e90bef561 Author: Rob Gill Date: Sun Jun 21 05:27:36 2020 +0000 netfilter: Add MODULE_DESCRIPTION entries to kernel modules The user tool modinfo is used to get information on kernel modules, including a description where it is available. This patch adds a brief MODULE_DESCRIPTION to netfilter kernel modules (descriptions taken from Kconfig file or code comments) Signed-off-by: Rob Gill Signed-off-by: Pablo Neira Ayuso commit 715028460082d07a7ec6fcd87b14b46784346a72 Author: Russell King Date: Wed Jun 10 21:51:11 2020 +0100 netfilter: ipset: fix unaligned atomic access When using ip_set with counters and comment, traffic causes the kernel to panic on 32-bit ARM: Alignment trap: not handling instruction e1b82f9f at [] Unhandled fault: alignment exception (0x221) at 0xea08133c PC is at ip_set_match_extensions+0xe0/0x224 [ip_set] The problem occurs when we try to update the 64-bit counters - the faulting address above is not 64-bit aligned. The problem occurs due to the way elements are allocated, for example: set->dsize = ip_set_elem_len(set, tb, 0, 0); map = ip_set_alloc(sizeof(*map) + elements * set->dsize); If the element has a requirement for a member to be 64-bit aligned, and set->dsize is not a multiple of 8, but is a multiple of four, then every odd numbered elements will be misaligned - and hitting an atomic64_add() on that element will cause the kernel to panic. ip_set_elem_len() must return a size that is rounded to the maximum alignment of any extension field stored in the element. This change ensures that is the case. Fixes: 95ad1f4a9358 ("netfilter: ipset: Fix extension alignment") Signed-off-by: Russell King Acked-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso commit b5b78a6c8d8cb9c307bc6b16a754603424459d6e Author: Bernard Zhao Date: Sat Jun 20 17:11:52 2020 +0800 drm/amd: fix potential memleak in err branch The function kobject_init_and_add alloc memory like: kobject_init_and_add->kobject_add_varg->kobject_set_name_vargs ->kvasprintf_const->kstrdup_const->kstrdup->kmalloc_track_caller ->kmalloc_slab, in err branch this memory not free. If use kmemleak, this path maybe catched. These changes are to add kobject_put in kobject_init_and_add failed branch, fix potential memleak. Signed-off-by: Bernard Zhao Reviewed-by: Felix Kuehling Signed-off-by: Felix Kuehling Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit fa7041d9d2fc7401cece43f305eb5b87b7017fc4 Author: Stylon Wang Date: Fri Jun 12 19:04:18 2020 +0800 drm/amd/display: Fix ineffective setting of max bpc property [Why] Regression was introduced where setting max bpc property has no effect on the atomic check and final commit. It has the same effect as max bpc being stuck at 8. [How] Correctly propagate max bpc with the new connector state. Signed-off-by: Stylon Wang Reviewed-by: Nicholas Kazlauskas Acked-by: Rodrigo Siqueira Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 5ae9c378c3d88b40af72f8e8f961808e29f3e70b Author: Stylon Wang Date: Mon Jun 1 16:12:09 2020 +0800 drm/amd/display: Enable output_bpc property on all outputs [Why] Connector property output_bpc is available on DP/eDP only. New IGT tests would benifit if this property works on HDMI. [How] Enable this read-only property on all types of connectors. Signed-off-by: Stylon Wang Reviewed-by: Nicholas Kazlauskas Acked-by: Rodrigo Siqueira Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit edfaf6fa73f15568d4337f208b2333f647c35810 Author: Wenhui Sheng Date: Thu Jun 18 15:37:04 2020 +0800 drm/amdgpu: add fw release for sdma v5_0 sdma fw isn't released when module exit Reviewed-by: Hawking Zhang Signed-off-by: Wenhui Sheng Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit a51243860893615b457b149da1ef5df0a4f1ffc2 Author: Colin Ian King Date: Wed Jun 24 11:13:02 2020 +0100 qed: add missing error test for DBG_STATUS_NO_MATCHING_FRAMING_MODE The error DBG_STATUS_NO_MATCHING_FRAMING_MODE was added to the enum enum dbg_status however there is a missing corresponding entry for this in the array s_status_str. This causes an out-of-bounds read when indexing into the last entry of s_status_str. Fix this by adding in the missing entry. Addresses-Coverity: ("Out-of-bounds read"). Fixes: 2d22bc8354b1 ("qed: FW 8.42.2.0 debug features") Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 482f3bae5bf33522041590c0fde51c3e9651349f Merge: 41c2b6b4f0f8 9886a4dbd2aa Author: David S. Miller Date: Wed Jun 24 14:52:49 2020 -0700 Merge branch 'net-phy-call-phy_disable_interrupts-in-phy_init_hw' Jisheng Zhang says: ==================== net: phy: call phy_disable_interrupts() in phy_init_hw() We face an issue with rtl8211f, a pin is shared between INTB and PMEB, and the PHY Register Accessible Interrupt is enabled by default, so the INTB/PMEB pin is always active in polling mode case. As Heiner pointed out "I was thinking about calling phy_disable_interrupts() in phy_init_hw(), to have a defined init state as we don't know in which state the PHY is if the PHY driver is loaded. We shouldn't assume that it's the chip power-on defaults, BIOS or boot loader could have changed this. Or in case of dual-boot systems the other OS could leave the PHY in whatever state." patch1 makes phy_disable_interrupts() non-static so that it could be used in phy_init_hw() to have a defined init state. patch2 calls phy_disable_interrupts() in phy_init_hw() to have a defined init state. Since v3: - call phy_disable_interrupts() have interrupts disabled first then config_init, thank Florian Since v2: - Don't export phy_disable_interrupts() but just make it non-static Since v1: - EXPORT the correct symbol ==================== Signed-off-by: David S. Miller commit 9886a4dbd2aacf4b044e294e4cdebb43992d44b1 Author: Jisheng Zhang Date: Wed Jun 24 15:59:23 2020 +0800 net: phy: call phy_disable_interrupts() in phy_init_hw() Call phy_disable_interrupts() in phy_init_hw() to "have a defined init state as we don't know in which state the PHY is if the PHY driver is loaded. We shouldn't assume that it's the chip power-on defaults, BIOS or boot loader could have changed this. Or in case of dual-boot systems the other OS could leave the PHY in whatever state." as pointed out by Heiner. Suggested-by: Heiner Kallweit Signed-off-by: Jisheng Zhang Signed-off-by: David S. Miller commit 3dd4ef1bdbac959bb20faec93937720ddd9917c6 Author: Jisheng Zhang Date: Wed Jun 24 15:58:24 2020 +0800 net: phy: make phy_disable_interrupts() non-static We face an issue with rtl8211f, a pin is shared between INTB and PMEB, and the PHY Register Accessible Interrupt is enabled by default, so the INTB/PMEB pin is always active in polling mode case. As Heiner pointed out "I was thinking about calling phy_disable_interrupts() in phy_init_hw(), to have a defined init state as we don't know in which state the PHY is if the PHY driver is loaded. We shouldn't assume that it's the chip power-on defaults, BIOS or boot loader could have changed this. Or in case of dual-boot systems the other OS could leave the PHY in whatever state." Make phy_disable_interrupts() non-static so that it could be used in phy_init_hw() to have a defined init state. Suggested-by: Heiner Kallweit Signed-off-by: Jisheng Zhang Signed-off-by: David S. Miller commit 41c2b6b4f0f807803bb49f65835d136941a70f85 Author: Sascha Hauer Date: Wed Jun 24 09:00:45 2020 +0200 net: ethernet: mvneta: Add back interface mode validation When writing the serdes configuration register was moved to mvneta_config_interface() the whole code block was removed from mvneta_port_power_up() in the assumption that its only purpose was to write the serdes configuration register. As mentioned by Russell King its purpose was also to check for valid interface modes early so that later in the driver we do not have to care for unexpected interface modes. Add back the test to let the driver bail out early on unhandled interface modes. Fixes: b4748553f53f ("net: ethernet: mvneta: Fix Serdes configuration for SoCs without comphy") Signed-off-by: Sascha Hauer Reviewed-by: Russell King Signed-off-by: David S. Miller commit d3d239dcb8aae6d7b10642d292b404e57604f7ea Author: Sascha Hauer Date: Wed Jun 24 09:00:44 2020 +0200 net: ethernet: mvneta: Do not error out in non serdes modes In mvneta_config_interface() the RGMII modes are catched by the default case which is an error return. The RGMII modes are valid modes for the driver, so instead of returning an error add a break statement to return successfully. This avoids this warning for non comphy SoCs which use RGMII, like SolidRun Clearfog: WARNING: CPU: 0 PID: 268 at drivers/net/ethernet/marvell/mvneta.c:3512 mvneta_start_dev+0x220/0x23c Fixes: b4748553f53f ("net: ethernet: mvneta: Fix Serdes configuration for SoCs without comphy") Signed-off-by: Sascha Hauer Reviewed-by: Russell King Signed-off-by: David S. Miller commit 1ed9ec9b08addbd8d3e36d5f4a652d8590a6ddb7 Author: Daniel Mack Date: Sat Jun 20 21:39:25 2020 +0200 dsa: Allow forwarding of redirected IGMP traffic The driver for Marvell switches puts all ports in IGMP snooping mode which results in all IGMP/MLD frames that ingress on the ports to be forwarded to the CPU only. The bridge code in the kernel can then interpret these frames and act upon them, for instance by updating the mdb in the switch to reflect multicast memberships of stations connected to the ports. However, the IGMP/MLD frames must then also be forwarded to other ports of the bridge so external IGMP queriers can track membership reports, and external multicast clients can receive query reports from foreign IGMP queriers. Currently, this is impossible as the EDSA tagger sets offload_fwd_mark on the skb when it unwraps the tagged frames, and that will make the switchdev layer prevent the skb from egressing on any other port of the same switch. To fix that, look at the To_CPU code in the DSA header and make forwarding of the frame possible for trapped IGMP packets. Introduce some #defines for the frame types to make the code a bit more comprehensive. This was tested on a Marvell 88E6352 variant. Signed-off-by: Daniel Mack Reviewed-by: Andrew Lunn Tested-by: Andrew Lunn Signed-off-by: David S. Miller commit 17843655708e1941c0653af3cd61be6948e36f43 Author: Lorenzo Bianconi Date: Tue Jun 23 18:33:15 2020 +0200 openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len ovs connection tracking module performs de-fragmentation on incoming fragmented traffic. Take info account if traffic has been de-fragmented in execute_check_pkt_len action otherwise we will perform the wrong nested action considering the original packet size. This issue typically occurs if ovs-vswitchd adds a rule in the pipeline that requires connection tracking (e.g. OVN stateful ACLs) before execute_check_pkt_len action. Moreover take into account GSO fragment size for GSO packet in execute_check_pkt_len routine Fixes: 4d5ec89fc8d14 ("net: openvswitch: Add a new action check_pkt_len") Signed-off-by: Lorenzo Bianconi Signed-off-by: David S. Miller commit fc10807db5ced090d83cec167e87c95a47452d24 Merge: fbb58011fdd9 cb91909e48a4 Author: Linus Torvalds Date: Wed Jun 24 14:26:28 2020 -0700 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio fixes from Michael Tsirkin: "Fixes all over the place. This includes a couple of tests that I would normally defer, but since they have already been helpful in catching some bugs, don't build for any users at all, and having them upstream makes life easier for everyone, I think it's ok even at this late stage" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: tools/virtio: Use tools/include/list.h instead of stubs tools/virtio: Reset index in virtio_test --reset. tools/virtio: Extract virtqueue initialization in vq_reset tools/virtio: Use __vring_new_virtqueue in virtio_test.c tools/virtio: Add --reset tools/virtio: Add --batch=random option tools/virtio: Add --batch option virtio-mem: add memory via add_memory_driver_managed() virtio-mem: silence a static checker warning vhost_vdpa: Fix potential underflow in vhost_vdpa_mmap() vdpa: fix typos in the comments for __vdpa_alloc_device() commit fbb58011fdd9ca2e2f0e329d11085ddf46830c5a Merge: 26e122e97a3d 86f56395feb2 Author: Linus Torvalds Date: Wed Jun 24 14:19:45 2020 -0700 Merge tag 'for-linus-2020-06-24' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux Pull thread fix from Christian Brauner: "This fixes a regression introduced with 303cc571d107 ("nsproxy: attach to namespaces via pidfds"). The LTP testsuite reported a regression where users would now see EBADF returned instead of EINVAL when an fd was passed that referred to an open file but the file was not a namespace file. Fix this by continuing to report EINVAL and add a regression test" * tag 'for-linus-2020-06-24' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux: tests: test for setns() EINVAL regression nsproxy: restore EINVAL for non-namespace file descriptor commit dc5bdb68b5b369d5bc7d1de96fa64cc1737a6320 Author: Daniel Vetter Date: Wed Jun 24 11:29:10 2020 +0200 drm/fb-helper: Fix vt restore In the past we had a pile of hacks to orchestrate access between fbdev emulation and native kms clients. We've tried to streamline this, by always preferring the kms side above fbdev calls when a drm master exists, because drm master controls access to the display resources. Unfortunately this breaks existing userspace, specifically Xorg. When exiting Xorg first restores the console to text mode using the KDSET ioctl on the vt. This does nothing, because a drm master is still around. Then it drops the drm master status, which again does nothing, because logind is keeping additional drm fd open to be able to orchestrate vt switches. In the past this is the point where fbdev was restored, as part of the ->lastclose hook on the drm side. Now to fix this regression we don't want to go back to letting fbdev restore things whenever it feels like, or to the pile of hacks we've had before. Instead try and go with a minimal exception to make the KDSET case work again, and nothing else. This means that if userspace does a KDSET call when switching between graphical compositors, there will be some flickering with fbcon showing up for a bit. But a) that's not a regression and b) userspace can fix it by improving the vt switching dance - logind should have all the information it needs. While pondering all this I'm also wondering wheter we should have a SWITCH_MASTER ioctl to allow race-free master status handover. But that's for another day. v2: Somehow forgot to cc all the fbdev people. v3: Fix typo Alex spotted. Reviewed-by: Alex Deucher Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=208179 Cc: shlomo@fastmail.com Reported-and-Tested-by: shlomo@fastmail.com Cc: Michel Dänzer Fixes: 64914da24ea9 ("drm/fbdev-helper: don't force restores") Cc: Noralf Trønnes Cc: Thomas Zimmermann Cc: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: David Airlie Cc: Daniel Vetter Cc: dri-devel@lists.freedesktop.org Cc: # v5.7+ Cc: Bartlomiej Zolnierkiewicz Cc: Geert Uytterhoeven Cc: Nathan Chancellor Cc: Qiujun Huang Cc: Peter Rosin Cc: linux-fbdev@vger.kernel.org Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20200624092910.3280448-1-daniel.vetter@ffwll.ch commit 38fd98afeeb79d3b148db49f81f2ec6a37a4ee00 Author: Mike Marciniszyn Date: Tue Jun 23 16:43:28 2020 -0400 IB/hfi1: Add atomic triggered sleep/wakeup When running iperf in a two host configuration the following trace can occur: [ 319.728730] NETDEV WATCHDOG: ib0 (hfi1): transmit queue 0 timed out The issue happens because the current implementation relies on the netif txq being stopped to control the flushing of the tx list. There are two resources that the transmit logic can wait on and stop the txq: - SDMA descriptors - Ring space to hold completions The ring space is tested on the sending side and relieved when the ring is consumed in the napi tx reaping. Unfortunately, that reaping can run conncurrently with the workqueue flushing of the txlist. If the txq is started just before the workitem executes, the txlist will never be flushed, leading to the txq being stuck. Fix by: - Adding sleep/wakeup wrappers * Use an atomic to control the call to the netif routines inside the wrappers - Use another atomic to record ring space exhaustion * Only wakeup when the a ring space exhaustion has happened and it relieved Add additional wrappers to clarify the ring space resource handling. Fixes: d99dc602e2a5 ("IB/hfi1: Add functions to transmit datagram ipoib packets") Link: https://lore.kernel.org/r/20200623204327.108092.4024.stgit@awfm-01.aw.intel.com Reviewed-by: Kaike Wan Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit 82172b765530f84b4b9da929f2dcf46f2b7b232b Author: Mike Marciniszyn Date: Tue Jun 23 16:43:22 2020 -0400 IB/hfi1: Correct -EBUSY handling in tx code The current code mishandles -EBUSY in two ways: - The flow change doesn't test the return from the flush and runs on to process the current packet racing with the wakeup processing - The -EBUSY handling for a single packet inserts the tx into the txlist after the submit call, racing with the same wakeup processing Fix the first by dropping the skb and returning NETDEV_TX_OK. Fix the second by insuring the the list entry within the txreq is inited when allocated. This enables the sleep routine to detect that the txreq has used the non-list api and queue the packet to the txlist. Both flaws can lead to having the flushing thread executing in causing two threads to manipulate the txlist. Fixes: d99dc602e2a5 ("IB/hfi1: Add functions to transmit datagram ipoib packets") Link: https://lore.kernel.org/r/20200623204321.108092.83898.stgit@awfm-01.aw.intel.com Reviewed-by: Kaike Wan Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit 822fbd37410639acdae368ea55477ddd3498651d Author: Dennis Dalessandro Date: Tue Jun 23 16:32:30 2020 -0400 IB/hfi1: Fix module use count flaw due to leftover module put calls When the try_module_get calls were removed from opening and closing of the i2c debugfs file, the corresponding module_put calls were missed. This results in an inaccurate module use count that requires a power cycle to fix. Fixes: 09fbca8e6240 ("IB/hfi1: No need to use try_module_get for debugfs") Link: https://lore.kernel.org/r/20200623203230.106975.76240.stgit@awfm-01.aw.intel.com Cc: Reviewed-by: Kaike Wan Reviewed-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit b46925a24a9ca7db03655657565e03d2de3027c8 Author: Dennis Dalessandro Date: Tue Jun 23 16:32:24 2020 -0400 IB/hfi1: Restore kfree in dummy_netdev cleanup We need to do some rework on the dummy netdev. Calling the free_netdev() would normally make sense, and that will be addressed in an upcoming patch. For now just revert the behavior to what it was before keeping the unused variable removal part of the patch. The dd->dumm_netdev is mainly used for packet receiving through alloc_netdev_mqs() for typical net devices. A a result, it should be freed with kfree instead of free_netdev() that leads to a crash when unloading the hfi1 module: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000000855b54067 P4D 8000000855b54067 PUD 84a4f5067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 73 PID: 10299 Comm: modprobe Not tainted 5.6.0-rc5+ #1 Hardware name: Intel Corporation S2600WT2R/S2600WT2R, BIOS SE5C610.86B.01.01.0016.033120161139 03/31/2016 RIP: 0010:__hw_addr_flush+0x12/0x80 Code: 40 00 48 83 c4 08 4c 89 e7 5b 5d 41 5c e9 76 77 18 00 66 0f 1f 44 00 00 0f 1f 44 00 00 41 54 49 89 fc 55 53 48 8b 1f 48 39 df <48> 8b 2b 75 08 eb 4a 48 89 eb 48 89 c5 48 89 df e8 99 bf d0 ff 84 RSP: 0018:ffffb40e08783db8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000002 RDX: ffffb40e00000000 RSI: 0000000000000246 RDI: ffff88ab13662298 RBP: ffff88ab13662000 R08: 0000000000001549 R09: 0000000000001549 R10: 0000000000000001 R11: 0000000000aaaaaa R12: ffff88ab13662298 R13: ffff88ab1b259e20 R14: ffff88ab1b259e42 R15: 0000000000000000 FS: 00007fb39b534740(0000) GS:ffff88b31f940000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000084d3ea004 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dev_addr_flush+0x15/0x30 free_netdev+0x7e/0x130 hfi1_netdev_free+0x59/0x70 [hfi1] remove_one+0x65/0x110 [hfi1] pci_device_remove+0x3b/0xc0 device_release_driver_internal+0xec/0x1b0 driver_detach+0x46/0x90 bus_remove_driver+0x58/0xd0 pci_unregister_driver+0x26/0xa0 hfi1_mod_cleanup+0xc/0xd54 [hfi1] __x64_sys_delete_module+0x16c/0x260 ? exit_to_usermode_loop+0xa4/0xc0 do_syscall_64+0x5b/0x200 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 193ba03141bb ("IB/hfi1: Use free_netdev() in hfi1_netdev_free()") Link: https://lore.kernel.org/r/20200623203224.106975.16926.stgit@awfm-01.aw.intel.com Reviewed-by: Mike Marciniszyn Signed-off-by: Kaike Wan Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit 016983d138cbe99a5c0aaae0103ee88f5300beb3 Author: Chu Lin Date: Tue Jun 23 22:13:08 2020 +0000 hwmon: (max6697) Make sure the OVERT mask is set correctly Per the datasheet for max6697, OVERT mask and ALERT mask are different. For example, the 7th bit of OVERT is the local channel but for alert mask, the 6th bit is the local channel. Therefore, we can't apply the same mask for both registers. In addition to that, the max6697 driver is supposed to be compatibale with different models. I manually went over all the listed chips and made sure all chip types have the same layout. Testing; mask value of 0x9 should map to 0x44 for ALERT and 0x84 for OVERT. I used iotool to read the reg value back to verify. I only tested this change on max6581. Reference: https://datasheets.maximintegrated.com/en/ds/MAX6581.pdf https://datasheets.maximintegrated.com/en/ds/MAX6697.pdf https://datasheets.maximintegrated.com/en/ds/MAX6699.pdf Signed-off-by: Chu Lin Fixes: 5372d2d71c46e ("hwmon: Driver for Maxim MAX6697 and compatibles") Signed-off-by: Guenter Roeck commit c31244669f57963b6ce133a5555b118fc50aec95 Author: Sagi Grimberg Date: Wed Jun 24 01:53:12 2020 -0700 nvme-multipath: fix bogus request queue reference put The mpath disk node takes a reference on the request mpath request queue when adding live path to the mpath gendisk. However if we connected to an inaccessible path device_add_disk is not called, so if we disconnect and remove the mpath gendisk we endup putting an reference on the request queue that was never taken [1]. Fix that to check if we ever added a live path (using NVME_NS_HEAD_HAS_DISK flag) and if not, clear the disk->queue reference. [1]: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 1 PID: 1372 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0 CPU: 1 PID: 1372 Comm: nvme Tainted: G O 5.7.0-rc2+ #3 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1 04/01/2014 RIP: 0010:refcount_warn_saturate+0xa6/0xf0 RSP: 0018:ffffb29e8053bdc0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff8b7a2f4fc060 RCX: 0000000000000007 RDX: 0000000000000007 RSI: 0000000000000092 RDI: ffff8b7a3ec99980 RBP: ffff8b7a2f4fc000 R08: 00000000000002e1 R09: 0000000000000004 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: fffffffffffffff2 R14: ffffb29e8053bf08 R15: ffff8b7a320e2da0 FS: 00007f135d4ca800(0000) GS:ffff8b7a3ec80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005651178c0c30 CR3: 000000003b650005 CR4: 0000000000360ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: disk_release+0xa2/0xc0 device_release+0x28/0x80 kobject_put+0xa5/0x1b0 nvme_put_ns_head+0x26/0x70 [nvme_core] nvme_put_ns+0x30/0x60 [nvme_core] nvme_remove_namespaces+0x9b/0xe0 [nvme_core] nvme_do_delete_ctrl+0x43/0x5c [nvme_core] nvme_sysfs_delete.cold+0x8/0xd [nvme_core] kernfs_fop_write+0xc1/0x1a0 vfs_write+0xb6/0x1a0 ksys_write+0x5f/0xe0 do_syscall_64+0x52/0x1a0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reported-by: Anton Eidelman Tested-by: Anton Eidelman Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit d8a22f85609fadb46ba699e0136cc3ebdeebff79 Author: Anton Eidelman Date: Wed Jun 24 01:53:11 2020 -0700 nvme-multipath: fix deadlock due to head->lock In the following scenario scan_work and ana_work will deadlock: When scan_work calls nvme_mpath_add_disk() this holds ana_lock and invokes nvme_parse_ana_log(), which may issue IO in device_add_disk() and hang waiting for an accessible path. While nvme_mpath_set_live() only called when nvme_state_is_live(), a transition may cause NVME_SC_ANA_TRANSITION and requeue the IO. Since nvme_mpath_set_live() holds ns->head->lock, an ana_work on ANY ctrl will not be able to complete nvme_mpath_set_live() on the same ns->head, which is required in order to update the new accessible path and remove NVME_NS_ANA_PENDING.. Therefore IO never completes: deadlock [1]. Fix: Move device_add_disk out of the head->lock and protect it with an atomic test_and_set for a new NVME_NS_HEAD_HAS_DISK bit. [1]: kernel: INFO: task kworker/u8:2:160 blocked for more than 120 seconds. kernel: Tainted: G OE 5.3.5-050305-generic #201910071830 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kernel: kworker/u8:2 D 0 160 2 0x80004000 kernel: Workqueue: nvme-wq nvme_ana_work [nvme_core] kernel: Call Trace: kernel: __schedule+0x2b9/0x6c0 kernel: schedule+0x42/0xb0 kernel: schedule_preempt_disabled+0xe/0x10 kernel: __mutex_lock.isra.0+0x182/0x4f0 kernel: __mutex_lock_slowpath+0x13/0x20 kernel: mutex_lock+0x2e/0x40 kernel: nvme_update_ns_ana_state+0x22/0x60 [nvme_core] kernel: nvme_update_ana_state+0xca/0xe0 [nvme_core] kernel: nvme_parse_ana_log+0xa1/0x180 [nvme_core] kernel: nvme_read_ana_log+0x76/0x100 [nvme_core] kernel: nvme_ana_work+0x15/0x20 [nvme_core] kernel: process_one_work+0x1db/0x380 kernel: worker_thread+0x4d/0x400 kernel: kthread+0x104/0x140 kernel: ret_from_fork+0x35/0x40 kernel: INFO: task kworker/u8:4:439 blocked for more than 120 seconds. kernel: Tainted: G OE 5.3.5-050305-generic #201910071830 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kernel: kworker/u8:4 D 0 439 2 0x80004000 kernel: Workqueue: nvme-wq nvme_scan_work [nvme_core] kernel: Call Trace: kernel: __schedule+0x2b9/0x6c0 kernel: schedule+0x42/0xb0 kernel: io_schedule+0x16/0x40 kernel: do_read_cache_page+0x438/0x830 kernel: read_cache_page+0x12/0x20 kernel: read_dev_sector+0x27/0xc0 kernel: read_lba+0xc1/0x220 kernel: efi_partition+0x1e6/0x708 kernel: check_partition+0x154/0x244 kernel: rescan_partitions+0xae/0x280 kernel: __blkdev_get+0x40f/0x560 kernel: blkdev_get+0x3d/0x140 kernel: __device_add_disk+0x388/0x480 kernel: device_add_disk+0x13/0x20 kernel: nvme_mpath_set_live+0x119/0x140 [nvme_core] kernel: nvme_update_ns_ana_state+0x5c/0x60 [nvme_core] kernel: nvme_mpath_add_disk+0xbe/0x100 [nvme_core] kernel: nvme_validate_ns+0x396/0x940 [nvme_core] kernel: nvme_scan_work+0x256/0x390 [nvme_core] kernel: process_one_work+0x1db/0x380 kernel: worker_thread+0x4d/0x400 kernel: kthread+0x104/0x140 kernel: ret_from_fork+0x35/0x40 Fixes: 0d0b660f214d ("nvme: add ANA support") Signed-off-by: Anton Eidelman Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit e164471dcf19308d154adb69e7760d8ba426a77f Author: Sagi Grimberg Date: Wed Jun 24 01:53:10 2020 -0700 nvme: don't protect ns mutation with ns->head->lock Right now ns->head->lock is protecting namespace mutation which is wrong and unneeded. Move it to only protect against head mutations. While we're at it, remove unnecessary ns->head reference as we already have head pointer. The problem with this is that the head->lock spans mpath disk node I/O that may block under some conditions (if for example the controller is disconnecting or the path became inaccessible), The locking scheme does not allow any other path to enable itself, preventing blocked I/O to complete and forward-progress from there. This is a preparation patch for the fix in a subsequent patch where the disk I/O will also be done outside the head->lock. Fixes: 0d0b660f214d ("nvme: add ANA support") Signed-off-by: Anton Eidelman Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit 489dd102a2c7c94d783a35f9412eb085b8da1aa4 Author: Anton Eidelman Date: Wed Jun 24 01:53:09 2020 -0700 nvme-multipath: fix deadlock between ana_work and scan_work When scan_work calls nvme_mpath_add_disk() this holds ana_lock and invokes nvme_parse_ana_log(), which may issue IO in device_add_disk() and hang waiting for an accessible path. While nvme_mpath_set_live() only called when nvme_state_is_live(), a transition may cause NVME_SC_ANA_TRANSITION and requeue the IO. In order to recover and complete the IO ana_work on the same ctrl should be able to update the path state and remove NVME_NS_ANA_PENDING. The deadlock occurs because scan_work keeps holding ana_lock, so ana_work hangs [1]. Fix: Now nvme_mpath_add_disk() uses nvme_parse_ana_log() to obtain a copy of the ANA group desc, and then calls nvme_update_ns_ana_state() without holding ana_lock. [1]: kernel: Workqueue: nvme-wq nvme_scan_work [nvme_core] kernel: Call Trace: kernel: __schedule+0x2b9/0x6c0 kernel: schedule+0x42/0xb0 kernel: io_schedule+0x16/0x40 kernel: do_read_cache_page+0x438/0x830 kernel: read_cache_page+0x12/0x20 kernel: read_dev_sector+0x27/0xc0 kernel: read_lba+0xc1/0x220 kernel: efi_partition+0x1e6/0x708 kernel: check_partition+0x154/0x244 kernel: rescan_partitions+0xae/0x280 kernel: __blkdev_get+0x40f/0x560 kernel: blkdev_get+0x3d/0x140 kernel: __device_add_disk+0x388/0x480 kernel: device_add_disk+0x13/0x20 kernel: nvme_mpath_set_live+0x119/0x140 [nvme_core] kernel: nvme_update_ns_ana_state+0x5c/0x60 [nvme_core] kernel: nvme_set_ns_ana_state+0x1e/0x30 [nvme_core] kernel: nvme_parse_ana_log+0xa1/0x180 [nvme_core] kernel: nvme_mpath_add_disk+0x47/0x90 [nvme_core] kernel: nvme_validate_ns+0x396/0x940 [nvme_core] kernel: nvme_scan_work+0x24f/0x380 [nvme_core] kernel: process_one_work+0x1db/0x380 kernel: worker_thread+0x249/0x400 kernel: kthread+0x104/0x140 kernel: Workqueue: nvme-wq nvme_ana_work [nvme_core] kernel: Call Trace: kernel: __schedule+0x2b9/0x6c0 kernel: schedule+0x42/0xb0 kernel: schedule_preempt_disabled+0xe/0x10 kernel: __mutex_lock.isra.0+0x182/0x4f0 kernel: ? __switch_to_asm+0x34/0x70 kernel: ? select_task_rq_fair+0x1aa/0x5c0 kernel: ? kvm_sched_clock_read+0x11/0x20 kernel: ? sched_clock+0x9/0x10 kernel: __mutex_lock_slowpath+0x13/0x20 kernel: mutex_lock+0x2e/0x40 kernel: nvme_read_ana_log+0x3a/0x100 [nvme_core] kernel: nvme_ana_work+0x15/0x20 [nvme_core] kernel: process_one_work+0x1db/0x380 kernel: worker_thread+0x4d/0x400 kernel: kthread+0x104/0x140 kernel: ? process_one_work+0x380/0x380 kernel: ? kthread_park+0x80/0x80 kernel: ret_from_fork+0x35/0x40 Fixes: 0d0b660f214d ("nvme: add ANA support") Signed-off-by: Anton Eidelman Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit 3b4b19721ec652ad2c4fe51dfbe5124212b5f581 Author: Sagi Grimberg Date: Wed Jun 24 01:53:08 2020 -0700 nvme: fix possible deadlock when I/O is blocked Revert fab7772bfbcf ("nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns") When adding a new namespace to the head disk (via nvme_mpath_set_live) we will see partition scan which triggers I/O on the mpath device node. This process will usually be triggered from the scan_work which holds the scan_lock. If I/O blocks (if we got ana change currently have only available paths but none are accessible) this can deadlock on the head disk bd_mutex as both partition scan I/O takes it, and head disk revalidation takes it to check for resize (also triggered from scan_work on a different path). See trace [1]. The mpath disk revalidation was originally added to detect online disk size change, but this is no longer needed since commit cb224c3af4df ("nvme: Convert to use set_capacity_revalidate_and_notify") which already updates resize info without unnecessarily revalidating the disk (the mpath disk doesn't even implement .revalidate_disk fop). [1]: -- kernel: INFO: task kworker/u65:9:494 blocked for more than 241 seconds. kernel: Tainted: G OE 5.3.5-050305-generic #201910071830 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kernel: kworker/u65:9 D 0 494 2 0x80004000 kernel: Workqueue: nvme-wq nvme_scan_work [nvme_core] kernel: Call Trace: kernel: __schedule+0x2b9/0x6c0 kernel: schedule+0x42/0xb0 kernel: schedule_preempt_disabled+0xe/0x10 kernel: __mutex_lock.isra.0+0x182/0x4f0 kernel: __mutex_lock_slowpath+0x13/0x20 kernel: mutex_lock+0x2e/0x40 kernel: revalidate_disk+0x63/0xa0 kernel: __nvme_revalidate_disk+0xfe/0x110 [nvme_core] kernel: nvme_revalidate_disk+0xa4/0x160 [nvme_core] kernel: ? evict+0x14c/0x1b0 kernel: revalidate_disk+0x2b/0xa0 kernel: nvme_validate_ns+0x49/0x940 [nvme_core] kernel: ? blk_mq_free_request+0xd2/0x100 kernel: ? __nvme_submit_sync_cmd+0xbe/0x1e0 [nvme_core] kernel: nvme_scan_work+0x24f/0x380 [nvme_core] kernel: process_one_work+0x1db/0x380 kernel: worker_thread+0x249/0x400 kernel: kthread+0x104/0x140 kernel: ? process_one_work+0x380/0x380 kernel: ? kthread_park+0x80/0x80 kernel: ret_from_fork+0x1f/0x40 ... kernel: INFO: task kworker/u65:1:2630 blocked for more than 241 seconds. kernel: Tainted: G OE 5.3.5-050305-generic #201910071830 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kernel: kworker/u65:1 D 0 2630 2 0x80004000 kernel: Workqueue: nvme-wq nvme_scan_work [nvme_core] kernel: Call Trace: kernel: __schedule+0x2b9/0x6c0 kernel: schedule+0x42/0xb0 kernel: io_schedule+0x16/0x40 kernel: do_read_cache_page+0x438/0x830 kernel: ? __switch_to_asm+0x34/0x70 kernel: ? file_fdatawait_range+0x30/0x30 kernel: read_cache_page+0x12/0x20 kernel: read_dev_sector+0x27/0xc0 kernel: read_lba+0xc1/0x220 kernel: ? kmem_cache_alloc_trace+0x19c/0x230 kernel: efi_partition+0x1e6/0x708 kernel: ? vsnprintf+0x39e/0x4e0 kernel: ? snprintf+0x49/0x60 kernel: check_partition+0x154/0x244 kernel: rescan_partitions+0xae/0x280 kernel: __blkdev_get+0x40f/0x560 kernel: blkdev_get+0x3d/0x140 kernel: __device_add_disk+0x388/0x480 kernel: device_add_disk+0x13/0x20 kernel: nvme_mpath_set_live+0x119/0x140 [nvme_core] kernel: nvme_update_ns_ana_state+0x5c/0x60 [nvme_core] kernel: nvme_set_ns_ana_state+0x1e/0x30 [nvme_core] kernel: nvme_parse_ana_log+0xa1/0x180 [nvme_core] kernel: ? nvme_update_ns_ana_state+0x60/0x60 [nvme_core] kernel: nvme_mpath_add_disk+0x47/0x90 [nvme_core] kernel: nvme_validate_ns+0x396/0x940 [nvme_core] kernel: ? blk_mq_free_request+0xd2/0x100 kernel: nvme_scan_work+0x24f/0x380 [nvme_core] kernel: process_one_work+0x1db/0x380 kernel: worker_thread+0x249/0x400 kernel: kthread+0x104/0x140 kernel: ? process_one_work+0x380/0x380 kernel: ? kthread_park+0x80/0x80 kernel: ret_from_fork+0x1f/0x40 -- Fixes: fab7772bfbcf ("nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns") Signed-off-by: Anton Eidelman Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit 032a9966a22a3596addf81dacf0c1736dfedc32a Author: Max Gurtovoy Date: Tue Jun 23 17:55:25 2020 +0300 nvme-rdma: assign completion vector correctly The completion vector index that is given during CQ creation can't exceed the number of support vectors by the underlying RDMA device. This violation currently can accure, for example, in case one will try to connect with N regular read/write queues and M poll queues and the sum of N + M > num_supported_vectors. This will lead to failure in establish a connection to remote target. Instead, in that case, share a completion vector between queues. Signed-off-by: Max Gurtovoy Signed-off-by: Christoph Hellwig commit 1b4ad7a50ab06573aa8841217d6a472dc1db2d85 Author: Max Gurtovoy Date: Tue Jun 16 12:34:25 2020 +0300 nvme-loop: initialize tagset numa value to the value of the ctrl Both admin's and drive's tagsets should be set according the numa node of the controller. Signed-off-by: Max Gurtovoy Signed-off-by: Christoph Hellwig commit 610c823510f7d05a4ddb7bba00893e455bbef9dc Author: Max Gurtovoy Date: Tue Jun 16 12:34:24 2020 +0300 nvme-tcp: initialize tagset numa value to the value of the ctrl Both admin's and drive's tagsets should be set according the numa node of the controller. Signed-off-by: Max Gurtovoy Signed-off-by: Christoph Hellwig commit d4ec47f120537c75184c3dc939d3b2e1bcc8b260 Author: Max Gurtovoy Date: Tue Jun 16 12:34:23 2020 +0300 nvme-pci: initialize tagset numa value to the value of the ctrl Both admin's and drive's tagsets should be set according the numa node of the controller. Signed-off-by: Max Gurtovoy Signed-off-by: Christoph Hellwig commit 635333e400e2e678258ea45232415cdadadd7818 Author: Max Gurtovoy Date: Tue Jun 16 12:34:22 2020 +0300 nvme-pci: override the value of the controller's numa node Set the node value according to the PCI device numa node. Signed-off-by: Max Gurtovoy Signed-off-by: Christoph Hellwig commit 4fea243ebce40e2e4193d7d25eabfd963c46ef8c Author: Max Gurtovoy Date: Tue Jun 16 12:34:21 2020 +0300 nvme: set initial value for controller's numa node Initialize the node to NUMA_NO_NODE value. Transports that are aware of numa node affinity can override it (e.g. RDMA transport set the affinity according to the RDMA HCA). Signed-off-by: Max Gurtovoy Signed-off-by: Christoph Hellwig commit ea0efd687b01355cd799c8643d0c636ba4859ffc Author: Yoshihiro Shimoda Date: Thu Jun 18 21:11:17 2020 +0900 usb: renesas_usbhs: getting residue from callback_result This driver assumed that dmaengine_tx_status() could return the residue even if the transfer was completed. However, this was not correct usage [1] and this caused to break getting the residue after the commit 24461d9792c2 ("dmaengine: virt-dma: Fix access after free in vchan_complete()") actually. So, this is possible to get wrong received size if the usb controller gets a short packet. For example, g_zero driver causes "bad OUT byte" errors. The usb-dmac driver will support the callback_result, so this driver can use it to get residue correctly. Note that even if the usb-dmac driver has not supported the callback_result yet, this patch doesn't cause any side-effects. [1] https://lore.kernel.org/dmaengine/20200616165550.GP2324254@vkoul-mobl/ Reported-by: Hien Dang Fixes: 24461d9792c2 ("dmaengine: virt-dma: Fix access after free in vchan_complete()") Signed-off-by: Yoshihiro Shimoda Link: https://lore.kernel.org/r/1592482277-19563-1-git-send-email-yoshihiro.shimoda.uh@renesas.com Signed-off-by: Greg Kroah-Hartman commit 0b8eb629a700c0ef15a437758db8255f8444e76c Author: Chengguang Xu Date: Wed Jun 24 18:21:39 2020 +0800 block: release bip in a right way in error path Release bip using kfree() in error path when that was allocated by kmalloc(). Signed-off-by: Chengguang Xu Reviewed-by: Christoph Hellwig Acked-by: Martin K. Petersen Signed-off-by: Jens Axboe commit 35f760b44b1b9cb16a306bdcc7220fbbf78c4789 Author: Denis Efremov Date: Mon Jun 22 23:31:22 2020 +0300 drm/radeon: fix fb_div check in ni_init_smc_spll_table() clk_s is checked twice in a row in ni_init_smc_spll_table(). fb_div should be checked instead. Fixes: 69e0b57a91ad ("drm/radeon/kms: add dpm support for cayman (v5)") Cc: stable@vger.kernel.org Signed-off-by: Denis Efremov Signed-off-by: Alex Deucher commit 9bc5fd71b680ca017d59510b4f402577758b8496 Author: Shuming Fan Date: Tue Jun 23 20:53:12 2020 +0800 ASoC: rt5682: fix the pop noise while OMTP type headset plugin To turn the headphone output switch off during jack type detection, it could avoid the pop noise when jack type switches to OMTP type. Signed-off-by: Shuming Fan Link: https://lore.kernel.org/r/20200623125312.27896-1-shumingf@realtek.com Signed-off-by: Mark Brown commit ad38beb373a14e082f4e64b68c0b6e6b09764680 Author: Anand Moon Date: Tue Jun 23 07:46:37 2020 +0000 Revert "usb: dwc3: exynos: Add support for Exynos5422 suspend clk" This reverts commit 07f6842341abe978e6375078f84506ec3280ece5. Since SCLK_SCLK_USBD300 suspend clock need to be configured for phy module, I wrongly mapped this clock to DWC3 code. Cc: Felipe Balbi Cc: Greg Kroah-Hartman Signed-off-by: Anand Moon Cc: stable Fixes: 07f6842341ab ("usb: dwc3: exynos: Add support for Exynos5422 suspend clk") Link: https://lore.kernel.org/r/20200623074637.756-1-linux.amoon@gmail.com Signed-off-by: Greg Kroah-Hartman commit b3d71abd135e6919ca0b6cab463738472653ddfb Author: Kai-Heng Feng Date: Wed Jun 24 16:59:49 2020 +0300 xhci: Poll for U0 after disabling USB2 LPM USB2 devices with LPM enabled may interrupt the system suspend: [ 932.510475] usb 1-7: usb suspend, wakeup 0 [ 932.510549] hub 1-0:1.0: hub_suspend [ 932.510581] usb usb1: bus suspend, wakeup 0 [ 932.510590] xhci_hcd 0000:00:14.0: port 9 not suspended [ 932.510593] xhci_hcd 0000:00:14.0: port 8 not suspended .. [ 932.520323] xhci_hcd 0000:00:14.0: Port change event, 1-7, id 7, portsc: 0x400e03 .. [ 932.591405] PM: pci_pm_suspend(): hcd_pci_suspend+0x0/0x30 returns -16 [ 932.591414] PM: dpm_run_callback(): pci_pm_suspend+0x0/0x160 returns -16 [ 932.591418] PM: Device 0000:00:14.0 failed to suspend async: error -16 During system suspend, USB core will let HC suspends the device if it doesn't have remote wakeup enabled and doesn't have any children. However, from the log above we can see that the usb 1-7 doesn't get bus suspended due to not in U0. After a while the port finished U2 -> U0 transition, interrupts the suspend process. The observation is that after disabling LPM, port doesn't transit to U0 immediately and can linger in U2. xHCI spec 4.23.5.2 states that the maximum exit latency for USB2 LPM should be BESL + 10us. The BESL for the affected device is advertised as 400us, which is still not enough based on my testing result. So let's use the maximum permitted latency, 10000, to poll for U0 status to solve the issue. Cc: stable@vger.kernel.org Signed-off-by: Kai-Heng Feng Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20200624135949.22611-6-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit f0c472a6da51f9fac15e80fe2fd9c83b68754cff Author: Kai-Heng Feng Date: Wed Jun 24 16:59:48 2020 +0300 xhci: Return if xHCI doesn't support LPM Just return if xHCI is quirked to disable LPM. We can save some time from reading registers and doing spinlocks. Add stable tag as we want this patch together with the next one, "Poll for U0 after disabling USB2 LPM" which fixes a suspend issue for some USB2 LPM devices Cc: stable@vger.kernel.org Signed-off-by: Kai-Heng Feng Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20200624135949.22611-5-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit a24d5072e87457a14023ee1dd3fc8b1e76f899ef Author: Macpaul Lin Date: Wed Jun 24 16:59:47 2020 +0300 usb: host: xhci-mtk: avoid runtime suspend when removing hcd When runtime suspend was enabled, runtime suspend might happen when xhci is removing hcd. This might cause kernel panic when hcd has been freed but runtime pm suspend related handle need to reference it. Signed-off-by: Macpaul Lin Reviewed-by: Chunfeng Yun Cc: stable@vger.kernel.org Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20200624135949.22611-4-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit a73d9d9cfc3cfceabd91fb0b0c13e4062b6dbcd7 Author: Al Cooper Date: Wed Jun 24 16:59:46 2020 +0300 xhci: Fix enumeration issue when setting max packet size for FS devices. Unable to complete the enumeration of a USB TV Tuner device. Per XHCI spec (4.6.5), the EP state field of the input context shall be cleared for a set address command. In the special case of an FS device that has "MaxPacketSize0 = 8", the Linux XHCI driver does not do this before evaluating the context. With an XHCI controller that checks the EP state field for parameter context error this causes a problem in cases such as the device getting reset again after enumeration. When that field is cleared, the problem does not occur. This was found and fixed by Sasi Kumar. Cc: stable@vger.kernel.org Signed-off-by: Al Cooper Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20200624135949.22611-3-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit dceea67058fe22075db3aed62d5cb62092be5053 Author: Mathias Nyman Date: Wed Jun 24 16:59:45 2020 +0300 xhci: Fix incorrect EP_STATE_MASK EP_STATE_MASK should be 0x7 instead of 0xf xhci spec 6.2.3 shows that the EP state field in the endpoint context data structure consist of bits [2:0]. The old value included a bit from the next field which fortunately is a RsvdZ region. So hopefully this hasn't caused too much harm Cc: stable@vger.kernel.org Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20200624135949.22611-2-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit d0b78265cac9d8b5f7d5c97fa44860d6ab952dc8 Author: Peter Chen Date: Tue Jun 23 11:09:18 2020 +0800 usb: cdns3: ep0: add spinlock for cdns3_check_new_setup The other thread may access other endpoints when the cdns3_check_new_setup is handling, add spinlock to protect it. Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") Cc: Reviewed-by: Pawel Laszczak Signed-off-by: Peter Chen Link: https://lore.kernel.org/r/20200623030918.8409-4-peter.chen@nxp.com Signed-off-by: Greg Kroah-Hartman commit 813072b67ee97659807049d014c9d4e36fd62e94 Author: Peter Chen Date: Tue Jun 23 11:09:17 2020 +0800 usb: cdns3: trace: using correct dir value It should use the correct direction value from register, not depends on previous software setting. It fixed the EP number wrong issue at trace when the TRBERR interrupt occurs for EP0IN. When the EP0IN IOC has finished, software prepares the setup packet request, the expected direction is OUT, but at that time, the TRBERR for EP0IN may occur since it is DMULT mode, the DMA does not stop until TRBERR has met. Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") Cc: Reviewed-by: Pawel Laszczak Signed-off-by: Peter Chen Link: https://lore.kernel.org/r/20200623030918.8409-3-peter.chen@nxp.com Signed-off-by: Greg Kroah-Hartman commit c0e2a0341cd8ccd213ffc6c7f9cd52a31466cba9 Author: Peter Chen Date: Tue Jun 23 11:09:16 2020 +0800 usb: cdns3: ep0: fix the test mode set incorrectly The 'tmode' is ctrl->wIndex, changing it as the real test mode value for register assignment. Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") Cc: Reviewed-by: Jun Li Reviewed-by: Pawel Laszczak Signed-off-by: Peter Chen Link: https://lore.kernel.org/r/20200623030918.8409-2-peter.chen@nxp.com Signed-off-by: Greg Kroah-Hartman commit cb944f02d0d8c5a5f38119242325fe26504d33d2 Author: Mark Brown Date: Wed Jun 24 11:49:33 2020 +0100 kselftest: arm64: Remove redundant clean target The arm64 signal tests generate warnings during build since both they and the toplevel lib.mk define a clean target: Makefile:25: warning: overriding recipe for target 'clean' ../../lib.mk:126: warning: ignoring old recipe for target 'clean' Since the inclusion of lib.mk is in the signal Makefile there is no situation where this warning could be avoided so just remove the redundant clean target. Signed-off-by: Mark Brown Link: https://lore.kernel.org/r/20200624104933.21125-1-broonie@kernel.org Signed-off-by: Will Deacon commit f4617be35b4b547e82d30993f56d631dfc2d5f88 Author: Sai Prakash Ranjan Date: Wed Jun 24 18:04:06 2020 +0530 arm64: kpti: Add KRYO{3, 4}XX silver CPU cores to kpti safelist QCOM KRYO{3,4}XX silver/LITTLE CPU cores are based on Cortex-A55 and are meltdown safe, hence add them to kpti_safe_list[]. Signed-off-by: Sai Prakash Ranjan Link: https://lore.kernel.org/r/20200624123406.3472-1-saiprakash.ranjan@codeaurora.org Signed-off-by: Will Deacon commit 2d21889f8b5c50f65f5162bc972b0b1626b97be2 Author: Jean-Philippe Brucker Date: Wed Jun 24 13:22:54 2020 +0200 arm64: Don't insert a BTI instruction at inner labels Some ftrace features are broken since commit 714a8d02ca4d ("arm64: asm: Override SYM_FUNC_START when building the kernel with BTI"). For example the function_graph tracer: $ echo function_graph > /sys/kernel/debug/tracing/current_tracer [ 36.107016] WARNING: CPU: 0 PID: 115 at kernel/trace/ftrace.c:2691 ftrace_modify_all_code+0xc8/0x14c When ftrace_modify_graph_caller() attempts to write a branch at ftrace_graph_call, it finds the "BTI J" instruction inserted by SYM_INNER_LABEL() instead of a NOP, and aborts. It turns out we don't currently need the BTI landing pads inserted by SYM_INNER_LABEL: * ftrace_call and ftrace_graph_call are only used for runtime patching of the active tracer. The patched code is not reached from a branch. * install_el2_stub is reached from a CBZ instruction, which doesn't change PSTATE.BTYPE. * __guest_exit is reached from B instructions in the hyp-entry vectors, which aren't subject to BTI checks either. Remove the BTI annotation from SYM_INNER_LABEL. Fixes: 714a8d02ca4d ("arm64: asm: Override SYM_FUNC_START when building the kernel with BTI") Signed-off-by: Jean-Philippe Brucker Reviewed-by: Mark Brown Link: https://lore.kernel.org/r/20200624112253.1602786-1-jean-philippe@linaro.org Signed-off-by: Will Deacon commit e56404e8e475c91489b2cca57f2c1b2bc5edf6b2 Author: Alexander Popov Date: Wed Jun 24 15:33:28 2020 +0300 arm64: vdso: Don't use gcc plugins for building vgettimeofday.c Don't use gcc plugins for building arch/arm64/kernel/vdso/vgettimeofday.c to avoid unneeded instrumentation. Signed-off-by: Alexander Popov Link: https://lore.kernel.org/r/20200624123330.83226-4-alex.popov@linux.com Signed-off-by: Will Deacon commit fdc355a03df537bc8d8909b86d1688fe07c7032b Author: Tiezhu Yang Date: Mon May 25 21:08:57 2020 +0800 phy: rockchip: Fix return value of inno_dsidphy_probe() When call function devm_platform_ioremap_resource(), we should use IS_ERR() to check the return value and return PTR_ERR() if failed. Fixes: b7535a3bc0ba ("phy/rockchip: Add support for Innosilicon MIPI/LVDS/TTL PHY") Signed-off-by: Tiezhu Yang Reviewed-by: Heiko Stuebner Link: https://lore.kernel.org/r/1590412138-13903-1-git-send-email-yangtiezhu@loongson.cn Signed-off-by: Vinod Koul commit 5a72122dcfd921940ce877963ddd7be4b089adf2 Author: Rikard Falkeborn Date: Sun May 24 11:55:16 2020 +0200 phy: ti: j721e-wiz: Constify structs clk_div_table and wiz_regmap_config are not modified and can therefore be made const to allow the compiler to put them in read-only memory. Before: text data bss dec hex filename 20265 7044 64 27373 6aed drivers/phy/ti/phy-j721e-wiz.o After: text data bss dec hex filename 20649 6660 64 27373 6aed drivers/phy/ti/phy-j721e-wiz.o Signed-off-by: Rikard Falkeborn Link: https://lore.kernel.org/r/20200524095516.25227-3-rikard.falkeborn@gmail.com Signed-off-by: Vinod Koul commit 0cb5ebc749fde8562fb876f92ac5cc6e92bd89fb Author: Rikard Falkeborn Date: Sun May 24 11:55:15 2020 +0200 phy: ti: am654-serdes: Constify regmap_config regmap_config is not modified and can be made static to allow the compiler to put it in read-only memory. Before: text data bss dec hex filename 12328 3644 64 16036 3ea4 drivers/phy/ti/phy-am654-serdes.o After: text data bss dec hex filename 12648 3324 64 16036 3ea4 drivers/phy/ti/phy-am654-serdes.o Signed-off-by: Rikard Falkeborn Link: https://lore.kernel.org/r/20200524095516.25227-2-rikard.falkeborn@gmail.com Signed-off-by: Vinod Koul commit 220345e98f1cdc768eeb6e3364a0fa7ab9647fe7 Author: Takashi Iwai Date: Wed Jun 24 14:23:40 2020 +0200 ALSA: usb-audio: Fix OOB access of mixer element list The USB-audio mixer code holds a linked list of usb_mixer_elem_list, and several operations are performed for each mixer element. A few of them (snd_usb_mixer_notify_id() and snd_usb_mixer_interrupt_v2()) assume each mixer element being a usb_mixer_elem_info object that is a subclass of usb_mixer_elem_list, cast via container_of() and access it members. This may result in an out-of-bound access when a non-standard list element has been added, as spotted by syzkaller recently. This patch adds a new field, is_std_info, in usb_mixer_elem_list to indicate that the element is the usb_mixer_elem_info type or not, and skip the access to such an element if needed. Reported-by: syzbot+fb14314433463ad51625@syzkaller.appspotmail.com Reported-by: syzbot+2405ca3401e943c538b5@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/20200624122340.9615-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit 49a3b0e1c05ab3601100a723f7ea207dc99a492a Author: Will Deacon Date: Wed Jun 24 13:23:10 2020 +0100 arm64: vdso: Only pass --no-eh-frame-hdr when linker supports it Commit 87676cfca141 ("arm64: vdso: Disable dwarf unwinding through the sigreturn trampoline") unconditionally passes the '--no-eh-frame-hdr' option to the linker when building the native vDSO in an attempt to prevent generation of the .eh_frame_hdr section, the presence of which has been implicated in segfaults originating from the libgcc unwinder. Unfortunately, not all versions of binutils support this option, which has been shown to cause build failures in linux-next: | CALL scripts/atomic/check-atomics.sh | CALL scripts/checksyscalls.sh | LD arch/arm64/kernel/vdso/vdso.so.dbg | ld: unrecognized option '--no-eh-frame-hdr' | ld: use the --help option for usage information | arch/arm64/kernel/vdso/Makefile:64: recipe for target | 'arch/arm64/kernel/vdso/vdso.so.dbg' failed | make[1]: *** [arch/arm64/kernel/vdso/vdso.so.dbg] Error 1 | arch/arm64/Makefile:175: recipe for target 'vdso_prepare' failed | make: *** [vdso_prepare] Error 2 Only link the vDSO with '--no-eh-frame-hdr' when the linker supports it. If we end up with the section due to linker defaults, the absence of CFI information in the sigreturn trampoline will prevent the unwinder from breaking. Link: https://lore.kernel.org/r/7a7e31a8-9a7b-2428-ad83-2264f20bdc2d@hisilicon.com Fixes: 87676cfca141 ("arm64: vdso: Disable dwarf unwinding through the sigreturn trampoline") Reported-by: Shaokun Zhang Tested-by: Jon Hunter Signed-off-by: Will Deacon commit 6153224bef8b218ecf9bf541b6154ff72fc4c54b Author: Arnd Bergmann Date: Wed May 27 15:45:06 2020 +0200 phy: intel: fix enum type mismatch warning clang points out that a local variable is initialized with an enum value of the wrong type: drivers/phy/intel/phy-intel-combo.c:202:34: error: implicit conversion from enumeration type 'enum intel_phy_mode' to different enumeration type 'enum intel_combo_mode' [-Werror,-Wenum-conversion] enum intel_combo_mode cb_mode = PHY_PCIE_MODE; ~~~~~~~ ^~~~~~~~~~~~~ >From reading the code, it seems that this was not only the wrong type, but not even supposed to be a code path that can happen in practice. Change the code to have no default phy mode but instead return an error for invalid input. Fixes: ac0a95a3ea78 ("phy: intel: Add driver support for ComboPhy") Signed-off-by: Arnd Bergmann Reviewed-by: Dilip Kota Reviewed-by: Nathan Chancellor Link: https://lore.kernel.org/r/20200527134518.908624-1-arnd@arndb.de Signed-off-by: Vinod Koul commit 76e242c284521a0129a4c312093fb0ab102b704a Author: Dilip Kota Date: Wed May 27 18:56:53 2020 +0800 phy: intel: Fix compilation error on FIELD_PREP usage FIELD_PREP expects constant arguments. Istead of doing FIELD_PREP operation on the arguments of combo_phy_w32_off_mask(), pass the final FIELD_PREP value as an argument. Error reported as: In file included from include/linux/build_bug.h:5, from include/linux/bitfield.h:10, from drivers/phy/intel/phy-intel-combo.c:8: drivers/phy/intel/phy-intel-combo.c: In function 'combo_phy_w32_off_mask': include/linux/bitfield.h:52:28: warning: comparison is always false due to limited range of data type [-Wtype-limits] include/linux/compiler.h:350:38: error: call to '__compiletime_assert_37' declared with attribute error: FIELD_PREP: mask is not constant 94 | __BF_FIELD_CHECK(_mask, 0ULL, _val, "FIELD_PREP: "); | ^~~~~~~~~~~~~~~~ drivers/phy/intel/phy-intel-combo.c:137:13: note: in expansion of macro 'FIELD_PREP' 137 | reg_val |= FIELD_PREP(mask, val); | ^~~~~~~~~~ ../include/linux/compiler.h:392:38: error: call to__compiletime_assert_137 declared with attribute error: BUILD_BUG_ON failed: (((mask) + (1ULL << (__builtin_ffsll(mask) - 1))) & (((mask) + (1ULL << (__builtin_ffsll(mask) - 1))) - 1)) != 0 _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ../include/linux/bitfield.h:94:3: note: in expansion of macro __BF_FIELD_CHECK __BF_FIELD_CHECK(_mask, 0ULL, _val, "FIELD_PREP: "); \ ^~~~~~~~~~~~~~~~ ../drivers/phy/intel/phy-intel-combo.c:137:13: note: in expansion of macro FIELD_PREP reg_val |= FIELD_PREP(mask, val); ^~~~~~~~~~ Fixes: ac0a95a3ea78 ("phy: intel: Add driver support for ComboPhy") Reported-by: kbuild test robot Reported-by: Randy Dunlap Signed-off-by: Dilip Kota Acked-by: Randy Dunlap # build-tested Link: https://lore.kernel.org/r/8a309dd3c238efbaa59d1649704255d6f8b6c9c5.1590575358.git.eswara.kota@linux.intel.com Signed-off-by: Vinod Koul commit 5b78fac4b1ba731cf4177fdbc1e3a4661521bcd0 Author: Dinghao Liu Date: Wed Jun 24 14:46:26 2020 +0800 dmaengine: tegra210-adma: Fix runtime PM imbalance on error pm_runtime_get_sync() increments the runtime PM usage counter even when it returns an error code. Thus a pairing decrement is needed on the error handling path to keep the counter balanced. Signed-off-by: Dinghao Liu Reviewed-by: Jon Hunter Link: https://lore.kernel.org/r/20200624064626.19855-1-dinghao.liu@zju.edu.cn Signed-off-by: Vinod Koul commit ce04326edd59d7902d7ef3a9d853864096e0cd1a Author: Omer Shpigelman Date: Tue Jun 16 17:56:27 2020 +0300 habanalabs: increase h/w timer when checking idle In GAUDI the current timer value for the hardware to check if it is in IDLE state is too low. As a result, there are occasions where the H/W wrongly reports it is not IDLE. The driver checks that before submitting work on behalf of the driver during initialization, so a false report might cause the driver to fail during device initialization. Signed-off-by: Omer Shpigelman Signed-off-by: Oded Gabbay commit 1ee1369b46de1083238fced60ff718f59de4b8aa Author: James Hilliard Date: Tue Jun 23 13:24:15 2020 -0600 HID: quirks: Ignore Simply Automated UPB PIM As this is a cypress HID->COM RS232 style device that is handled by the cypress_M8 driver we also need to add it to the ignore list in hid-quirks. Cc: stable Signed-off-by: James Hilliard Signed-off-by: Jiri Kosina commit a5d81646fa294eed57786a9310b06ca48902adf8 Author: Hans de Goede Date: Sat Jun 20 14:32:29 2020 +0200 HID: apple: Disable Fn-key key-re-mapping on clone keyboards The Maxxter KB-BT-001 Bluetooth keyboard, which looks somewhat like the Apple Wireless Keyboard, is using the vendor and product IDs (05AC:0239) of the Apple Wireless Keyboard (2009 ANSI version) . But its F1 - F10 keys are marked as sending F1 - F10, not the special functions hid-apple.c maps them too; and since its descriptors do not contain the HID_UP_CUSTOM | 0x0003 usage apple-hid looks for for the Fn-key, apple_setup_input() never gets called, so F1 - F6 are mapped to key-codes which have not been set in the keybit array causing them to not send any events at all. The lack of a usage code matching the Fn key in the clone is actually useful as this allows solving this problem in a generic way. This commits adds a fn_found flag and it adds a input_configured callback which checks if this flag is set once all usages have been mapped. If it is not set, then assume this is a clone and clear the quirks bitmap so that the hid-apple code does not add any special handling to this keyboard. This fixes F1 - F6 not sending anything at all and F7 - F12 sending the wrong codes on the Maxxter KB-BT-001 Bluetooth keyboard and on similar clones. Cc: Joao Moreno Signed-off-by: Hans de Goede Signed-off-by: Jiri Kosina commit a06bb885cf3d812ebfd45c6300e503690a762955 Author: David Rheinsberg Date: Fri Jun 19 16:57:59 2020 +0200 MAINTAINERS: update uhid and hid-wiimote entry My last name changed to "Rheinsberg", so update the maintainer entries and adjust the emails while at it. Signed-off-by: David Rheinsberg Signed-off-by: David Herrmann Signed-off-by: Jiri Kosina commit 8995aa3d164ddd9200e6abcf25c449cf5298c858 Author: Krzysztof Kozlowski Date: Thu Jun 11 15:21:05 2020 +0200 dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler On Toradex Colibri VF50 (Vybrid VF5xx) with fsl-edma driver NULL pointer exception happens occasionally on serial output initiated by login timeout. This was reproduced only if kernel was built with significant debugging options and EDMA driver is used with serial console. Issue looks like a race condition between interrupt handler fsl_edma_tx_handler() (called as a result of fsl_edma_xfer_desc()) and terminating the transfer with fsl_edma_terminate_all(). The fsl_edma_tx_handler() handles interrupt for a transfer with already freed edesc and idle==true. The mcf-edma driver shares design and lot of code with fsl-edma. It looks like being affected by same problem. Fix this pattern the same way as fix for fsl-edma driver. Fixes: e7a3ff92eaf1 ("dmaengine: fsl-edma: add ColdFire mcf5441x edma support") Cc: Signed-off-by: Krzysztof Kozlowski Reviewed-by: Robin Gong Link: https://lore.kernel.org/r/1591881665-25592-1-git-send-email-krzk@kernel.org Signed-off-by: Vinod Koul commit f5e5677c420346b4e9788051c2e4d750996c428c Author: Krzysztof Kozlowski Date: Thu Jun 11 14:17:41 2020 +0200 dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler NULL pointer exception happens occasionally on serial output initiated by login timeout. This was reproduced only if kernel was built with significant debugging options and EDMA driver is used with serial console. col-vf50 login: root Password: Login timed out after 60 seconds. Unable to handle kernel NULL pointer dereference at virtual address 00000044 Internal error: Oops: 5 [#1] ARM CPU: 0 PID: 157 Comm: login Not tainted 5.7.0-next-20200610-dirty #4 Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree) (fsl_edma_tx_handler) from [<8016eb10>] (__handle_irq_event_percpu+0x64/0x304) (__handle_irq_event_percpu) from [<8016eddc>] (handle_irq_event_percpu+0x2c/0x7c) (handle_irq_event_percpu) from [<8016ee64>] (handle_irq_event+0x38/0x5c) (handle_irq_event) from [<801729e4>] (handle_fasteoi_irq+0xa4/0x160) (handle_fasteoi_irq) from [<8016ddcc>] (generic_handle_irq+0x34/0x44) (generic_handle_irq) from [<8016e40c>] (__handle_domain_irq+0x54/0xa8) (__handle_domain_irq) from [<80508bc8>] (gic_handle_irq+0x4c/0x80) (gic_handle_irq) from [<80100af0>] (__irq_svc+0x70/0x98) Exception stack(0x8459fe80 to 0x8459fec8) fe80: 72286b00 e3359f64 00000001 0000412d a0070013 85c98840 85c98840 a0070013 fea0: 8054e0d4 00000000 00000002 00000000 00000002 8459fed0 8081fbe8 8081fbec fec0: 60070013 ffffffff (__irq_svc) from [<8081fbec>] (_raw_spin_unlock_irqrestore+0x30/0x58) (_raw_spin_unlock_irqrestore) from [<8056cb48>] (uart_flush_buffer+0x88/0xf8) (uart_flush_buffer) from [<80554e60>] (tty_ldisc_hangup+0x38/0x1ac) (tty_ldisc_hangup) from [<8054c7f4>] (__tty_hangup+0x158/0x2bc) (__tty_hangup) from [<80557b90>] (disassociate_ctty.part.1+0x30/0x23c) (disassociate_ctty.part.1) from [<8011fc18>] (do_exit+0x580/0xba0) (do_exit) from [<801214f8>] (do_group_exit+0x3c/0xb4) (do_group_exit) from [<80121580>] (__wake_up_parent+0x0/0x14) Issue looks like race condition between interrupt handler fsl_edma_tx_handler() (called as result of fsl_edma_xfer_desc()) and terminating the transfer with fsl_edma_terminate_all(). The fsl_edma_tx_handler() handles interrupt for a transfer with already freed edesc and idle==true. Fixes: d6be34fbd39b ("dma: Add Freescale eDMA engine driver support") Signed-off-by: Krzysztof Kozlowski Reviewed-by: Robin Gong Cc: Link: https://lore.kernel.org/r/1591877861-28156-2-git-send-email-krzk@kernel.org Signed-off-by: Vinod Koul commit bfc1d5bf261df81155935aac10b721f4d5a70849 Author: Krzysztof Kozlowski Date: Thu Jun 11 14:17:40 2020 +0200 dmaengine: fsl-edma: Add lockdep assert for exported function Add lockdep assert for an exported function expected to be called under spin lock. Since this function is called in different modules, the lockdep assert will be self-documenting note about need for locking. Signed-off-by: Krzysztof Kozlowski Reviewed-by: Robin Gong Link: https://lore.kernel.org/r/1591877861-28156-1-git-send-email-krzk@kernel.org Signed-off-by: Vinod Koul commit 4f47e8ab6ab796b5380f74866fa5287aca4dcc58 Author: Xin Long Date: Mon Jun 22 16:40:29 2020 +0800 xfrm: policy: match with both mark and mask on user interfaces In commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"), it would take 'priority' to make a policy unique, and allow duplicated policies with different 'priority' to be added, which is not expected by userland, as Tobias reported in strongswan. To fix this duplicated policies issue, and also fix the issue in commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"), when doing add/del/get/update on user interfaces, this patch is to change to look up a policy with both mark and mask by doing: mark.v == pol->mark.v && mark.m == pol->mark.m and leave the check: (mark & pol->mark.m) == pol->mark.v for tx/rx path only. As the userland expects an exact mark and mask match to manage policies. v1->v2: - make xfrm_policy_mark_match inline and fix the changelog as Tobias suggested. Fixes: 295fae568885 ("xfrm: Allow user space manipulation of SPD mark") Fixes: ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list") Reported-by: Tobias Brunner Tested-by: Tobias Brunner Signed-off-by: Xin Long Signed-off-by: Steffen Klassert commit cd37c6976f6a5b681a900e74ff9d15062855bf87 Author: Anand Moon Date: Tue Jun 23 07:46:37 2020 +0000 Revert "usb: dwc3: exynos: Add support for Exynos5422 suspend clk" This reverts commit 07f6842341abe978e6375078f84506ec3280ece5. Since SCLK_SCLK_USBD300 suspend clock need to be configured for phy module, I wrongly mapped this clock to DWC3 code. Cc: Felipe Balbi Cc: Greg Kroah-Hartman Signed-off-by: Anand Moon Signed-off-by: Felipe Balbi commit e55f3c37cb8d31c7e301f46396b2ac6a19eb3a7c Author: Dan Carpenter Date: Mon Jun 15 14:27:19 2020 +0300 usb: gadget: udc: Potential Oops in error handling code If this is in "transceiver" mode the the ->qwork isn't required and is a NULL pointer. This can lead to a NULL dereference when we call destroy_workqueue(udc->qwork). Fixes: 3517c31a8ece ("usb: gadget: mv_udc: use devm_xxx for probe") Signed-off-by: Dan Carpenter Signed-off-by: Felipe Balbi commit 0a1ef9c81e9194c4faa5686bdd80c66d03ec31ef Merge: e4553b4976d1 774911290c58 Author: Paolo Bonzini Date: Wed Jun 24 02:44:27 2020 -0400 Merge tag 'kvm-s390-master-5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master The current number of KVM_IRQCHIP_NUM_PINS results in an order 3 allocation (32kb) for each guest start/restart which can result in OOM killer activity when kernel memory is fragmented enough. This fix reduces the number of iopins as s390 doesn't use them, hence reducing the memory footprint. commit d410912ef63714fad404f34baa72e5ceb0466e62 Author: Tang Bin Date: Thu May 28 19:47:17 2020 +0800 usb: phy: tegra: Fix unnecessary check in tegra_usb_phy_probe() In the function tegra_usb_phy_probe(), if usb_add_phy_dev() failed, the return value will be given to err, and if usb_add_phy_dev() succeed, the return value will be zero. Thus it is unnecessary to repeated check here. Signed-off-by: Zhang Shengju Signed-off-by: Tang Bin Signed-off-by: Felipe Balbi commit 2655971ad4b34e97dd921df16bb0b08db9449df7 Author: Aditya Pakki Date: Sat Jun 13 22:15:25 2020 -0500 usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work dwc3_pci_resume_work() calls pm_runtime_get_sync() that increments the reference counter. In case of failure, decrement the reference before returning. Signed-off-by: Aditya Pakki Signed-off-by: Felipe Balbi commit 2587a029fa2a877d0a8dda955ef1b24c94b4bd0e Author: Peter Chen Date: Tue Jun 23 11:09:18 2020 +0800 usb: cdns3: ep0: add spinlock for cdns3_check_new_setup The other thread may access other endpoints when the cdns3_check_new_setup is handling, add spinlock to protect it. Cc: Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") Reviewed-by: Pawel Laszczak Signed-off-by: Peter Chen Signed-off-by: Felipe Balbi commit ba3a80fe0fb67d8790f62b7bc60df97406d89871 Author: Peter Chen Date: Tue Jun 23 11:09:17 2020 +0800 usb: cdns3: trace: using correct dir value It should use the correct direction value from register, not depends on previous software setting. It fixed the EP number wrong issue at trace when the TRBERR interrupt occurs for EP0IN. When the EP0IN IOC has finished, software prepares the setup packet request, the expected direction is OUT, but at that time, the TRBERR for EP0IN may occur since it is DMULT mode, the DMA does not stop until TRBERR has met. Cc: Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") Reviewed-by: Pawel Laszczak Signed-off-by: Peter Chen Signed-off-by: Felipe Balbi commit b51e1cf64f93acebb6d8afbacd648a6ecefc39b4 Author: Peter Chen Date: Tue Jun 23 11:09:16 2020 +0800 usb: cdns3: ep0: fix the test mode set incorrectly The 'tmode' is ctrl->wIndex, changing it as the real test mode value for register assignment. Cc: Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") Reviewed-by: Jun Li Signed-off-by: Peter Chen Signed-off-by: Felipe Balbi commit a721321446432c3899aeca16cc6ddc30422b7f74 Author: Peng Fan Date: Wed Jun 24 14:06:54 2020 +0800 soc: imx8m: fix build warning Fix the build warning with x86_64-randconfig >> drivers/soc/imx/soc-imx8m.c:150:34: warning: unused variable >> 'imx8_soc_match' [-Wunused-const-variable] static const struct of_device_id imx8_soc_match[] = { ^ Fixes: fc40200ebf82 ("soc: imx: increase build coverage for imx8m soc driver") Reported-by: kernel test robot Signed-off-by: Peng Fan Signed-off-by: Shawn Guo commit 0b8975bdc0cc5310d48d9bdd871cefebe1f94c99 Author: Dave Jiang Date: Wed Jun 3 10:27:48 2020 -0700 dmaengine: idxd: fix hw descriptor fields for delta record Fix the hw descriptor fields for delta record in user exported idxd.h header. Missing the "expected result mask" field. Reported-by: Mona Hossain Signed-off-by: Dave Jiang Link: https://lore.kernel.org/r/159120526866.65385.536565786678052944.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Vinod Koul commit 3292055c85aa02723b7b7a1114c4c91deefad5e4 Author: Ofir Bitton Date: Thu Jun 11 11:43:23 2020 +0300 habanalabs: Correct handling when failing to enqueue CB The fence release flow is different if the CS was never submitted. In that case, we don't have an hw_sob object attached that we need to "put". While if the CS was aborted, we do need to "put" the hw_sob. Signed-off-by: Ofir Bitton Reviewed-by: Oded Gabbay Signed-off-by: Oded Gabbay commit 647e835e67421ee47b0ff8acc2808de86f7d5e01 Author: Oded Gabbay Date: Sun Jun 7 11:26:48 2020 +0300 habanalabs: increase GAUDI QMAN ARB WDT timeout The current timeout is too low for some of the workloads and we see false errors as a result. Reviewed-by: Tomer Tayar Signed-off-by: Oded Gabbay commit dd2fde10934fd0f21e144cf7fbb76564d1d57c77 Author: Oded Gabbay Date: Sun Jun 7 08:21:48 2020 +0300 habanalabs: rename mmu_write() to mmu_asid_va_write() The function name conflicts with a static inline function in arch/m68k/include/asm/mcfmmu.h Reported-by: kernel test robot Reviewed-by: Tomer Tayar Signed-off-by: Oded Gabbay commit cfd4176dc0bbbd3d01d6764cd85e1f1705b35548 Author: Omer Shpigelman Date: Wed Jun 3 13:03:35 2020 +0300 habanalabs: use PI in MMU cache invalidation The PS flow for MMU cache invalidation caused timeouts in stress tests. Use PS + PI flow so no timeouts should happen whatsoever. Signed-off-by: Omer Shpigelman Reviewed-by: Oded Gabbay Signed-off-by: Oded Gabbay commit 64536abc62c17ef6c7b0f17b820de9923b80e745 Author: Oded Gabbay Date: Wed May 27 12:38:16 2020 +0300 habanalabs: block scalar load_and_exe on external queue In Gaudi, the user can't execute scalar load_and_exe on external queue because it can be a security hole. The driver doesn't parse the commands being loaded and it can be msg_prot, which the user isn't allowed to use. Reviewed-by: Tomer Tayar Signed-off-by: Oded Gabbay commit 1438cde8fe9cb709b569f5829c4c892c0f3f15b3 Author: Yu Kuai Date: Thu Jun 18 21:01:10 2020 +0800 dmaengine: ti: k3-udma: add missing put_device() call in of_xudma_dev_get() if of_find_device_by_node() succeed and platform_get_drvdata() failed, of_xudma_dev_get() will return without put_device(), which will leak the memory. Signed-off-by: Yu Kuai Link: https://lore.kernel.org/r/20200618130110.582543-1-yukuai3@huawei.com Signed-off-by: Vinod Koul commit 466257d9968ac79575831250b039dc07566c7b13 Author: Yoshihiro Shimoda Date: Thu Jun 18 21:07:33 2020 +0900 dmaengine: sh: usb-dmac: set tx_result parameters A client driver (renesas_usbhs) assumed that dmaengine_tx_status() could return the residue even if the transfer was completed. However, this was not correct usage [1] and this caused to break getting the residue after the commit 24461d9792c2 ("dmaengine: virt-dma: Fix access after free in vchan_complete()") actually. So, this is possible to get wrong received size if the usb controller gets a short packet. For example, g_zero driver causes "bad OUT byte" errors. To use the tx_result from the renesas_usbhs driver when the transfer is completed, set the tx_result parameters. Notes that the renesas_usbhs driver needs to update for it. [1] https://lore.kernel.org/dmaengine/20200616165550.GP2324254@vkoul-mobl/ Reported-by: Hien Dang Fixes: 24461d9792c2 ("dmaengine: virt-dma: Fix access after free in vchan_complete()") Signed-off-by: Yoshihiro Shimoda Link: https://lore.kernel.org/r/1592482053-19433-1-git-send-email-yoshihiro.shimoda.uh@renesas.com Signed-off-by: Vinod Koul commit d964d5ff68dba21b53368656adec3fb5f50426bb Author: Peter Ujfalusi Date: Thu Jun 18 14:40:04 2020 +0300 dmaengine: ti: k3-udma: Fix delayed_work usage for tx drain workaround INIT_DELAYED_WORK_ONSTACK() must be used with on-stack delayed work, which is not the case here. Use normal delayed_work for the channels instead. Fixes: 25dcb5dd7b7c ("dmaengine: ti: New driver for K3 UDMA") Reported-by: Tomi Valkeinen Signed-off-by: Peter Ujfalusi Link: https://lore.kernel.org/r/20200618114004.6268-1-peter.ujfalusi@ti.com Signed-off-by: Vinod Koul commit 66983bc18fad17d10766650b3685045f6f092d73 Author: Nikhil Rao Date: Mon Jun 22 13:38:34 2020 -0700 dmaengine: idxd: fix cdev locking for open and release add the wq lock in cdev open and release call. This fixes race conditions observed in the open and close routines. Fixes: 42d279f9137a ("dmaengine: idxd: add char driver to expose submission portal to userland") Signed-off-by: Nikhil Rao Signed-off-by: Dave Jiang Link: https://lore.kernel.org/r/159285824892.64944.2905413694915141834.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Vinod Koul commit 2f57b8d57673af2c2caf8c2c7bef01be940a5c2c Author: Fabio Estevam Date: Sun Jun 21 12:57:30 2020 -0300 dmaengine: imx-sdma: Fix: Remove 'always true' comparison event_id0 is defined as 'unsigned int', so it is always greater or equal to zero. Remove the unneeded comparisons to fix the following W=1 build warning: drivers/dma/imx-sdma.c: In function 'sdma_free_chan_resources': drivers/dma/imx-sdma.c:1334:23: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits] 1334 | if (sdmac->event_id0 >= 0) | ^~ drivers/dma/imx-sdma.c: In function 'sdma_config': drivers/dma/imx-sdma.c:1635:23: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits] 1635 | if (sdmac->event_id0 >= 0) { | Fixes: 25962e1a7f1d ("dmaengine: imx-sdma: Fix the event id check to include RX event for UART6") Reported-by: kernel test robot Signed-off-by: Fabio Estevam Reviewed-by: Frieder Schrempf Link: https://lore.kernel.org/r/20200621155730.28766-1-festevam@gmail.com Signed-off-by: Vinod Koul commit 1aea5c139011f7f9431c74f1fe709516f72b437a Author: Vinod Koul Date: Tue Jun 23 20:07:29 2020 +0530 MAINTAINERS: switch dmaengine tree to kernel.org I have switched DMAengine tree to kernel.org now, so update in MAINTAINERS file Signed-off-by: Vinod Koul Link: https://lore.kernel.org/r/20200623143729.781403-1-vkoul@kernel.org Signed-off-by: Vinod Koul commit afe89f115e84edbc76d316759e206580a06c6973 Author: Tomas Henzl Date: Tue Jun 16 17:04:46 2020 +0200 scsi: mptscsih: Fix read sense data size The sense data buffer in sense_buf_pool is allocated with size of MPT_SENSE_BUFFER_ALLOC(64) (multiplied by req_depth) while SNS_LEN(sc)(96) is used when reading the data. That may lead to a read from unallocated area, sometimes from another (unallocated) page. To fix this, limit the read size to MPT_SENSE_BUFFER_ALLOC. Link: https://lore.kernel.org/r/20200616150446.4840-1-thenzl@redhat.com Co-developed-by: Stanislav Saner Signed-off-by: Stanislav Saner Signed-off-by: Tomas Henzl Signed-off-by: Martin K. Petersen commit 936e6b85da0476dd2edac7c51c68072da9fb4ba2 Author: Steffen Maier Date: Tue Jun 23 16:02:42 2020 +0200 scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action Suppose that, for unrelated reasons, FSF requests on behalf of recovery are very slow and can run into the ERP timeout. In the case at hand, we did adapter recovery to a large degree. However due to the slowness a LUN open is pending so the corresponding fc_rport remains blocked. After fast_io_fail_tmo we trigger close physical port recovery for the port under which the LUN should have been opened. The new higher order port recovery dismisses the pending LUN open ERP action and dismisses the pending LUN open FSF request. Such dismissal decouples the ERP action from the pending corresponding FSF request by setting zfcp_fsf_req->erp_action to NULL (among other things) [zfcp_erp_strategy_check_fsfreq()]. If now the ERP timeout for the pending open LUN request runs out, we must not use zfcp_fsf_req->erp_action in the ERP timeout handler. This is a problem since v4.15 commit 75492a51568b ("s390/scsi: Convert timers to use timer_setup()"). Before that we intentionally only passed zfcp_erp_action as context argument to zfcp_erp_timeout_handler(). Note: The lifetime of the corresponding zfcp_fsf_req object continues until a (late) response or an (unrelated) adapter recovery. Just like the regular response path ignores dismissed requests [zfcp_fsf_req_complete() => zfcp_fsf_protstatus_eval() => return early] the ERP timeout handler now needs to ignore dismissed requests. So simply return early in the ERP timeout handler if the FSF request is marked as dismissed in its status flags. To protect against the race where zfcp_erp_strategy_check_fsfreq() dismisses and sets zfcp_fsf_req->erp_action to NULL after our previous status flag check, return early if zfcp_fsf_req->erp_action is NULL. After all, the former ERP action does not need to be woken up as that was already done as part of the dismissal above [zfcp_erp_action_dismiss()]. This fixes the following panic due to kernel page fault in IRQ context: Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 0000000000000000 TEID: 0000000000000483 Fault in home space mode while using kernel ASCE. AS:000009859238c00b R2:00000e3e7ffd000b R3:00000e3e7ffcc007 S:00000e3e7ffd7000 P:000000000000013d Oops: 0004 ilc:2 [#1] SMP Modules linked in: ... CPU: 82 PID: 311273 Comm: stress Kdump: loaded Tainted: G E X ... Hardware name: IBM 8561 T01 701 (LPAR) Krnl PSW : 0404c00180000000 001fffff80549be0 (zfcp_erp_notify+0x40/0xc0 [zfcp]) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 Krnl GPRS: 0000000000000080 00000e3d00000000 00000000000000f0 0000000000030000 000000010028e700 000000000400a39c 000000010028e700 00000e3e7cf87e02 0000000010000000 0700098591cb67f0 0000000000000000 0000000000000000 0000033840e9a000 0000000000000000 001fffe008d6bc18 001fffe008d6bbc8 Krnl Code: 001fffff80549bd4: a7180000 lhi %r1,0 001fffff80549bd8: 4120a0f0 la %r2,240(%r10) #001fffff80549bdc: a53e0003 llilh %r3,3 >001fffff80549be0: ba132000 cs %r1,%r3,0(%r2) 001fffff80549be4: a7740037 brc 7,1fffff80549c52 001fffff80549be8: e320b0180004 lg %r2,24(%r11) 001fffff80549bee: e31020e00004 lg %r1,224(%r2) 001fffff80549bf4: 412020e0 la %r2,224(%r2) Call Trace: [<001fffff80549be0>] zfcp_erp_notify+0x40/0xc0 [zfcp] [<00000985915e26f0>] call_timer_fn+0x38/0x190 [<00000985915e2944>] expire_timers+0xfc/0x190 [<00000985915e2ac4>] run_timer_softirq+0xec/0x218 [<0000098591ca7c4c>] __do_softirq+0x144/0x398 [<00000985915110aa>] do_softirq_own_stack+0x72/0x88 [<0000098591551b58>] irq_exit+0xb0/0xb8 [<0000098591510c6a>] do_IRQ+0x82/0xb0 [<0000098591ca7140>] ext_int_handler+0x128/0x12c [<0000098591722d98>] clear_subpage.constprop.13+0x38/0x60 ([<000009859172ae4c>] clear_huge_page+0xec/0x250) [<000009859177e7a2>] do_huge_pmd_anonymous_page+0x32a/0x768 [<000009859172a712>] __handle_mm_fault+0x88a/0x900 [<000009859172a860>] handle_mm_fault+0xd8/0x1b0 [<0000098591529ef6>] do_dat_exception+0x136/0x3e8 [<0000098591ca6d34>] pgm_check_handler+0x1c8/0x220 Last Breaking-Event-Address: [<001fffff80549c88>] zfcp_erp_timeout_handler+0x10/0x18 [zfcp] Kernel panic - not syncing: Fatal exception in interrupt Link: https://lore.kernel.org/r/20200623140242.98864-1-maier@linux.ibm.com Fixes: 75492a51568b ("s390/scsi: Convert timers to use timer_setup()") Cc: #4.15+ Reviewed-by: Julian Wiedmann Signed-off-by: Steffen Maier Signed-off-by: Martin K. Petersen commit 46da547e21d6cefceec3fb3dba5ebbca056627fc Author: SeongJae Park Date: Tue Jun 23 10:41:22 2020 +0200 scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() Commit cdb42becdd40 ("scsi: lpfc: Replace io_channels for nvme and fcp with general hdw_queues per cpu") has introduced static checker warnings for potential null dereferences in 'lpfc_sli4_hba_unset()' and commit 1ffdd2c0440d ("scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset") has tried to fix it. However, yet another potential null dereference is remaining. This commit fixes it. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Link: https://lore.kernel.org/r/20200623084122.30633-1-sjpark@amazon.com Fixes: 1ffdd2c0440d ("scsi: lpfc: resolve static checker warning inlpfc_sli4_hba_unset") Fixes: cdb42becdd40 ("scsi: lpfc: Replace io_channels for nvme and fcp with general hdw_queues per cpu") Reviewed-by: James Smart Signed-off-by: SeongJae Park Signed-off-by: Martin K. Petersen commit 0275875530f692c725c6f993aced2eca2d6ac50c Merge: 41b14fb8724d 2e919bc446fa Author: David S. Miller Date: Tue Jun 23 20:53:28 2020 -0700 Merge branch 'Two-phylink-pause-fixes' Russell King says: ==================== Two phylink pause fixes While testing, I discovered two issues with ethtool -A with phylink. First, if there is a PHY bound to the network device, we hit a deadlock when phylib tries to notify us of the link changing as a result of triggering a renegotiation. Second, when we are manually forcing the pause settings, and there is no renegotiation triggered, we do not update the MAC via the new mac_link_up approach. These two patches solve both problems, and will need to be backported to v5.7; they do not apply cleanly there due to the introduction of PCS in the v5.8 merge window. ==================== Signed-off-by: David S. Miller commit 2e919bc446faee429ac862a6cdb5e40017051f6b Author: Russell King Date: Tue Jun 23 17:47:29 2020 +0100 net: phylink: ensure manual pause mode configuration takes effect We have been relying on link events and mac_config() when the manual pause modes are changed. With recent developments, such as moving the programming of link state to mac_link_up(), this no longer works. To ensure that we update the MAC, we must generate a link-down followed by a link-up event; we can do that by setting mac_link_dropped and triggering a resolve. Fixes: 91a208f2185a ("net: phylink: propagate resolved link config via mac_link_up()") Signed-off-by: Russell King Signed-off-by: David S. Miller commit c718af2d00a37587b09e5958d142da7569f3d55b Author: Russell King Date: Tue Jun 23 17:47:23 2020 +0100 net: phylink: fix ethtool -A with attached PHYs Fix a phylink's ethtool set_pauseparam support deadlock caused by phylib interacting with phylink: we must not hold the state lock while calling phylib functions that may call into phylink_phy_change(). Fixes: f904f15ea9b5 ("net: phylink: allow ethtool -A to change flow control advertisement") Signed-off-by: Russell King Signed-off-by: David S. Miller commit aad4b4d15f30de087c5972cfb767fadb5dbc3c52 Author: Christoph Hellwig Date: Sat Jun 20 09:13:02 2020 +0200 scsi: libata: Fix the ata_scsi_dma_need_drain stub We not only need the stub when libata is disabled, but also if it is modular and there are built-in SAS drivers (which can happen when SCSI_SAS_ATA is disabled). Link: https://lore.kernel.org/r/20200620071302.462974-2-hch@lst.de Fixes: b8f1d1e05817 ("scsi: Wire up ata_scsi_dma_need_drain for SAS HBA drivers") Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen commit 632f24f09d5b7c8a2f94932c3391ca957ae76cc4 Author: Roman Bolshakov Date: Fri Jun 5 17:44:37 2020 +0300 scsi: qla2xxx: Keep initiator ports after RSCN The driver performs SCR (state change registration) in all modes including pure target mode. For each RSCN, scan_needed flag is set in qla2x00_handle_rscn() for the port mentioned in the RSCN and fabric rescan is scheduled. During the rescan, GNN_FT handler, qla24xx_async_gnnft_done() deletes session of the port that caused the RSCN. In target mode, the session deletion has an impact on ATIO handler, qlt_24xx_atio_pkt(). Target responds with SAM STATUS BUSY to I/O incoming from the deleted session. qlt_handle_cmd_for_atio() and qlt_handle_task_mgmt() return -EFAULT if they are not able to find session of the command/TMF, and that results in invocation of qlt_send_busy(): qlt_24xx_atio_pkt_all_vps: qla_target(0): type 6 ox_id 0014 qla_target(0): Unable to send command to target, sending BUSY status Such response causes command timeout on the initiator. Error handler thread on the initiator will be spawned to abort the commands: scsi 23:0:0:0: tag#0 abort scheduled scsi 23:0:0:0: tag#0 aborting command qla2xxx [0000:af:00.0]-188c:23: Entered qla24xx_abort_command. qla2xxx [0000:af:00.0]-801c:23: Abort command issued nexus=23:0:0 -- 0 2003. Command abort is rejected by target and fails (2003), error handler then tries to perform DEVICE RESET and TARGET RESET but they're also doomed to fail because TMFs are ignored for the deleted sessions. Then initiator makes BUS RESET that resets the link via qla2x00_full_login_lip(). BUS RESET succeeds and brings initiator port up, SAN switch detects that and sends RSCN to the target port and it fails again the same way as described above. It never goes out of the loop. The change breaks the RSCN loop by keeping initiator sessions mentioned in RSCN payload in all modes, including dual and pure target mode. Link: https://lore.kernel.org/r/20200605144435.27023-1-r.bolshakov@yadro.com Fixes: 2037ce49d30a ("scsi: qla2xxx: Fix stale session") Cc: Quinn Tran Cc: Arun Easi Cc: Nilesh Javali Cc: Bart Van Assche Cc: Daniel Wagner Cc: Himanshu Madhani Cc: Martin Wilck Cc: stable@vger.kernel.org # v5.4+ Reviewed-by: Daniel Wagner Reviewed-by: Shyam Sundar Reviewed-by: Himanshu Madhani Signed-off-by: Roman Bolshakov Signed-off-by: Martin K. Petersen commit 41b14fb8724d5a4b382a63cb4a1a61880347ccb8 Author: Tariq Toukan Date: Mon Jun 22 23:26:04 2020 +0300 net: Do not clear the sock TX queue in sk_set_socket() Clearing the sock TX queue in sk_set_socket() might cause unexpected out-of-order transmit when called from sock_orphan(), as outstanding packets can pick a different TX queue and bypass the ones already queued. This is undesired in general. More specifically, it breaks the in-order scheduling property guarantee for device-offloaded TLS sockets. Remove the call to sk_tx_queue_clear() in sk_set_socket(), and add it explicitly only where needed. Fixes: e022f0b4a03f ("net: Introduce sk_tx_queue_mapping") Signed-off-by: Tariq Toukan Reviewed-by: Boris Pismenny Signed-off-by: David S. Miller commit ef2e3ec520a8c20661ca4e7d17a5c7110d3a7828 Author: Daniel Wagner Date: Thu Jun 4 12:07:45 2020 +0200 scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request The qla2xxx driver knows when request was processed successfully or not. But it always sets the NVMe status code to 0/NVME_SC_SUCCESS. The upper layer needs to figure out from the rcv_rsplen and transferred_length variables if the request was transferred successfully. This is not always possible, e.g. when the request data length is 0, the transferred_length is also set 0 which is interpreted as success in nvme_fc_fcpio_done(). Let's inform the upper layer (nvme_fc_fcpio_done()) when something went wrong. nvme_fc_fcpio_done() maps all non-NVME_SC_SUCCESS status codes to NVME_SC_HOST_PATH_ERROR. There isn't any benefit to map the QLA status code to the NVMe status code. Therefore, use NVME_SC_INTERNAL to indicate an error which aligns it with the lpfc driver. Link: https://lore.kernel.org/r/20200604100745.89250-1-dwagner@suse.de Reviewed-by: Himanshu Madhani Reviewed-by: Hannes Reinecke Signed-off-by: Daniel Wagner Signed-off-by: Martin K. Petersen commit 4b973f49830d74de36b5f4a75c07f6658524d2e4 Author: Andrew Lunn Date: Wed Jun 24 03:25:45 2020 +0200 net: ethtool: Handle missing cable test TDR parameters A last minute change put the TDR cable test parameters into a nest. The validation is not sufficient, resulting in an oops if the nest is missing. Set default values first, then update them if the nest is provided. Fixes: f2bc8ad31a7f ("net: ethtool: Allow PHY cable test TDR data to configured") Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 54cc017c21b1a3fac71534125f6843cb1ccaa45e Merge: a83024b95ab4 c55e28a8b43f Author: David S. Miller Date: Tue Jun 23 20:13:58 2020 -0700 Merge branch 'bnxt_en-Bug-fixes' Michael Chan says: ==================== bnxt_en: Bug fixes. The first patch stores the firmware version code which is needed by the next 2 patches to determine some worarounds based on the firmware version. The workarounds are to disable legacy TX push mode and to clear the hardware statistics during ifdown. The last patch checks that it is a PF before reading the VPD. Please also queue these for -stable. Thanks. ==================== Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit c55e28a8b43fcd7dc71868bd165705bc7741a7ca Author: Vasundhara Volam Date: Tue Jun 23 19:01:38 2020 -0400 bnxt_en: Read VPD info only for PFs Virtual functions does not have VPD information. This patch modifies calling bnxt_read_vpd_info() only for PFs and avoids an unnecessary error log. Fixes: a0d0fd70fed5 ("bnxt_en: Read partno and serialno of the board from VPD") Signed-off-by: Vasundhara Volam Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit c2dec363feb41544a76c8083aca2378990e17166 Author: Michael Chan Date: Tue Jun 23 19:01:37 2020 -0400 bnxt_en: Fix statistics counters issue during ifdown with older firmware. On older firmware, the hardware statistics are not cleared when the driver frees the hardware stats contexts during ifdown. The driver expects these stats to be cleared and saves a copy before freeing the stats contexts. During the next ifup, the driver will likely allocate the same hardware stats contexts and this will cause a big increase in the counters as the old counters are added back to the saved counters. We fix it by making an additional firmware call to clear the counters before freeing the hw stats contexts when the firmware is the older 20.x firmware. Fixes: b8875ca356f1 ("bnxt_en: Save ring statistics before reset.") Reported-by: Jakub Kicinski Reviewed-by: Vasundhara Volam Signed-off-by: Michael Chan Tested-by: Jakub Kicinski Signed-off-by: David S. Miller commit fed7edd18143c68c63ea049999a7e861123de6de Author: Michael Chan Date: Tue Jun 23 19:01:36 2020 -0400 bnxt_en: Do not enable legacy TX push on older firmware. Older firmware may not support legacy TX push properly and may not be disabling it. So we check certain firmware versions that may have this problem and disable legacy TX push unconditionally. Fixes: c0c050c58d84 ("bnxt_en: New Broadcom ethernet driver.") Reviewed-by: Edwin Peer Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit d0ad2ea2bc185835f8a749302ad07b70528d2a09 Author: Michael Chan Date: Tue Jun 23 19:01:35 2020 -0400 bnxt_en: Store the running firmware version code. We currently only store the firmware version as a string for ethtool and devlink info. Store it also as a version code. The next 2 patches will need to check the firmware major version to determine some workarounds. We also use the 16-bit firmware version fields if the firmware is newer and provides the 16-bit fields. Reviewed-by: Edwin Peer Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 20dc3847cc2fc886ee4eb9112e6e2fad9419b0c7 Author: Sascha Ortmann Date: Thu Jun 18 18:33:01 2020 +0200 tracing/boottime: Fix kprobe multiple events Fix boottime kprobe events to report and abort after each failure when adding probes. As an example, when we try to set multiprobe kprobe events in bootconfig like this: ftrace.event.kprobes.vfsevents { probes = "vfs_read $arg1 $arg2,, !error! not reported;?", // leads to error "vfs_write $arg1 $arg2" } This will not work as expected. After commit da0f1f4167e3af69e ("tracing/boottime: Fix kprobe event API usage"), the function trace_boot_add_kprobe_event will not produce any error message when adding a probe fails at kprobe_event_gen_cmd_start. Furthermore, we continue to add probes when kprobe_event_gen_cmd_end fails (and kprobe_event_gen_cmd_start did not fail). In this case the function even returns successfully when the last call to kprobe_event_gen_cmd_end is successful. The behaviour of reporting and aborting after failures is not consistent. The function trace_boot_add_kprobe_event now reports each failure and stops adding probes immediately. Link: https://lkml.kernel.org/r/20200618163301.25854-1-sascha.ortmann@stud.uni-hannover.de Cc: stable@vger.kernel.org Cc: linux-kernel@i4.cs.fau.de Co-developed-by: Maximilian Werner Fixes: da0f1f4167e3 ("tracing/boottime: Fix kprobe event API usage") Acked-by: Masami Hiramatsu Signed-off-by: Maximilian Werner Signed-off-by: Sascha Ortmann Signed-off-by: Steven Rostedt (VMware) commit 6784beada631800f2c5afd567e5628c843362cee Author: Masami Hiramatsu Date: Sat Jun 20 12:46:03 2020 +0900 tracing: Fix event trigger to accept redundant spaces Fix the event trigger to accept redundant spaces in the trigger input. For example, these return -EINVAL echo " traceon" > events/ftrace/print/trigger echo "traceon if common_pid == 0" > events/ftrace/print/trigger echo "disable_event:kmem:kmalloc " > events/ftrace/print/trigger But these are hard to find what is wrong. To fix this issue, use skip_spaces() to remove spaces in front of actual tokens, and set NULL if there is no token. Link: http://lkml.kernel.org/r/159262476352.185015.5261566783045364186.stgit@devnote2 Cc: Tom Zanussi Cc: stable@vger.kernel.org Fixes: 85f2b08268c0 ("tracing: Add basic event trigger framework") Reviewed-by: Tom Zanussi Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 6c95503c292610ff2898b4271c510c16efdcd4e1 Author: Masami Hiramatsu Date: Sat Jun 20 12:45:54 2020 +0900 tracing/boot: Fix config dependency for synthedic event Since commit 726721a51838 ("tracing: Move synthetic events to a separate file") decoupled synthetic event from histogram, boot-time tracing also has to check CONFIG_SYNTH_EVENT instead of CONFIG_HIST_TRIGGERS. Link: http://lkml.kernel.org/r/159262475441.185015.5300725180746017555.stgit@devnote2 Fixes: 726721a51838 ("tracing: Move synthetic events to a separate file") Reviewed-by: Tom Zanussi Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 3c597282887fd55181578996dca52ce697d985a5 Author: Gao Xiang Date: Fri Jun 19 07:43:49 2020 +0800 erofs: fix partially uninitialized misuse in z_erofs_onlinepage_fixup Hongyu reported "id != index" in z_erofs_onlinepage_fixup() with specific aarch64 environment easily, which wasn't shown before. After digging into that, I found that high 32 bits of page->private was set to 0xaaaaaaaa rather than 0 (due to z_erofs_onlinepage_init behavior with specific compiler options). Actually we only use low 32 bits to keep the page information since page->private is only 4 bytes on most 32-bit platforms. However z_erofs_onlinepage_fixup() uses the upper 32 bits by mistake. Let's fix it now. Reported-and-tested-by: Hongyu Jin Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: # 4.19+ Reviewed-by: Chao Yu Link: https://lore.kernel.org/r/20200618234349.22553-1-hsiangkao@aol.com Signed-off-by: Gao Xiang commit 4845446036fc9c13f43b54a65c9b757c14f5141b Author: yu kuai Date: Thu Jun 4 20:54:49 2020 +0800 ARM: imx6: add missing put_device() call in imx6q_suspend_init() if of_find_device_by_node() succeed, imx6q_suspend_init() doesn't have a corresponding put_device(). Thus add a jump target to fix the exception handling for this function implementation. Signed-off-by: yu kuai Signed-off-by: Shawn Guo commit 586745f1598ccf71b0a5a6df2222dee0a865954e Author: yu kuai Date: Thu Jun 4 20:42:06 2020 +0800 ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() if of_find_device_by_node() succeed, imx_suspend_alloc_ocram() doesn't have a corresponding put_device(). Thus add a jump target to fix the exception handling for this function implementation. Fixes: 1579c7b9fe01 ("ARM: imx53: Set DDR pins to high impedance when in suspend to RAM.") Signed-off-by: yu kuai Signed-off-by: Shawn Guo commit bcc7f554cfa7e0ac77c7adc4027c16f4a2f99c6f Author: Quentin Monnet Date: Tue Jun 23 16:39:35 2020 +0100 bpf: Fix formatting in documentation for BPF helpers When producing the bpf-helpers.7 man page from the documentation from the BPF user space header file, rst2man complains: :2636: (ERROR/3) Unexpected indentation. :2640: (WARNING/2) Block quote ends without a blank line; unexpected unindent. Let's fix formatting for the relevant chunk (item list in bpf_ringbuf_query()'s description), and for a couple other functions. Signed-off-by: Quentin Monnet Signed-off-by: Alexei Starovoitov Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20200623153935.6215-1-quentin@isovalent.com commit b338cb921e6739ff59ce32f43342779fe5ffa732 Author: Maciej Żenczykowski Date: Sat Jun 20 14:26:16 2020 -0700 bpf: Restore behaviour of CAP_SYS_ADMIN allowing the loading of networking bpf programs This is a fix for a regression in commit 2c78ee898d8f ("bpf: Implement CAP_BPF"). Before the above commit it was possible to load network bpf programs with just the CAP_SYS_ADMIN privilege. The Android bpfloader happens to run in such a configuration (it has SYS_ADMIN but not NET_ADMIN) and creates maps and loads bpf programs for later use by Android's netd (which has NET_ADMIN but not SYS_ADMIN). Fixes: 2c78ee898d8f ("bpf: Implement CAP_BPF") Reported-by: John Stultz Signed-off-by: Maciej Żenczykowski Signed-off-by: Alexei Starovoitov Tested-by: John Stultz Link: https://lore.kernel.org/bpf/20200620212616.93894-1-zenczykowski@gmail.com commit c4c0bdc0d2d084ed847c7066bdf59fe2cd25aa17 Author: Yonghong Song Date: Tue Jun 23 17:10:54 2020 -0700 bpf: Set the number of exception entries properly for subprograms Currently, if a bpf program has more than one subprograms, each program will be jitted separately. For programs with bpf-to-bpf calls the prog->aux->num_exentries is not setup properly. For example, with bpf_iter_netlink.c modified to force one function to be not inlined and with CONFIG_BPF_JIT_ALWAYS_ON the following error is seen: $ ./test_progs -n 3/3 ... libbpf: failed to load program 'iter/netlink' libbpf: failed to load object 'bpf_iter_netlink' libbpf: failed to load BPF skeleton 'bpf_iter_netlink': -4007 test_netlink:FAIL:bpf_iter_netlink__open_and_load skeleton open_and_load failed #3/3 netlink:FAIL The dmesg shows the following errors: ex gen bug which is triggered by the following code in arch/x86/net/bpf_jit_comp.c: if (excnt >= bpf_prog->aux->num_exentries) { pr_err("ex gen bug\n"); return -EFAULT; } This patch fixes the issue by computing proper num_exentries for each subprogram before calling JIT. Signed-off-by: Yonghong Song Signed-off-by: Alexei Starovoitov commit bf1028a41eaf0ce39518cbdda34cdb717f16364a Author: Gustavo A. R. Silva Date: Mon Jun 15 17:41:12 2020 -0500 cifs: misc: Use array_size() in if-statement controlling expression Use array_size() instead of the open-coded version in the controlling expression of the if statement. Also, while there, use the preferred form for passing a size of a struct. The alternative form where struct name is spelled out hurts readability and introduces an opportunity for a bug when the pointer variable type is changed but the corresponding sizeof that is passed as argument is not. This issue was found with the help of Coccinelle and, audited and fixed manually. Addresses-KSPP-ID: https://github.com/KSPP/linux/issues/83 Signed-off-by: Gustavo A. R. Silva Signed-off-by: Steve French Reviewed-by: Aurelien Aptel Reviewed-by: Kees Cook Signed-off-by: Steve French commit 5618303d8516f8ac5ecfe53ee8e8bc9a40eaf066 Author: Zhang Xiaoxu Date: Fri Jun 19 22:51:29 2020 -0400 cifs: update ctime and mtime during truncate As the man description of the truncate, if the size changed, then the st_ctime and st_mtime fields should be updated. But in cifs, we doesn't do it. It lead the xfstests generic/313 failed. So, add the ATTR_MTIME|ATTR_CTIME flags on attrs when change the file size Reported-by: Hulk Robot Signed-off-by: Zhang Xiaoxu Signed-off-by: Steve French commit acc91c2d8de4ef46ed751c5f9df99ed9a109b100 Author: Zhang Xiaoxu Date: Tue Jun 23 07:31:53 2020 -0400 cifs/smb3: Fix data inconsistent when punch hole When punch hole success, we also can read old data from file: # strace -e trace=pread64,fallocate xfs_io -f -c "pread 20 40" \ -c "fpunch 20 40" -c"pread 20 40" file pread64(3, " version 5.8.0-rc1+"..., 40, 20) = 40 fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 20, 40) = 0 pread64(3, " version 5.8.0-rc1+"..., 40, 20) = 40 CIFS implements the fallocate(FALLOCATE_FL_PUNCH_HOLE) with send SMB ioctl(FSCTL_SET_ZERO_DATA) to server. It just set the range of the remote file to zero, but local page caches not updated, then the local page caches inconsistent with server. Also can be found by xfstests generic/316. So, we need to remove the page caches before send the SMB ioctl(FSCTL_SET_ZERO_DATA) to server. Fixes: 31742c5a33176 ("enable fallocate punch hole ("fallocate -p") for SMB3") Suggested-by: Pavel Shilovsky Reviewed-by: Pavel Shilovsky Signed-off-by: Zhang Xiaoxu Cc: stable@vger.kernel.org # v3.17 Signed-off-by: Steve French commit 6b69040247e14b43419a520f841f2b3052833df9 Author: Zhang Xiaoxu Date: Tue Jun 23 07:31:54 2020 -0400 cifs/smb3: Fix data inconsistent when zero file range CIFS implements the fallocate(FALLOC_FL_ZERO_RANGE) with send SMB ioctl(FSCTL_SET_ZERO_DATA) to server. It just set the range of the remote file to zero, but local page cache not update, then the data inconsistent with server, which leads the xfstest generic/008 failed. So we need to remove the local page caches before send SMB ioctl(FSCTL_SET_ZERO_DATA) to server. After next read, it will re-cache it. Fixes: 30175628bf7f5 ("[SMB3] Enable fallocate -z support for SMB3 mounts") Reported-by: Hulk Robot Signed-off-by: Zhang Xiaoxu Reviewed-by: Pavel Shilovsky Cc: stable@vger.kernel.org # v3.17 Signed-off-by: Steve French commit 9c82a63cf3701b78cd092c69c3e75ff806837194 Author: Andrii Nakryiko Date: Fri Jun 19 16:04:22 2020 -0700 libbpf: Fix CO-RE relocs against .text section bpf_object__find_program_by_title(), used by CO-RE relocation code, doesn't return .text "BPF program", if it is a function storage for sub-programs. Because of that, any CO-RE relocation in helper non-inlined functions will fail. Fix this by searching for .text-corresponding BPF program manually. Adjust one of bpf_iter selftest to exhibit this pattern. Fixes: ddc7c3042614 ("libbpf: implement BPF CO-RE offset relocation algorithm") Reported-by: Yonghong Song Signed-off-by: Andrii Nakryiko Signed-off-by: Yonghong Song Signed-off-by: Alexei Starovoitov Acked-by: Yonghong Song Link: https://lore.kernel.org/bpf/20200619230423.691274-1-andriin@fb.com commit 23e390cdbe6f85827a43d38f9288dcd3066fa376 Author: KP Singh Date: Mon Jun 22 00:21:35 2020 +0200 security: Fix hook iteration and default value for inode_copy_up_xattr inode_copy_up_xattr returns 0 to indicate the acceptance of the xattr and 1 to reject it. If the LSM does not know about the xattr, it's expected to return -EOPNOTSUPP, which is the correct default value for this hook. BPF LSM, currently, uses 0 as the default value and thereby falsely allows all overlay fs xattributes to be copied up. The iteration logic is also updated from the "bail-on-fail" call_int_hook to continue on the non-decisive -EOPNOTSUPP and bail out on other values. Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks") Signed-off-by: KP Singh Signed-off-by: James Morris commit a83024b95ab4c4c38c8c5b0f43402ffd92a851d1 Merge: 6199496be353 20bb0c8f2c44 Author: David S. Miller Date: Tue Jun 23 15:18:48 2020 -0700 Merge branch 'cxgb4-cxgb4vf-fix-warnings-reported-by-sparse' Rahul Lakkireddy says: ==================== cxgb4/cxgb4vf: fix warnings reported by sparse This series of patches fix various warnings reported by the sparse tool. Patches 1 and 2 fix lock context imbalance warnings. Patch 3 fixes cast to restricted __be64 warning when fetching timestamp in PTP path. Patch 4 fixes several cast to restricted __be32 warnings in TC-U32 offload parser. Patch 5 fixes several cast from restricted __be16 warnings in parsing L4 ports for filters. Patch 6 fixes several restricted __be32 degrades to integer warnings when comparing IP address masks for exact-match filters. Patch 7 fixes cast to restricted __be64 warning when fetching SGE queue contexts in device dump collection. Patch 8 fixes cast from restricted __sum16 warning when saving IPv4 partial checksum. Patch 9 fixes issue with string array scope in DCB path. Patch 10 fixes a set but unused variable warning when DCB is disabled. Patch 11 fixes several kernel-doc comment warnings in cxgb4 driver. Patch 12 fixes several kernel-doc comment warnings in cxgb4vf driver. ==================== Signed-off-by: David S. Miller commit 20bb0c8f2c446c55f5a4e296beaa77d62ffe2d1e Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:42 2020 +0530 cxgb4vf: update kernel-doc line comments Update several kernel-doc line comments to fix warnings reported by make W=1. Fixes following class of warnings reported by make W=1 in several places: cxgb4vf_main.c:275: warning: Function parameter or member 'persistent' not described in 'cxgb4vf_change_mac' cxgb4vf_main.c:275: warning: Excess function parameter 'persist' description in 'cxgb4vf_change_mac' Fixes: 16f8bd4be754 ("cxgb4vf: Add core T4 PCI-E SR-IOV Virtual Function hardware definitions and device communication code") Fixes: c6e0d91464da ("cxgb4vf: Add T4 Virtual Function Scatter-Gather Engine DMA code") Fixes: e0a8b34a9cc4 ("cxgb4vf: Add and initialize some sge params for VF driver") Fixes: c3168cabe1af ("cxgb4/cxgbvf: Handle 32-bit fw port capabilities") Fixes: 0e23daeb6407 ("drivers/net: chelsio/cxgb*: Convert timers to use timer_setup()") Fixes: 3f8cfd0d95e6 ("cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac()") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit 29bbf5d7f5efe84f94bc66c6c24614f812a95f62 Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:41 2020 +0530 cxgb4: update kernel-doc line comments Update several kernel-doc line comments to fix warnings reported by make W=1. Fixes following class of warnings reported by make W=1 in several places: l2t.c:616: warning: Cannot understand * @dev: net_device pointer t4_hw.c:3175: warning: Function parameter or member 'adap' not described in 't4_get_exprom_version' t4_hw.c:3175: warning: Excess function parameter 'adapter' description in 't4_get_exprom_version' Fixes: 56d36be4dd5f ("cxgb4: Add HW and FW support code") Fixes: fd3a47900b6f ("cxgb4: Add packet queues and packet DMA code") Fixes: 26f7cbc0a5a4 ("cxgb4: Don't attempt to upgrade T4 firmware when cxgb4 will end up as a slave") Fixes: 793dad94e745 ("RDMA/cxgb4: Fix bug for active and passive LE hash collision path") Fixes: ba3f8cd55f2a ("cxgb4: Add support in cxgb4 to get expansion rom version via ethtool") Fixes: f7502659cec8 ("cxgb4: Add API to alloc l2t entry; also update existing ones") Fixes: ddc7740d9a7c ("cxgb4: Decode link down reason code obtained from firmware") Fixes: 193c4c2845f7 ("cxgb4: Update T6 Buffer Group and Channel Mappings") Fixes: 8f46d46715a1 ("cxgb4: Use Firmware params to get buffer-group map") Fixes: a456950445a0 ("cxgb4: time stamping interface for PTP") Fixes: 9c33e4208bce ("cxgb4: Add PTP Hardware Clock (PHC) support") Fixes: c3168cabe1af ("cxgb4/cxgbvf: Handle 32-bit fw port capabilities") Fixes: 5ccf9d049615 ("cxgb4: update API for TP indirect register access") Fixes: 3bdb376e6944 ("cxgb4: introduce SMT ops to prepare for SMAC rewrite support") Fixes: 736c3b94474e ("cxgb4: collect egress and ingress SGE queue contexts") Fixes: f56ec6766dcf ("cxgb4: Add support for ethtool i2c dump") Fixes: 9d5fd927d20b ("cxgb4/cxgb4vf: add support for ndo_set_vf_vlan") Fixes: 98f3697f8d41 ("cxgb4: add tc flower match support for tunnel VNI") Fixes: 02d805dc5fe3 ("cxgb4: use new fw interface to get the VIN and smt index") Fixes: 3f8cfd0d95e6 ("cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac()") Fixes: d429005fdf2c ("cxgb4/cxgb4vf: Add support for SGE doorbell queue timer") Fixes: 0e395b3cb1fb ("cxgb4: add FLOWC based QoS offload") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit 00e31cfc8995de2a15352522fc672922a23b435e Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:40 2020 +0530 cxgb4: fix set but unused variable when DCB is disabled Remove the set but unused variable when DCB is disabled. Instead, do the calculation directly inline. Fixes following warning in make W=1: cxgb4_main.c: In function 'cfg_queues': cxgb4_main.c:5380:29: warning: variable 'n1g' set but not used [-Wunused-but-set-variable] u32 i, n10g = 0, qidx = 0, n1g = 0; ^ Fixes: 116ca924aea6 ("cxgb4: fix checks for max queues to allocate") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit bab3bcf3e9873e1e6e9cb39c1f55a05fb10415a4 Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:39 2020 +0530 cxgb4: move DCB version extern to header file Move the DCB version string array extern to header file. Fixes following sparse warning: cxgb4_dcb.c:13:12: warning: symbol 'dcb_ver_array' was not declared. Should it be static? Fixes: ebddd97afb89 ("cxgb4: add support to display DCB info") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit 2f6670165d22406467c667e9454e558bc75b933e Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:38 2020 +0530 cxgb4: remove cast when saving IPv4 partial checksum The checksum field in IPv4 header is in __sum16 and ip_fast_csum() also returns __sum16. So, no need to cast it to u16. Fixes following sparse warning: sge.c:1539:47: warning: cast from restricted __sum16 sge.c:1539:44: warning: incorrect type in assignment (different base types) sge.c:1539:44: expected restricted __sum16 [usertype] check sge.c:1539:44: got unsigned short [usertype] Fixes: d0a1299c6bf7 ("cxgb4: add support for vxlan segmentation offload") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit 1992ded5d111997877a9a25205976d8d03c46814 Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:37 2020 +0530 cxgb4: fix SGE queue dump destination buffer context The data in destination buffer is expected to be be parsed in big endian. So, use the right context. Fixes following sparse warning: cudbg_lib.c:2041:44: warning: incorrect type in assignment (different base types) cudbg_lib.c:2041:44: expected unsigned long long [usertype] cudbg_lib.c:2041:44: got restricted __be64 [usertype] Fixes: 736c3b94474e ("cxgb4: collect egress and ingress SGE queue contexts") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit f286dd8eaad5a2758750f407ab079298e0bcc8a5 Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:36 2020 +0530 cxgb4: use correct type for all-mask IP address comparison Use correct type to check for all-mask exact match IP addresses. Fixes following sparse warnings due to big endian value checks against 0xffffffff in is_addr_all_mask(): cxgb4_filter.c:977:25: warning: restricted __be32 degrades to integer cxgb4_filter.c:983:37: warning: restricted __be32 degrades to integer cxgb4_filter.c:984:37: warning: restricted __be32 degrades to integer cxgb4_filter.c:985:37: warning: restricted __be32 degrades to integer cxgb4_filter.c:986:37: warning: restricted __be32 degrades to integer Fixes: 3eb8b62d5a26 ("cxgb4: add support to create hash-filters via tc-flower offload") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit 63b53b0b99cd5f2d9754a21eda2ed8e706646cc9 Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:35 2020 +0530 cxgb4: fix endian conversions for L4 ports in filters The source and destination L4 ports in filter offload need to be in CPU endian. They will finally be converted to Big Endian after all operations are done and before giving them to hardware. The L4 ports for NAT are expected to be passed as a byte stream TCB. So, treat them as such. Fixes following sparse warnings in several places: cxgb4_tc_flower.c:159:33: warning: cast from restricted __be16 cxgb4_tc_flower.c:159:33: warning: incorrect type in argument 1 (different base types) cxgb4_tc_flower.c:159:33: expected unsigned short [usertype] val cxgb4_tc_flower.c:159:33: got restricted __be16 [usertype] dst Fixes: dca4faeb812f ("cxgb4: Add LE hash collision bug fix path in LLD driver") Fixes: 62488e4b53ae ("cxgb4: add basic tc flower offload support") Fixes: 557ccbf9dfa8 ("cxgb4: add tc flower support for L3/L4 rewrite") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit 27f78cb245abdb86735529c13b0a579f57829e71 Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:34 2020 +0530 cxgb4: parse TC-U32 key values and masks natively TC-U32 passes all keys values and masks in __be32 format. The parser already expects this and hence pass the value and masks in __be32 natively to the parser. Fixes following sparse warnings in several places: cxgb4_tc_u32.c:57:21: warning: incorrect type in assignment (different base types) cxgb4_tc_u32.c:57:21: expected unsigned int [usertype] val cxgb4_tc_u32.c:57:21: got restricted __be32 [usertype] val cxgb4_tc_u32_parse.h:48:24: warning: cast to restricted __be32 Fixes: 2e8aad7bf203 ("cxgb4: add parser to translate u32 filters to internal spec") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit 589b1c9c166dce120e27b32a83a78f55464a7ef9 Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:33 2020 +0530 cxgb4: use unaligned conversion for fetching timestamp Use get_unaligned_be64() to fetch the timestamp needed for ns_to_ktime() conversion. Fixes following sparse warning: sge.c:3282:43: warning: cast to restricted __be64 Fixes: a456950445a0 ("cxgb4: time stamping interface for PTP") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit 030c98824deaba205787af501a074b3d7f46e32e Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:32 2020 +0530 cxgb4: move PTP lock and unlock to caller in Tx path Check for whether PTP is enabled or not at the caller and perform locking/unlocking at the caller. Fixes following sparse warning: sge.c:1641:26: warning: context imbalance in 'cxgb4_eth_xmit' - different lock contexts for basic block Fixes: a456950445a0 ("cxgb4: time stamping interface for PTP") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit 11d8cd5c9f3b46f397f889cefdb66795518aaebd Author: Rahul Lakkireddy Date: Wed Jun 24 01:51:31 2020 +0530 cxgb4: move handling L2T ARP failures to caller Move code handling L2T ARP failures to the only caller. Fixes following sparse warning: skbuff.h:2091:29: warning: context imbalance in 'handle_failed_resolution' - unexpected unlock Fixes: 749cb5fe48bb ("cxgb4: Replace arpq_head/arpq_tail with SKB double link-list code") Signed-off-by: Rahul Lakkireddy Signed-off-by: David S. Miller commit ee434a4f9f5ea15b0f84bddd8c012838cf9472c5 Author: John van der Kamp Date: Tue Jun 23 23:30:54 2020 +0200 drm/amdgpu/display: Unlock mutex on error Make sure we pass through ret label to unlock the mutex. Signed-off-by: John van der Kamp Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 6199496be35348a331cda5c072edc308e330cf23 Merge: b4730ae6a443 10f468ea5c48 Author: David S. Miller Date: Tue Jun 23 15:01:16 2020 -0700 Merge branch 'net-qed-qede-various-stability-fixes' Alexander Lobakin says: ==================== net: qed/qede: various stability fixes This set addresses several near-critical issues that were observed and reproduced on different test and production configurations. v2: - don't split the "Fixes:" tag across several lines in patch 9; - no functional changes. ==================== Signed-off-by: David S. Miller commit 10f468ea5c481b3a60cc291c4dfdc7bb338abb74 Author: Alexander Lobakin Date: Tue Jun 23 16:51:37 2020 +0300 net: qed: fix "maybe uninitialized" warning Variable 'abs_ppfid' in qed_dev.c:qed_llh_add_mac_filter() always gets printed, but is initialized only under 'ref_cnt == 1' condition. This results in: In file included from ./include/linux/kernel.h:15:0, from ./include/asm-generic/bug.h:19, from ./arch/x86/include/asm/bug.h:86, from ./include/linux/bug.h:5, from ./include/linux/io.h:11, from drivers/net/ethernet/qlogic/qed/qed_dev.c:35: drivers/net/ethernet/qlogic/qed/qed_dev.c: In function 'qed_llh_add_mac_filter': ./include/linux/printk.h:358:2: warning: 'abs_ppfid' may be used uninitialized in this function [-Wmaybe-uninitialized] printk(KERN_NOTICE pr_fmt(fmt), ##__VA_ARGS__) ^~~~~~ drivers/net/ethernet/qlogic/qed/qed_dev.c:983:17: note: 'abs_ppfid' was declared here u8 filter_idx, abs_ppfid; ^~~~~~~~~ ...under W=1+. Fix this by initializing it with zero. Fixes: 79284adeb99e ("qed: Add llh ppfid interface and 100g support for offload protocols") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit c221dd1831732449f844e03631a34fd21c2b9429 Author: Alexander Lobakin Date: Tue Jun 23 16:51:36 2020 +0300 net: qed: reset ILT block sizes before recomputing to fix crashes Sizes of all ILT blocks must be reset before ILT recomputing when disabling clients, or memory allocation may exceed ILT shadow array and provoke system crashes. Fixes: 1408cc1fa48c ("qed: Introduce VFs") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit ec6c80590bde6b5dfa4970fffa3572f1acd313ca Author: Alexander Lobakin Date: Tue Jun 23 16:51:35 2020 +0300 net: qede: fix use-after-free on recovery and AER handling Set edev->cdev pointer to NULL after calling remove() callback to avoid using of already freed object. Fixes: ccc67ef50b90 ("qede: Error recovery process") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit 1c85f394c2206ea3835f43534d5675f0574e1b70 Author: Alexander Lobakin Date: Tue Jun 23 16:51:34 2020 +0300 net: qede: fix PTP initialization on recovery Currently PTP cyclecounter and timecounter are initialized only on the first probing and are cleaned up during removal. This means that PTP becomes non-functional after device recovery. Fix this by unconditional PTP initialization on probing and clearing Tx pending bit on exiting. Fixes: ccc67ef50b90 ("qede: Error recovery process") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit d434d02f7e7c24c721365fd594ed781acb18e0da Author: Alexander Lobakin Date: Tue Jun 23 16:51:33 2020 +0300 net: qed: fix excessive QM ILT lines consumption This is likely a copy'n'paste mistake. The amount of ILT lines to reserve for a single VF was being multiplied by the total VFs count. This led to a huge redundancy in reservation and potential lines drainouts. Fixes: 1408cc1fa48c ("qed: Introduce VFs") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit ccd7c7ce167a21dbf2b698ffcf00f11d96d44f9b Author: Alexander Lobakin Date: Tue Jun 23 16:51:32 2020 +0300 net: qed: fix NVMe login fails over VFs 25ms sleep cycles in waiting for PF response are excessive and may lead to different timeout failures. Start to wait with short udelays, and in most cases polling will end here. If the time was not sufficient, switch to msleeps. usleep_range() may go far beyond 100us depending on platform and tick configuration, hence atomic udelays for consistency. Also add explicit DMA barriers since 'done' always comes from a shared request-response DMA pool, and note that in the comment nearby. Fixes: 1408cc1fa48c ("qed: Introduce VFs") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit 4079c7f7a2a00ab403c177ce723b560de59139c3 Author: Alexander Lobakin Date: Tue Jun 23 16:51:31 2020 +0300 net: qede: stop adding events on an already destroyed workqueue Set rdma_wq pointer to NULL after destroying the workqueue and check for it when adding new events to fix crashes on driver unload. Fixes: cee9fbd8e2e9 ("qede: Add qedr framework") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit 31333c1a2521ff4b4ceb0c29de492549cd4a8de3 Author: Alexander Lobakin Date: Tue Jun 23 16:51:30 2020 +0300 net: qed: fix async event callbacks unregistering qed_spq_unregister_async_cb() should be called before qed_rdma_info_free() to avoid crash-spawning uses-after-free. Instead of calling it from each subsystem exit code, do it in one place on PF down. Fixes: 291d57f67d24 ("qed: Fix rdma_info structure allocation") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit 97dd1abd026ae4e6a82fa68645928404ad483409 Author: Alexander Lobakin Date: Tue Jun 23 16:51:29 2020 +0300 net: qed: fix left elements count calculation qed_chain_get_element_left{,_u32} returned 0 when the difference between producer and consumer page count was equal to the total page count. Fix this by conditional expanding of producer value (vs unconditional). This allowed to eliminate normalizaton against total page count, which was the cause of this bug. Misc: replace open-coded constants with common defines. Fixes: a91eb52abb50 ("qed: Revisit chain implementation") Signed-off-by: Alexander Lobakin Signed-off-by: Igor Russkikh Signed-off-by: Michal Kalderon Signed-off-by: David S. Miller commit b4730ae6a443afe611afb4fb651c885c51003c15 Author: Alexander Lobakin Date: Tue Jun 23 10:43:48 2020 +0000 net: ethtool: add missing string for NETIF_F_GSO_TUNNEL_REMCSUM Commit e585f2363637 ("udp: Changes to udp_offload to support remote checksum offload") added new GSO type and a corresponding netdev feature, but missed Ethtool's 'netdev_features_strings' table. Give it a name so it will be exposed to userspace and become available for manual configuration. v3: - decouple from "netdev_features_strings[] cleanup" series; - no functional changes. v2: - don't split the "Fixes:" tag across lines; - no functional changes. Fixes: e585f2363637 ("udp: Changes to udp_offload to support remote checksum offload") Signed-off-by: Alexander Lobakin Signed-off-by: David S. Miller commit 2bcd350285ecbe442d5a1a27c04bd265baf992bb Merge: f7fb92acd9e5 900575aa33a3 Author: David S. Miller Date: Tue Jun 23 14:50:34 2020 -0700 Merge branch 'wg-fixes' Jason A. Donenfeld says: ==================== wireguard fixes for 5.8-rc3 This series contains two fixes, one cosmetic and one quite important: 1) Avoid the `if ((x = f()) == y)` pattern, from Frank Werner-Krippendorf. 2) Mitigate a potential memory leak by creating circular netns references, while also making the netns semantics a bit more robust. Patch (2) has a "Fixes:" line and should be backported to stable. ==================== Signed-off-by: David S. Miller commit 900575aa33a3eaaef802b31de187a85c4a4b4bd0 Author: Jason A. Donenfeld Date: Tue Jun 23 03:59:45 2020 -0600 wireguard: device: avoid circular netns references Before, we took a reference to the creating netns if the new netns was different. This caused issues with circular references, with two wireguard interfaces swapping namespaces. The solution is to rather not take any extra references at all, but instead simply invalidate the creating netns pointer when that netns is deleted. In order to prevent this from happening again, this commit improves the rough object leak tracking by allowing it to account for created and destroyed interfaces, aside from just peers and keys. That then makes it possible to check for the object leak when having two interfaces take a reference to each others' namespaces. Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit 558b353c9c2a717509f291c066c6bd8f5f5e21be Author: Frank Werner-Krippendorf Date: Tue Jun 23 03:59:44 2020 -0600 wireguard: noise: do not assign initiation time in if condition Fixes an error condition reported by checkpatch.pl which caused by assigning a variable in an if condition in wg_noise_handshake_consume_ initiation(). Signed-off-by: Frank Werner-Krippendorf Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller commit f7fb92acd9e5606f6666bb0f9a7240002a6b3ff0 Merge: 26ac10be3c80 7882c895b71b Author: David S. Miller Date: Tue Jun 23 14:38:05 2020 -0700 Merge branch 'bridge-mrp-Update-MRP_PORT_ROLE' Horatiu Vultur says: ==================== bridge: mrp: Update MRP_PORT_ROLE This patch series does the following: - fixes the enum br_mrp_port_role_type. It removes the port role none(0x2) because this is in conflict with the standard. The standard defines the interconnect port role as value 0x2. - adds checks regarding current defined port roles: primary(0x0) and secondary(0x1). v2: - add the validation code when setting the port role. ==================== Signed-off-by: David S. Miller commit 7882c895b71b8cd6c81946fcc8e13d15a2841de7 Author: Horatiu Vultur Date: Tue Jun 23 11:05:41 2020 +0200 bridge: mrp: Validate when setting the port role This patch adds specific checks for primary(0x0) and secondary(0x1) when setting the port role. For any other value the function 'br_mrp_set_port_role' will return -EINVAL. Fixes: 20f6a05ef63594 ("bridge: mrp: Rework the MRP netlink interface") Signed-off-by: Horatiu Vultur Signed-off-by: David S. Miller commit 2464bc7c2897b7549146a743045089d3aea7b85b Author: Horatiu Vultur Date: Tue Jun 23 11:05:40 2020 +0200 bridge: uapi: mrp: Fix MRP_PORT_ROLE Currently the MRP_PORT_ROLE_NONE has the value 0x2 but this is in conflict with the IEC 62439-2 standard. The standard defines the following port roles: primary (0x0), secondary(0x1), interconnect(0x2). Therefore remove the port role none. Fixes: 4714d13791f831 ("bridge: uapi: mrp: Add mrp attributes.") Signed-off-by: Horatiu Vultur Signed-off-by: David S. Miller commit 852f71942ce71fd9a2bb25667bda53afeb97dcb6 Author: Andy Shevchenko Date: Tue Jun 23 12:15:01 2020 +0300 i2c: designware: Adjust bus speed independently of ACPI John Stultz reported that commit f9288fcc5c615 ("i2c: designware: Move ACPI parts into common module") caused a regression on the HiKey board where adv7511 HDMI bridge driver wasn't probing anymore due the I2C bus failed to start. It seems the change caused the bus speed being zero when CONFIG_ACPI not set and neither speed based on "clock-frequency" device property or default fast mode is set. Fix this by splitting i2c_dw_acpi_adjust_bus_speed() to i2c_dw_acpi_round_bus_speed() and i2c_dw_adjust_bus_speed(), where the latter one has the code that runs independently of ACPI. Fixes: f9288fcc5c615 ("i2c: designware: Move ACPI parts into common module") Reported-by: John Stultz Signed-off-by: Andy Shevchenko Acked-by: Jarkko Nikula Tested-by: John Stultz Signed-off-by: Wolfram Sang commit 26e122e97a3d0390ebec389347f64f3730fdf48f Merge: 3e08a95294a4 e4553b4976d1 Author: Linus Torvalds Date: Tue Jun 23 11:01:16 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull kvm fixes from Paolo Bonzini: "All bugfixes except for a couple cleanup patches" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: VMX: Remove vcpu_vmx's defunct copy of host_pkru KVM: x86: allow TSC to differ by NTP correction bounds without TSC scaling KVM: X86: Fix MSR range of APIC registers in X2APIC mode KVM: VMX: Stop context switching MSR_IA32_UMWAIT_CONTROL KVM: nVMX: Plumb L2 GPA through to PML emulation KVM: x86/mmu: Avoid mixing gpa_t with gfn_t in walk_addr_generic() KVM: LAPIC: ensure APIC map is up to date on concurrent update requests kvm: lapic: fix broken vcpu hotplug Revert "KVM: VMX: Micro-optimize vmexit time when not exposing PMU" KVM: VMX: Add helpers to identify interrupt type from intr_info kvm/svm: disable KCSAN for svm_vcpu_run() KVM: MIPS: Fix a build error for !CPU_LOONGSON64 commit b772f07add1c0b22e02c0f1e96f647560679d3a9 Author: Xuan Zhuo Date: Tue Jun 23 19:34:06 2020 +0800 io_uring: fix io_sq_thread no schedule when busy When the user consumes and generates sqe at a fast rate, io_sqring_entries can always get sqe, and ret will not be equal to -EBUSY, so that io_sq_thread will never call cond_resched or schedule, and then we will get the following system error prompt: rcu: INFO: rcu_sched self-detected stall on CPU or watchdog: BUG: soft lockup-CPU#23 stuck for 112s! [io_uring-sq:1863] This patch checks whether need to call cond_resched() by checking the need_resched() function every cycle. Suggested-by: Jens Axboe Signed-off-by: Xuan Zhuo Signed-off-by: Jens Axboe commit 842ec61f4006a6477a9deaedd69131e9f46e4cb5 Author: Maxime Ripard Date: Wed May 13 16:07:24 2020 +0200 drm/sun4i: mixer: Call of_dma_configure if there's an IOMMU The main DRM device is actually a virtual device so it doesn't have the iommus property, which is instead on the DMA masters, in this case the mixers. Add a call to of_dma_configure with the mixers DT node but on the DRM virtual device to configure it in the same way than the mixers. Reviewed-by: Paul Kocialkowski Signed-off-by: Maxime Ripard Link: https://patchwork.freedesktop.org/patch/msgid/9a4daf438dd3f2fe07afb23688bfb793a0613d7d.1589378833.git-series.maxime@cerno.tech (cherry picked from commit b718102dbdfd0285ad559687a30e27cc9124e592) [Maxime: Applied to -fixes since it missed the merge window and display is broken without it] Signed-off-by: Maxime Ripard commit 95a3d8f3af9b0d63b43f221b630beaab9739d13a Author: Zhang Xiaoxu Date: Mon Jun 22 05:30:19 2020 -0400 cifs: Fix double add page to memcg when cifs_readpages When xfstests generic/451, there is an BUG at mm/memcontrol.c: page:ffffea000560f2c0 refcount:2 mapcount:0 mapping:000000008544e0ea index:0xf mapping->aops:cifs_addr_ops dentry name:"tst-aio-dio-cycle-write.451" flags: 0x2fffff80000001(locked) raw: 002fffff80000001 ffffc90002023c50 ffffea0005280088 ffff88815cda0210 raw: 000000000000000f 0000000000000000 00000002ffffffff ffff88817287d000 page dumped because: VM_BUG_ON_PAGE(page->mem_cgroup) page->mem_cgroup:ffff88817287d000 ------------[ cut here ]------------ kernel BUG at mm/memcontrol.c:2659! invalid opcode: 0000 [#1] SMP CPU: 2 PID: 2038 Comm: xfs_io Not tainted 5.8.0-rc1 #44 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_ 073836-buildvm-ppc64le-16.ppc.4 RIP: 0010:commit_charge+0x35/0x50 Code: 0d 48 83 05 54 b2 02 05 01 48 89 77 38 c3 48 c7 c6 78 4a ea ba 48 83 05 38 b2 02 05 01 e8 63 0d9 RSP: 0018:ffffc90002023a50 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff88817287d000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff88817ac97ea0 RDI: ffff88817ac97ea0 RBP: ffffea000560f2c0 R08: 0000000000000203 R09: 0000000000000005 R10: 0000000000000030 R11: ffffc900020237a8 R12: 0000000000000000 R13: 0000000000000001 R14: 0000000000000001 R15: ffff88815a1272c0 FS: 00007f5071ab0800(0000) GS:ffff88817ac80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055efcd5ca000 CR3: 000000015d312000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mem_cgroup_charge+0x166/0x4f0 __add_to_page_cache_locked+0x4a9/0x710 add_to_page_cache_locked+0x15/0x20 cifs_readpages+0x217/0x1270 read_pages+0x29a/0x670 page_cache_readahead_unbounded+0x24f/0x390 __do_page_cache_readahead+0x3f/0x60 ondemand_readahead+0x1f1/0x470 page_cache_async_readahead+0x14c/0x170 generic_file_buffered_read+0x5df/0x1100 generic_file_read_iter+0x10c/0x1d0 cifs_strict_readv+0x139/0x170 new_sync_read+0x164/0x250 __vfs_read+0x39/0x60 vfs_read+0xb5/0x1e0 ksys_pread64+0x85/0xf0 __x64_sys_pread64+0x22/0x30 do_syscall_64+0x69/0x150 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f5071fcb1af Code: Bad RIP value. RSP: 002b:00007ffde2cdb8e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 RAX: ffffffffffffffda RBX: 00007ffde2cdb990 RCX: 00007f5071fcb1af RDX: 0000000000001000 RSI: 000055efcd5ca000 RDI: 0000000000000003 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000001000 R11: 0000000000000293 R12: 0000000000000001 R13: 000000000009f000 R14: 0000000000000000 R15: 0000000000001000 Modules linked in: ---[ end trace 725fa14a3e1af65c ]--- Since commit 3fea5a499d57 ("mm: memcontrol: convert page cache to a new mem_cgroup_charge() API") not cancel the page charge, the pages maybe double add to pagecache: thread1 | thread2 cifs_readpages readpages_get_pages add_to_page_cache_locked(head,index=n)=0 | readpages_get_pages | add_to_page_cache_locked(head,index=n+1)=0 add_to_page_cache_locked(head, index=n+1)=-EEXIST then, will next loop with list head page's index=n+1 and the page->mapping not NULL readpages_get_pages add_to_page_cache_locked(head, index=n+1) commit_charge VM_BUG_ON_PAGE So, we should not do the next loop when any page add to page cache failed. Reported-by: Hulk Robot Signed-off-by: Zhang Xiaoxu Signed-off-by: Steve French Acked-by: Ronnie Sahlberg commit 3e08a95294a4fb3702bb3d35ed08028433c37fe6 Merge: dd0d718152e4 b091f7fede97 Author: Linus Torvalds Date: Tue Jun 23 09:20:11 2020 -0700 Merge tag 'for-5.8-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs fixes from David Sterba: "A number of fixes, located in two areas, one performance fix and one fixup for better integration with another patchset. - bug fixes in nowait aio: - fix snapshot creation hang after nowait-aio was used - fix failure to write to prealloc extent past EOF - don't block when extent range is locked - block group fixes: - relocation failure when scrub runs in parallel - refcount fix when removing fails - fix race between removal and creation - space accounting fixes - reinstante fast path check for log tree at unlink time, fixes performance drop up to 30% in REAIM - kzfree/kfree fixup to ease treewide patchset renaming kzfree" * tag 'for-5.8-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: use kfree() in btrfs_ioctl_get_subvol_info() btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO btrfs: fix RWF_NOWAIT write not failling when we need to cow btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof btrfs: fix hang on snapshot creation after RWF_NOWAIT write btrfs: check if a log root exists before locking the log_mutex on unlink btrfs: fix bytes_may_use underflow when running balance and scrub in parallel btrfs: fix data block group relocation failure due to concurrent scrub btrfs: fix race between block group removal and block group creation btrfs: fix a block group ref counter leak after failure to remove block group commit 0659d4205db4d0225efd8f83291cbacfcdea030c Author: Christophe JAILLET Date: Sun Jun 21 10:18:54 2020 +0200 PM: sleep: core: mark 2 functions as __init to save some memory 'early_resume_init()' and 'late_resume_init() 'are only called respectively via 'early_resume_init' and 'late_resume_init'. They can be marked as __init to save a few bytes of memory. Signed-off-by: Christophe JAILLET [ rjw: Subject edits ] Signed-off-by: Rafael J. Wysocki commit 589bab6bb30c8cd43a7da6dcf43cc3a586cc2e25 Author: Srinivas Pandruvada Date: Fri Jun 12 11:09:57 2020 -0700 cpufreq: intel_pstate: Add one more OOB control bit Add one more bit for OOB (Out Of Band) enabling of P-states. If OOB handling of P-states is enabled, intel_pstate shouldn't load. Currently, only "BIT(8) == 1" of the MSR MSR_MISC_PWR_MGMT is considered as OOB, but "BIT(18) == 1" needs to be taken into consideration as OOB condition too. Signed-off-by: Srinivas Pandruvada [ rjw: Add an empty code line, edit subject and changelog ] Signed-off-by: Rafael J. Wysocki commit 097350d1c6e1f5808cae142006f18a0bbc57018d Author: Steven Rostedt (VMware) Date: Mon Jun 22 15:18:15 2020 -0400 ring-buffer: Zero out time extend if it is nested and not absolute Currently the ring buffer makes events that happen in interrupts that preempt another event have a delta of zero. (Hopefully we can change this soon). But this is to deal with the races of updating a global counter with lockless and nesting functions updating deltas. With the addition of absolute time stamps, the time extend didn't follow this rule. A time extend can happen if two events happen longer than 2^27 nanoseconds appart, as the delta time field in each event is only 27 bits. If that happens, then a time extend is injected with 2^59 bits of nanoseconds to use (18 years). But if the 2^27 nanoseconds happen between two events, and as it is writing the event, an interrupt triggers, it will see the 2^27 difference as well and inject a time extend of its own. But a recent change made the time extend logic not take into account the nesting, and this can cause two time extend deltas to happen moving the time stamp much further ahead than the current time. This gets all reset when the ring buffer moves to the next page, but that can cause time to appear to go backwards. This was observed in a trace-cmd recording, and since the data is saved in a file, with trace-cmd report --debug, it was possible to see that this indeed did happen! bash-52501 110d... 81778.908247: sched_switch: bash:52501 [120] S ==> swapper/110:0 [120] [12770284:0x2e8:64] -0 110d... 81778.908757: sched_switch: swapper/110:0 [120] R ==> bash:52501 [120] [509947:0x32c:64] TIME EXTEND: delta:306454770 length:0 bash-52501 110.... 81779.215212: sched_swap_numa: src_pid=52501 src_tgid=52388 src_ngid=52501 src_cpu=110 src_nid=2 dst_pid=52509 dst_tgid=52388 dst_ngid=52501 dst_cpu=49 dst_nid=1 [0:0x378:48] TIME EXTEND: delta:306458165 length:0 bash-52501 110dNh. 81779.521670: sched_wakeup: migration/110:565 [0] success=1 CPU:110 [0:0x3b4:40] and at the next page, caused the time to go backwards: bash-52504 110d... 81779.685411: sched_switch: bash:52504 [120] S ==> swapper/110:0 [120] [8347057:0xfb4:64] CPU:110 [SUBBUFFER START] [81779379165886:0x1320000] -0 110dN.. 81779.379166: sched_wakeup: bash:52504 [120] success=1 CPU:110 [0:0x10:40] -0 110d... 81779.379167: sched_switch: swapper/110:0 [120] R ==> bash:52504 [120] [1168:0x3c:64] Link: https://lkml.kernel.org/r/20200622151815.345d1bf5@oasis.local.home Cc: Ingo Molnar Cc: Andrew Morton Cc: Tom Zanussi Cc: stable@vger.kernel.org Fixes: dc4e2801d400b ("ring-buffer: Redefine the unimplemented RINGBUF_TYPE_TIME_STAMP") Reported-by: Julia Lawall Signed-off-by: Steven Rostedt (VMware) commit 4dc9b282bf5fc80b1761bac467adf78cd417b777 Author: Mark Brown Date: Fri Jun 19 13:35:50 2020 +0100 arm64: Depend on newer binutils when building PAC Versions of binutils prior to 2.33.1 don't understand the ELF notes that are added by modern compilers to indicate the PAC and BTI options used to build the code. This causes them to emit large numbers of warnings in the form: aarch64-linux-gnu-nm: warning: .tmp_vmlinux.kallsyms2: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0000000 during the kernel build which is currently causing quite a bit of disruption for automated build testing using clang. In commit 15cd0e675f3f76b (arm64: Kconfig: ptrauth: Add binutils version check to fix mismatch) we added a dependency on binutils to avoid this issue when building with versions of GCC that emit the notes but did not do so for clang as it was believed that the existing check for .cfi_negate_ra_state was already requiring a new enough binutils. This does not appear to be the case for some versions of binutils (eg, the binutils in Debian 10) so instead refactor so we require a new enough GNU binutils in all cases other than when we are using an old GCC version that does not emit notes. Other, more exotic, combinations of tools are possible such as using clang, lld and gas together are possible and may have further problems but rather than adding further version checks it looks like the most robust thing will be to just test that we can build cleanly with the configured tools but that will require more review and discussion so do this for now to address the immediate problem disrupting build testing. Reported-by: KernelCI Reported-by: Nick Desaulniers Signed-off-by: Mark Brown Reviewed-by: Nick Desaulniers Link: https://github.com/ClangBuiltLinux/linux/issues/1054 Link: https://lore.kernel.org/r/20200619123550.48098-1-broonie@kernel.org Signed-off-by: Will Deacon commit 81e6737518a1e392ead4e568a4ee70bb7c371458 Author: Chen Yu Date: Tue Jun 23 14:31:31 2020 +0800 PM: s2idle: Clear _TIF_POLLING_NRFLAG before suspend to idle Suspend to idle was found to not work on Goldmont CPU recently. The issue happens due to: 1. On Goldmont the CPU in idle can only be woken up via IPIs, not POLLING mode, due to commit 08e237fa56a1 ("x86/cpu: Add workaround for MONITOR instruction erratum on Goldmont based CPUs") 2. When the CPU is entering suspend to idle process, the _TIF_POLLING_NRFLAG remains on, because cpuidle_enter_s2idle() doesn't match call_cpuidle() exactly. 3. Commit b2a02fc43a1f ("smp: Optimize send_call_function_single_ipi()") makes use of _TIF_POLLING_NRFLAG to avoid sending IPIs to idle CPUs. 4. As a result, some IPIs related functions might not work well during suspend to idle on Goldmont. For example, one suspected victim: tick_unfreeze() -> timekeeping_resume() -> hrtimers_resume() -> clock_was_set() -> on_each_cpu() might wait forever, because the IPIs will not be sent to the CPUs which are sleeping with _TIF_POLLING_NRFLAG set, and Goldmont CPU could not be woken up by only setting _TIF_NEED_RESCHED on the monitor address. To avoid that, clear the _TIF_POLLING_NRFLAG flag before invoking enter_s2idle_proper() in cpuidle_enter_s2idle() in analogy with the call_cpuidle() code flow. Fixes: b2a02fc43a1f ("smp: Optimize send_call_function_single_ipi()") Suggested-by: Peter Zijlstra (Intel) Suggested-by: Rafael J. Wysocki Reported-by: kbuild test robot Signed-off-by: Chen Yu [ rjw: Subject / changelog ] Signed-off-by: Rafael J. Wysocki commit a32a1fc99807244d920d274adc46ba04b538cc8a Author: Macpaul Lin Date: Tue Jun 23 19:03:23 2020 +0800 ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) We've found Samsung USBC Headset (AKG) (VID: 0x04e8, PID: 0xa051) need a tiny delay after each class compliant request. Otherwise the device might not be able to be recognized each times. Signed-off-by: Chihhao Chen Signed-off-by: Macpaul Lin Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/1592910203-24035-1-git-send-email-macpaul.lin@mediatek.com Signed-off-by: Takashi Iwai commit 2d071968a4052e58681ace6488e2625b2a30a7f7 Author: Will Deacon Date: Mon Jun 22 13:13:58 2020 +0100 arm64: compat: Remove 32-bit sigreturn code from the vDSO The sigreturn code in the compat vDSO is unused. Remove it. Reviewed-by: Vincenzo Frascino Reviewed-by: Ard Biesheuvel Reviewed-by: Mark Rutland Signed-off-by: Will Deacon commit 8e411be6aad1387f40d60cb2c11d3260222c590b Author: Will Deacon Date: Mon Jun 22 13:09:49 2020 +0100 arm64: compat: Always use sigpage for sigreturn trampoline The 32-bit sigreturn trampoline in the compat sigpage matches the binary representation of the arch/arm/ sigpage exactly. This is important for debuggers (e.g. GDB) and unwinders (e.g. libunwind) since they rely on matching the instruction sequence in order to identify that they are unwinding through a signal. The same cannot be said for the sigreturn trampoline in the compat vDSO, which defeats the unwinder heuristics and instead attempts to use unwind directives for the unwinding. This is in contrast to arch/arm/, which never uses the vDSO for sigreturn. Ensure compatibility with arch/arm/ and existing unwinders by always using the sigpage for the sigreturn trampoline, regardless of the presence of the compat vDSO. Reviewed-by: Vincenzo Frascino Reviewed-by: Ard Biesheuvel Reviewed-by: Mark Rutland Signed-off-by: Will Deacon commit a39060b009ca0b5b5fe0c0dab85ed437531aab52 Author: Will Deacon Date: Mon Jun 22 12:35:41 2020 +0100 arm64: compat: Allow 32-bit vdso and sigpage to co-exist In preparation for removing the signal trampoline from the compat vDSO, allow the sigpage and the compat vDSO to co-exist. For the moment the vDSO signal trampoline will still be used when built. Subsequent patches will move to the sigpage consistently. Acked-by: Dave Martin Reviewed-by: Vincenzo Frascino Reviewed-by: Ard Biesheuvel Reviewed-by: Mark Rutland Signed-off-by: Will Deacon commit 87676cfca14171fc4c99d96ae2f3e87780488ac4 Author: Will Deacon Date: Mon Jun 22 20:24:22 2020 +0100 arm64: vdso: Disable dwarf unwinding through the sigreturn trampoline Commit 7e9f5e6629f6 ("arm64: vdso: Add --eh-frame-hdr to ldflags") results in a .eh_frame_hdr section for the vDSO, which in turn causes the libgcc unwinder to unwind out of signal handlers using the .eh_frame information populated by our .cfi directives. In conjunction with a4eb355a3fda ("arm64: vdso: Fix CFI directives in sigreturn trampoline"), this has been shown to cause segmentation faults originating from within the unwinder during thread cancellation: | Thread 14 "virtio-net-rx" received signal SIGSEGV, Segmentation fault. | 0x0000000000435e24 in uw_frame_state_for () | (gdb) bt | #0 0x0000000000435e24 in uw_frame_state_for () | #1 0x0000000000436e88 in _Unwind_ForcedUnwind_Phase2 () | #2 0x00000000004374d8 in _Unwind_ForcedUnwind () | #3 0x0000000000428400 in __pthread_unwind (buf=) at unwind.c:121 | #4 0x0000000000429808 in __do_cancel () at ./pthreadP.h:304 | #5 sigcancel_handler (sig=32, si=0xffff33c743f0, ctx=) at nptl-init.c:200 | #6 sigcancel_handler (sig=, si=0xffff33c743f0, ctx=) at nptl-init.c:165 | #7 | #8 futex_wait_cancelable (private=0, expected=0, futex_word=0x3890b708) at ../sysdeps/unix/sysv/linux/futex-internal.h:88 After considerable bashing of heads, it appears that our CFI directives for unwinding out of the sigreturn trampoline are only processed by libgcc when both a .eh_frame_hdr section is present *and* the mysterious NOP is covered by an entry in .eh_frame. With both of these now in place, it has highlighted that our CFI directives are not comprehensive enough to restore the stack pointer of the interrupted context. This results in libgcc falling back to an arm64-specific unwinder after computing a bogus PC value from the unwind tables. The unwinder promptly dereferences this bogus address in an attempt to see if the pointed-to instruction sequence looks like the sigreturn trampoline. Restore the old unwind behaviour, which relied solely on heuristics in the unwinder, by removing the .eh_frame_hdr section from the vDSO and commenting out the insufficient CFI directives for now. Add comments to explain the current, miserable state of affairs. Cc: Tamas Zsoldos Cc: Szabolcs Nagy Cc: Catalin Marinas Cc: Daniel Kiss Acked-by: Dave Martin Reviewed-by: Vincenzo Frascino Reviewed-by: Ard Biesheuvel Reported-by: Ard Biesheuvel Signed-off-by: Will Deacon commit b4c8af4c2a226fc9c25e1decbd26fdab1b0993ee Author: Jan Kundrát Date: Tue Jun 23 09:47:39 2020 +0200 hwmon: (pmbus) Fix page vs. register when accessing fans Commit 16358542f32f ("hwmon: (pmbus) Implement multi-phase support") added support for multi-phase pmbus devices. However, when calling pmbus_add_sensor() for fans, the patch swapped the `page` and `reg` attributes. As a result, the fan speeds were reported as 0 RPM on my device. Signed-off-by: Jan Kundrát Fixes: 16358542f32f ("hwmon: (pmbus) Implement multi-phase support") Cc: stable@vger.kernel.org # v5.7+ Link: https://lore.kernel.org/r/449bc9e6c0e4305581e45905ce9d043b356a9932.1592904387.git.jan.kundrat@cesnet.cz [groeck: Fixed references to offending commit] Signed-off-by: Guenter Roeck commit 26797d8b467b18f7c71cd5fca75d17ae7cd832ab Author: Guenter Roeck Date: Mon Jun 8 07:21:36 2020 -0700 hwmon: (bt1-pvt) Mark is_visible functions static 0-day reports: drivers/hwmon/bt1-pvt.c:303:16: warning: no previous declaration for 'pvt_limit_is_visible' drivers/hwmon/bt1-pvt.c:308:16: warning: no previous declaration for 'pvt_alarm_is_visible' Declare both functions static. Reported-by: kernel test robot Fixes: 87976ce2825d("hwmon: Add Baikal-T1 PVT sensor driver") Cc: Serge Semin Reviewed-by: Serge Semin Signed-off-by: Guenter Roeck commit 332516947ef83343b9bcc7275ff99db392592c94 Author: Serge Semin Date: Wed Jun 3 03:07:53 2020 +0300 hwmon: (bt1-pvt) Define Temp- and Volt-to-N poly as maybe-unused Clang-based kernel building with W=1 warns that some static const variables are unused: drivers/hwmon/bt1-pvt.c:67:30: warning: unused variable 'poly_temp_to_N' [-Wunused-const-variable] static const struct pvt_poly poly_temp_to_N = { ^ drivers/hwmon/bt1-pvt.c:99:30: warning: unused variable 'poly_volt_to_N' [-Wunused-const-variable] static const struct pvt_poly poly_volt_to_N = { ^ Indeed these polynomials are utilized only when the PVT sensor alarms are enabled. In that case they are used to convert the temperature and voltage alarm limits from normal quantities (Volts and degree Celsius) to the sensor data representation N = [0, 1023]. Otherwise when alarms are disabled the driver only does the detected data conversion to the human readable form and doesn't need that polynomials defined. So let's mark the Temp-to-N and Volt-to-N polynomials with __maybe_unused attribute. Note gcc with W=1 doesn't notice the problem. Fixes: 87976ce2825d ("hwmon: Add Baikal-T1 PVT sensor driver") Reported-by: kbuild test robot Signed-off-by: Serge Semin Cc: Maxim Kaurkin Cc: Alexey Malahov Link: https://lore.kernel.org/r/20200603000753.391-1-Sergey.Semin@baikalelectronics.ru Signed-off-by: Guenter Roeck commit 8e36baf97b252cdcafa53589e8227cbb1e85f0b0 Author: Eric Auger Date: Tue Jun 23 14:07:55 2020 +0200 dma-remap: align the size in dma_common_*_remap() Running a guest with a virtio-iommu protecting virtio devices is broken since commit 515e5b6d90d4 ("dma-mapping: use vmap insted of reimplementing it"). Before the conversion, the size was page aligned in __get_vm_area_node(). Doing so fixes the regression. Fixes: 515e5b6d90d4 ("dma-mapping: use vmap insted of reimplementing it") Signed-off-by: Eric Auger Signed-off-by: Christoph Hellwig commit d07ae4c486908615ab336b987c7c367d132fd844 Author: Christoph Hellwig Date: Thu Jun 18 17:23:31 2020 +0200 dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR The dma coherent pool code needs genalloc. Move the select over from DMA_REMAP, which doesn't actually need it. Fixes: dbed452a078d ("dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL") Reported-by: kernel test robot Signed-off-by: Christoph Hellwig Acked-by: David Rientjes commit 1a2b3357e860d890f8045367b179c7e7e802cd71 Author: David Rientjes Date: Thu Jun 11 12:20:32 2020 -0700 dma-direct: add missing set_memory_decrypted() for coherent mapping When a coherent mapping is created in dma_direct_alloc_pages(), it needs to be decrypted if the device requires unencrypted DMA before returning. Fixes: 3acac065508f ("dma-mapping: merge the generic remapping helpers into dma-direct") Signed-off-by: David Rientjes Signed-off-by: Christoph Hellwig commit 827c4913923e0b441ba07ba4cc41e01181102303 Author: Christian Borntraeger Date: Tue Mar 31 05:57:23 2020 -0400 s390/debug: avoid kernel warning on too large number of pages When specifying insanely large debug buffers a kernel warning is printed. The debug code does handle the error gracefully, though. Instead of duplicating the check let us silence the warning to avoid crashes when panic_on_warn is used. Signed-off-by: Christian Borntraeger Reviewed-by: Heiko Carstens Signed-off-by: Heiko Carstens commit 998f5bbe3dbdab81c1cfb1aef7c3892f5d24f6c7 Author: Vasily Gorbik Date: Wed Jun 17 15:05:49 2020 +0200 s390/kasan: fix early pgm check handler execution Currently if early_pgm_check_handler is called it ends up in pgm check loop. The problem is that early_pgm_check_handler is instrumented by KASAN but executed without DAT flag enabled which leads to addressing exception when KASAN checks try to access shadow memory. Fix that by executing early handlers with DAT flag on under KASAN as expected. Reported-and-tested-by: Alexander Egorenkov Reviewed-by: Heiko Carstens Signed-off-by: Vasily Gorbik Signed-off-by: Heiko Carstens commit e64a1618af8566d20991607913a4d90d39b30118 Author: Sven Schnelle Date: Wed Jun 17 17:30:28 2020 +0200 s390: fix system call single stepping When single stepping an svc instruction on s390, the kernel is entered with a PER program check interruption. The program check handler than jumps to the system call handler by reloading the PSW. The code didn't set GPR13 to the thread pointer in struct task_struct. This made the kernel access invalid memory while trying to fetch the syscall function address. Fix this by always assigned GPR13 after .Lsysc_per. Fixes: 0b0ed657fe00 ("s390: remove critical section cleanup from entry.S") Reported-and-tested-by: Christian Borntraeger Signed-off-by: Sven Schnelle Reviewed-by: Heiko Carstens Signed-off-by: Heiko Carstens commit c95c9693b112f312b59c5d100fd09a1349970fab Author: Anson Huang Date: Wed Jun 10 18:03:02 2020 +0800 soc: imx8m: Correct i.MX8MP UID fuse offset Correct i.MX8MP UID fuse offset according to fuse map: UID_LOW: 0x420 UID_HIGH: 0x430 Fixes: fc40200ebf82 ("soc: imx: increase build coverage for imx8m soc driver") Fixes: 18f662a73862 ("soc: imx: Add i.MX8MP SoC driver support") Signed-off-by: Anson Huang Reviewed-by: Iuliana Prodan Signed-off-by: Shawn Guo commit 0d46f69881c34351b6ec523c31225b90ea89ee20 Author: Konrad Dybcio Date: Sat Jun 20 16:46:34 2020 +0200 regulator: qcom_smd: Fix pmi8994 label s3 was mislabeled as s2. Fix it. Signed-off-by: Konrad Dybcio Reviewed-by: Bjorn Andersson Link: https://lore.kernel.org/r/20200620144639.335093-19-konradybcio@gmail.com Signed-off-by: Mark Brown commit a05caf9e62a85d12da27e814ac13195f4683f21c Author: Hans de Goede Date: Sun May 31 11:30:25 2020 +0200 drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 The Acer S1003 has proper DMI strings for sys-vendor and product-name, so we do not need to match by BIOS-date. This means that the Acer S1003 can use the generic lcd800x1280_rightside_up drm_dmi_panel_orientation_data struct which is also used by other quirks. Reviewed-by: Emil Velikov Signed-off-by: Hans de Goede Link: https://patchwork.freedesktop.org/patch/msgid/20200531093025.28050-2-hdegoede@redhat.com commit 6c22bc18a3b93a38018844636557ad02e588e055 Author: Hans de Goede Date: Sun May 31 11:30:24 2020 +0200 drm: panel-orientation-quirks: Add quirk for Asus T101HA panel Like the Asus T100HA the Asus T101HA also uses a panel which has been mounted 90 degrees rotated, albeit in the opposite direction. Add a quirk for this. Reviewed-by: Emil Velikov Signed-off-by: Hans de Goede Link: https://patchwork.freedesktop.org/patch/msgid/20200531093025.28050-1-hdegoede@redhat.com commit a3f574cd65487cd993f79ab235d70229d9302c1e Author: Marc Zyngier Date: Tue Jun 23 10:44:08 2020 +0100 KVM: arm64: vgic-v4: Plug race between non-residency and v4.1 doorbell When making a vPE non-resident because it has hit a blocking WFI, the doorbell can fire at any time after the write to the RD. Crucially, it can fire right between the write to GICR_VPENDBASER and the write to the pending_last field in the its_vpe structure. This means that we would overwrite pending_last with stale data, and potentially not wakeup until some unrelated event (such as a timer interrupt) puts the vPE back on the CPU. GICv4 isn't affected by this as we actively mask the doorbell on entering the guest, while GICv4.1 automatically manages doorbell delivery without any hypervisor-driven masking. Use the vpe_lock to synchronize such update, which solves the problem altogether. Fixes: ae699ad348cdc ("irqchip/gic-v4.1: Move doorbell management to the GICv4 abstraction layer") Reported-by: Zenghui Yu Signed-off-by: Marc Zyngier commit 15217d170a4461c1d4c1ea7c497e1fc1122e42a9 Author: Shengjiu Wang Date: Tue Jun 23 14:01:12 2020 +0800 ASoC: fsl_mqs: Fix unchecked return value for clk_prepare_enable Fix unchecked return value for clk_prepare_enable, add error handler in fsl_mqs_runtime_resume. Fixes: 9e28f6532c61 ("ASoC: fsl_mqs: Add MQS component driver") Signed-off-by: Shengjiu Wang Acked-by: Nicolin Chen Link: https://lore.kernel.org/r/5edd68d03def367d96268f1a9a00bd528ea5aaf2.1592888591.git.shengjiu.wang@nxp.com Signed-off-by: Mark Brown commit adf46113a608d9515801997fc96cbfe8ffa89ed3 Author: Shengjiu Wang Date: Tue Jun 23 14:01:11 2020 +0800 ASoC: fsl_mqs: Don't check clock is NULL before calling clk API Because clk_prepare_enable and clk_disable_unprepare should check input clock parameter is NULL or not internally, then we don't need to check them before calling the function. Fixes: 9e28f6532c61 ("ASoC: fsl_mqs: Add MQS component driver") Signed-off-by: Shengjiu Wang Acked-by: Nicolin Chen Link: https://lore.kernel.org/r/743be216bd504c26e8d45d5ce4a84561b67a122b.1592888591.git.shengjiu.wang@nxp.com Signed-off-by: Mark Brown commit 73094608b8e214952444fb104651704c98a37aeb Author: Christoffer Nielsen Date: Fri Jun 19 13:48:22 2020 +0200 ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S Similar to the Kingston HyperX AMP, the Kingston HyperX Cloud Alpha S (0951:0x16ea) uses two interfaces, but only the second interface contains the capture stream. This patch delays the registration until the second interface appears. Signed-off-by: Christoffer Nielsen Cc: Link: https://lore.kernel.org/r/CAOtG2YHOM3zy+ed9KS-J4HkZo_QGzcUG9MigSp4e4_-13r6B=Q@mail.gmail.com Signed-off-by: Takashi Iwai commit e4553b4976d1178c13da295cb5c7b21f55baf8f9 Author: Sean Christopherson Date: Tue Jun 16 20:41:23 2020 -0700 KVM: VMX: Remove vcpu_vmx's defunct copy of host_pkru Remove vcpu_vmx.host_pkru, which got left behind when PKRU support was moved to common x86 code. No functional change intended. Fixes: 37486135d3a7b ("KVM: x86: Fix pkru save/restore when guest CR4.PKE=0, move it to x86.c") Signed-off-by: Sean Christopherson Message-Id: <20200617034123.25647-1-sean.j.christopherson@intel.com> Reviewed-by: Vitaly Kuznetsov Reviewed-by: Jim Mattson Signed-off-by: Paolo Bonzini commit 26769f96e6231095f6b1cc3090c903280d44bb57 Author: Marcelo Tosatti Date: Tue Jun 16 08:47:41 2020 -0300 KVM: x86: allow TSC to differ by NTP correction bounds without TSC scaling The Linux TSC calibration procedure is subject to small variations (its common to see +-1 kHz difference between reboots on a given CPU, for example). So migrating a guest between two hosts with identical processor can fail, in case of a small variation in calibrated TSC between them. Without TSC scaling, the current kernel interface will either return an error (if user_tsc_khz <= tsc_khz) or enable TSC catchup mode. This change enables the following TSC tolerance check to accept KVM_SET_TSC_KHZ within tsc_tolerance_ppm (which is 250ppm by default). /* * Compute the variation in TSC rate which is acceptable * within the range of tolerance and decide if the * rate being applied is within that bounds of the hardware * rate. If so, no scaling or compensation need be done. */ thresh_lo = adjust_tsc_khz(tsc_khz, -tsc_tolerance_ppm); thresh_hi = adjust_tsc_khz(tsc_khz, tsc_tolerance_ppm); if (user_tsc_khz < thresh_lo || user_tsc_khz > thresh_hi) { pr_debug("kvm: requested TSC rate %u falls outside tolerance [%u,%u]\n", user_tsc_khz, thresh_lo, thresh_hi); use_scaling = 1; } NTP daemon in the guest can correct this difference (NTP can correct upto 500ppm). Signed-off-by: Marcelo Tosatti Message-Id: <20200616114741.GA298183@fuller.cnet> Signed-off-by: Paolo Bonzini commit bf10bd0be53282183f374af23577b18b5fbf7801 Author: Xiaoyao Li Date: Tue Jun 16 15:33:07 2020 +0800 KVM: X86: Fix MSR range of APIC registers in X2APIC mode Only MSR address range 0x800 through 0x8ff is architecturally reserved and dedicated for accessing APIC registers in x2APIC mode. Fixes: 0105d1a52640 ("KVM: x2apic interface to lapic") Signed-off-by: Xiaoyao Li Message-Id: <20200616073307.16440-1-xiaoyao.li@intel.com> Cc: stable@vger.kernel.org Reviewed-by: Sean Christopherson Reviewed-by: Jim Mattson Signed-off-by: Paolo Bonzini commit 5d0136f8e79f8287e6a36780601f0ce797cf11c2 Author: Igor Moura Date: Tue Jun 23 05:11:11 2020 -0300 USB: serial: ch341: add new Product ID for CH340 Add PID for CH340 that's found on some ESP8266 dev boards made by LilyGO. The specific device that contains such serial converter can be seen here: https://github.com/LilyGO/LILYGO-T-OI. Apparently, it's a regular CH340, but I've confirmed with others that also bought this board that the PID found on this device (0x7522) differs from other devices with the "same" converter (0x7523). Simply adding its PID to the driver and rebuilding it made it work as expected. Signed-off-by: Igor Moura Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold commit dc7bd30b97aac8a97eccef0ffe31f6cefb6e2c3e Author: Felix Fietkau Date: Mon Jun 22 17:07:16 2020 +0200 mt76: mt7615: fix EEPROM buffer size Avoid adding MT7615_EEPROM_SIZE twice. Rename MT7615_EEPROM_EXTRA_DATA to MT7615_EEPROM_FULL_SIZE, since it already includes MT7615_EEPROM_SIZE Fixes: ad380ad1ebbe ("mt76: mt7615: add support for applying DC offset calibration from EEPROM") Signed-off-by: Felix Fietkau Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20200622150716.49622-1-nbd@nbd.name commit b1e79d105516fb96c39eb8a780936b87bae8e3e1 Author: Lorenzo Bianconi Date: Sun Jun 21 18:03:38 2020 +0200 mt76: mt7663u: fix memory leaks in mt7663u_probe Fix the two following memory leaks in mt7663u_probe: 1- if device power-own times out, remove ieee80211 hw device. 2- if mt76u queues allocation fails, remove pending urbs. Fixes: eb99cc95c3b65 ("mt76: mt7615: introduce mt7663u support") Signed-off-by: Lorenzo Bianconi Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/e4098f0c8a9ac51997de07f38c2bcdf7042d6db1.1592755166.git.lorenzo@kernel.org commit 4ac668a3b8c9d3477a3fe162c1cfeb867dd65de8 Author: Felix Fietkau Date: Mon Jun 15 20:13:41 2020 +0200 mt76: mt76x02: do not access uninitialized NAPI structs Fixes a crash on MMIO devices when running into the watchdog reset Fixes: d3377b78cec6 ("mt76: add HE phy modes and hardware queue") Signed-off-by: Felix Fietkau Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20200615181341.81871-1-nbd@nbd.name commit 6247c3b0779c16894bf2f25cbaf613fa3258d1ce Merge: ea0cca61d628 7f88314321e2 Author: Kalle Valo Date: Tue Jun 23 11:39:21 2020 +0300 Merge tag 'mt76-for-kvalo-2020-06-07' of https://github.com/nbd168/wireless mt76 patches for 5.8 * tx queueing fixes for mt7615/22/63 * locking fix # gpg: Signature made Sun 07 Jun 2020 06:17:47 PM EEST using DSA key ID 02A76EF5 # gpg: Good signature from "Felix Fietkau " # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 75D1 1A7D 91A7 710F 4900 42EF D77D 141D 02A7 6EF5 commit ea0cca61d628662e4a1b26c77c7646f9a0257069 Author: Jiri Slaby Date: Fri Jun 12 09:38:00 2020 +0200 iwlwifi: fix crash in iwl_dbg_tlv_alloc_trigger The tlv passed to iwl_dbg_tlv_alloc_trigger comes from a loaded firmware file. The memory can be marked as read-only as firmware could be shared. In anyway, writing to this memory is not expected. So, iwl_dbg_tlv_alloc_trigger can crash now: BUG: unable to handle page fault for address: ffffae2c01bfa794 PF: supervisor write access in kernel mode PF: error_code(0x0003) - permissions violation PGD 107d51067 P4D 107d51067 PUD 107d52067 PMD 659ad2067 PTE 8000000662298161 CPU: 2 PID: 161 Comm: kworker/2:1 Not tainted 5.7.0-3.gad96a07-default #1 openSUSE Tumbleweed (unreleased) RIP: 0010:iwl_dbg_tlv_alloc_trigger+0x25/0x60 [iwlwifi] Code: eb f2 0f 1f 00 66 66 66 66 90 83 7e 04 33 48 89 f8 44 8b 46 10 48 89 f7 76 40 41 8d 50 ff 83 fa 19 77 23 8b 56 20 85 d2 75 07 46 20 ff ff ff ff 4b 8d 14 40 48 c1 e2 04 48 8d b4 10 00 05 00 RSP: 0018:ffffae2c00417ce8 EFLAGS: 00010246 RAX: ffff8f0522334018 RBX: ffff8f0522334018 RCX: ffffffffc0fc26c0 RDX: 0000000000000000 RSI: ffffae2c01bfa774 RDI: ffffae2c01bfa774 RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000000001 R10: 0000000000000034 R11: ffffae2c01bfa77c R12: ffff8f0522334230 R13: 0000000001000009 R14: ffff8f0523fdbc00 R15: ffff8f051f395800 FS: 0000000000000000(0000) GS:ffff8f0527c80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffae2c01bfa794 CR3: 0000000389eba000 CR4: 00000000000006e0 Call Trace: iwl_dbg_tlv_alloc+0x79/0x120 [iwlwifi] iwl_parse_tlv_firmware.isra.0+0x57d/0x1550 [iwlwifi] iwl_req_fw_callback+0x3f8/0x6a0 [iwlwifi] request_firmware_work_func+0x47/0x90 process_one_work+0x1e3/0x3b0 worker_thread+0x46/0x340 kthread+0x115/0x140 ret_from_fork+0x1f/0x40 As can be seen, write bit is not set in the PTE. Read of trig->occurrences succeeds in iwl_dbg_tlv_alloc_trigger, but trig->occurrences = cpu_to_le32(-1); fails there, obviously. This is likely because we (at SUSE) use compressed firmware and that is marked as RO after decompression (see fw_map_paged_buf). Fix it by creating a temporary buffer in case we need to change the memory. Signed-off-by: Jiri Slaby Reported-by: Dieter Nützel Tested-by: Dieter Nützel Cc: Johannes Berg Cc: Emmanuel Grumbach Cc: Luca Coelho Cc: Intel Linux Wireless Cc: Kalle Valo Cc: "David S. Miller" Cc: Jakub Kicinski Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20200612073800.27742-1-jslaby@suse.cz commit fbb1461ad1d6eacca9beb69a2f3ce1b5398d399b Author: Johannes Berg Date: Fri Apr 3 11:29:55 2020 +0300 iwlwifi: mvm: don't call iwl_mvm_free_inactive_queue() under RCU iwl_mvm_free_inactive_queue() will sleep in synchronize_net() under some circumstances, so don't call it under RCU. There doesn't appear to be a need for RCU protection around this particular call. Cc: stable@vger.kernel.org # v5.4+ Signed-off-by: Johannes Berg Signed-off-by: Luca Coelho Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/iwlwifi.20200403112332.0f49448c133d.I17fd308bc4a9491859c9b112f4eb5d2c3fc18d7d@changeid commit 48f0bcfb7aad2c6eb4c1e66476b58475aa14393e Author: Lu Baolu Date: Tue Jun 23 07:13:45 2020 +0800 iommu/vt-d: Fix misuse of iommu_domain_identity_map() The iommu_domain_identity_map() helper takes start/end PFN as arguments. Fix a misuse case where the start and end addresses are passed. Fixes: e70b081c6f376 ("iommu/vt-d: Remove IOVA handling code from the non-dma_ops path") Reported-by: Alex Williamson Signed-off-by: Lu Baolu Reviewed-by: Jerry Snitselaar Cc: Tom Murphy Link: https://lore.kernel.org/r/20200622231345.29722-7-baolu.lu@linux.intel.com Signed-off-by: Joerg Roedel commit 04c00956ee3cd138fd38560a91452a804a8c5550 Author: Lu Baolu Date: Tue Jun 23 07:13:44 2020 +0800 iommu/vt-d: Update scalable mode paging structure coherency The Scalable-mode Page-walk Coherency (SMPWC) field in the VT-d extended capability register indicates the hardware coherency behavior on paging structures accessed through the pasid table entry. This is ignored in current code and using ECAP.C instead which is only valid in legacy mode. Fix this so that paging structure updates could be manually flushed from the cache line if hardware page walking is not snooped. Fixes: 765b6a98c1de3 ("iommu/vt-d: Enumerate the scalable mode capability") Signed-off-by: Lu Baolu Cc: Ashok Raj Cc: Kevin Tian Cc: Jacob Pan Link: https://lore.kernel.org/r/20200622231345.29722-6-baolu.lu@linux.intel.com Signed-off-by: Joerg Roedel commit 50310600ebda74b9988467e2e6128711c7ba56fc Author: Lu Baolu Date: Tue Jun 23 07:13:43 2020 +0800 iommu/vt-d: Enable PCI ACS for platform opt in hint PCI ACS is disabled if Intel IOMMU is off by default or intel_iommu=off is used in command line. Unfortunately, Intel IOMMU will be forced on if there're devices sitting on an external facing PCI port that is marked as untrusted (for example, thunderbolt peripherals). That means, PCI ACS is disabled while Intel IOMMU is forced on to isolate those devices. As the result, the devices of an MFD will be grouped by a single group even the ACS is supported on device. [ 0.691263] pci 0000:00:07.1: Adding to iommu group 3 [ 0.691277] pci 0000:00:07.2: Adding to iommu group 3 [ 0.691292] pci 0000:00:07.3: Adding to iommu group 3 Fix it by requesting PCI ACS when Intel IOMMU is detected with platform opt in hint. Fixes: 89a6079df791a ("iommu/vt-d: Force IOMMU on for platform opt in hint") Co-developed-by: Lalithambika Krishnakumar Signed-off-by: Lalithambika Krishnakumar Signed-off-by: Lu Baolu Reviewed-by: Mika Westerberg Cc: Mika Westerberg Cc: Ashok Raj Link: https://lore.kernel.org/r/20200622231345.29722-5-baolu.lu@linux.intel.com Signed-off-by: Joerg Roedel commit 67e8a5b18d41af9298db5c17193f671f235cce01 Author: Rajat Jain Date: Tue Jun 23 07:13:42 2020 +0800 iommu/vt-d: Don't apply gfx quirks to untrusted devices Currently, an external malicious PCI device can masquerade the VID:PID of faulty gfx devices, and thus apply iommu quirks to effectively disable the IOMMU restrictions for itself. Thus we need to ensure that the device we are applying quirks to, is indeed an internal trusted device. Signed-off-by: Rajat Jain Reviewed-by: Ashok Raj Reviewed-by: Mika Westerberg Acked-by: Lu Baolu Link: https://lore.kernel.org/r/20200622231345.29722-4-baolu.lu@linux.intel.com Signed-off-by: Joerg Roedel commit 16ecf10e815d70d11d2300243f4a3b4c7c5acac7 Author: Lu Baolu Date: Tue Jun 23 07:13:41 2020 +0800 iommu/vt-d: Set U/S bit in first level page table by default When using first-level translation for IOVA, currently the U/S bit in the page table is cleared which implies DMA requests with user privilege are blocked. As the result, following error messages might be observed when passing through a device to user level: DMAR: DRHD: handling fault status reg 3 DMAR: [DMA Read] Request device [41:00.0] PASID 1 fault addr 7ecdcd000 [fault reason 129] SM: U/S set 0 for first-level translation with user privilege This fixes it by setting U/S bit in the first level page table and makes IOVA over first level compatible with previous second-level translation. Fixes: b802d070a52a1 ("iommu/vt-d: Use iova over first level") Reported-by: Xin Zeng Signed-off-by: Lu Baolu Link: https://lore.kernel.org/r/20200622231345.29722-3-baolu.lu@linux.intel.com Signed-off-by: Joerg Roedel commit 9486727f5981a5ec5c0b699fb1777451bd6786e4 Author: Lu Baolu Date: Tue Jun 23 07:13:40 2020 +0800 iommu/vt-d: Make Intel SVM code 64-bit only Current Intel SVM is designed by setting the pgd_t of the processor page table to FLPTR field of the PASID entry. The first level translation only supports 4 and 5 level paging structures, hence it's infeasible for the IOMMU to share a processor's page table when it's running in 32-bit mode. Let's disable 32bit support for now and claim support only when all the missing pieces are ready in the future. Fixes: 1c4f88b7f1f92 ("iommu/vt-d: Shared virtual address in scalable mode") Suggested-by: Joerg Roedel Signed-off-by: Lu Baolu Link: https://lore.kernel.org/r/20200622231345.29722-2-baolu.lu@linux.intel.com Signed-off-by: Joerg Roedel commit 08d4ef5cc9203a113702f24725f6cf4db476c958 Author: Jörgen Storvist Date: Tue Jun 23 00:13:59 2020 +0200 USB: serial: option: add GosunCn GM500 series Add USB IDs for GosunCn GM500 series cellular modules. RNDIS config: usb-devices T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 12 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=305a ProdID=1404 Rev=03.18 S: Manufacturer=Android S: Product=Android S: SerialNumber= C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#=0x0 Alt= 0 #EPs= 1 Cls=e0(wlcon) Sub=01 Prot=03 Driver=rndis_host I: If#=0x1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host I: If#=0x2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option I: If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option MBIM config: usb-devices T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 11 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=305a ProdID=1405 Rev=03.18 S: Manufacturer=Android S: Product=Android S: SerialNumber= C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#=0x0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option I: If#=0x1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#=0x3 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim I: If#=0x4 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim ECM config: usb-devices T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 13 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=305a ProdID=1406 Rev=03.18 S: Manufacturer=Android S: Product=Android S: SerialNumber= C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#=0x0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option I: If#=0x1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#=0x3 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether I: If#=0x4 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether Signed-off-by: Jörgen Storvist Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold commit 5c45d04c5081c1830d674f4d22d4400ea2083afe Author: James Hilliard Date: Tue Jun 16 16:04:03 2020 -0600 USB: serial: cypress_m8: enable Simply Automated UPB PIM This is a UPB (Universal Powerline Bus) PIM (Powerline Interface Module) which allows for controlling multiple UPB compatible devices from Linux using the standard serial interface. Based on vendor application source code there are two different models of USB based PIM devices in addition to a number of RS232 based PIM's. The vendor UPB application source contains the following USB ID's: #define USB_PCS_VENDOR_ID 0x04b4 #define USB_PCS_PIM_PRODUCT_ID 0x5500 #define USB_SAI_VENDOR_ID 0x17dd #define USB_SAI_PIM_PRODUCT_ID 0x5500 The first set of ID's correspond to the PIM variant sold by Powerline Control Systems while the second corresponds to the Simply Automated Incorporated PIM. As the product ID for both of these match the default cypress HID->COM RS232 product ID it assumed that they both use an internal variant of this HID->COM RS232 converter hardware. However as the vendor ID for the Simply Automated variant is different we need to also add it to the cypress_M8 driver so that it is properly detected. Signed-off-by: James Hilliard Link: https://lore.kernel.org/r/20200616220403.1807003-1-james.hilliard1@gmail.com Cc: stable@vger.kernel.org [ johan: amend VID define entry ] Signed-off-by: Johan Hovold commit 8c289ea064165237891a7b4be77b74d5cba8fa99 Author: Alexander Usyskin Date: Fri Jun 19 19:51:21 2020 +0300 mei: me: add tiger lake point device ids for H platforms. Add Tiger Lake device ids H for HECI1. TGH_H is also used in Tatlow SPS platform we need to disable the mei interface there. Cc: Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Link: https://lore.kernel.org/r/20200619165121.2145330-7-tomas.winkler@intel.com Signed-off-by: Greg Kroah-Hartman commit f76d77f50b343bc7f7d01e4c2771d43fb074f617 Author: Tomas Winkler Date: Fri Jun 19 19:51:15 2020 +0300 mei: me: disable mei interface on Mehlow server platforms For SPS firmware versions 5.0 and newer the way detection has changed. The detection is done now via PCI_CFG_HFS_3 register. To prevent conflict the previous method will get sps_4 suffix Disable both CNP_H and CNP_H_3 interfaces. CNP_H_3 requires a separate configuration as it doesn't support DMA. Cc: Signed-off-by: Tomas Winkler Link: https://lore.kernel.org/r/20200619165121.2145330-1-tomas.winkler@intel.com Signed-off-by: Greg Kroah-Hartman commit d35d3660e065b69fdb8bf512f3d899f350afce52 Author: Todd Kjos Date: Mon Jun 22 13:07:15 2020 -0700 binder: fix null deref of proc->context The binder driver makes the assumption proc->context pointer is invariant after initialization (as documented in the kerneldoc header for struct proc). However, in commit f0fe2c0f050d ("binder: prevent UAF for binderfs devices II") proc->context is set to NULL during binder_deferred_release(). Another proc was in the middle of setting up a transaction to the dying process and crashed on a NULL pointer deref on "context" which is a local set to &proc->context: new_ref->data.desc = (node == context->binder_context_mgr_node) ? 0 : 1; Here's the stack: [ 5237.855435] Call trace: [ 5237.855441] binder_get_ref_for_node_olocked+0x100/0x2ec [ 5237.855446] binder_inc_ref_for_node+0x140/0x280 [ 5237.855451] binder_translate_binder+0x1d0/0x388 [ 5237.855456] binder_transaction+0x2228/0x3730 [ 5237.855461] binder_thread_write+0x640/0x25bc [ 5237.855466] binder_ioctl_write_read+0xb0/0x464 [ 5237.855471] binder_ioctl+0x30c/0x96c [ 5237.855477] do_vfs_ioctl+0x3e0/0x700 [ 5237.855482] __arm64_sys_ioctl+0x78/0xa4 [ 5237.855488] el0_svc_common+0xb4/0x194 [ 5237.855493] el0_svc_handler+0x74/0x98 [ 5237.855497] el0_svc+0x8/0xc The fix is to move the kfree of the binder_device to binder_free_proc() so the binder_device is freed when we know there are no references remaining on the binder_proc. Fixes: f0fe2c0f050d ("binder: prevent UAF for binderfs devices II") Acked-by: Christian Brauner Signed-off-by: Todd Kjos Cc: stable Link: https://lore.kernel.org/r/20200622200715.114382-1-tkjos@google.com Signed-off-by: Greg Kroah-Hartman commit 26ac10be3c80a26d03c950b7387c4b9566c260b6 Author: Aiden Leong Date: Mon Jun 22 20:04:58 2020 -0700 GUE: Fix a typo Fix a typo in gue.h Signed-off-by: Aiden Leong Signed-off-by: David S. Miller commit b562f58bbc12444219b74a5d6524977a3d87a022 Author: Geliang Tang Date: Mon Jun 22 19:45:58 2020 +0800 mptcp: drop sndr_key in mptcp_syn_options In RFC 8684, we don't need to send sndr_key in SYN package anymore, so drop it. Fixes: cc7972ea1932 ("mptcp: parse and emit MP_CAPABLE option according to v1 spec") Signed-off-by: Geliang Tang Reviewed-by: Matthieu Baerts Signed-off-by: David S. Miller commit 21a739c64d3e9871186483a0cc3e7b52638c3d59 Author: Gaurav Singh Date: Sun Jun 21 11:30:17 2020 -0400 ethtool: Fix check in ethtool_rx_flow_rule_create Fix check in ethtool_rx_flow_rule_create Fixes: eca4205f9ec3 ("ethtool: add ethtool_rx_flow_spec to flow_rule structure translator") Signed-off-by: Gaurav Singh Signed-off-by: David S. Miller commit de0083c7ed7dba036d1ed6e012157649d45313c8 Author: Taehee Yoo Date: Sun Jun 21 13:46:25 2020 +0000 hsr: avoid to create proc file after unregister When an interface is being deleted, "/proc/net/dev_snmp6/" is deleted. The function for this is addrconf_ifdown() in the addrconf_notify() and it is called by notification, which is NETDEV_UNREGISTER. But, if NETDEV_CHANGEMTU is triggered after NETDEV_UNREGISTER, this proc file will be created again. This recreated proc file will be deleted by netdev_wati_allrefs(). Before netdev_wait_allrefs() is called, creating a new HSR interface routine can be executed and It tries to create a proc file but it will find an un-deleted proc file. At this point, it warns about it. To avoid this situation, it can use ->dellink() instead of ->ndo_uninit() to release resources because ->dellink() is called before NETDEV_UNREGISTER. So, a proc file will not be recreated. Test commands ip link add dummy0 type dummy ip link add dummy1 type dummy ip link set dummy0 mtu 1300 #SHELL1 while : do ip link add hsr0 type hsr slave1 dummy0 slave2 dummy1 done #SHELL2 while : do ip link del hsr0 done Splat looks like: [ 9888.980852][ T2752] proc_dir_entry 'dev_snmp6/hsr0' already registered [ 9888.981797][ C2] WARNING: CPU: 2 PID: 2752 at fs/proc/generic.c:372 proc_register+0x2d5/0x430 [ 9888.981798][ C2] Modules linked in: hsr dummy veth openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6x [ 9888.981814][ C2] CPU: 2 PID: 2752 Comm: ip Tainted: G W 5.8.0-rc1+ #616 [ 9888.981815][ C2] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 9888.981816][ C2] RIP: 0010:proc_register+0x2d5/0x430 [ 9888.981818][ C2] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 65 01 00 00 49 8b b5 e0 00 00 00 48 89 ea 40 [ 9888.981819][ C2] RSP: 0018:ffff8880628dedf0 EFLAGS: 00010286 [ 9888.981821][ C2] RAX: dffffc0000000008 RBX: ffff888028c69170 RCX: ffffffffaae09a62 [ 9888.981822][ C2] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88806c9f75ac [ 9888.981823][ C2] RBP: ffff888028c693f4 R08: ffffed100d9401bd R09: ffffed100d9401bd [ 9888.981824][ C2] R10: ffffffffaddf406f R11: 0000000000000001 R12: ffff888028c69308 [ 9888.981825][ C2] R13: ffff8880663584c8 R14: dffffc0000000000 R15: ffffed100518d27e [ 9888.981827][ C2] FS: 00007f3876b3b0c0(0000) GS:ffff88806c800000(0000) knlGS:0000000000000000 [ 9888.981828][ C2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9888.981829][ C2] CR2: 00007f387601a8c0 CR3: 000000004101a002 CR4: 00000000000606e0 [ 9888.981830][ C2] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 9888.981831][ C2] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 9888.981832][ C2] Call Trace: [ 9888.981833][ C2] ? snmp6_seq_show+0x180/0x180 [ 9888.981834][ C2] proc_create_single_data+0x7c/0xa0 [ 9888.981835][ C2] snmp6_register_dev+0xb0/0x130 [ 9888.981836][ C2] ipv6_add_dev+0x4b7/0xf60 [ 9888.981837][ C2] addrconf_notify+0x684/0x1ca0 [ 9888.981838][ C2] ? __mutex_unlock_slowpath+0xd0/0x670 [ 9888.981839][ C2] ? kasan_unpoison_shadow+0x30/0x40 [ 9888.981840][ C2] ? wait_for_completion+0x250/0x250 [ 9888.981841][ C2] ? inet6_ifinfo_notify+0x100/0x100 [ 9888.981842][ C2] ? dropmon_net_event+0x227/0x410 [ 9888.981843][ C2] ? notifier_call_chain+0x90/0x160 [ 9888.981844][ C2] ? inet6_ifinfo_notify+0x100/0x100 [ 9888.981845][ C2] notifier_call_chain+0x90/0x160 [ 9888.981846][ C2] register_netdevice+0xbe5/0x1070 [ ... ] Reported-by: syzbot+1d51c8b74efa4c44adeb@syzkaller.appspotmail.com Fixes: e0a4b99773d3 ("hsr: use upper/lower device infrastructure") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit d22a16cc92e04d053fd807ef3587e4f135e4206f Author: Frieder Schrempf Date: Thu May 28 14:43:43 2020 +0000 ARM: dts: imx6ul-kontron: Change WDOG_ANY signal from push-pull to open-drain The WDOG_ANY signal is connected to the RESET_IN signal of the SoM and baseboard. It is currently configured as push-pull, which means that if some external device like a programmer wants to assert the RESET_IN signal by pulling it to ground, it drives against the high level WDOG_ANY output of the SoC. To fix this we set the WDOG_ANY signal to open-drain configuration. That way we make sure that the RESET_IN can be asserted by the watchdog as well as by external devices. Fixes: 1ea4b76cdfde ("ARM: dts: imx6ul-kontron-n6310: Add Kontron i.MX6UL N6310 SoM and boards") Cc: stable@vger.kernel.org Signed-off-by: Frieder Schrempf Signed-off-by: Shawn Guo commit 04a2c05179b732a4c097f0a9c701ef4c9a37e1e3 Author: Frieder Schrempf Date: Thu May 28 14:43:42 2020 +0000 ARM: dts: imx6ul-kontron: Move watchdog from Kontron i.MX6UL/ULL board to SoM The watchdog's WDOG_ANY signal is used to trigger a POR of the SoC, if a soft reset is issued. As the SoM hardware connects the WDOG_ANY and the POR signals, the watchdog node itself and the pin configuration should be part of the common SoM devicetree. Let's move it from the baseboard's devicetree to its proper place. Fixes: 1ea4b76cdfde ("ARM: dts: imx6ul-kontron-n6310: Add Kontron i.MX6UL N6310 SoM and boards") Cc: stable@vger.kernel.org Signed-off-by: Frieder Schrempf Signed-off-by: Shawn Guo commit c7f87f3984cfa1e6d32806a715f35c5947ad9c09 Author: Dave Chinner Date: Tue Jun 16 08:57:43 2020 -0700 xfs: fix use-after-free on CIL context on shutdown xlog_wait() on the CIL context can reference a freed context if the waiter doesn't get scheduled before the CIL context is freed. This can happen when a task is on the hard throttle and the CIL push aborts due to a shutdown. This was detected by generic/019: thread 1 thread 2 __xfs_trans_commit xfs_log_commit_cil xlog_wait schedule xlog_cil_push_work wake_up_all xlog_cil_committed kmem_free remove_wait_queue spin_lock_irqsave --> UAF Fix it by moving the wait queue to the CIL rather than keeping it in in the CIL context that gets freed on push completion. Because the wait queue is now independent of the CIL context and we might have multiple contexts in flight at once, only wake the waiters on the push throttle when the context we are pushing is over the hard throttle size threshold. Fixes: 0e7ab7efe7745 ("xfs: Throttle commits on delayed background CIL push") Reported-by: Yu Kuai Signed-off-by: Dave Chinner Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig commit bf09fb6cba4f7099620cc9ed32d94c27c4af992e Author: Sean Christopherson Date: Mon Jun 22 17:51:35 2020 -0700 KVM: VMX: Stop context switching MSR_IA32_UMWAIT_CONTROL Remove support for context switching between the guest's and host's desired UMWAIT_CONTROL. Propagating the guest's value to hardware isn't required for correct functionality, e.g. KVM intercepts reads and writes to the MSR, and the latency effects of the settings controlled by the MSR are not architecturally visible. As a general rule, KVM should not allow the guest to control power management settings unless explicitly enabled by userspace, e.g. see KVM_CAP_X86_DISABLE_EXITS. E.g. Intel's SDM explicitly states that C0.2 can improve the performance of SMT siblings. A devious guest could disable C0.2 so as to improve the performance of their workloads at the detriment to workloads running in the host or on other VMs. Wholesale removal of UMWAIT_CONTROL context switching also fixes a race condition where updates from the host may cause KVM to enter the guest with the incorrect value. Because updates are are propagated to all CPUs via IPI (SMP function callback), the value in hardware may be stale with respect to the cached value and KVM could enter the guest with the wrong value in hardware. As above, the guest can't observe the bad value, but it's a weird and confusing wart in the implementation. Removal also fixes the unnecessary usage of VMX's atomic load/store MSR lists. Using the lists is only necessary for MSRs that are required for correct functionality immediately upon VM-Enter/VM-Exit, e.g. EFER on old hardware, or for MSRs that need to-the-uop precision, e.g. perf related MSRs. For UMWAIT_CONTROL, the effects are only visible in the kernel via TPAUSE/delay(), and KVM doesn't do any form of delay in vcpu_vmx_run(). Using the atomic lists is undesirable as they are more expensive than direct RDMSR/WRMSR. Furthermore, even if giving the guest control of the MSR is legitimate, e.g. in pass-through scenarios, it's not clear that the benefits would outweigh the overhead. E.g. saving and restoring an MSR across a VMX roundtrip costs ~250 cycles, and if the guest diverged from the host that cost would be paid on every run of the guest. In other words, if there is a legitimate use case then it should be enabled by a new per-VM capability. Note, KVM still needs to emulate MSR_IA32_UMWAIT_CONTROL so that it can correctly expose other WAITPKG features to the guest, e.g. TPAUSE, UMWAIT and UMONITOR. Fixes: 6e3ba4abcea56 ("KVM: vmx: Emulate MSR IA32_UMWAIT_CONTROL") Cc: stable@vger.kernel.org Cc: Jingqi Liu Cc: Tao Xu Signed-off-by: Sean Christopherson Message-Id: <20200623005135.10414-1-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit b835a71ef64a61383c414d6bf2896d2c0161deca Author: Tuomas Tynkkynen Date: Sun Jun 21 13:43:26 2020 +0300 usbnet: smsc95xx: Fix use-after-free after removal Syzbot reports an use-after-free in workqueue context: BUG: KASAN: use-after-free in mutex_unlock+0x19/0x40 kernel/locking/mutex.c:737 mutex_unlock+0x19/0x40 kernel/locking/mutex.c:737 __smsc95xx_mdio_read drivers/net/usb/smsc95xx.c:217 [inline] smsc95xx_mdio_read+0x583/0x870 drivers/net/usb/smsc95xx.c:278 check_carrier+0xd1/0x2e0 drivers/net/usb/smsc95xx.c:644 process_one_work+0x777/0xf90 kernel/workqueue.c:2274 worker_thread+0xa8f/0x1430 kernel/workqueue.c:2420 kthread+0x2df/0x300 kernel/kthread.c:255 It looks like that smsc95xx_unbind() is freeing the structures that are still in use by the concurrently running workqueue callback. Thus switch to using cancel_delayed_work_sync() to ensure the work callback really is no longer active. Reported-by: syzbot+29dc7d4ae19b703ff947@syzkaller.appspotmail.com Signed-off-by: Tuomas Tynkkynen Signed-off-by: David S. Miller commit f3fe412b0a634286a6a3753c3f9ff201e6bec716 Author: Ido Schimmel Date: Sun Jun 21 11:29:17 2020 +0300 mlxsw: spectrum: Do not rely on machine endianness The second commit cited below performed a cast of 'u32 buffsize' to '(u16 *)' when calling mlxsw_sp_port_headroom_8x_adjust(): mlxsw_sp_port_headroom_8x_adjust(mlxsw_sp_port, (u16 *) &buffsize); Colin noted that this will behave differently on big endian architectures compared to little endian architectures. Fix this by following Colin's suggestion and have the function accept and return 'u32' instead of passing the current size by reference. Fixes: da382875c616 ("mlxsw: spectrum: Extend to support Spectrum-3 ASIC") Fixes: 60833d54d56c ("mlxsw: spectrum: Adjust headroom buffers for 8x ports") Signed-off-by: Ido Schimmel Reported-by: Colin Ian King Suggested-by: Colin Ian King Signed-off-by: David S. Miller commit 6d61f483f148b856d47a6c96d5d84054d5a9f849 Author: Dejin Zheng Date: Sat Jun 20 22:55:34 2020 +0800 net: phy: smsc: fix printing too many logs Commit 7ae7ad2f11ef47 ("net: phy: smsc: use phy_read_poll_timeout() to simplify the code") will print a lot of logs as follows when Ethernet cable is not connected: [ 4.473105] SMSC LAN8710/LAN8720 2188000.ethernet-1:00: lan87xx_read_status failed: -110 When wait 640 ms for check ENERGYON bit, the timeout should not be regarded as an actual error and an error message also should not be printed. due to a hardware bug in LAN87XX device, it leads to unstable detection of plugging in Ethernet cable when LAN87xx is in Energy Detect Power-Down mode. the workaround for it involves, when the link is down, and at each read_status() call: - disable EDPD mode, forcing the PHY out of low-power mode - waiting 640ms to see if we have any energy detected from the media - re-enable entry to EDPD mode This is presumably enough to allow the PHY to notice that a cable is connected, and resume normal operations to negotiate with the partner. The problem is that when no media is detected, the 640ms wait times out and this commit was modified to prints an error message. it is an inappropriate conversion by used phy_read_poll_timeout() to introduce this bug. so fix this issue by use read_poll_timeout() to replace phy_read_poll_timeout(). Fixes: 7ae7ad2f11ef47 ("net: phy: smsc: use phy_read_poll_timeout() to simplify the code") Reported-by: Kevin Groeneveld Signed-off-by: Dejin Zheng Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 2dbebf7ae1ed9a420d954305e2c9d5ed39ec57c3 Author: Sean Christopherson Date: Mon Jun 22 14:58:29 2020 -0700 KVM: nVMX: Plumb L2 GPA through to PML emulation Explicitly pass the L2 GPA to kvm_arch_write_log_dirty(), which for all intents and purposes is vmx_write_pml_buffer(), instead of having the latter pull the GPA from vmcs.GUEST_PHYSICAL_ADDRESS. If the dirty bit update is the result of KVM emulation (rare for L2), then the GPA in the VMCS may be stale and/or hold a completely unrelated GPA. Fixes: c5f983f6e8455 ("nVMX: Implement emulated Page Modification Logging") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Message-Id: <20200622215832.22090-2-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit 4e15507fea70c0c312d79610efa46b6853ccf8e0 Author: Andrii Nakryiko Date: Sat Jun 20 20:11:59 2020 -0700 libbpf: Forward-declare bpf_stats_type for systems with outdated UAPI headers Systems that doesn't yet have the very latest linux/bpf.h header, enum bpf_stats_type will be undefined, causing compilation warnings. Prevents this by forward-declaring enum. Fixes: 0bee106716cf ("libbpf: Add support for command BPF_ENABLE_STATS") Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Acked-by: Song Liu Link: https://lore.kernel.org/bpf/20200621031159.2279101-1-andriin@fb.com commit b0c34bde72a59c05e826bf0a5aeca0d73f38f791 Author: Felix Fietkau Date: Sun Jun 21 17:06:30 2020 +0200 MAINTAINERS: update email address for Felix Fietkau The old address has been bouncing for a while now Signed-off-by: Felix Fietkau Signed-off-by: David S. Miller commit 30480e6ed508e3ff7a3e03c975696aa5196ffe8a Author: Jordan Crouse Date: Mon Jun 22 10:55:38 2020 -0600 drm/msm: Fix up the rest of the messed up address sizes msm_gem_address_space_create() changed to take a start/length instead of a start/end for the iova space but all of the callers were just cut and pasted from the old usage. Most of the mistakes have been fixed up so just catch up the rest. Fixes: ccac7ce373c1 ("drm/msm: Refactor address space initialization") Signed-off-by: Jordan Crouse Signed-off-by: Rob Clark commit 116a1b9f1cb769b83e5adff323f977a62b1dcb2e Author: Shay Drory Date: Sun Jun 21 13:47:35 2020 +0300 IB/mad: Fix use after free when destroying MAD agent Currently, when RMPP MADs are processed while the MAD agent is destroyed, it could result in use after free of rmpp_recv, as decribed below: cpu-0 cpu-1 ----- ----- ib_mad_recv_done() ib_mad_complete_recv() ib_process_rmpp_recv_wc() unregister_mad_agent() ib_cancel_rmpp_recvs() cancel_delayed_work() process_rmpp_data() start_rmpp() queue_delayed_work(rmpp_recv->cleanup_work) destroy_rmpp_recv() free_rmpp_recv() cleanup_work()[1] spin_lock_irqsave(&rmpp_recv->agent->lock) <-- use after free [1] cleanup_work() == recv_cleanup_handler Fix it by waiting for the MAD agent reference count becoming zero before calling to ib_cancel_rmpp_recvs(). Fixes: 9a41e38a467c ("IB/mad: Use IDR for agent IDs") Link: https://lore.kernel.org/r/20200621104738.54850-2-leon@kernel.org Signed-off-by: Shay Drory Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 6eefa839c4dddf2149e9f5f6f1aa3e1191c8db9c Author: Leon Romanovsky Date: Sun Jun 21 14:59:59 2020 +0300 RDMA/mlx5: Protect from kernel crash if XRC_TGT doesn't have udata Don't deref udata if it is NULL BUG: kernel NULL pointer dereference, address: 0000000000000030 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 SMP PTI CPU: 2 PID: 1592 Comm: python3 Not tainted 5.7.0-rc6+ #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 RIP: 0010:create_qp+0x39e/0xae0 [mlx5_ib] Code: c0 0d 00 00 bf 10 01 00 00 e8 be a9 e4 e0 48 85 c0 49 89 c2 0f 84 0c 07 00 00 41 8b 85 74 63 01 00 0f c8 a9 00 00 00 10 74 0a <41> 8b 46 30 0f c8 41 89 42 14 41 8b 52 18 41 0f b6 4a 1c 0f ca 89 RSP: 0018:ffffc9000067f8b0 EFLAGS: 00010206 RAX: 0000000010170000 RBX: ffff888441313000 RCX: 0000000000000000 RDX: 0000000000000200 RSI: 0000000000000000 RDI: ffff88845b1d4400 RBP: ffffc9000067fa60 R08: 0000000000000200 R09: ffff88845b1d4200 R10: ffff88845b1d4200 R11: ffff888441313000 R12: ffffc9000067f950 R13: ffff88846ac00140 R14: 0000000000000000 R15: ffff88846c2bc000 FS: 00007faa1a3c0540(0000) GS:ffff88846fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000446dca003 CR4: 0000000000760ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ? __switch_to_asm+0x40/0x70 ? __switch_to_asm+0x34/0x70 mlx5_ib_create_qp+0x897/0xfa0 [mlx5_ib] ib_create_qp+0x9e/0x300 [ib_core] create_qp+0x92d/0xb20 [ib_uverbs] ? ib_uverbs_cq_event_handler+0x30/0x30 [ib_uverbs] ? release_resource+0x30/0x30 ib_uverbs_create_qp+0xc4/0xe0 [ib_uverbs] ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xc8/0xf0 [ib_uverbs] ib_uverbs_run_method+0x223/0x770 [ib_uverbs] ? track_pfn_remap+0xa7/0x100 ? uverbs_disassociate_api+0xd0/0xd0 [ib_uverbs] ? remap_pfn_range+0x358/0x490 ib_uverbs_cmd_verbs.isra.6+0x19b/0x370 [ib_uverbs] ? rdma_umap_priv_init+0x82/0xe0 [ib_core] ? vm_mmap_pgoff+0xec/0x120 ib_uverbs_ioctl+0xc0/0x120 [ib_uverbs] ksys_ioctl+0x92/0xb0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x48/0x130 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: e383085c2425 ("RDMA/mlx5: Set ECE options during QP create") Link: https://lore.kernel.org/r/20200621115959.60126-1-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 312d16c7c06174f44f96ef4a61c2936e6e360414 Author: Vitaly Kuznetsov Date: Mon Jun 22 17:14:35 2020 +0200 KVM: x86/mmu: Avoid mixing gpa_t with gfn_t in walk_addr_generic() translate_gpa() returns a GPA, assigning it to 'real_gfn' seems obviously wrong. There is no real issue because both 'gpa_t' and 'gfn_t' are u64 and we don't use the value in 'real_gfn' as a GFN, we do real_gfn = gpa_to_gfn(real_gfn); instead. 'If you see a "buffalo" sign on an elephant's cage, do not trust your eyes', but let's fix it for good. No functional change intended. Signed-off-by: Vitaly Kuznetsov Message-Id: <20200622151435.752560-1-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini commit 44d527170731c75587e95052f3eea72b8c651daf Author: Paolo Bonzini Date: Mon Jun 22 16:37:42 2020 +0200 KVM: LAPIC: ensure APIC map is up to date on concurrent update requests The following race can cause lost map update events: cpu1 cpu2 apic_map_dirty = true ------------------------------------------------------------ kvm_recalculate_apic_map: pass check mutex_lock(&kvm->arch.apic_map_lock); if (!kvm->arch.apic_map_dirty) and in process of updating map ------------------------------------------------------------- other calls to apic_map_dirty = true might be too late for affected cpu ------------------------------------------------------------- apic_map_dirty = false ------------------------------------------------------------- kvm_recalculate_apic_map: bail out on if (!kvm->arch.apic_map_dirty) To fix it, record the beginning of an update of the APIC map in apic_map_dirty. If another APIC map change switches apic_map_dirty back to DIRTY during the update, kvm_recalculate_apic_map should not make it CLEAN, and the other caller will go through the slow path. Reported-by: Igor Mammedov Signed-off-by: Paolo Bonzini commit c1d869d64a1955817c4d6fff08ecbbe8e59d36f8 Author: Mark Zhang Date: Sun Jun 21 14:00:00 2020 +0300 RDMA/counter: Query a counter before release Query a dynamically-allocated counter before release it, to update it's hwcounters and log all of them into history data. Otherwise all values of these hwcounters will be lost. Fixes: f34a55e497e8 ("RDMA/core: Get sum value of all counters when perform a sysfs stat read") Link: https://lore.kernel.org/r/20200621110000.56059-1-leon@kernel.org Signed-off-by: Mark Zhang Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 4bc799dcb67066e0531004d5bdbe755bb02b5488 Author: Sami Tolvanen Date: Mon Jun 15 11:12:32 2020 -0700 security: fix the key_permission LSM hook function type Commit 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather than a mask") changed the type of the key_permission callback functions, but didn't change the type of the hook, which trips indirect call checking with Control-Flow Integrity (CFI). This change fixes the issue by changing the hook type to match the functions. Fixes: 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather than a mask") Signed-off-by: Sami Tolvanen Acked-by: Kees Cook Signed-off-by: James Morris commit 5d8913504ccfeea6120df5ae1c6f4479ff09b931 Author: Andy Shevchenko Date: Thu Jun 18 14:49:06 2020 +0300 gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 When adding a quirk for IRQ on Intel Galileo Gen 2 the commit ba8c90c61847 ("gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2") missed GPIO resource release. We can safely do this in the same quirk, since IRQ will be locked by GPIO framework when requested and unlocked on freeing. Fixes: ba8c90c61847 ("gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2") Signed-off-by: Andy Shevchenko Cc: Mika Westerberg Reviewed-by: Mika Westerberg Reviewed-by: Linus Walleij Signed-off-by: Bartosz Golaszewski commit dd0d718152e4c65b173070d48ea9dfc06894c3e5 Merge: 751645789f7c 06096cc6c5a8 Author: Linus Torvalds Date: Mon Jun 22 09:49:59 2020 -0700 Merge tag 'spi-fix-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi fixes from Mark Brown: "Quite a lot of fixes here for no single reason. There's a collection of the usual sort of device specific fixes and also a bunch of people have been working on spidev and the userspace test program spidev_test so they've got an unusually large collection of small fixes" * tag 'spi-fix-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: spidev: fix a potential use-after-free in spidev_release() spi: spidev: fix a race between spidev_release and spidev_remove spi: stm32-qspi: Fix error path in case of -EPROBE_DEFER spi: uapi: spidev: Use TABs for alignment spi: spi-fsl-dspi: Free DMA memory with matching function spi: tools: Add macro definitions to fix build errors spi: tools: Make default_tx/rx and input_tx static spi: dt-bindings: amlogic, meson-gx-spicc: Fix schema for meson-g12a spi: rspi: Use requested instead of maximum bit rate spi: spidev_test: Use %u to format unsigned numbers spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH commit af28dfacbe00d53df5dec2bf50640df33138b1fe Author: Igor Mammedov Date: Mon Jun 22 12:08:30 2020 -0400 kvm: lapic: fix broken vcpu hotplug Guest fails to online hotplugged CPU with error smpboot: do_boot_cpu failed(-1) to wakeup CPU#4 It's caused by the fact that kvm_apic_set_state(), which used to call recalculate_apic_map() unconditionally and pulled hotplugged CPU into apic map, is updating map conditionally on state changes. In this case the APIC map is not considered dirty and the is not updated. Fix the issue by forcing unconditional update from kvm_apic_set_state(), like it used to be. Fixes: 4abaffce4d25a ("KVM: LAPIC: Recalculate apic map in batch") Cc: stable@vger.kernel.org Signed-off-by: Igor Mammedov Message-Id: <20200622160830.426022-1-imammedo@redhat.com> Signed-off-by: Paolo Bonzini commit 751645789f7cffddb0715d51fd9e72986ad9ecaf Merge: 2a0008706854 1b3bcca20858 Author: Linus Torvalds Date: Mon Jun 22 09:47:59 2020 -0700 Merge tag 'regulator-fix-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fixes from Mark Brown: "This has a fix for the refactoring out of the pickable ranges functionality, plus the removal of a BROKEN dependency on mt6358 now that the dependencies were merged in -rc1 and a couple of device specific fixes" * tag 'regulator-fix-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: mt6358: Remove BROKEN dependency regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 regulator: Fix pickable ranges mapping regulator: da9063: fix LDO9 suspend and warning. commit 2a00087068542b4324b54a14278acabc50f2a61b Merge: 625d3449788f 95b2c3ec4cb1 Author: Linus Torvalds Date: Mon Jun 22 09:46:43 2020 -0700 Merge tag 'regmap-fix-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap Pull regmap fixes from Mark Brown: "A few small fixes, none of which are likely to have any substantial impact here - the most substantial one is a fix for a long standing memory leak on devices that use register patching which will only have an impact if the device is removed and re-added" * tag 'regmap-fix-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap: regmap: Fix memory leak from regmap_register_patch regmap: fix the kerneldoc for regmap_test_bits() regmap: fix alignment issue commit cb91909e48a4809261ef4e967464e2009b214f06 Author: Eugenio Pérez Date: Sat Apr 18 12:22:17 2020 +0200 tools/virtio: Use tools/include/list.h instead of stubs It should not make any significant difference but reduce stub code. Signed-off-by: Eugenio Pérez Link: https://lore.kernel.org/r/20200418102217.32327-9-eperezma@redhat.com Signed-off-by: Michael S. Tsirkin commit 1d8bf5c3a3a1b90c39ccbafb3aa63ffc5196b142 Author: Eugenio Pérez Date: Sat Apr 18 12:22:16 2020 +0200 tools/virtio: Reset index in virtio_test --reset. This way behavior for vhost is more like a VM. Signed-off-by: Eugenio Pérez Link: https://lore.kernel.org/r/20200418102217.32327-8-eperezma@redhat.com Signed-off-by: Michael S. Tsirkin commit 6741239260293e46a32a141fb61bf2c062b0b6ed Author: Eugenio Pérez Date: Sat Apr 18 12:22:15 2020 +0200 tools/virtio: Extract virtqueue initialization in vq_reset So we can reset after that in the main loop. Signed-off-by: Eugenio Pérez Link: https://lore.kernel.org/r/20200418102217.32327-7-eperezma@redhat.com Signed-off-by: Michael S. Tsirkin commit 4cfb93935337d8f9680d865b0987583e462cfcc7 Author: Eugenio Pérez Date: Sat Apr 18 12:22:14 2020 +0200 tools/virtio: Use __vring_new_virtqueue in virtio_test.c As updated in ("2a2d1382fe9d virtio: Add improved queue allocation API") Signed-off-by: Eugenio Pérez Link: https://lore.kernel.org/r/20200418102217.32327-6-eperezma@redhat.com Signed-off-by: Michael S. Tsirkin commit 264ee5aa81ec87eebfb0e2fb70cc0a38df80bab2 Author: Eugenio Pérez Date: Sat Apr 18 12:22:13 2020 +0200 tools/virtio: Add --reset Currently, it only removes and add backend, but it will reset vq position in future commits. Signed-off-by: Eugenio Pérez Link: https://lore.kernel.org/r/20200418102217.32327-5-eperezma@redhat.com Signed-off-by: Michael S. Tsirkin commit 7add78b2a6b76d98fcf35e981c5f84b3c91459f5 Author: Eugenio Pérez Date: Sat Apr 18 12:22:12 2020 +0200 tools/virtio: Add --batch=random option So we can test with non-deterministic batches in flight. Signed-off-by: Eugenio Pérez Link: https://lore.kernel.org/r/20200418102217.32327-4-eperezma@redhat.com Signed-off-by: Michael S. Tsirkin commit 633fae33d562dc2538cc3d6033a2d5e277050783 Author: Eugenio Pérez Date: Sat Apr 18 12:22:11 2020 +0200 tools/virtio: Add --batch option This allow to test vhost having >1 buffers in flight Signed-off-by: Eugenio Pérez Link: https://lore.kernel.org/r/20200401183118.8334-5-eperezma@redhat.com Signed-off-by: Michael S. Tsirkin Link: https://lore.kernel.org/r/20200418102217.32327-3-eperezma@redhat.com Signed-off-by: Michael S. Tsirkin commit b3562c6087b585abba53d906f127d6fd5a92829c Author: David Hildenbrand Date: Thu Jun 11 11:35:18 2020 +0200 virtio-mem: add memory via add_memory_driver_managed() Virtio-mem managed memory is always detected and added by the virtio-mem driver, never using something like the firmware-provided memory map. This is the case after an ordinary system reboot, and has to be guaranteed after kexec. Especially, virtio-mem added memory resources can contain inaccessible parts ("unblocked memory blocks"), blindly forwarding them to a kexec kernel is dangerous, as unplugged memory will get accessed (esp. written). Let's use the new way of adding special driver-managed memory introduced in commit 7b7b27214bba ("mm/memory_hotplug: introduce add_memory_driver_managed()"). This will result in no entries in /sys/firmware/memmap ("raw firmware- provided memory map"), the memory resource will be flagged IORESOURCE_MEM_DRIVER_MANAGED (esp., kexec_file_load() will not place kexec images on this memory), and it is exposed as "System RAM (virtio_mem)" in /proc/iomem, so esp. kexec-tools can properly handle it. Example /proc/iomem before this change: [...] 140000000-333ffffff : virtio0 140000000-147ffffff : System RAM 334000000-533ffffff : virtio1 338000000-33fffffff : System RAM 340000000-347ffffff : System RAM 348000000-34fffffff : System RAM [...] Example /proc/iomem after this change: [...] 140000000-333ffffff : virtio0 140000000-147ffffff : System RAM (virtio_mem) 334000000-533ffffff : virtio1 338000000-33fffffff : System RAM (virtio_mem) 340000000-347ffffff : System RAM (virtio_mem) 348000000-34fffffff : System RAM (virtio_mem) [...] Cc: "Michael S. Tsirkin" Cc: Pankaj Gupta Cc: teawater Fixes: 5f1f79bbc9e26 ("virtio-mem: Paravirtualized memory hotplug") Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200611093518.5737-1-david@redhat.com Signed-off-by: Michael S. Tsirkin Reviewed-by: Pankaj Gupta commit 1c3d69ab5348b661616992206357a3ebf19b1008 Author: Dan Carpenter Date: Wed Jun 10 11:59:11 2020 +0300 virtio-mem: silence a static checker warning Smatch complains that "rc" can be uninitialized if we hit the "break;" statement on the first iteration through the loop. I suspect that this can't happen in real life, but returning a zero literal is cleaner and silence the static checker warning. Fixes: 5f1f79bbc9e2 ("virtio-mem: Paravirtualized memory hotplug") Signed-off-by: Dan Carpenter Link: https://lore.kernel.org/r/20200610085911.GC5439@mwanda Signed-off-by: Michael S. Tsirkin commit c09cc2c319863f620caf5e723db496eed55f7c7f Author: Dan Carpenter Date: Wed Jun 10 11:58:52 2020 +0300 vhost_vdpa: Fix potential underflow in vhost_vdpa_mmap() The "vma->vm_pgoff" variable is an unsigned long so if it's larger than INT_MAX then "index" can be negative leading to an underflow. Fix this by changing the type of "index" to "unsigned long". Fixes: ddd89d0a059d ("vhost_vdpa: support doorbell mapping via mmap") Signed-off-by: Dan Carpenter Link: https://lore.kernel.org/r/20200610085852.GB5439@mwanda Signed-off-by: Michael S. Tsirkin commit 24eae8ebfb29ca54980764245ffb8aa218666ff6 Author: Jason Wang Date: Wed May 27 14:05:28 2020 +0800 vdpa: fix typos in the comments for __vdpa_alloc_device() Fix two typos in the comments for __vdpa_alloc_device(). Signed-off-by: Jason Wang Link: https://lore.kernel.org/r/20200527060528.9100-1-jasowang@redhat.com Signed-off-by: Michael S. Tsirkin commit c42ad5d4358230be166fc36c87bae0dd1680c570 Author: Andreas Gerstmayr Date: Fri Jun 19 17:32:31 2020 +0200 perf flamegraph: Explicitly set utf-8 encoding On some platforms the default encoding is not utf-8, which causes an UnicodeDecodeError when reading the flamegraph template and writing the flamegraph Signed-off-by: Andreas Gerstmayr Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Mark Rutland Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lore.kernel.org/lkml/20200619153232.203537-1-agerstmayr@redhat.com Signed-off-by: Arnaldo Carvalho de Melo commit e6d701dca9893990d999fd145e3e07223c002b06 Author: Nathan Chancellor Date: Thu Jun 11 21:51:50 2020 -0700 ACPI: sysfs: Fix pm_profile_attr type When running a kernel with Clang's Control Flow Integrity implemented, there is a violation that happens when accessing /sys/firmware/acpi/pm_profile: $ cat /sys/firmware/acpi/pm_profile 0 $ dmesg ... [ 17.352564] ------------[ cut here ]------------ [ 17.352568] CFI failure (target: acpi_show_profile+0x0/0x8): [ 17.352572] WARNING: CPU: 3 PID: 497 at kernel/cfi.c:29 __cfi_check_fail+0x33/0x40 [ 17.352573] Modules linked in: [ 17.352575] CPU: 3 PID: 497 Comm: cat Tainted: G W 5.7.0-microsoft-standard+ #1 [ 17.352576] RIP: 0010:__cfi_check_fail+0x33/0x40 [ 17.352577] Code: 48 c7 c7 50 b3 85 84 48 c7 c6 50 0a 4e 84 e8 a4 d8 60 00 85 c0 75 02 5b c3 48 c7 c7 dc 5e 49 84 48 89 de 31 c0 e8 7d 06 eb ff <0f> 0b 5b c3 00 00 cc cc 00 00 cc cc 00 85 f6 74 25 41 b9 ea ff ff [ 17.352577] RSP: 0018:ffffaa6dc3c53d30 EFLAGS: 00010246 [ 17.352578] RAX: 331267e0c06cee00 RBX: ffffffff83d85890 RCX: ffffffff8483a6f8 [ 17.352579] RDX: ffff9cceabbb37c0 RSI: 0000000000000082 RDI: ffffffff84bb9e1c [ 17.352579] RBP: ffffffff845b2bc8 R08: 0000000000000001 R09: ffff9cceabbba200 [ 17.352579] R10: 000000000000019d R11: 0000000000000000 R12: ffff9cc947766f00 [ 17.352580] R13: ffffffff83d6bd50 R14: ffff9ccc6fa80000 R15: ffffffff845bd328 [ 17.352582] FS: 00007fdbc8d13580(0000) GS:ffff9cce91ac0000(0000) knlGS:0000000000000000 [ 17.352582] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 17.352583] CR2: 00007fdbc858e000 CR3: 00000005174d0000 CR4: 0000000000340ea0 [ 17.352584] Call Trace: [ 17.352586] ? rev_id_show+0x8/0x8 [ 17.352587] ? __cfi_check+0x45bac/0x4b640 [ 17.352589] ? kobj_attr_show+0x73/0x80 [ 17.352590] ? sysfs_kf_seq_show+0xc1/0x140 [ 17.352592] ? ext4_seq_options_show.cfi_jt+0x8/0x8 [ 17.352593] ? seq_read+0x180/0x600 [ 17.352595] ? sysfs_create_file_ns.cfi_jt+0x10/0x10 [ 17.352596] ? tlbflush_read_file+0x8/0x8 [ 17.352597] ? __vfs_read+0x6b/0x220 [ 17.352598] ? handle_mm_fault+0xa23/0x11b0 [ 17.352599] ? vfs_read+0xa2/0x130 [ 17.352599] ? ksys_read+0x6a/0xd0 [ 17.352601] ? __do_sys_getpgrp+0x8/0x8 [ 17.352602] ? do_syscall_64+0x72/0x120 [ 17.352603] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 17.352604] ---[ end trace 7b1fa81dc897e419 ]--- When /sys/firmware/acpi/pm_profile is read, sysfs_kf_seq_show is called, which in turn calls kobj_attr_show, which gets the ->show callback member by calling container_of on attr (casting it to struct kobj_attribute) then calls it. There is a CFI violation because pm_profile_attr is of type struct device_attribute but kobj_attr_show calls ->show expecting it to be from struct kobj_attribute. CFI checking ensures that function pointer types match when doing indirect calls. Fix pm_profile_attr to be defined in terms of kobj_attribute so there is no violation or mismatch. Fixes: 362b646062b2 ("ACPI: Export FADT pm_profile integer value to userspace") Link: https://github.com/ClangBuiltLinux/linux/issues/1051 Reported-by: yuu ichii Signed-off-by: Nathan Chancellor Cc: 3.10+ # 3.10+ Signed-off-by: Rafael J. Wysocki commit 75b0cea7bf307f362057cc778efe89af4c615354 Author: Jason A. Donenfeld Date: Mon Jun 15 04:43:32 2020 -0600 ACPI: configfs: Disallow loading ACPI tables when locked down Like other vectors already patched, this one here allows the root user to load ACPI tables, which enables arbitrary physical address writes, which in turn makes it possible to disable lockdown. Prevents this by checking the lockdown status before allowing a new ACPI table to be installed. The link in the trailer shows a PoC of how this might be used. Link: https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh Cc: 5.4+ # 5.4+ Signed-off-by: Jason A. Donenfeld Signed-off-by: Rafael J. Wysocki commit a25e91028ac2f544e0140aff2c9360a0e995dd86 Author: Andrew Jones Date: Mon Jun 22 16:27:10 2020 +0200 KVM: arm64: pvtime: Ensure task delay accounting is enabled Ensure we're actually accounting run_delay before we claim that we'll expose it to the guest. If we're not, then we just pretend like steal time isn't supported in order to avoid any confusion. Signed-off-by: Andrew Jones Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20200622142710.18677-1-drjones@redhat.com commit 66b7e05dc0239c5817859f261098ba9cc2efbd2b Author: Steven Price Date: Wed Jun 17 11:54:56 2020 +0100 KVM: arm64: Fix kvm_reset_vcpu() return code being incorrect with SVE If SVE is enabled then 'ret' can be assigned the return value of kvm_vcpu_enable_sve() which may be 0 causing future "goto out" sites to erroneously return 0 on failure rather than -EINVAL as expected. Remove the initialisation of 'ret' and make setting the return value explicit to avoid this situation in the future. Fixes: 9a3cdf26e336 ("KVM: arm64/sve: Allow userspace to enable SVE for vcpus") Cc: stable@vger.kernel.org Reported-by: James Morse Signed-off-by: Steven Price Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20200617105456.28245-1-steven.price@arm.com commit 7733306bd593c737c63110175da6c35b4b8bb32c Author: Alexandru Elisei Date: Thu Jun 18 18:12:54 2020 +0100 KVM: arm64: Annotate hyp NMI-related functions as __always_inline The "inline" keyword is a hint for the compiler to inline a function. The functions system_uses_irq_prio_masking() and gic_write_pmr() are used by the code running at EL2 on a non-VHE system, so mark them as __always_inline to make sure they'll always be part of the .hyp.text section. This fixes the following splat when trying to run a VM: [ 47.625273] Kernel panic - not syncing: HYP panic: [ 47.625273] PS:a00003c9 PC:0000ca0b42049fc4 ESR:86000006 [ 47.625273] FAR:0000ca0b42049fc4 HPFAR:0000000010001000 PAR:0000000000000000 [ 47.625273] VCPU:0000000000000000 [ 47.647261] CPU: 1 PID: 217 Comm: kvm-vcpu-0 Not tainted 5.8.0-rc1-ARCH+ #61 [ 47.654508] Hardware name: Globalscale Marvell ESPRESSOBin Board (DT) [ 47.661139] Call trace: [ 47.663659] dump_backtrace+0x0/0x1cc [ 47.667413] show_stack+0x18/0x24 [ 47.670822] dump_stack+0xb8/0x108 [ 47.674312] panic+0x124/0x2f4 [ 47.677446] panic+0x0/0x2f4 [ 47.680407] SMP: stopping secondary CPUs [ 47.684439] Kernel Offset: disabled [ 47.688018] CPU features: 0x240402,20002008 [ 47.692318] Memory Limit: none [ 47.695465] ---[ end Kernel panic - not syncing: HYP panic: [ 47.695465] PS:a00003c9 PC:0000ca0b42049fc4 ESR:86000006 [ 47.695465] FAR:0000ca0b42049fc4 HPFAR:0000000010001000 PAR:0000000000000000 [ 47.695465] VCPU:0000000000000000 ]--- The instruction abort was caused by the code running at EL2 trying to fetch an instruction which wasn't mapped in the EL2 translation tables. Using objdump showed the two functions as separate symbols in the .text section. Fixes: 85738e05dc38 ("arm64: kvm: Unmask PMR before entering guest") Cc: stable@vger.kernel.org Signed-off-by: Alexandru Elisei Signed-off-by: Marc Zyngier Acked-by: James Morse Link: https://lore.kernel.org/r/20200618171254.1596055-1-alexandru.elisei@arm.com commit 7b2182ec381f8ea15c7eb1266d6b5d7da620ad93 Author: Chuck Lever Date: Mon Jun 15 09:21:13 2020 -0400 xprtrdma: Fix handling of RDMA_ERROR replies The RPC client currently doesn't handle ERR_CHUNK replies correctly. rpcrdma_complete_rqst() incorrectly passes a negative number to xprt_complete_rqst() as the number of bytes copied. Instead, set task->tk_status to the error value, and return zero bytes copied. In these cases, return -EIO rather than -EREMOTEIO. The RPC client's finite state machine doesn't know what to do with -EREMOTEIO. Additional clean ups: - Don't double-count RDMA_ERROR replies - Remove a stale comment Signed-off-by: Chuck Lever Cc: Signed-off-by: Anna Schumaker commit c487eb7d8e41579d87216ce43152acd336f2c4aa Author: Chuck Lever Date: Mon Jun 15 09:21:07 2020 -0400 xprtrdma: Clean up disconnect 1. Ensure that only rpcrdma_cm_event_handler() modifies ep->re_connect_status to avoid racy changes to that field. 2. Ensure that xprt_force_disconnect() is invoked only once as a transport is closed or destroyed. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit f423f755f41e4944fb4cd1c259cbf2ba3608d647 Author: Chuck Lever Date: Mon Jun 15 09:21:02 2020 -0400 xprtrdma: Clean up synopsis of rpcrdma_flush_disconnect() Refactor: Pass struct rpcrdma_xprt instead of an IB layer object. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 2d97f4637666704953dfbb10322c2b73bb53d5e7 Author: Chuck Lever Date: Mon Jun 15 09:20:57 2020 -0400 xprtrdma: Use re_connect_status safely in rpcrdma_xprt_connect() Clean up: Sometimes creating a fresh rpcrdma_ep can fail. That's why xprt_rdma_connect() always checks if the r_xprt->rx_ep pointer is valid before dereferencing it. Instead, xprt_rdma_connect() can simply check rpcrdma_xprt_connect()'s return value. Also, there's no need to set re_connect_status to zero just after the rpcrdma_ep is created, since it is allocated with kzalloc. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 2acc5cae292355f5f18ad377a2a966e7f03c8fec Author: Chuck Lever Date: Mon Jun 15 09:20:52 2020 -0400 xprtrdma: Prevent dereferencing r_xprt->rx_ep after it is freed r_xprt->rx_ep is known to be good while the transport's send lock is held. Otherwise additional references on rx_ep must be held when it is used outside of that lock's critical sections. For now, bump the rx_ep reference count once whenever there is at least one outstanding Receive WR. This avoids the memory bandwidth overhead of taking and releasing the reference count for every ib_post_recv() and Receive completion. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit f148915f91fccd8c3df1b0bff7d1c8458cad3be5 Author: Krzysztof Kozlowski Date: Mon Jun 22 13:05:43 2020 +0200 spi: spi-fsl-dspi: Initialize completion before possible interrupt The interrupt handler calls completion and is IRQ requested before the completion is initialized. Logically it should be the other way. Signed-off-by: Krzysztof Kozlowski Link: https://lore.kernel.org/r/20200622110543.5035-4-krzk@kernel.org Signed-off-by: Mark Brown commit 3d87b613d6a3c6f0980e877ab0895785a2dde581 Author: Krzysztof Kozlowski Date: Mon Jun 22 13:05:42 2020 +0200 spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths If shared interrupt comes late, during probe error path or device remove (could be triggered with CONFIG_DEBUG_SHIRQ), the interrupt handler dspi_interrupt() will access registers with the clock being disabled. This leads to external abort on non-linefetch on Toradex Colibri VF50 module (with Vybrid VF5xx): $ echo 4002d000.spi > /sys/devices/platform/soc/40000000.bus/4002d000.spi/driver/unbind Unhandled fault: external abort on non-linefetch (0x1008) at 0x8887f02c Internal error: : 1008 [#1] ARM Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree) Backtrace: (regmap_mmio_read32le) (regmap_mmio_read) (_regmap_bus_reg_read) (_regmap_read) (regmap_read) (dspi_interrupt) (free_irq) (devm_irq_release) (release_nodes) (devres_release_all) (device_release_driver_internal) The resource-managed framework should not be used for shared interrupt handling, because the interrupt handler might be called after releasing other resources and disabling clocks. Similar bug could happen during suspend - the shared interrupt handler could be invoked after suspending the device. Each device sharing this interrupt line should disable the IRQ during suspend so handler will be invoked only in following cases: 1. None suspended, 2. All devices resumed. Fixes: 349ad66c0ab0 ("spi:Add Freescale DSPI driver for Vybrid VF610 platform") Signed-off-by: Krzysztof Kozlowski Tested-by: Vladimir Oltean Reviewed-by: Vladimir Oltean Cc: Link: https://lore.kernel.org/r/20200622110543.5035-3-krzk@kernel.org Signed-off-by: Mark Brown commit 3c525b69e8c1a9a6944e976603c7a1a713e728f9 Author: Krzysztof Kozlowski Date: Mon Jun 22 13:05:41 2020 +0200 spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer During shutdown, the driver should unregister the SPI controller and stop the hardware. Otherwise the dspi_transfer_one_message() could wait on completion infinitely. Additionally, calling spi_unregister_controller() first in device shutdown reverse-matches the probe function, where SPI controller is registered at the end. Fixes: dc234825997e ("spi: spi-fsl-dspi: Adding shutdown hook") Reported-by: Vladimir Oltean Signed-off-by: Krzysztof Kozlowski Tested-by: Vladimir Oltean Reviewed-by: Vladimir Oltean Cc: Link: https://lore.kernel.org/r/20200622110543.5035-2-krzk@kernel.org Signed-off-by: Mark Brown commit 7684580d45bd3d84ed9b453a4cadf7a9a5605a3f Author: Krzysztof Kozlowski Date: Mon Jun 22 13:05:40 2020 +0200 spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer During device removal, the driver should unregister the SPI controller and stop the hardware. Otherwise the dspi_transfer_one_message() could wait on completion infinitely. Additionally, calling spi_unregister_controller() first in device removal reverse-matches the probe function, where SPI controller is registered at the end. Fixes: 05209f457069 ("spi: fsl-dspi: add missing clk_disable_unprepare() in dspi_remove()") Reported-by: Vladimir Oltean Signed-off-by: Krzysztof Kozlowski Cc: Link: https://lore.kernel.org/r/20200622110543.5035-1-krzk@kernel.org Signed-off-by: Mark Brown commit c1ed1754f271f6b7acb1bfdc8cfb62220fbed423 Author: Aneesh Kumar K.V Date: Thu Jun 11 17:31:59 2020 +0530 powerpc/kvm/book3s64: Fix kernel crash with nested kvm & DEBUG_VIRTUAL With CONFIG_DEBUG_VIRTUAL=y, __pa() checks for addr value and if it's less than PAGE_OFFSET it leads to a BUG(). #define __pa(x) ({ VIRTUAL_BUG_ON((unsigned long)(x) < PAGE_OFFSET); (unsigned long)(x) & 0x0fffffffffffffffUL; }) kernel BUG at arch/powerpc/kvm/book3s_64_mmu_radix.c:43! cpu 0x70: Vector: 700 (Program Check) at [c0000018a2187360] pc: c000000000161b30: __kvmhv_copy_tofrom_guest_radix+0x130/0x1f0 lr: c000000000161d5c: kvmhv_copy_from_guest_radix+0x3c/0x80 ... kvmhv_copy_from_guest_radix+0x3c/0x80 kvmhv_load_from_eaddr+0x48/0xc0 kvmppc_ld+0x98/0x1e0 kvmppc_load_last_inst+0x50/0x90 kvmppc_hv_emulate_mmio+0x288/0x2b0 kvmppc_book3s_radix_page_fault+0xd8/0x2b0 kvmppc_book3s_hv_page_fault+0x37c/0x1050 kvmppc_vcpu_run_hv+0xbb8/0x1080 kvmppc_vcpu_run+0x34/0x50 kvm_arch_vcpu_ioctl_run+0x2fc/0x410 kvm_vcpu_ioctl+0x2b4/0x8f0 ksys_ioctl+0xf4/0x150 sys_ioctl+0x28/0x80 system_call_exception+0x104/0x1d0 system_call_common+0xe8/0x214 kvmhv_copy_tofrom_guest_radix() uses a NULL value for to/from to indicate direction of copy. Avoid calling __pa() if the value is NULL to avoid the BUG(). Signed-off-by: Aneesh Kumar K.V [mpe: Massage change log a bit to mention CONFIG_DEBUG_VIRTUAL] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200611120159.680284-1-aneesh.kumar@linux.ibm.com commit 91ef3d9f9fef08e3f42b78ec0ae8187be1070fce Merge: d50313a5a0d8 f141a422159a Author: Takashi Iwai Date: Mon Jun 22 13:49:14 2020 +0200 Merge tag 'asoc-fix-v5.8-rc2' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v5.8 This is a collection of mostly small fixes, mostly fixing fallout from some of the DPCM changes that went in last time around which shook out some issues on i.MX and Qualcomm platforms. The addition of a managed version of snd_soc_register_dai() is to fix resource leaks. There's also a few new device IDs for x86 systems. commit bf6d6e68d2028a2d82f4c106f50ec75cc1e6ef89 Author: Pierre-Louis Bossart Date: Wed Jun 17 11:35:36 2020 -0500 soundwire: intel: fix memory leak with devm_kasprintf The dais are allocated with devm_kcalloc() but their name isn't resourced managed and never freed. Fix by also using devm_ for the dai names as well. Fixes: c46302ec554c5 ('soundwire: intel: Add audio DAI ops') Signed-off-by: Pierre-Louis Bossart Reviewed-by: Daniel Baluta Reviewed-by: Kai Vehmanen Reviewed-by: Rander Wang Reviewed-by: Guennadi Liakhovetski Reviewed-by: Bard Liao Link: https://lore.kernel.org/r/20200617163536.17401-1-pierre-louis.bossart@linux.intel.com Signed-off-by: Vinod Koul commit 7e4773f73dcfb92e7e33532162f722ec291e75a4 Author: Arseny Solokha Date: Sat Jun 13 23:28:01 2020 +0700 powerpc/fsl_booke/32: Fix build with CONFIG_RANDOMIZE_BASE Building the current 5.8 kernel for an e500 machine with CONFIG_RANDOMIZE_BASE=y and CONFIG_BLOCK=n yields the following failure: arch/powerpc/mm/nohash/kaslr_booke.c: In function 'kaslr_early_init': arch/powerpc/mm/nohash/kaslr_booke.c:387:2: error: implicit declaration of function 'flush_icache_range'; did you mean 'flush_tlb_range'? Indeed, including asm/cacheflush.h into kaslr_booke.c fixes the build. Fixes: 2b0e86cc5de6 ("powerpc/fsl_booke/32: implement KASLR infrastructure") Cc: stable@vger.kernel.org # v5.5+ Signed-off-by: Arseny Solokha Reviewed-by: Jason Yan Acked-by: Scott Wood [mpe: Tweak change log to mention CONFIG_BLOCK=n] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200613162801.1946619-1-asolokha@kb.kras.ru commit 69339d083dfb7786b0e0b3fc19eaddcf11fabdfb Author: Jacky Hu Date: Tue Jun 16 09:50:24 2020 +0800 pinctrl: amd: fix npins for uart0 in kerncz_groups uart0_pins is defined as: static const unsigned uart0_pins[] = {135, 136, 137, 138, 139}; which npins is wronly specified as 9 later { .name = "uart0", .pins = uart0_pins, .npins = 9, }, npins should be 5 instead of 9 according to the definition. Signed-off-by: Jacky Hu Link: https://lore.kernel.org/r/20200616015024.287683-1-hengqing.hu@gmail.com Signed-off-by: Linus Walleij commit 625d3449788f85569096780592549d0340e9c0c7 Author: Jason A. Donenfeld Date: Sun Jun 21 21:02:22 2020 -0600 Revert "kernel/printk: add kmsg SEEK_CUR handling" This reverts commit 8ece3b3eb576a78d2e67ad4c3a80a39fa6708809. This commit broke userspace. Bash uses ESPIPE to determine whether or not the file should be read using "unbuffered I/O", which means reading 1 byte at a time instead of 128 bytes at a time. I used to use bash to read through kmsg in a really quite nasty way: while read -t 0.1 -r line 2>/dev/null || [[ $? -ne 142 ]]; do echo "SARU $line" done < /dev/kmsg This will show all lines that can fit into the 128 byte buffer, and skip lines that don't. That's pretty awful, but at least it worked. With this change, bash now tries to do 1-byte reads, which means it skips all the lines, which is worse than before. Now, I don't really care very much about this, and I'm already look for a workaround. But I did just spend an hour trying to figure out why my scripts were broken. Either way, it makes no difference to me personally whether this is reverted, but it might be something to consider. If you declare that "trying to read /dev/kmsg with bash is terminally stupid anyway," I might be inclined to agree with you. But do note that bash uses lseek(fd, 0, SEEK_CUR)==>ESPIPE to determine whether or not it's reading from a pipe. Cc: Bruno Meneguele Cc: Sergey Senozhatsky Cc: Steven Rostedt Cc: David Laight Cc: Sergey Senozhatsky Cc: Petr Mladek Signed-off-by: Jason A. Donenfeld Signed-off-by: Linus Torvalds commit 77577de64167aa0643d47ffbaacf3642632b321b Author: Xiyu Yang Date: Sat Jun 13 20:27:09 2020 +0800 cifs: Fix cached_fid refcnt leak in open_shroot open_shroot() invokes kref_get(), which increases the refcount of the "tcon->crfid" object. When open_shroot() returns not zero, it means the open operation failed and close_shroot() will not be called to decrement the refcount of the "tcon->crfid". The reference counting issue happens in one normal path of open_shroot(). When the cached root have been opened successfully in a concurrent process, the function increases the refcount and jump to "oshr_free" to return. However the current return value "rc" may not equal to 0, thus the increased refcount will not be balanced outside the function, causing a refcnt leak. Fix this issue by setting the value of "rc" to 0 before jumping to "oshr_free" label. Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Signed-off-by: Steve French CC: Stable commit 48778464bb7d346b47157d21ffde2af6b2d39110 Author: Linus Torvalds Date: Sun Jun 21 15:45:29 2020 -0700 Linux 5.8-rc2 commit 817d914d17651c188f28a284261ff6091d80ad2c Merge: 16f4aa9b7c23 8231b0b9c322 Author: Linus Torvalds Date: Sun Jun 21 15:41:24 2020 -0700 Merge tag 'selinux-pr-20200621' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull SELinux fixes from Paul Moore: "Three small patches to fix problems in the SELinux code, all found via clang. Two patches fix potential double-free conditions and one fixes an undefined return value" * tag 'selinux-pr-20200621' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: fix undefined return of cond_evaluate_expr selinux: fix a double free in cond_read_node()/cond_read_list() selinux: fix double free commit 16f4aa9b7c2304e439796bd097b2c0a7663f5d6e Merge: be9160a90de7 25fae752156d Author: Linus Torvalds Date: Sun Jun 21 13:04:57 2020 -0700 Merge tag 'pinctrl-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: "Some early fixes collected during the first week after the merge window, all pretty self-evident, with the details below. The revert is the crucial thing. - Fix a warning on the Qualcomm SPMI GPIO chip being instatiated twice without a unique irqchip struct - Use the noirq variants of the suspend and resume callbacks in the Tegra driver - Clean up the errorpath on the MCP23s08 driver - Revert the use of devm_of_iomap() in the Freescale driver as it was regressing the platform - Add some missing pins in the Qualcomm IPQ6018 driver - Fix a simple documentation bug in the pinctrl-single driver" * tag 'pinctrl-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: single: fix function name in documentation pinctrl: qcom: ipq6018 Add missing pins in qpic pin group Revert "pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'" pinctrl: mcp23s08: Split to three parts: fix ptr_ret.cocci warnings pinctrl: tegra: Use noirq suspend/resume callbacks pinctrl: qcom: spmi-gpio: fix warning about irq chip reusage commit be9160a90de778758d499fe2cb8ee8cc4dda2cc7 Merge: 75613939084f 214377e9b7e3 Author: Linus Torvalds Date: Sun Jun 21 12:44:52 2020 -0700 Merge tag 'kbuild-fixes-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes from Masahiro Yamada: - fix -gz=zlib compiler option test for CONFIG_DEBUG_INFO_COMPRESSED - improve cc-option in scripts/Kbuild.include to clean up temp files - improve cc-option in scripts/Kconfig.include for more reliable compile option test - do not copy modules.builtin by 'make install' because it would break existing systems - use 'userprogs' syntax for watch_queue sample * tag 'kbuild-fixes-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: samples: watch_queue: build sample program for target architecture Revert "Makefile: install modules.builtin even if CONFIG_MODULES=n" scripts: Fix typo in headers_install.sh kconfig: unify cc-option and as-option kbuild: improve cc-option to clean up all temporary files Makefile: Improve compressed debug info support detection commit 75613939084f59c0848b146e54ba463dc494c433 Merge: 93bbca271a71 c0e1c8c22beb Author: Linus Torvalds Date: Sun Jun 21 10:02:53 2020 -0700 Merge tag 'powerpc-5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: - One fix for the interrupt rework we did last release which broke KVM-PR - Three commits fixing some fallout from the READ_ONCE() changes interacting badly with our 8xx 16K pages support, which uses a pte_t that is a structure of 4 actual PTEs - A cleanup of the 8xx pte_update() to use the newly added pmd_off() - A fix for a crash when handling an oops if CONFIG_DEBUG_VIRTUAL is enabled - A minor fix for the SPU syscall generation Thanks to Aneesh Kumar K.V, Christian Zigotzky, Christophe Leroy, Mike Rapoport, Nicholas Piggin. * tag 'powerpc-5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/8xx: Provide ptep_get() with 16k pages mm: Allow arches to provide ptep_get() mm/gup: Use huge_ptep_get() in gup_hugepte() powerpc/syscalls: Use the number when building SPU syscall table powerpc/8xx: use pmd_off() to access a PMD entry in pte_update() powerpc/64s: Fix KVM interrupt using wrong save area powerpc: Fix kernel crash in show_instructions() w/DEBUG_VIRTUAL commit 93bbca271a715e2730b6f4ae0be42056cdab6561 Merge: 64677779e896 819966c06b75 Author: Linus Torvalds Date: Sun Jun 21 10:01:03 2020 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: - NULL dereference in octeontx - PM reference imbalance in ks-sa - deadlock in crypto manager - memory leak in drbg - missing socket limit check on receive SG list size in algif_skcipher - typos in caam - warnings in ccp and hisilicon * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: drbg - always try to free Jitter RNG instance crypto: marvell/octeontx - Fix a potential NULL dereference crypto: algboss - don't wait during notifier callback crypto: caam - fix typos crypto: ccp - Fix sparse warnings in sev-dev crypto: hisilicon - Cap block size at 2^31 crypto: algif_skcipher - Cap recv SG list at ctx->used hwrng: ks-sa - Fix runtime PM imbalance on error commit 214377e9b7e3185abf5998b8a90450e01bab21a7 Author: Masahiro Yamada Date: Wed Jun 17 11:08:38 2020 +0900 samples: watch_queue: build sample program for target architecture This userspace program includes UAPI headers exported to usr/include/. 'make headers' always works for the target architecture (i.e. the same architecture as the kernel), so the sample program should be built for the target as well. Kbuild now supports 'userprogs' for that. I also guarded the CONFIG option by 'depends on CC_CAN_LINK' because $(CC) may not provide libc. Signed-off-by: Masahiro Yamada commit 2c6d9636ad92083d79a060edc84259526c153670 Author: Masahiro Yamada Date: Sat Jun 20 00:09:55 2020 +0900 Revert "Makefile: install modules.builtin even if CONFIG_MODULES=n" This reverts commit e0b250b57dcf403529081e5898a9de717f96b76b, which broke build systems that need to install files to a certain path, but do not set INSTALL_MOD_PATH when invoking 'make install'. $ make INSTALL_PATH=/tmp/destdir install mkdir: cannot create directory ‘/lib/modules/5.8.0-rc1+/’: Permission denied Makefile:1342: recipe for target '_builtin_inst_' failed make: *** [_builtin_inst_] Error 1 While modules.builtin is useful also for CONFIG_MODULES=n, this change in the behavior is quite unexpected. Maybe "make modules_install" can install modules.builtin irrespective of CONFIG_MODULES as Jonas originally suggested. Anyway, that commit should be reverted ASAP. Reported-by: Douglas Anderson Reported-by: Guenter Roeck Cc: Jonas Karlman Signed-off-by: Masahiro Yamada Reviewed-by: Guenter Roeck Tested-by: Guenter Roeck commit 005c34ae4b44f085120d7f371121ec7ded677761 Author: Marc Zyngier Date: Sun Jun 21 14:43:15 2020 +0100 irqchip/gic: Atomically update affinity The GIC driver uses a RMW sequence to update the affinity, and relies on the gic_lock_irqsave/gic_unlock_irqrestore sequences to update it atomically. But these sequences only expand into anything meaningful if the BL_SWITCHER option is selected, which almost never happens. It also turns out that using a RMW and locks is just as silly, as the GIC distributor supports byte accesses for the GICD_TARGETRn registers, which when used make the update atomic by definition. Drop the terminally broken code and replace it by a byte write. Fixes: 04c8b0f82c7d ("irqchip/gic: Make locking a BL_SWITCHER only feature") Cc: stable@vger.kernel.org Signed-off-by: Marc Zyngier commit 559fe74ba6b0c8283e923a64f19fc0398fb64d04 Author: Palmer Dabbelt Date: Thu Jun 11 10:53:02 2020 -0700 irqchip/riscv-intc: Fix a typo in a pr_warn() Anup originally re-spun his patch set to include this fix, but it was a bit too late for my PR so I've split it out. Signed-off-by: Palmer Dabbelt Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20200611175302.253540-1-palmer@dabbelt.com commit 31dbb6b1d025506b3b8b8b74e9b697df47b9f696 Author: Zenghui Yu Date: Fri Jun 5 13:23:45 2020 +0800 irqchip/gic-v4.1: Use readx_poll_timeout_atomic() to fix sleep in atomic readx_poll_timeout() can sleep if @sleep_us is specified by the caller, and is therefore unsafe to be used inside the atomic context, which is this case when we use it to poll the GICR_VPENDBASER.Dirty bit in irq_set_vcpu_affinity() callback. Let's convert to its atomic version instead which helps to get the v4.1 board back to life! Fixes: 96806229ca03 ("irqchip/gic-v4.1: Add support for VPENDBASER's Dirty+Valid signaling") Signed-off-by: Zenghui Yu Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20200605052345.1494-1-yuzenghui@huawei.com commit a23df9a4bd326fb4c7f160b72b0e0560b989ac29 Author: Jiaxun Yang Date: Sat May 30 20:11:12 2020 +0800 irqchip/loongson-pci-msi: Fix a typo in Kconfig PCH MSI driver's menuconfig entry was wrong. Fix it. Fixes: 632dcc2c75ef ("irqchip: Add Loongson PCH MSI controller") Signed-off-by: Jiaxun Yang Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20200530121113.1797678-2-jiaxun.yang@flygoat.com commit 7f757cb6b2fc0ad704d0ca0b7b5a2729aca35580 Author: Bartlomiej Zolnierkiewicz Date: Tue Jun 9 11:29:43 2020 +0200 video: fbdev: uvesafb: fix "noblank" option handling Fix the recent regression. Fixes: dbc7ece12a38 ("video: uvesafb: use true,false for bool variables") Cc: Jason Yan Reviewed-by: Sam Ravnborg Signed-off-by: Bartlomiej Zolnierkiewicz Signed-off-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/81c9f140-d6fb-803a-18c8-04dae1007ab3@samsung.com commit 8a4f5e1185db61bce6ce3a5dce6381a77bcf94e6 Author: Tomi Valkeinen Date: Tue Jun 9 13:28:09 2020 +0300 drm/panel-simple: fix connector type for newhaven_nhd_43_480272ef_atxl Add connector type for newhaven_nhd_43_480272ef_atxl, as drm_panel_bridge_add() requires connector type to be set. Signed-off-by: Tomi Valkeinen Cc: stable@vger.kernel.org # v5.5+ Signed-off-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/20200609102809.753203-1-tomi.valkeinen@ti.com commit efb94790852ae673b18efde1b171d284689ff333 Author: Adam Ford Date: Mon Jun 15 08:19:34 2020 -0500 drm/panel-simple: fix connector type for LogicPD Type28 Display The LogicPD Type28 display used by several Logic PD products has not worked since v5.6. The connector type for the LogicPD Type 28 display is missing and drm_panel_bridge_add() requires connector type to be set. Signed-off-by: Adam Ford Fixes: 0d35408afbeb ("drm/panel: simple: Add Logic PD Type 28 display support") Cc: Adam Ford Cc: Sam Ravnborg Cc: Thierry Reding Cc: dri-devel@lists.freedesktop.org Cc: # v5.6+ Signed-off-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/20200615131934.12440-1-aford173@gmail.com commit 67c20de35a3cc2e2cd940f95ebd85ed0a765315a Author: Rob Gill Date: Sat Jun 20 02:08:25 2020 +0000 net: Add MODULE_DESCRIPTION entries to network modules The user tool modinfo is used to get information on kernel modules, including a description where it is available. This patch adds a brief MODULE_DESCRIPTION to the following modules: 9p drop_monitor esp4_offload esp6_offload fou fou6 ila sch_fq sch_fq_codel sch_hhf Signed-off-by: Rob Gill Signed-off-by: David S. Miller commit 0041cd5a50442db6e456b145892a0eaf2dff061f Author: David Howells Date: Fri Jun 19 23:38:16 2020 +0100 rxrpc: Fix notification call on completion of discarded calls When preallocated service calls are being discarded, they're passed to ->discard_new_call() to have the caller clean up any attached higher-layer preallocated pieces before being marked completed. However, the act of marking them completed now invokes the call's notification function - which causes a problem because that function might assume that the previously freed pieces of memory are still there. Fix this by setting a dummy notification function on the socket after calling ->discard_new_call(). This results in the following kasan message when the kafs module is removed. ================================================================== BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 fs/afs/rxrpc.c:707 Write of size 1 at addr ffff8880946c39e4 by task kworker/u4:1/21 CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18f/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd3/0x413 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 afs_wake_up_async_call+0x6aa/0x770 fs/afs/rxrpc.c:707 rxrpc_notify_socket+0x1db/0x5d0 net/rxrpc/recvmsg.c:40 __rxrpc_set_call_completion.part.0+0x172/0x410 net/rxrpc/recvmsg.c:76 __rxrpc_call_completed net/rxrpc/recvmsg.c:112 [inline] rxrpc_call_completed+0xca/0xf0 net/rxrpc/recvmsg.c:111 rxrpc_discard_prealloc+0x781/0xab0 net/rxrpc/call_accept.c:233 rxrpc_listen+0x147/0x360 net/rxrpc/af_rxrpc.c:245 afs_close_socket+0x95/0x320 fs/afs/rxrpc.c:110 afs_net_exit+0x1bc/0x310 fs/afs/main.c:155 ops_exit_list.isra.0+0xa8/0x150 net/core/net_namespace.c:186 cleanup_net+0x511/0xa50 net/core/net_namespace.c:603 process_one_work+0x965/0x1690 kernel/workqueue.c:2269 worker_thread+0x96/0xe10 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:291 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Allocated by task 6820: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc mm/kasan/common.c:494 [inline] __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:467 kmem_cache_alloc_trace+0x153/0x7d0 mm/slab.c:3551 kmalloc include/linux/slab.h:555 [inline] kzalloc include/linux/slab.h:669 [inline] afs_alloc_call+0x55/0x630 fs/afs/rxrpc.c:141 afs_charge_preallocation+0xe9/0x2d0 fs/afs/rxrpc.c:757 afs_open_socket+0x292/0x360 fs/afs/rxrpc.c:92 afs_net_init+0xa6c/0xe30 fs/afs/main.c:125 ops_init+0xaf/0x420 net/core/net_namespace.c:151 setup_net+0x2de/0x860 net/core/net_namespace.c:341 copy_net_ns+0x293/0x590 net/core/net_namespace.c:482 create_new_namespaces+0x3fb/0xb30 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xbd/0x1f0 kernel/nsproxy.c:231 ksys_unshare+0x43d/0x8e0 kernel/fork.c:2983 __do_sys_unshare kernel/fork.c:3051 [inline] __se_sys_unshare kernel/fork.c:3049 [inline] __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3049 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 21: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] kasan_set_free_info mm/kasan/common.c:316 [inline] __kasan_slab_free+0xf7/0x140 mm/kasan/common.c:455 __cache_free mm/slab.c:3426 [inline] kfree+0x109/0x2b0 mm/slab.c:3757 afs_put_call+0x585/0xa40 fs/afs/rxrpc.c:190 rxrpc_discard_prealloc+0x764/0xab0 net/rxrpc/call_accept.c:230 rxrpc_listen+0x147/0x360 net/rxrpc/af_rxrpc.c:245 afs_close_socket+0x95/0x320 fs/afs/rxrpc.c:110 afs_net_exit+0x1bc/0x310 fs/afs/main.c:155 ops_exit_list.isra.0+0xa8/0x150 net/core/net_namespace.c:186 cleanup_net+0x511/0xa50 net/core/net_namespace.c:603 process_one_work+0x965/0x1690 kernel/workqueue.c:2269 worker_thread+0x96/0xe10 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:291 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 The buggy address belongs to the object at ffff8880946c3800 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 484 bytes inside of 1024-byte region [ffff8880946c3800, ffff8880946c3c00) The buggy address belongs to the page: page:ffffea000251b0c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0xfffe0000000200(slab) raw: 00fffe0000000200 ffffea0002546508 ffffea00024fa248 ffff8880aa000c40 raw: 0000000000000000 ffff8880946c3000 0000000100000002 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880946c3880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880946c3900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8880946c3980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880946c3a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880946c3a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Reported-by: syzbot+d3eccef36ddbd02713e9@syzkaller.appspotmail.com Fixes: 5ac0d62226a0 ("rxrpc: Fix missing notification") Signed-off-by: David Howells Signed-off-by: David S. Miller commit 7fcaf73193e9d15f4d65d43aaf890fd3fbea1836 Merge: 54eeea0d707d e795a61a85e6 Author: David S. Miller Date: Sat Jun 20 21:30:23 2020 -0700 Merge tag 'ieee802154-for-davem-2020-06-19' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan Stefan Schmidt says: ==================== pull-request: ieee802154 for net 2020-06-19 An update from ieee802154 for your *net* tree. Just two small maintenance fixes to update references to the new project homepage. ==================== Signed-off-by: David S. Miller commit 64677779e8962c20b580b471790fe42367750599 Merge: a5c6a1f0fe1d b8f1d1e05817 Author: Linus Torvalds Date: Sat Jun 20 19:23:13 2020 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "One minor fix and two patches reworking the ata dma drain for the !CONFIG_LIBATA case. The latter is a 5.7 regression fix" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: Wire up ata_scsi_dma_need_drain for SAS HBA drivers scsi: libata: Provide an ata_scsi_dma_need_drain stub for !CONFIG_ATA scsi: ufs-bsg: Fix runtime PM imbalance on error commit a5c6a1f0fe1d182489864b708fa472d0333b39d4 Merge: 8b6ddd10d678 28f9f8fb4f40 Author: Linus Torvalds Date: Sat Jun 20 19:18:27 2020 -0700 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: - a small collection of remaining API conversion patches (all acked) which allow to finally remove the deprecated API - some documentation fixes and a MAINTAINERS addition * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: MAINTAINERS: Add robert and myself as qcom i2c cci maintainers i2c: smbus: Fix spelling mistake in the comments Documentation/i2c: SMBus start signal is S not A i2c: remove deprecated i2c_new_device API Documentation: media: convert to use i2c_new_client_device() video: backlight: tosa_lcd: convert to use i2c_new_client_device() x86/platform/intel-mid: convert to use i2c_new_client_device() drm: encoder_slave: use new I2C API drm: encoder_slave: fix refcouting error for modules commit 5f9af404eec82981c4345c9943be48422234e7ab Author: Daniel Gomez Date: Mon May 18 22:16:46 2020 +0200 drm: rcar-du: Fix build error Select DRM_KMS_HELPER dependency. Build error when DRM_KMS_HELPER is not selected: drivers/gpu/drm/rcar-du/rcar_lvds.o:(.rodata+0xd48): undefined reference to `drm_atomic_helper_bridge_duplicate_state' drivers/gpu/drm/rcar-du/rcar_lvds.o:(.rodata+0xd50): undefined reference to `drm_atomic_helper_bridge_destroy_state' drivers/gpu/drm/rcar-du/rcar_lvds.o:(.rodata+0xd70): undefined reference to `drm_atomic_helper_bridge_reset' drivers/gpu/drm/rcar-du/rcar_lvds.o:(.rodata+0xdc8): undefined reference to `drm_atomic_helper_connector_reset' drivers/gpu/drm/rcar-du/rcar_lvds.o:(.rodata+0xde0): undefined reference to `drm_helper_probe_single_connector_modes' drivers/gpu/drm/rcar-du/rcar_lvds.o:(.rodata+0xe08): undefined reference to `drm_atomic_helper_connector_duplicate_state' drivers/gpu/drm/rcar-du/rcar_lvds.o:(.rodata+0xe10): undefined reference to `drm_atomic_helper_connector_destroy_state' Fixes: c6a27fa41fab ("drm: rcar-du: Convert LVDS encoder code to bridge driver") Cc: Signed-off-by: Daniel Gomez Reviewed-by: Emil Velikov Reviewed-by: Kieran Bingham Reviewed-by: Laurent Pinchart Signed-off-by: Laurent Pinchart commit 54eeea0d707d4e6efb02f5a7896d6788472a2da4 Author: Hangbin Liu Date: Fri Jun 19 11:24:45 2020 +0800 tc-testing: update geneve options match in tunnel_key unit tests Since iproute2 commit f72c3ad00f3b ("tc: m_tunnel_key: add options support for vxlan"), the geneve opt output use key word "geneve_opts" instead of "geneve_opt". To make compatibility for both old and new iproute2, let's accept both "geneve_opt" and "geneve_opts". Suggested-by: Davide Caratti Signed-off-by: Hangbin Liu Reviewed-by: Simon Horman Tested-by: Davide Caratti Signed-off-by: David S. Miller commit 89fbd26cca7ec9e82ec4787a4b6e95939b57d073 Author: Heiner Kallweit Date: Thu Jun 18 23:25:50 2020 +0200 r8169: fix firmware not resetting tp->ocp_base Typically the firmware takes care that tp->ocp_base is reset to its default value. That's not the case (at least) for RTL8117. As a result subsequent PHY access reads/writes the wrong page and the link is broken. Fix this be resetting tp->ocp_base explicitly. Fixes: 229c1e0dfd3d ("r8169: load firmware for RTL8168fp/RTL8117") Reported-by: Aaron Ma Tested-by: Aaron Ma Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit 8b40eb73509f5704a0e8cd25de0163876299f1a7 Author: Dany Madden Date: Thu Jun 18 15:24:13 2020 -0400 ibmvnic: continue to init in CRQ reset returns H_CLOSED Continue the reset path when partner adapter is not ready or H_CLOSED is returned from reset crq. This patch allows the CRQ init to proceed to establish a valid CRQ for traffic to flow after reset. Signed-off-by: Dany Madden Signed-off-by: David S. Miller commit b59eabd23ee53e8c3492602722e1697f9a2f63ad Author: Shannon Nelson Date: Thu Jun 18 10:29:04 2020 -0700 ionic: tame the watchdog timer on reconfig Even with moving netif_tx_disable() to an earlier point when taking down the queues for a reconfiguration, we still end up with the occasional netdev watchdog Tx Timeout complaint. The old method of using netif_trans_update() works fine for queue 0, but has no effect on the remaining queues. Using netif_device_detach() allows us to signal to the watchdog to ignore us for the moment. Fixes: beead698b173 ("ionic: Add the basic NDO callbacks for netdev support") Signed-off-by: Shannon Nelson Acked-by: Jonathan Toppins Signed-off-by: David S. Miller commit 25fae752156db7253471347df08a2700501eafde Author: Drew Fustini Date: Fri Jun 12 13:27:58 2020 +0200 pinctrl: single: fix function name in documentation Use the correct the function name in the documentation for "pcs_parse_one_pinctrl_entry()". "smux_parse_one_pinctrl_entry()" appears to be an artifact from the development of a prior patch series ("simple pinmux driver") which transformed into pinctrl-single. Signed-off-by: Drew Fustini Link: https://lore.kernel.org/r/20200612112758.GA3407886@x1 Signed-off-by: Linus Walleij commit 8b6ddd10d678bebec32381f71b6b420bafc43ad0 Merge: eede2b9b3fe0 026bb845b0ff Author: Linus Torvalds Date: Sat Jun 20 13:17:47 2020 -0700 Merge tag 'trace-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: - Have recordmcount work with > 64K sections (to support LTO) - kprobe RCU fixes - Correct a kprobe critical section with missing mutex - Remove redundant arch_disarm_kprobe() call - Fix lockup when kretprobe triggers within kprobe_flush_task() - Fix memory leak in fetch_op_data operations - Fix sleep in atomic in ftrace trace array sample code - Free up memory on failure in sample trace array code - Fix incorrect reporting of function_graph fields in format file - Fix quote within quote parsing in bootconfig - Fix return value of bootconfig tool - Add testcases for bootconfig tool - Fix maybe uninitialized warning in ftrace pid file code - Remove unused variable in tracing_iter_reset() - Fix some typos * tag 'trace-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: ftrace: Fix maybe-uninitialized compiler warning tools/bootconfig: Add testcase for show-command and quotes test tools/bootconfig: Fix to return 0 if succeeded to show the bootconfig tools/bootconfig: Fix to use correct quotes for value proc/bootconfig: Fix to use correct quotes for value tracing: Remove unused event variable in tracing_iter_reset tracing/probe: Fix memleak in fetch_op_data operations trace: Fix typo in allocate_ftrace_ops()'s comment tracing: Make ftrace packed events have align of 1 sample-trace-array: Remove trace_array 'sample-instance' sample-trace-array: Fix sleeping function called from invalid context kretprobe: Prevent triggering kretprobe from within kprobe_flush_task kprobes: Remove redundant arch_disarm_kprobe() call kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex kprobes: Use non RCU traversal APIs on kprobe_tables if possible kprobes: Suppress the suspicious RCU warning on kprobes recordmcount: support >64k sections commit eede2b9b3fe01168940bb42ff3ab502ef5f6375c Merge: 1566feea450c 9df24eaef86f Author: Linus Torvalds Date: Sat Jun 20 13:13:21 2020 -0700 Merge tag 'libnvdimm-for-5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm updates from Dan Williams: "A feature (papr_scm health retrieval) and a fix (sysfs attribute visibility) for v5.8. Vaibhav explains in the merge commit below why missing v5.8 would be painful and I agreed to try a -rc2 pull because only cosmetics kept this out of -rc1 and his initial versions were posted in more than enough time for v5.8 consideration: 'These patches are tied to specific features that were committed to customers in upcoming distros releases (RHEL and SLES) whose time-lines are tied to 5.8 kernel release. Being able to track the health of an nvdimm is critical for our customers that are running workloads leveraging papr-scm nvdimms. Missing the 5.8 kernel would mean missing the distro timelines and shifting forward the availability of this feature in distro kernels by at least 6 months' Summary: - Fix the visibility of the region 'align' attribute. The new unit tests for region alignment handling caught a corner case where the alignment cannot be specified if the region is converted from static to dynamic provisioning at runtime. - Add support for device health retrieval for the persistent memory supported by the papr_scm driver. This includes both the standard sysfs "health flags" that the nfit persistent memory driver publishes and a mechanism for the ndctl tool to retrieve a health-command payload" * tag 'libnvdimm-for-5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: nvdimm/region: always show the 'align' attribute powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() powerpc/papr_scm: Fetch nvdimm health information from PHYP seq_buf: Export seq_buf_printf powerpc: Document details on H_SCM_HEALTH hcall commit 7f5f4de83ca30a4922bb178b80144e2778faad01 Author: Sivaprakash Murugesan Date: Fri Jun 19 10:01:29 2020 +0530 pinctrl: qcom: ipq6018 Add missing pins in qpic pin group The patch adds missing qpic data pins to qpic pingroup. These pins are necessary for the qpic nand to work. Fixes: ef1ea54eab0e ("pinctrl: qcom: Add ipq6018 pinctrl driver") Signed-off-by: Sivaprakash Murugesan Link: https://lore.kernel.org/r/1592541089-17700-1-git-send-email-sivaprak@codeaurora.org Signed-off-by: Linus Walleij commit 13f2d25b951f139064ec2dd53c0c7ebdf8d8007e Author: Haibo Chen Date: Tue Jun 9 11:27:03 2020 +0800 Revert "pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'" This reverts commit ba403242615c2c99e27af7984b1650771a2cc2c9. After commit 26d8cde5260b ("pinctrl: freescale: imx: add shared input select reg support"). i.MX7D has two iomux controllers iomuxc and iomuxc-lpsr which share select_input register for daisy chain settings. If use 'devm_of_iomap()', when probe the iomuxc-lpsr, will call devm_request_mem_region() for the region <0x30330000-0x3033ffff> for the first time. Then, next time when probe the iomuxc, API devm_platform_ioremap_resource() will also use the API devm_request_mem_region() for the share region <0x30330000-0x3033ffff> again, then cause issue, log like below: [ 0.179561] imx7d-pinctrl 302c0000.iomuxc-lpsr: initialized IMX pinctrl driver [ 0.191742] imx7d-pinctrl 30330000.pinctrl: can't request region for resource [mem 0x30330000-0x3033ffff] [ 0.191842] imx7d-pinctrl: probe of 30330000.pinctrl failed with error -16 Fixes: ba403242615c ("pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'") Signed-off-by: Haibo Chen Reviewed-by: Dong Aisheng Link: https://lore.kernel.org/r/1591673223-1680-1-git-send-email-haibo.chen@nxp.com Signed-off-by: Linus Walleij commit 1566feea450cb0ffcdb47daf723f62640c9f616a Merge: 7fdfbe08a2b3 b3583fca5fb6 Author: Linus Torvalds Date: Sat Jun 20 12:31:08 2020 -0700 Merge tag 's390-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Vasily Gorbik: - a few ptrace fixes mostly for strace and seccomp_bpf kernel tests findings - cleanup unused pm callbacks in virtio ccw - replace kmalloc + memset with kzalloc in crypto - use $(LD) for vDSO linkage to make clang happy - fix vDSO clock_getres() to preserve the same behaviour as posix_get_hrtimer_res() - fix workqueue cpumask warning when NUMA=n and nr_node_ids=2 - reduce SLSB writes during input processing, improve warnings and cleanup qdio_data usage in qdio - a few fixes to use scnprintf() instead of snprintf() * tag 's390-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390: fix syscall_get_error for compat processes s390/qdio: warn about unexpected SLSB states s390/qdio: clean up usage of qdio_data s390/numa: let NODES_SHIFT depend on NEED_MULTIPLE_NODES s390/vdso: fix vDSO clock_getres() s390/vdso: Use $(LD) instead of $(CC) to link vDSO s390/protvirt: use scnprintf() instead of snprintf() s390: use scnprintf() in sys_##_prefix##_##_name##_show s390/crypto: use scnprintf() instead of snprintf() s390/zcrypt: use kzalloc s390/virtio: remove unused pm callbacks s390/qdio: reduce SLSB writes during Input Queue processing selftests/seccomp: s390 shares the syscall and return value register s390/ptrace: fix setting syscall number s390/ptrace: pass invalid syscall numbers to tracing s390/ptrace: return -ENOSYS when invalid syscall is supplied s390/seccomp: pass syscall arguments via seccomp_data s390/qdio: fine-tune SLSB update commit 7fdfbe08a2b3e2bf776e2f2b341768ba93c2e158 Merge: 27c2760561c0 0e2c09011d4d Author: Linus Torvalds Date: Sat Jun 20 12:14:29 2020 -0700 Merge tag 'riscv-for-linus-5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux Pull RISC-V fixes from Palmer Dabbelt: - a workaround for a compiler surprise related to the "r" inline assembly that allows LLVM to boot. - a fix to avoid WX-only mappings, which the ISA does not allow. While this probably manifests in many ways, the bug was found in stress-ng. - a missing lock in set_direct_map_*(), which due to a recent lockdep change started asserting. * tag 'riscv-for-linus-5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: RISC-V: Acquire mmap lock before invoking walk_page_range RISC-V: Don't allow write+exec only page mapping request in mmap riscv/atomic: Fix sign extension for RV64I commit 27c2760561c0c68595b60a084c317b34e85e7c73 Merge: 5481fc6eb8a7 1b8eec510ba6 Author: Linus Torvalds Date: Sat Jun 20 12:10:09 2020 -0700 Merge tag 'linux-kselftest-5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kselftest cleanups from Shuah Khan: - ftrace "requires:" list for simplifying and unifying requirement checks for each test case, adding "requires:" line instead of checking required ftrace interfaces in each test case. - a minor spelling correction patch * tag 'linux-kselftest-5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests/ftrace: Support ":README" suffix for requires selftests/ftrace: Support ":tracer" suffix for requires selftests/ftrace: Convert check_filter_file() with requires list selftests/ftrace: Convert required interface checks into requires list selftests/ftrace: Add "requires:" list support selftests/ftrace: Return unsupported for the unconfigured features selftests/ftrace: Allow ":" in description tools: testing: ftrace: trigger: fix spelling mistake commit 5481fc6eb8a7f4b76d8ad1be371d2e11b22bfb55 Author: David Howells Date: Fri Jun 19 23:39:36 2020 +0100 afs: Fix hang on rmmod due to outstanding timer The fileserver probe timer, net->fs_probe_timer, isn't cancelled when the kafs module is being removed and so the count it holds on net->servers_outstanding doesn't get dropped.. This causes rmmod to wait forever. The hung process shows a stack like: afs_purge_servers+0x1b5/0x23c [kafs] afs_net_exit+0x44/0x6e [kafs] ops_exit_list+0x72/0x93 unregister_pernet_operations+0x14c/0x1ba unregister_pernet_subsys+0x1d/0x2a afs_exit+0x29/0x6f [kafs] __do_sys_delete_module.isra.0+0x1a2/0x24b do_syscall_64+0x51/0x95 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fix this by: (1) Attempting to cancel the probe timer and, if successful, drop the count that the timer was holding. (2) Make the timer function just drop the count and not schedule the prober if the afs portion of net namespace is being destroyed. Also, whilst we're at it, make the following changes: (3) Initialise net->servers_outstanding to 1 and decrement it before waiting on it so that it doesn't generate wake up events by being decremented to 0 until we're cleaning up. (4) Switch the atomic_dec() on ->servers_outstanding for ->fs_timer in afs_purge_servers() to use the helper function for that. Fixes: f6cbb368bcb0 ("afs: Actively poll fileservers to maintain NAT or firewall openings") Signed-off-by: David Howells Signed-off-by: Linus Torvalds commit f8ea5c7bceeb6ce6e7b3e7fb28c9dda8c0a58dcb Author: David Howells Date: Fri Jun 19 00:01:28 2020 +0100 afs: Fix afs_do_lookup() to call correct fetch-status op variant Fix afs_do_lookup()'s fallback case for when FS.InlineBulkStatus isn't supported by the server. In the fallback, it calls FS.FetchStatus for the specific vnode it's meant to be looking up. Commit b6489a49f7b7 broke this by renaming one of the two identically-named afs_fetch_status_operation descriptors to something else so that one of them could be made non-static. The site that used the renamed one, however, wasn't renamed and didn't produce any warning because the other was declared in a header. Fix this by making afs_do_lookup() use the renamed variant. Note that there are two variants of the success method because one is called from ->lookup() where we may or may not have an inode, but can't call iget until after we've talked to the server - whereas the other is called from within iget where we have an inode, but it may or may not be initialised. The latter variant expects there to be an inode, but because it's being called from there former case, there might not be - resulting in an oops like the following: BUG: kernel NULL pointer dereference, address: 00000000000000b0 ... RIP: 0010:afs_fetch_status_success+0x27/0x7e ... Call Trace: afs_wait_for_operation+0xda/0x234 afs_do_lookup+0x2fe/0x3c1 afs_lookup+0x3c5/0x4bd __lookup_slow+0xcd/0x10f walk_component+0xa2/0x10c path_lookupat.isra.0+0x80/0x110 filename_lookup+0x81/0x104 vfs_statx+0x76/0x109 __do_sys_newlstat+0x39/0x6b do_syscall_64+0x4c/0x78 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: b6489a49f7b7 ("afs: Fix silly rename") Signed-off-by: David Howells Signed-off-by: Linus Torvalds commit c0e1c8c22bebecef40097c80c1c74492ff96d081 Author: Christophe Leroy Date: Mon Jun 15 12:57:59 2020 +0000 powerpc/8xx: Provide ptep_get() with 16k pages READ_ONCE() now enforces atomic read, which leads to: CC mm/gup.o In file included from ./include/linux/kernel.h:11:0, from mm/gup.c:2: In function 'gup_hugepte.constprop', inlined from 'gup_huge_pd.isra.79' at mm/gup.c:2465:8: ./include/linux/compiler.h:392:38: error: call to '__compiletime_assert_222' declared with attribute error: Unsupported access size for {READ,WRITE}_ONCE(). _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ ./include/linux/compiler.h:373:4: note: in definition of macro '__compiletime_assert' prefix ## suffix(); \ ^ ./include/linux/compiler.h:392:2: note: in expansion of macro '_compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ ./include/linux/compiler.h:405:2: note: in expansion of macro 'compiletime_assert' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ ./include/linux/compiler.h:291:2: note: in expansion of macro 'compiletime_assert_rwonce_type' compiletime_assert_rwonce_type(x); \ ^ mm/gup.c:2428:8: note: in expansion of macro 'READ_ONCE' pte = READ_ONCE(*ptep); ^ In function 'gup_get_pte', inlined from 'gup_pte_range' at mm/gup.c:2228:9, inlined from 'gup_pmd_range' at mm/gup.c:2613:15, inlined from 'gup_pud_range' at mm/gup.c:2641:15, inlined from 'gup_p4d_range' at mm/gup.c:2666:15, inlined from 'gup_pgd_range' at mm/gup.c:2694:15, inlined from 'internal_get_user_pages_fast' at mm/gup.c:2795:3: ./include/linux/compiler.h:392:38: error: call to '__compiletime_assert_219' declared with attribute error: Unsupported access size for {READ,WRITE}_ONCE(). _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ ./include/linux/compiler.h:373:4: note: in definition of macro '__compiletime_assert' prefix ## suffix(); \ ^ ./include/linux/compiler.h:392:2: note: in expansion of macro '_compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ ./include/linux/compiler.h:405:2: note: in expansion of macro 'compiletime_assert' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ ./include/linux/compiler.h:291:2: note: in expansion of macro 'compiletime_assert_rwonce_type' compiletime_assert_rwonce_type(x); \ ^ mm/gup.c:2199:9: note: in expansion of macro 'READ_ONCE' return READ_ONCE(*ptep); ^ make[2]: *** [mm/gup.o] Error 1 Define ptep_get() on 8xx when using 16k pages. Fixes: 9e343b467c70 ("READ_ONCE: Enforce atomicity for {READ,WRITE}_ONCE() memory accesses") Signed-off-by: Christophe Leroy Acked-by: Will Deacon Acked-by: Peter Zijlstra (Intel) Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/341688399c1b102756046d19ea6ce39db1ae4742.1592225558.git.christophe.leroy@csgroup.eu commit 481e980a7c199c5a4634fd7ea308067dd4ba75fa Author: Christophe Leroy Date: Mon Jun 15 12:57:58 2020 +0000 mm: Allow arches to provide ptep_get() Since commit 9e343b467c70 ("READ_ONCE: Enforce atomicity for {READ,WRITE}_ONCE() memory accesses") it is not possible anymore to use READ_ONCE() to access complex page table entries like the one defined for powerpc 8xx with 16k size pages. Define a ptep_get() helper that architectures can override instead of performing a READ_ONCE() on the page table entry pointer. Fixes: 9e343b467c70 ("READ_ONCE: Enforce atomicity for {READ,WRITE}_ONCE() memory accesses") Signed-off-by: Christophe Leroy Acked-by: Will Deacon Acked-by: Peter Zijlstra (Intel) Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/087fa12b6e920e32315136b998aa834f99242695.1592225558.git.christophe.leroy@csgroup.eu commit 55ca22633a9faa34c6a61d99433f9cc8e28dd7cc Author: Christophe Leroy Date: Mon Jun 15 12:57:57 2020 +0000 mm/gup: Use huge_ptep_get() in gup_hugepte() gup_hugepte() reads hugepage table entries, it can't read them directly, huge_ptep_get() must be used. Fixes: 9e343b467c70 ("READ_ONCE: Enforce atomicity for {READ,WRITE}_ONCE() memory accesses") Signed-off-by: Christophe Leroy Acked-by: Will Deacon Acked-by: Peter Zijlstra (Intel) Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/ffc3714334c3bfaca6f13788ad039e8759ae413f.1592225558.git.christophe.leroy@csgroup.eu commit ca8826095e4d4afc0ccaead27bba6e4b623a12ae Author: Willem de Bruijn Date: Thu Jun 18 12:40:43 2020 -0400 selftests/net: report etf errors correctly The ETF qdisc can queue skbs that it could not pace on the errqueue. Address a few issues in the selftest - recv buffer size was too small, and incorrectly calculated - compared errno to ee_code instead of ee_errno - missed invalid request error type v2: - fix a few checkpatch --strict indentation warnings Fixes: ea6a547669b3 ("selftests/net: make so_txtime more robust to timer variance") Signed-off-by: Willem de Bruijn Signed-off-by: David S. Miller commit 5948378b26d89f8aa5eac37629dbd0616ce8d7a7 Author: Thomas Falcon Date: Thu Jun 18 10:43:46 2020 -0500 ibmveth: Fix max MTU limit The max MTU limit defined for ibmveth is not accounting for virtual ethernet buffer overhead, which is twenty-two additional bytes set aside for the ethernet header and eight additional bytes of an opaque handle reserved for use by the hypervisor. Update the max MTU to reflect this overhead. Fixes: d894be57ca92 ("ethernet: use net core MTU range checking in more drivers") Fixes: 110447f8269a ("ethernet: fix min/max MTU typos") Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller commit 95dcd89275bc54f59a16757c9712c0f981b413e2 Merge: 56c09de347e4 3c005110d408 Author: David S. Miller Date: Fri Jun 19 20:12:59 2020 -0700 Merge branch 'several-fixes-for-indirect-flow_blocks-offload' wenxu says: ==================== several fixes for indirect flow_blocks offload v2: patch2: store the cb_priv of representor to the flow_block_cb->indr.cb_priv in the driver. And make the correct check with the statments this->indr.cb_priv == cb_priv patch4: del the driver list only in the indriect cleanup callbacks v3: add the cover letter and changlogs. v4: collapsed 1/4, 2/4, 4/4 in v3 to one fix Add the prepare patch 1 and 2 v5: patch1: place flow_indr_block_cb_alloc() right before flow_indr_dev_setup_offload() to avoid moving flow_block_indr_init() This series fixes commit 1fac52da5942 ("net: flow_offload: consolidate indirect flow_block infrastructure") that revists the flow_block infrastructure. patch #1 #2: prepare for fix patch #3 add and use flow_indr_block_cb_alloc/remove function patch #3: fix flow_indr_dev_unregister path If the representor is removed, then identify the indirect flow_blocks that need to be removed by the release callback and the port representor structure. To identify the port representor structure, a new indr.cb_priv field needs to be introduced. The flow_block also needs to be removed from the driver list from the cleanup path patch#4 fix block->nooffloaddevcnt warning dmesg log. When a indr device add in offload success. The block->nooffloaddevcnt should be 0. After the representor go away. When the dir device go away the flow_block UNBIND operation with -EOPNOTSUPP which lead the warning demesg log. The block->nooffloaddevcnt should always count for indr block. even the indr block offload successful. The representor maybe gone away and the ingress qdisc can work in software mode. ==================== Reviewed-by: Simon Horman Signed-off-by: David S. Miller commit 3c005110d4083c52ff6c99018127adf92f3f23aa Author: wenxu Date: Thu Jun 18 20:49:11 2020 +0800 net/sched: cls_api: fix nooffloaddevcnt warning dmesg log The block->nooffloaddevcnt should always count for indr block. even the indr block offload successful. The representor maybe gone away and the ingress qdisc can work in software mode. block->nooffloaddevcnt warning with following dmesg log: [ 760.667058] ##################################################### [ 760.668186] ## TEST test-ecmp-add-vxlan-encap-disable-sriov.sh ## [ 760.669179] ##################################################### [ 761.780655] :test: Fedora 30 (Thirty) [ 761.783794] :test: Linux reg-r-vrt-018-180 5.7.0+ [ 761.822890] :test: NIC ens1f0 FW 16.26.6000 PCI 0000:81:00.0 DEVICE 0x1019 ConnectX-5 Ex [ 761.860244] mlx5_core 0000:81:00.0 ens1f0: Link up [ 761.880693] IPv6: ADDRCONF(NETDEV_CHANGE): ens1f0: link becomes ready [ 762.059732] mlx5_core 0000:81:00.1 ens1f1: Link up [ 762.234341] :test: unbind vfs of ens1f0 [ 762.257825] :test: Change ens1f0 eswitch (0000:81:00.0) mode to switchdev [ 762.291363] :test: unbind vfs of ens1f1 [ 762.306914] :test: Change ens1f1 eswitch (0000:81:00.1) mode to switchdev [ 762.309237] mlx5_core 0000:81:00.1: E-Switch: Disable: mode(LEGACY), nvfs(2), active vports(3) [ 763.282598] mlx5_core 0000:81:00.1: E-Switch: Supported tc offload range - chains: 4294967294, prios: 4294967295 [ 763.362825] mlx5_core 0000:81:00.1: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0) [ 763.444465] mlx5_core 0000:81:00.1 ens1f1: renamed from eth0 [ 763.460088] mlx5_core 0000:81:00.1: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0) [ 763.502586] mlx5_core 0000:81:00.1: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0) [ 763.552429] ens1f1_0: renamed from eth0 [ 763.569569] mlx5_core 0000:81:00.1: E-Switch: Enable: mode(OFFLOADS), nvfs(2), active vports(3) [ 763.629694] ens1f1_1: renamed from eth1 [ 764.631552] IPv6: ADDRCONF(NETDEV_CHANGE): ens1f1_0: link becomes ready [ 764.670841] :test: unbind vfs of ens1f0 [ 764.681966] :test: unbind vfs of ens1f1 [ 764.726762] mlx5_core 0000:81:00.0 ens1f0: Link up [ 764.766511] mlx5_core 0000:81:00.1 ens1f1: Link up [ 764.797325] :test: Add multipath vxlan encap rule and disable sriov [ 764.798544] :test: config multipath route [ 764.812732] mlx5_core 0000:81:00.0: lag map port 1:2 port 2:2 [ 764.874556] mlx5_core 0000:81:00.0: modify lag map port 1:1 port 2:2 [ 765.603681] :test: OK [ 765.659048] IPv6: ADDRCONF(NETDEV_CHANGE): ens1f1_1: link becomes ready [ 765.675085] :test: verify rule in hw [ 765.694237] IPv6: ADDRCONF(NETDEV_CHANGE): ens1f0: link becomes ready [ 765.711892] IPv6: ADDRCONF(NETDEV_CHANGE): ens1f1: link becomes ready [ 766.979230] :test: OK [ 768.125419] :test: OK [ 768.127519] :test: - disable sriov ens1f1 [ 768.131160] pci 0000:81:02.2: Removing from iommu group 75 [ 768.132646] pci 0000:81:02.3: Removing from iommu group 76 [ 769.179749] mlx5_core 0000:81:00.1: E-Switch: Disable: mode(OFFLOADS), nvfs(2), active vports(3) [ 769.455627] mlx5_core 0000:81:00.0: modify lag map port 1:1 port 2:1 [ 769.703990] mlx5_core 0000:81:00.1: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0) [ 769.988637] mlx5_core 0000:81:00.1 ens1f1: renamed from eth0 [ 769.990022] :test: - disable sriov ens1f0 [ 769.994922] pci 0000:81:00.2: Removing from iommu group 73 [ 769.997048] pci 0000:81:00.3: Removing from iommu group 74 [ 771.035813] mlx5_core 0000:81:00.0: E-Switch: Disable: mode(OFFLOADS), nvfs(2), active vports(3) [ 771.339091] ------------[ cut here ]------------ [ 771.340812] WARNING: CPU: 6 PID: 3448 at net/sched/cls_api.c:749 tcf_block_offload_unbind.isra.0+0x5c/0x60 [ 771.341728] Modules linked in: act_mirred act_tunnel_key cls_flower dummy vxlan ip6_udp_tunnel udp_tunnel sch_ingress nfsv3 nfs_acl nfs lockd grace fscache tun bridge stp llc sunrpc rdma_ucm rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5_core intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp mlxfw act_ct nf_flow_table kvm_intel nf_nat kvm nf_conntrack irqbypass crct10dif_pclmul igb crc32_pclmul nf_defrag_ipv6 libcrc32c nf_defrag_ipv4 crc32c_intel ghash_clmulni_intel ptp ipmi_ssif intel_cstate pps_c ore ses intel_uncore mei_me iTCO_wdt joydev ipmi_si iTCO_vendor_support i2c_i801 enclosure mei ioatdma dca lpc_ich wmi ipmi_devintf pcspkr acpi_power_meter ipmi_msghandler acpi_pad ast i2c_algo_bit drm_vram_helper drm_kms_helper drm_ttm_helper ttm drm mpt3sas raid_class scsi_transport_sas [ 771.347818] CPU: 6 PID: 3448 Comm: test-ecmp-add-v Not tainted 5.7.0+ #1146 [ 771.348727] Hardware name: Supermicro SYS-2028TP-DECR/X10DRT-P, BIOS 2.0b 03/30/2017 [ 771.349646] RIP: 0010:tcf_block_offload_unbind.isra.0+0x5c/0x60 [ 771.350553] Code: 4a fd ff ff 83 f8 a1 74 0e 5b 4c 89 e7 5d 41 5c 41 5d e9 07 93 89 ff 8b 83 a0 00 00 00 8d 50 ff 89 93 a0 00 00 00 85 c0 75 df <0f> 0b eb db 0f 1f 44 00 00 41 57 41 56 41 55 41 89 cd 41 54 49 89 [ 771.352420] RSP: 0018:ffffb33144cd3b00 EFLAGS: 00010246 [ 771.353353] RAX: 0000000000000000 RBX: ffff8b37cf4b2800 RCX: 0000000000000000 [ 771.354294] RDX: 00000000ffffffff RSI: ffff8b3b9aad0000 RDI: ffffffff8d5c6e20 [ 771.355245] RBP: ffff8b37eb546948 R08: ffffffffc0b7a348 R09: ffff8b3b9aad0000 [ 771.356189] R10: 0000000000000001 R11: ffff8b3ba7a0a1c0 R12: ffff8b37cf4b2850 [ 771.357123] R13: ffff8b3b9aad0000 R14: ffff8b37cf4b2820 R15: ffff8b37cf4b2820 [ 771.358039] FS: 00007f8a19b6e740(0000) GS:ffff8b3befa00000(0000) knlGS:0000000000000000 [ 771.358965] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 771.359885] CR2: 00007f3afb91c1a0 CR3: 000000045133c004 CR4: 00000000001606e0 [ 771.360825] Call Trace: [ 771.361764] __tcf_block_put+0x84/0x150 [ 771.362712] ingress_destroy+0x1b/0x20 [sch_ingress] [ 771.363658] qdisc_destroy+0x3e/0xc0 [ 771.364594] dev_shutdown+0x7a/0xa5 [ 771.365522] rollback_registered_many+0x20d/0x530 [ 771.366458] ? netdev_upper_dev_unlink+0x15d/0x1c0 [ 771.367387] unregister_netdevice_many.part.0+0xf/0x70 [ 771.368310] vxlan_netdevice_event+0xa4/0x110 [vxlan] [ 771.369454] notifier_call_chain+0x4c/0x70 [ 771.370579] rollback_registered_many+0x2f5/0x530 [ 771.371719] rollback_registered+0x56/0x90 [ 771.372843] unregister_netdevice_queue+0x73/0xb0 [ 771.373982] unregister_netdev+0x18/0x20 [ 771.375168] mlx5e_vport_rep_unload+0x56/0xc0 [mlx5_core] [ 771.376327] esw_offloads_disable+0x81/0x90 [mlx5_core] [ 771.377512] mlx5_eswitch_disable_locked.cold+0xcb/0x1af [mlx5_core] [ 771.378679] mlx5_eswitch_disable+0x44/0x60 [mlx5_core] [ 771.379822] mlx5_device_disable_sriov+0xad/0xb0 [mlx5_core] [ 771.380968] mlx5_core_sriov_configure+0xc1/0xe0 [mlx5_core] [ 771.382087] sriov_numvfs_store+0xfc/0x130 [ 771.383195] kernfs_fop_write+0xce/0x1b0 [ 771.384302] vfs_write+0xb6/0x1a0 [ 771.385410] ksys_write+0x5f/0xe0 [ 771.386500] do_syscall_64+0x5b/0x1d0 [ 771.387569] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 0fdcf78d5973 ("net: use flow_indr_dev_setup_offload()") Signed-off-by: wenxu Signed-off-by: David S. Miller commit a1db217861f33b8d9ea8171bcacee51186e2d5ba Author: wenxu Date: Thu Jun 18 20:49:10 2020 +0800 net: flow_offload: fix flow_indr_dev_unregister path If the representor is removed, then identify the indirect flow_blocks that need to be removed by the release callback and the port representor structure. To identify the port representor structure, a new indr.cb_priv field needs to be introduced. The flow_block also needs to be removed from the driver list from the cleanup path. Fixes: 1fac52da5942 ("net: flow_offload: consolidate indirect flow_block infrastructure") Signed-off-by: wenxu Signed-off-by: David S. Miller commit 66f1939a1b705305df820d65f4d9a8457d05759c Author: wenxu Date: Thu Jun 18 20:49:09 2020 +0800 flow_offload: use flow_indr_block_cb_alloc/remove function Prepare fix the bug in the next patch. use flow_indr_block_cb_alloc/remove function and remove the __flow_block_indr_binding. Signed-off-by: wenxu Signed-off-by: David S. Miller commit 26f2eb27d081081dbea6d3c11602c9ece36f4d9c Author: wenxu Date: Thu Jun 18 20:49:08 2020 +0800 flow_offload: add flow_indr_block_cb_alloc/remove function Add flow_indr_block_cb_alloc/remove function for next fix patch. Signed-off-by: wenxu Signed-off-by: David S. Miller commit 56c09de347e40804fc8dad155272fb9609e0a97b Author: Sabrina Dubroca Date: Thu Jun 18 12:13:22 2020 +0200 geneve: allow changing DF behavior after creation Currently, trying to change the DF parameter of a geneve device does nothing: # ip -d link show geneve1 14: geneve1: link/ether geneve id 1 remote 10.0.0.1 ttl auto df set dstport 6081 # ip link set geneve1 type geneve id 1 df unset # ip -d link show geneve1 14: geneve1: link/ether geneve id 1 remote 10.0.0.1 ttl auto df set dstport 6081 We just need to update the value in geneve_changelink. Fixes: a025fb5f49ad ("geneve: Allow configuration of DF behaviour") Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio Signed-off-by: David S. Miller commit 9deba33f1b7266a3870c9da31f787b605748fc0c Author: Claudiu Manoil Date: Thu Jun 18 12:16:52 2020 +0300 enetc: Fix HW_VLAN_CTAG_TX|RX toggling VLAN tag insertion/extraction offload is correctly activated at probe time but deactivation of this feature (i.e. via ethtool) is broken. Toggling works only for Tx/Rx ring 0 of a PF, and is ignored for the other rings, including the VF rings. To fix this, the existing VLAN offload toggling code was extended to all the rings assigned to a netdevice, instead of the default ring 0 (likely a leftover from the early validation days of this feature). And the code was moved to the common set_features() function to fix toggling for the VF driver too. Fixes: d4fd0404c1c9 ("enetc: Introduce basic PF and VF ENETC ethernet drivers") Signed-off-by: Claudiu Manoil Signed-off-by: David S. Miller commit faa620876b01d6744f1599e279042bb8149247ab Author: Claudiu Beznea Date: Thu Jun 18 11:37:40 2020 +0300 net: macb: undo operations in case of failure Undo previously done operation in case macb_phylink_connect() fails. Since macb_reset_hw() is the 1st undo operation the napi_exit label was renamed to reset_hw. Fixes: 7897b071ac3b ("net: macb: convert to phylink") Signed-off-by: Claudiu Beznea Acked-by: Nicolas Ferre Signed-off-by: David S. Miller commit 2996cbd532a0d282dd3177d68a725f726a67f21c Merge: cc26c9f5ace2 02c28dffb13a Author: David S. Miller Date: Fri Jun 19 19:57:22 2020 -0700 Merge tag 'rxrpc-fixes-20200618' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs David Howells says: ==================== rxrpc: Performance drop fix and other fixes Here are three fixes for rxrpc: (1) Fix a trace symbol mapping. It doesn't seem to let you map to "". (2) Fix the handling of the remote receive window size when it increases beyond the size we can support for our transmit window. (3) Fix a performance drop caused by retransmitted packets being accidentally marked as already ACK'd. ==================== Signed-off-by: David S. Miller commit 9df24eaef86f5d5cb38c77eaa1cfa3eec09ebfe8 Merge: 543094e19c82 d35f18b554be Author: Dan Williams Date: Fri Jun 19 14:18:51 2020 -0700 Merge branch 'for-5.8/papr_scm' into libnvdimm-for-next Include the papr_scm health retrieval feature for v5.8-rc2. The functionality was initially posted well in advance of the merge window, but review comments and a late build-bot warning kept them out of the v5.8-rc1 libnvdimm pull request. Vaibhav notes: These patches are tied to specific features that were committed to customers in upcoming distros releases (RHEL and SLES) whose time-lines are tied to 5.8 kernel release. Being able to track the health of an nvdimm is critical for our customers that are running workloads leveraging papr-scm nvdimms. Missing the 5.8 kernel would mean missing the distro timelines and shifting forward the availability of this feature in distro kernels by at least 6 months. commit cc26c9f5ace29d00ccedd79ffa1ee90b2439fe55 Merge: 6564cfefb01c b2ffc75e2e99 Author: David S. Miller Date: Fri Jun 19 13:39:01 2020 -0700 Merge branch 'net-phy-MDIO-bus-scanning-fixes' Florian Fainelli says: ==================== net: phy: MDIO bus scanning fixes This patch series fixes two problems with the current MDIO bus scanning logic which was identified while moving from 4.9 to 5.4 on devices that do rely on scanning the MDIO bus at runtime because they use pluggable cards. Changes in v2: - added comment explaining the special value of -ENODEV - added Andrew's Reviewed-by tag ==================== Signed-off-by: David S. Miller commit b2ffc75e2e990b09903f9d15ccd53bc5f3a4217c Author: Florian Fainelli Date: Fri Jun 19 11:47:47 2020 -0700 net: phy: Check harder for errors in get_phy_id() Commit 02a6efcab675 ("net: phy: allow scanning busses with missing phys") added a special condition to return -ENODEV in case -ENODEV or -EIO was returned from the first read of the MII_PHYSID1 register. In case the MDIO bus data line pull-up is not strong enough, the MDIO bus controller will not flag this as a read error. This can happen when a pluggable daughter card is not connected and weak internal pull-ups are used (since that is the only option, otherwise the pins are floating). The second read of MII_PHYSID2 will be correctly flagged an error though, but now we will return -EIO which will be treated as a hard error, thus preventing MDIO bus scanning loops to continue succesfully. Apply the same logic to both register reads, thus allowing the scanning logic to proceed. Fixes: 02a6efcab675 ("net: phy: allow scanning busses with missing phys") Reviewed-by: Andrew Lunn Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 5a8d7f126c97d04d893f5e5be2b286437a0d01b0 Author: Florian Fainelli Date: Fri Jun 19 11:47:46 2020 -0700 of: of_mdio: Correct loop scanning logic Commit 209c65b61d94 ("drivers/of/of_mdio.c:fix of_mdiobus_register()") introduced a break of the loop on the premise that a successful registration should exit the loop. The premise is correct but not to code, because rc && rc != -ENODEV is just a special error condition, that means we would exit the loop even with rc == -ENODEV which is absolutely not correct since this is the error code to indicate to the MDIO bus layer that scanning should continue. Fix this by explicitly checking for rc = 0 as the only valid condition to break out of the loop. Fixes: 209c65b61d94 ("drivers/of/of_mdio.c:fix of_mdiobus_register()") Reviewed-by: Andrew Lunn Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller commit 4333a9b0b67bb4e8bcd91bdd80da80b0ec151162 Merge: d2b1c81f5f6c 6f2cc1664db2 Author: Linus Torvalds Date: Fri Jun 19 13:16:58 2020 -0700 Merge tag 'io_uring-5.8-2020-06-19' of git://git.kernel.dk/linux-block Pull io_uring fixes from Jens Axboe: - Catch a case where io_sq_thread() didn't do proper mm acquire - Ensure poll completions are reaped on shutdown - Async cancelation and run fixes (Pavel) - io-poll race fixes (Xiaoguang) - Request cleanup race fix (Xiaoguang) * tag 'io_uring-5.8-2020-06-19' of git://git.kernel.dk/linux-block: io_uring: fix possible race condition against REQ_F_NEED_CLEANUP io_uring: reap poll completions while waiting for refs to drop on exit io_uring: acquire 'mm' for task_work for SQPOLL io_uring: add memory barrier to synchronize io_kiocb's result and iopoll_completed io_uring: don't fail links for EAGAIN error in IOPOLL mode io_uring: cancel by ->task not pid io_uring: lazy get task io_uring: batch cancel in io_uring_cancel_files() io_uring: cancel all task's requests on exit io-wq: add an option to cancel all matched reqs io-wq: reorder cancellation pending -> running io_uring: fix lazy work init commit d2b1c81f5f6c3427bd900be5fed306ca83d649d4 Merge: 592be758f196 3373a3461aa1 Author: Linus Torvalds Date: Fri Jun 19 13:11:26 2020 -0700 Merge tag 'block-5.8-2020-06-19' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: - Use import_uuid() where appropriate (Andy) - bcache fixes (Coly, Mauricio, Zhiqiang) - blktrace sparse warnings fix (Jan) - blktrace concurrent setup fix (Luis) - blkdev_get use-after-free fix (Jason) - Ensure all blk-mq maps are updated (Weiping) - Loop invalidate bdev fix (Zheng) * tag 'block-5.8-2020-06-19' of git://git.kernel.dk/linux-block: block: make function 'kill_bdev' static loop: replace kill_bdev with invalidate_bdev partitions/ldm: Replace uuid_copy() with import_uuid() where it makes sense block: update hctx map when use multiple maps blktrace: Avoid sparse warnings when assigning q->blk_trace blktrace: break out of blktrace setup on concurrent calls block: Fix use-after-free in blkdev_get() trace/events/block.h: drop kernel-doc for dropped function parameter blk-mq: Remove redundant 'return' statement bcache: pr_info() format clean up in bcache_device_init() bcache: use delayed kworker fo asynchronous devices registration bcache: check and adjust logical block size for backing devices bcache: fix potential deadlock problem in btree_gc_coalesce commit 592be758f196ed4610e326fc3f33dadd80aa7c6b Merge: 62c91ead977a b5292111de9b Author: Linus Torvalds Date: Fri Jun 19 13:09:40 2020 -0700 Merge tag 'libata-5.8-2020-06-19' of git://git.kernel.dk/linux-block Pull libata fixes from Jens Axboe: "A few minor changes that should go into this release" * tag 'libata-5.8-2020-06-19' of git://git.kernel.dk/linux-block: libata: Use per port sync for detach ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function sata_rcar: handle pm_runtime_get_sync failure cases commit 6564cfefb01c4c5b8c357f300feac5cb1585e1a9 Author: Flavio Suligoi Date: Fri Jun 19 11:18:11 2020 +0200 net: ethernet: oki-semi: pch_gbe: fix spelling mistake Fix typo: "Triger" --> "Trigger" Signed-off-by: Flavio Suligoi Signed-off-by: David S. Miller commit e795a61a85e65b4f12c2ed3529911ac0f013fa40 Author: Stefan Schmidt Date: Tue Jun 16 08:49:10 2020 +0200 MAINTAINERS: update ieee802154 project website URL Update URL to our new home. Signed-off-by: Stefan Schmidt commit e2c0b9712452296cb50a9faf07cc688862238f24 Author: Stefan Schmidt Date: Tue Jun 16 08:47:32 2020 +0200 docs: net: ieee802154: change link to new project URL We finally came around to setup a new project website. Update the reference here. Signed-off-by: Stefan Schmidt commit 24f5aa53afbf72ffd7d2587cd2edd44342e0270f Author: Flavio Suligoi Date: Fri Jun 19 11:02:04 2020 +0200 net: ethernet: neterion: vxge: fix spelling mistake Fix typo: "trigered" --> "triggered" Signed-off-by: Flavio Suligoi Signed-off-by: David S. Miller commit 0e5f9d50ad969480ae3331f3802250e39327fb50 Merge: 7b075ad9f496 be01369859b8 Author: David S. Miller Date: Fri Jun 19 13:03:47 2020 -0700 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2020-06-19 1) Fix double ESP trailer insertion in IPsec crypto offload if netif_xmit_frozen_or_stopped is true. From Huy Nguyen. 2) Merge fixup for "remove output_finish indirection from xfrm_state_afinfo". From Stephen Rothwell. 3) Select CRYPTO_SEQIV for ESP as this is needed for GCM and several other encryption algorithms. Also modernize the crypto algorithm selections for ESP and AH, remove those that are maked as "MUST NOT" and add those that are marked as "MUST" be implemented in RFC 8221. From Eric Biggers. Please note the merge conflict between commit: a7f7f6248d97 ("treewide: replace '---help---' in Kconfig files with 'help'") from Linus' tree and commits: 7d4e39195925 ("esp, ah: consolidate the crypto algorithm selections") be01369859b8 ("esp, ah: modernize the crypto algorithm selections") from the ipsec tree. ==================== Signed-off-by: David S. Miller commit 7b075ad9f496d18f45c8835cef2ae058eb6f8371 Merge: 0ad6f6e767ec 3995ecbabc6f Author: David S. Miller Date: Fri Jun 19 12:55:12 2020 -0700 Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2020-06-18 This series contains fixes to ixgbe, i40e and ice driver. Ciara fixes up the ixgbe, i40e and ice drivers to protect access when allocating and freeing the rings. In addition, made use of READ_ONCE when reading the rings prior to accessing the statistics pointer. Björn fixes a crash where the receive descriptor ring allocation was moved to a different function, which broke the ethtool set_ringparam() hook. ==================== Signed-off-by: David S. Miller commit 62c91ead977a5d5023be3d791cbff8535f7d5433 Merge: 672f9255a727 8a7a3d1d0dcf Author: Linus Torvalds Date: Fri Jun 19 12:40:57 2020 -0700 Merge tag 'drm-fixes-2020-06-19' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Just i915 and amd here. i915 has some workaround movement so they get applied at the right times, and a timeslicing fix, along with some display fixes. AMD has a few display floating point fix and a devcgroup fix for amdkfd. i915: - Fix for timeslicing and virtual engines/unpremptable requests (+ 1 dependency patch) - Fixes into TypeC register programming and interrupt storm detecting - Disable DIP on MST ports with the transcoder clock still on - Avoid missing GT workarounds at reset for HSW and older gens - Fix for unwinding multiple requests missing force restore - Fix encoder type check for DDI vswing sequence - Build warning fixes amdgpu: - Fix kvfree/kfree mixup - Fix hawaii device id in powertune configuration - Display FP fixes - Documentation fixes amdkfd: - devcgroup check fix" * tag 'drm-fixes-2020-06-19' of git://anongit.freedesktop.org/drm/drm: (23 commits) drm/amdgpu: fix documentation around busy_percentage drm/amdgpu/pm: update comment to clarify Overdrive interfaces drm/amdkfd: Use correct major in devcgroup check drm/i915/display: Fix the encoder type check drm/i915/icl+: Fix hotplug interrupt disabling after storm detection drm/i915/gt: Move gen4 GT workarounds from init_clock_gating to workarounds drm/i915/gt: Move ilk GT workarounds from init_clock_gating to workarounds drm/i915/gt: Move snb GT workarounds from init_clock_gating to workarounds drm/i915/gt: Move vlv GT workarounds from init_clock_gating to workarounds drm/i915/gt: Move ivb GT workarounds from init_clock_gating to workarounds drm/i915/gt: Move hsw GT workarounds from init_clock_gating to workarounds drm/i915/icl: Disable DIP on MST ports with the transcoder clock still on drm/i915/gt: Incrementally check for rewinding drm/i915/tc: fix the reset of ln0 drm/i915/gt: Prevent timeslicing into unpreemptable requests drm/i915/selftests: Restore to default heartbeat drm/i915: work around false-positive maybe-uninitialized warning drm/i915/pmu: avoid an maybe-uninitialized warning drm/i915/gt: Incorporate the virtual engine into timeslicing drm/amd/display: Rework dsc to isolate FPU operations ... commit 672f9255a727d04c98b05ba7af625ab7032c8028 Merge: 84bc1993e28b 7ed286f3e061 Author: Linus Torvalds Date: Fri Jun 19 12:25:04 2020 -0700 Merge tag 'ceph-for-5.8-rc2' of git://github.com/ceph/ceph-client Pull ceph fixes from Ilya Dryomov: "An important follow-up for replica reads support that went into -rc1 and two target_copy() fixups" * tag 'ceph-for-5.8-rc2' of git://github.com/ceph/ceph-client: libceph: don't omit used_replica in target_copy() libceph: don't omit recovery_deletes in target_copy() libceph: move away from global osd_req_flags commit 84bc1993e28b2d3cf6110bab0b625e8119825403 Merge: 98b769942c69 24ebec25fb27 Author: Linus Torvalds Date: Fri Jun 19 12:19:12 2020 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "Unfortunately, we still have a number of outstanding issues so there will be more fixes to come, but this lot are a good start. - Fix handling of watchpoints triggered by uaccess routines - Fix initialisation of gigantic pages for CMA buffers - Raise minimum clang version for BTI to avoid miscompilation - Fix data race in SVE vector length configuration code - Ensure address tags are ignored in kern_addr_valid() - Dump register state on fatal BTI exception - kexec_file() cleanup to use struct_size() macro" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints arm64: kexec_file: Use struct_size() in kmalloc() arm64: mm: reserve hugetlb CMA after numa_init arm64: bti: Require clang >= 10.0.1 for in-kernel BTI support arm64: sve: Fix build failure when ARM64_SVE=y and SYSCTL=n arm64: pgtable: Clear the GP bit for non-executable kernel pages arm64: mm: reset address tag set by kasan sw tagging arm64: traps: Dump registers prior to panic() in bad_mode() arm64/sve: Eliminate data races on sve_default_vl docs/arm64: Fix typo'd #define in sve.rst arm64: remove TEXT_OFFSET randomization commit 98b769942c698e43117334332ebfed852dfa6ff9 Merge: 98d7e741a0a3 b19d57d0f3cc Author: Linus Torvalds Date: Fri Jun 19 11:45:03 2020 -0700 Merge tag 'overflow-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull flex-array size helper from Kees Cook: "During the treewide clean-ups of zero-length "flexible arrays", the struct_size() helper was heavily used, but it was noticed that many times it would have been nice to have an additional helper to get the size of just the flexible array itself. This need appears to be even more common when cleaning up the 1-byte array "flexible arrays", so Gustavo implemented it. I'd love to get this landed early so it can be used during the v5.9 dev cycle to ease the 1-byte array cleanups." * tag 'overflow-v5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: overflow.h: Add flex_array_size() helper commit 98d7e741a0a37fff24f99e4b6c5a1bd1e50cd47a Merge: 5e857ce6eae7 6a1515c962b1 Author: Linus Torvalds Date: Fri Jun 19 11:39:57 2020 -0700 Merge tag 'perf-tools-fixes-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux Pull perf tooling fixes from Arnaldo Carvalho de Melo: - Update various UAPI headers, some automatically adding support for a new MSR and the faccess2 syscall. - Fix corner case NULL deref in the histograms code. - Fix corner case NULL deref in 'perf stat' aggregation code. - Fix array pointer deref and old style declaration in the parsing of events. - Fix segfault when processing ZSTD compressed perf.data files in 'perf script' due to lack of initialization of the ZSTD library. - Handle __attribute__((user)) in libtraceevent fixing the parsing of syscall tracepoints with user buffers. - Make libtraevent aware of __builtin_expect() appearing in tracepoint fields. - Make the BPF prologue generation use bpf_probe_read_{user,kernel}(). - Fix the '@user' attribute parsing in kprobes variables in 'perf probe'. - Fix error message when asking for -fsanitize=address without required libraries. * tag 'perf-tools-fixes-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: (22 commits) perf build: Fix error message when asking for -fsanitize=address without required libraries tools lib traceevent: Add handler for __builtin_expect() tools lib traceevent: Handle __attribute__((user)) in field names tools lib traceevent: Add append() function helper for appending strings tools headers UAPI: Sync linux/fs.h with the kernel sources tools include UAPI: Sync linux/vhost.h with the kernel sources tools arch x86: Sync the msr-index.h copy with the kernel sources perf script: Initialize zstd_data perf pmu: Remove unused declaration perf parse-events: Fix an old style declaration perf parse-events: Fix an incompatible pointer perf bpf: Fix bpf prologue generation perf probe: Fix user attribute access in kprobes perf stat: Fix NULL pointer dereference perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events() tools headers UAPI: Sync kvm.h headers with the kernel sources tools headers UAPI: Sync drm/i915_drm.h with the kernel sources tools headers UAPI: Sync linux/fscrypt.h with the kernel sources perf beauty: Add support to STATX_MNT_ID in the 'statx' syscall 'mask' argument tools headers uapi: Sync linux/stat.h with the kernel sources ... commit d35bd764e6899a7bea71958f08d16cea5bfa1919 Author: Mikulas Patocka Date: Fri Jun 19 11:51:34 2020 -0400 dm writecache: add cond_resched to loop in persistent_memory_claim() Add cond_resched() to a loop that fills in the mapper memory area because the loop can be executed many times. Fixes: 48debafe4f2fe ("dm: add writecache target") Cc: stable@vger.kernel.org Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit bb5570ad3b54e7930997aec76ab68256d5236d94 Author: Matt Fleming Date: Thu Jun 18 11:20:02 2020 +0100 x86/asm/64: Align start of __clear_user() loop to 16-bytes x86 CPUs can suffer severe performance drops if a tight loop, such as the ones in __clear_user(), straddles a 16-byte instruction fetch window, or worse, a 64-byte cacheline. This issues was discovered in the SUSE kernel with the following commit, 1153933703d9 ("x86/asm/64: Micro-optimize __clear_user() - Use immediate constants") which increased the code object size from 10 bytes to 15 bytes and caused the 8-byte copy loop in __clear_user() to be split across a 64-byte cacheline. Aligning the start of the loop to 16-bytes makes this fit neatly inside a single instruction fetch window again and restores the performance of __clear_user() which is used heavily when reading from /dev/zero. Here are some numbers from running libmicro's read_z* and pread_z* microbenchmarks which read from /dev/zero: Zen 1 (Naples) libmicro-file 5.7.0-rc6 5.7.0-rc6 5.7.0-rc6 revert-1153933703d9+ align16+ Time mean95-pread_z100k 9.9195 ( 0.00%) 5.9856 ( 39.66%) 5.9938 ( 39.58%) Time mean95-pread_z10k 1.1378 ( 0.00%) 0.7450 ( 34.52%) 0.7467 ( 34.38%) Time mean95-pread_z1k 0.2623 ( 0.00%) 0.2251 ( 14.18%) 0.2252 ( 14.15%) Time mean95-pread_zw100k 9.9974 ( 0.00%) 6.0648 ( 39.34%) 6.0756 ( 39.23%) Time mean95-read_z100k 9.8940 ( 0.00%) 5.9885 ( 39.47%) 5.9994 ( 39.36%) Time mean95-read_z10k 1.1394 ( 0.00%) 0.7483 ( 34.33%) 0.7482 ( 34.33%) Note that this doesn't affect Haswell or Broadwell microarchitectures which seem to avoid the alignment issue by executing the loop straight out of the Loop Stream Detector (verified using perf events). Fixes: 1153933703d9 ("x86/asm/64: Micro-optimize __clear_user() - Use immediate constants") Signed-off-by: Matt Fleming Signed-off-by: Borislav Petkov Cc: # v4.19+ Link: https://lkml.kernel.org/r/20200618102002.30034-1-matt@codeblueprint.co.uk commit f2cd9a5e85dc25e10f6318bc6fbcb7dcff262561 Author: Shin'ichiro Kawasaki Date: Fri Jun 19 16:49:56 2020 +0900 dm zoned: Fix reclaim zone selection When dm zoned has multiple devices, random zones are never selected for reclaim if all reserved sequential write zones are in use and no sequential write required zones can be selected for reclaim. This can lead to deadlocks as selecting a cache zone allows reclaiming a sequential zone, ensuring forward progress. Fix this by always defaulting to selecting a random zone when no sequential write required zone can be selected. [Damien: fix commit message] Signed-off-by: Shin'ichiro Kawasaki Signed-off-by: Damien Le Moal Reviewed-by: Hannes Reinecke Signed-off-by: Mike Snitzer commit 3ee39573e567eded4f73e1e22216034bc29f3813 Author: Damien Le Moal Date: Fri Jun 19 16:49:55 2020 +0900 dm zoned: Fix random zone reclaim selection Commit 2094045fe5b5 ("dm zoned: prefer full zones for reclaim") modified dmz_get_rnd_zone_for_reclaim() to add a search for the buffer zone with the heaviest weight as an optimal candidate for reclaim. This modification uses the zone pointer variabl "last" which is set only once and never modified as zones are scanned, resulting in the search being inefective. Furthermore, if the selected buffer zone at the end of the search loop is active or already locked for reclaim, dmz_get_rnd_zone_for_reclaim() returns NULL even if other random zones with a lesser weight can be reclaimed. To fix the search and to guarantee that reclaim can make forward progress, fix dmz_get_rnd_zone_for_reclaim() loop to correctly find the buffer zone with the heaviest weight using the variable maxw_z. Also make sure to fallback to finding the first random zone that can be reclaimed if this best candidate zone cannot be reclaimed. While at it, also fix the device index check to consider only random zones, ignoring cache zones belonging to the cache device if one is used as that device does not have a reclaim process. Fixes: 2094045fe5b5 ("dm zoned: prefer full zones for reclaim") Signed-off-by: Damien Le Moal Reviewed-by: Hannes Reinecke Signed-off-by: Mike Snitzer commit 415c79e13b17ce5f0a0815bab4d584f75f4d1171 Author: Johannes Thumshirn Date: Fri Jun 19 15:59:04 2020 +0900 dm: update original bio sector on Zone Append Naohiro reported that issuing zone-append bios to a zoned block device underneath a dm-linear device does not work as expected. This because we forgot to reverse-map the sector the device wrote to the original bio. For zone-append bios, get the offset in the zone of the written sector from the clone bio and add that to the original bio's sector position. Fixes: 0512a75b98f8 ("block: Introduce REQ_OP_ZONE_APPEND") Cc: stable@vger.kernel.org Reported-by: Naohiro Aota Signed-off-by: Johannes Thumshirn Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit b38c0ad57f8e7810f2d994f49dab4ccb129cf31c Author: Shin'ichiro Kawasaki Date: Thu Jun 18 11:48:10 2020 +0900 dm zoned: Fix metadata zone size check When dm zoned has multiple devices, metadata is on the cache device, not in random zones of the zoned devices. Then the number of metadata zones shall be checked with the number of cache zones, not random zones. Fixes: 34f5affd04c4 ("dm zoned: separate random and cache zones") Signed-off-by: Shin'ichiro Kawasaki Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit e0034433a7e4f1d74e86fe801f7c017b48f81315 Author: Mauro Carvalho Chehab Date: Mon Jun 15 08:47:00 2020 +0200 docs: device-mapper: add dm-ebs.rst to an index file Solves this Sphinx warning: Documentation/admin-guide/device-mapper/dm-ebs.rst: WARNING: document isn't included in any toctree Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Mike Snitzer commit 28f9f8fb4f405ade488058f817b6cbd108e45e4e Author: Loic Poulain Date: Fri Jun 19 12:17:44 2020 +0200 MAINTAINERS: Add robert and myself as qcom i2c cci maintainers Signed-off-by: Loic Poulain Signed-off-by: Robert Foss [wsa: kept sorting] Signed-off-by: Wolfram Sang commit a17f4bed811c60712d8131883cdba11a105d0161 Author: Fan Guo Date: Fri Jun 12 14:38:24 2020 +0800 RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() If ib_dma_mapping_error() returns non-zero value, ib_mad_post_receive_mads() will jump out of loops and return -ENOMEM without freeing mad_priv. Fix this memory-leak problem by freeing mad_priv in this case. Fixes: 2c34e68f4261 ("IB/mad: Check and handle potential DMA mapping errors") Link: https://lore.kernel.org/r/20200612063824.180611-1-guofan5@huawei.com Signed-off-by: Fan Guo Signed-off-by: Jason Gunthorpe commit 49097762fa405cdc16f8f597f6d27c078d4a31e9 Author: Vitaly Kuznetsov Date: Fri Jun 19 11:40:46 2020 +0200 Revert "KVM: VMX: Micro-optimize vmexit time when not exposing PMU" Guest crashes are observed on a Cascade Lake system when 'perf top' is launched on the host, e.g. BUG: unable to handle kernel paging request at fffffe0000073038 PGD 7ffa7067 P4D 7ffa7067 PUD 7ffa6067 PMD 7ffa5067 PTE ffffffffff120 Oops: 0000 [#1] SMP PTI CPU: 1 PID: 1 Comm: systemd Not tainted 4.18.0+ #380 ... Call Trace: serial8250_console_write+0xfe/0x1f0 call_console_drivers.constprop.0+0x9d/0x120 console_unlock+0x1ea/0x460 Call traces are different but the crash is imminent. The problem was blindly bisected to the commit 041bc42ce2d0 ("KVM: VMX: Micro-optimize vmexit time when not exposing PMU"). It was also confirmed that the issue goes away if PMU is exposed to the guest. With some instrumentation of the guest we can see what is being switched (when we do atomic_switch_perf_msrs()): vmx_vcpu_run: switching 2 msrs vmx_vcpu_run: switching MSR38f guest: 70000000d host: 70000000f vmx_vcpu_run: switching MSR3f1 guest: 0 host: 2 The current guess is that PEBS (MSR_IA32_PEBS_ENABLE, 0x3f1) is to blame. Regardless of whether PMU is exposed to the guest or not, PEBS needs to be disabled upon switch. This reverts commit 041bc42ce2d0efac3b85bbb81dea8c74b81f4ef9. Reported-by: Maxime Coquelin Signed-off-by: Vitaly Kuznetsov Message-Id: <20200619094046.654019-1-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini commit a23ff37b32c7e682b42feab651c83a18c34e75eb Author: Keyur Patel Date: Fri Jun 12 17:26:35 2020 -0400 i2c: smbus: Fix spelling mistake in the comments Fix spelling mistake in the comments with help of `codespell`. seperate ==> separate Signed-off-by: Keyur Patel Signed-off-by: Wolfram Sang commit a5765124e697e67df01420f9ed8f9a851097d680 Author: Daniel Schaefer Date: Sun Jun 14 20:23:55 2020 +0200 Documentation/i2c: SMBus start signal is S not A Just like all other I2C/SMBus commands, the start signal for the SMBus Quick Command is S, not A. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Daniel Schaefer Signed-off-by: Wolfram Sang commit 2d3f53a80e4eed078669853a178ed96d88f74143 Author: Rodrigo Rivas Costa Date: Tue Jun 16 18:44:18 2020 +0200 HID: steam: fixes race in handling device list. Using uhid and KASAN this driver crashed because it was getting several connection events where it only expected one. Then the device was added several times to the static device list and it got corrupted. This patch checks if the device is already in the list before adding it. Signed-off-by: Rodrigo Rivas Costa Tested-by: Siarhei Vishniakou Signed-off-by: Jiri Kosina commit 390fd0475af565d2fc31de98fcc84f3c2922e008 Author: Wolfram Sang Date: Mon Jun 15 09:58:15 2020 +0200 i2c: remove deprecated i2c_new_device API All in-tree users have been converted to the new i2c_new_client_device function, so remove this deprecated one. Signed-off-by: Wolfram Sang Signed-off-by: Wolfram Sang commit bc5a3e44af7edb2fe3a678dde104aab763bd1293 Author: Wolfram Sang Date: Mon Jun 15 09:58:14 2020 +0200 Documentation: media: convert to use i2c_new_client_device() Move away from the deprecated API and advertise the new one. Signed-off-by: Wolfram Sang Reviewed-by: Mauro Carvalho Chehab Signed-off-by: Wolfram Sang commit 9e1b93b9f624e7f8ae836c47ee68dc2d732f2957 Author: Wolfram Sang Date: Mon Jun 15 09:58:13 2020 +0200 video: backlight: tosa_lcd: convert to use i2c_new_client_device() Move away from the deprecated API and return the shiny new ERRPTR where useful. Signed-off-by: Wolfram Sang Reviewed-by: Daniel Thompson Acked-by: Lee Jones Signed-off-by: Wolfram Sang commit f04a5ba1752512a46ffb61b88a8fa7d4ab7e02f3 Author: Wolfram Sang Date: Mon Jun 15 09:58:12 2020 +0200 x86/platform/intel-mid: convert to use i2c_new_client_device() Move away from the deprecated API and return the shiny new ERRPTR where useful. Signed-off-by: Wolfram Sang Reviewed-by: Andy Shevchenko Signed-off-by: Wolfram Sang commit bb7d93fff62f32f4ff0072b2ace695bd5f5137e7 Author: Wolfram Sang Date: Mon Jun 15 09:58:11 2020 +0200 drm: encoder_slave: use new I2C API i2c_new_client() is deprecated, use the replacement i2c_new_client_device(). Also, we have a helper to check if a driver is bound. Use it to simplify the code. Note that this changes the errno for a failed device creation from ENOMEM to ENODEV. No callers currently interpret this errno, though, so we use this condensed error check. Signed-off-by: Wolfram Sang Reviewed-by: Emil Velikov Acked-by: Daniel Vetter Signed-off-by: Wolfram Sang commit f78d4032de60f50fd4afaa0fb68ea03b985f820a Author: Wolfram Sang Date: Mon Jun 15 09:58:10 2020 +0200 drm: encoder_slave: fix refcouting error for modules module_put() balances try_module_get(), not request_module(). Fix the error path to match that. Fixes: 2066facca4c7 ("drm/kms: slave encoder interface.") Signed-off-by: Wolfram Sang Reviewed-by: Emil Velikov Acked-by: Daniel Vetter Signed-off-by: Wolfram Sang commit 3995ecbabc6f8019b3a55aeb551eeb9598b8b354 Author: Björn Töpel Date: Fri Jun 12 13:47:31 2020 +0200 i40e: fix crash when Rx descriptor count is changed When the AF_XDP buffer allocator was introduced, the Rx SW ring "rx_bi" allocation was moved from i40e_setup_rx_descriptors() function, and was instead done in the i40e_configure_rx_ring() function. This broke the ethtool set_ringparam() hook for changing the Rx descriptor count, which was relying on i40e_setup_rx_descriptors() to handle the allocation. Fix this by adding an explicit i40e_alloc_rx_bi() call to i40e_set_ringparam(). Fixes: be1222b585fd ("i40e: Separate kernel allocated rx_bi rings from AF_XDP rings") Signed-off-by: Björn Töpel Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit b1d95cc2391ffac0c5b27256a4fb0d2cfb021a29 Author: Ciara Loftus Date: Tue Jun 9 13:19:45 2020 +0000 ice: protect ring accesses with WRITE_ONCE The READ_ONCE macro is used when reading rings prior to accessing the statistics pointer. The corresponding WRITE_ONCE usage when allocating and freeing the rings to ensure protected access was not in place. Introduce this. Signed-off-by: Ciara Loftus Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit d59e267912cd90b0adf33b4659050d831e746317 Author: Ciara Loftus Date: Tue Jun 9 13:19:44 2020 +0000 i40e: protect ring accesses with READ- and WRITE_ONCE READ_ONCE should be used when reading rings prior to accessing the statistics pointer. Introduce this as well as the corresponding WRITE_ONCE usage when allocating and freeing the rings, to ensure protected access. Signed-off-by: Ciara Loftus Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit f140ad9fe2ae16f385f8fe4dc9cf67bb4c51d794 Author: Ciara Loftus Date: Tue Jun 9 13:19:43 2020 +0000 ixgbe: protect ring accesses with READ- and WRITE_ONCE READ_ONCE should be used when reading rings prior to accessing the statistics pointer. Introduce this as well as the corresponding WRITE_ONCE usage when allocating and freeing the rings, to ensure protected access. Signed-off-by: Ciara Loftus Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 0ad6f6e767ec2f613418cbc7ebe5ec4c35af540c Author: Eric Dumazet Date: Wed Jun 17 22:23:25 2020 -0700 net: increment xmit_recursion level in dev_direct_xmit() Back in commit f60e5990d9c1 ("ipv6: protect skb->sk accesses from recursive dereference inside the stack") Hannes added code so that IPv6 stack would not trust skb->sk for typical cases where packet goes through 'standard' xmit path (__dev_queue_xmit()) Alas af_packet had a dev_direct_xmit() path that was not dealing yet with xmit_recursion level. Also change sk_mc_loop() to dump a stack once only. Without this patch, syzbot was able to trigger : [1] [ 153.567378] WARNING: CPU: 7 PID: 11273 at net/core/sock.c:721 sk_mc_loop+0x51/0x70 [ 153.567378] Modules linked in: nfnetlink ip6table_raw ip6table_filter iptable_raw iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 nf_defrag_ipv6 iptable_filter macsec macvtap tap macvlan 8021q hsr wireguard libblake2s blake2s_x86_64 libblake2s_generic udp_tunnel ip6_udp_tunnel libchacha20poly1305 poly1305_x86_64 chacha_x86_64 libchacha curve25519_x86_64 libcurve25519_generic netdevsim batman_adv dummy team bridge stp llc w1_therm wire i2c_mux_pca954x i2c_mux cdc_acm ehci_pci ehci_hcd mlx4_en mlx4_ib ib_uverbs ib_core mlx4_core [ 153.567386] CPU: 7 PID: 11273 Comm: b159172088 Not tainted 5.8.0-smp-DEV #273 [ 153.567387] RIP: 0010:sk_mc_loop+0x51/0x70 [ 153.567388] Code: 66 83 f8 0a 75 24 0f b6 4f 12 b8 01 00 00 00 31 d2 d3 e0 a9 bf ef ff ff 74 07 48 8b 97 f0 02 00 00 0f b6 42 3a 83 e0 01 5d c3 <0f> 0b b8 01 00 00 00 5d c3 0f b6 87 18 03 00 00 5d c0 e8 04 83 e0 [ 153.567388] RSP: 0018:ffff95c69bb93990 EFLAGS: 00010212 [ 153.567388] RAX: 0000000000000011 RBX: ffff95c6e0ee3e00 RCX: 0000000000000007 [ 153.567389] RDX: ffff95c69ae50000 RSI: ffff95c6c30c3000 RDI: ffff95c6c30c3000 [ 153.567389] RBP: ffff95c69bb93990 R08: ffff95c69a77f000 R09: 0000000000000008 [ 153.567389] R10: 0000000000000040 R11: 00003e0e00026128 R12: ffff95c6c30c3000 [ 153.567390] R13: ffff95c6cc4fd500 R14: ffff95c6f84500c0 R15: ffff95c69aa13c00 [ 153.567390] FS: 00007fdc3a283700(0000) GS:ffff95c6ff9c0000(0000) knlGS:0000000000000000 [ 153.567390] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 153.567391] CR2: 00007ffee758e890 CR3: 0000001f9ba20003 CR4: 00000000001606e0 [ 153.567391] Call Trace: [ 153.567391] ip6_finish_output2+0x34e/0x550 [ 153.567391] __ip6_finish_output+0xe7/0x110 [ 153.567391] ip6_finish_output+0x2d/0xb0 [ 153.567392] ip6_output+0x77/0x120 [ 153.567392] ? __ip6_finish_output+0x110/0x110 [ 153.567392] ip6_local_out+0x3d/0x50 [ 153.567392] ipvlan_queue_xmit+0x56c/0x5e0 [ 153.567393] ? ksize+0x19/0x30 [ 153.567393] ipvlan_start_xmit+0x18/0x50 [ 153.567393] dev_direct_xmit+0xf3/0x1c0 [ 153.567393] packet_direct_xmit+0x69/0xa0 [ 153.567394] packet_sendmsg+0xbf0/0x19b0 [ 153.567394] ? plist_del+0x62/0xb0 [ 153.567394] sock_sendmsg+0x65/0x70 [ 153.567394] sock_write_iter+0x93/0xf0 [ 153.567394] new_sync_write+0x18e/0x1a0 [ 153.567395] __vfs_write+0x29/0x40 [ 153.567395] vfs_write+0xb9/0x1b0 [ 153.567395] ksys_write+0xb1/0xe0 [ 153.567395] __x64_sys_write+0x1a/0x20 [ 153.567395] do_syscall_64+0x43/0x70 [ 153.567396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 153.567396] RIP: 0033:0x453549 [ 153.567396] Code: Bad RIP value. [ 153.567396] RSP: 002b:00007fdc3a282cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 153.567397] RAX: ffffffffffffffda RBX: 00000000004d32d0 RCX: 0000000000453549 [ 153.567397] RDX: 0000000000000020 RSI: 0000000020000300 RDI: 0000000000000003 [ 153.567398] RBP: 00000000004d32d8 R08: 0000000000000000 R09: 0000000000000000 [ 153.567398] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004d32dc [ 153.567398] R13: 00007ffee742260f R14: 00007fdc3a282dc0 R15: 00007fdc3a283700 [ 153.567399] ---[ end trace c1d5ae2b1059ec62 ]--- f60e5990d9c1 ("ipv6: protect skb->sk accesses from recursive dereference inside the stack") Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller commit 8dbe4c5d5e40fe140221024f7b16bec9f310bf70 Author: Florian Fainelli Date: Wed Jun 17 20:42:44 2020 -0700 net: dsa: bcm_sf2: Fix node reference count of_find_node_by_name() will do an of_node_put() on the "from" argument. With CONFIG_OF_DYNAMIC enabled which checks for device_node reference counts, we would be getting a warning like this: [ 6.347230] refcount_t: increment on 0; use-after-free. [ 6.352498] WARNING: CPU: 3 PID: 77 at lib/refcount.c:156 refcount_inc_checked+0x38/0x44 [ 6.360601] Modules linked in: [ 6.363661] CPU: 3 PID: 77 Comm: kworker/3:1 Tainted: G W 5.4.46-gb78b3e9956e6 #13 [ 6.372546] Hardware name: BCM97278SV (DT) [ 6.376649] Workqueue: events deferred_probe_work_func [ 6.381796] pstate: 60000005 (nZCv daif -PAN -UAO) [ 6.386595] pc : refcount_inc_checked+0x38/0x44 [ 6.391133] lr : refcount_inc_checked+0x38/0x44 ... [ 6.478791] Call trace: [ 6.481243] refcount_inc_checked+0x38/0x44 [ 6.485433] kobject_get+0x3c/0x4c [ 6.488840] of_node_get+0x24/0x34 [ 6.492247] of_irq_find_parent+0x3c/0xe0 [ 6.496263] of_irq_parse_one+0xe4/0x1d0 [ 6.500191] irq_of_parse_and_map+0x44/0x84 [ 6.504381] bcm_sf2_sw_probe+0x22c/0x844 [ 6.508397] platform_drv_probe+0x58/0xa8 [ 6.512413] really_probe+0x238/0x3fc [ 6.516081] driver_probe_device+0x11c/0x12c [ 6.520358] __device_attach_driver+0xa8/0x100 [ 6.524808] bus_for_each_drv+0xb4/0xd0 [ 6.528650] __device_attach+0xd0/0x164 [ 6.532493] device_initial_probe+0x24/0x30 [ 6.536682] bus_probe_device+0x38/0x98 [ 6.540524] deferred_probe_work_func+0xa8/0xd4 [ 6.545061] process_one_work+0x178/0x288 [ 6.549078] process_scheduled_works+0x44/0x48 [ 6.553529] worker_thread+0x218/0x270 [ 6.557285] kthread+0xdc/0xe4 [ 6.560344] ret_from_fork+0x10/0x18 [ 6.563925] ---[ end trace 68f65caf69bb152a ]--- Fix this by adding a of_node_get() to increment the reference count prior to the call. Fixes: afa3b592953b ("net: dsa: bcm_sf2: Ensure correct sub-node is parsed") Signed-off-by: Florian Fainelli Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit eddbf5d0204e550ee59de02bdc19fe90d4203dd6 Author: Alexander Lobakin Date: Wed Jun 17 20:42:47 2020 +0000 net: ethtool: add missing NETIF_F_GSO_FRAGLIST feature string Commit 3b33583265ed ("net: Add fraglist GRO/GSO feature flags") missed an entry for NETIF_F_GSO_FRAGLIST in netdev_features_strings array. As a result, fraglist GSO feature is not shown in 'ethtool -k' output and can't be toggled on/off. The fix is trivial. Fixes: 3b33583265ed ("net: Add fraglist GRO/GSO feature flags") Signed-off-by: Alexander Lobakin Reviewed-by: Michal Kubecek Signed-off-by: David S. Miller commit 3a2656a211caf35e56afc9425e6e518fa52f7fbc Author: David Christensen Date: Wed Jun 17 11:51:17 2020 -0700 tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes The driver function tg3_io_error_detected() calls napi_disable twice, without an intervening napi_enable, when the number of EEH errors exceeds eeh_max_freezes, resulting in an indefinite sleep while holding rtnl_lock. Add check for pcierr_recovery which skips code already executed for the "Frozen" state. Signed-off-by: David Christensen Reviewed-by: Michael Chan Signed-off-by: David S. Miller commit 4c98045c9b74feab837be58986c0517d3cc661f1 Author: Martin Date: Wed Jun 17 22:30:23 2020 +0530 bareudp: Fixed multiproto mode configuration Code to handle multiproto configuration is missing. Fixes: 4b5f67232d95 ("net: Special handling for IP & MPLS") Signed-off-by: Martin Signed-off-by: David S. Miller commit e807fa3f602edcebecdfe3cebda1d91aa8087f0f Merge: f3c7a6e0e515 8cebedb64383 Author: David S. Miller Date: Thu Jun 18 20:27:42 2020 -0700 Merge branch 's390-qeth-fixes' Julian Wiedmann says: ==================== s390/qeth: fixes 2020-06-17 please apply the following patch series for qeth to netdev's net tree. The first patch fixes a regression in the error handling for a specific cmd type. I have some follow-ups queued up for net-next to clean this up properly... The second patch fine-tunes the HW offload restrictions that went in with this merge window. In some setups we don't need to apply them. ==================== Signed-off-by: David S. Miller commit 8cebedb643832586162aa5313cae781173c1f81b Author: Julian Wiedmann Date: Wed Jun 17 16:54:53 2020 +0200 s390/qeth: let isolation mode override HW offload restrictions When a device is configured with ISOLATION_MODE_FWD, traffic never goes through the internal switch. Don't apply the offload restrictions in this case. Fixes: c619e9a6f52f ("s390/qeth: don't use restricted offloads for local traffic") Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit e2dfcfba00ba4a414617ef4c5a8501fe21567eb3 Author: Julian Wiedmann Date: Wed Jun 17 16:54:52 2020 +0200 s390/qeth: fix error handling for isolation mode cmds Current(?) OSA devices also store their cmd-specific return codes for SET_ACCESS_CONTROL cmds into the top-level cmd->hdr.return_code. So once we added stricter checking for the top-level field a while ago, none of the error logic that rolls back the user's configuration to its old state is applied any longer. For this specific cmd, go back to the old model where we peek into the cmd structure even though the top-level field indicated an error. Fixes: 686c97ee29c8 ("s390/qeth: fix error handling in adapter command callbacks") Signed-off-by: Julian Wiedmann Signed-off-by: David S. Miller commit f3c7a6e0e515ebe4efae894bac8d6906e4367be5 Merge: 5eea3a63ff4a 9e365ff576b7 Author: David S. Miller Date: Thu Jun 18 20:25:51 2020 -0700 Merge branch 'mptcp-cope-with-syncookie-on-MP_JOINs' Paolo Abeni says: ==================== mptcp: cope with syncookie on MP_JOINs Currently syncookies on MP_JOIN connections are not handled correctly: the connections fallback to TCP and are kept alive instead of resetting them at fallback time. The first patch propagates the required information up to syn_recv_sock time, and the 2nd patch addresses the unifying the error path for all MP_JOIN requests. ==================== Signed-off-by: David S. Miller commit 9e365ff576b7c1623bbc5ef31ec652c533e2f65e Author: Paolo Abeni Date: Wed Jun 17 12:08:57 2020 +0200 mptcp: drop MP_JOIN request sock on syn cookies Currently any MPTCP socket using syn cookies will fallback to TCP at 3rd ack time. In case of MP_JOIN requests, the RFC mandate closing the child and sockets, but the existing error paths do not handle the syncookie scenario correctly. Address the issue always forcing the child shutdown in case of MP_JOIN fallback. Fixes: ae2dd7164943 ("mptcp: handle tcp fallback when using syn cookies") Signed-off-by: Paolo Abeni Reviewed-by: Mat Martineau Signed-off-by: David S. Miller commit 8fd4de1275580a1befa1456d1070eaf6489fb48f Author: Paolo Abeni Date: Wed Jun 17 12:08:56 2020 +0200 mptcp: cache msk on MP_JOIN init_req The msk ownership is transferred to the child socket at 3rd ack time, so that we avoid more lookups later. If the request does not reach the 3rd ack, the MSK reference is dropped at request sock release time. As a side effect, fallback is now tracked by a NULL msk reference instead of zeroed 'mp_join' field. This will simplify the next patch. Signed-off-by: Paolo Abeni Reviewed-by: Mat Martineau Signed-off-by: David S. Miller commit 5eea3a63ff4aba6a26002e657a6d21934b7e2b96 Author: guodeqing Date: Wed Jun 17 10:07:16 2020 +0800 net: Fix the arp error in some cases ie., $ ifconfig eth0 6.6.6.6 netmask 255.255.255.0 $ ip rule add from 6.6.6.6 table 6666 $ ip route add 9.9.9.9 via 6.6.6.6 $ ping -I 6.6.6.6 9.9.9.9 PING 9.9.9.9 (9.9.9.9) from 6.6.6.6 : 56(84) bytes of data. 3 packets transmitted, 0 received, 100% packet loss, time 2079ms $ arp Address HWtype HWaddress Flags Mask Iface 6.6.6.6 (incomplete) eth0 The arp request address is error, this is because fib_table_lookup in fib_check_nh lookup the destnation 9.9.9.9 nexthop, the scope of the fib result is RT_SCOPE_LINK,the correct scope is RT_SCOPE_HOST. Here I add a check of whether this is RT_TABLE_MAIN to solve this problem. Fixes: 3bfd847203c6 ("net: Use passed in table for nexthop lookups") Signed-off-by: guodeqing Reviewed-by: David Ahern Signed-off-by: David S. Miller commit ad103e03bda701f54dc97fbde7f199adc9e80282 Merge: b64ee4856c10 5182a6222dd0 Author: David S. Miller Date: Thu Jun 18 20:20:46 2020 -0700 Merge branch 'sja1105-fixes' Vladimir Oltean says: ==================== Fix VLAN checks for SJA1105 DSA tc-flower filters This fixes a ridiculous situation where the driver, in VLAN-unaware mode, would refuse accepting any tc filter: tc filter replace dev sw1p3 ingress flower skip_sw \ dst_mac 42:be:24:9b:76:20 \ action gate (...) Error: sja1105: Can only gate based on {DMAC, VID, PCP}. tc filter replace dev sw1p3 ingress protocol 802.1Q flower skip_sw \ vlan_id 1 vlan_prio 0 dst_mac 42:be:24:9b:76:20 \ action gate (...) Error: sja1105: Can only gate based on DMAC. So, without changing the VLAN awareness state, it says it doesn't want VLAN-aware rules, and it doesn't want VLAN-unaware rules either. One would say it's in Schrodinger's state... Now, the situation has been made worse by commit 7f14937facdc ("net: dsa: sja1105: keep the VLAN awareness state in a driver variable"), which made VLAN awareness a ternary attribute, but after inspecting the code from before that patch with a truth table, it looks like the logical bug was there even before. While attempting to fix this, I also noticed some leftover debugging code in one of the places that needed to be fixed. It would have appeared in the context of patch 3/3 anyway, so I decided to create a patch that removes it. ==================== Signed-off-by: David S. Miller commit 5182a6222dd0f27c41cda2706bdc58d48a0d8f96 Author: Vladimir Oltean Date: Wed Jun 17 02:58:43 2020 +0300 net: dsa: sja1105: fix checks for VLAN state in gate action This action requires the VLAN awareness state of the switch to be of the same type as the key that's being added: - If the switch is unaware of VLAN, then the tc filter key must only contain the destination MAC address. - If the switch is VLAN-aware, the key must also contain the VLAN ID and PCP. But this check doesn't work unless we verify the VLAN awareness state on both the "if" and the "else" branches. Fixes: 834f8933d5dd ("net: dsa: sja1105: implement tc-gate using time-triggered virtual links") Signed-off-by: Vladimir Oltean Signed-off-by: David S. Miller commit c6ae970bcc8e6f0b761111680ba78f7be43fb05a Author: Vladimir Oltean Date: Wed Jun 17 02:58:42 2020 +0300 net: dsa: sja1105: fix checks for VLAN state in redirect action This action requires the VLAN awareness state of the switch to be of the same type as the key that's being added: - If the switch is unaware of VLAN, then the tc filter key must only contain the destination MAC address. - If the switch is VLAN-aware, the key must also contain the VLAN ID and PCP. But this check doesn't work unless we verify the VLAN awareness state on both the "if" and the "else" branches. Fixes: dfacc5a23e22 ("net: dsa: sja1105: support flow-based redirection via virtual links") Signed-off-by: Vladimir Oltean Signed-off-by: David S. Miller commit 5b3b396c77677b51a6bd1aacd0fe2a04d1efa0ff Author: Vladimir Oltean Date: Wed Jun 17 02:58:41 2020 +0300 net: dsa: sja1105: remove debugging code in sja1105_vl_gate This shouldn't be there. Fixes: 834f8933d5dd ("net: dsa: sja1105: implement tc-gate using time-triggered virtual links") Signed-off-by: Vladimir Oltean Signed-off-by: David S. Miller commit b64ee4856c106fc743880c1a33074c7bcebf6eb6 Merge: ba61539c6ae5 c362a06e96ea Author: David S. Miller Date: Thu Jun 18 20:17:49 2020 -0700 Merge branch 'act_gate-fixes' Davide Caratti says: ==================== two fixes for 'act_gate' control plane - patch 1/2 attempts to fix the error path of tcf_gate_init() when users try to configure 'act_gate' rules with wrong parameters - patch 2/2 is a follow-up of a recent fix for NULL dereference in the error path of tcf_gate_init() further work will introduce a tdc test for 'act_gate'. changes since v2: - fix undefined behavior in patch 1/2 - improve comment in patch 2/2 changes since v1: coding style fixes in patch 1/2 and 2/2 ==================== Signed-off-by: David S. Miller commit c362a06e96eae16ccb7b0f4f93f19224279b8610 Author: Davide Caratti Date: Tue Jun 16 22:25:21 2020 +0200 net/sched: act_gate: fix configuration of the periodic timer assigning a dummy value of 'clock_id' to avoid cancellation of the cycle timer before its initialization was a temporary solution, and we still need to handle the case where act_gate timer parameters are changed by commands like the following one: # tc action replace action gate the fix consists in the following items: 1) remove the workaround assignment of 'clock_id', and init the list of entries before the first error path after IDR atomic check/allocation 2) validate 'clock_id' earlier: there is no need to do IDR atomic check/allocation if we know that 'clock_id' is a bad value 3) use a dedicated function, 'gate_setup_timer()', to ensure that the timer is cancelled and re-initialized on action overwrite, and also ensure we initialize the timer in the error path of tcf_gate_init() v3: improve comment in the error path of tcf_gate_init() (thanks to Vladimir Oltean) v2: avoid 'goto' in gate_setup_timer (thanks to Cong Wang) CC: Ivan Vecera Fixes: a01c245438c5 ("net/sched: fix a couple of splats in the error path of tfc_gate_init()") Fixes: a51c328df310 ("net: qos: introduce a gate control flow action") Signed-off-by: Davide Caratti Acked-by: Vladimir Oltean Tested-by: Vladimir Oltean Signed-off-by: David S. Miller commit 7024339a1cfa0d5bbfa628a7a35b67789cc86d7f Author: Davide Caratti Date: Tue Jun 16 22:25:20 2020 +0200 net/sched: act_gate: fix NULL dereference in tcf_gate_init() it is possible to see a KASAN use-after-free, immediately followed by a NULL dereference crash, with the following command: # tc action add action gate index 3 cycle-time 100000000ns \ > cycle-time-ext 100000000ns clockid CLOCK_TAI BUG: KASAN: use-after-free in tcf_action_init_1+0x8eb/0x960 Write of size 1 at addr ffff88810a5908bc by task tc/883 CPU: 0 PID: 883 Comm: tc Not tainted 5.7.0+ #188 Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 Call Trace: dump_stack+0x75/0xa0 print_address_description.constprop.6+0x1a/0x220 kasan_report.cold.9+0x37/0x7c tcf_action_init_1+0x8eb/0x960 tcf_action_init+0x157/0x2a0 tcf_action_add+0xd9/0x2f0 tc_ctl_action+0x2a3/0x39d rtnetlink_rcv_msg+0x5f3/0x920 netlink_rcv_skb+0x120/0x380 netlink_unicast+0x439/0x630 netlink_sendmsg+0x714/0xbf0 sock_sendmsg+0xe2/0x110 ____sys_sendmsg+0x5b4/0x890 ___sys_sendmsg+0xe9/0x160 __sys_sendmsg+0xd3/0x170 do_syscall_64+0x9a/0x370 entry_SYSCALL_64_after_hwframe+0x44/0xa9 [...] KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] CPU: 0 PID: 883 Comm: tc Tainted: G B 5.7.0+ #188 Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 RIP: 0010:tcf_action_fill_size+0xa3/0xf0 [....] RSP: 0018:ffff88813a48f250 EFLAGS: 00010212 RAX: dffffc0000000000 RBX: 0000000000000094 RCX: ffffffffa47c3eb6 RDX: 000000000000000e RSI: 0000000000000008 RDI: 0000000000000070 RBP: ffff88810a590800 R08: 0000000000000004 R09: ffffed1027491e03 R10: 0000000000000003 R11: ffffed1027491e03 R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: ffff88810a590800 FS: 00007f62cae8ce40(0000) GS:ffff888147c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f62c9d20a10 CR3: 000000013a52a000 CR4: 0000000000340ef0 Call Trace: tcf_action_init+0x172/0x2a0 tcf_action_add+0xd9/0x2f0 tc_ctl_action+0x2a3/0x39d rtnetlink_rcv_msg+0x5f3/0x920 netlink_rcv_skb+0x120/0x380 netlink_unicast+0x439/0x630 netlink_sendmsg+0x714/0xbf0 sock_sendmsg+0xe2/0x110 ____sys_sendmsg+0x5b4/0x890 ___sys_sendmsg+0xe9/0x160 __sys_sendmsg+0xd3/0x170 do_syscall_64+0x9a/0x370 entry_SYSCALL_64_after_hwframe+0x44/0xa9 this is caused by the test on 'cycletime_ext', that is still unassigned when the action is newly created. This makes the action .init() return 0 without calling tcf_idr_insert(), hence the UAF + crash. rework the logic that prevents zero values of cycle-time, as follows: 1) 'tcfg_cycletime_ext' seems to be unused in the action software path, and it was already possible by other means to obtain non-zero cycletime and zero cycletime-ext. So, removing that test should not cause any damage. 2) while at it, we must prevent overwriting configuration data with wrong ones: use a temporary variable for 'tcfg_cycletime', and validate it preserving the original semantic (that allowed computing the cycle time as the sum of all intervals, when not specified by TCA_GATE_CYCLE_TIME). 3) remove the test on 'tcfg_cycletime', no more useful, and avoid returning -EFAULT, which did not seem an appropriate return value for a wrong netlink attribute. v3: fix uninitialized 'cycletime' (thanks to Vladimir Oltean) v2: remove useless 'return;' at the end of void gate_get_start_time() Fixes: a51c328df310 ("net: qos: introduce a gate control flow action") CC: Ivan Vecera Signed-off-by: Davide Caratti Acked-by: Vladimir Oltean Tested-by: Vladimir Oltean Signed-off-by: David S. Miller commit ba61539c6ae57f4146284a5cb4f7b7ed8d42bf45 Author: Taehee Yoo Date: Tue Jun 16 16:51:51 2020 +0000 ip_tunnel: fix use-after-free in ip_tunnel_lookup() In the datapath, the ip_tunnel_lookup() is used and it internally uses fallback tunnel device pointer, which is fb_tunnel_dev. This pointer variable should be set to NULL when a fb interface is deleted. But there is no routine to set fb_tunnel_dev pointer to NULL. So, this pointer will be still used after interface is deleted and it eventually results in the use-after-free problem. Test commands: ip netns add A ip netns add B ip link add eth0 type veth peer name eth1 ip link set eth0 netns A ip link set eth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set eth0 up ip netns exec A ip link add gre1 type gre local 10.0.0.1 \ remote 10.0.0.2 ip netns exec A ip link set gre1 up ip netns exec A ip a a 10.0.100.1/24 dev gre1 ip netns exec A ip a a 10.0.0.1/24 dev eth0 ip netns exec B ip link set lo up ip netns exec B ip link set eth1 up ip netns exec B ip link add gre1 type gre local 10.0.0.2 \ remote 10.0.0.1 ip netns exec B ip link set gre1 up ip netns exec B ip a a 10.0.100.2/24 dev gre1 ip netns exec B ip a a 10.0.0.2/24 dev eth1 ip netns exec A hping3 10.0.100.2 -2 --flood -d 60000 & ip netns del B Splat looks like: [ 77.793450][ C3] ================================================================== [ 77.794702][ C3] BUG: KASAN: use-after-free in ip_tunnel_lookup+0xcc4/0xf30 [ 77.795573][ C3] Read of size 4 at addr ffff888060bd9c84 by task hping3/2905 [ 77.796398][ C3] [ 77.796664][ C3] CPU: 3 PID: 2905 Comm: hping3 Not tainted 5.8.0-rc1+ #616 [ 77.797474][ C3] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 77.798453][ C3] Call Trace: [ 77.798815][ C3] [ 77.799142][ C3] dump_stack+0x9d/0xdb [ 77.799605][ C3] print_address_description.constprop.7+0x2cc/0x450 [ 77.800365][ C3] ? ip_tunnel_lookup+0xcc4/0xf30 [ 77.800908][ C3] ? ip_tunnel_lookup+0xcc4/0xf30 [ 77.801517][ C3] ? ip_tunnel_lookup+0xcc4/0xf30 [ 77.802145][ C3] kasan_report+0x154/0x190 [ 77.802821][ C3] ? ip_tunnel_lookup+0xcc4/0xf30 [ 77.803503][ C3] ip_tunnel_lookup+0xcc4/0xf30 [ 77.804165][ C3] __ipgre_rcv+0x1ab/0xaa0 [ip_gre] [ 77.804862][ C3] ? rcu_read_lock_sched_held+0xc0/0xc0 [ 77.805621][ C3] gre_rcv+0x304/0x1910 [ip_gre] [ 77.806293][ C3] ? lock_acquire+0x1a9/0x870 [ 77.806925][ C3] ? gre_rcv+0xfe/0x354 [gre] [ 77.807559][ C3] ? erspan_xmit+0x2e60/0x2e60 [ip_gre] [ 77.808305][ C3] ? rcu_read_lock_sched_held+0xc0/0xc0 [ 77.809032][ C3] ? rcu_read_lock_held+0x90/0xa0 [ 77.809713][ C3] gre_rcv+0x1b8/0x354 [gre] [ ... ] Suggested-by: Eric Dumazet Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit dafabb6590cb15f300b77c095d50312e2c7c8e0f Author: Taehee Yoo Date: Tue Jun 16 16:04:00 2020 +0000 ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() In the datapath, the ip6gre_tunnel_lookup() is used and it internally uses fallback tunnel device pointer, which is fb_tunnel_dev. This pointer variable should be set to NULL when a fb interface is deleted. But there is no routine to set fb_tunnel_dev pointer to NULL. So, this pointer will be still used after interface is deleted and it eventually results in the use-after-free problem. Test commands: ip netns add A ip netns add B ip link add eth0 type veth peer name eth1 ip link set eth0 netns A ip link set eth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set eth0 up ip netns exec A ip link add ip6gre1 type ip6gre local fc:0::1 \ remote fc:0::2 ip netns exec A ip -6 a a fc:100::1/64 dev ip6gre1 ip netns exec A ip link set ip6gre1 up ip netns exec A ip -6 a a fc:0::1/64 dev eth0 ip netns exec A ip link set ip6gre0 up ip netns exec B ip link set lo up ip netns exec B ip link set eth1 up ip netns exec B ip link add ip6gre1 type ip6gre local fc:0::2 \ remote fc:0::1 ip netns exec B ip -6 a a fc:100::2/64 dev ip6gre1 ip netns exec B ip link set ip6gre1 up ip netns exec B ip -6 a a fc:0::2/64 dev eth1 ip netns exec B ip link set ip6gre0 up ip netns exec A ping fc:100::2 -s 60000 & ip netns del B Splat looks like: [ 73.087285][ C1] BUG: KASAN: use-after-free in ip6gre_tunnel_lookup+0x1064/0x13f0 [ip6_gre] [ 73.088361][ C1] Read of size 4 at addr ffff888040559218 by task ping/1429 [ 73.089317][ C1] [ 73.089638][ C1] CPU: 1 PID: 1429 Comm: ping Not tainted 5.7.0+ #602 [ 73.090531][ C1] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 73.091725][ C1] Call Trace: [ 73.092160][ C1] [ 73.092556][ C1] dump_stack+0x96/0xdb [ 73.093122][ C1] print_address_description.constprop.6+0x2cc/0x450 [ 73.094016][ C1] ? ip6gre_tunnel_lookup+0x1064/0x13f0 [ip6_gre] [ 73.094894][ C1] ? ip6gre_tunnel_lookup+0x1064/0x13f0 [ip6_gre] [ 73.095767][ C1] ? ip6gre_tunnel_lookup+0x1064/0x13f0 [ip6_gre] [ 73.096619][ C1] kasan_report+0x154/0x190 [ 73.097209][ C1] ? ip6gre_tunnel_lookup+0x1064/0x13f0 [ip6_gre] [ 73.097989][ C1] ip6gre_tunnel_lookup+0x1064/0x13f0 [ip6_gre] [ 73.098750][ C1] ? gre_del_protocol+0x60/0x60 [gre] [ 73.099500][ C1] gre_rcv+0x1c5/0x1450 [ip6_gre] [ 73.100199][ C1] ? ip6gre_header+0xf00/0xf00 [ip6_gre] [ 73.100985][ C1] ? rcu_read_lock_sched_held+0xc0/0xc0 [ 73.101830][ C1] ? ip6_input_finish+0x5/0xf0 [ 73.102483][ C1] ip6_protocol_deliver_rcu+0xcbb/0x1510 [ 73.103296][ C1] ip6_input_finish+0x5b/0xf0 [ 73.103920][ C1] ip6_input+0xcd/0x2c0 [ 73.104473][ C1] ? ip6_input_finish+0xf0/0xf0 [ 73.105115][ C1] ? rcu_read_lock_held+0x90/0xa0 [ 73.105783][ C1] ? rcu_read_lock_sched_held+0xc0/0xc0 [ 73.106548][ C1] ipv6_rcv+0x1f1/0x300 [ ... ] Suggested-by: Eric Dumazet Fixes: c12b395a4664 ("gre: Support GRE over IPv6") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit fb7861d14c8d7edac65b2fcb6e8031cb138457b2 Author: Taehee Yoo Date: Tue Jun 16 15:52:05 2020 +0000 net: core: reduce recursion limit value In the current code, ->ndo_start_xmit() can be executed recursively only 10 times because of stack memory. But, in the case of the vxlan, 10 recursion limit value results in a stack overflow. In the current code, the nested interface is limited by 8 depth. There is no critical reason that the recursion limitation value should be 10. So, it would be good to be the same value with the limitation value of nesting interface depth. Test commands: ip link add vxlan10 type vxlan vni 10 dstport 4789 srcport 4789 4789 ip link set vxlan10 up ip a a 192.168.10.1/24 dev vxlan10 ip n a 192.168.10.2 dev vxlan10 lladdr fc:22:33:44:55:66 nud permanent for i in {9..0} do let A=$i+1 ip link add vxlan$i type vxlan vni $i dstport 4789 srcport 4789 4789 ip link set vxlan$i up ip a a 192.168.$i.1/24 dev vxlan$i ip n a 192.168.$i.2 dev vxlan$i lladdr fc:22:33:44:55:66 nud permanent bridge fdb add fc:22:33:44:55:66 dev vxlan$A dst 192.168.$i.2 self done hping3 192.168.10.2 -2 -d 60000 Splat looks like: [ 103.814237][ T1127] ============================================================================= [ 103.871955][ T1127] BUG kmalloc-2k (Tainted: G B ): Padding overwritten. 0x00000000897a2e4f-0x000 [ 103.873187][ T1127] ----------------------------------------------------------------------------- [ 103.873187][ T1127] [ 103.874252][ T1127] INFO: Slab 0x000000005cccc724 objects=5 used=5 fp=0x0000000000000000 flags=0x10000000001020 [ 103.881323][ T1127] CPU: 3 PID: 1127 Comm: hping3 Tainted: G B 5.7.0+ #575 [ 103.882131][ T1127] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 103.883006][ T1127] Call Trace: [ 103.883324][ T1127] dump_stack+0x96/0xdb [ 103.883716][ T1127] slab_err+0xad/0xd0 [ 103.884106][ T1127] ? _raw_spin_unlock+0x1f/0x30 [ 103.884620][ T1127] ? get_partial_node.isra.78+0x140/0x360 [ 103.885214][ T1127] slab_pad_check.part.53+0xf7/0x160 [ 103.885769][ T1127] ? pskb_expand_head+0x110/0xe10 [ 103.886316][ T1127] check_slab+0x97/0xb0 [ 103.886763][ T1127] alloc_debug_processing+0x84/0x1a0 [ 103.887308][ T1127] ___slab_alloc+0x5a5/0x630 [ 103.887765][ T1127] ? pskb_expand_head+0x110/0xe10 [ 103.888265][ T1127] ? lock_downgrade+0x730/0x730 [ 103.888762][ T1127] ? pskb_expand_head+0x110/0xe10 [ 103.889244][ T1127] ? __slab_alloc+0x3e/0x80 [ 103.889675][ T1127] __slab_alloc+0x3e/0x80 [ 103.890108][ T1127] __kmalloc_node_track_caller+0xc7/0x420 [ ... ] Fixes: 11a766ce915f ("net: Increase xmit RECURSION_LIMIT to 10.") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit 814152a89ed52c722ab92e9fbabcac3cb8a39245 Author: Yang Yingliang Date: Tue Jun 16 09:39:21 2020 +0000 net: fix memleak in register_netdevice() I got a memleak report when doing some fuzz test: unreferenced object 0xffff888112584000 (size 13599): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 32 bytes): 74 61 70 30 00 00 00 00 00 00 00 00 00 00 00 00 tap0............ 00 ee d9 19 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<000000002f60ba65>] __kmalloc_node+0x309/0x3a0 [<0000000075b211ec>] kvmalloc_node+0x7f/0xc0 [<00000000d3a97396>] alloc_netdev_mqs+0x76/0xfc0 [<00000000609c3655>] __tun_chr_ioctl+0x1456/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff888111845cc0 (size 8): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 8 bytes): 74 61 70 30 00 88 ff ff tap0.... backtrace: [<000000004c159777>] kstrdup+0x35/0x70 [<00000000d8b496ad>] kstrdup_const+0x3d/0x50 [<00000000494e884a>] kvasprintf_const+0xf1/0x180 [<0000000097880a2b>] kobject_set_name_vargs+0x56/0x140 [<000000008fbdfc7b>] dev_set_name+0xab/0xe0 [<000000005b99e3b4>] netdev_register_kobject+0xc0/0x390 [<00000000602704fe>] register_netdevice+0xb61/0x1250 [<000000002b7ca244>] __tun_chr_ioctl+0x1cd1/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff88811886d800 (size 512): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff c0 66 3d a3 ff ff ff ff .........f=..... backtrace: [<0000000050315800>] device_add+0x61e/0x1950 [<0000000021008dfb>] netdev_register_kobject+0x17e/0x390 [<00000000602704fe>] register_netdevice+0xb61/0x1250 [<000000002b7ca244>] __tun_chr_ioctl+0x1cd1/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 If call_netdevice_notifiers() failed, then rollback_registered() calls netdev_unregister_kobject() which holds the kobject. The reference cannot be put because the netdev won't be add to todo list, so it will leads a memleak, we need put the reference to avoid memleak. Reported-by: Hulk Robot Signed-off-by: Yang Yingliang Signed-off-by: David S. Miller commit 1a642ca7f38992b086101fe204a1ae3c90ed8016 Author: Sascha Hauer Date: Tue Jun 16 10:31:40 2020 +0200 net: ethernet: mvneta: Add 2500BaseX support for SoCs without comphy The older SoCs like Armada XP support a 2500BaseX mode in the datasheets referred to as DR-SGMII (Double rated SGMII) or HS-SGMII (High Speed SGMII). This is an upclocked 1000BaseX mode, thus PHY_INTERFACE_MODE_2500BASEX is the appropriate mode define for it. adding support for it merely means writing the correct magic value into the MVNETA_SERDES_CFG register. Signed-off-by: Sascha Hauer Signed-off-by: David S. Miller commit b4748553f53f2971e07d2619f13d461daac0f3bb Author: Sascha Hauer Date: Tue Jun 16 10:31:39 2020 +0200 net: ethernet: mvneta: Fix Serdes configuration for SoCs without comphy The MVNETA_SERDES_CFG register is only available on older SoCs like the Armada XP. On newer SoCs like the Armada 38x the fields are moved to comphy. This patch moves the writes to this register next to the comphy initialization, so that depending on the SoC either comphy or MVNETA_SERDES_CFG is configured. With this we no longer write to the MVNETA_SERDES_CFG on SoCs where it doesn't exist. Suggested-by: Russell King Signed-off-by: Sascha Hauer Signed-off-by: David S. Miller commit 0e2c09011d4de4161f615ff860a605a9186cf62a Author: Atish Patra Date: Wed Jun 17 13:37:32 2020 -0700 RISC-V: Acquire mmap lock before invoking walk_page_range As per walk_page_range documentation, mmap lock should be acquired by the caller before invoking walk_page_range. mmap_assert_locked gets triggered without that. The details can be found here. http://lists.infradead.org/pipermail/linux-riscv/2020-June/010335.html Fixes: 395a21ff859c(riscv: add ARCH_HAS_SET_DIRECT_MAP support) Signed-off-by: Atish Patra Reviewed-by: Michel Lespinasse Reviewed-by: Zong Li Signed-off-by: Palmer Dabbelt commit e0d17c842c0f824fd4df9f4688709fc6907201e1 Author: Yash Shah Date: Tue Jun 16 19:33:06 2020 +0530 RISC-V: Don't allow write+exec only page mapping request in mmap As per the table 4.4 of version "20190608-Priv-MSU-Ratified" of the RISC-V instruction set manual[0], the PTE permission bit combination of "write+exec only" is reserved for future use. Hence, don't allow such mapping request in mmap call. An issue is been reported by David Abdurachmanov, that while running stress-ng with "sysbadaddr" argument, RCU stalls are observed on RISC-V specific kernel. This issue arises when the stress-sysbadaddr request for pages with "write+exec only" permission bits and then passes the address obtain from this mmap call to various system call. For the riscv kernel, the mmap call should fail for this particular combination of permission bits since it's not valid. [0]: http://dabbelt.com/~palmer/keep/riscv-isa-manual/riscv-privileged-20190608-1.pdf Signed-off-by: Yash Shah Reported-by: David Abdurachmanov [Palmer: Refer to the latest ISA specification at the only link I could find, and update the terminology.] Signed-off-by: Palmer Dabbelt commit 8a7a3d1d0dcf2bb63dafe7275020420005e13e54 Merge: 7ac98ff024db da9cebe16930 Author: Dave Airlie Date: Fri Jun 19 10:02:28 2020 +1000 Merge tag 'amd-drm-fixes-5.8-2020-06-17' of git://people.freedesktop.org/~agd5f/linux into drm-fixes amd-drm-fixes-5.8-2020-06-17: amdgpu: - Fix kvfree/kfree mixup - Fix hawaii device id in powertune configuration - Display FP fixes - Documentation fixes amdkfd: - devcgroup check fix Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20200617220733.3773183-1-alexander.deucher@amd.com commit 7ac98ff024db3c4bf95873a4174213a258a9a04e Merge: b3a9e3b9622a 8e68c6340d58 Author: Dave Airlie Date: Fri Jun 19 09:45:47 2020 +1000 Merge tag 'drm-intel-fixes-2020-06-18' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes - Fix for timeslicing and virtual engines/unpremptable requests (+ 1 dependency patch) - Fixes into TypeC register programming and interrupt storm detecting - Disable DIP on MST ports with the transcoder clock still on - Avoid missing GT workarounds at reset for HSW and older gens - Fix for unwinding multiple requests missing force restore - Fix encoder type check for DDI vswing sequence - Build warning fixes Signed-off-by: Dave Airlie From: Joonas Lahtinen Link: https://patchwork.freedesktop.org/patch/msgid/20200618124659.GA12342@jlahtine-desk.ger.corp.intel.com commit 10011f7d95dea311c0f2a3ea6725b5a2e97015a8 Author: Eugeniy Paltsev Date: Thu Jun 4 20:39:25 2020 +0300 ARCv2: support loop buffer (LPB) disabling On HS cores, loop buffer (LPB) is programmable in runtime and can be optionally disabled. Signed-off-by: Eugeniy Paltsev Signed-off-by: Vineet Gupta commit 5e857ce6eae7ca21b2055cca4885545e29228fe2 Merge: 670d0a4b1070 0c389d89abc2 Author: Linus Torvalds Date: Thu Jun 18 12:35:51 2020 -0700 Merge branch 'hch' (maccess patches from Christoph Hellwig) Merge non-faulting memory access cleanups from Christoph Hellwig: "Andrew and I decided to drop the patches implementing your suggested rename of the probe_kernel_* and probe_user_* helpers from -mm as there were way to many conflicts. After -rc1 might be a good time for this as all the conflicts are resolved now" This also adds a type safety checking patch on top of the renaming series to make the subtle behavioral difference between 'get_user()' and 'get_kernel_nofault()' less potentially dangerous and surprising. * emailed patches from Christoph Hellwig : maccess: make get_kernel_nofault() check for minimal type compatibility maccess: rename probe_kernel_address to get_kernel_nofault maccess: rename probe_user_{read,write} to copy_{from,to}_user_nofault maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault commit 0c389d89abc28edf70ae847ee2fa55acb267b826 Author: Linus Torvalds Date: Thu Jun 18 12:10:37 2020 -0700 maccess: make get_kernel_nofault() check for minimal type compatibility Now that we've renamed probe_kernel_address() to get_kernel_nofault() and made it look and behave more in line with get_user(), some of the subtle type behavior differences end up being more obvious and possibly dangerous. When you do get_user(val, user_ptr); the type of the access comes from the "user_ptr" part, and the above basically acts as val = *user_ptr; by design (except, of course, for the fact that the actual dereference is done with a user access). Note how in the above case, the type of the end result comes from the pointer argument, and then the value is cast to the type of 'val' as part of the assignment. So the type of the pointer is ultimately the more important type both for the access itself. But 'get_kernel_nofault()' may now _look_ similar, but it behaves very differently. When you do get_kernel_nofault(val, kernel_ptr); it behaves like val = *(typeof(val) *)kernel_ptr; except, of course, for the fact that the actual dereference is done with exception handling so that a faulting access is suppressed and returned as the error code. But note how different the casting behavior of the two superficially similar accesses are: one does the actual access in the size of the type the pointer points to, while the other does the access in the size of the target, and ignores the pointer type entirely. Actually changing get_kernel_nofault() to act like get_user() is almost certainly the right thing to do eventually, but in the meantime this patch adds logit to at least verify that the pointer type is compatible with the type of the result. In many cases, this involves just casting the pointer to 'void *' to make it obvious that the type of the pointer is not the important part. It's not how 'get_user()' acts, but at least the behavioral difference is now obvious and explicit. Cc: Christoph Hellwig Signed-off-by: Linus Torvalds commit f751820bc319a30d31a80fe511d88642aaefcdee Author: Alex Williamson Date: Thu Jun 18 13:07:13 2020 -0600 vfio/type1: Fix migration info capability ID ID 1 is already used by the IOVA range capability, use ID 2. Reported-by: Liu Yi L Fixes: ad721705d09c ("vfio iommu: Add migration capability to report supported features") Reviewed-by: Kirti Wankhede Signed-off-by: Alex Williamson commit 8c31055758bcd567d3c9b0507123c25249108fda Author: Flavio Suligoi Date: Mon Jun 15 09:58:35 2020 +0200 doc: devicetree: bindings: fix spelling mistake Fix typo: "triger" --> "trigger" Acked-by: Guo Ren Signed-off-by: Flavio Suligoi Link: https://lore.kernel.org/r/20200615075835.15202-1-f.suligoi@asem.it Signed-off-by: Rob Herring commit ee470bb25d0dcdf126f586ec0ae6dca66cb340a4 Author: Borislav Petkov Date: Thu Jun 18 20:25:25 2020 +0200 EDAC/amd64: Read back the scrub rate PCI register on F15h Commit: da92110dfdfa ("EDAC, amd64_edac: Extend scrub rate support to F15hM60h") added support for F15h, model 0x60 CPUs but in doing so, missed to read back SCRCTRL PCI config register on F15h CPUs which are *not* model 0x60. Add that read so that doing $ cat /sys/devices/system/edac/mc/mc0/sdram_scrub_rate can show the previously set DRAM scrub rate. Fixes: da92110dfdfa ("EDAC, amd64_edac: Extend scrub rate support to F15hM60h") Reported-by: Anders Andersson Signed-off-by: Borislav Petkov Cc: #v4.4.. Link: https://lkml.kernel.org/r/CAKkunMbNWppx_i6xSdDHLseA2QQmGJqj_crY=NF-GZML5np4Vw@mail.gmail.com commit 9e0dc7b9e1cbc9cd0dc4ab2377c0536d4b18bedc Author: Max Gurtovoy Date: Wed Jun 17 16:02:30 2020 +0300 RDMA/mlx5: Fix integrity enabled QP creation create_flags checks was refactored and broke the creation on integrity enabled QPs and actually broke the NVMe/RDMA and iSER ULP's when using mlx5 driven devices. Fixes: 2978975ce7f1 ("RDMA/mlx5: Process create QP flags in one place") Link: https://lore.kernel.org/r/20200617130230.2846915-1-leon@kernel.org Signed-off-by: Max Gurtovoy Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 25f12ae45fc1931a1dce3cc59f9989a9d87834b0 Author: Christoph Hellwig Date: Wed Jun 17 09:37:55 2020 +0200 maccess: rename probe_kernel_address to get_kernel_nofault Better describe what this helper does, and match the naming of copy_from_kernel_nofault. Also switch the argument order around, so that it acts and looks like get_user(). Signed-off-by: Christoph Hellwig Signed-off-by: Linus Torvalds commit 2c0f5292d5358c2c5576146071d641110c3c1612 Author: Leon Romanovsky Date: Thu Jun 18 14:25:06 2020 +0300 RDMA/mlx5: Remove ECE limitation from the RAW_PACKET QPs Like any other QP type, rely on FW for the RAW_PACKET QPs to decide if ECE is supported or not. This fixes an inability to create RAW_PACKET QPs with latest rdma-core with the ECE support. Fixes: e383085c2425 ("RDMA/mlx5: Set ECE options during QP create") Link: https://lore.kernel.org/r/20200618112507.3453496-2-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit d44335572f76020ef473d7977d9fd424e6fc0021 Author: Maor Gottlieb Date: Thu Jun 18 14:25:07 2020 +0300 RDMA/mlx5: Fix remote gid value in query QP Remote gid is not copied to the right address. Fix it by using rdma_ah_set_dgid_raw to copy the remote gid value from the QP context on query QP. Fixes: 70bd7fb87625 ("RDMA/mlx5: Remove manually crafted QP context the query call") Link: https://lore.kernel.org/r/20200618112507.3453496-3-leon@kernel.org Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 6c41965d647a97b51ff665c7406ec9435aab7fc1 Author: Leon Romanovsky Date: Wed Jun 17 16:01:48 2020 +0300 RDMA/mlx5: Don't access ib_qp fields in internal destroy QP path destroy_qp_common is called for flows where QP is already created by HW. While it is called from IB/core, the ibqp.* fields will be fully initialized, but it is not the case if this function is called during QP creation. Don't rely on ibqp fields as much as possible and initialize send_cq/recv_cq as temporal solution till all drivers will be converted to IB/core QP allocation scheme. refcount_t: underflow; use-after-free. WARNING: CPU: 1 PID: 5372 at lib/refcount.c:28 refcount_warn_saturate+0xfe/0x1a0 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 5372 Comm: syz-executor.2 Not tainted 5.5.0-rc5 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Call Trace: mlx5_core_put_rsc+0x70/0x80 destroy_resource_common+0x8e/0xb0 mlx5_core_destroy_qp+0xaf/0x1d0 mlx5_ib_destroy_qp+0xeb0/0x1460 ib_destroy_qp_user+0x2d5/0x7d0 create_qp+0xed3/0x2130 ib_uverbs_create_qp+0x13e/0x190 ? ib_uverbs_ex_create_qp ib_uverbs_write+0xaa5/0xdf0 __vfs_write+0x7c/0x100 ksys_write+0xc8/0x200 do_syscall_64+0x9c/0x390 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 08d53976609a ("RDMA/mlx5: Copy response to the user in one place") Link: https://lore.kernel.org/r/20200617130148.2846643-1-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit d0793c3c61348ac222e5b3b2458cf9dd76917c34 Author: Mauro Carvalho Chehab Date: Mon Jun 15 08:47:06 2020 +0200 docs: dt: minor adjustments at writing-schema.rst There are two literal blocks that aren't mark as such. Mark them, in order to make the document to produce a better html output. While here, also add a SPDX header to it. Signed-off-by: Mauro Carvalho Chehab Link: https://lore.kernel.org/r/14fc680fd6596b277f94bb5a240cc9dfc41d59bf.1592203542.git.mchehab+huawei@kernel.org Signed-off-by: Rob Herring commit 6cb69ea53479958f914e03b21bab0ac152b8f949 Author: Mauro Carvalho Chehab Date: Mon Jun 15 08:46:54 2020 +0200 dt: fix reference to olpc,xo1.75-ec.txt This file was converted and renamed. Fixes: 7882d822b3f9 ("dt-bindings: spi: Convert spi-pxa2xx to json-schema") Reviewed-by: Lubomir Rintel Signed-off-by: Mauro Carvalho Chehab Link: https://lore.kernel.org/r/d0262854582ee754e4b8bd80677d96b3e098ea5c.1592203542.git.mchehab+huawei@kernel.org Signed-off-by: Rob Herring commit 9ac2a66158129e27ef19df602efffbd50da0cdef Author: Mauro Carvalho Chehab Date: Mon Jun 15 08:46:53 2020 +0200 dt: Fix broken references to renamed docs Some files got renamed. Those were all fixed automatically by ./scripts/documentation-file-ref-check --fix Reviewed-by: Philipp Zabel Acked-by: Mark Brown Signed-off-by: Mauro Carvalho Chehab Link: https://lore.kernel.org/r/6866c0d6d10ce36bb151c2d3752a20eb5122c532.1592203542.git.mchehab+huawei@kernel.org Signed-off-by: Rob Herring commit 670d0a4b10704667765f7d18f7592993d02783aa Author: Luc Van Oostenryck Date: Thu Jun 18 00:02:26 2020 +0200 sparse: use identifiers to define address spaces Currently, address spaces in warnings are displayed as '' with 'X' being the address space's arbitrary number. But since sparse v0.6.0-rc1 (late December 2018), sparse allows you to define the address spaces using an identifier instead of a number. This identifier is then directly used in the warnings. So, use the identifiers '__user', '__iomem', '__percpu' & '__rcu' for the corresponding address spaces. The default address space, __kernel, being not displayed in warnings, stays defined as '0'. With this change, warnings that used to be displayed as: cast removes address space '' of expression ... void [noderef] * will now be displayed as: cast removes address space '__user' of expression ... void [noderef] __iomem * This also moves the __kernel annotation to be the first one, since it is quite different from the others because it's the default one, and so: - it's never displayed - it's normally not needed, nor in type annotations, nor in cast between address spaces. The only time it's needed is when it's combined with a typeof to express "the same type as this one but without the address space" - it can't be defined with a name, '0' must be used. So, it seemed strange to me to have it in the middle of the other ones. Signed-off-by: Luc Van Oostenryck Acked-by: Miguel Ojeda Signed-off-by: Linus Torvalds commit 06096cc6c5a84ced929634b0d79376b94c65a4bd Author: Zhenzhong Duan Date: Thu Jun 18 11:21:25 2020 +0800 spi: spidev: fix a potential use-after-free in spidev_release() If an spi device is unbounded from the driver before the release process, there will be an NULL pointer reference when it's referenced in spi_slave_abort(). Fix it by checking it's already freed before reference. Signed-off-by: Zhenzhong Duan Link: https://lore.kernel.org/r/20200618032125.4650-2-zhenzhong.duan@gmail.com Signed-off-by: Mark Brown commit abd42781c3d2155868821f1b947ae45bbc33330d Author: Zhenzhong Duan Date: Thu Jun 18 11:21:24 2020 +0800 spi: spidev: fix a race between spidev_release and spidev_remove Imagine below scene, spidev is referenced after it's freed. spidev_release() spidev_remove() ... spin_lock_irq(&spidev->spi_lock); spidev->spi = NULL; spin_unlock_irq(&spidev->spi_lock); mutex_lock(&device_list_lock); dofree = (spidev->spi == NULL); if (dofree) kfree(spidev); mutex_unlock(&device_list_lock); mutex_lock(&device_list_lock); list_del(&spidev->device_entry); device_destroy(spidev_class, spidev->devt); clear_bit(MINOR(spidev->devt), minors); if (spidev->users == 0) kfree(spidev); mutex_unlock(&device_list_lock); Fix it by resetting spidev->spi in device_list_lock's protection. Signed-off-by: Zhenzhong Duan Link: https://lore.kernel.org/r/20200618032125.4650-1-zhenzhong.duan@gmail.com Signed-off-by: Mark Brown commit d985becff25f0ddc7ef0d143ee9897014abe8d32 Author: Mauro Carvalho Chehab Date: Mon Jun 15 08:46:52 2020 +0200 dt: fix broken links due to txt->yaml renames There are some new broken doc links due to yaml renames at DT. Developers should really run: ./scripts/documentation-file-ref-check in order to solve those issues while submitting patches. This tool can even fix most of the issues with: ./scripts/documentation-file-ref-check --fix Acked-by: Thomas Bogendoerfer Acked-by: Mark Brown Signed-off-by: Mauro Carvalho Chehab Link: https://lore.kernel.org/r/0e4a7f0b7efcc8109c8a41a2e13c8adde4d9c6b9.1592203542.git.mchehab+huawei@kernel.org Signed-off-by: Rob Herring commit f2d94b86cdba14c9c98e3f1ce92b161f77523e83 Author: Mauro Carvalho Chehab Date: Mon Jun 15 08:46:51 2020 +0200 dt: update a reference for reneases pcar file renamed to yaml This file was renamed, but its reference at pfc-pinctl.txt is still pointing to the old file. Fixes: 7f7d408e5a00 ("dt-bindings: gpio: rcar: Convert to json-schema") Reviewed-by: Geert Uytterhoeven Signed-off-by: Mauro Carvalho Chehab Link: https://lore.kernel.org/r/72d7ec91a60e852d34f3e15bc5faef1f62a8260e.1592203542.git.mchehab+huawei@kernel.org Signed-off-by: Rob Herring commit f141a422159a199f4c8dedb7e0df55b3b2cf16cd Author: Qiushi Wu Date: Sat Jun 13 15:51:58 2020 -0500 ASoC: rockchip: Fix a reference count leak. Calling pm_runtime_get_sync increments the counter even in case of failure, causing incorrect ref count if pm_runtime_put is not called in error handling paths. Call pm_runtime_put if pm_runtime_get_sync fails. Fixes: fc05a5b22253 ("ASoC: rockchip: add support for pdm controller") Signed-off-by: Qiushi Wu Reviewed-by: Heiko Stuebner Link: https://lore.kernel.org/r/20200613205158.27296-1-wu000273@umn.edu Signed-off-by: Mark Brown commit 0f1441b44e823a74f3f3780902a113e07c73fbf6 Author: Peter Zijlstra Date: Fri Jun 12 16:05:26 2020 +0200 objtool: Fix noinstr vs KCOV Since many compilers cannot disable KCOV with a function attribute, help it to NOP out any __sanitizer_cov_*() calls injected in noinstr code. This turns: 12: e8 00 00 00 00 callq 17 13: R_X86_64_PLT32 __sanitizer_cov_trace_pc-0x4 into: 12: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 13: R_X86_64_NONE __sanitizer_cov_trace_pc-0x4 Just like recordmcount does. Signed-off-by: Peter Zijlstra (Intel) Acked-by: Dmitry Vyukov commit fdabdd0b05e0bdf232340d5da86563ed142a99a7 Author: Peter Zijlstra Date: Fri Jun 12 15:43:00 2020 +0200 objtool: Provide elf_write_{insn,reloc}() This provides infrastructure to rewrite instructions; this is immediately useful for helping out with KCOV-vs-noinstr, but will also come in handy for a bunch of variable sized jump-label patches that are still on ice. Signed-off-by: Peter Zijlstra (Intel) commit 2b10be23ac0f8e107fd575397361ddbaebc2944b Author: Peter Zijlstra Date: Fri Apr 17 23:15:00 2020 +0200 objtool: Clean up elf_write() condition With there being multiple ways to change the ELF data, let's more concisely track modification. Signed-off-by: Peter Zijlstra (Intel) commit 3373a3461aa15b7f9a871fa4cb2c9ef21ac20b47 Author: Zheng Bin Date: Thu Jun 18 12:21:38 2020 +0800 block: make function 'kill_bdev' static kill_bdev does not have any external user, so make it static. Signed-off-by: Zheng Bin Reviewed-by: Christoph Hellwig Reviewed-by: Bart Van Assche Signed-off-by: Jens Axboe commit f4bd34b139a3fa2808c4205f12714c65e1548c6c Author: Zheng Bin Date: Thu Jun 18 12:21:37 2020 +0800 loop: replace kill_bdev with invalidate_bdev When a filesystem is mounted on a loop device and on a loop ioctl LOOP_SET_STATUS64, because of kill_bdev, buffer_head mappings are getting destroyed. kill_bdev truncate_inode_pages truncate_inode_pages_range do_invalidatepage block_invalidatepage discard_buffer -->clear BH_Mapped flag sb_bread __bread_gfp bh = __getblk_gfp -->discard_buffer clear BH_Mapped flag __bread_slow submit_bh submit_bh_wbc BUG_ON(!buffer_mapped(bh)) --> hit this BUG_ON Fixes: 5db470e229e2 ("loop: drop caches if offset or block_size are changed") Signed-off-by: Zheng Bin Reviewed-by: Christoph Hellwig Reviewed-by: Bart Van Assche Signed-off-by: Jens Axboe commit b5292111de9bb70cba3489075970889765302136 Author: Kai-Heng Feng Date: Wed Jun 3 15:48:19 2020 +0800 libata: Use per port sync for detach Commit 130f4caf145c ("libata: Ensure ata_port probe has completed before detach") may cause system freeze during suspend. Using async_synchronize_full() in PM callbacks is wrong, since async callbacks that are already scheduled may wait for not-yet-scheduled callbacks, causes a circular dependency. Instead of using big hammer like async_synchronize_full(), use async cookie to make sure port probe are synced, without affecting other scheduled PM callbacks. Fixes: 130f4caf145c ("libata: Ensure ata_port probe has completed before detach") Suggested-by: John Garry Signed-off-by: Kai-Heng Feng Tested-by: John Garry BugLink: https://bugs.launchpad.net/bugs/1867983 Signed-off-by: Jens Axboe commit bc163c2046c5867df7d2b03e85bca29adf83fa32 Author: Andy Shevchenko Date: Wed Apr 22 16:03:17 2020 +0300 partitions/ldm: Replace uuid_copy() with import_uuid() where it makes sense There is a specific API to treat raw data as UUID, i.e. import_uuid(). Use it instead of uuid_copy() with explicit casting. Signed-off-by: Andy Shevchenko Signed-off-by: Jens Axboe commit e353b325948d04f1305a7b4ad32eca87ba0823a2 Author: Adam Ford Date: Tue May 26 12:09:39 2020 -0500 arm64: dts: imx8mm-beacon: Fix voltages on LDO1 and LDO2 LDO1 and LDO2 settings are wrong and case the voltage to go above the maximum level of 2.15V permitted by the SoC to 3.0V. This patch is based on work done on the i.MX8M Mini-EVK which utilizes the same fix. Fixes: 593816fa2f35 ("arm64: dts: imx: Add Beacon i.MX8m-Mini development kit") Signed-off-by: Adam Ford Reviewed-by: Daniel Baluta Signed-off-by: Shawn Guo commit 6f2cc1664db20676069cff27a461ccc97dbfd114 Author: Xiaoguang Wang Date: Thu Jun 18 15:01:56 2020 +0800 io_uring: fix possible race condition against REQ_F_NEED_CLEANUP In io_read() or io_write(), when io request is submitted successfully, it'll go through the below sequence: kfree(iovec); req->flags &= ~REQ_F_NEED_CLEANUP; return ret; But clearing REQ_F_NEED_CLEANUP might be unsafe. The io request may already have been completed, and then io_complete_rw_iopoll() and io_complete_rw() will be called, both of which will also modify req->flags if needed. This causes a race condition, with concurrent non-atomic modification of req->flags. To eliminate this race, in io_read() or io_write(), if io request is submitted successfully, we don't remove REQ_F_NEED_CLEANUP flag. If REQ_F_NEED_CLEANUP is set, we'll leave __io_req_aux_free() to the iovec cleanup work correspondingly. Cc: stable@vger.kernel.org Signed-off-by: Xiaoguang Wang Signed-off-by: Jens Axboe commit 4121fb0db68ed4de574f9bdc630b75fcc99b4835 Author: Leon Romanovsky Date: Wed Jun 17 09:18:26 2020 +0300 RDMA/core: Check that type_attrs is not NULL prior access In disassociate flow, the type_attrs is set to be NULL, which is in an implicit way is checked in alloc_uobj() by "if (!attrs->context)". Change the logic to rely on that check, to be consistent with other alloc_uobj() places that will fix the following kernel splat. BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 3 PID: 2743 Comm: python3 Not tainted 5.7.0-rc6-for-upstream-perf-2020-05-23_19-04-38-5 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 RIP: 0010:alloc_begin_fd_uobject+0x18/0xf0 [ib_uverbs] Code: 89 43 48 eb 97 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 55 49 89 f5 41 54 55 48 89 fd 53 48 83 ec 08 48 8b 1f <48> 8b 43 18 48 8b 80 80 00 00 00 48 3d 20 10 33 a0 74 1c 48 3d 30 RSP: 0018:ffffc90001127b70 EFLAGS: 00010282 RAX: ffffffffa0339fe0 RBX: 0000000000000000 RCX: 8000000000000007 RDX: fffffffffffffffb RSI: ffffc90001127d28 RDI: ffff88843fe1f600 RBP: ffff88843fe1f600 R08: ffff888461eb06d8 R09: ffff888461eb06f8 R10: ffff888461eb0700 R11: 0000000000000000 R12: ffff88846a5f6450 R13: ffffc90001127d28 R14: ffff88845d7d6ea0 R15: ffffc90001127cb8 FS: 00007f469bff1540(0000) GS:ffff88846f980000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 0000000450018003 CR4: 0000000000760ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ? xa_store+0x28/0x40 rdma_alloc_begin_uobject+0x4f/0x90 [ib_uverbs] ib_uverbs_create_comp_channel+0x87/0xf0 [ib_uverbs] ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xb1/0xf0 [ib_uverbs] ib_uverbs_cmd_verbs.isra.8+0x96d/0xae0 [ib_uverbs] ? get_page_from_freelist+0x3bb/0xf70 ? _copy_to_user+0x22/0x30 ? uverbs_disassociate_api+0xd0/0xd0 [ib_uverbs] ? __wake_up_common_lock+0x87/0xc0 ib_uverbs_ioctl+0xbc/0x130 [ib_uverbs] ksys_ioctl+0x83/0xc0 ? ksys_write+0x55/0xd0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x48/0x130 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f469ac43267 Fixes: 849e149063bd ("RDMA/core: Do not allow alloc_commit to fail") Link: https://lore.kernel.org/r/20200617061826.2625359-1-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 3ec5f54f7a0fdf706951f379d3148798325e516f Author: Yangyang Li Date: Tue Jun 16 21:39:38 2020 +0800 RDMA/hns: Fix an cmd queue issue when resetting If a IMP reset caused by some hardware errors and hns RoCE driver reset occurred at the same time, there is a possiblity that the IMP will stop dealing with command and users can't use the hardware. The logs are as follows: hns3 0000:fd:00.1: cleaned 0, need to clean 1 hns3 0000:fd:00.1: firmware version query failed -11 hns3 0000:fd:00.1: Cmd queue init failed hns3 0000:fd:00.1: Upgrade reset level hns3 0000:fd:00.1: global reset interrupt The hns NIC driver divides the reset process into 3 status: initialization, hardware resetting and softwaring restting. RoCE driver gets reset status by interfaces provided by NIC driver and commands will not be sent to the IMP if the driver is in any above status. The main reason for this issue is that there is a time gap between status 1 and 2, if the RoCE driver sends commands to the IMP during this gap, the IMP will stop working because it is not ready. To eliminate the time gap, the hns NIC driver has added a new interface in commit a4de02287abb9 ("net: hns3: provide .get_cmdq_stat interface for the client"), so RoCE driver can ensure that no commands will be sent during resetting. Link: https://lore.kernel.org/r/1592314778-52822-1-git-send-email-liweihang@huawei.com Signed-off-by: Yangyang Li Signed-off-by: Weihang Li Signed-off-by: Jason Gunthorpe commit 98a6151907cb5512eb6ba8b90644e3ace2d2fc46 Author: Yangyang Li Date: Tue Jun 16 21:37:09 2020 +0800 RDMA/hns: Fix a calltrace when registering MR from userspace ibmr.device is assigned after MR is successfully registered, but both write_mtpt() and frmr_write_mtpt() accesses it during the mr registration process, which may cause the following error when trying to register MR in userspace and pbl_hop_num is set to 0. pc : hns_roce_mtr_find+0xa0/0x200 [hns_roce] lr : set_mtpt_pbl+0x54/0x118 [hns_roce_hw_v2] sp : ffff00023e73ba20 x29: ffff00023e73ba20 x28: ffff00023e73bad8 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000002 x24: 0000000000000000 x23: ffff00023e73bad0 x22: 0000000000000000 x21: ffff0000094d9000 x20: 0000000000000000 x19: ffff8020a6bdb2c0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0140000000000000 x12: 0040000000000041 x11: ffff000240000000 x10: 0000000000001000 x9 : 0000000000000000 x8 : ffff802fb7558480 x7 : ffff802fb7558480 x6 : 000000000003483d x5 : ffff00023e73bad0 x4 : 0000000000000002 x3 : ffff00023e73bad8 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000094d9708 Call trace: hns_roce_mtr_find+0xa0/0x200 [hns_roce] set_mtpt_pbl+0x54/0x118 [hns_roce_hw_v2] hns_roce_v2_write_mtpt+0x14c/0x168 [hns_roce_hw_v2] hns_roce_mr_enable+0x6c/0x148 [hns_roce] hns_roce_reg_user_mr+0xd8/0x130 [hns_roce] ib_uverbs_reg_mr+0x14c/0x2e0 [ib_uverbs] ib_uverbs_write+0x27c/0x3e8 [ib_uverbs] __vfs_write+0x60/0x190 vfs_write+0xac/0x1c0 ksys_write+0x6c/0xd8 __arm64_sys_write+0x24/0x30 el0_svc_common+0x78/0x130 el0_svc_handler+0x38/0x78 el0_svc+0x8/0xc Solve above issue by adding a pointer of structure hns_roce_dev as a parameter of write_mtpt() and frmr_write_mtpt(), so that both of these functions can access it before finishing MR's registration. Fixes: 9b2cf76c9f05 ("RDMA/hns: Optimize PBL buffer allocation process") Link: https://lore.kernel.org/r/1592314629-51715-1-git-send-email-liweihang@huawei.com Signed-off-by: Yangyang Li Signed-off-by: Weihang Li Signed-off-by: Jason Gunthorpe commit 6a1515c962b17e2596ae7b9f074fc5685d6b435b Author: Tiezhu Yang Date: Thu Jun 18 10:06:01 2020 +0800 perf build: Fix error message when asking for -fsanitize=address without required libraries When build perf with ASan or UBSan, if libasan or libubsan can not find, the feature-glibc is 0 and there exists the following error log which is wrong, because we can find gnu/libc-version.h in /usr/include, glibc-devel is also installed. [yangtiezhu@linux perf]$ make DEBUG=1 EXTRA_CFLAGS='-fno-omit-frame-pointer -fsanitize=address' BUILD: Doing 'make -j4' parallel build HOSTCC fixdep.o HOSTLD fixdep-in.o LINK fixdep :1:0: warning: -fsanitize=address and -fsanitize=kernel-address are not supported for this target :1:0: warning: -fsanitize=address not supported for this target Auto-detecting system features: ... dwarf: [ OFF ] ... dwarf_getlocations: [ OFF ] ... glibc: [ OFF ] ... gtk2: [ OFF ] ... libaudit: [ OFF ] ... libbfd: [ OFF ] ... libcap: [ OFF ] ... libelf: [ OFF ] ... libnuma: [ OFF ] ... numa_num_possible_cpus: [ OFF ] ... libperl: [ OFF ] ... libpython: [ OFF ] ... libcrypto: [ OFF ] ... libunwind: [ OFF ] ... libdw-dwarf-unwind: [ OFF ] ... zlib: [ OFF ] ... lzma: [ OFF ] ... get_cpuid: [ OFF ] ... bpf: [ OFF ] ... libaio: [ OFF ] ... libzstd: [ OFF ] ... disassembler-four-args: [ OFF ] Makefile.config:393: *** No gnu/libc-version.h found, please install glibc-dev[el]. Stop. Makefile.perf:224: recipe for target 'sub-make' failed make[1]: *** [sub-make] Error 2 Makefile:69: recipe for target 'all' failed make: *** [all] Error 2 [yangtiezhu@linux perf]$ ls /usr/include/gnu/libc-version.h /usr/include/gnu/libc-version.h After install libasan and libubsan, the feature-glibc is 1 and the build process is success, so the cause is related with libasan or libubsan, we should check them and print an error log to reflect the reality. Committer testing: $ rm -rf /tmp/build/perf ; mkdir -p /tmp/build/perf $ make DEBUG=1 EXTRA_CFLAGS='-fno-omit-frame-pointer -fsanitize=address' O=/tmp/build/perf -C tools/perf/ install-bin make: Entering directory '/home/acme/git/perf/tools/perf' BUILD: Doing 'make -j12' parallel build HOSTCC /tmp/build/perf/fixdep.o HOSTLD /tmp/build/perf/fixdep-in.o LINK /tmp/build/perf/fixdep Auto-detecting system features: ... dwarf: [ OFF ] ... dwarf_getlocations: [ OFF ] ... glibc: [ OFF ] ... gtk2: [ OFF ] ... libbfd: [ OFF ] ... libcap: [ OFF ] ... libelf: [ OFF ] ... libnuma: [ OFF ] ... numa_num_possible_cpus: [ OFF ] ... libperl: [ OFF ] ... libpython: [ OFF ] ... libcrypto: [ OFF ] ... libunwind: [ OFF ] ... libdw-dwarf-unwind: [ OFF ] ... zlib: [ OFF ] ... lzma: [ OFF ] ... get_cpuid: [ OFF ] ... bpf: [ OFF ] ... libaio: [ OFF ] ... libzstd: [ OFF ] ... disassembler-four-args: [ OFF ] Makefile.config:401: *** No libasan found, please install libasan. Stop. make[1]: *** [Makefile.perf:231: sub-make] Error 2 make: *** [Makefile:70: all] Error 2 make: Leaving directory '/home/acme/git/perf/tools/perf' $ $ $ sudo dnf install libasan Installed: libasan-9.3.1-2.fc31.x86_64 $ $ $ make DEBUG=1 EXTRA_CFLAGS='-fno-omit-frame-pointer -fsanitize=address' O=/tmp/build/perf -C tools/perf/ install-bin make: Entering directory '/home/acme/git/perf/tools/perf' BUILD: Doing 'make -j12' parallel build Auto-detecting system features: ... dwarf: [ on ] ... dwarf_getlocations: [ on ] ... glibc: [ on ] ... gtk2: [ on ] ... libbfd: [ on ] ... libcap: [ on ] ... libelf: [ on ] ... libnuma: [ on ] ... numa_num_possible_cpus: [ on ] ... libperl: [ on ] ... libpython: [ on ] ... libcrypto: [ on ] ... libunwind: [ on ] ... libdw-dwarf-unwind: [ on ] ... zlib: [ on ] ... lzma: [ on ] ... get_cpuid: [ on ] ... bpf: [ on ] ... libaio: [ on ] ... libzstd: [ on ] ... disassembler-four-args: [ on ] CC /tmp/build/perf/util/pmu-flex.o FLEX /tmp/build/perf/util/expr-flex.c CC /tmp/build/perf/util/expr-bison.o CC /tmp/build/perf/util/expr.o CC /tmp/build/perf/util/expr-flex.o CC /tmp/build/perf/util/parse-events-flex.o CC /tmp/build/perf/util/parse-events.o LD /tmp/build/perf/util/intel-pt-decoder/perf-in.o LD /tmp/build/perf/util/perf-in.o LD /tmp/build/perf/perf-in.o LINK /tmp/build/perf/perf INSTALL python-scripts INSTALL perf_completion-script INSTALL perf-tip make: Leaving directory '/home/acme/git/perf/tools/perf' $ ldd ~/bin/perf | grep asan libasan.so.5 => /lib64/libasan.so.5 (0x00007f0904164000) $ And if we rebuild without -fsanitize-address: $ rm -rf /tmp/build/perf ; mkdir -p /tmp/build/perf $ make O=/tmp/build/perf -C tools/perf/ install-bin make: Entering directory '/home/acme/git/perf/tools/perf' BUILD: Doing 'make -j12' parallel build HOSTCC /tmp/build/perf/fixdep.o HOSTLD /tmp/build/perf/fixdep-in.o LINK /tmp/build/perf/fixdep Auto-detecting system features: ... dwarf: [ on ] ... dwarf_getlocations: [ on ] ... glibc: [ on ] ... gtk2: [ on ] ... libbfd: [ on ] ... libcap: [ on ] ... libelf: [ on ] ... libnuma: [ on ] ... numa_num_possible_cpus: [ on ] ... libperl: [ on ] ... libpython: [ on ] ... libcrypto: [ on ] ... libunwind: [ on ] ... libdw-dwarf-unwind: [ on ] ... zlib: [ on ] ... lzma: [ on ] ... get_cpuid: [ on ] ... bpf: [ on ] ... libaio: [ on ] ... libzstd: [ on ] ... disassembler-four-args: [ on ] GEN /tmp/build/perf/common-cmds.h CC /tmp/build/perf/exec-cmd.o INSTALL perf_completion-script INSTALL perf-tip make: Leaving directory '/home/acme/git/perf/tools/perf' $ ldd ~/bin/perf | grep asan $ Signed-off-by: Tiezhu Yang Acked-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Cc: tiezhu yang Cc: xuefeng li Link: http://lore.kernel.org/lkml/1592445961-28044-1-git-send-email-yangtiezhu@loongson.cn Signed-off-by: Arnaldo Carvalho de Melo commit 1b20d9491cf9cf180f1f2a46c80d69af0f775d55 Author: Steven Rostedt (VMware) Date: Tue Mar 24 16:08:48 2020 -0400 tools lib traceevent: Add handler for __builtin_expect() In order to move pointer checks like IS_ERR_VALUE() out of the hotpath and into the reader path of a trace event, user space tools need to be able to parse that. IS_ERR_VALUE() is defined as: #define IS_ERR_VALUE() unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO) Which eventually turns into: __builtin_expect(!!((unsigned long)(void *)(x) >= (unsigned long)-4095), 0) Now the traceevent parser can handle most of that except for the __builtin_expect(), which needs to be added. Link: https://lore.kernel.org/linux-mm/20200320055823.27089-3-jaewon31.kim@samsung.com/ Signed-off-by: Steven Rostedt (VMware) Cc: Andrew Morton Cc: Jaewon Kim Cc: Jiri Olsa Cc: Kees Kook Cc: Namhyung Kim Cc: Vlastimil Babka Cc: linux-mm@kvack.org Cc: linux-trace-devel@vger.kernel.org Link: http://lore.kernel.org/lkml/20200324200956.821799393@goodmis.org Signed-off-by: Arnaldo Carvalho de Melo commit 74621d929d944529a5e2878a84f48bfa6fb69a66 Author: Steven Rostedt (VMware) Date: Tue Mar 24 16:08:47 2020 -0400 tools lib traceevent: Handle __attribute__((user)) in field names Commit c61f13eaa1ee1 ("gcc-plugins: Add structleak for more stack initialization") added "__attribute__((user))" to the user when stackleak detector is enabled. This now appears in the field format of system call trace events for system calls that have user buffers. The "__attribute__((user))" breaks the parsing in libtraceevent. That needs to be handled. Signed-off-by: Steven Rostedt (VMware) Cc: Andrew Morton Cc: Jaewon Kim Cc: Jiri Olsa Cc: Kees Kook Cc: Namhyung Kim Cc: Vlastimil Babka Cc: linux-mm@kvack.org Cc: linux-trace-devel@vger.kernel.org Link: http://lore.kernel.org/lkml/20200324200956.663647256@goodmis.org Signed-off-by: Arnaldo Carvalho de Melo commit 27d4d336f2872193e90ee5450559e1699fae0f6d Author: Steven Rostedt (VMware) Date: Tue Mar 24 16:08:46 2020 -0400 tools lib traceevent: Add append() function helper for appending strings There's several locations that open code realloc and strcat() to append text to strings. Add an append() function that takes a delimiter and a string to append to another string. Signed-off-by: Steven Rostedt (VMware) Cc: Andrew Morton Cc: Jaewon Lim Cc: Jiri Olsa Cc: Kees Kook Cc: linux-mm@kvack.org Cc: linux-trace-devel@vger.kernel.org Cc: Namhyung Kim Cc: Vlastimil Babka Link: http://lore.kernel.org/lkml/20200324200956.515118403@goodmis.org Signed-off-by: Arnaldo Carvalho de Melo commit ab183d460daac6292cb0cfd989d88b37b2437844 Author: Leon Romanovsky Date: Tue Jun 16 13:45:36 2020 +0300 RDMA/mlx5: Add missed RST2INIT and INIT2INIT steps during ECE handshake Missed steps during ECE handshake left userspace application with less options for the ECE handshake. Pass ECE options in the additional transitions. Fixes: 50aec2c3135e ("RDMA/mlx5: Return ECE data after modify QP") Link: https://lore.kernel.org/r/20200616104536.2426384-1-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 730c8912484186d4623d0c76509066d285c3a755 Author: Mark Zhang Date: Tue Jun 16 13:43:04 2020 +0300 RDMA/cma: Protect bind_list and listen_list while finding matching cm id The bind_list and listen_list must be accessed under a lock, add the missing locking around the access in cm_ib_id_from_event() In addition add lockdep asserts to make it clearer what the locking semantic is here. general protection fault: 0000 [#1] SMP NOPTI CPU: 226 PID: 126135 Comm: kworker/226:1 Tainted: G OE 4.12.14-150.47-default #1 SLE15 Hardware name: Cray Inc. Windom/Windom, BIOS 0.8.7 01-10-2020 Workqueue: ib_cm cm_work_handler [ib_cm] task: ffff9c5a60a1d2c0 task.stack: ffffc1d91f554000 RIP: 0010:cma_ib_req_handler+0x3f1/0x11b0 [rdma_cm] RSP: 0018:ffffc1d91f557b40 EFLAGS: 00010286 RAX: deacffffffffff30 RBX: 0000000000000001 RCX: ffff9c2af5bb6000 RDX: 00000000000000a9 RSI: ffff9c5aa4ed2f10 RDI: ffffc1d91f557b08 RBP: ffffc1d91f557d90 R08: ffff9c340cc80000 R09: ffff9c2c0f901900 R10: 0000000000000000 R11: 0000000000000001 R12: deacffffffffff30 R13: ffff9c5a48aeec00 R14: ffffc1d91f557c30 R15: ffff9c5c2eea3688 FS: 0000000000000000(0000) GS:ffff9c5c2fa80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00002b5cc03fa320 CR3: 0000003f8500a000 CR4: 00000000003406e0 Call Trace: ? rdma_addr_cancel+0xa0/0xa0 [ib_core] ? cm_process_work+0x28/0x140 [ib_cm] cm_process_work+0x28/0x140 [ib_cm] ? cm_get_bth_pkey.isra.44+0x34/0xa0 [ib_cm] cm_work_handler+0xa06/0x1a6f [ib_cm] ? __switch_to_asm+0x34/0x70 ? __switch_to_asm+0x34/0x70 ? __switch_to_asm+0x40/0x70 ? __switch_to_asm+0x34/0x70 ? __switch_to_asm+0x40/0x70 ? __switch_to_asm+0x34/0x70 ? __switch_to_asm+0x40/0x70 ? __switch_to+0x7c/0x4b0 ? __switch_to_asm+0x40/0x70 ? __switch_to_asm+0x34/0x70 process_one_work+0x1da/0x400 worker_thread+0x2b/0x3f0 ? process_one_work+0x400/0x400 kthread+0x118/0x140 ? kthread_create_on_node+0x40/0x40 ret_from_fork+0x22/0x40 Code: 00 66 83 f8 02 0f 84 ca 05 00 00 49 8b 84 24 d0 01 00 00 48 85 c0 0f 84 68 07 00 00 48 2d d0 01 00 00 49 89 c4 0f 84 59 07 00 00 <41> 0f b7 44 24 20 49 8b 77 50 66 83 f8 0a 75 9e 49 8b 7c 24 28 Fixes: 4c21b5bcef73 ("IB/cma: Add net_dev and private data checks to RDMA CM") Link: https://lore.kernel.org/r/20200616104304.2426081-1-leon@kernel.org Signed-off-by: Mark Zhang Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 0dfbd5ecf28cbcb81674c49d34ee97366db1be44 Author: Michal Kalderon Date: Tue Jun 16 12:34:08 2020 +0300 RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 Private data passed to iwarp_cm_handler is copied for connection request / response, but ignored otherwise. If junk is passed, it is stored in the event and used later in the event processing. The driver passes an old junk pointer during connection close which leads to a use-after-free on event processing. Set private data to NULL for events that don 't have private data. BUG: KASAN: use-after-free in ucma_event_handler+0x532/0x560 [rdma_ucm] kernel: Read of size 4 at addr ffff8886caa71200 by task kworker/u128:1/5250 kernel: kernel: Workqueue: iw_cm_wq cm_work_handler [iw_cm] kernel: Call Trace: kernel: dump_stack+0x8c/0xc0 kernel: print_address_description.constprop.0+0x1b/0x210 kernel: ? ucma_event_handler+0x532/0x560 [rdma_ucm] kernel: ? ucma_event_handler+0x532/0x560 [rdma_ucm] kernel: __kasan_report.cold+0x1a/0x33 kernel: ? ucma_event_handler+0x532/0x560 [rdma_ucm] kernel: kasan_report+0xe/0x20 kernel: check_memory_region+0x130/0x1a0 kernel: memcpy+0x20/0x50 kernel: ucma_event_handler+0x532/0x560 [rdma_ucm] kernel: ? __rpc_execute+0x608/0x620 [sunrpc] kernel: cma_iw_handler+0x212/0x330 [rdma_cm] kernel: ? iw_conn_req_handler+0x6e0/0x6e0 [rdma_cm] kernel: ? enqueue_timer+0x86/0x140 kernel: ? _raw_write_lock_irq+0xd0/0xd0 kernel: cm_work_handler+0xd3d/0x1070 [iw_cm] Fixes: e411e0587e0d ("RDMA/qedr: Add iWARP connection management functions") Link: https://lore.kernel.org/r/20200616093408.17827-1-michal.kalderon@marvell.com Signed-off-by: Ariel Elior Signed-off-by: Michal Kalderon Signed-off-by: Jason Gunthorpe commit 0133654d8eb8607eacc96badfe49bf992155f4cb Author: Gal Pressman Date: Sun Jun 14 13:35:34 2020 +0300 RDMA/efa: Set maximum pkeys device attribute The max_pkeys device attribute was not set in query device verb, set it to one in order to account for the default pkey (0xffff). This information is exposed to userspace and can cause malfunction Fixes: 40909f664d27 ("RDMA/efa: Add EFA verbs implementation") Link: https://lore.kernel.org/r/20200614103534.88060-1-galpress@amazon.com Reviewed-by: Firas JahJah Reviewed-by: Yossi Leybovich Signed-off-by: Gal Pressman Signed-off-by: Jason Gunthorpe commit 90a239ee25fa3a483facec3de7c144361a3d3a51 Author: Aditya Pakki Date: Sat Jun 13 23:11:48 2020 -0500 RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq In case of failure of alloc_ud_wq_attr(), the memory allocated by rvt_alloc_rq() is not freed. Fix it by calling rvt_free_rq() using the existing clean-up code. Fixes: d310c4bf8aea ("IB/{rdmavt, hfi1, qib}: Remove AH refcount for UD QPs") Link: https://lore.kernel.org/r/20200614041148.131983-1-pakki001@umn.edu Signed-off-by: Aditya Pakki Acked-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit 1ea7c546b8b3f27bf7da673c265b09c8f79d11bc Author: Leon Romanovsky Date: Thu Jun 11 16:00:45 2020 +0300 RDMA/core: Annotate CMA unlock helper routine Fix the following sparse error by adding annotation to cm_queue_work_unlock() that it releases cm_id_priv->lock lock. drivers/infiniband/core/cm.c:936:24: warning: context imbalance in 'cm_queue_work_unlock' - unexpected unlock Fixes: e83f195aa45c ("RDMA/cm: Pull duplicated code into cm_queue_work_unlock()") Link: https://lore.kernel.org/r/20200611130045.1994026-1-leon@kernel.org Reported-by: kernel test robot Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 9f7041b71a2f5defc1629368e7dbe83a9c6ea388 Author: Ravulapati Vishnu vardhan rao Date: Thu Jun 18 12:56:52 2020 +0530 ASoC: amd: closing specific instance. The steps to reproduce: Record from the internal mic : (arecord -D hw:1,2 -f dat /dev/null -V stereos) Record from the headphone mic: (arecord -D hw:1,0 -f dat /dev/null -V stereos) Kill the recording from internal mic. We can see the recording from the headphone mic is broken. This patch rectifies the issue reported. Signed-off-by: Ravulapati Vishnu vardhan rao Link: https://lore.kernel.org/r/20200618072653.27103-1-Vishnuvardhanrao.Ravulapati@amd.com Signed-off-by: Mark Brown commit 24ebec25fb270100e252b19c288e21bd7d8cc7f7 Author: Will Deacon Date: Fri May 29 14:12:18 2020 +0100 arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints Unprivileged memory accesses generated by the so-called "translated" instructions (e.g. STTR) at EL1 can cause EL0 watchpoints to fire unexpectedly if kernel debugging is enabled. In such cases, the hw_breakpoint logic will invoke the user overflow handler which will typically raise a SIGTRAP back to the current task. This is futile when returning back to the kernel because (a) the signal won't have been delivered and (b) userspace can't handle the thing anyway. Avoid invoking the user overflow handler for watchpoints triggered by kernel uaccess routines, and instead single-step over the faulting instruction as we would if no overflow handler had been installed. (Fixes tag identifies the introduction of unprivileged memory accesses, which exposed this latent bug in the hw_breakpoint code) Cc: Catalin Marinas Cc: James Morse Fixes: 57f4959bad0a ("arm64: kernel: Add support for User Access Override") Reported-by: Luis Machado Signed-off-by: Will Deacon commit bf508ec95ca3b902f14bb311a7709e5cb57fbc49 Author: Gustavo A. R. Silva Date: Wed Jun 17 16:34:07 2020 -0500 arm64: kexec_file: Use struct_size() in kmalloc() Make use of the struct_size() helper instead of an open-coded version in order to avoid any potential type mistakes. This code was detected with the help of Coccinelle and, audited and fixed manually. Signed-off-by: Gustavo A. R. Silva Link: https://lore.kernel.org/r/20200617213407.GA1385@embeddedor Signed-off-by: Will Deacon commit a13b9d0b97211579ea63b96c606de79b963c0f47 Author: Kees Cook Date: Mon Jun 8 20:15:09 2020 -0700 x86/cpu: Use pinning mask for CR4 bits needing to be 0 The X86_CR4_FSGSBASE bit of CR4 should not change after boot[1]. Older kernels should enforce this bit to zero, and newer kernels need to enforce it depending on boot-time configuration (e.g. "nofsgsbase"). To support a pinned bit being either 1 or 0, use an explicit mask in combination with the expected pinned bit values. [1] https://lore.kernel.org/lkml/20200527103147.GI325280@hirez.programming.kicks-ass.net Signed-off-by: Kees Cook Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/202006082013.71E29A42@keescook commit 618e07865b7453d02410c1f3407c2d78a670eabb Author: Barry Song Date: Thu Jun 18 09:58:28 2020 +1200 arm64: mm: reserve hugetlb CMA after numa_init hugetlb_cma_reserve() is called at the wrong place. numa_init has not been done yet. so all reserved memory will be located at node0. Fixes: cf11e85fc08c ("mm: hugetlb: optionally allocate gigantic hugepages using cma") Signed-off-by: Barry Song Reviewed-by: Anshuman Khandual Acked-by: Roman Gushchin Cc: Matthias Brugger Cc: Will Deacon Link: https://lore.kernel.org/r/20200617215828.25296-1-song.bao.hua@hisilicon.com Signed-off-by: Will Deacon commit f097eb38f71391ff2cf078788bad5a00eb3bd96a Author: Kurt Kanzenbach Date: Tue Jun 9 10:17:26 2020 +0200 timekeeping: Fix kerneldoc system_device_crosststamp & al Make kernel doc comments actually work and fix the syncronized typo. [ tglx: Added the missing /** and fixed up formatting ] Signed-off-by: Kurt Kanzenbach Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200609081726.5657-1-kurt@linutronix.de commit 302c570bf36e997d55ad0d60628a2feec76954a4 Author: Li Jun Date: Thu Jun 4 19:21:18 2020 +0800 usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs John reported screaming irq caused by rt1711h when system boot[1], this is because irq request is done before tcpci_register_port(), so the chip->tcpci has not been setup, irq handler is entered but can't do anything, this patch is to address this by moving the irq request after tcpci_register_port(). [1] https://lore.kernel.org/linux-usb/20200530040157.31038-1-john.stultz@linaro.org Fixes: ce08eaeb6388 ("staging: typec: rt1711h typec chip driver") Cc: stable # v4.18+ Cc: John Stultz Reported-and-tested-by: John Stultz Reviewed-by: Guenter Roeck Reviewed-by: Heikki Krogerus Signed-off-by: Li Jun Link: https://lore.kernel.org/r/20200604112118.38062-1-jun.li@nxp.com Signed-off-by: Greg Kroah-Hartman commit 07c112fb09c86c0231f6ff0061a000ffe91c8eb9 Author: Chuhong Yuan Date: Wed Jun 10 10:48:44 2020 +0800 USB: ohci-sm501: Add missed iounmap() in remove This driver misses calling iounmap() in remove to undo the ioremap() called in probe. Add the missed call to fix it. Fixes: f54aab6ebcec ("usb: ohci-sm501 driver") Cc: stable Signed-off-by: Chuhong Yuan Acked-by: Alan Stern Link: https://lore.kernel.org/r/20200610024844.3628408-1-hslester96@gmail.com Signed-off-by: Greg Kroah-Hartman commit 03894573f2913181ee5aae0089f333b2131f2d4b Author: Joakim Tjernlund Date: Fri Jun 5 12:54:18 2020 +0200 cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip USB_DEVICE(0x0424, 0x274e) can send data before cdc_acm is ready, causing garbage chars on the TTY causing stray input to the shell and/or login prompt. Signed-off-by: Joakim Tjernlund Cc: stable@vger.kernel.org Acked-by: Oliver Neukum Link: https://lore.kernel.org/r/20200605105418.22263-1-joakim.tjernlund@infinera.com Signed-off-by: Greg Kroah-Hartman commit 1ddcb71a3edf0e1682b6e056158e4c4b00325f66 Author: Longfang Liu Date: Mon Jun 8 11:46:59 2020 +0800 USB: ehci: reopen solution for Synopsys HC bug A Synopsys USB2.0 core used in Huawei Kunpeng920 SoC has a bug which might cause the host controller not issuing ping. Bug description: After indicating an Interrupt on Async Advance, the software uses the doorbell mechanism to delete the Next Link queue head of the last executed queue head. At this time, the host controller still references the removed queue head(the queue head is NULL). NULL reference causes the host controller to lose the USB device. Solution: After deleting the Next Link queue head, when has_synopsys_hc_bug set to 1,the software can write one of the valid queue head addresses to the ASYNCLISTADDR register to allow the host controller to get the valid queue head. in order to solve that problem, this patch set the flag for Huawei Kunpeng920 There are detailed instructions and solutions in this patch: commit 2f7ac6c19997 ("USB: ehci: add workaround for Synopsys HC bug") Signed-off-by: Longfang Liu Cc: stable Acked-by: Alan Stern Link: https://lore.kernel.org/r/1591588019-44284-1-git-send-email-liulongfang@huawei.com Signed-off-by: Greg Kroah-Hartman commit 28ebeb8db77035e058a510ce9bd17c2b9a009dba Author: Zqiang Date: Fri Jun 12 11:52:10 2020 +0800 usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect BUG: memory leak unreferenced object 0xffff888055046e00 (size 256): comm "kworker/2:9", pid 2570, jiffies 4294942129 (age 1095.500s) hex dump (first 32 bytes): 00 70 04 55 80 88 ff ff 18 bb 5a 81 ff ff ff ff .p.U......Z..... f5 96 78 81 ff ff ff ff 37 de 8e 81 ff ff ff ff ..x.....7....... backtrace: [<00000000d121dccf>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<00000000d121dccf>] slab_post_alloc_hook mm/slab.h:586 [inline] [<00000000d121dccf>] slab_alloc_node mm/slub.c:2786 [inline] [<00000000d121dccf>] slab_alloc mm/slub.c:2794 [inline] [<00000000d121dccf>] kmem_cache_alloc_trace+0x15e/0x2d0 mm/slub.c:2811 [<000000005c3c3381>] kmalloc include/linux/slab.h:555 [inline] [<000000005c3c3381>] usbtest_probe+0x286/0x19d0 drivers/usb/misc/usbtest.c:2790 [<000000001cec6910>] usb_probe_interface+0x2bd/0x870 drivers/usb/core/driver.c:361 [<000000007806c118>] really_probe+0x48d/0x8f0 drivers/base/dd.c:551 [<00000000a3308c3e>] driver_probe_device+0xfc/0x2a0 drivers/base/dd.c:724 [<000000003ef66004>] __device_attach_driver+0x1b6/0x240 drivers/base/dd.c:831 [<00000000eee53e97>] bus_for_each_drv+0x14e/0x1e0 drivers/base/bus.c:431 [<00000000bb0648d0>] __device_attach+0x1f9/0x350 drivers/base/dd.c:897 [<00000000838b324a>] device_initial_probe+0x1a/0x20 drivers/base/dd.c:944 [<0000000030d501c1>] bus_probe_device+0x1e1/0x280 drivers/base/bus.c:491 [<000000005bd7adef>] device_add+0x131d/0x1c40 drivers/base/core.c:2504 [<00000000a0937814>] usb_set_configuration+0xe84/0x1ab0 drivers/usb/core/message.c:2030 [<00000000e3934741>] generic_probe+0x6a/0xe0 drivers/usb/core/generic.c:210 [<0000000098ade0f1>] usb_probe_device+0x90/0xd0 drivers/usb/core/driver.c:266 [<000000007806c118>] really_probe+0x48d/0x8f0 drivers/base/dd.c:551 [<00000000a3308c3e>] driver_probe_device+0xfc/0x2a0 drivers/base/dd.c:724 Acked-by: Alan Stern Reported-by: Kyungtae Kim Signed-off-by: Zqiang Link: https://lore.kernel.org/r/20200612035210.20494-1-qiang.zhang@windriver.com Signed-off-by: Greg Kroah-Hartman commit 207324a321a866401b098cadf19e4a2dd6584622 Author: Minas Harutyunyan Date: Tue Jun 9 12:28:11 2020 +0400 usb: dwc2: Postponed gadget registration to the udc class driver During dwc2 driver probe, after gadget registration to the udc class driver, if exist any builtin function driver it immediately bound to dwc2 and after init host side (dwc2_hcd_init()) stucked in host mode. Patch postpone gadget registration after host side initialization done. Fixes: 117777b2c3bb9 ("usb: dwc2: Move gadget probe function into platform code") Reported-by: kbuild test robot Tested-by: Marek Vasut Cc: stable Signed-off-by: Minas Harutyunyan Link: https://lore.kernel.org/r/f21cb38fecc72a230b86155d94c7e60c9cb66f58.1591690938.git.hminas@synopsys.com Signed-off-by: Greg Kroah-Hartman commit 5d8021923e8a8cc37a421a64e27c7221f0fee33c Author: Tomasz Meresiński Date: Wed Jun 3 22:33:46 2020 +0200 usb: add USB_QUIRK_DELAY_INIT for Logitech C922 The Logitech C922, just like other Logitech webcams, needs the USB_QUIRK_DELAY_INIT or it will randomly not respond after device connection Signed-off-by: Tomasz Meresiński Cc: stable Link: https://lore.kernel.org/r/20200603203347.7792-1-tomasz@meresinski.eu Signed-off-by: Greg Kroah-Hartman commit 44ed240d62736ad29943ec01e41e194b96f7c5e9 Author: Tang Bin Date: Tue Jun 2 19:47:08 2020 +0800 usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() If the function platform_get_irq() failed, the negative value returned will not be detected here. So fix error handling in exynos_ehci_probe(). And when get irq failed, the function platform_get_irq() logs an error message, so remove redundant message here. Fixes: 1bcc5aa87f04 ("USB: Add initial S5P EHCI driver") Cc: stable Signed-off-by: Zhang Shengju Signed-off-by: Tang Bin Link: https://lore.kernel.org/r/20200602114708.28620-1-tangbin@cmss.chinamobile.com Signed-off-by: Greg Kroah-Hartman commit 130206a88683d859f63ed6d4a56ab5c2b4930c8e Author: Heikki Krogerus Date: Fri May 29 16:17:53 2020 +0300 usb: typec: mux: intel_pmc_mux: Fix DP alternate mode entry The PMC needs to be notified separately about HPD (hotplug detected) signal being high after mode entry. There is a bit "HPD High" in the Alternate Mode Request that the driver already sets, but that bit is only valid when the DisplayPort Alternate Mode is directly entered from disconnected state. Fixes: 5c4edcdbcd97 ("usb: typec: mux: intel: Fix DP_HPD_LVL bit field") Signed-off-by: Heikki Krogerus Cc: stable Tested-by: Prashant Malani Link: https://lore.kernel.org/r/20200529131753.15587-1-heikki.krogerus@linux.intel.com Signed-off-by: Greg Kroah-Hartman commit 3d19946b509c494672b46143b20d6dd8a02f5bb6 Author: Fabio Estevam Date: Fri May 29 07:42:34 2020 -0300 Documentation: ABI: usb: chipidea: Update Li Jun's e-mail The freescale.com e-mail domain is no longer active for quite some time. Switch Li Jun's e-mail address to the NXP domain. Signed-off-by: Fabio Estevam Link: https://lore.kernel.org/r/20200529104234.25136-1-festevam@gmail.com Signed-off-by: Greg Kroah-Hartman commit d50313a5a0d803bcf55121a2b82086633060d05e Author: Pierre-Louis Bossart Date: Wed Jun 17 11:49:09 2020 -0500 ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL Mirror PCI ids used for SOF. Signed-off-by: Pierre-Louis Bossart Reviewed-by: Guennadi Liakhovetski Reviewed-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200617164909.18225-1-pierre-louis.bossart@linux.intel.com Signed-off-by: Takashi Iwai commit 774911290c589e98e3638e73b24b0a4d4530e97c Author: Christian Borntraeger Date: Wed Jun 17 10:36:20 2020 +0200 KVM: s390: reduce number of IO pins to 1 The current number of KVM_IRQCHIP_NUM_PINS results in an order 3 allocation (32kb) for each guest start/restart. This can result in OOM killer activity even with free swap when the memory is fragmented enough: kernel: qemu-system-s39 invoked oom-killer: gfp_mask=0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_COMP|__GFP_ZERO), order=3, oom_score_adj=0 kernel: CPU: 1 PID: 357274 Comm: qemu-system-s39 Kdump: loaded Not tainted 5.4.0-29-generic #33-Ubuntu kernel: Hardware name: IBM 8562 T02 Z06 (LPAR) kernel: Call Trace: kernel: ([<00000001f848fe2a>] show_stack+0x7a/0xc0) kernel: [<00000001f8d3437a>] dump_stack+0x8a/0xc0 kernel: [<00000001f8687032>] dump_header+0x62/0x258 kernel: [<00000001f8686122>] oom_kill_process+0x172/0x180 kernel: [<00000001f8686abe>] out_of_memory+0xee/0x580 kernel: [<00000001f86e66b8>] __alloc_pages_slowpath+0xd18/0xe90 kernel: [<00000001f86e6ad4>] __alloc_pages_nodemask+0x2a4/0x320 kernel: [<00000001f86b1ab4>] kmalloc_order+0x34/0xb0 kernel: [<00000001f86b1b62>] kmalloc_order_trace+0x32/0xe0 kernel: [<00000001f84bb806>] kvm_set_irq_routing+0xa6/0x2e0 kernel: [<00000001f84c99a4>] kvm_arch_vm_ioctl+0x544/0x9e0 kernel: [<00000001f84b8936>] kvm_vm_ioctl+0x396/0x760 kernel: [<00000001f875df66>] do_vfs_ioctl+0x376/0x690 kernel: [<00000001f875e304>] ksys_ioctl+0x84/0xb0 kernel: [<00000001f875e39a>] __s390x_sys_ioctl+0x2a/0x40 kernel: [<00000001f8d55424>] system_call+0xd8/0x2c8 As far as I can tell s390x does not use the iopins as we bail our for anything other than KVM_IRQ_ROUTING_S390_ADAPTER and the chip/pin is only used for KVM_IRQ_ROUTING_IRQCHIP. So let us use a small number to reduce the memory footprint. Signed-off-by: Christian Borntraeger Reviewed-by: Cornelia Huck Reviewed-by: David Hildenbrand Link: https://lore.kernel.org/r/20200617083620.5409-1-borntraeger@de.ibm.com commit cfb12c8952f617df58d73d24161e539a035d82b0 Author: Robin Gong Date: Fri May 22 18:44:51 2020 +0800 arm64: dts: imx8mn-ddr4-evk: correct ldo1/ldo2 voltage range Correct ldo1 voltage range from wrong high group(3.0V~3.3V) to low group (1.6V~1.9V) because the ldo1 should be 1.8V. Actually, two voltage groups have been supported at bd718x7-regulator driver, hence, just corrrect the voltage range to 1.6V~3.3V. For ldo2@0.8V, correct voltage range too. Otherwise, ldo1 would be kept @3.0V and ldo2@0.9V which violate i.mx8mn datasheet as the below warning log in kernel: [ 0.995524] LDO1: Bringing 1800000uV into 3000000-3000000uV [ 0.999196] LDO2: Bringing 800000uV into 900000-900000uV Fixes: 3e44dd09736d ("arm64: dts: imx8mn-ddr4-evk: Add rohm,bd71847 PMIC support") Cc: stable@vger.kernel.org Signed-off-by: Robin Gong Reviewed-by: Dong Aisheng Reviewed-by: Fabio Estevam Signed-off-by: Shawn Guo commit 4fd6b5735c03c0955d93960d31f17d7144f5578f Author: Robin Gong Date: Fri May 22 18:44:50 2020 +0800 arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range Correct ldo1 voltage range from wrong high group(3.0V~3.3V) to low group (1.6V~1.9V) because the ldo1 should be 1.8V. Actually, two voltage groups have been supported at bd718x7-regulator driver, hence, just corrrect the voltage range to 1.6V~3.3V. For ldo2@0.8V, correct voltage range too. Otherwise, ldo1 would be kept @3.0V and ldo2@0.9V which violate i.mx8mm datasheet as the below warning log in kernel: [ 0.995524] LDO1: Bringing 1800000uV into 3000000-3000000uV [ 0.999196] LDO2: Bringing 800000uV into 900000-900000uV Fixes: 78cc25fa265d ("arm64: dts: imx8mm-evk: Add BD71847 PMIC") Cc: stable@vger.kernel.org Signed-off-by: Robin Gong Reviewed-by: Dong Aisheng Reviewed-by: Fabio Estevam Signed-off-by: Shawn Guo commit e04ec0de61c1eb9693179093e83ab8ca68a30d08 Author: Daniel Jordan Date: Mon Jun 8 17:26:52 2020 -0400 padata: upgrade smp_mb__after_atomic to smp_mb in padata_do_serial A 5.7 kernel hangs during a tcrypt test of padata that waits for an AEAD request to finish. This is only seen on large machines running many concurrent requests. The issue is that padata never serializes the request. The removal of the reorder_objects atomic missed that the memory barrier in padata_do_serial() depends on it. Upgrade the barrier from smp_mb__after_atomic to smp_mb to get correct ordering again. Fixes: 3facced7aeed1 ("padata: remove reorder_objects") Signed-off-by: Daniel Jordan Cc: Steffen Klassert Cc: linux-kernel@vger.kernel.org Cc: Signed-off-by: Herbert Xu commit 34c86f4c4a7be3b3e35aa48bd18299d4c756064d Author: Herbert Xu Date: Mon Jun 8 16:48:43 2020 +1000 crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock() The locking in af_alg_release_parent is broken as the BH socket lock can only be taken if there is a code-path to handle the case where the lock is owned by process-context. Instead of adding such handling, we can fix this by changing the ref counts to atomic_t. This patch also modifies the main refcnt to include both normal and nokey sockets. This way we don't have to fudge the nokey ref count when a socket changes from nokey to normal. Credits go to Mauricio Faria de Oliveira who diagnosed this bug and sent a patch for it: https://lore.kernel.org/linux-crypto/20200605161657.535043-1-mfo@canonical.com/ Reported-by: Brian Moyles Reported-by: Mauricio Faria de Oliveira Fixes: 37f96694cf73 ("crypto: af_alg - Use bh_lock_sock in...") Cc: Signed-off-by: Herbert Xu commit fe35ec58f0d339221643287bbb7cee15c93a5389 Author: Weiping Zhang Date: Wed Jun 17 14:18:37 2020 +0800 block: update hctx map when use multiple maps There is an issue when tune the number for read and write queues, if the total queue count was not changed. The hctx->type cannot be updated, since __blk_mq_update_nr_hw_queues will return directly if the total queue count has not been changed. Reproduce: dmesg | grep "default/read/poll" [ 2.607459] nvme nvme0: 48/0/0 default/read/poll queues cat /sys/kernel/debug/block/nvme0n1/hctx*/type | sort | uniq -c 48 default tune the write queues to 24: echo 24 > /sys/module/nvme/parameters/write_queues echo 1 > /sys/block/nvme0n1/device/reset_controller dmesg | grep "default/read/poll" [ 433.547235] nvme nvme0: 24/24/0 default/read/poll queues cat /sys/kernel/debug/block/nvme0n1/hctx*/type | sort | uniq -c 48 default The driver's hardware queue mapping is not same as block layer. Signed-off-by: Weiping Zhang Reviewed-by: Ming Lei Signed-off-by: Jens Axboe commit 078e8f8ce8ad96fdcb5ca4dc8714d266a77eefc3 Author: Eric Anholt Date: Wed Jun 17 13:53:10 2020 -0700 drm/msm: Fix setup of a6xx create_address_space. We don't want it under CONFIG_DRM_MSM_GPU_STATE, we need it all the time (like the other GPUs do). Fixes: ccac7ce373c1 ("drm/msm: Refactor address space initialization") Signed-off-by: Eric Anholt Signed-off-by: Rob Clark commit f167989c673096c8d823b1292c6ee51ed266d178 Author: Eric Anholt Date: Wed Jun 17 13:53:09 2020 -0700 drm/msm: Fix address space size after refactor. Previously the address space went from 16M to ~0u, but with the refactor one of the 'f's was dropped, limiting us to 256MB. Additionally, the new interface takes a start and size, not start and end, so we can't just copy and paste. Fixes regressions in dEQP-VK.memory.allocation.random.* Fixes: ccac7ce373c1 ("drm/msm: Refactor address space initialization") Signed-off-by: Eric Anholt Signed-off-by: Rob Clark commit ef7232da6bcd4294cbb2d424bc35885721570f01 Author: Shannon Nelson Date: Tue Jun 16 08:06:26 2020 -0700 ionic: export features for vlans to use Set up vlan_features for use by any vlans above us. Fixes: beead698b173 ("ionic: Add the basic NDO callbacks for netdev support") Signed-off-by: Shannon Nelson Acked-by: Jonathan Toppins Signed-off-by: David S. Miller commit 3103b6feb4454646558eedc50ece728bc469f341 Author: Shannon Nelson Date: Mon Jun 15 18:14:59 2020 -0700 ionic: no link check while resetting queues If the driver is busy resetting queues after a change in MTU or queue parameters, don't bother checking the link, wait until the next watchdog cycle. Fixes: 987c0871e8ae ("ionic: check for linkup in watchdog") Signed-off-by: Shannon Nelson Acked-by: Jonathan Toppins Signed-off-by: David S. Miller commit e92bc059e7fa5f443e958900229bc7fa1d38fecb Merge: b3a9e3b9622a da785a87787c Author: Florian Fainelli Date: Wed Jun 17 15:02:13 2020 -0700 Merge tag 'tags/bcm2835-drivers-fixes-2020-0-17' into drivers/fixes Fixes Raspberry Pi firmware version output Signed-off-by: Florian Fainelli commit 02c28dffb13abbaaedece1e4a6493b48ad3f913a Author: David Howells Date: Wed Jun 17 15:46:33 2020 +0100 rxrpc: Fix afs large storage transmission performance drop Commit 2ad6691d988c, which moved the modification of the status annotation for a packet in the Tx buffer prior to the retransmission moved the state clearance, but managed to lose the bit that set it to UNACK. Consequently, if a retransmission occurs, the packet is accidentally changed to the ACK state (ie. 0) by masking it off, which means that the packet isn't counted towards the tally of newly-ACK'd packets if it gets hard-ACK'd. This then prevents the congestion control algorithm from recovering properly. Fix by reinstating the change of state to UNACK. Spotted by the generic/460 xfstest. Fixes: 2ad6691d988c ("rxrpc: Fix race between incoming ACK parser and retransmitter") Signed-off-by: David Howells commit a2ad7c21ad8cf1ce4ad65e13df1c2a1c29b38ac5 Author: David Howells Date: Wed Jun 17 23:01:23 2020 +0100 rxrpc: Fix handling of rwind from an ACK packet The handling of the receive window size (rwind) from a received ACK packet is not correct. The rxrpc_input_ackinfo() function currently checks the current Tx window size against the rwind from the ACK to see if it has changed, but then limits the rwind size before storing it in the tx_winsize member and, if it increased, wake up the transmitting process. This means that if rwind > RXRPC_RXTX_BUFF_SIZE - 1, this path will always be followed. Fix this by limiting rwind before we compare it to tx_winsize. The effect of this can be seen by enabling the rxrpc_rx_rwind_change tracepoint. Fixes: 702f2ac87a9a ("rxrpc: Wake up the transmitter if Rx window size increases on the peer") Signed-off-by: David Howells commit e869e7a17798d85829fa7d4f9bbe1eebd4b2d3f6 Author: Jeremy Kerr Date: Mon Jun 15 10:54:56 2020 +0800 net: usb: ax88179_178a: fix packet alignment padding Using a AX88179 device (0b95:1790), I see two bytes of appended data on every RX packet. For example, this 48-byte ping, using 0xff as a payload byte: 04:20:22.528472 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 2447, seq 1, length 64 0x0000: 000a cd35 ea50 000a cd35 ea4f 0800 4500 0x0010: 0054 c116 4000 4001 f63e c0a8 0101 c0a8 0x0020: 0102 0800 b633 098f 0001 87ea cd5e 0000 0x0030: 0000 dcf2 0600 0000 0000 ffff ffff ffff 0x0040: ffff ffff ffff ffff ffff ffff ffff ffff 0x0050: ffff ffff ffff ffff ffff ffff ffff ffff 0x0060: ffff 961f Those last two bytes - 96 1f - aren't part of the original packet. In the ax88179 RX path, the usbnet rx_fixup function trims a 2-byte 'alignment pseudo header' from the start of the packet, and sets the length from a per-packet field populated by hardware. It looks like that length field *includes* the 2-byte header; the current driver assumes that it's excluded. This change trims the 2-byte alignment header after we've set the packet length, so the resulting packet length is correct. While we're moving the comment around, this also fixes the spelling of 'pseudo'. Signed-off-by: Jeremy Kerr Signed-off-by: David S. Miller commit aadf9dcef9d4cd68c73a4ab934f93319c4becc47 Author: David Howells Date: Wed Jun 17 22:50:33 2020 +0100 rxrpc: Fix trace string The trace symbol printer (__print_symbolic()) ignores symbols that map to an empty string and prints the hex value instead. Fix the symbol for rxrpc_cong_no_change to " -" instead of "" to avoid this. Fixes: b54a134a7de4 ("rxrpc: Fix handling of enums-to-string translation in tracing") Signed-off-by: David Howells commit da9cebe16930f0273278fe893f2809450c61ae41 Author: Alex Deucher Date: Mon Jun 15 16:36:49 2020 -0400 drm/amdgpu: fix documentation around busy_percentage Add rename the gpu busy percentage for consistency and add the mem busy percentage documentation. Reviewed-by: Evan Quan Reviewed-by: Nirmoy Das Signed-off-by: Alex Deucher commit 7386f5c9c8080525985780ed8c3d1475258a4e34 Author: Alex Deucher Date: Mon Jun 15 14:29:55 2020 -0400 drm/amdgpu/pm: update comment to clarify Overdrive interfaces Vega10 and previous asics use one interface, vega20 and newer use another. Reviewed-by: Evan Quan Acked-by: Nirmoy Das Signed-off-by: Alex Deucher commit 99c7b309472787026ce52fd2bc5d00630567a872 Author: Lorenz Brun Date: Thu Jun 11 22:11:21 2020 +0200 drm/amdkfd: Use correct major in devcgroup check The existing code used the major version number of the DRM driver instead of the device major number of the DRM subsystem for validating access for a devices cgroup. This meant that accesses allowed by the devices cgroup weren't permitted and certain accesses denied by the devices cgroup were permitted (if they matched the wrong major device number). Signed-off-by: Lorenz Brun Fixes: 6b855f7b83d2f ("drm/amdkfd: Check against device cgroup") Reviewed-off-by: Felix Kuehling Signed-off-by: Felix Kuehling Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 8231b0b9c322c894594fb42eb0eb9f93544a6acc Author: Tom Rix Date: Wed Jun 17 05:40:28 2020 -0700 selinux: fix undefined return of cond_evaluate_expr clang static analysis reports an undefined return security/selinux/ss/conditional.c:79:2: warning: Undefined or garbage value returned to caller [core.uninitialized.UndefReturn] return s[0]; ^~~~~~~~~~~ static int cond_evaluate_expr( ... { u32 i; int s[COND_EXPR_MAXDEPTH]; for (i = 0; i < expr->len; i++) ... return s[0]; When expr->len is 0, the loop which sets s[0] never runs. So return -1 if the loop never runs. Cc: stable@vger.kernel.org Signed-off-by: Tom Rix Acked-by: Stephen Smalley Signed-off-by: Paul Moore commit 5c5866c593bbd444d0339ede6a8fb5f14ff66d72 Author: Alex Williamson Date: Tue Jun 16 15:26:36 2020 -0600 vfio/pci: Clear error and request eventfd ctx after releasing The next use of the device will generate an underflow from the stale reference. Cc: Qian Cai Fixes: 1518ac272e78 ("vfio/pci: fix memory leaks of eventfd ctx") Reported-by: Daniel Wagner Reviewed-by: Cornelia Huck Tested-by: Daniel Wagner Signed-off-by: Alex Williamson commit 026bb845b0fff6dec91fe24511dad7d3067dc3ed Author: Kaitao Cheng Date: Fri May 29 22:12:14 2020 +0800 ftrace: Fix maybe-uninitialized compiler warning During build compiler reports some 'false positive' warnings about variables {'seq_ops', 'filtered_pids', 'other_pids'} may be used uninitialized. This patch silences these warnings. Also delete some useless spaces Link: https://lkml.kernel.org/r/20200529141214.37648-1-pilgrimtao@gmail.com Signed-off-by: Kaitao Cheng Signed-off-by: Steven Rostedt (VMware) commit 543094e19c82b5d171e139d09a1a3ea0a7361117 Author: Vishal Verma Date: Wed May 20 16:50:26 2020 -0600 nvdimm/region: always show the 'align' attribute It is possible that a platform that is capable of 'namespace labels' comes up without the labels properly initialized. In this case, the region's 'align' attribute is hidden. Howerver, once the user does initialize he labels, the 'align' attribute still stays hidden, which is unexpected. The sysfs_update_group() API is meant to address this, and could be called during region probe, but it has entanglements with the device 'lockdep_mutex'. Therefore, simply make the 'align' attribute always visible. It doesn't matter what it says for label-less namespaces, since it is not possible to change their allocation anyway. Suggested-by: Dan Williams Signed-off-by: Vishal Verma Cc: Dan Williams Link: https://lore.kernel.org/r/20200520225026.29426-1-vishal.l.verma@intel.com Signed-off-by: Dan Williams commit 56952e91acc93ed624fe9da840900defb75f1323 Author: Jens Axboe Date: Wed Jun 17 15:00:04 2020 -0600 io_uring: reap poll completions while waiting for refs to drop on exit If we're doing polled IO and end up having requests being submitted async, then completions can come in while we're waiting for refs to drop. We need to reap these manually, as nobody else will be looking for them. Break the wait into 1/20th of a second time waits, and check for done poll completions if we time out. Otherwise we can have done poll completions sitting in ctx->poll_list, which needs us to reap them but we're just waiting for them. Cc: stable@vger.kernel.org Signed-off-by: Jens Axboe commit b3583fca5fb654af2cfc1c08259abb9728272538 Author: Dmitry V. Levin Date: Tue Jun 2 21:00:51 2020 +0300 s390: fix syscall_get_error for compat processes If both the tracer and the tracee are compat processes, and gprs[2] is assigned a value by __poke_user_compat, then the higher 32 bits of gprs[2] are cleared, IS_ERR_VALUE() always returns false, and syscall_get_error() always returns 0. Fix the implementation by sign-extending the value for compat processes the same way as x86 implementation does. The bug was exposed to user space by commit 201766a20e30f ("ptrace: add PTRACE_GET_SYSCALL_INFO request") and detected by strace test suite. This change fixes strace syscall tampering on s390. Link: https://lkml.kernel.org/r/20200602180051.GA2427@altlinux.org Fixes: 753c4dd6a2fa2 ("[S390] ptrace changes") Cc: Elvira Khabirova Cc: stable@vger.kernel.org # v2.6.28+ Signed-off-by: Dmitry V. Levin Signed-off-by: Heiko Carstens Signed-off-by: Vasily Gorbik commit c920c545286270302d29fd63c05c3bd84828daee Author: Julian Wiedmann Date: Tue Jun 2 14:26:36 2020 +0200 s390/qdio: warn about unexpected SLSB states The way we produce SBALs to the device (first update q->nr_buf_used, then update the SLSB) should ensure that we never see some of the SLSB states when scanning the queue for progress. So make some noise if we do, this implies a bug in our SBAL tracking. Also tweak the WARN msg to provide more information. Signed-off-by: Julian Wiedmann Signed-off-by: Vasily Gorbik commit 3d6c6f20d961209972a075ddc50b9a7207e9796e Author: Julian Wiedmann Date: Tue Jun 2 14:23:32 2020 +0200 s390/qdio: clean up usage of qdio_data This removes the last remaining accesses to ->qdio_data from internal code. Just pass the qdio_irq struct where needed instead. Signed-off-by: Julian Wiedmann Signed-off-by: Vasily Gorbik commit ac4e106d8934a5894811fc263f4b03fc8ed0fb7a Author: Matthew Hagan Date: Sun Jun 14 15:19:00 2020 -0700 ARM: dts: NSP: Correct FA2 mailbox node The FA2 mailbox is specified at 0x18025000 but should actually be 0x18025c00, length 0x400 according to socregs_nsp.h and board_bu.c. Also the interrupt was off by one and should be GIC SPI 151 instead of 150. Fixes: 17d517172300 ("ARM: dts: NSP: Add mailbox (PDC) to NSP") Signed-off-by: Matthew Hagan Signed-off-by: Florian Fainelli commit b9d37bbb55b8993d296a86fa21f98fa550b61967 Merge: 69119673bd50 8030e250d882 Author: David S. Miller Date: Wed Jun 17 13:26:55 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Alexei Starovoitov says: ==================== pull-request: bpf 2020-06-17 The following pull-request contains BPF updates for your *net* tree. We've added 10 non-merge commits during the last 2 day(s) which contain a total of 14 files changed, 158 insertions(+), 59 deletions(-). The main changes are: 1) Important fix for bpf_probe_read_kernel_str() return value, from Andrii. 2) [gs]etsockopt fix for large optlen, from Stanislav. 3) devmap allocation fix, from Toke. ==================== Signed-off-by: David S. Miller commit dcb231e86a237a21305fb838e8140898fb140bcf Merge: a94eaccefea1 c8d2e2bfaeff Author: Mark Brown Date: Wed Jun 17 20:28:31 2020 +0100 Merge series "ASoC: SOF: Intel: update PCI IDs" from Pierre-Louis Bossart : Clean-up CometLake and add missing PCI IDs. Changes for the legacy driver are sent separately. Pierre-Louis Bossart (3): ASoC: Intel: SOF: merge COMETLAKE_LP and COMETLAKE_H ASoC: SOF: Intel: add PCI ID for CometLake-S ASoC: SOF: Intel: add PCI IDs for ICL-H and TGL-H sound/hda/intel-dsp-config.c | 4 +--- sound/soc/intel/boards/Kconfig | 4 ++-- sound/soc/sof/intel/Kconfig | 29 ++++++++--------------------- sound/soc/sof/sof-pci-dev.c | 24 ++++++++++++++---------- 4 files changed, 25 insertions(+), 36 deletions(-) -- 2.20.1 commit a94eaccefea1186947c5c5451fcae2245dd7e714 Author: Pierre-Louis Bossart Date: Wed Jun 17 11:41:44 2020 -0500 ASoC: hdac_hda: fix memleak with regmap not freed on remove kmemleak throws error reports on module load/unload tests, add snd_hdac_regmap_exit() in .remove(). While we are at it, also fix the error handling flow in .probe() to use snd_hdac_regmap_exit() if needed. Signed-off-by: Pierre-Louis Bossart Reviewed-by: Daniel Baluta Reviewed-by: Kai Vehmanen Reviewed-by: Rander Wang Reviewed-by: Guennadi Liakhovetski Reviewed-by: Bard Liao Link: https://lore.kernel.org/r/20200617164144.17859-1-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit c8d2e2bfaeffa0f914330e8b4e45b986c8d30b58 Author: Pierre-Louis Bossart Date: Wed Jun 17 11:47:55 2020 -0500 ASoC: SOF: Intel: add PCI IDs for ICL-H and TGL-H Usually the DSP is not traditionally enabled on H skews but this might be used moving forward. Signed-off-by: Pierre-Louis Bossart Reviewed-by: Guennadi Liakhovetski Reviewed-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200617164755.18104-4-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 258fb4f4c34a0db9d3834aba6784d7b322176bb9 Author: Pierre-Louis Bossart Date: Wed Jun 17 11:47:54 2020 -0500 ASoC: SOF: Intel: add PCI ID for CometLake-S Mirror ID added for legacy HDaudio Signed-off-by: Pierre-Louis Bossart Reviewed-by: Guennadi Liakhovetski Reviewed-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200617164755.18104-3-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 4228668eb936357657046b486207b167caea5175 Author: Pierre-Louis Bossart Date: Wed Jun 17 11:47:53 2020 -0500 ASoC: Intel: SOF: merge COMETLAKE_LP and COMETLAKE_H We already have two configurations for CometLake, and a third one coming. On other platforms, we used a single Kconfig option, so we should follow the same trend by merging the two cases in a backwards compatible way. The backwards compatibility is handled by overloading the COMETLAKE_LP kconfig as COMETLAKE. In practice we've never seen a case where COMETLAKE_H is not selected along with COMETLAKE_LP, so keeping one of the two is enough. Signed-off-by: Pierre-Louis Bossart Reviewed-by: Guennadi Liakhovetski Reviewed-by: Kai Vehmanen Link: https://lore.kernel.org/r/20200617164755.18104-2-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 9d8426a09195e2dcf2aa249de2aaadd792d491c7 Author: Jens Axboe Date: Tue Jun 16 18:42:49 2020 -0600 io_uring: acquire 'mm' for task_work for SQPOLL If we're unlucky with timing, we could be running task_work after having dropped the memory context in the sq thread. Since dropping the context requires a runnable task state, we cannot reliably drop it as part of our check-for-work loop in io_sq_thread(). Instead, abstract out the mm acquire for the sq thread into a helper, and call it from the async task work handler. Cc: stable@vger.kernel.org # v5.7 Signed-off-by: Jens Axboe commit bbde017a32b32d2fa8d5fddca25fade20132abf8 Author: Xiaoguang Wang Date: Tue Jun 16 02:06:38 2020 +0800 io_uring: add memory barrier to synchronize io_kiocb's result and iopoll_completed In io_complete_rw_iopoll(), stores to io_kiocb's result and iopoll completed are two independent store operations, to ensure that once iopoll_completed is ture and then req->result must been perceived by the cpu executing io_do_iopoll(), proper memory barrier should be used. And in io_do_iopoll(), we check whether req->result is EAGAIN, if it is, we'll need to issue this io request using io-wq again. In order to just issue a single smp_rmb() on the completion side, move the re-submit work to io_iopoll_complete(). Cc: stable@vger.kernel.org Signed-off-by: Xiaoguang Wang [axboe: don't set ->iopoll_completed for -EAGAIN retry] Signed-off-by: Jens Axboe commit 2d7d67920e5c8e0854df23ca77da2dd5880ce5dd Author: Xiaoguang Wang Date: Tue Jun 16 02:06:37 2020 +0800 io_uring: don't fail links for EAGAIN error in IOPOLL mode In IOPOLL mode, for EAGAIN error, we'll try to submit io request again using io-wq, so don't fail rest of links if this io request has links. Cc: stable@vger.kernel.org Signed-off-by: Xiaoguang Wang Signed-off-by: Jens Axboe commit 1b5044021070efa3259f3e9548dc35d1eb6aa844 Merge: 69119673bd50 dbed452a078d Author: Linus Torvalds Date: Wed Jun 17 11:29:37 2020 -0700 Merge tag 'dma-mapping-5.8-3' of git://git.infradead.org/users/hch/dma-mapping Pull dma-mapping fixes from Christoph Hellwig: "Fixes for the SEV atomic pool (Geert Uytterhoeven and David Rientjes)" * tag 'dma-mapping-5.8-3' of git://git.infradead.org/users/hch/dma-mapping: dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL dma-pool: fix too large DMA pools on medium memory size systems commit c0ee37e85e0e47402b8bbe35b6cec8e06937ca58 Author: Christoph Hellwig Date: Wed Jun 17 09:37:54 2020 +0200 maccess: rename probe_user_{read,write} to copy_{from,to}_user_nofault Better describe what these functions do. Suggested-by: Linus Torvalds Signed-off-by: Christoph Hellwig Signed-off-by: Linus Torvalds commit fe557319aa06c23cffc9346000f119547e0f289a Author: Christoph Hellwig Date: Wed Jun 17 09:37:53 2020 +0200 maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault Better describe what these functions do. Suggested-by: Linus Torvalds Signed-off-by: Christoph Hellwig Signed-off-by: Linus Torvalds commit 8030e250d882db174cbcd88273570ffb36a13080 Author: Stanislav Fomichev Date: Tue Jun 16 18:04:16 2020 -0700 bpf: Document optval > PAGE_SIZE behavior for sockopt hooks Extend existing doc with more details about requiring ctx->optlen = 0 for handling optval > PAGE_SIZE. Signed-off-by: Stanislav Fomichev Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200617010416.93086-3-sdf@google.com commit a0cb12b03132befbdb29d835ca330c18792e8134 Author: Stanislav Fomichev Date: Tue Jun 16 18:04:15 2020 -0700 selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed We are relying on the fact, that we can pass > sizeof(int) optvals to the SOL_IP+IP_FREEBIND option (the kernel will take first 4 bytes). In the BPF program we check that we can only touch PAGE_SIZE bytes, but the real optlen is PAGE_SIZE * 2. In both cases, we override it to some predefined value and trim the optlen. Also, let's modify exiting IP_TOS usecase to test optlen=0 case where BPF program just bypasses the data as is. Signed-off-by: Stanislav Fomichev Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200617010416.93086-2-sdf@google.com commit d8fe449a9c51a37d844ab607e14e2f5c657d3cf2 Author: Stanislav Fomichev Date: Tue Jun 16 18:04:14 2020 -0700 bpf: Don't return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE Attaching to these hooks can break iptables because its optval is usually quite big, or at least bigger than the current PAGE_SIZE limit. David also mentioned some SCTP options can be big (around 256k). For such optvals we expose only the first PAGE_SIZE bytes to the BPF program. BPF program has two options: 1. Set ctx->optlen to 0 to indicate that the BPF's optval should be ignored and the kernel should use original userspace value. 2. Set ctx->optlen to something that's smaller than the PAGE_SIZE. v5: * use ctx->optlen == 0 with trimmed buffer (Alexei Starovoitov) * update the docs accordingly v4: * use temporary buffer to avoid optval == optval_end == NULL; this removes the corner case in the verifier that might assume non-zero PTR_TO_PACKET/PTR_TO_PACKET_END. v3: * don't increase the limit, bypass the argument v2: * proper comments formatting (Jakub Kicinski) Fixes: 0d01da6afc54 ("bpf: implement getsockopt and setsockopt hooks") Signed-off-by: Stanislav Fomichev Signed-off-by: Alexei Starovoitov Cc: David Laight Link: https://lore.kernel.org/bpf/20200617010416.93086-1-sdf@google.com commit 99c51064fb06146b3d494b745c947e438a10aaa7 Author: Toke Høiland-Jørgensen Date: Tue Jun 16 16:28:29 2020 +0200 devmap: Use bpf_map_area_alloc() for allocating hash buckets Syzkaller discovered that creating a hash of type devmap_hash with a large number of entries can hit the memory allocator limit for allocating contiguous memory regions. There's really no reason to use kmalloc_array() directly in the devmap code, so just switch it to the existing bpf_map_area_alloc() function that is used elsewhere. Fixes: 6f9d451ab1a3 ("xdp: Add devmap_hash map type for looking up devices by hashed index") Reported-by: Xiumei Mu Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: Alexei Starovoitov Acked-by: John Fastabend Link: https://lore.kernel.org/bpf/20200616142829.114173-1-toke@redhat.com commit 3ff2351651a2ecb73ec9d29119793bde190b2850 Author: Hangbin Liu Date: Tue Jun 16 18:35:18 2020 +0800 xdp: Handle frame_sz in xdp_convert_zc_to_xdp_frame() In commit 34cc0b338a61 we only handled the frame_sz in convert_to_xdp_frame(). This patch will also handle frame_sz in xdp_convert_zc_to_xdp_frame(). Fixes: 34cc0b338a61 ("xdp: Xdp_frame add member frame_sz and handle in convert_to_xdp_frame") Signed-off-by: Hangbin Liu Signed-off-by: Alexei Starovoitov Acked-by: Jesper Dangaard Brouer Acked-by: John Fastabend Link: https://lore.kernel.org/bpf/20200616103518.2963410-1-liuhangbin@gmail.com commit da8996250a7cb9fd6a262dc899258ad0f4021b68 Author: Gustavo A. R. Silva Date: Wed Jun 17 12:31:45 2020 -0400 dm ioctl: use struct_size() helper in retrieve_deps() One of the more common cases of allocation size calculations is finding the size of a structure that has a zero-sized array at the end, along with memory for some number of elements for that array. For example: struct dm_target_deps { ... __u64 dev[0]; /* out */ }; Make use of the struct_size() helper instead of an open-coded version in order to avoid any potential type mistakes. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Mike Snitzer commit a143e172b66d992092eb6cf984f79d6989b684d6 Author: Huaisheng Ye Date: Fri Jun 12 23:55:44 2020 +0800 dm writecache: skip writecache_wait when using pmem mode The array bio_in_progress is only used with ssd mode. So skip writecache_wait_for_ios in writecache_discard when pmem mode. Signed-off-by: Huaisheng Ye Acked-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit 39495b12ef1cf602e6abd350dce2ef4199906531 Author: Huaisheng Ye Date: Fri Jun 12 23:59:11 2020 +0800 dm writecache: correct uncommitted_block when discarding uncommitted entry When uncommitted entry has been discarded, correct wc->uncommitted_block for getting the exact number. Fixes: 48debafe4f2fe ("dm: add writecache target") Cc: stable@vger.kernel.org Signed-off-by: Huaisheng Ye Acked-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit 7b2377486767503d47265e4d487a63c651f6b55d Author: Hou Tao Date: Mon Jun 15 11:33:23 2020 +0800 dm zoned: assign max_io_len correctly The unit of max_io_len is sector instead of byte (spotted through code review), so fix it. Fixes: 3b1a94c88b79 ("dm zoned: drive-managed zoned block device target") Cc: stable@vger.kernel.org Signed-off-by: Hou Tao Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 0e093c77c5b0dc0d8cbe123a84c944aa8bf0b878 Author: Arnaldo Carvalho de Melo Date: Wed Jun 17 10:23:51 2020 -0300 tools headers UAPI: Sync linux/fs.h with the kernel sources To pick the changes from: b383a73f2b83 ("fs/ext4: Introduce DAX inode flag") And silence this perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/fs.h' differs from latest version at 'include/uapi/linux/fs.h' diff -u tools/include/uapi/linux/fs.h include/uapi/linux/fs.h It causes various beautifiers for things like fspick, fsmount, etc (see below) to get rebuilt, but this specific change doesn't make 'perf trace' be capable of decoding anything new, as we still don't decode what comes from ioctls, just its cmds. Details about the update: $ cp include/uapi/linux/fs.h tools/include/uapi/linux/fs.h $ git diff diff --git a/tools/include/uapi/linux/fs.h b/tools/include/uapi/linux/fs.h index 379a612f8f1d..f44eb0a04afd 100644 --- a/tools/include/uapi/linux/fs.h +++ b/tools/include/uapi/linux/fs.h @@ -262,6 +262,7 @@ struct fsxattr { #define FS_EA_INODE_FL 0x00200000 /* Inode used for large EA */ #define FS_EOFBLOCKS_FL 0x00400000 /* Reserved for ext4 */ #define FS_NOCOW_FL 0x00800000 /* Do not cow file */ +#define FS_DAX_FL 0x02000000 /* Inode is DAX */ #define FS_INLINE_DATA_FL 0x10000000 /* Reserved for ext4 */ #define FS_PROJINHERIT_FL 0x20000000 /* Create with parents projid */ #define FS_CASEFOLD_FL 0x40000000 /* Folder is case insensitive */ $ m make: Entering directory '/home/acme/git/perf/tools/perf' BUILD: Doing 'make -j8' parallel build INSTALL GTK UI CC /tmp/build/perf/builtin-trace.o DESCEND plugins CC /tmp/build/perf/trace/beauty/fsmount.o CC /tmp/build/perf/trace/beauty/fspick.o CC /tmp/build/perf/trace/beauty/mount_flags.o CC /tmp/build/perf/trace/beauty/move_mount.o CC /tmp/build/perf/trace/beauty/renameat.o CC /tmp/build/perf/trace/beauty/sync_file_range.o INSTALL trace_plugins LD /tmp/build/perf/trace/beauty/perf-in.o LD /tmp/build/perf/perf-in.o LINK /tmp/build/perf/perf Cc: Adrian Hunter Cc: Ira Weiny Cc: Jiri Olsa Cc: Namhyung Kim Cc: Theodore Ts'o Signed-off-by: Arnaldo Carvalho de Melo commit f64925c1ebacce7cadc7f2b993b145c3bfd95b57 Author: Arnaldo Carvalho de Melo Date: Wed Jun 17 10:16:53 2020 -0300 tools include UAPI: Sync linux/vhost.h with the kernel sources To get the changes in: 776f395004d8 ("vhost_vdpa: Support config interrupt in vdpa") Silencing this perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/vhost.h' differs from latest version at 'include/uapi/linux/vhost.h' diff -u tools/include/uapi/linux/vhost.h include/uapi/linux/vhost.h This automatically picks the new ioctl introduced in the above patch, making tools such as 'perf trace' aware of them and possibly allowing to use the strings in filters, etc: # perf trace -e ioctl --pid 7951 0.178 ( 0.010 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 0.194 ( 0.010 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 0.209 ( 0.010 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 0.224 (249.413 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.660 ( 0.011 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.675 ( 0.007 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.686 ( 0.007 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.697 ( 0.008 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.709 ( 0.007 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.720 ( 0.007 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.730 ( 0.007 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.740 ( 0.007 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.752 ( 0.007 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.762 ( 0.007 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.772 ( 0.007 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 249.782 (120.138 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 370.201 ( 0.039 ms): CPU 0/KVM/8023 ioctl(fd: 12, cmd: KVM_IRQ_LINE_STATUS, arg: 0x7f744f9e1420) = 0 370.254 ( 0.052 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 370.575 ( 0.365 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 370.973 ( 0.028 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 371.015 ( 0.037 ms): CPU 0/KVM/8023 ioctl(fd: 14, cmd: KVM_RUN) = 0 371.071 ( 0.009 ms): CPU 0/KVM/8023 ioctl(fd: 12, cmd: KVM_IRQ_LINE_STATUS, arg: 0x7f744f9e14b0) = 0 # Details about the update: $ diff -u tools/include/uapi/linux/vhost.h include/uapi/linux/vhost.h --- tools/include/uapi/linux/vhost.h 2020-04-16 13:19:12.056763843 -0300 +++ include/uapi/linux/vhost.h 2020-06-17 10:04:20.532056428 -0300 @@ -15,6 +15,8 @@ #include #include +#define VHOST_FILE_UNBIND -1 + /* ioctls */ #define VHOST_VIRTIO 0xAF @@ -140,4 +142,6 @@ /* Get the max ring size. */ #define VHOST_VDPA_GET_VRING_NUM _IOR(VHOST_VIRTIO, 0x76, __u16) +/* Set event fd for config interrupt*/ +#define VHOST_VDPA_SET_CONFIG_CALL _IOW(VHOST_VIRTIO, 0x77, int) #endif $ $ tools/perf/trace/beauty/vhost_virtio_ioctl.sh > before $ cp include/uapi/linux/vhost.h tools/include/uapi/linux/vhost.h $ tools/perf/trace/beauty/vhost_virtio_ioctl.sh > after $ diff -u before after --- before 2020-06-17 10:15:35.123275966 -0300 +++ after 2020-06-17 10:15:51.812482117 -0300 @@ -27,6 +27,7 @@ [0x72] = "VDPA_SET_STATUS", [0x74] = "VDPA_SET_CONFIG", [0x75] = "VDPA_SET_VRING_ENABLE", + [0x77] = "VDPA_SET_CONFIG_CALL", }; static const char *vhost_virtio_ioctl_read_cmds[] = { [0x00] = "GET_FEATURES", $ This causes these parts to get rebuilt: CC /tmp/build/perf/trace/beauty/ioctl.o INSTALL trace_plugins LD /tmp/build/perf/trace/beauty/perf-in.o LD /tmp/build/perf/perf-in.o LINK /tmp/build/perf/perf Cc: Adrian Hunter Cc: Jiri Olsa Cc: Michael S. Tsirkin Cc: Namhyung Kim Cc: Zhu Lingshan Signed-off-by: Arnaldo Carvalho de Melo commit 25ca7e5c0b0315f3b5e6c4d2123e5a821ec0b590 Author: Arnaldo Carvalho de Melo Date: Wed Jun 17 10:07:59 2020 -0300 tools arch x86: Sync the msr-index.h copy with the kernel sources To pick up the changes in: 7e5b3c267d25 ("x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation") Addressing these tools/perf build warnings: Warning: Kernel ABI header at 'tools/arch/x86/include/asm/msr-index.h' differs from latest version at 'arch/x86/include/asm/msr-index.h' diff -u tools/arch/x86/include/asm/msr-index.h arch/x86/include/asm/msr-index.h Warning: Kernel ABI header at 'tools/arch/x86/include/asm/cpufeatures.h' differs from latest version at 'arch/x86/include/asm/cpufeatures.h' diff -u tools/arch/x86/include/asm/cpufeatures.h arch/x86/include/asm/cpufeatures.h With this one will be able to use these new AMD MSRs in filters, by name, e.g.: # perf trace -e msr:* --filter "msr==IA32_MCU_OPT_CTRL" ^C# Using -v we can see how it sets up the tracepoint filters, converting from the string in the filter to the numeric value: # perf trace -v -e msr:* --filter "msr==IA32_MCU_OPT_CTRL" Using CPUID GenuineIntel-6-8E-A 0x123 New filter for msr:read_msr: (msr==0x123) && (common_pid != 335 && common_pid != 30344) 0x123 New filter for msr:write_msr: (msr==0x123) && (common_pid != 335 && common_pid != 30344) 0x123 New filter for msr:rdpmc: (msr==0x123) && (common_pid != 335 && common_pid != 30344) mmap size 528384B ^C# The updating process shows how this affects tooling in more detail: $ diff -u tools/arch/x86/include/asm/msr-index.h arch/x86/include/asm/msr-index.h --- tools/arch/x86/include/asm/msr-index.h 2020-06-03 10:36:09.959910238 -0300 +++ arch/x86/include/asm/msr-index.h 2020-06-17 10:04:20.235052901 -0300 @@ -128,6 +128,10 @@ #define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM feature */ #define TSX_CTRL_CPUID_CLEAR BIT(1) /* Disable TSX enumeration */ +/* SRBDS support */ +#define MSR_IA32_MCU_OPT_CTRL 0x00000123 +#define RNGDS_MITG_DIS BIT(0) + #define MSR_IA32_SYSENTER_CS 0x00000174 #define MSR_IA32_SYSENTER_ESP 0x00000175 #define MSR_IA32_SYSENTER_EIP 0x00000176 $ set -o vi $ tools/perf/trace/beauty/tracepoints/x86_msr.sh > before $ cp arch/x86/include/asm/msr-index.h tools/arch/x86/include/asm/msr-index.h $ tools/perf/trace/beauty/tracepoints/x86_msr.sh > after $ diff -u before after --- before 2020-06-17 10:05:49.653114752 -0300 +++ after 2020-06-17 10:06:01.777258731 -0300 @@ -51,6 +51,7 @@ [0x0000011e] = "IA32_BBL_CR_CTL3", [0x00000120] = "IDT_MCR_CTRL", [0x00000122] = "IA32_TSX_CTRL", + [0x00000123] = "IA32_MCU_OPT_CTRL", [0x00000140] = "MISC_FEATURES_ENABLES", [0x00000174] = "IA32_SYSENTER_CS", [0x00000175] = "IA32_SYSENTER_ESP", $ The related change to cpu-features.h affects this: CC /tmp/build/perf/bench/mem-memcpy-x86-64-asm.o CC /tmp/build/perf/bench/mem-memset-x86-64-asm.o This shouldn't be affecting that 'perf bench' entry: $ find tools/perf/ -type f | xargs grep SRBDS $ Cc: Adrian Hunter Cc: Jiri Olsa Cc: Mark Gross Cc: Namhyung Kim Cc: Thomas Gleixner Signed-off-by: Arnaldo Carvalho de Melo commit 08a7c7772b4db0be06e3b27239147c0a36e2a507 Merge: b13b04d93821 69119673bd50 Author: Arnaldo Carvalho de Melo Date: Wed Jun 17 13:20:14 2020 -0300 Merge remote-tracking branch 'torvalds/master' into perf/urgent To get some newer headers that got out of sync with the copies in tools/ so that we can try to have the tools/perf/ build clean for v5.8 with fewer pull requests. Signed-off-by: Arnaldo Carvalho de Melo commit b13b04d9382113f787e21c9567a4022fef8697b9 Author: Milian Wolff Date: Sat Jun 13 01:03:33 2020 +0200 perf script: Initialize zstd_data Fixes segmentation fault when trying to interpret zstd-compressed data with perf script: ``` $ perf record -z ls ... [ perf record: Captured and wrote 0,010 MB perf.data, compressed (original 0,001 MB, ratio is 2,190) ] $ memcheck perf script ... ==67911== Invalid read of size 4 ==67911== at 0x5568188: ZSTD_decompressStream (in /usr/lib/libzstd.so.1.4.5) ==67911== by 0x6E726B: zstd_decompress_stream (zstd.c:100) ==67911== by 0x65729C: perf_session__process_compressed_event (session.c:72) ==67911== by 0x6598E8: perf_session__process_user_event (session.c:1583) ==67911== by 0x65BA59: reader__process_events (session.c:2177) ==67911== by 0x65BA59: __perf_session__process_events (session.c:2234) ==67911== by 0x65BA59: perf_session__process_events (session.c:2267) ==67911== by 0x5A7397: __cmd_script (builtin-script.c:2447) ==67911== by 0x5A7397: cmd_script (builtin-script.c:3840) ==67911== by 0x5FE9D2: run_builtin (perf.c:312) ==67911== by 0x711627: handle_internal_command (perf.c:364) ==67911== by 0x711627: run_argv (perf.c:408) ==67911== by 0x711627: main (perf.c:538) ==67911== Address 0x71d8 is not stack'd, malloc'd or (recently) free'd ``` Signed-off-by: Milian Wolff Acked-by: Alexey Budankov Tested-by: Arnaldo Carvalho de Melo LPU-Reference: 20200612230333.72140-1-milian.wolff@kdab.com Signed-off-by: Arnaldo Carvalho de Melo commit c69cb1d17b6258830b0a97dde73525c1006898f8 Author: Damien Le Moal Date: Mon Jun 8 13:20:59 2020 +0900 dm zoned: fix uninitialized pointer dereference Make sure that the local variable rzone in dmz_do_reclaim() is always initialized before being used for printing debug messages. Fixes: f97809aec589 ("dm zoned: per-device reclaim") Signed-off-by: Damien Le Moal Reviewed-by: Hannes Reinecke Signed-off-by: Mike Snitzer commit 95b2c3ec4cb1689db2389c251d39f64490ba641c Author: Charles Keepax Date: Wed Jun 17 16:21:29 2020 +0100 regmap: Fix memory leak from regmap_register_patch When a register patch is registered the reg_sequence is copied but the memory allocated is never freed. Add a kfree in regmap_exit to clean it up. Fixes: 22f0d90a3482 ("regmap: Support register patch sets") Signed-off-by: Charles Keepax Link: https://lore.kernel.org/r/20200617152129.19655-1-ckeepax@opensource.cirrus.com Signed-off-by: Mark Brown commit 1c7fb20d6b0acd452cb93d447051eac7724edfa7 Author: Tobias Klauser Date: Tue Jun 16 13:33:03 2020 +0200 tools, bpftool: Add ringbuf map type to map command docs Commit c34a06c56df7 ("tools/bpftool: Add ringbuf map to a list of known map types") added the symbolic "ringbuf" name. Document it in the bpftool map command docs and usage as well. Signed-off-by: Tobias Klauser Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Acked-by: John Fastabend Link: https://lore.kernel.org/bpf/20200616113303.8123-1-tklauser@distanz.ch commit 02553b91da5deb63c8562b47529b09b734659af0 Author: Andrii Nakryiko Date: Mon Jun 15 22:04:30 2020 -0700 bpf: bpf_probe_read_kernel_str() has to return amount of data read on success During recent refactorings, bpf_probe_read_kernel_str() started returning 0 on success, instead of amount of data successfully read. This majorly breaks applications relying on bpf_probe_read_kernel_str() and bpf_probe_read_str() and their results. Fix this by returning actual number of bytes read. Fixes: 8d92db5c04d1 ("bpf: rework the compat kernel probe handling") Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Reviewed-by: Christoph Hellwig Acked-by: John Fastabend Link: https://lore.kernel.org/bpf/20200616050432.1902042-1-andriin@fb.com commit b2c22910fe5aae10b7e17b0721e63a3edf0c9553 Author: Kai-Heng Feng Date: Wed Jun 17 18:29:02 2020 +0800 ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems There are two more HP systems control mute LED from HDA codec and need to expose micmute led class so SoF can control micmute LED. Add quirks to support them. Signed-off-by: Kai-Heng Feng Cc: Link: https://lore.kernel.org/r/20200617102906.16156-2-kai.heng.feng@canonical.com Signed-off-by: Takashi Iwai commit c3dbe541ef77754729de5e82be2d6e5d267c6c8c Author: Jan Kara Date: Fri Jun 5 16:58:37 2020 +0200 blktrace: Avoid sparse warnings when assigning q->blk_trace Mostly for historical reasons, q->blk_trace is assigned through xchg() and cmpxchg() atomic operations. Although this is correct, sparse complains about this because it violates rcu annotations since commit c780e86dd48e ("blktrace: Protect q->blk_trace with RCU") which started to use rcu for accessing q->blk_trace. Furthermore there's no real need for atomic operations anymore since all changes to q->blk_trace happen under q->blk_trace_mutex and since it also makes more sense to check if q->blk_trace is set with the mutex held earlier. So let's just replace xchg() with rcu_replace_pointer() and cmpxchg() with explicit check and rcu_assign_pointer(). This makes the code more efficient and sparse happy. Reported-by: kbuild test robot Signed-off-by: Jan Kara Signed-off-by: Jens Axboe commit 1b0b283648163dae2a214ca28ed5a99f62a77319 Author: Luis Chamberlain Date: Fri Jun 5 16:58:36 2020 +0200 blktrace: break out of blktrace setup on concurrent calls We use one blktrace per request_queue, that means one per the entire disk. So we cannot run one blktrace on say /dev/vda and then /dev/vda1, or just two calls on /dev/vda. We check for concurrent setup only at the very end of the blktrace setup though. If we try to run two concurrent blktraces on the same block device the second one will fail, and the first one seems to go on. However when one tries to kill the first one one will see things like this: The kernel will show these: ``` debugfs: File 'dropped' in directory 'nvme1n1' already present! debugfs: File 'msg' in directory 'nvme1n1' already present! debugfs: File 'trace0' in directory 'nvme1n1' already present! `` And userspace just sees this error message for the second call: ``` blktrace /dev/nvme1n1 BLKTRACESETUP(2) /dev/nvme1n1 failed: 5/Input/output error ``` The first userspace process #1 will also claim that the files were taken underneath their nose as well. The files are taken away form the first process given that when the second blktrace fails, it will follow up with a BLKTRACESTOP and BLKTRACETEARDOWN. This means that even if go-happy process #1 is waiting for blktrace data, we *have* been asked to take teardown the blktrace. This can easily be reproduced with break-blktrace [0] run_0005.sh test. Just break out early if we know we're already going to fail, this will prevent trying to create the files all over again, which we know still exist. [0] https://github.com/mcgrof/break-blktrace Signed-off-by: Luis Chamberlain Signed-off-by: Jan Kara Reviewed-by: Bart Van Assche Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832 Author: J. Bruce Fields Date: Tue Jun 16 16:43:18 2020 -0400 nfsd: apply umask on fs without ACL support The server is failing to apply the umask when creating new objects on filesystems without ACL support. To reproduce this, you need to use NFSv4.2 and a client and server recent enough to support umask, and you need to export a filesystem that lacks ACL support (for example, ext4 with the "noacl" mount option). Filesystems with ACL support are expected to take care of the umask themselves (usually by calling posix_acl_create). For filesystems without ACL support, this is up to the caller of vfs_create(), vfs_mknod(), or vfs_mkdir(). Reported-by: Elliott Mitchell Reported-by: Salvatore Bonaccorso Tested-by: Salvatore Bonaccorso Fixes: 47057abde515 ("nfsd: add support for the umask attribute") Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields commit 2a55280a3675203496d302463b941834228b9875 Author: Ard Biesheuvel Date: Sun Jun 7 15:41:35 2020 +0200 efi/libstub: arm: Print CPU boot mode and MMU state at boot On 32-bit ARM, we may boot at HYP mode, or with the MMU and caches off (or both), even though the EFI spec does not actually support this. While booting at HYP mode is something we might tolerate, fiddling with the caches is a more serious issue, as disabling the caches is tricky to do safely from C code, and running without the Dcache makes it impossible to support unaligned memory accesses, which is another explicit requirement imposed by the EFI spec. So take note of the CPU mode and MMU state in the EFI stub diagnostic output so that we can easily diagnose any issues that may arise from this. E.g., EFI stub: Entering in SVC mode with MMU enabled Also, capture the CPSR and SCTLR system register values at EFI stub entry, and after ExitBootServices() returns, and check whether the MMU and Dcache were disabled at any point. If this is the case, a diagnostic message like the following will be emitted: efi: [Firmware Bug]: EFI stub was entered with MMU and Dcache disabled, please fix your firmware! efi: CPSR at EFI stub entry : 0x600001d3 efi: SCTLR at EFI stub entry : 0x00c51838 efi: CPSR after ExitBootServices() : 0x600001d3 efi: SCTLR after ExitBootServices(): 0x00c50838 Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm commit 62956be8f95b93e9f91ffe2e5aa9c0e411af5a14 Author: Ard Biesheuvel Date: Tue Jun 16 12:53:30 2020 +0200 efi/libstub: arm: Omit arch specific config table matching array on arm64 On arm64, the EFI stub is built into the kernel proper, and so the stub can refer to its symbols directly. Therefore, the practice of using EFI configuration tables to pass information between them is never needed, so we can omit any code consuming such tables when building for arm64. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm commit 41d90b0c1108d1e46c48cf79964636c553844f4c Author: Arvind Sankar Date: Wed Jun 17 09:19:57 2020 -0400 efi/x86: Setup stack correctly for efi_pe_entry Commit 17054f492dfd ("efi/x86: Implement mixed mode boot without the handover protocol") introduced a new entry point for the EFI stub to be booted in mixed mode on 32-bit firmware. When entered via efi32_pe_entry, control is first transferred to startup_32 to setup for the switch to long mode, and then the EFI stub proper is entered via efi_pe_entry. efi_pe_entry is an MS ABI function, and the ABI requires 32 bytes of shadow stack space to be allocated by the caller, as well as the stack being aligned to 8 mod 16 on entry. Allocate 40 bytes on the stack before switching to 64-bit mode when calling efi_pe_entry to account for this. For robustness, explicitly align boot_stack_end to 16 bytes. It is currently implicitly aligned since .bss is cacheline-size aligned, head_64.o is the first object file with a .bss section, and the heap and boot sizes are aligned. Fixes: 17054f492dfd ("efi/x86: Implement mixed mode boot without the handover protocol") Signed-off-by: Arvind Sankar Link: https://lore.kernel.org/r/20200617131957.2507632-1-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel commit 1497eea68624f6076bf3eaf66baec3771ea04045 Author: Michael Ellerman Date: Tue Jun 16 23:56:16 2020 +1000 powerpc/syscalls: Use the number when building SPU syscall table Currently the macro that inserts entries into the SPU syscall table doesn't actually use the "nr" (syscall number) parameter. This does work, but it relies on the exact right number of syscall entries being emitted in order for the syscal numbers to line up with the array entries. If for example we had two entries with the same syscall number we wouldn't get an error, it would just cause all subsequent syscalls to be off by one in the spu_syscall_table. So instead change the macro to assign to the specific entry of the array, meaning any numbering overlap will be caught by the compiler. Signed-off-by: Michael Ellerman Acked-by: Arnd Bergmann Link: https://lore.kernel.org/r/20200616135617.2937252-1-mpe@ellerman.id.au commit 687993ccf3b05070598b89fad97410b26d7bc9d2 Author: Mike Rapoport Date: Mon Jun 15 12:22:29 2020 +0300 powerpc/8xx: use pmd_off() to access a PMD entry in pte_update() The pte_update() implementation for PPC_8xx unfolds page table from the PGD level to access a PMD entry. Since 8xx has only 2-level page table this can be simplified with pmd_off() shortcut. Replace explicit unfolding with pmd_off() and drop defines of pgd_index() and pgd_offset() that are no longer needed. Signed-off-by: Mike Rapoport Reviewed-by: Christophe Leroy Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200615092229.23142-1-rppt@kernel.org commit 35700e221b18fa53401e5f315be90af9e0bbcdca Author: Patrice Chotard Date: Tue Jun 16 13:30:35 2020 +0200 spi: stm32-qspi: Fix error path in case of -EPROBE_DEFER In case of -EPROBE_DEFER, stm32_qspi_release() was called in any case which unregistered driver from pm_runtime framework even if it has not been registered yet to it. This leads to: stm32-qspi 58003000.spi: can't setup spi0.0, status -13 spi_master spi0: spi_device register error /soc/spi@58003000/mx66l51235l@0 spi_master spi0: Failed to create SPI device for /soc/spi@58003000/mx66l51235l@0 stm32-qspi 58003000.spi: can't setup spi0.1, status -13 spi_master spi0: spi_device register error /soc/spi@58003000/mx66l51235l@1 spi_master spi0: Failed to create SPI device for /soc/spi@58003000/mx66l51235l@1 On v5.7 kernel,this issue was not "visible", qspi driver was probed successfully. Fixes: 9d282c17b023 ("spi: stm32-qspi: Add pm_runtime support") Signed-off-by: Patrice Chotard Link: https://lore.kernel.org/r/20200616113035.4514-1-patrice.chotard@st.com Signed-off-by: Mark Brown commit 1b3bcca2085865c1facfbea9baf2f5cde5dc15e4 Author: Axel Lin Date: Tue Jun 16 21:50:30 2020 +0800 regulator: mt6358: Remove BROKEN dependency The MFD part is merged into v5.8-rc1, thus remove BROKEN dependency. Signed-off-by: Axel Lin Link: https://lore.kernel.org/r/20200616135030.1163660-1-axel.lin@ingics.com Signed-off-by: Mark Brown commit 6870112c46c867f50cd27570860a05bd82614b5c Merge: 6f1cf5257acc b3a9e3b9622a Author: Mark Brown Date: Wed Jun 17 12:39:12 2020 +0100 Merge tag 'v5.8-rc1' into regulator-5.8 Linux 5.8-rc1 commit da785a87787c97823d12107a4f0ec7adcc2a78d9 Author: Andy Shevchenko Date: Tue Jun 16 19:31:39 2020 +0300 ARM: bcm2835: Fix integer overflow in rpi_firmware_print_firmware_revision() time64_t is 64-bit width type, we are not supposed to supply lesser ones as in the case of rpi_firmware_print_firmware_revision() after the commit 4a60f58ee002 ("ARM: bcm2835: Switch to use %ptT"). Use temporary variable of time64_t type to correctly handle lesser types. Fixes: 4a60f58ee002 ("ARM: bcm2835: Switch to use %ptT") Reported-by: Stefan Wahren Reported-by: Nicolas Saenz Julienne Signed-off-by: Andy Shevchenko Revieved-by: Petr Mladek Tested-by: Nicolas Saenz Julienne Signed-off-by: Nicolas Saenz Julienne Cc: Petr Mladek Cc: Steven Rostedt Cc: Sergey Senozhatsky Link: https://lore.kernel.org/r/20200616163139.4229-1-andriy.shevchenko@linux.intel.com commit b9249cba25a5dce5de87e5404503a5e11832c2dd Author: Will Deacon Date: Tue Jun 16 19:03:49 2020 +0100 arm64: bti: Require clang >= 10.0.1 for in-kernel BTI support Unfortunately, most versions of clang that support BTI are capable of miscompiling the kernel when converting a switch statement into a jump table. As an example, attempting to spawn a KVM guest results in a panic: [ 56.253312] Kernel panic - not syncing: bad mode [ 56.253834] CPU: 0 PID: 279 Comm: lkvm Not tainted 5.8.0-rc1 #2 [ 56.254225] Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 [ 56.254712] Call trace: [ 56.254952] dump_backtrace+0x0/0x1d4 [ 56.255305] show_stack+0x1c/0x28 [ 56.255647] dump_stack+0xc4/0x128 [ 56.255905] panic+0x16c/0x35c [ 56.256146] bad_el0_sync+0x0/0x58 [ 56.256403] el1_sync_handler+0xb4/0xe0 [ 56.256674] el1_sync+0x7c/0x100 [ 56.256928] kvm_vm_ioctl_check_extension_generic+0x74/0x98 [ 56.257286] __arm64_sys_ioctl+0x94/0xcc [ 56.257569] el0_svc_common+0x9c/0x150 [ 56.257836] do_el0_svc+0x84/0x90 [ 56.258083] el0_sync_handler+0xf8/0x298 [ 56.258361] el0_sync+0x158/0x180 This is because the switch in kvm_vm_ioctl_check_extension_generic() is executed as an indirect branch to tail-call through a jump table: ffff800010032dc8: 3869694c ldrb w12, [x10, x9] ffff800010032dcc: 8b0c096b add x11, x11, x12, lsl #2 ffff800010032dd0: d61f0160 br x11 However, where the target case uses the stack, the landing pad is elided due to the presence of a paciasp instruction: ffff800010032e14: d503233f paciasp ffff800010032e18: a9bf7bfd stp x29, x30, [sp, #-16]! ffff800010032e1c: 910003fd mov x29, sp ffff800010032e20: aa0803e0 mov x0, x8 ffff800010032e24: 940017c0 bl ffff800010038d24 ffff800010032e28: 93407c00 sxtw x0, w0 ffff800010032e2c: a8c17bfd ldp x29, x30, [sp], #16 ffff800010032e30: d50323bf autiasp ffff800010032e34: d65f03c0 ret Unfortunately, this results in a fatal exception because paciasp is compatible only with branch-and-link (call) instructions and not simple indirect branches. A fix is being merged into Clang 10.0.1 so that a 'bti j' instruction is emitted as an explicit landing pad in this situation. Make in-kernel BTI depend on that compiler version when building with clang. Cc: Tom Stellard Cc: Daniel Kiss Reviewed-by: Mark Brown Acked-by: Dave Martin Reviewed-by: Nathan Chancellor Acked-by: Nick Desaulniers Link: https://lore.kernel.org/r/20200615105524.GA2694@willie-the-truck Link: https://lore.kernel.org/r/20200616183630.2445-1-will@kernel.org Signed-off-by: Will Deacon commit cc5277fe66cf3ad68f41f1c539b2ef0d5e432974 Author: Dan Carpenter Date: Tue Jun 2 22:36:11 2020 +0300 x86/resctrl: Fix a NULL vs IS_ERR() static checker warning in rdt_cdp_peer_get() The callers don't expect *d_cdp to be set to an error pointer, they only check for NULL. This leads to a static checker warning: arch/x86/kernel/cpu/resctrl/rdtgroup.c:2648 __init_one_rdt_domain() warn: 'd_cdp' could be an error pointer This would not trigger a bug in this specific case because __init_one_rdt_domain() calls it with a valid domain that would not have a negative id and thus not trigger the return of the ERR_PTR(). If this was a negative domain id then the call to rdt_find_domain() in domain_add_cpu() would have returned the ERR_PTR() much earlier and the creation of the domain with an invalid id would have been prevented. Even though a bug is not triggered currently the right and safe thing to do is to set the pointer to NULL because that is what can be checked for when the caller is handling the CDP and non-CDP cases. Fixes: 52eb74339a62 ("x86/resctrl: Fix rdt_find_domain() return value and checks") Signed-off-by: Dan Carpenter Signed-off-by: Borislav Petkov Acked-by: Reinette Chatre Acked-by: Fenghua Yu Link: https://lkml.kernel.org/r/20200602193611.GA190851@mwanda commit ff58bbc7b9704a5869204176f804eff57307fef0 Author: Takashi Iwai Date: Tue Jun 16 14:09:21 2020 +0200 ALSA: usb-audio: Fix potential use-after-free of streams With the recent full-duplex support of implicit feedback streams, an endpoint can be still running after closing the capture stream as long as the playback stream with the sync-endpoint is running. In such a state, the URBs are still be handled and they may call retire_data_urb callback, which tries to transfer the data from the PCM buffer. Since the PCM stream gets closed, this may lead to use-after-free. This patch adds the proper clearance of the callback at stopping the capture stream for addressing the possible UAF above. Fixes: 10ce77e4817f ("ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback") Link: https://lore.kernel.org/r/20200616120921.12249-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit 56fccf21d1961a06e2a0c96ce446ebf036651062 Author: David Rientjes Date: Thu Jun 11 12:20:30 2020 -0700 dma-direct: check return value when encrypting or decrypting memory __change_page_attr() can fail which will cause set_memory_encrypted() and set_memory_decrypted() to return non-zero. If the device requires unencrypted DMA memory and decryption fails, simply free the memory and fail. If attempting to re-encrypt in the failure path and that encryption fails, there is no alternative other than to leak the memory. Fixes: c10f07aa27da ("dma/direct: Handle force decryption for DMA coherent buffers in common code") Signed-off-by: David Rientjes Signed-off-by: Christoph Hellwig commit 96a539fa3bb71f443ae08e57b9f63d6e5bb2207c Author: David Rientjes Date: Thu Jun 11 12:20:29 2020 -0700 dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails If arch_dma_set_uncached() fails after memory has been decrypted, it needs to be re-encrypted before freeing. Fixes: fa7e2247c572 ("dma-direct: make uncached_kernel_address more general") Signed-off-by: David Rientjes Signed-off-by: Christoph Hellwig commit 633d5fce78a61e8727674467944939f55b0bcfab Author: David Rientjes Date: Thu Jun 11 12:20:28 2020 -0700 dma-direct: always align allocation size in dma_direct_alloc_pages() dma_alloc_contiguous() does size >> PAGE_SHIFT and set_memory_decrypted() works at page granularity. It's necessary to page align the allocation size in dma_direct_alloc_pages() for consistent behavior. This also fixes an issue when arch_dma_prep_coherent() is called on an unaligned allocation size for dma_alloc_need_uncached() when CONFIG_DMA_DIRECT_REMAP is disabled but CONFIG_ARCH_HAS_DMA_SET_UNCACHED is enabled. Signed-off-by: David Rientjes Signed-off-by: Christoph Hellwig commit 26749b3201ab05e288fbf78fbc8585dfa2da3218 Author: Christoph Hellwig Date: Mon Jun 15 08:52:31 2020 +0200 dma-direct: mark __dma_direct_alloc_pages static Signed-off-by: Christoph Hellwig commit 1fbf57d0530217b9f264eedc4867bf91479cdf3c Author: Christoph Hellwig Date: Wed Jun 10 10:29:49 2020 +0200 dma-direct: re-enable mmap for !CONFIG_MMU nommu configfs can trivially map the coherent allocations to user space, as no actual page table setup is required and the kernel and the user space programs share the same address space. Fixes: 62fcee9a3bd7 ("dma-mapping: remove CONFIG_ARCH_NO_COHERENT_DMA_MMAP") Signed-off-by: Christoph Hellwig Reported-by: dillon min Reviewed-by: Vladimir Murzin Tested-by: dillon min commit a291e4fba259a56a6a274c1989997acb6f0bb03a Author: Colin Xu Date: Mon Jun 1 11:55:56 2020 +0800 drm/i915/gvt: Use GFP_ATOMIC instead of GFP_KERNEL in atomic context GFP_KERNEL flag specifies a normal kernel allocation in which executing in process context without any locks and can sleep. mmio_diff takes sometime to finish all the diff compare and it has locks, continue using GFP_KERNEL will output below trace if LOCKDEP enabled. Use GFP_ATOMIC instead. V2: Rebase. ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 5.7.0-rc2 #400 Not tainted ----------------------------------------------------- is trying to acquire: ffffffffb47bea20 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_acquire.part.0+0x0/0x30 and this task is already holding: ffff88845b85cc90 (&gvt->scheduler.mmio_context_lock){+.-.}-{2:2}, at: vgpu_mmio_diff_show+0xcf/0x2e0 which would create a new lock dependency: (&gvt->scheduler.mmio_context_lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} but this new dependency connects a SOFTIRQ-irq-safe lock: (&gvt->scheduler.mmio_context_lock){+.-.}-{2:2} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x175/0x4e0 _raw_spin_lock_irqsave+0x2b/0x40 shadow_context_status_change+0xfe/0x2f0 notifier_call_chain+0x6a/0xa0 __atomic_notifier_call_chain+0x5f/0xf0 execlists_schedule_out+0x42a/0x820 process_csb+0xe7/0x3e0 execlists_submission_tasklet+0x5c/0x1d0 tasklet_action_common.isra.0+0xeb/0x260 __do_softirq+0x11d/0x56f irq_exit+0xf6/0x100 do_IRQ+0x7f/0x160 ret_from_intr+0x0/0x2a cpuidle_enter_state+0xcd/0x5b0 cpuidle_enter+0x37/0x60 do_idle+0x337/0x3f0 cpu_startup_entry+0x14/0x20 start_kernel+0x58b/0x5c5 secondary_startup_64+0xa4/0xb0 to a SOFTIRQ-irq-unsafe lock: (fs_reclaim){+.+.}-{0:0} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x175/0x4e0 fs_reclaim_acquire.part.0+0x20/0x30 kmem_cache_alloc_node_trace+0x2e/0x290 alloc_worker+0x2b/0xb0 init_rescuer.part.0+0x17/0xe0 workqueue_init+0x293/0x3bb kernel_init_freeable+0x149/0x325 kernel_init+0x8/0x116 ret_from_fork+0x3a/0x50 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(fs_reclaim); local_irq_disable(); lock(&gvt->scheduler.mmio_context_lock); lock(fs_reclaim); lock(&gvt->scheduler.mmio_context_lock); *** DEADLOCK *** 3 locks held by cat/1439: #0: ffff888444a23698 (&p->lock){+.+.}-{3:3}, at: seq_read+0x49/0x680 #1: ffff88845b858068 (&gvt->lock){+.+.}-{3:3}, at: vgpu_mmio_diff_show+0xc7/0x2e0 #2: ffff88845b85cc90 (&gvt->scheduler.mmio_context_lock){+.-.}-{2:2}, at: vgpu_mmio_diff_show+0xcf/0x2e0 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&gvt->scheduler.mmio_context_lock){+.-.}-{2:2} ops: 31 { HARDIRQ-ON-W at: lock_acquire+0x175/0x4e0 _raw_spin_lock_bh+0x2f/0x40 vgpu_mmio_diff_show+0xcf/0x2e0 seq_read+0x242/0x680 full_proxy_read+0x95/0xc0 vfs_read+0xc2/0x1b0 ksys_read+0xc4/0x160 do_syscall_64+0x63/0x290 entry_SYSCALL_64_after_hwframe+0x49/0xb3 IN-SOFTIRQ-W at: lock_acquire+0x175/0x4e0 _raw_spin_lock_irqsave+0x2b/0x40 shadow_context_status_change+0xfe/0x2f0 notifier_call_chain+0x6a/0xa0 __atomic_notifier_call_chain+0x5f/0xf0 execlists_schedule_out+0x42a/0x820 process_csb+0xe7/0x3e0 execlists_submission_tasklet+0x5c/0x1d0 tasklet_action_common.isra.0+0xeb/0x260 __do_softirq+0x11d/0x56f irq_exit+0xf6/0x100 do_IRQ+0x7f/0x160 ret_from_intr+0x0/0x2a cpuidle_enter_state+0xcd/0x5b0 cpuidle_enter+0x37/0x60 do_idle+0x337/0x3f0 cpu_startup_entry+0x14/0x20 start_kernel+0x58b/0x5c5 secondary_startup_64+0xa4/0xb0 INITIAL USE at: lock_acquire+0x175/0x4e0 _raw_spin_lock_irqsave+0x2b/0x40 shadow_context_status_change+0xfe/0x2f0 notifier_call_chain+0x6a/0xa0 __atomic_notifier_call_chain+0x5f/0xf0 execlists_schedule_in+0x2c8/0x690 __execlists_submission_tasklet+0x1303/0x1930 execlists_submit_request+0x1e7/0x230 submit_notify+0x105/0x2a4 __i915_sw_fence_complete+0xaa/0x380 __engine_park+0x313/0x5a0 ____intel_wakeref_put_last+0x3e/0x90 intel_gt_resume+0x41e/0x440 intel_gt_init+0x283/0xbc0 i915_gem_init+0x197/0x240 i915_driver_probe+0xc2d/0x12e0 i915_pci_probe+0xa2/0x1e0 local_pci_probe+0x6f/0xb0 pci_device_probe+0x171/0x230 really_probe+0x17a/0x380 driver_probe_device+0x70/0xf0 device_driver_attach+0x82/0x90 __driver_attach+0x60/0x100 bus_for_each_dev+0xe4/0x140 bus_add_driver+0x257/0x2a0 driver_register+0xd3/0x150 i915_init+0x6d/0x80 do_one_initcall+0xb8/0x3a0 kernel_init_freeable+0x2b4/0x325 kernel_init+0x8/0x116 ret_from_fork+0x3a/0x50 } __key.77812+0x0/0x40 ... acquired at: lock_acquire+0x175/0x4e0 fs_reclaim_acquire.part.0+0x20/0x30 kmem_cache_alloc_trace+0x2e/0x260 mmio_diff_handler+0xc0/0x150 intel_gvt_for_each_tracked_mmio+0x7b/0x140 vgpu_mmio_diff_show+0x111/0x2e0 seq_read+0x242/0x680 full_proxy_read+0x95/0xc0 vfs_read+0xc2/0x1b0 ksys_read+0xc4/0x160 do_syscall_64+0x63/0x290 entry_SYSCALL_64_after_hwframe+0x49/0xb3 the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (fs_reclaim){+.+.}-{0:0} ops: 1999031 { HARDIRQ-ON-W at: lock_acquire+0x175/0x4e0 fs_reclaim_acquire.part.0+0x20/0x30 kmem_cache_alloc_node_trace+0x2e/0x290 alloc_worker+0x2b/0xb0 init_rescuer.part.0+0x17/0xe0 workqueue_init+0x293/0x3bb kernel_init_freeable+0x149/0x325 kernel_init+0x8/0x116 ret_from_fork+0x3a/0x50 SOFTIRQ-ON-W at: lock_acquire+0x175/0x4e0 fs_reclaim_acquire.part.0+0x20/0x30 kmem_cache_alloc_node_trace+0x2e/0x290 alloc_worker+0x2b/0xb0 init_rescuer.part.0+0x17/0xe0 workqueue_init+0x293/0x3bb kernel_init_freeable+0x149/0x325 kernel_init+0x8/0x116 ret_from_fork+0x3a/0x50 INITIAL USE at: lock_acquire+0x175/0x4e0 fs_reclaim_acquire.part.0+0x20/0x30 kmem_cache_alloc_node_trace+0x2e/0x290 alloc_worker+0x2b/0xb0 init_rescuer.part.0+0x17/0xe0 workqueue_init+0x293/0x3bb kernel_init_freeable+0x149/0x325 kernel_init+0x8/0x116 ret_from_fork+0x3a/0x50 } __fs_reclaim_map+0x0/0x60 ... acquired at: lock_acquire+0x175/0x4e0 fs_reclaim_acquire.part.0+0x20/0x30 kmem_cache_alloc_trace+0x2e/0x260 mmio_diff_handler+0xc0/0x150 intel_gvt_for_each_tracked_mmio+0x7b/0x140 vgpu_mmio_diff_show+0x111/0x2e0 seq_read+0x242/0x680 full_proxy_read+0x95/0xc0 vfs_read+0xc2/0x1b0 ksys_read+0xc4/0x160 do_syscall_64+0x63/0x290 entry_SYSCALL_64_after_hwframe+0x49/0xb3 stack backtrace: CPU: 5 PID: 1439 Comm: cat Not tainted 5.7.0-rc2 #400 Hardware name: Intel(R) Client Systems NUC8i7BEH/NUC8BEB, BIOS BECFL357.86A.0056.2018.1128.1717 11/28/2018 Call Trace: dump_stack+0x97/0xe0 check_irq_usage.cold+0x428/0x434 ? check_usage_forwards+0x2c0/0x2c0 ? class_equal+0x11/0x20 ? __bfs+0xd2/0x2d0 ? in_any_class_list+0xa0/0xa0 ? check_path+0x22/0x40 ? check_noncircular+0x150/0x2b0 ? print_circular_bug.isra.0+0x1b0/0x1b0 ? mark_lock+0x13d/0xc50 ? __lock_acquire+0x1e32/0x39b0 __lock_acquire+0x1e32/0x39b0 ? timerqueue_add+0xc1/0x130 ? register_lock_class+0xa60/0xa60 ? mark_lock+0x13d/0xc50 lock_acquire+0x175/0x4e0 ? __zone_pcp_update+0x80/0x80 ? check_flags.part.0+0x210/0x210 ? mark_held_locks+0x65/0x90 ? _raw_spin_unlock_irqrestore+0x32/0x40 ? lockdep_hardirqs_on+0x190/0x290 ? fwtable_read32+0x163/0x480 ? mmio_diff_handler+0xc0/0x150 fs_reclaim_acquire.part.0+0x20/0x30 ? __zone_pcp_update+0x80/0x80 kmem_cache_alloc_trace+0x2e/0x260 mmio_diff_handler+0xc0/0x150 ? vgpu_mmio_diff_open+0x30/0x30 intel_gvt_for_each_tracked_mmio+0x7b/0x140 vgpu_mmio_diff_show+0x111/0x2e0 ? mmio_diff_handler+0x150/0x150 ? rcu_read_lock_sched_held+0xa0/0xb0 ? rcu_read_lock_bh_held+0xc0/0xc0 ? kasan_unpoison_shadow+0x33/0x40 ? __kasan_kmalloc.constprop.0+0xc2/0xd0 seq_read+0x242/0x680 ? debugfs_locked_down.isra.0+0x70/0x70 full_proxy_read+0x95/0xc0 vfs_read+0xc2/0x1b0 ksys_read+0xc4/0x160 ? kernel_write+0xb0/0xb0 ? mark_held_locks+0x24/0x90 do_syscall_64+0x63/0x290 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x7ffbe3e6efb2 Code: c0 e9 c2 fe ff ff 50 48 8d 3d ca cb 0a 00 e8 f5 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 RSP: 002b:00007ffd021c08a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007ffbe3e6efb2 RDX: 0000000000020000 RSI: 00007ffbe34cd000 RDI: 0000000000000003 RBP: 00007ffbe34cd000 R08: 00007ffbe34cc010 R09: 0000000000000000 R10: 0000000000000022 R11: 0000000000000246 R12: 0000562b6f0a11f0 R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000 ------------[ cut here ]------------ Acked-by: Zhenyu Wang Signed-off-by: Colin Xu Signed-off-by: Zhenyu Wang Link: http://patchwork.freedesktop.org/patch/msgid/20200601035556.19999-1-colin.xu@intel.com commit fc1e3aa0337c76b620726e205372073c234616ab Author: Colin Xu Date: Mon Jun 1 11:07:21 2020 +0800 drm/i915/gvt: Fix incorrect check of enabled bits in mask registers Using _MASKED_BIT_ENABLE macro to set mask register bits is straight forward and not likely to go wrong. However when checking which bit(s) is(are) enabled, simply bitwise AND value and _MASKED_BIT_ENABLE() won't output expected result. Suppose the register write is disabling bit 1 by setting 0xFFFF0000, however "& _MASKED_BIT_ENABLE(1)" outputs 0x00010000, and the non-zero check will pass which cause the old code consider the new value set as an enabling operation. We found guest set 0x80008000 on boot, and set 0xffff8000 during resume. Both are legal settings but old code will block latter and force vgpu enter fail-safe mode. Introduce two new macro and make proper masked bit check in mmio handler: IS_MASKED_BITS_ENABLED() IS_MASKED_BITS_DISABLED() V2: Rebase. Reviewed-by: Zhenyu Wang Signed-off-by: Colin Xu Signed-off-by: Zhenyu Wang Link: http://patchwork.freedesktop.org/patch/msgid/20200601030721.17129-1-colin.xu@intel.com commit fccd0f7cf4d532674d727c7f204f038456675dee Author: Colin Xu Date: Mon Jun 1 11:06:38 2020 +0800 drm/i915/gvt: Fix two CFL MMIO handling caused by regression. D_CFL was incorrectly removed for: GAMT_CHKN_BIT_REG GEN9_CTX_PREEMPT_REG V2: Update commit message. V3: Rebase and split Fixes and mis-handled MMIO. Fixes: 43226e6fe798 (drm/i915/gvt: replaced register address with name) Reviewed-by: Zhenyu Wang Signed-off-by: Colin Xu Signed-off-by: Zhenyu Wang Link: http://patchwork.freedesktop.org/patch/msgid/20200601030638.16002-1-colin.xu@intel.com commit 2de60af4a4633be12e5559ed2d3c27613f715d53 Author: Colin Xu Date: Mon Jun 1 11:04:57 2020 +0800 drm/i915/gvt: Add one missing MMIO handler for D_SKL_PLUS _PLANE_CTL_3_A, _PLANE_CTL_3_B and _PLANE_SURF_3_A are handled, but miss _PLANE_SURF_3_B. Reviewed-by: Zhenyu Wang Signed-off-by: Colin Xu Signed-off-by: Zhenyu Wang Link: http://patchwork.freedesktop.org/patch/msgid/20200601030457.14002-1-colin.xu@intel.com commit b19d57d0f3cc6f1022edf94daf1d70506a09e3c2 Author: Gustavo A. R. Silva Date: Mon Jun 8 20:22:33 2020 -0500 overflow.h: Add flex_array_size() helper Add flex_array_size() helper for the calculation of the size, in bytes, of a flexible array member contained within an enclosing structure. Example of usage: struct something { size_t count; struct foo items[]; }; struct something *instance; instance = kmalloc(struct_size(instance, items, count), GFP_KERNEL); instance->count = count; memcpy(instance->items, src, flex_array_size(instance, items, instance->count)); The helper returns SIZE_MAX on overflow instead of wrapping around. Additionally replaces parameter "n" with "count" in struct_size() helper for greater clarity and unification. Signed-off-by: Gustavo A. R. Silva Link: https://lore.kernel.org/r/20200609012233.GA3371@embeddedor Signed-off-by: Kees Cook commit 0f50d21ade110e519425a5c1e2cfee7a130d1a0e Author: Masanari Iida Date: Tue Jun 16 21:51:32 2020 +0900 scripts: Fix typo in headers_install.sh This patch fixes a spelling typo in scripts/headers_install.sh Signed-off-by: Masanari Iida Signed-off-by: Masahiro Yamada commit 4d0831e8a029c03f49f434f28b8faef9f0bd403f Author: Masahiro Yamada Date: Sun Jun 14 23:43:41 2020 +0900 kconfig: unify cc-option and as-option cc-option and as-option are almost the same; both pass the flag to $(CC). The main difference is the cc-option stops before the assemble stage (-S option) whereas as-option stops after (-c option). I chose -S because it is slightly faster, but $(cc-option,-gz=zlib) returns a wrong result (https://lkml.org/lkml/2020/6/9/1529). It has been fixed by commit 7b16994437c7 ("Makefile: Improve compressed debug info support detection"), but the assembler should always be invoked for more reliable compiler option tests. However, you cannot simply replace -S with -c because the following code in lib/Kconfig.debug would break: depends on $(cc-option,-gsplit-dwarf) The combination of -c and -gsplit-dwarf does not accept /dev/null as output. $ cat /dev/null | gcc -gsplit-dwarf -S -x c - -o /dev/null $ echo $? 0 $ cat /dev/null | gcc -gsplit-dwarf -c -x c - -o /dev/null objcopy: Warning: '/dev/null' is not an ordinary file $ echo $? 1 $ cat /dev/null | gcc -gsplit-dwarf -c -x c - -o tmp.o $ echo $? 0 There is another flag that creates an separate file based on the object file path: $ cat /dev/null | gcc -ftest-coverage -c -x c - -o /dev/null :1: error: cannot open /dev/null.gcno So, we cannot use /dev/null to sink the output. Align the cc-option implementation with scripts/Kbuild.include. With -c option used in cc-option, as-option is unneeded. Signed-off-by: Masahiro Yamada Acked-by: Will Deacon commit 5414251aa2e23ad50cc769656b05ea196090e792 Author: Masami Hiramatsu Date: Tue Jun 16 19:14:34 2020 +0900 tools/bootconfig: Add testcase for show-command and quotes test Add testcases for the return value of the command to show bootconfig in initrd, and double/single quotes selecting. Link: http://lkml.kernel.org/r/159230247428.65555.2109472942519215104.stgit@devnote2 Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit f91cb5b7476a603068eae31e5b2cc170dd2b9b1b Author: Masami Hiramatsu Date: Tue Jun 16 19:14:25 2020 +0900 tools/bootconfig: Fix to return 0 if succeeded to show the bootconfig Fix bootconfig to return 0 if succeeded to show the bootconfig in initrd. Without this fix, "bootconfig INITRD" command returns !0 even if the command succeeded to show the bootconfig. Link: http://lkml.kernel.org/r/159230246566.65555.11891772258543514487.stgit@devnote2 Cc: stable@vger.kernel.org Fixes: 950313ebf79c ("tools: bootconfig: Add bootconfig command") Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 272da3279df191f028fd63d1683e5ecd56fcb13b Author: Masami Hiramatsu Date: Tue Jun 16 19:14:17 2020 +0900 tools/bootconfig: Fix to use correct quotes for value Fix bootconfig tool to select double or single quotes correctly according to the value. If a bootconfig value includes a double quote character, we must use single-quotes to quote that value. Link: http://lkml.kernel.org/r/159230245697.65555.12444299015852932304.stgit@devnote2 Cc: stable@vger.kernel.org Fixes: 950313ebf79c ("tools: bootconfig: Add bootconfig command") Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 4e264ffd953463cd14c0720eaa9315ac052f5973 Author: Masami Hiramatsu Date: Tue Jun 16 19:14:08 2020 +0900 proc/bootconfig: Fix to use correct quotes for value Fix /proc/bootconfig to select double or single quotes corrctly according to the value. If a bootconfig value includes a double quote character, we must use single-quotes to quote that value. This modifies if() condition and blocks for avoiding double-quote in value check in 2 places. Anyway, since xbc_array_for_each_value() can handle the array which has a single node correctly. Thus, if (vnode && xbc_node_is_array(vnode)) { xbc_array_for_each_value(vnode) /* vnode->next != NULL */ ... } else { snprintf(val); /* val is an empty string if !vnode */ } is equivalent to if (vnode) { xbc_array_for_each_value(vnode) /* vnode->next can be NULL */ ... } else { snprintf(""); /* value is always empty */ } Link: http://lkml.kernel.org/r/159230244786.65555.3763894451251622488.stgit@devnote2 Cc: stable@vger.kernel.org Fixes: c1a3c36017d4 ("proc: bootconfig: Add /proc/bootconfig to show boot config list") Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 69243720c0932b8672e571a873c78bcf3326575a Author: YangHui Date: Tue Jun 16 11:36:46 2020 +0800 tracing: Remove unused event variable in tracing_iter_reset We do not use the event variable, just remove it. Signed-off-by: YangHui Signed-off-by: Steven Rostedt (VMware) commit 3aa8fdc37d16735e8891035becf25b3857d3efe0 Author: Vamshi K Sthambamkadi Date: Mon Jun 15 20:00:38 2020 +0530 tracing/probe: Fix memleak in fetch_op_data operations kmemleak report: [<57dcc2ca>] __kmalloc_track_caller+0x139/0x2b0 [] kstrndup+0x37/0x80 [] parse_probe_arg.isra.7+0x3cc/0x630 [<055bf2ba>] traceprobe_parse_probe_arg+0x2f5/0x810 [<655a7766>] trace_kprobe_create+0x2ca/0x950 [<4fc6a02a>] create_or_delete_trace_kprobe+0xf/0x30 [<6d1c8a52>] trace_run_command+0x67/0x80 [] trace_parse_run_command+0xa7/0x140 [] probes_write+0x10/0x20 [<2027641c>] __vfs_write+0x30/0x1e0 [<6a4aeee1>] vfs_write+0x96/0x1b0 [<3517fb7d>] ksys_write+0x53/0xc0 [] __ia32_sys_write+0x15/0x20 [] do_syscall_32_irqs_on+0x3d/0x260 [] do_fast_syscall_32+0x39/0xb0 [] entry_SYSENTER_32+0xaf/0x102 Post parse_probe_arg(), the FETCH_OP_DATA operation type is overwritten to FETCH_OP_ST_STRING, as a result memory is never freed since traceprobe_free_probe_arg() iterates only over SYMBOL and DATA op types Setup fetch string operation correctly after fetch_op_data operation. Link: https://lkml.kernel.org/r/20200615143034.GA1734@cosmos Cc: stable@vger.kernel.org Fixes: a42e3c4de964 ("tracing/probe: Add immediate string parameter support") Acked-by: Masami Hiramatsu Signed-off-by: Vamshi K Sthambamkadi Signed-off-by: Steven Rostedt (VMware) commit 48a42f5d138435242529726b8802076a24b6db17 Author: Wei Yang Date: Wed Jun 10 11:32:51 2020 +0800 trace: Fix typo in allocate_ftrace_ops()'s comment No functional change, just correct the word. Link: https://lkml.kernel.org/r/20200610033251.31713-1-richard.weiyang@linux.alibaba.com Signed-off-by: Wei Yang Signed-off-by: Steven Rostedt (VMware) commit 4649079b9de1ad86be9f4c989373adb8235a8485 Author: Steven Rostedt (VMware) Date: Tue Jun 9 22:00:41 2020 -0400 tracing: Make ftrace packed events have align of 1 When using trace-cmd on 5.6-rt for the function graph tracer, the output was corrupted. It gave output like this: funcgraph_entry: func=0xffffffff depth=38982 funcgraph_entry: func=0x1ffffffff depth=16044 funcgraph_exit: func=0xffffffff overrun=0x92539aaf00000000 calltime=0x92539c9900000072 rettime=0x100000072 depth=11084 funcgraph_exit: func=0xffffffff overrun=0x9253946e00000000 calltime=0x92539e2100000072 rettime=0x72 depth=26033702 funcgraph_entry: func=0xffffffff depth=85798 funcgraph_entry: func=0x1ffffffff depth=12044 The reason was because the tracefs/events/ftrace/funcgraph_entry/exit format file was incorrect. The -rt kernel adds more common fields to the trace events. Namely, common_migrate_disable and common_preempt_lazy_count. Each is one byte in size. This changes the alignment of the normal payload. Most events are aligned normally, but the function and function graph events are defined with a "PACKED" macro, that packs their payload. As the offsets displayed in the format files are now calculated by an aligned field, the aligned field for function and function graph events should be 1, not their normal alignment. With aligning of the funcgraph_entry event, the format file has: field:unsigned short common_type; offset:0; size:2; signed:0; field:unsigned char common_flags; offset:2; size:1; signed:0; field:unsigned char common_preempt_count; offset:3; size:1; signed:0; field:int common_pid; offset:4; size:4; signed:1; field:unsigned char common_migrate_disable; offset:8; size:1; signed:0; field:unsigned char common_preempt_lazy_count; offset:9; size:1; signed:0; field:unsigned long func; offset:16; size:8; signed:0; field:int depth; offset:24; size:4; signed:1; But the actual alignment is: field:unsigned short common_type; offset:0; size:2; signed:0; field:unsigned char common_flags; offset:2; size:1; signed:0; field:unsigned char common_preempt_count; offset:3; size:1; signed:0; field:int common_pid; offset:4; size:4; signed:1; field:unsigned char common_migrate_disable; offset:8; size:1; signed:0; field:unsigned char common_preempt_lazy_count; offset:9; size:1; signed:0; field:unsigned long func; offset:12; size:8; signed:0; field:int depth; offset:20; size:4; signed:1; Link: https://lkml.kernel.org/r/20200609220041.2a3b527f@oasis.local.home Cc: stable@vger.kernel.org Fixes: 04ae87a52074e ("ftrace: Rework event_create_dir()") Signed-off-by: Steven Rostedt (VMware) commit 9fbc01cdba66e988122ccdc6094cfd85d9587769 Author: Kefeng Wang Date: Tue Jun 9 13:52:00 2020 +0000 sample-trace-array: Remove trace_array 'sample-instance' Remove trace_array 'sample-instance' if kthread_run fails in sample_trace_array_init(). Link: https://lkml.kernel.org/r/20200609135200.2206726-1-wangkefeng.wang@huawei.com Cc: stable@vger.kernel.org Fixes: 89ed42495ef4a ("tracing: Sample module to demonstrate kernel access to Ftrace instances.") Reviewed-by: Divya Indi Signed-off-by: Kefeng Wang Signed-off-by: Steven Rostedt (VMware) commit e9b7b1c0c103a623be1a65c39f98719803440871 Author: Kefeng Wang Date: Wed Jun 10 01:12:44 2020 +0000 sample-trace-array: Fix sleeping function called from invalid context BUG: sleeping function called from invalid context at kernel/locking/mutex.c:935 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/5 1 lock held by swapper/5/0: #0: ffff80001002bd90 (samples/ftrace/sample-trace-array.c:38){+.-.}-{0:0}, at: call_timer_fn+0x8/0x3e0 CPU: 5 PID: 0 Comm: swapper/5 Not tainted 5.7.0+ #8 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 Call trace: dump_backtrace+0x0/0x1a0 show_stack+0x20/0x30 dump_stack+0xe4/0x150 ___might_sleep+0x160/0x200 __might_sleep+0x58/0x90 __mutex_lock+0x64/0x948 mutex_lock_nested+0x3c/0x58 __ftrace_set_clr_event+0x44/0x88 trace_array_set_clr_event+0x24/0x38 mytimer_handler+0x34/0x40 [sample_trace_array] mutex_lock() will be called in interrupt context, using workqueue to fix it. Link: https://lkml.kernel.org/r/20200610011244.2209486-1-wangkefeng.wang@huawei.com Cc: stable@vger.kernel.org Fixes: 89ed42495ef4 ("tracing: Sample module to demonstrate kernel access to Ftrace instances.") Reviewed-by: Divya Indi Signed-off-by: Kefeng Wang Signed-off-by: Steven Rostedt (VMware) commit 9b38cc704e844e41d9cf74e647bff1d249512cb3 Author: Jiri Olsa Date: Tue May 12 17:03:18 2020 +0900 kretprobe: Prevent triggering kretprobe from within kprobe_flush_task Ziqian reported lockup when adding retprobe on _raw_spin_lock_irqsave. My test was also able to trigger lockdep output: ============================================ WARNING: possible recursive locking detected 5.6.0-rc6+ #6 Not tainted -------------------------------------------- sched-messaging/2767 is trying to acquire lock: ffffffff9a492798 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_hash_lock+0x52/0xa0 but task is already holding lock: ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(kretprobe_table_locks[i].lock)); lock(&(kretprobe_table_locks[i].lock)); *** DEADLOCK *** May be due to missing lock nesting notation 1 lock held by sched-messaging/2767: #0: ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50 stack backtrace: CPU: 3 PID: 2767 Comm: sched-messaging Not tainted 5.6.0-rc6+ #6 Call Trace: dump_stack+0x96/0xe0 __lock_acquire.cold.57+0x173/0x2b7 ? native_queued_spin_lock_slowpath+0x42b/0x9e0 ? lockdep_hardirqs_on+0x590/0x590 ? __lock_acquire+0xf63/0x4030 lock_acquire+0x15a/0x3d0 ? kretprobe_hash_lock+0x52/0xa0 _raw_spin_lock_irqsave+0x36/0x70 ? kretprobe_hash_lock+0x52/0xa0 kretprobe_hash_lock+0x52/0xa0 trampoline_handler+0xf8/0x940 ? kprobe_fault_handler+0x380/0x380 ? find_held_lock+0x3a/0x1c0 kretprobe_trampoline+0x25/0x50 ? lock_acquired+0x392/0xbc0 ? _raw_spin_lock_irqsave+0x50/0x70 ? __get_valid_kprobe+0x1f0/0x1f0 ? _raw_spin_unlock_irqrestore+0x3b/0x40 ? finish_task_switch+0x4b9/0x6d0 ? __switch_to_asm+0x34/0x70 ? __switch_to_asm+0x40/0x70 The code within the kretprobe handler checks for probe reentrancy, so we won't trigger any _raw_spin_lock_irqsave probe in there. The problem is in outside kprobe_flush_task, where we call: kprobe_flush_task kretprobe_table_lock raw_spin_lock_irqsave _raw_spin_lock_irqsave where _raw_spin_lock_irqsave triggers the kretprobe and installs kretprobe_trampoline handler on _raw_spin_lock_irqsave return. The kretprobe_trampoline handler is then executed with already locked kretprobe_table_locks, and first thing it does is to lock kretprobe_table_locks ;-) the whole lockup path like: kprobe_flush_task kretprobe_table_lock raw_spin_lock_irqsave _raw_spin_lock_irqsave ---> probe triggered, kretprobe_trampoline installed ---> kretprobe_table_locks locked kretprobe_trampoline trampoline_handler kretprobe_hash_lock(current, &head, &flags); <--- deadlock Adding kprobe_busy_begin/end helpers that mark code with fake probe installed to prevent triggering of another kprobe within this code. Using these helpers in kprobe_flush_task, so the probe recursion protection check is hit and the probe is never set to prevent above lockup. Link: http://lkml.kernel.org/r/158927059835.27680.7011202830041561604.stgit@devnote2 Fixes: ef53d9c5e4da ("kprobes: improve kretprobe scalability with hashed locking") Cc: Ingo Molnar Cc: "Gustavo A . R . Silva" Cc: Anders Roxell Cc: "Naveen N . Rao" Cc: Anil S Keshavamurthy Cc: David Miller Cc: Ingo Molnar Cc: Peter Zijlstra Cc: stable@vger.kernel.org Reported-by: "Ziqian SUN (Zamir)" Acked-by: Masami Hiramatsu Signed-off-by: Jiri Olsa Signed-off-by: Steven Rostedt (VMware) commit 75ddf64dd276e3fc8906f27549afa229798ad916 Author: Masami Hiramatsu Date: Tue May 12 17:03:07 2020 +0900 kprobes: Remove redundant arch_disarm_kprobe() call Fix to remove redundant arch_disarm_kprobe() call in force_unoptimize_kprobe(). This arch_disarm_kprobe() will be invoked if the kprobe is optimized but disabled, but that means the kprobe (optprobe) is unused (and unoptimized) state. In that case, unoptimize_kprobe() puts it in freeing_list and kprobe_optimizer (do_unoptimize_kprobes()) automatically disarm it. Thus this arch_disarm_kprobe() is redundant. Link: http://lkml.kernel.org/r/158927058719.27680.17183632908465341189.stgit@devnote2 Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 1a0aa991a6274161c95a844c58cfb801d681eb59 Author: Masami Hiramatsu Date: Tue May 12 17:02:56 2020 +0900 kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex In kprobe_optimizer() kick_kprobe_optimizer() is called without kprobe_mutex, but this can race with other caller which is protected by kprobe_mutex. To fix that, expand kprobe_mutex protected area to protect kick_kprobe_optimizer() call. Link: http://lkml.kernel.org/r/158927057586.27680.5036330063955940456.stgit@devnote2 Fixes: cd7ebe2298ff ("kprobes: Use text_poke_smp_batch for optimizing") Cc: Ingo Molnar Cc: "Gustavo A . R . Silva" Cc: Anders Roxell Cc: "Naveen N . Rao" Cc: Anil S Keshavamurthy Cc: David Miller Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Ziqian SUN Cc: stable@vger.kernel.org Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 7e6a71d8e60187726e29b13d9e9b23b77026c17a Author: Masami Hiramatsu Date: Tue May 12 17:02:44 2020 +0900 kprobes: Use non RCU traversal APIs on kprobe_tables if possible Current kprobes uses RCU traversal APIs on kprobe_tables even if it is safe because kprobe_mutex is locked. Make those traversals to non-RCU APIs where the kprobe_mutex is locked. Link: http://lkml.kernel.org/r/158927056452.27680.9710575332163005121.stgit@devnote2 Reviewed-by: Joel Fernandes (Google) Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 6743ad432ec92e680cd0d9db86cb17b949cf5a43 Author: Masami Hiramatsu Date: Tue May 12 17:02:33 2020 +0900 kprobes: Suppress the suspicious RCU warning on kprobes Anders reported that the lockdep warns that suspicious RCU list usage in register_kprobe() (detected by CONFIG_PROVE_RCU_LIST.) This is because get_kprobe() access kprobe_table[] by hlist_for_each_entry_rcu() without rcu_read_lock. If we call get_kprobe() from the breakpoint handler context, it is run with preempt disabled, so this is not a problem. But in other cases, instead of rcu_read_lock(), we locks kprobe_mutex so that the kprobe_table[] is not updated. So, current code is safe, but still not good from the view point of RCU. Joel suggested that we can silent that warning by passing lockdep_is_held() to the last argument of hlist_for_each_entry_rcu(). Add lockdep_is_held(&kprobe_mutex) at the end of the hlist_for_each_entry_rcu() to suppress the warning. Link: http://lkml.kernel.org/r/158927055350.27680.10261450713467997503.stgit@devnote2 Reported-by: Anders Roxell Suggested-by: Joel Fernandes Reviewed-by: Joel Fernandes (Google) Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 4ef57b21d6fb49d2b25c47e4cff467a0c2c8b6b7 Author: Sami Tolvanen Date: Fri Apr 24 12:30:46 2020 -0700 recordmcount: support >64k sections When compiling a kernel with Clang and LTO, we need to run recordmcount on vmlinux.o with a large number of sections, which currently fails as the program doesn't understand extended section indexes. This change adds support for processing binaries with >64k sections. Link: https://lkml.kernel.org/r/20200424193046.160744-1-samitolvanen@google.com Link: https://lore.kernel.org/lkml/CAK7LNARbZhoaA=Nnuw0=gBrkuKbr_4Ng_Ei57uafujZf7Xazgw@mail.gmail.com/ Cc: Kees Cook Reviewed-by: Matt Helsley Signed-off-by: Sami Tolvanen Signed-off-by: Steven Rostedt (VMware) commit f2f02ebd8f3833626642688b2d2c6a7b3c141fa9 Author: Masahiro Yamada Date: Sun Jun 14 23:43:40 2020 +0900 kbuild: improve cc-option to clean up all temporary files When cc-option and friends evaluate compiler flags, the temporary file $$TMP is created as an output object, and automatically cleaned up. The actual file path of $$TMP is ..tmp, here is the process ID of $(shell ...) invoked from cc-option. (Please note $$$$ is the escape sequence of $$). Such garbage files are cleaned up in most cases, but some compiler flags create additional output files. For example, -gsplit-dwarf creates a .dwo file. When CONFIG_DEBUG_INFO_SPLIT=y, you will see a bunch of ..dwo files left in the top of build directories. You may not notice them unless you do 'ls -a', but the garbage files will increase every time you run 'make'. This commit changes the temporary object path to .tmp_/tmp, and removes .tmp_ directory when exiting. Separate build artifacts such as *.dwo will be cleaned up all together because their file paths are usually determined based on the base name of the object. Another example is -ftest-coverage, which outputs the coverage data into .gcno Signed-off-by: Masahiro Yamada commit 69119673bd50b176ded34032fadd41530fb5af21 Merge: 26c20ffcb5c8 c9f66b43ee27 Author: Linus Torvalds Date: Tue Jun 16 17:44:54 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from David Miller: 1) Don't get per-cpu pointer with preemption enabled in nft_set_pipapo, fix from Stefano Brivio. 2) Fix memory leak in ctnetlink, from Pablo Neira Ayuso. 3) Multiple definitions of MPTCP_PM_MAX_ADDR, from Geliang Tang. 4) Accidently disabling NAPI in non-error paths of macb_open(), from Charles Keepax. 5) Fix races between alx_stop and alx_remove, from Zekun Shen. 6) We forget to re-enable SRIOV during resume in bnxt_en driver, from Michael Chan. 7) Fix memory leak in ipv6_mc_destroy_dev(), from Wang Hai. 8) rxtx stats use wrong index in mvpp2 driver, from Sven Auhagen. 9) Fix memory leak in mptcp_subflow_create_socket error path, from Wei Yongjun. 10) We should not adjust the TCP window advertised when sending dup acks in non-SACK mode, because it won't be counted as a dup by the sender if the window size changes. From Eric Dumazet. 11) Destroy the right number of queues during remove in mvpp2 driver, from Sven Auhagen. 12) Various WOL and PM fixes to e1000 driver, from Chen Yu, Vaibhav Gupta, and Arnd Bergmann. * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (35 commits) e1000e: fix unused-function warning e1000: use generic power management e1000e: Do not wake up the system via WOL if device wakeup is disabled lan743x: add MODULE_DEVICE_TABLE for module loading alias mlxsw: spectrum: Adjust headroom buffers for 8x ports bareudp: Fixed configuration to avoid having garbage values mvpp2: remove module bugfix tcp: grow window for OOO packets only for SACK flows mptcp: fix memory leak in mptcp_subflow_create_socket() netfilter: flowtable: Make nf_flow_table_offload_add/del_cb inline net/sched: act_ct: Make tcf_ct_flow_table_restore_skb inline net: dsa: sja1105: fix PTP timestamping with large tc-taprio cycles mvpp2: ethtool rxtx stats fix MAINTAINERS: switch to my private email for Renesas Ethernet drivers rocker: fix incorrect error handling in dma_rings_init test_objagg: Fix potential memory leak in error handling net: ethernet: mtk-star-emac: simplify interrupt handling mld: fix memory leak in ipv6_mc_destroy_dev() bnxt_en: Return from timer if interface is not in open state. bnxt_en: Fix AER reset logic on 57500 chips. ... commit 26c20ffcb5c86eb6a052e0d528396de5600c9710 Merge: f17957f71d10 b6489a49f7b7 Author: Linus Torvalds Date: Tue Jun 16 17:40:51 2020 -0700 Merge tag 'afs-fixes-20200616' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull AFS fixes from David Howells: "I've managed to get xfstests kind of working with afs. Here are a set of patches that fix most of the bugs found. There are a number of primary issues: - Incorrect handling of mtime and non-handling of ctime. It might be argued, that the latter isn't a bug since the AFS protocol doesn't support ctime, but I should probably still update it locally. - Shared-write mmap, truncate and writeback bugs. This includes not changing i_size under the callback lock, overwriting local i_size with the reply from the server after a partial writeback, not limiting the writeback from an mmapped page to EOF. - Checks for an abort code indicating that the primary vnode in an operation was deleted by a third-party are done in the wrong place. - Silly rename bugs. This includes an incomplete conversion to the new operation handling, duplicate nlink handling, nlink changing not being done inside the callback lock and insufficient handling of third-party conflicting directory changes. And some secondary ones: - The UAEOVERFLOW abort code should map to EOVERFLOW not EREMOTEIO. - Remove a couple of unused or incompletely used bits. - Remove a couple of redundant success checks. These seem to fix all the data-corruption bugs found by ./check -afs -g quick along with the obvious silly rename bugs and time bugs. There are still some test failures, but they seem to fall into two classes: firstly, the authentication/security model is different to the standard UNIX model and permission is arbitrated by the server and cached locally; and secondly, there are a number of features that AFS does not support (such as mknod). But in these cases, the tests themselves need to be adapted or skipped. Using the in-kernel afs client with xfstests also found a bug in the AuriStor AFS server that has been fixed for a future release" * tag 'afs-fixes-20200616' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: afs: Fix silly rename afs: afs_vnode_commit_status() doesn't need to check the RPC error afs: Fix use of afs_check_for_remote_deletion() afs: Remove afs_operation::abort_code afs: Fix yfs_fs_fetch_status() to honour vnode selector afs: Remove yfs_fs_fetch_file_status() as it's not used afs: Fix the mapping of the UAEOVERFLOW abort code afs: Fix truncation issues and mmap writeback size afs: Concoct ctimes afs: Fix EOF corruption afs: afs_write_end() should change i_size under the right lock afs: Fix non-setting of mtime when writing into mmap commit f17957f71d104d014118259acdcfe6315e24bb3a Author: Randy Dunlap Date: Sun Jun 14 19:59:07 2020 -0700 Documentation: remove SH-5 index entries Remove SH-5 documentation index entries following the removal of SH-5 source code. Error: Cannot open file ../arch/sh/mm/tlb-sh5.c Error: Cannot open file ../arch/sh/mm/tlb-sh5.c Error: Cannot open file ../arch/sh/include/asm/tlb_64.h Error: Cannot open file ../arch/sh/include/asm/tlb_64.h Fixes: 3b69e8b45711 ("Merge tag 'sh-for-5.8' of git://git.libc.org/linux-sh") Signed-off-by: Randy Dunlap Reviewed-by: Geert Uytterhoeven Cc: Rich Felker Cc: Christoph Hellwig Cc: Arnd Bergmann Cc: ysato@users.sourceforge.jp Cc: linux-sh@vger.kernel.org Cc: Geert Uytterhoeven Cc: Linus Torvalds Signed-off-by: Linus Torvalds commit aa449a7965a6172a89d48844c313708962216f1f Author: Tom Rix Date: Mon Jun 15 13:45:48 2020 -0700 selinux: fix a double free in cond_read_node()/cond_read_list() Clang static analysis reports this double free error security/selinux/ss/conditional.c:139:2: warning: Attempt to free released memory [unix.Malloc] kfree(node->expr.nodes); ^~~~~~~~~~~~~~~~~~~~~~~ When cond_read_node fails, it calls cond_node_destroy which frees the node but does not poison the entry in the node list. So when it returns to its caller cond_read_list, cond_read_list deletes the partial list. The latest entry in the list will be deleted twice. So instead of freeing the node in cond_read_node, let list freeing in code_read_list handle the freeing the problem node along with all of the earlier nodes. Because cond_read_node no longer does any error handling, the goto's the error case are redundant. Instead just return the error code. Cc: stable@vger.kernel.org Fixes: 60abd3181db2 ("selinux: convert cond_list to array") Signed-off-by: Tom Rix Reviewed-by: Ondrej Mosnacek [PM: subject line tweaks] Signed-off-by: Paul Moore commit ffbc93768e9d3a3dafdd90124b1244b4723d30e8 Merge: ff58155ca4fa 76fafbfffb44 Author: Linus Torvalds Date: Tue Jun 16 17:23:57 2020 -0700 Merge tag 'flex-array-conversions-5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux Pull flexible-array member conversions from Gustavo A. R. Silva: "Replace zero-length arrays with flexible-array members. Notice that all of these patches have been baking in linux-next for two development cycles now. There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. C99 introduced “flexible array members”, which lacks a numeric size for the array declaration entirely: struct something { size_t count; struct foo items[]; }; This is the way the kernel expects dynamically sized trailing elements to be declared. It allows the compiler to generate errors when the flexible array does not occur last in the structure, which helps to prevent some kind of undefined behavior[3] bugs from being inadvertently introduced to the codebase. It also allows the compiler to correctly analyze array sizes (via sizeof(), CONFIG_FORTIFY_SOURCE, and CONFIG_UBSAN_BOUNDS). For instance, there is no mechanism that warns us that the following application of the sizeof() operator to a zero-length array always results in zero: struct something { size_t count; struct foo items[0]; }; struct something *instance; instance = kmalloc(struct_size(instance, items, count), GFP_KERNEL); instance->count = count; size = sizeof(instance->items) * instance->count; memcpy(instance->items, source, size); At the last line of code above, size turns out to be zero, when one might have thought it represents the total size in bytes of the dynamic memory recently allocated for the trailing array items. Here are a couple examples of this issue[4][5]. Instead, flexible array members have incomplete type, and so the sizeof() operator may not be applied[6], so any misuse of such operators will be immediately noticed at build time. The cleanest and least error-prone way to implement this is through the use of a flexible array member: struct something { size_t count; struct foo items[]; }; struct something *instance; instance = kmalloc(struct_size(instance, items, count), GFP_KERNEL); instance->count = count; size = sizeof(instance->items[0]) * instance->count; memcpy(instance->items, source, size); instead" [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") [4] commit f2cd32a443da ("rndis_wlan: Remove logically dead code") [5] commit ab91c2a89f86 ("tpm: eventlog: Replace zero-length array with flexible-array member") [6] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html * tag 'flex-array-conversions-5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux: (41 commits) w1: Replace zero-length array with flexible-array tracing/probe: Replace zero-length array with flexible-array soc: ti: Replace zero-length array with flexible-array tifm: Replace zero-length array with flexible-array dmaengine: tegra-apb: Replace zero-length array with flexible-array stm class: Replace zero-length array with flexible-array Squashfs: Replace zero-length array with flexible-array ASoC: SOF: Replace zero-length array with flexible-array ima: Replace zero-length array with flexible-array sctp: Replace zero-length array with flexible-array phy: samsung: Replace zero-length array with flexible-array RxRPC: Replace zero-length array with flexible-array rapidio: Replace zero-length array with flexible-array media: pwc: Replace zero-length array with flexible-array firmware: pcdp: Replace zero-length array with flexible-array oprofile: Replace zero-length array with flexible-array block: Replace zero-length array with flexible-array tools/testing/nvdimm: Replace zero-length array with flexible-array libata: Replace zero-length array with flexible-array kprobes: Replace zero-length array with flexible-array ... commit ff58155ca4fa7e931f34d948fa09fe14c6a66116 Author: Arvind Sankar Date: Tue Jun 16 18:25:47 2020 -0400 x86/purgatory: Add -fno-stack-protector The purgatory Makefile removes -fstack-protector options if they were configured in, but does not currently add -fno-stack-protector. If gcc was configured with the --enable-default-ssp configure option, this results in the stack protector still being enabled for the purgatory (absent distro-specific specs files that might disable it again for freestanding compilations), if the main kernel is being compiled with stack protection enabled (if it's disabled for the main kernel, the top-level Makefile will add -fno-stack-protector). This will break the build since commit e4160b2e4b02 ("x86/purgatory: Fail the build if purgatory.ro has missing symbols") and prior to that would have caused runtime failure when trying to use kexec. Explicitly add -fno-stack-protector to avoid this, as done in other Makefiles that need to disable the stack protector. Reported-by: Gabriel C Signed-off-by: Arvind Sankar Signed-off-by: Linus Torvalds commit c9f66b43ee27409e1b614434d87e0e722efaa5f2 Merge: ea12fe9dee97 880e6269fd6e Author: David S. Miller Date: Tue Jun 16 16:16:24 2020 -0700 Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2020-06-16 This series contains fixes to e1000 and e1000e. Chen fixes an e1000e issue where systems could be waken via WoL, even though the user has disabled the wakeup bit via sysfs. Vaibhav Gupta updates the e1000 driver to clean up the legacy Power Management hooks. Arnd Bergmann cleans up the inconsistent use CONFIG_PM_SLEEP preprocessor tags, which also resolves the compiler warnings about the possibility of unused structure. ==================== Signed-off-by: David S. Miller commit 86f56395feb2b106b125c47e72192e37da5dd088 Author: Christian Brauner Date: Wed Jun 17 00:48:54 2020 +0200 tests: test for setns() EINVAL regression Verify that setns() reports EINVAL when an fd is passed that refers to an open file but the file is not a file descriptor useable to interact with namespaces. Cc: Jan Stancek Cc: Cyril Hrubis Link: https://lore.kernel.org/lkml/20200615085836.GR12456@shao2-debian Signed-off-by: Christian Brauner commit 880e6269fd6e60249c8f5f1b98295e9f7e56636d Author: Arnd Bergmann Date: Wed May 27 15:47:00 2020 +0200 e1000e: fix unused-function warning The CONFIG_PM_SLEEP #ifdef checks in this file are inconsistent, leading to a warning about sometimes unused function: drivers/net/ethernet/intel/e1000e/netdev.c:137:13: error: unused function 'e1000e_check_me' [-Werror,-Wunused-function] Rather than adding more #ifdefs, just remove them completely and mark the PM functions as __maybe_unused to let the compiler work it out on it own. Fixes: e086ba2fccda ("e1000e: disable s0ix entry and exit flows for ME systems") Signed-off-by: Arnd Bergmann Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher commit eb6779d4c505145f3d4331da505f4c058d02ad04 Author: Vaibhav Gupta Date: Mon May 25 17:57:10 2020 +0530 e1000: use generic power management With legacy PM hooks, it was the responsibility of a driver to manage PCI states and also the device's power state. The generic approach is to let PCI core handle the work. e1000_suspend() calls __e1000_shutdown() to perform intermediate tasks. __e1000_shutdown() modifies the value of "wake" (device should be wakeup enabled or not), responsible for controlling the flow of legacy PM. Since, PCI core has no idea about the value of "wake", new code for generic PM may produce unexpected results. Thus, use "device_set_wakeup_enable()" to wakeup-enable the device accordingly. Signed-off-by: Vaibhav Gupta Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher commit 6bf6be1127f7e6d4bf39f84d56854e944d045d74 Author: Chen Yu Date: Fri May 22 01:59:00 2020 +0800 e1000e: Do not wake up the system via WOL if device wakeup is disabled Currently the system will be woken up via WOL(Wake On LAN) even if the device wakeup ability has been disabled via sysfs: cat /sys/devices/pci0000:00/0000:00:1f.6/power/wakeup disabled The system should not be woken up if the user has explicitly disabled the wake up ability for this device. This patch clears the WOL ability of this network device if the user has disabled the wake up ability in sysfs. Fixes: bc7f75fa9788 ("[E1000E]: New pci-express e1000 driver") Reported-by: "Rafael J. Wysocki" Reviewed-by: Andy Shevchenko Cc: Signed-off-by: Chen Yu Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher commit e571d4ee334719727f22cce30c4c74471d4ef68a Author: Christian Brauner Date: Wed Jun 17 00:33:12 2020 +0200 nsproxy: restore EINVAL for non-namespace file descriptor The LTP testsuite reported a regression where users would now see EBADF returned instead of EINVAL when an fd was passed that referred to an open file but the file was not a nsfd. Fix this by continuing to report EINVAL. Reported-by: kernel test robot Cc: Jan Stancek Cc: Cyril Hrubis Link: https://lore.kernel.org/lkml/20200615085836.GR12456@shao2-debian Fixes: 303cc571d107 ("nsproxy: attach to namespaces via pidfds") Signed-off-by: Christian Brauner commit 040ece2a3c1503c0a7e327034510367747c27a5f Author: Vineet Gupta Date: Tue Jun 16 15:14:50 2020 -0700 ARC: build: remove deprecated toggle for arc700 builds Signed-off-by: Vineet Gupta commit 0bdd6e7428a2e8971d7c9b8e212056dd0e0001c9 Author: Eugeniy Paltsev Date: Thu Jun 4 20:39:24 2020 +0300 ARC: build: allow users to specify -mcpu kernel build system used to add -mcpu for each ARC ISA as default. These days there are versions and varaints of ARC HS cores some of which have specific -mcpu options to fine tune / optimize generated code. So allow users/external build systems to specify their own -mcpu This will be used in future patches for HSDK-4xD board support which uses specific -mcpu to utilize dual issue scheduling of the core. Signed-off-by: Eugeniy Paltsev Signed-off-by: Vineet Gupta [abrodkin/vgupta: rewrote changelog] commit ea12fe9dee97d1f284ee980845444859cfcb307d Author: Tim Harvey Date: Tue Jun 16 08:31:58 2020 -0700 lan743x: add MODULE_DEVICE_TABLE for module loading alias Without a MODULE_DEVICE_TABLE the attributes are missing that create an alias for auto-loading the module in userspace via hotplug. Signed-off-by: Tim Harvey Signed-off-by: David S. Miller commit b6489a49f7b71964e37978d6f89bbdbdb263f6f5 Author: David Howells Date: Mon Jun 15 17:36:58 2020 +0100 afs: Fix silly rename Fix AFS's silly rename by the following means: (1) Set the destination directory in afs_do_silly_rename() so as to avoid misbehaviour and indicate that the directory data version will increment by 1 so as to avoid warnings about unexpected changes in the DV. Also indicate that the ctime should be updated to avoid xfstest grumbling. (2) Note when the server indicates that a directory changed more than we expected (AFS_OPERATION_DIR_CONFLICT), indicating a conflict with a third party change, checking on successful completion of unlink and rename. The problem is that the FS.RemoveFile RPC op doesn't report the status of the unlinked file, though YFS.RemoveFile2 does. This can be mitigated by the assumption that if the directory DV cranked by exactly 1, we can be sure we removed one link from the file; further, ordinarily in AFS, files cannot be hardlinked across directories, so if we reduce nlink to 0, the file is deleted. However, if the directory DV jumps by more than 1, we cannot know if a third party intervened by adding or removing a link on the file we just removed a link from. The same also goes for any vnode that is at the destination of the FS.Rename RPC op. (3) Make afs_vnode_commit_status() apply the nlink drop inside the cb_lock section along with the other attribute updates if ->op_unlinked is set on the descriptor for the appropriate vnode. (4) Issue a follow up status fetch to the unlinked file in the event of a third party conflict that makes it impossible for us to know if we actually deleted the file or not. (5) Provide a flag, AFS_VNODE_SILLY_DELETED, to make afs_getattr() lie to the user about the nlink of a silly deleted file so that it appears as 0, not 1. Found with the generic/035 and generic/084 xfstests. Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept") Reported-by: Marc Dionne Signed-off-by: David Howells commit 60833d54d56c21e7538296eb2e00e104768fd047 Author: Ido Schimmel Date: Tue Jun 16 10:14:58 2020 +0300 mlxsw: spectrum: Adjust headroom buffers for 8x ports The port's headroom buffers are used to store packets while they traverse the device's pipeline and also to store packets that are egress mirrored. On Spectrum-3, ports with eight lanes use two headroom buffers between which the configured headroom size is split. In order to prevent packet loss, multiply the calculated headroom size by two for 8x ports. Fixes: da382875c616 ("mlxsw: spectrum: Extend to support Spectrum-3 ASIC") Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller commit b15bb8817f991497d97ae55d8c0e349a9d1e1478 Author: Martin Date: Tue Jun 16 11:18:58 2020 +0530 bareudp: Fixed configuration to avoid having garbage values Code to initialize the conf structure while gathering the configuration of the device was missing. Fixes: 571912c69f0e ("net: UDP tunnel encapsulation module for tunnelling different protocols like MPLS, IP, NSH etc.") Signed-off-by: Martin Signed-off-by: David S. Miller commit 807eaf99688ce162a98a7501477644782d4af098 Author: Sven Auhagen Date: Tue Jun 16 06:35:29 2020 +0200 mvpp2: remove module bugfix The remove function does not destroy all BM Pools when per cpu pool is active. When reloading the mvpp2 as a module the BM Pools are still active in hardware and due to the bug have twice the size now old + new. This eventually leads to a kernel crash. v2: * add Fixes tag Fixes: 7d04b0b13b11 ("mvpp2: percpu buffers") Signed-off-by: Sven Auhagen Signed-off-by: David S. Miller commit 662051215c758ae8545451628816204ed6cd372d Author: Eric Dumazet Date: Mon Jun 15 20:37:07 2020 -0700 tcp: grow window for OOO packets only for SACK flows Back in 2013, we made a change that broke fast retransmit for non SACK flows. Indeed, for these flows, a sender needs to receive three duplicate ACK before starting fast retransmit. Sending ACK with different receive window do not count. Even if enabling SACK is strongly recommended these days, there still are some cases where it has to be disabled. Not increasing the window seems better than having to rely on RTO. After the fix, following packetdrill test gives : // Initialize connection 0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1) = 0 +0 < S 0:0(0) win 32792 +0 > S. 0:0(0) ack 1 +0 < . 1:1(0) ack 1 win 514 +0 accept(3, ..., ...) = 4 +0 < . 1:1001(1000) ack 1 win 514 // Quick ack +0 > . 1:1(0) ack 1001 win 264 +0 < . 2001:3001(1000) ack 1 win 514 // DUPACK : Normally we should not change the window +0 > . 1:1(0) ack 1001 win 264 +0 < . 3001:4001(1000) ack 1 win 514 // DUPACK : Normally we should not change the window +0 > . 1:1(0) ack 1001 win 264 +0 < . 4001:5001(1000) ack 1 win 514 // DUPACK : Normally we should not change the window +0 > . 1:1(0) ack 1001 win 264 +0 < . 1001:2001(1000) ack 1 win 514 // Hole is repaired. +0 > . 1:1(0) ack 5001 win 272 Fixes: 4e4f1fc22681 ("tcp: properly increase rcv_ssthresh for ofo packets") Signed-off-by: Eric Dumazet Reported-by: Venkat Venkatsubra Acked-by: Neal Cardwell Signed-off-by: David S. Miller commit b48fd568ac649f0fd750e89487eaa4a0ef8d2835 Author: Linus Walleij Date: Sun Jun 14 00:30:27 2020 +0200 drm: mcde: Fix forgotten user of drm->dev_private Unable to handle kernel NULL pointer dereference at virtual address 00000918 pgd = (ptrval) [00000918] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.7.0-15001-gfa384b50b96b-dirty #514 Hardware name: ST-Ericsson Ux5x0 platform (Device Tree Support) PC is at mcde_display_enable+0x78/0x7c0 LR is at mcde_display_enable+0x78/0x7c0 Fix this by using to_mcde() as in other functions. Fixes: fd7ee85cfe7b ("drm/mcde: Don't use drm_device->dev_private") Signed-off-by: Linus Walleij Reviewed-by: Sam Ravnborg Cc: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20200613223027.4189309-2-linus.walleij@linaro.org commit b984b6d8b52372b98cce0a6ff6c2787f50665b87 Author: Linus Walleij Date: Sun Jun 14 00:30:26 2020 +0200 drm: mcde: Fix display initialization problem The following bug appeared in the MCDE driver/display initialization during the recent merge window. First the place we call drm_fbdev_generic_setup() in the wrong place: this needs to be called AFTER calling drm_dev_register() else we get this splat: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1 at ../drivers/gpu/drm/drm_fb_helper.c:2198 drm_fbdev_generic_setup+0x164/0x1a8 mcde a0350000.mcde: Device has not been registered. Modules linked in: Hardware name: ST-Ericsson Ux5x0 platform (Device Tree Support) [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (dump_stack+0x9c/0xb0) [] (dump_stack) from [] (__warn+0xb8/0xd0) [] (__warn) from [] (warn_slowpath_fmt+0x74/0xb8) [] (warn_slowpath_fmt) from [] (drm_fbdev_generic_setup+0x164/0x1a8) [] (drm_fbdev_generic_setup) from [] (mcde_drm_bind+0xc4/0x160) [] (mcde_drm_bind) from [] (try_to_bring_up_master+0x15c/0x1a4) (...) Signed-off-by: Linus Walleij Reviewed-by: Sam Ravnborg Link: https://patchwork.freedesktop.org/patch/msgid/20200613223027.4189309-1-linus.walleij@linaro.org commit 97d0b5d0b5a99871a983ca9b5c02bfde8bf73cbf Author: Vineet Gupta Date: Wed Jun 10 12:26:15 2020 -0700 ARCv2: boot log: detect newer/upconing HS3x/HS4x releases Signed-off-by: Vineet Gupta commit b7faf971081a4e56147f082234bfff55135305cb Author: Vineet Gupta Date: Wed May 27 14:18:45 2020 -0700 ARC: elf: use right ELF_ARCH Cc: Signed-off-by: Vineet Gupta commit 33b59f1671f105a6da9c0aa75d7cf6bea126d2c5 Author: Vineet Gupta Date: Wed May 13 01:08:23 2020 -0700 ARC: [arcompact] fix bitrot with 2 levels of interrupt Signed-off-by: Vineet Gupta commit 00fdec98d9881bf5173af09aebd353ab3b9ac729 Author: Vineet Gupta Date: Tue May 19 22:28:32 2020 -0700 ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE Trap handler for syscall tracing reads EFA (Exception Fault Address), in case strace wants PC of trap instruction (EFA is not part of pt_regs as of current code). However this EFA read is racy as it happens after dropping to pure kernel mode (re-enabling interrupts). A taken interrupt could context-switch, trigger a different task's trap, clobbering EFA for this execution context. Fix this by reading EFA early, before re-enabling interrupts. A slight side benefit is de-duplication of FAKE_RET_FROM_EXCPN in trap handler. The trap handler is common to both ARCompact and ARCv2 builds too. This just came out of code rework/review and no real problem was reported but is clearly a potential problem specially for strace. Cc: Signed-off-by: Vineet Gupta commit b65a2d8c8614386f7e8d38ea150749f8a862f431 Author: Dan Carpenter Date: Wed Jun 3 13:19:58 2020 +0300 Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() The "ie_len" variable is in the 0-255 range and it comes from the network. If it's over NDIS_802_11_LENGTH_RATES_EX (16) then that will lead to memory corruption. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Signed-off-by: Dan Carpenter Cc: stable Link: https://lore.kernel.org/r/20200603101958.GA1845750@mwanda Signed-off-by: Greg Kroah-Hartman commit 29de523a6270a308d12d21f4fecf52dac491e226 Author: Jérôme Pouiller Date: Fri May 29 14:12:56 2020 +0200 staging: wfx: fix coherency of hif_scan() prototype The function hif_scan() return the timeout for the completion of the scan request. It is the only function from hif_tx.c that return another thing than just an error code. This behavior is not coherent with the rest of file. Worse, if value returned is positive, the caller can't make say if it is a timeout or the value returned by the hardware. Uniformize API with other HIF functions, only return the error code and pass timeout with parameters. Signed-off-by: Jérôme Pouiller Link: https://lore.kernel.org/r/20200529121256.1045521-1-Jerome.Pouiller@silabs.com Signed-off-by: Greg Kroah-Hartman commit 8cf509345096340416708d998bbb71a27c883880 Author: Jérôme Pouiller Date: Fri May 29 14:16:03 2020 +0200 staging: wfx: drop useless loop It is guarantee that the loop will stop at first iteration. So drop the loop. Fixes: 6bf418c50f98a ("staging: wfx: change the way to choose frame to send") Signed-off-by: Jérôme Pouiller Link: https://lore.kernel.org/r/20200529121603.1050891-2-Jerome.Pouiller@silabs.com Signed-off-by: Greg Kroah-Hartman commit 6a9620536ffd287c67997da3bf4a984d33e3a760 Author: Jérôme Pouiller Date: Fri May 29 14:16:02 2020 +0200 staging: wfx: fix AC priority In order to work properly all the queues of the device must be filled (the device chooses itself the queue to use depending of AC parameters and other things). It is the job of wfx_tx_queues_get_skb() to choose which queue must be filled. However, the sorting algorithm was inverted, so it prioritized the already filled queue! Consequently, the AC priorities was badly broken. Fixes: 6bf418c50f98a ("staging: wfx: change the way to choose frame to send") Signed-off-by: Jérôme Pouiller Link: https://lore.kernel.org/r/20200529121603.1050891-1-Jerome.Pouiller@silabs.com Signed-off-by: Greg Kroah-Hartman commit 651220e2aee3ccfd986a0436b8d6f5b3b5574d1f Merge: a5dc8300df75 bf6b694a6a90 Author: Linus Torvalds Date: Tue Jun 16 11:07:02 2020 -0700 Merge tag 'mfd-fixes-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD fix from Lee Jones: "Fix NULL pointer dereference in mt6360 driver" * tag 'mfd-fixes-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: mfd: mt6360: Fix register driver NULL pointer by adding driver name commit e575fb9e76c8e33440fb859572a8b7d430f053d6 Author: Will Deacon Date: Tue Jun 16 18:29:11 2020 +0100 arm64: sve: Fix build failure when ARM64_SVE=y and SYSCTL=n When I squashed the 'allnoconfig' compiler warning about the set_sve_default_vl() function being defined but not used in commit 1e570f512cbd ("arm64/sve: Eliminate data races on sve_default_vl"), I accidentally broke the build for configs where ARM64_SVE is enabled, but SYSCTL is not. Fix this by only compiling the SVE sysctl support if both CONFIG_SVE=y and CONFIG_SYSCTL=y. Cc: Dave Martin Reported-by: Qian Cai Link: https://lore.kernel.org/r/20200616131808.GA1040@lca.pw Signed-off-by: Will Deacon commit b091f7fede97cc64f7aaad3eeb37965aebee3082 Author: Waiman Long Date: Tue Jun 16 11:31:59 2020 -0400 btrfs: use kfree() in btrfs_ioctl_get_subvol_info() In btrfs_ioctl_get_subvol_info(), there is a classic case where kzalloc() was incorrectly paired with kzfree(). According to David Sterba, there isn't any sensitive information in the subvol_info that needs to be cleared before freeing. So kzfree() isn't really needed, use kfree() instead. Signed-off-by: Waiman Long Reviewed-by: David Sterba Signed-off-by: David Sterba commit 5dbb75ed6900048e146247b6325742d92c892548 Author: Filipe Manana Date: Mon Jun 15 18:49:39 2020 +0100 btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO A RWF_NOWAIT write is not supposed to wait on filesystem locks that can be held for a long time or for ongoing IO to complete. However when calling check_can_nocow(), if the inode has prealloc extents or has the NOCOW flag set, we can block on extent (file range) locks through the call to btrfs_lock_and_flush_ordered_range(). Such lock can take a significant amount of time to be available. For example, a fiemap task may be running, and iterating through the entire file range checking all extents and doing backref walking to determine if they are shared, or a readpage operation may be in progress. Also at btrfs_lock_and_flush_ordered_range(), called by check_can_nocow(), after locking the file range we wait for any existing ordered extent that is in progress to complete. Another operation that can take a significant amount of time and defeat the purpose of RWF_NOWAIT. So fix this by trying to lock the file range and if it's currently locked return -EAGAIN to user space. If we are able to lock the file range without waiting and there is an ordered extent in the range, return -EAGAIN as well, instead of waiting for it to complete. Finally, don't bother trying to lock the snapshot lock of the root when attempting a RWF_NOWAIT write, as that is only important for buffered writes. Fixes: edf064e7c6fec3 ("btrfs: nowait aio support") Signed-off-by: Filipe Manana Signed-off-by: David Sterba commit 260a63395f90f67d6ab89e4266af9e3dc34a77e9 Author: Filipe Manana Date: Mon Jun 15 18:49:13 2020 +0100 btrfs: fix RWF_NOWAIT write not failling when we need to cow If we attempt to do a RWF_NOWAIT write against a file range for which we can only do NOCOW for a part of it, due to the existence of holes or shared extents for example, we proceed with the write as if it were possible to NOCOW the whole range. Example: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/sdj/bar $ chattr +C /mnt/sdj/bar $ xfs_io -d -c "pwrite -S 0xab -b 256K 0 256K" /mnt/bar wrote 262144/262144 bytes at offset 0 256 KiB, 1 ops; 0.0003 sec (694.444 MiB/sec and 2777.7778 ops/sec) $ xfs_io -c "fpunch 64K 64K" /mnt/bar $ sync $ xfs_io -d -c "pwrite -N -V 1 -b 128K -S 0xfe 0 128K" /mnt/bar wrote 131072/131072 bytes at offset 0 128 KiB, 1 ops; 0.0007 sec (160.051 MiB/sec and 1280.4097 ops/sec) This last write should fail with -EAGAIN since the file range from 64K to 128K is a hole. On xfs it fails, as expected, but on ext4 it currently succeeds because apparently it is expensive to check if there are extents allocated for the whole range, but I'll check with the ext4 people. Fix the issue by checking if check_can_nocow() returns a number of NOCOW'able bytes smaller then the requested number of bytes, and if it does return -EAGAIN. Fixes: edf064e7c6fec3 ("btrfs: nowait aio support") CC: stable@vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba commit 4b1946284dd6641afdb9457101056d9e6ee6204c Author: Filipe Manana Date: Mon Jun 15 18:48:58 2020 +0100 btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof If we attempt to write to prealloc extent located after eof using a RWF_NOWAIT write, we always fail with -EAGAIN. We do actually check if we have an allocated extent for the write at the start of btrfs_file_write_iter() through a call to check_can_nocow(), but later when we go into the actual direct IO write path we simply return -EAGAIN if the write starts at or beyond EOF. Trivial to reproduce: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/foo $ chattr +C /mnt/foo $ xfs_io -d -c "pwrite -S 0xab 0 64K" /mnt/foo wrote 65536/65536 bytes at offset 0 64 KiB, 16 ops; 0.0004 sec (135.575 MiB/sec and 34707.1584 ops/sec) $ xfs_io -c "falloc -k 64K 1M" /mnt/foo $ xfs_io -d -c "pwrite -N -V 1 -S 0xfe -b 64K 64K 64K" /mnt/foo pwrite: Resource temporarily unavailable On xfs and ext4 the write succeeds, as expected. Fix this by removing the wrong check at btrfs_direct_IO(). Fixes: edf064e7c6fec3 ("btrfs: nowait aio support") CC: stable@vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba commit f2cb2f39ccc30fa13d3ac078d461031a63960e5b Author: Filipe Manana Date: Mon Jun 15 18:46:01 2020 +0100 btrfs: fix hang on snapshot creation after RWF_NOWAIT write If we do a successful RWF_NOWAIT write we end up locking the snapshot lock of the inode, through a call to check_can_nocow(), but we never unlock it. This means the next attempt to create a snapshot on the subvolume will hang forever. Trivial reproducer: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/foobar $ chattr +C /mnt/foobar $ xfs_io -d -c "pwrite -S 0xab 0 64K" /mnt/foobar $ xfs_io -d -c "pwrite -N -V 1 -S 0xfe 0 64K" /mnt/foobar $ btrfs subvolume snapshot -r /mnt /mnt/snap --> hangs Fix this by unlocking the snapshot lock if check_can_nocow() returned success. Fixes: edf064e7c6fec3 ("btrfs: nowait aio support") CC: stable@vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba commit e7a79811d0db136dc2d336b56d54cf1b774ce972 Author: Filipe Manana Date: Mon Jun 15 10:38:44 2020 +0100 btrfs: check if a log root exists before locking the log_mutex on unlink This brings back an optimization that commit e678934cbe5f02 ("btrfs: Remove unnecessary check from join_running_log_trans") removed, but in a different form. So it's almost equivalent to a revert. That commit removed an optimization where we avoid locking a root's log_mutex when there is no log tree created in the current transaction. The affected code path is triggered through unlink operations. That commit was based on the assumption that the optimization was not necessary because we used to have the following checks when the patch was authored: int btrfs_del_dir_entries_in_log(...) { (...) if (dir->logged_trans < trans->transid) return 0; ret = join_running_log_trans(root); (...) } int btrfs_del_inode_ref_in_log(...) { (...) if (inode->logged_trans < trans->transid) return 0; ret = join_running_log_trans(root); (...) } However before that patch was merged, another patch was merged first which replaced those checks because they were buggy. That other patch corresponds to commit 803f0f64d17769 ("Btrfs: fix fsync not persisting dentry deletions due to inode evictions"). The assumption that if the logged_trans field of an inode had a smaller value then the current transaction's generation (transid) meant that the inode was not logged in the current transaction was only correct if the inode was not evicted and reloaded in the current transaction. So the corresponding bug fix changed those checks and replaced them with the following helper function: static bool inode_logged(struct btrfs_trans_handle *trans, struct btrfs_inode *inode) { if (inode->logged_trans == trans->transid) return true; if (inode->last_trans == trans->transid && test_bit(BTRFS_INODE_NEEDS_FULL_SYNC, &inode->runtime_flags) && !test_bit(BTRFS_FS_LOG_RECOVERING, &trans->fs_info->flags)) return true; return false; } So if we have a subvolume without a log tree in the current transaction (because we had no fsyncs), every time we unlink an inode we can end up trying to lock the log_mutex of the root through join_running_log_trans() twice, once for the inode being unlinked (by btrfs_del_inode_ref_in_log()) and once for the parent directory (with btrfs_del_dir_entries_in_log()). This means if we have several unlink operations happening in parallel for inodes in the same subvolume, and the those inodes and/or their parent inode were changed in the current transaction, we end up having a lot of contention on the log_mutex. The test robots from intel reported a -30.7% performance regression for a REAIM test after commit e678934cbe5f02 ("btrfs: Remove unnecessary check from join_running_log_trans"). So just bring back the optimization to join_running_log_trans() where we check first if a log root exists before trying to lock the log_mutex. This is done by checking for a bit that is set on the root when a log tree is created and removed when a log tree is freed (at transaction commit time). Commit e678934cbe5f02 ("btrfs: Remove unnecessary check from join_running_log_trans") was merged in the 5.4 merge window while commit 803f0f64d17769 ("Btrfs: fix fsync not persisting dentry deletions due to inode evictions") was merged in the 5.3 merge window. But the first commit was actually authored before the second commit (May 23 2019 vs June 19 2019). Reported-by: kernel test robot Link: https://lore.kernel.org/lkml/20200611090233.GL12456@shao2-debian/ Fixes: e678934cbe5f02 ("btrfs: Remove unnecessary check from join_running_log_trans") CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Josef Bacik Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba commit 6bd335b469f945f75474c11e3f577f85409f39c3 Author: Filipe Manana Date: Mon Jun 8 13:33:05 2020 +0100 btrfs: fix bytes_may_use underflow when running balance and scrub in parallel When balance and scrub are running in parallel it is possible to end up with an underflow of the bytes_may_use counter of the data space_info object, which triggers a warning like the following: [134243.793196] BTRFS info (device sdc): relocating block group 1104150528 flags data [134243.806891] ------------[ cut here ]------------ [134243.807561] WARNING: CPU: 1 PID: 26884 at fs/btrfs/space-info.h:125 btrfs_add_reserved_bytes+0x1da/0x280 [btrfs] [134243.808819] Modules linked in: btrfs blake2b_generic xor (...) [134243.815779] CPU: 1 PID: 26884 Comm: kworker/u8:8 Tainted: G W 5.6.0-rc7-btrfs-next-58 #5 [134243.816944] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [134243.818389] Workqueue: writeback wb_workfn (flush-btrfs-108483) [134243.819186] RIP: 0010:btrfs_add_reserved_bytes+0x1da/0x280 [btrfs] [134243.819963] Code: 0b f2 85 (...) [134243.822271] RSP: 0018:ffffa4160aae7510 EFLAGS: 00010287 [134243.822929] RAX: 000000000000c000 RBX: ffff96159a8c1000 RCX: 0000000000000000 [134243.823816] RDX: 0000000000008000 RSI: 0000000000000000 RDI: ffff96158067a810 [134243.824742] RBP: ffff96158067a800 R08: 0000000000000001 R09: 0000000000000000 [134243.825636] R10: ffff961501432a40 R11: 0000000000000000 R12: 000000000000c000 [134243.826532] R13: 0000000000000001 R14: ffffffffffff4000 R15: ffff96158067a810 [134243.827432] FS: 0000000000000000(0000) GS:ffff9615baa00000(0000) knlGS:0000000000000000 [134243.828451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [134243.829184] CR2: 000055bd7e414000 CR3: 00000001077be004 CR4: 00000000003606e0 [134243.830083] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [134243.830975] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [134243.831867] Call Trace: [134243.832211] find_free_extent+0x4a0/0x16c0 [btrfs] [134243.832846] btrfs_reserve_extent+0x91/0x180 [btrfs] [134243.833487] cow_file_range+0x12d/0x490 [btrfs] [134243.834080] fallback_to_cow+0x82/0x1b0 [btrfs] [134243.834689] ? release_extent_buffer+0x121/0x170 [btrfs] [134243.835370] run_delalloc_nocow+0x33f/0xa30 [btrfs] [134243.836032] btrfs_run_delalloc_range+0x1ea/0x6d0 [btrfs] [134243.836725] ? find_lock_delalloc_range+0x221/0x250 [btrfs] [134243.837450] writepage_delalloc+0xe8/0x150 [btrfs] [134243.838059] __extent_writepage+0xe8/0x4c0 [btrfs] [134243.838674] extent_write_cache_pages+0x237/0x530 [btrfs] [134243.839364] extent_writepages+0x44/0xa0 [btrfs] [134243.839946] do_writepages+0x23/0x80 [134243.840401] __writeback_single_inode+0x59/0x700 [134243.841006] writeback_sb_inodes+0x267/0x5f0 [134243.841548] __writeback_inodes_wb+0x87/0xe0 [134243.842091] wb_writeback+0x382/0x590 [134243.842574] ? wb_workfn+0x4a2/0x6c0 [134243.843030] wb_workfn+0x4a2/0x6c0 [134243.843468] process_one_work+0x26d/0x6a0 [134243.843978] worker_thread+0x4f/0x3e0 [134243.844452] ? process_one_work+0x6a0/0x6a0 [134243.844981] kthread+0x103/0x140 [134243.845400] ? kthread_create_worker_on_cpu+0x70/0x70 [134243.846030] ret_from_fork+0x3a/0x50 [134243.846494] irq event stamp: 0 [134243.846892] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [134243.847682] hardirqs last disabled at (0): [] copy_process+0x74f/0x2020 [134243.848687] softirqs last enabled at (0): [] copy_process+0x74f/0x2020 [134243.849913] softirqs last disabled at (0): [<0000000000000000>] 0x0 [134243.850698] ---[ end trace bd7c03622e0b0a96 ]--- [134243.851335] ------------[ cut here ]------------ When relocating a data block group, for each extent allocated in the block group we preallocate another extent with the same size for the data relocation inode (we do it at prealloc_file_extent_cluster()). We reserve space by calling btrfs_check_data_free_space(), which ends up incrementing the data space_info's bytes_may_use counter, and then call btrfs_prealloc_file_range() to allocate the extent, which always decrements the bytes_may_use counter by the same amount. The expectation is that writeback of the data relocation inode always follows a NOCOW path, by writing into the preallocated extents. However, when starting writeback we might end up falling back into the COW path, because the block group that contains the preallocated extent was turned into RO mode by a scrub running in parallel. The COW path then calls the extent allocator which ends up calling btrfs_add_reserved_bytes(), and this function decrements the bytes_may_use counter of the data space_info object by an amount corresponding to the size of the allocated extent, despite we haven't previously incremented it. When the counter currently has a value smaller then the allocated extent we reset the counter to 0 and emit a warning, otherwise we just decrement it and slowly mess up with this counter which is crucial for space reservation, the end result can be granting reserved space to tasks when there isn't really enough free space, and having the tasks fail later in critical places where error handling consists of a transaction abort or hitting a BUG_ON(). Fix this by making sure that if we fallback to the COW path for a data relocation inode, we increment the bytes_may_use counter of the data space_info object. The COW path will then decrement it at btrfs_add_reserved_bytes() on success or through its error handling part by a call to extent_clear_unlock_delalloc() (which ends up calling btrfs_clear_delalloc_extent() that does the decrement operation) in case of an error. Test case btrfs/061 from fstests could sporadically trigger this. CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Josef Bacik Signed-off-by: Filipe Manana Signed-off-by: David Sterba commit 432cd2a10f1c10cead91fe706ff5dc52f06d642a Author: Filipe Manana Date: Mon Jun 8 13:32:55 2020 +0100 btrfs: fix data block group relocation failure due to concurrent scrub When running relocation of a data block group while scrub is running in parallel, it is possible that the relocation will fail and abort the current transaction with an -EINVAL error: [134243.988595] BTRFS info (device sdc): found 14 extents, stage: move data extents [134243.999871] ------------[ cut here ]------------ [134244.000741] BTRFS: Transaction aborted (error -22) [134244.001692] WARNING: CPU: 0 PID: 26954 at fs/btrfs/ctree.c:1071 __btrfs_cow_block+0x6a7/0x790 [btrfs] [134244.003380] Modules linked in: btrfs blake2b_generic xor raid6_pq (...) [134244.012577] CPU: 0 PID: 26954 Comm: btrfs Tainted: G W 5.6.0-rc7-btrfs-next-58 #5 [134244.014162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [134244.016184] RIP: 0010:__btrfs_cow_block+0x6a7/0x790 [btrfs] [134244.017151] Code: 48 c7 c7 (...) [134244.020549] RSP: 0018:ffffa41607863888 EFLAGS: 00010286 [134244.021515] RAX: 0000000000000000 RBX: ffff9614bdfe09c8 RCX: 0000000000000000 [134244.022822] RDX: 0000000000000001 RSI: ffffffffb3d63980 RDI: 0000000000000001 [134244.024124] RBP: ffff961589e8c000 R08: 0000000000000000 R09: 0000000000000001 [134244.025424] R10: ffffffffc0ae5955 R11: 0000000000000000 R12: ffff9614bd530d08 [134244.026725] R13: ffff9614ced41b88 R14: ffff9614bdfe2a48 R15: 0000000000000000 [134244.028024] FS: 00007f29b63c08c0(0000) GS:ffff9615ba600000(0000) knlGS:0000000000000000 [134244.029491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [134244.030560] CR2: 00007f4eb339b000 CR3: 0000000130d6e006 CR4: 00000000003606f0 [134244.031997] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [134244.033153] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [134244.034484] Call Trace: [134244.034984] btrfs_cow_block+0x12b/0x2b0 [btrfs] [134244.035859] do_relocation+0x30b/0x790 [btrfs] [134244.036681] ? do_raw_spin_unlock+0x49/0xc0 [134244.037460] ? _raw_spin_unlock+0x29/0x40 [134244.038235] relocate_tree_blocks+0x37b/0x730 [btrfs] [134244.039245] relocate_block_group+0x388/0x770 [btrfs] [134244.040228] btrfs_relocate_block_group+0x161/0x2e0 [btrfs] [134244.041323] btrfs_relocate_chunk+0x36/0x110 [btrfs] [134244.041345] btrfs_balance+0xc06/0x1860 [btrfs] [134244.043382] ? btrfs_ioctl_balance+0x27c/0x310 [btrfs] [134244.045586] btrfs_ioctl_balance+0x1ed/0x310 [btrfs] [134244.045611] btrfs_ioctl+0x1880/0x3760 [btrfs] [134244.049043] ? do_raw_spin_unlock+0x49/0xc0 [134244.049838] ? _raw_spin_unlock+0x29/0x40 [134244.050587] ? __handle_mm_fault+0x11b3/0x14b0 [134244.051417] ? ksys_ioctl+0x92/0xb0 [134244.052070] ksys_ioctl+0x92/0xb0 [134244.052701] ? trace_hardirqs_off_thunk+0x1a/0x1c [134244.053511] __x64_sys_ioctl+0x16/0x20 [134244.054206] do_syscall_64+0x5c/0x280 [134244.054891] entry_SYSCALL_64_after_hwframe+0x49/0xbe [134244.055819] RIP: 0033:0x7f29b51c9dd7 [134244.056491] Code: 00 00 00 (...) [134244.059767] RSP: 002b:00007ffcccc1dd08 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [134244.061168] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f29b51c9dd7 [134244.062474] RDX: 00007ffcccc1dda0 RSI: 00000000c4009420 RDI: 0000000000000003 [134244.063771] RBP: 0000000000000003 R08: 00005565cea4b000 R09: 0000000000000000 [134244.065032] R10: 0000000000000541 R11: 0000000000000202 R12: 00007ffcccc2060a [134244.066327] R13: 00007ffcccc1dda0 R14: 0000000000000002 R15: 00007ffcccc1dec0 [134244.067626] irq event stamp: 0 [134244.068202] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [134244.069351] hardirqs last disabled at (0): [] copy_process+0x74f/0x2020 [134244.070909] softirqs last enabled at (0): [] copy_process+0x74f/0x2020 [134244.072392] softirqs last disabled at (0): [<0000000000000000>] 0x0 [134244.073432] ---[ end trace bd7c03622e0b0a99 ]--- The -EINVAL error comes from the following chain of function calls: __btrfs_cow_block() <-- aborts the transaction btrfs_reloc_cow_block() replace_file_extents() get_new_location() <-- returns -EINVAL When relocating a data block group, for each allocated extent of the block group, we preallocate another extent (at prealloc_file_extent_cluster()), associated with the data relocation inode, and then dirty all its pages. These preallocated extents have, and must have, the same size that extents from the data block group being relocated have. Later before we start the relocation stage that updates pointers (bytenr field of file extent items) to point to the the new extents, we trigger writeback for the data relocation inode. The expectation is that writeback will write the pages to the previously preallocated extents, that it follows the NOCOW path. That is generally the case, however, if a scrub is running it may have turned the block group that contains those extents into RO mode, in which case writeback falls back to the COW path. However in the COW path instead of allocating exactly one extent with the expected size, the allocator may end up allocating several smaller extents due to free space fragmentation - because we tell it at cow_file_range() that the minimum allocation size can match the filesystem's sector size. This later breaks the relocation's expectation that an extent associated to a file extent item in the data relocation inode has the same size as the respective extent pointed by a file extent item in another tree - in this case the extent to which the relocation inode poins to is smaller, causing relocation.c:get_new_location() to return -EINVAL. For example, if we are relocating a data block group X that has a logical address of X and the block group has an extent allocated at the logical address X + 128KiB with a size of 64KiB: 1) At prealloc_file_extent_cluster() we allocate an extent for the data relocation inode with a size of 64KiB and associate it to the file offset 128KiB (X + 128KiB - X) of the data relocation inode. This preallocated extent was allocated at block group Z; 2) A scrub running in parallel turns block group Z into RO mode and starts scrubing its extents; 3) Relocation triggers writeback for the data relocation inode; 4) When running delalloc (btrfs_run_delalloc_range()), we try first the NOCOW path because the data relocation inode has BTRFS_INODE_PREALLOC set in its flags. However, because block group Z is in RO mode, the NOCOW path (run_delalloc_nocow()) falls back into the COW path, by calling cow_file_range(); 5) At cow_file_range(), in the first iteration of the while loop we call btrfs_reserve_extent() to allocate a 64KiB extent and pass it a minimum allocation size of 4KiB (fs_info->sectorsize). Due to free space fragmentation, btrfs_reserve_extent() ends up allocating two extents of 32KiB each, each one on a different iteration of that while loop; 6) Writeback of the data relocation inode completes; 7) Relocation proceeds and ends up at relocation.c:replace_file_extents(), with a leaf which has a file extent item that points to the data extent from block group X, that has a logical address (bytenr) of X + 128KiB and a size of 64KiB. Then it calls get_new_location(), which does a lookup in the data relocation tree for a file extent item starting at offset 128KiB (X + 128KiB - X) and belonging to the data relocation inode. It finds a corresponding file extent item, however that item points to an extent that has a size of 32KiB, which doesn't match the expected size of 64KiB, resuling in -EINVAL being returned from this function and propagated up to __btrfs_cow_block(), which aborts the current transaction. To fix this make sure that at cow_file_range() when we call the allocator we pass it a minimum allocation size corresponding the desired extent size if the inode belongs to the data relocation tree, otherwise pass it the filesystem's sector size as the minimum allocation size. CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Josef Bacik Signed-off-by: Filipe Manana Signed-off-by: David Sterba commit ffcb9d44572afbaf8fa6dbf5115bff6dab7b299e Author: Filipe Manana Date: Mon Jun 1 19:12:19 2020 +0100 btrfs: fix race between block group removal and block group creation There is a race between block group removal and block group creation when the removal is completed by a task running fitrim or scrub. When this happens we end up failing the block group creation with an error -EEXIST since we attempt to insert a duplicate block group item key in the extent tree. That results in a transaction abort. The race happens like this: 1) Task A is doing a fitrim, and at btrfs_trim_block_group() it freezes block group X with btrfs_freeze_block_group() (until very recently that was named btrfs_get_block_group_trimming()); 2) Task B starts removing block group X, either because it's now unused or due to relocation for example. So at btrfs_remove_block_group(), while holding the chunk mutex and the block group's lock, it sets the 'removed' flag of the block group and it sets the local variable 'remove_em' to false, because the block group is currently frozen (its 'frozen' counter is > 0, until very recently this counter was named 'trimming'); 3) Task B unlocks the block group and the chunk mutex; 4) Task A is done trimming the block group and unfreezes the block group by calling btrfs_unfreeze_block_group() (until very recently this was named btrfs_put_block_group_trimming()). In this function we lock the block group and set the local variable 'cleanup' to true because we were able to decrement the block group's 'frozen' counter down to 0 and the flag 'removed' is set in the block group. Since 'cleanup' is set to true, it locks the chunk mutex and removes the extent mapping representing the block group from the mapping tree; 5) Task C allocates a new block group Y and it picks up the logical address that block group X had as the logical address for Y, because X was the block group with the highest logical address and now the second block group with the highest logical address, the last in the fs mapping tree, ends at an offset corresponding to block group X's logical address (this logical address selection is done at volumes.c:find_next_chunk()). At this point the new block group Y does not have yet its item added to the extent tree (nor the corresponding device extent items and chunk item in the device and chunk trees). The new group Y is added to the list of pending block groups in the transaction handle; 6) Before task B proceeds to removing the block group item for block group X from the extent tree, which has a key matching: (X logical offset, BTRFS_BLOCK_GROUP_ITEM_KEY, length) task C while ending its transaction handle calls btrfs_create_pending_block_groups(), which finds block group Y and tries to insert the block group item for Y into the exten tree, which fails with -EEXIST since logical offset is the same that X had and task B hasn't yet deleted the key from the extent tree. This failure results in a transaction abort, producing a stack like the following: ------------[ cut here ]------------ BTRFS: Transaction aborted (error -17) WARNING: CPU: 2 PID: 19736 at fs/btrfs/block-group.c:2074 btrfs_create_pending_block_groups+0x1eb/0x260 [btrfs] Modules linked in: btrfs blake2b_generic xor raid6_pq (...) CPU: 2 PID: 19736 Comm: fsstress Tainted: G W 5.6.0-rc7-btrfs-next-58 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btrfs_create_pending_block_groups+0x1eb/0x260 [btrfs] Code: ff ff ff 48 8b 55 50 f0 48 (...) RSP: 0018:ffffa4160a1c7d58 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff961581909d98 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffffffffb3d63990 RDI: 0000000000000001 RBP: ffff9614f3356a58 R08: 0000000000000000 R09: 0000000000000001 R10: ffff9615b65b0040 R11: 0000000000000000 R12: ffff961581909c10 R13: ffff9615b0c32000 R14: ffff9614f3356ab0 R15: ffff9614be779000 FS: 00007f2ce2841e80(0000) GS:ffff9615bae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555f18780000 CR3: 0000000131d34005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btrfs_start_dirty_block_groups+0x398/0x4e0 [btrfs] btrfs_commit_transaction+0xd0/0xc50 [btrfs] ? btrfs_attach_transaction_barrier+0x1e/0x50 [btrfs] ? __ia32_sys_fdatasync+0x20/0x20 iterate_supers+0xdb/0x180 ksys_sync+0x60/0xb0 __ia32_sys_sync+0xa/0x10 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f2ce1d4d5b7 Code: 83 c4 08 48 3d 01 (...) RSP: 002b:00007ffd8b558c58 EFLAGS: 00000202 ORIG_RAX: 00000000000000a2 RAX: ffffffffffffffda RBX: 000000000000002c RCX: 00007f2ce1d4d5b7 RDX: 00000000ffffffff RSI: 00000000186ba07b RDI: 000000000000002c RBP: 0000555f17b9e520 R08: 0000000000000012 R09: 000000000000ce00 R10: 0000000000000078 R11: 0000000000000202 R12: 0000000000000032 R13: 0000000051eb851f R14: 00007ffd8b558cd0 R15: 0000555f1798ec20 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [] copy_process+0x74f/0x2020 softirqs last enabled at (0): [] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace bd7c03622e0b0a9c ]--- Fix this simply by making btrfs_remove_block_group() remove the block group's item from the extent tree before it flags the block group as removed. Also make the free space deletion from the free space tree before flagging the block group as removed, to avoid a similar race with adding and removing free space entries for the free space tree. Fixes: 04216820fe83d5 ("Btrfs: fix race between fs trimming and block group remove/allocation") CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana Signed-off-by: David Sterba commit 9fecd13202f520f3f25d5b1c313adb740fe19773 Author: Filipe Manana Date: Mon Jun 1 19:12:06 2020 +0100 btrfs: fix a block group ref counter leak after failure to remove block group When removing a block group, if we fail to delete the block group's item from the extent tree, we jump to the 'out' label and end up decrementing the block group's reference count once only (by 1), resulting in a counter leak because the block group at that point was already removed from the block group cache rbtree - so we have to decrement the reference count twice, once for the rbtree and once for our lookup at the start of the function. There is a second bug where if removing the free space tree entries (the call to remove_block_group_free_space()) fails we end up jumping to the 'out_put_group' label but end up decrementing the reference count only once, when we should have done it twice, since we have already removed the block group from the block group cache rbtree. This happens because the reference count decrement for the rbtree reference happens after attempting to remove the free space tree entries, which is far away from the place where we remove the block group from the rbtree. To make things less error prone, decrement the reference count for the rbtree immediately after removing the block group from it. This also eleminates the need for two different exit labels on error, renaming 'out_put_label' to just 'out' and removing the old 'out'. Fixes: f6033c5e333238 ("btrfs: fix block group leak when removing fails") CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Nikolay Borisov Reviewed-by: Anand Jain Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba commit fce3a51d9b31312aa12ecb72ffabfc4c7b40bdc6 Author: Thierry Reding Date: Wed Jun 10 13:30:59 2020 +0200 drm/tegra: Add zpos property for cursor planes As of commit 4dc55525b095 ("drm: plane: Verify that no or all planes have a zpos property") a warning is emitted if there's a mix of planes with and without a zpos property. On Tegra, cursor planes are always composited on top of all other planes, which is why they never had a zpos property attached to them. However, since the composition order is fixed, this is trivial to remedy by simply attaching an immutable zpos property to them. v3: do not hardcode zpos for overlay planes used as cursor (Dmitry) v2: hardcode cursor plane zpos to 255 instead of 0 (Ville) Reported-by: Jonathan Hunter Signed-off-by: Thierry Reding commit d9a0a05bf8c76e6dc79230669a8b5d685b168c30 Author: Thierry Reding Date: Wed Apr 8 19:38:02 2020 +0200 gpu: host1x: Detach driver on unregister Currently when a host1x device driver is unregistered, it is not detached from the host1x controller, which means that the device will stay around and when the driver is registered again, it may bind to the old, stale device rather than the new one that was created from scratch upon driver registration. This in turn can cause various weird crashes within the driver core because it is confronted with a device that was already deleted. Fix this by detaching the driver from the host1x controller when it is unregistered. This ensures that the deleted device also is no longer present in the device list that drivers will bind to. Reported-by: Sowjanya Komatineni Signed-off-by: Thierry Reding Tested-by: Sowjanya Komatineni Signed-off-by: Thierry Reding commit 2fd2bc7f49324e7b439e3c5584762abd0a9a13bc Author: Colton Lewis Date: Sun Jun 14 04:08:04 2020 +0000 gpu: host1x: Correct trivial kernel-doc inconsistencies Silence documentation build warnings by adding kernel-doc fields. ./include/linux/host1x.h:69: warning: Function parameter or member 'parent' not described in 'host1x_client' ./include/linux/host1x.h:69: warning: Function parameter or member 'usecount' not described in 'host1x_client' ./include/linux/host1x.h:69: warning: Function parameter or member 'lock' not described in 'host1x_client' Signed-off-by: Colton Lewis Signed-off-by: Thierry Reding commit 1b8eec510ba641418573eacc98a7e9c07726af30 Author: Masami Hiramatsu Date: Wed Jun 3 11:41:09 2020 +0900 selftests/ftrace: Support ":README" suffix for requires Add ":README" suffix support for the requires list, so that the testcase can list up the required string for README file to the requires list. Note that the required string is treated as a fixed string, instead of regular expression. Also, the testcase can specify a string containing spaces with quotes. E.g. # requires: "place: [:]":README Signed-off-by: Masami Hiramatsu Reviewed-by: Tom Zanussi Signed-off-by: Shuah Khan commit 305c8388fd0c92f37ab766dbf864b7bea4b66f5f Author: Masami Hiramatsu Date: Wed Jun 3 11:40:59 2020 +0900 selftests/ftrace: Support ":tracer" suffix for requires Add ":tracer" suffix support for the requires list, so that the testcase can list up the required tracer (e.g. function) to the requires list. For example, if the testcase requires function_graph tracer, it can write requires list as below instead of checking available_tracers. # requires: function_graph:tracer Signed-off-by: Masami Hiramatsu Reviewed-by: Tom Zanussi Signed-off-by: Shuah Khan commit 74e6072894d6ccd9c950d1c9bce3870596731810 Author: Masami Hiramatsu Date: Wed Jun 3 11:40:49 2020 +0900 selftests/ftrace: Convert check_filter_file() with requires list Since check_filter_file() is basically checking the filter tracefs file, we can convert it into requires list. Signed-off-by: Masami Hiramatsu Reviewed-by: Tom Zanussi Signed-off-by: Shuah Khan commit 3591e90fe1108909f822948bd7628412282f7e9d Author: Masami Hiramatsu Date: Wed Jun 3 11:40:38 2020 +0900 selftests/ftrace: Convert required interface checks into requires list Convert the required tracefs interface checking code with requires: list. Fixed merge conflicts in trigger-hist.tc and trigger-trace-marker-hist.tc Shuah Khan Signed-off-by: Masami Hiramatsu Reviewed-by: Tom Zanussi Signed-off-by: Shuah Khan commit 2d3a8e2deddea6c89961c422ec0c5b851e648c14 Author: Jason Yan Date: Tue Jun 16 20:16:55 2020 +0800 block: Fix use-after-free in blkdev_get() In blkdev_get() we call __blkdev_get() to do some internal jobs and if there is some errors in __blkdev_get(), the bdput() is called which means we have released the refcount of the bdev (actually the refcount of the bdev inode). This means we cannot access bdev after that point. But acctually bdev is still accessed in blkdev_get() after calling __blkdev_get(). This results in use-after-free if the refcount is the last one we released in __blkdev_get(). Let's take a look at the following scenerio: CPU0 CPU1 CPU2 blkdev_open blkdev_open Remove disk bd_acquire blkdev_get __blkdev_get del_gendisk bdev_unhash_inode bd_acquire bdev_get_gendisk bd_forget failed because of unhashed bdput bdput (the last one) bdev_evict_inode access bdev => use after free [ 459.350216] BUG: KASAN: use-after-free in __lock_acquire+0x24c1/0x31b0 [ 459.351190] Read of size 8 at addr ffff88806c815a80 by task syz-executor.0/20132 [ 459.352347] [ 459.352594] CPU: 0 PID: 20132 Comm: syz-executor.0 Not tainted 4.19.90 #2 [ 459.353628] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 [ 459.354947] Call Trace: [ 459.355337] dump_stack+0x111/0x19e [ 459.355879] ? __lock_acquire+0x24c1/0x31b0 [ 459.356523] print_address_description+0x60/0x223 [ 459.357248] ? __lock_acquire+0x24c1/0x31b0 [ 459.357887] kasan_report.cold+0xae/0x2d8 [ 459.358503] __lock_acquire+0x24c1/0x31b0 [ 459.359120] ? _raw_spin_unlock_irq+0x24/0x40 [ 459.359784] ? lockdep_hardirqs_on+0x37b/0x580 [ 459.360465] ? _raw_spin_unlock_irq+0x24/0x40 [ 459.361123] ? finish_task_switch+0x125/0x600 [ 459.361812] ? finish_task_switch+0xee/0x600 [ 459.362471] ? mark_held_locks+0xf0/0xf0 [ 459.363108] ? __schedule+0x96f/0x21d0 [ 459.363716] lock_acquire+0x111/0x320 [ 459.364285] ? blkdev_get+0xce/0xbe0 [ 459.364846] ? blkdev_get+0xce/0xbe0 [ 459.365390] __mutex_lock+0xf9/0x12a0 [ 459.365948] ? blkdev_get+0xce/0xbe0 [ 459.366493] ? bdev_evict_inode+0x1f0/0x1f0 [ 459.367130] ? blkdev_get+0xce/0xbe0 [ 459.367678] ? destroy_inode+0xbc/0x110 [ 459.368261] ? mutex_trylock+0x1a0/0x1a0 [ 459.368867] ? __blkdev_get+0x3e6/0x1280 [ 459.369463] ? bdev_disk_changed+0x1d0/0x1d0 [ 459.370114] ? blkdev_get+0xce/0xbe0 [ 459.370656] blkdev_get+0xce/0xbe0 [ 459.371178] ? find_held_lock+0x2c/0x110 [ 459.371774] ? __blkdev_get+0x1280/0x1280 [ 459.372383] ? lock_downgrade+0x680/0x680 [ 459.373002] ? lock_acquire+0x111/0x320 [ 459.373587] ? bd_acquire+0x21/0x2c0 [ 459.374134] ? do_raw_spin_unlock+0x4f/0x250 [ 459.374780] blkdev_open+0x202/0x290 [ 459.375325] do_dentry_open+0x49e/0x1050 [ 459.375924] ? blkdev_get_by_dev+0x70/0x70 [ 459.376543] ? __x64_sys_fchdir+0x1f0/0x1f0 [ 459.377192] ? inode_permission+0xbe/0x3a0 [ 459.377818] path_openat+0x148c/0x3f50 [ 459.378392] ? kmem_cache_alloc+0xd5/0x280 [ 459.379016] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 459.379802] ? path_lookupat.isra.0+0x900/0x900 [ 459.380489] ? __lock_is_held+0xad/0x140 [ 459.381093] do_filp_open+0x1a1/0x280 [ 459.381654] ? may_open_dev+0xf0/0xf0 [ 459.382214] ? find_held_lock+0x2c/0x110 [ 459.382816] ? lock_downgrade+0x680/0x680 [ 459.383425] ? __lock_is_held+0xad/0x140 [ 459.384024] ? do_raw_spin_unlock+0x4f/0x250 [ 459.384668] ? _raw_spin_unlock+0x1f/0x30 [ 459.385280] ? __alloc_fd+0x448/0x560 [ 459.385841] do_sys_open+0x3c3/0x500 [ 459.386386] ? filp_open+0x70/0x70 [ 459.386911] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 459.387610] ? trace_hardirqs_off_caller+0x55/0x1c0 [ 459.388342] ? do_syscall_64+0x1a/0x520 [ 459.388930] do_syscall_64+0xc3/0x520 [ 459.389490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 459.390248] RIP: 0033:0x416211 [ 459.390720] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 459.393483] RSP: 002b:00007fe45dfe9a60 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 459.394610] RAX: ffffffffffffffda RBX: 00007fe45dfea6d4 RCX: 0000000000416211 [ 459.395678] RDX: 00007fe45dfe9b0a RSI: 0000000000000002 RDI: 00007fe45dfe9b00 [ 459.396758] RBP: 000000000076bf20 R08: 0000000000000000 R09: 000000000000000a [ 459.397930] R10: 0000000000000075 R11: 0000000000000293 R12: 00000000ffffffff [ 459.399022] R13: 0000000000000bd9 R14: 00000000004cdb80 R15: 000000000076bf2c [ 459.400168] [ 459.400430] Allocated by task 20132: [ 459.401038] kasan_kmalloc+0xbf/0xe0 [ 459.401652] kmem_cache_alloc+0xd5/0x280 [ 459.402330] bdev_alloc_inode+0x18/0x40 [ 459.402970] alloc_inode+0x5f/0x180 [ 459.403510] iget5_locked+0x57/0xd0 [ 459.404095] bdget+0x94/0x4e0 [ 459.404607] bd_acquire+0xfa/0x2c0 [ 459.405113] blkdev_open+0x110/0x290 [ 459.405702] do_dentry_open+0x49e/0x1050 [ 459.406340] path_openat+0x148c/0x3f50 [ 459.406926] do_filp_open+0x1a1/0x280 [ 459.407471] do_sys_open+0x3c3/0x500 [ 459.408010] do_syscall_64+0xc3/0x520 [ 459.408572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 459.409415] [ 459.409679] Freed by task 1262: [ 459.410212] __kasan_slab_free+0x129/0x170 [ 459.410919] kmem_cache_free+0xb2/0x2a0 [ 459.411564] rcu_process_callbacks+0xbb2/0x2320 [ 459.412318] __do_softirq+0x225/0x8ac Fix this by delaying bdput() to the end of blkdev_get() which means we have finished accessing bdev. Fixes: 77ea887e433a ("implement in-kernel gendisk events handling") Reported-by: Hulk Robot Signed-off-by: Jason Yan Tested-by: Sedat Dilek Reviewed-by: Jan Kara Reviewed-by: Christoph Hellwig Reviewed-by: Dan Carpenter Cc: Christoph Hellwig Cc: Jens Axboe Cc: Ming Lei Cc: Jan Kara Cc: Dan Carpenter Signed-off-by: Jens Axboe commit a352fe371053d047481635da328ea781329c84a4 Merge: 07c7b547a796 80bf72598663 Author: Tony Lindgren Date: Tue Jun 16 09:26:03 2020 -0700 Merge branch 'omap-for-v5.8/fixes-rc1' into fixes commit 07c7b547a79605f1041d55b84d91a4a4d9c5b363 Merge: e4a8fc054340 b3a9e3b9622a Author: Tony Lindgren Date: Tue Jun 16 09:25:03 2020 -0700 Merge tag 'v5.8-rc1' into fixes Linux 5.8-rc1 commit 034aa9cd698e315c767af1bac3fd1ff8898d2cd7 Author: Will Deacon Date: Mon Jun 15 16:27:43 2020 +0100 arm64: pgtable: Clear the GP bit for non-executable kernel pages Commit cca98e9f8b5e ("mm: enforce that vmap can't map pages executable") introduced 'pgprot_nx(prot)' for arm64 but collided silently with the BTI support during the merge window, which endeavours to clear the GP bit for non-executable kernel mappings in set_memory_nx(). For consistency between the two APIs, clear the GP bit in pgprot_nx(). Acked-by: Mark Rutland Reviewed-by: Mark Brown Link: https://lore.kernel.org/r/20200615154642.3579-1-will@kernel.org Signed-off-by: Will Deacon commit 80bf72598663496d08b3c0231377db6a99d7fd68 Author: Drew Fustini Date: Mon Jun 15 17:57:01 2020 +0200 ARM: dts: am5729: beaglebone-ai: fix rgmii phy-mode Since commit cd28d1d6e52e ("net: phy: at803x: Disable phy delay for RGMII mode") the networking is broken on the BeagleBone AI which has the AR8035 PHY for Gigabit Ethernet [0]. The fix is to switch from phy-mode = "rgmii" to phy-mode = "rgmii-rxid". Note: Grygorii made a similar DT fix for other AM57xx boards with a different phy in commit 820f8a870f65 ("ARM: dts: am57xx: fix networking on boards with ksz9031 phy"). [0] https://git.io/Jf7PX Fixes: 520557d4854b ("ARM: dts: am5729: beaglebone-ai: adding device tree") Cc: Vinod Koul Reviewed-by: Grygorii Strashko Signed-off-by: Robert Nelson Signed-off-by: Drew Fustini Signed-off-by: Tony Lindgren commit c030688d4427658bc4e947111341f75d2cb3d526 Author: Tony Lindgren Date: Fri Jun 12 10:23:40 2020 -0700 ARM: dts: Fix omap4 system timer source clocks I accidentally flipped the system timer to use system clock instead of the 32k source clock. Fixes: 14b1925a7219 ("ARM: dts: Configure system timers for omap4") Signed-off-by: Tony Lindgren commit 9cf28e41f9f768791f54ee18333239fda6927ed8 Author: Tony Lindgren Date: Fri Jun 12 10:19:50 2020 -0700 ARM: dts: Fix duovero smsc interrupt for suspend While testing the recent suspend and resume regressions I noticed that duovero can still end up losing edge gpio interrupts on runtime suspend. This causes NFSroot easily stopping working after resume on duovero. Let's fix the issue by using gpio level interrupts for smsc as then the gpio interrupt state is seen by the gpio controller on resume. Fixes: 731b409878a3 ("ARM: dts: Configure duovero for to allow core retention during idle") Signed-off-by: Tony Lindgren commit d7af722344e6dc52d87649100516515263e15c75 Author: Drew Fustini Date: Tue Jun 9 23:45:21 2020 +0200 ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect AM3358 pin mcasp0_aclkr (ZCZ ball B13) [0] is routed to P1.31 header [1] Mode 4 of this pin is mmc0_sdwp (SD Write Protect). A signal connected to P1.31 may accidentally trigger mmc0 write protection. To avoid this situation, do not put mcasp0_aclkr in mode 4 (mmc0_sdwp) by default. [0] http://www.ti.com/lit/ds/symlink/am3358.pdf [1] https://github.com/beagleboard/pocketbeagle/wiki/System-Reference-Manual#531_Expansion_Headers Fixes: 047905376a16 (ARM: dts: Add am335x-pocketbeagle) Signed-off-by: Robert Nelson Signed-off-by: Drew Fustini Signed-off-by: Tony Lindgren commit b5b0180c2f767e90b4a6a885a0a2abaab6e3d48d Author: Peter Ujfalusi Date: Wed May 27 10:06:12 2020 +0300 dmaengine: ti: k3-udma: Fix the running channel handling in alloc_chan_resources In the unlikely case when the channel is running (RT enabled) during alloc_chan_resources then we should use udma_reset_chan() and not udma_stop() as the later is trying to initiate a teardown on the channel, which is not valid at this point. Signed-off-by: Peter Ujfalusi Link: https://lore.kernel.org/r/20200527070612.636-3-peter.ujfalusi@ti.com Signed-off-by: Vinod Koul commit 5a9377cc7421b59b13c9b90b8dc0aca332a1c958 Author: Peter Ujfalusi Date: Wed May 27 10:06:11 2020 +0300 dmaengine: ti: k3-udma: Fix cleanup code for alloc_chan_resources Some of the earlier errors should be sent to the error cleanup path to make sure that the uchan struct is reset, the dma_pool (if allocated) is released and memcpy channel pairs are released in a correct way. Signed-off-by: Peter Ujfalusi Link: https://lore.kernel.org/r/20200527070612.636-2-peter.ujfalusi@ti.com Signed-off-by: Vinod Koul commit 9f2f3ce3daed229eecf647acac44defbdee1f7c0 Author: Peter Ujfalusi Date: Wed May 27 09:53:57 2020 +0300 dmaengine: ti: k3-udma: Use correct node to read "ti,udma-atype" The "ti,udma-atype" property is expected in the UDMA node and not in the parent navss node. Fixes: 0ebcf1a274c5 ("dmaengine: ti: k3-udma: Implement support for atype (for virtualization)") Signed-off-by: Peter Ujfalusi Link: https://lore.kernel.org/r/20200527065357.30791-1-peter.ujfalusi@ti.com Signed-off-by: Vinod Koul commit 6363d2065cd399cf9d6dc9d08c437f8658831100 Author: Dmitry Torokhov Date: Sun May 24 16:51:34 2020 -0700 HID: magicmouse: do not set up autorepeat Neither the trackpad, nor the mouse want input core to generate autorepeat events for their buttons, so let's reset the bit (as hid-input sets it for these devices based on the usage vendor code). Cc: stable@vger.kernel.org Reported-by: Yariv Tested-by: Yariv Signed-off-by: Dmitry Torokhov Signed-off-by: Jiri Kosina commit aa3c439c144f0a465ed1f28f11c772886fb02b35 Author: Caiyuan Xie Date: Fri May 22 05:06:10 2020 -0400 HID: alps: support devices with report id 2 Add support for devices which that have reports with id == 2 Signed-off-by: Caiyuan Xie Signed-off-by: Jiri Kosina commit 7c295eec1e351003a8ca06c34f9e79336fa5b244 Author: David Howells Date: Tue Jun 16 00:52:30 2020 +0100 afs: afs_vnode_commit_status() doesn't need to check the RPC error afs_vnode_commit_status() is only ever called if op->error is 0, so remove the op->error checks from the function. Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept") Signed-off-by: David Howells commit 728279a5a1fd9fa9fa268f807391c4d19ad2822c Author: David Howells Date: Tue Jun 16 00:34:09 2020 +0100 afs: Fix use of afs_check_for_remote_deletion() afs_check_for_remote_deletion() checks to see if error ENOENT is returned by the server in response to an operation and, if so, marks the primary vnode as having been deleted as the FID is no longer valid. However, it's being called from the operation success functions, where no abort has happened - and if an inline abort is recorded, it's handled by afs_vnode_commit_status(). Fix this by actually calling the operation aborted method if provided and having that point to afs_check_for_remote_deletion(). Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept") Signed-off-by: David Howells commit 44767c353127cfcbee49a89bab39a3680ecd2a45 Author: David Howells Date: Tue Jun 16 00:25:56 2020 +0100 afs: Remove afs_operation::abort_code Remove afs_operation::abort_code as it's read but never set. Use ac.abort_code instead. Signed-off-by: David Howells commit 9bd87ec631ba07285138eed9c85645a12294f6c6 Author: David Howells Date: Tue Jun 16 00:23:12 2020 +0100 afs: Fix yfs_fs_fetch_status() to honour vnode selector Fix yfs_fs_fetch_status() to honour the vnode selector in op->fetch_status.which as does afs_fs_fetch_status() that allows afs_do_lookup() to use this as an alternative to the InlineBulkStatus RPC call if not implemented by the server. This doesn't matter in the current code as YFS servers always implement InlineBulkStatus, but a subsequent will call it on YFS servers too in some circumstances. Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept") Signed-off-by: David Howells commit 6c85cacc8c096fc5cbdba61b6aa8fe675805e5d1 Author: David Howells Date: Tue Jun 16 00:18:09 2020 +0100 afs: Remove yfs_fs_fetch_file_status() as it's not used Remove yfs_fs_fetch_file_status() as it's no longer used. Signed-off-by: David Howells commit ca28aff0e1dc7dce9e12a7fd9276b7118ce5e73a Author: Sebastian Parschauer Date: Tue Jun 9 12:00:53 2020 +0200 HID: quirks: Always poll Obins Anne Pro 2 keyboard The Obins Anne Pro 2 keyboard (04d9:a293) disconnects after a few minutes of inactivity when using it wired and typing does not result in any input events any more. This is a common firmware flaw. So add the ALWAYS_POLL quirk for this device. GitHub user Dietrich Moerman (dietrichm) tested the quirk and requested my help in my project https://github.com/sriemer/fix-linux-mouse issue 22 to provide this patch. Link: https://www.reddit.com/r/AnnePro/comments/gruzcb/anne_pro_2_linux_cant_type_after_inactivity/ Signed-off-by: Sebastian Parschauer Cc: stable@vger.kernel.org # v4.16+ Signed-off-by: Jiri Kosina commit fa33e6236f5fa425a3ccf8925010d51fae9f0929 Author: Masami Hiramatsu Date: Wed Jun 3 11:40:28 2020 +0900 selftests/ftrace: Add "requires:" list support Introduce "requires:" list to check required ftrace interface for each test. This will simplify the interface checking code and unify the error message. Another good point is, it can skip the ftrace initializing. Note that this requires list must be written as a shell comment. Signed-off-by: Masami Hiramatsu Reviewed-by: Tom Zanussi Signed-off-by: Shuah Khan commit 43e666acb79f3d355dd89bf20f4d25d3b15da13e Author: Federico Ricchiuto Date: Mon Jun 15 22:49:11 2020 +0200 HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override The Mediacom FlexBook edge13 uses the SIPODEV SP1064 touchpad, which does not supply descriptors, so it has to be added to the override list. Signed-off-by: Federico Ricchiuto Signed-off-by: Jiri Kosina commit 1e11b7dbef17bb6315f08771a64d86ab20fc037b Author: Masami Hiramatsu Date: Wed Jun 3 11:40:19 2020 +0900 selftests/ftrace: Return unsupported for the unconfigured features As same as other test cases, return unsupported if kprobe_events or argument access feature are not found. There can be a new arch which does not port those features yet, and an older kernel which doesn't support it. Those can not enable the features. Signed-off-by: Masami Hiramatsu Reviewed-by: Tom Zanussi Signed-off-by: Shuah Khan commit 76ebbc2736434f210d0fe4a41cc3232b0dae4563 Author: Masami Hiramatsu Date: Wed Jun 3 11:40:10 2020 +0900 selftests/ftrace: Allow ":" in description Allow ":" in the description line. Currently if there is ":" in the test description line, the description is cut at that point, but that was unintended. Signed-off-by: Masami Hiramatsu Reviewed-by: Tom Zanussi Signed-off-by: Shuah Khan commit 7ed286f3e061ee394782bd9fb4ed96bff0b5a021 Author: Ilya Dryomov Date: Tue Jun 9 11:59:08 2020 +0200 libceph: don't omit used_replica in target_copy() Currently target_copy() is used only for sending linger pings, so this doesn't come up, but generally omitting used_replica can hang the client as we wouldn't notice the acting set change (legacy_change in calc_target()) or trigger a warning in handle_reply(). Fixes: 117d96a04f00 ("libceph: support for balanced and localized reads") Signed-off-by: Ilya Dryomov Reviewed-by: Jeff Layton commit 2f3fead62144002557f322c2a7c15e1255df0653 Author: Ilya Dryomov Date: Tue Jun 9 11:57:56 2020 +0200 libceph: don't omit recovery_deletes in target_copy() Currently target_copy() is used only for sending linger pings, so this doesn't come up, but generally omitting recovery_deletes can result in unneeded resends (force_resend in calc_target()). Fixes: ae78dd8139ce ("libceph: make RECOVERY_DELETES feature create a new interval") Signed-off-by: Ilya Dryomov Reviewed-by: Jeff Layton commit 22d2cfdffa5bff3566e16cb7320e13ceb814674b Author: Ilya Dryomov Date: Thu Jun 4 11:12:34 2020 +0200 libceph: move away from global osd_req_flags osd_req_flags is overly general and doesn't suit its only user (read_from_replica option) well: - applying osd_req_flags in account_request() affects all OSD requests, including linger (i.e. watch and notify). However, linger requests should always go to the primary even though some of them are reads (e.g. notify has side effects but it is a read because it doesn't result in mutation on the OSDs). - calls to class methods that are reads are allowed to go to the replica, but most such calls issued for "rbd map" and/or exclusive lock transitions are requested to be resent to the primary via EAGAIN, doubling the latency. Get rid of global osd_req_flags and set read_from_replica flag only on specific OSD requests instead. Fixes: 8ad44d5e0d1e ("libceph: read_from_replica option") Signed-off-by: Ilya Dryomov Reviewed-by: Jeff Layton commit a0b03952a797591d4b6d6fa7b9b7872e27783729 Author: Takashi Iwai Date: Tue Jun 16 15:21:50 2020 +0200 ALSA: hda/realtek - Add quirk for MSI GE63 laptop MSI GE63 laptop with ALC1220 codec requires the very same quirk (ALC1220_FIXUP_CLEVO_P950) as other MSI devices for the proper sound output. BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208057 Cc: Link: https://lore.kernel.org/r/20200616132150.8778-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit 33aea07f30c261eff7ba229f19fd1b161e0fb851 Author: Marco Elver Date: Tue Jun 16 01:15:29 2020 +0200 compiler_attributes.h: Support no_sanitize_undefined check with GCC 4 UBSAN is supported since GCC 4.9, which unfortunately did not yet have __has_attribute(). To work around, the __GCC4_has_attribute workaround requires defining which compiler version supports the given attribute. In the case of no_sanitize_undefined, it is the first version that supports UBSAN, which is GCC 4.9. Reported-by: kernel test robot Signed-off-by: Marco Elver Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Miguel Ojeda Link: https://lkml.kernel.org/r/20200615231529.GA119644@google.com commit 6903cdae9f9f08d61e49c16cbef11c293e33a615 Author: Gaurav Singh Date: Fri Jun 12 14:53:27 2020 -0400 bpf, xdp, samples: Fix null pointer dereference in *_user code Memset on the pointer right after malloc can cause a NULL pointer deference if it failed to allocate memory. A simple fix is to replace malloc()/memset() pair with a simple call to calloc(). Fixes: 0fca931a6f21 ("samples/bpf: program demonstrating access to xdp_rxq_info") Signed-off-by: Gaurav Singh Signed-off-by: Daniel Borkmann Acked-by: Jesper Dangaard Brouer Acked-by: John Fastabend commit a101e3dad8a90a840ccb45e492cd2ef7c01199ea Author: Thierry Reding Date: Fri Jun 12 17:01:00 2020 +0200 drm/tegra: hub: Register child devices In order to remove the dependency on the simple-bus compatible string, which causes the OF driver core to register all child devices, make the display-hub driver explicitly register the display controller children. Signed-off-by: Thierry Reding commit ca2030d56bb7b73079f834b10de38ced9cac74a3 Author: Thierry Reding Date: Fri Jun 12 17:00:59 2020 +0200 gpu: host1x: Register child devices In order to remove the dependency on the simple-bus compatible string, which causes the OF driver core to register all child devices, make the host1x driver explicitly register its children. Signed-off-by: Thierry Reding commit ef4e417eb3ec7fe657928f10ac1d2154d8a5fb38 Author: Nicolin Chen Date: Tue May 19 02:03:01 2020 -0700 drm/tegra: hub: Do not enable orphaned window group Though the unconditional enable/disable code is not a final solution, we don't want to run into a NULL pointer situation when window group doesn't link to its DC parent if the DC is disabled in Device Tree. So this patch simply adds a check to make sure that window group has a valid parent before running into tegra_windowgroup_enable/disable. Signed-off-by: Nicolin Chen Signed-off-by: Thierry Reding commit 109be8b23fb2ec8e2d309325ee3b7a49eab63961 Author: Christophe JAILLET Date: Sun Apr 26 21:16:30 2020 +0200 gpu: host1x: Clean up debugfs in error handling path host1x_debug_init() must be reverted in an error handling path. This is already fixed in the remove function since commit 44156eee91ba ("gpu: host1x: Clean up debugfs on removal") Signed-off-by: Christophe JAILLET Signed-off-by: Thierry Reding commit 64438e1bc0cdbe6d30bcdcb976f935eb3c297adc Author: Heiko Carstens Date: Wed Jun 10 10:36:05 2020 +0200 s390/numa: let NODES_SHIFT depend on NEED_MULTIPLE_NODES Qian Cai reported: """ When NUMA=n and nr_node_ids=2, in apply_wqattrs_prepare(), it has, for_each_node(node) { if (wq_calc_node_cpumask(... where it will trigger a booting warning, WARNING: workqueue cpumask: online intersect > possible intersect because it found 2 nodes and wq_numa_possible_cpumask[1] is an empty cpumask. """ Let NODES_SHIFT depend on NEED_MULTIPLE_NODES like it is done on other architectures in order to fix this. Fixes: 701dc81e7412 ("s390/mm: remove fake numa support") Reported-by: Qian Cai Signed-off-by: Heiko Carstens Signed-off-by: Vasily Gorbik commit 478237a595120a18e9b52fd2c57a6e8b7a01e411 Author: Vincenzo Frascino Date: Tue Mar 24 12:10:27 2020 +0000 s390/vdso: fix vDSO clock_getres() clock_getres in the vDSO library has to preserve the same behaviour of posix_get_hrtimer_res(). In particular, posix_get_hrtimer_res() does: sec = 0; ns = hrtimer_resolution; and hrtimer_resolution depends on the enablement of the high resolution timers that can happen either at compile or at run time. Fix the s390 vdso implementation of clock_getres keeping a copy of hrtimer_resolution in vdso data and using that directly. Link: https://lkml.kernel.org/r/20200324121027.21665-1-vincenzo.frascino@arm.com Signed-off-by: Vincenzo Frascino Acked-by: Martin Schwidefsky [heiko.carstens@de.ibm.com: use llgf for proper zero extension] Signed-off-by: Heiko Carstens Signed-off-by: Vasily Gorbik commit 2b2a25845d534ac6d55086e35c033961fdd83a26 Author: Nathan Chancellor Date: Tue Jun 2 12:25:24 2020 -0700 s390/vdso: Use $(LD) instead of $(CC) to link vDSO Currently, the VDSO is being linked through $(CC). This does not match how the rest of the kernel links objects, which is through the $(LD) variable. When clang is built in a default configuration, it first attempts to use the target triple's default linker, which is just ld. However, the user can override this through the CLANG_DEFAULT_LINKER cmake define so that clang uses another linker by default, such as LLVM's own linker, ld.lld. This can be useful to get more optimized links across various different projects. However, this is problematic for the s390 vDSO because ld.lld does not have any s390 emulatiom support: https://github.com/llvm/llvm-project/blob/llvmorg-10.0.1-rc1/lld/ELF/Driver.cpp#L132-L150 Thus, if a user is using a toolchain with ld.lld as the default, they will see an error, even if they have specified ld.bfd through the LD make variable: $ make -j"$(nproc)" -s ARCH=s390 CROSS_COMPILE=s390x-linux-gnu- LLVM=1 \ LD=s390x-linux-gnu-ld \ defconfig arch/s390/kernel/vdso64/ ld.lld: error: unknown emulation: elf64_s390 clang-11: error: linker command failed with exit code 1 (use -v to see invocation) Normally, '-fuse-ld=bfd' could be used to get around this; however, this can be fragile, depending on paths and variable naming. The cleaner solution for the kernel is to take advantage of the fact that $(LD) can be invoked directly, which bypasses the heuristics of $(CC) and respects the user's choice. Similar changes have been done for ARM, ARM64, and MIPS. Link: https://lkml.kernel.org/r/20200602192523.32758-1-natechancellor@gmail.com Link: https://github.com/ClangBuiltLinux/linux/issues/1041 Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers [heiko.carstens@de.ibm.com: add --build-id flag] Signed-off-by: Heiko Carstens Signed-off-by: Vasily Gorbik commit 99448016ac792ac096def056828ab72c21f8582b Author: Chen Zhou Date: Sat May 9 16:56:08 2020 +0800 s390/protvirt: use scnprintf() instead of snprintf() snprintf() returns the number of bytes that would be written, which may be greater than the the actual length to be written. uv_query_facilities() should return the number of bytes printed into the buffer. This is the return value of scnprintf(). The other functions are the same. Link: https://lkml.kernel.org/r/20200509085608.41061-4-chenzhou10@huawei.com Signed-off-by: Chen Zhou Signed-off-by: Heiko Carstens Signed-off-by: Vasily Gorbik commit 92fd356514b7505f40ca72b38ef84070e6502a70 Author: Chen Zhou Date: Sat May 9 16:56:07 2020 +0800 s390: use scnprintf() in sys_##_prefix##_##_name##_show snprintf() returns the number of bytes that would be written, which may be greater than the the actual length to be written. show() methods should return the number of bytes printed into the buffer. This is the return value of scnprintf(). Link: https://lkml.kernel.org/r/20200509085608.41061-3-chenzhou10@huawei.com Signed-off-by: Chen Zhou Signed-off-by: Heiko Carstens Signed-off-by: Vasily Gorbik commit df8cea2a4bef3088c8570af543835992ce1d327e Author: Chen Zhou Date: Sat May 9 16:56:06 2020 +0800 s390/crypto: use scnprintf() instead of snprintf() snprintf() returns the number of bytes that would be written, which may be greater than the the actual length to be written. show() methods should return the number of bytes printed into the buffer. This is the return value of scnprintf(). Link: https://lkml.kernel.org/r/20200509085608.41061-2-chenzhou10@huawei.com Signed-off-by: Chen Zhou Signed-off-by: Heiko Carstens Signed-off-by: Vasily Gorbik commit 79d6c50227103a9f7df9690b38ff74127f69d3cf Author: Zou Wei Date: Tue Apr 21 20:35:48 2020 +0800 s390/zcrypt: use kzalloc This patch fixes below warning reported by coccicheck drivers/s390/crypto/zcrypt_ep11misc.c:198:8-15: WARNING: kzalloc should be used for cprb, instead of kmalloc/memset Link: https://lkml.kernel.org/r/1587472548-105240-1-git-send-email-zou_wei@huawei.com Reported-by: Hulk Robot Signed-off-by: Zou Wei Signed-off-by: Heiko Carstens Signed-off-by: Vasily Gorbik commit ecc28f58e6cc479253bbd9aced013d8d34fef896 Author: Cornelia Huck Date: Tue May 26 11:36:29 2020 +0200 s390/virtio: remove unused pm callbacks Support for hibernation on s390 has been recently been removed with commit 394216275c7d ("s390: remove broken hibernate / power management support"), no need to keep unused code around. Link: https://lkml.kernel.org/r/20200526093629.257649-1-cohuck@redhat.com Signed-off-by: Cornelia Huck Reviewed-by: Halil Pasic Signed-off-by: Heiko Carstens Signed-off-by: Vasily Gorbik commit a87ee11607b853a31c8612d9f47b7fe974953b77 Author: Julian Wiedmann Date: Tue Apr 21 11:35:00 2020 +0100 s390/qdio: reduce SLSB writes during Input Queue processing Streamline the processing of QDIO Input Queues, and remove some intermittent SLSB updates (no deleting of old ACKs, no redundant transitions through NOT_INIT). Rather than counting ACKs, we now keep track of the whole batch of SBALs that were completed during the current polling cycle. Most completed SBALs stay in their initial state (ie. PRIMED or ERROR), except that the most recent SBAL in each sub-run is ACKed for IRQ reduction. The only logic changes happen in inbound_handle_work(), the other delta is just a renaming of the variables that track the SBAL batch. Note that in particular we don't need to flip the _oldest_ SBAL to an idle state (eg. NOT_INIT or ACKed) as a guard against catching our own tail. Since get_inbound_buffer_frontier() will never scan more than the remaining nr_buf_used SBALs, this scenario just doesn't occur. Signed-off-by: Julian Wiedmann Signed-off-by: Vasily Gorbik commit 4bae85b620dc1f7aa4d2338b923d9d9b394b58c4 Author: Sven Schnelle Date: Mon Mar 9 16:56:53 2020 +0100 selftests/seccomp: s390 shares the syscall and return value register s390 cannot set syscall number and reture code at the same time, so set the appropriate flag to indicate it. Signed-off-by: Sven Schnelle Signed-off-by: Vasily Gorbik commit 873e5a763d604c32988c4a78913a8dab3862d2f9 Author: Sven Schnelle Date: Mon Mar 9 16:44:50 2020 +0100 s390/ptrace: fix setting syscall number When strace wants to update the syscall number, it sets GPR2 to the desired number and updates the GPR via PTRACE_SETREGSET. It doesn't update regs->int_code which would cause the old syscall executed on syscall restart. As we cannot change the ptrace ABI and don't have a field for the interruption code, check whether the tracee is in a syscall and the last instruction was svc. In that case assume that the tracer wants to update the syscall number and copy the GPR2 value to regs->int_code. Signed-off-by: Sven Schnelle Signed-off-by: Vasily Gorbik commit 00332c16b1604242a56289ff2b26e283dbad0812 Author: Sven Schnelle Date: Fri Mar 6 13:19:34 2020 +0100 s390/ptrace: pass invalid syscall numbers to tracing tracing expects to see invalid syscalls, so pass it through. The syscall path in entry.S checks the syscall number before looking up the handler, so it is still safe. Signed-off-by: Sven Schnelle Signed-off-by: Vasily Gorbik commit cd29fa798001075a554b978df3a64e6656c25794 Author: Sven Schnelle Date: Fri Mar 6 13:18:31 2020 +0100 s390/ptrace: return -ENOSYS when invalid syscall is supplied The current code returns the syscall number which an invalid syscall number is supplied and tracing is enabled. This makes the strace testsuite fail. Signed-off-by: Sven Schnelle Signed-off-by: Vasily Gorbik commit 664f5f8de825648d1d31f6f5652e3cd117c77b50 Author: Sven Schnelle Date: Wed Mar 4 16:07:34 2020 +0100 s390/seccomp: pass syscall arguments via seccomp_data Use __secure_computing() and pass the register data via seccomp_data so secure computing doesn't have to fetch it again. Signed-off-by: Sven Schnelle Signed-off-by: Vasily Gorbik commit c119a8a3c395b0850f131728bdddd166d172842f Author: Julian Wiedmann Date: Fri May 8 17:00:21 2020 +0200 s390/qdio: fine-tune SLSB update xchg() for a single-byte location assembles to a 4-byte Compare&Swap, wrapped into a non-trivial amount of retry code that deals with concurrent modifications to the unaffected bytes. Change it to a simple byte-store, but preserve the memory ordering semantics that the CS provided. This simplifies the generated code for a hot path, and in theory also allows us to amortize the memory barriers over multiple SLSB updates. CC: Andreas Krebbel Signed-off-by: Julian Wiedmann Signed-off-by: Vasily Gorbik commit 4b3c1f1b15f576445c221cbc77a88540433a2ba7 Merge: 11425c4519e2 b3a9e3b9622a Author: Thomas Zimmermann Date: Tue Jun 16 13:31:47 2020 +0200 Merge v5.8-rc1 into drm-misc-fixes Beginning a new release cycles for what will become v5.8. Updating drm-misc-fixes accordingly. Signed-off-by: Thomas Zimmermann commit ed1220df6e666500ebf58c4f2fccc681941646fb Author: Shengjiu Wang Date: Tue Jun 16 10:53:48 2020 +0800 ASoC: fsl_ssi: Fix bclk calculation for mono channel For mono channel, SSI will switch to Normal mode. In Normal mode and Network mode, the Word Length Control bits control the word length divider in clock generator, which is different with I2S Master mode (the word length is fixed to 32bit), it should be the value of params_width(hw_params). The condition "slots == 2" is not good for I2S Master mode, because for Network mode and Normal mode, the slots can also be 2. Then we need to use (ssi->i2s_net & SSI_SCR_I2S_MODE_MASK) to check if it is I2S Master mode. So we refine the formula for mono channel, otherwise there will be sound issue for S24_LE. Fixes: b0a7043d5c2c ("ASoC: fsl_ssi: Caculate bit clock rate using slot number and width") Signed-off-by: Shengjiu Wang Reviewed-by: Nicolin Chen Link: https://lore.kernel.org/r/034eff1435ff6ce300b6c781130cefd9db22ab9a.1592276147.git.shengjiu.wang@nxp.com Signed-off-by: Mark Brown commit 27a5e7d36d383970affae801d77141deafd536a8 Author: Neil Armstrong Date: Mon Jun 8 10:44:58 2020 +0200 mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed The actual max_segs computation leads to failure while using the broadcom sdio brcmfmac/bcmsdh driver, since the driver tries to make usage of scatter gather. But with the dram-access-quirk we use a 1,5K SRAM bounce buffer, and the max_segs current value of 3 leads to max transfers to 4,5k, which doesn't work. This patch sets max_segs to 1 to better describe the hardware limitation, and fix the SDIO functionality with the brcmfmac/bcmsdh driver on Amlogic G12A/G12B SoCs on boards like SEI510 or Khadas VIM3. Reported-by: Art Nikpal Reported-by: Christian Hewitt Fixes: acdc8e71d9bb ("mmc: meson-gx: add dram-access-quirk") Signed-off-by: Neil Armstrong Reviewed-by: Kevin Hilman Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200608084458.32014-1-narmstrong@baylibre.com Signed-off-by: Ulf Hansson commit ec3decd21380081e3b5de4ba8d85d90a95f201a0 Author: Andy Shevchenko Date: Fri Jun 5 16:40:36 2020 +0300 gpio: pca953x: disable regmap locking for automatic address incrementing It's a repetition of the commit aa58a21ae378 ("gpio: pca953x: disable regmap locking") which states the following: This driver uses its own locking but regmap silently uses a mutex for all operations too. Add the option to disable locking to the regmap config struct. Fixes: bcf41dc480b1 ("gpio: pca953x: fix handling of automatic address incrementing") Cc: Uwe Kleine-König Signed-off-by: Andy Shevchenko Reviewed-by: Uwe Kleine-König Signed-off-by: Bartosz Golaszewski commit 0b22c25e1b81c5f718e89c4d759e6a359be24417 Author: Andy Shevchenko Date: Fri Jun 5 16:40:35 2020 +0300 gpio: pca953x: Fix direction setting when configure an IRQ The commit 0f25fda840a9 ("gpio: pca953x: Zap ad-hoc reg_direction cache") seems inadvertently made a typo in pca953x_irq_bus_sync_unlock(). When the direction bit is 1 it means input, and the piece of code in question was looking for output ones that should be turned to inputs. Fix direction setting when configure an IRQ by injecting a bitmap complement operation. Fixes: 0f25fda840a9 ("gpio: pca953x: Zap ad-hoc reg_direction cache") Depends-on: 35d13d94893f ("gpio: pca953x: convert to use bitmap API") Cc: Marek Vasut Signed-off-by: Andy Shevchenko Signed-off-by: Bartosz Golaszewski commit ba8c90c6184784b397807b72403656085ac2f8c1 Author: Andy Shevchenko Date: Fri Jun 5 16:40:34 2020 +0300 gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 ACPI table on Intel Galileo Gen 2 has wrong pin number for IRQ resource of one of the I²C GPIO expanders. Since we know what that number is and luckily have GPIO bases fixed for SoC's controllers, we may use a simple DMI quirk to match the platform and retrieve GpioInt() pin on it for the expander in question. Mika suggested the way to avoid a quirk in the GPIO ACPI library and here is the second, almost rewritten version of it. Fixes: f32517bf1ae0 ("gpio: pca953x: support ACPI devices found on Galileo Gen2") Depends-on: 25e3ef894eef ("gpio: acpi: Split out acpi_gpio_get_irq_resource() helper") Suggested-by: Mika Westerberg Reviewed-by: Mika Westerberg Signed-off-by: Andy Shevchenko Signed-off-by: Bartosz Golaszewski commit 064c73afe7385de99e5b2785b88c83dc5d84403b Author: Andy Shevchenko Date: Fri Jun 5 16:40:33 2020 +0300 gpio: pca953x: Synchronize interrupt handler properly Since the commit aa58a21ae378 ("gpio: pca953x: disable regmap locking") the locking of regmap is disabled and that immediately introduces a synchronization issue. It's easy to see when we try to monitor more than one interrupt from the same chip. It seems that the problem exists from the day one and even commit 6e20fb18054c ("drivers/gpio/pca953x.c: add a mutex to fix race condition") missed this. Below are the traces and shell reproducers before and after proposed change. Note duplicates in the IRQ events. /proc/interrupts also shows a deviation, i.e. sum of children interrupts higher than parent's one. When locking is disabled for regmap and no protection in IRQ handler ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... gpioset-194 regmap_hw_write_start: i2c-INT3491:02 reg=2 count=1 irq/31-i2c-INT3-139 regmap_hw_read_start: i2c-INT3491:02 reg=4c count=2 gpioset-194 regmap_hw_write_done: i2c-INT3491:02 reg=2 count=1 gpioset-194 regmap_reg_read_cache: i2c-INT3491:02 reg=6 val=f5 gpioset-194 regmap_reg_write: i2c-INT3491:02 reg=6 val=f5 gpioset-194 regmap_hw_write_start: i2c-INT3491:02 reg=6 count=1 irq/31-i2c-INT3-139 regmap_hw_read_done: i2c-INT3491:02 reg=4c count=2 ... % gpiomon gpiochip3 0 & % gpioset gpiochip3 1=0 % gpioset gpiochip3 1=1 event: RISING EDGE offset: 0 timestamp: [ 302.782583765] % gpiomon gpiochip3 2 & % gpioset gpiochip3 1=0 event: RISING EDGE offset: 2 timestamp: [ 312.033148829] event: FALLING EDGE offset: 0 timestamp: [ 312.022757525] % gpioset gpiochip3 1=1 event: RISING EDGE offset: 2 timestamp: [ 316.201148473] event: RISING EDGE offset: 0 timestamp: [ 316.191759599] When locking is disabled for regmap and protection in IRQ handler ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... gpioset-202 regmap_hw_write_start: i2c-INT3491:02 reg=2 count=1 gpioset-202 regmap_hw_write_done: i2c-INT3491:02 reg=2 count=1 gpioset-202 regmap_reg_read_cache: i2c-INT3491:02 reg=6 val=fd gpioset-202 regmap_reg_write: i2c-INT3491:02 reg=6 val=fd gpioset-202 regmap_hw_write_start: i2c-INT3491:02 reg=6 count=1 gpioset-202 regmap_hw_write_done: i2c-INT3491:02 reg=6 count=1 irq/31-i2c-INT3-139 regmap_hw_read_start: i2c-INT3491:02 reg=4c count=2 irq/31-i2c-INT3-139 regmap_hw_read_done: i2c-INT3491:02 reg=4c count=2 ... % gpiomon gpiochip3 0 & % gpioset gpiochip3 1=0 event: FALLING EDGE offset: 0 timestamp: [ 531.330078107] % gpioset gpiochip3 1=1 event: RISING EDGE offset: 0 timestamp: [ 532.912239128] % gpiomon gpiochip3 2 & % gpioset gpiochip3 1=0 event: FALLING EDGE offset: 0 timestamp: [ 539.633669484] % gpioset gpiochip3 1=1 event: RISING EDGE offset: 0 timestamp: [ 542.256978461] Fixes: 6e20fb18054c ("drivers/gpio/pca953x.c: add a mutex to fix race condition") Depends-on: 35d13d94893f ("gpio: pca953x: convert to use bitmap API") Depends-on: 49427232764d ("gpio: pca953x: Perform basic regmap conversion") Cc: Marek Vasut Cc: Roland Stigge Signed-off-by: Andy Shevchenko Signed-off-by: Bartosz Golaszewski commit 435d1a471598752446a72ad1201b3c980526d869 Author: Peter Jones Date: Mon Jun 15 16:24:08 2020 -0400 efi: Make it possible to disable efivar_ssdt entirely In most cases, such as CONFIG_ACPI_CUSTOM_DSDT and CONFIG_ACPI_TABLE_UPGRADE, boot-time modifications to firmware tables are tied to specific Kconfig options. Currently this is not the case for modifying the ACPI SSDT via the efivar_ssdt kernel command line option and associated EFI variable. This patch adds CONFIG_EFI_CUSTOM_SSDT_OVERLAYS, which defaults disabled, in order to allow enabling or disabling that feature during the build. Cc: Signed-off-by: Peter Jones Link: https://lore.kernel.org/r/20200615202408.2242614-1-pjones@redhat.com Signed-off-by: Ard Biesheuvel commit 8c0a839c2bccb756454e35e8977e44fcf2bd417e Author: Heinrich Schuchardt Date: Tue Jun 16 01:42:31 2020 +0200 efi/libstub: Descriptions for stub helper functions Provide missing descriptions for EFI stub helper functions. Adjust formatting of existing descriptions to kernel style. Signed-off-by: Heinrich Schuchardt Link: https://lore.kernel.org/r/20200615234231.21059-1-xypron.glpk@gmx.de Signed-off-by: Ard Biesheuvel commit 861254d826499944cb4d9b5a15f5a794a6b99a69 Author: Navid Emamdoost Date: Thu Jun 4 22:00:52 2020 -0500 gpio: arizona: put pm_runtime in case of failure Calling pm_runtime_get_sync increments the counter even in case of failure, causing incorrect ref count if pm_runtime_put is not called in error handling paths. Call pm_runtime_put if pm_runtime_get_sync fails. Signed-off-by: Navid Emamdoost Acked-by: Charles Keepax Link: https://lore.kernel.org/r/20200605030052.78235-1-navid.emamdoost@gmail.com Signed-off-by: Linus Walleij commit e6f390a834b56583e6fc0949822644ce92fbb107 Author: Navid Emamdoost Date: Thu Jun 4 21:52:07 2020 -0500 gpio: arizona: handle pm_runtime_get_sync failure case Calling pm_runtime_get_sync increments the counter even in case of failure, causing incorrect ref count. Call pm_runtime_put if pm_runtime_get_sync fails. Signed-off-by: Navid Emamdoost Acked-by: Charles Keepax Link: https://lore.kernel.org/r/20200605025207.65719-1-navid.emamdoost@gmail.com Signed-off-by: Linus Walleij commit 8e68c6340d5833077b3753eabedab40755571383 Author: Vandita Kulkarni Date: Fri Jun 12 13:52:37 2020 +0530 drm/i915/display: Fix the encoder type check For all ddi, encoder->type holds output type as ddi, assigning it to individual o/p types is no more valid. Fixes: 362bfb995b78 ("drm/i915/tgl: Add DKL PHY vswing table for HDMI") v2: Rebase, no functional change. Signed-off-by: Vandita Kulkarni Reviewed-by: Uma Shankar Signed-off-by: Uma Shankar Link: https://patchwork.freedesktop.org/patch/msgid/20200612082237.11886-1-vandita.kulkarni@intel.com (cherry picked from commit 94641eb6c69682884abbecf22fe5b7c185af6a06) Signed-off-by: Joonas Lahtinen commit a3005c2edf7e8c3478880db1ca84028a2b6819bb Author: Imre Deak Date: Fri Jun 12 15:17:31 2020 +0300 drm/i915/icl+: Fix hotplug interrupt disabling after storm detection Atm, hotplug interrupts on TypeC ports are left enabled after detecting an interrupt storm, fix this. Reported-by: Kunal Joshi References: https://gitlab.freedesktop.org/drm/intel/-/issues/351 Bugzilla: https://gitlab.freedesktop.org/drm/intel/-/issues/1964 Cc: Kunal Joshi Cc: stable@vger.kernel.org Signed-off-by: Imre Deak Reviewed-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20200612121731.19596-1-imre.deak@intel.com (cherry picked from commit 587a87b9d7e94927edcdea018565bc1939381eb1) Signed-off-by: Joonas Lahtinen commit 27582a9c917940bc71c0df0b8e022cbde8d735d2 Author: Chris Wilson Date: Thu Jun 11 09:01:40 2020 +0100 drm/i915/gt: Move gen4 GT workarounds from init_clock_gating to workarounds Rescue the GT workarounds from being buried inside init_clock_gating so that we remember to apply them after a GT reset, and that they are included in our verification that the workarounds are applied. Signed-off-by: Chris Wilson Reviewed-by: Mika Kuoppala Cc: stable@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20200611080140.30228-6-chris@chris-wilson.co.uk (cherry picked from commit 2bcefd0d263ab4a72f0d61921ae6b0dc81606551) Signed-off-by: Joonas Lahtinen commit eacf21040aa97fd1b3c6bb201bfd43820e1c49be Author: Chris Wilson Date: Thu Jun 11 09:01:39 2020 +0100 drm/i915/gt: Move ilk GT workarounds from init_clock_gating to workarounds Rescue the GT workarounds from being buried inside init_clock_gating so that we remember to apply them after a GT reset, and that they are included in our verification that the workarounds are applied. Signed-off-by: Chris Wilson Reviewed-by: Mika Kuoppala Cc: stable@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20200611080140.30228-5-chris@chris-wilson.co.uk (cherry picked from commit 806a45c0838d253e306a6384057e851b65d11099) Signed-off-by: Joonas Lahtinen commit fd2599bda5a989c3332f4956fd7760ec32bd51ee Author: Chris Wilson Date: Thu Jun 11 09:01:38 2020 +0100 drm/i915/gt: Move snb GT workarounds from init_clock_gating to workarounds Rescue the GT workarounds from being buried inside init_clock_gating so that we remember to apply them after a GT reset, and that they are included in our verification that the workarounds are applied. Signed-off-by: Chris Wilson Reviewed-by: Mika Kuoppala Cc: stable@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20200611080140.30228-4-chris@chris-wilson.co.uk (cherry picked from commit c3b93a943f2c9ee4a106db100a2fc3b2f126bfc5) Signed-off-by: Joonas Lahtinen commit 695a2b11649e99bbf15d278042247042c42b8728 Author: Chris Wilson Date: Thu Jun 11 09:01:37 2020 +0100 drm/i915/gt: Move vlv GT workarounds from init_clock_gating to workarounds Rescue the GT workarounds from being buried inside init_clock_gating so that we remember to apply them after a GT reset, and that they are included in our verification that the workarounds are applied. Signed-off-by: Chris Wilson Reviewed-by: Mika Kuoppala Cc: stable@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20200611080140.30228-3-chris@chris-wilson.co.uk (cherry picked from commit 7331c356b6d2d8a01422cacab27478a1dba9fa2a) Signed-off-by: Joonas Lahtinen commit 7237b190add0794bd95979018a23eda698f2705d Author: Chris Wilson Date: Thu Jun 11 09:01:36 2020 +0100 drm/i915/gt: Move ivb GT workarounds from init_clock_gating to workarounds Rescue the GT workarounds from being buried inside init_clock_gating so that we remember to apply them after a GT reset, and that they are included in our verification that the workarounds are applied. Signed-off-by: Chris Wilson Reviewed-by: Mika Kuoppala Cc: stable@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20200611080140.30228-2-chris@chris-wilson.co.uk (cherry picked from commit 19f1f627b33385a2f0855cbc7d33d86d7f4a1e78) Signed-off-by: Joonas Lahtinen commit ef50fa9bd17d13d0611e39e13b37bbd3e1ea50bf Author: Chris Wilson Date: Thu Jun 11 10:30:15 2020 +0100 drm/i915/gt: Move hsw GT workarounds from init_clock_gating to workarounds Rescue the GT workarounds from being buried inside init_clock_gating so that we remember to apply them after a GT reset, and that they are included in our verification that the workarounds are applied. v2: Leave HSW_SCRATCH to set an explicit value, not or in our disable bit. Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/2011 Signed-off-by: Chris Wilson Cc: Mika Kuoppala Reviewed-by: Mika Kuoppala Cc: stable@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20200611093015.11370-1-chris@chris-wilson.co.uk (cherry picked from commit f93ec5fb563779bda4501890b1854526de58e0f1) Signed-off-by: Joonas Lahtinen commit 898e4e57adaeeefcfcf23f5d83360e513b69172f Author: Imre Deak Date: Wed Jun 10 01:06:16 2020 +0300 drm/i915/icl: Disable DIP on MST ports with the transcoder clock still on According to BSpec the Data Island Packet should be disabled after disabling the transcoder, but before the transcoder clock select is set to none. On an ICL RVP, daisy-chained MST config not following this leads to a hang with the following MCE when disabling the output: [ 870.948739] mce: [Hardware Error]: CPU 0: Machine Check Exception: 5 Bank 6: ba00000011000402 [ 871.019212] mce: [Hardware Error]: RIP !INEXACT! 10: {poll_idle+0x92/0xb0} [ 871.019212] mce: [Hardware Error]: TSC 135a261fe61 [ 871.019212] mce: [Hardware Error]: PROCESSOR 0:706e5 TIME 1591739604 SOCKET 0 APIC 0 microcode 20 [ 871.019212] mce: [Hardware Error]: Run the above through 'mcelog --ascii' [ 871.019212] mce: [Hardware Error]: Machine check: Processor context corrupt [ 871.019212] Kernel panic - not syncing: Fatal machine check [ 871.019212] Kernel Offset: disabled Bspec: 4287 Fixes: fa37a213275c ("drm/i915: Stop sending DP SDPs on ddi disable") Cc: Gwan-gyeong Mun Cc: Uma Shankar Signed-off-by: Imre Deak Reviewed-by: Uma Shankar Link: https://patchwork.freedesktop.org/patch/msgid/20200609220616.6015-1-imre.deak@intel.com (cherry picked from commit c980216dd224c52b5c70172753c209b653d84958) Signed-off-by: Joonas Lahtinen commit 8ab3a3812aa90e488813e719308ffd807b865624 Author: Chris Wilson Date: Tue Jun 9 16:17:23 2020 +0100 drm/i915/gt: Incrementally check for rewinding In commit 5ba32c7be81e ("drm/i915/execlists: Always force a context reload when rewinding RING_TAIL"), we placed the check for rewinding a context on actually submitting the next request in that context. This was so that we only had to check once, and could do so with precision avoiding as many forced restores as possible. For example, to ensure that we can resubmit the same request a couple of times, we include a small wa_tail such that on the next submission, the ring->tail will appear to move forwards when resubmitting the same request. This is very common as it will happen for every lite-restore to fill the second port after a context switch. However, intel_ring_direction() is limited in precision to movements of upto half the ring size. The consequence being that if we tried to unwind many requests, we could exceed half the ring and flip the sense of the direction, so missing a force restore. As no request can be greater than half the ring (i.e. 2048 bytes in the smallest case), we can check for rollback incrementally. As we check against the tail that would be submitted, we do not lose any sensitivity and allow lite restores for the simple case. We still need to double check upon submitting the context, to allow for multiple preemptions and resubmissions. Fixes: 5ba32c7be81e ("drm/i915/execlists: Always force a context reload when rewinding RING_TAIL") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: # v5.4+ Reviewed-by: Bruce Chang Reviewed-by: Mika Kuoppala Link: https://patchwork.freedesktop.org/patch/msgid/20200609151723.12971-1-chris@chris-wilson.co.uk (cherry picked from commit e36ba817fa966f81fb1c8d16f3721b5a644b2fa9) Signed-off-by: Joonas Lahtinen commit a43555ac908c604f45ed98628805aec9355b9737 Author: Khaled Almahallawy Date: Mon Jun 8 13:45:37 2020 -0700 drm/i915/tc: fix the reset of ln0 Setting ln0 similar to ln1 Fixes: 3b51be4e4061b ("drm/i915/tc: Update DP_MODE programming") Cc: # v5.5+ Signed-off-by: Khaled Almahallawy Reviewed-by: José Roberto de Souza Signed-off-by: Imre Deak Link: https://patchwork.freedesktop.org/patch/msgid/20200608204537.28468-1-khaled.almahallawy@intel.com (cherry picked from commit 4f72a8ee819d57d7329d88f487a2fc9b45153177) Signed-off-by: Joonas Lahtinen commit 4178b5a60cefd4721095cce974af7c142f2a6331 Author: Chris Wilson Date: Wed May 27 17:24:18 2020 +0100 drm/i915/gt: Prevent timeslicing into unpreemptable requests We have a I915_REQUEST_NOPREEMPT flag that we set when we must prevent the HW from preempting during the course of this request. We need to honour this flag and protect the HW even if we have a heartbeat request, or other maximum priority barrier, pending. As such, restrict the timeslicing check to avoid preempting into the topmost priority band, leaving the unpreemptable requests in blissful peace running uninterrupted on the HW. v2: Set the I915_PRIORITY_BARRIER to be less than I915_PRIORITY_UNPREEMPTABLE so that we never submit a request (heartbeat or barrier) that can legitimately preempt the current non-premptable request. Fixes: 2a98f4e65bba ("drm/i915: add infrastructure to hold off preemption on a request") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Reviewed-by: Tvrtko Ursulin Link: https://patchwork.freedesktop.org/patch/msgid/20200527162418.24755-1-chris@chris-wilson.co.uk (cherry picked from commit b72f02d78e4f257761ed003444ae52083f962076) Signed-off-by: Joonas Lahtinen commit 3ffbe35321f4671c924a47bb50ca8087f87b2791 Author: Chris Wilson Date: Tue May 19 07:31:14 2020 +0100 drm/i915/selftests: Restore to default heartbeat Since we temporarily disable the heartbeat and restore back to the default value, we can use the stored defaults on the engine and avoid using a local. Signed-off-by: Chris Wilson Reviewed-by: Mika Kuoppala Link: https://patchwork.freedesktop.org/patch/msgid/20200519063123.20673-3-chris@chris-wilson.co.uk (cherry picked from commit 3a230a554dbbc6cd5016cf1b56ee77cfcd48c7d8) Signed-off-by: Joonas Lahtinen commit bf6b694a6a908a6fd8f23eada669d1e90b2772af Author: Gene Chen Date: Mon Jun 8 17:38:45 2020 +0800 mfd: mt6360: Fix register driver NULL pointer by adding driver name The driver name was accidentally removed when .probe() by was replaced by .probe_new() during an early patch review. [ 121.243012] EAX: c2a8bc64 EBX: 00000000 ECX: 00000000 EDX: 00000000 [ 121.243012] ESI: c2a8bc79 EDI: 00000000 EBP: e54bdea8 ESP: e54bdea0 [ 121.243012] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010286 [ 121.243012] CR0: 80050033 CR2: 00000000 CR3: 02ec3000 CR4: 000006b0 [ 121.243012] Call Trace: [ 121.243012] kset_find_obj+0x3d/0xc0 [ 121.243012] driver_find+0x16/0x40 [ 121.243012] driver_register+0x49/0x100 [ 121.243012] ? i2c_for_each_dev+0x39/0x50 [ 121.243012] ? __process_new_adapter+0x20/0x20 [ 121.243012] ? cht_wc_driver_init+0x11/0x11 [ 121.243012] i2c_register_driver+0x30/0x80 [ 121.243012] ? intel_lpss_pci_driver_init+0x16/0x16 [ 121.243012] mt6360_pmu_driver_init+0xf/0x11 [ 121.243012] do_one_initcall+0x33/0x1a0 [ 121.243012] ? parse_args+0x1eb/0x3d0 [ 121.243012] ? __might_sleep+0x31/0x90 [ 121.243012] ? kernel_init_freeable+0x10a/0x17f [ 121.243012] kernel_init_freeable+0x12c/0x17f [ 121.243012] ? rest_init+0x110/0x110 [ 121.243012] kernel_init+0xb/0x100 [ 121.243012] ? schedule_tail_wrapper+0x9/0xc [ 121.243012] ret_from_fork+0x19/0x24 [ 121.243012] Modules linked in: [ 121.243012] CR2: 0000000000000000 [ 121.243012] random: get_random_bytes called from init_oops_id+0x3a/0x40 with crng_init=0 [ 121.243012] ---[ end trace 38a803400f1a2bee ]--- [ 121.243012] EIP: strcmp+0x11/0x30 Fixes: 7edd363421dab ("mfd: Add support for PMIC MT6360") Signed-off-by: Gene Chen Reviewed-by: Matthias Brugger [Lee: Taking the opportunity to fix the compatible string too 's/_/-/'] Signed-off-by: Lee Jones commit 3e5b8f87994e1269a7a9ea1862df163b110932eb Author: kernel test robot Date: Mon Jun 8 09:02:53 2020 +0800 pinctrl: mcp23s08: Split to three parts: fix ptr_ret.cocci warnings drivers/pinctrl/pinctrl-mcp23s08_spi.c:129:1-3: WARNING: PTR_ERR_OR_ZERO can be used Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR Generated by: scripts/coccinelle/api/ptr_ret.cocci Fixes: 0f04a81784fe ("pinctrl: mcp23s08: Split to three parts: core, I²C, SPI") Signed-off-by: kernel test robot Acked-by: Andy Shevchenko CC: Andy Shevchenko Link: https://lore.kernel.org/r/20200608010253.GA79576@44f7ab9e8d59 Signed-off-by: Linus Walleij commit 782b6b69847f34dda330530493ea62b7de3fd06a Author: Vidya Sagar Date: Thu Jun 4 23:19:35 2020 +0530 pinctrl: tegra: Use noirq suspend/resume callbacks Use noirq suspend/resume callbacks as other drivers which implement noirq suspend/resume callbacks (Ex:- PCIe) depend on pinctrl driver to configure the signals used by their respective devices in the noirq phase. Signed-off-by: Vidya Sagar Reviewed-by: Dmitry Osipenko Link: https://lore.kernel.org/r/20200604174935.26560-1-vidyas@nvidia.com Signed-off-by: Linus Walleij commit 5e50311556c9f409a85740e3cb4c4511e7e27da0 Author: Dmitry Baryshkov Date: Thu Jun 4 03:28:17 2020 +0300 pinctrl: qcom: spmi-gpio: fix warning about irq chip reusage Fix the following warnings caused by reusage of the same irq_chip instance for all spmi-gpio gpio_irq_chip instances. Instead embed irq_chip into pmic_gpio_state struct. gpio gpiochip2: (c440000.qcom,spmi:pmic@2:gpio@c000): detected irqchip that is shared with multiple gpiochips: please fix the driver. gpio gpiochip3: (c440000.qcom,spmi:pmic@4:gpio@c000): detected irqchip that is shared with multiple gpiochips: please fix the driver. gpio gpiochip4: (c440000.qcom,spmi:pmic@a:gpio@c000): detected irqchip that is shared with multiple gpiochips: please fix the driver. Signed-off-by: Dmitry Baryshkov Acked-by: Manivannan Sadhasivam Link: https://lore.kernel.org/r/20200604002817.667160-1-dmitry.baryshkov@linaro.org Signed-off-by: Linus Walleij commit e9c15badbb7b20ccdbadf5da14e0a68fbad51015 Author: Mel Gorman Date: Mon Jun 15 13:13:58 2020 +0100 fs: Do not check if there is a fsnotify watcher on pseudo inodes The kernel uses internal mounts created by kern_mount() and populated with files with no lookup path by alloc_file_pseudo() for a variety of reasons. An example of such a mount is for anonymous pipes. For pipes, every vfs_write() regardless of filesystem, calls fsnotify_modify() to notify of any changes which incurs a small amount of overhead in fsnotify even when there are no watchers. It can also trigger for reads and readv and writev, it was simply vfs_write() that was noticed first. A patch is pending that reduces, but does not eliminate, the overhead of fsnotify but for files that cannot be looked up via a path, even that small overhead is unnecessary. The user API for all notification subsystems (inotify, fanotify, ...) is based on the pathname and a dirfd and proc entries appear to be the only visible representation of the files. Proc does not have the same pathname as the internal entry and the proc inode is not the same as the internal inode so even if fanotify is used on a file under /proc/XX/fd, no useful events are notified. This patch changes alloc_file_pseudo() to always opt out of fsnotify by setting FMODE_NONOTIFY flag so that no check is made for fsnotify watchers on pseudo files. This should be safe as the underlying helper for the dentry is d_alloc_pseudo() which explicitly states that no lookups are ever performed meaning that fanotify should have nothing useful to attach to. The test motivating this was "perf bench sched messaging --pipe". On a single-socket machine using threads the difference of the patch was as follows. 5.7.0 5.7.0 vanilla nofsnotify-v1r1 Amean 1 1.3837 ( 0.00%) 1.3547 ( 2.10%) Amean 3 3.7360 ( 0.00%) 3.6543 ( 2.19%) Amean 5 5.8130 ( 0.00%) 5.7233 * 1.54%* Amean 7 8.1490 ( 0.00%) 7.9730 * 2.16%* Amean 12 14.6843 ( 0.00%) 14.1820 ( 3.42%) Amean 18 21.8840 ( 0.00%) 21.7460 ( 0.63%) Amean 24 28.8697 ( 0.00%) 29.1680 ( -1.03%) Amean 30 36.0787 ( 0.00%) 35.2640 * 2.26%* Amean 32 38.0527 ( 0.00%) 38.1223 ( -0.18%) The difference is small but in some cases it's outside the noise so while marginal, there is still some small benefit to ignoring fsnotify for files allocated via alloc_file_pseudo() in some cases. Link: https://lore.kernel.org/r/20200615121358.GF3183@techsingularity.net Signed-off-by: Mel Gorman Reviewed-by: Amir Goldstein Signed-off-by: Jan Kara commit cf5057e169f460e825bdf580eb285bb601156f82 Author: Jens Wiklander Date: Mon Jun 15 15:02:42 2020 +0200 MAINTAINERS: change tee mailing list The old TEE mailing list tee-dev@lists.linaro.org is about to be retired. From now on please use op-tee@lists.trustedfirmware.org instead. Acked-by: Sumit Garg Signed-off-by: Jens Wiklander commit b9dbe0101e344e8339406a11b7a91d4a0c50ad13 Author: Matthew Hagan Date: Tue Jun 9 17:58:29 2020 +0100 ARM: dts: NSP: Disable PL330 by default, add dma-coherent property Currently the PL330 is enabled by default. However if left in IDM reset, as is the case with the Meraki and Synology NSP devices, the system will hang when probing for the PL330's AMBA peripheral ID. We therefore should be able to disable it in these cases. The PL330 is also included among of the list of peripherals put into coherent mode, so "dma-coherent" has been added here as well. Fixes: 5fa1026a3e4d ("ARM: dts: NSP: Add PL330 support") Signed-off-by: Matthew Hagan Signed-off-by: Florian Fainelli commit 76fafbfffb447d2a5a95d5a9486b0217c00f9785 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 w1: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 7fac96f2be3bbdb0b21c0de6812e965868137ad4 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 tracing/probe: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 9f162d9d726526b243b7452a6e7bb0ae5148c0f1 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 soc: ti: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 5cab1634e485ce7b33839f762f3bb9b5f009dc87 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 tifm: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 0084b225ee2639ece7b43af5b0b8a5e3d72a3c1e Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 dmaengine: tegra-apb: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit e35635000ffd74db358fbc18bc899918810788bf Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 stm class: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit b2b32e3aa08475d98d2c325fa5886e151fcd2981 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 Squashfs: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit ceaf7191b99daedd5b2026bf786c86ccadd94630 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 ASoC: SOF: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit eb492c627a61b5630d5e6d9f6cfecbcd60611e05 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 ima: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit af6bb61cc0a25fba4411f4348f01011c9a769047 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 sctp: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 50f894d50ac3303097011e7520755d337401245c Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 phy: samsung: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 18bdc20be19741ac97499a37e42323248114b496 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 RxRPC: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit a611d137bfe79098471cd22fbf969fa859074921 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 rapidio: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 5342e9bb035516f9649b53186a925a584b1800be Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 media: pwc: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit b912f89c947dbcea3101bba99c6edef44ae7ea29 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 firmware: pcdp: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 0a418cd117d2827653a3ae1cc1dd78edb4ff733d Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 oprofile: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 8a631c26bd184a94f9699b0cc7e0d1d34428d395 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 block: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit a5290feb5a90cc25901c51af8352a96d55776e66 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 tools/testing/nvdimm: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 9c5fbf05cb00cc9e6f1baf42751c6bfe1e6859ba Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 libata: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 67a862a94d5d55fbfde6942c81f9e51f943f452c Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 kprobes: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit ad8cb1654d2f123bbff317a8168028e2b451ed11 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 keys: encrypted-type: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 50b6951feb621ac6a246a6f773edc0a3b9b7f3b4 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 kexec: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 764e515f41c82220b20099962f47ec952c9ca6de Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 KVM: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 6112bad79f4de4bde62f630494760a300724e4b4 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 jffs2: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 8192e60c6a73f945c783d37934034eac29b5edb8 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 ibft: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit f2baaff2798fad7dd6d8cb03672b8024c85142f8 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 samples: mei: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 1907774c37f052ebc7606b6c24ae6d455ed07d85 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 ia64: kernel: unwind_i.h: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 67cd46244611ca7b0d5447dac9a0cbd76b875210 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 FS-Cache: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit c38e7e212acdb52dc8c0553340050b02e4a3f848 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 firewire: ohci: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 6b5679d2378324d0ed1c02c8e828b3b8687d3b08 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 cb710: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit ec4ac369397aa9ef81031cb7445bf1fbc677a393 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 drm/edid: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 1060bfc8e2d34a0fa058bdb610cd2fb70f74a472 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 drbd: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 6c48764aa478b193a58ae601e6e1e32d71a41988 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 crypto: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit d6562f1ca877e0c2b020be0a66d59592e9f37f24 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 can: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 12033457bf15c811ec26b0e9074ddce494d0399f Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 can: peak_canfd: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 466f966b1f4545acad150331911784d3f49ab1c3 Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 dmaengine: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 06f3a5a4cbb5fbf552174a426be0b3027149a66f Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 ARM: tegra: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 241cb28e38c322068c87da4c479e07fbae0c1a4e Author: Gustavo A. R. Silva Date: Thu May 28 09:35:11 2020 -0500 aio: Replace zero-length array with flexible-array There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit aa125f313d8e7d04bf001175dadeabaf8723c00b Author: Gustavo A. R. Silva Date: Fri Feb 21 09:32:33 2020 -0600 firmware: google: vpd: Replace zero-length array with flexible-array member There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit ea9ee9976750b3d047141ebeb12ba92b634dfbef Author: Gustavo A. R. Silva Date: Fri Feb 21 09:30:21 2020 -0600 firmware: google: memconsole: Replace zero-length array with flexible-array member There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit 8e849a41276a5bae6050d89ed9421bd882c77d2e Author: Gustavo A. R. Silva Date: Fri Feb 21 09:15:44 2020 -0600 firmware: dmi-sysfs: Replace zero-length array with flexible-array member There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva commit b8f1d1e05817f5e5f7517911b55ea13d2c0438a0 Author: Christoph Hellwig Date: Mon Jun 15 08:46:24 2020 +0200 scsi: Wire up ata_scsi_dma_need_drain for SAS HBA drivers We need ata_scsi_dma_need_drain for all drivers wired up to drive ATAPI devices through libata. That also includes the SAS HBA drivers in addition to native libata HBA drivers. Link: https://lore.kernel.org/r/20200615064624.37317-3-hch@lst.de Fixes: cc97923a5bcc ("block: move dma drain handling to scsi") Reported-by: Michael Ellerman Tested-by: Michael Ellerman Acked-by: Jack Wang Acked-by: John Garry Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen commit 7bb7ee8704fea9fec9eea53322b8464c3ed70a3d Author: Christoph Hellwig Date: Mon Jun 15 08:46:23 2020 +0200 scsi: libata: Provide an ata_scsi_dma_need_drain stub for !CONFIG_ATA SAS drivers can be compiled with ata support disabled. Provide a stub so that the drivers don't have to ifdef around wiring up ata_scsi_dma_need_drain. Link: https://lore.kernel.org/r/20200615064624.37317-2-hch@lst.de Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen commit 0bdcfa182506526fbe4e088ff9ca86a31b81828d Author: Nicholas Piggin Date: Mon Jun 15 16:12:47 2020 +1000 powerpc/64s: Fix KVM interrupt using wrong save area The CTR register reload in the KVM interrupt path used the wrong save area for SLB (and NMI) interrupts. Fixes: 9600f261acaa ("powerpc/64s/exception: Move KVM test to common code") Cc: stable@vger.kernel.org # v5.7+ Reported-by: Christian Zigotzky Signed-off-by: Nicholas Piggin Tested-by: Christian Zigotzky Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200615061247.1310763-1-npiggin@gmail.com commit a1e17eb03e69bb61bd1b1a14610436b7b9be12d9 Author: Dinghao Liu Date: Fri May 22 12:59:29 2020 +0800 scsi: ufs-bsg: Fix runtime PM imbalance on error When ufs_bsg_alloc_desc_buffer() returns an error code, a pairing runtime PM usage counter decrement is needed to keep the counter balanced. Link: https://lore.kernel.org/r/20200522045932.31795-1-dinghao.liu@zju.edu.cn Fixes: 74e5e468b664 (scsi: ufs-bsg: Wake the device before sending raw upiu commands) Reviewed-by: Avri Altman Signed-off-by: Dinghao Liu Signed-off-by: Martin K. Petersen commit d35f18b554be015b6fa89fad6447c6fce8e6ad66 Author: Vaibhav Jain Date: Mon Jun 15 18:14:07 2020 +0530 powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH This patch implements support for PDSM request 'PAPR_PDSM_HEALTH' that returns a newly introduced 'struct nd_papr_pdsm_health' instance containing dimm health information back to user space in response to ND_CMD_CALL. This functionality is implemented in newly introduced papr_pdsm_health() that queries the nvdimm health information and then copies this information to the package payload whose layout is defined by 'struct nd_papr_pdsm_health'. Signed-off-by: Vaibhav Jain Cc: "Aneesh Kumar K . V" Cc: Dan Williams Cc: Michael Ellerman Cc: Ira Weiny Link: https://lore.kernel.org/r/20200615124407.32596-7-vaibhav@linux.ibm.com Signed-off-by: Dan Williams commit f517f7925b7b453cb83be06c268ba057b78e4792 Author: Vaibhav Jain Date: Mon Jun 15 18:14:06 2020 +0530 ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods Introduce support for PAPR NVDIMM Specific Methods (PDSM) in papr_scm module and add the command family NVDIMM_FAMILY_PAPR to the white list of NVDIMM command sets. Also advertise support for ND_CMD_CALL for the nvdimm command mask and implement necessary scaffolding in the module to handle ND_CMD_CALL ioctl and PDSM requests that we receive. The layout of the PDSM request as we expect from libnvdimm/libndctl is described in newly introduced uapi header 'papr_pdsm.h' which defines a 'struct nd_pkg_pdsm' and a maximal union named 'nd_pdsm_payload'. These new structs together with 'struct nd_cmd_pkg' for a pdsm envelop thats sent by libndctl to libnvdimm and serviced by papr_scm in 'papr_scm_service_pdsm()'. The PDSM request is communicated by member 'struct nd_cmd_pkg.nd_command' together with other information on the pdsm payload (size-in, size-out). The patch also introduces 'struct pdsm_cmd_desc' instances of which are stored in an array __pdsm_cmd_descriptors[] indexed with PDSM cmd and corresponding access function pdsm_cmd_desc() is introduced. 'struct pdsm_cdm_desc' holds the service function for a given PDSM and corresponding payload in/out sizes. A new function papr_scm_service_pdsm() is introduced and is called from papr_scm_ndctl() in case of a PDSM request is received via ND_CMD_CALL command from libnvdimm. The function performs validation on the PDSM payload based on info present in corresponding PDSM descriptor and if valid calls the 'struct pdcm_cmd_desc.service' function to service the PDSM. Signed-off-by: Vaibhav Jain Cc: "Aneesh Kumar K . V" Cc: Dan Williams Cc: Michael Ellerman Cc: Ira Weiny Link: https://lore.kernel.org/r/20200615124407.32596-6-vaibhav@linux.ibm.com Signed-off-by: Dan Williams commit b5f38f09e1558c20265a2976b0337bab143a66c7 Author: Vaibhav Jain Date: Mon Jun 15 18:14:05 2020 +0530 powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() Since papr_scm_ndctl() can be called from outside papr_scm, its exposed to the possibility of receiving NULL as value of 'cmd_rc' argument. This patch updates papr_scm_ndctl() to protect against such possibility by assigning it pointer to a local variable in case cmd_rc == NULL. Finally the patch also updates the 'default' add a debug log unknown 'cmd' values. Signed-off-by: Vaibhav Jain Reviewed-by: Ira Weiny Cc: "Aneesh Kumar K . V" Cc: Dan Williams Cc: Michael Ellerman Cc: Ira Weiny Link: https://lore.kernel.org/r/20200615124407.32596-5-vaibhav@linux.ibm.com Signed-off-by: Dan Williams commit b791abf3201d724ac372c2ba1fa6e90d192e1dbf Author: Vaibhav Jain Date: Mon Jun 15 18:14:04 2020 +0530 powerpc/papr_scm: Fetch nvdimm health information from PHYP Implement support for fetching nvdimm health information via H_SCM_HEALTH hcall as documented in Ref[1]. The hcall returns a pair of 64-bit bitmap, bitwise-and of which is then stored in 'struct papr_scm_priv' and subsequently partially exposed to user-space via newly introduced dimm specific attribute 'papr/flags'. Since the hcall is costly, the health information is cached and only re-queried, 60s after the previous successful hcall. The patch also adds a documentation text describing flags reported by the the new sysfs attribute 'papr/flags' is also introduced at Documentation/ABI/testing/sysfs-bus-papr-pmem. [1] commit 58b278f568f0 ("powerpc: Provide initial documentation for PAPR hcalls") Signed-off-by: Vaibhav Jain Cc: "Aneesh Kumar K . V" Cc: Dan Williams Cc: Michael Ellerman Cc: Ira Weiny Link: https://lore.kernel.org/r/20200615124407.32596-4-vaibhav@linux.ibm.com Signed-off-by: Dan Williams commit 97c02c723bcef11da2f46facdde7c34e72ec8a1f Author: Vaibhav Jain Date: Mon Jun 15 18:14:03 2020 +0530 seq_buf: Export seq_buf_printf 'seq_buf' provides a very useful abstraction for writing to a string buffer without needing to worry about it over-flowing. However even though the API has been stable for couple of years now its still not exported to kernel loadable modules limiting its usage. Hence this patch proposes update to 'seq_buf.c' to mark seq_buf_printf() which is part of the seq_buf API to be exported to kernel loadable GPL modules. This symbol will be used in later parts of this patch-set to simplify content creation for a sysfs attribute. Signed-off-by: Vaibhav Jain Acked-by: Steven Rostedt (VMware) Cc: Piotr Maziarz Cc: Cezary Rojewski Cc: Christoph Hellwig Cc: Steven Rostedt Cc: Borislav Petkov Link: https://lore.kernel.org/r/20200615124407.32596-3-vaibhav@linux.ibm.com Signed-off-by: Dan Williams commit 901e34905ac5e402fd690a1fdf51fc7f070bdc6e Author: Vaibhav Jain Date: Mon Jun 15 18:14:02 2020 +0530 powerpc: Document details on H_SCM_HEALTH hcall Add documentation to 'papr_hcalls.rst' describing the bitmap flags that are returned from H_SCM_HEALTH hcall as per the PAPR-SCM specification. Signed-off-by: Vaibhav Jain Acked-by: Ira Weiny Cc: "Aneesh Kumar K . V" Cc: Dan Williams Cc: Michael Ellerman Cc: Ira Weiny Link: https://lore.kernel.org/r/20200615124407.32596-2-vaibhav@linux.ibm.com Signed-off-by: Dan Williams commit b8ad540dd4e40566c520dff491fc06c71ae6b989 Author: Wei Yongjun Date: Mon Jun 15 09:35:22 2020 +0800 mptcp: fix memory leak in mptcp_subflow_create_socket() socket malloced by sock_create_kern() should be release before return in the error handling, otherwise it cause memory leak. unreferenced object 0xffff88810910c000 (size 1216): comm "00000003_test_m", pid 12238, jiffies 4295050289 (age 54.237s) hex dump (first 32 bytes): 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 2f 30 0a 81 88 ff ff ........./0..... backtrace: [<00000000e877f89f>] sock_alloc_inode+0x18/0x1c0 [<0000000093d1dd51>] alloc_inode+0x63/0x1d0 [<000000005673fec6>] new_inode_pseudo+0x14/0xe0 [<00000000b5db6be8>] sock_alloc+0x3c/0x260 [<00000000e7e3cbb2>] __sock_create+0x89/0x620 [<0000000023e48593>] mptcp_subflow_create_socket+0xc0/0x5e0 [<00000000419795e4>] __mptcp_socket_create+0x1ad/0x3f0 [<00000000b2f942e8>] mptcp_stream_connect+0x281/0x4f0 [<00000000c80cd5cc>] __sys_connect_file+0x14d/0x190 [<00000000dc761f11>] __sys_connect+0x128/0x160 [<000000008b14e764>] __x64_sys_connect+0x6f/0xb0 [<000000007b4f93bd>] do_syscall_64+0xa1/0x530 [<00000000d3e770b6>] entry_SYSCALL_64_after_hwframe+0x49/0xb3 Fixes: 2303f994b3e1 ("mptcp: Associate MPTCP context with TCP socket") Signed-off-by: Wei Yongjun Signed-off-by: David S. Miller commit 4cd016ca2e3e880157070b78380199cc0c0a6226 Merge: c92cbaea3cc0 505ee3a1cab9 Author: David S. Miller Date: Mon Jun 15 18:06:52 2020 -0700 Merge branch 'remove-dependency-between-mlx5-act_ct-nf_flow_table' Roi Dayan says: ==================== remove dependency between mlx5, act_ct, nf_flow_table Some exported functions from act_ct and nf_flow_table being used in mlx5_core. This leads that mlx5 module always require act_ct and nf_flow_table modules. Those small exported functions can be moved to the header files to avoid this module dependency. ==================== Signed-off-by: David S. Miller commit 505ee3a1cab96785fbc2c7cdb41ab677ec270c3c Author: Alaa Hleihel Date: Sun Jun 14 14:12:49 2020 +0300 netfilter: flowtable: Make nf_flow_table_offload_add/del_cb inline Currently, nf_flow_table_offload_add/del_cb are exported by nf_flow_table module, therefore modules using them will have hard-dependency on nf_flow_table and will require loading it all the time. This can lead to an unnecessary overhead on systems that do not use this API. To relax the hard-dependency between the modules, we unexport these functions and make them static inline. Fixes: 978703f42549 ("netfilter: flowtable: Add API for registering to flow table events") Signed-off-by: Alaa Hleihel Reviewed-by: Roi Dayan Reviewed-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller commit 762f926d6f19b9ab4dee0f98d55fc67e276cd094 Author: Alaa Hleihel Date: Sun Jun 14 14:12:48 2020 +0300 net/sched: act_ct: Make tcf_ct_flow_table_restore_skb inline Currently, tcf_ct_flow_table_restore_skb is exported by act_ct module, therefore modules using it will have hard-dependency on act_ct and will require loading it all the time. This can lead to an unnecessary overhead on systems that do not use hardware connection tracking action (ct_metadata action) in the first place. To relax the hard-dependency between the modules, we unexport this function and make it a static inline one. Fixes: 30b0cf90c6dd ("net/sched: act_ct: Support restoring conntrack info on skbs") Signed-off-by: Alaa Hleihel Reviewed-by: Roi Dayan Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller commit c34a06c56df7c513cd19f591b26fe7d814c778cc Author: Andrii Nakryiko Date: Mon Jun 15 15:53:55 2020 -0700 tools/bpftool: Add ringbuf map to a list of known map types Add symbolic name "ringbuf" to map to BPF_MAP_TYPE_RINGBUF. Without this, users will see "type 27" instead of "ringbuf" in `map show` output. Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200615225355.366256-1-andriin@fb.com commit b0659d8a950d424e57cc0a67afc4740ee561224e Author: Andrii Nakryiko Date: Mon Jun 15 14:49:26 2020 -0700 bpf: Fix definition of bpf_ringbuf_output() helper in UAPI comments Fix definition of bpf_ringbuf_output() in UAPI header comments, which is used to generate libbpf's bpf_helper_defs.h header. Return value is a number (error code), not a pointer. Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200615214926.3638836-1-andriin@fb.com commit 5bcc066c05909d2af5c954911309f02312b0b02e Author: Randy Dunlap Date: Mon Jun 15 12:22:53 2020 -0700 trace/events/block.h: drop kernel-doc for dropped function parameter Fix kernel-doc warning: the parameter was removed, so also remove the kernel-doc notation for it. ../include/trace/events/block.h:278: warning: Excess function parameter 'error' description in 'trace_block_bio_complete' Fixes: d24de76af836 ("block: remove the error argument to the block_bio_complete tracepoint") Signed-off-by: Randy Dunlap Cc: Christoph Hellwig Cc: Jens Axboe Signed-off-by: Jens Axboe commit a5dc8300df75e8b8384b4c82225f1e4a0b4d9b55 Author: Sasha Levin Date: Mon Jun 15 18:24:27 2020 -0400 scripts/decode_stacktrace: warn when modpath is needed but is unset When a user tries to parse a symbol located inside a module he must have modpath set. Otherwise, decode_stacktrace won't be able to parse the symbol correctly. Right now the failure is silent and easily missed by the user. What's worse is that by the time the user realizes what happened (or someone on LKML asks him to add the modpath and re-run), he might have already got rid of the vmlinux/modules. Signed-off-by: Sasha Levin Signed-off-by: Linus Torvalds commit c92cbaea3cc0a80807e386922f801eb6d3652c81 Author: Vladimir Oltean Date: Sun Jun 14 23:54:09 2020 +0300 net: dsa: sja1105: fix PTP timestamping with large tc-taprio cycles It isn't actually described clearly at all in UM10944.pdf, but on TX of a management frame (such as PTP), this needs to happen: - The destination MAC address (i.e. 01-80-c2-00-00-0e), along with the desired destination port, need to be installed in one of the 4 management slots of the switch, over SPI. - The host can poll over SPI for that management slot's ENFPORT field. That gets unset when the switch has matched the slot to the frame. And therein lies the problem. ENFPORT does not mean that the packet has been transmitted. Just that it has been received over the CPU port, and that the mgmt slot is yet again available. This is relevant because of what we are doing in sja1105_ptp_txtstamp_skb, which is called right after sja1105_mgmt_xmit. We are in a hard real-time deadline, since the hardware only gives us 24 bits of TX timestamp, so we need to read the full PTP clock to reconstruct it. Because we're in a hurry (in an attempt to make sure that we have a full 64-bit PTP time which is as close as possible to the actual transmission time of the frame, to avoid 24-bit wraparounds), first we read the PTP clock, then we poll for the TX timestamp to become available. But of course, we don't know for sure that the frame has been transmitted when we read the full PTP clock. We had assumed that ENFPORT means it has, but the assumption is incorrect. And while in most real-life scenarios this has never been caught due to software delays, nowhere is this fact more obvious than with a tc-taprio offload, where PTP traffic gets a small timeslot very rarely (example: 1 packet per 10 ms). In that case, we will be reading the PTP clock for timestamp reconstruction too early (before the packet has been transmitted), and this renders the reconstruction procedure incorrect (see the assumptions described in the comments found on function sja1105_tstamp_reconstruct). So the PTP TX timestamps will be off by 1<<24 clock ticks, or 135 ms (1 tick is 8 ns). So fix this case of premature optimization by simply reordering the sja1105_ptpegr_ts_poll and the sja1105_ptpclkval_read function calls. It turns out that in practice, the 135 ms hard deadline for PTP timestamp wraparound is not so hard, since even the most bandwidth-intensive PTP profiles, such as 802.1AS-2011, have a sync frame interval of 125 ms. So if we couldn't deliver a timestamp in 135 ms (which we can), we're toast and have much bigger problems anyway. Fixes: 47ed985e97f5 ("net: dsa: sja1105: Add logic for TX timestamping") Signed-off-by: Vladimir Oltean Acked-by: Richard Cochran Signed-off-by: David S. Miller commit cc970925feb9a38c2f0d34305518e00a3084ce85 Author: Sven Auhagen Date: Sun Jun 14 09:19:17 2020 +0200 mvpp2: ethtool rxtx stats fix The ethtool rx and tx queue statistics are reporting wrong values. Fix reading out the correct ones. Signed-off-by: Sven Auhagen Signed-off-by: David S. Miller commit 534a8bf0ccdd7b3f7a4eb22b5992d3aa1da08f93 Author: Sergei Shtylyov Date: Sat Jun 13 23:59:30 2020 +0300 MAINTAINERS: switch to my private email for Renesas Ethernet drivers I no longer work for Cogent Embedded (but my old email still works :-)), and still would like to continue looking after the Renesas Ethernet drivers and bindings. Let's switch to my private email. Signed-off-by: Sergei Shtylyov Acked-by: Geert Uytterhoeven Signed-off-by: David S. Miller commit 58d0c864e1a759a15c9df78f50ea5a5c32b3989e Author: Aditya Pakki Date: Fri Jun 12 15:27:55 2020 -0500 rocker: fix incorrect error handling in dma_rings_init In rocker_dma_rings_init, the goto blocks in case of errors caused by the functions rocker_dma_cmd_ring_waits_alloc() and rocker_dma_ring_create() are incorrect. The patch fixes the order consistent with cleanup in rocker_dma_rings_fini(). Signed-off-by: Aditya Pakki Signed-off-by: David S. Miller commit a6379f0ad6375a707e915518ecd5c2270afcd395 Author: Aditya Pakki Date: Fri Jun 12 15:01:54 2020 -0500 test_objagg: Fix potential memory leak in error handling In case of failure of check_expect_hints_stats(), the resources allocated by objagg_hints_get should be freed. The patch fixes this issue. Signed-off-by: Aditya Pakki Signed-off-by: David S. Miller commit adaff6d906d74dfe34d44fd18d5a7596d293df44 Author: Bartosz Golaszewski Date: Thu Jun 11 16:01:39 2020 +0200 net: ethernet: mtk-star-emac: simplify interrupt handling During development we tried to make the interrupt handling as fine-grained as possible with TX and RX interrupts being disabled/enabled independently and the counter registers reset from workqueue context. Unfortunately after thorough testing of current mainline, we noticed the driver has become unstable under heavy load. While this is hard to reproduce, it's quite consistent in the driver's current form. This patch proposes to go back to the previous approach of doing all processing in napi context with all interrupts masked in order to make the driver usable in mainline linux. This doesn't impact the performance on pumpkin boards at all and it's in line with what many ethernet drivers do in mainline linux anyway. At the same time we're adding a FIXME comment about the need to improve the interrupt handling. Fixes: 8c7bd5a454ff ("net: ethernet: mtk-star-emac: new driver") Signed-off-by: Bartosz Golaszewski Signed-off-by: David S. Miller commit ea2fce88d2fd678ed9d45354ff49b73f1d5615dd Author: Wang Hai Date: Thu Jun 11 15:57:50 2020 +0800 mld: fix memory leak in ipv6_mc_destroy_dev() Commit a84d01647989 ("mld: fix memory leak in mld_del_delrec()") fixed the memory leak of MLD, but missing the ipv6_mc_destroy_dev() path, in which mca_sources are leaked after ma_put(). Using ip6_mc_clear_src() to take care of the missing free. BUG: memory leak unreferenced object 0xffff8881113d3180 (size 64): comm "syz-executor071", pid 389, jiffies 4294887985 (age 17.943s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 ff 02 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 ................ backtrace: [<000000002cbc483c>] kmalloc include/linux/slab.h:555 [inline] [<000000002cbc483c>] kzalloc include/linux/slab.h:669 [inline] [<000000002cbc483c>] ip6_mc_add1_src net/ipv6/mcast.c:2237 [inline] [<000000002cbc483c>] ip6_mc_add_src+0x7f5/0xbb0 net/ipv6/mcast.c:2357 [<0000000058b8b1ff>] ip6_mc_source+0xe0c/0x1530 net/ipv6/mcast.c:449 [<000000000bfc4fb5>] do_ipv6_setsockopt.isra.12+0x1b2c/0x3b30 net/ipv6/ipv6_sockglue.c:754 [<00000000e4e7a722>] ipv6_setsockopt+0xda/0x150 net/ipv6/ipv6_sockglue.c:950 [<0000000029260d9a>] rawv6_setsockopt+0x45/0x100 net/ipv6/raw.c:1081 [<000000005c1b46f9>] __sys_setsockopt+0x131/0x210 net/socket.c:2132 [<000000008491f7db>] __do_sys_setsockopt net/socket.c:2148 [inline] [<000000008491f7db>] __se_sys_setsockopt net/socket.c:2145 [inline] [<000000008491f7db>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2145 [<00000000c7bc11c5>] do_syscall_64+0xa1/0x530 arch/x86/entry/common.c:295 [<000000005fb7a3f3>] entry_SYSCALL_64_after_hwframe+0x49/0xb3 Fixes: 1666d49e1d41 ("mld: do not remove mld souce list info when set link down") Reported-by: Hulk Robot Signed-off-by: Wang Hai Acked-by: Hangbin Liu Signed-off-by: David S. Miller commit 7c6cdf6376d563ddaf9229cf39c4f372516eb3ad Merge: 38af8f2d606a e000940473d1 Author: David S. Miller Date: Mon Jun 15 13:28:33 2020 -0700 Merge branch 'bnxt_en-Bug-fixes' Michael Chan says: ==================== bnxt_en: Bug fixes. Four fixes related to the bnxt_en driver's resume path, AER reset, and the timer function. ==================== Signed-off-by: David S. Miller commit e000940473d1423a42ef9c823fb23ccffe3f07ea Author: Vasundhara Volam Date: Sun Jun 14 19:57:10 2020 -0400 bnxt_en: Return from timer if interface is not in open state. This will avoid many uneccessary error logs when driver or firmware is in reset. Fixes: 230d1f0de754 ("bnxt_en: Handle firmware reset.") Signed-off-by: Vasundhara Volam Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 6e2f83884c099de0e87b15a820736e522755d074 Author: Michael Chan Date: Sun Jun 14 19:57:09 2020 -0400 bnxt_en: Fix AER reset logic on 57500 chips. AER reset should follow the same steps as suspend/resume. We need to free context memory during AER reset and allocate new context memory during recovery by calling bnxt_hwrm_func_qcaps(). We also need to call bnxt_reenable_sriov() to restore the VFs. Fixes: bae361c54fb6 ("bnxt_en: Improve AER slot reset.") Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 59ae210173ff86256fa0cdba4ea4d608c61e123d Author: Michael Chan Date: Sun Jun 14 19:57:08 2020 -0400 bnxt_en: Re-enable SRIOV during resume. If VFs are enabled, we need to re-configure them during resume because firmware has been reset while resuming. Otherwise, the VFs won't work after resume. Fixes: c16d4ee0e397 ("bnxt_en: Refactor logic to re-enable SRIOV after firmware reset detected.") Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 2084ccf6259cc95e0575f0fafc93595d0219a9f6 Author: Michael Chan Date: Sun Jun 14 19:57:07 2020 -0400 bnxt_en: Simplify bnxt_resume(). The separate steps we do in bnxt_resume() can be done more simply by calling bnxt_hwrm_func_qcaps(). This change will add an extra __bnxt_hwrm_func_qcaps() call which is needed anyway on older firmware. Fixes: f9b69d7f6279 ("bnxt_en: Fix suspend/resume path on 57500 chips") Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 38af8f2d606a9372dbf19e47b3939e96c1ff28e4 Merge: 6e701c299469 3003055f5066 Author: David S. Miller Date: Mon Jun 15 13:27:13 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Fix bogus EEXIST on element insertions to the rbtree with timeouts, from Stefano Brivio. 2) Preempt BUG splat in the pipapo element insertion path, also from Stefano. 3) Release filter from the ctnetlink error path. 4) Release flowtable hooks from the deletion path. ==================== Signed-off-by: David S. Miller commit 6e701c299469dd2b8a64056051c6834809152424 Author: Vladimir Oltean Date: Mon Jun 15 19:42:44 2020 +0300 MAINTAINERS: merge entries for felix and ocelot drivers The ocelot switchdev driver also provides a set of library functions for the felix DSA driver, which in practice means that most of the patches will be of interest to both groups of driver maintainers. So, as also suggested in the discussion here, let's merge the 2 entries into a single larger one: https://www.spinics.net/lists/netdev/msg657412.html Note that the entry has been renamed into "OCELOT SWITCH" since neither Vitesse nor Microsemi exist any longer as company names, instead they are now named Microchip (which again might be subject to change in the future), so use the device family name instead. Suggested-by: Alexandre Belloni Signed-off-by: Vladimir Oltean Acked-by: Horatiu Vultur Signed-off-by: David S. Miller commit e89df5c4322c1bf495f62d74745895b5fd2a4393 Author: Zekun Shen Date: Mon Jun 15 11:50:29 2020 -0400 net: alx: fix race condition in alx_remove There is a race condition exist during termination. The path is alx_stop and then alx_remove. An alx_schedule_link_check could be called before alx_stop by interrupt handler and invoke alx_link_check later. Alx_stop frees the napis, and alx_remove cancels any pending works. If any of the work is scheduled before termination and invoked before alx_remove, a null-ptr-deref occurs because both expect alx->napis[i]. This patch fix the race condition by moving cancel_work_sync functions before alx_free_napis inside alx_stop. Because interrupt handler can call alx_schedule_link_check again, alx_free_irq is moved before cancel_work_sync calls too. Signed-off-by: Zekun Shen Signed-off-by: David S. Miller commit dff515a3e71dc8ab3b9dcc2e23a9b5fca88b3c18 Author: Thomas Falcon Date: Mon Jun 15 10:29:23 2020 -0500 ibmvnic: Harden device login requests The VNIC driver's "login" command sequence is the final step in the driver's initialization process with device firmware, confirming the available device queue resources to be utilized by the driver. Under high system load, firmware may not respond to the request in a timely manner or may abort the request. In such cases, the driver should reattempt the login command sequence. In case of a device error, the number of retries is bounded. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller commit 939a5bf7c9b7a1ad9c5d3481c93766a522773531 Author: Charles Keepax Date: Mon Jun 15 14:18:54 2020 +0100 net: macb: Only disable NAPI on the actual error path A recent change added a disable to NAPI into macb_open, this was intended to only happen on the error path but accidentally applies to all paths. This causes NAPI to be disabled on the success path, which leads to the network to no longer functioning. Fixes: 014406babc1f ("net: cadence: macb: disable NAPI on error") Signed-off-by: Charles Keepax Tested-by: Corentin Labbe Signed-off-by: David S. Miller commit 0acb47a3a09381d20fb643aa195cf5840aac3bb4 Author: Wang Qing Date: Mon Jun 15 17:02:23 2020 +0800 qlcnic: Use kobj_to_dev() instead Use kobj_to_dev() instead of container_of() Signed-off-by: Wang Qing Signed-off-by: David S. Miller commit a386bc5b2155bf1fc76229481ac7e7f2a646d966 Author: Geliang Tang Date: Mon Jun 15 16:34:28 2020 +0800 mptcp: use list_first_entry_or_null Use list_first_entry_or_null to simplify the code. Signed-off-by: Geliang Tang Signed-off-by: David S. Miller commit 35ed87add7def6809cf7815cc495a6537bc3bb01 Author: Colin Ian King Date: Mon Jun 15 09:29:11 2020 +0100 net: axienet: fix spelling mistake in comment "Exteneded" -> "extended" There is a spelling mistake in a comment. Fix it. Signed-off-by: Colin Ian King Acked-by: Michal Simek Signed-off-by: David S. Miller commit c06c1f87b66e74c29ecc68020e0312c565deebe0 Author: Geliang Tang Date: Mon Jun 15 16:28:03 2020 +0800 mptcp: drop MPTCP_PM_MAX_ADDR We have defined MPTCP_PM_ADDR_MAX in pm_netlink.c, so drop this duplicate macro. Fixes: 1b1c7a0ef7f3 ("mptcp: Add path manager interface") Signed-off-by: Geliang Tang Reviewed-by: Matthieu Baerts Signed-off-by: David S. Miller commit 33cf601da7a42b1a78d04746aea47b85ccb5c49b Author: Ka-Cheong Poon Date: Mon Jun 15 00:40:25 2020 -0700 net/rds: NULL pointer de-reference in rds_ib_add_one() The parent field of a struct device may be NULL. The macro ibdev_to_node() should check for that. Signed-off-by: Ka-Cheong Poon Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller commit 6769b275a313c76ddcd7d94c632032326db5f759 Author: Tom Seewald Date: Wed Jun 10 12:47:17 2020 -0500 RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() The variable buf_addr is type dma_addr_t, which may not be the same size as a pointer. To ensure it is the correct size, cast to a uintptr_t. Fixes: c536277e0db1 ("RDMA/siw: Fix 64/32bit pointer inconsistency") Link: https://lore.kernel.org/r/20200610174717.15932-1-tseewald@gmail.com Signed-off-by: Tom Seewald Reviewed-by: Bernard Metzler Signed-off-by: Jason Gunthorpe commit 0dc63bbee0fa6da20283ae6e22e99c6fde25ed8e Author: Kieran Bingham Date: Tue Jun 9 13:45:55 2020 +0100 RDMA/hfi1: Fix trivial mis-spelling of 'descriptor' The word 'descriptor' is misspelled throughout the tree. Fix it up accordingly: decriptors -> descriptors Link: https://lore.kernel.org/r/20200609124610.3445662-3-kieran.bingham+renesas@ideasonboard.com Link: https://lore.kernel.org/r/20200609124610.3445662-12-kieran.bingham+renesas@ideasonboard.com Signed-off-by: Kieran Bingham Acked-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit 4f5747cf8e5947479a27a3597829e45d6d8d73e0 Author: Tom Seewald Date: Thu Jun 4 21:30:12 2020 -0500 RDMA/mlx5: Fix -Wformat warning in check_ucmd_data() Variables of type size_t should use %zu rather than %lu [1]. The variables "inlen", "ucmd", "last", and "size" are all size_t, so use the correct format specifiers. [1] https://www.kernel.org/doc/html/latest/core-api/printk-formats.html Fixes: e383085c2425 ("RDMA/mlx5: Set ECE options during QP create") Link: https://lore.kernel.org/r/20200605023012.9527-1-tseewald@gmail.com Signed-off-by: Tom Seewald Acked-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 7a88a6227dc7f2e723bba11ece05e57bd8dce8e4 Author: Philipp Fent Date: Mon Jun 15 13:51:09 2020 +0200 efi/libstub: Fix path separator regression Commit 9302c1bb8e47 ("efi/libstub: Rewrite file I/O routine") introduced a regression that made a couple of (badly configured) systems fail to boot [1]: Until 5.6, we silently accepted Unix-style file separators in EFI paths, which might violate the EFI standard, but are an easy to make mistake. This fix restores the pre-5.7 behaviour. [1] https://bbs.archlinux.org/viewtopic.php?id=256273 Fixes: 9302c1bb8e47 ("efi/libstub: Rewrite file I/O routine") Signed-off-by: Philipp Fent Link: https://lore.kernel.org/r/20200615115109.7823-1-fent@in.tum.de [ardb: rewrite as chained if/else statements] Signed-off-by: Ard Biesheuvel commit 24552d10339f13d2174e013002da3ed90e26adda Author: Ard Biesheuvel Date: Mon Jun 15 12:31:14 2020 +0200 efi/libstub: Fix missing-prototype warning for skip_spaces() Include into skip_spaces.c to silence a compiler warning about a missing prototype. Signed-off-by: Ard Biesheuvel commit 630e8d5507d9f55dfa98134bfcadefb6cfba4fbb Author: Kamal Dasu Date: Mon Jun 15 11:51:34 2020 -0400 mtd: set master partition panic write flag Check and set master panic write flag so that low level drivers can use it to take required action to ensure oops data gets written to assigned mtdoops device partition. Fixes: 9f897bfdd89f ("mtd: Add flag to indicate panic_write") Signed-off-by: Kamal Dasu Signed-off-by: Miquel Raynal Link: https://lore.kernel.org/linux-mtd/20200615155134.32007-1-kdasu.kdev@gmail.com commit 1f6ce4445ab5c97aa63583bd6ce4fc20f471e11c Author: Richard Weinberger Date: Mon Jun 15 13:34:04 2020 +0200 nandsim: Fix return code testing of ns_find_operation() ns_find_operation() returns 0 on success. Fixes: 052a7a5374bc ("mtd: rawnand: nandsim: Clean error handling") Signed-off-by: Richard Weinberger Signed-off-by: Miquel Raynal Link: https://lore.kernel.org/linux-mtd/20200615113404.25447-1-richard@nod.at commit 3be20b6fc13abff843901fcd7cd9c7a3a7f95b90 Merge: b3a9e3b9622a 7b97d868b7ab Author: Linus Torvalds Date: Mon Jun 15 09:32:10 2020 -0700 Merge tag 'ext4-for-linus-5.8-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull more ext4 updates from Ted Ts'o: "This is the second round of ext4 commits for 5.8 merge window [1]. It includes the per-inode DAX support, which was dependant on the DAX infrastructure which came in via the XFS tree, and a number of regression and bug fixes; most notably the "BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks" reported by syzkaller" [1] The pull request actually came in 15 minutes after I had tagged the rc1 release. Tssk, tssk, late.. - Linus * tag 'ext4-for-linus-5.8-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers ext4: support xattr gnu.* namespace for the Hurd ext4: mballoc: Use this_cpu_read instead of this_cpu_ptr ext4: avoid utf8_strncasecmp() with unstable name ext4: stop overwrite the errcode in ext4_setup_super ext4: fix partial cluster initialization when splitting extent ext4: avoid race conditions when remounting with options that change dax Documentation/dax: Update DAX enablement for ext4 fs/ext4: Introduce DAX inode flag fs/ext4: Remove jflag variable fs/ext4: Make DAX mount option a tri-state fs/ext4: Only change S_DAX on inode load fs/ext4: Update ext4_should_use_dax() fs/ext4: Change EXT4_MOUNT_DAX to EXT4_MOUNT_DAX_ALWAYS fs/ext4: Disallow verity if inode is DAX fs/ext4: Narrow scope of DAX check in setflags commit 88c200d929c969408779dbae4c4fad32bc510373 Author: Sean Christopherson Date: Mon Jun 8 18:45:18 2020 -0700 KVM: VMX: Add helpers to identify interrupt type from intr_info Add is_intr_type() and is_intr_type_n() to consolidate the boilerplate code for querying a specific type of interrupt given an encoded value from VMCS.VM_{ENTER,EXIT}_INTR_INFO, with and without an associated vector respectively. Signed-off-by: Sean Christopherson Message-Id: <20200609014518.26756-1-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit 8dd4daa04278d7437641962ed53b843c0b0ec4a9 Author: Shyam Thombre Date: Wed Jun 10 16:39:44 2020 +0530 arm64: mm: reset address tag set by kasan sw tagging KASAN sw tagging sets a random tag of 8 bits in the top byte of the pointer returned by the memory allocating functions. So for the functions unaware of this change, the top 8 bits of the address must be reset which is done by the function arch_kasan_reset_tag(). Signed-off-by: Shyam Thombre Link: https://lore.kernel.org/r/1591787384-5823-1-git-send-email-sthombre@codeaurora.org Signed-off-by: Will Deacon commit 413d3ea6b775d77b2057f13a9af75875eb066156 Author: Will Deacon Date: Mon Jun 15 12:23:16 2020 +0100 arm64: traps: Dump registers prior to panic() in bad_mode() When panicing due to an unknown/unhandled exception at EL1, dump the registers of the faulting context so that it's easier to figure out what went wrong. In particular, this makes it a lot easier to debug in-kernel BTI failures since it pretty-prints PSTATE.BTYPE in the crash log. Cc: Mark Brown Cc: Catalin Marinas Acked-by: Mark Rutland Link: https://lore.kernel.org/r/20200615113458.2884-1-will@kernel.org Signed-off-by: Will Deacon commit 1e570f512cbdc5e9e401ba640d9827985c1bea1e Author: Dave Martin Date: Wed Jun 10 18:03:10 2020 +0100 arm64/sve: Eliminate data races on sve_default_vl sve_default_vl can be modified via the /proc/sys/abi/sve_default_vl sysctl concurrently with use, and modified concurrently by multiple threads. Adding a lock for this seems overkill, and I don't want to think any more than necessary, so just define wrappers using READ_ONCE()/ WRITE_ONCE(). This will avoid the possibility of torn accesses and repeated loads and stores. There's no evidence yet that this is going wrong in practice: this is just hygiene. For generic sysctl users, it would be better to build this kind of thing into the sysctl common code somehow. Reported-by: Will Deacon Signed-off-by: Dave Martin Link: https://lore.kernel.org/r/1591808590-20210-3-git-send-email-Dave.Martin@arm.com [will: move set_sve_default_vl() inside #ifdef to squash allnoconfig warning] Signed-off-by: Will Deacon commit 43708c0ab7c9861cf3fb8664ab327f8c7b1bada0 Author: Flavio Suligoi Date: Tue Jun 9 18:38:53 2020 +0200 tools: testing: ftrace: trigger: fix spelling mistake Fix typo: "tigger" --> "trigger" Signed-off-by: Flavio Suligoi Acked-by: Steven Rostedt (VMware) Signed-off-by: Shuah Khan commit 27784a256c2a453d891c0aaff84c3ac3f2e8a5a0 Author: Geert Uytterhoeven Date: Sat Jun 13 09:37:54 2020 +0200 spi: uapi: spidev: Use TABs for alignment The UAPI uses TABs for alignment. Convert the recently introduced spaces to TABs to restore consistency. Fixes: 7bb64402a092136 ("spi: tools: Add macro definitions to fix build errors") Signed-off-by: Geert Uytterhoeven Link: https://lore.kernel.org/r/20200613073755.15906-1-geert+renesas@glider.be Signed-off-by: Mark Brown commit 801dd57bd1d8c2c253f43635a3045bfa32a810b3 Author: Pavel Begunkov Date: Mon Jun 15 10:33:14 2020 +0300 io_uring: cancel by ->task not pid For an exiting process it tries to cancel all its inflight requests. Use req->task to match such instead of work.pid. We always have req->task set, and it will be valid because we're matching only current exiting task. Also, remove work.pid and everything related, it's useless now. Reported-by: Eric W. Biederman Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 4dd2824d6d5914949b5fe589538bc2622d84c5dd Author: Pavel Begunkov Date: Mon Jun 15 10:33:13 2020 +0300 io_uring: lazy get task There will be multiple places where req->task is used, so refcount-pin it lazily with introduced *io_{get,put}_req_task(). We need to always have valid ->task for cancellation reasons, but don't care about pinning it in some cases. That's why it sets req->task in io_req_init() and implements get/put laziness with a flag. This also removes using @current from polling io_arm_poll_handler(), etc., but doesn't change observable behaviour. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 67c4d9e693e3bb7fb968af24e3584f821a78ba56 Author: Pavel Begunkov Date: Mon Jun 15 10:24:05 2020 +0300 io_uring: batch cancel in io_uring_cancel_files() Instead of waiting for each request one by one, first try to cancel all of them in a batched manner, and then go over inflight_list/etc to reap leftovers. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 44e728b8aae0bb6d4229129083974f9dea43f50b Author: Pavel Begunkov Date: Mon Jun 15 10:24:04 2020 +0300 io_uring: cancel all task's requests on exit If a process is going away, io_uring_flush() will cancel only 1 request with a matching pid. Cancel all of them Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 4f26bda1522c35d2701fc219368c7101c17005c1 Author: Pavel Begunkov Date: Mon Jun 15 10:24:03 2020 +0300 io-wq: add an option to cancel all matched reqs This adds support for cancelling all io-wq works matching a predicate. It isn't used yet, so no change in observable behaviour. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit f4c2665e33f48904f2766d644df33fb3fd54b5ec Author: Pavel Begunkov Date: Mon Jun 15 10:24:02 2020 +0300 io-wq: reorder cancellation pending -> running Go all over all pending lists and cancel works there, and only then try to match running requests. No functional changes here, just a preparation for bulk cancellation. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 4ec89596d06bd481ba827f3b409b938d63914157 Author: David Howells Date: Sun Jun 14 22:12:05 2020 +0100 afs: Fix the mapping of the UAEOVERFLOW abort code Abort code UAEOVERFLOW is returned when we try and set a time that's out of range, but it's currently mapped to EREMOTEIO by the default case. Fix UAEOVERFLOW to map instead to EOVERFLOW. Found with the generic/258 xfstest. Note that the test is wrong as it assumes that the filesystem will support a pre-UNIX-epoch date. Fixes: 1eda8bab70ca ("afs: Add support for the UAE error table") Signed-off-by: David Howells commit 793fe82ee33aab1023cf023cd7d744af19a3dff9 Author: David Howells Date: Fri Jun 12 16:13:52 2020 +0100 afs: Fix truncation issues and mmap writeback size Fix the following issues: (1) Fix writeback to reduce the size of a store operation to i_size, effectively discarding the extra data. The problem comes when afs_page_mkwrite() records that a page is about to be modified by mmap(). It doesn't know what bits of the page are going to be modified, so it records the whole page as being dirty (this is stored in page->private as start and end offsets). Without this, the marshalling for the store to the server extends the size of the file to the end of the page (in afs_fs_store_data() and yfs_fs_store_data()). (2) Fix setattr to actually truncate the pagecache, thereby clearing the discarded part of a file. (3) Fix setattr to check that the new size is okay and to disable ATTR_SIZE if i_size wouldn't change. (4) Force i_size to be updated as the result of a truncate. (5) Don't truncate if ATTR_SIZE is not set. (6) Call pagecache_isize_extended() if the file was enlarged. Note that truncate_set_size() isn't used because the setting of i_size is done inside afs_vnode_commit_status() under the vnode->cb_lock. Found with the generic/029 and generic/393 xfstests. Fixes: 31143d5d515e ("AFS: implement basic file write support") Fixes: 4343d00872e1 ("afs: Get rid of the afs_writeback record") Signed-off-by: David Howells commit da8d07551275abb3a38fae2d16e02bc9cc7396b2 Author: David Howells Date: Sat Jun 13 19:34:59 2020 +0100 afs: Concoct ctimes The in-kernel afs filesystem ignores ctime because the AFS fileserver protocol doesn't support ctimes. This, however, causes various xfstests to fail. Work around this by: (1) Setting ctime to attr->ia_ctime in afs_setattr(). (2) Not ignoring ATTR_MTIME_SET, ATTR_TIMES_SET and ATTR_TOUCH settings. (3) Setting the ctime from the server mtime when on the target file when creating a hard link to it. (4) Setting the ctime on directories from their revised mtimes when renaming/moving a file. Found by the generic/221 and generic/309 xfstests. Signed-off-by: David Howells commit 3f4aa981816368fe6b1d13c2bfbe76df9687e787 Author: David Howells Date: Sat Jun 13 00:03:48 2020 +0100 afs: Fix EOF corruption When doing a partial writeback, afs_write_back_from_locked_page() may generate an FS.StoreData RPC request that writes out part of a file when a file has been constructed from pieces by doing seek, write, seek, write, ... as is done by ld. The FS.StoreData RPC is given the current i_size as the file length, but the server basically ignores it unless the data length is 0 (in which case it's just a truncate operation). The revised file length returned in the result of the RPC may then not reflect what we suggested - and this leads to i_size getting moved backwards - which causes issues later. Fix the client to take account of this by ignoring the returned file size unless the data version number jumped unexpectedly - in which case we're going to have to clear the pagecache and reload anyway. This can be observed when doing a kernel build on an AFS mount. The following pair of commands produce the issue: ld -m elf_x86_64 -z max-page-size=0x200000 --emit-relocs \ -T arch/x86/realmode/rm/realmode.lds \ arch/x86/realmode/rm/header.o \ arch/x86/realmode/rm/trampoline_64.o \ arch/x86/realmode/rm/stack.o \ arch/x86/realmode/rm/reboot.o \ -o arch/x86/realmode/rm/realmode.elf arch/x86/tools/relocs --realmode \ arch/x86/realmode/rm/realmode.elf \ >arch/x86/realmode/rm/realmode.relocs This results in the latter giving: Cannot read ELF section headers 0/18: Success as the realmode.elf file got corrupted. The sequence of events can also be driven with: xfs_io -t -f \ -c "pwrite -S 0x58 0 0x58" \ -c "pwrite -S 0x59 10000 1000" \ -c "close" \ /afs/example.com/scratch/a Fixes: 31143d5d515e ("AFS: implement basic file write support") Signed-off-by: David Howells commit 1f32ef79897052ef7d3d154610d8d6af95abde83 Author: David Howells Date: Fri Jun 12 23:58:51 2020 +0100 afs: afs_write_end() should change i_size under the right lock Fix afs_write_end() to change i_size under vnode->cb_lock rather than ->wb_lock so that it doesn't race with afs_vnode_commit_status() and afs_getattr(). The ->wb_lock is only meant to guard access to ->wb_keys which isn't accessed by that piece of code. Fixes: 4343d00872e1 ("afs: Get rid of the afs_writeback record") Signed-off-by: David Howells commit bb413489288e4e457353bac513fddb6330d245ca Author: David Howells Date: Fri Jun 12 00:15:13 2020 +0100 afs: Fix non-setting of mtime when writing into mmap The mtime on an inode needs to be updated when a write is made into an mmap'ed section. There are three ways in which this could be done: update it when page_mkwrite is called, update it when a page is changed from dirty to writeback or leave it to the server and fix the mtime up from the reply to the StoreData RPC. Found with the generic/215 xfstest. Fixes: 1cf7a1518aef ("afs: Implement shared-writeable mmap") Signed-off-by: David Howells commit 6f1cf5257acc6e6242ddf2f52bc7912aed77b79f Author: Robin Gong Date: Mon Jun 15 05:54:08 2020 +0800 regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 PFUZE100_SWB_REG is not proper for sw1a/sw2, because enable_mask/enable_reg is not correct. On PFUZE3000, sw1a/sw2 should be the same as sw1a/sw2 on pfuze100 except that voltages are not linear, so add new PFUZE3000_SW_REG and pfuze3000_sw_regulator_ops which like the non-linear PFUZE100_SW_REG and pfuze100_sw_regulator_ops. Fixes: 1dced996ee70 ("regulator: pfuze100: update voltage setting for pfuze3000 sw1a") Reported-by: Christophe Meynard Signed-off-by: Robin Gong Link: https://lore.kernel.org/r/1592171648-8752-1-git-send-email-yibin.gong@nxp.com Signed-off-by: Mark Brown commit 59960b9deb5354e4cdb0b6ed3a3b653a2b4eb602 Author: Pavel Begunkov Date: Mon Jun 15 16:36:30 2020 +0300 io_uring: fix lazy work init Don't leave garbage in req.work before punting async on -EAGAIN in io_iopoll_queue(). [ 140.922099] general protection fault, probably for non-canonical address 0xdead000000000100: 0000 [#1] PREEMPT SMP PTI ... [ 140.922105] RIP: 0010:io_worker_handle_work+0x1db/0x480 ... [ 140.922114] Call Trace: [ 140.922118] ? __next_timer_interrupt+0xe0/0xe0 [ 140.922119] io_wqe_worker+0x2a9/0x360 [ 140.922121] ? _raw_spin_unlock_irqrestore+0x24/0x40 [ 140.922124] kthread+0x12c/0x170 [ 140.922125] ? io_worker_handle_work+0x480/0x480 [ 140.922126] ? kthread_park+0x90/0x90 [ 140.922127] ret_from_fork+0x22/0x30 Fixes: 7cdaf587de7c ("io_uring: avoid whole io_wq_work copy for requests completed inline") Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit a8a5e383cf41c3852621f8cdfb9141c77b004cdd Author: Baolin Wang Date: Mon Jun 15 17:12:23 2020 +0800 blk-mq: Remove redundant 'return' statement The blk_mq_all_tag_iter() is a void function, thus remove the redundant 'return' statement in this function. Signed-off-by: Baolin Wang Reviewed-by: Ming Lei Signed-off-by: Jens Axboe commit 4036d05c38ca2f73c2ca182c3ebf0dfd066593a6 Merge: 40e2c465894e 6ae4902f2f34 Author: Mark Brown Date: Mon Jun 15 15:18:35 2020 +0100 Merge series "ASoC: topology: fix use-after-free when removing components" from Pierre-Louis Bossart : This patchset fixes a memory allocation issue and removes a 100% reproducible use-after-free report thrown by KASAN in automated module removal tests across multiple platforms. All the credit goes to Bard Liao for root-causing the issue. DAIs may be registered at the same time as a component, or when the topology is loaded. This two-step registration causes the memory for topology-based DAIs to allocated last, and conversely to be released first by devres, before the component is released and the DAIs removed from the component DAI list with snd_soc_unregister_dais(). When we remove a component, by the time we walk through its dai list to unregister all dais, the dais allocated by the topology have been freed already by devres and the list is corrupted with pointers that are no longer valid. The suggestion is to add an explicit devm_ based registration for topology-based dais, so that each dai is cleanly removed from the component dai list in the release operation before devres releases the allocated memory. Pierre-Louis Bossart (2): ASoC: soc-devres: add devm_snd_soc_register_dai() ASoC: soc-topology: use devm_snd_soc_register_dai() include/sound/soc.h | 4 ++++ sound/soc/soc-devres.c | 37 +++++++++++++++++++++++++++++++++++++ sound/soc/soc-topology.c | 3 +-- 3 files changed, 42 insertions(+), 2 deletions(-) -- 2.20.1 commit 40e2c465894e5b79b49f55d9574dbcda4ac0f08f Author: Brent Lu Date: Fri Jun 12 18:50:48 2020 +0800 ASoC: SOF: Intel: hda: Clear RIRB status before reading WP Port commit 6d011d5057ff ("ALSA: hda: Clear RIRB status before reading WP") from legacy HDA driver to fix the get response timeout issue. Current SOF driver does not suffer from this issue because sync write is enabled in hda_init. The issue will come back if the sync write is disabled for some reason. Signed-off-by: Brent Lu Reviewed-by: Takashi Iwai Reviewed-by: Kai Vehmanen Reviewed-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/1591959048-15813-1-git-send-email-brent.lu@intel.com Signed-off-by: Mark Brown commit e74a1e7eaed95f2c6422e7cf9ed70154f17a6db3 Author: Jack Yu Date: Mon Jun 15 11:24:32 2020 +0800 ASoC: rt1015: Update rt1015 default register value according to spec modification. Update rt1015 default register value according to spec modification. Signed-off-by: Jack Yu Link: https://lore.kernel.org/r/20200615032433.31061-1-jack.yu@realtek.com Signed-off-by: Mark Brown commit a2120089251f1fe221305e88df99af16f940e236 Author: Srinivas Kandagatla Date: Fri Jun 12 13:37:11 2020 +0100 ASoC: qcom: common: set correct directions for dailinks Currently both FE and BE dai-links are configured bi-directional, However the DSP BE dais are only single directional, so set the directions as supported by the BE dais. Fixes: c25e295cd77b (ASoC: qcom: Add support to parse common audio device nodes) Reported-by: John Stultz Signed-off-by: Srinivas Kandagatla Tested-by: John Stultz Reviewed-by: Vinod Koul Link: https://lore.kernel.org/r/20200612123711.29130-2-srinivas.kandagatla@linaro.org Signed-off-by: Mark Brown commit 4a95737440d426e93441d49d11abf4c6526d4666 Author: Srinivas Kandagatla Date: Fri Jun 12 13:37:10 2020 +0100 ASoc: q6afe: add support to get port direction This patch adds support to q6afe_is_rx_port() to get direction of DSP BE dai port, this is useful for setting dailink directions correctly. Fixes: c25e295cd77b (ASoC: qcom: Add support to parse common audio device nodes) Reported-by: John Stultz Signed-off-by: Srinivas Kandagatla Reviewed-by: Vinod Koul Link: https://lore.kernel.org/r/20200612123711.29130-1-srinivas.kandagatla@linaro.org Signed-off-by: Mark Brown commit 96bf62f018f40cb5d4e4bed95e50fd990a2354af Author: Pierre-Louis Bossart Date: Fri Jun 12 15:35:07 2020 -0500 ASoC: soc-pcm: fix checks for multi-cpu FE dailinks soc_dpcm_fe_runtime_update() is called for all dailinks, and we want to first discard all back-ends, then deal with front-ends. The existing code first reports an error with multi-cpu front-ends, and that check needs to be moved after we know that we are dealing with a front-end. Fixes: 6e1276a5e613d ('ASoC: Return error if the function does not support multi-cpu') Signed-off-by: Pierre-Louis Bossart Reviewed-by: Ranjani Sridharan Reviewed-by: Bard Liao BugLink: https://github.com/thesofproject/linux/issues/1970 Link: https://lore.kernel.org/r/20200612203507.25621-1-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 19ab0f005b165146ea4a93f71e9cb5e71de9c0ce Author: derek.fang Date: Fri Jun 12 13:15:25 2020 +0800 ASoC: rt5682: Let dai clks be registered whether mclk exists or not According to ideal rt5682 CCF, the root clk is mclk. But in some platforms, mclk is not exported to CCF. In this condition, rt5682_register_dai_clks will not be called. This patch lets dai clks could be registered whether mclk exists or not. Signed-off-by: derek.fang Link: https://lore.kernel.org/r/1591938925-1070-5-git-send-email-derek.fang@realtek.com Signed-off-by: Mark Brown commit 2ef5612391f0a7a631c42a8afc867095b49a1992 Author: Colin Ian King Date: Thu Jun 4 15:39:02 2020 +0100 RDMA/mlx5: Remove duplicated assignment to resp.response_length The assignment to resp.response_length is never read since it is being updated again on the next statement. The assignment is redundant so removed it. Fixes: a645a89d9a78 ("RDMA/mlx5: Return ECE DC support") Link: https://lore.kernel.org/r/20200604143902.56021-1-colin.king@canonical.com Addresses-Coverity: ("Unused value") Signed-off-by: Colin Ian King Acked-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit b95273f1272398a9f7145de37703f1930244e465 Author: Qian Cai Date: Wed Apr 15 11:37:09 2020 -0400 kvm/svm: disable KCSAN for svm_vcpu_run() For some reasons, running a simple qemu-kvm command with KCSAN will reset AMD hosts. It turns out svm_vcpu_run() could not be instrumented. Disable it for now. # /usr/libexec/qemu-kvm -name ubuntu-18.04-server-cloudimg -cpu host -smp 2 -m 2G -hda ubuntu-18.04-server-cloudimg.qcow2 === console output === Kernel 5.6.0-next-20200408+ on an x86_64 hp-dl385g10-05 login: <...host reset...> HPE ProLiant System BIOS A40 v1.20 (03/09/2018) (C) Copyright 1982-2018 Hewlett Packard Enterprise Development LP Early system initialization, please wait... Signed-off-by: Qian Cai Message-Id: <20200415153709.1559-1-cai@lca.pw> Signed-off-by: Paolo Bonzini commit 6ae4902f2f3400503f9b78e87e8371e4ffde1e0c Author: Pierre-Louis Bossart Date: Fri Jun 12 15:59:38 2020 -0500 ASoC: soc-topology: use devm_snd_soc_register_dai() Use devm_ to avoid use-after-free KASAN reports and simplify error handling. Signed-off-by: Pierre-Louis Bossart Reviewed-by: Ranjani Sridharan Reviewed-by: Bard Liao Reviewed-by: Kai Vehmanen BugLink: https://github.com/thesofproject/linux/issues/2186 Link: https://lore.kernel.org/r/20200612205938.26415-3-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 0fae253af563cf5d1f5dc651d520c3eafd74f183 Author: Pierre-Louis Bossart Date: Fri Jun 12 15:59:37 2020 -0500 ASoC: soc-devres: add devm_snd_soc_register_dai() The registration of DAIs may be done at two distinct times, once during a component registration and later when loading a topology. Since devm_ managed resources are freed in the reverse order they were allocated, when a component starts unregistering DAIs by walking through the DAI list, the memory allocated for the topology-registered DAIs was freed already, which leads to 100% reproducible KASAN use-after-free reports. This patch suggests a new devm_ function to force the DAI list to be updated prior to freeing the memory chunks referenced by the list pointers. Suggested-by: Bard Liao Signed-off-by: Pierre-Louis Bossart Reviewed-by: Ranjani Sridharan Reviewed-by: Bard Liao Reviewed-by: Kai Vehmanen BugLink: https://github.com/thesofproject/linux/issues/2186 Link: https://lore.kernel.org/r/20200612205938.26415-2-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 2963795122f50b36ed16e3ba880c3ed2de1bda6e Author: Gustavo A. R. Silva Date: Wed May 27 12:14:25 2020 -0500 efi: Replace zero-length array and use struct_size() helper The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] sizeof(flexible-array-member) triggers a warning because flexible array members have incomplete type[1]. There are some instances of code in which the sizeof operator is being incorrectly/erroneously applied to zero-length arrays and the result is zero. Such instances may be hiding some bugs. So, this work (flexible-array member conversions) will also help to get completely rid of those sorts of issues. Lastly, make use of the sizeof_field() helper instead of an open-coded version. This issue was found with the help of Coccinelle and audited _manually_. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kees Cook Link: https://lore.kernel.org/r/20200527171425.GA4053@embeddedor Signed-off-by: Ard Biesheuvel commit 4353f03317fd3eb0bd803b61bdb287b68736a728 Author: Tony Luck Date: Thu May 28 12:49:05 2020 -0700 efivarfs: Don't return -EINTR when rate-limiting reads Applications that read EFI variables may see a return value of -EINTR if they exceed the rate limit and a signal delivery is attempted while the process is sleeping. This is quite surprising to the application, which probably doesn't have code to handle it. Change the interruptible sleep to a non-interruptible one. Reported-by: Lennart Poettering Signed-off-by: Tony Luck Link: https://lore.kernel.org/r/20200528194905.690-3-tony.luck@intel.com Signed-off-by: Ard Biesheuvel commit 2096721f1577b51b574fa06a7d91823dffe7267a Author: Tony Luck Date: Thu May 28 12:49:04 2020 -0700 efivarfs: Update inode modification time for successful writes Some applications want to be able to see when EFI variables have been updated. Update the modification time for successful writes. Reported-by: Lennart Poettering Signed-off-by: Tony Luck Link: https://lore.kernel.org/r/20200528194905.690-2-tony.luck@intel.com Signed-off-by: Ard Biesheuvel commit 4ddf4739be6e375116c375f0a68bf3893ffcee21 Author: Qiushi Wu Date: Thu May 28 13:38:04 2020 -0500 efi/esrt: Fix reference count leak in esre_create_sysfs_entry. kobject_init_and_add() takes reference even when it fails. If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Previous commit "b8eb718348b8" fixed a similar problem. Fixes: 0bb549052d33 ("efi: Add esrt support") Signed-off-by: Qiushi Wu Link: https://lore.kernel.org/r/20200528183804.4497-1-wu000273@umn.edu Signed-off-by: Ard Biesheuvel commit a6e2c226c3d51fd93636320e47cabc8a8f0824c5 Author: Aneesh Kumar K.V Date: Sun May 24 15:08:19 2020 +0530 powerpc: Fix kernel crash in show_instructions() w/DEBUG_VIRTUAL With CONFIG_DEBUG_VIRTUAL=y, we can hit a BUG() if we take a hard lockup watchdog interrupt when in OPAL mode. This happens in show_instructions() if the kernel takes the watchdog NMI IPI, or any other interrupt, with MSR_IR == 0. show_instructions() updates the variable pc in the loop and the second iteration will result in BUG(). We hit the BUG_ON due the below check in __va() #define __va(x) ({ VIRTUAL_BUG_ON((unsigned long)(x) >= PAGE_OFFSET); (void *)(unsigned long)((phys_addr_t)(x) | PAGE_OFFSET); }) Fix it by moving the check out of the loop. Also update nip so that the nip == pc check still matches. Fixes: 4dd7554a6456 ("powerpc/64: Add VIRTUAL_BUG_ON checks for __va and __pa addresses") Signed-off-by: Aneesh Kumar K.V [mpe: Use IS_ENABLED(), massage change log] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200524093822.423487-1-aneesh.kumar@linux.ibm.com commit 7dfc06a0f25b593a9f51992f540c0f80a57f3629 Author: Fabian Vogt Date: Mon Jun 15 09:16:36 2020 +0200 efi/tpm: Verify event log header before parsing It is possible that the first event in the event log is not actually a log header at all, but rather a normal event. This leads to the cast in __calc_tpm2_event_size being an invalid conversion, which means that the values read are effectively garbage. Depending on the first event's contents, this leads either to apparently normal behaviour, a crash or a freeze. While this behaviour of the firmware is not in accordance with the TCG Client EFI Specification, this happens on a Dell Precision 5510 with the TPM enabled but hidden from the OS ("TPM On" disabled, state otherwise untouched). The EFI firmware claims that the TPM is present and active and that it supports the TCG 2.0 event log format. Fortunately, this can be worked around by simply checking the header of the first event and the event log header signature itself. Commit b4f1874c6216 ("tpm: check event log version before reading final events") addressed a similar issue also found on Dell models. Fixes: 6b0326190205 ("efi: Attempt to get the TCG2 event log in the boot stub") Signed-off-by: Fabian Vogt Link: https://lore.kernel.org/r/1927248.evlx2EsYKh@linux-e202.suse.de Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1165773 Signed-off-by: Ard Biesheuvel commit 5d5103595e9e53048bb7e70ee2673c897ab38300 Author: Sean Christopherson Date: Mon Jun 8 10:41:34 2020 -0700 x86/cpu: Reinitialize IA32_FEAT_CTL MSR on BSP during wakeup Reinitialize IA32_FEAT_CTL on the BSP during wakeup to handle the case where firmware doesn't initialize or save/restore across S3. This fixes a bug where IA32_FEAT_CTL is left uninitialized and results in VMXON taking a #GP due to VMX not being fully enabled, i.e. breaks KVM. Use init_ia32_feat_ctl() to "restore" IA32_FEAT_CTL as it already deals with the case where the MSR is locked, and because APs already redo init_ia32_feat_ctl() during suspend by virtue of the SMP boot flow being used to reinitialize APs upon wakeup. Do the call in the early wakeup flow to avoid dependencies in the syscore_ops chain, e.g. simply adding a resume hook is not guaranteed to work, as KVM does VMXON in its own resume hook, kvm_resume(), when KVM has active guests. Fixes: 21bd3467a58e ("KVM: VMX: Drop initialization of IA32_FEAT_CTL MSR") Reported-by: Brad Campbell Signed-off-by: Sean Christopherson Signed-off-by: Borislav Petkov Reviewed-by: Liam Merwick Reviewed-by: Maxim Levitsky Tested-by: Brad Campbell Cc: stable@vger.kernel.org # v5.6 Link: https://lkml.kernel.org/r/20200608174134.11157-1-sean.j.christopherson@intel.com commit 9ba6a9efa4a4c721d0115089bf422f82b8a59e45 Author: Dave Martin Date: Wed Jun 10 18:03:09 2020 +0100 docs/arm64: Fix typo'd #define in sve.rst sve.rst describes a flag PR_SVE_SET_VL_INHERIT for the PR_SVE_SET_VL prctl, but there is no flag of this name. The flag is shared between the _GET and _SET calls, so the _SET prefix was dropped, giving the name PR_SVE_VL_INHERIT in the headers. Fix it. Signed-off-by: Dave Martin Link: https://lore.kernel.org/r/1591808590-20210-2-git-send-email-Dave.Martin@arm.com Signed-off-by: Will Deacon commit 751c263bb74fd36b5fc2589d36abc75042336444 Author: Ard Biesheuvel Date: Mon Jun 15 12:19:39 2020 +0200 arm64: remove TEXT_OFFSET randomization TEXT_OFFSET was recently changed to 0x0, in preparation for its removal at a later stage, and a warning is emitted into the kernel log when the bootloader appears to have failed to take the TEXT_OFFSET image header value into account. Ironically, this warning itself fails to take TEXT_OFFSET into account, and compares the kernel image's alignment modulo 2M against a hardcoded value of 0x0, and so the warning will trigger spuriously when TEXT_OFFSET randomization is enabled. Given the intent to get rid of TEXT_OFFSET entirely, let's fix this oversight by just removing support for TEXT_OFFSET randomization. Signed-off-by: Ard Biesheuvel Acked-by: Mark Rutland Link: https://lore.kernel.org/r/20200615101939.634391-1-ardb@kernel.org Signed-off-by: Will Deacon commit 8e8bb06d199a5aa7a534aa3b3fc0abbbc11ca438 Author: Peter Zijlstra Date: Thu Jun 4 11:17:40 2020 +0200 x86/entry, bug: Comment the instrumentation_begin() usage for WARN() Explain the rationale for annotating WARN(), even though, strictly speaking printk() and friends are very much not safe in many of the places we put them. Signed-off-by: Peter Zijlstra (Intel) commit 6b643a07a7e41f9e11cfbb9bba4c5c9791ac2997 Author: Peter Zijlstra Date: Wed Jun 3 20:09:06 2020 +0200 x86/entry, ubsan, objtool: Whitelist __ubsan_handle_*() The UBSAN instrumentation only inserts external CALLs when things go 'BAD', much like WARN(). So treat them similar to WARN()s for noinstr, that is: allow them, at the risk of taking the machine down, to get their message out. Suggested-by: Marco Elver Signed-off-by: Peter Zijlstra (Intel) Acked-by: Marco Elver commit 14d3b376b6c3f66d62559d457d32edf565472163 Author: Peter Zijlstra Date: Wed Jun 3 13:32:48 2020 +0200 x86/entry, cpumask: Provide non-instrumented variant of cpu_is_offline() vmlinux.o: warning: objtool: exc_nmi()+0x12: call to cpumask_test_cpu.constprop.0() leaves .noinstr.text section vmlinux.o: warning: objtool: mce_check_crashing_cpu()+0x12: call to cpumask_test_cpu.constprop.0()leaves .noinstr.text section cpumask_test_cpu() test_bit() instrument_atomic_read() arch_test_bit() Signed-off-by: Peter Zijlstra (Intel) commit 5144f8a8dfd7b3681f0a2b5bf599a210b2315018 Author: Marco Elver Date: Thu Jun 4 07:58:11 2020 +0200 compiler_types.h: Add __no_sanitize_{address,undefined} to noinstr Adds the portable definitions for __no_sanitize_address, and __no_sanitize_undefined, and subsequently changes noinstr to use the attributes to disable instrumentation via KASAN or UBSAN. Reported-by: syzbot+dc1fa714cb070b184db5@syzkaller.appspotmail.com Signed-off-by: Marco Elver Signed-off-by: Peter Zijlstra (Intel) Acked-by: Miguel Ojeda Link: https://lore.kernel.org/lkml/000000000000d2474c05a6c938fe@google.com/ commit 7b861a53e46b6b42ab8560b105af308cb72d7285 Author: Marco Elver Date: Thu Jun 4 07:58:10 2020 +0200 kasan: Bump required compiler version Adds config variable CC_HAS_WORKING_NOSANITIZE_ADDRESS, which will be true if we have a compiler that does not fail builds due to no_sanitize_address functions. This does not yet mean they work as intended, but for automated build-tests, this is the minimum requirement. For example, we require that __always_inline functions used from no_sanitize_address functions do not generate instrumentation. On GCC <= 7 this fails to build entirely, therefore we make the minimum version GCC 8. Suggested-by: Peter Zijlstra Signed-off-by: Marco Elver Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Nick Desaulniers Acked-by: Andrey Konovalov Link: https://lkml.kernel.org/r/20200602175859.GC2604@hirez.programming.kicks-ass.net commit 5ddbc4082e1072eeeae52ff561a88620a05be08f Author: Peter Zijlstra Date: Tue Jun 2 18:47:11 2020 +0200 x86, kcsan: Add __no_kcsan to noinstr The 'noinstr' function attribute means no-instrumentation, this should very much include *SAN. Because lots of that is broken at present, only include KCSAN for now, as that is limited to clang11, which has sane function attribute behaviour. Signed-off-by: Peter Zijlstra (Intel) commit e79302ae8c8cceb51cf642d5ace9da02668cb7b4 Author: Peter Zijlstra Date: Tue Jun 2 17:04:03 2020 +0200 kcsan: Remove __no_kcsan_or_inline There are no more user of this function attribute, also, with us now actively supporting '__no_kcsan inline' it doesn't make sense to have in any case. Signed-off-by: Peter Zijlstra (Intel) commit e82587336695f14283987c9aa0bfd775b520856d Author: Peter Zijlstra Date: Tue Jun 2 14:24:47 2020 +0200 x86, kcsan: Remove __no_kcsan_or_inline usage Now that KCSAN relies on -tsan-distinguish-volatile we no longer need the annotation for constant_test_bit(). Remove it. Signed-off-by: Peter Zijlstra (Intel) commit 03e62fd67d3ab33f39573fc8787d89dc9b4d7255 Author: Martin Blumenstingl Date: Sun Jun 7 15:10:23 2020 +0200 MIPS: lantiq: xway: sysctrl: fix the GPHY clock alias names The dt-bindings for the GSWIP describe that the node should be named "switch". Use the same name in sysctrl.c so the GSWIP driver can actually find the "gphy0" and "gphy1" clocks. Fixes: 14fceff4771e51 ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") Cc: stable@vger.kernel.org Signed-off-by: Martin Blumenstingl Acked-by: Hauke Mehrtens Signed-off-by: Thomas Bogendoerfer commit 5435f73d5c4a1b7504356876e69ba52de83f4975 Author: Arvind Sankar Date: Fri Jun 5 11:06:38 2020 -0400 efi/x86: Fix build with gcc 4 Commit bbf8e8b0fe04 ("efi/libstub: Optimize for size instead of speed") changed the optimization level for the EFI stub to -Os from -O2. Andrey Ignatov reports that this breaks the build with gcc 4.8.5. Testing on godbolt.org, the combination of -Os, -fno-asynchronous-unwind-tables, and ms_abi functions doesn't work, failing with the error: sorry, unimplemented: ms_abi attribute requires -maccumulate-outgoing-args or subtarget optimization implying it This does appear to work with gcc 4.9 onwards. Add -maccumulate-outgoing-args explicitly to unbreak the build with pre-4.9 versions of gcc. Reported-by: Andrey Ignatov Signed-off-by: Arvind Sankar Link: https://lore.kernel.org/r/20200605150638.1011637-1-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel commit 70cac501b576710b426f3e9f67fcd0a0558df72c Author: Arnd Bergmann Date: Wed May 27 16:05:09 2020 +0200 drm/i915: work around false-positive maybe-uninitialized warning gcc-9 gets confused by the code flow in check_dirty_whitelist: drivers/gpu/drm/i915/gt/selftest_workarounds.c: In function 'check_dirty_whitelist': drivers/gpu/drm/i915/gt/selftest_workarounds.c:492:17: error: 'rsvd' may be used uninitialized in this function [-Werror=maybe-uninitialized] I could not figure out a good way to do this in a way that gcc understands better, so initialize the variable to zero, as last resort. Fixes: aee20aaed887 ("drm/i915: Implement read-only support in whitelist selftest") Signed-off-by: Arnd Bergmann Reviewed-by: Chris Wilson Signed-off-by: Chris Wilson Link: https://patchwork.freedesktop.org/patch/msgid/20200527140526.1458215-2-arnd@arndb.de (cherry picked from commit cc649a9eafc1ef5c40db023084cb94422d08aa84) Signed-off-by: Joonas Lahtinen commit 54a9adc4608144c7a17530822246f3cfa9b15d76 Author: Arnd Bergmann Date: Wed May 27 16:05:08 2020 +0200 drm/i915/pmu: avoid an maybe-uninitialized warning Conditional spinlocks make it hard for gcc and for lockdep to follow the code flow. This one causes a warning with at least gcc-9 and higher: In file included from include/linux/irq.h:14, from drivers/gpu/drm/i915/i915_pmu.c:7: drivers/gpu/drm/i915/i915_pmu.c: In function 'i915_sample': include/linux/spinlock.h:289:3: error: 'flags' may be used uninitialized in this function [-Werror=maybe-uninitialized] 289 | _raw_spin_unlock_irqrestore(lock, flags); \ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/i915/i915_pmu.c:288:17: note: 'flags' was declared here 288 | unsigned long flags; | ^~~~~ Split out the part between the locks into a separate function for readability and to let the compiler figure out what the logic actually is. Fixes: d79e1bd676f0 ("drm/i915/pmu: Only use exclusive mmio access for gen7") Signed-off-by: Arnd Bergmann Reviewed-by: Chris Wilson Signed-off-by: Chris Wilson Link: https://patchwork.freedesktop.org/patch/msgid/20200527140526.1458215-1-arnd@arndb.de (cherry picked from commit 6ec81b82732e2b4a5ac0853fd33919ff1ca94238) Signed-off-by: Joonas Lahtinen commit 8497376707be6d2ab30f6d6662f42ab0c15d2ba1 Author: Chris Wilson Date: Tue May 19 14:20:46 2020 +0100 drm/i915/gt: Incorporate the virtual engine into timeslicing It was quite the oversight to only factor in the normal queue to decide the timeslicing switch priority. By leaving out the next virtual request from the priority decision, we would not timeslice the current engine if there was an available virtual request. Testcase: igt/gem_exec_balancer/sliced Fixes: 3df2deed411e ("drm/i915/execlists: Enable timeslice on partial virtual engine dequeue") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: Tvrtko Ursulin Reviewed-by: Tvrtko Ursulin Link: https://patchwork.freedesktop.org/patch/msgid/20200519132046.22443-3-chris@chris-wilson.co.uk (cherry picked from commit 6ad249ba59badc7ff157d4db1f835748f0e2c9b6) Signed-off-by: Joonas Lahtinen commit 0ae705f3d2b22d9d762f67fd49aa6c290987c6a3 Author: Huacai Chen Date: Mon Jun 15 14:56:55 2020 +0800 KVM: MIPS: Fix a build error for !CPU_LOONGSON64 During the KVM merging progress, a CONFIG_CPU_LOONGSON64 guard in commit 7f2a83f1c2a941ebfee53 ("KVM: MIPS: Add CPUCFG emulation for Loongson-3") is missing by accident. So add it to avoid building error. Fixes: 7f2a83f1c2a941ebfee53 ("KVM: MIPS: Add CPUCFG emulation for Loongson-3") Reported-by: kernel test robot Signed-off-by: Huacai Chen Message-Id: <1592204215-28704-1-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 8e742aa79780b13cd300a42198c1a4cea9c89905 Author: Jiri Slaby Date: Wed Jun 10 13:48:51 2020 +0200 syscalls: Fix offset type of ksys_ftruncate() After the commit below, truncate() on x86 32bit uses ksys_ftruncate(). But ksys_ftruncate() truncates the offset to unsigned long. Switch the type of offset to loff_t which is what do_sys_ftruncate() expects. Fixes: 121b32a58a3a (x86/entry/32: Use IA32-specific wrappers for syscalls taking 64-bit arguments) Signed-off-by: Jiri Slaby Signed-off-by: Thomas Gleixner Reviewed-by: Brian Gerst Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20200610114851.28549-1-jslaby@suse.cz commit 11425c4519e2c974a100fc984867046d905b9380 Author: Xiyu Yang Date: Sat Jun 13 20:30:25 2020 +0800 drm/ttm: Fix dma_fence refcnt leak when adding move fence ttm_bo_add_move_fence() invokes dma_fence_get(), which returns a reference of the specified dma_fence object to "fence" with increased refcnt. When ttm_bo_add_move_fence() returns, local variable "fence" becomes invalid, so the refcount should be decreased to keep refcount balanced. The reference counting issue happens in one exception handling path of ttm_bo_add_move_fence(). When no_wait_gpu flag is equals to true, the function forgets to decrease the refcnt increased by dma_fence_get(), causing a refcnt leak. Fix this issue by calling dma_fence_put() when no_wait_gpu flag is equals to true. Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Reviewed-by: Christian König Link: https://patchwork.freedesktop.org/patch/370221/ Signed-off-by: Christian König commit 37cc4b95d13f311c04aa8e9daacca3905ad45ca7 Author: Xiyu Yang Date: Sat Jun 13 20:28:38 2020 +0800 drm/ttm: Fix dma_fence refcnt leak in ttm_bo_vm_fault_reserved ttm_bo_vm_fault_reserved() invokes dma_fence_get(), which returns a reference of the specified dma_fence object to "moving" with increased refcnt. When ttm_bo_vm_fault_reserved() returns, local variable "moving" becomes invalid, so the refcount should be decreased to keep refcount balanced. The reference counting issue happens in several exception handling paths of ttm_bo_vm_fault_reserved(). When those error scenarios occur such as "err" equals to -EBUSY, the function forgets to decrease the refcnt increased by dma_fence_get(), causing a refcnt leak. Fix this issue by calling dma_fence_put() when no_wait_gpu flag is equals to true. Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Reviewed-by: Christian König Link: https://patchwork.freedesktop.org/patch/370219/ Signed-off-by: Christian König commit 819966c06b759022e9932f328284314d9272b9f3 Author: Stephan Müller Date: Sun Jun 7 15:20:26 2020 +0200 crypto: drbg - always try to free Jitter RNG instance The Jitter RNG is unconditionally allocated as a seed source follwoing the patch 97f2650e5040. Thus, the instance must always be deallocated. Reported-by: syzbot+2e635807decef724a1fa@syzkaller.appspotmail.com Fixes: 97f2650e5040 ("crypto: drbg - always seeded with SP800-90B ...") Signed-off-by: Stephan Mueller Signed-off-by: Herbert Xu commit 1f5b07f5dd1748a6f9363fb1a76d599c74af8231 Author: Dan Carpenter Date: Fri Jun 5 14:03:39 2020 +0300 crypto: marvell/octeontx - Fix a potential NULL dereference Smatch reports that: drivers/crypto/marvell/octeontx/otx_cptvf_algs.c:132 otx_cpt_aead_callback() warn: variable dereferenced before check 'cpt_info' (see line 121) This function is called from process_pending_queue() as: drivers/crypto/marvell/octeontx/otx_cptvf_reqmgr.c 599 /* 600 * Call callback after current pending entry has been 601 * processed, we don't do it if the callback pointer is 602 * invalid. 603 */ 604 if (callback) 605 callback(res_code, areq, cpt_info); It does appear to me that "cpt_info" can be NULL so this could lead to a NULL dereference. Fixes: 10b4f09491bf ("crypto: marvell - add the Virtual Function driver for CPT") Signed-off-by: Dan Carpenter Signed-off-by: Herbert Xu commit 77251e41f89a813b4090f5199442f217bbf11297 Author: Eric Biggers Date: Thu Jun 4 11:52:53 2020 -0700 crypto: algboss - don't wait during notifier callback When a crypto template needs to be instantiated, CRYPTO_MSG_ALG_REQUEST is sent to crypto_chain. cryptomgr_schedule_probe() handles this by starting a thread to instantiate the template, then waiting for this thread to complete via crypto_larval::completion. This can deadlock because instantiating the template may require loading modules, and this (apparently depending on userspace) may need to wait for the crc-t10dif module (lib/crc-t10dif.c) to be loaded. But crc-t10dif's module_init function uses crypto_register_notifier() and therefore takes crypto_chain.rwsem for write. That can't proceed until the notifier callback has finished, as it holds this semaphore for read. Fix this by removing the wait on crypto_larval::completion from within cryptomgr_schedule_probe(). It's actually unnecessary because crypto_alg_mod_lookup() calls crypto_larval_wait() itself after sending CRYPTO_MSG_ALG_REQUEST. This only actually became a problem in v4.20 due to commit b76377543b73 ("crc-t10dif: Pick better transform if one becomes available"), but the unnecessary wait was much older. BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=207159 Reported-by: Mike Gerow Fixes: 398710379f51 ("crypto: algapi - Move larval completion into algboss") Cc: # v3.6+ Cc: Martin K. Petersen Signed-off-by: Eric Biggers Reported-by: Kai Lüke Signed-off-by: Herbert Xu commit 24c7bf089453f6a1eed4c77ed0604bf4bb8cfb03 Author: Heinrich Schuchardt Date: Thu Jun 4 12:39:47 2020 +0200 crypto: caam - fix typos Fix CAAM related typos. Signed-off-by: Heinrich Schuchardt Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu commit 376bd28d03c97b4d53f5797d5f9b3522c8bd4d3d Author: Herbert Xu Date: Thu Jun 4 18:09:41 2020 +1000 crypto: ccp - Fix sparse warnings in sev-dev This patch fixes a bunch of sparse warnings in sev-dev where the __user marking is incorrectly handled. Reported-by: kbuild test robot Fixes: 7360e4b14350 ("crypto: ccp: Implement SEV_PEK_CERT_IMPORT...") Fixes: e799035609e1 ("crypto: ccp: Implement SEV_PEK_CSR ioctl...") Fixes: 76a2b524a4b1 ("crypto: ccp: Implement SEV_PDH_CERT_EXPORT...") Fixes: d6112ea0cb34 ("crypto: ccp - introduce SEV_GET_ID2 command") Signed-off-by: Herbert Xu Reviewed-by: Brijesh Singh Acked-by: Tom Lendacky Signed-off-by: Herbert Xu commit c61e5644c69775ae9d54b86018fca238aca64a9b Author: Herbert Xu Date: Thu Jun 4 17:37:50 2020 +1000 crypto: hisilicon - Cap block size at 2^31 The function hisi_acc_create_sg_pool may allocate a block of memory of size PAGE_SIZE * 2^(MAX_ORDER - 1). This value may exceed 2^31 on ia64, which would overflow the u32. This patch caps it at 2^31. Reported-by: kernel test robot Fixes: d8ac7b85236b ("crypto: hisilicon - fix large sgl memory...") Signed-off-by: Herbert Xu commit 7cf81954705b7e5b057f7dc39a7ded54422ab6e1 Author: Herbert Xu Date: Fri May 29 14:54:43 2020 +1000 crypto: algif_skcipher - Cap recv SG list at ctx->used Somewhere along the line the cap on the SG list length for receive was lost. This patch restores it and removes the subsequent test which is now redundant. Fixes: 2d97591ef43d ("crypto: af_alg - consolidation of...") Cc: Signed-off-by: Herbert Xu Reviewed-by: Stephan Mueller Signed-off-by: Herbert Xu commit 95459261c99f1621d90bc628c2a48e60b7cf9a88 Author: Dinghao Liu Date: Thu May 28 15:21:04 2020 +0800 hwrng: ks-sa - Fix runtime PM imbalance on error pm_runtime_get_sync() increments the runtime PM usage counter even the call returns an error code. Thus a pairing decrement is needed on the error handling path to keep the counter balanced. Signed-off-by: Dinghao Liu Reviewed-by: Alexander Sverdlin Signed-off-by: Herbert Xu commit 2c18bd525c47f882f033b0a813ecd09c93e1ecdf Author: Babu Moger Date: Thu Jun 4 14:45:16 2020 -0500 x86/resctrl: Fix memory bandwidth counter width for AMD Memory bandwidth is calculated reading the monitoring counter at two intervals and calculating the delta. It is the software’s responsibility to read the count often enough to avoid having the count roll over _twice_ between reads. The current code hardcodes the bandwidth monitoring counter's width to 24 bits for AMD. This is due to default base counter width which is 24. Currently, AMD does not implement the CPUID 0xF.[ECX=1]:EAX to adjust the counter width. But, the AMD hardware supports much wider bandwidth counter with the default width of 44 bits. Kernel reads these monitoring counters every 1 second and adjusts the counter value for overflow. With 24 bits and scale value of 64 for AMD, it can only measure up to 1GB/s without overflowing. For the rates above 1GB/s this will fail to measure the bandwidth. Fix the issue setting the default width to 44 bits by adjusting the offset. AMD future products will implement CPUID 0xF.[ECX=1]:EAX. [ bp: Let the line stick out and drop {}-brackets around a single statement. ] Fixes: 4d05bf71f157 ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger Signed-off-by: Borislav Petkov Link: https://lkml.kernel.org/r/159129975546.62538.5656031125604254041.stgit@naples-babu.amd.com commit 8abf41dcd1bcdda0d09905fb59d18f45c035c752 Author: Christopher Swenson Date: Sun Jun 14 17:11:47 2020 -0700 ALSA: usb-audio: Set 48 kHz rate for Rodecaster Like the Line6 devices, the Rode Rodecaster Pro does not support UAC2_CS_RANGE and only supports a sample rate of 48 kHz. Tested against a Rode Rodecaster Pro. Tested-by: Christopher Swenson Signed-off-by: Christopher Swenson Cc: Link: https://lore.kernel.org/r/ebdb9e72-9649-0b5e-b9b9-d757dbf26927@swenson.io Signed-off-by: Takashi Iwai commit c9808bbfed3cfc911ecb60fe8e80c0c27876c657 Author: Yick W. Tse Date: Sat Jun 13 11:40:06 2020 +0000 ALSA: usb-audio: add quirk for Denon DCD-1500RE fix error "clock source 41 is not valid, cannot use" [] New USB device found, idVendor=154e, idProduct=1002, bcdDevice= 1.00 [] New USB device strings: Mfr=1, Product=2, SerialNumber=0 [] Product: DCD-1500RE [] Manufacturer: D & M Holdings Inc. [] [] clock source 41 is not valid, cannot use [] usbcore: registered new interface driver snd-usb-audio Signed-off-by: Yick W. Tse Cc: Link: https://lore.kernel.org/r/1373857985.210365.1592048406997@mail.yahoo.com Signed-off-by: Takashi Iwai commit dbed452a078d56bc7f1abecc3edd6a75e8e4484e Author: David Rientjes Date: Thu Jun 11 00:25:57 2020 -0700 dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL DMA_REMAP is an unnecessary requirement for AMD SEV, which requires DMA_COHERENT_POOL, so avoid selecting it when it is otherwise unnecessary. The only other requirement for DMA coherent pools is DMA_DIRECT_REMAP, so ensure that properly selects the config option when needed. Fixes: 82fef0ad811f ("x86/mm: unencrypted non-blocking DMA allocations use coherent pools") Reported-by: Alex Xu (Hello71) Signed-off-by: David Rientjes Tested-by: Alex Xu (Hello71) Signed-off-by: Christoph Hellwig commit be01369859b8aa07346e497381bb46d377da0d8c Author: Eric Biggers Date: Wed Jun 10 09:14:37 2020 -0700 esp, ah: modernize the crypto algorithm selections The crypto algorithms selected by the ESP and AH kconfig options are out-of-date with the guidance of RFC 8221, which lists the legacy algorithms MD5 and DES as "MUST NOT" be implemented, and some more modern algorithms like AES-GCM and HMAC-SHA256 as "MUST" be implemented. But the options select the legacy algorithms, not the modern ones. Therefore, modify these options to select the MUST algorithms -- and *only* the MUST algorithms. Also improve the help text. Note that other algorithms may still be explicitly enabled in the kconfig, and the choice of which to actually use is still controlled by userspace. This change only modifies the list of algorithms for which kernel support is guaranteed to be present. Suggested-by: Herbert Xu Suggested-by: Steffen Klassert Acked-by: Herbert Xu Cc: Corentin Labbe Cc: Greg Kroah-Hartman Signed-off-by: Eric Biggers Signed-off-by: Steffen Klassert commit 37ea0f18fb19e0646c166037043232915cd9e995 Author: Eric Biggers Date: Wed Jun 10 09:14:36 2020 -0700 esp: select CRYPTO_SEQIV Commit f23efcbcc523 ("crypto: ctr - no longer needs CRYPTO_SEQIV") made CRYPTO_CTR stop selecting CRYPTO_SEQIV. This breaks IPsec for most users since GCM and several other encryption algorithms require "seqiv" -- and RFC 8221 lists AES-GCM as "MUST" be implemented. Just make XFRM_ESP select CRYPTO_SEQIV. Fixes: f23efcbcc523 ("crypto: ctr - no longer needs CRYPTO_SEQIV") Acked-by: Herbert Xu Cc: Corentin Labbe Cc: Greg Kroah-Hartman Cc: Steffen Klassert Signed-off-by: Eric Biggers Signed-off-by: Steffen Klassert commit 7d4e3919592593594296944ae7da1a207706e8c5 Author: Eric Biggers Date: Wed Jun 10 09:14:35 2020 -0700 esp, ah: consolidate the crypto algorithm selections Instead of duplicating the algorithm selections between INET_AH and INET6_AH and between INET_ESP and INET6_ESP, create new tristates XFRM_AH and XFRM_ESP that do the algorithm selections, and make these be selected by the corresponding INET* options. Suggested-by: Herbert Xu Acked-by: Herbert Xu Cc: Corentin Labbe Cc: Greg Kroah-Hartman Cc: Steffen Klassert Signed-off-by: Eric Biggers Signed-off-by: Steffen Klassert commit 7b16994437c7359832dd51d66c5c387995a91438 Author: Arvind Sankar Date: Thu Jun 11 18:03:39 2020 -0400 Makefile: Improve compressed debug info support detection Commit 10e68b02c861 ("Makefile: support compressed debug info") added support for compressed debug sections. Support is detected by checking - does the compiler support -gz=zlib - does the assembler support --compressed-debug-sections=zlib - does the linker support --compressed-debug-sections=zlib However, the gcc driver's support for this option is somewhat convoluted. The driver's builtin specs are set based on the version of binutils that it was configured with. It reports an error if the configure-time linker/assembler (i.e., not necessarily the actual assembler that will be run) do not support the option, but only if the assembler (or linker) is actually invoked when -gz=zlib is passed. The cc-option check in scripts/Kconfig.include does not invoke the assembler, so the gcc driver reports success even if it does not support the option being passed to the assembler. Because the as-option check passes the option directly to the assembler via -Wa,--compressed-debug-sections=zlib, the gcc driver does not see this option and will never report an error. Combined with an installed version of binutils that is more recent than the one the compiler was built with, it is possible for all three tests to succeed, yet an actual compilation with -gz=zlib to fail. Moreover, it is unnecessary to explicitly pass --compressed-debug-sections=zlib to the assembler via -Wa, since the driver will do that automatically when it supports -gz=zlib. Convert the as-option to just -gz=zlib, simplifying it as well as performing a better test of the gcc driver's capabilities. Reported-by: kernel test robot Signed-off-by: Arvind Sankar Reviewed-by: Nick Desaulniers Signed-off-by: Masahiro Yamada commit 4b25bbf52a55b58f03473333eafe61c0d46125aa Author: Coly Li Date: Mon Jun 15 00:53:33 2020 +0800 bcache: pr_info() format clean up in bcache_device_init() scripts/checkpatch.pl reports following warning for patch ("bcache: check and adjust logical block size for backing devices"), WARNING: quoted string split across lines #146: FILE: drivers/md/bcache/super.c:896: + pr_info("%s: sb/logical block size (%u) greater than page size " + "(%lu) falling back to device logical block size (%u)", There are two things to fix up, - The kernel message print should be in a single line. - pr_info() won't automatically add new line since v5.8, a '\n' should be added. This patch just does the above cleanup in bcache_device_init(). Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit ee4a36f414617aaae01f93133e828363e7e9dd17 Author: Coly Li Date: Mon Jun 15 00:53:32 2020 +0800 bcache: use delayed kworker fo asynchronous devices registration This patch changes the asynchronous registration kworker to a delayed kworker. There is probability queue_work() queues the async registration kworker to the same CPU (even though very little), then the process which writing sysfs interface to reigster bcache device may won't return immeidately. queue_delayed_work() in this patch will delay 10 jiffies before insert the kworker to run queue, which makes sure the registering process may always returns to user space in time. Fixes: 9e23ccf8f0a22 ("bcache: asynchronous devices registration") Signed-off-by: Coly Li Cc: Hannes Reinecke Signed-off-by: Jens Axboe commit dcacbc1242c71e18fa9d2eadc5647e115c9c627d Author: Mauricio Faria de Oliveira Date: Mon Jun 15 00:53:31 2020 +0800 bcache: check and adjust logical block size for backing devices It's possible for a block driver to set logical block size to a value greater than page size incorrectly; e.g. bcache takes the value from the superblock, set by the user w/ make-bcache. This causes a BUG/NULL pointer dereference in the path: __blkdev_get() -> set_init_blocksize() // set i_blkbits based on ... -> bdev_logical_block_size() -> queue_logical_block_size() // ... this value -> bdev_disk_changed() ... -> blkdev_readpage() -> block_read_full_page() -> create_page_buffers() // size = 1 << i_blkbits -> create_empty_buffers() // give size/take pointer -> alloc_page_buffers() // return NULL .. BUG! Because alloc_page_buffers() is called with size > PAGE_SIZE, thus it initializes head = NULL, skips the loop, return head; then create_empty_buffers() gets (and uses) the NULL pointer. This has been around longer than commit ad6bf88a6c19 ("block: fix an integer overflow in logical block size"); however, it increased the range of values that can trigger the issue. Previously only 8k/16k/32k (on x86/4k page size) would do it, as greater values overflow unsigned short to zero, and queue_ logical_block_size() would then use the default of 512. Now the range with unsigned int is much larger, and users w/ the 512k value, which happened to be zero'ed previously and work fine, started to hit this issue -- as the zero is gone, and queue_logical_block_size() does return 512k (>PAGE_SIZE.) Fix this by checking the bcache device's logical block size, and if it's greater than page size, fallback to the backing/ cached device's logical page size. This doesn't affect cache devices as those are still checked for block/page size in read_super(); only the backing/cached devices are not. Apparently it's a regression from commit 2903381fce71 ("bcache: Take data offset from the bdev superblock."), moving the check into BCACHE_SB_VERSION_CDEV only. Now that we have superblocks of backing devices out there with this larger value, we cannot refuse to load them (i.e., have a similar check in _BDEV.) Ideally perhaps bcache should use all values from the backing device (physical/logical/io_min block size)? But for now just fix the problematic case. Test-case: # IMG=/root/disk.img # dd if=/dev/zero of=$IMG bs=1 count=0 seek=1G # DEV=$(losetup --find --show $IMG) # make-bcache --bdev $DEV --block 8k < see dmesg > Before: # uname -r 5.7.0-rc7 [ 55.944046] BUG: kernel NULL pointer dereference, address: 0000000000000000 ... [ 55.949742] CPU: 3 PID: 610 Comm: bcache-register Not tainted 5.7.0-rc7 #4 ... [ 55.952281] RIP: 0010:create_empty_buffers+0x1a/0x100 ... [ 55.966434] Call Trace: [ 55.967021] create_page_buffers+0x48/0x50 [ 55.967834] block_read_full_page+0x49/0x380 [ 55.972181] do_read_cache_page+0x494/0x610 [ 55.974780] read_part_sector+0x2d/0xaa [ 55.975558] read_lba+0x10e/0x1e0 [ 55.977904] efi_partition+0x120/0x5a6 [ 55.980227] blk_add_partitions+0x161/0x390 [ 55.982177] bdev_disk_changed+0x61/0xd0 [ 55.982961] __blkdev_get+0x350/0x490 [ 55.983715] __device_add_disk+0x318/0x480 [ 55.984539] bch_cached_dev_run+0xc5/0x270 [ 55.986010] register_bcache.cold+0x122/0x179 [ 55.987628] kernfs_fop_write+0xbc/0x1a0 [ 55.988416] vfs_write+0xb1/0x1a0 [ 55.989134] ksys_write+0x5a/0xd0 [ 55.989825] do_syscall_64+0x43/0x140 [ 55.990563] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.991519] RIP: 0033:0x7f7d60ba3154 ... After: # uname -r 5.7.0.bcachelbspgsz [ 31.672460] bcache: bcache_device_init() bcache0: sb/logical block size (8192) greater than page size (4096) falling back to device logical block size (512) [ 31.675133] bcache: register_bdev() registered backing device loop0 # grep ^ /sys/block/bcache0/queue/*_block_size /sys/block/bcache0/queue/logical_block_size:512 /sys/block/bcache0/queue/physical_block_size:8192 Reported-by: Ryan Finnie Reported-by: Sebastian Marsching Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit be23e837333a914df3f24bf0b32e87b0331ab8d1 Author: Zhiqiang Liu Date: Mon Jun 15 00:53:30 2020 +0800 bcache: fix potential deadlock problem in btree_gc_coalesce coccicheck reports: drivers/md//bcache/btree.c:1538:1-7: preceding lock on line 1417 In btree_gc_coalesce func, if the coalescing process fails, we will goto to out_nocoalesce tag directly without releasing new_nodes[i]->write_lock. Then, it will cause a deadlock when trying to acquire new_nodes[i]-> write_lock for freeing new_nodes[i] before return. btree_gc_coalesce func details as follows: if alloc new_nodes[i] fails: goto out_nocoalesce; // obtain new_nodes[i]->write_lock mutex_lock(&new_nodes[i]->write_lock) // main coalescing process for (i = nodes - 1; i > 0; --i) [snipped] if coalescing process fails: // Here, directly goto out_nocoalesce // tag will cause a deadlock goto out_nocoalesce; [snipped] // release new_nodes[i]->write_lock mutex_unlock(&new_nodes[i]->write_lock) // coalesing succ, return return; out_nocoalesce: btree_node_free(new_nodes[i]) // free new_nodes[i] // obtain new_nodes[i]->write_lock mutex_lock(&new_nodes[i]->write_lock); // set flag for reuse clear_bit(BTREE_NODE_dirty, &ew_nodes[i]->flags); // release new_nodes[i]->write_lock mutex_unlock(&new_nodes[i]->write_lock); To fix the problem, we add a new tag 'out_unlock_nocoalesce' for releasing new_nodes[i]->write_lock before out_nocoalesce tag. If coalescing process fails, we will go to out_unlock_nocoalesce tag for releasing new_nodes[i]->write_lock before free new_nodes[i] in out_nocoalesce tag. (Coly Li helps to clean up commit log format.) Fixes: 2a285686c109816 ("bcache: btree locking rework") Signed-off-by: Zhiqiang Liu Signed-off-by: Coly Li Signed-off-by: Jens Axboe commit 0386e9ce5877ee73e07675529d5ae594d00f0900 Author: Matthew Hagan Date: Tue Jun 9 17:58:31 2020 +0100 ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP The NSP SoC includes an SP804 timer so should be enabled here. Fixes: a0efb0d28b77 ("ARM: dts: NSP: Add SP804 Support to DT") Signed-off-by: Matthew Hagan Signed-off-by: Florian Fainelli commit de1f6d9304c38e414552c3565d36286609ced0c1 Author: Rafał Miłecki Date: Mon Jun 8 18:33:41 2020 +0200 ARM: dts: BCM5301X: Add missing memory "device_type" for Luxul XWC-2000 This property is needed since commit abe60a3a7afb ("ARM: dts: Kill off skeleton{64}.dtsi"). Without it booting silently hangs at: [ 0.000000] Memory policy: Data cache writealloc Fixes: 984829e2d39b ("ARM: dts: BCM5301X: Add DT for Luxul XWC-2000") Signed-off-by: Rafał Miłecki Signed-off-by: Florian Fainelli commit b3a9e3b9622ae10064826dccb4f7a52bd88c7407 Author: Linus Torvalds Date: Sun Jun 14 12:45:04 2020 -0700 Linux 5.8-rc1 commit 4a87b197c1da6b16608d5110709e0b3308e25dcd Merge: 9d645db853a4 39030e1351aa Author: Linus Torvalds Date: Sun Jun 14 11:39:31 2020 -0700 Merge tag 'LSM-add-setgid-hook-5.8-author-fix' of git://github.com/micah-morton/linux Pull SafeSetID update from Micah Morton: "Add additional LSM hooks for SafeSetID SafeSetID is capable of making allow/deny decisions for set*uid calls on a system, and we want to add similar functionality for set*gid calls. The work to do that is not yet complete, so probably won't make it in for v5.8, but we are looking to get this simple patch in for v5.8 since we have it ready. We are planning on the rest of the work for extending the SafeSetID LSM being merged during the v5.9 merge window" * tag 'LSM-add-setgid-hook-5.8-author-fix' of git://github.com/micah-morton/linux: security: Add LSM hooks to set*gid syscalls commit 39030e1351aa1aa7443bb2da24426573077c83da Author: Thomas Cedeno Date: Tue Jun 9 10:22:13 2020 -0700 security: Add LSM hooks to set*gid syscalls The SafeSetID LSM uses the security_task_fix_setuid hook to filter set*uid() syscalls according to its configured security policy. In preparation for adding analagous support in the LSM for set*gid() syscalls, we add the requisite hook here. Tested by putting print statements in the security_task_fix_setgid hook and seeing them get hit during kernel boot. Signed-off-by: Thomas Cedeno Signed-off-by: Micah Morton commit 9d645db853a4cd1b7077931491d0055602d3d420 Merge: 96144c58abe7 55e20bd12a56 Author: Linus Torvalds Date: Sun Jun 14 09:47:25 2020 -0700 Merge tag 'for-5.8-part2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs updates from David Sterba: "This reverts the direct io port to iomap infrastructure of btrfs merged in the first pull request. We found problems in invalidate page that don't seem to be fixable as regressions or without changing iomap code that would not affect other filesystems. There are four reverts in total, but three of them are followup cleanups needed to revert a43a67a2d715 cleanly. The result is the buffer head based implementation of direct io. Reverts are not great, but under current circumstances I don't see better options" * tag 'for-5.8-part2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: Revert "btrfs: switch to iomap_dio_rw() for dio" Revert "fs: remove dio_end_io()" Revert "btrfs: remove BTRFS_INODE_READDIO_NEED_LOCK" Revert "btrfs: split btrfs_direct_IO to read and write part" commit d88de040e1df38414fc1e4380be9d0e997ab4d58 Author: Navid Emamdoost Date: Thu Jun 4 21:44:44 2020 -0500 iio: pressure: zpa2326: handle pm_runtime_get_sync failure Calling pm_runtime_get_sync increments the counter even in case of failure, causing incorrect ref count. Call pm_runtime_put if pm_runtime_get_sync fails. Signed-off-by: Navid Emamdoost Fixes: 03b262f2bbf4 ("iio:pressure: initial zpa2326 barometer support") Cc: Signed-off-by: Jonathan Cameron commit d5ed76adb926a90fada98f518abc1ab6ef07d28f Author: Syed Nayyar Waris Date: Mon Mar 16 18:20:46 2020 +0530 counter: 104-quad-8: Add lock guards - filter clock prescaler Add lock protection from race conditions to the 104-quad-8 counter driver for filter clock prescaler code changes. Mutex calls used for protection. Signed-off-by: Syed Nayyar Waris Fixes: de65d0556343 ("counter: 104-quad-8: Support Filter Clock Prescaler") Signed-off-by: Jonathan Cameron commit 708d98932893cea609386cefdfd190f757f5a61c Author: Syed Nayyar Waris Date: Mon Mar 16 18:20:06 2020 +0530 counter: 104-quad-8: Add lock guards - differential encoder Add lock protection from race conditions to 104-quad-8 counter driver for differential encoder status code changes. Mutex lock calls used for protection. Signed-off-by: Syed Nayyar Waris Fixes: 954ab5cc5f3e ("counter: 104-quad-8: Support Differential Encoder Cable Status") Signed-off-by: Jonathan Cameron commit 25f02d3242ab4d16d0cee2dec0d89cedb3747fa9 Author: Matt Ranostay Date: Tue Jun 9 06:01:16 2020 +0300 iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers Add missing strings to iio_modifier_names[] for proper modification of channels. Fixes: b170f7d48443d (iio: Add modifiers for ethanol and H2 gases) Signed-off-by: Matt Ranostay Cc: Signed-off-by: Jonathan Cameron commit 0187294d227dfc42889e1da8f8ce1e44fc25f147 Author: Dinghao Liu Date: Tue May 26 18:47:17 2020 +0800 iio: magnetometer: ak8974: Fix runtime PM imbalance on error When devm_regmap_init_i2c() returns an error code, a pairing runtime PM usage counter decrement is needed to keep the counter balanced. For error paths after ak8974_set_power(), ak8974_detect() and ak8974_reset(), things are the same. However, When iio_triggered_buffer_setup() returns an error code, there will be two PM usgae counter decrements. Signed-off-by: Dinghao Liu Fixes: 7c94a8b2ee8c ("iio: magn: add a driver for AK8974") Reviewed-by: Linus Walleij Cc: Signed-off-by: Jonathan Cameron commit d7369ae1f4d7cffa7574d15e1f787dcca184c49d Author: Chuhong Yuan Date: Thu May 28 14:41:21 2020 +0800 iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() The function iio_device_register() was called in mma8452_probe(). But the function iio_device_unregister() was not called after a call of the function mma8452_set_freefall_mode() failed. Thus add the missed function call for one error case. Fixes: 1a965d405fc6 ("drivers:iio:accel:mma8452: added cleanup provision in case of failure.") Signed-off-by: Chuhong Yuan Cc: Signed-off-by: Jonathan Cameron commit f88ecccac4be348bbcc6d056bdbc622a8955c04d Author: Jonathan Cameron Date: Sun May 17 18:29:57 2020 +0100 iio:health:afe4404 Fix timestamp alignment and prevent data leak. One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses a 40 byte array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data with alignment explicitly requested. This data is allocated with kzalloc so no data can leak appart from previous readings. Fixes: 87aec56e27ef ("iio: health: Add driver for the TI AFE4404 heart monitor") Reported-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron Acked-by: Andrew F. Davis Signed-off-by: Jonathan Cameron commit 3f9c6d38797e9903937b007a341dad0c251765d6 Author: Jonathan Cameron Date: Sun May 17 18:29:56 2020 +0100 iio:health:afe4403 Fix timestamp alignment and prevent data leak. One of a class of bugs pointed out by Lars in a recent review. iio_push_to_buffers_with_timestamp assumes the buffer used is aligned to the size of the timestamp (8 bytes). This is not guaranteed in this driver which uses a 32 byte array of smaller elements on the stack. As Lars also noted this anti pattern can involve a leak of data to userspace and that indeed can happen here. We close both issues by moving to a suitable structure in the iio_priv() data with alignment explicitly requested. This data is allocated with kzalloc so no data can leak appart from previous readings. Fixes: eec96d1e2d31 ("iio: health: Add driver for the TI AFE4403 heart monitor") Reported-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron Acked-by: Andrew F. Davis Cc: Signed-off-by: Jonathan Cameron commit 96144c58abe7ff767e754b5b80995f7b8846d49b Merge: f82e7b57b5fc bc139119a170 Author: Linus Torvalds Date: Sat Jun 13 16:27:13 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from David Miller: 1) Fix cfg80211 deadlock, from Johannes Berg. 2) RXRPC fails to send norigications, from David Howells. 3) MPTCP RM_ADDR parsing has an off by one pointer error, fix from Geliang Tang. 4) Fix crash when using MSG_PEEK with sockmap, from Anny Hu. 5) The ucc_geth driver needs __netdev_watchdog_up exported, from Valentin Longchamp. 6) Fix hashtable memory leak in dccp, from Wang Hai. 7) Fix how nexthops are marked as FDB nexthops, from David Ahern. 8) Fix mptcp races between shutdown and recvmsg, from Paolo Abeni. 9) Fix crashes in tipc_disc_rcv(), from Tuong Lien. 10) Fix link speed reporting in iavf driver, from Brett Creeley. 11) When a channel is used for XSK and then reused again later for XSK, we forget to clear out the relevant data structures in mlx5 which causes all kinds of problems. Fix from Maxim Mikityanskiy. 12) Fix memory leak in genetlink, from Cong Wang. 13) Disallow sockmap attachments to UDP sockets, it simply won't work. From Lorenz Bauer. * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (83 commits) net: ethernet: ti: ale: fix allmulti for nu type ale net: ethernet: ti: am65-cpsw-nuss: fix ale parameters init net: atm: Remove the error message according to the atomic context bpf: Undo internal BPF_PROBE_MEM in BPF insns dump libbpf: Support pre-initializing .bss global variables tools/bpftool: Fix skeleton codegen bpf: Fix memlock accounting for sock_hash bpf: sockmap: Don't attach programs to UDP sockets bpf: tcp: Recv() should return 0 when the peer socket is closed ibmvnic: Flush existing work items before device removal genetlink: clean up family attributes allocations net: ipa: header pad field only valid for AP->modem endpoint net: ipa: program upper nibbles of sequencer type net: ipa: fix modem LAN RX endpoint id net: ipa: program metadata mask differently ionic: add pcie_print_link_status rxrpc: Fix race between incoming ACK parser and retransmitter net/mlx5: E-Switch, Fix some error pointer dereferences net/mlx5: Don't fail driver on failure to create debugfs net/mlx5e: CT: Fix ipv6 nat header rewrite actions ... commit 55e20bd12a56e06c38b953177bb162cbbaa96004 Author: David Sterba Date: Tue Jun 9 19:56:06 2020 +0200 Revert "btrfs: switch to iomap_dio_rw() for dio" This reverts commit a43a67a2d715540c1368b9501a22b0373b5874c0. This patch reverts the main part of switching direct io implementation to iomap infrastructure. There's a problem in invalidate page that couldn't be solved as regression in this development cycle. The problem occurs when buffered and direct io are mixed, and the ranges overlap. Although this is not recommended, filesystems implement measures or fallbacks to make it somehow work. In this case, fallback to buffered IO would be an option for btrfs (this already happens when direct io is done on compressed data), but the change would be needed in the iomap code, bringing new semantics to other filesystems. Another problem arises when again the buffered and direct ios are mixed, invalidation fails, then -EIO is set on the mapping and fsync will fail, though there's no real error. There have been discussions how to fix that, but revert seems to be the least intrusive option. Link: https://lore.kernel.org/linux-btrfs/20200528192103.xm45qoxqmkw7i5yl@fiona/ Signed-off-by: David Sterba commit bc139119a1708ae3db1ebb379630f286e28d06e8 Author: Grygorii Strashko Date: Sat Jun 13 17:54:14 2020 +0300 net: ethernet: ti: ale: fix allmulti for nu type ale On AM65xx MCU CPSW2G NUSS and 66AK2E/L NUSS allmulti setting does not allow unregistered mcast packets to pass. This happens, because ALE VLAN entries on these SoCs do not contain port masks for reg/unreg mcast packets, but instead store indexes of ALE_VLAN_MASK_MUXx_REG registers which intended for store port masks for reg/unreg mcast packets. This path was missed by commit 9d1f6447274f ("net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled"). Hence, fix it by taking into account ALE type in cpsw_ale_set_allmulti(). Fixes: 9d1f6447274f ("net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled") Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller commit 2074f9eaa58795a99e9da61c10f93180f810cfd6 Author: Grygorii Strashko Date: Sat Jun 13 17:52:59 2020 +0300 net: ethernet: ti: am65-cpsw-nuss: fix ale parameters init The ALE parameters structure is created on stack, so it has to be reset before passing to cpsw_ale_create() to avoid garbage values. Fixes: 93a76530316a ("net: ethernet: ti: introduce am65x/j721e gigabit eth subsystem driver") Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller commit fa7566a0d68f8467846cba8ec29f1551b0a42de9 Merge: bf97bac9dc64 29fcb05bbf1a Author: David S. Miller Date: Sat Jun 13 15:28:08 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Alexei Starovoitov says: ==================== pull-request: bpf 2020-06-12 The following pull-request contains BPF updates for your *net* tree. We've added 26 non-merge commits during the last 10 day(s) which contain a total of 27 files changed, 348 insertions(+), 93 deletions(-). The main changes are: 1) sock_hash accounting fix, from Andrey. 2) libbpf fix and probe_mem sanitizing, from Andrii. 3) sock_hash fixes, from Jakub. 4) devmap_val fix, from Jesper. 5) load_bytes_relative fix, from YiFei. ==================== Signed-off-by: David S. Miller commit bf97bac9dc6481e9f68992e52bed5cc4b210e636 Author: Liao Pingfang Date: Sat Jun 13 14:03:26 2020 +0800 net: atm: Remove the error message according to the atomic context Looking into the context (atomic!) and the error message should be dropped. Signed-off-by: Liao Pingfang Signed-off-by: David S. Miller commit f82e7b57b5fc48199e2f26ffafe2f96f7338ad3d Merge: 4f9b3a377549 a7a519a49262 Author: Linus Torvalds Date: Sat Jun 13 13:43:56 2020 -0700 Merge tag '5.8-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6 Pull more cifs updates from Steve French: "12 cifs/smb3 fixes, 2 for stable. - add support for idsfromsid on create and chgrp/chown allowing ability to save owner information more naturally for some workloads - improve query info (getattr) when SMB3.1.1 posix extensions are negotiated by using new query info level" * tag '5.8-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6: smb3: Add debug message for new file creation with idsfromsid mount option cifs: fix chown and chgrp when idsfromsid mount option enabled smb3: allow uid and gid owners to be set on create with idsfromsid mount option smb311: Add tracepoints for new compound posix query info smb311: add support for using info level for posix extensions query smb311: Add support for lookup with posix extensions query info smb311: Add support for SMB311 query info (non-compounded) SMB311: Add support for query info using posix extensions (level 100) smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl smb3: fix typo in mount options displayed in /proc/mounts cifs: Add get_security_type_str function to return sec type. smb3: extend fscache mount volume coherency check commit 4f9b3a377549e2b585f5e1910c247913b49e6c83 Author: Linus Torvalds Date: Sat Jun 13 13:41:24 2020 -0700 binderfs: add gitignore for generated sample program Let's keep "git status" happy and quiet. Fixes: 9762dc1432e1 ("samples: add binderfs sample program Fixes: fca5e94921d5 ("samples: binderfs: really compile this sample and fix build issues") Signed-off-by: Linus Torvalds commit 3e1ad4054b8d7c91c1ebf19d7709c754a6c703b6 Author: Linus Torvalds Date: Sat Jun 13 13:32:40 2020 -0700 doc: don't use deprecated "---help---" markers in target docs I'm not convinced the script makes useful automaed help lines anyway, but since we're trying to deprecate the use of "---help---" in Kconfig files, let's fix the doc example code too. See commit a7f7f6248d97 ("treewide: replace '---help---' in Kconfig files with 'help'") Cc: Masahiro Yamada Signed-off-by: Linus Torvalds commit 6adc19fd13f11883c44df67b551cf8201e6bba1d Merge: 3df83e164f1f a7f7f6248d97 Author: Linus Torvalds Date: Sat Jun 13 13:29:16 2020 -0700 Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull more Kbuild updates from Masahiro Yamada: - fix build rules in binderfs sample - fix build errors when Kbuild recurses to the top Makefile - covert '---help---' in Kconfig to 'help' * tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: treewide: replace '---help---' in Kconfig files with 'help' kbuild: fix broken builds because of GZIP,BZIP2,LZOP variables samples: binderfs: really compile this sample and fix build issues commit 3df83e164f1f39c614a3f31e39164756945ae2ea Merge: 91fa58840ae2 42c76c9848e1 Author: Linus Torvalds Date: Sat Jun 13 13:17:49 2020 -0700 Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull more SCSI updates from James Bottomley: "This is the set of changes collected since just before the merge window opened. It's mostly minor fixes in drivers. The one non-driver set is the three optical disk (sr) changes where two are error path fixes and one is a helper conversion. The big driver change is the hpsa compat_alloc_userspace rework by Al so he can kill the remaining user. This has been tested and acked by the maintainer" * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (21 commits) scsi: acornscsi: Fix an error handling path in acornscsi_probe() scsi: storvsc: Remove memset before memory freeing in storvsc_suspend() scsi: cxlflash: Remove an unnecessary NULL check scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM scsi: sr: Fix sr_probe() missing deallocate of device minor scsi: sr: Fix sr_probe() missing mutex_destroy scsi: st: Convert convert get_user_pages() --> pin_user_pages() scsi: target: Rename target_setup_cmd_from_cdb() to target_cmd_parse_cdb() scsi: target: Fix NULL pointer dereference scsi: target: Initialize LUN in transport_init_se_cmd() scsi: target: Factor out a new helper, target_cmd_init_cdb() scsi: hpsa: hpsa_ioctl(): Tidy up a bit scsi: hpsa: Get rid of compat_alloc_user_space() scsi: hpsa: Don't bother with vmalloc for BIG_IOCTL_Command_struct scsi: hpsa: Lift {BIG_,}IOCTL_Command_struct copy{in,out} into hpsa_ioctl() scsi: ufs: Remove redundant urgent_bkop_lvl initialization scsi: ufs: Don't update urgent bkops level when toggling auto bkops scsi: qedf: Remove redundant initialization of variable rc scsi: mpt3sas: Fix memset() in non-RDPQ mode scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj ... commit 91fa58840ae22cbf6d7c505ce6564c4c48f29af3 Merge: ac911b316336 d790eeb3db6a Author: Linus Torvalds Date: Sat Jun 13 13:12:38 2020 -0700 Merge branch 'i2c/for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c updates from Wolfram Sang: "I2C has quite some patches for you this time. I hope it is the move to per-driver-maintainers which is now showing results. We will see. The big news is two new drivers (Nuvoton NPCM and Qualcomm CCI), larger refactoring of the Designware, Tegra, and PXA drivers, the Cadence driver supports being a slave now, and there is support to instanciate SPD eeproms for well-known cases (which will be user-visible because the i801 driver supports it), and some devm_platform_ioremap_resource() conversions which blow up the diffstat. Note that I applied the Nuvoton driver quite late, so some minor fixup patches arrived during the merge window. I chose to apply them right away because they were trivial" * 'i2c/for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (109 commits) i2c: Drop stray comma in MODULE_AUTHOR statements i2c: npcm7xx: npcm_i2caddr[] can be static MAINTAINERS: npcm7xx: Add maintainer for Nuvoton NPCM BMC i2c: npcm7xx: Fix a couple of error codes in probe i2c: icy: Fix build with CONFIG_AMIGA_PCMCIA=n i2c: npcm7xx: Remove unnecessary parentheses i2c: npcm7xx: Add support for slave mode for Nuvoton i2c: npcm7xx: Add Nuvoton NPCM I2C controller driver dt-bindings: i2c: npcm7xx: add NPCM I2C controller i2c: pxa: don't error out if there's no pinctrl i2c: add 'single-master' property to generic bindings i2c: designware: Add Baikal-T1 System I2C support i2c: designware: Move reg-space remapping into a dedicated function i2c: designware: Retrieve quirk flags as early as possible i2c: designware: Convert driver to using regmap API i2c: designware: Discard Cherry Trail model flag i2c: designware: Add Baytrail sem config DW I2C platform dependency i2c: designware: slave: Set DW I2C core module dependency i2c: designware: Use `-y` to build multi-object modules dt-bindings: i2c: dw: Add Baikal-T1 SoC I2C controller ... commit ac911b316336ad3d22b09e82698f0463347a5507 Merge: d74b15dbbbd2 2630e1bb0948 Author: Linus Torvalds Date: Sat Jun 13 13:09:38 2020 -0700 Merge tag 'media/v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull more media updates from Mauro Carvalho Chehab: - a set of atomisp patches. They remove several abstraction layers, and fixes clang and gcc warnings (that were hidden via some macros that were disabling 4 or 5 types of warnings there). There are also some important fixes and sensor auto-detection on newer BIOSes via ACPI _DCM tables. - some fixes * tag 'media/v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (95 commits) media: rkvdec: Fix H264 scaling list order media: v4l2-ctrls: Unset correct HEVC loop filter flag media: videobuf2-dma-contig: fix bad kfree in vb2_dma_contig_clear_max_seg_size media: v4l2-subdev.rst: correct information about v4l2 events media: s5p-mfc: Properly handle dma_parms for the allocated devices media: medium: cec: Make MEDIA_CEC_SUPPORT default to n if !MEDIA_SUPPORT media: cedrus: Implement runtime PM media: cedrus: Program output format during each run media: atomisp: improve ACPI/DMI detection logs media: Revert "media: atomisp: add Asus Transform T101HA ACPI vars" media: Revert "media: atomisp: Add some ACPI detection info" media: atomisp: improve sensor detection code to use _DSM table media: atomisp: get rid of an iomem abstraction layer media: atomisp: get rid of a string_support.h abstraction layer media: atomisp: use strscpy() instead of less secure variants media: atomisp: set DFS to MAX if sensor doesn't report fps media: atomisp: use different dfs failed messages media: atomisp: change the detection of ISP2401 at runtime media: atomisp: use macros from intel-family.h media: atomisp: don't set hpll_freq twice with different values ... commit d74b15dbbbd2741f3580d7c884cd285144ae0cab Merge: 298ce0fd5030 6ec26b8b2d70 Author: Linus Torvalds Date: Sat Jun 13 13:04:36 2020 -0700 Merge tag 'libnvdimm-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm updates from Dan Williams: "Small collection of cleanups to rework usage of ->queuedata and the GUID api" * tag 'libnvdimm-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: nvdimm/pmem: stop using ->queuedata nvdimm/btt: stop using ->queuedata nvdimm/blk: stop using ->queuedata libnvdimm: Replace guid_copy() with import_guid() where it makes sense commit 298ce0fd50309a4805413f9572280606e4007cbe Author: Linus Torvalds Date: Sat Jun 13 13:00:54 2020 -0700 watch_queue: add gitignore for generated sample program Let's keep "git status" happy and quiet. Fixes: f5b5a164f9a1 ("Add sample notification program") Signed-off-by: Linus Torvalds commit 593bd5e5d3e245262c40c7dd2f5edbac705ff578 Merge: c55572276834 d4ff3b2ef901 Author: Linus Torvalds Date: Sat Jun 13 12:44:30 2020 -0700 Merge tag 'iomap-5.8-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull iomap fix from Darrick Wong: "A single iomap bug fix for a variable type mistake on 32-bit architectures, fixing an integer overflow problem in the unshare actor" * tag 'iomap-5.8-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: iomap: Fix unsharing of an extent >2GB on a 32-bit machine commit c55572276834f8b17c859db7d20c224fe25b9eda Merge: 61f3e825bec7 8cc007246972 Author: Linus Torvalds Date: Sat Jun 13 12:40:24 2020 -0700 Merge tag 'xfs-5.8-merge-9' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fix from Darrick Wong: "We've settled down into the bugfix phase; this one fixes a resource leak on an error bailout path" * tag 'xfs-5.8-merge-9' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster() commit 61f3e825bec7364790cb7d193a9a156c46119cff Merge: 08bf1a27c4c3 36f9967531da Author: Linus Torvalds Date: Sat Jun 13 12:38:57 2020 -0700 Merge tag '9p-for-5.8' of git://github.com/martinetd/linux Pull 9p update from Dominique Martinet: "Another very quiet cycle... Only one commit: increase the size of the ring used for xen transport" * tag '9p-for-5.8' of git://github.com/martinetd/linux: 9p/xen: increase XEN_9PFS_RING_ORDER commit 08bf1a27c4c354b853fd81a79e953525bbcc8506 Merge: cfd230b3cfd6 e881bfaf5a5f Author: Linus Torvalds Date: Sat Jun 13 10:56:31 2020 -0700 Merge tag 'powerpc-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fix from Michael Ellerman: "One fix for a recent change which broke nested KVM guests on Power9. Thanks to Alexey Kardashevskiy" * tag 'powerpc-5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: KVM: PPC: Fix nested guest RC bits update commit cfd230b3cfd6f72a6016fb0b319bb63fcc8206cd Merge: 56192707bd83 db227c19e68d Author: Linus Torvalds Date: Sat Jun 13 10:55:29 2020 -0700 Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fixes from Russell King: - fix for "hex" Kconfig default to use 0x0 rather than 0 to allow these to be removed from defconfigs - fix from Ard Biesheuvel for EFI HYP mode booting * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: 8985/1: efi/decompressor: deal with HYP mode boot gracefully ARM: 8984/1: Kconfig: set default ZBOOT_ROM_TEXT/BSS value to 0x0 commit 56192707bd8330355d3d1746d99e808eca1999d7 Merge: 66125d934b39 6bd140e14d9a Author: Linus Torvalds Date: Sat Jun 13 10:54:09 2020 -0700 Merge tag 'for-linus' of git://github.com/openrisc/linux Pull OpenRISC update from Stafford Horne: "One patch found wile I was getting the glibc port ready: fix issue with clone TLS arg getting overwritten" * tag 'for-linus' of git://github.com/openrisc/linux: openrisc: Fix issue with argument clobbering for clone/fork commit 66125d934b39889372b8d75e4c192818656efb80 Merge: a9429089d3e8 777747f634ba Author: Linus Torvalds Date: Sat Jun 13 10:51:29 2020 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha Pull alpha updates from Matt Turner: "A few changes for alpha. They're mostly small janitorial fixes but there's also a build fix and most notably a patch from Mikulas that fixes a hang on boot on the Avanti platform, which required quite a bit of work and review" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha: alpha: Fix build around srm_sysrq_reboot_op alpha: c_next should increase position index alpha: Replace sg++ with sg = sg_next(sg) alpha: fix memory barriers so that they conform to the specification alpha: remove unneeded semicolon in sys_eiger.c alpha: remove unneeded semicolon in osf_sys.c alpha: Replace strncmp with str_has_prefix alpha: fix rtc port ranges alpha: Kconfig: pedantic formatting commit a9429089d3e822d45be01a9635f0685174508fd3 Merge: 076f14be7fc9 7ccddc4613db Author: Linus Torvalds Date: Sat Jun 13 10:21:00 2020 -0700 Merge tag 'ras-core-2020-06-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 RAS updates from Thomas Gleixner: "RAS updates from Borislav Petkov: - Unmap a whole guest page if an MCE is encountered in it to avoid follow-on MCEs leading to the guest crashing, by Tony Luck. This change collided with the entry changes and the merge resolution would have been rather unpleasant. To avoid that the entry branch was merged in before applying this. The resulting code did not change over the rebase. - AMD MCE error thresholding machinery cleanup and hotplug sanitization, by Thomas Gleixner. - Change the MCE notifiers to denote whether they have handled the error and not break the chain early by returning NOTIFY_STOP, thus giving the opportunity for the later handlers in the chain to see it. By Tony Luck. - Add AMD family 0x17, models 0x60-6f support, by Alexander Monakov. - Last but not least, the usual round of fixes and improvements" * tag 'ras-core-2020-06-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits) x86/mce/dev-mcelog: Fix -Wstringop-truncation warning about strncpy() x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned EDAC/amd64: Add AMD family 17h model 60h PCI IDs hwmon: (k10temp) Add AMD family 17h model 60h PCI match x86/amd_nb: Add AMD family 17h model 60h PCI IDs x86/mcelog: Add compat_ioctl for 32-bit mcelog support x86/mce: Drop bogus comment about mce.kflags x86/mce: Fixup exception only for the correct MCEs EDAC: Drop the EDAC report status checks x86/mce: Add mce=print_all option x86/mce: Change default MCE logger to check mce->kflags x86/mce: Fix all mce notifiers to update the mce->kflags bitmask x86/mce: Add a struct mce.kflags field x86/mce: Convert the CEC to use the MCE notifier x86/mce: Rename "first" function as "early" x86/mce/amd, edac: Remove report_gart_errors x86/mce/amd: Make threshold bank setting hotplug robust x86/mce/amd: Cleanup threshold device remove path x86/mce/amd: Straighten CPU hotplug path x86/mce/amd: Sanitize thresholding device creation hotplug path ... commit 076f14be7fc942e112c94c841baec44124275cd0 Merge: 6c3297841472 0bf3924bfabd Author: Linus Torvalds Date: Sat Jun 13 10:05:47 2020 -0700 Merge tag 'x86-entry-2020-06-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 entry updates from Thomas Gleixner: "The x86 entry, exception and interrupt code rework This all started about 6 month ago with the attempt to move the Posix CPU timer heavy lifting out of the timer interrupt code and just have lockless quick checks in that code path. Trivial 5 patches. This unearthed an inconsistency in the KVM handling of task work and the review requested to move all of this into generic code so other architectures can share. Valid request and solved with another 25 patches but those unearthed inconsistencies vs. RCU and instrumentation. Digging into this made it obvious that there are quite some inconsistencies vs. instrumentation in general. The int3 text poke handling in particular was completely unprotected and with the batched update of trace events even more likely to expose to endless int3 recursion. In parallel the RCU implications of instrumenting fragile entry code came up in several discussions. The conclusion of the x86 maintainer team was to go all the way and make the protection against any form of instrumentation of fragile and dangerous code pathes enforcable and verifiable by tooling. A first batch of preparatory work hit mainline with commit d5f744f9a2ac ("Pull x86 entry code updates from Thomas Gleixner") That (almost) full solution introduced a new code section '.noinstr.text' into which all code which needs to be protected from instrumentation of all sorts goes into. Any call into instrumentable code out of this section has to be annotated. objtool has support to validate this. Kprobes now excludes this section fully which also prevents BPF from fiddling with it and all 'noinstr' annotated functions also keep ftrace off. The section, kprobes and objtool changes are already merged. The major changes coming with this are: - Preparatory cleanups - Annotating of relevant functions to move them into the noinstr.text section or enforcing inlining by marking them __always_inline so the compiler cannot misplace or instrument them. - Splitting and simplifying the idtentry macro maze so that it is now clearly separated into simple exception entries and the more interesting ones which use interrupt stacks and have the paranoid handling vs. CR3 and GS. - Move quite some of the low level ASM functionality into C code: - enter_from and exit to user space handling. The ASM code now calls into C after doing the really necessary ASM handling and the return path goes back out without bells and whistels in ASM. - exception entry/exit got the equivivalent treatment - move all IRQ tracepoints from ASM to C so they can be placed as appropriate which is especially important for the int3 recursion issue. - Consolidate the declaration and definition of entry points between 32 and 64 bit. They share a common header and macros now. - Remove the extra device interrupt entry maze and just use the regular exception entry code. - All ASM entry points except NMI are now generated from the shared header file and the corresponding macros in the 32 and 64 bit entry ASM. - The C code entry points are consolidated as well with the help of DEFINE_IDTENTRY*() macros. This allows to ensure at one central point that all corresponding entry points share the same semantics. The actual function body for most entry points is in an instrumentable and sane state. There are special macros for the more sensitive entry points, e.g. INT3 and of course the nasty paranoid #NMI, #MCE, #DB and #DF. They allow to put the whole entry instrumentation and RCU handling into safe places instead of the previous pray that it is correct approach. - The INT3 text poke handling is now completely isolated and the recursion issue banned. Aside of the entry rework this required other isolation work, e.g. the ability to force inline bsearch. - Prevent #DB on fragile entry code, entry relevant memory and disable it on NMI, #MC entry, which allowed to get rid of the nested #DB IST stack shifting hackery. - A few other cleanups and enhancements which have been made possible through this and already merged changes, e.g. consolidating and further restricting the IDT code so the IDT table becomes RO after init which removes yet another popular attack vector - About 680 lines of ASM maze are gone. There are a few open issues: - An escape out of the noinstr section in the MCE handler which needs some more thought but under the aspect that MCE is a complete trainwreck by design and the propability to survive it is low, this was not high on the priority list. - Paravirtualization When PV is enabled then objtool complains about a bunch of indirect calls out of the noinstr section. There are a few straight forward ways to fix this, but the other issues vs. general correctness were more pressing than parawitz. - KVM KVM is inconsistent as well. Patches have been posted, but they have not yet been commented on or picked up by the KVM folks. - IDLE Pretty much the same problems can be found in the low level idle code especially the parts where RCU stopped watching. This was beyond the scope of the more obvious and exposable problems and is on the todo list. The lesson learned from this brain melting exercise to morph the evolved code base into something which can be validated and understood is that once again the violation of the most important engineering principle "correctness first" has caused quite a few people to spend valuable time on problems which could have been avoided in the first place. The "features first" tinkering mindset really has to stop. With that I want to say thanks to everyone involved in contributing to this effort. Special thanks go to the following people (alphabetical order): Alexandre Chartre, Andy Lutomirski, Borislav Petkov, Brian Gerst, Frederic Weisbecker, Josh Poimboeuf, Juergen Gross, Lai Jiangshan, Macro Elver, Paolo Bonzin,i Paul McKenney, Peter Zijlstra, Vitaly Kuznetsov, and Will Deacon" * tag 'x86-entry-2020-06-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (142 commits) x86/entry: Force rcu_irq_enter() when in idle task x86/entry: Make NMI use IDTENTRY_RAW x86/entry: Treat BUG/WARN as NMI-like entries x86/entry: Unbreak __irqentry_text_start/end magic x86/entry: __always_inline CR2 for noinstr lockdep: __always_inline more for noinstr x86/entry: Re-order #DB handler to avoid *SAN instrumentation x86/entry: __always_inline arch_atomic_* for noinstr x86/entry: __always_inline irqflags for noinstr x86/entry: __always_inline debugreg for noinstr x86/idt: Consolidate idt functionality x86/idt: Cleanup trap_init() x86/idt: Use proper constants for table size x86/idt: Add comments about early #PF handling x86/idt: Mark init only functions __init x86/entry: Rename trace_hardirqs_off_prepare() x86/entry: Clarify irq_{enter,exit}_rcu() x86/entry: Remove DBn stacks x86/entry: Remove debug IDT frobbing x86/entry: Optimize local_db_save() for virt ... commit a7f7f6248d9740d710fd6bd190293fe5e16410ac Author: Masahiro Yamada Date: Sun Jun 14 01:50:22 2020 +0900 treewide: replace '---help---' in Kconfig files with 'help' Since commit 84af7a6194e4 ("checkpatch: kconfig: prefer 'help' over '---help---'"), the number of '---help---' has been gradually decreasing, but there are still more than 2400 instances. This commit finishes the conversion. While I touched the lines, I also fixed the indentation. There are a variety of indentation styles found. a) 4 spaces + '---help---' b) 7 spaces + '---help---' c) 8 spaces + '---help---' d) 1 space + 1 tab + '---help---' e) 1 tab + '---help---' (correct indentation) f) 1 tab + 1 space + '---help---' g) 1 tab + 2 spaces + '---help---' In order to convert all of them to 1 tab + 'help', I ran the following commend: $ find . -name 'Kconfig*' | xargs sed -i 's/^[[:space:]]*---help---/\thelp/' Signed-off-by: Masahiro Yamada commit 6c3297841472b4e53e22e53826eea9e483d993e5 Merge: df2fbf5bfa0e a8478a602913 Author: Linus Torvalds Date: Sat Jun 13 09:56:21 2020 -0700 Merge tag 'notifications-20200601' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull notification queue from David Howells: "This adds a general notification queue concept and adds an event source for keys/keyrings, such as linking and unlinking keys and changing their attributes. Thanks to Debarshi Ray, we do have a pull request to use this to fix a problem with gnome-online-accounts - as mentioned last time: https://gitlab.gnome.org/GNOME/gnome-online-accounts/merge_requests/47 Without this, g-o-a has to constantly poll a keyring-based kerberos cache to find out if kinit has changed anything. [ There are other notification pending: mount/sb fsinfo notifications for libmount that Karel Zak and Ian Kent have been working on, and Christian Brauner would like to use them in lxc, but let's see how this one works first ] LSM hooks are included: - A set of hooks are provided that allow an LSM to rule on whether or not a watch may be set. Each of these hooks takes a different "watched object" parameter, so they're not really shareable. The LSM should use current's credentials. [Wanted by SELinux & Smack] - A hook is provided to allow an LSM to rule on whether or not a particular message may be posted to a particular queue. This is given the credentials from the event generator (which may be the system) and the watch setter. [Wanted by Smack] I've provided SELinux and Smack with implementations of some of these hooks. WHY === Key/keyring notifications are desirable because if you have your kerberos tickets in a file/directory, your Gnome desktop will monitor that using something like fanotify and tell you if your credentials cache changes. However, we also have the ability to cache your kerberos tickets in the session, user or persistent keyring so that it isn't left around on disk across a reboot or logout. Keyrings, however, cannot currently be monitored asynchronously, so the desktop has to poll for it - not so good on a laptop. This facility will allow the desktop to avoid the need to poll. DESIGN DECISIONS ================ - The notification queue is built on top of a standard pipe. Messages are effectively spliced in. The pipe is opened with a special flag: pipe2(fds, O_NOTIFICATION_PIPE); The special flag has the same value as O_EXCL (which doesn't seem like it will ever be applicable in this context)[?]. It is given up front to make it a lot easier to prohibit splice&co from accessing the pipe. [?] Should this be done some other way? I'd rather not use up a new O_* flag if I can avoid it - should I add a pipe3() system call instead? The pipe is then configured:: ioctl(fds[1], IOC_WATCH_QUEUE_SET_SIZE, queue_depth); ioctl(fds[1], IOC_WATCH_QUEUE_SET_FILTER, &filter); Messages are then read out of the pipe using read(). - It should be possible to allow write() to insert data into the notification pipes too, but this is currently disabled as the kernel has to be able to insert messages into the pipe *without* holding pipe->mutex and the code to make this work needs careful auditing. - sendfile(), splice() and vmsplice() are disabled on notification pipes because of the pipe->mutex issue and also because they sometimes want to revert what they just did - but one or more notification messages might've been interleaved in the ring. - The kernel inserts messages with the wait queue spinlock held. This means that pipe_read() and pipe_write() have to take the spinlock to update the queue pointers. - Records in the buffer are binary, typed and have a length so that they can be of varying size. This allows multiple heterogeneous sources to share a common buffer; there are 16 million types available, of which I've used just a few, so there is scope for others to be used. Tags may be specified when a watchpoint is created to help distinguish the sources. - Records are filterable as types have up to 256 subtypes that can be individually filtered. Other filtration is also available. - Notification pipes don't interfere with each other; each may be bound to a different set of watches. Any particular notification will be copied to all the queues that are currently watching for it - and only those that are watching for it. - When recording a notification, the kernel will not sleep, but will rather mark a queue as having lost a message if there's insufficient space. read() will fabricate a loss notification message at an appropriate point later. - The notification pipe is created and then watchpoints are attached to it, using one of: keyctl_watch_key(KEY_SPEC_SESSION_KEYRING, fds[1], 0x01); watch_mount(AT_FDCWD, "/", 0, fd, 0x02); watch_sb(AT_FDCWD, "/mnt", 0, fd, 0x03); where in both cases, fd indicates the queue and the number after is a tag between 0 and 255. - Watches are removed if either the notification pipe is destroyed or the watched object is destroyed. In the latter case, a message will be generated indicating the enforced watch removal. Things I want to avoid: - Introducing features that make the core VFS dependent on the network stack or networking namespaces (ie. usage of netlink). - Dumping all this stuff into dmesg and having a daemon that sits there parsing the output and distributing it as this then puts the responsibility for security into userspace and makes handling namespaces tricky. Further, dmesg might not exist or might be inaccessible inside a container. - Letting users see events they shouldn't be able to see. TESTING AND MANPAGES ==================== - The keyutils tree has a pipe-watch branch that has keyctl commands for making use of notifications. Proposed manual pages can also be found on this branch, though a couple of them really need to go to the main manpages repository instead. If the kernel supports the watching of keys, then running "make test" on that branch will cause the testing infrastructure to spawn a monitoring process on the side that monitors a notifications pipe for all the key/keyring changes induced by the tests and they'll all be checked off to make sure they happened. https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/log/?h=pipe-watch - A test program is provided (samples/watch_queue/watch_test) that can be used to monitor for keyrings, mount and superblock events. Information on the notifications is simply logged to stdout" * tag 'notifications-20200601' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: smack: Implement the watch_key and post_notification hooks selinux: Implement the watch_key security hook keys: Make the KEY_NEED_* perms an enum rather than a mask pipe: Add notification lossage handling pipe: Allow buffers to be marked read-whole-or-error for notifications Add sample notification program watch_queue: Add a key/keyring notification facility security: Add hooks to rule on setting a watch pipe: Add general notification queue support pipe: Add O_NOTIFICATION_PIPE security: Add a hook for the point of notification insertion uapi: General notification queue definitions commit db227c19e68db353e4cc6c99b6bc86bb24736943 Author: Ard Biesheuvel Date: Fri Jun 12 11:21:35 2020 +0100 ARM: 8985/1: efi/decompressor: deal with HYP mode boot gracefully EFI on ARM only supports short descriptors, and given that it mandates that the MMU and caches are on, it is implied that booting in HYP mode is not supported. However, implementations of EFI exist (i.e., U-Boot) that ignore this requirement, which is not entirely unreasonable, given that it makes HYP mode inaccessible to the operating system. So let's make sure that we can deal with this condition gracefully. We already tolerate booting the EFI stub with the caches off (even though this violates the EFI spec as well), and so we should deal with HYP mode boot with MMU and caches either on or off. - When the MMU and caches are on, we can ignore the HYP stub altogether, since we can carry on executing at HYP. We do need to ensure that we disable the MMU at HYP before entering the kernel proper. - When the MMU and caches are off, we have to drop to SVC mode so that we can set up the page tables using short descriptors. In this case, we need to install the HYP stub as usual, so that we can return to HYP mode before handing over to the kernel proper. Tested-by: Heinrich Schuchardt Signed-off-by: Ard Biesheuvel Signed-off-by: Russell King commit 39c3e304567a013ac096ca8747fe53b44a76e44b Author: Chris Packham Date: Tue Jun 9 03:28:14 2020 +0100 ARM: 8984/1: Kconfig: set default ZBOOT_ROM_TEXT/BSS value to 0x0 ZBOOT_ROM_TEXT and ZBOOT_ROM_BSS are defined as 'hex' but had a default of "0". Kconfig will helpfully expand a text entry of 0 to 0x0 but because this is not the same as the default value it was treated as being explicitly set when running 'make savedefconfig' so most arm defconfigs have CONFIG_ZBOOT_ROM_TEXT=0x0 and CONFIG_ZBOOT_ROM_BSS=0x0. Change the default to 0x0 which will mean next time the defconfigs are re-generated the spurious config entries will be removed. Signed-off-by: Chris Packham Signed-off-by: Russell King commit bc8bd54ffd8513e05eb87b5badcb2d586ea278f0 Author: John Stultz Date: Sat Jun 13 04:21:59 2020 +0000 drm/msm: Fix 0xfffflub in "Refactor address space initialization" This week I started seeing GPU crashes on my DragonBoard 845c which I narrowed down to being caused by commit ccac7ce373c1 ("drm/msm: Refactor address space initialization"). Looking through the patch, Jordan and I couldn't find anything obviously wrong, so I ended up breaking that change up into a number of smaller logical steps so I could figure out which part was causing the trouble. Ends up, visually counting 'f's is hard, esp across a number of lines: 0xfffffff != 0xffffffff This patch corrects the end value we pass in to msm_gem_address_space_create() in adreno_iommu_create_address_space() so that it matches the value used before the problematic patch landed. With this change, I no longer see the GPU crashes that were affecting me. Cc: Shawn Guo Cc: Rob Clark Cc: Sean Paul Cc: Jordan Crouse Cc: freedreno@lists.freedesktop.org Fixes: ccac7ce373c1 ("drm/msm: Refactor address space initialization") Signed-off-by: John Stultz Signed-off-by: Rob Clark commit 777747f634ba765085373f851e9c48dccb12ad52 Author: Joerg Roedel Date: Thu Jun 11 11:11:39 2020 +0200 alpha: Fix build around srm_sysrq_reboot_op The patch introducing the struct was probably never compile tested, because it sets a handler with a wrong function signature. Wrap the handler into a functions with the correct signature to fix the build. Fixes: 0f1c9688a194 ("tty/sysrq: alpha: export and use __sysrq_get_key_op()") Cc: Emil Velikov Reviewed-by: Guenter Roeck Tested-by: Guenter Roeck Signed-off-by: Joerg Roedel Signed-off-by: Matt Turner commit 7812193ca88bcb6c7bddea61c8797e2d5a6df5bd Author: Matt Turner Date: Wed Jun 10 16:59:30 2020 -0700 alpha: c_next should increase position index Signed-off-by: Matt Turner commit e66dd01e33bdea1c580bf037feec39aae6946ade Author: Xu Wang Date: Wed Jun 3 02:31:59 2020 +0000 alpha: Replace sg++ with sg = sg_next(sg) Replace sg++ with sg = sg_next(sg). Signed-off-by: Xu Wang Signed-off-by: Matt Turner commit 54505a1e2083fc54cbe8779b97479f969cd30a00 Author: Mikulas Patocka Date: Tue May 26 10:47:49 2020 -0400 alpha: fix memory barriers so that they conform to the specification The commits cd0e00c10672 and 92d7223a7423 broke boot on the Alpha Avanti platform. The patches move memory barriers after a write before the write. The result is that if there's iowrite followed by ioread, there is no barrier between them. The Alpha architecture allows reordering of the accesses to the I/O space, and the missing barrier between write and read causes hang with serial port and real time clock. This patch makes barriers confiorm to the specification. 1. We add mb() before readX_relaxed and writeX_relaxed - memory-barriers.txt claims that these functions must be ordered w.r.t. each other. Alpha doesn't order them, so we need an explicit barrier. 2. We add mb() before reads from the I/O space - so that if there's a write followed by a read, there should be a barrier between them. Signed-off-by: Mikulas Patocka Fixes: cd0e00c10672 ("alpha: io: reorder barriers to guarantee writeX() and iowriteX() ordering") Fixes: 92d7223a7423 ("alpha: io: reorder barriers to guarantee writeX() and iowriteX() ordering #2") Cc: stable@vger.kernel.org # v4.17+ Acked-by: Ivan Kokshaysky Reviewed-by: Maciej W. Rozycki Signed-off-by: Matt Turner commit c0ebf71506f11c5f66f3b47fb27f8c7d5e176baa Author: Jason Yan Date: Tue Apr 28 14:32:25 2020 +0800 alpha: remove unneeded semicolon in sys_eiger.c Fix the following coccicheck warning: arch/alpha/kernel/sys_eiger.c:179:2-3: Unneeded semicolon Signed-off-by: Jason Yan Signed-off-by: Matt Turner commit a466a5cfbb5665a0595cbd4cbe05140d57346990 Author: Jason Yan Date: Tue Apr 28 14:32:35 2020 +0800 alpha: remove unneeded semicolon in osf_sys.c Fix the following coccicheck warning: arch/alpha/kernel/osf_sys.c:680:2-3: Unneeded semicolon Signed-off-by: Jason Yan Signed-off-by: Matt Turner commit 5f14596e55de458987ee38043019b3d5cd636af1 Author: Chuhong Yuan Date: Tue Jul 30 11:02:39 2019 +0800 alpha: Replace strncmp with str_has_prefix In commit b6b2735514bc ("tracing: Use str_has_prefix() instead of using fixed sizes") the newly introduced str_has_prefix() was used to replace error-prone strncmp(str, const, len). Here fix codes with the same pattern. Signed-off-by: Chuhong Yuan Signed-off-by: Matt Turner commit 5bea3044a74acb3d780288c0fecd0eb25bdda24d Author: Mikulas Patocka Date: Fri Apr 5 07:16:31 2019 -0400 alpha: fix rtc port ranges Alpha incorrectly reports "0070-0080 : rtc" in /proc/ioports. Fix this, so that it is "0070-007f". Signed-off-by: Mikulas Patocka Signed-off-by: Matt Turner commit 8b3ebda6d81af05b4827f18086d27bee9000f67c Author: Enrico Weigelt, metux IT consult Date: Mon Mar 11 14:42:08 2019 +0100 alpha: Kconfig: pedantic formatting Formatting of Kconfig files doesn't look so pretty, so let the Great White Handkerchief come around and clean it up. Signed-off-by: Enrico Weigelt, metux IT consult Signed-off-by: Matt Turner commit 29fcb05bbf1a7008900bb9bee347bdbfc7171036 Author: Andrii Nakryiko Date: Fri Jun 12 17:21:15 2020 -0700 bpf: Undo internal BPF_PROBE_MEM in BPF insns dump BPF_PROBE_MEM is kernel-internal implmementation details. When dumping BPF instructions to user-space, it needs to be replaced back with BPF_MEM mode. Fixes: 2a02759ef5f8 ("bpf: Add support for BTF pointers to interpreter") Signed-off-by: Andrii Nakryiko Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200613002115.1632142-1-andriin@fb.com commit caf62492f479585296e9d636c798d5ac256b7b04 Author: Andrii Nakryiko Date: Fri Jun 12 12:45:04 2020 -0700 libbpf: Support pre-initializing .bss global variables Remove invalid assumption in libbpf that .bss map doesn't have to be updated in kernel. With addition of skeleton and memory-mapped initialization image, .bss doesn't have to be all zeroes when BPF map is created, because user-code might have initialized those variables from user-space. Fixes: eba9c5f498a1 ("libbpf: Refactor global data map initialization") Signed-off-by: Andrii Nakryiko Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200612194504.557844-1-andriin@fb.com commit 22eb78792e07a4dfb63c85f34950d4e58eb90326 Author: Andrii Nakryiko Date: Fri Jun 12 13:16:03 2020 -0700 tools/bpftool: Fix skeleton codegen Remove unnecessary check at the end of codegen() routine which makes codegen() to always fail and exit bpftool with error code. Positive value of variable n is not an indicator of a failure. Fixes: 2c4779eff837 ("tools, bpftool: Exit on error in function codegen") Signed-off-by: Andrii Nakryiko Signed-off-by: Alexei Starovoitov Reviewed-by: Tobias Klauser Link: https://lore.kernel.org/bpf/20200612201603.680852-1-andriin@fb.com commit 60e5ca8a64bad8f3e2e20a1e57846e497361c700 Author: Andrey Ignatov Date: Thu Jun 11 17:08:57 2020 -0700 bpf: Fix memlock accounting for sock_hash Add missed bpf_map_charge_init() in sock_hash_alloc() and correspondingly bpf_map_charge_finish() on ENOMEM. It was found accidentally while working on unrelated selftest that checks "map->memory.pages > 0" is true for all map types. Before: # bpftool m l ... 3692: sockhash name m_sockhash flags 0x0 key 4B value 4B max_entries 8 memlock 0B After: # bpftool m l ... 84: sockmap name m_sockmap flags 0x0 key 4B value 4B max_entries 8 memlock 4096B Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Andrey Ignatov Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200612000857.2881453-1-rdna@fb.com commit f6fede8569689dd31e7b0ed15024b25e5ce2e2e5 Author: Lorenz Bauer Date: Thu Jun 11 18:25:20 2020 +0100 bpf: sockmap: Don't attach programs to UDP sockets The stream parser infrastructure isn't set up to deal with UDP sockets, so we mustn't try to attach programs to them. I remember making this change at some point, but I must have lost it while rebasing or something similar. Fixes: 7b98cd42b049 ("bpf: sockmap: Add UDP support") Signed-off-by: Lorenz Bauer Signed-off-by: Alexei Starovoitov Acked-by: Jakub Sitnicki Link: https://lore.kernel.org/bpf/20200611172520.327602-1-lmb@cloudflare.com commit 2c7269b231194aae23fb90ab65842573a91acbc9 Author: Sabrina Dubroca Date: Wed Jun 10 12:19:43 2020 +0200 bpf: tcp: Recv() should return 0 when the peer socket is closed If the peer is closed, we will never get more data, so tcp_bpf_wait_data will get stuck forever. In case we passed MSG_DONTWAIT to recv(), we get EAGAIN but we should actually get 0. >From man 2 recv: RETURN VALUE When a stream socket peer has performed an orderly shutdown, the return value will be 0 (the traditional "end-of-file" return). This patch makes tcp_bpf_wait_data always return 1 when the peer socket has been shutdown. Either we have data available, and it would have returned 1 anyway, or there isn't, in which case we'll call tcp_recvmsg which does the right thing in this situation. Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Sabrina Dubroca Signed-off-by: Alexei Starovoitov Acked-by: Jakub Sitnicki Link: https://lore.kernel.org/bpf/26038a28c21fea5d04d4bd4744c5686d3f2e5504.1591784177.git.sd@queasysnail.net commit a7a519a4926214ba4161bc30109f4a8d69defb8d Author: Steve French Date: Fri Jun 12 14:49:47 2020 -0500 smb3: Add debug message for new file creation with idsfromsid mount option Pavel noticed that a debug message (disabled by default) in creating the security descriptor context could be useful for new file creation owner fields (as we already have for the mode) when using mount parm idsfromsid. [38120.392272] CIFS: FYI: owner S-1-5-88-1-0, group S-1-5-88-2-0 [38125.792637] CIFS: FYI: owner S-1-5-88-1-1000, group S-1-5-88-2-1000 Also cleans up a typo in a comment Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit 6954a9e4192b86d778fb52b525fd7b62d51b1147 Author: Thomas Falcon Date: Fri Jun 12 13:34:41 2020 -0500 ibmvnic: Flush existing work items before device removal Ensure that all scheduled work items have completed before continuing with device removal and after further event scheduling has been halted. This patch fixes a bug where a scheduled driver reset event is processed following device removal. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller commit df2fbf5bfa0e7fff8b4784507e4d68f200454318 Merge: 44ebe016df3a 8d485da0ddee Author: Linus Torvalds Date: Fri Jun 12 14:10:21 2020 -0700 Merge tag 'thermal-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux Pull thermal updates from Daniel Lezcano: - Add the hwmon support on the i.MX SC (Anson Huang) - Thermal framework cleanups (self-encapsulation, pointless stubs, private structures) (Daniel Lezcano) - Use the PM QoS frequency changes for the devfreq cooling device (Matthias Kaehlcke) - Remove duplicate error messages from platform_get_irq() error handling (Markus Elfring) - Add support for the bandgap sensors (Keerthy) - Statically initialize .get_mode/.set_mode ops (Andrzej Pietrasiewicz) - Add Renesas R-Car maintainer entry (Niklas Söderlund) - Fix error checking after calling ti_bandgap_get_sensor_data() for the TI SoC thermal (Sudip Mukherjee) - Add latency constraint for the idle injection, the DT binding and the change the registering function (Daniel Lezcano) - Convert the thermal framework binding to the Yaml schema (Amit Kucheria) - Replace zero-length array with flexible-array on i.MX 8MM (Gustavo A. R. Silva) - Thermal framework cleanups (alphabetic order for heads, replace module.h by export.h, make file naming consistent) (Amit Kucheria) - Merge tsens-common into the tsens driver (Amit Kucheria) - Fix platform dependency for the Qoriq driver (Geert Uytterhoeven) - Clean up the rcar_thermal_update_temp() function in the rcar thermal driver (Niklas Söderlund) - Fix the TMSAR register for the TMUv2 on the Qoriq platform (Yuantian Tang) - Export GDDV, OEM vendor variables, and don't require IDSP for the int340x thermal driver - trivial conflicts fixed (Matthew Garrett) * tag 'thermal-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux: (48 commits) thermal/int340x_thermal: Don't require IDSP to exist thermal/int340x_thermal: Export OEM vendor variables thermal/int340x_thermal: Export GDDV thermal: qoriq: Update the settings for TMUv2 thermal: rcar_thermal: Clean up rcar_thermal_update_temp() thermal: qoriq: Add platform dependencies drivers: thermal: tsens: Merge tsens-common.c into tsens.c thermal/of: Rename of-thermal.c thermal/governors: Prefix all source files with gov_ thermal/drivers/user_space: Sort headers alphabetically thermal/drivers/of-thermal: Sort headers alphabetically thermal/drivers/cpufreq_cooling: Replace module.h with export.h thermal/drivers/cpufreq_cooling: Sort headers alphabetically thermal/drivers/clock_cooling: Include export.h thermal/drivers/clock_cooling: Sort headers alphabetically thermal/drivers/thermal_hwmon: Include export.h thermal/drivers/thermal_hwmon: Sort headers alphabetically thermal/drivers/thermal_helpers: Include export.h thermal/drivers/thermal_helpers: Sort headers alphabetically thermal/core: Replace module.h with export.h ... commit b65ce380b754e77fbfdcfc83fd6e29c8ceedf431 Author: Cong Wang Date: Fri Jun 12 00:16:55 2020 -0700 genetlink: clean up family attributes allocations genl_family_rcv_msg_attrs_parse() and genl_family_rcv_msg_attrs_free() take a boolean parameter to determine whether allocate/free the family attrs. This is unnecessary as we can just check family->parallel_ops. More importantly, callers would not need to worry about pairing these parameters correctly after this patch. And this fixes a memory leak, as after commit c36f05559104 ("genetlink: fix memory leaks in genl_family_rcv_msg_dumpit()") we call genl_family_rcv_msg_attrs_parse() for both parallel and non-parallel cases. Fixes: c36f05559104 ("genetlink: fix memory leaks in genl_family_rcv_msg_dumpit()") Reported-by: Ido Schimmel Signed-off-by: Cong Wang Reviewed-by: Ido Schimmel Tested-by: Ido Schimmel Signed-off-by: David S. Miller commit 44ebe016df3aad96e3be8f95ec52397728dd7701 Merge: 9433a51ec153 ef1548adada5 Author: Linus Torvalds Date: Fri Jun 12 12:38:18 2020 -0700 Merge branch 'proc-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull proc fix from Eric Biederman: "Much to my surprise syzbot found a very old bug in proc that the recent changes made easier to reproce. This bug is subtle enough it looks like it fooled everyone who should know better" * 'proc-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: proc: Use new_inode not new_inode_pseudo commit 0bf3924bfabd13ba21aa702344fc00b3b3263e5a Author: Thomas Gleixner Date: Fri Jun 12 15:55:00 2020 +0200 x86/entry: Force rcu_irq_enter() when in idle task The idea of conditionally calling into rcu_irq_enter() only when RCU is not watching turned out to be not completely thought through. Paul noticed occasional premature end of grace periods in RCU torture testing. Bisection led to the commit which made the invocation of rcu_irq_enter() conditional on !rcu_is_watching(). It turned out that this conditional breaks RCU assumptions about the idle task when the scheduler tick happens to be a nested interrupt. Nested interrupts can happen when the first interrupt invokes softirq processing on return which enables interrupts. If that nested tick interrupt does not invoke rcu_irq_enter() then the RCU's irq-nesting checks will believe that this interrupt came directly from idle, which will cause RCU to report a quiescent state. Because this interrupt instead came from a softirq handler which might have been executing an RCU read-side critical section, this can cause the grace period to end prematurely. Change the condition from !rcu_is_watching() to is_idle_task(current) which enforces that interrupts in the idle task unconditionally invoke rcu_irq_enter() independent of the RCU state. This is also correct vs. user mode entries in NOHZ full scenarios because user mode entries bring RCU out of EQS and force the RCU irq nesting state accounting to nested. As only the first interrupt can enter from user mode a nested tick interrupt will enter from kernel mode and as the nesting state accounting is forced to nesting it will not do anything stupid even if rcu_irq_enter() has not been invoked. Fixes: 3eeec3858488 ("x86/entry: Provide idtentry_entry/exit_cond_rcu()") Reported-by: "Paul E. McKenney" Signed-off-by: Thomas Gleixner Tested-by: "Paul E. McKenney" Reviewed-by: "Paul E. McKenney" Acked-by: Andy Lutomirski Acked-by: Frederic Weisbecker Link: https://lkml.kernel.org/r/87wo4cxubv.fsf@nanos.tec.linutronix.de commit 9433a51ec1533e0620ff08d0318d215de73ceb77 Merge: 8f02f363f76f f5641d053d46 Author: Linus Torvalds Date: Fri Jun 12 12:24:42 2020 -0700 Merge tag 'pwm/for-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm updates from Thierry Reding: "Nothing too exciting for this cycle. A couple of fixes across the board, and Lee volunteered to help with patch review" * tag 'pwm/for-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: pwm: Add missing "CONFIG_" prefix MAINTAINERS: Add Lee Jones as reviewer for the PWM subsystem pwm: imx27: Fix rounding behavior pwm: rockchip: Simplify rockchip_pwm_get_state() pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case pwm: tegra: Support dynamic clock frequency configuration pwm: jz4740: Add support for the JZ4725B pwm: jz4740: Make PWM start with the active part pwm: jz4740: Enhance precision in calculation of duty cycle pwm: jz4740: Drop dependency on MACH_INGENIC pwm: lpss: Fix get_state runtime-pm reference handling pwm: sun4i: Support direct clock output on Allwinner A64 pwm: Add support for Azoteq IQS620A PWM generator dt-bindings: pwm: rcar: add r8a77961 support pwm: Add missing '\n' in log messages commit 8f02f363f76f99f08117336cfac7f24c76b25be3 Merge: 5c2fb57af0f4 672cf6df9b8a Author: Linus Torvalds Date: Fri Jun 12 12:19:13 2020 -0700 Merge tag 'iommu-drivers-move-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull iommu driver directory structure cleanup from Joerg Roedel: "Move the Intel and AMD IOMMU drivers into their own subdirectory. Both drivers consist of several files by now and giving them their own directory unclutters the IOMMU top-level directory a bit" * tag 'iommu-drivers-move-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/vt-d: Move Intel IOMMU driver into subdirectory iommu/amd: Move AMD IOMMU driver into subdirectory commit 5c2fb57af0f42550eb718a3b0b445c81ec923895 Merge: 923ea1631e94 2a9e5ded9543 Author: Linus Torvalds Date: Fri Jun 12 12:13:36 2020 -0700 Merge tag 'printk-for-5.8-kdb-nmi' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux Pull printk fix from Petr Mladek: "One more printk change for 5.8: make sure that messages printed from KDB context are redirected to KDB console handlers. It did not work when KDB interrupted NMI or printk_safe contexts. Arm people started hitting this problem more often recently. I forgot to add the fix into the previous pull request by mistake" * tag 'printk-for-5.8-kdb-nmi' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux: printk/kdb: Redirect printk messages into kdb in any context commit ef1548adada51a2f32ed7faef50aa465e1b4c5da Author: Eric W. Biederman Date: Fri Jun 12 09:42:03 2020 -0500 proc: Use new_inode not new_inode_pseudo Recently syzbot reported that unmounting proc when there is an ongoing inotify watch on the root directory of proc could result in a use after free when the watch is removed after the unmount of proc when the watcher exits. Commit 69879c01a0c3 ("proc: Remove the now unnecessary internal mount of proc") made it easier to unmount proc and allowed syzbot to see the problem, but looking at the code it has been around for a long time. Looking at the code the fsnotify watch should have been removed by fsnotify_sb_delete in generic_shutdown_super. Unfortunately the inode was allocated with new_inode_pseudo instead of new_inode so the inode was not on the sb->s_inodes list. Which prevented fsnotify_unmount_inodes from finding the inode and removing the watch as well as made it so the "VFS: Busy inodes after unmount" warning could not find the inodes to warn about them. Make all of the inodes in proc visible to generic_shutdown_super, and fsnotify_sb_delete by using new_inode instead of new_inode_pseudo. The only functional difference is that new_inode places the inodes on the sb->s_inodes list. I wrote a small test program and I can verify that without changes it can trigger this issue, and by replacing new_inode_pseudo with new_inode the issues goes away. Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/000000000000d788c905a7dfa3f4@google.com Reported-by: syzbot+7d2debdcdb3cb93c1e5e@syzkaller.appspotmail.com Fixes: 0097875bd415 ("proc: Implement /proc/thread-self to point at the directory of the current thread") Fixes: 021ada7dff22 ("procfs: switch /proc/self away from proc_dir_entry") Fixes: 51f0885e5415 ("vfs,proc: guarantee unique inodes in /proc") Signed-off-by: "Eric W. Biederman" commit 6c58f25e6938c073198af8b1e1832f83f8f0df33 Author: Nathan Huckleberry Date: Thu Jun 11 18:32:35 2020 +0000 riscv/atomic: Fix sign extension for RV64I The argument passed to cmpxchg is not guaranteed to be sign extended, but lr.w sign extends on RV64I. This makes cmpxchg fail on clang built kernels when __old is negative. To fix this, we just cast __old to long which sign extends on RV64I. With this fix, clang built RISC-V kernels now boot. Link: https://github.com/ClangBuiltLinux/linux/issues/867 Signed-off-by: Nathan Huckleberry Signed-off-by: Palmer Dabbelt commit 923ea1631e942f8af179ca418e0cc1915025e4c2 Merge: 4071b856afc8 4235b1a4efe1 Author: Linus Torvalds Date: Fri Jun 12 12:02:41 2020 -0700 Merge tag 'integrity-v5.8-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity Pull integrity fix from Mimi Zohar: "ima mprotect performance fix" * tag 'integrity-v5.8-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: fix mprotect checking commit 4071b856afc8a49ec41e98ff45151bb0800bc46d Merge: 7de26c41c19f 8440d4a75d90 Author: Linus Torvalds Date: Fri Jun 12 11:56:43 2020 -0700 Merge tag 'devicetree-fixes-for-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull Devicetree fixes from Rob Herring: - Another round of whack-a-mole removing 'allOf', redundant cases of 'maxItems' and incorrect 'reg' sizes - Fix support for yaml.h in non-standard paths * tag 'devicetree-fixes-for-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: dt-bindings: Remove redundant 'maxItems' dt-bindings: Fix more incorrect 'reg' property sizes in examples dt-bindings: phy: qcom: Fix missing 'ranges' and example addresses dt-bindings: Remove more cases of 'allOf' containing a '$ref' scripts/dtc: use pkg-config to include in non-standard path commit 7de26c41c19fc7b2e078d31fd039e1a017064b89 Merge: 52cd0d972fa6 6b57fa4d374b Author: Linus Torvalds Date: Fri Jun 12 11:55:11 2020 -0700 Merge tag 'nios2-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2 Pull nios2 update from Ley Foon Tan: "Mark expected switch fall-through in signal handling" * tag 'nios2-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2: nios2: signal: Mark expected switch fall-through commit 7b97d868b7ab2448859668de9222b8af43f76e78 Author: zhangyi (F) Date: Tue Jun 9 15:35:40 2020 +0800 ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers In the ext4 filesystem with errors=panic, if one process is recording errno in the superblock when invoking jbd2_journal_abort() due to some error cases, it could be raced by another __ext4_abort() which is setting the SB_RDONLY flag but missing panic because errno has not been recorded. jbd2_journal_commit_transaction() jbd2_journal_abort() journal->j_flags |= JBD2_ABORT; jbd2_journal_update_sb_errno() | ext4_journal_check_start() | __ext4_abort() | sb->s_flags |= SB_RDONLY; | if (!JBD2_REC_ERR) | return; journal->j_flags |= JBD2_REC_ERR; Finally, it will no longer trigger panic because the filesystem has already been set read-only. Fix this by introduce j_abort_mutex to make sure journal abort is completed before panic, and remove JBD2_REC_ERR flag. Fixes: 4327ba52afd03 ("ext4, jbd2: ensure entering into panic after recording an error in superblock") Signed-off-by: zhangyi (F) Reviewed-by: Jan Kara Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200609073540.3810702-1-yi.zhang@huawei.com Signed-off-by: Theodore Ts'o commit a6603398278480aafef644d4c40549b5c5064c73 Author: Steve French Date: Fri Jun 12 10:36:37 2020 -0500 cifs: fix chown and chgrp when idsfromsid mount option enabled idsfromsid was ignored in chown and chgrp causing it to fail when upcalls were not configured for lookup. idsfromsid allows mapping users when setting user or group ownership using "special SID" (reserved for this). Add support for chmod and chgrp when idsfromsid mount option is enabled. Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit 975221eca5fbfdb4b6b1d17c9e540d4d7627ce18 Author: Steve French Date: Fri Jun 12 09:25:21 2020 -0500 smb3: allow uid and gid owners to be set on create with idsfromsid mount option Currently idsfromsid mount option allows querying owner information from the special sids used to represent POSIX uids and gids but needed changes to populate the security descriptor context with the owner information when idsfromsid mount option was used. Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky commit 52cd0d972fa6491928add05f11f97a4a59babe92 Merge: d2d5439df22f 49b3deaad345 Author: Linus Torvalds Date: Fri Jun 12 11:05:52 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull more KVM updates from Paolo Bonzini: "The guest side of the asynchronous page fault work has been delayed to 5.9 in order to sync with Thomas's interrupt entry rework, but here's the rest of the KVM updates for this merge window. MIPS: - Loongson port PPC: - Fixes ARM: - Fixes x86: - KVM_SET_USER_MEMORY_REGION optimizations - Fixes - Selftest fixes" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (62 commits) KVM: x86: do not pass poisoned hva to __kvm_set_memory_region KVM: selftests: fix sync_with_host() in smm_test KVM: async_pf: Inject 'page ready' event only if 'page not present' was previously injected KVM: async_pf: Cleanup kvm_setup_async_pf() kvm: i8254: remove redundant assignment to pointer s KVM: x86: respect singlestep when emulating instruction KVM: selftests: Don't probe KVM_CAP_HYPERV_ENLIGHTENED_VMCS when nested VMX is unsupported KVM: selftests: do not substitute SVM/VMX check with KVM_CAP_NESTED_STATE check KVM: nVMX: Consult only the "basic" exit reason when routing nested exit KVM: arm64: Move hyp_symbol_addr() to kvm_asm.h KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts KVM: arm64: Remove host_cpu_context member from vcpu structure KVM: arm64: Stop sparse from moaning at __hyp_this_cpu_ptr KVM: arm64: Handle PtrAuth traps early KVM: x86: Unexport x86_fpu_cache and make it static KVM: selftests: Ignore KVM 5-level paging support for VM_MODE_PXXV48_4K KVM: arm64: Save the host's PtrAuth keys in non-preemptible context KVM: arm64: Stop save/restoring ACTLR_EL1 KVM: arm64: Add emulation for 32bit guests accessing ACTLR2 ... commit d2d5439df22f3c2a07c5db582d4ef1b2b587ca27 Merge: b791d1bdf921 a952f64d14e5 Author: Linus Torvalds Date: Fri Jun 12 11:00:45 2020 -0700 Merge tag 'for-linus-5.8b-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen updates from Juergen Gross: - several smaller cleanups - a fix for a Xen guest regression with CPU offlining - a small fix in the xen pvcalls backend driver - an update of MAINTAINERS * tag 'for-linus-5.8b-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: MAINTAINERS: Update PARAVIRT_OPS_INTERFACE and VMWARE_HYPERVISOR_INTERFACE xen/pci: Get rid of verbose_request and use dev_dbg() instead xenbus: Use dev_printk() when possible xen-pciback: Use dev_printk() when possible xen: enable BALLOON_MEMORY_HOTPLUG by default xen: expand BALLOON_MEMORY_HOTPLUG description xen/pvcalls: Make pvcalls_back_global static xen/cpuhotplug: Fix initial CPU offlining for PV(H) guests xen-platform: Constify dev_pm_ops xen/pvcalls-back: test for errors when calling backend_connect() commit 88ee9d571b6d8ed345f877e05f685814412e359b Author: Jan (janneke) Nieuwenhuizen Date: Mon May 25 21:39:40 2020 +0200 ext4: support xattr gnu.* namespace for the Hurd The Hurd gained[0] support for moving the translator and author fields out of the inode and into the "gnu.*" xattr namespace. In anticipation of that, an xattr INDEX was reserved[1]. The Hurd has now been brought into compliance[2] with that. This patch adds support for reading and writing such attributes from Linux; you can now do something like mkdir -p hurd-root/servers/socket touch hurd-root/servers/socket/1 setfattr --name=gnu.translator --value='"/hurd/pflocal\0"' \ hurd-root/servers/socket/1 getfattr --name=gnu.translator hurd-root/servers/socket/1 # file: 1 gnu.translator="/hurd/pflocal" to setup a pipe translator, which is being used to create[3] a vm-image for the Hurd from GNU Guix. [0] https://summerofcode.withgoogle.com/projects/#5869799859027968 [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3980bd3b406addb327d858aebd19e229ea340b9a [2] https://git.savannah.gnu.org/cgit/hurd/hurd.git/commit/?id=a04c7bf83172faa7cb080fbe3b6c04a8415ca645 [3] https://git.savannah.gnu.org/cgit/guix.git/log/?h=wip-hurd-vm Signed-off-by: Jan Nieuwenhuizen Link: https://lore.kernel.org/r/20200525193940.878-1-janneke@gnu.org Signed-off-by: Theodore Ts'o commit 8440d4a75d90556cfb8fb3e244443f67381aafd6 Merge: f8d8b46cd20e 447615701525 Author: Rob Herring Date: Fri Jun 12 09:57:00 2020 -0600 Merge branch 'dt/schema-cleanups' into dt/linus commit 447615701525c910a386a491a6780dec4971f797 Author: Rob Herring Date: Thu Jun 11 11:25:04 2020 -0600 dt-bindings: Remove redundant 'maxItems' There's no need to specify 'maxItems' with the same value as the number of entries in 'items'. A meta-schema update will catch future cases. Cc: Shawn Guo Cc: Sascha Hauer Cc: Anson Huang Cc: linux-clk@vger.kernel.org Cc: linux-pwm@vger.kernel.org Cc: linux-usb@vger.kernel.org Reviewed-by: Stephen Boyd # clk Acked-by: Thierry Reding Signed-off-by: Rob Herring commit 3003055f50663095472144994dac0339076031a8 Author: Pablo Neira Ayuso Date: Wed Jun 10 19:29:16 2020 +0200 netfilter: nf_tables: hook list memleak in flowtable deletion After looking up for the flowtable hooks that need to be removed, release the hook objects in the deletion list. The error path needs to released these hook objects too. Fixes: abadb2f865d7 ("netfilter: nf_tables: delete devices from flowtable") Reported-by: syzbot+eb9d5924c51d6d59e094@syzkaller.appspotmail.com Signed-off-by: Pablo Neira Ayuso commit 4235b1a4efe19dd0309250170bbf0aa95e559626 Author: Mimi Zohar Date: Wed Jun 10 09:18:26 2020 -0400 ima: fix mprotect checking Make sure IMA is enabled before checking mprotect change. Addresses report of a 3.7% regression of boot-time.dhcp. Fixes: 8eb613c0b8f1 ("ima: verify mprotect change is consistent with mmap policy") Reported-by: kernel test robot Reviewed-by: Lakshmi Ramasubramanian Tested-by: Xing Zhengjun Signed-off-by: Mimi Zohar commit 92919679d31721381e3c376488477efe49b915f3 Author: Matti Vaittinen Date: Fri Jun 12 12:23:17 2020 +0300 regulator: Fix pickable ranges mapping Pickable ranges mapping function never used range min selector. Thus existing drivers broke when proper linear_ranges functionality was taken in use. Fix this for now just by ignoring the minimum selector. Fixes: 60ab7f4153b6 ("regulator: use linear_ranges helper") Signed-off-by: Matti Vaittinen Link: https://lore.kernel.org/r/20200612090225.GA3243@localhost.localdomain Signed-off-by: Mark Brown commit d7442ba13d62de9afc4e57344a676f9f4623dcaa Author: Martin Fuzzey Date: Fri Jun 12 12:50:33 2020 +0200 regulator: da9063: fix LDO9 suspend and warning. Commit 99f75ce66619 ("regulator: da9063: fix suspend") converted the regulators to use a common (corrected) suspend bit setting but one of regulators (LDO9) slipped through the crack. This means that the original problem was not fixed for LDO9 and also leads to a warning found by the test robot. da9063-regulator.c:515:3: warning: initialized field overwritten Fix this by converting that regulator too like the others. Fixes: 99f75ce66619 ("regulator: da9063: fix suspend") Reported-by: kernel test robot Signed-off-by: Martin Fuzzey Link: https://lore.kernel.org/r/1591959073-16792-1-git-send-email-martin.fuzzey@flowbird.group Signed-off-by: Mark Brown commit e4bd7c4a8d2a8471d821dd29919378d1b8567091 Author: Steve French Date: Thu Jun 11 23:02:33 2020 -0500 smb311: Add tracepoints for new compound posix query info Add dynamic tracepoints for new SMB3.1.1. posix extensions query info level (100) Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit d313852d7ad044476df7f640801aac17080e0521 Author: Steve French Date: Thu Jun 11 22:43:01 2020 -0500 smb311: add support for using info level for posix extensions query Adds calls to the newer info level for query info using SMB3.1.1 posix extensions. The remaining two places that call the older query info (non-SMB3.1.1 POSIX) require passing in the fid and can be updated in a later patch. Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit b287a6d9723c601dd947f1c27d4cc0192e384a5a Author: Shengjiu Wang Date: Fri Jun 12 15:37:51 2020 +0800 ASoC: fsl_asrc_dma: Fix data copying speed issue with EDMA With EDMA, there is two dma channels can be used for dev_to_dev, one is from ASRC, one is from another peripheral (ESAI or SAI). If we select the dma channel of ASRC, there is an issue for ideal ratio case, the speed of copy data is faster than sample frequency, because ASRC output data is very fast in ideal ratio mode. So it is reasonable to use the dma channel of Back-End peripheral. then copying speed of DMA is controlled by data consumption speed in the peripheral FIFO, Signed-off-by: Shengjiu Wang Reviewed-by: Nicolin Chen Link: https://lore.kernel.org/r/424ed6c249bafcbe30791c9de0352821c5ea67e2.1591947428.git.shengjiu.wang@nxp.com Signed-off-by: Mark Brown commit 706e2c8811585f42612b6cff218ab3adbe63a4ee Author: Shengjiu Wang Date: Fri Jun 12 15:37:50 2020 +0800 ASoC: fsl_asrc_dma: Reuse the dma channel if available in Back-End The dma channel has been requested by Back-End cpu dai driver already. If fsl_asrc_dma requests dma chan with same dma:tx symlink, then there will be below warning with SDMA. [ 48.174236] fsl-esai-dai 2024000.esai: Cannot create DMA dma:tx symlink So if we can reuse the dma channel of Back-End, then the issue can be fixed. In order to get the dma channel which is already requested in Back-End. we use the exported two functions (snd_soc_lookup_component_nolocked and soc_component_to_pcm). If we can get the dma channel, then reuse it, if can't, then request a new one. Signed-off-by: Shengjiu Wang Reviewed-by: Nicolin Chen Link: https://lore.kernel.org/r/3a79f0442cb4930c633cf72145cfe95a45b9c78e.1591947428.git.shengjiu.wang@nxp.com Signed-off-by: Mark Brown commit a9a21e1eafc94b79502cab8272b392f7f63ef7bb Author: Shengjiu Wang Date: Fri Jun 12 15:37:49 2020 +0800 ASoC: dmaengine_pcm: export soc_component_to_pcm In DPCM case, Front-End needs to get the dma chan which has been requested by Back-End and reuse it. Signed-off-by: Shengjiu Wang Reviewed-by: Nicolin Chen Link: https://lore.kernel.org/r/429c6ae1f3c5b47eb893f475d531d71cdcfe34c0.1591947428.git.shengjiu.wang@nxp.com Signed-off-by: Mark Brown commit 6fbea6b6a838f9aa941fe53a3637fd8d8aab1eba Author: Shengjiu Wang Date: Fri Jun 12 15:37:48 2020 +0800 ASoC: soc-card: export snd_soc_lookup_component_nolocked snd_soc_lookup_component_nolocked can be used for the DPCM case that Front-End needs to get the unused platform component but added by Back-End cpu dai driver. If the component is gotten, then we can get the dma chan created by Back-End component and reused it in Front-End. Signed-off-by: Shengjiu Wang Reviewed-by: Nicolin Chen Link: https://lore.kernel.org/r/55f6e0d76f67a517b9a44136d790ff2a06b5caa8.1591947428.git.shengjiu.wang@nxp.com Signed-off-by: Mark Brown commit e7585db1b0b5b4e4eb1967bb1472df308f7ffcbf Author: Laurence Tratt Date: Fri Jun 12 12:18:07 2020 +0100 ALSA: usb-audio: Add implicit feedback quirk for SSL2+. This uses the same quirk as the Motu M2 and M4 to ensure the driver uses the audio interface's clock. Tested on an SSL2+. Signed-off-by: Laurence Tratt Cc: Link: https://lore.kernel.org/r/20200612111807.dgnig6rwhmsl2bod@overdrive.tratt.net Signed-off-by: Takashi Iwai commit 71ed49d8fb33023f242419a77ecb1141c029cac4 Author: Thomas Gleixner Date: Fri Jun 12 14:02:27 2020 +0200 x86/entry: Make NMI use IDTENTRY_RAW For no reason other than beginning brainmelt, IDTENTRY_NMI was mapped to IDTENTRY_IST. This is not a problem on 64bit because the IST default entry point maps to IDTENTRY_RAW which does not any entry handling. The surplus function declaration for the noist C entry point is unused and as there is no ASM code emitted for NMI this went unnoticed. On 32bit IDTENTRY_IST maps to a regular IDTENTRY which does the normal entry handling. That is clearly the wrong thing to do for NMI. Map it to IDTENTRY_RAW to unbreak it. The IDTENTRY_NMI mapping needs to stay to avoid emitting ASM code. Fixes: 6271fef00b34 ("x86/entry: Convert NMI to IDTENTRY_NMI") Reported-by: Naresh Kamboju Debugged-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/CA+G9fYvF3cyrY+-iw_SZtpN-i2qA2BruHg4M=QYECU2-dNdsMw@mail.gmail.com commit 790434ff9848a4d44f067a6a5416b49a2db89a59 Author: Steve French Date: Thu Jun 11 22:28:49 2020 -0500 smb311: Add support for lookup with posix extensions query info Improve support for lookup when using SMB3.1.1 posix mounts. Use new info level 100 (posix query info) Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit b1bc1874b885683df5da9d9548ca66dfc0e407f2 Author: Steve French Date: Thu Jun 11 20:23:38 2020 -0500 smb311: Add support for SMB311 query info (non-compounded) Add worker function for non-compounded SMB3.1.1 POSIX Extensions query info. This is needed for revalidate of root (cached) directory for example. Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg Reviewed-by: Aurelien Aptel commit 6a5f6592a0b606eac3147f786c958f1696c337f3 Author: Steve French Date: Thu Jun 11 19:25:47 2020 -0500 SMB311: Add support for query info using posix extensions (level 100) Adds support for better query info on dentry revalidation (using the SMB3.1.1 POSIX extensions level 100). Followon patch will add support for translating the UID/GID from the SID and also will add support for using the posix query info on lookup. Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg Reviewed-by: Aurelien Aptel commit ebf57440ec59a36e1fc5fe91e31d66ae0d1662d0 Author: Namjae Jeon Date: Thu Jun 11 11:21:19 2020 +0900 smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl Some of tests in xfstests failed with cifsd kernel server since commit e80ddeb2f70e. cifsd kernel server validates credit charge from client by calculating it base on max((InputCount + OutputCount) and (MaxInputResponse + MaxOutputResponse)) according to specification. MS-SMB2 specification describe credit charge calculation of smb2 ioctl : If Connection.SupportsMultiCredit is TRUE, the server MUST validate CreditCharge based on the maximum of (InputCount + OutputCount) and (MaxInputResponse + MaxOutputResponse), as specified in section 3.3.5.2.5. If the validation fails, it MUST fail the IOCTL request with STATUS_INVALID_PARAMETER. This patch add indatalen that can be a non-zero value to calculation of credit charge in SMB2_ioctl_init(). Fixes: e80ddeb2f70e ("smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K") Cc: Stable Reviewed-by: Aurelien Aptel Cc: Steve French Signed-off-by: Namjae Jeon Signed-off-by: Steve French commit 15a416e8aaa758b5534f64a3972dae05275bc225 Author: Andy Lutomirski Date: Thu Jun 11 20:26:38 2020 -0700 x86/entry: Treat BUG/WARN as NMI-like entries BUG/WARN are cleverly optimized using UD2 to handle the BUG/WARN out of line in an exception fixup. But if BUG or WARN is issued in a funny RCU context, then the idtentry_enter...() path might helpfully WARN that the RCU context is invalid, which results in infinite recursion. Split the BUG/WARN handling into an nmi_enter()/nmi_exit() path in exc_invalid_op() to increase the chance to survive the experience. [ tglx: Make the declaration match the implementation ] Signed-off-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/f8fe40e0088749734b4435b554f73eee53dcf7a8.1591932307.git.luto@kernel.org commit e881bfaf5a5f409390973e076333281465f2b0d9 Author: Alexey Kardashevskiy Date: Thu Jun 11 13:05:59 2020 +1000 KVM: PPC: Fix nested guest RC bits update Before commit 6cdf30375f82 ("powerpc/kvm/book3s: Use kvm helpers to walk shadow or secondary table") we called __find_linux_pte() with a page table pointer from a kvm_nested_guest struct but now we rely on kvmhv_find_nested() which takes an L1 LPID and returns a kvm_nested_guest pointer, however we pass a L0 LPID there and the L2 guest hangs. This fixes the LPID passed to kvmppc_hv_handle_set_rc(). Fixes: 6cdf30375f82 ("powerpc/kvm/book3s: Use kvm helpers to walk shadow or secondary table") Signed-off-by: Alexey Kardashevskiy Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200611030559.75257-1-aik@ozlabs.ru commit 6b57fa4d374bb8c005dee396c56598c14b9c01a6 Author: Ley Foon Tan Date: Fri Jun 12 14:04:49 2020 +0800 nios2: signal: Mark expected switch fall-through Mark switch cases where we are expecting to fall through. Fix the following warning through the use of the new the new pseudo-keyword fallthrough; arch/nios2/kernel/signal.c:254:12: warning: this statement may fall through [-Wimplicit-fallthrough=] 254 | restart = -2; | ~~~~~~~~^~~~ arch/nios2/kernel/signal.c:255:3: note: here 255 | case ERESTARTNOHAND: | ^~~~ Reported-by: Christian Brauner Signed-off-by: Gustavo A. R. Silva Signed-off-by: Ley Foon Tan commit 2e7ec6b5297157efabb50e5f82adc628cf90296c Author: Krishna Manikandan Date: Thu May 28 14:04:28 2020 +0530 drm/msm/dpu: allow initialization of encoder locks during encoder init In the current implementation, mutex initialization for encoder mutex locks are done during encoder setup. This can lead to scenarios where the lock is used before it is initialized. Move mutex_init to dpu_encoder_init to avoid this. Signed-off-by: Krishna Manikandan Signed-off-by: Rob Clark commit aa472721c8dbe1713cf510f56ffbc56ae9e14247 Author: Chen Tao Date: Mon Jun 8 09:48:59 2020 +0800 drm/msm/dpu: fix error return code in dpu_encoder_init Fix to return negative error code -ENOMEM with the use of ERR_PTR from dpu_encoder_init. Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support") Signed-off-by: Chen Tao Signed-off-by: Rob Clark commit 177d3819633cd520e3f95df541a04644aab4c657 Author: Bernard Zhao Date: Fri Jun 12 09:23:49 2020 +0800 drm/msm: fix potential memleak in error branch In function msm_submitqueue_create, the queue is a local variable, in return -EINVAL branch, queue didn`t add to ctx`s list yet, and also didn`t kfree, this maybe bring in potential memleak. Signed-off-by: Bernard Zhao [trivial commit msg fixup] Signed-off-by: Rob Clark commit 5fddd4f5db873035cbf916495e8a8769f77673bc Author: Kalyan Thota Date: Thu Jun 11 18:25:15 2020 +0530 drm/msm/dpu: request for display color blocks based on hw catalog entry Request for color processing blocks only if they are available in the display hw catalog and they are sufficient in number for the selection. Signed-off-by: Kalyan Thota Fixes: e47616df008b ("drm/msm/dpu: add support for color processing Tested-by: John Stultz Signed-off-by: Rob Clark commit b791d1bdf9212d944d749a5c7ff6febdba241771 Merge: 9716e57a0195 1f44328ea24c Author: Linus Torvalds Date: Thu Jun 11 18:55:43 2020 -0700 Merge tag 'locking-kcsan-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull the Kernel Concurrency Sanitizer from Thomas Gleixner: "The Kernel Concurrency Sanitizer (KCSAN) is a dynamic race detector, which relies on compile-time instrumentation, and uses a watchpoint-based sampling approach to detect races. The feature was under development for quite some time and has already found legitimate bugs. Unfortunately it comes with a limitation, which was only understood late in the development cycle: It requires an up to date CLANG-11 compiler CLANG-11 is not yet released (scheduled for June), but it's the only compiler today which handles the kernel requirements and especially the annotations of functions to exclude them from KCSAN instrumentation correctly. These annotations really need to work so that low level entry code and especially int3 text poke handling can be completely isolated. A detailed discussion of the requirements and compiler issues can be found here: https://lore.kernel.org/lkml/CANpmjNMTsY_8241bS7=XAfqvZHFLrVEkv_uM4aDUWE_kh3Rvbw@mail.gmail.com/ We came to the conclusion that trying to work around compiler limitations and bugs again would end up in a major trainwreck, so requiring a working compiler seemed to be the best choice. For Continous Integration purposes the compiler restriction is manageable and that's where most xxSAN reports come from. For a change this limitation might make GCC people actually look at their bugs. Some issues with CSAN in GCC are 7 years old and one has been 'fixed' 3 years ago with a half baken solution which 'solved' the reported issue but not the underlying problem. The KCSAN developers also ponder to use a GCC plugin to become independent, but that's not something which will show up in a few days. Blocking KCSAN until wide spread compiler support is available is not a really good alternative because the continuous growth of lockless optimizations in the kernel demands proper tooling support" * tag 'locking-kcsan-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (76 commits) compiler_types.h, kasan: Use __SANITIZE_ADDRESS__ instead of CONFIG_KASAN to decide inlining compiler.h: Move function attributes to compiler_types.h compiler.h: Avoid nested statement expression in data_race() compiler.h: Remove data_race() and unnecessary checks from {READ,WRITE}_ONCE() kcsan: Update Documentation to change supported compilers kcsan: Remove 'noinline' from __no_kcsan_or_inline kcsan: Pass option tsan-instrument-read-before-write to Clang kcsan: Support distinguishing volatile accesses kcsan: Restrict supported compilers kcsan: Avoid inserting __tsan_func_entry/exit if possible ubsan, kcsan: Don't combine sanitizer with kcov on clang objtool, kcsan: Add kcsan_disable_current() and kcsan_enable_current_nowarn() kcsan: Add __kcsan_{enable,disable}_current() variants checkpatch: Warn about data_race() without comment kcsan: Use GFP_ATOMIC under spin lock Improve KCSAN documentation a bit kcsan: Make reporting aware of KCSAN tests kcsan: Fix function matching in report kcsan: Change data_race() to no longer require marking racing accesses kcsan: Move kcsan_{disable,enable}_current() to kcsan-checks.h ... commit 18dbd4cd9b8c957025cf90a3c50102b31bde14f7 Merge: c25cba3689c7 f330fda331d2 Author: David S. Miller Date: Thu Jun 11 18:39:08 2020 -0700 Merge branch 'net-ipa-endpoint-configuration-fixes' Alex Elder says: ==================== net: ipa: endpoint configuration fixes This series fixes four bugs in the configuration of IPA endpoints. See the description of each for more information. In this version I have dropped the last patch from the series, and restored a "static" keyword that had inadvertently gotten removed. ==================== Signed-off-by: David S. Miller commit f330fda331d276464baec8ba938d031b4adcf5c7 Author: Alex Elder Date: Thu Jun 11 14:48:33 2020 -0500 net: ipa: header pad field only valid for AP->modem endpoint Only QMAP endpoints should be configured to find a pad size field within packet headers. They are found in the first byte of the QMAP header (and the hardware fills only the 6 bits in that byte that constitute the pad_len field). The RMNet driver assumes the pad_len field is valid for received packets, so we want to ensure the pad_len field is filled in that case. That driver also assumes the length in the QMAP header includes the pad bytes. The RMNet driver does *not* pad the packets it sends, so the pad_len field can be ignored. Fix ipa_endpoint_init_hdr_ext() so it only marks the pad field offset valid for QMAP RX endpoints, and in that case indicates that the length field in the header includes the pad bytes. Signed-off-by: Alex Elder Signed-off-by: David S. Miller commit 636edeaad5577b6023f0de2b98a010d1cea73607 Author: Alex Elder Date: Thu Jun 11 14:48:32 2020 -0500 net: ipa: program upper nibbles of sequencer type The upper two nibbles of the sequencer type were not used for SDM845, and were assumed to be 0. But for SC7180 they are used, and so they must be programmed by ipa_endpoint_init_seq(). Fix this bug. IPA_SEQ_PKT_PROCESS_NO_DEC_NO_UCP_DMAP doesn't have a descriptive comment, so add one. Signed-off-by: Alex Elder Signed-off-by: David S. Miller commit 9b8ad8dab994f4cba682ca6110bda37f3dcd4b83 Author: Alex Elder Date: Thu Jun 11 14:48:31 2020 -0500 net: ipa: fix modem LAN RX endpoint id The endpoint id assigned to the modem LAN RX endpoint for the SC7180 SoC is incorrect. The erroneous value might have been copied from SDM845 and never updated. The correct endpoint id to use for this SoC is 11. Signed-off-by: Alex Elder Signed-off-by: David S. Miller commit 8730f45d1ca5ff60033f5ba022f32e5379d7bb89 Author: Alex Elder Date: Thu Jun 11 14:48:30 2020 -0500 net: ipa: program metadata mask differently The way the mask value is programmed for QMAP RX endpoints was based on some wrong assumptions about the way metadata containing the QMAP mux_id value is formatted. The metadata value supplied by the modem is *not* in QMAP format, and in fact contains the mux_id we want in its (big endian) low-order byte. That byte must be written by the IPA into offset 1 of the QMAP header it inserts before the received packet. QMAP TX endpoints *do* use a QMAP header as the metadata sent with each packet. The modem assumes this, and based on that assumes the mux_id is in the second byte. To match those assumptions we must program the modem TX (QMAP) endpoint HDR register to indicate the metadata will be found at offset 0 in the message header. The previous configuration managed to work, but it was not working correctly. This patch fixes a bug whose symptom was receipt of messages containing the wrong QMAP mux_id. In fixing this, get rid of ipa_rmnet_mux_id_metadata_mask(), which was more or less defined so there was a separate place to explain what was happening as we generated the mask value. Instead, put a longer description of how this works above ipa_endpoint_init_hdr(), and define the metadata mask to use as a simple constant. Signed-off-by: Alex Elder Signed-off-by: David S. Miller commit 9716e57a0195dae356ae1425df121988abd27131 Merge: b1a62749946e 37f8173dd849 Author: Linus Torvalds Date: Thu Jun 11 18:27:19 2020 -0700 Merge tag 'locking-urgent-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull atomics rework from Thomas Gleixner: "Peter Zijlstras rework of atomics and fallbacks. This solves two problems: 1) Compilers uninline small atomic_* static inline functions which can expose them to instrumentation. 2) The instrumentation of atomic primitives was done at the architecture level while composites or fallbacks were provided at the generic level. As a result there are no uninstrumented variants of the fallbacks. Both issues were in the way of fully isolating fragile entry code pathes and especially the text poke int3 handler which is prone to an endless recursion problem when anything in that code path is about to be instrumented. This was always a problem, but got elevated due to the new batch mode updates of tracing. The solution is to mark the functions __always_inline and to flip the fallback and instrumentation so the non-instrumented variants are at the architecture level and the instrumentation is done in generic code. The latter introduces another fallback variant which will go away once all architectures have been moved over to arch_atomic_*" * tag 'locking-urgent-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/atomics: Flip fallbacks and instrumentation asm-generic/atomic: Use __always_inline for fallback wrappers commit c25cba3689c7ab5ae6ee7228d1d49a5652429229 Author: Shannon Nelson Date: Thu Jun 11 17:18:15 2020 -0700 ionic: add pcie_print_link_status Print the PCIe link information for our device. Fixes: 77f972a7077d ("ionic: remove support for mgmt device") Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller commit 3049f0fd3b7103b44208a068ac6a7e4ad7ebd883 Merge: 07007dbee468 8e3e4b9da7e6 Author: David S. Miller Date: Thu Jun 11 18:25:20 2020 -0700 Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2020-06-11 This series contains fixes to the iavf driver. Brett fixes the supported link speeds in the iavf driver, which was only able to report speeds that the i40e driver supported and was missing the speeds supported by the ice driver. In addition, fix how 2.5 and 5.0 GbE speeds are reported. Alek fixes a enum comparison that was comparing two different enums that may have different values, so update the comparison to use matching enums. Paul increases the time to complete a reset to allow for 128 VFs to complete a reset. ==================== Signed-off-by: David S. Miller commit 07007dbee468389b7124bc2efb7241a93067d901 Merge: 2ad6691d988c 09a9297574cb Author: David S. Miller Date: Thu Jun 11 18:20:20 2020 -0700 Merge tag 'mlx5-fixes-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== mlx5 fixes 2020-06-11 This series introduces some fixes to mlx5 driver. For more information please see tag log below. Please pull and let me know if there is any problem. For -stable v5.2 ('net/mlx5: drain health workqueue in case of driver load error') For -stable v5.3 ('net/mlx5e: Fix repeated XSK usage on one channel') ('net/mlx5: Fix fatal error handling during device load') For -stable v5.5 ('net/mlx5: Disable reload while removing the device') For -stable v5.7 ('net/mlx5e: CT: Fix ipv6 nat header rewrite actions') ==================== Signed-off-by: David S. Miller commit b1a62749946ee1956a480ba31e7d4929aa561d30 Merge: b961f8dc8976 8449d150e66c Author: Linus Torvalds Date: Thu Jun 11 18:18:50 2020 -0700 Merge branch 'akpm' (patches from Andrew) Pull updates from Andrew Morton: "A few fixes and stragglers. Subsystems affected by this patch series: mm/memory-failure, ocfs2, lib/lzo, misc" * emailed patches from Andrew Morton : amdgpu: a NULL ->mm does not mean a thread is a kthread lib/lzo: fix ambiguous encoding bug in lzo-rle ocfs2: fix build failure when TCP/IP is disabled mm/memory-failure: send SIGBUS(BUS_MCEERR_AR) only to current thread mm/memory-failure: prioritize prctl(PR_MCE_KILL) over vm.memory_failure_early_kill commit 2ad6691d988c0c611362ddc2aad89e0fb50e3261 Author: David Howells Date: Thu Jun 11 21:57:00 2020 +0100 rxrpc: Fix race between incoming ACK parser and retransmitter There's a race between the retransmission code and the received ACK parser. The problem is that the retransmission loop has to drop the lock under which it is iterating through the transmission buffer in order to transmit a packet, but whilst the lock is dropped, the ACK parser can crank the Tx window round and discard the packets from the buffer. The retransmission code then updated the annotations for the wrong packet and a later retransmission thought it had to retransmit a packet that wasn't there, leading to a NULL pointer dereference. Fix this by: (1) Moving the annotation change to before we drop the lock prior to transmission. This means we can't vary the annotation depending on the outcome of the transmission, but that's fine - we'll retransmit again later if it failed now. (2) Skipping the packet if the skb pointer is NULL. The following oops was seen: BUG: kernel NULL pointer dereference, address: 000000000000002d Workqueue: krxrpcd rxrpc_process_call RIP: 0010:rxrpc_get_skb+0x14/0x8a ... Call Trace: rxrpc_resend+0x331/0x41e ? get_vtime_delta+0x13/0x20 rxrpc_process_call+0x3c0/0x4ac process_one_work+0x18f/0x27f worker_thread+0x1a3/0x247 ? create_worker+0x17d/0x17d kthread+0xe6/0xeb ? kthread_delayed_work_timer_fn+0x83/0x83 ret_from_fork+0x1f/0x30 Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Signed-off-by: David Howells Signed-off-by: David S. Miller commit 8449d150e66c43fd9bfd77691a56327dfdccedd7 Author: Christoph Hellwig Date: Thu Jun 11 17:34:58 2020 -0700 amdgpu: a NULL ->mm does not mean a thread is a kthread Use the proper API instead. Fixes: 70539bd795002 ("drm/amd: Update MEC HQD loading code for KFD") Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Tested-by: Jens Axboe Reviewed-by: Felix Kuehling Reviewed-by: Jens Axboe Cc: Al Viro Cc: Alex Deucher Cc: Zhenyu Wang Cc: Zhi Wang Cc: Felipe Balbi Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Greg Kroah-Hartman Link: http://lkml.kernel.org/r/20200404094101.672954-1-hch@lst.de Link: http://lkml.kernel.org/r/20200404094101.672954-2-hch@lst.de Signed-off-by: Linus Torvalds commit b5265c813ce4efbfa2e46fd27cdf9a7f44a35d2e Author: Dave Rodgman Date: Thu Jun 11 17:34:54 2020 -0700 lib/lzo: fix ambiguous encoding bug in lzo-rle In some rare cases, for input data over 32 KB, lzo-rle could encode two different inputs to the same compressed representation, so that decompression is then ambiguous (i.e. data may be corrupted - although zram is not affected because it operates over 4 KB pages). This modifies the compressor without changing the decompressor or the bitstream format, such that: - there is no change to how data produced by the old compressor is decompressed - an old decompressor will correctly decode data from the updated compressor - performance and compression ratio are not affected - we avoid introducing a new bitstream format In testing over 12.8M real-world files totalling 903 GB, three files were affected by this bug. I also constructed 37M semi-random 64 KB files totalling 2.27 TB, and saw no affected files. Finally I tested over files constructed to contain each of the ~1024 possible bad input sequences; for all of these cases, updated lzo-rle worked correctly. There is no significant impact to performance or compression ratio. Signed-off-by: Dave Rodgman Signed-off-by: Andrew Morton Cc: Mark Rutland Cc: Dave Rodgman Cc: Willy Tarreau Cc: Sergey Senozhatsky Cc: Markus F.X.J. Oberhumer Cc: Minchan Kim Cc: Nitin Gupta Cc: Chao Yu Cc: Link: http://lkml.kernel.org/r/20200507100203.29785-1-dave.rodgman@arm.com Signed-off-by: Linus Torvalds commit fce1affe4e39b9ca8346bdbb5171e60ac303c355 Author: Tom Seewald Date: Thu Jun 11 17:34:51 2020 -0700 ocfs2: fix build failure when TCP/IP is disabled After commit 12abc5ee7873 ("tcp: add tcp_sock_set_nodelay") and commit c488aeadcbd0 ("tcp: add tcp_sock_set_user_timeout"), building the kernel with OCFS2_FS=y but without INET=y causes it to fail with: ld: fs/ocfs2/cluster/tcp.o: in function `o2net_accept_many': tcp.c:(.text+0x21b1): undefined reference to `tcp_sock_set_nodelay' ld: tcp.c:(.text+0x21c1): undefined reference to `tcp_sock_set_user_timeout' ld: fs/ocfs2/cluster/tcp.o: in function `o2net_start_connect': tcp.c:(.text+0x2633): undefined reference to `tcp_sock_set_nodelay' ld: tcp.c:(.text+0x2643): undefined reference to `tcp_sock_set_user_timeout' This is due to tcp_sock_set_nodelay() and tcp_sock_set_user_timeout() being declared in linux/tcp.h and defined in net/ipv4/tcp.c, which depend on TCP/IP being enabled. To fix this, make OCFS2_FS depend on INET=y which already requires NET=y. Fixes: 12abc5ee7873 ("tcp: add tcp_sock_set_nodelay") Fixes: c488aeadcbd0 ("tcp: add tcp_sock_set_user_timeout") Signed-off-by: Tom Seewald Signed-off-by: Andrew Morton Reviewed-by: Joseph Qi Acked-by: Christoph Hellwig Cc: Sagi Grimberg Cc: Jason Gunthorpe Cc: David S. Miller Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Changwei Ge Cc: Gang He Cc: Jun Piao Link: http://lkml.kernel.org/r/20200606190827.23954-1-tseewald@gmail.com Signed-off-by: Linus Torvalds commit 03151c6e0b66c63c3e9980edf78c3a7a99801764 Author: Naoya Horiguchi Date: Thu Jun 11 17:34:48 2020 -0700 mm/memory-failure: send SIGBUS(BUS_MCEERR_AR) only to current thread Action Required memory error should happen only when a processor is about to access to a corrupted memory, so it's synchronous and only affects current process/thread. Recently commit 872e9a205c84 ("mm, memory_failure: don't send BUS_MCEERR_AO for action required error") fixed the issue that Action Required memory could unnecessarily send SIGBUS to the processes which share the error memory. But we still have another issue that we could send SIGBUS to a wrong thread. This is because collect_procs() and task_early_kill() fails to add the current process to "to-kill" list. So this patch is suggesting to fix it. With this fix, SIGBUS(BUS_MCEERR_AR) is never sent to non-current process/thread. Signed-off-by: Naoya Horiguchi Signed-off-by: Andrew Morton Acked-by: Tony Luck Acked-by: Pankaj Gupta Link: http://lkml.kernel.org/r/1591321039-22141-3-git-send-email-naoya.horiguchi@nec.com Signed-off-by: Linus Torvalds commit 4e018b450ad34b0edc865e91ec5e957d677e2c4e Author: Naoya Horiguchi Date: Thu Jun 11 17:34:45 2020 -0700 mm/memory-failure: prioritize prctl(PR_MCE_KILL) over vm.memory_failure_early_kill Patch series "hwpoison: fixes signaling on memory error" This is a small patchset to solve issues in memory error handler to send SIGBUS to proper process/thread as expected in configuration. Please see descriptions in individual patches for more details. This patch (of 2): Early-kill policy is controlled from two types of settings, one is per-process setting prctl(PR_MCE_KILL) and the other is system-wide setting vm.memory_failure_early_kill. Users expect per-process setting to override system-wide setting as many other settings do, but early-kill setting doesn't work as such. For example, if a system configures vm.memory_failure_early_kill to 1 (enabled), a process receives SIGBUS even if it's configured to explicitly disable PF_MCE_KILL by prctl(). That's not desirable for applications with their own policies. This patch is suggesting to change the priority of these two types of settings, by checking sysctl_memory_failure_early_kill only when a given process has the default kill policy. Note that this patch is solving a thread choice issue too. Originally, collect_procs() always chooses the main thread when vm.memory_failure_early_kill is 1, even if the process has a dedicated thread for memory error handling. SIGBUS should be sent to the dedicated thread if early-kill is enabled via vm.memory_failure_early_kill as we are doing for PR_MCE_KILL_EARLY processes. Signed-off-by: Naoya Horiguchi Signed-off-by: Andrew Morton Cc: Tony Luck Cc: Pankaj Gupta Link: http://lkml.kernel.org/r/1591321039-22141-1-git-send-email-naoya.horiguchi@nec.com Link: http://lkml.kernel.org/r/1591321039-22141-2-git-send-email-naoya.horiguchi@nec.com Signed-off-by: Linus Torvalds commit b961f8dc8976c091180839f4483d67b7c2ca2578 Merge: a58dfea29731 65a6543da386 Author: Linus Torvalds Date: Thu Jun 11 16:10:08 2020 -0700 Merge tag 'io_uring-5.8-2020-06-11' of git://git.kernel.dk/linux-block Pull io_uring fixes from Jens Axboe: "A few late stragglers in here. In particular: - Validate full range for provided buffers (Bijan) - Fix bad use of kfree() in buffer registration failure (Denis) - Don't allow close of ring itself, it's not fully safe. Making it fully safe would require making the system call more expensive, which isn't worth it. - Buffer selection fix - Regression fix for O_NONBLOCK retry - Make IORING_OP_ACCEPT honor O_NONBLOCK (Jiufei) - Restrict opcode handling for SQ/IOPOLL (Pavel) - io-wq work handling cleanups and improvements (Pavel, Xiaoguang) - IOPOLL race fix (Xiaoguang)" * tag 'io_uring-5.8-2020-06-11' of git://git.kernel.dk/linux-block: io_uring: fix io_kiocb.flags modification race in IOPOLL mode io_uring: check file O_NONBLOCK state for accept io_uring: avoid unnecessary io_wq_work copy for fast poll feature io_uring: avoid whole io_wq_work copy for requests completed inline io_uring: allow O_NONBLOCK async retry io_wq: add per-wq work handler instead of per work io_uring: don't arm a timeout through work.func io_uring: remove custom ->func handlers io_uring: don't derive close state from ->func io_uring: use kvfree() in io_sqe_buffer_register() io_uring: validate the full range of provided buffers for access io_uring: re-set iov base/len for buffer select retry io_uring: move send/recv IOPOLL check into prep io_uring: deduplicate io_openat{,2}_prep() io_uring: do build_open_how() only once io_uring: fix {SQ,IO}POLL with unsupported opcodes io_uring: disallow close of ring itself commit a58dfea29731a93339529ce48fe239b383011c7c Merge: b3597945c8a7 9a6a5738abf8 Author: Linus Torvalds Date: Thu Jun 11 16:07:33 2020 -0700 Merge tag 'block-5.8-2020-06-11' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Some followup fixes for this merge window. In particular: - Seqcount write missing preemption disable for stats (Ahmed) - blktrace fixes (Chaitanya) - Redundant initializations (Colin) - Various small NVMe fixes (Chaitanya, Christoph, Daniel, Max, Niklas, Rikard) - loop flag bug regression fix (Martijn) - blk-mq tagging fixes (Christoph, Ming)" * tag 'block-5.8-2020-06-11' of git://git.kernel.dk/linux-block: umem: remove redundant initialization of variable ret pktcdvd: remove redundant initialization of variable ret nvmet: fail outstanding host posted AEN req nvme-pci: use simple suspend when a HMB is enabled nvme-fc: don't call nvme_cleanup_cmd() for AENs nvmet-tcp: constify nvmet_tcp_ops nvme-tcp: constify nvme_tcp_mq_ops and nvme_tcp_admin_mq_ops nvme: do not call del_gendisk() on a disk that was never added blk-mq: fix blk_mq_all_tag_iter blk-mq: split out a __blk_mq_get_driver_tag helper blktrace: fix endianness for blk_log_remap() blktrace: fix endianness in get_pdu_int() blktrace: use errno instead of bi_status block: nr_sects_write(): Disable preemption on seqcount write block: remove the error argument to the block_bio_complete tracepoint loop: Fix wrong masking of status flags block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed commit b3597945c8a78bd1c4ad7e7ed4f972fdf78650f1 Author: David Howells Date: Thu Jun 11 21:50:24 2020 +0100 afs: Fix afs_store_data() to set mtime in new operation descriptor Fix afs_store_data() so that it sets the mtime in the new operation descriptor otherwise the mtime on the server gets set to 0 when a write is stored to the server. Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept") Reported-by: Dave Botsch Signed-off-by: David Howells Signed-off-by: Linus Torvalds commit 6a45a65888393eda692fce0851c40d9f5ce4ef66 Merge: 92ac971219a2 7778d8417b74 Author: Linus Torvalds Date: Thu Jun 11 15:54:31 2020 -0700 Merge tag 'x86-urgent-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull more x86 updates from Thomas Gleixner: "A set of fixes and updates for x86: - Unbreak paravirt VDSO clocks. While the VDSO code was moved into lib for sharing a subtle check for the validity of paravirt clocks got replaced. While the replacement works perfectly fine for bare metal as the update of the VDSO clock mode is synchronous, it fails for paravirt clocks because the hypervisor can invalidate them asynchronously. Bring it back as an optional function so it does not inflict this on architectures which are free of PV damage. - Fix the jiffies to jiffies64 mapping on 64bit so it does not trigger an ODR violation on newer compilers - Three fixes for the SSBD and *IB* speculation mitigation maze to ensure consistency, not disabling of some *IB* variants wrongly and to prevent a rogue cross process shutdown of SSBD. All marked for stable. - Add yet more CPU models to the splitlock detection capable list !@#%$! - Bring the pr_info() back which tells that TSC deadline timer is enabled. - Reboot quirk for MacBook6,1" * tag 'x86-urgent-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/vdso: Unbreak paravirt VDSO clocks lib/vdso: Provide sanity check for cycles (again) clocksource: Remove obsolete ifdef x86_64: Fix jiffies ODR violation x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. x86/speculation: Prevent rogue cross-process SSBD shutdown x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. x86/cpu: Add Sapphire Rapids CPU model number x86/split_lock: Add Icelake microserver and Tigerlake CPU models x86/apic: Make TSC deadline timer detection message visible x86/reboot/quirks: Add MacBook6,1 reboot quirk commit 09a9297574cb10b3d9fe722b2baa9a379b2d289c Author: Dan Carpenter Date: Wed Jun 3 20:54:36 2020 +0300 net/mlx5: E-Switch, Fix some error pointer dereferences We can't leave "counter" set to an error pointer. Otherwise either it will lead to an error pointer dereference later in the function or it leads to an error pointer dereference when we call mlx5_fc_destroy(). Fixes: 07bab9502641d ("net/mlx5: E-Switch, Refactor eswitch ingress acl codes") Signed-off-by: Dan Carpenter Signed-off-by: Saeed Mahameed commit 17e73d47cd095154878dfedd4918d6a9482eba13 Author: Leon Romanovsky Date: Tue Jun 2 15:28:37 2020 +0300 net/mlx5: Don't fail driver on failure to create debugfs Clang warns: drivers/net/ethernet/mellanox/mlx5/core/main.c:1278:6: warning: variable 'err' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized] if (!priv->dbg_root) { ^~~~~~~~~~~~~~~ drivers/net/ethernet/mellanox/mlx5/core/main.c:1303:9: note: uninitialized use occurs here return err; ^~~ drivers/net/ethernet/mellanox/mlx5/core/main.c:1278:2: note: remove the 'if' if its condition is always false if (!priv->dbg_root) { ^~~~~~~~~~~~~~~~~~~~~~ drivers/net/ethernet/mellanox/mlx5/core/main.c:1259:9: note: initialize the variable 'err' to silence this warning int err; ^ = 0 1 warning generated. The check of returned value of debugfs_create_dir() is wrong because by the design debugfs failures should never fail the driver and the check itself was wrong too. The kernel compiled without CONFIG_DEBUG_FS will return ERR_PTR(-ENODEV) and not NULL as expected. Fixes: 11f3b84d7068 ("net/mlx5: Split mdev init and pci init") Link: https://github.com/ClangBuiltLinux/linux/issues/1042 Reported-by: Nathan Chancellor Signed-off-by: Leon Romanovsky Reviewed-by: Nathan Chancellor Signed-off-by: Saeed Mahameed commit 0d156f2deda8675c29fa2b8b5ed9b374370e47f2 Author: Oz Shlomo Date: Sun Jun 7 15:40:40 2020 +0000 net/mlx5e: CT: Fix ipv6 nat header rewrite actions Set the ipv6 word fields according to the hardware definitions. Fixes: ac991b48d43c ("net/mlx5e: CT: Offload established flows") Signed-off-by: Oz Shlomo Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed commit 98f91c45769302b26e781f949b07a90df3c5cbda Author: Parav Pandit Date: Fri May 15 02:44:06 2020 -0500 net/mlx5: Fix devlink objects and devlink device unregister sequence Current below problems exists. 1. devlink device is registered by mlx5_load_one(). But it is not unregistered by mlx5_unload_one(). This is incorrect. 2. Above issue leads to, When mlx5 PCI device is removed, currently devlink device is unregistered before devlink ports are unregistered in below ladder diagram. remove_one() mlx5_devlink_unregister() [..] devlink_unregister() <- ports are still registered! mlx5_unload_one() mlx5_unregister_device() mlx5_remove_device() mlx5e_remove() mlx5e_devlink_port_unregister() devlink_port_unregister() 3. Condition checking for registering and unregister device are not symmetric either in these routines. Hence, fix the sequence by having load and unload routines symmetric and in right order. i.e. (a) register devlink device followed by registering devlink ports (b) unregister devlink ports followed by devlink device Do this based on boot and cleanup flags instead of different conditions. Fixes: c6acd629eec7 ("net/mlx5e: Add support for devlink-port in non-representors mode") Fixes: f60f315d339e ("net/mlx5e: Register devlink ports for physical link, PCI PF, VFs") Signed-off-by: Parav Pandit Reviewed-by: Moshe Shemesh Signed-off-by: Saeed Mahameed commit 60904cd349abc98cb888fc28d1ca55a8e2cf87b3 Author: Parav Pandit Date: Thu May 14 05:12:56 2020 -0500 net/mlx5: Disable reload while removing the device While unregistration is in progress, user might be reloading the interface. This can race with unregistration in below flow which uses the resources which are getting disabled by reload flow. Hence, disable the devlink reloading first when removing the device. CPU0 CPU1 ---- ---- local_pci_remove() devlink_mutex remove_one() devlink_nl_cmd_reload() mlx5_unregister_device() devlink_reload() ops->reload_down() mlx5_unload_one() Fixes: 4383cfcc65e7 ("net/mlx5: Add devlink reload") Signed-off-by: Parav Pandit Reviewed-by: Moshe Shemesh Signed-off-by: Saeed Mahameed commit 5f1572e6178e47c3ace55ced187d93240952c9cd Author: Aya Levin Date: Sun May 17 12:45:52 2020 +0300 net/mlx5e: Fix ethtool hfunc configuration change Changing RX hash function requires rearranging of RQT internal indexes, the user isn't exposed to such changes and these changes do not affect the user configured indirection table. Rebuild RQ table on hfunc change. Fixes: bdfc028de1b3 ("net/mlx5e: Fix ethtool RX hash func configuration change") Signed-off-by: Aya Levin Reviewed-by: Tariq Toukan Signed-off-by: Saeed Mahameed commit 36d45fb9d2fdf348d778bfe73f0427db1c6f9bc7 Author: Maxim Mikityanskiy Date: Mon Jun 1 16:03:44 2020 +0300 net/mlx5e: Fix repeated XSK usage on one channel After an XSK is closed, the relevant structures in the channel are not zeroed. If an XSK is opened the second time on the same channel without recreating channels, the stray values in the structures will lead to incorrect operation of queues, which causes CQE errors, and the new socket doesn't work at all. This patch fixes the issue by explicitly zeroing XSK-related structs in the channel on XSK close. Note that those structs are zeroed on channel creation, and usually a configuration change (XDP program is set) happens on XSK open, which leads to recreating channels, so typical XSK usecases don't suffer from this issue. However, if XSKs are opened and closed on the same channel without removing the XDP program, this bug reproduces. Fixes: db05815b36cb ("net/mlx5e: Add XSK zero-copy support") Signed-off-by: Maxim Mikityanskiy Signed-off-by: Saeed Mahameed commit 47a357de2b6b706af3c9471d5042f9ba8907031e Author: Denis Efremov Date: Mon Jun 1 19:45:26 2020 +0300 net/mlx5: DR, Fix freeing in dr_create_rc_qp() Variable "in" in dr_create_rc_qp() is allocated with kvzalloc() and should be freed with kvfree(). Fixes: 297cccebdc5a ("net/mlx5: DR, Expose an internal API to issue RDMA operations") Cc: stable@vger.kernel.org Signed-off-by: Denis Efremov Signed-off-by: Saeed Mahameed commit b6e0b6bebe0732d5cac51f0791f269d2413b8980 Author: Shay Drory Date: Thu May 7 09:32:53 2020 +0300 net/mlx5: Fix fatal error handling during device load Currently, in case of fatal error during mlx5_load_one(), we cannot enter error state until mlx5_load_one() is finished, what can take several minutes until commands will get timeouts, because these commands can't be processed due to the fatal error. Fix it by setting dev->state as MLX5_DEVICE_STATE_INTERNAL_ERROR before requesting the lock. Fixes: c1d4d2e92ad6 ("net/mlx5: Avoid calling sleeping function by the health poll thread") Signed-off-by: Shay Drory Reviewed-by: Moshe Shemesh Signed-off-by: Saeed Mahameed commit 42ea9f1b5c625fad225d4ac96a7e757dd4199d9c Author: Shay Drory Date: Wed May 6 15:59:48 2020 +0300 net/mlx5: drain health workqueue in case of driver load error In case there is a work in the health WQ when we teardown the driver, in driver load error flow, the health work will try to read dev->iseg, which was already unmap in mlx5_pci_close(). Fix it by draining the health workqueue first thing in mlx5_pci_close(). Trace of the error: BUG: unable to handle page fault for address: ffffb5b141c18014 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 1fe95d067 P4D 1fe95d067 PUD 1fe95e067 PMD 1b7823067 PTE 0 Oops: 0000 [#1] SMP PTI CPU: 3 PID: 6755 Comm: kworker/u128:2 Not tainted 5.2.0-net-next-mlx5-hv_stats-over-last-worked-hyperv #1 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090006 04/28/2016 Workqueue: mlx5_healtha050:00:02.0 mlx5_fw_fatal_reporter_err_work [mlx5_core] RIP: 0010:ioread32be+0x30/0x40 Code: 00 77 27 48 81 ff 00 00 01 00 76 07 0f b7 d7 ed 0f c8 c3 55 48 c7 c6 3b ee d5 9f 48 89 e5 e8 67 fc ff ff b8 ff ff ff ff 5d c3 <8b> 07 0f c8 c3 66 66 2e 0f 1f 84 00 00 00 00 00 48 81 fe ff ff 03 RSP: 0018:ffffb5b14c56fd78 EFLAGS: 00010292 RAX: ffffb5b141c18000 RBX: ffff8e9f78a801c0 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff8e9f7ecd7628 RDI: ffffb5b141c18014 RBP: ffffb5b14c56fd90 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8e9f372a2c30 R11: ffff8e9f87f4bc40 R12: ffff8e9f372a1fc0 R13: ffff8e9f78a80000 R14: ffffffffc07136a0 R15: ffff8e9f78ae6f20 FS: 0000000000000000(0000) GS:ffff8e9f7ecc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffb5b141c18014 CR3: 00000001c8f82006 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? mlx5_health_try_recover+0x4d/0x270 [mlx5_core] mlx5_fw_fatal_reporter_recover+0x16/0x20 [mlx5_core] devlink_health_reporter_recover+0x1c/0x50 devlink_health_report+0xfb/0x240 mlx5_fw_fatal_reporter_err_work+0x65/0xd0 [mlx5_core] process_one_work+0x1fb/0x4e0 ? process_one_work+0x16b/0x4e0 worker_thread+0x4f/0x3d0 kthread+0x10d/0x140 ? process_one_work+0x4e0/0x4e0 ? kthread_cancel_delayed_work_sync+0x20/0x20 ret_from_fork+0x1f/0x30 Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 nfs fscache 8021q garp mrp stp llc ipmi_devintf ipmi_msghandler rpcrdma rdma_ucm ib_iser rdma_cm ib_umad iw_cm ib_ipoib libiscsi scsi_transport_iscsi ib_cm mlx5_ib ib_uverbs ib_core mlx5_core sb_edac crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 mlxfw crypto_simd cryptd glue_helper input_leds hyperv_fb intel_rapl_perf joydev serio_raw pci_hyperv pci_hyperv_mini mac_hid hv_balloon nfsd auth_rpcgss nfs_acl lockd grace sunrpc sch_fq_codel ip_tables x_tables autofs4 hv_utils hid_generic hv_storvsc ptp hid_hyperv hid hv_netvsc hyperv_keyboard pps_core scsi_transport_fc psmouse hv_vmbus i2c_piix4 floppy pata_acpi CR2: ffffb5b141c18014 ---[ end trace b12c5503157cad24 ]--- RIP: 0010:ioread32be+0x30/0x40 Code: 00 77 27 48 81 ff 00 00 01 00 76 07 0f b7 d7 ed 0f c8 c3 55 48 c7 c6 3b ee d5 9f 48 89 e5 e8 67 fc ff ff b8 ff ff ff ff 5d c3 <8b> 07 0f c8 c3 66 66 2e 0f 1f 84 00 00 00 00 00 48 81 fe ff ff 03 RSP: 0018:ffffb5b14c56fd78 EFLAGS: 00010292 RAX: ffffb5b141c18000 RBX: ffff8e9f78a801c0 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff8e9f7ecd7628 RDI: ffffb5b141c18014 RBP: ffffb5b14c56fd90 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8e9f372a2c30 R11: ffff8e9f87f4bc40 R12: ffff8e9f372a1fc0 R13: ffff8e9f78a80000 R14: ffffffffc07136a0 R15: ffff8e9f78ae6f20 FS: 0000000000000000(0000) GS:ffff8e9f7ecc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffb5b141c18014 CR3: 00000001c8f82006 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:38 in_atomic(): 0, irqs_disabled(): 1, pid: 6755, name: kworker/u128:2 INFO: lockdep is turned off. CPU: 3 PID: 6755 Comm: kworker/u128:2 Tainted: G D 5.2.0-net-next-mlx5-hv_stats-over-last-worked-hyperv #1 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090006 04/28/2016 Workqueue: mlx5_healtha050:00:02.0 mlx5_fw_fatal_reporter_err_work [mlx5_core] Call Trace: dump_stack+0x63/0x88 ___might_sleep+0x10a/0x130 __might_sleep+0x4a/0x80 exit_signals+0x33/0x230 ? blocking_notifier_call_chain+0x16/0x20 do_exit+0xb1/0xc30 ? kthread+0x10d/0x140 ? process_one_work+0x4e0/0x4e0 Fixes: 52c368dc3da7 ("net/mlx5: Move health and page alloc init to mdev_init") Signed-off-by: Shay Drory Reviewed-by: Moshe Shemesh Signed-off-by: Saeed Mahameed commit 92ac971219a29336e466921156b16f8fa88d91aa Merge: 623f6dc593ea b91c8c42ffdd Author: Linus Torvalds Date: Thu Jun 11 15:36:28 2020 -0700 Merge tag 'timers-urgent-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fix from Thomas Gleixner: "A small fix for the VDSO code to force inline __cvdso_clock_gettime_common() so the compiler can't generate horrible code" * tag 'timers-urgent-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: lib/vdso: Force inlining of __cvdso_clock_gettime_common() commit 8e3e4b9da7e62680668f6cf71742207758764458 Author: Paul Greenwalt Date: Fri Jun 5 10:09:46 2020 -0700 iavf: increase reset complete wait time With an increased number of VFs, it's possible to encounter the following issue during reset. iavf b8d4:00:02.0: Hardware reset detected iavf b8d4:00:02.0: Reset never finished (0) iavf b8d4:00:02.0: Reset task did not complete, VF disabled Increase the reset complete wait count to allow for 128 VFs to complete reset. Signed-off-by: Paul Greenwalt Signed-off-by: Tony Nguyen Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 18c012d922620bb35ff2ab6838f1269bc12cf647 Author: Brett Creeley Date: Fri Jun 5 10:09:45 2020 -0700 iavf: Fix reporting 2.5 Gb and 5Gb speeds Commit 4ae4916b5643 ("i40e: fix 'Unknown bps' in dmesg for 2.5Gb/5Gb speeds") added the ability for the PF to report 2.5 and 5Gb speeds, however, the iavf driver does not recognize those speeds as the values were not added there. Add the proper enums and values so that iavf can properly deal with those speeds. Fixes: 4ae4916b5643 ("i40e: fix 'Unknown bps' in dmesg for 2.5Gb/5Gb speeds") Signed-off-by: Brett Creeley Signed-off-by: Witold Fijalkowski Signed-off-by: Tony Nguyen Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher commit 5071bda2947f61da0b1c271cf0b16be45c9b81e9 Author: Aleksandr Loktionov Date: Fri Jun 5 10:09:44 2020 -0700 iavf: use appropriate enum for comparison adapter->link_speed has type enum virtchnl_link_speed but our comparisons are against enum iavf_aq_link_speed. Though they are, currently, the same values, change the comparison to the matching enum virtchnl_link_speed since that may not always be the case. Signed-off-by: Aleksandr Loktionov Signed-off-by: Piotr Kwapulinski Signed-off-by: Tony Nguyen Signed-off-by: Jeff Kirsher commit e0ef26fbe2b0c62f42ba7667076dc38b693b6fb8 Author: Brett Creeley Date: Fri Jun 5 10:09:43 2020 -0700 iavf: fix speed reporting over virtchnl Link speeds are communicated over virtchnl using an enum virtchnl_link_speed. Currently, the highest link speed is 40Gbps which leaves us unable to reflect some speeds that an ice VF is capable of. This causes link speed to be misreported on the iavf driver. Allow for communicating link speeds using Mbps so that the proper speed can be reported for an ice VF. Moving away from the enum allows us to communicate future speed changes without requiring a new enum to be added. In order to support communicating link speeds over virtchnl in Mbps the following functionality was added: - Added u32 link_speed_mbps in the iavf_adapter structure. - Added the macro ADV_LINK_SUPPORT(_a) to determine if the VF driver supports communicating link speeds in Mbps. - Added the function iavf_get_vpe_link_status() to fill the correct link_status in the event_data union based on the ADV_LINK_SUPPORT(_a) macro. - Added the function iavf_set_adapter_link_speed_from_vpe() to determine whether or not to fill the u32 link_speed_mbps or enum virtchnl_link_speed link_speed field in the iavf_adapter structure based on the ADV_LINK_SUPPORT(_a) macro. - Do not free vf_res in iavf_init_get_resources() as vf_res will be accessed in iavf_get_link_ksettings(); memset to 0 instead. This memory is subsequently freed in iavf_remove(). Fixes: 7c710869d64e ("ice: Add handlers for VF netdevice operations") Signed-off-by: Brett Creeley Signed-off-by: Sergey Nemov Signed-off-by: Paul Greenwalt Signed-off-by: Tony Nguyen Signed-off-by: Jeff Kirsher commit 2c4779eff837f1035f6f9650d246905daadd9528 Author: Tobias Klauser Date: Thu Jun 11 12:33:41 2020 +0200 tools, bpftool: Exit on error in function codegen Currently, the codegen function might fail and return an error. But its callers continue without checking its return value. Since codegen can fail only in the unlikely case of the system running out of memory or the static template being malformed, just exit(-1) directly from codegen and make it void-returning. Suggested-by: Andrii Nakryiko Signed-off-by: Tobias Klauser Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20200611103341.21532-1-tklauser@distanz.ch commit aa2cad0600ed2ca6a0ab39948d4db1666b6c962b Author: Li RongQing Date: Thu Jun 11 13:11:06 2020 +0800 xdp: Fix xsk_generic_xmit errno Propagate sock_alloc_send_skb error code, not set it to EAGAIN unconditionally, when fail to allocate skb, which might cause that user space unnecessary loops. Fixes: 35fcde7f8deb ("xsk: support for Tx") Signed-off-by: Li RongQing Signed-off-by: Daniel Borkmann Acked-by: Björn Töpel Link: https://lore.kernel.org/bpf/1591852266-24017-1-git-send-email-lirongqing@baidu.com commit 623f6dc593eaf98b91916836785278eddddaacf8 Merge: 5cd221e837d6 37c54f9bd486 Author: Linus Torvalds Date: Thu Jun 11 13:25:53 2020 -0700 Merge branch 'akpm' (patches from Andrew) Merge some more updates from Andrew Morton: - various hotfixes and minor things - hch's use_mm/unuse_mm clearnups Subsystems affected by this patch series: mm/hugetlb, scripts, kcov, lib, nilfs, checkpatch, lib, mm/debug, ocfs2, lib, misc. * emailed patches from Andrew Morton : kernel: set USER_DS in kthread_use_mm kernel: better document the use_mm/unuse_mm API contract kernel: move use_mm/unuse_mm to kthread.c kernel: move use_mm/unuse_mm to kthread.c stacktrace: cleanup inconsistent variable type lib: test get_count_order/long in test_bitops.c mm: add comments on pglist_data zones ocfs2: fix spelling mistake and grammar mm/debug_vm_pgtable: fix kernel crash by checking for THP support lib: fix bitmap_parse() on 64-bit big endian archs checkpatch: correct check for kernel parameters doc nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() lib/lz4/lz4_decompress.c: document deliberate use of `&' kcov: check kcov_softirq in kcov_remote_stop() scripts/spelling: add a few more typos khugepaged: selftests: fix timeout condition in wait_for_scan() commit 0db958b689ca98ec6b6ca20edfffbdc0c4b422ce Author: Rob Herring Date: Thu Jun 11 08:58:04 2020 -0600 dt-bindings: Fix more incorrect 'reg' property sizes in examples The examples template is a 'simple-bus' with a size of 1 cell for had between 2 and 4 cells which really only errors on I2C or SPI type devices with a single cell. The easiest fix in most cases is to change the 'reg' property to 1 cell for address and size. Cc: "Heiko Stübner" Cc: Ezequiel Garcia Cc: Mauro Carvalho Chehab Cc: Philipp Zabel Cc: Miquel Raynal Cc: Richard Weinberger Cc: "David S. Miller" Cc: Bjorn Andersson Cc: Kishon Vijay Abraham I Cc: Vinod Koul Cc: Liam Girdwood Cc: linux-rockchip@lists.infradead.org Cc: linux-media@vger.kernel.org Cc: linux-mtd@lists.infradead.org Cc: netdev@vger.kernel.org Cc: alsa-devel@alsa-project.org Acked-by: Mark Brown Signed-off-by: Rob Herring commit adb36a8203831e40494a92095dacd566b2ad4a69 Author: Aaron Plattner Date: Thu Jun 11 11:08:45 2020 -0700 ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table These IDs are for upcoming NVIDIA chips with audio functions that are largely similar to the existing ones. Signed-off-by: Aaron Plattner Cc: Link: https://lore.kernel.org/r/20200611180845.39942-1-aplattner@nvidia.com Signed-off-by: Takashi Iwai commit 9ec051bf4470ee20505c3c1bca9dc441944de4df Author: Rodrigo Siqueira Date: Wed Apr 29 10:53:02 2020 -0400 drm/amd/display: Rework dsc to isolate FPU operations When we want to use float point operation on Linux we need to use within special kernel protection (`kernel_fpu_{begin,end}()`.), otherwise the kernel can clobber userspace FPU register state. For detecting these issues we use a tool named objtool (with -Ffa flags) to highlight the FPU problems, all warnings can be summed up as follows: ./tools/objtool/objtool check -Ffa drivers/gpu/drm/amd/display/dc/dml/dml_common_defs.o [..] dc/dsc/rc_calc.o: warning: objtool: get_qp_set()+0x2f8: FPU instruction outside of kernel_fpu_{begin,end}() [..] dc/dsc/rc_calc.o: warning: objtool: dsc_roundf()+0x5: FPU instruction outside of kernel_fpu_{begin,end}() [..] dc/dsc/rc_calc.o: warning: objtool: dsc_ceil()+0x5: FPU instruction outside of kernel_fpu_{begin,end}() [..] dc/dsc/rc_calc.o: warning: objtool: get_ofs_set()+0x3eb: FPU instruction outside of kernel_fpu_{begin,end}() [..] dc/dsc/rc_calc.o: warning: objtool: calc_rc_params()+0x3c: FPU instruction outside of kernel_fpu_{begin,end}() [..] dc/dsc/dc_dsc.o: warning: objtool: get_dsc_bandwidth_range.isra.0()+0x8d: FPU instruction outside of kernel_fpu_{begin,end}() [..] dc/dsc/dc_dsc.o: warning: objtool: setup_dsc_config()+0x2ef: FPU instruction outside of kernel_fpu_{begin,end}() [..] dc/dsc/rc_calc_dpi.o: warning: objtool:copy_pps_fields()+0xbb: FPU instruction outside of kernel_fpu_{begin,end}() [..] dc/dsc/rc_calc_dpi.o: warning: objtool: dscc_compute_dsc_parameters()+0x7b: FPU instruction outside of kernel_fpu_{begin,end}() This commit fixes the above issues by rework DSC as described: 1. Isolate all FPU operations in a single file; 2. Use FPU flags only in the file that handles FPU operations; 3. Isolate all functions that require float point operation in static functions; 4. Add a mid-layer function that does not use any float point operation, and that could be safely invoked in other parts of the code. 5. Keep float point operation under DC_FP_{START/END} macro. CC: Christian König CC: Alexander Deucher CC: Peter Zijlstra CC: Tony Cheng CC: Harry Wentland Signed-off-by: Rodrigo Siqueira Reviewed-by: Mikita Lipski Acked-by: Qingqing Zhuo Signed-off-by: Alex Deucher commit 5cd221e837d6fe2a4d284360581be3fdcbf79734 Author: Joerg Roedel Date: Thu Jun 11 11:11:39 2020 +0200 alpha: Fix build around srm_sysrq_reboot_op The patch introducing the struct was probably never compile tested, because it sets a handler with a wrong function signature. Wrap the handler into a functions with the correct signature to fix the build. Fixes: 0f1c9688a194 ("tty/sysrq: alpha: export and use __sysrq_get_key_op()") Cc: Emil Velikov Signed-off-by: Joerg Roedel Reviewed-by: Guenter Roeck Tested-by: Guenter Roeck Signed-off-by: Linus Torvalds commit 790243d3bf78f9830a3b2ffbca1ed0f528295d48 Author: Sandeep Raghuraman Date: Thu Jun 11 01:36:26 2020 +0530 drm/amdgpu: Replace invalid device ID with a valid device ID Initializes Powertune data for a specific Hawaii card by fixing what looks like a typo in the code. The device ID 66B1 is not a supported device ID for this driver, and is not mentioned elsewhere. 67B1 is a valid device ID, and is a Hawaii Pro GPU. I have tested on my R9 390 which has device ID 67B1, and it works fine without problems. Signed-off-by: Sandeep Raghuraman Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit cd16ed33c3c618930ccda7049dcea05ee707a9c0 Merge: 55d728b2b05f 01f76386b0ac Author: Linus Torvalds Date: Thu Jun 11 12:55:20 2020 -0700 Merge tag 'riscv-for-linus-5.8-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux Pull more RISC-V updates from Palmer Dabbelt: - Kconfig select statements are now sorted alphanumerically - first-level interrupts are now handled via a full irqchip driver - CPU hotplug is fixed - vDSO calls now use the common vDSO infrastructure * tag 'riscv-for-linus-5.8-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: riscv: set the permission of vdso_data to read-only riscv: use vDSO common flow to reduce the latency of the time-related functions riscv: fix build warning of missing prototypes RISC-V: Don't mark init section as non-executable RISC-V: Force select RISCV_INTC for CONFIG_RISCV RISC-V: Remove do_IRQ() function clocksource/drivers/timer-riscv: Use per-CPU timer interrupt irqchip: RISC-V per-HART local interrupt controller driver RISC-V: Rename and move plic_find_hart_id() to arch directory RISC-V: self-contained IPI handling routine RISC-V: Sort select statements alphanumerically commit 55d728b2b05fb0377a9048af3460c375b54619e2 Merge: d3ea69343983 dd4bc6076587 Author: Linus Torvalds Date: Thu Jun 11 12:53:23 2020 -0700 Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "arm64 fixes that came in during the merge window. There will probably be more to come, but it doesn't seem like it's worth me sitting on these in the meantime. - Fix SCS debug check to report max stack usage in bytes as advertised - Fix typo: CONFIG_FTRACE_WITH_REGS => CONFIG_DYNAMIC_FTRACE_WITH_REGS - Fix incorrect mask in HiSilicon L3C perf PMU driver - Fix compat vDSO compilation under some toolchain configurations - Fix false UBSAN warning from ACPI IORT parsing code - Fix booting under bootloaders that ignore TEXT_OFFSET - Annotate debug initcall function with '__init'" * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: warn on incorrect placement of the kernel by the bootloader arm64: acpi: fix UBSAN warning arm64: vdso32: add CONFIG_THUMB2_COMPAT_VDSO drivers/perf: hisi: Fix wrong value for all counters enable arm64: ftrace: Change CONFIG_FTRACE_WITH_REGS to CONFIG_DYNAMIC_FTRACE_WITH_REGS arm64: debug: mark a function as __init to save some memory scs: Report SCS usage in bytes rather than number of entries commit d3ea693439833b5ed9b932512e9a90b9381035c9 Merge: 2dca74a40e1e 9e2b6ed41f8f Author: Linus Torvalds Date: Thu Jun 11 12:50:54 2020 -0700 Merge tag 'm68knommu-for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu Pull m68knommu updates from Greg Ungerer: - casting clean up in the user access macros - memory leak on error case fix for PCI probing - update of a defconfig * tag 'm68knommu-for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68k,nommu: fix implicit cast from __user in __{get,put}_user_asm() m68k,nommu: add missing __user in uaccess' __ptr() macro m68k: Drop CONFIG_MTD_M25P80 in stmark2_defconfig m68k/PCI: Fix a memory leak in an error handling path commit c0eca14c57f12357551f48aa882791395fef1263 Author: Rob Herring Date: Thu Jun 11 08:52:38 2020 -0600 dt-bindings: phy: qcom: Fix missing 'ranges' and example addresses The QCom QMP PHY bindings have child nodes with translatable (MMIO) addresses, so a 'ranges' property is required in the parent node. Additionally, the examples default to 1 address and size cell, so let's fix that, too. Fixes: ccf51c1cedfd ("dt-bindings: phy: qcom,qmp: Convert QMP PHY bindings to yaml") Cc: Andy Gross Cc: Bjorn Andersson Cc: Kishon Vijay Abraham I Cc: Vinod Koul Cc: Manu Gautam Cc: linux-arm-msm@vger.kernel.org Signed-off-by: Rob Herring commit 086e9074f52f6f623e1d6d02edc3cb661bb04f4e Author: Rob Herring Date: Wed Jun 10 15:49:12 2020 -0600 dt-bindings: Remove more cases of 'allOf' containing a '$ref' Another round of 'allOf' removals that came in this cycle. json-schema versions draft7 and earlier have a weird behavior in that any keywords combined with a '$ref' are ignored (silently). The correct form was to put a '$ref' under an 'allOf'. This behavior is now changed in the 2019-09 json-schema spec and '$ref' can be mixed with other keywords. The json-schema library doesn't yet support this, but the tooling now does a fixup for this and either way works. This has been a constant source of review comments, so let's change this treewide so everyone copies the simpler syntax. Signed-off-by: Rob Herring commit 9798278260e8f61d04415342544a8f701bc5ace7 Author: Tuong Lien Date: Thu Jun 11 17:08:08 2020 +0700 tipc: fix NULL pointer dereference in tipc_disc_rcv() When a bearer is enabled, we create a 'tipc_discoverer' object to store the bearer related data along with a timer and a preformatted discovery message buffer for later probing... However, this is only carried after the bearer was set 'up', that left a race condition resulting in kernel panic. It occurs when a discovery message from a peer node is received and processed in bottom half (since the bearer is 'up' already) just before the discoverer object is created but is now accessed in order to update the preformatted buffer (with a new trial address, ...) so leads to the NULL pointer dereference. We solve the problem by simply moving the bearer 'up' setting to later, so make sure everything is ready prior to any message receiving. Acked-by: Jon Maloy Signed-off-by: Tuong Lien Signed-off-by: David S. Miller commit c9aa81faf19115fc2e732e7f210b37bb316987ff Author: Tuong Lien Date: Thu Jun 11 17:07:35 2020 +0700 tipc: fix kernel WARNING in tipc_msg_append() syzbot found the following issue: WARNING: CPU: 0 PID: 6808 at include/linux/thread_info.h:150 check_copy_size include/linux/thread_info.h:150 [inline] WARNING: CPU: 0 PID: 6808 at include/linux/thread_info.h:150 copy_from_iter include/linux/uio.h:144 [inline] WARNING: CPU: 0 PID: 6808 at include/linux/thread_info.h:150 tipc_msg_append+0x49a/0x5e0 net/tipc/msg.c:242 Kernel panic - not syncing: panic_on_warn set ... This happens after commit 5e9eeccc58f3 ("tipc: fix NULL pointer dereference in streaming") that tried to build at least one buffer even when the message data length is zero... However, it now exposes another bug that the 'mss' can be zero and the 'cpy' will be negative, thus the above kernel WARNING will appear! The zero value of 'mss' is never expected because it means Nagle is not enabled for the socket (actually the socket type was 'SOCK_SEQPACKET'), so the function 'tipc_msg_append()' must not be called at all. But that was in this particular case since the message data length was zero, and the 'send <= maxnagle' check became true. We resolve the issue by explicitly checking if Nagle is enabled for the socket, i.e. 'maxnagle != 0' before calling the 'tipc_msg_append()'. We also reinforce the function to against such a negative values if any. Reported-by: syzbot+75139a7d2605236b0b7f@syzkaller.appspotmail.com Fixes: c0bceb97db9e ("tipc: add smart nagle feature") Acked-by: Jon Maloy Signed-off-by: Tuong Lien Signed-off-by: David S. Miller commit 77f972a7077d06d565243ecc192f45e1e5813cf1 Author: Shannon Nelson Date: Wed Jun 10 21:07:39 2020 -0700 ionic: remove support for mgmt device We no longer support the mgmt device in the ionic driver, so remove the device id and related code. Fixes: b3f064e9746d ("ionic: add support for device id 0x1004") Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller commit 2dca74a40e1e7ff45079d85fc507769383039b9d Merge: e0154bd47889 e9f901dc05c0 Author: Linus Torvalds Date: Thu Jun 11 12:42:14 2020 -0700 Merge tag 'mailbox-v5.8' of git://git.linaro.org/landing-teams/working/fujitsu/integration Pull mailbox updates from Jassi Brar: "qcom: - new controller driver for IPCC - reorg the of_device data - add support for ipq6018 platform spreadtrum: - new sprd controller driver imx: - implement suspend/resume PM support misc: - make pcc driver struct static - fix return value in imx_mu_scu - disable clock before bailout in imx probe - remove duplicate error mssg in zynqmp probe - fix header size in imx.scu - check for null instead of is-err in zynqmp" * tag 'mailbox-v5.8' of git://git.linaro.org/landing-teams/working/fujitsu/integration: mailbox: qcom: Add ipq6018 apcs compatible mailbox: qcom: Add clock driver name in apcs mailbox driver data dt-bindings: mailbox: Add YAML schemas for QCOM APCS global block mailbox: imx: ONLY IPC MU needs IRQF_NO_SUSPEND flag mailbox: imx: Add runtime PM callback to handle MU clocks mailbox: imx: Add context save/restore for suspend/resume MAINTAINERS: Add entry for Qualcomm IPCC driver mailbox: Add support for Qualcomm IPCC dt-bindings: mailbox: Add devicetree binding for Qcom IPCC mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() mailbox: imx-mailbox: fix scu msg header size check mailbox: sprd: Add Spreadtrum mailbox driver dt-bindings: mailbox: Add the Spreadtrum mailbox documentation mailbox: ZynqMP IPI: Delete an error message in zynqmp_ipi_probe() mailbox: imx: Disable the clock on devm_mbox_controller_register() failure mailbox: imx: Fix return in imx_mu_scu_xlate() mailbox: imx: Support runtime PM mailbox: pcc: make pcc_mbox_driver static commit 9334d5ba32c052fc925e0c817dc398c98b093221 Author: Xu Wang Date: Thu Jun 11 02:45:20 2020 +0000 drivers: dpaa2: Use devm_kcalloc() in setup_dpni() A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "devm_kcalloc". Signed-off-by: Xu Wang Signed-off-by: David S. Miller commit e0154bd478897b277aeb7195bf9088e9ce05bbb0 Merge: d4e181f204dd a4f55d927d33 Author: Linus Torvalds Date: Thu Jun 11 12:38:11 2020 -0700 Merge tag 'sound-fix-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Here are last-minute fixes gathered before merge window close; a few fixes are for the core while the rest majority are driver fixes. - PCM locking annotation fixes and the possible self-lock fix - ASoC DPCM regression fixes with multi-CPU DAI - A fix for inconsistent resume from system-PM on USB-audio - Improved runtime-PM handling with multiple USB interfaces - Quirks for HD-audio and USB-audio - Hardened firmware handling in max98390 codec - A couple of fixes for meson" * tag 'sound-fix-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (21 commits) ASoC: rt5645: Add platform-data for Asus T101HA ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags ASoC: Intel: boards: replace capture_only by dpcm_capture ASoC: core: only convert non DPCM link to DPCM link ASoC: soc-pcm: dpcm: fix playback/capture checks ASoC: meson: add missing free_irq() in error path ALSA: pcm: disallow linking stream to itself ALSA: usb-audio: Manage auto-pm of all bundled interfaces ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines ALSA: pcm: fix snd_pcm_link() lockdep splat ALSA: usb-audio: Use the new macro for HP Dock rename quirks ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock ALSA: emu10k1: delete an unnecessary condition dt-bindings: ASoc: Fix tdm-slot documentation spelling error ASoC: meson: fix memory leak of links if allocation of ldata fails ALSA: usb-audio: Fix inconsistent card PM state after resume ASoC: max98390: Fix potential crash during param fw loading ASoC: max98390: Fix incorrect printf qualifier ASoC: fsl-asoc-card: Defer probe when fail to find codec device ... commit d4e181f204dd0491da6c1d09b7208a0b990ec887 Merge: a53956829914 66057dd1d1cf Author: Linus Torvalds Date: Thu Jun 11 12:27:06 2020 -0700 Merge tag 'drm-next-2020-06-11-1' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "One sun4i fix and a connector hotplug race The ast fix is for a regression in 5.6, and one of the i915 ones fixes an oops reported by dhowells. core: - fix race in connectors sending hotplug i915: - Avoid use after free in cmdparser - Avoid NULL dereference when probing all display encoders - Fixup to module parameter type sun4i: - clock divider fix ast: - 24/32 bpp mode setting fix" * tag 'drm-next-2020-06-11-1' of git://anongit.freedesktop.org/drm/drm: drm/ast: fix missing break in switch statement for format->cpp[0] case 4 drm/sun4i: hdmi ddc clk: Fix size of m divider drm/i915/display: Only query DP state of a DDI encoder drm/i915/params: fix i915.reset module param type drm/i915/gem: Mark the buffer pool as active for the cmdparser drm/connector: notify userspace on hotplug after register complete commit a53956829914223ff6c53397b007421201354eb8 Merge: e8de4575cf76 ba838a75e73f Author: Linus Torvalds Date: Thu Jun 11 12:22:41 2020 -0700 Merge tag 'nfs-for-5.8-1' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client updates from Anna Schumaker: "New features and improvements: - Sunrpc receive buffer sizes only change when establishing a GSS credentials - Add more sunrpc tracepoints - Improve on tracepoints to capture internal NFS I/O errors Other bugfixes and cleanups: - Move a dprintk() to after a call to nfs_alloc_fattr() - Fix off-by-one issues in rpc_ntop6 - Fix a few coccicheck warnings - Use the correct SPDX license identifiers - Fix rpc_call_done assignment for BIND_CONN_TO_SESSION - Replace zero-length array with flexible array - Remove duplicate headers - Set invalid blocks after NFSv4 writes to update space_used attribute - Fix direct WRITE throughput regression" * tag 'nfs-for-5.8-1' of git://git.linux-nfs.org/projects/anna/linux-nfs: (27 commits) NFS: Fix direct WRITE throughput regression SUNRPC: rpc_xprt lifetime events should record xprt->state xprtrdma: Make xprt_rdma_slot_table_entries static nfs: set invalid blocks after NFSv4 writes NFS: remove redundant initialization of variable result sunrpc: add missing newline when printing parameter 'auth_hashtable_size' by sysfs NFS: Add a tracepoint in nfs_set_pgio_error() NFS: Trace short NFS READs NFS: nfs_xdr_status should record the procedure name SUNRPC: Set SOFTCONN when destroying GSS contexts SUNRPC: rpc_call_null_helper() should set RPC_TASK_SOFT SUNRPC: rpc_call_null_helper() already sets RPC_TASK_NULLCREDS SUNRPC: trace RPC client lifetime events SUNRPC: Trace transport lifetime events SUNRPC: Split the xdr_buf event class SUNRPC: Add tracepoint to rpc_call_rpcerror() SUNRPC: Update the RPC_SHOW_SOCKET() macro SUNRPC: Update the rpc_show_task_flags() macro SUNRPC: Trace GSS context lifetimes SUNRPC: receive buffer size estimation values almost never change ... commit 1f44328ea24c9de368a3cfe5cc0e110b949afb2e Author: Marco Elver Date: Thu May 21 16:20:47 2020 +0200 compiler_types.h, kasan: Use __SANITIZE_ADDRESS__ instead of CONFIG_KASAN to decide inlining Use __always_inline in compilation units that have instrumentation disabled (KASAN_SANITIZE_foo.o := n) for KASAN, like it is done for KCSAN. Also, add common documentation for KASAN and KCSAN explaining the attribute. [ bp: Massage commit message. ] Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Acked-by: Will Deacon Link: https://lkml.kernel.org/r/20200521142047.169334-12-elver@google.com commit eb73876c74313231c35cee6310f8ad62c56fa2b3 Author: Marco Elver Date: Thu May 21 16:20:46 2020 +0200 compiler.h: Move function attributes to compiler_types.h Cleanup and move the KASAN and KCSAN related function attributes to compiler_types.h, where the rest of the same kind live. No functional change intended. Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Acked-by: Will Deacon Link: https://lkml.kernel.org/r/20200521142047.169334-11-elver@google.com commit 95c094fccb85422eff3c12930ebebbda9278f76b Author: Marco Elver Date: Thu May 21 16:20:45 2020 +0200 compiler.h: Avoid nested statement expression in data_race() It appears that compilers have trouble with nested statement expressions. Therefore, remove one level of statement expression nesting from the data_race() macro. This will help avoiding potential problems in the future as its usage increases. Reported-by: Borislav Petkov Reported-by: Nathan Chancellor Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Acked-by: Will Deacon Tested-by: Nick Desaulniers Link: https://lkml.kernel.org/r/20200520221712.GA21166@zn.tnic Link: https://lkml.kernel.org/r/20200521142047.169334-10-elver@google.com commit 44b97dccb2291a56454549827adc5e99d94811f3 Author: Marco Elver Date: Thu May 21 16:20:44 2020 +0200 compiler.h: Remove data_race() and unnecessary checks from {READ,WRITE}_ONCE() The volatile accesses no longer need to be wrapped in data_race() because compilers that emit instrumentation distinguishing volatile accesses are required for KCSAN. Consequently, the explicit kcsan_check_atomic*() are no longer required either since the compiler emits instrumentation distinguishing the volatile accesses. Finally, simplify __READ_ONCE_SCALAR() and remove __WRITE_ONCE_SCALAR(). [ bp: Convert commit message to passive voice. ] Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Acked-by: Will Deacon Link: https://lkml.kernel.org/r/20200521142047.169334-9-elver@google.com commit 0bb9ab3a6fa7ca9f627d85f6f683fae51598e8c8 Author: Marco Elver Date: Thu May 21 16:20:43 2020 +0200 kcsan: Update Documentation to change supported compilers Document change in required compiler version for KCSAN, and remove the now redundant note about __no_kcsan and inlining problems with older compilers. Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Acked-by: Will Deacon Link: https://lkml.kernel.org/r/20200521142047.169334-8-elver@google.com commit e3b779d9ebe82b4be0121f25f27632844bb86d96 Author: Marco Elver Date: Thu May 21 16:20:41 2020 +0200 kcsan: Remove 'noinline' from __no_kcsan_or_inline Some compilers incorrectly inline small __no_kcsan functions, which then results in instrumenting the accesses. For this reason, the 'noinline' attribute was added to __no_kcsan_or_inline. All known versions of GCC are affected by this. Supported versions of Clang are unaffected, and never inline a no_sanitize function. However, the attribute 'noinline' in __no_kcsan_or_inline causes unexpected code generation in functions that are __no_kcsan and call a __no_kcsan_or_inline function. In certain situations it is expected that the __no_kcsan_or_inline function is actually inlined by the __no_kcsan function, and *no* calls are emitted. By removing the 'noinline' attribute, give the compiler the ability to inline and generate the expected code in __no_kcsan functions. Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Acked-by: Will Deacon Link: https://lkml.kernel.org/r/CANpmjNNOpJk0tprXKB_deiNAv_UmmORf1-2uajLhnLWQQ1hvoA@mail.gmail.com Link: https://lkml.kernel.org/r/20200521142047.169334-6-elver@google.com commit d31d4d6bb256c3e784709e4aaf075de87c3390fc Author: Marco Elver Date: Thu May 21 16:20:40 2020 +0200 kcsan: Pass option tsan-instrument-read-before-write to Clang Clang (unlike GCC) removes reads before writes with matching addresses in the same basic block. This is an optimization for TSAN, since writes will always cause conflict if the preceding read would have. However, for KCSAN we cannot rely on this option, because we apply several special rules to writes, in particular when the KCSAN_ASSUME_PLAIN_WRITES_ATOMIC option is selected. To avoid missing potential data races, pass the -tsan-instrument-read-before-write option to Clang if it is available [1]. [1] https://github.com/llvm/llvm-project/commit/151ed6aa38a3ec6c01973b35f684586b6e1c0f7e Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Acked-by: Will Deacon Link: https://lkml.kernel.org/r/20200521142047.169334-5-elver@google.com commit 75d75b7a4d5489cc6a5e91ace306f6c13f376f33 Author: Marco Elver Date: Thu May 21 16:20:39 2020 +0200 kcsan: Support distinguishing volatile accesses In the kernel, the "volatile" keyword is used in various concurrent contexts, whether in low-level synchronization primitives or for legacy reasons. If supported by the compiler, it will be assumed that aligned volatile accesses up to sizeof(long long) (matching compiletime_assert_rwonce_type()) are atomic. Recent versions of Clang [1] (GCC tentative [2]) can instrument volatile accesses differently. Add the option (required) to enable the instrumentation, and provide the necessary runtime functions. None of the updated compilers are widely available yet (Clang 11 will be the first release to support the feature). [1] https://github.com/llvm/llvm-project/commit/5a2c31116f412c3b6888be361137efd705e05814 [2] https://gcc.gnu.org/pipermail/gcc-patches/2020-April/544452.html This change allows removing of any explicit checks in primitives such as READ_ONCE() and WRITE_ONCE(). [ bp: Massage commit message a bit. ] Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Will Deacon Acked-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20200521142047.169334-4-elver@google.com commit 0e1aa5b62160500bb2ed3150367fba83c0a194e5 Author: Marco Elver Date: Thu May 21 16:20:42 2020 +0200 kcsan: Restrict supported compilers The first version of Clang that supports -tsan-distinguish-volatile will be able to support KCSAN. The first Clang release to do so, will be Clang 11. This is due to satisfying all the following requirements: 1. Never emit calls to __tsan_func_{entry,exit}. 2. __no_kcsan functions should not call anything, not even kcsan_{enable,disable}_current(), when using __{READ,WRITE}_ONCE => Requires leaving them plain! 3. Support atomic_{read,set}*() with KCSAN, which rely on arch_atomic_{read,set}*() using __{READ,WRITE}_ONCE() => Because of #2, rely on Clang 11's -tsan-distinguish-volatile support. We will double-instrument atomic_{read,set}*(), but that's reasonable given it's still lower cost than the data_race() variant due to avoiding 2 extra calls (kcsan_{en,dis}able_current() calls). 4. __always_inline functions inlined into __no_kcsan functions are never instrumented. 5. __always_inline functions inlined into instrumented functions are instrumented. 6. __no_kcsan_or_inline functions may be inlined into __no_kcsan functions => Implies leaving 'noinline' off of __no_kcsan_or_inline. 7. Because of #6, __no_kcsan and __no_kcsan_or_inline functions should never be spuriously inlined into instrumented functions, causing the accesses of the __no_kcsan function to be instrumented. Older versions of Clang do not satisfy #3. The latest GCC currently doesn't support at least #1, #3, and #7. Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Acked-by: Will Deacon Link: https://lkml.kernel.org/r/CANpmjNMTsY_8241bS7=XAfqvZHFLrVEkv_uM4aDUWE_kh3Rvbw@mail.gmail.com Link: https://lkml.kernel.org/r/20200521142047.169334-7-elver@google.com commit 17168f5c1bef4ec7c239e2dd5e3e60b862727dd4 Author: Marco Elver Date: Thu May 21 16:20:38 2020 +0200 kcsan: Avoid inserting __tsan_func_entry/exit if possible To avoid inserting __tsan_func_{entry,exit}, add option if supported by compiler. Currently only Clang can be told to not emit calls to these functions. It is safe to not emit these, since KCSAN does not rely on them. Note that, if we disable __tsan_func_{entry,exit}(), we need to disable tail-call optimization in sanitized compilation units, as otherwise we may skip frames in the stack trace; in particular when the tail called function is one of the KCSAN's runtime functions, and a report is generated, we might miss the function where the actual access occurred. Since __tsan_func_{entry,exit}() insertion effectively disabled tail-call optimization, there should be no observable change. This was caught and confirmed with kcsan-test & UNWINDER_ORC. Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Will Deacon Acked-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20200521142047.169334-3-elver@google.com commit ea91a1d45d19469001a4955583187b0d75915759 Author: Arnd Bergmann Date: Thu May 21 16:20:37 2020 +0200 ubsan, kcsan: Don't combine sanitizer with kcov on clang Clang does not allow -fsanitize-coverage=trace-{pc,cmp} together with -fsanitize=bounds or with ubsan: clang: error: argument unused during compilation: '-fsanitize-coverage=trace-pc' [-Werror,-Wunused-command-line-argument] clang: error: argument unused during compilation: '-fsanitize-coverage=trace-cmp' [-Werror,-Wunused-command-line-argument] To avoid the warning, check whether clang can handle this correctly or disallow ubsan and kcsan when kcov is enabled. Signed-off-by: Arnd Bergmann Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Marco Elver Acked-by: Peter Zijlstra (Intel) Link: https://bugs.llvm.org/show_bug.cgi?id=45831 Link: https://lore.kernel.org/lkml/20200505142341.1096942-1-arnd@arndb.de Link: https://lkml.kernel.org/r/20200521142047.169334-2-elver@google.com commit 37d1a04b13a6d2fec91a6813fc034947a27db034 Merge: 37f8173dd849 97a9474aeb78 Author: Thomas Gleixner Date: Thu Jun 11 20:02:46 2020 +0200 Rebase locking/kcsan to locking/urgent Merge the state of the locking kcsan branch before the read/write_once() and the atomics modifications got merged. Squash the fallout of the rebase on top of the read/write once and atomic fallback work into the merge. The history of the original branch is preserved in tag locking-kcsan-2020-06-02. Signed-off-by: Thomas Gleixner commit 49b3deaad3452217d62dbd78da8df24eb0c7e169 Merge: e0135a104c52 15c99816ed93 Author: Paolo Bonzini Date: Thu Jun 11 14:02:32 2020 -0400 Merge tag 'kvmarm-fixes-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD KVM/arm64 fixes for Linux 5.8, take #1 * 32bit VM fixes: - Fix embarassing mapping issue between AArch32 CSSELR and AArch64 ACTLR - Add ACTLR2 support for AArch32 - Get rid of the useless ACTLR_EL1 save/restore - Fix CP14/15 accesses for AArch32 guests on BE hosts - Ensure that we don't loose any state when injecting a 32bit exception when running on a VHE host * 64bit VM fixes: - Fix PtrAuth host saving happening in preemptible contexts - Optimize PtrAuth lazy enable - Drop vcpu to cpu context pointer - Fix sparse warnings for HYP per-CPU accesses commit e8de4575cf7601917c2eae9f8ee1a8ee3d9be2a7 Merge: 7cf035cc8326 320bdbd81615 Author: Linus Torvalds Date: Thu Jun 11 11:02:13 2020 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "A number of fixes to the omap and nitrox drivers" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated crypto: omap-sham - add proper load balancing support for multicore crypto: omap-aes - prevent unregistering algorithms twice crypto: omap-sham - fix very small data size handling crypto: omap-sham - huge buffer access fixes crypto: omap-crypto - fix userspace copied buffer access crypto: omap-sham - force kernel driver usage for sha algos crypto: omap-aes - avoid spamming console with self tests commit e0135a104c52ccc977bc04a972bc889e0298b068 Author: Paolo Bonzini Date: Thu Jun 11 14:01:51 2020 -0400 KVM: x86: do not pass poisoned hva to __kvm_set_memory_region __kvm_set_memory_region does not use the hva at all, so trying to catch use-after-delete is pointless and, worse, it fails access_ok now that we apply it to all memslots including private kernel ones. This fixes an AVIC regression. Fixes: 09d952c971a5 ("KVM: check userspace_addr for all memslots") Reported-by: Maxim Levitsky Signed-off-by: Paolo Bonzini commit 7cf035cc8326066a514146065b6ee8fc2c30fc21 Merge: c742b63473b3 e4f9ba20d3b8 Author: Linus Torvalds Date: Thu Jun 11 10:48:12 2020 -0700 Merge tag 'vfs-5.8-merge-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull DAX updates part three from Darrick Wong: "Now that the xfs changes have landed, this third piece changes the FS_XFLAG_DAX ioctl code in xfs to request that the inode be reloaded after the last program closes the file, if doing so would make a S_DAX change happen. The goal here is to make dax access mode switching quicker when possible. Summary: - Teach XFS to ask the VFS to drop an inode if the administrator changes the FS_XFLAG_DAX inode flag such that the S_DAX state would change. This can result in files changing access modes without requiring an unmount cycle" * tag 'vfs-5.8-merge-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: fs/xfs: Update xfs_ioctl_setattr_dax_invalidate() fs/xfs: Combine xfs_diflags_to_linux() and xfs_diflags_to_iflags() fs/xfs: Create function xfs_inode_should_enable_dax() fs/xfs: Make DAX mount option a tri-state fs/xfs: Change XFS_MOUNT_DAX to XFS_MOUNT_DAX_ALWAYS fs/xfs: Remove unnecessary initialization of i_rwsem commit ba838a75e73f55a780f1ee896b8e3ecb032dba0f Author: Chuck Lever Date: Fri May 29 14:14:40 2020 -0400 NFS: Fix direct WRITE throughput regression I measured a 50% throughput regression for large direct writes. The observed on-the-wire behavior is that the client sends every NFS WRITE twice: once as an UNSTABLE WRITE plus a COMMIT, and once as a FILE_SYNC WRITE. This is because the nfs_write_match_verf() check in nfs_direct_commit_complete() fails for every WRITE. Buffered writes use nfs_write_completion(), which sets req->wb_verf correctly. Direct writes use nfs_direct_write_completion(), which does not set req->wb_verf at all. This leaves req->wb_verf set to all zeroes for every direct WRITE, and thus nfs_direct_commit_completion() always sets NFS_ODIRECT_RESCHED_WRITES. This fix appears to restore nearly all of the lost performance. Fixes: 1f28476dcb98 ("NFS: Fix O_DIRECT commit verifier handling") Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 94afd9c489fe6720ea3f49084125344e22610880 Author: Chuck Lever Date: Mon May 18 10:13:02 2020 -0400 SUNRPC: rpc_xprt lifetime events should record xprt->state Help troubleshoot the logic that uses these flags. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 5bffb00621b121c9f4726f1e755ad4246cf4b800 Author: Zou Wei Date: Thu Apr 23 15:10:02 2020 +0800 xprtrdma: Make xprt_rdma_slot_table_entries static Fix the following sparse warning: net/sunrpc/xprtrdma/transport.c:71:14: warning: symbol 'xprt_rdma_slot_table_entries' was not declared. Should it be static? Reported-by: Hulk Robot Signed-off-by: Zou Wei Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker commit 3a39e778690500066b31fe982d18e2e394d3bce2 Author: Zheng Bin Date: Thu May 21 17:17:21 2020 +0800 nfs: set invalid blocks after NFSv4 writes Use the following command to test nfsv4(size of file1M is 1MB): mount -t nfs -o vers=4.0,actimeo=60 127.0.0.1/dir1 /mnt cp file1M /mnt du -h /mnt/file1M -->0 within 60s, then 1M When write is done(cp file1M /mnt), will call this: nfs_writeback_done nfs4_write_done nfs4_write_done_cb nfs_writeback_update_inode nfs_post_op_update_inode_force_wcc_locked(change, ctime, mtime nfs_post_op_update_inode_force_wcc_locked nfs_set_cache_invalid nfs_refresh_inode_locked nfs_update_inode nfsd write response contains change, ctime, mtime, the flag will be clear after nfs_update_inode. Howerver, write response does not contain space_used, previous open response contains space_used whose value is 0, so inode->i_blocks is still 0. nfs_getattr -->called by "du -h" do_update |= force_sync || nfs_attribute_cache_expired -->false in 60s cache_validity = READ_ONCE(NFS_I(inode)->cache_validity) do_update |= cache_validity & (NFS_INO_INVALID_ATTR -->false if (do_update) { __nfs_revalidate_inode } Within 60s, does not send getattr request to nfsd, thus "du -h /mnt/file1M" is 0. Add a NFS_INO_INVALID_BLOCKS flag, set it when nfsv4 write is done. Fixes: 16e143751727 ("NFS: More fine grained attribute tracking") Signed-off-by: Zheng Bin Signed-off-by: Anna Schumaker commit 86b936672e55388bd5674e50e5ff4ef95f3477b8 Author: Colin Ian King Date: Wed May 27 13:56:11 2020 +0100 NFS: remove redundant initialization of variable result The variable result is being initialized with a value that is never read and it is being updated later with a new value. The initialization is redundant and can be removed. Addresses-Coverity: ("Unused value") Signed-off-by: Colin Ian King Signed-off-by: Anna Schumaker commit 2ac3ddc723469c66846262e1d7954199ef95d6dc Author: Xiongfeng Wang Date: Fri May 8 09:33:00 2020 +0800 sunrpc: add missing newline when printing parameter 'auth_hashtable_size' by sysfs When I cat parameter '/sys/module/sunrpc/parameters/auth_hashtable_size', it displays as follows. It is better to add a newline for easy reading. [root@hulk-202 ~]# cat /sys/module/sunrpc/parameters/auth_hashtable_size 16[root@hulk-202 ~]# Signed-off-by: Xiongfeng Wang Signed-off-by: Anna Schumaker commit cd2ed9bdc0794464d57a5ae2d979b1543a75694b Author: Chuck Lever Date: Tue May 12 17:14:11 2020 -0400 NFS: Add a tracepoint in nfs_set_pgio_error() Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit fd2b6121415539c394f7c610da5ffa6df919db46 Author: Chuck Lever Date: Tue May 12 17:14:05 2020 -0400 NFS: Trace short NFS READs A short read can generate an -EIO error without there being an error on the wire. This tracepoint acts as an eyecatcher when there is no obvious I/O error. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 5be5945864ea143fda628e8179c8474457af1f43 Author: Chuck Lever Date: Tue May 12 17:14:00 2020 -0400 NFS: nfs_xdr_status should record the procedure name When sunrpc trace points are not enabled, the recorded task ID information alone is not helpful. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 841a2ed9a13d0d54ec7f961c54e7b52ffa97c8bb Author: Chuck Lever Date: Tue May 12 17:13:55 2020 -0400 SUNRPC: Set SOFTCONN when destroying GSS contexts Move the RPC_TASK_SOFTCONN flag into rpc_call_null_helper(). The only minor behavior change is that it is now also set when destroying GSS contexts. This gives a better guarantee that gss_send_destroy_context() will not hang for long if a connection cannot be established. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 6fc3737aac19c81181d5ec3f9c86e324e85e733a Author: Chuck Lever Date: Tue May 12 17:13:50 2020 -0400 SUNRPC: rpc_call_null_helper() should set RPC_TASK_SOFT Clean up. All of rpc_call_null_helper() call sites assert RPC_TASK_SOFT, so move that setting into rpc_call_null_helper() itself. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit eefc536dbdf1c55777bb192dfac2faf0993d8e10 Author: Chuck Lever Date: Tue May 12 17:13:44 2020 -0400 SUNRPC: rpc_call_null_helper() already sets RPC_TASK_NULLCREDS Clean up. Commit a52458b48af1 ("NFS/NFSD/SUNRPC: replace generic creds with 'struct cred'.") made rpc_call_null_helper() set RPC_TASK_NULLCREDS unconditionally. Therefore there's no need for rpc_call_null_helper()'s call sites to set RPC_TASK_NULLCREDS. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 42aad0d7f9486b72155892c689bea2ff9793d8a8 Author: Chuck Lever Date: Tue May 12 17:13:39 2020 -0400 SUNRPC: trace RPC client lifetime events The "create" tracepoint records parts of the rpc_create arguments, and the shutdown tracepoint records when the rpc_clnt is about to signal pending tasks and destroy auths. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 911813d7a15221362d1655d246f3502c0f898c14 Author: Chuck Lever Date: Tue May 12 17:13:34 2020 -0400 SUNRPC: Trace transport lifetime events Refactor: Hoist create/destroy/disconnect tracepoints out of xprtrdma and into the generic RPC client. Some benefits include: - Enable tracing of xprt lifetime events for the socket transport types - Expose the different types of disconnect to help run down issues with lingering connections Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit c509f15a5801605652126831d965751e8d602471 Author: Chuck Lever Date: Tue May 12 17:13:28 2020 -0400 SUNRPC: Split the xdr_buf event class To help tie the recorded xdr_buf to a particular RPC transaction, the client side version of this class should display task ID information and the server side one should show the request's XID. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 0125ecbb526745930c63585314fa4e1c45432979 Author: Chuck Lever Date: Tue May 12 17:13:23 2020 -0400 SUNRPC: Add tracepoint to rpc_call_rpcerror() Add a tracepoint in another common exit point for failing RPCs. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 82909dc546461c6ea060879e9b6fbe5eeac37cea Author: Chuck Lever Date: Tue May 12 17:13:18 2020 -0400 SUNRPC: Update the RPC_SHOW_SOCKET() macro Clean up: remove unnecessary commas, and fix a white-space nit. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 7a34c8e0c38b5fd21a764031b1f8664c28b595af Author: Chuck Lever Date: Tue May 12 17:13:12 2020 -0400 SUNRPC: Update the rpc_show_task_flags() macro Recent additions to the RPC_TASK flags neglected to update the tracepoint ENUM definitions. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 74fb8fecee99f61415dcb6e22dbc24f42988a1d3 Author: Chuck Lever Date: Tue May 12 17:13:07 2020 -0400 SUNRPC: Trace GSS context lifetimes Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 53bc19f17f21738735706fabcae3070f16c833db Author: Chuck Lever Date: Tue May 12 17:13:01 2020 -0400 SUNRPC: receive buffer size estimation values almost never change Avoid unnecessary cache sloshing by placing the buffer size estimation update logic behind an atomic bit flag. The size of GSS information included in each wrapped Reply does not change during the lifetime of a GSS context. Therefore, the au_rslack and au_ralign fields need to be updated only once after establishing a fresh GSS credential. Thus a slack size update must occur after a cred is created, duplicated, renewed, or expires. I'm not sure I have this exactly right. A trace point is introduced to track updates to these variables to enable troubleshooting the problem if I missed a spot. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit c742b63473b3c5180db8b5d74fdbd56e4371dfa2 Merge: b29482fde649 1eb2f96d0bff Author: Linus Torvalds Date: Thu Jun 11 10:33:13 2020 -0700 Merge tag 'nfsd-5.8' of git://linux-nfs.org/~bfields/linux Pull nfsd updates from Bruce Fields: "Highlights: - Keep nfsd clients from unnecessarily breaking their own delegations. Note this requires a small kthreadd addition. The result is Tejun Heo's suggestion (see link), and he was OK with this going through my tree. - Patch nfsd/clients/ to display filenames, and to fix byte-order when displaying stateid's. - fix a module loading/unloading bug, from Neil Brown. - A big series from Chuck Lever with RPC/RDMA and tracing improvements, and lay some groundwork for RPC-over-TLS" Link: https://lore.kernel.org/r/1588348912-24781-1-git-send-email-bfields@redhat.com * tag 'nfsd-5.8' of git://linux-nfs.org/~bfields/linux: (49 commits) sunrpc: use kmemdup_nul() in gssp_stringify() nfsd: safer handling of corrupted c_type nfsd4: make drc_slab global, not per-net SUNRPC: Remove unreachable error condition in rpcb_getport_async() nfsd: Fix svc_xprt refcnt leak when setup callback client failed sunrpc: clean up properly in gss_mech_unregister() sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. sunrpc: check that domain table is empty at module unload. NFSD: Fix improperly-formatted Doxygen comments NFSD: Squash an annoying compiler warning SUNRPC: Clean up request deferral tracepoints NFSD: Add tracepoints for monitoring NFSD callbacks NFSD: Add tracepoints to the NFSD state management code NFSD: Add tracepoints to NFSD's duplicate reply cache SUNRPC: svc_show_status() macro should have enum definitions SUNRPC: Restructure svc_udp_recvfrom() SUNRPC: Refactor svc_recvfrom() SUNRPC: Clean up svc_release_skb() functions SUNRPC: Refactor recvfrom path dealing with incomplete TCP receives SUNRPC: Replace dprintk() call sites in TCP receive path ... commit 2630e1bb0948c3134c6f22ad275ae27cc6023532 Author: Jonas Karlman Date: Fri May 22 22:21:33 2020 +0200 media: rkvdec: Fix H264 scaling list order The Rockchip Video Decoder driver is expecting that the values in a scaling list are in zig-zag order and applies the inverse scanning process to get the values in matrix order. Commit 0b0393d59eb4 ("media: uapi: h264: clarify expected scaling_list_4x4/8x8 order") clarified that the values in the scaling list should already be in matrix order. Fix this by removing the reordering and change to use two memcpy. Fixes: cd33c830448b ("media: rkvdec: Add the rkvdec driver") Signed-off-by: Jonas Karlman Tested-by: Nicolas Dufresne Reviewed-by: Ezequiel Garcia [hverkuil-cisco@xs4all.nl: rkvdec_scaling_matrix -> rkvdec_h264_scaling_list] Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit 88441917dc6cd995cb993df603e264f5b88be50c Author: Jonas Karlman Date: Wed May 27 00:25:15 2020 +0200 media: v4l2-ctrls: Unset correct HEVC loop filter flag Wrong loop filter flag is unset when tiles enabled flag is not set, this cause HEVC decoding issues with Rockchip Video Decoder. Fix this by unsetting the loop filter across tiles enabled flag instead of the pps loop filter across slices enabled flag when tiles are disabled. Fixes: 256fa3920874 ("media: v4l: Add definitions for HEVC stateless decoding") Signed-off-by: Jonas Karlman Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit 0d9668721311607353d4861e6c32afeb272813dc Author: Tomi Valkeinen Date: Wed May 27 10:23:34 2020 +0200 media: videobuf2-dma-contig: fix bad kfree in vb2_dma_contig_clear_max_seg_size Commit 9495b7e92f716ab2bd6814fab5e97ab4a39adfdd ("driver core: platform: Initialize dma_parms for platform devices") in v5.7-rc5 causes vb2_dma_contig_clear_max_seg_size() to kfree memory that was not allocated by vb2_dma_contig_set_max_seg_size(). The assumption in vb2_dma_contig_set_max_seg_size() seems to be that dev->dma_parms is always NULL when the driver is probed, and the case where dev->dma_parms has bee initialized by someone else than the driver (by calling vb2_dma_contig_set_max_seg_size) will cause a failure. All the current users of these functions are platform devices, which now always have dma_parms set by the driver core. To fix the issue for v5.7, make vb2_dma_contig_set_max_seg_size() return an error if dma_parms is NULL to be on the safe side, and remove the kfree code from vb2_dma_contig_clear_max_seg_size(). For v5.8 we should remove the two functions and move the dma_set_max_seg_size() calls into the drivers. Signed-off-by: Tomi Valkeinen Fixes: 9495b7e92f71 ("driver core: platform: Initialize dma_parms for platform devices") Cc: stable@vger.kernel.org Acked-by: Marek Szyprowski Reviewed-by: Ulf Hansson Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit 5be5f41dd785a67cf4e1dc07a3454e340a94b2e0 Author: Michael Rodin Date: Wed May 27 18:21:32 2020 +0200 media: v4l2-subdev.rst: correct information about v4l2 events Remove description of non-existing v4l2_subdev.nevents and replace the undefined flag V4L2_SUBDEV_USES_EVENTS by the correct flag V4L2_SUBDEV_FL_HAS_EVENTS, which is already documented in v4l2_subdev.flags Fixes: commit 02adb1cc765b ("[media] v4l: subdev: Events support") Signed-off-by: Michael Rodin Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit cc8c0363ddce6308168d8223378ca884c213f280 Author: Marek Szyprowski Date: Thu May 28 16:03:26 2020 +0200 media: s5p-mfc: Properly handle dma_parms for the allocated devices Commit 9495b7e92f71 ("driver core: platform: Initialize dma_parms for platform devices") in v5.7-rc5 added allocation of dma_parms structure to all platform devices. Then vb2_dma_contig_set_max_seg_size() have been changed not to allocate dma_parms structure and rely on the one allocated by the device core. Lets allocate the needed structure also for the devices created for the 2 MFC device memory ports. Reported-by: Tomi Valkeinen Suggested-by: Ulf Hansson Fixes: 9495b7e92f71 ("driver core: platform: Initialize dma_parms for platform devices") Signed-off-by: Marek Szyprowski Reviewed-by: Ulf Hansson Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit 15168b204691aa8cbff043c1151e9dbfdd088364 Author: Geert Uytterhoeven Date: Thu Jun 4 11:39:53 2020 +0200 media: medium: cec: Make MEDIA_CEC_SUPPORT default to n if !MEDIA_SUPPORT Recently, MEDIA_CEC_SUPPORT became indepedent of MEDIA_SUPPORT. However, if MEDIA_SUPPORT is not enabled, MEDIA_SUPPORT_FILTER is not defined, and MEDIA_CEC_SUPPORT is thus enabled by default, which is not desirable. Fix this by adding a dependency on MEDIA_CEC_SUPPORT to the default configuration. Fixes: 46d2a3b964ddbe63 ("media: place CEC menu before MEDIA_SUPPORT") Signed-off-by: Geert Uytterhoeven Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit d5aecd289babf3adcf5a837b067a5efddb097d99 Author: Jernej Skrabec Date: Sat May 9 22:06:43 2020 +0200 media: cedrus: Implement runtime PM This allows the VE clocks and PLL_VE to be disabled most of the time. A runtime PM reference is held while streaming. Signed-off-by: Jernej Skrabec Signed-off-by: Samuel Holland Reviewed-by: Ezequiel Garcia Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit a8876c22eab9a871834f85de83e98bbf7e6e264d Author: Samuel Holland Date: Sat May 9 22:06:42 2020 +0200 media: cedrus: Program output format during each run Previously, the output format was programmed as part of the ioctl() handler. However, this has two problems: 1) If there are multiple active streams with different output formats, the hardware will use whichever format was set last for both streams. Similarly, an ioctl() done in an inactive context will wrongly affect other active contexts. 2) The registers are written while the device is not actively streaming. To enable runtime PM tied to the streaming state, all hardware access needs to be moved inside cedrus_device_run(). The call to cedrus_dst_format_set() is now placed just before the codec-specific callback that programs the hardware. Cc: Fixes: 50e761516f2b ("media: platform: Add Cedrus VPU decoder driver") Suggested-by: Jernej Skrabec Suggested-by: Paul Kocialkowski Signed-off-by: Samuel Holland Tested-by: Jernej Skrabec Reviewed-by: Jernej Skrabec Reviewed-by: Ezequiel Garcia Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit f4f90edf90935424c65c310e830db13a5a2ce944 Author: Mauro Carvalho Chehab Date: Thu Jun 4 17:04:33 2020 +0200 media: atomisp: improve ACPI/DMI detection logs As there are several ways where the driver could possible retrieve sensor data, make the prints clearer about what was detected and from where. Signed-off-by: Mauro Carvalho Chehab commit c25ad350f1ab36c56701601d98de9872b71fe0ad Author: Mauro Carvalho Chehab Date: Thu Jun 4 22:28:38 2020 +0200 media: Revert "media: atomisp: add Asus Transform T101HA ACPI vars" Now that the EFI _DSM table is parsed by the driver, we don't need a DMI match anymore for Asus Transform T101HA. This reverts commit 0a76fd8e8d202dcaabc714850205d5d75c9b8271. Signed-off-by: Mauro Carvalho Chehab commit fc9bfbc67fe4270150e34704ca40d696ec933abc Author: Mauro Carvalho Chehab Date: Thu Jun 4 14:40:40 2020 +0200 media: Revert "media: atomisp: Add some ACPI detection info" This reverts commit 0d64e9420583cbc3c4a3f949ebe38fd8f7769281. As gmin_subdev_add() now takes the ACPI handle directly, we can deprecate the code that were doing this inside each I2C driver. PS.: This also reverts commit c03496b3bd92 ("media: atomisp: add a notice about possible leak resources") Signed-off-by: Mauro Carvalho Chehab commit 387041cda44eda841c1b39858e75a916b100778c Author: Mauro Carvalho Chehab Date: Thu Jun 4 11:46:03 2020 +0200 media: atomisp: improve sensor detection code to use _DSM table Instead of keep hardcoding device-specific tables, read them directly from the ACPI BIOS, if available. This method is know to work with Asus T101HA device. the same table is also visible on EzPad devices. So, it seems that at least some BIOSes use this method to pass data about ISP2401-connected sensors. Signed-off-by: Mauro Carvalho Chehab commit 69a03e36c7116ce575f7dd438f895e499aa6e790 Author: Mauro Carvalho Chehab Date: Mon Jun 1 10:50:35 2020 +0200 media: atomisp: get rid of an iomem abstraction layer The hive_isp_css_custom_host_hrt.h code, together with atomisp_helper.h, provides an abstraction layer for some functions inside atomisp_compat_css20.c and atomisp_cmd.c. There's no good reason for that. In a matter of fact, after removing the abstraction, the code looked a lot cleaner and easier to understand. So, get rid of them. While here, get rid also of the udelay(1) abstraction code. Signed-off-by: Mauro Carvalho Chehab commit 662fb4fceb1a30c027774f8fc83c96198254af32 Author: Mauro Carvalho Chehab Date: Wed Jun 3 08:19:44 2020 +0200 media: atomisp: get rid of a string_support.h abstraction layer Some parts of the driver have their own implementation of memcpy() & friends. Replace all of them by strscpy(). Signed-off-by: Mauro Carvalho Chehab commit 48b532b9d2a2f27920878a0faea7fac05ec2ebc0 Author: Mauro Carvalho Chehab Date: Wed Jun 3 08:12:14 2020 +0200 media: atomisp: use strscpy() instead of less secure variants Replace usages of strcpy(), strlcpy() and strncpy() in favor of strscpy(). Suggested-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit baf768cf29f8fb1529e160e3ee481746ae78f6c7 Author: Mauro Carvalho Chehab Date: Mon Jun 1 10:38:47 2020 +0200 media: atomisp: set DFS to MAX if sensor doesn't report fps If the sensor doesn't implement support for g_frame_interval, it won't return the expected fps rate. Instead of keeping DFS on its minimal value (which will likely not work), set it to the max. Signed-off-by: Mauro Carvalho Chehab commit 92b2bc49fc7cb9219d144bff018884dfb000eb03 Author: Mauro Carvalho Chehab Date: Sun May 31 14:02:55 2020 +0200 media: atomisp: use different dfs failed messages There are several parts of the driver that could produce a "dfs failed!" message. Change the texts, in order to help identifying from where they're coming. Signed-off-by: Mauro Carvalho Chehab commit 469a7306f1717b9017006708f0815bd5294324dd Author: Mauro Carvalho Chehab Date: Mon Jun 1 09:43:24 2020 +0200 media: atomisp: change the detection of ISP2401 at runtime Instead of having a static var to detect it, let's use the already-existing arch-specific bytes, as this is how other parts of the code also checks when it needs to do something different, depending on an specific chipset version. Signed-off-by: Mauro Carvalho Chehab commit 77bdacaa9f553449fe2807bfb5a88f10dba4d2b4 Author: Mauro Carvalho Chehab Date: Mon Jun 1 09:39:55 2020 +0200 media: atomisp: use macros from intel-family.h Instead of hardcoding the intel family values there, use the already defined ones from asm/intel-family.h. Signed-off-by: Mauro Carvalho Chehab commit 17c3827b4c5744abed8cfc6bf86fdbedf0ed61d2 Author: Mauro Carvalho Chehab Date: Mon Jun 1 09:02:46 2020 +0200 media: atomisp: don't set hpll_freq twice with different values The logic which sets the hpll_freq for BYT sets hpll_freq to 1600MHz, but ignores it, and sets it again after reading from-device-specific EFI vars (this time, using a default of 2000MHz). Remove the first set, as this will be overriden anyway. While here, do minor adjustments on comments and on a printk message. Signed-off-by: Mauro Carvalho Chehab commit c371af686972ee2a7946b56f6b6b42bcb80d2091 Author: Mauro Carvalho Chehab Date: Mon Jun 1 08:34:08 2020 +0200 media: atomisp: get rid of a detection hack for a BYT Andorid-based tablet There's a hack at the driver that selects a different table for a BYT tablet, which sets the maximum frequency to 320 MHz, instead of 400 MHz. After looking at the Intel Aero Yocto's version from: https://download.01.org/aero/deb/pool/main/l/linux-4.4.76-aero-1.3/ It was noticed that this depends on an Android-specific modprobe parameter, which uses a macro (INTEL_MID_BOARD) from this file: arch/x86/include/asm/spid.h >From the comments there, it looks like this macro parses a variable passed at boot time: cmdline : androidboot.spid=vend:cust:manu:plat:prod:hard The devices in question are identified there as: INTEL_BYT_TABLET_BLK_PRO = 0x0000 INTEL_BYT_TABLET_BLK_ENG = 0x8000 Well, this is something that we don't have upstream. So, without further details about that, we can't really parse it. If we ever end supporting those devices with the upstream driver, this patch can be reverted and the device can be detected via DMI (or maybe via PCI ID?). Signed-off-by: Mauro Carvalho Chehab commit 946881109181d9def4002156bfa85b020dc05583 Author: Mauro Carvalho Chehab Date: Sun May 31 13:53:08 2020 +0200 media: atomisp: use just one mamoiada_params.h As both isp2400 and isp2401 files are identical, remove one of them and remove the test for ISP variant. Signed-off-by: Mauro Carvalho Chehab commit 55b0d4d9313f2875b461b02baf211e111dfb5075 Author: Mauro Carvalho Chehab Date: Sun May 31 13:50:05 2020 +0200 media: atomisp: remove some unused defines from *mamoiada_params.h There are some parameters that are different between isp2400 and isp2401. None of those are actually used. So, get rid of them. Signed-off-by: Mauro Carvalho Chehab commit 0a4b8c457b04af7409348ceb2484e8c726ee6953 Author: Mauro Carvalho Chehab Date: Sun May 31 13:28:12 2020 +0200 media: atomisp: simplify IRQ ifdef logic There are lots of mess with IRQ ifdef settings. As the *_global.h will already detect the type of IRQ system at compile time, we can get rid of them, replacing by just one ifdef for ISP2401. Signed-off-by: Mauro Carvalho Chehab commit d0b674ac625058dac7888c08d9e26d338f4f23b9 Author: Mauro Carvalho Chehab Date: Sun May 31 13:06:01 2020 +0200 media: atomisp: get rid of ifdef nonsense There are some ifdefs there that end doing the same thing. Get rid of them. Signed-off-by: Mauro Carvalho Chehab commit 35a933d47038c77ed8b9e5670480b830c503848a Author: Mauro Carvalho Chehab Date: Sun May 31 12:57:41 2020 +0200 media: atomisp: get rid of a duplicated file The contents of hive_isp_css_2401_irq_types_hrt.h and hive_isp_css_common/irq_global.h are identical, except for one unused enum: On isp2401, this IRQ line has this name: hrt_isp_css_irq_is2401 = HIVE_GP_DEV_IRQ_ISP_PMEM_ERROR_BIT_ID, While the same bit is named as: hrt_isp_css_irq_isp_pmem_error = HIVE_GP_DEV_IRQ_ISP_PMEM_ERROR_BIT_ID, At the isp2400 version. Remove one of them, in order to reduce the code differences between those two versions. Signed-off-by: Mauro Carvalho Chehab commit 90240017891afbd2b10506e30f688b6c63e11ebc Author: Mauro Carvalho Chehab Date: Sun May 31 12:47:00 2020 +0200 media: atomisp: do some cleanup at irq_local.h - Get rid of typedefs; - Get rid of a duplicated enum type with different names for ISP2400 and ISP2401; - adjust indentation on the touched code. Signed-off-by: Mauro Carvalho Chehab commit f2fb029b3790e1f374e93fc6d0ca1e6239e44543 Author: Mauro Carvalho Chehab Date: Sun May 31 11:55:21 2020 +0200 media: atomisp: improve IRQ handling debug messages When an IRQ is not handled, it is nice to know what's the reason. Signed-off-by: Mauro Carvalho Chehab commit 495eef11f79d176ba28435ff78adbcb77e5326c8 Author: Mauro Carvalho Chehab Date: Sun May 31 11:39:17 2020 +0200 media: atomisp: comment an unused code There's a different table for some BYT variants that depend on something inside a FIXME ifdef. Place this also inside it, just to shut up a clang-11 warning. Reported-by: kbuild test robot Signed-off-by: Mauro Carvalho Chehab commit 586f93fa2aee184c55aa63faed10d5cc09e1136a Author: Mauro Carvalho Chehab Date: Sun May 31 11:38:41 2020 +0200 media: atomisp: get rid of a left-over wrapper function The abstraction layer for kvfree() was removed, but there is still a left-over code there. Reported-by: kbuild test robot Signed-off-by: Mauro Carvalho Chehab commit 54b15d8de0f681aeddd93f8b73a7c60db021156c Author: Mauro Carvalho Chehab Date: Sun May 31 00:08:41 2020 +0200 media: atomisp: get rid of an unused IRQ duplicated event There are two names for the same IRQ, but just one is used. Remove the unused one. Signed-off-by: Mauro Carvalho Chehab commit c0818685371e269777514f2e2cbb120d6434840a Author: Mauro Carvalho Chehab Date: Sat May 30 21:06:42 2020 +0200 media: atomisp: get rid of sh_css_pipe.c There's nothing there, just comments. Signed-off-by: Mauro Carvalho Chehab commit 89f3b3196e7fe63a66296c7ed95b96964963c6ea Author: Arnd Bergmann Date: Fri May 29 22:00:27 2020 +0200 media: staging: media: atomisp: fix stack overflow in init_pipe_defaults() When building with clang, multiple copies of the structures to be initialized are passed around on the stack and copied locally, using an insane amount of stack space: drivers/staging/media/atomisp/pci/sh_css.c:2371:1: error: stack frame size of 26864 bytes in function 'create_pipe' [-Werror,-Wframe-larger-than=] Use constantly-allocated variables plus an explicit memcpy() to avoid that. Co-authored-by: Mauro Carvalho Chehab Fixes: 6dc9a2568f84 ("media: atomisp: convert default struct values to use compound-literals with designated initializers") Signed-off-by: Arnd Bergmann Signed-off-by: Mauro Carvalho Chehab commit 5b552b198c2557295becd471bff53bb520fefee5 Author: Mauro Carvalho Chehab Date: Sat May 30 18:10:07 2020 +0200 media: atomisp: re-enable warnings again For most warnings, the current code is OK. There are still some issues with implicit-fallthough warnings. Solve those and re-enable all warnings for this driver. Signed-off-by: Mauro Carvalho Chehab commit fb1f6ae692fc9d2d102a231ffbebe901a061f727 Author: Mauro Carvalho Chehab Date: Sat May 30 17:24:15 2020 +0200 media: atomisp: remove format duplication at mbus->fourcc table This table used to be used also to translate between ia_css abstraction and V4L2 fourcc codes. This was removed on a past patch, but the table now contains two fields with identical values. Get rid of one of them. Signed-off-by: Mauro Carvalho Chehab commit 4e86bde20122aeb4abd8b586ee7f3959f898223c Author: Arnd Bergmann Date: Fri May 29 22:00:31 2020 +0200 media: staging: media: atomisp: add PMIC_OPREGION dependency Without that driver, there is a link failure in ERROR: modpost: "intel_soc_pmic_exec_mipi_pmic_seq_element" [drivers/staging/media/atomisp/pci/atomisp_gmin_platform.ko] undefined! Add an explicit Kconfig dependency. Signed-off-by: Arnd Bergmann Reviewed-by: Nathan Chancellor Signed-off-by: Mauro Carvalho Chehab commit 065e5e559555e2f100bc95792a8ef1b609bbe130 Author: Arnd Bergmann Date: Fri May 29 22:00:30 2020 +0200 media: staging: media: atomisp: disable all custom formats clang points out the usage of an incorrect enum type in the list of supported image formats: drivers/staging/media/atomisp/pci/atomisp_subdev.c:49:65: error: implicit conversion from enumeration type 'enum ia_css_frame_format' to different enumeration type 'enum atomisp_input_format' [-Werror,-Wenum-conversion] { V4L2_MBUS_FMT_CUSTOM_NV21, 12, 12, CSS_FRAME_FORMAT_NV21, 0, CSS_FRAME_FORMAT_NV21 }, drivers/staging/media/atomisp/pci/atomisp_subdev.c:49:39: error: implicit conversion from enumeration type 'enum ia_css_frame_format' to different enumeration type 'enum atomisp_input_format' [-Werror,-Wenum-conversion] { V4L2_MBUS_FMT_CUSTOM_NV21, 12, 12, CSS_FRAME_FORMAT_NV21, 0, CSS_FRAME_FORMAT_NV21 }, { V4L2_MBUS_FMT_CUSTOM_NV12, 12, 12, CSS_FRAME_FORMAT_NV12, 0, CSS_FRAME_FORMAT_NV12 }, { MEDIA_BUS_FMT_JPEG_1X8, 8, 8, CSS_FRAME_FORMAT_BINARY_8, 0, ATOMISP_INPUT_FORMAT_BINARY_8 }, Checking the git history, I found a commit that disabled one such case because it did not work. It seems likely that the incorrect enum was part of the original problem and that the others do not work either, or have never been tested. Disable all the ones that cause a warning. Fixes: cb02ae3d71ea ("media: staging: atomisp: Disable custom format for now") Signed-off-by: Arnd Bergmann Reviewed-by: Nathan Chancellor Signed-off-by: Mauro Carvalho Chehab commit 6fc07dd22fd5c5d74cd6dca974867d5c55e0959f Author: Arnd Bergmann Date: Fri May 29 22:00:29 2020 +0200 media: staging: media: atomisp: fix enum type mixups Some function calls pass an incorrect enum type: drivers/staging/media/atomisp/pci/hive_isp_css_common/host/input_system.c:858:16: error: implicit conversion from enumeration type 'input_system_ID_t' to different enumeration type 'gp_device_ID_t' [-Werror,-Wenum-conversion] gp_device_rst(INPUT_SYSTEM0_ID); ~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~ drivers/staging/media/atomisp/pci/hive_isp_css_common/host/input_system.c:860:19: error: implicit conversion from enumeration type 'input_system_ID_t' to different enumeration type 'gp_device_ID_t' [-Werror,-Wenum-conversion] input_switch_rst(INPUT_SYSTEM0_ID); ~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~ drivers/staging/media/atomisp/pci/hive_isp_css_common/host/input_system.c:876:27: error: implicit conversion from enumeration type 'input_system_cfg_flag_t' to different enumeration type 'input_system_connection_t' [-Werror,-Wenum-conversion] config.multicast[i] = INPUT_SYSTEM_CFG_FLAG_RESET; ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/staging/media/atomisp/pci/hive_isp_css_common/host/input_system.c:1326:32: error: implicit conversion from enumeration type 'input_system_ID_t' to different enumeration type 'gp_device_ID_t' [-Werror,-Wenum-conversion] input_selector_cfg_for_sensor(INPUT_SYSTEM0_ID); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~ drivers/staging/media/atomisp/pci/hive_isp_css_common/host/input_system.c:1329:19: error: implicit conversion from enumeration type 'input_system_ID_t' to different enumeration type 'gp_device_ID_t' [-Werror,-Wenum-conversion] input_switch_cfg(INPUT_SYSTEM0_ID, &config.input_switch_cfg); ~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~ INPUT_SYSTEM0_ID is zero, so use the corresponding zero-value of the expected types instead. Fixes: a49d25364dfb ("staging/atomisp: Add support for the Intel IPU v2") Signed-off-by: Arnd Bergmann Reviewed-by: Nathan Chancellor Signed-off-by: Mauro Carvalho Chehab commit 93517ea037c3235d74945617c43af657ffe81bc6 Author: Arnd Bergmann Date: Fri May 29 22:00:24 2020 +0200 media: staging: media: atomisp: declare 'struct device' before using it In some configurations, including this header leads to a warning: drivers/staging/media/atomisp//pci/sh_css_firmware.h:41:38: error: declaration of 'struct device' will not be visible outside of this function [-Werror,-Wvisibility] Make sure the struct tag is known before declaring a function that uses it as an argument. Fixes: 9d4fa1a16b28 ("media: atomisp: cleanup directory hierarchy") Signed-off-by: Arnd Bergmann Reviewed-by: Nathan Chancellor Signed-off-by: Mauro Carvalho Chehab commit f5fbb83feba2a91c4b19389ba995175d71c51df9 Author: Mauro Carvalho Chehab Date: Sat May 30 07:38:24 2020 +0200 media: atomisp: add SPDX headers This driver is licensed under GPL 2.0, as stated inside their headers. Add the proper tag there. We should probably latter cleanup the reduntant licensing text, but this could be done later, after we get rid of other abstraction layers. Signed-off-by: Mauro Carvalho Chehab commit a5047a3400d51c043a6501f960eefc8b102c9203 Author: Sakari Ailus Date: Thu Jun 4 18:16:21 2020 +0200 media: staging: atomisp: Check return value from compat_alloc_user_space If something gets wrong, return, instead of trying to convert from a NULL pointer. Signed-off-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 84f1b2dc0c47b11aff3de1af237e8377e8bb7898 Author: Sakari Ailus Date: Thu Jun 4 18:16:20 2020 +0200 media: staging: atomisp: Fix compat IOCTL handling Atomisp compat IOCTL handling suffers from the same security issue than the V4L2 did. Fix this for atomisp. See more information in patch a1dfb4c48cc1 ("media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic"). Signed-off-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 09013efe1c1a73154a0bf2ab14430d33e3c7d2fd Author: Sakari Ailus Date: Thu Jun 4 18:16:19 2020 +0200 media: staging: atomisp: Fix atomisp_overlay32 compat handling The struct atomisp_overlay contains overlay_start_x and overlay_start_y fields. Instead of copying the value of the overlay_start_x field between the two structs, the value of the overlay_start_y field of the compat struct was copied to the overlay_start_x field of the 64-bit kernel struct in get operation and back in put. The overlay_start_x field value was not copied from or to the user space struct. Fix this so that the value of overlay_start_x is copied to overlay_start_x and the value of overlay_start_y is copied to overlay_start_y. Also do copy blend_overlay_perc_u field only once. Signed-off-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit f8b39c658a524485d646d5fdfe2b987e80ba172f Author: Sakari Ailus Date: Thu Jun 4 18:16:18 2020 +0200 media: staging: atomisp: There's no struct atomisp_dvs2_coefficients It's called struct atomisp_dis_coefficients. Signed-off-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 4556cbcf80c9b40130b69968155c49ecefcebbc0 Author: Mauro Carvalho Chehab Date: Fri May 29 10:41:02 2020 +0200 media: atomisp: add some debug messages when binaries are used The ISP firmware logic is complex, as several binaries are contained into a single file. Print debug messages: - with a stack dump if binary not found; - when a firmware is selected. Signed-off-by: Mauro Carvalho Chehab commit 530c09f26179debc4bcd7a0ad6da38d75bfc0296 Author: Mauro Carvalho Chehab Date: Fri May 29 12:18:25 2020 +0200 media: atomisp: add a debug message at hmm free In order to check if aren't there any memory leaks, let's add a debug print for hmm_free(). Signed-off-by: Mauro Carvalho Chehab commit 607e954ac50ed39944db72874d80240aab15004f Author: Mauro Carvalho Chehab Date: Fri May 29 09:56:05 2020 +0200 media: atomisp: allow passing firmware name at modprobe time It can be useful to be able to test different firmware files at modprobe time, in order to be able to test different variants without much efforts. Signed-off-by: Mauro Carvalho Chehab commit 6a9c6ba7b7358ab5c6921b30ec191af4c7dfa3f6 Author: Mauro Carvalho Chehab Date: Fri May 29 09:29:58 2020 +0200 media: atomisp: print firmware data during load While there's a way to list the firmware binaries in runtime, it is worth to also print it during firmware load. One advantage is that this code also introduces additional checks with regards to invalid firmware types, which can be useful to identify problems. Signed-off-by: Mauro Carvalho Chehab commit 0cd8726c26edd1df1d7aaf2c1b9a99cfa2f52c2a Author: Mauro Carvalho Chehab Date: Fri May 29 08:10:30 2020 +0200 media: atomisp: provide more details about the firmware binaries In order to make easier to identify what a firmware file contains, add more info at the firmware dump log facility. Signed-off-by: Mauro Carvalho Chehab commit cfb65c15d784d517b60b16ca917a42f68978740c Author: Vitaly Kuznetsov Date: Wed Jun 10 18:41:16 2020 +0200 KVM: selftests: fix sync_with_host() in smm_test It was reported that older GCCs compile smm_test in a way that breaks it completely: kvm_exit: reason EXIT_CPUID rip 0x4014db info 0 0 func 7ffffffd idx 830 rax 0 rbx 0 rcx 0 rdx 0, cpuid entry not found ... kvm_exit: reason EXIT_MSR rip 0x40abd9 info 0 0 kvm_msr: msr_read 487 = 0x0 (#GP) ... Note, '7ffffffd' was supposed to be '80000001' as we're checking for SVM. Dropping '-O2' from compiler flags help. Turns out, asm block in sync_with_host() is wrong. We us 'in 0xe, %%al' instruction to sync with the host and in 'AL' register we actually pass the parameter (stage) but after sync 'AL' gets written to but GCC thinks the value is still there and uses it to compute 'EAX' for 'cpuid'. smm_test can't fully use standard ucall() framework as we need to write a very simple SMI handler there. Fix the immediate issue by making RAX input/output operand. While on it, make sync_with_host() static inline. Reported-by: Marcelo Bandeira Condotta Signed-off-by: Vitaly Kuznetsov Message-Id: <20200610164116.770811-1-vkuznets@redhat.com> Reviewed-by: Jim Mattson Signed-off-by: Paolo Bonzini commit 2a18b7e7cd8882f626316c340c6f2fca49b5fa12 Author: Vitaly Kuznetsov Date: Wed Jun 10 19:55:32 2020 +0200 KVM: async_pf: Inject 'page ready' event only if 'page not present' was previously injected 'Page not present' event may or may not get injected depending on guest's state. If the event wasn't injected, there is no need to inject the corresponding 'page ready' event as the guest may get confused. E.g. Linux thinks that the corresponding 'page not present' event wasn't delivered *yet* and allocates a 'dummy entry' for it. This entry is never freed. Note, 'wakeup all' events have no corresponding 'page not present' event and always get injected. s390 seems to always be able to inject 'page not present', the change is effectively a nop. Suggested-by: Vivek Goyal Signed-off-by: Vitaly Kuznetsov Message-Id: <20200610175532.779793-2-vkuznets@redhat.com> Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=208081 Signed-off-by: Paolo Bonzini commit 7863e346e1089b40cac1c7d9098314c405e2e1e3 Author: Vitaly Kuznetsov Date: Wed Jun 10 19:55:31 2020 +0200 KVM: async_pf: Cleanup kvm_setup_async_pf() schedule_work() returns 'false' only when the work is already on the queue and this can't happen as kvm_setup_async_pf() always allocates a new one. Also, to avoid potential race, it makes sense to to schedule_work() at the very end after we've added it to the queue. While on it, do some minor cleanup. gfn_to_pfn_async() mentioned in a comment does not currently exist and, moreover, we can check kvm_is_error_hva() at the very beginning, before we try to allocate work so 'retry_sync' label can go away completely. Signed-off-by: Vitaly Kuznetsov Message-Id: <20200610175532.779793-1-vkuznets@redhat.com> Reviewed-by: Sean Christopherson Signed-off-by: Paolo Bonzini commit cd18eaeaffa6e5291cdbcd591334d577c4e897df Author: Colin Ian King Date: Wed Jun 10 00:31:21 2020 +0100 kvm: i8254: remove redundant assignment to pointer s The pointer s is being assigned a value that is never read, the assignment is redundant and can be removed. Addresses-Coverity: ("Unused value") Signed-off-by: Colin Ian King Message-Id: <20200609233121.1118683-1-colin.king@canonical.com> Fixes: 7837699fa6d7 ("KVM: In kernel PIT model") Signed-off-by: Paolo Bonzini commit 384dea1c9183880be183cfaae161d99aafd16df6 Author: Felipe Franciosi Date: Tue May 19 08:11:22 2020 +0000 KVM: x86: respect singlestep when emulating instruction When userspace configures KVM_GUESTDBG_SINGLESTEP, KVM will manage the presence of X86_EFLAGS_TF via kvm_set/get_rflags on vcpus. The actual rflag bit is therefore hidden from callers. That includes init_emulate_ctxt() which uses the value returned from kvm_get_flags() to set ctxt->tf. As a result, x86_emulate_instruction() will skip a single step, leaving singlestep_rip stale and not returning to userspace. This resolves the issue by observing the vcpu guest_debug configuration alongside ctxt->tf in x86_emulate_instruction(), performing the single step if set. Cc: stable@vger.kernel.org Signed-off-by: Felipe Franciosi Message-Id: <20200519081048.8204-1-felipe@nutanix.com> Signed-off-by: Paolo Bonzini commit 7e464770a434f7e29bad4b2da7894d32775d6d6f Author: Vitaly Kuznetsov Date: Wed Jun 10 15:58:47 2020 +0200 KVM: selftests: Don't probe KVM_CAP_HYPERV_ENLIGHTENED_VMCS when nested VMX is unsupported KVM_CAP_HYPERV_ENLIGHTENED_VMCS will be reported as supported even when nested VMX is not, fix evmcs_test/hyperv_cpuid tests to check for both. Signed-off-by: Vitaly Kuznetsov Message-Id: <20200610135847.754289-3-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini commit 41a23ab336fbf4d01036e1aa6369d7364aa29b4c Author: Vitaly Kuznetsov Date: Wed Jun 10 15:58:46 2020 +0200 KVM: selftests: do not substitute SVM/VMX check with KVM_CAP_NESTED_STATE check state_test/smm_test use KVM_CAP_NESTED_STATE check as an indicator for nested VMX/SVM presence and this is incorrect. Check for the required features dirrectly. Signed-off-by: Vitaly Kuznetsov Message-Id: <20200610135847.754289-2-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini commit 77f81f37fb1fdce76304cc7858e91b223bfcef72 Merge: 80fbd280beea 2ebac8bb3c2d Author: Paolo Bonzini Date: Tue Jun 9 06:08:48 2020 -0400 Merge branch 'kvm-basic-exit-reason' into HEAD Using a topic branch so that stable branches can simply cherry-pick the patch. Reviewed-by: Oliver Upton Signed-off-by: Paolo Bonzini commit f90e73ce803c5b0444e347e4f667369de2a4b427 Author: Mauro Carvalho Chehab Date: Fri May 29 08:15:52 2020 +0200 media: atomisp: get rid of system_types.h This is just a wrapper for system_local.h. Signed-off-by: Mauro Carvalho Chehab commit 85b606e02ad7b9c6a168b4a4a86177d384fc76e8 Author: Mauro Carvalho Chehab Date: Thu May 28 12:35:44 2020 +0200 media: atomisp: get rid of a bunch of other wrappers There are too many wrapper functions at atomisp_compat_css20.c. Get rid of another set of such wrappers. Signed-off-by: Mauro Carvalho Chehab commit d9ab83953fa700cc7be319cea1ec747601a124a1 Author: Mauro Carvalho Chehab Date: Thu May 28 12:11:57 2020 +0200 media: atomisp: don't cause a warn if probe failed When probe fails, it is possible that hmm_init() to not be called. On such case, hmm_cleanup() will cause a WARN_ON(). Avoid it by adding an explicit check at hmm_cleanup() to ensure that the hmm code was properly initialized. Signed-off-by: Mauro Carvalho Chehab commit a86b4936ba6827e7c1b658d522412e5a78c03242 Author: Mauro Carvalho Chehab Date: Fri May 29 08:42:56 2020 +0200 media: atomisp: get rid of an error abstraction layer There is an abstraction layer there meant to convert to the Linux standard error codes. As the driver now use such errors everywhere. we can get rid of this. Signed-off-by: Mauro Carvalho Chehab commit 41022d35ddf219361f33b59034cc67430a6a590f Author: Mauro Carvalho Chehab Date: Thu May 28 10:01:53 2020 +0200 media: atomisp: get rid of non-Linux error codes The atomisp driver has its own error codes under the ia_css_err.h file. On several places, those got already replaced by standard error codes, but there are still a lot more to be fixed. Let's get rid of all of those, mapping them into the already-existing set of Linux error codes. Signed-off-by: Mauro Carvalho Chehab commit abbd669dbfbb8c68936b575fe296af3a3184ed3d Author: Mauro Carvalho Chehab Date: Thu May 28 10:29:31 2020 +0200 media: atomisp: do another round of coding style cleanup Run checkpatch --fix-inline again, in order to get rid of some additional issues that got introduced (or that checkpatch can now detect). This should help preventing receiving random cleanups, while keeping the code on a better shape. Signed-off-by: Mauro Carvalho Chehab commit 1a16d54539785d48db4fa44c16738bfb1c624e6f Author: Mauro Carvalho Chehab Date: Thu May 28 09:31:23 2020 +0200 media: atomisp: remove some trivial wrappers from compat css20 There are tons of code inside atomisp_compat_css20.c, but several of them are just trivial wrappers to other functions. Getting rid of all of them will take some time, but let's start getting rid of some of the trivial ones. Signed-off-by: Mauro Carvalho Chehab commit cadcec76ef1f167c628dcc59d6dfca257a56640b Author: Mauro Carvalho Chehab Date: Thu May 28 09:17:28 2020 +0200 media: atomisp: avoid an extra memset() when alloc memory Use the variant which zeroes the memory when allocating, instead of having an explicit memset. Signed-off-by: Mauro Carvalho Chehab commit 6b673fdbd594b0b75eb3ddd9f79d05f860983092 Author: Nathan Chancellor Date: Wed May 27 09:11:50 2020 +0200 media: atomisp: Remove binary_supports_input_format Clang warns: drivers/staging/media/atomisp/pci/runtime/binary/src/binary.c:1707:64: warning: implicit conversion from enumeration type 'const enum ia_css_frame_format' to different enumeration type 'enum atomisp_input_format' [-Wenum-conversion] binary_supports_input_format(xcandidate, req_in_info->format)); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~^~~~~~ As it turns out, binary_supports_input_format only asserts that xcandidate is not NULL and just returns true so this call is never actually made. There are other functions that are called that assert info is not NULL so this function actually serves no purpose. Remove it. It can be brought back if needed later. Link: https://github.com/ClangBuiltLinux/linux/issues/1036 Signed-off-by: Nathan Chancellor Signed-off-by: Mauro Carvalho Chehab commit bacefb07661733b64cb92fa7037baa1bbbf901e3 Author: Nathan Chancellor Date: Wed May 27 09:11:49 2020 +0200 media: atomisp: Avoid overflow in compute_blending Clang warns: drivers/staging/media/atomisp/pci/isp/kernels/xnr/xnr_3.0/ia_css_xnr3.host.c:129:35: warning: implicit conversion from 'unsigned long' to 'int32_t' (aka 'int') changes value from 18446744073709543424 to -8192 [-Wconstant-conversion] return MAX(MIN(isp_strength, 0), -XNR_BLENDING_SCALE_FACTOR); ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~ XNR_BLENDING_SCALE_FACTOR is BIT(13), or 8192, which will easily fit into a signed 32-bit integer. However, it is an unsigned long, which means that negating it is the same as subtracting that value from ULONG_MAX + 1, which causes it to be larger than a signed 32-bit integer so it gets implicitly converted. We can avoid this by using the variable isp_scale, which holds the value of XNR_BLENDING_SCALE_FACTOR already, where the implicit conversion from unsigned long to s32 already happened. If that were to ever overflow, clang would warn: https://godbolt.org/z/EeSxLG Link: https://github.com/ClangBuiltLinux/linux/issues/1036 Signed-off-by: Nathan Chancellor Signed-off-by: Mauro Carvalho Chehab commit 541f681340c4248ce49f4dbaa64ce227914ad5e7 Author: Nathan Chancellor Date: Wed May 27 09:11:48 2020 +0200 media: atomisp: Remove unnecessary NULL check in atomisp_param Clang warns: drivers/staging/media/atomisp/pci/atomisp_cmd.c:4278:17: warning: address of 'config->info' will always evaluate to 'true' [-Wpointer-bool-conversion] if (!&config->info) { ~ ~~~~~~~~^~~~ config cannot be NULL because it comes from an ioctl, which ensures that the user is not giving us an invalid pointer through copy_from_user. If config is not NULL, info cannot be NULL. Remove this check. Link: https://github.com/ClangBuiltLinux/linux/issues/1036 Signed-off-by: Nathan Chancellor Signed-off-by: Mauro Carvalho Chehab commit a91727dfafe74b70f10e94b151aab837d375ce03 Author: Nathan Chancellor Date: Wed May 27 09:11:47 2020 +0200 media: atomisp: Remove unnecessary NULL checks in ia_css_pipe_load_extension Clang warns: ../drivers/staging/media/atomisp/pci/sh_css.c:8537:14: warning: address of 'pipe->output_stage' will always evaluate to 'true' [-Wpointer-bool-conversion] if (&pipe->output_stage) ~~ ~~~~~~^~~~~~~~~~~~ ../drivers/staging/media/atomisp/pci/sh_css.c:8545:14: warning: address of 'pipe->vf_stage' will always evaluate to 'true' [-Wpointer-bool-conversion] if (&pipe->vf_stage) ~~ ~~~~~~^~~~~~~~ output_stage and vf_stage are pointers in the middle of a struct, their addresses cannot be NULL if pipe is not NULL and pipe is already checked for NULL in this function. Simplify this if block. Link: https://github.com/ClangBuiltLinux/linux/issues/1036 Signed-off-by: Nathan Chancellor Signed-off-by: Mauro Carvalho Chehab commit 55fffcb927ba5ad6e0d6b348beefdea0478a6807 Author: Nathan Chancellor Date: Wed May 27 09:11:45 2020 +0200 media: atomisp: Remove second increment of count in atomisp_subdev_probe Clang warns: ../drivers/staging/media/atomisp/pci/atomisp_v4l2.c:1097:3: warning: variable 'count' is incremented both in the loop header and in the loop body [-Wfor-loop-analysis] count++; ^ This was probably unintentional, remove it. Link: https://github.com/ClangBuiltLinux/linux/issues/1036 Reported-by: kbuild test robot Signed-off-by: Nathan Chancellor Signed-off-by: Mauro Carvalho Chehab commit ebf89d12cae21dbefec6c8fe489ad98746087b93 Author: Nathan Chancellor Date: Wed May 27 09:11:44 2020 +0200 media: atomisp: Clean up if block in sh_css_sp_init_stage Clang warns: ../drivers/staging/media/atomisp/pci/sh_css_sp.c:1039:23: warning: address of 'binary->in_frame_info' will always evaluate to 'true' [-Wpointer-bool-conversion] } else if (&binary->in_frame_info) { ~~ ~~~~~~~~^~~~~~~~~~~~~ in_frame_info is not a pointer so if binary is not NULL, in_frame_info's address cannot be NULL. Change this to an else since it will always be evaluated as one. While we are here, clean up this if block. The contents of both if blocks are the same but a check against "stage == 0" is added when ISP2401 is defined. USE_INPUT_SYSTEM_VERSION_2401 is only defined when isp2401_system_global.h is included, which only happens when ISP2401. In other words, USE_INPUT_SYSTEM_VERSION_2401 always requires ISP2401 to be defined so the '#ifndef ISP2401' makes no sense. Remove that part of the block to simplify everything. Link: https://github.com/ClangBuiltLinux/linux/issues/1036 Reported-by: kbuild test robot Signed-off-by: Nathan Chancellor Signed-off-by: Mauro Carvalho Chehab commit bbed5b89e18148638cdd17fcc2d1d9a7368ddfe6 Author: Mauro Carvalho Chehab Date: Wed May 27 15:46:54 2020 +0200 media: atomisp: avoid OOPS due to non-existing ref_frames stage->args->delay_frames array could point to NULL frames. What's weird is that we didn't notice this behavior with the Intel Aero Yocto code. Handle it, while adding a notice at the code, as this could be due to some broken pipeline setup. Signed-off-by: Mauro Carvalho Chehab commit 9955d906f28098dfb7be9b5c75006c5f2b431772 Author: Mauro Carvalho Chehab Date: Wed May 27 14:23:31 2020 +0200 media: atomisp: remove kvmalloc/kvcalloc abstractions The sh_css layer adds an abstraction for kvmalloc/kvcalloc. Get rid of them. Most of the work here was done by this small coccinelle script: @@ expression size; @@ - sh_css_malloc(size) + kvmalloc(size, GFP_KERNEL) @@ expression n; expression size; @@ - sh_css_calloc(n, size) + kvcalloc(n, size, GFP_KERNEL) Signed-off-by: Mauro Carvalho Chehab commit 591e6a0aad547b37123274a290ab6e172bc8be9d Author: Mauro Carvalho Chehab Date: Wed May 27 14:21:26 2020 +0200 media: atomisp: add more comments about frame allocation The frame allocation logic happens differently for userptr or normal mmap. On a quick look, this sounded to be unbalanced, but the logic should actually work for both cases. Add an extra comment to reflect it. Signed-off-by: Mauro Carvalho Chehab commit 27b778c5ef59d03d0dbce2bb26730df10e8abce7 Author: Mauro Carvalho Chehab Date: Wed May 27 14:19:27 2020 +0200 media: atomisp: add debug functions for received events For debugging purposes, it helps to know what event was actually received. Signed-off-by: Mauro Carvalho Chehab commit d61ba1a2e295e9f17ab07b27a64430a0bca26bf2 Author: Mauro Carvalho Chehab Date: Wed May 27 14:18:00 2020 +0200 media: atomisp: improve warning for IRQ enable function If something gets wrong when enabling or disabling an IRQ, we should know better about what happened. Signed-off-by: Mauro Carvalho Chehab commit 03884c93560c48c2739caa9b104b0cb4d3ea8c91 Author: Mauro Carvalho Chehab Date: Tue May 26 14:35:16 2020 +0200 media: atomisp: add debug for hmm alloc The hmm code is still complex and has bugs. Add a debug print when memory gets allocated, in order to help identifying what's happening out there. Signed-off-by: Mauro Carvalho Chehab commit 14a638ab96c518f93386eae1ac460e459e775ea2 Author: Mauro Carvalho Chehab Date: Tue May 26 12:07:26 2020 +0200 media: atomisp: use pin_user_pages() for memory allocation Instead of using a hacked version of an old copy of get_user_pages(), use pin_user_pages(). Signed-off-by: Mauro Carvalho Chehab commit 19ae08554fe873136ac3f1c0d66aa0f5ac9f69dc Author: Mauro Carvalho Chehab Date: Tue May 26 13:05:21 2020 +0200 media: atomisp: fix driver caps This device driver is not MC-centric. So, remove the wrong caps from it. Signed-off-by: Mauro Carvalho Chehab commit 9ac8e4b90b09a33038e4a051313fc2547feedb80 Author: Mauro Carvalho Chehab Date: Tue May 26 10:45:00 2020 +0200 media: atomisp: use Yocto Aero default hmm pool sizes Yocto Aero driver has a different default for hmm pools. Use the definitions there. Signed-off-by: Mauro Carvalho Chehab commit e19718f6dea0d8123d7fefc8449b519bb05dff47 Author: Mauro Carvalho Chehab Date: Tue May 26 10:11:14 2020 +0200 media: atomisp: add debug message to help debugging hmm code The hmm code is partially based on a fork from 3.10 code, and has bugs. Add debug there to help tracking what happens there. Signed-off-by: Mauro Carvalho Chehab commit 576680cd014b5c6fd6d50abd8a43af83b016088f Author: Mauro Carvalho Chehab Date: Tue May 26 09:45:16 2020 +0200 media: atomisp: hmm_bo: untag user pointers The kernel ABI was extended to allow pass tagged user pointers. Untag the pointers in this function. Fixes: d93445225cd3 ("uaccess: add noop untagged_addr definition") Signed-off-by: Mauro Carvalho Chehab commit 08fef4fa947ba75cbf59d67c6be75223c6471a88 Author: Mauro Carvalho Chehab Date: Tue May 26 08:40:16 2020 +0200 media: atomisp: get rid of memory_access.c Now that we have everything in place, we can get rid of the memory_access abstraction layer. Now, everything related to heterogeneous memory management (hmm) is under hmm.c & related pools. Signed-off-by: Mauro Carvalho Chehab commit 100e89894b3b5dbec3a2b69224ef891eb83c822c Author: Mauro Carvalho Chehab Date: Tue May 26 08:13:27 2020 +0200 media: atomisp: change the type returned by mmgr alloc The mmgr alloc code returns a different type than hmm, due to some abstraction layer. Change the driver to use just one type to represent the hmm memory. Signed-off-by: Mauro Carvalho Chehab commit dc50fa18af5150f488b620aa4f91a11f3704e119 Author: Mauro Carvalho Chehab Date: Tue May 26 08:10:18 2020 +0200 media: atomisp: get rid of unused memory_realloc code The code for it is commented out, probably because it is broken or uneeded for the driver to work. So, let's get rid of it. Signed-off-by: Mauro Carvalho Chehab commit 5472b4db3f093274035c2e8a05c8d5a410224d6a Author: Mauro Carvalho Chehab Date: Tue May 26 08:02:00 2020 +0200 media: atomisp: get rid of mmgr_load and mmgr_store Those functions are just wrappers for hmm_load/hmm_store. Signed-off-by: Mauro Carvalho Chehab commit b92d99aec5d6221e386160801c99bafc291e6515 Author: Mauro Carvalho Chehab Date: Mon May 25 12:46:23 2020 +0200 media: atomisp: go one step further to drop ia_css_memory_access.c Move the attrs handling into hmm, simplifying even further what the ia_css_memory_access.c file does. Yet, the returned type for ia_css_memory_access.c is an integer, instead of a pointer. Signed-off-by: Mauro Carvalho Chehab commit 86df6ff2422ae9897c89f1aaf61e00c021239dfe Author: Mauro Carvalho Chehab Date: Mon May 25 11:33:24 2020 +0200 media: atomisp: reduce abstraction at ia_css_memory_access Yet another memory abstraction layer. Getting rid of this may be a little trickier, but let's reduce it to a minimal. Signed-off-by: Mauro Carvalho Chehab commit 4fba2916f6a585a4b46cd3216a08c2cd55625e52 Author: Mauro Carvalho Chehab Date: Mon May 25 10:53:20 2020 +0200 media: atomisp: get rid of the hrt/hive_isp_css_mm_hrt abstraction layer Simplify the code by removing this extra memory management abstraction layer. Signed-off-by: Mauro Carvalho Chehab commit 2323994338e7d5d68cc6826f2a887b0d87e5e2df Author: Mauro Carvalho Chehab Date: Mon May 25 10:11:49 2020 +0200 media: atomisp: simplify hive_isp_css_mm_hrt wrapper The code there is a wrapper for hmm/ wrapper. Simplify it, and get rid of ION-specific code. Signed-off-by: Mauro Carvalho Chehab commit 02ab76491bdcfe6f82745ea84d11e58c13827eb7 Author: Colin Ian King Date: Thu May 21 21:44:32 2020 +0200 media: atomisp: fix a handful of spelling mistakes There are several spelling mistakes in various messages and literal strings. Fix these. Signed-off-by: Colin Ian King Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit d573933c80bd0fe32beb4fba93b965b1fe82411a Author: Mauro Carvalho Chehab Date: Sun May 24 09:11:07 2020 +0200 media: atomisp: fix size of delay_frames array Right now, the variables that define the max number of delay frames is defined as: #define VIDEO_FRAME_DELAY 2 #define MAX_NUM_VIDEO_DELAY_FRAMES (VIDEO_FRAME_DELAY + 1) #define NUM_PREVIEW_DVS_FRAMES (2) #define MAX_NUM_DELAY_FRAMES MAX(MAX_NUM_VIDEO_DELAY_FRAMES, NUM_PREVIEW_DVS_FRAMES) In other words, we have: MAX_NUM_VIDEO_DELAY_FRAMES = 3 MAX_NUM_DELAY_FRAMES = 2 The MAX_NUM_DELAY_FRAMES macro is used only only when allocating memory. On all other parts, including looping over such array, MAX_NUM_VIDEO_DELAY_FRAMES is used instead, like: void sh_css_binary_args_reset(struct sh_css_binary_args *args) { unsigned int i; ... for (i = 0; i < MAX_NUM_VIDEO_DELAY_FRAMES; i++) args->delay_frames[i] = NULL; Which will cause buffer overflows, with may override the next array (tnr_frames[]). In practice, this may not be causing real issues, as the code checks for num_delay_frames on some parts (but not everywhere). So, get rid of the smallest value. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit f611797795f2d19e565f38c20516427596a0f27f Author: Mauro Carvalho Chehab Date: Sun May 24 08:56:58 2020 +0200 media: atomisp: drop a cast for a const argument Some arguments for tnf and ref settings are meant to be const, but they're defined without such annotation. Due to that, there's an ugly cast at sh_css_sp.c. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit c01d5546773e3a1587c86cb1fdd6a7b114874e9b Author: Mauro Carvalho Chehab Date: Thu May 21 12:07:53 2020 +0200 media: atomisp: partially get rid of one abstraction layer The very same macros are defined as CSS_foo and IA_CSS_foo. Remove this abstraction, as it just make things confusing, for no good reason. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit bdfdd9e7df0afb28f741ff2e3231aa14732d8594 Author: Mauro Carvalho Chehab Date: Sat May 23 16:59:14 2020 +0200 media: atomisp: make it use dbg_level to control debug level This driver has 3 different types of debug messages: - dev_dbg() - dbg_level - ia_css_debug_trace_level Which is crazy. Ideally, it shold just use dev_dbg() everywhere, but for now let's unify the last two machanisms. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 6b3a422b7364334543944edef73b2e6e28a77795 Author: Mauro Carvalho Chehab Date: Sat May 23 16:44:42 2020 +0200 media: atomisp: get rid of some old broken debug code It sounds that someone once changed the debug level at compile time for some testing, but forgot to remove the legacy code after finishing debuging it. Get rid of the dead code. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 2a693c3e186c6651ce8980c777a5ba87179c93a7 Author: Mauro Carvalho Chehab Date: Fri May 22 14:01:00 2020 +0200 media: atomisp: update TODO list Let's reflect the current status at the TODO list, as other developers can help addressing issues over there. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 9c30f50d14c8779465bc8eb5e2b68fd840ca77f4 Author: Mauro Carvalho Chehab Date: Thu May 21 10:04:49 2020 +0200 media: atomisp: don't flood dmesg with -EAGAIN return codes Using DQBUF on non-blocking mode will return -EAGAIN if nothing arrives. Printing it has no value, even for debug purposes. So, only display real return codes. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 171b7bd66ab85437d377878650d2e4bcef2fee68 Author: Mauro Carvalho Chehab Date: Thu May 21 00:10:04 2020 +0200 media: atomisp: improve debug messages for set format There are several error conditions that don't print anything, making harder to identify bugs at the code there. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 370f6e5aaa22969db3e96a43e2e718b978a1b5c9 Author: Mauro Carvalho Chehab Date: Thu May 21 09:43:01 2020 +0200 media: atomisp: avoid a copy of v4l2_mbus_framefmt at stack There's no reason to copy isp_sink_fmt, as the driver uses it for read-only purposes. Linux stack is a precious resource. Let's avoid wasting it. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit aaebb6547610e7c739507e389296eb36aacc7908 Author: Mauro Carvalho Chehab Date: Thu May 21 09:05:11 2020 +0200 media: atomisp: reduce debug printk rate when IRQs are received Currently, when an EOF IRQ is received, it generates two messages: [ 59.191893] atomisp-isp2 0000:00:03.0: irq:0x200000 [ 59.191913] atomisp-isp2 0000:00:03.0: atomisp_isr EOF exp_id 142, asd 0 Flooding the dmesg with lots of messages per second. The same pattern happens for all other IRQs. Change the logic for printing just one message per IRQ and rate-limit those, as, for debugging purposes, it is usually interesting to know that IRQs are being received, but not displaying every single one. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 8ef6b8a67b015b4abe74d0488569a47e1f729a9b Author: Mauro Carvalho Chehab Date: Wed May 20 23:04:09 2020 +0200 media: atomisp: get rid of hmm_vm.c This is not used anywhere. So, let's trash it. Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab commit 7b53e162f25835f9afb7f0025337319fe5c0dfc1 Author: Mauro Carvalho Chehab Date: Wed May 20 07:28:50 2020 +0200 media: atomisp: fix pipeline initialization code The code under load_primary_binaries() is complex and were hard to understand, because it used to have lots of ifdefs and broken identation. The patch which cleaned it and removed the version-specific ifdefs added a regression. Solve it. Fixes: 3c0538fbad9f ("media: atomisp: get rid of most checks for ISP2401 version") Signed-off-by: Mauro Carvalho Chehab commit 65a6543da386838f935d2f03f452c5c0acff2a68 Author: Xiaoguang Wang Date: Thu Jun 11 23:39:36 2020 +0800 io_uring: fix io_kiocb.flags modification race in IOPOLL mode While testing io_uring in arm, we found sometimes io_sq_thread() keeps polling io requests even though there are not inflight io requests in block layer. After some investigations, found a possible race about io_kiocb.flags, see below race codes: 1) in the end of io_write() or io_read() req->flags &= ~REQ_F_NEED_CLEANUP; kfree(iovec); return ret; 2) in io_complete_rw_iopoll() if (res != -EAGAIN) req->flags |= REQ_F_IOPOLL_COMPLETED; In IOPOLL mode, io requests still maybe completed by interrupt, then above codes are not safe, concurrent modifications to req->flags, which is not protected by lock or is not atomic modifications. I also had disassemble io_complete_rw_iopoll() in arm: req->flags |= REQ_F_IOPOLL_COMPLETED; 0xffff000008387b18 <+76>: ldr w0, [x19,#104] 0xffff000008387b1c <+80>: orr w0, w0, #0x1000 0xffff000008387b20 <+84>: str w0, [x19,#104] Seems that the "req->flags |= REQ_F_IOPOLL_COMPLETED;" is load and modification, two instructions, which obviously is not atomic. To fix this issue, add a new iopoll_completed in io_kiocb to indicate whether io request is completed. Signed-off-by: Xiaoguang Wang Signed-off-by: Jens Axboe commit 2ebac8bb3c2d35f5135466490fc8eeaf3f3e2d37 Author: Sean Christopherson Date: Thu Feb 27 09:44:30 2020 -0800 KVM: nVMX: Consult only the "basic" exit reason when routing nested exit Consult only the basic exit reason, i.e. bits 15:0 of vmcs.EXIT_REASON, when determining whether a nested VM-Exit should be reflected into L1 or handled by KVM in L0. For better or worse, the switch statement in nested_vmx_exit_reflected() currently defaults to "true", i.e. reflects any nested VM-Exit without dedicated logic. Because the case statements only contain the basic exit reason, any VM-Exit with modifier bits set will be reflected to L1, even if KVM intended to handle it in L0. Practically speaking, this only affects EXIT_REASON_MCE_DURING_VMENTRY, i.e. a #MC that occurs on nested VM-Enter would be incorrectly routed to L1, as "failed VM-Entry" is the only modifier that KVM can currently encounter. The SMM modifiers will never be generated as KVM doesn't support/employ a SMI Transfer Monitor. Ditto for "exit from enclave", as KVM doesn't yet support virtualizing SGX, i.e. it's impossible to enter an enclave in a KVM guest (L1 or L2). Fixes: 644d711aa0e1 ("KVM: nVMX: Deciding if L0 or L1 should handle an L2 exit") Cc: Jim Mattson Cc: Xiaoyao Li Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Message-Id: <20200227174430.26371-1-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit 03fe7aaf0c3d40ef7feff2bdc7180c146989586a Author: Krzysztof Kozlowski Date: Wed Jun 10 17:41:57 2020 +0200 spi: spi-fsl-dspi: Free DMA memory with matching function Driver allocates DMA memory with dma_alloc_coherent() but frees it with dma_unmap_single(). This causes DMA warning during system shutdown (with DMA debugging) on Toradex Colibri VF50 module: WARNING: CPU: 0 PID: 1 at ../kernel/dma/debug.c:1036 check_unmap+0x3fc/0xb04 DMA-API: fsl-edma 40098000.dma-controller: device driver frees DMA memory with wrong function [device address=0x0000000087040000] [size=8 bytes] [mapped as coherent] [unmapped as single] Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree) (unwind_backtrace) from [<8010bb34>] (show_stack+0x10/0x14) (show_stack) from [<8011ced8>] (__warn+0xf0/0x108) (__warn) from [<8011cf64>] (warn_slowpath_fmt+0x74/0xb8) (warn_slowpath_fmt) from [<8017d170>] (check_unmap+0x3fc/0xb04) (check_unmap) from [<8017d900>] (debug_dma_unmap_page+0x88/0x90) (debug_dma_unmap_page) from [<80601d68>] (dspi_release_dma+0x88/0x110) (dspi_release_dma) from [<80601e4c>] (dspi_shutdown+0x5c/0x80) (dspi_shutdown) from [<805845f8>] (device_shutdown+0x17c/0x220) (device_shutdown) from [<80143ef8>] (kernel_restart+0xc/0x50) (kernel_restart) from [<801441cc>] (__do_sys_reboot+0x18c/0x210) (__do_sys_reboot) from [<80100060>] (ret_fast_syscall+0x0/0x28) DMA-API: Mapped at: dma_alloc_attrs+0xa4/0x130 dspi_probe+0x568/0x7b4 platform_drv_probe+0x6c/0xa4 really_probe+0x208/0x348 driver_probe_device+0x5c/0xb4 Fixes: 90ba37033cb9 ("spi: spi-fsl-dspi: Add DMA support for Vybrid") Signed-off-by: Krzysztof Kozlowski Acked-by: Vladimir Oltean Cc: Link: https://lore.kernel.org/r/1591803717-11218-1-git-send-email-krzk@kernel.org Signed-off-by: Mark Brown commit 7bb64402a092136fb2fda995b0e0304b43c163c5 Author: Qing Zhang Date: Thu Jun 11 20:56:52 2020 +0800 spi: tools: Add macro definitions to fix build errors Add SPI_TX_OCTAL and SPI_RX_OCTAL to fix the following build errors: CC spidev_test.o spidev_test.c: In function ‘transfer’: spidev_test.c:131:13: error: ‘SPI_TX_OCTAL’ undeclared (first use in this function) if (mode & SPI_TX_OCTAL) ^ spidev_test.c:131:13: note: each undeclared identifier is reported only once for each function it appears in spidev_test.c:137:13: error: ‘SPI_RX_OCTAL’ undeclared (first use in this function) if (mode & SPI_RX_OCTAL) ^ spidev_test.c: In function ‘parse_opts’: spidev_test.c:290:12: error: ‘SPI_TX_OCTAL’ undeclared (first use in this function) mode |= SPI_TX_OCTAL; ^ spidev_test.c:308:12: error: ‘SPI_RX_OCTAL’ undeclared (first use in this function) mode |= SPI_RX_OCTAL; ^ LD spidev_test-in.o ld: cannot find spidev_test.o: No such file or directory Additionally, maybe SPI_CS_WORD and SPI_3WIRE_HIZ will be used in the future, so add them too. Fixes: 896fa735084e ("spi: spidev_test: Add support for Octal mode data transfers") Signed-off-by: Qing Zhang Reviewed-by: Geert Uytterhoeven Link: https://lore.kernel.org/r/1591880212-13479-2-git-send-email-zhangqing@loongson.cn Signed-off-by: Mark Brown commit bd2077915bfebf6965480753f9dd6a8319d06d14 Author: Qing Zhang Date: Thu Jun 11 20:56:51 2020 +0800 spi: tools: Make default_tx/rx and input_tx static Fix the following sparse warning: ./spidev_test.c:50:9: warning: symbol 'default_tx' was not declared. Should it be static? ./spidev_test.c:59:9: warning: symbol 'default_rx' was not declared. Should it be static? ./spidev_test.c:60:6: warning: symbol 'input_tx' was not declared. Should it be static? Signed-off-by: Qing Zhang Link: https://lore.kernel.org/r/1591880212-13479-1-git-send-email-zhangqing@loongson.cn Signed-off-by: Mark Brown commit 9a6a5738abf82d6f467a31f1f6779e495462f7af Author: Colin Ian King Date: Thu Jun 11 15:35:27 2020 +0100 umem: remove redundant initialization of variable ret The variable ret is being initialized with a value that is never read and it is being updated later with a new value. The initialization is redundant and can be removed. Signed-off-by: Colin Ian King Addresses-Coverity: ("Unused value") Signed-off-by: Jens Axboe commit 8d20319e29796c86dd4be26024219c52748fb6bd Author: Colin Ian King Date: Thu Jun 11 15:30:14 2020 +0100 pktcdvd: remove redundant initialization of variable ret The variable ret is being initialized with a value that is never read and it is being updated later with a new value. The initialization is redundant and can be removed. Signed-off-by: Colin Ian King Addresses-Coverity: ("Unused value") Signed-off-by: Jens Axboe commit 819f7b88b48fd2bce932cfe3a38bf8fcefbcabe7 Author: Chaitanya Kulkarni Date: Tue Jun 9 16:55:14 2020 -0700 nvmet: fail outstanding host posted AEN req In function nvmet_async_event_process() we only process AENs iff there is an open slot on the ctrl->async_event_cmds[] && aen event list posted by the target is not empty. This keeps host posted AEN outstanding if target generated AEN list is empty. We do cleanup the target generated entries from the aen list in nvmet_ctrl_free()-> nvmet_async_events_free() but we don't process AEN posted by the host. This leads to following problem :- When processing admin sq at the time of nvmet_sq_destroy() holds an extra percpu reference(atomic value = 1), so in the following code path after switching to atomic rcu, release function (nvmet_sq_free()) is not getting called which blocks the sq->free_done in nvmet_sq_destroy() :- nvmet_sq_destroy() percpu_ref_kill_and_confirm() - __percpu_ref_switch_mode() -- __percpu_ref_switch_to_atomic() --- call_rcu() -> percpu_ref_switch_to_atomic_rcu() ---- /* calls switch callback */ - percpu_ref_put() -- percpu_ref_put_many(ref, 1) --- else if (unlikely(atomic_long_sub_and_test(nr, &ref->count))) ---- ref->release(ref); <---- Not called. This results in indefinite hang:- void nvmet_sq_destroy(struct nvmet_sq *sq) ... if (ctrl && ctrl->sqs && ctrl->sqs[0] == sq) { nvmet_async_events_process(ctrl, status); percpu_ref_put(&sq->ref); } percpu_ref_kill_and_confirm(&sq->ref, nvmet_confirm_sq); wait_for_completion(&sq->confirm_done); wait_for_completion(&sq->free_done); <-- Hang here Which breaks the further disconnect sequence. This problem seems to be introduced after commit 64f5e9cdd711b ("nvmet: fix memory leak when removing namespaces and controllers concurrently"). This patch processes ctrl->async_event_cmds[] in the admin sq destroy() context irrespetive of aen_list. Also we get rid of the controller's aen_list processing in the nvmet_sq_destroy() context and just ignore ctrl->aen_list. This results in nvmet_async_events_process() being called from workqueue context so we adjust the code accordingly. Fixes: 64f5e9cdd711 ("nvmet: fix memory leak when removing namespaces and controllers concurrently ") Signed-off-by: Chaitanya Kulkarni Reviewed-by: Sagi Grimberg Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe commit b97120b15ebd3de51325084136d3b9c3cce656d6 Author: Christoph Hellwig Date: Wed Jun 3 08:24:17 2020 +0200 nvme-pci: use simple suspend when a HMB is enabled While the NVMe specification allows the device to access the host memory buffer in host DRAM from all power states, hosts will fail access to DRAM during S3 and similar power states. Fixes: d916b1be94b6 ("nvme-pci: use host managed power state for suspend") Signed-off-by: Christoph Hellwig Reviewed-by: Keith Busch Reviewed-by: Sagi Grimberg Signed-off-by: Jens Axboe commit c9c12e51b82b2bd0c59ac4e27ee5427f382a503f Author: Daniel Wagner Date: Fri May 29 13:37:40 2020 +0200 nvme-fc: don't call nvme_cleanup_cmd() for AENs Asynchronous event notifications do not have an associated request. When fcp_io() fails we unconditionally call nvme_cleanup_cmd() which leads to a crash. Fixes: 16686f3a6c3c ("nvme: move common call to nvme_cleanup_cmd to core layer") Signed-off-by: Daniel Wagner Reviewed-by: Himanshu Madhani Reviewed-by: Hannes Reinecke Reviewed-by: James Smart Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe commit a40aae6bbf8dea09fbe6353a5635f4027c43c796 Author: Max Gurtovoy Date: Mon Jun 1 20:05:20 2020 +0300 nvmet-tcp: constify nvmet_tcp_ops nvmet_tcp_ops is never modified and can be made const to allow the compiler to put it in read-only memory, as done in other transports. Before: text data bss dec hex filename 16164 160 12 16336 3fd0 drivers/nvme/target/tcp.o After: text data bss dec hex filename 16277 64 12 16353 3fe1 drivers/nvme/target/tcp.o Signed-off-by: Max Gurtovoy Reviewed-by: Himanshu Madhani Reviewed-by: Israel Rukshin Acked-by: Sagi Grimberg Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe commit 6acbd9619b153f2881c91e84cd36a9a2ce124565 Author: Rikard Falkeborn Date: Fri May 29 00:25:07 2020 +0200 nvme-tcp: constify nvme_tcp_mq_ops and nvme_tcp_admin_mq_ops nvme_tcp_mq_ops and nvme_tcp_admin_mq_ops are never modified and can be made const to allow the compiler to put them in read-only memory. Before: text data bss dec hex filename 53102 6885 576 60563 ec93 drivers/nvme/host/tcp.o After: text data bss dec hex filename 53422 6565 576 60563 ec93 drivers/nvme/host/tcp.o Signed-off-by: Rikard Falkeborn Acked-by: Sagi Grimberg Reviewed-by: Max Gurtovoy Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe commit 108a58585b196e31822c597891f2c83cea7aeb4a Author: Niklas Cassel Date: Sun Jun 7 13:45:20 2020 +0200 nvme: do not call del_gendisk() on a disk that was never added device_add_disk() is negated by del_gendisk(). alloc_disk_node() is negated by put_disk(). In nvme_alloc_ns(), device_add_disk() is one of the last things being called in the success case, and only void functions are being called after this. Therefore this call should not be negated in the error path. The superfluous call to del_gendisk() leads to the following prints: [ 7.839975] kobject: '(null)' (000000001ff73734): is not initialized, yet kobject_put() is being called. [ 7.840865] WARNING: CPU: 2 PID: 361 at lib/kobject.c:736 kobject_put+0x70/0x120 Fixes: 33cfdc2aa696 ("nvme: enforce extended LBA format for fabrics metadata") Signed-off-by: Niklas Cassel Reviewed-by: Sagi Grimberg Reviewed-by: Max Gurtovoy Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe commit 811985365378df01386c3cfb7ff716e74ca376d5 Author: Ritesh Harjani Date: Tue Jun 9 16:23:10 2020 +0530 ext4: mballoc: Use this_cpu_read instead of this_cpu_ptr Simplify reading a seq variable by directly using this_cpu_read API instead of doing this_cpu_ptr and then dereferencing it. This also avoid the below kernel BUG: which happens when CONFIG_DEBUG_PREEMPT is enabled BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6927 caller is ext4_mb_new_blocks+0xa4d/0x3b70 fs/ext4/mballoc.c:4711 CPU: 1 PID: 6927 Comm: syz-fuzzer Not tainted 5.7.0-next-20200602-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18f/0x20d lib/dump_stack.c:118 check_preemption_disabled+0x20d/0x220 lib/smp_processor_id.c:48 ext4_mb_new_blocks+0xa4d/0x3b70 fs/ext4/mballoc.c:4711 ext4_ext_map_blocks+0x201b/0x33e0 fs/ext4/extents.c:4244 ext4_map_blocks+0x4cb/0x1640 fs/ext4/inode.c:626 ext4_getblk+0xad/0x520 fs/ext4/inode.c:833 ext4_bread+0x7c/0x380 fs/ext4/inode.c:883 ext4_append+0x153/0x360 fs/ext4/namei.c:67 ext4_init_new_dir fs/ext4/namei.c:2757 [inline] ext4_mkdir+0x5e0/0xdf0 fs/ext4/namei.c:2802 vfs_mkdir+0x419/0x690 fs/namei.c:3632 do_mkdirat+0x21e/0x280 fs/namei.c:3655 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 42f56b7a4a7d ("ext4: mballoc: introduce pcpu seqcnt for freeing PA to improve ENOSPC handling") Suggested-by: Borislav Petkov Tested-by: Marek Szyprowski Signed-off-by: Ritesh Harjani Reviewed-by: Christoph Hellwig Reported-by: syzbot+82f324bb69744c5f6969@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/534f275016296996f54ecf65168bb3392b6f653d.1591699601.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 2ce3ee931a097e9720310db3f09c01c825a4580c Author: Eric Biggers Date: Mon Jun 1 13:05:43 2020 -0700 ext4: avoid utf8_strncasecmp() with unstable name If the dentry name passed to ->d_compare() fits in dentry::d_iname, then it may be concurrently modified by a rename. This can cause undefined behavior (possibly out-of-bounds memory accesses or crashes) in utf8_strncasecmp(), since fs/unicode/ isn't written to handle strings that may be concurrently modified. Fix this by first copying the filename to a stack buffer if needed. This way we get a stable snapshot of the filename. Fixes: b886ee3e778e ("ext4: Support case-insensitive file name lookups") Cc: # v5.2+ Cc: Al Viro Cc: Daniel Rosenberg Cc: Gabriel Krisman Bertazi Signed-off-by: Eric Biggers Reviewed-by: Andreas Dilger Link: https://lore.kernel.org/r/20200601200543.59417-1-ebiggers@kernel.org Signed-off-by: Theodore Ts'o commit 5adaccac46ea79008d7b75f47913f1a00f91d0ce Author: yangerkun Date: Mon Jun 1 15:34:04 2020 +0800 ext4: stop overwrite the errcode in ext4_setup_super Now the errcode from ext4_commit_super will overwrite EROFS exists in ext4_setup_super. Actually, no need to call ext4_commit_super since we will return EROFS. Fix it by goto done directly. Fixes: c89128a00838 ("ext4: handle errors on ext4_commit_super") Signed-off-by: yangerkun Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20200601073404.3712492-1-yangerkun@huawei.com Signed-off-by: Theodore Ts'o commit 6476b60f32866be49d05e2e0163f337374c55b06 Author: Srinivas Kandagatla Date: Thu Jun 11 13:41:53 2020 +0100 ASoC: q6asm: handle EOS correctly Successful send of EOS command does not indicate that EOS is actually finished, correct event to wait EOS is finished is EOS_RENDERED event. EOS_RENDERED means that the DSP has finished processing all the buffers for that particular session and stream. This patch fixes EOS handling! Fixes: 68fd8480bb7b ("ASoC: qdsp6: q6asm: Add support to audio stream apis") Signed-off-by: Srinivas Kandagatla Link: https://lore.kernel.org/r/20200611124159.20742-3-srinivas.kandagatla@linaro.org Signed-off-by: Mark Brown commit cfb3c85a600c6aa25a2581b3c1c4db3460f14e46 Author: Jeffle Xu Date: Fri May 22 12:18:44 2020 +0800 ext4: fix partial cluster initialization when splitting extent Fix the bug when calculating the physical block number of the first block in the split extent. This bug will cause xfstests shared/298 failure on ext4 with bigalloc enabled occasionally. Ext4 error messages indicate that previously freed blocks are being freed again, and the following fsck will fail due to the inconsistency of block bitmap and bg descriptor. The following is an example case: 1. First, Initialize a ext4 filesystem with cluster size '16K', block size '4K', in which case, one cluster contains four blocks. 2. Create one file (e.g., xxx.img) on this ext4 filesystem. Now the extent tree of this file is like: ... 36864:[0]4:220160 36868:[0]14332:145408 51200:[0]2:231424 ... 3. Then execute PUNCH_HOLE fallocate on this file. The hole range is like: .. ext4_ext_remove_space: dev 254,16 ino 12 since 49506 end 49506 depth 1 ext4_ext_remove_space: dev 254,16 ino 12 since 49544 end 49546 depth 1 ext4_ext_remove_space: dev 254,16 ino 12 since 49605 end 49607 depth 1 ... 4. Then the extent tree of this file after punching is like ... 49507:[0]37:158047 49547:[0]58:158087 ... 5. Detailed procedure of punching hole [49544, 49546] 5.1. The block address space: ``` lblk ~49505 49506 49507~49543 49544~49546 49547~ ---------+------+-------------+----------------+-------- extent | hole | extent | hole | extent ---------+------+-------------+----------------+-------- pblk ~158045 158046 158047~158083 158084~158086 158087~ ``` 5.2. The detailed layout of cluster 39521: ``` cluster 39521 <-------------------------------> hole extent <----------------------><-------- lblk 49544 49545 49546 49547 +-------+-------+-------+-------+ | | | | | +-------+-------+-------+-------+ pblk 158084 1580845 158086 158087 ``` 5.3. The ftrace output when punching hole [49544, 49546]: - ext4_ext_remove_space (start 49544, end 49546) - ext4_ext_rm_leaf (start 49544, end 49546, last_extent [49507(158047), 40], partial [pclu 39522 lblk 0 state 2]) - ext4_remove_blocks (extent [49507(158047), 40], from 49544 to 49546, partial [pclu 39522 lblk 0 state 2] - ext4_free_blocks: (block 158084 count 4) - ext4_mballoc_free (extent 1/6753/1) 5.4. Ext4 error message in dmesg: EXT4-fs error (device vdb): mb_free_blocks:1457: group 1, block 158084:freeing already freed block (bit 6753); block bitmap corrupt. EXT4-fs error (device vdb): ext4_mb_generate_buddy:747: group 1, block bitmap and bg descriptor inconsistent: 19550 vs 19551 free clusters In this case, the whole cluster 39521 is freed mistakenly when freeing pblock 158084~158086 (i.e., the first three blocks of this cluster), although pblock 158087 (the last remaining block of this cluster) has not been freed yet. The root cause of this isuue is that, the pclu of the partial cluster is calculated mistakenly in ext4_ext_remove_space(). The correct partial_cluster.pclu (i.e., the cluster number of the first block in the next extent, that is, lblock 49597 (pblock 158086)) should be 39521 rather than 39522. Fixes: f4226d9ea400 ("ext4: fix partial cluster initialization") Signed-off-by: Jeffle Xu Reviewed-by: Eric Whitney Cc: stable@kernel.org # v3.19+ Link: https://lore.kernel.org/r/1590121124-37096-1-git-send-email-jefflexu@linux.alibaba.com Signed-off-by: Theodore Ts'o commit 829b37b8cddb1db75c1b7905505b90e593b15db1 Author: Theodore Ts'o Date: Wed Jun 10 11:16:37 2020 -0400 ext4: avoid race conditions when remounting with options that change dax Trying to change dax mount options when remounting could allow mount options to be enabled for a small amount of time, and then the mount option change would be reverted. In the case of "mount -o remount,dax", this can cause a race where files would temporarily treated as DAX --- and then not. Cc: stable@kernel.org Reported-by: syzbot+bca9799bf129256190da@syzkaller.appspotmail.com Signed-off-by: Theodore Ts'o commit 68cd44920d2ccf32dea1502e71dc0175c9663af1 Merge: 6b8ed62008a4 15ee65676f1e Author: Theodore Ts'o Date: Thu Jun 11 10:51:44 2020 -0400 Enable ext4 support for per-file/directory dax operations This adds the same per-file/per-directory DAX support for ext4 as was done for xfs, now that we finally have consensus over what the interface should be. commit 4008b29eb47433c15ed3f242ee0132ba27dbdb67 Author: Steve Lee Date: Thu Jun 11 18:48:00 2020 +0900 ASoC: max98390: Update regmap readable reg and volatile Update max98390_readable_register and max98390_volatile_reg Signed-off-by: Steve Lee Link: https://lore.kernel.org/r/20200611094800.18422-1-steves.lee@maximintegrated.com Signed-off-by: Mark Brown commit d4060ac969563113101c79433f2ae005feca1c29 Author: Tobias Klauser Date: Wed Jun 10 15:08:04 2020 +0200 tools, bpftool: Fix memory leak in codegen error cases Free the memory allocated for the template on error paths in function codegen. Signed-off-by: Tobias Klauser Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20200610130804.21423-1-tklauser@distanz.ch commit bd6fecb9a99cceb949271c1821cfbad2b2db97c6 Author: YiFei Zhu Date: Wed Jun 10 13:41:40 2020 -0500 selftests/bpf: Add cgroup_skb/egress test for load_bytes_relative When cgroup_skb/egress triggers the MAC header is not set. Added a test that asserts reading MAC header is a -EFAULT but NET header succeeds. The test result from within the eBPF program is stored in an 1-element array map that the userspace then reads and asserts on. Another assertion is added that reading from a large offset, past the end of packet, returns -EFAULT. Signed-off-by: YiFei Zhu Signed-off-by: Daniel Borkmann Reviewed-by: Stanislav Fomichev Link: https://lore.kernel.org/bpf/9028ccbea4385a620e69c0a104f469ffd655c01e.1591812755.git.zhuyifei@google.com commit 0f5d82f187e1beda3fe7295dfc500af266a5bd80 Author: YiFei Zhu Date: Wed Jun 10 13:41:39 2020 -0500 net/filter: Permit reading NET in load_bytes_relative when MAC not set Added a check in the switch case on start_header that checks for the existence of the header, and in the case that MAC is not set and the caller requests for MAC, -EFAULT. If the caller requests for NET then MAC's existence is completely ignored. There is no function to check NET header's existence and as far as cgroup_skb/egress is concerned it should always be set. Removed for ptr >= the start of header, considering offset is bounded unsigned and should always be true. len <= end - mac is redundant to ptr + len <= end. Fixes: 3eee1f75f2b9 ("bpf: fix bpf_skb_load_bytes_relative pkt length check") Signed-off-by: YiFei Zhu Signed-off-by: Daniel Borkmann Reviewed-by: Stanislav Fomichev Link: https://lore.kernel.org/bpf/76bb820ddb6a95f59a772ecbd8c8a336f646b362.1591812755.git.zhuyifei@google.com commit 7ccddc4613db446dc3cbb69a3763ba60ec651d13 Author: Tony Luck Date: Wed May 27 11:28:08 2020 -0700 x86/mce/dev-mcelog: Fix -Wstringop-truncation warning about strncpy() The kbuild test robot reported this warning: arch/x86/kernel/cpu/mce/dev-mcelog.c: In function 'dev_mcelog_init_device': arch/x86/kernel/cpu/mce/dev-mcelog.c:346:2: warning: 'strncpy' output \ truncated before terminating nul copying 12 bytes from a string of the \ same length [-Wstringop-truncation] This is accurate, but I don't care that the trailing NUL character isn't copied. The string being copied is just a magic number signature so that crash dump tools can be sure they are decoding the right blob of memory. Use memcpy() instead of strncpy(). Fixes: d8ecca4043f2 ("x86/mce/dev-mcelog: Dynamically allocate space for machine check records") Reported-by: kbuild test robot Signed-off-by: Tony Luck Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200527182808.27737-1-tony.luck@intel.com commit 17fae1294ad9d711b2c3dd0edef479d40c76a5e8 Author: Tony Luck Date: Wed May 20 09:35:46 2020 -0700 x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned An interesting thing happened when a guest Linux instance took a machine check. The VMM unmapped the bad page from guest physical space and passed the machine check to the guest. Linux took all the normal actions to offline the page from the process that was using it. But then guest Linux crashed because it said there was a second machine check inside the kernel with this stack trace: do_memory_failure set_mce_nospec set_memory_uc _set_memory_uc change_page_attr_set_clr cpa_flush clflush_cache_range_opt This was odd, because a CLFLUSH instruction shouldn't raise a machine check (it isn't consuming the data). Further investigation showed that the VMM had passed in another machine check because is appeared that the guest was accessing the bad page. Fix is to check the scope of the poison by checking the MCi_MISC register. If the entire page is affected, then unmap the page. If only part of the page is affected, then mark the page as uncacheable. This assumes that VMMs will do the logical thing and pass in the "whole page scope" via the MCi_MISC register (since they unmapped the entire page). [ bp: Adjust to x86/entry changes. ] Fixes: 284ce4011ba6 ("x86/memory_failure: Introduce {set, clear}_mce_nospec()") Reported-by: Jue Wang Signed-off-by: Tony Luck Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Tested-by: Jue Wang Cc: Link: https://lkml.kernel.org/r/20200520163546.GA7977@agluck-desk2.amr.corp.intel.com commit f77d26a9fc525286bcef3d4f98b52e17482cf49c Merge: b6bea24d4151 f0178fc01fe4 Author: Thomas Gleixner Date: Thu Jun 11 15:17:57 2020 +0200 Merge branch 'x86/entry' into ras/core to fixup conflicts in arch/x86/kernel/cpu/mce/core.c so MCE specific follow up patches can be applied without creating a horrible merge conflict afterwards. commit f0178fc01fe46bab6a95415f5647d1a74efcad1b Author: Thomas Gleixner Date: Wed Jun 10 08:37:01 2020 +0200 x86/entry: Unbreak __irqentry_text_start/end magic The entry rework moved interrupt entry code from the irqentry to the noinstr section which made the irqentry section empty. This breaks boundary checks which rely on the __irqentry_text_start/end markers to find out whether a function in a stack trace is interrupt/exception entry code. This affects the function graph tracer and filter_irq_stacks(). As the IDT entry points are all sequentialy emitted this is rather simple to unbreak by injecting __irqentry_text_start/end as global labels. To make this work correctly: - Remove the IRQENTRY_TEXT section from the x86 linker script - Define __irqentry so it breaks the build if it's used - Adjust the entry mirroring in PTI - Remove the redundant kprobes and unwinder bound checks Reported-by: Qian Cai Signed-off-by: Thomas Gleixner commit 2823e83a3dc0f54d23db67ca07d74b9c8bb1fdda Author: Peter Zijlstra Date: Wed Jun 3 13:40:22 2020 +0200 x86/entry: __always_inline CR2 for noinstr vmlinux.o: warning: objtool: exc_page_fault()+0x9: call to read_cr2() leaves .noinstr.text section vmlinux.o: warning: objtool: exc_page_fault()+0x24: call to prefetchw() leaves .noinstr.text section vmlinux.o: warning: objtool: exc_page_fault()+0x21: call to kvm_handle_async_pf.isra.0() leaves .noinstr.text section vmlinux.o: warning: objtool: exc_nmi()+0x1cc: call to write_cr2() leaves .noinstr.text section Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200603114052.243227806@infradead.org commit 6eebad1ad303db360ebe3e51c2b9656c3d407157 Author: Peter Zijlstra Date: Wed Jun 3 13:40:21 2020 +0200 lockdep: __always_inline more for noinstr vmlinux.o: warning: objtool: debug_locks_off()+0xd: call to __debug_locks_off() leaves .noinstr.text section vmlinux.o: warning: objtool: match_held_lock()+0x6a: call to look_up_lock_class.isra.0() leaves .noinstr.text section vmlinux.o: warning: objtool: lock_is_held_type()+0x90: call to lockdep_recursion_finish() leaves .noinstr.text section Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200603114052.185201076@infradead.org commit 5ef227933117085f1320b3421ef43a26bf624b4c Author: Peter Zijlstra Date: Wed Jun 3 13:40:20 2020 +0200 x86/entry: Re-order #DB handler to avoid *SAN instrumentation vmlinux.o: warning: objtool: exc_debug()+0xbb: call to clear_ti_thread_flag.constprop.0() leaves .noinstr.text section vmlinux.o: warning: objtool: noist_exc_debug()+0x55: call to clear_ti_thread_flag.constprop.0() leaves .noinstr.text section Rework things so that handle_debug() looses the noinstr and move the clear_thread_flag() into that. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200603114052.127756554@infradead.org commit 4b281e541bba74bf9574335289484c577f41eaf7 Author: Peter Zijlstra Date: Wed Jun 3 13:40:19 2020 +0200 x86/entry: __always_inline arch_atomic_* for noinstr vmlinux.o: warning: objtool: rcu_dynticks_eqs_exit()+0x33: call to arch_atomic_and.constprop.0() leaves .noinstr.text section Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200603114052.070166551@infradead.org commit 7a745be1cc902d7376fdc29d6b5533eb46532be1 Author: Peter Zijlstra Date: Wed Jun 3 13:40:18 2020 +0200 x86/entry: __always_inline irqflags for noinstr vmlinux.o: warning: objtool: lockdep_hardirqs_on()+0x65: call to arch_local_save_flags() leaves .noinstr.text section vmlinux.o: warning: objtool: lockdep_hardirqs_off()+0x5d: call to arch_local_save_flags() leaves .noinstr.text section vmlinux.o: warning: objtool: lock_is_held_type()+0x35: call to arch_local_irq_save() leaves .noinstr.text section vmlinux.o: warning: objtool: check_preemption_disabled()+0x31: call to arch_local_save_flags() leaves .noinstr.text section vmlinux.o: warning: objtool: check_preemption_disabled()+0x33: call to arch_irqs_disabled_flags() leaves .noinstr.text section vmlinux.o: warning: objtool: lock_is_held_type()+0x2f: call to native_irq_disable() leaves .noinstr.text section Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200603114052.012171668@infradead.org commit 28eaf87121abfb574fabfb08e21322b4dc377b10 Author: Peter Zijlstra Date: Wed Jun 3 13:40:17 2020 +0200 x86/entry: __always_inline debugreg for noinstr vmlinux.o: warning: objtool: exc_debug()+0x21: call to native_get_debugreg() leaves .noinstr.text section Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200603114051.954401211@infradead.org commit 3e77abda65b1cec10ef6b18b1ccfee0beaf400f1 Author: Thomas Gleixner Date: Thu May 28 16:53:20 2020 +0200 x86/idt: Consolidate idt functionality - Move load_current_idt() out of line and replace the hideous comment with a lockdep assert. This allows to make idt_table and idt_descr static. - Mark idt_table read only after the IDT initialization is complete. - Shuffle code around to consolidate the #ifdef sections into one. - Adapt the F00F bug code. Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200528145523.084915381@linutronix.de commit 00229a54300108502f68c8777faca2d13f805f1a Author: Thomas Gleixner Date: Thu May 28 16:53:19 2020 +0200 x86/idt: Cleanup trap_init() No point in having all the IDT cruft in trap_init(). Move it into the IDT code and fixup the comments. Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200528145522.992376498@linutronix.de commit 5a2bafca1b0675a126143eea3610143130347783 Author: Thomas Gleixner Date: Thu May 28 16:53:18 2020 +0200 x86/idt: Use proper constants for table size Use the actual struct size to calculate the IDT table size instead of hardcoded values. Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200528145522.898591501@linutronix.de commit 94438af40d06c110988fc9e30baf801f38b1491a Author: Thomas Gleixner Date: Thu May 28 16:53:17 2020 +0200 x86/idt: Add comments about early #PF handling The difference between 32 and 64 bit vs. early #PF handling is not documented. Replace the FIXME at idt_setup_early_pf() with proper comments. Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200528145522.807135882@linutronix.de commit bdf5bde8aec7b53d0ea3a44d880a4e5106ff37f3 Author: Thomas Gleixner Date: Thu May 28 16:53:16 2020 +0200 x86/idt: Mark init only functions __init Since 8175cfbbbfcb ("x86/idt: Remove update_intr_gate()") set_intr_gate() and idt_setup_from_table() are only called from __init functions. Mark them as well. Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200528145522.715816477@linutronix.de commit bf2b3008440072068580c609d79a079656af0588 Author: Peter Zijlstra Date: Fri May 29 23:27:40 2020 +0200 x86/entry: Rename trace_hardirqs_off_prepare() The typical pattern for trace_hardirqs_off_prepare() is: ENTRY lockdep_hardirqs_off(); // because hardware ... do entry magic instrumentation_begin(); trace_hardirqs_off_prepare(); ... do actual work trace_hardirqs_on_prepare(); lockdep_hardirqs_on_prepare(); instrumentation_end(); ... do exit magic lockdep_hardirqs_on(); which shows that it's named wrong, rename it to trace_hardirqs_off_finish(), as it concludes the hardirq_off transition. Also, given that the above is the only correct order, make the traditional all-in-one trace_hardirqs_off() follow suit. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200529213321.415774872@infradead.org commit 59bc300b712998d10254ee20e24f2e7ec09c560a Author: Peter Zijlstra Date: Fri May 29 23:27:39 2020 +0200 x86/entry: Clarify irq_{enter,exit}_rcu() Because: irq_enter_rcu() includes lockdep_hardirq_enter() irq_exit_rcu() does *NOT* include lockdep_hardirq_exit() Which resulted in two 'stray' lockdep_hardirq_exit() calls in idtentry.h, and me spending a long time trying to find the matching enter calls. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200529213321.359433429@infradead.org commit fd501d4f0399700011acde486576c7c1eb8e7a61 Author: Peter Zijlstra Date: Fri May 29 23:27:38 2020 +0200 x86/entry: Remove DBn stacks Both #DB itself, as all other IST users (NMI, #MC) now clear DR7 on entry. Combined with not allowing breakpoints on entry/noinstr/NOKPROBE text and no single step (EFLAGS.TF) inside the #DB handler should guarantee no nested #DB. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200529213321.303027161@infradead.org commit f9912ada82862df341b3e86864cbd532d0d24b84 Author: Peter Zijlstra Date: Fri May 29 23:27:37 2020 +0200 x86/entry: Remove debug IDT frobbing This is all unused now. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200529213321.245019500@infradead.org commit 84b6a3491567a540f955e18d8e615493afa36df0 Author: Peter Zijlstra Date: Fri May 29 23:27:36 2020 +0200 x86/entry: Optimize local_db_save() for virt Because DRn access is 'difficult' with virt; but the DR7 read is cheaper than a cacheline miss on native, add a virt specific fast path to local_db_save(), such that when breakpoints are not in use to avoid touching DRn entirely. Suggested-by: Andy Lutomirski Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200529213321.187833200@infradead.org commit cd840e424f27fcc1ae8d14b7ec3ec4560ee6561a Author: Peter Zijlstra Date: Fri May 29 23:27:35 2020 +0200 x86/entry, mce: Disallow #DB during #MC #MC is fragile as heck, don't tempt fate. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200529213321.131187767@infradead.org commit fd338e3564b0b8597a89f83941a0eda3e5092cc0 Author: Peter Zijlstra Date: Fri May 29 23:27:34 2020 +0200 x86/entry, nmi: Disable #DB Instead of playing stupid games with IST stacks, fully disallow #DB during NMIs. There is absolutely no reason to allow them, and killing this saves a heap of trouble. #DB is already forbidden on noinstr and CEA, so there can't be a #DB before this. Disabling it right after nmi_enter() ensures that the full NMI code is protected. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200529213321.069223695@infradead.org commit e1de11d4d1a64ac1b90b9833f1a3629dae18facb Author: Peter Zijlstra Date: Fri May 29 23:27:33 2020 +0200 x86/entry: Introduce local_db_{save,restore}() In order to allow other exceptions than #DB to disable breakpoints, provide common helpers. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200529213321.012060983@infradead.org commit fdef24dfccb7be06e6ebe11d6c6c56987421870f Author: Lai Jiangshan Date: Fri May 29 23:27:32 2020 +0200 x86/hw_breakpoint: Prevent data breakpoints on user_pcid_flush_mask The per-CPU user_pcid_flush_mask is used in the low level entry code. A data breakpoint can cause #DB recursion. Protect the full cpu_tlbstate structure for simplicity. Signed-off-by: Lai Jiangshan Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200526014221.2119-5-laijs@linux.alibaba.com Link: https://lkml.kernel.org/r/20200529213320.955117574@infradead.org commit f9fe0b89f05441c6e4034e024c2c75a0d93024c1 Author: Lai Jiangshan Date: Fri May 29 23:27:31 2020 +0200 x86/hw_breakpoint: Prevent data breakpoints on per_cpu cpu_tss_rw cpu_tss_rw is not directly referenced by hardware, but cpu_tss_rw is accessed in CPU entry code, especially when #DB shifts its stacks. If a data breakpoint would be set on cpu_tss_rw.x86_tss.ist[IST_INDEX_DB], it would cause recursive #DB ending up in a double fault. Add it to the list of protected items. Signed-off-by: Lai Jiangshan Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200526014221.2119-4-laijs@linux.alibaba.com Link: https://lkml.kernel.org/r/20200529213320.897976479@infradead.org commit 97417cb9ad4ed052d7a4c5c0d75db1ff1b0981fb Author: Lai Jiangshan Date: Fri May 29 23:27:30 2020 +0200 x86/hw_breakpoint: Prevent data breakpoints on direct GDT A data breakpoint on the GDT can be fatal and must be avoided. The GDT in the CPU entry area is already protected, but not the direct GDT. Add the necessary protection. Signed-off-by: Lai Jiangshan Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200526014221.2119-3-laijs@linux.alibaba.com Link: https://lkml.kernel.org/r/20200529213320.840953950@infradead.org commit d390e6de89d30402bd06056c40cea72328aec9b1 Author: Lai Jiangshan Date: Fri May 29 23:27:29 2020 +0200 x86/hw_breakpoint: Add within_area() to check data breakpoints Add a within_area() helper to checking whether the data breakpoints overlap with cpu_entry_area. It will be used to completely prevent data breakpoints on GDT, IDT, or TSS. Signed-off-by: Lai Jiangshan Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200526014221.2119-2-laijs@linux.alibaba.com Link: https://lkml.kernel.org/r/20200529213320.784524504@infradead.org commit 998c2034c6a36bd48284e8c8f945a6c6ffc0e3f0 Author: Vitaly Kuznetsov Date: Wed May 20 18:16:00 2020 +0200 xen: Move xen_setup_callback_vector() definition to include/xen/hvm.h Kbuild test robot reports the following problem on ARM: for 'xen_setup_callback_vector' [-Wmissing-prototypes] 1664 | void xen_setup_callback_vector(void) {} | ^~~~~~~~~~~~~~~~~~~~~~~~~ The problem is that xen_setup_callback_vector is a x86 only thing, its definition is present in arch/x86/xen/xen-ops.h but not on ARM. In events_base.c there is a stub for !CONFIG_XEN_PVHVM but it is not declared as 'static'. On x86 the situation is hardly better: drivers/xen/events/events_base.c doesn't include 'xen-ops.h' from arch/x86/xen/, it includes its namesake from include/xen/ which also results in a 'no previous prototype' warning. Currently, xen_setup_callback_vector() has two call sites: one in drivers/xen/events_base.c and another in arch/x86/xen/suspend_hvm.c. The former is placed under #ifdef CONFIG_X86 and the later is only compiled in when CONFIG_XEN_PVHVM. Resolve the issue by moving xen_setup_callback_vector() declaration to arch neutral 'include/xen/hvm.h' as the implementation lives in arch neutral drivers/xen/events/events_base.c. Reported-by: kbuild test robot Signed-off-by: Vitaly Kuznetsov Signed-off-by: Thomas Gleixner Reviewed-by: Juergen Gross Link: https://lkml.kernel.org/r/20200520161600.361895-1-vkuznets@redhat.com commit 320100a5ffe5ec781ec3dc190a57ce5e32885855 Author: Thomas Gleixner Date: Thu May 21 22:05:52 2020 +0200 x86/entry: Remove the TRACE_IRQS cruft No more users. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202120.523289762@linutronix.de commit 3ffdfdcec1bae39b68b990762350b3cd3127f23f Author: Thomas Gleixner Date: Thu May 21 22:05:51 2020 +0200 x86/entry: Move paranoid irq tracing out of ASM code The last step to remove the irq tracing cruft from ASM. Ignore #DF as the maschine is going to die anyway. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202120.414043330@linutronix.de commit 9628f26baef262a49d877e3785e8b88d241bc064 Author: Thomas Gleixner Date: Thu May 21 22:05:50 2020 +0200 x86/entry/64: Remove TRACE_IRQS_*_DEBUG Since INT3/#BP no longer runs on an IST, this workaround is no longer required. Tested by running lockdep+ftrace as described in the initial commit: 5963e317b1e9 ("ftrace/x86: Do not change stacks in DEBUG when calling lockdep") Signed-off-by: Thomas Gleixner Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Reviewed-by: Steven Rostedt (VMware) Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202120.319418546@linutronix.de commit fa95a0cb0423661eb615b6ac1e9882ce9a75719a Author: Thomas Gleixner Date: Thu May 21 22:05:49 2020 +0200 x86/entry/32: Remove redundant irq disable code All exceptions/interrupts return with interrupts disabled now. No point in doing this in ASM again. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202120.221223450@linutronix.de commit 3b6c9bf69ef34c5ca36c78aad4ff76b9d9afc92c Author: Thomas Gleixner Date: Thu May 21 22:05:48 2020 +0200 x86/entry: Make enter_from_user_mode() static The ASM users are gone. All callers are local. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202120.129232680@linutronix.de commit e3e5c64ea1f5a81ace6984e7abbdd369ab631c93 Author: Thomas Gleixner Date: Thu May 21 22:05:47 2020 +0200 x86/entry/64: Remove IRQ stack switching ASM No more users. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202120.021462159@linutronix.de commit 75da04f7f3cb416a68475e040175dc013da32de2 Author: Thomas Gleixner Date: Thu May 21 22:05:46 2020 +0200 x86/entry: Remove the apic/BUILD interrupt leftovers Remove all the code which was there to emit the system vector stubs. All users are gone. Move the now unused GET_CR2_INTO macro muck to head_64.S where the last user is. Fixup the eye hurting comment there while at it. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202119.927433002@linutronix.de commit 13cad9851ef1d004640991d45227dd35c08f45fc Author: Thomas Gleixner Date: Thu May 21 22:05:45 2020 +0200 x86/entry: Convert reschedule interrupt to IDTENTRY_SYSVEC_SIMPLE The scheduler IPI does not need the full interrupt entry handling logic when the entry is from kernel mode. Use IDTENTRY_SYSVEC_SIMPLE and spare all the overhead. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202119.835425642@linutronix.de commit cb09ea2924cbf1a42da59bd30a59cc1836240bcb Author: Thomas Gleixner Date: Thu May 21 22:05:44 2020 +0200 x86/entry: Convert XEN hypercall vector to IDTENTRY_SYSVEC Convert the last oldstyle defined vector to IDTENTRY_SYSVEC: - Implement the C entry point with DEFINE_IDTENTRY_SYSVEC - Emit the ASM stub with DECLARE_IDTENTRY_SYSVEC - Remove the ASM idtentries in 64-bit - Remove the BUILD_INTERRUPT entries in 32-bit - Remove the old prototypes Fixup the related XEN code by providing the primary C entry point in x86 to avoid cluttering the generic code with X86'isms. No functional change. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202119.741950104@linutronix.de commit a16be368dd3fb695077cc9bc59c988b548955eec Author: Thomas Gleixner Date: Thu May 21 22:05:43 2020 +0200 x86/entry: Convert various hypervisor vectors to IDTENTRY_SYSVEC Convert various hypervisor vectors to IDTENTRY_SYSVEC: - Implement the C entry point with DEFINE_IDTENTRY_SYSVEC - Emit the ASM stub with DECLARE_IDTENTRY_SYSVEC - Remove the ASM idtentries in 64-bit - Remove the BUILD_INTERRUPT entries in 32-bit - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Reviewed-by: Wei Liu Link: https://lore.kernel.org/r/20200521202119.647997594@linutronix.de commit 9c3b1f4975c46fc2932fd6d53e63c14f0ddf985f Author: Thomas Gleixner Date: Thu May 21 22:05:42 2020 +0200 x86/entry: Convert KVM vectors to IDTENTRY_SYSVEC* Convert KVM specific system vectors to IDTENTRY_SYSVEC*: The two empty stub handlers which only increment the stats counter do no need to run on the interrupt stack. Use IDTENTRY_SYSVEC_SIMPLE for them. The wakeup handler does more work and runs on the interrupt stack. None of these handlers need to save and restore the irq_regs pointer. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Paolo Bonzini Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202119.555715519@linutronix.de commit 720909a7abd351535bfb485a0ecce03c2e4467e2 Author: Thomas Gleixner Date: Thu May 21 22:05:41 2020 +0200 x86/entry: Convert various system vectors Convert various system vectors to IDTENTRY_SYSVEC: - Implement the C entry point with DEFINE_IDTENTRY_SYSVEC - Emit the ASM stub with DECLARE_IDTENTRY_SYSVEC - Remove the ASM idtentries in 64-bit - Remove the BUILD_INTERRUPT entries in 32-bit - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202119.464812973@linutronix.de commit 582f9191231b994582ad5349a7b06b3255c926fb Author: Thomas Gleixner Date: Thu May 21 22:05:40 2020 +0200 x86/entry: Convert SMP system vectors to IDTENTRY_SYSVEC Convert SMP system vectors to IDTENTRY_SYSVEC: - Implement the C entry point with DEFINE_IDTENTRY_SYSVEC - Emit the ASM stub with DECLARE_IDTENTRY_SYSVEC - Remove the ASM idtentries in 64-bit - Remove the BUILD_INTERRUPT entries in 32-bit - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202119.372234635@linutronix.de commit db0338eec5836eea3bd1b274212234d04bac2034 Author: Thomas Gleixner Date: Thu May 21 22:05:39 2020 +0200 x86/entry: Convert APIC interrupts to IDTENTRY_SYSVEC Convert APIC interrupts to IDTENTRY_SYSVEC: - Implement the C entry point with DEFINE_IDTENTRY_SYSVEC - Emit the ASM stub with DECLARE_IDTENTRY_SYSVEC - Remove the ASM idtentries in 64-bit - Remove the BUILD_INTERRUPT entries in 32-bit - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202119.280728850@linutronix.de commit 6368558c37107bed35950cfbd994f49de07236dc Author: Thomas Gleixner Date: Thu May 21 22:05:38 2020 +0200 x86/entry: Provide IDTENTRY_SYSVEC Provide IDTENTRY variants for system vectors to consolidate the different mechanisms to emit the ASM stubs for 32- and 64-bit. On 64-bit this also moves the stack switching from ASM to C code. 32-bit will excute the system vectors w/o stack switching as before. The simple variant is meant for "empty" system vectors like scheduler IPI and KVM posted interrupt vectors. These do not need the full glory of irq enter/exit handling with softirq processing and more. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202119.185317067@linutronix.de commit fa5e5c409213265da8a188b4a5e4e641b1382eb4 Author: Thomas Gleixner Date: Thu May 21 22:05:37 2020 +0200 x86/entry: Use idtentry for interrupts Replace the extra interrupt handling code and reuse the existing idtentry machinery. This moves the irq stack switching on 64-bit from ASM to C code; 32-bit already does the stack switching in C. This requires to remove HAVE_IRQ_EXIT_ON_IRQ_STACK as the stack switch is not longer in the low level entry code. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202119.078690991@linutronix.de commit 0bf7c314ff68622468945a24ea2f7ebc1edf0a6b Author: Thomas Gleixner Date: Thu May 21 22:05:36 2020 +0200 x86/entry: Add IRQENTRY_IRQ macro Provide a seperate IDTENTRY macro for device interrupts. Similar to IDTENTRY_ERRORCODE with the addition of invoking irq_enter/exit_rcu() and providing the errorcode as a 'u8' argument to the C function, which truncates the sign extended vector number. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202118.984573165@linutronix.de commit 7c2a57364cae0f2e070a27d728f1df6844ffff56 Author: Thomas Gleixner Date: Thu May 21 22:05:35 2020 +0200 x86/irq: Rework handle_irq() for 64-bit To consolidate the interrupt entry/exit code vs. the other exceptions make handle_irq() an inline and handle both 64-bit and 32-bit mode. Preparatory change to move irq stack switching for 64-bit to C which allows to consolidate the entry exit handling by reusing the idtentry machinery both in ASM and C. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202118.889972748@linutronix.de commit 633260fa143bbed05e65dc557a492667dfdc45bb Author: Thomas Gleixner Date: Thu May 21 22:05:34 2020 +0200 x86/irq: Convey vector as argument and not in ptregs Device interrupts which go through do_IRQ() or the spurious interrupt handler have their separate entry code on 64 bit for no good reason. Both 32 and 64 bit transport the vector number through ORIG_[RE]AX in pt_regs. Further the vector number is forced to fit into an u8 and is complemented and offset by 0x80 so it's in the signed character range. Otherwise GAS would expand the pushq to a 5 byte instruction for any vector > 0x7F. Treat the vector number like an error code and hand it to the C function as argument. This allows to get rid of the extra entry code in a later step. Simplify the error code push magic by implementing the pushq imm8 via a '.byte 0x6a, vector' sequence so GAS is not able to screw it up. As the pushq imm8 is sign extending the resulting error code needs to be truncated to 8 bits in C code. Originally-by: Andy Lutomirski Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202118.796915981@linutronix.de commit 79b9c183021ef3f5ca2d5168cd3fd442580eca09 Author: Thomas Gleixner Date: Thu May 21 22:05:33 2020 +0200 x86/irq: Use generic irq_regs implementation The only difference is the name of the per-CPU variable: irq_regs vs. __irq_regs, but the accessor functions are identical. Remove the pointless copy and use the generic variant. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202118.704169051@linutronix.de commit 74ebed3193aa4964b6cb9d146c9c01c7759ef4f2 Author: Thomas Gleixner Date: Thu May 21 22:05:32 2020 +0200 x86/entry/32: Remove common_exception() No more users. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202118.611906966@linutronix.de commit 23d73f2ad4e7e7ce8bebdd1e138c8c79439dc301 Author: Thomas Gleixner Date: Thu May 21 22:05:31 2020 +0200 x86/entry/64: Remove error_exit() No more users. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202118.516757524@linutronix.de commit e88d974136dbb5d6962eeb63075900603e737a1e Author: Thomas Gleixner Date: Thu May 21 22:05:30 2020 +0200 x86/entry: Change exit path of xen_failsafe_callback xen_failsafe_callback() is invoked from XEN for two cases: 1. Fault while reloading DS, ES, FS or GS 2. Fault while executing IRET #1 retries the IRET after XEN has fixed up the segments. #2 injects a #GP which kills the task For #1 there is no reason to go through the full exception return path because the tasks TIF state is still the same. So just going straight to the IRET path is good enough. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202118.423224507@linutronix.de commit e2dcb5f1390715244aec12dbd6f294863ca37b88 Author: Thomas Gleixner Date: Thu May 21 22:05:29 2020 +0200 x86/entry: Remove the transition leftovers Now that all exceptions are converted over the sane flag is not longer needed. Also the vector argument of idtentry_body on 64-bit is pointless now. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202118.331115895@linutronix.de commit 91eeafea1e4b7c95cc4f38af186d7d48fceef89a Author: Thomas Gleixner Date: Thu May 21 22:05:28 2020 +0200 x86/entry: Switch page fault exception to IDTENTRY_RAW Convert page fault exceptions to IDTENTRY_RAW: - Implement the C entry point with DEFINE_IDTENTRY_RAW - Add the CR2 read into the exception handler - Add the idtentry_enter/exit_cond_rcu() invocations in in the regular page fault handler and in the async PF part. - Emit the ASM stub with DECLARE_IDTENTRY_RAW - Remove the ASM idtentry in 64-bit - Remove the CR2 read from 64-bit - Remove the open coded ASM entry code in 32-bit - Fix up the XEN/PV code - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202118.238455120@linutronix.de commit 00cf8baf9c2af3c17f9d77bb9d07d44d330d0df2 Author: Thomas Gleixner Date: Thu May 21 22:05:27 2020 +0200 x86/entry/64: Simplify idtentry_body All C functions which do not have an error code have been converted to the new IDTENTRY interface which does not expect an error code in the arguments. Spare the XORL. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202118.145811853@linutronix.de commit 2f6474e4636bcc68af6c44abb2703f12d7f083da Author: Thomas Gleixner Date: Thu May 21 22:05:26 2020 +0200 x86/entry: Switch XEN/PV hypercall entry to IDTENTRY Convert the XEN/PV hypercall to IDTENTRY: - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64-bit - Remove the open coded ASM entry code in 32-bit - Remove the old prototypes The handler stubs need to stay in ASM code as they need corner case handling and adjustment of the stack pointer. Provide a new C function which invokes the entry/exit handling and calls into the XEN handler on the interrupt stack if required. The exit code is slightly different from the regular idtentry_exit() on non-preemptible kernels. If the hypercall is preemptible and need_resched() is set then XEN provides a preempt hypercall scheduling function. Move this functionality into the entry code so it can use the existing idtentry functionality. [ mingo: Build fixes. ] Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Acked-by: Juergen Gross Tested-by: Juergen Gross Link: https://lore.kernel.org/r/20200521202118.055270078@linutronix.de commit 1de16e0c17155d138282f3a9f65914a9a5da757e Author: Thomas Gleixner Date: Thu May 21 22:05:25 2020 +0200 x86/entry: Split out idtentry_exit_cond_resched() The XEN PV hypercall requires the ability of conditional rescheduling when preemption is disabled because some hypercalls take ages. Split out the rescheduling code from idtentry_exit_cond_rcu() so it can be reused for that. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202117.962199649@linutronix.de commit eb6555c83933ce8e094d5429d57970aaa9f0591e Author: Thomas Gleixner Date: Thu May 21 22:05:24 2020 +0200 x86/entry/64: Move do_softirq_own_stack() to C The first step to get rid of the ENTER/LEAVE_IRQ_STACK ASM macro maze. Use the new C code helpers to move do_softirq_own_stack() out of ASM code. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202117.870911120@linutronix.de commit 931b94145981e411bd2c934657649347ba8a9083 Author: Thomas Gleixner Date: Thu May 21 22:05:23 2020 +0200 x86/entry: Provide helpers for executing on the irqstack Device interrupt handlers and system vector handlers are executed on the interrupt stack. The stack switch happens in the low level assembly entry code. This conflicts with the efforts to consolidate the exit code in C to ensure correctness vs. RCU and tracing. As there is no way to move #DB away from IST due to the MOV SS issue, the requirements vs. #DB and NMI for switching to the interrupt stack do not exist anymore. The only requirement is that interrupts are disabled. That allows the moving of the stack switching to C code, which simplifies the entry/exit handling further, because it allows the switching of stacks after handling the entry and on exit before handling RCU, returning to usermode and kernel preemption in the same way as for regular exceptions. The initial attempt of having the stack switching in inline ASM caused too much headache vs. objtool and the unwinder. After analysing the use cases it was agreed on that having the stack switch in ASM for the price of an indirect call is acceptable, as the main users are indirect call heavy anyway and the few system vectors which are empty shells (scheduler IPI and KVM posted interrupt vectors) can run from the regular stack. Provide helper functions to check whether the interrupt stack is already active and whether stack switching is required. 64-bit only for now, as 32-bit has a variant of that already. Once this is cleaned up, the two implementations might be consolidated as an additional cleanup on top. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202117.763775313@linutronix.de commit 98a3bf195e1a14755da3d2b83e1dbb4a3158866d Author: Thomas Gleixner Date: Thu May 21 22:05:22 2020 +0200 genirq: Provide __irq_enter/exit_raw() Like __irq_enter/exit() but without time accounting. To be used for "empty" system vectors like the scheduler IPI to avoid the overhead. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Reviewed-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202117.671682341@linutronix.de commit 8a6bc4787f05d087fda8e11ead225c8830250703 Author: Thomas Gleixner Date: Thu May 21 22:05:21 2020 +0200 genirq: Provide irq_enter/exit_rcu() irq_enter()/exit() currently include RCU handling. To properly separate the RCU handling code, provide variants which contain only the non-RCU related functionality. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Reviewed-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202117.567023613@linutronix.de commit 9ee01e0f69a925b6ff7d5f39441413c55132b167 Author: Thomas Gleixner Date: Thu May 21 22:05:20 2020 +0200 x86/entry: Clean up idtentry_enter/exit() leftovers Now that everything is converted to conditional RCU handling remove idtentry_enter/exit() and tidy up the conditional functions. This does not remove rcu_irq_exit_preempt(), to avoid conflicts with the RCU tree. Will be removed once all of this hits Linus's tree. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202117.473597954@linutronix.de commit fa95d7dc1abceb288db2959badb9aaf558eb0530 Author: Thomas Gleixner Date: Thu May 21 22:05:19 2020 +0200 x86/idtentry: Switch to conditional RCU handling Switch all idtentry_enter/exit() users over to the new conditional RCU handling scheme and make the user mode entries in #DB, #INT3 and #MCE use the user mode idtentry functions. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202117.382387286@linutronix.de commit 9f9781b60dfa68d5094a41982f1efa75215a62b1 Author: Thomas Gleixner Date: Thu May 21 22:05:18 2020 +0200 x86/entry: Provide idtentry_enter/exit_user() As there are exceptions which already handle entry from user mode and from kernel mode separately, providing explicit user entry/exit handling callbacks makes sense and makes the code easier to understand. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20200521202117.289548561@linutronix.de commit 3eeec385848855c8109eb72b8b309078d5507968 Author: Thomas Gleixner Date: Thu May 21 22:05:17 2020 +0200 x86/entry: Provide idtentry_entry/exit_cond_rcu() After a lengthy discussion [1] it turned out that RCU does not need a full rcu_irq_enter/exit() when RCU is already watching. All it needs if NOHZ_FULL is active is to check whether the tick needs to be restarted. This allows to avoid a separate variant for the pagefault handler which cannot invoke rcu_irq_enter() on a kernel pagefault which might sleep. The cond_rcu argument is only temporary and will be removed once the existing users of idtentry_enter/exit() have been cleaned up. After that the code can be significantly simplified. [ mingo: Simplified the control flow ] Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: "Paul E. McKenney" Acked-by: Andy Lutomirski Link: [1] https://lkml.kernel.org/r/20200515235125.628629605@linutronix.de Link: https://lore.kernel.org/r/20200521202117.181397835@linutronix.de commit 2ab70319bc1f79228da4dce7b9d604740c9beeef Author: Thomas Gleixner Date: Thu May 21 22:05:14 2020 +0200 nmi, tracing: Make hardware latency tracing noinstr safe The hardware latency tracer calls into instrumentable functions. Move the calls into the RCU watching sections and annotate them. Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Acked-by: Andy Lutomirski Cc: Paul E. McKenney Link: https://lore.kernel.org/r/20200521202116.904176298@linutronix.de Signed-off-by: Ingo Molnar commit 7102cb07132624cdc09aa8e40c03ae34b4cbb74a Author: Ingo Molnar Date: Mon May 25 09:42:41 2020 +0200 x86/entry: Fix allnoconfig build warning The following commit: 095b7a3e7745 ("x86/entry: Convert double fault exception to IDTENTRY_DF") introduced a new build warning on 64-bit allnoconfig kernels, that have CONFIG_VMAP_STACK disabled: arch/x86/kernel/traps.c:332:16: warning: unused variable ‘address’ [-Wunused-variable] This variable is only used if CONFIG_VMAP_STACK is defined, so make it dependent on that, not CONFIG_X86_64. Signed-off-by: Ingo Molnar Cc: Thomas Gleixner Cc: Alexandre Chartre Cc: Peter Zijlstra Cc: Andy Lutomirski Cc: Borislav Petkov commit c29c775a554f7060b6fb31b68f88a3c9087cf1c5 Author: Thomas Gleixner Date: Tue Feb 25 23:33:31 2020 +0100 x86/entry: Convert double fault exception to IDTENTRY_DF Convert #DF to IDTENTRY_DF - Implement the C entry point with DEFINE_IDTENTRY_DF - Emit the ASM stub with DECLARE_IDTENTRY_DF on 64bit - Remove the ASM idtentry in 64bit - Adjust the 32bit shim code - Fixup the XEN/PV code - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135315.583415264@linutronix.de commit 6a8dfa8e4053adfcf02ee4d96287943064166beb Author: Thomas Gleixner Date: Tue Feb 25 23:33:30 2020 +0100 x86/idtentry: Provide IDTENTRY_DF Provide a separate macro for #DF as this needs to emit paranoid only code and has also a special ASM stub in 32bit. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135315.583415264@linutronix.de commit 865d3a9afe7eddf320e7f61a442864d6efe27505 Author: Thomas Gleixner Date: Tue Apr 21 21:22:36 2020 +0200 x86/mce: Address objtools noinstr complaints Mark the relevant functions noinstr, use the plain non-instrumented MSR accessors. The only odd part is the instrumentation_begin()/end() pair around the indirect machine_check_vector() call as objtool can't figure that out. The possible invoked functions are annotated correctly. Also use notrace variant of nmi_enter/exit(). If MCEs happen then hardware latency tracing is the least of the worries. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135315.476734898@linutronix.de commit 75347bb2535a6d5549cc3e436467b7c40d7bb874 Author: Thomas Gleixner Date: Thu Apr 30 11:07:20 2020 +0200 x86/traps: Address objtool noinstr complaints in #DB The functions invoked from handle_debug() can be instrumented. Tell objtool about it. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135315.380927730@linutronix.de commit 9347f41352181bf4a7e663f7b5f4a4bb32244d73 Author: Thomas Gleixner Date: Mon May 4 19:56:26 2020 +0200 x86/traps: Restructure #DB handling Now that there are separate entry points, move the kernel/user_mode specifc checks into the entry functions so the common handling code does not need the extra mode checks. Make the code more readable while at it. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135315.283276272@linutronix.de commit 4c0dcd8350a03cb65f645a039f2772be880ee74a Author: Thomas Gleixner Date: Tue Feb 25 23:33:29 2020 +0100 x86/entry: Implement user mode C entry points for #DB and #MCE The MCE entry point uses the same mechanism as the IST entry point for now. For #DB split the inner workings and just keep the nmi_enter/exit() magic in the IST variant. Fixup the ASM code to emit the proper noist_##cfunc call. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135315.177564104@linutronix.de commit f08e32ec3cfcf9e6d3640007de590c225ab2e201 Author: Thomas Gleixner Date: Tue Feb 25 23:33:28 2020 +0100 x86/idtentry: Provide IDTRENTRY_NOIST variants for #DB and #MC Provide NOIST entry point macros which allows to implement NOIST variants of the C entry points. These are invoked when #DB or #MC enter from user space. This allows explicit handling of the difference between user mode and kernel mode entry later. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135315.084882104@linutronix.de commit df7ccaffd2035ebd4bfbb2d980e5817c31f4a891 Author: Thomas Gleixner Date: Tue Feb 25 23:33:27 2020 +0100 x86/entry/64: Remove error code clearing from #DB and #MCE ASM stub The C entry points do not expect an error code. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135314.992621707@linutronix.de commit 2bbc68f8373c0631ebf137f376fbea00e8086be7 Author: Thomas Gleixner Date: Tue Feb 25 23:33:26 2020 +0100 x86/entry: Convert Debug exception to IDTENTRY_DB Convert #DB to IDTENTRY_ERRORCODE: - Implement the C entry point with DEFINE_IDTENTRY_DB - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135314.900297476@linutronix.de commit 9f58fdde95c9509a4ded27a6d0035e79294002b4 Author: Peter Zijlstra Date: Mon Apr 6 21:02:56 2020 +0200 x86/db: Split out dr6/7 handling DR6/7 should be handled before nmi_enter() is invoked and restore after nmi_exit() to minimize the exposure. Split it out into helper inlines and bring it into the correct order. Signed-off-by: Peter Zijlstra Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135314.808628211@linutronix.de commit f051f697955049c7cf10a635ab8149aa619243b2 Author: Thomas Gleixner Date: Mon Apr 6 15:55:06 2020 +0200 x86/nmi: Protect NMI entry against instrumentation Mark all functions in the fragile code parts noinstr or force inlining so they can't be instrumented. Also make the hardware latency tracer invocation explicit outside of non-instrumentable section. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135314.716186134@linutronix.de commit 6271fef00b3489690e52ce95edbc378357513547 Author: Thomas Gleixner Date: Tue Feb 25 23:33:25 2020 +0100 x86/entry: Convert NMI to IDTENTRY_NMI Convert #NMI to IDTENTRY_NMI: - Implement the C entry point with DEFINE_IDTENTRY_NMI - Fixup the XEN/PV code - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135314.609932306@linutronix.de commit 9cce81cff748ef0e79b41c6e37d7137267f1212f Author: Thomas Gleixner Date: Tue Feb 25 23:33:24 2020 +0100 x86/idtentry: Provide IDTENTRY_XEN for XEN/PV XEN/PV has special wrappers for NMI and DB exceptions. They redirect these exceptions through regular IDTENTRY points. Provide the necessary IDTENTRY macros to make this work Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135314.518622698@linutronix.de commit aedbdeab00dcfcc6d751f9fb1b4896b01911d494 Author: Thomas Gleixner Date: Sat Apr 4 15:39:13 2020 +0200 x86/mce: Use untraced rd/wrmsr in the MCE offline/crash check mce_check_crashing_cpu() is called right at the entry of the MCE handler. It uses mce_rdmsr() and mce_wrmsr() which are wrappers around rdmsr() and wrmsr() to handle the MCE error injection mechanism, which is pointless in this context, i.e. when the MCE hits an offline CPU or the system is already marked crashing. The MSR access can also be traced, so use the untraceable variants. This is also safe vs. XEN paravirt as these MSRs are not affected by XEN PV modifications. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135314.426347351@linutronix.de commit 8cd501c1facc159dff6db63775151c9200a3ea1e Author: Thomas Gleixner Date: Tue Feb 25 23:33:23 2020 +0100 x86/entry: Convert Machine Check to IDTENTRY_IST Convert #MC to IDTENTRY_MCE: - Implement the C entry points with DEFINE_IDTENTRY_MCE - Emit the ASM stub with DECLARE_IDTENTRY_MCE - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes - Remove the error code from *machine_check_vector() as it is always 0 and not used by any of the functions it can point to. Fixup all the functions as well. No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135314.334980426@linutronix.de commit 94a46d316f2b54e3de8a4fa884cb16383db7fcd8 Author: Thomas Gleixner Date: Fri Apr 3 22:37:31 2020 +0200 x86/mce: Move nmi_enter/exit() into the entry point There is no reason to have nmi_enter/exit() in the actual MCE handlers. Move it to the entry point. This also covers the until now uncovered initial handler which only prints. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135314.243936614@linutronix.de commit 2c058b03cc06ba485169778a271f87e5ac57dd83 Author: Thomas Gleixner Date: Tue Feb 25 23:33:22 2020 +0100 x86/idtentry: Provide IDTENTRY_IST Same as IDTENTRY but for exceptions which run on Interrupt Stacks (IST) on 64bit. For 32bit this maps to IDTENTRY. There are 3 variants which will be used: IDTENTRY_MCE IDTENTRY_DB IDTENTRY_NMI These map to IDTENTRY_IST, but only the MCE and DB variants are emitting ASM code as the NMI entry needs hand crafted ASM still. The function defines do not contain any idtenter/exit calls as these exceptions need special treatment. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135314.137125609@linutronix.de commit 21e28290b31708b72763641604e239eb369c230d Author: Peter Zijlstra Date: Thu Mar 5 16:09:52 2020 +0100 x86/traps: Split int3 handler up For code simplicity split up the int3 handler into a kernel and user part which makes the code flow simpler to understand. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Link: https://lkml.kernel.org/r/20200505135314.045220765@linutronix.de commit 8edd7e37aed8b9df938a63f0b0259c70569ce3d2 Author: Thomas Gleixner Date: Tue Feb 25 23:16:16 2020 +0100 x86/entry: Convert INT3 exception to IDTENTRY_RAW Convert #BP to IDTENTRY_RAW: - Implement the C entry point with DEFINE_IDTENTRY_RAW - Invoke idtentry_enter/exit() from the function body - Emit the ASM stub with DECLARE_IDTENTRY_RAW - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes No functional change. This could be a plain IDTENTRY, but as Peter pointed out INT3 is broken vs. the static key in the context tracking code as this static key might be in the state of being patched and has an int3 which would recurse forever. IDTENTRY_RAW is therefore chosen to allow addressing this issue without lots of code churn. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135313.938474960@linutronix.de commit 0dc6cdc21b94eed8cdacf34eabb4175cebd13775 Author: Thomas Gleixner Date: Wed Mar 4 15:22:09 2020 +0100 x86/idtentry: Provide IDTENTRY_RAW Some exception handlers need to do extra work before any of the entry helpers are invoked. Provide IDTENTRY_RAW for this. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135313.830540017@linutronix.de commit f64366efd8c60b93138b813d071d2cd201fd0f6e Author: Peter Zijlstra Date: Thu Feb 20 13:28:06 2020 +0100 x86/int3: Inline bsearch() Avoid calling out to bsearch() by inlining it, for normal kernel configs this was the last external call and poke_int3_handler() is now fully self sufficient -- no calls to external code. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135313.731774429@linutronix.de commit df65bba1dcd8ffadd922a71196b78c6d7630c33b Author: Peter Zijlstra Date: Wed Feb 19 18:25:09 2020 +0100 lib/bsearch: Provide __always_inline variant For code that needs the ultimate performance (it can inline the @cmp function too) or simply needs to avoid calling external functions for whatever reason, provide an __always_inline variant of bsearch(). [ tglx: Renamed to __inline_bsearch() as suggested by Andy ] Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135313.624443814@linutronix.de commit ef882bfef933408360e4d9d0c2c83a1e2fc996f3 Author: Peter Zijlstra Date: Fri Jan 24 22:08:45 2020 +0100 x86/int3: Avoid atomic instrumentation Use arch_atomic_*() and __READ_ONCE() to ensure nothing untoward creeps in and ruins things. That is; this is the INT3 text poke handler, strictly limit the code that runs in it, lest it inadvertenly hits yet another INT3. Reported-by: Thomas Gleixner Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Reviewed-by: Masami Hiramatsu Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135313.517429268@linutronix.de commit 4979fb53ab0ed35eddd20a73c25a5597bc22a57f Author: Thomas Gleixner Date: Tue Jan 21 15:53:09 2020 +0100 x86/int3: Ensure that poke_int3_handler() is not traced In order to ensure poke_int3_handler() is completely self contained -- this is called while modifying other text, imagine the fun of hitting another INT3 -- ensure that everything it uses is not traced. The primary means here is to force inlining; bsearch() is notrace because all of lib/ is. Signed-off-by: Thomas Gleixner Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505135313.410702173@linutronix.de commit d77290507ab2ac691d50389e255ebd11a6cbc35a Author: Thomas Gleixner Date: Tue Feb 25 23:16:30 2020 +0100 x86/entry/32: Convert IRET exception to IDTENTRY_SW Convert the IRET exception handler to IDTENTRY_SW. This is slightly different than the conversions of hardware exceptions as the IRET exception is invoked via an exception table when IRET faults. So it just uses the IDTENTRY_SW mechanism for consistency. It does not emit ASM code as it does not fit the other idtentry exceptions. - Implement the C entry point with DEFINE_IDTENTRY_SW() which maps to DEFINE_IDTENTRY() - Fixup the XEN/PV code - Remove the old prototypes - Remove the RCU warning as the new entry macro ensures correctness No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134906.128769226@linutronix.de commit 48227e21f7430e31042f63e078a45cd230e9fdfc Author: Thomas Gleixner Date: Tue Feb 25 23:16:29 2020 +0100 x86/entry: Convert SIMD coprocessor error exception to IDTENTRY Convert #XF to IDTENTRY_ERRORCODE: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Handle INVD_BUG in C - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes - Remove the RCU warning as the new entry macro ensures correctness No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134906.021552202@linutronix.de commit 436608bb00a59f5457cee26f416067860ca88d9d Author: Thomas Gleixner Date: Tue Feb 25 23:16:28 2020 +0100 x86/entry: Convert Alignment check exception to IDTENTRY Convert #AC to IDTENTRY_ERRORCODE: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes - Remove the RCU warning as the new entry macro ensures correctness No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134905.928967113@linutronix.de commit 14a8bd2aa7c355b3a8879618a4f70f9c2b0004f7 Author: Thomas Gleixner Date: Tue Feb 25 23:16:27 2020 +0100 x86/entry: Convert Coprocessor error exception to IDTENTRY Convert #MF to IDTENTRY_ERRORCODE: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes - Remove the RCU warning as the new entry macro ensures correctness No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134905.838823510@linutronix.de commit dad7106f8194df1b096666c5499ef732497ddb15 Author: Thomas Gleixner Date: Tue Feb 25 23:16:26 2020 +0100 x86/entry: Convert Spurious interrupt bug exception to IDTENTRY Convert #SPURIOUS to IDTENTRY_ERRORCODE: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134905.728077036@linutronix.de commit be4c11afbb6d5317274e61fda0edf744080fb72b Author: Thomas Gleixner Date: Tue Feb 25 23:16:25 2020 +0100 x86/entry: Convert General protection exception to IDTENTRY Convert #GP to IDTENTRY_ERRORCODE: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes - Remove the RCU warning as the new entry macro ensures correctness No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134905.637269946@linutronix.de commit fd9689bf91131c4bea5ea54f828af5267f5ed6a0 Author: Thomas Gleixner Date: Tue Feb 25 23:16:24 2020 +0100 x86/entry: Convert Stack segment exception to IDTENTRY Convert #SS to IDTENTRY_ERRORCODE: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134905.539867572@linutronix.de commit 99a3fb8d01af1085f16a417a748e0a462dc92d29 Author: Thomas Gleixner Date: Tue Feb 25 23:16:23 2020 +0100 x86/entry: Convert Segment not present exception to IDTENTRY Convert #NP to IDTENTRY_ERRORCODE: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134905.443591450@linutronix.de commit 97b3d290b865cf9115f7d37d40b7482efba4d46d Author: Thomas Gleixner Date: Tue Feb 25 23:16:22 2020 +0100 x86/entry: Convert Invalid TSS exception to IDTENTRY Convert #TS to IDTENTRY_ERRORCODE: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134905.350676449@linutronix.de commit aabfe5383ec7b480ca222ac05d49eb3c83dc022a Author: Thomas Gleixner Date: Tue Feb 25 23:16:21 2020 +0100 x86/idtentry: Provide IDTENTRY_ERRORCODE Same as IDTENTRY but the C entry point has an error code argument. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134905.258989060@linutronix.de commit f95658fdb575233f79e3e7ed7ecf990389d31319 Author: Thomas Gleixner Date: Tue Feb 25 23:16:20 2020 +0100 x86/entry: Convert Coprocessor segment overrun exception to IDTENTRY Convert #OLD_MF to IDTENTRY: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134905.838823510@linutronix.de commit 866ae2ccee4ac092fea14f18d537205e14c5a904 Author: Thomas Gleixner Date: Tue Feb 25 23:16:19 2020 +0100 x86/entry: Convert Device not available exception to IDTENTRY Convert #NM to IDTENTRY: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes - Remove the RCU warning as the new entry macro ensures correctness No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134905.056243863@linutronix.de commit 49893c5cb281f8691dcbe53e6f85a963f47a4b9b Author: Thomas Gleixner Date: Tue Feb 25 23:16:18 2020 +0100 x86/entry: Convert Invalid Opcode exception to IDTENTRY Convert #UD to IDTENTRY: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Fixup the FOOF bug call in fault.c - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134904.955511913@linutronix.de commit 58d9c81facf55dbd1836d114ce360a048e3a0582 Author: Thomas Gleixner Date: Tue Feb 25 23:16:17 2020 +0100 x86/entry: Convert Bounds exception to IDTENTRY Convert #BR to IDTENTRY: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes - Remove the RCU warning as the new entry macro ensures correctness No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134904.863001309@linutronix.de commit 4b6b9111c0b9aa4c3b319f1c5a3b1d5850792167 Author: Thomas Gleixner Date: Tue Feb 25 23:16:15 2020 +0100 x86/entry: Convert Overflow exception to IDTENTRY Convert #OF to IDTENTRY: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code - Remove the old prototypes No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134904.771457898@linutronix.de commit 9d06c4027f21fcfa60221bd7203eda3c82568467 Author: Thomas Gleixner Date: Tue Feb 25 23:16:14 2020 +0100 x86/entry: Convert Divide Error to IDTENTRY Convert #DE to IDTENTRY: - Implement the C entry point with DEFINE_IDTENTRY - Emit the ASM stub with DECLARE_IDTENTRY - Remove the ASM idtentry in 64bit - Remove the open coded ASM entry code in 32bit - Fixup the XEN/PV code No functional change. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134904.663914713@linutronix.de commit 218e31b6e7a33c9b5e5d608aa79d51665bb84e62 Author: Thomas Gleixner Date: Tue Feb 25 23:16:13 2020 +0100 x86/traps: Prepare for using DEFINE_IDTENTRY Prepare for using IDTENTRY to define the C exception/trap entry points. It would be possible to glue this into the existing macro maze, but it's simpler and better to read at the end to just make them distinct. Provide a trivial inline helper to read the trap address and add a comment explaining the logic behind it. The existing macros will be removed once all instances are converted. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134904.556327833@linutronix.de commit 0ba50e861ae9f91ffb6589e3a8ecbd47859b0275 Author: Thomas Gleixner Date: Thu Mar 26 16:28:52 2020 +0100 x86/entry/common: Provide idtentry_enter/exit() Provide functions which handle the low level entry and exit similar to enter/exit from user mode. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134904.457578656@linutronix.de commit 53aaf262c66ee237e4163f1af347939ebd9c51c2 Author: Thomas Gleixner Date: Tue Feb 25 23:16:12 2020 +0100 x86/idtentry: Provide macros to define/declare IDT entry points Provide DECLARE/DEFINE_IDTENTRY() macros. DEFINE_IDTENTRY() provides a wrapper which acts as the function definition. The exception handler body is just appended to it with curly brackets. The entry point is marked noinstr so that irq tracing and the enter_from_user_mode() can be moved into the C-entry point. As all C-entries use the same macro (or a later variant) the necessary entry handling can be implemented at one central place. DECLARE_IDTENTRY() provides the function prototypes: - The C entry point cfunc - The ASM entry point asm_cfunc - The XEN/PV entry point xen_asm_cfunc They all follow the same naming convention. When included from ASM code DECLARE_IDTENTRY() is a macro which emits the low level entry point in assembly by instantiating idtentry. IDTENTRY is the simplest variant which just has a pt_regs argument. It's going to be used for all exceptions which have no error code. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134904.273363275@linutronix.de commit 60400677e1280dae7d903e5997fb1cfabb22d4bd Author: Thomas Gleixner Date: Tue Feb 25 23:16:11 2020 +0100 x86/entry/32: Provide macro to emit IDT entry stubs 32 and 64 bit have unnecessary different ways to populate the exception entry code. Provide a idtentry macro which allows to consolidate all of that. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134904.166735365@linutronix.de commit 424c7d0a9a396ba93815b8861033e62791622cc3 Author: Thomas Gleixner Date: Thu Mar 26 16:56:20 2020 +0100 x86/entry/64: Provide sane error entry/exit For gradual conversion provide a macro parameter and the required code which allows to handle instrumentation and interrupt flags tracking in C. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134904.058904490@linutronix.de commit cfa82a00533f7074011a3a49fbb6ed1b1f6fa010 Author: Thomas Gleixner Date: Tue Feb 25 23:16:10 2020 +0100 x86/entry: Distangle idtentry idtentry is a completely unreadable maze. Split it into distinct idtentry variants which only contain the minimal code: - idtentry for regular exceptions - idtentry_mce_debug for #MCE and #DB - idtentry_df for #DF The generated binary code is equivalent. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134903.949227617@linutronix.de commit 67f1386616dc0c70f30f214245521c582666edac Author: Thomas Gleixner Date: Tue Feb 25 23:16:09 2020 +0100 x86/entry/64: Reorder idtentries Move them all together so verifying the cleanup patches for binary equivalence will be easier. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134903.841853522@linutronix.de commit 877f183f83cc33b1b09313b9c18ab7ee5abda44f Author: Thomas Gleixner Date: Tue Feb 25 23:16:07 2020 +0100 x86/traps: Split trap numbers out in a separate header So they can be used in ASM code. For this it is also necessary to convert them to defines. Will be used for the rework of the entry code. Signed-off-by: Thomas Gleixner Reviewed-by: Andy Lutomirski Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134903.731004084@linutronix.de commit ca4c6a9858c23b4f330113f391f2eadc983e780f Author: Thomas Gleixner Date: Wed Oct 23 14:27:10 2019 +0200 x86/traps: Make interrupt enable/disable symmetric in C code Traps enable interrupts conditionally but rely on the ASM return code to disable them again. That results in redundant interrupt disable and trace calls. Make the trap handlers disable interrupts before returning to avoid that, which allows simplification of the ASM entry code in follow up changes. Originally-by: Peter Zijlstra Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134903.622702796@linutronix.de commit c9317202af70ee03d44fdd68abebdb640b8ab411 Author: Thomas Gleixner Date: Tue May 12 14:54:14 2020 +0200 x86/entry/64: Use native swapgs in asm_load_gs_index() When PARAVIRT_XXL is in use, then load_gs_index() uses xen_load_gs_index() and asm_load_gs_index() is unused. It's therefore pointless to use the paravirtualized SWAPGS implementation in asm_load_gs_index(). Switch it to a plain swapgs. Signed-off-by: Thomas Gleixner Reviewed-by: Steven Rostedt (VMware) Acked-by: Juergen Gross Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200512213809.583980272@linutronix.de commit 410367e321b5cbd4a616161142a7d162cf55885e Author: Thomas Gleixner Date: Wed Mar 4 23:32:15 2020 +0100 x86/entry: Disable interrupts for native_load_gs_index() in C code There is absolutely no point in doing this in ASM code. Move it to C. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134903.531534675@linutronix.de commit daf7a69787b587d454adea73377a904e09fd54a9 Author: Thomas Gleixner Date: Wed Mar 25 23:47:51 2020 +0100 x86/traps: Mark sync_regs() noinstr Replace the notrace and NOKPROBE annotations with noinstr. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Reviewed-by: Masami Hiramatsu Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134903.439765290@linutronix.de commit d73a332936a6d33be3aa3fa4bee959efab09e431 Author: Thomas Gleixner Date: Wed Mar 25 19:53:38 2020 +0100 x86/traps: Mark fixup_bad_iret() noinstr This is called from deep entry ASM in a situation where instrumentation will cause more harm than providing useful information. Switch from memmove() to memcpy() because memmove() can't be called from noinstr code. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Reviewed-by: Masami Hiramatsu Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134903.346741553@linutronix.de commit 1c3e5d3f60e26415d4227aa1193cf9e2db4df834 Author: Peter Zijlstra Date: Tue May 12 18:17:12 2020 +0200 x86/entry: Make entry_64_compat.S objtool clean Currently entry_64_compat is exempt from objtool, but with vmlinux mode there is no hiding it. Make the following changes to make it pass: - change entry_SYSENTER_compat to STT_NOTYPE; it's not a function and doesn't have function type stack setup. - mark all STT_NOTYPE symbols with UNWIND_HINT_EMPTY; so we do validate them and don't treat them as unreachable. - don't abuse RSP as a temp register, this confuses objtool mightily as it (rightfully) thinks we're doing unspeakable things to the stack. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134341.272248024@linutronix.de commit a7ef9ba986b5fae9d80f8a7b31db0423687efe4e Author: Thomas Gleixner Date: Wed Mar 4 12:49:18 2020 +0100 x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline Prevent the compiler from uninlining and creating traceable/probable functions as this is invoked _after_ context tracking switched to CONTEXT_USER and rcu idle. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134340.902709267@linutronix.de commit 4983e5d74c821780d518232eea4acdc4a8f0b44d Author: Thomas Gleixner Date: Wed Mar 4 12:51:59 2020 +0100 x86/entry: Move irq flags tracing to prepare_exit_to_usermode() This is another step towards more C-code and less convoluted ASM. Similar to the entry path, invoke the tracer before context tracking which might turn off RCU and invoke lockdep as the last step before going back to user space. Annotate the code sections in exit_to_user_mode() accordingly so objtool won't complain about the tracer invocation. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134340.703783926@linutronix.de commit dd8e2d9ae64fa4348530df3e45e9f874d807a1c2 Author: Thomas Gleixner Date: Tue Feb 25 23:08:05 2020 +0100 x86/entry: Move irq tracing on syscall entry to C-code Now that the C entry points are safe, move the irq flags tracing code into the entry helper: - Invoke lockdep before calling into context tracking - Use the safe trace_hardirqs_on_prepare() trace function after context tracking established state and RCU is watching. enter_from_user_mode() is also still invoked from the exception/interrupt entry code which still contains the ASM irq flags tracing. So this is just a redundant and harmless invocation of tracing / lockdep until these are removed as well. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134340.611961721@linutronix.de commit 8f159f1dfa1ea29d70a84335fe6a8bd501a9eecd Author: Thomas Gleixner Date: Tue Mar 10 14:46:27 2020 +0100 x86/entry/common: Protect against instrumentation Mark the various syscall entries with noinstr to protect them against instrumentation and add the noinstrumentation_begin()/end() annotations to mark the parts of the functions which are safe to call out into instrumentable code. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134340.520277507@linutronix.de commit 1723be30e46fbda0c5971d3a19a37a7c2499bc90 Author: Thomas Gleixner Date: Sat Feb 29 15:12:33 2020 +0100 x86/entry: Mark enter_from_user_mode() noinstr Both the callers in the low level ASM code and __context_tracking_exit() which is invoked from enter_from_user_mode() via user_exit_irqoff() are marked NOKPROBE. Allowing enter_from_user_mode() to be probed is inconsistent at best. Aside of that while function tracing per se is safe the function trace entry/exit points can be used via BPF as well which is not safe to use before context tracking has reached CONTEXT_KERNEL and adjusted RCU. Mark it noinstr which moves it into the instrumentation protected text section and includes notrace. Note, this needs further fixups in context tracking to ensure that the full call chain is protected. Will be addressed in follow up changes. Signed-off-by: Thomas Gleixner Reviewed-by: Masami Hiramatsu Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134340.429059405@linutronix.de commit 8c0fa8a036cd9c000bcf761413b565b429f629fc Author: Thomas Gleixner Date: Wed Mar 25 19:47:40 2020 +0100 x86/entry/32: Move non entry code into .text section All ASM code which is not part of the entry functionality can move out into the .text section. No reason to keep it in the non-instrumentable entry section. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134340.320164650@linutronix.de commit b9f6976bfb949121bb6e1e6f4fd9909735729148 Author: Thomas Gleixner Date: Wed Mar 25 19:45:26 2020 +0100 x86/entry/64: Move non entry code into .text section All ASM code which is not part of the entry functionality can move out into the .text section. No reason to keep it in the non-instrumentable entry section. Signed-off-by: Thomas Gleixner Reviewed-by: Steven Rostedt (VMware) Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134340.227579223@linutronix.de commit fba8dbeaf30e2c8db2c2cfeb38f6dbffcbf86bba Author: Thomas Gleixner Date: Fri May 15 17:39:05 2020 +0200 x86/idt: Remove update_intr_gate() No more users. Signed-off-by: Thomas Gleixner commit 5916d5f9b3347344a3d96ba6b54cf8e290eba96a Author: Thomas Gleixner Date: Fri Mar 13 13:49:51 2020 +0100 bug: Annotate WARN/BUG/stackfail as noinstr safe Warnings, bugs and stack protection fails from noinstr sections, e.g. low level and early entry code, are likely to be fatal. Mark them as "safe" to be invoked from noinstr protected code to avoid annotating all usage sites. Getting the information out is important. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134100.376598577@linutronix.de commit 126f21f0e8d46e2c0e9daafb67546dbfb316d325 Author: Thomas Gleixner Date: Tue Mar 10 23:47:39 2020 +0100 lib/smp_processor_id: Move it into noinstr section That code is already not traceable. Move it into the noinstr section so the objtool section validation does not trigger. Annotate the warning code as "safe". While it might be not under all circumstances, getting the information out is important enough. Should this ever trigger from the sensitive code which is shielded against instrumentation, e.g. low level entry, then the printk is the least of the worries. Addresses the objtool warnings: vmlinux.o: warning: objtool: context_tracking_recursion_enter()+0x7: call to __this_cpu_preempt_check() leaves .noinstr.text section vmlinux.o: warning: objtool: __context_tracking_exit()+0x17: call to __this_cpu_preempt_check() leaves .noinstr.text section vmlinux.o: warning: objtool: __context_tracking_enter()+0x2a: call to __this_cpu_preempt_check() leaves .noinstr.text section Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134340.902709267@linutronix.de commit 0372007f5a79d61d3cb48a507717b9afb5d6addd Author: Thomas Gleixner Date: Wed Mar 4 11:05:22 2020 +0100 context_tracking: Ensure that the critical path cannot be instrumented context tracking lacks a few protection mechanisms against instrumentation: - While the core functions are marked NOKPROBE they lack protection against function tracing which is required as the function entry/exit points can be utilized by BPF. - static functions invoked from the protected functions need to be marked as well as they can be instrumented otherwise. - using plain inline allows the compiler to emit traceable and probable functions. Fix this by marking the functions noinstr and converting the plain inlines to __always_inline. The NOKPROBE_SYMBOL() annotations are removed as the .noinstr.text section is already excluded from being probed. Cures the following objtool warnings: vmlinux.o: warning: objtool: enter_from_user_mode()+0x34: call to __context_tracking_exit() leaves .noinstr.text section vmlinux.o: warning: objtool: prepare_exit_to_usermode()+0x29: call to __context_tracking_enter() leaves .noinstr.text section vmlinux.o: warning: objtool: syscall_return_slowpath()+0x29: call to __context_tracking_enter() leaves .noinstr.text section vmlinux.o: warning: objtool: do_syscall_64()+0x7f: call to __context_tracking_enter() leaves .noinstr.text section vmlinux.o: warning: objtool: do_int80_syscall_32()+0x3d: call to __context_tracking_enter() leaves .noinstr.text section vmlinux.o: warning: objtool: do_fast_syscall_32()+0x9c: call to __context_tracking_enter() leaves .noinstr.text section and generates new ones... Signed-off-by: Thomas Gleixner Reviewed-by: Masami Hiramatsu Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134340.811520478@linutronix.de commit 20355e5f73a75e58cee4c80d4cd92ce0d1628023 Author: Peter Zijlstra Date: Thu Mar 5 14:01:25 2020 +0100 x86/entry: Exclude low level entry code from sanitizing The sanitizers are not really applicable to the fragile low level entry code. Entry code needs to carefully setup a normal 'runtime' environment. Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Link: https://lkml.kernel.org/r/20200505134059.970057117@linutronix.de commit 44d7e4fbc08eca153ea4b436a1440639dff2c771 Author: Thomas Gleixner Date: Thu Mar 5 11:16:49 2020 +0100 x86/entry: Remove the unused LOCKDEP_SYSEXIT cruft No users left since two years due to commit 21d375b6b34f ("x86/entry/64: Remove the SYSCALL64 fast path") Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134059.061301403@linutronix.de commit 725005897ec4ba07d6227a1ac3121048153eb3ce Author: Thomas Gleixner Date: Tue Feb 25 23:16:08 2020 +0100 x86/entry/64: Avoid pointless code when CONTEXT_TRACKING=n GAS cannot optimize out the test and conditional jump when context tracking is disabled and CALL_enter_from_user_mode is an empty macro. Wrap it in #ifdeffery. Will go away once all this is moved to C. Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Frederic Weisbecker Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra Link: https://lkml.kernel.org/r/20200505134058.955968069@linutronix.de commit e9660391d0ebd174b169af3d6de680c2f836027c Author: Peter Zijlstra Date: Thu Feb 20 13:17:27 2020 +0100 x86/doublefault: Remove memmove() call Use of memmove() in #DF is problematic considered tracing and other instrumentation. Remove the memmove() call and simply write out what needs doing; this even clarifies the code, win-win! The code copies from the espfix64 stack to the normal task stack, there is no possible way for that to overlap. Survives selftests/x86, specifically sigreturn_64. Suggested-by: Borislav Petkov Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Reviewed-by: Alexandre Chartre Acked-by: Andy Lutomirski Link: https://lkml.kernel.org/r/20200505134058.863038566@linutronix.de commit 24ae0c91cbc57c2deb0401bd653453a508acdcee Author: Andy Lutomirski Date: Mon Feb 24 13:24:58 2020 +0100 x86/hw_breakpoint: Prevent data breakpoints on cpu_entry_area A data breakpoint near the top of an IST stack will cause unrecoverable recursion. A data breakpoint on the GDT, IDT, or TSS is terrifying. Prevent either of these from happening. Co-developed-by: Peter Zijlstra Signed-off-by: Andy Lutomirski Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Reviewed-by: Borislav Petkov Reviewed-by: Lai Jiangshan Reviewed-by: Alexandre Chartre Link: https://lkml.kernel.org/r/20200505134058.272448010@linutronix.de commit 1f1fbc70c10e81f70e9fbe2102d439c883269811 Author: Vitaly Kuznetsov Date: Tue Apr 28 11:38:24 2020 +0200 x86/idt: Keep spurious entries unset in system_vectors With commit dc20b2d52653 ("x86/idt: Move interrupt gate initialization to IDT code") non assigned system vectors are also marked as used in 'used_vectors' (now 'system_vectors') bitmap. This makes checks in arch_show_interrupts() whether a particular system vector is allocated to always pass and e.g. 'Hyper-V reenlightenment interrupts' entry always shows up in /proc/interrupts. Another side effect of having all unassigned system vectors marked as used is that irq_matrix_debug_show() will wrongly count them among 'System' vectors. As it is now ensured that alloc_intr_gate() is not called after init, it is possible to leave unused entries in 'system_vectors' unset to fix these issues. Signed-off-by: Vitaly Kuznetsov Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200428093824.1451532-4-vkuznets@redhat.com commit 06184325a1cce27a02a688d98740f90fe06e0133 Author: Vitaly Kuznetsov Date: Tue Apr 28 11:38:23 2020 +0200 x86/idt: Annotate alloc_intr_gate() with __init There seems to be no reason to allocate interrupt gates after init. Mark alloc_intr_gate() as __init and add WARN_ON() checks making sure it is only used before idt_setup_apic_and_irq_gates() finalizes IDT setup and maps all un-allocated entries to spurious entries. Suggested-by: Thomas Gleixner Signed-off-by: Vitaly Kuznetsov Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200428093824.1451532-3-vkuznets@redhat.com commit a0bb51f2638e0810c347024679239fd10a8f7990 Author: Vitaly Kuznetsov Date: Tue Apr 28 11:38:22 2020 +0200 x86/xen: Split HVM vector callback setup and interrupt gate allocation As a preparatory change for making alloc_intr_gate() __init split xen_callback_vector() into callback vector setup via hypercall (xen_setup_callback_vector()) and interrupt gate allocation (xen_alloc_callback_vector()). xen_setup_callback_vector() is being called twice: on init and upon system resume from xen_hvm_post_suspend(). alloc_intr_gate() only needs to be called once. Suggested-by: Thomas Gleixner Signed-off-by: Vitaly Kuznetsov Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200428093824.1451532-2-vkuznets@redhat.com commit fbaed278a3cc72a46aadae667b8c6754b78640a6 Author: Lai Jiangshan Date: Sun Apr 19 14:40:48 2020 +0000 x86/idt: Remove address operator on function machine_check() machine_check is function address, the address operator on it is nop for compiler. Make it consistent with the other function addresses in the same file. Signed-off-by: Lai Jiangshan Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200419144049.1906-3-laijs@linux.alibaba.com commit c75890700455113c366f795f3d22ee03623835e8 Author: Lai Jiangshan Date: Sun Apr 19 14:40:47 2020 +0000 x86/entry/64: Remove unneeded kernel CR3 switching When native_load_gs_index() fails on .Lgs_change, CR3 must be kernel CR3. No need to switch it. Signed-off-by: Lai Jiangshan Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200419144049.1906-2-laijs@linux.alibaba.com commit 26fa1263b0ba35f01a25f4f7e70ba7c44455d1e3 Author: Lai Jiangshan Date: Sun Apr 19 14:40:49 2020 +0000 x86/entry/64: Remove an unused label The label .Lcommon_\sym was introduced by 39e9543344fa. (x86-64: Reduce amount of redundant code generated for invalidate_interruptNN) And all the other relevant information was removed by 52aec3308db8 (x86/tlb: replace INVALIDATE_TLB_VECTOR by CALL_FUNCTION_VECTOR) Signed-off-by: Lai Jiangshan Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20200419144049.1906-4-laijs@linux.alibaba.com commit dd4bc60765873445893037ae73a5f75398a8cd19 Author: Ard Biesheuvel Date: Thu Jun 11 14:43:30 2020 +0200 arm64: warn on incorrect placement of the kernel by the bootloader Commit cfa7ede20f133c ("arm64: set TEXT_OFFSET to 0x0 in preparation for removing it entirely") results in boot failures when booting kernels that are built without KASLR support on broken bootloaders that ignore the TEXT_OFFSET value passed via the header, and use the default of 0x80000 instead. To work around this, turn CONFIG_RELOCATABLE on by default, even if KASLR itself (CONFIG_RANDOMIZE_BASE) is turned off, and require CONFIG_EXPERT to be enabled to deviate from this. Then, emit a warning into the kernel log if we are not booting via the EFI stub (which is permitted to deviate from the placement restrictions) and the kernel base address is not placed according to the rules as laid out in Documentation/arm64/booting.rst. Signed-off-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20200611124330.252163-1-ardb@kernel.org Signed-off-by: Will Deacon commit e4a42c82e943b97ce124539fcd7a47445b43fa0d Author: Denis Efremov Date: Mon Jun 8 12:59:44 2020 +0300 kbuild: fix broken builds because of GZIP,BZIP2,LZOP variables Redefine GZIP, BZIP2, LZOP variables as KGZIP, KBZIP2, KLZOP resp. GZIP, BZIP2, LZOP env variables are reserved by the tools. The original attempt to redefine them internally doesn't work in makefiles/scripts intercall scenarios, e.g., "make GZIP=gzip bindeb-pkg" and results in broken builds. There can be other broken build commands because of this, so the universal solution is to use non-reserved env variables for the compression tools. Fixes: 8dfb61dcbace ("kbuild: add variables for compression tools") Signed-off-by: Denis Efremov Tested-by: Guenter Roeck Signed-off-by: Masahiro Yamada commit fca5e94921d50d13ee8720ce58a352e7fc0228bf Author: Masahiro Yamada Date: Sun Jun 7 12:20:53 2020 +0900 samples: binderfs: really compile this sample and fix build issues Even after commit c624adc9cb6e ("samples: fix binderfs sample"), this sample is never compiled. 'hostprogs' teaches Kbuild that this is a host program, but not enough to order to compile it. You must add it to 'always-y' to really compile it. Since this sample has never been compiled in upstream, various issues are left unnoticed. [1] compilers without are still widely used is only available since commit c13295ad219d ("binderfs: rename header to binderfs.h"), i.e., Linux 5.0 If your compiler is based on UAPI headers older than Linux 5.0, you will see the following error: samples/binderfs/binderfs_example.c:16:10: fatal error: linux/android/binderfs.h: No such file or directory #include ^~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. You cannot rely on compilers having such a new header. The common approach is to install UAPI headers of this kernel into usr/include, and then add it to the header search path. I added 'depends on HEADERS_INSTALL' in Kconfig, and '-I usr/include' compiler flag in Makefile. [2] compile the sample for target architecture Because headers_install works for the target architecture, only the native compiler was able to build sample code that requires '-I usr/include'. Commit 7f3a59db274c ("kbuild: add infrastructure to build userspace programs") added the new syntax 'userprogs' to compile user-space programs for the target architecture. Use it, and then 'ifndef CROSS_COMPILE' will go away. I added 'depends on CC_CAN_LINK' because $(CC) is not necessarily capable of linking user-space programs. [3] use subdir-y to descend into samples/binderfs Since this directory does not contain any kernel-space code, it has no point in generating built-in.a or modules.order. Replace obj-$(CONFIG_...) with subdir-$(CONFIG_...). [4] -Wunused-variable warning If I compile this, I see the following warning. samples/binderfs/binderfs_example.c: In function 'main': samples/binderfs/binderfs_example.c:21:9: warning: unused variable 'len' [-Wunused-variable] 21 | size_t len; | ^~~ I removed the unused 'len'. [5] CONFIG_ANDROID_BINDERFS is not required Since this is a user-space standalone program, it is independent of the kernel configuration. Remove 'depends on ANDROID_BINDERFS'. Fixes: 9762dc1432e1 ("samples: add binderfs sample program") Fixes: c624adc9cb6e ("samples: fix binderfs sample") Signed-off-by: Masahiro Yamada Acked-by: Christian Brauner commit d790eeb3db6aefac39ffa06e598eb31b7352ca4f Author: Jean Delvare Date: Thu Jun 11 12:03:47 2020 +0200 i2c: Drop stray comma in MODULE_AUTHOR statements It is not the common usage to have a comma between the name and the email address, so remove it. Signed-off-by: Jean Delvare Cc: Kukjin Kim Cc: Krzysztof Kozlowski Reviewed-by: Jarkko Nikula Signed-off-by: Wolfram Sang commit e6197c8290f72ebadc24e05d876f42211318cd91 Author: kernel test robot Date: Thu Jun 11 10:50:35 2020 +0800 i2c: npcm7xx: npcm_i2caddr[] can be static Fixes: f54736925a4f ("i2c: npcm7xx: Add support for slave mode for Nuvoton") Signed-off-by: kernel test robot Signed-off-by: Wolfram Sang commit 66057dd1d1cf2149e0f5fdaee58d6ea69bc98048 Merge: addb1e23bf72 291ddeb621e4 Author: Dave Airlie Date: Thu Jun 11 17:51:06 2020 +1000 Merge tag 'drm-misc-next-fixes-2020-06-11' of git://anongit.freedesktop.org/drm/drm-misc into drm-next In core, DRM connectors now notify userspace of hotplug events via sysfs. In drivers, sun4i now uses 4 bits to store the clock's m divider; ast sets up 24/32-bit color mode correctly. Signed-off-by: Dave Airlie From: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20200611075007.GA15098@linux-uq9g commit 291ddeb621e4a9f1ced8302a777fbd7fbda058c6 Author: Colin Ian King Date: Wed Jun 10 12:58:04 2020 +0100 drm/ast: fix missing break in switch statement for format->cpp[0] case 4 Currently the switch statement for format->cpp[0] value 4 assigns color_index which is never read again and then falls through to the default case and returns. This looks like a missing break statement bug. Fix this by adding a break statement. Addresses-Coverity: ("Unused value") Fixes: 259d14a76a27 ("drm/ast: Split ast_set_vbios_mode_info()") Signed-off-by: Colin Ian King Signed-off-by: Thomas Zimmermann Tested-by: Thomas Zimmermann Reviewed-by: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20200610115804.1132338-1-colin.king@canonical.com commit 2a9e5ded9543436620a7fbc9329ddcc32bf97bc7 Author: Petr Mladek Date: Wed May 20 12:22:33 2020 +0200 printk/kdb: Redirect printk messages into kdb in any context kdb has to get messages on consoles even when the system is stopped. It uses kdb_printf() internally and calls console drivers on its own. It uses a hack to reuse an existing code. It sets "kdb_trap_printk" global variable to redirect even the normal printk() into the kdb_printf() variant. The variable "kdb_trap_printk" is checked in printk_default() and it is ignored when printk is redirected to printk_safe in NMI context. Solve this by moving the check into printk_func(). It is obvious that it is not fully safe. But it does not make things worse. The console drivers are already called in this context by db_printf() direct calls. Reported-by: Sumit Garg Tested-by: Sumit Garg Reviewed-by: Daniel Thompson Acked-by: Sergey Senozhatsky Signed-off-by: Petr Mladek Link: https://lore.kernel.org/r/20200520102233.GC3464@linux-b0ei commit 37f8173dd84936ea78000ed1cad24f8b18d48ebb Author: Peter Zijlstra Date: Fri Jan 24 22:13:03 2020 +0100 locking/atomics: Flip fallbacks and instrumentation Currently instrumentation of atomic primitives is done at the architecture level, while composites or fallbacks are provided at the generic level. The result is that there are no uninstrumented variants of the fallbacks. Since there is now need of such variants to isolate text poke from any form of instrumentation invert this ordering. Doing this means moving the instrumentation into the generic code as well as having (for now) two variants of the fallbacks. Notes: - the various *cond_read* primitives are not proper fallbacks and got moved into linux/atomic.c. No arch_ variants are generated because the base primitives smp_cond_load*() are instrumented. - once all architectures are moved over to arch_atomic_ one of the fallback variants can be removed and some 2300 lines reclaimed. - atomic_{read,set}*() are no longer double-instrumented Reported-by: Thomas Gleixner Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Thomas Gleixner Acked-by: Mark Rutland Link: https://lkml.kernel.org/r/20200505134058.769149955@linutronix.de commit 765dcd209947e7b3666c08fb109ab8b879f7a471 Author: Marco Elver Date: Tue Nov 26 15:04:05 2019 +0100 asm-generic/atomic: Use __always_inline for fallback wrappers Use __always_inline for atomic fallback wrappers. When building for size (CC_OPTIMIZE_FOR_SIZE), some compilers appear to be less inclined to inline even relatively small static inline functions that are assumed to be inlinable such as atomic ops. This can cause problems, for example in UACCESS regions. While the fallback wrappers aren't pure wrappers, they are trivial nonetheless, and the function they wrap should determine the final inlining policy. For x86 tinyconfig we observe: - vmlinux baseline: 1315988 - vmlinux with patch: 1315928 (-60 bytes) [ tglx: Cherry-picked from KCSAN ] Suggested-by: Mark Rutland Signed-off-by: Marco Elver Acked-by: Mark Rutland Signed-off-by: Paul E. McKenney Signed-off-by: Thomas Gleixner commit e9f901dc05c09c4f89183cadcb2d93177f3100cb Author: Sivaprakash Murugesan Date: Mon Jun 8 15:07:27 2020 +0530 mailbox: qcom: Add ipq6018 apcs compatible The Qualcomm ipq6018 has apcs block, add compatible for the same. Also, the ipq6018 apcs provides a clock functionality similar to msm8916 but the clock driver is different. Create a child device based on the apcs compatible for the clock controller functionality. Signed-off-by: Sivaprakash Murugesan Signed-off-by: Jassi Brar commit 9b007938ae3cd75d0ae883c6c0eeb0985cacba15 Author: Sivaprakash Murugesan Date: Mon Jun 8 15:07:26 2020 +0530 mailbox: qcom: Add clock driver name in apcs mailbox driver data Some apcs mailbox devices supports a clock driver, the compatible strings of devices supporting clock driver along with the clock driver name are maintained in a separate structure within the mailbox driver. And the clock driver is added based on device match. With increase in number of devices supporting the clock feature move the clock driver name inside the driver data. so that we can use a single API to get the register offset of mailbox driver and clock driver name together, and the clock driver will be added based on the driver data. Signed-off-by: Sivaprakash Murugesan Signed-off-by: Jassi Brar commit 01f76386b0ac0b1c1094456c8f43ea6085fc49d2 Author: Vincent Chen Date: Tue Jun 9 22:14:49 2020 +0800 riscv: set the permission of vdso_data to read-only The original vdso_data page is empty, so the permission of the vdso_data page can be the same with the vdso text page. After introducing the vDSO common flow, the vdso_data is not empty and the permission should be changed to read-only. Signed-off-by: Vincent Chen Signed-off-by: Palmer Dabbelt commit ad5d1122b82fbd6a816d1b9d26ee01a6dbc2d757 Author: Vincent Chen Date: Tue Jun 9 22:14:48 2020 +0800 riscv: use vDSO common flow to reduce the latency of the time-related functions Even if RISC-V has supported the vDSO feature, the latency of the functions for obtaining the system time is still expensive. It is because these functions still trigger a corresponding system call in the process, which slows down the response time. If we want to remove the system call to reduce the latency, the kernel should have the ability to output the system clock information to userspace. This patch introduces the vDSO common flow to enable the kernel to achieve the above feature and uses "rdtime" instruction to obtain the current time in the user space. Under this condition, the latency cost by the ecall from U-mode to S-mode can be eliminated. After applying this patch, the latency of gettimeofday() measured on the HiFive unleashed board can be reduced by %61. Signed-off-by: Vincent Chen Reviewed-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 37c54f9bd48663f7657a9178fe08c47e4f5b537b Author: Christoph Hellwig Date: Wed Jun 10 18:42:10 2020 -0700 kernel: set USER_DS in kthread_use_mm Some architectures like arm64 and s390 require USER_DS to be set for kernel threads to access user address space, which is the whole purpose of kthread_use_mm, but other like x86 don't. That has lead to a huge mess where some callers are fixed up once they are tested on said architectures, while others linger around and yet other like io_uring try to do "clever" optimizations for what usually is just a trivial asignment to a member in the thread_struct for most architectures. Make kthread_use_mm set USER_DS, and kthread_unuse_mm restore to the previous value instead. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Tested-by: Jens Axboe Reviewed-by: Jens Axboe Acked-by: Michael S. Tsirkin Cc: Alex Deucher Cc: Al Viro Cc: Felipe Balbi Cc: Felix Kuehling Cc: Jason Wang Cc: Zhenyu Wang Cc: Zhi Wang Cc: Greg Kroah-Hartman Link: http://lkml.kernel.org/r/20200404094101.672954-7-hch@lst.de Signed-off-by: Linus Torvalds commit f5678e7f2ac31c270334b936352f0ef2fe7dd2b3 Author: Christoph Hellwig Date: Wed Jun 10 18:42:06 2020 -0700 kernel: better document the use_mm/unuse_mm API contract Switch the function documentation to kerneldoc comments, and add WARN_ON_ONCE asserts that the calling thread is a kernel thread and does not have ->mm set (or has ->mm set in the case of unuse_mm). Also give the functions a kthread_ prefix to better document the use case. [hch@lst.de: fix a comment typo, cover the newly merged use_mm/unuse_mm caller in vfio] Link: http://lkml.kernel.org/r/20200416053158.586887-3-hch@lst.de [sfr@canb.auug.org.au: powerpc/vas: fix up for {un}use_mm() rename] Link: http://lkml.kernel.org/r/20200422163935.5aa93ba5@canb.auug.org.au Signed-off-by: Christoph Hellwig Signed-off-by: Stephen Rothwell Signed-off-by: Andrew Morton Tested-by: Jens Axboe Reviewed-by: Jens Axboe Acked-by: Felix Kuehling Acked-by: Greg Kroah-Hartman [usb] Acked-by: Haren Myneni Cc: Alex Deucher Cc: Al Viro Cc: Felipe Balbi Cc: Jason Wang Cc: "Michael S. Tsirkin" Cc: Zhenyu Wang Cc: Zhi Wang Link: http://lkml.kernel.org/r/20200404094101.672954-6-hch@lst.de Signed-off-by: Linus Torvalds commit 4dbe59a6ae358f30b6a9a50406249d54cc954dc1 Author: Christoph Hellwig Date: Wed Jun 10 18:42:03 2020 -0700 kernel: move use_mm/unuse_mm to kthread.c cover the newly merged use_mm/unuse_mm caller in vfio Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Felix Kuehling Cc: Alex Deucher Cc: Al Viro Cc: Felipe Balbi Cc: Greg Kroah-Hartman Cc: Jason Wang Cc: Jens Axboe Cc: "Michael S. Tsirkin" Cc: Zhenyu Wang Cc: Zhi Wang Link: http://lkml.kernel.org/r/20200416053158.586887-2-hch@lst.de Signed-off-by: Linus Torvalds commit 9bf5b9eb232b34738800868e30bea3bad4a6a1ba Author: Christoph Hellwig Date: Wed Jun 10 18:41:59 2020 -0700 kernel: move use_mm/unuse_mm to kthread.c Patch series "improve use_mm / unuse_mm", v2. This series improves the use_mm / unuse_mm interface by better documenting the assumptions, and my taking the set_fs manipulations spread over the callers into the core API. This patch (of 3): Use the proper API instead. Link: http://lkml.kernel.org/r/20200404094101.672954-1-hch@lst.de These helpers are only for use with kernel threads, and I will tie them more into the kthread infrastructure going forward. Also move the prototypes to kthread.h - mmu_context.h was a little weird to start with as it otherwise contains very low-level MM bits. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Tested-by: Jens Axboe Reviewed-by: Jens Axboe Acked-by: Felix Kuehling Cc: Alex Deucher Cc: Al Viro Cc: Felipe Balbi Cc: Jason Wang Cc: "Michael S. Tsirkin" Cc: Zhenyu Wang Cc: Zhi Wang Cc: Greg Kroah-Hartman Link: http://lkml.kernel.org/r/20200404094101.672954-1-hch@lst.de Link: http://lkml.kernel.org/r/20200416053158.586887-1-hch@lst.de Link: http://lkml.kernel.org/r/20200404094101.672954-5-hch@lst.de Signed-off-by: Linus Torvalds commit 2c34f6f738d2509cf9b710abd35a605acfd6ada6 Author: Walter Wu Date: Wed Jun 10 18:41:56 2020 -0700 stacktrace: cleanup inconsistent variable type Modify the variable type of 'skip' member of struct stack_trace. In theory, the 'skip' variable type should be unsigned int. There are two reasons: - The 'skip' only has two situation, 1)Positive value, 2)Zero - The 'skip' of struct stack_trace has inconsistent type with struct stack_trace_data, it makes a bit confusion in the relationship between struct stack_trace and stack_trace_data. Signed-off-by: Walter Wu Signed-off-by: Andrew Morton Reviewed-by: Bart Van Assche Cc: Matthias Brugger Cc: Thomas Gleixner Cc: Peter Zijlstra Cc: Ingo Molnar Cc: Josh Poimboeuf Link: http://lkml.kernel.org/r/20200421013511.5960-1-walter-zh.wu@mediatek.com Signed-off-by: Linus Torvalds commit 6af132f3a11e6d2d9032ce51c882aa5933543255 Author: Wei Yang Date: Wed Jun 10 18:41:53 2020 -0700 lib: test get_count_order/long in test_bitops.c Add some tests for get_count_order/long in test_bitops.c. [akpm@linux-foundation.org: define local `i'] [akpm@linux-foundation.org: enhancement, warning fix, cleanup per Geert] [akpm@linux-foundation.org: fix loop bound, per Wei Yang] Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: Andy Shevchenko Cc: Christian Brauner Cc: Geert Uytterhoeven Link: http://lkml.kernel.org/r/20200602223728.32722-1-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit 496df3d3ab8a407f83330fb8d7160a5f91898c55 Author: Ben Widawsky Date: Wed Jun 10 18:41:50 2020 -0700 mm: add comments on pglist_data zones While making other modifications it was easy to confuse the two struct members node_zones and node_zonelists. For those already familiar with the code, this might seem to be a silly patch, but it's quite helpful to disambiguate the similar-sounding fields While here, add a small comment on why nr_zones isn't simply MAX_NR_ZONES Signed-off-by: Ben Widawsky Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Link: http://lkml.kernel.org/r/20200520205443.2757414-1-ben.widawsky@intel.com Signed-off-by: Linus Torvalds commit cc989e78472e29c69b196d6985e718c8834027b7 Author: Keyur Patel Date: Wed Jun 10 18:41:47 2020 -0700 ocfs2: fix spelling mistake and grammar ./ocfs2/mmap.c:65: bebongs ==> belonging Signed-off-by: Keyur Patel Signed-off-by: Andrew Morton Reviewed-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Changwei Ge Cc: Gang He Cc: Jun Piao Link: http://lkml.kernel.org/r/20200608014818.102358-1-iamkeyur96@gmail.com Signed-off-by: Linus Torvalds commit 787d563b8642f35c561e439ebaf7ee5653437d05 Author: Aneesh Kumar K.V Date: Wed Jun 10 18:41:44 2020 -0700 mm/debug_vm_pgtable: fix kernel crash by checking for THP support Architectures can have CONFIG_TRANSPARENT_HUGEPAGE enabled but no THP support enabled based on platforms. For ex: with 4K PAGE_SIZE ppc64 supports THP only with radix translation. This results in below crash when running with hash translation and 4K PAGE_SIZE. kernel BUG at arch/powerpc/include/asm/book3s/64/hash-4k.h:140! cpu 0x61: Vector: 700 (Program Check) at [c000000ff948f860] pc: debug_vm_pgtable+0x480/0x8b0 lr: debug_vm_pgtable+0x474/0x8b0 ... debug_vm_pgtable+0x374/0x8b0 (unreliable) do_one_initcall+0x98/0x4f0 kernel_init_freeable+0x330/0x3fc kernel_init+0x24/0x148 Check for THP support correctly Link: http://lkml.kernel.org/r/20200608125252.407659-1-aneesh.kumar@linux.ibm.com Fixes: 399145f9eb6c ("mm/debug: add tests validating architecture page table helpers") Signed-off-by: Aneesh Kumar K.V Reviewed-by: Anshuman Khandual Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 81c4f4d924d5d009b5ed785a3e22b18d0f7b831f Author: Alexander Gordeev Date: Wed Jun 10 18:41:41 2020 -0700 lib: fix bitmap_parse() on 64-bit big endian archs Commit 2d6261583be0 ("lib: rework bitmap_parse()") does not take into account order of halfwords on 64-bit big endian architectures. As result (at least) Receive Packet Steering, IRQ affinity masks and runtime kernel test "test_bitmap" get broken on s390. [andriy.shevchenko@linux.intel.com: convert infinite while loop to a for loop] Link: http://lkml.kernel.org/r/20200609140535.87160-1-andriy.shevchenko@linux.intel.com Fixes: 2d6261583be0 ("lib: rework bitmap_parse()") Signed-off-by: Alexander Gordeev Signed-off-by: Andy Shevchenko Signed-off-by: Andrew Morton Reviewed-by: Andy Shevchenko Cc: Yury Norov Cc: Amritha Nambiar Cc: Arnaldo Carvalho de Melo Cc: Chris Wilson Cc: Kees Cook Cc: Matthew Wilcox Cc: Miklos Szeredi Cc: Rasmus Villemoes Cc: Steffen Klassert Cc: "Tobin C . Harding" Cc: Vineet Gupta Cc: Will Deacon Cc: Willem de Bruijn Cc: Link: http://lkml.kernel.org/r/1591634471-17647-1-git-send-email-agordeev@linux.ibm.com Signed-off-by: Linus Torvalds commit 2581ac7c2f6b093eea3340a4e2db8a55fc9f8470 Author: Tim Froidcoeur Date: Wed Jun 10 18:41:38 2020 -0700 checkpatch: correct check for kernel parameters doc Adding a new kernel parameter with documentation makes checkpatch complain __setup appears un-documented -- check Documentation/admin-guide/kernel-parameters.rst The list of kernel parameters has moved to a separate txt file, but checkpatch has not been updated for this. Make checkpatch.pl look for the documentation for new kernel parameters in kernel-parameters.txt instead of kernel-parameters.rst. Fixes: e52347bd66f6 ("Documentation/admin-guide: split the kernel parameter list to a separate file") Signed-off-by: Tim Froidcoeur Signed-off-by: Andrew Morton Acked-by: Joe Perches Cc: Mauro Carvalho Chehab Signed-off-by: Linus Torvalds commit 8301c719a2bd131436438e49130ee381d30933f5 Author: Ryusuke Konishi Date: Wed Jun 10 18:41:35 2020 -0700 nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() After commit c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if mapping has no dirty pages"), the following null pointer dereference has been reported on nilfs2: BUG: kernel NULL pointer dereference, address: 00000000000000a8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI ... RIP: 0010:percpu_counter_add_batch+0xa/0x60 ... Call Trace: __test_set_page_writeback+0x2d3/0x330 nilfs_segctor_do_construct+0x10d3/0x2110 [nilfs2] nilfs_segctor_construct+0x168/0x260 [nilfs2] nilfs_segctor_thread+0x127/0x3b0 [nilfs2] kthread+0xf8/0x130 ... This crash turned out to be caused by set_page_writeback() call for segment summary buffers at nilfs_segctor_prepare_write(). set_page_writeback() can call inc_wb_stat(inode_to_wb(inode), WB_WRITEBACK) where inode_to_wb(inode) is NULL if the inode of underlying block device does not have an associated wb. This fixes the issue by calling inode_attach_wb() in advance to ensure to associate the bdev inode with its wb. Fixes: c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if mapping has no dirty pages") Reported-by: Walton Hoops Reported-by: Tomas Hlavaty Reported-by: ARAI Shun-ichi Reported-by: Hideki EIRAKU Signed-off-by: Ryusuke Konishi Signed-off-by: Andrew Morton Tested-by: Ryusuke Konishi Cc: [5.4+] Link: http://lkml.kernel.org/r/20200608.011819.1399059588922299158.konishi.ryusuke@gmail.com Signed-off-by: Linus Torvalds commit e8ec04938c446e5f4dc53e0147f0f679995012ee Author: Joe Perches Date: Wed Jun 10 18:41:32 2020 -0700 lib/lz4/lz4_decompress.c: document deliberate use of `&' This operation was intentional, but tools such as smatch will warn that it might not have been. Signed-off-by: Andrew Morton Cc: Yann Collet Cc: Vasily Averin Cc: Gao Xiang Link: http://lkml.kernel.org/r/3bf931c6ea0cae3e23f3485801986859851b4f04.camel@perches.com Signed-off-by: Linus Torvalds commit 3021e69219e2f3df6d01243000db32d1325cdd0d Author: Andrey Konovalov Date: Wed Jun 10 18:41:28 2020 -0700 kcov: check kcov_softirq in kcov_remote_stop() kcov_remote_stop() should check that the corresponding kcov_remote_start() actually found the specified remote handle and started collecting coverage. This is done by checking the per thread kcov_softirq flag. A particular failure scenario where this was observed involved a softirq with a remote coverage collection section coming between check_kcov_mode() and the access to t->kcov_area in __sanitizer_cov_trace_pc(). In that softirq kcov_remote_start() bailed out after kcov_remote_find() check, but the matching kcov_remote_stop() didn't check if kcov_remote_start() succeeded, and overwrote per thread kcov parameters with invalid (zero) values. Fixes: 5ff3b30ab57d ("kcov: collect coverage from interrupts") Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Reviewed-by: Dmitry Vyukov Cc: Alexander Potapenko Cc: Marco Elver Cc: Tetsuo Handa Link: http://lkml.kernel.org/r/fcd1cd16eac1d2c01a66befd8ea4afc6f8d09833.1591576806.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit 405906600a33a37e225817c085b1807ad46784b4 Author: SeongJae Park Date: Wed Jun 10 18:41:25 2020 -0700 scripts/spelling: add a few more typos This commit adds typos I found from another work. Signed-off-by: SeongJae Park Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Cc: Joe Perches Link: http://lkml.kernel.org/r/20200605092502.18018-3-sjpark@amazon.com Signed-off-by: Linus Torvalds commit 9f267a17bfb4eb52a1705d0886a7220e6470bf52 Author: Dan Carpenter Date: Wed Jun 10 18:41:22 2020 -0700 khugepaged: selftests: fix timeout condition in wait_for_scan() The loop exits with "timeout" set to -1 and not to 0 so the test needs to be fixed. Fixes: e7b592f6caca ("khugepaged: add self test") Signed-off-by: Dan Carpenter Signed-off-by: Andrew Morton Cc: Shuah Khan Cc: Stephen Rothwell Cc: Zi Yan Cc: William Kucharski Cc: Yang Shi Cc: John Hubbard Link: http://lkml.kernel.org/r/20200605110736.GH978434@mwanda Acked-by: Kirill A. Shutemov Signed-off-by: Linus Torvalds commit 65de50969a77509452ae590e9449b70a22b923bb Author: Tom Rix Date: Wed Jun 10 14:57:13 2020 -0700 selinux: fix double free Clang's static analysis tool reports these double free memory errors. security/selinux/ss/services.c:2987:4: warning: Attempt to free released memory [unix.Malloc] kfree(bnames[i]); ^~~~~~~~~~~~~~~~ security/selinux/ss/services.c:2990:2: warning: Attempt to free released memory [unix.Malloc] kfree(bvalues); ^~~~~~~~~~~~~~ So improve the security_get_bools error handling by freeing these variables and setting their return pointers to NULL and the return len to 0 Cc: stable@vger.kernel.org Signed-off-by: Tom Rix Acked-by: Stephen Smalley Signed-off-by: Paul Moore commit addb1e23bf72c47a3e2eb7cdad6dc8cdffa91384 Merge: 8d286e2ff440 3680c2e9f425 Author: Dave Airlie Date: Thu Jun 11 11:49:03 2020 +1000 Merge tag 'drm-intel-next-fixes-2020-06-10' of git://anongit.freedesktop.org/drm/drm-intel into drm-next - Avoid use after free in cmdparser - Avoid NULL dereference when probing all display encoders - Fixup to module parameter type Signed-off-by: Dave Airlie From: Joonas Lahtinen Link: https://patchwork.freedesktop.org/patch/msgid/20200610093700.GA8599@jlahtine-desk.ger.corp.intel.com commit b29482fde649c72441d5478a4ea2c52c56d97a5e Merge: 4dbb29fe9dae 12aceb89b0bc Author: Linus Torvalds Date: Wed Jun 10 18:09:13 2020 -0700 Merge branch 'work.epoll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull epoll update from Al Viro: "epoll conversion to read_iter from Jens; I thought there might be more epoll stuff this cycle, but uaccess took too much time" * 'work.epoll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: eventfd: convert to f_op->read_iter() commit ae0b829df7120c78692e49c88453007e531c0e00 Author: Jakub Kicinski Date: Wed Jun 10 16:59:11 2020 -0700 docs: networkng: convert sja1105's devlink info to RTS A new file snuck into the tree after all existing documentation was converted to RST. Convert sja1105's devlink info and move it where the rest of the drivers are documented. Signed-off-by: Jakub Kicinski Acked-by: Vladimir Oltean Tested-by: Vladimir Oltean Signed-off-by: David S. Miller commit e697deed834de15d2322d0619d51893022c90ea2 Author: Jiufei Xue Date: Wed Jun 10 13:41:59 2020 +0800 io_uring: check file O_NONBLOCK state for accept If the socket is O_NONBLOCK, we should complete the accept request with -EAGAIN when data is not ready. Signed-off-by: Jiufei Xue Signed-off-by: Jens Axboe commit b548493cd485836e70ce29980089fc90d85874fb Merge: 934e36ec5e81 8b9914cd723b Author: David S. Miller Date: Wed Jun 10 17:05:02 2020 -0700 Merge branch 'chcr-Fixing-issues-in-dma-mapping-and-driver-removal' Ayush Sawal says: ==================== Fixing issues in dma mapping and driver removal Patch 1: This fixes the kernel panic which occurs due to the accessing of a zero length sg. Patch 2: Avoiding unregistering the algorithm if cra_refcnt is not 1. ==================== Signed-off-by: David S. Miller commit 8b9914cd723bfce8dbff65bd135563f887dcb19d Author: Ayush Sawal Date: Wed Jun 10 02:54:32 2020 +0530 Crypto/chcr: Checking cra_refcnt before unregistering the algorithms This patch puts a check for algorithm unregister, to avoid removal of driver if the algorithm is under use. Signed-off-by: Ayush Sawal Signed-off-by: David S. Miller commit fb90a1c85d8f08c85d9fd5729bfdeb786119f219 Author: Ayush Sawal Date: Wed Jun 10 02:54:31 2020 +0530 Crypto/chcr: Calculate src and dst sg lengths separately for dma map This patch calculates src and dst sg lengths separately for dma mapping in case of aead operation. This fixes a panic which occurs due to the accessing of a zero length sg. Panic: [ 138.173225] kernel BUG at drivers/iommu/intel-iommu.c:1184! Signed-off-by: Ayush Sawal Signed-off-by: David S. Miller commit 405a5d2b2762f2a9813efdee93274d4e7bf607a1 Author: Xiaoguang Wang Date: Wed Jun 10 19:41:20 2020 +0800 io_uring: avoid unnecessary io_wq_work copy for fast poll feature Basically IORING_OP_POLL_ADD command and async armed poll handlers for regular commands don't touch io_wq_work, so only REQ_F_WORK_INITIALIZED is set, can we do io_wq_work copy and restore. Signed-off-by: Xiaoguang Wang Signed-off-by: Jens Axboe commit 7cdaf587de7c6f494b8433fded19f7728e70e1ef Author: Xiaoguang Wang Date: Wed Jun 10 19:41:19 2020 +0800 io_uring: avoid whole io_wq_work copy for requests completed inline If requests can be submitted and completed inline, we don't need to initialize whole io_wq_work in io_init_req(), which is an expensive operation, add a new 'REQ_F_WORK_INITIALIZED' to determine whether io_wq_work is initialized and add a helper io_req_init_async(), users must call io_req_init_async() for the first time touching any members of io_wq_work. I use /dev/nullb0 to evaluate performance improvement in my physical machine: modprobe null_blk nr_devices=1 completion_nsec=0 sudo taskset -c 60 fio -name=fiotest -filename=/dev/nullb0 -iodepth=128 -thread -rw=read -ioengine=io_uring -direct=1 -bs=4k -size=100G -numjobs=1 -time_based -runtime=120 before this patch: Run status group 0 (all jobs): READ: bw=724MiB/s (759MB/s), 724MiB/s-724MiB/s (759MB/s-759MB/s), io=84.8GiB (91.1GB), run=120001-120001msec With this patch: Run status group 0 (all jobs): READ: bw=761MiB/s (798MB/s), 761MiB/s-761MiB/s (798MB/s-798MB/s), io=89.2GiB (95.8GB), run=120001-120001msec About 5% improvement. Signed-off-by: Xiaoguang Wang Signed-off-by: Jens Axboe commit 934e36ec5e81b8bc079f3d7acd12beb16cad9531 Author: Jakub Kicinski Date: Wed Jun 10 16:09:06 2020 -0700 docs: networkng: fix lists and table in sja1105 We need an empty line before list stats, otherwise first point will be smooshed into the paragraph. Inside tables text must start at the same offset in the cell, otherwise sphinx thinks it's a new indented block. Documentation/networking/dsa/sja1105.rst:108: WARNING: Block quote ends without a blank line; unexpected unindent. Documentation/networking/dsa/sja1105.rst:112: WARNING: Definition list ends without a blank line; unexpected unindent. Documentation/networking/dsa/sja1105.rst:245: WARNING: Unexpected indentation. Documentation/networking/dsa/sja1105.rst:246: WARNING: Block quote ends without a blank line; unexpected unindent. Documentation/networking/dsa/sja1105.rst:253: WARNING: Unexpected indentation. Documentation/networking/dsa/sja1105.rst:254: WARNING: Block quote ends without a blank line; unexpected unindent. Fixes: a20bc43bfb2e ("docs: net: dsa: sja1105: document the best_effort_vlan_filtering option") Signed-off-by: Jakub Kicinski Acked-by: Vladimir Oltean Signed-off-by: David S. Miller commit 58e898a07b9aa2de5eb2fdb9bfe1d0017682d340 Author: Jakub Kicinski Date: Wed Jun 10 15:36:48 2020 -0700 docs: networking: fix extra spaces in ethtool-netlink Sphinx appears to get upset at extra spaces at the end of a literal: Documentation/networking/ethtool-netlink.rst:1032: WARNING: Inline literal start-string without end-string. Documentation/networking/ethtool-netlink.rst:1034: WARNING: Inline literal start-string without end-string. Documentation/networking/ethtool-netlink.rst:1036: WARNING: Inline literal start-string without end-string. Documentation/networking/ethtool-netlink.rst:1089: WARNING: Inline literal start-string without end-string. Documentation/networking/ethtool-netlink.rst:1091: WARNING: Inline literal start-string without end-string. Documentation/networking/ethtool-netlink.rst:1093: WARNING: Inline literal start-string without end-string. Fixes: f2bc8ad31a7f ("net: ethtool: Allow PHY cable test TDR data to configured") Fixes: a331172b156b ("net: ethtool: Add attributes for cable test TDR data") Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller commit 014406babc1f5f887a08737566b5b356c7018242 Author: Corentin Labbe Date: Wed Jun 10 09:53:44 2020 +0000 net: cadence: macb: disable NAPI on error When the PHY is not working, the macb driver crash on a second try to setup it. [ 78.545994] macb e000b000.ethernet eth0: Could not attach PHY (-19) ifconfig: SIOCSIFFLAGS: No such device [ 78.655457] ------------[ cut here ]------------ [ 78.656014] kernel BUG at /linux-next/include/linux/netdevice.h:521! [ 78.656504] Internal error: Oops - BUG: 0 [#1] SMP ARM [ 78.657079] Modules linked in: [ 78.657795] CPU: 0 PID: 122 Comm: ifconfig Not tainted 5.7.0-next-20200609 #1 [ 78.658202] Hardware name: Xilinx Zynq Platform [ 78.659632] PC is at macb_open+0x220/0x294 [ 78.660160] LR is at 0x0 [ 78.660373] pc : [] lr : [<00000000>] psr: 60000013 [ 78.660716] sp : c89ffd70 ip : c8a28800 fp : c199bac0 [ 78.661040] r10: 00000000 r9 : c8838540 r8 : c8838568 [ 78.661362] r7 : 00000001 r6 : c8838000 r5 : c883c000 r4 : 00000000 [ 78.661724] r3 : 00000010 r2 : 00000000 r1 : 00000000 r0 : 00000000 [ 78.662187] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 78.662635] Control: 10c5387d Table: 08b64059 DAC: 00000051 [ 78.663035] Process ifconfig (pid: 122, stack limit = 0x(ptrval)) [ 78.663476] Stack: (0xc89ffd70 to 0xc8a00000) [ 78.664121] fd60: 00000000 c89fe000 c8838000 c89fe000 [ 78.664866] fd80: 00000000 c11ff9ac c8838028 00000000 00000000 c0de6f2c 00000001 c1804eec [ 78.665579] fda0: c19b8178 c8838000 00000000 ca760866 c8838000 00000001 00001043 c89fe000 [ 78.666355] fdc0: 00001002 c0de72f4 c89fe000 c0de8dc0 00008914 c89fe000 c199bac0 ca760866 [ 78.667111] fde0: c89ffddc c8838000 00001002 00000000 c8838138 c881010c 00008914 c0de7364 [ 78.667862] fe00: 00000000 c89ffe70 c89fe000 ffffffff c881010c c0e8bd48 00000003 00000000 [ 78.668601] fe20: c8838000 c8810100 39c1118f 00039c11 c89a0960 00001043 00000000 000a26d0 [ 78.669343] fe40: b6f43000 ca760866 c89a0960 00000051 befe6c50 00008914 c8b2a3c0 befe6c50 [ 78.670086] fe60: 00000003 ee610500 00000000 c0e8ef58 30687465 00000000 00000000 00000000 [ 78.670865] fe80: 00001043 00000000 000a26d0 b6f43000 c89a0600 ee40ae7c c8870d00 c0ddabf4 [ 78.671593] fea0: c89ffeec c0ddabf4 c89ffeec c199bac0 00008913 c0ddac48 c89ffeec c89fe000 [ 78.672324] fec0: befe6c50 ca760866 befe6c50 00008914 c89fe000 befe6c50 c8b2a3c0 c0dc00e4 [ 78.673088] fee0: c89a0480 00000201 00000cc0 30687465 00000000 00000000 00000000 00001002 [ 78.673822] ff00: 00000000 000a26d0 b6f43000 ca760866 00008914 c8b2a3c0 000a0ec4 c8b2a3c0 [ 78.674576] ff20: befe6c50 c04b21bc 000d5004 00000817 c89a0480 c0315f94 00000000 00000003 [ 78.675415] ff40: c19a2bc8 c8a3cc00 c89fe000 00000255 00000000 00000000 00000000 000d5000 [ 78.676182] ff60: 000f6000 c180b2a0 00000817 c0315e64 000d5004 c89fffb0 b6ec0c30 ca760866 [ 78.676928] ff80: 00000000 000b609b befe6c50 000a0ec4 00000036 c03002c4 c89fe000 00000036 [ 78.677673] ffa0: 00000000 c03000c0 000b609b befe6c50 00000003 00008914 befe6c50 000b609b [ 78.678415] ffc0: 000b609b befe6c50 000a0ec4 00000036 befe6e0c befe6f1a 000d5150 00000000 [ 78.679154] ffe0: 000d41e4 befe6bf4 00019648 b6e4509c 20000010 00000003 00000000 00000000 [ 78.681059] [] (macb_open) from [] (__dev_open+0xd0/0x154) [ 78.681571] [] (__dev_open) from [] (__dev_change_flags+0x16c/0x1c4) [ 78.682015] [] (__dev_change_flags) from [] (dev_change_flags+0x18/0x48) [ 78.682493] [] (dev_change_flags) from [] (devinet_ioctl+0x5e4/0x75c) [ 78.682945] [] (devinet_ioctl) from [] (inet_ioctl+0x1f0/0x3b4) [ 78.683381] [] (inet_ioctl) from [] (sock_ioctl+0x39c/0x664) [ 78.683818] [] (sock_ioctl) from [] (ksys_ioctl+0x2d8/0x9c0) [ 78.684343] [] (ksys_ioctl) from [] (ret_fast_syscall+0x0/0x54) [ 78.684789] Exception stack(0xc89fffa8 to 0xc89ffff0) [ 78.685346] ffa0: 000b609b befe6c50 00000003 00008914 befe6c50 000b609b [ 78.686106] ffc0: 000b609b befe6c50 000a0ec4 00000036 befe6e0c befe6f1a 000d5150 00000000 [ 78.686710] ffe0: 000d41e4 befe6bf4 00019648 b6e4509c [ 78.687582] Code: 9a000003 e5983078 e3130001 1affffef (e7f001f2) [ 78.688788] ---[ end trace e3f2f6ab69754eae ]--- This is due to NAPI left enabled if macb_phylink_connect() fail. Fixes: 7897b071ac3b ("net: macb: convert to phylink") Signed-off-by: Corentin Labbe Signed-off-by: David S. Miller commit 4dbb29fe9dae033a375f231da9cc27aaa09d2580 Merge: 1c3837266214 cc23402c1c2d Author: Linus Torvalds Date: Wed Jun 10 16:09:11 2020 -0700 Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs fixes from Al Viro: "A couple of trivial patches that fell through the cracks last cycle" * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fs: fix indentation in deactivate_super() vfs: Remove duplicated d_mountpoint check in __is_local_mountpoint commit 4b5af44129d0653a4df44e5511c7d480c61c8f3c Author: Paolo Abeni Date: Wed Jun 10 10:49:00 2020 +0200 mptcp: don't leak msk in token container If a listening MPTCP socket has unaccepted sockets at close time, the related msks are freed via mptcp_sock_destruct(), which in turn does not invoke the proto->destroy() method nor the mptcp_token_destroy() function. Due to the above, the child msk socket is not removed from the token container, leading to later UaF. Address the issue explicitly removing the token even in the above error path. Fixes: 79c0949e9a09 ("mptcp: Add key generation and token tree") Signed-off-by: Paolo Abeni Reviewed-by: Matthieu Baerts Signed-off-by: David S. Miller commit 1c3837266214c1e6fbbb96ff36bee13e923057d8 Merge: 3a8557e1aed0 ef9d965bc8b6 Author: Linus Torvalds Date: Wed Jun 10 16:05:54 2020 -0700 Merge branch 'work.sysctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull sysctl fixes from Al Viro: "Fixups to regressions in sysctl series" * 'work.sysctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: sysctl: reject gigantic reads/write to sysctl files cdrom: fix an incorrect __user annotation on cdrom_sysctl_info trace: fix an incorrect __user annotation on stack_trace_sysctl random: fix an incorrect __user annotation on proc_do_entropy net/sysctl: remove leftover __user annotations on neigh_proc_dointvec* net/sysctl: use cpumask_parse in flow_limit_cpu_sysctl commit 3a8557e1aed0043d526f304a1f500108c8976b78 Merge: 4382a79b2746 7b3f0c4c56b0 Author: Linus Torvalds Date: Wed Jun 10 16:04:27 2020 -0700 Merge branch 'uaccess.i915' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull i915 uaccess updates from Al Viro: "Low-hanging fruit in i915; there are several trickier followups, but that'll wait for the next cycle" * 'uaccess.i915' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: i915:get_engines(): get rid of pointless access_ok() i915: alloc_oa_regs(): get rid of pointless access_ok() i915 compat ioctl(): just use drm_ioctl_kernel() i915: switch copy_perf_config_registers_or_number() to unsafe_put_user() i915: switch query_{topology,engine}_info() to copy_to_user() commit 4382a79b2746faf9db98a34ae1a1cbd364473f75 Merge: 79ca035d2d94 b7e4b65f3fe9 Author: Linus Torvalds Date: Wed Jun 10 16:02:54 2020 -0700 Merge branch 'uaccess.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull misc uaccess updates from Al Viro: "Assorted uaccess patches for this cycle - the stuff that didn't fit into thematic series" * 'uaccess.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: bpf: make bpf_check_uarg_tail_zero() use check_zeroed_user() x86: kvm_hv_set_msr(): use __put_user() instead of 32bit __clear_user() user_regset_copyout_zero(): use clear_user() TEST_ACCESS_OK _never_ had been checked anywhere x86: switch cp_stat64() to unsafe_put_user() binfmt_flat: don't use __put_user() binfmt_elf_fdpic: don't use __... uaccess primitives binfmt_elf: don't bother with __{put,copy_to}_user() pselect6() and friends: take handling the combined 6th/7th args into helper commit e4a8fc054340f4df761f6a73335f8fdc0b7ac4fd Author: Tony Lindgren Date: Wed Jun 10 15:31:54 2020 -0700 Revert "bus: ti-sysc: Increase max softreset wait" This reverts commit 636338d7968e47c7f2e0b772a2a825ad932883fb. This patch is not a proper fixes the i2c2 timeouts are still happening in some cases. Signed-off-by: Tony Lindgren commit 944021e79e7ec8db9c3edbc6af32276ade4ac0db Author: Tomi Valkeinen Date: Tue Jun 9 13:30:00 2020 +0300 ARM: dts: am437x-epos-evm: remove lcd timings LCD timings now come from panel-simple. Having timings in the DT will cause a WARN. Signed-off-by: Tomi Valkeinen Signed-off-by: Tony Lindgren commit 3991510bf6402b534f158e164569d051bfd81f68 Author: Tomi Valkeinen Date: Tue Jun 9 13:29:59 2020 +0300 ARM: dts: am437x-gp-evm: remove lcd timings LCD timings now come from panel-simple. Having timings in the DT will cause a WARN. Signed-off-by: Tomi Valkeinen Signed-off-by: Tony Lindgren commit 43a562774fceba867e8eebba977d7d42f8a2eac7 Author: Denis Efremov Date: Fri Jun 5 20:37:44 2020 +0300 drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() Use kfree() instead of kvfree() to free rgb_user in calculate_user_regamma_ramp() because the memory is allocated with kcalloc(). Signed-off-by: Denis Efremov Signed-off-by: Alex Deucher commit 81921a828b94ce2816932c19a5ec74d302972833 Author: Denis Efremov Date: Fri Jun 5 20:37:43 2020 +0300 drm/amd/display: Use kvfree() to free coeff in build_regamma() Use kvfree() instead of kfree() to free coeff in build_regamma() because the memory is allocated with kvzalloc(). Fixes: e752058b8671 ("drm/amd/display: Optimize gamma calculations") Cc: stable@vger.kernel.org Signed-off-by: Denis Efremov Signed-off-by: Alex Deucher commit 79ca035d2d941839f55f3b8b69f8e81c66946ed8 Merge: 4152d146ee21 058f2e4da79b Author: Linus Torvalds Date: Wed Jun 10 15:00:11 2020 -0700 Merge branch 'proc-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull proc fix from Eric Biederman: "Syzbot found a NULL pointer dereference if kzalloc of s_fs_info fails" * 'proc-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: proc: s_fs_info may be NULL when proc_kill_sb is called commit 4152d146ee2169653297e03b9fa2e0f476923959 Merge: 78c24f7beeae b398ace5d2ea Author: Linus Torvalds Date: Wed Jun 10 14:46:54 2020 -0700 Merge branch 'rwonce/rework' of git://git.kernel.org/pub/scm/linux/kernel/git/will/linux Pull READ/WRITE_ONCE rework from Will Deacon: "This the READ_ONCE rework I've been working on for a while, which bumps the minimum GCC version and improves code-gen on arm64 when stack protector is enabled" [ Side note: I'm _really_ tempted to raise the minimum gcc version to 4.9, so that we can just say that we require _Generic() support. That would allow us to more cleanly handle a lot of the cases where we depend on very complex macros with 'sizeof' or __builtin_choose_expr() with __builtin_types_compatible_p() etc. This branch has a workaround for sparse not handling _Generic(), either, but that was already fixed in the sparse development branch, so it's really just gcc-4.9 that we'd require. - Linus ] * 'rwonce/rework' of git://git.kernel.org/pub/scm/linux/kernel/git/will/linux: compiler_types.h: Use unoptimized __unqual_scalar_typeof for sparse compiler_types.h: Optimize __unqual_scalar_typeof compilation time compiler.h: Enforce that READ_ONCE_NOCHECK() access size is sizeof(long) compiler-types.h: Include naked type in __pick_integer_type() match READ_ONCE: Fix comment describing 2x32-bit atomicity gcov: Remove old GCC 3.4 support arm64: barrier: Use '__unqual_scalar_typeof' for acquire/release macros locking/barriers: Use '__unqual_scalar_typeof' for load-acquire macros READ_ONCE: Drop pointer qualifiers when reading from scalar types READ_ONCE: Enforce atomicity for {READ,WRITE}_ONCE() memory accesses READ_ONCE: Simplify implementations of {READ,WRITE}_ONCE() arm64: csum: Disable KASAN for do_csum() fault_inject: Don't rely on "return value" from WRITE_ONCE() net: tls: Avoid assigning 'const' pointer to non-const pointer netfilter: Avoid assigning 'const' pointer to non-const pointer compiler/gcc: Raise minimum GCC version for kernel builds to 4.8 commit 78c24f7beeae295cb6dfb4274568f9bcfa92b316 Author: Andrew Morton Date: Wed Jun 10 14:34:02 2020 -0700 arch/powerpc/mm/pgtable.c: another missed conversion Fixes: e05c7b1f2bc4b7 ("mm: pgtable: add shortcuts for accessing kernel PMD and PTE") Reported-by: kernel test robot Reported-by: Guenter Roeck Cc: Michael Ellerman Cc: Mike Rapoport Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6d62c5b21155acaaaeb24862d62cf15d1dc2d8ba Merge: 6672966d6c85 146f5cdeda15 Author: Linus Torvalds Date: Wed Jun 10 14:12:15 2020 -0700 Merge tag 'docs-5.8-2' of git://git.lwn.net/linux Pull more documentation updates from Jonathan Corbet: "A handful of late-arriving docs fixes, along with a patch changing a lot of HTTP links to HTTPS that had to be yanked and redone before the first pull" * tag 'docs-5.8-2' of git://git.lwn.net/linux: docs/memory-barriers.txt/kokr: smp_mb__{before,after}_atomic(): update Documentation Documentation: devres: add missing entry for devm_platform_get_and_ioremap_resource() Replace HTTP links with HTTPS ones: documentation docs: it_IT: address invalid reference warnings doc: zh_CN: use doc reference to resolve undefined label warning docs: Update the location of the LF NDA program docs: dev-tools: coccinelle: underlines commit 6672966d6c854d5b05a10227fd21e4e0895719f7 Merge: 0c67f6b29715 ede439be684c Author: Linus Torvalds Date: Wed Jun 10 14:09:08 2020 -0700 Merge tag 'acpi-5.8-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull more ACPI updates from Rafael Wysocki: "Update the ACPICA code in the kernel to upstream revision 20200528 with the following changes: - Remove some dead code from the acpidump utility (Bob Moore) - Add new OperationRegion subtype keyword PlatformRtMechanism to the compiler (Erik Kaneda)" * tag 'acpi-5.8-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPICA: Update version to 20200528 ACPICA: iASL: add new OperationRegion subtype keyword PlatformRtMechanism ACPICA: acpidump: Removed dead code from oslinuxtbl.c commit 0c67f6b29715ff888cb967cc98336221a8a23916 Merge: 49f13b0921aa 50dd154ed7b1 Author: Linus Torvalds Date: Wed Jun 10 14:04:39 2020 -0700 Merge tag 'pm-5.8-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull more power management updates from Rafael Wysocki: "These are operating performance points (OPP) framework updates mostly, including support for interconnect bandwidth in the OPP core, plus a few cpufreq changes, including boost support in the CPPC cpufreq driver, an ACPI device power management fix and a hibernation code cleanup. Specifics: - Add support for interconnect bandwidth to the OPP core (Georgi Djakov, Saravana Kannan, Sibi Sankar, Viresh Kumar). - Add support for regulator enable/disable to the OPP core (Kamil Konieczny). - Add boost support to the CPPC cpufreq driver (Xiongfeng Wang). - Make the tegra186 cpufreq driver set the CPUFREQ_NEED_INITIAL_FREQ_CHECK flag (Mian Yousaf Kaukab). - Prevent the ACPI power management from using power resources with devices where the list of power resources for power state D0 (full power) is missing (Rafael Wysocki). - Annotate a hibernation-related function with __init (Christophe JAILLET)" * tag 'pm-5.8-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: PM: Avoid using power resources if there are none for D0 cpufreq: CPPC: add SW BOOST support cpufreq: change '.set_boost' to act on one policy PM: hibernate: Add __init annotation to swsusp_header_init() opp: Don't parse icc paths unnecessarily opp: Remove bandwidth votes when target_freq is zero opp: core: add regulators enable and disable opp: Reorder the code for !target_freq case opp: Expose bandwidth information via debugfs cpufreq: dt: Add support for interconnect bandwidth scaling opp: Update the bandwidth on OPP frequency changes opp: Add sanity checks in _read_opp_key() opp: Add support for parsing interconnect bandwidth cpufreq: tegra186: add CPUFREQ_NEED_INITIAL_FREQ_CHECK flag OPP: Add helpers for reading the binding properties dt-bindings: opp: Introduce opp-peak-kBps and opp-avg-kBps bindings commit 49f13b0921aaef0d5519358fd9fcc237c1c9124a Merge: 09102704c674 751ad34fbad7 Author: Linus Torvalds Date: Wed Jun 10 13:51:47 2020 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input updates from Dmitry Torokhov: - a new driver for the Azoteq IQS269A capacitive touch controller - a new driver for the Cypress CY8CTMA140 touchscreen - updates to Elan and ft5x06 touchscreen drivers - assorted driver fixes - msm-vibrator has been removed as we have a more generic solution * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (28 commits) Input: adi - work around module name confict Input: iqs269a - add missing I2C dependency Input: elants - refactor elants_i2c_execute_command() Input: elants - override touchscreen info with DT properties Input: elants - remove unused axes Input: add support for Azoteq IQS269A dt-bindings: input: Add bindings for Azoteq IQS269A Input: imx_sc_key - use devm_add_action_or_reset() to handle all cleanups Input: remove msm-vibrator driver dt-bindings: Input: remove msm-vibrator Input: elants_i2c - provide an attribute to show calibration count Input: introduce input_mt_report_slot_inactive() dt-bindings: input: touchscreen: elants_i2c: convert to YAML Input: add driver for the Cypress CY8CTMA140 touchscreen dt-bindings: touchscreen: Add CY8CTMA140 bindings Input: edt-ft5x06 - prefer asynchronous probe Input: edt-ft5x06 - improve power management operations Input: edt-ft5x06 - move parameter restore into helper Input: edt-ft5x06 - fix get_default register write access Input: atkbd - receive and use physcode->keycode mapping from FW ... commit 09102704c67457c6cdea6c0394c34843484a852c Merge: 84fc461db99b 044e4b092230 Author: Linus Torvalds Date: Wed Jun 10 13:42:09 2020 -0700 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio updates from Michael Tsirkin: - virtio-mem: paravirtualized memory hotplug - support doorbell mapping for vdpa - config interrupt support in ifc - fixes all over the place * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: (40 commits) vhost/test: fix up after API change virtio_mem: convert device block size into 64bit virtio-mem: drop unnecessary initialization ifcvf: implement config interrupt in IFCVF vhost: replace -1 with VHOST_FILE_UNBIND in ioctls vhost_vdpa: Support config interrupt in vdpa ifcvf: ignore continuous setting same status value virtio-mem: Don't rely on implicit compiler padding for requests virtio-mem: Try to unplug the complete online memory block first virtio-mem: Use -ETXTBSY as error code if the device is busy virtio-mem: Unplug subblocks right-to-left virtio-mem: Drop manual check for already present memory virtio-mem: Add parent resource for all added "System RAM" virtio-mem: Better retry handling virtio-mem: Offline and remove completely unplugged memory blocks mm/memory_hotplug: Introduce offline_and_remove_memory() virtio-mem: Allow to offline partially unplugged memory blocks mm: Allow to offline unmovable PageOffline() pages via MEM_GOING_OFFLINE virtio-mem: Paravirtualized memory hotunplug part 2 virtio-mem: Paravirtualized memory hotunplug part 1 ... commit 5969856ae8ce29c9d523a1a6145cbd9e87f7046c Author: Paolo Abeni Date: Wed Jun 10 10:47:41 2020 +0200 mptcp: fix races between shutdown and recvmsg The msk sk_shutdown flag is set by a workqueue, possibly introducing some delay in user-space notification. If the last subflow carries some data with the fin packet, the user space can wake-up before RCV_SHUTDOWN is set. If it executes unblocking recvmsg(), it may return with an error instead of eof. Address the issue explicitly checking for eof in recvmsg(), when no data is found. Fixes: 59832e246515 ("mptcp: subflow: check parent mptcp socket on subflow state change") Signed-off-by: Paolo Abeni Reviewed-by: Matthieu Baerts Signed-off-by: David S. Miller commit 84fc461db99b2dc19e019c0a97725a3653687981 Merge: 0e083da7c8a2 f6e8c474390b Author: Linus Torvalds Date: Wed Jun 10 13:25:40 2020 -0700 Merge tag 'for-linus-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml Pull UML updates from Richard Weinberger: - Use fdatasync() in ubd - Add a generic "fd" vector transport - Minor cleanups and fixes * tag 'for-linus-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml: um: virtio: Replace zero-length array with flexible-array um: Use fdatasync() when mapping the UBD FSYNC command um: Do not evaluate compiler's library path when cleaning um: Neaten vu_err macro definition um: Add a generic "fd" vector transport um: Add include: memset() and memcpy() are in commit 0e083da7c8a26bc2674d7155bb5a0676b7dbc8ba Merge: 6f51ab9440d1 4b68bf9a69d2 Author: Linus Torvalds Date: Wed Jun 10 13:24:40 2020 -0700 Merge tag 'for-linus-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs Pull UBI update from Richard Weinberger: "This contains a single change for UBI: - Select fastmap anchor PEBs considering wear level rules" * tag 'for-linus-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs: ubi: Select fastmap anchor PEBs considering wear level rules commit 50cb8769f2c1c657a470bda192b79ff679d0ecfc Author: David Ahern Date: Tue Jun 9 17:27:28 2020 -0600 vxlan: Remove access to nexthop group struct vxlan driver should be using helpers to access nexthop struct internals. Remove open check if whether nexthop is multipath in favor of the existing nexthop_is_multipath helper. Add a new helper, nexthop_has_v4, to cover the need to check has_v4 in a group. Fixes: 1274e1cc4226 ("vxlan: ecmp support for mac fdb entries") Cc: Roopa Prabhu Signed-off-by: David Ahern Signed-off-by: David S. Miller commit ce9ac056d9cd15630dfca352ff6d3051ba3ba8f6 Author: David Ahern Date: Mon Jun 8 20:54:43 2020 -0600 nexthop: Fix fdb labeling for groups fdb nexthops are marked with a flag. For standalone nexthops, a flag was added to the nh_info struct. For groups that flag was added to struct nexthop when it should have been added to the group information. Fix by removing the flag from the nexthop struct and adding a flag to nh_group that mirrors nh_info and is really only a caching of the individual types. Add a helper, nexthop_is_fdb, for use by the vxlan code and fixup the internal code to use the flag from either nh_info or nh_group. v2 - propagate fdb_nh in remove_nh_grp_entry Fixes: 38428d68719c ("nexthop: support for fdb ecmp nexthops") Cc: Roopa Prabhu Signed-off-by: David Ahern Signed-off-by: David S. Miller commit 6f51ab9440d131ae424cce27e3170746219f5142 Merge: 6f630784cc0d 5788ccf3c84f Author: Linus Torvalds Date: Wed Jun 10 13:15:17 2020 -0700 Merge tag 'mtd/for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux Pull MTD updates from Richard Weinberger: "MTD core changes: - partition parser: Support MTD names containing one or more colons. - mtdblock: clear cache_state to avoid writing to bad blocks repeatedly. Raw NAND core changes: - Stop using nand_release(), patched all drivers. - Give more information about the ECC weakness when not matching the chip's requirement. - MAINTAINERS updates. - Support emulated SLC mode on MLC NANDs. - Support "constrained" controllers, adapt the core and ONFI/JEDEC table parsing and Micron's code. - Take check_only into account. - Add an invalid ECC mode to discriminate with valid ones. - Return an enum from of_get_nand_ecc_algo(). - Drop OOB_FIRST placement scheme. - Introduce nand_extract_bits(). - Ensure a consistent bitflips numbering. - BCH lib: - Allow easy bit swapping. - Rework a little bit the exported function names. - Fix nand_gpio_waitrdy(). - Propage CS selection to sub operations. - Add a NAND_NO_BBM_QUIRK flag. - Give the possibility to verify a read operation is supported. - Add a helper to check supported operations. - Avoid indirect access to ->data_buf(). - Rename the use_bufpoi variables. - Fix comments about the use of bufpoi. - Rename a NAND chip option. - Reorder the nand_chip->options flags. - Translate obscure bitfields into readable macros. - Timings: - Fix default values. - Add mode information to the timings structure. Raw NAND controller driver changes: - Fixed many error paths. - Arasan - New driver - Au1550nd: - Various cleanups - Migration to ->exec_op() - brcmnand: - Misc cleanup. - Support v2.1-v2.2 controllers. - Remove unused including . - Correctly verify erased pages. - Fix Hamming OOB layout. - Cadence - Make cadence_nand_attach_chip static. - Cafe: - Set the NAND_NO_BBM_QUIRK flag - cmx270: - Remove this controller driver. - cs553x: - Misc cleanup - Migration to ->exec_op() - Davinci: - Misc cleanup. - Migration to ->exec_op() - Denali: - Add more delays before latching incoming data - Diskonchip: - Misc cleanup - Migration to ->exec_op() - Fsmc: - Change to non-atomic bit operations. - GPMI: - Use nand_extract_bits() - Fix runtime PM imbalance. - Ingenic: - Migration to exec_op() - Fix the RB gpio active-high property on qi, lb60 - Make qi_lb60_ooblayout_ops static. - Marvell: - Misc cleanup and small fixes - Nandsim: - Fix the error paths, driver wide. - Omap_elm: - Fix runtime PM imbalance. - STM32_FMC2: - Misc cleanups (error cases, comments, timeout valus, cosmetic changes). SPI NOR core changes: - Add, update support and fix few flashes. - Prepare BFPT parsing for JESD216 rev D. - Kernel doc fixes. CFI changes: - Support the absence of protection registers for Intel CFI flashes. - Replace zero-length array with flexible-arrays" * tag 'mtd/for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux: (208 commits) mtd: clear cache_state to avoid writing to bad blocks repeatedly mtd: parser: cmdline: Support MTD names containing one or more colons mtd: physmap_of_gemini: remove defined but not used symbol 'syscon_match' mtd: rawnand: Add an invalid ECC mode to discriminate with valid ones mtd: rawnand: Return an enum from of_get_nand_ecc_algo() mtd: rawnand: Drop OOB_FIRST placement scheme mtd: rawnand: Avoid a typedef mtd: Fix typo in mtd_ooblayout_set_databytes() description mtd: rawnand: Stop using nand_release() mtd: rawnand: nandsim: Reorganize ns_cleanup_module() mtd: rawnand: nandsim: Rename a label in ns_init_module() mtd: rawnand: nandsim: Manage lists on error in ns_init_module() mtd: rawnand: nandsim: Fix the label pointing on nand_cleanup() mtd: rawnand: nandsim: Free erase_block_wear on error mtd: rawnand: nandsim: Use an additional label when freeing the nandsim object mtd: rawnand: nandsim: Stop using nand_release() mtd: rawnand: nandsim: Free the partition names in ns_free() mtd: rawnand: nandsim: Free the allocated device on error in ns_init() mtd: rawnand: nandsim: Free partition names on error in ns_init() mtd: rawnand: nandsim: Fix the two ns_alloc_device() error paths ... commit 058f2e4da79b23afb56ce3d03d907d6cdd36f2b8 Author: Alexey Gladkov Date: Wed Jun 10 20:35:49 2020 +0200 proc: s_fs_info may be NULL when proc_kill_sb is called syzbot found that proc_fill_super() fails before filling up sb->s_fs_info, deactivate_locked_super() will be called and sb->s_fs_info will be NULL. The proc_kill_sb() does not expect fs_info to be NULL which is wrong. Link: https://lore.kernel.org/lkml/0000000000002d7ca605a7b8b1c5@google.com Reported-by: syzbot+4abac52934a48af5ff19@syzkaller.appspotmail.com Fixes: fa10fed30f25 ("proc: allow to mount many instances of proc in one pid namespace") Signed-off-by: Alexey Gladkov Signed-off-by: Eric W. Biederman commit 6f630784cc0d92fb58ea326e2bc01aa056279ecb Merge: 3a2a87517421 9ac1eafa885a Author: Linus Torvalds Date: Wed Jun 10 11:42:19 2020 -0700 Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk updates from Stephen Boyd: "This time around we have four lines of diff in the core framework, removing a function that isn't used anymore. Otherwise the main new thing for the common clk framework is that it is selectable in the Kconfig language now. Hopefully this will let clk drivers and clk consumers be testable on more than the architectures that support the clk framework. The goal is to introduce some Kunit tests for the framework. Outside of the core framework we have the usual set of various driver updates and non-critical fixes. The dirstat shows that the new Baikal-T1 driver is the largest addition this time around in terms of lines of code. After that the x86 (Intel), Qualcomm, and Mediatek drivers introduce many lines to support new or upcoming SoCs. After that the dirstat shows the usual suspects working on their SoC support by fixing minor bugs, correcting data and converting some of their DT bindings to YAML. Core: - Allow the COMMON_CLK config to be selectable New Drivers: - Clk driver for Baikal-T1 SoCs - Mediatek MT6765 clock support - Support for Intel Agilex clks - Add support for X1830 and X1000 Ingenic SoC clk controllers - Add support for the new Renesas RZ/G1H (R8A7742) SoC - Add support for Qualcomm's MSM8939 Generic Clock Controller Updates: - Support IDT VersaClock 5P49V5925 - Bunch of updates for HSDK clock generation unit (CGU) driver - Start making audio and GPU clks work on Marvell MMP2/MMP3 SoCs - Add some GPU, NPU, and UFS clks to Qualcomm SM8150 driver - Enable supply regulators for GPU gdscs on Qualcomm SoCs - Add support for Si5342, Si5344 and Si5345 chips - Support custom flags in Xilinx zynq firmware - Various small fixes to the Xilinx clk driver - A single minor rounding fix for the legacy Allwinner clock support - A few patches from Abel Vesa as preparation of adding audiomix clock support on i.MX - A couple of cleanups from Anson Huang for i.MX clk-sscg-pll and clk-pllv3 drivers - Drop dependency on ARM64 for i.MX8M clock driver, to support aarch32 mode on aarch64 hardware - A series from Peng Fan to improve i.MX8M clock drivers, using composite clock for core and bus clk slice - Set a better parent clock for flexcan on i.MX6UL to support CiA102 defined bit rates - A couple changes for EMC frequency scaling on Tegra210 - Support for CPU frequency scaling on Tegra20/Tegra30 - New clk gate for CSI test pattern generator on Tegra210 - Regression fixes for Samsung exynos542x and exynos5433 SoCs - Use of fallthrough; attribute for Samsung s3c24xx - Updates and fixup HDMI and video clocks on Meson8b - Fixup reset polarity on Meson8b - Fix GPU glitch free mux switch on Meson gx and g12 - A minor fix for the currently unused suspend/resume handling on Renesas RZ/A1 and RZ/A2 - Two more conversions of Renesas DT bindings to json-schema - Add support for the USB 2.0 clock selector on Renesas R-Car M3-W+" * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (155 commits) clk: mediatek: Remove ifr{0,1}_cfg_regs structures clk: baikal-t1: remove redundant assignment to variable 'divider' clk: baikal-t1: fix spelling mistake "Uncompatible" -> "Incompatible" dt-bindings: clock: Add a missing include to MMP Audio Clock binding dt: Add bindings for IDT VersaClock 5P49V5925 clk: vc5: Add support for IDT VersaClock 5P49V6965 clk: Add Baikal-T1 CCU Dividers driver clk: Add Baikal-T1 CCU PLLs driver dt-bindings: clk: Add Baikal-T1 CCU Dividers binding dt-bindings: clk: Add Baikal-T1 CCU PLLs binding clk: mediatek: assign the initial value to clk_init_data of mtk_mux clk: mediatek: Add MT6765 clock support clk: mediatek: add mt6765 clock IDs dt-bindings: clock: mediatek: document clk bindings vcodecsys for Mediatek MT6765 SoC dt-bindings: clock: mediatek: document clk bindings mipi0a for Mediatek MT6765 SoC dt-bindings: clock: mediatek: document clk bindings for Mediatek MT6765 SoC CLK: HSDK: CGU: add support for 148.5MHz clock CLK: HSDK: CGU: support PLL bypassing CLK: HSDK: CGU: check if PLL is bypassed first clk: clk-si5341: Add support for the Si5345 series ... commit 3a2a8751742133a7bbc49b9d1bcbd52e212edff6 Merge: c90e7945e3a3 152204dbdcee Author: Linus Torvalds Date: Wed Jun 10 11:28:35 2020 -0700 Merge tag 'for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply Pull power supply and reset updates from Sebastian Reichel: "This time there are lots of changes. Quite a few changes to the core, lots of driver changes and one change to kobject core (with Ack from Greg). Summary: kobject: - Increase number of allowed uevent variables power-supply core: - Add power-supply type in uevent - Cleanup property handling in core - Make property and usb_type pointers const - Convert core power-supply DT binding to YAML - Cleanup HWMON code - Add new health status "calibration required" - Add new properties for manufacture date and capacity error margin battery drivers: - new cw2015 battery driver used by pine64 Pinebook Pro laptop - axp22: blacklist on Meegopad T02 - sc27xx: support current/voltage reading - max17042: support time-to-empty reading - simple-battery: add more battery parameters - bq27xxx: convert DT binding document to YAML - sbs-battery: add TI BQ20Z65 support, fix technology property, convert DT binding to YAML, add option to disable charger broadcasts, add new properties: manufacture date, capacity error margin, average current, charge current and voltage and support calibration required health status - misc fixes charger drivers: - bq25890: cleanup, implement charge type, precharge current and input current limiting properties - bd70528: use new linear range helper library - bd99954: new charger driver - mp2629: new charger driver - misc fixes reboot drivers: - oxnas-restart: introduce new driver - syscon-reboot: convert DT binding to YAML, add parent syscon device support - misc fixes" * tag 'for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply: (85 commits) power: supply: cw2015: Attach OF ID table to the driver power: reset: gpio-poweroff: add missing '\n' in dev_err() Revert "power: supply: sbs-battery: simplify read_read_string_data" Revert "power: supply: sbs-battery: add PEC support" dt-bindings: power: sbs-battery: Convert to yaml power: supply: sbs-battery: constify power-supply property array power: supply: sbs-battery: switch to i2c's probe_new power: supply: sbs-battery: switch from of_property_* to device_property_* power: supply: sbs-battery: add ability to disable charger broadcasts power: supply: sbs-battery: fix idle battery status power: supply: sbs-battery: add POWER_SUPPLY_HEALTH_CALIBRATION_REQUIRED support power: supply: sbs-battery: add MANUFACTURE_DATE support power: supply: sbs-battery: add POWER_SUPPLY_PROP_CONSTANT_CHARGE_CURRENT/VOLTAGE_MAX support power: supply: sbs-battery: Improve POWER_SUPPLY_PROP_TECHNOLOGY support power: supply: sbs-battery: add POWER_SUPPLY_PROP_CURRENT_AVG support power: supply: sbs-battery: add PEC support power: supply: sbs-battery: simplify read_read_string_data power: supply: sbs-battery: add POWER_SUPPLY_PROP_CAPACITY_ERROR_MARGIN support power: supply: sbs-battery: Add TI BQ20Z65 support power: supply: core: add POWER_SUPPLY_HEALTH_CALIBRATION_REQUIRED ... commit ef9d965bc8b6fce5bcc0ae76a4a5b3ed91ee81eb Author: Christoph Hellwig Date: Tue Jun 9 19:08:19 2020 +0200 sysctl: reject gigantic reads/write to sysctl files Instead of triggering a WARN_ON deep down in the page allocator just give up early on allocations that are way larger than the usual sysctl values. Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler") Reported-by: Vegard Nossum Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro commit 8c46fa96822c28ca81036e26c2d963f1fac9a961 Author: Christoph Hellwig Date: Tue Jun 9 19:08:18 2020 +0200 cdrom: fix an incorrect __user annotation on cdrom_sysctl_info No user pointers for sysctls anymore. Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler") Reported-by: build test robot Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro commit 15c99816ed9396c548eed2e84f30c14caccad1f4 Merge: 0370964dd3ff 304e2989c93e Author: Marc Zyngier Date: Wed Jun 10 19:09:26 2020 +0100 Merge branch 'kvm-arm64/ptrauth-fixes' into kvmarm-master/next Signed-off-by: Marc Zyngier commit 304e2989c93e941fa55b38c59c975d4acfb6e4a2 Author: Marc Zyngier Date: Wed Jun 10 16:27:46 2020 +0100 KVM: arm64: Move hyp_symbol_addr() to kvm_asm.h Recent refactoring of the arm64 code make it awkward to have hyp_symbol_addr() in kvm_mmu.h. Instead, move it next to its main user, which is __hyp_this_cpu_ptr(). Signed-off-by: Marc Zyngier commit c90e7945e3a39c50c07e63a5892e65ecfde374a9 Merge: 77d22a4388d3 be4cf718cd99 Author: Linus Torvalds Date: Wed Jun 10 11:03:04 2020 -0700 Merge tag 'dmaengine-5.8-rc1' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine updates from Vinod Koul: "A fairly small dmaengine update which includes mostly driver updates (dmatest, dw-edma, ioat, mmp-tdma and k3-udma) along with Renesas binding update to json-schema" * tag 'dmaengine-5.8-rc1' of git://git.infradead.org/users/vkoul/slave-dma: (39 commits) dmaengine: imx-sdma: initialize all script addresses dmaengine: ti: k3-udma: Use proper return code in alloc_chan_resources dmaengine: ti: k3-udma: Remove udma_chan.in_ring_cnt dmaengine: ti: k3-udma: Add missing dma_sync call for rx flush descriptor dmaengine: at_xdmac: Replace zero-length array with flexible-array dmaengine: at_hdmac: Replace zero-length array with flexible-array dmaengine: qcom: bam_dma: Replace zero-length array with flexible-array dmaengine: ti: k3-udma: Use PTR_ERR_OR_ZERO() to simplify code dmaengine: moxart-dma: Drop pointless static qualifier in moxart_probe() dmaengine: sf-pdma: Simplify the error handling path in 'sf_pdma_probe()' dmaengine: qcom_hidma: use true,false for bool variable dmaengine: dw-edma: support local dma device transfer semantics dmaengine: Fix doc strings to satisfy validation script dmaengine: Include dmaengine.h into dmaengine.c dmaengine: dmatest: Describe members of struct dmatest_info dmaengine: dmatest: Describe members of struct dmatest_params dmaengine: dmatest: Allow negative timeout value to specify infinite wait Revert "dmaengine: dmatest: timeout value of -1 should specify infinite wait" dmaengine: stm32-dma: direct mode support through device tree dt-bindings: dma: add direct mode support through device tree in stm32-dma ... commit 77d22a4388d33a76180cad69a4309d6636d30855 Author: Geert Uytterhoeven Date: Mon Jun 1 12:00:49 2020 +0200 Documentation/CodingStyle: Fix duplicate "are" typo The improved paragraph about line lengths contains a sentence with a duplicate word: there is one "are" at the end of a line, followed by a second one at the beginning of the next line. Drop the first one, as that one is part of the longest line. Fixes: bdc48fa11e46f867 ("checkpatch/coding-style: deprecate 80-column warning") Signed-off-by: Geert Uytterhoeven Signed-off-by: Linus Torvalds commit f7579007f3421bce25e05f54c462fe717bf581da Author: Andrew Morton Date: Tue Jun 9 18:46:16 2020 -0700 arch/sparc/mm/srmmu.c: fix build "mm: consolidate pte_index() and pte_offset_*() definitions" was supposed to remove arch/sparc/mm/srmmu.c:pte_offset_kernel(). Fixes: 974b9b2c68f3d35 ("mm: consolidate pte_index() and pte_offset_*() definitions") Reported-by: kernel test robot Cc: Mike Rapoport Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6c2d2176a85eb2fd65eb7cfe94b3bad0acce99c0 Author: Pablo Neira Ayuso Date: Wed Jun 10 19:28:53 2020 +0200 netfilter: ctnetlink: memleak in filter initialization error path Release the filter object in case of error. Fixes: cb8aa9a3affb ("netfilter: ctnetlink: add kernel side filtering for dump") Reported-by: syzbot+38b8b548a851a01793c5@syzkaller.appspotmail.com Signed-off-by: Pablo Neira Ayuso commit 7866c177a03b18be3d83175014c643546e5b53c6 Author: Steve French Date: Tue Jun 9 19:50:40 2020 -0500 smb3: fix typo in mount options displayed in /proc/mounts Missing the final 's' in "max_channels" mount option when displayed in /proc/mounts (or by mount command) CC: Stable Signed-off-by: Steve French Reviewed-by: Shyam Prasad N commit 672cf6df9b8a3a6d70a6a5c30397f76fa40d3178 Author: Joerg Roedel Date: Tue Jun 9 15:03:03 2020 +0200 iommu/vt-d: Move Intel IOMMU driver into subdirectory Move all files related to the Intel IOMMU driver into its own subdirectory. Signed-off-by: Joerg Roedel Reviewed-by: Jerry Snitselaar Reviewed-by: Lu Baolu Link: https://lore.kernel.org/r/20200609130303.26974-3-joro@8bytes.org commit ad8694bac410e5d72ad610dfb146f58bf2fe0365 Author: Joerg Roedel Date: Tue Jun 9 15:03:02 2020 +0200 iommu/amd: Move AMD IOMMU driver into subdirectory Move all files related to the AMD IOMMU driver into its own subdirectory. Signed-off-by: Joerg Roedel Reviewed-by: Suravee Suthikulpanit Reviewed-by: Jerry Snitselaar Link: https://lore.kernel.org/r/20200609130303.26974-2-joro@8bytes.org commit cb301414763e07e4cef58c9d5ef3750d1f9539bc Author: Tali Perry Date: Wed Jun 10 10:24:51 2020 +0300 MAINTAINERS: npcm7xx: Add maintainer for Nuvoton NPCM BMC Add maintainer for Nuvoton NPCM BMC I2C controller driver. Signed-off-by: Tali Perry Signed-off-by: Wolfram Sang commit ede439be684c54f01147e1f65cc565c6baaca1a4 Merge: 118d6e98293b 34a09bffd998 Author: Rafael J. Wysocki Date: Wed Jun 10 17:27:28 2020 +0200 Merge branch 'acpica' * acpica: ACPICA: Update version to 20200528 ACPICA: iASL: add new OperationRegion subtype keyword PlatformRtMechanism ACPICA: acpidump: Removed dead code from oslinuxtbl.c commit 50dd154ed7b17a8b3a1983fc32a8e41d4cc4211a Merge: 4c277e2f8596 54e74df5d76d 956ad9d98b73 Author: Rafael J. Wysocki Date: Wed Jun 10 17:10:40 2020 +0200 Merge branches 'pm-cpufreq' and 'pm-acpi' * pm-cpufreq: cpufreq: CPPC: add SW BOOST support cpufreq: change '.set_boost' to act on one policy cpufreq: tegra186: add CPUFREQ_NEED_INITIAL_FREQ_CHECK flag * pm-acpi: ACPI: PM: Avoid using power resources if there are none for D0 commit 4c277e2f859694291245701f054962e05c1ca16d Merge: afd8d7c7f936 4573e9ef5153 Author: Rafael J. Wysocki Date: Wed Jun 10 17:10:30 2020 +0200 Merge branch 'pm-opp' * pm-opp: opp: Don't parse icc paths unnecessarily opp: Remove bandwidth votes when target_freq is zero opp: core: add regulators enable and disable opp: Reorder the code for !target_freq case opp: Expose bandwidth information via debugfs cpufreq: dt: Add support for interconnect bandwidth scaling opp: Update the bandwidth on OPP frequency changes opp: Add sanity checks in _read_opp_key() opp: Add support for parsing interconnect bandwidth interconnect: Remove unused module exit code from core interconnect: Disallow interconnect core to be built as a module interconnect: Add of_icc_get_by_index() helper function OPP: Add helpers for reading the binding properties dt-bindings: opp: Introduce opp-peak-kBps and opp-avg-kBps bindings commit 0370964dd3ff7d3d406f292cb443a927952cbd05 Author: Marc Zyngier Date: Tue Jun 9 08:50:29 2020 +0100 KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception On a VHE system, the EL1 state is left in the CPU most of the time, and only syncronized back to memory when vcpu_put() is called (most of the time on preemption). Which means that when injecting an exception, we'd better have a way to either: (1) write directly to the EL1 sysregs (2) synchronize the state back to memory, and do the changes there For an AArch64, we already do (1), so we are safe. Unfortunately, doing the same thing for AArch32 would be pretty invasive. Instead, we can easily implement (2) by calling the put/load architectural backends, and keep preemption disabled. We can then reload the state back into EL1. Cc: stable@vger.kernel.org Reported-by: James Morse Signed-off-by: Marc Zyngier commit 3204be4109ad681523e3461ce64454c79278450a Author: Marc Zyngier Date: Tue Jun 9 08:40:35 2020 +0100 KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts AArch32 CP1x registers are overlayed on their AArch64 counterparts in the vcpu struct. This leads to an interesting problem as they are stored in their CPU-local format, and thus a CP1x register doesn't "hit" the lower 32bit portion of the AArch64 register on a BE host. To workaround this unfortunate situation, introduce a bias trick in the vcpu_cp1x() accessors which picks the correct half of the 64bit register. Cc: stable@vger.kernel.org Reported-by: James Morse Tested-by: James Morse Acked-by: James Morse Signed-off-by: Marc Zyngier commit 85d0f9ad8212d655ce71e9034d95eacce63538f3 Author: Ian Rogers Date: Tue Jun 9 16:43:43 2020 -0700 perf pmu: Remove unused declaration This avoids multiple declarations if the flex header is included. Signed-off-by: Ian Rogers Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Andi Kleen Cc: Jin Yao Cc: Jiri Olsa Cc: John Garry Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lore.kernel.org/lkml/20200609234344.3795-1-irogers@google.com Signed-off-by: Arnaldo Carvalho de Melo commit a4f55d927d33accd6eb535ce0db031e2df47714a Merge: 951e2736f4b1 44ce45f866c1 Author: Takashi Iwai Date: Wed Jun 10 15:40:49 2020 +0200 Merge tag 'asoc-fix-v5.8' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v5.8 A small pile of fixes that came in during the merge window, the DPCM fixes from Pierre are the most notable thing here. commit 42c76c9848e13dbe0538d7ae0147a269dfa859cb Author: Christophe JAILLET Date: Sat May 30 10:16:22 2020 +0200 scsi: acornscsi: Fix an error handling path in acornscsi_probe() 'ret' is known to be 0 at this point. Explicitly return -ENOMEM if one of the 'ecardm_iomap()' calls fail. Link: https://lore.kernel.org/r/20200530081622.577888-1-christophe.jaillet@wanadoo.fr Fixes: e95a1b656a98 ("[ARM] rpc: acornscsi: update to new style ecard driver") Signed-off-by: Christophe JAILLET Signed-off-by: Martin K. Petersen commit 47f6bc4ce1ff70d7ba0924c2f1c218c96cd585fb Author: Brett Mastbergen Date: Tue Jun 9 17:35:06 2020 -0400 tools, bpf: Do not force gcc as CC This allows transparent cross-compilation with CROSS_COMPILE by relying on 7ed1c1901fe5 ("tools: fix cross-compile var clobbering"). Same change was applied to tools/bpf/bpftool/Makefile in 9e88b9312acb ("tools: bpftool: do not force gcc as CC"). Signed-off-by: Brett Mastbergen Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200609213506.3299-1-brett.mastbergen@gmail.com commit 32022fd97ed34f6812802bf1288db27c313576f4 Author: Andrii Nakryiko Date: Tue Jun 9 22:23:35 2020 -0700 libbpf: Handle GCC noreturn-turned-volatile quirk Handle a GCC quirk of emitting extra volatile modifier in DWARF (and subsequently preserved in BTF by pahole) for function pointers marked as __attribute__((noreturn)). This was the way to mark such functions before GCC 2.5 added noreturn attribute. Drop such func_proto modifiers, similarly to how it's done for array (also to handle GCC quirk/bug). Such volatile attribute is emitted by GCC only, so existing selftests can't express such test. Simple repro is like this (compiled with GCC + BTF generated by pahole): struct my_struct { void __attribute__((noreturn)) (*fn)(int); }; struct my_struct a; Without this fix, output will be: struct my_struct { voidvolatile (*fn)(int); }; With the fix: struct my_struct { void (*fn)(int); }; Fixes: 351131b51c7a ("libbpf: add btf_dump API for BTF-to-C conversion") Reported-by: Jean-Philippe Brucker Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Tested-by: Jean-Philippe Brucker Link: https://lore.kernel.org/bpf/20200610052335.2862559-1-andriin@fb.com commit a194c33f45f83068ef13bf1d16e26d4ca3ecc098 Author: Nick Desaulniers Date: Mon Jun 8 13:38:17 2020 -0700 arm64: acpi: fix UBSAN warning Will reported a UBSAN warning: UBSAN: null-ptr-deref in arch/arm64/kernel/smp.c:596:6 member access within null pointer of type 'struct acpi_madt_generic_interrupt' CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0-rc6-00124-g96bc42ff0a82 #1 Call trace: dump_backtrace+0x0/0x384 show_stack+0x28/0x38 dump_stack+0xec/0x174 handle_null_ptr_deref+0x134/0x174 __ubsan_handle_type_mismatch_v1+0x84/0xa4 acpi_parse_gic_cpu_interface+0x60/0xe8 acpi_parse_entries_array+0x288/0x498 acpi_table_parse_entries_array+0x178/0x1b4 acpi_table_parse_madt+0xa4/0x110 acpi_parse_and_init_cpus+0x38/0x100 smp_init_cpus+0x74/0x258 setup_arch+0x350/0x3ec start_kernel+0x98/0x6f4 This is from the use of the ACPI_OFFSET in arch/arm64/include/asm/acpi.h. Replace its use with offsetof from include/linux/stddef.h which should implement the same logic using __builtin_offsetof, so that UBSAN wont warn. Reported-by: Will Deacon Suggested-by: Ard Biesheuvel Signed-off-by: Nick Desaulniers Reviewed-by: Jeremy Linton Acked-by: Lorenzo Pieralisi Cc: stable@vger.kernel.org Link: https://lore.kernel.org/lkml/20200521100952.GA5360@willie-the-truck/ Link: https://lore.kernel.org/r/20200608203818.189423-1-ndesaulniers@google.com Signed-off-by: Will Deacon commit 625412c210fb6423e40cb22de7d14fc3bb9d9e79 Author: Nick Desaulniers Date: Mon Jun 8 13:57:08 2020 -0700 arm64: vdso32: add CONFIG_THUMB2_COMPAT_VDSO Allow the compat vdso (32b) to be compiled as either THUMB2 (default) or ARM. For THUMB2, the register r7 is reserved for the frame pointer, but code in arch/arm64/include/asm/vdso/compat_gettimeofday.h uses r7. Explicitly set -fomit-frame-pointer, since unwinding through interworked THUMB2 and ARM is unreliable anyways. See also how CONFIG_UNWINDER_FRAME_POINTER cannot be selected for CONFIG_THUMB2_KERNEL for ARCH=arm. This also helps toolchains that differ in their implicit value if the choice of -f{no-}omit-frame-pointer is left unspecified, to not error on the use of r7. 2019 Q4 ARM AAPCS seeks to standardize the use of r11 as the reserved frame pointer register, but no production compiler that can compile the Linux kernel currently implements this. We're actively discussing such a transition with ARM toolchain developers currently. Reported-by: Luis Lozano Signed-off-by: Nick Desaulniers Tested-by: Manoj Gupta Acked-by: Catalin Marinas Cc: Stephen Boyd Cc: Robin Murphy Cc: Dave Martin Link: https://static.docs.arm.com/ihi0042/i/aapcs32.pdf Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1084372 Link: https://lore.kernel.org/r/20200608205711.109418-1-ndesaulniers@google.com Signed-off-by: Will Deacon commit a575357b6435c6dd988b8194c59eec83f6e5d5af Author: Alexander Stein Date: Tue Jun 9 18:55:27 2020 +0200 spi: dt-bindings: amlogic, meson-gx-spicc: Fix schema for meson-g12a spi@13000: clock-names: Additional items are not allowed ('pclk' was unexpected) spi@13000: clock-names: ['core', 'pclk'] is too long spi@13000: clocks: [[2, 23], [2, 258]] is too long spi@15000: clock-names: Additional items are not allowed ('pclk' was unexpected) spi@15000: clock-names: ['core', 'pclk'] is too long spi@15000: clocks: [[2, 29], [2, 261]] is too long Conditional schema properties don't overwrite others. Instead of restrictions have to be validated. So general clock amount is 1-2 and depending on the actual device type limit the mount to 1 or 2. Signed-off-by: Alexander Stein Link: https://lore.kernel.org/r/20200609165527.55183-1-alexander.stein@mailbox.org Signed-off-by: Mark Brown commit 54e1e06bcf1cf6e7ac3f86daa5f7454add24b494 Author: Jernej Skrabec Date: Mon Apr 13 11:54:57 2020 +0200 drm/sun4i: hdmi ddc clk: Fix size of m divider m divider in DDC clock register is 4 bits wide. Fix that. Fixes: 9c5681011a0c ("drm/sun4i: Add HDMI support") Signed-off-by: Jernej Skrabec Reviewed-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard Link: https://patchwork.freedesktop.org/patch/msgid/20200413095457.1176754-1-jernej.skrabec@siol.net commit 05589dde649cd954a122b0ebb2cbe4ade8a80e98 Author: Zong Li Date: Mon Jun 1 15:10:58 2020 +0800 riscv: fix build warning of missing prototypes Add the missing header in file, it was lost in original implementation. The warning message as follows: - no previous prototype for 'patch_text_nosync' [-Wmissing-prototypes] - no previous prototype for 'patch_text' [-Wmissing-prototypes] Changed in v2: - Correct the typo of commit message. Signed-off-by: Zong Li Reported-by: kbuild test robot Reviewed-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 4e0f9e3a6104261f25b16fcab02fc96f5666ba11 Author: Anup Patel Date: Mon Jun 1 10:36:56 2020 +0530 RISC-V: Don't mark init section as non-executable The head text section (i.e. _start, secondary_start_sbi, etc) and the init section fall under same page table level-1 mapping. Currently, the runtime CPU hotplug is broken because we are marking init section as non-executable which in-turn marks head text section as non-executable. Further investigating other architectures, it seems marking the init section as non-executable is redundant because the init section pages are anyway poisoned and freed. To fix broken runtime CPU hotplug, we simply remove the code marking the init section as non-executable. Fixes: d27c3c90817e ("riscv: add STRICT_KERNEL_RWX support") Cc: stable@vger.kernel.org Signed-off-by: Anup Patel Reviewed-by: Zong Li Reviewed-by: Atish Patra Signed-off-by: Palmer Dabbelt commit e71ee06e3ca337758ac95288a917622ff9808fa0 Author: Anup Patel Date: Mon Jun 1 14:45:43 2020 +0530 RISC-V: Force select RISCV_INTC for CONFIG_RISCV The RISC-V per-HART local interrupt controller driver is mandatory for all RISC-V system (with/without MMU) hence we force select it for CONFIG_RISCV (just like RISCV_TIMER). Signed-off-by: Anup Patel Reviewed-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 24dc17005ca1d5034d5575f8f94bfd9ad719a22f Author: Anup Patel Date: Mon Jun 1 14:45:42 2020 +0530 RISC-V: Remove do_IRQ() function The only thing do_IRQ() does is call handle_arch_irq function pointer. We can very well call handle_arch_irq function pointer directly from assembly and remove do_IRQ() function hence this patch. Signed-off-by: Anup Patel Reviewed-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 033a65de7eced89f62d2cd166b1ee2d33af4f1e4 Author: Anup Patel Date: Mon Jun 1 14:45:41 2020 +0530 clocksource/drivers/timer-riscv: Use per-CPU timer interrupt Instead of directly calling RISC-V timer interrupt handler from RISC-V local interrupt conntroller driver, this patch implements RISC-V timer interrupt as a per-CPU interrupt using per-CPU APIs of Linux IRQ subsystem. Signed-off-by: Anup Patel Reviewed-by: Atish Patra Reviewed-by: Marc Zyngier Signed-off-by: Palmer Dabbelt commit 6b7ce8927b5a4d739670d4dc0de301f2abfd9a5c Author: Anup Patel Date: Mon Jun 1 14:45:40 2020 +0530 irqchip: RISC-V per-HART local interrupt controller driver The RISC-V per-HART local interrupt controller manages software interrupts, timer interrupts, external interrupts (which are routed via the platform level interrupt controller) and other per-HART local interrupts. We add a driver for the RISC-V local interrupt controller, which eventually replaces the RISC-V architecture code, allowing for a better split between arch code and drivers. The driver is compliant with RISC-V Hart-Level Interrupt Controller DT bindings located at: Documentation/devicetree/bindings/interrupt-controller/riscv,cpu-intc.txt Co-developed-by: Palmer Dabbelt Signed-off-by: Anup Patel [Palmer: Cleaned up warnings] Signed-off-by: Palmer Dabbelt commit d175d699df07041befda3779f29bf7126c298730 Author: Anup Patel Date: Mon Jun 1 14:45:39 2020 +0530 RISC-V: Rename and move plic_find_hart_id() to arch directory The plic_find_hart_id() can be useful to other interrupt controller drivers (such as RISC-V local interrupt driver) so we rename this function to riscv_of_parent_hartid() and place it in arch directory along with riscv_of_processor_hartid(). Signed-off-by: Anup Patel Reviewed-by: Atish Patra Reviewed-by: Palmer Dabbelt Acked-by: Palmer Dabbelt Signed-off-by: Palmer Dabbelt Reviewed-by: Marc Zyngier Signed-off-by: Palmer Dabbelt commit 5cf998ba8c7bbbfec3e0d6534c9a3f860ab9920e Author: Anup Patel Date: Mon Jun 1 14:45:38 2020 +0530 RISC-V: self-contained IPI handling routine Currently, the IPI handling routine riscv_software_interrupt() does not take any argument and also does not perform irq_enter()/irq_exit(). This patch makes IPI handling routine more self-contained by: 1. Passing "pt_regs *" argument 2. Explicitly doing irq_enter()/irq_exit() 3. Explicitly save/restore "pt_regs *" using set_irq_regs() With above changes, IPI handling routine does not depend on caller function to perform irq_enter()/irq_exit() and save/restore of "pt_regs *" hence its more self-contained. This also enables us to call IPI handling routine from IRQCHIP drivers. Signed-off-by: Anup Patel Reviewed-by: Atish Patra Reviewed-by: Palmer Dabbelt Acked-by: Palmer Dabbelt Signed-off-by: Palmer Dabbelt commit e8c7ef7d5819cb7ece70ce0d22bce63ca45a29e2 Author: Palmer Dabbelt Date: Thu Jun 4 13:55:14 2020 -0700 RISC-V: Sort select statements alphanumerically Like patch b1b3f49 ("ARM: config: sort select statements alphanumerically") , we sort all our select statements alphanumerically by using the perl script in patch b1b3f49 as above. As suggested by Andrew Morton: This is a pet peeve of mine. Any time there's a long list of items (header file inclusions, kconfig entries, array initalisers, etc) and someone wants to add a new item, they *always* go and stick it at the end of the list. Guys, don't do this. Either put the new item into a randomly-chosen position or, probably better, alphanumerically sort the list. Suggested-by: Zong Li [Palmer: Re-ran the script, as there were predictably a bunch of conflicts] Signed-off-by: Palmer Dabbelt commit f47c24033a1ac3a08e745f50a28c3dd2c5cceda2 Author: Denis Efremov Date: Fri Jun 5 10:59:34 2020 +0300 scsi: storvsc: Remove memset before memory freeing in storvsc_suspend() Remove memset with 0 for stor_device->stor_chns in storvsc_suspend() before the call to kfree() as the memory contains no sensitive information. Link: https://lore.kernel.org/r/20200605075934.8403-1-efremov@linux.com Fixes: 56fb10585934 ("scsi: storvsc: Add the support of hibernation") Suggested-by: Dexuan Cui Reviewed-by: Dexuan Cui Signed-off-by: Denis Efremov Signed-off-by: Martin K. Petersen commit 89dd9ce784fb64e732676b7958a0278750304567 Author: Dan Carpenter Date: Fri Jun 5 14:02:58 2020 +0300 scsi: cxlflash: Remove an unnecessary NULL check The "cmd" pointer was already dereferenced a couple lines earlier so this NULL check is too late. Fortunately, the pointer can never be NULL and the check can be removed. Link: https://lore.kernel.org/r/20200605110258.GD978434@mwanda Signed-off-by: Dan Carpenter Signed-off-by: Martin K. Petersen commit 4919b33b63c8b69d8dcf2b867431d0e3b6dc6d28 Author: Tyrel Datwyler Date: Wed Jun 3 15:36:32 2020 -0500 scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM The adapter info MAD is used to send the client info and receive the host info as a response. A persistent buffer is used and as such the client info is overwritten after the response. During the course of a normal adapter reset the client info is refreshed in the buffer in preparation for sending the adapter info MAD. However, in the special case of LPM where we reenable the CRQ instead of a full CRQ teardown and reset we fail to refresh the client info in the adapter info buffer. As a result, after Live Partition Migration (LPM) we erroneously report the host's info as our own. [mkp: typos] Link: https://lore.kernel.org/r/20200603203632.18426-1-tyreld@linux.ibm.com Signed-off-by: Tyrel Datwyler Signed-off-by: Martin K. Petersen commit 6555781b3fdec5e94e6914511496144241df7dee Author: Simon Arlott Date: Sat May 30 18:59:44 2020 +0100 scsi: sr: Fix sr_probe() missing deallocate of device minor If the cdrom fails to be registered then the device minor should be deallocated. Link: https://lore.kernel.org/r/072dac4b-8402-4de8-36bd-47e7588969cd@0882a8b5-c6c3-11e9-b005-00805fc181fe Signed-off-by: Simon Arlott Signed-off-by: Martin K. Petersen commit a247e07f8dadba5da9f188aaf4f96db0302146d9 Author: Simon Arlott Date: Sat May 30 18:58:25 2020 +0100 scsi: sr: Fix sr_probe() missing mutex_destroy If the device minor cannot be allocated or the cdrom fails to be registered then the mutex should be destroyed. Link: https://lore.kernel.org/r/06e9de38-eeed-1cab-5e08-e889288935b3@0882a8b5-c6c3-11e9-b005-00805fc181fe Fixes: 51a858817dcd ("scsi: sr: get rid of sr global mutex") Signed-off-by: Simon Arlott Signed-off-by: Martin K. Petersen commit 08e9cbe75facfe08b9017eca37c9f1c5a6490b4a Author: John Hubbard Date: Tue May 26 11:27:09 2020 -0700 scsi: st: Convert convert get_user_pages() --> pin_user_pages() This code was using get_user_pages*(), in a "Case 1" scenario (Direct IO), using the categorization from [1]. That means that it's time to convert the get_user_pages*() + put_page() calls to pin_user_pages*() + unpin_user_pages() calls. There is some helpful background in [2]: basically, this is a small part of fixing a long-standing disconnect between pinning pages, and file systems' use of those pages. Note that this effectively changes the code's behavior as well: it now ultimately calls set_page_dirty_lock(), instead of SetPageDirty().This is probably more accurate. As Christoph Hellwig put it, "set_page_dirty() is only safe if we are dealing with a file backed page where we have reference on the inode it hangs off." [3] Also, this deletes one of the two FIXME comments (about refcounting), because there is nothing wrong with the refcounting at this point. [1] Documentation/core-api/pin_user_pages.rst [2] "Explicit pinning of user-space pages": https://lwn.net/Articles/807108/ [3] https://lore.kernel.org/r/20190723153640.GB720@lst.de Link: https://lore.kernel.org/r/20200526182709.99599-1-jhubbard@nvidia.com Cc: "Kai Mäkisara (Kolumbus)" Cc: Bart Van Assche Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: linux-scsi@vger.kernel.org Acked-by: Kai Mäkisara Signed-off-by: John Hubbard Signed-off-by: Martin K. Petersen commit 987db58737e26c3d995811fefef9632756ca7cec Author: Sudhakar Panneerselvam Date: Sun Jun 7 19:58:33 2020 +0000 scsi: target: Rename target_setup_cmd_from_cdb() to target_cmd_parse_cdb() This commit also removes the unused argument, cdb, that was passed to this function. Link: https://lore.kernel.org/r/1591559913-8388-5-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie Signed-off-by: Sudhakar Panneerselvam Signed-off-by: Martin K. Petersen commit 9e95fb805dc043cc8ed878a08d1583e4097a5f80 Author: Sudhakar Panneerselvam Date: Sun Jun 7 19:58:32 2020 +0000 scsi: target: Fix NULL pointer dereference NULL pointer dereference happens when the following conditions are met: 1) A SCSI command is received for a non-existing LU or cdb initialization fails in target_setup_cmd_from_cdb(). 2) Tracing is enabled. The following call sequences lead to NULL pointer dereference: 1) iscsit_setup_scsi_cmd transport_lookup_cmd_lun <-- lookup fails. or target_setup_cmd_from_cdb() <-- cdb initialization fails iscsit_process_scsi_cmd iscsit_sequence_cmd transport_send_check_condition_and_sense trace_target_cmd_complete <-- NULL dereference 2) target_submit_cmd_map_sgls transport_lookup_cmd_lun <-- lookup fails or target_setup_cmd_from_cdb() <-- cdb initialization fails transport_send_check_condition_and_sense trace_target_cmd_complete <-- NULL dereference In the above sequence, cmd->t_task_cdb is uninitialized which when referenced in trace_target_cmd_complete() causes NULL pointer dereference. The fix is to use the helper, target_cmd_init_cdb() and call it after transport_init_se_cmd() is called, so that cmd->t_task_cdb can be initialized and hence can be referenced in trace_target_cmd_complete(). Link: https://lore.kernel.org/r/1591559913-8388-4-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie Signed-off-by: Sudhakar Panneerselvam Signed-off-by: Martin K. Petersen commit a36840d8002736060f96386cf5dd148f0b0d4fa3 Author: Sudhakar Panneerselvam Date: Sun Jun 7 19:58:31 2020 +0000 scsi: target: Initialize LUN in transport_init_se_cmd() Initialization of orig_fe_lun is moved to transport_init_se_cmd() from transport_lookup_cmd_lun(). This helps for the cases where the SCSI request fails before the call to transport_lookup_cmd_lun() so that trace_target_cmd_complete() can print the LUN information to the trace buffer. Due to this change, the lun parameter is removed from transport_lookup_cmd_lun() and transport_lookup_tmr_lun(). Link: https://lore.kernel.org/r/1591559913-8388-3-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie Signed-off-by: Sudhakar Panneerselvam Signed-off-by: Martin K. Petersen commit f98c2ddf8ba34d8c44bf81f2e7542166d90ce5d9 Author: Sudhakar Panneerselvam Date: Sun Jun 7 19:58:30 2020 +0000 scsi: target: Factor out a new helper, target_cmd_init_cdb() target_setup_cmd_from_cdb() is called after a successful call to transport_lookup_cmd_lun(). The new helper factors out the code that can be called before the call to transport_lookup_cmd_lun(). This helper will be used in an upcoming commit to address NULL pointer dereference. Link: https://lore.kernel.org/r/1591559913-8388-2-git-send-email-sudhakar.panneerselvam@oracle.com Reviewed-by: Mike Christie Signed-off-by: Sudhakar Panneerselvam Signed-off-by: Martin K. Petersen commit c5b856255cbc3b664d686a83fa9397a835e063de Author: Jens Axboe Date: Tue Jun 9 19:23:05 2020 -0600 io_uring: allow O_NONBLOCK async retry We can assume that O_NONBLOCK is always honored, even if we don't have a ->read/write_iter() for the file type. Also unify the read/write checking for allowing async punt, having the write side factoring in the REQ_F_NOWAIT flag as well. Cc: stable@vger.kernel.org Fixes: 490e89676a52 ("io_uring: only force async punt if poll based retry can't handle it") Signed-off-by: Jens Axboe commit 8ca8d4a841730c02e77bf3c87bf658cc44f364b9 Author: Arnaldo Carvalho de Melo Date: Tue Jun 9 18:16:53 2020 -0300 libbpf: Define __WORDSIZE if not available Some systems, such as Android, don't have a define for __WORDSIZE, do it in terms of __SIZEOF_LONG__, as done in perf since 2012: http://git.kernel.org/torvalds/c/3f34f6c0233ae055b5 For reference: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html I build tested it here and Andrii did some Travis CI build tests too. Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20200608161150.GA3073@kernel.org commit 89dc68533b190117e1a2fb4298d88b96b3580abf Author: Pablo Neira Ayuso Date: Tue Jun 9 23:47:44 2020 +0200 net: flow_offload: remove indirect flow_block declarations leftover Remove function declarations that are not available in the tree anymore. Fixes: 709ffbe19b77 ("net: remove indirect block netdev event registration") Reported-by: Jacob Keller Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller commit 5b14671be58d0084e7e2d1cc9c2c36a94467f6e0 Merge: 52435c86bf0f 9b46418c40fe Author: Linus Torvalds Date: Tue Jun 9 15:48:24 2020 -0700 Merge tag 'fuse-update-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse updates from Miklos Szeredi: - Fix a rare deadlock in virtiofs - Fix st_blocks in writeback cache mode - Fix wrong checks in splice move causing spurious warnings - Fix a race between a GETATTR request and a FUSE_NOTIFY_INVAL_INODE notification - Use rb-tree instead of linear search for pages currently under writeout by userspace - Fix copy_file_range() inconsistencies * tag 'fuse-update-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: copy_file_range should truncate cache fuse: fix copy_file_range cache issues fuse: optimize writepages search fuse: update attr_version counter on fuse_notify_inval_inode() fuse: don't check refcount after stealing page fuse: fix weird page warning fuse: use dump_page virtiofs: do not use fuse_fill_super_common() for device installation fuse: always allow query of st_dev fuse: always flush dirty data on close(2) fuse: invalidate inode attr in writeback cache mode fuse: Update stale comment in queue_interrupt() fuse: BUG_ON correction in fuse_dev_splice_write() virtiofs: Add mount option and atime behavior to the doc virtiofs: schedule blocking async replies in separate worker commit 52435c86bf0f5c892804912481af7f1a5b95ff2d Merge: 4964dd29140a 2068cf7dfbc6 Author: Linus Torvalds Date: Tue Jun 9 15:40:50 2020 -0700 Merge tag 'ovl-update-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs updates from Miklos Szeredi: "Fixes: - Resolve mount option conflicts consistently - Sync before remount R/O - Fix file handle encoding corner cases - Fix metacopy related issues - Fix an unintialized return value - Add missing permission checks for underlying layers Optimizations: - Allow multipe whiteouts to share an inode - Optimize small writes by inheriting SB_NOSEC from upper layer - Do not call ->syncfs() multiple times for sync(2) - Do not cache negative lookups on upper layer - Make private internal mounts longterm" * tag 'ovl-update-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: (27 commits) ovl: remove unnecessary lock check ovl: make oip->index bool ovl: only pass ->ki_flags to ovl_iocb_to_rwf() ovl: make private mounts longterm ovl: get rid of redundant members in struct ovl_fs ovl: add accessor for ofs->upper_mnt ovl: initialize error in ovl_copy_xattr ovl: drop negative dentry in upper layer ovl: check permission to open real file ovl: call secutiry hook in ovl_real_ioctl() ovl: verify permissions in ovl_path_open() ovl: switch to mounter creds in readdir ovl: pass correct flags for opening real directory ovl: fix redirect traversal on metacopy dentries ovl: initialize OVL_UPPERDATA in ovl_lookup() ovl: use only uppermetacopy state in ovl_lookup() ovl: simplify setting of origin for index lookup ovl: fix out of bounds access warning in ovl_check_fb_len() ovl: return required buffer size for file handles ovl: sync dirty data when remounting to ro mode ... commit 4964dd29140a44e26474dbdca559b7393aba6c39 Merge: 42612e776331 c68421bbad75 Author: Linus Torvalds Date: Tue Jun 9 15:38:46 2020 -0700 Merge tag 'afs-fixes-20200609' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull AFS fixes from David Howells: "A set of small patches to fix some things, most of them minor. - Fix a memory leak in afs_put_sysnames() - Fix an oops in AFS file locking - Fix new use of BUG() - Fix debugging statements containing %px - Remove afs_zero_fid as it's unused - Make afs_zap_data() static" * tag 'afs-fixes-20200609' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: afs: Make afs_zap_data() static afs: Remove afs_zero_fid as it's not used afs: Fix debugging statements with %px to be %p afs: Fix use of BUG() afs: Fix file locking afs: Fix memory leak in afs_put_sysnames() commit 865a6cbb2288f8af7f9dc3b153c61b7014fdcf1e Author: tannerlove Date: Tue Jun 9 17:21:32 2020 -0400 selftests/net: in rxtimestamp getopt_long needs terminating null entry getopt_long requires the last element to be filled with zeros. Otherwise, passing an unrecognized option can cause a segfault. Fixes: 16e781224198 ("selftests/net: Add a test to validate behavior of rx timestamps") Signed-off-by: Tanner Love Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 62a502cc91f97e3ffd312d9b42e8d01a137c63ff Author: Lorenzo Bianconi Date: Tue Jun 9 00:02:39 2020 +0200 net: mvneta: do not redirect frames during reconfiguration Disable frames injection in mvneta_xdp_xmit routine during hw re-configuration in order to avoid hardware hangs Fixes: b0a43db9087a ("net: mvneta: add XDP_TX support") Signed-off-by: Lorenzo Bianconi Signed-off-by: David S. Miller commit 9ac1eafa885a9b2d3becd4f2e622829b1f5b9b86 Author: Stephen Boyd Date: Tue Jun 9 14:18:47 2020 -0700 clk: mediatek: Remove ifr{0,1}_cfg_regs structures These aren't used and the macros that reference them aren't used either. Remove the dead code to avoid compile warnings. Cc: Owen Chen Cc: Mars Cheng Cc: Macpaul Lin Fixes: 1aca9939bf72 ("clk: mediatek: Add MT6765 clock support") Reported-by: kbuild test robot Signed-off-by: Stephen Boyd Link: https://lore.kernel.org/r/20200609211847.27366-1-sboyd@kernel.org commit 45edc7e27445f4d467d915c0e1ef0a7b41270f47 Author: Colin Ian King Date: Tue Jun 2 18:24:35 2020 +0100 clk: baikal-t1: remove redundant assignment to variable 'divider' The variable divider is being initialized with a value that is never read and it is being updated later with a new value. The initialization is redundant and can be removed. Addresses-Coverity: ("Unused value") Signed-off-by: Colin Ian King Link: https://lore.kernel.org/r/20200602172435.70282-1-colin.king@canonical.com Reviewed-by: Serge Semin Signed-off-by: Stephen Boyd commit 8ae91d36ac1a16debb39e372f2a81278bb5b4830 Author: Colin Ian King Date: Tue Jun 2 13:10:30 2020 +0100 clk: baikal-t1: fix spelling mistake "Uncompatible" -> "Incompatible" There is a spelling mistake in a pr_err error message. Fix it. Signed-off-by: Colin Ian King Link: https://lore.kernel.org/r/20200602121030.39132-1-colin.king@canonical.com Reviewed-by: Serge Semin Signed-off-by: Stephen Boyd commit 30b239686b86b1a8097a3b8752b4987b6afed519 Author: Lubomir Rintel Date: Fri Jun 5 08:52:58 2020 +0200 dt-bindings: clock: Add a missing include to MMP Audio Clock binding The include file for input clock in the example was missing, breaking the validation. Signed-off-by: Lubomir Rintel Reported-by: Rob Herring Link: https://lore.kernel.org/r/20200605065258.567858-1-lkundrak@v3.sk Acked-by: Rob Herring Signed-off-by: Stephen Boyd commit c96b6acc8f89a4a7f6258dfe1d077654c11415be Author: Wang Hai Date: Tue Jun 9 22:18:16 2020 +0800 dccp: Fix possible memleak in dccp_init and dccp_fini There are some memory leaks in dccp_init() and dccp_fini(). In dccp_fini() and the error handling path in dccp_init(), free lhash2 is missing. Add inet_hashinfo2_free_mod() to do it. If inet_hashinfo2_init_mod() failed in dccp_init(), percpu_counter_destroy() should be called to destroy dccp_orphan_count. It need to goto out_free_percpu when inet_hashinfo2_init_mod() failed. Fixes: c92c81df93df ("net: dccp: fix kernel crash on module load") Reported-by: Hulk Robot Signed-off-by: Wang Hai Signed-off-by: David S. Miller commit 976ee3b21119dcf5c6d96233d688a1453f29fa83 Author: Shannon Nelson Date: Mon Jun 8 20:41:43 2020 -0700 ionic: wait on queue start until after IFF_UP The netif_running() test looks at __LINK_STATE_START which gets set before ndo_open() is called, there is a window of time between that and when the queues are actually ready to be run. If ionic_check_link_status() notices that the link is up very soon after netif_running() becomes true, it might try to run the queues before they are ready, causing all manner of potential issues. Since the netdev->flags IFF_UP isn't set until after ndo_open() returns, we can wait for that before we allow ionic_check_link_status() to start the queues. On the way back to close, __LINK_STATE_START is cleared before calling ndo_stop(), and IFF_UP is cleared after. Both of these need to be true in order to safely stop the queues from ionic_check_link_status(). Fixes: 49d3b493673a ("ionic: disable the queues on link down") Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller commit 1a3db27ad9a72d033235b9673653962c02e3486e Author: Valentin Longchamp Date: Tue Jun 9 22:11:54 2020 +0200 net: sched: export __netdev_watchdog_up() Since the quiesce/activate rework, __netdev_watchdog_up() is directly called in the ucc_geth driver. Unfortunately, this function is not available for modules and thus ucc_geth cannot be built as a module anymore. Fix it by exporting __netdev_watchdog_up(). Since the commit introducing the regression was backported to stable branches, this one should ideally be as well. Fixes: 79dde73cf9bc ("net/ethernet/freescale: rework quiesce/activate for ucc_geth") Signed-off-by: Valentin Longchamp Signed-off-by: David S. Miller commit 845e0ebb4408d4473cf60d21224a897037e9a77a Author: Cong Wang Date: Mon Jun 8 14:53:01 2020 -0700 net: change addr_list_lock back to static key The dynamic key update for addr_list_lock still causes troubles, for example the following race condition still exists: CPU 0: CPU 1: (RCU read lock) (RTNL lock) dev_mc_seq_show() netdev_update_lockdep_key() -> lockdep_unregister_key() -> netif_addr_lock_bh() because lockdep doesn't provide an API to update it atomically. Therefore, we have to move it back to static keys and use subclass for nest locking like before. In commit 1a33e10e4a95 ("net: partially revert dynamic lockdep key changes"), I already reverted most parts of commit ab92d68fc22f ("net: core: add generic lockdep keys"). This patch reverts the rest and also part of commit f3b0a18bb6cb ("net: remove unnecessary variables and callback"). After this patch, addr_list_lock changes back to using static keys and subclasses to satisfy lockdep. Thanks to dev->lower_level, we do not have to change back to ->ndo_get_lock_subclass(). And hopefully this reduces some syzbot lockdep noises too. Reported-by: syzbot+f3a0e80c34b3fc28ac5e@syzkaller.appspotmail.com Cc: Taehee Yoo Cc: Dmitry Vyukov Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit 751ad34fbad74c3ed4a9ede24764b4253d4faa84 Author: Arnd Bergmann Date: Tue Jun 9 12:51:53 2020 -0700 Input: adi - work around module name confict Making module name conflicts a fatal error breaks sparc64 allmodconfig: Error log: error: the following would cause module name conflict: drivers/char/adi.ko drivers/input/joystick/adi.ko Renaming one of the modules would solve the problem, but then cause other problems because neither of them is automatically loaded and changing the name is likely to break any setup that relies on manually loading it by name. As there is probably no sparc64 system with this kind of ancient joystick attached, work around it by adding a Kconfig dependency that forbids them from both being modules. It is still possible to build the joystick driver if the sparc64 adi driver is built-in. Reported-by: Guenter Roeck Acked-by: Greg Kroah-Hartman Signed-off-by: Arnd Bergmann Reviewed-by: Guenter Roeck Link: https://lore.kernel.org/r/20200609100643.1245061-1-arnd@arndb.de Signed-off-by: Dmitry Torokhov commit 042b1545fe47788e734b0f074a8ae65856015cdf Author: Jesper Dangaard Brouer Date: Tue Jun 9 15:31:52 2020 +0200 bpf: Selftests and tools use struct bpf_devmap_val from uapi Sync tools uapi bpf.h header file and update selftests that use struct bpf_devmap_val. Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/159170951195.2102545.1833108712124273987.stgit@firesoul commit 281920b7e0b31e0a7706433ff58e7d52ac97c327 Author: Jesper Dangaard Brouer Date: Tue Jun 9 15:31:46 2020 +0200 bpf: Devmap adjust uapi for attach bpf program V2: - Defer changing BPF-syscall to start at file-descriptor 1 - Use {} to zero initialise struct. The recent commit fbee97feed9b ("bpf: Add support to attach bpf program to a devmap entry"), introduced ability to attach (and run) a separate XDP bpf_prog for each devmap entry. A bpf_prog is added via a file-descriptor. As zero were a valid FD, not using the feature requires using value minus-1. The UAPI is extended via tail-extending struct bpf_devmap_val and using map->value_size to determine the feature set. This will break older userspace applications not using the bpf_prog feature. Consider an old userspace app that is compiled against newer kernel uapi/bpf.h, it will not know that it need to initialise the member bpf_prog.fd to minus-1. Thus, users will be forced to update source code to get program running on newer kernels. This patch remove the minus-1 checks, and have zero mean feature isn't used. Followup patches either for kernel or libbpf should handle and avoid returning file-descriptor zero in the first place. Fixes: fbee97feed9b ("bpf: Add support to attach bpf program to a devmap entry") Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/159170950687.2102545.7235914718298050113.stgit@firesoul commit 42612e7763315cf5d43c4422781e75f9ee57597a Merge: ad57a1022f9e b7b911d59dac Author: Linus Torvalds Date: Tue Jun 9 11:28:59 2020 -0700 Merge tag 'f2fs-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs Pull f2fs updates from Jaegeuk Kim: "In this round, we've added some knobs to enhance compression feature and harden testing environment. In addition, we've fixed several bugs reported from Android devices such as long discarding latency, device hanging during quota_sync, etc. Enhancements: - support lzo-rle algorithm - add two ioctls to release and reserve blocks for compression - support partial truncation/fiemap on compressed file - introduce sysfs entries to attach IO flags explicitly - add iostat trace point along with read io stat Bug fixes: - fix long discard latency - flush quota data by f2fs_quota_sync correctly - fix to recover parent inode number for power-cut recovery - fix lz4/zstd output buffer budget - parse checkpoint mount option correctly - avoid inifinite loop to wait for flushing node/meta pages - manage discard space correctly And some refactoring and clean up patches were added" * tag 'f2fs-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (51 commits) f2fs: attach IO flags to the missing cases f2fs: add node_io_flag for bio flags likewise data_io_flag f2fs: remove unused parameter of f2fs_put_rpages_mapping() f2fs: handle readonly filesystem in f2fs_ioc_shutdown() f2fs: avoid utf8_strncasecmp() with unstable name f2fs: don't return vmalloc() memory from f2fs_kmalloc() f2fs: fix retry logic in f2fs_write_cache_pages() f2fs: fix wrong discard space f2fs: compress: don't compress any datas after cp stop f2fs: remove unneeded return value of __insert_discard_tree() f2fs: fix wrong value of tracepoint parameter f2fs: protect new segment allocation in expand_inode_data f2fs: code cleanup by removing ifdef macro surrounding f2fs: avoid inifinite loop to wait for flushing node pages at cp_error f2fs: flush dirty meta pages when flushing them f2fs: fix checkpoint=disable:%u%% f2fs: compress: fix zstd data corruption f2fs: add compressed/gc data read IO stat f2fs: fix potential use-after-free issue f2fs: compress: don't handle non-compressed data in workqueue ... commit ad57a1022f9e050a09812d975874b94b4fcb0f46 Merge: 3beff76b5498 fc961522ddbd Author: Linus Torvalds Date: Tue Jun 9 11:24:59 2020 -0700 Merge tag 'exfat-for-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat Pull exfat update from Namjae Jeon: "Bug fixes: - Fix memory leak on mount failure with iocharset= option - Fix incorrect update of stream entry - Fix cluster range validation error Clean-ups: - Remove unused code and unneeded assignment - Rename variables in exfat structure as specification - Reorganize boot sector analysis code - Simplify exfat_utf8_d_hash and exfat_utf8_d_cmp() - Optimize exfat entry cache functions - Improve wording of EXFAT_DEFAULT_IOCHARSET config option New Feature: - Add boot region verification" * tag 'exfat-for-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat: exfat: Fix potential use after free in exfat_load_upcase_table() exfat: fix range validation error in alloc and free cluster exfat: fix incorrect update of stream entry in __exfat_truncate() exfat: fix memory leak in exfat_parse_param() exfat: remove unnecessary reassignment of p_uniname->name_len exfat: standardize checksum calculation exfat: add boot region verification exfat: separate the boot sector analysis exfat: redefine PBR as boot_sector exfat: optimize dir-cache exfat: replace 'time_ms' with 'time_cs' exfat: remove the assignment of 0 to bool variable exfat: Remove unused functions exfat_high_surrogate() and exfat_low_surrogate() exfat: Simplify exfat_utf8_d_hash() for code points above U+FFFF exfat: Improve wording of EXFAT_DEFAULT_IOCHARSET config option exfat: Use a more common logging style exfat: Simplify exfat_utf8_d_cmp() for code points above U+FFFF commit 248e00ac47d64e153b9c50f45aad73cd61894a73 Author: Lorenz Bauer Date: Mon Jun 8 17:22:01 2020 +0100 bpf: cgroup: Allow multi-attach program to replace itself When using BPF_PROG_ATTACH to attach a program to a cgroup in BPF_F_ALLOW_MULTI mode, it is not possible to replace a program with itself. This is because the check for duplicate programs doesn't take the replacement program into account. Replacing a program with itself might seem weird, but it has some uses: first, it allows resetting the associated cgroup storage. Second, it makes the API consistent with the non-ALLOW_MULTI usage, where it is possible to replace a program with itself. Third, it aligns BPF_PROG_ATTACH with bpf_link, where replacing itself is also supported. Sice this code has been refactored a few times this change will only apply to v5.7 and later. Adjustments could be made to commit 1020c1f24a94 ("bpf: Simplify __cgroup_bpf_attach") and commit d7bf2c10af05 ("bpf: allocate cgroup storage entries on attaching bpf programs") as well as commit 324bda9e6c5a ("bpf: multi program support for cgroup+bpf") Fixes: af6eea57437a ("bpf: Implement bpf_link-based cgroup BPF program attachment") Signed-off-by: Lorenz Bauer Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200608162202.94002-1-lmb@cloudflare.com commit 26afa0a4eb3fd87757f9de56ec5db5a03b14e120 Author: David Ahern Date: Mon Jun 8 09:17:23 2020 -0600 bpf: Reset data_meta before running programs attached to devmap entry This is a new context that does not handle metadata at the moment, so mark data_meta invalid. Fixes: fbee97feed9b ("bpf: Add support to attach bpf program to a devmap entry") Signed-off-by: David Ahern Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200608151723.9539-1-dsahern@kernel.org commit 22d5bd6867364b41576a712755271a7d6161abd6 Author: Jean-Philippe Brucker Date: Mon Jun 8 14:45:32 2020 +0200 tracing/probe: Fix bpf_task_fd_query() for kprobes and uprobes Commit 60d53e2c3b75 ("tracing/probe: Split trace_event related data from trace_probe") removed the trace_[ku]probe structure from the trace_event_call->data pointer. As bpf_get_[ku]probe_info() were forgotten in that change, fix them now. These functions are currently only used by the bpf_task_fd_query() syscall handler to collect information about a perf event. Fixes: 60d53e2c3b75 ("tracing/probe: Split trace_event related data from trace_probe") Signed-off-by: Jean-Philippe Brucker Signed-off-by: Alexei Starovoitov Acked-by: Yonghong Song Acked-by: Masami Hiramatsu Link: https://lore.kernel.org/bpf/20200608124531.819838-1-jean-philippe@linaro.org commit 21a85bd601ee50f2796d52c542c46d04e21cedac Author: Lorenz Bauer Date: Mon Jun 8 10:42:57 2020 +0100 scripts: Require pahole v1.16 when generating BTF bpf_iter requires the kernel BTF to be generated with pahole >= 1.16, since otherwise the function definitions that the iterator attaches to are not included. This failure mode is indistiguishable from trying to attach to an iterator that really doesn't exist. Since it's really easy to miss this requirement, bump the pahole version check used at build time to at least 1.16. Fixes: 15d83c4d7cef ("bpf: Allow loading of a bpf_iter program") Suggested-by: Ivan Babrou Signed-off-by: Lorenz Bauer Signed-off-by: Alexei Starovoitov Acked-by: Yonghong Song Link: https://lore.kernel.org/bpf/20200608094257.47366-1-lmb@cloudflare.com commit 75e68e5bf2c7fa9d3e874099139df03d5952a3e1 Author: Jakub Sitnicki Date: Sun Jun 7 22:52:29 2020 +0200 bpf, sockhash: Synchronize delete from bucket list on map free We can end up modifying the sockhash bucket list from two CPUs when a sockhash is being destroyed (sock_hash_free) on one CPU, while a socket that is in the sockhash is unlinking itself from it on another CPU it (sock_hash_delete_from_link). This results in accessing a list element that is in an undefined state as reported by KASAN: | ================================================================== | BUG: KASAN: wild-memory-access in sock_hash_free+0x13c/0x280 | Write of size 8 at addr dead000000000122 by task kworker/2:1/95 | | CPU: 2 PID: 95 Comm: kworker/2:1 Not tainted 5.7.0-rc7-02961-ge22c35ab0038-dirty #691 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014 | Workqueue: events bpf_map_free_deferred | Call Trace: | dump_stack+0x97/0xe0 | ? sock_hash_free+0x13c/0x280 | __kasan_report.cold+0x5/0x40 | ? mark_lock+0xbc1/0xc00 | ? sock_hash_free+0x13c/0x280 | kasan_report+0x38/0x50 | ? sock_hash_free+0x152/0x280 | sock_hash_free+0x13c/0x280 | bpf_map_free_deferred+0xb2/0xd0 | ? bpf_map_charge_finish+0x50/0x50 | ? rcu_read_lock_sched_held+0x81/0xb0 | ? rcu_read_lock_bh_held+0x90/0x90 | process_one_work+0x59a/0xac0 | ? lock_release+0x3b0/0x3b0 | ? pwq_dec_nr_in_flight+0x110/0x110 | ? rwlock_bug.part.0+0x60/0x60 | worker_thread+0x7a/0x680 | ? _raw_spin_unlock_irqrestore+0x4c/0x60 | kthread+0x1cc/0x220 | ? process_one_work+0xac0/0xac0 | ? kthread_create_on_node+0xa0/0xa0 | ret_from_fork+0x24/0x30 | ================================================================== Fix it by reintroducing spin-lock protected critical section around the code that removes the elements from the bucket on sockhash free. To do that we also need to defer processing of removed elements, until out of atomic context so that we can unlink the socket from the map when holding the sock lock. Fixes: 90db6d772f74 ("bpf, sockmap: Remove bucket->lock from sock_{hash|map}_free") Reported-by: Eric Dumazet Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Acked-by: John Fastabend Link: https://lore.kernel.org/bpf/20200607205229.2389672-3-jakub@cloudflare.com commit 33a7c831565c43a7ee2f38c7df4c4a40e1dfdfed Author: Jakub Sitnicki Date: Sun Jun 7 22:52:28 2020 +0200 bpf, sockhash: Fix memory leak when unlinking sockets in sock_hash_free When sockhash gets destroyed while sockets are still linked to it, we will walk the bucket lists and delete the links. However, we are not freeing the list elements after processing them, leaking the memory. The leak can be triggered by close()'ing a sockhash map when it still contains sockets, and observed with kmemleak: unreferenced object 0xffff888116e86f00 (size 64): comm "race_sock_unlin", pid 223, jiffies 4294731063 (age 217.404s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 81 de e8 41 00 00 00 00 c0 69 2f 15 81 88 ff ff ...A.....i/..... backtrace: [<00000000dd089ebb>] sock_hash_update_common+0x4ca/0x760 [<00000000b8219bd5>] sock_hash_update_elem+0x1d2/0x200 [<000000005e2c23de>] __do_sys_bpf+0x2046/0x2990 [<00000000d0084618>] do_syscall_64+0xad/0x9a0 [<000000000d96f263>] entry_SYSCALL_64_after_hwframe+0x49/0xb3 Fix it by freeing the list element when we're done with it. Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Acked-by: John Fastabend Link: https://lore.kernel.org/bpf/20200607205229.2389672-2-jakub@cloudflare.com commit 487082fb7bd2a32b66927d2b22e3a81b072b44f0 Author: dihu Date: Fri Jun 5 16:46:25 2020 +0800 bpf/sockmap: Fix kernel panic at __tcp_bpf_recvmsg When user application calls read() with MSG_PEEK flag to read data of bpf sockmap socket, kernel panic happens at __tcp_bpf_recvmsg+0x12c/0x350. sk_msg is not removed from ingress_msg queue after read out under MSG_PEEK flag is set. Because it's not judged whether sk_msg is the last msg of ingress_msg queue, the next sk_msg may be the head of ingress_msg queue, whose memory address of sg page is invalid. So it's necessary to add check codes to prevent this problem. [20759.125457] BUG: kernel NULL pointer dereference, address: 0000000000000008 [20759.132118] CPU: 53 PID: 51378 Comm: envoy Tainted: G E 5.4.32 #1 [20759.140890] Hardware name: Inspur SA5212M4/YZMB-00370-109, BIOS 4.1.12 06/18/2017 [20759.149734] RIP: 0010:copy_page_to_iter+0xad/0x300 [20759.270877] __tcp_bpf_recvmsg+0x12c/0x350 [20759.276099] tcp_bpf_recvmsg+0x113/0x370 [20759.281137] inet_recvmsg+0x55/0xc0 [20759.285734] __sys_recvfrom+0xc8/0x130 [20759.290566] ? __audit_syscall_entry+0x103/0x130 [20759.296227] ? syscall_trace_enter+0x1d2/0x2d0 [20759.301700] ? __audit_syscall_exit+0x1e4/0x290 [20759.307235] __x64_sys_recvfrom+0x24/0x30 [20759.312226] do_syscall_64+0x55/0x1b0 [20759.316852] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Signed-off-by: dihu Signed-off-by: Alexei Starovoitov Acked-by: John Fastabend Acked-by: Jakub Sitnicki Link: https://lore.kernel.org/bpf/20200605084625.9783-1-anny.hu@linux.alibaba.com commit 3beff76b54986fc3132fb62614875f116bba7701 Author: Linus Torvalds Date: Tue Jun 9 10:39:33 2020 -0700 x86: use proper parentheses around new uaccess macro argument uses __get_kernel_nofault() didn't have the parentheses around the use of 'src' and 'dst' macro arguments, making the casts potentially do the wrong thing. The parentheses aren't necessary with the current very limited use in mm/access.c, but it's bad form, and future use-cases might have very unexpected errors as a result. Do the same for unsafe_copy_loop() while at it, although in that case it is an entirely internal x86 uaccess helper macro that isn't used anywhere else and any other use would be invalid anyway. Fixes: fa94111d9435 ("x86: use non-set_fs based maccess routines") Cc: Christoph Hellwig Cc: Andrew Morton Signed-off-by: Linus Torvalds commit f1084bc60a1ec592011a805a0f925f2f1205897d Author: David Sterba Date: Tue Jun 9 19:22:47 2020 +0200 Revert "fs: remove dio_end_io()" This reverts commit b75b7ca7c27dfd61dba368f390b7d4dc20b3a8cb. The patch restores a helper that was not necessary after direct IO port to iomap infrastructure, which gets reverted. Signed-off-by: David Sterba commit 8e0fa5d7b3df6e7e23e13a7250b00afe32d4e618 Author: David Sterba Date: Tue Jun 9 19:21:48 2020 +0200 Revert "btrfs: remove BTRFS_INODE_READDIO_NEED_LOCK" This reverts commit 5f008163a559d566a0ee1190a0a24f3eec6f1ea7. The patch is a simplification after direct IO port to iomap infrastructure, which gets reverted. Signed-off-by: David Sterba commit f4c48b44080e18d86d7983c1a60ee5a7f9d07e3e Author: David Sterba Date: Tue Jun 9 19:19:27 2020 +0200 Revert "btrfs: split btrfs_direct_IO to read and write part" This reverts commit d8f3e73587ce574f7a9bc165e0db69b0b148f6f8. The patch is a cleanup of direct IO port to iomap infrastructure, which gets reverted. Signed-off-by: David Sterba commit c68421bbad755a280851afff0fb236dd4e53e684 Author: David Howells Date: Mon Feb 10 10:00:22 2020 +0000 afs: Make afs_zap_data() static Make afs_zap_data() static as it's only used in the file in which it is defined. Signed-off-by: David Howells commit 4a06fa5403832ce65986654e46042796f4e6123d Author: David Howells Date: Thu Feb 6 14:22:27 2020 +0000 afs: Remove afs_zero_fid as it's not used Remove afs_zero_fid as it's not used. Signed-off-by: David Howells commit fed79fd7834027c152a1491a42be252eb1c2a6b5 Author: David Howells Date: Tue Jun 9 16:25:02 2020 +0100 afs: Fix debugging statements with %px to be %p Fix a couple of %px to be %p in debugging statements. Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept") Fixes: 8a070a964877 ("afs: Detect cell aliases 1 - Cells with root volumes") Reported-by: Kees Cook Signed-off-by: David Howells Reviewed-by: Kees Cook commit f9639f9a779ac0381cabfb793915851a89424f9f Author: Tomi Valkeinen Date: Tue Jun 9 13:29:58 2020 +0300 ARM: dts: am437x-sk-evm: remove lcd timings LCD timings now come from panel-simple. Having timings in the DT will cause a WARN. Signed-off-by: Tomi Valkeinen Signed-off-by: Tony Lindgren commit d1e521adad250ab8c979861c857fa2b1542c9741 Merge: 595a56ac1b0d 388d8bdb87e0 Author: Linus Torvalds Date: Tue Jun 9 10:06:18 2020 -0700 Merge tag 'trace-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing updates from Steven Rostedt: "No new features this release. Mostly clean ups, restructuring and documentation. - Have ftrace_bug() show ftrace errors before the WARN, as the WARN will reboot the box before the error messages are printed if panic_on_warn is set. - Have traceoff_on_warn disable tracing sooner (before prints) - Write a message to the trace buffer that its being disabled when disable_trace_on_warning() is set. - Separate out synthetic events from histogram code to let it be used by other parts of the kernel. - More documentation on histogram design. - Other small fixes and clean ups" * tag 'trace-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Remove obsolete PREEMPTIRQ_EVENTS kconfig option tracing/doc: Fix ascii-art in histogram-design.rst tracing: Add a trace print when traceoff_on_warning is triggered ftrace,bug: Improve traceoff_on_warn selftests/ftrace: Distinguish between hist and synthetic event checks tracing: Move synthetic events to a separate file tracing: Fix events.rst section numbering tracing/doc: Fix typos in histogram-design.rst tracing: Add hist_debug trace event files for histogram debugging tracing: Add histogram-design document tracing: Check state.disabled in synth event trace functions tracing/probe: reverse arguments to list_add tools/bootconfig: Add a summary of test cases and return error ftrace: show debugging information when panic_on_warn set commit 595a56ac1b0d5f0a16a89589ef55ffd35c1967a2 Merge: fc2fb38c8550 6d6861d45e38 Author: Linus Torvalds Date: Tue Jun 9 10:04:47 2020 -0700 Merge tag 'linux-kselftest-kunit-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull Kunit updates from Shuah Khan: "This consists of: - Several config fragment fixes from Anders Roxell to improve test coverage. - Improvements to kunit run script to use defconfig as default and restructure the code for config/build/exec/parse from Vitor Massaru Iha and David Gow. - Miscellaneous documentation warn fix" * tag 'linux-kselftest-kunit-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: security: apparmor: default KUNIT_* fragments to KUNIT_ALL_TESTS fs: ext4: default KUNIT_* fragments to KUNIT_ALL_TESTS drivers: base: default KUNIT_* fragments to KUNIT_ALL_TESTS lib: Kconfig.debug: default KUNIT_* fragments to KUNIT_ALL_TESTS kunit: default KUNIT_* fragments to KUNIT_ALL_TESTS kunit: Kconfig: enable a KUNIT_ALL_TESTS fragment kunit: Fix TabError, remove defconfig code and handle when there is no kunitconfig kunit: use KUnit defconfig by default kunit: use --build_dir=.kunit as default Documentation: test.h - fix warnings kunit: kunit_tool: Separate out config/build/exec/parse commit fc2fb38c85508a875fc2e95f1e14e0bdcf59e1e9 Merge: a5ad5742f671 382561a0f11c Author: Linus Torvalds Date: Tue Jun 9 10:03:12 2020 -0700 Merge tag 'linux-kselftest-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kselftest updates from Shuah Khan: "This consists of: - Several fixes from Masami Hiramatsu to improve coverage for lib and sysctl tests. - Clean up to vdso test and a new test for getcpu() from Mark Brown. - Add new gen_tar selftests Makefile target generate selftest package running "make gen_tar" in selftests directory from Veronika Kabatova. - Other miscellaneous fixes to timens, exec, tpm2 tests" * tag 'linux-kselftest-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests/sysctl: Make sysctl test driver as a module selftests/sysctl: Fix to load test_sysctl module lib: Make test_sysctl initialized as module lib: Make prime number generator independently selectable selftests/ftrace: Return unsupported if no error_log file selftests/ftrace: Use printf for backslash included command selftests/timens: handle a case when alarm clocks are not supported Kernel selftests: Add check if TPM devices are supported selftests: vdso: Add a selftest for vDSO getcpu() selftests: vdso: Use a header file to prototype parse_vdso API selftests: vdso: Rename vdso_test to vdso_test_gettimeofday selftests/exec: Verify execve of non-regular files fail selftests: introduce gen_tar Makefile target commit a5ad5742f671de906adbf29fbedf0a04705cebad Merge: 013b2deba9a6 4fa7252338a5 Author: Linus Torvalds Date: Tue Jun 9 09:54:46 2020 -0700 Merge branch 'akpm' (patches from Andrew) Merge even more updates from Andrew Morton: - a kernel-wide sweep of show_stack() - pagetable cleanups - abstract out accesses to mmap_sem - prep for mmap_sem scalability work - hch's user acess work Subsystems affected by this patch series: debug, mm/pagemap, mm/maccess, mm/documentation. * emailed patches from Andrew Morton : (93 commits) include/linux/cache.h: expand documentation over __read_mostly maccess: return -ERANGE when probe_kernel_read() fails x86: use non-set_fs based maccess routines maccess: allow architectures to provide kernel probing directly maccess: move user access routines together maccess: always use strict semantics for probe_kernel_read maccess: remove strncpy_from_unsafe tracing/kprobes: handle mixed kernel/userspace probes better bpf: rework the compat kernel probe handling bpf:bpf_seq_printf(): handle potentially unsafe format string better bpf: handle the compat string in bpf_trace_copy_string better bpf: factor out a bpf_trace_copy_string helper maccess: unify the probe kernel arch hooks maccess: remove probe_read_common and probe_write_common maccess: rename strnlen_unsafe_user to strnlen_user_nofault maccess: rename strncpy_from_unsafe_strict to strncpy_from_kernel_nofault maccess: rename strncpy_from_unsafe_user to strncpy_from_user_nofault maccess: update the top of file comment maccess: clarify kerneldoc comments maccess: remove duplicate kerneldoc comments ... commit 013b2deba9a6b80ca02f4fafd7dedf875e9b4450 Author: Oleg Nesterov Date: Mon May 4 18:47:25 2020 +0200 uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned uprobe_write_opcode() must not cross page boundary; prepare_uprobe() relies on arch_uprobe_analyze_insn() which should validate "vaddr" but some architectures (csky, s390, and sparc) don't do this. We can remove the BUG_ON() check in prepare_uprobe() and validate the offset early in __uprobe_register(). The new IS_ALIGNED() check matches the alignment check in arch_prepare_kprobe() on supported architectures, so I think that all insns must be aligned to UPROBE_SWBP_INSN_SIZE. Another problem is __update_ref_ctr() which was wrong from the very beginning, it can read/write outside of kmap'ed page unless "vaddr" is aligned to sizeof(short), __uprobe_register() should check this too. Reported-by: Linus Torvalds Suggested-by: Linus Torvalds Signed-off-by: Oleg Nesterov Reviewed-by: Srikar Dronamraju Acked-by: Christian Borntraeger Tested-by: Sven Schnelle Cc: Steven Rostedt Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds commit 4fa7252338a56fbc90220e6330f136a379175a7a Author: Luis Chamberlain Date: Mon Jun 8 21:35:07 2020 -0700 include/linux/cache.h: expand documentation over __read_mostly __read_mostly can easily be misused by folks, its not meant for just read-only data. There are performance reasons for using it, but we also don't provide any guidance about its use. Provide a bit more guidance over its use. Signed-off-by: Luis Chamberlain Signed-off-by: Andrew Morton Reviewed-by: Kees Cook Acked-by: Christoph Lameter Acked-by: Rafael Aquini Cc: Arnd Bergmann Cc: Matthew Wilcox Link: http://lkml.kernel.org/r/20200507161424.2584-1-mcgrof@kernel.org Signed-off-by: Linus Torvalds commit 2a71e81d32198785387c8bc0f2cc5d78f84e2e78 Author: Christoph Hellwig Date: Mon Jun 8 21:35:04 2020 -0700 maccess: return -ERANGE when probe_kernel_read() fails Allow the callers to distinguish a real unmapped address vs a range that can't be probed. Suggested-by: Masami Hiramatsu Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Reviewed-by: Masami Hiramatsu Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-24-hch@lst.de Signed-off-by: Linus Torvalds commit fa94111d94354de76c47fea6e1187d1ee91e23a7 Author: Christoph Hellwig Date: Mon Jun 8 21:35:01 2020 -0700 x86: use non-set_fs based maccess routines Provide arch_kernel_read and arch_kernel_write routines to implement the maccess routines without messing with set_fs and without stac/clac that opens up access to user space. [akpm@linux-foundation.org: coding style fixes] Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-20-hch@lst.de Signed-off-by: Linus Torvalds commit b58294ead14cde8081853487929adca821ed630d Author: Christoph Hellwig Date: Mon Jun 8 21:34:58 2020 -0700 maccess: allow architectures to provide kernel probing directly Provide alternative versions of probe_kernel_read, probe_kernel_write and strncpy_from_kernel_unsafe that don't need set_fs magic, but instead use arch hooks that are modelled after unsafe_{get,put}_user to access kernel memory in an exception safe way. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-19-hch@lst.de Signed-off-by: Linus Torvalds commit fc3562d79456bf1740b44d84b8726d20de8d39bd Author: Christoph Hellwig Date: Mon Jun 8 21:34:55 2020 -0700 maccess: move user access routines together Move kernel access vs user access routines together to ease upcoming ifdefs. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-18-hch@lst.de Signed-off-by: Linus Torvalds commit 98a23609b10364a51a1bb3688f8dd1cd1aa94a9a Author: Christoph Hellwig Date: Mon Jun 8 21:34:50 2020 -0700 maccess: always use strict semantics for probe_kernel_read Except for historical confusion in the kprobes/uprobes and bpf tracers, which has been fixed now, there is no good reason to ever allow user memory accesses from probe_kernel_read. Switch probe_kernel_read to only read from kernel memory. [akpm@linux-foundation.org: update it for "mm, dump_page(): do not crash with invalid mapping pointer"] Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-17-hch@lst.de Signed-off-by: Linus Torvalds commit 7676fbf21b5fa04341c8046c2cbcd1949293e7ec Author: Christoph Hellwig Date: Mon Jun 8 21:34:47 2020 -0700 maccess: remove strncpy_from_unsafe All users are gone now. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-16-hch@lst.de Signed-off-by: Linus Torvalds commit 9de1fec50b23117f0a19f7609cc837ca72e764a6 Author: Christoph Hellwig Date: Mon Jun 8 21:34:44 2020 -0700 tracing/kprobes: handle mixed kernel/userspace probes better Instead of using the dangerous probe_kernel_read and strncpy_from_unsafe helpers, rework probes to try a user probe based on the address if the architecture has a common address space for kernel and userspace. [svens@linux.ibm.com:use strncpy_from_kernel_nofault() in fetch_store_string()] Link: http://lkml.kernel.org/r/20200606181903.49384-1-svens@linux.ibm.com Signed-off-by: Christoph Hellwig Signed-off-by: Sven Schnelle Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-15-hch@lst.de Signed-off-by: Linus Torvalds commit 8d92db5c04d10381f4db70ed99b1b576f5db18a7 Author: Christoph Hellwig Date: Mon Jun 8 21:34:40 2020 -0700 bpf: rework the compat kernel probe handling Instead of using the dangerous probe_kernel_read and strncpy_from_unsafe helpers, rework the compat probes to check if an address is a kernel or userspace one, and then use the low-level kernel or user probe helper shared by the proper kernel and user probe helpers. This slightly changes behavior as the compat probe on a user address doesn't check the lockdown flags, just as the pure user probes do. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-14-hch@lst.de Signed-off-by: Linus Torvalds commit 19c8d8ac63d39578483db0b82107c172d8edfb07 Author: Andrew Morton Date: Mon Jun 8 21:34:37 2020 -0700 bpf:bpf_seq_printf(): handle potentially unsafe format string better User the proper helper for kernel or userspace addresses based on TASK_SIZE instead of the dangerous strncpy_from_unsafe function. Signed-off-by: Andrew Morton Cc: Christoph Hellwig Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Signed-off-by: Linus Torvalds commit aec6ce59133edc4ac04f7d4e2556fdf047becb62 Author: Christoph Hellwig Date: Mon Jun 8 21:34:33 2020 -0700 bpf: handle the compat string in bpf_trace_copy_string better User the proper helper for kernel or userspace addresses based on TASK_SIZE instead of the dangerous strncpy_from_unsafe function. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-13-hch@lst.de Signed-off-by: Linus Torvalds commit d7b2977b816223a884814eea46fbe38e192cec4c Author: Christoph Hellwig Date: Mon Jun 8 21:34:30 2020 -0700 bpf: factor out a bpf_trace_copy_string helper Split out a helper to do the fault free access to the string pointer to get it out of a crazy indentation level. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-12-hch@lst.de Signed-off-by: Linus Torvalds commit eab0c6089b68974ebc6a9a7eab68456eeb6a99c7 Author: Christoph Hellwig Date: Mon Jun 8 21:34:27 2020 -0700 maccess: unify the probe kernel arch hooks Currently architectures have to override every routine that probes kernel memory, which includes a pure read and strcpy, both in strict and not strict variants. Just provide a single arch hooks instead to make sure all architectures cover all the cases. [akpm@linux-foundation.org: fix !CONFIG_X86_64 build] Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-11-hch@lst.de Signed-off-by: Linus Torvalds commit cd0309058f849257f08d1a3dd0c384d1fd20c1e8 Author: Christoph Hellwig Date: Mon Jun 8 21:34:24 2020 -0700 maccess: remove probe_read_common and probe_write_common Each of the helpers has just two callers, which also different in dealing with kernel or userspace pointers. Just open code the logic in the callers. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-10-hch@lst.de Signed-off-by: Linus Torvalds commit 02dddb160ec1dccb51e75f3113654a090bc3963a Author: Christoph Hellwig Date: Mon Jun 8 21:34:20 2020 -0700 maccess: rename strnlen_unsafe_user to strnlen_user_nofault This matches the naming of strnlen_user, and also makes it more clear what the function is supposed to do. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-9-hch@lst.de Signed-off-by: Linus Torvalds commit c4cb164426aebd635baa53685b0ebf1a127e9803 Author: Christoph Hellwig Date: Mon Jun 8 21:34:17 2020 -0700 maccess: rename strncpy_from_unsafe_strict to strncpy_from_kernel_nofault This matches the naming of strncpy_from_user_nofault, and also makes it more clear what the function is supposed to do. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-8-hch@lst.de Signed-off-by: Linus Torvalds commit bd88bb5d4007949be7154deae7cef7173c751a95 Author: Christoph Hellwig Date: Mon Jun 8 21:34:14 2020 -0700 maccess: rename strncpy_from_unsafe_user to strncpy_from_user_nofault This matches the naming of strncpy_from_user, and also makes it more clear what the function is supposed to do. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-7-hch@lst.de Signed-off-by: Linus Torvalds commit 3f0acb1eb3221b37daf065a84df6360e69c1b516 Author: Christoph Hellwig Date: Mon Jun 8 21:34:11 2020 -0700 maccess: update the top of file comment This file now also contains several helpers for accessing user memory. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-6-hch@lst.de Signed-off-by: Linus Torvalds commit 4f6de12b375c37ba51f9412be7ed6ab44a7f71d8 Author: Christoph Hellwig Date: Mon Jun 8 21:34:07 2020 -0700 maccess: clarify kerneldoc comments Add proper kerneldoc comments for probe_kernel_read_strict and probe_kernel_read strncpy_from_unsafe_strict and explain the different versus the non-strict version. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-5-hch@lst.de Signed-off-by: Linus Torvalds commit 3ed740841bf94a8028ec44164d84f9af9bd552fd Author: Christoph Hellwig Date: Mon Jun 8 21:34:04 2020 -0700 maccess: remove duplicate kerneldoc comments Many of the maccess routines have a copy of the kerneldoc comment in the header. Remove it as it is not useful and will get out of sync sooner or later. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-4-hch@lst.de Signed-off-by: Linus Torvalds commit 48c49c0e5f318e7c329d9a0ee6facce30bbb28e6 Author: Christoph Hellwig Date: Mon Jun 8 21:34:01 2020 -0700 maccess: remove various unused weak aliases maccess tends to define lots of underscore prefixed symbols that then have other weak aliases. But except for two cases they are never actually used, so remove them. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-3-hch@lst.de Signed-off-by: Linus Torvalds commit 0493cb086353e786be56010780a0b7025b5db34c Author: Christoph Hellwig Date: Mon Jun 8 21:33:58 2020 -0700 maccess: unexport probe_kernel_write() Patch series "clean up and streamline probe_kernel_* and friends", v4. This series start cleaning up the safe kernel and user memory probing helpers in mm/maccess.c, and then allows architectures to implement the kernel probing without overriding the address space limit and temporarily allowing access to user memory. It then switches x86 over to this new mechanism by reusing the unsafe_* uaccess logic. This version also switches to the saner copy_{from,to}_kernel_nofault naming suggested by Linus. I kept the x86 helpers as-is without calling unsage_{get,put}_user as that avoids a number of hard to trace casts, and it will still work with the asm-goto based version easily. This patch (of 20): probe_kernel_write() is not used by any modular code. [sfr@canb.auug.org.au: turns out that probe_user_write is used in modular code] Link: http://lkml.kernel.org/r/20200602195741.4faaa348@canb.auug.org.au Signed-off-by: Christoph Hellwig Signed-off-by: Stephen Rothwell Signed-off-by: Andrew Morton Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Masami Hiramatsu Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200521152301.2587579-1-hch@lst.de Link: http://lkml.kernel.org/r/20200521152301.2587579-2-hch@lst.de Signed-off-by: Linus Torvalds commit c1e8d7c6a7a682e1405e3e242d32fc377fd196ff Author: Michel Lespinasse Date: Mon Jun 8 21:33:54 2020 -0700 mmap locking API: convert mmap_sem comments Convert comments that reference mmap_sem to reference mmap_lock instead. [akpm@linux-foundation.org: fix up linux-next leftovers] [akpm@linux-foundation.org: s/lockaphore/lock/, per Vlastimil] [akpm@linux-foundation.org: more linux-next fixups, per Michel] Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Vlastimil Babka Reviewed-by: Daniel Jordan Cc: Davidlohr Bueso Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Laurent Dufour Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-13-walken@google.com Signed-off-by: Linus Torvalds commit 3e4e28c5a8f01ee4174d639e36ed155ade489a6f Author: Michel Lespinasse Date: Mon Jun 8 21:33:51 2020 -0700 mmap locking API: convert mmap_sem API comments Convert comments that reference old mmap_sem APIs to reference corresponding new mmap locking APIs instead. Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Vlastimil Babka Reviewed-by: Davidlohr Bueso Reviewed-by: Daniel Jordan Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Laurent Dufour Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-12-walken@google.com Signed-off-by: Linus Torvalds commit da1c55f1b272f4bd54671d459b39ea7b54944ef9 Author: Michel Lespinasse Date: Mon Jun 8 21:33:47 2020 -0700 mmap locking API: rename mmap_sem to mmap_lock Rename the mmap_sem field to mmap_lock. Any new uses of this lock should now go through the new mmap locking api. The mmap_lock is still implemented as a rwsem, though this could change in the future. [akpm@linux-foundation.org: fix it for mm-gup-might_lock_readmmap_sem-in-get_user_pages_fast.patch] Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Vlastimil Babka Reviewed-by: Davidlohr Bueso Reviewed-by: Daniel Jordan Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Laurent Dufour Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-11-walken@google.com Signed-off-by: Linus Torvalds commit 42fc541404f249778e752ab39c8bc25fcb2dbe1e Author: Michel Lespinasse Date: Mon Jun 8 21:33:44 2020 -0700 mmap locking API: add mmap_assert_locked() and mmap_assert_write_locked() Add new APIs to assert that mmap_sem is held. Using this instead of rwsem_is_locked and lockdep_assert_held[_write] makes the assertions more tolerant of future changes to the lock type. Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Vlastimil Babka Reviewed-by: Daniel Jordan Cc: Davidlohr Bueso Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Laurent Dufour Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-10-walken@google.com Signed-off-by: Linus Torvalds commit 14c3656b7284a8649496584869e8c6642ec1abbb Author: Michel Lespinasse Date: Mon Jun 8 21:33:40 2020 -0700 mmap locking API: add MMAP_LOCK_INITIALIZER Define a new initializer for the mmap locking api. Initially this just evaluates to __RWSEM_INITIALIZER as the API is defined as wrappers around rwsem. Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Laurent Dufour Reviewed-by: Vlastimil Babka Reviewed-by: Daniel Jordan Cc: Davidlohr Bueso Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-9-walken@google.com Signed-off-by: Linus Torvalds commit 0cc55a0213a02b760ade1d4755fdccfbf7d3157e Author: Michel Lespinasse Date: Mon Jun 8 21:33:37 2020 -0700 mmap locking API: add mmap_read_trylock_non_owner() Add a couple APIs used by kernel/bpf/stackmap.c only: - mmap_read_trylock_non_owner() - mmap_read_unlock_non_owner() (may be called from a work queue). It's still not ideal that bpf/stackmap subverts the lock ownership in this way. Thanks to Peter Zijlstra for suggesting this API as the least-ugly way of addressing this in the short term. Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Daniel Jordan Reviewed-by: Vlastimil Babka Reviewed-by: Davidlohr Bueso Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Laurent Dufour Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-8-walken@google.com Signed-off-by: Linus Torvalds commit aaa2cc56c1cd757efec88a4978ffce4cbf884352 Author: Michel Lespinasse Date: Mon Jun 8 21:33:33 2020 -0700 mmap locking API: convert nested write lock sites Add API for nested write locks and convert the few call sites doing that. Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Daniel Jordan Reviewed-by: Laurent Dufour Reviewed-by: Vlastimil Babka Cc: Davidlohr Bueso Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-7-walken@google.com Signed-off-by: Linus Torvalds commit 89154dd5313f774d3a592451360b78442571b1f8 Author: Michel Lespinasse Date: Mon Jun 8 21:33:29 2020 -0700 mmap locking API: convert mmap_sem call sites missed by coccinelle Convert the last few remaining mmap_sem rwsem calls to use the new mmap locking API. These were missed by coccinelle for some reason (I think coccinelle does not support some of the preprocessor constructs in these files ?) [akpm@linux-foundation.org: convert linux-next leftovers] [akpm@linux-foundation.org: more linux-next leftovers] [akpm@linux-foundation.org: more linux-next leftovers] Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Daniel Jordan Reviewed-by: Laurent Dufour Reviewed-by: Vlastimil Babka Cc: Davidlohr Bueso Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-6-walken@google.com Signed-off-by: Linus Torvalds commit d8ed45c5dcd455fc5848d47f86883a1b872ac0d0 Author: Michel Lespinasse Date: Mon Jun 8 21:33:25 2020 -0700 mmap locking API: use coccinelle to convert mmap_sem rwsem call sites This change converts the existing mmap_sem rwsem calls to use the new mmap locking API instead. The change is generated using coccinelle with the following rule: // spatch --sp-file mmap_lock_api.cocci --in-place --include-headers --dir . @@ expression mm; @@ ( -init_rwsem +mmap_init_lock | -down_write +mmap_write_lock | -down_write_killable +mmap_write_lock_killable | -down_write_trylock +mmap_write_trylock | -up_write +mmap_write_unlock | -downgrade_write +mmap_write_downgrade | -down_read +mmap_read_lock | -down_read_killable +mmap_read_lock_killable | -down_read_trylock +mmap_read_trylock | -up_read +mmap_read_unlock ) -(&mm->mmap_sem) +(mm) Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Daniel Jordan Reviewed-by: Laurent Dufour Reviewed-by: Vlastimil Babka Cc: Davidlohr Bueso Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-5-walken@google.com Signed-off-by: Linus Torvalds commit 0adf65f53aae86aa86d8dccada02890545de8938 Author: Michel Lespinasse Date: Mon Jun 8 21:33:21 2020 -0700 DMA reservations: use the new mmap locking API This use is converted manually ahead of the next patch in the series, as it requires including a new header which the automated conversion would miss. Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Daniel Jordan Reviewed-by: Laurent Dufour Reviewed-by: Vlastimil Babka Cc: Davidlohr Bueso Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-4-walken@google.com Signed-off-by: Linus Torvalds commit b72327fc8dfc1babce18526239b08724b95ef5f0 Author: Michel Lespinasse Date: Mon Jun 8 21:33:18 2020 -0700 MMU notifier: use the new mmap locking API This use is converted manually ahead of the next patch in the series, as it requires including a new header which the automated conversion would miss. Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Daniel Jordan Reviewed-by: Davidlohr Bueso Reviewed-by: Laurent Dufour Reviewed-by: Vlastimil Babka Cc: David Rientjes Cc: Hugh Dickins Cc: Jason Gunthorpe Cc: Jerome Glisse Cc: John Hubbard Cc: Liam Howlett Cc: Matthew Wilcox Cc: Peter Zijlstra Cc: Ying Han Link: http://lkml.kernel.org/r/20200520052908.204642-3-walken@google.com Signed-off-by: Linus Torvalds commit 9740ca4e95b43b91a4a848694a20d01ba6818f7b Author: Michel Lespinasse Date: Mon Jun 8 21:33:14 2020 -0700 mmap locking API: initial implementation as rwsem wrappers This patch series adds a new mmap locking API replacing the existing mmap_sem lock and unlocks. Initially the API is just implemente in terms of inlined rwsem calls, so it doesn't provide any new functionality. There are two justifications for the new API: - At first, it provides an easy hooking point to instrument mmap_sem locking latencies independently of any other rwsems. - In the future, it may be a starting point for replacing the rwsem implementation with a different one, such as range locks. This is something that is being explored, even though there is no wide concensus about this possible direction yet. (see https://patchwork.kernel.org/cover/11401483/) This patch (of 12): This change wraps the existing mmap_sem related rwsem calls into a new mmap locking API. There are two justifications for the new API: - At first, it provides an easy hooking point to instrument mmap_sem locking latencies independently of any other rwsems. - In the future, it may be a starting point for replacing the rwsem implementation with a different one, such as range locks. Signed-off-by: Michel Lespinasse Signed-off-by: Andrew Morton Reviewed-by: Daniel Jordan Reviewed-by: Davidlohr Bueso Reviewed-by: Laurent Dufour Reviewed-by: Vlastimil Babka Cc: Peter Zijlstra Cc: Matthew Wilcox Cc: Liam Howlett Cc: Jerome Glisse Cc: David Rientjes Cc: Hugh Dickins Cc: Ying Han Cc: Jason Gunthorpe Cc: John Hubbard Cc: Michel Lespinasse Link: http://lkml.kernel.org/r/20200520052908.204642-1-walken@google.com Link: http://lkml.kernel.org/r/20200520052908.204642-2-walken@google.com Signed-off-by: Linus Torvalds commit 974b9b2c68f3d35a65e80af9657fe378d2439b60 Author: Mike Rapoport Date: Mon Jun 8 21:33:10 2020 -0700 mm: consolidate pte_index() and pte_offset_*() definitions All architectures define pte_index() as (address >> PAGE_SHIFT) & (PTRS_PER_PTE - 1) and all architectures define pte_offset_kernel() as an entry in the array of PTEs indexed by the pte_index(). For the most architectures the pte_offset_kernel() implementation relies on the availability of pmd_page_vaddr() that converts a PMD entry value to the virtual address of the page containing PTEs array. Let's move x86 definitions of the PTE accessors to the generic place in and then simply drop the respective definitions from the other architectures. The architectures that didn't provide pmd_page_vaddr() are updated to have that defined. The generic implementation of pte_offset_kernel() can be overridden by an architecture and alpha makes use of this because it has special ordering requirements for its version of pte_offset_kernel(). [rppt@linux.ibm.com: v2] Link: http://lkml.kernel.org/r/20200514170327.31389-11-rppt@kernel.org [rppt@linux.ibm.com: update] Link: http://lkml.kernel.org/r/20200514170327.31389-12-rppt@kernel.org [rppt@linux.ibm.com: update] Link: http://lkml.kernel.org/r/20200514170327.31389-13-rppt@kernel.org [akpm@linux-foundation.org: fix x86 warning] [sfr@canb.auug.org.au: fix powerpc build] Link: http://lkml.kernel.org/r/20200607153443.GB738695@linux.ibm.com Signed-off-by: Mike Rapoport Signed-off-by: Stephen Rothwell Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brian Cain Cc: Catalin Marinas Cc: Chris Zankel Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: Ingo Molnar Cc: Ley Foon Tan Cc: Mark Salter Cc: Matthew Wilcox Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Tony Luck Cc: Vincent Chen Cc: Vineet Gupta Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200514170327.31389-10-rppt@kernel.org Signed-off-by: Linus Torvalds commit e05c7b1f2bc4b7b28199b9a7572f73436d97317e Author: Mike Rapoport Date: Mon Jun 8 21:33:05 2020 -0700 mm: pgtable: add shortcuts for accessing kernel PMD and PTE The powerpc 32-bit implementation of pgtable has nice shortcuts for accessing kernel PMD and PTE for a given virtual address. Make these helpers available for all architectures. [rppt@linux.ibm.com: microblaze: fix page table traversal in setup_rt_frame()] Link: http://lkml.kernel.org/r/20200518191511.GD1118872@kernel.org [akpm@linux-foundation.org: s/pmd_ptr_k/pmd_off_k/ in various powerpc places] Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brian Cain Cc: Catalin Marinas Cc: Chris Zankel Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: Ingo Molnar Cc: Ley Foon Tan Cc: Mark Salter Cc: Matthew Wilcox Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Tony Luck Cc: Vincent Chen Cc: Vineet Gupta Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200514170327.31389-9-rppt@kernel.org Signed-off-by: Linus Torvalds commit 88107d330de4f175705a3ea03147feb0d7e68499 Author: Mike Rapoport Date: Mon Jun 8 21:33:01 2020 -0700 x86/mm: simplify init_trampoline() and surrounding logic There are three cases for the trampoline initialization: * 32-bit does nothing * 64-bit with kaslr disabled simply copies a PGD entry from the direct map to the trampoline PGD * 64-bit with kaslr enabled maps the real mode trampoline at PUD level These cases are currently differentiated by a bunch of ifdefs inside asm/include/pgtable.h and the case of 64-bits with kaslr on uses pgd_index() helper. Replacing the ifdefs with a static function in arch/x86/mm/init.c gives clearer code and allows moving pgd_index() to the generic implementation in include/linux/pgtable.h [rppt@linux.ibm.com: take CONFIG_RANDOMIZE_MEMORY into account in kaslr_enabled()] Link: http://lkml.kernel.org/r/20200525104045.GB13212@linux.ibm.com Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brian Cain Cc: Catalin Marinas Cc: Chris Zankel Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: Ingo Molnar Cc: Ley Foon Tan Cc: Mark Salter Cc: Matthew Wilcox Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Tony Luck Cc: Vincent Chen Cc: Vineet Gupta Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200514170327.31389-8-rppt@kernel.org Signed-off-by: Linus Torvalds commit 1bcdc68d6a69440ff82c3e492cd383059852bdd7 Author: Mike Rapoport Date: Mon Jun 8 21:32:56 2020 -0700 m68k/mm: move {cache,nocahe}_page() definitions close to their user The cache_page() and nocache_page() functions are only used by the motorola MMU variant for setting caching attributes for the page table pages. Move the definitions of these functions from arch/m68k/include/asm/motorola_pgtable.h closer to their usage in arch/m68k/mm/motorola.c and drop unused definition in arch/m68k/include/asm/mcf_pgtable.h. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Acked-by: Greg Ungerer Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brian Cain Cc: Catalin Marinas Cc: Chris Zankel Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: Ingo Molnar Cc: Ley Foon Tan Cc: Mark Salter Cc: Matthew Wilcox Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Tony Luck Cc: Vincent Chen Cc: Vineet Gupta Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200514170327.31389-7-rppt@kernel.org Signed-off-by: Linus Torvalds commit e73240be691e1b081190125da67cd38822b8d5f8 Author: Mike Rapoport Date: Mon Jun 8 21:32:51 2020 -0700 m68k/mm/motorola: move comment about page table allocation funcitons The comment about page table allocation functions resides in include/asm/motorola_pgtable.h while the functions live in include/asm/motorola_pgaloc.h. Move the comment close to the code. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brian Cain Cc: Catalin Marinas Cc: Chris Zankel Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: Ingo Molnar Cc: Ley Foon Tan Cc: Mark Salter Cc: Matthew Wilcox Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Tony Luck Cc: Vincent Chen Cc: Vineet Gupta Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200514170327.31389-6-rppt@kernel.org Signed-off-by: Linus Torvalds commit c910951a85d8fef5a8dabe08df45201f0637690a Author: Mike Rapoport Date: Mon Jun 8 21:32:47 2020 -0700 csky: replace definitions of __pXd_offset() with pXd_index() All architectures use pXd_index() to get an entry in the page table page corresponding to a virtual address. Align csky with other architectures. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brian Cain Cc: Catalin Marinas Cc: Chris Zankel Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: Ingo Molnar Cc: Ley Foon Tan Cc: Mark Salter Cc: Matthew Wilcox Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Tony Luck Cc: Vincent Chen Cc: Vineet Gupta Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200514170327.31389-5-rppt@kernel.org Signed-off-by: Linus Torvalds commit 65fddcfca8ad14778f71a57672fd01e8112d30fa Author: Mike Rapoport Date: Mon Jun 8 21:32:42 2020 -0700 mm: reorder includes after introduction of linux/pgtable.h The replacement of with made the include of the latter in the middle of asm includes. Fix this up with the aid of the below script and manual adjustments here and there. import sys import re if len(sys.argv) is not 3: print "USAGE: %s
" % (sys.argv[0]) sys.exit(1) hdr_to_move="#include " % sys.argv[2] moved = False in_hdrs = False with open(sys.argv[1], "r") as f: lines = f.readlines() for _line in lines: line = _line.rstrip(' ') if line == hdr_to_move: continue if line.startswith("#include Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brian Cain Cc: Catalin Marinas Cc: Chris Zankel Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: Ingo Molnar Cc: Ley Foon Tan Cc: Mark Salter Cc: Matthew Wilcox Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Tony Luck Cc: Vincent Chen Cc: Vineet Gupta Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200514170327.31389-4-rppt@kernel.org Signed-off-by: Linus Torvalds commit ca5999fde0a1761665a38e4c9a72dbcd7d190a81 Author: Mike Rapoport Date: Mon Jun 8 21:32:38 2020 -0700 mm: introduce include/linux/pgtable.h The include/linux/pgtable.h is going to be the home of generic page table manipulation functions. Start with moving asm-generic/pgtable.h to include/linux/pgtable.h and make the latter include asm/pgtable.h. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brian Cain Cc: Catalin Marinas Cc: Chris Zankel Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: Ingo Molnar Cc: Ley Foon Tan Cc: Mark Salter Cc: Matthew Wilcox Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Tony Luck Cc: Vincent Chen Cc: Vineet Gupta Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200514170327.31389-3-rppt@kernel.org Signed-off-by: Linus Torvalds commit e31cf2f4ca422ac9b14ecc4a1295b8977a20f812 Author: Mike Rapoport Date: Mon Jun 8 21:32:33 2020 -0700 mm: don't include asm/pgtable.h if linux/mm.h is already included Patch series "mm: consolidate definitions of page table accessors", v2. The low level page table accessors (pXY_index(), pXY_offset()) are duplicated across all architectures and sometimes more than once. For instance, we have 31 definition of pgd_offset() for 25 supported architectures. Most of these definitions are actually identical and typically it boils down to, e.g. static inline unsigned long pmd_index(unsigned long address) { return (address >> PMD_SHIFT) & (PTRS_PER_PMD - 1); } static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) { return (pmd_t *)pud_page_vaddr(*pud) + pmd_index(address); } These definitions can be shared among 90% of the arches provided XYZ_SHIFT, PTRS_PER_XYZ and xyz_page_vaddr() are defined. For architectures that really need a custom version there is always possibility to override the generic version with the usual ifdefs magic. These patches introduce include/linux/pgtable.h that replaces include/asm-generic/pgtable.h and add the definitions of the page table accessors to the new header. This patch (of 12): The linux/mm.h header includes to allow inlining of the functions involving page table manipulations, e.g. pte_alloc() and pmd_alloc(). So, there is no point to explicitly include in the files that include . The include statements in such cases are remove with a simple loop: for f in $(git grep -l "include ") ; do sed -i -e '/include / d' $f done Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brian Cain Cc: Catalin Marinas Cc: Chris Zankel Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: Ingo Molnar Cc: Ley Foon Tan Cc: Mark Salter Cc: Matthew Wilcox Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Mike Rapoport Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Tony Luck Cc: Vincent Chen Cc: Vineet Gupta Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200514170327.31389-1-rppt@kernel.org Link: http://lkml.kernel.org/r/20200514170327.31389-2-rppt@kernel.org Signed-off-by: Linus Torvalds commit 9cb8f069deeed708bf19486d5893e297dc467ae0 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:32:29 2020 -0700 kernel: rename show_stack_loglvl() => show_stack() Now the last users of show_stack() got converted to use an explicit log level, show_stack_loglvl() can drop it's redundant suffix and become once again well known show_stack(). Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200418201944.482088-51-dima@arista.com Signed-off-by: Linus Torvalds commit fe1993a001094a596576334c56e7a10e4cd69e6c Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:32:26 2020 -0700 kernel: use show_stack_loglvl() Align the last users of show_stack() by KERN_DEFAULT as the surrounding headers/messages. Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Will Deacon Link: http://lkml.kernel.org/r/20200418201944.482088-50-dima@arista.com Signed-off-by: Linus Torvalds commit 8ba09b1dc131ff9bb530967c593e298c600f72c0 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:32:23 2020 -0700 sched: print stack trace with KERN_INFO Aligning with other messages printed in sched_show_task() - use KERN_INFO to print the backtrace. Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Ben Segall Cc: Dietmar Eggemann Cc: Ingo Molnar Cc: Juri Lelli Cc: Mel Gorman Cc: Peter Zijlstra Cc: Steven Rostedt Cc: Vincent Guittot Link: http://lkml.kernel.org/r/20200418201944.482088-49-dima@arista.com Signed-off-by: Linus Torvalds commit 77819daf247aad16beaeb537ae77d1d6d0697ca2 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:32:19 2020 -0700 kdb: don't play with console_loglevel Print the stack trace with KERN_EMERG - it should be always visible. Playing with console_loglevel is a bad idea as there may be more messages printed than wanted. Also the stack trace might be not printed at all if printk() was deferred and console_loglevel was raised back before the trace got flushed. Unfortunately, after rebasing on commit 2277b492582d ("kdb: Fix stack crawling on 'running' CPUs that aren't the master"), kdb_show_stack() uses now kdb_dump_stack_on_cpu(), which for now won't be converted as it uses dump_stack() instead of show_stack(). Convert for now the branch that uses show_stack() and remove console_loglevel exercise from that case. Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Reviewed-by: Douglas Anderson Acked-by: Daniel Thompson Cc: Jason Wessel Link: http://lkml.kernel.org/r/20200418201944.482088-48-dima@arista.com Signed-off-by: Linus Torvalds commit 3f0543780e09d6f475f043f6ce0824106e610fd4 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:32:16 2020 -0700 power: use show_stack_loglvl() Aligning with other watchdog messages just before panic - use KERN_EMERG. Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Acked-by: Rafael J. Wysocki Cc: Greg Kroah-Hartman Cc: Len Brown Cc: Pavel Machek Link: http://lkml.kernel.org/r/20200418201944.482088-47-dima@arista.com Signed-off-by: Linus Torvalds commit 9ed5b01a36a0e40a7450b8a5caf82e0552c41bb3 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:32:13 2020 -0700 x86/amd_gart: print stacktrace for a leak with KERN_ERR It's under CONFIG_IOMMU_LEAK option which is enabled by debug config. Likely the backtrace is worth to be seen - so aligning with log level of error message in iommu_full(). Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200418201944.482088-46-dima@arista.com Signed-off-by: Linus Torvalds commit ab34b46d1a74e98996e67a7da7e5d683ecfd9f57 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:32:10 2020 -0700 sysrq: use show_stack_loglvl() Show the stack trace on a CPU with the same log level as "CPU%d" header. Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Greg Kroah-Hartman Cc: Jiri Slaby Link: http://lkml.kernel.org/r/20200418201944.482088-45-dima@arista.com Signed-off-by: Linus Torvalds commit 20da1e8bb06d0e3ccd172de3e193c987e88013cb Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:32:07 2020 -0700 xtensa: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Chris Zankel Cc: Max Filippov Link: http://lkml.kernel.org/r/20200418201944.482088-44-dima@arista.com Signed-off-by: Linus Torvalds commit 47fb70294976cb1ea110f4fc01ae1bc2f450933a Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:32:04 2020 -0700 xtensa: add loglvl to show_trace() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level argument to show_trace() as a preparation for introducing show_stack_loglvl(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u [rppt@kernel.org: build fix] Link: http://lkml.kernel.org/r/20200511194534.GA1018386@kernel.org Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Chris Zankel Cc: Max Filippov Cc: Mike Rapoport Link: http://lkml.kernel.org/r/20200418201944.482088-43-dima@arista.com Signed-off-by: Linus Torvalds commit a832ff02244e36da0bf4bb3a1aec0ce9a23b0bad Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:32:00 2020 -0700 x86: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200418201944.482088-42-dima@arista.com Signed-off-by: Linus Torvalds commit d46b3df78ad4b4c178f1035a35463cbc0ce768b2 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:57 2020 -0700 x86: add missing const qualifiers for log_lvl Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Keep log_lvl const show_trace_log_lvl() and printk_stack_address() as the new generic show_stack_loglvl() wants to have a proper const qualifier. And gcc rightfully produces warnings in case it's not keept: arch/x86/kernel/dumpstack.c: In function `show_stack': arch/x86/kernel/dumpstack.c:294:37: warning: passing argument 4 of `show_trace_log_lv ' discards `const' qualifier from pointer target type [-Wdiscarded-qualifiers] 294 | show_trace_log_lvl(task, NULL, sp, loglvl); | ^~~~~~ arch/x86/kernel/dumpstack.c:163:32: note: expected `char *' but argument is of type `const char *' 163 | unsigned long *stack, char *log_lvl) | ~~~~~~^~~~~~~ [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200418201944.482088-41-dima@arista.com Signed-off-by: Linus Torvalds commit 5c0884694f7fd1efc846f720f10d190bf708e461 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:54 2020 -0700 unicore32: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). As a nice side-effect - print backtrace in __die() with the same log level as the rest of function. [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Guan Xuetao Link: http://lkml.kernel.org/r/20200418201944.482088-40-dima@arista.com Signed-off-by: Linus Torvalds commit de985dd50158fedde5f2916c1bcf949a0acf5cd0 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:51 2020 -0700 unicore32: add loglvl to c_backtrace() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level parameter to c_backtrace() as a preparation for introducing show_stack_loglvl() [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Guan Xuetao Link: http://lkml.kernel.org/r/20200418201944.482088-39-dima@arista.com Signed-off-by: Linus Torvalds commit ee1e99009e914e4150774f5a717c179545c7699e Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:48 2020 -0700 unicore32: remove unused pmode argument in c_backtrace() The pmode parameter isn't used in assembly - remove it. Second argument will be reused for printk() log level. Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Guan Xuetao Link: http://lkml.kernel.org/r/20200418201944.482088-38-dima@arista.com Signed-off-by: Linus Torvalds commit 1ad87824f4cf16a7f381e1f94943a96bb7a99062 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:45 2020 -0700 um: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Anton Ivanov Cc: Jeff Dike Cc: Richard Weinberger Link: http://lkml.kernel.org/r/20200418201944.482088-37-dima@arista.com Signed-off-by: Linus Torvalds commit 3dd923f39a03dede001afe0edcc08613d5f403e5 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:42 2020 -0700 um/sysrq: remove needless variable sp `sp' is a needless excercise here. Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Anton Ivanov Cc: Jeff Dike Cc: Richard Weinberger Link: http://lkml.kernel.org/r/20200418201944.482088-36-dima@arista.com Signed-off-by: Linus Torvalds commit 13c6371ae576840bcacc0fc8407d7b11572eb7fb Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:39 2020 -0700 sparc: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Acked-by: David S. Miller Link: http://lkml.kernel.org/r/20200418201944.482088-35-dima@arista.com Signed-off-by: Linus Torvalds commit e6e371c4f653db7581072a0a20b32a11a751ebda Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:36 2020 -0700 sh: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Rich Felker Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200418201944.482088-34-dima@arista.com Signed-off-by: Linus Torvalds commit 539e786cc37ee5cb6e051ef5eb72b7a7c03022cf Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:33 2020 -0700 sh: add loglvl to show_trace() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level parameter to show_trace() as a preparation to introduce show_stack_loglvl(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Rich Felker Link: http://lkml.kernel.org/r/20200418201944.482088-33-dima@arista.com Signed-off-by: Linus Torvalds commit 2deebe4d56d638269a4a728086d64de5734b460a Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:30 2020 -0700 sh: add loglvl to printk_address() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level argument to printk_address() as a preparation to introduce show_stack_loglvl(). As a good side-effect show_fault_oops() now prints the address with KERN_EMREG as the rest of output, making sure there won't be situation where "PC: " is printed without actual address. [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Rich Felker Link: http://lkml.kernel.org/r/20200418201944.482088-32-dima@arista.com Signed-off-by: Linus Torvalds commit 8b92f34877225c8eb85e3ab7f1177fc248ba26d0 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:27 2020 -0700 sh: remove needless printk() Currently `data' is always an empty line "". No need for additional printk() call. Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Rich Felker Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200418201944.482088-31-dima@arista.com Signed-off-by: Linus Torvalds commit ebf0a36a32b25fe6ba8a1b6bd3135432ebd9aa5c Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:24 2020 -0700 sh: add loglvl to dump_mem() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level argument to dump_mem() as a preparation to introduce show_stack_loglvl(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Rich Felker Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200418201944.482088-30-dima@arista.com Signed-off-by: Linus Torvalds commit 8539c1288ddc23eef0fe71e1bcecc04b3fc6a9ee Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:20 2020 -0700 s390: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Christian Borntraeger Cc: Heiko Carstens Cc: Vasily Gorbik Link: http://lkml.kernel.org/r/20200418201944.482088-29-dima@arista.com Signed-off-by: Linus Torvalds commit 0b3d43657489711bf927998fde82b5cc575d9400 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:17 2020 -0700 riscv: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Albert Ou Cc: Palmer Dabbelt Cc: Paul Walmsley Link: http://lkml.kernel.org/r/20200418201944.482088-28-dima@arista.com Signed-off-by: Linus Torvalds commit b9677a8cf60995acdd1b36ff59e6b437154bff9e Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:14 2020 -0700 powerpc: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Acked-by: Michael Ellerman (powerpc) Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Link: http://lkml.kernel.org/r/20200418201944.482088-27-dima@arista.com Signed-off-by: Linus Torvalds commit 3481d31bf7473ced5a39fbfd2786b141798b6764 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:11 2020 -0700 parisc: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Helge Deller Cc: "James E.J. Bottomley" Link: http://lkml.kernel.org/r/20200418201944.482088-26-dima@arista.com Signed-off-by: Linus Torvalds commit 0633032f083a53cd33f1171cca38c8ba835d1eba Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:08 2020 -0700 openrisc: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Jonas Bonn Cc: Stafford Horne Cc: Stefan Kristiansson Link: http://lkml.kernel.org/r/20200418201944.482088-25-dima@arista.com Signed-off-by: Linus Torvalds commit 351dd61c3821fe9b6702205d3a894004a9674295 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:05 2020 -0700 nios2: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Ley Foon Tan Link: http://lkml.kernel.org/r/20200418201944.482088-24-dima@arista.com Signed-off-by: Linus Torvalds commit 18a4753f90175a6acfefd4cf3da1bcb163e12216 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:31:02 2020 -0700 nds32: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Greentime Hu Cc: Vincent Chen Link: http://lkml.kernel.org/r/20200418201944.482088-23-dima@arista.com Signed-off-by: Linus Torvalds commit 96f0458a96892dd2f1589a7517724d541e1c4520 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:59 2020 -0700 mips: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: James Hogan Cc: Paul Burton Cc: Ralf Baechle Link: http://lkml.kernel.org/r/20200418201944.482088-22-dima@arista.com Signed-off-by: Linus Torvalds commit 35f3968b499c6dd026a828933b57ebdb11e74cff Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:56 2020 -0700 microblaze: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Michal Simek Link: http://lkml.kernel.org/r/20200418201944.482088-21-dima@arista.com Signed-off-by: Linus Torvalds commit 14b0dd870f6f3b28fad1235b70d1a692db1d6a2f Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:53 2020 -0700 microblaze: add loglvl to microblaze_unwind() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level parameter to microblaze_unwind() as a preparation to add show_stack_loglvl(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Michal Simek Link: http://lkml.kernel.org/r/20200418201944.482088-20-dima@arista.com Signed-off-by: Linus Torvalds commit 77530a5277bcab0433d0f68af11e04a5c4d79039 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:50 2020 -0700 microblaze: add loglvl to microblaze_unwind_inner() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level argument to microblaze_unwind_inner() as a preparation for introducing show_stack_loglvl(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Michal Simek Link: http://lkml.kernel.org/r/20200418201944.482088-19-dima@arista.com Signed-off-by: Linus Torvalds commit ce23c47a5632612dfaa80bd8f861256a419c0abf Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:47 2020 -0700 m68k: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Geert Uytterhoeven Link: http://lkml.kernel.org/r/20200418201944.482088-18-dima@arista.com Signed-off-by: Linus Torvalds commit ffdac29e40545cfb21d347c67daeb72541792ec8 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:44 2020 -0700 ia64: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Fenghua Yu Cc: Tony Luck Link: http://lkml.kernel.org/r/20200418201944.482088-17-dima@arista.com Signed-off-by: Linus Torvalds commit c261ad6ee80e337fb01a9cee91241f195c80f3d1 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:41 2020 -0700 ia64: pass log level as arg into ia64_do_show_stack() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level argument to ia64_do_show_stack() as a preparation to introduce show_stack_loglvl(). Also, make ia64_do_show_stack() static as it's not used outside. [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Fenghua Yu Cc: Tony Luck Link: http://lkml.kernel.org/r/20200418201944.482088-16-dima@arista.com Signed-off-by: Linus Torvalds commit d1e9086dd99b2501a692e9dbccdb211ac6e09d14 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:38 2020 -0700 hexagon: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). As a good side-effect die() now prints the stacktrace with KERN_EMERG aligned with other messages. [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Acked-by: Brian Cain Link: http://lkml.kernel.org/r/20200418201944.482088-15-dima@arista.com Signed-off-by: Linus Torvalds commit 0b2ad0c7ae0fb37dee4e8ae36b887c1d4db1f898 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:35 2020 -0700 h8300: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200418201944.482088-14-dima@arista.com Signed-off-by: Linus Torvalds commit aeeb59d692c1bafecde3dfc47bfd0958fc96dfad Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:32 2020 -0700 csky: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Guo Ren Link: http://lkml.kernel.org/r/20200418201944.482088-13-dima@arista.com Signed-off-by: Linus Torvalds commit a1eea2efdcaa69275294ea2432114369c14b2b8f Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:29 2020 -0700 c6x: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Aurelien Jacquiot Cc: Mark Salter Link: http://lkml.kernel.org/r/20200418201944.482088-12-dima@arista.com Signed-off-by: Linus Torvalds commit c0fe096a8aba4b00c2a928c22b7f6a3ce3e9ca97 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:26 2020 -0700 arm64: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Catalin Marinas Cc: Russell King Cc: Will Deacon Link: http://lkml.kernel.org/r/20200418201944.482088-11-dima@arista.com Signed-off-by: Linus Torvalds commit c76898373f9b71586edaf150190c493ae9ed3e77 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:23 2020 -0700 arm64: add loglvl to dump_backtrace() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level argument to dump_backtrace() as a preparation for introducing show_stack_loglvl(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Catalin Marinas Cc: Russell King Cc: Will Deacon Link: http://lkml.kernel.org/r/20200418201944.482088-10-dima@arista.com Signed-off-by: Linus Torvalds commit a4502d04c7dd075846bb70ebfde3843f9df86f98 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:19 2020 -0700 arm: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Russell King Cc: Will Deacon Link: http://lkml.kernel.org/r/20200418201944.482088-9-dima@arista.com Signed-off-by: Linus Torvalds commit 34135eacae6497d9c7bfca450f6c33e5245c92d2 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:16 2020 -0700 arm: wire up dump_backtrace_{entry,stm} Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Now that c_backtrace() always emits correct loglvl, use it for printing. [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Russell King Cc: Will Deacon Link: http://lkml.kernel.org/r/20200418201944.482088-8-dima@arista.com Signed-off-by: Linus Torvalds commit ee65ca01c62cd89cea6192017806b55c34f1cfda Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:13 2020 -0700 arm: add loglvl to dump_backtrace() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level argument to dump_backtrace() as a preparation for introducing show_stack_loglvl(). As a good side-effect __die() now prints not only "Stack:" header with KERN_EMERG, but the backtrace itself. [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Russell King Cc: Will Deacon Link: http://lkml.kernel.org/r/20200418201944.482088-7-dima@arista.com Signed-off-by: Linus Torvalds commit e8d7b7353216586f64f5bbcc024951e3cab10a60 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:10 2020 -0700 arm: add loglvl to unwind_backtrace() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level argument to unwind_backtrace() as a preparation for introducing show_stack_loglvl(). As a good side-effect arm_syscall() is now printing errors with the same log level as the backtrace. [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Russell King Cc: Will Deacon Link: http://lkml.kernel.org/r/20200418201944.482088-6-dima@arista.com Signed-off-by: Linus Torvalds commit 5489ab50c22771ddcad014968141b0d104d650a3 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:07 2020 -0700 arm/asm: add loglvl to c_backtrace() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Add log level argument to c_backtrace() as a preparation for introducing show_stack_loglvl(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Russell King Cc: Will Deacon Link: http://lkml.kernel.org/r/20200418201944.482088-5-dima@arista.com Signed-off-by: Linus Torvalds commit 8ca4d19932a5649930db29202b285d8e4e96a98a Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:04 2020 -0700 arc: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). As a good side-effect header "Stack Trace:" is now printed with the same log level as the rest of backtrace. [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Vineet Gupta Link: http://lkml.kernel.org/r/20200418201944.482088-4-dima@arista.com Signed-off-by: Linus Torvalds commit 8c49a909872ca757a62ccbfca08784c224d20fdc Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:30:01 2020 -0700 alpha: add show_stack_loglvl() Currently, the log-level of show_stack() depends on a platform realization. It creates situations where the headers are printed with lower log level or higher than the stacktrace (depending on a platform or user). Furthermore, it forces the logic decision from user to an architecture side. In result, some users as sysrq/kdb/etc are doing tricks with temporary rising console_loglevel while printing their messages. And in result it not only may print unwanted messages from other CPUs, but also omit printing at all in the unlucky case where the printk() was deferred. Introducing log-level parameter and KERN_UNSUPPRESSED [1] seems an easier approach than introducing more printk buffers. Also, it will consolidate printings with headers. Introduce show_stack_loglvl(), that eventually will substitute show_stack(). [1]: https://lore.kernel.org/lkml/20190528002412.1625-1-dima@arista.com/T/#u Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Cc: Ivan Kokshaysky Cc: Matt Turner Cc: Richard Henderson Link: http://lkml.kernel.org/r/20200418201944.482088-3-dima@arista.com Signed-off-by: Linus Torvalds commit 2062a4e8ae9f486847652927aaf88e21ab8d195d Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Mon Jun 8 21:29:56 2020 -0700 kallsyms/printk: add loglvl to print_ip_sym() Patch series "Add log level to show_stack()", v3. Add log level argument to show_stack(). Done in three stages: 1. Introducing show_stack_loglvl() for every architecture 2. Migrating old users with an explicit log level 3. Renaming show_stack_loglvl() into show_stack() Justification: - It's a design mistake to move a business-logic decision into platform realization detail. - I have currently two patches sets that would benefit from this work: Removing console_loglevel jumps in sysrq driver [1] Hung task warning before panic [2] - suggested by Tetsuo (but he probably didn't realise what it would involve). - While doing (1), (2) the backtraces were adjusted to headers and other messages for each situation - so there won't be a situation when the backtrace is printed, but the headers are missing because they have lesser log level (or the reverse). - As the result in (2) plays with console_loglevel for kdb are removed. The least important for upstream, but maybe still worth to note that every company I've worked in so far had an off-list patch to print backtrace with the needed log level (but only for the architecture they cared about). If you have other ideas how you will benefit from show_stack() with a log level - please, reply to this cover letter. See also discussion on v1: https://lore.kernel.org/linux-riscv/20191106083538.z5nlpuf64cigxigh@pathway.suse.cz/ This patch (of 50): print_ip_sym() needs to have a log level parameter to comply with other parts being printed. Otherwise, half of the expected backtrace would be printed and other may be missing with some logging level. The following callee(s) are using now the adjusted log level: - microblaze/unwind: the same level as headers & userspace unwind. Note that pr_debug()'s there are for debugging the unwinder itself. - nds32/traps: symbol addresses are printed with the same log level as backtrace headers. - lockdep: ip for locking issues is printed with the same log level as other part of the warning. - sched: ip where preemption was disabled is printed as error like the rest part of the message. - ftrace: bug reports are now consistent in the log level being used. Signed-off-by: Dmitry Safonov Signed-off-by: Andrew Morton Acked-by: Steven Rostedt (VMware) Cc: Albert Ou Cc: Ben Segall Cc: Dietmar Eggemann Cc: Greentime Hu Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: James Hogan Cc: Juri Lelli Cc: Mel Gorman Cc: Michal Simek Cc: Palmer Dabbelt Cc: Paul Burton Cc: Paul Walmsley Cc: Peter Zijlstra Cc: Ralf Baechle Cc: Thomas Gleixner Cc: Vincent Chen Cc: Vincent Guittot Cc: Will Deacon Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: Dmitry Safonov Cc: Jiri Slaby Cc: Petr Mladek Cc: Sergey Senozhatsky Cc: Ivan Kokshaysky Cc: Matt Turner Cc: Richard Henderson Cc: Vineet Gupta Cc: Russell King Cc: Catalin Marinas Cc: Aurelien Jacquiot Cc: Mark Salter Cc: Guo Ren Cc: Yoshinori Sato Cc: Brian Cain Cc: Fenghua Yu Cc: Tony Luck Cc: Geert Uytterhoeven Cc: Ley Foon Tan Cc: Jonas Bonn Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Benjamin Herrenschmidt Cc: Michael Ellerman Cc: Paul Mackerras Cc: Christian Borntraeger Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Rich Felker Cc: "David S. Miller" Cc: Anton Ivanov Cc: Jeff Dike Cc: Richard Weinberger Cc: Guan Xuetao Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Chris Zankel Cc: Max Filippov Cc: Len Brown Cc: Pavel Machek Cc: "Rafael J. Wysocki" Cc: "Rafael J. Wysocki" Cc: Daniel Thompson Cc: Douglas Anderson Cc: Jason Wessel Link: http://lkml.kernel.org/r/20200418201944.482088-2-dima@arista.com Signed-off-by: Linus Torvalds commit 8b4d37db9a566deaf22065ba1ba9b19c9fb964b4 Merge: abfbb29297c2 3798cc4d106e Author: Linus Torvalds Date: Tue Jun 9 09:30:21 2020 -0700 Merge branch 'x86/srbds' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 srbds fixes from Thomas Gleixner: "The 9th episode of the dime novel "The performance killer" with the subtitle "Slow Randomizing Boosts Denial of Service". SRBDS is an MDS-like speculative side channel that can leak bits from the random number generator (RNG) across cores and threads. New microcode serializes the processor access during the execution of RDRAND and RDSEED. This ensures that the shared buffer is overwritten before it is released for reuse. This is equivalent to a full bus lock, which means that many threads running the RNG instructions in parallel have the same effect as the same amount of threads issuing a locked instruction targeting an address which requires locking of two cachelines at once. The mitigation support comes with the usual pile of unpleasant ingredients: - command line options - sysfs file - microcode checks - a list of vulnerable CPUs identified by model and stepping this time which requires stepping match support for the cpu match logic. - the inevitable slowdown of affected CPUs" * branch 'x86/srbds' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/speculation: Add Ivy Bridge to affected list x86/speculation: Add SRBDS vulnerability and mitigation documentation x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation x86/cpu: Add 'table' argument to cpu_matches() commit 9ca0652596bd924a4023db6b429a0aaaea629826 Author: David Howells Date: Tue Jun 9 16:15:45 2020 +0100 afs: Fix use of BUG() Fix afs_compare_addrs() to use WARN_ON(1) instead of BUG() and return 1 (ie. srx_a > srx_b). There's no point trying to put actual error handling in as this should not occur unless a new transport address type is allowed by AFS. And even if it does, in this particular case, it'll just never match unknown types of addresses. This BUG() was more of a 'you need to add a case here' indicator. Reported-by: Kees Cook Signed-off-by: David Howells Reviewed-by: Kees Cook commit ffaecd7d1f88a955f0b321749de8c0158f973afd Author: Ian Rogers Date: Mon Jun 8 22:36:10 2020 -0700 perf parse-events: Fix an old style declaration Fixes: a26e47162d76 (perf tools: Move ALLOC_LIST into a function) Signed-off-by: Ian Rogers Cc: Alexander Shishkin Cc: Andi Kleen Cc: Jiri Olsa Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lore.kernel.org/lkml/20200609053610.206588-2-irogers@google.com Signed-off-by: Arnaldo Carvalho de Melo commit c2412fae3f01725615b0de472095a9e16ed30ca9 Author: Ian Rogers Date: Mon Jun 8 22:36:09 2020 -0700 perf parse-events: Fix an incompatible pointer Arrays are pointer types and don't need their address taking. Fixes: 8255718f4bed (perf pmu: Expand PMU events by prefix match) Signed-off-by: Ian Rogers Cc: Alexander Shishkin Cc: Andi Kleen Cc: Jiri Olsa Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lore.kernel.org/lkml/20200609053610.206588-1-irogers@google.com Signed-off-by: Arnaldo Carvalho de Melo commit d38c692f160ea437585cb1ad1dc8f81c8898b46e Author: Sumanth Korikkar Date: Tue Jun 9 10:10:19 2020 +0200 perf bpf: Fix bpf prologue generation Issue: bpf_probe_read() is no longer available for architecture which has overlapping address space. Hence bpf prologue generation fails Fix: Use bpf_probe_read_kernel for kernel member access. For user attribute access in kprobes, use bpf_probe_read_user. Other: @user attribute was introduced in commit 1e032f7cfa14 ("perf-probe: Add user memory access attribute support") Test: 1. ulimit -l 128 ; ./perf record -e tests/bpf_sched_setscheduler.c 2. cat tests/bpf_sched_setscheduler.c static void (*bpf_trace_printk)(const char *fmt, int fmt_size, ...) = (void *) 6; static int (*bpf_probe_read_user)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 112; static int (*bpf_probe_read_kernel)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 113; SEC("func=do_sched_setscheduler pid policy param->sched_priority@user") int bpf_func__setscheduler(void *ctx, int err, pid_t pid, int policy, int param) { char fmt[] = "prio: %ld"; bpf_trace_printk(fmt, sizeof(fmt), param); return 1; } char _license[] SEC("license") = "GPL"; int _version SEC("version") = LINUX_VERSION_CODE; 3. ./perf script sched 305669 [000] 1614458.838675: perf_bpf_probe:func: (2904e508) pid=261614 policy=2 sched_priority=1 4. cat /sys/kernel/debug/tracing/trace <...>-309956 [006] .... 1616098.093957: 0: prio: 1 Committer testing: I had to add some missing headers in the bpf_sched_setscheduler.c test proggie, then instead of using record+script I used 'perf trace' to drive everything in one go: # cat bpf_sched_setscheduler.c #include #include static void (*bpf_trace_printk)(const char *fmt, int fmt_size, ...) = (void *) 6; static int (*bpf_probe_read_user)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 112; static int (*bpf_probe_read_kernel)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 113; SEC("func=do_sched_setscheduler pid policy param->sched_priority@user") int bpf_func__setscheduler(void *ctx, int err, pid_t pid, int policy, int param) { char fmt[] = "prio: %ld"; bpf_trace_printk(fmt, sizeof(fmt), param); return 1; } char _license[] SEC("license") = "GPL"; int _version SEC("version") = LINUX_VERSION_CODE; # # # perf trace -e bpf_sched_setscheduler.c chrt -f 42 sleep 1 0.000 chrt/80125 perf_bpf_probe:func(__probe_ip: -1676607808, policy: 1, sched_priority: 42) # And even with backtraces :-) # perf trace -e bpf_sched_setscheduler.c/max-stack=8/ chrt -f 42 sleep 1 0.000 chrt/79805 perf_bpf_probe:func(__probe_ip: -1676607808, policy: 1, sched_priority: 42) do_sched_setscheduler ([kernel.kallsyms]) __x64_sys_sched_setscheduler ([kernel.kallsyms]) do_syscall_64 ([kernel.kallsyms]) entry_SYSCALL_64 ([kernel.kallsyms]) __GI___sched_setscheduler (/usr/lib64/libc-2.30.so) # Signed-off-by: Sumanth Korikkar Reviewed-by: Thomas Richter Tested-by: Arnaldo Carvalho de Melo Cc: Heiko Carstens Cc: Ilya Leoshkevich Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: bpf@vger.kernel.org LPU-Reference: 20200609081019.60234-3-sumanthk@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo commit 9256c3031eb9beafa3957c61093104c3c75a6148 Author: Sumanth Korikkar Date: Tue Jun 9 10:10:18 2020 +0200 perf probe: Fix user attribute access in kprobes Issue: # perf probe -a 'do_sched_setscheduler pid policy param->sched_priority@user' did not work before. Fix: Make: # perf probe -a 'do_sched_setscheduler pid policy param->sched_priority@user' output equivalent to ftrace: # echo 'p:probe/do_sched_setscheduler _text+517384 pid=%r2:s32 policy=%r3:s32 sched_priority=+u0(%r4):s32' > /sys/kernel/debug/tracing/kprobe_events Other: 1. Right now, __match_glob() does not handle [u]. For now, use *u]. 2. @user attribute was introduced in commit 1e032f7cfa14 ("perf-probe: Add user memory access attribute support") Test: 1. perf probe -a 'do_sched_setscheduler pid policy param->sched_priority@user' 2 ./perf script sched 305669 [000] 1614458.838675: perf_bpf_probe:func: (2904e508) pid=261614 policy=2 sched_priority=1 3. cat /sys/kernel/debug/tracing/trace <...>-309956 [006] .... 1616098.093957: 0: prio: 1 Committer testing: Before: # perf probe -a 'do_sched_setscheduler pid policy param->sched_priority@user' param(type:sched_param) has no member sched_priority@user. Error: Failed to add events. # pahole sched_param struct sched_param { int sched_priority; /* 0 4 */ /* size: 4, cachelines: 1, members: 1 */ /* last cacheline: 4 bytes */ }; # After: # perf probe -a 'do_sched_setscheduler pid policy param->sched_priority@user' Added new event: probe:do_sched_setscheduler (on do_sched_setscheduler with pid policy sched_priority=param->sched_priority) You can now use it in all perf tools, such as: perf record -e probe:do_sched_setscheduler -aR sleep 1 # cat /sys/kernel/debug/tracing/kprobe_events p:probe/do_sched_setscheduler _text+1113792 pid=%di:s32 policy=%si:s32 sched_priority=+u0(%dx):s32 # Fixes: 1e032f7cfa14 ("perf-probe: Add user memory access attribute support") Signed-off-by: Sumanth Korikkar Reviewed-by: Thomas Richter Acked-by: Masami Hiramatsu Tested-by: Arnaldo Carvalho de Melo Cc: Heiko Carstens Cc: Ilya Leoshkevich Cc: Jiri Olsa Cc: Steven Rostedt (VMware) Cc: bpf@vger.kernel.org LPU-Reference: 20200609081019.60234-2-sumanthk@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo commit c0c652fc705de75f4ba52e93053acc1ed3933e74 Author: Hongbo Yao Date: Fri Jun 5 17:17:40 2020 +0800 perf stat: Fix NULL pointer dereference If config->aggr_map is NULL and config->aggr_get_id is not NULL, the function print_aggr() will still calling arrg_update_shadow(), which can result in accessing the invalid pointer. Fixes: 088519f318be ("perf stat: Move the display functions to stat-display.c") Signed-off-by: Hongbo Yao Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Mark Rutland Cc: Namhyung Kim Cc: Wei Li Link: https://lore.kernel.org/lkml/20200608163625.GC3073@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 11b6e5482e178055ec1f2444b55f2518713809d1 Author: Gaurav Singh Date: Mon Jun 8 13:18:17 2020 -0300 perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events() The 'evname' variable can be NULL, as it is checked a few lines back, check it before using. Fixes: 9e207ddfa207 ("perf report: Show call graph from reference events") Cc: Adrian Hunter Cc: Alexander Shishkin Cc: Ingo Molnar Cc: Jiri Olsa Cc: Kan Liang Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lore.kernel.org/lkml/ Signed-off-by: Gaurav Singh commit dd76c302955de405ea589e36c574f6f10eca99b6 Author: Arnaldo Carvalho de Melo Date: Mon Jun 8 12:28:16 2020 -0300 tools headers UAPI: Sync kvm.h headers with the kernel sources To pick the changes in: f97f5a56f597 ("x86/kvm/hyper-v: Add support for synthetic debugger interface") 850448f35aaf ("KVM: nVMX: Fix VMX preemption timer migration") 2c4c41325540 ("KVM: x86: Print symbolic names of VMX VM-Exit flags in traces") cc440cdad5b7 ("KVM: nSVM: implement KVM_GET_NESTED_STATE and KVM_SET_NESTED_STATE") f7d31e65368a ("x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit") 72de5fa4c161 ("KVM: x86: announce KVM_FEATURE_ASYNC_PF_INT") acd05785e48c ("kvm: add capability for halt polling") 3ecad8c2c1ff ("docs: fix broken references for ReST files that moved around") That do not result in any change in tooling, as the additions are not being used in any table generator. This silences these perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/kvm.h' differs from latest version at 'include/uapi/linux/kvm.h' diff -u tools/include/uapi/linux/kvm.h include/uapi/linux/kvm.h Warning: Kernel ABI header at 'tools/arch/x86/include/uapi/asm/kvm.h' differs from latest version at 'arch/x86/include/uapi/asm/kvm.h' diff -u tools/arch/x86/include/uapi/asm/kvm.h arch/x86/include/uapi/asm/kvm.h Warning: Kernel ABI header at 'tools/arch/x86/include/uapi/asm/vmx.h' differs from latest version at 'arch/x86/include/uapi/asm/vmx.h' diff -u tools/arch/x86/include/uapi/asm/vmx.h arch/x86/include/uapi/asm/vmx.h Cc: Adrian Hunter Cc: David Matlack Cc: Jiri Olsa Cc: Jon Doron Cc: Namhyung Kim Cc: Paolo Bonzini Cc: Peter Shier Cc: Sean Christopherson Cc: Vitaly Kuznetsov Signed-off-by: Arnaldo Carvalho de Melo commit 377cb673cf35ec22878975f7eec0373378d52d3b Author: Arnaldo Carvalho de Melo Date: Mon Jun 8 11:53:23 2020 -0300 tools headers UAPI: Sync drm/i915_drm.h with the kernel sources To pick the change in: 4ef10fe05ba0 ("drm/i915/perf: add new open param to configure polling of OA buffer") 11ecbdddf2f8 ("drm/i915/perf: introduce global sseu pinning") That don't result in any changes in tooling, just silences this perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/drm/i915_drm.h' differs from latest version at 'include/uapi/drm/i915_drm.h' diff -u tools/include/uapi/drm/i915_drm.h include/uapi/drm/i915_drm.h Cc: Adrian Hunter Cc: Jiri Olsa Cc: Lionel Landwerlin Cc: Namhyung Kim Signed-off-by: Arnaldo Carvalho de Melo commit d8e1ef67722bba39a229a289844ac135998a4066 Author: Arnaldo Carvalho de Melo Date: Mon Jun 8 11:44:32 2020 -0300 tools headers UAPI: Sync linux/fscrypt.h with the kernel sources To pick the changes from: e3b1078bedd3 ("fscrypt: add support for IV_INO_LBLK_32 policies") That don't trigger any changes in tooling. This silences this perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/fscrypt.h' differs from latest version at 'include/uapi/linux/fscrypt.h' diff -u tools/include/uapi/linux/fscrypt.h include/uapi/linux/fscrypt.h Cc: Adrian Hunter Cc: Eric Biggers Cc: Jiri Olsa Cc: Namhyung Kim Signed-off-by: Arnaldo Carvalho de Melo commit 5d33cbfedb51f73283f5f995b27e4aecdd614abc Author: Arnaldo Carvalho de Melo Date: Mon Jun 8 11:38:11 2020 -0300 perf beauty: Add support to STATX_MNT_ID in the 'statx' syscall 'mask' argument Introduced in: fa2fcf4f1df1 ("statx: add mount ID") Cc: Adrian Hunter Cc: Jiri Olsa Cc: Miklos Szeredi Cc: Namhyung Kim Signed-off-by: Arnaldo Carvalho de Melo commit 93dc627f48018df6739f09fec9141bce356cf193 Author: Arnaldo Carvalho de Melo Date: Mon Jun 8 11:32:48 2020 -0300 tools headers uapi: Sync linux/stat.h with the kernel sources To pick the changes from: 80340fe3605c ("statx: add mount_root") fa2fcf4f1df1 ("statx: add mount ID") 581701b7efd6 ("uapi: deprecate STATX_ALL") 712b2698e4c0 ("fs/stat: Define DAX statx attribute") These add some constants that will have to be manually added in a followup cset, at some point this should move to the shell based automated way. This silences this perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/stat.h' differs from latest version at 'include/uapi/linux/stat.h' diff -u tools/include/uapi/linux/stat.h include/uapi/linux/stat.h Cc: Adrian Hunter Cc: Darrick J. Wong Cc: Ira Weiny Cc: Jiri Olsa Cc: Miklos Szeredi Cc: Namhyung Kim Signed-off-by: Arnaldo Carvalho de Melo commit 7e579f3a074c9348389ea0cf0491264e1ffbc585 Author: Arnaldo Carvalho de Melo Date: Mon Jun 8 11:23:33 2020 -0300 tools arch x86 uapi: Synch asm/unistd.h with the kernel sources To pick up the change in: 700d3a5a664d ("x86/syscalls: Revert "x86/syscalls: Make __X32_SYSCALL_BIT be unsigned long"") That doesn't trigger any changes in tooling and silences this perf build warning: Warning: Kernel ABI header at 'tools/arch/x86/include/uapi/asm/unistd.h' differs from latest version at 'arch/x86/include/uapi/asm/unistd.h' diff -u tools/arch/x86/include/uapi/asm/unistd.h arch/x86/include/uapi/asm/unistd.h Cc: Adrian Hunter Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Jiri Olsa Cc: Namhyung Kim Signed-off-by: Arnaldo Carvalho de Melo commit 6c3c184fc420a2d8233d0e0f977e7df8051c5edb Author: Arnaldo Carvalho de Melo Date: Fri Jun 5 13:36:38 2020 -0300 tools headers API: Update faccessat2 affected files Update the copies of files affected by: c8ffd8bcdd28 ("vfs: add faccessat2 syscall") To address this perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/fcntl.h' differs from latest version at 'include/uapi/linux/fcntl.h' diff -u tools/include/uapi/linux/fcntl.h include/uapi/linux/fcntl.h Warning: Kernel ABI header at 'tools/include/uapi/asm-generic/unistd.h' differs from latest version at 'include/uapi/asm-generic/unistd.h' diff -u tools/include/uapi/asm-generic/unistd.h include/uapi/asm-generic/unistd.h Warning: Kernel ABI header at 'tools/perf/arch/x86/entry/syscalls/syscall_64.tbl' differs from latest version at 'arch/x86/entry/syscalls/syscall_64.tbl' diff -u tools/perf/arch/x86/entry/syscalls/syscall_64.tbl arch/x86/entry/syscalls/syscall_64.tbl Which results in 'perf trace' gaining support for the 'faccessat2' syscall, now one can use: # perf trace -e faccessat2 And have system wide tracing of this syscall. And this also will include it; # perf trace -e faccess* Together with the other variants. How it affects building/usage (on an x86_64 system): $ cp /tmp/build/perf/arch/x86/include/generated/asm/syscalls_64.c /tmp/syscalls_64.c.before $ [root@five ~]# perf trace -e faccessat2 event syntax error: 'faccessat2' \___ parser error Run 'perf list' for a list of valid events Usage: perf trace [] [] or: perf trace [] -- [] or: perf trace record [] [] or: perf trace record [] -- [] -e, --event event/syscall selector. use 'perf list' to list available events [root@five ~]# $ cp arch/x86/entry/syscalls/syscall_64.tbl tools/perf/arch/x86/entry/syscalls/syscall_64.tbl $ git diff diff --git a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl index 37b844f839bc..78847b32e137 100644 --- a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl +++ b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl @@ -359,6 +359,7 @@ 435 common clone3 sys_clone3 437 common openat2 sys_openat2 438 common pidfd_getfd sys_pidfd_getfd +439 common faccessat2 sys_faccessat2 # # x32-specific system call numbers start at 512 to avoid cache impact $ $ make -C tools/perf O=/tmp/build/perf/ install-bin CC /tmp/build/perf/util/syscalltbl.o LD /tmp/build/perf/util/perf-in.o LD /tmp/build/perf/perf-in.o LINK /tmp/build/perf/perf [root@five ~]# perf trace -e faccessat2 ^C[root@five ~]# Cc: Miklos Szeredi Cc: Adrian Hunter Cc: Jiri Olsa Cc: Namhyung Kim Signed-off-by: Arnaldo Carvalho de Melo commit 6a47d6efc6931b02d10163de2fb85ec9953c4f5e Author: Arnd Bergmann Date: Tue May 5 16:00:11 2020 +0200 fpga: zynqmp: fix modular build Two symbols need to be exported to allow the zynqmp-fpga module to get loaded dynamically: ERROR: modpost: "zynqmp_pm_fpga_load" [drivers/fpga/zynqmp-fpga.ko] undefined! ERROR: modpost: "zynqmp_pm_fpga_get_status" [drivers/fpga/zynqmp-fpga.ko] undefined! To ensure this is done correctly, also fix the Kconfig dependency to only allow building the fpga driver when the firmware driver is either disabled, or when it is reachable. With that, the dependency on the SoC itself can be removed, and there are no surprises when the fpga driver is built-in but the firmware a module. Fixes: 4db8180ffe7c ("firmware: xilinx: Remove eemi ops for fpga related APIs") Signed-off-by: Arnd Bergmann Signed-off-by: Moritz Fischer commit 44ce45f866c1606f03a411fb2d2c0db4626403a6 Merge: 79d4f823a067 ba4e5abc6c4e Author: Mark Brown Date: Tue Jun 9 15:46:20 2020 +0100 Merge series "ASoC: Fix dailink checks for DPCM" from Pierre-Louis Bossart : We've had a couple of changes that introduce regressions with the multi-cpu DAI solutions, and while trying to fix them we found additional inconsistencies that should also go to stable branches. Bard Liao (1): ASoC: core: only convert non DPCM link to DPCM link Pierre-Louis Bossart (3): ASoC: soc-pcm: dpcm: fix playback/capture checks ASoC: Intel: boards: replace capture_only by dpcm_capture ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 +- sound/soc/intel/boards/kbl_da7219_max98927.c | 4 +- sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 +- .../intel/boards/kbl_rt5663_rt5514_max98927.c | 2 +- sound/soc/soc-core.c | 22 ++++++++-- sound/soc/soc-pcm.c | 44 ++++++++++++++----- sound/soc/sof/nocodec.c | 6 ++- 7 files changed, 62 insertions(+), 20 deletions(-) base-commit: 8a9144c1cf523221b37dd3393827253c91fcbf54 -- 2.20.1 commit 79d4f823a06796656289f97b922493da5690e46c Author: Hans de Goede Date: Mon Jun 8 22:46:34 2020 +0200 ASoC: rt5645: Add platform-data for Asus T101HA The Asus T101HA uses the default jack-detect mode 3, but instead of using an analog microphone it is using a DMIC on dmic-data-pin 1, like the Asus T100HA. Note unlike the T100HA its jack-detect is not inverted. Add a DMI quirk with the correct settings for this model. Signed-off-by: Hans de Goede Acked-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/20200608204634.93407-2-hdegoede@redhat.com Signed-off-by: Mark Brown commit 199a5e8fda54ab3c8c6f6bf980c004e97ebf5ccb Author: Hans de Goede Date: Mon Jun 8 22:46:33 2020 +0200 ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet The Toshiba Encore WT10-A tablet almost fully works with the default settings for Bay Trail CR devices. The only issue is that it uses a digital mic. connected the the DMIC1 input instead of an analog mic. Add a quirk for this model using the default settings with the input-map replaced with BYT_RT5640_DMIC1_MAP. Signed-off-by: Hans de Goede Acked-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/20200608204634.93407-1-hdegoede@redhat.com Signed-off-by: Mark Brown commit 7778d8417b74aded842eeb372961cfc460417fa0 Author: Thomas Gleixner Date: Sat Jun 6 23:51:17 2020 +0200 x86/vdso: Unbreak paravirt VDSO clocks The conversion of x86 VDSO to the generic clock mode storage broke the paravirt and hyperv clocksource logic. These clock sources have their own internal sequence counter to validate the clocksource at the point of reading it. This is necessary because the hypervisor can invalidate the clocksource asynchronously so a check during the VDSO data update is not sufficient. If the internal check during read invalidates the clocksource the read return U64_MAX. The original code checked this efficiently by testing whether the result (casted to signed) is negative, i.e. bit 63 is set. This was done that way because an extra indicator for the validity had more overhead. The conversion broke this check because the check was replaced by a check for a valid VDSO clock mode. The wreckage manifests itself when the paravirt clock is installed as a valid VDSO clock and during runtime invalidated by the hypervisor, e.g. after a host suspend/resume cycle. After the invalidation the read function returns U64_MAX which is used as cycles and makes the clock jump by ~2200 seconds, and become stale until the 2200 seconds have elapsed where it starts to jump again. The period of this effect depends on the shift/mult pair of the clocksource and the jumps and staleness are an artifact of undefined but reproducible behaviour of math overflow. Implement an x86 version of the new vdso_cycles_ok() inline which adds this check back and a variant of vdso_clocksource_ok() which lets the compiler optimize it out to avoid the extra conditional. That's suboptimal when the system does not have a VDSO capable clocksource, but that's not the case which is optimized for. Fixes: 5d51bee725cc ("clocksource: Add common vdso clock mode storage") Reported-by: Miklos Szeredi Signed-off-by: Thomas Gleixner Tested-by: Miklos Szeredi Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20200606221532.080560273@linutronix.de commit 72ce778007e57e8996b4bebdec738fc5e1145fd2 Author: Thomas Gleixner Date: Sat Jun 6 23:51:16 2020 +0200 lib/vdso: Provide sanity check for cycles (again) The original x86 VDSO implementation checked for the validity of the clock source read by testing whether the returned signed cycles value is less than zero. This check was also used by the vdso read function to signal that the current selected clocksource is not VDSO capable. During the rework of the VDSO code the check was removed and replaced with a check for the clocksource mode being != NONE. This turned out to be a mistake because the check is necessary for paravirt and hyperv clock sources. The reason is that these clock sources have their own internal sequence counter to validate the clocksource at the point of reading it. This is necessary because the hypervisor can invalidate the clocksource asynchronously so a check during the VDSO data update is not sufficient. Having a separate indicator for the validity is slower than just validating the cycles value. The check for it being negative turned out to be the fastest implementation and safe as it would require an uptime of ~73 years with a 4GHz counter frequency to result in a false positive. Add an optional function to validate the cycles with a default implementation which allows the compiler to optimize it out for architectures which do not require it. Fixes: 5d51bee725cc ("clocksource: Add common vdso clock mode storage") Reported-by: Miklos Szeredi Signed-off-by: Thomas Gleixner Tested-by: Miklos Szeredi Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20200606221531.963970768@linutronix.de commit c7f3d43b629b598a2bb9ec3524e844eae7492e7e Author: Thomas Gleixner Date: Sat Jun 6 23:51:15 2020 +0200 clocksource: Remove obsolete ifdef CONFIG_GENERIC_VDSO_CLOCK_MODE was a transitional config switch which got removed after all architectures got converted to the new storage model. But the removal forgot to remove the #ifdef which guards the vdso_clock_mode sanity check, which effectively disables the sanity check. Remove it now. Fixes: f86fd32db706 ("lib/vdso: Cleanup clock mode storage leftovers") Signed-off-by: Thomas Gleixner Tested-by: Miklos Szeredi Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20200606221531.845475036@linutronix.de commit ba4e5abc6c4e173af7c941c03c067263b686665d Author: Pierre-Louis Bossart Date: Mon Jun 8 14:44:15 2020 -0500 ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags With additional checks on dailinks, we see errors such as [ 3.000418] sof-nocodec sof-nocodec: CPU DAI DMIC01 Pin for rtd NoCodec-6 does not support playback It's not clear why we set the dpcm_playback and dpcm_capture flags unconditionally, add a check on number of channels for each direction to avoid invalid configurations. Fixes: 8017b8fd37bf5e ('ASoC: SOF: Add Nocodec machine driver support') Signed-off-by: Pierre-Louis Bossart Reviewed-by: Guennadi Liakhovetski Reviewed-by: Daniel Baluta Reviewed-by: Bard Liao Link: https://lore.kernel.org/r/20200608194415.4663-5-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit dc261875865539ca91bff9bc44d3e62f811dec1d Author: Pierre-Louis Bossart Date: Mon Jun 8 14:44:14 2020 -0500 ASoC: Intel: boards: replace capture_only by dpcm_capture It's not clear why specific FE dailinks use capture_only flags, likely blind copy/paste from Chromebook driver to the other. Replace by dpcm_capture, this will make future alignment and removal of flags easier. Signed-off-by: Pierre-Louis Bossart Reviewed-by: Guennadi Liakhovetski Reviewed-by: Daniel Baluta Reviewed-by: Bard Liao Link: https://lore.kernel.org/r/20200608194415.4663-4-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 607fa205a7e4dfad28b8a67ab1c985756ddbccb0 Author: Bard Liao Date: Mon Jun 8 14:44:13 2020 -0500 ASoC: core: only convert non DPCM link to DPCM link Additional checks for valid DAIs expose a corner case, where existing BE dailinks get modified, e.g. HDMI links are tagged with dpcm_capture=1 even if the DAIs are for playback. This patch makes those changes conditional and flags configuration issues when a BE dailink is has no_pcm=0 but dpcm_playback or dpcm_capture=1 (which makes no sense). As discussed on the alsa-devel mailing list, there are redundant flags for dpcm_playback, dpcm_capture, playback_only, capture_only. This will have to be cleaned-up in a future update. For now only correct and flag problematic configurations. Fixes: 218fe9b7ec7f3 ("ASoC: soc-core: Set dpcm_playback / dpcm_capture") Suggested-by: Daniel Baluta Signed-off-by: Bard Liao Signed-off-by: Pierre-Louis Bossart Reviewed-by: Guennadi Liakhovetski Reviewed-by: Daniel Baluta Reviewed-by: Bard Liao Link: https://lore.kernel.org/r/20200608194415.4663-3-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit b73287f0b0745961b14e5ebcce92cc8ed24d4d52 Author: Pierre-Louis Bossart Date: Mon Jun 8 14:44:12 2020 -0500 ASoC: soc-pcm: dpcm: fix playback/capture checks Recent changes in the ASoC core prevent multi-cpu BE dailinks from being used. DPCM does support multi-cpu DAIs for BE Dailinks, but not for FE. Handle the FE checks first, and make sure all DAIs support the same capabilities within the same dailink. Fixes: 9b5db059366ae2 ("ASoC: soc-pcm: dpcm: Only allow playback/capture if supported") Signed-off-by: Pierre-Louis Bossart Reviewed-by: Bard Liao Reviewed-by: Guennadi Liakhovetski Reviewed-by: Ranjani Sridharan Reviewed-by: Daniel Baluta BugLink: https://github.com/thesofproject/linux/issues/2031 Link: https://lore.kernel.org/r/20200608194415.4663-2-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown commit 5749ce92c4b707353cbd934dd0518a1966d7988f Author: David Howells Date: Thu Jun 4 21:31:39 2020 +0100 afs: Fix file locking Fix AFS file locking to use the correct vnode pointer and remove a member of the afs_operation struct that is never set, but it is read and followed, causing an oops. This can be triggered by: flock -s /afs/example.com/foo sleep 1 when it calls the kernel to get a file lock. Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept") Reported-by: Dave Botsch Signed-off-by: David Howells Tested-by: Dave Botsch commit 2ca068be09bf8e285036603823696140026dcbe7 Author: Zhihao Cheng Date: Tue Jun 2 09:30:45 2020 +0800 afs: Fix memory leak in afs_put_sysnames() Fix afs_put_sysnames() to actually free the specified afs_sysnames object after its reference count has been decreased to zero and its contents have been released. Fixes: 6f8880d8e681557 ("afs: Implement @sys substitution handling") Signed-off-by: Zhihao Cheng Signed-off-by: David Howells commit 3ee06a6d532f75f20528ff4d2c473cda36c484fe Author: Geert Uytterhoeven Date: Mon Jun 8 15:22:17 2020 +0200 dma-pool: fix too large DMA pools on medium memory size systems On systems with at least 32 MiB, but less than 32 GiB of RAM, the DMA memory pools are much larger than intended (e.g. 2 MiB instead of 128 KiB on a 256 MiB system). Fix this by correcting the calculation of the number of GiBs of RAM in the system. Invert the order of the min/max operations, to keep on calculating in pages until the last step, which aids readability. Fixes: 1d659236fb43c4d2 ("dma-pool: scale the default DMA coherent pool size with memory capacity") Signed-off-by: Geert Uytterhoeven Acked-by: David Rientjes Signed-off-by: Christoph Hellwig commit a952f64d14e5f8461f04cd9d729037db9099ddb0 Author: Deep Shah Date: Thu Apr 16 16:45:20 2020 -0700 MAINTAINERS: Update PARAVIRT_OPS_INTERFACE and VMWARE_HYPERVISOR_INTERFACE Thomas Hellstrom will be handing over VMware's maintainership of these interfaces to Deep Shah. Signed-off-by: Deep Shah Acked-by: Thomas Hellstrom Acked-by: Juergen Gross Link: https://lore.kernel.org/r/20200416234520.GA1700@prme-mon-cfl-mlw-07 Signed-off-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit 3680c2e9f4254d1f033bf00f540e47a51f8f996b Author: Chris Wilson Date: Mon May 25 13:49:12 2020 +0100 drm/i915/display: Only query DP state of a DDI encoder Avoid a NULL dereference for a mismatched encoder type, hit when probing state for all encoders. This is a band aid to prevent the OOPS as the right fix is "probably to swap the psr vs infoframes.enable checks, or outright disappear from this function" (Ville). Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/1892 Signed-off-by: Chris Wilson Acked-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20200525124912.16019-1-chris@chris-wilson.co.uk (cherry picked from commit 22da5d846d54dd13183b57874b9d5611d583d7c8) Signed-off-by: Joonas Lahtinen commit e0fe70051f12c25c4afb04cb10ca8648c6e761cf Author: Geert Uytterhoeven Date: Mon Jun 8 11:59:34 2020 +0200 spi: rspi: Use requested instead of maximum bit rate Currently, the RSPI driver always tries to use the maximum configured bit rate for communicating with a slave device, even if the transfer(s) in the current message specify a lower rate. Use the mininum rate specified in the message instead. Rename rspi_data.max_speed_hz accordingly. Signed-off-by: Geert Uytterhoeven Link: https://lore.kernel.org/r/20200608095940.30516-3-geert+renesas@glider.be Signed-off-by: Mark Brown commit 3b8a299a58b2afce464ae11324b59dcf0f1d10a7 Author: Pavel Machek (CIP) Date: Sat Jun 6 17:31:03 2020 +0200 ASoC: meson: add missing free_irq() in error path free_irq() is missing in case of error, fix that. Signed-off-by: Pavel Machek (CIP) Reviewed-by: Jerome Brunet Link: https://lore.kernel.org/r/20200606153103.GA17905@amd Signed-off-by: Mark Brown commit 044e4b09223039e571e6ec540e25552054208765 Author: Michael S. Tsirkin Date: Mon Jun 8 08:42:09 2020 -0400 vhost/test: fix up after API change Pass a flag to request kernel thread use. Fixes: 01fcb1cbc88e ("vhost: allow device that does not depend on vhost worker") Signed-off-by: Michael S. Tsirkin commit 544fc7dbbf920a3e64d109c416ee229e8e1763c5 Author: Michael S. Tsirkin Date: Mon Jun 8 02:03:15 2020 -0400 virtio_mem: convert device block size into 64bit If subblock size is large (e.g. 1G) 32 bit math involving it can overflow. Rather than try to catch all instances of that, let's tweak block size to 64 bit. It ripples through UAPI which is an ABI change, but it's not too late to make it, and it will allow supporting >4Gbyte blocks while might become necessary down the road. Fixes: 5f1f79bbc9e26 ("virtio-mem: Paravirtualized memory hotplug") Signed-off-by: Michael S. Tsirkin Acked-by: David Hildenbrand commit 07da1ffaa1373f99331712faa67a00b5b807dfe8 Author: Marc Zyngier Date: Fri Jun 5 14:08:13 2020 +0100 KVM: arm64: Remove host_cpu_context member from vcpu structure For very long, we have kept this pointer back to the per-cpu host state, despite having working per-cpu accessors at EL2 for some time now. Recent investigations have shown that this pointer is easy to abuse in preemptible context, which is a sure sign that it would better be gone. Not to mention that a per-cpu pointer is faster to access at all times. Reported-by: Andrew Scull Acked-by: Mark Rutland Signed-off-by: Marc Zyngier commit b990d37fdf6781fd0907ffd14d0dff16b5d58ffa Author: Marc Zyngier Date: Sun Jun 7 10:55:28 2020 +0100 KVM: arm64: Stop sparse from moaning at __hyp_this_cpu_ptr Sparse complains that __hyp_this_cpu_ptr() returns something that is flagged noderef and not in the correct address space (both being the result of the __percpu annotation). Pretend that __hyp_this_cpu_ptr() knows what it is doing by forcefully casting the pointer with __kernel __force. Signed-off-by: Marc Zyngier commit 29eb5a3c57f7e06d803bb44a0ce2f9ed79f39cd9 Author: Marc Zyngier Date: Thu Jun 4 11:14:00 2020 +0100 KVM: arm64: Handle PtrAuth traps early The current way we deal with PtrAuth is a bit heavy handed: - We forcefully save the host's keys on each vcpu_load() - Handling the PtrAuth trap forces us to go all the way back to the exit handling code to just set the HCR bits Overall, this is pretty cumbersome. A better approach would be to handle it the same way we deal with the FPSIMD registers: - On vcpu_load() disable PtrAuth for the guest - On first use, save the host's keys, enable PtrAuth in the guest Crucially, this can happen as a fixup, which is done very early on exit. We can then reenter the guest immediately without leaving the hypervisor role. Another thing is that it simplify the rest of the host handling: exiting all the way to the host means that the only possible outcome for this trap is to inject an UNDEF. Reviewed-by: Mark Rutland Signed-off-by: Marc Zyngier commit 80fbd280beea1bcc298660f9024cbc4bf392c7f7 Author: Sean Christopherson Date: Mon Jun 8 11:02:18 2020 -0700 KVM: x86: Unexport x86_fpu_cache and make it static Make x86_fpu_cache static now that FPU allocation and destruction is handled entirely by common x86 code. Signed-off-by: Sean Christopherson Message-Id: <20200608180218.20946-1-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit 2067028512b60c78961c3e075bb72cc44310355c Author: Sean Christopherson Date: Wed May 27 19:15:30 2020 -0700 KVM: selftests: Ignore KVM 5-level paging support for VM_MODE_PXXV48_4K Explicitly set the VA width to 48 bits for the x86_64-only PXXV48_4K VM mode instead of asserting the guest VA width is 48 bits. The fact that KVM supports 5-level paging is irrelevant unless the selftests opt-in to 5-level paging by setting CR4.LA57 for the guest. The overzealous assert prevents running the selftests on a kernel with 5-level paging enabled. Incorporate LA57 into the assert instead of removing the assert entirely as a sanity check of KVM's CPUID output. Fixes: 567a9f1e9deb ("KVM: selftests: Introduce VM_MODE_PXXV48_4K") Reported-by: Sergio Perez Gonzalez Cc: Adriana Cervantes Jimenez Cc: Peter Xu Signed-off-by: Sean Christopherson Message-Id: <20200528021530.28091-1-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit ef3e40a7ea8dbe2abd0a345032cd7d5023b9684f Author: Marc Zyngier Date: Wed Jun 3 18:24:01 2020 +0100 KVM: arm64: Save the host's PtrAuth keys in non-preemptible context When using the PtrAuth feature in a guest, we need to save the host's keys before allowing the guest to program them. For that, we dump them in a per-CPU data structure (the so called host context). But both call sites that do this are in preemptible context, which may end up in disaster should the vcpu thread get preempted before reentering the guest. Instead, save the keys eagerly on each vcpu_load(). This has an increased overhead, but is at least safe. Cc: stable@vger.kernel.org Reviewed-by: Mark Rutland Signed-off-by: Marc Zyngier commit d8ad6d39c35d2b44b3d48b787df7f3359381dcbf Author: Bob Haarman Date: Tue Jun 2 12:30:59 2020 -0700 x86_64: Fix jiffies ODR violation 'jiffies' and 'jiffies_64' are meant to alias (two different symbols that share the same address). Most architectures make the symbols alias to the same address via a linker script assignment in their arch//kernel/vmlinux.lds.S: jiffies = jiffies_64; which is effectively a definition of jiffies. jiffies and jiffies_64 are both forward declared for all architectures in include/linux/jiffies.h. jiffies_64 is defined in kernel/time/timer.c. x86_64 was peculiar in that it wasn't doing the above linker script assignment, but rather was: 1. defining jiffies in arch/x86/kernel/time.c instead via the linker script. 2. overriding the symbol jiffies_64 from kernel/time/timer.c in arch/x86/kernel/vmlinux.lds.s via 'jiffies_64 = jiffies;'. As Fangrui notes: In LLD, symbol assignments in linker scripts override definitions in object files. GNU ld appears to have the same behavior. It would probably make sense for LLD to error "duplicate symbol" but GNU ld is unlikely to adopt for compatibility reasons. This results in an ODR violation (UB), which seems to have survived thus far. Where it becomes harmful is when; 1. -fno-semantic-interposition is used: As Fangrui notes: Clang after LLVM commit 5b22bcc2b70d ("[X86][ELF] Prefer to lower MC_GlobalAddress operands to .Lfoo$local") defaults to -fno-semantic-interposition similar semantics which help -fpic/-fPIC code avoid GOT/PLT when the referenced symbol is defined within the same translation unit. Unlike GCC -fno-semantic-interposition, Clang emits such relocations referencing local symbols for non-pic code as well. This causes references to jiffies to refer to '.Ljiffies$local' when jiffies is defined in the same translation unit. Likewise, references to jiffies_64 become references to '.Ljiffies_64$local' in translation units that define jiffies_64. Because these differ from the names used in the linker script, they will not be rewritten to alias one another. 2. Full LTO Full LTO effectively treats all source files as one translation unit, causing these local references to be produced everywhere. When the linker processes the linker script, there are no longer any references to jiffies_64' anywhere to replace with 'jiffies'. And thus '.Ljiffies$local' and '.Ljiffies_64$local' no longer alias at all. In the process of porting patches enabling Full LTO from arm64 to x86_64, spooky bugs have been observed where the kernel appeared to boot, but init doesn't get scheduled. Avoid the ODR violation by matching other architectures and define jiffies only by linker script. For -fno-semantic-interposition + Full LTO, there is no longer a global definition of jiffies for the compiler to produce a local symbol which the linker script won't ensure aliases to jiffies_64. Fixes: 40747ffa5aa8 ("asmlinkage: Make jiffies visible") Reported-by: Nathan Chancellor Reported-by: Alistair Delva Debugged-by: Nick Desaulniers Debugged-by: Sami Tolvanen Suggested-by: Fangrui Song Signed-off-by: Bob Haarman Signed-off-by: Thomas Gleixner Tested-by: Sedat Dilek # build+boot on Reviewed-by: Andi Kleen Reviewed-by: Josh Poimboeuf Cc: stable@vger.kernel.org Link: https://github.com/ClangBuiltLinux/linux/issues/852 Link: https://lkml.kernel.org/r/20200602193100.229287-1-inglorion@google.com commit 4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf Author: Anthony Steinhauser Date: Sun Jun 7 05:44:19 2020 -0700 x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. Currently, it is possible to enable indirect branch speculation even after it was force-disabled using the PR_SPEC_FORCE_DISABLE option. Moreover, the PR_GET_SPECULATION_CTRL command gives afterwards an incorrect result (force-disabled when it is in fact enabled). This also is inconsistent vs. STIBP and the documention which cleary states that PR_SPEC_FORCE_DISABLE cannot be undone. Fix this by actually enforcing force-disabled indirect branch speculation. PR_SPEC_ENABLE called after PR_SPEC_FORCE_DISABLE now fails with -EPERM as described in the documentation. Fixes: 9137bb27e60e ("x86/speculation: Add prctl() control for indirect branch speculation") Signed-off-by: Anthony Steinhauser Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org commit dbbe2ad02e9df26e372f38cc3e70dab9222c832e Author: Anthony Steinhauser Date: Sun Jan 5 12:19:43 2020 -0800 x86/speculation: Prevent rogue cross-process SSBD shutdown On context switch the change of TIF_SSBD and TIF_SPEC_IB are evaluated to adjust the mitigations accordingly. This is optimized to avoid the expensive MSR write if not needed. This optimization is buggy and allows an attacker to shutdown the SSBD protection of a victim process. The update logic reads the cached base value for the speculation control MSR which has neither the SSBD nor the STIBP bit set. It then OR's the SSBD bit only when TIF_SSBD is different and requests the MSR update. That means if TIF_SSBD of the previous and next task are the same, then the base value is not updated, even if TIF_SSBD is set. The MSR write is not requested. Subsequently if the TIF_STIBP bit differs then the STIBP bit is updated in the base value and the MSR is written with a wrong SSBD value. This was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. It is exploitable if the attacker creates a process which enforces SSBD and has the contrary value of STIBP than the victim process (i.e. if the victim process enforces STIBP, the attacker process must not enforce it; if the victim process does not enforce STIBP, the attacker process must enforce it) and schedule it on the same core as the victim process. If the victim runs after the attacker the victim becomes vulnerable to Spectre V4. To fix this, update the MSR value independent of the TIF_SSBD difference and dependent on the SSBD mitigation method available. This ensures that a subsequent STIPB initiated MSR write has the correct state of SSBD. [ tglx: Handle X86_FEATURE_VIRT_SSBD & X86_FEATURE_VIRT_SSBD correctly and massaged changelog ] Fixes: 5bfbe3ad5840 ("x86/speculation: Prepare for per task indirect branch speculation control") Signed-off-by: Anthony Steinhauser Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org commit 21998a351512eba4ed5969006f0c55882d995ada Author: Anthony Steinhauser Date: Tue May 19 06:40:42 2020 -0700 x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. When STIBP is unavailable or enhanced IBRS is available, Linux force-disables the IBPB mitigation of Spectre-BTB even when simultaneous multithreading is disabled. While attempts to enable IBPB using prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, ...) fail with EPERM, the seccomp syscall (or its prctl(PR_SET_SECCOMP, ...) equivalent) which are used e.g. by Chromium or OpenSSH succeed with no errors but the application remains silently vulnerable to cross-process Spectre v2 attacks (classical BTB poisoning). At the same time the SYSFS reporting (/sys/devices/system/cpu/vulnerabilities/spectre_v2) displays that IBPB is conditionally enabled when in fact it is unconditionally disabled. STIBP is useful only when SMT is enabled. When SMT is disabled and STIBP is unavailable, it makes no sense to force-disable also IBPB, because IBPB protects against cross-process Spectre-BTB attacks regardless of the SMT state. At the same time since missing STIBP was only observed on AMD CPUs, AMD does not recommend using STIBP, but recommends using IBPB, so disabling IBPB because of missing STIBP goes directly against AMD's advice: https://developer.amd.com/wp-content/resources/Architecture_Guidelines_Update_Indirect_Branch_Control.pdf Similarly, enhanced IBRS is designed to protect cross-core BTB poisoning and BTB-poisoning attacks from user space against kernel (and BTB-poisoning attacks from guest against hypervisor), it is not designed to prevent cross-process (or cross-VM) BTB poisoning between processes (or VMs) running on the same core. Therefore, even with enhanced IBRS it is necessary to flush the BTB during context-switches, so there is no reason to force disable IBPB when enhanced IBRS is available. Enable the prctl control of IBPB even when STIBP is unavailable or enhanced IBRS is available. Fixes: 7cc765a67d8e ("x86/speculation: Enable prctl mode for spectre_v2_user") Signed-off-by: Anthony Steinhauser Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org commit e8679fedd026eb3b4655af83829d9036e32c9b97 Author: James Morse Date: Fri May 29 15:06:56 2020 +0000 KVM: arm64: Stop save/restoring ACTLR_EL1 KVM sets HCR_EL2.TACR via HCR_GUEST_FLAGS. This means ACTLR* accesses from the guest are always trapped, and always return the value in the sys_regs array. The guest can't change the value of these registers, so we are save restoring the reset value, which came from the host. Stop save/restoring this register. Keep the storage for this register in sys_regs[] as this is how the value is exposed to user-space, removing it would break migration. Signed-off-by: James Morse Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20200529150656.7339-4-james.morse@arm.com commit ef5a294be8d0e17b91d23be905f69368b0d3952e Author: James Morse Date: Fri May 29 15:06:55 2020 +0000 KVM: arm64: Add emulation for 32bit guests accessing ACTLR2 ACTLR_EL1 is a 64bit register while the 32bit ACTLR is obviously 32bit. For 32bit software, the extra bits are accessible via ACTLR2... which KVM doesn't emulate. Suggested-by: Marc Zyngier Signed-off-by: James Morse Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20200529150656.7339-3-james.morse@arm.com commit 7c582bf4ed84f3eb58bdd1f63024a14c17551e7d Author: James Morse Date: Fri May 29 15:06:54 2020 +0000 KVM: arm64: Stop writing aarch32's CSSELR into ACTLR aarch32 has pairs of registers to access the high and low parts of 64bit registers. KVM has a union of 64bit sys_regs[] and 32bit copro[]. The 32bit accessors read the high or low part of the 64bit sys_reg[] value through the union. Both sys_reg_descs[] and cp15_regs[] list access_csselr() as the accessor for CSSELR{,_EL1}. access_csselr() is only aware of the 64bit sys_regs[], and expects r->reg to be 'CSSELR_EL1' in the enum, index 2 of the 64bit array. cp15_regs[] uses the 32bit copro[] alias of sys_regs[]. Here CSSELR is c0_CSSELR which is the same location in sys_reg[]. r->reg is 'c0_CSSELR', index 4 in the 32bit array. access_csselr() uses the 32bit r->reg value to access the 64bit array, so reads and write the wrong value. sys_regs[4], is ACTLR_EL1, which is subsequently save/restored when we enter the guest. ACTLR_EL1 is supposed to be read-only for the guest. This register only affects execution at EL1, and the host's value is restored before we return to host EL1. Convert the 32bit register index back to the 64bit version. Suggested-by: Marc Zyngier Signed-off-by: James Morse Signed-off-by: Marc Zyngier Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200529150656.7339-2-james.morse@arm.com commit fc961522ddbdf00254dd03b677627139cc1f68bc Author: Dan Carpenter Date: Mon Jun 8 17:16:29 2020 +0300 exfat: Fix potential use after free in exfat_load_upcase_table() This code calls brelse(bh) and then dereferences "bh" on the next line resulting in a possible use after free. The brelse() should just be moved down a line. Fixes: b676fdbcf4c8 ("exfat: standardize checksum calculation") Signed-off-by: Dan Carpenter Signed-off-by: Namjae Jeon commit a949824f01f3b39f737d77aed6cba47aced09319 Author: hyeongseok.kim Date: Thu Jun 4 13:54:28 2020 +0900 exfat: fix range validation error in alloc and free cluster There is check error in range condition that can never be entered even with invalid input. Replace incorrent checking code with already existing valid checker. Signed-off-by: hyeongseok.kim Acked-by: Sungjong Seo Signed-off-by: Namjae Jeon commit 29bbb14bfc80dd760b07d2be0a27e610562982e3 Author: Namjae Jeon Date: Thu Jun 4 08:05:31 2020 +0900 exfat: fix incorrect update of stream entry in __exfat_truncate() At truncate, there is a problem of incorrect updating in the file entry pointer instead of stream entry. This will cause the problem of overwriting the time field of the file entry to new_size. Fix it to update stream entry. Fixes: 98d917047e8b ("exfat: add file operations") Cc: stable@vger.kernel.org # v5.7 Signed-off-by: Namjae Jeon commit f341a7d8dcc4e3d01544d7bc145633f062ef6249 Author: Al Viro Date: Wed Jun 3 09:48:36 2020 +0900 exfat: fix memory leak in exfat_parse_param() butt3rflyh4ck reported memory leak found by syzkaller. A param->string held by exfat_mount_options. BUG: memory leak unreferenced object 0xffff88801972e090 (size 8): comm "syz-executor.2", pid 16298, jiffies 4295172466 (age 14.060s) hex dump (first 8 bytes): 6b 6f 69 38 2d 75 00 00 koi8-u.. backtrace: [<000000005bfe35d6>] kstrdup+0x36/0x70 mm/util.c:60 [<0000000018ed3277>] exfat_parse_param+0x160/0x5e0 fs/exfat/super.c:276 [<000000007680462b>] vfs_parse_fs_param+0x2b4/0x610 fs/fs_context.c:147 [<0000000097c027f2>] vfs_parse_fs_string+0xe6/0x150 fs/fs_context.c:191 [<00000000371bf78f>] generic_parse_monolithic+0x16f/0x1f0 fs/fs_context.c:231 [<000000005ce5eb1b>] do_new_mount fs/namespace.c:2812 [inline] [<000000005ce5eb1b>] do_mount+0x12bb/0x1b30 fs/namespace.c:3141 [<00000000b642040c>] __do_sys_mount fs/namespace.c:3350 [inline] [<00000000b642040c>] __se_sys_mount fs/namespace.c:3327 [inline] [<00000000b642040c>] __x64_sys_mount+0x18f/0x230 fs/namespace.c:3327 [<000000003b024e98>] do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 [<00000000ce2b698c>] entry_SYSCALL_64_after_hwframe+0x49/0xb3 exfat_free() should call exfat_free_iocharset(), to prevent a leak in case we fail after parsing iocharset= but before calling get_tree_bdev(). Additionally, there's no point copying param->string in exfat_parse_param() - just steal it, leaving NULL in param->string. That's independent from the leak or fix thereof - it's simply avoiding an extra copy. Fixes: 719c1e182916 ("exfat: add super block operations") Cc: stable@vger.kernel.org # v5.7 Reported-by: butt3rflyh4ck Signed-off-by: Al Viro Signed-off-by: Namjae Jeon commit f78059805fb9fc5c343e89f39cf11856d047dd60 Author: Namjae Jeon Date: Mon Jun 1 09:43:49 2020 +0900 exfat: remove unnecessary reassignment of p_uniname->name_len kbuild test robot reported : fs/exfat/nls.c:531:22: warning: Variable 'p_uniname->name_len' is reassigned a value before the old one has been used. The reassignment of p_uniname->name_len is not needed and remove it. Reported-by: kbuild test robot Signed-off-by: Namjae Jeon commit 5875bf287d95314c58add01184f361cc5aa38429 Author: Tetsuhiro Kohada Date: Fri May 29 19:14:59 2020 +0900 exfat: standardize checksum calculation To clarify that it is a 16-bit checksum, the parts related to the 16-bit checksum are renamed and change type to u16. Furthermore, replace checksum calculation in exfat_load_upcase_table() with exfat_calc_checksum32(). Signed-off-by: Tetsuhiro Kohada Reviewed-by: Sungjong Seo Signed-off-by: Namjae Jeon commit 476189c0ef3b658de3f6b89fd0fdeb6dc451b564 Author: Tetsuhiro Kohada Date: Sun May 31 18:30:17 2020 +0900 exfat: add boot region verification Add Boot-Regions verification specified in exFAT specification. Note that the checksum type is strongly related to the raw structure, so the'u32 'type is used to clarify the number of bits. Signed-off-by: Tetsuhiro Kohada Reviewed-by: Sungjong Seo Signed-off-by: Namjae Jeon commit 33404a159828a97fefada0d8f4cf910873b8e9f1 Author: Tetsuhiro Kohada Date: Fri May 29 19:14:57 2020 +0900 exfat: separate the boot sector analysis Separate the boot sector analysis to read_boot_sector(). And add a check for the fs_name field. Furthermore, add a strict consistency check, because overlapping areas can cause serious corruption. Signed-off-by: Tetsuhiro Kohada Reviewed-by: Sungjong Seo Signed-off-by: Namjae Jeon commit 181a9e8009a8a8bdb19c2e24eeeae7d8e77c8c47 Author: Tetsuhiro Kohada Date: Fri May 29 19:14:56 2020 +0900 exfat: redefine PBR as boot_sector Aggregate PBR related definitions and redefine as "boot_sector" to comply with the exFAT specification. And, rename variable names including 'pbr'. Signed-off-by: Tetsuhiro Kohada Reviewed-by: Sungjong Seo Signed-off-by: Namjae Jeon commit 943af1fdacfebe4ff13430655abc460a5e1072f7 Author: Tetsuhiro Kohada Date: Wed May 20 16:56:41 2020 +0900 exfat: optimize dir-cache Optimize directory access based on exfat_entry_set_cache. - Hold bh instead of copied d-entry. - Modify bh->data directly instead of the copied d-entry. - Write back the retained bh instead of rescanning the d-entry-set. And - Remove unused cache related definitions. Signed-off-by: Tetsuhiro Kohada Reviewed-by: Sungjong Seo Signed-off-by: Namjae Jeon commit ed0f84d30ba65f44bed2739572c7ab0fdeed4004 Author: Tetsuhiro Kohada Date: Wed Apr 22 08:30:56 2020 +0900 exfat: replace 'time_ms' with 'time_cs' Replace time_ms with time_cs in the file directory entry structure and related functions. The unit of create_time_ms/modify_time_ms in File Directory Entry are not 'milli-second', but 'centi-second'. The exfat specification uses the term '10ms', but instead use 'cs' as in msdos_fs.h. Signed-off-by: Tetsuhiro Kohada Signed-off-by: Namjae Jeon commit cdc06129a6cea0e4863fa2b34a0c132c6eb7278b Author: Jason Yan Date: Thu Apr 16 13:34:26 2020 +0900 exfat: remove the assignment of 0 to bool variable There is no need to init 'sync' in exfat_set_vol_flags(). This also fixes the following coccicheck warning: fs/exfat/super.c:104:6-10: WARNING: Assignment of 0/1 to bool variable Signed-off-by: Jason Yan Signed-off-by: Namjae Jeon commit 6778337a7a4e51ec9fa4a76846d34e8a66ca6418 Author: Pali Rohár Date: Tue Mar 17 23:25:54 2020 +0100 exfat: Remove unused functions exfat_high_surrogate() and exfat_low_surrogate() After applying previous two patches, these functions are not used anymore. Signed-off-by: Pali Rohár Signed-off-by: Namjae Jeon commit dddf7da3985ee144b46ee287e81e47b9ee8bb980 Author: Pali Rohár Date: Tue Mar 17 23:25:52 2020 +0100 exfat: Simplify exfat_utf8_d_hash() for code points above U+FFFF Function partial_name_hash() takes long type value into which can be stored one Unicode code point. Therefore conversion from UTF-32 to UTF-16 is not needed. Signed-off-by: Pali Rohár Signed-off-by: Namjae Jeon commit 31f5acc0aaa319a34308442413ef0b878e9d2c93 Author: Geert Uytterhoeven Date: Mon Apr 6 11:13:43 2020 +0200 exfat: Improve wording of EXFAT_DEFAULT_IOCHARSET config option - Use consistent capitalization for "exFAT". - Fix grammar, - Split long sentence. Signed-off-by: Geert Uytterhoeven Signed-off-by: Namjae Jeon commit d1727d55c0327efdba2a5bad7801d509b721fef3 Author: Joe Perches Date: Fri Apr 24 13:31:12 2020 +0900 exfat: Use a more common logging style Remove the direct use of KERN_ in functions by creating separate exfat_ macros. Miscellanea: o Remove several unnecessary terminating newlines in formats o Realign arguments and fit to 80 columns where appropriate Signed-off-by: Joe Perches Signed-off-by: Namjae Jeon commit 197298a64983e2beaf1a87413daff3044b4f3821 Author: Pali Rohár Date: Tue Mar 17 22:34:33 2020 +0100 exfat: Simplify exfat_utf8_d_cmp() for code points above U+FFFF If two Unicode code points represented in UTF-16 are different then also their UTF-32 representation must be different. Therefore conversion from UTF-32 to UTF-16 is not needed. Signed-off-by: Pali Rohár Signed-off-by: Namjae Jeon commit 0b0430c6a10a22813e3d40c5658ae644acda4303 Author: Kenneth D'souza Date: Tue Jun 9 10:12:10 2020 +0530 cifs: Add get_security_type_str function to return sec type. This code is more organized and robust. Signed-off-by: Kenneth D'souza Signed-off-by: Roberto Bergantinos Corpas Signed-off-by: Steve French commit d4ff3b2ef901cd451fb8a9ff4623d060a79502cd Author: Matthew Wilcox (Oracle) Date: Mon Jun 8 20:58:29 2020 -0700 iomap: Fix unsharing of an extent >2GB on a 32-bit machine Widen the type used for counting the number of bytes unshared. Signed-off-by: Matthew Wilcox (Oracle) Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit 8cc0072469723459dc6bd7beff81b2b3149f4cf4 Author: Chuhong Yuan Date: Wed Jun 3 09:27:28 2020 -0700 xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster() xfs_ifree_cluster() calls xfs_perag_get() at the beginning, but forgets to call xfs_perag_put() in one failed path. Add the missed function call to fix it. Fixes: ce92464c180b ("xfs: make xfs_trans_get_buf return an error code") Signed-off-by: Chuhong Yuan Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong commit b7b911d59dacb47511a1e604bbfa901beb108305 Author: Jaegeuk Kim Date: Thu Jun 4 16:45:30 2020 -0700 f2fs: attach IO flags to the missing cases This adds more IOs to attach flags. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 32b6aba85c8dbd1d3a155543986574c6969f0a48 Author: Jaegeuk Kim Date: Thu Jun 4 11:49:43 2020 -0700 f2fs: add node_io_flag for bio flags likewise data_io_flag This patch adds another way to attach bio flags to node writes. Description: Give a way to attach REQ_META|FUA to node writes given temperature-based bits. Now the bits indicate: * REQ_META | REQ_FUA | * 5 | 4 | 3 | 2 | 1 | 0 | * Cold | Warm | Hot | Cold | Warm | Hot | Signed-off-by: Jaegeuk Kim commit bc67c5d0ce406522cc846159f6a0dc0180be58d6 Author: Chao Yu Date: Mon Jun 8 20:03:17 2020 +0800 f2fs: remove unused parameter of f2fs_put_rpages_mapping() Just cleanup, no logic change. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 8626441f05dc45a2f4693ee6863d02456ce39e60 Author: Chao Yu Date: Mon Jun 8 20:03:16 2020 +0800 f2fs: handle readonly filesystem in f2fs_ioc_shutdown() If mountpoint is readonly, we should allow shutdowning filesystem successfully, this fixes issue found by generic/599 testcase of xfstest. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim commit fc3bb095ab02b9e7d89a069ade2cead15c64c504 Author: Eric Biggers Date: Mon Jun 1 13:08:05 2020 -0700 f2fs: avoid utf8_strncasecmp() with unstable name If the dentry name passed to ->d_compare() fits in dentry::d_iname, then it may be concurrently modified by a rename. This can cause undefined behavior (possibly out-of-bounds memory accesses or crashes) in utf8_strncasecmp(), since fs/unicode/ isn't written to handle strings that may be concurrently modified. Fix this by first copying the filename to a stack buffer if needed. This way we get a stable snapshot of the filename. Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups") Cc: # v5.4+ Cc: Al Viro Cc: Daniel Rosenberg Cc: Gabriel Krisman Bertazi Signed-off-by: Eric Biggers Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 0b6d4ca04a86b9dababbb76e58d33c437e127b77 Author: Eric Biggers Date: Thu Jun 4 21:57:48 2020 -0700 f2fs: don't return vmalloc() memory from f2fs_kmalloc() kmalloc() returns kmalloc'ed memory, and kvmalloc() returns either kmalloc'ed or vmalloc'ed memory. But the f2fs wrappers, f2fs_kmalloc() and f2fs_kvmalloc(), both return both kinds of memory. It's redundant to have two functions that do the same thing, and also breaking the standard naming convention is causing bugs since people assume it's safe to kfree() memory allocated by f2fs_kmalloc(). See e.g. the various allocations in fs/f2fs/compress.c. Fix this by making f2fs_kmalloc() just use kmalloc(). And to avoid re-introducing the allocation failures that the vmalloc fallback was intended to fix, convert the largest allocations to use f2fs_kvmalloc(). Signed-off-by: Eric Biggers Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 8027bc0307ce59759b90679fa5d8b22949586d20 Author: tannerlove Date: Mon Jun 8 15:37:15 2020 -0400 selftests/net: in timestamping, strncpy needs to preserve null byte If user passed an interface option longer than 15 characters, then device.ifr_name and hwtstamp.ifr_name became non-null-terminated strings. The compiler warned about this: timestamping.c:353:2: warning: ‘strncpy’ specified bound 16 equals \ destination size [-Wstringop-truncation] 353 | strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); Fixes: cb9eff097831 ("net: new user space API for time stamping of incoming and outgoing packets") Signed-off-by: Tanner Love Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 07a86b01c07c315d9b8eeb0009a9123af3d7dd4b Merge: 8e60eed6b38e 5ac0d62226a0 Author: David S. Miller Date: Mon Jun 8 19:13:37 2020 -0700 Merge tag 'rxrpc-fixes-20200605' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs David Howells says: ==================== rxrpc: Fix hang due to missing notification Here's a fix for AF_RXRPC. Occasionally calls hang because there are circumstances in which rxrpc generate a notification when a call is completed - primarily because initial packet transmission failed and the call was killed off and an error returned. But the AFS filesystem driver doesn't check this under all circumstances, expecting failure to be delivered by asynchronous notification. There are two patches: the first moves the problematic bits out-of-line and the second contains the fix. ==================== Signed-off-by: David S. Miller commit 8e60eed6b38e464e8c9d68f9caecafaa554dffe0 Author: Geliang Tang Date: Mon Jun 8 18:47:54 2020 +0800 mptcp: bugfix for RM_ADDR option parsing In MPTCPOPT_RM_ADDR option parsing, the pointer "ptr" pointed to the "Subtype" octet, the pointer "ptr+1" pointed to the "Address ID" octet: +-------+-------+---------------+ |Subtype|(resvd)| Address ID | +-------+-------+---------------+ | | ptr ptr+1 We should set mp_opt->rm_id to the value of "ptr+1", not "ptr". This patch will fix this bug. Fixes: 3df523ab582c ("mptcp: Add ADD_ADDR handling") Signed-off-by: Geliang Tang Reviewed-by: Matthieu Baerts Signed-off-by: David S. Miller commit 3763a24c727ecf236358a81ee749e5fcab1c972a Author: Arjun Roy Date: Sun Jun 7 18:54:41 2020 -0700 net-zerocopy: use vm_insert_pages() for tcp rcv zerocopy Use vm_insert_pages() for tcp receive zerocopy. Spin lock cycles (as reported by perf) drop from a couple of percentage points to a fraction of a percent. This results in a roughly 6% increase in efficiency, measured roughly as zerocopy receive count divided by CPU utilization. The intention of this patchset is to reduce atomic ops for tcp zerocopy receives, which normally hits the same spinlock multiple times consecutively. [akpm@linux-foundation.org: suppress gcc-7.2.0 warning] Link: http://lkml.kernel.org/r/20200128025958.43490-3-arjunroy.kdev@gmail.com Signed-off-by: Arjun Roy Signed-off-by: Eric Dumazet Signed-off-by: Soheil Hassas Yeganeh Cc: David Miller Cc: Matthew Wilcox Cc: Jason Gunthorpe Cc: Stephen Rothwell Signed-off-by: Andrew Morton Signed-off-by: David S. Miller commit 0e6fbe39bdf71b4e665767bcbf53567a3e6d0623 Author: Pooja Trivedi Date: Fri Jun 5 16:01:18 2020 +0000 net/tls(TLS_SW): Add selftest for 'chunked' sendfile test This selftest tests for cases where sendfile's 'count' parameter is provided with a size greater than the intended file size. Motivation: When sendfile is provided with 'count' parameter value that is greater than the size of the file, kTLS example fails to send the file correctly. Last chunk of the file is not sent, and the data integrity is compromised. The reason is that the last chunk has MSG_MORE flag set because of which it gets added to pending records, but is not pushed. Note that if user space were to send SSL_shutdown control message, pending records would get flushed and the issue would not happen. So a shutdown control message following sendfile can mask the issue. Signed-off-by: Pooja Trivedi Signed-off-by: Mallesham Jatharkonda Signed-off-by: Josh Tway Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller commit 6b1ad5a3ad049262195fddb31dfa6133da643868 Merge: af7b4801030c 59d4bfc1e2c0 Author: David S. Miller Date: Mon Jun 8 17:14:19 2020 -0700 Merge tag 'mac80211-for-davem-2020-06-08' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Just a small update: * fix the deadlock on rfkill/wireless removal that a few people reported * fix an uninitialized variable * update wiki URLs ==================== Signed-off-by: David S. Miller commit c3829285b2e6a0d5461078d7f6cbb2c2b4bf8c4e Author: Stefano Brivio Date: Mon Jun 8 10:50:29 2020 +0200 netfilter: nft_set_pipapo: Disable preemption before getting per-CPU pointer The lkp kernel test robot reports, with CONFIG_DEBUG_PREEMPT enabled: [ 165.316525] BUG: using smp_processor_id() in preemptible [00000000] code: nft/6247 [ 165.319547] caller is nft_pipapo_insert+0x464/0x610 [nf_tables] [ 165.321846] CPU: 1 PID: 6247 Comm: nft Not tainted 5.6.0-rc5-01595-ge32a4dc6512ce3 #1 [ 165.332128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 165.334892] Call Trace: [ 165.336435] dump_stack+0x8f/0xcb [ 165.338128] debug_smp_processor_id+0xb2/0xc0 [ 165.340117] nft_pipapo_insert+0x464/0x610 [nf_tables] [ 165.342290] ? nft_trans_alloc_gfp+0x1c/0x60 [nf_tables] [ 165.344420] ? rcu_read_lock_sched_held+0x52/0x80 [ 165.346460] ? nft_trans_alloc_gfp+0x1c/0x60 [nf_tables] [ 165.348543] ? __mmu_interval_notifier_insert+0xa0/0xf0 [ 165.350629] nft_add_set_elem+0x5ff/0xa90 [nf_tables] [ 165.352699] ? __lock_acquire+0x241/0x1400 [ 165.354573] ? __lock_acquire+0x241/0x1400 [ 165.356399] ? reacquire_held_locks+0x12f/0x200 [ 165.358384] ? nf_tables_valid_genid+0x1f/0x40 [nf_tables] [ 165.360502] ? nla_strcmp+0x10/0x50 [ 165.362199] ? nft_table_lookup+0x4f/0xa0 [nf_tables] [ 165.364217] ? nla_strcmp+0x10/0x50 [ 165.365891] ? nf_tables_newsetelem+0xd5/0x150 [nf_tables] [ 165.367997] nf_tables_newsetelem+0xd5/0x150 [nf_tables] [ 165.370083] nfnetlink_rcv_batch+0x4fd/0x790 [nfnetlink] [ 165.372205] ? __lock_acquire+0x241/0x1400 [ 165.374058] ? __nla_validate_parse+0x57/0x8a0 [ 165.375989] ? cap_inode_getsecurity+0x230/0x230 [ 165.377954] ? security_capable+0x38/0x50 [ 165.379795] nfnetlink_rcv+0x11d/0x140 [nfnetlink] [ 165.381779] netlink_unicast+0x1b2/0x280 [ 165.383612] netlink_sendmsg+0x351/0x470 [ 165.385439] sock_sendmsg+0x5b/0x60 [ 165.387133] ____sys_sendmsg+0x200/0x280 [ 165.388871] ? copy_msghdr_from_user+0xd9/0x160 [ 165.390805] ___sys_sendmsg+0x88/0xd0 [ 165.392524] ? __might_fault+0x3e/0x90 [ 165.394273] ? sock_getsockopt+0x3d5/0xbb0 [ 165.396021] ? __handle_mm_fault+0x545/0x6a0 [ 165.397822] ? find_held_lock+0x2d/0x90 [ 165.399593] ? __sys_sendmsg+0x5e/0xa0 [ 165.401338] __sys_sendmsg+0x5e/0xa0 [ 165.402979] do_syscall_64+0x60/0x280 [ 165.404680] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 165.406621] RIP: 0033:0x7ff1fa46e783 [ 165.408299] Code: c7 c0 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 89 54 24 1c 48 [ 165.414163] RSP: 002b:00007ffedf59ea78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 165.416804] RAX: ffffffffffffffda RBX: 00007ffedf59fc60 RCX: 00007ff1fa46e783 [ 165.419419] RDX: 0000000000000000 RSI: 00007ffedf59fb10 RDI: 0000000000000005 [ 165.421886] RBP: 00007ffedf59fc10 R08: 00007ffedf59ea54 R09: 0000000000000001 [ 165.424445] R10: 00007ff1fa630c6c R11: 0000000000000246 R12: 0000000000020000 [ 165.426954] R13: 0000000000000280 R14: 0000000000000005 R15: 00007ffedf59ea90 Disable preemption before accessing the lookup scratch area in nft_pipapo_insert(). Reported-by: kernel test robot Analysed-by: Florian Westphal Cc: # 5.6.x Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges") Signed-off-by: Stefano Brivio Signed-off-by: Pablo Neira Ayuso commit de9be772c6794f27d1aa02d90d370b724cb67fd7 Author: Dan Carpenter Date: Mon Jun 8 17:17:27 2020 +0300 i2c: npcm7xx: Fix a couple of error codes in probe The code here is accidentally returning IS_ERR() which is 1 but it should be returning negative error codes with PTR_ERR(). Fixes: 56a1485b102e ("i2c: npcm7xx: Add Nuvoton NPCM I2C controller driver") Signed-off-by: Dan Carpenter Signed-off-by: Wolfram Sang commit abfbb29297c27e3f101f348dc9e467b0fe70f919 Merge: d26a42a96140 7dcef3988eed Author: Linus Torvalds Date: Mon Jun 8 13:01:08 2020 -0700 Merge tag 'rproc-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc Pull remoteproc updates from Bjorn Andersson: "This introduces device managed versions of functions used to register remoteproc devices, add support for remoteproc driver specific resource control, enables remoteproc drivers to specify ELF class and machine for coredumps. It integrates pm_runtime in the core for keeping resources active while the remote is booted and holds a wake source while recoverying a remote processor after a firmware crash. It refactors the remoteproc device's allocation path to simplify the logic, fix a few cleanup bugs and to not clone const strings onto the heap. Debugfs code is simplifies using the DEFINE_SHOW_ATTRIBUTE and a zero-length array is replaced with flexible-array. A new remoteproc driver for the JZ47xx VPU is introduced, the Qualcomm SM8250 gains support for audio, compute and sensor remoteprocs and the Qualcomm SC7180 modem support is cleaned up and improved. The Qualcomm glink subsystem-restart driver is merged into the main glink driver, the Qualcomm sysmon driver is extended to properly notify remote processors about all other remote processors' state transitions" * tag 'rproc-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc: (43 commits) remoteproc: Fix an error code in devm_rproc_alloc() MAINTAINERS: Add myself as reviewer for Ingenic rproc driver remoteproc: ingenic: Added remoteproc driver remoteproc: Add support for runtime PM dt-bindings: Document JZ47xx VPU auxiliary processor remoteproc: wcss: Fix arguments passed to qcom_add_glink_subdev() remoteproc: Fix and restore the parenting hierarchy for vdev remoteproc: Fall back to using parent memory pool if no dedicated available remoteproc: Replace zero-length array with flexible-array remoteproc: wcss: add support for rpmsg communication remoteproc: core: Prevent system suspend during remoteproc recovery remoteproc: qcom_q6v5_mss: Remove unused q6v5_da_to_va function remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use remoteproc: qcom_q6v5_mss: Drop accesses to MPSS PERPH register space dt-bindings: remoteproc: qcom: Replace halt-nav with spare-regs remoteproc: qcom: pas: Add SM8250 PAS remoteprocs dt-bindings: remoteproc: qcom: pas: Add SM8250 remoteprocs remoteproc: qcom_q6v5_mss: Extract mba/mpss from memory-region dt-bindings: remoteproc: qcom: Use memory-region to reference memory remoteproc: qcom: pas: Add SC7180 Modem support ... commit d26a42a9614083413e778832a6efbdf0038c3bff Merge: 95288a9b3bee 4f05fc33bebd Author: Linus Torvalds Date: Mon Jun 8 12:58:12 2020 -0700 Merge tag 'rpmsg-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc Pull rpmsg updates from Bjorn Andersson: "This replaces a zero-length array with flexible-array and fixes a typo in a comment in the rpmsg core" * tag 'rpmsg-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc: rpmsg: Replace zero-length array with flexible-array rpmsg: fix a comment typo for rpmsg_device_match() commit 95288a9b3beee8dd69d73b7691e36f2f231b7903 Merge: ca687877e05a dc1dad8e1a61 Author: Linus Torvalds Date: Mon Jun 8 12:49:18 2020 -0700 Merge tag 'ceph-for-5.8-rc1' of git://github.com/ceph/ceph-client Pull ceph updates from Ilya Dryomov: "The highlights are: - OSD/MDS latency and caps cache metrics infrastructure for the filesytem (Xiubo Li). Currently available through debugfs and will be periodically sent to the MDS in the future. - support for replica reads (balanced and localized reads) for rbd and the filesystem (myself). The default remains to always read from primary, users can opt-in with the new crush_location and read_from_replica options. Note that reading from replica is safe for general use only since Octopus. - support for RADOS allocation hint flags (myself). Currently used by rbd to propagate the compressible/incompressible hint given with the new compression_hint map option and ready for passing on more advanced hints, e.g. based on fadvise() from the filesystem. - support for efficient cross-quota-realm renames (Luis Henriques) - assorted cap handling improvements and cleanups, particularly untangling some of the locking (Jeff Layton)" * tag 'ceph-for-5.8-rc1' of git://github.com/ceph/ceph-client: (29 commits) rbd: compression_hint option libceph: support for alloc hint flags libceph: read_from_replica option libceph: support for balanced and localized reads libceph: crush_location infrastructure libceph: decode CRUSH device/bucket types and names libceph: add non-asserting rbtree insertion helper ceph: skip checking caps when session reconnecting and releasing reqs ceph: make sure mdsc->mutex is nested in s->s_mutex to fix dead lock ceph: don't return -ESTALE if there's still an open file libceph, rbd: replace zero-length array with flexible-array ceph: allow rename operation under different quota realms ceph: normalize 'delta' parameter usage in check_quota_exceeded ceph: ceph_kick_flushing_caps needs the s_mutex ceph: request expedited service on session's last cap flush ceph: convert mdsc->cap_dirty to a per-session list ceph: reset i_requested_max_size if file write is not wanted ceph: throw a warning if we destroy session with mutex still locked ceph: fix potential race in ceph_check_caps ceph: document what protects i_dirty_item and i_flushing_item ... commit f5fa38c59cb0b40633dee5cdf7465801be3e4928 Author: Pavel Begunkov Date: Mon Jun 8 21:08:20 2020 +0300 io_wq: add per-wq work handler instead of per work io_uring is the only user of io-wq, and now it uses only io-wq callback for all its requests, namely io_wq_submit_work(). Instead of storing work->runner callback in each instance of io_wq_work, keep it in io-wq itself. pros: - reduces io_wq_work size - more robust -- ->func won't be invalidated with mem{cpy,set}(req) - helps other work Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit d4c81f38522f3e7f4be1b472ef9988d0ed7f3696 Author: Pavel Begunkov Date: Mon Jun 8 21:08:19 2020 +0300 io_uring: don't arm a timeout through work.func Remove io_link_work_cb() -- the last custom work.func. Not the prettiest thing, but works. Instead of queueing a linked timeout in io_link_work_cb() mark a request with REQ_F_QUEUE_TIMEOUT and do enqueueing based on the flag in io_wq_submit_work(). Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit ac45abc0e2a8ed16ecc0eea039fe762ddfefbcad Author: Pavel Begunkov Date: Mon Jun 8 21:08:18 2020 +0300 io_uring: remove custom ->func handlers In preparation of getting rid of work.func, this removes almost all custom instances of it, leaving only io_wq_submit_work() and io_link_work_cb(). And the last one will be dealt later. Nothing fancy, just routinely remove *_finish() function and inline what's left. E.g. remove io_fsync_finish() + inline __io_fsync() into io_fsync(). As no users of io_req_cancelled() are left, delete it as well. The patch adds extra switch lookup on cold-ish path, but that's overweighted by nice diffstat and other benefits of the following patches. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 3af73b286ccee493dc055fc58da02b2dc7a5304d Author: Pavel Begunkov Date: Mon Jun 8 21:08:17 2020 +0300 io_uring: don't derive close state from ->func Relying on having a specific work.func is dangerous, even if an opcode handler set it itself. E.g. io_wq_assign_next() can modify it. io_close() sets a custom work.func to indicate that __close_fd_get_file() was already called. Fortunately, there is no bugs with io_wq_assign_next() and close yet. Still, do it safe and always be prepared to be called through io_wq_submit_work(). Zero req->close.put_file in prep, and call __close_fd_get_file() IFF it's NULL. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit ca687877e05ad1bf5b4cefd9cdd091044626deac Merge: 23fc02e36e4f 300e549b6e53 Author: Linus Torvalds Date: Mon Jun 8 12:47:09 2020 -0700 Merge tag 'gfs2-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Pull gfs2 updates from Andreas Gruenbacher: - An iopen glock locking scheme rework that speeds up deletes of inodes accessed from multiple nodes - Various bug fixes and debugging improvements - Convert gfs2-glocks.txt to ReST * tag 'gfs2-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: fix use-after-free on transaction ail lists gfs2: new slab for transactions gfs2: initialize transaction tr_ailX_lists earlier gfs2: Smarter iopen glock waiting gfs2: Wake up when setting GLF_DEMOTE gfs2: Check inode generation number in delete_work_func gfs2: Move inode generation number check into gfs2_inode_lookup gfs2: Minor gfs2_lookup_by_inum cleanup gfs2: Try harder to delete inodes locally gfs2: Give up the iopen glock on contention gfs2: Turn gl_delete into a delayed work gfs2: Keep track of deleted inode generations in LVBs gfs2: Allow ASPACE glocks to also have an lvb gfs2: instrumentation wrt log_flush stuck gfs2: introduce new gfs2_glock_assert_withdraw gfs2: print mapping->nrpages in glock dump for address space glocks gfs2: Only do glock put in gfs2_create_inode for free inodes gfs2: Allow lock_nolock mount to specify jid=X gfs2: Don't ignore inode write errors during inode_go_sync docs: filesystems: convert gfs2-glocks.txt to ReST commit f8d8b46cd20e3a262c17ba1061640d9c190ad769 Author: Masahiro Yamada Date: Tue May 5 19:03:19 2020 +0900 scripts/dtc: use pkg-config to include in non-standard path Commit 067c650c456e ("dtc: Use pkg-config to locate libyaml") added 'pkg-config --libs' to link libyaml installed in a non-standard location. yamltree.c includes , but that commit did not add the search path for . If /usr/include/yaml.h does not exist, it fails to build. A user can explicitly pass HOSTCFLAGS to work around it, but the policy is not consistent. There are two ways to deal with libraries in a non-default location. [1] Use HOSTCFLAGS and HOSTLDFLAGS for additional search paths for headers and libraries. They are documented in Documentation/kbuild/kbuild.rst $ make HOSTCFLAGS='-I /include' HOSTLDFLAGS='-L /lib' [2] Use pkg-config 'pkg-config --cflags' for querying the header search path 'pkg-config --libs' for querying the lib and its path If we go with pkg-config, use [2] consistently. Do not mix up [1] and [2]. Signed-off-by: Masahiro Yamada Signed-off-by: Rob Herring commit 23fc02e36e4f657af242e59175c891b27c704935 Merge: 4e3a16ee9148 bfa50e1427e4 Author: Linus Torvalds Date: Mon Jun 8 12:05:31 2020 -0700 Merge tag 's390-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 updates from Vasily Gorbik: - Add support for multi-function devices in pci code. - Enable PF-VF linking for architectures using the pdev->no_vf_scan flag (currently just s390). - Add reipl from NVMe support. - Get rid of critical section cleanup in entry.S. - Refactor PNSO CHSC (perform network subchannel operation) in cio and qeth. - QDIO interrupts and error handling fixes and improvements, more refactoring changes. - Align ioremap() with generic code. - Accept requests without the prefetch bit set in vfio-ccw. - Enable path handling via two new regions in vfio-ccw. - Other small fixes and improvements all over the code. * tag 's390-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (52 commits) vfio-ccw: make vfio_ccw_regops variables declarations static vfio-ccw: Add trace for CRW event vfio-ccw: Wire up the CRW irq and CRW region vfio-ccw: Introduce a new CRW region vfio-ccw: Refactor IRQ handlers vfio-ccw: Introduce a new schib region vfio-ccw: Refactor the unregister of the async regions vfio-ccw: Register a chp_event callback for vfio-ccw vfio-ccw: Introduce new helper functions to free/destroy regions vfio-ccw: document possible errors vfio-ccw: Enable transparent CCW IPL from DASD s390/pci: Log new handle in clp_disable_fh() s390/cio, s390/qeth: cleanup PNSO CHSC s390/qdio: remove q->first_to_kick s390/qdio: fix up qdio_start_irq() kerneldoc s390: remove critical section cleanup from entry.S s390: add machine check SIGP s390/pci: ioremap() align with generic code s390/ap: introduce new ap function ap_get_qdev() Documentation/s390: Update / remove developerWorks web links ... commit 4e3a16ee9148e966678bbc713579235422271a63 Merge: 9413b9a690ec 431275afdc71 Author: Linus Torvalds Date: Mon Jun 8 11:42:23 2020 -0700 Merge tag 'iommu-updates-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull iommu updates from Joerg Roedel: "A big part of this is a change in how devices get connected to IOMMUs in the core code. It contains the change from the old add_device() / remove_device() to the new probe_device() / release_device() call-backs. As a result functionality that was previously in the IOMMU drivers has been moved to the IOMMU core code, including IOMMU group allocation for each device. The reason for this change was to get more robust allocation of default domains for the iommu groups. A couple of fixes were necessary after this was merged into the IOMMU tree, but there are no known bugs left. The last fix is applied on-top of the merge commit for the topic branches. Other than that change, we have: - Removal of the driver private domain handling in the Intel VT-d driver. This was fragile code and I am glad it is gone now. - More Intel VT-d updates from Lu Baolu: - Nested Shared Virtual Addressing (SVA) support to the Intel VT-d driver - Replacement of the Intel SVM interfaces to the common IOMMU SVA API - SVA Page Request draining support - ARM-SMMU Updates from Will: - Avoid mapping reserved MMIO space on SMMUv3, so that it can be claimed by the PMU driver - Use xarray to manage ASIDs on SMMUv3 - Reword confusing shutdown message - DT compatible string updates - Allow implementations to override the default domain type - A new IOMMU driver for the Allwinner Sun50i platform - Support for ATS gets disabled for untrusted devices (like Thunderbolt devices). This includes a PCI patch, acked by Bjorn. - Some cleanups to the AMD IOMMU driver to make more use of IOMMU core features. - Unification of some printk formats in the Intel and AMD IOMMU drivers and in the IOVA code. - Updates for DT bindings - A number of smaller fixes and cleanups. * tag 'iommu-updates-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (109 commits) iommu: Check for deferred attach in iommu_group_do_dma_attach() iommu/amd: Remove redundant devid checks iommu/amd: Store dev_data as device iommu private data iommu/amd: Merge private header files iommu/amd: Remove PD_DMA_OPS_MASK iommu/amd: Consolidate domain allocation/freeing iommu/amd: Free page-table in protection_domain_free() iommu/amd: Allocate page-table in protection_domain_init() iommu/amd: Let free_pagetable() not rely on domain->pt_root iommu/amd: Unexport get_dev_data() iommu/vt-d: Fix compile warning iommu/vt-d: Remove real DMA lookup in find_domain iommu/vt-d: Allocate domain info for real DMA sub-devices iommu/vt-d: Only clear real DMA device's context entries iommu: Remove iommu_sva_ops::mm_exit() uacce: Remove mm_exit() op iommu/sun50i: Constify sun50i_iommu_ops iommu/hyper-v: Constify hyperv_ir_domain_ops iommu/vt-d: Use pci_ats_supported() iommu/arm-smmu-v3: Use pci_ats_supported() ... commit 33d077996a87175b155fe88030e8fec7ca76327e Author: Stefano Brivio Date: Wed Jun 3 01:50:11 2020 +0200 netfilter: nft_set_rbtree: Don't account for expired elements on insertion While checking the validity of insertion in __nft_rbtree_insert(), we currently ignore conflicting elements and intervals only if they are not active within the next generation. However, if we consider expired elements and intervals as potentially conflicting and overlapping, we'll return error for entries that should be added instead. This is particularly visible with garbage collection intervals that are comparable with the element timeout itself, as reported by Mike Dillinger. Other than the simple issue of denying insertion of valid entries, this might also result in insertion of a single element (opening or closing) out of a given interval. With single entries (that are inserted as intervals of size 1), this leads in turn to the creation of new intervals. For example: # nft add element t s { 192.0.2.1 } # nft list ruleset [...] elements = { 192.0.2.1-255.255.255.255 } Always ignore expired elements active in the next generation, while checking for conflicts. It might be more convenient to introduce a new macro that covers both inactive and expired items, as this type of check also appears quite frequently in other set back-ends. This is however beyond the scope of this fix and can be deferred to a separate patch. Other than the overlap detection cases introduced by commit 7c84d41416d8 ("netfilter: nft_set_rbtree: Detect partial overlaps on insertion"), we also have to cover the original conflict check dealing with conflicts between two intervals of size 1, which was introduced before support for timeout was introduced. This won't return an error to the user as -EEXIST is masked by nft if NLM_F_EXCL is not given, but would result in a silent failure adding the entry. Reported-by: Mike Dillinger Cc: # 5.6.x Fixes: 8d8540c4f5e0 ("netfilter: nft_set_rbtree: add timeout support") Fixes: 7c84d41416d8 ("netfilter: nft_set_rbtree: Detect partial overlaps on insertion") Signed-off-by: Stefano Brivio Acked-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso commit 9413b9a690ec8aeaedea74bb875079d36f295304 Merge: 107821669a9c efe792f39ddb Author: Linus Torvalds Date: Mon Jun 8 11:33:38 2020 -0700 Merge tag 'drm-next-msm-5.8-2020-06-08' of git://anongit.freedesktop.org/drm/drm Pull drm msm updates from Dave Airlie: "This tree has been in next for a couple of weeks, but Rob missed an arm32 build issue, so I was awaiting the tree with a patch reverted. - new gpu support: a405, a640, a650 - dpu: color processing support - mdp5: support for msm8x36 (the thing with a405) - some prep work for per-context pagetables (ie the part that does not depend on in-flight iommu patches) - last but not least, UABI update for submit ioctl to support syncobj (from Bas)" * tag 'drm-next-msm-5.8-2020-06-08' of git://anongit.freedesktop.org/drm/drm: (30 commits) Revert "drm/msm/dpu: add support for clk and bw scaling for display" drm/msm/a6xx: skip HFI set freq if GMU is powered down drm/msm: Update the MMU helper function APIs drm/msm: Refactor address space initialization drm/msm: Attach the IOMMU device during initialization drm/msm/dpu: dpu_setup_dspp_pcc() can be static drm/msm/a6xx: a6xx_hfi_send_start() can be static drm/msm/a4xx: add a405_registers for a405 device drm/msm/a4xx: add adreno a405 support drm/msm/a6xx: update a6xx_hw_init for A640 and A650 drm/msm/a6xx: enable GMU log drm/msm/a6xx: update pdc/rscc GMU registers for A640/A650 drm/msm/a6xx: A640/A650 GMU firmware path drm/msm/a6xx: HFI v2 for A640 and A650 drm/msm/a6xx: add A640/A650 to gpulist drm/msm/a6xx: use msm_gem for GMU memory objects drm/msm: add internal MSM_BO_MAP_PRIV flag drm/msm: add msm_gem_get_and_pin_iova_range drm/msm: Check for powered down HW in the devfreq callbacks drm/msm/dpu: update bandwidth threshold check ... commit 107821669a9cbf234f260d576039983b64c7cb6d Merge: 20b0d0672216 8d286e2ff440 Author: Linus Torvalds Date: Mon Jun 8 11:31:10 2020 -0700 Merge tag 'drm-next-2020-06-08' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "These are the fixes from last week for the stuff merged in the merge window. It got a bunch of nouveau fixes for HDA audio on some new GPUs, some i915 and some amdpgu fixes. i915: - gvt: Fix one clang warning on debug only function - Use ARRAY_SIZE for coccicheck warning - Use after free fix for display global state. - Whitelisting context-local timestamp on Gen9 and two scheduler fixes with deps (Cc: stable) - Removal of write flag from sysfs files where ineffective nouveau: - HDMI/DP audio HDA fixes - display hang fix for Volta/Turing - GK20A regression fix. amdgpu: - Prevent hwmon accesses while GPU is in reset - CTF interrupt fix - Backlight fix for renoir - Fix for display sync groups - Display bandwidth validation workaround" * tag 'drm-next-2020-06-08' of git://anongit.freedesktop.org/drm/drm: (28 commits) drm/nouveau/kms/nv50-: clear SW state of disabled windows harder drm/nouveau: gr/gk20a: Use firmware version 0 drm/nouveau/disp/gm200-: detect and potentially disable HDA support on some SORs drm/nouveau/disp/gp100: split SOR implementation from gm200 drm/nouveau/disp: modify OR allocation policy to account for HDA requirements drm/nouveau/disp: split part of OR allocation logic into a function drm/nouveau/disp: provide hint to OR allocation about HDA requirements drm/amd/display: Revalidate bandwidth before commiting DC updates drm/amdgpu/display: use blanked rather than plane state for sync groups drm/i915/params: fix i915.fake_lmem_start module param sysfs permissions drm/i915/params: don't expose inject_probe_failure in debugfs drm/i915: Whitelist context-local timestamp in the gen9 cmdparser drm/i915: Fix global state use-after-frees with a refcount drm/i915: Check for awaits on still currently executing requests drm/i915/gt: Do not schedule normal requests immediately along virtual drm/i915: Reorder await_execution before await_request drm/nouveau/kms/gt215-: fix race with audio driver runpm drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection Revert "drm/amd/display: disable dcn20 abm feature for bring up" drm/amd/powerplay: ack the SMUToHost interrupt on receive V2 ... commit 20b0d06722169e6e66049c8fe6f1a48adffb79c6 Merge: 63d72b93f226 db33ec371be8 Author: Linus Torvalds Date: Mon Jun 8 11:11:38 2020 -0700 Merge branch 'akpm' (patches from Andrew) Merge still more updates from Andrew Morton: "Various trees. Mainly those parts of MM whose linux-next dependents are now merged. I'm still sitting on ~160 patches which await merges from -next. Subsystems affected by this patch series: mm/proc, ipc, dynamic-debug, panic, lib, sysctl, mm/gup, mm/pagemap" * emailed patches from Andrew Morton : (52 commits) doc: cgroup: update note about conditions when oom killer is invoked module: move the set_fs hack for flush_icache_range to m68k nommu: use flush_icache_user_range in brk and mmap binfmt_flat: use flush_icache_user_range exec: use flush_icache_user_range in read_code exec: only build read_code when needed m68k: implement flush_icache_user_range arm: rename flush_cache_user_range to flush_icache_user_range xtensa: implement flush_icache_user_range sh: implement flush_icache_user_range asm-generic: add a flush_icache_user_range stub mm: rename flush_icache_user_range to flush_icache_user_page arm,sparc,unicore32: remove flush_icache_user_range riscv: use asm-generic/cacheflush.h powerpc: use asm-generic/cacheflush.h openrisc: use asm-generic/cacheflush.h m68knommu: use asm-generic/cacheflush.h microblaze: use asm-generic/cacheflush.h ia64: use asm-generic/cacheflush.h hexagon: use asm-generic/cacheflush.h ... commit db33ec371be8e45956e8cebb5b0fe641f008430b Author: Konstantin Khlebnikov Date: Sun Jun 7 21:42:55 2020 -0700 doc: cgroup: update note about conditions when oom killer is invoked Starting from v4.19 commit 29ef680ae7c2 ("memcg, oom: move out_of_memory back to the charge path") cgroup oom killer is no longer invoked only from page faults. Now it implements the same semantics as global OOM killer: allocation context invokes OOM killer and keeps retrying until success. [akpm@linux-foundation.org: fixes per Randy] Signed-off-by: Konstantin Khlebnikov Signed-off-by: Andrew Morton Acked-by: Michal Hocko Cc: Roman Gushchin Cc: Randy Dunlap Link: http://lkml.kernel.org/r/158894738928.208854.5244393925922074518.stgit@buzz Signed-off-by: Linus Torvalds commit 490741ab1beb9c9f6580e30c7cd91b17a7560369 Author: Christoph Hellwig Date: Sun Jun 7 21:42:52 2020 -0700 module: move the set_fs hack for flush_icache_range to m68k flush_icache_range generally operates on kernel addresses, but for some reason m68k needed a set_fs override. Move that into the m68k code insted of keeping it in the module loader. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Reviewed-by: Geert Uytterhoeven Acked-by: Geert Uytterhoeven Acked-by: Jessica Yu Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Martin KaFai Lau Cc: Song Liu Cc: Yonghong Song Link: http://lkml.kernel.org/r/20200515143646.3857579-30-hch@lst.de Signed-off-by: Linus Torvalds commit a75a2df68f87c4924c614204a85b29d82d5c7dc4 Author: Christoph Hellwig Date: Sun Jun 7 21:42:49 2020 -0700 nommu: use flush_icache_user_range in brk and mmap These obviously operate on user addresses. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Greg Ungerer Cc: Geert Uytterhoeven Link: http://lkml.kernel.org/r/20200515143646.3857579-29-hch@lst.de Signed-off-by: Linus Torvalds commit 79ef1e1fffebcfcb2c93463ca8d0f4a03eceb8f1 Author: Christoph Hellwig Date: Sun Jun 7 21:42:46 2020 -0700 binfmt_flat: use flush_icache_user_range load_flat_file works on user addresses. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Greg Ungerer Cc: Alexander Viro Link: http://lkml.kernel.org/r/20200515143646.3857579-28-hch@lst.de Signed-off-by: Linus Torvalds commit bce2b68b891af3dd02fdc1603786c1c28db8bfad Author: Christoph Hellwig Date: Sun Jun 7 21:42:43 2020 -0700 exec: use flush_icache_user_range in read_code read_code operates on user addresses. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexander Viro Link: http://lkml.kernel.org/r/20200515143646.3857579-27-hch@lst.de Signed-off-by: Linus Torvalds commit 48304f7994d74ef8fddde3ff27ce41aa61453d39 Author: Christoph Hellwig Date: Sun Jun 7 21:42:40 2020 -0700 exec: only build read_code when needed Only build read_code when binary formats that use it are built into the kernel. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexander Viro Link: http://lkml.kernel.org/r/20200515143646.3857579-26-hch@lst.de Signed-off-by: Linus Torvalds commit a1e81f9654eef650d3ee35c94a8cab00b5cd379c Author: Christoph Hellwig Date: Sun Jun 7 21:42:37 2020 -0700 m68k: implement flush_icache_user_range Rename the current flush_icache_range to flush_icache_user_range as per commit ae92ef8a4424 ("PATCH] flush icache in correct context") there seems to be an assumption that it operates on user addresses. Add a flush_icache_range around it that for now is a no-op. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Geert Uytterhoeven Cc: Geert Uytterhoeven Link: http://lkml.kernel.org/r/20200515143646.3857579-25-hch@lst.de Signed-off-by: Linus Torvalds commit fca7f8e6fdeb716420a348acf6ca9bc7e609f5c0 Author: Christoph Hellwig Date: Sun Jun 7 21:42:34 2020 -0700 arm: rename flush_cache_user_range to flush_icache_user_range flush_icache_user_range will be the name for a generic primitive. Move the arm name so that arm already has an implementation. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Russell King Link: http://lkml.kernel.org/r/20200515143646.3857579-24-hch@lst.de Signed-off-by: Linus Torvalds commit 70cd3444c17d80d227c9c6ff2287f10b7114e479 Author: Christoph Hellwig Date: Sun Jun 7 21:42:32 2020 -0700 xtensa: implement flush_icache_user_range The Xtensa implementation of flush_icache_range seems to be able to cope with user addresses. Just define flush_icache_user_range to flush_icache_range. [jcmvbkbc@gmail.com: fix flush_icache_user_range in noMMU configs] Link: http://lkml.kernel.org/r/20200525221556.4270-1-jcmvbkbc@gmail.com Signed-off-by: Christoph Hellwig Signed-off-by: Max Filippov Signed-off-by: Andrew Morton Cc: Chris Zankel Cc: Max Filippov Link: http://lkml.kernel.org/r/20200515143646.3857579-23-hch@lst.de Signed-off-by: Linus Torvalds commit 952ec41c44a4e9802f2c991912c117d2347832af Author: Christoph Hellwig Date: Sun Jun 7 21:42:28 2020 -0700 sh: implement flush_icache_user_range The SuperH implementation of flush_icache_range seems to be able to cope with user addresses. Just define flush_icache_user_range to flush_icache_range. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Yoshinori Sato Cc: Rich Felker Link: http://lkml.kernel.org/r/20200515143646.3857579-22-hch@lst.de Signed-off-by: Linus Torvalds commit 1268c33382facefd9c389d4c425e8f906f279c7b Author: Christoph Hellwig Date: Sun Jun 7 21:42:26 2020 -0700 asm-generic: add a flush_icache_user_range stub Define flush_icache_user_range to flush_icache_range unless the architecture provides its own implementation. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Arnd Bergmann Link: http://lkml.kernel.org/r/20200515143646.3857579-21-hch@lst.de Signed-off-by: Linus Torvalds commit 885f7f8e30468705926b3de53d32925bd7a51a03 Author: Christoph Hellwig Date: Sun Jun 7 21:42:22 2020 -0700 mm: rename flush_icache_user_range to flush_icache_user_page The function currently known as flush_icache_user_range only operates on a single page. Rename it to flush_icache_user_page as we'll need the name flush_icache_user_range for something else soon. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Geert Uytterhoeven Cc: Richard Henderson Cc: Ivan Kokshaysky Cc: Matt Turner Cc: Tony Luck Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Vincent Chen Cc: Jonas Bonn Cc: Stefan Kristiansson Cc: Stafford Horne Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Paul Walmsley Cc: Palmer Dabbelt Cc: Albert Ou Cc: Arnd Bergmann Cc: Peter Zijlstra Cc: Ingo Molnar Cc: Arnaldo Carvalho de Melo Cc: Mark Rutland Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Namhyung Kim Link: http://lkml.kernel.org/r/20200515143646.3857579-20-hch@lst.de Signed-off-by: Linus Torvalds commit 97f52c1536f041fd9f0b62667864930c92ac93cf Author: Christoph Hellwig Date: Sun Jun 7 21:42:19 2020 -0700 arm,sparc,unicore32: remove flush_icache_user_range flush_icache_user_range is only used by , so remove it from the architectures that implement it, but don't use . Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Russell King Cc: "David S. Miller" Cc: Guan Xuetao Link: http://lkml.kernel.org/r/20200515143646.3857579-19-hch@lst.de Signed-off-by: Linus Torvalds commit 396eb69c6e3914c4aa7b2bdeaa7476cc48265df6 Author: Christoph Hellwig Date: Sun Jun 7 21:42:15 2020 -0700 riscv: use asm-generic/cacheflush.h RISC-V needs almost no cache flushing routines of its own. Rely on asm-generic/cacheflush.h for the defaults. Also remove the pointless __KERNEL__ ifdef while we're at it. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Reviewed-by: Palmer Dabbelt Acked-by: Palmer Dabbelt Cc: Paul Walmsley Cc: Palmer Dabbelt Cc: Albert Ou Link: http://lkml.kernel.org/r/20200515143646.3857579-18-hch@lst.de Signed-off-by: Linus Torvalds commit 5019f76019e5780bad60248638891d13fd905e6e Author: Christoph Hellwig Date: Sun Jun 7 21:42:12 2020 -0700 powerpc: use asm-generic/cacheflush.h Power needs almost no cache flushing routines of its own. Rely on asm-generic/cacheflush.h for the defaults. Also remove the pointless __KERNEL__ ifdef while we're at it. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Link: http://lkml.kernel.org/r/20200515143646.3857579-17-hch@lst.de Signed-off-by: Linus Torvalds commit e050945123065b1804446cf68cdd8dc2a6a2b9f2 Author: Christoph Hellwig Date: Sun Jun 7 21:42:09 2020 -0700 openrisc: use asm-generic/cacheflush.h OpenRISC needs almost no cache flushing routines of its own. Rely on asm-generic/cacheflush.h for the defaults. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Jonas Bonn Cc: Stefan Kristiansson Cc: Stafford Horne Link: http://lkml.kernel.org/r/20200515143646.3857579-16-hch@lst.de Signed-off-by: Linus Torvalds commit 9e730ffac148127bc0cbc45097fe23d7e29a8130 Author: Christoph Hellwig Date: Sun Jun 7 21:42:06 2020 -0700 m68knommu: use asm-generic/cacheflush.h m68knommu needs almost no cache flushing routines of its own. Rely on asm-generic/cacheflush.h for the defaults. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Greg Ungerer Cc: Greg Ungerer Cc: Geert Uytterhoeven Link: http://lkml.kernel.org/r/20200515143646.3857579-15-hch@lst.de Signed-off-by: Linus Torvalds commit 03518c82b4b33592fed428d38925ce59df91b1c9 Author: Christoph Hellwig Date: Sun Jun 7 21:42:04 2020 -0700 microblaze: use asm-generic/cacheflush.h Microblaze needs almost no cache flushing routines of its own. Rely on asm-generic/cacheflush.h for the defaults. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Michal Simek Link: http://lkml.kernel.org/r/20200515143646.3857579-14-hch@lst.de Signed-off-by: Linus Torvalds commit 57b94ff59796bfbf7debebb2293b66d96f726a12 Author: Christoph Hellwig Date: Sun Jun 7 21:42:01 2020 -0700 ia64: use asm-generic/cacheflush.h IA64 needs almost no cache flushing routines of its own. Rely on asm-generic/cacheflush.h for the defaults. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Tony Luck Cc: Fenghua Yu Link: http://lkml.kernel.org/r/20200515143646.3857579-13-hch@lst.de Signed-off-by: Linus Torvalds commit af23eea561961108b22422750f07025d2fd91240 Author: Christoph Hellwig Date: Sun Jun 7 21:41:58 2020 -0700 hexagon: use asm-generic/cacheflush.h Hexagon needs almost no cache flushing routines of its own. Rely on asm-generic/cacheflush.h for the defaults. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Brian Cain Link: http://lkml.kernel.org/r/20200515143646.3857579-12-hch@lst.de Signed-off-by: Linus Torvalds commit 2d49d89c73fe9b76b02799a71e768b312ad65039 Author: Christoph Hellwig Date: Sun Jun 7 21:41:55 2020 -0700 c6x: use asm-generic/cacheflush.h C6x needs almost no cache flushing routines of its own. Rely on asm-generic/cacheflush.h for the defaults. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Mark Salter Cc: Aurelien Jacquiot Link: http://lkml.kernel.org/r/20200515143646.3857579-11-hch@lst.de Signed-off-by: Linus Torvalds commit a7ba121215faad444f94db5e89eb5d7dfc58ecb2 Author: Christoph Hellwig Date: Sun Jun 7 21:41:51 2020 -0700 arm64: use asm-generic/cacheflush.h ARM64 needs almost no cache flushing routines of its own. Rely on asm-generic/cacheflush.h for the defaults. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Catalin Marinas Cc: Will Deacon Link: http://lkml.kernel.org/r/20200515143646.3857579-10-hch@lst.de Signed-off-by: Linus Torvalds commit 43c74ca337ce623a5f0cb93e2903f4a88d3e98a7 Author: Christoph Hellwig Date: Sun Jun 7 21:41:48 2020 -0700 alpha: use asm-generic/cacheflush.h Alpha needs almost no cache flushing routines of its own. Rely on asm-generic/cacheflush.h for the defaults. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Richard Henderson Cc: Ivan Kokshaysky Cc: Matt Turner Link: http://lkml.kernel.org/r/20200515143646.3857579-9-hch@lst.de Signed-off-by: Linus Torvalds commit 76b3b58fac350c45e44a3868946ff5e454e8d367 Author: Christoph Hellwig Date: Sun Jun 7 21:41:45 2020 -0700 asm-generic: improve the flush_dcache_page stub There is a magic ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE cpp symbol that guards non-stub availability of flush_dcache_pagge. Use that to check if flush_dcache_pagg is implemented. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Arnd Bergmann Link: http://lkml.kernel.org/r/20200515143646.3857579-8-hch@lst.de Signed-off-by: Linus Torvalds commit e0cf615d725cb3b69f0bdf1d8afdd4d4c31b4fd1 Author: Christoph Hellwig Date: Sun Jun 7 21:41:42 2020 -0700 asm-generic: don't include in cacheflush.h This seems to lead to some crazy include loops when using asm-generic/cacheflush.h on more architectures, so leave it to the arch header for now. [hch@lst.de: fix warning] Link: http://lkml.kernel.org/r/20200520173520.GA11199@lst.de Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Will Deacon Cc: Nick Piggin Cc: Peter Zijlstra Cc: Jeff Dike Cc: Richard Weinberger Cc: Anton Ivanov Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Dan Williams Cc: Vishal Verma Cc: Dave Jiang Cc: Keith Busch Cc: Ira Weiny Cc: Arnd Bergmann Link: http://lkml.kernel.org/r/20200515143646.3857579-7-hch@lst.de Signed-off-by: Linus Torvalds commit 92a73bd29ad0a31cfa9241e86a557252ac77b217 Author: Christoph Hellwig Date: Sun Jun 7 21:41:39 2020 -0700 asm-generic: fix the inclusion guards for cacheflush.h cacheflush.h uses a somewhat to generic include guard name that clashes with various arch files. Use a more specific one. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Arnd Bergmann Link: http://lkml.kernel.org/r/20200515143646.3857579-6-hch@lst.de Signed-off-by: Linus Torvalds commit 7c95fda549bdd6308dc833e13263227a7238c50d Author: Christoph Hellwig Date: Sun Jun 7 21:41:36 2020 -0700 unicore32: remove flush_cache_user_range flush_cache_user_range is an ARMism not used by any generic or unicore32 specific code. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Guan Xuetao Link: http://lkml.kernel.org/r/20200515143646.3857579-5-hch@lst.de Signed-off-by: Linus Torvalds commit e292e7403e3fe048abec1a5fd83b3181748dcb1d Author: Christoph Hellwig Date: Sun Jun 7 21:41:32 2020 -0700 powerpc: unexport flush_icache_user_range flush_icache_user_range is only used by copy_to_user_page, which is only used by core VM code. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Link: http://lkml.kernel.org/r/20200515143646.3857579-4-hch@lst.de Signed-off-by: Linus Torvalds commit e7c1fa11b0b007e5b74c39be38d507d06aa19e8d Author: Christoph Hellwig Date: Sun Jun 7 21:41:29 2020 -0700 nds32: unexport flush_icache_page flush_icache_page is only used by mm/memory.c. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Greentime Hu Cc: Vincent Chen Link: http://lkml.kernel.org/r/20200515143646.3857579-3-hch@lst.de Signed-off-by: Linus Torvalds commit ce450ebf6179acf6e90dcc090e90face215faec4 Author: Christoph Hellwig Date: Sun Jun 7 21:41:25 2020 -0700 arm: fix the flush_icache_range arguments in set_fiq_handler Patch series "sort out the flush_icache_range mess", v2. flush_icache_range is mostly used for kernel address, except for the following cases: - the nommu brk and mmap implementations - the read_code helper that is only used for binfmt_flat, binfmt_elf_fdpic, and binfmt_aout including the broken ia32 compat version - binfmt_flat itself none of which really are used by a typical MMU enabled kernel, as a.out can only be build for alpha and m68k to start with. But strangely enough commit ae92ef8a4424 ("PATCH] flush icache in correct context") added a "set_fs(KERNEL_DS)" around the flush_icache_range call in the module loader, because apparently m68k assumed user pointers. This series first cleans up the cacheflush implementations, largely by switching as much as possible to the asm-generic version after a few preparations, then moves the misnamed current flush_icache_user_range to a new name, to finally introduce a real flush_icache_user_range to be used for the above use cases to flush the instruction cache for a userspace address range. The last patch then drops the set_fs in the module code and moves it into the m68k implementation. This patch (of 29): The arguments passed look bogus, try to fix them to something that seems to make sense. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Roman Zippel Cc: Jessica Yu Cc: Michal Simek Cc: Albert Ou Cc: Alexander Shishkin Cc: Alexander Viro Cc: Alexei Starovoitov Cc: Anton Ivanov Cc: Arnaldo Carvalho de Melo Cc: Aurelien Jacquiot Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Brian Cain Cc: Catalin Marinas Cc: Christoph Hellwig Cc: Chris Zankel Cc: Daniel Borkmann Cc: Dan Williams Cc: Dave Jiang Cc: "David S. Miller" Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Ira Weiny Cc: Ivan Kokshaysky Cc: Jeff Dike Cc: Jiri Olsa Cc: Jonas Bonn Cc: Keith Busch Cc: Mark Rutland Cc: Mark Salter Cc: Martin KaFai Lau Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Namhyung Kim Cc: Nick Piggin Cc: Palmer Dabbelt Cc: Palmer Dabbelt Cc: Paul Mackerras Cc: Paul Walmsley Cc: Peter Zijlstra Cc: Richard Henderson Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Song Liu Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Thomas Gleixner Cc: Tony Luck Cc: Vincent Chen Cc: Vishal Verma Cc: Will Deacon Cc: Yonghong Song Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200515143646.3857579-1-hch@lst.de Link: http://lkml.kernel.org/r/20200515143646.3857579-2-hch@lst.de Signed-off-by: Linus Torvalds commit 690623e1b49603bdd3df4532b7911a2ce26fb4c4 Author: John Hubbard Date: Sun Jun 7 21:41:15 2020 -0700 vhost: convert get_user_pages() --> pin_user_pages() This code was using get_user_pages*(), in approximately a "Case 5" scenario (accessing the data within a page), using the categorization from [1]. That means that it's time to convert the get_user_pages*() + put_page() calls to pin_user_pages*() + unpin_user_pages() calls. There is some helpful background in [2]: basically, this is a small part of fixing a long-standing disconnect between pinning pages, and file systems' use of those pages. [1] Documentation/core-api/pin_user_pages.rst [2] "Explicit pinning of user-space pages": https://lwn.net/Articles/807108/ Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Reviewed-by: Jan Kara Acked-by: Michael S. Tsirkin Acked-by: Pankaj Gupta Cc: Jason Wang Cc: Dave Chinner Cc: Jérôme Glisse Cc: Jonathan Corbet Cc: Souptick Joarder Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20200529234309.484480-3-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit eaf4d22a9ea419bc4c85ad8f825a331bcc1ae340 Author: John Hubbard Date: Sun Jun 7 21:41:11 2020 -0700 docs: mm/gup: pin_user_pages.rst: add a "case 5" Patch series "vhost, docs: convert to pin_user_pages(), new "case 5"" It recently became clear to me that there are some get_user_pages*() callers that don't fit neatly into any of the four cases that are so far listed in pin_user_pages.rst. vhost.c is one of those. Add a Case 5 to the documentation, and refer to that when converting vhost.c. Thanks to Jan Kara for helping me (again) in understanding the interaction between get_user_pages() and page writeback [1]. This is based on today's mmotm, which has a nearby patch to pin_user_pages.rst that rewords cases 3 and 4. Note that I have only compile-tested the vhost.c patch, although that does also include cross-compiling for a few other arches. Any run-time testing would be greatly appreciated. [1] https://lore.kernel.org/r/20200529070343.GL14550@quack2.suse.cz This patch (of 2): There are four cases listed in pin_user_pages.rst. These are intended to help developers figure out whether to use get_user_pages*(), or pin_user_pages*(). However, the four cases do not cover all the situations. For example, drivers/vhost/vhost.c has a "pin, write to page, set page dirty, unpin" case. Add a fifth case, to help explain that there is a general pattern that requires pin_user_pages*() API calls. [jhubbard@nvidia.com: v2] Link: http://lkml.kernel.org/r/20200601052633.853874-2-jhubbard@nvidia.com Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Cc: Vlastimil Babka Cc: Jan Kara Cc: Jérôme Glisse Cc: Dave Chinner Cc: Jonathan Corbet Cc: Souptick Joarder Cc: "Michael S . Tsirkin" Cc: Jason Wang Link: http://lkml.kernel.org/r/20200529234309.484480-1-jhubbard@nvidia.com Link: http://lkml.kernel.org/r/20200529234309.484480-2-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit 6a005645edd6de2b535783c96e66e08cccc5e067 Author: John Hubbard Date: Sun Jun 7 21:41:08 2020 -0700 mm/gup: documentation fix for pin_user_pages*() APIs All of the pin_user_pages*() API calls will cause pages to be dma-pinned. As such, they are all suitable for either DMA, RDMA, and/or Direct IO. The documentation should say so, but it was instead saying that three of the API calls were only suitable for Direct IO. This was discovered when a reviewer wondered why an API call that specifically recommended against Case 2 (DMA/RDMA) was being used in a DMA situation [1]. Fix this by simply deleting those claims. The gup.c comments already refer to the more extensive Documentation/core-api/pin_user_pages.rst, which does have the correct guidance. So let's just write it once, there. [1] https://lore.kernel.org/r/20200529074658.GM30374@kadam Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Acked-by: Pankaj Gupta Acked-by: Souptick Joarder Cc: Dan Carpenter Cc: Jan Kara Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20200529084515.46259-1-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit 55a650c35fea7cfdf989647f37960dfaf76da737 Author: John Hubbard Date: Sun Jun 7 21:41:05 2020 -0700 mm/gup: frame_vector: convert get_user_pages() --> pin_user_pages() This code was using get_user_pages*(), and all of the callers so far were in a "Case 2" scenario (DMA/RDMA), using the categorization from [1]. That means that it's time to convert the get_user_pages*() + put_page() calls to pin_user_pages*() + unpin_user_pages() calls. There is some helpful background in [2]: basically, this is a small part of fixing a long-standing disconnect between pinning pages, and file systems' use of those pages. [1] Documentation/core-api/pin_user_pages.rst [2] "Explicit pinning of user-space pages": https://lwn.net/Articles/807108/ Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Acked-by: David Hildenbrand Cc: Daniel Vetter Cc: Jérôme Glisse Cc: Vlastimil Babka Cc: Jan Kara Cc: Dave Chinner Cc: Pankaj Gupta Cc: Souptick Joarder Link: http://lkml.kernel.org/r/20200527223243.884385-3-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit 420c2091b65a95b1daea4c36d27df4ac5f38033d Author: John Hubbard Date: Sun Jun 7 21:41:02 2020 -0700 mm/gup: introduce pin_user_pages_locked() Patch series "mm/gup: introduce pin_user_pages_locked(), use it in frame_vector.c", v2. This adds yet one more pin_user_pages*() variant, and uses that to convert mm/frame_vector.c. With this, along with maybe 20 or 30 other recent patches in various trees, we are close to having the relevant gup call sites converted--with the notable exception of the bio/block layer. This patch (of 2): Introduce pin_user_pages_locked(), which is nearly identical to get_user_pages_locked() except that it sets FOLL_PIN and rejects FOLL_GET. As with other pairs of get_user_pages*() and pin_user_pages() API calls, it's prudent to assert that FOLL_PIN is *not* set in the get_user_pages*() call, so add that as part of this. [jhubbard@nvidia.com: v2] Link: http://lkml.kernel.org/r/20200531234131.770697-2-jhubbard@nvidia.com Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Acked-by: Pankaj Gupta Cc: Daniel Vetter Cc: Jérôme Glisse Cc: Vlastimil Babka Cc: Jan Kara Cc: Dave Chinner Cc: Souptick Joarder Link: http://lkml.kernel.org/r/20200531234131.770697-1-jhubbard@nvidia.com Link: http://lkml.kernel.org/r/20200527223243.884385-1-jhubbard@nvidia.com Link: http://lkml.kernel.org/r/20200527223243.884385-2-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit a8f80f53fb5c367e1a160adfb3b092a788faeb29 Author: John Hubbard Date: Sun Jun 7 21:40:59 2020 -0700 mm/gup: update pin_user_pages.rst for "case 3" (mmu notifiers) Update case 3 so that it covers the use of mmu notifiers, for hardware that does, or does not have replayable page faults. Also, elaborate case 4 slightly, as it was quite cryptic. Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Cc: Daniel Vetter Cc: Jérôme Glisse Cc: Vlastimil Babka Cc: Jan Kara Cc: Dave Chinner Cc: Jonathan Corbet Link: http://lkml.kernel.org/r/20200527194953.11130-1-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit dadbb612f6e50bbf9101c2f5d82690ce9ea4d66b Author: Souptick Joarder Date: Sun Jun 7 21:40:55 2020 -0700 mm/gup.c: convert to use get_user_{page|pages}_fast_only() API __get_user_pages_fast() renamed to get_user_pages_fast_only() to align with pin_user_pages_fast_only(). As part of this we will get rid of write parameter. Instead caller will pass FOLL_WRITE to get_user_pages_fast_only(). This will not change any existing functionality of the API. All the callers are changed to pass FOLL_WRITE. Also introduce get_user_page_fast_only(), and use it in a few places that hard-code nr_pages to 1. Updated the documentation of the API. Signed-off-by: Souptick Joarder Signed-off-by: Andrew Morton Reviewed-by: John Hubbard Reviewed-by: Paul Mackerras [arch/powerpc/kvm] Cc: Matthew Wilcox Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Peter Zijlstra Cc: Ingo Molnar Cc: Mark Rutland Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Namhyung Kim Cc: Paolo Bonzini Cc: Stephen Rothwell Cc: Mike Rapoport Cc: Aneesh Kumar K.V Cc: Michal Suchanek Link: http://lkml.kernel.org/r/1590396812-31277-1-git-send-email-jrdr.linux@gmail.com Signed-off-by: Linus Torvalds commit e77132e75845470065768e2205727e6be52cb7f4 Author: Rafael Aquini Date: Sun Jun 7 21:40:51 2020 -0700 kernel/sysctl.c: ignore out-of-range taint bits introduced via kernel.tainted Users with SYS_ADMIN capability can add arbitrary taint flags to the running kernel by writing to /proc/sys/kernel/tainted or issuing the command 'sysctl -w kernel.tainted=...'. This interface, however, is open for any integer value and this might cause an invalid set of flags being committed to the tainted_mask bitset. This patch introduces a simple way for proc_taint() to ignore any eventual invalid bit coming from the user input before committing those bits to the kernel tainted_mask. Signed-off-by: Rafael Aquini Signed-off-by: Andrew Morton Reviewed-by: Luis Chamberlain Cc: Kees Cook Cc: Iurii Zaikin Cc: "Theodore Ts'o" Link: http://lkml.kernel.org/r/20200512223946.888020-1-aquini@redhat.com Signed-off-by: Linus Torvalds commit 60c958d8df9cfc40b745d6cd583cfbfa7525ead6 Author: Guilherme G. Piccoli Date: Sun Jun 7 21:40:48 2020 -0700 panic: add sysctl to dump all CPUs backtraces on oops event Usually when the kernel reaches an oops condition, it's a point of no return; in case not enough debug information is available in the kernel splat, one of the last resorts would be to collect a kernel crash dump and analyze it. The problem with this approach is that in order to collect the dump, a panic is required (to kexec-load the crash kernel). When in an environment of multiple virtual machines, users may prefer to try living with the oops, at least until being able to properly shutdown their VMs / finish their important tasks. This patch implements a way to collect a bit more debug details when an oops event is reached, by printing all the CPUs backtraces through the usage of NMIs (on architectures that support that). The sysctl added (and documented) here was called "oops_all_cpu_backtrace", and when set will (as the name suggests) dump all CPUs backtraces. Far from ideal, this may be the last option though for users that for some reason cannot panic on oops. Most of times oopses are clear enough to indicate the kernel portion that must be investigated, but in virtual environments it's possible to observe hypervisor/KVM issues that could lead to oopses shown in other guests CPUs (like virtual APIC crashes). This patch hence aims to help debug such complex issues without resorting to kdump. Signed-off-by: Guilherme G. Piccoli Signed-off-by: Andrew Morton Reviewed-by: Kees Cook Cc: Luis Chamberlain Cc: Iurii Zaikin Cc: Thomas Gleixner Cc: Vlastimil Babka Cc: Randy Dunlap Cc: Matthew Wilcox Link: http://lkml.kernel.org/r/20200327224116.21030-1-gpiccoli@canonical.com Signed-off-by: Linus Torvalds commit 0ec9dc9bcba0a62b0844e54c1caf6b8b0bf6b5b4 Author: Guilherme G. Piccoli Date: Sun Jun 7 21:40:45 2020 -0700 kernel/hung_task.c: introduce sysctl to print all traces when a hung task is detected Commit 401c636a0eeb ("kernel/hung_task.c: show all hung tasks before panic") introduced a change in that we started to show all CPUs backtraces when a hung task is detected _and_ the sysctl/kernel parameter "hung_task_panic" is set. The idea is good, because usually when observing deadlocks (that may lead to hung tasks), the culprit is another task holding a lock and not necessarily the task detected as hung. The problem with this approach is that dumping backtraces is a slightly expensive task, specially printing that on console (and specially in many CPU machines, as servers commonly found nowadays). So, users that plan to collect a kdump to investigate the hung tasks and narrow down the deadlock definitely don't need the CPUs backtrace on dmesg/console, which will delay the panic and pollute the log (crash tool would easily grab all CPUs traces with 'bt -a' command). Also, there's the reciprocal scenario: some users may be interested in seeing the CPUs backtraces but not have the system panic when a hung task is detected. The current approach hence is almost as embedding a policy in the kernel, by forcing the CPUs backtraces' dump (only) on hung_task_panic. This patch decouples the panic event on hung task from the CPUs backtraces dump, by creating (and documenting) a new sysctl called "hung_task_all_cpu_backtrace", analog to the approach taken on soft/hard lockups, that have both a panic and an "all_cpu_backtrace" sysctl to allow individual control. The new mechanism for dumping the CPUs backtraces on hung task detection respects "hung_task_warnings" by not dumping the traces in case there's no warnings left. Signed-off-by: Guilherme G. Piccoli Signed-off-by: Andrew Morton Reviewed-by: Kees Cook Cc: Tetsuo Handa Link: http://lkml.kernel.org/r/20200327223646.20779-1-gpiccoli@canonical.com Signed-off-by: Linus Torvalds commit f117955a2255721a6a0e9cecf6cad3a6eb43cbc3 Author: Guilherme G. Piccoli Date: Sun Jun 7 21:40:42 2020 -0700 kernel/watchdog.c: convert {soft/hard}lockup boot parameters to sysctl aliases After a recent change introduced by Vlastimil's series [0], kernel is able now to handle sysctl parameters on kernel command line; also, the series introduced a simple infrastructure to convert legacy boot parameters (that duplicate sysctls) into sysctl aliases. This patch converts the watchdog parameters softlockup_panic and {hard,soft}lockup_all_cpu_backtrace to use the new alias infrastructure. It fixes the documentation too, since the alias only accepts values 0 or 1, not the full range of integers. We also took the opportunity here to improve the documentation of the previously converted hung_task_panic (see the patch series [0]) and put the alias table in alphabetical order. [0] http://lkml.kernel.org/r/20200427180433.7029-1-vbabka@suse.cz Signed-off-by: Guilherme G. Piccoli Signed-off-by: Andrew Morton Acked-by: Vlastimil Babka Cc: Kees Cook Cc: Iurii Zaikin Cc: Luis Chamberlain Link: http://lkml.kernel.org/r/20200507214624.21911-1-gpiccoli@canonical.com Signed-off-by: Linus Torvalds commit 4f2f682d89d83fb6194562321d875253282d8496 Author: Vlastimil Babka Date: Sun Jun 7 21:40:38 2020 -0700 lib/test_sysctl: support testing of sysctl. boot parameter Testing is done by a new parameter debug.test_sysctl.boot_int which defaults to 0 and it's expected that the tester passes a boot parameter that sets it to 1. The test checks if it's set to 1. To distinguish true failure from parameter not being set, the test checks /proc/cmdline for the expected parameter, and whether test_sysctl is built-in and not a module. [vbabka@suse.cz: skip the new test if boot_int sysctl is not present] Link: http://lkml.kernel.org/r/305af605-1e60-cf84-fada-6ce1ca37c102@suse.cz Signed-off-by: Vlastimil Babka Signed-off-by: Andrew Morton Cc: Alexey Dobriyan Cc: Christian Brauner Cc: David Rientjes Cc: "Eric W . Biederman" Cc: Greg Kroah-Hartman Cc: "Guilherme G . Piccoli" Cc: Iurii Zaikin Cc: Ivan Teterevkov Cc: Kees Cook Cc: Luis Chamberlain Cc: Masami Hiramatsu Cc: Matthew Wilcox Cc: Michal Hocko Cc: Michal Hocko Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200427180433.7029-6-vbabka@suse.cz Signed-off-by: Linus Torvalds commit 4546cde96f9fbef8f59c645f2e0677b5a390ed0d Author: Vlastimil Babka Date: Sun Jun 7 21:40:35 2020 -0700 tools/testing/selftests/sysctl/sysctl.sh: support CONFIG_TEST_SYSCTL=y The testing script recommends CONFIG_TEST_SYSCTL=y, but actually only works with CONFIG_TEST_SYSCTL=m. Testing of sysctl setting via boot param however requires the test to be built-in, so make sure the test script supports it. Signed-off-by: Vlastimil Babka Signed-off-by: Andrew Morton Acked-by: Luis Chamberlain Cc: Alexey Dobriyan Cc: Christian Brauner Cc: David Rientjes Cc: "Eric W . Biederman" Cc: Greg Kroah-Hartman Cc: "Guilherme G . Piccoli" Cc: Iurii Zaikin Cc: Ivan Teterevkov Cc: Kees Cook Cc: Masami Hiramatsu Cc: Matthew Wilcox Cc: Michal Hocko Cc: Michal Hocko Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200427180433.7029-5-vbabka@suse.cz Signed-off-by: Linus Torvalds commit b467f3ef3c50c4fa8926ca07f7db9a33a645e13a Author: Vlastimil Babka Date: Sun Jun 7 21:40:31 2020 -0700 kernel/hung_task convert hung_task_panic boot parameter to sysctl We can now handle sysctl parameters on kernel command line and have infrastructure to convert legacy command line options that duplicate sysctl to become a sysctl alias. This patch converts the hung_task_panic parameter. Note that the sysctl handler is more strict and allows only 0 and 1, while the legacy parameter allowed any non-zero value. But there is little reason anyone would not be using 1. Signed-off-by: Vlastimil Babka Signed-off-by: Andrew Morton Reviewed-by: Kees Cook Acked-by: Michal Hocko Cc: Alexey Dobriyan Cc: Christian Brauner Cc: David Rientjes Cc: "Eric W . Biederman" Cc: Greg Kroah-Hartman Cc: "Guilherme G . Piccoli" Cc: Iurii Zaikin Cc: Ivan Teterevkov Cc: Luis Chamberlain Cc: Masami Hiramatsu Cc: Matthew Wilcox Cc: Michal Hocko Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200427180433.7029-4-vbabka@suse.cz Signed-off-by: Linus Torvalds commit 0a477e1ae21b28267b9bd8599f75c115291b1666 Author: Vlastimil Babka Date: Sun Jun 7 21:40:27 2020 -0700 kernel/sysctl: support handling command line aliases We can now handle sysctl parameters on kernel command line, but historically some parameters introduced their own command line equivalent, which we don't want to remove for compatibility reasons. We can, however, convert them to the generic infrastructure with a table translating the legacy command line parameters to their sysctl names, and removing the one-off param handlers. This patch adds the support and makes the first conversion to demonstrate it, on the (deprecated) numa_zonelist_order parameter. Signed-off-by: Vlastimil Babka Signed-off-by: Andrew Morton Reviewed-by: Luis Chamberlain Acked-by: Kees Cook Acked-by: Michal Hocko Cc: Alexey Dobriyan Cc: Christian Brauner Cc: David Rientjes Cc: "Eric W . Biederman" Cc: Greg Kroah-Hartman Cc: "Guilherme G . Piccoli" Cc: Iurii Zaikin Cc: Ivan Teterevkov Cc: Masami Hiramatsu Cc: Matthew Wilcox Cc: Michal Hocko Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200427180433.7029-3-vbabka@suse.cz Signed-off-by: Linus Torvalds commit 3db978d480e2843979a2b56f2f7da726f2b295b2 Author: Vlastimil Babka Date: Sun Jun 7 21:40:24 2020 -0700 kernel/sysctl: support setting sysctl parameters from kernel command line Patch series "support setting sysctl parameters from kernel command line", v3. This series adds support for something that seems like many people always wanted but nobody added it yet, so here's the ability to set sysctl parameters via kernel command line options in the form of sysctl.vm.something=1 The important part is Patch 1. The second, not so important part is an attempt to clean up legacy one-off parameters that do the same thing as a sysctl. I don't want to remove them completely for compatibility reasons, but with generic sysctl support the idea is to remove the one-off param handlers and treat the parameters as aliases for the sysctl variants. I have identified several parameters that mention sysctl counterparts in Documentation/admin-guide/kernel-parameters.txt but there might be more. The conversion also has varying level of success: - numa_zonelist_order is converted in Patch 2 together with adding the necessary infrastructure. It's easy as it doesn't really do anything but warn on deprecated value these days. - hung_task_panic is converted in Patch 3, but there's a downside that now it only accepts 0 and 1, while previously it was any integer value - nmi_watchdog maps to two sysctls nmi_watchdog and hardlockup_panic, so there's no straighforward conversion possible - traceoff_on_warning is a flag without value and it would be required to handle that somehow in the conversion infractructure, which seems pointless for a single flag This patch (of 5): A recently proposed patch to add vm_swappiness command line parameter in addition to existing sysctl [1] made me wonder why we don't have a general support for passing sysctl parameters via command line. Googling found only somebody else wondering the same [2], but I haven't found any prior discussion with reasons why not to do this. Settings the vm_swappiness issue aside (the underlying issue might be solved in a different way), quick search of kernel-parameters.txt shows there are already some that exist as both sysctl and kernel parameter - hung_task_panic, nmi_watchdog, numa_zonelist_order, traceoff_on_warning. A general mechanism would remove the need to add more of those one-offs and might be handy in situations where configuration by e.g. /etc/sysctl.d/ is impractical. Hence, this patch adds a new parse_args() pass that looks for parameters prefixed by 'sysctl.' and tries to interpret them as writes to the corresponding sys/ files using an temporary in-kernel procfs mount. This mechanism was suggested by Eric W. Biederman [3], as it handles all dynamically registered sysctl tables, even though we don't handle modular sysctls. Errors due to e.g. invalid parameter name or value are reported in the kernel log. The processing is hooked right before the init process is loaded, as some handlers might be more complicated than simple setters and might need some subsystems to be initialized. At the moment the init process can be started and eventually execute a process writing to /proc/sys/ then it should be also fine to do that from the kernel. Sysctls registered later on module load time are not set by this mechanism - it's expected that in such scenarios, setting sysctl values from userspace is practical enough. [1] https://lore.kernel.org/r/BL0PR02MB560167492CA4094C91589930E9FC0@BL0PR02MB5601.namprd02.prod.outlook.com/ [2] https://unix.stackexchange.com/questions/558802/how-to-set-sysctl-using-kernel-command-line-parameter [3] https://lore.kernel.org/r/87bloj2skm.fsf@x220.int.ebiederm.org/ Signed-off-by: Vlastimil Babka Signed-off-by: Andrew Morton Reviewed-by: Luis Chamberlain Reviewed-by: Masami Hiramatsu Acked-by: Kees Cook Acked-by: Michal Hocko Cc: Iurii Zaikin Cc: Ivan Teterevkov Cc: Michal Hocko Cc: David Rientjes Cc: Matthew Wilcox Cc: "Eric W . Biederman" Cc: "Guilherme G . Piccoli" Cc: Alexey Dobriyan Cc: Thomas Gleixner Cc: Greg Kroah-Hartman Cc: Christian Brauner Link: http://lkml.kernel.org/r/20200427180433.7029-1-vbabka@suse.cz Link: http://lkml.kernel.org/r/20200427180433.7029-2-vbabka@suse.cz Signed-off-by: Linus Torvalds commit 01f39c1c11ee5bf44a1df49e47eb53a86515b9dc Author: Manfred Spraul Date: Sun Jun 7 21:40:20 2020 -0700 xarray.h: correct return code documentation for xa_store_{bh,irq}() __xa_store() and xa_store() document that the functions can fail, and that the return code can be an xa_err() encoded error code. xa_store_bh() and xa_store_irq() do not document that the functions can fail and that they can also return xa_err() encoded error codes. Thus: Update the documentation. Signed-off-by: Manfred Spraul Signed-off-by: Andrew Morton Cc: Matthew Wilcox Link: http://lkml.kernel.org/r/20200430111424.16634-1-manfred@colorfullife.com Signed-off-by: Linus Torvalds commit db38d5c106dfdd7cb7207c83267d82fdf4950b61 Author: Rafael Aquini Date: Sun Jun 7 21:40:17 2020 -0700 kernel: add panic_on_taint Analogously to the introduction of panic_on_warn, this patch introduces a kernel option named panic_on_taint in order to provide a simple and generic way to stop execution and catch a coredump when the kernel gets tainted by any given flag. This is useful for debugging sessions as it avoids having to rebuild the kernel to explicitly add calls to panic() into the code sites that introduce the taint flags of interest. For instance, if one is interested in proceeding with a post-mortem analysis at the point a given code path is hitting a bad page (i.e. unaccount_page_cache_page(), or slab_bug()), a coredump can be collected by rebooting the kernel with 'panic_on_taint=0x20' amended to the command line. Another, perhaps less frequent, use for this option would be as a means for assuring a security policy case where only a subset of taints, or no single taint (in paranoid mode), is allowed for the running system. The optional switch 'nousertaint' is handy in this particular scenario, as it will avoid userspace induced crashes by writes to sysctl interface /proc/sys/kernel/tainted causing false positive hits for such policies. [akpm@linux-foundation.org: tweak kernel-parameters.txt wording] Suggested-by: Qian Cai Signed-off-by: Rafael Aquini Signed-off-by: Andrew Morton Reviewed-by: Luis Chamberlain Cc: Dave Young Cc: Baoquan He Cc: Jonathan Corbet Cc: Kees Cook Cc: Randy Dunlap Cc: "Theodore Ts'o" Cc: Adrian Bunk Cc: Greg Kroah-Hartman Cc: Laura Abbott Cc: Jeff Mahoney Cc: Jiri Kosina Cc: Takashi Iwai Link: http://lkml.kernel.org/r/20200515175502.146720-1-aquini@redhat.com Signed-off-by: Linus Torvalds commit ceabef7dd71720aef58bd182943352c9c307a3de Author: Orson Zhai Date: Sun Jun 7 21:40:14 2020 -0700 dynamic_debug: add an option to enable dynamic debug for modules only Instead of enabling dynamic debug globally with CONFIG_DYNAMIC_DEBUG, CONFIG_DYNAMIC_DEBUG_CORE will only enable core function of dynamic debug. With the DYNAMIC_DEBUG_MODULE defined for any modules, dynamic debug will be tied to them. This is useful for people who only want to enable dynamic debug for kernel modules without worrying about kernel image size and memory consumption is increasing too much. [orson.zhai@unisoc.com: v2] Link: http://lkml.kernel.org/r/1587408228-10861-1-git-send-email-orson.unisoc@gmail.com Signed-off-by: Orson Zhai Signed-off-by: Andrew Morton Acked-by: Greg Kroah-Hartman Acked-by: Petr Mladek Cc: Jonathan Corbet Cc: Sergey Senozhatsky Cc: Steven Rostedt Cc: Jason Baron Cc: Randy Dunlap Link: http://lkml.kernel.org/r/1586521984-5890-1-git-send-email-orson.unisoc@gmail.com Signed-off-by: Linus Torvalds commit e1eb26fa62d04ec0955432be1aa8722a97cb52e7 Author: Giuseppe Scrivano Date: Sun Jun 7 21:40:10 2020 -0700 ipc/namespace.c: use a work queue to free_ipc the reason is to avoid a delay caused by the synchronize_rcu() call in kern_umount() when the mqueue mount is freed. the code: #define _GNU_SOURCE #include #include #include #include int main() { int i; for (i = 0; i < 1000; i++) if (unshare(CLONE_NEWIPC) < 0) error(EXIT_FAILURE, errno, "unshare"); } goes from Command being timed: "./ipc-namespace" User time (seconds): 0.00 System time (seconds): 0.06 Percent of CPU this job got: 0% Elapsed (wall clock) time (h:mm:ss or m:ss): 0:08.05 to Command being timed: "./ipc-namespace" User time (seconds): 0.00 System time (seconds): 0.02 Percent of CPU this job got: 96% Elapsed (wall clock) time (h:mm:ss or m:ss): 0:00.03 Signed-off-by: Giuseppe Scrivano Signed-off-by: Andrew Morton Reviewed-by: Paul E. McKenney Reviewed-by: Waiman Long Cc: Davidlohr Bueso Cc: Manfred Spraul Link: http://lkml.kernel.org/r/20200225145419.527994-1-gscrivan@redhat.com Signed-off-by: Linus Torvalds commit 4b78e2013a374f379457ceba7dc860d9fc28156b Author: Jules Irenge Date: Sun Jun 7 21:40:07 2020 -0700 ipc/msg: add missing annotation for freeque() Sparse reports a warning at freeque() warning: context imbalance in freeque() - unexpected unlock The root cause is the missing annotation at freeque() Add the missing __releases(RCU) annotation Add the missing __releases(&msq->q_perm) annotation Signed-off-by: Jules Irenge Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Boqun Feng Cc: Lu Shuaibing Cc: Nathan Chancellor Cc: Manfred Spraul Cc: Davidlohr Bueso Link: http://lkml.kernel.org/r/20200403160505.2832-2-jbi.octave@gmail.com Signed-off-by: Linus Torvalds commit 92fb1db26eefc11554820f11ce8e92007da2fbf4 Author: SeongJae Park Date: Sun Jun 7 21:40:04 2020 -0700 mm/page_idle.c: skip offline pages 'Idle page tracking' users can pass random pfn that might be mapped to an offline page. To avoid accessing such pages, this commit modifies the 'page_idle_get_page()' to use 'pfn_to_online_page()' instead of 'pfn_valid()' and 'pfn_to_page()' combination, so that the pfn mapped to an offline page can be skipped. Reported-by: David Hildenbrand Signed-off-by: SeongJae Park Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Reviewed-by: Pankaj Gupta Link: http://lkml.kernel.org/r/20200605092502.18018-2-sjpark@amazon.com Signed-off-by: Linus Torvalds commit 63d72b93f2262900c8de74ad0f5a58e0d452c9d3 Author: Linus Torvalds Date: Sun Jun 7 12:19:06 2020 -0700 vfs: clean up posix_acl_permission() logic aroudn MAY_NOT_BLOCK posix_acl_permission() does not care about MAY_NOT_BLOCK, and in fact the permission logic internally must not check that bit (it's only for upper layers to decide whether they can block to do IO to look up the acl information or not). But the way the code was written, it _looked_ like it cared, since the function explicitly did not mask that bit off. But it has exactly two callers: one for when that bit is set, which first clears the bit before calling posix_acl_permission(), and the other call site when that bit was clear. So stop the silly games "saving" the MAY_NOT_BLOCK bit that must not be used for the actual permission test, and that currently is pointlessly cleared by the callers when the function itself should just not care. Signed-off-by: Linus Torvalds commit 5fc475b749c72e0b3f3991b33a90d302f52ae746 Author: Linus Torvalds Date: Fri Jun 5 13:40:45 2020 -0700 vfs: do not do group lookup when not necessary Rasmus Villemoes points out that the 'in_group_p()' tests can be a noticeable expense, and often completely unnecessary. A common situation is that the 'group' bits are the same as the 'other' bits wrt the permissions we want to test. So rewrite 'acl_permission_check()' to not bother checking for group ownership when the permission check doesn't care. For example, if we're asking for read permissions, and both 'group' and 'other' allow reading, there's really no reason to check if we're part of the group or not: either way, we'll allow it. Rasmus says: "On a bog-standard Ubuntu 20.04 install, a workload consisting of compiling lots of userspace programs (i.e., calling lots of short-lived programs that all need to get their shared libs mapped in, and the compilers poking around looking for system headers - lots of /usr/lib, /usr/bin, /usr/include/ accesses) puts in_group_p around 0.1% according to perf top. System-installed files are almost always 0755 (directories and binaries) or 0644, so in most cases, we can avoid the binary search and the cost of pulling the cred->groups array and in_group_p() .text into the cpu cache" Reported-by: Rasmus Villemoes Signed-off-by: Linus Torvalds commit 951e2736f4b11b58dc44d41964fa17c3527d882a Author: Michał Mirosław Date: Mon Jun 8 18:50:39 2020 +0200 ALSA: pcm: disallow linking stream to itself Prevent SNDRV_PCM_IOCTL_LINK linking stream to itself - the code can't handle it. Fixed commit is not where bug was introduced, but changes the context significantly. Cc: stable@vger.kernel.org Fixes: 0888c321de70 ("pcm_native: switch to fdget()/fdput()") Signed-off-by: Michał Mirosław Link: https://lore.kernel.org/r/89c4a2487609a0ed6af3ecf01cc972bdc59a7a2d.1591634956.git.mirq-linux@rere.qmqm.pl Signed-off-by: Takashi Iwai commit 88d8822d30cc6f668d44a1a7466bed5a1f85f607 Author: Takashi Iwai Date: Fri Jun 5 08:41:17 2020 +0200 ALSA: usb-audio: Manage auto-pm of all bundled interfaces Currently USB-audio driver manages the auto-pm of the primary interface although a card may consist of multiple interfaces. This may leave the secondary and other interfaces left running unnecessarily after the auto-suspend. This patch allows the driver managing the auto-pm of all bundled interfaces per card. The chip->pm_intf field is extended as chip->intf[] to contain the array of assigned interfaces, and the runtime-PM is performed to all those interfaces. Tested-by: Macpaul Lin Link: https://lore.kernel.org/r/20200605064117.28504-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit 4263eb6880df8383fff0efb872278a99eb6142c8 Merge: 636338d7968e 8e326a8bdef3 Author: Tony Lindgren Date: Mon Jun 8 10:14:49 2020 -0700 Merge branch 'fixes-v5.7' into fixes commit 8e326a8bdef3fb42b92bf2742e8405d9b9209367 Author: Suman Anna Date: Fri Jun 5 17:13:47 2020 -0500 ARM: dts: dra7-evm-common: Fix duplicate mailbox nodes The mailbox nodes defined in various dts files have been moved to common dra7-ipu-dsp-common.dtsi and dra74-ipu-dsp-common.dtsi files in commit a11a2f73b32d ("ARM: dts: dra7-ipu-dsp-common: Move mailboxes into common files"), but the nodes were erroneously left out in the dra7-evm-common.dtsi file. Fix this by removing these duplicate nodes. Fixes: a11a2f73b32d ("ARM: dts: dra7-ipu-dsp-common: Move mailboxes into common files") Signed-off-by: Suman Anna Signed-off-by: Tony Lindgren commit ebf89ed78b6ad6bc53f49a9dc0754fa97bb11e4a Author: Suman Anna Date: Fri Jun 5 17:13:46 2020 -0500 ARM: dts: dra7: Fix timer nodes properly for timer_sys_ck clocks The commit 5390130f3b28 ("ARM: dts: dra7: add timer_sys_ck entries for IPU/DSP timers") was added to allow the OMAP clocksource timer driver to use the clock aliases when reconfiguring the parent clock source for the timer functional clocks after the timer_sys_ck clock aliases got cleaned up in commit a8202cd5174d ("clk: ti: dra7: drop unnecessary clock aliases"). The above patch however has missed adding the entries for couple of timers (14, 15 and 16), and also added erroneously in the parent ti-sysc nodes for couple of clocks (timers 4, 5 and 6). Fix these properly, so that any of these timers can be used with OMAP remoteproc IPU and DSP devices. The always-on timers 1 and 12 are not expected to use this clock source, so they are not modified. Fixes: 5390130f3b28 ("ARM: dts: dra7: add timer_sys_ck entries for IPU/DSP timers") Signed-off-by: Suman Anna Signed-off-by: Tony Lindgren commit 6a9110f9f7e96a059902415b4ac90b07e5f06961 Merge: 9f872f924545 5390130f3b28 Author: Tony Lindgren Date: Mon Jun 8 10:11:49 2020 -0700 Merge commit '5390130f3b288db7d67de5e6c29d0de70d327ff0' into fixes-v5.7 commit 9f872f924545324a06fa216ad38132804c20f2db Author: Oskar Holmlund Date: Fri Jun 5 19:51:09 2020 +0200 ARM: dts: Fix am33xx.dtsi ti,sysc-mask wrong softreset flag AM335x TRM: Figure 16-23 define sysconfig register and soft_reset are in first position corresponding to SYSC_OMAP4_SOFTRESET defined in ti-sysc.h. Fixes: 0782e8572ce4 ("ARM: dts: Probe am335x musb with ti-sysc") Signed-off-by: Oskar Holmlund Signed-off-by: Tony Lindgren commit 3f311e8993ed18fb7325373ec0f82a7f8e8be82e Author: Oskar Holmlund Date: Fri Jun 5 19:49:23 2020 +0200 ARM: dts: Fix am33xx.dtsi USB ranges length AM335x TRM: Table 2-1 defines USBSS - USB Queue Manager in memory region 0x4740 0000 to 0x4740 7FFF. Looks like the older TRM revisions list the range from 0x5000 to 0x8000 as reserved. Fixes: 0782e8572ce4 ("ARM: dts: Probe am335x musb with ti-sysc") Signed-off-by: Oskar Holmlund [tony@atomide.com: updated comments] Signed-off-by: Tony Lindgren commit 146f5cdeda153a1c7866cd240d2f464543d368c0 Author: SeongJae Park Date: Sat Jun 6 10:37:46 2020 +0200 docs/memory-barriers.txt/kokr: smp_mb__{before,after}_atomic(): update Documentation Translate this commit to Korean: 39323c64b8a9 ("smp_mb__{before,after}_atomic(): update Documentation") Signed-off-by: SeongJae Park Reviewed-by: Yunjae Lee Link: https://lore.kernel.org/r/20200606083746.20869-1-sjpark@amazon.de Signed-off-by: Jonathan Corbet commit a8c73c1a614f6da6c0b04c393f87447e28cb6de4 Author: Denis Efremov Date: Fri Jun 5 12:32:03 2020 +0300 io_uring: use kvfree() in io_sqe_buffer_register() Use kvfree() to free the pages and vmas, since they are allocated by kvmalloc_array() in a loop. Fixes: d4ef647510b1 ("io_uring: avoid page allocation warnings") Signed-off-by: Denis Efremov Signed-off-by: Jens Axboe Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200605093203.40087-1-efremov@linux.com commit efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff Author: Bijan Mottahedeh Date: Thu Jun 4 18:01:52 2020 -0700 io_uring: validate the full range of provided buffers for access Account for the number of provided buffers when validating the address range. Signed-off-by: Bijan Mottahedeh Signed-off-by: Jens Axboe commit 3699158d3fe31a7739356ce4ad6934d6ede445c7 Author: Dejin Zheng Date: Wed May 27 22:45:31 2020 +0800 Documentation: devres: add missing entry for devm_platform_get_and_ioremap_resource() The devm_platform_get_and_ioremap_resource() should be documented in devres.rst. Add the missing entry. Signed-off-by: Dejin Zheng Link: https://lore.kernel.org/r/20200527144531.9376-1-zhengdejin5@gmail.com Signed-off-by: Jonathan Corbet commit 93431e0607e58a3c997a134adc0fad4fdc147dab Author: Alexander A. Klimov Date: Tue May 26 08:05:44 2020 +0200 Replace HTTP links with HTTPS ones: documentation Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov Link: https://lore.kernel.org/r/20200526060544.25127-1-grandmaster@al2klimov.de Signed-off-by: Jonathan Corbet commit b55e45a59cb6a421fc52084ea154e7cf21e6b569 Author: Lukas Bulwahn Date: Sun May 31 20:56:18 2020 +0200 docs: it_IT: address invalid reference warnings Documentation generation warns: it_IT/kernel-hacking/hacking.rst: WARNING: unknown document: ../core-api/symbol/namespaces it_IT/process/5.Posting.rst: WARNING: undefined label: it_email_clients it_IT/process/submitting-patches.rst: WARNING: undefined label: it_email_clients it_IT/process/howto.rst: WARNING: undefined label: it_managementstyle Refer to English documentation, as Italian translation does not exist, and add labels for Italian process documents to resolve label references. Signed-off-by: Lukas Bulwahn Link: https://lore.kernel.org/r/20200531185618.7099-1-lukas.bulwahn@gmail.com Signed-off-by: Jonathan Corbet commit a5001484e203377e553326bc8f3f91e4ea80bcc2 Author: Lukas Bulwahn Date: Sun May 31 20:35:56 2020 +0200 doc: zh_CN: use doc reference to resolve undefined label warning Documentation generation warns: Documentation/translations/zh_CN/filesystems/debugfs.rst:5: WARNING: undefined label: debugfs_index Use doc reference for files rather than introducing a label to refer to. This resolves the warning above. Signed-off-by: Lukas Bulwahn Reviewed-by: Alex Shi Link: https://lore.kernel.org/r/20200531183556.5751-1-lukas.bulwahn@gmail.com Signed-off-by: Jonathan Corbet commit 99702304745941271c73ad7de18f38d93844929c Author: Jonathan Corbet Date: Wed Jun 3 16:10:20 2020 -0600 docs: Update the location of the LF NDA program The link to the Linux Foundation NDA program got broken in one of their web-site thrashups; now that the information is back online, point to its current location. This should last until the next thrashup... Reported-by: Lukas Bulwahn Reviewed-by: Lukas Bulwahn Signed-off-by: Jonathan Corbet commit cc8246debbe4146668acafcfa45358cfe286d03c Author: Heinrich Schuchardt Date: Fri Jun 5 05:04:05 2020 +0200 docs: dev-tools: coccinelle: underlines Underline lengths should match the lengths of headings to avoid build warnings with Sphinx. Signed-off-by: Heinrich Schuchardt Acked-by: Julia Lawall Link: https://lore.kernel.org/r/20200605030405.6479-1-xypron.glpk@gmx.de Signed-off-by: Jonathan Corbet commit 1eb2f96d0bffb2cca1fb7249ad9b6b4daa1d1d6a Author: Chen Zhou Date: Fri May 8 20:40:00 2020 +0800 sunrpc: use kmemdup_nul() in gssp_stringify() It is more efficient to use kmemdup_nul() if the size is known exactly . According to doc: "Note: Use kmemdup_nul() instead if the size is known exactly." Signed-off-by: Chen Zhou Signed-off-by: J. Bruce Fields commit 961abd78adcb4c72c343fcd9f9dc5e2ebbe9b448 Author: Shaokun Zhang Date: Fri Jun 5 17:43:41 2020 +0800 drivers/perf: hisi: Fix wrong value for all counters enable In L3C uncore PMU drivers, bit16 is used to control all counters enable & disable. Wrong value is given in the driver and its default value is 1'b1, it can work because each PMU counter has its own control bits too. Let's fix the wrong value. Fixes: 2940bc433370 ("perf: hisi: Add support for HiSilicon SoC L3C PMU driver") Signed-off-by: Shaokun Zhang Cc: Will Deacon Cc: Mark Rutland Link: https://lore.kernel.org/r/1591350221-32275-1-git-send-email-zhangshaokun@hisilicon.com Signed-off-by: Will Deacon commit 91970bef48d68d06b2bb3f464b572ad50941f6a9 Author: Joe Perches Date: Sat Jun 6 12:25:50 2020 -0700 arm64: ftrace: Change CONFIG_FTRACE_WITH_REGS to CONFIG_DYNAMIC_FTRACE_WITH_REGS CONFIG_FTRACE_WITH_REGS does not exist as a Kconfig symbol. Fixes: 3b23e4991fb6 ("arm64: implement ftrace with regs") Signed-off-by: Joe Perches Acked-by: Mark Rutland Link: https://lore.kernel.org/r/b9b27f2233bd1fa31d72ff937beefdae0e2104e5.camel@perches.com Signed-off-by: Will Deacon commit f3a1381ec84ec1fdc8091f9935f97e836792b6a7 Author: Sivaprakash Murugesan Date: Mon Jun 8 15:07:24 2020 +0530 dt-bindings: mailbox: Add YAML schemas for QCOM APCS global block Qualcomm APCS global block provides a bunch of generic properties which are required in a device tree. Add YAML schema for these properties. Reviewed-by: Rob Herring Signed-off-by: Sivaprakash Murugesan Signed-off-by: Jassi Brar commit 7ff0d4490ebadae8037a079a70c5cac13385a808 Author: Christoph Hellwig Date: Wed Jun 3 07:52:37 2020 +0200 trace: fix an incorrect __user annotation on stack_trace_sysctl No user pointers for sysctls anymore. Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler") Reported-by: build test robot Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro commit a2541dcb51127dc31934ab93bc99ae7df458e41b Author: Christoph Hellwig Date: Wed Jun 3 07:52:36 2020 +0200 random: fix an incorrect __user annotation on proc_do_entropy No user pointers for sysctls anymore. Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler") Reported-by: build test robot Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro commit c7388c1f8fb6d8687403e9554c873f9df4512797 Author: Christoph Hellwig Date: Wed Jun 3 07:52:35 2020 +0200 net/sysctl: remove leftover __user annotations on neigh_proc_dointvec* Remove the leftover __user annotation on the prototypes for neigh_proc_dointvec*. The implementations already got this right, but the headers kept the __user tags around. Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler") Reported-by: build test robot Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro commit 56965ac7253ece22050cf31ea5d1558e4c49cff2 Author: Christoph Hellwig Date: Wed Jun 3 07:52:34 2020 +0200 net/sysctl: use cpumask_parse in flow_limit_cpu_sysctl cpumask_parse_user works on __user pointers, so this is wrong now. Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler") Reported-by: build test robot Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro commit 1f2436229bf64ac040f2f5018df059c21fc5526a Author: Andrii Nakryiko Date: Sun Jun 7 17:36:15 2020 -0700 selftests/bpf: Fix ringbuf selftest sample counting undeterminism Fix test race, in which background poll can get either 5 or 6 samples, depending on timing of notification. Prevent this by open-coding sample triggering and forcing notification for the very last sample only. Also switch to using atomic increments and exchanges for more obviously reliable counting and checking. Additionally, check expected processed sample counters for single-threaded use cases as well. Fixes: 9a5f25ad30e5 ("selftests/bpf: Fix sample_cnt shared between two threads") Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200608003615.3549991-1-andriin@fb.com commit e649b3f0188f8fd34dd0dde8d43fd3312b902fb2 Author: Eiichi Tsukata Date: Sat Jun 6 13:26:27 2020 +0900 KVM: x86: Fix APIC page invalidation race Commit b1394e745b94 ("KVM: x86: fix APIC page invalidation") tried to fix inappropriate APIC page invalidation by re-introducing arch specific kvm_arch_mmu_notifier_invalidate_range() and calling it from kvm_mmu_notifier_invalidate_range_start. However, the patch left a possible race where the VMCS APIC address cache is updated *before* it is unmapped: (Invalidator) kvm_mmu_notifier_invalidate_range_start() (Invalidator) kvm_make_all_cpus_request(kvm, KVM_REQ_APIC_PAGE_RELOAD) (KVM VCPU) vcpu_enter_guest() (KVM VCPU) kvm_vcpu_reload_apic_access_page() (Invalidator) actually unmap page Because of the above race, there can be a mismatch between the host physical address stored in the APIC_ACCESS_PAGE VMCS field and the host physical address stored in the EPT entry for the APIC GPA (0xfee0000). When this happens, the processor will not trap APIC accesses, and will instead show the raw contents of the APIC-access page. Because Windows OS periodically checks for unexpected modifications to the LAPIC register, this will show up as a BSOD crash with BugCheck CRITICAL_STRUCTURE_CORRUPTION (109) we are currently seeing in https://bugzilla.redhat.com/show_bug.cgi?id=1751017. The root cause of the issue is that kvm_arch_mmu_notifier_invalidate_range() cannot guarantee that no additional references are taken to the pages in the range before kvm_mmu_notifier_invalidate_range_end(). Fortunately, this case is supported by the MMU notifier API, as documented in include/linux/mmu_notifier.h: * If the subsystem * can't guarantee that no additional references are taken to * the pages in the range, it has to implement the * invalidate_range() notifier to remove any references taken * after invalidate_range_start(). The fix therefore is to reload the APIC-access page field in the VMCS from kvm_mmu_notifier_invalidate_range() instead of ..._range_start(). Cc: stable@vger.kernel.org Fixes: b1394e745b94 ("KVM: x86: fix APIC page invalidation") Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=197951 Signed-off-by: Eiichi Tsukata Message-Id: <20200606042627.61070-1-eiichi.tsukata@nutanix.com> Signed-off-by: Paolo Bonzini commit 573fcbfd319ccef26caa3700320242accea7fd5c Author: Hui Wang Date: Mon Jun 8 19:55:41 2020 +0800 ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines A couple of Lenovo ThinkCentre machines all have 2 front mics and they use the same codec alc623 and have the same pin config, so add a pintbl entry for those machines to apply the fixup ALC283_FIXUP_HEADSET_MIC. Cc: Signed-off-by: Hui Wang Link: https://lore.kernel.org/r/20200608115541.9531-1-hui.wang@canonical.com Signed-off-by: Takashi Iwai commit e18035cf5cb3d2bf8e4f4d350a23608bd208b934 Author: Michał Mirosław Date: Mon Jun 8 12:06:32 2020 +0200 ALSA: pcm: fix snd_pcm_link() lockdep splat Add and use snd_pcm_stream_lock_nested() in snd_pcm_link/unlink implementation. The code is fine, but generates a lockdep complaint: ============================================ WARNING: possible recursive locking detected 5.7.1mq+ #381 Tainted: G O -------------------------------------------- pulseaudio/4180 is trying to acquire lock: ffff888402d6f508 (&group->lock){-...}-{2:2}, at: snd_pcm_common_ioctl+0xda8/0xee0 [snd_pcm] but task is already holding lock: ffff8883f7a8cf18 (&group->lock){-...}-{2:2}, at: snd_pcm_common_ioctl+0xe4e/0xee0 [snd_pcm] other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&group->lock); lock(&group->lock); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by pulseaudio/4180: #0: ffffffffa1a05190 (snd_pcm_link_rwsem){++++}-{3:3}, at: snd_pcm_common_ioctl+0xca0/0xee0 [snd_pcm] #1: ffff8883f7a8cf18 (&group->lock){-...}-{2:2}, at: snd_pcm_common_ioctl+0xe4e/0xee0 [snd_pcm] [...] Cc: stable@vger.kernel.org Fixes: f57f3df03a8e ("ALSA: pcm: More fine-grained PCM link locking") Signed-off-by: Michał Mirosław Link: https://lore.kernel.org/r/37252c65941e58473b1219ca9fab03d48f47e3e3.1591610330.git.mirq-linux@rere.qmqm.pl Signed-off-by: Takashi Iwai commit 9ec8ade812240f3ef553b5e8bfc74deec3f14339 Author: Geert Uytterhoeven Date: Mon Jun 8 12:00:49 2020 +0200 spi: spidev_test: Use %u to format unsigned numbers Consistently use %u to format unsigned numbers. For "bits" this doesn't matter that much, as it is "uint8_t". However, "speed" is "uint32_t", so in case people use "-s -1" to force the maximum, they would see: max speed: -1 Hz (4294967 KHz) While at it, use "k" (kilo) instead of "K" (kelvin) in "kHz". Signed-off-by: Geert Uytterhoeven Link: https://lore.kernel.org/r/20200608100049.30648-1-geert+renesas@glider.be Signed-off-by: Mark Brown commit e680a4098f6404191e0e438a9758715b0bff6d7f Author: Bartosz Golaszewski Date: Sun Jun 7 11:34:21 2020 +0200 regmap: fix the kerneldoc for regmap_test_bits() The kerneldoc comment for regmap_test_bits() says that it returns -1 on regmap_read() failure. This is not true - it will propagate the error code returned by regmap_read(). Fix it. Fixes: aa2ff9dbaedd ("regmap: provide helpers for simple bit operations") Signed-off-by: Bartosz Golaszewski Link: https://lore.kernel.org/r/20200607093421.22209-1-brgl@bgdev.pl Signed-off-by: Mark Brown commit fb7333dfd812062d3d51f377e70c1d3a3788472b Author: Paolo Bonzini Date: Mon Jun 8 07:11:47 2020 -0400 KVM: SVM: fix calls to is_intercept is_intercept takes an INTERCEPT_* constant, not SVM_EXIT_*; because of this, the compiler was removing the body of the conditionals, as if is_intercept returned 0. This unveils a latent bug: when clearing the VINTR intercept, int_ctl must also be changed in the L1 VMCB (svm->nested.hsave), just like the intercept itself is also changed in the L1 VMCB. Otherwise V_IRQ remains set and, due to the VINTR intercept being clear, we get a spurious injection of a vector 0 interrupt on the next L2->L1 vmexit. Reported-by: Qian Cai Signed-off-by: Paolo Bonzini commit 75ad6e800217220b8ee63904fb472fd5c3819259 Author: Vitaly Kuznetsov Date: Mon Jun 8 13:23:46 2020 +0200 KVM: selftests: fix vmx_preemption_timer_test build with GCC10 GCC10 fails to build vmx_preemption_timer_test: gcc -Wall -Wstrict-prototypes -Wuninitialized -O2 -g -std=gnu99 -fno-stack-protector -fno-PIE -I../../../../tools/include -I../../../../tools/arch/x86/include -I../../../../usr/include/ -Iinclude -Ix86_64 -Iinclude/x86_64 -I.. -pthread -no-pie x86_64/evmcs_test.c ./linux/tools/testing/selftests/kselftest_harness.h ./linux/tools/testing/selftests/kselftest.h ./linux/tools/testing/selftests/kvm/libkvm.a -o ./linux/tools/testing/selftests/kvm/x86_64/evmcs_test /usr/bin/ld: ./linux/tools/testing/selftests/kvm/libkvm.a(vmx.o): ./linux/tools/testing/selftests/kvm/include/x86_64/vmx.h:603: multiple definition of `ctrl_exit_rev'; /tmp/ccMQpvNt.o: ./linux/tools/testing/selftests/kvm/include/x86_64/vmx.h:603: first defined here /usr/bin/ld: ./linux/tools/testing/selftests/kvm/libkvm.a(vmx.o): ./linux/tools/testing/selftests/kvm/include/x86_64/vmx.h:602: multiple definition of `ctrl_pin_rev'; /tmp/ccMQpvNt.o: ./linux/tools/testing/selftests/kvm/include/x86_64/vmx.h:602: first defined here ... ctrl_exit_rev/ctrl_pin_rev/basic variables are only used in vmx_preemption_timer_test.c, just move them there. Fixes: 8d7fbf01f9af ("KVM: selftests: VMX preemption timer migration test") Reported-by: Marcelo Bandeira Condotta Signed-off-by: Vitaly Kuznetsov Message-Id: <20200608112346.593513-2-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini commit 5ae1452f5ff3084a6a273b9980499620eae20f7e Author: Vitaly Kuznetsov Date: Mon Jun 8 13:23:45 2020 +0200 KVM: selftests: Add x86_64/debug_regs to .gitignore Add x86_64/debug_regs to .gitignore. Reported-by: Marcelo Bandeira Condotta Fixes: 449aa906e67e ("KVM: selftests: Add KVM_SET_GUEST_DEBUG test") Signed-off-by: Vitaly Kuznetsov Message-Id: <20200608112346.593513-1-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini commit 25597f64c2f6fffa367d1e6ff4f62b9a751f9051 Author: Vitaly Kuznetsov Date: Fri Jun 5 13:59:06 2020 +0200 Revert "KVM: x86: work around leak of uninitialized stack contents" handle_vmptrst()/handle_vmread() stopped injecting #PF unconditionally and switched to nested_vmx_handle_memory_failure() which just kills the guest with KVM_EXIT_INTERNAL_ERROR in case of MMIO access, zeroing 'exception' in kvm_write_guest_virt_system() is not needed anymore. This reverts commit 541ab2aeb28251bf7135c7961f3a6080eebcc705. Signed-off-by: Vitaly Kuznetsov Message-Id: <20200605115906.532682-2-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini commit 7a35e515a7055f483f87d12041c41db11b36c9ee Author: Vitaly Kuznetsov Date: Fri Jun 5 13:59:05 2020 +0200 KVM: VMX: Properly handle kvm_read/write_guest_virt*() result Syzbot reports the following issue: WARNING: CPU: 0 PID: 6819 at arch/x86/kvm/x86.c:618 kvm_inject_emulated_page_fault+0x210/0x290 arch/x86/kvm/x86.c:618 ... Call Trace: ... RIP: 0010:kvm_inject_emulated_page_fault+0x210/0x290 arch/x86/kvm/x86.c:618 ... nested_vmx_get_vmptr+0x1f9/0x2a0 arch/x86/kvm/vmx/nested.c:4638 handle_vmon arch/x86/kvm/vmx/nested.c:4767 [inline] handle_vmon+0x168/0x3a0 arch/x86/kvm/vmx/nested.c:4728 vmx_handle_exit+0x29c/0x1260 arch/x86/kvm/vmx/vmx.c:6067 'exception' we're trying to inject with kvm_inject_emulated_page_fault() comes from: nested_vmx_get_vmptr() kvm_read_guest_virt() kvm_read_guest_virt_helper() vcpu->arch.walk_mmu->gva_to_gpa() but it is only set when GVA to GPA conversion fails. In case it doesn't but we still fail kvm_vcpu_read_guest_page(), X86EMUL_IO_NEEDED is returned and nested_vmx_get_vmptr() calls kvm_inject_emulated_page_fault() with zeroed 'exception'. This happen when the argument is MMIO. Paolo also noticed that nested_vmx_get_vmptr() is not the only place in KVM code where kvm_read/write_guest_virt*() return result is mishandled. VMX instructions along with INVPCID have the same issue. This was already noticed before, e.g. see commit 541ab2aeb282 ("KVM: x86: work around leak of uninitialized stack contents") but was never fully fixed. KVM could've handled the request correctly by going to userspace and performing I/O but there doesn't seem to be a good need for such requests in the first place. Introduce vmx_handle_memory_failure() as an interim solution. Note, nested_vmx_get_vmptr() now has three possible outcomes: OK, PF, KVM_EXIT_INTERNAL_ERROR and callers need to know if userspace exit is needed (for KVM_EXIT_INTERNAL_ERROR) in case of failure. We don't seem to have a good enum describing this tristate, just add "int *ret" to nested_vmx_get_vmptr() interface to pass the information. Reported-by: syzbot+2a7156e11dc199bdbd8a@syzkaller.appspotmail.com Suggested-by: Sean Christopherson Signed-off-by: Vitaly Kuznetsov Message-Id: <20200605115906.532682-1-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini commit 956ad9d98b73f59e442cc119c98ba1e04e94fe6d Author: Rafael J. Wysocki Date: Thu Jun 4 19:22:26 2020 +0200 ACPI: PM: Avoid using power resources if there are none for D0 As recently reported, some platforms provide a list of power resources for device power state D3hot, through the _PR3 object, but they do not provide a list of power resources for device power state D0. Among other things, this causes acpi_device_get_power() to return D3hot as the current state of the device in question if all of the D3hot power resources are "on", because it sees the power_resources flag set and calls acpi_power_get_inferred_state() which finds that D3hot is the shallowest power state with all of the associated power resources turned "on", so that's what it returns. Moreover, that value takes precedence over the acpi_dev_pm_explicit_get() return value, because it means a deeper power state. The device may very well be in D0 physically at that point, however. Moreover, the presence of _PR3 without _PR0 for a given device means that only one D3-level power state can be supported by it. Namely, because there are no power resources to turn "off" when transitioning the device from D0 into D3cold (which should be supported since _PR3 is present), the evaluation of _PS3 should be sufficient to put it straight into D3cold, but this means that the effect of turning "on" the _PR3 power resources is unclear, so it is better to avoid doing that altogether. Consequently, there is no practical way do distinguish D3cold from D3hot for the device in question and the power states of it can be labeled so that D3hot is the deepest supported one (and Linux assumes that putting a device into D3hot via ACPI may cause power to be removed from it anyway, for legacy reasons). To work around the problem described above modify the ACPI enumeration of devices so that power resources are only used for device power management if the list of D0 power resources is not empty and make it mart D3cold as supported only if that is the case and the D3hot list of power resources is not empty too. Fixes: ef85bdbec444 ("ACPI / scan: Consolidate extraction of power resources lists") Link: https://bugzilla.kernel.org/show_bug.cgi?id=205057 Link: https://lore.kernel.org/linux-acpi/20200603194659.185757-1-hdegoede@redhat.com/ Reported-by: Hans de Goede Tested-by: Hans de Goede Tested-by: youling257@gmail.com Cc: 3.10+ # 3.10+ Signed-off-by: Rafael J. Wysocki Reviewed-by: Hans de Goede commit 4da1ced1e57c885b714255b130e17845234669ff Author: Jani Nikula Date: Tue Jun 2 18:11:26 2020 +0300 drm/i915/params: fix i915.reset module param type The reset member in i915_params was previously changed to unsigned, but this failed to change the actual module parameter. Fixes: aae970d8454b ("drm/i915: Mark i915.reset as unsigned") Cc: Chris Wilson Cc: Mika Kuoppala Reviewed-by: Chris Wilson Signed-off-by: Jani Nikula Link: https://patchwork.freedesktop.org/patch/msgid/20200602151126.25626-1-jani.nikula@intel.com (cherry picked from commit 34becfdb945a5eb819b7c8e4f0ec5cc5952ec68f) Signed-off-by: Joonas Lahtinen commit d7466a5adbd61d79610981903eec19aaf8ac935d Author: Chris Wilson Date: Thu Jun 4 11:37:30 2020 +0100 drm/i915/gem: Mark the buffer pool as active for the cmdparser If the execbuf is interrupted after building the cmdparser pipeline, and before we commit to submitting the request to HW, we would attempt to clean up the cmdparser early. While we held active references to the vma being parsed and constructed, we did not hold an active reference for the buffer pool itself. The result was that an interrupted execbuf could still have run the cmdparser pipeline, but since the buffer pool was idle, its target vma could have been recycled. Note this problem only occurs if the cmdparser is running async due to pipelined waits on busy fences, and the execbuf is interrupted. Fixes: 686c7c35abc2 ("drm/i915/gem: Asynchronous cmdparser") Fixes: 16e87459673a ("drm/i915/gt: Move the batch buffer pool from the engine to the gt") Signed-off-by: Chris Wilson Reviewed-by: Matthew Auld Link: https://patchwork.freedesktop.org/patch/msgid/20200604103751.18816-1-chris@chris-wilson.co.uk (cherry picked from commit 57a78ca4eceab1ecb0299fba8a10211289329889) Signed-off-by: Joonas Lahtinen commit b3fb6de7c6019c5d8495c3a115d42a0f118f631c Author: Michael S. Tsirkin Date: Mon Jun 8 01:43:22 2020 -0400 virtio-mem: drop unnecessary initialization rc is initialized to -ENIVAL but that's never used. Drop it. Fixes: 5f1f79bbc9e2 ("virtio-mem: Paravirtualized memory hotplug") Reported-by: kernel test robot Signed-off-by: Michael S. Tsirkin Acked-by: David Hildenbrand commit 59d4bfc1e2c09435d91c980b03f7b72ce6e9f24e Author: Flavio Suligoi Date: Fri Jun 5 17:41:12 2020 +0200 net: fix wiki website url mac80211 and wireless files In the files: - net/mac80211/rx.c - net/wireless/Kconfig the wiki url is still the old "wireless.kernel.org" instead of the new "wireless.wiki.kernel.org" Signed-off-by: Flavio Suligoi Link: https://lore.kernel.org/r/20200605154112.16277-10-f.suligoi@asem.it Signed-off-by: Johannes Berg commit 97eda66421c44f1449e8d087fd05eab5d466afb7 Author: Flavio Suligoi Date: Fri Jun 5 17:41:11 2020 +0200 include: fix wiki website url in netlink interface header The wiki url is still the old "wireless.kernel.org" instead of the new "wireless.wiki.kernel.org" Signed-off-by: Flavio Suligoi Link: https://lore.kernel.org/r/20200605154112.16277-9-f.suligoi@asem.it Signed-off-by: Johannes Berg commit 327cdb98fb3eed8373777465759c44f8d123c227 Author: Flavio Suligoi Date: Fri Jun 5 17:41:04 2020 +0200 doc: networking: wireless: fix wiki website url In the files: - regulatory.rst - mac80211-injection.rst the wiki url is still the old "wireless.kernel.org" instead of the new "wireless.wiki.kernel.org" Signed-off-by: Flavio Suligoi Link: https://lore.kernel.org/r/20200605154112.16277-2-f.suligoi@asem.it Signed-off-by: Johannes Berg commit 2068cf7dfbc69c4097c95af3a0bd943ced155a76 Author: youngjun Date: Sun Jun 7 02:04:06 2020 -0700 ovl: remove unnecessary lock check Directory is always locked until "out_unlock" label. So lock check is not needed. Signed-off-by: youngjun Signed-off-by: Miklos Szeredi commit e4b0e41fee948ad327f9c912160aa4b50a6a4340 Author: Takashi Iwai Date: Mon Jun 8 09:15:13 2020 +0200 ALSA: usb-audio: Use the new macro for HP Dock rename quirks Replace the open-code with the new QUIRK_DEVICE_PROFILE() macro for simplicity. Fixes: 0c5086f56999 ("ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock") Link: https://lore.kernel.org/r/20200608071513.570-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit 0c5086f5699906ec8e31ea6509239489f060f2dc Author: Kai-Heng Feng Date: Mon Jun 8 14:26:28 2020 +0800 ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock The HP Thunderbolt Dock has two separate USB devices, one is for speaker and one is for headset. Add names for them so userspace can apply UCM settings. Signed-off-by: Kai-Heng Feng Cc: Link: https://lore.kernel.org/r/20200608062630.10806-1-kai.heng.feng@canonical.com Signed-off-by: Takashi Iwai commit efe792f39ddbc6396b9142afff97855ee357b492 Merge: 3d77e6a8804a 1cb2c4a2c89b Author: Dave Airlie Date: Mon Jun 8 13:22:56 2020 +1000 Merge https://gitlab.freedesktop.org/drm/msm into drm-next-msm-5.8 * new gpu support: a405, a640, a650 * dpu: color processing support * mdp5: support for msm8x36 (the thing with a405) * some prep work for per-context pagetables (ie the part that does not depend on in-flight iommu patches) * last but not least, UABI update for submit ioctl to support syncobj (from Bas) Signed-off-by: Dave Airlie From: Rob Clark Link: https://patchwork.freedesktop.org/patch/msgid/ Date: Mon Jun 8 11:59:56 2020 +1000 Merge tag 'drm-intel-next-fixes-2020-06-04' of git://anongit.freedesktop.org/drm/drm-intel into drm-next - Includes gvt-next-fixes-2020-05-28 - Use after free fix for display global state. - Whitelisting context-local timestamp on Gen9 and two scheduler fixes with deps (Cc: stable) - Removal of write flag from sysfs files where ineffective Signed-off-by: Dave Airlie From: Joonas Lahtinen Link: https://patchwork.freedesktop.org/patch/msgid/20200604150454.GA59322@jlahtine-desk.ger.corp.intel.com commit fa3fa2228c886435b3eea22cea4767f3fb07671f Merge: 3f29eacc3ea8 a24eaa5c5125 Author: Dave Airlie Date: Mon Jun 8 11:55:33 2020 +1000 Merge tag 'amd-drm-fixes-5.8-2020-06-04' of git://people.freedesktop.org/~agd5f/linux into drm-next amd-drm-fixes-5.8-2020-06-04 amdgpu: - Prevent hwmon accesses while GPU is in reset - CTF interrupt fix - Backlight fix for renoir - Fix for display sync groups - Display bandwidth validation workaround Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20200604181900.4609-1-alexander.deucher@amd.com commit af7b4801030c07637840191c69eb666917e4135d Merge: 52e0ad262cd7 4d3da2d8d91f Author: Linus Torvalds Date: Sun Jun 7 17:27:45 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from David Miller: - Fix the build with certain Kconfig combinations for the Chelsio inline TLS device, from Rohit Maheshwar and Vinay Kumar Yadavi. - Fix leak in genetlink, from Cong Lang. - Fix out of bounds packet header accesses in seg6, from Ahmed Abdelsalam. - Two XDP fixes in the ENA driver, from Sameeh Jubran - Use rwsem in device rename instead of a seqcount because this code can sleep, from Ahmed S. Darwish. - Fix WoL regressions in r8169, from Heiner Kallweit. - Fix qed crashes in kdump mode, from Alok Prasad. - Fix the callbacks used for certain thermal zones in mlxsw, from Vadim Pasternak. * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (35 commits) net: dsa: lantiq_gswip: fix and improve the unsupported interface error mlxsw: core: Use different get_trend() callbacks for different thermal zones net: dp83869: Reset return variable if PHY strap is read rhashtable: Drop raw RCU deref in nested_table_free cxgb4: Use kfree() instead kvfree() where appropriate net: qed: fixes crash while running driver in kdump kernel vsock/vmci: make vmci_vsock_transport_cb() static net: ethtool: Fix comment mentioning typo in IS_ENABLED() net: phy: mscc: fix Serdes configuration in vsc8584_config_init net: mscc: Fix OF_MDIO config check net: marvell: Fix OF_MDIO config check net: dp83867: Fix OF_MDIO config check net: dp83869: Fix OF_MDIO config check net: ethernet: mvneta: fix MVNETA_SKB_HEADROOM alignment ethtool: linkinfo: remove an unnecessary NULL check net/xdp: use shift instead of 64 bit division crypto/chtls:Fix compile error when CONFIG_IPV6 is disabled inet_connection_sock: clear inet_num out of destroy helper yam: fix possible memory leak in yam_init_driver lan743x: Use correct MAC_CR configuration for 1 GBit speed ... commit 52e0ad262cd76696e8cd8510944b0bfdc0c140a9 Merge: cf0c97f148e9 4f8ad7389817 Author: Linus Torvalds Date: Sun Jun 7 17:25:29 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next Pull sparc updates from David Miller: - Rework the sparc32 page tables so that READ_ONCE(*pmd), as done by generic code, operates on a word sized element. From Will Deacon. - Some scnprintf() conversions, from Chen Zhou. - A pin_user_pages() conversion from John Hubbard. - Several 32-bit ptrace register handling fixes and such from Al Viro. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next: fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()" sparc32: mm: Only call ctor()/dtor() functions for first and last user sparc32: mm: Disable SPLIT_PTLOCK_CPUS sparc32: mm: Don't try to free page-table pages if ctor() fails sparc32: register memory occupied by kernel as memblock.memory sparc: remove unused header file nfs_fs.h sparc32: fix register window handling in genregs32_[gs]et() sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() oradax: convert get_user_pages() --> pin_user_pages() sparc: use scnprintf() in show_pciobppath_attr() in vio.c sparc: use scnprintf() in show_pciobppath_attr() in pci.c tty: vcc: Fix error return code in vcc_probe() sparc32: mm: Reduce allocation size for PMD and PTE tables sparc32: mm: Change pgtable_t type to pte_t * instead of struct page * sparc32: mm: Restructure sparc32 MMU page-table layout sparc32: mm: Fix argument checking in __srmmu_get_nocache() sparc64: Replace zero-length array with flexible-array sparc: mm: return true,false in kern_addr_valid() commit 4f8ad73898171cea2dce9ecf5bd4337c9dfcddc1 Merge: 9049a40c858f fcdf818d239e Author: David S. Miller Date: Sun Jun 7 17:11:41 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc commit 4d3da2d8d91f66988a829a18a0ce59945e8ae4fb Author: Martin Blumenstingl Date: Sun Jun 7 15:02:58 2020 +0200 net: dsa: lantiq_gswip: fix and improve the unsupported interface error While trying to use the lantiq_gswip driver on one of my boards I made a mistake when specifying the phy-mode (because the out-of-tree driver wants phy-mode "gmii" or "mii" for the internal PHYs). In this case the following error is printed multiple times: Unsupported interface: 3 While it gives at least a hint at what may be wrong it is not very user friendly. Print the human readable phy-mode and also which port is configured incorrectly (this hardware supports ports 0..6) to improve the cases where someone made a mistake. Fixes: 14fceff4771e51 ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") Signed-off-by: Martin Blumenstingl Acked-by: Hauke Mehrtens Signed-off-by: David S. Miller commit 3f29eacc3ea828cde4d1f06f74fa7f2ca479c216 Merge: 9ca1f474cea0 dd67cab5db7e Author: Dave Airlie Date: Mon Jun 8 10:06:09 2020 +1000 Merge branch 'linux-5.8' of git://github.com/skeggsb/linux into drm-next - HDMI/DP audio HDA fixes - display hang fix for Volta/Turing - GK20A regression fix. Signed-off-by: Dave Airlie From: Ben Skeggs Link: https://patchwork.freedesktop.org/patch/msgid/ Date: Sun Jun 7 11:10:27 2020 +0300 mlxsw: core: Use different get_trend() callbacks for different thermal zones The driver registers three different types of thermal zones: For the ASIC itself, for port modules and for gearboxes. Currently, all three types use the same get_trend() callback which does not work correctly for the ASIC thermal zone. The callback assumes that the device data is of type 'struct mlxsw_thermal_module', whereas for the ASIC thermal zone 'struct mlxsw_thermal' is passed as device data. Fix this by using one get_trend() callback for the ASIC thermal zone and another for the other two types. Fixes: 6f73862fabd9 ("mlxsw: core: Add the hottest thermal zone detection") Signed-off-by: Vadim Pasternak Reviewed-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 9049a40c858f49c141e12924b77b91cce4c46617 Merge: 824c874abc1d 9d964e1b82d8 Author: David S. Miller Date: Sun Jun 7 16:40:14 2020 -0700 Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs commit cf0c97f148e9e50aa5a7ddd1984a604dd2bde4af Merge: e8dff03aef6a 94873f6b46f8 Author: Linus Torvalds Date: Sun Jun 7 16:13:43 2020 -0700 Merge tag 'pinctrl-v5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control updates from Linus Walleij: "This is the bulk of pin control changes for the v5.8 kernel cycle. It's just really boring this time. Zero core changes. Just linear development, cleanups and misc noncritical fixes. Some new drivers for very new Qualcomm and Intel chips. New drivers: - Intel Jasper Lake support. - NXP Freescale i.MX8DXL support. - Qualcomm SM8250 support. - Renesas R8A7742 SH-PFC support. Driver improvements: - Severe cleanup and modernization of the MCP23s08 driver. - Mediatek driver modularized. - Setting config supported in the Meson driver. - Wakeup support for the Broadcom BCM7211" * tag 'pinctrl-v5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: (72 commits) pinctrl: sprd: Fix the incorrect pull-up definition pinctrl: pxa: pxa2xx: Remove 'pxa2xx_pinctrl_exit()' which is unused and broken pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' pinctrl: sirf: add missing put_device() call in sirfsoc_gpio_probe() pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' pinctrl: bcm2835: Add support for wake-up interrupts pinctrl: bcm2835: Match BCM7211 compatible string dt-bindings: pinctrl: Document optional BCM7211 wake-up interrupts dt-bindings: pinctrl: Document 7211 compatible for brcm, bcm2835-gpio.txt dt-bindings: pinctrl: stm32: Add missing interrupts property pinctrl: at91-pio4: Add COMPILE_TEST support pinctrl: Fix return value about devm_platform_ioremap_resource() MAINTAINERS: Renesas Pin Controllers are supported dt-bindings: pinctrl: ocelot: Add Sparx5 SoC support pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2 pinctrl: ocelot: Remove instance number from pin functions pinctrl: ocelot: Always register GPIO driver dt-bindings: pinctrl: rockchip: update example pinctrl: amd: Add ACPI dependency ... commit e8dff03aef6a76c5c9184ed1dd3c770d4ce9c885 Merge: 787f74fc5050 4601e24a6fb8 Author: Linus Torvalds Date: Sun Jun 7 16:11:23 2020 -0700 Merge tag 'rtc-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux Pull RTC updates from Alexandre Belloni: "Not much this cycle apart from the ingenic rtc driver rework. The fixes are mainly minor issues reported by coccinelle rather than real world issues. Subsystem: - new VL flag for backup switch over Drivers: - ingenic: only support device tree - pcf2127: report battery switch over, handle nowayout" * tag 'rtc-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: (29 commits) rtc: pcf2127: watchdog: handle nowayout feature rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake rtc: abx80x: Provide debug feedback for invalid dt properties rtc: abx80x: Add Device Tree matching table rtc: rv3028: Add missed check for devm_regmap_init_i2c() rtc: mpc5121: Use correct return value for mpc5121_rtc_probe() rtc: goldfish: Use correct return value for goldfish_rtc_probe() rtc: snvs: Add necessary clock operations for RTC APIs rtc: snvs: Make SNVS clock always prepared rtc: ingenic: Reset regulator register in probe rtc: ingenic: Fix masking of error code rtc: ingenic: Remove unused fields from private structure rtc: ingenic: Set wakeup params in probe rtc: ingenic: Enable clock in probe rtc: ingenic: Use local 'dev' variable in probe rtc: ingenic: Only support probing from devicetree rtc: mc13xxx: fix a double-unlock issue rtc: stmp3xxx: update contact email rtc: max77686: Use single-byte writes on MAX77620 rtc: pcf2127: report battery switch over ... commit 787f74fc5050c77e29a96f480f40421336eed5ac Merge: a2b447066cac 2130c0ba69d6 Author: Linus Torvalds Date: Sun Jun 7 16:08:41 2020 -0700 Merge tag 'ntb-5.8' of git://github.com/jonmason/ntb Pull NTB updates from Jon Mason: "Intel Icelake NTB support, Intel driver bug fixes, and lots of bug fixes for ntb tests" * tag 'ntb-5.8' of git://github.com/jonmason/ntb: NTB: ntb_test: Fix bug when counting remote files NTB: perf: Fix race condition when run with ntb_test NTB: perf: Fix support for hardware that doesn't have port numbers NTB: perf: Don't require one more memory window than number of peers NTB: ntb_pingpong: Choose doorbells based on port number NTB: Fix the default port and peer numbers for legacy drivers NTB: Revert the change to use the NTB device dev for DMA allocations NTB: ntb_tool: reading the link file should not end in a NULL byte ntb_perf: avoid false dma unmap of destination address ntb_perf: increase sleep time from one milli sec to one sec ntb_tool: pass correct struct device to dma_alloc_coherent ntb_perf: pass correct struct device to dma_alloc_coherent ntb: hw: remove the code that sets the DMA mask NTB: correct ntb_peer_spad_addr and ntb_peer_spad_read comment typos ntb: intel: fix static declaration ntb: intel: add hw workaround for NTB BAR alignment ntb: intel: Add Icelake (gen4) support for Intel NTB NTB: Fix static check warning in perf_clear_test include/ntb: Fix typo in ntb_unregister_device description commit a2b447066cacb6db82a1f69b46d9f894f695badf Merge: 8b8c704d913b 3622ad25d4d6 Author: Linus Torvalds Date: Sun Jun 7 16:04:49 2020 -0700 Merge tag 'apparmor-pr-2020-06-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor Pull apparmor updates from John Johansen: "Features: - Replace zero-length array with flexible-array - add a valid state flags check - add consistency check between state and dfa diff encode flags - add apparmor subdir to proc attr interface - fail unpack if profile mode is unknown - add outofband transition and use it in xattr match - ensure that dfa state tables have entries Cleanups: - Use true and false for bool variable - Remove semicolon - Clean code by removing redundant instructions - Replace two seq_printf() calls by seq_puts() in aa_label_seq_xprint() - remove duplicate check of xattrs on profile attachment - remove useless aafs_create_symlink Bug fixes: - Fix memory leak of profile proxy - fix introspection of of task mode for unconfined tasks - fix nnp subset test for unconfined - check/put label on apparmor_sk_clone_security()" * tag 'apparmor-pr-2020-06-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: Fix memory leak of profile proxy apparmor: fix introspection of of task mode for unconfined tasks apparmor: check/put label on apparmor_sk_clone_security() apparmor: Use true and false for bool variable security/apparmor/label.c: Clean code by removing redundant instructions apparmor: Replace zero-length array with flexible-array apparmor: ensure that dfa state tables have entries apparmor: remove duplicate check of xattrs on profile attachment. apparmor: add outofband transition and use it in xattr match apparmor: fail unpack if profile mode is unknown apparmor: fix nnp subset test for unconfined apparmor: remove useless aafs_create_symlink apparmor: add proc subdir to attrs apparmor: add consistency check between state and dfa diff encode flags apparmor: add a valid state flags check AppArmor: Remove semicolon apparmor: Replace two seq_printf() calls by seq_puts() in aa_label_seq_xprint() commit 8b8c704d913b0fe490af370631a4200e26334ec0 Author: Roberto Sassu Date: Sun Jun 7 23:00:29 2020 +0200 ima: Remove __init annotation from ima_pcrread() Commit 6cc7c266e5b4 ("ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()") added a call to ima_calc_boot_aggregate() so that the digest can be recalculated for the boot_aggregate measurement entry if the 'd' template field has been requested. For the 'd' field, only SHA1 and MD5 digests are accepted. Given that ima_eventdigest_init() does not have the __init annotation, all functions called should not have it. This patch removes __init from ima_pcrread(). Cc: stable@vger.kernel.org Fixes: 6cc7c266e5b4 ("ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()") Reported-by: Linus Torvalds Signed-off-by: Roberto Sassu Signed-off-by: Linus Torvalds commit b7b2796b9b31e3dcbd563bcf8f983a79bb81163d Author: Anson Huang Date: Wed Jun 3 13:15:44 2020 +0800 mailbox: imx: ONLY IPC MU needs IRQF_NO_SUSPEND flag IPC MU has no power domain assigned and there could be IPC during noirq suspend phase, so IRQF_NO_SUSPEND flag is needed for IPC MU. However, for other MUs, they have power domain assigned and their power will be turned off during noirq suspend phase, but with IRQF_NO_SUSPEND set, their interrupts are NOT disabled even after their power turned off, it will cause system crash when mailbox driver trys to handle pending interrupts but the MU power is already turned off. So, IRQF_NO_SUSPEND flag should ONLY be added to IPC MU which has power domain managed by SCU, then all other MUs' pending interrupts after noirq suspend phase will be handled after system resume. Signed-off-by: Anson Huang Signed-off-by: Jassi Brar commit bb2b2624dbe27246bd1ee087f2d50f80daa6622c Author: Anson Huang Date: Wed Jun 3 13:15:43 2020 +0800 mailbox: imx: Add runtime PM callback to handle MU clocks Some of i.MX8M SoCs have MU clock, they need to be managed in runtime to make sure the MU clock can be off in runtime, add runtime PM callback to handle MU clock. And on i.MX8MP, the MU clock is combined with power domain and runtime PM is enabled for the clock driver, during noirq suspend/resume phase, runtime PM is disabled by device suspend, but the MU context save/restore needs to enable MU clock for register access, calling clock prepare/enable will trigger runtime resume failure and lead to system suspend failed. Actually, the MU context save/restore is ONLY necessary for SCU IPC MU, other MUs especially on i.MX8MP platforms which have MU clock assigned, they need to runtime request/free mailbox channel in the consumer driver, so no need to save/restore MU context for them, hence it can avoid this issue, so the MU context save/restore is ONLY applied to i.MX platforms MU instance without clock present. Signed-off-by: Anson Huang Signed-off-by: Jassi Brar commit ba5f9fa0ca85a6137fa35efd3a1256d8bb6bc5ff Author: Dong Aisheng Date: Wed Jun 3 13:15:42 2020 +0800 mailbox: imx: Add context save/restore for suspend/resume For "mem" mode suspend on i.MX8 SoCs, MU settings could be lost because its power is off, so save/restore is needed for MU settings during suspend/resume. However, the restore can ONLY be done when MU settings are actually lost, for the scenario of settings NOT lost in "freeze" mode suspend, since there could be still IPC going on multiple CPUs, restoring the MU settings could overwrite the TIE by mistake and cause system freeze, so need to make sure ONLY restore the MU settings when it is powered off, Anson fixes this by checking whether restore is actually needed when resume. Signed-off-by: Dong Aisheng Signed-off-by: Anson Huang Signed-off-by: Jassi Brar commit 3622ad25d4d68fcbdef3bc084b5916873e785344 Author: John Johansen Date: Sun Jun 7 04:10:33 2020 -0700 apparmor: Fix memory leak of profile proxy When the proxy isn't replaced and the profile is removed, the proxy is being leaked resulting in a kmemleak check message of unreferenced object 0xffff888077a3a490 (size 16): comm "apparmor_parser", pid 128041, jiffies 4322684109 (age 1097.028s) hex dump (first 16 bytes): 03 00 00 00 00 00 00 00 b0 92 fd 4b 81 88 ff ff ...........K.... backtrace: [<0000000084d5daf2>] aa_alloc_proxy+0x58/0xe0 [<00000000ecc0e21a>] aa_alloc_profile+0x159/0x1a0 [<000000004cc9ce15>] unpack_profile+0x275/0x1c40 [<000000007332b3ca>] aa_unpack+0x1e7/0x7e0 [<00000000e25e31bd>] aa_replace_profiles+0x18a/0x1d10 [<00000000350d9415>] policy_update+0x237/0x650 [<000000003fbf934e>] profile_load+0x122/0x160 [<0000000047f7b781>] vfs_write+0x139/0x290 [<000000008ad12358>] ksys_write+0xcd/0x170 [<000000001a9daa7b>] do_syscall_64+0x70/0x310 [<00000000b9efb0cf>] entry_SYSCALL_64_after_hwframe+0x49/0xb3 Make sure to cleanup the profile's embedded label which will result on the proxy being properly freed. Fixes: 637f688dc3dc ("apparmor: switch from profiles to using labels on contexts") Signed-off-by: John Johansen commit dd2569fbb053719f7df7ef8fdbb45cf47156a701 Author: John Johansen Date: Fri Jun 5 18:12:21 2020 -0700 apparmor: fix introspection of of task mode for unconfined tasks Fix two issues with introspecting the task mode. 1. If a task is attached to a unconfined profile that is not the ns->unconfined profile then. Mode the mode is always reported as - $ ps -Z LABEL PID TTY TIME CMD unconfined 1287 pts/0 00:00:01 bash test (-) 1892 pts/0 00:00:00 ps instead of the correct value of (unconfined) as shown below $ ps -Z LABEL PID TTY TIME CMD unconfined 2483 pts/0 00:00:01 bash test (unconfined) 3591 pts/0 00:00:00 ps 2. if a task is confined by a stack of profiles that are unconfined the output of label mode is again the incorrect value of (-) like above, instead of (unconfined). This is because the visibile profile count increment is skipped by the special casing of unconfined. Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels") Signed-off-by: John Johansen commit 3b646abc5bc6c0df649daea4c2c976bd4d47e4c8 Author: Mauricio Faria de Oliveira Date: Tue Jun 2 18:15:16 2020 -0300 apparmor: check/put label on apparmor_sk_clone_security() Currently apparmor_sk_clone_security() does not check for existing label/peer in the 'new' struct sock; it just overwrites it, if any (with another reference to the label of the source sock.) static void apparmor_sk_clone_security(const struct sock *sk, struct sock *newsk) { struct aa_sk_ctx *ctx = SK_CTX(sk); struct aa_sk_ctx *new = SK_CTX(newsk); new->label = aa_get_label(ctx->label); new->peer = aa_get_label(ctx->peer); } This might leak label references, which might overflow under load. Thus, check for and put labels, to prevent such errors. Note this is similarly done on: static int apparmor_socket_post_create(struct socket *sock, ...) ... if (sock->sk) { struct aa_sk_ctx *ctx = SK_CTX(sock->sk); aa_put_label(ctx->label); ctx->label = aa_get_label(label); } ... Context: ------- The label reference count leak is observed if apparmor_sock_graft() is called previously: this sets the 'ctx->label' field by getting a reference to the current label (later overwritten, without put.) static void apparmor_sock_graft(struct sock *sk, ...) { struct aa_sk_ctx *ctx = SK_CTX(sk); if (!ctx->label) ctx->label = aa_get_current_label(); } And that is the case on crypto/af_alg.c:af_alg_accept(): int af_alg_accept(struct sock *sk, struct socket *newsock, ...) ... struct sock *sk2; ... sk2 = sk_alloc(...); ... security_sock_graft(sk2, newsock); security_sk_clone(sk, sk2); ... Apparently both calls are done on their own right, especially for other LSMs, being introduced in 2010/2014, before apparmor socket mediation in 2017 (see commits [1,2,3,4]). So, it looks OK there! Let's fix the reference leak in apparmor. Test-case: --------- Exercise that code path enough to overflow label reference count. $ cat aa-refcnt-af_alg.c #include #include #include #include #include int main() { int sockfd; struct sockaddr_alg sa; /* Setup the crypto API socket */ sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0); if (sockfd < 0) { perror("socket"); return 1; } memset(&sa, 0, sizeof(sa)); sa.salg_family = AF_ALG; strcpy((char *) sa.salg_type, "rng"); strcpy((char *) sa.salg_name, "stdrng"); if (bind(sockfd, (struct sockaddr *) &sa, sizeof(sa)) < 0) { perror("bind"); return 1; } /* Accept a "connection" and close it; repeat. */ while (!close(accept(sockfd, NULL, 0))); return 0; } $ gcc -o aa-refcnt-af_alg aa-refcnt-af_alg.c $ ./aa-refcnt-af_alg [ 9928.475953] refcount_t overflow at apparmor_sk_clone_security+0x37/0x70 in aa-refcnt-af_alg[1322], uid/euid: 1000/1000 ... [ 9928.507443] RIP: 0010:apparmor_sk_clone_security+0x37/0x70 ... [ 9928.514286] security_sk_clone+0x33/0x50 [ 9928.514807] af_alg_accept+0x81/0x1c0 [af_alg] [ 9928.516091] alg_accept+0x15/0x20 [af_alg] [ 9928.516682] SYSC_accept4+0xff/0x210 [ 9928.519609] SyS_accept+0x10/0x20 [ 9928.520190] do_syscall_64+0x73/0x130 [ 9928.520808] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Note that other messages may be seen, not just overflow, depending on the value being incremented by kref_get(); on another run: [ 7273.182666] refcount_t: saturated; leaking memory. ... [ 7273.185789] refcount_t: underflow; use-after-free. Kprobes: ------- Using kprobe events to monitor sk -> sk_security -> label -> count (kref): Original v5.7 (one reference leak every iteration) ... (af_alg_accept+0x0/0x1c0) label=0xffff8a0f36c25eb0 label_refcnt=0x11fd2 ... (af_alg_release_parent+0x0/0xd0) label=0xffff8a0f36c25eb0 label_refcnt=0x11fd4 ... (af_alg_accept+0x0/0x1c0) label=0xffff8a0f36c25eb0 label_refcnt=0x11fd3 ... (af_alg_release_parent+0x0/0xd0) label=0xffff8a0f36c25eb0 label_refcnt=0x11fd5 ... (af_alg_accept+0x0/0x1c0) label=0xffff8a0f36c25eb0 label_refcnt=0x11fd4 ... (af_alg_release_parent+0x0/0xd0) label=0xffff8a0f36c25eb0 label_refcnt=0x11fd6 Patched v5.7 (zero reference leak per iteration) ... (af_alg_accept+0x0/0x1c0) label=0xffff9ff376c25eb0 label_refcnt=0x593 ... (af_alg_release_parent+0x0/0xd0) label=0xffff9ff376c25eb0 label_refcnt=0x594 ... (af_alg_accept+0x0/0x1c0) label=0xffff9ff376c25eb0 label_refcnt=0x593 ... (af_alg_release_parent+0x0/0xd0) label=0xffff9ff376c25eb0 label_refcnt=0x594 ... (af_alg_accept+0x0/0x1c0) label=0xffff9ff376c25eb0 label_refcnt=0x593 ... (af_alg_release_parent+0x0/0xd0) label=0xffff9ff376c25eb0 label_refcnt=0x594 Commits: ------- [1] commit 507cad355fc9 ("crypto: af_alg - Make sure sk_security is initialized on accept()ed sockets") [2] commit 4c63f83c2c2e ("crypto: af_alg - properly label AF_ALG socket") [3] commit 2acce6aa9f65 ("Networking") a.k.a ("crypto: af_alg - Avoid sock_graft call warning) [4] commit 56974a6fcfef ("apparmor: add base infastructure for socket mediation") Fixes: 56974a6fcfef ("apparmor: add base infastructure for socket mediation") Reported-by: Brian Moyles Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: John Johansen commit cdb555397f438592bab00599037c347b700cf397 Author: Max Staudt Date: Sun Jun 7 20:28:12 2020 +0200 i2c: icy: Fix build with CONFIG_AMIGA_PCMCIA=n This has been found by the Kernel Test Robot: http://lkml.iu.edu/hypermail/linux/kernel/2006.0/06862.html With CONFIG_AMIGA_PCMCIA=n, io_mm.h does not pull in amigahw.h and ZTWO_VADDR is undefined. Add forgotten include to i2c-icy.c Fixes: 4768e90ecaec ("i2c: Add i2c-icy for I2C on m68k/Amiga") Reported-by: kernel test robot Signed-off-by: Max Staudt Signed-off-by: Wolfram Sang commit 9aa900c8094dba7a60dc805ecec1e9f720744ba1 Merge: f558b8364e19 05c8a4fc44a9 Author: Linus Torvalds Date: Sun Jun 7 10:59:32 2020 -0700 Merge tag 'char-misc-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver updates from Greg KH: "Here is the large set of char/misc driver patches for 5.8-rc1 Included in here are: - habanalabs driver updates, loads - mhi bus driver updates - extcon driver updates - clk driver updates (approved by the clock maintainer) - firmware driver updates - fpga driver updates - gnss driver updates - coresight driver updates - interconnect driver updates - parport driver updates (it's still alive!) - nvmem driver updates - soundwire driver updates - visorbus driver updates - w1 driver updates - various misc driver updates In short, loads of different driver subsystem updates along with the drivers as well. All have been in linux-next for a while with no reported issues" * tag 'char-misc-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (233 commits) habanalabs: correctly cast u64 to void* habanalabs: initialize variable to default value extcon: arizona: Fix runtime PM imbalance on error extcon: max14577: Add proper dt-compatible strings extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' extcon: remove redundant assignment to variable idx w1: omap-hdq: print dev_err if irq flags are not cleared w1: omap-hdq: fix interrupt handling which did show spurious timeouts w1: omap-hdq: fix return value to be -1 if there is a timeout w1: omap-hdq: cleanup to add missing newline for some dev_dbg /dev/mem: Revoke mappings when a driver claims the region misc: xilinx-sdfec: convert get_user_pages() --> pin_user_pages() misc: xilinx-sdfec: cleanup return value in xsdfec_table_write() misc: xilinx-sdfec: improve get_user_pages_fast() error handling nvmem: qfprom: remove incorrect write support habanalabs: handle MMU cache invalidation timeout habanalabs: don't allow hard reset with open processes habanalabs: GAUDI does not support soft-reset habanalabs: add print for soft reset due to event habanalabs: improve MMU cache invalidation code ... commit f558b8364e19f9222e7976c64e9367f66bab02cc Merge: 80ef846e9909 8c3e315d4296 Author: Linus Torvalds Date: Sun Jun 7 10:53:36 2020 -0700 Merge tag 'driver-core-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core updates from Greg KH: "Here is the set of driver core patches for 5.8-rc1. Not all that huge this release, just a number of small fixes and updates: - software node fixes - kobject now sends KOBJ_REMOVE when it is removed from sysfs, not when it is removed from memory (which could come much later) - device link additions and fixes based on testing on more devices - firmware core cleanups - other minor changes, full details in the shortlog All have been in linux-next for a while with no reported issues" * tag 'driver-core-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (23 commits) driver core: Update device link status correctly for SYNC_STATE_ONLY links firmware_loader: change enum fw_opt to u32 software node: implement software_node_unregister() kobject: send KOBJ_REMOVE uevent when the object is removed from sysfs driver core: Remove unnecessary is_fwnode_dev variable in device_add() drivers property: When no children in primary, try secondary driver core: platform: Fix spelling errors in platform.c driver core: Remove check in driver_deferred_probe_force_trigger() of: platform: Batch fwnode parsing when adding all top level devices driver core: fw_devlink: Add support for batching fwnode parsing driver core: Look for waiting consumers only for a fwnode's primary device driver core: Move code to the right part of the file Revert "Revert "driver core: Set fw_devlink to "permissive" behavior by default"" drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish firmware_loader: move fw_fallback_config to a private kernel symbol namespace driver core: Add missing '\n' in log messages driver/base/soc: Use kobj_to_dev() API Add documentation on meaning of -EPROBE_DEFER driver core: platform: remove redundant assignment to variable ret debugfs: Use the correct style for SPDX License Identifier ... commit 80ef846e9909f22ccdc2a4a6d931266cecce8b2c Merge: 081096d98bb2 77f55d1305c1 Author: Linus Torvalds Date: Sun Jun 7 10:45:08 2020 -0700 Merge tag 'staging-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging/IIO driver updates from Greg KH: "Here is the large set of staging and IIO driver changes for 5.8-rc1 Nothing major, but a lot of new IIO drivers are included in here, along with other core iio cleanups and changes. On the staging driver front, again, nothing noticable. No new deletions or additions, just a ton of tiny cleanups all over the tree done by a lot of different people. Most coding style, but many actual real fixes and cleanups that are nice to see. All of these have been in linux-next for a while with no reported issues" * tag 'staging-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (618 commits) staging: rtl8723bs: Use common packet header constants staging: sm750fb: Add names to proc_setBLANK args staging: most: usb: init return value in default path of switch/case expression staging: vchiq: Get rid of VCHIQ_SERVICE_OPENEND callback reason staging: vchiq: move vchiq_release_message() into vchiq staging: vchi: Get rid of C++ guards staging: vchi: Get rid of not implemented function declarations staging: vchi: Get rid of vchiq_status_to_vchi() staging: vchi: Get rid of vchi_service_set_option() staging: vchi: Merge vchi_msg_queue() into vchi_queue_kernel_message() staging: vchiq: Move copy callback handling into vchiq staging: vchi: Get rid of vchi_queue_user_message() staging: vchi: Get rid of vchi_service_destroy() staging: most: usb: use function sysfs_streq staging: most: usb: add missing put_device calls staging: most: usb: use correct error codes staging: most: usb: replace code to calculate array index staging: most: usb: don't use error path to exit function on success staging: most: usb: move allocation of URB out of critical section staging: most: usb: return 0 instead of variable ... commit 081096d98bb23946f16215357b141c5616b234bf Merge: e611c0fe318c a1b44ea340b2 Author: Linus Torvalds Date: Sun Jun 7 09:52:36 2020 -0700 Merge tag 'tty-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial driver updates from Greg KH: "Here is the tty and serial driver updates for 5.8-rc1 Nothing huge at all, just a lot of little serial driver fixes, updates for new devices and features, and other small things. Full details are in the shortlog. All of these have been in linux-next with no issues for a while" * tag 'tty-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (67 commits) tty: serial: qcom_geni_serial: Add 51.2MHz frequency support tty: serial: imx: clear Ageing Timer Interrupt in handler serial: 8250_fintek: Add F81966 Support sc16is7xx: Add flag to activate IrDA mode dt-bindings: sc16is7xx: Add flag to activate IrDA mode serial: 8250: Support rs485 bus termination GPIO serial: 8520_port: Fix function param documentation dt-bindings: serial: Add binding for rs485 bus termination GPIO vt: keyboard: avoid signed integer overflow in k_ascii serial: 8250: Enable 16550A variants by default on non-x86 tty: hvc_console, fix crashes on parallel open/close serial: imx: Initialize lock for non-registered console sc16is7xx: Read the LSR register for basic device presence check sc16is7xx: Allow sharing the IRQ line sc16is7xx: Use threaded IRQ sc16is7xx: Always use falling edge IRQ tty: n_gsm: Fix bogus i++ in gsm_data_kick tty: n_gsm: Remove unnecessary test in gsm_print_packet() serial: stm32: add no_console_suspend support tty: serial: fsl_lpuart: Use __maybe_unused instead of #if CONFIG_PM_SLEEP ... commit e611c0fe318c6d6827ee2bba660fbc23cf73f7dc Merge: 3b69e8b45711 347052e3bf1b Author: Linus Torvalds Date: Sun Jun 7 09:42:16 2020 -0700 Merge tag 'usb-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB/PHY driver updates from Greg KH: "Here are the large set of USB and PHY driver updates for 5.8-rc1. Nothing huge, just lots of little things: - USB gadget fixes and additions all over the place - new PHY drivers - PHY driver fixes and updates - XHCI driver updates - musb driver updates - more USB-serial driver ids added - various USB quirks added - thunderbolt minor updates and fixes - typec updates and additions All of these have been in linux-next for a while with no reported issues" * tag 'usb-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (245 commits) usb: dwc3: meson-g12a: fix USB2 PHY initialization on G12A and A1 SoCs usb: dwc3: meson-g12a: fix error path when fetching the reset line fails Revert "dt-bindings: usb: qcom,dwc3: Convert USB DWC3 bindings" Revert "dt-bindings: usb: qcom,dwc3: Add compatible for SC7180" Revert "dt-bindings: usb: qcom,dwc3: Introduce interconnect properties for Qualcomm DWC3 driver" USB: serial: ch341: fix lockup of devices with limited prescaler USB: serial: ch341: add basis for quirk detection CDC-ACM: heed quirk also in error handling USB: serial: option: add Telit LE910C1-EUX compositions usb: musb: Fix runtime PM imbalance on error usb: musb: jz4740: Prevent lockup when CONFIG_SMP is set usb: musb: mediatek: add reset FADDR to zero in reset interrupt handle usb: musb: use true for 'use_dma' usb: musb: start session in resume for host port usb: musb: return -ESHUTDOWN in urb when three-strikes error happened USB: serial: qcserial: add DW5816e QDL support thunderbolt: Add trivial .shutdown usb: dwc3: keystone: Turn on USB3 PHY before controller dt-bindings: usb: ti,keystone-dwc3.yaml: Add USB3.0 PHY property dt-bindings: usb: convert keystone-usb.txt to YAML ... commit 7f88314321e20744114bc596b6528bb9d57ff46f Author: Lorenzo Bianconi Date: Mon Jun 1 09:45:33 2020 +0200 mt76: overwrite qid for non-bufferable mgmt frames Overwrite hw queue id for non-bufferable management frames if the hw support always txq (altxq) in order to be in sync with mac txwi code Fixes: cdad4874057d ("mt76: mt7615: add dma and tx queue initialization for MT7622") Fixes: f40ac0f3d3c0 ("mt76: mt7615: introduce mt7663e support") Suggested-by: Felix Fietkau Tested-by: Sean Wang Signed-off-by: Lorenzo Bianconi Signed-off-by: Felix Fietkau commit a07292ee144b1c4f4269871bb138d16cf5dc603c Author: Lorenzo Bianconi Date: Sun May 31 00:32:04 2020 +0200 mt76: mt7615: fix hw queue mapping mt7622/mt7663 chipsets rely on a fixed reverse queue map order respect to mac80211 one: - q(0): IEEE80211_AC_BK - q(1): IEEE80211_AC_BE - q(2): IEEE80211_AC_VI - q(3): IEEE80211_AC_VO Fixes: cdad4874057d ("mt76: mt7615: add dma and tx queue initialization for MT7622") Fixes: f40ac0f3d3c0 ("mt76: mt7615: introduce mt7663e support") Co-developed-by: Sean Wang Signed-off-by: Sean Wang Co-developed-by: Ryder Lee Signed-off-by: Ryder Lee Signed-off-by: Lorenzo Bianconi Signed-off-by: Felix Fietkau commit d941f47caa386931c3b598ad1b43d5ddd65869aa Author: Lorenzo Bianconi Date: Sat May 30 23:51:27 2020 +0200 mt76: mt7615: fix lmac queue debugsfs entry acs and wmm index are swapped in mt7615_queues_acq respect to the hw design Signed-off-by: Lorenzo Bianconi Signed-off-by: Felix Fietkau commit bb57768215fb6b557a1ef95a3d87b011efe2e267 Author: Lorenzo Bianconi Date: Tue Jun 2 22:26:38 2020 +0200 mt76: add missing lock configuring coverage class Coverage class callback can potentially run in parallel with other routines (e.g. mt7615_set_channel) that configures timing registers. Run coverage class callback holding mt76 mutex Signed-off-by: Lorenzo Bianconi Signed-off-by: Felix Fietkau commit 22f614bc0f376e7a1bcf1a2cd912885f4a933045 Author: Ming Lei Date: Fri Jun 5 19:44:10 2020 +0800 blk-mq: fix blk_mq_all_tag_iter blk_mq_all_tag_iter() is added to iterate all requests, so we should fetch the request from ->static_rqs][] instead of ->rqs[] which is for holding in-flight request only. Fix it by adding flag of BT_TAG_ITER_STATIC_RQS. Fixes: bf0beec0607d ("blk-mq: drain I/O when all CPUs in a hctx are offline") Signed-off-by: Ming Lei Tested-by: John Garry Cc: Dongli Zhang Cc: Hannes Reinecke Cc: Daniel Wagner Cc: Christoph Hellwig Signed-off-by: Jens Axboe commit d94ecfc399715f06da347922e7979c088b1d8834 Author: Christoph Hellwig Date: Fri Jun 5 19:44:09 2020 +0800 blk-mq: split out a __blk_mq_get_driver_tag helper Allocation of the driver tag in the case of using a scheduler shares very little code with the "normal" tag allocation. Split out a new helper to streamline this path, and untangle it from the complex normal tag allocation. This way also avoids to fail driver tag allocation because of inactive hctx during cpu hotplug, and fixes potential hang risk. Fixes: bf0beec0607d ("blk-mq: drain I/O when all CPUs in a hctx are offline") Signed-off-by: Ming Lei Signed-off-by: Christoph Hellwig Tested-by: John Garry Cc: Dongli Zhang Cc: Hannes Reinecke Cc: Daniel Wagner Signed-off-by: Jens Axboe commit 9d964e1b82d8182184153b70174f445ea616f053 Author: Al Viro Date: Sat Jun 6 23:44:24 2020 -0400 fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()" lost npc in PTRACE_SETREGSET, breaking PTRACE_SETREGS as well Fixes: cf51e129b968 "sparc32: fix register window handling in genregs32_[gs]et()" Signed-off-by: Al Viro commit 2667a6814cb518f0df6520a00ddea48e8af50bd0 Author: Gustavo A. R. Silva Date: Thu Jun 4 10:39:57 2020 -0500 i2c: npcm7xx: Remove unnecessary parentheses Remove unnecessary parentheses around _bus_. This issue was found with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Wolfram Sang commit 4e2905adac9f0fdc25154ac83719a986c2367a14 Author: Dan Murphy Date: Fri Jun 5 15:51:03 2020 -0500 net: dp83869: Reset return variable if PHY strap is read When the PHY's strap register is read to determine if lane swapping is needed the phy_read_mmd returns the value back into the ret variable. If the call to read the strap fails the failed value is returned. If the call to read the strap is successful then ret is possibly set to a non-zero positive number. Without reseting the ret value to 0 this will cause the parse DT function to return a failure. Fixes: c4566aec6e808 ("net: phy: dp83869: Update port-mirroring to read straps") Signed-off-by: Dan Murphy Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 4a3084aaa88e70a0af0e38b72ca29af32ec6b9c5 Author: Herbert Xu Date: Wed Jun 3 18:12:43 2020 +1000 rhashtable: Drop raw RCU deref in nested_table_free This patch replaces some unnecessary uses of rcu_dereference_raw in the rhashtable code with rcu_dereference_protected. The top-level nested table entry is only marked as RCU because it shares the same type as the tree entries underneath it. So it doesn't need any RCU protection. We also don't need RCU protection when we're freeing a nested RCU table because by this stage we've long passed a memory barrier when anyone could change the nested table. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller commit 3b69e8b4571125bec1f77f886174fe6cab6b9d75 Merge: b170290c2836 37744feebc08 Author: Linus Torvalds Date: Sat Jun 6 15:22:01 2020 -0700 Merge tag 'sh-for-5.8' of git://git.libc.org/linux-sh Pull arch/sh updates from Rich Felker: "Fix for arch/sh build regression with newer binutils, removal of SH5, fixes for module exports, and misc cleanup" * tag 'sh-for-5.8' of git://git.libc.org/linux-sh: sh: remove sh5 support sh: add missing EXPORT_SYMBOL() for __delay sh: Convert ins[bwl]/outs[bwl] macros to inline functions sh: Convert iounmap() macros to inline functions sh: Add missing DECLARE_EXPORT() for __ashiftrt_r4_xx sh: configs: Cleanup old Kconfig IO scheduler options arch/sh: vmlinux.scr sh: Replace CONFIG_MTD_M25P80 with CONFIG_MTD_SPI_NOR in sh7757lcr_defconfig sh: sh4a: Bring back tmu3_device early device commit e7991f376a4dd837f455d9e2112a280617854d12 Author: Zhu Lingshan Date: Fri Jun 5 18:27:15 2020 +0800 ifcvf: implement config interrupt in IFCVF This commit implements config interrupt support in IFC VF Signed-off-by: Zhu Lingshan Acked-by: Jason Wang Link: https://lore.kernel.org/r/1591352835-22441-6-git-send-email-lingshan.zhu@intel.com Signed-off-by: Michael S. Tsirkin commit e0136c16fae95dc3762f3912f6f9336f5f57fe81 Author: Zhu Lingshan Date: Fri Jun 5 18:27:14 2020 +0800 vhost: replace -1 with VHOST_FILE_UNBIND in ioctls This commit replaces -1 with VHOST_FILE_UNBIND in ioctls since we have added such a macro in the uapi header for vdpa_host. Signed-off-by: Zhu Lingshan Acked-by: Jason Wang Link: https://lore.kernel.org/r/1591352835-22441-5-git-send-email-lingshan.zhu@intel.com Signed-off-by: Michael S. Tsirkin commit 776f395004d829bbbf18c159ed9beb517a208c71 Author: Zhu Lingshan Date: Fri Jun 5 18:27:13 2020 +0800 vhost_vdpa: Support config interrupt in vdpa This commit implements config interrupt support in vhost_vdpa layer. Signed-off-by: Zhu Lingshan Acked-by: Jason Wang Link: https://lore.kernel.org/r/1591352835-22441-4-git-send-email-lingshan.zhu@intel.com Signed-off-by: Michael S. Tsirkin commit bb02e6e63d0e71188bc5fe5f4732e66bc8b5dceb Author: Zhu Lingshan Date: Fri Jun 5 18:27:12 2020 +0800 ifcvf: ignore continuous setting same status value User space may try to set status of same value multiple times, this patch handles this case more efficiently by ignoring the setting of the same status value. Signed-off-by: Zhu Lingshan Link: https://lore.kernel.org/r/1591352835-22441-3-git-send-email-lingshan.zhu@intel.com Signed-off-by: Michael S. Tsirkin commit b170290c2836c40ab565736ba37681eb3dfd79b8 Merge: cff11abeca78 bcfefb61cd2b Author: Linus Torvalds Date: Sat Jun 6 12:07:28 2020 -0700 Merge tag 'kconfig-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kconfig updates from Masahiro Yamada: - allow only 'config', 'comment', 'if' statements inside 'choice' since the other statements are not sensible inside 'choice' and should be grammatical error - support LMC_KEEP env variable for 'make local{yes,mod}config' to preserve some CONFIG options - deprecate 'make kvmconfig' and 'make xenconfig' in favor of 'make kvm_guest.config' and 'make xen.config' - code cleanups * tag 'kconfig-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kconfig: announce removal of 'kvmconfig' and 'xenconfig' shorthands streamline_config.pl: add LMC_KEEP to preserve some kconfigs kconfig: allow only 'config', 'comment', and 'if' inside 'choice' kconfig: tests: remove randconfig test for choice in choice kconfig: do not assign a variable in the return statement kconfig: do not use OR-assignment for zero-cleared structure commit cff11abeca78aa782378401ca2800bd2194aa14e Merge: 6f2dc3d33545 8dfb61dcbace Author: Linus Torvalds Date: Sat Jun 6 12:00:25 2020 -0700 Merge tag 'kbuild-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild updates from Masahiro Yamada: - fix warnings in 'make clean' for ARCH=um, hexagon, h8300, unicore32 - ensure to rebuild all objects when the compiler is upgraded - exclude system headers from dependency tracking and fixdep processing - fix potential bit-size mismatch between the kernel and BPF user-mode helper - add the new syntax 'userprogs' to build user-space programs for the target architecture (the same arch as the kernel) - compile user-space sample code under samples/ for the target arch instead of the host arch - make headers_install fail if a CONFIG option is leaked to user-space - sanitize the output format of scripts/checkstack.pl - handle ARM 'push' instruction in scripts/checkstack.pl - error out before modpost if a module name conflict is found - error out when multiple directories are passed to M= because this feature is broken for a long time - add CONFIG_DEBUG_INFO_COMPRESSED to support compressed debug info - a lot of cleanups of modpost - dump vmlinux symbols out into vmlinux.symvers, and reuse it in the second pass of modpost - do not run the second pass of modpost if nothing in modules is updated - install modules.builtin(.modinfo) by 'make install' as well as by 'make modules_install' because it is useful even when CONFIG_MODULES=n - add new command line variables, GZIP, BZIP2, LZOP, LZMA, LZ4, and XZ to allow users to use alternatives such as pigz, pbzip2, etc. * tag 'kbuild-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (96 commits) kbuild: add variables for compression tools Makefile: install modules.builtin even if CONFIG_MODULES=n mksysmap: Fix the mismatch of '.L' symbols in System.map kbuild: doc: rename LDFLAGS to KBUILD_LDFLAGS modpost: change elf_info->size to size_t modpost: remove is_vmlinux() helper modpost: strip .o from modname before calling new_module() modpost: set have_vmlinux in new_module() modpost: remove mod->skip struct member modpost: add mod->is_vmlinux struct member modpost: remove is_vmlinux() call in check_for_{gpl_usage,unused}() modpost: remove mod->is_dot_o struct member modpost: move -d option in scripts/Makefile.modpost modpost: remove -s option modpost: remove get_next_text() and make {grab,release_}file static modpost: use read_text_file() and get_line() for reading text files modpost: avoid false-positive file open error modpost: fix potential mmap'ed file overrun in get_src_version() modpost: add read_text_file() and get_line() helpers modpost: do not call get_modinfo() for vmlinux(.o) ... commit 6f2dc3d335457d9c815be9f4fd3dc8eff92fcef7 Merge: 1ee18de92927 48530d9fab0d Author: Linus Torvalds Date: Sat Jun 6 11:55:53 2020 -0700 Merge tag 'dma-mapping-5.8-2' of git://git.infradead.org/users/hch/dma-mapping Pull dma-mapping helpers from Christoph Hellwig: "These were in a separate stable branch so that various media and drm trees could pull the in for bug fixes, but looking at linux-next that hasn't actually happened yet. Still sending the APIs to you in the hope that these bug fixes get picked up for 5.8 in one way or another. Summary: - add DMA mapping helpers for struct sg_table (Marek Szyprowski)" * tag 'dma-mapping-5.8-2' of git://git.infradead.org/users/hch/dma-mapping: iommu: add generic helper for mapping sgtable objects scatterlist: add generic wrappers for iterating over sgtable objects dma-mapping: add generic helpers for mapping sgtable objects commit 1ee18de92927f37e6948d5a6fc73cbf89f806905 Merge: e542e0dc3ee3 298f3db6ee69 Author: Linus Torvalds Date: Sat Jun 6 11:43:23 2020 -0700 Merge tag 'dma-mapping-5.8' of git://git.infradead.org/users/hch/dma-mapping Pull dma-mapping updates from Christoph Hellwig: - enhance the dma pool to allow atomic allocation on x86 with AMD SEV (David Rientjes) - two small cleanups (Jason Yan and Peter Collingbourne) * tag 'dma-mapping-5.8' of git://git.infradead.org/users/hch/dma-mapping: dma-contiguous: fix comment for dma_release_from_contiguous dma-pool: scale the default DMA coherent pool size with memory capacity x86/mm: unencrypted non-blocking DMA allocations use coherent pools dma-pool: add pool sizes to debugfs dma-direct: atomic allocations must come from atomic coherent pools dma-pool: dynamically expanding atomic pools dma-pool: add additional coherent pools to map to gfp mask dma-remap: separate DMA atomic pools from direct remap code dma-debug: make __dma_entry_alloc_check_leak() static commit e542e0dc3ee3eafc46dd8e3073388079d69cace0 Merge: 3925c3bbdf88 f5152f4ded3c Author: Linus Torvalds Date: Sat Jun 6 11:30:00 2020 -0700 Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging Pull dmi update from Jean Delvare. * 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging: firmware/dmi: Report DMI Bios & EC firmware release commit 3925c3bbdf886f1ddf64461b9b380e1bb36f90c1 Merge: 9fa88c5d3f5e 2bd81cd04a3f Author: Linus Torvalds Date: Sat Jun 6 11:01:58 2020 -0700 Merge tag 'pci-v5.8-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI updates from Bjorn Helgaas: "Enumeration: - Program MPS for RCiEP devices (Ashok Raj) - Fix pci_register_host_bridge() device_register() error handling (Rob Herring) - Fix pci_host_bridge struct device release/free handling (Rob Herring) Resource management: - Allow resizing BARs for devices on root bus (Ard Biesheuvel) Power management: - Reduce Thunderbolt resume time by working around devices that don't support DLL Link Active reporting (Mika Westerberg) - Work around a Pericom USB controller OHCI/EHCI PME# defect (Kai-Heng Feng) Virtualization: - Add ACS quirk for Intel Root Complex Integrated Endpoints (Ashok Raj) - Avoid FLR for AMD Starship USB 3.0 (Kevin Buettner) - Avoid FLR for AMD Matisse HD Audio & USB 3.0 (Marcos Scriven) Error handling: - Use only _OSC (not HEST FIRMWARE_FIRST) to determine AER ownership (Alexandru Gagniuc, Kuppuswamy Sathyanarayanan) - Reduce verbosity by logging only ACPI_NOTIFY_DISCONNECT_RECOVER events (Kuppuswamy Sathyanarayanan) - Don't enable AER by default in Kconfig (Bjorn Helgaas) Peer-to-peer DMA: - Add AMD Zen Raven and Renoir Root Ports to whitelist (Alex Deucher) ASPM: - Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (Kai-Heng Feng) Endpoint framework: - Fix DMA channel release in test (Kunihiko Hayashi) - Add page size as argument to pci_epc_mem_init() (Lad Prabhakar) - Add support to handle multiple base for mapping outbound memory (Lad Prabhakar) Generic host bridge driver: - Support building as module (Rob Herring) - Eliminate pci_host_common_probe wrappers (Rob Herring) Amlogic Meson PCIe controller driver: - Don't use FAST_LINK_MODE to set up link (Marc Zyngier) Broadcom STB PCIe controller driver: - Disable ASPM L0s if 'aspm-no-l0s' in DT (Jim Quinlan) - Fix clk_put() error (Jim Quinlan) - Fix window register offset (Jim Quinlan) - Assert fundamental reset on initialization (Nicolas Saenz Julienne) - Add notify xHCI reset property (Nicolas Saenz Julienne) - Add init routine for Raspberry Pi 4 VL805 USB controller (Nicolas Saenz Julienne) - Sync with Raspberry Pi 4 firmware for VL805 initialization (Nicolas Saenz Julienne) Cadence PCIe controller driver: - Remove "cdns,max-outbound-regions" DT property (replaced by "ranges") (Kishon Vijay Abraham I) - Read 32-bit (not 16-bit) Vendor ID/Device ID property from DT (Kishon Vijay Abraham I) Marvell Aardvark PCIe controller driver: - Improve link training (Marek Behún) - Add PHY support (Marek Behún) - Add "phys", "max-link-speed", "reset-gpios" to dt-binding (Marek Behún) - Train link immediately after enabling training to work around detection issues with some cards (Pali Rohár) - Issue PERST via GPIO to work around detection issues (Pali Rohár) - Don't blindly enable ASPM L0s (Pali Rohár) - Replace custom macros by standard linux/pci_regs.h macros (Pali Rohár) Microsoft Hyper-V host bridge driver: - Fix probe failure path to release resource (Wei Hu) - Retry PCI bus D0 entry on invalid device state for kdump (Wei Hu) Renesas R-Car PCIe controller driver: - Fix incorrect programming of OB windows (Andrew Murray) - Add suspend/resume (Kazufumi Ikeda) - Rename pcie-rcar.c to pcie-rcar-host.c (Lad Prabhakar) - Add endpoint controller driver (Lad Prabhakar) - Fix PCIEPAMR mask calculation (Lad Prabhakar) - Add r8a77961 to DT binding (Yoshihiro Shimoda) Socionext UniPhier Pro5 controller driver: - Add endpoint controller driver (Kunihiko Hayashi) Synopsys DesignWare PCIe controller driver: - Program outbound ATU upper limit register (Alan Mikhak) - Fix inner MSI IRQ domain registration (Marc Zyngier) Miscellaneous: - Check for platform_get_irq() failure consistently (negative return means failure) (Aman Sharma) - Fix several runtime PM get/put imbalances (Dinghao Liu) - Use flexible-array and struct_size() helpers for code cleanup (Gustavo A. R. Silva) - Update & fix issues in bridge emulation of PCIe registers (Jon Derrick) - Add macros for bridge window names (PCI_BRIDGE_IO_WINDOW, etc) (Krzysztof Wilczyński) - Work around Intel PCH MROMs that have invalid BARs (Xiaochun Lee)" * tag 'pci-v5.8-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: (100 commits) PCI: uniphier: Add Socionext UniPhier Pro5 PCIe endpoint controller driver PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints PCI/DPC: Print IRQ number used by port PCI/AER: Use "aer" variable for capability offset PCI/AER: Remove redundant dev->aer_cap checks PCI/AER: Remove redundant pci_is_pcie() checks PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership PCI: tegra: Fix runtime PM imbalance on error PCI: vmd: Filter resource type bits from shadow register PCI: tegra194: Fix runtime PM imbalance on error dt-bindings: PCI: Add UniPhier PCIe endpoint controller description PCI: hv: Use struct_size() helper PCI: Rename _DSM constants to align with spec PCI: Avoid FLR for AMD Starship USB 3.0 PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 x86/PCI: Drop unused xen_register_pirq() gsi_override parameter PCI: dwc: Use private data pointer of "struct irq_domain" to get pcie_port PCI: amlogic: meson: Don't use FAST_LINK_MODE to set up link PCI: dwc: Fix inner MSI IRQ domain registration PCI: dwc: pci-dra7xx: Use devm_platform_ioremap_resource_byname() ... commit 8dd06ef34b6e2f41b29fbf5fc1663780f2524285 Merge: 642aa86eaf8f d0ac7079d5fc Author: Dmitry Torokhov Date: Sat Jun 6 10:45:37 2020 -0700 Merge branch 'next' into for-linus Prepare input updates for 5.8 merge window. commit 9fa88c5d3f5eae3e68ef20d226c3f13e21490668 Author: Zou Wei Date: Sat Jun 6 18:57:41 2020 +0200 hpfs: fix warning due to superfluous semicolon Fixes coccicheck warning: fs/hpfs/buffer.c:56:2-3: Unneeded semicolon Reported-by: Hulk Robot Signed-off-by: Zou Wei Signed-off-by: Mikulas Patocka Signed-off-by: Linus Torvalds commit fe3bc8a988a4d38dc090e77071ff9b8ea266528a Merge: 4a7e89c5ec02 10cdb1575954 Author: Linus Torvalds Date: Sat Jun 6 10:01:48 2020 -0700 Merge branch 'for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq Pull workqueue updates from Tejun Heo: "Mostly cleanups and other trivial changes. The only interesting change is Sebastian's rcuwait conversion for RT" * 'for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: use BUILD_BUG_ON() for compile time test instead of WARN_ON() workqueue: fix a piece of comment about reserved bits for work flags workqueue: remove useless unlock() and lock() in series workqueue: void unneeded requeuing the pwq in rescuer thread workqueue: Convert the pool::lock and wq_mayday_lock to raw_spinlock_t workqueue: Use rcuwait for wq_manager_wait workqueue: Remove unnecessary kfree() call in rcu_free_wq() workqueue: Fix an use after free in init_rescuer() workqueue: Use IS_ERR and PTR_ERR instead of PTR_ERR_OR_ZERO. commit 4a7e89c5ec0238017a757131eb9ab8dc111f961c Merge: 3c0ad98c2eda 936f2a70f207 Author: Linus Torvalds Date: Sat Jun 6 09:59:34 2020 -0700 Merge branch 'for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup updates from Tejun Heo: "Just two patches: one to add system-level cpu.stat to the root cgroup for convenience and a trivial comment update" * 'for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: cgroup: add cpu.stat file to root cgroup cgroup: Remove stale comments commit 3c0ad98c2eda5ff30d23777e30744be6f7b8f097 Merge: aaa2faab4ed8 42413b49804b Author: Linus Torvalds Date: Sat Jun 6 09:39:05 2020 -0700 Merge tag 'integrity-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity Pull integrity updates from Mimi Zohar: "The main changes are extending the TPM 2.0 PCR banks with bank specific file hashes, calculating the "boot_aggregate" based on other TPM PCR banks, using the default IMA hash algorithm, instead of SHA1, as the basis for the cache hash table key, and preventing the mprotect syscall to circumvent an IMA mmap appraise policy rule. - In preparation for extending TPM 2.0 PCR banks with bank specific digests, commit 0b6cf6b97b7e ("tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()") modified tpm_pcr_extend(). The original SHA1 file digests were padded/truncated, before being extended into the other TPM PCR banks. This pull request calculates and extends the TPM PCR banks with bank specific file hashes completing the above change. - The "boot_aggregate", the first IMA measurement list record, is the "trusted boot" link between the pre-boot environment and the running OS. With TPM 2.0, the "boot_aggregate" record is not limited to being based on the SHA1 TPM PCR bank, but can be calculated based on any enabled bank, assuming the hash algorithm is also enabled in the kernel. Other changes include the following and five other bug fixes/code clean up: - supporting both a SHA1 and a larger "boot_aggregate" digest in a custom template format containing both the the SHA1 ('d') and larger digests ('d-ng') fields. - Initial hash table key fix, but additional changes would be good" * tag 'integrity-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: Directly free *entry in ima_alloc_init_template() if digests is NULL ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() ima: Directly assign the ima_default_policy pointer to ima_rules ima: verify mprotect change is consistent with mmap policy evm: Fix possible memory leak in evm_calc_hmac_or_hash() ima: Set again build_ima_appraise variable ima: Remove redundant policy rule set in add_rules() ima: Fix ima digest hash table key calculation ima: Use ima_hash_algo for collision detection in the measurement list ima: Calculate and extend PCR with digests in ima_template_entry ima: Allocate and initialize tfm for each PCR bank ima: Switch to dynamically allocated buffer for template digests ima: Store template digest directly in ima_template_entry ima: Evaluate error in init_ima() ima: Switch to ima_hash_algo for boot aggregate commit 5865985416ebb5a0c198a819a098b5cc300ac8a4 Author: Steve French Date: Fri Jun 5 17:19:46 2020 -0500 smb3: extend fscache mount volume coherency check It is better to check volume id and creation time, not just the root inode number to verify if the volume has changed when remounting. Reviewed-by: David Howells Signed-off-by: Steve French commit 8dfb61dcbaceb19a5ded5e9c9dcf8d05acc32294 Author: Denis Efremov Date: Fri Jun 5 10:39:55 2020 +0300 kbuild: add variables for compression tools Allow user to use alternative implementations of compression tools, such as pigz, pbzip2, pxz. For example, multi-threaded tools to speed up the build: $ make GZIP=pigz BZIP2=pbzip2 Variables _GZIP, _BZIP2, _LZOP are used internally because original env vars are reserved by the tools. The use of GZIP in gzip tool is obsolete since 2015. However, alternative implementations (e.g., pigz) still rely on it. BZIP2, BZIP, LZOP vars are not obsolescent. The credit goes to @grsecurity. As a sidenote, for multi-threaded lzma, xz compression one can use: $ export XZ_OPT="--threads=0" Signed-off-by: Denis Efremov Signed-off-by: Masahiro Yamada commit e0b250b57dcf403529081e5898a9de717f96b76b Author: Jonas Zeiger Date: Wed Jun 3 15:34:05 2020 +0200 Makefile: install modules.builtin even if CONFIG_MODULES=n Many applications check for available kernel features via: - /proc/modules (loaded modules, present if CONFIG_MODULES=y) - $(MODLIB)/modules.builtin (builtin modules) They fail to detect features if the kernel was built with CONFIG_MODULES=n and modules.builtin isn't installed. Therefore, add the target "_builtin_inst_" and make "install" and "modules_install" depend on it. Tests results: - make install: kernel image is copied as before, modules.builtin copied - make modules_install: (CONFIG_MODULES=n) nothing is copied, exit 1 Signed-off-by: Jonas Zeiger Signed-off-by: Masahiro Yamada commit 72d24accf02add25e08733f0ecc93cf10fcbd88c Author: ashimida Date: Tue Jun 2 15:45:17 2020 +0800 mksysmap: Fix the mismatch of '.L' symbols in System.map When System.map was generated, the kernel used mksysmap to filter the kernel symbols, but all the symbols with the second letter 'L' in the kernel were filtered out, not just the symbols starting with 'dot + L'. For example: ashimida@ubuntu:~/linux$ cat System.map |grep ' .L' ashimida@ubuntu:~/linux$ nm -n vmlinux |grep ' .L' ffff0000088028e0 t bLength_show ...... ffff0000092e0408 b PLLP_OUTC_lock ffff0000092e0410 b PLLP_OUTA_lock The original intent should be to filter out all local symbols starting with '.L', so the dot should be escaped. Fixes: 00902e984732 ("mksysmap: Add h8300 local symbol pattern") Signed-off-by: ashimida Signed-off-by: Masahiro Yamada commit c0901577e1dcc8d1c0fd1a11c8d571f650df845f Author: Masahiro Yamada Date: Tue Jun 2 02:03:28 2020 +0900 kbuild: doc: rename LDFLAGS to KBUILD_LDFLAGS Commit d503ac531a52 ("kbuild: rename LDFLAGS to KBUILD_LDFLAGS") missed to update the documentation. Signed-off-by: Masahiro Yamada commit 3b09efc4f0c94669a928c0453d2dcb54c59543f2 Author: Masahiro Yamada Date: Mon Jun 1 14:57:31 2020 +0900 modpost: change elf_info->size to size_t Align with the mmap / munmap APIs. Signed-off-by: Masahiro Yamada commit 4de7b62936122570408357417f21072e78292926 Author: Masahiro Yamada Date: Mon Jun 1 14:57:30 2020 +0900 modpost: remove is_vmlinux() helper Now that is_vmlinux() is called only in new_module(), we can inline the function call. modname is the basename with '.o' is stripped. No need to compare it with 'vmlinux.o'. vmlinux is always located at the current working directory. No need to strip the directory path. Signed-off-by: Masahiro Yamada commit a82f794c41ab51f088af325f5d9acba30a6facdb Author: Masahiro Yamada Date: Mon Jun 1 14:57:29 2020 +0900 modpost: strip .o from modname before calling new_module() new_module() conditionally strips the .o because the modname has .o suffix when it is called from read_symbols(), but no .o when it is called from read_dump(). It is clearer to strip .o in read_symbols(). I also used flexible-array for mod->name. Signed-off-by: Masahiro Yamada commit 858b937d289bbf7551d496100c1fa9efcad5796e Author: Masahiro Yamada Date: Mon Jun 1 14:57:28 2020 +0900 modpost: set have_vmlinux in new_module() Set have_vmlinux flag in a single place. Signed-off-by: Masahiro Yamada commit 0b19d54cae11bd5b9e208f52e42d88ad33a3b1d9 Author: Masahiro Yamada Date: Mon Jun 1 14:57:27 2020 +0900 modpost: remove mod->skip struct member The meaning of 'skip' is obscure since it does not explain "what to skip". mod->skip is set when it is vmlinux or the module info came from a dump file. So, mod->skip is equivalent to (mod->is_vmlinux || mod->from_dump). For the check in write_namespace_deps_files(), mod->is_vmlinux is unneeded because the -d option is not passed in the first pass of modpost. Signed-off-by: Masahiro Yamada commit 5a438af9db2c4a0b80d51d8c1c9c623b0c0de967 Author: Masahiro Yamada Date: Mon Jun 1 14:57:26 2020 +0900 modpost: add mod->is_vmlinux struct member is_vmlinux() is called in several places to check whether the current module is vmlinux or not. It is faster and clearer to check mod->is_vmlinux flag. Signed-off-by: Masahiro Yamada commit 1be5fa6c948533bb95ac783010ef686261be5384 Author: Masahiro Yamada Date: Mon Jun 1 14:57:25 2020 +0900 modpost: remove is_vmlinux() call in check_for_{gpl_usage,unused}() check_exports() is never called for vmlinux because mod->skip is set for vmlinux. Hence, check_for_gpl_usage() and check_for_unused() are not called for vmlinux, either. is_vmlinux() is always false here. Remove the is_vmlinux() calls, and hard-code the ".ko" suffix. Signed-off-by: Masahiro Yamada commit 3379576dd6e708f66498d49b4cec5f9b198791a0 Author: Masahiro Yamada Date: Mon Jun 1 14:57:24 2020 +0900 modpost: remove mod->is_dot_o struct member Previously, there were two cases where mod->is_dot_o is unset: [1] the executable 'vmlinux' in the second pass of modpost [2] modules loaded by read_dump() I think [1] was intended usage to distinguish 'vmlinux.o' and 'vmlinux'. Now that modpost does not parse the executable 'vmlinux', this case does not happen. [2] is obscure, maybe a bug. Module.symver stores module paths without extension. So, none of modules loaded by read_dump() has the .o suffix, and new_module() unsets ->is_dot_o. Anyway, it is not a big deal because handle_symbol() is not called for the case. To sum up, all the parsed ELF files are .o files. mod->is_dot_o is unneeded. Signed-off-by: Masahiro Yamada commit 859c926aea29353bced3a456c2f73753040b437e Author: Masahiro Yamada Date: Mon Jun 1 14:57:23 2020 +0900 modpost: move -d option in scripts/Makefile.modpost Collect options for modules into a single place. Signed-off-by: Masahiro Yamada commit 467b82d7cee4373aa7bc47fd3043e2fa0a3440f5 Author: Masahiro Yamada Date: Mon Jun 1 14:57:22 2020 +0900 modpost: remove -s option The -s option was added by commit 8d8d8289df65 ("kbuild: do not do section mismatch checks on vmlinux in 2nd pass"). Now that the second pass does not parse vmlinux, this option is unneeded. Signed-off-by: Masahiro Yamada commit 75893572d45399cefbb88443d0878adae9cb0b41 Author: Masahiro Yamada Date: Mon Jun 1 14:57:21 2020 +0900 modpost: remove get_next_text() and make {grab,release_}file static get_next_line() is no longer used. Remove. grab_file() and release_file() are only used in modpost.c. Make them static. Signed-off-by: Masahiro Yamada commit 70f30cfe5b892fcb7f98e7df72ed6ccfe3225628 Author: Masahiro Yamada Date: Mon Jun 1 14:57:20 2020 +0900 modpost: use read_text_file() and get_line() for reading text files grab_file() mmaps a file, but it is not so efficient here because get_next_line() copies every line to the temporary buffer anyway. read_text_file() and get_line() are simpler. get_line() exploits the library function strchr(). Going forward, the missing *.symvers or *.cmd is a fatal error. This should not happen because scripts/Makefile.modpost guards the -i option files with $(wildcard $(input-symdump)). Signed-off-by: Masahiro Yamada commit 7c8f5662c502b7b967399fef8a64532ec43b063d Author: Masahiro Yamada Date: Mon Jun 1 14:57:19 2020 +0900 modpost: avoid false-positive file open error One problem of grab_file() is that it cannot distinguish the following two cases: - It cannot read the file (the file does not exist, or read permission is not set) - It can read the file, but the file size is zero This is because grab_file() calls mmap(), which requires the mapped length is greater than 0. Hence, grab_file() fails for both cases. If an empty header file were included for checksum calculation, the following warning would be printed: WARNING: modpost: could not open ...: Invalid argument An empty file is a valid source file, so it should not fail. Use read_text_file() instead. It can read a zero-length file. Then, parse_file() will succeed with doing nothing. Going forward, the first case (it cannot read the file) is a fatal error. If the source file from which an object was compiled is missing, something went wrong. Signed-off-by: Masahiro Yamada commit f531c1b5de65bc687bdcca69e7649fe2db5b6d87 Author: Masahiro Yamada Date: Mon Jun 1 14:57:18 2020 +0900 modpost: fix potential mmap'ed file overrun in get_src_version() I do not know how reliably this function works, but it looks dangerous to me. strchr(sources, '\n'); ... continues searching until it finds '\n' or it reaches the '\0' terminator. In other words, 'sources' should be a null-terminated string. However, grab_file() just mmaps a file, so 'sources' is not terminated with null byte. If the file does not contain '\n' at all, strchr() will go beyond the mmap'ed memory. Use read_text_file(), which loads the file content into a malloc'ed buffer, appending null byte. Here we are interested only in the first line of *.mod files. Use get_line() helper to get the first line. This also makes missing *.mod file a fatal error. Commit 4be40e22233c ("kbuild: do not emit src version warning for non-modules") ignored missing *.mod files. I do not fully understand what that commit addressed, but commit 91341d4b2c19 ("kbuild: introduce new option to enhance section mismatch analysis") introduced partial section checks by using modpost. built-in.o was parsed by modpost. Even modules had a problem because *.mod files were created after the modpost check. Commit b7dca6dd1e59 ("kbuild: create *.mod with full directory path and remove MODVERDIR") stopped doing that. Now that modpost is only invoked after the directory descend, *.mod files should always exist at the modpost stage. Signed-off-by: Masahiro Yamada commit ac5100f54329676469688d1b5415cd8d6428c909 Author: Masahiro Yamada Date: Mon Jun 1 14:57:17 2020 +0900 modpost: add read_text_file() and get_line() helpers modpost uses grab_file() to open a file, but it is not suitable for a text file because the mmap'ed file is not terminated by null byte. Actually, I see some issues for the use of grab_file(). The new helper, read_text_file() loads the whole file content into a malloc'ed buffer, and appends a null byte. Then, get_line() reads each line. To handle text files, I intend to replace as follows: grab_file() -> read_text_file() get_new_line() -> get_line() Signed-off-by: Masahiro Yamada commit 4ddea2f8e825a86e94011ebc32eb1dce220b2316 Author: Masahiro Yamada Date: Mon Jun 1 14:57:16 2020 +0900 modpost: do not call get_modinfo() for vmlinux(.o) The three calls of get_modinfo() ("license", "import_ns", "version") always return NULL for vmlinux(.o) because the built-in module info is prefixed with __MODULE_INFO_PREFIX. It is harmless to call get_modinfo(), but there is no point to search for what apparently does not exist. Signed-off-by: Masahiro Yamada commit f693153519607449d3e270d9e6af20b032543c05 Author: Masahiro Yamada Date: Mon Jun 1 14:57:15 2020 +0900 modpost: drop RCS/CVS $Revision handling in MODULE_VERSION() As far as I understood, this code gets rid of '$Revision$' or '$Revision:' of CVS, RCS or whatever in MODULE_VERSION() tags. Remove the primeval code. Signed-off-by: Masahiro Yamada commit 48a0f72797bdc6b428f951aff265f5aecc2bda49 Author: Masahiro Yamada Date: Mon Jun 1 14:57:14 2020 +0900 modpost: show warning if any of symbol dump files is missing If modpost fails to load a symbol dump file, it cannot check unresolved symbols, hence module dependency will not be added. Nor CRCs can be added. Currently, external module builds check only $(objtree)/Module.symvers, but it should check files specified by KBUILD_EXTRA_SYMBOLS as well. Move the warning message from the top Makefile to scripts/Makefile.modpost and print the warning if any dump file is missing. Signed-off-by: Masahiro Yamada commit 7e8a3235823bcb779acf92de630edd5ddffaf886 Author: Masahiro Yamada Date: Mon Jun 1 14:57:13 2020 +0900 modpost: show warning if vmlinux is not found when processing modules check_exports() does not print warnings about unresolved symbols if vmlinux is missing because there would be too many. This situation happens when you do 'make modules' from the clean tree, or compile external modules against a kernel tree that has not been completely built. It is dangerous to not check unresolved symbols because you might be building useless modules. At least it should be warned. Signed-off-by: Masahiro Yamada commit 436b2ac603d58504f38041a0cd8adb5aeace992b Author: Masahiro Yamada Date: Mon Jun 1 14:57:12 2020 +0900 modpost: invoke modpost only when input files are updated Currently, the second pass of modpost is always invoked when you run 'make' or 'make modules' even if none of modules is changed. Use if_changed to invoke it only when it is necessary. Signed-off-by: Masahiro Yamada commit 269a535ca931b754a40dda3ab60514e68773c759 Author: Masahiro Yamada Date: Mon Jun 1 14:57:11 2020 +0900 modpost: generate vmlinux.symvers and reuse it for the second modpost The full build runs modpost twice, first for vmlinux.o and second for modules. The first pass dumps all the vmlinux symbols into Module.symvers, but the second pass parses vmlinux again instead of reusing the dump file, presumably because it needs to avoid accumulating stale symbols. Loading symbol info from a dump file is faster than parsing an ELF object. Besides, modpost deals with various issues to parse vmlinux in the second pass. A solution is to make the first pass dumps symbols into a separate file, vmlinux.symvers. The second pass reads it, and parses module .o files. The merged symbol information is dumped into Module.symvers in the same way as before. This makes further modpost cleanups possible. Also, it fixes the problem of 'make vmlinux', which previously overwrote Module.symvers, throwing away module symbols. I slightly touched scripts/link-vmlinux.sh so that vmlinux is re-linked when you cross this commit. Otherwise, vmlinux.symvers would not be generated. Signed-off-by: Masahiro Yamada commit f1005b30ade716eb9286613aeb1d33b5c7852a91 Author: Masahiro Yamada Date: Mon Jun 1 14:57:10 2020 +0900 modpost: refactor -i option calculation Prepare to use -i for in-tree modpost as well. Signed-off-by: Masahiro Yamada commit bcfedae7d92886597e581ec32dfbf698cbccb4a1 Author: Masahiro Yamada Date: Mon Jun 1 14:57:09 2020 +0900 modpost: print symbol dump file as the build target in short log The symbol dump *.symvers is the output of modpost. Print it in the short log. Signed-off-by: Masahiro Yamada commit e3fb4df7fe4e8636de32a1e4ff5ebc75257f5570 Author: Masahiro Yamada Date: Mon Jun 1 14:57:08 2020 +0900 modpost: re-add -e to set external_module flag Previously, the -i option had two functions; load a symbol dump file, and set the external_module flag. I want to assign a dedicate option for each of them. Going forward, the -i is used to load a symbol dump file, and the -e to set the external_module flag. With this, we will be able to use -i for loading in-kernel symbols. Signed-off-by: Masahiro Yamada commit 7924799ed2ddaa393c2ef0c4cd13a81d122bffde Author: Masahiro Yamada Date: Mon Jun 1 14:57:07 2020 +0900 modpost: rename ext_sym_list to dump_list The -i option is used to include Modules.symver as well as files from $(KBUILD_EXTRA_SYMBOLS). Make the struct and variable names more generic. Signed-off-by: Masahiro Yamada commit ce2ddd6d6ab3b343837d5c8e17538a5f67fa400e Author: Masahiro Yamada Date: Mon Jun 1 14:57:06 2020 +0900 modpost: allow to pass -i option multiple times to remove -e option Now that there is no difference between -i and -e, they can be unified. Make modpost accept the -i option multiple times, then remove -e. I will reuse -e for a different purpose. Signed-off-by: Masahiro Yamada commit 52c3416db00d970c91a6992ab6e5ff48e077ad29 Author: Masahiro Yamada Date: Mon Jun 1 14:57:05 2020 +0900 modpost: track if the symbol origin is a dump file or ELF object The meaning of sym->kernel is obscure; it is set for in-kernel symbols loaded from Modules.symvers. This happens only when we are building external modules, and it is used to determine whether to dump symbols to $(KBUILD_EXTMOD)/Modules.symvers It is clearer to remember whether the symbol or module came from a dump file or ELF object. This changes the KBUILD_EXTRA_SYMBOLS behavior. Previously, symbols loaded from KBUILD_EXTRA_SYMBOLS are accumulated into the current $(KBUILD_EXTMOD)/Modules.symvers Going forward, they will be only used to check symbol references, but not dumped into the current $(KBUILD_EXTMOD)/Modules.symvers. I believe this makes more sense. sym->vmlinux will have no user. Remove it too. Signed-off-by: Masahiro Yamada commit f5152f4ded3ce6d332d5e4f9d7e325c3b81cae1b Author: Erwan Velu Date: Sat Jun 6 11:35:50 2020 +0200 firmware/dmi: Report DMI Bios & EC firmware release Some vendors like HPe or Dell, encode the release version of their BIOS in the "System BIOS {Major|Minor} Release" fields of Type 0. This information is used to know which bios release actually runs. It could be used for some quirks, debugging sessions or inventory tasks. A typical output for a Dell system running the 65.27 bios is : [root@t1700 ~]# cat /sys/devices/virtual/dmi/id/bios_release 65.27 [root@t1700 ~]# Servers that have a BMC encode the release version of their firmware in the "Embedded Controller Firmware {Major|Minor} Release" fields of Type 0. This information is used to know which BMC release actually runs. It could be used for some quirks, debugging sessions or inventory tasks. A typical output for a Dell system running the 3.75 bmc release is : [root@t1700 ~]# cat /sys/devices/virtual/dmi/id/ec_firmware_release 3.75 [root@t1700 ~]# Signed-off-by: Erwan Velu Signed-off-by: Jean Delvare commit 388d8bdb87e01bcea6d0b2bf797b5f6d7b2401fb Author: Mel Gorman Date: Thu Apr 9 11:40:34 2020 +0100 tracing: Remove obsolete PREEMPTIRQ_EVENTS kconfig option The PREEMPTIRQ_EVENTS option is unused after commit c3bc8fd637a9 ("tracing: Centralize preemptirq tracepoints and unify their usage"). Remove it. Note that this option is hazardous as it stands. It enables TRACE_IRQFLAGS event on non-preempt configurations without the irqsoff tracer enabled. TRACE_IRQFLAGS as it stands incurs significant overhead on each IRQ entry/exit. This is because trace_hardirqs_[on|off] does all the per-cpu manipulations and NMI checks even if tracing is completely disabled for some insane reason. For example, netperf running UDP_STREAM on localhost incurs a 4-6% performance penalty without any tracing if IRQFLAGS is set. It can be put behind a static brach but even the function entry/exit costs a little bit. Link: https://lkml.kernel.org/r/20200409104034.GJ3818@techsingularity.net Signed-off-by: Mel Gorman Signed-off-by: Steven Rostedt (VMware) commit 2130c0ba69d69bb21f5c52787f2587db00d13d8a Author: Logan Gunthorpe Date: Wed Jan 9 12:22:33 2019 -0700 NTB: ntb_test: Fix bug when counting remote files When remote files are counted in get_files_count, without using SSH, the code returns 0 because there is a colon prepended to $LOC. $VPATH should have been used instead of $LOC. Fixes: 06bd0407d06c ("NTB: ntb_test: Update ntb_tool Scratchpad tests") Signed-off-by: Logan Gunthorpe Acked-by: Allen Hubbe Tested-by: Alexander Fomichev Signed-off-by: Jon Mason commit 34d8673a01b053b6231a995a4eec9341163d63be Author: Logan Gunthorpe Date: Wed Jan 9 12:22:32 2019 -0700 NTB: perf: Fix race condition when run with ntb_test When running ntb_test, the script tries to run the ntb_perf test immediately after probing the modules. Since adding multi-port support, this fails seeing the new initialization procedure in ntb_perf can not complete instantly. To fix this we add a completion which is waited on when a test is started. In this way, run can be written any time after the module is loaded and it will wait for the initialization to complete instead of sending an error. Fixes: 5648e56d03fa ("NTB: ntb_perf: Add full multi-port NTB API support") Signed-off-by: Logan Gunthorpe Acked-by: Allen Hubbe Tested-by: Alexander Fomichev Signed-off-by: Jon Mason commit b54369a248c2e033bfcf5d6917e08cf9d73d54a6 Author: Logan Gunthorpe Date: Wed Jan 9 12:22:31 2019 -0700 NTB: perf: Fix support for hardware that doesn't have port numbers Legacy drivers do not have port numbers (but is reliably only two ports) and was broken by the recent commit that added mult-port support to ntb_perf. This is especially important to support the cross link topology which is perfectly symmetric and cannot assign unique port numbers easily. Hardware that returns zero for both the local port and the peer should just always use gidx=0 for the only peer. Fixes: 5648e56d03fa ("NTB: ntb_perf: Add full multi-port NTB API support") Signed-off-by: Logan Gunthorpe Acked-by: Allen Hubbe Tested-by: Alexander Fomichev Signed-off-by: Jon Mason commit a9c4211ac918ade1522aced6b5acfbe824722f7d Author: Logan Gunthorpe Date: Wed Jan 9 12:22:30 2019 -0700 NTB: perf: Don't require one more memory window than number of peers ntb_perf should not require more than one memory window per peer. This was probably an off-by-one error. Fixes: 5648e56d03fa ("NTB: ntb_perf: Add full multi-port NTB API support") Signed-off-by: Logan Gunthorpe Acked-by: Allen Hubbe Tested-by: Alexander Fomichev Signed-off-by: Jon Mason commit ca93c45755da98302c93abdd788fc09113baf9e0 Author: Logan Gunthorpe Date: Wed Jan 9 12:22:29 2019 -0700 NTB: ntb_pingpong: Choose doorbells based on port number This commit fixes pingpong support for existing drivers that do not implement ntb_default_port_number() and ntb_default_peer_port_number(). This is required for hardware (like the crosslink topology of switchtec) which cannot assign reasonable port numbers to each port due to its perfect symmetry. Instead of picking the doorbell to use based on the the index of the peer, we use the peer's port number. This is a bit clearer and easier to understand. Fixes: c7aeb0afdcc2 ("NTB: ntb_pp: Add full multi-port NTB API support") Signed-off-by: Logan Gunthorpe Acked-by: Allen Hubbe Tested-by: Alexander Fomichev Signed-off-by: Jon Mason commit fc8b086d9dbd57458d136c4fa70ee26f832c3a2e Author: Logan Gunthorpe Date: Wed Jan 9 12:22:28 2019 -0700 NTB: Fix the default port and peer numbers for legacy drivers When the commit adding ntb_default_port_number() and ntb_default_peer_port_number() entered the kernel there was no users of it so it was impossible to tell what the API needed. When a user finally landed a year later (ntb_pingpong) there were more NTB topologies were created and no consideration was considered to how other drivers had changed. Now that there is a user it can be fixed to provide a sensible default for the legacy drivers that do not implement ntb_{peer_}port_number(). Seeing ntb_pingpong doesn't check error codes returning EINVAL was also not sensible. Patches for ntb_pingpong and ntb_perf follow (which are broken otherwise) to support hardware that doesn't have port numbers. This is important not only to not break support with existing drivers but for the cross link topology which, due to its perfect symmetry, cannot assign unique port numbers to each side. Fixes: 1e5301196a88 ("NTB: Add indexed ports NTB API") Signed-off-by: Logan Gunthorpe Acked-by: Allen Hubbe Tested-by: Alexander Fomichev Signed-off-by: Jon Mason commit 40da7d9a93c8941737ef4a1208d32c13ce017fe1 Author: Logan Gunthorpe Date: Wed Jan 9 12:22:27 2019 -0700 NTB: Revert the change to use the NTB device dev for DMA allocations Commit 417cf39cfea9 ("NTB: Set dma mask and dma coherent mask to NTB devices") started using the NTB device for DMA allocations which was turns out was wrong. If the IOMMU is enabled, such alloctanions will always fail with messages such as: DMAR: Allocating domain for 0000:02:00.1 failed This is because the IOMMU has not setup the device for such use. Change the tools back to using the PCI device for allocations seeing it doesn't make sense to add an IOMMU group for the non-physical NTB device. Also remove the code that sets the DMA mask as it no longer makes sense to do this. Fixes: 7f46c8b3a552 ("NTB: ntb_tool: Add full multi-port NTB API support") Signed-off-by: Logan Gunthorpe Tested-by: Alexander Fomichev Signed-off-by: Jon Mason commit 912e12813dd03c602e4922fc34709ec4d4380cf0 Author: Logan Gunthorpe Date: Wed Jan 9 12:22:26 2019 -0700 NTB: ntb_tool: reading the link file should not end in a NULL byte When running ntb_test this warning is issued: ./ntb_test.sh: line 200: warning: command substitution: ignored null byte in input This is caused by the kernel returning one more byte than is necessary when reading the link file. Reduce the number of bytes read back to 2 as it was before the commit that regressed this. Fixes: 7f46c8b3a552 ("NTB: ntb_tool: Add full multi-port NTB API support") Signed-off-by: Logan Gunthorpe Acked-by: Allen Hubbe Tested-by: Alexander Fomichev Signed-off-by: Jon Mason commit 9cb8bfdf5262b14d29617d1595b79e1f360135ab Author: Sanjay R Mehta Date: Tue May 5 23:21:52 2020 -0500 ntb_perf: avoid false dma unmap of destination address The DMA map and unmap of destination address is already being done in perf_init_test() and perf_clear_test() functions. Hence avoiding it by making necessary changes in perf_copy_chunk() function. Signed-off-by: Sanjay R Mehta Signed-off-by: Arindam Nath Signed-off-by: Jon Mason commit d7699665773b6afc14d4eef82bb3ef50467a9353 Author: Sanjay R Mehta Date: Tue May 5 23:21:51 2020 -0500 ntb_perf: increase sleep time from one milli sec to one sec After trying to send commands for a maximum of MSG_TRIES re-tries, link-up fails due to short sleep time(1ms) between re-tries. Hence increasing the sleep time to one second providing sufficient time for perf link-up. Signed-off-by: Sanjay R Mehta Signed-off-by: Arindam Nath Signed-off-by: Jon Mason commit 433efe720674efd9fdbcef78be75793393cf05db Author: Sanjay R Mehta Date: Tue May 5 23:21:50 2020 -0500 ntb_tool: pass correct struct device to dma_alloc_coherent Currently, ntb->dev is passed to dma_alloc_coherent and dma_free_coherent calls. The returned dma_addr_t is the CPU physical address. This works fine as long as IOMMU is disabled. But when IOMMU is enabled, we need to make sure that IOVA is returned for dma_addr_t. So the correct way to achieve this is by changing the first parameter of dma_alloc_coherent() as ntb->pdev->dev instead. Fixes: 5648e56d03fa ("NTB: ntb_perf: Add full multi-port NTB API support") Signed-off-by: Sanjay R Mehta Signed-off-by: Arindam Nath Signed-off-by: Jon Mason commit 98f4e140264eeb52f22ff05be6b6dd48237255ac Author: Sanjay R Mehta Date: Tue May 5 23:21:49 2020 -0500 ntb_perf: pass correct struct device to dma_alloc_coherent Currently, ntb->dev is passed to dma_alloc_coherent and dma_free_coherent calls. The returned dma_addr_t is the CPU physical address. This works fine as long as IOMMU is disabled. But when IOMMU is enabled, we need to make sure that IOVA is returned for dma_addr_t. So the correct way to achieve this is by changing the first parameter of dma_alloc_coherent() as ntb->pdev->dev instead. Fixes: 5648e56d03fa ("NTB: ntb_perf: Add full multi-port NTB API support") Signed-off-by: Logan Gunthorpe Signed-off-by: Sanjay R Mehta Signed-off-by: Arindam Nath Signed-off-by: Jon Mason commit f80fe8944e085a1065f4829a14af8394cad1c30f Author: Logan Gunthorpe Date: Tue May 5 23:21:48 2020 -0500 ntb: hw: remove the code that sets the DMA mask This patch removes the code that sets the DMA mask as it no longer makes sense to do this. Fixes: 7f46c8b3a552 ("NTB: ntb_tool: Add full multi-port NTB API support") Signed-off-by: Logan Gunthorpe Tested-by: Alexander Fomichev Signed-off-by: Sanjay R Mehta Signed-off-by: Jon Mason commit 46f21af862656c477387f2256adc1005503db67d Author: Wesley Sheng Date: Tue May 26 15:59:43 2020 +0800 NTB: correct ntb_peer_spad_addr and ntb_peer_spad_read comment typos The comment for ntb_peer_spad_addr and ntb_peer_spad_read incorrectly referred to peer doorbell register and local scratchpad register. Signed-off-by: Wesley Sheng Signed-off-by: Jon Mason commit 893733c58d59f43e4c5219bf9ab9e9d39bb14289 Author: Dave Jiang Date: Tue May 26 10:28:53 2020 -0700 ntb: intel: fix static declaration intel_ntb4_link_disable() missing static declaration. Reported-by: kbuild test robot Signed-off-by: Dave Jiang Signed-off-by: Jon Mason commit 134a86545c6072c049a2c6e77d6843e650df511d Author: Dave Jiang Date: Fri Jun 5 08:13:34 2020 -0700 ntb: intel: add hw workaround for NTB BAR alignment Add NTB_HWERR_BAR_ALIGN hw errata flag to work around issue where the aligment for the XLAT base must be BAR size aligned rather than 4k page aligned. On ICX platform, the XLAT base can be 4k page size aligned rather than BAR size aligned unlike the previous gen Intel NTB. However, a silicon errata prevented this from working as expected and a workaround is introduced to resolve the issue. Signed-off-by: Dave Jiang Signed-off-by: Jon Mason commit aaa2faab4ed8e5fe0111e04d6e168c028fe2987f Merge: e3cea0cad147 0df556457748 Author: Linus Torvalds Date: Fri Jun 5 16:44:36 2020 -0700 Merge tag 'for-linus-5.8-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux Pull orangefs updates from Mike Marshall: - John Hubbard's conversion from get_user_pages() to pin_user_pages() - Colin Ian King's removal of an unneeded variable initialization * tag 'for-linus-5.8-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux: orangefs: convert get_user_pages() --> pin_user_pages() orangefs: remove redundant assignment to variable ret commit e3cea0cad147a9ab4f0e74a2fbdf15d18df1f820 Merge: 3803d5e4d3ce fe204591cc94 Author: Linus Torvalds Date: Fri Jun 5 16:43:16 2020 -0700 Merge tag 'dlm-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm Pull dlm updates from David Teigland: "This set includes a couple minor cleanups, and dropping the interruptible from a wait_event that waits for an event from the userspace cluster management" * tag 'dlm-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm: dlm: remove BUG() before panic() dlm: Switch to using wait_event() fs:dlm:remove unneeded semicolon in rcom.c dlm: user: Replace zero-length array with flexible-array member dlm: dlm_internal: Replace zero-length array with flexible-array member commit 3803d5e4d3ce2600ffddc16a1999798bc719042d Merge: 9daa0a27a0bc 331cc667a99c Author: Linus Torvalds Date: Fri Jun 5 16:40:53 2020 -0700 Merge tag '5.8-rc-smb3-fixes-part-1' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs updates from Steve French: "22 changesets, 2 for stable. Includes big performance improvement for large i/o when using multichannel, also includes DFS fixes" * tag '5.8-rc-smb3-fixes-part-1' of git://git.samba.org/sfrench/cifs-2.6: (22 commits) cifs: update internal module version number cifs: multichannel: try to rebind when reconnecting a channel cifs: multichannel: use pointer for binding channel smb3: remove static checker warning cifs: multichannel: move channel selection above transport layer cifs: multichannel: always zero struct cifs_io_parms cifs: dump Security Type info in DebugData smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K smb3: default to minimum of two channels when multichannel specified cifs: multichannel: move channel selection in function cifs: fix minor typos in comments and log messages smb3: minor update to compression header definitions cifs: minor fix to two debug messages cifs: Standardize logging output smb3: Add new parm "nodelete" cifs: move some variables off the stack in smb2_ioctl_query_info cifs: reduce stack use in smb2_compound_op cifs: get rid of unused parameter in reconn_setup_dfs_targets() cifs: handle hostnames that resolve to same ip in failover cifs: set up next DFS target before generic_ip_connect() ... commit 9daa0a27a0bce6596be287fb1df372ff80bb1087 Merge: 0b166a57e622 8409f67b6437 Author: Linus Torvalds Date: Fri Jun 5 16:26:36 2020 -0700 Merge tag 'afs-next-20200604' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull AFS updates from David Howells: "There's some core VFS changes which affect a couple of filesystems: - Make the inode hash table RCU safe and providing some RCU-safe accessor functions. The search can then be done without taking the inode_hash_lock. Care must be taken because the object may be being deleted and no wait is made. - Allow iunique() to avoid taking the inode_hash_lock. - Allow AFS's callback processing to avoid taking the inode_hash_lock when using the inode table to find an inode to notify. - Improve Ext4's time updating. Konstantin Khlebnikov said "For now, I've plugged this issue with try-lock in ext4 lazy time update. This solution is much better." Then there's a set of changes to make a number of improvements to the AFS driver: - Improve callback (ie. third party change notification) processing by: (a) Relying more on the fact we're doing this under RCU and by using fewer locks. This makes use of the RCU-based inode searching outlined above. (b) Moving to keeping volumes in a tree indexed by volume ID rather than a flat list. (c) Making the server and volume records logically part of the cell. This means that a server record now points directly at the cell and the tree of volumes is there. This removes an N:M mapping table, simplifying things. - Improve keeping NAT or firewall channels open for the server callbacks to reach the client by actively polling the fileserver on a timed basis, instead of only doing it when we have an operation to process. - Improving detection of delayed or lost callbacks by including the parent directory in the list of file IDs to be queried when doing a bulk status fetch from lookup. We can then check to see if our copy of the directory has changed under us without us getting notified. - Determine aliasing of cells (such as a cell that is pointed to be a DNS alias). This allows us to avoid having ambiguity due to apparently different cells using the same volume and file servers. - Improve the fileserver rotation to do more probing when it detects that all of the addresses to a server are listed as non-responsive. It's possible that an address that previously stopped responding has become responsive again. Beyond that, lay some foundations for making some calls asynchronous: - Turn the fileserver cursor struct into a general operation struct and hang the parameters off of that rather than keeping them in local variables and hang results off of that rather than the call struct. - Implement some general operation handling code and simplify the callers of operations that affect a volume or a volume component (such as a file). Most of the operation is now done by core code. - Operations are supplied with a table of operations to issue different variants of RPCs and to manage the completion, where all the required data is held in the operation object, thereby allowing these to be called from a workqueue. - Put the standard "if (begin), while(select), call op, end" sequence into a canned function that just emulates the current behaviour for now. There are also some fixes interspersed: - Don't let the EACCES from ICMP6 mapping reach the user as such, since it's confusing as to whether it's a filesystem error. Convert it to EHOSTUNREACH. - Don't use the epoch value acquired through probing a server. If we have two servers with the same UUID but in different cells, it's hard to draw conclusions from them having different epoch values. - Don't interpret the argument to the CB.ProbeUuid RPC as a fileserver UUID and look up a fileserver from it. - Deal with servers in different cells having the same UUIDs. In the event that a CB.InitCallBackState3 RPC is received, we have to break the callback promises for every server record matching that UUID. - Don't let afs_statfs return values that go below 0. - Don't use running fileserver probe state to make server selection and address selection decisions on. Only make decisions on final state as the running state is cleared at the start of probing" Acked-by: Al Viro (fs/inode.c part) * tag 'afs-next-20200604' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: (27 commits) afs: Adjust the fileserver rotation algorithm to reprobe/retry more quickly afs: Show more a bit more server state in /proc/net/afs/servers afs: Don't use probe running state to make decisions outside probe code afs: Fix afs_statfs() to not let the values go below zero afs: Fix the by-UUID server tree to allow servers with the same UUID afs: Reorganise volume and server trees to be rooted on the cell afs: Add a tracepoint to track the lifetime of the afs_volume struct afs: Detect cell aliases 3 - YFS Cells with a canonical cell name op afs: Detect cell aliases 2 - Cells with no root volumes afs: Detect cell aliases 1 - Cells with root volumes afs: Implement client support for the YFSVL.GetCellName RPC op afs: Retain more of the VLDB record for alias detection afs: Fix handling of CB.ProbeUuid cache manager op afs: Don't get epoch from a server because it may be ambiguous afs: Build an abstraction around an "operation" concept afs: Rename struct afs_fs_cursor to afs_operation afs: Remove the error argument from afs_protocol_error() afs: Set error flag rather than return error from file status decode afs: Make callback processing more efficient. afs: Show more information in /proc/net/afs/servers ... commit 0b166a57e6222666292a481b742af92b50c3ba50 Merge: b25c6644bfd3 6b8ed62008a4 Author: Linus Torvalds Date: Fri Jun 5 16:19:28 2020 -0700 Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 updates from Ted Ts'o: "A lot of bug fixes and cleanups for ext4, including: - Fix performance problems found in dioread_nolock now that it is the default, caused by transaction leaks. - Clean up fiemap handling in ext4 - Clean up and refactor multiple block allocator (mballoc) code - Fix a problem with mballoc with a smaller file systems running out of blocks because they couldn't properly use blocks that had been reserved by inode preallocation. - Fixed a race in ext4_sync_parent() versus rename() - Simplify the error handling in the extent manipulation code - Make sure all metadata I/O errors are felected to ext4_ext_dirty()'s and ext4_make_inode_dirty()'s callers. - Avoid passing an error pointer to brelse in ext4_xattr_set() - Fix race which could result to freeing an inode on the dirty last in data=journal mode. - Fix refcount handling if ext4_iget() fails - Fix a crash in generic/019 caused by a corrupted extent node" * tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: (58 commits) ext4: avoid unnecessary transaction starts during writeback ext4: don't block for O_DIRECT if IOCB_NOWAIT is set ext4: remove the access_ok() check in ext4_ioctl_get_es_cache fs: remove the access_ok() check in ioctl_fiemap fs: handle FIEMAP_FLAG_SYNC in fiemap_prep fs: move fiemap range validation into the file systems instances iomap: fix the iomap_fiemap prototype fs: move the fiemap definitions out of fs.h fs: mark __generic_block_fiemap static ext4: remove the call to fiemap_check_flags in ext4_fiemap ext4: split _ext4_fiemap ext4: fix fiemap size checks for bitmap files ext4: fix EXT4_MAX_LOGICAL_BLOCK macro add comment for ext4_dir_entry_2 file_type member jbd2: avoid leaking transaction credits when unreserving handle ext4: drop ext4_journal_free_reserved() ext4: mballoc: use lock for checking free blocks while retrying ext4: mballoc: refactor ext4_mb_good_group() ext4: mballoc: introduce pcpu seqcnt for freeing PA to improve ENOSPC handling ext4: mballoc: refactor ext4_mb_discard_preallocations() ... commit 152204dbdcee6df9406f87c81f9591aeaf1ba55b Author: Andy Shevchenko Date: Sat May 30 19:40:30 2020 +0300 power: supply: cw2015: Attach OF ID table to the driver It appears that OF ID table was hanging around without being attached to the driver. Attach it properly. Fixes: b4c7715c10c1 ("power: supply: add CellWise cw2015 fuel gauge driver") Reported-by: kbuild test robot Signed-off-by: Andy Shevchenko Acked-By: Tobias Schramm Tested-By: Tobias Schramm Signed-off-by: Sebastian Reichel commit 5a1c9565c07b981449d8432cab2927cbeca73476 Author: Luca Ceresoli Date: Wed Jun 3 18:21:18 2020 +0200 power: reset: gpio-poweroff: add missing '\n' in dev_err() dev_err() needs a terminating newline. Signed-off-by: Luca Ceresoli Signed-off-by: Sebastian Reichel commit b25c6644bfd3affd7d0127ce95c5c96c155a7515 Merge: 818dbde78e0f 64611a15ca9d Author: Linus Torvalds Date: Fri Jun 5 15:45:03 2020 -0700 Merge tag 'for-5.8/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper updates from Mike Snitzer: - The largest change for this cycle is the DM zoned target's metadata version 2 feature that adds support for pairing regular block devices with a zoned device to ease the performance impact associated with finite random zones of zoned device. The changes came in three batches: the first prepared for and then added the ability to pair a single regular block device, the second was a batch of fixes to improve zoned's reclaim heuristic, and the third removed the limitation of only adding a single additional regular block device to allow many devices. Testing has shown linear scaling as more devices are added. - Add new emulated block size (ebs) target that emulates a smaller logical_block_size than a block device supports The primary use-case is to emulate "512e" devices that have 512 byte logical_block_size and 4KB physical_block_size. This is useful to some legacy applications that otherwise wouldn't be able to be used on 4K devices because they depend on issuing IO in 512 byte granularity. - Add discard interfaces to DM bufio. First consumer of the interface is the dm-ebs target that makes heavy use of dm-bufio. - Fix DM crypt's block queue_limits stacking to not truncate logic_block_size. - Add Documentation for DM integrity's status line. - Switch DMDEBUG from a compile time config option to instead use dynamic debug via pr_debug. - Fix DM multipath target's hueristic for how it manages "queue_if_no_path" state internally. DM multipath now avoids disabling "queue_if_no_path" unless it is actually needed (e.g. in response to configure timeout or explicit "fail_if_no_path" message). This fixes reports of spurious -EIO being reported back to userspace application during fault tolerance testing with an NVMe backend. Added various dynamic DMDEBUG messages to assist with debugging queue_if_no_path in the future. - Add a new DM multipath "Historical Service Time" Path Selector. - Fix DM multipath's dm_blk_ioctl() to switch paths on IO error. - Improve DM writecache target performance by using explicit cache flushing for target's single-threaded usecase and a small cleanup to remove unnecessary test in persistent_memory_claim. - Other small cleanups in DM core, dm-persistent-data, and DM integrity. * tag 'for-5.8/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: (62 commits) dm crypt: avoid truncating the logical block size dm mpath: add DM device name to Failing/Reinstating path log messages dm mpath: enhance queue_if_no_path debugging dm mpath: restrict queue_if_no_path state machine dm mpath: simplify __must_push_back dm zoned: check superblock location dm zoned: prefer full zones for reclaim dm zoned: select reclaim zone based on device index dm zoned: allocate zone by device index dm zoned: support arbitrary number of devices dm zoned: move random and sequential zones into struct dmz_dev dm zoned: per-device reclaim dm zoned: add metadata pointer to struct dmz_dev dm zoned: add device pointer to struct dm_zone dm zoned: allocate temporary superblock for tertiary devices dm zoned: convert to xarray dm zoned: add a 'reserved' zone flag dm zoned: improve logging messages for reclaim dm zoned: avoid unnecessary device recalulation for secondary superblock dm zoned: add debugging message for reading superblocks ... commit 4601e24a6fb819d38d1156d0f690cbe6a42c6d76 Author: Bruno Thomsen Date: Thu Jun 4 18:26:02 2020 +0200 rtc: pcf2127: watchdog: handle nowayout feature Driver does not use module parameter for nowayout, so it need to statically initialize status variable of the watchdog_device based on CONFIG_WATCHDOG_NOWAYOUT. Signed-off-by: Bruno Thomsen Signed-off-by: Alexandre Belloni Acked-by: Guenter Roeck Link: https://lore.kernel.org/r/20200604162602.76524-1-bruno.thomsen@gmail.com commit 3a8ce46ce15accad53b39837735c12d886964211 Author: Ran Wang Date: Mon Jun 1 15:19:14 2020 +0800 rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake Use dev_pm_set_wake_irq() instead of flag IRQF_NO_SUSPEND to enable wakeup system feature for both freeze(s2idle) and mem(deep). Signed-off-by: Ran Wang Signed-off-by: Alexandre Belloni Link: https://lore.kernel.org/r/20200601071914.36444-1-ran.wang_1@nxp.com commit 6e429f6b8c6b8f40874c50c1e8485783dd0f97a8 Author: Kevin P. Fleming Date: Sat May 30 08:29:56 2020 -0400 rtc: abx80x: Provide debug feedback for invalid dt properties When the user provides an invalid value for tc-diode or tc-resistor generate a debug message instead of silently ignoring it. Signed-off-by: Kevin P. Fleming Signed-off-by: Alexandre Belloni Link: https://lore.kernel.org/r/20200530122956.360689-1-kevin+linux@km6g.us commit 818dbde78e0f4f11c9f804c36913a7ccfc2e87ad Merge: 242b23319809 22617e216331 Author: Linus Torvalds Date: Fri Jun 5 15:11:50 2020 -0700 Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI updates from James Bottomley: :This series consists of the usual driver updates (qla2xxx, ufs, zfcp, target, scsi_debug, lpfc, qedi, qedf, hisi_sas, mpt3sas) plus a host of other minor updates. There are no major core changes in this series apart from a refactoring in scsi_lib.c" * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (207 commits) scsi: ufs: ti-j721e-ufs: Fix unwinding of pm_runtime changes scsi: cxgb3i: Fix some leaks in init_act_open() scsi: ibmvscsi: Make some functions static scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim scsi: ufs: Fix WriteBooster flush during runtime suspend scsi: ufs: Fix index of attributes query for WriteBooster feature scsi: ufs: Allow WriteBooster on UFS 2.2 devices scsi: ufs: Remove unnecessary memset for dev_info scsi: ufs-qcom: Fix scheduling while atomic issue scsi: mpt3sas: Fix reply queue count in non RDPQ mode scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event scsi: target: tcmu: Fix a use after free in tcmu_check_expired_queue_cmd() scsi: vhost: Notify TCM about the maximum sg entries supported per command scsi: qla2xxx: Remove return value from qla_nvme_ls() scsi: qla2xxx: Remove an unused function scsi: iscsi: Register sysfs for iscsi workqueue scsi: scsi_debug: Parser tables and code interaction scsi: core: Refactor scsi_mq_setup_tags function scsi: core: Fix incorrect usage of shost_for_each_device scsi: qla2xxx: Fix endianness annotations in source files ... commit 242b23319809e05170b3cc0d44d3b4bd202bb073 Merge: 3f7e82379fc9 fba97dc7fc76 Author: Linus Torvalds Date: Fri Jun 5 14:05:57 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull rdma updates from Jason Gunthorpe: "A more active cycle than most of the recent past, with a few large, long discussed works this time. The RNBD block driver has been posted for nearly two years now, and flowing through RDMA due to it also introducing a new ULP. The removal of FMR has been a recurring discussion theme for a long time. And the usual smattering of features and bug fixes. Summary: - Various small driver bugs fixes in rxe, mlx5, hfi1, and efa - Continuing driver cleanups in bnxt_re, hns - Big cleanup of mlx5 QP creation flows - More consistent use of src port and flow label when LAG is used and a mlx5 implementation - Additional set of cleanups for IB CM - 'RNBD' network block driver and target. This is a network block RDMA device specific to ionos's cloud environment. It brings strong multipath and resiliency capabilities. - Accelerated IPoIB for HFI1 - QP/WQ/SRQ ioctl migration for uverbs, and support for multiple async fds - Support for exchanging the new IBTA defiend ECE data during RDMA CM exchanges - Removal of the very old and insecure FMR interface from all ULPs and drivers. FRWR should be preferred for at least a decade now" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: (247 commits) RDMA/cm: Spurious WARNING triggered in cm_destroy_id() RDMA/mlx5: Return ECE DC support RDMA/mlx5: Don't rely on FW to set zeros in ECE response RDMA/mlx5: Return an error if copy_to_user fails IB/hfi1: Use free_netdev() in hfi1_netdev_free() RDMA/hns: Uninitialized variable in modify_qp_init_to_rtr() RDMA/core: Move and rename trace_cm_id_create() IB/hfi1: Fix hfi1_netdev_rx_init() error handling RDMA: Remove 'max_map_per_fmr' RDMA: Remove 'max_fmr' RDMA/core: Remove FMR device ops RDMA/rdmavt: Remove FMR memory registration RDMA/mthca: Remove FMR support for memory registration RDMA/mlx4: Remove FMR support for memory registration RDMA/i40iw: Remove FMR leftovers RDMA/bnxt_re: Remove FMR leftovers RDMA/mlx5: Remove FMR leftovers RDMA/core: Remove FMR pool API RDMA/rds: Remove FMR support for memory registration RDMA/srp: Remove support for FMR memory registration ... commit 3f7e82379fc91102d82ed89822bd4242c83e40d5 Merge: 1f2dc7f5b6c1 74910e15ab25 Author: Linus Torvalds Date: Fri Jun 5 14:00:30 2020 -0700 Merge tag 'gpio-v5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO updates from Linus Walleij: "This is the bulk of GPIO changes for the v5.8 kernel cycle. Core changes: - A new GPIO aggregator driver has been merged: this can join a few select GPIO lines into a new aggregated GPIO chip. This can be used for security: a process can be granted access to only these lines, for example for industrial control. Another way to use this is to reexpose certain select lines to a virtual machine or container. - Warn if the gpio-line-names is too long in he DT parser core. - GPIO lines can now be looked up by line name in addition to being looked up by offset. New drivers: - A new generic regmap GPIO driver has been merged. Too many regmap drivers are starting to look like each other so we need to create some common ground and try to move drivers over to using that. - The F7188X driver now supports F81865. Driver improvements: - Large improvements to the PCA953x expander, get multiple lines and several cleanups. - Large improvements to the DesignWare DWAPB driver, and Sergey Semin has volunteered to maintain it. - PL061 can now be built as a module, this is part of a bigger effort to make the ARM platforms more modular" * tag 'gpio-v5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (77 commits) gpio: pca953x: Drop unneeded ACPI_PTR() MAINTAINERS: Add gpio regmap section gpio: add a reusable generic gpio_chip using regmap gpiolib: Introduce gpiochip_irqchip_add_domain() gpio: gpiolib: Allow GPIO IRQs to lazy disable gpiolib: Separate GPIO_GET_LINEINFO_WATCH_IOCTL conditional gpio: rcar: Fix runtime PM imbalance on error gpio: pca935x: Allow IRQ support for driver built as a module gpio: pxa: Add COMPILE_TEST support dt-bindings: gpio: Add renesas,em-gio bindings MAINTAINERS: Fix file name for DesignWare GPIO DT schema gpio: dwapb: Remove unneeded has_irq member in struct dwapb_port_property gpio: dwapb: Don't use IRQ 0 as valid Linux interrupt gpio: dwapb: avoid error message for optional IRQ gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration gpio: max730x: bring gpiochip_add_data after port config MAINTAINERS: Add GPIO Aggregator section docs: gpio: Add GPIO Aggregator documentation gpio: Add GPIO Aggregator gpiolib: Add support for GPIO lookup by line name ... commit 1f2dc7f5b6c1fffdb24e776b9d3529bd9414aa2c Merge: 5a36f0f3f518 2a556ce779e3 Author: Linus Torvalds Date: Fri Jun 5 13:58:04 2020 -0700 Merge tag 'for-linus-5.8-1' of git://github.com/cminyard/linux-ipmi Pull IPMI updates from Corey Minyard: "A few small fixes for things, nothing earth shattering" * tag 'for-linus-5.8-1' of git://github.com/cminyard/linux-ipmi: ipmi:ssif: Remove dynamic platform device handing Try to load acpi_ipmi when an SSIF ACPI IPMI interface is added ipmi_si: Load acpi_ipmi when ACPI IPMI interface added ipmi:bt-bmc: Fix error handling and status check ipmi: Replace guid_copy() with import_guid() where it makes sense ipmi: use vzalloc instead of kmalloc for user creation ipmi:bt-bmc: Fix some format issue of the code ipmi:bt-bmc: Avoid unnecessary check commit 5a36f0f3f518c60ccddf052e6c48862f357d126f Merge: ac7b34218a00 4f085ca2f5a8 Author: Linus Torvalds Date: Fri Jun 5 13:51:49 2020 -0700 Merge tag 'vfio-v5.8-rc1' of git://github.com/awilliam/linux-vfio Pull VFIO updates from Alex Williamson: - Block accesses to disabled MMIO space (Alex Williamson) - VFIO device migration API (Kirti Wankhede) - type1 IOMMU dirty bitmap API and implementation (Kirti Wankhede) - PCI NULL capability masking (Alex Williamson) - Memory leak fixes (Qian Cai) - Reference leak fix (Qiushi Wu) * tag 'vfio-v5.8-rc1' of git://github.com/awilliam/linux-vfio: vfio iommu: typecast corrections vfio iommu: Use shift operation for 64-bit integer division vfio/mdev: Fix reference count leak in add_mdev_supported_type vfio: Selective dirty page tracking if IOMMU backed device pins pages vfio iommu: Add migration capability to report supported features vfio iommu: Update UNMAP_DMA ioctl to get dirty bitmap before unmap vfio iommu: Implementation of ioctl for dirty pages tracking vfio iommu: Add ioctl definition for dirty pages tracking vfio iommu: Cache pgsize_bitmap in struct vfio_iommu vfio iommu: Remove atomicity of ref_count of pinned pages vfio: UAPI for migration interface for device state vfio/pci: fix memory leaks of eventfd ctx vfio/pci: fix memory leaks in alloc_perm_bits() vfio-pci: Mask cap zero vfio-pci: Invalidate mmaps and block MMIO access on disabled memory vfio-pci: Fault mmaps to enable vma tracking vfio/type1: Support faulting PFNMAP vmas commit ac7b34218a0021bafd1d4c11c54217b930f516b0 Merge: 7ae77150d94d 6e0d6ac5f3d9 Author: Linus Torvalds Date: Fri Jun 5 13:45:21 2020 -0700 Merge tag 'core_core_updates_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull READ_IMPLIES_EXEC changes from Borislav Petkov: "Split the old READ_IMPLIES_EXEC workaround from executable PT_GNU_STACK now that toolchains long support PT_GNU_STACK marking and there's no need anymore to force modern programs into having all its user mappings executable instead of only the stack and the PROT_EXEC ones. Disable that automatic READ_IMPLIES_EXEC forcing on x86-64 and arm64. Add tables documenting how READ_IMPLIES_EXEC is handled on x86-64, arm and arm64. By Kees Cook" * tag 'core_core_updates_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: arm64/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces arm32/64/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK arm32/64/elf: Add tables to document READ_IMPLIES_EXEC x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK x86/elf: Add table to document READ_IMPLIES_EXEC commit 7f89cc07d22a4152f3c649a89aa8fe240effd24a Author: Denis Efremov Date: Fri Jun 5 22:11:44 2020 +0300 cxgb4: Use kfree() instead kvfree() where appropriate Use kfree(buf) in blocked_fl_read() because the memory is allocated with kzalloc(). Use kfree(t) in blocked_fl_write() because the memory is allocated with kcalloc(). Signed-off-by: Denis Efremov Signed-off-by: David S. Miller commit 6da95b52b8ea4944ed1e596ee6db176ee83ddbeb Author: Alok Prasad Date: Fri Jun 5 16:30:34 2020 +0000 net: qed: fixes crash while running driver in kdump kernel This fixes a crash introduced by recent is_kdump_kernel() check. The source of the crash is that kdump kernel can be loaded on a system with already created VFs. But for such VFs, it will follow a logic path of PF and eventually crash. Thus, we are partially reverting back previous changes and instead use is_kdump_kernel is a single init point of PF init, where we disable SRIOV explicitly. Fixes: 37d4f8a6b41f ("net: qed: Disable SRIOV functionality inside kdump kernel") Cc: Bhupesh Sharma Signed-off-by: Igor Russkikh Signed-off-by: Alok Prasad Signed-off-by: David S. Miller commit fdb4276aae1100aa13f955eff6c944a8200a15ac Author: Stefano Garzarella Date: Fri Jun 5 17:12:41 2020 +0200 vsock/vmci: make vmci_vsock_transport_cb() static Fix the following gcc-9.3 warning when building with 'make W=1': net/vmw_vsock/vmci_transport.c:2058:6: warning: no previous prototype for ‘vmci_vsock_transport_cb’ [-Wmissing-prototypes] 2058 | void vmci_vsock_transport_cb(bool is_host) | ^~~~~~~~~~~~~~~~~~~~~~~ Fixes: b1bba80a4376 ("vsock/vmci: register vmci_transport only when VMCI guest/host are active") Reported-by: kernel test robot Signed-off-by: Stefano Garzarella Signed-off-by: David S. Miller commit 90c56b3877995d948dc382fe833a1c5eeaaee2ad Author: Kees Cook Date: Fri Jun 5 07:21:22 2020 -0700 net: ethtool: Fix comment mentioning typo in IS_ENABLED() This has no code changes, but it's a typo noticed in other clean-ups, so we might as well fix it. IS_ENABLED() takes full names, and should have the "CONFIG_" prefix. Reported-by: Joe Perches Link: https://lore.kernel.org/lkml/b08611018fdb6d88757c6008a5c02fa0e07b32fb.camel@perches.com Signed-off-by: Kees Cook Signed-off-by: David S. Miller commit 49113d5e0c3f3fbf409075e69c2d1e157c387ac5 Author: Antoine Tenart Date: Fri Jun 5 16:00:09 2020 +0200 net: phy: mscc: fix Serdes configuration in vsc8584_config_init When converting the MSCC PHY driver to shared PHY packages, the Serdes configuration in vsc8584_config_init was modified to use 'base_addr' instead of 'base' as the port number. But 'base_addr' isn't equal to 'addr' for all PHYs inside the package, which leads to the Serdes still being enabled on those ports. This patch fixes it. Fixes: deb04e9c0ff2 ("net: phy: mscc: use phy_package_shared") Signed-off-by: Antoine Tenart Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit ba3823ca6a052d1aea2c7f7bf8ed6377f5f180e3 Merge: e22437207683 ae602786407f Author: David S. Miller Date: Fri Jun 5 13:15:22 2020 -0700 Merge branch 'Fixes-for-OF_MDIO-flag' Dan Murphy says: ==================== Fixes for OF_MDIO flag There are some residual drivers that check the CONFIG_OF_MDIO flag using the if defs. Using this check does not work when the OF_MDIO is configured as a module. Using the IS_ENABLED macro checks if the flag is declared as built-in or as a module. ==================== Signed-off-by: David S. Miller commit ae602786407fef34e1d66b3c8f278a10ed37197e Author: Dan Murphy Date: Fri Jun 5 09:01:07 2020 -0500 net: mscc: Fix OF_MDIO config check When CONFIG_OF_MDIO is set to be a module the code block is not compiled. Use the IS_ENABLED macro that checks for both built in as well as module. Fixes: 4f58e6dceb0e4 ("net: phy: Cleanup the Edge-Rate feature in Microsemi PHYs.") Signed-off-by: Dan Murphy Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 5cd119d9a05f1c1a08778a7305b4ca0f16bc1e20 Author: Dan Murphy Date: Fri Jun 5 09:01:06 2020 -0500 net: marvell: Fix OF_MDIO config check When CONFIG_OF_MDIO is set to be a module the code block is not compiled. Use the IS_ENABLED macro that checks for both built in as well as module. Fixes: cf41a51db8985 ("of/phylib: Use device tree properties to initialize Marvell PHYs.") Signed-off-by: Dan Murphy Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 506de00677b84dfc6718cbbd3495b1d90df5d098 Author: Dan Murphy Date: Fri Jun 5 09:01:05 2020 -0500 net: dp83867: Fix OF_MDIO config check When CONFIG_OF_MDIO is set to be a module the code block is not compiled. Use the IS_ENABLED macro that checks for both built in as well as module. Fixes: 2a10154abcb75 ("net: phy: dp83867: Add TI dp83867 phy") Signed-off-by: Dan Murphy Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit e9293c982d88b2d859e26ec42b72c06f20235315 Author: Dan Murphy Date: Fri Jun 5 09:01:04 2020 -0500 net: dp83869: Fix OF_MDIO config check When CONFIG_OF_MDIO is set to be a module the code block is not compiled. Use the IS_ENABLED macro that checks for both built in as well as module. Fixes: 01db923e83779 ("net: phy: dp83869: Add TI dp83869 phy") Signed-off-by: Dan Murphy Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit e22437207683a9099d5fb3a1b5cc8f5c7b24a583 Author: Alexander Lobakin Date: Fri Jun 5 15:53:24 2020 +0300 net: ethernet: mvneta: fix MVNETA_SKB_HEADROOM alignment Commit ca23cb0bc50f ("mvneta: MVNETA_SKB_HEADROOM set last 3 bits to zero") added headroom alignment check against 8. Hovewer (if we imagine that NET_SKB_PAD or XDP_PACKET_HEADROOM is not aligned to cacheline size), it actually aligns headroom down, while skb/xdp_buff headroom should be *at least* equal to one of the values (depending on XDP prog presence). So, fix the check to align the value up. This satisfies both hardware/driver and network stack requirements. Fixes: ca23cb0bc50f ("mvneta: MVNETA_SKB_HEADROOM set last 3 bits to zero") Signed-off-by: Alexander Lobakin Signed-off-by: David S. Miller commit 178f67b1288b6952117fdc4e5ffbd4c4bd4e4a7f Author: Dan Carpenter Date: Fri Jun 5 14:04:13 2020 +0300 ethtool: linkinfo: remove an unnecessary NULL check This code generates a Smatch warning: net/ethtool/linkinfo.c:143 ethnl_set_linkinfo() warn: variable dereferenced before check 'info' (see line 119) Fortunately, the "info" pointer is never NULL so the check can be removed. Signed-off-by: Dan Carpenter Reviewed-by: Michal Kubecek Signed-off-by: David S. Miller commit 7ae77150d94d3b535c7b85e6b3647113095e79bf Merge: 084623e468d5 1395375c5927 Author: Linus Torvalds Date: Fri Jun 5 12:39:30 2020 -0700 Merge tag 'powerpc-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc updates from Michael Ellerman: - Support for userspace to send requests directly to the on-chip GZIP accelerator on Power9. - Rework of our lockless page table walking (__find_linux_pte()) to make it safe against parallel page table manipulations without relying on an IPI for serialisation. - A series of fixes & enhancements to make our machine check handling more robust. - Lots of plumbing to add support for "prefixed" (64-bit) instructions on Power10. - Support for using huge pages for the linear mapping on 8xx (32-bit). - Remove obsolete Xilinx PPC405/PPC440 support, and an associated sound driver. - Removal of some obsolete 40x platforms and associated cruft. - Initial support for booting on Power10. - Lots of other small features, cleanups & fixes. Thanks to: Alexey Kardashevskiy, Alistair Popple, Andrew Donnellan, Andrey Abramov, Aneesh Kumar K.V, Balamuruhan S, Bharata B Rao, Bulent Abali, Cédric Le Goater, Chen Zhou, Christian Zigotzky, Christophe JAILLET, Christophe Leroy, Dmitry Torokhov, Emmanuel Nicolet, Erhard F., Gautham R. Shenoy, Geoff Levand, George Spelvin, Greg Kurz, Gustavo A. R. Silva, Gustavo Walbon, Haren Myneni, Hari Bathini, Joel Stanley, Jordan Niethe, Kajol Jain, Kees Cook, Leonardo Bras, Madhavan Srinivasan., Mahesh Salgaonkar, Markus Elfring, Michael Neuling, Michal Simek, Nathan Chancellor, Nathan Lynch, Naveen N. Rao, Nicholas Piggin, Oliver O'Halloran, Paul Mackerras, Pingfan Liu, Qian Cai, Ram Pai, Raphael Moreira Zinsly, Ravi Bangoria, Sam Bobroff, Sandipan Das, Segher Boessenkool, Stephen Rothwell, Sukadev Bhattiprolu, Tyrel Datwyler, Wolfram Sang, Xiongfeng Wang. * tag 'powerpc-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (299 commits) powerpc/pseries: Make vio and ibmebus initcalls pseries specific cxl: Remove dead Kconfig options powerpc: Add POWER10 architected mode powerpc/dt_cpu_ftrs: Add MMA feature powerpc/dt_cpu_ftrs: Enable Prefixed Instructions powerpc/dt_cpu_ftrs: Advertise support for ISA v3.1 if selected powerpc: Add support for ISA v3.1 powerpc: Add new HWCAP bits powerpc/64s: Don't set FSCR bits in INIT_THREAD powerpc/64s: Save FSCR to init_task.thread.fscr after feature init powerpc/64s: Don't let DT CPU features set FSCR_DSCR powerpc/64s: Don't init FSCR_DSCR in __init_FSCR() powerpc/32s: Fix another build failure with CONFIG_PPC_KUAP_DEBUG powerpc/module_64: Use special stub for _mcount() with -mprofile-kernel powerpc/module_64: Simplify check for -mprofile-kernel ftrace relocations powerpc/module_64: Consolidate ftrace code powerpc/32: Disable KASAN with pages bigger than 16k powerpc/uaccess: Don't set KUEP by default on book3s/32 powerpc/uaccess: Don't set KUAP by default on book3s/32 powerpc/8xx: Reduce time spent in allow_user_access() and friends ... commit 084623e468d535d98f883cc2ccf2c4fdf2108556 Merge: f4dd60a3d4c7 5c3a7db0c7ec Author: Linus Torvalds Date: Fri Jun 5 12:31:16 2020 -0700 Merge tag 'modules-for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux Pull module updates from Jessica Yu: - Harden CONFIG_STRICT_MODULE_RWX by rejecting any module that has SHF_WRITE|SHF_EXECINSTR sections - Remove and clean up nested #ifdefs, as it makes code hard to read * tag 'modules-for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: module: Harden STRICT_MODULE_RWX module: break nested ARCH_HAS_STRICT_MODULE_RWX and STRICT_MODULE_RWX #ifdefs commit 300e549b6e53025ea69550f009451f7a13bfc3eb Merge: 83d060ca8d90 9e8990dea926 Author: Andreas Gruenbacher Date: Fri Jun 5 21:25:36 2020 +0200 Merge branch 'gfs2-iopen' into for-next commit 83d060ca8d90fa1e3feac227f995c013100862d3 Author: Bob Peterson Date: Thu Jun 4 14:28:58 2020 -0500 gfs2: fix use-after-free on transaction ail lists Before this patch, transactions could be merged into the system transaction by function gfs2_merge_trans(), but the transaction ail lists were never merged. Because the ail flushing mechanism can run separately, bd elements can be attached to the transaction's buffer list during the transaction (trans_add_meta, etc) but quickly moved to its ail lists. Later, in function gfs2_trans_end, the transaction can be freed (by gfs2_trans_end) while it still has bd elements queued to its ail lists, which can cause it to either lose track of the bd elements altogether (memory leak) or worse, reference the bd elements after the parent transaction has been freed. Although I've not seen any serious consequences, the problem becomes apparent with the previous patch's addition of: gfs2_assert_warn(sdp, list_empty(&tr->tr_ail1_list)); to function gfs2_trans_free(). This patch adds logic into gfs2_merge_trans() to move the merged transaction's ail lists to the sdp transaction. This prevents the use-after-free. To do this properly, we need to hold the ail lock, so we pass sdp into the function instead of the transaction itself. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit b839dadae8721eaf7245fcef3d67d82b95d00c77 Author: Bob Peterson Date: Wed Apr 17 12:04:27 2019 -0600 gfs2: new slab for transactions This patch adds a new slab for gfs2 transactions. That allows us to reduce kernel memory fragmentation, have better organization of data for analysis of vmcore dumps. A new centralized function is added to free the slab objects, and it exposes use-after-free by giving warnings if a transaction is freed while it still has bd elements attached to its buffers or ail lists. We make sure to initialize those transaction ail lists so we can check their integrity when freeing. At a later time, we should add a slab initialization function to make it more efficient, but for this initial patch I wanted to minimize the impact. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit cbcc89b630447ec7836aa2b9242d9bb1725f5a61 Author: Bob Peterson Date: Fri Jun 5 14:12:34 2020 -0500 gfs2: initialize transaction tr_ailX_lists earlier Since transactions may be freed shortly after they're created, before a log_flush occurs, we need to initialize their ail1 and ail2 lists earlier. Before this patch, the ail1 list was initialized in gfs2_log_flush(). This moves the initialization to the point when the transaction is first created. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit 64611a15ca9da91ff532982429c44686f4593b5f Author: Eric Biggers Date: Thu Jun 4 12:01:26 2020 -0700 dm crypt: avoid truncating the logical block size queue_limits::logical_block_size got changed from unsigned short to unsigned int, but it was forgotten to update crypt_io_hints() to use the new type. Fix it. Fixes: ad6bf88a6c19 ("block: fix an integer overflow in logical block size") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers Reviewed-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit 04867370ec40b708bd335df641182ddab0c59685 Author: Mike Snitzer Date: Thu Jun 4 10:44:34 2020 -0400 dm mpath: add DM device name to Failing/Reinstating path log messages When there are many DM multipath devices it really helps to have additional context for which DM device a failed or reinstated path is part of. Signed-off-by: Mike Snitzer commit 4c3f48380fedbd714fc95958f503c1b5adf3ee6b Author: Mike Snitzer Date: Fri May 29 15:59:13 2020 -0400 dm mpath: enhance queue_if_no_path debugging Add more DMDEBUG that shows arguments passed and caller, and another that shows state of related flags at end of queue_if_no_path(). Also add queue_if_no_path DMDEBUG to multipath_resume(). Signed-off-by: Mike Snitzer commit 553ec94cb4b4937b48f81e27de33f71325d1a227 Author: Mike Snitzer Date: Wed May 27 16:32:51 2020 -0400 dm mpath: restrict queue_if_no_path state machine Do not allow saving disabled queue_if_no_path if already saved as enabled; implies multiple suspends (which shouldn't ever happen). Log if this unlikely scenario is ever triggered. Also, only write MPATHF_SAVED_QUEUE_IF_NO_PATH during presuspend or if "fail_if_no_path" message. MPATHF_SAVED_QUEUE_IF_NO_PATH is no longer always modified, e.g.: even if queue_if_no_path()'s save_old_value argument wasn't set. This just implies a bit tighter control over the management of MPATHF_SAVED_QUEUE_IF_NO_PATH. Side-effect is multipath_resume() doesn't reset MPATHF_QUEUE_IF_NO_PATH unless MPATHF_SAVED_QUEUE_IF_NO_PATH was set (during presuspend); and at that time the MPATHF_SAVED_QUEUE_IF_NO_PATH bit gets cleared. So MPATHF_SAVED_QUEUE_IF_NO_PATH's use is much more narrow in scope. Last, but not least, do _not_ disable queue_if_no_path during noflush suspend. There is no need/benefit to saving off queue_if_no_path via MPATHF_SAVED_QUEUE_IF_NO_PATH and clearing MPATHF_QUEUE_IF_NO_PATH for noflush suspend -- by avoiding this needless queue_if_no_path flag churn there is less potential for MPATHF_QUEUE_IF_NO_PATH to get lost. Which avoids potential for IOs to be errored back up to userspace during DM multipath's handling of path failures. That said, this last change papers over a reported issue concerning request-based dm-multipath's interaction with blk-mq, relative to suspend and resume: multipath_endio is being called _before_ multipath_resume. This should never happen if DM suspend's blk_mq_quiesce_queue() + dm_wait_for_completion() is genuinely waiting for all inflight blk-mq requests to complete. Similarly: drivers/md/dm.c:__dm_resume() clearly calls dm_table_resume_targets() _before_ dm_start_queue()'s blk_mq_unquiesce_queue() is called. If the queue isn't even restarted until after multipath_resume(); the BIG question that still needs answering is: how can multipath_end_io beat multipath_resume in a race!? Signed-off-by: Mike Snitzer commit a862e4e2154289fc12aa9e70f33614d9c70f3be4 Author: Mike Snitzer Date: Tue May 26 16:06:56 2020 -0400 dm mpath: simplify __must_push_back Remove micro-optimization that infers device is between presuspend and resume (was done purely to avoid call to dm_noflush_suspending, which isn't expensive anyway). Remove flags argument since they are no longer checked. And remove must_push_back_bio() since it was simply a call to __must_push_back(). Signed-off-by: Mike Snitzer commit 27d49ac1dd751897506ba51df7226fc0ce7ef681 Author: Hannes Reinecke Date: Tue Jun 2 13:09:56 2020 +0200 dm zoned: check superblock location When specifying several devices the superblock location must be checked to ensure the devices are specified in the correct order. Signed-off-by: Hannes Reinecke Signed-off-by: Mike Snitzer commit 2094045fe5b5dda98c4ec6cb1ac7b12ba4382856 Author: Hannes Reinecke Date: Tue Jun 2 13:09:55 2020 +0200 dm zoned: prefer full zones for reclaim Prefer full zones when selecting the next zone for reclaim. Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 69875d443bc3bb1b2e1f77fe3da5ad5c8c729aa2 Author: Hannes Reinecke Date: Tue Jun 2 13:09:54 2020 +0200 dm zoned: select reclaim zone based on device index per-device reclaim should select zones on that device only. Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 22c1ef66c4cbb82baf81a28abedfe8ad20ad9126 Author: Hannes Reinecke Date: Tue Jun 2 13:09:53 2020 +0200 dm zoned: allocate zone by device index When allocating a zone, pass in an indicator on which device the zone should be allocated; this increases performance for a multi-device setup because reclaim will now allocate zones on the device for which reclaim is running. Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 4dba12881f882b629774796bb8655f5b1415d803 Author: Hannes Reinecke Date: Tue Jun 2 13:09:52 2020 +0200 dm zoned: support arbitrary number of devices Remove the hard-coded limit of two devices and support an unlimited number of additional zoned devices. Signed-off-by: Hannes Reinecke Signed-off-by: Mike Snitzer commit bd82fdabf162fec1404c4e22988b178c4f3dd23b Author: Hannes Reinecke Date: Tue Jun 2 13:09:51 2020 +0200 dm zoned: move random and sequential zones into struct dmz_dev Random and sequential zones should be part of the respective device structure to make arbitration between devices possible. Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit f97809aec58995a87a9a30cb45c9a6148377df64 Author: Hannes Reinecke Date: Tue Jun 2 13:09:50 2020 +0200 dm zoned: per-device reclaim Instead of having one reclaim workqueue for the entire set we should be allocating a reclaim workqueue per device; doing so will reduce contention and should boost performance for a multi-device setup. Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 18979819b57ecbc598a8e27d925ab4bb9e145cf0 Author: Hannes Reinecke Date: Tue Jun 2 13:09:49 2020 +0200 dm zoned: add metadata pointer to struct dmz_dev Add a metadata pointer within struct dmz_dev and use it as argument for blkdev_report_zones() instead of the metadata itself. Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 8f22272af7a72763fe9f6b710cdcc380fed80f75 Author: Hannes Reinecke Date: Tue Jun 2 13:09:48 2020 +0200 dm zoned: add device pointer to struct dm_zone Add a pointer, to the containing device, within struct dm_zone and kill dmz_zone_to_dev(). Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 5d2c74f3ddc010b5812e556715f7605201eff101 Author: Hannes Reinecke Date: Tue Jun 2 13:09:47 2020 +0200 dm zoned: allocate temporary superblock for tertiary devices Checking the tertiary superblock just consists of validating UUIDs, crcs, and the generation number; it doesn't have contents which would be required during the actual operation. So allocate a temporary superblock when checking tertiary devices to avoid having to store it together with the 'real' superblocks. Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit a92fbc446d1a93950b7e25bec6ad75dd26f01ba8 Author: Hannes Reinecke Date: Tue Jun 2 13:09:46 2020 +0200 dm zoned: convert to xarray The zones array is getting really large, and large arrays tend to wreak havoc with the CPU caches. So convert it to xarray to become more cache friendly. Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Colin Ian King # fix leak in dmz_insert Signed-off-by: Mike Snitzer commit aec67b4ffa4bea4a02063d9a0f379e5795d6f5dc Author: Hannes Reinecke Date: Tue Jun 2 13:09:45 2020 +0200 dm zoned: add a 'reserved' zone flag Instead of counting the number of reserved zones in dmz_free_zone(), mark the zone as 'reserved' during allocation and simplify dmz_free_zone(). Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit c3ff479dde9f77d044c164f3ff5443bbe2b6c72d Author: Hannes Reinecke Date: Tue Jun 2 13:09:44 2020 +0200 dm zoned: improve logging messages for reclaim Instead of just reporting the errno, add some more verbose debugging message in the reclaim path. Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 1565929b870fe166c5a57a85d6cb5a2bfe1e6c84 Author: Hannes Reinecke Date: Tue Jun 2 13:09:43 2020 +0200 dm zoned: avoid unnecessary device recalulation for secondary superblock The secondary superblock must reside on the same device as the primary superblock, so there is no need to re-calculate the device. Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 35d0c96e422a484bbc5d4921fa20dcc880bfba2c Author: Hannes Reinecke Date: Tue Jun 2 13:09:42 2020 +0200 dm zoned: add debugging message for reading superblocks Signed-off-by: Hannes Reinecke Reviewed-by: Damien Le Moal Signed-off-by: Mike Snitzer commit 334b4fc17275667b38ebfd719714dab0edb83c6a Author: Mikulas Patocka Date: Tue Jun 2 15:34:41 2020 +0200 dm ebs: use dm_bufio_forget_buffers Use dm_bufio_forget_buffers instead of a block-by-block loop that calls dm_bufio_forget. dm_bufio_forget_buffers is faster than the loop because it searches for used buffers using rb-tree. Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit 33a180623b6c35f2727daecb63763955af3af1df Author: Mikulas Patocka Date: Tue Jun 2 15:34:40 2020 +0200 dm bufio: introduce forget_buffer_locked Introduce a function forget_buffer_locked that forgets a range of buffers. It is more efficient than calling forget_buffer in a loop. Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit 88f878e58879acfdad03e08776c9802f9cd6f26a Author: Mikulas Patocka Date: Tue Jun 2 15:34:39 2020 +0200 dm bufio: clean up rbtree block ordering dm-bufio uses unnatural ordering in the rb-tree - blocks with smaller numbers were put to the right node and blocks with bigger numbers were put to the left node. Reverse that logic so that it's natural. Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit 40e9c5ac4e3d670799a247944c330e5126935a7c Author: Mikulas Patocka Date: Tue Jun 2 09:48:10 2020 -0400 dm integrity: add status line documentation Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit 9e8990dea9266af68a668b1503dc6f55c56f1bb6 Author: Andreas Gruenbacher Date: Fri Jan 17 10:53:23 2020 +0100 gfs2: Smarter iopen glock waiting When trying to upgrade the iopen glock from a shared to an exclusive lock in gfs2_evict_inode, abort the wait if there is contention on the corresponding inode glock: in that case, the inode must still be in active use on another node, and we're not guaranteed to get the iopen glock anytime soon. To make this work even better, when we notice contention on the iopen glock and we can't evict the corresponsing inode and release the iopen glock immediately, poke the inode glock. The other node(s) trying to acquire the lock can then abort instead of timing out. Thanks to Heinz Mauelshagen for pointing out a locking bug in a previous version of this patch. Signed-off-by: Andreas Gruenbacher commit 35b6f8fbcf9b2ebdee0a0f77143a8d203a9616e1 Author: Andreas Gruenbacher Date: Fri Jan 17 13:48:49 2020 +0100 gfs2: Wake up when setting GLF_DEMOTE Wake up the sdp->sd_async_glock_wait wait queue when setting the GLF_DEMOTE flag. Signed-off-by: Andreas Gruenbacher commit b0dcffd8da3339ad0300587ce7030efdf2e914a9 Author: Andreas Gruenbacher Date: Wed Jan 15 09:54:14 2020 +0100 gfs2: Check inode generation number in delete_work_func In delete_work_func, if the iopen glock still has an inode attached, limit the inode lookup to that specific generation number: in the likely case that the inode was deleted on the node on which the inode's link count dropped to zero, we can skip verifying the on-disk block type and reading in the inode. The same applies if another node that had the inode open managed to delete the inode before us. Signed-off-by: Andreas Gruenbacher commit b66648ad6dcfefd9f02b5408c1381987c090cb13 Author: Andreas Gruenbacher Date: Wed Jan 15 06:21:42 2020 +0100 gfs2: Move inode generation number check into gfs2_inode_lookup Move the inode generation number check from gfs2_lookup_by_inum into gfs2_inode_lookup: gfs2_inode_lookup may be able to decide that an inode with the given inode generation number cannot exist without having to verify the block type or reading the inode from disk. Signed-off-by: Andreas Gruenbacher commit 6bdcadea75768bbd1cd8f6f13011978e1e19a53b Author: Andreas Gruenbacher Date: Wed Jan 15 05:31:38 2020 +0100 gfs2: Minor gfs2_lookup_by_inum cleanup Use a zero no_formal_ino instead of a NULL pointer to indicate that any inode generation number will qualify: a valid inode never has a zero no_formal_ino. Signed-off-by: Andreas Gruenbacher commit 9e73330f298acf544de72436b7bb825ff3aa1a54 Author: Andreas Gruenbacher Date: Tue Jan 14 14:59:08 2020 +0100 gfs2: Try harder to delete inodes locally When an inode's link count drops to zero and the inode is cached on other nodes, the current behavior of gfs2 is to immediately give up and to rely on the other node(s) to delete the inode if there is iopen glock contention. This leads to resource group glock bouncing and the loss of caching. With the previous patches in place, we can fix that by not giving up immediately. When the inode is still open on other nodes, those nodes won't be able to evict the inode and give up the iopen glock. In that case, our lock conversion request will time out. The unlink system call will block for the duration of the iopen lock conversion request. We're also holding the inode glock in EX mode for an extended duration, so other nodes won't be able to make progress on the inode, either. This is worse than what we had before, but we can prevent other nodes from getting stuck by aborting our iopen locking request if there is contention on the inode glock. This will the the subject of a future patch. Signed-off-by: Andreas Gruenbacher commit 8c7b9262a8607636ecd7250f29c7aac17f08901c Author: Andreas Gruenbacher Date: Mon Jan 13 22:16:17 2020 +0100 gfs2: Give up the iopen glock on contention When there's contention on the iopen glock, it means that the link count of the corresponding inode has dropped to zero on a remote node which is now trying to delete the inode. In that case, try to evict the inode so that the iopen glock will be released, which will allow the remote node to do its job. When the inode is still open locally, the inode's reference count won't drop to zero and so we'll keep holding the inode and its iopen glock. The remote node will time out its request to grab the iopen glock, and when the inode is finally closed locally, we'll try to delete it ourself. Signed-off-by: Andreas Gruenbacher commit a0e3cc65fa29f497cc97a069c318532c2a48d148 Author: Andreas Gruenbacher Date: Thu Jan 16 20:12:26 2020 +0100 gfs2: Turn gl_delete into a delayed work This requires flushing delayed work items in gfs2_make_fs_ro (which is called before unmounting a filesystem). When inodes are deleted and then recreated, pending gl_delete work items would have no effect because the inode generations will have changed, so we can cancel any pending gl_delete works before reusing iopen glocks. Signed-off-by: Andreas Gruenbacher commit f286d627ef026a4d04b41ae5917d58ddf243c3c5 Author: Andreas Gruenbacher Date: Mon Jan 13 21:21:49 2020 +0100 gfs2: Keep track of deleted inode generations in LVBs When deleting an inode, keep track of the generation of the deleted inode in the inode glock Lock Value Block (LVB). When trying to delete an inode remotely, check the last-known inode generation against the deleted inode generation to skip duplicate remote deletes. This avoids taking the resource group glock in order to verify the block type. Signed-off-by: Andreas Gruenbacher commit 15f2547b4157a1e7e4d75bec5df097c1436f6cbd Author: Bob Peterson Date: Wed Jan 15 12:47:46 2020 -0600 gfs2: Allow ASPACE glocks to also have an lvb Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit f4dd60a3d4c7656dcaa0ba2afb503528c86f913f Merge: 435faf5c218a bd1de2a7aace Author: Linus Torvalds Date: Fri Jun 5 11:18:53 2020 -0700 Merge tag 'x86-mm-2020-06-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 mm updates from Ingo Molnar: "Misc changes: - Unexport various PAT primitives - Unexport per-CPU tlbstate and uninline TLB helpers" * tag 'x86-mm-2020-06-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits) x86/tlb/uv: Add a forward declaration for struct flush_tlb_info x86/cpu: Export native_write_cr4() only when CONFIG_LKTDM=m x86/tlb: Restrict access to tlbstate xen/privcmd: Remove unneeded asm/tlb.h include x86/tlb: Move PCID helpers where they are used x86/tlb: Uninline nmi_uaccess_okay() x86/tlb: Move cr4_set_bits_and_update_boot() to the usage site x86/tlb: Move paravirt_tlb_remove_table() to the usage site x86/tlb: Move __flush_tlb_all() out of line x86/tlb: Move flush_tlb_others() out of line x86/tlb: Move __flush_tlb_one_kernel() out of line x86/tlb: Move __flush_tlb_one_user() out of line x86/tlb: Move __flush_tlb_global() out of line x86/tlb: Move __flush_tlb() out of line x86/alternatives: Move temporary_mm helpers into C x86/cr4: Sanitize CR4.PCE update x86/cpu: Uninline CR4 accessors x86/tlb: Uninline __get_current_cr3_fast() x86/mm: Use pgprotval_t in protval_4k_2_large() and protval_large_2_4k() x86/mm: Unexport __cachemode2pte_tbl ... commit d5dc3d9677394d4fb4dca61856491df5a37db31a Author: Bob Peterson Date: Fri May 22 14:03:21 2020 -0500 gfs2: instrumentation wrt log_flush stuck This adds checks for gfs2_log_flush being stuck, similarly to the check in gfs2_ail1_flush. To faciliate this and make the strings easy to grep we move the ail1 emptying to its own function, empty_ail1_list. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit 91231e525bb654731f60d6699472e1e98379bb01 Author: Dan Carpenter Date: Fri Jun 5 14:01:34 2020 +0300 ALSA: emu10k1: delete an unnecessary condition The "val" variable is an unsigned int so it's always <= UINT_MAX. This check is always true so it can be removed. Signed-off-by: Dan Carpenter Link: https://lore.kernel.org/r/20200605110134.GC978434@mwanda Signed-off-by: Takashi Iwai commit 34d2618d3318bf4832a13ef71c96833dc996f7d5 Author: Paolo Bonzini Date: Fri May 15 12:18:14 2020 -0400 KVM: x86: emulate reserved nops from 0f/18 to 0f/1f Instructions starting with 0f18 up to 0f1f are reserved nops, except those that were assigned to MPX. These include the endbr markers used by CET. List them correctly in the opcode table. Signed-off-by: Paolo Bonzini commit b80db73dc8be7022adae1b4414a1bebce50fe915 Author: Vitaly Kuznetsov Date: Fri Jun 5 16:20:28 2020 +0200 KVM: selftests: Fix build with "make ARCH=x86_64" Marcelo reports that kvm selftests fail to build with "make ARCH=x86_64": gcc -Wall -Wstrict-prototypes -Wuninitialized -O2 -g -std=gnu99 -fno-stack-protector -fno-PIE -I../../../../tools/include -I../../../../tools/arch/x86_64/include -I../../../../usr/include/ -Iinclude -Ilib -Iinclude/x86_64 -I.. -c lib/kvm_util.c -o /var/tmp/20200604202744-bin/lib/kvm_util.o In file included from lib/kvm_util.c:11: include/x86_64/processor.h:14:10: fatal error: asm/msr-index.h: No such file or directory #include ^~~~~~~~~~~~~~~~~ compilation terminated. "make ARCH=x86", however, works. The problem is that arch specific headers for x86_64 live in 'tools/arch/x86/include', not in 'tools/arch/x86_64/include'. Fixes: 66d69e081b52 ("selftests: fix kvm relocatable native/cross builds and installs") Reported-by: Marcelo Bandeira Condotta Signed-off-by: Vitaly Kuznetsov Message-Id: <20200605142028.550068-1-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini commit ea4e61c7f46d33fdf17580a925e47cc83570d658 Author: Bob Peterson Date: Sat May 23 08:13:50 2020 -0500 gfs2: introduce new gfs2_glock_assert_withdraw Before this patch, asserts based on glocks did not print the glock with the error. This patch introduces a new macro, gfs2_glock_assert_withdraw which first prints the glock, then takes the assert. This also changes a few glock asserts to the new macro. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit 7e901d6e9519db4db0dd30a33ec172dd094cfb11 Author: Bob Peterson Date: Fri May 22 13:57:41 2020 -0500 gfs2: print mapping->nrpages in glock dump for address space glocks This patch makes the glock dumps in debugfs print the number of pages (nrpages) for address space glocks. This will aid in debugging. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit 5ac0d62226a07849b1a5233af8c800a19cecab83 Author: David Howells Date: Wed Jun 3 22:21:16 2020 +0100 rxrpc: Fix missing notification Under some circumstances, rxrpc will fail a transmit a packet through the underlying UDP socket (ie. UDP sendmsg returns an error). This may result in a call getting stuck. In the instance being seen, where AFS tries to send a probe to the Volume Location server, tracepoints show the UDP Tx failure (in this case returing error 99 EADDRNOTAVAIL) and then nothing more: afs_make_vl_call: c=0000015d VL.GetCapabilities rxrpc_call: c=0000015d NWc u=1 sp=rxrpc_kernel_begin_call+0x106/0x170 [rxrpc] a=00000000dd89ee8a rxrpc_call: c=0000015d Gus u=2 sp=rxrpc_new_client_call+0x14f/0x580 [rxrpc] a=00000000e20e4b08 rxrpc_call: c=0000015d SEE u=2 sp=rxrpc_activate_one_channel+0x7b/0x1c0 [rxrpc] a=00000000e20e4b08 rxrpc_call: c=0000015d CON u=2 sp=rxrpc_kernel_begin_call+0x106/0x170 [rxrpc] a=00000000e20e4b08 rxrpc_tx_fail: c=0000015d r=1 ret=-99 CallDataNofrag The problem is that if the initial packet fails and the retransmission timer hasn't been started, the call is set to completed and an error is returned from rxrpc_send_data_packet() to rxrpc_queue_packet(). Though rxrpc_instant_resend() is called, this does nothing because the call is marked completed. So rxrpc_notify_socket() isn't called and the error is passed back up to rxrpc_send_data(), rxrpc_kernel_send_data() and thence to afs_make_call() and afs_vl_get_capabilities() where it is simply ignored because it is assumed that the result of a probe will be collected asynchronously. Fileserver probing is similarly affected via afs_fs_get_capabilities(). Fix this by always issuing a notification in __rxrpc_set_call_completion() if it shifts a call to the completed state, even if an error is also returned to the caller through the function return value. Also put in a little bit of optimisation to avoid taking the call state_lock and disabling softirqs if the call is already in the completed state and remove some now redundant rxrpc_notify_socket() calls. Fixes: f5c17aaeb2ae ("rxrpc: Calls should only have one terminal state") Reported-by: Gerry Seidman Signed-off-by: David Howells Reviewed-by: Marc Dionne commit 3067bf8c596d59164f48569a2d362de5b4c42f59 Author: David Howells Date: Wed Jun 3 22:21:16 2020 +0100 rxrpc: Move the call completion handling out of line Move the handling of call completion out of line so that the next patch can add more code in that area. Signed-off-by: David Howells Reviewed-by: Marc Dionne commit 523f3ec030aa5bf4818ec8dee35b2646abf367fa Author: Johannes Berg Date: Wed Jun 3 11:15:03 2020 +0200 mac80211: initialize return flags in HE 6 GHz operation parsing Dan points out that if ieee80211_chandef_he_6ghz_oper() succeeds, we don't initialize 'ret'. Initialize it to 0 in this case, since everything went fine and nothing has to be disabled. Reported-by: Dan Carpenter Fixes: 57fa5e85d53c ("mac80211: determine chandef from HE 6 GHz operation") Signed-off-by: Johannes Berg Link: https://lore.kernel.org/r/20200603111500.bd2a5ff37b83.I2c3f338ce343b581db493eb9a0d988d1b626c8fb@changeid Signed-off-by: Johannes Berg commit 54e74df5d76dea824c7c0c9d1b97150bf9b33793 Author: Xiongfeng Wang Date: Sat May 30 10:08:31 2020 +0800 cpufreq: CPPC: add SW BOOST support To add SW BOOST support for CPPC, we need to get the max frequency of boost mode and non-boost mode. ACPI spec 6.2 section 8.4.7.1 describes the following two CPC registers. "Highest performance is the absolute maximum performance an individual processor may reach, assuming ideal conditions. This performance level may not be sustainable for long durations, and may only be achievable if other platform components are in a specific state; for example, it may require other processors be in an idle state. Nominal Performance is the maximum sustained performance level of the processor, assuming ideal operating conditions. In absence of an external constraint (power, thermal, etc.) this is the performance level the platform is expected to be able to maintain continuously. All processors are expected to be able to sustain their nominal performance state simultaneously." To add SW BOOST support for CPPC, we can use Highest Performance as the max performance in boost mode and Nominal Performance as the max performance in non-boost mode. If the Highest Performance is greater than the Nominal Performance, we assume SW BOOST is supported. The current CPPC driver does not support SW BOOST and use 'Highest Performance' as the max performance the CPU can achieve. 'Nominal Performance' is used to convert 'performance' to 'frequency'. That means, if firmware enable boost and provide a value for Highest Performance which is greater than Nominal Performance, boost feature is enabled by default. Because SW BOOST is disabled by default, so, after this patch, boost feature is disabled by default even if boost is enabled by firmware. Signed-off-by: Xiongfeng Wang Suggested-by: Viresh Kumar Acked-by: Viresh Kumar [ rjw: Subject ] Signed-off-by: Rafael J. Wysocki commit cf6fada71543ceea0f6228ffdc0b85778f3f5a6e Author: Xiongfeng Wang Date: Sat May 30 10:08:30 2020 +0800 cpufreq: change '.set_boost' to act on one policy Macro 'for_each_active_policy()' is defined internally. To avoid some cpufreq driver needing this macro to iterate over all the policies in '.set_boost' callback, we redefine '.set_boost' to act on only one policy and pass the policy as an argument. 'cpufreq_boost_trigger_state()' iterates over all the policies to set boost for the system. This is preparation for adding SW BOOST support for CPPC. To protect Boost enable/disable by sysfs from CPU online/offline, add 'cpu_hotplug_lock' before calling '.set_boost' for each CPU. Also move the lock from 'set_boost()' to 'store_cpb()' in acpi_cpufreq. Signed-off-by: Xiongfeng Wang Suggested-by: Viresh Kumar Acked-by: Viresh Kumar [ rjw: Subject & changelog ] Signed-off-by: Rafael J. Wysocki commit afd8d7c7f93681370f6fc2ec62f2705710eee62d Author: Christophe JAILLET Date: Sun May 31 23:00:59 2020 +0200 PM: hibernate: Add __init annotation to swsusp_header_init() 'swsusp_header_init()' is only called via 'core_initcall'. It can be marked as __init to save a few bytes of memory. Signed-off-by: Christophe JAILLET [ rjw: Subject ] Signed-off-by: Rafael J. Wysocki commit 34a09bffd9982fdced603643068c39de867ec778 Author: Bob Moore Date: Thu Jun 4 13:44:21 2020 -0700 ACPICA: Update version to 20200528 ACPICA commit 30ceafb55b59724f73ae6f2b35523417c4e569ea Version 20200528. Link: https://github.com/acpica/acpica/commit/30ceafb5 Signed-off-by: Bob Moore Signed-off-by: Erik Kaneda Signed-off-by: Rafael J. Wysocki commit f083906fa9c1643e5c16b887cc29099fdfc3e875 Author: Erik Kaneda Date: Thu Jun 4 13:44:20 2020 -0700 ACPICA: iASL: add new OperationRegion subtype keyword PlatformRtMechanism ACPICA commit 2c2eefa827bd37297f5f9ca4b263fcba829aaf3f Link: https://github.com/acpica/acpica/commit/2c2eefa8 Signed-off-by: Erik Kaneda Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki commit d82faa0825061aef01b99c3c94f77713b483b060 Author: Bob Moore Date: Thu Jun 4 13:44:19 2020 -0700 ACPICA: acpidump: Removed dead code from oslinuxtbl.c ACPICA commit 4d938d048790983b8b4252b0f4aeec59dabb476c ACPICA BZ 1119. Link: https://github.com/acpica/acpica/commit/4d938d04 Signed-off-by: Bob Moore Signed-off-by: Erik Kaneda Signed-off-by: Rafael J. Wysocki commit 8a9144c1cf523221b37dd3393827253c91fcbf54 Author: Dan Murphy Date: Tue Jun 2 14:35:23 2020 -0500 dt-bindings: ASoc: Fix tdm-slot documentation spelling error Fix the spelling of 'specified'. Also fix grammarical issue with the use of 'a' over 'an' Signed-off-by: Dan Murphy Link: https://lore.kernel.org/r/20200602193524.30309-1-dmurphy@ti.com Signed-off-by: Mark Brown commit 6e801dc411329aff592fbd48fb116183d0acdb00 Author: Colin Ian King Date: Thu Jun 4 18:12:16 2020 +0100 ASoC: meson: fix memory leak of links if allocation of ldata fails Currently if the allocation of ldata fails the error return path does not kfree the allocated links object. Fix this by adding an error exit return path that performs the necessary kfree'ing. Fixes: 7864a79f37b5 ("ASoC: meson: add axg sound card support") Signed-off-by: Colin Ian King Addresses-Coverity: ("Resource leak") Link: https://lore.kernel.org/r/20200604171216.60043-1-colin.king@canonical.com Signed-off-by: Mark Brown commit b398ace5d2ea0b7f00d9f1ce23c647e289c206ca Author: Marco Elver Date: Thu May 28 09:43:13 2020 +0200 compiler_types.h: Use unoptimized __unqual_scalar_typeof for sparse If the file is being checked with sparse, use the unoptimized version of __unqual_scalar_typeof(), since sparse does not support _Generic. Reported-by: kbuild test robot Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Link: https://lkml.kernel.org/r/202005280727.lXn1VnTw%lkp@intel.com Signed-off-by: Will Deacon commit 1fd76043ecb04b8567a76b106db09ac778e1e2b8 Author: Marco Elver Date: Wed May 27 12:32:36 2020 +0200 compiler_types.h: Optimize __unqual_scalar_typeof compilation time If the compiler supports C11's _Generic, use it to speed up compilation times of __unqual_scalar_typeof(). GCC version 4.9 or later and all supported versions of Clang support the feature (the oldest supported compiler that doesn't support _Generic is GCC 4.8, for which we use the slower alternative). The non-_Generic variant relies on multiple expansions of __pick_integer_type -> __pick_scalar_type -> __builtin_choose_expr, which increases pre-processed code size, and can cause compile times to increase in files with numerous expansions of READ_ONCE(), or other users of __unqual_scalar_typeof(). Summary of compile-time benchmarking done by Arnd Bergmann: clang-11 gcc-9 this patch 0.78 0.91 ideal 0.76 0.86 See https://lkml.kernel.org/r/CAK8P3a3UYQeXhiufUevz=rwe09WM_vSTCd9W+KvJHJcOeQyWVA@mail.gmail.com Further compile-testing done with: gcc 4.8, 4.9, 5.5, 6.4, 7.5, 8.4; clang 9, 10. Reported-by: Arnd Bergmann Signed-off-by: Marco Elver Signed-off-by: Borislav Petkov Acked-by: Peter Zijlstra Tested-by: Arnd Bergmann Link: https://lkml.kernel.org/r/20200527103236.148700-1-elver@google.com Link: https://lkml.kernel.org/r/CAK8P3a0RJtbVi1JMsfik=jkHCNFv+DJn_FeDg-YLW+ueQW3tNg@mail.gmail.com [will: tweak new macros to make them a bit more readable] Signed-off-by: Will Deacon commit b16d8ecf4fa17e16fff20638364f9bd2205615e7 Author: Will Deacon Date: Fri Jun 5 11:19:46 2020 +0100 compiler.h: Enforce that READ_ONCE_NOCHECK() access size is sizeof(long) READ_ONCE_NOCHECK() unconditionally performs a sizeof(long)-sized access, so enforce that the size of the pointed-to object that we are loading from is the same size as 'long'. Reported-by: Marco Elver Signed-off-by: Will Deacon commit 8d4beed7bbc71666de2630b79899c8852c3bf5cd Author: Will Deacon Date: Fri Jun 5 11:05:51 2020 +0100 compiler-types.h: Include naked type in __pick_integer_type() match __pick_integer_type() checks whether the type of its first argument is compatible with an explicitly signed or unsigned integer type, returning the compatible type if it exists. Unfortunately, 'char' is neither compatible with 'signed char' nor 'unsigned char', so add a check against the naked type to allow the __unqual_scalar_typeof() macro to strip qualifiers from char types without an explicit signedness. Reported-by: Rasmus Villemoes Signed-off-by: Will Deacon commit 42413b49804b250ced70dac8815388af2d4ad872 Author: Roberto Sassu Date: Fri Jun 5 08:50:28 2020 +0200 ima: Directly free *entry in ima_alloc_init_template() if digests is NULL To support multiple template digests, the static array entry->digest has been replaced with a dynamically allocated array in commit aa724fe18a8a ("ima: Switch to dynamically allocated buffer for template digests"). The array is allocated in ima_alloc_init_template() and if the returned pointer is NULL, ima_free_template_entry() is called. However, (*entry)->template_desc is not yet initialized while it is used by ima_free_template_entry(). This patch fixes the issue by directly freeing *entry without calling ima_free_template_entry(). Fixes: aa724fe18a8a ("ima: Switch to dynamically allocated buffer for template digests") Reported-by: syzbot+223310b454ba6b75974e@syzkaller.appspotmail.com Signed-off-by: Roberto Sassu Signed-off-by: Mimi Zohar commit 5872f1a2e5c783783d51e96468f0ff6aede61182 Author: Will Deacon Date: Mon May 11 21:59:51 2020 +0100 READ_ONCE: Fix comment describing 2x32-bit atomicity READ_ONCE() permits 64-bit accesses on 32-bit architectures, since this crops up in a few places and is generally harmless because either the upper bits are always zero (e.g. for a virtual address or 32-bit time_t) or the architecture provides 64-bit atomicity anyway. Update the corresponding comment above compiletime_assert_rwonce_type(), which incorrectly states that 32-bit x86 provides 64-bit atomicity, and instead reference 32-bit Armv7 with LPAE. Cc: Thomas Gleixner Cc: Peter Zijlstra Reported-by: Jann Horn Signed-off-by: Will Deacon commit 5788ccf3c84f5587418a80128a3653aa35abf00b Author: Xiaoming Ni Date: Tue Mar 31 09:31:59 2020 +0800 mtd: clear cache_state to avoid writing to bad blocks repeatedly The function call process is as follows: mtd_blktrans_work() while (1) do_blktrans_request() mtdblock_writesect() do_cached_write() write_cached_data() /*if cache_state is STATE_DIRTY*/ erase_write() write_cached_data() returns failure without modifying cache_state and cache_offset. So when do_cached_write() is called again, write_cached_data() will be called again to perform erase_write() on the same cache_offset. But if this cache_offset points to a bad block, erase_write() will always return -EIO. Writing to this mtdblk is equivalent to losing the current data, and repeatedly writing to the bad block. Repeatedly writing a bad block has no real benefits, but brings some negative effects: 1 Lost subsequent data 2 Loss of flash device life 3 erase_write() bad blocks are very time-consuming. For example: the function do_erase_oneblock() in chips/cfi_cmdset_0020.c or chips/cfi_cmdset_0002.c may take more than 20 seconds to return Therefore, when erase_write() returns -EIO in write_cached_data(), clear cache_state to avoid writing to bad blocks repeatedly. Signed-off-by: Xiaoming Ni Reviewed-by: Miquel Raynal Signed-off-by: Richard Weinberger commit eb13fa0227417e84aecc3bd9c029d376e33474d3 Author: Boris Brezillon Date: Wed Apr 29 09:53:47 2020 -0700 mtd: parser: cmdline: Support MTD names containing one or more colons Looks like some drivers define MTD names with a colon in it, thus making mtdpart= parsing impossible. Let's fix the parser to gracefully handle that case: the last ':' in a partition definition sequence is considered instead of the first one. Signed-off-by: Boris Brezillon Signed-off-by: Ron Minnich Tested-by: Ron Minnich Signed-off-by: Richard Weinberger commit 9029537c93b6f7347cf213d4e3b5c935a4d07ac8 Author: Jason Yan Date: Fri Apr 3 16:15:44 2020 +0800 mtd: physmap_of_gemini: remove defined but not used symbol 'syscon_match' It's not used by anyone now, remove it. Fix the following gcc warning: drivers/mtd/maps/physmap-gemini.c:49:34: warning: ‘syscon_match’ defined but not used [-Wunused-const-variable=] static const struct of_device_id syscon_match[] = { ^~~~~~~~~~~~ Reported-by: Hulk Robot Signed-off-by: Jason Yan Reviewed-by: Linus Walleij Signed-off-by: Richard Weinberger commit 79ea1e12c0b8540100e89b32afb9f0e6503fad35 Author: Johannes Berg Date: Thu Jun 4 12:04:20 2020 +0200 cfg80211: fix management registrations deadlock Lockdep reports that we may deadlock because we take the RTNL on the work struct, but flush it under RTNL. Clearly, it's correct. In practice, this can happen when doing rfkill on an active device. Fix this by moving the work struct to the wiphy (registered dev) layer, and iterate over all the wdevs inside there. This then means we need to track which one of them has work to do, so we don't update to the driver for all wdevs all the time. Also fix a locking bug I noticed while working on this - the registrations list is iterated as if it was an RCU list, but it isn't handle that way - and we need to lock now for the update flag anyway, so remove the RCU. Fixes: 6cd536fe62ef ("cfg80211: change internal management frame registration API") Reported-by: Markus Theil Reported-and-tested-by: Kenneth R. Crudup Signed-off-by: Johannes Berg Link: https://lore.kernel.org/r/20200604120420.b1dc540a7e26.I55dcca56bb5bdc5d7ad66a36a0b42afd7034d8be@changeid Signed-off-by: Johannes Berg commit a4902d914e508f3691fa7ef885a76d2b7e735805 Author: Stephen Rothwell Date: Mon May 11 13:00:15 2020 +1000 xfrm: merge fixup for "remove output_finish indirection from xfrm_state_afinfo" Signed-off-by: Stephen Rothwell Signed-off-by: Steffen Klassert commit 5aec598c456fe3c1b71a1202cbb42bdc2a643277 Author: Chaitanya Kulkarni Date: Thu Jun 4 00:13:30 2020 -0700 blktrace: fix endianness for blk_log_remap() The function blk_log_remap() can be simplified by removing the call to get_pdu_remap() that copies the values into extra variable to print the data, which also fixes the endiannness warning reported by sparse. Signed-off-by: Chaitanya Kulkarni Signed-off-by: Jens Axboe commit 71df3fd82e7cccec7b749a8607a4662d9f7febdd Author: Chaitanya Kulkarni Date: Thu Jun 4 00:13:29 2020 -0700 blktrace: fix endianness in get_pdu_int() In function get_pdu_len() replace variable type from __u64 to __be64. This fixes sparse warning. Signed-off-by: Chaitanya Kulkarni Signed-off-by: Jens Axboe commit 48bc3cd3e07a1486f45d9971c75d6090976c3b1b Author: Chaitanya Kulkarni Date: Thu Jun 4 00:13:28 2020 -0700 blktrace: use errno instead of bi_status In blk_add_trace_spliti() blk_add_trace_bio_remap() use blk_status_to_errno() to pass the error instead of pasing the bi_status. This fixes the sparse warning. Signed-off-by: Chaitanya Kulkarni Signed-off-by: Jens Axboe commit 15b81ce5abdc4b502aa31dff2d415b79d2349d2f Author: Ahmed S. Darwish Date: Wed Jun 3 16:49:48 2020 +0200 block: nr_sects_write(): Disable preemption on seqcount write For optimized block readers not holding a mutex, the "number of sectors" 64-bit value is protected from tearing on 32-bit architectures by a sequence counter. Disable preemption before entering that sequence counter's write side critical section. Otherwise, the read side can preempt the write side section and spin for the entire scheduler tick. If the reader belongs to a real-time scheduling class, it can spin forever and the kernel will livelock. Fixes: c83f6bf98dc1 ("block: add partition resize function to blkpg ioctl") Cc: Signed-off-by: Ahmed S. Darwish Reviewed-by: Sebastian Andrzej Siewior Signed-off-by: Jens Axboe commit d24de76af836260a99ca2ba281a937bd5bc55591 Author: Christoph Hellwig Date: Wed Jun 3 07:14:43 2020 +0200 block: remove the error argument to the block_bio_complete tracepoint The status can be trivially derived from the bio itself. That also avoid callers like NVMe to incorrectly pass a blk_status_t instead of the errno, and the overhead of translating the blk_status_t to the errno in the I/O completion fast path when no tracing is enabled. Fixes: 35fe0d12c8a3 ("nvme: trace bio completion") Signed-off-by: Christoph Hellwig Reviewed-by: Sagi Grimberg Reviewed-by: Chaitanya Kulkarni Signed-off-by: Jens Axboe commit f650ef61e040bcb175dd8762164b00a5d627f20e Author: Ye Bin Date: Fri Jun 5 09:41:49 2020 +0800 ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function BUG: KASAN: use-after-free in ata_scsi_mode_select_xlat+0x10bd/0x10f0 drivers/ata/libata-scsi.c:4045 Read of size 1 at addr ffff88803b8cd003 by task syz-executor.6/12621 CPU: 1 PID: 12621 Comm: syz-executor.6 Not tainted 4.19.95 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xac/0xee lib/dump_stack.c:118 print_address_description+0x60/0x223 mm/kasan/report.c:253 kasan_report_error mm/kasan/report.c:351 [inline] kasan_report mm/kasan/report.c:409 [inline] kasan_report.cold+0xae/0x2d8 mm/kasan/report.c:393 ata_scsi_mode_select_xlat+0x10bd/0x10f0 drivers/ata/libata-scsi.c:4045 ata_scsi_translate+0x2da/0x680 drivers/ata/libata-scsi.c:2035 __ata_scsi_queuecmd drivers/ata/libata-scsi.c:4360 [inline] ata_scsi_queuecmd+0x2e4/0x790 drivers/ata/libata-scsi.c:4409 scsi_dispatch_cmd+0x2ee/0x6c0 drivers/scsi/scsi_lib.c:1867 scsi_queue_rq+0xfd7/0x1990 drivers/scsi/scsi_lib.c:2170 blk_mq_dispatch_rq_list+0x1e1/0x19a0 block/blk-mq.c:1186 blk_mq_do_dispatch_sched+0x147/0x3d0 block/blk-mq-sched.c:108 blk_mq_sched_dispatch_requests+0x427/0x680 block/blk-mq-sched.c:204 __blk_mq_run_hw_queue+0xbc/0x200 block/blk-mq.c:1308 __blk_mq_delay_run_hw_queue+0x3c0/0x460 block/blk-mq.c:1376 blk_mq_run_hw_queue+0x152/0x310 block/blk-mq.c:1413 blk_mq_sched_insert_request+0x337/0x6c0 block/blk-mq-sched.c:397 blk_execute_rq_nowait+0x124/0x320 block/blk-exec.c:64 blk_execute_rq+0xc5/0x112 block/blk-exec.c:101 sg_scsi_ioctl+0x3b0/0x6a0 block/scsi_ioctl.c:507 sg_ioctl+0xd37/0x23f0 drivers/scsi/sg.c:1106 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xae6/0x1030 fs/ioctl.c:688 ksys_ioctl+0x76/0xa0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xa0/0x2e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45c479 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fb0e9602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fb0e96036d4 RCX: 000000000045c479 RDX: 0000000020000040 RSI: 0000000000000001 RDI: 0000000000000003 RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 000000000000046d R14: 00000000004c6e1a R15: 000000000076bfcc Allocated by task 12577: set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc mm/kasan/kasan.c:553 [inline] kasan_kmalloc+0xbf/0xe0 mm/kasan/kasan.c:531 __kmalloc+0xf3/0x1e0 mm/slub.c:3749 kmalloc include/linux/slab.h:520 [inline] load_elf_phdrs+0x118/0x1b0 fs/binfmt_elf.c:441 load_elf_binary+0x2de/0x4610 fs/binfmt_elf.c:737 search_binary_handler fs/exec.c:1654 [inline] search_binary_handler+0x15c/0x4e0 fs/exec.c:1632 exec_binprm fs/exec.c:1696 [inline] __do_execve_file.isra.0+0xf52/0x1a90 fs/exec.c:1820 do_execveat_common fs/exec.c:1866 [inline] do_execve fs/exec.c:1883 [inline] __do_sys_execve fs/exec.c:1964 [inline] __se_sys_execve fs/exec.c:1959 [inline] __x64_sys_execve+0x8a/0xb0 fs/exec.c:1959 do_syscall_64+0xa0/0x2e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 12577: set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x129/0x170 mm/kasan/kasan.c:521 slab_free_hook mm/slub.c:1370 [inline] slab_free_freelist_hook mm/slub.c:1397 [inline] slab_free mm/slub.c:2952 [inline] kfree+0x8b/0x1a0 mm/slub.c:3904 load_elf_binary+0x1be7/0x4610 fs/binfmt_elf.c:1118 search_binary_handler fs/exec.c:1654 [inline] search_binary_handler+0x15c/0x4e0 fs/exec.c:1632 exec_binprm fs/exec.c:1696 [inline] __do_execve_file.isra.0+0xf52/0x1a90 fs/exec.c:1820 do_execveat_common fs/exec.c:1866 [inline] do_execve fs/exec.c:1883 [inline] __do_sys_execve fs/exec.c:1964 [inline] __se_sys_execve fs/exec.c:1959 [inline] __x64_sys_execve+0x8a/0xb0 fs/exec.c:1959 do_syscall_64+0xa0/0x2e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The buggy address belongs to the object at ffff88803b8ccf00 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 259 bytes inside of 512-byte region [ffff88803b8ccf00, ffff88803b8cd100) The buggy address belongs to the page: page:ffffea0000ee3300 count:1 mapcount:0 mapping:ffff88806cc03080 index:0xffff88803b8cc780 compound_mapcount: 0 flags: 0x100000000008100(slab|head) raw: 0100000000008100 ffffea0001104080 0000000200000002 ffff88806cc03080 raw: ffff88803b8cc780 00000000800c000b 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88803b8ccf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88803b8ccf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88803b8cd000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88803b8cd080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88803b8cd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc You can refer to "https://www.lkml.org/lkml/2019/1/17/474" reproduce this error. The exception code is "bd_len = p[3];", "p" value is ffff88803b8cd000 which belongs to the cache kmalloc-512 of size 512. The "page_address(sg_page(scsi_sglist(scmd)))" maybe from sg_scsi_ioctl function "buffer" which allocated by kzalloc, so "buffer" may not page aligned. This also looks completely buggy on highmem systems and really needs to use a kmap_atomic. --Christoph Hellwig To address above bugs, Paolo Bonzini advise to simpler to just make a char array of size CACHE_MPAGE_LEN+8+8+4-2(or just 64 to make it easy), use sg_copy_to_buffer to copy from the sglist into the buffer, and workthere. Signed-off-by: Ye Bin Signed-off-by: Jens Axboe commit eea1238867205b9e48a67c1a63219529a73c46fd Author: Navid Emamdoost Date: Thu Jun 4 22:06:43 2020 -0500 sata_rcar: handle pm_runtime_get_sync failure cases Calling pm_runtime_get_sync increments the counter even in case of failure, causing incorrect ref count. Call pm_runtime_put if pm_runtime_get_sync fails. Signed-off-by: Navid Emamdoost Signed-off-by: Jens Axboe commit 435faf5c218a47fd6258187f62d9bb1009717896 Merge: 571d54ed91c0 09c0533d129c Author: Linus Torvalds Date: Thu Jun 4 20:14:18 2020 -0700 Merge tag 'riscv-for-linus-5.8-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux Pull RISC-V updates from Palmer Dabbelt: - The remainder of the code necessary to support the Kendryte K210: * Support for building device trees into the kernel, as the K210 doesn't have a bootloader that provides one * A K210 device tree and the associated defconfig update * Support for skipping PMP initialization on systems that trap on PMP accesses rather than treating them as WARL - Support for KGDB - Improvements to text patching - Some cleanups to the SiFive L2 cache driver * tag 'riscv-for-linus-5.8-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: soc: sifive: l2 cache: Mark l2_get_priv_group as static soc: sifive: l2 cache: Eliminate an unsigned zero compare warning riscv: Add support to determine no. of L2 cache way enabled riscv: cacheinfo: Implement cache_get_priv_group with a generic ops structure riscv: Use text_mutex instead of patch_lock riscv: Use NOKPROBE_SYMBOL() instead of __krpobes annotation riscv: Remove the 'riscv_' prefix of function name riscv: Add SW single-step support for KDB riscv: Use the XML target descriptions to report 3 system registers riscv: Add KGDB support kgdb: Add kgdb_has_hit_break function RISC-V: Skip setting up PMPs on traps riscv: K210: Update defconfig riscv: K210: Add a built-in device tree riscv: Allow device trees to be built into the kernel commit 6ac92fb5cdff6e5708199f1d5d9d58011ccc76a0 Author: Martijn Coenen Date: Thu Jun 4 22:25:20 2020 +0200 loop: Fix wrong masking of status flags In faf1d25440d6, loop_set_status() now assigns lo_status directly from the passed in lo_flags, but then fixes it up by masking out flags that can't be set by LOOP_SET_STATUS; unfortunately the mask was negated. Re-ran all ltp ioctl_loop tests, and they all passed. Pass run of the previously failing one: tst_test.c:1247: INFO: Timeout per run is 0h 05m 00s tst_device.c:88: INFO: Found free device 0 '/dev/loop0' ioctl_loop01.c:49: PASS: /sys/block/loop0/loop/partscan = 0 ioctl_loop01.c:50: PASS: /sys/block/loop0/loop/autoclear = 0 ioctl_loop01.c:51: PASS: /sys/block/loop0/loop/backing_file = '/tmp/ZRJ6H4/test.img' ioctl_loop01.c:65: PASS: get expected lo_flag 12 ioctl_loop01.c:67: PASS: /sys/block/loop0/loop/partscan = 1 ioctl_loop01.c:68: PASS: /sys/block/loop0/loop/autoclear = 1 ioctl_loop01.c:77: PASS: access /dev/loop0p1 succeeds ioctl_loop01.c:83: PASS: access /sys/block/loop0/loop0p1 succeeds Summary: passed 8 failed 0 skipped 0 warnings 0 Fixes: faf1d25440d6 ("loop: Clean up LOOP_SET_STATUS lo_flags handling") Reported-by: Naresh Kamboju Signed-off-by: Martijn Coenen Tested-by: Naresh Kamboju Signed-off-by: Jens Axboe commit 571d54ed91c0fae174d933683c0c2e11c84843d9 Merge: 9d71d3cd9ef0 8211d1e83ade Author: Linus Torvalds Date: Thu Jun 4 20:11:25 2020 -0700 Merge tag 'devicetree-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull devicetree updates from Rob Herring: - Convert various DT (non-binding) doc files to ReST - Various improvements to device link code - Fix __of_attach_node_sysfs refcounting bug - Add support for 'memory-region-names' with reserved-memory binding - Vendor prefixes for Protonic Holland, BeagleBoard.org, Alps, Check Point, Würth Elektronik, U-Boot, Vaisala, Baikal Electronics, Shanghai Awinic Technology Co., MikroTik, Silex Insight - A bunch more binding conversions to DT schema. Only 3K to go. - Add a minimum version check for schema tools - Treewide dropping of 'allOf' usage with schema references. Not needed in new json-schema spec. - Some formatting clean-ups of schemas * tag 'devicetree-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (194 commits) dt-bindings: clock: Add documentation for X1830 bindings. dt-bindings: mailbox: Convert imx mu to json-schema dt-bindings: power: Convert imx gpcv2 to json-schema dt-bindings: power: Convert imx gpc to json-schema dt-bindings: Merge gpio-usb-b-connector with usb-connector dt-bindings: timer: renesas: cmt: Convert to json-schema dt-bindings: clock: Convert i.MX8QXP LPCG to json-schema dt-bindings: timer: Convert i.MX GPT to json-schema dt-bindings: thermal: rcar-thermal: Add device tree support for r8a7742 dt-bindings: serial: Add binding for UART pin swap dt-bindings: geni-se: Add interconnect binding for GENI QUP dt-bindings: geni-se: Convert QUP geni-se bindings to YAML dt-bindings: vendor-prefixes: Add Silex Insight vendor prefix dt-bindings: input: touchscreen: edt-ft5x06: change reg property dt-bindings: usb: qcom,dwc3: Introduce interconnect properties for Qualcomm DWC3 driver dt-bindings: timer: renesas: mtu2: Convert to json-schema of/fdt: Remove redundant kbasename function call dt-bindings: clock: Convert i.MX1 clock to json-schema dt-bindings: clock: Convert i.MX21 clock to json-schema dt-bindings: clock: Convert i.MX25 clock to json-schema ... commit 9d71d3cd9ef040c284506648285915e9ba4d08c4 Merge: 828f3e18e1cb 9ad249abe7b8 Author: Linus Torvalds Date: Thu Jun 4 20:02:14 2020 -0700 Merge tag 'arm-dt-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM devicetree updates from Arnd Bergmann: "This is the set of device tree changes, mostly covering new hardware support, with 577 patches touching a little over 500 files. There are five new Arm SoCs supported in this release, all of them for existing SoC families: - Realtek RTD1195, RTD1395 and RTD1619 -- three SoCs used in both NAS devices and Android Set-top-box designs, along with the "Horseradish", "Lion Skin" and "Mjolnir" reference platforms; the Mele X1000 and Xnano X5 set-top-boxes and the Banana Pi BPi-M4 single-board computer. - Renesas RZ/G1H (r8a7742) -- a high-end 32-bit industrial SoC and the iW-RainboW-G21D-Qseven-RZG1H board/SoM - Rockchips RK3326 -- low-end 64-bit SoC along with the Odroid-GO Advance game console Newly added machines on already supported SoCs are: - AMLogic S905D based Smartlabs SML-5442TW TV box - AMLogic S905X3 based ODROID-C4 SBC - AMLogic S922XH based Beelink GT-King Pro TV box - Allwinner A20 based Olimex A20-OLinuXino-LIME-eMMC SBC - Aspeed ast2500 based BMCs in Facebook x86 "Yosemite V2" and YADRO OpenPower P9 "Nicole" - Marvell Kirkwood based Check Point L-50 router - Mediatek MT8173 based Elm/Hana Chromebook laptops - Microchip SAMA5D2 "Industrial Connectivity Platform" reference board - NXP i.MX8m based Beacon i.MX8m-Mini SoM development kit - Octavo OSDMP15x based Linux Automation MC-1 development board - Qualcomm SDM630 based Xiaomi Redmi Note 7 phone - Realtek RTD1295 based Xnano X5 TV Box - STMicroelectronics STM32MP1 based Stinger96 single-board computer and IoT Box - Samsung Exynos4210 based based Samsung Galaxy S2 phone - Socionext Uniphier based Akebi96 SBC - TI Keystone based K2G Evaluation board - TI am5729 based Beaglebone-AI development board Include device descriptions for additional hardware support in existing SoCs and machines based on all major SoC platforms: - AMlogic Meson - Allwinner sunxi - Arm Juno/VFP/Vexpress/Integrator - Broadcom bcm283x/bcm2711 - Hisilicon hi6220 - Marvell EBU - Mediatek MT27xx, MT76xx, MT81xx and MT67xx - Microchip SAMA5D2 - NXP i.MX6/i.MX7/i.MX8 and Layerscape - Nvidia Tegra - Qualcomm Snapdragon - Renesas r8a77961, r8a7791 - Rockchips RK32xx/RK33xx - ST-Ericsson ux500 - STMicroelectronics SMT32 - Samsung Exynos and S5PV210 - Socionext Uniphier - TI OMAP5/DRA7 and Keystone" * tag 'arm-dt-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (564 commits) ARM: dts: keystone: Rename "msmram" node to "sram" arm: dts: mt2712: add uart APDMA to device tree arm64: dts: mt8183: add mmc node arm64: dts: mt2712: add ethernet device node arm64: tegra: Make the RTC a wakeup source on Jetson Nano and TX1 ARM: dts: mmp3: Add the fifth SD HCI ARM: dts: berlin*: Fix up the SDHCI node names ARM: dts: mmp3: Fix USB & USB PHY node names ARM: dts: mmp3: Fix L2 cache controller node name ARM: dts: mmp*: Fix up encoding of the /rtc interrupts property ARM: dts: pxa*: Fix up encoding of the /rtc interrupts property ARM: dts: pxa910: Fix the gpio interrupt cell number ARM: dts: pxa3xx: Fix up encoding of the /gpio interrupts property ARM: dts: pxa168: Fix the gpio interrupt cell number ARM: dts: pxa168: Add missing address/size cells to i2c nodes ARM: dts: dove: Fix interrupt controller node name ARM: dts: kirkwood: Fix interrupt controller node name arm64: dts: Add SC9863A emmc and sd card nodes arm64: dts: Add SC9863A clock nodes arm64: dts: mt6358: add PMIC MT6358 related nodes ... commit 828f3e18e1cb98c68fc6db4d5113513d4a267775 Merge: 298743c193bb b5f73d47f34b Author: Linus Torvalds Date: Thu Jun 4 19:56:20 2020 -0700 Merge tag 'arm-drivers-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM/SoC driver updates from Arnd Bergmann: "These are updates to SoC specific drivers that did not have another subsystem maintainer tree to go through for some reason: - Some bus and memory drivers for the MIPS P5600 based Baikal-T1 SoC that is getting added through the MIPS tree. - There are new soc_device identification drivers for TI K3, Qualcomm MSM8939 - New reset controller drivers for NXP i.MX8MP, Renesas RZ/G1H, and Hisilicon hi6220 - The SCMI firmware interface can now work across ARM SMC/HVC as a transport. - Mediatek platforms now use a new driver for their "MMSYS" hardware block that controls clocks and some other aspects in behalf of the media and gpu drivers. - Some Tegra processors have improved power management support, including getting woken up by the PMIC and cluster power down during idle. - A new v4l staging driver for Tegra is added. - Cleanups and minor bugfixes for TI, NXP, Hisilicon, Mediatek, and Tegra" * tag 'arm-drivers-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (155 commits) clk: sprd: fix compile-testing bus: bt1-axi: Build the driver into the kernel bus: bt1-apb: Build the driver into the kernel bus: bt1-axi: Use sysfs_streq instead of strncmp bus: bt1-axi: Optimize the return points in the driver bus: bt1-apb: Use sysfs_streq instead of strncmp bus: bt1-apb: Use PTR_ERR_OR_ZERO to return from request-regs method bus: bt1-apb: Fix show/store callback identations bus: bt1-apb: Include linux/io.h dt-bindings: memory: Add Baikal-T1 L2-cache Control Block binding memory: Add Baikal-T1 L2-cache Control Block driver bus: Add Baikal-T1 APB-bus driver bus: Add Baikal-T1 AXI-bus driver dt-bindings: bus: Add Baikal-T1 APB-bus binding dt-bindings: bus: Add Baikal-T1 AXI-bus binding staging: tegra-video: fix V4L2 dependency tee: fix crypto select drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static soc: ti: add k3 platforms chipid module driver dt-bindings: soc: ti: add binding for k3 platforms chipid module ... commit 298743c193bb50b5d65b9285eb7206ffb31d412d Merge: 694b5a5d313f f11d7cb47f15 Author: Linus Torvalds Date: Thu Jun 4 19:54:15 2020 -0700 Merge tag 'arm-defconfig-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM defconfig updates from Arnd Bergmann: "These are the usual updates to arm/arm64 defconfig files, enabling newly added drivers and addressing changes to Kconfig files" * tag 'arm-defconfig-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (22 commits) ARM: imx_v6_v7_defconfig: extend RN5T618 PMIC family support arm64: defconfig: enable Qualcomm IPA and RMNet modules arm64: defconfig: Add LEDS_TRIGGER_TIMER arm64: defconfig: Enable UACCE/PCI PASID/SEC2/HPRE configs arm64: defconfig: Enable Qualcomm SC7180 pinctrl and gcc arm64: defconfig: Remove QCOM_GLINK_SSR ARM: multi_v7_defconfig: Enable r8a7742 SoC ARM: shmobile: defconfig: Enable r8a7742 SoC arm64: defconfig: enable meson gx audio as module arm64: defconfig: Enable SM8250 GCC driver ARM: defconfig: u8500: Enable new drivers for ux500 arm64: defconfig: Enable CONFIG_PINCTRL_IMX8DXL by default arm64: configs: Enable sun50i cpufreq nvmem ARM: shmobile: defconfig: Refresh for v5.7-rc1 ARM: defconfig: u8500: Enable new drivers for samsung-golden ARM: configs: sunxi: Add sun8i analog codec arm64: defconfig: Enable Qualcomm CAMCC, CAMSS and CCI drivers ARM: configs: at91: sama5: enable MCP16502 regulator ARM: configs: at91: sama5: enable SAMA5D2_PIOBU ARM: exynos_defconfig: Compile MAC80211/CFG80211 as modules ... commit 694b5a5d313f3997764b67d52bab66ec7e59e714 Merge: 587f17018a2c d2353bad2c1e Author: Linus Torvalds Date: Thu Jun 4 19:47:11 2020 -0700 Merge tag 'arm-soc-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM SoC updates from Arnd Bergmann: "One new platform gets added, the Realtek RTD1195, which is an older Cortex-a7 based relative of the RTD12xx chips that are already supported in arch/arm64. The platform may also be extended to support running 32-bit kernels on those 64-bit chips for memory-constrained machines. In the Renesas shmobile platform, we gain support for "RZ/G1H" or R8A7742, an eight-core chip based on Cortex-A15 and Cortex-A7 cores, originally released in 2016 as one of the last high-end 32-bit designs. There is ongoing cleanup for the integrator, tegra, imx, and omap2 platforms, with integrator getting very close to the goal of having zero code in arch/arm/, and omap2 moving more of the chip specifics from old board code into device tree files. The Versatile Express platform is made more modular, with built-in drivers now becoming loadable modules. This is part of a greater effort for the Android OS to have a common kernel binary for all platforms and any platform specific code in loadable modules. The PXA platform drops support for Compulab's pxa2xx boards that had rather unusual flash and PCI drivers but no known users remaining. All device drivers specific to those boards can now get removed as well. Across platforms, there is ongoing cleanup, with Geert and Rob revisiting some a lot of Kconfig options" * tag 'arm-soc-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (94 commits) ARM: omap2: fix omap5_realtime_timer_init definition ARM: zynq: Don't select CONFIG_ICST ARM: OMAP2+: Fix regression for using local timer on non-SMP SoCs clk: versatile: Fix kconfig dependency on COMMON_CLK_VERSATILE ARM: davinci: fix build failure without I2C power: reset: vexpress: fix build issue power: vexpress: cleanup: use builtin_platform_driver power: vexpress: add suppress_bind_attrs to true Revert "ARM: vexpress: Don't select VEXPRESS_CONFIG" MAINTAINERS: pxa: remove Compulab arm/pxa support ARM: pxa: remove Compulab pxa2xx boards bus: arm-integrator-lm: Fix return value check in integrator_ap_lm_probe() soc: imx: move cpu code to drivers/soc/imx ARM: imx: move cpu definitions into a header ARM: imx: use device_initcall for imx_soc_device_init ARM: imx: pcm037: make pcm970_sja1000_platform_data static bus: ti-sysc: Timers no longer need legacy quirk handling ARM: OMAP2+: Drop old timer code for dmtimer and 32k counter ARM: dts: Configure system timers for omap2 ARM: dts: Configure system timers for ti81xx ... commit 587f17018a2c6c414e41a312b002faaef60cf423 Author: Nick Desaulniers Date: Fri Feb 14 14:18:11 2020 -0800 Kconfig: add config option for asm goto w/ outputs This allows C code to make use of compilers with support for output variables along the fallthrough path via preprocessor define: CONFIG_CC_HAS_ASM_GOTO_OUTPUT [ This is not used anywhere yet, and currently released compilers don't support this yet, but it's coming, and I have some local experimental patches to take advantage of it when it does - Linus ] Signed-off-by: Nick Desaulniers Signed-off-by: Linus Torvalds commit 886d7de631da71e30909980fdbf318f7caade262 Merge: 5bfea2d9b17f 469cbd016157 Author: Linus Torvalds Date: Thu Jun 4 19:18:29 2020 -0700 Merge branch 'akpm' (patches from Andrew) Merge yet more updates from Andrew Morton: - More MM work. 100ish more to go. Mike Rapoport's "mm: remove __ARCH_HAS_5LEVEL_HACK" series should fix the current ppc issue - Various other little subsystems * emailed patches from Andrew Morton : (127 commits) lib/ubsan.c: fix gcc-10 warnings tools/testing/selftests/vm: remove duplicate headers selftests: vm: pkeys: fix multilib builds for x86 selftests: vm: pkeys: use the correct page size on powerpc selftests/vm/pkeys: override access right definitions on powerpc selftests/vm/pkeys: test correct behaviour of pkey-0 selftests/vm/pkeys: introduce a sub-page allocator selftests/vm/pkeys: detect write violation on a mapped access-denied-key page selftests/vm/pkeys: associate key on a mapped page and detect write violation selftests/vm/pkeys: associate key on a mapped page and detect access violation selftests/vm/pkeys: improve checks to determine pkey support selftests/vm/pkeys: fix assertion in test_pkey_alloc_exhaust() selftests/vm/pkeys: fix number of reserved powerpc pkeys selftests/vm/pkeys: introduce powerpc support selftests/vm/pkeys: introduce generic pkey abstractions selftests: vm: pkeys: use the correct huge page size selftests/vm/pkeys: fix alloc_random_pkey() to make it really random selftests/vm/pkeys: fix assertion in pkey_disable_set/clear() selftests/vm/pkeys: fix pkey_disable_clear() selftests: vm: pkeys: add helpers for pkey bits ... commit 469cbd016157d28c27fda8da6ddc76b856f4e1b9 Author: Arnd Bergmann Date: Thu Jun 4 16:53:00 2020 -0700 lib/ubsan.c: fix gcc-10 warnings The latest compiler expects slightly different function prototypes for the ubsan helpers: lib/ubsan.c:192:6: error: conflicting types for built-in function '__ubsan_handle_add_overflow'; expected 'void(void *, void *, void *)' [-Werror=builtin-declaration-mismatch] 192 | void __ubsan_handle_add_overflow(struct overflow_data *data, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ lib/ubsan.c:200:6: error: conflicting types for built-in function '__ubsan_handle_sub_overflow'; expected 'void(void *, void *, void *)' [-Werror=builtin-declaration-mismatch] 200 | void __ubsan_handle_sub_overflow(struct overflow_data *data, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ lib/ubsan.c:207:6: error: conflicting types for built-in function '__ubsan_handle_mul_overflow'; expected 'void(void *, void *, void *)' [-Werror=builtin-declaration-mismatch] 207 | void __ubsan_handle_mul_overflow(struct overflow_data *data, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ lib/ubsan.c:214:6: error: conflicting types for built-in function '__ubsan_handle_negate_overflow'; expected 'void(void *, void *)' [-Werror=builtin-declaration-mismatch] 214 | void __ubsan_handle_negate_overflow(struct overflow_data *data, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ lib/ubsan.c:234:6: error: conflicting types for built-in function '__ubsan_handle_divrem_overflow'; expected 'void(void *, void *, void *)' [-Werror=builtin-declaration-mismatch] 234 | void __ubsan_handle_divrem_overflow(struct overflow_data *data, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Change the Linux implementation to match these, using a local typed pointer. Signed-off-by: Arnd Bergmann Signed-off-by: Andrew Morton Reviewed-by: Kees Cook Cc: Andrey Ryabinin Cc: Herbert Xu Cc: Julien Grall Link: http://lkml.kernel.org/r/20200429185948.4189600-1-arnd@arndb.de Signed-off-by: Linus Torvalds commit 2792d488a2d36c80e8beb34d710d10d144b66c22 Author: Jagadeesh Pagadala Date: Thu Jun 4 16:52:57 2020 -0700 tools/testing/selftests/vm: remove duplicate headers Code cleanup: Remove duplicate headers which are included twice. Signed-off-by: Jagadeesh Pagadala Signed-off-by: Andrew Morton Cc: Shuah Khan Cc: Brian Geffon Link: http://lkml.kernel.org/r/1587278984-18847-1-git-send-email-jagdsh.linux@gmail.com Signed-off-by: Linus Torvalds commit f21fda8f64533787db3e3682fee5775eb0bbea5f Author: Sandipan Das Date: Thu Jun 4 16:52:54 2020 -0700 selftests: vm: pkeys: fix multilib builds for x86 This ensures that both 32-bit and 64-bit binaries are generated when this is built on a x86_64 system. Most of the changes have been borrowed from tools/testing/selftests/x86/Makefile. Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Tested-by: Dave Hansen Acked-by: Dave Hansen Cc: "Desnes A. Nunes do Rosario" Cc: Florian Weimer Cc: Ingo Molnar Cc: Ram Pai Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/0326a442214d7a1b970d38296e63df3b217f5912.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 473c3cc86c36026d22129660746f2f4447abb79d Author: Sandipan Das Date: Thu Jun 4 16:52:50 2020 -0700 selftests: vm: pkeys: use the correct page size on powerpc Both 4K and 64K pages are supported on powerpc. Parts of the selftest code perform alignment computations based on the PAGE_SIZE macro which is currently hardcoded to 64K for powerpc. This causes some test failures on kernels configured with 4K page size. In some cases, we need to enforce function alignment on page size. Since this can only be done at build time, 64K is used as the alignment factor as that also ensures 4K alignment. Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: "Desnes A. Nunes do Rosario" Cc: Florian Weimer Cc: Ingo Molnar Cc: Ram Pai Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/5dcdfbf3353acdc90f315172e800b49f5ca21299.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit e9506394a159a449bdf0427b71d5191b4f7fc618 Author: Ram Pai Date: Thu Jun 4 16:52:46 2020 -0700 selftests/vm/pkeys: override access right definitions on powerpc Some platforms hardcode the x86 values for PKEY_DISABLE_ACCESS and PKEY_DISABLE_WRITE such as those in: /usr/include/bits/mman-shared.h. This overrides the definitions with correct values for powerpc. [sandipan@linux.ibm.com: fix powerpc access right definitions] Link: http://lkml.kernel.org/r/1ba86fd8a94f38131cfe2d9f277001dd1ad1d34e.1588959697.git.sandipan@linux.ibm.com Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/f6eb38cb3a1e12eb2cdc9da6300bc5a5dfba0db9.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit fa17437cb8405bd0904f0aff8fb80d5e8c854b04 Author: Ram Pai Date: Thu Jun 4 16:52:43 2020 -0700 selftests/vm/pkeys: test correct behaviour of pkey-0 Ensure that pkey-0 is allocated on start and that it can be attached dynamically in various modes, without failures. Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/9b7c54a9b4261894fe0c7e884c70b87214ff8fbb.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 6e2c2d0fb7819a05765147286ed71d5bb96faa36 Author: Ram Pai Date: Thu Jun 4 16:52:39 2020 -0700 selftests/vm/pkeys: introduce a sub-page allocator This introduces a new allocator that allocates 4K hardware pages to back 64K linux pages. This allocator is available only on powerpc. Signed-off-by: Ram Pai Signed-off-by: Thiago Jung Bauermann Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/c4a82fa962ec71015b994fab1aaf83bdfd091553.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 4e06e718afd71f99592a76a29167e9cd617b2b09 Author: Ram Pai Date: Thu Jun 4 16:52:36 2020 -0700 selftests/vm/pkeys: detect write violation on a mapped access-denied-key page Detect write-violation on a page to which access-disabled key is associated much after the page is mapped. Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/6a7dd4069ee18a2a51b207a55aa197f3f3c59753.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 39351c1326cf72d9b01c5faa3de23153727832f5 Author: Ram Pai Date: Thu Jun 4 16:52:32 2020 -0700 selftests/vm/pkeys: associate key on a mapped page and detect write violation Detect write-violation on a page to which write-disabled key is associated much after the page is mapped. Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/6bfe3b3832f8bcfb07d7f2cf116b45197f4587dd.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit aef759db63fd4cfad5b585db96cf05f34d04cbd9 Author: Ram Pai Date: Thu Jun 4 16:52:29 2020 -0700 selftests/vm/pkeys: associate key on a mapped page and detect access violation Detect access-violation on a page to which access-disabled key is associated much after the page is mapped. Signed-off-by: Ram Pai Signed-off: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/4a19cf9252c03dd883887e9002881599e6900d06.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 94c8a223ded59918536387a9c33fee29ca54fc7e Author: Ram Pai Date: Thu Jun 4 16:52:25 2020 -0700 selftests/vm/pkeys: improve checks to determine pkey support For the pkeys subsystem to work, both the CPU and the kernel need to have support. So, additionally check if the kernel supports pkeys apart from the CPU feature checks. Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/8fb76c63ebdadcf068ecd2d23731032e195cd364.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit b0acc5d6bf333583b535f5caf1539d90c78519c2 Author: Ram Pai Date: Thu Jun 4 16:52:22 2020 -0700 selftests/vm/pkeys: fix assertion in test_pkey_alloc_exhaust() Some pkeys which are valid on the hardware are reserved and not available for application use. These keys cannot be allocated. test_pkey_alloc_exhaust() tries to account for these and has an assertion which validates if all available pkeys have been exahaustively allocated. However, the expression that is currently used is only valid for x86. On powerpc, a pkey is additionally reserved as compared to x86. Hence, the assertion is made to use an arch-specific helper to get the correct count of reserved pkeys. Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/38b08d0318820ae46af3aa6048384fd8056c3df7.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit c63e5e7f9942ac18bc6cc7e8853ad709e72e9f8b Author: Desnes A. Nunes do Rosario Date: Thu Jun 4 16:52:19 2020 -0700 selftests/vm/pkeys: fix number of reserved powerpc pkeys The number of reserved pkeys in a PowerNV environment is different from that on PowerVM or KVM. Tested on PowerVM and PowerNV environments. Signed-off-by: "Desnes A. Nunes do Rosario" Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Florian Weimer Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/0341a0ca961166814b44c9e724774672c18d54ca.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 589944b53b0f913b89f5b6bc50d53c38a252ba0f Author: Ram Pai Date: Thu Jun 4 16:52:15 2020 -0700 selftests/vm/pkeys: introduce powerpc support This makes use of the abstractions added earlier and introduces support for powerpc. For powerpc, after receiving the SIGSEGV, the signal handler must explicitly restore access permissions for the faulting pkey to allow the test to continue. As this makes use of pkey_access_allow(), all of its dependencies and other similar functions have been moved ahead of the signal handler. [sandipan@linux.ibm.com: fix powerpc access right updates] Link: http://lkml.kernel.org/r/5f65cf37be993760de8112a88da194e3ccbb2bf8.1588959697.git.sandipan@linux.ibm.com Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/b121e9fd33789ed9195276e32fe4e80bb6b88a31.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 604c496b227d300aac330aecd88ae5ffa28fbfc0 Author: Ram Pai Date: Thu Jun 4 16:52:12 2020 -0700 selftests/vm/pkeys: introduce generic pkey abstractions This introduces some generic abstractions and provides the corresponding architecture-specfic implementations for these abstractions. Signed-off-by: Ram Pai Signed-off-by: Thiago Jung Bauermann Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/1c977915e69fb7767fb0dbd55ac7656554b15b93.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 57bcb57da241a186e8174c58850cb0e8e21f77a9 Author: Sandipan Das Date: Thu Jun 4 16:52:08 2020 -0700 selftests: vm: pkeys: use the correct huge page size The huge page size can vary across architectures. This will ensure that the correct huge page size is used when accessing the hugetlb controls under sysfs. Instead of using a hardcoded page size (i.e. 2MB), this now uses the HPAGE_SIZE macro which is arch-specific. Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: "Desnes A. Nunes do Rosario" Cc: Florian Weimer Cc: Ingo Molnar Cc: Ram Pai Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/66882a5d6e45c73c3a52bc4aef9754e48afa4f88.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 6e373263ce07eeaa6410843179535fbdf561fc31 Author: Ram Pai Date: Thu Jun 4 16:52:05 2020 -0700 selftests/vm/pkeys: fix alloc_random_pkey() to make it really random alloc_random_pkey() was allocating the same pkey every time. Not all pkeys were geting tested. This fixes it. Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/0162f55816d4e783a0d6e49e554d0ab9a3c9a23b.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit ea5f95c3d6bb117abfe41fd2612f3213cf22b609 Author: Ram Pai Date: Thu Jun 4 16:52:01 2020 -0700 selftests/vm/pkeys: fix assertion in pkey_disable_set/clear() In some cases, a pkey's bits need not necessarily change in a way that the value of the pkey register increases when performing a pkey_disable_set() or decreases when performing a pkey_disable_clear(). For example, on powerpc, if a pkey's current state is PKEY_DISABLE_ACCESS and we perform a pkey_write_disable() on it, the bits still remain the same. We will observe something similar when the pkey's current state is 0 and a pkey_access_enable() is performed on it. Either case would cause some assertions to fail. This fixes the problem. Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/8240665131e43fc93eed4eea8194676c1ea39a7f.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 11551801a71c84b9713abf1b588933eea141e362 Author: Ram Pai Date: Thu Jun 4 16:51:58 2020 -0700 selftests/vm/pkeys: fix pkey_disable_clear() Currently, pkey_disable_clear() sets the specified bits instead clearing them. This has been dead code up to now because its only callers i.e. pkey_access/write_allow() are also unused. Signed-off-by: Ram Pai Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/1f70bca60330a85dca42c3cd98212bb1cdf5a076.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 0c416bcaef8dc9b8378b3e7fa7ce3e9ad5cedcd0 Author: Sandipan Das Date: Thu Jun 4 16:51:54 2020 -0700 selftests: vm: pkeys: add helpers for pkey bits This introduces some functions that help with setting or clearing bits of a particular pkey. This also adds an abstraction for getting a pkey's bit position in the pkey register as this may vary across architectures. Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: "Desnes A. Nunes do Rosario" Cc: Florian Weimer Cc: Ingo Molnar Cc: Ram Pai Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/2ad9705f4f68ca7e72155cc583415e5a979546f1.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 4dbdd947cb7f5534bedfdd1dbf983d0c0d9def29 Author: Sandipan Das Date: Thu Jun 4 16:51:51 2020 -0700 selftests: vm: pkeys: Use sane types for pkey register The size of the pkey register can vary across architectures. This converts the data type of all its references to u64 in preparation for multi-arch support. To keep the definition of the u64 type consistent and remove format specifier related warnings, __SANE_USERSPACE_TYPES__ is defined as suggested by Michael Ellerman. Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: "Desnes A. Nunes do Rosario" Cc: Florian Weimer Cc: Ingo Molnar Cc: Ram Pai Cc: Thiago Jung Bauermann Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/d3e271798455d940e395e56e1ff1e82a31bcb7aa.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit a09160e694ccd822365da28f9e5f94d22a6784b0 Author: Thiago Jung Bauermann Date: Thu Jun 4 16:51:47 2020 -0700 selftests/vm/pkeys: make gcc check arguments of sigsafe_printf() This will help us ensure we print pkey_reg_t values correctly in different architectures. Signed-off-by: Thiago Jung Bauermann Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: "Desnes A. Nunes do Rosario" Cc: Florian Weimer Cc: Ingo Molnar Cc: Ram Pai Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/b40b7a95fdd4045d62530a2a34452934caf3b0bc.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 53555e2b4d9a29ff93d9bedfe209328cc69806be Author: Thiago Jung Bauermann Date: Thu Jun 4 16:51:44 2020 -0700 selftests/vm/pkeys: move some definitions to arch-specific header In preparation for multi-arch support, move definitions which have arch-specific values to x86-specific header. Signed-off-by: Ram Pai Signed-off-by: Thiago Jung Bauermann Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/d58eba2930059c8b209eefd6d5b48fe922a5b010.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 5461c6625f2961ec21541604c9043c688aa176e0 Author: Ram Pai Date: Thu Jun 4 16:51:41 2020 -0700 selftests/vm/pkeys: move generic definitions to header file Moved all the generic definition and helper functions to the header file. Signed-off-by: Ram Pai Signed-off-by: Thiago Jung Bauermann Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/57177f99e92a51295956715d5f2d5688a4d13927.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit c4273c7f0ec34f7ab94332bf8279f19c04feca73 Author: Ram Pai Date: Thu Jun 4 16:51:37 2020 -0700 selftests/vm/pkeys: rename all references to pkru to a generic name This renames PKRU references to "pkey_reg" or "pkey" based on the usage. Signed-off-by: Ram Pai Signed-off-by: Thiago Jung Bauermann Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Reviewed-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Ingo Molnar Cc: "Aneesh Kumar K.V" Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Suchanek Cc: Shuah Khan Link: http://lkml.kernel.org/r/2c6970bc6d2e99796cd5cc1101bd2ecf7eccb937.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 804eb64615a405b3765fb3618bc07d7d95809add Author: Ram Pai Date: Thu Jun 4 16:51:34 2020 -0700 selftests/x86/pkeys: move selftests to arch-neutral directory Patch series "selftests, powerpc, x86: Memory Protection Keys", v19. Memory protection keys enables an application to protect its address space from inadvertent access by its own code. This feature is now enabled on powerpc and has been available since 4.16-rc1. The patches move the selftests to arch neutral directory and enhance their test coverage. Tested on powerpc64 and x86_64 (Skylake-SP). This patch (of 24): Move selftest files from tools/testing/selftests/x86/ to tools/testing/selftests/vm/. Signed-off-by: Ram Pai Signed-off-by: Thiago Jung Bauermann Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Ingo Molnar Acked-by: Dave Hansen Cc: Dave Hansen Cc: Florian Weimer Cc: "Desnes A. Nunes do Rosario" Cc: Michal Hocko Cc: "Aneesh Kumar K.V" Cc: Michal Suchanek Cc: Michael Ellerman Cc: Shuah Khan Link: http://lkml.kernel.org/r/14d25194c3e2e652e0047feec4487e269e76e8c9.1585646528.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 341a7213e5c1ce274cc0f02270054905800ea660 Author: Pengcheng Yang Date: Thu Jun 4 16:51:30 2020 -0700 kernel/relay.c: fix read_pos error when multiple readers When reading, read_pos should start with bytes_consumed, not file->f_pos. Because when there is more than one reader, the read_pos corresponding to file->f_pos may have been consumed, which will cause the data that has been consumed to be read and the bytes_consumed update error. Signed-off-by: Pengcheng Yang Signed-off-by: Andrew Morton Reviewed-by: Jens Axboe Cc: Greg Kroah-Hartman Cc: Jann Horn Cc: Al Viro e Link: http://lkml.kernel.org/r/1579691175-28949-1-git-send-email-yangpc@wangsu.com Signed-off-by: Linus Torvalds commit 54e200ab40fc14c863bcc80a51e20b7906608fce Author: Daniel Axtens Date: Thu Jun 4 16:51:27 2020 -0700 kernel/relay.c: handle alloc_percpu returning NULL in relay_open alloc_percpu() may return NULL, which means chan->buf may be set to NULL. In that case, when we do *per_cpu_ptr(chan->buf, ...), we dereference an invalid pointer: BUG: Unable to handle kernel data access at 0x7dae0000 Faulting instruction address: 0xc0000000003f3fec ... NIP relay_open+0x29c/0x600 LR relay_open+0x270/0x600 Call Trace: relay_open+0x264/0x600 (unreliable) __blk_trace_setup+0x254/0x600 blk_trace_setup+0x68/0xa0 sg_ioctl+0x7bc/0x2e80 do_vfs_ioctl+0x13c/0x1300 ksys_ioctl+0x94/0x130 sys_ioctl+0x48/0xb0 system_call+0x5c/0x68 Check if alloc_percpu returns NULL. This was found by syzkaller both on x86 and powerpc, and the reproducer it found on powerpc is capable of hitting the issue as an unprivileged user. Fixes: 017c59c042d0 ("relay: Use per CPU constructs for the relay channel buffer pointers") Reported-by: syzbot+1e925b4b836afe85a1c6@syzkaller-ppc64.appspotmail.com Reported-by: syzbot+587b2421926808309d21@syzkaller-ppc64.appspotmail.com Reported-by: syzbot+58320b7171734bf79d26@syzkaller.appspotmail.com Reported-by: syzbot+d6074fb08bdb2e010520@syzkaller.appspotmail.com Signed-off-by: Daniel Axtens Signed-off-by: Andrew Morton Reviewed-by: Michael Ellerman Reviewed-by: Andrew Donnellan Acked-by: David Rientjes Cc: Akash Goel Cc: Andrew Donnellan Cc: Guenter Roeck Cc: Salvatore Bonaccorso Cc: [4.10+] Link: http://lkml.kernel.org/r/20191219121256.26480-1-dja@axtens.net Signed-off-by: Linus Torvalds commit 67446283d89467edae5ad9f632ee31f0fbae35fe Author: John Hubbard Date: Thu Jun 4 16:51:24 2020 -0700 rapidio: convert get_user_pages() --> pin_user_pages() This code was using get_user_pages_fast(), in a "Case 2" scenario (DMA/RDMA), using the categorization from [1]. That means that it's time to convert the get_user_pages_fast() + put_page() calls to pin_user_pages_fast() + unpin_user_pages() calls. There is some helpful background in [2]: basically, this is a small part of fixing a long-standing disconnect between pinning pages, and file systems' use of those pages. [1] Documentation/core-api/pin_user_pages.rst [2] "Explicit pinning of user-space pages": https://lwn.net/Articles/807108/ Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Cc: Matt Porter Cc: Alexandre Bounine Cc: Sumit Semwal Cc: Dan Carpenter Link: http://lkml.kernel.org/r/20200517235620.205225-3-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit e1c3cdb26ab881b77486dc50370356a349077c74 Author: Madhuparna Bhowmik Date: Thu Jun 4 16:51:21 2020 -0700 rapidio: avoid data race between file operation callbacks and mport_cdev_add(). Fields of md(mport_dev) are set after cdev_device_add(). However, the file operation callbacks can be called after cdev_device_add() and therefore accesses to fields of md in the callbacks can race with the rest of the mport_cdev_add() function. One such example is INIT_LIST_HEAD(&md->portwrites) in mport_cdev_add(), the list is initialised after cdev_device_add(). This can race with list_add_tail(&pw_filter->md_node,&md->portwrites) in rio_mport_add_pw_filter() which is called by unlocked_ioctl. To avoid such data races use cdev_device_add() after initializing md. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Madhuparna Bhowmik Signed-off-by: Andrew Morton Acked-by: Alexandre Bounine Cc: Matt Porter Cc: Dan Carpenter Cc: Mike Marshall Cc: Thomas Gleixner Cc: Ira Weiny Cc: Allison Randal Cc: Pavel Andrianov Link: http://lkml.kernel.org/r/20200426112950.1803-1-madhuparnabhowmik10@gmail.com Signed-off-by: Linus Torvalds commit 762a3af6faa0682e5b30b67b1db156c7df55f2c7 Author: Christoph Hellwig Date: Thu Jun 4 16:51:18 2020 -0700 exec: open code copy_string_kernel Currently copy_string_kernel is just a wrapper around copy_strings that simplifies the calling conventions and uses set_fs to allow passing a kernel pointer. But due to the fact the we only need to handle a single kernel argument pointer, the logic can be sigificantly simplified while getting rid of the set_fs. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexander Viro Link: http://lkml.kernel.org/r/20200501104105.2621149-3-hch@lst.de Signed-off-by: Linus Torvalds commit 986db2d14a6dca6456b63b4f5c410ae2aab4ec9d Author: Christoph Hellwig Date: Thu Jun 4 16:51:14 2020 -0700 exec: simplify the copy_strings_kernel calling convention copy_strings_kernel is always used with a single argument, adjust the calling convention to that. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Alexander Viro Link: http://lkml.kernel.org/r/20200501104105.2621149-2-hch@lst.de Signed-off-by: Linus Torvalds commit eac2cece45074e372f78a459c7bb2d7207b72736 Author: Kefeng Wang Date: Thu Jun 4 16:51:11 2020 -0700 kernel/kprobes.c: convert to use DEFINE_SEQ_ATTRIBUTE macro Use DEFINE_SEQ_ATTRIBUTE macro to simplify the code. Signed-off-by: Kefeng Wang Signed-off-by: Andrew Morton Cc: Anil S Keshavamurthy Cc: "David S. Miller" Cc: Masami Hiramatsu Cc: Greg KH Cc: Ingo Molnar Cc: Al Viro Link: http://lkml.kernel.org/r/20200509064031.181091-4-wangkefeng.wang@huawei.com Signed-off-by: Linus Torvalds commit 01a995600275779d7b06c3b82fd50f6cb50c601c Author: Kefeng Wang Date: Thu Jun 4 16:51:08 2020 -0700 mm/vmstat.c: convert to use DEFINE_SEQ_ATTRIBUTE macro Use DEFINE_SEQ_ATTRIBUTE macro to simplify the code. Signed-off-by: Kefeng Wang Signed-off-by: Andrew Morton Cc: Anil S Keshavamurthy Cc: "David S. Miller" Cc: Greg KH Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Al Viro Link: http://lkml.kernel.org/r/20200509064031.181091-3-wangkefeng.wang@huawei.com Signed-off-by: Linus Torvalds commit d2c0e6e91c7990c67921005f44f9b2b326ff2906 Author: Kefeng Wang Date: Thu Jun 4 16:51:05 2020 -0700 include/linux/seq_file.h: introduce DEFINE_SEQ_ATTRIBUTE() helper macro Patch series "seq_file: Introduce DEFINE_SEQ_ATTRIBUTE() helper macro". As discussed in https://lore.kernel.org/lkml/20191129222310.GA3712618@kroah.com/, we could introduce a new helper macro to reduce losts of boilerplate code, vmstat and kprobes is the example which covert to use it, if this is accepted, I will send out more cleanups. This patch (of 3): Introduce DEFINE_SEQ_ATTRIBUTE() helper macro to decrease code duplication. [akpm@linux-foundation.org: coding style fixes] Signed-off-by: Kefeng Wang Signed-off-by: Andrew Morton Cc: Greg KH Cc: Ingo Molnar Cc: Kefeng Wang Cc: Anil S Keshavamurthy Cc: "David S. Miller" Cc: Masami Hiramatsu Cc: Al Viro Link: http://lkml.kernel.org/r/20200509064031.181091-1-wangkefeng.wang@huawei.com Link: http://lkml.kernel.org/r/20200509064031.181091-2-wangkefeng.wang@huawei.com Signed-off-by: Linus Torvalds commit a3963015787d0a3bd9c2d91b62de5ca70413dc3b Author: Joe Perches Date: Thu Jun 4 16:51:02 2020 -0700 fs/seq_file.c: seq_read: Update pr_info_ratelimited Use a more common logging style. Add and use pr_fmt, coalesce the format string, align arguments, use better grammar. Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Cc: Vasily Averin Link: http://lkml.kernel.org/r/96ff603230ca1bd60034c36519be3930c3a3a226.camel@perches.com Signed-off-by: Linus Torvalds commit 898310032b96c198014a8bbace0fd26259b2db77 Author: OGAWA Hirofumi Date: Thu Jun 4 16:50:59 2020 -0700 fat: improve the readahead for FAT entries Current readahead for FAT entries is very simple but is having some flaws, so it is not working well for some environments. This patch improves the readahead more or less. The key points of modification are, - make the readahead size tunable by using bdi->ra_pages - care the bdi->io_pages to avoid the small size I/O request - update readahead window before fully exhausting With this patch, on slow USB connected 2TB hdd: [before] 383.18sec [after] 51.03sec Signed-off-by: OGAWA Hirofumi Signed-off-by: Andrew Morton Tested-by: hyeongseok.kim Reviewed-by: hyeongseok.kim Link: http://lkml.kernel.org/r/87d08e1dlh.fsf@mail.parknet.co.jp Signed-off-by: Linus Torvalds commit b1b65750b8db67834482f758fc385bfa7560d228 Author: OGAWA Hirofumi Date: Thu Jun 4 16:50:56 2020 -0700 fat: don't allow to mount if the FAT length == 0 If FAT length == 0, the image doesn't have any data. And it can be the cause of overlapping the root dir and FAT entries. Also Windows treats it as invalid format. Reported-by: syzbot+6f1624f937d9d6911e2d@syzkaller.appspotmail.com Signed-off-by: OGAWA Hirofumi Signed-off-by: Andrew Morton Cc: Marco Elver Cc: Dmitry Vyukov Link: http://lkml.kernel.org/r/87r1wz8mrd.fsf@mail.parknet.co.jp Signed-off-by: Linus Torvalds commit ada4ab7af1a67db7eb8596709071a97afb2bf7de Author: Chris Down Date: Thu Jun 4 16:50:53 2020 -0700 init: allow distribution configuration of default init Some init systems (eg. systemd) have init at their own paths, for example, /usr/lib/systemd/systemd. A compatibility symlink to one of the hardcoded init paths is provided by another package, usually named something like systemd-sysvcompat or similar. Currently distro maintainers who are hands-off on the bootloader are more or less required to include those compatibility links as part of their base distribution, because it's hard to migrate away from them since there's a risk some users will not get the message to set init= on the kernel command line appropriately. Moreover, for distributions where the init system is something the distribution itself is opinionated about (eg. Arch, which has systemd in the required `base` package), we could usually reasonably configure this ahead of time when building the distribution kernel. However, we currently simply don't have any way to configure the kernel to do this. Here's an example discussion where removing sysvcompat was discussed by distro maintainers[0]. This patch adds a new Kconfig tunable, CONFIG_DEFAULT_INIT, which if set is tried before the hardcoded fallback list. So the order of precedence is now thus: 1. init= on command line (on failure: panic) 2. CONFIG_DEFAULT_INIT (on failure: try #3) 3. Hardcoded fallback list (on failure: panic) This new config parameter will allow distribution maintainers to move away from these compatibility links safely, without having to worry that their users might not have the right init=. There are also two other benefits of this over having the distribution maintain a symlink: 1. One of the value propositions over simply having distributions maintain a /sbin/init symlink via a package is that it also frees distributions which have a preferred default, but not mandatory, init system from having their package manager fight with their users for control of /{s,}bin/init. Instead, the distribution simply makes their preference known in CONFIG_DEFAULT_INIT, and if the user installs another init system and uninstalls the default one they can still make use of /{s,}bin/init and friends for their own uses. This makes more cases Just Work(tm) without the user having to perform extra configuration via init=. 2. Since before this we don't know which path the distribution actually _intends_ to serve init from, we don't pr_err if it is simply missing, and usually will just silently put the user in a /bin/sh shell. Now that the distribution can make a declaration of intent, we can be more vocal when this init system fails to launch for any reason, even if it's simply because no file exists at that location, speeding up the palaver of init/mount dependency/etc debugging a bit. [0]: https://lists.archlinux.org/pipermail/arch-dev-public/2019-January/029435.html Signed-off-by: Chris Down Signed-off-by: Andrew Morton Cc: Greg Kroah-Hartman Cc: Masami Hiramatsu Link: http://lkml.kernel.org/r/20200522160234.GA1487022@chrisdown.name Signed-off-by: Linus Torvalds commit 51da9dfb7f20911ae4e79e9b412a9c2d4c373d4b Author: Nick Desaulniers Date: Thu Jun 4 16:50:49 2020 -0700 elfnote: mark all .note sections SHF_ALLOC ELFNOTE_START allows callers to specify flags for .pushsection assembler directives. All callsites but ELF_NOTE use "a" for SHF_ALLOC. For vdso's that explicitly use ELF_NOTE_START and BUILD_SALT, the same section is specified twice after preprocessing, once with "a" flag, once without. Example: .pushsection .note.Linux, "a", @note ; .pushsection .note.Linux, "", @note ; While GNU as allows this ordering, it warns for the opposite ordering, making these directives position dependent. We'd prefer not to precisely match this behavior in Clang's integrated assembler. Instead, the non __ASSEMBLY__ definition of ELF_NOTE uses __attribute__((section(".note.Linux"))) which is created with SHF_ALLOC, so let's make the __ASSEMBLY__ definition of ELF_NOTE consistent with C and just always use "a" flag. This allows Clang to assemble a working mainline (5.6) kernel via: $ make CC=clang AS=clang Signed-off-by: Nick Desaulniers Signed-off-by: Andrew Morton Reviewed-by: Nathan Chancellor Reviewed-by: Fangrui Song Cc: Jeremy Fitzhardinge Cc: Thomas Gleixner Cc: Vincenzo Frascino Link: https://github.com/ClangBuiltLinux/linux/issues/913 Link: http://lkml.kernel.org/r/20200325231250.99205-1-ndesaulniers@google.com Debugged-by: Ilie Halip Signed-off-by: Linus Torvalds commit 852991dd3a7374a15b21b904117272f57939463c Author: Anthony Iliopoulos Date: Thu Jun 4 16:50:46 2020 -0700 fs/binfmt_elf: remove redundant elf_map ifndef The ifndef was added a long time ago to support archs that would define their own mapping function. The last user was the metag arch which was removed from the tree, and as such there are no users left. Let's kill it. Signed-off-by: Anthony Iliopoulos Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200402161543.4119-1-ailiop@suse.com Signed-off-by: Linus Torvalds commit c7f574d0e9f9e8c3655b6bb06e69e37d341956d3 Author: Geert Uytterhoeven Date: Thu Jun 4 16:50:43 2020 -0700 checkpatch: use patch subject when reading from stdin While "git am" can apply an mbox file containing multiple patches (e.g. as created by b4[1], or a patch bundle downloaded from patchwork), checkpatch does not have proper support for that. When operating on an mbox, checkpatch will merge all detected tags, and complain falsely about duplicates: WARNING: Duplicate signature As modifying checkpatch to reset state in between each patch is a lot of work, a simple solution is splitting the mbox into individual patches, and invoking checkpatch for each of them. Fortunately checkpatch can read a patch from stdin, so the classic "formail" tool can be used to split the mbox, and pipe all individual patches to checkpatch: formail -s scripts/checkpatch.pl < my-mbox However, when reading a patch file from standard input, checkpatch calls it "Your patch", and reports its state as: Your patch has style problems, please review. or: Your patch has no obvious style problems and is ready for submission. Hence it can be difficult to identify which patches need to be reviewed and improved. Fix this by replacing "Your patch" by (the first line of) the email subject, if present. Note that "git mailsplit" can also be used to split an mbox, but it will create individual files for each patch, thus requiring cleanup afterwards. Formail does not have this disadvantage. [1] https://git.kernel.org/pub/scm/utils/b4/b4.git [joe@perches.com: reduce cpu usage] Link: http://lkml.kernel.org/r/c9d89bb24c7414142414c60371e210fdcf4617d2.camel@perches.com Signed-off-by: Geert Uytterhoeven Signed-off-by: Andrew Morton Cc: Joe Perches Cc: Konstantin Ryabitsev Link: http://lkml.kernel.org/r/20200505132613.17452-1-geert+renesas@glider.be Signed-off-by: Linus Torvalds commit 32f30ca9f19df77eced0ec029ce9dcfb24ff045b Author: Joe Perches Date: Thu Jun 4 16:50:40 2020 -0700 checkpatch: disallow --git and --file/--fix Don't allow these options to be combined. Miscellanea: o Add missing $P: to some die("reason message") output Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/3dc7bdaa58490f5906efc11a4d6113e42a087723.camel@perches.com Signed-off-by: Linus Torvalds commit a55ee0cc09a4e3ee6c4443afdbff53639672178f Author: Joe Perches Date: Thu Jun 4 16:50:36 2020 -0700 checkpatch: look for c99 comments in ctx_locate_comment Some checks look for comments around a specific function like read_barrier_depends. Extend the check to support both c89 and c90 comment styles. c89 /* comment */ or c99 // comment For c99 comments, only look a 3 single lines, the line being scanned, the line above and the line below the line being scanned rather than the patch diff context. Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Tested-by: Paul E. McKenney Cc: Marco Elver Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Andy Whitcroft Cc: Will Deacon Link: http://lkml.kernel.org/r/65cb075435d2f385a53c77571b491b2b09faaf8e.camel@perches.com Signed-off-by: Linus Torvalds commit 7ccf41a89cb0c178dca31bce4836b8fed2694d71 Author: Joe Perches Date: Thu Jun 4 16:50:33 2020 -0700 checkpatch: additional MAINTAINER section entry ordering checks There is a preferred order for the entries in MAINTAINERS sections. See commits 3b50142d8528 ("MAINTAINERS: sort field names for all entries") and 6680125ea5a2 ("MAINTAINERS: list the section entries in the preferred order") Add checkpatch tests to try to keep that ordering. Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Acked-by: Andy Shevchenko Link: http://lkml.kernel.org/r/17677130b3ca62d79817e6a22546bad39d7e81b4.camel@perches.com Signed-off-by: Linus Torvalds commit bd93f003b7462ae39a43c531abca37fe7073b866 Author: Arnd Bergmann Date: Thu Jun 4 16:50:30 2020 -0700 include/linux/bitops.h: avoid clang shift-count-overflow warnings Clang normally does not warn about certain issues in inline functions when it only happens in an eliminated code path. However if something else goes wrong, it does tend to complain about the definition of hweight_long() on 32-bit targets: include/linux/bitops.h:75:41: error: shift count >= width of type [-Werror,-Wshift-count-overflow] return sizeof(w) == 4 ? hweight32(w) : hweight64(w); ^~~~~~~~~~~~ include/asm-generic/bitops/const_hweight.h:29:49: note: expanded from macro 'hweight64' define hweight64(w) (__builtin_constant_p(w) ? __const_hweight64(w) : __arch_hweight64(w)) ^~~~~~~~~~~~~~~~~~~~ include/asm-generic/bitops/const_hweight.h:21:76: note: expanded from macro '__const_hweight64' define __const_hweight64(w) (__const_hweight32(w) + __const_hweight32((w) >> 32)) ^ ~~ include/asm-generic/bitops/const_hweight.h:20:49: note: expanded from macro '__const_hweight32' define __const_hweight32(w) (__const_hweight16(w) + __const_hweight16((w) >> 16)) ^ include/asm-generic/bitops/const_hweight.h:19:72: note: expanded from macro '__const_hweight16' define __const_hweight16(w) (__const_hweight8(w) + __const_hweight8((w) >> 8 )) ^ include/asm-generic/bitops/const_hweight.h:12:9: note: expanded from macro '__const_hweight8' (!!((w) & (1ULL << 2))) + \ Adding an explicit cast to __u64 avoids that warning and makes it easier to read other output. Signed-off-by: Arnd Bergmann Signed-off-by: Andrew Morton Acked-by: Christian Brauner Cc: Andy Shevchenko Cc: Rasmus Villemoes Cc: Josh Poimboeuf Cc: Nick Desaulniers Link: http://lkml.kernel.org/r/20200505135513.65265-1-arnd@arndb.de Signed-off-by: Linus Torvalds commit c348c16305280fe3e6c1186378f96c8634c149f9 Author: Jesse Brandeburg Date: Thu Jun 4 16:50:27 2020 -0700 lib: make a test module with set/clear bit Test some bit clears/sets to make sure assembly doesn't change, and that the set_bit and clear_bit functions work and don't cause sparse warnings. Instruct Kbuild to build this file with extra warning level -Wextra, to catch new issues, and also doesn't hurt to build with C=1. This was used to test changes to arch/x86/include/asm/bitops.h. In particular, sparse (C=1) was very concerned when the last bit before a natural boundary, like 7, or 31, was being tested, as this causes sign extension (0xffffff7f) for instance when clearing bit 7. Recommended usage: make defconfig scripts/config -m CONFIG_TEST_BITOPS make modules_prepare make C=1 W=1 lib/test_bitops.ko objdump -S -d lib/test_bitops.ko insmod lib/test_bitops.ko rmmod lib/test_bitops.ko , there should be no compiler/sparse warnings and no error messages in log. Link: http://lkml.kernel.org/r/20200310221747.2848474-2-jesse.brandeburg@intel.com Signed-off-by: Jesse Brandeburg Reviewed-by: Andy Shevchenko Cc: Thomas Gleixner CcL Ingo Molnar Signed-off-by: Andrew Morton Cc: Borislav Petkov Cc: Rasmus Villemoes Cc: Dan Williams Cc: Peter Zijlstra Cc: Wei Yang Cc: Christian Brauner Signed-off-by: Linus Torvalds commit 63d7f8167fe65891617d5eca6314eca46029955c Author: Tan Hu Date: Thu Jun 4 16:50:23 2020 -0700 lib/flex_proportions.c: cleanup __fprop_inc_percpu_max If the given type has fraction smaller than max_frac/FPROP_FRAC_BASE, the code could be modified to call __fprop_inc_percpu() directly and easier to understand. After this patch, fprop_reflect_period_percpu() will be called twice, and quicky return on pl->period == p->period test, so it would not result to significant downside of performance. Thanks for Jan's guidance. Signed-off-by: Tan Hu Signed-off-by: Andrew Morton Reviewed-by: Jan Kara Cc: Cc: Yi Wang Cc: Link: http://lkml.kernel.org/r/1589004753-27554-1-git-send-email-tan.hu@zte.com.cn Signed-off-by: Linus Torvalds commit a818e526cb4e5f8b06f4d648b88b269fbdd85bdd Author: Joe Perches Date: Thu Jun 4 16:50:20 2020 -0700 lib/percpu-refcount.c: use a more common logging style Remove the trailing newline from the used-once pr_fmt and add it to the single use of pr_ in this code to use a more common logging style. Miscellanea: o Use %lu in the pr_debug format and remove the unnecessary cast Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Cc: Christophe JAILLET Link: http://lkml.kernel.org/r/47372467902a047c03b0fd29aab56e0c38d3f848.camel@perches.com Signed-off-by: Linus Torvalds commit acaab7335bd6f0c0b54ce3a00bd7f18222ce0f5f Author: Jann Horn Date: Thu Jun 4 16:50:17 2020 -0700 lib/zlib: remove outdated and incorrect pre-increment optimization The zlib inflate code has an old micro-optimization based on the assumption that for pre-increment memory accesses, the compiler will generate code that fits better into the processor's pipeline than what would be generated for post-increment memory accesses. This optimization was already removed in upstream zlib in 2016: https://github.com/madler/zlib/commit/9aaec95e8211 This optimization causes UB according to C99, which says in section 6.5.6 "Additive operators": "If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined". This UB is not only a theoretical concern, but can also cause trouble for future work on compiler-based sanitizers. According to the zlib commit, this optimization also is not optimal anymore with modern compilers. Replace uses of OFF, PUP and UP_UNALIGNED with their definitions in the POSTINC case, and remove the macro definitions, just like in the upstream patch. Signed-off-by: Jann Horn Signed-off-by: Andrew Morton Cc: Mikhail Zaslonko Link: http://lkml.kernel.org/r/20200507123112.252723-1-jannh@google.com Signed-off-by: Linus Torvalds commit 02223e36f315be7e647aa4fbb09a8f8b5a2fa43e Author: Jason Yan Date: Thu Jun 4 16:50:14 2020 -0700 lib/test_lockup.c: make test_inode static Fix the following sparse warning: lib/test_lockup.c:145:14: warning: symbol 'test_inode' was not declared. Should it be static? Reported-by: Hulk Robot Signed-off-by: Jason Yan Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200417074021.46411-1-yanaijie@huawei.com Signed-off-by: Linus Torvalds commit 07887358993d48571f0f3a25cfce715564b35587 Author: KP Singh Date: Thu Jun 4 16:50:11 2020 -0700 lib: Add might_fault() to strncpy_from_user. When updating a piece of broken logic from using get_user to strncpy_from_user, we noticed that a warning which is expected when calling a function that might fault from an atomic context with pagefaults enabled disappeared. Not having this warning in place can lead to calling strncpy_from_user from an atomic context and eventually kernel crashes/stack corruption. Signed-off-by: KP Singh Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Jann Horn Cc: Christophe Leroy Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20200414225705.255711-1-kpsingh@chromium.org Signed-off-by: Linus Torvalds commit 9ac17575804024fb3d5692cad7afc08929bab981 Author: Christophe JAILLET Date: Thu Jun 4 16:50:08 2020 -0700 lib/math: avoid trailing newline hidden in pr_fmt() pr_xxx() functions usually have a newline at the end of the logging message. Here, this newline is added via the 'pr_fmt' macro. In order to be more consistent with other files, use a more standard convention and put these newlines back in the messages themselves and remove it from the pr_fmt macro. While at it, use __func__ instead of hardcoding a function name in the last message. Signed-off-by: Christophe JAILLET Signed-off-by: Andrew Morton Reviewed-by: Andy Shevchenko Cc: Mauro Carvalho Chehab Cc: Andrew Morton Cc: Greg Kroah-Hartman Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200409163234.22830-1-christophe.jaillet@wanadoo.fr Signed-off-by: Linus Torvalds commit e33c9fe8b80ca86392a35ffff81fbfb6a54d2d22 Author: Joe Perches Date: Thu Jun 4 16:50:04 2020 -0700 get_maintainer: fix unexpected behavior for path/to//file (double slashes) get_maintainer behaves differently if there is a double sequential forward slash in a filename because the total number of slashes in a filename is used to match MAINTAINERS file patterns. For example: (with double slash) $ ./scripts/get_maintainer.pl -f drivers/gpu/drm//lima David Airlie (maintainer:DRM DRIVERS) Daniel Vetter (maintainer:DRM DRIVERS,commit_signer:3/42=7%) Qiang Yu (commit_signer:36/42=86%,authored:24/42=57%) Vasily Khoruzhick (commit_signer:26/42=62%) Krzysztof Kozlowski (commit_signer:5/42=12%,authored:5/42=12%) Emil Velikov (commit_signer:4/42=10%) dri-devel@lists.freedesktop.org (open list:DRM DRIVERS) linux-kernel@vger.kernel.org (open list) (without double slash) $ ./scripts/get_maintainer.pl -f drivers/gpu/drm/lima Qiang Yu (maintainer:DRM DRIVERS FOR LIMA) David Airlie (maintainer:DRM DRIVERS) Daniel Vetter (maintainer:DRM DRIVERS) dri-devel@lists.freedesktop.org (open list:DRM DRIVERS FOR LIMA) lima@lists.freedesktop.org (moderated list:DRM DRIVERS FOR LIMA) linux-kernel@vger.kernel.org (open list) So reduce consecutive double slashes to a single slash by using File::Spec->canonpath(). from: https://perldoc.perl.org/File/Spec/Unix.html canonpath() No physical check on the filesystem, but a logical cleanup of a path. On UNIX eliminates successive slashes and successive "/.". Reported-by: Emil Velikov Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/9a18b611813bb409fef15bc8927adab79eb9be43.camel@perches.com Signed-off-by: Linus Torvalds commit 0c78c013762142bfe8fce34e7e968f83f0a4b891 Author: Joe Perches Date: Thu Jun 4 16:50:01 2020 -0700 get_maintainer: add email addresses from .yaml files .yaml files can contain maintainer/author addresses and it seems unlikely or unnecessary that individual MAINTAINER file section entries for each .yaml file will be created. So add the email addresses found in .yaml files to the default get_maintainer output. The email addresses are marked with "(in file)" when using the "--roles" or "--rolestats" options. Miscellanea: o Change $file_emails to $email_file_emails to avoid visual naming conflicts with @file_emails Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Tested-by: Sam Ravnborg Acked-by: Sam Ravnborg Link: http://lkml.kernel.org/r/e85006456d9dbae55286c67ac5263668a72f5b58.1588022228.git.joe@perches.com Signed-off-by: Linus Torvalds commit de83dbd97f173650a602c5e356025b732173ecc4 Author: Jason Yan Date: Thu Jun 4 16:49:58 2020 -0700 user.c: make uidhash_table static Fix the following sparse warning: kernel/user.c:85:19: warning: symbol 'uidhash_table' was not declared. Should it be static? Reported-by: Hulk Robot Signed-off-by: Jason Yan Signed-off-by: Andrew Morton Cc: David Howells Cc: Greg Kroah-Hartman Cc: Rasmus Villemoes Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200413082146.22737-1-yanaijie@huawei.com Signed-off-by: Linus Torvalds commit 8977a27b663ebb3bc745a1e7f91b2927b4522861 Author: Alexey Dobriyan Date: Thu Jun 4 16:49:55 2020 -0700 proc: rename "catch" function argument "catch" is reserved keyword in C++, rename it to something both gcc and g++ accept. Rename "ign" for symmetry. Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200331210905.GA31680@avx2 Signed-off-by: Linus Torvalds commit 276aa42e9ff3a9dcea6a91d515916c653c5f9c6d Author: Andy Shevchenko Date: Thu Jun 4 16:49:52 2020 -0700 zcomp: Use ARRAY_SIZE() for backends list Instead of keeping NULL terminated array switch to use ARRAY_SIZE() which helps to further clean up. Signed-off-by: Andy Shevchenko Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Acked-by: Minchan Kim Cc: Sergey Senozhatsky Cc: Jens Axboe Cc: Andy Shevchenko Link: http://lkml.kernel.org/r/20200508100758.51644-1-andriy.shevchenko@linux.intel.com Signed-off-by: Linus Torvalds commit 2b7874490243e014112100925405c4a17a8c40aa Author: Jason Yan Date: Thu Jun 4 16:49:49 2020 -0700 include/linux/mm.h: return true in cpupid_pid_unset() Fix the following coccicheck warning: include/linux/mm.h:1371:8-9: WARNING: return of 0/1 in function 'cpupid_pid_unset' with return type bool Signed-off-by: Jason Yan Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Link: http://lkml.kernel.org/r/20200422071816.48879-1-yanaijie@huawei.com Signed-off-by: Linus Torvalds commit fa1f68cc88f1dce6b7bb37628eb7c25c96593183 Author: Zou Wei Date: Thu Jun 4 16:49:46 2020 -0700 mm: use false for bool variable Fixes coccicheck warnings: mm/zbud.c:246:1-20: WARNING: Assignment of 0/1 to bool variable mm/mremap.c:777:2-8: WARNING: Assignment of 0/1 to bool variable mm/huge_memory.c:525:9-10: WARNING: return of 0/1 in function 'is_transparent_hugepage' with return type bool Reported-by: Hulk Robot Signed-off-by: Zou Wei Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Link: http://lkml.kernel.org/r/1586835930-47076-1-git-send-email-zou_wei@huawei.com Signed-off-by: Linus Torvalds commit 985ba004be29b857f3475eea961af5ac6ea5fa4d Author: Ethon Paul Date: Thu Jun 4 16:49:43 2020 -0700 mm/memory: fix a typo in comment "attampt"->"attempt" There is a comment in typo, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200411004043.14686-1-ethp@qq.com Signed-off-by: Linus Torvalds commit e0857cf5ac107b663f1b43ac8e02fdcd9284ad72 Author: Ethon Paul Date: Thu Jun 4 16:49:40 2020 -0700 mm/page-writeback: fix a typo in comment "effictive"->"effective" There is a typo in comment, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200411003513.14613-1-ethp@qq.com Signed-off-by: Linus Torvalds commit 2e6787d380620e87b7d0ccbc0e52f7024a49efd1 Author: Ethon Paul Date: Thu Jun 4 16:49:37 2020 -0700 mm/sparse: fix a typo in comment "convienence"->"convenience" There is a typo in comment, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200411002955.14545-1-ethp@qq.com Signed-off-by: Linus Torvalds commit 0d645ed19cf9452827d69b733beeff58ed32ea56 Author: Ethon Paul Date: Thu Jun 4 16:49:34 2020 -0700 mm/slub: fix a typo in comment "disambiguiation"->"disambiguation" There is a typo in comment, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Acked-by: David Rientjes Link: http://lkml.kernel.org/r/20200411002247.14468-1-ethp@qq.com Signed-off-by: Linus Torvalds commit 68956ccb6ca96bd8873c1a0d30d9749094090922 Author: Ethon Paul Date: Thu Jun 4 16:49:31 2020 -0700 mm: fix a typo in comment "strucure"->"structure" There is a typo in comment, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Reviewed-by: Ralph Campbell Link: http://lkml.kernel.org/r/20200411064723.15855-1-ethp@qq.com Signed-off-by: Linus Torvalds commit b8f2935f72448940b1ea8f5caf7fa984a4775fbc Author: Ethon Paul Date: Thu Jun 4 16:49:28 2020 -0700 mm, memcg: fix some typos in memcontrol.c There are some typos in comment, fix them. s/responsiblity/responsibility s/oflline/offline Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200411064246.15781-1-ethp@qq.com Signed-off-by: Linus Torvalds commit 404f3ecfd86b14c2087901f11360d70bea05523e Author: Ethon Paul Date: Thu Jun 4 16:49:25 2020 -0700 mm/frontswap: fix some typos in frontswap.c There are some typos in comment, fix them. s/Fortunatly/Fortunately s/taked/taken s/necessory/necessary s/shink/shrink Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200411064009.15727-1-ethp@qq.com Signed-off-by: Linus Torvalds commit ffceeb62fce4b819f295bc724b413d62364f8d16 Author: Ethon Paul Date: Thu Jun 4 16:49:22 2020 -0700 mm/filemap: fix a typo in comment "unneccssary"->"unnecessary" There is a typo in comment, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Reviewed-by: Ralph Campbell Link: http://lkml.kernel.org/r/20200411065141.15936-1-ethp@qq.com Signed-off-by: Linus Torvalds commit 3dc5f032c4baae1b41977fab649c104015e3dcff Author: Ethon Paul Date: Thu Jun 4 16:49:19 2020 -0700 mm/list_lru: fix a typo in comment "numbesr"->"numbers" There is a typo in comment, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Reviewed-by: Ralph Campbell Link: http://lkml.kernel.org/r/20200411071041.16161-1-ethp@qq.com Signed-off-by: Linus Torvalds commit df1758d9f28539091b9b9636b8485697b043b80b Author: Ethon Paul Date: Thu Jun 4 16:49:16 2020 -0700 mm/memblock: fix a typo in comment "implict"->"implicit" There is a typo in commet, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Reviewed-by: Ralph Campbell Link: http://lkml.kernel.org/r/20200411070701.16097-1-ethp@qq.com Signed-off-by: Linus Torvalds commit f386775510bf35d8ad28ad77e8d82524957abde7 Author: Ethon Paul Date: Thu Jun 4 16:49:13 2020 -0700 mm/compaction: fix a typo in comment "pessemistic"->"pessimistic" There is a typo in comment, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Reviewed-by: Ralph Campbell Link: http://lkml.kernel.org/r/20200411070307.16021-1-ethp@qq.com Signed-off-by: Linus Torvalds commit 55b65a57c2542165933611a7abb6e22b797acac0 Author: Ethon Paul Date: Thu Jun 4 16:49:10 2020 -0700 mm/vmsan: fix some typos in comment There are some typos, fix them. s/regsitration/registration s/santity/sanity s/decremeting/decrementing Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Reviewed-by: Ralph Campbell Link: http://lkml.kernel.org/r/20200411071544.16222-1-ethp@qq.com Signed-off-by: Linus Torvalds commit 7c8de3588972eddc0b4fb6f71be470b12b171d9d Author: Ethon Paul Date: Thu Jun 4 16:49:07 2020 -0700 mm/hugetlb: fix a typos in comments [akpm@linux-foundation.org: coding style fixes] Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Reviewed-by: Ralph Campbell Link: http://lkml.kernel.org/r/20200410163714.14085-1-ethp@qq.com Signed-off-by: Linus Torvalds commit b4f315b40d43aec9234556ce678e3c3469cc838e Author: Ethon Paul Date: Thu Jun 4 16:49:04 2020 -0700 mm: mmap: fix a typo in comment "compatbility"->"compatibility" There is a typo in comment, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Reviewed-by: Ralph Campbell Link: http://lkml.kernel.org/r/20200410163206.14016-1-ethp@qq.com Signed-off-by: Linus Torvalds commit 457aef949de9efe9cf96a2452f1f372bc158f777 Author: Ethon Paul Date: Thu Jun 4 16:49:01 2020 -0700 mm: ksm: fix a typo in comment "alreaady"->"already" There is a typo in comment, fix it. Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Reviewed-by: Ralph Campbell Link: http://lkml.kernel.org/r/20200410162427.13927-1-ethp@qq.com Signed-off-by: Linus Torvalds commit 52cfc24578c32aa4d604fcb38e081ed0eb4cfb5c Author: Ethon Paul Date: Thu Jun 4 16:48:58 2020 -0700 mm/memory_hotplug: fix a typo in comment "recoreded"->"recorded" There is a typo in comment, fix it. s/recoreded/recorded Signed-off-by: Ethon Paul Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Reviewed-by: Ralph Campbell Link: http://lkml.kernel.org/r/20200410160328.13843-1-ethp@qq.com Signed-off-by: Linus Torvalds commit 57e86fa16a707db9e05dec77eb88a398f05a022b Author: chenqiwu Date: Thu Jun 4 16:48:55 2020 -0700 mm: replace zero-length array with flexible-array member The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") [akpm@linux-foundation.org: fix build] Signed-off-by: chenqiwu Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Reviewed-by: Wei Yang Cc: Matthew Wilcox Cc: David Hildenbrand Cc: Michal Hocko Cc: Pankaj Gupta Cc: Yang Shi Cc: Qian Cai Cc: Baoquan He Link: http://lkml.kernel.org/r/1586599916-15456-1-git-send-email-qiwuchen55@gmail.com Signed-off-by: Linus Torvalds commit b59d02ed086907e2d4ea3ecf0720f0cbd54a2601 Author: Michal Hocko Date: Thu Jun 4 16:48:51 2020 -0700 mm/memory_hotplug: disable the functionality for 32b Memory hotlug is broken for 32b systems at least since c6f03e2903c9 ("mm, memory_hotplug: remove zone restrictions") which has considerably reworked how can be memory associated with movable/kernel zones. The same is not really trivial to achieve in 32b where only lowmem is the kernel zone. While we can tweak this immediate problem around there are likely other land mines hidden at other places. It is also quite dubious that there is a real usecase for the memory hotplug on 32b in the first place. Low memory is just too small to be hotplugable (for hot add) and generally unusable for hotremove. Adding more memory to highmem is also dubious because it would increase the low mem or vmalloc space pressure for memmaps. Restrict the functionality to 64b systems. This will help future development to focus on usecases that have real life application. We can remove this restriction in future in presence of a real life usecase of course but until then make it explicit that hotplug on 32b is broken and requires a non trivial amount of work to fix. Robin said: "32-bit Arm doesn't support memory hotplug, and as far as I'm aware there's little likelihood of it ever wanting to. FWIW it looks like SuperH is the only pure-32-bit architecture to have hotplug support at all" Signed-off-by: Michal Hocko Signed-off-by: Andrew Morton Acked-by: David Hildenbrand Acked-by: Baoquan He Cc: Wei Yang Cc: Naoya Horiguchi Cc: Oscar Salvador Cc: Robin Murphy Cc: Vamshi K Sthambamkadi Link: http://lkml.kernel.org/r/20200218100532.GA4151@dhcp22.suse.cz Link: https://bugzilla.kernel.org/show_bug.cgi?id=206401 Signed-off-by: Linus Torvalds commit 8a725e4694b52ffad755500277d36f3b2eb34755 Author: David Hildenbrand Date: Thu Jun 4 16:48:48 2020 -0700 device-dax: add memory via add_memory_driver_managed() Currently, when adding memory, we create entries in /sys/firmware/memmap/ as "System RAM". This will lead to kexec-tools to add that memory to the fixed-up initial memmap for a kexec kernel (loaded via kexec_load()). The memory will be considered initial System RAM by the kexec'd kernel and can no longer be reconfigured. This is not what happens during a real reboot. Let's add our memory via add_memory_driver_managed() now, so we won't create entries in /sys/firmware/memmap/ and indicate the memory as "System RAM (kmem)" in /proc/iomem. This allows everybody (especially kexec-tools) to identify that this memory is special and has to be treated differently than ordinary (hotplugged) System RAM. Before configuring the namespace: [root@localhost ~]# cat /proc/iomem ... 140000000-33fffffff : Persistent Memory 140000000-33fffffff : namespace0.0 3280000000-32ffffffff : PCI Bus 0000:00 After configuring the namespace: [root@localhost ~]# cat /proc/iomem ... 140000000-33fffffff : Persistent Memory 140000000-1481fffff : namespace0.0 148200000-33fffffff : dax0.0 3280000000-32ffffffff : PCI Bus 0000:00 After loading kmem before this change: [root@localhost ~]# cat /proc/iomem ... 140000000-33fffffff : Persistent Memory 140000000-1481fffff : namespace0.0 150000000-33fffffff : dax0.0 150000000-33fffffff : System RAM 3280000000-32ffffffff : PCI Bus 0000:00 After loading kmem after this change: [root@localhost ~]# cat /proc/iomem ... 140000000-33fffffff : Persistent Memory 140000000-1481fffff : namespace0.0 150000000-33fffffff : dax0.0 150000000-33fffffff : System RAM (kmem) 3280000000-32ffffffff : PCI Bus 0000:00 After a proper reboot: [root@localhost ~]# cat /proc/iomem ... 140000000-33fffffff : Persistent Memory 140000000-1481fffff : namespace0.0 148200000-33fffffff : dax0.0 3280000000-32ffffffff : PCI Bus 0000:00 Within the kexec kernel before this change: [root@localhost ~]# cat /proc/iomem ... 140000000-33fffffff : Persistent Memory 140000000-1481fffff : namespace0.0 150000000-33fffffff : System RAM 3280000000-32ffffffff : PCI Bus 0000:00 Within the kexec kernel after this change: [root@localhost ~]# cat /proc/iomem ... 140000000-33fffffff : Persistent Memory 140000000-1481fffff : namespace0.0 148200000-33fffffff : dax0.0 3280000000-32ffffffff : PCI Bus 0000:00 /sys/firmware/memmap/ before this change: 0000000000000000-000000000009fc00 (System RAM) 000000000009fc00-00000000000a0000 (Reserved) 00000000000f0000-0000000000100000 (Reserved) 0000000000100000-00000000bffdf000 (System RAM) 00000000bffdf000-00000000c0000000 (Reserved) 00000000feffc000-00000000ff000000 (Reserved) 00000000fffc0000-0000000100000000 (Reserved) 0000000100000000-0000000140000000 (System RAM) 0000000150000000-0000000340000000 (System RAM) /sys/firmware/memmap/ after a proper reboot: 0000000000000000-000000000009fc00 (System RAM) 000000000009fc00-00000000000a0000 (Reserved) 00000000000f0000-0000000000100000 (Reserved) 0000000000100000-00000000bffdf000 (System RAM) 00000000bffdf000-00000000c0000000 (Reserved) 00000000feffc000-00000000ff000000 (Reserved) 00000000fffc0000-0000000100000000 (Reserved) 0000000100000000-0000000140000000 (System RAM) /sys/firmware/memmap/ after this change: 0000000000000000-000000000009fc00 (System RAM) 000000000009fc00-00000000000a0000 (Reserved) 00000000000f0000-0000000000100000 (Reserved) 0000000000100000-00000000bffdf000 (System RAM) 00000000bffdf000-00000000c0000000 (Reserved) 00000000feffc000-00000000ff000000 (Reserved) 00000000fffc0000-0000000100000000 (Reserved) 0000000100000000-0000000140000000 (System RAM) kexec-tools already seem to basically ignore any System RAM that's not on top level when searching for areas to place kexec images - but also for determining crash areas to dump via kdump. Changing the resource name won't have an impact. Handle unloading of the driver after memory hotremove failed properly, by duplicating the string if necessary. Signed-off-by: David Hildenbrand Signed-off-by: Andrew Morton Acked-by: Pankaj Gupta Cc: Michal Hocko Cc: Pankaj Gupta Cc: Wei Yang Cc: Baoquan He Cc: Dave Hansen Cc: Eric Biederman Cc: Pavel Tatashin Cc: Dan Williams Link: http://lkml.kernel.org/r/20200508084217.9160-5-david@redhat.com Signed-off-by: Linus Torvalds commit 3fe4f4991a2a818277445bd5b8b289305b7dd15d Author: David Hildenbrand Date: Thu Jun 4 16:48:44 2020 -0700 kexec_file: don't place kexec images on IORESOURCE_MEM_DRIVER_MANAGED Memory flagged with IORESOURCE_MEM_DRIVER_MANAGED is special - it won't be part of the initial memmap of the kexec kernel and not all memory might be accessible. Don't place any kexec images onto it. Signed-off-by: David Hildenbrand Signed-off-by: Andrew Morton Cc: Michal Hocko Cc: Pankaj Gupta Cc: Wei Yang Cc: Baoquan He Cc: Dave Hansen Cc: Eric Biederman Cc: Pavel Tatashin Cc: Dan Williams Link: http://lkml.kernel.org/r/20200508084217.9160-4-david@redhat.com Signed-off-by: Linus Torvalds commit 7b7b27214bba1966772f9213cd2d8e5d67f8487f Author: David Hildenbrand Date: Thu Jun 4 16:48:41 2020 -0700 mm/memory_hotplug: introduce add_memory_driver_managed() Patch series "mm/memory_hotplug: Interface to add driver-managed system ram", v4. kexec (via kexec_load()) can currently not properly handle memory added via dax/kmem, and will have similar issues with virtio-mem. kexec-tools will currently add all memory to the fixed-up initial firmware memmap. In case of dax/kmem, this means that - in contrast to a proper reboot - how that persistent memory will be used can no longer be configured by the kexec'd kernel. In case of virtio-mem it will be harmful, because that memory might contain inaccessible pieces that require coordination with hypervisor first. In both cases, we want to let the driver in the kexec'd kernel handle detecting and adding the memory, like during an ordinary reboot. Introduce add_memory_driver_managed(). More on the samentics are in patch #1. In the future, we might want to make this behavior configurable for dax/kmem- either by configuring it in the kernel (which would then also allow to configure kexec_file_load()) or in kexec-tools by also adding "System RAM (kmem)" memory from /proc/iomem to the fixed-up initial firmware memmap. More on the motivation can be found in [1] and [2]. [1] https://lkml.kernel.org/r/20200429160803.109056-1-david@redhat.com [2] https://lkml.kernel.org/r/20200430102908.10107-1-david@redhat.com This patch (of 3): Some device drivers rely on memory they managed to not get added to the initial (firmware) memmap as system RAM - so it's not used as initial system RAM by the kernel and the driver is under control. While this is the case during cold boot and after a reboot, kexec is not aware of that and might add such memory to the initial (firmware) memmap of the kexec kernel. We need ways to teach kernel and userspace that this system ram is different. For example, dax/kmem allows to decide at runtime if persistent memory is to be used as system ram. Another future user is virtio-mem, which has to coordinate with its hypervisor to deal with inaccessible parts within memory resources. We want to let users in the kernel (esp. kexec) but also user space (esp. kexec-tools) know that this memory has different semantics and needs to be handled differently: 1. Don't create entries in /sys/firmware/memmap/ 2. Name the memory resource "System RAM ($DRIVER)" (exposed via /proc/iomem) ($DRIVER might be "kmem", "virtio_mem"). 3. Flag the memory resource IORESOURCE_MEM_DRIVER_MANAGED /sys/firmware/memmap/ [1] represents the "raw firmware-provided memory map" because "on most architectures that firmware-provided memory map is modified afterwards by the kernel itself". The primary user is kexec on x86-64. Since commit d96ae5309165 ("memory-hotplug: create /sys/firmware/memmap entry for new memory"), we add all hotplugged memory to that firmware memmap - which makes perfect sense for traditional memory hotplug on x86-64, where real HW will also add hotplugged DIMMs to the firmware memmap. We replicate what the "raw firmware-provided memory map" looks like after hot(un)plug. To keep things simple, let the user provide the full resource name instead of only the driver name - this way, we don't have to manually allocate/craft strings for memory resources. Also use the resource name to make decisions, to avoid passing additional flags. In case the name isn't "System RAM", it's special. We don't have to worry about firmware_map_remove() on the removal path. If there is no entry, it will simply return with -EINVAL. We'll adapt dax/kmem in a follow-up patch. [1] https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-firmware-memmap Signed-off-by: David Hildenbrand Signed-off-by: Andrew Morton Acked-by: Pankaj Gupta Cc: Michal Hocko Cc: Pankaj Gupta Cc: Wei Yang Cc: Baoquan He Cc: Dave Hansen Cc: Eric Biederman Cc: Pavel Tatashin Cc: Dan Williams Link: http://lkml.kernel.org/r/20200508084217.9160-1-david@redhat.com Link: http://lkml.kernel.org/r/20200508084217.9160-3-david@redhat.com Signed-off-by: Linus Torvalds commit 52219aeaf2dc6f7607704af2c40e3866fb04aed2 Author: David Hildenbrand Date: Thu Jun 4 16:48:38 2020 -0700 mm/memory_hotplug: handle memblocks only with CONFIG_ARCH_KEEP_MEMBLOCK The comment in add_memory_resource() is stale: hotadd_new_pgdat() will no longer call get_pfn_range_for_nid(), as a hotadded pgdat will simply span no pages at all, until memory is moved to the zone/node via move_pfn_range_to_zone() - e.g., when onlining memory blocks. The only archs that care about memblocks for hotplugged memory (either for iterating over all system RAM or testing for memory validity) are arm64, s390x, and powerpc - due to CONFIG_ARCH_KEEP_MEMBLOCK. Without CONFIG_ARCH_KEEP_MEMBLOCK, we can simply stop messing with memblocks. Signed-off-by: David Hildenbrand Signed-off-by: Andrew Morton Acked-by: Mike Rapoport Acked-by: Michal Hocko Cc: Michal Hocko Cc: Baoquan He Cc: Oscar Salvador Cc: Pankaj Gupta Cc: Mike Rapoport Cc: Anshuman Khandual Link: http://lkml.kernel.org/r/20200422155353.25381-3-david@redhat.com Signed-off-by: Linus Torvalds commit c68ab18c6aee0397574afb418f6775f23379198e Author: David Hildenbrand Date: Thu Jun 4 16:48:35 2020 -0700 mm/memory_hotplug: set node_start_pfn of hotadded pgdat to 0 Patch series "mm/memory_hotplug: handle memblocks only with CONFIG_ARCH_KEEP_MEMBLOCK", v1. A hotadded node/pgdat will span no pages at all, until memory is moved to the zone/node via move_pfn_range_to_zone() -> resize_pgdat_range - e.g., when onlining memory blocks. We don't have to initialize the node_start_pfn to the memory we are adding. This patch (of 2): Especially, there is an inconsistency: - Hotplugging memory to a memory-less node with cpus: node_start_pf == 0 - Offlining and removing last memory from a node: node_start_pfn == 0 - Hotplugging memory to a memory-less node without cpus: node_start_pfn != 0 As soon as memory is onlined, node_start_pfn is overwritten with the actual start. E.g., when adding two DIMMs but only onlining one of both, only that DIMM (with online memory blocks) is spanned by the node. Currently, the validity of node_start_pfn really is linked to node_spanned_pages != 0. With node_spanned_pages == 0 (e.g., before onlining memory), it has no meaning. So let's stop setting node_start_pfn, just to be overwritten via move_pfn_range_to_zone(). This avoids confusion when looking at the code, wondering which magic will be performed with the node_start_pfn in this function, when hotadding a pgdat. Signed-off-by: David Hildenbrand Signed-off-by: Andrew Morton Acked-by: Pankaj Gupta Cc: Michal Hocko Cc: Baoquan He Cc: Oscar Salvador Cc: Pankaj Gupta Cc: Anshuman Khandual Cc: Mike Rapoport Cc: Michal Hocko Link: http://lkml.kernel.org/r/20200422155353.25381-1-david@redhat.com Link: http://lkml.kernel.org/r/20200422155353.25381-2-david@redhat.com Signed-off-by: Linus Torvalds commit 04f3465c98665b7c5a3484d7194f1858954069f5 Author: David Hildenbrand Date: Thu Jun 4 16:48:31 2020 -0700 mm/memory_hotplug: remove is_mem_section_removable() Fortunately, all users of is_mem_section_removable() are gone. Get rid of it, including some now unnecessary functions. Signed-off-by: David Hildenbrand Signed-off-by: Andrew Morton Reviewed-by: Wei Yang Reviewed-by: Baoquan He Acked-by: Michal Hocko Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Oscar Salvador Link: http://lkml.kernel.org/r/20200407135416.24093-3-david@redhat.com Signed-off-by: Linus Torvalds commit ef1b51f7735e0988ea6bf99fd6eec4698e965b91 Author: David Hildenbrand Date: Thu Jun 4 16:48:28 2020 -0700 powerpc/pseries/hotplug-memory: stop checking is_mem_section_removable() In commit 53cdc1cb29e8 ("drivers/base/memory.c: indicate all memory blocks as removable"), the user space interface to compute whether a memory block can be offlined (exposed via /sys/devices/system/memory/memoryX/removable) has effectively been deprecated. We want to remove the leftovers of the kernel implementation. When offlining a memory block (mm/memory_hotplug.c:__offline_pages()), we'll start by: 1. Testing if it contains any holes, and reject if so 2. Testing if pages belong to different zones, and reject if so 3. Isolating the page range, checking if it contains any unmovable pages Using is_mem_section_removable() before trying to offline is not only racy, it can easily result in false positives/negatives. Let's stop manually checking is_mem_section_removable(), and let device_offline() handle it completely instead. We can remove the racy is_mem_section_removable() implementation next. We now take more locks (e.g., memory hotplug lock when offlining and the zone lock when isolating), but maybe we should optimize that implementation instead if this ever becomes a real problem (after all, memory unplug is already an expensive operation). We started using is_mem_section_removable() in commit 51925fb3c5c9 ("powerpc/pseries: Implement memory hotplug remove in the kernel"), with the initial hotremove support of lmbs. Signed-off-by: David Hildenbrand Signed-off-by: Andrew Morton Cc: Nathan Fontenot Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michal Hocko Cc: Oscar Salvador Cc: Baoquan He Cc: Wei Yang Link: http://lkml.kernel.org/r/20200407135416.24093-2-david@redhat.com Signed-off-by: Linus Torvalds commit fa6d9ec790550b758215b6c6fa9f940878c3e2a2 Author: Vishal Verma Date: Thu Jun 4 16:48:25 2020 -0700 mm/memory_hotplug: refrain from adding memory into an impossible node A misbehaving qemu created a situation where the ACPI SRAT table advertised one fewer proximity domains than intended. The NFIT table did describe all the expected proximity domains. This caused the device dax driver to assign an impossible target_node to the device, and when hotplugged as system memory, this would fail with the following signature: BUG: kernel NULL pointer dereference, address: 0000000000000088 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 80000001767d4067 P4D 80000001767d4067 PUD 10e0c4067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 4 PID: 22737 Comm: kswapd3 Tainted: G O 5.6.0-rc5 #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:prepare_kswapd_sleep+0x7c/0xc0 Code: 89 df e8 87 fd ff ff 89 c2 31 c0 84 d2 74 e6 0f 1f 44 00 00 48 8b 05 fb af 7a 01 48 63 93 88 1d 01 00 48 8b 84 d0 20 0f 00 00 <48> 3b 98 88 00 00 00 75 28 f0 80 a0 80 00 00 00 fe f0 80 a3 38 20 RSP: 0018:ffffc900017a3e78 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff8881209e0000 RCX: 0000000000000000 RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff8881209e0e80 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000008000 R10: 0000000000000000 R11: 0000000000000003 R12: 0000000000000003 R13: 0000000000000003 R14: 0000000000000000 R15: ffffc900017a3ec8 FS: 0000000000000000(0000) GS:ffff888318c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000088 CR3: 0000000120b50002 CR4: 00000000001606e0 Call Trace: kswapd+0x103/0x520 kthread+0x120/0x140 ret_from_fork+0x3a/0x50 Add a check in the add_memory path to fail if the node to which we are adding memory is in the node_possible_map Signed-off-by: Vishal Verma Signed-off-by: Andrew Morton Acked-by: David Hildenbrand Acked-by: Michal Hocko Cc: David Hildenbrand Cc: Dan Williams Cc: Dave Hansen Link: http://lkml.kernel.org/r/20200416225438.15208-1-vishal.l.verma@intel.com Signed-off-by: Linus Torvalds commit d4eaa2837851db2bfed572898bfc17f9a9f9151e Author: Waiman Long Date: Thu Jun 4 16:48:21 2020 -0700 mm: add kvfree_sensitive() for freeing sensitive data objects For kvmalloc'ed data object that contains sensitive information like cryptographic keys, we need to make sure that the buffer is always cleared before freeing it. Using memset() alone for buffer clearing may not provide certainty as the compiler may compile it away. To be sure, the special memzero_explicit() has to be used. This patch introduces a new kvfree_sensitive() for freeing those sensitive data objects allocated by kvmalloc(). The relevant places where kvfree_sensitive() can be used are modified to use it. Fixes: 4f0882491a14 ("KEYS: Avoid false positive ENOMEM error on key read") Suggested-by: Linus Torvalds Signed-off-by: Waiman Long Signed-off-by: Andrew Morton Reviewed-by: Eric Biggers Acked-by: David Howells Cc: Jarkko Sakkinen Cc: James Morris Cc: "Serge E. Hallyn" Cc: Joe Perches Cc: Matthew Wilcox Cc: David Rientjes Cc: Uladzislau Rezki Link: http://lkml.kernel.org/r/20200407200318.11711-1-longman@redhat.com Signed-off-by: Linus Torvalds commit 090e77e166334b83f555de408df64b9ab394ea08 Author: Ira Weiny Date: Thu Jun 4 16:48:18 2020 -0700 kmap: consolidate kmap_prot definitions Most architectures define kmap_prot to be PAGE_KERNEL. Let sparc and xtensa define there own and define PAGE_KERNEL as the default if not overridden. [akpm@linux-foundation.org: coding style fixes] Suggested-by: Christoph Hellwig Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Cc: Al Viro Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-16-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit db6f1785f1c2462c388c516b0dacb980cf65012c Author: Ira Weiny Date: Thu Jun 4 16:48:14 2020 -0700 sparc: remove unnecessary includes linux/highmem.h has not been needed for the pte_offset_map => kmap_atomic use in sparc for some time (~2002) Remove this include. Suggested-by: Al Viro Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Christoph Hellwig Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-15-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit 7438f36310ddd9fe536fc7403187f63427cecaba Author: Ira Weiny Date: Thu Jun 4 16:48:10 2020 -0700 parisc/kmap: remove duplicate kmap code parisc reimplements the kmap calls except to flush its dcache. This is arguably an abuse of kmap but regardless it is messy and confusing. Remove the duplicate code and have parisc define ARCH_HAS_FLUSH_ON_KUNMAP for a kunmap_flush_on_unmap() architecture specific call to flush the cache. Suggested-by: Al Viro Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Christoph Hellwig Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-14-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit 8bfb1a10f2bb621a2c4c8bf7671b163f7e20d332 Author: Ira Weiny Date: Thu Jun 4 16:48:06 2020 -0700 kmap: remove kmap_atomic_to_page() kmap_atomic_to_page() has no callers and is only defined on 1 arch and declared on another. Remove it. Suggested-by: Al Viro Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Christoph Hellwig Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-13-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit 915ecc22d5b20fc936b91d3678b267a96b352c12 Author: Ira Weiny Date: Thu Jun 4 16:48:02 2020 -0700 drm: remove drm specific kmap_atomic code kmap_atomic_prot() is now exported by all architectures. Use this function rather than open coding a driver specific kmap_atomic. [arnd@arndb.de: include linux/highmem.h] Link: http://lkml.kernel.org/r/20200508220150.649044-1-arnd@arndb.de Signed-off-by: Ira Weiny Signed-off-by: Arnd Bergmann Signed-off-by: Andrew Morton Reviewed-by: Christian König Reviewed-by: Christoph Hellwig Acked-by: Daniel Vetter Cc: Al Viro Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Chris Zankel Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-12-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit 20b271dfe9d932b02b067a1f7ba9805c5b8d79bd Author: Ira Weiny Date: Thu Jun 4 16:47:58 2020 -0700 arch/kmap: define kmap_atomic_prot() for all arch's To support kmap_atomic_prot(), all architectures need to support protections passed to their kmap_atomic_high() function. Pass protections into kmap_atomic_high() and change the name to kmap_atomic_high_prot() to match. Then define kmap_atomic_prot() as a core function which calls kmap_atomic_high_prot() when needed. Finally, redefine kmap_atomic() as a wrapper of kmap_atomic_prot() with the default kmap_prot exported by the architectures. Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Cc: Al Viro Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-11-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit d8c25836fa16496392bfa6a43908d231dd41bfc6 Author: Ira Weiny Date: Thu Jun 4 16:47:54 2020 -0700 arch/kmap: don't hard code kmap_prot values To support kmap_atomic_prot() on all architectures each arch must support protections passed in to them. Change csky, mips, nds32 and xtensa to use their global constant kmap_prot rather than a hard coded value which was equal. Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Cc: Al Viro Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-10-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit db458d73fa35e256bba90b59a6776810800c8bb6 Author: Ira Weiny Date: Thu Jun 4 16:47:50 2020 -0700 arch/kmap: ensure kmap_prot visibility We want to support kmap_atomic_prot() on all architectures and it makes sense to define kmap_atomic() to use the default kmap_prot. So we ensure all arch's have a globally available kmap_prot either as a define or exported symbol. Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Cc: Al Viro Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-9-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit abca2500c0c1b20c3e552f259da4c4a99db3b4d1 Author: Ira Weiny Date: Thu Jun 4 16:47:46 2020 -0700 arch/kunmap_atomic: consolidate duplicate code Every single architecture (including !CONFIG_HIGHMEM) calls... pagefault_enable(); preempt_enable(); ... before returning from __kunmap_atomic(). Lift this code into the kunmap_atomic() macro. While we are at it rename __kunmap_atomic() to kunmap_atomic_high() to be consistent. [ira.weiny@intel.com: don't enable pagefault/preempt twice] Link: http://lkml.kernel.org/r/20200518184843.3029640-1-ira.weiny@intel.com [akpm@linux-foundation.org: coding style fixes] Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Cc: Al Viro Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Guenter Roeck Link: http://lkml.kernel.org/r/20200507150004.1423069-8-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit 78b6d91ec7bbfc5bcc2dd05bb2cf13c9de1dc7cd Author: Ira Weiny Date: Thu Jun 4 16:47:42 2020 -0700 arch/kmap_atomic: consolidate duplicate code Every arch has the same code to ensure atomic operations and a check for !HIGHMEM page. Remove the duplicate code by defining a core kmap_atomic() which only calls the arch specific kmap_atomic_high() when the page is high memory. [akpm@linux-foundation.org: coding style fixes] Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Cc: Al Viro Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-7-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit ee9bc5fdf5b6d24875fc55d43d5a0728bc2add21 Author: Ira Weiny Date: Thu Jun 4 16:47:38 2020 -0700 {x86,powerpc,microblaze}/kmap: move preempt disable During this kmap() conversion series we must maintain bisect-ability. To do this, kmap_atomic_prot() in x86, powerpc, and microblaze need to remain functional. Create a temporary inline version of kmap_atomic_prot within these architectures so we can rework their kmap_atomic() calls and then lift kmap_atomic_prot() to the core. Suggested-by: Al Viro Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-6-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit e23c45976f82ac789469c37e4d5a72ea2ce30bba Author: Ira Weiny Date: Thu Jun 4 16:47:34 2020 -0700 arch/kunmap: remove duplicate kunmap implementations All architectures do exactly the same thing for kunmap(); remove all the duplicate definitions and lift the call to the core. This also has the benefit of changing kmap_unmap() on a number of architectures to be an inline call rather than an actual function. [akpm@linux-foundation.org: fix CONFIG_HIGHMEM=n build on various architectures] Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Cc: Al Viro Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-5-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit 525aaf9bad00e7454b9f9b3873e92795afb59f8e Author: Ira Weiny Date: Thu Jun 4 16:47:30 2020 -0700 arch/kmap: remove redundant arch specific kmaps The kmap code for all the architectures is almost 100% identical. Lift the common code to the core. Use ARCH_HAS_KMAP_FLUSH_TLB to indicate if an arch defines kmap_flush_tlb() and call if if needed. This also has the benefit of changing kmap() on a number of architectures to be an inline call rather than an actual function. Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Cc: Al Viro Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-4-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit 2159687248dda396ae5861b7551aeb0b5527da24 Author: Ira Weiny Date: Thu Jun 4 16:47:26 2020 -0700 arch/xtensa: move kmap build bug out of the way Move the kmap() build bug to kmap_init() to facilitate patches to lift kmap() to the core. Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Cc: Al Viro Cc: Andy Lutomirski Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian König Cc: Chris Zankel Cc: Daniel Vetter Cc: Dan Williams Cc: Dave Hansen Cc: "David S. Miller" Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Max Filippov Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20200507150004.1423069-3-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit 01c4b788e01bfdb715de9a6763a7515da7a30a8f Author: Ira Weiny Date: Thu Jun 4 16:47:22 2020 -0700 arch/kmap: remove BUG_ON() Patch series "Remove duplicated kmap code", v3. The kmap infrastructure has been copied almost verbatim to every architecture. This series consolidates obvious duplicated code by defining core functions which call into the architectures only when needed. Some of the k[un]map_atomic() implementations have some similarities but the similarities were not sufficient to warrant further changes. In addition we remove a duplicate implementation of kmap() in DRM. This patch (of 15): Replace the use of BUG_ON(in_interrupt()) in the kmap() and kunmap() in favor of might_sleep(). Besides the benefits of might_sleep(), this normalizes the implementations such that they can be made generic in subsequent patches. Signed-off-by: Ira Weiny Signed-off-by: Andrew Morton Reviewed-by: Dan Williams Reviewed-by: Christoph Hellwig Cc: Al Viro Cc: Christian König Cc: Daniel Vetter Cc: Thomas Bogendoerfer Cc: "James E.J. Bottomley" Cc: Helge Deller Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: "David S. Miller" Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Chris Zankel Cc: Max Filippov Link: http://lkml.kernel.org/r/20200507150004.1423069-1-ira.weiny@intel.com Link: http://lkml.kernel.org/r/20200507150004.1423069-2-ira.weiny@intel.com Signed-off-by: Linus Torvalds commit 73221d8887241103b4e6193b9c41114256ed4a18 Author: Jeongtae Park Date: Thu Jun 4 16:47:19 2020 -0700 mm/vmalloc: fix a typo in comment There is a typo in comment, fix it. "nother" -> "another" Signed-off-by: Jeongtae Park Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Cc: Andrey Ryabinin Cc: Christoph Hellwig Link: http://lkml.kernel.org/r/20200604185239.20765-1-jtp.park@samsung.com Signed-off-by: Linus Torvalds commit 399145f9eb6c670daa605f0a823f836761e560ae Author: Anshuman Khandual Date: Thu Jun 4 16:47:15 2020 -0700 mm/debug: add tests validating architecture page table helpers This adds tests which will validate architecture page table helpers and other accessors in their compliance with expected generic MM semantics. This will help various architectures in validating changes to existing page table helpers or addition of new ones. This test covers basic page table entry transformations including but not limited to old, young, dirty, clean, write, write protect etc at various level along with populating intermediate entries with next page table page and validating them. Test page table pages are allocated from system memory with required size and alignments. The mapped pfns at page table levels are derived from a real pfn representing a valid kernel text symbol. This test gets called via late_initcall(). This test gets built and run when CONFIG_DEBUG_VM_PGTABLE is selected. Any architecture, which is willing to subscribe this test will need to select ARCH_HAS_DEBUG_VM_PGTABLE. For now this is limited to arc, arm64, x86, s390 and powerpc platforms where the test is known to build and run successfully Going forward, other architectures too can subscribe the test after fixing any build or runtime problems with their page table helpers. Folks interested in making sure that a given platform's page table helpers conform to expected generic MM semantics should enable the above config which will just trigger this test during boot. Any non conformity here will be reported as an warning which would need to be fixed. This test will help catch any changes to the agreed upon semantics expected from generic MM and enable platforms to accommodate it thereafter. [anshuman.khandual@arm.com: v17] Link: http://lkml.kernel.org/r/1587436495-22033-3-git-send-email-anshuman.khandual@arm.com [anshuman.khandual@arm.com: v18] Link: http://lkml.kernel.org/r/1588564865-31160-3-git-send-email-anshuman.khandual@arm.com Suggested-by: Catalin Marinas Signed-off-by: Anshuman Khandual Signed-off-by: Christophe Leroy Signed-off-by: Qian Cai Signed-off-by: Andrew Morton Tested-by: Gerald Schaefer [s390] Tested-by: Christophe Leroy [ppc32] Reviewed-by: Ingo Molnar Cc: Mike Rapoport Cc: Vineet Gupta Cc: Catalin Marinas Cc: Will Deacon Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Christian Borntraeger Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Kirill A. Shutemov Cc: Paul Walmsley Cc: Palmer Dabbelt Link: http://lkml.kernel.org/r/1583919272-24178-1-git-send-email-anshuman.khandual@arm.com Signed-off-by: Linus Torvalds commit 8898ad58a0195e2d3f5ffb770fbe9c9dc978a171 Author: Anshuman Khandual Date: Thu Jun 4 16:47:12 2020 -0700 x86/mm: define mm_p4d_folded() Patch series "mm/debug: Add tests validating architecture page table helpers", v18. This adds a test validation for architecture exported page table helpers. Patch adds basic transformation tests at various levels of the page table. This test was originally suggested by Catalin during arm64 THP migration RFC discussion earlier. Going forward it can include more specific tests with respect to various generic MM functions like THP, HugeTLB etc and platform specific tests. https://lore.kernel.org/linux-mm/20190628102003.GA56463@arrakis.emea.arm.com/ This patch (of 2): This just defines mm_p4d_folded() to check whether P4D page table level is folded at runtime. Signed-off-by: Kirill A. Shutemov Signed-off-by: Anshuman Khandual Signed-off-by: Andrew Morton Cc: Thomas Gleixner Cc: Ingo Molnar Link: http://lkml.kernel.org/r/1587436495-22033-2-git-send-email-anshuman.khandual@arm.com Link: http://lkml.kernel.org/r/1588564865-31160-2-git-send-email-anshuman.khandual@arm.com Signed-off-by: Linus Torvalds commit f089dcc74226b874a4d4b122854e0dea91ff72d8 Author: Mike Rapoport Date: Thu Jun 4 16:47:08 2020 -0700 mm: remove __ARCH_HAS_5LEVEL_HACK and include/asm-generic/5level-fixup.h There are no architectures that use include/asm-generic/5level-fixup.h therefore it can be removed along with __ARCH_HAS_5LEVEL_HACK define and the code it surrounds Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-15-rppt@kernel.org Signed-off-by: Linus Torvalds commit ee7767430ec27ac10b3d476e8a7735ca850fbd7d Author: Mike Rapoport Date: Thu Jun 4 16:47:04 2020 -0700 asm-generic: remove pgtable-nop4d-hack.h No architecture defines __ARCH_USE_5LEVEL_HACK and therefore pgtable-nop4d-hack.h will be never actually included. Remove it. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-14-rppt@kernel.org Signed-off-by: Linus Torvalds commit 453668afbf9906cf8d2b927eb9306c8bd108c6c4 Author: Mike Rapoport Date: Thu Jun 4 16:47:00 2020 -0700 unicore32: remove __ARCH_USE_5LEVEL_HACK The unicore32 architecture has 2 level page tables and asm-generic/pgtable-nopmd.h and explicit casts from pud_t to pgd_t for page table folding. Add p4d walk in the only place that actually unfolds the pud level and remove __ARCH_USE_5LEVEL_HACK. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-13-rppt@kernel.org Signed-off-by: Linus Torvalds commit 874e2cc18972d30ecd4d572d1286fe9b594d309c Author: Mike Rapoport Date: Thu Jun 4 16:46:56 2020 -0700 sh: add support for folded p4d page tables Implement primitives necessary for the 4th level folding, add walks of p4d level where appropriate and remove usage of __ARCH_USE_5LEVEL_HACK. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-12-rppt@kernel.org Signed-off-by: Linus Torvalds commit a194a62650de5f74795a8edf0db5d8fdf1218aeb Author: Mike Rapoport Date: Thu Jun 4 16:46:52 2020 -0700 sh: drop __pXd_offset() macros that duplicate pXd_index() ones The __pXd_offset() macros are identical to the pXd_index() macros and there is no point to keep both of them. All architectures define and use pXd_index() so let's keep only those to make mips consistent with the rest of the kernel. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-11-rppt@kernel.org Signed-off-by: Linus Torvalds commit eaabf98b0932a540f3c772e4243e140ec239302c Author: Geert Uytterhoeven Date: Thu Jun 4 16:46:48 2020 -0700 sh: fault: modernize printing of kernel messages - Convert from printk() to pr_*(), - Add missing continuations, - Use "%llx" to format u64, - Join multiple prints in show_fault_oops() into a single print. Signed-off-by: Geert Uytterhoeven Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-10-rppt@kernel.org Signed-off-by: Linus Torvalds commit 2fb4706057bcf8261b3b0521ec7a62b54b82ce48 Author: Mike Rapoport Date: Thu Jun 4 16:46:44 2020 -0700 powerpc: add support for folded p4d page tables Implement primitives necessary for the 4th level folding, add walks of p4d level where appropriate and replace 5level-fixup.h with pgtable-nop4d.h. [rppt@linux.ibm.com: powerpc/xmon: drop unused pgdir varialble in show_pte() function] Link: http://lkml.kernel.org/r/20200519181454.GI1059226@linux.ibm.com [rppt@linux.ibm.com; build fix] Link: http://lkml.kernel.org/r/20200423141845.GI13521@linux.ibm.com Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Christophe Leroy # 8xx and 83xx Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-9-rppt@kernel.org Signed-off-by: Linus Torvalds commit b187fb7fca9cc420d111b2e058b69fae5eea18bc Author: Mike Rapoport Date: Thu Jun 4 16:46:39 2020 -0700 openrisc: add support for folded p4d page tables Implement primitives necessary for the 4th level folding, add walks of p4d level where appropriate and remove usage of __ARCH_USE_5LEVEL_HACK. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-8-rppt@kernel.org Signed-off-by: Linus Torvalds commit 9f4e70379f609d3bcc9d67eafecda75a495ffb4b Author: Mike Rapoport Date: Thu Jun 4 16:46:35 2020 -0700 nios2: add support for folded p4d page tables Implement primitives necessary for the 4th level folding, add walks of p4d level where appropriate and remove usage of __ARCH_USE_5LEVEL_HACK. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-7-rppt@kernel.org Signed-off-by: Linus Torvalds commit c03ab9e32a2c4fadbb65a07e88fbb4a25f9ab9d6 Author: Mike Rapoport Date: Thu Jun 4 16:46:31 2020 -0700 ia64: add support for folded p4d page tables Implement primitives necessary for the 4th level folding, add walks of p4d level where appropriate, remove usage of __ARCH_USE_5LEVEL_HACK and replace 5level-fixup.h with pgtable-nop4d.h Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-6-rppt@kernel.org Signed-off-by: Linus Torvalds commit 00b13def5c03525c25084441f2b5f974a8751dad Author: Mike Rapoport Date: Thu Jun 4 16:46:27 2020 -0700 hexagon: remove __ARCH_USE_5LEVEL_HACK The hexagon architecture has 2 level page tables and as such most of the page table folding is already implemented in asm-generic/pgtable-nopmd.h. Fixup the only place in arch/hexagon to unfold the p4d level and remove __ARCH_USE_5LEVEL_HACK. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-5-rppt@kernel.org Signed-off-by: Linus Torvalds commit e9f6376858b9799148d07e58b72b681d4b8fa4c7 Author: Mike Rapoport Date: Thu Jun 4 16:46:23 2020 -0700 arm64: add support for folded p4d page tables Implement primitives necessary for the 4th level folding, add walks of p4d level where appropriate, replace 5level-fixup.h with pgtable-nop4d.h and remove __ARCH_USE_5LEVEL_HACK. [arnd@arndb.de: fix gcc-10 shift warning] Link: http://lkml.kernel.org/r/20200429185657.4085975-1-arnd@arndb.de Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-4-rppt@kernel.org Signed-off-by: Linus Torvalds commit 84e6ffb2c49c7901a9efb54b497d2eb84c3bef8c Author: Mike Rapoport Date: Thu Jun 4 16:46:19 2020 -0700 arm: add support for folded p4d page tables Implement primitives necessary for the 4th level folding, add walks of p4d level where appropriate, and remove __ARCH_USE_5LEVEL_HACK. [rppt@linux.ibm.com: fix kexec] Link: http://lkml.kernel.org/r/20200508174232.GA759899@linux.ibm.com Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Marek Szyprowski Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200414153455.21744-3-rppt@kernel.org Signed-off-by: Linus Torvalds commit f426f4edf46c1a188edc33c25c13728857da3152 Author: Mike Rapoport Date: Thu Jun 4 16:46:15 2020 -0700 h8300: remove usage of __ARCH_USE_5LEVEL_HACK Patch series "mm: remove __ARCH_HAS_5LEVEL_HACK", v4. These patches convert several architectures to use page table folding and remove __ARCH_HAS_5LEVEL_HACK along with include/asm-generic/5level-fixup.h and include/asm-generic/pgtable-nop4d-hack.h. With that we'll have a single and consistent way of dealing with page table folding instead of a mix of three existing options. The changes are mostly about mechanical replacement of pgd accessors with p4d ones and the addition of higher levels to page table traversals. This patch (of 14): h8300 is a nommu architecture and does not require fixup for upper layers of the page tables because it is already handled by the generic nommu implementation. Remove definition of __ARCH_USE_5LEVEL_HACK in arch/h8300/include/asm/pgtable.h Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Brian Cain Cc: Catalin Marinas Cc: Christophe Leroy Cc: Fenghua Yu Cc: Geert Uytterhoeven Cc: Guan Xuetao Cc: James Morse Cc: Jonas Bonn Cc: Julien Thierry Cc: Ley Foon Tan Cc: Marc Zyngier Cc: Michael Ellerman Cc: Paul Mackerras Cc: Rich Felker Cc: Russell King Cc: Stafford Horne [openrisc] Cc: Stefan Kristiansson Cc: Suzuki K Poulose Cc: Tony Luck Cc: Will Deacon Cc: Yoshinori Sato Cc: Joerg Roedel Link: http://lkml.kernel.org/r/20200414153455.21744-1-rppt@kernel.org Link: http://lkml.kernel.org/r/20200414153455.21744-2-rppt@kernel.org Signed-off-by: Linus Torvalds commit c571686a92ffd30d9f6092ce3f697e125bf96fd5 Author: Feng Tang Date: Thu Jun 4 16:46:11 2020 -0700 mm/util.c: remove the VM_WARN_ONCE for vm_committed_as underflow check This check was added by commit 82f71ae4a2b8 ("mm: catch memory commitment underflow") in 2014 to have a safety check for issues which have been fixed. And there has been few report caught by it, as described in its commit log: : This shouldn't happen any more - the previous two patches fixed : the committed_as underflow issues. But it was really found by Qian Cai when he used the LTP memory stress suite to test a RFC patchset, which tries to improve scalability of per-cpu counter 'vm_committed_as', by chosing a bigger 'batch' number for loose overcommit policies (OVERCOMMIT_ALWAYS and OVERCOMMIT_GUESS), while keeping current number for OVERCOMMIT_NEVER. With that patchset, when system firstly uses a loose policy, the 'vm_committed_as' count could be a big negative value, as its big 'batch' number allows a big deviation, then when the policy is changed to OVERCOMMIT_NEVER, the 'batch' will be decreased to a much smaller value, thus hits this WARN check. To mitigate this, one proposed solution is to queue work on all online CPUs to do a local sync for 'vm_committed_as' when changing policy to OVERCOMMIT_NEVER, plus some global syncing to garante the case won't be hit. But this solution is costy and slow, given this check hasn't shown real trouble or benefit, simply drop it from one hot path of MM. And perf stats does show some tiny saving for removing it. Reported-by: Qian Cai Signed-off-by: Feng Tang Signed-off-by: Andrew Morton Reviewed-by: Qian Cai Acked-by: Michal Hocko Cc: Konstantin Khlebnikov Cc: Andi Kleen Cc: Johannes Weiner Cc: Matthew Wilcox Cc: Mel Gorman Cc: Kees Cook Link: http://lkml.kernel.org/r/20200603094804.GB89848@shbuild999.sh.intel.com Signed-off-by: Linus Torvalds commit 76e278d6b50534092038d4117d7a2687af034107 Author: Andrey Konovalov Date: Thu Jun 4 16:46:08 2020 -0700 usb: core: kcov: collect coverage from usb complete callback This patch adds kcov_remote_start/stop() callbacks around the urb complete() callback that is executed in softirq context when dummy_hcd is in use. As the result, kcov can be used to collect coverage from those callbacks, which is used to facilitate coverage-guided fuzzing with syzkaller. Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Reviewed-by: Dmitry Vyukov Cc: Alan Stern Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Greg Kroah-Hartman Cc: Marco Elver Link: http://lkml.kernel.org/r/4520671eeb604adbc2432c248b0c07fbaa5519ef.1585233617.git.andreyknvl@google.com Link: http://lkml.kernel.org/r/2821d497ac1cdc0efb5e00df30271e4a67fc8009.1584655448.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit 5ff3b30ab57da82d8db4f14662a2858cabfbc2c0 Author: Andrey Konovalov Date: Thu Jun 4 16:46:04 2020 -0700 kcov: collect coverage from interrupts This change extends kcov remote coverage support to allow collecting coverage from soft interrupts in addition to kernel background threads. To collect coverage from code that is executed in softirq context, a part of that code has to be annotated with kcov_remote_start/stop() in a similar way as how it is done for global kernel background threads. Then the handle used for the annotations has to be passed to the KCOV_REMOTE_ENABLE ioctl. Internally this patch adjusts the __sanitizer_cov_trace_pc() compiler inserted callback to not bail out when called from softirq context. kcov_remote_start/stop() are updated to save/restore the current per task kcov state in a per-cpu area (in case the softirq came when the kernel was already collecting coverage in task context). Coverage from softirqs is collected into pre-allocated per-cpu areas, whose size is controlled by the new CONFIG_KCOV_IRQ_AREA_SIZE. [andreyknvl@google.com: turn current->kcov_softirq into unsigned int to fix objtool warning] Link: http://lkml.kernel.org/r/841c778aa3849c5cb8c3761f56b87ce653a88671.1585233617.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Reviewed-by: Dmitry Vyukov Cc: Alan Stern Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Greg Kroah-Hartman Cc: Marco Elver Link: http://lkml.kernel.org/r/469bd385c431d050bc38a593296eff4baae50666.1584655448.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit 5fe7042dc0a2e80b4633df20dcd06b93e76e3c31 Author: Andrey Konovalov Date: Thu Jun 4 16:46:01 2020 -0700 kcov: use t->kcov_mode as enabled indicator Currently kcov_remote_start() and kcov_remote_stop() check t->kcov to find out whether the coverage is already being collected by the current task. Use t->kcov_mode for that instead. This doesn't change the overall behavior in any way, but serves as a preparation for the following softirq coverage collection support patch. Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Reviewed-by: Dmitry Vyukov Cc: Alan Stern Cc: Alexander Potapenko Cc: Greg Kroah-Hartman Cc: Marco Elver Cc: Andrey Konovalov Link: http://lkml.kernel.org/r/f70377945d1d8e6e4916cbce871a12303d6186b4.1585233617.git.andreyknvl@google.com Link: http://lkml.kernel.org/r/ee1a1dec43059da5d7664c85c1addc89c4cd58de.1584655448.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit eeb91f9a2e3e9766ae9fd1117bd19d87538f21bf Author: Andrey Konovalov Date: Thu Jun 4 16:45:58 2020 -0700 kcov: move t->kcov_sequence assignment Move t->kcov_sequence assignment before assigning t->kcov_mode for consistency. Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Reviewed-by: Dmitry Vyukov Cc: Alan Stern Cc: Alexander Potapenko Cc: Greg Kroah-Hartman Cc: Marco Elver Cc: Andrey Konovalov Link: http://lkml.kernel.org/r/5889efe35e0b300e69dba97216b1288d9c2428a8.1585233617.git.andreyknvl@google.com Link: http://lkml.kernel.org/r/f0283c676bab3335cb48bfe12d375a3da4719f59.1584655448.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit 76484b1c77242b737f8fd001d6e00af7518221f3 Author: Andrey Konovalov Date: Thu Jun 4 16:45:55 2020 -0700 kcov: move t->kcov assignments into kcov_start/stop Every time kcov_start/stop() is called, t->kcov is also assigned, so move the assignment into the functions. Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Reviewed-by: Dmitry Vyukov Cc: Alan Stern Cc: Alexander Potapenko Cc: Greg Kroah-Hartman Cc: Marco Elver Cc: Andrey Konovalov Link: http://lkml.kernel.org/r/6644839d3567df61ade3c4b246a46cacbe4f9e11.1585233617.git.andreyknvl@google.com Link: http://lkml.kernel.org/r/82625ef3ff878f0b585763cc31d09d9b08ca37d6.1584655448.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit 67b3d3cca385507c4c8b6ad97b823415e038e3c8 Author: Andrey Konovalov Date: Thu Jun 4 16:45:51 2020 -0700 kcov: fix potential use-after-free in kcov_remote_start If vmalloc() fails in kcov_remote_start() we'll access remote->kcov without holding kcov_remote_lock, so remote might potentially be freed at that point. Cache kcov pointer in a local variable. Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Reviewed-by: Dmitry Vyukov Cc: Alan Stern Cc: Alexander Potapenko Cc: Greg Kroah-Hartman Cc: Marco Elver Cc: Andrey Konovalov Link: http://lkml.kernel.org/r/9d9134359725a965627b7e8f2652069f86f1d1fa.1585233617.git.andreyknvl@google.com Link: http://lkml.kernel.org/r/de0d3d30ff90776a2a509cc34c7c1c7521bda125.1584655448.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit 3c61df3885e91f8737bbbbaba79b908da0e1919f Author: Andrey Konovalov Date: Thu Jun 4 16:45:48 2020 -0700 kcov: cleanup debug messages Patch series "kcov: collect coverage from usb soft interrupts", v4. This patchset extends kcov to allow collecting coverage from soft interrupts and then uses the new functionality to collect coverage from USB code. This has allowed to find at least one new HID bug [1], which was recently fixed by Alan [2]. [1] https://syzkaller.appspot.com/bug?extid=09ef48aa58261464b621 [2] https://patchwork.kernel.org/patch/11283319/ Any subsystem that uses softirqs (e.g. timers) can make use of this in the future. Looking at the recent syzbot reports, an obvious candidate is the networking subsystem [3, 4, 5 and many more]. [3] https://syzkaller.appspot.com/bug?extid=522ab502c69badc66ab7 [4] https://syzkaller.appspot.com/bug?extid=57f89d05946c53dbbb31 [5] https://syzkaller.appspot.com/bug?extid=df358e65d9c1b9d3f5f4 This pach (of 7): Previous commit left a lot of excessive debug messages, clean them up. Link; http://lkml.kernel.org/r/cover.1585233617.git.andreyknvl@google.com Link; http://lkml.kernel.org/r/ab5e2885ce674ba6e04368551e51eeb6a2c11baf.1585233617.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Reviewed-by: Dmitry Vyukov Cc: Greg Kroah-Hartman Cc: Alan Stern Cc: Alexander Potapenko Cc: Marco Elver Cc: Andrey Konovalov Link: http://lkml.kernel.org/r/4a497134b2cf7a9d306d28e3dd2746f5446d1605.1584655448.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit 5bfea2d9b17f1034a68147a8b03b9789af5700f9 Author: Fan Yang Date: Thu Jun 4 18:22:07 2020 +0800 mm: Fix mremap not considering huge pmd devmap The original code in mm/mremap.c checks huge pmd by: if (is_swap_pmd(*old_pmd) || pmd_trans_huge(*old_pmd)) { However, a DAX mapped nvdimm is mapped as huge page (by default) but it is not transparent huge page (_PAGE_PSE | PAGE_DEVMAP). This commit changes the condition to include the case. This addresses CVE-2020-10757. Fixes: 5c7fb56e5e3f ("mm, dax: dax-pmd vs thp-pmd vs hugetlbfs-pmd") Cc: Reported-by: Fan Yang Signed-off-by: Fan Yang Tested-by: Fan Yang Tested-by: Dan Williams Reviewed-by: Dan Williams Acked-by: Kirill A. Shutemov Signed-off-by: Linus Torvalds commit a1c979f330cb82cae7a3b19464f9815e43060fe3 Author: Mikulas Patocka Date: Wed May 27 07:04:46 2020 -0400 dm bufio: delete unused and inefficient dm_bufio_discard_buffers There is no user for this interface. If in future it is needed it can be reimplemented to walk the rbtree of buffers instead of doing block-by-block lookups. Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer commit 7d877c35ca84cfa634fd63c2b64bf7b6ae9c71cb Author: Pavel Machek Date: Thu Jun 4 23:42:59 2020 +0200 net/xdp: use shift instead of 64 bit division 64bit division is kind of expensive, and shift should do the job here. Signed-off-by: Pavel Machek (CIP) Signed-off-by: David S. Miller commit a624a86510adaeefd33aac224751e89348596d2a Author: Vinay Kumar Yadav Date: Fri Jun 5 01:53:44 2020 +0530 crypto/chtls:Fix compile error when CONFIG_IPV6 is disabled Fix compile errors,warnings when CONFIG_IPV6 is disabled and inconsistent indenting. v1->v2: - Corrected errors/warnings reported when used newer gcc version, unused array. Fixes: 6abde0b24122 ("crypto/chtls: IPv6 support for inline TLS") Signed-off-by: Vinay Kumar Yadav Signed-off-by: David S. Miller commit 6761893eeaa378321198f06194ef2e1e4e8a4ad4 Author: Paolo Abeni Date: Thu Jun 4 18:55:45 2020 +0200 inet_connection_sock: clear inet_num out of destroy helper Clearing the 'inet_num' field is necessary and safe if and only if the socket is not bound. The MPTCP protocol calls the destroy helper on bound sockets, as tcp_v{4,6}_syn_recv_sock completed successfully. Move the clearing of such field out of the common code, otherwise the MPTCP MP_JOIN error path will find the wrong 'inet_num' value on socket disposal, __inet_put_port() will acquire the wrong lock and bind_node removal could race with other modifiers possibly corrupting the bind hash table. Reported-and-tested-by: Christoph Paasch Fixes: 729cd6436f35 ("mptcp: cope better with MP_JOIN failure") Signed-off-by: Paolo Abeni Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit 98749b7188affbf2900c2aab704a8853901d1139 Author: Wang Hai Date: Thu Jun 4 20:18:51 2020 +0800 yam: fix possible memory leak in yam_init_driver If register_netdev(dev) fails, free_netdev(dev) needs to be called, otherwise a memory leak will occur. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Hulk Robot Signed-off-by: Wang Hai Signed-off-by: David S. Miller commit 7cdee28c4eeda8242c9fdbb02e315dbf35064afe Author: Roelof Berg Date: Wed Jun 3 23:54:14 2020 +0200 lan743x: Use correct MAC_CR configuration for 1 GBit speed Corrected the MAC_CR configuration bits for 1 GBit operation. The data sheet allows MAC_CR(2:1) to be 10 and also 11 for 1 GBit/s speed, but only 10 works correctly. Devices tested: Microchip Lan7431, fixed-phy mode Microchip Lan7430, normal phy mode Fixes: 6f197fb63850 ("lan743x: Added fixed link and RGMII support") Signed-off-by: Roelof Berg Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 09820ce88b4d36c452b23e05042542f87ff122d0 Author: Valentin Longchamp Date: Wed Jun 3 23:28:23 2020 +0200 net: ethernet: freescale: remove unneeded include for ucc_geth net/sch_generic.h does not need to be included, remove it. Signed-off-by: Valentin Longchamp Signed-off-by: David S. Miller commit 120068481405f9e3d60a95bd464496dff6b54669 Author: Heiner Kallweit Date: Wed Jun 3 22:29:06 2020 +0200 r8169: fix failing WoL Th referenced change added an extra hw reset to rtl8169_net_suspend() what makes WoL fail on few chip versions. Therefore skip the extra reset if we're going down and WoL is enabled. In rtl_shutdown() rtl8169_hw_reset() is called by rtl8169_net_suspend() already if needed, therefore avoid issues issue by removing the extra call. The fix was tested on a system with RTL8168g. Meanwhile rtl8169_hw_reset() does more than a hw reset and should be renamed. But that's net-next material. Fixes: 8ac8e8c64b53 ("r8169: make rtl8169_down central chip quiesce function") Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit f6c1fb0a76d97447ea7f928ee6a113ee15318df1 Author: Dan Carpenter Date: Wed Jun 3 20:50:25 2020 +0300 net: ethernet: dwmac: Fix an error code in imx_dwmac_probe() The code is return PTR_ERR(NULL) which is zero or success. We should return -ENOMEM instead. Fixes: 94abdad6974a5 ("net: ethernet: dwmac: add ethernet glue logic for NXP imx8 chip") Signed-off-by: Dan Carpenter Acked-by: Fugang Duan Signed-off-by: David S. Miller commit c7e261d81783387a0502878cd229327e7c54322e Author: Ahmed S. Darwish Date: Wed Jun 3 16:49:47 2020 +0200 net: mdiobus: Disable preemption upon u64_stats update The u64_stats mechanism uses sequence counters to protect against 64-bit values tearing on 32-bit architectures. Updating u64_stats is thus a sequence counter write side critical section where preemption must be disabled. For mdiobus_stats_acct(), disable preemption upon the u64_stats update. It is called from process context through mdiobus_read() and mdiobus_write(). Reported-by: kernel test robot Signed-off-by: Ahmed S. Darwish Reviewed-by: Sebastian Andrzej Siewior Signed-off-by: David S. Miller commit 6501bf87602f799b7e502014f8bc0aa58b868277 Author: Ahmed S. Darwish Date: Wed Jun 3 16:49:46 2020 +0200 u64_stats: Document writer non-preemptibility requirement The u64_stats mechanism uses sequence counters to protect against 64-bit values tearing on 32-bit architectures. Updating such statistics is a sequence counter write side critical section. Preemption must be disabled before entering this seqcount write critical section. Failing to do so, the seqcount read side can preempt the write side section and spin for the entire scheduler tick. If that reader belongs to a real-time scheduling class, it can spin forever and the kernel will livelock. Document this statistics update side non-preemptibility requirement. Reword the introductory paragraph to highlight u64_stats raison d'être: 64-bit values tearing protection on 32-bit architectures. Divide documentation on a basis of internal design vs. usage constraints. Reword the u64_stats header file top comment to always mention "Reader" or "Writer" at the start of each bullet point, making it easier to follow which side each point is actually for. Clarify the statement "whole thing is a NOOP on 64bit arches or UP kernels". For 32-bit UP kernels, preemption is always disabled for the statistics read side section. Signed-off-by: Ahmed S. Darwish Reviewed-by: Sebastian Andrzej Siewior Signed-off-by: David S. Miller commit 79cbb6bc3332da7162c2581e151659ab8ebaa528 Author: Ahmed S. Darwish Date: Wed Jun 3 16:49:45 2020 +0200 net: phy: fixed_phy: Remove unused seqcount Commit bf7afb29d545 ("phy: improve safety of fixed-phy MII register reading") protected the fixed PHY status with a sequence counter. Two years later, commit d2b977939b18 ("net: phy: fixed-phy: remove fixed_phy_update_state()") removed the sequence counter's write side critical section -- neutralizing its read side retry loop. Remove the unused seqcount. Signed-off-by: Ahmed S. Darwish Reviewed-by: Sebastian Andrzej Siewior Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 11d6011c2cf29f7c8181ebde6c8bc0c4d83adcd7 Author: Ahmed S. Darwish Date: Wed Jun 3 16:49:44 2020 +0200 net: core: device_rename: Use rwsem instead of a seqcount Sequence counters write paths are critical sections that must never be preempted, and blocking, even for CONFIG_PREEMPTION=n, is not allowed. Commit 5dbe7c178d3f ("net: fix kernel deadlock with interface rename and netdev name retrieval.") handled a deadlock, observed with CONFIG_PREEMPTION=n, where the devnet_rename seqcount read side was infinitely spinning: it got scheduled after the seqcount write side blocked inside its own critical section. To fix that deadlock, among other issues, the commit added a cond_resched() inside the read side section. While this will get the non-preemptible kernel eventually unstuck, the seqcount reader is fully exhausting its slice just spinning -- until TIF_NEED_RESCHED is set. The fix is also still broken: if the seqcount reader belongs to a real-time scheduling policy, it can spin forever and the kernel will livelock. Disabling preemption over the seqcount write side critical section will not work: inside it are a number of GFP_KERNEL allocations and mutex locking through the drivers/base/ :: device_rename() call chain. >From all the above, replace the seqcount with a rwsem. Fixes: 5dbe7c178d3f (net: fix kernel deadlock with interface rename and netdev name retrieval.) Fixes: 30e6c9fa93cf (net: devnet_rename_seq should be a seqcount) Fixes: c91f6df2db49 (sockopt: Change getsockopt() of SO_BINDTODEVICE to return an interface name) Cc: Reported-by: kbuild test robot [ v1 missing up_read() on error exit ] Reported-by: Dan Carpenter [ v1 missing up_read() on error exit ] Signed-off-by: Ahmed S. Darwish Reviewed-by: Sebastian Andrzej Siewior Signed-off-by: David S. Miller commit 67122a7910bf2135dc7f7ececfcf16a5bdb362c1 Author: Michal Vokáč Date: Wed Jun 3 13:31:39 2020 +0200 net: dsa: qca8k: Fix "Unexpected gfp" kernel exception Commit 7e99e3470172 ("net: dsa: remove dsa_switch_alloc helper") replaced the dsa_switch_alloc helper by devm_kzalloc in all DSA drivers. Unfortunately it introduced a typo in qca8k.c driver and wrong argument is passed to the devm_kzalloc function. This fix mitigates the following kernel exception: Unexpected gfp: 0x6 (__GFP_HIGHMEM|GFP_DMA32). Fixing up to gfp: 0x101 (GFP_DMA|__GFP_ZERO). Fix your code! CPU: 1 PID: 44 Comm: kworker/1:1 Not tainted 5.5.9-yocto-ua #1 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) Workqueue: events deferred_probe_work_func [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (dump_stack+0x90/0xa4) [] (dump_stack) from [] (new_slab+0x20c/0x214) [] (new_slab) from [] (___slab_alloc.constprop.0+0x1b8/0x540) [] (___slab_alloc.constprop.0) from [] (__slab_alloc.constprop.0+0x1c/0x24) [] (__slab_alloc.constprop.0) from [] (__kmalloc_track_caller+0x1b0/0x298) [] (__kmalloc_track_caller) from [] (devm_kmalloc+0x24/0x70) [] (devm_kmalloc) from [] (qca8k_sw_probe+0x94/0x1ac) [] (qca8k_sw_probe) from [] (mdio_probe+0x30/0x54) [] (mdio_probe) from [] (really_probe+0x1e0/0x348) [] (really_probe) from [] (driver_probe_device+0x60/0x16c) [] (driver_probe_device) from [] (bus_for_each_drv+0x70/0x94) [] (bus_for_each_drv) from [] (__device_attach+0xb4/0x11c) [] (__device_attach) from [] (bus_probe_device+0x84/0x8c) [] (bus_probe_device) from [] (deferred_probe_work_func+0x64/0x90) [] (deferred_probe_work_func) from [] (process_one_work+0x1d4/0x41c) [] (process_one_work) from [] (worker_thread+0x248/0x528) [] (worker_thread) from [] (kthread+0x124/0x150) [] (kthread) from [] (ret_from_fork+0x14/0x3c) Exception stack(0xee1b5fb0 to 0xee1b5ff8) 5fa0: 00000000 00000000 00000000 00000000 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 qca8k 2188000.ethernet-1:0a: Using legacy PHYLIB callbacks. Please migrate to PHYLINK! qca8k 2188000.ethernet-1:0a eth2 (uninitialized): PHY [2188000.ethernet-1:01] driver [Generic PHY] qca8k 2188000.ethernet-1:0a eth1 (uninitialized): PHY [2188000.ethernet-1:02] driver [Generic PHY] Fixes: 7e99e3470172 ("net: dsa: remove dsa_switch_alloc helper") Signed-off-by: Michal Vokáč Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 9d149045b3c0e44c049cdbce8a64e19415290017 Author: Jiri Benc Date: Wed Jun 3 11:12:14 2020 +0200 geneve: change from tx_error to tx_dropped on missing metadata If the geneve interface is in collect_md (external) mode, it can't send any packets submitted directly to its net interface, as such packets won't have metadata attached. This is expected. However, the kernel itself sends some packets to the interface, most notably, IPv6 DAD, IPv6 multicast listener reports, etc. This is not wrong, as tunnel metadata can be specified in routing table (although technically, that has never worked for IPv6, but hopefully will be fixed eventually) and then the interface must correctly participate in IPv6 housekeeping. The problem is that any such attempt increases the tx_error counter. Just bringing up a geneve interface with IPv6 enabled is enough to see a number of tx_errors. That causes confusion among users, prompting them to find a network error where there is none. Change the counter used to tx_dropped. That better conveys the meaning (there's nothing wrong going on, just some packets are getting dropped) and hopefully will make admins panic less. Signed-off-by: Jiri Benc Signed-off-by: David S. Miller commit a9a7d12954893f817dcb0652c488c7e823e7b8c6 Merge: bb986a50421a 3921a81c31df Author: David S. Miller Date: Thu Jun 4 15:43:01 2020 -0700 Merge branch 'ena-xdp-fixes' Sameeh Jubran says: ==================== Fix xdp in ena driver This patchset includes 2 XDP related bug fixes Difference from v1: * Fixed "Fixes" tag ==================== Acked-by: Jakub Kicinski Acked-by: Jesper Dangaard Brouer Signed-off-by: David S. Miller commit 3921a81c31df6057183aeb7f7d204003bf699d6f Author: Sameeh Jubran Date: Wed Jun 3 08:50:23 2020 +0000 net: ena: xdp: update napi budget for DROP and ABORTED This patch fixes two issues with XDP: 1. If the XDP verdict is XDP_ABORTED we break the loop, which results in us handling one buffer per napi cycle instead of the total budget (usually 64). To overcome this simply change the xdp_verdict check to != XDP_PASS. When the verdict is XDP_PASS, the skb is not expected to be NULL. 2. Update the residual budget for XDP_DROP and XDP_ABORTED, since packets are handled in these cases. Fixes: 548c4940b9f1 ("net: ena: Implement XDP_TX action") Signed-off-by: Sameeh Jubran Signed-off-by: David S. Miller commit cd07ecccba13b8bd5023ffe7be57363d07e3105f Author: Sameeh Jubran Date: Wed Jun 3 08:50:22 2020 +0000 net: ena: xdp: XDP_TX: fix memory leak When sending very high packet rate, the XDP tx queues can get full and start dropping packets. In this case we don't free the pages which results in ena driver draining the system memory. Fix: Simply free the pages when necessary. Fixes: 548c4940b9f1 ("net: ena: Implement XDP_TX action") Signed-off-by: Sameeh Jubran Signed-off-by: David S. Miller commit bb986a50421a11bf31a81afb15b9b8f45a4a3a11 Author: Ahmed Abdelsalam Date: Wed Jun 3 06:54:42 2020 +0000 seg6: fix seg6_validate_srh() to avoid slab-out-of-bounds The seg6_validate_srh() is used to validate SRH for three cases: case1: SRH of data-plane SRv6 packets to be processed by the Linux kernel. Case2: SRH of the netlink message received from user-space (iproute2) Case3: SRH injected into packets through setsockopt In case1, the SRH can be encoded in the Reduced way (i.e., first SID is carried in DA only and not represented as SID in the SRH) and the seg6_validate_srh() now handles this case correctly. In case2 and case3, the SRH shouldn’t be encoded in the Reduced way otherwise we lose the first segment (i.e., the first hop). The current implementation of the seg6_validate_srh() allow SRH of case2 and case3 to be encoded in the Reduced way. This leads a slab-out-of-bounds problem. This patch verifies SRH of case1, case2 and case3. Allowing case1 to be reduced while preventing SRH of case2 and case3 from being reduced . Reported-by: syzbot+e8c028b62439eac42073@syzkaller.appspotmail.com Reported-by: YueHaibing Fixes: 0cb7498f234e ("seg6: fix SRH processing to comply with RFC8754") Signed-off-by: Ahmed Abdelsalam Signed-off-by: David S. Miller commit 5e9eeccc58f3e6bcc99b929670665d2ce047e9c9 Author: Tuong Lien Date: Wed Jun 3 12:06:01 2020 +0700 tipc: fix NULL pointer dereference in streaming syzbot found the following crash: general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] CPU: 1 PID: 7060 Comm: syz-executor394 Not tainted 5.7.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__tipc_sendstream+0xbde/0x11f0 net/tipc/socket.c:1591 Code: 00 00 00 00 48 39 5c 24 28 48 0f 44 d8 e8 fa 3e db f9 48 b8 00 00 00 00 00 fc ff df 48 8d bb c8 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e2 04 00 00 48 8b 9b c8 00 00 00 48 b8 00 00 00 RSP: 0018:ffffc90003ef7818 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8797fd9d RDX: 0000000000000019 RSI: ffffffff8797fde6 RDI: 00000000000000c8 RBP: ffff888099848040 R08: ffff88809a5f6440 R09: fffffbfff1860b4c R10: ffffffff8c305a5f R11: fffffbfff1860b4b R12: ffff88809984857e R13: 0000000000000000 R14: ffff888086aa4000 R15: 0000000000000000 FS: 00000000009b4880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000140 CR3: 00000000a7fdf000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tipc_sendstream+0x4c/0x70 net/tipc/socket.c:1533 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 ____sys_sendmsg+0x32f/0x810 net/socket.c:2352 ___sys_sendmsg+0x100/0x170 net/socket.c:2406 __sys_sendmmsg+0x195/0x480 net/socket.c:2496 __do_sys_sendmmsg net/socket.c:2525 [inline] __se_sys_sendmmsg net/socket.c:2522 [inline] __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2522 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x440199 ... This bug was bisected to commit 0a3e060f340d ("tipc: add test for Nagle algorithm effectiveness"). However, it is not the case, the trouble was from the base in the case of zero data length message sending, we would unexpectedly make an empty 'txq' queue after the 'tipc_msg_append()' in Nagle mode. A similar crash can be generated even without the bisected patch but at the link layer when it accesses the empty queue. We solve the issues by building at least one buffer to go with socket's header and an optional data section that may be empty like what we had with the 'tipc_msg_build()'. Note: the previous commit 4c21daae3dbc ("tipc: Fix NULL pointer dereference in __tipc_sendstream()") is obsoleted by this one since the 'txq' will be never empty and the check of 'skb != NULL' is unnecessary but it is safe anyway. Reported-by: syzbot+8eac6d030e7807c21d32@syzkaller.appspotmail.com Fixes: c0bceb97db9e ("tipc: add smart nagle feature") Acked-by: Jon Maloy Signed-off-by: Tuong Lien Signed-off-by: David S. Miller commit c36f05559104b66bcd7f617e931e38c680227b74 Author: Cong Wang Date: Tue Jun 2 21:49:10 2020 -0700 genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() There are two kinds of memory leaks in genl_family_rcv_msg_dumpit(): 1. Before we call ops->start(), whenever an error happens, we forget to free the memory allocated in genl_family_rcv_msg_dumpit(). 2. When ops->start() fails, the 'info' has been already installed on the per socket control block, so we should not free it here. More importantly, nlk->cb_running is still false at this point, so netlink_sock_destruct() cannot free it either. The first kind of memory leaks is easier to resolve, but the second one requires some deeper thoughts. After reviewing how netfilter handles this, the most elegant solution I find is just to use a similar way to allocate the memory, that is, moving memory allocations from caller into ops->start(). With this, we can solve both kinds of memory leaks: for 1), no memory allocation happens before ops->start(); for 2), ops->start() handles its own failures and 'info' is installed to the socket control block only when success. The only ugliness here is we have to pass all local variables on stack via a struct, but this is not hard to understand. Alternatively, we can introduce a ops->free() to solve this too, but it is overkill as only genetlink has this problem so far. Fixes: 1927f41a22a0 ("net: genetlink: introduce dump info struct to be available during dumpit op") Reported-by: syzbot+21f04f481f449c8db840@syzkaller.appspotmail.com Cc: "Jason A. Donenfeld" Cc: Florian Westphal Cc: Pablo Neira Ayuso Cc: Jiri Pirko Cc: YueHaibing Cc: Shaochun Chen Signed-off-by: Cong Wang Signed-off-by: David S. Miller commit ef1c75593e770aff8749e902aa0deb6855a3f485 Author: Rohit Maheshwari Date: Wed Jun 3 09:58:13 2020 +0530 crypto/chcr: error seen if CONFIG_CHELSIO_TLS_DEVICE isn't set cxgb4_uld_in_use() is used only by cxgb4_ktls_det_feature() which is under CONFIG_CHELSIO_TLS_DEVICE macro. Fixes: a3ac249a1ab5 ("cxgb4/chcr: Enable ktls settings at run time") Signed-off-by: Rohit Maheshwari Signed-off-by: David S. Miller commit e7ed83d6fa1a00d0f2ad0327e73d3ea9e7ea8de1 Author: Dan Carpenter Date: Thu Jun 4 11:54:36 2020 +0300 bpf: Fix an error code in check_btf_func() This code returns success if the "info_aux" allocation fails but it should return -ENOMEM. Fixes: 8c1b6e69dcc1 ("bpf: Compare BTF types of functions arguments with actual types") Signed-off-by: Dan Carpenter Signed-off-by: Daniel Borkmann Acked-by: Song Liu Link: https://lore.kernel.org/bpf/20200604085436.GA943001@mwanda commit 15a2bc4dbb9cfed1c661a657fcb10798150b7598 Merge: 9ff7258575d5 3977e285ee89 Author: Linus Torvalds Date: Thu Jun 4 14:07:08 2020 -0700 Merge branch 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull execve updates from Eric Biederman: "Last cycle for the Nth time I ran into bugs and quality of implementation issues related to exec that could not be easily be fixed because of the way exec is implemented. So I have been digging into exec and cleanup up what I can. I don't think I have exec sorted out enough to fix the issues I started with but I have made some headway this cycle with 4 sets of changes. - promised cleanups after introducing exec_update_mutex - trivial cleanups for exec - control flow simplifications - remove the recomputation of bprm->cred The net result is code that is a bit easier to understand and work with and a decrease in the number of lines of code (if you don't count the added tests)" * 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (24 commits) exec: Compute file based creds only once exec: Add a per bprm->file version of per_clear binfmt_elf_fdpic: fix execfd build regression selftests/exec: Add binfmt_script regression test exec: Remove recursion from search_binary_handler exec: Generic execfd support exec/binfmt_script: Don't modify bprm->buf and then return -ENOEXEC exec: Move the call of prepare_binprm into search_binary_handler exec: Allow load_misc_binary to call prepare_binprm unconditionally exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds exec: Teach prepare_exec_creds how exec treats uids & gids exec: Set the point of no return sooner exec: Move handling of the point of no return to the top level exec: Run sync_mm_rss before taking exec_update_mutex exec: Fix spelling of search_binary_handler in a comment exec: Move the comment from above de_thread to above unshare_sighand exec: Rename flush_old_exec begin_new_exec exec: Move most of setup_new_exec into flush_old_exec exec: In setup_new_exec cache current in the local variable me ... commit 9ff7258575d5fee011649d20cc56de720a395191 Merge: 051c3556e3d6 9d78edeaec75 Author: Linus Torvalds Date: Thu Jun 4 13:54:34 2020 -0700 Merge branch 'proc-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull proc updates from Eric Biederman: "This has four sets of changes: - modernize proc to support multiple private instances - ensure we see the exit of each process tid exactly - remove has_group_leader_pid - use pids not tasks in posix-cpu-timers lookup Alexey updated proc so each mount of proc uses a new superblock. This allows people to actually use mount options with proc with no fear of messing up another mount of proc. Given the kernel's internal mounts of proc for things like uml this was a real problem, and resulted in Android's hidepid mount options being ignored and introducing security issues. The rest of the changes are small cleanups and fixes that came out of my work to allow this change to proc. In essence it is swapping the pids in de_thread during exec which removes a special case the code had to handle. Then updating the code to stop handling that special case" * 'proc-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: proc: proc_pid_ns takes super_block as an argument remove the no longer needed pid_alive() check in __task_pid_nr_ns() posix-cpu-timers: Replace __get_task_for_clock with pid_for_clock posix-cpu-timers: Replace cpu_timer_pid_type with clock_pid_type posix-cpu-timers: Extend rcu_read_lock removing task_struct references signal: Remove has_group_leader_pid exec: Remove BUG_ON(has_group_leader_pid) posix-cpu-timer: Unify the now redundant code in lookup_task posix-cpu-timer: Tidy up group_leader logic in lookup_task proc: Ensure we see the exit of each process tid exactly once rculist: Add hlists_swap_heads_rcu proc: Use PIDTYPE_TGID in next_tgid Use proc_pid_ns() to get pid_namespace from the proc superblock proc: use named enums for better readability proc: use human-readable values for hidepid docs: proc: add documentation for "hidepid=4" and "subset=pid" options and new mount behavior proc: add option to mount only a pids subset proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option proc: allow to mount many instances of proc in one pid namespace proc: rename struct proc_fs_info to proc_fs_opts commit 051c3556e3d6cc43bca71a624081de9c599df944 Merge: 07c8f3bfef16 5626de1e96f7 Author: Linus Torvalds Date: Thu Jun 4 13:53:10 2020 -0700 Merge tag 'for_v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull ext2 and reiserfs cleanups from Jan Kara: "Two small cleanups for ext2 and one for reiserfs" * tag 'for_v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: reiserfs: Replace kmalloc with kcalloc in the comment ext2: code cleanup by removing ifdef macro surrounding ext2: Fix i_op setting for special inode commit 49b23575943c04b6711107cfd08ad2b3ae4e81f5 Author: Matthieu Baerts Date: Wed Jun 3 21:03:47 2020 +0200 bpf: Fix unused-var without NETDEVICES A recent commit added new variables only used if CONFIG_NETDEVICES is set. A simple fix would be to only declare these variables if the same condition is valid but Alexei suggested an even simpler solution: since CONFIG_NETDEVICES doesn't change anything in .h I think the best is to remove #ifdef CONFIG_NETDEVICES from net/core/filter.c and rely on sock_bindtoindex() returning ENOPROTOOPT in the extreme case of oddly configured kernels. Fixes: 70c58997c1e8 ("bpf: Allow SO_BINDTODEVICE opt in bpf_setsockopt") Suggested-by: Alexei Starovoitov Signed-off-by: Matthieu Baerts Signed-off-by: Daniel Borkmann Acked-by: Song Liu Link: https://lore.kernel.org/bpf/20200603190347.2310320-1-matthieu.baerts@tessares.net commit 07c8f3bfef161271786f368791f5fc33c7428964 Merge: d77d1dbba955 2f02fd3fa13e Author: Linus Torvalds Date: Thu Jun 4 13:51:54 2020 -0700 Merge tag 'fsnotify_for_v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull fsnotify updates from Jan Kara: "Several smaller fixes and cleanups for fsnotify subsystem" * tag 'fsnotify_for_v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: fanotify: fix ignore mask logic for events on child and on dir fanotify: don't write with size under sizeof(response) fsnotify: Remove proc_fs.h include fanotify: remove reference to fill_event_metadata() fsnotify: add mutex destroy fanotify: prefix should_merge() fanotify: Replace zero-length array with flexible-array inotify: Fix error return code assignment flow. fsnotify: Add missing annotation for fsnotify_finish_user_wait() and for fsnotify_prepare_user_wait() commit d77d1dbba95500d1b38cab98bf608ad46dce8374 Merge: 9fb4c5250f10 568776f992c4 Author: Linus Torvalds Date: Thu Jun 4 13:50:13 2020 -0700 Merge tag 'zonefs-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs Pull zonefs update from Damien Le Moal: "Only one patch in this pull request to cleanup handling of uuid using the import_uuid() helper, from Andy" * tag 'zonefs-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs: zonefs: Replace uuid_copy() with import_uuid() commit fce8afd76e3a4d8c59c92f84f8027569fd7031d0 Author: David Hildenbrand Date: Fri May 15 12:14:02 2020 +0200 virtio-mem: Don't rely on implicit compiler padding for requests The compiler will add padding after the last member, make that explicit. The size of a request is always 24 bytes. The size of a response always 10 bytes. Add compile-time checks. Cc: "Michael S. Tsirkin" Cc: Pankaj Gupta Cc: teawater Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200515101402.16597-1-david@redhat.com Signed-off-by: Michael S. Tsirkin commit 72f9525ad76b1ddfe663285805982e9d57c7b2c2 Author: David Hildenbrand Date: Thu May 7 16:01:39 2020 +0200 virtio-mem: Try to unplug the complete online memory block first Right now, we always try to unplug single subblocks when processing an online memory block. Let's try to unplug the complete online memory block first, in case it is fully plugged and the unplug request is large enough. Fallback to single subblocks in case the memory block cannot get unplugged as a whole. Cc: "Michael S. Tsirkin" Cc: Pankaj Gupta Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-16-david@redhat.com Signed-off-by: Michael S. Tsirkin commit 8d4edcfe78c0008d95effc0c90455cee59e18d10 Author: David Hildenbrand Date: Thu May 7 16:01:38 2020 +0200 virtio-mem: Use -ETXTBSY as error code if the device is busy Let's be able to distinguish if the device or if memory is busy. Cc: "Michael S. Tsirkin" Cc: Pankaj Gupta Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-15-david@redhat.com Signed-off-by: Michael S. Tsirkin commit 562e08cd249f98af3a3e0845998f3b27b56b0067 Author: David Hildenbrand Date: Thu May 7 16:01:37 2020 +0200 virtio-mem: Unplug subblocks right-to-left We unplug blocks right-to-left, let's also unplug subblocks within a block right-to-left. Cc: "Michael S. Tsirkin" Cc: Pankaj Gupta Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-14-david@redhat.com Signed-off-by: Michael S. Tsirkin commit 3c42e198e668e4040ef5cf3ad60d57765abc08a4 Author: David Hildenbrand Date: Thu May 7 16:01:36 2020 +0200 virtio-mem: Drop manual check for already present memory Registering our parent resource will fail if any memory is still present (e.g., because somebody unloaded the driver and tries to reload it). No need for the manual check. Move our "unplug all" handling to after registering the resource. Cc: "Michael S. Tsirkin" Cc: Pankaj Gupta Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-13-david@redhat.com Signed-off-by: Michael S. Tsirkin commit ebf71552bb0e690cad523ad175e8c4c89a33c333 Author: David Hildenbrand Date: Thu May 7 16:01:35 2020 +0200 virtio-mem: Add parent resource for all added "System RAM" Let's add a parent resource, named after the virtio device (inspired by drivers/dax/kmem.c). This allows user space to identify which memory belongs to which virtio-mem device. With this change and two virtio-mem devices: :/# cat /proc/iomem 00000000-00000fff : Reserved 00001000-0009fbff : System RAM [...] 140000000-333ffffff : virtio0 140000000-147ffffff : System RAM 148000000-14fffffff : System RAM 150000000-157ffffff : System RAM [...] 334000000-3033ffffff : virtio1 338000000-33fffffff : System RAM 340000000-347ffffff : System RAM 348000000-34fffffff : System RAM [...] Cc: "Michael S. Tsirkin" Cc: Pankaj Gupta Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-12-david@redhat.com Signed-off-by: Michael S. Tsirkin Reviewed-by: Pankaj Gupta commit 23e77b5dc9cd88709c48ada936c07bdd72c49426 Author: David Hildenbrand Date: Thu May 7 16:01:34 2020 +0200 virtio-mem: Better retry handling Let's start with a retry interval of 5 seconds and double the time until we reach 5 minutes, in case we keep getting errors. Reset the retry interval in case we succeeded. The two main reasons for having to retry are - The hypervisor is busy and cannot process our request - We cannot reach the desired requested_size (esp., not enough memory can get unplugged because we can't allocate any subblocks). Tested-by: Pankaj Gupta Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Oscar Salvador Cc: Michal Hocko Cc: Igor Mammedov Cc: Dave Young Cc: Andrew Morton Cc: Dan Williams Cc: Pavel Tatashin Cc: Stefan Hajnoczi Cc: Vlastimil Babka Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-11-david@redhat.com Signed-off-by: Michael S. Tsirkin commit a573238786f8f16aca6946fc7b804b965e3038e9 Author: David Hildenbrand Date: Thu May 7 16:01:33 2020 +0200 virtio-mem: Offline and remove completely unplugged memory blocks Let's offline+remove memory blocks once all subblocks are unplugged. We can use the new Linux MM interface for that. As no memory is in use anymore, this shouldn't take a long time and shouldn't fail. There might be corner cases where the offlining could still fail (especially, if another notifier NACKs the offlining request). Acked-by: Pankaj Gupta Tested-by: Pankaj Gupta Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Oscar Salvador Cc: Michal Hocko Cc: Igor Mammedov Cc: Dave Young Cc: Andrew Morton Cc: Dan Williams Cc: Pavel Tatashin Cc: Stefan Hajnoczi Cc: Vlastimil Babka Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-10-david@redhat.com Signed-off-by: Michael S. Tsirkin commit 08b3acd7a68fc17902e1cb6b146389322840deab Author: David Hildenbrand Date: Thu May 7 16:01:32 2020 +0200 mm/memory_hotplug: Introduce offline_and_remove_memory() virtio-mem wants to offline and remove a memory block once it unplugged all subblocks (e.g., using alloc_contig_range()). Let's provide an interface to do that from a driver. virtio-mem already supports to offline partially unplugged memory blocks. Offlining a fully unplugged memory block will not require to migrate any pages. All unplugged subblocks are PageOffline() and have a reference count of 0 - so offlining code will simply skip them. All we need is an interface to offline and remove the memory from kernel module context, where we don't have access to the memory block devices (esp. find_memory_block() and device_offline()) and the device hotplug lock. To keep things simple, allow to only work on a single memory block. Acked-by: Michal Hocko Tested-by: Pankaj Gupta Acked-by: Andrew Morton Cc: Andrew Morton Cc: David Hildenbrand Cc: Oscar Salvador Cc: Michal Hocko Cc: Pavel Tatashin Cc: Wei Yang Cc: Dan Williams Cc: Qian Cai Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-9-david@redhat.com Signed-off-by: Michael S. Tsirkin commit 8e5c921ca0cd9aa59386e6be4b86b32f0ba7296b Author: David Hildenbrand Date: Thu May 7 16:01:31 2020 +0200 virtio-mem: Allow to offline partially unplugged memory blocks Dropping the reference count of PageOffline() pages during MEM_GOING_ONLINE allows offlining code to skip them. However, we also have to clear PG_reserved, because PG_reserved pages get detected as unmovable right away. Take care of restoring the reference count when offlining is canceled. Clarify why we don't have to perform any action when unloading the driver. Also, let's add a warning if anybody is still holding a reference to unplugged pages when offlining. Tested-by: Pankaj Gupta Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Oscar Salvador Cc: Michal Hocko Cc: Igor Mammedov Cc: Dave Young Cc: Andrew Morton Cc: Dan Williams Cc: Pavel Tatashin Cc: Stefan Hajnoczi Cc: Vlastimil Babka Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-8-david@redhat.com Signed-off-by: Michael S. Tsirkin commit aa218795cb5fd583c94fc838dc76b7379dc4976a Author: David Hildenbrand Date: Thu May 7 16:01:30 2020 +0200 mm: Allow to offline unmovable PageOffline() pages via MEM_GOING_OFFLINE virtio-mem wants to allow to offline memory blocks of which some parts were unplugged (allocated via alloc_contig_range()), especially, to later offline and remove completely unplugged memory blocks. The important part is that PageOffline() has to remain set until the section is offline, so these pages will never get accessed (e.g., when dumping). The pages should not be handed back to the buddy (which would require clearing PageOffline() and result in issues if offlining fails and the pages are suddenly in the buddy). Let's allow to do that by allowing to isolate any PageOffline() page when offlining. This way, we can reach the memory hotplug notifier MEM_GOING_OFFLINE, where the driver can signal that he is fine with offlining this page by dropping its reference count. PageOffline() pages with a reference count of 0 can then be skipped when offlining the pages (like if they were free, however they are not in the buddy). Anybody who uses PageOffline() pages and does not agree to offline them (e.g., Hyper-V balloon, XEN balloon, VMWare balloon for 2MB pages) will not decrement the reference count and make offlining fail when trying to migrate such an unmovable page. So there should be no observable change. Same applies to balloon compaction users (movable PageOffline() pages), the pages will simply be migrated. Note 1: If offlining fails, a driver has to increment the reference count again in MEM_CANCEL_OFFLINE. Note 2: A driver that makes use of this has to be aware that re-onlining the memory block has to be handled by hooking into onlining code (online_page_callback_t), resetting the page PageOffline() and not giving them to the buddy. Reviewed-by: Alexander Duyck Acked-by: Michal Hocko Tested-by: Pankaj Gupta Acked-by: Andrew Morton Cc: Andrew Morton Cc: Juergen Gross Cc: Konrad Rzeszutek Wilk Cc: Pavel Tatashin Cc: Alexander Duyck Cc: Vlastimil Babka Cc: Johannes Weiner Cc: Anthony Yznaga Cc: Michal Hocko Cc: Oscar Salvador Cc: Mel Gorman Cc: Mike Rapoport Cc: Dan Williams Cc: Anshuman Khandual Cc: Qian Cai Cc: Pingfan Liu Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-7-david@redhat.com Signed-off-by: Michael S. Tsirkin commit 255f598507083905995ecab96392770ae03aac7f Author: David Hildenbrand Date: Thu May 7 16:01:29 2020 +0200 virtio-mem: Paravirtualized memory hotunplug part 2 We also want to unplug online memory (contained in online memory blocks and, therefore, managed by the buddy), and eventually replug it later. When requested to unplug memory, we use alloc_contig_range() to allocate subblocks in online memory blocks (so we are the owner) and send them to our hypervisor. When requested to plug memory, we can replug such memory using free_contig_range() after asking our hypervisor. We also want to mark all allocated pages PG_offline, so nobody will touch them. To differentiate pages that were never onlined when onlining the memory block from pages allocated via alloc_contig_range(), we use PageDirty(). Based on this flag, virtio_mem_fake_online() can either online the pages for the first time or use free_contig_range(). It is worth noting that there are no guarantees on how much memory can actually get unplugged again. All device memory might completely be fragmented with unmovable data, such that no subblock can get unplugged. We are not touching the ZONE_MOVABLE. If memory is onlined to the ZONE_MOVABLE, it can only get unplugged after that memory was offlined manually by user space. In normal operation, virtio-mem memory is suggested to be onlined to ZONE_NORMAL. In the future, we will try to make unplug more likely to succeed. Add a module parameter to control if online memory shall be touched. As we want to access alloc_contig_range()/free_contig_range() from kernel module context, export the symbols. Note: Whenever virtio-mem uses alloc_contig_range(), all affected pages are on the same node, in the same zone, and contain no holes. Acked-by: Michal Hocko # to export contig range allocator API Tested-by: Pankaj Gupta Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Oscar Salvador Cc: Michal Hocko Cc: Igor Mammedov Cc: Dave Young Cc: Andrew Morton Cc: Dan Williams Cc: Pavel Tatashin Cc: Stefan Hajnoczi Cc: Vlastimil Babka Cc: Mel Gorman Cc: Mike Rapoport Cc: Alexander Duyck Cc: Alexander Potapenko Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-6-david@redhat.com Signed-off-by: Michael S. Tsirkin commit c627ff5d982276908188fae86dbe727ed49c9594 Author: David Hildenbrand Date: Thu May 7 16:01:28 2020 +0200 virtio-mem: Paravirtualized memory hotunplug part 1 Unplugging subblocks of memory blocks that are offline is easy. All we have to do is watch out for concurrent onlining activity. Tested-by: Pankaj Gupta Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Oscar Salvador Cc: Michal Hocko Cc: Igor Mammedov Cc: Dave Young Cc: Andrew Morton Cc: Dan Williams Cc: Pavel Tatashin Cc: Stefan Hajnoczi Cc: Vlastimil Babka Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-5-david@redhat.com Signed-off-by: Michael S. Tsirkin commit f2af6d3978d74a7891d0f428537b4494498202cb Author: David Hildenbrand Date: Thu May 7 16:01:27 2020 +0200 virtio-mem: Allow to specify an ACPI PXM as nid We want to allow to specify (similar as for a DIMM), to which node a virtio-mem device (and, therefore, its memory) belongs. Add a new virtio-mem feature flag and export pxm_to_node, so it can be used in kernel module context. Acked-by: Michal Hocko # for the export Acked-by: "Rafael J. Wysocki" # for the export Acked-by: Pankaj Gupta Tested-by: Pankaj Gupta Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Oscar Salvador Cc: Michal Hocko Cc: Igor Mammedov Cc: Dave Young Cc: Andrew Morton Cc: Dan Williams Cc: Pavel Tatashin Cc: Stefan Hajnoczi Cc: Vlastimil Babka Cc: Len Brown Cc: linux-acpi@vger.kernel.org Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-4-david@redhat.com Signed-off-by: Michael S. Tsirkin commit dfb0b2e46d04d0b58754426184571a959bf30dce Author: David Hildenbrand Date: Thu May 7 16:01:26 2020 +0200 MAINTAINERS: Add myself as virtio-mem maintainer Let's make sure patches/bug reports find the right person. Cc: "Michael S. Tsirkin" Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-3-david@redhat.com Signed-off-by: Michael S. Tsirkin commit 5f1f79bbc9e26fa9412fa9522f957bb8f030c442 Author: David Hildenbrand Date: Thu May 7 16:01:25 2020 +0200 virtio-mem: Paravirtualized memory hotplug Each virtio-mem device owns exactly one memory region. It is responsible for adding/removing memory from that memory region on request. When the device driver starts up, the requested amount of memory is queried and then plugged to Linux. On request, further memory can be plugged or unplugged. This patch only implements the plugging part. On x86-64, memory can currently be plugged in 4MB ("subblock") granularity. When required, a new memory block will be added (e.g., usually 128MB on x86-64) in order to plug more subblocks. Only x86-64 was tested for now. The online_page callback is used to keep unplugged subblocks offline when onlining memory - similar to the Hyper-V balloon driver. Unplugged pages are marked PG_offline, to tell dump tools (e.g., makedumpfile) to skip them. User space is usually responsible for onlining the added memory. The memory hotplug notifier is used to synchronize virtio-mem activity against memory onlining/offlining. Each virtio-mem device can belong to a NUMA node, which allows us to easily add/remove small chunks of memory to/from a specific NUMA node by using multiple virtio-mem devices. Something that works even when the guest has no idea about the NUMA topology. One way to view virtio-mem is as a "resizable DIMM" or a DIMM with many "sub-DIMMS". This patch directly introduces the basic infrastructure to implement memory unplug. Especially the memory block states and subblock bitmaps will be heavily used there. Notes: - In case memory is to be onlined by user space, we limit the amount of offline memory blocks, to not run out of memory. This is esp. an issue if memory is added faster than it is getting onlined. - Suspend/Hibernate is not supported due to the way virtio-mem devices behave. Limited support might be possible in the future. - Reloading the device driver is not supported. Reviewed-by: Pankaj Gupta Tested-by: Pankaj Gupta Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Oscar Salvador Cc: Michal Hocko Cc: Igor Mammedov Cc: Dave Young Cc: Andrew Morton Cc: Dan Williams Cc: Pavel Tatashin Cc: Stefan Hajnoczi Cc: Vlastimil Babka Cc: "Rafael J. Wysocki" Cc: Len Brown Cc: linux-acpi@vger.kernel.org Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200507140139.17083-2-david@redhat.com Signed-off-by: Michael S. Tsirkin commit 18e643cd6c4dcdb09510a4bf739438e7cd1ae1f2 Author: Samuel Zou Date: Sat May 9 10:20:02 2020 +0800 vdpasim: Fix some coccinelle warnings Fix below warnings reported by coccicheck: drivers/vdpa/vdpa_sim/vdpa_sim.c:104:1-10: WARNING: Assignment of 0/1 to bool variable drivers/vdpa/vdpa_sim/vdpa_sim.c:164:7-11: WARNING: Unsigned expression compared with zero: read <= 0 drivers/vdpa/vdpa_sim/vdpa_sim.c:169:7-12: WARNING: Unsigned expression compared with zero: write <= 0 1. The 'ready' variable in vdpasim_virtqueue struct is bool type. It is better to initialize vq->ready to false 2. Modify 'read' and 'write' variables type from size_t to ssize_t. And preserve the reverse christmas tree ordering of local variables. Fixes: 2c53d0f64c06 ("vdpasim: vDPA device simulator") Reported-by: Hulk Robot Signed-off-by: Samuel Zou Link: https://lore.kernel.org/r/1588990802-28451-1-git-send-email-zou_wei@huawei.com Signed-off-by: Michael S. Tsirkin commit 7dd793f37e2ab4ca6585df8cfb1a1fcf44f61248 Author: Zhu Lingshan Date: Tue May 12 16:00:44 2020 +0800 ifcvf: move IRQ request/free to status change handlers This commit move IRQ request and free operations from probe() to VIRTIO status change handler to comply with VIRTIO spec. VIRTIO spec 1.1, section 2.1.2 Device Requirements: Device Status Field The device MUST NOT consume buffers or send any used buffer notifications to the driver before DRIVER_OK. Signed-off-by: Zhu Lingshan Link: https://lore.kernel.org/r/1589270444-3669-1-git-send-email-lingshan.zhu@intel.com Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang commit 002ef18eff43708be1d914cb11dbdd84fb149474 Author: Guennadi Liakhovetski Date: Wed May 27 20:05:38 2020 +0200 vhost: (cosmetic) remove a superfluous variable initialisation Even the compiler is able to figure out that in this case the initialisation is superfluous. Signed-off-by: Guennadi Liakhovetski Link: https://lore.kernel.org/r/20200527180541.5570-3-guennadi.liakhovetski@linux.intel.com Signed-off-by: Michael S. Tsirkin commit d90ca42012db2863a9a30b564a2ace6016594bda Author: Longpeng(Mike) Date: Tue Jun 2 15:05:01 2020 +0800 crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() The src/dst length is not aligned with AES_BLOCK_SIZE(which is 16) in some testcases in tcrypto.ko. For example, the src/dst length of one of cts(cbc(aes))'s testcase is 17, the crypto_virtio driver will set @src_data_len=16 but @dst_data_len=17 in this case and get a wrong at then end. SRC: pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp (17 bytes) EXP: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc pp (17 bytes) DST: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 00 (pollute the last bytes) (pp: plaintext cc:ciphertext) Fix this issue by limit the length of dest buffer. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Cc: Gonglei Cc: Herbert Xu Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: "David S. Miller" Cc: virtualization@lists.linux-foundation.org Cc: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Longpeng(Mike) Link: https://lore.kernel.org/r/20200602070501.2023-4-longpeng2@huawei.com Signed-off-by: Michael S. Tsirkin commit 8c855f0720ff006d75d0a2512c7f6c4f60ff60ee Author: Longpeng(Mike) Date: Tue Jun 2 15:05:00 2020 +0800 crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() The system'll crash when the users insmod crypto/tcrypto.ko with mode=155 ( testing "authenc(hmac(sha1),cbc(aes))" ). It's caused by reuse the memory of request structure. In crypto_authenc_init_tfm(), the reqsize is set to: [PART 1] sizeof(authenc_request_ctx) + [PART 2] ictx->reqoff + [PART 3] MAX(ahash part, skcipher part) and the 'PART 3' is used by both ahash and skcipher in turn. When the virtio_crypto driver finish skcipher req, it'll call ->complete callback(in crypto_finalize_skcipher_request) and then free its resources whose pointers are recorded in 'skcipher parts'. However, the ->complete is 'crypto_authenc_encrypt_done' in this case, it will use the 'ahash part' of the request and change its content, so virtio_crypto driver will get the wrong pointer after ->complete finish and mistakenly free some other's memory. So the system will crash when these memory will be used again. The resources which need to be cleaned up are not used any more. But the pointers of these resources may be changed in the function "crypto_finalize_skcipher_request". Thus release specific resources before calling this function. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Reported-by: LABBE Corentin Cc: Gonglei Cc: Herbert Xu Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: "David S. Miller" Cc: virtualization@lists.linux-foundation.org Cc: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200123101000.GB24255@Red Acked-by: Gonglei Signed-off-by: Longpeng(Mike) Link: https://lore.kernel.org/r/20200602070501.2023-3-longpeng2@huawei.com Signed-off-by: Michael S. Tsirkin commit b02989f37fc5e865ceeee9070907e4493b3a21e2 Author: Longpeng(Mike) Date: Tue Jun 2 15:04:59 2020 +0800 crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() The system will crash when the users insmod crypto/tcrypt.ko with mode=38 ( testing "cts(cbc(aes))" ). Usually the next entry of one sg will be @sg@ + 1, but if this sg element is part of a chained scatterlist, it could jump to the start of a new scatterlist array. Fix it by sg_next() on calculation of src/dst scatterlist. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Reported-by: LABBE Corentin Cc: Herbert Xu Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: "David S. Miller" Cc: virtualization@lists.linux-foundation.org Cc: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200123101000.GB24255@Red Signed-off-by: Gonglei Signed-off-by: Longpeng(Mike) Link: https://lore.kernel.org/r/20200602070501.2023-2-longpeng2@huawei.com Signed-off-by: Michael S. Tsirkin commit fb69c2c896fc8289b0d9e2c0791472e7cd398bca Author: Alexander Duyck Date: Fri May 8 10:40:06 2020 -0700 virtio-balloon: Disable free page reporting if page poison reporting is not enabled We should disable free page reporting if page poisoning is enabled but we cannot report it via the balloon interface. This way we can avoid the possibility of corrupting guest memory. Normally the page poisoning feature should always be present when free page reporting is enabled on the hypervisor, however this allows us to correctly handle a case of the virtio-balloon device being possibly misconfigured. Fixes: 5d757c8d518d ("virtio-balloon: add support for providing free page reports to host") Cc: stable@vger.kernel.org Acked-by: David Hildenbrand Signed-off-by: Alexander Duyck Link: https://lore.kernel.org/r/20200508173732.17877.85060.stgit@localhost.localdomain Signed-off-by: Michael S. Tsirkin commit 4b4e4867d92205158c524842f59b1c1caeb969fe Author: Michael S. Tsirkin Date: Thu Jun 4 14:47:29 2020 -0400 vhost_vdpa: disable doorbell mapping for !MMU There could be ways to support doorbell mapping with !MMU, but things like pgprot_noncached are not universally supported. Fixable, but just disable this for now. Signed-off-by: Michael S. Tsirkin commit ddd89d0a059d8e9740c75a97e0efe9bf07ee51f9 Author: Jason Wang Date: Fri May 29 16:03:01 2020 +0800 vhost_vdpa: support doorbell mapping via mmap Currently the doorbell is relayed via eventfd which may have significant overhead because of the cost of vmexits or syscall. This patch introduces mmap() based doorbell mapping which can eliminate the overhead caused by vmexit or syscall. To ease the userspace modeling of the doorbell layout (usually virtio-pci), this patch starts from a doorbell per page model. Vhost-vdpa only support the hardware doorbell that sit at the boundary of a page and does not share the page with other registers. Doorbell of each virtqueue must be mapped separately, pgoff is the index of the virtqueue. This allows userspace to map a subset of the doorbell which may be useful for the implementation of software assisted virtqueue (control vq) in the future. Signed-off-by: Jason Wang Link: https://lore.kernel.org/r/20200529080303.15449-5-jasowang@redhat.com Signed-off-by: Michael S. Tsirkin commit c25a26e653a61b93339dcd1b734c889df60b3eef Author: Jason Wang Date: Fri May 29 16:03:00 2020 +0800 vdpa: introduce get_vq_notification method This patch introduces a new method in the vdpa_config_ops which reports the physical address and the size of the doorbell for a specific virtqueue. This will be used by the future patches that maps doorbell to userspace. Signed-off-by: Jason Wang Link: https://lore.kernel.org/r/20200529080303.15449-4-jasowang@redhat.com Signed-off-by: Michael S. Tsirkin commit 5ce995f313ce56c0c62425c3ddc37c5c50fc33db Author: Jason Wang Date: Fri May 29 16:02:59 2020 +0800 vhost: use mmgrab() instead of mmget() for non worker device For the device that doesn't use vhost worker and use_mm(), mmget() is too heavy weight and it may brings troubles for implementing mmap() support for vDPA device. This is because, an reference to the address space was held via mm_get() in vhost_dev_set_owner() and an reference to the file was held in mmap(). This means when process exits, the mm can not be released thus we can not release the file. This patch tries to use mmgrab() instead of mmget(), which allows the address space to be destroy in process exit without releasing the mm structure itself. This is sufficient for vDPA device which pin user pages and does not depend on the address space to work. Signed-off-by: Jason Wang Link: https://lore.kernel.org/r/20200529080303.15449-3-jasowang@redhat.com Signed-off-by: Michael S. Tsirkin commit 01fcb1cbc88effb3493c6197efc96b69b9f4823a Author: Jason Wang Date: Fri May 29 16:02:58 2020 +0800 vhost: allow device that does not depend on vhost worker vDPA device currently relays the eventfd via vhost worker. This is inefficient due the latency of wakeup and scheduling, so this patch tries to introduce a use_worker attribute for the vhost device. When use_worker is not set with vhost_dev_init(), vhost won't try to allocate a worker thread and the vhost_poll will be processed directly in the wakeup function. This help for vDPA since it reduces the latency caused by vhost worker. In my testing, it saves 0.2 ms in pings between VMs on a mutual host. Signed-off-by: Zhu Lingshan Signed-off-by: Jason Wang Link: https://lore.kernel.org/r/20200529080303.15449-2-jasowang@redhat.com Signed-off-by: Michael S. Tsirkin commit ba4e627921b179539dc97706ca12e7a244833741 Merge: 3741679ba4b4 11362b1befea Author: Paolo Bonzini Date: Thu Jun 4 14:58:03 2020 -0400 Merge tag 'kvm-ppc-next-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into HEAD PPC KVM update for 5.8 - Updates and bug fixes for secure guest support - Other minor bug fixes and cleanups. commit 331cc667a99c633abbbebeab4675beae713fb331 Author: Steve French Date: Tue Jun 2 23:30:50 2020 -0500 cifs: update internal module version number To 2.27 Signed-off-by: Steve French commit 2f58967979409ea3ec799343aa35e9007f735a3b Author: Aurelien Aptel Date: Fri Apr 24 16:55:31 2020 +0200 cifs: multichannel: try to rebind when reconnecting a channel first steps in trying to make channels properly reconnect. * add cifs_ses_find_chan() function to find the enclosing cifs_chan struct it belongs to * while we have the session lock and are redoing negprot and sess.setup in smb2_reconnect() redo the binding of channels. Signed-off-by: Aurelien Aptel Signed-off-by: Steve French commit 8eec79540d2b9cec385707be45f6e9388b34020f Author: Aurelien Aptel Date: Fri Apr 24 15:24:05 2020 +0200 cifs: multichannel: use pointer for binding channel Add a cifs_chan pointer in struct cifs_ses that points to the channel currently being bound if ses->binding is true. Previously it was always the channel past the established count. This will make reconnecting (and rebinding) a channel easier later on. Signed-off-by: Aurelien Aptel Signed-off-by: Steve French commit edb161353680e6d488d94cbcaf967745bee98d17 Author: Steve French Date: Sun May 31 14:36:56 2020 -0500 smb3: remove static checker warning Remove static checker warning pointed out by Dan Carpenter: The patch feeaec621c09: "cifs: multichannel: move channel selection above transport layer" from Apr 24, 2020, leads to the following static checker warning: fs/cifs/smb2pdu.c:149 smb2_hdr_assemble() error: we previously assumed 'tcon->ses' could be null (see line 133) Reported-by: Dan Carpenter CC: Aurelien Aptel Signed-off-by: Steve French commit 352d96f3acc6e02099f58a24d5cabce7f8ee061f Author: Aurelien Aptel Date: Sun May 31 12:38:22 2020 -0500 cifs: multichannel: move channel selection above transport layer Move the channel (TCP_Server_Info*) selection from the tranport layer to higher in the call stack so that: - credit handling is done with the server that will actually be used to send. * ->wait_mtu_credit * ->set_credits / set_credits * ->add_credits / add_credits * add_credits_and_wake_if - potential reconnection (smb2_reconnect) done when initializing a request is checked and done with the server that will actually be used to send. To do this: - remove the cifs_pick_channel() call out of compound_send_recv() - select channel and pass it down by adding a cifs_pick_channel(ses) call in: - smb311_posix_mkdir - SMB2_open - SMB2_ioctl - __SMB2_close - query_info - SMB2_change_notify - SMB2_flush - smb2_async_readv (if none provided in context param) - SMB2_read (if none provided in context param) - smb2_async_writev (if none provided in context param) - SMB2_write (if none provided in context param) - SMB2_query_directory - send_set_info - SMB2_oplock_break - SMB311_posix_qfs_info - SMB2_QFS_info - SMB2_QFS_attr - smb2_lockv - SMB2_lease_break - smb2_compound_op - smb2_set_ea - smb2_ioctl_query_info - smb2_query_dir_first - smb2_query_info_comound - smb2_query_symlink - cifs_writepages - cifs_write_from_iter - cifs_send_async_read - cifs_read - cifs_readpages - add TCP_Server_Info *server param argument to: - cifs_send_recv - compound_send_recv - SMB2_open_init - SMB2_query_info_init - SMB2_set_info_init - SMB2_close_init - SMB2_ioctl_init - smb2_iotcl_req_init - SMB2_query_directory_init - SMB2_notify_init - SMB2_flush_init - build_qfs_info_req - smb2_hdr_assemble - smb2_reconnect - fill_small_buf - smb2_plain_req_init - __smb2_plain_req_init The read/write codepath is different than the rest as it is using pages, io iterators and async calls. To deal with those we add a server pointer in the cifs_writedata/cifs_readdata/cifs_io_parms context struct and set it in: - cifs_writepages (wdata) - cifs_write_from_iter (wdata) - cifs_readpages (rdata) - cifs_send_async_read (rdata) The [rw]data->server pointer is eventually copied to cifs_io_parms->server to pass it down to SMB2_read/SMB2_write. If SMB2_read/SMB2_write is called from a different place that doesn't set the server field it will pick a channel. Some places do not pick a channel and just use ses->server or cifs_ses_server(ses). All cifs_ses_server(ses) calls are in codepaths involving negprot/sess.setup. - SMB2_negotiate (binding channel) - SMB2_sess_alloc_buffer (binding channel) - SMB2_echo (uses provided one) - SMB2_logoff (uses master) - SMB2_tdis (uses master) (list not exhaustive) Signed-off-by: Aurelien Aptel Signed-off-by: Steve French commit 7c06514afd38ed7a4b83edfd39ab033c804b4cf3 Author: Aurelien Aptel Date: Thu Jun 4 17:23:55 2020 +0200 cifs: multichannel: always zero struct cifs_io_parms SMB2_read/SMB2_write check and use cifs_io_parms->server, which might be uninitialized memory. This change makes all callers zero-initialize the struct. Signed-off-by: Aurelien Aptel Signed-off-by: Steve French commit 8e84a61a9c5ce55c5707448bb3c2cc544fccaa21 Author: Kenneth D'souza Date: Thu Jun 4 21:14:41 2020 +0530 cifs: dump Security Type info in DebugData Currently the end user is unaware with what sec type the cifs share is mounted if no sec= option is parsed. With this patch one can easily check from DebugData. Example: 1) Name: x.x.x.x Uses: 1 Capability: 0x8001f3fc Session Status: 1 Security type: RawNTLMSSP Signed-off-by: Kenneth D'souza Signed-off-by: Roberto Bergantinos Corpas Signed-off-by: Steve French Acked-by: Aurelien Aptel commit e78790f84a5417287965a06cd4dea85df0743935 Author: Sahitya Tummala Date: Tue Jun 2 18:11:47 2020 +0530 f2fs: fix retry logic in f2fs_write_cache_pages() In case a compressed file is getting overwritten, the current retry logic doesn't include the current page to be retried now as it sets the new start index as 0 and new end index as writeback_index - 1. This causes the corresponding cluster to be uncompressed and written as normal pages without compression. Fix this by allowing writeback to be retried for the current page as well (in case of compressed page getting retried due to index mismatch with cluster index). So that this cluster can be written compressed in case of overwrite. Also, align f2fs_write_cache_pages() according to the change - <64081362e8ff>("mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock"). Signed-off-by: Sahitya Tummala Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim commit 3741679ba4b4b207e52587cfbee1a9bba947b15b Author: Anthony Yznaga Date: Tue Jun 2 13:07:30 2020 -0700 KVM: x86: minor code refactor and comments fixup around dirty logging Consolidate the code and correct the comments to show that the actions taken to update existing mappings to disable or enable dirty logging are not necessary when creating, moving, or deleting a memslot. Signed-off-by: Anthony Yznaga Message-Id: <1591128450-11977-4-git-send-email-anthony.yznaga@oracle.com> Signed-off-by: Paolo Bonzini commit 4b44295538b421de2de8b5754472284fe2daa4e9 Author: Anthony Yznaga Date: Tue Jun 2 13:07:29 2020 -0700 KVM: x86: avoid unnecessary rmap walks when creating/moving slots On large memory guests it has been observed that creating a memslot for a very large range can take noticeable amount of time. Investigation showed that the time is spent walking the rmaps to update existing sptes to remove write access or set/clear dirty bits to support dirty logging. These rmap walks are unnecessary when creating or moving a memslot. A newly created memslot will not have any existing mappings, and the existing mappings of a moved memslot will have been invalidated and flushed. Any mappings established once the new/moved memslot becomes visible will be set using the properties of the new slot. Signed-off-by: Anthony Yznaga Message-Id: <1591128450-11977-3-git-send-email-anthony.yznaga@oracle.com> Signed-off-by: Paolo Bonzini commit 5688fed649f15a232e75148afb0a28864046f44c Author: Anthony Yznaga Date: Tue Jun 2 13:07:28 2020 -0700 KVM: x86: remove unnecessary rmap walk of read-only memslots There's no write access to remove. An existing memslot cannot be updated to set or clear KVM_MEM_READONLY, and any mappings established in a newly created or moved read-only memslot will already be read-only. Signed-off-by: Anthony Yznaga Message-Id: <1591128450-11977-2-git-send-email-anthony.yznaga@oracle.com> Signed-off-by: Paolo Bonzini commit 7ec28e264f2e52089c14c6f8eba1ce7b6501e59b Author: Denis Efremov Date: Wed Jun 3 13:11:31 2020 +0300 KVM: Use vmemdup_user() Replace opencoded alloc and copy with vmemdup_user(). Signed-off-by: Denis Efremov Message-Id: <20200603101131.2107303-1-efremov@linux.com> Signed-off-by: Paolo Bonzini commit 9fb4c5250f10dc4d8257cd766991be690eb25c5b Merge: a789d5f8a99a f55d9895884b Author: Linus Torvalds Date: Thu Jun 4 11:13:03 2020 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching Pull livepatching updates from Jiri Kosina: - simplifications and improvements for issues Peter Ziljstra found during his previous work on W^X cleanups. This allows us to remove livepatch arch-specific .klp.arch sections and add proper support for jump labels in patched code. Also, this patchset removes the last module_disable_ro() usage in the tree. Patches from Josh Poimboeuf and Peter Zijlstra - a few other minor cleanups * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching: MAINTAINERS: add lib/livepatch to LIVE PATCHING livepatch: add arch-specific headers to MAINTAINERS livepatch: Make klp_apply_object_relocs static MAINTAINERS: adjust to livepatch .klp.arch removal module: Make module_enable_ro() static again x86/module: Use text_mutex in apply_relocate_add() module: Remove module_disable_ro() livepatch: Remove module_disable_ro() usage x86/module: Use text_poke() for late relocations s390/module: Use s390_kernel_write() for late relocations s390: Change s390_kernel_write() return type to match memcpy() livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols livepatch: Remove .klp.arch livepatch: Apply vmlinux-specific KLP relocations early livepatch: Disallow vmlinux.ko commit 0e96edd9a9c2e75ece7f581d4f75d26b38cd53ba Author: Sean Christopherson Date: Wed May 27 20:11:21 2020 -0700 x86/kvm: Remove defunct KVM_DEBUG_FS Kconfig Remove KVM_DEBUG_FS, which can easily be misconstrued as controlling KVM-as-a-host. The sole user of CONFIG_KVM_DEBUG_FS was removed by commit cfd8983f03c7b ("x86, locking/spinlocks: Remove ticket (spin)lock implementation"). Signed-off-by: Sean Christopherson Message-Id: <20200528031121.28904-1-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit a789d5f8a99a366778a6e42b3700a246244201a6 Merge: 631d6914085b 16ba7e312045 Author: Linus Torvalds Date: Thu Jun 4 11:10:14 2020 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid Pull HID updates from Jiri Kosina: - hid-mcp2221 GPIO support, from Rishi Gupta - MT_CLS_WIN_8_DUAL obsolete quirk removal from hid-multitouch, from Kai-Heng Feng - a bunch of new hardware support to hid-asus driver, from Hans de Goede - other assorted small fixes, cleanups and device-specific quirks * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid: HID: multitouch: Remove MT_CLS_WIN_8_DUAL HID: multitouch: enable multi-input as a quirk for some devices HID: sony: Fix for broken buttons on DS3 USB dongles HID: Add quirks for Trust Panora Graphic Tablet HID: apple: Swap the Fn and Left Control keys on Apple keyboards HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option HID: asus: Fix mute and touchpad-toggle keys on Medion Akoya E1239T HID: asus: Add support for multi-touch touchpad on Medion Akoya E1239T HID: asus: Add report_size to struct asus_touchpad_info HID: asus: Add hid_is_using_ll_driver(usb_hid_driver) check HID: asus: Simplify skipping of mappings for Asus T100CHI keyboard-dock HID: asus: Only set EV_REP if we are adding a mapping HID: i2c-hid: add Schneider SCL142ALM to descriptor override HID: intel-ish-hid: avoid bogus uninitialized-variable warning HID: mcp2221: add GPIO functionality support HID: fix typo in Kconfig HID: logitech: drop outdated references to unifying receivers commit 631d6914085b4eea8d68a84f800974a6ad8fb5c0 Merge: a0a4d17e02a8 d9b8fbf15d05 Author: Linus Torvalds Date: Thu Jun 4 11:07:38 2020 -0700 Merge tag 'sound-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound updates from Takashi Iwai: "It was another busy development cycle, and the majority of changes are found in ASoC side. Below are Some highlights. ASoC core: - Lots of core cleanups and refactorings, still on-going work by Morimoto-san ASoC drivers: - Continued work on cleaning up and improving the Intel SOF stuff, along with new platform support including SoundWire - Fixes to make the Marvell SSPA driver work upstream - Support for AMD Renoir ACP, Dialog DA7212, Freescale EASRC and i.MX8M, Intel Elkhard Lake, Maxim MAX98390, Nuvoton NAU8812 and NAU8814 and Realtek RT1016. USB-audio: - Improvement for sync and implicit feedback streams with the more accurate frame size calculation and full-duplex support - Support for RME Babyface Pro and Prioneer DJ DJM HD-audio: - Fixes for Mic mute LED on HP machines - Re-enable support of Intel SST driver for SKL/KBL platforms FireWire: - Lots of refactoring, add support for RME FireFace and MOTU UltraLite-mk3" * tag 'sound-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (428 commits) ALSA: es1688: Add the missed snd_card_free() ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support ASoC: qcom: q6asm-dai: kCFI fix ASoC: soc-card: add snd_soc_card_remove_dai_link() ASoC: soc-card: add snd_soc_card_add_dai_link() ASoC: soc-card: add snd_soc_card_set_bias_level_post() ASoC: soc-card: add snd_soc_card_set_bias_level() ASoC: soc-card: add snd_soc_card_remove() ASoC: soc-card: add snd_soc_card_late_probe() ASoC: soc-card: add snd_soc_card_probe() ASoC: soc-card: add probed bit field to snd_soc_card ASoC: soc-card: add snd_soc_card_resume_post() ASoC: soc-card: add snd_soc_card_resume_pre() ASoC: soc-card: add snd_soc_card_suspend_post() ASoC: soc-card: add snd_soc_card_suspend_pre() ASoC: soc-card: move snd_soc_card_subclass to soc-card ASoC: soc-card: move snd_soc_card_get_codec_dai() to soc-card ASoC: soc-card: move snd_soc_card_set/get_drvdata() to soc-card ASoC: soc-card: move snd_soc_card_jack_new() to soc-card ... commit a0a4d17e02a80a74a63c7cbb7bc8cea2f0b7d8b1 Merge: 86c67ce20d08 46d079790663 Author: Linus Torvalds Date: Thu Jun 4 11:05:27 2020 -0700 Merge branch 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux Pull pcmcia updates from Dominik Brodowski: "Two minor PCMCIA odd fixes: one replacing zero-length arrays with a flexible-array member, and one making a local function static" * 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux: pcmcia: make pccard_loop_tuple() static pcmcia: Replace zero-length array with flexible-array commit 86c67ce20d080bdfefafd461d3068cad0a49a66b Merge: 9875b201e05a 59ea3c9faf32 Author: Linus Torvalds Date: Thu Jun 4 11:03:45 2020 -0700 Merge tag 'leds-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/pavel/linux-leds Pull LED updates from Pavel Machek: "New drivers: aw2013, sgm3140, some fixes Nothing much to see here, next release should be more interesting" * tag 'leds-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/pavel/linux-leds: leds: add aw2013 driver dt-bindings: leds: Add binding for aw2013 leds: trigger: remove redundant assignment to variable ret leds: netxbig: Convert to use GPIO descriptors leds: add sgm3140 driver dt-bindings: leds: Add binding for sgm3140 leds: ariel: Add driver for status LEDs on Dell Wyse 3020 leds: pwm: check result of led_pwm_set() in led_pwm_add() leds: tlc591xxt: hide error on EPROBE_DEFER leds: tca6507: Include the right header leds: lt3593: Drop surplus include leds: lp3952: Include the right header leds: lm355x: Drop surplus include commit 2bd81cd04a3f5eb873cc81fa16c469377be3b092 Merge: 5a881eb3d138 3e5095eebe01 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:20 2020 -0500 Merge branch 'remotes/lorenzo/pci/vmd' - Fix vmd resource address calculation using Host Physical Address shadow register (Jon Derrick) * remotes/lorenzo/pci/vmd: PCI: vmd: Filter resource type bits from shadow register commit 5a881eb3d138bd1408ea22d2c2917a935b2a1ea9 Merge: 62e8a5ad4732 bca718988b90 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:19 2020 -0500 Merge branch 'remotes/lorenzo/pci/v3-semi' - Fix memory leak in probe error paths (Christophe JAILLET) * remotes/lorenzo/pci/v3-semi: PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths commit 62e8a5ad47323d21c4364e0c2f7852f9a9fef036 Merge: 51755de7398c fcee90cdf6f3 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:19 2020 -0500 Merge branch 'remotes/lorenzo/pci/tegra' - Fix error message for failure to get reset GPIO from DT (Pali Rohár) - Fix runtime PM imbalance on error path (both tegra and tegra194) (Dinghao Liu) * remotes/lorenzo/pci/tegra: PCI: tegra: Fix runtime PM imbalance on error PCI: tegra194: Fix runtime PM imbalance on error PCI: tegra: Fix reporting GPIO error value commit 51755de7398c596abbce6890ca6c62525f87d981 Merge: c521b7d5b804 56ad4a1b368a Author: Bjorn Helgaas Date: Thu Jun 4 12:59:18 2020 -0500 Merge branch 'remotes/lorenzo/pci/rcar' - Fix rcar OB window programming (Andrew Murray) - Add rcar suspend/resume support (Kazufumi Ikeda) - Add r8a77961 to DT binding (Yoshihiro Shimoda) - Rename pcie-rcar.c to pcie-rcar-host.c to make room for endpoint mode (Lad Prabhakar) - Move shareable code to pcie-rcar.c (Lad Prabhakar) - Correct PCIEPAMR mask calculation for "size < 128" (Lad Prabhakar) - Add endpoint support for multiple outbound memory windows (Lad Prabhakar) - Add R-Car PCIe endpoint driver and DT bindings (Lad Prabhakar) * remotes/lorenzo/pci/rcar: MAINTAINERS: Add file patterns for rcar PCI device tree bindings PCI: rcar: Add endpoint mode support dt-bindings: PCI: rcar: Add bindings for R-Car PCIe endpoint controller PCI: endpoint: Add support to handle multiple base for mapping outbound memory PCI: endpoint: Pass page size as argument to pci_epc_mem_init() PCI: rcar: Fix calculating mask for PCIEPAMR register PCI: rcar: Move shareable code to a common file PCI: rcar: Rename pcie-rcar.c to pcie-rcar-host.c dt-bindings: pci: rcar: add r8a77961 support PCI: rcar: Add suspend/resume PCI: rcar: Fix incorrect programming of OB windows commit c521b7d5b8047ee7d1800cea003831fb790b5019 Merge: 210d8ea82a0b 1446978d560f Author: Bjorn Helgaas Date: Thu Jun 4 12:59:18 2020 -0500 Merge branch 'remotes/lorenzo/pci/pci-bridge-emul' - Fix conflicts in pci-bridge-emul descriptions of Device Status and Slot Control (Jon Derrick) - Add emulation for more Device Status, Link Control, and Slot Control bits (Jon Derrick) - Improve emulation of reserved bits (Jon Derrick) * remotes/lorenzo/pci/pci-bridge-emul: PCI: pci-bridge-emul: Eliminate the 'reserved' member PCI: pci-bridge-emul: Update for PCIe 5.0 r1.0 PCI: pci-bridge-emul: Fix Root Cap/Status comment PCI: pci-bridge-emul: Fix PCIe bit conflicts commit 210d8ea82a0bd4ea10ee46690a1edf5def9dcd63 Merge: 7c9908d3c8ef 7fdde0f9a571 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:17 2020 -0500 Merge branch 'remotes/lorenzo/pci/misc' - Correct MAINTAINERS typo for NXP LAYERSCAPE GEN4 (Lukas Bulwahn) - Make PCI endpoint doc section labels unique (Bryce Willey) * remotes/lorenzo/pci/misc: Documentation: PCI: Give unique labels to sections MAINTAINERS: correct typo in new NXP LAYERSCAPE GEN4 commit 7c9908d3c8ef66411fc6a6e31ee283712c13928a Merge: d388e541e2e3 d0684fd0bd79 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:17 2020 -0500 Merge branch 'remotes/lorenzo/pci/hv' - Release resource in probe failure path (Wei Hu) - Retry PCI bus D0 entry if device state is invalid (Wei Hu) - Use struct_size() to help avoid type mistakes (Gustavo A. R. Silva) * remotes/lorenzo/pci/hv: PCI: hv: Use struct_size() helper PCI: hv: Retry PCI bus D0 entry on invalid device state PCI: hv: Fix the PCI HyperV probe failure path to release resource properly commit d388e541e2e3e26adfd9b1c99144176a73e19f95 Merge: d611b2b85331 b2f75a41eaa6 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:16 2020 -0500 Merge branch 'remotes/lorenzo/pci/host-generic' - Constify struct pci_ecam_ops (Rob Herring) - Support building as modules (Rob Herring) - Eliminate wrappers for pci_host_common_probe() by using DT match table data (Rob Herring) * remotes/lorenzo/pci/host-generic: PCI: host-generic: Eliminate pci_host_common_probe wrappers PCI: host-generic: Support building as modules PCI: Constify struct pci_ecam_ops # Conflicts: # drivers/pci/controller/dwc/pcie-hisi.c commit d611b2b85331f3c69863d78835e95d1a5d01f2ef Merge: b9fcf4910b72 0e86d981f9b7 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:16 2020 -0500 Merge branch 'remotes/lorenzo/pci/endpoint' - Avoid NULL pointer dereference in dma_release_channel() (Kunihiko Hayashi) * remotes/lorenzo/pci/endpoint: PCI: endpoint: functions/pci-epf-test: Fix DMA channel release commit b9fcf4910b72dd4d94b36989df5d6bcf7795c18d Merge: 712879510fa4 8d7e33d6811f Author: Bjorn Helgaas Date: Thu Jun 4 12:59:15 2020 -0500 Merge branch 'remotes/lorenzo/pci/dwc' - Simplify computation of msix_tbl (Jiri Slaby) - Make hisi_pcie_platform_ops static (Zou Wei) - Warn about resources above 4G (Alan Mikhak) - Make intel_pcie_cpu_addr() static (Jason Yan) - Use devm_platform_ioremap_resource_byname() to simplify code and improve error checking (Wei Yongjun) - Fix inner MSI IRQ domain registration so it doesn't confuse debugfs (Marc Zyngier) - Don't use FAST_LINK_MODE on meson (Marc Zyngier) - Add Socionext UniPhier Pro5 PCIe endpoint controller driver and DT description (Kunihiko Hayashi) * remotes/lorenzo/pci/dwc: PCI: uniphier: Add Socionext UniPhier Pro5 PCIe endpoint controller driver dt-bindings: PCI: Add UniPhier PCIe endpoint controller description PCI: dwc: Use private data pointer of "struct irq_domain" to get pcie_port PCI: amlogic: meson: Don't use FAST_LINK_MODE to set up link PCI: dwc: Fix inner MSI IRQ domain registration PCI: dwc: pci-dra7xx: Use devm_platform_ioremap_resource_byname() PCI: dwc: intel: Make intel_pcie_cpu_addr() static PCI: dwc: Program outbound ATU upper limit register PCI: dwc: Make hisi_pcie_platform_ops static PCI: dwc: Clean up computing of msix_tbl commit 712879510fa4930b65748046426ac4a730512bba Merge: a1dcc1aa6f67 7fb39bf2a1de Author: Bjorn Helgaas Date: Thu Jun 4 12:59:15 2020 -0500 Merge branch 'remotes/lorenzo/pci/cadence' - Deprecate 'cdns,max-outbound-regions' and 'cdns,no-bar-match-nbits' bindings in favor of deriving them from 'ranges' and 'dma-ranges' (Kishon Vijay Abraham I) - Read Vendor and Device ID as 32 bits (not 16) from DT (Kishon Vijay Abraham I) * remotes/lorenzo/pci/cadence: PCI: cadence: Fix to read 32-bit Vendor ID/Device ID property from DT PCI: cadence: Remove "cdns,max-outbound-regions" DT property dt-bindings: PCI: cadence: Deprecate inbound/outbound specific bindings commit a1dcc1aa6f67243e1622a55a345a37343af14b4e Merge: 754262d1befb c65822fef4ad Author: Bjorn Helgaas Date: Thu Jun 4 12:59:14 2020 -0500 Merge branch 'remotes/lorenzo/pci/brcmstb' - Assert fundamental reset on initialization (Nicolas Saenz Julienne) - Remove unnecessary clk_put(); devm_clk_get() handles this automatically (Jim Quinlan) - Fix outbound memory window register stride offset (Jim Quinlan) - Add "aspm-no-l0s" property for brcmstb and disable ASPM L0s when present (Jim Quinlan) - Add property to notify Raspberry Pi firmware of xHCI reset (Nicolas Saenz Julienne) - Add Raspberry Pi VL805 xHCI init function to trigger VL805 firmware load (Nicolas Saenz Julienne) - Wait in brcmstb probe for Raspberry Pi VL805 firmware initialization (Nicolas Saenz Julienne) - Load Raspberry Pi VL805 firmware in USB early handoff quirk (Nicolas Saenz Julienne) * remotes/lorenzo/pci/brcmstb: USB: pci-quirks: Add Raspberry Pi 4 quirk PCI: brcmstb: Wait for Raspberry Pi's firmware when present firmware: raspberrypi: Introduce vl805 init routine soc: bcm2835: Add notify xHCI reset property PCI: brcmstb: Disable L0s component of ASPM if requested dt-bindings: PCI: brcmstb: New prop 'aspm-no-l0s' PCI: brcmstb: Fix window register offset from 4 to 8 PCI: brcmstb: Don't clk_put() a managed clock PCI: brcmstb: Assert fundamental reset on initialization commit 754262d1befb16a9581b7ccfa9d1e17d41c54969 Merge: 075a383389d7 c96efe265692 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:14 2020 -0500 Merge branch 'remotes/lorenzo/pci/altera' - Fix altera whitespace (Colin Ian King) * remotes/lorenzo/pci/altera: PCI: altera: Clean up indentation issue on a return statement commit 075a383389d71b0afde7feacd1a6ad6f247fa411 Merge: 39a1af761950 e89897c9dec7 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:14 2020 -0500 Merge branch 'remotes/lorenzo/pci/aardvark' - Train link immediately after enabling link training to avoid issues with Compex WLE900VX and Turris MOX devices (Pali Rohár) - Remove ASPM config and let the PCI core do it (Pali Rohár) - Interpret zero 'max-link-speed' value as invalid (Pali Rohár) - Respect the 'max-link-speed' property and improve link training (Marek Behún) - Issue PERST via GPIO (Pali Rohár) - Add PHY support (Marek Behún) - Use standard PCIe capability macros (Pali Rohár) - Document new 'max-link-speed', 'phys', and 'reset-gpios' properties (Marek Behún) * remotes/lorenzo/pci/aardvark: dt-bindings: PCI: aardvark: Describe new properties PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros PCI: aardvark: Add PHY support PCI: aardvark: Add FIXME comment for PCIE_CORE_CMD_STATUS_REG access PCI: aardvark: Issue PERST via GPIO PCI: aardvark: Improve link training PCI: of: Zero max-link-speed value is invalid PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register PCI: aardvark: Train link immediately after enabling training commit 39a1af76195086349c4302f01e498a5fcbcb11d6 Merge: 0085090d7d58 3247bd10a450 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:13 2020 -0500 Merge branch 'pci/virtualization' - Remove unused xen_register_pirq() parameter (Wei Liu) - Quirk AMD Matisse HD Audio & USB 3.0 devices where FLR hangs the device (Marcos Scriven) - Quirk AMD Starship USB 3.0 device where FLR doesn't seem to work (Kevin Buettner) - Add ACS quirk for Intel RCiEPs (Ashok Raj) * pci/virtualization: PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints PCI: Avoid FLR for AMD Starship USB 3.0 PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 x86/PCI: Drop unused xen_register_pirq() gsi_override parameter commit 0085090d7d5844e4ddedc612bd65939ce043c18f Merge: b16666b85359 b8af85492fbf Author: Bjorn Helgaas Date: Thu Jun 4 12:59:13 2020 -0500 Merge branch 'pci/switchtec' - Fix a minor bool type issue (Krzysztof Wilczynski) * pci/switchtec: PCI/switchtec: Correct bool variable type assignment commit b16666b853597531a798f57e7cb38d510c9e6efd Merge: ae7322a06d22 d09ddd8190fb Author: Bjorn Helgaas Date: Thu Jun 4 12:59:12 2020 -0500 Merge branch 'pci/resource' - Allow resizing BARs of devices on root bus (Ard Biesheuvel) * pci/resource: PCI: Allow pci_resize_resource() for devices on root bus commit ae7322a06d225fadfc43a3eda950fc2b65d2d7a1 Merge: ff33cc2fc01c ec411e02b7a2 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:12 2020 -0500 Merge branch 'pci/pm' - Check .bridge_d3() hook for NULL before calling it (Bjorn Helgaas) - Disable PME# for Pericom OHCI/UHCI USB controllers because it's not reliably asserted on USB hotplug (Kai-Heng Feng) - Assume ports without DLL Link Active train links in 100 ms to work around Thunderbolt bridge defects (Mika Westerberg) * pci/pm: PCI/PM: Assume ports without DLL Link Active train links in 100 ms PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect serial: 8250_pci: Move Pericom IDs to pci_ids.h PCI/PM: Call .bridge_d3() hook only if non-NULL commit ff33cc2fc01c3db06bc9428cdfc1551be167da1a Merge: 9f91d05e4aac 7d5b10fcb81e Author: Bjorn Helgaas Date: Thu Jun 4 12:59:11 2020 -0500 Merge branch 'pci/p2pdma' - Add AMD Zen Raven and Renoir Root Ports to P2PDMA whitelist (Alex Deucher) * pci/p2pdma: PCI/P2PDMA: Add AMD Zen Raven and Renoir Root Ports to whitelist commit 9f91d05e4aaceb46d9f39da9fa3c9c64643b9154 Merge: 08d6c8fca74c 3910ebaca8ea Author: Bjorn Helgaas Date: Thu Jun 4 12:59:11 2020 -0500 Merge branch 'pci/misc' - Clarify that platform_get_irq() should never return 0 (Bjorn Helgaas) - Check for platform_get_irq() failure consistently (Bjorn Helgaas) - Replace zero-length array with flexible-array (Gustavo A. R. Silva) - Unify pcie_find_root_port() and pci_find_pcie_root_port() (Yicong Yang) - Quirk Intel C620 MROMs, which have non-BARs in BAR locations (Xiaochun Lee) - Fix pcie_pme_resume() and pcie_pme_remove() kernel-doc (Jay Fang) - Rename _DSM constants to align with spec (Krzysztof Wilczyński) * pci/misc: PCI: Rename _DSM constants to align with spec PCI/PME: Fix kernel-doc of pcie_pme_resume() and pcie_pme_remove() x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs PCI: Unify pcie_find_root_port() and pci_find_pcie_root_port() PCI: Replace zero-length array with flexible-array PCI: Check for platform_get_irq() failure consistently driver core: platform: Clarify that IRQ 0 is invalid commit 08d6c8fca74c502bbb82c265bdd34096f4beb7bb Merge: 1a765adf3353 8c8ff55b4da7 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:10 2020 -0500 Merge branch 'pci/kconfig' - Remove unnecessary "default y" Kconfig options (Bjorn Helgaas) * pci/kconfig: PCI/AER: Don't select CONFIG_PCIEAER by default PCI: keystone: Don't select CONFIG_PCI_KEYSTONE_HOST by default PCI: dra7xx: Don't select CONFIG_PCI_DRA7XX_HOST by default commit 1a765adf33531d5665fd69098be70ddc1047d644 Merge: 8810a9c4f15c cfbd83d02da7 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:10 2020 -0500 Merge branch 'pci/hotplug' - Remove unused pciehp EMI() and HP_SUPR_RM() macros (Ani Sinha) - Use of_node_name_eq() for node name comparisons (Rob Herring) - Convert shpchp_unconfigure_device() to void (Krzysztof Wilczynski) * pci/hotplug: PCI: shpchp: Make shpchp_unconfigure_device() void PCI: Use of_node_name_eq() for node name comparisons PCI: pciehp: Remove unused EMI() and HP_SUPR_RM() macros commit 8810a9c4f15ca33a2c3fc2a89653d03b294b0a85 Merge: 8ab064e93103 9103aaf9b40c Author: Bjorn Helgaas Date: Thu Jun 4 12:59:09 2020 -0500 Merge branch 'pci/error' - Log only ACPI_NOTIFY_DISCONNECT_RECOVER events for EDR, not all ACPI SYSTEM-level events (Kuppuswamy Sathyanarayanan) - Rely only on _OSC (not _OSC + HEST FIRMWARE_FIRST) to negotiate AER Capability ownership (Alexandru Gagniuc) - Remove HEST/FIRMWARE_FIRST parsing that was previously used to help intuit AER Capability ownership (Kuppuswamy Sathyanarayanan) - Remove redundant pci_is_pcie() and dev->aer_cap checks (Kuppuswamy Sathyanarayanan) - Print IRQ number used by DPC (Yicong Yang) * pci/error: PCI/DPC: Print IRQ number used by port PCI/AER: Use "aer" variable for capability offset PCI/AER: Remove redundant dev->aer_cap checks PCI/AER: Remove redundant pci_is_pcie() checks PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership PCI/AER: Use only _OSC to determine AER ownership PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events commit 8ab064e93103592bb38f8e77d52e15561df619ec Merge: 15d5a0157f31 11fdcf050328 Author: Bjorn Helgaas Date: Thu Jun 4 12:59:09 2020 -0500 Merge branch 'pci/enumeration' - Fix pci_register_host_bridge() device_register() error handling (Rob Herring) - Fix pci_host_bridge struct device release/free handling (Rob Herring) - Program MPS for RCiEP devices (Ashok Raj) - Inherit PTM settings from Switch Upstream Port so we can enable PTM on Endpoints (Bjorn Helgaas) - Add #defines for bridge windows (PCI_BRIDGE_IO_WINDOW, PCI_BRIDGE_MEM_WINDOW, etc) (Krzysztof Wilczynski) * pci/enumeration: pcmcia: Use CardBus window names (PCI_CB_BRIDGE_IO_0_WINDOW etc) when freeing PCI: Use bridge window names (PCI_BRIDGE_IO_WINDOW etc) PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port PCI: Program MPS for RCiEP devices PCI: Fix pci_host_bridge struct device release/free handling PCI: Fix pci_register_host_bridge() device_register() error handling commit 15d5a0157f31a874c94a0c8142c9bd7d494cb374 Merge: 8f3d9f354286 66ff14e59e8a Author: Bjorn Helgaas Date: Thu Jun 4 12:59:09 2020 -0500 Merge branch 'pci/aspm' - Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (Kai-Heng Feng) * pci/aspm: PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges commit 9875b201e05a8dfd107530853a0d021c8eea95d1 Merge: 0486a39a6d6c bbb7ad49b835 Author: Linus Torvalds Date: Thu Jun 4 10:54:45 2020 -0700 Merge tag 'tag-chrome-platform-for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux Pull chrome platform updates from Benson Leung: "cros_ec_typec: - Add notifier for update, and register port partner Sensors/iio: - Fixes to cros_ec_sensorhub around allocation of resources, and send_sample Wilco EC: - Fix to output format of h1_gpio Misc: - Misc fixes to appease kernel-doc and other warnings - Set user space log size in chromeos_pstore" * tag 'tag-chrome-platform-for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux: platform/chrome: cros_usbpd_logger: Add __printf annotation to append_str() platform/chrome: cros_ec_i2c: Appease the kernel-doc deity platform/chrome: typec: Fix ret value check error platform/chrome: cros_ec_typec: Register port partner platform/chrome: cros_ec_typec: Add struct for port data platform/chrome: cros_ec_typec: Use notifier for updates platform/chrome: cros_ec_ishtp: free ishtp buffer before sending event platform/chrome: cros_ec_ishtp: skip old cros_ec responses platform/chrome: wilco_ec: Provide correct output format to 'h1_gpio' file platform/chrome: chromeos_pstore: set user space log size commit 0f78355c450835053fed85828c9d6526594c0921 Author: Huacai Chen Date: Sat May 23 15:56:41 2020 +0800 KVM: MIPS: Enable KVM support for Loongson-3 This patch enable KVM support for Loongson-3 by selecting HAVE_KVM, but only enable KVM/VZ on Loongson-3A R4+ (because VZ of early processors are incomplete). Besides, Loongson-3 support SMP guests, so we clear the linked load bit of LLAddr in kvm_vz_vcpu_load() if the guest has more than one VCPUs. Acked-by: Thomas Bogendoerfer Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-15-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit dc6d95b153e78ed70b1b2c04aadffb76bcd2b3ec Author: Huacai Chen Date: Sat May 23 15:56:40 2020 +0800 KVM: MIPS: Add more MMIO load/store instructions emulation This patch add more MMIO load/store instructions emulation, which can be observed in QXL and some other device drivers: 1, LWL, LWR, LDW, LDR, SWL, SWR, SDL and SDR for all MIPS; 2, GSLBX, GSLHX, GSLWX, GSLDX, GSSBX, GSSHX, GSSWX and GSSDX for Loongson-3. Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-14-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 8a5097ee90c25656db23f44520a9dad7983d88fb Author: Huacai Chen Date: Sat May 23 15:56:39 2020 +0800 KVM: MIPS: Add CONFIG6 and DIAG registers emulation Loongson-3 has CONFIG6 and DIAG registers which need to be emulated. CONFIG6 is mostly used to enable/disable FTLB and SFB, while DIAG is mostly used to flush BTB, ITLB, DTLB, VTLB and FTLB. Acked-by: Thomas Bogendoerfer Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-13-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 7f2a83f1c2a941ebfee53f504ed5fdbc61cfb333 Author: Huacai Chen Date: Sat May 23 15:56:38 2020 +0800 KVM: MIPS: Add CPUCFG emulation for Loongson-3 Loongson-3 overrides lwc2 instructions to implement CPUCFG and CSR read/write functions. These instructions all cause guest exit so CSR doesn't benifit KVM guest (and there are always legacy methods to provide the same functions as CSR). So, we only emulate CPUCFG and let it return a reduced feature list (which means the virtual CPU doesn't have any other advanced features, including CSR) in KVM. Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-12-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit f21db3090de2c056728dee76d5fb66343aaf6dd1 Author: Huacai Chen Date: Sat May 23 15:56:37 2020 +0800 KVM: MIPS: Add Loongson-3 Virtual IPI interrupt support This patch add Loongson-3 Virtual IPI interrupt support in the kernel. The current implementation of IPI emulation in QEMU is based on GIC for MIPS, but Loongson-3 doesn't use GIC. Furthermore, IPI emulation in QEMU is too expensive for performance (because of too many context switches between Host and Guest). With current solution, the IPI delay may even cause RCU stall warnings in a multi-core Guest. So, we design a faster solution that emulate IPI interrupt in kernel (only used by Loongson-3 now). Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-11-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 0486a39a6d6c8db78bde4d7b9c44e32dcc6050d4 Merge: 302d5b3321aa 072cb8b628d3 Author: Linus Torvalds Date: Thu Jun 4 10:50:22 2020 -0700 Merge tag 'linux-watchdog-5.8-rc1' of git://www.linux-watchdog.org/linux-watchdog Pull watchdog updates from Wim Van Sebroeck: - add new arm_smc_wdt watchdog driver - da9062 and da9063 improvements - clarify documentation about stop() that became optional - document r8a7742 support - some overall fixes and improvements * tag 'linux-watchdog-5.8-rc1' of git://www.linux-watchdog.org/linux-watchdog: watchdog: m54xx: Add missing include dt-bindings: watchdog: renesas,wdt: Document r8a7742 support watchdog: Fix runtime PM imbalance on error watchdog: riowd: remove unneeded semicolon watchdog: Add new arm_smc_wdt watchdog driver dt-bindings: watchdog: Add ARM smc wdt for mt8173 watchdog watchdog: imx2_wdt: update contact email watchdog: iTCO: fix link error watchdog: da9062: No need to ping manually before setting timeout watchdog: da9063: Make use of pre-configured timeout during probe watchdog: da9062: Initialize timeout during probe watchdog: clarify that stop() is optional watchdog: imx_sc_wdt: Fix reboot on crash watchdog: ts72xx_wdt: fix build error commit 3f51d8fcac7a0925fb1222d932cb3baa776b1e79 Author: Huacai Chen Date: Sat May 23 15:56:36 2020 +0800 KVM: MIPS: Add more types of virtual interrupts In current implementation, MIPS KVM uses IP2, IP3, IP4 and IP7 for external interrupt, two kinds of IPIs and timer interrupt respectively, but Loongson-3 based machines prefer to use IP2, IP3, IP6 and IP7 for two kinds of external interrupts, IPI and timer interrupt. So we define two priority-irq mapping tables: kvm_loongson3_priority_to_irq[] for Loongson-3, and kvm_default_priority_to_irq[] for others. The virtual interrupt infrastructure is updated to deliver all types of interrupts from IP2, IP3, IP4, IP6 and IP7. Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-10-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 49bb96003fb19b77a0116d9330bdfd61aa41244b Author: Huacai Chen Date: Sat May 23 15:56:35 2020 +0800 KVM: MIPS: Let indexed cacheops cause guest exit on Loongson-3 Loongson-3's indexed cache operations need a node-id in the address, but in KVM guest the node-id may be incorrect. So, let indexed cache operations cause guest exit on Loongson-3. Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-9-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 52c07e1cbb6e16a0fe70646b4bc63f714caa0f3b Author: Huacai Chen Date: Sat May 23 15:56:34 2020 +0800 KVM: MIPS: Use root tlb to control guest's CCA for Loongson-3 KVM guest has two levels of address translation: guest tlb translates GVA to GPA, and root tlb translates GPA to HPA. By default guest's CCA is controlled by guest tlb, but Loongson-3 maintains all cache coherency by hardware (including multi-core coherency and I/O DMA coherency) so it prefers all guest mappings be cacheable mappings. Thus, we use root tlb to control guest's CCA for Loongson-3. Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-8-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 3210e2c279fee1076978b49988acdd935a6f7435 Author: Huacai Chen Date: Sat May 23 15:56:33 2020 +0800 KVM: MIPS: Introduce and use cpu_guest_has_ldpte Loongson-3 has lddir/ldpte instructions and their related CP0 registers are the same as HTW. So we introduce a cpu_guest_has_ldpte flag and use it to indicate whether we need to save/restore HTW related CP0 registers (PWBase, PWSize, PWField and PWCtl). Acked-by: Thomas Bogendoerfer Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-7-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 8bf31295030e35ef1e9e1b25b02041423f8291d3 Author: Huacai Chen Date: Sat May 23 15:56:32 2020 +0800 KVM: MIPS: Use lddir/ldpte instructions to lookup gpa_mm.pgd Loongson-3 can use lddir/ldpte instuctions to accelerate page table walking, so use them to lookup gpa_mm.pgd. Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-6-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit bf10efbb81bf0c7ae6ebac3320b5b40c323463f3 Author: Huacai Chen Date: Sat May 23 15:56:31 2020 +0800 KVM: MIPS: Add EVENTFD support which is needed by VHOST Add EVENTFD support for KVM/MIPS, which is needed by VHOST. Tested on Loongson-3 platform. Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-5-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 210b4b9112b699df4c33273bf7b02d9debd2f35e Author: Huacai Chen Date: Sat May 23 15:56:30 2020 +0800 KVM: MIPS: Increase KVM_MAX_VCPUS and KVM_USER_MEM_SLOTS to 16 Loongson-3 based machines can have as many as 16 CPUs, and so does memory slots, so increase KVM_MAX_VCPUS and KVM_USER_MEM_SLOTS to 16. Reviewed-by: Aleksandar Markovic Signed-off-by: Huacai Chen Co-developed-by: Jiaxun Yang Message-Id: <1590220602-3547-4-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit 5816c76dea116a458f1932eefe064e35403248eb Author: Xing Li Date: Sat May 23 15:56:29 2020 +0800 KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits If a CPU support more than 32bit vmbits (which is true for 64bit CPUs), VPN2_MASK set to fixed 0xffffe000 will lead to a wrong EntryHi in some functions such as _kvm_mips_host_tlb_inv(). The cpu_vmbits definition of 32bit CPU in cpu-features.h is 31, so we still use the old definition. Cc: Stable Reviewed-by: Aleksandar Markovic Signed-off-by: Xing Li [Huacai: Improve commit messages] Signed-off-by: Huacai Chen Message-Id: <1590220602-3547-3-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit fe2b73dba47fb6d6922df1ad44e83b1754d5ed4d Author: Xing Li Date: Sat May 23 15:56:28 2020 +0800 KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) The code in decode_config4() of arch/mips/kernel/cpu-probe.c asid_mask = MIPS_ENTRYHI_ASID; if (config4 & MIPS_CONF4_AE) asid_mask |= MIPS_ENTRYHI_ASIDX; set_cpu_asid_mask(c, asid_mask); set asid_mask to cpuinfo->asid_mask. So in order to support variable ASID_MASK, KVM_ENTRYHI_ASID should also be changed to cpu_asid_mask(&boot_cpu_data). Cc: Stable #4.9+ Reviewed-by: Aleksandar Markovic Signed-off-by: Xing Li [Huacai: Change current_cpu_data to boot_cpu_data for optimization] Signed-off-by: Huacai Chen Message-Id: <1590220602-3547-2-git-send-email-chenhc@lemote.com> Signed-off-by: Paolo Bonzini commit dddb3e26f6d88c5344d28cb5ff9d3d6fa05c4f7a Author: Jens Axboe Date: Thu Jun 4 11:27:01 2020 -0600 io_uring: re-set iov base/len for buffer select retry We already have the buffer selected, but we should set the iter list again. Cc: stable@vger.kernel.org # v5.7 Signed-off-by: Jens Axboe commit 302d5b3321aa61ff4ab15f0abc737d923355d33d Merge: 512b7d37ee0a 479da1f538a2 Author: Linus Torvalds Date: Thu Jun 4 10:43:07 2020 -0700 Merge tag 'backlight-next-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight Pull backlight updates from Lee Jones: "Core Framework: - Add backlight_device_get_by_name() to the API New Device Support: - Add support for WLED5 to Qualcomm WLED Fix-ups: - Convert to GPIO descriptors in l4f00242t03 - Device Tree fix-ups for qcom-wled Bug Fixes: - Properly disable regulators on .probe() failure" * tag 'backlight-next-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight: backlight: Add backlight_device_get_by_name() backlight: qcom-wled: Add support for WLED5 peripheral that is present on PM8150L PMICs dt-bindings: backlight: qcom-wled: Add WLED5 bindings backlight: qcom-wled: Add callback functions dt-bindings: backlight: qcom-wled: Convert the wled bindings to .yaml format backlight: l4f00242t03: Convert to GPIO descriptors backlight: lp855x: Ensure regulators are disabled on probe failure commit 512b7d37ee0a9b4e2b5fafcd0b7c65a3f6e430ca Merge: acf25aa66371 098c4adf249c Author: Linus Torvalds Date: Thu Jun 4 10:38:42 2020 -0700 Merge tag 'mfd-next-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD updates from Lee Jones: "Core Frameworks: - Constify 'properties' attribute in core header file New Drivers: - Add support for Gateworks System Controller - Add support for MediaTek MT6358 PMIC - Add support for Mediatek MT6360 PMIC - Add support for Monolithic Power Systems MP2629 ADC and Battery charger Fix-ups: - Use new I2C API in htc-i2cpld - Remove superfluous code in sprd-sc27xx-spi - Improve error handling in stm32-timers - Device Tree additions/fixes in mt6397 - Defer probe betterment in wm8994-core - Improve module handling in wm8994-core - Staticify in stpmic1 - Trivial (spelling, formatting) in tqmx86 Bug Fixes: - Fix incorrect register/PCI IDs in intel-lpss-pci - Fix unbalanced Regulator API calls in wm8994-core - Fix double free() in wcd934x - Remove IRQ domain on failure in stmfx - Reset chip on resume in stmfx - Disable/enable IRQs on suspend/resume in stmfx - Do not use bulk writes on H/W which does not support them in max77620" * tag 'mfd-next-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: (29 commits) mfd: mt6360: Remove duplicate REGMAP_IRQ_REG_LINE() entry mfd: Add support for PMIC MT6360 mfd: max77620: Use single-byte writes on MAX77620 mfd: wcd934x: Drop kfree for memory allocated with devm_kzalloc mfd: stmfx: Disable IRQ in suspend to avoid spurious interrupt mfd: stmfx: Fix stmfx_irq_init error path mfd: stmfx: Reset chip on resume as supply was disabled mfd: wm8994: Silence warning about supplies during deferred probe mfd: wm8994: Fix unbalanced calls to regulator_bulk_disable() mfd: wm8994: Fix driver operation if loaded as modules dt-bindings: mfd: mediatek: Add MT6397 Pin Controller mfd: Constify properties in mfd_cell mfd: stm32-timers: Use dma_request_chan() instead dma_request_slave_channel() mfd: sprd: Remove unnecessary spi_bus_type setting mfd: intel-lpss: Update LPSS UART #2 PCI ID for Jasper Lake mfd: tqmx86: Fix a typo in MODULE_DESCRIPTION mfd: stpmic1: Make stpmic1_regmap_config static mfd: htc-i2cpld: Convert to use i2c_new_client_device() MAINTAINERS: Add entry for mp2629 Battery Charger driver power: supply: mp2629: Add impedance compensation config ... commit acf25aa66371359f542d14e8d993b530fe25d7ac Merge: a484a497c98a ef26650a201f Author: Linus Torvalds Date: Thu Jun 4 10:31:05 2020 -0700 Merge tag 'Smack-for-5.8' of git://github.com/cschaufler/smack-next Pull smack updates from Casey Schaufler: "Clean out dead code and repair an out-of-bounds warning" * tag 'Smack-for-5.8' of git://github.com/cschaufler/smack-next: Smack: Remove unused inline function smk_ad_setfield_u_fs_path_mnt Smack:- Remove redundant inode_smack cache Smack:- Remove mutex lock "smk_lock" from inode_smack Smack: slab-out-of-bounds in vsscanf smack: remove redundant structure variable from header. smack: avoid unused 'sip' variable warning commit a484a497c98a0447aca2d70de19d11b1d66e6ef7 Merge: 38b3a5aaf2fd b6f61c314649 Author: Linus Torvalds Date: Thu Jun 4 10:27:07 2020 -0700 Merge tag 'keys-next-20200602' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull keyring updates from David Howells: - Fix a documentation warning. - Replace a zero-length array with a flexible one - Make the big_key key type use ChaCha20Poly1305 and use the crypto algorithm directly rather than going through the crypto layer. - Implement the update op for the big_key type. * tag 'keys-next-20200602' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: keys: Implement update for the big_key type security/keys: rewrite big_key crypto to use library interface KEYS: Replace zero-length array with flexible-array Documentation: security: core.rst: add missing argument commit 38b3a5aaf2fd35e997550b855cfb7460b077236a Merge: 6929f71e46bd 3e9b26dc2268 Author: Linus Torvalds Date: Thu Jun 4 10:17:59 2020 -0700 Merge tag 'perf-tools-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux Pull perf tooling updates from Arnaldo Carvalho de Melo: "These are additional changes to the perf tools, on top of what Ingo already submitted. - Further Intel PT call-trace fixes - Improve SELinux docs and tool warnings - Fix race at exit in 'perf record' using eventfd. - Add missing build tests to the default set of 'make -C tools/perf build-test' - Sync msr-index.h getting new AMD MSRs to decode and filter in 'perf trace'. - Fix fallback to libaudit in 'perf trace' for arches not using per-arch *.tbl files. - Fixes for 'perf ftrace'. - Fixes and improvements for the 'perf stat' metrics. - Use dummy event to get PERF_RECORD_{FORK,MMAP,etc} while synthesizing those metadata events for pre-existing threads. - Fix leaks detected using clang tooling. - Improvements to PMU event metric testing. - Report summary for 'perf stat' interval mode at the end, summing up all the intervals. - Improve pipe mode, i.e. this now works as expected, continuously dumping samples: # perf record -g -e raw_syscalls:sys_enter | perf --no-pager script - Fixes for event grouping, detecting incompatible groups such as: # perf stat -e '{cycles,power/energy-cores/}' -v WARNING: group events cpu maps do not match, disabling group: anon group { power/energy-cores/, cycles } power/energy-cores/: 0 cycles: 0-7 - Fixes for 'perf probe': blacklist address checking, number of kretprobe instances, etc. - JIT processing improvements and fixes plus the addition of a 'perf test' entry for the java demangler. - Add support for synthesizing first/last level cache, TLB and remove access events from HW tracing in the auxtrace code, first to use is ARM SPE. - Vendor events updates and fixes, including for POWER9 and Intel. - Allow using ~/.perfconfig for removing the ',' separators in 'perf stat' output. - Opt-in support for libpfm4" * tag 'perf-tools-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: (120 commits) perf tools: Remove some duplicated includes perf symbols: Fix kernel maps for kcore and eBPF tools arch x86: Sync the msr-index.h copy with the kernel sources perf stat: Ensure group is defined on top of the same cpu mask perf libdw: Fix off-by 1 relative directory includes perf arm-spe: Support synthetic events perf auxtrace: Add four itrace options perf tools: Move arm-spe-pkt-decoder.h/c to the new dir perf test: Initialize memory in dwarf-unwind perf tests: Don't tail call optimize in unwind test tools compiler.h: Add attribute to disable tail calls perf build: Add a LIBPFM4=1 build test entry perf tools: Add optional support for libpfm4 perf tools: Correct license on jsmn JSON parser perf jit: Fix inaccurate DWARF line table perf jvmti: Remove redundant jitdump line table entries perf build: Add NO_SDT=1 to the default set of build tests perf build: Add NO_LIBCRYPTO=1 to the default set of build tests perf build: Add NO_SYSCALL_TABLE=1 to the build tests perf build: Remove libaudit from the default feature checks ... commit d2b6f48b691ed67569786c332f0173b918d3fd1b Author: Pavel Begunkov Date: Wed Jun 3 18:03:25 2020 +0300 io_uring: move send/recv IOPOLL check into prep Fail recv/send in case of IORING_SETUP_IOPOLL earlier during prep, so it'd be done only once. Removes duplication as well Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit ec65fea5a8d7a82d3137dd2a44197eb577da111f Author: Pavel Begunkov Date: Wed Jun 3 18:03:24 2020 +0300 io_uring: deduplicate io_openat{,2}_prep() io_openat_prep() and io_openat2_prep() are identical except for how struct open_how is built. Deduplicate it with a helper. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 25e72d1012b30bdff712b563e6141a4f311d28d6 Author: Pavel Begunkov Date: Wed Jun 3 18:03:23 2020 +0300 io_uring: do build_open_how() only once build_open_how() is just adjusting open_flags/mode. Do it once during prep. It looks better than storing raw values for the future. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe commit 3232dd02af65f2d01be641120d2a710176b0c7a7 Author: Pavel Begunkov Date: Wed Jun 3 18:03:22 2020 +0300 io_uring: fix {SQ,IO}POLL with unsupported opcodes IORING_SETUP_IOPOLL is defined only for read/write, other opcodes should be disallowed, otherwise it'll get an error as below. Also refuse open/close with SQPOLL, as the polling thread wouldn't know which file table to use. RIP: 0010:io_iopoll_getevents+0x111/0x5a0 Call Trace: ? _raw_spin_unlock_irqrestore+0x24/0x40 ? do_send_sig_info+0x64/0x90 io_iopoll_reap_events.part.0+0x5e/0xa0 io_ring_ctx_wait_and_kill+0x132/0x1c0 io_uring_release+0x20/0x30 __fput+0xcd/0x230 ____fput+0xe/0x10 task_work_run+0x67/0xa0 do_exit+0x353/0xb10 ? handle_mm_fault+0xd4/0x200 ? syscall_trace_enter+0x18c/0x2c0 do_group_exit+0x43/0xa0 __x64_sys_exit_group+0x18/0x20 do_syscall_64+0x60/0x1e0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Signed-off-by: Pavel Begunkov [axboe: allow provide/remove buffers and files update] Signed-off-by: Jens Axboe commit f5641d053d46a9a18fe13f2ecb4a7b4a66d9cdf7 Author: Kees Cook Date: Wed Jun 3 15:40:56 2020 -0700 pwm: Add missing "CONFIG_" prefix The IS_ENABLED() use was missing the CONFIG_ prefix which would have lead to skipping this code. Fixes: 3ad1f3a33286 ("pwm: Implement some checks for lowlevel drivers") Signed-off-by: Kees Cook Reviewed-by: Uwe Kleine-König Signed-off-by: Thierry Reding commit fa44b82eb8318facc56356afa897f3f3105172e1 Author: Babu Moger Date: Tue May 12 18:59:16 2020 -0500 KVM: x86: Move MPK feature detection to common code Both Intel and AMD support (MPK) Memory Protection Key feature. Move the feature detection from VMX to the common code. It should work for both the platforms now. Signed-off-by: Babu Moger Message-Id: <158932795627.44260.15144185478040178638.stgit@naples-babu.amd.com> Signed-off-by: Paolo Bonzini commit 65b1891499b1feb74aaab514c3d34080dc6702d8 Author: Xiaoyao Li Date: Thu Jun 4 12:16:36 2020 +0800 KVM: x86: Assign correct value to array.maxnent Delay the assignment of array.maxnent to use correct value for the case cpuid->nent > KVM_MAX_CPUID_ENTRIES. Fixes: e53c95e8d41e ("KVM: x86: Encapsulate CPUID entries and metadata in struct") Signed-off-by: Xiaoyao Li Message-Id: <20200604041636.1187-1-xiaoyao.li@intel.com> Signed-off-by: Paolo Bonzini commit f4f6bd93fdab6f03e20fbbb9e5c6d65fc81b1588 Author: Sean Christopherson Date: Wed Jun 3 13:33:03 2020 -0700 KVM: VMX: Always treat MSR_IA32_PERF_CAPABILITIES as a valid PMU MSR Unconditionally return true when querying the validity of MSR_IA32_PERF_CAPABILITIES so as to defer the validity check to intel_pmu_{get,set}_msr(), which can properly give the MSR a pass when the access is initiated from host userspace. The MSR is emulated so there is no underlying hardware dependency to worry about. Fixes: 27461da31089a ("KVM: x86/pmu: Support full width counting") Cc: Like Xu Signed-off-by: Sean Christopherson Message-Id: <20200603203303.28545-1-sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini commit 5311ebfb612f08ec2a712a86d0af7ee2b423a9fc Author: Christophe JAILLET Date: Sun May 31 13:00:15 2020 +0200 arm64: debug: mark a function as __init to save some memory 'debug_monitors_init()' is only called via 'postcore_initcall'. It can be marked as __init to save a few bytes of memory. Signed-off-by: Christophe JAILLET Reviewed-by: Douglas Anderson Link: https://lore.kernel.org/r/20200531110015.598607-1-christophe.jaillet@wanadoo.fr Signed-off-by: Will Deacon commit 333ed74689b8fca097574124fef7fa0e3d7f79d4 Author: Will Deacon Date: Wed Jun 3 12:16:37 2020 +0100 scs: Report SCS usage in bytes rather than number of entries Fix the SCS debug usage check so that we report the number of bytes used, rather than the number of entries. Fixes: 5bbaf9d1fcb9 ("scs: Add support for stack usage debugging") Reported-by: Sami Tolvanen Reviewed-by: Kees Cook Signed-off-by: Will Deacon commit d56f5136b01020155b6b0a29f69d924687529bee Author: Paolo Bonzini Date: Thu Jun 4 15:16:52 2020 +0200 KVM: let kvm_destroy_vm_debugfs clean up vCPU debugfs directories After commit 63d0434 ("KVM: x86: move kvm_create_vcpu_debugfs after last failure point") we are creating the pre-vCPU debugfs files after the creation of the vCPU file descriptor. This makes it possible for userspace to reach kvm_vcpu_release before kvm_create_vcpu_debugfs has finished. The vcpu->debugfs_dentry then does not have any associated inode anymore, and this causes a NULL-pointer dereference in debugfs_create_file. The solution is simply to avoid removing the files; they are cleaned up when the VM file descriptor is closed (and that must be after KVM_CREATE_VCPU returns). We can stop storing the dentry in struct kvm_vcpu too, because it is not needed anywhere after kvm_create_vcpu_debugfs returns. Reported-by: syzbot+705f4401d5a93a59b87d@syzkaller.appspotmail.com Fixes: 63d04348371b ("KVM: x86: move kvm_create_vcpu_debugfs after last failure point") Signed-off-by: Paolo Bonzini commit 8409f67b6437c4b327ee95a71081b9c7bfee0b00 Author: David Howells Date: Wed Apr 22 00:02:46 2020 +0100 afs: Adjust the fileserver rotation algorithm to reprobe/retry more quickly Adjust the fileserver rotation algorithm so that if we've tried all the addresses on a server (cumulatively over multiple operations) until we've run out of untried addresses, immediately reprobe all that server's interfaces and retry the op at least once before we move onto the next server. Signed-off-by: David Howells commit 32275d3f758f1252511709b77b3bab060a0e1d4f Author: David Howells Date: Sat May 2 13:44:50 2020 +0100 afs: Show more a bit more server state in /proc/net/afs/servers Display more information about the state of a server record, including the flags, rtt and break counter plus the probe state for each server in /proc/net/afs/servers. Rearrange the server flags a bit to make them easier to read at a glance in the proc file. Signed-off-by: David Howells commit f3c130e6e6d15822e1553531f91ecc8f3375bac3 Author: David Howells Date: Sat May 2 13:39:57 2020 +0100 afs: Don't use probe running state to make decisions outside probe code Don't use the running state for fileserver probes to make decisions about which server to use as the state is cleared at the start of a probe and also intermediate values might be misleading. Instead, add a separate 'latest known' rtt in the afs_server struct and a flag to indicate if the server is known to be responding and update these as and when we know what to change them to. Signed-off-by: David Howells commit f11a016a852f32e9c991baf6a036390eac5b4266 Author: David Howells Date: Fri May 1 22:06:02 2020 +0100 afs: Fix afs_statfs() to not let the values go below zero Fix afs_statfs() so that the value for f_bavail and f_bfree don't go "negative" if the number of blocks in use by a volume exceeds the max quota for that volume. Signed-off-by: David Howells commit 3c4c4075fc61f5c37a0112b1dc8398025dc3e26a Author: David Howells Date: Wed May 27 15:51:30 2020 +0100 afs: Fix the by-UUID server tree to allow servers with the same UUID Whilst it shouldn't happen, it is possible for multiple fileservers to share a UUID, particularly if an entire cell has been duplicated, UUIDs and all. In such a case, it's not necessarily possible to map the effect of the CB.InitCallBackState3 incoming RPC to a specific server unambiguously by UUID and thus to a specific cell. Indeed, there's a problem whereby multiple server records may need to occupy the same spot in the rb_tree rooted in the afs_net struct. Fix this by allowing servers to form a list, with the head of the list in the tree. When the front entry in the list is removed, the second in the list just replaces it. afs_init_callback_state() then just goes down the line, poking each server in the list. This means that some servers will be unnecessarily poked, unfortunately. An alternative would be to route by call parameters. Reported-by: Jeffrey Altman Signed-off-by: David Howells Fixes: d2ddc776a458 ("afs: Overhaul volume and server record caching and fileserver rotation") commit 20325960f8750165964a6891a733e4cc15d19076 Author: David Howells Date: Thu Apr 30 01:03:49 2020 +0100 afs: Reorganise volume and server trees to be rooted on the cell Reorganise afs_volume objects such that they're in a tree keyed on volume ID, rooted at on an afs_cell object rather than being in multiple trees, each of which is rooted on an afs_server object. afs_server structs become per-cell and acquire a pointer to the cell. The process of breaking a callback then starts with finding the server by its network address, following that to the cell and then looking up each volume ID in the volume tree. This is simpler than the afs_vol_interest/afs_cb_interest N:M mapping web and allows those structs and the code for maintaining them to be simplified or removed. It does make a couple of things a bit more tricky, though: (1) Operations now start with a volume, not a server, so there can be more than one answer as to whether or not the server we'll end up using supports the FS.InlineBulkStatus RPC. (2) CB RPC operations that specify the server UUID. There's still a tree of servers by UUID on the afs_net struct, but the UUIDs in it aren't guaranteed unique. Signed-off-by: David Howells commit cca37d45d547434144409ae648a19b7eb6db5eb4 Author: David Howells Date: Wed Apr 29 17:02:04 2020 +0100 afs: Add a tracepoint to track the lifetime of the afs_volume struct Add a tracepoint to track the lifetime of the afs_volume struct. Signed-off-by: David Howells commit 6dfdf5369c9f0a47920b2f743434c90798f26cd5 Author: David Howells Date: Mon Apr 27 15:01:09 2020 +0100 afs: Detect cell aliases 3 - YFS Cells with a canonical cell name op YFS Volume Location servers have an operation by which the cell name may be queried. Use this to find out what a YFS server thinks the canonical cell name should be. Signed-off-by: David Howells commit 6ef350b1842081bef7e4879993f47f052b7007e7 Author: David Howells Date: Sun Apr 26 10:12:27 2020 +0100 afs: Detect cell aliases 2 - Cells with no root volumes Implement the second phase of cell alias detection. This part handles alias detection for cells that don't have root.cell volumes and so we have to find some other volume or fileserver to query. We take the first volume from each such cell and attempt to look it up in the new cell. If found, we compare the records, if they are the same, we judge the cell names to be aliases. Signed-off-by: David Howells commit 8a070a964877c71139cba46202f6f263c2b9419d Author: David Howells Date: Sat Apr 25 10:26:02 2020 +0100 afs: Detect cell aliases 1 - Cells with root volumes Put in the first phase of cell alias detection. This part handles alias detection for cells that have root.cell volumes (which is expected to be likely). When a cell becomes newly active, it is probed for its root.cell volume, and if it has one, this volume is compared against other root.cell volumes to find out if the list of fileserver UUIDs have any in common - and if that's the case, do the address lists of those fileservers have any addresses in common. If they do, the new cell is adjudged to be an alias of the old cell and the old cell is used instead. Comparing is aided by the server list in struct afs_server_list being sorted in UUID order and the addresses in the fileserver address lists being sorted in address order. The cell then retains the afs_volume object for the root.cell volume, even if it's not mounted for future alias checking. This necessary because: (1) Whilst fileservers have UUIDs that are meant to be globally unique, in practice they are not because cells get cloned without changing the UUIDs - so afs_server records need to be per cell. (2) Sometimes the DNS is used to make cell aliases - but if we don't know they're the same, we may end up with multiple superblocks and multiple afs_server records for the same thing, impairing our ability to deliver callback notifications of third party changes (3) The fileserver RPC API doesn't contain the cell name, so it can't tell us which cell it's notifying and can't see that a change made to to one cell should notify the same client that's also accessed as the other cell. Reported-by: Jeffrey Altman Signed-off-by: David Howells commit c3e9f888263bb4df11cbd623ceced02081cb2f9f Author: David Howells Date: Wed Apr 29 17:26:41 2020 +0100 afs: Implement client support for the YFSVL.GetCellName RPC op Implement client support for the YFSVL.GetCellName RPC operation by which YFS permits the canonical cell name to be queried from a VL server. Signed-off-by: David Howells commit 194d28cf197ca982556be58dcf687b43fd85e9cc Author: David Howells Date: Mon Apr 27 13:42:53 2020 +0100 afs: Retain more of the VLDB record for alias detection Save more bits from the volume location database record obtained for a server so that we can use this information in cell alias detection. Signed-off-by: David Howells commit 3120c170ef35c1a9be137535e44c7e237e33b78e Author: David Howells Date: Wed May 27 16:44:02 2020 +0100 afs: Fix handling of CB.ProbeUuid cache manager op The AFS filesystem driver is handling the CB.ProbeUuid request incorrectly. The UUID presented in the request is that of the cache manager, not the fileserver, so afs_deliver_cb_probe_uuid() shouldn't be using that UUID to look up the server. Fix this by looking up the server by address instead. Signed-off-by: David Howells commit 44746355ccb142341f92a0c86fc2e27bfc968b40 Author: David Howells Date: Wed May 27 15:52:02 2020 +0100 afs: Don't get epoch from a server because it may be ambiguous Don't get the epoch from a server, particularly one that we're looking up by UUID, as UUIDs may be ambiguous and may map to more than one server - so we can't draw any conclusions from it. Reported-by: Jeffrey Altman Signed-off-by: David Howells commit e49c7b2f6de7ff81ca34c56e4eeb4fa740c099f2 Author: David Howells Date: Fri Apr 10 20:51:51 2020 +0100 afs: Build an abstraction around an "operation" concept Turn the afs_operation struct into the main way that most fileserver operations are managed. Various things are added to the struct, including the following: (1) All the parameters and results of the relevant operations are moved into it, removing corresponding fields from the afs_call struct. afs_call gets a pointer to the op. (2) The target volume is made the main focus of the operation, rather than the target vnode(s), and a bunch of op->vnode->volume are made op->volume instead. (3) Two vnode records are defined (op->file[]) for the vnode(s) involved in most operations. The vnode record (struct afs_vnode_param) contains: - The vnode pointer. - The fid of the vnode to be included in the parameters or that was returned in the reply (eg. FS.MakeDir). - The status and callback information that may be returned in the reply about the vnode. - Callback break and data version tracking for detecting simultaneous third-parth changes. (4) Pointers to dentries to be updated with new inodes. (5) An operations table pointer. The table includes pointers to functions for issuing AFS and YFS-variant RPCs, handling the success and abort of an operation and handling post-I/O-lock local editing of a directory. To make this work, the following function restructuring is made: (A) The rotation loop that issues calls to fileservers that can be found in each function that wants to issue an RPC (such as afs_mkdir()) is extracted out into common code, in a new file called fs_operation.c. (B) The rotation loops, such as the one in afs_mkdir(), are replaced with a much smaller piece of code that allocates an operation, sets the parameters and then calls out to the common code to do the actual work. (C) The code for handling the success and failure of an operation are moved into operation functions (as (5) above) and these are called from the core code at appropriate times. (D) The pseudo inode getting stuff used by the dynamic root code is moved over into dynroot.c. (E) struct afs_iget_data is absorbed into the operation struct and afs_iget() expects to be given an op pointer and a vnode record. (F) Point (E) doesn't work for the root dir of a volume, but we know the FID in advance (it's always vnode 1, unique 1), so a separate inode getter, afs_root_iget(), is provided to special-case that. (G) The inode status init/update functions now also take an op and a vnode record. (H) The RPC marshalling functions now, for the most part, just take an afs_operation struct as their only argument. All the data they need is held there. The result delivery functions write their answers there as well. (I) The call is attached to the operation and then the operation core does the waiting. And then the new operation code is, for the moment, made to just initialise the operation, get the appropriate vnode I/O locks and do the same rotation loop as before. This lays the foundation for the following changes in the future: (*) Overhauling the rotation (again). (*) Support for asynchronous I/O, where the fileserver rotation must be done asynchronously also. Signed-off-by: David Howells commit 862b2509d157c629dd26d7ac6c6cdbf043d332eb Author: Takashi Iwai Date: Wed Jun 3 17:37:08 2020 +0200 ALSA: usb-audio: Fix inconsistent card PM state after resume When a USB-audio interface gets runtime-suspended via auto-pm feature, the driver suspends all functionality and increment chip->num_suspended_intf. Later on, when the system gets suspended to S3, the driver increments chip->num_suspended_intf again, skips the device changes, and sets the card power state to SNDRV_CTL_POWER_D3hot. In return, when the system gets resumed from S3, the resume callback decrements chip->num_suspended_intf. Since this refcount is still not zero (it's been runtime-suspended), the whole resume is skipped. But there is a small pitfall here. The problem is that the driver doesn't restore the card power state after this resume call, leaving it as SNDRV_CTL_POWER_D3hot. So, even after the system resume finishes, the card instance still appears as if it were system-suspended, and this confuses many ioctl accesses that are blocked unexpectedly. In details, we have two issues behind the scene: one is that the card power state is changed only when the refcount becomes zero, and another is that the prior auto-suspend check is kept in a boolean flag. Although the latter problem is almost negligible since the auto-pm feature is imposed only on the primary interface, but this can be a potential problem on the devices with multiple interfaces. This patch addresses those issues by the following: - Replace chip->autosuspended boolean flag with chip->system_suspend counter - At the first system-suspend, chip->num_suspended_intf is recorded to chip->system_suspend - At system-resume, the card power state is restored when the chip->num_suspended_intf refcount reaches to chip->system_suspend, i.e. the state returns to the auto-suspended Also, the patch fixes yet another hidden problem by the code refactoring along with the fixes above: namely, when some resume procedure failed, the driver left chip->num_suspended_intf that was already decreased, and it might lead to the refcount unbalance. In the new code, the refcount decrement is done after the whole resume procedure, and the problem is avoided as well. Fixes: 0662292aec05 ("ALSA: usb-audio: Handle normal and auto-suspend equally") Reported-and-tested-by: Macpaul Lin Cc: Link: https://lore.kernel.org/r/20200603153709.6293-1-tiwai@suse.de Signed-off-by: Takashi Iwai commit 06b43f968db58fd582b09b745338eae5af9f9f5e Author: Al Viro Date: Sat May 30 00:40:28 2020 +0100 scsi: hpsa: hpsa_ioctl(): Tidy up a bit Link: https://lore.kernel.org/r/20200529234028.46373-4-viro@ZenIV.linux.org.uk Acked-by: Don Brace Tested-by: Don Brace Signed-off-by: Al Viro Signed-off-by: Martin K. Petersen commit 10100ffd5f6584298b72f9fe26f32cf02abfb8b0 Author: Al Viro Date: Sat May 30 00:40:27 2020 +0100 scsi: hpsa: Get rid of compat_alloc_user_space() No need for building a native struct on kernel stack, copying it to userland one, then calling hpsa_ioctl() which copies it back into _another_ instance of the same struct. Link: https://lore.kernel.org/r/20200529234028.46373-3-viro@ZenIV.linux.org.uk Acked-by: Don Brace Tested-by: Don Brace Signed-off-by: Al Viro Signed-off-by: Martin K. Petersen commit cb17c1b69b175e3f7ae2ef53e384889cdbae5c0d Author: Al Viro Date: Sat May 30 00:40:26 2020 +0100 scsi: hpsa: Don't bother with vmalloc for BIG_IOCTL_Command_struct "BIG" in the name refers to the amount of data being transferred, _not_ the size of structure itself; it's 140 or 144 bytes (for 32bit and 64bit hosts resp.). IOCTL_Command_struct is 136 or 144 bytes large... No point whatsoever turning that into dynamic allocation, let alone vmalloc one. Just keep it as local variable... Link: https://lore.kernel.org/r/20200529234028.46373-2-viro@ZenIV.linux.org.uk Acked-by: Don Brace Tested-by: Don Brace Signed-off-by: Al Viro Signed-off-by: Martin K. Petersen commit 138125f74b254fd2e37b3d875faf8e0e8608299b Author: Al Viro Date: Sat May 30 00:40:25 2020 +0100 scsi: hpsa: Lift {BIG_,}IOCTL_Command_struct copy{in,out} into hpsa_ioctl() Link: https://lore.kernel.org/r/20200529234028.46373-1-viro@ZenIV.linux.org.uk Acked-by: Don Brace Tested-by: Don Brace Signed-off-by: Al Viro Signed-off-by: Martin K. Petersen commit 97ed3e509ee6d098730d137759c627a8d674cf55 Author: Steve Lee Date: Thu Jun 4 14:47:31 2020 +0900 ASoC: max98390: Fix potential crash during param fw loading malformed firmware file can cause out-of-bound access and crash during dsm_param bin loading. - add MIN/MAX param size to avoid out-of-bound access. - read start addr and size of param and check bound. - add condition that fw->size > param_size + _PAYLOAD_OFFSET to confirm enough data. Signed-off-by: Steve Lee Link: https://lore.kernel.org/r/20200604054731.21140-1-steves.lee@maximintegrated.com Signed-off-by: Mark Brown commit 678916ec54f38406032462dc466fd36cdfea4e3c Author: Takashi Iwai Date: Tue Jun 2 18:44:53 2020 +0200 ASoC: max98390: Fix incorrect printf qualifier This patch addresses a compile warning: sound/soc/codecs/max98390.c:781:3: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘size_t {aka const unsigned int}’ [-Wformat=] Fixes: a6e3f4f34cdb ("ASoC: max98390: Added Amplifier Driver") Signed-off-by: Takashi Iwai Acked-by: Mark Brown Link: https://lore.kernel.org/r/20200602164453.29925-1-tiwai@suse.de Signed-off-by: Mark Brown commit e396dec46c5600d426b2ca8a01a877928b50d1d9 Author: Shengjiu Wang Date: Thu Jun 4 14:25:30 2020 +0800 ASoC: fsl-asoc-card: Defer probe when fail to find codec device Defer probe when fail to find codec device, because the codec device maybe probed later than machine driver. Signed-off-by: Shengjiu Wang Link: https://lore.kernel.org/r/1591251930-4111-1-git-send-email-shengjiu.wang@nxp.com Signed-off-by: Mark Brown commit d605cbb64252071d6a74b4fbb626e1473d91838d Author: Oder Chiou Date: Thu Jun 4 15:10:16 2020 +0800 ASoC: rl6231: Modify the target DMIC clock rate Some DMIC components will not work correctly in the clock rate 3.072MHz. We recommend the clock rate 1.536MHz in the gerenal case. Signed-off-by: Oder Chiou Link: https://lore.kernel.org/r/20200604071016.3981-1-oder_chiou@realtek.com Signed-off-by: Mark Brown commit 38ac46002d1df5707566a73486452851341028d2 Author: Andre Przywara Date: Wed Jun 3 17:22:37 2020 +0100 arm: dts: vexpress: Move mcc node back into motherboard node Commit d9258898ad49 ("arm64: dts: arm: vexpress: Move fixed devices out of bus node") moved the "mcc" DT node into the root node, because it does not have any children using "reg" properties, so does violate some dtc checks about "simple-bus" nodes. However this broke the vexpress config-bus code, which walks up the device tree to find the first node with an "arm,vexpress,site" property. This gave the wrong result (matching the root node instead of the motherboard node), so broke the clocks and some other devices for VExpress boards. Move the whole node back into its original position. This re-introduces the dtc warning, but is conceptually the right thing to do. The dtc warning seems to be overzealous here, there are discussions on fixing or relaxing this check instead. Link: https://lore.kernel.org/r/20200603162237.16319-1-andre.przywara@arm.com Fixes: d9258898ad49 ("arm64: dts: vexpress: Move fixed devices out of bus node") Reported-and-tested-by: Guenter Roeck Signed-off-by: Andre Przywara Signed-off-by: Sudeep Holla commit 320bdbd816156f9ca07e5fed7bfb449f2908dda7 Author: Christophe JAILLET Date: Sat May 30 15:35:37 2020 +0200 crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated When a list is completely iterated with 'list_for_each_entry(x, ...)', x is not NULL at the end. While at it, remove a useless initialization of the ndev variable. It is overridden by 'list_for_each_entry'. Fixes: f2663872f073 ("crypto: cavium - Register the CNN55XX supported crypto algorithms.") Cc: Signed-off-by: Christophe JAILLET Signed-off-by: Herbert Xu commit 281c377872ff5d15d80df25fc4df02d2676c7cde Author: Tero Kristo Date: Wed May 27 15:24:29 2020 +0300 crypto: omap-sham - add proper load balancing support for multicore The current implementation of the multiple accelerator core support for OMAP SHA does not work properly. It always picks up the first probed accelerator core if this is available, and rest of the book keeping also gets confused if there are two cores available. Add proper load balancing support for SHA, and also fix any bugs related to the multicore support while doing it. Signed-off-by: Tero Kristo Signed-off-by: Herbert Xu commit 9ef4e6e5e31403860081b995f26dc0d4b26356c2 Author: Tero Kristo Date: Wed May 27 15:24:28 2020 +0300 crypto: omap-aes - prevent unregistering algorithms twice Most of the OMAP family SoCs contain two instances for AES core, which causes the remove callbacks to be also done twice when driver is removed. Fix the algorithm unregister callbacks to take into account the number of algorithms still registered to avoid removing these twice. Signed-off-by: Tero Kristo Signed-off-by: Herbert Xu commit 63832a0c6fe180aa34d2a77052aa501be6281c99 Author: Tero Kristo Date: Wed May 27 15:24:27 2020 +0300 crypto: omap-sham - fix very small data size handling With very small data sizes, the whole data can end up in the xmit buffer. This code path does not set the sg_len properly which causes the core dma framework to crash. Fix by adding the proper size in place. Also, the data length must be a multiple of block-size, so extend the DMA data size while here. Signed-off-by: Tero Kristo Signed-off-by: Herbert Xu commit 6395166d7a19019d5e9574eb9ecdaf0028abb887 Author: Tero Kristo Date: Wed May 27 15:24:26 2020 +0300 crypto: omap-sham - huge buffer access fixes The ctx internal buffer can only hold buflen amount of data, don't try to copy over more than that. Also, initialize the context sg pointer if we only have data in the context internal buffer, this can happen when closing a hash with certain data amounts. Signed-off-by: Tero Kristo Signed-off-by: Herbert Xu commit 7e34e0bbc6449458a8de675814ffa22dec003698 Author: Tero Kristo Date: Wed May 27 15:24:25 2020 +0300 crypto: omap-crypto - fix userspace copied buffer access In case buffers are copied from userspace, directly accessing the page will most likely fail because it hasn't been mapped into the kernel memory space. Fix the issue by forcing a kmap / kunmap within the cleanup functionality. Signed-off-by: Tero Kristo Signed-off-by: Herbert Xu commit 8dc43636e39a89ec51188b012a789625fa83bbe0 Author: Tero Kristo Date: Wed May 27 15:24:24 2020 +0300 crypto: omap-sham - force kernel driver usage for sha algos As the hardware acceleration for the omap-sham algos is not available from userspace, force kernel driver usage. Without this flag in place, openssl 1.1 implementation thinks it can accelerate sha algorithms on omap devices directly from userspace. Signed-off-by: Tero Kristo Signed-off-by: Herbert Xu commit b29cb8d645da87d7d1ff28a7317c541ffccfa66c Author: Tero Kristo Date: Wed May 27 15:24:23 2020 +0300 crypto: omap-aes - avoid spamming console with self tests Running the self test suite for omap-aes with extra tests enabled causes huge spam with the tag message wrong indicators. With self tests, this is fine as there are some tests that purposedly pass bad data to the driver. Also, returning -EBADMSG from the driver is enough, so remove the dev_err message completely. Signed-off-by: Tero Kristo Signed-off-by: Herbert Xu commit bfa50e1427e4608ce6941d3d0855445fcaa7dbb7 Author: Vasily Gorbik Date: Thu Jun 4 13:20:45 2020 +0200 vfio-ccw: make vfio_ccw_regops variables declarations static Fixes the following sparse warnings: drivers/s390/cio/vfio_ccw_chp.c:62:30: warning: symbol 'vfio_ccw_schib_region_ops' was not declared. Should it be static? drivers/s390/cio/vfio_ccw_chp.c:117:30: warning: symbol 'vfio_ccw_crw_region_ops' was not declared. Should it be static? Link: https://lkml.kernel.org/r/patch.git-a34be7aede18.your-ad-here.call-01591269421-ext-5655@work.hours Reviewed-by: Cornelia Huck Signed-off-by: Vasily Gorbik commit 0927e157b7e48a190500f785ce6d52d6fca8f14e Merge: e1750a3d9abb b2dd9a44a109 Author: Vasily Gorbik Date: Thu Jun 4 11:58:05 2020 +0200 Merge tag 'vfio-ccw-20200603-v2' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw into features vfio-ccw updates: - accept requests without the prefetch bit set - enable path handling via two new regions * tag 'vfio-ccw-20200603-v2' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw: vfio-ccw: Add trace for CRW event vfio-ccw: Wire up the CRW irq and CRW region vfio-ccw: Introduce a new CRW region vfio-ccw: Refactor IRQ handlers vfio-ccw: Introduce a new schib region vfio-ccw: Refactor the unregister of the async regions vfio-ccw: Register a chp_event callback for vfio-ccw vfio-ccw: Introduce new helper functions to free/destroy regions vfio-ccw: document possible errors vfio-ccw: Enable transparent CCW IPL from DASD Link: https://lkml.kernel.org/r/20200603112716.332801-1-cohuck@redhat.com Signed-off-by: Vasily Gorbik commit 431275afdc7155415254aef4bd3816a1b8a2ead0 Author: Joerg Roedel Date: Thu Jun 4 11:19:44 2020 +0200 iommu: Check for deferred attach in iommu_group_do_dma_attach() The iommu_group_do_dma_attach() must not attach devices which have deferred_attach set. Otherwise devices could cause IOMMU faults when re-initialized in a kdump kernel. Fixes: deac0b3bed26 ("iommu: Split off default domain allocation from group assignment") Reported-by: Jerry Snitselaar Signed-off-by: Joerg Roedel Tested-by: Jerry Snitselaar Reviewed-by: Jerry Snitselaar Link: https://lore.kernel.org/r/20200604091944.26402-1-joro@8bytes.org commit 8d7e33d6811fbd24d3a1476a1b481b704975352a Author: Kunihiko Hayashi Date: Thu May 14 21:03:21 2020 +0900 PCI: uniphier: Add Socionext UniPhier Pro5 PCIe endpoint controller driver Add driver for the Socionext UniPhier Pro5 SoC endpoint controller. This controller is based on the DesignWare PCIe core. And add "host" to existing controller descriontions for the host controller in Kconfig. Link: https://lore.kernel.org/r/1589457801-12796-3-git-send-email-hayashi.kunihiko@socionext.com Signed-off-by: Kunihiko Hayashi Signed-off-by: Lorenzo Pieralisi Reviewed-by: Rob Herring commit 74c6e384e991c5305754e3c79edf768a62b00563 Author: Miklos Szeredi Date: Thu Jun 4 10:48:19 2020 +0200 ovl: make oip->index bool ovl_get_inode() uses oip->index as a bool value, not as a pointer. Signed-off-by: Miklos Szeredi commit b778e1ee1afe2784c2a034bb1e0192423097cb36 Author: Miklos Szeredi Date: Thu Jun 4 10:48:19 2020 +0200 ovl: only pass ->ki_flags to ovl_iocb_to_rwf() Next patch will want to pass a modified set of flags, so... Signed-off-by: Miklos Szeredi commit df820f8de4e481222b17f9bcee7b909ae8167529 Author: Miklos Szeredi Date: Thu Jun 4 10:48:19 2020 +0200 ovl: make private mounts longterm Overlayfs is using clone_private_mount() to create internal mounts for underlying layers. These are used for operations requiring a path, such as dentry_open(). Since these private mounts are not in any namespace they are treated as short term, "detached" mounts and mntput() involves taking the global mount_lock, which can result in serious cacheline pingpong. Make these private mounts longterm instead, which trade the penalty on mntput() for a slightly longer shutdown time due to an added RCU grace period when putting these mounts. Introduce a new helper kern_unmount_many() that can take care of multiple longterm mounts with a single RCU grace period. Cc: Al Viro Signed-off-by: Miklos Szeredi commit b8e42a651bdee06202ebdd96cff64fdeabd5b1d6 Author: Miklos Szeredi Date: Thu Jun 4 10:48:19 2020 +0200 ovl: get rid of redundant members in struct ovl_fs ofs->upper_mnt is copied to ->layers[0].mnt and ->layers[0].trap could be used instead of a separate ->upperdir_trap. Split the lowerdir option early to get the number of layers, then allocate the ->layers array, and finally fill the upper and lower layers, as before. Get rid of path_put_init() in ovl_lower_dir(), since the only caller will take care of that. [Colin Ian King] Fix null pointer dereference on null stack pointer on error return found by Coverity. Signed-off-by: Miklos Szeredi commit 08f4c7c86d4cf125389dce9d94423024549f9b02 Author: Miklos Szeredi Date: Thu Jun 4 10:48:19 2020 +0200 ovl: add accessor for ofs->upper_mnt Next patch will remove ofs->upper_mnt, so add an accessor function for this field. Signed-off-by: Miklos Szeredi commit 520da69d265a91c6536c63851cbb8a53946974f0 Author: Yuxuan Shui Date: Wed May 27 04:08:02 2020 +0100 ovl: initialize error in ovl_copy_xattr In ovl_copy_xattr, if all the xattrs to be copied are overlayfs private xattrs, the copy loop will terminate without assigning anything to the error variable, thus returning an uninitialized value. If ovl_copy_xattr is called from ovl_clear_empty, this uninitialized error value is put into a pointer by ERR_PTR(), causing potential invalid memory accesses down the line. This commit initialize error with 0. This is the correct value because when there's no xattr to copy, because all xattrs are private, ovl_copy_xattr should succeed. This bug is discovered with the help of INIT_STACK_ALL and clang. Signed-off-by: Yuxuan Shui Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1050405 Fixes: 0956254a2d5b ("ovl: don't copy up opaqueness") Cc: stable@vger.kernel.org # v4.8 Signed-off-by: Alexander Potapenko Signed-off-by: Miklos Szeredi commit 94579ac3f6d0820adc83b5dc5358ead0158101e9 Author: Huy Nguyen Date: Mon Jun 1 16:39:37 2020 -0500 xfrm: Fix double ESP trailer insertion in IPsec crypto offload. During IPsec performance testing, we see bad ICMP checksum. The error packet has duplicated ESP trailer due to double validate_xmit_xfrm calls. The first call is from ip_output, but the packet cannot be sent because netif_xmit_frozen_or_stopped is true and the packet gets dev_requeue_skb. The second call is from NET_TX softirq. However after the first call, the packet already has the ESP trailer. Fix by marking the skb with XFRM_XMIT bit after the packet is handled by validate_xmit_xfrm to avoid duplicate ESP trailer insertion. Fixes: f6e27114a60a ("net: Add a xfrm validate function to validate_xmit_skb") Signed-off-by: Huy Nguyen Reviewed-by: Boris Pismenny Reviewed-by: Raed Salem Reviewed-by: Saeed Mahameed Signed-off-by: Steffen Klassert commit e80ddeb2f70ebd0786aa7cdba3e58bc931fa0bb5 Author: Steve French Date: Wed Jun 3 01:33:58 2020 -0500 smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K We were not checking to see if ioctl requests asked for more than 64K (ie when CIFSMaxBufSize was > 64K) so when setting larger CIFSMaxBufSize then ioctls would fail with invalid parameter errors. When requests ask for more than 64K in MaxOutputResponse then we need to ask for more than 1 credit. Signed-off-by: Steve French CC: Stable Reviewed-by: Aurelien Aptel commit 1ee0e6d47d08ef309e0975a96d643972855511d0 Author: Steve French Date: Tue Jun 2 23:17:16 2020 -0500 smb3: default to minimum of two channels when multichannel specified When "multichannel" is specified on mount, make sure to default to at least two channels. Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit dd67cab5db7e940dad66653a04d780d53bd380d5 Author: Ben Skeggs Date: Thu Jun 4 11:00:01 2020 +1000 drm/nouveau/kms/nv50-: clear SW state of disabled windows harder The most innocuous result of not having done this is that we end up sending unnecessary methods when we next enable the window. However, interactions with the code handling skipping disables when an update immediately follows, and window ownership assignment, can lead to upsetting the display hardware on Volta and newer. Signed-off-by: Ben Skeggs commit 21454fe697fde188ad6fb541f94b9838fa73ab38 Author: Thierry Reding Date: Wed Jun 3 16:20:02 2020 +0200 drm/nouveau: gr/gk20a: Use firmware version 0 Tegra firmware doesn't actually use any version numbers and passing -1 causes the existing firmware binaries not to be found. Use version 0 to find the correct files. Fixes: ef16dc278ec2 ("drm/nouveau/gr/gf100-: select implementation based on available FW") Signed-off-by: Thierry Reding Reviewed-by: Emil Velikov Signed-off-by: Ben Skeggs commit 9b5ca547bb8fc26c251d457ac55cc8e3d9baa6bf Author: Ben Skeggs Date: Wed Jun 3 12:51:03 2020 +1000 drm/nouveau/disp/gm200-: detect and potentially disable HDA support on some SORs Some HDA pin widgets may be disabled by BIOS, and unavailable from a SOR. Our SOR allocation policy uses this information to allocate an appropriate SOR when HDA is supported by a display. Thank you to NVIDIA for providing the information to determine this. Signed-off-by: Ben Skeggs commit 9f9f54e887adef3dc9b62f372002c421ef4f1921 Author: Ben Skeggs Date: Thu Jun 4 14:22:32 2020 +1000 drm/nouveau/disp/gp100: split SOR implementation from gm200 GP100 needs different HDA detection. Signed-off-by: Ben Skeggs commit e6867ffa34340636252efe8e6b82be625c43d9b1 Author: Ben Skeggs Date: Wed Jun 3 11:43:23 2020 +1000 drm/nouveau/disp: modify OR allocation policy to account for HDA requirements Since GM200, SORs are no longer tied to a specific connector, and we allocate them instead, with the assumption that all SORs are equally capable. However, there's a 1<->1 mapping between SOR and HDA pin widget, and it turns out that it's possible for some widgets to be disabled... In order to avoid picking a SOR without a valid pin widget, some new rules need to be added. Signed-off-by: Ben Skeggs commit f24b6ae19fa257ea9b10a9389d0b7046b3efd97c Author: Ben Skeggs Date: Wed Jun 3 11:40:47 2020 +1000 drm/nouveau/disp: split part of OR allocation logic into a function No logical changes here, this is just moving the code to make the changes in the next commit more obvious. Signed-off-by: Ben Skeggs commit 6f8dbcf1c9cec3ec5efcf4c17b29a5b1732d1491 Author: Ben Skeggs Date: Wed Jun 3 11:37:56 2020 +1000 drm/nouveau/disp: provide hint to OR allocation about HDA requirements Will be used by a subsequent commit to influence SOR allocation policy. Signed-off-by: Ben Skeggs commit 6929f71e46bdddbf1c4d67c2728648176c67c555 Author: Linus Torvalds Date: Wed Jun 3 21:22:46 2020 -0700 atomisp: avoid warning about unused function The atomisp_mrfld_power() function isn't actually ever called, because the two call-sites have commented out the use because it breaks on some platforms. That results in: drivers/staging/media/atomisp/pci/atomisp_v4l2.c:764:12: warning: ‘atomisp_mrfld_power’ defined but not used [-Wunused-function] 764 | static int atomisp_mrfld_power(struct atomisp_device *isp, bool enable) | ^~~~~~~~~~~~~~~~~~~ during the build. Rather than commenting out the use entirely, just disable it semantically instead (using a "0 &&" construct), leaving the call in place from a syntax standpoint, and avoiding the warning. I really don't want my builds to have any warnings that can then hide real issues. Signed-off-by: Linus Torvalds commit a98f670e41a99f53acb1fb33cee9c6abbb2e6f23 Merge: ee01c4d72adf 938b29db3aa9 Author: Linus Torvalds Date: Wed Jun 3 20:59:38 2020 -0700 Merge tag 'media/v5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media updates from Mauro Carvalho Chehab: - Media documentation is now split into admin-guide, driver-api and userspace-api books (a longstanding request from Jon); - The media Kconfig was reorganized, in order to make easier to select drivers and their dependencies; - The testing drivers now has a separate directory; - added a new driver for Rockchip Video Decoder IP; - The atomisp staging driver was resurrected. It is meant to work with 4 generations of cameras on Atom-based laptops, tablets and cell phones. So, it seems worth investing time to cleanup this driver and making it in good shape. - Added some V4L2 core ancillary routines to help with h264 codecs; - Added an ov2740 image sensor driver; - The si2157 gained support for Analog TV, which, in turn, added support for some cx231xx and cx23885 boards to also support analog standards; - Added some V4L2 controls (V4L2_CID_CAMERA_ORIENTATION and V4L2_CID_CAMERA_SENSOR_ROTATION) to help identifying where the camera is located at the device; - VIDIOC_ENUM_FMT was extended to support MC-centric devices; - Lots of drivers improvements and cleanups. * tag 'media/v5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (503 commits) media: Documentation: media: Refer to mbus format documentation from CSI-2 docs media: s5k5baf: Replace zero-length array with flexible-array media: i2c: imx219: Drop and media: i2c: Add ov2740 image sensor driver media: ov8856: Implement sensor module revision identification media: ov8856: Add devicetree support media: dt-bindings: ov8856: Document YAML bindings media: dvb-usb: Add Cinergy S2 PCIe Dual Port support media: dvbdev: Fix tuner->demod media controller link media: dt-bindings: phy: phy-rockchip-dphy-rx0: move rockchip dphy rx0 bindings out of staging media: staging: dt-bindings: phy-rockchip-dphy-rx0: remove non-used reg property media: atomisp: unify the version for isp2401 a0 and b0 versions media: atomisp: update TODO with the current data media: atomisp: adjust some code at sh_css that could be broken media: atomisp: don't produce errs for ignored IRQs media: atomisp: print IRQ when debugging media: atomisp: isp_mmu: don't use kmem_cache media: atomisp: add a notice about possible leak resources media: atomisp: disable the dynamic and reserved pools media: atomisp: turn on camera before setting it ... commit ee01c4d72adffb7d424535adf630f2955748fa8b Merge: c444eb564fb1 09587a09ada2 Author: Linus Torvalds Date: Wed Jun 3 20:24:15 2020 -0700 Merge branch 'akpm' (patches from Andrew) Merge more updates from Andrew Morton: "More mm/ work, plenty more to come Subsystems affected by this patch series: slub, memcg, gup, kasan, pagealloc, hugetlb, vmscan, tools, mempolicy, memblock, hugetlbfs, thp, mmap, kconfig" * akpm: (131 commits) arm64: mm: use ARCH_HAS_DEBUG_WX instead of arch defined x86: mm: use ARCH_HAS_DEBUG_WX instead of arch defined riscv: support DEBUG_WX mm: add DEBUG_WX support drivers/base/memory.c: cache memory blocks in xarray to accelerate lookup mm/thp: rename pmd_mknotpresent() as pmd_mkinvalid() powerpc/mm: drop platform defined pmd_mknotpresent() mm: thp: don't need to drain lru cache when splitting and mlocking THP hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs sparc32: register memory occupied by kernel as memblock.memory include/linux/memblock.h: fix minor typo and unclear comment mm, mempolicy: fix up gup usage in lookup_node tools/vm/page_owner_sort.c: filter out unneeded line mm: swap: memcg: fix memcg stats for huge pages mm: swap: fix vmstats for huge pages mm: vmscan: limit the range of LRU type balancing mm: vmscan: reclaim writepage is IO cost mm: vmscan: determine anon/file pressure balance at the reclaim root mm: balance LRU lists based on relative thrashing mm: only count actual rotations as LRU reclaim cost ... commit 6b8ed62008a49751fc71fefd2a4f89202a7c2d4d Author: Jan Kara Date: Mon May 25 10:12:15 2020 +0200 ext4: avoid unnecessary transaction starts during writeback ext4_writepages() currently works in a loop like: start a transaction scan inode for pages to write map and submit these pages stop the transaction This loop results in starting transaction once more than is needed because in the last iteration we start a transaction only to scan the inode and find there are no pages to write. This can be significant increase in number of transaction starts for single-extent files or files that have all blocks already mapped. Furthermore we already know from previous iteration whether there are more pages to write or not. So propagate the information from mpage_prepare_extent_to_map() and avoid unnecessary looping in case there are no more pages to write. Signed-off-by: Jan Kara Link: https://lore.kernel.org/r/20200525081215.29451-1-jack@suse.cz Signed-off-by: Theodore Ts'o commit 6e014c621e7271649f0d51e54dbe1db4c10486c8 Author: Jens Axboe Date: Sun May 24 16:53:16 2020 -0600 ext4: don't block for O_DIRECT if IOCB_NOWAIT is set Running with some debug patches to detect illegal blocking triggered the extend/unaligned condition in ext4. If ext4 needs to extend the file (and hence go to buffered IO), or if the app is doing unaligned IO, then ext4 asks the iomap code to wait for IO completion. If the caller asked for no-wait semantics by setting IOCB_NOWAIT, then ext4 should return -EAGAIN instead. Signed-off-by: Jens Axboe Link: https://lore.kernel.org/r/76152096-2bbb-7682-8fce-4cb498bcd909@kernel.dk Signed-off-by: Theodore Ts'o commit ba988903937c1b1ce5d54567b50f2ad9604b3bfe Author: Christoph Hellwig Date: Sat May 23 09:30:16 2020 +0200 ext4: remove the access_ok() check in ext4_ioctl_get_es_cache access_ok just checks we are fed a proper user pointer. We also do that in copy_to_user itself, so no need to do this early. Signed-off-by: Christoph Hellwig Reviewed-by: Ritesh Harjani Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20200523073016.2944131-10-hch@lst.de Signed-off-by: Theodore Ts'o commit c7d216e8c44cfc0b680d8c0de4f9bdafd92f7ef6 Author: Christoph Hellwig Date: Sat May 23 09:30:15 2020 +0200 fs: remove the access_ok() check in ioctl_fiemap access_ok just checks we are fed a proper user pointer. We also do that in copy_to_user itself, so no need to do this early. Signed-off-by: Christoph Hellwig Reviewed-by: Ritesh Harjani Reviewed-by: Darrick J. Wong Link: https://lore.kernel.org/r/20200523073016.2944131-9-hch@lst.de Signed-off-by: Theodore Ts'o commit 45dd052e67ad17c7a24874a783f41aeab15bc294 Author: Christoph Hellwig Date: Sat May 23 09:30:14 2020 +0200 fs: handle FIEMAP_FLAG_SYNC in fiemap_prep By moving FIEMAP_FLAG_SYNC handling to fiemap_prep we ensure it is handled once instead of duplicated, but can still be done under fs locks, like xfs/iomap intended with its duplicate handling. Also make sure the error value of filemap_write_and_wait is propagated to user space. Signed-off-by: Christoph Hellwig Reviewed-by: Amir Goldstein Reviewed-by: Darrick J. Wong Link: https://lore.kernel.org/r/20200523073016.2944131-8-hch@lst.de Signed-off-by: Theodore Ts'o commit cddf8a2c4a8286ae60fc866eab59c8bc524e93a0 Author: Christoph Hellwig Date: Sat May 23 09:30:13 2020 +0200 fs: move fiemap range validation into the file systems instances Replace fiemap_check_flags with a fiemap_prep helper that also takes the inode and mapped range, and performs the sanity check and truncation previously done in fiemap_check_range. This way the validation is inside the file system itself and thus properly works for the stacked overlayfs case as well. Signed-off-by: Christoph Hellwig Reviewed-by: Amir Goldstein Reviewed-by: Darrick J. Wong Link: https://lore.kernel.org/r/20200523073016.2944131-7-hch@lst.de Signed-off-by: Theodore Ts'o commit 2732881894714f545ffac42dad7ba7730069874d Author: Christoph Hellwig Date: Sat May 23 09:30:12 2020 +0200 iomap: fix the iomap_fiemap prototype iomap_fiemap should take u64 start and len arguments, just like the ->fiemap prototype. Signed-off-by: Christoph Hellwig Reviewed-by: Ritesh Harjani Reviewed-by: Darrick J. Wong Link: https://lore.kernel.org/r/20200523073016.2944131-6-hch@lst.de Signed-off-by: Theodore Ts'o commit 10c5db286452b8c60e8f58e9a4c1cbc5a91e4e5b Author: Christoph Hellwig Date: Sat May 23 09:30:11 2020 +0200 fs: move the fiemap definitions out of fs.h No need to pull the fiemap definitions into almost every file in the kernel build. Signed-off-by: Christoph Hellwig Reviewed-by: Ritesh Harjani Reviewed-by: Darrick J. Wong Link: https://lore.kernel.org/r/20200523073016.2944131-5-hch@lst.de Signed-off-by: Theodore Ts'o commit 44ebcd06bbb3ab3ee446b933800aca32fc4ca9b1 Author: Christoph Hellwig Date: Sat May 23 09:30:10 2020 +0200 fs: mark __generic_block_fiemap static There is no caller left outside of ioctl.c. Signed-off-by: Christoph Hellwig Reviewed-by: Ritesh Harjani Reviewed-by: Jan Kara Reviewed-by: Darrick J. Wong Link: https://lore.kernel.org/r/20200523073016.2944131-4-hch@lst.de Signed-off-by: Theodore Ts'o commit da565e792be540a5726af7f8cd50b282af0358b7 Author: Christoph Hellwig Date: Sat May 23 09:30:09 2020 +0200 ext4: remove the call to fiemap_check_flags in ext4_fiemap iomap_fiemap already calls fiemap_check_flags first thing, so this additional check is redundant. Signed-off-by: Christoph Hellwig Reviewed-by: Ritesh Harjani Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20200523073016.2944131-3-hch@lst.de Signed-off-by: Theodore Ts'o commit 03a5ed24c9b8f0180a59ba7b7b9b9517fcf4335b Author: Christoph Hellwig Date: Sat May 23 09:30:08 2020 +0200 ext4: split _ext4_fiemap The fiemap and EXT4_IOC_GET_ES_CACHE cases share almost no code, so split them into entirely separate functions. Signed-off-by: Christoph Hellwig Reviewed-by: Ritesh Harjani Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20200523073016.2944131-2-hch@lst.de Signed-off-by: Theodore Ts'o commit 328e24ae14aeb8ef624ec181e0d546b05c34f031 Author: Christoph Hellwig Date: Tue May 5 17:43:15 2020 +0200 ext4: fix fiemap size checks for bitmap files Add an extra validation of the len parameter, as for ext4 some files might have smaller file size limits than others. This also means the redundant size check in ext4_ioctl_get_es_cache can go away, as all size checking is done in the shared fiemap handler. Signed-off-by: Christoph Hellwig Reviewed-by: Ritesh Harjani Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20200505154324.3226743-3-hch@lst.de Signed-off-by: Theodore Ts'o commit 175efa81feb8405676e0136d97b10380179c92e0 Author: Ritesh Harjani Date: Tue May 5 17:43:14 2020 +0200 ext4: fix EXT4_MAX_LOGICAL_BLOCK macro ext4 supports max number of logical blocks in a file to be 0xffffffff. (This is since ext4_extent's ee_block is __le32). This means that EXT4_MAX_LOGICAL_BLOCK should be 0xfffffffe (starting from 0 logical offset). This patch fixes this. The issue was seen when ext4 moved to iomap_fiemap API and when overlayfs was mounted on top of ext4. Since overlayfs was missing filemap_check_ranges(), so it could pass a arbitrary huge length which lead to overflow of map.m_len logic. This patch fixes that. Fixes: d3b6f23f7167 ("ext4: move ext4_fiemap to use iomap framework") Reported-by: syzbot+77fa5bdb65cc39711820@syzkaller.appspotmail.com Signed-off-by: Ritesh Harjani Reviewed-by: Jan Kara Signed-off-by: Christoph Hellwig Link: https://lore.kernel.org/r/20200505154324.3226743-2-hch@lst.de Signed-off-by: Theodore Ts'o commit 9f364e1d9537d44fdf58deeeddb51277d8327ce5 Author: Jonathan Grant Date: Fri May 22 16:07:58 2020 +0100 add comment for ext4_dir_entry_2 file_type member Signed-off-by: Jonathan Grant Reviewed-by: Andreas Dilger Link: https://lore.kernel.org/r/ad3290d5-86af-99c1-f9d5-cd1bab710429@jguk.org Signed-off-by: Theodore Ts'o commit 14ff6286309e2853aed50083c9a83328423fdd8c Author: Jan Kara Date: Wed May 20 15:31:19 2020 +0200 jbd2: avoid leaking transaction credits when unreserving handle When reserved transaction handle is unused, we subtract its reserved credits in __jbd2_journal_unreserve_handle() called from jbd2_journal_stop(). However this function forgets to remove reserved credits from transaction->t_outstanding_credits and thus the transaction space that was reserved remains effectively leaked. The leaked transaction space can be quite significant in some cases and leads to unnecessarily small transactions and thus reducing throughput of the journalling machinery. E.g. fsmark workload creating lots of 4k files was observed to have about 20% lower throughput due to this when ext4 is mounted with dioread_nolock mount option. Subtract reserved credits from t_outstanding_credits as well. CC: stable@vger.kernel.org Fixes: 8f7d89f36829 ("jbd2: transaction reservation support") Reviewed-by: Andreas Dilger Signed-off-by: Jan Kara Link: https://lore.kernel.org/r/20200520133119.1383-3-jack@suse.cz Signed-off-by: Theodore Ts'o commit dfcd4489e270282d984cd06c00f3a45d52a3f0a7 Author: Jan Kara Date: Wed May 20 15:31:18 2020 +0200 ext4: drop ext4_journal_free_reserved() Remove ext4_journal_free_reserved() function. It is never used. Signed-off-by: Jan Kara Reviewed-by: Andreas Dilger Link: https://lore.kernel.org/r/20200520133119.1383-2-jack@suse.cz Signed-off-by: Theodore Ts'o commit 993778306e7901a7286322f25c7c681dd47bede6 Author: Ritesh Harjani Date: Wed May 20 12:10:36 2020 +0530 ext4: mballoc: use lock for checking free blocks while retrying Currently while doing block allocation grp->bb_free may be getting modified if discard is happening in parallel. For e.g. consider a case where there are lot of threads who have preallocated lot of blocks and there is a thread which is trying to discard all of this group's PA. Now it could happen that we see all of those group's bb_free is zero and fail the allocation while there is sufficient space if we free up all the PA. So this patch adds another flag "EXT4_MB_STRICT_CHECK" which will be set if we are unable to allocate any blocks in the first try (since we may not have considered blocks about to be discarded from PA lists). So during retry attempt to allocate blocks we will use ext4_lock_group() for checking if the group is good or not. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/9cb740a117c958c36596f167b12af1beae9a68b7.1589955723.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 8ef123fe02ca0923b01b57bdf639800a23a2faa8 Author: Ritesh Harjani Date: Wed May 20 12:10:35 2020 +0530 ext4: mballoc: refactor ext4_mb_good_group() ext4_mb_good_group() definition was changed some time back and now it even initializes the buddy cache (via ext4_mb_init_group()), if in case the EXT4_MB_GRP_NEED_INIT() is true for a group. Note that ext4_mb_init_group() could sleep and so should not be called under a spinlock held. This is fine as of now because ext4_mb_good_group() is called before loading the buddy bitmap without ext4_lock_group() held and again called after loading the bitmap, only this time with ext4_lock_group() held. But still this whole thing is confusing. So this patch refactors out ext4_mb_good_group_nolock() which should be called when without holding ext4_lock_group(). Also in further patches we hold the spinlock (ext4_lock_group()) while doing any calculations which involves grp->bb_free or grp->bb_fragments. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/d9f7d031a5fbe1c943fae6bf1ff5cdf0604ae722.1589955723.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 07b5b8e1ac4004b7db1065a301df65cd434c31c9 Author: Ritesh Harjani Date: Wed May 20 12:10:34 2020 +0530 ext4: mballoc: introduce pcpu seqcnt for freeing PA to improve ENOSPC handling There could be a race in function ext4_mb_discard_group_preallocations() where the 1st thread may iterate through group's bb_prealloc_list and remove all the PAs and add to function's local list head. Now if the 2nd thread comes in to discard the group preallocations, it will see that the group->bb_prealloc_list is empty and will return 0. Consider for a case where we have less number of groups (for e.g. just group 0), this may even return an -ENOSPC error from ext4_mb_new_blocks() (where we call for ext4_mb_discard_group_preallocations()). But that is wrong, since 2nd thread should have waited for 1st thread to release all the PAs and should have retried for allocation. Since 1st thread was anyway going to discard the PAs. The algorithm using this percpu seq counter goes below: 1. We sample the percpu discard_pa_seq counter before trying for block allocation in ext4_mb_new_blocks(). 2. We increment this percpu discard_pa_seq counter when we either allocate or free these blocks i.e. while marking those blocks as used/free in mb_mark_used()/mb_free_blocks(). 3. We also increment this percpu seq counter when we successfully identify that the bb_prealloc_list is not empty and hence proceed for discarding of those PAs inside ext4_mb_discard_group_preallocations(). Now to make sure that the regular fast path of block allocation is not affected, as a small optimization we only sample the percpu seq counter on that cpu. Only when the block allocation fails and when freed blocks found were 0, that is when we sample percpu seq counter for all cpus using below function ext4_get_discard_pa_seq_sum(). This happens after making sure that all the PAs on grp->bb_prealloc_list got freed or if it's empty. It can be well argued that why don't just check for grp->bb_free to see if there are any free blocks to be allocated. So here are the two concerns which were discussed:- 1. If for some reason the blocks available in the group are not appropriate for allocation logic (say for e.g. EXT4_MB_HINT_GOAL_ONLY, although this is not yet implemented), then the retry logic may result into infinte looping since grp->bb_free is non-zero. 2. Also before preallocation was clubbed with block allocation with the same ext4_lock_group() held, there were lot of races where grp->bb_free could not be reliably relied upon. Due to above, this patch considers discard_pa_seq logic to determine if we should retry for block allocation. Say if there are are n threads trying for block allocation and none of those could allocate or discard any of the blocks, then all of those n threads will fail the block allocation and return -ENOSPC error. (Since the seq counter for all of those will match as no block allocation/discard was done during that duration). Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/7f254686903b87c419d798742fd9a1be34f0657b.1589955723.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit cf5e2ca6c99077d128e971149f0c262e808ca831 Author: Ritesh Harjani Date: Wed May 20 12:10:33 2020 +0530 ext4: mballoc: refactor ext4_mb_discard_preallocations() Implement ext4_mb_discard_preallocations_should_retry() which we will need in later patches to add more logic like check for sequence number match to see if we should retry for block allocation or not. There should be no functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/1cfae0098d2aa9afbeb59331401258182868c8f2.1589955723.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 53f86b170dfa8d50b8b3fb1c5cf17c33b2327db2 Author: Ritesh Harjani Date: Wed May 20 12:10:32 2020 +0530 ext4: mballoc: add blocks to PA list under same spinlock after allocating blocks ext4_mb_discard_preallocations() only checks for grp->bb_prealloc_list of every group to discard the group's PA to free up the space if allocation request fails. Consider below race:- Process A Process B 1. allocate blocks 1. Fails block allocation from ext4_mb_regular_allocator() ext4_lock_group() allocated blocks more than ac_o_ex.fe_len ext4_unlock_group() 2. Scans the grp->bb_prealloc_list (under ext4_lock_group()) and find nothing and thus return -ENOSPC. 2. Add the additional blocks to PA list ext4_lock_group() add blocks to grp->bb_prealloc_list ext4_unlock_group() Above race could be avoided if we add those additional blocks to grp->bb_prealloc_list at the same time with block allocation when ext4_lock_group() was still held. With this discard-PA will know if there are actually any blocks which could be freed from the PA Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/a2217dd782585b42328981832e6d396abaaccb80.1589955723.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit de8ff14cab998f51a3a289d2b58d6d440782f77e Author: Eric Biggers Date: Sun May 10 14:52:52 2020 -0700 ext4: add casefold flag to EXT4_INODE_* flags No one currently needs EXT4_INODE_CASEFOLD, but add it to keep the EXT4_INODE_* definitions in sync with the EXT4_*_FL definitions. Also make it clearer that the casefold flag is only for directories. Signed-off-by: Eric Biggers Link: https://lore.kernel.org/r/20200510215252.87833-1-ebiggers@kernel.org Signed-off-by: Theodore Ts'o commit 8ad8d710035edf8d14f8ecc5fa15f8e1a27ecb59 Author: Eric Whitney Date: Sun May 10 11:58:05 2020 -0400 ext4: rework map struct instantiation in ext4_ext_map_blocks() The path performing block allocations in ext4_ext_map_blocks() contains code trimming the length of a new extent that is repeated later in the function. This code is both redundant and unnecessary as the exact length of the new extent has already been calculated. Rewrite the instantiation of the map struct in this case to use the available values, avoiding the overhead of unnecessary conversions and improving clarity. Add another map struct instantiation tailored specifically to the separate case for an existing written extent. Remove an old comment that no longer appears applicable to the current code. Signed-off-by: Eric Whitney Link: https://lore.kernel.org/r/20200510155805.18808-1-enwlinux@gmail.com Signed-off-by: Theodore Ts'o Reviewed-by: Ritesh Harjani commit 70aa1554b01474ab08d08e5a18b0215a7ff1e8dc Author: Ritesh Harjani Date: Sun May 10 11:54:55 2020 +0530 ext4: make ext_debug() implementation to use pr_debug() ext_debug() msgs could be helpful, provided those could be enabled without recompiling kernel and also if we could selectively enable only required prints for case by case debugging. So make ext_debug() implementation use pr_debug(). Also change ext_debug() to be defined with CONFIG_EXT4_DEBUG. So EXT_DEBUG macro now mostly remain for below 3 functions. ext4_ext_show_path/leaf/move() (whose print msgs use ext_debug() which again could be dynamically enabled using pr_debug()) This also changes the ext_debug() to take inode as a parameter to add inode no. in all of it's msgs. Prints additional info like process name / pid, superblock id etc. This also removes any explicit function names passed in ext_debug(). Since ext_debug() on it's own prints file, func and line no. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/d31dc189b0aeda9384fe7665e36da7cd8c61571f.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit d3df14535f4a5b5af58ef12b4263202df3155356 Author: Ritesh Harjani Date: Sun May 10 11:54:54 2020 +0530 ext4: mballoc: make mb_debug() implementation to use pr_debug() mb_debug() msg had only 1 control level for all type of msgs. And if we enable mballoc_debug then all of those msgs would be enabled. Instead of adding multiple debug levels for mb_debug() msgs, use pr_debug() with which we could have finer control to print msgs at all of different levels (i.e. at file, func, line no.). Also add process name/pid, superblk id, and other info in mb_debug() msg. This also kills the mballoc_debug module parameter, since it is not needed any more. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/f0c660cbde9e2edbe95c67942ca9ad80dd2231eb.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 8ec2d31b27f683e3deeaf5d562b534a695052de3 Author: Ritesh Harjani Date: Sun May 10 11:54:53 2020 +0530 ext4: replace EXT_DEBUG with __maybe_unused in ext4_ext_handle_unwritten_extents() Replace EXT_DEBUG with __maybe_unused from inside ext4_ext_handle_unwritten_extents() function. There should be no functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/ae335b94506cd9db9d2648c1f4dd25a80f9f3ce2.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit ec8c60be96d6de74be601fbca56342efb9a1e039 Author: Ritesh Harjani Date: Sun May 10 11:54:52 2020 +0530 ext4: improve ext_debug() msg in case of block allocation failure ext4_map_blocks() has ext_debug msg early at the start of function. We also get ext_debug msg if we could allocate a block from ext4_ext_map_blocks(). But there is no ext_debug() msg in case of block allocation failure. So add one along with error code. Also add more info in ext_debug() msg like how many blocks were allocated v/s how many were requested in ext4_ext_map_blocks(). Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/1610ec2aa932396be00f9d552fe29da473ead176.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 6db074618969dc6fac4978e8043945fd440b310a Author: Ritesh Harjani Date: Sun May 10 11:54:51 2020 +0530 ext4: use BIT() macro for BH_** state bits Simply use BIT() macro for all BH_** state bits instead of open coding it. There should be no functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/57667689f51a3f9dba2fcef7d3425187fa3ba69f.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 9bee5779ee26d6debc84e0f1e4e54daa93f13ebc Author: Ritesh Harjani Date: Sun May 10 11:54:50 2020 +0530 ext4: balloc: use task_pid_nr() helper Use task_pid_nr() function instead of current->pid. There should be no functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/4b58403e15e9c8deb34a1b93deb3fc9cd153ab84.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit eb2b8ebb867fa895d5c4768310998bc940f6506c Author: Ritesh Harjani Date: Sun May 10 11:54:49 2020 +0530 ext4: mballoc: fix possible NULL ptr & remove BUG_ONs from DOUBLE_CHECK Make sure to check for e4b->bd_info->bb_bitmap == NULL, in mb_cmp_bitmaps() and return if NULL, to avoid possible NULL ptr dereference. Similar to how we do this in other ifdef DOUBLE_CHECK functions. Also remove the BUG_ON() logic if kmalloc() or ext4_read_block_bitmap() fails. We should simply mark grp->bb_bitmap as NULL if above happens. In fact ext4_read_block_bitmap() may even return an error in case of resize ioctl. Hence remove this BUG_ON logic (fstests ext4/032 may trigger this). Link: https://lore.kernel.org/r/9a54f8a696ff17c057cd571be3d15ac3ec1407f1.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit a345021553f7e6343b05b1ad1c25ed931140b47c Author: Ritesh Harjani Date: Sun May 10 11:54:48 2020 +0530 ext4: mballoc: refactor code inside DOUBLE_CHECK into separate function This patch implemets mb_group_bb_bitmap_alloc() and mb_group_bb_bitmap_free() function to remove #ifdef DOUBLE_CHECK macro and it's related code from inside ext4_mb_add_groupinfo()/ext4_mb_release(). There should be no functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/8c2095d74b779f0254a19b24982490dc6f07c4f9.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 4fca8f07790a62c2b3da028ae423cf4d71c1bacd Author: Ritesh Harjani Date: Sun May 10 11:54:47 2020 +0530 ext4: mballoc: make ext4_mb_use_preallocated() return type as bool Change return type of function ext4_mb_use_preallocated() to bool to better reflect what this function can return. There should be no functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/7880cb6ef911465beafefcd7e9c3ea214688744b.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit f283529abac45d8c2b4d4b69d356cca9e6a2de43 Author: Ritesh Harjani Date: Sun May 10 11:54:46 2020 +0530 ext4: mballoc: simplify error handling in ext4_init_mballoc() This patch simplifies error handling logic in ext4_init_mballoc(), by adding all the cleanups at one place at the end of that function. There should be no functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/8621a7bc68f7107a9ac4292afeb784515333bd25.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 004379d0b02ab8e8efbee1f2f878d5f578bed72c Author: Ritesh Harjani Date: Sun May 10 11:54:45 2020 +0530 ext4: mballoc: fix few other format specifier in mb_debug() Fix few other format specifiers in mb_debug() msgs. As such no other functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/574fa7f833abf2dbf3b53a2fea3195e71f6cdbd8.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 36bad4233cc50e29022c1095666935cee1c978ad Author: Ritesh Harjani Date: Sun May 10 11:54:44 2020 +0530 ext4: mballoc: correct the mb_debug() format specifier for pa_len var pa->pa_len is an integer. Fix all of the format specifier used in mb_debug() for pa_len to %d instead of %u. As such no functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/af4987f643c586f62bcc9961e43f0a67151d5551.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit bbc4ec77e9f9c7ac71aee15c6adbd1674fe66c60 Author: Ritesh Harjani Date: Sun May 10 11:54:43 2020 +0530 ext4: mballoc: add more mb_debug() msgs This patch adds some more debugging mb_debug() msgs to help improve mballoc code debugging. Other than adding more mb_debug() msgs at few more places, there should be no other functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/5fc8e7788b924e211fcfa4a4c1d2f8503511661a.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit e68cf40c0d098a63bc571bc5981dee6c2013c494 Author: Ritesh Harjani Date: Sun May 10 11:54:42 2020 +0530 ext4: mballoc: refactor ext4_mb_show_ac() This factors out ext4_mb_show_pa() function to show all the group's preallocation info. This could be useful info to be added in later patches. There should be no functionality change in this patch. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/8f07d890b0038dcc935e9c10e6043ec9f3792721.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 212da3ec6fafe458cd54c3a365cbcb4f9bd794e1 Author: Ritesh Harjani Date: Sun May 10 11:54:41 2020 +0530 ext4: mballoc: print bb_free info even when it is 0 Improve the debugging msg by also printing even if bb_free is 0. Signed-off-by: Ritesh Harjani Link: https://lore.kernel.org/r/c894f1d1d30f86ae38f4e3a861949665b6dc61cd.1589086800.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o commit 73c384c0cdaa8ea9ca9ef2d0cff6a25930f1648e Author: Theodore Ts'o Date: Thu May 7 10:50:28 2020 -0700 ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path We can't fail in the truncate path without requiring an fsck. Add work around for this by using a combination of retry loops and the __GFP_NOFAIL flag. From: Theodore Ts'o Signed-off-by: Theodore Ts'o Signed-off-by: Anna Pendleton Reviewed-by: Harshad Shirwadkar Link: https://lore.kernel.org/r/20200507175028.15061-1-pendleton@google.com Signed-off-by: Theodore Ts'o commit 08adf452e628b0e2ce9a01048cfbec52353703d7 Author: Eric Biggers Date: Wed May 6 11:31:40 2020 -0700 ext4: fix race between ext4_sync_parent() and rename() 'igrab(d_inode(dentry->d_parent))' without holding dentry->d_lock is broken because without d_lock, d_parent can be concurrently changed due to a rename(). Then if the old directory is immediately deleted, old d_parent->inode can be NULL. That causes a NULL dereference in igrab(). To fix this, use dget_parent() to safely grab a reference to the parent dentry, which pins the inode. This also eliminates the need to use d_find_any_alias() other than for the initial inode, as we no longer throw away the dentry at each step. This is an extremely hard race to hit, but it is possible. Adding a udelay() in between the reads of ->d_parent and its ->d_inode makes it reproducible on a no-journal filesystem using the following program: #include #include int main() { if (fork()) { for (;;) { mkdir("dir1", 0700); int fd = open("dir1/file", O_RDWR|O_CREAT|O_SYNC); write(fd, "X", 1); close(fd); } } else { mkdir("dir2", 0700); for (;;) { rename("dir1/file", "dir2/file"); rmdir("dir1"); } } } Fixes: d59729f4e794 ("ext4: fix races in ext4_sync_parent()") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers Link: https://lore.kernel.org/r/20200506183140.541194-1-ebiggers@kernel.org Signed-off-by: Theodore Ts'o commit 80dd4978ddd78b2fe5aec2d52b69cbc2d06b08d8 Author: Christophe JAILLET Date: Sun May 3 22:06:47 2020 +0200 ext4: fix a typo in a comment s/extnets/extents/ Signed-off-by: Christophe JAILLET Link: https://lore.kernel.org/r/20200503200647.154701-1-christophe.jaillet@wanadoo.fr Signed-off-by: Theodore Ts'o commit be809e1274ebc043640eeeb287accb7b4a4bcbff Author: Eric Whitney Date: Thu Apr 30 14:53:20 2020 -0400 ext4: clean up ext4_ext_convert_to_initialized() error handling If ext4_ext_convert_to_initialized() fails when called within ext4_ext_handle_unwritten_extents(), immediately error out through the exit point at function end. Fix the error handling in the event ext4_ext_convert_to_initialized() returns 0, which it shouldn't do when converting an existing extent. The current code returns the passed in value of allocated (which is likely non-zero) while failing to set m_flags, m_pblk, and m_len. Signed-off-by: Eric Whitney Link: https://lore.kernel.org/r/20200430185320.23001-5-enwlinux@gmail.com Signed-off-by: Theodore Ts'o commit 779e26517b3600830fe58933d5f97627711c9435 Author: Eric Whitney Date: Thu Apr 30 14:53:19 2020 -0400 ext4: clean up GET_BLOCKS_PRE_IO error handling If the call to ext4_split_convert_extents() fails in the EXT4_GET_BLOCKS_PRE_IO case within ext4_ext_handle_unwritten_extents(), error out through the exit point at function end rather than jumping through an intermediate point. Fix the error handling in the event ext4_split_convert_extents() returns 0, which it shouldn't do when splitting an existing extent. The current code returns the passed in value of allocated (which is likely non-zero) while failing to set m_flags, m_pblk, and m_len. Signed-off-by: Eric Whitney Link: https://lore.kernel.org/r/20200430185320.23001-4-enwlinux@gmail.com Signed-off-by: Theodore Ts'o commit bee6cf00c7f17df27c842c169db31d53bdd775ba Author: Eric Whitney Date: Thu Apr 30 14:53:18 2020 -0400 ext4: remove redundant GET_BLOCKS_CONVERT code Remove the redundant code assigning values to ext4_map_blocks components in ext4_ext_handle_unwritten_extents() for the EXT4_GET_BLOCKS_CONVERT case, using the code at the function exit instead. Clean up and reorder that code to eliminate more redundancy and improve readability. Signed-off-by: Eric Whitney Link: https://lore.kernel.org/r/20200430185320.23001-3-enwlinux@gmail.com Signed-off-by: Theodore Ts'o commit ee802f86899341d835c629a4ad9607135f1b71a2 Author: Eric Whitney Date: Thu Apr 30 14:53:17 2020 -0400 ext4: remove dead GET_BLOCKS_ZERO code There's no call to ext4_map_blocks() in the current ext4 code with a flags argument that combines EXT4_GET_BLOCKS_CONVERT and EXT4_GET_BLOCKS_ZERO. Remove the code that corresponds to this case from ext4_ext_handle_unwritten_extents(). Signed-off-by: Eric Whitney Reviewed-by: Ritesh Harjani Link: https://lore.kernel.org/r/20200430185320.23001-2-enwlinux@gmail.com Signed-off-by: Theodore Ts'o commit b60ca3343e78761c6ebe6ff52c628893c8297b73 Author: Harshad Shirwadkar Date: Sun Apr 26 18:34:38 2020 -0700 ext4: don't ignore return values from ext4_ext_dirty() Don't ignore return values from ext4_ext_dirty, since the errors indicate valid failures below Ext4. In all of the other instances of ext4_ext_dirty calls, the error return value is handled in some way. This patch makes those remaining couple of places to handle ext4_ext_dirty errors as well. In case of ext4_split_extent_at(), the ignorance of return value is intentional. The reason is that we are already in error path and there isn't much we can do if ext4_ext_dirty returns error. This patch adds a comment for that case explaining why we ignore the return value. In the longer run, we probably should make sure that errors from other mark_dirty routines are handled as well. Ran gce-xfstests smoke tests and verified that there were no regressions. Signed-off-by: Harshad Shirwadkar Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20200427013438.219117-2-harshadshirwadkar@gmail.com Signed-off-by: Theodore Ts'o commit 4209ae12b12265d475bba28634184423149bd14f Author: Harshad Shirwadkar Date: Sun Apr 26 18:34:37 2020 -0700 ext4: handle ext4_mark_inode_dirty errors ext4_mark_inode_dirty() can fail for real reasons. Ignoring its return value may lead ext4 to ignore real failures that would result in corruption / crashes. Harden ext4_mark_inode_dirty error paths to fail as soon as possible and return errors to the caller whenever appropriate. One of the possible scnearios when this bug could affected is that while creating a new inode, its directory entry gets added successfully but while writing the inode itself mark_inode_dirty returns error which is ignored. This would result in inconsistency that the directory entry points to a non-existent inode. Ran gce-xfstests smoke tests and verified that there were no regressions. Signed-off-by: Harshad Shirwadkar Link: https://lore.kernel.org/r/20200427013438.219117-1-harshadshirwadkar@gmail.com Signed-off-by: Theodore Ts'o commit 8418897f1bf87da0cb6936489d57a4320c32c0af Author: Jeffle Xu Date: Thu Apr 23 15:46:44 2020 +0800 ext4: fix error pointer dereference Don't pass error pointers to brelse(). commit 7159a986b420 ("ext4: fix some error pointer dereferences") has fixed some cases, fix the remaining one case. Once ext4_xattr_block_find()->ext4_sb_bread() failed, error pointer is stored in @bs->bh, which will be passed to brelse() in the cleanup routine of ext4_xattr_set_handle(). This will then cause a NULL panic crash in __brelse(). BUG: unable to handle kernel NULL pointer dereference at 000000000000005b RIP: 0010:__brelse+0x1b/0x50 Call Trace: ext4_xattr_set_handle+0x163/0x5d0 ext4_xattr_set+0x95/0x110 __vfs_setxattr+0x6b/0x80 __vfs_setxattr_noperm+0x68/0x1b0 vfs_setxattr+0xa0/0xb0 setxattr+0x12c/0x1a0 path_setxattr+0x8d/0xc0 __x64_sys_setxattr+0x27/0x30 do_syscall_64+0x60/0x250 entry_SYSCALL_64_after_hwframe+0x49/0xbe In this case, @bs->bh stores '-EIO' actually. Fixes: fb265c9cb49e ("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases") Signed-off-by: Jeffle Xu Reviewed-by: Joseph Qi Cc: stable@kernel.org # 2.6.19 Reviewed-by: Ritesh Harjani Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/1587628004-95123-1-git-send-email-jefflexu@linux.alibaba.com Signed-off-by: Theodore Ts'o commit ceff86fddae8748fe00d4f2d249cb02cae62ad84 Author: Jan Kara Date: Tue Apr 21 10:54:45 2020 +0200 ext4: Avoid freeing inodes on dirty list When we are evicting inode with journalled data, we may race with transaction commit in the following way: CPU0 CPU1 jbd2_journal_commit_transaction() evict(inode) inode_io_list_del() inode_wait_for_writeback() process BJ_Forget list __jbd2_journal_insert_checkpoint() __jbd2_journal_refile_buffer() __jbd2_journal_unfile_buffer() if (test_clear_buffer_jbddirty(bh)) mark_buffer_dirty(bh) __mark_inode_dirty(inode) ext4_evict_inode(inode) frees the inode This results in use-after-free issues in the writeback code (or the assertion added in the previous commit triggering). Fix the problem by removing inode from writeback lists once all the page cache is evicted and so inode cannot be added to writeback lists again. Signed-off-by: Jan Kara Link: https://lore.kernel.org/r/20200421085445.5731-4-jack@suse.cz Signed-off-by: Theodore Ts'o commit 4301efa4c7cca11556dd89899eee066d49b47bf7 Author: Jan Kara Date: Tue Apr 21 10:54:44 2020 +0200 writeback: Export inode_io_list_del() Ext4 needs to remove inode from writeback lists after it is out of visibility of its journalling machinery (which can still dirty the inode). Export inode_io_list_del() for it. Signed-off-by: Jan Kara Link: https://lore.kernel.org/r/20200421085445.5731-3-jack@suse.cz Signed-off-by: Theodore Ts'o commit 3bbd0ef26098d241dc59ee77ba14b7dab0df0786 Author: Xiyu Yang Date: Thu Apr 23 13:09:27 2020 +0800 ext4: fix buffer_head refcnt leak when ext4_iget() fails ext4_orphan_get() invokes ext4_read_inode_bitmap(), which returns a reference of the specified buffer_head object to "bitmap_bh" with increased refcnt. When ext4_orphan_get() returns, local variable "bitmap_bh" becomes invalid, so the refcount should be decreased to keep refcount balanced. The reference counting issue happens in one exception handling path of ext4_orphan_get(). When ext4_iget() fails, the function forgets to decrease the refcnt increased by ext4_read_inode_bitmap(), causing a refcnt leak. Fix this issue by calling brelse() when ext4_iget() fails. Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Cc: stable@kernel.org Link: https://lore.kernel.org/r/1587618568-13418-1-git-send-email-xiyuyang19@fudan.edu.cn Signed-off-by: Theodore Ts'o commit c36a71b4e35ab35340facdd6964a00956b9fef0a Author: Harshad Shirwadkar Date: Mon Apr 20 19:39:59 2020 -0700 ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max If eh->eh_max is 0, EXT_MAX_EXTENT/INDEX would evaluate to unsigned (-1) resulting in illegal memory accesses. Although there is no consistent repro, we see that generic/019 sometimes crashes because of this bug. Ran gce-xfstests smoke and verified that there were no regressions. Signed-off-by: Harshad Shirwadkar Link: https://lore.kernel.org/r/20200421023959.20879-2-harshadshirwadkar@gmail.com Signed-off-by: Theodore Ts'o Cc: stable@kernel.org commit 39c0ae163f3b3ae691e7cce226ba1984ef6456b1 Author: Jason Yan Date: Mon Apr 20 12:29:18 2020 +0800 ext4: remove unnecessary comparisons to bool Fix the following coccicheck warning: fs/ext4/extents_status.c:1057:5-28: WARNING: Comparison to bool fs/ext4/inode.c:2314:18-24: WARNING: Comparison to bool Signed-off-by: Jason Yan Reviewed-by: Ritesh Harjani Link: https://lore.kernel.org/r/20200420042918.19459-1-yanaijie@huawei.com Signed-off-by: Theodore Ts'o commit 493e83aafa02316bc79ec90041c378d7902194fa Author: Eric Whitney Date: Wed Apr 15 16:31:40 2020 -0400 ext4: translate a few more map flags to strings in tracepoints As new ext4_map_blocks() flags have been added, not all have gotten flag bit to string translations to make tracepoint output more readable. Fix that, and go one step further by adding a translation for the EXT4_EX_NOCACHE flag as well. The EXT4_EX_FORCE_CACHE flag can never be set in a tracepoint in the current code, so there's no need to bother with a translation for it right now. Signed-off-by: Eric Whitney Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20200415203140.30349-3-enwlinux@gmail.com Signed-off-by: Theodore Ts'o commit 9e52484c713321e84e8834803a44ca0a001376d2 Author: Eric Whitney Date: Wed Apr 15 16:31:39 2020 -0400 ext4: remove EXT4_GET_BLOCKS_KEEP_SIZE flag The eofblocks code was removed in the 5.7 release by "ext4: remove EOFBLOCKS_FL and associated code" (4337ecd1fe99). The ext4_map_blocks() flag used to trigger it can now be removed as well. Signed-off-by: Eric Whitney Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20200415203140.30349-2-enwlinux@gmail.com Signed-off-by: Theodore Ts'o commit 6b6aeffc932d5469c0dbb114bee59f34e8e02e65 Author: Carlos Guerrero Álvarez Date: Thu Apr 16 16:14:56 2020 +0200 ext4: fix a style issue in fs/ext4/acl.c Fixed an if statement where braces were not needed. Link: https://lore.kernel.org/r/20200416141456.1089-1-carlosteniswarrior@gmail.com Signed-off-by: Carlos Guerrero Álvarez Signed-off-by: Theodore Ts'o Reviewed-by: Ritesh Harjani commit 09587a09ada2ed7c39aedfa2681152b5ac5641ee Author: Zong Li Date: Wed Jun 3 16:04:02 2020 -0700 arm64: mm: use ARCH_HAS_DEBUG_WX instead of arch defined Extract DEBUG_WX to mm/Kconfig.debug for shared use. Change to use ARCH_HAS_DEBUG_WX instead of DEBUG_WX defined by arch port. Signed-off-by: Zong Li Signed-off-by: Andrew Morton Cc: Borislav Petkov Cc: Catalin Marinas Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Palmer Dabbelt Cc: Paul Walmsley Cc: Thomas Gleixner Cc: Will Deacon Link: http://lkml.kernel.org/r/e19709e7576f65e303245fe520cad5f7bae72763.1587455584.git.zong.li@sifive.com Signed-off-by: Linus Torvalds commit 7e01ccb43d62558dc65c53477a78da133ad8c377 Author: Zong Li Date: Wed Jun 3 16:03:58 2020 -0700 x86: mm: use ARCH_HAS_DEBUG_WX instead of arch defined Extract DEBUG_WX to mm/Kconfig.debug for shared use. Change to use ARCH_HAS_DEBUG_WX instead of DEBUG_WX defined by arch port. Signed-off-by: Zong Li Signed-off-by: Andrew Morton Cc: Borislav Petkov Cc: Catalin Marinas Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Palmer Dabbelt Cc: Paul Walmsley Cc: Thomas Gleixner Cc: Will Deacon Link: http://lkml.kernel.org/r/430736828d149df3f5b462d291e845ec690e0141.1587455584.git.zong.li@sifive.com Signed-off-by: Linus Torvalds commit b422d28b21773bbfc9e84dbb5579a8ce355279ca Author: Zong Li Date: Wed Jun 3 16:03:55 2020 -0700 riscv: support DEBUG_WX Support DEBUG_WX to check whether there are mapping with write and execute permission at the same time. [akpm@linux-foundation.org: replace macros with C] Signed-off-by: Zong Li Signed-off-by: Andrew Morton Cc: Borislav Petkov Cc: Catalin Marinas Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Palmer Dabbelt Cc: Paul Walmsley Cc: Thomas Gleixner Cc: Will Deacon Link: http://lkml.kernel.org/r/282e266311bced080bc6f7c255b92f87c1eb65d6.1587455584.git.zong.li@sifive.com Signed-off-by: Linus Torvalds commit 375d315cbfdb50e1eda099d4d004f7f401285111 Author: Zong Li Date: Wed Jun 3 16:03:52 2020 -0700 mm: add DEBUG_WX support Patch series "Extract DEBUG_WX to shared use". Some architectures support DEBUG_WX function, it's verbatim from each others, so extract to mm/Kconfig.debug for shared use. PPC and ARM ports don't support generic page dumper yet, so we only refine x86 and arm64 port in this patch series. For RISC-V port, the DEBUG_WX support depends on other patches which be merged already: - RISC-V page table dumper - Support strict kernel memory permissions for security This patch (of 4): Some architectures support DEBUG_WX function, it's verbatim from each others. Extract to mm/Kconfig.debug for shared use. [akpm@linux-foundation.org: reword text, per Will Deacon & Zong Li] Link: http://lkml.kernel.org/r/20200427194245.oxRJKj3fn%25akpm@linux-foundation.org [zong.li@sifive.com: remove the specific name of arm64] Link: http://lkml.kernel.org/r/3a6a92ecedc54e1d0fc941398e63d504c2cd5611.1589178399.git.zong.li@sifive.com [zong.li@sifive.com: add MMU dependency for DEBUG_WX] Link: http://lkml.kernel.org/r/4a674ac7863ff39ca91847b10e51209771f99416.1589178399.git.zong.li@sifive.com Suggested-by: Palmer Dabbelt Signed-off-by: Zong Li Signed-off-by: Andrew Morton Cc: Paul Walmsley Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Catalin Marinas Cc: Will Deacon Link: http://lkml.kernel.org/r/cover.1587455584.git.zong.li@sifive.com Link: http://lkml.kernel.org/r/23980cd0f0e5d79e24a92169116407c75bcc650d.1587455584.git.zong.li@sifive.com Signed-off-by: Linus Torvalds commit 4fb6eabf1037cfbef90a26412492aeae5580cf0a Author: Scott Cheloha Date: Wed Jun 3 16:03:48 2020 -0700 drivers/base/memory.c: cache memory blocks in xarray to accelerate lookup Searching for a particular memory block by id is an O(n) operation because each memory block's underlying device is kept in an unsorted linked list on the subsystem bus. We can cut the lookup cost to O(log n) if we cache each memory block in an xarray. This time complexity improvement is significant on systems with many memory blocks. For example: 1. A 128GB POWER9 VM with 256MB memblocks has 512 blocks. With this change memory_dev_init() completes ~12ms faster and walk_memory_blocks() completes ~12ms faster. Before: [ 0.005042] memory_dev_init: adding memory blocks [ 0.021591] memory_dev_init: added memory blocks [ 0.022699] walk_memory_blocks: walking memory blocks [ 0.038730] walk_memory_blocks: walked memory blocks 0-511 After: [ 0.005057] memory_dev_init: adding memory blocks [ 0.009415] memory_dev_init: added memory blocks [ 0.010519] walk_memory_blocks: walking memory blocks [ 0.014135] walk_memory_blocks: walked memory blocks 0-511 2. A 256GB POWER9 LPAR with 256MB memblocks has 1024 blocks. With this change memory_dev_init() completes ~88ms faster and walk_memory_blocks() completes ~87ms faster. Before: [ 0.252246] memory_dev_init: adding memory blocks [ 0.395469] memory_dev_init: added memory blocks [ 0.409413] walk_memory_blocks: walking memory blocks [ 0.433028] walk_memory_blocks: walked memory blocks 0-511 [ 0.433094] walk_memory_blocks: walking memory blocks [ 0.500244] walk_memory_blocks: walked memory blocks 131072-131583 After: [ 0.245063] memory_dev_init: adding memory blocks [ 0.299539] memory_dev_init: added memory blocks [ 0.313609] walk_memory_blocks: walking memory blocks [ 0.315287] walk_memory_blocks: walked memory blocks 0-511 [ 0.315349] walk_memory_blocks: walking memory blocks [ 0.316988] walk_memory_blocks: walked memory blocks 131072-131583 3. A 32TB POWER9 LPAR with 256MB memblocks has 131072 blocks. With this change we complete memory_dev_init() ~37 minutes faster and walk_memory_blocks() at least ~30 minutes faster. The exact timing for walk_memory_blocks() is missing, though I observed that the soft lockups in walk_memory_blocks() disappeared with the change, suggesting that lower bound. Before: [ 13.703907] memory_dev_init: adding blocks [ 2287.406099] memory_dev_init: added all blocks [ 2347.494986] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 [ 2527.625378] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 [ 2707.761977] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 [ 2887.899975] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 [ 3068.028318] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 [ 3248.158764] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 [ 3428.287296] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 [ 3608.425357] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 [ 3788.554572] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 [ 3968.695071] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 [ 4148.823970] [c000000014c5bb60] [c000000000869af4] walk_memory_blocks+0x94/0x160 After: [ 13.696898] memory_dev_init: adding blocks [ 15.660035] memory_dev_init: added all blocks (the walk_memory_blocks traces disappear) There should be no significant negative impact for machines with few memory blocks. A sparse xarray has a small footprint and an O(log n) lookup is negligibly slower than an O(n) lookup for only the smallest number of memory blocks. 1. A 16GB x86 machine with 128MB memblocks has 132 blocks. With this change memory_dev_init() completes ~300us faster and walk_memory_blocks() completes no faster or slower. The improvement is pretty close to noise. Before: [ 0.224752] memory_dev_init: adding memory blocks [ 0.227116] memory_dev_init: added memory blocks [ 0.227183] walk_memory_blocks: walking memory blocks [ 0.227183] walk_memory_blocks: walked memory blocks 0-131 After: [ 0.224911] memory_dev_init: adding memory blocks [ 0.226935] memory_dev_init: added memory blocks [ 0.227089] walk_memory_blocks: walking memory blocks [ 0.227089] walk_memory_blocks: walked memory blocks 0-131 [david@redhat.com: document the locking] Link: http://lkml.kernel.org/r/bc21eec6-7251-4c91-2f57-9a0671f8d414@redhat.com Signed-off-by: Scott Cheloha Signed-off-by: Andrew Morton Acked-by: David Hildenbrand Acked-by: Nathan Lynch Acked-by: Michal Hocko Cc: Rafael J. Wysocki Cc: Greg Kroah-Hartman Cc: Rick Lindsley Cc: Scott Cheloha Link: http://lkml.kernel.org/r/20200121231028.13699-1-cheloha@linux.ibm.com Signed-off-by: Linus Torvalds commit 86ec2da037b85436b63afe3df43ed48fa0e52b0e Author: Anshuman Khandual Date: Wed Jun 3 16:03:45 2020 -0700 mm/thp: rename pmd_mknotpresent() as pmd_mkinvalid() pmd_present() is expected to test positive after pmdp_mknotpresent() as the PMD entry still points to a valid huge page in memory. pmdp_mknotpresent() implies that given PMD entry is just invalidated from MMU perspective while still holding on to pmd_page() referred valid huge page thus also clearing pmd_present() test. This creates the following situation which is counter intuitive. [pmd_present(pmd_mknotpresent(pmd)) = true] This renames pmd_mknotpresent() as pmd_mkinvalid() reflecting the helper's functionality more accurately while changing the above mentioned situation as follows. This does not create any functional change. [pmd_present(pmd_mkinvalid(pmd)) = true] This is not applicable for platforms that define own pmdp_invalidate() via __HAVE_ARCH_PMDP_INVALIDATE. Suggestion for renaming came during a previous discussion here. https://patchwork.kernel.org/patch/11019637/ [anshuman.khandual@arm.com: change pmd_mknotvalid() to pmd_mkinvalid() per Will] Link: http://lkml.kernel.org/r/1587520326-10099-3-git-send-email-anshuman.khandual@arm.com Suggested-by: Catalin Marinas Signed-off-by: Anshuman Khandual Signed-off-by: Andrew Morton Acked-by: Will Deacon Cc: Vineet Gupta Cc: Russell King Cc: Catalin Marinas Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Steven Rostedt Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Benjamin Herrenschmidt Cc: Michael Ellerman Cc: Paul Mackerras Link: http://lkml.kernel.org/r/1584680057-13753-3-git-send-email-anshuman.khandual@arm.com Signed-off-by: Linus Torvalds commit 124cb3a62d54b271d7acfcf6596cb6a88766a344 Author: Anshuman Khandual Date: Wed Jun 3 16:03:41 2020 -0700 powerpc/mm: drop platform defined pmd_mknotpresent() Patch series "mm/thp: Rename pmd_mknotpresent() as pmd_mknotvalid()", v2. This series renames pmd_mknotpresent() as pmd_mknotvalid(). Before that it drops an existing pmd_mknotpresent() definition from powerpc platform which was never required as it defines it's pmdp_invalidate() through subscribing __HAVE_ARCH_PMDP_INVALIDATE. This does not create any functional change. This rename was suggested by Catalin during a previous discussion while we were trying to change the THP helpers on arm64 platform for migration. https://patchwork.kernel.org/patch/11019637/ This patch (of 2): Platform needs to define pmd_mknotpresent() for generic pmdp_invalidate() only when __HAVE_ARCH_PMDP_INVALIDATE is not subscribed. Otherwise platform specific pmd_mknotpresent() is not required. Hence just drop it. Signed-off-by: Anshuman Khandual Signed-off-by: Andrew Morton Cc: Benjamin Herrenschmidt Cc: Michael Ellerman Cc: Paul Mackerras Cc: Vineet Gupta Cc: Russell King Cc: Catalin Marinas Cc: Will Deacon Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Steven Rostedt Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1587520326-10099-1-git-send-email-anshuman.khandual@arm.com Link: http://lkml.kernel.org/r/1584680057-13753-1-git-send-email-anshuman.khandual@arm.com Link: http://lkml.kernel.org/r/1584680057-13753-2-git-send-email-anshuman.khandual@arm.com Signed-off-by: Linus Torvalds commit 67e4eb076840c7d199ebae0a8825c89a5b07d162 Author: Yang Shi Date: Wed Jun 3 16:03:37 2020 -0700 mm: thp: don't need to drain lru cache when splitting and mlocking THP Since commit 8f182270dfec ("mm/swap.c: flush lru pvecs on compound page arrival") THP would not stay in pagevec anymore. So the optimization made by commit d965432234db ("thp: increase split_huge_page() success rate") doesn't make sense anymore, which tries to unpin munlocked THPs from pagevec by draining pagevec. Draining lru cache before isolating THP in mlock path is also unnecessary. b676b293fb48 ("mm, thp: fix mapped pages avoiding unevictable list on mlock") added it and 9a73f61bdb8a ("thp, mlock: do not mlock PTE-mapped file huge pages") accidentally carried it over after the above optimization went in. Signed-off-by: Yang Shi Signed-off-by: Andrew Morton Reviewed-by: Daniel Jordan Acked-by: Kirill A. Shutemov Cc: Hugh Dickins Cc: Andrea Arcangeli Link: http://lkml.kernel.org/r/1585946493-7531-1-git-send-email-yang.shi@linux.alibaba.com Signed-off-by: Linus Torvalds commit 885902531586d5a20a74099c1357bfdc982befe3 Author: Shijie Hu Date: Wed Jun 3 16:03:34 2020 -0700 hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs In a 32-bit program, running on arm64 architecture. When the address space below mmap base is completely exhausted, shmat() for huge pages will return ENOMEM, but shmat() for normal pages can still success on no-legacy mode. This seems not fair. For normal pages, the calling trace of get_unmapped_area() is: => mm->get_unmapped_area() if on legacy mode, => arch_get_unmapped_area() => vm_unmapped_area() if on no-legacy mode, => arch_get_unmapped_area_topdown() => vm_unmapped_area() For huge pages, the calling trace of get_unmapped_area() is: => file->f_op->get_unmapped_area() => hugetlb_get_unmapped_area() => vm_unmapped_area() To solve this issue, we only need to make hugetlb_get_unmapped_area() take the same way as mm->get_unmapped_area(). Add *bottomup() and *topdown() for hugetlbfs, and check current mm->get_unmapped_area() to decide which one to use. If mm->get_unmapped_area is equal to arch_get_unmapped_area_topdown(), hugetlb_get_unmapped_area() calls topdown routine, otherwise calls bottomup routine. Reported-by: kbuild test robot Signed-off-by: Shijie Hu Signed-off-by: Mike Kravetz Signed-off-by: Andrew Morton Cc: Will Deacon Cc: Xiaoming Ni Cc: Kefeng Wang Cc: yangerkun Cc: ChenGang Cc: Chen Jie Link: http://lkml.kernel.org/r/20200518065338.113664-1-hushijie3@huawei.com Signed-off-by: Linus Torvalds commit 4360dfa99ff58edad778bdd07819ee32bbf495b8 Author: Mike Rapoport Date: Wed Jun 3 16:03:31 2020 -0700 sparc32: register memory occupied by kernel as memblock.memory sparc32 never registered the memory occupied by the kernel image with memblock_add() and it only reserved this memory with meblock_reserve(). With openbios as system firmware, the memory occupied by the kernel is reserved in openbios and removed from mem.available. The prom setup code in the kernel uses mem.available to set up the memory banks and essentially there is a hole for the memory occupied by the kernel image. Later in bootmem_init() this memory is memblock_reserve()d. Up until recently, memmap initialization would call __init_single_page() for the pages in that hole, the free_low_memory_core_early() would mark them as reserved and everything would be Ok. After the change in memmap initialization introduced by the commit "mm: memmap_init: iterate over memblock regions rather that check each PFN", the hole is skipped and the page structs for it are not initialized. And when they are passed from memblock to page allocator as reserved, the latter gets confused. Simply registering the memory occupied by the kernel with memblock_add() resolves this issue. Tested on qemu-system-sparc with Debian Etch [1] userspace. [1] https://people.debian.org/~aurel32/qemu/sparc/debian_etch_sparc_small.qcow2 Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Acked-by: David S. Miller Cc: Guenter Roeck Link: https://lkml.kernel.org/r/20200517000050.GA87467@roeck-us.nlllllet/ Signed-off-by: Linus Torvalds commit 8cbd54f52997f43be3d09acd9fa9a10d202c5374 Author: chenqiwu Date: Wed Jun 3 16:03:28 2020 -0700 include/linux/memblock.h: fix minor typo and unclear comment Fix a minor typo "usabe->usable" for the current discription of member variable "memory" in struct memblock. BTW, I think it's unclear the member variable "base" in struct memblock_type is currently described as the physical address of memory region, change it to base address of the region is clearer since the variable is decorated as phys_addr_t. Signed-off-by: chenqiwu Signed-off-by: Andrew Morton Reviewed-by: Mike Rapoport Link: http://lkml.kernel.org/r/1588846952-32166-1-git-send-email-qiwuchen55@gmail.com Signed-off-by: Linus Torvalds commit 2d3a36a47964371101d9a71691c18d59ee611e87 Author: Michal Hocko Date: Wed Jun 3 16:03:25 2020 -0700 mm, mempolicy: fix up gup usage in lookup_node ba841078cd05 ("mm/mempolicy: Allow lookup_node() to handle fatal signal") has added a special casing for 0 return value because that was a possible gup return value when interrupted by fatal signal. This has been fixed by ae46d2aa6a7f ("mm/gup: Let __get_user_pages_locked() return -EINTR for fatal signal") in the mean time so ba841078cd05 can be reverted. This patch however doesn't go all the way to revert it because the check for 0 is wrong and confusing here. Firstly it is inherently unsafe to access the page when get_user_pages_locked returns 0 (aka no page returned). Fortunatelly this will not happen because get_user_pages_locked will not return 0 when nr_pages > 0 unless FOLL_NOWAIT is specified which is not the case here. Document this potential error code in gup code while we are at it. Signed-off-by: Michal Hocko Signed-off-by: Andrew Morton Cc: Peter Xu Link: http://lkml.kernel.org/r/20200421071026.18394-1-mhocko@kernel.org Signed-off-by: Linus Torvalds commit 5b94ce2fcae2542c4d5d49176fa23eea638dc7b6 Author: Changhee Han Date: Wed Jun 3 16:03:22 2020 -0700 tools/vm/page_owner_sort.c: filter out unneeded line To see a sorted result from page_owner, there must be a tiresome preprocessing step before running page_owner_sort. This patch simply filters out lines which start with "PFN" while reading the page owner report. Signed-off-by: Changhee Han Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Vlastimil Babka Cc: Joonsoo Kim Cc: Jonathan Corbet Link: http://lkml.kernel.org/r/20200429052940.16968-1-ch0.han@lge.com Signed-off-by: Linus Torvalds commit 21e330fc632d6a288f73de48045b782cc51d501a Author: Shakeel Butt Date: Wed Jun 3 16:03:19 2020 -0700 mm: swap: memcg: fix memcg stats for huge pages The commit 2262185c5b28 ("mm: per-cgroup memory reclaim stats") added PGLAZYFREE, PGACTIVATE & PGDEACTIVATE stats for cgroups but missed couple of places and PGLAZYFREE missed huge page handling. Fix that. Also for PGLAZYFREE use the irq-unsafe function to update as the irq is already disabled. Fixes: 2262185c5b28 ("mm: per-cgroup memory reclaim stats") Signed-off-by: Shakeel Butt Signed-off-by: Andrew Morton Acked-by: Johannes Weiner Link: http://lkml.kernel.org/r/20200527182947.251343-1-shakeelb@google.com Signed-off-by: Linus Torvalds commit 5d91f31faf8ebed2acfc3a1d6ac344f95c488d66 Author: Shakeel Butt Date: Wed Jun 3 16:03:16 2020 -0700 mm: swap: fix vmstats for huge pages Many of the callbacks called by pagevec_lru_move_fn() does not correctly update the vmstats for huge pages. Fix that. Also __pagevec_lru_add_fn() use the irq-unsafe alternative to update the stat as the irqs are already disabled. Signed-off-by: Shakeel Butt Signed-off-by: Andrew Morton Acked-by: Johannes Weiner Link: http://lkml.kernel.org/r/20200527182916.249910-1-shakeelb@google.com Signed-off-by: Linus Torvalds commit d483a5dd009a091d3dab3bc873335989e2cd5b08 Author: Johannes Weiner Date: Wed Jun 3 16:03:13 2020 -0700 mm: vmscan: limit the range of LRU type balancing When LRU cost only shows up on one list, we abruptly stop scanning that list altogether. That's an extreme reaction: by the time the other list starts thrashing and the pendulum swings back, we may have no recent age information on the first list anymore, and we could have significant latencies until the scanner has caught up. Soften this change in the feedback system by ensuring that no list receives less than a third of overall pressure, and only distribute the other 66% according to LRU cost. This ensures that we maintain a minimum rate of aging on the entire workingset while it's being pressured, while still allowing a generous rate of convergence when the relative sizes of the lists need to adjust. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Cc: Joonsoo Kim Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-15-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 96f8bf4fb1dd2656ae3e92326be9ebf003bbfd45 Author: Johannes Weiner Date: Wed Jun 3 16:03:09 2020 -0700 mm: vmscan: reclaim writepage is IO cost The VM tries to balance reclaim pressure between anon and file so as to reduce the amount of IO incurred due to the memory shortage. It already counts refaults and swapins, but in addition it should also count writepage calls during reclaim. For swap, this is obvious: it's IO that wouldn't have occurred if the anonymous memory hadn't been under memory pressure. From a relative balancing point of view this makes sense as well: even if anon is cold and reclaimable, a cache that isn't thrashing may have equally cold pages that don't require IO to reclaim. For file writeback, it's trickier: some of the reclaim writepage IO would have likely occurred anyway due to dirty expiration. But not all of it - premature writeback reduces batching and generates additional writes. Since the flushers are already woken up by the time the VM starts writing cache pages one by one, let's assume that we'e likely causing writes that wouldn't have happened without memory pressure. In addition, the per-page cost of IO would have probably been much cheaper if written in larger batches from the flusher thread rather than the single-page-writes from kswapd. For our purposes - getting the trend right to accelerate convergence on a stable state that doesn't require paging at all - this is sufficiently accurate. If we later wanted to optimize for sustained thrashing, we can still refine the measurements. Count all writepage calls from kswapd as IO cost toward the LRU that the page belongs to. Why do this dynamically? Don't we know in advance that anon pages require IO to reclaim, and so could build in a static bias? First, scanning is not the same as reclaiming. If all the anon pages are referenced, we may not swap for a while just because we're scanning the anon list. During this time, however, it's important that we age anonymous memory and the page cache at the same rate so that their hot-cold gradients are comparable. Everything else being equal, we still want to reclaim the coldest memory overall. Second, we keep copies in swap unless the page changes. If there is swap-backed data that's mostly read (tmpfs file) and has been swapped out before, we can reclaim it without incurring additional IO. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Cc: Joonsoo Kim Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-14-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 7cf111bc39f6792abedcdfbc4e6291a5603b0ef0 Author: Johannes Weiner Date: Wed Jun 3 16:03:06 2020 -0700 mm: vmscan: determine anon/file pressure balance at the reclaim root We split the LRU lists into anon and file, and we rebalance the scan pressure between them when one of them begins thrashing: if the file cache experiences workingset refaults, we increase the pressure on anonymous pages; if the workload is stalled on swapins, we increase the pressure on the file cache instead. With cgroups and their nested LRU lists, we currently don't do this correctly. While recursive cgroup reclaim establishes a relative LRU order among the pages of all involved cgroups, LRU pressure balancing is done on an individual cgroup LRU level. As a result, when one cgroup is thrashing on the filesystem cache while a sibling may have cold anonymous pages, pressure doesn't get equalized between them. This patch moves LRU balancing decision to the root of reclaim - the same level where the LRU order is established. It does this by tracking LRU cost recursively, so that every level of the cgroup tree knows the aggregate LRU cost of all memory within its domain. When the page scanner calculates the scan balance for any given individual cgroup's LRU list, it uses the values from the ancestor cgroup that initiated the reclaim cycle. If one sibling is then thrashing on the cache, it will tip the pressure balance inside its ancestors, and the next hierarchical reclaim iteration will go more after the anon pages in the tree. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Cc: Joonsoo Kim Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-13-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 314b57fb0460001a090b35ff8be987f2c868ad3c Author: Johannes Weiner Date: Wed Jun 3 16:03:03 2020 -0700 mm: balance LRU lists based on relative thrashing Since the LRUs were split into anon and file lists, the VM has been balancing between page cache and anonymous pages based on per-list ratios of scanned vs. rotated pages. In most cases that tips page reclaim towards the list that is easier to reclaim and has the fewest actively used pages, but there are a few problems with it: 1. Refaults and LRU rotations are weighted the same way, even though one costs IO and the other costs a bit of CPU. 2. The less we scan an LRU list based on already observed rotations, the more we increase the sampling interval for new references, and rotations become even more likely on that list. This can enter a death spiral in which we stop looking at one list completely until the other one is all but annihilated by page reclaim. Since commit a528910e12ec ("mm: thrash detection-based file cache sizing") we have refault detection for the page cache. Along with swapin events, they are good indicators of when the file or anon list, respectively, is too small for its workingset and needs to grow. For example, if the page cache is thrashing, the cache pages need more time in memory, while there may be colder pages on the anonymous list. Likewise, if swapped pages are faulting back in, it indicates that we reclaim anonymous pages too aggressively and should back off. Replace LRU rotations with refaults and swapins as the basis for relative reclaim cost of the two LRUs. This will have the VM target list balances that incur the least amount of IO on aggregate. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Cc: Joonsoo Kim Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-12-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 264e90cc07f177adec17ee7cc154ddaa132f0b2d Author: Johannes Weiner Date: Wed Jun 3 16:03:00 2020 -0700 mm: only count actual rotations as LRU reclaim cost When shrinking the active file list we rotate referenced pages only when they're in an executable mapping. The others get deactivated. When it comes to balancing scan pressure, though, we count all referenced pages as rotated, even the deactivated ones. Yet they do not carry the same cost to the system: the deactivated page *might* refault later on, but the deactivation is tangible progress toward freeing pages; rotations on the other hand cost time and effort without getting any closer to freeing memory. Don't treat both events as equal. The following patch will hook up LRU balancing to cache and anon refaults, which are a much more concrete cost signal for reclaiming one list over the other. Thus, remove the maybe-IO cost bias from page references, and only note the CPU cost for actual rotations that prevent the pages from getting reclaimed. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Acked-by: Minchan Kim Acked-by: Michal Hocko Cc: Joonsoo Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-11-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit fbbb602e40c270e884bc545161b238074b20aaae Author: Johannes Weiner Date: Wed Jun 3 16:02:57 2020 -0700 mm: deactivations shouldn't bias the LRU balance Operations like MADV_FREE, FADV_DONTNEED etc. currently move any affected active pages to the inactive list to accelerate their reclaim (good) but also steer page reclaim toward that LRU type, or away from the other (bad). The reason why this is undesirable is that such operations are not part of the regular page aging cycle, and rather a fluke that doesn't say much about the remaining pages on that list; they might all be in heavy use, and once the chunk of easy victims has been purged, the VM continues to apply elevated pressure on those remaining hot pages. The other LRU, meanwhile, might have easily reclaimable pages, and there was never a need to steer away from it in the first place. As the previous patch outlined, we should focus on recording actually observed cost to steer the balance rather than speculating about the potential value of one LRU list over the other. In that spirit, leave explicitely deactivated pages to the LRU algorithm to pick up, and let rotations decide which list is the easiest to reclaim. [cai@lca.pw: fix set-but-not-used warning] Link: http://lkml.kernel.org/r/20200522133335.GA624@Qians-MacBook-Air.local Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Acked-by: Minchan Kim Acked-by: Michal Hocko Cc: Joonsoo Kim Cc: Rik van Riel Cc: Qian Cai Link: http://lkml.kernel.org/r/20200520232525.798933-10-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 1431d4d11abb265e79cd44bed2f5ea93f1bcc57b Author: Johannes Weiner Date: Wed Jun 3 16:02:53 2020 -0700 mm: base LRU balancing on an explicit cost model Currently, scan pressure between the anon and file LRU lists is balanced based on a mixture of reclaim efficiency and a somewhat vague notion of "value" of having certain pages in memory over others. That concept of value is problematic, because it has caused us to count any event that remotely makes one LRU list more or less preferrable for reclaim, even when these events are not directly comparable and impose very different costs on the system. One example is referenced file pages that we still deactivate and referenced anonymous pages that we actually rotate back to the head of the list. There is also conceptual overlap with the LRU algorithm itself. By rotating recently used pages instead of reclaiming them, the algorithm already biases the applied scan pressure based on page value. Thus, when rebalancing scan pressure due to rotations, we should think of reclaim cost, and leave assessing the page value to the LRU algorithm. Lastly, considering both value-increasing as well as value-decreasing events can sometimes cause the same type of event to be counted twice, i.e. how rotating a page increases the LRU value, while reclaiming it succesfully decreases the value. In itself this will balance out fine, but it quietly skews the impact of events that are only recorded once. The abstract metric of "value", the murky relationship with the LRU algorithm, and accounting both negative and positive events make the current pressure balancing model hard to reason about and modify. This patch switches to a balancing model of accounting the concrete, actually observed cost of reclaiming one LRU over another. For now, that cost includes pages that are scanned but rotated back to the list head. Subsequent patches will add consideration for IO caused by refaulting of recently evicted pages. Replace struct zone_reclaim_stat with two cost counters in the lruvec, and make everything that affects cost go through a new lru_note_cost() function. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Acked-by: Michal Hocko Cc: Joonsoo Kim Cc: Minchan Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-9-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit a4fe1631f313f75c7dced10d9e7eda816bf0937f Author: Johannes Weiner Date: Wed Jun 3 16:02:50 2020 -0700 mm: vmscan: drop unnecessary div0 avoidance rounding in get_scan_count() When we calculate the relative scan pressure between the anon and file LRU lists, we have to assume that reclaim_stat can contain zeroes. To avoid div0 crashes, we add 1 to all denominators like so: anon_prio = swappiness; file_prio = 200 - anon_prio; [...] /* * The amount of pressure on anon vs file pages is inversely * proportional to the fraction of recently scanned pages on * each list that were recently referenced and in active use. */ ap = anon_prio * (reclaim_stat->recent_scanned[0] + 1); ap /= reclaim_stat->recent_rotated[0] + 1; fp = file_prio * (reclaim_stat->recent_scanned[1] + 1); fp /= reclaim_stat->recent_rotated[1] + 1; spin_unlock_irq(&pgdat->lru_lock); fraction[0] = ap; fraction[1] = fp; denominator = ap + fp + 1; While reclaim_stat can contain 0, it's not actually possible for ap + fp to be 0. One of anon_prio or file_prio could be zero, but they must still add up to 200. And the reclaim_stat fraction, due to the +1 in there, is always at least 1. So if one of the two numerators is 0, the other one can't be. ap + fp is always at least 1. Drop the + 1. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Cc: Joonsoo Kim Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-8-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 9682468747390c14962114f261cd76ba188ed987 Author: Johannes Weiner Date: Wed Jun 3 16:02:46 2020 -0700 mm: remove use-once cache bias from LRU balancing When the splitlru patches divided page cache and swap-backed pages into separate LRU lists, the pressure balance between the lists was biased to account for the fact that streaming IO can cause memory pressure with a flood of pages that are used only once. New page cache additions would tip the balance toward the file LRU, and repeat access would neutralize that bias again. This ensured that page reclaim would always go for used-once cache first. Since e9868505987a ("mm,vmscan: only evict file pages when we have plenty"), page reclaim generally skips over swap-backed memory entirely as long as there is used-once cache present, and will apply the LRU balancing when only repeatedly accessed cache pages are left - at which point the previous use-once bias will have been neutralized. This makes the use-once cache balancing bias unnecessary. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Acked-by: Michal Hocko Acked-by: Minchan Kim Cc: Joonsoo Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-7-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 34e58cac6d8f2a76b609b3510ff0c4468a220e61 Author: Johannes Weiner Date: Wed Jun 3 16:02:43 2020 -0700 mm: workingset: let cache workingset challenge anon We activate cache refaults with reuse distances in pages smaller than the size of the total cache. This allows new pages with competitive access frequencies to establish themselves, as well as challenge and potentially displace pages on the active list that have gone cold. However, that assumes that active cache can only replace other active cache in a competition for the hottest memory. This is not a great default assumption. The page cache might be thrashing while there are enough completely cold and unused anonymous pages sitting around that we'd only have to write to swap once to stop all IO from the cache. Activate cache refaults when their reuse distance in pages is smaller than the total userspace workingset, including anonymous pages. Reclaim can still decide how to balance pressure among the two LRUs depending on the IO situation. Rotational drives will prefer avoiding random IO from swap and go harder after cache. But fundamentally, hot cache should be able to compete with anon pages for a place in RAM. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Cc: Joonsoo Kim Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-6-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 6058eaec816f29fbe33c9d35694614c9a4ed75ba Author: Johannes Weiner Date: Wed Jun 3 16:02:40 2020 -0700 mm: fold and remove lru_cache_add_anon() and lru_cache_add_file() They're the same function, and for the purpose of all callers they are equivalent to lru_cache_add(). [akpm@linux-foundation.org: fix it for local_lock changes] Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Rik van Riel Acked-by: Michal Hocko Acked-by: Minchan Kim Cc: Joonsoo Kim Link: http://lkml.kernel.org/r/20200520232525.798933-5-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit c843966c556d7370bb32e7319a6d164cb8c70ae2 Author: Johannes Weiner Date: Wed Jun 3 16:02:37 2020 -0700 mm: allow swappiness that prefers reclaiming anon over the file workingset With the advent of fast random IO devices (SSDs, PMEM) and in-memory swap devices such as zswap, it's possible for swap to be much faster than filesystems, and for swapping to be preferable over thrashing filesystem caches. Allow setting swappiness - which defines the rough relative IO cost of cache misses between page cache and swap-backed pages - to reflect such situations by making the swap-preferred range configurable. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Cc: Joonsoo Kim Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-4-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 497a6c1b09902b22ceccc0f25ba4dd623e1ddb7d Author: Johannes Weiner Date: Wed Jun 3 16:02:34 2020 -0700 mm: keep separate anon and file statistics on page reclaim activity Having statistics on pages scanned and pages reclaimed for both anon and file pages makes it easier to evaluate changes to LRU balancing. While at it, clean up the stat-keeping mess for isolation, putback, reclaim stats etc. a bit: first the physical LRU operation (isolation and putback), followed by vmstats, reclaim_stats, and then vm events. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Cc: Joonsoo Kim Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Link: http://lkml.kernel.org/r/20200520232525.798933-3-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 5df741963d52506a985b14c4bcd9a25beb9d1981 Author: Johannes Weiner Date: Wed Jun 3 16:02:31 2020 -0700 mm: fix LRU balancing effect of new transparent huge pages The reclaim code that balances between swapping and cache reclaim tries to predict likely reuse based on in-memory reference patterns alone. This works in many cases, but when it fails it cannot detect when the cache is thrashing pathologically, or when we're in the middle of a swap storm. The high seek cost of rotational drives under which the algorithm evolved also meant that mistakes could quickly result in lockups from too aggressive swapping (which is predominantly random IO). As a result, the balancing code has been tuned over time to a point where it mostly goes for page cache and defers swapping until the VM is under significant memory pressure. The resulting strategy doesn't make optimal caching decisions - where optimal is the least amount of IO required to execute the workload. The proliferation of fast random IO devices such as SSDs, in-memory compression such as zswap, and persistent memory technologies on the horizon, has made this undesirable behavior very noticable: Even in the presence of large amounts of cold anonymous memory and a capable swap device, the VM refuses to even seriously scan these pages, and can leave the page cache thrashing needlessly. This series sets out to address this. Since commit ("a528910e12ec mm: thrash detection-based file cache sizing") we have exact tracking of refault IO - the ultimate cost of reclaiming the wrong pages. This allows us to use an IO cost based balancing model that is more aggressive about scanning anonymous memory when the cache is thrashing, while being able to avoid unnecessary swap storms. These patches base the LRU balance on the rate of refaults on each list, times the relative IO cost between swap device and filesystem (swappiness), in order to optimize reclaim for least IO cost incurred. History I floated these changes in 2016. At the time they were incomplete and full of workarounds due to a lack of infrastructure in the reclaim code: We didn't have PageWorkingset, we didn't have hierarchical cgroup statistics, and problems with the cgroup swap controller. As swapping wasn't too high a priority then, the patches stalled out. With all dependencies in place now, here we are again with much cleaner, feature-complete patches. I kept the acks for patches that stayed materially the same :-) Below is a series of test results that demonstrate certain problematic behavior of the current code, as well as showcase the new code's more predictable and appropriate balancing decisions. Test #1: No convergence This test shows an edge case where the VM currently doesn't converge at all on a new file workingset with a stale anon/tmpfs set. The test sets up a cold anon set the size of 3/4 RAM, then tries to establish a new file set half the size of RAM (flat access pattern). The vanilla kernel refuses to even scan anon pages and never converges. The file set is perpetually served from the filesystem. The first test kernel is with the series up to the workingset patch applied. This allows thrashing page cache to challenge the anonymous workingset. The VM then scans the lists based on the current scanned/rotated balancing algorithm. It converges on a stable state where all cold anon pages are pushed out and the fileset is served entirely from cache: noconverge/5.7-rc5-mm noconverge/5.7-rc5-mm-workingset Scanned 417719308.00 ( +0.00%) 64091155.00 ( -84.66%) Reclaimed 417711094.00 ( +0.00%) 61640308.00 ( -85.24%) Reclaim efficiency % 100.00 ( +0.00%) 96.18 ( -3.78%) Scanned file 417719308.00 ( +0.00%) 59211118.00 ( -85.83%) Scanned anon 0.00 ( +0.00%) 4880037.00 ( ) Swapouts 0.00 ( +0.00%) 2439957.00 ( ) Swapins 0.00 ( +0.00%) 257.00 ( ) Refaults 415246605.00 ( +0.00%) 59183722.00 ( -85.75%) Restore refaults 0.00 ( +0.00%) 54988252.00 ( ) The second test kernel is with the full patch series applied, which replaces the scanned/rotated ratios with refault/swapin rate-based balancing. It evicts the cold anon pages more aggressively in the presence of a thrashing cache and the absence of swapins, and so converges with about 60% of the IO and reclaim activity: noconverge/5.7-rc5-mm-workingset noconverge/5.7-rc5-mm-lrubalance Scanned 64091155.00 ( +0.00%) 37579741.00 ( -41.37%) Reclaimed 61640308.00 ( +0.00%) 35129293.00 ( -43.01%) Reclaim efficiency % 96.18 ( +0.00%) 93.48 ( -2.78%) Scanned file 59211118.00 ( +0.00%) 32708385.00 ( -44.76%) Scanned anon 4880037.00 ( +0.00%) 4871356.00 ( -0.18%) Swapouts 2439957.00 ( +0.00%) 2435565.00 ( -0.18%) Swapins 257.00 ( +0.00%) 262.00 ( +1.94%) Refaults 59183722.00 ( +0.00%) 32675667.00 ( -44.79%) Restore refaults 54988252.00 ( +0.00%) 28480430.00 ( -48.21%) We're triggering this case in host sideloading scenarios: When a host's primary workload is not saturating the machine (primary load is usually driven by user activity), we can optimistically sideload a batch job; if user activity picks up and the primary workload needs the whole host during this time, we freeze the sideload and rely on it getting pushed to swap. Frequently that swapping doesn't happen and the completely inactive sideload simply stays resident while the expanding primary worklad is struggling to gain ground. Test #2: Kernel build This test is a a kernel build that is slightly memory-restricted (make -j4 inside a 400M cgroup). Despite the very aggressive swapping of cold anon pages in test #1, this test shows that the new kernel carefully balances swap against cache refaults when both the file and the cache set are pressured. It shows the patched kernel to be slightly better at finding the coldest memory from the combined anon and file set to evict under pressure. The result is lower aggregate reclaim and paging activity: z 5.7-rc5-mm 5.7-rc5-mm-lrubalance Real time 210.60 ( +0.00%) 210.97 ( +0.18%) User time 745.42 ( +0.00%) 746.48 ( +0.14%) System time 69.78 ( +0.00%) 69.79 ( +0.02%) Scanned file 354682.00 ( +0.00%) 293661.00 ( -17.20%) Scanned anon 465381.00 ( +0.00%) 378144.00 ( -18.75%) Swapouts 185920.00 ( +0.00%) 147801.00 ( -20.50%) Swapins 34583.00 ( +0.00%) 32491.00 ( -6.05%) Refaults 212664.00 ( +0.00%) 172409.00 ( -18.93%) Restore refaults 48861.00 ( +0.00%) 80091.00 ( +63.91%) Total paging IO 433167.00 ( +0.00%) 352701.00 ( -18.58%) Test #3: Overload This next test is not about performance, but rather about the predictability of the algorithm. The current balancing behavior doesn't always lead to comprehensible results, which makes performance analysis and parameter tuning (swappiness e.g.) very difficult. The test shows the balancing behavior under equivalent anon and file input. Anon and file sets are created of equal size (3/4 RAM), have the same access patterns (a hot-cold gradient), and synchronized access rates. Swappiness is raised from the default of 60 to 100 to indicate equal IO cost between swap and cache. With the vanilla balancing code, anon scans make up around 9% of the total pages scanned, or a ~1:10 ratio. This is a surprisingly skewed ratio, and it's an outcome that is hard to explain given the input parameters to the VM. The new balancing model targets a 1:2 balance: All else being equal, reclaiming a file page costs one page IO - the refault; reclaiming an anon page costs two IOs - the swapout and the swapin. In the test we observe a ~1:3 balance. The scanned and paging IO numbers indicate that the anon LRU algorithm we have in place right now does a slightly worse job at picking the coldest pages compared to the file algorithm. There is ongoing work to improve this, like Joonsoo's anon workingset patches; however, it's difficult to compare the two aging strategies when the balancing between them is behaving unintuitively. The slightly less efficient anon reclaim results in a deviation from the optimal 1:2 scan ratio we would like to see here - however, 1:3 is much closer to what we'd want to see in this test than the vanilla kernel's aging of 10+ cache pages for every anonymous one: overload-100/5.7-rc5-mm-workingset overload-100/5.7-rc5-mm-lrubalance-realfile Scanned 533633725.00 ( +0.00%) 595687785.00 ( +11.63%) Reclaimed 494325440.00 ( +0.00%) 518154380.00 ( +4.82%) Reclaim efficiency % 92.63 ( +0.00%) 86.98 ( -6.03%) Scanned file 484532894.00 ( +0.00%) 456937722.00 ( -5.70%) Scanned anon 49100831.00 ( +0.00%) 138750063.00 ( +182.58%) Swapouts 8096423.00 ( +0.00%) 48982142.00 ( +504.98%) Swapins 10027384.00 ( +0.00%) 62325044.00 ( +521.55%) Refaults 479819973.00 ( +0.00%) 451309483.00 ( -5.94%) Restore refaults 426422087.00 ( +0.00%) 399914067.00 ( -6.22%) Total paging IO 497943780.00 ( +0.00%) 562616669.00 ( +12.99%) Test #4: Parallel IO It's important to note that these patches only affect the situation where the kernel has to reclaim workingset memory, which is usually a transitionary period. The vast majority of page reclaim occuring in a system is from trimming the ever-expanding page cache. These patches don't affect cache trimming behavior. We never swap as long as we only have use-once cache moving through the file LRU, we only consider swapping when the cache is actively thrashing. The following test demonstrates this. It has an anon workingset that takes up half of RAM and then writes a file that is twice the size of RAM out to disk. As the cache is funneled through the inactive file list, no anon pages are scanned (aside from apparently some background noise of 10 pages): 5.7-rc5-mm 5.7-rc5-mm-lrubalance Scanned 10714722.00 ( +0.00%) 10723445.00 ( +0.08%) Reclaimed 10703596.00 ( +0.00%) 10712166.00 ( +0.08%) Reclaim efficiency % 99.90 ( +0.00%) 99.89 ( -0.00%) Scanned file 10714722.00 ( +0.00%) 10723435.00 ( +0.08%) Scanned anon 0.00 ( +0.00%) 10.00 ( ) Swapouts 0.00 ( +0.00%) 7.00 ( ) Swapins 0.00 ( +0.00%) 0.00 ( +0.00%) Refaults 92.00 ( +0.00%) 41.00 ( -54.84%) Restore refaults 0.00 ( +0.00%) 0.00 ( +0.00%) Total paging IO 92.00 ( +0.00%) 48.00 ( -47.31%) This patch (of 14): Currently, THP are counted as single pages until they are split right before being swapped out. However, at that point the VM is already in the middle of reclaim, and adjusting the LRU balance then is useless. Always account THP by the number of basepages, and remove the fixup from the splitting path. Signed-off-by: Johannes Weiner Signed-off-by: Shakeel Butt Signed-off-by: Andrew Morton Reviewed-by: Rik van Riel Reviewed-by: Shakeel Butt Acked-by: Michal Hocko Acked-by: Minchan Kim Cc: Joonsoo Kim Link: http://lkml.kernel.org/r/20200520232525.798933-1-hannes@cmpxchg.org Link: http://lkml.kernel.org/r/20200520232525.798933-2-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit a0b5b4147fb34639ae7d0c25a823297834344061 Author: Johannes Weiner Date: Wed Jun 3 16:02:27 2020 -0700 mm: memcontrol: update page->mem_cgroup stability rules The previous patches have simplified the access rules around page->mem_cgroup somewhat: 1. We never change page->mem_cgroup while the page is isolated by somebody else. This was by far the biggest exception to our rules and it didn't stop at lock_page() or lock_page_memcg(). 2. We charge pages before they get put into page tables now, so the somewhat fishy rule about "can be in page table as long as it's still locked" is now gone and boiled down to having an exclusive reference to the page. Document the new rules. Any of the following will stabilize the page->mem_cgroup association: - the page lock - LRU isolation - lock_page_memcg() - exclusive access to the page Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Alex Shi Reviewed-by: Joonsoo Kim Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-20-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit d9eb1ea2bf8734afd8ec7d995270437a7242f82b Author: Johannes Weiner Date: Wed Jun 3 16:02:24 2020 -0700 mm: memcontrol: delete unused lrucare handling Swapin faults were the last event to charge pages after they had already been put on the LRU list. Now that we charge directly on swapin, the lrucare portion of the charge code is unused. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Joonsoo Kim Cc: Alex Shi Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Balbir Singh Cc: Shakeel Butt Link: http://lkml.kernel.org/r/20200508183105.225460-19-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 0a27cae1389f6342e7b09179d2b2da9011d60c96 Author: Alex Shi Date: Wed Jun 3 16:02:21 2020 -0700 mm: memcontrol: document the new swap control behavior Signed-off-by: Alex Shi Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Cc: Hugh Dickins Cc: Joonsoo Kim Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-18-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 4c6355b25e8bb83c3cb455f532b7542089699d98 Author: Johannes Weiner Date: Wed Jun 3 16:02:17 2020 -0700 mm: memcontrol: charge swapin pages on instantiation Right now, users that are otherwise memory controlled can easily escape their containment and allocate significant amounts of memory that they're not being charged for. That's because swap readahead pages are not being charged until somebody actually faults them into their page table. This can be exploited with MADV_WILLNEED, which triggers arbitrary readahead allocations without charging the pages. There are additional problems with the delayed charging of swap pages: 1. To implement refault/workingset detection for anonymous pages, we need to have a target LRU available at swapin time, but the LRU is not determinable until the page has been charged. 2. To implement per-cgroup LRU locking, we need page->mem_cgroup to be stable when the page is isolated from the LRU; otherwise, the locks change under us. But swapcache gets charged after it's already on the LRU, and even if we cannot isolate it ourselves (since charging is not exactly optional). The previous patch ensured we always maintain cgroup ownership records for swap pages. This patch moves the swapcache charging point from the fault handler to swapin time to fix all of the above problems. v2: simplify swapin error checking (Joonsoo) [hughd@google.com: fix livelock in __read_swap_cache_async()] Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2005212246080.8458@eggly.anvils Signed-off-by: Johannes Weiner Signed-off-by: Hugh Dickins Signed-off-by: Andrew Morton Reviewed-by: Alex Shi Cc: Hugh Dickins Cc: Joonsoo Kim Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Cc: Rafael Aquini Cc: Alex Shi Link: http://lkml.kernel.org/r/20200508183105.225460-17-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 2d1c498072de69e2857b849ee197ba2aa7de53a3 Author: Johannes Weiner Date: Wed Jun 3 16:02:14 2020 -0700 mm: memcontrol: make swap tracking an integral part of memory control Without swap page tracking, users that are otherwise memory controlled can easily escape their containment and allocate significant amounts of memory that they're not being charged for. That's because swap does readahead, but without the cgroup records of who owned the page at swapout, readahead pages don't get charged until somebody actually faults them into their page table and we can identify an owner task. This can be maliciously exploited with MADV_WILLNEED, which triggers arbitrary readahead allocations without charging the pages. Make swap swap page tracking an integral part of memcg and remove the Kconfig options. In the first place, it was only made configurable to allow users to save some memory. But the overhead of tracking cgroup ownership per swap page is minimal - 2 byte per page, or 512k per 1G of swap, or 0.04%. Saving that at the expense of broken containment semantics is not something we should present as a coequal option. The swapaccount=0 boot option will continue to exist, and it will eliminate the page_counter overhead and hide the swap control files, but it won't disable swap slot ownership tracking. This patch makes sure we always have the cgroup records at swapin time; the next patch will fix the actual bug by charging readahead swap pages at swapin time rather than at fault time. v2: fix double swap charge bug in cgroup1/cgroup2 code gating [hannes@cmpxchg.org: fix crash with cgroup_disable=memory] Link: http://lkml.kernel.org/r/20200521215855.GB815153@cmpxchg.org Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Joonsoo Kim Cc: Alex Shi Cc: "Kirill A. Shutemov" Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Cc: Naresh Kamboju Link: http://lkml.kernel.org/r/20200508183105.225460-16-hannes@cmpxchg.org Debugged-by: Hugh Dickins Debugged-by: Michal Hocko Signed-off-by: Linus Torvalds commit eccb52e7880973f221ab2606e4d22ce04d96a1a9 Author: Johannes Weiner Date: Wed Jun 3 16:02:11 2020 -0700 mm: memcontrol: prepare swap controller setup for integration A few cleanups to streamline the swap controller setup: - Replace the do_swap_account flag with cgroup_memory_noswap. This brings it in line with other functionality that is usually available unless explicitly opted out of - nosocket, nokmem. - Remove the really_do_swap_account flag that stores the boot option and is later used to switch the do_swap_account. It's not clear why this indirection is/was necessary. Use do_swap_account directly. - Minor coding style polishing Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Joonsoo Kim Cc: Alex Shi Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-15-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit f0e45fb4da29746a116e810eb91423ccfa4830fc Author: Johannes Weiner Date: Wed Jun 3 16:02:07 2020 -0700 mm: memcontrol: drop unused try/commit/cancel charge API There are no more users. RIP in peace. [arnd@arndb.de: fix an unused-function warning] Link: http://lkml.kernel.org/r/20200528095640.151454-1-arnd@arndb.de Signed-off-by: Johannes Weiner Signed-off-by: Arnd Bergmann Signed-off-by: Andrew Morton Reviewed-by: Joonsoo Kim Cc: Alex Shi Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-14-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 9d82c69438d0dff8809061edbcce43a5a4bcf09f Author: Johannes Weiner Date: Wed Jun 3 16:02:04 2020 -0700 mm: memcontrol: convert anon and file-thp to new mem_cgroup_charge() API With the page->mapping requirement gone from memcg, we can charge anon and file-thp pages in one single step, right after they're allocated. This removes two out of three API calls - especially the tricky commit step that needed to happen at just the right time between when the page is "set up" and when it's "published" - somewhat vague and fluid concepts that varied by page type. All we need is a freshly allocated page and a memcg context to charge. v2: prevent double charges on pre-allocated hugepages in khugepaged [hannes@cmpxchg.org: Fix crash - *hpage could be ERR_PTR instead of NULL] Link: http://lkml.kernel.org/r/20200512215813.GA487759@cmpxchg.org Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Joonsoo Kim Cc: Alex Shi Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Cc: Qian Cai Link: http://lkml.kernel.org/r/20200508183105.225460-13-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 468c398233da208521a0f84c2068012a66a7489d Author: Johannes Weiner Date: Wed Jun 3 16:02:01 2020 -0700 mm: memcontrol: switch to native NR_ANON_THPS counter With rmap memcg locking already in place for NR_ANON_MAPPED, it's just a small step to remove the MEMCG_RSS_HUGE wart and switch memcg to the native NR_ANON_THPS accounting sites. [hannes@cmpxchg.org: fixes] Link: http://lkml.kernel.org/r/20200512121750.GA397968@cmpxchg.org Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Tested-by: Naresh Kamboju Reviewed-by: Joonsoo Kim Acked-by: Randy Dunlap [build-tested] Cc: Alex Shi Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-12-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit be5d0a74c62d8da43f9526a5b08cdd18e2bbc37a Author: Johannes Weiner Date: Wed Jun 3 16:01:57 2020 -0700 mm: memcontrol: switch to native NR_ANON_MAPPED counter Memcg maintains a private MEMCG_RSS counter. This divergence from the generic VM accounting means unnecessary code overhead, and creates a dependency for memcg that page->mapping is set up at the time of charging, so that page types can be told apart. Convert the generic accounting sites to mod_lruvec_page_state and friends to maintain the per-cgroup vmstat counter of NR_ANON_MAPPED. We use lock_page_memcg() to stabilize page->mem_cgroup during rmap changes, the same way we do for NR_FILE_MAPPED. With the previous patch removing MEMCG_CACHE and the private NR_SHMEM counter, this patch finally eliminates the need to have page->mapping set up at charge time. However, we need to have page->mem_cgroup set up by the time rmap runs and does the accounting, so switch the commit and the rmap callbacks around. v2: fix temporary accounting bug by switching rmap<->commit (Joonsoo) Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Cc: Alex Shi Cc: Hugh Dickins Cc: Joonsoo Kim Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-11-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 0d1c20722ab333ac0ac03ae2188922c1021d3abc Author: Johannes Weiner Date: Wed Jun 3 16:01:54 2020 -0700 mm: memcontrol: switch to native NR_FILE_PAGES and NR_SHMEM counters Memcg maintains private MEMCG_CACHE and NR_SHMEM counters. This divergence from the generic VM accounting means unnecessary code overhead, and creates a dependency for memcg that page->mapping is set up at the time of charging, so that page types can be told apart. Convert the generic accounting sites to mod_lruvec_page_state and friends to maintain the per-cgroup vmstat counters of NR_FILE_PAGES and NR_SHMEM. The page is already locked in these places, so page->mem_cgroup is stable; we only need minimal tweaks of two mem_cgroup_migrate() calls to ensure it's set up in time. Then replace MEMCG_CACHE with NR_FILE_PAGES and delete the private NR_SHMEM accounting sites. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Joonsoo Kim Cc: Alex Shi Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-10-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 9da7b5216869f80e91f78403a57c72b42357758c Author: Johannes Weiner Date: Wed Jun 3 16:01:51 2020 -0700 mm: memcontrol: prepare cgroup vmstat infrastructure for native anon counters Anonymous compound pages can be mapped by ptes, which means that if we want to track NR_MAPPED_ANON, NR_ANON_THPS on a per-cgroup basis, we have to be prepared to see tail pages in our accounting functions. Make mod_lruvec_page_state() and lock_page_memcg() deal with tail pages correctly, namely by redirecting to the head page which has the page->mem_cgroup set up. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Joonsoo Kim Cc: Alex Shi Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-9-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 49e50d277ba2bb2c6e64632bc3193585674a2261 Author: Johannes Weiner Date: Wed Jun 3 16:01:47 2020 -0700 mm: memcontrol: prepare move_account for removal of private page type counters When memcg uses the generic vmstat counters, it doesn't need to do anything at charging and uncharging time. It does, however, need to migrate counts when pages move to a different cgroup in move_account. Prepare the move_account function for the arrival of NR_FILE_PAGES, NR_ANON_MAPPED, NR_ANON_THPS etc. by having a branch for files and a branch for anon, which can then divided into sub-branches. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Alex Shi Reviewed-by: Joonsoo Kim Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-8-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 9f762dbe19b9f16d5df5603d4b93bad391c302bc Author: Johannes Weiner Date: Wed Jun 3 16:01:44 2020 -0700 mm: memcontrol: prepare uncharging for removal of private page type counters The uncharge batching code adds up the anon, file, kmem counts to determine the total number of pages to uncharge and references to drop. But the next patches will remove the anon and file counters. Maintain an aggregate nr_pages in the uncharge_gather struct. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Alex Shi Reviewed-by: Joonsoo Kim Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-7-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 3fea5a499d57dec46043fcdb08e38eac1767bb0d Author: Johannes Weiner Date: Wed Jun 3 16:01:41 2020 -0700 mm: memcontrol: convert page cache to a new mem_cgroup_charge() API The try/commit/cancel protocol that memcg uses dates back to when pages used to be uncharged upon removal from the page cache, and thus couldn't be committed before the insertion had succeeded. Nowadays, pages are uncharged when they are physically freed; it doesn't matter whether the insertion was successful or not. For the page cache, the transaction dance has become unnecessary. Introduce a mem_cgroup_charge() function that simply charges a newly allocated page to a cgroup and sets up page->mem_cgroup in one single step. If the insertion fails, the caller doesn't have to do anything but free/put the page. Then switch the page cache over to this new API. Subsequent patches will also convert anon pages, but it needs a bit more prep work. Right now, memcg depends on page->mapping being already set up at the time of charging, so that it can maintain its own MEMCG_CACHE and MEMCG_RSS counters. For anon, page->mapping is set under the same pte lock under which the page is publishd, so a single charge point that can block doesn't work there just yet. The following prep patches will replace the private memcg counters with the generic vmstat counters, thus removing the page->mapping dependency, then complete the transition to the new single-point charge API and delete the old transactional scheme. v2: leave shmem swapcache when charging fails to avoid double IO (Joonsoo) v3: rebase on preceeding shmem simplification patch Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Alex Shi Cc: Hugh Dickins Cc: Joonsoo Kim Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Shakeel Butt Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-6-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 6caa6a0703e03236f46461342e31ca53d0e3c091 Author: Johannes Weiner Date: Wed Jun 3 16:01:38 2020 -0700 mm: memcontrol: move out cgroup swaprate throttling The cgroup swaprate throttling is about matching new anon allocations to the rate of available IO when that is being throttled. It's the io controller hooking into the VM, rather than a memory controller thing. Rename mem_cgroup_throttle_swaprate() to cgroup_throttle_swaprate(), and drop the @memcg argument which is only used to check whether the preceding page charge has succeeded and the fault is proceeding. We could decouple the call from mem_cgroup_try_charge() here as well, but that would cause unnecessary churn: the following patches convert all callsites to a new charge API and we'll decouple as we go along. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Alex Shi Reviewed-by: Joonsoo Kim Reviewed-by: Shakeel Butt Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-5-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit 14235ab36019d169f5eb5bf0c064c5b12ca1bf46 Author: Johannes Weiner Date: Wed Jun 3 16:01:34 2020 -0700 mm: shmem: remove rare optimization when swapin races with hole punching Commit 215c02bc33bb ("tmpfs: fix shmem_getpage_gfp() VM_BUG_ON") recognized that hole punching can race with swapin and removed the BUG_ON() for a truncated entry from the swapin path. The patch also added a swapcache deletion to optimize this rare case: Since swapin has the page locked, and free_swap_and_cache() merely trylocks, this situation can leave the page stranded in swapcache. Usually, page reclaim picks up stale swapcache pages, and the race can happen at any other time when the page is locked. (The same happens for non-shmem swapin racing with page table zapping.) The thinking here was: we already observed the race and we have the page locked, we may as well do the cleanup instead of waiting for reclaim. However, this optimization complicates the next patch which moves the cgroup charging code around. As this is just a minor speedup for a race condition that is so rare that it required a fuzzer to trigger the original BUG_ON(), it's no longer worth the complications. Suggested-by: Hugh Dickins Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Acked-by: Hugh Dickins Cc: Alex Shi Cc: Joonsoo Kim Cc: Shakeel Butt Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200511181056.GA339505@cmpxchg.org Signed-off-by: Linus Torvalds commit 3fba69a56e16e8dcf182fe6ca77735dd65a898aa Author: Johannes Weiner Date: Wed Jun 3 16:01:31 2020 -0700 mm: memcontrol: drop @compound parameter from memcg charging API The memcg charging API carries a boolean @compound parameter that tells whether the page we're dealing with is a hugepage. mem_cgroup_commit_charge() has another boolean @lrucare that indicates whether the page needs LRU locking or not while charging. The majority of callsites know those parameters at compile time, which results in a lot of naked "false, false" argument lists. This makes for cryptic code and is a breeding ground for subtle mistakes. Thankfully, the huge page state can be inferred from the page itself and doesn't need to be passed along. This is safe because charging completes before the page is published and somebody may split it. Simplify the callsites by removing @compound, and let memcg infer the state by using hpage_nr_pages() unconditionally. That function does PageTransHuge() to identify huge pages, which also helpfully asserts that nobody passes in tail pages by accident. The following patches will introduce a new charging API, best not to carry over unnecessary weight. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Alex Shi Reviewed-by: Joonsoo Kim Reviewed-by: Shakeel Butt Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-4-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit abb242f57196dbaa108271575353a0453f6834ef Author: Johannes Weiner Date: Wed Jun 3 16:01:28 2020 -0700 mm: memcontrol: fix stat-corrupting race in charge moving The move_lock is a per-memcg lock, but the VM accounting code that needs to acquire it comes from the page and follows page->mem_cgroup under RCU protection. That means that the page becomes unlocked not when we drop the move_lock, but when we update page->mem_cgroup. And that assignment doesn't imply any memory ordering. If that pointer write gets reordered against the reads of the page state - page_mapped, PageDirty etc. the state may change while we rely on it being stable and we can end up corrupting the counters. Place an SMP memory barrier to make sure we're done with all page state by the time the new page->mem_cgroup becomes visible. Also replace the open-coded move_lock with a lock_page_memcg() to make it more obvious what we're serializing against. Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Joonsoo Kim Reviewed-by: Shakeel Butt Cc: Alex Shi Cc: Hugh Dickins Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Roman Gushchin Cc: Balbir Singh Link: http://lkml.kernel.org/r/20200508183105.225460-3-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit f4129ea3591ab111e5dacd7ce5085a75a086fd9c Author: Johannes Weiner Date: Wed Jun 3 16:01:24 2020 -0700 mm: fix NUMA node file count error in replace_page_cache() Patch series "mm: memcontrol: charge swapin pages on instantiation", v2. This patch series reworks memcg to charge swapin pages directly at swapin time, rather than at fault time, which may be much later, or not happen at all. Changes in version 2: - prevent double charges on pre-allocated hugepages in khugepaged - leave shmem swapcache when charging fails to avoid double IO (Joonsoo) - fix temporary accounting bug by switching rmap<->commit (Joonsoo) - fix double swap charge bug in cgroup1/cgroup2 code gating - simplify swapin error checking (Joonsoo) - mm: memcontrol: document the new swap control behavior (Alex) - review tags The delayed swapin charging scheme we have right now causes problems: - Alex's per-cgroup lru_lock patches rely on pages that have been isolated from the LRU to have a stable page->mem_cgroup; otherwise the lock may change underneath him. Swapcache pages are charged only after they are added to the LRU, and charging doesn't follow the LRU isolation protocol. - Joonsoo's anon workingset patches need a suitable LRU at the time the page enters the swap cache and displaces the non-resident info. But the correct LRU is only available after charging. - It's a containment hole / DoS vector. Users can trigger arbitrarily large swap readahead using MADV_WILLNEED. The memory is never charged unless somebody actually touches it. - It complicates the page->mem_cgroup stabilization rules In order to charge pages directly at swapin time, the memcg code base needs to be prepared, and several overdue cleanups become a necessity: To charge pages at swapin time, we need to always have cgroup ownership tracking of swap records. We also cannot rely on page->mapping to tell apart page types at charge time, because that's only set up during a page fault. To eliminate the page->mapping dependency, memcg needs to ditch its private page type counters (MEMCG_CACHE, MEMCG_RSS, NR_SHMEM) in favor of the generic vmstat counters and accounting sites, such as NR_FILE_PAGES, NR_ANON_MAPPED etc. To switch to generic vmstat counters, the charge sequence must be adjusted such that page->mem_cgroup is set up by the time these counters are modified. The series is structured as follows: 1. Bug fixes 2. Decoupling charging from rmap 3. Swap controller integration into memcg 4. Direct swapin charging This patch (of 19): When replacing one page with another one in the cache, we have to decrease the file count of the old page's NUMA node and increase the one of the new NUMA node, otherwise the old node leaks the count and the new node eventually underflows its counter. Fixes: 74d609585d8b ("page cache: Add and replace pages using the XArray") Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Reviewed-by: Alex Shi Reviewed-by: Shakeel Butt Reviewed-by: Joonsoo Kim Reviewed-by: Balbir Singh Cc: Hugh Dickins Cc: Michal Hocko Cc: "Kirill A. Shutemov" Cc: Roman Gushchin Link: http://lkml.kernel.org/r/20200508183105.225460-1-hannes@cmpxchg.org Link: http://lkml.kernel.org/r/20200508183105.225460-2-hannes@cmpxchg.org Signed-off-by: Linus Torvalds commit df3a45f9d8ee41abd69f2a567ac3eeb2fd34a210 Author: Qiwu Chen Date: Wed Jun 3 16:01:21 2020 -0700 mm/vmscan: update the comment of should_continue_reclaim() try_to_compact_zone() has been replaced by try_to_compact_pages(), which is necessary to be updated in the comment of should_continue_reclaim(). Signed-off-by: Qiwu Chen Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Link: http://lkml.kernel.org/r/20200501034907.22991-1-chenqiwu@xiaomi.com Signed-off-by: Linus Torvalds commit 730ec8c01a2bd6a311ada404398f44c142ac5e8e Author: Maninder Singh Date: Wed Jun 3 16:01:18 2020 -0700 mm/vmscan.c: change prototype for shrink_page_list commit 3c710c1ad11b ("mm, vmscan extract shrink_page_list reclaim counters into a struct") changed data type for the function, so changing return type for funciton and its caller. Signed-off-by: Vaneet Narang Signed-off-by: Maninder Singh Signed-off-by: Andrew Morton Acked-by: Michal Hocko Cc: Amit Sahrawat Cc: Mel Gorman Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/1588168259-25604-1-git-send-email-maninder1.s@samsung.com Signed-off-by: Linus Torvalds commit 1f318a9b0dc3990490e98eef48f21e6f15185781 Author: Jaewon Kim Date: Wed Jun 3 16:01:15 2020 -0700 mm/vmscan: count layzfree pages and fix nr_isolated_* mismatch Fix an nr_isolate_* mismatch problem between cma and dirty lazyfree pages. If try_to_unmap_one is used for reclaim and it detects a dirty lazyfree page, then the lazyfree page is changed to a normal anon page having SwapBacked by commit 802a3a92ad7a ("mm: reclaim MADV_FREE pages"). Even with the change, reclaim context correctly counts isolated files because it uses is_file_lru to distinguish file. And the change to anon is not happened if try_to_unmap_one is used for migration. So migration context like compaction also correctly counts isolated files even though it uses page_is_file_lru insted of is_file_lru. Recently page_is_file_cache was renamed to page_is_file_lru by commit 9de4f22a60f7 ("mm: code cleanup for MADV_FREE"). But the nr_isolate_* mismatch problem happens on cma alloc. There is reclaim_clean_pages_from_list which is being used only by cma. It was introduced by commit 02c6de8d757c ("mm: cma: discard clean pages during contiguous allocation instead of migration") to reclaim clean file pages without migration. The cma alloc uses both reclaim_clean_pages_from_list and migrate_pages, and it uses page_is_file_lru to count isolated files. If there are dirty lazyfree pages allocated from cma memory region, the pages are counted as isolated file at the beginging but are counted as isolated anon after finished. Mem-Info: Node 0 active_anon:3045904kB inactive_anon:611448kB active_file:14892kB inactive_file:205636kB unevictable:10416kB isolated(anon):0kB isolated(file):37664kB mapped:630216kB dirty:384kB writeback:0kB shmem:42576kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Like log above, there were too much isolated files, 37664kB, which triggers too_many_isolated in reclaim even when there is no actually isolated file in system wide. It could be reproducible by running two programs, writing on MADV_FREE page and doing cma alloc, respectively. Although isolated anon is 0, I found that the internal value of isolated anon was the negative value of isolated file. Fix this by compensating the isolated count for both LRU lists. Count non-discarded lazyfree pages in shrink_page_list, then compensate the counted number in reclaim_clean_pages_from_list. Reported-by: Yong-Taek Lee Suggested-by: Minchan Kim Signed-off-by: Jaewon Kim Signed-off-by: Andrew Morton Acked-by: Minchan Kim Cc: Mel Gorman Cc: Johannes Weiner Cc: Marek Szyprowski Cc: Michal Nazarewicz Cc: Shaohua Li Link: http://lkml.kernel.org/r/20200426011718.30246-1-jaewon31.kim@samsung.com Signed-off-by: Linus Torvalds commit a892cb6b977ffe209683809e5e9d627656d20aa8 Author: Wei Yang Date: Wed Jun 3 16:01:12 2020 -0700 mm/vmscan.c: use update_lru_size() in update_lru_sizes() We already defined the helper update_lru_size(). Let's use this to reduce code duplication. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: Baoquan He Reviewed-by: Andrew Morton Acked-by: Michal Hocko Link: http://lkml.kernel.org/r/20200331221550.1011-1-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit ff45fc3ca0f3c38e752d75f71b8d8efcf409e42d Author: Matthew Wilcox (Oracle) Date: Wed Jun 3 16:01:09 2020 -0700 mm: simplify calling a compound page destructor None of the three callers of get_compound_page_dtor() want to know the value; they just want to call the function. Replace it with destroy_compound_page() which calls the dtor for them. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Anshuman Khandual Reviewed-by: David Hildenbrand Acked-by: Kirill A. Shutemov Link: http://lkml.kernel.org/r/20200517105051.9352-1-willy@infradead.org Signed-off-by: Linus Torvalds commit 5be993432821750f382809df5e20bf4c129b24f7 Author: Anshuman Khandual Date: Wed Jun 3 16:01:05 2020 -0700 mm/hugetlb: define a generic fallback for arch_clear_hugepage_flags() There are multiple similar definitions for arch_clear_hugepage_flags() on various platforms. Lets just add it's generic fallback definition for platforms that do not override. This help reduce code duplication. Signed-off-by: Anshuman Khandual Signed-off-by: Andrew Morton Acked-by: Mike Kravetz Cc: Russell King Cc: Catalin Marinas Cc: Will Deacon Cc: Tony Luck Cc: Fenghua Yu Cc: Thomas Bogendoerfer Cc: "James E.J. Bottomley" Cc: Helge Deller Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Paul Walmsley Cc: Palmer Dabbelt Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Christian Borntraeger Cc: Yoshinori Sato Cc: Rich Felker Cc: "David S. Miller" Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: "H. Peter Anvin" Link: http://lkml.kernel.org/r/1588907271-11920-4-git-send-email-anshuman.khandual@arm.com Signed-off-by: Linus Torvalds commit b0eae98c66fe4ccac3a5a79a1479c057f2c7cdd7 Author: Anshuman Khandual Date: Wed Jun 3 16:01:01 2020 -0700 mm/hugetlb: define a generic fallback for is_hugepage_only_range() There are multiple similar definitions for is_hugepage_only_range() on various platforms. Lets just add it's generic fallback definition for platforms that do not override. This help reduce code duplication. Signed-off-by: Anshuman Khandual Signed-off-by: Andrew Morton Acked-by: Mike Kravetz Cc: Russell King Cc: Catalin Marinas Cc: Will Deacon Cc: Tony Luck Cc: Fenghua Yu Cc: Thomas Bogendoerfer Cc: "James E.J. Bottomley" Cc: Helge Deller Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Paul Walmsley Cc: Palmer Dabbelt Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Christian Borntraeger Cc: Yoshinori Sato Cc: Rich Felker Cc: "David S. Miller" Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: "H. Peter Anvin" Link: http://lkml.kernel.org/r/1588907271-11920-3-git-send-email-anshuman.khandual@arm.com Signed-off-by: Linus Torvalds commit be51e3fde5c10f269c065fdca2caf28e4708e21e Author: Anshuman Khandual Date: Wed Jun 3 16:00:56 2020 -0700 arm64/mm: drop __HAVE_ARCH_HUGE_PTEP_GET Patch series "mm/hugetlb: Add some new generic fallbacks", v3. This series adds the following new generic fallbacks. Before that it drops __HAVE_ARCH_HUGE_PTEP_GET from arm64 platform. 1. is_hugepage_only_range() 2. arch_clear_hugepage_flags() After this arm (32 bit) remains the sole platform defining it's own huge_ptep_get() via __HAVE_ARCH_HUGE_PTEP_GET. This patch (of 3): Platform specific huge_ptep_get() is required only when fetching the huge PTE involves more than just dereferencing the page table pointer. This is not the case on arm64 platform. Hence huge_ptep_pte() can be dropped along with it's __HAVE_ARCH_HUGE_PTEP_GET subscription. Before that, it updates the generic huge_ptep_get() with READ_ONCE() which will prevent known page table issues with THP on arm64. Signed-off-by: Anshuman Khandual Signed-off-by: Andrew Morton Acked-by: Mike Kravetz Cc: Catalin Marinas Cc: Will Deacon Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Christian Borntraeger Cc: "David S. Miller" Cc: Fenghua Yu Cc: Heiko Carstens Cc: Helge Deller Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: "James E.J. Bottomley" Cc: Michael Ellerman Cc: Palmer Dabbelt Cc: Paul Mackerras Cc: Paul Walmsley Cc: Rich Felker Cc: Russell King Cc: Thomas Bogendoerfer Cc: Thomas Gleixner Cc: Tony Luck Cc: Vasily Gorbik Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/1588907271-11920-1-git-send-email-anshuman.khandual@arm.com Link: http://lkml.kernel.org/r//1506527369-19535-1-git-send-email-will.deacon@arm.com/ Link: http://lkml.kernel.org/r/1588907271-11920-2-git-send-email-anshuman.khandual@arm.com Signed-off-by: Linus Torvalds commit 8ac0b81ab1488e15305f51fe49f2f89c0f32e30d Author: Li Xinhai Date: Wed Jun 3 16:00:53 2020 -0700 mm/hugetlb: avoid unnecessary check on pud and pmd entry in huge_pte_offset When huge_pte_offset() is called, the parameter sz can only be PUD_SIZE or PMD_SIZE. If sz is PUD_SIZE and code can reach pud, then *pud must be none, or normal hugetlb entry, or non-present (migration or hwpoisoned) hugetlb entry, and we can directly return pud. When sz is PMD_SIZE, pud must be none or present, and if code can reach pmd, we can directly return pmd. So after this patch the code is simplified by first check on the parameter sz, and avoid unnecessary checks in current code. Same semantics of existing code is maintained. More details about relevant commits: commit 9b19df292c66 ("mm/hugetlb.c: make huge_pte_offset() consistent and document behaviour") changed the code path for pud and pmd handling, see comments about why this patch intends to change it. ... pud = pud_offset(p4d, addr); if (sz != PUD_SIZE && pud_none(*pud)) // [1] return NULL; /* hugepage or swap? */ if (pud_huge(*pud) || !pud_present(*pud)) // [2] return (pte_t *)pud; pmd = pmd_offset(pud, addr); if (sz != PMD_SIZE && pmd_none(*pmd)) // [3] return NULL; /* hugepage or swap? */ if (pmd_huge(*pmd) || !pmd_present(*pmd)) // [4] return (pte_t *)pmd; return NULL; // [5] ... [1]: this is necessary, return NULL for sz == PMD_SIZE; [2]: if sz == PUD_SIZE, all valid values of pud entry will cause return; [3]: dead code, sz != PMD_SIZE never true; [4]: all valid values of pmd entry will cause return; [5]: dead code, because of check in [4]. Now, this patch combines [1] and [2] for pud, and combines [3], [4] and [5] for pmd, so avoid unnecessary checks. I don't try to catch any invalid values in page table entry, as that will be checked by caller and avoid extra branch in this function. Also no assert on sz must equal PUD_SIZE or PMD_SIZE, since this function only call for hugetlb mapping. For commit 3c1d7e6ccb64 ("mm/hugetlb: fix a addressing exception caused by huge_pte_offset"), since we don't read the entry more than once now, variable pud_entry and pmd_entry are not needed. Signed-off-by: Li Xinhai Signed-off-by: Andrew Morton Cc: Mike Kravetz Cc: Jason Gunthorpe Cc: Punit Agrawal Cc: Longpeng Link: http://lkml.kernel.org/r/1587794313-16849-1-git-send-email-lixinhai.lxh@gmail.com Signed-off-by: Linus Torvalds commit c2833a5bf75b3657c4dd20b3709c8c702754cb1f Author: Mike Kravetz Date: Wed Jun 3 16:00:50 2020 -0700 hugetlbfs: fix changes to command line processing Previously, a check for hugepages_supported was added before processing hugetlb command line parameters. On some architectures such as powerpc, hugepages_supported() is not set to true until after command line processing. Therefore, no hugetlb command line parameters would be accepted. Remove the additional checks for hugepages_supported. In hugetlb_init, print a warning if !hugepages_supported and command line parameters were specified. Reported-by: Sandipan Das Signed-off-by: Mike Kravetz Signed-off-by: Andrew Morton Cc: Stephen Rothwell Link: http://lkml.kernel.org/r/b1f04f9f-fa46-c2a0-7693-4a0679d2a1ee@oracle.com Signed-off-by: Linus Torvalds commit 282f4214384ee2e2ca39b2532a5296fddf762518 Author: Mike Kravetz Date: Wed Jun 3 16:00:46 2020 -0700 hugetlbfs: clean up command line processing With all hugetlb page processing done in a single file clean up code. - Make code match desired semantics - Update documentation with semantics - Make all warnings and errors messages start with 'HugeTLB:'. - Consistently name command line parsing routines. - Warn if !hugepages_supported() and command line parameters have been specified. - Add comments to code - Describe some of the subtle interactions - Describe semantics of command line arguments This patch also fixes issues with implicitly setting the number of gigantic huge pages to preallocate. Previously on X86 command line, hugepages=2 default_hugepagesz=1G would result in zero 1G pages being preallocated and, # grep HugePages_Total /proc/meminfo HugePages_Total: 0 # sysctl -a | grep nr_hugepages vm.nr_hugepages = 2 vm.nr_hugepages_mempolicy = 2 # cat /proc/sys/vm/nr_hugepages 2 After this patch 2 gigantic pages will be preallocated and all the proc, sysfs, sysctl and meminfo files will accurately reflect this. To address the issue with gigantic pages, a small change in behavior was made to command line processing. Previously the command line, hugepages=128 default_hugepagesz=2M hugepagesz=2M hugepages=256 would result in the allocation of 256 2M huge pages. The value 128 would be ignored without any warning. After this patch, 128 2M pages will be allocated and a warning message will be displayed indicating the value of 256 is ignored. This change in behavior is required because allocation of implicitly specified gigantic pages must be done when the default_hugepagesz= is encountered for gigantic pages. Previously the code waited until later in the boot process (hugetlb_init), to allocate pages of default size. However the bootmem allocator required for gigantic allocations is not available at this time. Signed-off-by: Mike Kravetz Signed-off-by: Andrew Morton Tested-by: Sandipan Das Acked-by: Gerald Schaefer [s390] Acked-by: Will Deacon Cc: Albert Ou Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Dave Hansen Cc: David S. Miller Cc: Heiko Carstens Cc: Ingo Molnar Cc: Jonathan Corbet Cc: Longpeng Cc: Mina Almasry Cc: Nitesh Narayan Lal Cc: Palmer Dabbelt Cc: Paul Mackerras Cc: Paul Walmsley Cc: Peter Xu Cc: Randy Dunlap Cc: Thomas Gleixner Cc: Vasily Gorbik Cc: Anders Roxell Cc: "Aneesh Kumar K.V" Cc: Qian Cai Cc: Stephen Rothwell Link: http://lkml.kernel.org/r/20200417185049.275845-5-mike.kravetz@oracle.com Signed-off-by: Linus Torvalds commit 38237830882ba8d425a397066982d5e32b4ced21 Author: Mike Kravetz Date: Wed Jun 3 16:00:42 2020 -0700 hugetlbfs: remove hugetlb_add_hstate() warning for existing hstate hugetlb_add_hstate() prints a warning if the hstate already exists. This was originally done as part of kernel command line parsing. If 'hugepagesz=' was specified more than once, the warning pr_warn("hugepagesz= specified twice, ignoring\n"); would be printed. Some architectures want to enable all huge page sizes. They would call hugetlb_add_hstate for all supported sizes. However, this was done after command line processing and as a result hstates could have already been created for some sizes. To make sure no warning were printed, there would often be code like: if (!size_to_hstate(size) hugetlb_add_hstate(ilog2(size) - PAGE_SHIFT) The only time we want to print the warning is as the result of command line processing. So, remove the warning from hugetlb_add_hstate and add it to the single arch independent routine processing "hugepagesz=". After this, calls to size_to_hstate() in arch specific code can be removed and hugetlb_add_hstate can be called without worrying about warning messages. [mike.kravetz@oracle.com: fix hugetlb initialization] Link: http://lkml.kernel.org/r/4c36c6ce-3774-78fa-abc4-b7346bf24348@oracle.com Link: http://lkml.kernel.org/r/20200428205614.246260-5-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz Signed-off-by: Andrew Morton Tested-by: Anders Roxell Acked-by: Mina Almasry Acked-by: Gerald Schaefer [s390] Acked-by: Will Deacon Cc: Albert Ou Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Dave Hansen Cc: David S. Miller Cc: Heiko Carstens Cc: Ingo Molnar Cc: Jonathan Corbet Cc: Longpeng Cc: Nitesh Narayan Lal Cc: Palmer Dabbelt Cc: Paul Mackerras Cc: Paul Walmsley Cc: Peter Xu Cc: Randy Dunlap Cc: Thomas Gleixner Cc: Vasily Gorbik Cc: "Aneesh Kumar K.V" Cc: Qian Cai Cc: Stephen Rothwell Link: http://lkml.kernel.org/r/20200417185049.275845-4-mike.kravetz@oracle.com Link: http://lkml.kernel.org/r/20200428205614.246260-4-mike.kravetz@oracle.com Signed-off-by: Linus Torvalds commit 359f25443a8dada0fb709dd044a422017031790f Author: Mike Kravetz Date: Wed Jun 3 16:00:38 2020 -0700 hugetlbfs: move hugepagesz= parsing to arch independent code Now that architectures provide arch_hugetlb_valid_size(), parsing of "hugepagesz=" can be done in architecture independent code. Create a single routine to handle hugepagesz= parsing and remove all arch specific routines. We can also remove the interface hugetlb_bad_size() as this is no longer used outside arch independent code. This also provides consistent behavior of hugetlbfs command line options. The hugepagesz= option should only be specified once for a specific size, but some architectures allow multiple instances. This appears to be more of an oversight when code was added by some architectures to set up ALL huge pages sizes. Signed-off-by: Mike Kravetz Signed-off-by: Andrew Morton Tested-by: Sandipan Das Reviewed-by: Peter Xu Acked-by: Mina Almasry Acked-by: Gerald Schaefer [s390] Acked-by: Will Deacon Cc: Albert Ou Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Dave Hansen Cc: David S. Miller Cc: Heiko Carstens Cc: Ingo Molnar Cc: Jonathan Corbet Cc: Longpeng Cc: Nitesh Narayan Lal Cc: Palmer Dabbelt Cc: Paul Mackerras Cc: Paul Walmsley Cc: Randy Dunlap Cc: Thomas Gleixner Cc: Vasily Gorbik Cc: Anders Roxell Cc: "Aneesh Kumar K.V" Cc: Qian Cai Cc: Stephen Rothwell Link: http://lkml.kernel.org/r/20200417185049.275845-3-mike.kravetz@oracle.com Link: http://lkml.kernel.org/r/20200428205614.246260-3-mike.kravetz@oracle.com Signed-off-by: Linus Torvalds commit ae94da898133947c2d1f005da10838478e4548db Author: Mike Kravetz Date: Wed Jun 3 16:00:34 2020 -0700 hugetlbfs: add arch_hugetlb_valid_size Patch series "Clean up hugetlb boot command line processing", v4. Longpeng(Mike) reported a weird message from hugetlb command line processing and proposed a solution [1]. While the proposed patch does address the specific issue, there are other related issues in command line processing. As hugetlbfs evolved, updates to command line processing have been made to meet immediate needs and not necessarily in a coordinated manner. The result is that some processing is done in arch specific code, some is done in arch independent code and coordination is problematic. Semantics can vary between architectures. The patch series does the following: - Define arch specific arch_hugetlb_valid_size routine used to validate passed huge page sizes. - Move hugepagesz= command line parsing out of arch specific code and into an arch independent routine. - Clean up command line processing to follow desired semantics and document those semantics. [1] https://lore.kernel.org/linux-mm/20200305033014.1152-1-longpeng2@huawei.com This patch (of 3): The architecture independent routine hugetlb_default_setup sets up the default huge pages size. It has no way to verify if the passed value is valid, so it accepts it and attempts to validate at a later time. This requires undocumented cooperation between the arch specific and arch independent code. For architectures that support more than one huge page size, provide a routine arch_hugetlb_valid_size to validate a huge page size. hugetlb_default_setup can use this to validate passed values. arch_hugetlb_valid_size will also be used in a subsequent patch to move processing of the "hugepagesz=" in arch specific code to a common routine in arch independent code. Signed-off-by: Mike Kravetz Signed-off-by: Andrew Morton Acked-by: Gerald Schaefer [s390] Acked-by: Will Deacon Cc: Catalin Marinas Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Paul Walmsley Cc: Palmer Dabbelt Cc: Albert Ou Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Christian Borntraeger Cc: David S. Miller Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Dave Hansen Cc: Jonathan Corbet Cc: Longpeng Cc: Christophe Leroy Cc: Randy Dunlap Cc: Mina Almasry Cc: Peter Xu Cc: Nitesh Narayan Lal Cc: Anders Roxell Cc: "Aneesh Kumar K.V" Cc: Qian Cai Cc: Stephen Rothwell Link: http://lkml.kernel.org/r/20200428205614.246260-1-mike.kravetz@oracle.com Link: http://lkml.kernel.org/r/20200428205614.246260-2-mike.kravetz@oracle.com Link: http://lkml.kernel.org/r/20200417185049.275845-1-mike.kravetz@oracle.com Link: http://lkml.kernel.org/r/20200417185049.275845-2-mike.kravetz@oracle.com Signed-off-by: Linus Torvalds commit 71a2c112a0f6da497e1b44e18e97b1716c240518 Author: Kirill A. Shutemov Date: Wed Jun 3 16:00:30 2020 -0700 khugepaged: introduce 'max_ptes_shared' tunable 'max_ptes_shared' specifies how many pages can be shared across multiple processes. Exceeding the number would block the collapse:: /sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_shared A higher value may increase memory footprint for some workloads. By default, at least half of pages has to be not shared. [colin.king@canonical.com: fix several spelling mistakes] Link: http://lkml.kernel.org/r/20200420084241.65433-1-colin.king@canonical.com Signed-off-by: Kirill A. Shutemov Signed-off-by: Colin Ian King Signed-off-by: Andrew Morton Tested-by: Zi Yan Reviewed-by: William Kucharski Reviewed-by: Zi Yan Acked-by: Yang Shi Cc: Andrea Arcangeli Cc: John Hubbard Cc: Mike Kravetz Cc: Ralph Campbell Link: http://lkml.kernel.org/r/20200416160026.16538-9-kirill.shutemov@linux.intel.com Signed-off-by: Linus Torvalds commit 3917c80280c93a7123f1a3a6dcdb10a3ea19737d Author: Kirill A. Shutemov Date: Wed Jun 3 16:00:27 2020 -0700 thp: change CoW semantics for anon-THP Currently we have different copy-on-write semantics for anon- and file-THP. For anon-THP we try to allocate huge page on the write fault, but on file-THP we split PMD and allocate 4k page. Arguably, file-THP semantics is more desirable: we don't necessary want to unshare full PMD range from the parent on the first access. This is the primary reason THP is unusable for some workloads, like Redis. The original THP refcounting didn't allow to have PTE-mapped compound pages, so we had no options, but to allocate huge page on CoW (with fallback to 512 4k pages). The current refcounting doesn't have such limitations and we can cut a lot of complex code out of fault path. khugepaged is now able to recover THP from such ranges if the configuration allows. Signed-off-by: Kirill A. Shutemov Signed-off-by: Andrew Morton Tested-by: Zi Yan Reviewed-by: William Kucharski Reviewed-by: Zi Yan Acked-by: Yang Shi Cc: Andrea Arcangeli Cc: John Hubbard Cc: Mike Kravetz Cc: Ralph Campbell Link: http://lkml.kernel.org/r/20200416160026.16538-8-kirill.shutemov@linux.intel.com Signed-off-by: Linus Torvalds commit 5503fbf2b0b80c1a47a7dca0e4f060f52f522cfd Author: Kirill A. Shutemov Date: Wed Jun 3 16:00:23 2020 -0700 khugepaged: allow to collapse PTE-mapped compound pages We can collapse PTE-mapped compound pages. We only need to avoid handling them more than once: lock/unlock page only once if it's present in the PMD range multiple times as it handled on compound level. The same goes for LRU isolation and putback. Signed-off-by: Kirill A. Shutemov Signed-off-by: Andrew Morton Tested-by: Zi Yan Reviewed-by: William Kucharski Reviewed-by: Zi Yan Acked-by: Yang Shi Cc: Andrea Arcangeli Cc: John Hubbard Cc: Mike Kravetz Cc: Ralph Campbell Link: http://lkml.kernel.org/r/20200416160026.16538-7-kirill.shutemov@linux.intel.com Signed-off-by: Linus Torvalds commit 9445689f3b6170c6145a8772eee692482199cdd6 Author: Kirill A. Shutemov Date: Wed Jun 3 16:00:20 2020 -0700 khugepaged: allow to collapse a page shared across fork The page can be included into collapse as long as it doesn't have extra pins (from GUP or otherwise). Logic to check the refcount is moved to a separate function. For pages in swap cache, add compound_nr(page) to the expected refcount, in order to handle the compound page case. This is in preparation for the following patch. VM_BUG_ON_PAGE() was removed from __collapse_huge_page_copy() as the invariant it checks is no longer valid: the source can be mapped multiple times now. [yang.shi@linux.alibaba.com: remove error message when checking external pins] Link: http://lkml.kernel.org/r/1589317383-9595-1-git-send-email-yang.shi@linux.alibaba.com [cai@lca.pw: fix set-but-not-used warning] Link: http://lkml.kernel.org/r/20200521145644.GA6367@ovpn-112-192.phx2.redhat.com Signed-off-by: Kirill A. Shutemov Signed-off-by: Yang Shi Signed-off-by: Andrew Morton Tested-by: Zi Yan Reviewed-by: William Kucharski Reviewed-by: Zi Yan Reviewed-by: John Hubbard Acked-by: Yang Shi Cc: Andrea Arcangeli Cc: Mike Kravetz Cc: Ralph Campbell Link: http://lkml.kernel.org/r/20200416160026.16538-6-kirill.shutemov@linux.intel.com Signed-off-by: Linus Torvalds commit ae2c5d8042426b69c5f4a74296d1a20bb769a8ad Author: Kirill A. Shutemov Date: Wed Jun 3 16:00:17 2020 -0700 khugepaged: drain LRU add pagevec after swapin collapse_huge_page() tries to swap in pages that are part of the PMD range. Just swapped in page goes though LRU add cache. The cache gets extra reference on the page. The extra reference can lead to the collapse fail: the following __collapse_huge_page_isolate() would check refcount and abort collapse seeing unexpected refcount. The fix is to drain local LRU add cache in __collapse_huge_page_swapin() if we successfully swapped in any pages. Signed-off-by: Kirill A. Shutemov Signed-off-by: Andrew Morton Tested-by: Zi Yan Reviewed-by: William Kucharski Reviewed-by: Zi Yan Acked-by: Yang Shi Cc: Andrea Arcangeli Cc: John Hubbard Cc: Mike Kravetz Cc: Ralph Campbell Link: http://lkml.kernel.org/r/20200416160026.16538-5-kirill.shutemov@linux.intel.com Signed-off-by: Linus Torvalds commit a980df33e9351e5474c06ec0fd96b2f409e2ff22 Author: Kirill A. Shutemov Date: Wed Jun 3 16:00:12 2020 -0700 khugepaged: drain all LRU caches before scanning pages Having a page in LRU add cache offsets page refcount and gives false-negative on PageLRU(). It reduces collapse success rate. Drain all LRU add caches before scanning. It happens relatively rare and should not disturb the system too much. Signed-off-by: Kirill A. Shutemov Signed-off-by: Andrew Morton Tested-by: Zi Yan Reviewed-by: William Kucharski Reviewed-by: Zi Yan Acked-by: Yang Shi Cc: Andrea Arcangeli Cc: John Hubbard Cc: Mike Kravetz Cc: Ralph Campbell Link: http://lkml.kernel.org/r/20200416160026.16538-4-kirill.shutemov@linux.intel.com Signed-off-by: Linus Torvalds commit ffe945e633b527d5a4577b42cbadec3c7cbcf096 Author: Kirill A. Shutemov Date: Wed Jun 3 16:00:09 2020 -0700 khugepaged: do not stop collapse if less than half PTEs are referenced __collapse_huge_page_swapin() checks the number of referenced PTE to decide if the memory range is hot enough to justify swapin. We have few problems with the approach: - It is way too late: we can do the check much earlier and safe time. khugepaged_scan_pmd() already knows if we have any pages to swap in and number of referenced page. - It stops collapse altogether if there's not enough referenced pages, not only swappingin. Fix it by making the right check early. We also can avoid additional page table scanning if khugepaged_scan_pmd() haven't found any swap entries. Fixes: 0db501f7a34c ("mm, thp: convert from optimistic swapin collapsing to conservative") Signed-off-by: Kirill A. Shutemov Signed-off-by: Andrew Morton Tested-by: Zi Yan Reviewed-by: William Kucharski Reviewed-by: Zi Yan Acked-by: Yang Shi Cc: Andrea Arcangeli Cc: John Hubbard Cc: Mike Kravetz Cc: Ralph Campbell Link: http://lkml.kernel.org/r/20200416160026.16538-3-kirill.shutemov@linux.intel.com Signed-off-by: Linus Torvalds commit e0c13f9761df8f97cf5e81495d12ecbc4075684a Author: Kirill A. Shutemov Date: Wed Jun 3 16:00:06 2020 -0700 khugepaged: add self test Patch series "thp/khugepaged improvements and CoW semantics", v4. The patchset adds khugepaged selftest (anon-THP only for now), expands cases khugepaged can handle and switches anon-THP copy-on-write handling to 4k. This patch (of 8): The test checks if khugepaged is able to recover huge page where we expect to do so. It only covers anon-THP for now. Currently the test shows few failures. They are going to be addressed by the following patches. [colin.king@canonical.com: fix several spelling mistakes] Link: http://lkml.kernel.org/r/20200420084241.65433-1-colin.king@canonical.com [aneesh.kumar@linux.ibm.com: replace the usage of system(3) in the test] Link: http://lkml.kernel.org/r/20200429110727.89388-1-aneesh.kumar@linux.ibm.com [kirill@shutemov.name: fixup for issues I've noticed] Link: http://lkml.kernel.org/r/20200429124816.jp272trghrzxx5j5@box [jhubbard@nvidia.com: add khugepaged to .gitignore] Link: http://lkml.kernel.org/r/20200517002509.362401-1-jhubbard@nvidia.com Signed-off-by: Kirill A. Shutemov Signed-off-by: Colin Ian King Signed-off-by: Aneesh Kumar K.V Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Tested-by: Zi Yan Reviewed-by: William Kucharski Reviewed-by: Zi Yan Acked-by: Yang Shi Cc: Andrea Arcangeli Cc: Ralph Campbell Cc: John Hubbard Cc: William Kucharski Cc: "Kirill A. Shutemov" Cc: Mike Kravetz Link: http://lkml.kernel.org/r/20200416160026.16538-1-kirill.shutemov@linux.intel.com Link: http://lkml.kernel.org/r/20200416160026.16538-2-kirill.shutemov@linux.intel.com Signed-off-by: Linus Torvalds commit 633bf2fe8da0520c74ee73e9eb82d78948c3b3cc Author: Chen Tao Date: Wed Jun 3 16:00:02 2020 -0700 mm/page_alloc.c: add missing newline Add missing line breaks on pr_warn(). Signed-off-by: Chen Tao Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Link: http://lkml.kernel.org/r/20200603063547.235825-1-chentao107@huawei.com Signed-off-by: Linus Torvalds commit ec3b39c731897aa03873094cd277d009341cd7c4 Author: Daniel Jordan Date: Wed Jun 3 15:59:59 2020 -0700 padata: document multithreaded jobs Add Documentation for multithreaded jobs. Signed-off-by: Daniel Jordan Signed-off-by: Andrew Morton Tested-by: Josh Triplett Cc: Alexander Duyck Cc: Alex Williamson Cc: Dan Williams Cc: Dave Hansen Cc: David Hildenbrand Cc: Herbert Xu Cc: Jason Gunthorpe Cc: Jonathan Corbet Cc: Kirill Tkhai Cc: Michal Hocko Cc: Pavel Machek Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Randy Dunlap Cc: Robert Elliott Cc: Shile Zhang Cc: Steffen Klassert Cc: Steven Sistare Cc: Tejun Heo Cc: Zi Yan Link: http://lkml.kernel.org/r/20200527173608.2885243-9-daniel.m.jordan@oracle.com Signed-off-by: Linus Torvalds commit ecd096506922332fdb36ff1211e03601befe6e18 Author: Daniel Jordan Date: Wed Jun 3 15:59:55 2020 -0700 mm: make deferred init's max threads arch-specific Using padata during deferred init has only been tested on x86, so for now limit it to this architecture. If another arch wants this, it can find the max thread limit that's best for it and override deferred_page_init_max_threads(). Signed-off-by: Daniel Jordan Signed-off-by: Andrew Morton Tested-by: Josh Triplett Cc: Alexander Duyck Cc: Alex Williamson Cc: Dan Williams Cc: Dave Hansen Cc: David Hildenbrand Cc: Herbert Xu Cc: Jason Gunthorpe Cc: Jonathan Corbet Cc: Kirill Tkhai Cc: Michal Hocko Cc: Pavel Machek Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Randy Dunlap Cc: Robert Elliott Cc: Shile Zhang Cc: Steffen Klassert Cc: Steven Sistare Cc: Tejun Heo Cc: Zi Yan Link: http://lkml.kernel.org/r/20200527173608.2885243-8-daniel.m.jordan@oracle.com Signed-off-by: Linus Torvalds commit e44431498f5fbf427f139aa413cf381b4fa3a600 Author: Daniel Jordan Date: Wed Jun 3 15:59:51 2020 -0700 mm: parallelize deferred_init_memmap() Deferred struct page init is a significant bottleneck in kernel boot. Optimizing it maximizes availability for large-memory systems and allows spinning up short-lived VMs as needed without having to leave them running. It also benefits bare metal machines hosting VMs that are sensitive to downtime. In projects such as VMM Fast Restart[1], where guest state is preserved across kexec reboot, it helps prevent application and network timeouts in the guests. Multithread to take full advantage of system memory bandwidth. The maximum number of threads is capped at the number of CPUs on the node because speedups always improve with additional threads on every system tested, and at this phase of boot, the system is otherwise idle and waiting on page init to finish. Helper threads operate on section-aligned ranges to both avoid false sharing when setting the pageblock's migrate type and to avoid accessing uninitialized buddy pages, though max order alignment is enough for the latter. The minimum chunk size is also a section. There was benefit to using multiple threads even on relatively small memory (1G) systems, and this is the smallest size that the alignment allows. The time (milliseconds) is the slowest node to initialize since boot blocks until all nodes finish. intel_pstate is loaded in active mode without hwp and with turbo enabled, and intel_idle is active as well. Intel(R) Xeon(R) Platinum 8167M CPU @ 2.00GHz (Skylake, bare metal) 2 nodes * 26 cores * 2 threads = 104 CPUs 384G/node = 768G memory kernel boot deferred init ------------------------ ------------------------ node% (thr) speedup time_ms (stdev) speedup time_ms (stdev) ( 0) -- 4089.7 ( 8.1) -- 1785.7 ( 7.6) 2% ( 1) 1.7% 4019.3 ( 1.5) 3.8% 1717.7 ( 11.8) 12% ( 6) 34.9% 2662.7 ( 2.9) 79.9% 359.3 ( 0.6) 25% ( 13) 39.9% 2459.0 ( 3.6) 91.2% 157.0 ( 0.0) 37% ( 19) 39.2% 2485.0 ( 29.7) 90.4% 172.0 ( 28.6) 50% ( 26) 39.3% 2482.7 ( 25.7) 90.3% 173.7 ( 30.0) 75% ( 39) 39.0% 2495.7 ( 5.5) 89.4% 190.0 ( 1.0) 100% ( 52) 40.2% 2443.7 ( 3.8) 92.3% 138.0 ( 1.0) Intel(R) Xeon(R) CPU E5-2699C v4 @ 2.20GHz (Broadwell, kvm guest) 1 node * 16 cores * 2 threads = 32 CPUs 192G/node = 192G memory kernel boot deferred init ------------------------ ------------------------ node% (thr) speedup time_ms (stdev) speedup time_ms (stdev) ( 0) -- 1988.7 ( 9.6) -- 1096.0 ( 11.5) 3% ( 1) 1.1% 1967.0 ( 17.6) 0.3% 1092.7 ( 11.0) 12% ( 4) 41.1% 1170.3 ( 14.2) 73.8% 287.0 ( 3.6) 25% ( 8) 47.1% 1052.7 ( 21.9) 83.9% 177.0 ( 13.5) 38% ( 12) 48.9% 1016.3 ( 12.1) 86.8% 144.7 ( 1.5) 50% ( 16) 48.9% 1015.7 ( 8.1) 87.8% 134.0 ( 4.4) 75% ( 24) 49.1% 1012.3 ( 3.1) 88.1% 130.3 ( 2.3) 100% ( 32) 49.5% 1004.0 ( 5.3) 88.5% 125.7 ( 2.1) Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz (Haswell, bare metal) 2 nodes * 18 cores * 2 threads = 72 CPUs 128G/node = 256G memory kernel boot deferred init ------------------------ ------------------------ node% (thr) speedup time_ms (stdev) speedup time_ms (stdev) ( 0) -- 1680.0 ( 4.6) -- 627.0 ( 4.0) 3% ( 1) 0.3% 1675.7 ( 4.5) -0.2% 628.0 ( 3.6) 11% ( 4) 25.6% 1250.7 ( 2.1) 67.9% 201.0 ( 0.0) 25% ( 9) 30.7% 1164.0 ( 17.3) 81.8% 114.3 ( 17.7) 36% ( 13) 31.4% 1152.7 ( 10.8) 84.0% 100.3 ( 17.9) 50% ( 18) 31.5% 1150.7 ( 9.3) 83.9% 101.0 ( 14.1) 75% ( 27) 31.7% 1148.0 ( 5.6) 84.5% 97.3 ( 6.4) 100% ( 36) 32.0% 1142.3 ( 4.0) 85.6% 90.0 ( 1.0) AMD EPYC 7551 32-Core Processor (Zen, kvm guest) 1 node * 8 cores * 2 threads = 16 CPUs 64G/node = 64G memory kernel boot deferred init ------------------------ ------------------------ node% (thr) speedup time_ms (stdev) speedup time_ms (stdev) ( 0) -- 1029.3 ( 25.1) -- 240.7 ( 1.5) 6% ( 1) -0.6% 1036.0 ( 7.8) -2.2% 246.0 ( 0.0) 12% ( 2) 11.8% 907.7 ( 8.6) 44.7% 133.0 ( 1.0) 25% ( 4) 13.9% 886.0 ( 10.6) 62.6% 90.0 ( 6.0) 38% ( 6) 17.8% 845.7 ( 14.2) 69.1% 74.3 ( 3.8) 50% ( 8) 16.8% 856.0 ( 22.1) 72.9% 65.3 ( 5.7) 75% ( 12) 15.4% 871.0 ( 29.2) 79.8% 48.7 ( 7.4) 100% ( 16) 21.0% 813.7 ( 21.0) 80.5% 47.0 ( 5.2) Server-oriented distros that enable deferred page init sometimes run in small VMs, and they still benefit even though the fraction of boot time saved is smaller: AMD EPYC 7551 32-Core Processor (Zen, kvm guest) 1 node * 2 cores * 2 threads = 4 CPUs 16G/node = 16G memory kernel boot deferred init ------------------------ ------------------------ node% (thr) speedup time_ms (stdev) speedup time_ms (stdev) ( 0) -- 716.0 ( 14.0) -- 49.7 ( 0.6) 25% ( 1) 1.8% 703.0 ( 5.3) -4.0% 51.7 ( 0.6) 50% ( 2) 1.6% 704.7 ( 1.2) 43.0% 28.3 ( 0.6) 75% ( 3) 2.7% 696.7 ( 13.1) 49.7% 25.0 ( 0.0) 100% ( 4) 4.1% 687.0 ( 10.4) 55.7% 22.0 ( 0.0) Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz (Haswell, kvm guest) 1 node * 2 cores * 2 threads = 4 CPUs 14G/node = 14G memory kernel boot deferred init ------------------------ ------------------------ node% (thr) speedup time_ms (stdev) speedup time_ms (stdev) ( 0) -- 787.7 ( 6.4) -- 122.3 ( 0.6) 25% ( 1) 0.2% 786.3 ( 10.8) -2.5% 125.3 ( 2.1) 50% ( 2) 5.9% 741.0 ( 13.9) 37.6% 76.3 ( 19.7) 75% ( 3) 8.3% 722.0 ( 19.0) 49.9% 61.3 ( 3.2) 100% ( 4) 9.3% 714.7 ( 9.5) 56.4% 53.3 ( 1.5) On Josh's 96-CPU and 192G memory system: Without this patch series: [ 0.487132] node 0 initialised, 23398907 pages in 292ms [ 0.499132] node 1 initialised, 24189223 pages in 304ms ... [ 0.629376] Run /sbin/init as init process With this patch series: [ 0.231435] node 1 initialised, 24189223 pages in 32ms [ 0.236718] node 0 initialised, 23398907 pages in 36ms [1] https://static.sched.com/hosted_files/kvmforum2019/66/VMM-fast-restart_kvmforum2019.pdf Signed-off-by: Daniel Jordan Signed-off-by: Andrew Morton Tested-by: Josh Triplett Reviewed-by: Alexander Duyck Cc: Alex Williamson Cc: Dan Williams Cc: Dave Hansen Cc: David Hildenbrand Cc: Herbert Xu Cc: Jason Gunthorpe Cc: Jonathan Corbet Cc: Kirill Tkhai Cc: Michal Hocko Cc: Pavel Machek Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Randy Dunlap Cc: Robert Elliott Cc: Shile Zhang Cc: Steffen Klassert Cc: Steven Sistare Cc: Tejun Heo Cc: Zi Yan Link: http://lkml.kernel.org/r/20200527173608.2885243-7-daniel.m.jordan@oracle.com Signed-off-by: Linus Torvalds commit 89c7c4022dfccf0c48ab22f4a6fd2db3d98fe3bc Author: Daniel Jordan Date: Wed Jun 3 15:59:47 2020 -0700 mm: don't track number of pages during deferred initialization Deferred page init used to report the number of pages initialized: node 0 initialised, 32439114 pages in 97ms Tracking this makes the code more complicated when using multiple threads. Given that the statistic probably has limited value, especially since a zone grows on demand so that the page count can vary, just remove it. The boot message now looks like node 0 deferred pages initialised in 97ms Suggested-by: Alexander Duyck Signed-off-by: Daniel Jordan Signed-off-by: Andrew Morton Reviewed-by: Alexander Duyck Cc: Alex Williamson Cc: Dan Williams Cc: Dave Hansen Cc: David Hildenbrand Cc: Herbert Xu Cc: Jason Gunthorpe Cc: Jonathan Corbet Cc: Josh Triplett Cc: Kirill Tkhai Cc: Michal Hocko Cc: Pavel Machek Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Randy Dunlap Cc: Robert Elliott Cc: Shile Zhang Cc: Steffen Klassert Cc: Steven Sistare Cc: Tejun Heo Cc: Zi Yan Link: http://lkml.kernel.org/r/20200527173608.2885243-6-daniel.m.jordan@oracle.com Signed-off-by: Linus Torvalds commit 004ed42638f4428e70ead59d170f3d17ff761a0f Author: Daniel Jordan Date: Wed Jun 3 15:59:43 2020 -0700 padata: add basic support for multithreaded jobs Sometimes the kernel doesn't take full advantage of system memory bandwidth, leading to a single CPU spending excessive time in initialization paths where the data scales with memory size. Multithreading naturally addresses this problem. Extend padata, a framework that handles many parallel yet singlethreaded jobs, to also handle multithreaded jobs by adding support for splitting up the work evenly, specifying a minimum amount of work that's appropriate for one helper thread to do, load balancing between helpers, and coordinating them. This is inspired by work from Pavel Tatashin and Steve Sistare. Signed-off-by: Daniel Jordan Signed-off-by: Andrew Morton Tested-by: Josh Triplett Cc: Alexander Duyck Cc: Alex Williamson Cc: Dan Williams Cc: Dave Hansen Cc: David Hildenbrand Cc: Herbert Xu Cc: Jason Gunthorpe Cc: Jonathan Corbet Cc: Kirill Tkhai Cc: Michal Hocko Cc: Pavel Machek Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Randy Dunlap Cc: Robert Elliott Cc: Shile Zhang Cc: Steffen Klassert Cc: Steven Sistare Cc: Tejun Heo Cc: Zi Yan Link: http://lkml.kernel.org/r/20200527173608.2885243-5-daniel.m.jordan@oracle.com Signed-off-by: Linus Torvalds commit 4611ce22468895acd61fee9ac1da810d60617d9a Author: Daniel Jordan Date: Wed Jun 3 15:59:39 2020 -0700 padata: allocate work structures for parallel jobs from a pool padata allocates per-CPU, per-instance work structs for parallel jobs. A do_parallel call assigns a job to a sequence number and hashes the number to a CPU, where the job will eventually run using the corresponding work. This approach fit with how padata used to bind a job to each CPU round-robin, makes less sense after commit bfde23ce200e6 ("padata: unbind parallel jobs from specific CPUs") because a work isn't bound to a particular CPU anymore, and isn't needed at all for multithreaded jobs because they don't have sequence numbers. Replace the per-CPU works with a preallocated pool, which allows sharing them between existing padata users and the upcoming multithreaded user. The pool will also facilitate setting NUMA-aware concurrency limits with later users. The pool is sized according to the number of possible CPUs. With this limit, MAX_OBJ_NUM no longer makes sense, so remove it. If the global pool is exhausted, a parallel job is run in the current task instead to throttle a system trying to do too much in parallel. Signed-off-by: Daniel Jordan Signed-off-by: Andrew Morton Tested-by: Josh Triplett Cc: Alexander Duyck Cc: Alex Williamson Cc: Dan Williams Cc: Dave Hansen Cc: David Hildenbrand Cc: Herbert Xu Cc: Jason Gunthorpe Cc: Jonathan Corbet Cc: Kirill Tkhai Cc: Michal Hocko Cc: Pavel Machek Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Randy Dunlap Cc: Robert Elliott Cc: Shile Zhang Cc: Steffen Klassert Cc: Steven Sistare Cc: Tejun Heo Cc: Zi Yan Link: http://lkml.kernel.org/r/20200527173608.2885243-4-daniel.m.jordan@oracle.com Signed-off-by: Linus Torvalds commit f1b192b117cd418bacf42a9583d7a01855a18fe5 Author: Daniel Jordan Date: Wed Jun 3 15:59:35 2020 -0700 padata: initialize earlier padata will soon initialize the system's struct pages in parallel, so it needs to be ready by page_alloc_init_late(). The error return from padata_driver_init() triggers an initcall warning, so add a warning to padata_init() to avoid silent failure. Signed-off-by: Daniel Jordan Signed-off-by: Andrew Morton Tested-by: Josh Triplett Cc: Alexander Duyck Cc: Alex Williamson Cc: Dan Williams Cc: Dave Hansen Cc: David Hildenbrand Cc: Herbert Xu Cc: Jason Gunthorpe Cc: Jonathan Corbet Cc: Kirill Tkhai Cc: Michal Hocko Cc: Pavel Machek Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Randy Dunlap Cc: Robert Elliott Cc: Shile Zhang Cc: Steffen Klassert Cc: Steven Sistare Cc: Tejun Heo Cc: Zi Yan Link: http://lkml.kernel.org/r/20200527173608.2885243-3-daniel.m.jordan@oracle.com Signed-off-by: Linus Torvalds commit 305dacf77952e6e62405f916654f38423c78ab2f Author: Daniel Jordan Date: Wed Jun 3 15:59:31 2020 -0700 padata: remove exit routine Patch series "padata: parallelize deferred page init", v3. Deferred struct page init is a bottleneck in kernel boot--the biggest for us and probably others. Optimizing it maximizes availability for large-memory systems and allows spinning up short-lived VMs as needed without having to leave them running. It also benefits bare metal machines hosting VMs that are sensitive to downtime. In projects such as VMM Fast Restart[1], where guest state is preserved across kexec reboot, it helps prevent application and network timeouts in the guests. So, multithread deferred init to take full advantage of system memory bandwidth. Extend padata, a framework that handles many parallel singlethreaded jobs, to handle multithreaded jobs as well by adding support for splitting up the work evenly, specifying a minimum amount of work that's appropriate for one helper thread to do, load balancing between helpers, and coordinating them. More documentation in patches 4 and 8. This series is the first step in a project to address other memory proportional bottlenecks in the kernel such as pmem struct page init, vfio page pinning, hugetlb fallocate, and munmap. Deferred page init doesn't require concurrency limits, resource control, or priority adjustments like these other users will because it happens during boot when the system is otherwise idle and waiting for page init to finish. This has been run on a variety of x86 systems and speeds up kernel boot by 4% to 49%, saving up to 1.6 out of 4 seconds. Patch 6 has more numbers. This patch (of 8): padata_driver_exit() is unnecessary because padata isn't built as a module and doesn't exit. padata's init routine will soon allocate memory, so getting rid of the exit function now avoids pointless code to free it. Signed-off-by: Daniel Jordan Signed-off-by: Andrew Morton Tested-by: Josh Triplett Cc: Alexander Duyck Cc: Alex Williamson Cc: Dan Williams Cc: Dave Hansen Cc: David Hildenbrand Cc: Herbert Xu Cc: Jason Gunthorpe Cc: Jonathan Corbet Cc: Kirill Tkhai Cc: Michal Hocko Cc: Pavel Machek Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Randy Dunlap Cc: Robert Elliott Cc: Shile Zhang Cc: Steffen Klassert Cc: Steven Sistare Cc: Tejun Heo Cc: Zi Yan Link: http://lkml.kernel.org/r/20200527173608.2885243-1-daniel.m.jordan@oracle.com Link: http://lkml.kernel.org/r/20200527173608.2885243-2-daniel.m.jordan@oracle.com Signed-off-by: Linus Torvalds commit da97f2d56bbd880b4138916a7ef96f9881a551b2 Author: Pavel Tatashin Date: Wed Jun 3 15:59:27 2020 -0700 mm: call cond_resched() from deferred_init_memmap() Now that deferred pages are initialized with interrupts enabled we can replace touch_nmi_watchdog() with cond_resched(), as it was before 3a2d7fa8a3d5. For now, we cannot do the same in deferred_grow_zone() as it is still initializes pages with interrupts disabled. This change fixes RCU problem described in https://lkml.kernel.org/r/20200401104156.11564-2-david@redhat.com [ 60.474005] rcu: INFO: rcu_sched detected stalls on CPUs/tasks: [ 60.475000] rcu: 1-...0: (0 ticks this GP) idle=02a/1/0x4000000000000000 softirq=1/1 fqs=15000 [ 60.475000] rcu: (detected by 0, t=60002 jiffies, g=-1199, q=1) [ 60.475000] Sending NMI from CPU 0 to CPUs 1: [ 1.760091] NMI backtrace for cpu 1 [ 1.760091] CPU: 1 PID: 20 Comm: pgdatinit0 Not tainted 4.18.0-147.9.1.el8_1.x86_64 #1 [ 1.760091] Hardware name: Red Hat KVM, BIOS 1.13.0-1.module+el8.2.0+5520+4e5817f3 04/01/2014 [ 1.760091] RIP: 0010:__init_single_page.isra.65+0x10/0x4f [ 1.760091] Code: 48 83 cf 63 48 89 f8 0f 1f 40 00 48 89 c6 48 89 d7 e8 6b 18 80 ff 66 90 5b c3 31 c0 b9 10 00 00 00 49 89 f8 48 c1 e6 33 f3 ab 07 00 00 00 48 c1 e2 36 41 c7 40 34 01 00 00 00 48 c1 e0 33 41 [ 1.760091] RSP: 0000:ffffba783123be40 EFLAGS: 00000006 [ 1.760091] RAX: 0000000000000000 RBX: fffffad34405e300 RCX: 0000000000000000 [ 1.760091] RDX: 0000000000000000 RSI: 0010000000000000 RDI: fffffad34405e340 [ 1.760091] RBP: 0000000033f3177e R08: fffffad34405e300 R09: 0000000000000002 [ 1.760091] R10: 000000000000002b R11: ffff98afb691a500 R12: 0000000000000002 [ 1.760091] R13: 0000000000000000 R14: 000000003f03ea00 R15: 000000003e10178c [ 1.760091] FS: 0000000000000000(0000) GS:ffff9c9ebeb00000(0000) knlGS:0000000000000000 [ 1.760091] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1.760091] CR2: 00000000ffffffff CR3: 000000a1cf20a001 CR4: 00000000003606e0 [ 1.760091] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1.760091] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1.760091] Call Trace: [ 1.760091] deferred_init_pages+0x8f/0xbf [ 1.760091] deferred_init_memmap+0x184/0x29d [ 1.760091] ? deferred_free_pages.isra.97+0xba/0xba [ 1.760091] kthread+0x112/0x130 [ 1.760091] ? kthread_flush_work_fn+0x10/0x10 [ 1.760091] ret_from_fork+0x35/0x40 [ 89.123011] node 0 initialised, 1055935372 pages in 88650ms Fixes: 3a2d7fa8a3d5 ("mm: disable interrupts while initializing deferred pages") Reported-by: Yiqian Wei Signed-off-by: Pavel Tatashin Signed-off-by: Andrew Morton Tested-by: David Hildenbrand Reviewed-by: Daniel Jordan Reviewed-by: David Hildenbrand Reviewed-by: Pankaj Gupta Acked-by: Michal Hocko Cc: Dan Williams Cc: James Morris Cc: Kirill Tkhai Cc: Sasha Levin Cc: Shile Zhang Cc: Vlastimil Babka Cc: [4.17+] Link: http://lkml.kernel.org/r/20200403140952.17177-4-pasha.tatashin@soleen.com Signed-off-by: Linus Torvalds commit 3d060856adfc59afb9d029c233141334cfaba418 Author: Pavel Tatashin Date: Wed Jun 3 15:59:24 2020 -0700 mm: initialize deferred pages with interrupts enabled Initializing struct pages is a long task and keeping interrupts disabled for the duration of this operation introduces a number of problems. 1. jiffies are not updated for long period of time, and thus incorrect time is reported. See proposed solution and discussion here: lkml/20200311123848.118638-1-shile.zhang@linux.alibaba.com 2. It prevents farther improving deferred page initialization by allowing intra-node multi-threading. We are keeping interrupts disabled to solve a rather theoretical problem that was never observed in real world (See 3a2d7fa8a3d5). Let's keep interrupts enabled. In case we ever encounter a scenario where an interrupt thread wants to allocate large amount of memory this early in boot we can deal with that by growing zone (see deferred_grow_zone()) by the needed amount before starting deferred_init_memmap() threads. Before: [ 1.232459] node 0 initialised, 12058412 pages in 1ms After: [ 1.632580] node 0 initialised, 12051227 pages in 436ms Fixes: 3a2d7fa8a3d5 ("mm: disable interrupts while initializing deferred pages") Reported-by: Shile Zhang Signed-off-by: Pavel Tatashin Signed-off-by: Andrew Morton Reviewed-by: Daniel Jordan Reviewed-by: David Hildenbrand Acked-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Dan Williams Cc: James Morris Cc: Kirill Tkhai Cc: Sasha Levin Cc: Yiqian Wei Cc: [4.17+] Link: http://lkml.kernel.org/r/20200403140952.17177-3-pasha.tatashin@soleen.com Signed-off-by: Linus Torvalds commit 117003c32771df617acf66e140fbdbdeb0ac71f5 Author: Daniel Jordan Date: Wed Jun 3 15:59:20 2020 -0700 mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in deferred init Patch series "initialize deferred pages with interrupts enabled", v4. Keep interrupts enabled during deferred page initialization in order to make code more modular and allow jiffies to update. Original approach, and discussion can be found here: http://lkml.kernel.org/r/20200311123848.118638-1-shile.zhang@linux.alibaba.com This patch (of 3): deferred_init_memmap() disables interrupts the entire time, so it calls touch_nmi_watchdog() periodically to avoid soft lockup splats. Soon it will run with interrupts enabled, at which point cond_resched() should be used instead. deferred_grow_zone() makes the same watchdog calls through code shared with deferred init but will continue to run with interrupts disabled, so it can't call cond_resched(). Pull the watchdog calls up to these two places to allow the first to be changed later, independently of the second. The frequency reduces from twice per pageblock (init and free) to once per max order block. Fixes: 3a2d7fa8a3d5 ("mm: disable interrupts while initializing deferred pages") Signed-off-by: Daniel Jordan Signed-off-by: Pavel Tatashin Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Acked-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Dan Williams Cc: Shile Zhang Cc: Kirill Tkhai Cc: James Morris Cc: Sasha Levin Cc: Yiqian Wei Cc: [4.17+] Link: http://lkml.kernel.org/r/20200403140952.17177-2-pasha.tatashin@soleen.com Signed-off-by: Linus Torvalds commit ae70eddd5633fc71dccf210f237c5aefc96f4332 Author: Anshuman Khandual Date: Wed Jun 3 15:59:17 2020 -0700 mm/page_alloc: restrict and formalize compound_page_dtors[] Restrict elements in compound_page_dtors[] array per NR_COMPOUND_DTORS and explicitly position them according to enum compound_dtor_id. This improves protection against possible misalignment between compound_page_dtors[] and enum compound_dtor_id later on. Signed-off-by: Anshuman Khandual Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Link: http://lkml.kernel.org/r/1589795958-19317-1-git-send-email-anshuman.khandual@arm.com Signed-off-by: Linus Torvalds commit aa09259109583b98b9d9e7ed0d8eb1b880d1eb97 Author: Charan Teja Reddy Date: Wed Jun 3 15:59:14 2020 -0700 mm, page_alloc: reset the zone->watermark_boost early Updating the zone watermarks by any means, like min_free_kbytes, water_mark_scale_factor etc, when ->watermark_boost is set will result in higher low and high watermarks than the user asked. Below are the steps to reproduce the problem on system setup of Android kernel running on Snapdragon hardware. 1) Default settings of the system are as below: #cat /proc/sys/vm/min_free_kbytes = 5162 #cat /proc/zoneinfo | grep -e boost -e low -e "high " -e min -e Node Node 0, zone Normal min 797 low 8340 high 8539 2) Monitor the zone->watermark_boost(by adding a debug print in the kernel) and whenever it is greater than zero value, write the same value of min_free_kbytes obtained from step 1. #echo 5162 > /proc/sys/vm/min_free_kbytes 3) Then read the zone watermarks in the system while the ->watermark_boost is zero. This should show the same values of watermarks as step 1 but shown a higher values than asked. #cat /proc/zoneinfo | grep -e boost -e low -e "high " -e min -e Node Node 0, zone Normal min 797 low 21148 high 21347 These higher values are because of updating the zone watermarks using the macro min_wmark_pages(zone) which also adds the zone->watermark_boost. #define min_wmark_pages(z) (z->_watermark[WMARK_MIN] + z->watermark_boost) So the steps that lead to the issue are: 1) On the extfrag event, watermarks are boosted by storing the required value in ->watermark_boost. 2) User tries to update the zone watermarks level in the system through min_free_kbytes or watermark_scale_factor. 3) Later, when kswapd woke up, it resets the zone->watermark_boost to zero. In step 2), we use the min_wmark_pages() macro to store the watermarks in the zone structure thus the values are always offsetted by ->watermark_boost value. This can be avoided by resetting the ->watermark_boost to zero before it is used. Signed-off-by: Charan Teja Reddy Signed-off-by: Andrew Morton Reviewed-by: Baoquan He Cc: Vinayak Menon Link: http://lkml.kernel.org/r/1589457511-4255-1-git-send-email-charante@codeaurora.org Signed-off-by: Linus Torvalds commit b418a0f9f0b0f17132daab8a3bb841142c2bdc44 Author: Sandipan Das Date: Wed Jun 3 15:59:11 2020 -0700 mm/page_alloc.c: reset numa stats for boot pagesets Initially, the per-cpu pagesets of each zone are set to the boot pagesets. The real pagesets are allocated later but before that happens, page allocations do occur and the numa stats for the boot pagesets get incremented since they are common to all zones at that point. The real pagesets, however, are allocated for the populated zones only. Unpopulated zones, like those associated with memory-less nodes, continue using the boot pageset and end up skewing the numa stats of the corresponding node. E.g. $ numactl -H available: 2 nodes (0-1) node 0 cpus: 0 1 2 3 node 0 size: 0 MB node 0 free: 0 MB node 1 cpus: 4 5 6 7 node 1 size: 8131 MB node 1 free: 6980 MB node distances: node 0 1 0: 10 40 1: 40 10 $ numastat node0 node1 numa_hit 108 56495 numa_miss 0 0 numa_foreign 0 0 interleave_hit 0 4537 local_node 108 31547 other_node 0 24948 Hence, the boot pageset stats need to be cleared after the real pagesets are allocated. After this point, the stats of the boot pagesets do not change as page allocations requested for a memory-less node will either fail (if __GFP_THISNODE is used) or get fulfilled by a preferred zone of a different node based on the fallback zonelist. [sandipan@linux.ibm.com: v3] Link: http://lkml.kernel.org/r/20200511170356.162531-1-sandipan@linux.ibm.com Signed-off-by: Sandipan Das Signed-off-by: Andrew Morton Acked-by: Vlastimil Babka Cc: Konstantin Khlebnikov Cc: Michal Hocko Cc: "Kirill A . Shutemov" Cc: "Aneesh Kumar K.V" Link: http://lkml.kernel.org/r/9c9c2d1b15e37f6e6bf32f99e3100035e90c4ac9.1588868430.git.sandipan@linux.ibm.com Signed-off-by: Linus Torvalds commit 01c0bfe061f309b848d51619f20495ee2acd7727 Author: Wei Yang Date: Wed Jun 3 15:59:08 2020 -0700 mm: rename gfpflags_to_migratetype to gfp_migratetype for same convention Pageblock migrate type is encoded in GFP flags, just as zone_type and zonelist. Currently we use gfp_zone() and gfp_zonelist() to extract related information, it would be proper to use the same naming convention for migrate type. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: Pankaj Gupta Link: http://lkml.kernel.org/r/20200329080823.7735-1-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit d0ddf49b7c4a3161d28f58612672d08ee9b5db94 Author: Wei Yang Date: Wed Jun 3 15:59:05 2020 -0700 mm/page_alloc.c: use NODE_MASK_NONE in build_zonelists() Slightly simplify the code by initializing user_mask with NODE_MASK_NONE, instead of later calling nodes_clear(). This saves a line of code. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: John Hubbard Reviewed-by: David Hildenbrand Reviewed-by: Pankaj Gupta Link: http://lkml.kernel.org/r/20200330220840.21228-1-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit 97a225e69a1f880886f33d2e65a7ace13f152caa Author: Joonsoo Kim Date: Wed Jun 3 15:59:01 2020 -0700 mm/page_alloc: integrate classzone_idx and high_zoneidx classzone_idx is just different name for high_zoneidx now. So, integrate them and add some comment to struct alloc_context in order to reduce future confusion about the meaning of this variable. The accessor, ac_classzone_idx() is also removed since it isn't needed after integration. In addition to integration, this patch also renames high_zoneidx to highest_zoneidx since it represents more precise meaning. Signed-off-by: Joonsoo Kim Signed-off-by: Andrew Morton Reviewed-by: Baoquan He Acked-by: Vlastimil Babka Acked-by: David Rientjes Cc: Johannes Weiner Cc: Mel Gorman Cc: Michal Hocko Cc: Minchan Kim Cc: Ye Xiaolong Link: http://lkml.kernel.org/r/1587095923-7515-3-git-send-email-iamjoonsoo.kim@lge.com Signed-off-by: Linus Torvalds commit 3334a45eb9e2bb040c880ef65e1d72357a0a008b Author: Joonsoo Kim Date: Wed Jun 3 15:58:58 2020 -0700 mm/page_alloc: use ac->high_zoneidx for classzone_idx Patch series "integrate classzone_idx and high_zoneidx", v5. This patchset is followup of the problem reported and discussed two years ago [1, 2]. The problem this patchset solves is related to the classzone_idx on the NUMA system. It causes a problem when the lowmem reserve protection exists for some zones on a node that do not exist on other nodes. This problem was reported two years ago, and, at that time, the solution got general agreements [2]. But it was not upstreamed. [1]: http://lkml.kernel.org/r/20180102063528.GG30397@yexl-desktop [2]: http://lkml.kernel.org/r/1525408246-14768-1-git-send-email-iamjoonsoo.kim@lge.com This patch (of 2): Currently, we use classzone_idx to calculate lowmem reserve proetection for an allocation request. This classzone_idx causes a problem on NUMA systems when the lowmem reserve protection exists for some zones on a node that do not exist on other nodes. Before further explanation, I should first clarify how to compute the classzone_idx and the high_zoneidx. - ac->high_zoneidx is computed via the arcane gfp_zone(gfp_mask) and represents the index of the highest zone the allocation can use - classzone_idx was supposed to be the index of the highest zone on the local node that the allocation can use, that is actually available in the system Think about following example. Node 0 has 4 populated zone, DMA/DMA32/NORMAL/MOVABLE. Node 1 has 1 populated zone, NORMAL. Some zones, such as MOVABLE, doesn't exist on node 1 and this makes following difference. Assume that there is an allocation request whose gfp_zone(gfp_mask) is the zone, MOVABLE. Then, it's high_zoneidx is 3. If this allocation is initiated on node 0, it's classzone_idx is 3 since actually available/usable zone on local (node 0) is MOVABLE. If this allocation is initiated on node 1, it's classzone_idx is 2 since actually available/usable zone on local (node 1) is NORMAL. You can see that classzone_idx of the allocation request are different according to their starting node, even if their high_zoneidx is the same. Think more about these two allocation requests. If they are processed on local, there is no problem. However, if allocation is initiated on node 1 are processed on remote, in this example, at the NORMAL zone on node 0, due to memory shortage, problem occurs. Their different classzone_idx leads to different lowmem reserve and then different min watermark. See the following example. root@ubuntu:/sys/devices/system/memory# cat /proc/zoneinfo Node 0, zone DMA per-node stats ... pages free 3965 min 5 low 8 high 11 spanned 4095 present 3998 managed 3977 protection: (0, 2961, 4928, 5440) ... Node 0, zone DMA32 pages free 757955 min 1129 low 1887 high 2645 spanned 1044480 present 782303 managed 758116 protection: (0, 0, 1967, 2479) ... Node 0, zone Normal pages free 459806 min 750 low 1253 high 1756 spanned 524288 present 524288 managed 503620 protection: (0, 0, 0, 4096) ... Node 0, zone Movable pages free 130759 min 195 low 326 high 457 spanned 1966079 present 131072 managed 131072 protection: (0, 0, 0, 0) ... Node 1, zone DMA pages free 0 min 0 low 0 high 0 spanned 0 present 0 managed 0 protection: (0, 0, 1006, 1006) Node 1, zone DMA32 pages free 0 min 0 low 0 high 0 spanned 0 present 0 managed 0 protection: (0, 0, 1006, 1006) Node 1, zone Normal per-node stats ... pages free 233277 min 383 low 640 high 897 spanned 262144 present 262144 managed 257744 protection: (0, 0, 0, 0) ... Node 1, zone Movable pages free 0 min 0 low 0 high 0 spanned 262144 present 0 managed 0 protection: (0, 0, 0, 0) - static min watermark for the NORMAL zone on node 0 is 750. - lowmem reserve for the request with classzone idx 3 at the NORMAL on node 0 is 4096. - lowmem reserve for the request with classzone idx 2 at the NORMAL on node 0 is 0. So, overall min watermark is: allocation initiated on node 0 (classzone_idx 3): 750 + 4096 = 4846 allocation initiated on node 1 (classzone_idx 2): 750 + 0 = 750 Allocation initiated on node 1 will have some precedence than allocation initiated on node 0 because min watermark of the former allocation is lower than the other. So, allocation initiated on node 1 could succeed on node 0 when allocation initiated on node 0 could not, and, this could cause too many numa_miss allocation. Then, performance could be downgraded. Recently, there was a regression report about this problem on CMA patches since CMA memory are placed in ZONE_MOVABLE by those patches. I checked that problem is disappeared with this fix that uses high_zoneidx for classzone_idx. http://lkml.kernel.org/r/20180102063528.GG30397@yexl-desktop Using high_zoneidx for classzone_idx is more consistent way than previous approach because system's memory layout doesn't affect anything to it. With this patch, both classzone_idx on above example will be 3 so will have the same min watermark. allocation initiated on node 0: 750 + 4096 = 4846 allocation initiated on node 1: 750 + 4096 = 4846 One could wonder if there is a side effect that allocation initiated on node 1 will use higher bar when allocation is handled on local since classzone_idx could be higher than before. It will not happen because the zone without managed page doesn't contributes lowmem_reserve at all. Reported-by: Ye Xiaolong Signed-off-by: Joonsoo Kim Signed-off-by: Andrew Morton Tested-by: Ye Xiaolong Reviewed-by: Baoquan He Acked-by: Vlastimil Babka Acked-by: David Rientjes Cc: Johannes Weiner Cc: Michal Hocko Cc: Minchan Kim Cc: Mel Gorman Link: http://lkml.kernel.org/r/1587095923-7515-1-git-send-email-iamjoonsoo.kim@lge.com Link: http://lkml.kernel.org/r/1587095923-7515-2-git-send-email-iamjoonsoo.kim@lge.com Signed-off-by: Linus Torvalds commit 26e7deadaae1755faf1f6d1a68988c4b8348df59 Author: Baoquan He Date: Wed Jun 3 15:58:55 2020 -0700 mm/vmstat.c: do not show lowmem reserve protection information of empty zone Because the lowmem reserve protection of a zone can't tell anything if the zone is empty, except of adding one more line in /proc/zoneinfo. Let's remove it from that zone's showing. Signed-off-by: Baoquan He Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200402140113.3696-4-bhe@redhat.com Signed-off-by: Linus Torvalds commit f63661566fad43c0884ad879e6ff07c55ed890f4 Author: Baoquan He Date: Wed Jun 3 15:58:52 2020 -0700 mm/page_alloc.c: clear out zone->lowmem_reserve[] if the zone is empty When requesting memory allocation from a specific zone is not satisfied, it will fall to lower zone to try allocating memory. In this case, lower zone's ->lowmem_reserve[] will help protect its own memory resource. The higher the relevant ->lowmem_reserve[] is, the harder the upper zone can get memory from this lower zone. However, this protection mechanism should be applied to populated zone, but not an empty zone. So filling ->lowmem_reserve[] for empty zone is not necessary, and may mislead people that it's valid data in that zone. Node 2, zone DMA pages free 0 min 0 low 0 high 0 spanned 0 present 0 managed 0 protection: (0, 0, 1024, 1024) Node 2, zone DMA32 pages free 0 min 0 low 0 high 0 spanned 0 present 0 managed 0 protection: (0, 0, 1024, 1024) Node 2, zone Normal per-node stats nr_inactive_anon 0 nr_active_anon 143 nr_inactive_file 0 nr_active_file 0 nr_unevictable 0 nr_slab_reclaimable 45 nr_slab_unreclaimable 254 Here clear out zone->lowmem_reserve[] if zone is empty. Signed-off-by: Baoquan He Signed-off-by: Andrew Morton Link: http://lkml.kernel.org/r/20200402140113.3696-3-bhe@redhat.com Signed-off-by: Linus Torvalds commit 86aaf255437af88c0ff5d20a3c98e2b42fb0beda Author: Baoquan He Date: Wed Jun 3 15:58:48 2020 -0700 mm/page_alloc.c: only tune sysctl_lowmem_reserve_ratio value once when changing it Patch series "improvements about lowmem_reserve and /proc/zoneinfo", v2. This patch (of 3): When people write to /proc/sys/vm/lowmem_reserve_ratio to change sysctl_lowmem_reserve_ratio[], setup_per_zone_lowmem_reserve() is called to recalculate all ->lowmem_reserve[] for each zone of all nodes as below: static void setup_per_zone_lowmem_reserve(void) { ... for_each_online_pgdat(pgdat) { for (j = 0; j < MAX_NR_ZONES; j++) { ... while (idx) { ... if (sysctl_lowmem_reserve_ratio[idx] < 1) { sysctl_lowmem_reserve_ratio[idx] = 0; lower_zone->lowmem_reserve[j] = 0; } else { ... } } } } Meanwhile, here, sysctl_lowmem_reserve_ratio[idx] will be tuned if its value is smaller than '1'. As we know, sysctl_lowmem_reserve_ratio[] is set for zone without regarding to which node it belongs to. That means the tuning will be done on all nodes, even though it has been done in the first node. And the tuning will be done too even when init_per_zone_wmark_min() calls setup_per_zone_lowmem_reserve(), where actually nobody tries to change sysctl_lowmem_reserve_ratio[]. So now move the tuning into lowmem_reserve_ratio_sysctl_handler(), to make code logic more reasonable. Signed-off-by: Baoquan He Signed-off-by: Andrew Morton Cc: Joonsoo Kim Cc: Michal Hocko Cc: Baoquan He Cc: Mel Gorman Cc: David Rientjes Link: http://lkml.kernel.org/r/20200402140113.3696-1-bhe@redhat.com Link: http://lkml.kernel.org/r/20200402140113.3696-2-bhe@redhat.com Signed-off-by: Linus Torvalds commit 4ca7be24eeb3198dffdae9472d7464c8b8cadadb Author: Baoquan He Date: Wed Jun 3 15:58:45 2020 -0700 mm/page_alloc.c: remove unused free_bootmem_with_active_regions Since commit 397dc00e249ec64e10 ("mips: sgi-ip27: switch from DISCONTIGMEM to SPARSEMEM"), the last caller of free_bootmem_with_active_regions() was gone. Now no user calls it any more. Let's remove it. Signed-off-by: Baoquan He Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Acked-by: Michal Hocko Link: http://lkml.kernel.org/r/20200402143455.5145-1-bhe@redhat.com Signed-off-by: Linus Torvalds commit 16867664936e32423375bf44d240f440fff194cb Author: Roman Gushchin Date: Wed Jun 3 15:58:42 2020 -0700 mm,page_alloc,cma: conditionally prefer cma pageblocks for movable allocations Currently a cma area is barely used by the page allocator because it's used only as a fallback from movable, however kswapd tries hard to make sure that the fallback path isn't used. This results in a system evicting memory and pushing data into swap, while lots of CMA memory is still available. This happens despite the fact that alloc_contig_range is perfectly capable of moving any movable allocations out of the way of an allocation. To effectively use the cma area let's alter the rules: if the zone has more free cma pages than the half of total free pages in the zone, use cma pageblocks first and fallback to movable blocks in the case of failure. [guro@fb.com: ifdef the cma-specific code] Link: http://lkml.kernel.org/r/20200311225832.GA178154@carbon.DHCP.thefacebook.com Co-developed-by: Rik van Riel Signed-off-by: Roman Gushchin Signed-off-by: Rik van Riel Signed-off-by: Andrew Morton Acked-by: Vlastimil Babka Acked-by: Minchan Kim Cc: Qian Cai Cc: Mel Gorman Cc: Anshuman Khandual Cc: Joonsoo Kim Link: http://lkml.kernel.org/r/20200306150102.3e77354b@imladris.surriel.com Signed-off-by: Linus Torvalds commit 58b7f1194fe1e188a1687e45c3475a98906aae4b Author: Wei Yang Date: Wed Jun 3 15:58:39 2020 -0700 mm/page_alloc.c: extract check_[new|free]_page_bad() common part to page_bad_reason() We share similar code in check_[new|free]_page_bad() to get the page's bad reason. Let's extract it and reduce code duplication. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Cc: David Rientjes Cc: Anshuman Khandual Cc: David Hildenbrand Cc: Michal Hocko Link: http://lkml.kernel.org/r/20200411220357.9636-6-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit 534fe5e3c44f93ddd9daf7bb59ec2950583d0522 Author: Wei Yang Date: Wed Jun 3 15:58:36 2020 -0700 mm/page_alloc.c: rename free_pages_check() to check_free_page() free_pages_check() is the counterpart of check_new_page(). Rename it to use the same naming convention. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Cc: Anshuman Khandual Cc: David Hildenbrand Cc: David Rientjes Cc: Michal Hocko Link: http://lkml.kernel.org/r/20200411220357.9636-5-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit 0d0c48a274d5beeeb42b904caacea01564d3222b Author: Wei Yang Date: Wed Jun 3 15:58:33 2020 -0700 mm/page_alloc.c: rename free_pages_check_bad() to check_free_page_bad() free_pages_check_bad() is the counterpart of check_new_page_bad(). Rename it to use the same naming convention. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Cc: Anshuman Khandual Cc: David Hildenbrand Cc: David Rientjes Cc: Michal Hocko Link: http://lkml.kernel.org/r/20200411220357.9636-4-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit 82a3241a8f76cca20862c16693afc13fcc4622c6 Author: Wei Yang Date: Wed Jun 3 15:58:29 2020 -0700 mm/page_alloc.c: bad_flags is not necessary for bad_page() After commit 5b57b8f22709 ("mm/debug.c: always print flags in dump_page()"), page->flags is always printed for a bad page. It is not necessary to have bad_flags any more. Suggested-by: Anshuman Khandual Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Cc: David Hildenbrand Cc: David Rientjes Cc: Michal Hocko Link: http://lkml.kernel.org/r/20200411220357.9636-3-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit 833d8a426f78f19b166d93bda0569d3d6d507dba Author: Wei Yang Date: Wed Jun 3 15:58:26 2020 -0700 mm/page_alloc.c: bad_[reason|flags] is not necessary when PageHWPoison Patch series "mm/page_alloc.c: cleanup on check page", v3. This patchset does some cleanup related to check page. 1. Remove unnecessary bad_reason assignment 2. Remove bad_flags to bad_page() 3. Rename function for naming convention 4. Extract common part to check page Thanks for suggestions from David Rientjes and Anshuman Khandual. This patch (of 5): Since function returns directly, bad_[reason|flags] is not used any where. And move this to the first. This is a following cleanup for commit e570f56cccd21 ("mm: check_new_page_bad() directly returns in __PG_HWPOISON case") Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Acked-by: Michal Hocko Cc: Anshuman Khandual Cc: David Rientjes Link: http://lkml.kernel.org/r/20200411220357.9636-2-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit 237e506cd5af254fbc3be560d57c29163133aaf6 Author: Mike Rapoport Date: Wed Jun 3 15:58:22 2020 -0700 docs/vm: update memory-models documentation To reflect the updates to free_area_init() family of functions. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-22-rppt@kernel.org Signed-off-by: Linus Torvalds commit 8a1b25fe3ce49f7c0ad562fa294ac7f93731bd3a Author: Mike Rapoport Date: Wed Jun 3 15:58:18 2020 -0700 mm: simplify find_min_pfn_with_active_regions() find_min_pfn_with_active_regions() calls find_min_pfn_for_node() with nid parameter set to MAX_NUMNODES. This makes the find_min_pfn_for_node() traverse all memblock memory regions although the first PFN in the system can be easily found with memblock_start_of_DRAM(). Use memblock_start_of_DRAM() in find_min_pfn_with_active_regions() and drop now unused find_min_pfn_for_node(). Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-21-rppt@kernel.org Signed-off-by: Linus Torvalds commit 854e8848c5841b4199a70f1838f55999cecbf3b6 Author: Mike Rapoport Date: Wed Jun 3 15:58:13 2020 -0700 mm: clean up free_area_init_node() and its helpers free_area_init_node() now always uses memblock info and the zone PFN limits so it does not need the backwards compatibility functions to calculate the zone spanned and absent pages. The removal of the compat_ versions of zone_{abscent,spanned}_pages_in_node() in turn, makes zone_size and zhole_size parameters unused. The node_start_pfn is determined by get_pfn_range_for_nid(), so there is no need to pass it to free_area_init_node(). As a result, the only required parameter to free_area_init_node() is the node ID, all the rest are removed along with no longer used compat_zone_{abscent,spanned}_pages_in_node() helpers. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-20-rppt@kernel.org Signed-off-by: Linus Torvalds commit bc9331a19d758706493cbebba67ca70382edddac Author: Mike Rapoport Date: Wed Jun 3 15:58:09 2020 -0700 mm: rename free_area_init_node() to free_area_init_memoryless_node() free_area_init_node() is only used by x86 to initialize a memory-less nodes. Make its name reflect this and drop all the function parameters except node ID as they are anyway zero. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-19-rppt@kernel.org Signed-off-by: Linus Torvalds commit 51930df5801e4da60e962ea52b811634d257a148 Author: Mike Rapoport Date: Wed Jun 3 15:58:03 2020 -0700 mm: free_area_init: allow defining max_zone_pfn in descending order Some architectures (e.g. ARC) have the ZONE_HIGHMEM zone below the ZONE_NORMAL. Allowing free_area_init() parse max_zone_pfn array even it is sorted in descending order allows using free_area_init() on such architectures. Add top -> down traversal of max_zone_pfn array in free_area_init() and use the latter in ARC node/zone initialization. [rppt@kernel.org: ARC fix] Link: http://lkml.kernel.org/r/20200504153901.GM14260@kernel.org [rppt@linux.ibm.com: arc: free_area_init(): take into account PAE40 mode] Link: http://lkml.kernel.org/r/20200507205900.GH683243@linux.ibm.com [akpm@linux-foundation.org: declare arch_has_descending_max_zone_pfns()] Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Reviewed-by: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Cc: Guenter Roeck Link: http://lkml.kernel.org/r/20200412194859.12663-18-rppt@kernel.org Signed-off-by: Linus Torvalds commit acd3f5c441e9635857f02a7c21e7dd590dcf672e Author: Mike Rapoport Date: Wed Jun 3 15:57:59 2020 -0700 mm: remove early_pfn_in_nid() and CONFIG_NODES_SPAN_OTHER_NODES The memmap_init() function was made to iterate over memblock regions and as the result the early_pfn_in_nid() function became obsolete. Since CONFIG_NODES_SPAN_OTHER_NODES is only used to pick a stub or a real implementation of early_pfn_in_nid(), it is also not needed anymore. Remove both early_pfn_in_nid() and the CONFIG_NODES_SPAN_OTHER_NODES. Co-developed-by: Hoan Tran Signed-off-by: Hoan Tran Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-17-rppt@kernel.org Signed-off-by: Linus Torvalds commit 73a6e474cb376921a311786652782155eac2fdf0 Author: Baoquan He Date: Wed Jun 3 15:57:55 2020 -0700 mm: memmap_init: iterate over memblock regions rather that check each PFN When called during boot the memmap_init_zone() function checks if each PFN is valid and actually belongs to the node being initialized using early_pfn_valid() and early_pfn_in_nid(). Each such check may cost up to O(log(n)) where n is the number of memory banks, so for large amount of memory overall time spent in early_pfn*() becomes substantial. Since the information is anyway present in memblock, we can iterate over memblock memory regions in memmap_init() and only call memmap_init_zone() for PFN ranges that are know to be valid and in the appropriate node. [cai@lca.pw: fix a compilation warning from Clang] Link: http://lkml.kernel.org/r/CF6E407F-17DC-427C-8203-21979FB882EF@lca.pw [bhe@redhat.com: fix the incorrect hole in fast_isolate_freepages()] Link: http://lkml.kernel.org/r/8C537EB7-85EE-4DCF-943E-3CC0ED0DF56D@lca.pw Link: http://lkml.kernel.org/r/20200521014407.29690-1-bhe@redhat.com Signed-off-by: Baoquan He Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Cc: Qian Cai Link: http://lkml.kernel.org/r/20200412194859.12663-16-rppt@kernel.org Signed-off-by: Linus Torvalds commit da50c57bdbb8e37ec6f8c934a2f8acbf4e4fdfb9 Author: Mike Rapoport Date: Wed Jun 3 15:57:50 2020 -0700 xtensa: simplify detection of memory zone boundaries free_area_init() only requires the definition of maximal PFN for each of the supported zone rater than calculation of actual zone sizes and the sizes of the holes between the zones. After removal of CONFIG_HAVE_MEMBLOCK_NODE_MAP the free_area_init() is available to all architectures. Using this function instead of free_area_init_node() simplifies the zone detection. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-15-rppt@kernel.org Signed-off-by: Linus Torvalds commit 1b02ec0180b93b0e98a1c45bea3cfde39ff609bf Author: Mike Rapoport Date: Wed Jun 3 15:57:46 2020 -0700 unicore32: simplify detection of memory zone boundaries free_area_init() only requires the definition of maximal PFN for each of the supported zone rater than calculation of actual zone sizes and the sizes of the holes between the zones. After removal of CONFIG_HAVE_MEMBLOCK_NODE_MAP the free_area_init() is available to all architectures. Using this function instead of free_area_init_node() simplifies the zone detection. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-14-rppt@kernel.org Signed-off-by: Linus Torvalds commit bee3b3ccb10c8c950b71df011d9511ac15b78e6a Author: Mike Rapoport Date: Wed Jun 3 15:57:41 2020 -0700 sparc32: simplify detection of memory zone boundaries free_area_init() only requires the definition of maximal PFN for each of the supported zone rater than calculation of actual zone sizes and the sizes of the holes between the zones. After removal of CONFIG_HAVE_MEMBLOCK_NODE_MAP the free_area_init() is available to all architectures. Using this function instead of free_area_init_node() simplifies the zone detection. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-13-rppt@kernel.org Signed-off-by: Linus Torvalds commit 625bf73ed27f337ccc7d750087423df679a7f733 Author: Mike Rapoport Date: Wed Jun 3 15:57:37 2020 -0700 parisc: simplify detection of memory zone boundaries free_area_init() only requires the definition of maximal PFN for each of the supported zone rater than calculation of actual zone sizes and the sizes of the holes between the zones. After removal of CONFIG_HAVE_MEMBLOCK_NODE_MAP the free_area_init() is available to all architectures. Using this function instead of free_area_init_node() simplifies the zone detection. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-12-rppt@kernel.org Signed-off-by: Linus Torvalds commit 5d2ee1a17f344de60231e98a2c87d8364a985830 Author: Mike Rapoport Date: Wed Jun 3 15:57:32 2020 -0700 m68k: mm: simplify detection of memory zone boundaries free_area_init() only requires the definition of maximal PFN for each of the supported zone rater than calculation of actual zone sizes and the sizes of the holes between the zones. After removal of CONFIG_HAVE_MEMBLOCK_NODE_MAP the free_area_init() is available to all architectures. Using this function instead of free_area_init_node() simplifies the zone detection. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-11-rppt@kernel.org Signed-off-by: Linus Torvalds commit 8f4693f0e0f5e9f64d02a300afd12efda5b50f95 Author: Mike Rapoport Date: Wed Jun 3 15:57:28 2020 -0700 csky: simplify detection of memory zone boundaries The free_area_init() function only requires the definition of maximal PFN for each of the supported zone rater than calculation of actual zone sizes and the sizes of the holes between the zones. After removal of CONFIG_HAVE_MEMBLOCK_NODE_MAP the free_area_init() is available to all architectures. Using this function instead of free_area_init_node() simplifies the zone detection. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-10-rppt@kernel.org Signed-off-by: Linus Torvalds commit 584cb13dca27be144a54f9e0b0d71f3db61130a2 Author: Mike Rapoport Date: Wed Jun 3 15:57:23 2020 -0700 arm64: simplify detection of memory zone boundaries for UMA configs The free_area_init() function only requires the definition of maximal PFN for each of the supported zone rater than calculation of actual zone sizes and the sizes of the holes between the zones. After removal of CONFIG_HAVE_MEMBLOCK_NODE_MAP the free_area_init() is available to all architectures. Using this function instead of free_area_init_node() simplifies the zone detection. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Acked-by: Catalin Marinas Cc: Baoquan He Cc: Brian Cain Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-9-rppt@kernel.org Signed-off-by: Linus Torvalds commit a32c1c61212d93a8fa5bab56605982d2451852bb Author: Mike Rapoport Date: Wed Jun 3 15:57:19 2020 -0700 arm: simplify detection of memory zone boundaries free_area_init() only requires the definition of maximal PFN for each of the supported zone rater than calculation of actual zone sizes and the sizes of the holes between the zones. After removal of CONFIG_HAVE_MEMBLOCK_NODE_MAP the free_area_init() is available to all architectures. Using this function instead of free_area_init_node() simplifies the zone detection. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-8-rppt@kernel.org Signed-off-by: Linus Torvalds commit 307602036ba1795237361fe73e3c13628469c0cb Author: Mike Rapoport Date: Wed Jun 3 15:57:15 2020 -0700 alpha: simplify detection of memory zone boundaries free_area_init() only requires the definition of maximal PFN for each of the supported zone rater than calculation of actual zone sizes and the sizes of the holes between the zones. After removal of CONFIG_HAVE_MEMBLOCK_NODE_MAP the free_area_init() is available to all architectures. Using this function instead of free_area_init_node() simplifies the zone detection. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Cc: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-7-rppt@kernel.org Signed-off-by: Linus Torvalds commit 9691a071aa26a21fc8dac804a2b98d3c24f76f9a Author: Mike Rapoport Date: Wed Jun 3 15:57:10 2020 -0700 mm: use free_area_init() instead of free_area_init_nodes() free_area_init() has effectively became a wrapper for free_area_init_nodes() and there is no point of keeping it. Still free_area_init() name is shorter and more general as it does not imply necessity to initialize multiple nodes. Rename free_area_init_nodes() to free_area_init(), update the callers and drop old version of free_area_init(). Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Reviewed-by: Baoquan He Acked-by: Catalin Marinas Cc: Brian Cain Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-6-rppt@kernel.org Signed-off-by: Linus Torvalds commit fa3354e4ea39e97af906c05551a36396541d70b4 Author: Mike Rapoport Date: Wed Jun 3 15:57:06 2020 -0700 mm: free_area_init: use maximal zone PFNs rather than zone sizes Currently, architectures that use free_area_init() to initialize memory map and node and zone structures need to calculate zone and hole sizes. We can use free_area_init_nodes() instead and let it detect the zone boundaries while the architectures will only have to supply the possible limits for the zones. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Reviewed-by: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-5-rppt@kernel.org Signed-off-by: Linus Torvalds commit 3f08a302f533f74ad2e909e7a61274aa7eebc0ab Author: Mike Rapoport Date: Wed Jun 3 15:57:02 2020 -0700 mm: remove CONFIG_HAVE_MEMBLOCK_NODE_MAP option CONFIG_HAVE_MEMBLOCK_NODE_MAP is used to differentiate initialization of nodes and zones structures between the systems that have region to node mapping in memblock and those that don't. Currently all the NUMA architectures enable this option and for the non-NUMA systems we can presume that all the memory belongs to node 0 and therefore the compile time configuration option is not required. The remaining few architectures that use DISCONTIGMEM without NUMA are easily updated to use memblock_add_node() instead of memblock_add() and thus have proper correspondence of memblock regions to NUMA nodes. Still, free_area_init_node() must have a backward compatible version because its semantics with and without CONFIG_HAVE_MEMBLOCK_NODE_MAP is different. Once all the architectures will use the new semantics, the entire compatibility layer can be dropped. To avoid addition of extra run time memory to store node id for architectures that keep memblock but have only a single node, the node id field of the memblock_region is guarded by CONFIG_NEED_MULTIPLE_NODES and the corresponding accessors presume that in those cases it is always 0. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Acked-by: Catalin Marinas [arm64] Cc: Baoquan He Cc: Brian Cain Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-4-rppt@kernel.org Signed-off-by: Linus Torvalds commit 6f24fbd38c4e05f7905814791806c01dc6c4b9de Author: Mike Rapoport Date: Wed Jun 3 15:56:57 2020 -0700 mm: make early_pfn_to_nid() and related defintions close to each other early_pfn_to_nid() and its helper __early_pfn_to_nid() are spread around include/linux/mm.h, include/linux/mmzone.h and mm/page_alloc.c. Drop unused stub for __early_pfn_to_nid() and move its actual generic implementation close to its users. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Reviewed-by: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-3-rppt@kernel.org Signed-off-by: Linus Torvalds commit d622abf74f3d81365e41c3bfdbbda50ecd99ba3d Author: Mike Rapoport Date: Wed Jun 3 15:56:53 2020 -0700 mm: memblock: replace dereferences of memblock_region.nid with API calls Patch series "mm: rework free_area_init*() funcitons". After the discussion [1] about removal of CONFIG_NODES_SPAN_OTHER_NODES and CONFIG_HAVE_MEMBLOCK_NODE_MAP options, I took it a bit further and updated the node/zone initialization. Since all architectures have memblock, it is possible to use only the newer version of free_area_init_node() that calculates the zone and node boundaries based on memblock node mapping and architectural limits on possible zone PFNs. The architectures that still determined zone and hole sizes can be switched to the generic code and the old code that took those zone and hole sizes can be simply removed. And, since it all started from the removal of CONFIG_NODES_SPAN_OTHER_NODES, the memmap_init() is now updated to iterate over memblocks and so it does not need to perform early_pfn_to_nid() query for every PFN. [1] https://lore.kernel.org/lkml/1585420282-25630-1-git-send-email-Hoan@os.amperecomputing.com This patch (of 21): There are several places in the code that directly dereference memblock_region.nid despite this field being defined only when CONFIG_HAVE_MEMBLOCK_NODE_MAP=y. Replace these with calls to memblock_get_region_nid() to improve code robustness and to avoid possible breakage when CONFIG_HAVE_MEMBLOCK_NODE_MAP will be removed. Signed-off-by: Mike Rapoport Signed-off-by: Andrew Morton Tested-by: Hoan Tran [arm64] Reviewed-by: Baoquan He Cc: Brian Cain Cc: Catalin Marinas Cc: "David S. Miller" Cc: Geert Uytterhoeven Cc: Greentime Hu Cc: Greg Ungerer Cc: Guan Xuetao Cc: Guo Ren Cc: Heiko Carstens Cc: Helge Deller Cc: "James E.J. Bottomley" Cc: Jonathan Corbet Cc: Ley Foon Tan Cc: Mark Salter Cc: Matt Turner Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Hocko Cc: Michal Simek Cc: Mike Rapoport Cc: Nick Hu Cc: Paul Walmsley Cc: Richard Weinberger Cc: Rich Felker Cc: Russell King Cc: Stafford Horne Cc: Thomas Bogendoerfer Cc: Tony Luck Cc: Vineet Gupta Cc: Yoshinori Sato Link: http://lkml.kernel.org/r/20200412194859.12663-1-rppt@kernel.org Link: http://lkml.kernel.org/r/20200412194859.12663-2-rppt@kernel.org Signed-off-by: Linus Torvalds commit 574c1ae66c12410a08aeef8474936baa50e0371d Author: Michal Hocko Date: Wed Jun 3 15:56:49 2020 -0700 mm: clarify __GFP_MEMALLOC usage It seems that the existing documentation is not explicit about the expected usage and potential risks enough. While it is calls out that users have to free memory when using this flag it is not really apparent that users have to careful to not deplete memory reserves and that they should implement some sort of throttling wrt. freeing process. This is partly based on Neil's explanation [1]. Let's also call out that a pre allocated pool allocator should be considered. [1] http://lkml.kernel.org/r/877dz0yxoa.fsf@notabene.neil.brown.name [akpm@linux-foundation.org: coding style fixes] [mhocko@kernel.org: update] Link: http://lkml.kernel.org/r/20200406070137.GC19426@dhcp22.suse.cz Signed-off-by: Michal Hocko Signed-off-by: Andrew Morton Cc: David Rientjes Cc: Joel Fernandes Cc: Neil Brown Cc: Paul E. McKenney Cc: John Hubbard Link: http://lkml.kernel.org/r/20200403083543.11552-2-mhocko@kernel.org Signed-off-by: Linus Torvalds commit 47227d27e2fcb01a9e8f5958d8997cf47a820afc Author: Daniel Axtens Date: Wed Jun 3 15:56:46 2020 -0700 string.h: fix incompatibility between FORTIFY_SOURCE and KASAN The memcmp KASAN self-test fails on a kernel with both KASAN and FORTIFY_SOURCE. When FORTIFY_SOURCE is on, a number of functions are replaced with fortified versions, which attempt to check the sizes of the operands. However, these functions often directly invoke __builtin_foo() once they have performed the fortify check. Using __builtins may bypass KASAN checks if the compiler decides to inline it's own implementation as sequence of instructions, rather than emit a function call that goes out to a KASAN-instrumented implementation. Why is only memcmp affected? ============================ Of the string and string-like functions that kasan_test tests, only memcmp is replaced by an inline sequence of instructions in my testing on x86 with gcc version 9.2.1 20191008 (Ubuntu 9.2.1-9ubuntu2). I believe this is due to compiler heuristics. For example, if I annotate kmalloc calls with the alloc_size annotation (and disable some fortify compile-time checking!), the compiler will replace every memset except the one in kmalloc_uaf_memset with inline instructions. (I have some WIP patches to add this annotation.) Does this affect other functions in string.h? ============================================= Yes. Anything that uses __builtin_* rather than __real_* could be affected. This looks like: - strncpy - strcat - strlen - strlcpy maybe, under some circumstances? - strncat under some circumstances - memset - memcpy - memmove - memcmp (as noted) - memchr - strcpy Whether a function call is emitted always depends on the compiler. Most bugs should get caught by FORTIFY_SOURCE, but the missed memcmp test shows that this is not always the case. Isn't FORTIFY_SOURCE disabled with KASAN? ========================================- The string headers on all arches supporting KASAN disable fortify with kasan, but only when address sanitisation is _also_ disabled. For example from x86: #if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__) /* * For files that are not instrumented (e.g. mm/slub.c) we * should use not instrumented version of mem* functions. */ #define memcpy(dst, src, len) __memcpy(dst, src, len) #define memmove(dst, src, len) __memmove(dst, src, len) #define memset(s, c, n) __memset(s, c, n) #ifndef __NO_FORTIFY #define __NO_FORTIFY /* FORTIFY_SOURCE uses __builtin_memcpy, etc. */ #endif #endif This comes from commit 6974f0c4555e ("include/linux/string.h: add the option of fortified string.h functions"), and doesn't work when KASAN is enabled and the file is supposed to be sanitised - as with test_kasan.c I'm pretty sure this is not wrong, but not as expansive it should be: * we shouldn't use __builtin_memcpy etc in files where we don't have instrumentation - it could devolve into a function call to memcpy, which will be instrumented. Rather, we should use __memcpy which by convention is not instrumented. * we also shouldn't be using __builtin_memcpy when we have a KASAN instrumented file, because it could be replaced with inline asm that will not be instrumented. What is correct behaviour? ========================== Firstly, there is some overlap between fortification and KASAN: both provide some level of _runtime_ checking. Only fortify provides compile-time checking. KASAN and fortify can pick up different things at runtime: - Some fortify functions, notably the string functions, could easily be modified to consider sub-object sizes (e.g. members within a struct), and I have some WIP patches to do this. KASAN cannot detect these because it cannot insert poision between members of a struct. - KASAN can detect many over-reads/over-writes when the sizes of both operands are unknown, which fortify cannot. So there are a couple of options: 1) Flip the test: disable fortify in santised files and enable it in unsanitised files. This at least stops us missing KASAN checking, but we lose the fortify checking. 2) Make the fortify code always call out to real versions. Do this only for KASAN, for fear of losing the inlining opportunities we get from __builtin_*. (We can't use kasan_check_{read,write}: because the fortify functions are _extern inline_, you can't include _static_ inline functions without a compiler warning. kasan_check_{read,write} are static inline so we can't use them even when they would otherwise be suitable.) Take approach 2 and call out to real versions when KASAN is enabled. Use __underlying_foo to distinguish from __real_foo: __real_foo always refers to the kernel's implementation of foo, __underlying_foo could be either the kernel implementation or the __builtin_foo implementation. This is sometimes enough to make the memcmp test succeed with FORTIFY_SOURCE enabled. It is at least enough to get the function call into the module. One more fix is needed to make it reliable: see the next patch. Fixes: 6974f0c4555e ("include/linux/string.h: add the option of fortified string.h functions") Signed-off-by: Daniel Axtens Signed-off-by: Andrew Morton Tested-by: David Gow Reviewed-by: Dmitry Vyukov Cc: Daniel Micay Cc: Andrey Ryabinin Cc: Alexander Potapenko Link: http://lkml.kernel.org/r/20200423154503.5103-3-dja@axtens.net Signed-off-by: Linus Torvalds commit adb72ae1915db28f934e9e02c18bfcea2f3ed3b7 Author: Daniel Axtens Date: Wed Jun 3 15:56:43 2020 -0700 kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE Patch series "Fix some incompatibilites between KASAN and FORTIFY_SOURCE", v4. 3 KASAN self-tests fail on a kernel with both KASAN and FORTIFY_SOURCE: memchr, memcmp and strlen. When FORTIFY_SOURCE is on, a number of functions are replaced with fortified versions, which attempt to check the sizes of the operands. However, these functions often directly invoke __builtin_foo() once they have performed the fortify check. The compiler can detect that the results of these functions are not used, and knows that they have no other side effects, and so can eliminate them as dead code. Why are only memchr, memcmp and strlen affected? ================================================ Of string and string-like functions, kasan_test tests: * strchr -> not affected, no fortified version * strrchr -> likewise * strcmp -> likewise * strncmp -> likewise * strnlen -> not affected, the fortify source implementation calls the underlying strnlen implementation which is instrumented, not a builtin * strlen -> affected, the fortify souce implementation calls a __builtin version which the compiler can determine is dead. * memchr -> likewise * memcmp -> likewise * memset -> not affected, the compiler knows that memset writes to its first argument and therefore is not dead. Why does this not affect the functions normally? ================================================ In string.h, these functions are not marked as __pure, so the compiler cannot know that they do not have side effects. If relevant functions are marked as __pure in string.h, we see the following warnings and the functions are elided: lib/test_kasan.c: In function `kasan_memchr': lib/test_kasan.c:606:2: warning: statement with no effect [-Wunused-value] memchr(ptr, '1', size + 1); ^~~~~~~~~~~~~~~~~~~~~~~~~~ lib/test_kasan.c: In function `kasan_memcmp': lib/test_kasan.c:622:2: warning: statement with no effect [-Wunused-value] memcmp(ptr, arr, size+1); ^~~~~~~~~~~~~~~~~~~~~~~~ lib/test_kasan.c: In function `kasan_strings': lib/test_kasan.c:645:2: warning: statement with no effect [-Wunused-value] strchr(ptr, '1'); ^~~~~~~~~~~~~~~~ ... This annotation would make sense to add and could be added at any point, so the behaviour of test_kasan.c should change. The fix ======= Make all the functions that are pure write their results to a global, which makes them live. The strlen and memchr tests now pass. The memcmp test still fails to trigger, which is addressed in the next patch. [dja@axtens.net: drop patch 3] Link: http://lkml.kernel.org/r/20200424145521.8203-2-dja@axtens.net Fixes: 0c96350a2d2f ("lib/test_kasan.c: add tests for several string/memory API functions") Signed-off-by: Daniel Axtens Signed-off-by: Andrew Morton Tested-by: David Gow Reviewed-by: Dmitry Vyukov Cc: Daniel Micay Cc: Andrey Ryabinin Cc: Alexander Potapenko Link: http://lkml.kernel.org/r/20200423154503.5103-1-dja@axtens.net Link: http://lkml.kernel.org/r/20200423154503.5103-2-dja@axtens.net Signed-off-by: Linus Torvalds commit f81cd178ecfd0806c1d2859cfe0a162d80c81a69 Author: John Hubbard Date: Wed Jun 3 15:56:40 2020 -0700 mm/gup: might_lock_read(mmap_sem) in get_user_pages_fast() Instead of scattering these assertions across the drivers, do this assertion inside the core of get_user_pages_fast*() functions. That also includes pin_user_pages_fast*() routines. Add a might_lock_read(mmap_sem) call to internal_get_user_pages_fast(). Suggested-by: Matthew Wilcox Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Reviewed-by: Matthew Wilcox Cc: Michel Lespinasse Cc: Jason Gunthorpe Link: http://lkml.kernel.org/r/20200522010443.1290485-1-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit 2170ecfa768850bb29487baa3101c993ab7d7402 Author: John Hubbard Date: Wed Jun 3 15:56:37 2020 -0700 drm/i915: convert get_user_pages() --> pin_user_pages() This code was using get_user_pages*(), in a "Case 2" scenario (DMA/RDMA), using the categorization from [1]. That means that it's time to convert the get_user_pages*() + put_page() calls to pin_user_pages*() + unpin_user_pages() calls. There is some helpful background in [2]: basically, this is a small part of fixing a long-standing disconnect between pinning pages, and file systems' use of those pages. [1] Documentation/core-api/pin_user_pages.rst [2] "Explicit pinning of user-space pages": https://lwn.net/Articles/807108/ Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Reviewed-by: Chris Wilson Cc: Souptick Joarder Cc: Matthew Wilcox Cc: Jani Nikula Cc: "Joonas Lahtinen" Cc: Rodrigo Vivi Cc: David Airlie Cc: Daniel Vetter Cc: Tvrtko Ursulin Cc: Matthew Auld Link: http://lkml.kernel.org/r/20200519002124.2025955-5-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit 104acc327648b347d1716374586803e82fa1dc95 Author: John Hubbard Date: Wed Jun 3 15:56:34 2020 -0700 mm/gup: introduce pin_user_pages_fast_only() This is the FOLL_PIN equivalent of __get_user_pages_fast(), except with a more descriptive name, and gup_flags instead of a boolean "write" in the argument list. Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Reviewed-by: Chris Wilson Cc: Daniel Vetter Cc: David Airlie Cc: Jani Nikula Cc: "Joonas Lahtinen" Cc: Matthew Auld Cc: Matthew Wilcox Cc: Rodrigo Vivi Cc: Souptick Joarder Cc: Tvrtko Ursulin Link: http://lkml.kernel.org/r/20200519002124.2025955-4-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit 376a34efa4eeb699d285c1a741b186d44b44c429 Author: John Hubbard Date: Wed Jun 3 15:56:30 2020 -0700 mm/gup: refactor and de-duplicate gup_fast() code There were two nearly identical sets of code for gup_fast() style of walking the page tables with interrupts disabled. This has lead to the usual maintenance problems that arise from having duplicated code. There is already a core internal routine in gup.c for gup_fast(), so just enhance it very slightly: allow skipping the fall-back to "slow" (regular) get_user_pages(), via the new FOLL_FAST_ONLY flag. Then, just call internal_get_user_pages_fast() from __get_user_pages_fast(), and adjust the API to match pre-existing API behavior. There is a change in behavior from this refactoring: the nested form of interrupt disabling is used in all gup_fast() variants now. That's because there is only one place that interrupt disabling for page walking is done, and so the safer form is required. This should, if anything, eliminate possible (rare) bugs, because the non-nested form of enabling interrupts was fragile at best. [jhubbard@nvidia.com: fixup] Link: http://lkml.kernel.org/r/20200521233841.1279742-1-jhubbard@nvidia.com Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Reviewed-by: Chris Wilson Cc: Daniel Vetter Cc: David Airlie Cc: Jani Nikula Cc: "Joonas Lahtinen" Cc: Matthew Auld Cc: Matthew Wilcox Cc: Rodrigo Vivi Cc: Souptick Joarder Cc: Tvrtko Ursulin Link: http://lkml.kernel.org/r/20200519002124.2025955-3-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit 9e1f0580d37e0d3fcfc2274128a5cc476feba5d0 Author: John Hubbard Date: Wed Jun 3 15:56:27 2020 -0700 mm/gup: move __get_user_pages_fast() down a few lines in gup.c Patch series "mm/gup, drm/i915: refactor gup_fast, convert to pin_user_pages()", v2. In order to convert the drm/i915 driver from get_user_pages() to pin_user_pages(), a FOLL_PIN equivalent of __get_user_pages_fast() was required. That led to refactoring __get_user_pages_fast(), with the following goals: 1) As above: provide a pin_user_pages*() routine for drm/i915 to call, in place of __get_user_pages_fast(), 2) Get rid of the gup.c duplicate code for walking page tables with interrupts disabled. This duplicate code is a minor maintenance problem anyway. 3) Make it easy for an upcoming patch from Souptick, which aims to convert __get_user_pages_fast() to use a gup_flags argument, instead of a bool writeable arg. Also, if this series looks good, we can ask Souptick to change the name as well, to whatever the consensus is. My initial recommendation is: get_user_pages_fast_only(), to match the new pin_user_pages_only(). This patch (of 4): This is in order to avoid a forward declaration of internal_get_user_pages_fast(), in the next patch. This is code movement only--all generated code should be identical. Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Reviewed-by: Chris Wilson Cc: Daniel Vetter Cc: David Airlie Cc: Jani Nikula Cc: "Joonas Lahtinen" Cc: Matthew Auld Cc: Matthew Wilcox Cc: Rodrigo Vivi Cc: Souptick Joarder Cc: Tvrtko Ursulin Link: http://lkml.kernel.org/r/20200522051931.54191-1-jhubbard@nvidia.com Link: http://lkml.kernel.org/r/20200519002124.2025955-1-jhubbard@nvidia.com Link: http://lkml.kernel.org/r/20200519002124.2025955-2-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit dd8657b6c1cb5e65b13445b4a038736e81cf80ea Author: Shakeel Butt Date: Wed Jun 3 15:56:24 2020 -0700 mm/memcg: optimize memory.numa_stat like memory.stat Currently reading memory.numa_stat traverses the underlying memcg tree multiple times to accumulate the stats to present the hierarchical view of the memcg tree. However the kernel already maintains the hierarchical view of the stats and use it in memory.stat. Just use the same mechanism in memory.numa_stat as well. I ran a simple benchmark which reads root_mem_cgroup's memory.numa_stat file in the presense of 10000 memcgs. The results are: Without the patch: $ time cat /dev/cgroup/memory/memory.numa_stat > /dev/null real 0m0.700s user 0m0.001s sys 0m0.697s With the patch: $ time cat /dev/cgroup/memory/memory.numa_stat > /dev/null real 0m0.001s user 0m0.001s sys 0m0.000s [akpm@linux-foundation.org: avoid forcing out-of-line code generation] Signed-off-by: Shakeel Butt Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Acked-by: Johannes Weiner Cc: Roman Gushchin Cc: Michal Hocko Link: http://lkml.kernel.org/r/20200304022058.248270-1-shakeelb@google.com Signed-off-by: Linus Torvalds commit dde3c6b72a16c2db826f54b2d49bdea26c3534a2 Author: Wang Hai Date: Wed Jun 3 15:56:21 2020 -0700 mm/slub: fix a memory leak in sysfs_slab_add() syzkaller reports for memory leak when kobject_init_and_add() returns an error in the function sysfs_slab_add() [1] When this happened, the function kobject_put() is not called for the corresponding kobject, which potentially leads to memory leak. This patch fixes the issue by calling kobject_put() even if kobject_init_and_add() fails. [1] BUG: memory leak unreferenced object 0xffff8880a6d4be88 (size 8): comm "syz-executor.3", pid 946, jiffies 4295772514 (age 18.396s) hex dump (first 8 bytes): 70 69 64 5f 33 00 ff ff pid_3... backtrace: kstrdup+0x35/0x70 mm/util.c:60 kstrdup_const+0x3d/0x50 mm/util.c:82 kvasprintf_const+0x112/0x170 lib/kasprintf.c:48 kobject_set_name_vargs+0x55/0x130 lib/kobject.c:289 kobject_add_varg lib/kobject.c:384 [inline] kobject_init_and_add+0xd8/0x170 lib/kobject.c:473 sysfs_slab_add+0x1d8/0x290 mm/slub.c:5811 __kmem_cache_create+0x50a/0x570 mm/slub.c:4384 create_cache+0x113/0x1e0 mm/slab_common.c:407 kmem_cache_create_usercopy+0x1a1/0x260 mm/slab_common.c:505 kmem_cache_create+0xd/0x10 mm/slab_common.c:564 create_pid_cachep kernel/pid_namespace.c:54 [inline] create_pid_namespace kernel/pid_namespace.c:96 [inline] copy_pid_ns+0x77c/0x8f0 kernel/pid_namespace.c:148 create_new_namespaces+0x26b/0xa30 kernel/nsproxy.c:95 unshare_nsproxy_namespaces+0xa7/0x1e0 kernel/nsproxy.c:229 ksys_unshare+0x3d2/0x770 kernel/fork.c:2969 __do_sys_unshare kernel/fork.c:3037 [inline] __se_sys_unshare kernel/fork.c:3035 [inline] __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3035 do_syscall_64+0xa1/0x530 arch/x86/entry/common.c:295 Fixes: 80da026a8e5d ("mm/slub: fix slab double-free in case of duplicate sysfs filename") Reported-by: Hulk Robot Signed-off-by: Wang Hai Signed-off-by: Andrew Morton Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Link: http://lkml.kernel.org/r/20200602115033.1054-1-wanghai38@huawei.com Signed-off-by: Linus Torvalds commit c444eb564fb16645c172d550359cb3d75fe8a040 Author: Andrea Arcangeli Date: Wed May 27 19:06:24 2020 -0400 mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() Write protect anon page faults require an accurate mapcount to decide if to break the COW or not. This is implemented in the THP path with reuse_swap_page() -> page_trans_huge_map_swapcount()/page_trans_huge_mapcount(). If the COW triggers while the other processes sharing the page are under a huge pmd split, to do an accurate reading, we must ensure the mapcount isn't computed while it's being transferred from the head page to the tail pages. reuse_swap_cache() already runs serialized by the page lock, so it's enough to add the page lock around __split_huge_pmd_locked too, in order to add the missing serialization. Note: the commit in "Fixes" is just to facilitate the backporting, because the code before such commit didn't try to do an accurate THP mapcount calculation and it instead used the page_count() to decide if to COW or not. Both the page_count and the pin_count are THP-wide refcounts, so they're inaccurate if used in reuse_swap_page(). Reverting such commit (besides the unrelated fix to the local anon_vma assignment) would have also opened the window for memory corruption side effects to certain workloads as documented in such commit header. Signed-off-by: Andrea Arcangeli Suggested-by: Jann Horn Reported-by: Jann Horn Acked-by: Kirill A. Shutemov Fixes: 6d0a07edd17c ("mm: thp: calculate the mapcount correctly for THP pages during WP faults") Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds commit daceabf1b494c9e40a93fcc323b1258f557f65a1 Author: Tom Zanussi Date: Wed Jun 3 10:21:24 2020 -0500 tracing/doc: Fix ascii-art in histogram-design.rst This fixes the Sphinx parallel build error when building htmldocs: docutils.utils.SystemMessage: /home/sfr/next/next/Documentation/trace/histogram-design.rst:219: (SEVERE/4) Unexpected section title. It also fixes a bunch of other warnings I noticed when fixing the above, caused by mixing ascii-art and text. Link: https://lkml.kernel.org/r/69c291c76964642a417e5dd170d183ba6b552010.camel@kernel.org Reported-by: Stephen Rothwell Tested-by: Stephen Rothwell Signed-off-by: Tom Zanussi Signed-off-by: Steven Rostedt (VMware) commit cb8e59cc87201af93dfbb6c3dccc8fcad72a09c2 Merge: 2e63f6ce7ed2 065fcfd49763 Author: Linus Torvalds Date: Wed Jun 3 16:27:18 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next Pull networking updates from David Miller: 1) Allow setting bluetooth L2CAP modes via socket option, from Luiz Augusto von Dentz. 2) Add GSO partial support to igc, from Sasha Neftin. 3) Several cleanups and improvements to r8169 from Heiner Kallweit. 4) Add IF_OPER_TESTING link state and use it when ethtool triggers a device self-test. From Andrew Lunn. 5) Start moving away from custom driver versions, use the globally defined kernel version instead, from Leon Romanovsky. 6) Support GRO vis gro_cells in DSA layer, from Alexander Lobakin. 7) Allow hard IRQ deferral during NAPI, from Eric Dumazet. 8) Add sriov and vf support to hinic, from Luo bin. 9) Support Media Redundancy Protocol (MRP) in the bridging code, from Horatiu Vultur. 10) Support netmap in the nft_nat code, from Pablo Neira Ayuso. 11) Allow UDPv6 encapsulation of ESP in the ipsec code, from Sabrina Dubroca. Also add ipv6 support for espintcp. 12) Lots of ReST conversions of the networking documentation, from Mauro Carvalho Chehab. 13) Support configuration of ethtool rxnfc flows in bcmgenet driver, from Doug Berger. 14) Allow to dump cgroup id and filter by it in inet_diag code, from Dmitry Yakunin. 15) Add infrastructure to export netlink attribute policies to userspace, from Johannes Berg. 16) Several optimizations to sch_fq scheduler, from Eric Dumazet. 17) Fallback to the default qdisc if qdisc init fails because otherwise a packet scheduler init failure will make a device inoperative. From Jesper Dangaard Brouer. 18) Several RISCV bpf jit optimizations, from Luke Nelson. 19) Correct the return type of the ->ndo_start_xmit() method in several drivers, it's netdev_tx_t but many drivers were using 'int'. From Yunjian Wang. 20) Add an ethtool interface for PHY master/slave config, from Oleksij Rempel. 21) Add BPF iterators, from Yonghang Song. 22) Add cable test infrastructure, including ethool interfaces, from Andrew Lunn. Marvell PHY driver is the first to support this facility. 23) Remove zero-length arrays all over, from Gustavo A. R. Silva. 24) Calculate and maintain an explicit frame size in XDP, from Jesper Dangaard Brouer. 25) Add CAP_BPF, from Alexei Starovoitov. 26) Support terse dumps in the packet scheduler, from Vlad Buslov. 27) Support XDP_TX bulking in dpaa2 driver, from Ioana Ciornei. 28) Add devm_register_netdev(), from Bartosz Golaszewski. 29) Minimize qdisc resets, from Cong Wang. 30) Get rid of kernel_getsockopt and kernel_setsockopt in order to eliminate set_fs/get_fs calls. From Christoph Hellwig. * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next: (2517 commits) selftests: net: ip_defrag: ignore EPERM net_failover: fixed rollback in net_failover_open() Revert "tipc: Fix potential tipc_aead refcnt leak in tipc_crypto_rcv" Revert "tipc: Fix potential tipc_node refcnt leak in tipc_rcv" vmxnet3: allow rx flow hash ops only when rss is enabled hinic: add set_channels ethtool_ops support selftests/bpf: Add a default $(CXX) value tools/bpf: Don't use $(COMPILE.c) bpf, selftests: Use bpf_probe_read_kernel s390/bpf: Use bcr 0,%0 as tail call nop filler s390/bpf: Maintain 8-byte stack alignment selftests/bpf: Fix verifier test selftests/bpf: Fix sample_cnt shared between two threads bpf, selftests: Adapt cls_redirect to call csum_level helper bpf: Add csum_level helper for fixing up csum levels bpf: Fix up bpf_skb_adjust_room helper's skb csum setting sfc: add missing annotation for efx_ef10_try_update_nic_stats_vf() crypto/chtls: IPv6 support for inline TLS Crypto/chcr: Fixes a coccinile check error Crypto/chcr: Fixes compilations warnings ... commit 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 Merge: ae03c53d005e bac42fb21259 Author: Linus Torvalds Date: Wed Jun 3 15:55:45 2020 -0700 Merge branch 'uaccess.comedi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull comedi uaccess cleanups from Al Viro: "Comedi compat ioctls done saner - killing the single biggest pile of __get_user/__put_user outside of arch/* in the process" * 'uaccess.comedi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: comedi: get rid of compat_alloc_user_space() mess in COMEDI_CMD{,TEST} compat comedi: do_cmd_ioctl(): lift copyin/copyout into the caller comedi: do_cmdtest_ioctl(): lift copyin/copyout into the caller comedi: lift copy_from_user() into callers of __comedi_get_user_cmd() comedi: get rid of compat_alloc_user_space() mess in COMEDI_INSNLIST compat comedi: get rid of compat_alloc_user_space() mess in COMEDI_INSN compat comedi: get rid of compat_alloc_user_space() mess in COMEDI_RANGEINFO compat comedi: get rid of compat_alloc_user_space() mess in COMEDI_CHANINFO compat comedi: get rid of indirection via translated_ioctl() comedi: move compat ioctl handling to native fops commit ae03c53d005ef8a1e0253ad67b7b62103ea1fae6 Merge: 039aeb9deb92 c928f642c29a Author: Linus Torvalds Date: Wed Jun 3 15:52:19 2020 -0700 Merge branch 'work.splice' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull splice updates from Al Viro: "Christoph's assorted splice cleanups" * 'work.splice' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fs: rename pipe_buf ->steal to ->try_steal fs: make the pipe_buf_operations ->confirm operation optional fs: make the pipe_buf_operations ->steal operation optional trace: remove tracing_pipe_buf_ops pipe: merge anon_pipe_buf*_ops fs: simplify do_splice_from fs: simplify do_splice_to commit 94873f6b46f8c103759c28adc121a58022972d01 Author: Baolin Wang Date: Thu May 7 11:47:25 2020 +0800 pinctrl: sprd: Fix the incorrect pull-up definition The bits of pull up resistor selection were defined mistakenly, thus fix them. Fixes: 41d32cfce1ae ("pinctrl: sprd: Add Spreadtrum pin control driver") Signed-off-by: Baolin Wang Link: https://lore.kernel.org/r/e973f8f194ce4cb2639121572e8621b5efa5bfbe.1588823152.git.baolin.wang7@gmail.com Signed-off-by: Linus Walleij commit 039aeb9deb9291f3b19c375a8bc6fa7f768996cc Merge: 6b2591c21273 13ffbd8db1dd Author: Linus Torvalds Date: Wed Jun 3 15:13:47 2020 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull kvm updates from Paolo Bonzini: "ARM: - Move the arch-specific code into arch/arm64/kvm - Start the post-32bit cleanup - Cherry-pick a few non-invasive pre-NV patches x86: - Rework of TLB flushing - Rework of event injection, especially with respect to nested virtualization - Nested AMD event injection facelift, building on the rework of generic code and fixing a lot of corner cases - Nested AMD live migration support - Optimization for TSC deadline MSR writes and IPIs - Various cleanups - Asynchronous page fault cleanups (from tglx, common topic branch with tip tree) - Interrupt-based delivery of asynchronous "page ready" events (host side) - Hyper-V MSRs and hypercalls for guest debugging - VMX preemption timer fixes s390: - Cleanups Generic: - switch vCPU thread wakeup from swait to rcuwait The other architectures, and the guest side of the asynchronous page fault work, will come next week" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (256 commits) KVM: selftests: fix rdtsc() for vmx_tsc_adjust_test KVM: check userspace_addr for all memslots KVM: selftests: update hyperv_cpuid with SynDBG tests x86/kvm/hyper-v: Add support for synthetic debugger via hypercalls x86/kvm/hyper-v: enable hypercalls regardless of hypercall page x86/kvm/hyper-v: Add support for synthetic debugger interface x86/hyper-v: Add synthetic debugger definitions KVM: selftests: VMX preemption timer migration test KVM: nVMX: Fix VMX preemption timer migration x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit KVM: x86/pmu: Support full width counting KVM: x86/pmu: Tweak kvm_pmu_get_msr to pass 'struct msr_data' in KVM: x86: announce KVM_FEATURE_ASYNC_PF_INT KVM: x86: acknowledgment mechanism for async pf page ready notifications KVM: x86: interrupt based APF 'page ready' event delivery KVM: introduce kvm_read_guest_offset_cached() KVM: rename kvm_arch_can_inject_async_page_present() to kvm_arch_can_dequeue_async_page_present() KVM: x86: extend struct kvm_vcpu_pv_apf_data with token info Revert "KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously" KVM: VMX: Replace zero-length array with flexible-array ... commit 08acc963190a3a0eb491efa9cc466b2c18d59f22 Author: Christophe JAILLET Date: Sun May 31 09:37:16 2020 +0200 pinctrl: pxa: pxa2xx: Remove 'pxa2xx_pinctrl_exit()' which is unused and broken Commit 6d33ee7a0534 ("pinctrl: pxa: Use devm_pinctrl_register() for pinctrl registration") has turned a 'pinctrl_register()' into 'devm_pinctrl_register()' in 'pxa2xx_pinctrl_init()'. However, the corresponding 'pinctrl_unregister()' call in 'pxa2xx_pinctrl_exit()' has not been removed. This is not an issue, because 'pxa2xx_pinctrl_exit()' is unused. Remove it now to avoid some wondering in the future and save a few LoC. Fixes: 6d33ee7a0534 ("pinctrl: pxa: Use devm_pinctrl_register() for pinctrl registration") Signed-off-by: Christophe JAILLET Acked-by: Robert Jarzmik Link: https://lore.kernel.org/r/20200531073716.593343-1-christophe.jaillet@wanadoo.fr Signed-off-by: Linus Walleij commit 6b2591c21273ebf65c13dae5d260ce88f0f197dd Merge: f1e455352b6f afaa33da08ab Author: Linus Torvalds Date: Wed Jun 3 15:00:05 2020 -0700 Merge tag 'hyperv-next-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux Pull hyper-v updates from Wei Liu: - a series from Andrea to support channel reassignment - a series from Vitaly to clean up Vmbus message handling - a series from Michael to clean up and augment hyperv-tlfs.h - patches from Andy to clean up GUID usage in Hyper-V code - a few other misc patches * tag 'hyperv-next-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux: (29 commits) Drivers: hv: vmbus: Resolve more races involving init_vp_index() Drivers: hv: vmbus: Resolve race between init_vp_index() and CPU hotplug vmbus: Replace zero-length array with flexible-array Driver: hv: vmbus: drop a no long applicable comment hyper-v: Switch to use UUID types directly hyper-v: Replace open-coded variant of %*phN specifier hyper-v: Supply GUID pointer to printf() like functions hyper-v: Use UUID API for exporting the GUID (part 2) asm-generic/hyperv: Add definitions for Get/SetVpRegister hypercalls x86/hyperv: Split hyperv-tlfs.h into arch dependent and independent files x86/hyperv: Remove HV_PROCESSOR_POWER_STATE #defines KVM: x86: hyperv: Remove duplicate definitions of Reference TSC Page drivers: hv: remove redundant assignment to pointer primary_channel scsi: storvsc: Re-init stor_chns when a channel interrupt is re-assigned Drivers: hv: vmbus: Introduce the CHANNELMSG_MODIFYCHANNEL message type Drivers: hv: vmbus: Synchronize init_vp_index() vs. CPU hotplug Drivers: hv: vmbus: Remove the unused HV_LOCALIZED channel affinity logic PCI: hv: Prepare hv_compose_msi_msg() for the VMBus-channel-interrupt-to-vCPU reassignment functionality Drivers: hv: vmbus: Use a spin lock for synchronizing channel scheduling vs. channel removal hv_utils: Always execute the fcopy and vss callbacks in a tasklet ... commit 8211d1e83aded34631aa87fa37f97d7bb712e925 Author: 周琰杰 (Zhou Yanjie) Date: Thu May 28 11:15:45 2020 +0800 dt-bindings: clock: Add documentation for X1830 bindings. Add documentation for the clock bindings of the X1830 Soc from Ingenic. Reviewed-by: Rob Herring Acked-by: Rob Herring Signed-off-by: 周琰杰 (Zhou Yanjie) Signed-off-by: Rob Herring commit f1e455352b6f503532eb3637d0a6d991895e7856 Merge: 38696e33e2bd c893de12e1ef Author: Linus Torvalds Date: Wed Jun 3 14:57:03 2020 -0700 Merge tag 'kgdb-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux Pull kgdb updates from Daniel Thompson: "By far the biggest change in this cycle are the changes that allow much earlier debug of systems that are hooked up via UART by taking advantage of the earlycon framework to implement the kgdb I/O hooks before handing over to the regular polling I/O drivers once they are available. When discussing Doug's work we also found and fixed an broken raw_smp_processor_id() sequence in in_dbg_master(). Also included are a collection of much smaller fixes and tweaks: a couple of tweaks to ged rid of doc gen or coccicheck warnings, future proof some internal calculations that made implicit power-of-2 assumptions and eliminate some rather weird handling of magic environment variables in kdb" * tag 'kgdb-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux: kdb: Remove the misfeature 'KDBFLAGS' kdb: Cleanup math with KDB_CMD_HISTORY_COUNT serial: amba-pl011: Support kgdboc_earlycon serial: 8250_early: Support kgdboc_earlycon serial: qcom_geni_serial: Support kgdboc_earlycon serial: kgdboc: Allow earlycon initialization to be deferred Documentation: kgdboc: Document new kgdboc_earlycon parameter kgdb: Don't call the deinit under spinlock kgdboc: Disable all the early code when kgdboc is a module kgdboc: Add kgdboc_earlycon to support early kgdb using boot consoles kgdboc: Remove useless #ifdef CONFIG_KGDB_SERIAL_CONSOLE in kgdboc kgdb: Prevent infinite recursive entries to the debugger kgdb: Delay "kgdbwait" to dbg_late_init() by default kgdboc: Use a platform device to handle tty drivers showing up late Revert "kgdboc: disable the console lock when in kgdb" kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb kgdb: Return true in kgdb_nmi_poll_knock() kgdb: Drop malformed kernel doc comment kgdb: Fix spurious true from in_dbg_master() commit 636338d7968e47c7f2e0b772a2a825ad932883fb Author: Tony Lindgren Date: Wed Jun 3 15:02:20 2020 -0700 bus: ti-sysc: Increase max softreset wait Otherwise we can get "OCP softreset timed out" warnings occasionally at least for i2c2 on omap4 now that we check the OCP softreset completed bit on enable. Reported-by: Merlijn Wajer Signed-off-by: Tony Lindgren commit 6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2 Author: Roberto Sassu Date: Wed Jun 3 17:08:21 2020 +0200 ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() If the template field 'd' is chosen and the digest to be added to the measurement entry was not calculated with SHA1 or MD5, it is recalculated with SHA1, by using the passed file descriptor. However, this cannot be done for boot_aggregate, because there is no file descriptor. This patch adds a call to ima_calc_boot_aggregate() in ima_eventdigest_init(), so that the digest can be recalculated also for the boot_aggregate entry. Cc: stable@vger.kernel.org # 3.13.x Fixes: 3ce1217d6cd5d ("ima: define template fields library and new helpers") Reported-by: Takashi Iwai Signed-off-by: Roberto Sassu Signed-off-by: Mimi Zohar commit 38696e33e2bdf91cbbc7a2291dc6db862d9dfd42 Merge: 44e40e96b5ac 3ead2f97bd44 Author: Linus Torvalds Date: Wed Jun 3 14:01:23 2020 -0700 Merge tag 'xtensa-20200603' of git://github.com/jcmvbkbc/linux-xtensa Pull Xtensa updates from Max Filippov: - fix __user annotations in asm/uaccess.h - fix comments in entry.S * tag 'xtensa-20200603' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: Fix spelling/grammar in comment xtensa: add missing __user annotations to asm/uaccess.h xtensa: fix error paths in __get_user_{check,size} xtensa: fix type conversion in __get_user_size xtensa: add missing __user annotations to __{get,put}_user_check commit b7e4b65f3fe92abbf4a1f57987a54c820969aebd Author: Al Viro Date: Fri May 8 00:16:31 2020 -0400 bpf: make bpf_check_uarg_tail_zero() use check_zeroed_user() ... rather than open-coding it, and badly, at that. Acked-by: Alexei Starovoitov Signed-off-by: Al Viro commit 9eb41c521465f62332dfddcd399412fdff9c062b Author: Al Viro Date: Tue Feb 18 17:32:46 2020 -0500 x86: kvm_hv_set_msr(): use __put_user() instead of 32bit __clear_user() Signed-off-by: Al Viro commit 5ea75ae6ae60d13dfa35fd5d2e2a81824cba6662 Author: Al Viro Date: Tue Feb 18 17:30:05 2020 -0500 user_regset_copyout_zero(): use clear_user() that's the only caller of __clear_user() in generic code, and it's not hot enough to bother with skipping access_ok(). Signed-off-by: Al Viro commit 86977da9cb71c8293263c630ac920dd1537de9e5 Author: Al Viro Date: Sun Feb 16 19:39:36 2020 -0500 TEST_ACCESS_OK _never_ had been checked anywhere Once upon a time the predecessor of that thing (TEST_VERIFY_AREA) used to be. However, that had been gone for years now (and the patch that introduced TEST_ACCESS_OK has not touched any ifdefs - they got gradually removed later). Just bury it... Signed-off-by: Al Viro commit c120f3b81ede0e3d2cf34d457d7c628306760ff1 Author: Al Viro Date: Sun Feb 16 17:32:57 2020 -0500 x86: switch cp_stat64() to unsafe_put_user() Signed-off-by: Al Viro commit 8861fd576ecf96450f42f3eb4b56cad5bf12188a Author: Al Viro Date: Wed Feb 19 09:32:55 2020 -0500 binfmt_flat: don't use __put_user() ... and check the return value Signed-off-by: Al Viro commit 0abb013e2e73c40bd196413b49651b29e1b7dafb Author: Al Viro Date: Wed Feb 19 09:28:34 2020 -0500 binfmt_elf_fdpic: don't use __... uaccess primitives Signed-off-by: Al Viro commit 646e84deb4496e2a884ca87fa960f1c614da882a Author: Al Viro Date: Wed Feb 19 09:23:34 2020 -0500 binfmt_elf: don't bother with __{put,copy_to}_user() Signed-off-by: Al Viro commit 44e40e96b5accb18a100fee1a67cde422d791c4c Merge: 8226f11318bd 775024cf49ff Author: Linus Torvalds Date: Wed Jun 3 13:45:21 2020 -0700 Merge branch 'parisc-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parsic updates from Helge Deller: "Enable the sysctl file interface for panic_on_stackoverflow for parisc, a warning fix and a bunch of documentation updates since the parisc website is now at https://parisc.wiki.kernel.org" * 'parisc-5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: MAINTAINERS: Update references to parisc website parisc: module: Update references to parisc website parisc: hardware: Update references to parisc website parisc: firmware: Update references to parisc website parisc: Kconfig: Update references to parisc website parisc: add sysctl file interface panic_on_stackoverflow parisc: use -fno-strict-aliasing for decompressor parisc: suppress error messages for 'make clean' commit f54736925a4f83a67588381d0ead69d19323b526 Author: Tali Perry Date: Wed May 27 23:08:20 2020 +0300 i2c: npcm7xx: Add support for slave mode for Nuvoton Add support for slave mode for Nuvoton NPCM BMC I2C controller driver. Signed-off-by: Tali Perry Reviewed-by: Andy Shevchenko Signed-off-by: Wolfram Sang commit 56a1485b102ed1cd5a4af8e87ed794699fd1cad2 Author: Tali Perry Date: Wed May 27 23:08:19 2020 +0300 i2c: npcm7xx: Add Nuvoton NPCM I2C controller driver Add Nuvoton NPCM BMC I2C controller driver. Signed-off-by: Tali Perry Reviewed-by: Andy Shevchenko Signed-off-by: Wolfram Sang commit cd020be04b6ec269df1b44d5cd2cd548cae0d46a Author: Tali Perry Date: Wed May 27 23:08:18 2020 +0300 dt-bindings: i2c: npcm7xx: add NPCM I2C controller Added device tree binding documentation for Nuvoton BMC NPCM I2C controller. Signed-off-by: Tali Perry Reviewed-by: Rob Herring Signed-off-by: Wolfram Sang commit 9fa060df65715732655f7f46fe7fa68fc1a5b98e Author: Lubomir Rintel Date: Tue Jun 2 21:38:23 2020 +0200 i2c: pxa: don't error out if there's no pinctrl The bus recovery patch regresses on OLPC XO-1.75 that has no pinctrl in its DT. Fixes: 7c9ec2c52518 ("i2c: pxa: implement generic i2c bus recovery")' Signed-off-by: Lubomir Rintel Signed-off-by: Wolfram Sang commit 8226f11318bd03ae0dbf028f7c433071cf4927f4 Merge: e8f4abf8fd1a 9bd0bd264578 Author: Linus Torvalds Date: Wed Jun 3 13:32:21 2020 -0700 Merge tag 'mips_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS updates from Thomas Bogendoerfer: - added support for MIPSr5 and P5600 cores - converted Loongson PCI driver into a PCI host driver using the generic PCI framework - added emulation of CPUCFG command for Loogonson64 cpus - removed of LASAT, PMC MSP71xx and NEC MARKEINS/EMMA - ioremap cleanup - fix for a race between two threads faulting the same page - various cleanups and fixes * tag 'mips_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: (143 commits) MIPS: ralink: drop ralink_clk_init for mt7621 MIPS: ralink: bootrom: mark a function as __init to save some memory MIPS: Loongson64: Reorder CPUCFG model match arms MIPS: Expose Loongson CPUCFG availability via HWCAP MIPS: Loongson64: Guard against future cores without CPUCFG MIPS: Fix build warning about "PTR_STR" redefinition MIPS: Loongson64: Remove not used pci.c MIPS: Loongson64: Define PCI_IOBASE MIPS: CPU_LOONGSON2EF need software to maintain cache consistency MIPS: DTS: Fix build errors used with various configs MIPS: Loongson64: select NO_EXCEPT_FILL MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() MIPS: mm: add page valid judgement in function pte_modify mm/memory.c: Add memory read privilege on page fault handling mm/memory.c: Update local TLB if PTE entry exists MIPS: Do not flush tlb page when updating PTE entry MIPS: ingenic: Default to a generic board MIPS: ingenic: Add support for GCW Zero prototype MIPS: ingenic: DTS: Add memory info of GCW Zero MIPS: Loongson64: Switch to generic PCI driver ... commit e8f4abf8fd1a2beb94983cb95ed713df75b3d135 Merge: e7c93cbfe9cb 174e1ea8a2f6 Author: Linus Torvalds Date: Wed Jun 3 13:24:54 2020 -0700 Merge branch 'uaccess.csum' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull ia64 build regression fix from Al Viro: "Fix a braino in ia64 uaccess csum changes" * 'uaccess.csum' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix a braino in ia64 uaccess csum changes commit 16ba7e312045cd5d32fba0156312b4303f200787 Merge: e72455b898ac 346338ef00d3 c4f0126d487f 16863fbc1cf2 0b66fb3e6b7a c08ce255033a 328de1c519c5 27a6f70173ac Author: Jiri Kosina Date: Wed Jun 3 22:23:52 2020 +0200 Merge branches 'for-5.7/upstream-fixes', 'for-5.8/apple', 'for-5.8/asus', 'for-5.8/core', 'for-5.8/intel-ish', 'for-5.8/logitech', 'for-5.8/mcp2221' and 'for-5.8/multitouch' into for-linus commit 174e1ea8a2f6140078b6c61068b478cf3c4aa74f Author: Al Viro Date: Wed Jun 3 16:15:28 2020 -0400 fix a braino in ia64 uaccess csum changes Fixes: cc03f19cfd45 (ia64: csum_partial_copy_nocheck(): don't abuse csum_partial_copy_from_user()) Reported-by: Guenter Roeck Tested-by: Guenter Roeck Signed-off-by: Al Viro commit e7c93cbfe9cb4b0a47633099e78c455b1f79bbac Merge: d479c5a1919b 2b40c5db73e2 Author: Linus Torvalds Date: Wed Jun 3 13:12:57 2020 -0700 Merge tag 'threads-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux Pull thread updates from Christian Brauner: "We have been discussing using pidfds to attach to namespaces for quite a while and the patches have in one form or another already existed for about a year. But I wanted to wait to see how the general api would be received and adopted. This contains the changes to make it possible to use pidfds to attach to the namespaces of a process, i.e. they can be passed as the first argument to the setns() syscall. When only a single namespace type is specified the semantics are equivalent to passing an nsfd. That means setns(nsfd, CLONE_NEWNET) equals setns(pidfd, CLONE_NEWNET). However, when a pidfd is passed, multiple namespace flags can be specified in the second setns() argument and setns() will attach the caller to all the specified namespaces all at once or to none of them. Specifying 0 is not valid together with a pidfd. Here are just two obvious examples: setns(pidfd, CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWNET); setns(pidfd, CLONE_NEWUSER); Allowing to also attach subsets of namespaces supports various use-cases where callers setns to a subset of namespaces to retain privilege, perform an action and then re-attach another subset of namespaces. Apart from significantly reducing the number of syscalls needed to attach to all currently supported namespaces (eight "open+setns" sequences vs just a single "setns()"), this also allows atomic setns to a set of namespaces, i.e. either attaching to all namespaces succeeds or we fail without having changed anything. This is centered around a new internal struct nsset which holds all information necessary for a task to switch to a new set of namespaces atomically. Fwiw, with this change a pidfd becomes the only token needed to interact with a container. I'm expecting this to be picked-up by util-linux for nsenter rather soon. Associated with this change is a shiny new test-suite dedicated to setns() (for pidfds and nsfds alike)" * tag 'threads-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux: selftests/pidfd: add pidfd setns tests nsproxy: attach to namespaces via pidfds nsproxy: add struct nsset commit d479c5a1919b4e569dcd3ae9c84ed74a675d0b94 Merge: f6aee505c71b 25de110d1486 Author: Linus Torvalds Date: Wed Jun 3 13:06:42 2020 -0700 Merge tag 'sched-core-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler updates from Ingo Molnar: "The changes in this cycle are: - Optimize the task wakeup CPU selection logic, to improve scalability and reduce wakeup latency spikes - PELT enhancements - CFS bandwidth handling fixes - Optimize the wakeup path by remove rq->wake_list and replacing it with ->ttwu_pending - Optimize IPI cross-calls by making flush_smp_call_function_queue() process sync callbacks first. - Misc fixes and enhancements" * tag 'sched-core-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (36 commits) irq_work: Define irq_work_single() on !CONFIG_IRQ_WORK too sched/headers: Split out open-coded prototypes into kernel/sched/smp.h sched: Replace rq::wake_list sched: Add rq::ttwu_pending irq_work, smp: Allow irq_work on call_single_queue smp: Optimize send_call_function_single_ipi() smp: Move irq_work_run() out of flush_smp_call_function_queue() smp: Optimize flush_smp_call_function_queue() sched: Fix smp_call_function_single_async() usage for ILB sched/core: Offload wakee task activation if it the wakee is descheduling sched/core: Optimize ttwu() spinning on p->on_cpu sched: Defend cfs and rt bandwidth quota against overflow sched/cpuacct: Fix charge cpuacct.usage_sys sched/fair: Replace zero-length array with flexible-array sched/pelt: Sync util/runnable_sum with PELT window when propagating sched/cpuacct: Use __this_cpu_add() instead of this_cpu_ptr() sched/fair: Optimize enqueue_task_fair() sched: Make scheduler_ipi inline sched: Clean up scheduler_ipi() sched/core: Simplify sched_init() ... commit a24eaa5c51255b344d5a321f1eeb3205f2775498 Author: Nicholas Kazlauskas Date: Tue Jun 2 20:42:33 2020 -0400 drm/amd/display: Revalidate bandwidth before commiting DC updates [Why] Whenever we switch between tiled formats without also switching pixel formats or doing anything else that recreates the DC plane state we can run into underflow or hangs since we're not updating the DML parameters before committing to the hardware. [How] If the update type is FULL then call validate_bandwidth again to update the DML parmeters before committing the state. This is basically just a workaround and protective measure against update types being added DC where we could run into this issue in the future. We can only fully validate the state in advance before applying it to the hardware if we recreate all the plane and stream states since we can't modify what's currently in use. The next step is to update DM to ensure that we're creating the plane and stream states for whatever could potentially be a full update in DC to pre-emptively recreate the state for DC global validation. The workaround can stay until this has been fixed in DM. Signed-off-by: Nicholas Kazlauskas Reviewed-by: Hersen Wu Signed-off-by: Alex Deucher commit b7f839d292948142eaab77cedd031aad0bfec872 Author: Alex Deucher Date: Tue Jun 2 17:22:48 2020 -0400 drm/amdgpu/display: use blanked rather than plane state for sync groups We may end up with no planes set yet, depending on the ordering, but we should have the proper blanking state which is either handled by either DPG or TG depending on the hardware generation. Check both to determine the proper blanked state. Bug: https://gitlab.freedesktop.org/drm/amd/issues/781 Fixes: 5fc0cbfad45648 ("drm/amd/display: determine if a pipe is synced by plane state") Cc: nicholas.kazlauskas@amd.com Reviewed-by: Nicholas Kazlauskas Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org commit 067a436b1b0aafa593344fddd711a755a58afb3b Author: Roberto Sassu Date: Wed Jun 3 17:08:20 2020 +0200 ima: Directly assign the ima_default_policy pointer to ima_rules This patch prevents the following oops: [ 10.771813] BUG: kernel NULL pointer dereference, address: 0000000000000 [...] [ 10.779790] RIP: 0010:ima_match_policy+0xf7/0xb80 [...] [ 10.798576] Call Trace: [ 10.798993] ? ima_lsm_policy_change+0x2b0/0x2b0 [ 10.799753] ? inode_init_owner+0x1a0/0x1a0 [ 10.800484] ? _raw_spin_lock+0x7a/0xd0 [ 10.801592] ima_must_appraise.part.0+0xb6/0xf0 [ 10.802313] ? ima_fix_xattr.isra.0+0xd0/0xd0 [ 10.803167] ima_must_appraise+0x4f/0x70 [ 10.804004] ima_post_path_mknod+0x2e/0x80 [ 10.804800] do_mknodat+0x396/0x3c0 It occurs when there is a failure during IMA initialization, and ima_init_policy() is not called. IMA hooks still call ima_match_policy() but ima_rules is NULL. This patch prevents the crash by directly assigning the ima_default_policy pointer to ima_rules when ima_rules is defined. This wouldn't alter the existing behavior, as ima_rules is always set at the end of ima_init_policy(). Cc: stable@vger.kernel.org # 3.7.x Fixes: 07f6a79415d7d ("ima: add appraise action keywords and default rules") Reported-by: Takashi Iwai Signed-off-by: Roberto Sassu Signed-off-by: Mimi Zohar commit b91c8c42ffdd5c983923edb38b3c3e112bfe6263 Author: Christophe Leroy Date: Tue Apr 28 13:16:53 2020 +0000 lib/vdso: Force inlining of __cvdso_clock_gettime_common() When adding gettime64() to a 32 bit architecture (namely powerpc/32) it has been noticed that GCC doesn't inline anymore __cvdso_clock_gettime_common() because it is called twice (Once by __cvdso_clock_gettime() and once by __cvdso_clock_gettime32). This has the effect of seriously degrading the performance: Before the implementation of gettime64(), gettime() runs in: clock-gettime-monotonic-raw: vdso: 1003 nsec/call clock-gettime-monotonic-coarse: vdso: 592 nsec/call clock-gettime-monotonic: vdso: 942 nsec/call When adding a gettime64() entry point, the standard gettime() performance is degraded by 30% to 50%: clock-gettime-monotonic-raw: vdso: 1300 nsec/call clock-gettime-monotonic-coarse: vdso: 900 nsec/call clock-gettime-monotonic: vdso: 1232 nsec/call Adding __always_inline() to __cvdso_clock_gettime_common() regains the original performance. In terms of code size, the inlining increases the code size by only 176 bytes. This is in the noise for a kernel image. Signed-off-by: Christophe Leroy Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/1ab6a62c356c3bec35d1623563ef9c636205bcda.1588079622.git.christophe.leroy@c-s.fr commit fba97dc7fc76b2c9a909fa0b3786d30a9899f5cf Author: Ka-Cheong Poon Date: Wed Jun 3 06:33:38 2020 -0700 RDMA/cm: Spurious WARNING triggered in cm_destroy_id() If the cm_id state is IB_CM_REP_SENT when cm_destroy_id() is called, it calls cm_send_rej_locked(). In cm_send_rej_locked(), it calls cm_enter_timewait() and the state is changed to IB_CM_TIMEWAIT. Now back to cm_destroy_id(), it breaks from the switch statement, and the next call is WARN_ON(cm_id->state != IB_CM_IDLE). This triggers a spurious warning. Instead, the code should goto retest after returning from cm_send_rej_locked() to move the state to IDLE. Fixes: 67b3c8dceac6 ("RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy") Link: https://lore.kernel.org/r/1591191218-9446-1-git-send-email-ka-cheong.poon@oracle.com Signed-off-by: Ka-Cheong Poon Signed-off-by: Jason Gunthorpe commit a645a89d9a780a8fbb6e283f84fc91ad538c2edc Author: Leon Romanovsky Date: Tue Jun 2 15:55:48 2020 +0300 RDMA/mlx5: Return ECE DC support The DC QPs are many-to-one QP types that means that first connection will establish ECE options that coming connections should follow. Due to this property, the ECE code was removed between first [1] and second [2] ECE submissions. This patch returns the dropped code, because ECE is a property of a connection and like any other connection users are needed to manage this data. Allow them to set ECE parameter for DC too and avoid need of having compatibility flag for the DC ECE. [1] https://lore.kernel.org/linux-rdma/20200523132243.817936-1-leon@kernel.org/ [2] https://lore.kernel.org/linux-rdma/20200525174401.71152-1-leon@kernel.org/ Link: https://lore.kernel.org/r/20200602125548.172654-4-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 92cd667c0e8a67de024134be0a6f0bdb320606a8 Author: Leon Romanovsky Date: Tue Jun 2 15:55:47 2020 +0300 RDMA/mlx5: Don't rely on FW to set zeros in ECE response The FW returns zeros in case feature is not enabled, but it is better to have the capability check and ensure that returned result is cleared. Fixes: 3e09a427ae7a ("RDMA/mlx5: Get ECE options from FW during create QP") Link: https://lore.kernel.org/r/20200602125548.172654-3-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 6512f11d386c7cf83a48e71cfd7c7c1b0003c151 Author: Leon Romanovsky Date: Tue Jun 2 15:55:46 2020 +0300 RDMA/mlx5: Return an error if copy_to_user fails In theoretical event, the ib_copy_to_udata() can fail, so return -EFAULT error to the user, so he will destroy the QP. Fixes: 50aec2c3135e ("RDMA/mlx5: Return ECE data after modify QP") Link: https://lore.kernel.org/r/20200602125548.172654-2-leon@kernel.org Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit be25d1b5ea6a3a3ecbb5474e2ae8e32d2ba055ea Author: Tony Luck Date: Wed Jun 3 10:33:52 2020 -0700 x86/cpu: Add Sapphire Rapids CPU model number Latest edition (039) of "Intel Architecture Instruction Set Extensions and Future Features Programming Reference" includes three new CPU model numbers. Linux already has the two Ice Lake server ones. Add the new model number for Sapphire Rapids. Signed-off-by: Tony Luck Signed-off-by: Borislav Petkov Link: https://lkml.kernel.org/r/20200603173352.15506-1-tony.luck@intel.com commit f6aee505c71bbb035dde146caf5a6abbf3ccbe47 Merge: dabc4df27c62 bd35c77e32e4 Author: Linus Torvalds Date: Wed Jun 3 10:18:09 2020 -0700 Merge tag 'x86-timers-2020-06-03' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 timer updates from Thomas Gleixner: "X86 timer specific updates: - Add TPAUSE based delay which allows the CPU to enter an optimized power state while waiting for the delay to pass. The delay is based on TSC cycles. - Add tsc_early_khz command line parameter to workaround the problem that overclocked CPUs can report the wrong frequency via CPUID.16h which causes the refined calibration to fail because the delta to the initial frequency value is too big. With the parameter users can provide an halfways accurate initial value" * tag 'x86-timers-2020-06-03' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/tsc: Add tsc_early_khz command line parameter x86/delay: Introduce TPAUSE delay x86/delay: Refactor delay_mwaitx() for TPAUSE support x86/delay: Preparatory code cleanup commit 77cad9dbc957f23a73169e8a8971186744296614 Author: Tony Lindgren Date: Wed May 27 16:32:06 2020 -0700 ARM: OMAP2+: Fix legacy mode dss_reset We must check for "dss_core" instead of "dss" to avoid also matching also "dss_dispc". This only matters for the mixed case of data configured in device tree but with legacy booting ti,hwmods property still enabled. Fixes: 8b30919a4e3c ("ARM: OMAP2+: Handle reset quirks for dynamically allocated modules") Cc: Laurent Pinchart Cc: Tomi Valkeinen Signed-off-by: Tony Lindgren commit 085bc0e576a4bf53b67a917c54908f299a2fb949 Author: Tony Lindgren Date: Sun May 31 12:37:54 2020 -0700 bus: ti-sysc: Fix uninitialized framedonetv_irq We are currently only setting the framedonetv_irq disabled for the SoCs that don't have it. But we are never setting it enabled for the SoCs that have it. Let's initialized it to true by default. Fixes: 7324a7a0d5e2 ("bus: ti-sysc: Implement display subsystem reset quirk") Cc: Laurent Pinchart Cc: Tomi Valkeinen Signed-off-by: Tony Lindgren commit 08b91dd6e547467fad61a7c201ff71080d7ad65a Author: Tony Lindgren Date: Sun May 31 12:37:54 2020 -0700 bus: ti-sysc: Ignore clockactivity unless specified as a quirk We must ignore the clockactivity bit for most modules and not set it unless specified for the module with SYSC_QUIRK_USE_CLOCKACT. Otherwise the interface clock can be automatically gated constantly causing unexpected performance issues. Fixes: ae9ae12e9daa ("bus: ti-sysc: Handle clockactivity for enable and disable") Cc: Laurent Pinchart Cc: Tomi Valkeinen Signed-off-by: Tony Lindgren commit d46f9fbec71997420e4fb83c04d9affdf423f879 Author: Tony Lindgren Date: Sun May 31 12:37:54 2020 -0700 bus: ti-sysc: Use optional clocks on for enable and wait for softreset bit Some modules reset automatically when idled, and when re-enabled, we must wait for the automatic OCP softreset to complete. And if optional clocks are configured, we need to keep the clocks on while waiting for the reset to complete. Let's fix the issue by moving the OCP softreset code to a separate function sysc_wait_softreset(), and call it also from sysc_enable_module() with the optional clocks enabled. This is based on what we're already doing for legacy platform data booting in _enable_sysc(). Fixes: 7324a7a0d5e2 ("bus: ti-sysc: Implement display subsystem reset quirk") Reported-by: Faiz Abbas Cc: Laurent Pinchart Cc: Tomi Valkeinen Signed-off-by: Tony Lindgren commit dabc4df27c628866ede130a09121f255ca894d8c Merge: f6606d0c0010 809eb4e9bf9d Author: Linus Torvalds Date: Wed Jun 3 10:10:07 2020 -0700 Merge tag 'timers-core-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer updates from Thomas Gleixner: "The truly boring timer and clocksource updates for 5.8: - Not a single new clocksource or clockevent driver! - Device tree updates for various chips - Fixes and improvements and cleanups all over the place" * tag 'timers-core-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (27 commits) dt-bindings: timer: Add renesas,em-sti bindings clocksource/drivers/timer-versatile: Clear OF_POPULATED flag clocksource: mips-gic-timer: Mark GIC timer as unstable if ref clock changes clocksource: mips-gic-timer: Register as sched_clock clocksource: dw_apb_timer_of: Fix missing clockevent timers clocksource: dw_apb_timer: Affiliate of-based timer with any CPU clocksource: dw_apb_timer: Make CPU-affiliation being optional dt-bindings: timer: Move snps,dw-apb-timer DT schema from rtc dt-bindings: rtc: Convert snps,dw-apb-timer to DT schema clocksource/drivers/timer-ti-dm: Do one override clock parent in prepare() clocksource/drivers/timer-ti-dm: Fix spelling mistake "detectt" -> "detect" clocksource/drivers/timer-ti-dm: Fix warning for set but not used clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support clocksource/drivers/timer-ti-32k: Add support for initializing directly drivers/clocksource/arm_arch_timer: Remove duplicate error message clocksource/drivers/arc_timer: Remove duplicate error message clocksource/drivers/rda: drop redundant Kconfig dependency clocksource/drivers/timer-ti-dm: Fix warning for set but not used clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support clocksource/drivers/timer-ti-32k: Add support for initializing directly ... commit f6606d0c0010953e4c28c8662623662b5108b4ce Merge: d6f9469a03d8 d77aeb5d403d Author: Linus Torvalds Date: Wed Jun 3 10:05:11 2020 -0700 Merge tag 'irq-core-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq updates from Thomas Gleixner: "The generic interrupt departement provides: - Cleanup of the irq_domain API - Overhaul of the interrupt chip simulator - The usual pile of new interrupt chip drivers - Cleanups, improvements and fixes all over the place" * tag 'irq-core-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits) irqchip: Fix "Loongson HyperTransport Vector support" driver build on all non-MIPS platforms dt-bindings: interrupt-controller: Add Loongson PCH MSI irqchip: Add Loongson PCH MSI controller dt-bindings: interrupt-controller: Add Loongson PCH PIC irqchip: Add Loongson PCH PIC controller dt-bindings: interrupt-controller: Add Loongson HTVEC irqchip: Add Loongson HyperTransport Vector support genirq: Check irq_data_get_irq_chip() return value before use irqchip/sifive-plic: Improve boot prints for multiple PLIC instances irqchip/sifive-plic: Setup cpuhp once after boot CPU handler is present irqchip/sifive-plic: Set default irq affinity in plic_irqdomain_map() irqchip/gic-v2, v3: Drop extra IRQ_NOAUTOEN setting for (E)PPIs irqdomain: Allow software nodes for IRQ domain creation irqdomain: Get rid of special treatment for ACPI in __irq_domain_add() irqdomain: Make __irq_domain_add() less OF-dependent iio: dummy_evgen: Fix use after free on error in iio_dummy_evgen_create() irqchip/gic-v3-its: Balance initial LPI affinity across CPUs irqchip/gic-v3-its: Track LPI distribution on a per CPU basis genirq/irq_sim: Simplify the API irqdomain: Make irq_domain_reset_irq_data() available to non-hierarchical users ... commit c25bf185e57213b54ea0d632ac04907310993433 Author: J. Bruce Fields Date: Wed Jun 3 11:12:32 2020 -0400 nfsd: safer handling of corrupted c_type This can only happen if there's a bug somewhere, so let's make it a WARN not a printk. Also, I think it's safest to ignore the corruption rather than trying to fix it by removing a cache entry. Signed-off-by: J. Bruce Fields commit ba403242615c2c99e27af7984b1650771a2cc2c9 Author: Christophe JAILLET Date: Tue Jun 2 22:06:26 2020 +0200 pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' Use 'devm_of_iomap()' instead 'of_iomap()' to avoid a resource leak in case of error. Update the error handling code accordingly. Fixes: 26d8cde5260b ("pinctrl: freescale: imx: add shared input select reg support") Suggested-by: Dan Carpenter Signed-off-by: Christophe JAILLET Reviewed-by: Dan Carpenter Link: https://lore.kernel.org/r/20200602200626.677981-1-christophe.jaillet@wanadoo.fr Signed-off-by: Linus Walleij commit 11d8da5cabf7c6c3263ba2cd9c00260395867048 Author: Christophe JAILLET Date: Sat May 30 22:49:55 2020 +0200 pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' 'pinctrl_unregister()' should not be called to undo 'devm_pinctrl_register_and_init()', it is already handled by the framework. This simplifies the error handling paths of the probe function. The 'imx_free_resources()' can be removed as well. Fixes: a51c158bf0f7 ("pinctrl: imx: use radix trees for groups and functions") Signed-off-by: Christophe JAILLET Reviewed-by: Dong Aisheng Link: https://lore.kernel.org/r/20200530204955.588962-1-christophe.jaillet@wanadoo.fr Signed-off-by: Linus Walleij commit 66339f2fba3fa05b0507e1887e4c6abcfc6228a3 Author: yu kuai Date: Wed Jun 3 09:35:32 2020 +0800 pinctrl: sirf: add missing put_device() call in sirfsoc_gpio_probe() A coccicheck run provided information like the following: drivers/pinctrl/sirf/pinctrl-sirf.c:798:2-8: ERROR: missing put_device; call of_find_device_by_node on line 792, but without a corresponding object release within this function. Generated by: scripts/coccinelle/free/put_device.cocci Thus add a jump target to fix the exception handling for this function implementation. Fixes: 5130216265f6 ("PINCTRL: SiRF: add GPIO and GPIO irq support in CSR SiRFprimaII") Signed-off-by: yu kuai Link: https://lore.kernel.org/r/20200603013532.755220-1-yukuai3@huawei.com Signed-off-by: Linus Walleij commit 9eb728321286c4b31e964d2377fca2368526d408 Author: Christophe JAILLET Date: Sat May 30 22:19:52 2020 +0200 pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' When 'pinctrl_register()' has been turned into 'devm_pinctrl_register()', an error handling path has not been updated. Axe a now unneeded 'pinctrl_unregister()'. Fixes: e55e025d1687 ("pinctrl: imxl: Use devm_pinctrl_register() for pinctrl registration") Signed-off-by: Christophe JAILLET Link: https://lore.kernel.org/r/20200530201952.585798-1-christophe.jaillet@wanadoo.fr Signed-off-by: Linus Walleij commit 920fecc1aa4591da27ef9dcb338fc5da86b404d7 Author: Florian Fainelli Date: Sat May 30 17:11:01 2020 -0700 pinctrl: bcm2835: Add support for wake-up interrupts Leverage the IRQCHIP_MASK_ON_SUSPEND flag in order to avoid having to specifically treat the GPIO interrupts during suspend and resume, and simply implement an irq_set_wake() callback that is responsible for enabling the parent wake-up interrupt as a wake-up interrupt. To avoid allocating unnecessary resources for other chips, the wake-up interrupts are only initialized if we have a brcm,bcm7211-gpio compatibility string. Signed-off-by: Florian Fainelli Link: https://lore.kernel.org/r/20200531001101.24945-5-f.fainelli@gmail.com Signed-off-by: Linus Walleij commit 562c856f96d22ef1204b0a314bc52e85617199b4 Author: Florian Fainelli Date: Sat May 30 17:11:00 2020 -0700 pinctrl: bcm2835: Match BCM7211 compatible string The BCM7211 SoC uses the same pinconf_ops as the ones defined for the BCM2711 SoC, match the compatible string and use the correct set of options. Signed-off-by: Florian Fainelli Link: https://lore.kernel.org/r/20200531001101.24945-4-f.fainelli@gmail.com Signed-off-by: Linus Walleij commit d4f2b12e6d8e6be860f6b9e23e964cab607987ac Author: Florian Fainelli Date: Sat May 30 17:10:59 2020 -0700 dt-bindings: pinctrl: Document optional BCM7211 wake-up interrupts BCM7211 supports wake-up interrupts in the form of optional interrupt lines, one per bank, plus the "all banks" interrupt line. Signed-off-by: Florian Fainelli Acked-by: Rob Herring Link: https://lore.kernel.org/r/20200531001101.24945-3-f.fainelli@gmail.com Signed-off-by: Linus Walleij commit 879c93f7062ff15c8712c660f24b79796100c10e Author: Florian Fainelli Date: Sat May 30 17:10:58 2020 -0700 dt-bindings: pinctrl: Document 7211 compatible for brcm, bcm2835-gpio.txt Document the brcm,bcm7211-gpio compatible string in the brcm,bcm2835-gpio.txt document. Signed-off-by: Florian Fainelli Acked-by: Rob Herring Link: https://lore.kernel.org/r/20200531001101.24945-2-f.fainelli@gmail.com Signed-off-by: Linus Walleij commit a45c0ec26d4ae1c8ae679a978fc8b3d35dd836b0 Author: Benjamin Gaignard Date: Wed May 13 16:59:34 2020 +0200 dt-bindings: pinctrl: stm32: Add missing interrupts property Driver use interrupt-parent field so update the bindings to allow it. Signed-off-by: Benjamin Gaignard Acked-by: Rob Herring Link: https://lore.kernel.org/r/20200513145935.22493-15-benjamin.gaignard@st.com Signed-off-by: Linus Walleij commit 74910e15ab25f95f162bc4d4a634d029186543ce Author: Andy Shevchenko Date: Thu May 21 00:19:14 2020 +0300 gpio: pca953x: Drop unneeded ACPI_PTR() ACPI_PTR() becomes a no-op when !CONFIG_ACPI. This is not needed since we always have ID table enabled. Moreover, in the mentioned case compiler will complain about defined but not used variable. Signed-off-by: Andy Shevchenko Link: https://lore.kernel.org/r/20200520211916.25727-3-andriy.shevchenko@linux.intel.com Signed-off-by: Linus Walleij commit b5f73d47f34b238221ac771b5fe4907df621d7cb Author: Arnd Bergmann Date: Tue Apr 7 16:21:46 2020 +0200 clk: sprd: fix compile-testing I got a build failure with CONFIG_ARCH_SPRD=m when the main portion of the clock driver failed to get linked into the kernel: ERROR: modpost: "sprd_pll_sc_gate_ops" [drivers/clk/sprd/sc9863a-clk.ko] undefined! ERROR: modpost: "sprd_pll_ops" [drivers/clk/sprd/sc9863a-clk.ko] undefined! ERROR: modpost: "sprd_div_ops" [drivers/clk/sprd/sc9863a-clk.ko] undefined! ERROR: modpost: "sprd_comp_ops" [drivers/clk/sprd/sc9863a-clk.ko] undefined! ERROR: modpost: "sprd_mux_ops" [drivers/clk/sprd/sc9863a-clk.ko] undefined! ERROR: modpost: "sprd_gate_ops" [drivers/clk/sprd/sc9863a-clk.ko] undefined! ERROR: modpost: "sprd_sc_gate_ops" [drivers/clk/sprd/sc9863a-clk.ko] undefined! ERROR: modpost: "sprd_clk_probe" [drivers/clk/sprd/sc9863a-clk.ko] undefined! ERROR: modpost: "sprd_clk_regmap_init" [drivers/clk/sprd/sc9863a-clk.ko] undefined! ERROR: modpost: "sprd_pll_ops" [drivers/clk/sprd/sc9860-clk.ko] undefined! ERROR: modpost: "sprd_div_ops" [drivers/clk/sprd/sc9860-clk.ko] undefined! ERROR: modpost: "sprd_mux_ops" [drivers/clk/sprd/sc9860-clk.ko] undefined! This is a combination of two trivial bugs: - A platform should not be 'tristate', it should be a 'bool' symbol like the other platforms, if only for consistency, and to avoid surprises like this one. - The clk Makefile does not traverse into the sprd subdirectory if the platform is disabled but the drivers are enabled for compile-testing. Fixing either of the two would be sufficient to address the link failure, but for correctness, both need to be changed. Fixes: 2b1b799d7630 ("arm64: change ARCH_SPRD Kconfig to tristate") Fixes: d41f59fd92f2 ("clk: sprd: Add common infrastructure") Acked-by: Chunyan Zhang Signed-off-by: Arnd Bergmann commit d9b8fbf15d05350b36081eddafcf7b15aa1add50 Author: Chuhong Yuan Date: Wed Jun 3 17:24:59 2020 +0800 ALSA: es1688: Add the missed snd_card_free() snd_es968_pnp_detect() misses a snd_card_free() in a failed path. Add the missed function call to fix it. Fixes: a20971b201ac ("ALSA: Merge es1688 and es968 drivers") Signed-off-by: Chuhong Yuan Cc: Link: https://lore.kernel.org/r/20200603092459.1424093-1-hslester96@gmail.com Signed-off-by: Takashi Iwai commit 27a7c67012cfa6d79f87fbb51afa13c6c0e24e34 Author: Hersen Wu Date: Tue Jun 2 21:31:37 2020 -0400 ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up dp/hdmi ati hda is not shown in audio settings [ rearranged to a more appropriate place per device number order -- tiwai ] Signed-off-by: Hersen Wu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: Link: https://lore.kernel.org/r/20200603013137.1849404-1-alexander.deucher@amd.com Signed-off-by: Takashi Iwai commit b2dd9a44a1098c96935c495570b663bd223a087e Author: Eric Farman Date: Tue May 5 14:27:45 2020 +0200 vfio-ccw: Add trace for CRW event Since CRW events are (should be) rare, let's put a trace in that routine too. Signed-off-by: Eric Farman Reviewed-by: Cornelia Huck Message-Id: <20200505122745.53208-9-farman@linux.ibm.com> Signed-off-by: Cornelia Huck commit 3f02cb2fd9d2d9e8762102886e3e4b51285797ee Author: Farhan Ali Date: Tue May 5 14:27:44 2020 +0200 vfio-ccw: Wire up the CRW irq and CRW region Use the IRQ to notify userspace that there is a CRW pending in the region, related to path-availability changes on the passthrough subchannel. Signed-off-by: Farhan Ali Signed-off-by: Eric Farman Reviewed-by: Cornelia Huck Message-Id: <20200505122745.53208-8-farman@linux.ibm.com> Signed-off-by: Cornelia Huck commit d8cac29b1d52204e6632d2887eff766acd02b9aa Author: Farhan Ali Date: Tue May 5 14:27:43 2020 +0200 vfio-ccw: Introduce a new CRW region This region provides a mechanism to pass a Channel Report Word that affect vfio-ccw devices, and needs to be passed to the guest for its awareness and/or processing. The base driver (see crw_collect_info()) provides space for two CRWs, as a subchannel event may have two CRWs chained together (one for the ssid, one for the subchannel). As vfio-ccw will deal with everything at the subchannel level, provide space for a single CRW to be transferred in one shot. Signed-off-by: Farhan Ali Signed-off-by: Eric Farman Reviewed-by: Cornelia Huck Message-Id: <20200505122745.53208-7-farman@linux.ibm.com> [CH: added padding to ccw_crw_region] Signed-off-by: Cornelia Huck commit 5fdeefa053df54961c1e9b69a128ddb5185ce150 Merge: 4e909124f8ed b3e2d20973db Author: Ingo Molnar Date: Wed Jun 3 11:14:37 2020 +0200 Merge branch 'urgent-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/urgent Pull RCU fix from Paul E. McKenney. Signed-off-by: Ingo Molnar commit 76bbea9a24df1feaed1f731ea4481dec2e39c239 Author: Michael Walle Date: Thu May 28 16:58:45 2020 +0200 MAINTAINERS: Add gpio regmap section Add myself as a reviewer for the gpio regmap. Signed-off-by: Michael Walle Reviewed-by: Andy Shevchenko Link: https://lore.kernel.org/r/20200528145845.31436-4-michael@walle.cc Signed-off-by: Linus Walleij commit ebe363197e525ffbd279c729421f6f6c24d8d681 Author: Michael Walle Date: Thu May 28 16:58:44 2020 +0200 gpio: add a reusable generic gpio_chip using regmap There are quite a lot simple GPIO controller which are using regmap to access the hardware. This driver tries to be a base to unify existing code into one place. This won't cover everything but it should be a good starting point. It does not implement its own irq_chip because there is already a generic one for regmap based devices. Instead, the irq_chip will be instantiated in the parent driver and its irq domain will be associate to this driver. For now it consists of the usual registers, like set (and an optional clear) data register, an input register and direction registers. Out-of-the-box, it supports consecutive register mappings and mappings where the registers have gaps between them with a linear mapping between GPIO offset and bit position. For weirder mappings the user can register its own .xlate(). Signed-off-by: Michael Walle Reviewed-by: Andy Shevchenko Link: https://lore.kernel.org/r/20200528145845.31436-3-michael@walle.cc Signed-off-by: Linus Walleij commit 6a45b0e2589fafd7fc501a5fbd0ab56689a08124 Author: Michael Walle Date: Thu May 28 16:58:43 2020 +0200 gpiolib: Introduce gpiochip_irqchip_add_domain() The function connects an IRQ domain to a gpiochip and reuses gpiochip_to_irq() which is provided by gpiolib. gpiochip_irqchip_* and regmap_irq partially provide the same functionality. This function will help to connect just the minimal functionality of the gpiochip_irqchip which is needed to work together with regmap-irq. Signed-off-by: Michael Walle Reviewed-by: Andy Shevchenko Link: https://lore.kernel.org/r/20200528145845.31436-2-michael@walle.cc Signed-off-by: Linus Walleij commit 968d81a64a883af2d16dd3f8a6ad6b67db2fde58 Author: Jeykumar Sankaran Date: Tue Jun 2 20:37:31 2020 -0700 drm/connector: notify userspace on hotplug after register complete drm connector notifies userspace on hotplug event prematurely before late_register and mode_object register completes. This leads to a race between userspace and kernel on updating the IDR list. So, move the notification to end of connector register. Signed-off-by: Jeykumar Sankaran Signed-off-by: Steve Cohen Cc: stable@vger.kernel.org Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/1591155451-10393-1-git-send-email-jsanka@codeaurora.org commit 1434a65ea625c51317ccdf06dabf4bd27d20fa10 Author: Chengguang Xu Date: Tue May 26 09:35:57 2020 +0800 ovl: drop negative dentry in upper layer Negative dentries of upper layer are useless after construction of overlayfs' own dentry and may keep in the memory long time even after unmount of overlayfs instance. This patch tries to drop unnecessary negative dentry of upper layer to effectively reclaim memory. Signed-off-by: Chengguang Xu Signed-off-by: Miklos Szeredi commit 05acefb4872dae89e772729efb194af754c877e8 Author: Miklos Szeredi Date: Tue Jun 2 22:20:26 2020 +0200 ovl: check permission to open real file Call inode_permission() on real inode before opening regular file on one of the underlying layers. In some cases ovl_permission() already checks access to an underlying file, but it misses the metacopy case, and possibly other ones as well. Removing the redundant permission check from ovl_permission() should be considered later. Signed-off-by: Miklos Szeredi commit 292f902a40c11f043a5ca1305a114da0e523eaa3 Author: Miklos Szeredi Date: Tue Jun 2 22:20:26 2020 +0200 ovl: call secutiry hook in ovl_real_ioctl() Verify LSM permissions for underlying file, since vfs_ioctl() doesn't do it. [Stephen Rothwell] export security_file_ioctl Signed-off-by: Miklos Szeredi commit 48e9912e033050a9e5e895a58c2e5a826d7c6540 Merge: 3f5540032f5d 11399346ac39 Author: Richard Weinberger Date: Wed Jun 3 09:21:52 2020 +0200 Merge tag 'cfi/for-5.8' of gitolite.kernel.org:pub/scm/linux/kernel/git/mtd/linux into mtd/next CFI changes: * Support the absence of protection registers for Intel CFI flashes * Replace zero-length array with flexible-arrays commit 2beee868997485a5718a349c7868260d5ee7378f Author: Masahiro Yamada Date: Mon Jun 1 14:57:04 2020 +0900 modpost: load KBUILD_EXTRA_SYMBOLS files in order Currently, modpost reads extra symbol dump files in the reverse order. If '-e foo -e bar' is given, modpost reads bar, foo, in this order. This is probably not a big deal, but there is no good reason to reverse the order. Read files in the given order. Signed-off-by: Masahiro Yamada commit 4e5ab74c3cbbe7ca2b907a86ce5140e442b340bf Author: Masahiro Yamada Date: Mon Jun 1 14:57:03 2020 +0900 modpost: pass -N option only for modules modpost The built-in only code is not required to have MODULE_IMPORT_NS() to use symbols. So, the namespace is not checked for vmlinux(.o). Do not pass the meaningless -N option to the first pass of modpost. Signed-off-by: Masahiro Yamada commit 89d6117680bd8ac6a86f58576de0bd6905421707 Author: Masahiro Yamada Date: Mon Jun 1 14:57:02 2020 +0900 modpost: move -T option close to the modpost command The '-T -' option reads the file list from stdin. It is clearer to put it close to the piped command. Signed-off-by: Masahiro Yamada commit 91e6ee581270b8ae970f028b898314d73f16870b Author: Masahiro Yamada Date: Mon Jun 1 14:57:01 2020 +0900 modpost: fix -i (--ignore-errors) MAKEFLAGS detection $(filter -i,$(MAKEFLAGS)) works only in limited use-cases. The representation of $(MAKEFLAGS) depends on various factors: - GNU Make version (version 3.8x or version 4.x) - The presence of other flags like -j In my experiments, $(MAKEFLAGS) is expanded as follows: * GNU Make 3.8x: * without -j option: --no-print-directory -Rri * with -j option: --no-print-directory -Rr --jobserver-fds=3,4 -j -i * GNU Make 4.x: * without -j option: irR --no-print-directory * with -j option: irR -j --jobserver-fds=3,4 --no-print-directory For GNU Make 4.x, the flags are grouped as 'irR', which does not work. For the single thread build with GNU Make 3.8x, the flags are grouped as '-Rri', which does not work either. To make it work for all cases, do likewise as commit 6f0fa58e4596 ("kbuild: simplify silent build (-s) detection"). BTW, since commit ff9b45c55b26 ("kbuild: modpost: read modules.order instead of $(MODVERDIR)/*.mod"), you also need to pass -k option to build final *.ko files. 'make -i -k' ignores compile errors in modules, and build as many remaining *.ko as possible. Please note this feature is kind of dangerous if other modules depend on the broken module because the generated modules will lack the correct module dependency or CRC. Honestly, I am not a big fan of it, but I am keeping this feature. Fixes: eed380f3f593 ("modpost: Optionally ignore secondary errors seen if a single module build fails") Cc: Guenter Roeck Signed-off-by: Masahiro Yamada commit b2c88554912267483baf8b4f5ae0a1bff529f6a3 Author: Masahiro Yamada Date: Mon Jun 1 14:57:00 2020 +0900 kbuild: update modules.order only when contained modules are updated Make modules.order depend on $(obj-m), and use if_changed to build it. This will avoid unneeded update of modules.order, which will be useful to optimize the modpost stage. Currently, the second pass of modpost is always invoked. By checking the timestamp of modules.order, we can avoid the unneeded modpost. Signed-off-by: Masahiro Yamada commit f0d50ca045e44dd7b423c2ae69f6a598f07d93e3 Author: Masahiro Yamada Date: Mon Jun 1 14:56:59 2020 +0900 kbuild: refactor KBUILD_VMLINUX_{OBJS,LIBS} calculation Do not overwrite core-y or drivers-y. Remove libs-y1 and libs-y2. Signed-off-by: Masahiro Yamada commit 1395375c592770fe5158a592944aaeed67fa94ff Merge: 4336b9337824 bf8036a4098d Author: Michael Ellerman Date: Wed Jun 3 13:44:51 2020 +1000 Merge branch 'topic/ppc-kvm' into next Merge one more commit from the topic branch we shared with the kvm-ppc tree. This brings in a fix to the code that scans for dirty pages during migration of a VM, which was incorrectly triggering a warning. commit d6f9469a03d832dcd17041ed67774ffb5f3e73b3 Merge: cadf32234b6f 34f853b849eb Author: Linus Torvalds Date: Tue Jun 2 20:16:55 2020 -0700 Merge tag 'erofs-for-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs Pull erofs updates from Gao Xiang: "The most interesting part is the new mount api conversion, which is actually a old patch already pending for several cycles. And the others are recent trivial cleanups here. Summary: - Convert to use the new mount apis - Some random cleanup patches" * tag 'erofs-for-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs: erofs: suppress false positive last_block warning erofs: convert to use the new mount fs_context api erofs: code cleanup by removing ifdef macro surrounding commit cadf32234b6f6dd96a0892bf915e3ee8c438cf07 Merge: f3cdc8ae116e 7aba5dcc2346 Author: Linus Torvalds Date: Tue Jun 2 20:11:35 2020 -0700 Merge tag 'jfs-5.8' of git://github.com/kleikamp/linux-shaggy Pull JFS update from David Kleikamp: "Replace zero-length array in JFS" * tag 'jfs-5.8' of git://github.com/kleikamp/linux-shaggy: jfs: Replace zero-length array with flexible-array member commit f3cdc8ae116e27d84e1f33c7a2995960cebb73ac Merge: 8eeae5bae123 2166e5edce9a Author: Linus Torvalds Date: Tue Jun 2 19:59:25 2020 -0700 Merge tag 'for-5.8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs updates from David Sterba: "Highlights: - speedup dead root detection during orphan cleanup, eg. when there are many deleted subvolumes waiting to be cleaned, the trees are now looked up in radix tree instead of a O(N^2) search - snapshot creation with inherited qgroup will mark the qgroup inconsistent, requires a rescan - send will emit file capabilities after chown, this produces a stream that does not need postprocessing to set the capabilities again - direct io ported to iomap infrastructure, cleaned up and simplified code, notably removing last use of struct buffer_head in btrfs code Core changes: - factor out backreference iteration, to be used by ordinary backreferences and relocation code - improved global block reserve utilization * better logic to serialize requests * increased maximum available for unlink * improved handling on large pages (64K) - direct io cleanups and fixes * simplify layering, where cloned bios were unnecessarily created for some cases * error handling fixes (submit, endio) * remove repair worker thread, used to avoid deadlocks during repair - refactored block group reading code, preparatory work for new type of block group storage that should improve mount time on large filesystems Cleanups: - cleaned up (and slightly sped up) set/get helpers for metadata data structure members - root bit REF_COWS got renamed to SHAREABLE to reflect the that the blocks of the tree get shared either among subvolumes or with the relocation trees Fixes: - when subvolume deletion fails due to ENOSPC, the filesystem is not turned read-only - device scan deals with devices from other filesystems that changed ownership due to overwrite (mkfs) - fix a race between scrub and block group removal/allocation - fix long standing bug of a runaway balance operation, printing the same line to the syslog, caused by a stale status bit on a reloc tree that prevented progress - fix corrupt log due to concurrent fsync of inodes with shared extents - fix space underflow for NODATACOW and buffered writes when it for some reason needs to fallback to COW mode" * tag 'for-5.8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: (133 commits) btrfs: fix space_info bytes_may_use underflow during space cache writeout btrfs: fix space_info bytes_may_use underflow after nocow buffered write btrfs: fix wrong file range cleanup after an error filling dealloc range btrfs: remove redundant local variable in read_block_for_search btrfs: open code key_search btrfs: split btrfs_direct_IO to read and write part btrfs: remove BTRFS_INODE_READDIO_NEED_LOCK fs: remove dio_end_io() btrfs: switch to iomap_dio_rw() for dio iomap: remove lockdep_assert_held() iomap: add a filesystem hook for direct I/O bio submission fs: export generic_file_buffered_read() btrfs: turn space cache writeout failure messages into debug messages btrfs: include error on messages about failure to write space/inode caches btrfs: remove useless 'fail_unlock' label from btrfs_csum_file_blocks() btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums btrfs: make checksum item extension more efficient btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents btrfs: unexport btrfs_compress_set_level() btrfs: simplify iget helpers ... commit 8eeae5bae1239c030ba0b34cac97ebd5e7ec1886 Merge: 96ed320d527e 2c567af418e3 Author: Linus Torvalds Date: Tue Jun 2 19:48:41 2020 -0700 Merge tag 'vfs-5.8-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull DAX updates part two from Darrick Wong: "This time around, we're hoisting the DONTCACHE flag from XFS into the VFS so that we can make the incore DAX mode changes become effective sooner. We can't change the file data access mode on a live inode because we don't have a safe way to change the file ops pointers. The incore state change becomes effective at inode loading time, which can happen if the inode is evicted. Therefore, we're making it so that filesystems can ask the VFS to evict the inode as soon as the last holder drops. The per-fs changes to make this call this will be in subsequent pull requests from Ted and myself. Summary: - Introduce DONTCACHE flags for dentries and inodes. This hint will cause the VFS to drop the associated objects immediately after the last put, so that we can change the file access mode (DAX or page cache) on the fly" * tag 'vfs-5.8-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: fs: Introduce DCACHE_DONTCACHE fs: Lift XFS_IDONTCACHE to the VFS layer commit 96ed320d527eb071389f69cbd6772440805af7d7 Merge: 16d91548d105 83d9088659e8 Author: Linus Torvalds Date: Tue Jun 2 19:45:12 2020 -0700 Merge tag 'vfs-5.8-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull DAX updates part one from Darrick Wong: "After many years of LKML-wrangling about how to enable programs to query and influence the file data access mode (DAX) when a filesystem resides on storage devices such as persistent memory, Ira Weiny has emerged with a proposed set of standard behaviors that has not been shot down by anyone! We're more or less standardizing on the current XFS behavior and adapting ext4 to do the same. This is the first of a handful pull requests that will make ext4 and XFS present a consistent interface for user programs that care about DAX. We add a statx attribute that programs can check to see if DAX is enabled on a particular file. Then, we update the DAX documentation to spell out the user-visible behaviors that filesystems will guarantee (until the next storage industry shakeup). The on-disk inode flag has been in XFS for a few years now. Summary: - Clean up io_is_direct. - Add a new statx flag to indicate when file data access is being done via DAX (as opposed to the page cache). - Update the documentation for how system administrators and application programmers can take advantage of the (still experimental DAX) feature" Link: https://lore.kernel.org/lkml/20200505002016.1085071-1-ira.weiny@intel.com/ * tag 'vfs-5.8-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: Documentation/dax: Update Usage section fs/stat: Define DAX statx attribute fs: Remove unneeded IS_DAX() check in io_is_direct() commit 16d91548d1057691979de4686693f0ff92f46000 Merge: d9afbb350990 6dcde60efd94 Author: Linus Torvalds Date: Tue Jun 2 19:21:40 2020 -0700 Merge tag 'xfs-5.8-merge-8' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs updates from Darrick Wong: "Most of the changes this cycle are refactoring of existing code in preparation for things landing in the future. We also fixed various problems and deficiencies in the quota implementation, and (I hope) the last of the stale read vectors by forcing write allocations to go through the unwritten state until the write completes. Summary: - Various cleanups to remove dead code, unnecessary conditionals, asserts, etc. - Fix a linker warning caused by xfs stuffing '-g' into CFLAGS redundantly. - Tighten up our dmesg logging to ensure that everything is prefixed with 'XFS' for easier grepping. - Kill a bunch of typedefs. - Refactor the deferred ops code to reduce indirect function calls. - Increase type-safety with the deferred ops code. - Make the DAX mount options a tri-state. - Fix some error handling problems in the inode flush code and clean up other inode flush warts. - Refactor log recovery so that each log item recovery functions now live with the other log item processing code. - Fix some SPDX forms. - Fix quota counter corruption if the fs crashes after running quotacheck but before any dquots get logged. - Don't fail metadata verification on zero-entry attr leaf blocks, since they're just part of the disk format now due to a historic lack of log atomicity. - Don't allow SWAPEXT between files with different [ugp]id when quotas are enabled. - Refactor inode fork reading and verification to run directly from the inode-from-disk function. This means that we now actually guarantee that _iget'ted inodes are totally verified and ready to go. - Move the incore inode fork format and extent counts to the ifork structure. - Scalability improvements by reducing cacheline pingponging in struct xfs_mount. - More scalability improvements by removing m_active_trans from the hot path. - Fix inode counter update sanity checking to run /only/ on debug kernels. - Fix longstanding inconsistency in what error code we return when a program hits project quota limits (ENOSPC). - Fix group quota returning the wrong error code when a program hits group quota limits. - Fix per-type quota limits and grace periods for group and project quotas so that they actually work. - Allow extension of individual grace periods. - Refactor the non-reclaim inode radix tree walking code to remove a bunch of stupid little functions and straighten out the inconsistent naming schemes. - Fix a bug in speculative preallocation where we measured a new allocation based on the last extent mapping in the file instead of looking farther for the last contiguous space allocation. - Force delalloc writes to unwritten extents. This closes a stale disk contents exposure vector if the system goes down before the write completes. - More lockdep whackamole" * tag 'xfs-5.8-merge-8' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (129 commits) xfs: more lockdep whackamole with kmem_alloc* xfs: force writes to delalloc regions to unwritten xfs: refactor xfs_iomap_prealloc_size xfs: measure all contiguous previous extents for prealloc size xfs: don't fail unwritten extent conversion on writeback due to edquot xfs: rearrange xfs_inode_walk_ag parameters xfs: straighten out all the naming around incore inode tree walks xfs: move xfs_inode_ag_iterator to be closer to the perag walking code xfs: use bool for done in xfs_inode_ag_walk xfs: fix inode ag walk predicate function return values xfs: refactor eofb matching into a single helper xfs: remove __xfs_icache_free_eofblocks xfs: remove flags argument from xfs_inode_ag_walk xfs: remove xfs_inode_ag_iterator_flags xfs: remove unused xfs_inode_ag_iterator function xfs: replace open-coded XFS_ICI_NO_TAG xfs: move eofblocks conversion function to xfs_ioctl.c xfs: allow individual quota grace period extension xfs: per-type quota timers and warn limits xfs: switch xfs_get_defquota to take explicit type ... commit 824c874abc1d99121934364647dd8ed7e71ce08e Merge: 7104e162b772 cf51e129b968 Author: David S. Miller Date: Tue Jun 2 18:46:55 2020 -0700 Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Some ptrace fixes from Al. Signed-off-by: David S. Miller commit 7104e162b772c777d84298f25c8431da4cf5206d Merge: ee7c7953134e 1996d47a0db2 Author: David S. Miller Date: Tue Jun 2 18:45:51 2020 -0700 Merge branch 'sparc32-SRMMU-fixes-for-SMP' Will Deacon says: ==================== sparc32 SRMMU fixes for SMP Enabling SMP for sparc32 uncovered some issues in the SRMMU page-table allocation code. One of these was introduced by me, but the other two seem to have been there a while and are probably just exposed more easily by my recent changes. Tested on QEMU. I'm assuming these will go via David's tree. ==================== Signed-off-by: David S. Miller commit 1996d47a0db27a3071f1a6587123185ba98c4585 Author: Will Deacon Date: Tue May 26 18:33:02 2020 +0100 sparc32: mm: Only call ctor()/dtor() functions for first and last user The SRMMU page-table allocator allocates multiple PTE tables per page, since they are only 1K in size. However, this means that calls to pgtable_pte_page_{ctor,dtor}() must be serialised and performed only by the first and last page-table allocation for the page respectively. Use the page reference count to track how many PTE tables we have allocated for a given page returned by the SRMMU allocator and only call the ctor()/dtor() functions for the first and last user respectively. Cc: David S. Miller Fixes: 8c8f3156dd40 ("sparc32: mm: Reduce allocation size for PMD and PTE tables") Signed-off-by: Will Deacon Signed-off-by: David S. Miller commit 60bccaa671bce7ed040d9511b0738ca3b0a0e9ff Author: Will Deacon Date: Tue May 26 18:33:01 2020 +0100 sparc32: mm: Disable SPLIT_PTLOCK_CPUS The SRMMU page-table allocator is not compatible with SPLIT_PTLOCK_CPUS for two major reasons: 1. Pages are allocated via memblock, and therefore the ptl is not cleared by prep_new_page(), which is expected by ptlock_init() 2. Multiple PTE tables can exist in a single page, causing them to share the same ptl and deadlock when attempting to take the same lock twice (e.g. as part of copy_page_range()). Ensure that SPLIT_PTLOCK_CPUS is not selected for SPARC32. Cc: David S. Miller Signed-off-by: Will Deacon Signed-off-by: David S. Miller commit 454b0289c6b5f2c66164654b80212d15fbef7a03 Author: Will Deacon Date: Tue May 26 18:33:00 2020 +0100 sparc32: mm: Don't try to free page-table pages if ctor() fails The pages backing page-table allocations for SRMMU are allocated via memblock as part of the "nocache" region initialisation during srmmu_paging_init() and should not be freed even if a later call to pgtable_pte_page_ctor() fails. Remove the broken call to __free_page(). Cc: David S. Miller Cc: Kirill A. Shutemov Fixes: 1ae9ae5f7df7 ("sparc: handle pgtable_page_ctor() fail") Signed-off-by: Will Deacon Signed-off-by: David S. Miller commit ee7c7953134e23af41055c41a124b4f776d813c3 Author: Mike Rapoport Date: Sun May 24 19:53:58 2020 +0300 sparc32: register memory occupied by kernel as memblock.memory sparc32 never registered the memory occupied by the kernel image with memblock_add() and it only reserved this memory with meblock_reserve(). With openbios as system firmware, the memory occupied by the kernel is reserved in openbios and removed from mem.available. The prom setup code in the kernel uses mem.available to set up the memory banks and essentially there is a hole for the memory occupied by the kernel image. Later in bootmem_init() this memory is memblock_reserve()d. Up until recently, memmap initialization would call __init_single_page() for the pages in that hole, the free_low_memory_core_early() would mark them as reserved and everything would be Ok. After the change in memmap initialization introduced by the commit "mm: memmap_init: iterate over memblock regions rather that check each PFN", the hole is skipped and the page structs for it are not initialized. And when they are passed from memblock to page allocator as reserved, the latter gets confused. Simply registering the memory occupied by the kernel with memblock_add() resolves this issue. Tested on qemu-system-sparc with Debian Etch [1] userspace. [1] https://people.debian.org/~aurel32/qemu/sparc/debian_etch_sparc_small.qcow2 Signed-off-by: Mike Rapoport Link: https://lkml.kernel.org/r/20200517000050.GA87467@roeck-us.nlllllet/ Acked-by: David S. Miller Signed-off-by: David S. Miller commit 7b6668d8b806b013cfe084aeb72c7eebb578cb50 Author: Stanley Chu Date: Sat May 30 22:12:00 2020 +0800 scsi: ufs: Remove redundant urgent_bkop_lvl initialization In ufshcd_probe_hba(), all BKOP SW tracking variables can be reset together in ufshcd_force_reset_auto_bkops(), thus urgent_bkop_lvl initialization in the beginning of ufshcd_probe_hba() can be merged into ufshcd_force_reset_auto_bkops(). Link: https://lore.kernel.org/r/20200530141200.4616-1-stanley.chu@mediatek.com Reviewed-by: Avri Altman Signed-off-by: Stanley Chu Signed-off-by: Martin K. Petersen commit be32acff43800c87dc5c707f5d47cc607b76b653 Author: Can Guo Date: Wed May 27 19:24:42 2020 -0700 scsi: ufs: Don't update urgent bkops level when toggling auto bkops Urgent bkops level is used to compare against actual bkops status read from UFS device. Urgent bkops level is set during initialization and might be updated in exception event handler during runtime. But it should not be updated to the actual bkops status every time when auto bkops is toggled. Otherwise, if urgent bkops level is updated to 0, auto bkops shall always be kept enabled. Link: https://lore.kernel.org/r/1590632686-17866-1-git-send-email-cang@codeaurora.org Fixes: 24366c2afbb0 ("scsi: ufs: Recheck bkops level if bkops is disabled") Reviewed-by: Stanley Chu Signed-off-by: Can Guo Signed-off-by: Martin K. Petersen commit 89523cb8a67cea2642deb19042a15fdd8c4138d4 Author: Colin Ian King Date: Wed May 27 12:52:42 2020 +0100 scsi: qedf: Remove redundant initialization of variable rc The variable rc is being initialized with a value that is never read and it is being updated later with a new value. The initialization is redundant and can be removed. Link: https://lore.kernel.org/r/20200527115242.172344-1-colin.king@canonical.com Addresses-Coverity: ("Unused value") Signed-off-by: Colin Ian King Signed-off-by: Martin K. Petersen commit 243f5908b13509d5c246e1ce660dbd2cf7051a96 Author: Anupam Aggarwal Date: Fri May 29 17:56:00 2020 +0530 sparc: remove unused header file nfs_fs.h Remove unused header file linux/nfs_fs.h Signed-off-by: Anupam Aggarwal Signed-off-by: Vivek Trivedi Signed-off-by: Amit Sahrawat Signed-off-by: David S. Miller commit 61e6ba03ea26f0205e535862009ff6ffdbf4de0c Author: Suganath Prabu S Date: Thu May 28 10:56:17 2020 -0400 scsi: mpt3sas: Fix memset() in non-RDPQ mode Fix memset() accessing out of range address when reply_queue count is less than RDPQ_MAX_INDEX_IN_ONE_CHUNK (i.e. 16) in non-RDPQ mode. In non-RDPQ mode, the driver allocates a single contiguous pool of size reply_queue's count * reqly_post_free_sz. But the driver is always memsetting this pool with size 16 * reqly_post_free_sz. If reply queue count is less than 16 (i.e. when MSI-X vectors enabled < 16), the driver is accessing out of range address and this results in 'BUG: unable to handle kernel paging request at fff0x...x' bug. Make driver use dma_pool_zalloc() API to allocate and zero the pool. Link: https://lore.kernel.org/r/20200528145617.27252-1-suganath-prabu.subramani@broadcom.com Fixes: 8012209eb26b ("scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region") Signed-off-by: Suganath Prabu S Signed-off-by: Martin K. Petersen commit 0267ffce562c8bbf9b57ebe0e38445ad04972890 Author: Qiushi Wu Date: Thu May 28 15:13:53 2020 -0500 scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj kobject_init_and_add() takes reference even when it fails. If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Link: https://lore.kernel.org/r/20200528201353.14849-1-wu000273@umn.edu Reviewed-by: Lee Duncan Signed-off-by: Qiushi Wu Signed-off-by: Martin K. Petersen commit 8c4e0f212398cdd1eb4310a5981d06a723cdd24f Author: Bodo Stroesser Date: Thu May 28 21:31:08 2020 +0200 scsi: target: tcmu: Fix size in calls to tcmu_flush_dcache_range 1) If remaining ring space before the end of the ring is smaller then the next cmd to write, tcmu writes a padding entry which fills the remaining space at the end of the ring. Then tcmu calls tcmu_flush_dcache_range() with the size of struct tcmu_cmd_entry as data length to flush. If the space filled by the padding was smaller then tcmu_cmd_entry, tcmu_flush_dcache_range() is called for an address range reaching behind the end of the vmalloc'ed ring. tcmu_flush_dcache_range() in a loop calls flush_dcache_page(virt_to_page(start)); for every page being part of the range. On x86 the line is optimized out by the compiler, as flush_dcache_page() is empty on x86. But I assume the above can cause trouble on other architectures that really have a flush_dcache_page(). For paddings only the header part of an entry is relevant due to alignment rules the header always fits in the remaining space, if padding is needed. So tcmu_flush_dcache_range() can safely be called with sizeof(entry->hdr) as the length here. 2) After it has written a command to cmd ring, tcmu calls tcmu_flush_dcache_range() using the size of a struct tcmu_cmd_entry as data length to flush. But if a command needs many iovecs, the real size of the command may be bigger then tcmu_cmd_entry, so a part of the written command is not flushed then. Link: https://lore.kernel.org/r/20200528193108.9085-1-bstroesser@ts.fujitsu.com Acked-by: Mike Christie Signed-off-by: Bodo Stroesser Signed-off-by: Martin K. Petersen commit d9afbb3509900a953f5cf90bc57e793ee80c1108 Merge: f41030a20b38 56f2e3b7d819 Author: Linus Torvalds Date: Tue Jun 2 17:36:24 2020 -0700 Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull lockdown update from James Morris: "An update for the security subsystem to allow unprivileged users to see the status of the lockdown feature. From Jeremy Cline" Also an added comment to describe CAP_SETFCAP. * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: capabilities: add description for CAP_SETFCAP lockdown: Allow unprivileged users to see lockdown status commit 193ba03141bb987c3af985f6479840030fec0534 Author: YueHaibing Date: Tue Jun 2 14:16:35 2020 +0800 IB/hfi1: Use free_netdev() in hfi1_netdev_free() dummy_netdev shold be freed by free_netdev() instead of kfree(). Also remove unneeded variable 'priv' Fixes: 4730f4a6c6b2 ("IB/hfi1: Activate the dummy netdev") Link: https://lore.kernel.org/r/20200602061635.31224-1-yuehaibing@huawei.com Signed-off-by: YueHaibing Reported-by: kbuild test robot Reported-by: Dan Carpenter Reviewed-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit f41030a20b38552a2da3b3f6bc9e7a78637d6c23 Merge: 9d99b1647fa5 fe5a90b8c149 Author: Linus Torvalds Date: Tue Jun 2 17:16:47 2020 -0700 Merge tag 'selinux-pr-20200601' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull SELinux updates from Paul Moore: "The highlights: - A number of improvements to various SELinux internal data structures to help improve performance. We move the role transitions into a hash table. In the content structure we shift from hashing the content string (aka SELinux label) to the structure itself, when it is valid. This last change not only offers a speedup, but it helps us simplify the code some as well. - Add a new SELinux policy version which allows for a more space efficient way of storing the filename transitions in the binary policy. Given the default Fedora SELinux policy with the unconfined module enabled, this change drops the policy size from ~7.6MB to ~3.3MB. The kernel policy load time dropped as well. - Some fixes to the error handling code in the policy parser to properly return error codes when things go wrong" * tag 'selinux-pr-20200601' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: netlabel: Remove unused inline function selinux: do not allocate hashtabs dynamically selinux: fix return value on error in policydb_read() selinux: simplify range_write() selinux: fix error return code in policydb_read() selinux: don't produce incorrect filename_trans_count selinux: implement new format of filename transitions selinux: move context hashing under sidtab selinux: hash context structure directly selinux: store role transitions in a hash table selinux: drop unnecessary smp_load_acquire() call selinux: fix warning Comparison to bool commit 9d99b1647fa56805c1cfef2d81ee7b9855359b62 Merge: 91681e8480af 9d44a121c5a7 Author: Linus Torvalds Date: Tue Jun 2 17:13:37 2020 -0700 Merge tag 'audit-pr-20200601' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit Pull audit updates from Paul Moore: "Summary of the significant patches: - Record information about binds/unbinds to the audit multicast socket. This helps identify which processes have/had access to the information in the audit stream. - Cleanup and add some additional information to the netfilter configuration events collected by audit. - Fix some of the audit error handling code so we don't leak network namespace references" * tag 'audit-pr-20200601' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: add subj creds to NETFILTER_CFG record to audit: Replace zero-length array with flexible-array audit: make symbol 'audit_nfcfgs' static netfilter: add audit table unregister actions audit: tidy and extend netfilter_cfg x_tables audit: log audit netlink multicast bind and unbind audit: fix a net reference leak in audit_list_rules_send() audit: fix a net reference leak in audit_send_reply() commit 91681e8480af21dcab2c0d91bb1b7851cbc83d81 Merge: 1ee08de1e234 27acbf41be39 Author: Linus Torvalds Date: Tue Jun 2 17:12:07 2020 -0700 Merge tag 'tomoyo-pr-20200601' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1 Pull tomoyo update from Tetsuo Handa: "One patch for suppressing coccicheck's warning" * tag 'tomoyo-pr-20200601' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1: tomoyo: use true for bool variable commit 87d9e568496aeb519f1da61f54ac0dcb8d37561e Author: Dan Carpenter Date: Fri May 29 11:39:18 2020 +0300 RDMA/hns: Uninitialized variable in modify_qp_init_to_rtr() The "dmac" variable is used before it is initialized. Fixes: 494c3b312255 ("RDMA/hns: Refactor the QP context filling process related to WQE buffer configure") Link: https://lore.kernel.org/r/20200529083918.GA1298465@mwanda Signed-off-by: Dan Carpenter Reviewed-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 278f74b39e641e1315e1b7f11b26aa1f989a40fc Author: Chuck Lever Date: Sat May 30 13:52:58 2020 -0400 RDMA/core: Move and rename trace_cm_id_create() The restrack ID for an rdma_cm_id is not assigned until it is associated with a device. Here's an example I captured while testing NFS/RDMA's support for DEVICE_REMOVAL. The new tracepoint name is "cm_id_attach". <...>-4261 [001] 366.581299: cm_event_handler: cm.id=0 src=0.0.0.0:45919 dst=192.168.2.55:20049 tos=0 ADDR_ERROR (1/-19) <...>-4261 [001] 366.581304: cm_event_done: cm.id=0 src=0.0.0.0:45919 dst=192.168.2.55:20049 tos=0 ADDR_ERROR consumer returns 0 <...>-1950 [000] 366.581309: cm_id_destroy: cm.id=0 src=0.0.0.0:45919 dst=192.168.2.55:20049 tos=0 <...>-7 [001] 369.589400: cm_event_handler: cm.id=0 src=0.0.0.0:49023 dst=192.168.2.55:20049 tos=0 ADDR_ERROR (1/-19) <...>-7 [001] 369.589404: cm_event_done: cm.id=0 src=0.0.0.0:49023 dst=192.168.2.55:20049 tos=0 ADDR_ERROR consumer returns 0 <...>-1950 [000] 369.589407: cm_id_destroy: cm.id=0 src=0.0.0.0:49023 dst=192.168.2.55:20049 tos=0 <...>-4261 [001] 372.597650: cm_id_attach: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 device=mlx4_0 <...>-4261 [001] 372.597652: cm_event_handler: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 tos=0 ADDR_RESOLVED (0/0) <...>-4261 [001] 372.597654: cm_event_done: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 tos=0 ADDR_RESOLVED consumer returns 0 <...>-4261 [001] 372.597738: cm_event_handler: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 tos=0 ROUTE_RESOLVED (2/0) <...>-4261 [001] 372.597740: cm_event_done: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 tos=0 ROUTE_RESOLVED consumer returns 0 <...>-4691 [007] 372.600101: cm_qp_create: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 tos=0 pd.id=2 qp_type=RC send_wr=4091 recv_wr=256 qp_num=530 rc=0 <...>-4691 [007] 372.600207: cm_send_req: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 tos=0 qp_num=530 <...>-185 [002] 372.601212: cm_send_mra: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 tos=0 <...>-185 [002] 372.601362: cm_send_rtu: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 tos=0 <...>-185 [002] 372.601372: cm_event_handler: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 tos=0 ESTABLISHED (9/0) <...>-185 [002] 372.601379: cm_event_done: cm.id=0 src=192.168.2.51:47492 dst=192.168.2.55:20049 tos=0 ESTABLISHED consumer returns 0 Fixes: ed999f820a6c ("RDMA/cma: Add trace points in RDMA Connection Manager") Link: https://lore.kernel.org/r/20200530174934.21362.56754.stgit@manet.1015granger.net Signed-off-by: Chuck Lever Reviewed-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 24c567ff75d342ed2392cd470c3acd29a09e03ba Author: Dan Carpenter Date: Sat May 30 17:02:24 2020 +0300 IB/hfi1: Fix hfi1_netdev_rx_init() error handling The hfi1_vnic_up() function doesn't check whether hfi1_netdev_rx_init() returns errors. In hfi1_vnic_init() we need to change the code to preserve the error code instead of returning success. Fixes: 2280740f01ae ("IB/hfi1: Virtual Network Interface Controller (VNIC) HW support") Fixes: 4730f4a6c6b2 ("IB/hfi1: Activate the dummy netdev") Link: https://lore.kernel.org/r/20200530140224.GA1330098@mwanda Signed-off-by: Dan Carpenter Signed-off-by: Jason Gunthorpe commit 4d12c04caa88cd3115f25acd832a7cddb698981b Author: Jason Gunthorpe Date: Thu May 28 16:45:55 2020 -0300 RDMA: Remove 'max_map_per_fmr' Now that FMR support is gone, this attribute can be deleted from all places. Link: https://lore.kernel.org/r/13-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Reviewed-by: Max Gurtovoy Signed-off-by: Jason Gunthorpe commit 649392bf75a423287a9c4936b341677f12e8cf0b Author: Jason Gunthorpe Date: Thu May 28 16:45:54 2020 -0300 RDMA: Remove 'max_fmr' Now that FMR support is gone, this attribute can be deleted from all places. Link: https://lore.kernel.org/r/12-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Reviewed-by: Max Gurtovoy Reviewed-by: Bernard Metzler Signed-off-by: Jason Gunthorpe commit 3a578152a9208bbcd196210be2f5396744cda302 Author: Max Gurtovoy Date: Thu May 28 16:45:53 2020 -0300 RDMA/core: Remove FMR device ops After removing FMR support from all the RDMA ULPs and providers, there is no need to keep FMR operation for IB devices. Link: https://lore.kernel.org/r/11-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Signed-off-by: Max Gurtovoy Signed-off-by: Jason Gunthorpe commit 22c9cc2408b734d2e5b193d287572cd2c7011183 Author: Max Gurtovoy Date: Thu May 28 16:45:52 2020 -0300 RDMA/rdmavt: Remove FMR memory registration Use FRWR method to register memory by default and remove the ancient and unsafe FMR method. Link: https://lore.kernel.org/r/10-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Signed-off-by: Max Gurtovoy Tested-by: Dennis Dalessandro Acked-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe commit d6747b3715561ddc14e805e7ad4dfab2c9f245bb Author: Max Gurtovoy Date: Thu May 28 16:45:51 2020 -0300 RDMA/mthca: Remove FMR support for memory registration Remove the ancient and unsafe FMR method. Link: https://lore.kernel.org/r/9-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Reviewed-by: Max Gurtovoy Signed-off-by: Max Gurtovoy Signed-off-by: Jason Gunthorpe commit 1f55b7ab907d373581e9abf3fc4b24ed19cf831f Author: Max Gurtovoy Date: Thu May 28 16:45:50 2020 -0300 RDMA/mlx4: Remove FMR support for memory registration HCA's that are driven by mlx4 driver support FRWR method to register memory. Remove the ancient and unsafe FMR method. Link: https://lore.kernel.org/r/8-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Reviewed-by: Max Gurtovoy Signed-off-by: Max Gurtovoy Signed-off-by: Jason Gunthorpe commit f0c73c70db99e30f790572b97531aa569ec1ba60 Author: Jason Gunthorpe Date: Thu May 28 16:45:49 2020 -0300 RDMA/i40iw: Remove FMR leftovers The ibfmr member is never referenced, remove it. Link: https://lore.kernel.org/r/7-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Reviewed-by: Max Gurtovoy Acked-by: Shiraz Saleem Signed-off-by: Jason Gunthorpe commit 7c08bc195665201c207fb3fd91a75a8f77c3b3b0 Author: Jason Gunthorpe Date: Thu May 28 16:45:48 2020 -0300 RDMA/bnxt_re: Remove FMR leftovers The bnxt_re_fmr struct is never referenced and the max_fmr items in bnxt_qplib_dev_attr are never read. Link: https://lore.kernel.org/r/6-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Reviewed-by: Max Gurtovoy Signed-off-by: Jason Gunthorpe commit d29d58e772ecde84df15f547dc06f0b7afc7ae5c Author: Gal Pressman Date: Thu May 28 16:45:47 2020 -0300 RDMA/mlx5: Remove FMR leftovers Remove a few leftovers from FMR functionality which are no longer used. Link: https://lore.kernel.org/r/5-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Signed-off-by: Gal Pressman Signed-off-by: Max Gurtovoy Acked-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 4e373d5417ecbb4f438a8500f0379a2fc29c2643 Author: Max Gurtovoy Date: Thu May 28 16:45:46 2020 -0300 RDMA/core: Remove FMR pool API This ancient and unsafe method for memory registration is no longer used by any RDMA based ULP. Remove the FMR pool API from the core driver. Link: https://lore.kernel.org/r/4-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Signed-off-by: Max Gurtovoy Signed-off-by: Jason Gunthorpe commit 07549ee21ce5247143ffb069bf838025d86b908c Author: Max Gurtovoy Date: Thu May 28 16:45:45 2020 -0300 RDMA/rds: Remove FMR support for memory registration Use FRWR method for memory registration by default and remove the ancient and unsafe FMR method. Link: https://lore.kernel.org/r/3-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Signed-off-by: Max Gurtovoy Signed-off-by: Jason Gunthorpe commit f273ad4f8d90bb87d2259fe37caee82e9aa7906c Author: Max Gurtovoy Date: Thu May 28 16:45:44 2020 -0300 RDMA/srp: Remove support for FMR memory registration FMR is not supported on most recent RDMA devices (that use fast memory registration mechanism). Also, FMR was recently removed from NFS/RDMA ULP. Link: https://lore.kernel.org/r/2-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Signed-off-by: Max Gurtovoy Reviewed-by: Israel Rukshin Reviewed-by: Bart Van Assche Signed-off-by: Jason Gunthorpe commit 1fc431320a53f3e9b33b399667c8788fa00eb8b0 Author: Israel Rukshin Date: Thu May 28 16:45:43 2020 -0300 RDMA/iser: Remove support for FMR memory registration FMR is not supported on most recent RDMA devices (that use fast memory registration mechanism). Also, FMR was recently removed from NFS/RDMA ULP. Link: https://lore.kernel.org/r/1-v3-f58e6669d5d3+2cf-fmr_removal_jgg@mellanox.com Signed-off-by: Israel Rukshin Signed-off-by: Max Gurtovoy Reviewed-by: Sagi Grimberg Signed-off-by: Jason Gunthorpe commit 56f2e3b7d819f4fa44857ba81aa6870f18714ea0 Author: Stefan Hajnoczi Date: Tue Jun 2 10:17:28 2020 +0100 capabilities: add description for CAP_SETFCAP Document the purpose of CAP_SETFCAP. For some reason this capability had no description while the others did. Signed-off-by: Stefan Hajnoczi Signed-off-by: James Morris commit fd2206e4e97b5bae422d9f2f9ebbc79bc97e44a5 Author: Jens Axboe Date: Tue Jun 2 16:40:47 2020 -0600 io_uring: disallow close of ring itself A previous commit enabled this functionality, which also enabled O_PATH to work correctly with io_uring. But we can't safely close the ring itself, as the file handle isn't reference counted inside io_uring_enter(). Instead of jumping through hoops to enable ring closure, add a "soft" ->needs_file option, ->needs_file_no_error. This enables O_PATH file descriptors to work, but still catches the case of trying to close the ring itself. Reported-by: Jann Horn Fixes: 904fbcb115c8 ("io_uring: remove 'fd is io_uring' from close path") Signed-off-by: Jens Axboe commit a75ca9303175d36af93c0937dd9b1a6422908b8d Author: yu kuai Date: Mon Jun 1 20:38:56 2020 +0800 block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed commit e7bf90e5afe3 ("block/bio-integrity: fix a memory leak bug") added a kfree() for 'buf' if bio_integrity_add_page() returns '0'. However, the object will be freed in bio_integrity_free() since 'bio->bi_opf' and 'bio->bi_integrity' were set previousy in bio_integrity_alloc(). Fixes: commit e7bf90e5afe3 ("block/bio-integrity: fix a memory leak bug") Signed-off-by: yu kuai Reviewed-by: Ming Lei Reviewed-by: Bob Liu Acked-by: Martin K. Petersen Signed-off-by: Jens Axboe commit 065fcfd49763ec71ae345bb5c5a74f961031e70e Author: Thadeu Lima de Souza Cascardo Date: Tue Jun 2 15:38:37 2020 -0300 selftests: net: ip_defrag: ignore EPERM When running with conntrack rules, the dropped overlap fragments may cause EPERM to be returned to sendto. Instead of completely failing, just ignore those errors and continue. If this causes packets with overlap fragments to be dropped as expected, that is okay. And if it causes packets that are expected to be received to be dropped, which should not happen, it will be detected as failure. Signed-off-by: Thadeu Lima de Souza Cascardo Signed-off-by: David S. Miller commit 1ee08de1e234d95b5b4f866878b72fceb5372904 Merge: bce159d73409 7b53d59859bc Author: Linus Torvalds Date: Tue Jun 2 15:42:50 2020 -0700 Merge tag 'for-5.8/io_uring-2020-06-01' of git://git.kernel.dk/linux-block Pull io_uring updates from Jens Axboe: "A relatively quiet round, mostly just fixes and code improvements. In particular: - Make statx just use the generic statx handler, instead of open coding it. We don't need that anymore, as we always call it async safe (Bijan) - Enable closing of the ring itself. Also fixes O_PATH closure (me) - Properly name completion members (me) - Batch reap of dead file registrations (me) - Allow IORING_OP_POLL with double waitqueues (me) - Add tee(2) support (Pavel) - Remove double off read (Pavel) - Fix overflow cancellations (Pavel) - Improve CQ timeouts (Pavel) - Async defer drain fixes (Pavel) - Add support for enabling/disabling notifications on a registered eventfd (Stefano) - Remove dead state parameter (Xiaoguang) - Disable SQPOLL submit on dying ctx (Xiaoguang) - Various code cleanups" * tag 'for-5.8/io_uring-2020-06-01' of git://git.kernel.dk/linux-block: (29 commits) io_uring: fix overflowed reqs cancellation io_uring: off timeouts based only on completions io_uring: move timeouts flushing to a helper statx: hide interfaces no longer used by io_uring io_uring: call statx directly statx: allow system call to be invoked from io_uring io_uring: add io_statx structure io_uring: get rid of manual punting in io_close io_uring: separate DRAIN flushing into a cold path io_uring: don't re-read sqe->off in timeout_prep() io_uring: simplify io_timeout locking io_uring: fix flush req->refs underflow io_uring: don't submit sqes when ctx->refs is dying io_uring: async task poll trigger cleanup io_uring: add tee(2) support splice: export do_tee() io_uring: don't repeat valid flag list io_uring: rename io_file_put() io_uring: remove req->needs_fixed_files io_uring: cleanup io_poll_remove_one() logic ... commit bce159d734091fe31340976081577333f52a85e4 Merge: 750a02ab8d3c 0c8d3fceade2 Author: Linus Torvalds Date: Tue Jun 2 15:37:03 2020 -0700 Merge tag 'for-5.8/drivers-2020-06-01' of git://git.kernel.dk/linux-block Pull block driver updates from Jens Axboe: "On top of the core changes, here are the block driver changes for this merge window: - NVMe changes: - NVMe over Fibre Channel protocol updates, which also reach over to drivers/scsi/lpfc (James Smart) - namespace revalidation support on the target (Anthony Iliopoulos) - gcc zero length array fix (Arnd Bergmann) - nvmet cleanups (Chaitanya Kulkarni) - misc cleanups and fixes (me, Keith Busch, Sagi Grimberg) - use a SRQ per completion vector (Max Gurtovoy) - fix handling of runtime changes to the queue count (Weiping Zhang) - t10 protection information support for nvme-rdma and nvmet-rdma (Israel Rukshin and Max Gurtovoy) - target side AEN improvements (Chaitanya Kulkarni) - various fixes and minor improvements all over, icluding the nvme part of the lpfc driver" - Floppy code cleanup series (Willy, Denis) - Floppy contention fix (Jiri) - Loop CONFIGURE support (Martijn) - bcache fixes/improvements (Coly, Joe, Colin) - q->queuedata cleanups (Christoph) - Get rid of ioctl_by_bdev (Christoph, Stefan) - md/raid5 allocation fixes (Coly) - zero length array fixes (Gustavo) - swim3 task state fix (Xu)" * tag 'for-5.8/drivers-2020-06-01' of git://git.kernel.dk/linux-block: (166 commits) bcache: configure the asynchronous registertion to be experimental bcache: asynchronous devices registration bcache: fix refcount underflow in bcache_device_free() bcache: Convert pr_ uses to a more typical style bcache: remove redundant variables i and n lpfc: Fix return value in __lpfc_nvme_ls_abort lpfc: fix axchg pointer reference after free and double frees lpfc: Fix pointer checks and comments in LS receive refactoring nvme: set dma alignment to qword nvmet: cleanups the loop in nvmet_async_events_process nvmet: fix memory leak when removing namespaces and controllers concurrently nvmet-rdma: add metadata/T10-PI support nvmet: add metadata support for block devices nvmet: add metadata/T10-PI support nvme: add Metadata Capabilities enumerations nvmet: rename nvmet_check_data_len to nvmet_check_transfer_len nvmet: rename nvmet_rw_len to nvmet_rw_data_len nvmet: add metadata characteristics for a namespace nvme-rdma: add metadata/T10-PI support nvme-rdma: introduce nvme_rdma_sgl structure ... commit e8224bfe77293494626f6eec1884fee7b87d0ced Author: Vasily Averin Date: Tue Jun 2 15:55:26 2020 +0300 net_failover: fixed rollback in net_failover_open() found by smatch: drivers/net/net_failover.c:65 net_failover_open() error: we previously assumed 'primary_dev' could be null (see line 43) Fixes: cfc80d9a1163 ("net: Introduce net_failover driver") Signed-off-by: Vasily Averin Signed-off-by: David S. Miller commit 750a02ab8d3c49ca7d23102be90d3d1db19e2827 Merge: 1966391fa576 abb30460bda2 Author: Linus Torvalds Date: Tue Jun 2 15:29:19 2020 -0700 Merge tag 'for-5.8/block-2020-06-01' of git://git.kernel.dk/linux-block Pull block updates from Jens Axboe: "Core block changes that have been queued up for this release: - Remove dead blk-throttle and blk-wbt code (Guoqing) - Include pid in blktrace note traces (Jan) - Don't spew I/O errors on wouldblock termination (me) - Zone append addition (Johannes, Keith, Damien) - IO accounting improvements (Konstantin, Christoph) - blk-mq hardware map update improvements (Ming) - Scheduler dispatch improvement (Salman) - Inline block encryption support (Satya) - Request map fixes and improvements (Weiping) - blk-iocost tweaks (Tejun) - Fix for timeout failing with error injection (Keith) - Queue re-run fixes (Douglas) - CPU hotplug improvements (Christoph) - Queue entry/exit improvements (Christoph) - Move DMA drain handling to the few drivers that use it (Christoph) - Partition handling cleanups (Christoph)" * tag 'for-5.8/block-2020-06-01' of git://git.kernel.dk/linux-block: (127 commits) block: mark bio_wouldblock_error() bio with BIO_QUIET blk-wbt: rename __wbt_update_limits to wbt_update_limits blk-wbt: remove wbt_update_limits blk-throttle: remove tg_drain_bios blk-throttle: remove blk_throtl_drain null_blk: force complete for timeout request blk-mq: drain I/O when all CPUs in a hctx are offline blk-mq: add blk_mq_all_tag_iter blk-mq: open code __blk_mq_alloc_request in blk_mq_alloc_request_hctx blk-mq: use BLK_MQ_NO_TAG in more places blk-mq: rename BLK_MQ_TAG_FAIL to BLK_MQ_NO_TAG blk-mq: move more request initialization to blk_mq_rq_ctx_init blk-mq: simplify the blk_mq_get_request calling convention blk-mq: remove the bio argument to ->prepare_request nvme: force complete cancelled requests blk-mq: blk-mq: provide forced completion method block: fix a warning when blkdev.h is included for !CONFIG_BLOCK builds block: blk-crypto-fallback: remove redundant initialization of variable err block: reduce part_stat_lock() scope block: use __this_cpu_add() instead of access by smp_processor_id() ... commit 1966391fa576e1fb2701be8bcca197d8f72737b7 Author: Hugh Dickins Date: Tue Jun 2 14:36:32 2020 -0700 mm/migrate.c: attach_page_private already does the get_page Just finished bisecting mmotm, to find why a test which used to take four minutes now took more than an hour: the __buffer_migrate_page() cleanup left behind a get_page() which attach_page_private() now does. Fixes: cd0f37154443 ("mm/migrate.c: call detach_page_private to cleanup code") Signed-off-by: Hugh Dickins Signed-off-by: Linus Torvalds commit 241d46dce9f4ee64e742e12568034b9ba4762961 Merge: 11e877b2a8cf a275727b1899 Author: David S. Miller Date: Tue Jun 2 15:13:47 2020 -0700 Merge branch 'tipc-revert-two-patches' Tuong Lien says: ==================== tipc: revert two patches We revert two patches: tipc: Fix potential tipc_node refcnt leak in tipc_rcv tipc: Fix potential tipc_aead refcnt leak in tipc_crypto_rcv which prevented TIPC encryption from working properly and caused kernel panic. ==================== Signed-off-by: David S. Miller commit a275727b1899d14d33d6c8c70f303b73f01cdbc6 Author: Tuong Lien Date: Tue Jun 2 11:46:41 2020 +0700 Revert "tipc: Fix potential tipc_aead refcnt leak in tipc_crypto_rcv" This reverts commit 441870ee4240cf67b5d3ab8e16216a9ff42eb5d6. Like the previous patch in this series, we revert the above commit that causes similar issues with the 'aead' object. Acked-by: Jon Maloy Signed-off-by: Tuong Lien Signed-off-by: David S. Miller commit 049fa17f7ae6b0971ad41b761479962facafea4b Author: Tuong Lien Date: Tue Jun 2 11:46:40 2020 +0700 Revert "tipc: Fix potential tipc_node refcnt leak in tipc_rcv" This reverts commit de058420767df21e2b6b0f3bb36d1616fb962032. There is no actual tipc_node refcnt leak as stated in the above commit. The refcnt is hold carefully for the case of an asynchronous decryption (i.e. -EINPROGRESS/-EBUSY and skb = NULL is returned), so that the node object cannot be freed in the meantime. The counter will be re-balanced when the operation's callback arrives with the decrypted buffer if any. In other cases, e.g. a synchronous crypto the counter will be decreased immediately when it is done. Now with that commit, a kernel panic will occur when there is no node found (i.e. n = NULL) in the 'tipc_rcv()' or a premature release of the node object. This commit solves the issues by reverting the said commit, but keeping one valid case that the 'skb_linearize()' is failed. Acked-by: Jon Maloy Signed-off-by: Tuong Lien Tested-by: Hoang Le Signed-off-by: David S. Miller commit 11e877b2a8cfd282a1b81f9d4c594b900889a5d8 Author: Ronak Doshi Date: Mon Jun 1 20:02:39 2020 -0700 vmxnet3: allow rx flow hash ops only when rss is enabled It makes sense to allow changes to get/set rx flow hash callback only when rss is enabled. This patch restricts get_rss_hash_opts and set_rss_hash_opts methods to allow querying and configuring different Rx flow hash configurations only when rss is enabled Signed-off-by: Ronak Doshi Signed-off-by: David S. Miller commit 2eed5a8b614bc0197b29da7b21a78d2c564a7098 Author: Luo bin Date: Tue Jun 2 08:40:32 2020 +0800 hinic: add set_channels ethtool_ops support add support to change TX/RX queue number with "ethtool -L combined". V5 -> V6: remove check for carrier in hinic_xmit_frame V4 -> V5: change time zone in patch header V3 -> V4: update date in patch header V2 -> V3: remove check for zero channels->combined_count V1 -> V2: update commit message("ethtool -L" to "ethtool -L combined") V0 -> V1: remove check for channels->tx_count/rx_count/other_count Signed-off-by: Luo bin Signed-off-by: David S. Miller commit 9a5a908c38c7a8978f240d8de57ec65441cf554f Merge: 9a25c1df24a6 e7ad28e6fdbf Author: David S. Miller Date: Tue Jun 2 15:09:39 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next Daniel Borkmann says: ==================== pull-request: bpf-next 2020-06-02 The following pull-request contains BPF _fixes-only_ for your *net-next* tree. We've added 10 non-merge commits during the last 1 day(s) which contain a total of 15 files changed, 229 insertions(+), 74 deletions(-). The main changes are: 1) Several fixes to s390 BPF JIT e.g. fixing kernel panic when BPF stack is not 8-byte aligned, from Ilya Leoshkevich. 2) Fix bpf_skb_adjust_room() helper's CHECKSUM_UNNECESSARY handling which was wrongly bypassing TCP checksum verification, from Daniel Borkmann. 3) Fix tools/bpf/ build under MAKEFLAGS=rR which causes built-in CXX and others vars to be undefined, also from Ilya Leoshkevich. 4) Fix BPF ringbuf's selftest shared sample_cnt variable to avoid compiler optimizations on it, from Andrii Nakryiko. 5) Fix up test_verifier selftest due to addition of rx_queue_mapping to the bpf_sock structure, from Alexei Starovoitov. ==================== Signed-off-by: David S. Miller commit faa392181a0bd42c5478175cef601adeecdc91b6 Merge: cfa3b8068b09 9ca1f474cea0 Author: Linus Torvalds Date: Tue Jun 2 15:04:15 2020 -0700 Merge tag 'drm-next-2020-06-02' of git://anongit.freedesktop.org/drm/drm Pull drm updates from Dave Airlie: "Highlights: - Core DRM had a lot of refactoring around managed drm resources to make drivers simpler. - Intel Tigerlake support is on by default - amdgpu now support p2p PCI buffer sharing and encrypted GPU memory Details: core: - uapi: error out EBUSY when existing master - uapi: rework SET/DROP MASTER permission handling - remove drm_pci.h - drm_pci* are now legacy - introduced managed DRM resources - subclassing support for drm_framebuffer - simple encoder helper - edid improvements - vblank + writeback documentation improved - drm/mm - optimise tree searches - port drivers to use devm_drm_dev_alloc dma-buf: - add flag for p2p buffer support mst: - ACT timeout improvements - remove drm_dp_mst_has_audio - don't use 2nd TX slot - spec recommends against it bridge: - dw-hdmi various improvements - chrontel ch7033 support - fix stack issues with old gcc hdmi: - add unpack function for drm infoframe fbdev: - misc fbdev driver fixes i915: - uapi: global sseu pinning - uapi: OA buffer polling - uapi: remove generated perf code - uapi: per-engine default property values in sysfs - Tigerlake GEN12 enabled. - Lots of gem refactoring - Tigerlake enablement patches - move to drm_device logging - Icelake gamma HW readout - push MST link retrain to hotplug work - bandwidth atomic helpers - ICL fixes - RPS/GT refactoring - Cherryview full-ppgtt support - i915 locking guidelines documented - require linear fb stride to be 512 multiple on gen9 - Tigerlake SAGV support amdgpu: - uapi: encrypted GPU memory handling - uapi: add MEM_SYNC IB flag - p2p dma-buf support - export VRAM dma-bufs - FRU chip access support - RAS/SR-IOV updates - Powerplay locking fixes - VCN DPG (powergating) enablement - GFX10 clockgating fixes - DC fixes - GPU reset fixes - navi SDMA fix - expose FP16 for modesetting - DP 1.4 compliance fixes - gfx10 soft recovery - Improved Critical Thermal Faults handling - resizable BAR on gmc10 amdkfd: - uapi: GWS resource management - track GPU memory per process - report PCI domain in topology radeon: - safe reg list generator fixes nouveau: - HD audio fixes on recent systems - vGPU detection (fail probe if we're on one, for now) - Interlaced mode fixes (mostly avoidance on Turing, which doesn't support it) - SVM improvements/fixes - NVIDIA format modifier support - Misc other fixes. adv7511: - HDMI SPDIF support ast: - allocate crtc state size - fix double assignment - fix suspend bochs: - drop connector register cirrus: - move to tiny drivers. exynos: - fix imported dma-buf mapping - enable runtime PM - fixes and cleanups mediatek: - DPI pin mode swap - config mipi_tx current/impedance lima: - devfreq + cooling device support - task handling improvements - runtime PM support pl111: - vexpress init improvements - fix module auto-load rcar-du: - DT bindings conversion to YAML - Planes zpos sanity check and fix - MAINTAINERS entry for LVDS panel driver mcde: - fix return value mgag200: - use managed config init stm: - read endpoints from DT vboxvideo: - use PCI managed functions - drop WC mtrr vkms: - enable cursor by default rockchip: - afbc support virtio: - various cleanups qxl: - fix cursor notify port hisilicon: - 128-byte stride alignment fix sun4i: - improved format handling" * tag 'drm-next-2020-06-02' of git://anongit.freedesktop.org/drm/drm: (1401 commits) drm/amd/display: Fix potential integer wraparound resulting in a hang drm/amd/display: drop cursor position check in atomic test drm/amdgpu: fix device attribute node create failed with multi gpu drm/nouveau: use correct conflicting framebuffer API drm/vblank: Fix -Wformat compile warnings on some arches drm/amdgpu: Sync with VM root BO when switching VM to CPU update mode drm/amd/display: Handle GPU reset for DC block drm/amdgpu: add apu flags (v2) drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven drm/amdgpu: fix pm sysfs node handling (v2) drm/amdgpu: move gpu_info parsing after common early init drm/amdgpu: move discovery gfx config fetching drm/nouveau/dispnv50: fix runtime pm imbalance on error drm/nouveau: fix runtime pm imbalance on error drm/nouveau: fix runtime pm imbalance on error drm/nouveau/debugfs: fix runtime pm imbalance on error drm/nouveau/nouveau/hmm: fix migrate zero page to GPU drm/nouveau/nouveau/hmm: fix nouveau_dmem_chunk allocations drm/nouveau/kms/nv50-: Share DP SST mode_valid() handling with MST drm/nouveau/kms/nv50-: Move 8BPC limit for MST into nv50_mstc_get_modes() ... commit cfa3b8068b09f25037146bfd5eed041b78878bee Merge: 194098915ac7 f07e2f6be37a Author: Linus Torvalds Date: Tue Jun 2 14:05:27 2020 -0700 Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull hmm updates from Jason Gunthorpe: "This series adds a selftest for hmm_range_fault() and several of the DEVICE_PRIVATE migration related actions, and another simplification for hmm_range_fault()'s API. - Simplify hmm_range_fault() with a simpler return code, no HMM_PFN_SPECIAL, and no customizable output PFN format - Add a selftest for hmm_range_fault() and DEVICE_PRIVATE related functionality" * tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: MAINTAINERS: add HMM selftests mm/hmm/test: add selftests for HMM mm/hmm/test: add selftest driver for HMM mm/hmm: remove the customizable pfn format from hmm_range_fault mm/hmm: remove HMM_PFN_SPECIAL drm/amdgpu: remove dead code after hmm_range_fault() mm/hmm: make hmm_range_fault return 0 or -1 commit 4b68bf9a69d22dd512d61d5f0ba01b065b01ede6 Author: Arne Edholm Date: Mon Jan 13 15:56:22 2020 +0100 ubi: Select fastmap anchor PEBs considering wear level rules There is a risk that the fastmap anchor PEB is alternating between just two PEBs, the current anchor and the previous anchor that was just deleted. As the fastmap pools gets the first take on free PEBs, the pools may leave no free PEBs to be selected as the new anchor, resulting in the two PEBs alternating behaviour. If the anchor PEBs gets a high erase count the PEBs will not be used by the pools but remain in ubi->free, even more increasing the likelihood they will be used as anchors. Getting stuck using only a couple of PEBs continuously will result in an uneven wear, eventually leading to failure. To fix this: - Choose the fastmap anchor when the most free PEBs are available. This is during rebuilding of the fastmap pools, after the unused pool PEBs are added to ubi->free but before the pools are populated again from the free PEBs. Also reserve an additional second best PEB as a candidate for the next time the fast map anchor is updated. If a better PEB is found the next time the fast map anchor is updated, the candidate is made available for building the pools. - Enable anchor move within the anchor area again as it is useful for distributing wear. - The anchor candidate for the next fastmap update is the most suited free PEB. Check this PEB's erase count during wear leveling. If the wear leveling limit is exceeded, the PEB is considered unsuitable for now. As all other non used anchor area PEBs should be even worse, free up the used anchor area PEB with the lowest erase count. Signed-off-by: Arne Edholm Signed-off-by: Richard Weinberger commit f6e8c474390be2e6f5bd0b8966e19958214609ff Author: Gustavo A. R. Silva Date: Thu May 7 14:26:52 2020 -0500 um: virtio: Replace zero-length array with flexible-array The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] sizeof(flexible-array-member) triggers a warning because flexible array members have incomplete type[1]. There are some instances of code in which the sizeof operator is being incorrectly/erroneously applied to zero-length arrays and the result is zero. Such instances may be hiding some bugs. So, this work (flexible-array member conversions) will also help to get completely rid of those sorts of issues. This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Richard Weinberger commit 54ebe4060fe6c4ab76c79354417612ac9cf4f95e Author: Anton Ivanov Date: Wed Apr 22 17:00:01 2020 +0100 um: Use fdatasync() when mapping the UBD FSYNC command We do not need to update the metadata (atime, mtime, etc) on the UBD file and/or the COW file until UML exits. UBD image mtime is checked in UML only when opening the files. After that they are locked and used exclusively by a single UML instance, so there is no point wasting resources on updating metadata on every sync. We can sync data only. The host will always update mtime if a file has been modified upon closing it. Signed-off-by: Anton Ivanov Signed-off-by: Richard Weinberger commit 0b86ce29cfc273501d019b18f31cee7837c8fd2a Author: Masahiro Yamada Date: Sat Apr 18 03:04:55 2020 +0900 um: Do not evaluate compiler's library path when cleaning Since commit a83e4ca26af8 ("kbuild: remove cc-option switch from -Wframe-larger-than="), 'make ARCH=um clean' emits an error message as follows: $ make ARCH=um clean gcc: error: missing argument to '-Wframe-larger-than=' We do not care compiler flags when cleaning. Use the '=' operator for lazy expansion because we do not use LDFLAGS_pcap.o or LDFLAGS_vde.o when cleaning. While I was here, I removed the redundant -r option because it already exists in the recipe. Fixes: a83e4ca26af8 ("kbuild: remove cc-option switch from -Wframe-larger-than=") Signed-off-by: Masahiro Yamada Reviewed-by: Nathan Chancellor Tested-by: Nathan Chancellor [build] Signed-off-by: Richard Weinberger commit 4c5a770580054c1d107ba204a42df1db221670bd Author: Joe Perches Date: Sat Apr 11 09:28:08 2020 -0700 um: Neaten vu_err macro definition Defining a macro with ... and __VA_ARGS__ (without ##) can cause compilation errors if a macro use does not have additional args. Add ## to __VA_ARGS__ in the macro definition. Signed-off-by: Joe Perches Signed-off-by: Richard Weinberger commit bc8f8e4e6e7a648e8c6357307d614be8fdcfdf2a Author: Marc-André Lureau Date: Tue Apr 7 22:28:53 2020 +0200 um: Add a generic "fd" vector transport Learn to take a pre-opened file-descriptor for vector IO. Instead of teaching the driver to open a FD in multiple ways, it can rely on management layer to do it on its behalf. For example, this allows inheriting a preconfigured device fd or a simple socketpair() setup, without further arguments, privileges or system access by UML. Signed-off-by: Marc-André Lureau Acked-By: Anton Ivanov Signed-off-by: Richard Weinberger commit 38bccfbeb0af039e59eb75fe6d9b2a83cda3d381 Author: Zach van Rijn Date: Wed Apr 1 16:30:48 2020 -0500 um: Add include: memset() and memcpy() are in These two functions are otherwise unknown to the pedantic compiler. Include the correct header to enable the build to succeed. Signed-off-by: Zach van Rijn Acked-By: Anton Ivanov Signed-off-by: Richard Weinberger commit 194098915ac74daddca9d6ed46fd11be57f45e16 Merge: 118d6e98293b 9361797c7696 Author: Linus Torvalds Date: Tue Jun 2 13:31:48 2020 -0700 Merge tag 'pnp-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull PNP update from Rafael Wysocki: "Replace a zero-length array with a flexible-array (Gustavo A. R. Silva)" * tag 'pnp-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: PNPBIOS: Replace zero-length array with flexible-array commit 118d6e98293b30aee378a6b08d27a35320a3e34f Merge: 355ba37d756c 48ccdeddc547 Author: Linus Torvalds Date: Tue Jun 2 13:25:52 2020 -0700 Merge tag 'acpi-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI updates from Rafael Wysocki: "These update the ACPICA code in the kernel to upstream revision 20200430, fix several reference counting errors related to ACPI tables, add _Exx / _Lxx support to the GED driver, add a new acpi_evaluate_reg() helper, add new DPTF battery participant driver and extend the DPFT power participant driver, improve the handling of memory failures in the APEI code, add a blacklist entry to the backlight driver, update the PMIC driver and the processor idle driver, fix two kobject reference count leaks, and make a few janitory changes. Specifics: - Update the ACPICA code in the kernel to upstream revision 20200430: - Move acpi_gbl_next_cmd_num definition (Erik Kaneda). - Ignore AE_ALREADY_EXISTS status in the disassembler when parsing create operators (Erik Kaneda). - Add status checks to the dispatcher (Erik Kaneda). - Fix required parameters for _NIG and _NIH (Erik Kaneda). - Make acpi_protocol_lengths static (Yue Haibing). - Fix ACPI table reference counting errors in several places, mostly in error code paths (Hanjun Guo). - Extend the Generic Event Device (GED) driver to support _Exx and _Lxx handler methods (Ard Biesheuvel). - Add new acpi_evaluate_reg() helper and modify the ACPI PCI hotplug code to use it (Hans de Goede). - Add new DPTF battery participant driver and make the DPFT power participant driver create more sysfs device attributes (Srinivas Pandruvada). - Improve the handling of memory failures in APEI (James Morse). - Add new blacklist entry for Acer TravelMate 5735Z to the backlight driver (Paul Menzel). - Add i2c address for thermal control to the PMIC driver (Mauro Carvalho Chehab). - Allow the ACPI processor idle driver to work on platforms with only one ACPI C-state present (Zhang Rui). - Fix kobject reference count leaks in error code paths in two places (Qiushi Wu). - Delete unused proc filename macros and make some symbols static (Pascal Terjan, Zheng Zengkai, Zou Wei)" * tag 'acpi-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (32 commits) ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() ACPI: GED: use correct trigger type field in _Exx / _Lxx handling ACPI: DPTF: Add battery participant driver ACPI: DPTF: Additional sysfs attributes for power participant driver ACPI: video: Use native backlight on Acer TravelMate 5735Z arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work ACPI: APEI: Kick the memory_failure() queue for synchronous errors mm/memory-failure: Add memory_failure_queue_kick() ACPI / PMIC: Add i2c address for thermal control ACPI: GED: add support for _Exx / _Lxx handler methods ACPI: Delete unused proc filename macros ACPI: hotplug: PCI: Use the new acpi_evaluate_reg() helper ACPI: utils: Add acpi_evaluate_reg() helper ACPI: debug: Make two functions static ACPI: sleep: Put the FACS table after using it ACPI: scan: Put SPCR and STAO table after using it ACPI: EC: Put the ACPI table after using it ACPI: APEI: Put the HEST table for error path ACPI: APEI: Put the error record serialization table for error path ... commit 56230d956739b9cb1cbde439d76227d77979a04d Author: Miklos Szeredi Date: Tue Jun 2 22:20:26 2020 +0200 ovl: verify permissions in ovl_path_open() Check permission before opening a real file. ovl_path_open() is used by readdir and copy-up routines. ovl_permission() theoretically already checked copy up permissions, but it doesn't hurt to re-do these checks during the actual copy-up. For directory reading ovl_permission() only checks access to topmost underlying layer. Readdir on a merged directory accesses layers below the topmost one as well. Permission wasn't checked for these layers. Note: modifying ovl_permission() to perform this check would be far more complex and hence more bug prone. The result is less precise permissions returned in access(2). If this turns out to be an issue, we can revisit this bug. Signed-off-by: Miklos Szeredi commit 48bd024b8a40d73ad6b086de2615738da0c7004f Author: Miklos Szeredi Date: Tue Jun 2 22:20:25 2020 +0200 ovl: switch to mounter creds in readdir In preparation for more permission checking, override credentials for directory operations on the underlying filesystems. Signed-off-by: Miklos Szeredi commit 130fdbc3d1f9966dd4230709c30f3768bccd3065 Author: Miklos Szeredi Date: Tue Jun 2 22:20:25 2020 +0200 ovl: pass correct flags for opening real directory The three instances of ovl_path_open() in overlayfs/readdir.c do three different things: - pass f_flags from overlay file - pass O_RDONLY | O_DIRECTORY - pass just O_RDONLY The value of f_flags can be (other than O_RDONLY): O_WRONLY - not possible for a directory O_RDWR - not possible for a directory O_CREAT - masked out by dentry_open() O_EXCL - masked out by dentry_open() O_NOCTTY - masked out by dentry_open() O_TRUNC - masked out by dentry_open() O_APPEND - no effect on directory ops O_NDELAY - no effect on directory ops O_NONBLOCK - no effect on directory ops __O_SYNC - no effect on directory ops O_DSYNC - no effect on directory ops FASYNC - no effect on directory ops O_DIRECT - no effect on directory ops O_LARGEFILE - ? O_DIRECTORY - only affects lookup O_NOFOLLOW - only affects lookup O_NOATIME - overlay sets this unconditionally in ovl_path_open() O_CLOEXEC - only affects fd allocation O_PATH - no effect on directory ops __O_TMPFILE - not possible for a directory Fon non-merge directories we use the underlying filesystem's iterate; in this case honor O_LARGEFILE from the original file to make sure that open doesn't get rejected. For merge directories it's safe to pass O_LARGEFILE unconditionally since userspace will only see the artificial offsets created by overlayfs. Signed-off-by: Miklos Szeredi commit 21d8d66abffb0c7834c1b09b8b043ea6a66d6089 Author: Vivek Goyal Date: Tue Jun 2 11:23:38 2020 -0400 ovl: fix redirect traversal on metacopy dentries Amir pointed me to metacopy test cases in unionmount-testsuite and I decided to run "./run --ov=10 --meta" and it failed while running test "rename-mass-5.py". Problem is w.r.t absolute redirect traversal on intermediate metacopy dentry. We do not store intermediate metacopy dentries and also skip current loop/layer and move onto lookup in next layer. But at the end of loop, we have logic to reset "poe" and layer index if currnently looked up dentry has absolute redirect. We skip all that and that means lookup in next layer will fail. Following is simple test case to reproduce this. - mkdir -p lower upper work merged lower/a lower/b - touch lower/a/foo.txt - mount -t overlay -o lowerdir=lower,upperdir=upper,workdir=work,metacopy=on none merged # Following will create absolute redirect "/a/foo.txt" on upper/b/bar.txt. - mv merged/a/foo.txt merged/b/bar.txt # unmount overlay and use upper as lower layer (lower2) for next mount. - umount merged - mv upper lower2 - rm -rf work; mkdir -p upper work - mount -t overlay -o lowerdir=lower2:lower,upperdir=upper,workdir=work,metacopy=on none merged # Force a metacopy copy-up - chown bin:bin merged/b/bar.txt # unmount overlay and use upper as lower layer (lower3) for next mount. - umount merged - mv upper lower3 - rm -rf work; mkdir -p upper work - mount -t overlay -o lowerdir=lower3:lower2:lower,upperdir=upper,workdir=work,metacopy=on none merged # ls merged/b/bar.txt ls: cannot access 'bar.txt': Input/output error Intermediate lower layer (lower2) has metacopy dentry b/bar.txt with absolute redirect "/a/foo.txt". We skipped redirect processing at the end of loop which sets poe to roe and sets the appropriate next lower layer index. And that means lookup failed in next layer. Fix this by continuing the loop for any intermediate dentries. We still do not save these at lower stack. With this fix applied unionmount-testsuite, "./run --ov-10 --meta" now passes. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 28166ab3c875b8cbe19b6ad43e29257d1605e3b9 Author: Vivek Goyal Date: Mon Jun 1 11:56:52 2020 -0400 ovl: initialize OVL_UPPERDATA in ovl_lookup() Currently ovl_get_inode() initializes OVL_UPPERDATA flag and for that it has to call ovl_check_metacopy_xattr() and check if metacopy xattr is present or not. yangerkun reported sometimes underlying filesystem might return -EIO and in that case error handling path does not cleanup properly leading to various warnings. Run generic/461 with ext4 upper/lower layer sometimes may trigger the bug as below(linux 4.19): [ 551.001349] overlayfs: failed to get metacopy (-5) [ 551.003464] overlayfs: failed to get inode (-5) [ 551.004243] overlayfs: cleanup of 'd44/fd51' failed (-5) [ 551.004941] overlayfs: failed to get origin (-5) [ 551.005199] ------------[ cut here ]------------ [ 551.006697] WARNING: CPU: 3 PID: 24674 at fs/inode.c:1528 iput+0x33b/0x400 ... [ 551.027219] Call Trace: [ 551.027623] ovl_create_object+0x13f/0x170 [ 551.028268] ovl_create+0x27/0x30 [ 551.028799] path_openat+0x1a35/0x1ea0 [ 551.029377] do_filp_open+0xad/0x160 [ 551.029944] ? vfs_writev+0xe9/0x170 [ 551.030499] ? page_counter_try_charge+0x77/0x120 [ 551.031245] ? __alloc_fd+0x160/0x2a0 [ 551.031832] ? do_sys_open+0x189/0x340 [ 551.032417] ? get_unused_fd_flags+0x34/0x40 [ 551.033081] do_sys_open+0x189/0x340 [ 551.033632] __x64_sys_creat+0x24/0x30 [ 551.034219] do_syscall_64+0xd5/0x430 [ 551.034800] entry_SYSCALL_64_after_hwframe+0x44/0xa9 One solution is to improve error handling and call iget_failed() if error is encountered. Amir thinks that this path is little intricate and there is not real need to check and initialize OVL_UPPERDATA in ovl_get_inode(). Instead caller of ovl_get_inode() can initialize this state. And this will avoid double checking of metacopy xattr lookup in ovl_lookup() and ovl_get_inode(). OVL_UPPERDATA is inode flag. So I was little concerned that initializing it outside ovl_get_inode() might have some races. But this is one way transition. That is once a file has been fully copied up, it can't go back to metacopy file again. And that seems to help avoid races. So as of now I can't see any races w.r.t OVL_UPPERDATA being set wrongly. So move settingof OVL_UPPERDATA inside the callers of ovl_get_inode(). ovl_obtain_alias() already does it. So only two callers now left are ovl_lookup() and ovl_instantiate(). Reported-by: yangerkun Suggested-by: Amir Goldstein Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 6815f479ca90ee7fd2e28b2a420f796b974155fe Author: Vivek Goyal Date: Mon Jun 1 11:56:51 2020 -0400 ovl: use only uppermetacopy state in ovl_lookup() Currently we use a variable "metacopy" which signifies that dentry could be either uppermetacopy or lowermetacopy. Amir suggested that we can move code around and use d.metacopy in such a way that we don't need lowermetacopy and just can do away with uppermetacopy. So this patch replaces "metacopy" with "uppermetacopy". It also moves some code little higher to keep reading little simpler. Suggested-by: Amir Goldstein Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 59fb20138a9b5249a4176d5bbc5c670a97343061 Author: Vivek Goyal Date: Mon Jun 1 11:56:50 2020 -0400 ovl: simplify setting of origin for index lookup overlayfs can keep index of copied up files and directories and it seems to serve two primary puroposes. For regular files, it avoids breaking lower hardlinks over copy up. For directories it seems to be used for various error checks. During ovl_lookup(), we lookup for index using lower dentry in many a cases. That lower dentry is called "origin" and following is a summary of current logic. If there is no upperdentry, always lookup for index using lower dentry. For regular files it helps avoiding breaking hard links over copyup and for directories it seems to be just error checks. If there is an upperdentry, then there are 3 possible cases. - For directories, lower dentry is found using two ways. One is regular path based lookup in lower layers and second is using ORIGIN xattr on upper dentry. First verify that path based lookup lower dentry matches the one pointed by upper ORIGIN xattr. If yes, use this verified origin for index lookup. - For regular files (non-metacopy), there is no path based lookup in lower layers as lookup stops once we find upper dentry. So there is no origin verification. If there is ORIGIN xattr present on upper, use that to lookup index otherwise don't. - For regular metacopy files, again lower dentry is found using path based lookup as well as ORIGIN xattr on upper. Path based lookup is continued in this case to find lower data dentry for metacopy upper. So like directories we only use verified origin. If ORIGIN xattr is not present (Either because lower did not support file handles or because this is hardlink copied up with index=off), then don't use path lookup based lower dentry as origin. This is same as regular non-metacopy file case. Suggested-by: Amir Goldstein Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 522f6e6cba6880a038e2bd88e10390b84cd3febd Author: Amir Goldstein Date: Sat May 23 16:21:55 2020 +0300 ovl: fix out of bounds access warning in ovl_check_fb_len() syzbot reported out of bounds memory access from open_by_handle_at() with a crafted file handle that looks like this: { .handle_bytes = 2, .handle_type = OVL_FILEID_V1 } handle_bytes gets rounded down to 0 and we end up calling: ovl_check_fh_len(fh, 0) => ovl_check_fb_len(fh + 3, -3) But fh buffer is only 2 bytes long, so accessing struct ovl_fb at fh + 3 is illegal. Fixes: cbe7fba8edfc ("ovl: make sure that real fid is 32bit aligned in memory") Reported-and-tested-by: syzbot+61958888b1c60361a791@syzkaller.appspotmail.com Cc: # v5.5 Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi commit 355ba37d756c38962fe9bb616f5f48eb12a7e11e Merge: a5a82e0a5918 a34024d98eea Author: Linus Torvalds Date: Tue Jun 2 13:17:23 2020 -0700 Merge tag 'pm-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management updates from Rafael Wysocki: "These rework the system-wide PM driver flags, make runtime switching of cpuidle governors easier, improve the user space hibernation interface code, add intel-speed-select interface documentation, add more debug messages to the ACPI code handling suspend to idle, update the cpufreq core and drivers, fix a minor issue in the cpuidle core and update two cpuidle drivers, improve the PM-runtime framework, update the Intel RAPL power capping driver, update devfreq core and drivers, and clean up the cpupower utility. Specifics: - Rework the system-wide PM driver flags to make them easier to understand and use and update their documentation (Rafael Wysocki, Alan Stern). - Allow cpuidle governors to be switched at run time regardless of the kernel configuration and update the related documentation accordingly (Hanjun Guo). - Improve the resume device handling in the user space hibernarion interface code (Domenico Andreoli). - Document the intel-speed-select sysfs interface (Srinivas Pandruvada). - Make the ACPI code handing suspend to idle print more debug messages to help diagnose issues with it (Rafael Wysocki). - Fix a helper routine in the cpufreq core and correct a typo in the struct cpufreq_driver kerneldoc comment (Rafael Wysocki, Wang Wenhu). - Update cpufreq drivers: - Make the intel_pstate driver start in the passive mode by default on systems without HWP (Rafael Wysocki). - Add i.MX7ULP support to the imx-cpufreq-dt driver and add i.MX7ULP to the cpufreq-dt-platdev blacklist (Peng Fan). - Convert the qoriq cpufreq driver to a platform one, make the platform code create a suitable device object for it and add platform dependencies to it (Mian Yousaf Kaukab, Geert Uytterhoeven). - Fix wrong compatible binding in the qcom driver (Ansuel Smith). - Build the omap driver by default for ARCH_OMAP2PLUS (Anders Roxell). - Add r8a7742 SoC support to the dt cpufreq driver (Lad Prabhakar). - Update cpuidle core and drivers: - Fix three reference count leaks in error code paths in the cpuidle core (Qiushi Wu). - Convert Qualcomm SPM to a generic cpuidle driver (Stephan Gerhold). - Fix up the execution order when entering a domain idle state in the PSCI driver (Ulf Hansson). - Fix a reference counting issue related to clock management and clean up two oddities in the PM-runtime framework (Rafael Wysocki, Andy Shevchenko). - Add ElkhartLake support to the Intel RAPL power capping driver and remove an unused local MSR definition from it (Jacob Pan, Sumeet Pawnikar). - Update devfreq core and drivers: - Replace strncpy() with strscpy() in the devfreq core and use lockdep asserts instead of manual checks for a locked mutex in it (Dmitry Osipenko, Krzysztof Kozlowski). - Add a generic imx bus scaling driver and make it register an interconnect device (Leonard Crestez, Gustavo A. R. Silva). - Make the cpufreq notifier in the tegra30 driver take boosting into account and delete an unuseful error message from that driver (Dmitry Osipenko, Markus Elfring). - Remove unneeded semicolon from the cpupower code (Zou Wei)" * tag 'pm-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (51 commits) cpuidle: Fix three reference count leaks PM: runtime: Replace pm_runtime_callbacks_present() PM / devfreq: Use lockdep asserts instead of manual checks for locked mutex PM / devfreq: imx-bus: Fix inconsistent IS_ERR and PTR_ERR PM / devfreq: Replace strncpy with strscpy PM / devfreq: imx: Register interconnect device PM / devfreq: Add generic imx bus scaling driver PM / devfreq: tegra30: Delete an error message in tegra_devfreq_probe() PM / devfreq: tegra30: Make CPUFreq notifier to take into account boosting PM: hibernate: Restrict writes to the resume device PM: runtime: clk: Fix clk_pm_runtime_get() error path cpuidle: Convert Qualcomm SPM driver to a generic CPUidle driver ACPI: EC: PM: s2idle: Extend GPE dispatching debug message ACPI: PM: s2idle: Print type of wakeup debug messages powercap: RAPL: remove unused local MSR define PM: runtime: Make clear what we do when conditions are wrong in rpm_suspend() Documentation: admin-guide: pm: Document intel-speed-select PM: hibernate: Split off snapshot dev option PM: hibernate: Incorporate concurrency handling Documentation: ABI: make current_governer_ro as a candidate for removal ... commit e7ad28e6fdbffa2b9b1bd376431fb81a5403bcfd Author: Ilya Leoshkevich Date: Tue Jun 2 19:56:49 2020 +0200 selftests/bpf: Add a default $(CXX) value When using make kselftest TARGETS=bpf, tools/bpf is built with MAKEFLAGS=rR, which causes $(CXX) to be undefined, which in turn causes the build to fail with CXX test_cpp /bin/sh: 2: g: not found Fix by adding a default $(CXX) value, like tools/build/feature/Makefile already does. Signed-off-by: Ilya Leoshkevich Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200602175649.2501580-3-iii@linux.ibm.com commit d70a6be1e2ab98f13688e4a529b326e8e11230d0 Author: Ilya Leoshkevich Date: Tue Jun 2 19:56:48 2020 +0200 tools/bpf: Don't use $(COMPILE.c) When using make kselftest TARGETS=bpf, tools/bpf is built with MAKEFLAGS=rR, which causes $(COMPILE.c) to be undefined, which in turn causes the build to fail with CC kselftest/bpf/tools/build/bpftool/map_perf_ring.o /bin/sh: 1: -MMD: not found Fix by using $(CC) $(CFLAGS) -c instead of $(COMPILE.c). Signed-off-by: Ilya Leoshkevich Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200602175649.2501580-2-iii@linux.ibm.com commit a5a82e0a5918fb2ae27b80d3b9c954b16ae6a7b7 Merge: c5d6c1384388 47a94c551a74 Author: Linus Torvalds Date: Tue Jun 2 12:56:58 2020 -0700 Merge tag 'platform-drivers-x86-v5.8-1' of git://git.infradead.org/linux-platform-drivers-x86 Pull x86 platform driver updates from Andy Shevchenko: - Add a support of the media keys on the ASUS laptop UX325JA/UX425JA - ASUS WMI driver can now handle 2-in-1 models T100TA, T100CHI, T100HA, T200TA - Big refactoring of Intel SCU driver with Elkhart Lake support has been added - Slim Bootloarder firmware update signaling WMI driver has been added - Thinkpad ACPI driver can handle dual fan configuration on new P and X models - Touchscreen DMI driver has been extended to support - MP-man MPWIN895CL tablet - ONDA V891 v5 tablet - techBite Arc 11.6 - Trekstor Twin 10.1 - Trekstor Yourbook C11B - Vinga J116 - Virtual Button driver got a few fixes to detect mode of 2-in-1 tablet models - Intel Speed Select tools update - Plenty of small cleanups here and there * tag 'platform-drivers-x86-v5.8-1' of git://git.infradead.org/linux-platform-drivers-x86: (89 commits) platform/x86: dcdbas: Check SMBIOS for protected buffer address platform/x86: asus_wmi: Reserve more space for struct bias_args platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) platform/x86: touchscreen_dmi: Update Trekstor Twin 10.1 entry platform/x86: touchscreen_dmi: Add info for the Trekstor Yourbook C11B platform/x86: hp-wmi: Introduce HPWMI_POWER_FW_OR_HW as convenient shortcut platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() platform/x86: hp-wmi: Refactor postcode_store() to follow standard patterns platform/x86: acerhdf: replace space by * in modalias platform/x86: ISST: Increase timeout tools/power/x86/intel-speed-select: Fix invalid core mask tools/power/x86/intel-speed-select: Increase CPU count tools/power/x86/intel-speed-select: Fix json perf-profile output output platform/x86: dell-wmi: Ignore keyboard attached / detached events platform/x86: dell-laptop: don't register micmute LED if there is no token platform/x86: thinkpad_acpi: Replace custom approach by kstrtoint() platform/x86: thinkpad_acpi: Use strndup_user() in dispatch_proc_write() platform/x86: thinkpad_acpi: Replace next_cmd(&buf) with strsep(&buf, ",") platform/x86: intel-vbtn: Detect switch position before registering the input-device ... commit 4f085ca2f5a8047845ab2d6bbe97089daed28655 Merge: ea20868c7197 c8e9df4744a3 Author: Alex Williamson Date: Tue Jun 2 13:53:00 2020 -0600 Merge branch 'v5.8/vfio/kirti-migration-fixes' into v5.8/vfio/next commit c5d6c13843880ad0112f0513f3eb041b258be66e Merge: 94709049fb84 ae5c0585dfc2 Author: Linus Torvalds Date: Tue Jun 2 12:48:58 2020 -0700 Merge tag 'mmc-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC updates from Ulf Hansson: "MMC core: - Enable erase/discard/trim support for all (e)MMC/SD hosts - Export information through sysfs about enhanced RPMB support (eMMC v5.1+) - Align the initialization commands for SDIO cards - Fix SDIO initialization to prevent memory leaks and NULL pointer errors - Do not export undefined MMC_NAME/MODALIAS for SDIO cards - Export device/vendor field from common CIS for SDIO cards - Move SDIO IDs from functional drivers to the common SDIO header - Introduce the ->request_atomic() host ops MMC host: - Improve support for HW busy signaling for several hosts - Converting some DT bindings to the json-schema - meson-mx-sdhc: Add driver and DT doc for the Amlogic Meson SDHC controller - meson-mx-sdio: Run a soft reset to recover from timeout/CRC error - mmci: Convert to use mmc_regulator_set_vqmmc() - mmci_stm32_sdmmc: Fix a couple of DMA bugs - mmci_stm32_sdmmc: Fix power on issue - renesas,mmcif,sdhci: Document r8a7742 DT bindings - renesas_sdhi: Add support for M3-W ES1.2 and 1.3 revisions - renesas_sdhi: Improvements to the TAP selection - renesas_sdhi/tmio: Further fixup runtime PM management at ->remove() - sdhci: Introduce ops to dump vendor specific registers - sdhci-cadence: Fix PHY write sequence - sdhci-esdhc-imx: Improve tunings - sdhci-esdhc-imx: Enable GPIO card detect as system wakeup - sdhci-esdhc-imx: Add HS400 support for i.MX6SLL - sdhci-esdhc-mcf: Add driver for the Coldfire/M5441X esdhc controller - m68k: mcf5441x: Add platform data to enable esdhc mmc controller - sdhci-msm: Improve HS400 tuning - sdhci-msm: Dump vendor specific registers at error - sdhci-msm: Add support for DLL/DDR properties provided from DT - sdhci-msm: Add support for the sm8250 variant - sdhci-msm: Add support for DVFS by converting to dev_pm_opp_set_rate() - sdhci-of-arasan: Add support for Intel Keem Bay variant - sdhci-of-arasan: Add support for Xilinx Versal SD variant - sdhci-of-dwcmshc: Add support for system suspend/resume - sdhci-of-dwcmshc: Fix UHS signaling support - sdhci-of-esdhc: Fix tuning for eMMC HS400 mode - sdhci-pci-gli: Add Genesys Logic GL9763E support - sdhci-sprd: Add support for the ->request_atomic() ops - sdhci-tegra: Avoid reading autocal timeout values when not applicable MEMSTICK: - Minor trivial update" * tag 'mmc-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: (127 commits) dt-bindings: mmc: Convert sdhci-pxa to json-schema mmc: sdhci-msm: Clear tuning done flag while hs400 tuning mmc: core: Export device/vendor ids from Common CIS for SDIO cards mmc: core: Do not export MMC_NAME= and MODALIAS=mmc:block for SDIO cards mmc: sdhci-of-at91: fix CALCR register being rewritten mmc: sdhci-esdhc-imx: disable the CMD CRC check for standard tuning mmc: sdhci-esdhc-imx: fix the mask for tuning start point mmc: host: sdhci-esdhc-imx: add wakeup feature for GPIO CD pin mmc: mmci_sdmmc: fix DMA API warning max segment size mmc: mmci_sdmmc: fix DMA API warning overlapping mappings mmc: sdhci-of-arasan: Add support for Intel Keem Bay dt-bindings: mmc: arasan: Add compatible strings for Intel Keem Bay mmc: sdhci-cadence: fix PHY write mmc: sdio: Sort all SDIO IDs in common include file mmc: sdio: Fix Cypress SDIO IDs macros in common include file mmc: sdio: Move SDIO IDs from b43-sdio driver to common include file mmc: sdio: Move SDIO IDs from ath10k driver to common include file mmc: sdio: Move SDIO IDs from ath6kl driver to common include file mmc: sdio: Move SDIO IDs from smssdio driver to common include file mmc: sdio: Move SDIO IDs from btmtksdio driver to common include file ... commit c8e9df4744a3e4d897a6ac6e71a38aa8d7b65aa0 Author: Kirti Wankhede Date: Wed Jun 3 00:12:37 2020 +0530 vfio iommu: typecast corrections Fixes sparse warnings by adding '__user' in typecast for copy_[from,to]_user() Fixes: d6a4c185660c ("vfio iommu: Implementation of ioctl for dirty pages tracking") Reported-by: kbuild test robot Signed-off-by: Kirti Wankhede Signed-off-by: Alex Williamson commit cd0bb41ea86027d3a5c3555772692323cbc05bc1 Author: Kirti Wankhede Date: Wed Jun 3 00:12:36 2020 +0530 vfio iommu: Use shift operation for 64-bit integer division Fixes compilation error with ARCH=i386. Error fixed by this commit: ld: drivers/vfio/vfio_iommu_type1.o: in function `vfio_dma_populate_bitmap': >> vfio_iommu_type1.c:(.text+0x666): undefined reference to `__udivdi3' Fixes: d6a4c185660c ("vfio iommu: Implementation of ioctl for dirty pages tracking") Reported-by: kbuild test robot Signed-off-by: Kirti Wankhede Signed-off-by: Alex Williamson commit 1a0b00d15d4005390b74154e98822fc7d36d36cd Author: Bob Peterson Date: Mon Jun 1 11:37:09 2020 -0400 gfs2: Only do glock put in gfs2_create_inode for free inodes Before this patch, the error path of function gfs2_create_inode would always calls gfs2_glock_put for the inode glock. That's good for inodes that are free. But after they've been added to the vfs inodes, errors will cause the inode to be evicted, and the evict will do the glock put for us. If we do a glock put again, we can try to free the glock while there are still references to it, e.g. revokes pending for the transaction that created it. This patch adds a check: if (free_vfs_inode) before the put, thus solving the problem. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit 94709049fb8442fb2f7b91fbec3c2897a75e18df Merge: 17839856fd58 4fba37586e4e Author: Linus Torvalds Date: Tue Jun 2 12:21:36 2020 -0700 Merge branch 'akpm' (patches from Andrew) Merge updates from Andrew Morton: "A few little subsystems and a start of a lot of MM patches. Subsystems affected by this patch series: squashfs, ocfs2, parisc, vfs. With mm subsystems: slab-generic, slub, debug, pagecache, gup, swap, memcg, pagemap, memory-failure, vmalloc, kasan" * emailed patches from Andrew Morton : (128 commits) kasan: move kasan_report() into report.c mm/mm_init.c: report kasan-tag information stored in page->flags ubsan: entirely disable alignment checks under UBSAN_TRAP kasan: fix clang compilation warning due to stack protector x86/mm: remove vmalloc faulting mm: remove vmalloc_sync_(un)mappings() x86/mm/32: implement arch_sync_kernel_mappings() x86/mm/64: implement arch_sync_kernel_mappings() mm/ioremap: track which page-table levels were modified mm/vmalloc: track which page-table levels were modified mm: add functions to track page directory modifications s390: use __vmalloc_node in stack_alloc powerpc: use __vmalloc_node in alloc_vm_stack arm64: use __vmalloc_node in arch_alloc_vmap_stack mm: remove vmalloc_user_node_flags mm: switch the test_vmalloc module to use __vmalloc_node mm: remove __vmalloc_node_flags_caller mm: remove both instances of __vmalloc_node_flags mm: remove the prot argument to __vmalloc_node mm: remove the pgprot argument to __vmalloc ... commit 9bc499befeef07a4d79f4924bfca05634ad8fc97 Author: Ilya Leoshkevich Date: Tue Jun 2 19:44:48 2020 +0200 bpf, selftests: Use bpf_probe_read_kernel Since commit 0ebeea8ca8a4 ("bpf: Restrict bpf_probe_read{, str}() only to archs where they work") 44 verifier tests fail on s390 due to not having bpf_probe_read anymore. Fix by using bpf_probe_read_kernel. Signed-off-by: Ilya Leoshkevich Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200602174448.2501214-1-iii@linux.ibm.com commit 33d21f18204cb33b43ca6c78c8180949f6dc7227 Author: Ilya Leoshkevich Date: Tue Jun 2 19:45:55 2020 +0200 s390/bpf: Use bcr 0,%0 as tail call nop filler Currently used 0x0000 filler confuses bfd disassembler, making bpftool prog dump xlated output nearly useless. Fix by using a real instruction. Signed-off-by: Ilya Leoshkevich Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200602174555.2501389-1-iii@linux.ibm.com commit effe5be17706167ee968fa28afe40dec9c6f71db Author: Ilya Leoshkevich Date: Tue Jun 2 19:43:39 2020 +0200 s390/bpf: Maintain 8-byte stack alignment Certain kernel functions (e.g. get_vtimer/set_vtimer) cause kernel panic when the stack is not 8-byte aligned. Currently JITed BPF programs may trigger this by allocating stack frames with non-rounded sizes and then being interrupted. Fix by using rounded fp->aux->stack_depth. Signed-off-by: Ilya Leoshkevich Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200602174339.2501066-1-iii@linux.ibm.com commit 7cec0b927142f510a1fac88033017616cce44c26 Author: Alexei Starovoitov Date: Tue Jun 2 11:57:43 2020 -0700 selftests/bpf: Fix verifier test Adjust verifier test due to addition of new field. Fixes: c3c16f2ea6d2 ("bpf: Add rx_queue_mapping to bpf_sock") Signed-off-by: Alexei Starovoitov commit 9a5f25ad30e5bb40a2e0c61c991594d3e6529c0a Author: Andrii Nakryiko Date: Mon Jun 1 22:03:49 2020 -0700 selftests/bpf: Fix sample_cnt shared between two threads Make sample_cnt volatile to fix possible selftests failure due to compiler optimization preventing latest sample_cnt value to be visible to main thread. sample_cnt is incremented in background thread, which is then joined into main thread. So in terms of visibility sample_cnt update is ok. But because it's not volatile, compiler might make optimizations that would prevent main thread to see latest updated value. Fix this by marking global variable volatile. Fixes: cb1c9ddd5525 ("selftests/bpf: Add BPF ringbuf selftests") Signed-off-by: Andrii Nakryiko Signed-off-by: Alexei Starovoitov Acked-by: Song Liu Link: https://lore.kernel.org/bpf/20200602050349.215037-1-andriin@fb.com commit f371c923505010b28c8a76f7d7973c014a1d0f5c Merge: 9a25c1df24a6 c4ba153b6501 Author: Alexei Starovoitov Date: Tue Jun 2 11:50:23 2020 -0700 Merge branch 'csum-fixes' Daniel Borkmann says: ==================== This series fixes an issue originally reported by Lorenz Bauer where using the bpf_skb_adjust_room() helper hid a checksum bug since it wasn't adjusting CHECKSUM_UNNECESSARY's skb->csum_level after decap. The fix is two-fold: i) We do a safe reset in bpf_skb_adjust_room() to CHECKSUM_NONE with an opt- out flag BPF_F_ADJ_ROOM_NO_CSUM_RESET. ii) We add a new bpf_csum_level() for the latter in order to allow users to manually inc/dec the skb->csum_level when needed. The series is rebased against latest bpf-next tree. It can be applied there, or to bpf after the merge win sync from net-next. Thanks! ==================== Signed-off-by: Alexei Starovoitov commit c4ba153b6501fa7ccfdc7e57946fb1d6011e36e8 Author: Daniel Borkmann Date: Tue Jun 2 16:58:34 2020 +0200 bpf, selftests: Adapt cls_redirect to call csum_level helper Adapt bpf_skb_adjust_room() to pass in BPF_F_ADJ_ROOM_NO_CSUM_RESET flag and use the new bpf_csum_level() helper to inc/dec the checksum level by one after the encap/decap. Signed-off-by: Daniel Borkmann Signed-off-by: Alexei Starovoitov Reviewed-by: Lorenz Bauer Link: https://lore.kernel.org/bpf/e7458f10e3f3d795307cbc5ad870112671d9c6f7.1591108731.git.daniel@iogearbox.net commit 7cdec54f9713256bb170873a1fc5c75c9127c9d2 Author: Daniel Borkmann Date: Tue Jun 2 16:58:33 2020 +0200 bpf: Add csum_level helper for fixing up csum levels Add a bpf_csum_level() helper which BPF programs can use in combination with bpf_skb_adjust_room() when they pass in BPF_F_ADJ_ROOM_NO_CSUM_RESET flag to the latter to avoid falling back to CHECKSUM_NONE. The bpf_csum_level() allows to adjust CHECKSUM_UNNECESSARY skb->csum_levels via BPF_CSUM_LEVEL_{INC,DEC} which calls __skb_{incr,decr}_checksum_unnecessary() on the skb. The helper also allows a BPF_CSUM_LEVEL_RESET which sets the skb's csum to CHECKSUM_NONE as well as a BPF_CSUM_LEVEL_QUERY to just return the current level. Without this helper, there is no way to otherwise adjust the skb->csum_level. I did not add an extra dummy flags as there is plenty of free bitspace in level argument itself iff ever needed in future. Signed-off-by: Daniel Borkmann Signed-off-by: Alexei Starovoitov Reviewed-by: Alan Maguire Acked-by: Lorenz Bauer Link: https://lore.kernel.org/bpf/279ae3717cb3d03c0ffeb511493c93c450a01e1a.1591108731.git.daniel@iogearbox.net commit 836e66c218f355ec01ba57671c85abf32961dcea Author: Daniel Borkmann Date: Tue Jun 2 16:58:32 2020 +0200 bpf: Fix up bpf_skb_adjust_room helper's skb csum setting Lorenz recently reported: In our TC classifier cls_redirect [0], we use the following sequence of helper calls to decapsulate a GUE (basically IP + UDP + custom header) encapsulated packet: bpf_skb_adjust_room(skb, -encap_len, BPF_ADJ_ROOM_MAC, BPF_F_ADJ_ROOM_FIXED_GSO) bpf_redirect(skb->ifindex, BPF_F_INGRESS) It seems like some checksums of the inner headers are not validated in this case. For example, a TCP SYN packet with invalid TCP checksum is still accepted by the network stack and elicits a SYN ACK. [...] That is, we receive the following packet from the driver: | ETH | IP | UDP | GUE | IP | TCP | skb->ip_summed == CHECKSUM_UNNECESSARY ip_summed is CHECKSUM_UNNECESSARY because our NICs do rx checksum offloading. On this packet we run skb_adjust_room_mac(-encap_len), and get the following: | ETH | IP | TCP | skb->ip_summed == CHECKSUM_UNNECESSARY Note that ip_summed is still CHECKSUM_UNNECESSARY. After bpf_redirect()'ing into the ingress, we end up in tcp_v4_rcv(). There, skb_checksum_init() is turned into a no-op due to CHECKSUM_UNNECESSARY. The bpf_skb_adjust_room() helper is not aware of protocol specifics. Internally, it handles the CHECKSUM_COMPLETE case via skb_postpull_rcsum(), but that does not cover CHECKSUM_UNNECESSARY. In this case skb->csum_level of the original skb prior to bpf_skb_adjust_room() call was 0, that is, covering UDP. Right now there is no way to adjust the skb->csum_level. NICs that have checksum offload disabled (CHECKSUM_NONE) or that support CHECKSUM_COMPLETE are not affected. Use a safe default for CHECKSUM_UNNECESSARY by resetting to CHECKSUM_NONE and add a flag to the helper called BPF_F_ADJ_ROOM_NO_CSUM_RESET that allows users from opting out. Opting out is useful for the case where we don't remove/add full protocol headers, or for the case where a user wants to adjust the csum level manually e.g. through bpf_csum_level() helper that is added in subsequent patch. The bpf_skb_proto_{4_to_6,6_to_4}() for NAT64/46 translation from the BPF bpf_skb_change_proto() helper uses bpf_skb_net_hdr_{push,pop}() pair internally as well but doesn't change layers, only transitions between v4 to v6 and vice versa, therefore no adoption is required there. [0] https://lore.kernel.org/bpf/20200424185556.7358-1-lmb@cloudflare.com/ Fixes: 2be7e212d541 ("bpf: add bpf_skb_adjust_room helper") Reported-by: Lorenz Bauer Reported-by: Alan Maguire Signed-off-by: Daniel Borkmann Signed-off-by: Lorenz Bauer Signed-off-by: Alexei Starovoitov Reviewed-by: Alan Maguire Link: https://lore.kernel.org/bpf/CACAyw9-uU_52esMd1JjuA80fRPHJv5vsSg8GnfW3t_qDU4aVKQ@mail.gmail.com/ Link: https://lore.kernel.org/bpf/11a90472e7cce83e76ddbfce81fdfce7bfc68808.1591108731.git.daniel@iogearbox.net commit 9ad249abe7b8f6f0d2d876bde860b1c511d71d7b Merge: 603986a7a486 818227321d33 Author: Arnd Bergmann Date: Tue Jun 2 20:45:53 2020 +0200 Merge tag 'zynqmp-dt-for-v5.8' of https://github.com/Xilinx/linux-xlnx into arm/dt arm64: dt: ZynqMP DT fixes for v5.8 - Add AES mode and fix GIC node * tag 'zynqmp-dt-for-v5.8' of https://github.com/Xilinx/linux-xlnx: arm64: zynqmp: Fix GIC compatible property arm64: zynqmp: Add Xilinx AES node Link: https://lore.kernel.org/r/ad25cfb0-156c-9bf6-a7b8-e30a7a859135@monstr.eu Signed-off-by: Arnd Bergmann commit 4fba37586e4e73f9f9a855e610e151ef7da2b481 Author: Andrey Konovalov Date: Mon Jun 1 21:52:53 2020 -0700 kasan: move kasan_report() into report.c The kasan_report() functions belongs to report.c, as it's a common functions that does error reporting. Reported-by: Leon Romanovsky Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Tested-by: Leon Romanovsky Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Dmitry Vyukov Cc: Leon Romanovsky Link: http://lkml.kernel.org/r/78a81fde6eeda9db72a7fd55fbc33173a515e4b1.1589297433.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit 86fea8b49494a06a99c6a7511b73b97adbaf4a5b Author: Jing Xia Date: Mon Jun 1 21:52:49 2020 -0700 mm/mm_init.c: report kasan-tag information stored in page->flags The pageflags_layout_usage shows incorrect message by means of mminit_loglevel when Kasan runs in the mode of software tag-based enabled with CONFIG_KASAN_SW_TAGS. This patch corrects it and reports kasan-tag information. Signed-off-by: Jing Xia Signed-off-by: Andrew Morton Cc: Chunyan Zhang Cc: Orson Zhai Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Dmitry Vyukov Link: http://lkml.kernel.org/r/1586929370-10838-1-git-send-email-jing.xia.mail@gmail.com Signed-off-by: Linus Torvalds commit 9380ce246a052a1e00121cd480028b6907aeae38 Author: Kees Cook Date: Mon Jun 1 21:52:46 2020 -0700 ubsan: entirely disable alignment checks under UBSAN_TRAP Commit 8d58f222e85f ("ubsan: disable UBSAN_ALIGNMENT under COMPILE_TEST") tried to fix the pathological results of UBSAN_ALIGNMENT with UBSAN_TRAP (which objtool would rightly scream about), but it made an assumption about how COMPILE_TEST gets set (it is not set for randconfig). As a result, we need a bigger hammer here: just don't allow the alignment checks with the trap mode. Fixes: 8d58f222e85f ("ubsan: disable UBSAN_ALIGNMENT under COMPILE_TEST") Reported-by: Randy Dunlap Signed-off-by: Kees Cook Signed-off-by: Andrew Morton Acked-by: Randy Dunlap Cc: Josh Poimboeuf Cc: Dmitry Vyukov Cc: Elena Petrova Link: http://lkml.kernel.org/r/202005291236.000FCB6@keescook Link: https://lore.kernel.org/lkml/742521db-1e8c-0d7a-1ed4-a908894fb497@infradead.org/ Signed-off-by: Linus Torvalds commit ca734cc67e3c8ce20eb75dd1e45ae86e10be102b Author: Andrey Konovalov Date: Mon Jun 1 21:52:43 2020 -0700 kasan: fix clang compilation warning due to stack protector KASAN uses a single cc-option invocation to disable both conserve-stack and stack-protector flags. The former flag is not present in Clang, which causes cc-option to fail, and results in stack-protector being enabled. Fix by using separate cc-option calls for each flag. Also collect all flags in a variable to avoid calling cc-option multiple times for different files. Reported-by: Qian Cai Signed-off-by: Andrey Konovalov Signed-off-by: Andrew Morton Reviewed-by: Marco Elver Link: http://lkml.kernel.org/r/c2f0c8e4048852ae014f4a391d96ca42d27e3255.1590779332.git.andreyknvl@google.com Signed-off-by: Linus Torvalds commit 7f0a002b5a21302d9f4b29ba83c96cd433ff3769 Author: Joerg Roedel Date: Mon Jun 1 21:52:40 2020 -0700 x86/mm: remove vmalloc faulting Remove fault handling on vmalloc areas, as the vmalloc code now takes care of synchronizing changes to all page-tables in the system. Signed-off-by: Joerg Roedel Signed-off-by: Andrew Morton Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra (Intel) Cc: Arnd Bergmann Cc: Christoph Hellwig Cc: Dave Hansen Cc: "H . Peter Anvin" Cc: Ingo Molnar Cc: Matthew Wilcox (Oracle) Cc: Michal Hocko Cc: "Rafael J. Wysocki" Cc: Steven Rostedt (VMware) Cc: Thomas Gleixner Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20200515140023.25469-8-joro@8bytes.org Signed-off-by: Linus Torvalds commit 73f693c3a705756032c2863bfb37570276902d7d Author: Joerg Roedel Date: Mon Jun 1 21:52:36 2020 -0700 mm: remove vmalloc_sync_(un)mappings() These functions are not needed anymore because the vmalloc and ioremap mappings are now synchronized when they are created or torn down. Remove all callers and function definitions. Signed-off-by: Joerg Roedel Signed-off-by: Andrew Morton Tested-by: Steven Rostedt (VMware) Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra (Intel) Cc: Arnd Bergmann Cc: Christoph Hellwig Cc: Dave Hansen Cc: "H . Peter Anvin" Cc: Ingo Molnar Cc: Matthew Wilcox (Oracle) Cc: Michal Hocko Cc: "Rafael J. Wysocki" Cc: Thomas Gleixner Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20200515140023.25469-7-joro@8bytes.org Signed-off-by: Linus Torvalds commit 86cf69f1d893d48fdb0382a940f2523409406423 Author: Joerg Roedel Date: Mon Jun 1 21:52:33 2020 -0700 x86/mm/32: implement arch_sync_kernel_mappings() Implement the function to sync changes in vmalloc and ioremap ranges to all page-tables. Signed-off-by: Joerg Roedel Signed-off-by: Andrew Morton Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra (Intel) Cc: Arnd Bergmann Cc: Christoph Hellwig Cc: Dave Hansen Cc: "H . Peter Anvin" Cc: Ingo Molnar Cc: Matthew Wilcox (Oracle) Cc: Michal Hocko Cc: "Rafael J. Wysocki" Cc: Steven Rostedt (VMware) Cc: Thomas Gleixner Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20200515140023.25469-6-joro@8bytes.org Signed-off-by: Linus Torvalds commit 8e19843c36abae08e1e541a65ce53fd2e88499fc Author: Joerg Roedel Date: Mon Jun 1 21:52:29 2020 -0700 x86/mm/64: implement arch_sync_kernel_mappings() Implement the function to sync changes in vmalloc and ioremap ranges to all page-tables. Signed-off-by: Joerg Roedel Signed-off-by: Andrew Morton Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra (Intel) Cc: Arnd Bergmann Cc: Christoph Hellwig Cc: Dave Hansen Cc: "H . Peter Anvin" Cc: Ingo Molnar Cc: Matthew Wilcox (Oracle) Cc: Michal Hocko Cc: "Rafael J. Wysocki" Cc: Steven Rostedt (VMware) Cc: Thomas Gleixner Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20200515140023.25469-5-joro@8bytes.org Signed-off-by: Linus Torvalds commit 6c0c7d2b365b21a413f6d75772a8a4a2c7d36916 Author: Joerg Roedel Date: Mon Jun 1 21:52:26 2020 -0700 mm/ioremap: track which page-table levels were modified Track at which levels in the page-table entries were modified by ioremap_page_range(). After the page-table has been modified, use that information do decide whether the new arch_sync_kernel_mappings() needs to be called. The iounmap path re-uses vunmap(), which has already been taken care of. Signed-off-by: Joerg Roedel Signed-off-by: Andrew Morton Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra (Intel) Cc: Arnd Bergmann Cc: Christoph Hellwig Cc: Dave Hansen Cc: "H . Peter Anvin" Cc: Ingo Molnar Cc: Matthew Wilcox (Oracle) Cc: Michal Hocko Cc: "Rafael J. Wysocki" Cc: Steven Rostedt (VMware) Cc: Thomas Gleixner Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20200515140023.25469-4-joro@8bytes.org Signed-off-by: Linus Torvalds commit 2ba3e6947aed9bb9575eb1603c0ac6e39185d32a Author: Joerg Roedel Date: Mon Jun 1 21:52:22 2020 -0700 mm/vmalloc: track which page-table levels were modified Track at which levels in the page-table entries were modified by vmap/vunmap. After the page-table has been modified, use that information do decide whether the new arch_sync_kernel_mappings() needs to be called. [akpm@linux-foundation.org: map_kernel_range_noflush() needs the arch_sync_kernel_mappings() call] Signed-off-by: Joerg Roedel Signed-off-by: Andrew Morton Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra (Intel) Cc: Arnd Bergmann Cc: Christoph Hellwig Cc: Dave Hansen Cc: "H . Peter Anvin" Cc: Ingo Molnar Cc: Matthew Wilcox (Oracle) Cc: Michal Hocko Cc: "Rafael J. Wysocki" Cc: Steven Rostedt (VMware) Cc: Thomas Gleixner Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20200515140023.25469-3-joro@8bytes.org Signed-off-by: Linus Torvalds commit d8626138009ba58ae2c22356966c2edaa1f1c3b5 Author: Joerg Roedel Date: Mon Jun 1 21:52:18 2020 -0700 mm: add functions to track page directory modifications Patch series "mm: Get rid of vmalloc_sync_(un)mappings()", v3. After the recent issue with vmalloc and tracing code[1] on x86 and a long history of previous issues related to the vmalloc_sync_mappings() interface, I thought the time has come to remove it. Please see [2], [3], and [4] for some other issues in the past. The patches add tracking of page-table directory changes to the vmalloc and ioremap code. Depending on which page-table levels changes have been made, a new per-arch function is called: arch_sync_kernel_mappings(). On x86-64 with 4-level paging, this function will not be called more than 64 times in a systems runtime (because vmalloc-space takes 64 PGD entries which are only populated, but never cleared). As a side effect this also allows to get rid of vmalloc faults on x86, making it safe to touch vmalloc'ed memory in the page-fault handler. Note that this potentially includes per-cpu memory. This patch (of 7): Add page-table allocation functions which will keep track of changed directory entries. They are needed for new PGD, P4D, PUD, and PMD entries and will be used in vmalloc and ioremap code to decide whether any changes in the kernel mappings need to be synchronized between page-tables in the system. Signed-off-by: Joerg Roedel Signed-off-by: Andrew Morton Acked-by: Andy Lutomirski Acked-by: Peter Zijlstra (Intel) Cc: "H . Peter Anvin" Cc: Dave Hansen Cc: "Rafael J. Wysocki" Cc: Arnd Bergmann Cc: Steven Rostedt (VMware) Cc: Vlastimil Babka Cc: Michal Hocko Cc: Matthew Wilcox (Oracle) Cc: Ingo Molnar Cc: Thomas Gleixner Cc: Christoph Hellwig Link: http://lkml.kernel.org/r/20200515140023.25469-1-joro@8bytes.org Link: http://lkml.kernel.org/r/20200515140023.25469-2-joro@8bytes.org Signed-off-by: Linus Torvalds commit b200f5b58c86aa75b8b6952ce9b89013c6660a57 Author: Christoph Hellwig Date: Mon Jun 1 21:52:14 2020 -0700 s390: use __vmalloc_node in stack_alloc stack_alloc can use a slightly higher level vmalloc function. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Christian Borntraeger Acked-by: Peter Zijlstra (Intel) Cc: "K. Y. Srinivasan" Cc: Haiyang Zhang Cc: Stephen Hemminger Cc: Wei Liu Cc: David Airlie Cc: Laura Abbott Cc: Sumit Semwal Cc: Sakari Ailus Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Christophe Leroy Cc: Daniel Vetter Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Johannes Weiner Cc: Mark Rutland Cc: Michael Kelley Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-30-hch@lst.de Signed-off-by: Linus Torvalds commit cb0849a990b2928760bc38561e8d33b554196e25 Author: Christoph Hellwig Date: Mon Jun 1 21:52:10 2020 -0700 powerpc: use __vmalloc_node in alloc_vm_stack alloc_vm_stack can use a slightly higher level vmalloc function. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-29-hch@lst.de Signed-off-by: Linus Torvalds commit ebcdd3074a729f9ba351278e1b42d7ae7fcdf236 Author: Christoph Hellwig Date: Mon Jun 1 21:52:06 2020 -0700 arm64: use __vmalloc_node in arch_alloc_vmap_stack arch_alloc_vmap_stack can use a slightly higher level vmalloc function. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-28-hch@lst.de Signed-off-by: Linus Torvalds commit 041de93ff86fc500aa73e5360039c95f4d31b95f Author: Christoph Hellwig Date: Mon Jun 1 21:52:02 2020 -0700 mm: remove vmalloc_user_node_flags Open code it in __bpf_map_area_alloc, which is the only caller. Also clean up __bpf_map_area_alloc to have a single vmalloc call with slightly different flags instead of the current two different calls. For this to compile for the nommu case add a __vmalloc_node_range stub to nommu.c. [akpm@linux-foundation.org: fix nommu.c build] Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Acked-by: Johannes Weiner Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Cc: Stephen Rothwell Link: http://lkml.kernel.org/r/20200414131348.444715-27-hch@lst.de Signed-off-by: Linus Torvalds commit c3f896dcf1e47959aca4f8e6ac9537b478949126 Author: Christoph Hellwig Date: Mon Jun 1 21:51:57 2020 -0700 mm: switch the test_vmalloc module to use __vmalloc_node No need to export the very low-level __vmalloc_node_range when the test module can use a slightly higher level variant. [akpm@linux-foundation.org: add missing `node' arg] [akpm@linux-foundation.org: fix riscv nommu build] Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-26-hch@lst.de Signed-off-by: Linus Torvalds commit 2b9059489c839e67ca9254913325e18cea11a980 Author: Christoph Hellwig Date: Mon Jun 1 21:51:53 2020 -0700 mm: remove __vmalloc_node_flags_caller Just use __vmalloc_node instead which gets and extra argument. To be able to to use __vmalloc_node in all caller make it available outside of vmalloc and implement it in nommu.c. [akpm@linux-foundation.org: fix nommu build] Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Cc: Stephen Rothwell Link: http://lkml.kernel.org/r/20200414131348.444715-25-hch@lst.de Signed-off-by: Linus Torvalds commit 4d39d7285f45cc6c72b850f040d3addd626658e4 Author: Christoph Hellwig Date: Mon Jun 1 21:51:49 2020 -0700 mm: remove both instances of __vmalloc_node_flags The real version just had a few callers that can open code it and remove one layer of indirection. The nommu stub was public but only had a single caller, so remove it and avoid a CONFIG_MMU ifdef in vmalloc.h. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-24-hch@lst.de Signed-off-by: Linus Torvalds commit f38fcb9c1c5e9df20bf6d8aa9e9f36eb98d78c9f Author: Christoph Hellwig Date: Mon Jun 1 21:51:45 2020 -0700 mm: remove the prot argument to __vmalloc_node This is always PAGE_KERNEL now. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-23-hch@lst.de Signed-off-by: Linus Torvalds commit 88dca4ca5a93d2c09e5bbc6a62fbfc3af83c4fca Author: Christoph Hellwig Date: Mon Jun 1 21:51:40 2020 -0700 mm: remove the pgprot argument to __vmalloc The pgprot argument to __vmalloc is always PAGE_KERNEL now, so remove it. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Reviewed-by: Michael Kelley [hyperv] Acked-by: Gao Xiang [erofs] Acked-by: Peter Zijlstra (Intel) Acked-by: Wei Liu Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-22-hch@lst.de Signed-off-by: Linus Torvalds commit d28ff991b2e23049c30584c1d97681087193879f Author: Christoph Hellwig Date: Mon Jun 1 21:51:36 2020 -0700 gpu/drm: remove the powerpc hack in drm_legacy_sg_alloc The non-cached vmalloc mapping was initially added as a hack for the first-gen amigaone platform (6xx/book32s), isn't fully supported upstream, and which used the legacy radeon driver together with non-coherent DMA. However this only ever worked reliably for DRI . Remove the hack as it is the last user of __vmalloc passing a page protection flag other than PAGE_KERNEL and didn't do anything for other platforms with non-coherent DMA. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Daniel Vetter Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-21-hch@lst.de Signed-off-by: Linus Torvalds commit cca98e9f8b5ebcd9640846a675172578249b11a0 Author: Christoph Hellwig Date: Mon Jun 1 21:51:32 2020 -0700 mm: enforce that vmap can't map pages executable To help enforcing the W^X protection don't allow remapping existing pages as executable. x86 bits from Peter Zijlstra, arm64 bits from Mark Rutland. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Mark Rutland . Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-20-hch@lst.de Signed-off-by: Linus Torvalds commit d4efd79a81abc7096a418ee3103f261cfb6ab634 Author: Christoph Hellwig Date: Mon Jun 1 21:51:27 2020 -0700 mm: remove the prot argument from vm_map_ram This is always PAGE_KERNEL - for long term mappings with other properties vmap should be used. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-19-hch@lst.de Signed-off-by: Linus Torvalds commit 855e57a11966722c67e631ae530c03e251fbcf8a Author: Christoph Hellwig Date: Mon Jun 1 21:51:23 2020 -0700 mm: remove unmap_vmap_area This function just has a single caller, open code it there. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-18-hch@lst.de Signed-off-by: Linus Torvalds commit ed1f324c5fed06c91f30a36aedb66f34244ab86e Author: Christoph Hellwig Date: Mon Jun 1 21:51:19 2020 -0700 mm: remove map_vm_range Switch all callers to map_kernel_range, which symmetric to the unmap side (as well as the _noflush versions). Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-17-hch@lst.de Signed-off-by: Linus Torvalds commit 60bb44652a0dcc44acfc2ed8ebb35e4a389e5421 Author: Christoph Hellwig Date: Mon Jun 1 21:51:15 2020 -0700 mm: don't return the number of pages from map_kernel_range{,_noflush} None of the callers needs the number of pages, and a 0 / -errno return value is a lot more intuitive. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-16-hch@lst.de Signed-off-by: Linus Torvalds commit a29adb6209cead1f6c34a8d72481fb183bfc2d68 Author: Christoph Hellwig Date: Mon Jun 1 21:51:11 2020 -0700 mm: rename vmap_page_range to map_kernel_range This matches the map_kernel_range_noflush API. Also change to pass a size instead of the end, similar to the noflush version. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-15-hch@lst.de Signed-off-by: Linus Torvalds commit b521c43f58e5234ee9b29817ed5e93523abcffa9 Author: Christoph Hellwig Date: Mon Jun 1 21:51:07 2020 -0700 mm: remove vmap_page_range_noflush and vunmap_page_range These have non-static aliases called map_kernel_range_noflush and unmap_kernel_range_noflush that just differ slightly in the calling conventions that pass addr + size instead of an end. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-14-hch@lst.de Signed-off-by: Linus Torvalds commit 78a0e8c4837f42e9c2b1127e9c450ceeb0efbde6 Author: Christoph Hellwig Date: Mon Jun 1 21:51:02 2020 -0700 mm: pass addr as unsigned long to vb_free Ever use of addr in vb_free casts to unsigned long first, and the caller has an unsigned long version of the address available anyway. Just pass that and avoid all the casts. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-13-hch@lst.de Signed-off-by: Linus Torvalds commit b607e6d17db5b91e6a807b4f9a2e849219d720a0 Author: Christoph Hellwig Date: Mon Jun 1 21:50:58 2020 -0700 mm: only allow page table mappings for built-in zsmalloc This allows to unexport map_vm_area and unmap_kernel_range, which are rather deep internal and should not be available to modules, as they for example allow fine grained control of mapping permissions, and also allow splitting the setup of a vmalloc area and the actual mapping and thus expose vmalloc internals. zsmalloc is typically built-in and continues to work (just like the percpu-vm code using a similar patter), while modular zsmalloc also continues to work, but must use copies. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-12-hch@lst.de Signed-off-by: Linus Torvalds commit 8b136018da7bf49b988a24064fc45c290baffd93 Author: Christoph Hellwig Date: Mon Jun 1 21:50:53 2020 -0700 mm: rename CONFIG_PGTABLE_MAPPING to CONFIG_ZSMALLOC_PGTABLE_MAPPING Rename the Kconfig variable to clarify the scope. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Minchan Kim Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-11-hch@lst.de Signed-off-by: Linus Torvalds commit 8f87cc9386dc7965de151605637eee939ea0d098 Author: Christoph Hellwig Date: Mon Jun 1 21:50:49 2020 -0700 mm: unexport unmap_kernel_range_noflush There are no modular users of this function. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-10-hch@lst.de Signed-off-by: Linus Torvalds commit 4926627793c0a7e7db2bc674e1d06777e86d8dab Author: Christoph Hellwig Date: Mon Jun 1 21:50:45 2020 -0700 mm: remove __get_vm_area Switch the two remaining callers to use __get_vm_area_caller instead. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-9-hch@lst.de Signed-off-by: Linus Torvalds commit 91f03f297c46bd2ced1e73fc9a668292145b1135 Author: Christoph Hellwig Date: Mon Jun 1 21:50:41 2020 -0700 powerpc: remove __ioremap_at and __iounmap_at These helpers are only used for remapping the ISA I/O base. Replace the mapping side with a remap_isa_range helper in isa-bridge.c that hard codes all the known arguments, and just remove __iounmap_at in favour of open coding it in the only caller. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-8-hch@lst.de Signed-off-by: Linus Torvalds commit b274014c6d191ec92c4921d5e84c90f6ed2f38a0 Author: Christoph Hellwig Date: Mon Jun 1 21:50:37 2020 -0700 powerpc: add an ioremap_phb helper Factor code shared between pci_64 and electra_cf into a ioremap_pbh helper that follows the normal ioremap semantics, and returns a useful __iomem pointer. Note that it opencodes __ioremap_at as we know from the callers the slab is available. Switch pci_64 to also store the result as __iomem pointer, and unmap the result using iounmap instead of force casting and using vmalloc APIs. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-7-hch@lst.de Signed-off-by: Linus Torvalds commit 515e5b6d90d410a3b0b433853c367936830a45a4 Author: Christoph Hellwig Date: Mon Jun 1 21:50:32 2020 -0700 dma-mapping: use vmap insted of reimplementing it Replace the open coded instance of vmap with the actual function. In the non-contiguous (IOMMU) case this requires an extra find_vm_area, but given that this isn't a fast path function that is a small price to pay. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-6-hch@lst.de Signed-off-by: Linus Torvalds commit f8092aa1752749b6d8b357050e840f76695e2361 Author: Christoph Hellwig Date: Mon Jun 1 21:50:28 2020 -0700 staging: media: ipu3: use vmap instead of reimplementing it Just use vmap instead of messing with vmalloc internals. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-5-hch@lst.de Signed-off-by: Linus Torvalds commit 5bf9917452112694b2c774465ee4dbe441c84b77 Author: Christoph Hellwig Date: Mon Jun 1 21:50:23 2020 -0700 staging: android: ion: use vmap instead of vm_map_ram vm_map_ram can keep mappings around after the vm_unmap_ram. Using that with non-PAGE_KERNEL mappings can lead to all kinds of aliasing issues. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Acked-by: Greg Kroah-Hartman Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-4-hch@lst.de Signed-off-by: Linus Torvalds commit 0348801151b5aefbcf9d6e9b9e30aceb3a2a7b13 Author: Christoph Hellwig Date: Mon Jun 1 21:50:19 2020 -0700 x86: fix vmap arguments in map_irq_stack vmap does not take a gfp_t, the flags argument is for VM_* flags. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Michael Kelley Cc: Minchan Kim Cc: Nitin Gupta Cc: Peter Zijlstra (Intel) Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Wei Liu Cc: Benjamin Herrenschmidt Cc: Catalin Marinas Cc: Heiko Carstens Cc: Paul Mackerras Cc: Vasily Gorbik Cc: Will Deacon Link: http://lkml.kernel.org/r/20200414131348.444715-3-hch@lst.de Signed-off-by: Linus Torvalds commit 78bb17f76edc3959152334947deec4dcb56e3764 Author: Christoph Hellwig Date: Mon Jun 1 21:50:15 2020 -0700 x86/hyperv: use vmalloc_exec for the hypercall page Patch series "decruft the vmalloc API", v2. Peter noticed that with some dumb luck you can toast the kernel address space with exported vmalloc symbols. I used this as an opportunity to decruft the vmalloc.c API and make it much more systematic. This also removes any chance to create vmalloc mappings outside the designated areas or using executable permissions from modules. Besides that it removes more than 300 lines of code. This patch (of 29): Use the designated helper for allocating executable kernel memory, and remove the now unused PAGE_KERNEL_RX define. Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Reviewed-by: Michael Kelley Acked-by: Wei Liu Acked-by: Peter Zijlstra (Intel) Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Daniel Vetter Cc: David Airlie Cc: Gao Xiang Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: Johannes Weiner Cc: "K. Y. Srinivasan" Cc: Laura Abbott Cc: Mark Rutland Cc: Minchan Kim Cc: Nitin Gupta Cc: Robin Murphy Cc: Sakari Ailus Cc: Stephen Hemminger Cc: Sumit Semwal Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Catalin Marinas Cc: Will Deacon Cc: Heiko Carstens Cc: Vasily Gorbik Link: http://lkml.kernel.org/r/20200414131348.444715-1-hch@lst.de Link: http://lkml.kernel.org/r/20200414131348.444715-2-hch@lst.de Signed-off-by: Linus Torvalds commit 872e9a205c8491daf1a51ea3733c8c1d15d51e10 Author: Wetp Zhang Date: Mon Jun 1 21:50:11 2020 -0700 mm, memory_failure: don't send BUS_MCEERR_AO for action required error Some processes dont't want to be killed early, but in "Action Required" case, those also may be killed by BUS_MCEERR_AO when sharing memory with other which is accessing the fail memory. And sending SIGBUS with BUS_MCEERR_AO for action required error is strange, so ignore the non-current processes here. Suggested-by: Naoya Horiguchi Signed-off-by: Wetp Zhang Signed-off-by: Andrew Morton Acked-by: Naoya Horiguchi Acked-by: Pankaj Gupta Link: http://lkml.kernel.org/r/1590817116-21281-1-git-send-email-wetp.zy@linux.alibaba.com Signed-off-by: Linus Torvalds commit 6972f55c413fedb7d5701a65e751ea6f10d1e0a5 Author: chenqiwu Date: Mon Jun 1 21:50:08 2020 -0700 mm/memory: remove unnecessary pte_devmap case in copy_one_pte() Since commit 25b2995a35b6 ("mm: remove MEMORY_DEVICE_PUBLIC support"), the assignment to 'page' for pte_devmap case has been unnecessary. Let's remove it. [willy@infradead.org: changelog] Signed-off-by: chenqiwu Signed-off-by: Andrew Morton Reviewed-by: Matthew Wilcox Acked-by: Michal Hocko Link: http://lkml.kernel.org/r/1587349685-31712-1-git-send-email-qiwuchen55@gmail.com Signed-off-by: Linus Torvalds commit c94b6923fa0a954fbe14ea0168b9d324011fd817 Author: Huang Ying Date: Mon Jun 1 21:50:05 2020 -0700 /proc/PID/smaps: Add PMD migration entry parsing Now, when reading /proc/PID/smaps, the PMD migration entry in page table is simply ignored. To improve the accuracy of /proc/PID/smaps, its parsing and processing is added. To test the patch, we run pmbench to eat 400 MB memory in background, then run /usr/bin/migratepages and `cat /proc/PID/smaps` every second. The issue as follows can be reproduced within 60 seconds. Before the patch, for the fully populated 400 MB anonymous VMA, some THP pages under migration may be lost as below. 7f3f6a7e5000-7f3f837e5000 rw-p 00000000 00:00 0 Size: 409600 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 407552 kB Pss: 407552 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 407552 kB Referenced: 301056 kB Anonymous: 407552 kB LazyFree: 0 kB AnonHugePages: 405504 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 1 VmFlags: rd wr mr mw me ac After the patch, it will be always, 7f3f6a7e5000-7f3f837e5000 rw-p 00000000 00:00 0 Size: 409600 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Rss: 409600 kB Pss: 409600 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 409600 kB Referenced: 294912 kB Anonymous: 409600 kB LazyFree: 0 kB AnonHugePages: 407552 kB ShmemPmdMapped: 0 kB FilePmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB Locked: 0 kB THPeligible: 1 VmFlags: rd wr mr mw me ac Signed-off-by: "Huang, Ying" Signed-off-by: Andrew Morton Reviewed-by: Zi Yan Acked-by: Michal Hocko Acked-by: Kirill A. Shutemov Acked-by: Vlastimil Babka Cc: Andrea Arcangeli Cc: Alexey Dobriyan Cc: Konstantin Khlebnikov Cc: "Jérôme Glisse" Cc: Yang Shi Link: http://lkml.kernel.org/r/20200403123059.1846960-1-ying.huang@intel.com Signed-off-by: Linus Torvalds commit 99395ee3f7b4accc3a16a6aa4c2abb3774fc33ca Author: Steven Price Date: Mon Jun 1 21:50:01 2020 -0700 mm: ptdump: expand type of 'val' in note_page() The page table entry is passed in the 'val' argument to note_page(), however this was previously an "unsigned long" which is fine on 64-bit platforms. But for 32 bit x86 it is not always big enough to contain a page table entry which may be 64 bits. Change the type to u64 to ensure that it is always big enough. [akpm@linux-foundation.org: fix riscv] Reported-by: Jan Beulich Signed-off-by: Steven Price Signed-off-by: Andrew Morton Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Link: http://lkml.kernel.org/r/20200521152308.33096-3-steven.price@arm.com Signed-off-by: Linus Torvalds commit 1494e0c38ee903e83aefb58caf54a9217273d49a Author: Steven Price Date: Mon Jun 1 21:49:58 2020 -0700 x86: mm: ptdump: calculate effective permissions correctly Patch series "Fix W+X debug feature on x86" Jan alerted me[1] that the W+X detection debug feature was broken in x86 by my change[2] to switch x86 to use the generic ptdump infrastructure. Fundamentally the approach of trying to move the calculation of effective permissions into note_page() was broken because note_page() is only called for 'leaf' entries and the effective permissions are passed down via the internal nodes of the page tree. The solution I've taken here is to create a new (optional) callback which is called for all nodes of the page tree and therefore can calculate the effective permissions. Secondly on some configurations (32 bit with PAE) "unsigned long" is not large enough to store the table entries. The fix here is simple - let's just use a u64. [1] https://lore.kernel.org/lkml/d573dc7e-e742-84de-473d-f971142fa319@suse.com/ [2] 2ae27137b2db ("x86: mm: convert dump_pagetables to use walk_page_range") This patch (of 2): By switching the x86 page table dump code to use the generic code the effective permissions are no longer calculated correctly because the note_page() function is only called for *leaf* entries. To calculate the actual effective permissions it is necessary to observe the full hierarchy of the page tree. Introduce a new callback for ptdump which is called for every entry and can therefore update the prot_levels array correctly. note_page() can then simply access the appropriate element in the array. [steven.price@arm.com: make the assignment conditional on val != 0] Link: http://lkml.kernel.org/r/430c8ab4-e7cd-6933-dde6-087fac6db872@arm.com Fixes: 2ae27137b2db ("x86: mm: convert dump_pagetables to use walk_page_range") Reported-by: Jan Beulich Signed-off-by: Steven Price Signed-off-by: Andrew Morton Cc: Qian Cai Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Link: http://lkml.kernel.org/r/20200521152308.33096-1-steven.price@arm.com Link: http://lkml.kernel.org/r/20200521152308.33096-2-steven.price@arm.com Signed-off-by: Linus Torvalds commit 50d53d7c724330a0dc4df26c45de2a9a886c5d88 Author: Zefan Li Date: Mon Jun 1 21:49:55 2020 -0700 memcg: fix memcg_kmem_bypass() for remote memcg charging While trying to use remote memcg charging in an out-of-tree kernel module I found it's not working, because the current thread is a workqueue thread. As we will probably encounter this issue in the future as the users of memalloc_use_memcg() grow, and it's nothing wrong for this usage, it's better we fix it now. Signed-off-by: Zefan Li Signed-off-by: Andrew Morton Reviewed-by: Roman Gushchin Reviewed-by: Shakeel Butt Acked-by: Johannes Weiner Acked-by: Michal Hocko Cc: Vladimir Davydov Link: http://lkml.kernel.org/r/1d202a12-26fe-0012-ea14-f025ddcd044a@huawei.com Signed-off-by: Linus Torvalds commit 4b82ab4f28836646eca12cb37f408568d3cdc5c3 Author: Jakub Kicinski Date: Mon Jun 1 21:49:52 2020 -0700 mm/memcg: automatically penalize tasks with high swap use Add a memory.swap.high knob, which can be used to protect the system from SWAP exhaustion. The mechanism used for penalizing is similar to memory.high penalty (sleep on return to user space). That is not to say that the knob itself is equivalent to memory.high. The objective is more to protect the system from potentially buggy tasks consuming a lot of swap and impacting other tasks, or even bringing the whole system to stand still with complete SWAP exhaustion. Hopefully without the need to find per-task hard limits. Slowing misbehaving tasks down gradually allows user space oom killers or other protection mechanisms to react. oomd and earlyoom already do killing based on swap exhaustion, and memory.swap.high protection will help implement such userspace oom policies more reliably. We can use one counter for number of pages allocated under pressure to save struct task space and avoid two separate hierarchy walks on the hot path. The exact overage is calculated on return to user space, anyway. Take the new high limit into account when determining if swap is "full". Borrowing the explanation from Johannes: The idea behind "swap full" is that as long as the workload has plenty of swap space available and it's not changing its memory contents, it makes sense to generously hold on to copies of data in the swap device, even after the swapin. A later reclaim cycle can drop the page without any IO. Trading disk space for IO. But the only two ways to reclaim a swap slot is when they're faulted in and the references go away, or by scanning the virtual address space like swapoff does - which is very expensive (one could argue it's too expensive even for swapoff, it's often more practical to just reboot). So at some point in the fill level, we have to start freeing up swap slots on fault/swapin. Otherwise we could eventually run out of swap slots while they're filled with copies of data that is also in RAM. We don't want to OOM a workload because its available swap space is filled with redundant cache. Signed-off-by: Jakub Kicinski Signed-off-by: Andrew Morton Acked-by: Johannes Weiner Cc: Tejun Heo Cc: Chris Down Cc: Shakeel Butt Cc: Michal Hocko Cc: Hugh Dickins Link: http://lkml.kernel.org/r/20200527195846.102707-5-kuba@kernel.org Signed-off-by: Linus Torvalds commit d1663a907bd348f912b7f7088e83ca1b6fd3309f Author: Jakub Kicinski Date: Mon Jun 1 21:49:49 2020 -0700 mm/memcg: move cgroup high memory limit setting into struct page_counter High memory limit is currently recorded directly in struct mem_cgroup. We are about to add a high limit for swap, move the field to struct page_counter and add some helpers. Signed-off-by: Jakub Kicinski Signed-off-by: Andrew Morton Reviewed-by: Shakeel Butt Acked-by: Johannes Weiner Cc: Chris Down Cc: Hugh Dickins Cc: Michal Hocko Cc: Tejun Heo Link: http://lkml.kernel.org/r/20200527195846.102707-4-kuba@kernel.org Signed-off-by: Linus Torvalds commit ff144e69f7331eff070f31edf22bc9123d6d6d27 Author: Jakub Kicinski Date: Mon Jun 1 21:49:45 2020 -0700 mm/memcg: move penalty delay clamping out of calculate_high_delay() We will want to call calculate_high_delay() twice - once for memory and once for swap, and we should apply the clamp value to sum of the penalties. Clamping has to be applied outside of calculate_high_delay(). Signed-off-by: Jakub Kicinski Signed-off-by: Andrew Morton Reviewed-by: Shakeel Butt Acked-by: Johannes Weiner Cc: Chris Down Cc: Hugh Dickins Cc: Michal Hocko Cc: Tejun Heo Link: http://lkml.kernel.org/r/20200527195846.102707-3-kuba@kernel.org Signed-off-by: Linus Torvalds commit 8a5dbc657e1233c907f84f2c6192d3a3cf0026b3 Author: Jakub Kicinski Date: Mon Jun 1 21:49:42 2020 -0700 mm/memcg: prepare for swap over-high accounting and penalty calculation Patch series "memcg: Slow down swap allocation as the available space gets depleted", v6. Tejun describes the problem as follows: When swap runs out, there's an abrupt change in system behavior - the anonymous memory suddenly becomes unmanageable which readily breaks any sort of memory isolation and can bring down the whole system. To avoid that, oomd [1] monitors free swap space and triggers kills when it drops below the specific threshold (e.g. 15%). While this works, it's far from ideal: - Depending on IO performance and total swap size, a given headroom might not be enough or too much. - oomd has to monitor swap depletion in addition to the usual pressure metrics and it currently doesn't consider memory.swap.max. Solve this by adapting parts of the approach that memory.high uses - slow down allocation as the resource gets depleted turning the depletion behavior from abrupt cliff one to gradual degradation observable through memory pressure metric. [1] https://github.com/facebookincubator/oomd This patch (of 4): Slice the memory overage calculation logic a little bit so we can reuse it to apply a similar penalty to the swap. The logic which accesses the memory-specific fields (use and high values) has to be taken out of calculate_high_delay(). Signed-off-by: Jakub Kicinski Signed-off-by: Andrew Morton Reviewed-by: Shakeel Butt Acked-by: Johannes Weiner Cc: Hugh Dickins Cc: Chris Down Cc: Michal Hocko Cc: Tejun Heo Link: http://lkml.kernel.org/r/20200527195846.102707-1-kuba@kernel.org Link: http://lkml.kernel.org/r/20200527195846.102707-2-kuba@kernel.org Signed-off-by: Linus Torvalds commit 54b512e96d44664d0cdb75b4f6db6b821535dbf8 Author: Shakeel Butt Date: Mon Jun 1 21:49:39 2020 -0700 memcg: expose root cgroup's memory.stat One way to measure the efficiency of memory reclaim is to look at the ratio (pgscan+pfrefill)/pgsteal. However at the moment these stats are not updated consistently at the system level and the ratio of these are not very meaningful. The pgsteal and pgscan are updated for only global reclaim while pgrefill gets updated for global as well as cgroup reclaim. Please note that this difference is only for system level vmstats. The cgroup stats returned by memory.stat are actually consistent. The cgroup's pgsteal contains number of reclaimed pages for global as well as cgroup reclaim. So, one way to get the system level stats is to get these stats from root's memory.stat, so, expose memory.stat for the root cgroup. From Johannes Weiner: There are subtle differences between /proc/vmstat and memory.stat, and cgroup-aware code that wants to watch the full hierarchy currently has to know about these intricacies and translate semantics back and forth. Generally having the fully recursive memory.stat at the root level could help a broader range of usecases. Why not fix the stats by including both the global and cgroup reclaim activity instead of exposing root cgroup's memory.stat? The reason is the benefit of having metrics exposing the activity that happens purely due to machine capacity rather than localized activity that happens due to the limits throughout the cgroup tree. Additionally there are userspace tools like sysstat(sar) which reads these stats to inform about the system level reclaim activity. So, we should not break such use-cases. Suggested-by: Johannes Weiner Signed-off-by: Shakeel Butt Signed-off-by: Andrew Morton Acked-by: Johannes Weiner Acked-by: Yafang Shao Acked-by: Chris Down Cc: Mel Gorman Cc: Roman Gushchin Cc: Michal Hocko Link: http://lkml.kernel.org/r/20200508170630.94406-1-shakeelb@google.com Signed-off-by: Linus Torvalds commit 1c4448edb71ab9da35a938244602cdd75809de2b Author: Kaixu Xia Date: Mon Jun 1 21:49:36 2020 -0700 mm: memcontrol: simplify value comparison between count and limit When the variables count and limit have the same value(count == limit), the result of min(margin, limit - count) statement should be 0 and the variable margin is set to 0. So in this case, the min() statement is not necessary and we can directly set the variable margin to 0. Signed-off-by: Kaixu Xia Signed-off-by: Andrew Morton Acked-by: Michal Hocko Cc: Johannes Weiner Cc: Vladimir Davydov Link: http://lkml.kernel.org/r/1587479661-27237-1-git-send-email-kaixuxia@tencent.com Signed-off-by: Linus Torvalds commit a6f5576bb195c3b7508e3e1c98d2dcf6691f96e8 Author: Yafang Shao Date: Mon Jun 1 21:49:32 2020 -0700 mm, memcg: add workingset_restore in memory.stat There's a new workingset counter introduced in commit 1899ad18c607 ("mm: workingset: tell cache transitions from workingset thrashing"). With the help of this counter we can know the workingset is transitioning or thrashing. To leverage the benifit of this counter to memcg, we should introduce it into memory.stat. Then we could know the workingset of the workload inside a memcg better. Bellow is the verification of this new counter in memory.stat. Read a file into the memory and then read it again to make these pages be active. The size of this file is 1G. (memory.max is greater than file size) The counters in memory.stat will be inactive_file 0 active_file 1073639424 workingset_refault 0 workingset_activate 0 workingset_restore 0 workingset_nodereclaim 0 Trigger the memcg reclaim by setting a lower value to memory.high, and then some pages will be demoted into inactive list, and then some pages in the inactive list will be evicted into the storage. inactive_file 498094080 active_file 310063104 workingset_refault 0 workingset_activate 0 workingset_restore 0 workingset_nodereclaim 0 Then recover the memory.high and read the file into memory again. As a result of it, the transitioning will occur. Bellow is the result of this transitioning, inactive_file 498094080 active_file 575397888 workingset_refault 64746 workingset_activate 64746 workingset_restore 64746 workingset_nodereclaim 0 Signed-off-by: Yafang Shao Signed-off-by: Andrew Morton Acked-by: Johannes Weiner Acked-by: Michal Hocko Acked-by: Chris Down Cc: Peter Zijlstra (Intel) Cc: Suren Baghdasaryan Cc: Shakeel Butt Link: http://lkml.kernel.org/r/20200504153522.11553-1-laoar.shao@gmail.com Signed-off-by: Linus Torvalds commit 251af0cda614e5ad6bfda059bd120aed7432891d Author: Miaohe Lin Date: Mon Jun 1 21:49:29 2020 -0700 include/linux/swap.h: delete meaningless __add_to_swap_cache() declaration Since commit 8d93b41c09d1 ("mm: Convert add_to_swap_cache to XArray"), __add_to_swap_cache and add_to_swap_cache are combined into one function. There is no __add_to_swap_cache() anymore. Signed-off-by: Miaohe Lin Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Reviewed-by: "Huang, Ying" Link: http://lkml.kernel.org/r/1590810326-2493-1-git-send-email-linmiaohe@huawei.com Signed-off-by: Linus Torvalds commit 6f7939405f61de7d0da7f6c90182e96c4f5ff6c1 Author: Randy Dunlap Date: Mon Jun 1 21:49:26 2020 -0700 mm: swapfile: fix /proc/swaps heading and Size/Used/Priority alignment Fix the heading and Size/Used/Priority field alignments in /proc/swaps. If the Size and/or Used value is >= 10000000 (8 bytes), then the alignment by using tab characters is broken. This patch maintains the use of tabs for alignment. If spaces are preferred, we can just use a Field Width specifier for the bytes and inuse fields. That way those fields don't have to be a multiple of 8 bytes in width. E.g., with a field width of 12, both Size and Used would always fit on the first line of an 80-column wide terminal (only Priority would be on the second line). There are actually 2 problems: heading alignment and field width. On an xterm, if Used is 7 bytes in length, the tab does nothing, and the display is like this, with no space/tab between the Used and Priority fields. (ugh) Filename Type Size Used Priority /dev/sda8 partition 16779260 2023012-1 To be clear, if one does 'cat /proc/swaps >/tmp/proc.swaps', it does look different, like so: Filename Type Size Used Priority /dev/sda8 partition 16779260 2086988 -1 Signed-off-by: Randy Dunlap Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Hugh Dickins Cc: Alexander Viro Link: http://lkml.kernel.org/r/c0ffb41a-81ac-ddfa-d452-a9229ecc0387@infradead.org Signed-off-by: Linus Torvalds commit 490705888107c3edf8c264ec930909107f76a984 Author: Huang Ying Date: Mon Jun 1 21:49:22 2020 -0700 swap: reduce lock contention on swap cache from swap slots allocation In some swap scalability test, it is found that there are heavy lock contention on swap cache even if we have split one swap cache radix tree per swap device to one swap cache radix tree every 64 MB trunk in commit 4b3ef9daa4fc ("mm/swap: split swap cache into 64MB trunks"). The reason is as follow. After the swap device becomes fragmented so that there's no free swap cluster, the swap device will be scanned linearly to find the free swap slots. swap_info_struct->cluster_next is the next scanning base that is shared by all CPUs. So nearby free swap slots will be allocated for different CPUs. The probability for multiple CPUs to operate on the same 64 MB trunk is high. This causes the lock contention on the swap cache. To solve the issue, in this patch, for SSD swap device, a percpu version next scanning base (cluster_next_cpu) is added. Every CPU will use its own per-cpu next scanning base. And after finishing scanning a 64MB trunk, the per-cpu scanning base will be changed to the beginning of another randomly selected 64MB trunk. In this way, the probability for multiple CPUs to operate on the same 64 MB trunk is reduced greatly. Thus the lock contention is reduced too. For HDD, because sequential access is more important for IO performance, the original shared next scanning base is used. To test the patch, we have run 16-process pmbench memory benchmark on a 2-socket server machine with 48 cores. One ram disk is configured as the swap device per socket. The pmbench working-set size is much larger than the available memory so that swapping is triggered. The memory read/write ratio is 80/20 and the accessing pattern is random. In the original implementation, the lock contention on the swap cache is heavy. The perf profiling data of the lock contention code path is as following, _raw_spin_lock_irq.add_to_swap_cache.add_to_swap.shrink_page_list: 7.91 _raw_spin_lock_irqsave.__remove_mapping.shrink_page_list: 7.11 _raw_spin_lock.swapcache_free_entries.free_swap_slot.__swap_entry_free: 2.51 _raw_spin_lock_irqsave.swap_cgroup_record.mem_cgroup_uncharge_swap: 1.66 _raw_spin_lock_irq.shrink_inactive_list.shrink_lruvec.shrink_node: 1.29 _raw_spin_lock.free_pcppages_bulk.drain_pages_zone.drain_pages: 1.03 _raw_spin_lock_irq.shrink_active_list.shrink_lruvec.shrink_node: 0.93 After applying this patch, it becomes, _raw_spin_lock.swapcache_free_entries.free_swap_slot.__swap_entry_free: 3.58 _raw_spin_lock_irq.shrink_inactive_list.shrink_lruvec.shrink_node: 2.3 _raw_spin_lock_irqsave.swap_cgroup_record.mem_cgroup_uncharge_swap: 2.26 _raw_spin_lock_irq.shrink_active_list.shrink_lruvec.shrink_node: 1.8 _raw_spin_lock.free_pcppages_bulk.drain_pages_zone.drain_pages: 1.19 The lock contention on the swap cache is almost eliminated. And the pmbench score increases 18.5%. The swapin throughput increases 18.7% from 2.96 GB/s to 3.51 GB/s. While the swapout throughput increases 18.5% from 2.99 GB/s to 3.54 GB/s. We need really fast disk to show the benefit. I have tried this on 2 Intel P3600 NVMe disks. The performance improvement is only about 1%. The improvement should be better on the faster disks, such as Intel Optane disk. [ying.huang@intel.com: fix cluster_next_cpu allocation and freeing, per Daniel] Link: http://lkml.kernel.org/r/20200525002648.336325-1-ying.huang@intel.com [ying.huang@intel.com: v4] Link: http://lkml.kernel.org/r/20200529010840.928819-1-ying.huang@intel.com Signed-off-by: "Huang, Ying" Signed-off-by: Andrew Morton Reviewed-by: Daniel Jordan Cc: Michal Hocko Cc: Minchan Kim Cc: Tim Chen Cc: Hugh Dickins Link: http://lkml.kernel.org/r/20200520031502.175659-1-ying.huang@intel.com Signed-off-by: Linus Torvalds commit 09fe06ce0bf5abe53b77a9515d7fb7579edec9c0 Author: Huang Ying Date: Mon Jun 1 21:49:19 2020 -0700 mm/swapfile.c: use prandom_u32_max() To improve the code readability and take advantage of the common implementation. Signed-off-by: "Huang, Ying" Signed-off-by: Andrew Morton Acked-by: Michal Hocko Cc: Minchan Kim Cc: Tim Chen Cc: Hugh Dickins Link: http://lkml.kernel.org/r/20200512081013.520201-1-ying.huang@intel.com Signed-off-by: Linus Torvalds commit 33e16272fe982084e986d4eb6d5b5ca51c0d214e Author: Wei Yang Date: Mon Jun 1 21:49:16 2020 -0700 mm/swapfile.c: __swap_entry_free() always free 1 entry __swap_entry_free() always frees 1 entry. Let's remove the usage. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Link: http://lkml.kernel.org/r/20200501015259.32237-2-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit 4b4bb6bb451c8b0c1cbc38fa20a89a3988aa4e0b Author: Wei Yang Date: Mon Jun 1 21:49:13 2020 -0700 mm/swapfile.c: classify SWAP_MAP_XXX to make it more readable swap_info_struct->swap_map[] encodes some flag and count. And to do some condition check, it also introduces some special values. Currently those macros are defined with some magic order, which makes audience hard to understand the exact meaning. This patch split those macros into three categories: flag special value for first swap_map special value for continued swap_map May this help audiences a little. [akpm@linux-foundation.org: tweak capitalization in comments] Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Link: http://lkml.kernel.org/r/20200501015259.32237-1-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit ed43af10975eef7e21abbb81297d9735448ba4fa Author: Huang Ying Date: Mon Jun 1 21:49:10 2020 -0700 swap: try to scan more free slots even when fragmented Now, the scalability of swap code will drop much when the swap device becomes fragmented, because the swap slots allocation batching stops working. To solve the problem, in this patch, we will try to scan a little more swap slots with restricted effort to batch the swap slots allocation even if the swap device is fragmented. Test shows that the benchmark score can increase up to 37.1% with the patch. Details are as follows. The swap code has a per-cpu cache of swap slots. These batch swap space allocations to improve swap subsystem scaling. In the following code path, add_to_swap() get_swap_page() refill_swap_slots_cache() get_swap_pages() scan_swap_map_slots() scan_swap_map_slots() and get_swap_pages() can return multiple swap slots for each call. These slots will be cached in the per-CPU swap slots cache, so that several following swap slot requests will be fulfilled there to avoid the lock contention in the lower level swap space allocation/freeing code path. But this only works when there are free swap clusters. If a swap device becomes so fragmented that there's no free swap clusters, scan_swap_map_slots() and get_swap_pages() will return only one swap slot for each call in the above code path. Effectively, this falls back to the situation before the swap slots cache was introduced, the heavy lock contention on the swap related locks kills the scalability. Why does it work in this way? Because the swap device could be large, and the free swap slot scanning could be quite time consuming, to avoid taking too much time to scanning free swap slots, the conservative method was used. In fact, this can be improved via scanning a little more free slots with strictly restricted effort. Which is implemented in this patch. In scan_swap_map_slots(), after the first free swap slot is gotten, we will try to scan a little more, but only if we haven't scanned too many slots (< LATENCY_LIMIT). That is, the added scanning latency is strictly restricted. To test the patch, we have run 16-process pmbench memory benchmark on a 2-socket server machine with 48 cores. Multiple ram disks are configured as the swap devices. The pmbench working-set size is much larger than the available memory so that swapping is triggered. The memory read/write ratio is 80/20 and the accessing pattern is random, so the swap space becomes highly fragmented during the test. In the original implementation, the lock contention on swap related locks is very heavy. The perf profiling data of the lock contention code path is as following, _raw_spin_lock.get_swap_pages.get_swap_page.add_to_swap: 21.03 _raw_spin_lock_irq.shrink_inactive_list.shrink_lruvec.shrink_node: 1.92 _raw_spin_lock_irq.shrink_active_list.shrink_lruvec.shrink_node: 1.72 _raw_spin_lock.free_pcppages_bulk.drain_pages_zone.drain_pages: 0.69 While after applying this patch, it becomes, _raw_spin_lock_irq.shrink_inactive_list.shrink_lruvec.shrink_node: 4.89 _raw_spin_lock_irq.shrink_active_list.shrink_lruvec.shrink_node: 3.85 _raw_spin_lock.free_pcppages_bulk.drain_pages_zone.drain_pages: 1.1 _raw_spin_lock_irqsave.pagevec_lru_move_fn.__lru_cache_add.do_swap_page: 0.88 That is, the lock contention on the swap locks is eliminated. And the pmbench score increases 37.1%. The swapin throughput increases 45.7% from 2.02 GB/s to 2.94 GB/s. While the swapout throughput increases 45.3% from 2.04 GB/s to 2.97 GB/s. Signed-off-by: "Huang, Ying" Signed-off-by: Andrew Morton Acked-by: Tim Chen Cc: Dave Hansen Cc: Michal Hocko Cc: Minchan Kim Cc: Hugh Dickins Link: http://lkml.kernel.org/r/20200427030023.264780-1-ying.huang@intel.com Signed-off-by: Linus Torvalds commit 7b9e2de130954af174e6f7aff278cf1ec5f39675 Author: Wei Yang Date: Mon Jun 1 21:49:07 2020 -0700 mm/swapfile.c: omit a duplicate code by compare tmp and max first There are two duplicate code to handle the case when there is no available swap entry. To avoid this, we can compare tmp and max first and let the second guard do its job. No functional change is expected. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: "Huang, Ying" Cc: Tim Chen Cc: Hugh Dickins Link: http://lkml.kernel.org/r/20200421213824.8099-3-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit fdff1debb9650ea43617487500f48168ce432cb7 Author: Wei Yang Date: Mon Jun 1 21:49:04 2020 -0700 mm/swapfile.c: tmp is always smaller than max If tmp is bigger or equal to max, we would jump to new_cluster. Return true directly. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: "Huang, Ying" Cc: Tim Chen Cc: Hugh Dickins Link: http://lkml.kernel.org/r/20200421213824.8099-2-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit 0fd0e19e4d0e9c84117584783535a57ec3ae98c6 Author: Wei Yang Date: Mon Jun 1 21:49:01 2020 -0700 mm/swapfile.c: found_free could be represented by (tmp < max) This is not necessary to use the variable found_free to record the status. Just check tmp and max is enough. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: "Huang, Ying" Cc: Tim Chen Cc: Hugh Dickins Link: http://lkml.kernel.org/r/20200421213824.8099-1-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit abca1c84b7575b470789c8686688b11ba3bf138d Author: Wei Yang Date: Mon Jun 1 21:48:58 2020 -0700 mm/swapfile.c: remove the extra check in scan_swap_map_slots() scan_swap_map_slots() is only called by scan_swap_map() and get_swap_pages(). Both ensure nr would not exceed SWAP_BATCH. Just remove it. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Cc: Hugh Dickins Link: http://lkml.kernel.org/r/20200325220309.9803-2-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit 08d3090fc8dadd7b726dbda99d1baa39382c3f2c Author: Wei Yang Date: Mon Jun 1 21:48:55 2020 -0700 mm/swapfile.c: simplify the calculation of n_goal Use min3() to simplify the comparison and make it more self-explaining. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Hugh Dickins Link: http://lkml.kernel.org/r/20200325220309.9803-1-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit bd2d18da4a4f182c3627a74dc768bd437e64c582 Author: Wei Yang Date: Mon Jun 1 21:48:52 2020 -0700 mm/swapfile.c: remove the unnecessary goto for SSD case Now we can see there is redundant goto for SSD case. In these two places, we can just let the code walk through to the correct tag instead of explicitly jump to it. Let's remove them for better readability. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Tim Chen Link: http://lkml.kernel.org/r/20200328060520.31449-4-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit f4eaf51a72e5c6d9dc895abdd02676a2ef4c3ae7 Author: Wei Yang Date: Mon Jun 1 21:48:49 2020 -0700 mm/swapfile.c: explicitly show ssd/non-ssd is handled mutually exclusive The code shows if this is ssd, it will jump to specific tag and skip the following code for non-ssd. Let's use "else if" to explicitly show the mutually exclusion for ssd/non-ssd to reduce ambiguity. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Tim Chen Link: http://lkml.kernel.org/r/20200328060520.31449-3-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit ca2c55a7371ca3db64f5ac9ed2cb998682bf6fae Author: Wei Yang Date: Mon Jun 1 21:48:46 2020 -0700 mm/swapfile.c: offset is only used when there is more slots scan_swap_map_slots() is used to iterate swap_map[] array for an available swap entry. While after several optimizations, e.g. for ssd case, the logic of this function is a little not easy to catch. This patchset tries to clean up the logic a little: * shows the ssd/non-ssd case is handled mutually exclusively * remove some unnecessary goto for ssd case This patch (of 3): When si->cluster_nr is zero, function would reach done and return. The increased offset would not be used any more. This means we can move the offset increment into the if clause. This brings a further code cleanup possibility. Signed-off-by: Wei Yang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Tim Chen Link: http://lkml.kernel.org/r/20200328060520.31449-1-richard.weiyang@gmail.com Link: http://lkml.kernel.org/r/20200328060520.31449-2-richard.weiyang@gmail.com Signed-off-by: Linus Torvalds commit ebc5951eea499314f6fbbde20e295f1345c67330 Author: Andrea Righi Date: Mon Jun 1 21:48:43 2020 -0700 mm: swap: properly update readahead statistics in unuse_pte_range() In unuse_pte_range() we blindly swap-in pages without checking if the swap entry is already present in the swap cache. By doing this, the hit/miss ratio used by the swap readahead heuristic is not properly updated and this leads to non-optimal performance during swapoff. Tracing the distribution of the readahead size returned by the swap readahead heuristic during swapoff shows that a small readahead size is used most of the time as if we had only misses (this happens both with cluster and vma readahead), for example: r::swapin_nr_pages(unsigned long offset):unsigned long:$retval COUNT EVENT 36948 $retval = 8 44151 $retval = 4 49290 $retval = 1 527771 $retval = 2 Checking if the swap entry is present in the swap cache, instead, allows to properly update the readahead statistics and the heuristic behaves in a better way during swapoff, selecting a bigger readahead size: r::swapin_nr_pages(unsigned long offset):unsigned long:$retval COUNT EVENT 1618 $retval = 1 4960 $retval = 2 41315 $retval = 4 103521 $retval = 8 In terms of swapoff performance the result is the following: Testing environment =================== - Host: CPU: 1.8GHz Intel Core i7-8565U (quad-core, 8MB cache) HDD: PC401 NVMe SK hynix 512GB MEM: 16GB - Guest (kvm): 8GB of RAM virtio block driver 16GB swap file on ext4 (/swapfile) Test case ========= - allocate 85% of memory - `systemctl hibernate` to force all the pages to be swapped-out to the swap file - resume the system - measure the time that swapoff takes to complete: # /usr/bin/time swapoff /swapfile Result (swapoff time) ====== 5.6 vanilla 5.6 w/ this patch ----------- ----------------- cluster-readahead 22.09s 12.19s vma-readahead 18.20s 15.33s Conclusion ========== The specific use case this patch is addressing is to improve swapoff performance in cloud environments when a VM has been hibernated, resumed and all the memory needs to be forced back to RAM by disabling swap. This change allows to better exploits the advantages of the readahead heuristic during swapoff and this improvement allows to to speed up the resume process of such VMs. [andrea.righi@canonical.com: update changelog] Link: http://lkml.kernel.org/r/20200418084705.GA147642@xps-13 Signed-off-by: Andrea Righi Signed-off-by: Andrew Morton Reviewed-by: "Huang, Ying" Cc: Minchan Kim Cc: Anchal Agarwal Cc: Hugh Dickins Cc: Vineeth Remanan Pillai Cc: Kelley Nielsen Link: http://lkml.kernel.org/r/20200416180132.GB3352@xps-13 Signed-off-by: Linus Torvalds commit d6c1f098f2a7ba62627c9bc17cda28f534ef9e4a Author: Qian Cai Date: Mon Jun 1 21:48:40 2020 -0700 mm/swap_state: fix a data race in swapin_nr_pages "prev_offset" is a static variable in swapin_nr_pages() that can be accessed concurrently with only mmap_sem held in read mode as noticed by KCSAN, BUG: KCSAN: data-race in swap_cluster_readahead / swap_cluster_readahead write to 0xffffffff92763830 of 8 bytes by task 14795 on cpu 17: swap_cluster_readahead+0x2a6/0x5e0 swapin_readahead+0x92/0x8dc do_swap_page+0x49b/0xf20 __handle_mm_fault+0xcfb/0xd70 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x715 page_fault+0x34/0x40 1 lock held by (dnf)/14795: #0: ffff897bd2e98858 (&mm->mmap_sem#2){++++}-{3:3}, at: do_page_fault+0x143/0x715 do_user_addr_fault at arch/x86/mm/fault.c:1405 (inlined by) do_page_fault at arch/x86/mm/fault.c:1535 irq event stamp: 83493 count_memcg_event_mm+0x1a6/0x270 count_memcg_event_mm+0x119/0x270 __do_softirq+0x365/0x589 irq_exit+0xa2/0xc0 read to 0xffffffff92763830 of 8 bytes by task 1 on cpu 22: swap_cluster_readahead+0xfd/0x5e0 swapin_readahead+0x92/0x8dc do_swap_page+0x49b/0xf20 __handle_mm_fault+0xcfb/0xd70 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x715 page_fault+0x34/0x40 1 lock held by systemd/1: #0: ffff897c38f14858 (&mm->mmap_sem#2){++++}-{3:3}, at: do_page_fault+0x143/0x715 irq event stamp: 43530289 count_memcg_event_mm+0x1a6/0x270 count_memcg_event_mm+0x119/0x270 __do_softirq+0x365/0x589 irq_exit+0xa2/0xc0 Signed-off-by: Qian Cai Signed-off-by: Andrew Morton Cc: Marco Elver Cc: Hugh Dickins Link: http://lkml.kernel.org/r/20200402213748.2237-1-cai@lca.pw Signed-off-by: Linus Torvalds commit 213516ac0752144ad1c82a0f8393f805c8abbc76 Author: chenqiwu Date: Mon Jun 1 21:48:36 2020 -0700 mm/swapfile: use list_{prev,next}_entry() instead of open-coding Use list_{prev,next}_entry() instead of list_entry() for better code readability. Signed-off-by: chenqiwu Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Matthew Wilcox Cc: David Hildenbrand Cc: Wei Yang Cc: Michal Hocko Cc: Pankaj Gupta Cc: Yang Shi Cc: Qian Cai Cc: Baoquan He Link: http://lkml.kernel.org/r/1586599916-15456-2-git-send-email-qiwuchen55@gmail.com Signed-off-by: Linus Torvalds commit 548b6a1e5520d5647e3d39c0aaf1f83ab27e250f Author: Miles Chen Date: Mon Jun 1 21:48:33 2020 -0700 mm/gup.c: further document vma_permits_fault() Describe the caller's responsibilities when passing FAULT_FLAG_ALLOW_RETRY. Link: http://lkml.kernel.org/r/1586915606.5647.5.camel@mtkswgap22 Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e792031019bdc3f1eb5cac5a4171f7ffb8586c1b Author: John Hubbard Date: Mon Jun 1 21:48:30 2020 -0700 ivtv: convert get_user_pages() --> pin_user_pages() This code was using get_user_pages*(), in a "Case 2" scenario (DMA/RDMA), using the categorization from [1]. That means that it's time to convert the get_user_pages*() + put_page() calls to pin_user_pages*() + unpin_user_pages() calls. There is some helpful background in [2]: basically, this is a small part of fixing a long-standing disconnect between pinning pages, and file systems' use of those pages. [1] Documentation/core-api/pin_user_pages.rst [2] "Explicit pinning of user-space pages": https://lwn.net/Articles/807108/ Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Cc: Andy Walls Cc: Mauro Carvalho Chehab Link: http://lkml.kernel.org/r/20200518012157.1178336-3-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit 91429023342789a89f4b6ae95b47a7df71ab6d95 Author: John Hubbard Date: Mon Jun 1 21:48:27 2020 -0700 mm/gup: introduce pin_user_pages_unlocked Introduce pin_user_pages_unlocked(), which is nearly identical to the get_user_pages_unlocked() that it wraps, except that it sets FOLL_PIN and rejects FOLL_GET. Signed-off-by: John Hubbard Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Andy Walls Cc: Mauro Carvalho Chehab Link: http://lkml.kernel.org/r/20200518012157.1178336-2-jhubbard@nvidia.com Signed-off-by: Linus Torvalds commit adc8cb406e52f89071f488848b0fb3e7907ae332 Author: Souptick Joarder Date: Mon Jun 1 21:48:24 2020 -0700 mm/gup.c: update the documentation This patch is an attempt to update the documentation. - Add/ remove extra * based on type of function static/global. - Add description for functions and their input arguments. [akpm@linux-foundation.org: s@/*@/**@] Signed-off-by: Souptick Joarder Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Link: http://lkml.kernel.org/r/1588013630-4497-1-git-send-email-jrdr.linux@gmail.com Signed-off-by: Linus Torvalds commit 8d92890bd6b8502d6aee4b37430ae6444ade7a8c Author: NeilBrown Date: Mon Jun 1 21:48:21 2020 -0700 mm/writeback: discard NR_UNSTABLE_NFS, use NR_WRITEBACK instead After an NFS page has been written it is considered "unstable" until a COMMIT request succeeds. If the COMMIT fails, the page will be re-written. These "unstable" pages are currently accounted as "reclaimable", either in WB_RECLAIMABLE, or in NR_UNSTABLE_NFS which is included in a 'reclaimable' count. This might have made sense when sending the COMMIT required a separate action by the VFS/MM (e.g. releasepage() used to send a COMMIT). However now that all writes generated by ->writepages() will automatically be followed by a COMMIT (since commit 919e3bd9a875 ("NFS: Ensure we commit after writeback is complete")) it makes more sense to treat them as writeback pages. So this patch removes NR_UNSTABLE_NFS and accounts unstable pages in NR_WRITEBACK and WB_WRITEBACK. A particular effect of this change is that when wb_check_background_flush() calls wb_over_bg_threshold(), the latter will report 'true' a lot less often as the 'unstable' pages are no longer considered 'dirty' (as there is nothing that writeback can do about them anyway). Currently wb_check_background_flush() will trigger writeback to NFS even when there are relatively few dirty pages (if there are lots of unstable pages), this can result in small writes going to the server (10s of Kilobytes rather than a Megabyte) which hurts throughput. With this patch, there are fewer writes which are each larger on average. Where the NR_UNSTABLE_NFS count was included in statistics virtual-files, the entry is retained, but the value is hard-coded as zero. static trace points and warning printks which mentioned this counter no longer report it. [akpm@linux-foundation.org: re-layout comment] [akpm@linux-foundation.org: fix printk warning] Signed-off-by: NeilBrown Signed-off-by: Andrew Morton Reviewed-by: Jan Kara Reviewed-by: Christoph Hellwig Acked-by: Trond Myklebust Acked-by: Michal Hocko [mm] Cc: Christoph Hellwig Cc: Chuck Lever Link: http://lkml.kernel.org/r/87d06j7gqa.fsf@notabene.neil.brown.name Signed-off-by: Linus Torvalds commit a37b0715ddf3007734c4e2424c14bc7efcdd1190 Author: NeilBrown Date: Mon Jun 1 21:48:18 2020 -0700 mm/writeback: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE PF_LESS_THROTTLE exists for loop-back nfsd (and a similar need in the loop block driver and callers of prctl(PR_SET_IO_FLUSHER)), where a daemon needs to write to one bdi (the final bdi) in order to free up writes queued to another bdi (the client bdi). The daemon sets PF_LESS_THROTTLE and gets a larger allowance of dirty pages, so that it can still dirty pages after other processses have been throttled. The purpose of this is to avoid deadlock that happen when the PF_LESS_THROTTLE process must write for any dirty pages to be freed, but it is being thottled and cannot write. This approach was designed when all threads were blocked equally, independently on which device they were writing to, or how fast it was. Since that time the writeback algorithm has changed substantially with different threads getting different allowances based on non-trivial heuristics. This means the simple "add 25%" heuristic is no longer reliable. The important issue is not that the daemon needs a *larger* dirty page allowance, but that it needs a *private* dirty page allowance, so that dirty pages for the "client" bdi that it is helping to clear (the bdi for an NFS filesystem or loop block device etc) do not affect the throttling of the daemon writing to the "final" bdi. This patch changes the heuristic so that the task is not throttled when the bdi it is writing to has a dirty page count below below (or equal to) the free-run threshold for that bdi. This ensures it will always be able to have some pages in flight, and so will not deadlock. In a steady-state, it is expected that PF_LOCAL_THROTTLE tasks might still be throttled by global threshold, but that is acceptable as it is only the deadlock state that is interesting for this flag. This approach of "only throttle when target bdi is busy" is consistent with the other use of PF_LESS_THROTTLE in current_may_throttle(), were it causes attention to be focussed only on the target bdi. So this patch - renames PF_LESS_THROTTLE to PF_LOCAL_THROTTLE, - removes the 25% bonus that that flag gives, and - If PF_LOCAL_THROTTLE is set, don't delay at all unless the global and the local free-run thresholds are exceeded. Note that previously realtime threads were treated the same as PF_LESS_THROTTLE threads. This patch does *not* change the behvaiour for real-time threads, so it is now different from the behaviour of nfsd and loop tasks. I don't know what is wanted for realtime. [akpm@linux-foundation.org: coding style fixes] Signed-off-by: NeilBrown Signed-off-by: Andrew Morton Reviewed-by: Jan Kara Acked-by: Chuck Lever [nfsd] Cc: Christoph Hellwig Cc: Michal Hocko Cc: Trond Myklebust Link: http://lkml.kernel.org/r/87ftbf7gs3.fsf@notabene.neil.brown.name Signed-off-by: Linus Torvalds commit 28659cc8cc8766707b1b50906df38bd94dcf349b Author: Chao Yu Date: Mon Jun 1 21:48:15 2020 -0700 mm/page-writeback.c: remove unused variable Commit 64081362e8ff ("mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock") left unused variable, remove it. Signed-off-by: Chao Yu Signed-off-by: Andrew Morton Reviewed-by: David Hildenbrand Link: http://lkml.kernel.org/r/20200528033740.17269-1-yuchao0@huawei.com Signed-off-by: Linus Torvalds commit 74f4c89d81e57613848043fe0d38caf9547b0324 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:48:12 2020 -0700 mm/filemap.c: remove misleading comment We no longer return 0 here and the comment doesn't tell us anything that we don't already know (SIGBUS is a pretty good indicator that things didn't work out). Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Reviewed-by: William Kucharski Link: http://lkml.kernel.org/r/20200529123243.20640-1-willy@infradead.org Signed-off-by: Linus Torvalds commit 60e65a6f42d0af33fa7361bd8723adc70539121b Author: Guoqing Jiang Date: Mon Jun 1 21:48:09 2020 -0700 mm_types.h: change set_page_private to inline function Change it to inline function to make callers use the proper argument. And no need for it to be macro per Andrew's comment [1]. [1] https://lore.kernel.org/lkml/20200518221235.1fa32c38e5766113f78e3f0d@linux-foundation.org/ Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Link: http://lkml.kernel.org/r/20200525203149.18802-1-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit cd0f37154443844256709f736754b1bace5b24d8 Author: Guoqing Jiang Date: Mon Jun 1 21:48:06 2020 -0700 mm/migrate.c: call detach_page_private to cleanup code We can cleanup code a little by call detach_page_private here. [akpm@linux-foundation.org: use attach_page_private(), per Dave] http://lkml.kernel.org/r/20200521225220.GV2005@dread.disaster.area [akpm@linux-foundation.org: clear PagePrivate] Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Chao Yu Cc: Cong Wang Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200519214049.15179-1-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit 7b59435a2afed12dc9b2ec1b930efa2e94f1c397 Author: Guoqing Jiang Date: Mon Jun 1 21:48:03 2020 -0700 buffer_head.h: remove attach_page_buffers All the callers have replaced attach_page_buffers with the new function attach_page_private, so remove it. Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Thomas Gleixner Cc: Sebastian Andrzej Siewior Cc: Roman Gushchin Cc: Andreas Dilger Link: http://lkml.kernel.org/r/20200517214718.468-10-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit 4c42be38c28837017248beb46012b6081f45cb38 Author: Guoqing Jiang Date: Mon Jun 1 21:48:00 2020 -0700 orangefs: use attach/detach_page_private Since the new pair function is introduced, we can call them to clean the code in orangefs. Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Tested-by: Mike Marshall Reviewed-by: Andrew Morton Cc: Martin Brandenburg Link: http://lkml.kernel.org/r/20200517214718.468-9-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit 14ed109e3f3daabb5689b32176a3b2194ae1b609 Author: Guoqing Jiang Date: Mon Jun 1 21:47:57 2020 -0700 ntfs: replace attach_page_buffers with attach_page_private Call the new function since attach_page_buffers will be removed. Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Anton Altaparmakov Link: http://lkml.kernel.org/r/20200517214718.468-8-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit 58aeb731963cb4cf4db35412723b5084799dbe06 Author: Guoqing Jiang Date: Mon Jun 1 21:47:54 2020 -0700 iomap: use attach/detach_page_private Since the new pair function is introduced, we can call them to clean the code in iomap. Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Reviewed-by: Darrick J. Wong Cc: Christoph Hellwig Cc: Dave Chinner Link: http://lkml.kernel.org/r/20200517214718.468-7-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit 7128cf9a25096a75139ec5dcd710ede182657210 Author: Guoqing Jiang Date: Mon Jun 1 21:47:51 2020 -0700 f2fs: use attach/detach_page_private Since the new pair function is introduced, we can call them to clean the code in f2fs.h. Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Acked-by: Chao Yu Cc: Jaegeuk Kim Link: http://lkml.kernel.org/r/20200517214718.468-6-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit 45dcfc27329f6b0e78ea7023ea7fb8c856d70129 Author: Guoqing Jiang Date: Mon Jun 1 21:47:48 2020 -0700 fs/buffer.c: use attach/detach_page_private Since the new pair function is introduced, we can call them to clean the code in buffer.c. Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Alexander Viro Link: http://lkml.kernel.org/r/20200517214718.468-5-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit d1b89bc0426110138ddc80a6916f359d0174571d Author: Guoqing Jiang Date: Mon Jun 1 21:47:45 2020 -0700 btrfs: use attach/detach_page_private Since the new pair function is introduced, we can call them to clean the code in btrfs. Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Acked-by: David Sterba Cc: Chris Mason Cc: Josef Bacik Link: http://lkml.kernel.org/r/20200517214718.468-4-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit db2c1d86cc93b8f2674c1e032bbf8ff0cbafe122 Author: Guoqing Jiang Date: Mon Jun 1 21:47:42 2020 -0700 md: remove __clear_page_buffers and use attach/detach_page_private After introduction attach/detach_page_private in pagemap.h, we can remove the duplicated code and call the new functions. Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Acked-by: Song Liu Link: http://lkml.kernel.org/r/20200517214718.468-3-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit b03143accd9274d9e024da42ed5857a71a6b6a27 Author: Guoqing Jiang Date: Mon Jun 1 21:47:38 2020 -0700 include/linux/pagemap.h: introduce attach/detach_page_private Patch series "Introduce attach/detach_page_private to cleanup code". This patch (of 10): The logic in attach_page_buffers and __clear_page_buffers are quite paired, but 1. they are located in different files. 2. attach_page_buffers is implemented in buffer_head.h, so it could be used by other files. But __clear_page_buffers is static function in buffer.c and other potential users can't call the function, md-bitmap even copied the function. So, introduce the new attach/detach_page_private to replace them. With the new pair of function, we will remove the usage of attach_page_buffers and __clear_page_buffers in next patches. Thanks for suggestions about the function name from Alexander Viro, Andreas Grünbacher, Christoph Hellwig and Matthew Wilcox. Suggested-by: Matthew Wilcox Signed-off-by: Guoqing Jiang Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: "Darrick J. Wong" Cc: William Kucharski Cc: "Kirill A. Shutemov" Cc: Andreas Gruenbacher Cc: Yang Shi Cc: Yafang Shao Cc: Song Liu Cc: Chris Mason Cc: Josef Bacik Cc: David Sterba Cc: Alexander Viro Cc: Jaegeuk Kim Cc: Chao Yu Cc: Christoph Hellwig Cc: Anton Altaparmakov Cc: Mike Marshall Cc: Martin Brandenburg Cc: Thomas Gleixner Cc: Sebastian Andrzej Siewior Cc: Roman Gushchin Cc: Andreas Dilger Cc: Chao Yu Cc: Dave Chinner Link: http://lkml.kernel.org/r/20200517214718.468-1-guoqing.jiang@cloud.ionos.com Link: http://lkml.kernel.org/r/20200517214718.468-2-guoqing.jiang@cloud.ionos.com Signed-off-by: Linus Torvalds commit 9d24a13a93d995e4c980fdaa389aa3e2f1ea0b12 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:47:34 2020 -0700 iomap: convert from readpages to readahead Use the new readahead operation in iomap. Convert XFS and ZoneFS to use it. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: William Kucharski Cc: Chao Yu Cc: Cong Wang Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-26-willy@infradead.org Signed-off-by: Linus Torvalds commit 76a0294eb19b5f909b119500e60d72ef41cc4d8e Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:47:31 2020 -0700 fuse: convert from readpages to readahead Implement the new readahead operation in fuse by using __readahead_batch() to fill the array of pages in fuse_args_pages directly. This lets us inline fuse_readpages_fill() into fuse_readahead(). [willy@infradead.org: build fix] Link: http://lkml.kernel.org/r/20200415025938.GB5820@bombadil.infradead.org Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Dave Chinner Reviewed-by: William Kucharski Acked-by: Miklos Szeredi Cc: Chao Yu Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Link: http://lkml.kernel.org/r/20200414150233.24495-25-willy@infradead.org Signed-off-by: Linus Torvalds commit e20a7693644ebf6f8005d8cdc8c8ece49bb70253 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:47:27 2020 -0700 f2fs: pass the inode to f2fs_mpage_readpages This function now only uses the mapping argument to look up the inode, and both callers already have the inode, so just pass the inode instead of the mapping. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: William Kucharski Reviewed-by: Eric Biggers Reviewed-by: Chao Yu Acked-by: Jaegeuk Kim Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Gao Xiang Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-24-willy@infradead.org Signed-off-by: Linus Torvalds commit 2332319625cc5c703f79d185ac9a53db20913748 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:47:23 2020 -0700 f2fs: convert from readpages to readahead Use the new readahead operation in f2fs Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: William Kucharski Reviewed-by: Eric Biggers Reviewed-by: Chao Yu Acked-by: Jaegeuk Kim Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Gao Xiang Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-23-willy@infradead.org Signed-off-by: Linus Torvalds commit a07f624bd69a2c1c455364ffdc751a534554b241 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:47:20 2020 -0700 ext4: pass the inode to ext4_mpage_readpages This function now only uses the mapping argument to look up the inode, and both callers already have the inode, so just pass the inode instead of the mapping. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: William Kucharski Reviewed-by: Eric Biggers Cc: Chao Yu Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-22-willy@infradead.org Signed-off-by: Linus Torvalds commit 6311f91f76470b50c3f651475c344181adbeb869 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:47:16 2020 -0700 ext4: convert from readpages to readahead Use the new readahead operation in ext4 Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: William Kucharski Reviewed-by: Eric Biggers Cc: Chao Yu Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-21-willy@infradead.org Signed-off-by: Linus Torvalds commit 0615090c5044cbf3bd64bfc2c3c968eaf61ab2fd Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:47:13 2020 -0700 erofs: convert compressed files from readpages to readahead Use the new readahead operation in erofs. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Dave Chinner Reviewed-by: William Kucharski Reviewed-by: Chao Yu Acked-by: Gao Xiang Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Eric Biggers Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-20-willy@infradead.org Signed-off-by: Linus Torvalds commit 0c07a9f91ec0367925985944e288993759fb1b07 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:47:09 2020 -0700 erofs: convert uncompressed files from readpages to readahead Use the new readahead operation in erofs Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: William Kucharski Reviewed-by: Chao Yu Acked-by: Gao Xiang Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-19-willy@infradead.org Signed-off-by: Linus Torvalds commit ba206a026ff4cd0f11033ccaa4bf99c30567ded4 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:47:05 2020 -0700 btrfs: convert from readpages to readahead Implement the new readahead method in btrfs using the new readahead_page_batch() function. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: William Kucharski Cc: Chao Yu Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-18-willy@infradead.org Signed-off-by: Linus Torvalds commit d4388340ae0bc8397ef5b24342279f7739982918 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:47:02 2020 -0700 fs: convert mpage_readpages to mpage_readahead Implement the new readahead aop and convert all callers (block_dev, exfat, ext2, fat, gfs2, hpfs, isofs, jfs, nilfs2, ocfs2, omfs, qnx6, reiserfs & udf). The callers are all trivial except for GFS2 & OCFS2. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Junxiao Bi # ocfs2 Reviewed-by: Joseph Qi # ocfs2 Reviewed-by: Dave Chinner Reviewed-by: John Hubbard Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-17-willy@infradead.org Signed-off-by: Linus Torvalds commit f2c817bed58d9be2051fad1d18e167e173c0c227 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:58 2020 -0700 mm: use memalloc_nofs_save in readahead path Ensure that memory allocations in the readahead path do not attempt to reclaim file-backed pages, which could lead to a deadlock. It is possible, though unlikely this is the root cause of a problem observed by Cong Wang. Reported-by: Cong Wang Suggested-by: Michal Hocko Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: William Kucharski Cc: Chao Yu Cc: Christoph Hellwig Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-16-willy@infradead.org Signed-off-by: Linus Torvalds commit 2d8163e4899dad92175eedd1c2326c875eaa74fa Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:54 2020 -0700 mm: document why we don't set PageReadahead If the page is already in cache, we don't set PageReadahead on it. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-15-willy@infradead.org Signed-off-by: Linus Torvalds commit 2c684234d36f7e8c80414e4a772911d407e821fa Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:51 2020 -0700 mm: add page_cache_readahead_unbounded ext4 and f2fs have duplicated the guts of the readahead code so they can read past i_size. Instead, separate out the guts of the readahead code so they can call it directly. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Tested-by: Eric Biggers Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Reviewed-by: Eric Biggers Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-14-willy@infradead.org Signed-off-by: Linus Torvalds commit b0f31d78cbc191058e654c8eb062a864b6c9a7eb Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:47 2020 -0700 mm: move end_index check out of readahead loop By reducing nr_to_read, we can eliminate this check from inside the loop. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: John Hubbard Reviewed-by: William Kucharski Cc: Chao Yu Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-13-willy@infradead.org Signed-off-by: Linus Torvalds commit 8151b4c8bee43cea7a28cb0300123df90880e60c Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:44 2020 -0700 mm: add readahead address space operation This replaces ->readpages with a saner interface: - Return void instead of an ignored error code. - Page cache is already populated with locked pages when ->readahead is called. - New arguments can be passed to the implementation without changing all the filesystems that use a common helper function like mpage_readahead(). Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: John Hubbard Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-12-willy@infradead.org Signed-off-by: Linus Torvalds commit c1f6925e10912c7e329840387730049e5e1848c8 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:40 2020 -0700 mm: put readahead pages in cache earlier When populating the page cache for readahead, mappings that use ->readpages must populate the page cache themselves as the pages are passed on a linked list which would normally be used for the page cache's LRU. For mappings that use ->readpage or the upcoming ->readahead method, we can put the pages into the page cache as soon as they're allocated, which solves a race between readahead and direct IO. It also lets us remove the gfp argument from read_pages(). Use the new readahead_page() API to implement the repeated calls to ->readpage(), just like most filesystems will. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-11-willy@infradead.org Signed-off-by: Linus Torvalds commit ef8153b609aa9302f1e727218068b84ac8b060e4 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:36 2020 -0700 mm: remove 'page_offset' from readahead loop Replace the page_offset variable with 'index + i'. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: John Hubbard Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-10-willy@infradead.org Signed-off-by: Linus Torvalds commit c2c7ad74b16206e0e6e9e80af962e63da778acf9 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:32 2020 -0700 mm: rename readahead loop variable to 'i' Change the type of page_idx to unsigned long, and rename it -- it's just a loop counter, not a page index. Suggested-by: John Hubbard Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Dave Chinner Reviewed-by: William Kucharski Reviewed-by: Johannes Thumshirn Cc: Chao Yu Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-9-willy@infradead.org Signed-off-by: Linus Torvalds commit 08eb9658ae128df77c4cd4ca5323d84b6b6e3824 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:29 2020 -0700 mm: rename various 'offset' parameters to 'index' The word 'offset' is used ambiguously to mean 'byte offset within a page', 'byte offset from the start of the file' and 'page offset from the start of the file'. Use 'index' to mean 'page offset from the start of the file' throughout the readahead code. [ We should probably rename the 'pgoff_t' type to 'pgidx_t' too - Linus ] Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Zi Yan Reviewed-by: William Kucharski Cc: Chao Yu Cc: Christoph Hellwig Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-8-willy@infradead.org Signed-off-by: Linus Torvalds commit a4d9653666b3212032e2794dd506b34f94a60d40 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:25 2020 -0700 mm: use readahead_control to pass arguments In this patch, only between __do_page_cache_readahead() and read_pages(), but it will be extended in upcoming patches. The read_pages() function becomes aops centric, as this makes the most sense by the end of the patchset. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: John Hubbard Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Reviewed-by: Johannes Thumshirn Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-7-willy@infradead.org Signed-off-by: Linus Torvalds commit 042124cc64c33555deba0b11c6e0c612ae7a8653 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:21 2020 -0700 mm: add new readahead_control API Filesystems which implement the upcoming ->readahead method will get their pages by calling readahead_page() or readahead_page_batch(). These functions support large pages, even though none of the filesystems to be converted do yet. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: John Hubbard Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-6-willy@infradead.org Signed-off-by: Linus Torvalds commit ad4ae1c732bc9159ffdeb225036c601dddbbbe75 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:18 2020 -0700 mm: move readahead nr_pages check into read_pages Simplify the callers by moving the check for nr_pages and the BUG_ON into read_pages(). Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Zi Yan Reviewed-by: John Hubbard Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Reviewed-by: Johannes Thumshirn Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-5-willy@infradead.org Signed-off-by: Linus Torvalds commit a1ef8566525c78a9eca52e1ff91404f4595b85eb Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:14 2020 -0700 mm: ignore return value of ->readpages We used to assign the return value to a variable, which we then ignored. Remove the pretence of caring. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Reviewed-by: Dave Chinner Reviewed-by: John Hubbard Reviewed-by: William Kucharski Reviewed-by: Johannes Thumshirn Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-4-willy@infradead.org Signed-off-by: Linus Torvalds commit 9a42823a102eb10dd1cc09930dc7e20042698e23 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:10 2020 -0700 mm: return void from various readahead functions ondemand_readahead has two callers, neither of which use the return value. That means that both ra_submit and __do_page_cache_readahead() can return void, and we don't need to worry that a present page in the readahead window causes us to return a smaller nr_pages than we ought to have. Similarly, no caller uses the return value from force_page_cache_readahead(). Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: Dave Chinner Reviewed-by: John Hubbard Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Johannes Thumshirn Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-3-willy@infradead.org Signed-off-by: Linus Torvalds commit cee9a0c4e84db024d692d6b5c18f65465eb06905 Author: Matthew Wilcox (Oracle) Date: Mon Jun 1 21:46:07 2020 -0700 mm: move readahead prototypes from mm.h Patch series "Change readahead API", v11. This series adds a readahead address_space operation to replace the readpages operation. The key difference is that pages are added to the page cache as they are allocated (and then looked up by the filesystem) instead of passing them on a list to the readpages operation and having the filesystem add them to the page cache. It's a net reduction in code for each implementation, more efficient than walking a list, and solves the direct-write vs buffered-read problem reported by yu kuai at http://lkml.kernel.org/r/20200116063601.39201-1-yukuai3@huawei.com The only unconverted filesystems are those which use fscache. Their conversion is pending Dave Howells' rewrite which will make the conversion substantially easier. This should be completed by the end of the year. I want to thank the reviewers/testers; Dave Chinner, John Hubbard, Eric Biggers, Johannes Thumshirn, Dave Sterba, Zi Yan, Christoph Hellwig and Miklos Szeredi have done a marvellous job of providing constructive criticism. These patches pass an xfstests run on ext4, xfs & btrfs with no regressions that I can tell (some of the tests seem a little flaky before and remain flaky afterwards). This patch (of 25): The readahead code is part of the page cache so should be found in the pagemap.h file. force_page_cache_readahead is only used within mm, so move it to mm/internal.h instead. Remove the parameter names where they add no value, and rename the ones which were actively misleading. Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Andrew Morton Reviewed-by: John Hubbard Reviewed-by: Christoph Hellwig Reviewed-by: William Kucharski Reviewed-by: Johannes Thumshirn Cc: Chao Yu Cc: Cong Wang Cc: Darrick J. Wong Cc: Dave Chinner Cc: Eric Biggers Cc: Gao Xiang Cc: Jaegeuk Kim Cc: Joseph Qi Cc: Junxiao Bi Cc: Michal Hocko Cc: Zi Yan Cc: Miklos Szeredi Link: http://lkml.kernel.org/r/20200414150233.24495-1-willy@infradead.org Link: http://lkml.kernel.org/r/20200414150233.24495-2-willy@infradead.org Signed-off-by: Linus Torvalds commit 002ae7057069538aa3afd500f6f60a429cb948b2 Author: Vlastimil Babka Date: Mon Jun 1 21:46:03 2020 -0700 mm, dump_page(): do not crash with invalid mapping pointer We have seen a following problem on a RPi4 with 1G RAM: BUG: Bad page state in process systemd-hwdb pfn:35601 page:ffff7e0000d58040 refcount:15 mapcount:131221 mapping:efd8fe765bc80080 index:0x1 compound_mapcount: -32767 Unable to handle kernel paging request at virtual address efd8fe765bc80080 Mem abort info: ESR = 0x96000004 Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [efd8fe765bc80080] address between user and kernel address ranges Internal error: Oops: 96000004 [#1] SMP Modules linked in: btrfs libcrc32c xor xor_neon zlib_deflate raid6_pq mmc_block xhci_pci xhci_hcd usbcore sdhci_iproc sdhci_pltfm sdhci mmc_core clk_raspberrypi gpio_raspberrypi_exp pcie_brcmstb bcm2835_dma gpio_regulator phy_generic fixed sg scsi_mod efivarfs Supported: No, Unreleased kernel CPU: 3 PID: 408 Comm: systemd-hwdb Not tainted 5.3.18-8-default #1 SLE15-SP2 (unreleased) Hardware name: raspberrypi rpi/rpi, BIOS 2020.01 02/21/2020 pstate: 40000085 (nZcv daIf -PAN -UAO) pc : __dump_page+0x268/0x368 lr : __dump_page+0xc4/0x368 sp : ffff000012563860 x29: ffff000012563860 x28: ffff80003ddc4300 x27: 0000000000000010 x26: 000000000000003f x25: ffff7e0000d58040 x24: 000000000000000f x23: efd8fe765bc80080 x22: 0000000000020095 x21: efd8fe765bc80080 x20: ffff000010ede8b0 x19: ffff7e0000d58040 x18: ffffffffffffffff x17: 0000000000000001 x16: 0000000000000007 x15: ffff000011689708 x14: 3030386362353637 x13: 6566386466653a67 x12: 6e697070616d2031 x11: 32323133313a746e x10: 756f6370616d2035 x9 : ffff00001168a840 x8 : ffff00001077a670 x7 : 000000000000013d x6 : ffff0000118a43b5 x5 : 0000000000000001 x4 : ffff80003dd9e2c8 x3 : ffff80003dd9e2c8 x2 : 911c8d7c2f483500 x1 : dead000000000100 x0 : efd8fe765bc80080 Call trace: __dump_page+0x268/0x368 bad_page+0xd4/0x168 check_new_page_bad+0x80/0xb8 rmqueue_bulk.constprop.26+0x4d8/0x788 get_page_from_freelist+0x4d4/0x1228 __alloc_pages_nodemask+0x134/0xe48 alloc_pages_vma+0x198/0x1c0 do_anonymous_page+0x1a4/0x4d8 __handle_mm_fault+0x4e8/0x560 handle_mm_fault+0x104/0x1e0 do_page_fault+0x1e8/0x4c0 do_translation_fault+0xb0/0xc0 do_mem_abort+0x50/0xb0 el0_da+0x24/0x28 Code: f9401025 8b8018a0 9a851005 17ffffca (f94002a0) Besides the underlying issue with page->mapping containing a bogus value for some reason, we can see that __dump_page() crashed by trying to read the pointer at mapping->host, turning a recoverable warning into full Oops. It can be expected that when page is reported as bad state for some reason, the pointers there should not be trusted blindly. So this patch treats all data in __dump_page() that depends on page->mapping as lava, using probe_kernel_read_strict(). Ideally this would include the dentry->d_parent recursively, but that would mean changing printk handler for %pd. Chances of reaching the dentry printing part with an initially bogus mapping pointer should be rather low, though. Also prefix printing mapping->a_ops with a description of what is being printed. In case the value is bogus, %ps will print raw value instead of the symbol name and then it's not obvious at all that it's printing a_ops. Reported-by: Petr Tesarik Signed-off-by: Vlastimil Babka Signed-off-by: Andrew Morton Acked-by: Kirill A. Shutemov Cc: Matthew Wilcox Cc: John Hubbard Link: http://lkml.kernel.org/r/20200331165454.12263-1-vbabka@suse.cz Signed-off-by: Linus Torvalds commit a3df69278c5052acf0a5335b3fc614e0a7e5ea93 Author: Andrew Morton Date: Mon Jun 1 21:46:00 2020 -0700 Documentation/vm/slub.rst: s/Toggle/Enable/ "toggle" means to change a boolean thing's state. This operation doesn't do that - it sets it to "true". Signed-off-by: Andrew Morton Acked-by: Rafael Aquini Cc: Christoph Lameter Cc: David Rientjes Cc: Joonsoo Kim Cc: Pekka Enberg Signed-off-by: Linus Torvalds commit a68ee0573991e90af2f1785db309206408bad3e5 Author: Qian Cai Date: Mon Jun 1 21:45:57 2020 -0700 mm/slub: fix stack overruns with SLUB_STATS There is no need to copy SLUB_STATS items from root memcg cache to new memcg cache copies. Doing so could result in stack overruns because the store function only accepts 0 to clear the stat and returns an error for everything else while the show method would print out the whole stat. Then, the mismatch of the lengths returns from show and store methods happens in memcg_propagate_slab_attrs(): else if (root_cache->max_attr_size < ARRAY_SIZE(mbuf)) buf = mbuf; max_attr_size is only 2 from slab_attr_store(), then, it uses mbuf[64] in show_stat() later where a bounch of sprintf() would overrun the stack variable. Fix it by always allocating a page of buffer to be used in show_stat() if SLUB_STATS=y which should only be used for debug purpose. # echo 1 > /sys/kernel/slab/fs_cache/shrink BUG: KASAN: stack-out-of-bounds in number+0x421/0x6e0 Write of size 1 at addr ffffc900256cfde0 by task kworker/76:0/53251 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 Workqueue: memcg_kmem_cache memcg_kmem_cache_create_func Call Trace: number+0x421/0x6e0 vsnprintf+0x451/0x8e0 sprintf+0x9e/0xd0 show_stat+0x124/0x1d0 alloc_slowpath_show+0x13/0x20 __kmem_cache_create+0x47a/0x6b0 addr ffffc900256cfde0 is located in stack of task kworker/76:0/53251 at offset 0 in frame: process_one_work+0x0/0xb90 this frame has 1 object: [32, 72) 'lockdep_map' Memory state around the buggy address: ffffc900256cfc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc900256cfd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc900256cfd80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 ^ ffffc900256cfe00: 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 ffffc900256cfe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __kmem_cache_create+0x6ac/0x6b0 Workqueue: memcg_kmem_cache memcg_kmem_cache_create_func Call Trace: __kmem_cache_create+0x6ac/0x6b0 Fixes: 107dab5c92d5 ("slub: slub-specific propagation changes") Signed-off-by: Qian Cai Signed-off-by: Andrew Morton Cc: Glauber Costa Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Link: http://lkml.kernel.org/r/20200429222356.4322-1-cai@lca.pw Signed-off-by: Linus Torvalds commit aa456c7aebb14a4ff47611586397b5b3e84fbf37 Author: Christopher Lameter Date: Mon Jun 1 21:45:53 2020 -0700 slub: remove kmalloc under list_lock from list_slab_objects() V2 list_slab_objects() is called when a slab is destroyed and there are objects still left to list the objects in the syslog. This is a pretty rare event. And there it seems we take the list_lock and call kmalloc while holding that lock. Perform the allocation in free_partial() before the list_lock is taken. Fixes: bbd7d57bfe852d9788bae5fb171c7edb4021d8ac ("slub: Potential stack overflow") Signed-off-by: Christopher Lameter Signed-off-by: Andrew Morton Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: "Kirill A. Shutemov" Cc: Tetsuo Handa Cc: Yu Zhao Link: http://lkml.kernel.org/r/alpine.DEB.2.21.2002031721250.1668@www.lameter.com Signed-off-by: Linus Torvalds commit d7660ce5914d396242bfc56c8f45ef117101fb58 Author: Christoph Lameter Date: Mon Jun 1 21:45:50 2020 -0700 slub: Remove userspace notifier for cache add/remove I came across some unnecessary uevents once again which reminded me this. The patch seems to be lost in the leaves of the original discussion [1], so resending. [1] https://lore.kernel.org/r/alpine.DEB.2.21.2001281813130.745@www.lameter.com Kmem caches are internal kernel structures so it is strange that userspace notifiers would be needed. And I am not aware of any use of these notifiers. These notifiers may just exist because in the initial slub release the sysfs code was copied from another subsystem. Signed-off-by: Christoph Lameter Signed-off-by: Andrew Morton Acked-by: Vlastimil Babka Acked-by: Michal Koutný Acked-by: David Rientjes Cc: Pekka Enberg Cc: Joonsoo Kim Link: http://lkml.kernel.org/r/20200423115721.19821-1-mkoutny@suse.com Signed-off-by: Linus Torvalds commit 52f23478081ae0dcdb95d1650ea1e7d52d586829 Author: Dongli Zhang Date: Mon Jun 1 21:45:47 2020 -0700 mm/slub.c: fix corrupted freechain in deactivate_slab() The slub_debug is able to fix the corrupted slab freelist/page. However, alloc_debug_processing() only checks the validity of current and next freepointer during allocation path. As a result, once some objects have their freepointers corrupted, deactivate_slab() may lead to page fault. Below is from a test kernel module when 'slub_debug=PUF,kmalloc-128 slub_nomerge'. The test kernel corrupts the freepointer of one free object on purpose. Unfortunately, deactivate_slab() does not detect it when iterating the freechain. BUG: unable to handle page fault for address: 00000000123456f8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI ... ... RIP: 0010:deactivate_slab.isra.92+0xed/0x490 ... ... Call Trace: ___slab_alloc+0x536/0x570 __slab_alloc+0x17/0x30 __kmalloc+0x1d9/0x200 ext4_htree_store_dirent+0x30/0xf0 htree_dirblock_to_tree+0xcb/0x1c0 ext4_htree_fill_tree+0x1bc/0x2d0 ext4_readdir+0x54f/0x920 iterate_dir+0x88/0x190 __x64_sys_getdents+0xa6/0x140 do_syscall_64+0x49/0x170 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Therefore, this patch adds extra consistency check in deactivate_slab(). Once an object's freepointer is corrupted, all following objects starting at this object are isolated. [akpm@linux-foundation.org: fix build with CONFIG_SLAB_DEBUG=n] Signed-off-by: Dongli Zhang Signed-off-by: Andrew Morton Cc: Joe Jin Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Link: http://lkml.kernel.org/r/20200331031450.12182-1-dongli.zhang@oracle.com Signed-off-by: Linus Torvalds commit 49f2d2419d60a103752e5fbaf158cf8d07c0d884 Author: Vlastimil Babka Date: Mon Jun 1 21:45:43 2020 -0700 usercopy: mark dma-kmalloc caches as usercopy caches We have seen a "usercopy: Kernel memory overwrite attempt detected to SLUB object 'dma-kmalloc-1 k' (offset 0, size 11)!" error on s390x, as IUCV uses kmalloc() with __GFP_DMA because of memory address restrictions. The issue has been discussed [2] and it has been noted that if all the kmalloc caches are marked as usercopy, there's little reason not to mark dma-kmalloc caches too. The 'dma' part merely means that __GFP_DMA is used to restrict memory address range. As Jann Horn put it [3]: "I think dma-kmalloc slabs should be handled the same way as normal kmalloc slabs. When a dma-kmalloc allocation is freshly created, it is just normal kernel memory - even if it might later be used for DMA -, and it should be perfectly fine to copy_from_user() into such allocations at that point, and to copy_to_user() out of them at the end. If you look at the places where such allocations are created, you can see things like kmemdup(), memcpy() and so on - all normal operations that shouldn't conceptually be different from usercopy in any relevant way." Thus this patch marks the dma-kmalloc-* caches as usercopy. [1] https://bugzilla.suse.com/show_bug.cgi?id=1156053 [2] https://lore.kernel.org/kernel-hardening/bfca96db-bbd0-d958-7732-76e36c667c68@suse.cz/ [3] https://lore.kernel.org/kernel-hardening/CAG48ez1a4waGk9kB0WLaSbs4muSoK0AYAVk8=XYaKj4_+6e6Hg@mail.gmail.com/ Signed-off-by: Vlastimil Babka Signed-off-by: Andrew Morton Acked-by: Christian Borntraeger Acked-by: Jiri Slaby Cc: Jann Horn Cc: Christoph Hellwig Cc: Christopher Lameter Cc: Julian Wiedmann Cc: Ursula Braun Cc: Alexander Viro Cc: David Windsor Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andy Lutomirski Cc: "David S. Miller" Cc: Laura Abbott Cc: Mark Rutland Cc: "Martin K. Petersen" Cc: Paolo Bonzini Cc: Christoffer Dall Cc: Dave Kleikamp Cc: Jan Kara Cc: Luis de Bethencourt Cc: Marc Zyngier Cc: Rik van Riel Cc: Matthew Garrett Cc: Michal Kubecek Link: http://lkml.kernel.org/r/7d810f6d-8085-ea2f-7805-47ba3842dc50@suse.cz Signed-off-by: Linus Torvalds commit 485e9605c05733759d3bd5aba4fbe561801f3658 Author: Jeff Layton Date: Mon Jun 1 21:45:40 2020 -0700 fs/buffer.c: record blockdev write errors in super_block that it backs When syncing out a block device (a'la __sync_blockdev), any error encountered will only be recorded in the bd_inode's mapping. When the blockdev contains a filesystem however, we'd like to also record the error in the super_block that's stored there. Make mark_buffer_write_io_error also record the error in the corresponding super_block when a writeback error occurs and the block device contains a mounted superblock. Since superblocks are RCU freed, hold the rcu_read_lock to ensure that the superblock doesn't go away while we're marking it. Signed-off-by: Jeff Layton Signed-off-by: Andrew Morton Reviewed-by: Jan Kara Cc: Al Viro Cc: Andres Freund Cc: Matthew Wilcox Cc: David Howells Cc: Christoph Hellwig Cc: Dave Chinner Link: http://lkml.kernel.org/r/20200428135155.19223-3-jlayton@kernel.org Signed-off-by: Linus Torvalds commit 735e4ae5ba28c886d249ad04d3c8cc097dad6336 Author: Jeff Layton Date: Mon Jun 1 21:45:36 2020 -0700 vfs: track per-sb writeback errors and report them to syncfs Patch series "vfs: have syncfs() return error when there are writeback errors", v6. Currently, syncfs does not return errors when one of the inodes fails to be written back. It will return errors based on the legacy AS_EIO and AS_ENOSPC flags when syncing out the block device fails, but that's not particularly helpful for filesystems that aren't backed by a blockdev. It's also possible for a stray sync to lose those errors. The basic idea in this set is to track writeback errors at the superblock level, so that we can quickly and easily check whether something bad happened without having to fsync each file individually. syncfs is then changed to reliably report writeback errors after they occur, much in the same fashion as fsync does now. This patch (of 2): Usually we suggest that applications call fsync when they want to ensure that all data written to the file has made it to the backing store, but that can be inefficient when there are a lot of open files. Calling syncfs on the filesystem can be more efficient in some situations, but the error reporting doesn't currently work the way most people expect. If a single inode on a filesystem reports a writeback error, syncfs won't necessarily return an error. syncfs only returns an error if __sync_blockdev fails, and on some filesystems that's a no-op. It would be better if syncfs reported an error if there were any writeback failures. Then applications could call syncfs to see if there are any errors on any open files, and could then call fsync on all of the other descriptors to figure out which one failed. This patch adds a new errseq_t to struct super_block, and has mapping_set_error also record writeback errors there. To report those errors, we also need to keep an errseq_t in struct file to act as a cursor. This patch adds a dedicated field for that purpose, which slots nicely into 4 bytes of padding at the end of struct file on x86_64. An earlier version of this patch used an O_PATH file descriptor to cue the kernel that the open file should track the superblock error and not the inode's writeback error. I think that API is just too weird though. This is simpler and should make syncfs error reporting "just work" even if someone is multiplexing fsync and syncfs on the same fds. Signed-off-by: Jeff Layton Signed-off-by: Andrew Morton Reviewed-by: Jan Kara Cc: Andres Freund Cc: Matthew Wilcox Cc: Al Viro Cc: Christoph Hellwig Cc: Dave Chinner Cc: David Howells Link: http://lkml.kernel.org/r/20200428135155.19223-1-jlayton@kernel.org Link: http://lkml.kernel.org/r/20200428135155.19223-2-jlayton@kernel.org Signed-off-by: Linus Torvalds commit 78128fabd022240852859c0b253972147593690b Author: Andrew Morton Date: Mon Jun 1 21:45:33 2020 -0700 arch/parisc/include/asm/pgtable.h: remove unused `old_pte' parisc's set_pte_at() macro has set-but-not-used variable: include/linux/pgtable.h: In function 'pte_clear_not_present_full': arch/parisc/include/asm/pgtable.h:96:9: warning: variable 'old_pte' set but not used [-Wunused-but-set-variable] Reported-by: kbuild test robot Signed-off-by: Andrew Morton Cc: "James E.J. Bottomley" Cc: Helge Deller Cc: Mike Rapoport Signed-off-by: Linus Torvalds commit 912f655d78c5d4ad05eac287f23a435924df7144 Author: Gang He Date: Mon Jun 1 21:45:29 2020 -0700 ocfs2: mount shared volume without ha stack Usually we create and use a ocfs2 shared volume on the top of ha stack. For pcmk based ha stack, which includes DLM, corosync and pacemaker services. The customers complained they could not mount existent ocfs2 volume in the single node without ha stack, e.g. single node backup/restore scenario. Like this case, the customers just want to access the data from the existent ocfs2 volume quickly, but do not want to restart or setup ha stack. Then, I'd like to add a mount option "nocluster", if the users use this option to mount a ocfs2 shared volume, the whole mount will not depend on the ha related services. the command will mount the existent ocfs2 volume directly (like local mount), for avoiding setup the ha stack. Signed-off-by: Gang He Signed-off-by: Andrew Morton Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Cc: Changwei Ge Cc: Jun Piao Link: http://lkml.kernel.org/r/20200423053300.22661-1-ghe@suse.com Signed-off-by: Linus Torvalds commit 8f745e62a1926e57a671b0841241b60e80903dda Author: Jules Irenge Date: Mon Jun 1 21:45:26 2020 -0700 ocfs2: add missing annotation for dlm_empty_lockres() Sparse reports a warning at dlm_empty_lockres() warning: context imbalance in dlm_purge_lockres() - unexpected unlock The root cause is the missing annotation at dlm_purge_lockres() Add the missing __must_hold(&dlm->spinlock) Signed-off-by: Jules Irenge Signed-off-by: Andrew Morton Reviewed-by: Andrew Morton Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Cc: Changwei Ge Cc: Gang He Cc: Jun Piao Link: http://lkml.kernel.org/r/20200403160505.2832-4-jbi.octave@gmail.com Signed-off-by: Linus Torvalds commit 93e72b3c612adcaca13d874fcc86c53e6c8da541 Author: Philippe Liard Date: Mon Jun 1 21:45:23 2020 -0700 squashfs: migrate from ll_rw_block usage to BIO ll_rw_block() function has been deprecated in favor of BIO which appears to come with large performance improvements. This patch decreases boot time by close to 40% when using squashfs for the root file-system. This is observed at least in the context of starting an Android VM on Chrome OS using crosvm. The patch was tested on 4.19 as well as master. This patch is largely based on Adrien Schildknecht's patch that was originally sent as https://lkml.org/lkml/2017/9/22/814 though with some significant changes and simplifications while also taking Phillip Lougher's feedback into account, around preserving support for FILE_CACHE in particular. [akpm@linux-foundation.org: fix build error reported by Randy] Link: http://lkml.kernel.org/r/319997c2-5fc8-f889-2ea3-d913308a7c1f@infradead.org Signed-off-by: Philippe Liard Signed-off-by: Andrew Morton Reviewed-by: Christoph Hellwig Cc: Adrien Schildknecht Cc: Phillip Lougher Cc: Guenter Roeck Cc: Daniel Rosenberg Link: https://chromium.googlesource.com/chromiumos/platform/crosvm Link: http://lkml.kernel.org/r/20191106074238.186023-1-pliard@google.com Signed-off-by: Linus Torvalds commit ea22eee4e6027d8927099de344f7fff43c507ef9 Author: Bob Peterson Date: Wed Apr 29 08:45:54 2020 -0500 gfs2: Allow lock_nolock mount to specify jid=X Before this patch, a simple typo accidentally added \n to the jid= string for lock_nolock mounts. This made it impossible to mount a gfs2 file system with a journal other than journal0. Thus: mount -tgfs2 -o hostdata="jid=1" Resulted in: mount: wrong fs type, bad option, bad superblock on In most cases this is not a problem. However, for debugging and testing purposes we sometimes want to test the integrity of other journals. This patch removes the unnecessary \n and thus allows lock_nolock users to specify an alternate journal. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit bbae10fac2dceb6c8585d385cc689f4e7ce81b1f Author: Bob Peterson Date: Fri May 8 09:18:03 2020 -0500 gfs2: Don't ignore inode write errors during inode_go_sync Before for this patch, function inode_go_sync ignored io errors during inode_go_sync, overwriting them with metadata write errors: error = filemap_fdatawait(mapping); mapping_set_error(mapping, error); } error = filemap_fdatawait(metamapping); ... return error; So any errors returned by the inode write would be forgotten if the metadata write succeeded. This patch still does both writes, but only sets error if it's still zero. That way, any errors will be reported by to the caller, do_xmote, which will take appropriate action and report the error. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher commit 3700bec3323ebe90924156775be0124e93094f78 Author: Mauro Carvalho Chehab Date: Wed Apr 15 16:32:31 2020 +0200 docs: filesystems: convert gfs2-glocks.txt to ReST - Add a SPDX header; - Adjust document and section titles; - Some whitespace fixes and new line breaks; - Add table markups; - Use notes markups; - Add it to filesystems/index.rst. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Andreas Gruenbacher commit 17839856fd588f4ab6b789f482ed3ffd7c403e1f Author: Linus Torvalds Date: Wed May 27 18:29:34 2020 -0700 gup: document and work around "COW can break either way" issue Doing a "get_user_pages()" on a copy-on-write page for reading can be ambiguous: the page can be COW'ed at any time afterwards, and the direction of a COW event isn't defined. Yes, whoever writes to it will generally do the COW, but if the thread that did the get_user_pages() unmapped the page before the write (and that could happen due to memory pressure in addition to any outright action), the writer could also just take over the old page instead. End result: the get_user_pages() call might result in a page pointer that is no longer associated with the original VM, and is associated with - and controlled by - another VM having taken it over instead. So when doing a get_user_pages() on a COW mapping, the only really safe thing to do would be to break the COW when getting the page, even when only getting it for reading. At the same time, some users simply don't even care. For example, the perf code wants to look up the page not because it cares about the page, but because the code simply wants to look up the physical address of the access for informational purposes, and doesn't really care about races when a page might be unmapped and remapped elsewhere. This adds logic to force a COW event by setting FOLL_WRITE on any copy-on-write mapping when FOLL_GET (or FOLL_PIN) is used to get a page pointer as a result. The current semantics end up being: - __get_user_pages_fast(): no change. If you don't ask for a write, you won't break COW. You'd better know what you're doing. - get_user_pages_fast(): the fast-case "look it up in the page tables without anything getting mmap_sem" now refuses to follow a read-only page, since it might need COW breaking. Which happens in the slow path - the fast path doesn't know if the memory might be COW or not. - get_user_pages() (including the slow-path fallback for gup_fast()): for a COW mapping, turn on FOLL_WRITE for FOLL_GET/FOLL_PIN, with very similar semantics to FOLL_FORCE. If it turns out that we want finer granularity (ie "only break COW when it might actually matter" - things like the zero page are special and don't need to be broken) we might need to push these semantics deeper into the lookup fault path. So if people care enough, it's possible that we might end up adding a new internal FOLL_BREAK_COW flag to go with the internal FOLL_COW flag we already have for tracking "I had a COW". Alternatively, if it turns out that different callers might want to explicitly control the forced COW break behavior, we might even want to make such a flag visible to the users of get_user_pages() instead of using the above default semantics. But for now, this is mostly commentary on the issue (this commit message being a lot bigger than the patch, and that patch in turn is almost all comments), with that minimal "enable COW breaking early" logic using the existing FOLL_WRITE behavior. [ It might be worth noting that we've always had this ambiguity, and it could arguably be seen as a user-space issue. You only get private COW mappings that could break either way in situations where user space is doing cooperative things (ie fork() before an execve() etc), but it _is_ surprising and very subtle, and fork() is supposed to give you independent address spaces. So let's treat this as a kernel issue and make the semantics of get_user_pages() easier to understand. Note that obviously a true shared mapping will still get a page that can change under us, so this does _not_ mean that get_user_pages() somehow returns any "stable" page ] Reported-by: Jann Horn Tested-by: Christoph Hellwig Acked-by: Oleg Nesterov Acked-by: Kirill Shutemov Acked-by: Jan Kara Cc: Andrea Arcangeli Cc: Matthew Wilcox Signed-off-by: Linus Torvalds commit 3247bd10a4502a3075ce8e1c3c7d31ef76f193ce Author: Ashok Raj Date: Thu May 28 13:57:42 2020 -0700 PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints All Intel platforms guarantee that all root complex implementations must send transactions up to IOMMU for address translations. Hence for Intel RCiEP devices, we can assume some ACS-type isolation even without an ACS capability. From the Intel VT-d spec, r3.1, sec 3.16 ("Root-Complex Peer to Peer Considerations"): When DMA remapping is enabled, peer-to-peer requests through the Root-Complex must be handled as follows: - The input address in the request is translated (through first-level, second-level or nested translation) to a host physical address (HPA). The address decoding for peer addresses must be done only on the translated HPA. Hardware implementations are free to further limit peer-to-peer accesses to specific host physical address regions (or to completely disallow peer-forwarding of translated requests). - Since address translation changes the contents (address field) of the PCI Express Transaction Layer Packet (TLP), for PCI Express peer-to-peer requests with ECRC, the Root-Complex hardware must use the new ECRC (re-computed with the translated address) if it decides to forward the TLP as a peer request. - Root-ports, and multi-function root-complex integrated endpoints, may support additional peer-to-peer control features by supporting PCI Express Access Control Services (ACS) capability. Refer to ACS capability in PCI Express specifications for details. Since Linux didn't give special treatment to allow this exception, certain RCiEP MFD devices were grouped in a single IOMMU group. This doesn't permit a single device to be assigned to a guest for instance. In one vendor system: Device 14.x were grouped in a single IOMMU group. /sys/kernel/iommu_groups/5/devices/0000:00:14.0 /sys/kernel/iommu_groups/5/devices/0000:00:14.2 /sys/kernel/iommu_groups/5/devices/0000:00:14.3 After this patch: /sys/kernel/iommu_groups/5/devices/0000:00:14.0 /sys/kernel/iommu_groups/5/devices/0000:00:14.2 /sys/kernel/iommu_groups/6/devices/0000:00:14.3 <<< new group 14.0 and 14.2 are integrated devices, but legacy end points, whereas 14.3 was a PCIe-compliant RCiEP. 00:14.3 Network controller: Intel Corporation Device 9df0 (rev 30) Capabilities: [40] Express (v2) Root Complex Integrated Endpoint, MSI 00 This permits assigning this device to a guest VM. [bhelgaas: drop "Fixes" tag since this doesn't fix a bug in that commit] Link: https://lore.kernel.org/r/1590699462-7131-1-git-send-email-ashok.raj@intel.com Tested-by: Darrel Goeddel Signed-off-by: Ashok Raj Signed-off-by: Bjorn Helgaas Reviewed-by: Alex Williamson Cc: stable@vger.kernel.org Cc: Lu Baolu Cc: Mark Scott , Cc: Romil Sharma commit d2353bad2c1eef7a1228645fbb21e7887c633d12 Author: Arnd Bergmann Date: Fri May 29 22:16:45 2020 +0200 ARM: omap2: fix omap5_realtime_timer_init definition There is one more regression introduced by the last build fix: arch/arm/mach-omap2/timer.c:170:6: error: attribute declaration must precede definition [-Werror,-Wignored-attributes] void __init omap5_realtime_timer_init(void) ^ arch/arm/mach-omap2/common.h:118:20: note: previous definition is here static inline void omap5_realtime_timer_init(void) ^ arch/arm/mach-omap2/timer.c:170:13: error: redefinition of 'omap5_realtime_timer_init' void __init omap5_realtime_timer_init(void) ^ arch/arm/mach-omap2/common.h:118:20: note: previous definition is here static inline void omap5_realtime_timer_init(void) Address this by removing the now obsolete #ifdefs in that file and just building the entire file based on the flag that controls the omap5_realtime_timer_init function declaration. Link: https://lore.kernel.org/r/20200529201701.521933-1-arnd@arndb.de Fixes: d86ad463d670 ("ARM: OMAP2+: Fix regression for using local timer on non-SMP SoCs") Acked-by: Tony Lindgren Signed-off-by: Arnd Bergmann commit 603986a7a486a041e82146f6fce5ac6439858b2a Merge: 36e29139cd47 7856488bd83b Author: Arnd Bergmann Date: Tue Jun 2 19:12:35 2020 +0200 Merge tag 'keystone_dts_for_5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/ssantosh/linux-keystone into arm/dt ARM: Keystone DTS updates for 5.7 Add display support for K2G EVM Board * tag 'keystone_dts_for_5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/ssantosh/linux-keystone: ARM: dts: keystone-k2g-evm: add HDMI video support ARM: dts: keystone-k2g: Add DSS node Signed-off-by: Arnd Bergmann commit 382561a0f11c4995d48ab82670412f8d6c418430 Author: Masami Hiramatsu Date: Thu May 28 23:52:37 2020 +0900 selftests/sysctl: Make sysctl test driver as a module Fix config file to require CONFIG_TEST_SYSCTL=m instead of y because this driver introduces a test sysctl interfaces which are normally not used, and only used for the selftest. Signed-off-by: Masami Hiramatsu Reviewed-by: Kees Cook Reviewed-by: Luis Chamberlain Signed-off-by: Shuah Khan commit eee470e0739a9d8e29460f6d355cefa1c9a0384a Author: Masami Hiramatsu Date: Thu May 28 23:52:26 2020 +0900 selftests/sysctl: Fix to load test_sysctl module Fix to load test_sysctl.ko module correctly. sysctl.sh checks whether the test module is embedded (or loaded already) or not at first, and if not, it returns skip error instead of trying modprobe. Thus, there is no chance to load the test_sysctl test module. Instead, this removes that module embedded check and returns skip error only if it ensures that there is no embedded test module *and* no loadable test module. This also avoid referring config file since that is not installed. Signed-off-by: Masami Hiramatsu Reviewed-by: Kees Cook Reviewed-by: Luis Chamberlain Signed-off-by: Shuah Khan commit 0df12a01f4857495816b05f048c4c31439446e35 Author: Tony Lindgren Date: Mon Jun 1 17:18:56 2020 -0700 ARM: dts: omap4-droid4: Fix spi configuration and increase rate We can currently sometimes get "RXS timed out" errors and "EOT timed out" errors with spi transfers. These errors can be made easy to reproduce by reading the cpcap iio values in a loop while keeping the CPUs busy by also reading /dev/urandom. The "RXS timed out" errors we can fix by adding spi-cpol and spi-cpha in addition to the spi-cs-high property we already have. The "EOT timed out" errors we can fix by increasing the spi clock rate to 9.6 MHz. Looks similar MC13783 PMIC says it works at spi clock rates up to 20 MHz, so let's assume we can pick any rate up to 20 MHz also for cpcap. Cc: maemo-leste@lists.dyne.org Cc: Merlijn Wajer Cc: Pavel Machek Cc: Sebastian Reichel Signed-off-by: Tony Lindgren commit 2f56f84511367ce5ffd4a1c88dcd770ef049ea96 Author: Masami Hiramatsu Date: Thu May 28 23:52:16 2020 +0900 lib: Make test_sysctl initialized as module test_sysctl.c is expected to be used as a module, but since it does not use module_init(), it never be registered as a module and not appeared under /sys/module/. In the result, the selftests/sysctl/sysctl.sh always fails to find the test module and is skipped. This makes test_sysctl.c initialized as a module by module_init() and allow sysctl.sh to find the test module is loaded. Signed-off-by: Masami Hiramatsu Reviewed-by: Luis Chamberlain Signed-off-by: Shuah Khan commit d0676871fd52f575cc2bfec4faa2fcbc8af370e8 Author: Masami Hiramatsu Date: Thu May 28 23:52:06 2020 +0900 lib: Make prime number generator independently selectable Make prime number generator independently selectable from kconfig. This allows us to enable CONFIG_PRIME_NUMBERS=m and run the tools/testing/selftests/lib/prime_numbers.sh without other DRM selftest modules. Signed-off-by: Masami Hiramatsu Reviewed-by: Kees Cook Reviewed-by: Luis Chamberlain Signed-off-by: Shuah Khan commit b6f61c31464940513ef4eccb3a030a405b4256d6 Author: David Howells Date: Tue May 12 14:03:53 2020 +0100 keys: Implement update for the big_key type Implement the ->update op for the big_key type. Signed-off-by: David Howells Acked-by: Jason A. Donenfeld commit 521fd61c84a19b31dfbaa8dde3d2577e4e115d12 Author: Jason A. Donenfeld Date: Mon May 11 15:51:01 2020 -0600 security/keys: rewrite big_key crypto to use library interface A while back, I noticed that the crypto and crypto API usage in big_keys were entirely broken in multiple ways, so I rewrote it. Now, I'm rewriting it again, but this time using the simpler ChaCha20Poly1305 library function. This makes the file considerably more simple; the diffstat alone should justify this commit. It also should be faster, since it no longer requires a mutex around the "aead api object" (nor allocations), allowing us to encrypt multiple items in parallel. We also benefit from being able to pass any type of pointer, so we can get rid of the ridiculously complex custom page allocator that big_key really doesn't need. [DH: Change the select CRYPTO_LIB_CHACHA20POLY1305 to a depends on as select doesn't propagate and the build can end up with an =y dependending on some =m pieces. The depends on CRYPTO also had to be removed otherwise the configurator complains about a recursive dependency.] Cc: Andy Lutomirski Cc: Greg KH Cc: Linus Torvalds Cc: kernel-hardening@lists.openwall.com Reviewed-by: Eric Biggers Signed-off-by: Jason A. Donenfeld Signed-off-by: David Howells commit 2ce113fa525faf62fc308a10d1e5af07456b7460 Author: Gustavo A. R. Silva Date: Thu May 7 13:57:10 2020 -0500 KEYS: Replace zero-length array with flexible-array The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] sizeof(flexible-array-member) triggers a warning because flexible array members have incomplete type[1]. There are some instances of code in which the sizeof operator is being incorrectly/erroneously applied to zero-length arrays and the result is zero. Such instances may be hiding some bugs. So, this work (flexible-array member conversions) will also help to get completely rid of those sorts of issues. This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David Howells Reviewed-by: Jarkko Sakkinen commit 352780b61ebbd5fef845714c17246e1647c6904a Author: Ben Boeckel Date: Fri May 15 20:39:17 2020 -0400 Documentation: security: core.rst: add missing argument This argument was just never documented in the first place. Signed-off-by: Ben Boeckel Signed-off-by: David Howells Reviewed-by: Jarkko Sakkinen commit b3e2d20973db3ec87a6dd2fee0c88d3c2e7c2f61 Author: Kefeng Wang Date: Fri Apr 17 12:02:45 2020 +0800 rcuperf: Fix printk format warning Using "%zu" to fix following warning, kernel/rcu/rcuperf.c: In function ‘kfree_perf_init’: include/linux/kern_levels.h:5:18: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘unsigned int’ [-Wformat=] Signed-off-by: Kefeng Wang Signed-off-by: Paul E. McKenney commit 972eabb97aab8e5d86c79f28a707e0d1e8a1d1a0 Author: Sebastian Reichel Date: Tue Jun 2 16:49:08 2020 +0200 Revert "power: supply: sbs-battery: simplify read_read_string_data" The commit is a nice cleanup, but breaks booting on exynos5 based chromebooks. It's seems to come down to exynos5's i2c driver not implementing I2C_FUNC_SMBUS_READ_BLOCK_DATA. It's not yet clear why that breaks boot / massively slows it down when userspace starts, so revert the problematic patch. This reverts commit c4b12a2f3f3de670f6be5e96092a2cab0b877f1a. Signed-off-by: Sebastian Reichel commit cf1eb321d1cd134da0083f6430301a09f8012de1 Author: Sebastian Reichel Date: Tue Jun 2 16:36:24 2020 +0200 Revert "power: supply: sbs-battery: add PEC support" This depends on the simplification of sbs_read_string_data, which breaks booting exynos5 based chromebooks. More investigation is required, so this patch and the simplification patch are reverted for this merge window. Note, that this is only a partial revert, since sbs_update_presence() has not been removed. It is also required for the charger broadcast disabling. This reverts commit 79bcd5a4a66076a8a8dacd7f4a3be1952283aef4. Signed-off-by: Sebastian Reichel commit 5f68ea4aa98bcddb5ec5229d2a0933d84ed17732 Author: Aurelien Aptel Date: Wed Apr 22 15:58:57 2020 +0200 cifs: multichannel: move channel selection in function This commit moves channel picking code in separate function. Signed-off-by: Aurelien Aptel Signed-off-by: Steve French commit bbbf9eafbfdaa2af75fb5ed6d5ddb01be89e6d30 Author: Steve French Date: Sat May 30 17:29:50 2020 -0500 cifs: fix minor typos in comments and log messages Fix four minor typos in comments and log messages Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit 3563a6f4683eb08f9a437e028dd027ac31092381 Author: Steve French Date: Sat May 30 17:10:16 2020 -0500 smb3: minor update to compression header definitions MS-SMB2 specification was updated in March. Make minor additions and corrections to compression related definitions in smb2pdu.h Signed-off-by: Steve French Reviewed-by: Aurelien Aptel commit c893de12e1ef17b581eb2cf8fc9018ec0cbd07df Author: Wei Li Date: Thu May 21 15:21:25 2020 +0800 kdb: Remove the misfeature 'KDBFLAGS' Currently, 'KDBFLAGS' is an internal variable of kdb, it is combined by 'KDBDEBUG' and state flags. It will be shown only when 'KDBDEBUG' is set, and the user can define an environment variable named 'KDBFLAGS' too. These are puzzling indeed. After communication with Daniel, it seems that 'KDBFLAGS' is a misfeature. So let's replace 'KDBFLAGS' with 'KDBDEBUG' to just show the value we wrote into. After this modification, we can use `md4c1 kdb_flags` instead, to observe the state flags. Suggested-by: Daniel Thompson Signed-off-by: Wei Li Link: https://lore.kernel.org/r/20200521072125.21103-1-liwei391@huawei.com [daniel.thompson@linaro.org: Make kdb_flags unsigned to avoid arithmetic right shift] Signed-off-by: Daniel Thompson commit 1b310030bb855b9b13d1c0a9feffdb54883b06ab Author: Douglas Anderson Date: Thu May 7 16:11:46 2020 -0700 kdb: Cleanup math with KDB_CMD_HISTORY_COUNT From code inspection the math in handle_ctrl_cmd() looks super sketchy because it subjects -1 from cmdptr and then does a "% KDB_CMD_HISTORY_COUNT". It turns out that this code works because "cmdptr" is unsigned and KDB_CMD_HISTORY_COUNT is a nice power of 2. Let's make this a little less sketchy. This patch should be a no-op. Signed-off-by: Douglas Anderson Link: https://lore.kernel.org/r/20200507161125.1.I2cce9ac66e141230c3644b8174b6c15d4e769232@changeid Reviewed-by: Sumit Garg Signed-off-by: Daniel Thompson commit 195867ffea13b755dc727b47eaa5beb0ffa6e0ce Author: Sumit Garg Date: Thu May 7 13:08:50 2020 -0700 serial: amba-pl011: Support kgdboc_earlycon Implement the read() function in the early console driver. With recently added kgdboc_earlycon feature, this allows you to use kgdb to debug fairly early into the system boot. We only bother implementing this if polling is enabled since kgdb can't be enabled without that. Signed-off-by: Sumit Garg Reviewed-by: Douglas Anderson Reviewed-by: Daniel Thompson Signed-off-by: Douglas Anderson Link: https://lore.kernel.org/r/20200507130644.v4.12.I8ee0811f0e0816dd8bfe7f2f5540b3dba074fae8@changeid Signed-off-by: Daniel Thompson commit c5e7467d92b849450bd03d9215afb09665d76af6 Author: Douglas Anderson Date: Thu May 7 13:08:49 2020 -0700 serial: 8250_early: Support kgdboc_earlycon Implement the read() function in the early console driver. With recent kgdb patches this allows you to use kgdb to debug fairly early into the system boot. We only bother implementing this if polling is enabled since kgdb can't be enabled without that. Signed-off-by: Douglas Anderson Reviewed-by: Greg Kroah-Hartman Reviewed-by: Daniel Thompson Link: https://lore.kernel.org/r/20200507130644.v4.11.I8f668556c244776523320a95b09373a86eda11b7@changeid Signed-off-by: Daniel Thompson commit 205b5bdda2090d4730dabf9c0d9646cb32f2551d Author: Douglas Anderson Date: Thu May 7 13:08:48 2020 -0700 serial: qcom_geni_serial: Support kgdboc_earlycon Implement the read() function in the early console driver. With recent kgdb patches this allows you to use kgdb to debug fairly early into the system boot. We only bother implementing this if polling is enabled since kgdb can't be enabled without that. Signed-off-by: Douglas Anderson Reviewed-by: Greg Kroah-Hartman Link: https://lore.kernel.org/r/20200507130644.v4.10.If2deff9679a62c1ce1b8f2558a8635dc837adf8c@changeid Signed-off-by: Daniel Thompson commit a4912303ac6fede434acf5c23a9108cdaf79844a Author: Daniel Thompson Date: Thu Apr 30 17:17:41 2020 +0100 serial: kgdboc: Allow earlycon initialization to be deferred Currently there is no guarantee that an earlycon will be initialized before kgdboc tries to adopt it. Almost the opposite: on systems with ACPI then if earlycon has no arguments then it is guaranteed that earlycon will not be initialized. This patch mitigates the problem by giving kgdboc_earlycon a second chance during console_init(). This isn't quite as good as stopping during early parameter parsing but it is still early in the kernel boot. Signed-off-by: Daniel Thompson Link: https://lore.kernel.org/r/20200430161741.1832050-1-daniel.thompson@linaro.org Reviewed-by: Douglas Anderson commit f71fc3bc7b3279cb7d0ab78c1fcc78825779bb65 Author: Douglas Anderson Date: Thu May 7 13:08:47 2020 -0700 Documentation: kgdboc: Document new kgdboc_earlycon parameter The recent patch ("kgdboc: Add kgdboc_earlycon to support early kgdb using boot consoles") adds a new kernel command line parameter. Document it. Note that the patch adding the feature does some comparing/contrasting of "kgdboc_earlycon" vs. the existing "ekgdboc". See that patch for more details, but briefly "ekgdboc" can be used _instead_ of "kgdboc" and just makes "kgdboc" do its normal initialization early (only works if your tty driver is already ready). The new "kgdboc_earlycon" works in combination with "kgdboc" and is backed by boot consoles. Signed-off-by: Douglas Anderson Reviewed-by: Greg Kroah-Hartman Reviewed-by: Daniel Thompson Link: https://lore.kernel.org/r/20200507130644.v4.9.I7d5eb42c6180c831d47aef1af44d0b8be3fac559@changeid Signed-off-by: Daniel Thompson commit b1350132fef7e1f0ddfd5a985d516a6ed7a329fc Author: Douglas Anderson Date: Tue May 26 14:20:06 2020 -0700 kgdb: Don't call the deinit under spinlock When I combined kgdboc_earlycon with an inflight patch titled ("soc: qcom-geni-se: Add interconnect support to fix earlycon crash") [1] things went boom. Specifically I got a crash during the transition between kgdboc_earlycon and the main kgdboc that looked like this: Call trace: __schedule_bug+0x68/0x6c __schedule+0x75c/0x924 schedule+0x8c/0xbc schedule_timeout+0x9c/0xfc do_wait_for_common+0xd0/0x160 wait_for_completion_timeout+0x54/0x74 rpmh_write_batch+0x1fc/0x23c qcom_icc_bcm_voter_commit+0x1b4/0x388 qcom_icc_set+0x2c/0x3c apply_constraints+0x5c/0x98 icc_set_bw+0x204/0x3bc icc_put+0x30/0xf8 geni_remove_earlycon_icc_vote+0x6c/0x9c qcom_geni_serial_earlycon_exit+0x10/0x1c kgdboc_earlycon_deinit+0x38/0x58 kgdb_register_io_module+0x11c/0x194 configure_kgdboc+0x108/0x174 kgdboc_probe+0x38/0x60 platform_drv_probe+0x90/0xb0 really_probe+0x130/0x2fc ... The problem was that we were holding the "kgdb_registration_lock" while calling into code that didn't expect to be called in spinlock context. Let's slightly defer when we call the deinit code so that it's not done under spinlock. NOTE: this does mean that the "deinit" call of the old kgdb IO module is now made _after_ the init of the new IO module, but presumably that's OK. [1] https://lkml.kernel.org/r/1588919619-21355-3-git-send-email-akashast@codeaurora.org Fixes: 220995622da5 ("kgdboc: Add kgdboc_earlycon to support early kgdb using boot consoles") Signed-off-by: Douglas Anderson Link: https://lore.kernel.org/r/20200526142001.1.I523dc33f96589cb9956f5679976d402c8cda36fa@changeid [daniel.thompson@linaro.org: Resolved merge issues by hand] Signed-off-by: Daniel Thompson commit 1feb48baf2fb2aff02aa734c04a3ba5c3297d2de Author: Douglas Anderson Date: Tue May 19 08:44:02 2020 -0700 kgdboc: Disable all the early code when kgdboc is a module When kgdboc is compiled as a module all of the "ekgdboc" and "kgdb_earlycon" code isn't useful and, in fact, breaks compilation. This is because early_param() isn't defined for modules and that's how this code gets configured. It turns out that this was broken by commit eae3e19ca930 ("kgdboc: Remove useless #ifdef CONFIG_KGDB_SERIAL_CONSOLE in kgdboc") and then made worse by commit 220995622da5 ("kgdboc: Add kgdboc_earlycon to support early kgdb using boot consoles"). I guess the #ifdef wasn't so useless, even if it wasn't obvious why it was useful. When kgdboc was compiled as a module only "CONFIG_KGDB_SERIAL_CONSOLE_MODULE" was defined, not "CONFIG_KGDB_SERIAL_CONSOLE". That meant that the old module. Let's basically do the same thing that the old code (pre-removal of the #ifdef) did but use "IS_BUILTIN(CONFIG_KGDB_SERIAL_CONSOLE)" to make it more obvious what the point of the check is. We'll fix kgdboc_earlycon in a similar way. Fixes: 220995622da5 ("kgdboc: Add kgdboc_earlycon to support early kgdb using boot consoles") Fixes: eae3e19ca930 ("kgdboc: Remove useless #ifdef CONFIG_KGDB_SERIAL_CONSOLE in kgdboc") Reported-by: Stephen Rothwell Signed-off-by: Douglas Anderson Link: https://lore.kernel.org/r/20200519084345.1.I91670accc8a5ddabab227eb63bb4ad3e2e9d2b58@changeid Signed-off-by: Daniel Thompson commit 3e9b26dc2268cfbeef85bee095f883264c18425c Author: Tiezhu Yang Date: Tue Jun 2 12:15:04 2020 +0800 perf tools: Remove some duplicated includes There exists some duplicated includes in tools/perf, remove them. Signed-off-by: Tiezhu Yang Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Cc: xuefeng li Link: http://lore.kernel.org/lkml/1591071304-19338-2-git-send-email-yangtiezhu@loongson.cn Signed-off-by: Arnaldo Carvalho de Melo commit 0affd0e5262b6d40f5f63466d88933e99698e240 Author: Adrian Hunter Date: Tue Jun 2 14:25:05 2020 +0300 perf symbols: Fix kernel maps for kcore and eBPF Adjust 'map->pgoff' also when moving a map's start address. Example with v5.4.34 based kernel: Before: $ sudo tools/perf/perf record -a --kcore -e intel_pt//k sleep 1 [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 1.958 MB perf.data ] $ sudo tools/perf/perf script --itrace=e >/dev/null Warning: 961 instruction trace errors After: $ sudo tools/perf/perf script --itrace=e >/dev/null $ Committer testing: # uname -a Linux seventh 5.6.10-100.fc30.x86_64 #1 SMP Mon May 4 15:36:44 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux # Before: # perf record -a --kcore -e intel_pt//k sleep 1 [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.923 MB perf.data ] # perf script --itrace=e >/dev/null Warning: 295 instruction trace errors # After: # perf record -a --kcore -e intel_pt//k sleep 1 [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.919 MB perf.data ] # perf script --itrace=e >/dev/null # Fixes: fb5a88d4131a ("perf tools: Preserve eBPF maps when loading kcore") Signed-off-by: Adrian Hunter Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: stable@vger.kernel.org Link: http://lore.kernel.org/lkml/20200602112505.1406-1-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 3b1f47d6e7d3ce7116c5698accaf936b46c29e3b Author: Arnaldo Carvalho de Melo Date: Tue Jun 2 10:47:51 2020 -0300 tools arch x86: Sync the msr-index.h copy with the kernel sources To pick up the changes in: 5cde265384ca ("perf/x86/rapl: Add AMD Fam17h RAPL support") Addressing this tools/perf build warning: Warning: Kernel ABI header at 'tools/arch/x86/include/asm/msr-index.h' differs from latest version at 'arch/x86/include/asm/msr-index.h' diff -u tools/arch/x86/include/asm/msr-index.h arch/x86/include/asm/msr-index.h With this one will be able to use these new AMD MSRs in filters, by name, e.g.: # perf trace -e msr:* --filter="msr==AMD_PKG_ENERGY_STATUS || msr==AMD_RAPL_POWER_UNIT" Just like it is now possible with other MSRs: [root@five ~]# uname -a Linux five 5.5.17-200.fc31.x86_64 #1 SMP Mon Apr 13 15:29:42 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@five ~]# grep 'model name' -m1 /proc/cpuinfo model name : AMD Ryzen 5 3600X 6-Core Processor [root@five ~]# [root@five ~]# perf trace -e msr:*/max-stack=16/ --filter="msr==AMD_PERF_CTL" --max-events=2 0.000 kworker/1:1-ev/2327824 msr:write_msr(msr: AMD_PERF_CTL, val: 2) do_trace_write_msr ([kernel.kallsyms]) do_trace_write_msr ([kernel.kallsyms]) [0xffffffffc01d71c3] ([acpi_cpufreq]) [0] ([unknown]) __cpufreq_driver_target ([kernel.kallsyms]) od_dbs_update ([kernel.kallsyms]) dbs_work_handler ([kernel.kallsyms]) process_one_work ([kernel.kallsyms]) worker_thread ([kernel.kallsyms]) kthread ([kernel.kallsyms]) ret_from_fork ([kernel.kallsyms]) 8.597 kworker/2:2-ev/2338099 msr:write_msr(msr: AMD_PERF_CTL, val: 2) do_trace_write_msr ([kernel.kallsyms]) do_trace_write_msr ([kernel.kallsyms]) [0] ([unknown]) [0] ([unknown]) __cpufreq_driver_target ([kernel.kallsyms]) od_dbs_update ([kernel.kallsyms]) dbs_work_handler ([kernel.kallsyms]) process_one_work ([kernel.kallsyms]) worker_thread ([kernel.kallsyms]) kthread ([kernel.kallsyms]) ret_from_fork ([kernel.kallsyms]) [root@five ~]# Longer explanation with what happens in the perf build process, automatically after this is made in synch with the kernel sources: $ make -C tools/perf O=/tmp/build/perf install-bin Warning: Kernel ABI header at 'tools/arch/x86/include/asm/msr-index.h' differs from latest version at 'arch/x86/include/asm/msr-index.h' diff -u tools/arch/x86/include/asm/msr-index.h arch/x86/include/asm/msr-index.h make: Leaving directory '/home/acme/git/perf/tools/perf' $ $ tools/perf/trace/beauty/tracepoints/x86_msr.sh > before $ $ diff -u tools/arch/x86/include/asm/msr-index.h arch/x86/include/asm/msr-index.h --- tools/arch/x86/include/asm/msr-index.h 2020-06-02 10:46:36.217782288 -0300 +++ arch/x86/include/asm/msr-index.h 2020-05-28 10:41:23.313794627 -0300 @@ -301,6 +301,9 @@ #define MSR_PP1_ENERGY_STATUS 0x00000641 #define MSR_PP1_POLICY 0x00000642 +#define MSR_AMD_PKG_ENERGY_STATUS 0xc001029b +#define MSR_AMD_RAPL_POWER_UNIT 0xc0010299 + /* Config TDP MSRs */ #define MSR_CONFIG_TDP_NOMINAL 0x00000648 #define MSR_CONFIG_TDP_LEVEL_1 0x00000649 $ cp arch/x86/include/asm/msr-index.h tools/arch/x86/include/asm/msr-index.h $ $ make -C tools/perf O=/tmp/build/perf install-bin CC /tmp/build/perf/trace/beauty/tracepoints/x86_msr.o LD /tmp/build/perf/trace/beauty/tracepoints/perf-in.o LD /tmp/build/perf/trace/beauty/perf-in.o LD /tmp/build/perf/perf-in.o LINK /tmp/build/perf/perf make: Leaving directory '/home/acme/git/perf/tools/perf' $ $ tools/perf/trace/beauty/tracepoints/x86_msr.sh > after $ diff -u before after --- before 2020-06-02 10:47:08.486334348 -0300 +++ after 2020-06-02 10:47:33.075008948 -0300 @@ -286,6 +286,8 @@ [0xc0010240 - x86_AMD_V_KVM_MSRs_offset] = "F15H_NB_PERF_CTL", [0xc0010241 - x86_AMD_V_KVM_MSRs_offset] = "F15H_NB_PERF_CTR", [0xc0010280 - x86_AMD_V_KVM_MSRs_offset] = "F15H_PTSC", + [0xc0010299 - x86_AMD_V_KVM_MSRs_offset] = "AMD_RAPL_POWER_UNIT", + [0xc001029b - x86_AMD_V_KVM_MSRs_offset] = "AMD_PKG_ENERGY_STATUS", [0xc00102f0 - x86_AMD_V_KVM_MSRs_offset] = "AMD_PPIN_CTL", [0xc00102f1 - x86_AMD_V_KVM_MSRs_offset] = "AMD_PPIN", }; $ Cc: Adrian Hunter Cc: David Ahern Cc: Ingo Molnar Cc: Jiri Olsa Cc: Namhyung Kim Cc: Stephane Eranian Cc: Wang Nan Signed-off-by: Arnaldo Carvalho de Melo commit d741cb045cb5552d9e636e7e447f237d3b1667ad Author: Thierry Reding Date: Tue Jun 2 14:29:01 2020 +0200 MAINTAINERS: Add Lee Jones as reviewer for the PWM subsystem Lee has kindly offered his help in sharing the patch review workload for the PWM subsystem. If this works out well between Lee, Uwe and myself it may be a good idea to maintain the subsystem as a group. Acked-by: Lee Jones Signed-off-by: Thierry Reding commit aef1a3799b5cb3ba4841f6034497b179646ccc70 Author: Uwe Kleine-König Date: Thu Apr 16 10:02:45 2020 +0200 pwm: imx27: Fix rounding behavior To not trigger the warnings provided by CONFIG_PWM_DEBUG - use up-rounding in .get_state() - don't divide by the result of a division - don't use the rounded counter value for the period length to calculate the counter value for the duty cycle Signed-off-by: Uwe Kleine-König Signed-off-by: Thierry Reding commit cad0f2960675261584c14e8f0026cd67c60f4864 Author: Rasmus Villemoes Date: Thu Sep 19 11:17:27 2019 +0200 pwm: rockchip: Simplify rockchip_pwm_get_state() The way state->enabled is computed is rather convoluted and hard to read - both branches of the if() actually do the exact same thing. So remove the if(), and further simplify " ? true : false" to "". Signed-off-by: Rasmus Villemoes Signed-off-by: Thierry Reding commit ca162ce98110b98e7d97b7157328d34dcfdd40a9 Author: Navid Emamdoost Date: Mon Jun 1 02:11:16 2020 -0500 pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case Even in failed case of pm_runtime_get_sync(), the usage_count is incremented. In order to keep the usage_count with correct value call appropriate pm_runtime_put(). Signed-off-by: Navid Emamdoost Signed-off-by: Thierry Reding commit f8665d797b1ce9bd81f7ed7744ef3a18d6b186ea Merge: 62b6e899a0ad cb7ee52284a2 Author: Joonas Lahtinen Date: Tue Jun 2 16:45:05 2020 +0300 Merge tag 'gvt-next-fixes-2020-05-28' of https://github.com/intel/gvt-linux into drm-intel-next-fixes gvt-next-fixes-2020-05-28 - Fix one clang warning on debug only function (Nathan) - Use ARRAY_SIZE for coccicheck warn (Aishwarya) Signed-off-by: Joonas Lahtinen From: Zhenyu Wang Link: https://patchwork.freedesktop.org/patch/msgid/20200528033559.GG23961@zhen-hp.sh.intel.com commit a9a1790247bdcf3b1c8e2e5f8fbfc08d77cfd054 Author: Jiri Olsa Date: Tue Jun 2 12:17:36 2020 +0200 perf stat: Ensure group is defined on top of the same cpu mask Jin Yao reported the issue (and posted first versions of this change) with groups being defined over events with different cpu mask. This causes assert aborts in get_group_fd, like: # perf stat -M "C2_Pkg_Residency" -a -- sleep 1 perf: util/evsel.c:1464: get_group_fd: Assertion `!(fd == -1)' failed. Aborted All the events in the group have to be defined over the same cpus so the group_fd can be found for every leader/member pair. Adding check to ensure this condition is met and removing the group (with warning) if we detect mixed cpus, like: $ sudo perf stat -e '{power/energy-cores/,cycles},{instructions,power/energy-cores/}' WARNING: event cpu maps do not match, disabling group: anon group { power/energy-cores/, cycles } anon group { instructions, power/energy-cores/ } Ian asked also for cpu maps details, it's displayed in verbose mode: $ sudo perf stat -e '{cycles,power/energy-cores/}' -v WARNING: group events cpu maps do not match, disabling group: anon group { power/energy-cores/, cycles } power/energy-cores/: 0 cycles: 0-7 anon group { instructions, power/energy-cores/ } instructions: 0-7 power/energy-cores/: 0 Committer testing: [root@seventh ~]# perf stat -e '{power/energy-cores/,cycles},{instructions,power/energy-cores/}' WARNING: grouped events cpus do not match, disabling group: anon group { power/energy-cores/, cycles } anon group { instructions, power/energy-cores/ } ^C Performance counter stats for 'system wide': 12.62 Joules power/energy-cores/ 106,920,637 cycles 80,228,899 instructions # 0.75 insn per cycle 12.62 Joules power/energy-cores/ 14.514476987 seconds time elapsed [root@seventh ~]# But if we put compatible events in each group it works: [root@seventh ~]# perf stat -e '{power/energy-cores/,power/energy-ram/},{instructions,cycles}' -a sleep 2 Performance counter stats for 'system wide': 1.95 Joules power/energy-cores/ 0.92 Joules power/energy-ram/ 29,305,715 instructions # 1.03 insn per cycle 28,423,338 cycles 2.001438142 seconds time elapsed [root@seventh ~]# This needs improvement tho: [root@seventh ~]# perf stat -e '{power/energy-cores/,power/energy-ram/},{instructions,cycles}' sleep 2 Error: The sys_perf_event_open() syscall returned with 22 (Invalid argument) for event (power/energy-cores/). /bin/dmesg | grep -i perf may provide additional information. [root@seventh ~]# We need to emit a better message, one stating that the power/ events can't be used for a specific workload, instead it is per-cpu or system wide. Fixes: 6a4bb04caacc8 ("perf tools: Enable grouping logic for parsed events") Co-developed-by: Jin Yao Signed-off-by: Jiri Olsa Acked-by: Ian Rogers Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: Andi Kleen Cc: Jiri Olsa Cc: Michael Petlan Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Stephane Eranian Link: http://lore.kernel.org/lkml/20200602101736.GE1112120@krava Signed-off-by: Jin Yao Signed-off-by: Arnaldo Carvalho de Melo commit 62b6e899a0ad4863b2e799f3c10a77116e3cfadc Author: Jani Nikula Date: Tue Jun 2 00:55:09 2020 +0300 drm/i915/params: fix i915.fake_lmem_start module param sysfs permissions fake_lmem_start does not need to be mutable via module param sysfs. It's only used during driver probe. Fixes: 1629224324b6 ("drm/i915/lmem: add the fake lmem region") Cc: Matthew Auld Cc: Joonas Lahtinen Cc: Chris Wilson Reviewed-by: Rodrigo Vivi Signed-off-by: Jani Nikula Link: https://patchwork.freedesktop.org/patch/msgid/20200601215510.18379-2-jani.nikula@intel.com (cherry picked from commit f322e851f20e534cf5305332a9ad5eefadb55d56) Signed-off-by: Joonas Lahtinen commit ea2b383ded0f84f310fe330eb43d758f2807e728 Author: Jani Nikula Date: Tue Jun 2 00:55:08 2020 +0300 drm/i915/params: don't expose inject_probe_failure in debugfs The parameter only makes sense as a module parameter only. Fixes: c43c5a8818d4 ("drm/i915/params: add i915 parameters to debugfs") Cc: Juha-Pekka Heikkilä Cc: Venkata Sandeep Dhanalakota Reviewed-by: Juha-Pekka Heikkila Signed-off-by: Jani Nikula Link: https://patchwork.freedesktop.org/patch/msgid/20200601215510.18379-1-jani.nikula@intel.com (cherry picked from commit dbf4081ffb68c0d9b518a34c715a8d8681658411) Signed-off-by: Joonas Lahtinen commit 273500ae71711c040d258a7b3f4b6f44c368fff2 Author: Chris Wilson Date: Mon Jun 1 17:19:42 2020 +0100 drm/i915: Whitelist context-local timestamp in the gen9 cmdparser Allow batch buffers to read their own _local_ cumulative HW runtime of their logical context. Fixes: 0f2f39758341 ("drm/i915: Add gen9 BCS cmdparsing") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: # v5.4+ Reviewed-by: Mika Kuoppala Link: https://patchwork.freedesktop.org/patch/msgid/20200601161942.30854-1-chris@chris-wilson.co.uk (cherry picked from commit f9496520df11de00fbafc3cbd693b9570d600ab3) Signed-off-by: Joonas Lahtinen commit 882f38b7f6c406e7229e72ee4328b7f1d5938ae7 Author: Ville Syrjälä Date: Wed May 27 23:02:45 2020 +0300 drm/i915: Fix global state use-after-frees with a refcount While the current locking/serialization of the global state suffices for protecting the obj->state access and the actual hardware reprogramming, we do have a problem with accessing the old/new states during nonblocking commits. The state computation and swap will be protected by the crtc locks, but the commit_tails can finish out of order, thus also causing the atomic states to be cleaned up out of order. This would mean the commit that started first but finished last has had its new state freed as the no-longer-needed old state by the other commit. To fix this let's just refcount the states. obj->state amounts to one reference, and the intel_atomic_state holds extra references to both its new and old global obj states. Fixes: 0ef1905ecf2e ("drm/i915: Introduce better global state handling") Signed-off-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20200527200245.13184-1-ville.syrjala@linux.intel.com Reviewed-by: Stanislav Lisovskiy (cherry picked from commit f8c86ffa2800adc80adc679c84c45e0c6b027374) Signed-off-by: Joonas Lahtinen commit 1d7796bdb63a63c9cc8087ffc6daeb36a7c005e1 Author: Sandipan Patra Date: Mon Jun 1 10:50:36 2020 +0530 pwm: tegra: Support dynamic clock frequency configuration Added support for dynamic clock freq configuration in PWM kernel driver. Earlier the PWM driver used to cache boot time clock rate by PWM clock parent during probe. Hence dynamically changing PWM frequency was not possible for all the possible ranges. With this change, dynamic calculation is enabled and it is able to set the requested period from sysfs knob provided the value is supported by clock source. Changes mainly have 2 parts: - Tegra186 and later chips [1] - Tegra210 and prior chips [2] For [1] - Changes implemented to set pwm period dynamically and also checks added to allow only if requested period(ns) is below or equals to higher range. For [2] - Only checks if the requested period(ns) is below or equals to higher range defined by max clock limit. The limitation in Tegra210 or prior chips are due to the reason of having only one PWM controller supporting multiple channels. But later chips have multiple PWM controller instances each having single channel support. Signed-off-by: Sandipan Patra Reviewed-by: Jon Hunter Signed-off-by: Thierry Reding commit 74db728c0b4c7c0781d439afa6ebc43c76a1f952 Author: Paul Cercueil Date: Wed May 27 13:52:25 2020 +0200 pwm: jz4740: Add support for the JZ4725B The PWM hardware in the JZ4725B works the same as in the JZ4740, but has only six channels available. Signed-off-by: Paul Cercueil Signed-off-by: Thierry Reding commit a020f22a4ff555386f136eb951e16e4cff709e01 Author: Paul Cercueil Date: Wed May 27 13:52:24 2020 +0200 pwm: jz4740: Make PWM start with the active part The PWM in Ingenic SoCs starts in inactive state until the internal timer reaches the duty value, then becomes active until the timer reaches the period value. In theory, we should then use (period - duty) as the real duty value, as a high duty value would otherwise result in the PWM pin being inactive most of the time. This is the reason why the duty value was inverted in the driver until now, but it still had the problem that it would not start with the active part. To address this remaining issue, the common trick is to invert the duty, and invert the polarity when the PWM is enabled. Since the duty was already inverted, and we invert it again, we now program the hardware for the requested duty, and simply invert the polarity when the PWM is enabled. Signed-off-by: Paul Cercueil Signed-off-by: Thierry Reding commit 9017dc4fbd59c09463019ce494cfe36d654495a8 Author: Paul Cercueil Date: Wed May 27 13:52:23 2020 +0200 pwm: jz4740: Enhance precision in calculation of duty cycle Calculating the hardware value for the duty from the hardware value of the period resulted in a precision loss versus calculating it from the clock rate directly. (Also remove a cast that doesn't really need to be here) Fixes: f6b8a5700057 ("pwm: Add Ingenic JZ4740 support") Cc: Suggested-by: Uwe Kleine-König Reviewed-by: Uwe Kleine-König Signed-off-by: Paul Cercueil Signed-off-by: Thierry Reding commit b48d49e0d53a15a82545ae68db54e8abe99a840a Author: Paul Cercueil Date: Wed May 27 13:52:22 2020 +0200 pwm: jz4740: Drop dependency on MACH_INGENIC Depending on MACH_INGENIC prevent us from creating a generic kernel that works on more than one MIPS board. Instead, we just depend on MIPS being set. Acked-by: Uwe Kleine-König Signed-off-by: Paul Cercueil Signed-off-by: Thierry Reding commit 01aa905d4791da7d3630f6030ff99d58105cca00 Author: Hans de Goede Date: Tue May 12 13:00:44 2020 +0200 pwm: lpss: Fix get_state runtime-pm reference handling Before commit cfc4c189bc70 ("pwm: Read initial hardware state at request time"), a driver's get_state callback would get called once per PWM from pwmchip_add(). pwm-lpss' runtime-pm code was relying on this, getting a runtime-pm ref for PWMs which are enabled at probe time from within its get_state callback, before enabling runtime-pm. The change to calling get_state at request time causes a number of problems: 1. PWMs enabled at probe time may get runtime suspended before they are requested, causing e.g. a LCD backlight controlled by the PWM to turn off. 2. When the request happens when the PWM has been runtime suspended, the ctrl register will read all 1 / 0xffffffff, causing get_state to store bogus values in the pwm_state. 3. get_state was using an async pm_runtime_get() call, because it assumed that runtime-pm has not been enabled yet. If shortly after the request an apply call is made, then the pwm_lpss_is_updating() check may trigger because the resume triggered by the pm_runtime_get() call is not complete yet, so the ctrl register still reads all 1 / 0xffffffff. This commit fixes these issues by moving the initial pm_runtime_get() call for PWMs which are enabled at probe time to the pwm_lpss_probe() function; and by making get_state take a runtime-pm ref before reading the ctrl reg. BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1828927 Fixes: cfc4c189bc70 ("pwm: Read initial hardware state at request time") Cc: stable@vger.kernel.org Signed-off-by: Hans de Goede Reviewed-by: Andy Shevchenko Signed-off-by: Thierry Reding commit 4336b9337824a60a0b10013c622caeee99460db5 Author: Oliver O'Halloran Date: Tue Apr 21 18:15:39 2020 +1000 powerpc/pseries: Make vio and ibmebus initcalls pseries specific The vio and ibmebus buses are used for pseries specific paravirtualised devices and currently they're initialised by the generic initcall types. This is mostly fine, but it can result in some nuisance errors in dmesg when booting on PowerNV on some OSes, e.g. [ 2.984439] synth uevent: /devices/vio: failed to send uevent [ 2.984442] vio vio: uevent: failed to send synthetic uevent [ 17.968551] synth uevent: /devices/vio: failed to send uevent [ 17.968554] vio vio: uevent: failed to send synthetic uevent We don't see anything similar for the ibmebus because that depends on !CONFIG_LITTLE_ENDIAN. This patch squashes those by switching to using machine_*_initcall() so the bus type is only registered when the kernel is running on a pseries machine. Signed-off-by: Oliver O'Halloran Reviewed-by: Tyrel Datwyler Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200421081539.7485-1-oohall@gmail.com commit 856c45d8c1a733e10ad82be817202eb32ea4e570 Author: Peter Vasil Date: Tue Apr 28 18:41:50 2020 +0200 pwm: sun4i: Support direct clock output on Allwinner A64 Allwinner A64 is capable of a direct clock output on PWM (see A64 User Manual chapter 3.10). Add support for this in the sun4i PWM driver. Signed-off-by: Peter Vasil Acked-by: Maxime Ripard Acked-by: Uwe Kleine-König Signed-off-by: Thierry Reding commit 4296151d231eeee78514bf7f495c46683785255d Author: Eric Farman Date: Tue May 5 14:27:42 2020 +0200 vfio-ccw: Refactor IRQ handlers To simplify future expansion. Signed-off-by: Eric Farman Reviewed-by: Cornelia Huck Message-Id: <20200505122745.53208-6-farman@linux.ibm.com> Signed-off-by: Cornelia Huck commit 24c986748ba670c903a9d6a11ee96de2b3f5f1b8 Author: Farhan Ali Date: Tue May 5 14:27:41 2020 +0200 vfio-ccw: Introduce a new schib region The schib region can be used by userspace to get the subchannel- information block (SCHIB) for the passthrough subchannel. This can be useful to get information such as channel path information via the SCHIB.PMCW fields. Signed-off-by: Farhan Ali Signed-off-by: Eric Farman Reviewed-by: Cornelia Huck Message-Id: <20200505122745.53208-5-farman@linux.ibm.com> Signed-off-by: Cornelia Huck commit 600279b52659c8211c6625fb2c9cd8bf8de15061 Author: Eric Farman Date: Tue May 5 14:27:40 2020 +0200 vfio-ccw: Refactor the unregister of the async regions This is mostly for the purposes of a later patch, since we'll need to do the same thing later. While we are at it, move the resulting function call to ahead of the unregistering of the IOMMU notifier, so that it's done in the reverse order of how it was created. Signed-off-by: Eric Farman Reviewed-by: Cornelia Huck Message-Id: <20200505122745.53208-4-farman@linux.ibm.com> Signed-off-by: Cornelia Huck commit b7701dfbf98327f34966a68c2532730353245d7b Author: Farhan Ali Date: Tue May 5 14:27:39 2020 +0200 vfio-ccw: Register a chp_event callback for vfio-ccw Register the chp_event callback to receive channel path related events for the subchannels managed by vfio-ccw. Signed-off-by: Farhan Ali Signed-off-by: Eric Farman Reviewed-by: Cornelia Huck Message-Id: <20200505122745.53208-3-farman@linux.ibm.com> Signed-off-by: Cornelia Huck commit 9a44ce6c9b69e15c87c87ef1f1a6972837cff3db Author: Farhan Ali Date: Tue May 5 14:27:38 2020 +0200 vfio-ccw: Introduce new helper functions to free/destroy regions Consolidate some of the cleanup code for the regions, so that as more are added we reduce code duplication. Signed-off-by: Farhan Ali Signed-off-by: Eric Farman Reviewed-by: Cornelia Huck Message-Id: <20200505122745.53208-2-farman@linux.ibm.com> Signed-off-by: Cornelia Huck commit 430220b0bbcbaaaa03718111ff541ee8cd97c781 Author: Cornelia Huck Date: Tue Apr 7 13:16:05 2020 +0200 vfio-ccw: document possible errors Interacting with the I/O and the async regions can yield a number of errors, which had been undocumented so far. These are part of the api, so remedy that. Signed-off-by: Cornelia Huck Reviewed-by: Eric Farman Message-Id: <20200407111605.1795-1-cohuck@redhat.com> commit 725b94d74128cd208bfdd446ad6b5f4b38cf5395 Author: Jared Rossi Date: Wed May 6 17:24:40 2020 -0400 vfio-ccw: Enable transparent CCW IPL from DASD Remove the explicit prefetch check when using vfio-ccw devices. This check does not trigger in practice as all Linux channel programs are intended to use prefetch. It is expected that all ORBs issued by Linux will request prefetch. Although non-prefetching ORBs are not rejected, they will prefetch nonetheless. A warning is issued up to once per 5 seconds when a forced prefetch occurs. A non-prefetch ORB does not necessarily result in an error, however frequent encounters with non-prefetch ORBs indicate that channel programs are being executed in a way that is inconsistent with what the guest is requesting. While there is currently no known case of an error caused by forced prefetch, it is possible in theory that forced prefetch could result in an error if applied to a channel program that is dependent on non-prefetch. Signed-off-by: Jared Rossi Reviewed-by: Eric Farman Message-Id: <20200506212440.31323-2-jrossi@linux.ibm.com> Signed-off-by: Cornelia Huck commit f44b85da5e7450d0308695ba6f503d75fe6cc166 Author: Andrew Donnellan Date: Tue Jun 2 14:03:41 2020 +1000 cxl: Remove dead Kconfig options The CXL_AFU_DRIVER_OPS and CXL_LIB Kconfig options were added to coordinate merging of new features. They no longer serve any purpose, so remove them. Signed-off-by: Andrew Donnellan Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200602040341.10152-1-ajd@linux.ibm.com commit a3ea40d5c7365e7e5c7c85b6f30b15142b397571 Author: Alistair Popple Date: Thu May 21 11:43:41 2020 +1000 powerpc: Add POWER10 architected mode PVR value of 0x0F000006 means we are arch v3.1 compliant (i.e. POWER10). This is used by phyp and kvm when booting as a pseries guest to detect the presence of new P10 features and to enable the appropriate hwcap and facility bits. Signed-off-by: Alistair Popple Signed-off-by: Cédric Le Goater [mpe: Fall through to __init_FSCR rather than duplicating it, drop hack to set current->thread.fscr now that is handled elsewhere.] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200521014341.29095-8-alistair@popple.id.au commit 87939d50e5888bd78478d9aa9455f56b919df658 Author: Alistair Popple Date: Thu May 21 11:43:40 2020 +1000 powerpc/dt_cpu_ftrs: Add MMA feature Matrix multiple assist (MMA) is a new feature added to ISAv3.1 and POWER10. Support on powernv can be selected via a firmware CPU device tree feature which enables it via a PCR bit. Signed-off-by: Alistair Popple Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200521014341.29095-7-alistair@popple.id.au commit c63d688c3dabca973c5a7da73d17422ad13f3737 Author: Alistair Popple Date: Thu May 21 11:43:39 2020 +1000 powerpc/dt_cpu_ftrs: Enable Prefixed Instructions Prefix instructions have their own FSCR bit which needs to be enabled via a CPU feature. The kernel will save the FSCR for problem state but it needs to be enabled initially. Signed-off-by: Alistair Popple Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200521014341.29095-6-alistair@popple.id.au commit 43d0d37acbe40a9a93d9891ca670638cd22116b1 Author: Alistair Popple Date: Thu May 21 11:43:37 2020 +1000 powerpc/dt_cpu_ftrs: Advertise support for ISA v3.1 if selected On powernv hardware support for ISAv3.1 is advertised via a cpu feature bit in the device tree. This patch enables the associated HWCAP bit if the device tree indicates ISAv3.1 is available. Signed-off-by: Alistair Popple Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200521014341.29095-4-alistair@popple.id.au commit 3fd5836ee801ab9ac5b314c26550e209bafa5eaa Author: Alistair Popple Date: Thu May 21 11:43:36 2020 +1000 powerpc: Add support for ISA v3.1 Newer ISA versions are enabled by clearing all bits in the PCR associated with previous versions of the ISA. Enable ISA v3.1 support by updating the PCR mask to include ISA v3.0. This ensures all PCR bits corresponding to earlier architecture versions get cleared thereby enabling ISA v3.1 if supported by the hardware. Signed-off-by: Alistair Popple Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200521014341.29095-3-alistair@popple.id.au commit ee988c11acf6f9464b7b44e9a091bf6afb3b3a49 Author: Alistair Popple Date: Thu May 21 11:43:35 2020 +1000 powerpc: Add new HWCAP bits POWER10 introduces two new architectural features - ISAv3.1 and matrix multiply assist (MMA) instructions. Userspace detects the presence of these features via two HWCAP bits introduced in this patch. These bits have been agreed to by the compiler and binutils team. According to ISAv3.1 MMA is an optional feature and software that makes use of it should first check for availability via this HWCAP bit and use alternate code paths if unavailable. Signed-off-by: Alistair Popple Tested-by: Michael Neuling Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200521014341.29095-2-alistair@popple.id.au commit c887ef5707591e84f80271e95e99ff9fb38987b5 Author: Michael Ellerman Date: Thu May 28 00:58:43 2020 +1000 powerpc/64s: Don't set FSCR bits in INIT_THREAD Since the previous commit that saves the value of FSCR configured at boot into init_task.thread.fscr, the static initialisation in INIT_THREAD now no longer has any effect. So remove it. For non DT CPU features, the end result is the same, because __init_FSCR() is called on all CPUs that have an FSCR (Power8, Power9), and it sets FSCR_TAR & FSCR_EBB. Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200527145843.2761782-4-mpe@ellerman.id.au commit 912c0a7f2b5daa3cbb2bc10f303981e493de73bd Author: Michael Ellerman Date: Thu May 28 00:58:42 2020 +1000 powerpc/64s: Save FSCR to init_task.thread.fscr after feature init At boot the FSCR is initialised via one of two paths. On most systems it's set to a hard coded value in __init_FSCR(). On newer skiboot systems we use the device tree CPU features binding, where firmware can tell Linux what bits to set in FSCR (and HFSCR). In both cases the value that's configured at boot is not propagated into the init_task.thread.fscr value prior to the initial fork of init (pid 1), which means the value is not used by any processes other than swapper (the idle task). For the __init_FSCR() case this is OK, because the value in init_task.thread.fscr is initialised to something sensible. However it does mean that the value set in __init_FSCR() is not used other than for swapper, which is odd and confusing. The bigger problem is for the device tree CPU features case it prevents firmware from setting (or clearing) FSCR bits for use by user space. This means all existing kernels can not have features enabled/disabled by firmware if those features require setting/clearing FSCR bits. We can handle both cases by saving the FSCR value into init_task.thread.fscr after we have initialised it at boot. This fixes the bug for device tree CPU features, and will allow us to simplify the initialisation for the __init_FSCR() case in a future patch. Fixes: 5a61ef74f269 ("powerpc/64s: Support new device tree binding for discovering CPU features") Cc: stable@vger.kernel.org # v4.12+ Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200527145843.2761782-3-mpe@ellerman.id.au commit 993e3d96fd08c3ebf7566e43be9b8cd622063e6d Author: Michael Ellerman Date: Thu May 28 00:58:41 2020 +1000 powerpc/64s: Don't let DT CPU features set FSCR_DSCR The device tree CPU features binding includes FSCR bit numbers which Linux is instructed to set by firmware. Whether that's a good idea or not, in the case of the DSCR the Linux implementation has a hard requirement that the FSCR_DSCR bit not be set by default. We use it to track when a process reads/writes to DSCR, so it must be clear to begin with. So if firmware tells us to set FSCR_DSCR we must ignore it. Currently this does not cause a bug in our DSCR handling because the value of FSCR that the device tree CPU features code establishes is only used by swapper. All other tasks use the value hard coded in init_task.thread.fscr. However we'd like to fix that in a future commit, at which point this will become necessary. Fixes: 5a61ef74f269 ("powerpc/64s: Support new device tree binding for discovering CPU features") Cc: stable@vger.kernel.org # v4.12+ Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200527145843.2761782-2-mpe@ellerman.id.au commit 0828137e8f16721842468e33df0460044a0c588b Author: Michael Ellerman Date: Thu May 28 00:58:40 2020 +1000 powerpc/64s: Don't init FSCR_DSCR in __init_FSCR() __init_FSCR() was added originally in commit 2468dcf641e4 ("powerpc: Add support for context switching the TAR register") (Feb 2013), and only set FSCR_TAR. At that point FSCR (Facility Status and Control Register) was not context switched, so the setting was permanent after boot. Later we added initialisation of FSCR_DSCR to __init_FSCR(), in commit 54c9b2253d34 ("powerpc: Set DSCR bit in FSCR setup") (Mar 2013), again that was permanent after boot. Then commit 2517617e0de6 ("powerpc: Fix context switch DSCR on POWER8") (Aug 2013) added a limited context switch of FSCR, just the FSCR_DSCR bit was context switched based on thread.dscr_inherit. That commit said "This clears the H/FSCR DSCR bit initially", but it didn't, it left the initialisation of FSCR_DSCR in __init_FSCR(). However the initial context switch from init_task to pid 1 would clear FSCR_DSCR because thread.dscr_inherit was 0. That commit also introduced the requirement that FSCR_DSCR be clear for user processes, so that we can take the facility unavailable interrupt in order to manage dscr_inherit. Then in commit 152d523e6307 ("powerpc: Create context switch helpers save_sprs() and restore_sprs()") (Dec 2015) FSCR was added to thread_struct. However it still wasn't fully context switched, we just took the existing value and set FSCR_DSCR if the new thread had dscr_inherit set. FSCR was still initialised at boot to FSCR_DSCR | FSCR_TAR, but that value was not propagated into the thread_struct, so the initial context switch set FSCR_DSCR back to 0. Finally commit b57bd2de8c6c ("powerpc: Improve FSCR init and context switching") (Jun 2016) added a full context switch of the FSCR, and added an initialisation of init_task.thread.fscr to FSCR_TAR | FSCR_EBB, but omitted FSCR_DSCR. The end result is that swapper runs with FSCR_DSCR set because of the initialisation in __init_FSCR(), but no other processes do, they use the value from init_task.thread.fscr. Having FSCR_DSCR set for swapper allows it to access SPR 3 from userspace, but swapper never runs userspace, so it has no useful effect. It's also confusing to have the value initialised in two places to two different values. So remove FSCR_DSCR from __init_FSCR(), this at least gets us to the point where there's a single value of FSCR, even if it's still set in two places. Signed-off-by: Michael Ellerman Tested-by: Alistair Popple Link: https://lore.kernel.org/r/20200527145843.2761782-1-mpe@ellerman.id.au commit 74016701fe5f873ae23bf02835407227138d874d Author: Christophe Leroy Date: Sat May 30 17:16:33 2020 +0000 powerpc/32s: Fix another build failure with CONFIG_PPC_KUAP_DEBUG 'thread' doesn't exist in kuap_check() macro. Use 'current' instead. Fixes: a68c31fc01ef ("powerpc/32s: Implement Kernel Userspace Access Protection") Cc: stable@vger.kernel.org Reported-by: kbuild test robot Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/b459e1600b969047a74e34251a84a3d6fdf1f312.1590858925.git.christophe.leroy@csgroup.eu commit bd55e792de0844631d34487d43eaf3f13294ebfe Author: Naveen N. Rao Date: Tue Apr 21 23:05:45 2020 +0530 powerpc/module_64: Use special stub for _mcount() with -mprofile-kernel Since commit c55d7b5e64265f ("powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE"), powerpc kernels with -mprofile-kernel can crash in certain scenarios with a trace like below: BUG: Unable to handle kernel instruction fetch (NULL pointer?) Faulting instruction address: 0x00000000 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=256 DEBUG_PAGEALLOC NUMA PowerNV NIP [0000000000000000] 0x0 LR [c0080000102c0048] ext4_iomap_end+0x8/0x30 [ext4] Call Trace: iomap_apply+0x20c/0x920 (unreliable) iomap_bmap+0xfc/0x160 ext4_bmap+0xa4/0x180 [ext4] bmap+0x4c/0x80 jbd2_journal_init_inode+0x44/0x1a0 [jbd2] ext4_load_journal+0x440/0x860 [ext4] ext4_fill_super+0x342c/0x3ab0 [ext4] mount_bdev+0x25c/0x290 ext4_mount+0x28/0x50 [ext4] legacy_get_tree+0x4c/0xb0 vfs_get_tree+0x4c/0x130 do_mount+0xa18/0xc50 sys_mount+0x158/0x180 system_call+0x5c/0x68 The NIP points to NULL, or a random location (data even), while the LR always points to the LEP of a function (with an offset of 8), indicating that something went wrong with ftrace. However, ftrace is not necessarily active when such crashes occur. The kernel OOPS sometimes follows a warning from ftrace indicating that some module functions could not be patched with a nop. Other times, if a module is loaded early during boot, instruction patching can fail due to a separate bug, but the error is not reported due to missing error reporting. In all the above cases when instruction patching fails, ftrace will be disabled but certain kernel module functions will be left with default calls to _mcount(). This is not a problem with ELFv1. However, with -mprofile-kernel, the default stub is problematic since it depends on a valid module TOC in r2. If the kernel (or a different module) calls into a function that does not use the TOC, the function won't have a prologue to setup the module TOC. When that function calls into _mcount(), we will end up in the relocation stub that will use the previous TOC, and end up trying to jump into a random location. From the above trace: iomap_apply+0x20c/0x920 [kernel TOC] | V ext4_iomap_end+0x8/0x30 [no GEP == kernel TOC] | V _mcount() stub [uses kernel TOC -> random entry] To address this, let's change over to using the special stub that is used for ftrace_[regs_]caller() for _mcount(). This ensures that we are not dependent on a valid module TOC in r2 for default _mcount() handling. Reported-by: Qian Cai Signed-off-by: Naveen N. Rao Tested-by: Qian Cai Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/8affd4298d22099bbd82544fab8185700a6222b1.1587488954.git.naveen.n.rao@linux.vnet.ibm.com commit 1f2aaed2db03150428dbcd2ddee02ae6cb4bac52 Author: Naveen N. Rao Date: Tue Apr 21 23:05:44 2020 +0530 powerpc/module_64: Simplify check for -mprofile-kernel ftrace relocations For -mprofile-kernel, we need special handling when generating stubs for ftrace calls such as _mcount(). To faciliate this, we check if a R_PPC64_REL24 relocation is for a symbol named "_mcount()" along with also checking the instruction sequence. The latter is not really required since "_mcount()" is an exported symbol and kernel modules cannot use it. As such, drop the additional checking and simplify the code. This helps unify stub creation for ftrace stubs with -mprofile-kernel and aids in code reuse. Also rename is_mprofile_mcount_callsite() to is_mprofile_ftrace_call() to reflect the checking being done. Signed-off-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/7d9c316adfa1fb787ad268bb4691e7e4059ff2d5.1587488954.git.naveen.n.rao@linux.vnet.ibm.com commit 03b51416e876aea5e7638947e50831b6c988c246 Author: Naveen N. Rao Date: Tue Apr 21 23:05:43 2020 +0530 powerpc/module_64: Consolidate ftrace code module_trampoline_target() is only used by ftrace. Move the prototype within the appropriate #ifdef in the header. Also, move the function body to the end of module_64.c so as to consolidate all ftrace code in one place. No functional changes. Signed-off-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/2527351f65c53c5866068ae130dc34c5d4ee8ad9.1587488954.git.naveen.n.rao@linux.vnet.ibm.com commit 888468ce725a4cd56d72dc7e5096078f7a9251a0 Author: Christophe Leroy Date: Thu May 28 10:17:04 2020 +0000 powerpc/32: Disable KASAN with pages bigger than 16k Mapping of early shadow area is implemented by using a single static page table having all entries pointing to the same early shadow page. The shadow area must therefore occupy full PGD entries. The shadow area has a size of 128MB starting at 0xf8000000. With 4k pages, a PGD entry is 4MB With 16k pages, a PGD entry is 64MB With 64k pages, a PGD entry is 1GB which is too big. Until we rework the early shadow mapping, disable KASAN when the page size is too big. Fixes: 2edb16efc899 ("powerpc/32: Add KASAN support") Cc: stable@vger.kernel.org # v5.2+ Reported-by: kbuild test robot Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/7195fcde7314ccbf7a081b356084a69d421b10d4.1590660977.git.christophe.leroy@csgroup.eu commit c3ba4dbbd1d05b49ec01efe098e0a78857d3ce22 Author: Christophe Leroy Date: Wed Apr 15 14:57:11 2020 +0000 powerpc/uaccess: Don't set KUEP by default on book3s/32 On book3s/32, KUEP is an heavy process as it requires to set/unset the NX bit in each of the 12 user segments everytime the kernel is entered/exited from/to user space. Don't select KUEP by default on book3s/32. Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/1492bb150c1aaa53d99a604b49992e60ea20cd5f.1586962582.git.christophe.leroy@c-s.fr commit 547e687b2981a115814962506068873d24983af7 Author: Christophe Leroy Date: Wed Apr 15 14:57:09 2020 +0000 powerpc/uaccess: Don't set KUAP by default on book3s/32 On book3s/32, KUAP is an heavy process as it requires to determine which segments are impacted and unlock/lock each of them. And since the implementation of user_access_begin/end, it is even worth for the time being because unlike __get_user(), user_access_begin doesn't make difference between read and write and unlocks access also for read allthought that's unneeded on book3s/32. As shown by the size of a kernel built with KUAP and one without, the overhead is 64k bytes of code. As a comparison a similar build on an 8xx has an overhead of only 8k bytes of code. text data bss dec hex filename 7230416 1425868 837376 9493660 90dc9c vmlinux.kuap6xx 7165012 1425548 837376 9427936 8fdbe0 vmlinux.nokuap6xx 6519796 1960028 477464 8957288 88ad68 vmlinux.kuap8xx 6511664 1959864 477464 8948992 888d00 vmlinux.nokuap8xx Until a more optimised KUAP is implemented on book3s/32, don't select it by default. Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/154a99399317b096ac1f04827b9f8d7a9179ddc1.1586962586.git.christophe.leroy@c-s.fr commit 332ce969b763553e9c4d55069e1e15aba4ea560f Author: Christophe Leroy Date: Wed Apr 15 10:06:09 2020 +0000 powerpc/8xx: Reduce time spent in allow_user_access() and friends To enable/disable kernel access to user space, the 8xx has to modify the properties of access group 1. This is done by writing predefined values into SPRN_Mx_AP registers. As of today, a __put_user() gives: 00000d64 : d64: 3d 20 4f ff lis r9,20479 d68: 61 29 ff ff ori r9,r9,65535 d6c: 7d 3a c3 a6 mtspr 794,r9 d70: 39 20 00 00 li r9,0 d74: 90 83 00 00 stw r4,0(r3) d78: 3d 20 6f ff lis r9,28671 d7c: 61 29 ff ff ori r9,r9,65535 d80: 7d 3a c3 a6 mtspr 794,r9 d84: 4e 80 00 20 blr Because only groups 0 and 1 are used, the definition of groups 2 to 15 doesn't matter. By setting unused bits to 0 instead on 1, one instruction is removed for each lock and unlock action: 00000d5c : d5c: 3d 20 40 00 lis r9,16384 d60: 7d 3a c3 a6 mtspr 794,r9 d64: 39 20 00 00 li r9,0 d68: 90 83 00 00 stw r4,0(r3) d6c: 3d 20 60 00 lis r9,24576 d70: 7d 3a c3 a6 mtspr 794,r9 d74: 4e 80 00 20 blr Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/57425c33dd72f292b1a23570244b81419072a7aa.1586945153.git.christophe.leroy@c-s.fr commit e51c3e13709fe55d4d0eb50ba435bc53a64152bf Author: Christophe Leroy Date: Tue Mar 31 16:03:47 2020 +0000 powerpc/entry32: Blacklist exception exit points for kprobe. kprobe does not handle events happening in real mode. The very last part of exception exits cannot support a trap. Blacklist them from kprobe. While we are at it, remove exc_exit_start symbol which is not used to avoid having to blacklist it. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/098b0fd3f6299aa1bd692bd576bd7012c84608de.1585670437.git.christophe.leroy@c-s.fr commit 7cdf4401388572f720403a7038a178a4b30ac14c Author: Christophe Leroy Date: Tue Mar 31 16:03:46 2020 +0000 powerpc/entry32: Blacklist syscall exit points for kprobe. kprobe does not handle events happening in real mode. The very last part of syscall cannot support a trap. Add a symbol syscall_exit_finish to identify that part and blacklist it from kprobe. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/23eddf49abb03d1359fa0be4206998eb3800f42c.1585670437.git.christophe.leroy@c-s.fr commit a616c442119f2ea5641e6abc215d7255b73b982b Author: Christophe Leroy Date: Tue Mar 31 16:03:45 2020 +0000 powerpc/entry32: Blacklist exception entry points for kprobe. kprobe does not handle events happening in real mode. As exception entry points are running with MMU disabled, blacklist them. The handling of TLF_NAPPING and TLF_SLEEPING is moved before the CONFIG_TRACE_IRQFLAGS which contains 'reenable_mmu' because from there kprobe will be possible as the kernel will run with MMU enabled. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/f61ac599855e674ebb592464d0ea32a3ba9c6644.1585670437.git.christophe.leroy@c-s.fr commit 5f32e8361cba8c58c4f272a389296f489ecc2823 Author: Christophe Leroy Date: Tue Mar 31 16:03:44 2020 +0000 powerpc/32: Blacklist functions running with MMU disabled for kprobe kprobe does not handle events happening in real mode, all functions running with MMU disabled have to be blacklisted. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/3bf57066d05518644dee0840af69d36ab5086729.1585670437.git.christophe.leroy@c-s.fr commit 32746dfe4cf37f4077929601e8877a7fd02676e8 Author: Christophe Leroy Date: Tue Mar 31 16:03:43 2020 +0000 powerpc/rtas: Remove machine_check_in_rtas() machine_check_in_rtas() is just a trap. Do the trap directly in the machine check exception handler. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/78899f40f89cb3c4f69bdff7f04eb6ec7cb753d5.1585670437.git.christophe.leroy@c-s.fr commit e6209318d63e2774c5ab214b14b948079e040064 Author: Christophe Leroy Date: Tue Mar 31 16:03:42 2020 +0000 powerpc/32s: Blacklist functions running with MMU disabled for kprobe kprobe does not handle events happening in real mode, all functions running with MMU disabled have to be blacklisted. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/dabed523c1b8955dd425152ce260b390053e727a.1585670437.git.christophe.leroy@c-s.fr commit f892c21d2efb3b86ecbf8f5a95ea4abeedcc91b0 Author: Christophe Leroy Date: Tue Mar 31 16:03:41 2020 +0000 powerpc/32s: Make local symbols non visible in hash_low. In hash_low.S, a lot of named local symbols are used instead of numbers to ease code readability. However, they don't need to be visible. In order to ease blacklisting of functions running with MMU disabled for kprobe, rename the symbols to .Lsymbols in order to hide them as if they were numbered labels. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/90c430d9e0f7af772a58aaeaf17bcc6321265340.1585670437.git.christophe.leroy@c-s.fr commit a64371b5d4fb37199dcd04cb7bf0132894018e33 Author: Christophe Leroy Date: Tue Mar 31 16:03:40 2020 +0000 powerpc/mem: Blacklist flush_dcache_icache_phys() for kprobe kprobe does not handle events happening in real mode, all functions running with MMU disabled have to be blacklisted. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/eaab3bff961c3bfe149f1d0bd3593291ef939dcc.1585670437.git.christophe.leroy@c-s.fr commit 32a820670fa00419375a964ca8bc569e1499b90d Author: Christophe Leroy Date: Tue Mar 31 16:03:39 2020 +0000 powerpc/powermac: Blacklist functions running with MMU disabled for kprobe kprobe does not handle events happening in real mode, all functions running with MMU disabled have to be blacklisted. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/6316e8883753499073f47301857e4e88b73c3ddd.1585670437.git.christophe.leroy@c-s.fr commit 7aa85127b1a170694b042cbc35a07afe3904173e Author: Christophe Leroy Date: Tue Mar 31 16:03:38 2020 +0000 powerpc/83xx: Blacklist mpc83xx_deep_resume() for kprobe kprobe does not handle events happening in real mode, all functions running with MMU disabled have to be blacklisted. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/3ac4ab8dd7008b9706d9228a60645a1756fa84bf.1585670437.git.christophe.leroy@c-s.fr commit 1740f15a99d30a5e2710b2b0754e65fc5ba68d1d Author: Christophe Leroy Date: Tue Mar 31 16:03:37 2020 +0000 powerpc/82xx: Blacklist pq2_restart() for kprobe kprobe does not handle events happening in real mode, all functions running with MMU disabled have to be blacklisted. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/5dca36682383577a3c2b2bca4d577e8654944461.1585670437.git.christophe.leroy@c-s.fr commit e83f01fdb9143a4f90b17fbf7d8b8b21efb2f968 Author: Christophe Leroy Date: Tue Mar 31 16:03:36 2020 +0000 powerpc/52xx: Blacklist functions running with MMU disabled for kprobe kprobe does not handle events happening in real mode, all functions running with MMU disabled have to be blacklisted. Signed-off-by: Christophe Leroy Acked-by: Naveen N. Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/1ae02b6637b87fc5aaa1d5012c3e2cb30e62b4a3.1585670437.git.christophe.leroy@c-s.fr commit 9ed5df69b79a22b40b20bc2132ba2495708b19c4 Author: Christophe Leroy Date: Mon Feb 24 18:02:10 2020 +0000 powerpc/kprobes: Use probe_address() to read instructions In order to avoid Oopses, use probe_address() to read the instruction at the address where the trap happened. Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/7f24b5961a6839ff01df792816807f74ff236bf6.1582567319.git.christophe.leroy@c-s.fr commit 08b1add150a8863665676d0ac9c3ad2d34b2540c Author: Michael Neuling Date: Tue May 19 14:30:09 2020 +1000 powerpc/configs: Add LIBNVDIMM to ppc64_defconfig This gives us OF_PMEM which is useful in mambo. This adds 153K to the text of ppc64le_defconfig which 0.8% of the total text. LIBNVDIMM text data bss dec hex Without 18574833 5518150 1539240 25632223 1871ddf With 18727834 5546206 1539368 25813408 189e1a0 Signed-off-by: Michael Neuling Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200519043009.3081885-1-mikey@neuling.org commit b664db8e3f976d9233cc9ea5e3f8a8c0bcabeb48 Author: Leonardo Bras Date: Mon May 18 20:42:45 2020 -0300 powerpc/rtas: Implement reentrant rtas call Implement rtas_call_reentrant() for reentrant rtas-calls: "ibm,int-on", "ibm,int-off",ibm,get-xive" and "ibm,set-xive". On LoPAPR Version 1.1 (March 24, 2016), from 7.3.10.1 to 7.3.10.4, items 2 and 3 say: 2 - For the PowerPC External Interrupt option: The * call must be reentrant to the number of processors on the platform. 3 - For the PowerPC External Interrupt option: The * argument call buffer for each simultaneous call must be physically unique. So, these rtas-calls can be called in a lockless way, if using a different buffer for each cpu doing such rtas call. For this, it was suggested to add the buffer (struct rtas_args) in the PACA struct, so each cpu can have it's own buffer. The PACA struct received a pointer to rtas buffer, which is allocated in the memory range available to rtas 32-bit. Reentrant rtas calls are useful to avoid deadlocks in crashing, where rtas-calls are needed, but some other thread crashed holding the rtas.lock. This is a backtrace of a deadlock from a kdump testing environment: #0 arch_spin_lock #1 lock_rtas () #2 rtas_call (token=8204, nargs=1, nret=1, outputs=0x0) #3 ics_rtas_mask_real_irq (hw_irq=4100) #4 machine_kexec_mask_interrupts #5 default_machine_crash_shutdown #6 machine_crash_shutdown #7 __crash_kexec #8 crash_kexec #9 oops_end Signed-off-by: Leonardo Bras [mpe: Move under #ifdef PSERIES to avoid build breakage] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200518234245.200672-3-leobras.c@gmail.com commit 783a015b747f606e803b798eb8b50c73c548691d Author: Leonardo Bras Date: Mon May 18 20:42:44 2020 -0300 powerpc/rtas: Move type/struct definitions from rtas.h into rtas-types.h In order to get any rtas* struct into other headers, including rtas.h may cause a lot of errors, regarding include dependency needed for inline functions. Create rtas-types.h and move there all type/struct definitions from rtas.h, then include rtas-types.h into rtas.h. Also, as suggested by checkpath.pl, replace uint8_t for u8. Signed-off-by: Leonardo Bras Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200518234245.200672-2-leobras.c@gmail.com commit af2876b501e42c3fb5174cac9dd02598436f0fdf Author: Leonardo Bras Date: Tue May 12 18:45:35 2020 -0300 powerpc/crash: Use NMI context for printk when starting to crash Currently, if printk lock (logbuf_lock) is held by other thread during crash, there is a chance of deadlocking the crash on next printk, and blocking a possibly desired kdump. At the start of default_machine_crash_shutdown, make printk enter NMI context, as it will use per-cpu buffers to store the message, and avoid locking logbuf_lock. Suggested-by: Michael Ellerman Signed-off-by: Leonardo Bras Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200512214533.93878-1-leobras.c@gmail.com commit b6eca183e23e7a6625a0d2cdb806b7cd1abcd2d2 Author: Leonardo Bras Date: Thu Apr 2 16:51:57 2020 -0300 powerpc/kernel: Enables memory hot-remove after reboot on pseries guests While providing guests, it's desirable to resize it's memory on demand. By now, it's possible to do so by creating a guest with a small base memory, hot-plugging all the rest, and using 'movable_node' kernel command-line parameter, which puts all hot-plugged memory in ZONE_MOVABLE, allowing it to be removed whenever needed. But there is an issue regarding guest reboot: If memory is hot-plugged, and then the guest is rebooted, all hot-plugged memory goes to ZONE_NORMAL, which offers no guaranteed hot-removal. It usually prevents this memory to be hot-removed from the guest. It's possible to use device-tree information to fix that behavior, as it stores flags for LMB ranges on ibm,dynamic-memory-vN. It involves marking each memblock with the correct flags as hotpluggable memory, which mm/memblock.c puts in ZONE_MOVABLE during boot if 'movable_node' is passed. For carrying such information, the new flag DRCONF_MEM_HOTREMOVABLE was proposed and accepted into Power Architecture documentation. This flag should be: - true (b=1) if the hypervisor may want to hot-remove it later, and - false (b=0) if it does not care. During boot, guest kernel reads the device-tree, early_init_drmem_lmb() is called for every added LMBs. Here, checking for this new flag and marking memblocks as hotplugable memory is enough to get the desirable behavior. This should cause no change if 'movable_node' parameter is not passed in kernel command-line. Signed-off-by: Leonardo Bras Reviewed-by: Bharata B Rao Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200402195156.626430-1-leonardo@linux.ibm.com commit 0e7e92efe11bc5993def689e10f7bcb36f127651 Author: Michael Ellerman Date: Wed May 20 21:17:40 2020 +1000 powerpc/xmon: Show task->thread.regs in process display Show the address of the tasks regs in the process listing in xmon. The regs should always be on the stack page that we also print the address of, but it's still helpful not to have to find them by hand. Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200520111740.953679-1-mpe@ellerman.id.au commit 598c01b5b2fca3a9de8ad3400edbff98ec22f0b2 Author: Michael Ellerman Date: Wed May 20 22:12:57 2020 +1000 powerpc/configs/64s: Enable CONFIG_PRINTK_CALLER This adds the CPU or thread number to printk messages. This helps a lot when deciphering concurrent oopses that have been interleaved. Example output, of PID1 (T1) triggering a warning: [ 1.581678][ T1] WARNING: CPU: 0 PID: 1 at crypto/rsa-pkcs1pad.c:539 pkcs1pad_verify+0x38/0x140 [ 1.581681][ T1] Modules linked in: [ 1.581693][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.5.0-rc5-gcc-8.2.0-00121-gf84c2e595927-dirty #1515 [ 1.581700][ T1] NIP: c000000000207d64 LR: c000000000207d3c CTR: c000000000207d2c [ 1.581708][ T1] REGS: c0000000fd2e7560 TRAP: 0700 Not tainted (5.5.0-rc5-gcc-8.2.0-00121-gf84c2e595927-dirty) [ 1.581712][ T1] MSR: 9000000000029033 CR: 44000222 XER: 00040000 Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200520121257.961112-1-mpe@ellerman.id.au commit 82a7cebdd95cffa55449d6c1d97cc9b743a66056 Author: Michael Neuling Date: Fri May 29 09:07:31 2020 +1000 powerpc: Fix misleading small cores print Currently when we boot on a big core system, we get this print: [ 0.040500] Using small cores at SMT level This is misleading as we've actually detected big cores. This patch clears up the print to say we've detect big cores but are using small cores for scheduling. Signed-off-by: Michael Neuling Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200528230731.1235752-1-mikey@neuling.org commit 9a2921e5baca1d25eb8d21f21d1e90581a6d0f68 Author: Hari Bathini Date: Wed May 27 15:14:35 2020 +0530 powerpc/fadump: Account for memory_limit while reserving memory If the memory chunk found for reserving memory overshoots the memory limit imposed, do not proceed with reserving memory. Default behavior was this until commit 140777a3d8df ("powerpc/fadump: consider reserved ranges while reserving memory") changed it unwittingly. Fixes: 140777a3d8df ("powerpc/fadump: consider reserved ranges while reserving memory") Cc: stable@vger.kernel.org Reported-by: kbuild test robot Signed-off-by: Hari Bathini Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/159057266320.22331.6571453892066907320.stgit@hbathini.in.ibm.com commit be5470e0c285a68dc3afdea965032f5ddc8269d7 Author: Pingfan Liu Date: Wed Apr 1 22:00:44 2020 +0800 powerpc/crashkernel: Take "mem=" option into account 'mem=" option is an easy way to put high pressure on memory during some test. Hence after applying the memory limit, instead of total mem, the actual usable memory should be considered when reserving mem for crashkernel. Otherwise the boot up may experience OOM issue. E.g. it would reserve 4G prior to the change and 512M afterward, if passing crashkernel="2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-:4G", and mem=5G on a 256G machine. This issue is powerpc specific because it puts higher priority on fadump and kdump reservation than on "mem=". Referring the following code: if (fadump_reserve_mem() == 0) reserve_crashkernel(); ... /* Ensure that total memory size is page-aligned. */ limit = ALIGN(memory_limit ?: memblock_phys_mem_size(), PAGE_SIZE); memblock_enforce_memory_limit(limit); While on other arches, the effect of "mem=" takes a higher priority and pass through memblock_phys_mem_size() before calling reserve_crashkernel(). Signed-off-by: Pingfan Liu Reviewed-by: Hari Bathini Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/1585749644-4148-1-git-send-email-kernelfans@gmail.com commit ef3534a94fdbdeab4c89d18d0164be2ad5d6dbb7 Author: Ravi Bangoria Date: Tue Jun 2 09:42:08 2020 +0530 hw-breakpoints: Fix build warnings with clang kbuild test robot reported some build warnings in the hw_breakpoint code when compiled with clang[1]. Some of them were introduced by the recent powerpc change to add arch_reserve_bp_slot() and arch_release_bp_slot(). Fix them all. kernel/events/hw_breakpoint.c:71:12: warning: no previous prototype for function 'hw_breakpoint_weight' kernel/events/hw_breakpoint.c:216:12: warning: no previous prototype for function 'arch_reserve_bp_slot' kernel/events/hw_breakpoint.c:221:13: warning: no previous prototype for function 'arch_release_bp_slot' kernel/events/hw_breakpoint.c:228:13: warning: no previous prototype for function 'arch_unregister_hw_breakpoint' [1]: https://lore.kernel.org/linuxppc-dev/202005192233.oi9CjRtA%25lkp@intel.com/ Fixes: 29da4f91c0c1 ("powerpc/watchpoint: Don't allow concurrent perf and ptrace events") Reported-by: kbuild test robot Signed-off-by: Ravi Bangoria [mpe: Drop extern, flesh out change log, add Fixes tag] Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20200602041208.128913-1-ravi.bangoria@linux.ibm.com commit 8bdd79dae1ff5397351b95e249abcae126572617 Author: Lingling Xu Date: Tue Jun 2 16:24:15 2020 +0800 spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH The watchdog counter consists of WDG_LOAD_LOW and WDG_LOAD_HIGH, which would be loaded to watchdog counter once writing WDG_LOAD_LOW. Fixes: ac1775012058 ("spi: sprd: Add the support of restarting the system") Signed-off-by: Lingling Xu Signed-off-by: Chunyan Zhang Link: https://lore.kernel.org/r/20200602082415.5848-1-zhang.lyra@gmail.com Signed-off-by: Mark Brown commit 25de110d148666752dc0e0da7a0b69de31cd7098 Author: Ingo Molnar Date: Tue Jun 2 12:08:39 2020 +0200 irq_work: Define irq_work_single() on !CONFIG_IRQ_WORK too Some SMP platforms don't have CONFIG_IRQ_WORK defined, resulting in a link error at build time. Define a stub and clean up the prototype definitions. Reported-by: kbuild test robot Signed-off-by: Ingo Molnar Acked-by: Peter Zijlstra Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar commit 16accae3d97f97d7f61c4ee5d0002bccdef59088 Author: Stephane Eranian Date: Thu May 28 13:16:14 2020 -0700 perf/x86/rapl: Fix RAPL config variable bug This patch fixes a bug introduced by: fd3ae1e1587d6 ("perf/x86/rapl: Move RAPL support to common x86 code") The Kconfig variable name was wrong. It was missing the CONFIG_ prefix. Signed-off-by: Stephane Eranian Signed-off-by: Ingo Molnar Tested-by: Kim Phillips Acked-by: Peter Zijlstra Link: https://lore.kernel.org/r/20200528201614.250182-1-eranian@google.com commit cc69fc4861705c27c0506d39189015d7404129ed Merge: 3d77e6a8804a c4e0f3b24004 79074f61c022 0299a1a81ca0 71974cfb6737 9f510d1e4299 edcc40d2ab5f 736c3333e397 Author: Joerg Roedel Date: Tue Jun 2 10:32:04 2020 +0200 Merge branches 'arm/msm', 'arm/allwinner', 'arm/smmu', 'x86/vt-d', 'hyper-v', 'core' and 'x86/amd' into next commit 5c1bd89b45d4c82316833a8d7ed36720ab89ee3d Author: David Hildenbrand Date: Tue Mar 10 12:54:11 2020 +0100 MAINTAINERS: Add myself as virtio-balloon co-maintainer As suggested by Michael, let's add me as co-maintainer of virtio-balloon. While at it, also add "include/linux/balloon_compaction.h" to the file list. Cc: Michael S. Tsirkin Cc: Jason Wang Cc: Greg Kroah-Hartman Signed-off-by: David Hildenbrand Link: https://lore.kernel.org/r/20200310115411.12760-1-david@redhat.com Signed-off-by: Michael S. Tsirkin commit 213e77213867e4edbdb342c37ea822feedf4608f Author: Michael S. Tsirkin Date: Thu Apr 23 08:36:57 2020 -0400 vhost: revert "vhost: disable for OABI" This reverts commit d085eb8ce727 ("vhost: disable for OABI") With commit "virtio: force spec specified alignment on types" in place, we force proper alignment for all structures, so there's no longer a reason to blacklist OABI. Signed-off-by: Michael S. Tsirkin commit a865e420b9561235851c3f5d483c82ef389d29bd Author: Michael S. Tsirkin Date: Mon Apr 6 08:42:55 2020 -0400 virtio: force spec specified alignment on types The ring element addresses are passed between components with different alignments assumptions. Thus, if guest/userspace selects a pointer and host then gets and dereferences it, we might need to decrease the compiler-selected alignment to prevent compiler on the host from assuming pointer is aligned. This actually triggers on ARM with -mabi=apcs-gnu - which is a deprecated configuration, but it seems safer to handle this generally. Note that userspace that allocates the memory is actually OK and does not need to be fixed, but userspace that gets it from guest or another process does need to be fixed. The later doesn't generally talk to the kernel so while it might be buggy it's not talking to the kernel in the buggy way - it's just using the header in the buggy way - so fixing header and asking userspace to recompile is the best we can do. I verified that the produced kernel binary on x86 is exactly identical before and after the change. Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang commit 0c35c67412f0ae9ebe1a87cb83bc9de8143438b7 Author: Markus Elfring Date: Sun Apr 5 19:14:10 2020 +0200 virtio-mmio: Delete an error message in vm_find_vqs() The function “platform_get_irq” can log an error already. Thus omit a redundant message for the exception handling in the calling function. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring Link: https://lore.kernel.org/r/9e27bc4a-cfa1-7818-dc25-8ad308816b30@web.de Signed-off-by: Michael S. Tsirkin commit e7c8cc35a64d1d21e6fb811c519eadbda30f4f77 Author: Matej Genci Date: Wed Sep 11 12:49:53 2019 +0000 virtio: add VIRTIO_RING_NO_LEGACY Add macro to disable legacy vring functions. Signed-off-by: Matej Genci Link: https://lore.kernel.org/r/20190911124942.243713-1-matej.genci@nutanix.com Signed-off-by: Michael S. Tsirkin commit 36f9967531da27ff8cc6f005d93760b578baffb9 Author: Stefano Stabellini Date: Thu May 21 12:32:42 2020 -0700 9p/xen: increase XEN_9PFS_RING_ORDER Increase XEN_9PFS_RING_ORDER to 9 for performance reason. Order 9 is the max allowed by the protocol. We can't assume that all backends will support order 9. The xenstore property max-ring-page-order specifies the max order supported by the backend. We'll use max-ring-page-order for the size of the ring. This means that the size of the ring is not static (XEN_FLEX_RING_SIZE(9)) anymore. Change XEN_9PFS_RING_SIZE to take an argument and base the calculation on the order chosen at setup time. Finally, modify p9_xen_trans.maxsize to be divided by 4 compared to the original value. We need to divide it by 2 because we have two rings coming off the same order allocation: the in and out rings. This was a mistake in the original code. Also divide it further by 2 because we don't want a single request/reply to fill up the entire ring. There can be multiple requests/replies outstanding at any given time and if we use the full ring with one, we risk forcing the backend to wait for the client to read back more replies before continuing, which is not performant. Link: http://lkml.kernel.org/r/20200521193242.15953-1-sstabellini@kernel.org Signed-off-by: Stefano Stabellini Signed-off-by: Dominique Martinet commit 1cb2c4a2c89b2004a36399860c85a1af9b3fcba7 Author: Rob Clark Date: Mon Jun 1 20:54:50 2020 -0700 Revert "drm/msm/dpu: add support for clk and bw scaling for display" This is causing multiple armv7 missing do_div() errors, so lets drop it for now. This reverts commit 04d9044f6c577948609c03b4e33b8fbc8b87c4b1. Cc: Kalyan Thota Signed-off-by: Rob Clark commit f359287765c04711ff54fbd11645271d8e5ff763 Merge: 8b39a57e9654 c8ffd8bcdd28 Author: Linus Torvalds Date: Mon Jun 1 16:44:06 2020 -0700 Merge branch 'from-miklos' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs updates from Al Viro: "Assorted patches from Miklos. An interesting part here is /proc/mounts stuff..." The "/proc/mounts stuff" is using a cursor for keeeping the location data while traversing the mount listing. Also probably worth noting is the addition of faccessat2(), which takes an additional set of flags to specify how the lookup is done (AT_EACCESS, AT_SYMLINK_NOFOLLOW, AT_EMPTY_PATH). * 'from-miklos' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: vfs: add faccessat2 syscall vfs: don't parse "silent" option vfs: don't parse "posixacl" option vfs: don't parse forbidden flags statx: add mount_root statx: add mount ID statx: don't clear STATX_ATIME on SB_RDONLY uapi: deprecate STATX_ALL utimensat: AT_EMPTY_PATH support vfs: split out access_override_creds() proc/mounts: add cursor aio: fix async fsync creds vfs: allow unprivileged whiteout creation commit 8b39a57e965403c12a27d0859901a8a7d1d7318f Merge: 062ea674ae8a 38cdabb7d835 Author: Linus Torvalds Date: Mon Jun 1 16:21:46 2020 -0700 Merge branch 'work.set_fs-exec' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull uaccess/coredump updates from Al Viro: "set_fs() removal in coredump-related area - mostly Christoph's stuff..." * 'work.set_fs-exec' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: binfmt_elf_fdpic: remove the set_fs(KERNEL_DS) in elf_fdpic_core_dump binfmt_elf: remove the set_fs(KERNEL_DS) in elf_core_dump binfmt_elf: remove the set_fs in fill_siginfo_note signal: refactor copy_siginfo_to_user32 powerpc/spufs: simplify spufs core dumping powerpc/spufs: stop using access_ok powerpc/spufs: fix copy_to_user while atomic commit 062ea674ae8ad93530dbf7176c59daef098863df Merge: 56446efab9ce 0702e4f39034 Author: Linus Torvalds Date: Mon Jun 1 16:19:59 2020 -0700 Merge branch 'uaccess.__copy_to_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull uaccess/__copy_to_user updates from Al Viro: "Getting rid of __copy_to_user() callers - stuff that doesn't fit into other series" * 'uaccess.__copy_to_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: dlmfs: convert dlmfs_file_read() to copy_to_user() esas2r: don't bother with __copy_to_user() commit 56446efab9ce4961fe0fe6bbc5bc66374b08b9f3 Merge: 4fdea5848b3c ff847781049c Author: Linus Torvalds Date: Mon Jun 1 16:18:46 2020 -0700 Merge branch 'uaccess.__copy_from_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull uaccess/__copy_from_user updates from Al Viro: "Getting rid of __copy_from_user() callers - patches that don't fit into other series" * 'uaccess.__copy_from_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: pstore: switch to copy_from_user() firewire: switch ioctl_queue_iso to use of copy_from_user() commit 4fdea5848b3c7fb13a0bfd7f768dcf15b534dafe Merge: e148a8f948af ebe6976d3634 Author: Linus Torvalds Date: Mon Jun 1 16:17:04 2020 -0700 Merge branch 'uaccess.__put_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull uaccess/__put-user updates from Al Viro: "Removal of __put_user() calls - misc patches that don't fit into any other series" * 'uaccess.__put_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: pcm_native: result of put_user() needs to be checked scsi_ioctl.c: switch SCSI_IOCTL_GET_IDLUN to copy_to_user() compat sysinfo(2): don't bother with field-by-field copyout commit e148a8f948afc0b1eeb5c157b23b3d0a4d4517a5 Merge: e0cd9206878a 5fb1514164de Author: Linus Torvalds Date: Mon Jun 1 16:11:38 2020 -0700 Merge branch 'uaccess.readdir' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull uaccess/readdir updates from Al Viro: "Finishing the conversion of readdir.c to unsafe_... API. This includes the uaccess_{read,write}_begin series by Christophe Leroy" * 'uaccess.readdir' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: readdir.c: get rid of the last __put_user(), drop now-useless access_ok() readdir.c: get compat_filldir() more or less in sync with filldir() switch readdir(2) to unsafe_copy_dirent_name() drm/i915/gem: Replace user_access_begin by user_write_access_begin uaccess: Selectively open read or write user access uaccess: Add user_read_access_begin/end and user_write_access_begin/end commit e0cd9206878a3b95024602b355b254d142f5ce94 Merge: 4b01285e1672 87c233b8158a Author: Linus Torvalds Date: Mon Jun 1 16:09:43 2020 -0700 Merge branch 'uaccess.access_ok' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull uaccess/access_ok updates from Al Viro: "Removals of trivially pointless access_ok() calls. Note: the fiemap stuff was removed from the series, since they are duplicates with part of ext4 series carried in Ted's tree" * 'uaccess.access_ok' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: vmci_host: get rid of pointless access_ok() hfi1: get rid of pointless access_ok() usb: get rid of pointless access_ok() calls lpfc_debugfs: get rid of pointless access_ok() efi_test: get rid of pointless access_ok() drm_read(): get rid of pointless access_ok() via-pmu: don't bother with access_ok() drivers/crypto/ccp/sev-dev.c: get rid of pointless access_ok() omapfb: get rid of pointless access_ok() calls amifb: get rid of pointless access_ok() calls drivers/fpga/dfl-afu-dma-region.c: get rid of pointless access_ok() drivers/fpga/dfl-fme-pr.c: get rid of pointless access_ok() cm4000_cs.c cmm_ioctl(): get rid of pointless access_ok() nvram: drop useless access_ok() n_hdlc_tty_read(): remove pointless access_ok() tomoyo_write_control(): get rid of pointless access_ok() btrfs_ioctl_send(): don't bother with access_ok() fat_dir_ioctl(): hadn't needed that access_ok() for more than a decade... dlmfs_file_write(): get rid of pointless access_ok() commit 4b01285e1672ed9342ace952e92eb1e1db7134ae Merge: b23c4771ff62 001c1a655f0a Author: Linus Torvalds Date: Mon Jun 1 16:03:37 2020 -0700 Merge branch 'uaccess.csum' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull uaccess/csum updates from Al Viro: "Regularize the sitation with uaccess checksum primitives: - fold csum_partial_... into csum_and_copy_..._user() - on x86 collapse several access_ok()/stac()/clac() into user_access_begin()/user_access_end()" * 'uaccess.csum' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: default csum_and_copy_to_user(): don't bother with access_ok() take the dummy csum_and_copy_from_user() into net/checksum.h arm: switch to csum_and_copy_from_user() sh32: convert to csum_and_copy_from_user() m68k: convert to csum_and_copy_from_user() xtensa: switch to providing csum_and_copy_from_user() sparc: switch to providing csum_and_copy_from_user() parisc: turn csum_partial_copy_from_user() into csum_and_copy_from_user() alpha: turn csum_partial_copy_from_user() into csum_and_copy_from_user() ia64: turn csum_partial_copy_from_user() into csum_and_copy_from_user() ia64: csum_partial_copy_nocheck(): don't abuse csum_partial_copy_from_user() x86: switch 32bit csum_and_copy_to_user() to user_access_{begin,end}() x86: switch both 32bit and 64bit to providing csum_and_copy_from_user() x86_64: csum_..._copy_..._user(): switch to unsafe_..._user() get rid of csum_partial_copy_to_user() commit 2a975ac9c30c938ee6d4131988045dabca9c7367 Author: Anson Huang Date: Mon Jun 1 18:37:44 2020 +0800 dt-bindings: mailbox: Convert imx mu to json-schema Convert the i.MX MU binding to DT schema format using json-schema Signed-off-by: Anson Huang Signed-off-by: Rob Herring commit e6b12afe659cc97ff3f160e215006e6ccbbd1060 Author: Anson Huang Date: Mon Jun 1 16:06:43 2020 +0800 dt-bindings: power: Convert imx gpcv2 to json-schema Convert the i.MX GPCv2 binding to DT schema format using json-schema Example is updated based on latest DT file and consumer's example is removed since it is NOT that useful. Signed-off-by: Anson Huang Signed-off-by: Rob Herring commit 0c03fa00fd2f3124cf0d25bdeb5cae2da9888758 Author: Anson Huang Date: Mon Jun 1 16:06:42 2020 +0800 dt-bindings: power: Convert imx gpc to json-schema Convert the i.MX GPC binding to DT schema format using json-schema >From latest reference manual, there is actually ONLY 1 interrupt for GPC, so the additional GPC interrupt is removed. Consumer's example is also removed since it is NOT that useful. Signed-off-by: Anson Huang Signed-off-by: Rob Herring commit 9a25c1df24a6fea9dc79eec950453c4e00f707fd Merge: efd7ed0f5f2d cf51abcded83 Author: David S. Miller Date: Mon Jun 1 15:53:08 2020 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next Alexei Starovoitov says: ==================== pull-request: bpf-next 2020-06-01 The following pull-request contains BPF updates for your *net-next* tree. We've added 55 non-merge commits during the last 1 day(s) which contain a total of 91 files changed, 4986 insertions(+), 463 deletions(-). The main changes are: 1) Add rx_queue_mapping to bpf_sock from Amritha. 2) Add BPF ring buffer, from Andrii. 3) Attach and run programs through devmap, from David. 4) Allow SO_BINDTODEVICE opt in bpf_setsockopt, from Ferenc. 5) link based flow_dissector, from Jakub. 6) Use tracing helpers for lsm programs, from Jiri. 7) Several sk_msg fixes and extensions, from John. ==================== Signed-off-by: David S. Miller commit efd7ed0f5f2d07ccbb1853c5d46656cdfa1371fb Author: Jules Irenge Date: Mon Jun 1 19:45:52 2020 +0100 sfc: add missing annotation for efx_ef10_try_update_nic_stats_vf() Sparse reports a warning at efx_ef10_try_update_nic_stats_vf() warning: context imbalance in efx_ef10_try_update_nic_stats_vf() - unexpected unlock The root cause is the missing annotation at efx_ef10_try_update_nic_stats_vf() Add the missing _must_hold(&efx->stats_lock) annotation Signed-off-by: Jules Irenge Signed-off-by: David S. Miller commit 6abde0b241224347cd88e2ae75902e07f55c42cb Author: Vinay Kumar Yadav Date: Tue Jun 2 00:07:05 2020 +0530 crypto/chtls: IPv6 support for inline TLS Extends support to IPv6 for Inline TLS server. Signed-off-by: Vinay Kumar Yadav v1->v2: - cc'd tcp folks. v2->v3: - changed EXPORT_SYMBOL() to EXPORT_SYMBOL_GPL() Signed-off-by: David S. Miller commit a56772dc3f17f8137aa3227f898e482af2d3bffc Merge: 76d7728db724 055be6865dea Author: David S. Miller Date: Mon Jun 1 15:50:26 2020 -0700 Merge branch 'chelsio-crypto-fixes' Ayush Sawal says: ==================== Fixing compilation warnings and errors Patch 1: Fixes the warnings seen when compiling using sparse tool. Patch 2: Fixes a cocci check error introduced after commit 567be3a5d227 ("crypto: chelsio - Use multiple txq/rxq per tfm to process the requests"). V1->V2 patch1: Avoid type casting by using get_unaligned_be32() and put_unaligned_be16/32() functions. patch2: Modified subject of the patch. ==================== Signed-off-by: David S. Miller commit 055be6865dea6743b090d1c55c8d21a5e01df201 Author: Ayush Sawal Date: Mon Jun 1 23:11:59 2020 +0530 Crypto/chcr: Fixes a coccinile check error This fixes an error observed after running coccinile check. drivers/crypto/chelsio/chcr_algo.c:1462:5-8: Unneeded variable: "err". Return "0" on line 1480 This line is missed in the commit 567be3a5d227 ("crypto: chelsio - Use multiple txq/rxq per tfm to process the requests"). Fixes: 567be3a5d227 ("crypto: chelsio - Use multiple txq/rxq per tfm to process the requests"). V1->V2 -Modified subject. Signed-off-by: Ayush Sawal Signed-off-by: David S. Miller commit f3b140ad8575b74c78be50f34079e1cf43b0302d Author: Ayush Sawal Date: Mon Jun 1 23:11:58 2020 +0530 Crypto/chcr: Fixes compilations warnings This patch fixes the compilation warnings displayed by sparse tool for chcr driver. V1->V2 Avoid type casting by using get_unaligned_be32() and put_unaligned_be16/32() functions. The key which comes from stack is an u8 byte stream so we store it in an unsigned char array(ablkctx->key). The function get_aes_decrypt_key() is a used to calculate the reverse round key for decryption, for this operation the key has to be divided into 4 bytes, so to extract 4 bytes from an u8 byte stream and store it in an u32 variable, get_aligned_be32() is used. Similarly for copying back the key from u32 variable to the original u8 key stream, put_aligned_be32() is used. Signed-off-by: Ayush Sawal Signed-off-by: David S. Miller commit 76d7728db724466490c2c3dd4f84c3357f550615 Author: Rohit Maheshwari Date: Mon Jun 1 19:33:32 2020 +0530 crypto/chcr: IPV6 code needs to be in CONFIG_IPV6 Error messages seen while building kernel with CONFIG_IPV6 disabled. Signed-off-by: Rohit Maheshwari Signed-off-by: David S. Miller commit a3ac249a1ab57552cb2a63e70556ee87610a591d Author: Rohit Maheshwari Date: Mon Jun 1 13:08:29 2020 +0530 cxgb4/chcr: Enable ktls settings at run time Current design enables ktls setting from start, which is not efficient. Now the feature will be enabled when user demands TLS offload on any interface. v1->v2: - taking ULD module refcount till any single connection exists. - taking rtnl_lock() before clearing tls_devops. v2->v3: - cxgb4 is now registering to tlsdev_ops. - module refcount inc/dec in chcr. - refcount is only for connections. - removed new code from cxgb_set_feature(). v3->v4: - fixed warning message. Signed-off-by: Rohit Maheshwari Signed-off-by: David S. Miller commit 79a1f0ccdbb4ad700590f61b00525b390cb53905 Author: Hangbin Liu Date: Mon Jun 1 11:55:03 2020 +0800 ipv6: fix IPV6_ADDRFORM operation logic Socket option IPV6_ADDRFORM supports UDP/UDPLITE and TCP at present. Previously the checking logic looks like: if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE) do_some_check; else if (sk->sk_protocol != IPPROTO_TCP) break; After commit b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation"), TCP was blocked as the logic changed to: if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE) do_some_check; else if (sk->sk_protocol == IPPROTO_TCP) do_some_check; break; else break; Then after commit 82c9ae440857 ("ipv6: fix restrict IPV6_ADDRFORM operation") UDP/UDPLITE were blocked as the logic changed to: if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE) do_some_check; if (sk->sk_protocol == IPPROTO_TCP) do_some_check; if (sk->sk_protocol != IPPROTO_TCP) break; Fix it by using Eric's code and simply remove the break in TCP check, which looks like: if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE) do_some_check; else if (sk->sk_protocol == IPPROTO_TCP) do_some_check; else break; Fixes: 82c9ae440857 ("ipv6: fix restrict IPV6_ADDRFORM operation") Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller commit b23c4771ff62de8ca9b5e4a2d64491b2fb6f8f69 Merge: c2b0fc847f31 e35b5a4c494a Author: Linus Torvalds Date: Mon Jun 1 15:45:27 2020 -0700 Merge tag 'docs-5.8' of git://git.lwn.net/linux Pull documentation updates from Jonathan Corbet: "A fair amount of stuff this time around, dominated by yet another massive set from Mauro toward the completion of the RST conversion. I *really* hope we are getting close to the end of this. Meanwhile, those patches reach pretty far afield to update document references around the tree; there should be no actual code changes there. There will be, alas, more of the usual trivial merge conflicts. Beyond that we have more translations, improvements to the sphinx scripting, a number of additions to the sysctl documentation, and lots of fixes" * tag 'docs-5.8' of git://git.lwn.net/linux: (130 commits) Documentation: fixes to the maintainer-entry-profile template zswap: docs/vm: Fix typo accept_threshold_percent in zswap.rst tracing: Fix events.rst section numbering docs: acpi: fix old http link and improve document format docs: filesystems: add info about efivars content Documentation: LSM: Correct the basic LSM description mailmap: change email for Ricardo Ribalda docs: sysctl/kernel: document unaligned controls Documentation: admin-guide: update bug-hunting.rst docs: sysctl/kernel: document ngroups_max nvdimm: fixes to maintainter-entry-profile Documentation/features: Correct RISC-V kprobes support entry Documentation/features: Refresh the arch support status files Revert "docs: sysctl/kernel: document ngroups_max" docs: move locking-specific documents to locking/ docs: move digsig docs to the security book docs: move the kref doc into the core-api book docs: add IRQ documentation at the core-api book docs: debugging-via-ohci1394.txt: add it to the core-api book docs: fix references for ipmi.rst file ... commit c2b0fc847f3122e5a4176c3772626a7a8facced0 Merge: 533b220f7be4 fb597f2a3932 Author: Linus Torvalds Date: Mon Jun 1 15:36:32 2020 -0700 Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM updates from Russell King: - remove a now unnecessary usage of the KERNEL_DS for sys_oabi_epoll_ctl() - update my email address in a number of drivers - decompressor EFI updates from Ard Biesheuvel - module unwind section handling updates - sparsemem Kconfig cleanups - make act_mm macro respect THREAD_SIZE * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: 8980/1: Allow either FLATMEM or SPARSEMEM on the multiplatform build ARM: 8979/1: Remove redundant ARCH_SPARSEMEM_DEFAULT setting ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE ARM: decompressor: run decompressor in place if loaded via UEFI ARM: decompressor: move GOT into .data for EFI enabled builds ARM: decompressor: defer loading of the contents of the LC0 structure ARM: decompressor: split off _edata and stack base into separate object ARM: decompressor: move headroom variable out of LC0 ARM: 8976/1: module: allow arch overrides for .init section names ARM: 8975/1: module: fix handling of unwind init sections ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled ARM: 8971/1: replace the sole use of a symbol with its definition ARM: 8969/1: decompressor: simplify libfdt builds Update rmk's email address in various drivers ARM: compat: remove KERNEL_DS usage in sys_oabi_epoll_ctl() commit 4c21daae3dbc9f8536cc18e6e53627821fa2c90c Author: YueHaibing Date: Thu May 28 22:34:07 2020 +0800 tipc: Fix NULL pointer dereference in __tipc_sendstream() tipc_sendstream() may send zero length packet, then tipc_msg_append() do not alloc skb, skb_peek_tail() will get NULL, msg_set_ack_required will trigger NULL pointer dereference. Reported-by: syzbot+8eac6d030e7807c21d32@syzkaller.appspotmail.com Fixes: 0a3e060f340d ("tipc: add test for Nagle algorithm effectiveness") Signed-off-by: YueHaibing Signed-off-by: David S. Miller commit cf51abcded837ef209faa03a62b2ea44e45995e8 Merge: febeb6dff7be 06716e04a043 Author: Alexei Starovoitov Date: Mon Jun 1 15:21:03 2020 -0700 Merge branch 'Link-based-attach-to-netns' Jakub Sitnicki says: ==================== One of the pieces of feedback from recent review of BPF hooks for socket lookup [0] was that new program types should use bpf_link-based attachment. This series introduces new bpf_link type for attaching to network namespace. All link operations are supported. Errors returned from ops follow cgroup example. Patch 4 description goes into error semantics. The major change in v2 is a switch away from RCU to mutex-only synchronization. Andrii pointed out that it is not needed, and it makes sense to keep locking straightforward. Also, there were a couple of bugs in update_prog and fill_info initial implementation, one picked up by kbuild. Those are now fixed. Tests have been extended to cover them. Full changelog below. Series is organized as so: Patches 1-3 prepare a space in struct net to keep state for attached BPF programs, and massage the code in flow_dissector to make it attach type agnostic, to finally move it under kernel/bpf/. Patch 4, the most important one, introduces new bpf_link link type for attaching to network namespace. Patch 5 unifies the update error (ENOLINK) between BPF cgroup and netns. Patches 6-8 make libbpf and bpftool aware of the new link type. Patches 9-12 Add and extend tests to check that link low- and high-level API for operating on links to netns works as intended. Thanks to Alexei, Andrii, Lorenz, Marek, and Stanislav for feedback. -jkbs [0] https://lore.kernel.org/bpf/20200511185218.1422406-1-jakub@cloudflare.com/ Cc: Alexei Starovoitov Cc: Andrii Nakryiko Cc: Lorenz Bauer Cc: Marek Majkowski Cc: Stanislav Fomichev v1 -> v2: - Switch to mutex-only synchronization. Don't rely on RCU grace period guarantee when accessing struct net from link release / update / fill_info, and when accessing bpf_link from pernet pre_exit callback. (Andrii) - Drop patch 1, no longer needed with mutex-only synchronization. - Don't leak uninitialized variable contents from fill_info callback when link is in defunct state. (kbuild) - Make fill_info treat the link as defunct (i.e. no attached netns) when struct net refcount is 0, but link has not been yet auto-detached. - Add missing BPF_LINK_TYPE define in bpf_types.h for new link type. - Fix link update_prog callback to update the prog that will run, and not just the link itself. - Return EEXIST on prog attach when link already exists, and on link create when prog is already attached directly. (Andrii) - Return EINVAL on prog detach when link is attached. (Andrii) - Fold __netns_bpf_link_attach into its only caller. (Stanislav) - Get rid of a wrapper around container_of() (Andrii) - Use rcu_dereference_protected instead of rcu_access_pointer on update-side. (Stanislav) - Make return-on-success from netns_bpf_link_create less confusing. (Andrii) - Adapt bpf_link for cgroup to return ENOLINK when updating a defunct link. (Andrii, Alexei) - Order new exported symbols in libbpf.map alphabetically (Andrii) - Keep libbpf's "failed to attach link" warning message clear as to what we failed to attach to (cgroup vs netns). (Andrii) - Extract helpers for printing link attach type. (bpftool, Andrii) - Switch flow_dissector tests to BPF skeleton and extend them to exercise link-based flow dissector attachment. (Andrii) - Harden flow dissector attachment tests with prog query checks after prog attach/detach, or link create/update/close. - Extend flow dissector tests to cover fill_info for defunct links. - Rebase onto recent bpf-next ==================== Signed-off-by: Alexei Starovoitov commit 06716e04a043aa5e010f952a823ad038054b0e5c Author: Jakub Sitnicki Date: Sun May 31 10:28:46 2020 +0200 selftests/bpf: Extend test_flow_dissector to cover link creation Extend the existing flow_dissector test case to run tests once using direct prog attachments, and then for the second time using indirect attachment via link. The intention is to exercises the newly added high-level API for attaching programs to network namespace with links (bpf_program__attach_netns). Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200531082846.2117903-13-jakub@cloudflare.com commit b4b8a3bf9ef0fbbf343b624d68ea328dd4edd5c4 Author: Jakub Sitnicki Date: Sun May 31 10:28:45 2020 +0200 selftests/bpf: Convert test_flow_dissector to use BPF skeleton Switch flow dissector test setup from custom BPF object loader to BPF skeleton to save boilerplate and prepare for testing higher-level API for attaching flow dissector with bpf_link. To avoid depending on program order in the BPF object when populating the flow dissector PROG_ARRAY map, change the program section names to contain the program index into the map. This follows the example set by tailcall tests. Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200531082846.2117903-12-jakub@cloudflare.com commit b8215dce7dfd817ca38807f55165bf502146cd68 Author: Jakub Sitnicki Date: Sun May 31 10:28:44 2020 +0200 selftests/bpf, flow_dissector: Close TAP device FD after the test test_flow_dissector leaves a TAP device after it's finished, potentially interfering with other tests that will run after it. Fix it by closing the TAP descriptor on cleanup. Fixes: 0905beec9f52 ("selftests/bpf: run flow dissector tests in skb-less mode") Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200531082846.2117903-11-jakub@cloudflare.com commit 1f043f87bb595bbe6c7e6b291d115284840a6c33 Author: Jakub Sitnicki Date: Sun May 31 10:28:43 2020 +0200 selftests/bpf: Add tests for attaching bpf_link to netns Extend the existing test case for flow dissector attaching to cover: - link creation, - link updates, - link info querying, - mixing links with direct prog attachment. Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200531082846.2117903-10-jakub@cloudflare.com commit e948947a6e111b3d4bbe538105ee2f3611e032ad Author: Jakub Sitnicki Date: Sun May 31 10:28:42 2020 +0200 bpftool: Support link show for netns-attached links Make `bpf link show` aware of new link type, that is links attached to netns. When listing netns-attached links, display netns inode number as its identifier and link attach type. Sample session: # readlink /proc/self/ns/net net:[4026532251] # bpftool prog show 357: flow_dissector tag a04f5eef06a7f555 gpl loaded_at 2020-05-30T16:53:51+0200 uid 0 xlated 16B jited 37B memlock 4096B 358: flow_dissector tag a04f5eef06a7f555 gpl loaded_at 2020-05-30T16:53:51+0200 uid 0 xlated 16B jited 37B memlock 4096B # bpftool link show 108: netns prog 357 netns_ino 4026532251 attach_type flow_dissector # bpftool link -jp show [{ "id": 108, "type": "netns", "prog_id": 357, "netns_ino": 4026532251, "attach_type": "flow_dissector" } ] (... after netns is gone ...) # bpftool link show 108: netns prog 357 netns_ino 0 attach_type flow_dissector # bpftool link -jp show [{ "id": 108, "type": "netns", "prog_id": 357, "netns_ino": 0, "attach_type": "flow_dissector" } ] Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200531082846.2117903-9-jakub@cloudflare.com commit be6e19818ba626eb1b354490aee40a2cfc1a219f Author: Jakub Sitnicki Date: Sun May 31 10:28:41 2020 +0200 bpftool: Extract helpers for showing link attach type Code for printing link attach_type is duplicated in a couple of places, and likely will be duplicated for future link types as well. Create helpers to prevent duplication. Suggested-by: Andrii Nakryiko Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200531082846.2117903-8-jakub@cloudflare.com commit d60d81acc2c180e33244857e35ef60072573b000 Author: Jakub Sitnicki Date: Sun May 31 10:28:40 2020 +0200 libbpf: Add support for bpf_link-based netns attachment Add bpf_program__attach_nets(), which uses LINK_CREATE subcommand to create an FD-based kernel bpf_link, for attach types tied to network namespace, that is BPF_FLOW_DISSECTOR for the moment. Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200531082846.2117903-7-jakub@cloudflare.com commit 0c047ecbb7bab4c1d2136f5f04bb47a66a9a12b8 Author: Jakub Sitnicki Date: Sun May 31 10:28:39 2020 +0200 bpf, cgroup: Return ENOLINK for auto-detached links on update Failure to update a bpf_link because it has been auto-detached by a dying cgroup currently results in EINVAL error, even though the arguments passed to bpf() syscall are not wrong. bpf_links attaching to netns in this case will return ENOLINK, which carries the message that the link is no longer attached to anything. Change cgroup bpf_links to do the same to keep the uAPI errors consistent. Fixes: 0c991ebc8c69 ("bpf: Implement bpf_prog replacement for an active bpf_cgroup_link") Suggested-by: Lorenz Bauer Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200531082846.2117903-6-jakub@cloudflare.com commit 7f045a49fee04b5662cbdeaf0838f9322ae8c63a Author: Jakub Sitnicki Date: Sun May 31 10:28:38 2020 +0200 bpf: Add link-based BPF program attachment to network namespace Extend bpf() syscall subcommands that operate on bpf_link, that is LINK_CREATE, LINK_UPDATE, OBJ_GET_INFO, to accept attach types tied to network namespaces (only flow dissector at the moment). Link-based and prog-based attachment can be used interchangeably, but only one can exist at a time. Attempts to attach a link when a prog is already attached directly, and the other way around, will be met with -EEXIST. Attempts to detach a program when link exists result in -EINVAL. Attachment of multiple links of same attach type to one netns is not supported with the intention to lift the restriction when a use-case presents itself. Because of that link create returns -E2BIG when trying to create another netns link, when one already exists. Link-based attachments to netns don't keep a netns alive by holding a ref to it. Instead links get auto-detached from netns when the latter is being destroyed, using a pernet pre_exit callback. When auto-detached, link lives in defunct state as long there are open FDs for it. -ENOLINK is returned if a user tries to update a defunct link. Because bpf_link to netns doesn't hold a ref to struct net, special care is taken when releasing, updating, or filling link info. The netns might be getting torn down when any of these link operations are in progress. That is why auto-detach and update/release/fill_info are synchronized by the same mutex. Also, link ops have to always check if auto-detach has not happened yet and if netns is still alive (refcnt > 0). Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200531082846.2117903-5-jakub@cloudflare.com commit b27f7bb590ba835b32ef122389db158e44cfda1e Author: Jakub Sitnicki Date: Sun May 31 10:28:37 2020 +0200 flow_dissector: Move out netns_bpf prog callbacks Move functions to manage BPF programs attached to netns that are not specific to flow dissector to a dedicated module named bpf/net_namespace.c. The set of functions will grow with the addition of bpf_link support for netns attached programs. This patch prepares ground by creating a place for it. This is a code move with no functional changes intended. Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20200531082846.2117903-4-jakub@cloudflare.com commit a3fd7ceee05431d2c51ed86c6cae015d236a51f0 Author: Jakub Sitnicki Date: Sun May 31 10:28:36 2020 +0200 net: Introduce netns_bpf for BPF programs attached to netns In order to: (1) attach more than one BPF program type to netns, or (2) support attaching BPF programs to netns with bpf_link, or (3) support multi-prog attach points for netns we will need to keep more state per netns than a single pointer like we have now for BPF flow dissector program. Prepare for the above by extracting netns_bpf that is part of struct net, for storing all state related to BPF programs attached to netns. Turn flow dissector callbacks for querying/attaching/detaching a program into generic ones that operate on netns_bpf. Next patch will move the generic callbacks into their own module. This is similar to how it is organized for cgroup with cgroup_bpf. Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Cc: Stanislav Fomichev Link: https://lore.kernel.org/bpf/20200531082846.2117903-3-jakub@cloudflare.com commit 171526f6fee84de0c39e2b7aa7e666ba0bbfd173 Author: Jakub Sitnicki Date: Sun May 31 10:28:35 2020 +0200 flow_dissector: Pull locking up from prog attach callback Split out the part of attach callback that happens with attach/detach lock acquired. This structures the prog attach callback in a way that opens up doors for moving the locking out of flow_dissector and into generic callbacks for attaching/detaching progs to netns in subsequent patches. Signed-off-by: Jakub Sitnicki Signed-off-by: Alexei Starovoitov Reviewed-by: Stanislav Fomichev Link: https://lore.kernel.org/bpf/20200531082846.2117903-2-jakub@cloudflare.com commit 533b220f7be4e461a5222a223d169b42856741ef Merge: 3ee3723b40d5 082af5ec5080 Author: Linus Torvalds Date: Mon Jun 1 15:18:27 2020 -0700 Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 updates from Will Deacon: "A sizeable pile of arm64 updates for 5.8. Summary below, but the big two features are support for Branch Target Identification and Clang's Shadow Call stack. The latter is currently arm64-only, but the high-level parts are all in core code so it could easily be adopted by other architectures pending toolchain support Branch Target Identification (BTI): - Support for ARMv8.5-BTI in both user- and kernel-space. This allows branch targets to limit the types of branch from which they can be called and additionally prevents branching to arbitrary code, although kernel support requires a very recent toolchain. - Function annotation via SYM_FUNC_START() so that assembly functions are wrapped with the relevant "landing pad" instructions. - BPF and vDSO updates to use the new instructions. - Addition of a new HWCAP and exposure of BTI capability to userspace via ID register emulation, along with ELF loader support for the BTI feature in .note.gnu.property. - Non-critical fixes to CFI unwind annotations in the sigreturn trampoline. Shadow Call Stack (SCS): - Support for Clang's Shadow Call Stack feature, which reserves platform register x18 to point at a separate stack for each task that holds only return addresses. This protects function return control flow from buffer overruns on the main stack. - Save/restore of x18 across problematic boundaries (user-mode, hypervisor, EFI, suspend, etc). - Core support for SCS, should other architectures want to use it too. - SCS overflow checking on context-switch as part of the existing stack limit check if CONFIG_SCHED_STACK_END_CHECK=y. CPU feature detection: - Removed numerous "SANITY CHECK" errors when running on a system with mismatched AArch32 support at EL1. This is primarily a concern for KVM, which disabled support for 32-bit guests on such a system. - Addition of new ID registers and fields as the architecture has been extended. Perf and PMU drivers: - Minor fixes and cleanups to system PMU drivers. Hardware errata: - Unify KVM workarounds for VHE and nVHE configurations. - Sort vendor errata entries in Kconfig. Secure Monitor Call Calling Convention (SMCCC): - Update to the latest specification from Arm (v1.2). - Allow PSCI code to query the SMCCC version. Software Delegated Exception Interface (SDEI): - Unexport a bunch of unused symbols. - Minor fixes to handling of firmware data. Pointer authentication: - Add support for dumping the kernel PAC mask in vmcoreinfo so that the stack can be unwound by tools such as kdump. - Simplification of key initialisation during CPU bringup. BPF backend: - Improve immediate generation for logical and add/sub instructions. vDSO: - Minor fixes to the linker flags for consistency with other architectures and support for LLVM's unwinder. - Clean up logic to initialise and map the vDSO into userspace. ACPI: - Work around for an ambiguity in the IORT specification relating to the "num_ids" field. - Support _DMA method for all named components rather than only PCIe root complexes. - Minor other IORT-related fixes. Miscellaneous: - Initialise debug traps early for KGDB and fix KDB cacheflushing deadlock. - Minor tweaks to early boot state (documentation update, set TEXT_OFFSET to 0x0, increase alignment of PE/COFF sections). - Refactoring and cleanup" * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (148 commits) KVM: arm64: Move __load_guest_stage2 to kvm_mmu.h KVM: arm64: Check advertised Stage-2 page size capability arm64/cpufeature: Add get_arm64_ftr_reg_nowarn() ACPI/IORT: Remove the unused __get_pci_rid() arm64/cpuinfo: Add ID_MMFR4_EL1 into the cpuinfo_arm64 context arm64/cpufeature: Add remaining feature bits in ID_AA64PFR1 register arm64/cpufeature: Add remaining feature bits in ID_AA64PFR0 register arm64/cpufeature: Add remaining feature bits in ID_AA64ISAR0 register arm64/cpufeature: Add remaining feature bits in ID_MMFR4 register arm64/cpufeature: Add remaining feature bits in ID_PFR0 register arm64/cpufeature: Introduce ID_MMFR5 CPU register arm64/cpufeature: Introduce ID_DFR1 CPU register arm64/cpufeature: Introduce ID_PFR2 CPU register arm64/cpufeature: Make doublelock a signed feature in ID_AA64DFR0 arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register arm64/cpufeature: Add explicit ftr_id_isar0[] for ID_ISAR0 register arm64: mm: Add asid_gen_match() helper firmware: smccc: Fix missing prototype warning for arm_smccc_version_init arm64: vdso: Fix CFI directives in sigreturn trampoline arm64: vdso: Don't prefix sigreturn trampoline with a BTI C instruction ... commit 3ee3723b40d55f473b8c82c60ed0e67f1f9ec6b9 Merge: 4e909124f8ed 3381df095419 Author: Linus Torvalds Date: Mon Jun 1 15:17:16 2020 -0700 Merge tag 'm68k-for-v5.8-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k updates from Geert Uytterhoeven: - several Mac fixes - defconfig updates - minor cleanups and fixes * tag 'm68k-for-v5.8-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k: tools: Replace zero-length array with flexible-array member m68k: Add missing __user annotation in get_user() m68k: mac: Avoid stuck ISM IOP interrupt on Quadra 900/950 m68k: mac: Remove misleading comment m68k: mac: Don't call via_flush_cache() on Mac IIfx m68k: defconfig: Update defconfigs for v5.7-rc1 m68k: amiga: config: Replace zero-length array with flexible-array member m68k: amiga: config: Mark expected switch fall-through commit febeb6dff7beafcaf89521f6c8ff7b0adac08d54 Author: Andrii Nakryiko Date: Mon Jun 1 13:26:01 2020 -0700 libbpf: Add _GNU_SOURCE for reallocarray to ringbuf.c On systems with recent enough glibc, reallocarray compat won't kick in, so reallocarray() itself has to come from stdlib.h include. But _GNU_SOURCE is necessary to enable it. So add it. Fixes: bf99c936f947 ("libbpf: Add BPF ring buffer support") Signed-off-by: Andrii Nakryiko Signed-off-by: Alexei Starovoitov Acked-by: Song Liu Link: https://lore.kernel.org/bpf/20200601202601.2139477-1-andriin@fb.com commit 958a3f2d2aff896ae2a622878e456114f4a4cd15 Author: Jiri Olsa Date: Sun May 31 17:42:55 2020 +0200 bpf: Use tracing helpers for lsm programs Currenty lsm uses bpf_tracing_func_proto helpers which do not include stack trace or perf event output. It's useful to have those for bpftrace lsm support [1]. Using tracing_prog_func_proto helpers for lsm programs. [1] https://github.com/iovisor/bpftrace/pull/1347 Signed-off-by: Jiri Olsa Signed-off-by: Alexei Starovoitov Cc: KP Singh Link: https://lore.kernel.org/bpf/20200531154255.896551-1-jolsa@kernel.org commit 1b698fa5d8ef958007c455e316aa44c37ab3c5fb Author: Lorenzo Bianconi Date: Thu May 28 22:47:29 2020 +0200 xdp: Rename convert_to_xdp_frame in xdp_convert_buff_to_frame In order to use standard 'xdp' prefix, rename convert_to_xdp_frame utility routine in xdp_convert_buff_to_frame and replace all the occurrences Signed-off-by: Lorenzo Bianconi Signed-off-by: Alexei Starovoitov Acked-by: Jesper Dangaard Brouer Link: https://lore.kernel.org/bpf/6344f739be0d1a08ab2b9607584c4d5478c8c083.1590698295.git.lorenzo@kernel.org commit fc37987265b5979129a72c672b20245119768fb8 Author: Lorenzo Bianconi Date: Thu May 28 22:47:28 2020 +0200 xdp: Introduce xdp_convert_frame_to_buff utility routine Introduce xdp_convert_frame_to_buff utility routine to initialize xdp_buff fields from xdp_frames ones. Rely on xdp_convert_frame_to_buff in veth xdp code. Suggested-by: Jesper Dangaard Brouer Signed-off-by: Lorenzo Bianconi Signed-off-by: Alexei Starovoitov Acked-by: Jesper Dangaard Brouer Link: https://lore.kernel.org/bpf/87acf133073c4b2d4cbb8097e8c2480c0a0fac32.1590698295.git.lorenzo@kernel.org commit c48a24f00e7a8b90c817e3f7aa800a3150bb83d0 Merge: bb2359f4dbe9 9c441fe4c06a Author: Alexei Starovoitov Date: Mon Jun 1 14:57:15 2020 -0700 Merge branch 'bpf_setsockopt-SO_BINDTODEVICE' Ferenc Fejes says: ==================== This option makes it possible to programatically bind sockets to netdevices. With the help of this option sockets of VRF unaware applications could be distributed between multiple VRFs with an eBPF program. This lets the applications benefit from multiple possible routes. v2: - splitting up the patch to three parts - lock_sk parameter for optional locking in sock_bindtoindex - Stanislav Fomichev - testing the SO_BINDTODEVICE option - Andrii Nakryiko ==================== Signed-off-by: Alexei Starovoitov commit 9c441fe4c06a553ad770b6f21616327a3badf793 Author: Ferenc Fejes Date: Sat May 30 23:09:02 2020 +0200 selftests/bpf: Add test for SO_BINDTODEVICE opt of bpf_setsockopt This test intended to verify if SO_BINDTODEVICE option works in bpf_setsockopt. Because we already in the SOL_SOCKET level in this connect bpf prog its safe to verify the sanity in the beginning of the connect_v4_prog by calling the bind_to_device test helper. The testing environment already created by the test_sock_addr.sh script so this test assume that two netdevices already existing in the system: veth pair with names test_sock_addr1 and test_sock_addr2. The test will try to bind the socket to those devices first. Then the test assume there are no netdevice with "nonexistent_dev" name so the bpf_setsockopt will give use ENODEV error. At the end the test remove the device binding from the socket by binding it to an empty name. Signed-off-by: Ferenc Fejes Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/3f055b8e45c65639c5c73d0b4b6c589e60b86f15.1590871065.git.fejes@inf.elte.hu commit 70c58997c1e864c96dfdf072572047303db8f42a Author: Ferenc Fejes Date: Sat May 30 23:09:01 2020 +0200 bpf: Allow SO_BINDTODEVICE opt in bpf_setsockopt Extending the supported sockopts in bpf_setsockopt with SO_BINDTODEVICE. We call sock_bindtoindex with parameter lock_sk = false in this context because we already owning the socket. Signed-off-by: Ferenc Fejes Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/4149e304867b8d5a606a305bc59e29b063e51f49.1590871065.git.fejes@inf.elte.hu commit 8ea204c2b658eaef55b4716fde469fb66c589a3d Author: Ferenc Fejes Date: Sat May 30 23:09:00 2020 +0200 net: Make locking in sock_bindtoindex optional The sock_bindtoindex intended for kernel wide usage however it will lock the socket regardless of the context. This modification relax this behavior optionally: locking the socket will be optional by calling the sock_bindtoindex with lock_sk = true. The modification applied to all users of the sock_bindtoindex. Signed-off-by: Ferenc Fejes Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/bee6355da40d9e991b2f2d12b67d55ebb5f5b207.1590871065.git.fejes@inf.elte.hu commit 4e909124f8ed54b13e07e42273c3452b7deb5a0b Merge: 88bc1de11cf5 cd2f45b7514c Author: Linus Torvalds Date: Mon Jun 1 14:50:41 2020 -0700 Merge tag 'x86-vdso-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 vdso updates from Ingo Molnar: "Clean up various aspects of the vDSO code, no change in functionality intended" * tag 'x86-vdso-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/vdso/Makefile: Add vobjs32 x86/vdso/vdso2c: Convert iterators to unsigned x86/vdso/vdso2c: Correct error messages on file open commit bb2359f4dbe98e8863b4e885fc09269ef4682ec3 Author: Denis Efremov Date: Mon Jun 1 19:28:14 2020 +0300 bpf: Change kvfree to kfree in generic_map_lookup_batch() buf_prevkey in generic_map_lookup_batch() is allocated with kmalloc(). It's safe to free it with kfree(). Fixes: cb4d03ab499d ("bpf: Add generic support for lookup batch op") Signed-off-by: Denis Efremov Signed-off-by: Alexei Starovoitov Acked-by: Song Liu Link: https://lore.kernel.org/bpf/20200601162814.17426-1-efremov@linux.com Signed-off-by: Alexei Starovoitov commit 7b805819c412e822c0bd58252b46188cddc60300 Merge: df8fe57c071c 463bac5f1ca7 Author: Alexei Starovoitov Date: Mon Jun 1 14:16:48 2020 -0700 Merge branch 'fix-ktls-with-sk_skb_verdict' John Fastabend says: ==================== If a socket is running a BPF_SK_SKB_SREAM_VERDICT program and KTLS is enabled the data stream may be broken if both TLS stream parser and BPF stream parser try to handle data. Fix this here by making KTLS stream parser run first to ensure TLS messages are received correctly and then calling the verdict program. This analogous to how we handle a similar conflict on the TX side. Note, this is a fix but it doesn't make sense to push this late to bpf tree so targeting bpf-next and keeping fixes tags. ==================== Signed-off-by: Alexei Starovoitov commit df8fe57c071c58f355d0a4985ecd2fcaf99b050f Author: Alexei Starovoitov Date: Mon Jun 1 14:13:52 2020 -0700 tools/bpf: sync bpf.h Sync bpf.h into tool/include/uapi/ Signed-off-by: Alexei Starovoitov commit 463bac5f1ca79fcd964bf50426eab024fb4dd8a4 Author: John Fastabend Date: Fri May 29 16:07:19 2020 -0700 bpf, selftests: Add test for ktls with skb bpf ingress policy This adds a test for bpf ingress policy. To ensure data writes happen as expected with extra TLS headers we run these tests with data verification enabled by default. This will test receive packets have "PASS" stamped into the front of the payload. Signed-off-by: John Fastabend Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/159079363965.5745.3390806911628980210.stgit@john-Precision-5820-Tower Signed-off-by: Alexei Starovoitov commit 906312ca0d620cdcdb54d07594d26da0aed7eed2 Merge: b36e62eb8521 d39aec79e592 Author: Alexei Starovoitov Date: Mon Jun 1 13:49:33 2020 -0700 Merge branch 'xdp_devmap' David Ahern says: ==================== Implementation of Daniel's proposal for allowing DEVMAP entries to be a device index, program fd pair. Programs are run after XDP_REDIRECT and have access to both Rx device and Tx device. v4 - moved struct bpf_devmap_val from uapi to devmap.c, named the union and dropped the prefix from the elements - Jesper - fixed 2 bugs in selftests v3 - renamed struct to bpf_devmap_val - used offsetofend to check for expected map size, modification of Toke's comment - check for explicit value sizes - adjusted switch statement in dev_map_run_prog per Andrii's comment - changed SEC shortcut to xdp_devmap - changed selftests to use skeleton and new map declaration v2 - moved dev_map_ext_val definition to uapi to formalize the API for devmap extensions; add bpf_ prefix to the prog_fd and prog_id entries - changed devmap code to handle struct in a way that it can support future extensions - fixed subject in libbpf patch v1 - fixed prog put on invalid program - Toke - changed write value from id to fd per Toke's comments about capabilities - add test cases ==================== Signed-off-by: Alexei Starovoitov commit e91de6afa81c10e9f855c5695eb9a53168d96b73 Author: John Fastabend Date: Fri May 29 16:06:59 2020 -0700 bpf: Fix running sk_skb program types with ktls KTLS uses a stream parser to collect TLS messages and send them to the upper layer tls receive handler. This ensures the tls receiver has a full TLS header to parse when it is run. However, when a socket has BPF_SK_SKB_STREAM_VERDICT program attached before KTLS is enabled we end up with two stream parsers running on the same socket. The result is both try to run on the same socket. First the KTLS stream parser runs and calls read_sock() which will tcp_read_sock which in turn calls tcp_rcv_skb(). This dequeues the skb from the sk_receive_queue. When this is done KTLS code then data_ready() callback which because we stacked KTLS on top of the bpf stream verdict program has been replaced with sk_psock_start_strp(). This will in turn kick the stream parser again and eventually do the same thing KTLS did above calling into tcp_rcv_skb() and dequeuing a skb from the sk_receive_queue. At this point the data stream is broke. Part of the stream was handled by the KTLS side some other bytes may have been handled by the BPF side. Generally this results in either missing data or more likely a "Bad Message" complaint from the kTLS receive handler as the BPF program steals some bytes meant to be in a TLS header and/or the TLS header length is no longer correct. We've already broke the idealized model where we can stack ULPs in any order with generic callbacks on the TX side to handle this. So in this patch we do the same thing but for RX side. We add a sk_psock_strp_enabled() helper so TLS can learn a BPF verdict program is running and add a tls_sw_has_ctx_rx() helper so BPF side can learn there is a TLS ULP on the socket. Then on BPF side we omit calling our stream parser to avoid breaking the data stream for the KTLS receiver. Then on the KTLS side we call BPF_SK_SKB_STREAM_VERDICT once the KTLS receiver is done with the packet but before it posts the msg to userspace. This gives us symmetry between the TX and RX halfs and IMO makes it usable again. On the TX side we process packets in this order BPF -> TLS -> TCP and on the receive side in the reverse order TCP -> TLS -> BPF. Discovered while testing OpenSSL 3.0 Alpha2.0 release. Fixes: d829e9c4112b5 ("tls: convert to generic sk_msg interface") Signed-off-by: John Fastabend Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/159079361946.5745.605854335665044485.stgit@john-Precision-5820-Tower Signed-off-by: Alexei Starovoitov commit d39aec79e5923bf984df991ffe51d4a2b7a9e746 Author: David Ahern Date: Fri May 29 16:07:16 2020 -0600 selftest: Add tests for XDP programs in devmap entries Add tests to verify ability to add an XDP program to a entry in a DEVMAP. Add negative tests to show DEVMAP programs can not be attached to devices as a normal XDP program, and accesses to egress_ifindex require BPF_XDP_DEVMAP attach type. Signed-off-by: David Ahern Signed-off-by: Alexei Starovoitov Acked-by: Toke Høiland-Jørgensen Link: https://lore.kernel.org/bpf/20200529220716.75383-6-dsahern@kernel.org Signed-off-by: Alexei Starovoitov commit ca2f5f21dbbd5e3a00cd3e97f728aa2ca0b2e011 Author: John Fastabend Date: Fri May 29 16:06:41 2020 -0700 bpf: Refactor sockmap redirect code so its easy to reuse We will need this block of code called from tls context shortly lets refactor the redirect logic so its easy to use. This also cleans up the switch stmt so we have fewer fallthrough cases. No logic changes are intended. Fixes: d829e9c4112b5 ("tls: convert to generic sk_msg interface") Signed-off-by: John Fastabend Signed-off-by: Alexei Starovoitov Reviewed-by: Jakub Sitnicki Acked-by: Song Liu Link: https://lore.kernel.org/bpf/159079360110.5745.7024009076049029819.stgit@john-Precision-5820-Tower Signed-off-by: Alexei Starovoitov commit 2778797037a658be71a6c55b54700bf58ba21eb7 Author: David Ahern Date: Fri May 29 16:07:15 2020 -0600 libbpf: Add SEC name for xdp programs attached to device map Support SEC("xdp_devmap*") as a short cut for loading the program with type BPF_PROG_TYPE_XDP and expected attach type BPF_XDP_DEVMAP. Signed-off-by: David Ahern Signed-off-by: Alexei Starovoitov Acked-by: Toke Høiland-Jørgensen Link: https://lore.kernel.org/bpf/20200529220716.75383-5-dsahern@kernel.org Signed-off-by: Alexei Starovoitov commit 64b59025c15b244c0954cf52b24fbabfcf5ed8f6 Author: David Ahern Date: Fri May 29 16:07:14 2020 -0600 xdp: Add xdp_txq_info to xdp_buff Add xdp_txq_info as the Tx counterpart to xdp_rxq_info. At the moment only the device is added. Other fields (queue_index) can be added as use cases arise. >From a UAPI perspective, add egress_ifindex to xdp context for bpf programs to see the Tx device. Update the verifier to only allow accesses to egress_ifindex by XDP programs with BPF_XDP_DEVMAP expected attach type. Signed-off-by: David Ahern Signed-off-by: Alexei Starovoitov Acked-by: Toke Høiland-Jørgensen Link: https://lore.kernel.org/bpf/20200529220716.75383-4-dsahern@kernel.org Signed-off-by: Alexei Starovoitov commit fbee97feed9b3e4acdf9590e1f6b4a2eefecfffe Author: David Ahern Date: Fri May 29 16:07:13 2020 -0600 bpf: Add support to attach bpf program to a devmap entry Add BPF_XDP_DEVMAP attach type for use with programs associated with a DEVMAP entry. Allow DEVMAPs to associate a program with a device entry by adding a bpf_prog.fd to 'struct bpf_devmap_val'. Values read show the program id, so the fd and id are a union. bpf programs can get access to the struct via vmlinux.h. The program associated with the fd must have type XDP with expected attach type BPF_XDP_DEVMAP. When a program is associated with a device index, the program is run on an XDP_REDIRECT and before the buffer is added to the per-cpu queue. At this point rxq data is still valid; the next patch adds tx device information allowing the prorgam to see both ingress and egress device indices. XDP generic is skb based and XDP programs do not work with skb's. Block the use case by walking maps used by a program that is to be attached via xdpgeneric and fail if any of them are DEVMAP / DEVMAP_HASH with Block attach of BPF_XDP_DEVMAP programs to devices. Signed-off-by: David Ahern Signed-off-by: Alexei Starovoitov Acked-by: Toke Høiland-Jørgensen Link: https://lore.kernel.org/bpf/20200529220716.75383-3-dsahern@kernel.org Signed-off-by: Alexei Starovoitov commit b36e62eb85215a60916f910070f6d494b4f3e73a Author: Yonghong Song Date: Thu May 28 17:48:10 2020 -0700 bpf: Use strncpy_from_unsafe_strict() in bpf_seq_printf() helper In bpf_seq_printf() helper, when user specified a "%s" in the format string, strncpy_from_unsafe() is used to read the actual string to a buffer. The string could be a format string or a string in the kernel data structure. It is really unlikely that the string will reside in the user memory. This is different from Commit b2a5212fb634 ("bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier") which still used strncpy_from_unsafe() for "%s" to preserve the old behavior. If in the future, bpf_seq_printf() indeed needs to read user memory, we can implement "%pus" format string. Based on discussion in [1], if the intent is to read kernel memory, strncpy_from_unsafe_strict() should be used. So this patch changed to use strncpy_from_unsafe_strict(). [1]: https://lore.kernel.org/bpf/20200521152301.2587579-1-hch@lst.de/T/ Fixes: 492e639f0c22 ("bpf: Add bpf_seq_printf and bpf_seq_write helpers") Signed-off-by: Yonghong Song Signed-off-by: Alexei Starovoitov Acked-by: Song Liu Cc: Christoph Hellwig Link: https://lore.kernel.org/bpf/20200529004810.3352219-1-yhs@fb.com Signed-off-by: Alexei Starovoitov commit 7f1c04269fe7b3293dea38ea65da4fd6614d6f80 Author: David Ahern Date: Fri May 29 16:07:12 2020 -0600 devmap: Formalize map value as a named struct Add 'struct bpf_devmap_val' to formalize the expected values that can be passed in for a DEVMAP. Update devmap code to use the struct. Signed-off-by: David Ahern Signed-off-by: Alexei Starovoitov Acked-by: Toke Høiland-Jørgensen Link: https://lore.kernel.org/bpf/20200529220716.75383-2-dsahern@kernel.org Signed-off-by: Alexei Starovoitov commit 88bc1de11cf5b5fa14dbeff7c613ce62fdfae7f6 Merge: 0a319ef75d93 33649bf4494c Author: Linus Torvalds Date: Mon Jun 1 14:48:20 2020 -0700 Merge tag 'x86-platform-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 platform updates from Ingo Molnar: "This tree cleans up various aspects of the UV platform support code, it removes unnecessary functions and cleans up the rest" * tag 'x86-platform-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/apic/uv: Remove code for unused distributed GRU mode x86/platform/uv: Remove the unused _uv_cpu_blade_processor_id() macro x86/platform/uv: Unexport uv_apicid_hibits x86/platform/uv: Remove _uv_hub_info_check() x86/platform/uv: Simplify uv_send_IPI_one() x86/platform/uv: Mark uv_min_hub_revision_id static x86/platform/uv: Mark is_uv_hubless() static x86/platform/uv: Remove the UV*_HUB_IS_SUPPORTED macros x86/platform/uv: Unexport symbols only used by x2apic_uv_x.c x86/platform/uv: Unexport sn_coherency_id x86/platform/uv: Remove the uv_partition_coherence_id() macro x86/platform/uv: Mark uv_bios_call() and uv_bios_call_irqsave() static commit 027690c75e8fd91b60a634d31c4891a6e39d45bd Author: J. Bruce Fields Date: Mon Jun 1 17:44:45 2020 -0400 nfsd4: make drc_slab global, not per-net I made every global per-network-namespace instead. But perhaps doing that to this slab was a step too far. The kmem_cache_create call in our net init method also seems to be responsible for this lockdep warning: [ 45.163710] Unable to find swap-space signature [ 45.375718] trinity-c1 (855): attempted to duplicate a private mapping with mremap. This is not supported. [ 46.055744] futex_wake_op: trinity-c1 tries to shift op by -209; fix this program [ 51.011723] [ 51.013378] ====================================================== [ 51.013875] WARNING: possible circular locking dependency detected [ 51.014378] 5.2.0-rc2 #1 Not tainted [ 51.014672] ------------------------------------------------------ [ 51.015182] trinity-c2/886 is trying to acquire lock: [ 51.015593] 000000005405f099 (slab_mutex){+.+.}, at: slab_attr_store+0xa2/0x130 [ 51.016190] [ 51.016190] but task is already holding lock: [ 51.016652] 00000000ac662005 (kn->count#43){++++}, at: kernfs_fop_write+0x286/0x500 [ 51.017266] [ 51.017266] which lock already depends on the new lock. [ 51.017266] [ 51.017909] [ 51.017909] the existing dependency chain (in reverse order) is: [ 51.018497] [ 51.018497] -> #1 (kn->count#43){++++}: [ 51.018956] __lock_acquire+0x7cf/0x1a20 [ 51.019317] lock_acquire+0x17d/0x390 [ 51.019658] __kernfs_remove+0x892/0xae0 [ 51.020020] kernfs_remove_by_name_ns+0x78/0x110 [ 51.020435] sysfs_remove_link+0x55/0xb0 [ 51.020832] sysfs_slab_add+0xc1/0x3e0 [ 51.021332] __kmem_cache_create+0x155/0x200 [ 51.021720] create_cache+0xf5/0x320 [ 51.022054] kmem_cache_create_usercopy+0x179/0x320 [ 51.022486] kmem_cache_create+0x1a/0x30 [ 51.022867] nfsd_reply_cache_init+0x278/0x560 [ 51.023266] nfsd_init_net+0x20f/0x5e0 [ 51.023623] ops_init+0xcb/0x4b0 [ 51.023928] setup_net+0x2fe/0x670 [ 51.024315] copy_net_ns+0x30a/0x3f0 [ 51.024653] create_new_namespaces+0x3c5/0x820 [ 51.025257] unshare_nsproxy_namespaces+0xd1/0x240 [ 51.025881] ksys_unshare+0x506/0x9c0 [ 51.026381] __x64_sys_unshare+0x3a/0x50 [ 51.026937] do_syscall_64+0x110/0x10b0 [ 51.027509] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.028175] [ 51.028175] -> #0 (slab_mutex){+.+.}: [ 51.028817] validate_chain+0x1c51/0x2cc0 [ 51.029422] __lock_acquire+0x7cf/0x1a20 [ 51.029947] lock_acquire+0x17d/0x390 [ 51.030438] __mutex_lock+0x100/0xfa0 [ 51.030995] mutex_lock_nested+0x27/0x30 [ 51.031516] slab_attr_store+0xa2/0x130 [ 51.032020] sysfs_kf_write+0x11d/0x180 [ 51.032529] kernfs_fop_write+0x32a/0x500 [ 51.033056] do_loop_readv_writev+0x21d/0x310 [ 51.033627] do_iter_write+0x2e5/0x380 [ 51.034148] vfs_writev+0x170/0x310 [ 51.034616] do_pwritev+0x13e/0x160 [ 51.035100] __x64_sys_pwritev+0xa3/0x110 [ 51.035633] do_syscall_64+0x110/0x10b0 [ 51.036200] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.036924] [ 51.036924] other info that might help us debug this: [ 51.036924] [ 51.037876] Possible unsafe locking scenario: [ 51.037876] [ 51.038556] CPU0 CPU1 [ 51.039130] ---- ---- [ 51.039676] lock(kn->count#43); [ 51.040084] lock(slab_mutex); [ 51.040597] lock(kn->count#43); [ 51.041062] lock(slab_mutex); [ 51.041320] [ 51.041320] *** DEADLOCK *** [ 51.041320] [ 51.041793] 3 locks held by trinity-c2/886: [ 51.042128] #0: 000000001f55e152 (sb_writers#5){.+.+}, at: vfs_writev+0x2b9/0x310 [ 51.042739] #1: 00000000c7d6c034 (&of->mutex){+.+.}, at: kernfs_fop_write+0x25b/0x500 [ 51.043400] #2: 00000000ac662005 (kn->count#43){++++}, at: kernfs_fop_write+0x286/0x500 Reported-by: kernel test robot Fixes: 3ba75830ce17 "drc containerization" Signed-off-by: J. Bruce Fields commit c3c16f2ea6d20159903cf93afbb1155f3d8348d5 Author: Amritha Nambiar Date: Tue May 26 17:34:36 2020 -0700 bpf: Add rx_queue_mapping to bpf_sock Add "rx_queue_mapping" to bpf_sock. This gives read access for the existing field (sk_rx_queue_mapping) of struct sock from bpf_sock. Semantics for the bpf_sock rx_queue_mapping access are similar to sk_rx_queue_get(), i.e the value NO_QUEUE_MAPPING is not allowed and -1 is returned in that case. This is useful for transmit queue selection based on the received queue index which is cached in the socket in the receive path. v3: Addressed review comments to add usecase in patch description, and fixed default value for rx_queue_mapping. v2: fixed build error for CONFIG_XPS wrapping, reported by kbuild test robot Signed-off-by: Amritha Nambiar Signed-off-by: Alexei Starovoitov commit e255d3273920dfd2d4e1cf2afe565b942c122219 Merge: 43dd115b1fff 97abb2b39682 Author: Daniel Borkmann Date: Fri May 29 17:11:09 2020 +0200 Merge branch 'bpf-ring-buffer' Andrii Nakryiko says: ==================== Implement a new BPF ring buffer, as presented at BPF virtual conference ([0]). It presents an alternative to perf buffer, following its semantics closely, but allowing sharing same instance of ring buffer across multiple CPUs efficiently. Most patches have extensive commentary explaining various aspects, so I'll keep cover letter short. Overall structure of the patch set: - patch #1 adds BPF ring buffer implementation to kernel and necessary verifier support; - patch #2 adds libbpf consumer implementation for BPF ringbuf; - patch #3 adds selftest, both for single BPF ring buf use case, as well as using it with array/hash of maps; - patch #4 adds extensive benchmarks and provide some analysis in commit message, it builds upon selftests/bpf's bench runner. - patch #5 adds most of patch #1 commit message as a doc under Documentation/bpf/ringbuf.rst. Litmus tests, validating consumer/producer protocols and memory orderings, were moved out as discussed in [1] and are going to be posted against -rcu tree and put under Documentation/litmus-tests/bpf-rb. [0] https://docs.google.com/presentation/d/18ITdg77Bj6YDOH2LghxrnFxiPWe0fAqcmJY95t_qr0w [1] https://lkml.org/lkml/2020/5/22/1011 v3->v4: - fix ringbuf freeing (vunmap, __free_page); verified with a trivial loop creating and closing ringbuf map endlessly (Daniel); v2->v3: - dropped unnecessary smp_wmb() (Paul); - verifier reference type enhancement patch was dropped (Alexei); - better verifier message for various memory access checks (Alexei); - clarified a bit roundup_len() bit shifting (Alexei); - converted doc to .rst (Alexei); - fixed warning on 32-bit arches regarding tautological ring area size check. v1->v2: - commit()/discard()/output() accept flags (NO_WAKEUP/FORCE_WAKEUP) (Stanislav); - bpf_ringbuf_query() added, returning available data size, ringbuf size, consumer/producer positions, needed to implement smarter notification policy (Stanislav); - added ringbuf UAPI constants to include/uapi/linux/bpf.h (Jonathan); - fixed sample size check, added proper ringbuf size check (Jonathan, Alexei); - wake_up_all() is done through irq_work (Alexei); - consistent use of smp_load_acquire/smp_store_release, no READ_ONCE/WRITE_ONCE (Alexei); - added Documentation/bpf/ringbuf.txt (Stanislav); - updated litmus test with smp_load_acquire/smp_store_release changes; - added ring_buffer__consume() API to libbpf for busy-polling; - ring_buffer__poll() on success returns number of records consumed; - fixed EPOLL notifications, don't assume available data, done similarly to perfbuf's implementation; - both ringbuf and perfbuf now have --rb-sampled mode, instead of pb-raw/pb-custom mode, updated benchmark results; - extended ringbuf selftests to validate epoll logic/manual notification logic, as well as bpf_ringbuf_query(). ==================== Signed-off-by: Daniel Borkmann commit 43dd115b1fffdd8d2c4cc15659c00b2a1addbc43 Author: Anton Protopopov Date: Wed May 27 18:57:00 2020 +0000 selftests/bpf: Add tests for write-only stacks/queues For write-only stacks and queues bpf_map_update_elem should be allowed, but bpf_map_lookup_elem and bpf_map_lookup_and_delete_elem should fail with EPERM. Signed-off-by: Anton Protopopov Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200527185700.14658-6-a.s.protopopov@gmail.com Signed-off-by: Alexei Starovoitov commit 97abb2b396821f21c21cee2d537bb4e0a0eef31b Author: Andrii Nakryiko Date: Fri May 29 00:54:24 2020 -0700 docs/bpf: Add BPF ring buffer design notes Add commit description from patch #1 as a stand-alone documentation under Documentation/bpf, as it might be more convenient format, in long term perspective. Suggested-by: Stanislav Fomichev Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200529075424.3139988-6-andriin@fb.com Signed-off-by: Alexei Starovoitov commit c97099b0f22722be7d0f290278a26d297cc4b7ca Author: Andrii Nakryiko Date: Fri May 29 00:54:23 2020 -0700 bpf: Add BPF ringbuf and perf buffer benchmarks Extend bench framework with ability to have benchmark-provided child argument parser for custom benchmark-specific parameters. This makes bench generic code modular and independent from any specific benchmark. Also implement a set of benchmarks for new BPF ring buffer and existing perf buffer. 4 benchmarks were implemented: 2 variations for each of BPF ringbuf and perfbuf:, - rb-libbpf utilizes stock libbpf ring_buffer manager for reading data; - rb-custom implements custom ring buffer setup and reading code, to eliminate overheads inherent in generic libbpf code due to callback functions and the need to update consumer position after each consumed record, instead of batching updates (due to pessimistic assumption that user callback might take long time and thus could unnecessarily hold ring buffer space for too long); - pb-libbpf uses stock libbpf perf_buffer code with all the default settings, though uses higher-performance raw event callback to minimize unnecessary overhead; - pb-custom implements its own custom consumer code to minimize any possible overhead of generic libbpf implementation and indirect function calls. All of the test support default, no data notification skipped, mode, as well as sampled mode (with --rb-sampled flag), which allows to trigger epoll notification less frequently and reduce overhead. As will be shown, this mode is especially critical for perf buffer, which suffers from high overhead of wakeups in kernel. Otherwise, all benchamrks implement similar way to generate a batch of records by using fentry/sys_getpgid BPF program, which pushes a bunch of records in a tight loop and records number of successful and dropped samples. Each record is a small 8-byte integer, to minimize the effect of memory copying with bpf_perf_event_output() and bpf_ringbuf_output(). Benchmarks that have only one producer implement optional back-to-back mode, in which record production and consumption is alternating on the same CPU. This is the highest-throughput happy case, showing ultimate performance achievable with either BPF ringbuf or perfbuf. All the below scenarios are implemented in a script in benchs/run_bench_ringbufs.sh. Tests were performed on 28-core/56-thread Intel Xeon CPU E5-2680 v4 @ 2.40GHz CPU. Single-producer, parallel producer ================================== rb-libbpf 12.054 ± 0.320M/s (drops 0.000 ± 0.000M/s) rb-custom 8.158 ± 0.118M/s (drops 0.001 ± 0.003M/s) pb-libbpf 0.931 ± 0.007M/s (drops 0.000 ± 0.000M/s) pb-custom 0.965 ± 0.003M/s (drops 0.000 ± 0.000M/s) Single-producer, parallel producer, sampled notification ======================================================== rb-libbpf 11.563 ± 0.067M/s (drops 0.000 ± 0.000M/s) rb-custom 15.895 ± 0.076M/s (drops 0.000 ± 0.000M/s) pb-libbpf 9.889 ± 0.032M/s (drops 0.000 ± 0.000M/s) pb-custom 9.866 ± 0.028M/s (drops 0.000 ± 0.000M/s) Single producer on one CPU, consumer on another one, both running at full speed. Curiously, rb-libbpf has higher throughput than objectively faster (due to more lightweight consumer code path) rb-custom. It appears that faster consumer causes kernel to send notifications more frequently, because consumer appears to be caught up more frequently. Performance of perfbuf suffers from default "no sampling" policy and huge overhead that causes. In sampled mode, rb-custom is winning very significantly eliminating too frequent in-kernel wakeups, the gain appears to be more than 2x. Perf buffer achieves even more impressive wins, compared to stock perfbuf settings, with 10x improvements in throughput with 1:500 sampling rate. The trade-off is that with sampling, application might not get next X events until X+1st arrives, which is not always acceptable. With steady influx of events, though, this shouldn't be a problem. Overall, single-producer performance of ring buffers seems to be better no matter the sampled/non-sampled modes, but it especially beats ring buffer without sampling due to its adaptive notification approach. Single-producer, back-to-back mode ================================== rb-libbpf 15.507 ± 0.247M/s (drops 0.000 ± 0.000M/s) rb-libbpf-sampled 14.692 ± 0.195M/s (drops 0.000 ± 0.000M/s) rb-custom 21.449 ± 0.157M/s (drops 0.000 ± 0.000M/s) rb-custom-sampled 20.024 ± 0.386M/s (drops 0.000 ± 0.000M/s) pb-libbpf 1.601 ± 0.015M/s (drops 0.000 ± 0.000M/s) pb-libbpf-sampled 8.545 ± 0.064M/s (drops 0.000 ± 0.000M/s) pb-custom 1.607 ± 0.022M/s (drops 0.000 ± 0.000M/s) pb-custom-sampled 8.988 ± 0.144M/s (drops 0.000 ± 0.000M/s) Here we test a back-to-back mode, which is arguably best-case scenario both for BPF ringbuf and perfbuf, because there is no contention and for ringbuf also no excessive notification, because consumer appears to be behind after the first record. For ringbuf, custom consumer code clearly wins with 21.5 vs 16 million records per second exchanged between producer and consumer. Sampled mode actually hurts a bit due to slightly slower producer logic (it needs to fetch amount of data available to decide whether to skip or force notification). Perfbuf with wakeup sampling gets 5.5x throughput increase, compared to no-sampling version. There also doesn't seem to be noticeable overhead from generic libbpf handling code. Perfbuf back-to-back, effect of sample rate =========================================== pb-sampled-1 1.035 ± 0.012M/s (drops 0.000 ± 0.000M/s) pb-sampled-5 3.476 ± 0.087M/s (drops 0.000 ± 0.000M/s) pb-sampled-10 5.094 ± 0.136M/s (drops 0.000 ± 0.000M/s) pb-sampled-25 7.118 ± 0.153M/s (drops 0.000 ± 0.000M/s) pb-sampled-50 8.169 ± 0.156M/s (drops 0.000 ± 0.000M/s) pb-sampled-100 8.887 ± 0.136M/s (drops 0.000 ± 0.000M/s) pb-sampled-250 9.180 ± 0.209M/s (drops 0.000 ± 0.000M/s) pb-sampled-500 9.353 ± 0.281M/s (drops 0.000 ± 0.000M/s) pb-sampled-1000 9.411 ± 0.217M/s (drops 0.000 ± 0.000M/s) pb-sampled-2000 9.464 ± 0.167M/s (drops 0.000 ± 0.000M/s) pb-sampled-3000 9.575 ± 0.273M/s (drops 0.000 ± 0.000M/s) This benchmark shows the effect of event sampling for perfbuf. Back-to-back mode for highest throughput. Just doing every 5th record notification gives 3.5x speed up. 250-500 appears to be the point of diminishing return, with almost 9x speed up. Most benchmarks use 500 as the default sampling for pb-raw and pb-custom. Ringbuf back-to-back, effect of sample rate =========================================== rb-sampled-1 1.106 ± 0.010M/s (drops 0.000 ± 0.000M/s) rb-sampled-5 4.746 ± 0.149M/s (drops 0.000 ± 0.000M/s) rb-sampled-10 7.706 ± 0.164M/s (drops 0.000 ± 0.000M/s) rb-sampled-25 12.893 ± 0.273M/s (drops 0.000 ± 0.000M/s) rb-sampled-50 15.961 ± 0.361M/s (drops 0.000 ± 0.000M/s) rb-sampled-100 18.203 ± 0.445M/s (drops 0.000 ± 0.000M/s) rb-sampled-250 19.962 ± 0.786M/s (drops 0.000 ± 0.000M/s) rb-sampled-500 20.881 ± 0.551M/s (drops 0.000 ± 0.000M/s) rb-sampled-1000 21.317 ± 0.532M/s (drops 0.000 ± 0.000M/s) rb-sampled-2000 21.331 ± 0.535M/s (drops 0.000 ± 0.000M/s) rb-sampled-3000 21.688 ± 0.392M/s (drops 0.000 ± 0.000M/s) Similar benchmark for ring buffer also shows a great advantage (in terms of throughput) of skipping notifications. Skipping every 5th one gives 4x boost. Also similar to perfbuf case, 250-500 seems to be the point of diminishing returns, giving roughly 20x better results. Keep in mind, for this test, notifications are controlled manually with BPF_RB_NO_WAKEUP and BPF_RB_FORCE_WAKEUP. As can be seen from previous benchmarks, adaptive notifications based on consumer's positions provides same (or even slightly better due to simpler load generator on BPF side) benefits in favorable back-to-back scenario. Over zealous and fast consumer, which is almost always caught up, will make thoughput numbers smaller. That's the case when manual notification control might prove to be extremely beneficial. Ringbuf back-to-back, reserve+commit vs output ============================================== reserve 22.819 ± 0.503M/s (drops 0.000 ± 0.000M/s) output 18.906 ± 0.433M/s (drops 0.000 ± 0.000M/s) Ringbuf sampled, reserve+commit vs output ========================================= reserve-sampled 15.350 ± 0.132M/s (drops 0.000 ± 0.000M/s) output-sampled 14.195 ± 0.144M/s (drops 0.000 ± 0.000M/s) BPF ringbuf supports two sets of APIs with various usability and performance tradeoffs: bpf_ringbuf_reserve()+bpf_ringbuf_commit() vs bpf_ringbuf_output(). This benchmark clearly shows superiority of reserve+commit approach, despite using a small 8-byte record size. Single-producer, consumer/producer competing on the same CPU, low batch count ============================================================================= rb-libbpf 3.045 ± 0.020M/s (drops 3.536 ± 0.148M/s) rb-custom 3.055 ± 0.022M/s (drops 3.893 ± 0.066M/s) pb-libbpf 1.393 ± 0.024M/s (drops 0.000 ± 0.000M/s) pb-custom 1.407 ± 0.016M/s (drops 0.000 ± 0.000M/s) This benchmark shows one of the worst-case scenarios, in which producer and consumer do not coordinate *and* fight for the same CPU. No batch count and sampling settings were able to eliminate drops for ringbuffer, producer is just too fast for consumer to keep up. But ringbuf and perfbuf still able to pass through quite a lot of messages, which is more than enough for a lot of applications. Ringbuf, multi-producer contention ================================== rb-libbpf nr_prod 1 10.916 ± 0.399M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 2 4.931 ± 0.030M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 3 4.880 ± 0.006M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 4 3.926 ± 0.004M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 8 4.011 ± 0.004M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 12 3.967 ± 0.016M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 16 2.604 ± 0.030M/s (drops 0.001 ± 0.002M/s) rb-libbpf nr_prod 20 2.233 ± 0.003M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 24 2.085 ± 0.015M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 28 2.055 ± 0.004M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 32 1.962 ± 0.004M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 36 2.089 ± 0.005M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 40 2.118 ± 0.006M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 44 2.105 ± 0.004M/s (drops 0.000 ± 0.000M/s) rb-libbpf nr_prod 48 2.120 ± 0.058M/s (drops 0.000 ± 0.001M/s) rb-libbpf nr_prod 52 2.074 ± 0.024M/s (drops 0.007 ± 0.014M/s) Ringbuf uses a very short-duration spinlock during reservation phase, to check few invariants, increment producer count and set record header. This is the biggest point of contention for ringbuf implementation. This benchmark evaluates the effect of multiple competing writers on overall throughput of a single shared ringbuffer. Overall throughput drops almost 2x when going from single to two highly-contended producers, gradually dropping with additional competing producers. Performance drop stabilizes at around 20 producers and hovers around 2mln even with 50+ fighting producers, which is a 5x drop compared to non-contended case. Good kernel implementation in kernel helps maintain decent performance here. Note, that in the intended real-world scenarios, it's not expected to get even close to such a high levels of contention. But if contention will become a problem, there is always an option of sharding few ring buffers across a set of CPUs. Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200529075424.3139988-5-andriin@fb.com Signed-off-by: Alexei Starovoitov commit cb1c9ddd552520abd49031d47397c6e95bad882e Author: Andrii Nakryiko Date: Fri May 29 00:54:22 2020 -0700 selftests/bpf: Add BPF ringbuf selftests Both singleton BPF ringbuf and BPF ringbuf with map-in-map use cases are tested. Also reserve+submit/discards and output variants of API are validated. Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200529075424.3139988-4-andriin@fb.com Signed-off-by: Alexei Starovoitov commit bf99c936f9478a05d51e9f101f90de70bee9a89c Author: Andrii Nakryiko Date: Fri May 29 00:54:21 2020 -0700 libbpf: Add BPF ring buffer support Declaring and instantiating BPF ring buffer doesn't require any changes to libbpf, as it's just another type of maps. So using existing BTF-defined maps syntax with __uint(type, BPF_MAP_TYPE_RINGBUF) and __uint(max_elements, ) is all that's necessary to create and use BPF ring buffer. This patch adds BPF ring buffer consumer to libbpf. It is very similar to perf_buffer implementation in terms of API, but also attempts to fix some minor problems and inconveniences with existing perf_buffer API. ring_buffer support both single ring buffer use case (with just using ring_buffer__new()), as well as allows to add more ring buffers, each with its own callback and context. This allows to efficiently poll and consume multiple, potentially completely independent, ring buffers, using single epoll instance. The latter is actually a problem in practice for applications that are using multiple sets of perf buffers. They have to create multiple instances for struct perf_buffer and poll them independently or in a loop, each approach having its own problems (e.g., inability to use a common poll timeout). struct ring_buffer eliminates this problem by aggregating many independent ring buffer instances under the single "ring buffer manager". Second, perf_buffer's callback can't return error, so applications that need to stop polling due to error in data or data signalling the end, have to use extra mechanisms to signal that polling has to stop. ring_buffer's callback can return error, which will be passed through back to user code and can be acted upon appropariately. Two APIs allow to consume ring buffer data: - ring_buffer__poll(), which will wait for data availability notification and will consume data only from reported ring buffer(s); this API allows to efficiently use resources by reading data only when it becomes available; - ring_buffer__consume(), will attempt to read new records regardless of data availablity notification sub-system. This API is useful for cases when lowest latency is required, in expense of burning CPU resources. Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200529075424.3139988-3-andriin@fb.com Signed-off-by: Alexei Starovoitov commit 457f44363a8894135c85b7a9afd2bd8196db24ab Author: Andrii Nakryiko Date: Fri May 29 00:54:20 2020 -0700 bpf: Implement BPF ring buffer and verifier support for it This commit adds a new MPSC ring buffer implementation into BPF ecosystem, which allows multiple CPUs to submit data to a single shared ring buffer. On the consumption side, only single consumer is assumed. Motivation ---------- There are two distinctive motivators for this work, which are not satisfied by existing perf buffer, which prompted creation of a new ring buffer implementation. - more efficient memory utilization by sharing ring buffer across CPUs; - preserving ordering of events that happen sequentially in time, even across multiple CPUs (e.g., fork/exec/exit events for a task). These two problems are independent, but perf buffer fails to satisfy both. Both are a result of a choice to have per-CPU perf ring buffer. Both can be also solved by having an MPSC implementation of ring buffer. The ordering problem could technically be solved for perf buffer with some in-kernel counting, but given the first one requires an MPSC buffer, the same solution would solve the second problem automatically. Semantics and APIs ------------------ Single ring buffer is presented to BPF programs as an instance of BPF map of type BPF_MAP_TYPE_RINGBUF. Two other alternatives considered, but ultimately rejected. One way would be to, similar to BPF_MAP_TYPE_PERF_EVENT_ARRAY, make BPF_MAP_TYPE_RINGBUF could represent an array of ring buffers, but not enforce "same CPU only" rule. This would be more familiar interface compatible with existing perf buffer use in BPF, but would fail if application needed more advanced logic to lookup ring buffer by arbitrary key. HASH_OF_MAPS addresses this with current approach. Additionally, given the performance of BPF ringbuf, many use cases would just opt into a simple single ring buffer shared among all CPUs, for which current approach would be an overkill. Another approach could introduce a new concept, alongside BPF map, to represent generic "container" object, which doesn't necessarily have key/value interface with lookup/update/delete operations. This approach would add a lot of extra infrastructure that has to be built for observability and verifier support. It would also add another concept that BPF developers would have to familiarize themselves with, new syntax in libbpf, etc. But then would really provide no additional benefits over the approach of using a map. BPF_MAP_TYPE_RINGBUF doesn't support lookup/update/delete operations, but so doesn't few other map types (e.g., queue and stack; array doesn't support delete, etc). The approach chosen has an advantage of re-using existing BPF map infrastructure (introspection APIs in kernel, libbpf support, etc), being familiar concept (no need to teach users a new type of object in BPF program), and utilizing existing tooling (bpftool). For common scenario of using a single ring buffer for all CPUs, it's as simple and straightforward, as would be with a dedicated "container" object. On the other hand, by being a map, it can be combined with ARRAY_OF_MAPS and HASH_OF_MAPS map-in-maps to implement a wide variety of topologies, from one ring buffer for each CPU (e.g., as a replacement for perf buffer use cases), to a complicated application hashing/sharding of ring buffers (e.g., having a small pool of ring buffers with hashed task's tgid being a look up key to preserve order, but reduce contention). Key and value sizes are enforced to be zero. max_entries is used to specify the size of ring buffer and has to be a power of 2 value. There are a bunch of similarities between perf buffer (BPF_MAP_TYPE_PERF_EVENT_ARRAY) and new BPF ring buffer semantics: - variable-length records; - if there is no more space left in ring buffer, reservation fails, no blocking; - memory-mappable data area for user-space applications for ease of consumption and high performance; - epoll notifications for new incoming data; - but still the ability to do busy polling for new data to achieve the lowest latency, if necessary. BPF ringbuf provides two sets of APIs to BPF programs: - bpf_ringbuf_output() allows to *copy* data from one place to a ring buffer, similarly to bpf_perf_event_output(); - bpf_ringbuf_reserve()/bpf_ringbuf_commit()/bpf_ringbuf_discard() APIs split the whole process into two steps. First, a fixed amount of space is reserved. If successful, a pointer to a data inside ring buffer data area is returned, which BPF programs can use similarly to a data inside array/hash maps. Once ready, this piece of memory is either committed or discarded. Discard is similar to commit, but makes consumer ignore the record. bpf_ringbuf_output() has disadvantage of incurring extra memory copy, because record has to be prepared in some other place first. But it allows to submit records of the length that's not known to verifier beforehand. It also closely matches bpf_perf_event_output(), so will simplify migration significantly. bpf_ringbuf_reserve() avoids the extra copy of memory by providing a memory pointer directly to ring buffer memory. In a lot of cases records are larger than BPF stack space allows, so many programs have use extra per-CPU array as a temporary heap for preparing sample. bpf_ringbuf_reserve() avoid this needs completely. But in exchange, it only allows a known constant size of memory to be reserved, such that verifier can verify that BPF program can't access memory outside its reserved record space. bpf_ringbuf_output(), while slightly slower due to extra memory copy, covers some use cases that are not suitable for bpf_ringbuf_reserve(). The difference between commit and discard is very small. Discard just marks a record as discarded, and such records are supposed to be ignored by consumer code. Discard is useful for some advanced use-cases, such as ensuring all-or-nothing multi-record submission, or emulating temporary malloc()/free() within single BPF program invocation. Each reserved record is tracked by verifier through existing reference-tracking logic, similar to socket ref-tracking. It is thus impossible to reserve a record, but forget to submit (or discard) it. bpf_ringbuf_query() helper allows to query various properties of ring buffer. Currently 4 are supported: - BPF_RB_AVAIL_DATA returns amount of unconsumed data in ring buffer; - BPF_RB_RING_SIZE returns the size of ring buffer; - BPF_RB_CONS_POS/BPF_RB_PROD_POS returns current logical possition of consumer/producer, respectively. Returned values are momentarily snapshots of ring buffer state and could be off by the time helper returns, so this should be used only for debugging/reporting reasons or for implementing various heuristics, that take into account highly-changeable nature of some of those characteristics. One such heuristic might involve more fine-grained control over poll/epoll notifications about new data availability in ring buffer. Together with BPF_RB_NO_WAKEUP/BPF_RB_FORCE_WAKEUP flags for output/commit/discard helpers, it allows BPF program a high degree of control and, e.g., more efficient batched notifications. Default self-balancing strategy, though, should be adequate for most applications and will work reliable and efficiently already. Design and implementation ------------------------- This reserve/commit schema allows a natural way for multiple producers, either on different CPUs or even on the same CPU/in the same BPF program, to reserve independent records and work with them without blocking other producers. This means that if BPF program was interruped by another BPF program sharing the same ring buffer, they will both get a record reserved (provided there is enough space left) and can work with it and submit it independently. This applies to NMI context as well, except that due to using a spinlock during reservation, in NMI context, bpf_ringbuf_reserve() might fail to get a lock, in which case reservation will fail even if ring buffer is not full. The ring buffer itself internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters (which might wrap around on 32-bit architectures, that's not a problem): - consumer counter shows up to which logical position consumer consumed the data; - producer counter denotes amount of data reserved by all producers. Each time a record is reserved, producer that "owns" the record will successfully advance producer counter. At that point, data is still not yet ready to be consumed, though. Each record has 8 byte header, which contains the length of reserved record, as well as two extra bits: busy bit to denote that record is still being worked on, and discard bit, which might be set at commit time if record is discarded. In the latter case, consumer is supposed to skip the record and move on to the next one. Record header also encodes record's relative offset from the beginning of ring buffer data area (in pages). This allows bpf_ringbuf_commit()/bpf_ringbuf_discard() to accept only the pointer to the record itself, without requiring also the pointer to ring buffer itself. Ring buffer memory location will be restored from record metadata header. This significantly simplifies verifier, as well as improving API usability. Producer counter increments are serialized under spinlock, so there is a strict ordering between reservations. Commits, on the other hand, are completely lockless and independent. All records become available to consumer in the order of reservations, but only after all previous records where already committed. It is thus possible for slow producers to temporarily hold off submitted records, that were reserved later. Reservation/commit/consumer protocol is verified by litmus tests in Documentation/litmus-test/bpf-rb. One interesting implementation bit, that significantly simplifies (and thus speeds up as well) implementation of both producers and consumers is how data area is mapped twice contiguously back-to-back in the virtual memory. This allows to not take any special measures for samples that have to wrap around at the end of the circular buffer data area, because the next page after the last data page would be first data page again, and thus the sample will still appear completely contiguous in virtual memory. See comment and a simple ASCII diagram showing this visually in bpf_ringbuf_area_alloc(). Another feature that distinguishes BPF ringbuf from perf ring buffer is a self-pacing notifications of new data being availability. bpf_ringbuf_commit() implementation will send a notification of new record being available after commit only if consumer has already caught up right up to the record being committed. If not, consumer still has to catch up and thus will see new data anyways without needing an extra poll notification. Benchmarks (see tools/testing/selftests/bpf/benchs/bench_ringbuf.c) show that this allows to achieve a very high throughput without having to resort to tricks like "notify only every Nth sample", which are necessary with perf buffer. For extreme cases, when BPF program wants more manual control of notifications, commit/discard/output helpers accept BPF_RB_NO_WAKEUP and BPF_RB_FORCE_WAKEUP flags, which give full control over notifications of data availability, but require extra caution and diligence in using this API. Comparison to alternatives -------------------------- Before considering implementing BPF ring buffer from scratch existing alternatives in kernel were evaluated, but didn't seem to meet the needs. They largely fell into few categores: - per-CPU buffers (perf, ftrace, etc), which don't satisfy two motivations outlined above (ordering and memory consumption); - linked list-based implementations; while some were multi-producer designs, consuming these from user-space would be very complicated and most probably not performant; memory-mapping contiguous piece of memory is simpler and more performant for user-space consumers; - io_uring is SPSC, but also requires fixed-sized elements. Naively turning SPSC queue into MPSC w/ lock would have subpar performance compared to locked reserve + lockless commit, as with BPF ring buffer. Fixed sized elements would be too limiting for BPF programs, given existing BPF programs heavily rely on variable-sized perf buffer already; - specialized implementations (like a new printk ring buffer, [0]) with lots of printk-specific limitations and implications, that didn't seem to fit well for intended use with BPF programs. [0] https://lwn.net/Articles/779550/ Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200529075424.3139988-2-andriin@fb.com Signed-off-by: Alexei Starovoitov commit 1ea0f9120c8ce105ca181b070561df5cbd6bc049 Author: Anton Protopopov Date: Wed May 27 18:56:59 2020 +0000 bpf: Fix map permissions check The map_lookup_and_delete_elem() function should check for both FMODE_CAN_WRITE and FMODE_CAN_READ permissions because it returns a map element to user space. Fixes: bd513cd08f10 ("bpf: add MAP_LOOKUP_AND_DELETE_ELEM syscall") Signed-off-by: Anton Protopopov Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200527185700.14658-5-a.s.protopopov@gmail.com Signed-off-by: Alexei Starovoitov commit efbc3b8fe1e6259777670aadf931500545073c6c Author: Anton Protopopov Date: Wed May 27 18:56:58 2020 +0000 selftests/bpf: Cleanup comments in test_maps Make comments inside the test_map_rdonly and test_map_wronly tests consistent with logic. Signed-off-by: Anton Protopopov Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200527185700.14658-4-a.s.protopopov@gmail.com Signed-off-by: Alexei Starovoitov commit 36ef9a2d3f764a37cf3d8e619bfebf5c99c070a0 Author: Anton Protopopov Date: Wed May 27 18:56:57 2020 +0000 selftests/bpf: Cleanup some file descriptors in test_maps The test_map_rdonly and test_map_wronly tests should close file descriptors which they open. Signed-off-by: Anton Protopopov Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200527185700.14658-3-a.s.protopopov@gmail.com Signed-off-by: Alexei Starovoitov commit 204fb0413a92342d31f3e2557db0bb5babed586c Author: Anton Protopopov Date: Wed May 27 18:56:56 2020 +0000 selftests/bpf: Fix a typo in test_maps Trivial fix to a typo in the test_map_wronly test: "read" -> "write" Signed-off-by: Anton Protopopov Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200527185700.14658-2-a.s.protopopov@gmail.com Signed-off-by: Alexei Starovoitov commit 601b05ca6edb0422bf6ce313fbfd55ec7bbbc0fd Author: Eelco Chaudron Date: Wed May 27 10:42:00 2020 +0200 libbpf: Fix perf_buffer__free() API for sparse allocs In case the cpu_bufs are sparsely allocated they are not all free'ed. These changes will fix this. Fixes: fb84b8224655 ("libbpf: add perf buffer API") Signed-off-by: Eelco Chaudron Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/159056888305.330763.9684536967379110349.stgit@ebuild Signed-off-by: Alexei Starovoitov commit ee103e9f1544e04ecd1db5eb5e9eb9a8b8698879 Author: John Fastabend Date: Sun May 24 09:51:57 2020 -0700 bpf, selftests: Test probe_* helpers from SCHED_CLS Lets test using probe* in SCHED_CLS network programs as well just to be sure these keep working. Its cheap to add the extra test and provides a second context to test outside of sk_msg after we generalized probe* helpers to all networking types. Signed-off-by: John Fastabend Signed-off-by: Daniel Borkmann Acked-by: Yonghong Song Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/159033911685.12355.15951980509828906214.stgit@john-Precision-5820-Tower Signed-off-by: Alexei Starovoitov commit 1d9c037a898b3c0344cfe5064ba6c482bf9b46b0 Author: John Fastabend Date: Sun May 24 09:51:36 2020 -0700 bpf, selftests: Add sk_msg helpers load and attach test The test itself is not particularly useful but it encodes a common pattern we have. Namely do a sk storage lookup then depending on data here decide if we need to do more work or alternatively allow packet to PASS. Then if we need to do more work consult task_struct for more information about the running task. Finally based on this additional information drop or pass the data. In this case the suspicious check is not so realisitic but it encodes the general pattern and uses the helpers so we test the workflow. This is a load test to ensure verifier correctly handles this case. Signed-off-by: John Fastabend Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/159033909665.12355.6166415847337547879.stgit@john-Precision-5820-Tower Signed-off-by: Alexei Starovoitov commit 13d70f5a5ecff367db2fb18ed4ebe433eab8a74c Author: John Fastabend Date: Sun May 24 09:51:15 2020 -0700 bpf, sk_msg: Add get socket storage helpers Add helpers to use local socket storage. Signed-off-by: John Fastabend Signed-off-by: Daniel Borkmann Acked-by: Yonghong Song Link: https://lore.kernel.org/bpf/159033907577.12355.14740125020572756560.stgit@john-Precision-5820-Tower Signed-off-by: Alexei Starovoitov commit f470378c7562a2818b45ed11c98973f2b89eedd3 Author: John Fastabend Date: Sun May 24 09:50:55 2020 -0700 bpf: Extend bpf_base_func_proto helpers with probe_* and *current_task* Often it is useful when applying policy to know something about the task. If the administrator has CAP_SYS_ADMIN rights then they can use kprobe + networking hook and link the two programs together to accomplish this. However, this is a bit clunky and also means we have to call both the network program and kprobe program when we could just use a single program and avoid passing metadata through sk_msg/skb->cb, socket, maps, etc. To accomplish this add probe_* helpers to bpf_base_func_proto programs guarded by a perfmon_capable() check. New supported helpers are the following, BPF_FUNC_get_current_task BPF_FUNC_probe_read_user BPF_FUNC_probe_read_kernel BPF_FUNC_probe_read_user_str BPF_FUNC_probe_read_kernel_str Signed-off-by: John Fastabend Signed-off-by: Daniel Borkmann Acked-by: Yonghong Song Link: https://lore.kernel.org/bpf/159033905529.12355.4368381069655254932.stgit@john-Precision-5820-Tower Signed-off-by: Alexei Starovoitov commit abe3cac8706bffeda3ebc06e4a9fa6e9cadacf26 Author: John Fastabend Date: Sun May 24 09:50:33 2020 -0700 bpf, sk_msg: Add some generic helpers that may be useful from sk_msg Add these generic helpers that may be useful to use from sk_msg programs. The helpers do not depend on ctx so we can simply add them here, BPF_FUNC_perf_event_output BPF_FUNC_get_current_uid_gid BPF_FUNC_get_current_pid_tgid BPF_FUNC_get_current_cgroup_id BPF_FUNC_get_current_ancestor_cgroup_id BPF_FUNC_get_cgroup_classid Signed-off-by: John Fastabend Signed-off-by: Daniel Borkmann Acked-by: Yonghong Song Link: https://lore.kernel.org/bpf/159033903373.12355.15489763099696629346.stgit@john-Precision-5820-Tower Signed-off-by: Alexei Starovoitov commit 55983299b7ea94d714c19cdfd8d969ba86e0d7e9 Author: Yauheni Kaliuta Date: Mon May 25 09:18:46 2020 +0300 libbpf: Use .so dynamic symbols for abi check Since dynamic symbols are used for dynamic linking it makes sense to use them (readelf --dyn-syms) for abi check. Found with some configuration on powerpc where linker puts local *.plt_call.* symbols into .so. Signed-off-by: Yauheni Kaliuta Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20200525061846.16524-1-yauheni.kaliuta@redhat.com Signed-off-by: Alexei Starovoitov commit 0142dddcbe965450338076c486d0d757b3184352 Author: Chris Packham Date: Tue May 26 11:00:24 2020 +1200 bpf: Fix spelling in comment explaining ARG1 in ___bpf_prog_run Change 'handeled' to 'handled'. Signed-off-by: Chris Packham Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200525230025.14470-1-chris.packham@alliedtelesis.co.nz Signed-off-by: Alexei Starovoitov commit 93581359e7aeb11358018f2e3a737776d1e899ae Author: Nikolay Borisov Date: Tue May 26 20:46:12 2020 +0300 libbpf: Install headers as part of make install Current 'make install' results in only pkg-config and library binaries being installed. For consistency also install headers as part of "make install" Signed-off-by: Nikolay Borisov Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20200526174612.5447-1-nborisov@suse.com Signed-off-by: Alexei Starovoitov commit 272d51af32890632134845ddf35318c11da20c7b Author: Eelco Chaudron Date: Tue May 26 11:21:42 2020 +0200 libbpf: Add API to consume the perf ring buffer content This new API, perf_buffer__consume, can be used as follows: - When you have a perf ring where wakeup_events is higher than 1, and you have remaining data in the rings you would like to pull out on exit (or maybe based on a timeout). - For low latency cases where you burn a CPU that constantly polls the queues. Signed-off-by: Eelco Chaudron Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/159048487929.89441.7465713173442594608.stgit@ebuild Signed-off-by: Alexei Starovoitov commit 2b983b407a3a1f47f7d8595245066854ff352c65 Author: Lukas Bulwahn Date: Mon May 25 16:15:53 2020 +0200 MAINTAINERS: Adjust entry in XDP SOCKETS to actual file name Commit 2b43470add8c ("xsk: Introduce AF_XDP buffer allocation API") added a new header file include/net/xsk_buff_pool.h, but commit 28bee21dc04b ("MAINTAINERS, xsk: Update AF_XDP section after moves/adds") added a file entry referring to include/net/xsk_buffer_pool.h. Hence, ./scripts/get_maintainer.pl --self-test=patterns complains: warning: no file matches F: include/net/xsk_buffer_pool.h Adjust the entry in XDP SOCKETS to the actual file name. Signed-off-by: Lukas Bulwahn Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200525141553.7035-1-lukas.bulwahn@gmail.com Signed-off-by: Alexei Starovoitov commit fe537393b5795ecbe5746eec0e16124bc998a594 Author: Jakub Sitnicki Date: Mon May 25 14:29:28 2020 +0200 bpf: Fix returned error sign when link doesn't support updates System calls encode returned errors as negative values. Fix a typo that breaks this convention for bpf(LINK_UPDATE) when bpf_link doesn't support update operation. Fixes: f9d041271cf4 ("bpf: Refactor bpf_link update handling") Signed-off-by: Jakub Sitnicki Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200525122928.1164495-1-jakub@cloudflare.com Signed-off-by: Alexei Starovoitov commit dc3ca5cf3e0be9fb73f4691247367d76a22bf30b Author: Tobias Klauser Date: Mon May 25 15:54:21 2020 +0200 tools, bpftool: Print correct error message when failing to load BTF btf__parse_raw and btf__parse_elf return negative error numbers wrapped in an ERR_PTR, so the extracted value needs to be negated before passing them to strerror which expects a positive error number. Before: Error: failed to load BTF from .../vmlinux: Unknown error -2 After: Error: failed to load BTF from .../vmlinux: No such file or directory Signed-off-by: Tobias Klauser Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200525135421.4154-1-tklauser@distanz.ch Signed-off-by: Alexei Starovoitov commit 73a4f0407e67cdfdf55dd94f573ed4ee2d0d62fe Author: Quentin Monnet Date: Sat May 23 02:02:47 2020 +0100 tools, bpftool: Make capability check account for new BPF caps Following the introduction of CAP_BPF, and the switch from CAP_SYS_ADMIN to other capabilities for various BPF features, update the capability checks (and potentially, drops) in bpftool for feature probes. Because bpftool and/or the system might not know of CAP_BPF yet, some caution is necessary: - If compiled and run on a system with CAP_BPF, check CAP_BPF, CAP_SYS_ADMIN, CAP_PERFMON, CAP_NET_ADMIN. - Guard against CAP_BPF being undefined, to allow compiling bpftool from latest sources on older systems. If the system where feature probes are run does not know of CAP_BPF, stop checking after CAP_SYS_ADMIN, as this should be the only capability required for all the BPF probing. - If compiled from latest sources on a system without CAP_BPF, but later executed on a newer system with CAP_BPF knowledge, then we only test CAP_SYS_ADMIN. Some probes may fail if the bpftool process has CAP_SYS_ADMIN but misses the other capabilities. The alternative would be to redefine the value for CAP_BPF in bpftool, but this does not look clean, and the case sounds relatively rare anyway. Note that libcap offers a cap_to_name() function to retrieve the name of a given capability (e.g. "cap_sys_admin"). We do not use it because deriving the names from the macros looks simpler than using cap_to_name() (doing a strdup() on the string) + cap_free() + handling the case of failed allocations, when we just want to use the name of the capability in an error message. The checks when compiling without libcap (i.e. root versus non-root) are unchanged. v2: - Do not allocate cap_list dynamically. - Drop BPF-related capabilities when running with "unprivileged", even if we didn't have the full set in the first place (in v1, we would skip dropping them in that case). - Keep track of what capabilities we have, print the names of the missing ones for privileged probing. - Attempt to drop only the capabilities we actually have. - Rename a couple variables. Signed-off-by: Quentin Monnet Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200523010247.20654-1-quentin@isovalent.com Signed-off-by: Alexei Starovoitov commit 90040351a832acf862c8f1855c29411303d23755 Author: Quentin Monnet Date: Sat May 23 02:07:51 2020 +0100 tools, bpftool: Clean subcommand help messages This is a clean-up for the formatting of the do_help functions for bpftool's subcommands. The following fixes are included: - Do not use argv[-2] for "iter" help message, as the help is shown by default if no "iter" action is selected, resulting in messages looking like "./bpftool bpftool pin...". - Do not print unused HELP_SPEC_PROGRAM in help message for "bpftool link". - Andrii used argument indexing to avoid having multiple occurrences of bin_name and argv[-2] in the fprintf() for the help message, for "bpftool gen" and "bpftool link". Let's reuse this for all other help functions. We can remove up to thirty arguments for the "bpftool map" help message. - Harmonise all functions, e.g. use ending quotes-comma on a separate line. Signed-off-by: Quentin Monnet Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20200523010751.23465-1-quentin@isovalent.com Signed-off-by: Alexei Starovoitov commit dc1dad8e1a612650b1e786e992cb0c6e101e226a Author: Ilya Dryomov Date: Fri May 29 20:51:23 2020 +0200 rbd: compression_hint option Allow hinting to bluestore if the data should/should not be compressed. The default is to not hint (compression_hint=none). Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman commit d3798acc094c8ff2406e9acc7a9b2c09da994616 Author: Ilya Dryomov Date: Fri May 29 20:31:37 2020 +0200 libceph: support for alloc hint flags Allow indicating future I/O pattern via flags. This is supported since Kraken (and bluestore persists flags together with expected_object_size and expected_write_size). Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman commit 0a319ef75d931de0b21882ec17d8d70ece0aa871 Merge: eff5ddadab04 55e00fb66fd5 Author: Linus Torvalds Date: Mon Jun 1 14:09:26 2020 -0700 Merge tag 'x86-fpu-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 FPU updates from Ingo Molnar: "Most of the changes here related to 'XSAVES supervisor state' support, which is a feature that allows kernel-only data to be automatically saved/restored by the FPU context switching code. CPU features that can be supported this way are Intel PT, 'PASID' and CET features" * tag 'x86-fpu-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/fpu/xstate: Restore supervisor states for signal return x86/fpu/xstate: Preserve supervisor states for the slow path in __fpu__restore_sig() x86/fpu: Introduce copy_supervisor_to_kernel() x86/fpu/xstate: Update copy_kernel_to_xregs_err() for supervisor states x86/fpu/xstate: Update sanitize_restored_xstate() for supervisor xstates x86/fpu/xstate: Define new functions for clearing fpregs and xstates x86/fpu/xstate: Introduce XSAVES supervisor states x86/fpu/xstate: Separate user and supervisor xfeatures mask x86/fpu/xstate: Define new macros for supervisor and user xstates x86/fpu/xstate: Rename validate_xstate_header() to validate_user_xstate_header() commit 775024cf49ff76c30757bac9a21f6e908b63f6b5 Author: Helge Deller Date: Mon Jun 1 23:03:27 2020 +0200 parisc: MAINTAINERS: Update references to parisc website The PA-RISC Linux project web page is now hosted at https://parisc.wiki.kernel.org Signed-off-by: Helge Deller commit 486a77c90346b6145353e69351803e17d91be3f6 Author: Helge Deller Date: Mon Jun 1 23:03:04 2020 +0200 parisc: module: Update references to parisc website The PA-RISC Linux project web page is now hosted at https://parisc.wiki.kernel.org Signed-off-by: Helge Deller commit 186cbb1737762b86b79a715662b17e6270f8c4f6 Author: Helge Deller Date: Mon Jun 1 23:02:39 2020 +0200 parisc: hardware: Update references to parisc website The PA-RISC Linux project web page is now hosted at https://parisc.wiki.kernel.org Signed-off-by: Helge Deller commit 861e93cf88b3722daf75947aa6c8ac342f238911 Author: Helge Deller Date: Mon Jun 1 23:02:11 2020 +0200 parisc: firmware: Update references to parisc website The PA-RISC Linux project web page is now hosted at https://parisc.wiki.kernel.org Signed-off-by: Helge Deller commit 24289f5601182974f20b9e46ce81eb2c51664518 Author: Helge Deller Date: Mon Jun 1 23:00:52 2020 +0200 parisc: Kconfig: Update references to parisc website The PA-RISC Linux project web page is now hosted at https://parisc.wiki.kernel.org Signed-off-by: Helge Deller commit eff5ddadab04dc7ae8c4588dd3eef2ecad770fd7 Merge: 17e0a7cb6a25 3d81b3d1e55a Author: Linus Torvalds Date: Mon Jun 1 13:57:51 2020 -0700 Merge tag 'x86-cpu-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cpu updates from Ingo Molnar: "Misc updates: - Extend the x86 family/model macros with a steppings dimension, because x86 life isn't complex enough and Intel uses steppings to differentiate between different CPUs. :-/ - Convert the TSC deadline timer quirks to the steppings macros. - Clean up asm mnemonics. - Fix the handling of an AMD erratum, or in other words, fix a kernel erratum" * tag 'x86-cpu-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/cpu: Use RDRAND and RDSEED mnemonics in archrandom.h x86/cpu: Use INVPCID mnemonic in invpcid.h x86/cpu/amd: Make erratum #1054 a legacy erratum x86/apic: Convert the TSC deadline timer matching to steppings macro x86/cpu: Add a X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS() macro x86/cpu: Add a steppings field to struct x86_cpu_id commit 17e0a7cb6a254c6d086562e7adf8b7ac24d267f3 Merge: bb548bedf5c5 2ca41f555e85 Author: Linus Torvalds Date: Mon Jun 1 13:47:10 2020 -0700 Merge tag 'x86-cleanups-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cleanups from Ingo Molnar: "Misc cleanups, with an emphasis on removing obsolete/dead code" * tag 'x86-cleanups-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/spinlock: Remove obsolete ticket spinlock macros and types x86/mm: Drop deprecated DISCONTIGMEM support for 32-bit x86/apb_timer: Drop unused declaration and macro x86/apb_timer: Drop unused TSC calibration x86/io_apic: Remove unused function mp_init_irq_at_boot() x86/mm: Stop printing BRK addresses x86/audit: Fix a -Wmissing-prototypes warning for ia32_classify_syscall() x86/nmi: Remove edac.h include leftover mm: Remove MPX leftovers x86/mm/mmap: Fix -Wmissing-prototypes warnings x86/early_printk: Remove unused includes crash_dump: Remove no longer used saved_max_pfn x86/smpboot: Remove the last ICPU() macro commit bb548bedf5c596f72b6388804b3cbd2f78c9dc98 Merge: ae1a4113c244 38f3e775e9c2 Author: Linus Torvalds Date: Mon Jun 1 13:45:59 2020 -0700 Merge tag 'x86-build-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 build updates from Ingo Molnar: "Misc dependency fixes, plus a documentation update about memory protection keys support" * tag 'x86-build-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/Kconfig: Update config and kernel doc for MPK feature on AMD x86/boot: Discard .discard.unreachable for arch/x86/boot/compressed/vmlinux x86/boot/build: Add phony targets in arch/x86/boot/Makefile to PHONY x86/boot/build: Make 'make bzlilo' not depend on vmlinux or $(obj)/bzImage x86/boot/build: Add cpustr.h to targets and remove clean-files commit ae1a4113c24470007424ea0e1d2e31336edd7296 Merge: d861f6e6829c 5214028dd89e Author: Linus Torvalds Date: Mon Jun 1 13:44:28 2020 -0700 Merge tag 'x86-boot-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 boot updates from Ingo Molnar: "Misc updates: - Add the initrdmem= boot option to specify an initrd embedded in RAM (flash most likely) - Sanitize the CS value earlier during boot, which also fixes SEV-ES - Various fixes and smaller cleanups" * tag 'x86-boot-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/boot: Correct relocation destination on old linkers x86/boot/compressed/64: Switch to __KERNEL_CS after GDT is loaded x86/boot: Fix -Wint-to-pointer-cast build warning x86/boot: Add kstrtoul() from lib/ x86/tboot: Mark tboot static x86/setup: Add an initrdmem= option to specify initrd physical address commit d861f6e6829ce586bcf5823ab7d348f09be3c8fb Merge: 58ff3b7604a4 fb7fb84a0c4e Author: Linus Torvalds Date: Mon Jun 1 13:38:55 2020 -0700 Merge tag 'smp-core-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull SMP updates from Ingo Molnar: "Misc cleanups in the SMP hotplug and cross-call code" * tag 'smp-core-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Remove __freeze_secondary_cpus() cpu/hotplug: Remove disable_nonboot_cpus() cpu/hotplug: Fix a typo in comment "broadacasted"->"broadcasted" smp: Use smp_call_func_t in on_each_cpu() commit 58ff3b7604a461a766a84348e620834dce9834a9 Merge: a7092c82042b e9524fb97ab5 Author: Linus Torvalds Date: Mon Jun 1 13:35:27 2020 -0700 Merge tag 'efi-core-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI updates from Ingo Molnar: "The EFI changes for this cycle are: - preliminary changes for RISC-V - Add support for setting the resolution on the EFI framebuffer - Simplify kernel image loading for arm64 - Move .bss into .data via the linker script instead of relying on symbol annotations. - Get rid of __pure getters to access global variables - Clean up the config table matching arrays - Rename pr_efi/pr_efi_err to efi_info/efi_err, and use them consistently - Simplify and unify initrd loading - Parse the builtin command line on x86 (if provided) - Implement printk() support, including support for wide character strings - Simplify GDT handling in early mixed mode thunking code - Some other minor fixes and cleanups" * tag 'efi-core-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (79 commits) efi/x86: Don't blow away existing initrd efi/x86: Drop the special GDT for the EFI thunk efi/libstub: Add missing prototype for PE/COFF entry point efi/efivars: Add missing kobject_put() in sysfs entry creation error path efi/libstub: Use pool allocation for the command line efi/libstub: Don't parse overlong command lines efi/libstub: Use snprintf with %ls to convert the command line efi/libstub: Get the exact UTF-8 length efi/libstub: Use %ls for filename efi/libstub: Add UTF-8 decoding to efi_puts efi/printf: Add support for wchar_t (UTF-16) efi/gop: Add an option to list out the available GOP modes efi/libstub: Add definitions for console input and events efi/libstub: Implement printk-style logging efi/printf: Turn vsprintf into vsnprintf efi/printf: Abort on invalid format efi/printf: Refactor code to consolidate padding and output efi/printf: Handle null string input efi/printf: Factor out integer argument retrieval efi/printf: Factor out width/precision parsing ... commit 6d6861d45e38d42a7df9db244c871ee3856acf57 Author: Anders Roxell Date: Mon May 11 15:14:42 2020 +0200 security: apparmor: default KUNIT_* fragments to KUNIT_ALL_TESTS This makes it easier to enable all KUnit fragments. Adding 'if !KUNIT_ALL_TESTS' so individual tests can not be turned off. Therefore if KUNIT_ALL_TESTS is enabled that will hide the prompt in menuconfig. Reviewed-by: David Gow Signed-off-by: Anders Roxell Acked-by: John Johansen Signed-off-by: Shuah Khan commit d194e12b3ed3c4799951072271f001cbd104b5e9 Author: Anders Roxell Date: Mon May 11 15:14:38 2020 +0200 fs: ext4: default KUNIT_* fragments to KUNIT_ALL_TESTS This makes it easier to enable all KUnit fragments. Adding 'if !KUNIT_ALL_TESTS' so individual tests can not be turned off. Therefore if KUNIT_ALL_TESTS is enabled that will hide the prompt in menuconfig. Reviewed-by: David Gow Signed-off-by: Anders Roxell Signed-off-by: Shuah Khan commit bebe94b53eb7ee28f436f7b45324e37713690c0f Author: Anders Roxell Date: Mon May 11 15:14:33 2020 +0200 drivers: base: default KUNIT_* fragments to KUNIT_ALL_TESTS This makes it easier to enable all KUnit fragments. Adding 'if !KUNIT_ALL_TESTS' so individual tests can not be turned off. Therefore if KUNIT_ALL_TESTS is enabled that will hide the prompt in menuconfig. Reviewed-by: David Gow Signed-off-by: Anders Roxell Signed-off-by: Shuah Khan commit a7092c82042b4ba3000cf7b369d1032161c5d4c9 Merge: 69fc06f70f45 5cde265384ca Author: Linus Torvalds Date: Mon Jun 1 13:23:59 2020 -0700 Merge tag 'perf-core-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf updates from Ingo Molnar: "Kernel side changes: - Add AMD Fam17h RAPL support - Introduce CAP_PERFMON to kernel and user space - Add Zhaoxin CPU support - Misc fixes and cleanups Tooling changes: - perf record: Introduce '--switch-output-event' to use arbitrary events to be setup and read from a side band thread and, when they take place a signal be sent to the main 'perf record' thread, reusing the core for '--switch-output' to take perf.data snapshots from the ring buffer used for '--overwrite', e.g.: # perf record --overwrite -e sched:* \ --switch-output-event syscalls:*connect* \ workload will take perf.data.YYYYMMDDHHMMSS snapshots up to around the connect syscalls. Add '--num-synthesize-threads' option to control degree of parallelism of the synthesize_mmap() code which is scanning /proc/PID/task/PID/maps and can be time consuming. This mimics pre-existing behaviour in 'perf top'. - perf bench: Add a multi-threaded synthesize benchmark and kallsyms parsing benchmark. - Intel PT support: Stitch LBR records from multiple samples to get deeper backtraces, there are caveats, see the csets for details. Allow using Intel PT to synthesize callchains for regular events. Add support for synthesizing branch stacks for regular events (cycles, instructions, etc) from Intel PT data. Misc changes: - Updated perf vendor events for power9 and Coresight. - Add flamegraph.py script via 'perf flamegraph' - Misc other changes, fixes and cleanups - see the Git log for details Also, since over the last couple of years perf tooling has matured and decoupled from the kernel perf changes to a large degree, going forward Arnaldo is going to send perf tooling changes via direct pull requests" * tag 'perf-core-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (163 commits) perf/x86/rapl: Add AMD Fam17h RAPL support perf/x86/rapl: Make perf_probe_msr() more robust and flexible perf/x86/rapl: Flip logic on default events visibility perf/x86/rapl: Refactor to share the RAPL code between Intel and AMD CPUs perf/x86/rapl: Move RAPL support to common x86 code perf/core: Replace zero-length array with flexible-array perf/x86: Replace zero-length array with flexible-array perf/x86/intel: Add more available bits for OFFCORE_RESPONSE of Intel Tremont perf/x86/rapl: Add Ice Lake RAPL support perf flamegraph: Use /bin/bash for report and record scripts perf cs-etm: Move definition of 'traceid_list' global variable from header file libsymbols kallsyms: Move hex2u64 out of header libsymbols kallsyms: Parse using io api perf bench: Add kallsyms parsing perf: cs-etm: Update to build with latest opencsd version. perf symbol: Fix kernel symbol address display perf inject: Rename perf_evsel__*() operating on 'struct evsel *' to evsel__*() perf annotate: Rename perf_evsel__*() operating on 'struct evsel *' to evsel__*() perf trace: Rename perf_evsel__*() operating on 'struct evsel *' to evsel__*() perf script: Rename perf_evsel__*() operating on 'struct evsel *' to evsel__*() ... commit 5f215aab4ea0cf39e9fcdb721733a7814f3a3a50 Author: Anders Roxell Date: Mon May 11 15:14:29 2020 +0200 lib: Kconfig.debug: default KUNIT_* fragments to KUNIT_ALL_TESTS This makes it easier to enable all KUnit fragments. Adding 'if !KUNIT_ALL_TESTS' so individual tests can not be turned off. Therefore if KUNIT_ALL_TESTS is enabled that will hide the prompt in menuconfig. Reviewed-by: David Gow Signed-off-by: Anders Roxell Signed-off-by: Shuah Khan commit beaed42c427dbe8fedba4518b2baf5203f5e398b Author: Anders Roxell Date: Mon May 11 15:14:25 2020 +0200 kunit: default KUNIT_* fragments to KUNIT_ALL_TESTS This makes it easier to enable all KUnit fragments. Adding 'if !KUNIT_ALL_TESTS' so individual tests can not be turned off. Therefore if KUNIT_ALL_TESTS is enabled that will hide the prompt in menuconfig. Reviewed-by: David Gow Signed-off-by: Anders Roxell Signed-off-by: Shuah Khan commit 92238b31bd054cc2a046df96507575f3f10c277f Author: Anders Roxell Date: Mon May 11 15:14:20 2020 +0200 kunit: Kconfig: enable a KUNIT_ALL_TESTS fragment Make it easier to enable all KUnit fragments. This is useful for kernel devs or testers, so its easy to get all KUnit tests enabled and if new gets added they will be enabled as well. Fragments that has to be builtin will be missed if CONFIG_KUNIT_ALL_TESTS is set as a module. Signed-off-by: Anders Roxell Reviewed-by: Brendan Higgins Signed-off-by: Shuah Khan commit 01397e822af42f8485e876ba9d1309b63646d886 Author: Vitor Massaru Iha Date: Fri May 29 16:28:45 2020 -0300 kunit: Fix TabError, remove defconfig code and handle when there is no kunitconfig The identation before this code (`if not os.path.exists(cli_args.build_dir):``) was with spaces instead of tabs after fixed up merge conflits, this commit revert spaces to tabs: [iha@bbking linux]$ tools/testing/kunit/kunit.py run File "tools/testing/kunit/kunit.py", line 247 if not linux: ^ TabError: inconsistent use of tabs and spaces in indentation [iha@bbking linux]$ tools/testing/kunit/kunit.py run Traceback (most recent call last): File "tools/testing/kunit/kunit.py", line 338, in main(sys.argv[1:]) File "tools/testing/kunit/kunit.py", line 215, in main add_config_opts(config_parser) [iha@bbking linux]$ tools/testing/kunit/kunit.py run Traceback (most recent call last): File "tools/testing/kunit/kunit.py", line 337, in main(sys.argv[1:]) File "tools/testing/kunit/kunit.py", line 255, in main result = run_tests(linux, request) File "tools/testing/kunit/kunit.py", line 133, in run_tests request.defconfig, AttributeError: 'KunitRequest' object has no attribute 'defconfig' Handles when there is no .kunitconfig, the error due to merge conflicts between the following: commit 9bdf64b35117 ("kunit: use KUnit defconfig by default") commit 45ba7a893ad8 ("kunit: kunit_tool: Separate out config/build/exec/parse") [iha@bbking linux]$ tools/testing/kunit/kunit.py run Traceback (most recent call last): File "tools/testing/kunit/kunit.py", line 335, in main(sys.argv[1:]) File "tools/testing/kunit/kunit.py", line 246, in main linux = kunit_kernel.LinuxSourceTree() File "../tools/testing/kunit/kunit_kernel.py", line 109, in __init__ self._kconfig.read_from_file(kunitconfig_path) File "t../ools/testing/kunit/kunit_config.py", line 88, in read_from_file with open(path, 'r') as f: FileNotFoundError: [Errno 2] No such file or directory: '.kunit/.kunitconfig' Signed-off-by: Vitor Massaru Iha Signed-off-by: Shuah Khan commit 69fc06f70f4569c9969f99fe25bdc9a6bb537b43 Merge: 60056060bede 0decf1f8de91 Author: Linus Torvalds Date: Mon Jun 1 13:13:00 2020 -0700 Merge tag 'objtool-core-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull objtool updates from Ingo Molnar: "There are a lot of objtool changes in this cycle, all across the map: - Speed up objtool significantly, especially when there are large number of sections - Improve objtool's understanding of special instructions such as IRET, to reduce the number of annotations required - Implement 'noinstr' validation - Do baby steps for non-x86 objtool use - Simplify/fix retpoline decoding - Add vmlinux validation - Improve documentation - Fix various bugs and apply smaller cleanups" * tag 'objtool-core-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (54 commits) objtool: Enable compilation of objtool for all architectures objtool: Move struct objtool_file into arch-independent header objtool: Exit successfully when requesting help objtool: Add check_kcov_mode() to the uaccess safelist samples/ftrace: Fix asm function ELF annotations objtool: optimize add_dead_ends for split sections objtool: use gelf_getsymshndx to handle >64k sections objtool: Allow no-op CFI ops in alternatives x86/retpoline: Fix retpoline unwind x86: Change {JMP,CALL}_NOSPEC argument x86: Simplify retpoline declaration x86/speculation: Change FILL_RETURN_BUFFER to work with objtool objtool: Add support for intra-function calls objtool: Move the IRET hack into the arch decoder objtool: Remove INSN_STACK objtool: Make handle_insn_ops() unconditional objtool: Rework allocating stack_ops on decode objtool: UNWIND_HINT_RET_OFFSET should not check registers objtool: is_fentry_call() crashes if call has no destination x86,smap: Fix smap_{save,restore}() alternatives ... commit 60056060bede58c3073dccb8a5e73a6c40804aa9 Merge: 2227e5b21aec 19f545b6e07f Author: Linus Torvalds Date: Mon Jun 1 13:03:31 2020 -0700 Merge tag 'locking-core-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking updates from Ingo Molnar: "The biggest change to core locking facilities in this cycle is the introduction of local_lock_t - this primitive comes from the -rt project and identifies CPU-local locking dependencies normally handled opaquely beind preempt_disable() or local_irq_save/disable() critical sections. The generated code on mainline kernels doesn't change as a result, but still there are benefits: improved debugging and better documentation of data structure accesses. The new local_lock_t primitives are introduced and then utilized in a couple of kernel subsystems. No change in functionality is intended. There's also other smaller changes and cleanups" * tag 'locking-core-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: zram: Use local lock to protect per-CPU data zram: Allocate struct zcomp_strm as per-CPU memory connector/cn_proc: Protect send_msg() with a local lock squashfs: Make use of local lock in multi_cpu decompressor mm/swap: Use local_lock for protection radix-tree: Use local_lock for protection locking: Introduce local_lock() locking/lockdep: Replace zero-length array with flexible-array locking/rtmutex: Remove unused rt_mutex_cmpxchg_relaxed() commit 166e4b4841974465d73d650468895b725023c81e Merge: 5debcd01e28f d63ed4ff41bb 56fbeefe366e 571cfadcc628 353afa3a8d2e Author: Stephen Boyd Date: Mon Jun 1 13:00:56 2020 -0700 Merge branches 'clk-vc5', 'clk-hsdk', 'clk-mediatek' and 'clk-baikal' into clk-next - Support IDT VersaClock 5P49V5925 - Bunch of updates for HSDK clock generation unit (CGU) driver - New clk driver for Baikal-T1 SoCs * clk-vc5: dt: Add bindings for IDT VersaClock 5P49V5925 clk: vc5: Add support for IDT VersaClock 5P49V6965 * clk-hsdk: CLK: HSDK: CGU: add support for 148.5MHz clock CLK: HSDK: CGU: support PLL bypassing CLK: HSDK: CGU: check if PLL is bypassed first * clk-mediatek: clk: mediatek: assign the initial value to clk_init_data of mtk_mux clk: mediatek: Add MT6765 clock support clk: mediatek: add mt6765 clock IDs dt-bindings: clock: mediatek: document clk bindings vcodecsys for Mediatek MT6765 SoC dt-bindings: clock: mediatek: document clk bindings mipi0a for Mediatek MT6765 SoC dt-bindings: clock: mediatek: document clk bindings for Mediatek MT6765 SoC * clk-baikal: clk: Add Baikal-T1 CCU Dividers driver clk: Add Baikal-T1 CCU PLLs driver dt-bindings: clk: Add Baikal-T1 CCU Dividers binding dt-bindings: clk: Add Baikal-T1 CCU PLLs binding commit 5debcd01e28f34f0c212ed8d60f257630bec0588 Merge: b6f3162d0e9a 725262d29139 d036466330d1 e480fe10adfe b1e8d713e6b2 f9eec2ea7852 Author: Stephen Boyd Date: Mon Jun 1 13:00:28 2020 -0700 Merge branches 'clk-mmp', 'clk-intel', 'clk-ingenic', 'clk-qcom' and 'clk-silabs' into clk-next - Start making audio and GPU clks work on Marvell MMP2/MMP3 SoCs - Add support for X1830 and X1000 Ingenic SoC clk controllers - Add support for Qualcomm's MSM8939 Generic Clock Controller - Add some GPU, NPU, and UFS clks to Qualcomm SM8150 driver - Enable supply regulators for GPU gdscs on Qualcomm SoCs - Add support for Si5342, Si5344 and Si5345 chips * clk-mmp: clk: mmp2: Add audio clock controller driver dt-bindings: clock: Add Marvell MMP Audio Clock Controller binding clk: mmp2: Add support for power islands dt-bindings: marvell,mmp2: Add ids for the power domains dt-bindings: clock: Make marvell,mmp2-clock a power controller clk: mmp2: Add the audio clock clk: mmp2: Add the I2S clocks clk: mmp2: Rename mmp2_pll_init() to mmp2_main_clk_init() clk: mmp2: Move thermal register defines up a bit dt-bindings: marvell,mmp2: Add clock id for the Audio clock dt-bindings: marvell,mmp2: Add clock id for the I2S clocks clk: mmp: frac: Allow setting bits other than the numerator/denominator clk: mmp: frac: Do not lose last 4 digits of precision * clk-intel: clk: intel: remove redundant initialization of variable rate64 clk: intel: Add CGU clock driver for a new SoC dt-bindings: clk: intel: Add bindings document & header file for CGU * clk-ingenic: clk: ingenic: Mark ingenic_tcu_of_match as __maybe_unused clk: X1000: Add FIXDIV for SSI clock of X1000. dt-bindings: clock: Add and reorder ABI for X1000. clk: Ingenic: Add CGU driver for X1830. dt-bindings: clock: Add X1830 clock bindings. clk: Ingenic: Adjust cgu code to make it compatible with X1830. clk: Ingenic: Remove unnecessary spinlock when reading registers. * clk-qcom: clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src dt-bindings: clock: Add YAML schemas for QCOM A53 PLL clk: qcom: gcc-msm8939: Add MSM8939 Generic Clock Controller clk: qcom: gcc: Add support for Secure control source clock dt-bindings: clock: Add gcc_sec_ctrl_clk_src clock ID clk: qcom: gcc: Add support for a new frequency for SC7180 clk: qcom: Add DT bindings for MSM8939 GCC clk: qcom: gcc: Add missing UFS clocks for SM8150 clk: qcom: gcc: Add GPU and NPU clocks for SM8150 clk: qcom: mmcc-msm8996: Properly describe GPU_GX gdsc clk: qcom: gdsc: Handle GDSC regulator supplies clk: qcom: msm8916: Fix the address location of pll->config_reg * clk-silabs: clk: clk-si5341: Add support for the Si5345 series commit b6f3162d0e9ab499e8912c7255596bfd8b9e94f7 Merge: 8c88e568b54a 2c1c9696450f 6f4d3c13b71c dc543267c7ad a403bbab1a73 2d491066ccd4 Author: Stephen Boyd Date: Mon Jun 1 13:00:21 2020 -0700 Merge branches 'clk-unisoc', 'clk-trivial', 'clk-bcm', 'clk-st' and 'clk-ast2600' into clk-next * clk-unisoc: clk: sprd: add mipi_csi_xx gate clocks clk: sprd: add dt-bindings include for mipi_csi_xx clocks dt-bindings: clk: sprd: add mipi_csi_xx clocks for SC9863A clk: sprd: check its parent status before reading gate clock clk: sprd: return correct type of value for _sprd_pll_recalc_rate clk: sprd: mark the local clock symbols static * clk-trivial: clk: versatile: remove redundant assignment to pointer clk clk: clk-xgene: Fix a typo in Kconfig clk: Remove unused inline function clk_debug_reparent * clk-bcm: clk: bcm2835: Constify struct debugfs_reg32 clk: bcm2835: Remove casting to bcm2835_clk_register clk: bcm2835: Fix return type of bcm2835_register_gate * clk-st: clk: clk-flexgen: fix clock-critical handling * clk-ast2600: clk: ast2600: Fix AHB clock divider for A1 commit 8c88e568b54ad92d21b5897f758a80c58df657e6 Merge: 3a57530b7ded c60037f0d780 5484bb83efaf 9d66e85784f1 80c6b7a0894f 03a1ee1dad0e c5bd76d93e72 Author: Stephen Boyd Date: Mon Jun 1 13:00:00 2020 -0700 Merge branches 'clk-tegra', 'clk-imx', 'clk-zynq', 'clk-socfpga', 'clk-at91' and 'clk-ti' into clk-next - Support custom flags in Xilinx zynq firmware - Various small fixes to the Xilinx clk driver - Support for Intel Agilex clks * clk-tegra: clk: tegra: Add Tegra210 CSI TPG clock gate clk: tegra30: Use custom CCLK implementation clk: tegra20: Use custom CCLK implementation clk: tegra: cclk: Add helpers for handling PLLX rate changes clk: tegra: pll: Add pre/post rate-change hooks clk: tegra: Add custom CCLK implementation clk: tegra: Remove the old emc_mux clock for Tegra210 clk: tegra: Implement Tegra210 EMC clock clk: tegra: Export functions for EMC clock scaling clk: tegra: Add PLLP_UD and PLLMB_UD for Tegra210 clk: tegra: Rename Tegra124 EMC clock source file dt-bindings: clock: tegra: Add clock ID for CSI TPG clock * clk-imx: clk: imx: use imx8m_clk_hw_composite_bus for i.MX8M bus clk slice clk: imx: add imx8m_clk_hw_composite_bus clk: imx: add mux ops for i.MX8M composite clk clk: imx8m: migrate A53 clk root to use composite core clk: imx8mp: use imx8m_clk_hw_composite_core to simplify code clk: imx8mp: Define gates for pll1/2 fixed dividers clk: imx: imx8mp: fix pll mux bit clk: imx8m: drop clk_hw_set_parent for A53 dt-bindings: clocks: imx8mp: Add ids for audiomix clocks clk: imx: Add helpers for passing the device as argument clk: imx: pll14xx: Add the device as argument when registering clk: imx: gate2: Allow single bit gating clock clk: imx: clk-pllv3: Use readl_relaxed_poll_timeout() for PLL lock wait clk: imx: clk-sscg-pll: Remove unnecessary blank lines clk: imx: drop the dependency on ARM64 for i.MX8M clk: imx7ulp: make it easy to change ARM core clk clk: imx: imx6ul: change flexcan clock to support CiA bitrates * clk-zynq: clk: zynqmp: Make zynqmp_clk_get_max_divisor static clk: zynqmp: Update fraction clock check from custom type flags clk: zynqmp: Add support for custom type flags clk: zynqmp: fix memory leak in zynqmp_register_clocks clk: zynqmp: Fix invalid clock name queries clk: zynqmp: Fix divider2 calculation clk: zynqmp: Limit bestdiv with maxdiv * clk-socfpga: clk: socfpga: agilex: add clock driver for the Agilex platform dt-bindings: documentation: add clock bindings information for Agilex clk: socfpga: add const to _ops data structures clk: socfpga: remove clk_ops enable/disable methods clk: socfpga: stratix10: use new parent data scheme * clk-at91: clk: at91: allow setting all PMC clock parents via DT clk: at91: allow setting PCKx parent via DT clk: at91: optimize pmc data allocation clk: at91: pmc: decrement node's refcount clk: at91: pmc: do not continue if compatible not located clk: at91: Add peripheral clock for PTC * clk-ti: clk: ti: dra7: remove two unused symbols clk: ti: dra7xx: fix RNG clock parent clk: ti: dra7xx: mark MCAN clock as DRA76x only clk: ti: dra7xx: fix gpu clkctrl parent clk: ti: omap5: Add proper parent clocks for l4-secure clocks clk: ti: omap4: Add proper parent clocks for l4-secure clocks clk: ti: composite: fix memory leak commit 3a57530b7ded7a75ebb963bbcc7e35b002478362 Merge: bc8c945e0ad2 07fbf0e58deb 571a6b4755e8 fe95d2e92efa 33b52f7cc99e Author: Stephen Boyd Date: Mon Jun 1 12:59:46 2020 -0700 Merge branches 'clk-selectable', 'clk-amlogic', 'clk-renesas', 'clk-samsung' and 'clk-allwinner' into clk-next - Allow the COMMON_CLK config to be selectable * clk-selectable: clk: Move HAVE_CLK config out of architecture layer MIPS: Loongson64: Drop asm/clock.h include ARM: mmp: Remove legacy clk code clk: Allow the common clk framework to be selectable mmc: meson-mx-sdio: Depend on OF_ADDRESS and not just OF MIPS: Remove redundant CLKDEV_LOOKUP selects h8300: Remove redundant CLKDEV_LOOKUP selects arm64: tegra: Remove redundant CLKDEV_LOOKUP selects ARM: Remove redundant CLKDEV_LOOKUP selects ARM: Remove redundant COMMON_CLK selects * clk-amlogic: clk: meson: meson8b: Don't rely on u-boot to init all GP_PLL registers clk: meson: meson8b: Make the CCF use the glitch-free VPU mux clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits clk: meson: meson8b: Fix the polarity of the RESET_N lines clk: meson: meson8b: Fix the first parent of vid_pll_in_sel clk: meson: g12a: Prepare the GPU clock tree to change at runtime clk: meson: gxbb: Prepare the GPU clock tree to change at runtime clk: meson: meson8b: make the hdmi_sys clock tree mutable clk: meson8b: export the HDMI system clock * clk-renesas: dt-bindings: clock: renesas: mstp: Convert to json-schema dt-bindings: clock: renesas: div6: Convert to json-schema clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling clk: renesas: rcar-gen2: Remove superfluous CLK_RENESAS_DIV6 selects clk: renesas: cpg-mssr: Add R8A7742 support dt-bindings: clock: renesas: cpg-mssr: Document r8a7742 binding clk: renesas: Add r8a7742 CPG Core Clock Definitions dt-bindings: power: rcar-sysc: Add r8a7742 power domain index macros MAINTAINERS: Add DT Bindings for Renesas Clock Generators clk: renesas: r9a06g032: Fix some typo in comments dt-bindings: clock: renesas: rcar-usb2-clock-sel: Add r8a77961 support * clk-samsung: clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 ARM/SAMSUNG EXYNOS ARM ARCHITECTURES: Use fallthrough; clk: samsung: Fix CLK_SMMU_FIMCL3 clock name on Exynos542x clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical * clk-allwinner: clk: sunxi: Fix incorrect usage of round_down() commit 2227e5b21aec6c5f7f6491352f0c19fd02d19418 Merge: 0bd957eb11cf cb3cb6733fbd Author: Linus Torvalds Date: Mon Jun 1 12:56:29 2020 -0700 Merge tag 'core-rcu-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RCU updates from Ingo Molnar: "The RCU updates for this cycle were: - RCU-tasks update, including addition of RCU Tasks Trace for BPF use and TASKS_RUDE_RCU - kfree_rcu() updates. - Remove scheduler locking restriction - RCU CPU stall warning updates. - Torture-test updates. - Miscellaneous fixes and other updates" * tag 'core-rcu-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (103 commits) rcu: Allow for smp_call_function() running callbacks from idle rcu: Provide rcu_irq_exit_check_preempt() rcu: Abstract out rcu_irq_enter_check_tick() from rcu_nmi_enter() rcu: Provide __rcu_is_watching() rcu: Provide rcu_irq_exit_preempt() rcu: Make RCU IRQ enter/exit functions rely on in_nmi() rcu/tree: Mark the idle relevant functions noinstr x86: Replace ist_enter() with nmi_enter() x86/mce: Send #MC singal from task work x86/entry: Get rid of ist_begin/end_non_atomic() sched,rcu,tracing: Avoid tracing before in_nmi() is correct sh/ftrace: Move arch_ftrace_nmi_{enter,exit} into nmi exception lockdep: Always inline lockdep_{off,on}() hardirq/nmi: Allow nested nmi_enter() arm64: Prepare arch_nmi_enter() for recursion printk: Disallow instrumenting print_nmi_enter() printk: Prepare for nested printk_nmi_enter() rcutorture: Convert ULONG_CMP_LT() to time_before() torture: Add a --kasan argument torture: Save a few lines by using config_override_param initially ... commit 0bd957eb11cfeef23fcc240edde6dfe431731e69 Merge: 9bf9511e3d9f 66e9b0717102 Author: Linus Torvalds Date: Mon Jun 1 12:45:04 2020 -0700 Merge tag 'core-kprobes-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull kprobes updates from Ingo Molnar: "Various kprobes updates, mostly centered around cleaning up the no-instrumentation logic. Instead of the current per debug facility blacklist, use the more generic .noinstr.text approach, combined with a 'noinstr' marker for functions. Also add instrumentation_begin()/end() to better manage the exact place in entry code where instrumentation may be used. And add a kprobes blacklist for modules" * tag 'core-kprobes-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: kprobes: Prevent probes in .noinstr.text section vmlinux.lds.h: Create section for protection against instrumentation samples/kprobes: Add __kprobes and NOKPROBE_SYMBOL() for handlers. kprobes: Support NOKPROBE_SYMBOL() in modules kprobes: Support __kprobes blacklist in modules kprobes: Lock kprobe_mutex while showing kprobe_blacklist commit 9bf9511e3d9f328c03f6f79bfb741c3d18f2f2c0 Merge: ef34ba6d36af 0c4d5ba1b998 Author: Linus Torvalds Date: Mon Jun 1 12:24:14 2020 -0700 Merge tag 'x86_cache_updates_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cache resource control updates from Borislav Petkov: "Add support for wider Memory Bandwidth Monitoring counters by querying their width from CPUID. As a prerequsite for that, streamline and unify the CPUID detection of the respective resource control attributes. By Reinette Chatre" * tag 'x86_cache_updates_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/resctrl: Support wider MBM counters x86/resctrl: Support CPUID enumeration of MBM counter width x86/resctrl: Maintain MBM counter width per resource x86/resctrl: Query LLC monitoring properties once during boot x86/resctrl: Remove unnecessary RMID checks x86/cpu: Move resctrl CPUID code to resctrl/ x86/resctrl: Rename asm/resctrl_sched.h to asm/resctrl.h commit ef34ba6d36af9e6f5918f7f7e287be4b70a358b4 Merge: 8b11dd54add6 9adbf3c609af Author: Linus Torvalds Date: Mon Jun 1 12:22:53 2020 -0700 Merge tag 'x86_microcode_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 microcode update from Borislav Petkov: "A single fix for late microcode loading to handle the correct return value from stop_machine(), from Mihai Carabas" * tag 'x86_microcode_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/microcode: Fix return value for microcode late loading commit 8b11dd54add63aa398c4b239d31b7f4477a4b859 Merge: ca1f5df23f28 2a02ca0428cf Author: Linus Torvalds Date: Mon Jun 1 12:21:34 2020 -0700 Merge tag 'edac_updates_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras Pull EDAC updates from Borislav Petkov: - Fix i10nm_edac loading on some Ice Lake and Tremont/Jacobsville steppings due to the offset change of the bus number configuration register, by Qiuxu Zhuo. - The usual cleanups and fixes all over the place. * tag 'edac_updates_for_5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras: EDAC/amd64: Remove redundant assignment to variable ret in hw_info_get() EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable EDAC/i10nm: Update driver to support different bus number config register offsets EDAC, {skx,i10nm}: Make some configurations CPU model specific EDAC/amd8131: Remove defined but not used bridge_str EDAC/thunderx: Make symbols static MAINTAINERS: Remove sifive_l2_cache.c from EDAC-SIFIVE pattern EDAC/xgene: Remove set but not used address local var EDAC/armada_xp: Fix some log messages commit eae9d3c0167df840e821317040efcf0ca6789cb9 Author: Vladimir Oltean Date: Sun May 31 21:25:51 2020 +0300 net: dsa: sja1105: suppress -Wmissing-prototypes in sja1105_vl.c Newer C compilers are complaining about the fact that there are no function prototypes in sja1105_vl.c for the non-static functions. Give them what they want. Signed-off-by: Vladimir Oltean Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit ca1f5df23f28228c46aa45d934abad38c6b6ff2e Merge: 4d67829e1186 8b390ab725fd Author: Linus Torvalds Date: Mon Jun 1 12:13:30 2020 -0700 Merge tag 'printk-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux Pull printk updates from Petr Mladek: - Benjamin Herrenschmidt solved a problem with non-matched console aliases by first checking consoles defined on the command line. It is a more conservative approach than the previous attempts. - Benjamin also made sure that the console accessible via /dev/console always has CON_CONSDEV flag. - Andy Shevchenko added the %ptT modifier for printing struct time64_t. It extends the existing %ptR handling for struct rtc_time. - Bruno Meneguele fixed /dev/kmsg error value returned by unsupported SEEK_CUR. - Tetsuo Handa removed unused pr_cont_once(). ... and a few small fixes. * tag 'printk-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux: printk: Remove pr_cont_once() printk: handle blank console arguments passed in. kernel/printk: add kmsg SEEK_CUR handling printk: Fix a typo in comment "interator"->"iterator" usb: pulse8-cec: Switch to use %ptT ARM: bcm2835: Switch to use %ptT lib/vsprintf: Print time64_t in human readable format lib/vsprintf: update comment about simple_strto() functions printk: Correctly set CON_CONSDEV even when preferred console was not registered printk: Fix preferred console selection with multiple matches printk: Move console matching logic into a separate function printk: Convert a use of sprintf to snprintf in console_unlock commit 4d67829e11863072aec7cd1dd2939b1fd3eda17b Merge: afdb0f2ec57d 9cd6b593cfc9 Author: Linus Torvalds Date: Mon Jun 1 12:11:56 2020 -0700 Merge tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt Pull fsverity updates from Eric Biggers: "Fix kerneldoc warnings and some coding style inconsistencies. This mirrors the similar cleanups being done in fs/crypto/" * tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt: fs-verity: remove unnecessary extern keywords fs-verity: fix all kerneldoc warnings commit afdb0f2ec57d4899eda2c5e09fc3a005f2119690 Merge: 829f3b9401fe e3b1078bedd3 Author: Linus Torvalds Date: Mon Jun 1 12:10:17 2020 -0700 Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt Pull fscrypt updates from Eric Biggers: - Add the IV_INO_LBLK_32 encryption policy flag which modifies the encryption to be optimized for eMMC inline encryption hardware. - Make the test_dummy_encryption mount option for ext4 and f2fs support v2 encryption policies. - Fix kerneldoc warnings and some coding style inconsistencies. * tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt: fscrypt: add support for IV_INO_LBLK_32 policies fscrypt: make test_dummy_encryption use v2 by default fscrypt: support test_dummy_encryption=v2 fscrypt: add fscrypt_add_test_dummy_key() linux/parser.h: add include guards fscrypt: remove unnecessary extern keywords fscrypt: name all function parameters fscrypt: fix all kerneldoc warnings commit 2a2e01e7b1e00ff36741fefcf3a526709355252b Merge: 03eaeda7806d b5e19a642b7e Author: David S. Miller Date: Mon Jun 1 12:09:08 2020 -0700 Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 100GbE Intel Wired LAN Driver Updates 2020-05-31 This series contains updates to the ice driver only. Brett modifies the driver to allow users to clear a VF's administratively set MAC address on the PF. Fixes the driver to recognize an existing VLAN tag when DMAC/SMAC is enabled in a packet. Fixes an issue, so that VF's are reset after any VF port VLAN modifications are made on the PF. Made sure the register QRXFLXP_CNTXT is cleared before writing a new value to ensure the previous value is not passed forward. Updates the PF to allow the VF to request a reset as soon as it has been initialized. Fixes an issue to ensure when a VSI is created, it uses the current coalesce value, not the default value. Paul allows untrusted VF's to add 16 filters. Dan increases the timeout needed after a PFR to allow ample time for package download. Chinh adjust the define value for the number of PHY speeds we currently support. Changes the driver to ignore EMODE error when configuring the PHY. Jesse fixes an issue which was preventing a user from configuring the interface before bringing it up. Henry fixes the logic for adding back perfect flows after flow director filter does a deletion. Bruce fixes line wrappings to make it more consistent. ==================== Signed-off-by: David S. Miller commit 829f3b9401fe7cc3c1f3642bb2520751a42a87df Merge: 81e8c10dac62 78c08247b9d3 Author: Linus Torvalds Date: Mon Jun 1 12:07:34 2020 -0700 Merge tag 'pstore-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull pstore updates from Kees Cook: "Fixes and new features for pstore. This is a pretty big set of changes (relative to past pstore pulls), but it has been in -next for a while. The biggest change here is the ability to support a block device as a pstore backend, which has been desired for a while. A lot of additional fixes and refactorings are also included, mostly in support of the new features. - refactor pstore locking for safer module unloading (Kees Cook) - remove orphaned records from pstorefs when backend unloaded (Kees Cook) - refactor dump_oops parameter into max_reason (Pavel Tatashin) - introduce pstore/zone for common code for contiguous storage (WeiXiong Liao) - introduce pstore/blk for block device backend (WeiXiong Liao) - introduce mtd backend (WeiXiong Liao)" * tag 'pstore-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (35 commits) mtd: Support kmsg dumper based on pstore/blk pstore/blk: Introduce "best_effort" mode pstore/blk: Support non-block storage devices pstore/blk: Provide way to query pstore configuration pstore/zone: Provide way to skip "broken" zone for MTD devices Documentation: Add details for pstore/blk pstore/zone,blk: Add ftrace frontend support pstore/zone,blk: Add console frontend support pstore/zone,blk: Add support for pmsg frontend pstore/blk: Introduce backend for block devices pstore/zone: Introduce common layer to manage storage zones ramoops: Add "max-reason" optional field to ramoops DT node pstore/ram: Introduce max_reason and convert dump_oops pstore/platform: Pass max_reason to kmesg dump printk: Introduce kmsg_dump_reason_str() printk: honor the max_reason field in kmsg_dumper printk: Collapse shutdown types into a single dump reason pstore/ftrace: Provide ftrace log merging routine pstore/ram: Refactor ftrace buffer merging pstore/ram: Refactor DT size parsing ... commit 03eaeda7806dcafb221a66939fcec9748619d16a Author: Roopa Prabhu Date: Sat May 30 22:17:20 2020 -0700 vxlan: fix dereference of nexthop group in nexthop update path fix dereference of nexthop group in fdb nexthop group update validation path. Fixes: 1274e1cc4226 ("vxlan: ecmp support for mac fdb entries") Reported-by: Ido Schimmel Suggested-by: Ido Schimmel Signed-off-by: Roopa Prabhu Signed-off-by: David S. Miller commit 547ce4cfb34cdecfa0ee19c29a5510329a7ac802 Author: Al Viro Date: Sun May 31 02:06:55 2020 +0100 switch cmsghdr_from_user_compat_to_kern() to copy_from_user() no point getting compat_cmsghdr field-by-field Signed-off-by: Al Viro Signed-off-by: David S. Miller commit a477605fdb282a38493a9ff10b6a9a4db138ae57 Merge: 3190ca3b5f51 07beb1651adc Author: David S. Miller Date: Mon Jun 1 12:04:32 2020 -0700 Merge branch 'dpaa2-eth-add-PFC-support' Ioana Ciornei says: ==================== dpaa2-eth: add PFC support This patch set adds support for Priority Flow Control in DPAA2 Ethernet devices. The first patch make the necessary changes so that multiple traffic classes are configured. The dequeue priority of the maximum 8 traffic classes is configured to be equal. The second patch adds a static distribution to said traffic classes based on the VLAN PCP field. In the future, this could be extended through the .setapp() DCB callback for dynamic configuration. Also, add support for the congestion group taildrop mechanism that allows us to control the number of frames that can accumulate on a group of Rx frame queues belonging to the same traffic class. The basic subset of the DCB ops is implemented so that the user can query the number of PFC capable traffic classes, their state and reconfigure them if necessary. Changes in v3: - add patches 6-7 which add the PFC functionality - patch 2/7: revert to explicitly cast mask to u16 * to not get into sparse warnings Changes in v4: - really fix the sparse warnings in 2/7 ==================== Signed-off-by: David S. Miller commit 07beb1651adcd324f4d91584d5cab75d5882a9c2 Author: Ioana Ciornei Date: Sun May 31 00:08:14 2020 +0300 dpaa2-eth: Keep congestion group taildrop enabled when PFC on Leave congestion group taildrop enabled for all traffic classes when PFC is enabled. Notification threshold is low enough such that it will be hit first and this also ensures that FQs on traffic classes which are not PFC enabled won't drain the buffer pool. FQ taildrop threshold is kept disabled as long as any form of flow control is on. Since FQ taildrop works with bytes, not number of frames, we can't guarantee it will not interfere with the congestion notification mechanism for all frame sizes. Signed-off-by: Ioana Ciornei Signed-off-by: David S. Miller commit f395b69f40f580491ef56f2395a98e3189baa53c Author: Ioana Ciornei Date: Sun May 31 00:08:13 2020 +0300 dpaa2-eth: Add PFC support through DCB ops Add support in dpaa2-eth for PFC (Priority Flow Control) through the DCB ops. Instruct the hardware to respond to received PFC frames. Current firmware doesn't allow us to selectively enable PFC on the Rx side for some priorities only, so we will react to all incoming PFC frames (and stop transmitting on the traffic classes specified in the frame). Also, configure the hardware to generate PFC frames based on Rx congestion notifications. When a certain number of frames accumulate in the ingress queues corresponding to a traffic class, priority flow control frames are generated for that TC. The number of PFC traffic classes available can be queried through lldptool. Also, which of those traffic classes have PFC enabled is also controlled through the same dcbnl_rtnl_ops callbacks. Signed-off-by: Ioana Ciornei Signed-off-by: David S. Miller commit 3f8b826d705fc6f0f0602fcbe6ee3b646ed3316e Author: Ioana Radulescu Date: Sun May 31 00:08:12 2020 +0300 dpaa2-eth: Update FQ taildrop threshold and buffer pool count Now that we have congestion group taildrop configured at all times, we can afford to increase the frame queue taildrop threshold; this will ensure a better response when receiving bursts of large-sized frames. Also decouple the buffer pool count from the Rx FQ taildrop threshold, as above change would increase it too much. Instead, keep the old count as a hardcoded value. With the new limits, we try to ensure that: * we allow enough leeway for large frame bursts (by buffering enough of them in queues to avoid heavy dropping in case of bursty traffic, but when overall ingress bandwidth is manageable) * allow pending frames to be evenly spread between ingress FQs, regardless of frame size * avoid dropping frames due to the buffer pool being empty; this is not a bad behaviour per se, but system overall response is more linear and predictable when frames are dropped at frame queue/group level. Signed-off-by: Ioana Radulescu Signed-off-by: Ioana Ciornei Signed-off-by: David S. Miller commit 2c8d1c8d7d62dfedab97927c22e9421f0d72de8e Author: Ioana Radulescu Date: Sun May 31 00:08:11 2020 +0300 dpaa2-eth: Add congestion group taildrop The increase in number of ingress frame queues means we now risk depleting the buffer pool before the FQ taildrop kicks in. Congestion group taildrop allows us to control the number of frames that can accumulate on a group of Rx frame queues belonging to the same traffic class. This setting coexists with the frame queue based taildrop: whichever limit gets hit first triggers the frame drop. Signed-off-by: Ioana Radulescu Signed-off-by: Ioana Ciornei Signed-off-by: David S. Miller commit ad054f265401d8279837a916e9b5a5aee2a1749d Author: Ioana Radulescu Date: Sun May 31 00:08:10 2020 +0300 dpaa2-eth: Add helper functions Add convenient helper functions that determines whether Rx/Tx pause frames are enabled based on link state flags received from firmware. Signed-off-by: Ioana Radulescu Signed-off-by: Ioana Ciornei Signed-off-by: David S. Miller commit 6aa90fe2d96745b63d4ccc74c0c37b90d31b699e Author: Ioana Radulescu Date: Sun May 31 00:08:09 2020 +0300 dpaa2-eth: Distribute ingress frames based on VLAN prio Configure static ingress classification based on VLAN PCP field. If the DPNI doesn't have enough traffic classes to accommodate all priority levels, the lowest ones end up on TC 0 (default on miss). Signed-off-by: Ioana Radulescu Signed-off-by: Ioana Ciornei Signed-off-by: David S. Miller commit 685e39eaf4b5bf68167c799fe683e26cdc43a5ea Author: Ioana Radulescu Date: Sun May 31 00:08:08 2020 +0300 dpaa2-eth: Add support for Rx traffic classes The firmware reserves for each DPNI a number of RX frame queues equal to the number of configured flows x number of configured traffic classes. Current driver configuration directs all incoming traffic to FQs corresponding to TC0, leaving all other priority levels unused. Start adding support for multiple ingress traffic classes, by configuring the FQs associated with all priority levels, not just TC0. All settings that are per-TC, such as those related to hashing and flow steering, are also updated. Signed-off-by: Ioana Radulescu Signed-off-by: Ioana Ciornei Signed-off-by: David S. Miller commit 3190ca3b5f51a0e471ee3f04c898401c81b00385 Author: Michael Walle Date: Sat May 30 22:34:04 2020 +0200 net: phy: broadcom: don't export RDB/legacy access methods Don't export __bcm_phy_enable_rdb_access() and __bcm_phy_enable_legacy_access() functions. They aren't used outside this module and it was forgotten to provide a prototype for these functions. Just make them static for now. Fixes: 11ecf8c55b91 ("net: phy: broadcom: add cable test support") Reported-by: kbuild test robot Signed-off-by: Michael Walle Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f Author: Willem de Bruijn Date: Sat May 30 15:41:31 2020 -0400 tun: correct header offsets in napi frags mode Tun in IFF_NAPI_FRAGS mode calls napi_gro_frags. Unlike netif_rx and netif_gro_receive, this expects skb->data to point to the mac layer. But skb_probe_transport_header, __skb_get_hash_symmetric, and xdp_do_generic in tun_get_user need skb->data to point to the network header. Flow dissection also needs skb->protocol set, so eth_type_trans has to be called. Ensure the link layer header lies in linear as eth_type_trans pulls ETH_HLEN. Then take the same code paths for frags as for not frags. Push the link layer header back just before calling napi_gro_frags. By pulling up to ETH_HLEN from frag0 into linear, this disables the frag0 optimization in the special case when IFF_NAPI_FRAGS is used with zero length iov[0] (and thus empty skb->linear). Fixes: 90e33d459407 ("tun: enable napi_gro_frags() for TUN/TAP driver") Signed-off-by: Willem de Bruijn Acked-by: Petar Penkov Signed-off-by: David S. Miller commit 4e4f4ce6abf5f6a8df0561776d3a790d60d519d0 Author: Guillaume Nault Date: Sat May 30 20:49:56 2020 +0200 cls_flower: remove mpls_opts_policy Compiling with W=1 gives the following warning: net/sched/cls_flower.c:731:1: warning: ‘mpls_opts_policy’ defined but not used [-Wunused-const-variable=] The TCA_FLOWER_KEY_MPLS_OPTS contains a list of TCA_FLOWER_KEY_MPLS_OPTS_LSE. Therefore, the attributes all have the same type and we can't parse the list with nla_parse*() and have the attributes validated automatically using an nla_policy. fl_set_key_mpls_opts() properly verifies that all attributes in the list are TCA_FLOWER_KEY_MPLS_OPTS_LSE. Then fl_set_key_mpls_lse() uses nla_parse_nested() on all these attributes, thus verifying that they have the NLA_F_NESTED flag. So we can safely drop the mpls_opts_policy. Reported-by: kbuild test robot Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller commit 81e8c10dac62c427b25f6bbb07936806e4dd9e8a Merge: 729ea4e06420 58ca0060ec4e Author: Linus Torvalds Date: Mon Jun 1 12:00:10 2020 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto updates from Herbert Xu: "API: - Introduce crypto_shash_tfm_digest() and use it wherever possible. - Fix use-after-free and race in crypto_spawn_alg. - Add support for parallel and batch requests to crypto_en