commit 49a57857aeea06ca831043acbb0fa5e0f50602fd Author: Linus Torvalds Date: Mon Jan 21 13:14:44 2019 +1300 Linux 5.0-rc3 commit 1e556ba3b673166e28d5489b80c11e0605a86403 Merge: dbcfc96193939 5631e8576a3ca Author: Linus Torvalds Date: Mon Jan 21 13:12:03 2019 +1300 Merge tag 'pstore-v5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull pstore fixes from Kees Cook: - Fix console ramoops to show the previous boot logs (Sai Prakash Ranjan) - Avoid allocation and leak of platform data * tag 'pstore-v5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: pstore/ram: Avoid allocation and leak of platform data pstore/ram: Fix console ramoops to show the previous boot logs commit dbcfc961939394152cbcf3f17144ff3df359f216 Merge: 7d0ae236ed13d 2c88c742d0117 Author: Linus Torvalds Date: Mon Jan 21 13:07:03 2019 +1300 Merge tag 'gcc-plugins-v5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull gcc-plugins fixes from Kees Cook: "Fix ARM per-task stack protector plugin under GCC 9 (Ard Biesheuvel)" * tag 'gcc-plugins-v5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: arm_ssp_per_task_plugin: fix for GCC 9+ gcc-plugins: arm_ssp_per_task_plugin: sign extend the SP mask commit 7d0ae236ed13d7645fb73b85e7c95deee46c4656 Merge: bb617b9b4519b 6436408e814b8 Author: Linus Torvalds Date: Mon Jan 21 12:52:31 2019 +1300 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix endless loop in nf_tables, from Phil Sutter. 2) Fix cross namespace ip6_gre tunnel hash list corruption, from Olivier Matz. 3) Don't be too strict in phy_start_aneg() otherwise we might not allow restarting auto negotiation. From Heiner Kallweit. 4) Fix various KMSAN uninitialized value cases in tipc, from Ying Xue. 5) Memory leak in act_tunnel_key, from Davide Caratti. 6) Handle chip errata of mv88e6390 PHY, from Andrew Lunn. 7) Remove linear SKB assumption in fou/fou6, from Eric Dumazet. 8) Missing udplite rehash callbacks, from Alexey Kodanev. 9) Log dirty pages properly in vhost, from Jason Wang. 10) Use consume_skb() in neigh_probe() as this is a normal free not a drop, from Yang Wei. Likewise in macvlan_process_broadcast(). 11) Missing device_del() in mdiobus_register() error paths, from Thomas Petazzoni. 12) Fix checksum handling of short packets in mlx5, from Cong Wang. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (96 commits) bpf: in __bpf_redirect_no_mac pull mac only if present virtio_net: bulk free tx skbs net: phy: phy driver features are mandatory isdn: avm: Fix string plus integer warning from Clang net/mlx5e: Fix cb_ident duplicate in indirect block register net/mlx5e: Fix wrong (zero) TX drop counter indication for representor net/mlx5e: Fix wrong error code return on FEC query failure net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames tools: bpftool: Cleanup license mess bpf: fix inner map masking to prevent oob under speculation bpf: pull in pkt_sched.h header for tooling to fix bpftool build selftests: forwarding: Add a test case for externally learned FDB entries selftests: mlxsw: Test FDB offload indication mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky net: bridge: Mark FDB entries that were added by user as such mlxsw: spectrum_fid: Update dummy FID index mlxsw: pci: Return error on PCI reset timeout mlxsw: pci: Increase PCI SW reset timeout mlxsw: pci: Ring CQ's doorbell before RDQ's MAINTAINERS: update email addresses of liquidio driver maintainers ... commit 5631e8576a3caf606cdc375f97425a67983b420c Author: Kees Cook Date: Sun Jan 20 14:33:34 2019 -0800 pstore/ram: Avoid allocation and leak of platform data Yue Hu noticed that when parsing device tree the allocated platform data was never freed. Since it's not used beyond the function scope, this switches to using a stack variable instead. Reported-by: Yue Hu Fixes: 35da60941e44 ("pstore/ram: add Device Tree bindings") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook commit 2c88c742d011707b55da7b54b06a030c6f57233f Author: Ard Biesheuvel Date: Fri Jan 18 11:58:07 2019 +0100 gcc-plugins: arm_ssp_per_task_plugin: fix for GCC 9+ GCC 9 reworks the way the references to the stack canary are emitted, to prevent the value from being spilled to the stack before the final comparison in the epilogue, defeating the purpose, given that the spill slot is under control of the attacker that we are protecting ourselves from. Since our canary value address is obtained without accessing memory (as opposed to pre-v7 code that will obtain it from a literal pool), it is unlikely (although not guaranteed) that the compiler will spill the canary value in the same way, so let's just disable this improvement when building with GCC9+. Signed-off-by: Ard Biesheuvel Signed-off-by: Kees Cook commit 560706d5d2589ef510f5436d69ab510a351b8cf7 Author: Ard Biesheuvel Date: Fri Jan 18 11:58:06 2019 +0100 gcc-plugins: arm_ssp_per_task_plugin: sign extend the SP mask The ARM per-task stack protector GCC plugin hits an assert in the compiler in some case, due to the fact the the SP mask expression is not sign-extended as it should be. So fix that. Suggested-by: Kugan Vivekanandarajah Signed-off-by: Ard Biesheuvel Signed-off-by: Kees Cook commit bb617b9b4519b0cef939c9c8e9c41470749f0d51 Merge: 1be969f4682b0 8e5dadfe76cf2 Author: Linus Torvalds Date: Mon Jan 21 07:37:16 2019 +1300 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio/vhost fixes and cleanups from Michael Tsirkin: "Fixes and cleanups all over the place" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: vhost/scsi: Use copy_to_iter() to send control queue response vhost: return EINVAL if iovecs size does not match the message size virtio-balloon: tweak config_changed implementation virtio: don't allocate vqs when names[i] = NULL virtio_pci: use queue idx instead of array idx to set up the vq virtio: document virtio_config_ops restrictions virtio: fix virtio_config_ops description commit 1be969f4682b0aa1995e46fba51502de55f15ce8 Merge: 315a6d850a829 fd340d0f68cc8 Author: Linus Torvalds Date: Mon Jan 21 07:35:26 2019 +1300 Merge tag 'for-5.0-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs fixes from David Sterba: "A handful of fixes (some of them in testing for a long time): - fix some test failures regarding cleanup after transaction abort - revert of a patch that could cause a deadlock - delayed iput fixes, that can help in ENOSPC situation when there's low space and a lot data to write" * tag 'for-5.0-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: wakeup cleaner thread when adding delayed iput btrfs: run delayed iputs before committing btrfs: wait on ordered extents on abort cleanup btrfs: handle delayed ref head accounting cleanup in abort Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io" commit 315a6d850a8290919c499cfbed08737f6164c7bd Merge: fbfaf851902cd 3e2ffd655cc6a 99e309b6ed75f Author: Linus Torvalds Date: Mon Jan 21 07:23:42 2019 +1300 Merge tags 'compiler-attributes-for-linus-v5.0-rc3' and 'clang-format-for-linus-v5.0-rc3' of git://github.com/ojeda/linux Pull misc clang fixes from Miguel Ojeda: - A fix for OPTIMIZER_HIDE_VAR from Michael S Tsirkin - Update clang-format with the latest for_each macro list from Jason Gunthorpe * tag 'compiler-attributes-for-linus-v5.0-rc3' of git://github.com/ojeda/linux: include/linux/compiler*.h: fix OPTIMIZER_HIDE_VAR * tag 'clang-format-for-linus-v5.0-rc3' of git://github.com/ojeda/linux: clang-format: Update .clang-format with the latest for_each macro list commit fbfaf851902cd9293f392f3a1735e0543016d530 Author: Florian La Roche Date: Sat Jan 19 16:14:50 2019 +0100 fix int_sqrt64() for very large numbers If an input number x for int_sqrt64() has the highest bit set, then fls64(x) is 64. (1UL << 64) is an overflow and breaks the algorithm. Subtracting 1 is a better guess for the initial value of m anyway and that's what also done in int_sqrt() implicitly [*]. [*] Note how int_sqrt() uses __fls() with two underscores, which already returns the proper raw bit number. In contrast, int_sqrt64() used fls64(), and that returns bit numbers illogically starting at 1, because of error handling for the "no bits set" case. Will points out that he bug probably is due to a copy-and-paste error from the regular int_sqrt() case. Signed-off-by: Florian La Roche Acked-by: Will Deacon Signed-off-by: Linus Torvalds commit 6e693b3ffecb0b478c7050b44a4842854154f715 Author: Will Deacon Date: Sat Jan 19 21:56:05 2019 +0000 x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() Commit 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'") makes the access_ok() check part of the user_access_begin() preceding a series of 'unsafe' accesses. This has the desirable effect of ensuring that all 'unsafe' accesses have been range-checked, without having to pick through all of the callsites to verify whether the appropriate checking has been made. However, the consolidated range check does not inhibit speculation, so it is still up to the caller to ensure that they are not susceptible to any speculative side-channel attacks for user addresses that ultimately fail the access_ok() check. This is an oversight, so use __uaccess_begin_nospec() to ensure that speculation is inhibited until the access_ok() check has passed. Reported-by: Julien Thierry Signed-off-by: Will Deacon Signed-off-by: Linus Torvalds commit b0f3e768a89bbc72195023c3db1db45c40e5b70c Merge: 5d5c303ea095b 7fa1e2e6afa7f Author: Linus Torvalds Date: Sun Jan 20 15:27:59 2019 +1200 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "Three arm64 fixes for -rc3. We've plugged a couple of nasty issues involving KASLR-enabled kernels, and removed a redundant #define that was introduced as part of the KHWASAN fixes from akpm at -rc2. - Fix broken kpti page-table rewrite in bizarre KASLR configuration - Fix module loading with KASLR - Remove redundant definition of ARCH_SLAB_MINALIGN" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: kasan, arm64: remove redundant ARCH_SLAB_MINALIGN define arm64: kaslr: ensure randomized quantities are clean to the PoC arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on commit 6436408e814b81046f4595245c1f9bc4409e945c Merge: df133f3f96257 e7c87bd6cc4ec Author: David S. Miller Date: Sat Jan 19 16:38:12 2019 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2019-01-20 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix a out-of-bounds access in __bpf_redirect_no_mac, from Willem. 2) Fix bpf_setsockopt to reset sock dst on SO_MARK changes, from Peter. 3) Fix map in map masking to prevent out-of-bounds access under speculative execution, from Daniel. 4) Fix bpf_setsockopt's SO_MAX_PACING_RATE to support TCP internal pacing, from Yuchung. 5) Fix json writer license in bpftool, from Thomas. 6) Fix AF_XDP to check if an actually queue exists during umem setup, from Krzysztof. 7) Several fixes to BPF stackmap's build id handling. Another fix for bpftool build to account for libbfd variations wrt linking requirements, from Stanislav. 8) Fix BPF samples build with clang by working around missing asm goto, from Yonghong. 9) Fix libbpf to retry program load on signal interrupt, from Lorenz. 10) Various minor compile warning fixes in BPF code, from Mathieu. ==================== Signed-off-by: David S. Miller commit e7c87bd6cc4ec7b0ac1ed0a88a58f8206c577488 Author: Willem de Bruijn Date: Tue Jan 15 20:19:22 2019 -0500 bpf: in __bpf_redirect_no_mac pull mac only if present Syzkaller was able to construct a packet of negative length by redirecting from bpf_prog_test_run_skb with BPF_PROG_TYPE_LWT_XMIT: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:345 [inline] BUG: KASAN: slab-out-of-bounds in skb_copy_from_linear_data include/linux/skbuff.h:3421 [inline] BUG: KASAN: slab-out-of-bounds in __pskb_copy_fclone+0x2dd/0xeb0 net/core/skbuff.c:1395 Read of size 4294967282 at addr ffff8801d798009c by task syz-executor2/12942 kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x23/0x50 mm/kasan/kasan.c:302 memcpy include/linux/string.h:345 [inline] skb_copy_from_linear_data include/linux/skbuff.h:3421 [inline] __pskb_copy_fclone+0x2dd/0xeb0 net/core/skbuff.c:1395 __pskb_copy include/linux/skbuff.h:1053 [inline] pskb_copy include/linux/skbuff.h:2904 [inline] skb_realloc_headroom+0xe7/0x120 net/core/skbuff.c:1539 ipip6_tunnel_xmit net/ipv6/sit.c:965 [inline] sit_tunnel_xmit+0xe1b/0x30d0 net/ipv6/sit.c:1029 __netdev_start_xmit include/linux/netdevice.h:4325 [inline] netdev_start_xmit include/linux/netdevice.h:4334 [inline] xmit_one net/core/dev.c:3219 [inline] dev_hard_start_xmit+0x295/0xc90 net/core/dev.c:3235 __dev_queue_xmit+0x2f0d/0x3950 net/core/dev.c:3805 dev_queue_xmit+0x17/0x20 net/core/dev.c:3838 __bpf_tx_skb net/core/filter.c:2016 [inline] __bpf_redirect_common net/core/filter.c:2054 [inline] __bpf_redirect+0x5cf/0xb20 net/core/filter.c:2061 ____bpf_clone_redirect net/core/filter.c:2094 [inline] bpf_clone_redirect+0x2f6/0x490 net/core/filter.c:2066 bpf_prog_41f2bcae09cd4ac3+0xb25/0x1000 The generated test constructs a packet with mac header, network header, skb->data pointing to network header and skb->len 0. Redirecting to a sit0 through __bpf_redirect_no_mac pulls the mac length, even though skb->data already is at skb->network_header. bpf_prog_test_run_skb has already pulled it as LWT_XMIT !is_l2. Update the offset calculation to pull only if skb->data differs from skb->network_header, which is not true in this case. The test itself can be run only from commit 1cf1cae963c2 ("bpf: introduce BPF_PROG_TEST_RUN command"), but the same type of packets with skb at network header could already be built from lwt xmit hooks, so this fix is more relevant to that commit. Also set the mac header on redirect from LWT_XMIT, as even after this change to __bpf_redirect_no_mac that field is expected to be set, but is not yet in ip_finish_output2. Fixes: 3a0af8fd61f9 ("bpf: BPF for lightweight tunnel infrastructure") Reported-by: syzbot Signed-off-by: Willem de Bruijn Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit df133f3f96257ee29696c0ed8bd198ec801dc810 Author: Michael S. Tsirkin Date: Thu Jan 17 23:20:07 2019 -0500 virtio_net: bulk free tx skbs Use napi_consume_skb() to get bulk free. Note that napi_consume_skb is safe to call in a non-napi context as long as the napi_budget flag is correct. Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang Signed-off-by: David S. Miller commit 5d5c303ea095bdd3a2b073075920bf159457069a Merge: 6a0141a0966cf 8a644c64a9f1a Author: Linus Torvalds Date: Sun Jan 20 10:33:18 2019 +1200 Merge tag 'mips_fixes_5.0_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS fixes from Paul Burton: - Fix IPI handling for Lantiq SoCs, which was broken by changes made back in v4.12. - Enable OF/DT serial support in ath79_defconfig to give us working serial by default. - Fix 64b builds for the Jazz platform. - Set up a struct device for the BCM47xx SoC to allow BCM47xx drivers to perform DMA again following the major DMA mapping changes made in v4.19. - Disable MSI on Cavium Octeon systems when the pcie_disable command line parameter introduced in v3.3 is used, in order to avoid inadvetently accessing PCIe controller registers despite the command line. - Fix a build failure for Cavium Octeon kernels with kexec enabled, introduced in v4.20. - Fix a regression in the behaviour of semctl/shmctl/msgctl IPC syscalls for kernels including n32 support but not o32 support caused by some cleanup in v3.19. * tag 'mips_fixes_5.0_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: OCTEON: fix kexec support mips: fix n32 compat_ipc_parse_version Disable MSI also when pcie-octeon.pcie_disable on MIPS: BCM47XX: Setup struct device for the SoC MIPS: jazz: fix 64bit build MIPS: ath79: Enable OF serial ports in the default config MIPS: lantiq: Use CP0_LEGACY_COMPARE_IRQ MIPS: lantiq: Fix IPI interrupt handling commit 6a0141a0966cfbd765bff065c3eb61b09a92318e Merge: 26caabbcd7a5d 75a080cde08d2 Author: Linus Torvalds Date: Sun Jan 20 10:28:46 2019 +1200 Merge tag 'devicetree-fixes-for-5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull Devicetree fix from Rob Herring: "A single build fix for powerpc due to device_node.type removal" * tag 'devicetree-fixes-for-5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: powerpc: chrp: Use of_node_is_type to access device_type commit 26caabbcd7a5d10577fd59eded2ec1c44466659e Merge: f403d718ebde2 faa8bd6e12e6a Author: Linus Torvalds Date: Sun Jan 20 10:24:30 2019 +1200 Merge tag 'libnvdimm-fixes-5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm fixes from Dan Williams: "A crash fix, a build warning fix, a miscellaneous small cleanups. In case anyone is looking for them, there was a regression caught by testing that caused two patches to be dropped from this update. Those patches have been reworked and will soak for another week / re-target 5.0-rc4. - Fix driver initialization crash due to the inability to report an 'error' state for a DIMM's security capability. - Build warning fix for little-endian ARM64 builds - Fix a potential race between the EDAC driver's usage of the NFIT SMBIOS id for a DIMM and the driver shutdown path. - A small collection of one-line benign cleanups for duplicate variable assignments, a duplicate header include and a mis-typed function argument" * tag 'libnvdimm-fixes-5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm/security: Fix nvdimm_security_state() state request selection acpi/nfit: Remove duplicate set nd_set in acpi_nfit_init_interleave_set() acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() libnvdimm/dimm: Fix security capability detection for non-Intel NVDIMMs nfit: Mark some functions as __maybe_unused ACPI/nfit: delete the function to_acpi_nfit_desc ACPI/nfit: delete the redundant header file commit f403d718ebde2059de848ae7548392dfb25a13ae Merge: b0efca46b5707 4a22fc534f2f5 Author: Linus Torvalds Date: Sun Jan 20 09:58:52 2019 +1200 Merge tag 'linux-watchdog-5.0-rc-fixes' of git://www.linux-watchdog.org/linux-watchdog Pull watchdog fixes from Wim Van Sebroeck: - mt7621_wdt/rt2880_wdt: Fix compilation problem - tqmx86: Fix a couple IS_ERR() vs NULL bugs * tag 'linux-watchdog-5.0-rc-fixes' of git://www.linux-watchdog.org/linux-watchdog: watchdog: tqmx86: Fix a couple IS_ERR() vs NULL bugs watchdog: mt7621_wdt/rt2880_wdt: Fix compilation problem commit b0efca46b57071e4c281034f04d2b56edf79843d Merge: 4d5f6e0201bc5 deaa5c96c2f7e Author: Linus Torvalds Date: Sun Jan 20 09:27:38 2019 +1200 Merge tag 'nfs-for-5.0-2' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client fixes from Anna Schumaker: "These are mostly fixes for SUNRPC bugs, with a single v4.2 copy_file_range() fix mixed in. Stable bugfixes: - Fix TCP receive code on archs with flush_dcache_page() Other bugfixes: - Fix error code in rpcrdma_buffer_create() - Fix a double free in rpcrdma_send_ctxs_create() - Fix kernel BUG at kernel/cred.c:825 - Fix unnecessary retry in nfs42_proc_copy_file_range() - Ensure rq_bytes_sent is reset before request transmission - Ensure we respect the RPCSEC_GSS sequence number limit - Address Kerberos performance/behavior regression" * tag 'nfs-for-5.0-2' of git://git.linux-nfs.org/projects/anna/linux-nfs: SUNRPC: Address Kerberos performance/behavior regression SUNRPC: Ensure we respect the RPCSEC_GSS sequence number limit SUNRPC: Ensure rq_bytes_sent is reset before request transmission NFSv4.2 fix unnecessary retry in nfs4_copy_file_range sunrpc: kernel BUG at kernel/cred.c:825! SUNRPC: Fix TCP receive code on archs with flush_dcache_page() xprtrdma: Double free in rpcrdma_sendctxs_create() xprtrdma: Fix error code in rpcrdma_buffer_create() commit 4d5f6e0201bc568c0758ed3f77a06648ec9fd482 Merge: 0facb892456ff 9e8f1c7983142 Author: Linus Torvalds Date: Sun Jan 20 09:15:04 2019 +1200 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "A set of 17 fixes. Most of these are minor or trivial. The one fix that may be serious is the isci one: the bug can cause hba parameters to be set from uninitialized memory. I don't think it's exploitable, but you never know" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: cxgb4i: add wait_for_completion() scsi: qla1280: set 64bit coherent mask scsi: ufs: Fix geometry descriptor size scsi: megaraid_sas: Retry reads of outbound_intr_status reg scsi: qedi: Add ep_state for login completion on un-reachable targets scsi: ufs: Fix system suspend status scsi: qla2xxx: Use correct number of vectors for online CPUs scsi: hisi_sas: Set protection parameters prior to adding SCSI host scsi: tcmu: avoid cmd/qfull timers updated whenever a new cmd comes scsi: isci: initialize shost fully before calling scsi_add_host() scsi: lpfc: lpfc_sli: Mark expected switch fall-throughs scsi: smartpqi_init: fix boolean expression in pqi_device_remove_start scsi: core: Synchronize request queue PM status only on successful resume scsi: pm80xx: reduce indentation scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param scsi: megaraid_sas: correct an info message scsi: target/iscsi: fix error msg typo when create lio_qr_cache failed scsi: sd: Fix cache_type_store() commit 0facb892456ff922924e704f78cafcaa7be85e8c Merge: 2339e91d0e660 38197ca176fc2 Author: Linus Torvalds Date: Sun Jan 20 09:12:50 2019 +1200 Merge tag 'for-linus-20190118' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: - block size setting fixes for loop/nbd (Jan Kara) - md bio_alloc_mddev() cleanup (Marcos) - Ensure we don't lose the REQ_INTEGRITY flag (Ming) - Two NVMe fixes by way of Christoph: - Fix NVMe IRQ calculation (Ming) - Uninitialized variable in nvmet-tcp (Sagi) - BFQ comment fix (Paolo) - License cleanup for recently added blk-mq-debugfs-zoned (Thomas) * tag 'for-linus-20190118' of git://git.kernel.dk/linux-block: block: Cleanup license notice nvme-pci: fix nvme_setup_irqs() nvmet-tcp: fix uninitialized variable access block: don't lose track of REQ_INTEGRITY flag blockdev: Fix livelocks on loop device nbd: Use set_blocksize() to set device blocksize md: Make bio_alloc_mddev use bio_alloc_bioset block, bfq: fix comments on __bfq_deactivate_entity commit 99e309b6ed75fab4a43afd9e523441ecc5a1f511 Author: Jason Gunthorpe Date: Fri Jan 18 22:57:04 2019 +0000 clang-format: Update .clang-format with the latest for_each macro list Re-run the shell fragment that generated the original list. In particular this adds the missing xarray related functions. Signed-off-by: Jason Gunthorpe Signed-off-by: Miguel Ojeda commit 3e64cf7a435ed0500e3adaa8aada2272d3ae8abc Author: Camelia Groza Date: Thu Jan 17 14:22:36 2019 +0200 net: phy: phy driver features are mandatory Since phy driver features became a link_mode bitmap, phy drivers that don't have a list of features configured will cause the kernel to crash when probed. Prevent the phy driver from registering if the features field is missing. Fixes: 719655a14971 ("net: phy: Replace phy driver features u32 with link_mode bitmap") Reported-by: Scott Wood Signed-off-by: Camelia Groza Signed-off-by: David S. Miller commit 7afa81c55fca0cad589722cb4bce698b4803b0e1 Author: Nathan Chancellor Date: Wed Jan 9 22:41:08 2019 -0700 isdn: avm: Fix string plus integer warning from Clang A recent commit in Clang expanded the -Wstring-plus-int warning, showing some odd behavior in this file. drivers/isdn/hardware/avm/b1.c:426:30: warning: adding 'int' to a string does not append to the string [-Wstring-plus-int] cinfo->version[j] = "\0\0" + 1; ~~~~~~~^~~ drivers/isdn/hardware/avm/b1.c:426:30: note: use array indexing to silence this warning cinfo->version[j] = "\0\0" + 1; ^ & [ ] 1 warning generated. This is equivalent to just "\0". Nick pointed out that it is smarter to use "" instead of "\0" because "" is used elsewhere in the kernel and can be deduplicated at the linking stage. Link: https://github.com/ClangBuiltLinux/linux/issues/309 Suggested-by: Nick Desaulniers Signed-off-by: Nathan Chancellor Signed-off-by: David S. Miller commit 75a080cde08d2dcba19ee864f9732094d93fab41 Author: Rob Herring Date: Fri Jan 18 08:12:10 2019 -0600 powerpc: chrp: Use of_node_is_type to access device_type Commit 8ce5f8415753 ("of: Remove struct device_node.type pointer") removed struct device_node.type pointer, but the conversion to use of_node_is_type() accessor was missed in chrp_init_IRQ(). Fixes: 8ce5f8415753 ("of: Remove struct device_node.type pointer") Reported-by: kbuild test robot Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: linuxppc-dev@lists.ozlabs.org Acked-by: Michael Ellerman Signed-off-by: Rob Herring commit 8a7fa0c35027d1a3ec3c3e8612800a1b4738e3c3 Merge: efa8c819a6892 25f2d0e7791e7 Author: David S. Miller Date: Fri Jan 18 18:23:23 2019 -0800 Merge tag 'mlx5-fixes-2019-01-18' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== Mellanox, mlx5 fixes 2019-01-18 This series introduces some fixes to mlx5 driver. Please pull and let me know if there is any problem. For -stable v4.18 ('net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames') The patch doesn't apply cleanly to 4.18.y, but it is very simple to resolve, what should be the procedure here ? ==================== Signed-off-by: David S. Miller commit 25f2d0e7791e71cc89c58a7c2231768ad200764b Author: Eli Britstein Date: Wed Dec 19 07:36:51 2018 +0200 net/mlx5e: Fix cb_ident duplicate in indirect block register Previously the identifier used for indirect block callback registry and for block rule cb registry (when done via indirect blocks) was the pointer to the tunnel netdev we were interested in receiving updates on. This worked fine if a single PF existed that registered one callback for the tunnel netdev of interest. However, if multiple PFs are in place then the 2nd PF tries to register with the same tunnel netdev identifier. This leads to EEXIST errors and/or incorrect cb deletions. Prevent this conflict by using the rpriv pointer as the identifier for netdev indirect block cb registry, allowing each PF to register a unique callback per tunnel netdev. For block cb registry, the same PF may register multiple cbs to the same block if using TC shared blocks. Instead of the rpriv, use the pointer to the allocated indr_priv data as the identifier here. This means that there can be a unique block callback for each PF/tunnel netdev combo. Fixes: f5bc2c5de101 ("net/mlx5e: Support TC indirect block notifications for eswitch uplink reprs") Signed-off-by: Eli Britstein Reviewed-by: Oz Shlomo Signed-off-by: Saeed Mahameed commit 7fdc1adc52d3975740547a78c2df329bb207f15d Author: Tariq Toukan Date: Thu Nov 8 12:06:53 2018 +0200 net/mlx5e: Fix wrong (zero) TX drop counter indication for representor For representors, the TX dropped counter is not folded from the per-ring counters. Fix it. Signed-off-by: Tariq Toukan Signed-off-by: Saeed Mahameed commit 2eb1e42551a8128d9182480dfaea52fa861e26e8 Author: Shay Agroskin Date: Sun Dec 9 12:00:13 2018 +0200 net/mlx5e: Fix wrong error code return on FEC query failure Advertised and configured FEC query failure resulted in printing wrong error code. Fixes: 6cfa94605091 ("net/mlx5e: Ethtool driver callback for query/set FEC policy") Signed-off-by: Shay Agroskin Reported-by: Or Gerlitz Signed-off-by: Saeed Mahameed commit e8c8b53ccaff568fef4c13a6ccaf08bf241aa01a Author: Cong Wang Date: Mon Dec 3 22:14:04 2018 -0800 net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames When an ethernet frame is padded to meet the minimum ethernet frame size, the padding octets are not covered by the hardware checksum. Fortunately the padding octets are usually zero's, which don't affect checksum. However, we have a switch which pads non-zero octets, this causes kernel hardware checksum fault repeatedly. Prior to: commit '88078d98d1bb ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE ...")' skb checksum was forced to be CHECKSUM_NONE when padding is detected. After it, we need to keep skb->csum updated, like what we do for RXFCS. However, fixing up CHECKSUM_COMPLETE requires to verify and parse IP headers, it is not worthy the effort as the packets are so small that CHECKSUM_COMPLETE can't save anything. Fixes: 88078d98d1bb ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends"), Cc: Eric Dumazet Cc: Tariq Toukan Cc: Nikola Ciprich Signed-off-by: Cong Wang Signed-off-by: Saeed Mahameed commit 64cf5481262b9664ae3cdcb333f4a06af3e8fb58 Author: Thomas Gleixner Date: Fri Jan 18 00:14:24 2019 +0100 tools: bpftool: Cleanup license mess Precise and non-ambiguous license information is important. The recent relicensing of the bpftools introduced a license conflict. The files have now: SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause and * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version Amazingly about 20 people acked that change and neither they nor the committer noticed. Oh well. Digging deeper: The files were imported from the iproute2 repository with the GPL V2 or later boiler plate text in commit b66e907cfee2 ("tools: bpftool: copy JSON writer from iproute2 repository") Looking at the iproute2 repository at git://git.kernel.org/pub/scm/network/iproute2/iproute2.git the following commit is the equivivalent: commit d9d8c839 ("json_writer: add SPDX Identifier (GPL-2/BSD-2)") That commit explicitly removes the boiler plate and relicenses the code uner GPL-2.0-only and BSD-2-Clause. As Steven wrote the original code and also the relicensing commit, it's assumed that the relicensing was intended to do exaclty that. Just the kernel side update failed to remove the boiler plate. Do so now. Fixes: 907b22365115 ("tools: bpftool: dual license all files") Signed-off-by: Thomas Gleixner Cc: Jakub Kicinski Cc: Roman Gushchin Cc: YueHaibing Cc: Yonghong Song Cc: Stanislav Fomichev Cc: Sean Young Cc: Jiri Benc Cc: David Calavera Cc: Andrey Ignatov Cc: Joe Stringer Cc: David Ahern Cc: Alexei Starovoitov Cc: Petar Penkov Cc: Sandipan Das Cc: Prashant Bhole Cc: Stephen Hemminger Cc: John Fastabend Cc: Taeung Song Cc: Jiri Olsa Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Quentin Monnet CC: okash.khawaja@gmail.com Cc: netdev@vger.kernel.org Acked-by: Jakub Kicinski Signed-off-by: Alexei Starovoitov commit 9d5564ddcf2a0f5ba3fa1c3a1f8a1b59ad309553 Author: Daniel Borkmann Date: Thu Jan 17 16:34:45 2019 +0100 bpf: fix inner map masking to prevent oob under speculation During review I noticed that inner meta map setup for map in map is buggy in that it does not propagate all needed data from the reference map which the verifier is later accessing. In particular one such case is index masking to prevent out of bounds access under speculative execution due to missing the map's unpriv_array/index_mask field propagation. Fix this such that the verifier is generating the correct code for inlined lookups in case of unpriviledged use. Before patch (test_verifier's 'map in map access' dump): # bpftool prog dump xla id 3 0: (62) *(u32 *)(r10 -4) = 0 1: (bf) r2 = r10 2: (07) r2 += -4 3: (18) r1 = map[id:4] 5: (07) r1 += 272 | 6: (61) r0 = *(u32 *)(r2 +0) | 7: (35) if r0 >= 0x1 goto pc+6 | Inlined map in map lookup 8: (54) (u32) r0 &= (u32) 0 | with index masking for 9: (67) r0 <<= 3 | map->unpriv_array. 10: (0f) r0 += r1 | 11: (79) r0 = *(u64 *)(r0 +0) | 12: (15) if r0 == 0x0 goto pc+1 | 13: (05) goto pc+1 | 14: (b7) r0 = 0 | 15: (15) if r0 == 0x0 goto pc+11 16: (62) *(u32 *)(r10 -4) = 0 17: (bf) r2 = r10 18: (07) r2 += -4 19: (bf) r1 = r0 20: (07) r1 += 272 | 21: (61) r0 = *(u32 *)(r2 +0) | Index masking missing (!) 22: (35) if r0 >= 0x1 goto pc+3 | for inner map despite 23: (67) r0 <<= 3 | map->unpriv_array set. 24: (0f) r0 += r1 | 25: (05) goto pc+1 | 26: (b7) r0 = 0 | 27: (b7) r0 = 0 28: (95) exit After patch: # bpftool prog dump xla id 1 0: (62) *(u32 *)(r10 -4) = 0 1: (bf) r2 = r10 2: (07) r2 += -4 3: (18) r1 = map[id:2] 5: (07) r1 += 272 | 6: (61) r0 = *(u32 *)(r2 +0) | 7: (35) if r0 >= 0x1 goto pc+6 | Same inlined map in map lookup 8: (54) (u32) r0 &= (u32) 0 | with index masking due to 9: (67) r0 <<= 3 | map->unpriv_array. 10: (0f) r0 += r1 | 11: (79) r0 = *(u64 *)(r0 +0) | 12: (15) if r0 == 0x0 goto pc+1 | 13: (05) goto pc+1 | 14: (b7) r0 = 0 | 15: (15) if r0 == 0x0 goto pc+12 16: (62) *(u32 *)(r10 -4) = 0 17: (bf) r2 = r10 18: (07) r2 += -4 19: (bf) r1 = r0 20: (07) r1 += 272 | 21: (61) r0 = *(u32 *)(r2 +0) | 22: (35) if r0 >= 0x1 goto pc+4 | Now fixed inlined inner map 23: (54) (u32) r0 &= (u32) 0 | lookup with proper index masking 24: (67) r0 <<= 3 | for map->unpriv_array. 25: (0f) r0 += r1 | 26: (05) goto pc+1 | 27: (b7) r0 = 0 | 28: (b7) r0 = 0 29: (95) exit Fixes: b2157399cc98 ("bpf: prevent out-of-bounds speculation") Signed-off-by: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Alexei Starovoitov commit ad6dd7a9c47ba587c0aba57f73737764cd31136f Author: Daniel Borkmann Date: Thu Jan 17 16:15:09 2019 +0100 bpf: pull in pkt_sched.h header for tooling to fix bpftool build Dan reported that bpftool does not compile for him: $ make tools/bpf DESCEND bpf Auto-detecting system features: .. libbfd: [ on ] .. disassembler-four-args: [ OFF ] DESCEND bpftool Auto-detecting system features: .. libbfd: [ on ] .. disassembler-four-args: [ OFF ] CC /opt/linux.git/tools/bpf/bpftool/net.o In file included from /opt/linux.git/tools/include/uapi/linux/pkt_cls.h:6:0, from /opt/linux.git/tools/include/uapi/linux/tc_act/tc_bpf.h:14, from net.c:13: net.c: In function 'show_dev_tc_bpf': net.c:164:21: error: 'TC_H_CLSACT' undeclared (first use in this function) handle = TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_INGRESS); [...] Fix it by importing pkt_sched.h header copy into tooling infrastructure. Fixes: 49a249c38726 ("tools/bpftool: copy a few net uapi headers to tools directory") Fixes: f6f3bac08ff9 ("tools/bpf: bpftool: add net support") Reported-by: Dan Gilson Reference: https://bugzilla.kernel.org/show_bug.cgi?id=202315 Signed-off-by: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: Alexei Starovoitov commit efa8c819a6892b03d5535b2ce1d8c85ea9850b58 Merge: 20f5248a502b6 479a2b761d61c Author: David S. Miller Date: Fri Jan 18 15:12:16 2019 -0800 Merge branch 'mlxsw-fixes' Ido Schimmel says: ==================== mlxsw: Various fixes This patchset contains small fixes in mlxsw and one fix in the bridge driver. Patches #1-#4 perform small adjustments in PCI and FID code following recent tests that were performed on the Spectrum-2 ASIC. Patch #5 fixes the bridge driver to mark FDB entries that were added by user as such. Otherwise, these entries will be ignored by underlying switch drivers. Patch #6 fixes a long standing issue in mlxsw where the driver incorrectly programmed static FDB entries as both static and sticky. Patches #7-#8 add test cases for above mentioned bugs. Please consider patches #1, #2 and #4 for stable. ==================== Signed-off-by: David S. Miller commit 479a2b761d61c04e2ae97325aa391a8a8c99c23e Author: Ido Schimmel Date: Fri Jan 18 15:58:03 2019 +0000 selftests: forwarding: Add a test case for externally learned FDB entries Test that externally learned FDB entries can roam, but not age out. Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: David S. Miller commit 72159272fc08230a76791dd5d0a0019ede1b802c Author: Ido Schimmel Date: Fri Jan 18 15:58:02 2019 +0000 selftests: mlxsw: Test FDB offload indication Test that externally learned FDB entries added from user space are marked as offloaded. Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: David S. Miller commit 64254a2054611205798e6bde634639bc704573ac Author: Ido Schimmel Date: Fri Jan 18 15:58:01 2019 +0000 mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky The driver currently treats static FDB entries as both static and sticky. This is incorrect and prevents such entries from being roamed to a different port via learning. Fix this by configuring static entries with ageing disabled and roaming enabled. In net-next we can add proper support for the newly introduced 'sticky' flag. Fixes: 56ade8fe3fe1 ("mlxsw: spectrum: Add initial support for Spectrum ASIC") Signed-off-by: Ido Schimmel Reported-by: Alexander Petrovskiy Reviewed-by: Petr Machata Signed-off-by: David S. Miller commit 710ae72877378e7cde611efd30fe90502a6e5b30 Author: Ido Schimmel Date: Fri Jan 18 15:58:00 2019 +0000 net: bridge: Mark FDB entries that were added by user as such Externally learned entries can be added by a user or by a switch driver that is notifying the bridge driver about entries that were learned in hardware. In the first case, the entries are not marked with the 'added_by_user' flag, which causes switch drivers to ignore them and not offload them. The 'added_by_user' flag can be set on externally learned FDB entries based on the 'swdev_notify' parameter in br_fdb_external_learn_add(), which effectively means if the created / updated FDB entry was added by a user or not. Fixes: 816a3bed9549 ("switchdev: Add fdb.added_by_user to switchdev notifications") Signed-off-by: Ido Schimmel Reported-by: Alexander Petrovskiy Reviewed-by: Petr Machata Cc: Roopa Prabhu Cc: Nikolay Aleksandrov Cc: bridge@lists.linux-foundation.org Signed-off-by: David S. Miller commit a11dcd6497915ba79d95ef4fe2541aaac27f6201 Author: Nir Dotan Date: Fri Jan 18 15:57:59 2019 +0000 mlxsw: spectrum_fid: Update dummy FID index When using a tc flower action of egress mirred redirect, the driver adds an implicit FID setting action. This implicit action sets a dummy FID to the packet and is used as part of a design for trapping unmatched flows in OVS. While this implicit FID setting action is supposed to be a NOP when a redirect action is added, in Spectrum-2 the FID record is consulted as the dummy FID index is an 802.1D FID index and the packet is dropped instead of being redirected. Set the dummy FID index value to be within 802.1Q range. This satisfies both Spectrum-1 which ignores the FID and Spectrum-2 which identifies it as an 802.1Q FID and will then follow the redirect action. Fixes: c3ab435466d5 ("mlxsw: spectrum: Extend to support Spectrum-2 ASIC") Signed-off-by: Nir Dotan Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 67c14cc9b35055264fc0efed00159a7de1819f1b Author: Nir Dotan Date: Fri Jan 18 15:57:57 2019 +0000 mlxsw: pci: Return error on PCI reset timeout Return an appropriate error in the case when the driver timeouts on waiting for firmware to go out of PCI reset. Fixes: 233fa44bd67a ("mlxsw: pci: Implement reset done check") Signed-off-by: Nir Dotan Acked-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit d2f372ba0914e5722ac28e15f2ed2db61bcf0e44 Author: Nir Dotan Date: Fri Jan 18 15:57:56 2019 +0000 mlxsw: pci: Increase PCI SW reset timeout Spectrum-2 PHY layer introduces a calibration period which is a part of the Spectrum-2 firmware boot process. Hence increase the SW timeout waiting for the firmware to come out of boot. This does not increase system boot time in cases where the firmware PHY calibration process is done quickly. Fixes: c3ab435466d5 ("mlxsw: spectrum: Extend to support Spectrum-2 ASIC") Signed-off-by: Nir Dotan Acked-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit c9ebea04cb1b0a84d08de00f4800f726ca544ad2 Author: Ido Schimmel Date: Fri Jan 18 15:57:55 2019 +0000 mlxsw: pci: Ring CQ's doorbell before RDQ's When a packet should be trapped to the CPU the device consumes a WQE (work queue element) from an RDQ (receive descriptor queue) and copies the packet to the address specified in the WQE. The device then tries to post a CQE (completion queue element) that contains various metadata (e.g., ingress port) about the packet to a CQ (completion queue). In case the device managed to consume a WQE, but did not manage to post the corresponding CQE, it will get stuck. This unlikely situation can be triggered due to the scheme the driver is currently using to process CQEs. The driver will consume up to 512 CQEs at a time and after processing each corresponding WQE it will ring the RDQ's doorbell, letting the device know that a new WQE was posted for it to consume. Only after processing all the CQEs (up to 512), the driver will ring the CQ's doorbell, letting the device know that new ones can be posted. Fix this by having the driver ring the CQ's doorbell for every processed CQE, but before ringing the RDQ's doorbell. This guarantees that whenever we post a new WQE, there is a corresponding CQE available. Copy the currently processed CQE to prevent the device from overwriting it with a new CQE after ringing the doorbell. Note that the driver still arms the CQ only after processing all the pending CQEs, so that interrupts for this CQ will only be delivered after the driver finished its processing. Before commit 8404f6f2e8ed ("mlxsw: pci: Allow to use CQEs of version 1 and version 2") the issue was virtually impossible to trigger since the number of CQEs was twice the number of WQEs and the number of CQEs processed at a time was equal to the number of available WQEs. Fixes: 8404f6f2e8ed ("mlxsw: pci: Allow to use CQEs of version 1 and version 2") Signed-off-by: Ido Schimmel Reported-by: Semion Lisyansky Tested-by: Semion Lisyansky Acked-by: Jiri Pirko Signed-off-by: David S. Miller commit 20f5248a502b6d41746c02c699ec9791a03a4e27 Author: Felix Manlunas Date: Thu Jan 17 18:07:45 2019 +0000 MAINTAINERS: update email addresses of liquidio driver maintainers Update email addresses of liquidio driver maintainers. Also remove a former maintainer. Signed-off-by: Felix Manlunas Acked-by: Derek Chickles Signed-off-by: David S. Miller commit 9437b629518866274d324122066a86ac6500c6b5 Author: Jonathan Neuschäfer Date: Thu Jan 17 18:02:18 2019 +0100 net: Fix typo in NET_FAILOVER help text "also enables" should not be spelled as one word. Fixes: cfc80d9a1163 ("net: Introduce net_failover driver") Signed-off-by: Jonathan Neuschäfer Signed-off-by: David S. Miller commit 6c57f0458022298e4da1729c67bd33ce41c14e7a Author: Ross Lagerwall Date: Thu Jan 17 15:34:38 2019 +0000 net: Fix usage of pskb_trim_rcsum In certain cases, pskb_trim_rcsum() may change skb pointers. Reinitialize header pointers afterwards to avoid potential use-after-frees. Add a note in the documentation of pskb_trim_rcsum(). Found by KASAN. Signed-off-by: Ross Lagerwall Signed-off-by: David S. Miller commit 2339e91d0e6609e17943a0ab3c3c8c4044760c05 Merge: d28f3e7219743 240809ef6630a Author: Linus Torvalds Date: Sat Jan 19 07:34:10 2019 +1200 Merge tag 'media/v5.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: - a regression fix at v4l2 core, with affects multi-plane streams - a fix at vim2m driver * tag 'media/v5.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: media: vim2m: only cancel work if it is for right context media: v4l: ioctl: Validate num_planes for debug messages media: v4l: ioctl: Validate num_planes before using it media: v4l2-ioctl: Clear only per-plane reserved fields commit d28f3e721974378c404f16d17638d9ae5c0db0d2 Merge: 8b4fe58db6794 d2fd6e81912a6 Author: Linus Torvalds Date: Sat Jan 19 07:26:16 2019 +1200 Merge tag 'pci-v5.0-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas:: - Fix PCI kconfig menu organization (Rob Herring) - Fix pci_alloc_irq_vectors_affinity() error return to allow "reduce and retry" for drivers using IRQ sets (Ming Lei) - Fix "pci=disable_acs_redir" initdata use-after-free problem (Logan Gunthorpe) * tag 'pci-v5.0-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() PCI: Fix PCI kconfig menu organization commit 8b4fe58db67947b0c7195405ecb041a991580693 Merge: 3cdf680ea14d8 f29fd331aa055 Author: Linus Torvalds Date: Sat Jan 19 07:23:25 2019 +1200 Merge tag 'i3c/fixes-for-5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux Pull i3c fixes from Boris Brezillon: - Fix the error check on master->sysclk val in the Cadence driver - Fix reattach implementation in the Designware driver * tag 'i3c/fixes-for-5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux: i3c: master: dw-i3c-master: fix i3c_attach/reattach i3c: master: Fix an error checking typo in 'cdns_i3c_master_probe()' commit 3cdf680ea14d8bd3460894eaae0a8bd6a048f705 Merge: 6e4673b42e68c d311e0c27b8fc Author: Linus Torvalds Date: Sat Jan 19 07:21:43 2019 +1200 Merge tag 'mtd/fixes-for-5.0-rc3' of git://git.infradead.org/linux-mtd Pull mtd fixes from Boris Brezillon: "Raw NAND changes: - jz4740: fix a compilation warning - fsmc: fix a regression introduced by ->select_chip() deprecation - denali: fix a regression introduced by NAND_KEEP_TIMINGS addition" * tag 'mtd/fixes-for-5.0-rc3' of git://git.infradead.org/linux-mtd: mtd: rawnand: denali: get ->setup_data_interface() working again mtd: nand: jz4740: fix '__iomem *' vs. '* __iomem' mtd: rawnand: fsmc: Keep bank enable bit set commit 6e4673b42e68c78e449f3f6bfe64ff615c90d0f0 Merge: c5b709804ed7d 7151449fe7fa5 Author: Linus Torvalds Date: Sat Jan 19 07:17:19 2019 +1200 Merge tag 'regmap-fix-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap Pull regmap fixes from Mark Brown: "The cleanups for the way we handle type information introduced during the merge window revealed that we'd been abusing the irq APIs for a long time, causing breakage for systems. This has a couple of minimal fixes for that which restore the previous behaviour for the time being, we'll fix it properly for v5.1 but that'd be a bit much to do as a bug fix" * tag 'regmap-fix-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap: regmap-irq: do not write mask register if mask_base is zero regmap: regmap-irq: silently ignore unsupported type settings commit e40e2a2e78664fa90ea4b9bdf4a84efce2fea9d9 Author: Thomas Petazzoni Date: Wed Jan 16 10:53:58 2019 +0100 net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling The current code in __mdiobus_register() doesn't properly handle failures returned by the devm_gpiod_get_optional() call: it returns immediately, without unregistering the device that was added by the call to device_register() earlier in the function. This leaves a stale device, which then causes a NULL pointer dereference in the code that handles deferred probing: [ 1.489982] Unable to handle kernel NULL pointer dereference at virtual address 00000074 [ 1.498110] pgd = (ptrval) [ 1.500838] [00000074] *pgd=00000000 [ 1.504432] Internal error: Oops: 17 [#1] SMP ARM [ 1.509133] Modules linked in: [ 1.512192] CPU: 1 PID: 51 Comm: kworker/1:3 Not tainted 4.20.0-00039-g3b73a4cc8b3e-dirty #99 [ 1.520708] Hardware name: Xilinx Zynq Platform [ 1.525261] Workqueue: events deferred_probe_work_func [ 1.530403] PC is at klist_next+0x10/0xfc [ 1.534403] LR is at device_for_each_child+0x40/0x94 [ 1.539361] pc : [] lr : [] psr: 200e0013 [ 1.545628] sp : ceeefe68 ip : 00000001 fp : ffffe000 [ 1.550863] r10: 00000000 r9 : c0c66790 r8 : 00000000 [ 1.556079] r7 : c0457d44 r6 : 00000000 r5 : ceeefe8c r4 : cfa2ec78 [ 1.562604] r3 : 00000064 r2 : c0457d44 r1 : ceeefe8c r0 : 00000064 [ 1.569129] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 1.576263] Control: 18c5387d Table: 0ed7804a DAC: 00000051 [ 1.582013] Process kworker/1:3 (pid: 51, stack limit = 0x(ptrval)) [ 1.588280] Stack: (0xceeefe68 to 0xceef0000) [ 1.592630] fe60: cfa2ec78 c0c03c08 00000000 c0457d44 00000000 c0c66790 [ 1.600814] fe80: 00000000 c0455d90 ceeefeac 00000064 00000000 0d7a542e cee9d494 cfa2ec78 [ 1.608998] fea0: cfa2ec78 00000000 c0457d44 c0457d7c cee9d494 c0c03c08 00000000 c0455dac [ 1.617182] fec0: cf98ba44 cf926a00 cee9d494 0d7a542e 00000000 cf935a10 cf935a10 cf935a10 [ 1.625366] fee0: c0c4e9b8 c0457d7c c0c4e80c 00000001 cf935a10 c0457df4 cf935a10 c0c4e99c [ 1.633550] ff00: c0c4e99c c045a27c c0c4e9c4 ced63f80 cfde8a80 cfdebc00 00000000 c013893c [ 1.641734] ff20: cfde8a80 cfde8a80 c07bd354 ced63f80 ced63f94 cfde8a80 00000008 c0c02d00 [ 1.649936] ff40: cfde8a98 cfde8a80 ffffe000 c0139a30 ffffe000 c0c6624a c07bd354 00000000 [ 1.658120] ff60: ffffe000 cee9e780 ceebfe00 00000000 ceeee000 ced63f80 c0139788 cf8cdea4 [ 1.666304] ff80: cee9e79c c013e598 00000001 ceebfe00 c013e44c 00000000 00000000 00000000 [ 1.674488] ffa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 [ 1.682671] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 1.690855] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 1.699058] [] (klist_next) from [] (device_for_each_child+0x40/0x94) [ 1.707241] [] (device_for_each_child) from [] (device_reorder_to_tail+0x38/0x88) [ 1.716476] [] (device_reorder_to_tail) from [] (device_for_each_child+0x5c/0x94) [ 1.725692] [] (device_for_each_child) from [] (device_reorder_to_tail+0x38/0x88) [ 1.734927] [] (device_reorder_to_tail) from [] (device_pm_move_to_tail+0x28/0x40) [ 1.744235] [] (device_pm_move_to_tail) from [] (deferred_probe_work_func+0x58/0x8c) [ 1.753746] [] (deferred_probe_work_func) from [] (process_one_work+0x210/0x4fc) [ 1.762888] [] (process_one_work) from [] (worker_thread+0x2a8/0x5c0) [ 1.771072] [] (worker_thread) from [] (kthread+0x14c/0x154) [ 1.778482] [] (kthread) from [] (ret_from_fork+0x14/0x2c) [ 1.785689] Exception stack(0xceeeffb0 to 0xceeefff8) [ 1.790739] ffa0: 00000000 00000000 00000000 00000000 [ 1.798923] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 1.807107] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 1.813724] Code: e92d47f0 e1a05000 e8900048 e1a00003 (e5937010) [ 1.819844] ---[ end trace 3c2c0c8b65399ec9 ]--- The actual error that we had from devm_gpiod_get_optional() was -EPROBE_DEFER, due to the GPIO being provided by a driver that is probed later than the Ethernet controller driver. To fix this, we simply add the missing device_del() invocation in the error path. Fixes: 69226896ad636 ("mdio_bus: Issue GPIO RESET to PHYs") Signed-off-by: Thomas Petazzoni Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 0e78f389a7cdc6de7dfd0778733f3b140c981c9e Author: Otto Sabart Date: Mon Jan 14 12:56:36 2019 +0100 doc: net: fix bad references to network drivers Fix "reference to nonexisting document" warnings. Fixes: b255e500c8dc ("net: documentation: build a directory structure for drivers") Signed-off-by: Otto Sabart Signed-off-by: David S. Miller commit c5b709804ed7d36c45b5efa170d9e3ea8c29b865 Merge: e6ec2fda2d464 7bea7ac0ca012 Author: Linus Torvalds Date: Sat Jan 19 05:55:42 2019 +1200 Merge tag 'powerpc-5.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "A couple of weeks of fixes. There's one fix for an oops on Power9 machines with Open CAPI adapters. And a fix for probable memory corruption in some of the new NPU code, caught by smatch though and not seen in the wild. Plus a few other minor fixes. There's one non-fix which is the perf_regs change. That was sent during the merge window but I accidentally only merged the first of two patches in the series. It's been in linux-next so hopefully doesn't conflict with anything in acme's tree. Thanks to: Alexey Kardashevskiy, Andrew Donnellan, Breno Leitao, Christian Lamparter, Christophe Leroy, Dan Carpenter, Frederic Barrat, Greg Kurz, Jason A. Donenfeld, Madhavan Srinivasan" * tag 'powerpc-5.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/syscalls: Fix syscall tracing powerpc/pseries: Fix build break due to pnv_npu2_init() powerpc/4xx/ocm: Fix fix for phys_addr_t printf warnings powerpc/powernv/npu: Fix oops in pnv_try_setup_npu_table_group() powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM powerpc/8xx: fix setting of pagetable for Abatron BDI debug tool. powerpc/powernv/npu: Allocate enough memory in pnv_try_setup_npu_table_group() powerpc/perf: Update perf_regs structure to include MMCRA commit e6ec2fda2d464938989ecd770be92e492ace3ae1 Merge: dc6fef2cc5797 867cefb4cb101 Author: Linus Torvalds Date: Sat Jan 19 05:53:41 2019 +1200 Merge tag 'for-linus-5.0-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes from Juergen Gross: - Several fixes for the Xen pvcalls drivers (1 fix for the backend and 8 for the frontend). - A fix for a rather longstanding bug in the Xen sched_clock() interface which led to weird time jumps when migrating the system. - A fix for avoiding accesses to x2apic MSRs in Xen PV guests. * tag 'for-linus-5.0-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen: Fix x86 sched_clock() interface for xen pvcalls-front: fix potential null dereference always clear the X2APIC_ENABLE bit for PV guest pvcalls-front: Avoid get_free_pages(GFP_KERNEL) under spinlock xen/pvcalls: remove set but not used variable 'intf' pvcalls-back: set -ENOTCONN in pvcalls_conn_back_read pvcalls-front: don't return error when the ring is full pvcalls-front: properly allocate sk pvcalls-front: don't try to free unallocated rings pvcalls-front: read all data before closing the connection commit dc6fef2cc57972d4d64d9cd6d26b81060e1db0e6 Merge: 6e434bf2e36b8 d45a90cb5d061 Author: Linus Torvalds Date: Sat Jan 19 05:48:43 2019 +1200 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes the following issues: - Zero-length DMA mapping in caam - Invalidly mapping stack memory for DMA in talitos - Use after free in cavium/nitrox - Key parsing in authenc - Undefined shift in sm3 - Bogus completion call in authencesn - SHA support detection in caam" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: sm3 - fix undefined shift by >= width of value crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK crypto: talitos - reorder code in talitos_edesc_alloc() crypto: adiantum - initialize crypto_spawn::inst crypto: cavium/nitrox - Use after free in process_response_list() crypto: authencesn - Avoid twice completion call in decrypt path crypto: caam - fix SHA support detection crypto: caam - fix zero-length buffer DMA mapping crypto: ccree - convert to use crypto_authenc_extractkeys() crypto: bcm - convert to use crypto_authenc_extractkeys() crypto: authenc - fix parsing key with misaligned rta_len commit 6e434bf2e36b8a111c4dea6c1d1e355ad39ec01b Merge: 2a8cbf2a02784 11ee2a3808aeb Author: Linus Torvalds Date: Sat Jan 19 05:46:00 2019 +1200 Merge tag 'acpi-5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "These fix an ACPI initialization ordering issue introduced in the 4.17 time frame and causing functional problems to appear on multiple systems and fix some fallout of the recent change to enable building kernels with ACPI support and without PCI. Specifics: - Restore the ACPI initialization ordering changed implicitly by the module-level AML handling rework during the 4.17 development cycle that caused the EC address space handler based on information from ECDT to be set up before loading AML definition blocks, making it effectively not accessible by AML on some systems that don't work as expected any more (Rafael Wysocki). - Add direct dependencies on PCI to Kconfig in multiple places for code that depends on both ACPI and PCI, but the PCI dependency was implicitly satisfied by the ACPI dependency before, to prevent invalid configurations from being created, for example by randconfig (Sinan Kaya)" * tag 'acpi-5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: EC: Look for ECDT EC after calling acpi_load_tables() drivers: thermal: int340x_thermal: Make PCI dependency explicit x86/intel/lpss: Make PCI dependency explicit platform/x86: apple-gmux: Make PCI dependency explicit platform/x86: intel_pmc: Make PCI dependency explicit platform/x86: intel_ips: make PCI dependency explicit vga-switcheroo: make PCI dependency explicit ata: pata_acpi: Make PCI dependency explicit ACPI / LPSS: Make PCI dependency explicit commit 2a8cbf2a02784efc02f7093000010e20c4ebc9ea Merge: c3653ebdf8931 890d14d2d4b57 Author: Linus Torvalds Date: Sat Jan 19 05:43:05 2019 +1200 Merge tag 'fbdev-v5.0-rc3' of git://github.com/bzolnier/linux Pull fbdev fixes from Bartlomiej Zolnierkiewicz: - fix stack memory leak in omap2fb driver (Vlad Tsyrklevich) - fix OF node name handling v4.20 regression in offb driver (Rob Herring) - convert CONFIG_FB_LOGO_CENTER config option added in v5.0-rc1 into a kernel parameter (Peter Rosin) * tag 'fbdev-v5.0-rc3' of git://github.com/bzolnier/linux: fbdev: fbmem: convert CONFIG_FB_LOGO_CENTER into a cmd line option fbdev: offb: Fix OF node name handling omap2fb: Fix stack memory disclosure commit c3653ebdf89315a3a683f03b8b181942e452d603 Merge: d7393226d15ad 9420151d88ca3 Author: Linus Torvalds Date: Sat Jan 19 05:41:38 2019 +1200 Merge tag 'drm-fixes-2019-01-18-1' of git://anongit.freedesktop.org/drm/drm Pull drm update from Dave Airlie: "Add nouveau TU102 (RTX 2080 Ti) support" * tag 'drm-fixes-2019-01-18-1' of git://anongit.freedesktop.org/drm/drm: drm/nouveau/core: recognise TU102 commit fd340d0f68cc87badfc9efcb226f23a5428826a0 Author: Josef Bacik Date: Fri Jan 11 10:21:02 2019 -0500 btrfs: wakeup cleaner thread when adding delayed iput The cleaner thread usually takes care of delayed iputs, with the exception of the btrfs_end_transaction_throttle path. Delaying iputs means we are potentially delaying the eviction of an inode and it's respective space. The cleaner thread only gets woken up every 30 seconds, or when we require space. If there are a lot of inodes that need to be deleted we could induce a serious amount of latency while we wait for these inodes to be evicted. So instead wakeup the cleaner if it's not already awake to process any new delayed iputs we add to the list. If we suddenly need space we will less likely be backed up behind a bunch of inodes that are waiting to be deleted, and we could possibly free space before we need to get into the flushing logic which will save us some latency. Reviewed-by: Filipe Manana Signed-off-by: Josef Bacik Signed-off-by: David Sterba commit 3ec9a4c81c8cc2a8d9673588dd84d9cc7c31019b Author: Josef Bacik Date: Fri Jan 11 10:21:01 2019 -0500 btrfs: run delayed iputs before committing Delayed iputs means we can have final iputs of deleted inodes in the queue, which could potentially generate a lot of pinned space that could be free'd. So before we decide to commit the transaction for ENOPSC reasons, run the delayed iputs so that any potential space is free'd up. If there is and we freed enough we can then commit the transaction and potentially be able to make our reservation. Reviewed-by: Omar Sandoval Signed-off-by: Josef Bacik Signed-off-by: David Sterba commit 74d5d229b1bf60f93bff244b2dfc0eb21ec32a07 Author: Josef Bacik Date: Wed Nov 21 14:05:45 2018 -0500 btrfs: wait on ordered extents on abort cleanup If we flip read-only before we initiate writeback on all dirty pages for ordered extents we've created then we'll have ordered extents left over on umount, which results in all sorts of bad things happening. Fix this by making sure we wait on ordered extents if we have to do the aborted transaction cleanup stuff. generic/475 can produce this warning: [ 8531.177332] WARNING: CPU: 2 PID: 11997 at fs/btrfs/disk-io.c:3856 btrfs_free_fs_root+0x95/0xa0 [btrfs] [ 8531.183282] CPU: 2 PID: 11997 Comm: umount Tainted: G W 5.0.0-rc1-default+ #394 [ 8531.185164] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),BIOS rel-1.11.2-0-gf9626cc-prebuilt.qemu-project.org 04/01/2014 [ 8531.187851] RIP: 0010:btrfs_free_fs_root+0x95/0xa0 [btrfs] [ 8531.193082] RSP: 0018:ffffb1ab86163d98 EFLAGS: 00010286 [ 8531.194198] RAX: ffff9f3449494d18 RBX: ffff9f34a2695000 RCX:0000000000000000 [ 8531.195629] RDX: 0000000000000002 RSI: 0000000000000001 RDI:0000000000000000 [ 8531.197315] RBP: ffff9f344e930000 R08: 0000000000000001 R09:0000000000000000 [ 8531.199095] R10: 0000000000000000 R11: ffff9f34494d4ff8 R12:ffffb1ab86163dc0 [ 8531.200870] R13: ffff9f344e9300b0 R14: ffffb1ab86163db8 R15:0000000000000000 [ 8531.202707] FS: 00007fc68e949fc0(0000) GS:ffff9f34bd800000(0000)knlGS:0000000000000000 [ 8531.204851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8531.205942] CR2: 00007ffde8114dd8 CR3: 000000002dfbd000 CR4:00000000000006e0 [ 8531.207516] Call Trace: [ 8531.208175] btrfs_free_fs_roots+0xdb/0x170 [btrfs] [ 8531.210209] ? wait_for_completion+0x5b/0x190 [ 8531.211303] close_ctree+0x157/0x350 [btrfs] [ 8531.212412] generic_shutdown_super+0x64/0x100 [ 8531.213485] kill_anon_super+0x14/0x30 [ 8531.214430] btrfs_kill_super+0x12/0xa0 [btrfs] [ 8531.215539] deactivate_locked_super+0x29/0x60 [ 8531.216633] cleanup_mnt+0x3b/0x70 [ 8531.217497] task_work_run+0x98/0xc0 [ 8531.218397] exit_to_usermode_loop+0x83/0x90 [ 8531.219324] do_syscall_64+0x15b/0x180 [ 8531.220192] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 8531.221286] RIP: 0033:0x7fc68e5e4d07 [ 8531.225621] RSP: 002b:00007ffde8116608 EFLAGS: 00000246 ORIG_RAX:00000000000000a6 [ 8531.227512] RAX: 0000000000000000 RBX: 00005580c2175970 RCX:00007fc68e5e4d07 [ 8531.229098] RDX: 0000000000000001 RSI: 0000000000000000 RDI:00005580c2175b80 [ 8531.230730] RBP: 0000000000000000 R08: 00005580c2175ba0 R09:00007ffde8114e80 [ 8531.232269] R10: 0000000000000000 R11: 0000000000000246 R12:00005580c2175b80 [ 8531.233839] R13: 00007fc68eac61c4 R14: 00005580c2175a68 R15:0000000000000000 Leaving a tree in the rb-tree: 3853 void btrfs_free_fs_root(struct btrfs_root *root) 3854 { 3855 iput(root->ino_cache_inode); 3856 WARN_ON(!RB_EMPTY_ROOT(&root->inode_tree)); CC: stable@vger.kernel.org Reviewed-by: Nikolay Borisov Signed-off-by: Josef Bacik [ add stacktrace ] Signed-off-by: David Sterba commit 31890da0bfdd24b135a258404b93c58a65510c7a Author: Josef Bacik Date: Wed Nov 21 14:05:41 2018 -0500 btrfs: handle delayed ref head accounting cleanup in abort We weren't doing any of the accounting cleanup when we aborted transactions. Fix this by making cleanup_ref_head_accounting global and calling it from the abort code, this fixes the issue where our accounting was all wrong after the fs aborts. The test generic/475 on a 2G VM can trigger the problems eg.: [ 8502.136957] WARNING: CPU: 0 PID: 11064 at fs/btrfs/extent-tree.c:5986 btrfs_free_block_grou +ps+0x3dc/0x410 [btrfs] [ 8502.148372] CPU: 0 PID: 11064 Comm: umount Not tainted 5.0.0-rc1-default+ #394 [ 8502.150807] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626 +cc-prebuilt.qemu-project.org 04/01/2014 [ 8502.154317] RIP: 0010:btrfs_free_block_groups+0x3dc/0x410 [btrfs] [ 8502.160623] RSP: 0018:ffffb1ab84b93de8 EFLAGS: 00010206 [ 8502.161906] RAX: 0000000001000000 RBX: ffff9f34b1756400 RCX: 0000000000000000 [ 8502.163448] RDX: 0000000000000002 RSI: 0000000000000001 RDI: ffff9f34b1755400 [ 8502.164906] RBP: ffff9f34b7e8c000 R08: 0000000000000001 R09: 0000000000000000 [ 8502.166716] R10: 0000000000000000 R11: 0000000000000001 R12: ffff9f34b7e8c108 [ 8502.168498] R13: ffff9f34b7e8c158 R14: 0000000000000000 R15: dead000000000100 [ 8502.170296] FS: 00007fb1cf15ffc0(0000) GS:ffff9f34bd400000(0000) knlGS:0000000000000000 [ 8502.172439] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8502.173669] CR2: 00007fb1ced507b0 CR3: 000000002f7a6000 CR4: 00000000000006f0 [ 8502.175094] Call Trace: [ 8502.175759] close_ctree+0x17f/0x350 [btrfs] [ 8502.176721] generic_shutdown_super+0x64/0x100 [ 8502.177702] kill_anon_super+0x14/0x30 [ 8502.178607] btrfs_kill_super+0x12/0xa0 [btrfs] [ 8502.179602] deactivate_locked_super+0x29/0x60 [ 8502.180595] cleanup_mnt+0x3b/0x70 [ 8502.181406] task_work_run+0x98/0xc0 [ 8502.182255] exit_to_usermode_loop+0x83/0x90 [ 8502.183113] do_syscall_64+0x15b/0x180 [ 8502.183919] entry_SYSCALL_64_after_hwframe+0x49/0xbe Corresponding to release_global_block_rsv() { ... WARN_ON(fs_info->delayed_refs_rsv.reserved > 0); CC: stable@vger.kernel.org Signed-off-by: Josef Bacik [ add log dump ] Signed-off-by: David Sterba commit 77b7aad195099e7c6da11e94b7fa6ef5e6fb0025 Author: David Sterba Date: Wed Jan 9 15:02:23 2019 +0100 Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io" This reverts commit e73e81b6d0114d4a303205a952ab2e87c44bd279. This patch causes a few problems: - adds latency to btrfs_finish_ordered_io - as btrfs_finish_ordered_io is used for free space cache, generating more work from btrfs_btree_balance_dirty_nodelay could end up in the same workque, effectively deadlocking 12260 kworker/u96:16+btrfs-freespace-write D [<0>] balance_dirty_pages+0x6e6/0x7ad [<0>] balance_dirty_pages_ratelimited+0x6bb/0xa90 [<0>] btrfs_finish_ordered_io+0x3da/0x770 [<0>] normal_work_helper+0x1c5/0x5a0 [<0>] process_one_work+0x1ee/0x5a0 [<0>] worker_thread+0x46/0x3d0 [<0>] kthread+0xf5/0x130 [<0>] ret_from_fork+0x24/0x30 [<0>] 0xffffffffffffffff Transaction commit will wait on the freespace cache: 838 btrfs-transacti D [<0>] btrfs_start_ordered_extent+0x154/0x1e0 [<0>] btrfs_wait_ordered_range+0xbd/0x110 [<0>] __btrfs_wait_cache_io+0x49/0x1a0 [<0>] btrfs_write_dirty_block_groups+0x10b/0x3b0 [<0>] commit_cowonly_roots+0x215/0x2b0 [<0>] btrfs_commit_transaction+0x37e/0x910 [<0>] transaction_kthread+0x14d/0x180 [<0>] kthread+0xf5/0x130 [<0>] ret_from_fork+0x24/0x30 [<0>] 0xffffffffffffffff And then writepages ends up waiting on transaction commit: 9520 kworker/u96:13+flush-btrfs-1 D [<0>] wait_current_trans+0xac/0xe0 [<0>] start_transaction+0x21b/0x4b0 [<0>] cow_file_range_inline+0x10b/0x6b0 [<0>] cow_file_range.isra.69+0x329/0x4a0 [<0>] run_delalloc_range+0x105/0x3c0 [<0>] writepage_delalloc+0x119/0x180 [<0>] __extent_writepage+0x10c/0x390 [<0>] extent_write_cache_pages+0x26f/0x3d0 [<0>] extent_writepages+0x4f/0x80 [<0>] do_writepages+0x17/0x60 [<0>] __writeback_single_inode+0x59/0x690 [<0>] writeback_sb_inodes+0x291/0x4e0 [<0>] __writeback_inodes_wb+0x87/0xb0 [<0>] wb_writeback+0x3bb/0x500 [<0>] wb_workfn+0x40d/0x610 [<0>] process_one_work+0x1ee/0x5a0 [<0>] worker_thread+0x1e0/0x3d0 [<0>] kthread+0xf5/0x130 [<0>] ret_from_fork+0x24/0x30 [<0>] 0xffffffffffffffff Eventually, we have every process in the system waiting on balance_dirty_pages(), and nobody is able to make progress on page writeback. The original patch tried to fix an OOM condition, that happened on 4.4 but no success reproducing that on later kernels (4.19 and 4.20). This is more likely a problem in OOM itself. Link: https://lore.kernel.org/linux-btrfs/20180528054821.9092-1-ethanlien@synology.com/ Reported-by: Chris Mason CC: stable@vger.kernel.org # 4.18+ CC: ethanlien Signed-off-by: David Sterba commit 11ee2a3808aebbec73096551a716dea03d417fcb Merge: b1c0330823fe8 6f9b5e70dfcde Author: Rafael J. Wysocki Date: Fri Jan 18 11:17:16 2019 +0100 Merge branch 'acpi-pci' * acpi-pci: drivers: thermal: int340x_thermal: Make PCI dependency explicit x86/intel/lpss: Make PCI dependency explicit platform/x86: apple-gmux: Make PCI dependency explicit platform/x86: intel_pmc: Make PCI dependency explicit platform/x86: intel_ips: make PCI dependency explicit vga-switcheroo: make PCI dependency explicit ata: pata_acpi: Make PCI dependency explicit ACPI / LPSS: Make PCI dependency explicit commit d311e0c27b8fcc27f707f8cac48cd8bdc4155224 Author: Masahiro Yamada Date: Fri Jan 18 14:30:38 2019 +0900 mtd: rawnand: denali: get ->setup_data_interface() working again Commit 7a08dbaedd36 ("mtd: rawnand: Move ->setup_data_interface() to nand_controller_ops") missed to invert the if-conditonal for denali. Since then, the Denali NAND driver cannnot invoke setup_data_interface. Fixes: 7a08dbaedd36 ("mtd: rawnand: Move ->setup_data_interface() to nand_controller_ops") Signed-off-by: Masahiro Yamada Acked-by: Miquel Raynal Signed-off-by: Boris Brezillon commit 01eeb927bbcc1952114b0aec1447699c4747c337 Author: Luc Van Oostenryck Date: Thu Jan 17 18:39:07 2019 +0100 mtd: nand: jz4740: fix '__iomem *' vs. '* __iomem' The function jz_nand_ioremap_resource() needs a pointer to an __iomem pointer as its last argument but this argument is declared as: void * __iomem *base Fix this by using the correct declaration: void __iomem **base which then also removes the following Sparse's warnings: 282:15: warning: incorrect type in assignment (different address spaces) 282:15: expected void *[noderef] 282:15: got void [noderef] * 322:57: warning: incorrect type in argument 4 (different address spaces) 322:57: expected void *[noderef] *base 322:57: got void [noderef] ** 402:67: warning: incorrect type in argument 4 (different address spaces) 402:67: expected void *[noderef] *base 402:67: got void [noderef] ** Signed-off-by: Luc Van Oostenryck Acked-by: Miquel Raynal Signed-off-by: Boris Brezillon commit bf97403ac4bfbc9f9f92f47e737aee983d9191f5 Author: Yang Wei Date: Thu Jan 17 23:30:03 2019 +0800 macvlan: replace kfree_skb by consume_skb for drop profiles Replace the kfree_skb() by consume_skb() to be drop monitor(dropwatch, perf) friendly. Signed-off-by: Yang Wei Signed-off-by: David S. Miller commit 87fff3cacd0112bcaf42f932c1e44ae32b42f1fb Author: Yang Wei Date: Thu Jan 17 23:11:30 2019 +0800 neighbour: Do not perturb drop profiles when neigh_probe Replace the kfree_skb() by consume_skb() to be drop monitor(dropwatch, perf) friendly. Signed-off-by: Yang Wei Signed-off-by: David S. Miller commit 5ab3121beeb76aa6090195b67d237115860dd9ec Author: Lendacky, Thomas Date: Thu Jan 17 14:20:14 2019 +0000 amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs The XGBE hardware has support for performing MDIO operations using an MDIO command request. The driver mistakenly uses the mdio port address as the MDIO command request device address instead of the MDIO command request port address. Additionally, the driver does not properly check for and create a clause 45 MDIO command. Check the supplied MDIO register to determine if the request is a clause 45 operation (MII_ADDR_C45). For a clause 45 operation, extract the device address and register number from the supplied MDIO register and use them to set the MDIO command request device address and register number fields. For a clause 22 operation, the MDIO request device address is set to zero and the MDIO command request register number is set to the supplied MDIO register. In either case, the supplied MDIO port address is used as the MDIO command request port address. Fixes: 732f2ab7afb9 ("amd-xgbe: Add support for MDIO attached PHYs") Signed-off-by: Tom Lendacky Tested-by: Shyam Sundar S K Signed-off-by: David S. Miller commit 40f89ebfbd73fc9439ae8d4950f60226ad176690 Author: Camelia Groza Date: Thu Jan 17 14:33:33 2019 +0200 net: phy: add missing phy driver features The phy drivers for CS4340 and TN2020 are missing their features attributes. Add them. Fixes: 719655a14971 ("net: phy: Replace phy driver features u32 with link_mode bitmap") Reported-by: Scott Wood Signed-off-by: Camelia Groza Signed-off-by: David S. Miller commit c6ddfb9a963f0cac0f7365acfc87f3f3b33a3b69 Author: Madalin Bucur Date: Thu Jan 17 11:42:27 2019 +0200 dpaa_eth: NETIF_F_LLTX requires to do our own update of trans_start As txq_trans_update() only updates trans_start when the lock is held, trans_start does not get updated if NETIF_F_LLTX is declared. Signed-off-by: Madalin Bucur Signed-off-by: David S. Miller commit 28c1382fa28f2e2d9d0d6f25ae879b5af2ecbd03 Author: Yunjian Wang Date: Thu Jan 17 09:46:41 2019 +0800 net: bridge: Fix ethernet header pointer before check skb forwardable The skb header should be set to ethernet header before using is_skb_forwardable. Because the ethernet header length has been considered in is_skb_forwardable(including dev->hard_header_len length). To reproduce the issue: 1, add 2 ports on linux bridge br using following commands: $ brctl addbr br $ brctl addif br eth0 $ brctl addif br eth1 2, the MTU of eth0 and eth1 is 1500 3, send a packet(Data 1480, UDP 8, IP 20, Ethernet 14, VLAN 4) from eth0 to eth1 So the expect result is packet larger than 1500 cannot pass through eth0 and eth1. But currently, the packet passes through success, it means eth1's MTU limit doesn't take effect. Fixes: f6367b4660dd ("bridge: use is_skb_forwardable in forward path") Cc: bridge@lists.linux-foundation.org Cc: Nkolay Aleksandrov Cc: Roopa Prabhu Cc: Stephen Hemminger Signed-off-by: Yunjian Wang Signed-off-by: David S. Miller commit cc5e710759470bc7f3c61d11fd54586f15fdbdf4 Author: Jason Wang Date: Wed Jan 16 16:54:42 2019 +0800 vhost: log dirty page correctly Vhost dirty page logging API is designed to sync through GPA. But we try to log GIOVA when device IOTLB is enabled. This is wrong and may lead to missing data after migration. To solve this issue, when logging with device IOTLB enabled, we will: 1) reuse the device IOTLB translation result of GIOVA->HVA mapping to get HVA, for writable descriptor, get HVA through iovec. For used ring update, translate its GIOVA to HVA 2) traverse the GPA->HVA mapping to get the possible GPA and log through GPA. Pay attention this reverse mapping is not guaranteed to be unique, so we should log each possible GPA in this case. This fix the failure of scp to guest during migration. In -next, we will probably support passing GIOVA->GPA instead of GIOVA->HVA. Fixes: 6b1e6cc7855b ("vhost: new device IOTLB API") Reported-by: Jintack Lim Cc: Jintack Lim Signed-off-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller commit f655f8b818684716b2ebe35760c9b96184587d56 Author: Jakub Kicinski Date: Sat Jan 12 12:51:05 2019 -0800 Documentation: timestamping: correct path to net_tstamp.h net_tstamp.h is an UAPI header, so it was moved under include/uapi. Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller commit 9420151d88ca35cd7f857774d90bfdca505a2cc1 Merge: df0219b4f9576 7ebec5f43134b Author: Dave Airlie Date: Fri Jan 18 15:38:13 2019 +1000 Merge branch 'linux-4.21' of git://github.com/skeggsb/linux into drm-fixes nouveau support for TU102 (RTX 2080 Ti) Signed-off-by: Dave Airlie From: Ben Skeggs Link: https://patchwork.freedesktop.org/patch/msgid/CABDvA=mQsRr0BpRpv3n6UjthHush4u_kQR3oUGHkBtAHTmyCYw@mail.gmail.com commit d7393226d15add056285c8fc86723d54d7e0c77d Merge: 1092a94fcbcde d6f4a21f309df Author: Linus Torvalds Date: Fri Jan 18 17:17:20 2019 +1200 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull rdma fixes frfom Jason Gunthorpe: "Not much so far. We have the usual batch of bugs and two fixes to code merged this cycle: - Restore valgrind support for the ioctl verbs interface merged this window, and fix a missed error code on an error path from that conversion - A user reported crash on obsolete mthca hardware - pvrdma was using the wrong command opcode toward the hypervisor - NULL pointer crash regression when dumping rdma-cm over netlink - Be conservative about exposing the global rkey" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: RDMA/uverbs: Mark ioctl responses with UVERBS_ATTR_F_VALID_OUTPUT RDMA/mthca: Clear QP objects during their allocation RDMA/vmw_pvrdma: Return the correct opcode when creating WR RDMA/cma: Add cm_id restrack resource based on kernel or user cm_id type RDMA/nldev: Don't expose unsafe global rkey to regular user RDMA/uverbs: Fix post send success return value in case of error commit 1092a94fcbcde03a8c2cc554f305af48c95d5d58 Merge: 2451f3717c538 df0219b4f9576 Author: Linus Torvalds Date: Fri Jan 18 17:14:02 2019 +1200 Merge tag 'drm-fixes-2019-01-18' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "The rc3 fixes are a bit scattered: - meson, sun4i and rockchip all had missing of_node_put. - qxl and virtio both were advertising dma-buf to userspace when they really shouldn't have. Otherwise: meson: - modesetting regression fix i915 GVT: - one cmd parser failure fix - region cleanup fix in vGPU destroy amdgpu: - KFD fixes for arm64 mixed APU/DGPU - vega12 powerplay fix - raven DC fixes - freesync fix" * tag 'drm-fixes-2019-01-18' of git://anongit.freedesktop.org/drm/drm: drm/amd/display: Detach backlight from stream drm/sun4i: backend: add missing of_node_puts Revert "drm/amdgpu: validate user pitch alignment" Revert "drm/amdgpu: validate user GEM object size" drm/meson: Fix atomic mode switching regression drm/i915/gvt: Fix mmap range check drm/i915/gvt: free VFIO region space in vgpu detach drm/amd/display: Fix disabled cursor on top screen edge drm/amd/display: fix warning on raven hotplug drm/amd/display: fix PME notification not working in RV desktop drm/amd/display: Only get the connector state for VRR when toggled drm/amd/display: Pack DMCU iRAM alignment drm/amd/powerplay: run acg btc for Vega12 drm/amdkfd: Don't assign dGPUs to APU topology devices drm/amdkfd: Allow building KFD on ARM64 (v2) drm/meson: add missing of_node_put drm/virtio: drop prime import/export callbacks drm/qxl: drop prime import/export callbacks drm/i915/gvt: Allow F_CMD_ACCESS on mmio 0x21f0 drm/rockchip: add missing of_node_put commit 2451f3717c538795fc9fade46916683ebf7ea959 Merge: 0a2fbed84a962 248b57015f35c Author: Linus Torvalds Date: Fri Jan 18 16:58:07 2019 +1200 Merge tag 'led-fix-for-5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds Pull LED fix from Jacek Anaszewski. * tag 'led-fix-for-5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds: leds: lp5523: fix a missing check of return value of lp55xx_read commit 0a2fbed84a962c486a71d2c91c86a31332dcbf02 Merge: a3a80255d58d0 f422449b58548 Author: Linus Torvalds Date: Fri Jan 18 16:55:49 2019 +1200 Merge tag 'hwmon-for-v5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: "Minor fixes/regressions" * tag 'hwmon-for-v5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table hwmon: (occ) Fix potential integer overflow hwmon: (lm80) Fix missing unlock on error in set_fan_div() hwmon: (nct6775) Enable IO mapping for NCT6797D and NCT6798D hwmon: (nct6775) Fix chip ID for NCT6798D commit 38197ca176fc259fa4c871d07bcf8389d044a895 Author: Thomas Gleixner Date: Fri Jan 18 00:14:17 2019 +0100 block: Cleanup license notice Remove the imprecise and sloppy: "This files is licensed under the GPL." license notice in the top level comment. 1) The file already contains a SPDX license identifier which clearly states that the license of the file is GPL V2 only 2) The notice resolves to GPL v1 or later for scanners which is just contrary to the intent of SPDX identifiers to provide clear and non ambiguous license information. Aside of that the value add of this notice is below zero, Cc: Damien Le Moal Cc: Matias Bjorling Cc: Christoph Hellwig Cc: Jens Axboe Cc: linux-block@vger.kernel.org Fixes: 6a5ac9846508 ("block: Make struct request_queue smaller for CONFIG_BLK_DEV_ZONED=n") Reviewed-by: Bart Van Assche Signed-off-by: Thomas Gleixner Signed-off-by: Jens Axboe commit 7ebec5f43134bbf3dd5f20228ac4c1b55ee73284 Author: Ben Skeggs Date: Thu Jan 17 11:39:55 2019 +1000 drm/nouveau/core: recognise TU102 Would usually do this split-out, verifying each component indivitually, but this has been squashed together to be more palatable for merging in 5.0-rc. Signed-off-by: Ben Skeggs commit 88a8121dc1d3d0dbddd411b79ed236b6b6ea415c Author: Nicolas Dichtel Date: Thu Jan 17 11:27:22 2019 +0100 af_packet: fix raw sockets over 6in4 tunnel Since commit cb9f1b783850, scapy (which uses an AF_PACKET socket in SOCK_RAW mode) is unable to send a basic icmp packet over a sit tunnel: Here is a example of the setup: $ ip link set ntfp2 up $ ip addr add 10.125.0.1/24 dev ntfp2 $ ip tunnel add tun1 mode sit ttl 64 local 10.125.0.1 remote 10.125.0.2 dev ntfp2 $ ip addr add fd00:cafe:cafe::1/128 dev tun1 $ ip link set dev tun1 up $ ip route add fd00:200::/64 dev tun1 $ scapy >>> p = [] >>> p += IPv6(src='fd00:100::1', dst='fd00:200::1')/ICMPv6EchoRequest() >>> send(p, count=1, inter=0.1) >>> quit() $ ip -s link ls dev tun1 | grep -A1 "TX.*errors" TX: bytes packets errors dropped carrier collsns 0 0 1 0 0 0 The problem is that the network offset is set to the hard_header_len of the output device (tun1, ie 14 + 20) and in our case, because the packet is small (48 bytes) the pskb_inet_may_pull() fails (it tries to pull 40 bytes (ipv6 header) starting from the network offset). This problem is more generally related to device with variable hard header length. To avoid a too intrusive patch in the current release, a (ugly) workaround is proposed in this patch. It has to be cleaned up in net-next. Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=993675a3100b1 Link: http://patchwork.ozlabs.org/patch/1024489/ Fixes: cb9f1b783850 ("ip: validate header length on virtual device xmit") CC: Willem de Bruijn CC: Maxim Mikityanskiy Signed-off-by: Nicolas Dichtel Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit e224c390a6259c529f7b2a6bd215a087b3344f5c Author: Yuchung Cheng Date: Thu Jan 17 08:51:01 2019 -0800 bpf: fix SO_MAX_PACING_RATE to support TCP internal pacing If sch_fq packet scheduler is not used, TCP can fallback to internal pacing, but this requires sk_pacing_status to be properly set. Fixes: 8c4b4c7e9ff0 ("bpf: Add setsockopt helper function to bpf") Signed-off-by: Yuchung Cheng Signed-off-by: Eric Dumazet Cc: Lawrence Brakmo Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit f4924f24da8c7ef64195096817f3cde324091d97 Author: Peter Oskolkov Date: Wed Jan 16 08:47:54 2019 -0800 bpf: bpf_setsockopt: reset sock dst on SO_MARK changes In sock_setsockopt() (net/core/sock.h), when SO_MARK option is used to change sk_mark, sk_dst_reset(sk) is called. The same should be done in bpf_setsockopt(). Fixes: 8c4b4c7e9ff0 ("bpf: Add setsockopt helper function to bpf") Reported-by: Maciej Żenczykowski Signed-off-by: Peter Oskolkov Acked-by: Martin KaFai Lau Reviewed-by: Maciej Żenczykowski Signed-off-by: Daniel Borkmann commit df0219b4f9576c72b618db5edf7bb75c14829dbd Merge: 4ac4cb70d15a9 4bb0e6d725821 Author: Dave Airlie Date: Fri Jan 18 09:14:34 2019 +1000 Merge tag 'drm-misc-fixes-2019-01-17' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes drm-misc-fixes for v5.0-rc3: - Add missing calls to of_node_put to sun4i, meson, and rockchip. - Drop unimplemented prime callbacks in virtio and qxl, so support for prime is not advertised on those drivers. - Fix mode switching regression in meson. Signed-off-by: Dave Airlie From: Maarten Lankhorst Link: https://patchwork.freedesktop.org/patch/msgid/9af07312-f435-2fda-65a2-9fe92cdf5da4@linux.intel.com commit 4ac4cb70d15a94a2b11a0cebeee90806013f3bd0 Merge: 586cdb0db70ba 15c05196ff84a Author: Dave Airlie Date: Fri Jan 18 09:12:39 2019 +1000 Merge tag 'drm-intel-fixes-2019-01-17' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes drm/i915/gvt fixes for v5.0-rc3 "This contains one cmd parser failure fix to allow cmd access for one register, and fix region cleanup properly in vGPU destroy, and another fix for critical mmap size check mistake." Signed-off-by: Dave Airlie From: Jani Nikula Link: https://patchwork.freedesktop.org/patch/msgid/87ef9bfusc.fsf@intel.com commit 586cdb0db70ba54482d8b217839d8fa4377ea077 Merge: 1c7fc5cbc3398 35dad45d5cad3 Author: Dave Airlie Date: Fri Jan 18 09:10:09 2019 +1000 Merge branch 'drm-fixes-5.0' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Fixes for 5.0: - Fix KFD on ARM64 - Fix KFD topology with mixed APU and dGPU systems - Powerplay fix for vega12 - DC Raven fixes - Freesync fix Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20190116224524.3314-1-alexander.deucher@amd.com commit f7c46156f4a9d6ba5c6bcc5c48945e87b0f08c65 Author: Alexey Kodanev Date: Wed Jan 16 19:17:45 2019 +0300 udp6: add missing rehash callback to udplite After commit 23b0269e58ae ("net: udp6: prefer listeners bound to an address"), UDP-Lite only works when specifying a local address for the sockets. This is related to the problem addressed in the commit 719f835853a9 ("udp: add rehash on connect()"). Moreover, __udp6_lib_lookup() now looks for a socket immediately in the secondary hash table. And this issue was found with LTP/network tests as well. Fixes: 23b0269e58ae ("net: udp6: prefer listeners bound to an address") Signed-off-by: Alexey Kodanev Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit 8f6b5392856a4b74224e257f3e0874a163b04603 Author: Alexey Kodanev Date: Wed Jan 16 19:17:44 2019 +0300 udp: add missing rehash callback to udplite After commit 4cdeeee9252a ("net: udp: prefer listeners bound to an address"), UDP-Lite only works when specifying a local address for the sockets. This is related to the problem addressed in the commit 719f835853a9 ("udp: add rehash on connect()"). Moreover, __udp4_lib_lookup() now looks for a socket immediately in the secondary hash table. The issue was found with LTP/network tests (UDP-Lite test-cases). Fixes: 4cdeeee9252a ("net: udp: prefer listeners bound to an address") Signed-off-by: Alexey Kodanev Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit 2cddd20147826aef283115abb00012d4dafe3cdb Author: Ivan Vecera Date: Wed Jan 16 16:53:52 2019 +0100 net/sched: cls_flower: allocate mask dynamically in fl_change() Recent changes (especially 05cd271fd61a ("cls_flower: Support multiple masks per priority")) in the fl_flow_mask structure grow it and its current size e.g. on x86_64 with defconfig is 760 bytes and more than 1024 bytes with some debug options enabled. Prior the mentioned commit its size was 176 bytes (using defconfig on x86_64). With regard to this fact it's reasonable to allocate this structure dynamically in fl_change() to reduce its stack size. v2: - use kzalloc() instead of kcalloc() Fixes: 05cd271fd61a ("cls_flower: Support multiple masks per priority") Cc: Jiri Pirko Cc: Paul Blakey Acked-by: Jiri Pirko Signed-off-by: Ivan Vecera Signed-off-by: David S. Miller commit 3f1bb6abdf19cfa89860b3bc9e7f31b44b6a0ba1 Author: Johan Hovold Date: Wed Jan 16 11:27:08 2019 +0100 net: dsa: realtek-smi: fix OF child-node lookup Use the new of_get_compatible_child() helper to look up child nodes to avoid ever matching non-child nodes elsewhere in the tree. Also fix up the related struct device_node leaks. Fixes: d8652956cf37 ("net: dsa: realtek-smi: Add Realtek SMI driver") Cc: stable # 4.19: 36156f9241cb0 Cc: Linus Walleij Signed-off-by: Johan Hovold Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 248b57015f35c94d4eae2fdd8c6febf5cd703900 Author: Kangjie Lu Date: Tue Dec 25 22:18:23 2018 -0600 leds: lp5523: fix a missing check of return value of lp55xx_read When lp55xx_read() fails, "status" is an uninitialized variable and thus may contain random value; using it leads to undefined behaviors. The fix inserts a check for the return value of lp55xx_read: if it fails, returns with its error code. Signed-off-by: Kangjie Lu Signed-off-by: Jacek Anaszewski commit f422449b58548a41e98fc97b259a283718e527db Author: Cheng-Min Ao Date: Mon Jan 7 14:29:32 2019 +0800 hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table Correct a typo in OF device ID table The last one should be 'ti,tmp442' Signed-off-by: Cheng-Min Ao Signed-off-by: Yu-Hsiang Chen Signed-off-by: Guenter Roeck commit cb12d72b27a6f41325ae23a11033cf5fedfa1b97 Author: Colin Ian King Date: Tue Jan 15 18:03:38 2019 +0000 atm: he: fix sign-extension overflow on large shift Shifting the 1 by exp by an int can lead to sign-extension overlow when exp is 31 since 1 is an signed int and sign-extending this result to an unsigned long long will set the upper 32 bits. Fix this by shifting an unsigned long. Detected by cppcheck: (warning) Shifting signed 32-bit value by 31 bits is undefined behaviour Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit a3a80255d58d0f0d304ba877ae0313a264973a70 Merge: 6d060fa39035d 34fa47612bfe5 Author: Linus Torvalds Date: Fri Jan 18 06:27:24 2019 +1200 Merge tag 'afs-fixes-20190117' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull AFS fixes from David Howells: "Here's a set of fixes for AFS: - Use struct_size() for kzalloc() size calculation. - When calling YFS.CreateFile rather than AFS.CreateFile, it is possible to create a file with a file lock already held. The default value indicating no lock required is actually -1, not 0. - Fix an oops in inode/vnode validation if the target inode doesn't have a server interest assigned (ie. a server that will notify us of changes by third parties). - Fix refcounting of keys in file locking. - Fix a race in refcounting asynchronous operations in the event of an error during request transmission. The provision of a dedicated function to get an extra ref on a call is split into a separate commit" * tag 'afs-fixes-20190117' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: afs: Fix race in async call refcounting afs: Provide a function to get a ref on a call afs: Fix key refcounting in file locking code afs: Don't set vnode->cb_s_break in afs_validate() afs: Set correct lock type for the yfs CreateFile afs: Use struct_size() in kzalloc() commit 6d060fa39035d5ff6bb3e720a8119aeb50453e3b Merge: e4484a495586d 227a76b647188 Author: Linus Torvalds Date: Fri Jan 18 06:22:08 2019 +1200 Merge branch 'stable/for-linus-5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb Pull swiotlb fix from Konrad Rzeszutek Wilk: "A tiny fix for v5.0-rc2: This fixes an issue with GPU cards not working anymore with the DMA mapping work Christopher did - as the SWIOTLB is initialized first and then free'd (as IOMMU is available) but we forgot to clear our start and end entries which are used and BOOM" * 'stable/for-linus-5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb: swiotlb: clear io_tlb_start and io_tlb_end in swiotlb_exit commit e4484a495586dddf989380f89a7c16d43db6790b Merge: d471c4dfa19f4 e00d888048149 Author: Linus Torvalds Date: Fri Jan 18 06:20:09 2019 +1200 Merge tag 'kbuild-fixes-v5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes from Masahiro Yamada: - clean generated files in scripts/kconfig/ by 'make mrproper' - fix conflict between dead code elimination and ftrace for GCC <= 4.7 - fix external module build with CONFIG_STACKPROTECTOR - remove unused code * tag 'kbuild-fixes-v5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kbuild: mark prepare0 as PHONY to fix external module build openrisc: remove unneeded code in arch/openrisc/Makefile nds32: remove unneeded code in arch/nds32/Makefile ia64: remove redundant 'export AWK' kbuild: remove unused archmrproper kbuild: remove unused baseprereq kbuild: Disable LD_DEAD_CODE_DATA_ELIMINATION with ftrace & GCC <= 4.7 kconfig: clean generated *conf-cfg files commit d471c4dfa19f4d6de063256370a5be411a1f3149 Merge: 7fbfee7c80ded 3705add0b783e Author: Linus Torvalds Date: Fri Jan 18 06:15:28 2019 +1200 Merge tag 'devicetree-fixes-for-5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull Devicetree fixes from Rob Herring: - Remove now unused struct device_node.type pointer - Fix meson-axg reset header SPDX tag - Add missing of_node_put in of_graph_get_remote_port_parent - Fix several binding doc file references and typos * tag 'devicetree-fixes-for-5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: dt-bindings: reset: meson-axg: fix SPDX license id dt-bindings: soc: qcom: Fix trivial language typos doc: gpio-mvebu: fix broken reference to cp110-system-controller0.txt file OF: properties: add missing of_node_put doc: bindings: fix bad reference to ARM CPU bindings dt-bindings: marvell,mmp2: fix typos in bindings doc of: Remove struct device_node.type pointer commit 6a4c9ab13feeacd3072175d7d1f1fcfabbb9fc90 Author: Sai Prakash Ranjan Date: Thu Jan 17 09:09:29 2019 -0800 pstore/ram: Fix console ramoops to show the previous boot logs commit b05c950698fe ("pstore/ram: Simplify ramoops_get_next_prz() arguments") changed update assignment in getting next persistent ram zone by adding a check for record type. But the check always returns true since the record type is assigned 0. And this breaks console ramoops by showing current console log instead of previous log on warm reset and hard reset (actually hard reset should not be showing any logs). Fix this by having persistent ram zone type check instead of record type check. Tested this on SDM845 MTP and dragonboard 410c. Reproducing this issue is simple as below: 1. Trigger hard reset and mount pstore. Will see console-ramoops record in the mounted location which is the current log. 2. Trigger warm reset and mount pstore. Will see the current console-ramoops record instead of previous record. Fixes: b05c950698fe ("pstore/ram: Simplify ramoops_get_next_prz() arguments") Signed-off-by: Sai Prakash Ranjan Acked-by: Joel Fernandes (Google) [kees: dropped local variable usage] Signed-off-by: Kees Cook commit c61c27687a5abce11431e6de1adb6e36099b9859 Author: Mathieu Malaterre Date: Wed Jan 16 20:35:41 2019 +0100 bpf: Correctly annotate implicit fall through in bpf_base_func_proto There is a plan to build the kernel with -Wimplicit-fallthrough and this place in the code produced a warnings (W=1). To preserve as much of the existing comment only change a ‘:’ into a ‘,’. This is enough change, to match the regular expression expected by GCC. This commit removes the following warning: net/core/filter.c:5310:6: warning: this statement may fall through [-Wimplicit-fallthrough=] Signed-off-by: Mathieu Malaterre Signed-off-by: Daniel Borkmann commit c8dc79806e7f6cb6b0952aae1ce626c39905ad7e Author: Mathieu Malaterre Date: Wed Jan 16 20:35:29 2019 +0100 bpf: Annotate implicit fall through in cgroup_dev_func_proto There is a plan to build the kernel with -Wimplicit-fallthrough and this place in the code produced a warnings (W=1). This commit removes the following warning: kernel/bpf/cgroup.c:719:6: warning: this statement may fall through [-Wimplicit-fallthrough=] Signed-off-by: Mathieu Malaterre Signed-off-by: Daniel Borkmann commit 583c53185399cea5c51195064564d1c9ddc70cf3 Author: Mathieu Malaterre Date: Wed Jan 16 20:29:40 2019 +0100 bpf: Make function btf_name_offset_valid static Initially in commit 69b693f0aefa ("bpf: btf: Introduce BPF Type Format (BTF)") the function 'btf_name_offset_valid' was introduced as static function it was later on changed to a non-static one, and then finally in commit 23127b33ec80 ("bpf: Create a new btf_name_by_offset() for non type name use case") the function prototype was removed. Revert back to original implementation and make the function static. Remove warning triggered with W=1: kernel/bpf/btf.c:470:6: warning: no previous prototype for 'btf_name_offset_valid' [-Wmissing-prototypes] Fixes: 23127b33ec80 ("bpf: Create a new btf_name_by_offset() for non type name use case") Signed-off-by: Mathieu Malaterre Acked-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann commit f67ad87ab3120e82845521b18a2b99273a340308 Author: Stanislav Fomichev Date: Wed Jan 16 14:03:17 2019 -0800 selftests/bpf: retry tests that expect build-id While running test_progs in a loop I found out that I'm sometimes hitting "Didn't find expected build ID from the map" error. Looking at stack_map_get_build_id_offset() it seems that it is racy (by design) and can sometimes return BPF_STACK_BUILD_ID_IP (i.e. can't trylock current->mm->mmap_sem). Let's retry this test a single time. Fixes: 13790d1cc72c ("bpf: add selftest for stackmap with build_id in NMI context") Acked-by: Song Liu Signed-off-by: Stanislav Fomichev Signed-off-by: Daniel Borkmann commit 4af396ae4836c4ecab61e975b8e61270c551894d Author: Stanislav Fomichev Date: Wed Jan 16 14:03:16 2019 -0800 bpf: zero out build_id for BPF_STACK_BUILD_ID_IP When returning BPF_STACK_BUILD_ID_IP from stack_map_get_build_id_offset, make sure that build_id field is empty. Since we are using percpu free list, there is a possibility that we might reuse some previous bpf_stack_build_id with non-zero build_id. Fixes: 615755a77b24 ("bpf: extend stackmap to save binary_build_id+offset instead of address") Acked-by: Song Liu Signed-off-by: Stanislav Fomichev Signed-off-by: Daniel Borkmann commit 0b698005a9d11c0e91141ec11a2c4918a129f703 Author: Stanislav Fomichev Date: Wed Jan 16 14:03:15 2019 -0800 bpf: don't assume build-id length is always 20 bytes Build-id length is not fixed to 20, it can be (`man ld` /--build-id): * 128-bit (uuid) * 160-bit (sha1) * any length specified in ld --build-id=0xhexstring To fix the issue of missing BPF_STACK_BUILD_ID_VALID for shorter build-ids, assume that build-id is somewhere in the range of 1 .. 20. Set the remaining bytes to zero. v2: * don't introduce new "len = min(BPF_BUILD_ID_SIZE, nhdr->n_descsz)", we already know that nhdr->n_descsz <= BPF_BUILD_ID_SIZE if we enter this 'if' condition Fixes: 615755a77b24 ("bpf: extend stackmap to save binary_build_id+offset instead of address") Acked-by: Song Liu Signed-off-by: Stanislav Fomichev Signed-off-by: Daniel Borkmann commit 34fa47612bfe5d7de7fcaf658a6952b6aeec3b13 Author: David Howells Date: Thu Jan 10 15:40:50 2019 +0000 afs: Fix race in async call refcounting There's a race between afs_make_call() and afs_wake_up_async_call() in the case that an error is returned from rxrpc_kernel_send_data() after it has queued the final packet. afs_make_call() will try and clean up the mess, but the call state may have been moved on thereby causing afs_process_async_call() to also try and to delete the call. Fix this by: (1) Getting an extra ref for an asynchronous call for the call itself to hold. This makes sure the call doesn't evaporate on us accidentally and will allow the call to be retained by the caller in a future patch. The ref is released on leaving afs_make_call() or afs_wait_for_call_to_complete(). (2) In the event of an error from rxrpc_kernel_send_data(): (a) Don't set the call state to AFS_CALL_COMPLETE until *after* the call has been aborted and ended. This prevents afs_deliver_to_call() from doing anything with any notifications it gets. (b) Explicitly end the call immediately to prevent further callbacks. (c) Cancel any queued async_work and wait for the work if it's executing. This allows us to be sure the race won't recur when we change the state. We put the work queue's ref on the call if we managed to cancel it. (d) Put the call's ref that we got in (1). This belongs to us as long as the call is in state AFS_CALL_CL_REQUESTING. Fixes: 341f741f04be ("afs: Refcount the afs_call struct") Signed-off-by: David Howells commit 7a75b0079a1d54e342c502c3c8107ba97e05d3d3 Author: David Howells Date: Thu Jan 10 15:14:29 2019 +0000 afs: Provide a function to get a ref on a call Provide a function to get a reference on an afs_call struct. Signed-off-by: David Howells commit 59d49076ae3e6912e6d7df2fd68e2337f3d02036 Author: David Howells Date: Wed Jan 9 17:23:54 2019 +0000 afs: Fix key refcounting in file locking code Fix the refcounting of the authentication keys in the file locking code. The vnode->lock_key member points to a key on which it expects to be holding a ref, but it isn't always given an extra ref, however. Fixes: 0fafdc9f888b ("afs: Fix file locking") Signed-off-by: David Howells commit 4882a27cec24319d10f95e978ecc80050e3e3e15 Author: Marc Dionne Date: Wed Jan 9 17:23:54 2019 +0000 afs: Don't set vnode->cb_s_break in afs_validate() A cb_interest record is not necessarily attached to the vnode on entry to afs_validate(), which can cause an oops when we try to bring the vnode's cb_s_break up to date in the default case (ie. no current callback promise and the vnode has not been deleted). Fix this by simply removing the line, as vnode->cb_s_break will be set when needed by afs_register_server_cb_interest() when we next get a callback promise from RPC call. The oops looks something like: BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 ... RIP: 0010:afs_validate+0x66/0x250 [kafs] ... Call Trace: afs_d_revalidate+0x8d/0x340 [kafs] ? __d_lookup+0x61/0x150 lookup_dcache+0x44/0x70 ? lookup_dcache+0x44/0x70 __lookup_hash+0x24/0xa0 do_unlinkat+0x11d/0x2c0 __x64_sys_unlink+0x23/0x30 do_syscall_64+0x4d/0xf0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: ae3b7361dc0e ("afs: Fix validation/callback interaction") Signed-off-by: Marc Dionne Signed-off-by: David Howells commit d2fd6e81912a665993b24dcdc1c1384a42a54f7e Author: Logan Gunthorpe Date: Thu Jan 17 08:46:34 2019 -0600 PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter The disable_acs_redir parameter stores a pointer to the string passed to pci_setup(). However, the string passed to PCI setup is actually a temporary copy allocated in static __initdata memory. After init, once the memory is freed, it is no longer valid to reference this pointer. This bug was noticed in v5.0-rc1 after a change in commit c5eb1190074c ("PCI / PM: Allow runtime PM without callback functions") caused pci_disable_acs_redir() to be called during shutdown which manifested as an unable to handle kernel paging request at: RIP: 0010:pci_enable_acs+0x3f/0x1e0 Call Trace: pci_restore_state.part.44+0x159/0x3c0 pci_restore_standard_config+0x33/0x40 pci_pm_runtime_resume+0x2b/0xd0 ? pci_restore_standard_config+0x40/0x40 __rpm_callback+0xbc/0x1b0 rpm_callback+0x1f/0x70 ? pci_restore_standard_config+0x40/0x40 rpm_resume+0x4f9/0x710 ? pci_conf1_read+0xb6/0xf0 ? pci_conf1_write+0xb2/0xe0 __pm_runtime_resume+0x47/0x70 pci_device_shutdown+0x1e/0x60 device_shutdown+0x14a/0x1f0 kernel_restart+0xe/0x50 __do_sys_reboot+0x1ee/0x210 ? __fput+0x144/0x1d0 do_writev+0x5e/0xf0 ? do_writev+0x5e/0xf0 do_syscall_64+0x48/0xf0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 It was also likely possible to trigger this bug when hotplugging PCI devices. To fix this, instead of storing a pointer, we use kstrdup() to copy the disable_acs_redir_param to its own buffer which will never be freed. Fixes: aaca43fda742 ("PCI: Add "pci=disable_acs_redir=" parameter for peer-to-peer support") Tested-by: Jarkko Nikula Signed-off-by: Logan Gunthorpe Signed-off-by: Bjorn Helgaas Reviewed-by: Jarkko Nikula commit e00d8880481497474792d28c14479a9fb6752046 Author: Masahiro Yamada Date: Tue Jan 15 16:19:00 2019 +0900 kbuild: mark prepare0 as PHONY to fix external module build Commit c3ff2a5193fa ("powerpc/32: add stack protector support") caused kernel panic on PowerPC when an external module is used with CONFIG_STACKPROTECTOR because the 'prepare' target was not executed for the external module build. Commit e07db28eea38 ("kbuild: fix single target build for external module") turned it into a build error because the 'prepare' target is now executed but the 'prepare0' target is missing for the external module build. External module on arm/arm64 with CONFIG_STACKPROTECTOR_PER_TASK is also broken in the same way. Move 'PHONY += prepare0' to the common place. GNU Make is fine with missing rule for phony targets. I also removed the comment which is wrong irrespective of this commit. I minimize the change so it can be easily backported to 4.20.x To fix v4.20, please backport e07db28eea38 ("kbuild: fix single target build for external module"), and then this commit. Link: https://bugzilla.kernel.org/show_bug.cgi?id=201891 Fixes: e07db28eea38 ("kbuild: fix single target build for external module") Fixes: c3ff2a5193fa ("powerpc/32: add stack protector support") Fixes: 189af4657186 ("ARM: smp: add support for per-task stack canaries") Fixes: 0a1213fa7432 ("arm64: enable per-task stack canaries") Cc: linux-stable # v4.20 Reported-by: Samuel Holland Reported-by: Alexey Kardashevskiy Signed-off-by: Masahiro Yamada Acked-by: Ard Biesheuvel Tested-by: Alexey Kardashevskiy commit 1b504a7bb18fc32a324712a0fc56d667bdabe258 Author: Masahiro Yamada Date: Tue Jan 15 04:14:23 2019 +0900 openrisc: remove unneeded code in arch/openrisc/Makefile - LDFLAGS_vmlinux is cleared by the top Makefile - 'all: vmlinux' is specified by the top Makefile Signed-off-by: Masahiro Yamada commit 558ee616d177c8225e65c75b6b72952408e64a74 Author: Masahiro Yamada Date: Mon Jan 14 17:44:40 2019 +0900 nds32: remove unneeded code in arch/nds32/Makefile - scripts/Kbuild.include already defined 'comma' - The top Makefile has 'PHONY += FORCE' - include/asm-*/ was moved to arch/*/include/asm/ a decade ago Signed-off-by: Masahiro Yamada commit 15c05196ff84ab07d9b1d05289216de2d5bedcd7 Merge: 1c7fc5cbc3398 51b00d8509dc6 Author: Jani Nikula Date: Thu Jan 17 11:49:51 2019 +0200 Merge tag 'gvt-fixes-2018-01-17' of https://github.com/intel/gvt-linux into drm-intel-fixes gvt-fixes-2018-01-17 - Fix one register cmd parser failure (Colin) - Fix region cleanup for vGPU destroy (Henry) - Fix mmap size check (Zhenyu) Signed-off-by: Jani Nikula From: Zhenyu Wang Link: https://patchwork.freedesktop.org/patch/msgid/20190117074604.GI18272@zhen-hp.sh.intel.com commit 7fbfee7c80ded94278f109aae4063741c323294a Merge: 47bfa6d9dc8c0 a5795fd38ee81 Author: Linus Torvalds Date: Thu Jan 17 16:54:58 2019 +1200 Merge branch 'fixes-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem fixes from James Morris: "Fixes for the security subsystem. The first (by Casey actually - it's misattributed) fixes a regression introduced with the LSM stacking changes" * 'fixes-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: LSM: Check for NULL cred-security on free Yama: Check for pid death before checking ancestry seccomp: fix UAF in user-trap code commit 0f149c9fec3cd720628ecde83bfc6f64c1e7dcb6 Author: Willem de Bruijn Date: Tue Jan 15 11:40:02 2019 -0500 udp: with udp_segment release on error path Failure __ip_append_data triggers udp_flush_pending_frames, but these tests happen later. The skb must be freed directly. Fixes: bec1f6f697362 ("udp: generate gso with UDP_SEGMENT") Reported-by: Eric Dumazet Signed-off-by: Willem de Bruijn Signed-off-by: David S. Miller commit 1a9352687c19e4937d861ff2c5c6fc45c0a08aff Author: Taehee Yoo Date: Wed Jan 16 01:35:22 2019 +0900 net: bpfilter: change section name of bpfilter UMH blob. The section of bpfilter UMH blob is the ".bpfilter_umh". but this is not an explicit section. so linking warning occurred at compile time for the powerpc. So, this patch makes use of the ".rodata" instead of the ".bpfilter_umh". Config condition: CONFIG_BPFILTER=y CONFIG_BPFILTER_UMH=y Result: ld: warning: orphan section `.bpfilter_umh' from `net/bpfilter/bpfilter_umh_blob.o' being placed in section `.bpfilter_umh' Fixes: 61fbf5933d42 ("net: bpfilter: restart bpfilter_umh when error occurred") Reported-by: Stephen Rothwell Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit a5795fd38ee8194451ba3f281f075301a3696ce2 Author: James Morris Date: Wed Jan 16 15:41:11 2019 -0800 LSM: Check for NULL cred-security on free From: Casey Schaufler Check that the cred security blob has been set before trying to clean it up. There is a case during credential initialization that could result in this. Signed-off-by: Casey Schaufler Acked-by: John Johansen Signed-off-by: James Morris Reported-by: syzbot+69ca07954461f189e808@syzkaller.appspotmail.com commit 9e857a40dc4eba15a739b4194d7db873d82c28a0 Author: Andrew Lunn Date: Tue Jan 15 16:55:30 2019 +0100 net: phy: Add missing features to PHY drivers The bcm87xx and micrel driver has PHYs which are missing the .features value. Add them. The bcm87xx is a 10G FEC only PHY. Add the needed features definition of this PHY. Fixes: 719655a14971 ("net: phy: Replace phy driver features u32 with link_mode bitmap") Reported-by: Scott Wood Reported-by: Camelia Groza Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 35dad45d5cad3c9ca8d6a338cbf668cd7ea86469 Author: David Francis Date: Tue Nov 20 09:42:58 2018 -0500 drm/amd/display: Detach backlight from stream [Why] Backlight is conceptually a property of links, not streams. All backlight programming is done on links, but there is a stream property bl_pwm_level that is used to restore backlight on dpms on and s3 resume. This is unnecessary, as backlight is already restored by hardware with no driver intervention. [How] Remove bl_pwm_level, and the stream argument to set_backlight Bug: https://bugs.freedesktop.org/show_bug.cgi?id=109375 Signed-off-by: David Francis Reviewed-by: Harry Wentland Acked-by: Anthony Koo Acked-by: Leo Li Signed-off-by: Alex Deucher (cherry picked from commit 923fe4951282cbdfce05186c10380bbc45b5e03b) commit a5a82d841186d13c4a6d500dfcf7d02b4195e3ff Author: Jakub Kicinski Date: Mon Jan 14 10:52:45 2019 -0800 ipv6: route: place a warning with duplicated string with correct extack "IPv6: " prefix is already added by pr_fmt, no need to include it again in the pr_warn() format. The message predates extack support, we can replace the whole thing with an extack message. Suggested-by: David Ahern Signed-off-by: Jakub Kicinski Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 91fa038d9446b5bf5ea80822790af7dd9bcbb5a2 Author: Davide Caratti Date: Mon Jan 14 18:16:44 2019 +0100 selftests: tc-testing: fix parsing of ife type In iproute2 commit 90c5c969f0b9 ("fix print_0xhex on 32 bit"), the format specifier for the ife type changed from 0x%X to %#llX, causing systematic failures in the following TDC test cases: 7682 - Create valid ife encode action with mark and pass control ef47 - Create valid ife encode action with mark and pipe control df43 - Create valid ife encode action with mark and continue control e4cf - Create valid ife encode action with mark and drop control ccba - Create valid ife encode action with mark and reclassify control a1cf - Create valid ife encode action with mark and jump control cb3d - Create valid ife encode action with mark value at 32-bit maximum 95ed - Create valid ife encode action with prio and pass control aa17 - Create valid ife encode action with prio and pipe control 74c7 - Create valid ife encode action with prio and continue control 7a97 - Create valid ife encode action with prio and drop control f66b - Create valid ife encode action with prio and reclassify control 3056 - Create valid ife encode action with prio and jump control 7dd3 - Create valid ife encode action with prio value at 32-bit maximum 05bb - Create valid ife encode action with tcindex and pass control ce65 - Create valid ife encode action with tcindex and pipe control 09cd - Create valid ife encode action with tcindex and continue control 8eb5 - Create valid ife encode action with tcindex and continue control 451a - Create valid ife encode action with tcindex and drop control d76c - Create valid ife encode action with tcindex and reclassify control e731 - Create valid ife encode action with tcindex and jump control b7b8 - Create valid ife encode action with tcindex value at 16-bit maximum 2a9c - Create valid ife encode action with mac src parameter cf5c - Create valid ife encode action with mac dst parameter 2353 - Create valid ife encode action with mac src and mac dst parameters 552c - Create valid ife encode action with mark and type parameters 0421 - Create valid ife encode action with prio and type parameters 4017 - Create valid ife encode action with tcindex and type parameters fac3 - Create valid ife encode action with index at 32-bit maximnum 7c25 - Create valid ife decode action with pass control dccb - Create valid ife decode action with pipe control 7bb9 - Create valid ife decode action with continue control d9ad - Create valid ife decode action with drop control 219f - Create valid ife decode action with reclassify control 8f44 - Create valid ife decode action with jump control b330 - Create ife encode action with cookie Change 'matchPattern' values, allowing '0' and '0x0' if ife type is equal to 0, and accepting both '0x' and '0X' otherwise, to let these tests pass both with old and new tc binaries. While at it, fix a small typo in test case fac3 ('maximnum'->'maximum'). Signed-off-by: Davide Caratti Acked-by: Stephen Hemminger Signed-off-by: David S. Miller commit 01b833ab44c9e484060aad72267fc7e71beb559b Author: Konstantin Khlebnikov Date: Mon Jan 14 13:38:43 2019 +0300 net/core/neighbour: fix kmemleak minimal reference count for hash tables This should be 1 for normal allocations, 0 disables leak reporting. Signed-off-by: Konstantin Khlebnikov Reported-by: Cong Wang Fixes: 85704cb8dcfd ("net/core/neighbour: tell kmemleak about hash tables") Signed-off-by: David S. Miller commit 400b8b9a2a17918f8ce00786f596f530e7f30d50 Author: Xin Long Date: Mon Jan 14 18:34:02 2019 +0800 sctp: allocate sctp_sockaddr_entry with kzalloc The similar issue as fixed in Commit 4a2eb0c37b47 ("sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event") also exists in sctp_inetaddr_event, as Alexander noticed. To fix it, allocate sctp_sockaddr_entry with kzalloc for both sctp ipv4 and ipv6 addresses, as does in sctp_v4/6_copy_addrlist(). Reported-by: Alexander Potapenko Signed-off-by: Xin Long Reported-by: syzbot+ae0c70c0c2d40c51bb92@syzkaller.appspotmail.com Acked-by: Marcelo Ricardo Leitner Acked-by: Neil Horman Signed-off-by: David S. Miller commit 20704bd1633dd5afb29a321d3a615c9c8e9c9d05 Author: Xin Long Date: Mon Jan 14 18:10:06 2019 +0800 erspan: build the header with the right proto according to erspan_ver As said in draft-foschiano-erspan-03#section4: Different frame variants known as "ERSPAN Types" can be distinguished based on the GRE "Protocol Type" field value: Type I and II's value is 0x88BE while Type III's is 0x22EB [ETYPES]. So set it properly in erspan_xmit() according to erspan_ver. While at it, also remove the unused parameter 'proto' in erspan_fb_xmit(). Fixes: 94d7d8f29287 ("ip6_gre: add erspan v2 support") Reported-by: Jianlin Shi Signed-off-by: Xin Long Signed-off-by: David S. Miller commit 04a4af334b971814eedf4e4a413343ad3287d9a9 Author: Ross Lagerwall Date: Mon Jan 14 09:16:56 2019 +0000 openvswitch: Avoid OOB read when parsing flow nlattrs For nested and variable attributes, the expected length of an attribute is not known and marked by a negative number. This results in an OOB read when the expected length is later used to check if the attribute is all zeros. Fix this by using the actual length of the attribute rather than the expected length. Signed-off-by: Ross Lagerwall Acked-by: Pravin B Shelar Signed-off-by: David S. Miller commit 9098f21f4cc0f13bc0caa747590e53479c267405 Author: Dmitry Bezrukov Date: Mon Jan 14 08:14:41 2019 +0000 net: usb: aqc111: Extend HWID table by TRENDnet device New device of TRENDnet based on aqc111u Add this ID to blacklist of cdc_ether driver as well Signed-off-by: Dmitry Bezrukov Signed-off-by: Igor Russkikh Signed-off-by: David S. Miller commit cd0c4e70fc0ccfa705cdf55efb27519ce9337a26 Author: Cong Wang Date: Fri Jan 11 18:55:42 2019 -0800 net_sched: refetch skb protocol for each filter Martin reported a set of filters don't work after changing from reclassify to continue. Looking into the code, it looks like skb protocol is not always fetched for each iteration of the filters. But, as demonstrated by Martin, TC actions could modify skb->protocol, for example act_vlan, this means we have to refetch skb protocol in each iteration, rather than using the one we fetch in the beginning of the loop. This bug is _not_ introduced by commit 3b3ae880266d ("net: sched: consolidate tc_classify{,_compat}"), technically, if act_vlan is the only action that modifies skb protocol, then it is commit c7e2b9689ef8 ("sched: introduce vlan action") which introduced this bug. Reported-by: Martin Olsson Cc: Jamal Hadi Salim Cc: Jiri Pirko Signed-off-by: Cong Wang Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller commit 9474f4e7cd71a633fa1ef93b7daefd44bbdfd482 Author: Kees Cook Date: Wed Jan 16 10:31:09 2019 -0800 Yama: Check for pid death before checking ancestry It's possible that a pid has died before we take the rcu lock, in which case we can't walk the ancestry list as it may be detached. Instead, check for death first before doing the walk. Reported-by: syzbot+a9ac39bf55329e206219@syzkaller.appspotmail.com Fixes: 2d514487faf1 ("security: Yama LSM") Cc: stable@vger.kernel.org Suggested-by: Oleg Nesterov Signed-off-by: Kees Cook Signed-off-by: James Morris commit 3705add0b783e0deeb6646ba0311bf214fe52b0a Author: Jerome Brunet Date: Wed Jan 16 11:36:32 2019 +0100 dt-bindings: reset: meson-axg: fix SPDX license id As reported, the SPDX license id is not placed correctly and the variant of the BSD License used should be specified. Fixes: c16292578ffa ("dt-bindings: reset: Add bindings for the Meson-AXG SoC Reset Controller") Reported-by: Thomas Gleixner Signed-off-by: Jerome Brunet Reviewed-by: Thomas Gleixner Signed-off-by: Rob Herring commit 9eac0ae1683575375de8c63166b3596b11d3b56a Author: Krzysztof Kozlowski Date: Tue Jan 8 13:11:40 2019 +0100 dt-bindings: soc: qcom: Fix trivial language typos Fix few trivial language typos in bindings. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Rob Herring commit 889f4ce60ed19cfd16216e96f90e64a0c1181c0d Author: Otto Sabart Date: Wed Jan 9 20:07:41 2019 +0100 doc: gpio-mvebu: fix broken reference to cp110-system-controller0.txt file The cp110-system-controller0.txt file was renamed to cp110-system-controller.txt. Fixes: 4aa5496980e4 ("dt-bindings: cp110: rename cp110 syscon file") Signed-off-by: Otto Sabart Signed-off-by: Rob Herring commit 28b170e88bc0c7509e6724717c15cb4b5686026e Author: Julia Lawall Date: Sun Jan 13 10:44:50 2019 +0100 OF: properties: add missing of_node_put Add an of_node_put when the result of of_graph_get_remote_port_parent is not available. The semantic match that finds this problem is as follows (http://coccinelle.lip6.fr): // @r exists@ local idexpression e; expression x; @@ e = of_graph_get_remote_port_parent(...); ... when != x = e when != true e == NULL when != of_node_put(e) when != of_fwnode_handle(e) ( return e; | *return ...; ) // Signed-off-by: Julia Lawall Cc: stable@vger.kernel.org Signed-off-by: Rob Herring commit 867cefb4cb1012f42cada1c7d1f35ac8dd276071 Author: Juergen Gross Date: Mon Jan 14 13:44:13 2019 +0100 xen: Fix x86 sched_clock() interface for xen Commit f94c8d11699759 ("sched/clock, x86/tsc: Rework the x86 'unstable' sched_clock() interface") broke Xen guest time handling across migration: [ 187.249951] Freezing user space processes ... (elapsed 0.001 seconds) done. [ 187.251137] OOM killer disabled. [ 187.251137] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 187.252299] suspending xenstore... [ 187.266987] xen:grant_table: Grant tables using version 1 layout [18446743811.706476] OOM killer enabled. [18446743811.706478] Restarting tasks ... done. [18446743811.720505] Setting capacity to 16777216 Fix that by setting xen_sched_clock_offset at resume time to ensure a monotonic clock value. [boris: replaced pr_info() with pr_info_once() in xen_callback_vector() to avoid printing with incorrect timestamp during resume (as we haven't re-adjusted the clock yet)] Fixes: f94c8d11699759 ("sched/clock, x86/tsc: Rework the x86 'unstable' sched_clock() interface") Cc: # 4.11 Reported-by: Hans van Kranenburg Signed-off-by: Juergen Gross Tested-by: Hans van Kranenburg Signed-off-by: Boris Ostrovsky commit c45b1fa2433c65e44bdf48f513cb37289f3116b9 Author: Ming Lei Date: Thu Jan 3 09:34:39 2019 +0800 nvme-pci: fix nvme_setup_irqs() When -ENOSPC is returned from pci_alloc_irq_vectors_affinity(), we still try to allocate multiple irq vectors again, so irq queues covers the admin queue actually. But we don't consider that, then number of the allocated irq vector may be same with sum of io_queues[HCTX_TYPE_DEFAULT] and io_queues[HCTX_TYPE_READ], this way is obviously wrong, and finally breaks nvme_pci_map_queues(), and warning from pci_irq_get_affinity() is triggered. IRQ queues should cover admin queues, this patch makes this point explicitely in nvme_calc_io_queues(). We got severl boot failure internal report on aarch64, so please consider to fix it in v4.20. Fixes: 6451fe73fa0f ("nvme: fix irq vs io_queue calculations") Signed-off-by: Ming Lei Reviewed-by: Keith Busch Tested-by: fin4478 Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe commit fb8658581a150a859b654b154cefe3118ff4f1e0 Author: Sagi Grimberg Date: Wed Jan 9 14:56:32 2019 -0800 nvmet-tcp: fix uninitialized variable access If we end up in nvmet_tcp_try_recv_one with a bogus state queue receive state we will access result which is uninitialized. Initialize restult to 0 which will be considered as if no data was received by the tcp socket. Fixes: 872d26a391da ("nvmet-tcp: add NVMe over TCP target driver") Reported-by: Dan Carpenter Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe commit 890d14d2d4b57ff5a149309da3ed36c8a529987f Author: Peter Rosin Date: Wed Jan 16 17:42:35 2019 +0100 fbdev: fbmem: convert CONFIG_FB_LOGO_CENTER into a cmd line option A command line option is much more flexible than a config option and the supporting code is small. Gets rid of #ifdefs in the code too... Suggested-by: Geert Uytterhoeven Cc: Jonathan Corbet Signed-off-by: Peter Rosin Signed-off-by: Bartlomiej Zolnierkiewicz commit 240809ef6630a4ce57c273c2d79ffb657cd361eb Author: Hans Verkuil Date: Fri Jan 11 07:07:25 2019 -0500 media: vim2m: only cancel work if it is for right context cancel_delayed_work_sync() was called for any queue, but it should only be called for the queue that is associated with the currently running job. Otherwise, if two filehandles are streaming at the same time, then closing the first will cancel the work which might still be running for a job from the second filehandle. As a result the second filehandle will never be able to finish the job and an attempt to stop streaming on that second filehandle will stall. Fixes: 52117be68b82 ("media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work") Signed-off-by: Hans Verkuil Cc: # for v4.20 and up Signed-off-by: Mauro Carvalho Chehab commit 7fe9f01c04c2673bd6662c35b664f0f91888b96f Author: Sakari Ailus Date: Thu Jan 10 09:24:26 2019 -0500 media: v4l: ioctl: Validate num_planes for debug messages The num_planes field in struct v4l2_pix_format_mplane is used in a loop before validating it. As the use is printing a debug message in this case, just cap the value to the maximum allowed. Signed-off-by: Sakari Ailus Cc: stable@vger.kernel.org Reviewed-by: Thierry Reding Signed-off-by: Hans Verkuil Cc: # for v4.12 and up Signed-off-by: Mauro Carvalho Chehab commit 9048b2e15b11c591c649cc6edc7a64fa62c15419 Author: Sakari Ailus Date: Thu Jan 10 07:43:19 2019 -0500 media: v4l: ioctl: Validate num_planes before using it The for loop to reset the memory of the plane reserved fields runs over num_planes provided by the user without validating it. Ensure num_planes is no more than VIDEO_MAX_PLANES before the loop. Fixes: 4e1e0eb0e074 ("media: v4l2-ioctl: Zero v4l2_plane_pix_format reserved fields") Signed-off-by: Sakari Ailus Reviewed-by: Thierry Reding Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab commit dd91642ac71208fe972a9c577ed52b6b3ba7b732 Author: Thierry Reding Date: Thu Jan 10 05:48:39 2019 -0500 media: v4l2-ioctl: Clear only per-plane reserved fields Currently the IOCTL code clears everything after the per-plane bytesperline field in struct v4l2_format. The intent was to only clear the per-plane reserved fields since there is data in struct v4l2_format after the per-plane format data that userspace may have filled in. Fixes: 4e1e0eb0e074 ("media: v4l2-ioctl: Zero v4l2_plane_pix_format reserved fields") Signed-off-by: Thierry Reding Signed-off-by: Hans Verkuil [hverkuil-cisco@xs4all.nl: fix checkpatch alignment warning] Signed-off-by: Mauro Carvalho Chehab commit 227a76b64718888c1687cc237463aa000ae6fb2b Author: Christoph Hellwig Date: Mon Jan 14 21:14:08 2019 +0100 swiotlb: clear io_tlb_start and io_tlb_end in swiotlb_exit Otherwise is_swiotlb_buffer will return false positives when we first initialize a swiotlb buffer, but then free it because we have an IOMMU available. Fixes: 55897af63091 ("dma-direct: merge swiotlb_dma_ops into the dma_direct code") Reported-by: Sibren Vasse Signed-off-by: Christoph Hellwig Tested-by: Sibren Vasse Signed-off-by: Konrad Rzeszutek Wilk commit be3bb599d84b50d27d6077085388afabdd2ee18a Author: Masahiro Yamada Date: Mon Jan 14 17:19:57 2019 +0900 ia64: remove redundant 'export AWK' This is exported by the top Makefile. Signed-off-by: Masahiro Yamada commit b421b8a6cb87f099466fff00d1870c2db778c617 Author: Masahiro Yamada Date: Mon Jan 14 17:29:29 2019 +0900 kbuild: remove unused archmrproper No one uses archmrproper. Signed-off-by: Masahiro Yamada commit 7809167da5c86fd6bf309b33dee7a797e263342f Author: Ming Lei Date: Wed Jan 16 19:08:15 2019 +0800 block: don't lose track of REQ_INTEGRITY flag We need to pass bio->bi_opf after bio intergrity preparing, otherwise the flag of REQ_INTEGRITY may not be set on the allocated request, then breaks block integrity. Fixes: f9afca4d367b ("blk-mq: pass in request/bio flags to queue mapping") Cc: Hannes Reinecke Cc: Keith Busch Signed-off-by: Ming Lei Signed-off-by: Jens Axboe commit 7fa1e2e6afa7f4c9f46528e61de6a15d9e8dffd9 Author: Andrey Konovalov Date: Fri Jan 11 14:47:40 2019 +0100 kasan, arm64: remove redundant ARCH_SLAB_MINALIGN define Defining ARCH_SLAB_MINALIGN in arch/arm64/include/asm/cache.h when KASAN is off is not needed, as it is defined in defined in include/linux/slab.h as ifndef. Signed-off-by: Andrey Konovalov Signed-off-by: Will Deacon commit 1598ecda7b239e9232dda032bfddeed9d89fab6c Author: Ard Biesheuvel Date: Tue Jan 15 20:47:07 2019 +0100 arm64: kaslr: ensure randomized quantities are clean to the PoC kaslr_early_init() is called with the kernel mapped at its link time offset, and if it returns with a non-zero offset, the kernel is unmapped and remapped again at the randomized offset. During its execution, kaslr_early_init() also randomizes the base of the module region and of the linear mapping of DRAM, and sets two variables accordingly. However, since these variables are assigned with the caches on, they may get lost during the cache maintenance that occurs when unmapping and remapping the kernel, so ensure that these values are cleaned to the PoC. Acked-by: Catalin Marinas Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR") Cc: # v4.6+ Signed-off-by: Ard Biesheuvel Signed-off-by: Will Deacon commit 2f97967503df8e45bc256a348b6f050abd2a38ed Author: James Morse Date: Tue Jan 15 18:49:17 2019 +0000 arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on Since commit b89d82ef01b3 ("arm64: kpti: Avoid rewriting early page tables when KASLR is enabled"), a kernel built with CONFIG_RANDOMIZE_BASE can decide early whether to use non-global mappings by checking the kaslr_offset(). A kernel built without CONFIG_RANDOMIZE_BASE, instead checks the cpufeature static-key. This leaves a gap where CONFIG_RANDOMIZE_BASE was enabled, no kaslr seed was provided, but kpti was forced on using the cmdline option. When the decision is made late, kpti_install_ng_mappings() will re-write the page tables, but arm64_kernel_use_ng_mappings()'s value does not change as it only tests the cpufeature static-key if CONFIG_RANDOMIZE_BASE is disabled. This function influences PROT_DEFAULT via PTE_MAYBE_NG, and causes pgattr_change_is_safe() to catch nG->G transitions when the unchanged PROT_DEFAULT is used as part of PAGE_KERNEL_RO: [ 1.942255] alternatives: patching kernel code [ 1.998288] ------------[ cut here ]------------ [ 2.000693] kernel BUG at arch/arm64/mm/mmu.c:165! [ 2.019215] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [ 2.020257] Modules linked in: [ 2.020807] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.0.0-rc2 #51 [ 2.021917] Hardware name: linux,dummy-virt (DT) [ 2.022790] pstate: 40000005 (nZcv daif -PAN -UAO) [ 2.023742] pc : __create_pgd_mapping+0x508/0x6d0 [ 2.024671] lr : __create_pgd_mapping+0x500/0x6d0 [ 2.058059] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____)) [ 2.059369] Call trace: [ 2.059845] __create_pgd_mapping+0x508/0x6d0 [ 2.060684] update_mapping_prot+0x48/0xd0 [ 2.061477] mark_linear_text_alias_ro+0xdc/0xe4 [ 2.070502] smp_cpus_done+0x90/0x98 [ 2.071216] smp_init+0x100/0x114 [ 2.071878] kernel_init_freeable+0xd4/0x220 [ 2.072750] kernel_init+0x10/0x100 [ 2.073455] ret_from_fork+0x10/0x18 [ 2.075414] ---[ end trace 3572f3a7782292de ]--- [ 2.076389] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b If arm64_kernel_unmapped_at_el0() is true, arm64_kernel_use_ng_mappings() should also be true. Signed-off-by: James Morse CC: Ard Biesheuvel CC: John Garry CC: Will Deacon Signed-off-by: Will Deacon commit f2f98c1d7fa81e25a5cf910edc9db4d3c6f36c1b Author: Timotej Lazar Date: Sun Jan 13 01:22:55 2019 +0100 net: phy: meson-gxl: Use the genphy_soft_reset callback Since the referenced commit, Ethernet fails to come up at boot on the board meson-gxl-s905x-libretech-cc. Fix this by re-enabling the genphy_soft_reset callback for the Amlogic Meson GXL PHY driver. Fixes: 6e2d85ec0559 ("net: phy: Stop with excessive soft reset") Signed-off-by: Timotej Lazar Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit a6c7c7aac2de6be777b9805fe21848b9a323b8ff Author: yupeng Date: Fri Jan 11 15:07:24 2019 -0800 net: add document for several snmp counters add document for below counters: TcpEstabResets TcpAttemptFails TcpOutRsts TcpExtTCPSACKDiscard TcpExtTCPDSACKIgnoredOld TcpExtTCPDSACKIgnoredNoUndo TcpExtTCPSackShifted TcpExtTCPSackMerged TcpExtTCPSackShiftFallback TcpExtTCPWantZeroWindowAdv TcpExtTCPToZeroWindowAdv TcpExtTCPFromZeroWindowAdv TcpExtDelayedACKs TcpExtDelayedACKLocked TcpExtDelayedACKLost TcpExtTCPLossProbes TcpExtTCPLossProbeRecovery Signed-off-by: yupeng Signed-off-by: David S. Miller commit 26fc181e6cacacd4837da7ffe0c871134a421600 Author: Eric Dumazet Date: Fri Jan 11 06:27:35 2019 -0800 fou, fou6: do not assume linear skbs Both gue_err() and gue6_err() incorrectly assume linear skbs. Fix them to use pskb_may_pull(). BUG: KMSAN: uninit-value in gue6_err+0x475/0xc40 net/ipv6/fou6.c:101 CPU: 0 PID: 18083 Comm: syz-executor1 Not tainted 5.0.0-rc1+ #7 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x173/0x1d0 lib/dump_stack.c:113 kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:600 __msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:313 gue6_err+0x475/0xc40 net/ipv6/fou6.c:101 __udp6_lib_err_encap_no_sk net/ipv6/udp.c:434 [inline] __udp6_lib_err_encap net/ipv6/udp.c:491 [inline] __udp6_lib_err+0x18d0/0x2590 net/ipv6/udp.c:522 udplitev6_err+0x118/0x130 net/ipv6/udplite.c:27 icmpv6_notify+0x462/0x9f0 net/ipv6/icmp.c:784 icmpv6_rcv+0x18ac/0x3fa0 net/ipv6/icmp.c:872 ip6_protocol_deliver_rcu+0xb5a/0x23a0 net/ipv6/ip6_input.c:394 ip6_input_finish net/ipv6/ip6_input.c:434 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] ip6_input+0x2b6/0x350 net/ipv6/ip6_input.c:443 dst_input include/net/dst.h:450 [inline] ip6_rcv_finish+0x4e7/0x6d0 net/ipv6/ip6_input.c:76 NF_HOOK include/linux/netfilter.h:289 [inline] ipv6_rcv+0x34b/0x3f0 net/ipv6/ip6_input.c:272 __netif_receive_skb_one_core net/core/dev.c:4973 [inline] __netif_receive_skb net/core/dev.c:5083 [inline] process_backlog+0x756/0x10e0 net/core/dev.c:5923 napi_poll net/core/dev.c:6346 [inline] net_rx_action+0x78b/0x1a60 net/core/dev.c:6412 __do_softirq+0x53f/0x93a kernel/softirq.c:293 do_softirq_own_stack+0x49/0x80 arch/x86/entry/entry_64.S:1039 do_softirq kernel/softirq.c:338 [inline] __local_bh_enable_ip+0x16f/0x1a0 kernel/softirq.c:190 local_bh_enable+0x36/0x40 include/linux/bottom_half.h:32 rcu_read_unlock_bh include/linux/rcupdate.h:696 [inline] ip6_finish_output2+0x1d64/0x25f0 net/ipv6/ip6_output.c:121 ip6_finish_output+0xae4/0xbc0 net/ipv6/ip6_output.c:154 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip6_output+0x5ca/0x710 net/ipv6/ip6_output.c:171 dst_output include/net/dst.h:444 [inline] ip6_local_out+0x164/0x1d0 net/ipv6/output_core.c:176 ip6_send_skb+0xfa/0x390 net/ipv6/ip6_output.c:1727 udp_v6_send_skb+0x1733/0x1d20 net/ipv6/udp.c:1169 udpv6_sendmsg+0x424e/0x45d0 net/ipv6/udp.c:1466 inet_sendmsg+0x54a/0x720 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xdb9/0x11b0 net/socket.c:2116 __sys_sendmmsg+0x580/0xad0 net/socket.c:2211 __do_sys_sendmmsg net/socket.c:2240 [inline] __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2237 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2237 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x457ec9 Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f4a5204fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457ec9 RDX: 00000000040001ab RSI: 0000000020000240 RDI: 0000000000000003 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4a520506d4 R13: 00000000004c4ce5 R14: 00000000004d85d8 R15: 00000000ffffffff Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:205 [inline] kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:159 kmsan_kmalloc+0xa6/0x130 mm/kmsan/kmsan_hooks.c:176 kmsan_slab_alloc+0xe/0x10 mm/kmsan/kmsan_hooks.c:185 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2754 [inline] __kmalloc_node_track_caller+0xe9e/0xff0 mm/slub.c:4377 __kmalloc_reserve net/core/skbuff.c:140 [inline] __alloc_skb+0x309/0xa20 net/core/skbuff.c:208 alloc_skb include/linux/skbuff.h:1012 [inline] alloc_skb_with_frags+0x1c7/0xac0 net/core/skbuff.c:5288 sock_alloc_send_pskb+0xafd/0x10a0 net/core/sock.c:2091 sock_alloc_send_skb+0xca/0xe0 net/core/sock.c:2108 __ip6_append_data+0x42ed/0x5dc0 net/ipv6/ip6_output.c:1443 ip6_append_data+0x3c2/0x650 net/ipv6/ip6_output.c:1619 icmp6_send+0x2f5c/0x3c40 net/ipv6/icmp.c:574 icmpv6_send+0xe5/0x110 net/ipv6/ip6_icmp.c:43 ip6_link_failure+0x5c/0x2c0 net/ipv6/route.c:2231 dst_link_failure include/net/dst.h:427 [inline] vti_xmit net/ipv4/ip_vti.c:229 [inline] vti_tunnel_xmit+0xf3b/0x1ea0 net/ipv4/ip_vti.c:265 __netdev_start_xmit include/linux/netdevice.h:4382 [inline] netdev_start_xmit include/linux/netdevice.h:4391 [inline] xmit_one net/core/dev.c:3278 [inline] dev_hard_start_xmit+0x604/0xc40 net/core/dev.c:3294 __dev_queue_xmit+0x2e48/0x3b80 net/core/dev.c:3864 dev_queue_xmit+0x4b/0x60 net/core/dev.c:3897 neigh_direct_output+0x42/0x50 net/core/neighbour.c:1511 neigh_output include/net/neighbour.h:508 [inline] ip6_finish_output2+0x1d4e/0x25f0 net/ipv6/ip6_output.c:120 ip6_finish_output+0xae4/0xbc0 net/ipv6/ip6_output.c:154 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip6_output+0x5ca/0x710 net/ipv6/ip6_output.c:171 dst_output include/net/dst.h:444 [inline] ip6_local_out+0x164/0x1d0 net/ipv6/output_core.c:176 ip6_send_skb+0xfa/0x390 net/ipv6/ip6_output.c:1727 udp_v6_send_skb+0x1733/0x1d20 net/ipv6/udp.c:1169 udpv6_sendmsg+0x424e/0x45d0 net/ipv6/udp.c:1466 inet_sendmsg+0x54a/0x720 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xdb9/0x11b0 net/socket.c:2116 __sys_sendmmsg+0x580/0xad0 net/socket.c:2211 __do_sys_sendmmsg net/socket.c:2240 [inline] __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2237 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2237 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 Fixes: b8a51b38e4d4 ("fou, fou6: ICMP error handlers for FoU and GUE") Signed-off-by: Eric Dumazet Reported-by: syzbot Cc: Stefano Brivio Cc: Sabrina Dubroca Signed-off-by: David S. Miller commit 5216bd77798e2ed773ecd45f3f368dcaec63e5dd Author: Davide Caratti Date: Fri Jan 11 15:08:23 2019 +0100 selftests: tc-testing: fix tunnel_key failure if dst_port is unspecified After commit 1c25324caf82 ("net/sched: act_tunnel_key: Don't dump dst port if it wasn't set"), act_tunnel_key doesn't dump anymore the destination port, unless it was explicitly configured. This caused systematic failures in the following TDC test case: 7a88 - Add tunnel_key action with cookie parameter Avoid matching zero values of TCA_TUNNEL_KEY_ENC_DST_PORT to let the test pass again. Signed-off-by: Davide Caratti Signed-off-by: David S. Miller commit e413615502a3324daba038f529932ba9a5248af0 Author: Davide Caratti Date: Fri Jan 11 11:49:58 2019 +0100 selftests: tc-testing: drop test on missing tunnel key id After merge of commit 80ef0f22ceda ("net/sched: act_tunnel_key: Allow key-less tunnels"), act_tunnel_key does not reject anymore requests to install 'set' rules where the key id is missing. Therefore, drop the following TDC testcase: ba4e - Add tunnel_key set action with missing mandatory id parameter because it's going to become a systematic fail as soon as userspace iproute2 will start supporting key-less tunnels. Signed-off-by: Davide Caratti Signed-off-by: David S. Miller commit e0a7328fad9979104f73e19bedca821ef3262ae1 Author: Andrew Lunn Date: Fri Jan 11 00:15:21 2019 +0100 net: phy: marvell: Fix deadlock from wrong locking m88e1318_set_wol() takes the lock as part of phy_select_page(). Don't take the lock again with phy_read(), use the unlocked __phy_read(). Fixes: 424ca4c55121 ("net: phy: marvell: fix paged access races") Reported-by: Åke Rehnman Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 8cbcdc1a51999ca81db2956608b917aacd28d837 Author: Andrew Lunn Date: Thu Jan 10 22:48:36 2019 +0100 net: phy: marvell: Errata for mv88e6390 internal PHYs The VOD can be out of spec, unless some magic value is poked into an undocumented register in an undocumented page. Fixes: e4cf8a38fc0d ("net: phy: Marvell: Add mv88e6390 internal PHY") Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit f275ee0fa3a06eb87edc229749cf1eb18f0663fa Author: Greg Kroah-Hartman Date: Thu Jan 10 21:24:13 2019 +0100 IN_BADCLASS: fix macro to actually work Commit 65cab850f0ee ("net: Allow class-e address assignment via ifconfig ioctl") modified the IN_BADCLASS macro a bit, but unfortunatly one too many '(' characters were added to the line, making any code that used it, not build properly. Also, the macro now compares an unsigned with a signed value, which isn't ok, so fix that up by making both types match properly. Reported-by: Christopher Ferris Fixes: 65cab850f0ee ("net: Allow class-e address assignment via ifconfig ioctl") Cc: Dave Taht Signed-off-by: Greg Kroah-Hartman Signed-off-by: David S. Miller commit 13d7f46386e060df31b727c9975e38306fa51e7a Author: Willem de Bruijn Date: Thu Jan 10 14:40:33 2019 -0500 tcp: allow MSG_ZEROCOPY transmission also in CLOSE_WAIT state TCP transmission with MSG_ZEROCOPY fails if the peer closes its end of the connection and so transitions this socket to CLOSE_WAIT state. Transmission in close wait state is acceptable. Other similar tests in the stack (e.g., in FastOpen) accept both states. Relax this test, too. Link: https://www.mail-archive.com/netdev@vger.kernel.org/msg276886.html Link: https://www.mail-archive.com/netdev@vger.kernel.org/msg227390.html Fixes: f214f915e7db ("tcp: enable MSG_ZEROCOPY") Reported-by: Marek Majkowski Signed-off-by: Willem de Bruijn CC: Yuchung Cheng CC: Neal Cardwell CC: Soheil Hassas Yeganeh CC: Alexey Kodanev Acked-by: Soheil Hassas Yeganeh Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit 1d16073a326891c2a964e4cb95bc18fbcafb5f74 Author: Heiner Kallweit Date: Thu Jan 10 20:22:26 2019 +0100 net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ9031 So far genphy_soft_reset was used automatically if the PHY driver didn't implement the soft_reset callback. This changed with the mentioned commit and broke KSZ9031. To fix this configure the KSZ9031 PHY driver to use genphy_soft_reset. Fixes: 6e2d85ec0559 ("net: phy: Stop with excessive soft reset") Reported-by: Tony Lindgren Signed-off-by: Heiner Kallweit Tested-by: Tony Lindgren Tested-by: Sekhar Nori Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 9174c3df1cd181c14913138d50ccbe539bb08335 Author: Davide Caratti Date: Thu Jan 10 20:21:02 2019 +0100 net/sched: act_tunnel_key: fix memory leak in case of action replace running the following TDC test cases: 7afc - Replace tunnel_key set action with all parameters 364d - Replace tunnel_key set action with all parameters and cookie it's possible to trigger kmemleak warnings like: unreferenced object 0xffff94797127ab40 (size 192): comm "tc", pid 3248, jiffies 4300565293 (age 1006.862s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 c0 93 f9 8a ff ff ff ff ................ 41 84 ee 89 ff ff ff ff 00 00 00 00 00 00 00 00 A............... backtrace: [<000000001e85b61c>] tunnel_key_init+0x31d/0x820 [act_tunnel_key] [<000000007f3f6ee7>] tcf_action_init_1+0x384/0x4c0 [<00000000e89e3ded>] tcf_action_init+0x12b/0x1a0 [<00000000c1c8c0f8>] tcf_action_add+0x73/0x170 [<0000000095a9fc28>] tc_ctl_action+0x122/0x160 [<000000004bebeac5>] rtnetlink_rcv_msg+0x263/0x2d0 [<000000009fd862dd>] netlink_rcv_skb+0x4a/0x110 [<00000000b55199e7>] netlink_unicast+0x1a0/0x250 [<000000004996cd21>] netlink_sendmsg+0x2c1/0x3c0 [<000000004d6a94b4>] sock_sendmsg+0x36/0x40 [<000000005d9f0208>] ___sys_sendmsg+0x280/0x2f0 [<00000000dec19023>] __sys_sendmsg+0x5e/0xa0 [<000000004b82ac81>] do_syscall_64+0x5b/0x180 [<00000000a0f1209a>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [<000000002926b2ab>] 0xffffffffffffffff when the tunnel_key action is replaced, the kernel forgets to release the dst metadata: ensure they are released by tunnel_key_init(), the same way it's done in tunnel_key_release(). Fixes: d0f6dd8a914f4 ("net/sched: Introduce act_tunnel_key") Signed-off-by: Davide Caratti Acked-by: Cong Wang Signed-off-by: David S. Miller commit e122d845a01ece2ddd28b2f125ef2db66b8b627a Author: David Howells Date: Thu Jan 10 16:59:13 2019 +0000 Revert "rxrpc: Allow failed client calls to be retried" The changes introduced to allow rxrpc calls to be retried creates an issue when it comes to refcounting afs_call structs. The problem is that when rxrpc_send_data() queues the last packet for an asynchronous call, the following sequence can occur: (1) The notify_end_tx callback is invoked which causes the state in the afs_call to be changed from AFS_CALL_CL_REQUESTING or AFS_CALL_SV_REPLYING. (2) afs_deliver_to_call() can then process event notifications from rxrpc on the async_work queue. (3) Delivery of events, such as an abort from the server, can cause the afs_call state to be changed to AFS_CALL_COMPLETE on async_work. (4) For an asynchronous call, afs_process_async_call() notes that the call is complete and tried to clean up all the refs on async_work. (5) rxrpc_send_data() might return the amount of data transferred (success) or an error - which could in turn reflect a local error or a received error. Synchronising the clean up after rxrpc_kernel_send_data() returns an error with the asynchronous cleanup is then tricky to get right. Mostly revert commit c038a58ccfd6704d4d7d60ed3d6a0fca13cf13a4. The two API functions the original commit added aren't currently used. This makes rxrpc_kernel_send_data() always return successfully if it queued the data it was given. Note that this doesn't affect synchronous calls since their Rx notification function merely pokes a wait queue and does not refcounting. The asynchronous call notification function *has* to do refcounting and pass a ref over the work item to avoid the need to sync the workqueue in call cleanup. Signed-off-by: David Howells Signed-off-by: David S. Miller commit 47bfa6d9dc8c060bf56554a465c9031e286d2f80 Merge: 7939f8beecf1c 5b0e7310a2a33 Author: Linus Torvalds Date: Wed Jan 16 17:06:39 2019 +1200 Merge tag 'selinux-pr-20190115' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull SELinux fix from Paul Moore: "One small patch to fix a potential NULL dereference on a failed SELinux policy load" * tag 'selinux-pr-20190115' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: fix GPF on invalid policy commit 70a44f9f6e4297e013de29088608ab2c6fb642f7 Merge: d62f38c295e56 2753ca5d9009c Author: David S. Miller Date: Tue Jan 15 20:29:21 2019 -0800 Merge branch 'tipc-uninit-values' Ying Xue says: ==================== tipc: fix uninit-value issues reported by syzbot Recently, syzbot complained that TIPC module exits several issues associated with uninit-value type. So, in this series, we try to fix them as many as possible. ==================== Signed-off-by: David S. Miller commit 2753ca5d9009c180dbfd4c802c80983b4b6108d1 Author: Ying Xue Date: Mon Jan 14 17:22:29 2019 +0800 tipc: fix uninit-value in tipc_nl_compat_doit BUG: KMSAN: uninit-value in tipc_nl_compat_doit+0x404/0xa10 net/tipc/netlink_compat.c:335 CPU: 0 PID: 4514 Comm: syz-executor485 Not tainted 4.16.0+ #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683 tipc_nl_compat_doit+0x404/0xa10 net/tipc/netlink_compat.c:335 tipc_nl_compat_recv+0x164b/0x2700 net/tipc/netlink_compat.c:1153 genl_family_rcv_msg net/netlink/genetlink.c:599 [inline] genl_rcv_msg+0x1686/0x1810 net/netlink/genetlink.c:624 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2447 genl_rcv+0x63/0x80 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline] netlink_unicast+0x166b/0x1740 net/netlink/af_netlink.c:1337 netlink_sendmsg+0x1048/0x1310 net/netlink/af_netlink.c:1900 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg net/socket.c:640 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2046 __sys_sendmsg net/socket.c:2080 [inline] SYSC_sendmsg+0x2a3/0x3d0 net/socket.c:2091 SyS_sendmsg+0x54/0x80 net/socket.c:2087 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x43fda9 RSP: 002b:00007ffd0c184ba8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fda9 RDX: 0000000000000000 RSI: 0000000020023000 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 00000000004002c8 R11: 0000000000000213 R12: 00000000004016d0 R13: 0000000000401760 R14: 0000000000000000 R15: 0000000000000000 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:188 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:314 kmsan_slab_alloc+0x11/0x20 mm/kmsan/kmsan.c:321 slab_post_alloc_hook mm/slab.h:445 [inline] slab_alloc_node mm/slub.c:2737 [inline] __kmalloc_node_track_caller+0xaed/0x11c0 mm/slub.c:4369 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x2cf/0x9f0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:984 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1183 [inline] netlink_sendmsg+0x9a6/0x1310 net/netlink/af_netlink.c:1875 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg net/socket.c:640 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2046 __sys_sendmsg net/socket.c:2080 [inline] SYSC_sendmsg+0x2a3/0x3d0 net/socket.c:2091 SyS_sendmsg+0x54/0x80 net/socket.c:2087 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 In tipc_nl_compat_recv(), when the len variable returned by nlmsg_attrlen() is 0, the message is still treated as a valid one, which is obviously unresonable. When len is zero, it means the message not only doesn't contain any valid TLV payload, but also TLV header is not included. Under this stituation, tlv_type field in TLV header is still accessed in tipc_nl_compat_dumpit() or tipc_nl_compat_doit(), but the field space is obviously illegal. Of course, it is not initialized. Reported-by: syzbot+bca0dc46634781f08b38@syzkaller.appspotmail.com Reported-by: syzbot+6bdb590321a7ae40c1a6@syzkaller.appspotmail.com Signed-off-by: Ying Xue Signed-off-by: David S. Miller commit 974cb0e3e7c963ced06c4e32c5b2884173fa5e01 Author: Ying Xue Date: Mon Jan 14 17:22:28 2019 +0800 tipc: fix uninit-value in tipc_nl_compat_name_table_dump syzbot reported: BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline] BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline] BUG: KMSAN: uninit-value in tipc_nl_compat_name_table_dump+0x4a8/0xba0 net/tipc/netlink_compat.c:826 CPU: 0 PID: 6290 Comm: syz-executor848 Not tainted 4.19.0-rc8+ #70 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x306/0x460 lib/dump_stack.c:113 kmsan_report+0x1a2/0x2e0 mm/kmsan/kmsan.c:917 __msan_warning+0x7c/0xe0 mm/kmsan/kmsan_instr.c:500 __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline] __fswab32 include/uapi/linux/swab.h:59 [inline] tipc_nl_compat_name_table_dump+0x4a8/0xba0 net/tipc/netlink_compat.c:826 __tipc_nl_compat_dumpit+0x59e/0xdb0 net/tipc/netlink_compat.c:205 tipc_nl_compat_dumpit+0x63a/0x820 net/tipc/netlink_compat.c:270 tipc_nl_compat_handle net/tipc/netlink_compat.c:1151 [inline] tipc_nl_compat_recv+0x1402/0x2760 net/tipc/netlink_compat.c:1210 genl_family_rcv_msg net/netlink/genetlink.c:601 [inline] genl_rcv_msg+0x185c/0x1a20 net/netlink/genetlink.c:626 netlink_rcv_skb+0x394/0x640 net/netlink/af_netlink.c:2454 genl_rcv+0x63/0x80 net/netlink/genetlink.c:637 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x166d/0x1720 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x1391/0x1420 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xe47/0x1200 net/socket.c:2116 __sys_sendmsg net/socket.c:2154 [inline] __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg+0x307/0x460 net/socket.c:2161 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2161 do_syscall_64+0xbe/0x100 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x440179 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffecec49318 EFLAGS: 00000213 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440179 RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401a00 R13: 0000000000401a90 R14: 0000000000000000 R15: 0000000000000000 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:255 [inline] kmsan_internal_poison_shadow+0xc8/0x1d0 mm/kmsan/kmsan.c:180 kmsan_kmalloc+0xa4/0x120 mm/kmsan/kmsan_hooks.c:104 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan_hooks.c:113 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2727 [inline] __kmalloc_node_track_caller+0xb43/0x1400 mm/slub.c:4360 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x422/0xe90 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:996 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1189 [inline] netlink_sendmsg+0xcaf/0x1420 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xe47/0x1200 net/socket.c:2116 __sys_sendmsg net/socket.c:2154 [inline] __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg+0x307/0x460 net/socket.c:2161 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2161 do_syscall_64+0xbe/0x100 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 We cannot take for granted the thing that the length of data contained in TLV is longer than the size of struct tipc_name_table_query in tipc_nl_compat_name_table_dump(). Reported-by: syzbot+06e771a754829716a327@syzkaller.appspotmail.com Signed-off-by: Ying Xue Signed-off-by: David S. Miller commit edf5ff04a45750ac8ce2435974f001dc9cfbf055 Author: Ying Xue Date: Mon Jan 14 17:22:27 2019 +0800 tipc: fix uninit-value in tipc_nl_compat_link_set syzbot reports following splat: BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:486 CPU: 1 PID: 9306 Comm: syz-executor172 Not tainted 4.20.0-rc7+ #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x173/0x1d0 lib/dump_stack.c:113 kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613 __msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:313 strlen+0x3b/0xa0 lib/string.c:486 nla_put_string include/net/netlink.h:1154 [inline] __tipc_nl_compat_link_set net/tipc/netlink_compat.c:708 [inline] tipc_nl_compat_link_set+0x929/0x1220 net/tipc/netlink_compat.c:744 __tipc_nl_compat_doit net/tipc/netlink_compat.c:311 [inline] tipc_nl_compat_doit+0x3aa/0xaf0 net/tipc/netlink_compat.c:344 tipc_nl_compat_handle net/tipc/netlink_compat.c:1107 [inline] tipc_nl_compat_recv+0x14d7/0x2760 net/tipc/netlink_compat.c:1210 genl_family_rcv_msg net/netlink/genetlink.c:601 [inline] genl_rcv_msg+0x185f/0x1a60 net/netlink/genetlink.c:626 netlink_rcv_skb+0x444/0x640 net/netlink/af_netlink.c:2477 genl_rcv+0x63/0x80 net/netlink/genetlink.c:637 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0xf40/0x1020 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x127f/0x1300 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xdb9/0x11b0 net/socket.c:2116 __sys_sendmsg net/socket.c:2154 [inline] __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg+0x305/0x460 net/socket.c:2161 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2161 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 The uninitialised access happened in nla_put_string(skb, TIPC_NLA_LINK_NAME, lc->name) This is because lc->name string is not validated before it's used. Reported-by: syzbot+d78b8a29241a195aefb8@syzkaller.appspotmail.com Signed-off-by: Ying Xue Signed-off-by: David S. Miller commit 0762216c0ad2a2fccd63890648eca491f2c83d9a Author: Ying Xue Date: Mon Jan 14 17:22:26 2019 +0800 tipc: fix uninit-value in tipc_nl_compat_bearer_enable syzbot reported: BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:484 CPU: 1 PID: 6371 Comm: syz-executor652 Not tainted 4.19.0-rc8+ #70 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x306/0x460 lib/dump_stack.c:113 kmsan_report+0x1a2/0x2e0 mm/kmsan/kmsan.c:917 __msan_warning+0x7c/0xe0 mm/kmsan/kmsan_instr.c:500 strlen+0x3b/0xa0 lib/string.c:484 nla_put_string include/net/netlink.h:1011 [inline] tipc_nl_compat_bearer_enable+0x238/0x7b0 net/tipc/netlink_compat.c:389 __tipc_nl_compat_doit net/tipc/netlink_compat.c:311 [inline] tipc_nl_compat_doit+0x39f/0xae0 net/tipc/netlink_compat.c:344 tipc_nl_compat_recv+0x147c/0x2760 net/tipc/netlink_compat.c:1107 genl_family_rcv_msg net/netlink/genetlink.c:601 [inline] genl_rcv_msg+0x185c/0x1a20 net/netlink/genetlink.c:626 netlink_rcv_skb+0x394/0x640 net/netlink/af_netlink.c:2454 genl_rcv+0x63/0x80 net/netlink/genetlink.c:637 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x166d/0x1720 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x1391/0x1420 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xe47/0x1200 net/socket.c:2116 __sys_sendmsg net/socket.c:2154 [inline] __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg+0x307/0x460 net/socket.c:2161 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2161 do_syscall_64+0xbe/0x100 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x440179 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fffef7beee8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440179 RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401a00 R13: 0000000000401a90 R14: 0000000000000000 R15: 0000000000000000 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:255 [inline] kmsan_internal_poison_shadow+0xc8/0x1d0 mm/kmsan/kmsan.c:180 kmsan_kmalloc+0xa4/0x120 mm/kmsan/kmsan_hooks.c:104 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan_hooks.c:113 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2727 [inline] __kmalloc_node_track_caller+0xb43/0x1400 mm/slub.c:4360 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x422/0xe90 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:996 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1189 [inline] netlink_sendmsg+0xcaf/0x1420 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xe47/0x1200 net/socket.c:2116 __sys_sendmsg net/socket.c:2154 [inline] __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg+0x307/0x460 net/socket.c:2161 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2161 do_syscall_64+0xbe/0x100 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 The root cause is that we don't validate whether bear name is a valid string in tipc_nl_compat_bearer_enable(). Meanwhile, we also fix the same issue in the following functions: tipc_nl_compat_bearer_disable() tipc_nl_compat_link_stat_dump() tipc_nl_compat_media_set() tipc_nl_compat_bearer_set() Reported-by: syzbot+b33d5cae0efd35dbfe77@syzkaller.appspotmail.com Signed-off-by: Ying Xue Signed-off-by: David S. Miller commit 8b66fee7f8ee18f9c51260e7a43ab37db5177a05 Author: Ying Xue Date: Mon Jan 14 17:22:25 2019 +0800 tipc: fix uninit-value in tipc_nl_compat_link_reset_stats syzbot reports following splat: BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:486 CPU: 1 PID: 11057 Comm: syz-executor0 Not tainted 4.20.0-rc7+ #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x173/0x1d0 lib/dump_stack.c:113 kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613 __msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:295 strlen+0x3b/0xa0 lib/string.c:486 nla_put_string include/net/netlink.h:1154 [inline] tipc_nl_compat_link_reset_stats+0x1f0/0x360 net/tipc/netlink_compat.c:760 __tipc_nl_compat_doit net/tipc/netlink_compat.c:311 [inline] tipc_nl_compat_doit+0x3aa/0xaf0 net/tipc/netlink_compat.c:344 tipc_nl_compat_handle net/tipc/netlink_compat.c:1107 [inline] tipc_nl_compat_recv+0x14d7/0x2760 net/tipc/netlink_compat.c:1210 genl_family_rcv_msg net/netlink/genetlink.c:601 [inline] genl_rcv_msg+0x185f/0x1a60 net/netlink/genetlink.c:626 netlink_rcv_skb+0x444/0x640 net/netlink/af_netlink.c:2477 genl_rcv+0x63/0x80 net/netlink/genetlink.c:637 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0xf40/0x1020 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x127f/0x1300 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xdb9/0x11b0 net/socket.c:2116 __sys_sendmsg net/socket.c:2154 [inline] __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg+0x305/0x460 net/socket.c:2161 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2161 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x457ec9 Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f2557338c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f25573396d4 R13: 00000000004cb478 R14: 00000000004d86c8 R15: 00000000ffffffff Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:204 [inline] kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:158 kmsan_kmalloc+0xa6/0x130 mm/kmsan/kmsan_hooks.c:176 kmsan_slab_alloc+0xe/0x10 mm/kmsan/kmsan_hooks.c:185 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2759 [inline] __kmalloc_node_track_caller+0xe18/0x1030 mm/slub.c:4383 __kmalloc_reserve net/core/skbuff.c:137 [inline] __alloc_skb+0x309/0xa20 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:998 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline] netlink_sendmsg+0xb82/0x1300 net/netlink/af_netlink.c:1892 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xdb9/0x11b0 net/socket.c:2116 __sys_sendmsg net/socket.c:2154 [inline] __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg+0x305/0x460 net/socket.c:2161 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2161 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 The uninitialised access happened in tipc_nl_compat_link_reset_stats: nla_put_string(skb, TIPC_NLA_LINK_NAME, name) This is because name string is not validated before it's used. Reported-by: syzbot+e01d94b5a4c266be6e4c@syzkaller.appspotmail.com Signed-off-by: Ying Xue Signed-off-by: David S. Miller commit a88289f4ddee4165d5f796bd99e09eec3133c16b Author: Ying Xue Date: Mon Jan 14 17:22:24 2019 +0800 tipc: fix uninit-value in in tipc_conn_rcv_sub syzbot reported: BUG: KMSAN: uninit-value in tipc_conn_rcv_sub+0x184/0x950 net/tipc/topsrv.c:373 CPU: 0 PID: 66 Comm: kworker/u4:4 Not tainted 4.17.0-rc3+ #88 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: tipc_rcv tipc_conn_recv_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:113 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683 tipc_conn_rcv_sub+0x184/0x950 net/tipc/topsrv.c:373 tipc_conn_rcv_from_sock net/tipc/topsrv.c:409 [inline] tipc_conn_recv_work+0x3cd/0x560 net/tipc/topsrv.c:424 process_one_work+0x12c6/0x1f60 kernel/workqueue.c:2145 worker_thread+0x113c/0x24f0 kernel/workqueue.c:2279 kthread+0x539/0x720 kernel/kthread.c:239 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:412 Local variable description: ----s.i@tipc_conn_recv_work Variable was created at: tipc_conn_recv_work+0x65/0x560 net/tipc/topsrv.c:419 process_one_work+0x12c6/0x1f60 kernel/workqueue.c:2145 In tipc_conn_rcv_from_sock(), it always supposes the length of message received from sock_recvmsg() is not smaller than the size of struct tipc_subscr. However, this assumption is false. Especially when the length of received message is shorter than struct tipc_subscr size, we will end up touching uninitialized fields in tipc_conn_rcv_sub(). Reported-by: syzbot+8951a3065ee7fd6d6e23@syzkaller.appspotmail.com Reported-by: syzbot+75e6e042c5bbf691fc82@syzkaller.appspotmail.com Signed-off-by: Ying Xue Signed-off-by: David S. Miller commit d62f38c295e56147e8298af1e0e0ec9e7cc14937 Merge: 80b3671e93779 8c6c37fdc20ec Author: David S. Miller Date: Tue Jan 15 20:12:01 2019 -0800 Merge branch 'sch_cake-leaf-qdisc-fixes' Toke Høiland-Jørgensen says: ==================== sched: Fix qdisc interactions exposed by using sch_cake as a leaf qdisc This series fixes a couple of issues exposed by running sch_cake as a leaf qdisc in an HFSC tree, which were discovered and reported by Pete Heist. The interaction between CAKE's GSO splitting and the parent qdisc's notion of its own queue length could cause queue stalls. While investigating the report, I also noticed that several qdiscs would dereference the skb pointer after dequeue, which is potentially problematic since the GSO splitting code also frees the original skb. See the individual patches in the series for details. ==================== Signed-off-by: David S. Miller commit 8c6c37fdc20ec9ffaa342f827a8e20afe736fb0c Author: Toke Høiland-Jørgensen Date: Wed Jan 9 17:09:44 2019 +0100 sch_cake: Correctly update parent qlen when splitting GSO packets To ensure parent qdiscs have the same notion of the number of enqueued packets even after splitting a GSO packet, update the qdisc tree with the number of packets that was added due to the split. Reported-by: Pete Heist Tested-by: Pete Heist Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller commit 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea Author: Toke Høiland-Jørgensen Date: Wed Jan 9 17:09:43 2019 +0100 sched: Fix detection of empty queues in child qdiscs Several qdiscs check on enqueue whether the packet was enqueued to a class with an empty queue, in which case the class is activated. This is done by checking if the qlen is exactly 1 after enqueue. However, if GSO splitting is enabled in the child qdisc, a single packet can result in a qlen longer than 1. This means the activation check fails, leading to a stalled queue. Fix this by checking if the queue is empty *before* enqueue, and running the activation logic if this was the case. Reported-by: Pete Heist Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller commit f6bab199315b70fd83fe3ee0947bc84c7a35f3d4 Author: Toke Høiland-Jørgensen Date: Wed Jan 9 17:09:42 2019 +0100 sched: Avoid dereferencing skb pointer after child enqueue Parent qdiscs may dereference the pointer to the enqueued skb after enqueue. However, both CAKE and TBF call consume_skb() on the original skb when splitting GSO packets, leading to a potential use-after-free in the parent. Fix this by avoiding dereferencing the skb pointer after enqueueing to the child. Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller commit 6e8ccb4f624a73c56fc6ef0c45bcf91ca80703c3 Author: Stanislav Fomichev Date: Tue Jan 15 14:03:27 2019 -0800 tools/bpf: properly account for libbfd variations On some platforms, in order to link against libbfd, we need to link against liberty and even possibly libz. Account for that in the bpftool Makefile. We now have proper feature detection for each case, so handle each one separately. See recent commit 14541b1e7e72 ("perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz") where I fixed feature detection. v2 (addressed Jakub's nits): * better syntax for 'else ifeq' * no space between ifeq args v3: * use LIBS, not EXTLIBS for -DHAVE_LIBBFD_SUPPORT Fixes: 29a9c10e4110 ("bpftool: make libbfd optional") Signed-off-by: Stanislav Fomichev Acked-by: Jakub Kicinski Signed-off-by: Daniel Borkmann commit 77f88abd4a6f73a1a68dbdc0e3f21575fd508fc3 Author: Ming Lei Date: Tue Jan 15 17:31:29 2019 -0600 PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() The API of pci_alloc_irq_vectors_affinity() says it returns -ENOSPC if fewer than @min_vecs interrupt vectors are available for @dev. However, if a device supports MSI-X but not MSI and a caller requests @min_vecs that can't be satisfied by MSI-X, we previously returned -EINVAL (from the failed attempt to enable MSI), not -ENOSPC. When -ENOSPC is returned, callers may reduce the number IRQs they request and try again. Most callers can use the @min_vecs and @max_vecs parameters to avoid this retry loop, but that doesn't work when using IRQ affinity "nr_sets" because rebalancing the sets is driver-specific. This return value bug has been present since pci_alloc_irq_vectors() was added in v4.10 by aff171641d18 ("PCI: Provide sensible IRQ vector alloc/free routines"), but it wasn't an issue because @min_vecs/@max_vecs removed the need for callers to iteratively reduce the number of IRQs requested and retry the allocation, so they didn't need to distinguish -ENOSPC from -EINVAL. In v5.0, 6da4b3ab9a6e ("genirq/affinity: Add support for allocating interrupt sets") added IRQ sets to the interface, which reintroduced the need to check for -ENOSPC and possibly reduce the number of IRQs requested and retry the allocation. Signed-off-by: Ming Lei [bhelgaas: changelog] Signed-off-by: Bjorn Helgaas Cc: Jens Axboe Cc: Keith Busch Cc: Christoph Hellwig commit b1c0330823fe842dbb34641f1410f0afa51c29d3 Author: Rafael J. Wysocki Date: Wed Jan 9 00:34:37 2019 +0100 ACPI: EC: Look for ECDT EC after calling acpi_load_tables() Some systems have had functional issues since commit 5a8361f7ecce (ACPICA: Integrate package handling with module-level code) that, among other things, changed the initial values of the acpi_gbl_group_module_level_code and acpi_gbl_parse_table_as_term_list global flags in ACPICA which implicitly caused acpi_ec_ecdt_probe() to be called before acpi_load_tables() on the vast majority of platforms. Namely, before commit 5a8361f7ecce, acpi_load_tables() was called from acpi_early_init() if acpi_gbl_parse_table_as_term_list was FALSE and acpi_gbl_group_module_level_code was TRUE, which almost always was the case as FALSE and TRUE were their initial values, respectively. The acpi_gbl_parse_table_as_term_list value would be changed to TRUE for a couple of platforms in acpi_quirks_dmi_table[], but it remained FALSE in the vast majority of cases. After commit 5a8361f7ecce, the initial values of the two flags have been reversed, so in effect acpi_load_tables() has not been called from acpi_early_init() any more. That, in turn, affects acpi_ec_ecdt_probe() which is invoked before acpi_load_tables() now and it is not possible to evaluate the _REG method for the EC address space handler installed by it. That effectively causes the EC address space to be inaccessible to AML on platforms with an ECDT matching the EC device definition in the DSDT and functional problems ensue in there. Because the default behavior before commit 5a8361f7ecce was to call acpi_ec_ecdt_probe() after acpi_load_tables(), it should be safe to do that again. Moreover, the EC address space handler installed by acpi_ec_ecdt_probe() is only needed for AML to be able to access the EC address space and the only AML that can run during acpi_load_tables() is module-level code which only is allowed to access address spaces with default handlers (memory, I/O and PCI config space). For this reason, move the acpi_ec_ecdt_probe() invocation back to acpi_bus_init(), from where it was taken away by commit d737f333b211 (ACPI: probe ECDT before loading AML tables regardless of module-level code flag), and put it after the invocation of acpi_load_tables() to restore the original code ordering from before commit 5a8361f7ecce. Fixes: 5a8361f7ecce ("ACPICA: Integrate package handling with module-level code") Link: https://bugzilla.kernel.org/show_bug.cgi?id=199981 Reported-by: step-ali Reported-by: Charles Stanhope Tested-by: Charles Stanhope Reported-by: Paulo Nascimento Reported-by: David Purton Reported-by: Adam Harvey Reported-by: Zhang Rui Tested-by: Zhang Rui Tested-by: Jean-Marc Lenoir Signed-off-by: Rafael J. Wysocki commit 6f9b5e70dfcde983192155549f584472aa9f54cd Author: Sinan Kaya Date: Sat Jan 5 10:06:06 2019 +0000 drivers: thermal: int340x_thermal: Make PCI dependency explicit After commit 5d32a66541c4 (PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set) dependencies on CONFIG_PCI that previously were satisfied implicitly through dependencies on CONFIG_ACPI have to be specified directly. IOSF_CORE depends on PCI. For this reason, add a direct dependency on CONFIG_PCI. Fixes: 5d32a66541c46 ("PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set") Signed-off-by: Sinan Kaya Signed-off-by: Rafael J. Wysocki commit e9820d6b0a6c85f753e8d6626320367ef12ebe15 Author: Sinan Kaya Date: Sat Jan 5 10:06:05 2019 +0000 x86/intel/lpss: Make PCI dependency explicit After commit 5d32a66541c4 (PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set) dependencies on CONFIG_PCI that previously were satisfied implicitly through dependencies on CONFIG_ACPI have to be specified directly. LPSS code relies on PCI infrastructure but this dependency has not been called out explicitly yet. Fixes: 5d32a66541c46 ("PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set") Signed-off-by: Sinan Kaya Signed-off-by: Rafael J. Wysocki commit 7934d76c88816f12ac991540eeece403204f8a1c Author: Sinan Kaya Date: Sat Jan 5 10:06:01 2019 +0000 platform/x86: apple-gmux: Make PCI dependency explicit After commit 5d32a66541c4 (PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set) dependencies on CONFIG_PCI that previously were satisfied implicitly through dependencies on CONFIG_ACPI have to be specified directly. This driver depends on the PCI infrastructure but the dependency has not been called out explicitly yet. Fixes: 5d32a66541c46 ("PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set") Signed-off-by: Sinan Kaya Reviewed-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki commit 737ee5824d91292682be7e0c0771ad67992c199f Author: Sinan Kaya Date: Sat Jan 5 10:06:00 2019 +0000 platform/x86: intel_pmc: Make PCI dependency explicit After commit 5d32a66541c4 (PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set) dependencies on CONFIG_PCI that previously were satisfied implicitly through dependencies on CONFIG_ACPI have to be specified directly. Some code in intel_pmc relies on PCI for execution. Specify this in the Kconfig. [ Andy S: For sake of a quick fix this introduces a new mandatory dependency to the driver which may survive without it. Otherwise we need to revisit the driver architecture to address this properly. ] Fixes: 5d32a66541c46 ("PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set") Signed-off-by: Sinan Kaya Signed-off-by: Rafael J. Wysocki commit 63680e0d625be8f4bd570d30aaf3562551e179e3 Author: Sinan Kaya Date: Sat Jan 5 10:05:59 2019 +0000 platform/x86: intel_ips: make PCI dependency explicit After commit 5d32a66541c4 (PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set) dependencies on CONFIG_PCI that previously were satisfied implicitly through dependencies on CONFIG_ACPI have to be specified directly. intel_ips is a PCI device driver but this has not been mentioned anywhere in Kconfig. Fixes: 5d32a66541c46 ("PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set") Signed-off-by: Sinan Kaya Acked-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki commit 94e8e8e97661dc3c2a4c253755f6bfe9e2e697f3 Author: Sinan Kaya Date: Sat Jan 5 10:05:58 2019 +0000 vga-switcheroo: make PCI dependency explicit This driver depends on the PCI infrastructure, but the dependency has not been explicitly called out. Fixes: 5d32a66541c46 ("PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set") Signed-off-by: Sinan Kaya Reviewed-by: Lukas Wunner Acked-by: Daniel Vetter Signed-off-by: Rafael J. Wysocki commit 995592bc531992d4a93c37d86e7f9635ee823258 Author: Sinan Kaya Date: Sat Jan 5 10:05:57 2019 +0000 ata: pata_acpi: Make PCI dependency explicit After commit 5d32a66541c4 (PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set) dependencies on CONFIG_PCI that previously were satisfied implicitly through dependencies on CONFIG_ACPI have to be specified directly. PATA_ACPI is a PCI device driver but the PCI dependency has not been explicitly called out. Fixes: 5d32a66541c46 ("PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set") Acked-by: Bartlomiej Zolnierkiewicz Signed-off-by: Sinan Kaya Reviewed-by: Jens Axboe Signed-off-by: Rafael J. Wysocki commit 1622745551db05071ed7263abf768007f7cbd3ae Author: Sinan Kaya Date: Sat Jan 5 10:05:56 2019 +0000 ACPI / LPSS: Make PCI dependency explicit After commit 5d32a66541c4 (PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set), it is possible to build ACPI without any PCI support. This code depends on PCI. Compile only when PCI is present. Fixes: 5d32a66541c46 ("PCI/ACPI: Allow ACPI to be built without CONFIG_PCI set") Signed-off-by: Sinan Kaya Signed-off-by: Rafael J. Wysocki commit faa8bd6e12e6aeea289d8e6ba74777b72a69434c Author: Dave Jiang Date: Tue Jan 15 11:26:21 2019 -0700 libnvdimm/security: Fix nvdimm_security_state() state request selection The input parameter should be enum nvdimm_passphrase_type instead of bool for selection of master/user for selection of extended master passphrase state or the regular user passphrase state. Fixes: 89fa9d8ea7bdf ("...add Intel DSM 1.8 master passphrase support") Signed-off-by: Dave Jiang Signed-off-by: Dan Williams commit 80b3671e9377916bf2b02e56113fa7377ce5705a Author: Hangbin Liu Date: Thu Jan 10 11:17:42 2019 +0800 ip6_gre: update version related info when changing link We forgot to update ip6erspan version related info when changing link, which will cause setting new hwid failed. Reported-by: Jianlin Shi Fixes: 94d7d8f292870 ("ip6_gre: add erspan v2 support") Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller commit d9f903f6af3dc6d13b21c0eca8f4a169aa70d80d Author: Heiner Kallweit Date: Wed Jan 9 20:34:56 2019 +0100 net: phy: fix too strict check in phy_start_aneg When adding checks to detect wrong usage of the phylib API we added a check to phy_start_aneg() which is too strict. If the phylib state machine is in state PHY_HALTED we should allow reconfiguring and restarting aneg, and just don't touch the state. Fixes: 2b3e88ea6528 ("net: phy: improve phy state checking") Reported-by: Chris Wilson Signed-off-by: Heiner Kallweit Tested-by: Chris Wilson Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 5642e27bf6a935c1d0d9149e83d625dfba286463 Author: Jeff Kirsher Date: Wed Jan 9 09:10:53 2019 -0800 Revert "igb: reduce CPU0 latency when updating statistics" This reverts commit 59361316afcb08569af21e1af83e89c7051c055a. Due to problems found in additional testing, this causes an illegal context switch in the RCU read-side critical section. CC: Dave Jones CC: Cong Wang CC: Jan Jablonsky Signed-off-by: Jeff Kirsher Signed-off-by: David S. Miller commit 5be99560c6a0c24b7a0cc3bb4f26051c92cdff2a Author: Dan Carpenter Date: Wed Jan 9 13:50:07 2019 +0300 selftests/txtimestamp: Fix an equals vs assign bug This should be == instead of =. Fixes: b52354aa068e ("selftests: expand txtimestamp with ipv6 dgram + raw and pf_packet") Signed-off-by: Dan Carpenter Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit f97f4dd8b3bb9d0993d2491e0f22024c68109184 Author: Ido Schimmel Date: Wed Jan 9 09:57:39 2019 +0000 net: ipv4: Fix memory leak in network namespace dismantle IPv4 routing tables are flushed in two cases: 1. In response to events in the netdev and inetaddr notification chains 2. When a network namespace is being dismantled In both cases only routes associated with a dead nexthop group are flushed. However, a nexthop group will only be marked as dead in case it is populated with actual nexthops using a nexthop device. This is not the case when the route in question is an error route (e.g., 'blackhole', 'unreachable'). Therefore, when a network namespace is being dismantled such routes are not flushed and leaked [1]. To reproduce: # ip netns add blue # ip -n blue route add unreachable 192.0.2.0/24 # ip netns del blue Fix this by not skipping error routes that are not marked with RTNH_F_DEAD when flushing the routing tables. To prevent the flushing of such routes in case #1, add a parameter to fib_table_flush() that indicates if the table is flushed as part of namespace dismantle or not. Note that this problem does not exist in IPv6 since error routes are associated with the loopback device. [1] unreferenced object 0xffff888066650338 (size 56): comm "ip", pid 1206, jiffies 4294786063 (age 26.235s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 b0 1c 62 61 80 88 ff ff ..........ba.... e8 8b a1 64 80 88 ff ff 00 07 00 08 fe 00 00 00 ...d............ backtrace: [<00000000856ed27d>] inet_rtm_newroute+0x129/0x220 [<00000000fcdfc00a>] rtnetlink_rcv_msg+0x397/0xa20 [<00000000cb85801a>] netlink_rcv_skb+0x132/0x380 [<00000000ebc991d2>] netlink_unicast+0x4c0/0x690 [<0000000014f62875>] netlink_sendmsg+0x929/0xe10 [<00000000bac9d967>] sock_sendmsg+0xc8/0x110 [<00000000223e6485>] ___sys_sendmsg+0x77a/0x8f0 [<000000002e94f880>] __sys_sendmsg+0xf7/0x250 [<00000000ccb1fa72>] do_syscall_64+0x14d/0x610 [<00000000ffbe3dae>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<000000003a8b605b>] 0xffffffffffffffff unreferenced object 0xffff888061621c88 (size 48): comm "ip", pid 1206, jiffies 4294786063 (age 26.235s) hex dump (first 32 bytes): 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk 6b 6b 6b 6b 6b 6b 6b 6b d8 8e 26 5f 80 88 ff ff kkkkkkkk..&_.... backtrace: [<00000000733609e3>] fib_table_insert+0x978/0x1500 [<00000000856ed27d>] inet_rtm_newroute+0x129/0x220 [<00000000fcdfc00a>] rtnetlink_rcv_msg+0x397/0xa20 [<00000000cb85801a>] netlink_rcv_skb+0x132/0x380 [<00000000ebc991d2>] netlink_unicast+0x4c0/0x690 [<0000000014f62875>] netlink_sendmsg+0x929/0xe10 [<00000000bac9d967>] sock_sendmsg+0xc8/0x110 [<00000000223e6485>] ___sys_sendmsg+0x77a/0x8f0 [<000000002e94f880>] __sys_sendmsg+0xf7/0x250 [<00000000ccb1fa72>] do_syscall_64+0x14d/0x610 [<00000000ffbe3dae>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<000000003a8b605b>] 0xffffffffffffffff Fixes: 8cced9eff1d4 ("[NETNS]: Enable routing configuration in non-initial namespace.") Signed-off-by: Ido Schimmel Reviewed-by: David Ahern Signed-off-by: David S. Miller commit ab5098fa25b91cb6fe0a0676f17abb64f2bbf024 Author: Olivier Matz Date: Wed Jan 9 10:57:21 2019 +0100 ip6_gre: fix tunnel list corruption for x-netns In changelink ops, the ip6gre_net pointer is retrieved from dev_net(dev), which is wrong in case of x-netns. Thus, the tunnel is not unlinked from its current list and is relinked into another net namespace. This corrupts the tunnel lists and can later trigger a kernel oops. Fix this by retrieving the netns from device private area. Fixes: c8632fc30bb0 ("net: ip6_gre: Split up ip6gre_changelink()") Cc: Petr Machata Signed-off-by: Olivier Matz Acked-by: Nicolas Dichtel Signed-off-by: David S. Miller commit 72f6d4d14c2e23c8ad416ccbe5cfc744ba703d0a Merge: 7939f8beecf1c 2314e879747e8 Author: David S. Miller Date: Tue Jan 15 13:31:46 2019 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net This is the first batch of Netfilter fixes for your net tree: 1) Fix endless loop in nf_tables rules netlink dump, from Phil Sutter. 2) Reference counter leak in object from the error path, from Taehee Yoo. 3) Selective rule dump requires table and chain. 4) Fix DNAT with nft_flow_offload reverse route lookup, from wenxu. 5) Use GFP_KERNEL_ACCOUNT in vmalloc allocation from ebtables, from Shakeel Butt. 6) Set ifindex from route to fix interaction with VRF slave device, also from wenxu. 7) Use nfct_help() to check for conntrack helper, IPS_HELPER status flag is only set from explicit helpers via -j CT, from Henry Yen. ==================== Signed-off-by: David S. Miller commit b4711098066f1cf808d4dc11a1a842860a3292fe Author: Wen Yang Date: Tue Jan 15 10:31:27 2019 +0800 pvcalls-front: fix potential null dereference static checker warning: drivers/xen/pvcalls-front.c:373 alloc_active_ring() error: we previously assumed 'map->active.ring' could be null (see line 357) drivers/xen/pvcalls-front.c 351 static int alloc_active_ring(struct sock_mapping *map) 352 { 353 void *bytes; 354 355 map->active.ring = (struct pvcalls_data_intf *) 356 get_zeroed_page(GFP_KERNEL); 357 if (!map->active.ring) ^^^^^^^^^^^^^^^^^ Check 358 goto out; 359 360 map->active.ring->ring_order = PVCALLS_RING_ORDER; 361 bytes = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, 362 PVCALLS_RING_ORDER); 363 if (!bytes) 364 goto out; 365 366 map->active.data.in = bytes; 367 map->active.data.out = bytes + 368 XEN_FLEX_RING_SIZE(PVCALLS_RING_ORDER); 369 370 return 0; 371 372 out: --> 373 free_active_ring(map); ^^^ Add null check on map->active.ring before dereferencing it to avoid any NULL pointer dereferences. Fixes: 9f51c05dc41a ("pvcalls-front: Avoid get_free_pages(GFP_KERNEL) under spinlock") Reported-by: Dan Carpenter Suggested-by: Boris Ostrovsky Signed-off-by: Wen Yang Reviewed-by: Boris Ostrovsky CC: Boris Ostrovsky CC: Juergen Gross CC: Stefano Stabellini CC: Dan Carpenter CC: xen-devel@lists.xenproject.org CC: linux-kernel@vger.kernel.org Signed-off-by: Boris Ostrovsky commit 4bb0e6d7258213d4893c2c876712fbba40e712fe Author: Julia Lawall Date: Sun Jan 13 09:47:44 2019 +0100 drm/sun4i: backend: add missing of_node_puts The device node iterators perform an of_node_get on each iteration, so a jump out of the loop requires an of_node_put. Remote and port also have augmented reference counts, so drop them on each iteration and at the end of the function, respectively. Remote is only used for the address it contains, not for the contents of that address, so the reference count can be dropped immediately. The semantic patch that fixes the first part of this problem is as follows (http://coccinelle.lip6.fr): // @@ expression root,e; local idexpression child; iterator name for_each_child_of_node; @@ for_each_available_child_of_node(root, child) { ... when != of_node_put(child) when != e = child + of_node_put(child); ? break; ... } ... when != child // Signed-off-by: Julia Lawall Signed-off-by: Maxime Ripard Link: https://patchwork.freedesktop.org/patch/msgid/1547369264-24831-5-git-send-email-Julia.Lawall@lip6.fr commit deaa5c96c2f7e8b934088a1e70a0fe8797bd1149 Author: Chuck Lever Date: Wed Jan 9 10:04:57 2019 -0500 SUNRPC: Address Kerberos performance/behavior regression When using Kerberos with v4.20, I've observed frequent connection loss on heavy workloads. I traced it down to the client underrunning the GSS sequence number window -- NFS servers are required to drop the RPC with the low sequence number, and also drop the connection to signal that an RPC was dropped. Bisected to commit 918f3c1fe83c ("SUNRPC: Improve latency for interactive tasks"). I've got a one-line workaround for this issue, which is easy to backport to v4.20 while a more permanent solution is being derived. Essentially, tk_owner-based sorting is disabled for RPCs that carry a GSS sequence number. Fixes: 918f3c1fe83c ("SUNRPC: Improve latency for interactive ... ") Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker commit 86edaed379632e216a97e6bcef9f498b64522d50 Author: Lorenz Bauer Date: Tue Jan 8 13:58:00 2019 +0000 bpf: libbpf: retry loading program on EAGAIN Commit c3494801cd17 ("bpf: check pending signals while verifying programs") makes it possible for the BPF_PROG_LOAD to fail with EAGAIN. Retry unconditionally in this case. Fixes: c3494801cd17 ("bpf: check pending signals while verifying programs") Signed-off-by: Lorenz Bauer Signed-off-by: Daniel Borkmann commit 97b78ae96ba76f4ca2d8f5afee6a2e567ccb8f45 Author: Trond Myklebust Date: Wed Jan 2 17:53:13 2019 -0500 SUNRPC: Ensure we respect the RPCSEC_GSS sequence number limit According to RFC2203, the RPCSEC_GSS sequence numbers are bounded to an upper limit of MAXSEQ = 0x80000000. Ensure that we handle that correctly. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit e66721f0436396f779291a29616858b76bfd9415 Author: Trond Myklebust Date: Wed Jan 2 17:53:10 2019 -0500 SUNRPC: Ensure rq_bytes_sent is reset before request transmission When we resend a request, ensure that the 'rq_bytes_sent' is reset to zero. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker commit 6bf3bbe1f4d4cf405e3c2bf07bbdff56d3223ec8 Author: Yonghong Song Date: Sat Jan 12 15:04:30 2019 -0800 samples/bpf: workaround clang asm goto compilation errors x86 compilation has required asm goto support since 4.17. Since clang does not support asm goto, at 4.17, Commit b1ae32dbab50 ("x86/cpufeature: Guard asm_volatile_goto usage for BPF compilation") worked around the issue by permitting an alternative implementation without asm goto for clang. At 5.0, more asm goto usages appeared. [yhs@148 x86]$ egrep -r asm_volatile_goto include/asm/cpufeature.h: asm_volatile_goto("1: jmp 6f\n" include/asm/jump_label.h: asm_volatile_goto("1:" include/asm/jump_label.h: asm_volatile_goto("1:" include/asm/rmwcc.h: asm_volatile_goto (fullop "; j" #cc " %l[cc_label]" \ include/asm/uaccess.h: asm_volatile_goto("\n" \ include/asm/uaccess.h: asm_volatile_goto("\n" \ [yhs@148 x86]$ Compiling samples/bpf directories, most bpf programs failed compilation with error messages like: In file included from /home/yhs/work/bpf-next/samples/bpf/xdp_sample_pkts_kern.c:2: In file included from /home/yhs/work/bpf-next/include/linux/ptrace.h:6: In file included from /home/yhs/work/bpf-next/include/linux/sched.h:15: In file included from /home/yhs/work/bpf-next/include/linux/sem.h:5: In file included from /home/yhs/work/bpf-next/include/uapi/linux/sem.h:5: In file included from /home/yhs/work/bpf-next/include/linux/ipc.h:9: In file included from /home/yhs/work/bpf-next/include/linux/refcount.h:72: /home/yhs/work/bpf-next/arch/x86/include/asm/refcount.h:70:9: error: 'asm goto' constructs are not supported yet return GEN_BINARY_SUFFIXED_RMWcc(LOCK_PREFIX "subl", ^ /home/yhs/work/bpf-next/arch/x86/include/asm/rmwcc.h:67:2: note: expanded from macro 'GEN_BINARY_SUFFIXED_RMWcc' __GEN_RMWcc(op " %[val], %[var]\n\t" suffix, var, cc, \ ^ /home/yhs/work/bpf-next/arch/x86/include/asm/rmwcc.h:21:2: note: expanded from macro '__GEN_RMWcc' asm_volatile_goto (fullop "; j" #cc " %l[cc_label]" \ ^ /home/yhs/work/bpf-next/include/linux/compiler_types.h:188:37: note: expanded from macro 'asm_volatile_goto' #define asm_volatile_goto(x...) asm goto(x) Most implementation does not even provide an alternative implementation. And it is also not practical to make changes for each call site. This patch workarounded the asm goto issue by redefining the macro like below: #define asm_volatile_goto(x...) asm volatile("invalid use of asm_volatile_goto") If asm_volatile_goto is not used by bpf programs, which is typically the case, nothing bad will happen. If asm_volatile_goto is used by bpf programs, which is incorrect, the compiler will issue an error since "invalid use of asm_volatile_goto" is not valid assembly codes. With this patch, all bpf programs under samples/bpf can pass compilation. Note that bpf programs under tools/testing/selftests/bpf/ compiled fine as they do not access kernel internal headers. Fixes: e769742d3584 ("Revert "x86/jump-labels: Macrofy inline assembly code to work around GCC inlining bugs"") Fixes: 18fe58229d80 ("x86, asm: change the GEN_*_RMWcc() macros to not quote the condition") Acked-by: Alexei Starovoitov Signed-off-by: Yonghong Song Signed-off-by: Daniel Borkmann commit 1be72f29bfb98be27a95309f18b4ab5249967b59 Author: Stanislav Fomichev Date: Mon Jan 14 09:41:41 2019 -0800 selftests/bpf: install with_tunnels.sh for test_flow_dissector.sh test_flow_dissector.sh depends on both with_addr.sh and with_tunnels.sh However, we install only with_addr.sh. Add with_tunnels.sh to TEST_PROGS_EXTENDED to make sure it gets installed as well. Tested with: make TARGETS=bpf install INSTALL_PATH=$PWD/x Fixes: ef4ab8447aa26 ("selftests: bpf: install script with_addr.sh") Signed-off-by: Stanislav Fomichev Signed-off-by: Daniel Borkmann commit cc5b5d3565048ae57d14e5674a5fb085b2ab0193 Author: Krzysztof Kazimierczak Date: Thu Jan 10 20:29:02 2019 +0100 xsk: Check if a queue exists during umem setup In the xdp_umem_assign_dev() path, the xsk code does not check if a queue for which umem is to be created exists. It leads to a situation where umem is not assigned to any Tx/Rx queue of a netdevice, without notifying the stack about an error. This affects both XDP_SKB and XDP_DRV modes - in case of XDP_DRV_ZC, queue index is checked by the driver. This patch fixes xsk code, so that in both XDP_SKB and XDP_DRV mode of AF_XDP, an error is returned when requested queue index exceedes an existing maximum. Fixes: c9b47cc1fabca ("xsk: fix bug when trying to use both copy and zero-copy on one queue id") Reported-by: Jakub Spizewski Signed-off-by: Krzysztof Kazimierczak Acked-by: Björn Töpel Signed-off-by: Daniel Borkmann commit a811dc61559e0c8003f1086c2a4dc8e4d5ae4cb8 Author: Tycho Andersen Date: Sat Jan 12 11:24:20 2019 -0700 seccomp: fix UAF in user-trap code On the failure path, we do an fput() of the listener fd if the filter fails to install (e.g. because of a TSYNC race that's lost, or if the thread is killed, etc.). fput() doesn't actually release the fd, it just ads it to a work queue. Then the thread proceeds to free the filter, even though the listener struct file has a reference to it. To fix this, on the failure path let's set the private data to null, so we know in ->release() to ignore the filter. Reported-by: syzbot+981c26489b2d1c6316ba@syzkaller.appspotmail.com Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Signed-off-by: Tycho Andersen Acked-by: Kees Cook Signed-off-by: James Morris commit 663ec3a2c2d02775bc723b20a1af33262f790f50 Author: Linus Walleij Date: Wed Jan 9 22:51:44 2019 +0100 mtd: rawnand: fsmc: Keep bank enable bit set Hammering the "bank enable" (PBKEN) bit on and off between every command crashes the Nomadik NHK15 with this message: Scanning device for bad blocks Unhandled fault: external abort on non-linefetch (0x008) at 0xcc95e000 pgd = (ptrval) [cc95e000] *pgd=0b808811, *pte=40000653, *ppte=40000552 Internal error: : 8 [#1] PREEMPT ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 4.20.0-rc2+ #72 Hardware name: Nomadik STn8815 PC is at fsmc_exec_op+0x194/0x204 (...) After a discussion we (me and Boris Brezillon) start to suspect that this bit does not immediately control the chip select line at all, it rather enables access to the bank and the hardware will drive the CS autonomously. If there is a NAND chip connected, we should keep this enabled. As fsmc_nand_setup() sets this bit, we can simply remove the offending code. Fixes: 550b9fc4e3af ("mtd: rawnand: fsmc: Stop implementing ->select_chip()") Signed-off-by: Linus Walleij Acked-by: Miquel Raynal Signed-off-by: Boris Brezillon commit 7939f8beecf1cfb10d255be65bfbd3793fae82a1 Merge: e8746440bf682 8b05a3a7503c2 Author: Linus Torvalds Date: Wed Jan 16 05:28:26 2019 +1200 Merge tag 'trace-v5.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fix from Steven Rostedt: "Andrea Righi fixed a NULL pointer dereference in trace_kprobe_create() It is possible to trigger a NULL pointer dereference by writing an incorrectly formatted string to the krpobe_events file" * tag 'trace-v5.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing/kprobes: Fix NULL pointer dereference in trace_kprobe_create() commit e8746440bf68212f19688f1454dad593c74abee1 Merge: fe76fc6aaf538 2f960bd056408 Author: Linus Torvalds Date: Wed Jan 16 05:13:36 2019 +1200 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix regression in multi-SKB responses to RTM_GETADDR, from Arthur Gautier. 2) Fix ipv6 frag parsing in openvswitch, from Yi-Hung Wei. 3) Unbounded recursion in ipv4 and ipv6 GUE tunnels, from Stefano Brivio. 4) Use after free in hns driver, from Yonglong Liu. 5) icmp6_send() needs to handle the case of NULL skb, from Eric Dumazet. 6) Missing rcu read lock in __inet6_bind() when operating on mapped addresses, from David Ahern. 7) Memory leak in tipc-nl_compat_publ_dump(), from Gustavo A. R. Silva. 8) Fix PHY vs r8169 module loading ordering issues, from Heiner Kallweit. 9) Fix bridge vlan memory leak, from Ido Schimmel. 10) Dev refcount leak in AF_PACKET, from Jason Gunthorpe. 11) Infoleak in ipv6_local_error(), flow label isn't completely initialized. From Eric Dumazet. 12) Handle mv88e6390 errata, from Andrew Lunn. 13) Making vhost/vsock CID hashing consistent, from Zha Bin. 14) Fix lack of UMH cleanup when it unexpectedly exits, from Taehee Yoo. 15) Bridge forwarding must clear skb->tstamp, from Paolo Abeni. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (87 commits) bnxt_en: Fix context memory allocation. bnxt_en: Fix ring checking logic on 57500 chips. mISDN: hfcsusb: Use struct_size() in kzalloc() net: clear skb->tstamp in bridge forwarding path net: bpfilter: disallow to remove bpfilter module while being used net: bpfilter: restart bpfilter_umh when error occurred net: bpfilter: use cleanup callback to release umh_info umh: add exit routine for UMH process isdn: i4l: isdn_tty: Fix some concurrency double-free bugs vhost/vsock: fix vhost vsock cid hashing inconsistent net: stmmac: Prevent RX starvation in stmmac_napi_poll() net: stmmac: Fix the logic of checking if RX Watchdog must be enabled net: stmmac: Check if CBS is supported before configuring net: stmmac: dwxgmac2: Only clear interrupts that are active net: stmmac: Fix PCI module removal leak tools/bpf: fix bpftool map dump with bitfields tools/bpf: test btf bitfield with >=256 struct member offset bpf: fix bpffs bitfield pretty print net: ethernet: mediatek: fix warning in phy_start_aneg tcp: change txhash on SYN-data timeout ... commit 8b05a3a7503c2a982c9c462eae96cfbd59506783 Author: Andrea Righi Date: Fri Jan 11 07:01:13 2019 +0100 tracing/kprobes: Fix NULL pointer dereference in trace_kprobe_create() It is possible to trigger a NULL pointer dereference by writing an incorrectly formatted string to krpobe_events (trying to create a kretprobe omitting the symbol). Example: echo "r:event_1 " >> /sys/kernel/debug/tracing/kprobe_events That triggers this: BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 #PF error: [normal kernel read fault] PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 6 PID: 1757 Comm: bash Not tainted 5.0.0-rc1+ #125 Hardware name: Dell Inc. XPS 13 9370/0F6P3V, BIOS 1.5.1 08/09/2018 RIP: 0010:kstrtoull+0x2/0x20 Code: 28 00 00 00 75 17 48 83 c4 18 5b 41 5c 5d c3 b8 ea ff ff ff eb e1 b8 de ff ff ff eb da e8 d6 36 bb ff 66 0f 1f 44 00 00 31 c0 <80> 3f 2b 55 48 89 e5 0f 94 c0 48 01 c7 e8 5c ff ff ff 5d c3 66 2e RSP: 0018:ffffb5d482e57cb8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff82b12720 RDX: ffffb5d482e57cf8 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffb5d482e57d70 R08: ffffa0c05e5a7080 R09: ffffa0c05e003980 R10: 0000000000000000 R11: 0000000040000000 R12: ffffa0c04fe87b08 R13: 0000000000000001 R14: 000000000000000b R15: ffffa0c058d749e1 FS: 00007f137c7f7740(0000) GS:ffffa0c05e580000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000497d46004 CR4: 00000000003606e0 Call Trace: ? trace_kprobe_create+0xb6/0x840 ? _cond_resched+0x19/0x40 ? _cond_resched+0x19/0x40 ? __kmalloc+0x62/0x210 ? argv_split+0x8f/0x140 ? trace_kprobe_create+0x840/0x840 ? trace_kprobe_create+0x840/0x840 create_or_delete_trace_kprobe+0x11/0x30 trace_run_command+0x50/0x90 trace_parse_run_command+0xc1/0x160 probes_write+0x10/0x20 __vfs_write+0x3a/0x1b0 ? apparmor_file_permission+0x1a/0x20 ? security_file_permission+0x31/0xf0 ? _cond_resched+0x19/0x40 vfs_write+0xb1/0x1a0 ksys_write+0x55/0xc0 __x64_sys_write+0x1a/0x20 do_syscall_64+0x5a/0x120 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fix by doing the proper argument checks in trace_kprobe_create(). Cc: Ingo Molnar Link: https://lore.kernel.org/lkml/20190111095108.b79a2ee026185cbd62365977@kernel.org Link: http://lkml.kernel.org/r/20190111060113.GA22841@xps-13 Fixes: 6212dd29683e ("tracing/kprobes: Use dyn_event framework for kprobe events") Acked-by: Masami Hiramatsu Signed-off-by: Andrea Righi Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) commit 45ac486ecf2dc998e25cf32f0cabf2deaad875be Author: Olga Kornievskaia Date: Fri Jan 11 19:04:44 2019 -0500 NFSv4.2 fix unnecessary retry in nfs4_copy_file_range Currently nfs42_proc_copy_file_range() can not return EAGAIN. Fixes: e4648aa4f98a ("NFS recover from destination server reboot for copies") Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker commit 92b0730eaf2d549fdfb10ecc8b71f34b9f472c12 Author: Michel Dänzer Date: Fri Jan 11 16:21:02 2019 +0100 Revert "drm/amdgpu: validate user pitch alignment" The check turned out to be too strict in some cases. Reviewed-by: Alex Deucher Signed-off-by: Michel Dänzer Signed-off-by: Alex Deucher commit 25ec429e86bb790e40387a550f0501d0ac55a47c Author: Alex Deucher Date: Thu Jan 10 12:16:57 2019 +0100 Revert "drm/amdgpu: validate user GEM object size" It was at the same time too strict (for linear tiling modes, where no height alignment is required) and too lenient (for 2D tiling modes, where height may need to be aligned to values > 8). Acked-by: Alex Deucher Signed-off-by: Michel Dänzer Signed-off-by: Alex Deucher commit 04906b2f542c23626b0ef6219b808406f8dddbe9 Author: Jan Kara Date: Mon Jan 14 09:48:10 2019 +0100 blockdev: Fix livelocks on loop device bd_set_size() updates also block device's block size. This is somewhat unexpected from its name and at this point, only blkdev_open() uses this functionality. Furthermore, this can result in changing block size under a filesystem mounted on a loop device which leads to livelocks inside __getblk_gfp() like: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 10863 Comm: syz-executor0 Not tainted 4.18.0-rc5+ #151 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__sanitizer_cov_trace_pc+0x3f/0x50 kernel/kcov.c:106 ... Call Trace: init_page_buffers+0x3e2/0x530 fs/buffer.c:904 grow_dev_page fs/buffer.c:947 [inline] grow_buffers fs/buffer.c:1009 [inline] __getblk_slow fs/buffer.c:1036 [inline] __getblk_gfp+0x906/0xb10 fs/buffer.c:1313 __bread_gfp+0x2d/0x310 fs/buffer.c:1347 sb_bread include/linux/buffer_head.h:307 [inline] fat12_ent_bread+0x14e/0x3d0 fs/fat/fatent.c:75 fat_ent_read_block fs/fat/fatent.c:441 [inline] fat_alloc_clusters+0x8ce/0x16e0 fs/fat/fatent.c:489 fat_add_cluster+0x7a/0x150 fs/fat/inode.c:101 __fat_get_block fs/fat/inode.c:148 [inline] ... Trivial reproducer for the problem looks like: truncate -s 1G /tmp/image losetup /dev/loop0 /tmp/image mkfs.ext4 -b 1024 /dev/loop0 mount -t ext4 /dev/loop0 /mnt losetup -c /dev/loop0 l /mnt Fix the problem by moving initialization of a block device block size into a separate function and call it when needed. Thanks to Tetsuo Handa for help with debugging the problem. Reported-by: syzbot+9933e4476f365f5d5a1b@syzkaller.appspotmail.com Signed-off-by: Jan Kara Signed-off-by: Jens Axboe commit c8a83a6b54d0ca078de036aafb3f6af58c1dc5eb Author: Jan Kara Date: Mon Jan 14 09:48:09 2019 +0100 nbd: Use set_blocksize() to set device blocksize NBD can update block device block size implicitely through bd_set_size(). Make it explicitely set blocksize with set_blocksize() as this behavior of bd_set_size() is going away. CC: Josef Bacik Signed-off-by: Jan Kara Signed-off-by: Jens Axboe commit ce0210c12433031aba3bbacd75f4c02ab77f2004 Author: Neil Armstrong Date: Mon Jan 14 16:31:18 2019 +0100 drm/meson: Fix atomic mode switching regression Since commit 2bcd3ecab773 when switching mode from X11 (ubuntu mate for example) the display gets blurry, looking like an invalid framebuffer width. This commit fixed atomic crtc modesetting in a totally wrong way and introduced a local unnecessary ->enabled crtc state. This commit reverts the crctc _begin() and _enable() changes and simply adds drm_atomic_helper_commit_tail_rpm as helper. Reported-by: Tony McKahan Suggested-by: Daniel Vetter Fixes: 2bcd3ecab773 ("drm/meson: Fixes for drm_crtc_vblank_on/off support") Signed-off-by: Neil Armstrong Acked-by: Daniel Vetter [narmstrong: fixed blank line issue from checkpatch] Link: https://patchwork.freedesktop.org/patch/msgid/20190114153118.8024-1-narmstrong@baylibre.com commit 51b00d8509dc69c98740da2ad07308b630d3eb7d Author: Zhenyu Wang Date: Fri Jan 11 13:58:53 2019 +0800 drm/i915/gvt: Fix mmap range check This is to fix missed mmap range check on vGPU bar2 region and only allow to map vGPU allocated GMADDR range, which means user space should support sparse mmap to get proper offset for mmap vGPU aperture. And this takes care of actual pgoff in mmap request as original code always does from beginning of vGPU aperture. Fixes: 659643f7d814 ("drm/i915/gvt/kvmgt: add vfio/mdev support to KVMGT") Cc: "Monroy, Rodrigo Axel" Cc: "Orrala Contreras, Alfredo" Cc: stable@vger.kernel.org # v4.10+ Reviewed-by: Hang Yuan Signed-off-by: Zhenyu Wang commit 7bea7ac0ca0121798f3618d16201ca4dc4e67a00 Author: Michael Ellerman Date: Tue Jan 15 17:37:28 2019 +1100 powerpc/syscalls: Fix syscall tracing Recently in commit fbf508da7440 ("powerpc: split compat syscall table out from native table") we changed the layout of the system call table. Instead of having two entries for each syscall number, one for the regular entry point and one for the compat entry point, we now have separate tables for regular and compat entry points. This inadvertently broke syscall tracing (CONFIG_FTRACE_SYSCALLS), because our implementation of arch_syscall_addr() knew about the layout of the table (it did nr * 2). We can fix it just by dropping our version of arch_syscall_addr() and using the generic version which does: return (unsigned long)sys_call_table[nr]; Fixes: fbf508da7440 ("powerpc: split compat syscall table out from native table") Signed-off-by: Michael Ellerman commit 6c2d0f9976ad19eca6d03dad5d726f8eff848b70 Author: Hang Yuan Date: Mon Jan 14 18:43:39 2019 +0800 drm/i915/gvt: free VFIO region space in vgpu detach VFIO region space is allocated when one region is registered for one vgpu. So free the space when destroy the vgpu. Also change the parameter of detach_vgpu callback to use vgpu directly. Fixes: b851adeac0858c7d257b3 ("drm/i915/gvt: Add opregion support") Reviewed-by: Zhenyu Wang Signed-off-by: Hang Yuan Signed-off-by: Zhenyu Wang commit da727097a482a93645ba5beea8d389ebab11fc64 Author: Jason A. Donenfeld Date: Mon Jan 14 16:47:45 2019 -0800 powerpc/pseries: Fix build break due to pnv_npu2_init() Commit 3be2df00e299 ("powerpc/pseries/npu: Enable platform support") added a call to pnv_npu2_init() in pseries code. This causes a build break if we build with CONFIG_PPC_PSERIES && !CONFIG_PPC_POWERNV: powerpc64le-pc-linux-gnu-ld: arch/powerpc/platforms/pseries/pci.o: in function `pSeries_final_fixup': pci.c:(.init.text+0x1b0): undefined reference to `pnv_npu2_init' This commit therefore wraps that line in an ifdef, so that pseries builds without powernv. Fixes: 3be2df00e299 ("powerpc/pseries/npu: Enable platform support") Signed-off-by: Jason A. Donenfeld Reviewed-by: Alexey Kardashevskiy [mpe: Frob change log a bit to blame a different commit] Signed-off-by: Michael Ellerman commit f29fd331aa055fbeb5a496b4af937b7952111b6b Author: Vitor Soares Date: Thu Jan 10 16:34:59 2019 +0100 i3c: master: dw-i3c-master: fix i3c_attach/reattach This patch fix i3c_attach/reattach functions. During the i3c_attach the driver ignores the static address used for SETDASA CCC command. During the i3c_reattach the driver doesn't update master->addrs[data->index] with new address if old_dyn_addr = 0. Fixes: 1dd728f5d4d4 ("i3c: master: Add driver for Synopsys DesignWare IP") Signed-off-by: Vitor Soares Signed-off-by: Boris Brezillon commit fe76fc6aaf538df27708ffa3e5d549a6c8e16142 Author: Ming Lei Date: Tue Jan 15 11:59:52 2019 +0800 sbitmap: Protect swap_lock from hardirq Because we may call blk_mq_get_driver_tag() directly from blk_mq_dispatch_rq_list() without holding any lock, then HARDIRQ may come and the above DEADLOCK is triggered. Commit ab53dcfb3e7b ("sbitmap: Protect swap_lock from hardirq") tries to fix this issue by using 'spin_lock_bh', which isn't enough because we complete request from hardirq context direclty in case of multiqueue. Cc: Clark Williams Fixes: ab53dcfb3e7b ("sbitmap: Protect swap_lock from hardirq") Cc: Jens Axboe Cc: Ming Lei Cc: Guenter Roeck Cc: Steven Rostedt (VMware) Signed-off-by: Ming Lei Signed-off-by: Linus Torvalds commit b4fe30e45a660efa8f122070fc7173715d0e1d00 Author: Wei Yang Date: Tue Jan 15 11:09:46 2019 +0800 acpi/nfit: Remove duplicate set nd_set in acpi_nfit_init_interleave_set() We allocate nd_set in acpi_nfit_init_interleave_set() and assignn it to ndr_desc, while the assignment is done twice in this function. This patch removes the first assignment. No functional change. Signed-off-by: Wei Yang Signed-off-by: Dan Williams commit 8e5dadfe76cf2862ebf3e4f22adef29982df7766 Author: Bijan Mottahedeh Date: Mon Dec 3 16:48:23 2018 -0800 vhost/scsi: Use copy_to_iter() to send control queue response Uses copy_to_iter() instead of __copy_to_user() in order to ensure we support arbitrary layouts and an input buffer split across iov entries. Fixes: 0d02dbd68c47b ("vhost/scsi: Respond to control queue operations") Signed-off-by: Bijan Mottahedeh Signed-off-by: Michael S. Tsirkin commit 74ad7419489ddade8044e3c9ab064ad656520306 Author: Pavel Tikhomirov Date: Thu Dec 13 17:53:50 2018 +0300 vhost: return EINVAL if iovecs size does not match the message size We've failed to copy and process vhost_iotlb_msg so let userspace at least know about it. For instance before these patch the code below runs without any error: int main() { struct vhost_msg msg; struct iovec iov; int fd; fd = open("/dev/vhost-net", O_RDWR); if (fd == -1) { perror("open"); return 1; } iov.iov_base = &msg; iov.iov_len = sizeof(msg)-4; if (writev(fd, &iov,1) == -1) { perror("writev"); return 1; } return 0; } Signed-off-by: Pavel Tikhomirov Signed-off-by: Michael S. Tsirkin commit bf4dc0b2beebfd9338df7c0bcf473b356f67cf66 Author: Wei Wang Date: Mon Jan 7 15:01:04 2019 +0800 virtio-balloon: tweak config_changed implementation virtio-ccw has deadlock issues with reading the config space inside the interrupt context, so we tweak the virtballoon_changed implementation by moving the config read operations into the related workqueue contexts. The config_read_bitmap is used as a flag to the workqueue callbacks about the related config fields that need to be read. The cmd_id_received is also renamed to cmd_id_received_cache, and the value should be obtained via virtio_balloon_cmd_id_received. Reported-by: Christian Borntraeger Signed-off-by: Wei Wang Reviewed-by: Cornelia Huck Reviewed-by: Halil Pasic Signed-off-by: Michael S. Tsirkin Cc: stable@vger.kernel.org Fixes: 86a559787e6f ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT") Tested-by: Christian Borntraeger commit a229989d975eb926076307c1f2f5e4c6111768e7 Author: Wei Wang Date: Fri Dec 28 10:26:26 2018 +0800 virtio: don't allocate vqs when names[i] = NULL Some vqs may not need to be allocated when their related feature bits are disabled. So callers may pass in such vqs with "names = NULL". Then we skip such vq allocations. Signed-off-by: Wei Wang Signed-off-by: Michael S. Tsirkin Signed-off-by: Wei Wang Signed-off-by: Wei Wang Reviewed-by: Cornelia Huck Cc: stable@vger.kernel.org Fixes: 86a559787e6f ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT") commit ddbeac07a39a81d82331a312d0578fab94fccbf1 Author: Wei Wang Date: Fri Dec 28 10:26:25 2018 +0800 virtio_pci: use queue idx instead of array idx to set up the vq When find_vqs, there will be no vq[i] allocation if its corresponding names[i] is NULL. For example, the caller may pass in names[i] (i=4) with names[2] being NULL because the related feature bit is turned off, so technically there are 3 queues on the device, and name[4] should correspond to the 3rd queue on the device. So we use queue_idx as the queue index, which is increased only when the queue exists. Signed-off-by: Wei Wang Signed-off-by: Michael S. Tsirkin Signed-off-by: Wei Wang Signed-off-by: Wei Wang commit d1c1dad89e7a8be2cfdc7b92deca2c8048f0d263 Author: Cornelia Huck Date: Thu Jan 3 17:08:04 2019 +0100 virtio: document virtio_config_ops restrictions Some transports (e.g. virtio-ccw) implement virtio operations that seem to be a simple read/write as something more involved that cannot be done from an atomic context. Give at least a hint about that. Signed-off-by: Cornelia Huck Signed-off-by: Michael S. Tsirkin commit b89a07c4373b27321b1f6d4b4fdc369fd45ef79d Author: Cornelia Huck Date: Thu Jan 3 17:08:03 2019 +0100 virtio: fix virtio_config_ops description - get_features has returned 64 bits since commit d025477368792 ("virtio: add support for 64 bit features.") - properly mark all optional callbacks Signed-off-by: Cornelia Huck Signed-off-by: Michael S. Tsirkin Reviewed-by: Halil Pasic commit 2e8cb2cf1bd6e90f58bd517eb9ca1938e64fa51c Author: Rob Herring Date: Mon Jan 14 15:35:46 2019 -0600 PCI: Fix PCI kconfig menu organization After commit eb01d42a7778 ("PCI: consolidate PCI config entry in drivers/pci"), all the PCI kconfig options appear below "PCI support" rather than within a sub-menu. This is because menuconfig expects all kconfig entries to be enclosed in an if/endif section. Add the missing if/endif. With this, "depends on PCI" is redundant in the sub-menu entries and can be removed. Fixes: eb01d42a7778 ("PCI: consolidate PCI config entry in drivers/pci") Signed-off-by: Rob Herring Signed-off-by: Bjorn Helgaas Reviewed-by: Christoph Hellwig commit 7151449fe7fa5962c6153355f9779d6be99e8e97 Author: Mark Zhang Date: Mon Jan 14 17:32:58 2019 +0800 regmap-irq: do not write mask register if mask_base is zero If client have not provided the mask base register then do not write into the mask register. Signed-off-by: Laxman Dewangan Signed-off-by: Jinyoung Park Signed-off-by: Venkat Reddy Talla Signed-off-by: Mark Zhang Signed-off-by: Mark Brown commit 8a644c64a9f1aefb99fdc4413e6b7fee17809e38 Author: Aurelien Jarno Date: Sat Jan 12 20:37:28 2019 +0100 MIPS: OCTEON: fix kexec support Commit 62cac480f33f ("MIPS: kexec: Make a framework for both jumping and halting on nonboot CPUs") broke the build of the OCTEON platform as the relocated_kexec_smp_wait() is now static and not longer exported in kexec.h. Replace it by kexec_reboot() like it has been done in other places. Fixes: 62cac480f33f ("MIPS: kexec: Make a framework for both jumping and halting on nonboot CPUs") Signed-off-by: Aurelien Jarno Signed-off-by: Paul Burton Cc: linux-mips@vger.kernel.org Cc: Dengcheng Zhu Cc: ralf@linux-mips.org Cc: stable@vger.kernel.org # 4.20+ commit d6f4a21f309dfe10a5693ad236358dd6fcc46f7a Author: Jason Gunthorpe Date: Fri Jan 11 08:21:44 2019 +0200 RDMA/uverbs: Mark ioctl responses with UVERBS_ATTR_F_VALID_OUTPUT When the ioctl interface for the write commands was introduced it did not mark the core response with UVERBS_ATTR_F_VALID_OUTPUT. This causes rdma-core in userspace to not mark the buffers as written for valgrind. Along the same lines it turns out we have always missed marking the driver data. Fixing both of these makes valgrind work properly with rdma-core and ioctl. Fixes: 4785860e04bc ("RDMA/uverbs: Implement an ioctl that can call write and write_ex handlers") Signed-off-by: Jason Gunthorpe Reviewed-by: Artemy Kovalyov Signed-off-by: Leon Romanovsky commit ae1cf20df7a9c60ff5ef41c3315c33c1a5fafd77 Author: Nicholas Kazlauskas Date: Tue Dec 11 12:35:56 2018 -0500 drm/amd/display: Fix disabled cursor on top screen edge [Why] The cursor vanishes when touching the top of edge of the screen for Raven on Linux. This occurs because the cursor height is not taken into account when deciding to disable the cursor. [How] Factor in the cursor height into the cursor calculations - and mimic the existing x position calculations. Fixes: 94a4ffd1d40b ("drm/amd/display: fix PIP bugs on Dal3") Signed-off-by: Nicholas Kazlauskas Reviewed-by: Harry Wentland Acked-by: Leo Li Signed-off-by: Alex Deucher commit f5c412ac596fbe1508514257fef3d48e263f40a7 Author: Roman Li Date: Wed Dec 19 09:24:06 2018 -0500 drm/amd/display: fix warning on raven hotplug [Why] Hotplug on raven results in REG_WAIT_TIMEOUT warning due to failing attempt to lock disabled otg for the hubp interdependent pipes programming. [How] Don't setup pipe interdependencies for disabled otg. Also removed the unnecessary duplicate logic checks. Signed-off-by: Roman Li Reviewed-by: Dmytro Laktyushkin Acked-by: Leo Li Signed-off-by: Alex Deucher commit 20300db4aec5ba5edf6f0ad6f7111a51fbea7e10 Author: Charlene Liu Date: Wed Dec 12 18:09:16 2018 -0500 drm/amd/display: fix PME notification not working in RV desktop [Why] PPLIB not receive the PME when unplug. Signed-off-by: Charlene Liu Reviewed-by: Chris Park Acked-by: Leo Li Signed-off-by: Alex Deucher commit dddce8b490051018f8d5d1457af47483064c7e09 Author: Nicholas Kazlauskas Date: Thu Jan 10 15:12:48 2019 -0500 drm/amd/display: Only get the connector state for VRR when toggled [Why] This fixes a stuttering issue that occurs when moving a hardware cursor when VRR is enabled. Previously when VRR is enabled atomic check will grab the connector state for every atomic update. This has to lock the connector in order to do so. The locking is bad enough by itself for performance, but it gets worse with what we do just below that - add all the planes for the CRTC to the commit. This prevents the cursor fast path from working - there's more than one plane now. With state->allow_modeset = true on top of this, it also adds and removes all the planes from the DC context triggering a full (very slow) update in DC. [How] We need the connector state to get the VRR min/max capbilities, but we only need them when there's a CRTC mode change or when VRR is toggled. The condition has been updated accordingly. Fixes: 3cc22f281318 ("drm/amdgpu: Set FreeSync state using drm VRR properties") Signed-off-by: Nicholas Kazlauskas Reviewed-by: Leo Li Signed-off-by: Alex Deucher commit 099139bef026faefebc508ddb77d397cf55f1b15 Author: Josip Pavic Date: Tue Dec 11 15:13:08 2018 -0500 drm/amd/display: Pack DMCU iRAM alignment [Why] When the DMCU's iRAM definition was moved to the newly created power_helpers, a #pragma pack was lost, causing the iRAM to be misaligned [How] Restore the #pragma pack Signed-off-by: Josip Pavic Reviewed-by: Anthony Koo Acked-by: Leo Li Signed-off-by: Alex Deucher commit a29b01a1313d20a6d45c0f25858f31701cee625d Author: Kenneth Feng Date: Wed Jan 9 14:39:48 2019 +0800 drm/amd/powerplay: run acg btc for Vega12 acg btc was added to Vega12 Signed-off-by: Kenneth Feng Reviewed-by: Evan Quan Signed-off-by: Alex Deucher commit bbdf514fe5648566b0754476cbcb92ac3422dde2 Author: Felix Kuehling Date: Wed Jan 2 17:47:39 2019 -0500 drm/amdkfd: Don't assign dGPUs to APU topology devices dGPUs need their own topology devices. Don't assign them to APU topology devices with CPU cores. Bug: https://github.com/RadeonOpenCompute/ROCK-Kernel-Driver/issues/66 Signed-off-by: Felix Kuehling Tested-by: Elias Konstantinidis Acked-by: Alex Deucher Signed-off-by: Alex Deucher commit d1c234e2cd1091b816c990a1848d88a8697f97b4 Author: Felix Kuehling Date: Wed Jan 2 14:52:13 2019 -0500 drm/amdkfd: Allow building KFD on ARM64 (v2) ifdef x86_64 specific code. Allow enabling CONFIG_HSA_AMD on ARM64. v2: Fixed a compiler warning due to an unused variable CC: Mark Nutter Signed-off-by: Felix Kuehling Tested-by: Mark Nutter Acked-by: Alex Deucher Acked-by: Christian König Signed-off-by: Alex Deucher commit 3719876809e745b9db5293d418600c194bbf5c23 Author: Steven Rostedt (VMware) Date: Mon Jan 14 12:25:40 2019 -0500 sbitmap: Protect swap_lock from softirqs The swap_lock used by sbitmap has a chain with locks taken from softirq, but the swap_lock is not protected from being preempted by softirqs. A chain exists of: sbq->ws[i].wait -> dispatch_wait_lock -> swap_lock Where the sbq->ws[i].wait lock can be taken from softirq context, which means all locks below it in the chain must also be protected from softirqs. Reported-by: Clark Williams Fixes: 58ab5e32e6fd ("sbitmap: silence bogus lockdep IRQ warning") Fixes: ea86ea2cdced ("sbitmap: amortize cost of clearing bits") Cc: Jens Axboe Cc: Ming Lei Cc: Guenter Roeck Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Linus Torvalds commit c962cb323ec260652cff9331e7bf3d606292db88 Merge: 9deb9e1637761 e3e4767bd550b Author: Linus Torvalds Date: Tue Jan 15 06:26:28 2019 +1200 Merge tag 'gpio-v5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO fixes from Linus Walleij: "The patch hitting the MMC/SD subsystem is fixing up my own mess when moving semantics from MMC/SD over to gpiolib. Ulf is on vacation but I managed to reach him on chat and obtain his ACK. The other two are early-rc fixes that are not super serious but pretty annoying so I'd like to get rid of them. Summary: - Get rid of some WARN_ON() from the ACPI code - Staticize a symbol - Fix MMC polarity detection" * tag 'gpio-v5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: mmc: core: don't override the CD GPIO level when "cd-inverted" is set gpio: pca953x: Make symbol 'pca953x_i2c_regmap' static gpiolib-acpi: Remove unnecessary WARN_ON from acpi_gpiochip_free_interrupts commit 9deb9e1637761cc4e6df5104a34197ef0bae1358 Merge: 3a73e73a10a79 3f2d347e851ef Author: Linus Torvalds Date: Tue Jan 15 06:24:36 2019 +1200 Merge tag 'mfd-next-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD updates from Lee Jones: "New Device Support - Add support for Power Supply to AXP813 - Add support for GPIO, ADC, AC and Battery Power Supply to AXP803 - Add support for UART to Exynos LPASS Fix-ups: - Use supplied MACROS; ti_am335x_tscadc - Trivial spelling/whitespace/alignment; tmio, axp20x, rave-sp - Regmap changes; bd9571mwv, wm5110-tables - Kconfig dependencies; MFD_AT91_USART - Supply shared data for child-devices; madera-core - Use new of_node_name_eq() API call; max77620, stmpe - Use managed resources (devm_*); tps65218 - Comment descriptions; ingenic-tcu - Coding style; madera-core Bug Fixes: - Fix section mismatches; twl-core, db8500-prcmu - Correct error path related issues; mt6397-core, ab8500-core, mc13xxx-core - IRQ related fixes; tps6586x - Ensure proper initialisation sequence; qcom_rpm - Repair potential memory leak; cros_ec_dev" * tag 'mfd-next-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: (25 commits) mfd: exynos-lpass: Enable UART module support mfd: mc13xxx: Fix a missing check of a register-read failure mfd: cros_ec: Add commands to control codec mfd: madera: Remove spurious semicolon in while loop mfd: rave-sp: Fix typo in rave_sp_checksum comment mfd: ingenic-tcu: Fix bit field description in header mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() mfd: Use of_node_name_eq() for node name comparisons mfd: cros_ec_dev: Add missing mfd_remove_devices() call in remove mfd: axp20x: Add supported cells for AXP803 mfd: axp20x: Re-align MFD cell entries mfd: axp20x: Add AC power supply cell for AXP813 mfd: wm5110: Add missing ASRC rate register mfd: qcom_rpm: write fw_version to CTRL_REG mfd: tps6586x: Handle interrupts on suspend mfd: madera: Add shared data for accessory detection mfd: at91-usart: Add platform dependency mfd: bd9571mwv: Add volatile register to make DVFS work mfd: ab8500-core: Return zero in get_register_interruptible() mfd: tmio: Typo s/use use/use/ ... commit 3a73e73a10a791344587103a1adbe0c5f02fedeb Merge: 1c7fc5cbc3398 3cee7a7d05b11 Author: Linus Torvalds Date: Tue Jan 15 06:21:10 2019 +1200 Merge tag 'backlight-next-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight Pull backlight updates from Lee Jones: "Fix-ups: - Use new of_node_name_eq() API call Bug Fixes: - Internally track 'enabled' state in pwm_bl - Fix auto-generated pwm_bl brightness tables parsed by DT * tag 'backlight-next-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight: backlight: 88pm860x_bl: Use of_node_name_eq for node name comparisons backlight: pwm_bl: Fix devicetree parsing with auto-generated brightness tables backlight: pwm_bl: Re-add driver internal enabled tracking commit f672b93e4a0a4947d2e1103ed8780e01e13eadb6 Author: Julia Lawall Date: Sun Jan 13 10:44:51 2019 +0100 drm/meson: add missing of_node_put Add an of_node_put when the result of of_graph_get_remote_port_parent is not available. An of_node_put is also needed when meson_probe_remote completes. This was present at the recursive call, but not in the call from meson_drv_probe. The semantic match that finds this problem is as follows (http://coccinelle.lip6.fr): // @r exists@ local idexpression e; expression x; @@ e = of_graph_get_remote_port_parent(...); ... when != x = e when != true e == NULL when != of_node_put(e) when != of_fwnode_handle(e) ( return e; | *return ...; ) // Signed-off-by: Julia Lawall Acked-by: Neil Armstrong Signed-off-by: Neil Armstrong Link: https://patchwork.freedesktop.org/patch/msgid/1547372691-28324-4-git-send-email-Julia.Lawall@lip6.fr commit 5268c8f39e0efef81af2aaed160272d9eb507beb Author: Talons Lee Date: Mon Dec 10 18:03:00 2018 +0800 always clear the X2APIC_ENABLE bit for PV guest Commit e657fcc clears cpu capability bit instead of using fake cpuid value, the EXTD should always be off for PV guest without depending on cpuid value. So remove the cpuid check in xen_read_msr_safe() to always clear the X2APIC_ENABLE bit. Signed-off-by: Talons Lee Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky commit 6251691a92170d3a781aaf7b5f2c31b50d669809 Author: Marcos Paulo de Souza Date: Mon Jan 14 06:31:56 2019 -0700 md: Make bio_alloc_mddev use bio_alloc_bioset bio_alloc_bioset returns a bio pointer or NULL, so we can avoid storing the returned data into a new variable. Acked-by: Guoqing Jiang Acked-by: Artur Paszkiewicz Signed-off-by: Marcos Paulo de Souza Signed-off-by: Jens Axboe commit 5bf859081f6a7575a3f7509d7a70d0a9baa88ce3 Author: Paolo Valente Date: Thu Dec 6 19:18:19 2018 +0100 block, bfq: fix comments on __bfq_deactivate_entity Comments on function __bfq_deactivate_entity contains two imprecise or wrong statements: 1) The function performs the deactivation of the entity. 2) The function must be invoked only if the entity is on a service tree. This commits replaces both statements with the correct ones: 1) The functions updates sched_data and service trees for the entity, so as to represent entity as inactive (which is only part of the steps needed for the deactivation of the entity). 2) The function must be invoked on every entity being deactivated. Signed-off-by: Paolo Valente Signed-off-by: Jens Axboe commit 2314e879747e82896f51cce4488f6a00f3e1af7b Author: Henry Yen Date: Mon Jan 14 17:59:43 2019 +0800 netfilter: nft_flow_offload: fix checking method of conntrack helper This patch uses nfct_help() to detect whether an established connection needs conntrack helper instead of using test_bit(IPS_HELPER_BIT, &ct->status). The reason is that IPS_HELPER_BIT is only set when using explicit CT target. However, in the case that a device enables conntrack helper via command "echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper", the status of IPS_HELPER_BIT will not present any change, and consequently it loses the checking ability in the context. Signed-off-by: Henry Yen Reviewed-by: Ryder Lee Tested-by: John Crispin Signed-off-by: Pablo Neira Ayuso commit b318e3ff7ca065d6b107e424c85a63d7a6798a69 Author: Gerd Hoffmann Date: Thu Jan 10 12:15:45 2019 +0100 drm/virtio: drop prime import/export callbacks Also set prime_handle_to_fd and prime_fd_to_handle to NULL, so drm will not advertive DRM_PRIME_CAP_{IMPORT,EXPORT} to userspace. Signed-off-by: Gerd Hoffmann Reviewed-by: Oleksandr Andrushchenko Reviewed-by: Dave Airlie Link: http://patchwork.freedesktop.org/patch/msgid/20190110111545.26768-1-kraxel@redhat.com commit f4c34b1e2a37d5676180901fa6ff188bcb6371f8 Author: Gerd Hoffmann Date: Thu Jan 10 09:17:50 2019 +0100 drm/qxl: drop prime import/export callbacks Also set prime_handle_to_fd and prime_fd_to_handle to NULL, so drm will not advertive DRM_PRIME_CAP_{IMPORT,EXPORT} to userspace. Signed-off-by: Gerd Hoffmann Reviewed-by: Dave Airlie Link: http://patchwork.freedesktop.org/patch/msgid/20190110081750.11358-1-kraxel@redhat.com commit ba0a64bcf8fc491f73e4646069d97abb4374beb3 Author: Colin Xu Date: Fri Jan 11 14:25:54 2019 +0800 drm/i915/gvt: Allow F_CMD_ACCESS on mmio 0x21f0 The newly updated guest driver could program 0x21f0 via lri and srm, without F_CMD_ACCESS flag cmd parser will stop parser reset cmd. 0x21f0 applies to BDW, SKL, KBL, BXT and CFL. Reviewed-by: Yan Zhao Signed-off-by: Colin Xu Signed-off-by: Zhenyu Wang commit bd352a739fde9834d48379e8eca428fe897144ac Author: Masahiro Yamada Date: Mon Jan 14 12:16:45 2019 +0900 kbuild: remove unused baseprereq Commit eea199b445f6 ("kbuild: remove unnecessary LEX_PREFIX and YACC_PREFIX") removed the last users of this macro. Signed-off-by: Masahiro Yamada commit 16fd20aa98080c2fa666dc384036ec08c80af710 Author: Paul Burton Date: Fri Jan 11 19:06:44 2019 +0000 kbuild: Disable LD_DEAD_CODE_DATA_ELIMINATION with ftrace & GCC <= 4.7 When building using GCC 4.7 or older, -ffunction-sections & the -pg flag used by ftrace are incompatible. This causes warnings or build failures (where -Werror applies) such as the following: arch/mips/generic/init.c: error: -ffunction-sections disabled; it makes profiling impossible This used to be taken into account by the ordering of calls to cc-option from within the top-level Makefile, which was introduced by commit 90ad4052e85c ("kbuild: avoid conflict between -ffunction-sections and -pg on gcc-4.7"). Unfortunately this was broken when the CONFIG_LD_DEAD_CODE_DATA_ELIMINATION cc-option check was moved to Kconfig in commit e85d1d65cd8a ("kbuild: test dead code/data elimination support in Kconfig"), because the flags used by this check no longer include -pg. Fix this by not allowing CONFIG_LD_DEAD_CODE_DATA_ELIMINATION to be enabled at the same time as ftrace/CONFIG_FUNCTION_TRACER when building using GCC 4.7 or older. Signed-off-by: Paul Burton Fixes: e85d1d65cd8a ("kbuild: test dead code/data elimination support in Kconfig") Reported-by: Geert Uytterhoeven Cc: Nicholas Piggin Cc: stable@vger.kernel.org # v4.19+ Signed-off-by: Masahiro Yamada commit 2648ca1859bb48cacdbbaf60bbc0bfef74f13330 Author: Masahiro Yamada Date: Fri Jan 11 11:51:48 2019 +0900 kconfig: clean generated *conf-cfg files I accidentally dropped '*' in the previous renaming patch. Revive it so that 'make mrproper' can clean the generated files. Fixes: d86271af6460 ("kconfig: rename generated .*conf-cfg to *conf-cfg") Signed-off-by: Masahiro Yamada commit 1c7fc5cbc33980acd13d668f1c8f0313d6ae9fd8 Author: Linus Torvalds Date: Mon Jan 14 10:41:12 2019 +1200 Linux 5.0-rc2 commit b7285b425318331c2de4af2a784a18e6dccef484 Author: Jonathan Neuschäfer Date: Sat Jan 12 18:14:30 2019 +0100 kernel/sys.c: Clarify that UNAME26 does not generate unique versions anymore UNAME26 is a mechanism to report Linux's version as 2.6.x, for compatibility with old/broken software. Due to the way it is implemented, it would have to be updated after 5.0, to keep the resulting versions unique. Linus Torvalds argued: "Do we actually need this? I'd rather let it bitrot, and just let it return random versions. It will just start again at 2.4.60, won't it? Anybody who uses UNAME26 for a 5.x kernel might as well think it's still 4.x. The user space is so old that it can't possibly care about differences between 4.x and 5.x, can it? The only thing that matters is that it shows "2.4.", which it will do regardless" Signed-off-by: Jonathan Neuschäfer Signed-off-by: Linus Torvalds commit dbc3c09b819f2bd42460b148e55ac5a9d83aaeaf Merge: 6b529fb0a3eab 465612178b448 Author: Linus Torvalds Date: Mon Jan 14 10:34:14 2019 +1200 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "A bigger batch than I anticipated this week, for two reasons: - Some fallout on Davinci from board file -> DTB conversion, that also includes a few longer-standing fixes (i.e. not recent regressions). - drivers/reset material that has been in linux-next for a while, but didn't get sent to us until now for a variety of reasons (maintainer out sick, holidays, etc). There's a functional dependency in there such that one platform (Altera's SoCFPGA) won't boot without one of the patches; instead of reverting the patch that got merged, I looked at this set and decided it was small enough that I'll pick it up anyway. If you disagree I can revisit with a smaller set. That being said, there's also a handful of the usual stuff: - Fix for a crash on Armada 7K/8K when the kernel touches PSCI-reserved memory - Fix for PCIe reset on Macchiatobin (Armada 8K development board, what this email is sent from in fact :) - Enable a few new-merged modules for Amlogic in arm64 defconfig - Error path fixes on Integrator - Build fix for Renesas and Qualcomm - Initialization fix for Renesas RZ/G2E .. plus a few more fixlets" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (28 commits) ARM: integrator: impd1: use struct_size() in devm_kzalloc() qcom-scm: Include header gpio: pl061: handle failed allocations ARM: dts: kirkwood: Fix polarity of GPIO fan lines arm64: dts: marvell: mcbin: fix PCIe reset signal arm64: dts: marvell: armada-ap806: reserve PSCI area ARM: dts: da850-lcdk: Correct the sound card name ARM: dts: da850-lcdk: Correct the audio codec regulators ARM: dts: da850-evm: Correct the sound card name ARM: dts: da850-evm: Correct the audio codec regulators ARM: davinci: omapl138-hawk: fix label names in GPIO lookup entries ARM: davinci: dm644x-evm: fix label names in GPIO lookup entries ARM: davinci: dm355-evm: fix label names in GPIO lookup entries ARM: davinci: da850-evm: fix label names in GPIO lookup entries ARM: davinci: da830-evm: fix label names in GPIO lookup entries arm64: defconfig: enable modules for amlogic s400 sound card reset: uniphier-glue: Add AHCI reset control support in glue layer dt-bindings: reset: uniphier: Add AHCI core reset description reset: uniphier-usb3: Rename to reset-uniphier-glue dt-bindings: reset: uniphier: Replace the expression of USB3 with generic peripherals ... commit a17ce9960b3628b9f546c454741a1cad551d5695 Author: Julia Lawall Date: Sun Jan 13 09:47:43 2019 +0100 drm/rockchip: add missing of_node_put The device node iterators perform an of_node_get on each iteration, so a jump out of the loop requires an of_node_put. The semantic patch that fixes this problem is as follows (http://coccinelle.lip6.fr): // @@ expression root,e; local idexpression child; iterator name for_each_child_of_node; @@ for_each_child_of_node(root, child) { ... when != of_node_put(child) when != e = child + of_node_put(child); ? break; ... } ... when != child // Fixes: 1f0f01515172 ("drm/rockchip: Add support for Rockchip Soc RGB output interface") Cc: stable@vger.kernel.org Signed-off-by: Julia Lawall [added fixes and cc-stable] Signed-off-by: Heiko Stuebner Link: https://patchwork.freedesktop.org/patch/msgid/1547369264-24831-4-git-send-email-Julia.Lawall@lip6.fr commit 6b529fb0a3eabf9c4cc3e94c11477250379ce6d8 Merge: 72d657dd21158 1b3922a8bc742 Author: Linus Torvalds Date: Mon Jan 14 05:55:51 2019 +1200 Merge tag 'for-5.0-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs fixes from David Sterba: - two regression fixes in clone/dedupe ioctls, the generic check callback needs to lock extents properly and wait for io to avoid problems with writeback and relocation - fix deadlock when using free space tree due to block group creation - a recently added check refuses a valid fileystem with seeding device, make that work again with a quickfix, proper solution needs more intrusive changes * tag 'for-5.0-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: Use real device structure to verify dev extent Btrfs: fix deadlock when using free space tree due to block group creation Btrfs: fix race between reflink/dedupe and relocation Btrfs: fix race between cloning range ending at eof and writeback commit 72d657dd2115804b93bde4b77e426cc2de70eebf Merge: f7c1038bc7597 735df0ff6ece7 Author: Linus Torvalds Date: Mon Jan 14 05:51:08 2019 +1200 Merge tag 'driver-core-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fixes from Greg KH: "Here is one small sysfs change, and a documentation update for 5.0-rc2 The sysfs change moves from using BUG_ON to WARN_ON, as discussed in an email thread on lkml while trying to track down another driver bug. sysfs should not be crashing and preventing people from seeing where they went wrong. Now it properly recovers and warns the developer. The documentation update removes the use of BUS_ATTR() as the kernel is moving away from this to use the specific BUS_ATTR_RW() and friends instead. There are pending patches in all of the different subsystems to remove the last users of this macro, but for now, don't advertise it should be used anymore to keep new ones from being introduced. Both have been in linux-next with no reported issues" * tag 'driver-core-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: Documentation: driver core: remove use of BUS_ATTR sysfs: convert BUG_ON to WARN_ON commit f7c1038bc7597af5d6809c5b3e0352627cef5c07 Merge: 437e878a6c480 06382deac2b8a Author: Linus Torvalds Date: Mon Jan 14 05:49:35 2019 +1200 Merge tag 'staging-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging driver fixes from Greg KH: "Here are some small staging driver fixes for some reported issues. One reverts a patch that was made to the rtl8723bs driver that turned out to not be needed at all as it was a bug in clang. The others fix up some reported issues in the rtl8188eu driver and update the MAINTAINERS file to point to Larry for this driver so he can get the bug reports easier. All have been in linux-next with no reported issues" * tag 'staging-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: Revert "staging: rtl8723bs: Mark ACPI table declaration as used" staging: rtl8188eu: Fix module loading from tasklet for WEP encryption staging: rtl8188eu: Fix module loading from tasklet for CCMP encryption MAINTAINERS: Add entry for staging driver r8188eu commit 437e878a6c48028273e4b06be7e09d235b189e62 Merge: 1dd8a3f6c6197 d3736d82e8169 Author: Linus Torvalds Date: Mon Jan 14 05:47:48 2019 +1200 Merge tag 'tty-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg KH: "Here are 2 tty and serial fixes for 5.0-rc2 that resolve some reported issues. The first is a simple serial driver fix for a regression that showed up in 5.0-rc1. The second one resolves a number of reported issues with the recent tty locking fixes that went into 5.0-rc1. Lots of people have tested the second one and say it resolves their issues. Both have been in linux-next with no reported issues" * tag 'tty-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: Don't hold ldisc lock in tty_reopen() if ldisc present serial: lantiq: Do not swap register read/writes commit 1dd8a3f6c619723ab442d6a27247d2f2153f3b11 Merge: 0f9d140a56653 b9fcb0e6b7052 Author: Linus Torvalds Date: Mon Jan 14 05:45:28 2019 +1200 Merge tag 'usb-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some small USB driver fixes and quirk updates for 5.0-rc2. The majority here are some quirks for some storage devices to get them to work properly. There's also a fix here to resolve the reported issues with some audio devices that say they are UAC3 compliant, but really are not. And a fix up for the MAINTAINERS file to remove a dead url. All have been in linux-next with no reported issues" * tag 'usb-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb: storage: Remove outdated URL from MAINTAINERS USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB usbcore: Select only first configuration for non-UAC3 compliant devices USB: storage: add quirk for SMI SM3350 USB: storage: don't insert sane sense for SPC3+ when bad sense specified usb: cdc-acm: send ZLP for Telit 3G Intel based modems commit 0f9d140a566532175b4555401ee47ed58b01f9c9 Merge: e1706720408e7 48d2ba6257013 Author: Linus Torvalds Date: Mon Jan 14 05:43:40 2019 +1200 Merge tag '5.0-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "A set of cifs/smb3 fixes, 4 for stable, most from Pavel. His patches fix an important set of crediting (flow control) problems, and also two problems in cifs_writepages, ddressing some large i/o and also compounding issues" * tag '5.0-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: update internal module version number CIFS: Fix error paths in writeback code CIFS: Move credit processing to mid callbacks for SMB3 CIFS: Fix credits calculation for cancelled requests cifs: Fix potential OOB access of lock element array cifs: Limit memory used by lock request calls to a page cifs: move large array from stack to heap CIFS: Do not hide EINTR after sending network packets CIFS: Fix credit computation for compounded requests CIFS: Do not set credits to 1 if the server didn't grant anything CIFS: Fix adjustment of credits for MTU requests cifs: Fix a tiny potential memory leak cifs: Fix a debug message commit 465612178b44840b2066e62c3bcfae80862011d4 Merge: 56acb3ef76177 d0c2d2101b4c1 Author: Olof Johansson Date: Sat Jan 12 22:06:54 2019 -0800 Merge tag 'reset-for-5.0-rc2' of git://git.pengutronix.de/git/pza/linux into fixes Late reset controller changes for v5.0 This adds missing deassert functionality to the ARC HSDK reset driver, fixes some indentation and grammar issues in the kernel docs, adds a helper to count the number of resets on a device for the non-DT case as well, adds an early reset driver for SoCFPGA and simple reset driver support for Stratix10, and generalizes the uniphier USB3 glue layer reset to also cover AHCI. * tag 'reset-for-5.0-rc2' of git://git.pengutronix.de/git/pza/linux: reset: uniphier-glue: Add AHCI reset control support in glue layer dt-bindings: reset: uniphier: Add AHCI core reset description reset: uniphier-usb3: Rename to reset-uniphier-glue dt-bindings: reset: uniphier: Replace the expression of USB3 with generic peripherals ARM: socfpga: dts: document "altr,stratix10-rst-mgr" binding reset: socfpga: add an early reset driver for SoCFPGA reset: fix null pointer dereference on dev by dev_name reset: Add reset_control_get_count() reset: Improve reset controller kernel docs ARC: HSDK: improve reset driver Signed-off-by: Olof Johansson commit 56acb3ef76177a5aabe6613bf27348d34f1e65c0 Merge: 2ec472edcd729 b5f034845e709 Author: Olof Johansson Date: Sat Jan 12 22:03:59 2019 -0800 Merge tag 'mvebu-fixes-5.0-1' of git://git.infradead.org/linux-mvebu into fixes mvebu fixes for 5.0 They are all device tree fixes which also worth being in stable: - Reserve PSCI area on Armada 7K/8K preventing the kernel accessing this area and crashing while doing it. - Use correct PCIe reset signal on MACCHIATOBin (Armada 8040 based) - Fix polarity of GPIO fan line D-Link DNS NASes(kikwood based) * tag 'mvebu-fixes-5.0-1' of git://git.infradead.org/linux-mvebu: ARM: dts: kirkwood: Fix polarity of GPIO fan lines arm64: dts: marvell: mcbin: fix PCIe reset signal arm64: dts: marvell: armada-ap806: reserve PSCI area Signed-off-by: Olof Johansson commit 2ec472edcd72947b031ec998d646dd7a6be958dd Merge: 431a8b73de584 21face6f0d4d0 Author: Olof Johansson Date: Sat Jan 12 22:03:18 2019 -0800 Merge tag 'integrator-fixes-armsoc' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-integrator into fixes Fixes for the Integrator: - Handle failed allocations in the IM/PC bus attachment. - Use struct_size() for allocation. * tag 'integrator-fixes-armsoc' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-integrator: ARM: integrator: impd1: use struct_size() in devm_kzalloc() gpio: pl061: handle failed allocations Signed-off-by: Olof Johansson commit 431a8b73de58448227515767c757cb6731ab5854 Merge: f4f8aa6de35a8 19a220dd1e8a1 Author: Olof Johansson Date: Sat Jan 12 22:02:28 2019 -0800 Merge tag 'amlogic-fixes' of https://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic into fixes Amlogic DT fixes for v5.0-rc - arm64: defconfig: enable modules for amlogic s400 sound card * tag 'amlogic-fixes' of https://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic: arm64: defconfig: enable modules for amlogic s400 sound card Signed-off-by: Olof Johansson commit f4f8aa6de35a86c2207fca0f4c48542ce4ef9e14 Merge: 98a5f673119b9 2076607a20bd4 Author: Olof Johansson Date: Sat Jan 12 22:01:49 2019 -0800 Merge tag 'qcom-fixes-for-5.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux into fixes Qualcomm Driver Fixes for 5.0-rc1 * Add required includes into qcom_scm.h * tag 'qcom-fixes-for-5.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux: qcom-scm: Include header Signed-off-by: Olof Johansson commit 98a5f673119b918272894fe3fecf5136fe786e13 Merge: 70bf439a9492e c25748acc5c20 Author: Olof Johansson Date: Sat Jan 12 22:00:36 2019 -0800 Merge tag 'davinci-fixes-for-v5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci into fixes This pull request fixes some more regressions on legacy DaVinci board support due to GPIO driver clean-up introduced in v4.20 kernel. These are marked for stable. Also has fixes for some long standing Audio issues on DA850 boards. * tag 'davinci-fixes-for-v5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci: ARM: dts: da850-lcdk: Correct the sound card name ARM: dts: da850-lcdk: Correct the audio codec regulators ARM: dts: da850-evm: Correct the sound card name ARM: dts: da850-evm: Correct the audio codec regulators ARM: davinci: omapl138-hawk: fix label names in GPIO lookup entries ARM: davinci: dm644x-evm: fix label names in GPIO lookup entries ARM: davinci: dm355-evm: fix label names in GPIO lookup entries ARM: davinci: da850-evm: fix label names in GPIO lookup entries ARM: davinci: da830-evm: fix label names in GPIO lookup entries Signed-off-by: Olof Johansson commit 70bf439a9492e7687bf2b9e8576f609160b21200 Merge: bfeffd1552837 a64597227d0de Author: Olof Johansson Date: Sat Jan 12 21:59:42 2019 -0800 Merge tag 'renesas-fixes-for-v5.0' of https://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into fixes Renesas ARM Based SoC Fixes for v5.0 Renesas SoCs: * Fix build regressions caused by move of Kconfig symbols RZ/G2E (r8a774c0) SoC: * Correct initialization order of 3DG-{A,B} in SYSC driver * tag 'renesas-fixes-for-v5.0' of https://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas: soc: renesas: r8a774c0-sysc: Fix initialization order of 3DG-{A,B} ARM: shmobile: fix build regressions Signed-off-by: Olof Johansson commit e1706720408e72fb883f6b151c2b3b23d8e7e5b2 Author: John Hubbard Date: Sat Jan 12 17:29:09 2019 -0800 phy: fix build breakage: add PHY_MODE_SATA Commit 49e54187ae0b ("ata: libahci_platform: comply to PHY framework") uses the PHY_MODE_SATA, but that enum had not yet been added. This caused a build failure for me, with today's linux.git. Also, there is a potentially conflicting (mis-named) PHY_MODE_SATA, hiding in the Marvell Berlin SATA PHY driver. Fix the build by: 1) Renaming Marvell's defined value to a more scoped name, in order to avoid any potential conflicts: PHY_BERLIN_MODE_SATA. 2) Adding the missing enum, which was going to be added anyway as part of [1]. [1] https://lkml.kernel.org/r/20190108163124.6409-3-miquel.raynal@bootlin.com Fixes: 49e54187ae0b ("ata: libahci_platform: comply to PHY framework") Signed-off-by: John Hubbard Acked-by: Jens Axboe Acked-by: Olof Johansson Cc: Grzegorz Jaszczyk Cc: Miquel Raynal Cc: Hans de Goede Signed-off-by: Linus Torvalds commit b8c3b8992ff2827482ac1543f84f5024a72c4f2e Merge: 66c56cfa64d9d bde0b5c109e8b Author: Linus Torvalds Date: Sat Jan 12 13:40:51 2019 -0800 Merge tag 'for-linus-20190112' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: - NVMe pull request from Christoph, with little fixes all over the map - Loop caching fix for offset/bs change (Jaegeuk Kim) - Block documentation tweaks (Jeff, Jon, Weiping, John) - null_blk zoned tweak (John) - ahch mvebu suspend/resume support. Should have gone into the merge window, but there was some confusion on which tree had it. (Miquel) * tag 'for-linus-20190112' of git://git.kernel.dk/linux-block: (22 commits) ata: ahci: mvebu: request PHY suspend/resume for Armada 3700 ata: ahci: mvebu: add Armada 3700 initialization needed for S2RAM ata: ahci: mvebu: do Armada 38x configuration only on relevant SoCs ata: ahci: mvebu: remove stale comment ata: libahci_platform: comply to PHY framework loop: drop caches if offset or block_size are changed block: fix kerneldoc comment for blk_attempt_plug_merge() nvme: don't initlialize ctrl->cntlid twice nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN nvme: pad fake subsys NQN vid and ssvid with zeros nvme-multipath: zero out ANA log buffer nvme-fabrics: unset write/poll queues for discovery controllers nvme-tcp: don't ask if controller is fabrics nvme-tcp: remove dead code nvme-pci: fix out of bounds access in nvme_cqe_pending nvme-pci: rerun irq setup on IO queue init errors nvme-pci: use the same attributes when freeing host_mem_desc_bufs. nvme-pci: fix the wrong setting of nr_maps block: doc: add slice_idle_us to bfq documentation block: clarify documentation for blk_{start|finish}_plug ... commit 66c56cfa64d9dbb9efa8a06c1aece77e8d57ea19 Merge: 473348891c36f dfd32cad146e3 Author: Linus Torvalds Date: Sat Jan 12 10:52:40 2019 -0800 Merge tag 'remove-dma_zalloc_coherent-5.0' of git://git.infradead.org/users/hch/dma-mapping Pull dma_zalloc_coherent() removal from Christoph Hellwig: "We've always had a weird situation around dma_zalloc_coherent. To safely support mapping the allocations to userspace major architectures like x86 and arm have always zeroed allocations from dma_alloc_coherent, but a couple other architectures were missing that zeroing either always or in corner cases. Then later we grew anothe dma_zalloc_coherent interface to explicitly request zeroing, but that just added __GFP_ZERO to the allocation flags, which for some allocators that didn't end up using the page allocator ended up being a no-op and still not zeroing the allocations. So for this merge window I fixed up all remaining architectures to zero the memory in dma_alloc_coherent, and made dma_zalloc_coherent a no-op wrapper around dma_alloc_coherent, which fixes all of the above issues. dma_zalloc_coherent is now pointless and can go away, and Luis helped me writing a cocchinelle script and patch series to kill it, which I think we should apply now just after -rc1 to finally settle these issue" * tag 'remove-dma_zalloc_coherent-5.0' of git://git.infradead.org/users/hch/dma-mapping: dma-mapping: remove dma_zalloc_coherent() cross-tree: phase out dma_zalloc_coherent() on headers cross-tree: phase out dma_zalloc_coherent() commit 2f960bd0564081ff85d2eea54890b0d2356934f8 Merge: 8d008e64a2ebe 6ef982dec7eda Author: David S. Miller Date: Sat Jan 12 10:51:39 2019 -0800 Merge branch 'bnxt_en-Bug-fixes-for-57500-chips' Michael Chan says: ==================== bnxt_en: Bug fixes for 57500 chips. Two small bug fixes for ring checking and context memory allocation that affect the new 57500 chips. ==================== Signed-off-by: David S. Miller commit 6ef982dec7eda9affa81a2bb84f75441deb56d06 Author: Michael Chan Date: Sat Jan 12 00:13:05 2019 -0500 bnxt_en: Fix context memory allocation. When allocating memory pages for context memory, if the last page table should be fully populated, the current code will set nr_pages to 0 when calling bnxt_alloc_ctx_mem_blk(). This will cause the last page table to be completely blank and causing some RDMA failures. Fix it by setting the last page table's nr_pages to the remainder only if it is non-zero. Fixes: 08fe9d181606 ("bnxt_en: Add Level 2 context memory paging support.") Reported-by: Eric Davis Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 0b815023a1d479aa8f8851ee880d5388e53b7ae5 Author: Michael Chan Date: Sat Jan 12 00:13:04 2019 -0500 bnxt_en: Fix ring checking logic on 57500 chips. In bnxt_hwrm_check_pf_rings(), add the proper flag to test the NQ resources. Without the proper flag, the firmware will change the NQ resource allocation and remap the IRQ, causing missing IRQs. This issue shows up when adding MQPRIO TX queues, for example. Fixes: 36d65be9a880 ("bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings.") Signed-off-by: Michael Chan Signed-off-by: David S. Miller commit 473348891c36ff6de3e224fefa0b3fc86a629178 Merge: 7b5c8f5226bd0 826c1362e79ab Author: Linus Torvalds Date: Sat Jan 12 10:39:43 2019 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Radim Krčmář: "Minor fixes for new code, corner cases, and documentation" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: x86/kvm/nVMX: don't skip emulated instruction twice when vmptr address is not backed Documentation/virtual/kvm: Update URL for AMD SEV API specification KVM/VMX: Avoid return error when flush tlb successfully in the hv_remote_flush_tlb_with_range() kvm: sev: Fail KVM_SEV_INIT if already initialized KVM: validate userspace input in kvm_clear_dirty_log_protect() KVM: x86: Fix bit shifting in update_intel_pt_cfg commit 7b5c8f5226bd0eb77da8a055f43b2f1a06e92ba8 Merge: 4b3c31c8d4dda e2d3c414ec0f9 Author: Linus Torvalds Date: Sat Jan 12 10:30:43 2019 -0800 Merge tag 'drm-fixes-2019-01-11-1' of git://anongit.freedesktop.org/drm/drm Pull more drm fixes from Daniel Vetter: "Dave sends out his pull, everybody remembers holidays are over :-) Since Dave's already in weekend mode and it was quite a few patches I figured better to apply all the pulls and forward them to you. Hence here 2nd part of bugfixes for -rc2. nouveau: - backlight fix - falcon register access fix - fan fix. i915: - Disable PSR for Apple panels - Broxton ERR_PTR error state fix - Kabylake VECS workaround fix - Unwind failure on pinning the gen7 ppgtt - GVT workload request allocation fix core: - Fix fb-helper to work correctly with SDL 1.2 bugs - Fix lockdep warning in the atomic ioctl and setproperty" * tag 'drm-fixes-2019-01-11-1' of git://anongit.freedesktop.org/drm/drm: drm/nouveau/falcon: avoid touching registers if engine is off drm/nouveau: Don't disable polling in fallback mode drm/nouveau: register backlight on pascal and newer drm: Fix documentation generation for DP_DPCD_QUIRK_NO_PSR drm/i915: init per-engine WAs for all engines drm/i915: Unwind failure on pinning the gen7 ppgtt drm/i915: Skip the ERR_PTR error state drm/i915: Disable PSR in Apple panels gpu/drm: Fix lock held when returning to user space. drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 drm/i915/gvt: Fix workload request allocation before request add commit 9e8f1c79831424d30c0e3df068be7f4a244157c9 Author: Varun Prakash Date: Thu Jan 10 23:29:28 2019 +0530 scsi: cxgb4i: add wait_for_completion() In case of ->set_param() and ->bind_conn() cxgb4i driver does not wait for cmd completion, this can create race conditions, to avoid this add wait_for_completion(). Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen commit 4a01ab60f55041b1ccc760e43258a5b3aeeca1bc Author: Thomas Bogendoerfer Date: Wed Jan 9 15:09:02 2019 +0100 scsi: qla1280: set 64bit coherent mask After Commit 54aed4dd3526 ("MIPS: IP27: use dma_direct_ops") qla1280 driver failed on SGI IP27 machines with qla1280: QLA1040 found on PCI bus 0, dev 0 qla1280 0000:00:00.0: enabling device (0006 -> 0007) qla1280: Failed to get request memory qla1280: probe of 0000:00:00.0 failed with error -12 Reason is that SGI IP27 always generates 64bit DMA addresses and has no fallback mode for 32bit DMA addresses implemented. QLA1280 supports 64bit addressing for all DMA accesses so setting coherent mask to 64bit fixes the issue. Signed-off-by: Thomas Bogendoerfer Signed-off-by: Martin K. Petersen commit 9be9db9f78f52ef03ee90063730cb9d730e7032b Author: Avri Altman Date: Thu Jan 10 13:31:26 2019 +0200 scsi: ufs: Fix geometry descriptor size Albeit we no longer rely on those hard-coded descriptor sizes, we still use them as our defaults, so better get it right. While adding its sysfs entries, we forgot to update the geometry descriptor size. It is 0x48 according to UFS2.1, and wasn't changed in UFS3.0. [mkp: typo] Fixes: c720c091222e (scsi: ufs: sysfs: geometry descriptor) Signed-off-by: Avri Altman Signed-off-by: Martin K. Petersen commit c65bfc8163696dd171e081488b0321beb630b708 Author: Shivasharan S Date: Wed Jan 9 05:08:37 2019 -0800 scsi: megaraid_sas: Retry reads of outbound_intr_status reg commit 272652fcbf1a ("scsi: megaraid_sas: add retry logic in megasas_readl") missed changing readl to megasas_readl in megasas_clear_intr_fusion(). For Aero controllers, reads of outbound_intr_status register needs to be retried. Reported-by: Tomas Henzl Signed-off-by: Shivasharan S Signed-off-by: Martin K. Petersen commit 34a2ce887668db9dda4b56e6f155c49ac13f3e54 Author: Manish Rangankar Date: Wed Jan 9 01:39:07 2019 -0800 scsi: qedi: Add ep_state for login completion on un-reachable targets When the driver finds invalid destination MAC for the first un-reachable target, and before completes the PATH_REQ operation, set new ep_state to OFFLDCONN_NONE so that as part of driver ep_poll mechanism, the upper open-iscsi layer is notified to complete the login process on the first un-reachable target and thus proceed login to other reachable targets. Signed-off-by: Manish Rangankar Signed-off-by: Martin K. Petersen commit ce9e7bce43526626f7cffe2e657953997870197e Author: Stanley Chu Date: Mon Jan 7 22:19:34 2019 +0800 scsi: ufs: Fix system suspend status hba->is_sys_suspended is set after successful system suspend but not clear after successful system resume. According to current behavior, hba->is_sys_suspended will not be set if host is runtime-suspended but not system-suspended. Thus we shall aligh the same policy: clear this flag even if host remains runtime-suspended after ufshcd_system_resume is successfully returned. Simply fix this flag to correct host status logs. Signed-off-by: Stanley Chu Reviewed-by: Avri Altman Signed-off-by: Martin K. Petersen commit f0783d43dde4bb349fcd667df0afabbdbab8b477 Author: Ming Lei Date: Fri Jan 11 09:40:47 2019 -0800 scsi: qla2xxx: Use correct number of vectors for online CPUs When SCSI-MQ is enabled, in some case system would present nr_possible_cpus() which is greater than requested vectors by the driver. This results into driver being able to get larger number of MSI-X vectors than actual online CPUs. Driver then uses pci_alloc_irq_vectors_affinity() to assign 1:1 mapping and affinity for each MSI-x vector to CPUs. When the command is submitted using MSI-x vector, assigned to offline CPU, it results in an ABTS and system hang. This hang is result of a driver not being able to process interrupt on a vector assigned to an Off-line CPUs This patch fixes this issue by setting irq_offset value for the blk_mq_pci_map_queues() to use only those CPUs which has CPU mask affinity assigned and are online. By using the irq_offset value, driver will allow online cpumask to decide which vectors are used in blk_mq_pci_map_queues(). Fixes: 5601236b6f794 ("scsi: qla2xxx: Add Block Multi Queue functionality.") Cc: #4.19 Signed-off-by: Ming Lei Reviewed-by: Himanshu Madhani Tested-by: Himanshu Madhani Reviewed-by: Ewan D. Milne Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen commit 8d008e64a2ebe6567c3f5e048b05842a0297350b Author: Gustavo A. R. Silva Date: Tue Jan 8 15:27:05 2019 -0600 mISDN: hfcsusb: Use struct_size() in kzalloc() One of the more common cases of allocation size calculations is finding the size of a structure that has a zero-sized array at the end, along with memory for some number of elements for that array. For example: struct foo { int stuff; void *entry[]; }; instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL); Instead of leaving these open-coded and prone to type mistakes, we can now use the new struct_size() helper: instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL); This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller commit 7bb25a89aad2cc96de188c9ecc89a175360f6fb4 Author: John Garry Date: Thu Jan 10 21:32:41 2019 +0800 scsi: hisi_sas: Set protection parameters prior to adding SCSI host Currently we set the protection parameters after calling scsi_add_host() for v3 hw. They should be set beforehand, so make this change. Appearantly this fixes our DIX issue (not mainline yet) also, but more testing required. Fixes: d6a9000b81be ("scsi: hisi_sas: Add support for DIF feature for v2 hw") Signed-off-by: John Garry Signed-off-by: Martin K. Petersen commit 41d1c8839e5f8cb781cc635f12791decee8271b7 Author: Paolo Abeni Date: Tue Jan 8 18:45:05 2019 +0100 net: clear skb->tstamp in bridge forwarding path Matteo reported forwarding issues inside the linux bridge, if the enslaved interfaces use the fq qdisc. Similar to commit 8203e2d844d3 ("net: clear skb->tstamp in forwarding paths"), we need to clear the tstamp field in the bridge forwarding path. Fixes: 80b14dee2bea ("net: Add a new socket option for a future transmit time.") Fixes: fb420d5d91c1 ("tcp/fq: move back to CLOCK_MONOTONIC") Reported-and-tested-by: Matteo Croce Signed-off-by: Paolo Abeni Acked-by: Nikolay Aleksandrov Acked-by: Roopa Prabhu Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit 3f4261d4e62fb2fe7eb5238b12fb22f06aed6e21 Merge: 2ff33d6637393 71a8508402b57 Author: David S. Miller Date: Fri Jan 11 18:05:41 2019 -0800 Merge branch 'bpfilter-fixes' Taehee Yoo says: ==================== net: bpfilter: fix two bugs in bpfilter This patches fix two bugs in the bpfilter_umh which are related in iptables command. The first patch adds an exit code for UMH process. This provides an opportunity to cleanup members of the umh_info to modules which use the UMH. In order to identify UMH processes, a new flag PF_UMH is added. The second patch makes the bpfilter_umh use UMH cleanup callback. The third patch adds re-start routine for the bpfilter_umh. The bpfilter_umh does not re-start after error occurred. because there is no re-start routine in the module. The fourth patch ensures that the bpfilter.ko module will not removed while it's being used. The bpfilter.ko is not protected by locks or module reference counter. Therefore that can be removed while module is being used. In order to protect that, mutex is used. The first and second patch are preparation patches for the third and fourth patch. TEST #1 while : do modprobe bpfilter kill -9 iptables -vnL done TEST #2 while : do iptables -I FORWARD -m string --string ap --algo kmp & iptables -F & modprobe -rv bpfilter & done TEST #3 while : do modprobe bpfilter & modprobe -rv bpfilter & done The TEST1 makes a failure of iptables command. This is fixed by the third patch. The TEST2 makes a panic because of a race condition in the bpfilter_umh module. This is fixed by the fourth patch. The TEST3 makes a double-create UMH process. This is fixed by the third and fourth patch. v4 : - declare the exit_umh() as static inline - check stop flag in the load_umh() to avoid a double-create UMH v3 : - Avoid unnecessary list lookup for non-UMH processes - Add a new PF_UMH flag v2 : add the first and second patch v1 : Initial patch ==================== Signed-off-by: David S. Miller commit 71a8508402b570127d6500c1ad456bbd33ccf187 Author: Taehee Yoo Date: Wed Jan 9 02:25:10 2019 +0900 net: bpfilter: disallow to remove bpfilter module while being used The bpfilter.ko module can be removed while functions of the bpfilter.ko are executing. so panic can occurred. in order to protect that, locks can be used. a bpfilter_lock protects routines in the __bpfilter_process_sockopt() but it's not enough because __exit routine can be executed concurrently. Now, the bpfilter_umh can not run in parallel. So, the module do not removed while it's being used and it do not double-create UMH process. The members of the umh_info and the bpfilter_umh_ops are protected by the bpfilter_umh_ops.lock. test commands: while : do iptables -I FORWARD -m string --string ap --algo kmp & modprobe -rv bpfilter & done splat looks like: [ 298.623435] BUG: unable to handle kernel paging request at fffffbfff807440b [ 298.628512] #PF error: [normal kernel read fault] [ 298.633018] PGD 124327067 P4D 124327067 PUD 11c1a3067 PMD 119eb2067 PTE 0 [ 298.638859] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI [ 298.638859] CPU: 0 PID: 2997 Comm: iptables Not tainted 4.20.0+ #154 [ 298.638859] RIP: 0010:__mutex_lock+0x6b9/0x16a0 [ 298.638859] Code: c0 00 00 e8 89 82 ff ff 80 bd 8f fc ff ff 00 0f 85 d9 05 00 00 48 8b 85 80 fc ff ff 48 bf 00 00 00 00 00 fc ff df 48 c1 e8 03 <80> 3c 38 00 0f 85 1d 0e 00 00 48 8b 85 c8 fc ff ff 49 39 47 58 c6 [ 298.638859] RSP: 0018:ffff88810e7777a0 EFLAGS: 00010202 [ 298.638859] RAX: 1ffffffff807440b RBX: ffff888111bd4d80 RCX: 0000000000000000 [ 298.638859] RDX: 1ffff110235ff806 RSI: ffff888111bd5538 RDI: dffffc0000000000 [ 298.638859] RBP: ffff88810e777b30 R08: 0000000080000002 R09: 0000000000000000 [ 298.638859] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff168a42c [ 298.638859] R13: ffff888111bd4d80 R14: ffff8881040e9a05 R15: ffffffffc03a2000 [ 298.638859] FS: 00007f39e3758700(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000 [ 298.638859] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 298.638859] CR2: fffffbfff807440b CR3: 000000011243e000 CR4: 00000000001006f0 [ 298.638859] Call Trace: [ 298.638859] ? mutex_lock_io_nested+0x1560/0x1560 [ 298.638859] ? kasan_kmalloc+0xa0/0xd0 [ 298.638859] ? kmem_cache_alloc+0x1c2/0x260 [ 298.638859] ? __alloc_file+0x92/0x3c0 [ 298.638859] ? alloc_empty_file+0x43/0x120 [ 298.638859] ? alloc_file_pseudo+0x220/0x330 [ 298.638859] ? sock_alloc_file+0x39/0x160 [ 298.638859] ? __sys_socket+0x113/0x1d0 [ 298.638859] ? __x64_sys_socket+0x6f/0xb0 [ 298.638859] ? do_syscall_64+0x138/0x560 [ 298.638859] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 298.638859] ? __alloc_file+0x92/0x3c0 [ 298.638859] ? init_object+0x6b/0x80 [ 298.638859] ? cyc2ns_read_end+0x10/0x10 [ 298.638859] ? cyc2ns_read_end+0x10/0x10 [ 298.638859] ? hlock_class+0x140/0x140 [ 298.638859] ? sched_clock_local+0xd4/0x140 [ 298.638859] ? sched_clock_local+0xd4/0x140 [ 298.638859] ? check_flags.part.37+0x440/0x440 [ 298.638859] ? __lock_acquire+0x4f90/0x4f90 [ 298.638859] ? set_rq_offline.part.89+0x140/0x140 [ ... ] Fixes: d2ba09c17a06 ("net: add skeleton of bpfilter kernel module") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit 61fbf5933d42b02f552123af5a87a06335a3b4db Author: Taehee Yoo Date: Wed Jan 9 02:24:53 2019 +0900 net: bpfilter: restart bpfilter_umh when error occurred The bpfilter_umh will be stopped via __stop_umh() when the bpfilter error occurred. The bpfilter_umh() couldn't start again because there is no restart routine. The section of the bpfilter_umh_{start/end} is no longer .init.rodata because these area should be reused in the restart routine. hence the section name is changed to .bpfilter_umh. The bpfilter_ops->start() is restart callback. it will be called when bpfilter_umh is stopped. The stop bit means bpfilter_umh is stopped. this bit is set by both start and stop routine. Before this patch, Test commands: $ iptables -vnL $ kill -9 $ iptables -vnL [ 480.045136] bpfilter: write fail -32 $ iptables -vnL All iptables commands will fail. After this patch, Test commands: $ iptables -vnL $ kill -9 $ iptables -vnL $ iptables -vnL Now, all iptables commands will work. Fixes: d2ba09c17a06 ("net: add skeleton of bpfilter kernel module") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit 5b4cb650e569db2e6a09d2fa0ef8eb789a0ac5d8 Author: Taehee Yoo Date: Wed Jan 9 02:24:34 2019 +0900 net: bpfilter: use cleanup callback to release umh_info Now, UMH process is killed, do_exit() calls the umh_info->cleanup callback to release members of the umh_info. This patch makes bpfilter_umh's cleanup routine to use the umh_info->cleanup callback. Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit 73ab1cb2de9e3efe7f818d5453de271e5371df1d Author: Taehee Yoo Date: Wed Jan 9 02:23:56 2019 +0900 umh: add exit routine for UMH process A UMH process which is created by the fork_usermode_blob() such as bpfilter needs to release members of the umh_info when process is terminated. But the do_exit() does not release members of the umh_info. hence module which uses UMH needs own code to detect whether UMH process is terminated or not. But this implementation needs extra code for checking the status of UMH process. it eventually makes the code more complex. The new PF_UMH flag is added and it is used to identify UMH processes. The exit_umh() does not release members of the umh_info. Hence umh_info->cleanup callback should release both members of the umh_info and the private data. Suggested-by: David S. Miller Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller commit a94a2572b97744d3a35a1996df0e5cf6b2461a4a Author: Xiubo Li Date: Fri Nov 23 09:15:30 2018 +0800 scsi: tcmu: avoid cmd/qfull timers updated whenever a new cmd comes Currently there is one cmd timeout timer and one qfull timer for each udev, and whenever any new command is coming in we will update the cmd timer or qfull timer. For some corner cases the timers are always working only for the ringbuffer's and full queue's newest cmd. That's to say the timer won't be fired even if one cmd has been stuck for a very long time and the deadline is reached. This fix will keep the cmd/qfull timers to be pended for the oldest cmd in ringbuffer and full queue, and will update them with the next cmd's deadline only when the old cmd's deadline is reached or removed from the ringbuffer and full queue. Signed-off-by: Xiubo Li Acked-by: Mike Christie Signed-off-by: Martin K. Petersen commit 2ff33d6637393fe9348357285931811b76e1402f Author: Jia-Ju Bai Date: Tue Jan 8 21:04:48 2019 +0800 isdn: i4l: isdn_tty: Fix some concurrency double-free bugs The functions isdn_tty_tiocmset() and isdn_tty_set_termios() may be concurrently executed. isdn_tty_tiocmset isdn_tty_modem_hup line 719: kfree(info->dtmf_state); line 721: kfree(info->silence_state); line 723: kfree(info->adpcms); line 725: kfree(info->adpcmr); isdn_tty_set_termios isdn_tty_modem_hup line 719: kfree(info->dtmf_state); line 721: kfree(info->silence_state); line 723: kfree(info->adpcms); line 725: kfree(info->adpcmr); Thus, some concurrency double-free bugs may occur. These possible bugs are found by a static tool written by myself and my manual code review. To fix these possible bugs, the mutex lock "modem_info_mutex" used in isdn_tty_tiocmset() is added in isdn_tty_set_termios(). Signed-off-by: Jia-Ju Bai Signed-off-by: David S. Miller commit 7fbe078c37aba3088359c9256c1a1d0c3e39ee81 Author: Zha Bin Date: Tue Jan 8 16:07:03 2019 +0800 vhost/vsock: fix vhost vsock cid hashing inconsistent The vsock core only supports 32bit CID, but the Virtio-vsock spec define CID (dst_cid and src_cid) as u64 and the upper 32bits is reserved as zero. This inconsistency causes one bug in vhost vsock driver. The scenarios is: 0. A hash table (vhost_vsock_hash) is used to map an CID to a vsock object. And hash_min() is used to compute the hash key. hash_min() is defined as: (sizeof(val) <= 4 ? hash_32(val, bits) : hash_long(val, bits)). That means the hash algorithm has dependency on the size of macro argument 'val'. 0. In function vhost_vsock_set_cid(), a 64bit CID is passed to hash_min() to compute the hash key when inserting a vsock object into the hash table. 0. In function vhost_vsock_get(), a 32bit CID is passed to hash_min() to compute the hash key when looking up a vsock for an CID. Because the different size of the CID, hash_min() returns different hash key, thus fails to look up the vsock object for an CID. To fix this bug, we keep CID as u64 in the IOCTLs and virtio message headers, but explicitly convert u64 to u32 when deal with the hash table and vsock core. Fixes: 834e772c8db0 ("vhost/vsock: fix use-after-free in network stack callers") Link: https://github.com/stefanha/virtio/blob/vsock/trunk/content.tex Signed-off-by: Zha Bin Reviewed-by: Liu Jiang Reviewed-by: Stefan Hajnoczi Acked-by: Jason Wang Signed-off-by: David S. Miller commit 5fea7f1091d725bd0601c931f237fed210d37dad Merge: e8b108b050e84 fa0be0a43f101 Author: David S. Miller Date: Fri Jan 11 15:35:06 2019 -0800 Merge branch 'stmmac-fixes' Jose Abreu says: ==================== net: stmmac: Misc Fixes Some small fixes for stmmac targeting -net. Detailed info in commit log. ==================== Signed-off-by: David S. Miller commit fa0be0a43f101888ac677dba31b590963eafeaa1 Author: Jose Abreu Date: Wed Jan 9 10:06:00 2019 +0100 net: stmmac: Prevent RX starvation in stmmac_napi_poll() Currently, TX is given a budget which is consumed by stmmac_tx_clean() and stmmac_rx() is given the remaining non-consumed budget. This is wrong and in case we are sending a large number of packets this can starve RX because remaining budget will be low. Let's give always the same budget for RX and TX clean. While at it, check if we missed any interrupts while we were in NAPI callback by looking at DMA interrupt status. Cc: Joao Pinto Cc: David S. Miller Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: Jose Abreu Signed-off-by: David S. Miller commit 3b5094665e273c4a2a99f7f5f16977c0f1e19095 Author: Jose Abreu Date: Wed Jan 9 10:05:59 2019 +0100 net: stmmac: Fix the logic of checking if RX Watchdog must be enabled RX Watchdog can be disabled by platform definitions but currently we are initializing the descriptors before checking if Watchdog must be disabled or not. Fix this by checking earlier if user wants Watchdog disabled or not. Cc: Joao Pinto Cc: David S. Miller Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: Jose Abreu Signed-off-by: David S. Miller commit 0650d4017f4d2eee67230a02285a7ae5204240c2 Author: Jose Abreu Date: Wed Jan 9 10:05:58 2019 +0100 net: stmmac: Check if CBS is supported before configuring Check if CBS is currently supported before trying to configure it in HW. Cc: Joao Pinto Cc: David S. Miller Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: Jose Abreu Signed-off-by: David S. Miller commit fcc509eb10ff4794641e6ad3082118287a750d0a Author: Jose Abreu Date: Wed Jan 9 10:05:57 2019 +0100 net: stmmac: dwxgmac2: Only clear interrupts that are active In DMA interrupt handler we were clearing all interrupts status, even the ones that were not active. Fix this and only clear the active interrupts. Cc: Joao Pinto Cc: David S. Miller Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Signed-off-by: Jose Abreu Signed-off-by: David S. Miller commit 6dea7e1881fd86b80da64e476ac398008daed857 Author: Jose Abreu Date: Wed Jan 9 10:05:56 2019 +0100 net: stmmac: Fix PCI module removal leak Since commit b7d0f08e9129, the enable / disable of PCI device is not managed which will result in IO regions not being automatically unmapped. As regions continue mapped it is currently not possible to remove and then probe again the PCI module of stmmac. Fix this by manually unmapping regions on remove callback. Changes from v1: - Fix build error Cc: Joao Pinto Cc: David S. Miller Cc: Giuseppe Cavallaro Cc: Alexandre Torgue Fixes: b7d0f08e9129 ("net: stmmac: Fix WoL for PCI-based setups") Signed-off-by: Jose Abreu Signed-off-by: David S. Miller commit 8217724eb7c51bbec351b23cbc924577b2f4b8e6 Author: Otto Sabart Date: Wed Jan 9 00:46:55 2019 +0100 doc: bindings: fix bad reference to ARM CPU bindings The primecell.txt and cpus.txt files were converted into YAML. This patch updates old references with new ones. Fixes: d3c207eeb905 ("dt-bindings: arm: Convert primecell binding to json-schema") Fixes: 672951cbd1b7 ("dt-bindings: arm: Convert cpu binding to json-schema") Signed-off-by: Otto Sabart Signed-off-by: Rob Herring commit 0919871ac37fdcf46c7657da0f1742efe096b399 Author: Tony Luck Date: Fri Jan 11 14:46:37 2019 -0800 acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() Possible race accessing memdev structures after dropping the mutex. Dan Williams says this could race against another thread that is doing: # echo "ACPI0012:00" > /sys/bus/acpi/drivers/nfit/unbind Reported-by: Jane Chu Fixes: 23222f8f8dce ("acpi, nfit: Add function to look up nvdimm...") Signed-off-by: Tony Luck Signed-off-by: Dan Williams commit bde0b5c109e8b22b57745e3b9914f9e87ad857ea Author: Miquel Raynal Date: Tue Dec 4 20:28:29 2018 +0100 ata: ahci: mvebu: request PHY suspend/resume for Armada 3700 A feature has been added in the libahci driver: the possibility to set a new flag in hpriv->flags to let the core handle PHY suspend/resume automatically. Make use of this feature to make suspend to RAM work with SATA drives on A3700. Signed-off-by: Miquel Raynal Signed-off-by: Jens Axboe commit 2f558bc3f33ca344489cec2218545741028b6a70 Author: Miquel Raynal Date: Tue Dec 4 20:28:28 2018 +0100 ata: ahci: mvebu: add Armada 3700 initialization needed for S2RAM A3700 comphy initialization is done in the firmware (TF-A). Looking at the SATA PHY initialization routine, there is a comment about "vendor specific" registers. Two registers are mentioned. They are not initialized there in the firmware because they are AHCI related, while the firmware at this location does only PHY configuration. The solution to avoid doing such initialization is relying on U-Boot. While this work at boot time, U-Boot is definitely not going to run during a resume after suspending to RAM. Two possible solutions were considered: * Fixing the firmware. * Fixing the kernel driver. The first solution would take ages to propagate, while the second solution is easy to implement as the driver as been a little bit reworked to prepare for such platform configuration. Hence, this patch adds an Armada 3700 configuration function to set these two registers both at boot time (in the probe) and after a suspend (in the resume path). Signed-off-by: Miquel Raynal Signed-off-by: Jens Axboe commit 96dbcb40e4b1a387cdb9b21f43638c759aebb5a4 Author: Miquel Raynal Date: Tue Dec 4 20:28:27 2018 +0100 ata: ahci: mvebu: do Armada 38x configuration only on relevant SoCs At the beginning, only Armada 38x SoCs where supported by the ahci_mvebu.c driver. Commit 15d3ce7b63bd ("ata: ahci_mvebu: add support for Armada 3700 variant") introduced Armada 3700 support. As opposed to Armada 38x SoCs, the 3700 variants do not have to configure mbus and the regret option. This patch took care of avoiding such configuration when not needed in the probe function, but failed to do the same in the resume path. While doing so looks harmless by experience, let's clean the driver logic and avoid doing this useless configuration with Armada 3700 SoCs. Because the logic is very similar between these two places, it has been decided to factorize this code and put it in a "Armada 38x configuration function". This function is part of a new (per-compatible) platform data structure, so that the addition of such configuration function for Armada 3700 will be eased. Fixes: 15d3ce7b63bd ("ata: ahci_mvebu: add support for Armada 3700 variant") Signed-off-by: Miquel Raynal Signed-off-by: Jens Axboe commit c9bc136791ba0eefe07ed57d3850b8c5cee6471b Author: Miquel Raynal Date: Tue Dec 4 20:28:26 2018 +0100 ata: ahci: mvebu: remove stale comment For Armada-38x (32-bit) SoCs, PM platform support has been added since: commit 32f9494c9dfd ("ARM: mvebu: prepare pm-board.c for the introduction of Armada 38x support") commit 3cbd6a6ca81c ("ARM: mvebu: Add standby support") For Armada 64-bit SoCs, like the A3700 also using this AHCI driver, PM platform support has always existed. There are even suspend/resume hooks in this driver since: commit d6ecf15814888 ("ata: ahci_mvebu: add suspend/resume support") Remove the stale comment at the end of this driver stating that all the above does not exist yet. Fixes: d6ecf15814888 ("ata: ahci_mvebu: add suspend/resume support") Signed-off-by: Miquel Raynal Signed-off-by: Jens Axboe commit 49e54187ae0b2f9b5c0760e568a103baf4481610 Author: Miquel Raynal Date: Tue Dec 4 20:28:25 2018 +0100 ata: libahci_platform: comply to PHY framework Current implementation of the libahci does not take into account the new PHY framework. Correct the situation by adding a call to phy_set_mode() before phy_power_on(). PHYs should also be handled at suspend/resume time. For this, call ahci_platform_enable/disable_phys() at suspend/resume_host() time. These calls are guarded by a HFLAG (AHCI_HFLAG_SUSPEND_PHYS) that the user of the libahci driver must set manually in hpriv->flags at probe time. This is to avoid breaking users that have not been tested with this change. Reviewed-by: Hans de Goede Suggested-by: Grzegorz Jaszczyk Signed-off-by: Miquel Raynal Signed-off-by: Jens Axboe commit e8b108b050e84b6d7497d2cd29fe7623d0a33ed6 Merge: b19bce0335e25 fb4129b9279dc Author: David S. Miller Date: Fri Jan 11 12:51:49 2019 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2019-01-11 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix TCP-BPF support for correctly setting the initial window via TCP_BPF_IW on an active TFO sender, from Yuchung. 2) Fix a panic in BPF's stack_map_get_build_id()'s ELF parsing on 32 bit archs caused by page_address() returning NULL, from Song. 3) Fix BTF pretty print in kernel and bpftool when bitfield member offset is greater than 256. Also add test cases, from Yonghong. 4) Fix improper argument handling in xdp1 sample, from Ioana. 5) Install missing tcp_server.py and tcp_client.py files from BPF selftests, from Anders. 6) Add test_libbpf to gitignore in libbpf and BPF selftests, from Stanislav. ==================== Signed-off-by: David S. Miller commit 4b3c31c8d4dda4d70f3f24a165f3be99499e0328 Merge: c3405d6899745 b67d4530cdade Author: Linus Torvalds Date: Fri Jan 11 12:28:01 2019 -0800 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "I2C has one core and one driver bugfix for you" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: tegra: Fix Maximum transfer size i2c: dev: prevent adapter retries and timeout being set as minus value commit c3405d689974555532c12a4f3a5e72dedc660c0b Merge: f87092c4337fc 279667212ab2a Author: Linus Torvalds Date: Fri Jan 11 12:25:40 2019 -0800 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "Another handful of arm64 fixes here. Most of the complication comes from improving our kpti code to avoid lengthy pauses (30+ seconds) during boot when we rewrite the page tables. There are also a couple of IORT fixes that came in via Lorenzo. Summary: - Don't error in kexec_file_load if kaslr-seed is missing in device-tree - Fix incorrect argument type passed to iort_match_node_callback() - Fix IORT build failure when CONFIG_IOMMU_API=n - Fix kpti performance regression with new rodata default option - Typo fix" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: kexec_file: return successfully even if kaslr-seed doesn't exist ACPI/IORT: Fix rc_dma_get_range() arm64: kpti: Avoid rewriting early page tables when KASLR is enabled arm64: asm-prototypes: Fix fat-fingered typo in comment ACPI/IORT: Fix build when CONFIG_IOMMU_API=n commit f87092c4337fc064b52bfad1df499a5b82f6d088 Merge: 40a31da414c39 85f5a4d666fd9 Author: Linus Torvalds Date: Fri Jan 11 12:17:30 2019 -0800 Merge tag 'ceph-for-5.0-rc2' of git://github.com/ceph/ceph-client Pull ceph updates from Ilya Dryomov: "A patch to allow setting abort_on_full and a fix for an old "rbd unmap" edge case, marked for stable" * tag 'ceph-for-5.0-rc2' of git://github.com/ceph/ceph-client: rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set ceph: use vmf_error() in ceph_filemap_fault() libceph: allow setting abort_on_full for rbd commit ef4efa14560adf7cdc77022c86e659d910c5c6fc Author: Lubomir Rintel Date: Fri Jan 4 22:56:56 2019 +0100 dt-bindings: marvell,mmp2: fix typos in bindings doc A pair of rather trivial ones. Signed-off-by: Lubomir Rintel Signed-off-by: Rob Herring commit 5a9372f751b5350e0ce3d2ee91832f1feae2c2e5 Author: Arnd Bergmann Date: Thu Jan 10 17:24:31 2019 +0100 mips: fix n32 compat_ipc_parse_version While reading through the sysvipc implementation, I noticed that the n32 semctl/shmctl/msgctl system calls behave differently based on whether o32 support is enabled or not: Without o32, the IPC_64 flag passed by user space is rejected but calls without that flag get IPC_64 behavior. As far as I can tell, this was inadvertently changed by a cleanup patch but never noticed by anyone, possibly nobody has tried using sysvipc on n32 after linux-3.19. Change it back to the old behavior now. Fixes: 78aaf956ba3a ("MIPS: Compat: Fix build error if CONFIG_MIPS32_COMPAT but no compat ABI.") Signed-off-by: Arnd Bergmann Signed-off-by: Paul Burton Cc: linux-mips@vger.kernel.org Cc: stable@vger.kernel.org # 3.19+ commit 40a31da414c39e3cd8c4137c1ceedf59b7ffd4ce Merge: e8af37f3f488e 4e72ee8872279 Author: Linus Torvalds Date: Fri Jan 11 09:44:05 2019 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf tooling updates from Ingo Molnar: "Tooling changes only: fixes and a few stray improvements. Most of the diffstat is dominated by a PowerPC related fix of system call trace output beautification that allows us to (again) use the UAPI header version and sync up with the kernel's version of PowerPC system call names in the arch/powerpc/kernel/syscalls/syscall.tbl header" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (36 commits) tools headers powerpc: Remove unistd.h perf powerpc: Rework syscall table generation perf symbols: Add 'arch_cpu_idle' to the list of kernel idle symbols tools include uapi: Sync linux/if_link.h copy with the kernel sources tools include uapi: Sync linux/vhost.h with the kernel sources tools include uapi: Sync linux/fs.h copy with the kernel sources perf beauty: Switch from using uapi/linux/fs.h to uapi/linux/mount.h tools include uapi: Grab a copy of linux/mount.h perf top: Lift restriction on using callchains without "sym" in --sort tools lib traceevent: Remove tep_data_event_from_type() API tools lib traceevent: Rename tep_is_file_bigendian() to tep_file_bigendian() tools lib traceevent: Changed return logic of tep_register_event_handler() API tools lib traceevent: Changed return logic of trace_seq_printf() and trace_seq_vprintf() APIs tools lib traceevent: Rename struct cmdline to struct tep_cmdline tools lib traceevent: Initialize host_bigendian at tep_handle allocation tools lib traceevent: Introduce new libtracevent API: tep_override_comm() perf tests: Add a test for the ARM 32-bit [vectors] page perf tools: Make find_vdso_map() more modular perf trace: Fix alignment for [continued] lines perf trace: Fix ')' placement in "interrupted" syscall lines ... commit 826c1362e79abcd36f99092acd083b5a2d576676 Author: Vitaly Kuznetsov Date: Wed Jan 9 18:22:56 2019 +0100 x86/kvm/nVMX: don't skip emulated instruction twice when vmptr address is not backed Since commit 09abb5e3e5e50 ("KVM: nVMX: call kvm_skip_emulated_instruction in nested_vmx_{fail,succeed}") nested_vmx_failValid() results in kvm_skip_emulated_instruction() so doing it again in handle_vmptrld() when vmptr address is not backed is wrong, we end up advancing RIP twice. Fixes: fca91f6d60b6e ("kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page") Reported-by: Cornelia Huck Signed-off-by: Vitaly Kuznetsov Reviewed-by: Sean Christopherson Reviewed-by: Cornelia Huck Signed-off-by: Radim Krčmář commit cf1754c2a1d6e92688f7353aa7f598f5ad6d8f78 Author: Christophe de Dinechin Date: Mon Jan 7 18:52:38 2019 +0100 Documentation/virtual/kvm: Update URL for AMD SEV API specification The URL of [api-spec] in Documentation/virtual/kvm/amd-memory-encryption.rst is no longer valid, replaced space with underscore. Signed-off-by: Christophe de Dinechin Reviewed-by: Brijesh Singh Signed-off-by: Radim Krčmář commit b7c1c226f9403c52bf58b0bceef24501429c7351 Author: Lan Tianyu Date: Fri Jan 4 15:20:44 2019 +0800 KVM/VMX: Avoid return error when flush tlb successfully in the hv_remote_flush_tlb_with_range() The "ret" is initialized to be ENOTSUPP. The return value of __hv_remote_flush_tlb_with_range() will be Or with "ret" when ept table potiners are mismatched. This will cause return ENOTSUPP even if flush tlb successfully. This patch is to fix the issue and set "ret" to 0. Fixes: a5c214dad198 ("KVM/VMX: Change hv flush logic when ept tables are mismatched.") Signed-off-by: Lan Tianyu Signed-off-by: Radim Krčmář commit 3f14a89d1132dcae3c8ce6721c6ef51f6e6d9b5f Author: David Rientjes Date: Wed Jan 2 12:56:33 2019 -0800 kvm: sev: Fail KVM_SEV_INIT if already initialized By code inspection, it was found that multiple calls to KVM_SEV_INIT could deplete asid bits and overwrite kvm_sev_info's regions_list. Multiple calls to KVM_SVM_INIT is not likely to occur with QEMU, but this should likely be fixed anyway. This code is serialized by kvm->lock. Fixes: 1654efcbc431 ("KVM: SVM: Add KVM_SEV_INIT command") Reported-by: Cfir Cohen Signed-off-by: David Rientjes Signed-off-by: Radim Krčmář commit 98938aa8edd66dc95024d7c936a4bc315f6615ff Author: Tomas Bortoli Date: Wed Jan 2 18:29:37 2019 +0100 KVM: validate userspace input in kvm_clear_dirty_log_protect() The function at issue does not fully validate the content of the structure pointed by the log parameter, though its content has just been copied from userspace and lacks validation. Fix that. Moreover, change the type of n to unsigned long as that is the type returned by kvm_dirty_bitmap_bytes(). Signed-off-by: Tomas Bortoli Reported-by: syzbot+028366e52c9ace67deb3@syzkaller.appspotmail.com [Squashed the fix from Paolo. - Radim.] Signed-off-by: Radim Krčmář commit d14eff1bc53e6a268c3b48da5cdb469f26832d1a Author: Gustavo A. R. Silva Date: Wed Dec 26 14:40:59 2018 -0600 KVM: x86: Fix bit shifting in update_intel_pt_cfg ctl_bitmask in pt_desc is of type u64. When an integer like 0xf is being left shifted more than 32 bits, the behavior is undefined. Fix this by adding suffix ULL to integer 0xf. Addresses-Coverity-ID: 1476095 ("Bad bit shift operation") Fixes: 6c0f0bba85a0 ("KVM: x86: Introduce a function to initialize the PT configuration") Signed-off-by: Gustavo A. R. Silva Reviewed-by: Wei Yang Reviewed-by: Luwei Kang Signed-off-by: Radim Krčmář commit e8af37f3f488e7adce2b5c6f6dfe8c83c2662e1f Merge: 8e1b295b693cb e4f358916d528 Author: Linus Torvalds Date: Fri Jan 11 09:07:19 2019 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "A 32-bit build fix, CONFIG_RETPOLINE fixes and rename CONFIG_RESCTRL to CONFIG_X86_RESCTRL" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE x86/cache: Rename config option to CONFIG_X86_RESCTRL samples/seccomp: Fix 32-bit build commit 8e1b295b693cbf2d8499c24fbb1f8f50c58771e3 Merge: f4f31fff32252 65a4f3a1efda8 Author: Linus Torvalds Date: Fri Jan 11 09:04:36 2019 -0800 Merge tag 'acpi-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "Fix a build failure introduced recently, fix the xpower PMIC ACPI driver, clean up the handling of duplicate entries in _PRx power resource lists and fix addresses in NUMA-related messages on 32-bit with PAE. Specifics: - Fix build failures with both CONFIG_NLS and CONFIG_PCI unset that can occur since ACPI can be built without PCI now (Sinan Kaya). - Clean up the handling of duplicate entries in power resource lists returned by _PRx evaluation to avoid triggering WARN_ON() on attempts to add duplicate symlinks in sysfs (Hans de Goede). - Fix issues with the TS current-source switching on systems using the xpower PMIC by avoiding to update unrelated bits in the TS pin-ctrl register and avoiding to unconditionally enable TS current-source on systems where it is not used (Hans de Goede). - Fix addresses in NUMA-related messages on 32-bit with PAE which can be truncated due to integer type conversions (Chao Fan)" * tag 'acpi-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / PMIC: xpower: Fix TS-pin current-source handling ACPI: NUMA: Use correct type for printing addresses on i386-PAE ACPI: power: Skip duplicate power resource references in _PRx ACPI: Fix build failure when CONFIG_NLS is set to 'n' commit f4f31fff32252da3791e9d901adb44f963a79153 Merge: 385c59c7baaa4 343e60e52a3a0 Author: Linus Torvalds Date: Fri Jan 11 09:01:43 2019 -0800 Merge tag 'pm-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management updates from Rafael Wysocki: "These fix fallout after starting to use hrtimers in the runtime PM framework, fix a few cpufreq issues, fix a recently broken reference to cpuidle documentation, update MAINTAINERS entries for cpufreq and cpuidle and make the recently added system suspend and resume support in devfreq actually work. Specifics: - Prevent integer overflows from occurring on 32-bit when converting milliseconds to nanoseconds in the runtime PM framework and update comments that still refer to jiffies in it (Vincent Guittot, Ladislav Michl). - Fix the SCMI cpufreq driver to always use the same frequency units for arch_set_freq_scale() and make the scale-invariant load tracking acutally work with this driver (Quentin Perret). - Fix freeing of dynamic OPPs in the SCPI and SCMI cpufreq drivers broken during the 4.20 defelopment cycle (Viresh Kumar). - Prevent the cpufreq core from attempting to return the current frequency of offline CPUs (Sudeep Holla). - Add devfreq suspend and resume hooks (missed previously) to the PM core to make the recently added system suspend and resume support in devfreq actually work (Lukasz Luba). - Update MAINTAINERS entries for cpufreq and cpuidle, mostly to add references to new/current documentation to them (Rafael Wysocki). - Fix a recently broken reference to cpuidle documentation (Otto Sabart)" * tag 'pm-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: PM-runtime: Fix autosuspend_delay on 32bits arch PM-runtime: Fix 'jiffies' in comments after switch to hrtimers cpufreq: scmi: Fix frequency invariance in slow path doc: trace: fix reference to cpuidle documentation file cpufreq: check if policy is inactive early in __cpufreq_get() cpufreq: scpi/scmi: Fix freeing of dynamic OPPs cpuidle / Documentation: Update cpuidle MAINTAINERS entry cpufreq / Documentation: Update cpufreq MAINTAINERS entry PM: sleep: call devfreq suspend/resume commit 385c59c7baaa4626f5c01888d50e86e5636e655e Merge: de6629eb262e0 f34c48e06ddcc Author: Linus Torvalds Date: Fri Jan 11 08:58:02 2019 -0800 Merge tag 'drm-fixes-2019-01-11' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Not a huge amount for rc2, assume the usual quiet period, and rc3 will be most of it. amdgpu: - Powerplay fixes - Virtual display pinning fixes - Golden register updates for Vega - Pitch and gem size validation fixes - SR-IOV init error fix - Pagetables in system RAM disable for some Raven system - DP-MST resume fixes tc358767 bridge: - fix to work with displayport connector" * tag 'drm-fixes-2019-01-11' of git://anongit.freedesktop.org/drm/drm: (26 commits) drm/amdgpu: disable system memory page tables for now drm/amdgpu: set WRITE_BURST_LENGTH to 64B to workaround SDMA1 hang drm/amdgpu: fix CPDMA hang in PRT mode for VEGA20 drm/bridge: tc358767: use DP connector if no panel set drm/bridge: tc358767: fix output H/V syncs drm/bridge: tc358767: reject modes which require too much BW drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value drm/bridge: tc358767: fix single lane configuration drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE drm/bridge: tc358767: add bus flags drm/dp_mst: Add __must_check to drm_dp_mst_topology_mgr_resume() drm/amdgpu: Don't fail resume process if resuming atomic state fails drm/amdgpu: Don't ignore rc from drm_dp_mst_topology_mgr_resume() drm/amdgpu: validate user GEM object size drm/amdgpu: validate user pitch alignment drm/amd/powerplay: drop the unnecessary uclk hard min setting drm/amd/powerplay: avoid possible buffer overflow drm/amd/powerplay: create pp_od_clk_voltage device file under OD support drm/amd/powerplay: update OD support flag for SKU with no OD capabilities drm/amdgpu: make gfx9 enter into rlc safe mode when set MGCG ... commit d3736d82e8169768218ee0ef68718875918091a0 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Wed Jan 9 01:17:40 2019 +0000 tty: Don't hold ldisc lock in tty_reopen() if ldisc present Try to get reference for ldisc during tty_reopen(). If ldisc present, we don't need to do tty_ldisc_reinit() and lock the write side for line discipline semaphore. Effectively, it optimizes fast-path for tty_reopen(), but more importantly it won't interrupt ongoing IO on the tty as no ldisc change is needed. Fixes user-visible issue when tty_reopen() interrupted login process for user with a long password, observed and reported by Lukas. Fixes: c96cf923a98d ("tty: Don't block on IO when ldisc change is pending") Fixes: 83d817f41070 ("tty: Hold tty_ldisc_lock() during tty_reopen()") Cc: Jiri Slaby Reported-by: Lukas F. Hartmann Tested-by: Lukas F. Hartmann Cc: stable Signed-off-by: Dmitry Safonov Signed-off-by: Greg Kroah-Hartman commit e3e4767bd550b3f19278e42bcce143e0d2316ba2 Author: Martin Blumenstingl Date: Tue Jan 1 20:44:14 2019 +0100 mmc: core: don't override the CD GPIO level when "cd-inverted" is set Since commit 89a5e15bcba87d ("gpio/mmc/of: Respect polarity in the device tree") gpiolib-of parses the "cd-gpios" property and flips the polarity if "cd-inverted" is also set. This results in the "cd-inverted" property being evaluated twice, which effectively makes it a no-op: - first in drivers/gpio/gpiolib-of.c (of_xlate_and_get_gpiod_flags) when setting up the CD GPIO - then again in drivers/mmc/core/slot-gpio.c (mmc_gpio_get_cd) when reading the CD GPIO value at runtime On boards which are using device-tree with the "cd-inverted" property being set any inserted card are not detected anymore. This is due to the MMC core treating the CD GPIO with the wrong polarity. Disable "override_cd_active_level" for the card detection GPIO which is parsed using mmc_of_parse. This fixes SD card detection on the boards which are currently using the "cd-inverted" device-tree property (tested on Meson8b Odroid-C1 and Meson8b EC-100). This does not remove the CD GPIO inversion logic from the MMC core because there's at least one driver (sdhci-pci-core for Intel BayTrail based boards) which still passes "override_cd_active_level = true" to mmc_gpiod_request_cd(). Due to lack of hardware for testing this is left untouched. In the future the GPIO inversion logic for both, card and read-only detection can be removed once no driver is using it anymore. Fixes: 89a5e15bcba87d ("gpio/mmc/of: Respect polarity in the device tree") Signed-off-by: Martin Blumenstingl Tested-by: Anand Moon Tested-by: Loys Ollivier Acked-by: Ulf Hansson Signed-off-by: Linus Walleij commit 00257e0cc550c4a8df5f99c0a4fc74fec0656144 Author: Rob Herring Date: Fri Jan 11 14:34:39 2019 +0100 fbdev: offb: Fix OF node name handling Commit 5c63e407aaab ("fbdev: Convert to using %pOFn instead of device_node.name") changed how the OF FB driver handles the OF node name. This missed the case where the node name is passed to offb_init_palette_hacks(). This results in a NULL ptr dereference in strncmp and breaks any system except ones using bootx with no display node. Fix this by making offb_init_palette_hacks() use the OF node pointer and use of_node_name_prefix() helper function instead for node name comparisons. This helps in moving all OF node name accesses to helper functions in preparation to remove struct device_node.name pointer. Fixes: 5c63e407aaab ("fbdev: Convert to using %pOFn instead of device_node.name") Reported-by: Mathieu Malaterre Tested-by: Mathieu Malaterre Cc: stable@vger.kernel.org # v4.19+ Cc: Elimar Riesebieter Signed-off-by: Rob Herring Signed-off-by: Bartlomiej Zolnierkiewicz commit a01421e4484327fe44f8e126793ed5a48a221e24 Author: Vlad Tsyrklevich Date: Fri Jan 11 14:34:38 2019 +0100 omap2fb: Fix stack memory disclosure Using [1] for static analysis I found that the OMAPFB_QUERY_PLANE, OMAPFB_GET_COLOR_KEY, OMAPFB_GET_DISPLAY_INFO, and OMAPFB_GET_VRAM_INFO cases could all leak uninitialized stack memory--either due to uninitialized padding or 'reserved' fields. Fix them by clearing the shared union used to store copied out data. [1] https://github.com/vlad902/kernel-uninitialized-memory-checker Signed-off-by: Vlad Tsyrklevich Reviewed-by: Kees Cook Fixes: b39a982ddecf ("OMAP: DSS2: omapfb driver") Cc: security@kernel.org [b.zolnierkie: prefix patch subject with "omap2fb: "] Signed-off-by: Bartlomiej Zolnierkiewicz commit 48d2ba6257013676e57ff69444d5212031aee763 Author: Steve French Date: Sat Jan 5 19:46:35 2019 -0600 cifs: update internal module version number To 2.16 Signed-off-by: Steve French commit 9a66396f1857cc1de06f4f4771797315e1a4ea56 Author: Pavel Shilovsky Date: Tue Jan 8 11:15:28 2019 -0800 CIFS: Fix error paths in writeback code This patch aims to address writeback code problems related to error paths. In particular it respects EINTR and related error codes and stores and returns the first error occurred during writeback. Signed-off-by: Pavel Shilovsky Acked-by: Jeff Layton Signed-off-by: Steve French commit ee258d79159afed52ca9372aeb9c1a51e89b32ee Author: Pavel Shilovsky Date: Thu Jan 3 15:53:10 2019 -0800 CIFS: Move credit processing to mid callbacks for SMB3 Currently we account for credits in the thread initiating a request and waiting for a response. The demultiplex thread receives the response, wakes up the thread and the latter collects credits from the response buffer and add them to the server structure on the client. This approach is not accurate, because it may race with reconnect events in the demultiplex thread which resets the number of credits. Fix this by moving credit processing to new mid callbacks that collect credits granted by the server from the response in the demultiplex thread. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French commit 8a26f0f781f56d3016b34a2217e346973d067e7b Author: Pavel Shilovsky Date: Thu Jan 3 16:45:27 2019 -0800 CIFS: Fix credits calculation for cancelled requests If a request is cancelled, we can't assume that the server returns 1 credit back. Instead we need to wait for a response and process the number of credits granted by the server. Create a separate mid callback for cancelled request, parse the number of credits in a response buffer and add them to the client's credits. If the didn't get a response (no response buffer available) assume 0 credits granted. The latter most probably happens together with session reconnect, so the client's credits are adjusted anyway. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French commit b9a74cde94957d82003fb9f7ab4777938ca851cd Author: Ross Lagerwall Date: Tue Jan 8 18:30:57 2019 +0000 cifs: Fix potential OOB access of lock element array If maxBuf is small but non-zero, it could result in a zero sized lock element array which we would then try and access OOB. Signed-off-by: Ross Lagerwall Signed-off-by: Steve French CC: Stable commit 92a8109e4d3a34fb6b115c9098b51767dc933444 Author: Ross Lagerwall Date: Tue Jan 8 18:30:56 2019 +0000 cifs: Limit memory used by lock request calls to a page The code tries to allocate a contiguous buffer with a size supplied by the server (maxBuf). This could fail if memory is fragmented since it results in high order allocations for commonly used server implementations. It is also wasteful since there are probably few locks in the usual case. Limit the buffer to be no larger than a page to avoid memory allocation failures due to fragmentation. Signed-off-by: Ross Lagerwall Signed-off-by: Steve French commit 15bc77f94e9f0e3cfd6972f3b84bb7aaa4c36b1b Author: Aurelien Aptel Date: Tue Jan 8 13:41:00 2019 +0100 cifs: move large array from stack to heap This addresses some compile warnings that you can see depending on configuration settings. Signed-off-by: Aurelien Aptel Signed-off-by: Steve French commit ee13919c2e8d1f904e035ad4b4239029a8994131 Author: Pavel Shilovsky Date: Thu Jan 10 11:27:28 2019 -0800 CIFS: Do not hide EINTR after sending network packets Currently we hide EINTR code returned from sock_sendmsg() and return 0 instead. This makes a caller think that we successfully completed the network operation which is not true. Fix this by properly returning EINTR to callers. Cc: Signed-off-by: Pavel Shilovsky Reviewed-by: Jeff Layton Signed-off-by: Steve French commit fcf5036f09694d09d946c0455f329894a6482a4d Author: Michael Ellerman Date: Fri Jan 11 23:53:46 2019 +1100 powerpc/4xx/ocm: Fix fix for phys_addr_t printf warnings My recent commit to fix the printf warnings in ocm.c got the format specifier wrong, because I copied it from the documentation without realising the square brackets are not meant as literals. This results in the address being suffixed with a literal "[p]". Actually tested this time: # cat info /sys/kernel/debug/ppc4xx_ocm PhysAddr : 0x0000000400040000 ... NC.PhysAddr : 0x0000000400040000 ... C.PhysAddr : 0x0000000000000000 Fixes: 52b88fa1e8c7 ("powerpc/4xx/ocm: Fix phys_addr_t printf warnings") Reported-by: Christian Lamparter Tested-by: Christian Lamparter Signed-off-by: Michael Ellerman commit 6bca515917515b66b7e1dfc1d1d3b7bd8058315c Author: Frederic Barrat Date: Wed Jan 9 16:13:42 2019 +0100 powerpc/powernv/npu: Fix oops in pnv_try_setup_npu_table_group() With a recent change around IOMMU group, a system with an opencapi adapter is no longer booting and we get a kernel oops: BUG: Kernel NULL pointer dereference at 0x00000028 Faulting instruction address: 0xc0000000000aa38c ... NIP pnv_try_setup_npu_table_group+0x1c/0x1a0 LR pnv_pci_ioda_fixup+0x1f8/0x660 Call Trace: pnv_try_setup_npu_table_group+0x60/0x pnv_pci_ioda_fixup+0x20c/0x660 pcibios_resource_survey+0x2c8/0x31c pcibios_init+0xb0/0xe4 do_one_initcall+0x64/0x264 kernel_init_freeable+0x36c/0x468 kernel_init+0x2c/0x148 ret_from_kernel_thread+0x5c/0x68 An opencapi device is using a device PE, so the current code breaks because pe->pbus is not defined. More generally, there's no need to define an IOMMU group for opencapi, as the device sends real addresses directly (admittedly, the virtualization story is yet to be written). So let's fix it by skipping the IOMMU group setup for opencapi PHBs. Fixes: 0bd971676e68 ("powerpc/powernv/npu: Add compound IOMMU groups") Signed-off-by: Frederic Barrat Reviewed-by: Greg Kurz Reviewed-by: Andrew Donnellan Signed-off-by: Michael Ellerman commit 897bc3df8c5aebb54c32d831f917592e873d0559 Author: Breno Leitao Date: Wed Jan 9 11:16:45 2019 -0200 powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM Commit e1c3743e1a20 ("powerpc/tm: Set MSR[TS] just prior to recheckpoint") moved a code block around and this block uses a 'msr' variable outside of the CONFIG_PPC_TRANSACTIONAL_MEM, however the 'msr' variable is declared inside a CONFIG_PPC_TRANSACTIONAL_MEM block, causing a possible error when CONFIG_PPC_TRANSACTION_MEM is not defined. error: 'msr' undeclared (first use in this function) This is not causing a compilation error in the mainline kernel, because 'msr' is being used as an argument of MSR_TM_ACTIVE(), which is defined as the following when CONFIG_PPC_TRANSACTIONAL_MEM is *not* set: #define MSR_TM_ACTIVE(x) 0 This patch just fixes this issue avoiding the 'msr' variable usage outside the CONFIG_PPC_TRANSACTIONAL_MEM block, avoiding trusting in the MSR_TM_ACTIVE() definition. Cc: stable@vger.kernel.org Reported-by: Christoph Biedl Fixes: e1c3743e1a20 ("powerpc/tm: Set MSR[TS] just prior to recheckpoint") Signed-off-by: Breno Leitao Signed-off-by: Michael Ellerman commit fb0bdec51a4901b7dd088de0a1e365e1b9f5cd21 Author: Christophe Leroy Date: Wed Jan 9 20:30:07 2019 +0000 powerpc/8xx: fix setting of pagetable for Abatron BDI debug tool. Commit 8c8c10b90d88 ("powerpc/8xx: fix handling of early NULL pointer dereference") moved the loading of r6 earlier in the code. As some functions are called inbetween, r6 needs to be loaded again with the address of swapper_pg_dir in order to set PTE pointers for the Abatron BDI. Fixes: 8c8c10b90d88 ("powerpc/8xx: fix handling of early NULL pointer dereference") Signed-off-by: Christophe Leroy Signed-off-by: Michael Ellerman commit d7b6cc199b2dea602b4a2a681cf6d3223a61e2be Author: Dan Carpenter Date: Wed Jan 9 13:23:29 2019 +0300 powerpc/powernv/npu: Allocate enough memory in pnv_try_setup_npu_table_group() There is a typo so we accidentally allocate enough memory for a pointer when we wanted to allocate enough for a struct. Fixes: 0bd971676e68 ("powerpc/powernv/npu: Add compound IOMMU groups") Signed-off-by: Dan Carpenter Reviewed-by: Alexey Kardashevskiy Signed-off-by: Michael Ellerman commit 21face6f0d4d033d949d5517f307a15f76a9d9f2 Author: Gustavo A. R. Silva Date: Fri Jan 4 23:55:27 2019 -0600 ARM: integrator: impd1: use struct_size() in devm_kzalloc() One of the more common cases of allocation size calculations is finding the size of a structure that has a zero-sized array at the end, along with memory for some number of elements for that array. For example: struct foo { int stuff; void *entry[]; }; instance = devm_kzalloc(dev, sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL); Instead of leaving these open-coded and prone to type mistakes, we can now use the new struct_size() helper: instance = devm_kzalloc(dev, struct_size(instance, entry, count), GFP_KERNEL); This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva commit 279667212ab2a4f36c3b0347657ddcc11f9cfa25 Author: AKASHI Takahiro Date: Fri Jan 11 16:40:21 2019 +0900 arm64: kexec_file: return successfully even if kaslr-seed doesn't exist In kexec_file_load, kaslr-seed property of the current dtb will be deleted any way before setting a new value if possible. It doesn't matter whether it exists in the current dtb. So "ret" should be reset to 0 here. Fixes: commit 884143f60c89 ("arm64: kexec_file: add kaslr support") Signed-off-by: AKASHI Takahiro Signed-off-by: Will Deacon commit c7777236dd8f587f6a8d6800c03df318fd4d2627 Author: Jean-Philippe Brucker Date: Thu Jan 10 18:41:51 2019 +0000 ACPI/IORT: Fix rc_dma_get_range() When executed for a PCI_ROOT_COMPLEX type, iort_match_node_callback() expects the opaque pointer argument to be a PCI bus device. At the moment rc_dma_get_range() passes the PCI endpoint instead of the bus, and we've been lucky to have pci_domain_nr(ptr) return 0 instead of crashing. Pass the bus device to iort_scan_node(). Fixes: 5ac65e8c8941 ("ACPI/IORT: Support address size limit for root complexes") Reported-by: Eric Auger Signed-off-by: Jean-Philippe Brucker Signed-off-by: Lorenzo Pieralisi Reviewed-by: Eric Auger Acked-by: Robin Murphy Cc: stable@vger.kernel.org Cc: Will Deacon Cc: Hanjun Guo Cc: Sudeep Holla Cc: Catalin Marinas Cc: "Rafael J. Wysocki" Signed-off-by: Will Deacon commit fb4129b9279dc40be51060004e8f5e4b360739b8 Merge: beaf3d1901f4e 298e59d322954 Author: Daniel Borkmann Date: Fri Jan 11 10:40:55 2019 +0100 Merge branch 'bpf-fix-bitfield-printing' Yonghong Song says: ==================== The previous BTF kind_flag support patch set introduced a bug for kernel bpffs pretty printing and another bug for bpftool map pretty printing. If a bitfield struct member offset is greater than 256 bits, printed value for that struct member will be incorrect. - Patch #1 fixed the bug in kernel bpffs pretty printing. - Patch #2 enhanced the test_btf test case to cover the issue exposed by patch #1. - Patch #3 fixed the bug in bpftool map pretty printing. ==================== Signed-off-by: Daniel Borkmann commit 298e59d322954e89ed2a556c601a04a4c007d1b3 Author: Yonghong Song Date: Thu Jan 10 11:14:02 2019 -0800 tools/bpf: fix bpftool map dump with bitfields Commit 8772c8bc093b ("tools: bpftool: support pretty print with kind_flag set") added bpftool map dump with kind_flag support. When bitfield_size can be retrieved directly from btf_member, function btf_dumper_bitfield() is called to dump the bitfield. The implementation passed the wrong parameter "bit_offset" to the function. The excepted value is the bit_offset within a byte while the passed-in value is the struct member offset. This commit fixed the bug with passing correct "bit_offset" with adjusted data pointer. Fixes: 8772c8bc093b ("tools: bpftool: support pretty print with kind_flag set") Acked-by: Martin KaFai Lau Signed-off-by: Yonghong Song Signed-off-by: Daniel Borkmann commit e43207fa2e6130e39e3aca4c55e2ee21cfb46828 Author: Yonghong Song Date: Thu Jan 10 11:14:01 2019 -0800 tools/bpf: test btf bitfield with >=256 struct member offset This patch modified test_btf pretty print test to cover the bitfield with struct member equal to or greater 256. Without the previous kernel patch fix, the modified test will fail: $ test_btf -p ...... BTF pretty print array(#1)......unexpected pprint output expected: 0: {0,0,0,0x3,0x0,0x3,{0|[0,0,0,0,0,0,0,0]},ENUM_ZERO,4,0x1} read: 0: {0,0,0,0x3,0x0,0x3,{0|[0,0,0,0,0,0,0,0]},ENUM_ZERO,4,0x0} BTF pretty print array(#2)......unexpected pprint output expected: 0: {0,0,0,0x3,0x0,0x3,{0|[0,0,0,0,0,0,0,0]},ENUM_ZERO,4,0x1} read: 0: {0,0,0,0x3,0x0,0x3,{0|[0,0,0,0,0,0,0,0]},ENUM_ZERO,4,0x0} PASS:6 SKIP:0 FAIL:2 With the kernel fix, the modified test will succeed: $ test_btf -p ...... BTF pretty print array(#1)......OK BTF pretty print array(#2)......OK PASS:8 SKIP:0 FAIL:0 Fixes: 9d5f9f701b18 ("bpf: btf: fix struct/union/fwd types with kind_flag") Acked-by: Martin KaFai Lau Signed-off-by: Yonghong Song Signed-off-by: Daniel Borkmann commit 17e3ac812541f73224299d8958ddb420c2d5bbd8 Author: Yonghong Song Date: Thu Jan 10 11:14:00 2019 -0800 bpf: fix bpffs bitfield pretty print Commit 9d5f9f701b18 ("bpf: btf: fix struct/union/fwd types with kind_flag") introduced kind_flag and used bitfield_size in the btf_member to directly pretty print member values. The commit contained a bug where the incorrect parameters could be passed to function btf_bitfield_seq_show(). The bits_offset parameter in the function expects a value less than 8. Instead, the member offset in the structure is passed. The below is btf_bitfield_seq_show() func signature: void btf_bitfield_seq_show(void *data, u8 bits_offset, u8 nr_bits, struct seq_file *m) both bits_offset and nr_bits are u8 type. If the bitfield member offset is greater than 256, incorrect value will be printed. This patch fixed the issue by calculating correct proper data offset and bits_offset similar to non kind_flag case. Fixes: 9d5f9f701b18 ("bpf: btf: fix struct/union/fwd types with kind_flag") Acked-by: Martin KaFai Lau Signed-off-by: Yonghong Song Signed-off-by: Daniel Borkmann commit 06382deac2b8a49bbc5aaa3c9118fed6da4a1ac1 Author: Greg Kroah-Hartman Date: Fri Jan 11 10:40:13 2019 +0100 Revert "staging: rtl8723bs: Mark ACPI table declaration as used" This reverts commit e6d093719e22a09e778edde192dfd89a0cd77b5c. Turns out it is not needed at all, a fix for clang was made and accepted upstream in that project that makes this change unnecessary. So revert it. Reported-by: Nick Desaulniers Cc: Nathan Chancellor Signed-off-by: Greg Kroah-Hartman commit e2d3c414ec0f9d1557c8c5ff2c32166e68bbc4ad Merge: 95681cda8dcc3 f299e0bdbaeb6 Author: Daniel Vetter Date: Fri Jan 11 10:26:21 2019 +0100 Merge tag 'drm-intel-fixes-2019-01-11' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes i915 fixes for v5.0-rc2: - Disable PSR for Apple panels - Broxton ERR_PTR error state fix - Kabylake VECS workaround fix - Unwind failure on pinning the gen7 ppgtt - GVT workload request allocation fix Signed-off-by: Daniel Vetter From: Jani Nikula Link: https://patchwork.freedesktop.org/patch/msgid/87pnt35z8h.fsf@intel.com commit 95681cda8dcc3e90f25b3e0c84c49778dae43346 Merge: ae5e5ae90d326 4089e272ac616 Author: Daniel Vetter Date: Fri Jan 11 10:25:05 2019 +0100 Merge tag 'drm-misc-fixes-2019-01-10-1' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes Second pull request, drm-misc-fixes for v5.0-rc2: - Fix fb-helper to work correctly with SDL 1.2 bugs. - Fix lockdep warning in the atomic ioctl and setproperty. Signed-off-by: Daniel Vetter From: Maarten Lankhorst Link: https://patchwork.freedesktop.org/patch/msgid/2cf24f5c-2b1f-befa-8d08-058661146b61@linux.intel.com commit 65a4f3a1efda8e0cc2516301fc3ad64e3eca716c Merge: 2b531d71595d2 2e61069b056f7 7d7b467cb95bf b9ced18acf68d Author: Rafael J. Wysocki Date: Fri Jan 11 10:12:07 2019 +0100 Merge branches 'acpi-pci', 'acpi-power' and 'acpi-misc' * acpi-pci: ACPI: Fix build failure when CONFIG_NLS is set to 'n' * acpi-power: ACPI: power: Skip duplicate power resource references in _PRx * acpi-misc: ACPI: NUMA: Use correct type for printing addresses on i386-PAE commit 343e60e52a3a093bb7baeca441789724fcac4bb5 Merge: ca27e4cd0bdd8 7604bf0920985 0e141d1c65c1d 6e863844ad6ef Author: Rafael J. Wysocki Date: Fri Jan 11 10:09:51 2019 +0100 Merge branches 'pm-cpuidle', 'pm-cpufreq' and 'pm-sleep' * pm-cpuidle: doc: trace: fix reference to cpuidle documentation file cpuidle / Documentation: Update cpuidle MAINTAINERS entry * pm-cpufreq: cpufreq: scmi: Fix frequency invariance in slow path cpufreq: check if policy is inactive early in __cpufreq_get() cpufreq: scpi/scmi: Fix freeing of dynamic OPPs cpufreq / Documentation: Update cpufreq MAINTAINERS entry * pm-sleep: PM: sleep: call devfreq suspend/resume commit d04e779fb1dbeedf8a60b66d0d0048be4e65d366 Author: Wei Yongjun Date: Thu Jan 10 14:07:42 2019 +0000 gpio: pca953x: Make symbol 'pca953x_i2c_regmap' static Fixes the following sparse warning: drivers/gpio/gpio-pca953x.c:292:28: warning: symbol 'pca953x_i2c_regmap' was not declared. Should it be static? Fixes: 49427232764d ("gpio: pca953x: Perform basic regmap conversion") Signed-off-by: Wei Yongjun Reviewed-by: Marek Vasut Signed-off-by: Linus Walleij commit ae5e5ae90d32667e107ba0bd2f1dc9e20a08dfaf Merge: f34c48e06ddcc a5176a4cb85bb Author: Dave Airlie Date: Fri Jan 11 17:25:00 2019 +1000 Merge branch 'linux-4.21' of git://github.com/skeggsb/linux into drm-fixes 3 nouveau fixes: one backlight, falcon register access, and a fan fix. Signed-off-by: Dave Airlie From: Ben Skeggs Link: https://patchwork.freedesktop.org/patch/msgid/CACAvsv4MHr=Rq3FkZFTYWPc7o5-dTWFysXB=wN2L91SYeFbzkQ@mail.gmail.com commit 4e72ee8872279a70ebe973172133b98e8acbf54e Merge: 576b50ea23569 15c03092a9fbc Author: Ingo Molnar Date: Fri Jan 11 08:12:09 2019 +0100 Merge tag 'perf-core-for-mingo-5.0-20190110' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/core fixes and improvements from Arnaldo Carvalho de Melo: perf trace: Ravi Bangoria: - Rework PowerPC syscall table generation, now using a .tbl file just like x86_64 and S/390, also silencing a tools build warning about headers out of sync with the kernel sources. tools include uapi: Arnaldo Carvalho de Melo: - Sync linux/if_link.h copy with the kernel sources, silencing a build warning. perf top: Arnaldo Carvalho de Melo: - Add 'arch_cpu_idle' to the list of kernel idle symbols, noticed on a Orange Pi Zero ARM board, just like with other symbols in other arches. Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit a5176a4cb85bb6213daadf691097cf411da35df2 Author: Ilia Mirkin Date: Thu Dec 13 22:44:08 2018 -0500 drm/nouveau/falcon: avoid touching registers if engine is off Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=108980 Signed-off-by: Ilia Mirkin Signed-off-by: Ben Skeggs commit 118780066e30c34de3d9349710b51780bfa0ba83 Author: Takashi Iwai Date: Wed Sep 12 12:58:43 2018 +0200 drm/nouveau: Don't disable polling in fallback mode When a fan is controlled via linear fallback without cstate, we shouldn't stop polling. Otherwise it won't be adjusted again and keeps running at an initial crazy pace. Fixes: 800efb4c2857 ("drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios") Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1103356 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107447 Reported-by: Thomas Blume Signed-off-by: Takashi Iwai Reviewed-by: Martin Peres Signed-off-by: Ben Skeggs commit 15f77c4ade3364106a3a397f0a8d6fce9d6a6326 Author: Ben Skeggs Date: Fri Jan 11 16:08:20 2019 +1000 drm/nouveau: register backlight on pascal and newer Signed-off-by: Ben Skeggs commit 5b0e7310a2a33c06edc7eb81ffc521af9b2c5610 Author: Stephen Smalley Date: Wed Jan 9 10:55:10 2019 -0500 selinux: fix GPF on invalid policy levdatum->level can be NULL if we encounter an error while loading the policy during sens_read prior to initializing it. Make sure sens_destroy handles that case correctly. Reported-by: syzbot+6664500f0f18f07a5c0e@syzkaller.appspotmail.com Signed-off-by: Stephen Smalley Signed-off-by: Paul Moore commit 9d9f59b4204bc41896c866b3e5856e5b416aa199 Author: Leon Romanovsky Date: Thu Jan 10 08:15:45 2019 +0200 RDMA/mthca: Clear QP objects during their allocation As part of audit process to update drivers to use rdma_restrack_add() ensure that QP objects is cleared before access. Such change fixes the crash observed with uninitialized non zero sgid attr accessed by ib_destroy_qp(). CPU: 3 PID: 74 Comm: kworker/u16:1 Not tainted 4.19.10-300.fc29.x86_64 Workqueue: ipoib_wq ipoib_cm_tx_reap [ib_ipoib] RIP: 0010:rdma_put_gid_attr+0x9/0x30 [ib_core] RSP: 0018:ffffb7ad819dbde8 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff8d1bdf5a2e00 RCX: 0000000000002699 RDX: 206c656e72656af8 RSI: ffff8d1bf7ae6160 RDI: 206c656e72656b20 RBP: 0000000000000000 R08: 0000000000026160 R09: ffffffffc06b45bf R10: ffffe849887da000 R11: 0000000000000002 R12: ffff8d1be30cb400 R13: ffff8d1bdf681800 R14: ffff8d1be2272400 R15: ffff8d1be30ca000 FS: 0000000000000000(0000) GS:ffff8d1bf7ac0000(0000) knlGS:0000000000000000 Trace: ib_destroy_qp+0xc9/0x240 [ib_core] ipoib_cm_tx_reap+0x1f9/0x4e0 [ib_ipoib] process_one_work+0x1a1/0x3a0 worker_thread+0x30/0x380 ? pwq_unbound_release_workfn+0xd0/0xd0 kthread+0x112/0x130 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x22/0x40 Reported-by: Alexander Murashkin Tested-by: Alexander Murashkin Fixes: 1a1f460ff151 ("RDMA: Hold the sgid_attr inside the struct ib_ah/qp") Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 6325e01b6cdf4636b721cf7259c1616e3cf28ce2 Author: Adit Ranadive Date: Wed Jan 9 23:08:49 2019 +0000 RDMA/vmw_pvrdma: Return the correct opcode when creating WR Since the IB_WR_REG_MR opcode value changed, let's set the PVRDMA device opcodes explicitly. Reported-by: Ruishuang Wang Fixes: 9a59739bd01f ("IB/rxe: Revise the ib_wr_opcode enum") Cc: stable@vger.kernel.org Reviewed-by: Bryan Tan Reviewed-by: Ruishuang Wang Reviewed-by: Vishnu Dasa Signed-off-by: Adit Ranadive Signed-off-by: Jason Gunthorpe commit 10f4e765879e514e1ce7f52ed26603047af196e2 Author: wenxu Date: Thu Jan 10 14:51:35 2019 +0800 netfilter: nft_flow_offload: fix interaction with vrf slave device In the forward chain, the iif is changed from slave device to master vrf device. Thus, flow offload does not find a match on the lower slave device. This patch uses the cached route, ie. dst->dev, to update the iif and oif fields in the flow entry. After this patch, the following example works fine: # ip addr add dev eth0 1.1.1.1/24 # ip addr add dev eth1 10.0.0.1/24 # ip link add user1 type vrf table 1 # ip l set user1 up # ip l set dev eth0 master user1 # ip l set dev eth1 master user1 # nft add table firewall # nft add flowtable f fb1 { hook ingress priority 0 \; devices = { eth0, eth1 } \; } # nft add chain f ftb-all {type filter hook forward priority 0 \; policy accept \; } # nft add rule f ftb-all ct zone 1 ip protocol tcp flow offload @fb1 # nft add rule f ftb-all ct zone 1 ip protocol udp flow offload @fb1 Signed-off-by: wenxu Signed-off-by: Pablo Neira Ayuso commit e2c8d550a973bb34fc28bc8d0ec996f84562fb8a Author: Shakeel Butt Date: Wed Jan 2 19:14:31 2019 -0800 netfilter: ebtables: account ebt_table_info to kmemcg The [ip,ip6,arp]_tables use x_tables_info internally and the underlying memory is already accounted to kmemcg. Do the same for ebtables. The syzbot, by using setsockopt(EBT_SO_SET_ENTRIES), was able to OOM the whole system from a restricted memcg, a potential DoS. By accounting the ebt_table_info, the memory used for ebt_table_info can be contained within the memcg of the allocating process. However the lifetime of ebt_table_info is independent of the allocating process and is tied to the network namespace. So, the oom-killer will not be able to relieve the memory pressure due to ebt_table_info memory. The memory for ebt_table_info is allocated through vmalloc. Currently vmalloc does not handle the oom-killed allocating process correctly and one large allocation can bypass memcg limit enforcement. So, with this patch, at least the small allocations will be contained. For large allocations, we need to fix vmalloc. Reported-by: syzbot+7713f3aa67be76b1552c@syzkaller.appspotmail.com Signed-off-by: Shakeel Butt Reviewed-by: Kirill Tkhai Signed-off-by: Pablo Neira Ayuso commit b67d4530cdade7ebfafa2c6b46f2a0dad3e41bcb Author: Sowjanya Komatineni Date: Tue Jan 8 13:59:10 2019 -0800 i2c: tegra: Fix Maximum transfer size Tegra194 supports maximum 64K Bytes transfer per packet. Tegra186 and prior supports maximum 4K Bytes transfer per packet. This patch fixes this payload difference between Tegra194 and prior Tegra chipsets using separate i2c_adapter_quirks. Signed-off-by: Sowjanya Komatineni Acked-by: Thierry Reding Signed-off-by: Wolfram Sang commit 6ebec961d59bccf65d08b13fc1ad4e6272a89338 Author: Yi Zeng Date: Wed Jan 9 15:33:07 2019 +0800 i2c: dev: prevent adapter retries and timeout being set as minus value If adapter->retries is set to a minus value from user space via ioctl, it will make __i2c_transfer and __i2c_smbus_xfer skip the calling to adapter->algo->master_xfer and adapter->algo->smbus_xfer that is registered by the underlying bus drivers, and return value 0 to all the callers. The bus driver will never be accessed anymore by all users, besides, the users may still get successful return value without any error or information log print out. If adapter->timeout is set to minus value from user space via ioctl, it will make the retrying loop in __i2c_transfer and __i2c_smbus_xfer always break after the the first try, due to the time_after always returns true. Signed-off-by: Yi Zeng [wsa: minor grammar updates to commit message] Signed-off-by: Wolfram Sang Cc: stable@kernel.org commit 2076607a20bd4dfba699185616cbbbce06d3fa59 Author: Fabio Estevam Date: Wed Dec 26 10:06:19 2018 -0200 qcom-scm: Include header Since commit e6f6d63ed14c ("drm/msm: add headless gpu device for imx5") the DRM_MSM symbol can be selected by SOC_IMX5 causing the following error when building imx_v6_v7_defconfig: In file included from ../drivers/gpu/drm/msm/adreno/a5xx_gpu.c:17:0: ../include/linux/qcom_scm.h: In function 'qcom_scm_set_cold_boot_addr': ../include/linux/qcom_scm.h:73:10: error: 'ENODEV' undeclared (first use in this function) return -ENODEV; Include the header file to fix this problem. Reported-by: kernelci.org bot Fixes: e6f6d63ed14c ("drm/msm: add headless gpu device for imx5") Signed-off-by: Fabio Estevam Reviewed-by: Bjorn Andersson Tested-by: Guenter Roeck Signed-off-by: Andy Gross commit a39c330d7436530151a619319f7ff6e9b3a6d8c6 Merge: 5db470e229e22 b8a38ea64dc71 Author: Jens Axboe Date: Thu Jan 10 15:29:57 2019 -0700 Merge branch 'nvme-5.0' of git://git.infradead.org/nvme into for-linus Pull NVMe fixes from Christoph. * 'nvme-5.0' of git://git.infradead.org/nvme: nvme: don't initlialize ctrl->cntlid twice nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN nvme: pad fake subsys NQN vid and ssvid with zeros nvme-multipath: zero out ANA log buffer nvme-fabrics: unset write/poll queues for discovery controllers nvme-tcp: don't ask if controller is fabrics nvme-tcp: remove dead code nvme-pci: fix out of bounds access in nvme_cqe_pending nvme-pci: rerun irq setup on IO queue init errors nvme-pci: use the same attributes when freeing host_mem_desc_bufs. nvme-pci: fix the wrong setting of nr_maps commit 8ce5f84157530ffa64b3e0acf00b9261f41c8da8 Author: Rob Herring Date: Tue Dec 11 14:31:05 2018 -0600 of: Remove struct device_node.type pointer Now that all users of device_node.type pointer have been removed in favor of accessor functions, we can remove it. Cc: Frank Rowand Cc: devicetree@vger.kernel.org Signed-off-by: Rob Herring commit de6629eb262e0dc52a2367db38e3d2780cff5427 Merge: 4f548c25a38ef a3869d43c9800 Author: Linus Torvalds Date: Thu Jan 10 14:16:47 2019 -0800 Merge tag 'pci-v5.0-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fix from Bjorn Helgaas: "Fix Amlogic Meson host controller driver build failure (Corentin Labbe)" * tag 'pci-v5.0-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: amlogic: Fix build failure due to missing gpio header commit b19bce0335e25b9069ddb10d234e673bbd46d2f4 Author: Heiner Kallweit Date: Wed Jan 9 08:20:28 2019 +0100 net: ethernet: mediatek: fix warning in phy_start_aneg linux 5.0-rc1 shows following warning on bpi-r2/mt7623 bootup: [ 5.170597] WARNING: CPU: 3 PID: 1 at drivers/net/phy/phy.c:548 phy_start_aneg+0x110/0x144 [ 5.178826] called from state READY .... [ 5.264111] [] (phy_start_aneg) from [] (mtk_init+0x414/0x47c) [ 5.271630] r7:df5f5eec r6:c0f08c48 r5:00000000 r4:dea67800 [ 5.277256] [] (mtk_init) from [] (register_netdevice+0x98/0x51c) [ 5.285035] r8:00000000 r7:00000000 r6:c0f97080 r5:c0f08c48 r4:dea67800 [ 5.291693] [] (register_netdevice) from [] (register_netdev+0x2c/0x44) [ 5.299989] r8:00000000 r7:dea2e608 r6:deacea00 r5:dea2e604 r4:dea67800 [ 5.306646] [] (register_netdev) from [] (mtk_probe+0x668/0x7ac) [ 5.314336] r5:dea2e604 r4:dea2e040 [ 5.317890] [] (mtk_probe) from [] (platform_drv_probe+0x58/0xa8) [ 5.325670] r10:c0f86bac r9:00000000 r8:c0fbe578 r7:00000000 r6:c0f86bac r5:00000000 [ 5.333445] r4:deacea10 [ 5.335963] [] (platform_drv_probe) from [] (really_probe+0x2d8/0x424) maybe other boards using this generic driver are affected v2: optimization: - phy_set_max_speed() is only needed if you want to reduce the max speed, typically if the PHY supports 1Gbps but the MAC supports 100Mbps only. - The pause parameters are autonegotiated. Except you have a specific need you normally don't need to manually fiddle with this. - phy_start_aneg() is called implicitly by the phylib state machine, you shouldn't call it manually except you have a good excuse. - netif_carrier_on/netif_carrier_off in mtk_phy_link_adjust() isn't needed. It's done by phy_link_change() in phylib. Signed-off-by: Frank Wunderlich Reviewed-by: Heiner Kallweit Acked-by: Sean Wang Signed-off-by: David S. Miller commit c5715b8fabfca0ef85903f8bad2189940ed41cc8 Author: Yuchung Cheng Date: Tue Jan 8 18:14:28 2019 -0800 tcp: change txhash on SYN-data timeout Previously upon SYN timeouts the sender recomputes the txhash to try a different path. However this does not apply on the initial timeout of SYN-data (active Fast Open). Therefore an active IPv6 Fast Open connection may incur one second RTO penalty to take on a new path after the second SYN retransmission uses a new flow label. This patch removes this undesirable behavior so Fast Open changes the flow label just like the regular connections. This also helps avoid falsely disabling Fast Open on the sender which triggers after two consecutive SYN timeouts on Fast Open. Signed-off-by: Yuchung Cheng Reviewed-by: Neal Cardwell Signed-off-by: David S. Miller commit ea89098ef9a574bceca00d3b5df14aaf0b3f9ccf Author: Andrew Lunn Date: Wed Jan 9 00:24:03 2019 +0100 net: dsa: mv88x6xxx: mv88e6390 errata The 6390 copper ports have an errata which require poking magic values into undocumented magic registers and then performing a software reset. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller commit 001e465f09a18857443489a57e74314a3368c805 Author: Willem de Bruijn Date: Tue Jan 8 12:32:42 2019 -0500 bonding: update nest level on unlink A network device stack with multiple layers of bonding devices can trigger a false positive lockdep warning. Adding lockdep nest levels fixes this. Update the level on both enslave and unlink, to avoid the following series of events .. ip netns add test ip netns exec test bash ip link set dev lo addr 00:11:22:33:44:55 ip link set dev lo down ip link add dev bond1 type bond ip link add dev bond2 type bond ip link set dev lo master bond1 ip link set dev bond1 master bond2 ip link set dev bond1 nomaster ip link set dev bond2 master bond1 .. from still generating a splat: [ 193.652127] ====================================================== [ 193.658231] WARNING: possible circular locking dependency detected [ 193.664350] 4.20.0 #8 Not tainted [ 193.668310] ------------------------------------------------------ [ 193.674417] ip/15577 is trying to acquire lock: [ 193.678897] 00000000a40e3b69 (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: bond_get_stats+0x58/0x290 [ 193.687851] but task is already holding lock: [ 193.693625] 00000000807b9d9f (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0x58/0x290 [..] [ 193.851092] lock_acquire+0xa7/0x190 [ 193.855138] _raw_spin_lock_nested+0x2d/0x40 [ 193.859878] bond_get_stats+0x58/0x290 [ 193.864093] dev_get_stats+0x5a/0xc0 [ 193.868140] bond_get_stats+0x105/0x290 [ 193.872444] dev_get_stats+0x5a/0xc0 [ 193.876493] rtnl_fill_stats+0x40/0x130 [ 193.880797] rtnl_fill_ifinfo+0x6c5/0xdc0 [ 193.885271] rtmsg_ifinfo_build_skb+0x86/0xe0 [ 193.890091] rtnetlink_event+0x5b/0xa0 [ 193.894320] raw_notifier_call_chain+0x43/0x60 [ 193.899225] netdev_change_features+0x50/0xa0 [ 193.904044] bond_compute_features.isra.46+0x1ab/0x270 [ 193.909640] bond_enslave+0x141d/0x15b0 [ 193.913946] do_set_master+0x89/0xa0 [ 193.918016] do_setlink+0x37c/0xda0 [ 193.921980] __rtnl_newlink+0x499/0x890 [ 193.926281] rtnl_newlink+0x48/0x70 [ 193.930238] rtnetlink_rcv_msg+0x171/0x4b0 [ 193.934801] netlink_rcv_skb+0xd1/0x110 [ 193.939103] rtnetlink_rcv+0x15/0x20 [ 193.943151] netlink_unicast+0x3b5/0x520 [ 193.947544] netlink_sendmsg+0x2fd/0x3f0 [ 193.951942] sock_sendmsg+0x38/0x50 [ 193.955899] ___sys_sendmsg+0x2ba/0x2d0 [ 193.960205] __x64_sys_sendmsg+0xad/0x100 [ 193.964687] do_syscall_64+0x5a/0x460 [ 193.968823] entry_SYSCALL_64_after_hwframe+0x49/0xbe Fixes: 7e2556e40026 ("bonding: avoid lockdep confusion in bond_get_stats()") Reported-by: syzbot Signed-off-by: Willem de Bruijn Signed-off-by: David S. Miller commit f34c48e06ddcc197f2cf7cbc006ceb74e28e1ccf Merge: bd86c9e66c838 1c1eba86339c8 Author: Dave Airlie Date: Fri Jan 11 07:37:56 2019 +1000 Merge branch 'drm-fixes-5.0' of git://people.freedesktop.org/~agd5f/linux into drm-fixes - Powerplay fixes - Virtual display pinning fixes - Golden register updates for vega - Pitch and gem size validation fixes - Fix for error case in sr-iov init - Disable page tables in system memory on RV due to issues with IOMMU reported on some platforms Signed-off-by: Dave Airlie From: Alex Deucher Link: https://patchwork.freedesktop.org/patch/msgid/20190109204336.3315-1-alexander.deucher@amd.com commit 4f548c25a38efb3589c4e797a6e87f6900345dc0 Merge: 1bdbe22749207 27de1f541f1f9 Author: Linus Torvalds Date: Thu Jan 10 13:36:53 2019 -0800 Merge tag 'riscv-for-linus-4.21-rc2-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux Pull RISC-V updates from Palmer Dabbelt: "This tag contains a handful of updates that slipped through the cracks during the merge window due to the holidays. The fixes are mostly independent, with the exception of one larger audit-related branch. Core RISC-V updates: - The BSS has been moved, which shrinks flat images. - A fix to test-bpf so it compiles on RV64I-based systems. - A fix to respect the kernel commandline when there is no device tree. - A fix to prevent CPUs from trying to put themselves to sleep when bringing down the system. - Support for MODULE_SECTIONS on RV32I-based systems. - [new in v2] The addition of an SBI earlycon driver. This is definately a new feature, but I'd like to include it now because I dropped this patch when submitting the merge window PR that removed our EARLY_PRINTK support. RISC-V audit updates: - The addition of NR_syscalls into unistd.h, which is necessary for CONFIG_FTRACE_SYSCALLS. - The definition of CREATE_TRACE_POINTS so __tracepoint_sys_{enter,exit} get defined. - A fix for trace_sys_exit() so we can enable HAVE_SYSCALL_TRACEPOINTS As usual, I've tested this by booting a Fedora-based image on a recent QEMU (this time just whatever I had lying around). * tag 'riscv-for-linus-4.21-rc2-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux: tty/serial: Add RISC-V SBI earlycon support riscv: add HAVE_SYSCALL_TRACEPOINTS to Kconfig riscv: fix trace_sys_exit hook riscv: define CREATE_TRACE_POINTS in ptrace.c riscv: define NR_syscalls in unistd.h riscv: audit: add audit hook in do_syscall_trace_enter/exit() riscv: add audit support RISC-V: Support MODULE_SECTIONS mechanism on RV32 MAINTAINERS: SiFive drivers: add myself as a SiFive driver maintainer MAINTAINERS: SiFive drivers: change the git tree to a SiFive git tree riscv: don't stop itself in smp_send_stop arch: riscv: support kernel command line forcing when no DTB passed tools uapi: fix RISC-V 64-bit support RISC-V: Make BSS section as the last section in vmlinux.lds.S commit bd86c9e66c8385fb437c5ad506243304a8814b65 Merge: bfeffd1552837 f8c15790e4d8b Author: Dave Airlie Date: Fri Jan 11 06:32:37 2019 +1000 Merge tag 'drm-misc-fixes-2019-01-10' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes Pull request for drm-misc-fixes for v5.0-rc2: - Fixes for the tc358767 bridge to work correctly with tc358867 using a DP connector. - Make resume work on amdgpu when a DP-MST display is unplugged. Signed-off-by: Dave Airlie From: Maarten Lankhorst Link: https://patchwork.freedesktop.org/patch/msgid/1c47722d-c416-184d-4340-0dc6a614d685@linux.intel.com commit 8544f4aa9dd19a04d1244dae10feecc813ccf175 Author: Pavel Shilovsky Date: Sat Dec 22 12:40:05 2018 -0800 CIFS: Fix credit computation for compounded requests In SMB3 protocol every part of the compound chain consumes credits individually, so we need to call wait_for_free_credits() for each of the PDUs in the chain. If an operation is interrupted, we must ensure we return all credits taken from the server structure back. Without this patch server can sometimes disconnect the session due to credit mismatches, especially when first operation(s) are large writes. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French CC: Stable commit 33fa5c8b8a7dbe6353a56eaa654b790348890d42 Author: Pavel Shilovsky Date: Thu Jan 3 16:45:13 2019 -0800 CIFS: Do not set credits to 1 if the server didn't grant anything Currently we reset the number of total credits granted by the server to 1 if the server didn't grant us anything int the response. This violates the SMB3 protocol - we need to trust the server and use the credit values from the response. Fix this by removing the corresponding code. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French CC: Stable commit b983f7e92348d7e7d091db1b78b7915e9dd3d63a Author: Pavel Shilovsky Date: Wed Dec 19 22:49:09 2018 +0000 CIFS: Fix adjustment of credits for MTU requests Currently for MTU requests we allocate maximum possible credits in advance and then adjust them according to the request size. While we were adjusting the number of credits belonging to the server, we were skipping adjustment of credits belonging to the request. This patch fixes it by setting request credits to CreditCharge field value of SMB2 packet header. Also ask 1 credit more for async read and write operations to increase parallelism and match the behavior of other operations. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French CC: Stable commit c715f89c4dab76317c773df2611af2dac4dea2b7 Author: Dan Carpenter Date: Sat Jan 5 21:18:03 2019 +0300 cifs: Fix a tiny potential memory leak The most recent "it" allocation is leaked on this error path. I believe that small allocations always succeed in current kernels so this doesn't really affect run time. Fixes: 54be1f6c1c37 ("cifs: Add DFS cache routines") Signed-off-by: Dan Carpenter Signed-off-by: Steve French commit 8428817dc40006dca0a531cfa06e89cb3b41790d Author: Dan Carpenter Date: Sat Jan 5 15:25:29 2019 +0300 cifs: Fix a debug message This debug message was never shown because it was checking for NULL returns but extract_hostname() returns error pointers. Fixes: 93d5cb517db3 ("cifs: Add support for failover in cifs_reconnect()") Signed-off-by: Dan Carpenter Signed-off-by: Steve French Reviewed-by: Paulo Alcantara commit a214720cbf50cd8c3f76bbb9c3f5c283910e9d33 Author: YunQiang Su Date: Tue Jan 8 13:45:10 2019 +0800 Disable MSI also when pcie-octeon.pcie_disable on Octeon has an boot-time option to disable pcie. Since MSI depends on PCI-E, we should also disable MSI also with this option is on in order to avoid inadvertently accessing PCIe registers. Signed-off-by: YunQiang Su Signed-off-by: Paul Burton Cc: pburton@wavecomp.com Cc: linux-mips@vger.kernel.org Cc: aaro.koskinen@iki.fi Cc: stable@vger.kernel.org # v3.3+ commit b89d82ef01b33bc50cbaa8ff05607879b40d0704 Author: Will Deacon Date: Tue Jan 8 16:19:01 2019 +0000 arm64: kpti: Avoid rewriting early page tables when KASLR is enabled A side effect of commit c55191e96caa ("arm64: mm: apply r/o permissions of VM areas to its linear alias as well") is that the linear map is created with page granularity, which means that transitioning the early page table from global to non-global mappings when enabling kpti can take a significant amount of time during boot. Given that most CPU implementations do not require kpti, this mainly impacts KASLR builds where kpti is forcefully enabled. However, in these situations we know early on that non-global mappings are required and can avoid the use of global mappings from the beginning. The only gotcha is Cavium erratum #27456, which we must detect based on the MIDR value of the boot CPU. Reviewed-by: Ard Biesheuvel Reported-by: John Garry Signed-off-by: Will Deacon commit 1bdbe227492075d058e37cb3d400e6468d0095b5 Merge: f0ebbe9b18e0d 58fec830fc192 Author: Linus Torvalds Date: Thu Jan 10 09:20:46 2019 -0800 Merge tag 'vfio-v5.0-rc2' of git://github.com/awilliam/linux-vfio Pull VFIO fixes from Alex Williamson: - Fix trace header include path for in-tree builds (Masahiro Yamada) - Fix overflow in unmap wrap-around test (Alex Williamson) * tag 'vfio-v5.0-rc2' of git://github.com/awilliam/linux-vfio: vfio/type1: Fix unmap overflow off-by-one vfio/pci: set TRACE_INCLUDE_PATH to fix the build error commit f0ebbe9b18e0d2bb79c7963faf847b949d4f5720 Merge: e7446be4468bb d1dd42110d272 Author: Linus Torvalds Date: Thu Jan 10 09:17:48 2019 -0800 Merge tag 'sound-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "A collection of small fixes for USB-audio, HD-audio and cs46xx. The USB-audio fixes are for out-of-bound accesses and a regression in the recent cleanup, while HD-audio fixes are usual device-specific quirks" * tag 'sound-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 ALSA: usb-audio: fix CM6206 register definitions ALSA: cs46xx: Potential NULL dereference in probe ALSA: hda/realtek - Support Dell headset mode for New AIO platform ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks ALSA: usb-audio: Always check descriptor sizes in parser code ALSA: usb-audio: Check mixer unit descriptors more strictly ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() commit e7446be4468bb24c9e45a153bcc9f29ec0372a6f Merge: 70c25259537c0 81d9bdf59092e Author: Linus Torvalds Date: Thu Jan 10 09:14:12 2019 -0800 Merge tag 'mtd/fixes-for-5.0-rc2' of git://git.infradead.org/linux-mtd Pull mtd fixes from Boris Brezillon: "Core MTD Fixes: - Fix a bug introduced when exposing MTD devs as NVMEM providers and check for add_mtd_device() return code everywhere raw NAND fixes: - Fix a memory corruption in the QCOM driver" * tag 'mtd/fixes-for-5.0-rc2' of git://git.infradead.org/linux-mtd: mtd: rawnand: qcom: fix memory corruption that causes panic mtd: Check add_mtd_device() ret code mtd: Fix the check on nvmem_register() ret code commit 5edc22cc1d33d6a88d175d25adc38d2a5cee134d Author: Marc Dionne Date: Wed Jan 9 17:23:54 2019 +0000 afs: Set correct lock type for the yfs CreateFile A lock type of 0 is "LockRead", which makes the fileserver record an unintentional read lock on the new file. This will cause problems later on if the file is the subject of locking operations. The correct default value should be -1 ("LockNone"). Fix the operation marshalling code to set the value and provide an enum to symbolise the values whilst we're at it. Fixes: 30062bd13e36 ("afs: Implement YFS support in the fs client") Signed-off-by: Marc Dionne Signed-off-by: David Howells commit c2b8bd49d35a768d3966c5e14e8f6971f2a63439 Author: Gustavo A. R. Silva Date: Wed Jan 9 17:23:54 2019 +0000 afs: Use struct_size() in kzalloc() One of the more common cases of allocation size calculations is finding the size of a structure that has a zero-sized array at the end, along with memory for some number of elements for that array. For example: struct foo { int stuff; void *entry[]; }; instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL); Instead of leaving these open-coded and prone to type mistakes, we can now use the new struct_size() helper: instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL); This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: David Howells commit 1b3922a8bc74231f9a767d1be6d9a061a4d4eeab Author: Qu Wenruo Date: Tue Jan 8 14:08:18 2019 +0800 btrfs: Use real device structure to verify dev extent [BUG] Linux v5.0-rc1 will fail fstests/btrfs/163 with the following kernel message: BTRFS error (device dm-6): dev extent devid 1 physical offset 13631488 len 8388608 is beyond device boundary 0 BTRFS error (device dm-6): failed to verify dev extents against chunks: -117 BTRFS error (device dm-6): open_ctree failed [CAUSE] Commit cf90d884b347 ("btrfs: Introduce mount time chunk <-> dev extent mapping check") introduced strict check on dev extents. We use btrfs_find_device() with dev uuid and fs uuid set to NULL, and only dependent on @devid to find the real device. For seed devices, we call clone_fs_devices() in open_seed_devices() to allow us search seed devices directly. However clone_fs_devices() just populates devices with devid and dev uuid, without populating other essential members, like disk_total_bytes. This makes any device returned by btrfs_find_device(fs_info, devid, NULL, NULL) is just a dummy, with 0 disk_total_bytes, and any dev extents on the seed device will not pass the device boundary check. [FIX] This patch will try to verify the device returned by btrfs_find_device() and if it's a dummy then re-search in seed devices. Fixes: cf90d884b347 ("btrfs: Introduce mount time chunk <-> dev extent mapping check") CC: stable@vger.kernel.org # 4.19+ Reported-by: Filipe Manana Signed-off-by: Qu Wenruo Signed-off-by: David Sterba commit beaf3d1901f4ea46fbd5c9d857227d99751de469 Author: Song Liu Date: Tue Jan 8 14:20:44 2019 -0800 bpf: fix panic in stack_map_get_build_id() on i386 and arm32 As Naresh reported, test_stacktrace_build_id() causes panic on i386 and arm32 systems. This is caused by page_address() returns NULL in certain cases. This patch fixes this error by using kmap_atomic/kunmap_atomic instead of page_address. Fixes: 615755a77b24 (" bpf: extend stackmap to save binary_build_id+offset instead of address") Reported-by: Naresh Kamboju Signed-off-by: Song Liu Signed-off-by: Daniel Borkmann commit f98937c6bb73ae11717a15aec85c187d33ca5d34 Author: Anders Roxell Date: Tue Jan 8 10:23:03 2019 +0100 selftests: bpf: install files tcp_(server|client)*.py When test_tcpbpf_user runs it complains that it can't find files tcp_server.py and tcp_client.py. Rework so that tcp_server.py and tcp_client.py gets installed, added them to the variable TEST_PROGS_EXTENDED. Fixes: d6d4f60c3a09 ("bpf: add selftest for tcpbpf") Signed-off-by: Anders Roxell Signed-off-by: Daniel Borkmann commit df209c43a0e8258e096fb722dfbdae4f0dd13fde Author: Nicholas Mc Guire Date: Sat Dec 1 12:57:18 2018 +0100 gpio: pl061: handle failed allocations devm_kzalloc(), devm_kstrdup() and devm_kasprintf() all can fail internal allocation and return NULL. Using any of the assigned objects without checking is not safe. As this is early in the boot phase and these allocations really should not fail, any failure here is probably an indication of a more serious issue so it makes little sense to try and rollback the previous allocated resources or try to continue; but rather the probe function is simply exited with -ENOMEM. Signed-off-by: Nicholas Mc Guire Fixes: 684284b64aae ("ARM: integrator: add MMCI device to IM-PD1") Signed-off-by: Linus Walleij commit 11b36abc249f5e100d532c5271dae938fde85175 Author: Ioana Ciornei Date: Wed Jan 9 17:06:55 2019 +0000 samples: bpf: user proper argument index Use optind as index for argv instead of a hardcoded value. When the program has options this leads to improper parameter handling. Fixes: dc378a1ab5b6 ("samples: bpf: get ifindex from ifname") Signed-off-by: Ioana Ciornei Acked-by: Matteo Croce Signed-off-by: Daniel Borkmann commit e3ca63de8ade75757a067f6a5bd111d30cdcadb5 Author: Stanislav Fomichev Date: Tue Jan 8 16:07:28 2019 -0800 selftests/bpf: add missing executables to .gitignore We build test_libbpf with CXX to make sure linking against C++ works. $ make -s -C tools/lib/bpf $ git status -sb ? tools/lib/bpf/test_libbpf $ make -s -C tools/testing/selftests/bpf $ git status -sb ? tools/lib/bpf/test_libbpf ? tools/testing/selftests/bpf/test_libbpf Fixes: 8c4905b995c6 ("libbpf: make sure bpf headers are c++ include-able") Signed-off-by: Stanislav Fomichev Signed-off-by: Daniel Borkmann commit 7d033c9f6a7fd3821af75620a0257db87c2b552a Author: Eric Dumazet Date: Tue Jan 8 04:06:14 2019 -0800 ipv6: fix kernel-infoleak in ipv6_local_error() This patch makes sure the flow label in the IPv6 header forged in ipv6_local_error() is initialized. BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32 CPU: 1 PID: 24675 Comm: syz-executor1 Not tainted 4.20.0-rc7+ #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x173/0x1d0 lib/dump_stack.c:113 kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613 kmsan_internal_check_memory+0x455/0xb00 mm/kmsan/kmsan.c:675 kmsan_copy_to_user+0xab/0xc0 mm/kmsan/kmsan_hooks.c:601 _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32 copy_to_user include/linux/uaccess.h:177 [inline] move_addr_to_user+0x2e9/0x4f0 net/socket.c:227 ___sys_recvmsg+0x5d7/0x1140 net/socket.c:2284 __sys_recvmsg net/socket.c:2327 [inline] __do_sys_recvmsg net/socket.c:2337 [inline] __se_sys_recvmsg+0x2fa/0x450 net/socket.c:2334 __x64_sys_recvmsg+0x4a/0x70 net/socket.c:2334 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x457ec9 Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f8750c06c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9 RDX: 0000000000002000 RSI: 0000000020000400 RDI: 0000000000000005 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8750c076d4 R13: 00000000004c4a60 R14: 00000000004d8140 R15: 00000000ffffffff Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:204 [inline] kmsan_save_stack mm/kmsan/kmsan.c:219 [inline] kmsan_internal_chain_origin+0x134/0x230 mm/kmsan/kmsan.c:439 __msan_chain_origin+0x70/0xe0 mm/kmsan/kmsan_instr.c:200 ipv6_recv_error+0x1e3f/0x1eb0 net/ipv6/datagram.c:475 udpv6_recvmsg+0x398/0x2ab0 net/ipv6/udp.c:335 inet_recvmsg+0x4fb/0x600 net/ipv4/af_inet.c:830 sock_recvmsg_nosec net/socket.c:794 [inline] sock_recvmsg+0x1d1/0x230 net/socket.c:801 ___sys_recvmsg+0x4d5/0x1140 net/socket.c:2278 __sys_recvmsg net/socket.c:2327 [inline] __do_sys_recvmsg net/socket.c:2337 [inline] __se_sys_recvmsg+0x2fa/0x450 net/socket.c:2334 __x64_sys_recvmsg+0x4a/0x70 net/socket.c:2334 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:204 [inline] kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:158 kmsan_kmalloc+0xa6/0x130 mm/kmsan/kmsan_hooks.c:176 kmsan_slab_alloc+0xe/0x10 mm/kmsan/kmsan_hooks.c:185 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2759 [inline] __kmalloc_node_track_caller+0xe18/0x1030 mm/slub.c:4383 __kmalloc_reserve net/core/skbuff.c:137 [inline] __alloc_skb+0x309/0xa20 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:998 [inline] ipv6_local_error+0x1a7/0x9e0 net/ipv6/datagram.c:334 __ip6_append_data+0x129f/0x4fd0 net/ipv6/ip6_output.c:1311 ip6_make_skb+0x6cc/0xcf0 net/ipv6/ip6_output.c:1775 udpv6_sendmsg+0x3f8e/0x45d0 net/ipv6/udp.c:1384 inet_sendmsg+0x54a/0x720 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] __sys_sendto+0x8c4/0xac0 net/socket.c:1788 __do_sys_sendto net/socket.c:1800 [inline] __se_sys_sendto+0x107/0x130 net/socket.c:1796 __x64_sys_sendto+0x6e/0x90 net/socket.c:1796 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 Bytes 4-7 of 28 are uninitialized Memory access of size 28 starts at ffff8881937bfce0 Data copied to user address 0000000020000000 Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller commit 85704cb8dcfd88d351bfc87faaeba1c8214f3177 Author: Konstantin Khlebnikov Date: Tue Jan 8 12:30:00 2019 +0300 net/core/neighbour: tell kmemleak about hash tables This fixes false-positive kmemleak reports about leaked neighbour entries: unreferenced object 0xffff8885c6e4d0a8 (size 1024): comm "softirq", pid 0, jiffies 4294922664 (age 167640.804s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 20 2c f3 83 ff ff ff ff ........ ,...... 08 c0 ef 5f 84 88 ff ff 01 8c 7d 02 01 00 00 00 ..._......}..... backtrace: [<00000000748509fe>] ip6_finish_output2+0x887/0x1e40 [<0000000036d7a0d8>] ip6_output+0x1ba/0x600 [<0000000027ea7dba>] ip6_send_skb+0x92/0x2f0 [<00000000d6e2111d>] udp_v6_send_skb.isra.24+0x680/0x15e0 [<000000000668a8be>] udpv6_sendmsg+0x18c9/0x27a0 [<000000004bd5fa90>] sock_sendmsg+0xb3/0xf0 [<000000008227b29f>] ___sys_sendmsg+0x745/0x8f0 [<000000008698009d>] __sys_sendmsg+0xde/0x170 [<00000000889dacf1>] do_syscall_64+0x9b/0x400 [<0000000081cdb353>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<000000005767ed39>] 0xffffffffffffffff Signed-off-by: Konstantin Khlebnikov Signed-off-by: David S. Miller commit fd21c89b876565df76051eca395018de2280f8e1 Author: Colin Ian King Date: Mon Jan 7 23:48:09 2019 +0000 net: cxgb4: fix various indentation issues There are some lines that have indentation issues, fix these. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 2acc0abc882ac3be47719e189f3db006493ab640 Author: Colin Ian King Date: Mon Jan 7 23:39:24 2019 +0000 net: cxgb3: fix various indentation issues There are handful of lines that have indentation issues, fix these. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller commit 4a06fa67c4da20148803525151845276cdb995c1 Author: Willem de Bruijn Date: Mon Jan 7 16:47:33 2019 -0500 ip: on queued skb use skb_header_pointer instead of pskb_may_pull Commit 2efd4fca703a ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull") avoided a read beyond the end of the skb linear segment by calling pskb_may_pull. That function can trigger a BUG_ON in pskb_expand_head if the skb is shared, which it is when when peeking. It can also return ENOMEM. Avoid both by switching to safer skb_header_pointer. Fixes: 2efd4fca703a ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull") Reported-by: syzbot Suggested-by: Eric Dumazet Signed-off-by: Willem de Bruijn Signed-off-by: David S. Miller commit 0b7959b6257322f7693b08a459c505d4938646f2 Author: Stanislav Fomichev Date: Mon Jan 7 13:38:38 2019 -0800 tun: publish tfile after it's fully initialized BUG: unable to handle kernel NULL pointer dereference at 00000000000000d1 Call Trace: ? napi_gro_frags+0xa7/0x2c0 tun_get_user+0xb50/0xf20 tun_chr_write_iter+0x53/0x70 new_sync_write+0xff/0x160 vfs_write+0x191/0x1e0 __x64_sys_write+0x5e/0xd0 do_syscall_64+0x47/0xf0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 I think there is a subtle race between sending a packet via tap and attaching it: CPU0: CPU1: tun_chr_ioctl(TUNSETIFF) tun_set_iff tun_attach rcu_assign_pointer(tfile->tun, tun); tun_fops->write_iter() tun_chr_write_iter tun_napi_alloc_frags napi_get_frags napi->skb = napi_alloc_skb tun_napi_init netif_napi_add napi->skb = NULL napi->skb is NULL here napi_gro_frags napi_frags_skb skb = napi->skb skb_reset_mac_header(skb) panic() Move rcu_assign_pointer(tfile->tun) and rcu_assign_pointer(tun->tfiles) to be the last thing we do in tun_attach(); this should guarantee that when we call tun_get() we always get an initialized object. v2 changes: * remove extra napi_mutex locks/unlocks for napi operations Reported-by: syzbot Fixes: 90e33d459407 ("tun: enable napi_gro_frags() for TUN/TAP driver") Signed-off-by: Stanislav Fomichev Signed-off-by: David S. Miller commit 9f51c05dc41a6d69423e3d03d18eb7ab22f9ec19 Author: Wen Yang Date: Wed Dec 5 10:35:50 2018 +0800 pvcalls-front: Avoid get_free_pages(GFP_KERNEL) under spinlock The problem is that we call this with a spin lock held. The call tree is: pvcalls_front_accept() holds bedata->socket_lock. -> create_active() -> __get_free_pages() uses GFP_KERNEL The create_active() function is only called from pvcalls_front_accept() with a spin_lock held, The allocation is not allowed to sleep and GFP_KERNEL is not sufficient. This issue was detected by using the Coccinelle software. v2: Add a function doing the allocations which is called outside the lock and passing the allocated data to create_active(). v3: Use the matching deallocators i.e., free_page() and free_pages(), respectively. v4: It would be better to pre-populate map (struct sock_mapping), rather than introducing one more new struct. v5: Since allocating the data outside of this call it should also be freed outside, when create_active() fails. Move kzalloc(sizeof(*map2), GFP_ATOMIC) outside spinlock and use GFP_KERNEL instead. v6: Drop the superfluous calls. Suggested-by: Juergen Gross Suggested-by: Boris Ostrovsky Suggested-by: Stefano Stabellini Signed-off-by: Wen Yang Acked-by: Stefano Stabellini CC: Julia Lawall CC: Boris Ostrovsky CC: Juergen Gross CC: Stefano Stabellini CC: xen-devel@lists.xenproject.org CC: linux-kernel@vger.kernel.org Signed-off-by: Boris Ostrovsky commit 15c03092a9fbcdd041f58e5f832bf76c21c42e6a Author: Ravi Bangoria Date: Thu Jan 10 15:19:36 2019 +0530 tools headers powerpc: Remove unistd.h We use syscall.tbl to generate system call table on powerpc. The unistd.h copy is no longer required now. Remove it. Signed-off-by: Ravi Bangoria Cc: Jiri Olsa Cc: Michael Ellerman Cc: Namhyung Kim Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/20190110094936.3132-2-ravi.bangoria@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo commit d45a90cb5d061fa7d411b974b950fe0b8bc5f265 Author: Eric Biggers Date: Tue Jan 8 22:12:41 2019 -0800 crypto: sm3 - fix undefined shift by >= width of value sm3_compress() calls rol32() with shift >= 32, which causes undefined behavior. This is easily detected by enabling CONFIG_UBSAN. Explicitly AND with 31 to make the behavior well defined. Fixes: 4f0fc1600edb ("crypto: sm3 - add OSCCA SM3 secure hash") Cc: # v4.15+ Cc: Gilad Ben-Yossef Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 1bea445b0a022ee126ca328b3705cd4df18ebc14 Author: Christophe Leroy Date: Tue Jan 8 06:56:48 2019 +0000 crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK [ 2.364486] WARNING: CPU: 0 PID: 60 at ./arch/powerpc/include/asm/io.h:837 dma_nommu_map_page+0x44/0xd4 [ 2.373579] CPU: 0 PID: 60 Comm: cryptomgr_test Tainted: G W 4.20.0-rc5-00560-g6bfb52e23a00-dirty #531 [ 2.384740] NIP: c000c540 LR: c000c584 CTR: 00000000 [ 2.389743] REGS: c95abab0 TRAP: 0700 Tainted: G W (4.20.0-rc5-00560-g6bfb52e23a00-dirty) [ 2.400042] MSR: 00029032 CR: 24042204 XER: 00000000 [ 2.406669] [ 2.406669] GPR00: c02f2244 c95abb60 c6262990 c95abd80 0000256a 00000001 00000001 00000001 [ 2.406669] GPR08: 00000000 00002000 00000010 00000010 24042202 00000000 00000100 c95abd88 [ 2.406669] GPR16: 00000000 c05569d4 00000001 00000010 c95abc88 c0615664 00000004 00000000 [ 2.406669] GPR24: 00000010 c95abc88 c95abc88 00000000 c61ae210 c7ff6d40 c61ae210 00003d68 [ 2.441559] NIP [c000c540] dma_nommu_map_page+0x44/0xd4 [ 2.446720] LR [c000c584] dma_nommu_map_page+0x88/0xd4 [ 2.451762] Call Trace: [ 2.454195] [c95abb60] [82000808] 0x82000808 (unreliable) [ 2.459572] [c95abb80] [c02f2244] talitos_edesc_alloc+0xbc/0x3c8 [ 2.465493] [c95abbb0] [c02f2600] ablkcipher_edesc_alloc+0x4c/0x5c [ 2.471606] [c95abbd0] [c02f4ed0] ablkcipher_encrypt+0x20/0x64 [ 2.477389] [c95abbe0] [c02023b0] __test_skcipher+0x4bc/0xa08 [ 2.483049] [c95abe00] [c0204b60] test_skcipher+0x2c/0xcc [ 2.488385] [c95abe20] [c0204c48] alg_test_skcipher+0x48/0xbc [ 2.494064] [c95abe40] [c0205cec] alg_test+0x164/0x2e8 [ 2.499142] [c95abf00] [c0200dec] cryptomgr_test+0x48/0x50 [ 2.504558] [c95abf10] [c0039ff4] kthread+0xe4/0x110 [ 2.509471] [c95abf40] [c000e1d0] ret_from_kernel_thread+0x14/0x1c [ 2.515532] Instruction dump: [ 2.518468] 7c7e1b78 7c9d2378 7cbf2b78 41820054 3d20c076 8089c200 3d20c076 7c84e850 [ 2.526127] 8129c204 7c842e70 7f844840 419c0008 <0fe00000> 2f9e0000 54847022 7c84fa14 [ 2.533960] ---[ end trace bf78d94af73fe3b8 ]--- [ 2.539123] talitos ff020000.crypto: master data transfer error [ 2.544775] talitos ff020000.crypto: TEA error: ISR 0x20000000_00000040 [ 2.551625] alg: skcipher: encryption failed on test 1 for ecb-aes-talitos: ret=22 IV cannot be on stack when CONFIG_VMAP_STACK is selected because the stack cannot be DMA mapped anymore. This patch copies the IV into the extended descriptor. Fixes: 4de9d0b547b9 ("crypto: talitos - Add ablkcipher algorithms") Cc: stable@vger.kernel.org Signed-off-by: Christophe Leroy Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu commit c56c2e173773097a248fd3bace91ac8f6fc5386d Author: Christophe Leroy Date: Tue Jan 8 06:56:46 2019 +0000 crypto: talitos - reorder code in talitos_edesc_alloc() This patch moves the mapping of IV after the kmalloc(). This avoids having to unmap in case kmalloc() fails. Signed-off-by: Christophe Leroy Reviewed-by: Horia Geantă Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu commit 6db43410179bc40419a9859ebb333f178a49829d Author: Eric Biggers Date: Sun Jan 6 12:46:05 2019 -0800 crypto: adiantum - initialize crypto_spawn::inst crypto_grab_*() doesn't set crypto_spawn::inst, so templates must set it beforehand. Otherwise it will be left NULL, which causes a crash in certain cases where algorithms are dynamically loaded/unloaded. E.g. with CONFIG_CRYPTO_CHACHA20_X86_64=m, the following caused a crash: insmod chacha-x86_64.ko python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(("skcipher", "adiantum(xchacha12,aes)"))' rmmod chacha-x86_64.ko python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(("skcipher", "adiantum(xchacha12,aes)"))' Fixes: 059c2a4d8e16 ("crypto: adiantum - add Adiantum support") Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 06bbf753476dab23eb262cb5fbab6d6d277a0ba3 Author: Dan Carpenter Date: Fri Jan 4 09:46:11 2019 +0300 crypto: cavium/nitrox - Use after free in process_response_list() We free "sr" and then dereference it on the next line. Fixes: c9613335bf4f ("crypto: cavium/nitrox - Added AEAD cipher support") Signed-off-by: Dan Carpenter Signed-off-by: Herbert Xu commit a7773363624b034ab198c738661253d20a8055c2 Author: Harsh Jain Date: Thu Jan 3 14:21:05 2019 +0530 crypto: authencesn - Avoid twice completion call in decrypt path Authencesn template in decrypt path unconditionally calls aead_request_complete after ahash_verify which leads to following kernel panic in after decryption. [ 338.539800] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 [ 338.548372] PGD 0 P4D 0 [ 338.551157] Oops: 0000 [#1] SMP PTI [ 338.554919] CPU: 0 PID: 0 Comm: swapper/0 Kdump: loaded Tainted: G W I 4.19.7+ #13 [ 338.564431] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0 07/29/10 [ 338.572212] RIP: 0010:esp_input_done2+0x350/0x410 [esp4] [ 338.578030] Code: ff 0f b6 68 10 48 8b 83 c8 00 00 00 e9 8e fe ff ff 8b 04 25 04 00 00 00 83 e8 01 48 98 48 8b 3c c5 10 00 00 00 e9 f7 fd ff ff <8b> 04 25 04 00 00 00 83 e8 01 48 98 4c 8b 24 c5 10 00 00 00 e9 3b [ 338.598547] RSP: 0018:ffff911c97803c00 EFLAGS: 00010246 [ 338.604268] RAX: 0000000000000002 RBX: ffff911c4469ee00 RCX: 0000000000000000 [ 338.612090] RDX: 0000000000000000 RSI: 0000000000000130 RDI: ffff911b87c20400 [ 338.619874] RBP: 0000000000000000 R08: ffff911b87c20498 R09: 000000000000000a [ 338.627610] R10: 0000000000000001 R11: 0000000000000004 R12: 0000000000000000 [ 338.635402] R13: ffff911c89590000 R14: ffff911c91730000 R15: 0000000000000000 [ 338.643234] FS: 0000000000000000(0000) GS:ffff911c97800000(0000) knlGS:0000000000000000 [ 338.652047] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 338.658299] CR2: 0000000000000004 CR3: 00000001ec20a000 CR4: 00000000000006f0 [ 338.666382] Call Trace: [ 338.669051] [ 338.671254] esp_input_done+0x12/0x20 [esp4] [ 338.675922] chcr_handle_resp+0x3b5/0x790 [chcr] [ 338.680949] cpl_fw6_pld_handler+0x37/0x60 [chcr] [ 338.686080] chcr_uld_rx_handler+0x22/0x50 [chcr] [ 338.691233] uldrx_handler+0x8c/0xc0 [cxgb4] [ 338.695923] process_responses+0x2f0/0x5d0 [cxgb4] [ 338.701177] ? bitmap_find_next_zero_area_off+0x3a/0x90 [ 338.706882] ? matrix_alloc_area.constprop.7+0x60/0x90 [ 338.712517] ? apic_update_irq_cfg+0x82/0xf0 [ 338.717177] napi_rx_handler+0x14/0xe0 [cxgb4] [ 338.722015] net_rx_action+0x2aa/0x3e0 [ 338.726136] __do_softirq+0xcb/0x280 [ 338.730054] irq_exit+0xde/0xf0 [ 338.733504] do_IRQ+0x54/0xd0 [ 338.736745] common_interrupt+0xf/0xf Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD...") Signed-off-by: Harsh Jain Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu commit 2dd3fde41bf3dc68e38de23da87e72a07719b708 Author: Horia Geantă Date: Fri Dec 21 14:47:46 2018 +0200 crypto: caam - fix SHA support detection The addition of Chacha20 + Poly1305 authenc support inadvertently broke detection of algorithms supported by MDHA (Message Digest Hardware Accelerator), fix it. Fixes: d6bbd4eea243 ("crypto: caam/jr - add support for Chacha20 + Poly1305") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu commit 04e6d25c5bb244c1a37eb9fe0b604cc11a04e8c5 Author: Aymen Sghaier Date: Wed Dec 19 16:36:44 2018 +0200 crypto: caam - fix zero-length buffer DMA mapping Recent changes - probably DMA API related (generic and/or arm64-specific) - exposed a case where driver maps a zero-length buffer: ahash_init()->ahash_update()->ahash_final() with a zero-length string to hash kernel BUG at kernel/dma/swiotlb.c:475! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 1823 Comm: cryptomgr_test Not tainted 4.20.0-rc1-00108-g00c9fe37a7f2 #1 Hardware name: LS1046A RDB Board (DT) pstate: 80000005 (Nzcv daif -PAN -UAO) pc : swiotlb_tbl_map_single+0x170/0x2b8 lr : swiotlb_map_page+0x134/0x1f8 sp : ffff00000f79b8f0 x29: ffff00000f79b8f0 x28: 0000000000000000 x27: ffff0000093d0000 x26: 0000000000000000 x25: 00000000001f3ffe x24: 0000000000200000 x23: 0000000000000000 x22: 00000009f2c538c0 x21: ffff800970aeb410 x20: 0000000000000001 x19: ffff800970aeb410 x18: 0000000000000007 x17: 000000000000000e x16: 0000000000000001 x15: 0000000000000019 x14: c32cb8218a167fe8 x13: ffffffff00000000 x12: ffff80097fdae348 x11: 0000800976bca000 x10: 0000000000000010 x9 : 0000000000000000 x8 : ffff0000091fd6c8 x7 : 0000000000000000 x6 : 00000009f2c538bf x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 00000009f2c538c0 x1 : 00000000f9fff000 x0 : 0000000000000000 Process cryptomgr_test (pid: 1823, stack limit = 0x(____ptrval____)) Call trace: swiotlb_tbl_map_single+0x170/0x2b8 swiotlb_map_page+0x134/0x1f8 ahash_final_no_ctx+0xc4/0x6cc ahash_final+0x10/0x18 crypto_ahash_op+0x30/0x84 crypto_ahash_final+0x14/0x1c __test_hash+0x574/0xe0c test_hash+0x28/0x80 __alg_test_hash+0x84/0xd0 alg_test_hash+0x78/0x144 alg_test.part.30+0x12c/0x2b4 alg_test+0x3c/0x68 cryptomgr_test+0x44/0x4c kthread+0xfc/0x128 ret_from_fork+0x10/0x18 Code: d34bfc18 2a1a03f7 1a9f8694 35fff89a (d4210000) Cc: Signed-off-by: Aymen Sghaier Signed-off-by: Horia Geantă Reviewed-by: Christoph Hellwig Signed-off-by: Herbert Xu commit dc95b5350a8f07d73d6bde3a79ef87289698451d Author: Eric Biggers Date: Sun Dec 16 23:23:24 2018 -0800 crypto: ccree - convert to use crypto_authenc_extractkeys() Convert the ccree crypto driver to use crypto_authenc_extractkeys() so that it picks up the fix for broken validation of rtattr::rta_len. Fixes: ff27e85a85bb ("crypto: ccree - add AEAD support") Cc: # v4.17+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit ab57b33525c3221afaebd391458fa0cbcd56903d Author: Eric Biggers Date: Sun Dec 16 23:23:23 2018 -0800 crypto: bcm - convert to use crypto_authenc_extractkeys() Convert the bcm crypto driver to use crypto_authenc_extractkeys() so that it picks up the fix for broken validation of rtattr::rta_len. This also fixes the DES weak key check to actually be done on the right key. (It was checking the authentication key, not the encryption key...) Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver") Cc: # v4.11+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 8f9c469348487844328e162db57112f7d347c49f Author: Eric Biggers Date: Sun Dec 16 23:23:22 2018 -0800 crypto: authenc - fix parsing key with misaligned rta_len Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte 'enckeylen', followed by an authentication key and an encryption key. crypto_authenc_extractkeys() parses the key to find the inner keys. However, it fails to consider the case where the rtattr's payload is longer than 4 bytes but not 4-byte aligned, and where the key ends before the next 4-byte aligned boundary. In this case, 'keylen -= RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX. This causes a buffer overread and crash during crypto_ahash_setkey(). Fix it by restricting the rtattr payload to the expected size. Reproducer using AF_ALG: #include #include #include int main() { int fd; struct sockaddr_alg addr = { .salg_type = "aead", .salg_name = "authenc(hmac(sha256),cbc(aes))", }; struct { struct rtattr attr; __be32 enckeylen; char keys[1]; } __attribute__((packed)) key = { .attr.rta_len = sizeof(key), .attr.rta_type = 1 /* CRYPTO_AUTHENC_KEYA_PARAM */, }; fd = socket(AF_ALG, SOCK_SEQPACKET, 0); bind(fd, (void *)&addr, sizeof(addr)); setsockopt(fd, SOL_ALG, ALG_SET_KEY, &key, sizeof(key)); } It caused: BUG: unable to handle kernel paging request at ffff88007ffdc000 PGD 2e01067 P4D 2e01067 PUD 2e04067 PMD 2e05067 PTE 0 Oops: 0000 [#1] SMP CPU: 0 PID: 883 Comm: authenc Not tainted 4.20.0-rc1-00108-g00c9fe37a7f27 #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014 RIP: 0010:sha256_ni_transform+0xb3/0x330 arch/x86/crypto/sha256_ni_asm.S:155 [...] Call Trace: sha256_ni_finup+0x10/0x20 arch/x86/crypto/sha256_ssse3_glue.c:321 crypto_shash_finup+0x1a/0x30 crypto/shash.c:178 shash_digest_unaligned+0x45/0x60 crypto/shash.c:186 crypto_shash_digest+0x24/0x40 crypto/shash.c:202 hmac_setkey+0x135/0x1e0 crypto/hmac.c:66 crypto_shash_setkey+0x2b/0xb0 crypto/shash.c:66 shash_async_setkey+0x10/0x20 crypto/shash.c:223 crypto_ahash_setkey+0x2d/0xa0 crypto/ahash.c:202 crypto_authenc_setkey+0x68/0x100 crypto/authenc.c:96 crypto_aead_setkey+0x2a/0xc0 crypto/aead.c:62 aead_setkey+0xc/0x10 crypto/algif_aead.c:526 alg_setkey crypto/af_alg.c:223 [inline] alg_setsockopt+0xfe/0x130 crypto/af_alg.c:256 __sys_setsockopt+0x6d/0xd0 net/socket.c:1902 __do_sys_setsockopt net/socket.c:1913 [inline] __se_sys_setsockopt net/socket.c:1910 [inline] __x64_sys_setsockopt+0x1f/0x30 net/socket.c:1910 do_syscall_64+0x4a/0x180 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Fixes: e236d4a89a2f ("[CRYPTO] authenc: Move enckeylen into key itself") Cc: # v2.6.25+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu commit 0206131811fa6e4b3ed64b5f1c107e2815dcab42 Author: Ravi Bangoria Date: Thu Jan 10 15:19:35 2019 +0530 perf powerpc: Rework syscall table generation Commit aff850393200 ("powerpc: add system call table generation support") changed how systemcall table is generated for powerpc. Incorporate these changes into perf as well. Committer testing: $ podman run --entrypoint=/bin/sh --privileged -v /home/acme/git:/git --rm -ti docker.io/acmel/linux-perf-tools-build-ubuntu:18.04-x-powerpc64 perfbuilder@d7a7af166a80:/git/perf$ head -2 /etc/os-release NAME="Ubuntu" VERSION="18.04.1 LTS (Bionic Beaver)" perfbuilder@d7a7af166a80:/git/perf$ perfbuilder@d7a7af166a80:/git/perf$ make ARCH=powerpc CROSS_COMPILE=powerpc64-linux-gnu- EXTRA_CFLAGS= -C /git/linux/tools/perf O=/tmp/build/perf make: Entering directory '/git/linux/tools/perf' BUILD: Doing 'make -j8' parallel build HOSTCC /tmp/build/perf/fixdep.o HOSTLD /tmp/build/perf/fixdep-in.o LINK /tmp/build/perf/fixdep Warning: Kernel ABI header at 'tools/include/uapi/linux/mman.h' differs from latest version at 'include/uapi/linux/mman.h' diff -u tools/include/uapi/linux/mman.h include/uapi/linux/mman.h sh: 1: command: Illegal option -c Auto-detecting system features: ... dwarf: [ on ] ... dwarf_getlocations: [ on ] ... glibc: [ on ] ... gtk2: [ OFF ] ... libaudit: [ OFF ] ... libbfd: [ OFF ] ... libelf: [ on ] ... libnuma: [ OFF ] ... numa_num_possible_cpus: [ OFF ] ... libperl: [ OFF ] ... libpython: [ OFF ] ... libslang: [ OFF ] ... libcrypto: [ OFF ] ... libunwind: [ OFF ] ... libdw-dwarf-unwind: [ on ] ... zlib: [ on ] ... lzma: [ OFF ] ... get_cpuid: [ OFF ] ... bpf: [ on ] Makefile.config:445: No sys/sdt.h found, no SDT events are defined, please install systemtap-sdt-devel or systemtap-sdt-dev Makefile.config:491: No libunwind found. Please install libunwind-dev[el] >= 1.1 and/or set LIBUNWIND_DIR Makefile.config:583: No libcrypto.h found, disables jitted code injection, please install libssl-devel or libssl-dev Makefile.config:598: slang not found, disables TUI support. Please install slang-devel, libslang-dev or libslang2-dev Makefile.config:612: GTK2 not found, disables GTK2 support. Please install gtk2-devel or libgtk2.0-dev Makefile.config:639: Missing perl devel files. Disabling perl scripting support, please install perl-ExtUtils-Embed/libperl-dev Makefile.config:666: No python interpreter was found: disables Python support - please install python-devel/python-dev Makefile.config:721: No bfd.h/libbfd found, please install binutils-dev[el]/zlib-static/libiberty-dev to gain symbol demangling Makefile.config:750: No liblzma found, disables xz kernel module decompression, please install xz-devel/liblzma-dev Makefile.config:763: No numa.h found, disables 'perf bench numa mem' benchmark, please install numactl-devel/libnuma-devel/libnuma-dev Makefile.config:814: No libbabeltrace found, disables 'perf data' CTF format support, please install libbabeltrace-dev[el]/libbabeltrace-ctf-dev Makefile.config:840: No alternatives command found, you need to set JDIR= to point to the root of your Java directory GEN /tmp/build/perf/common-cmds.h CC /tmp/build/perf/util/syscalltbl.o LD /tmp/build/perf/libperf-in.o AR /tmp/build/perf/libperf.a LINK /tmp/build/perf/perf make: Leaving directory '/git/linux/tools/perf' perfbuilder@d7a7af166a80:/git/perf$ head /tmp/build/perf/arch/powerpc/include/generated/asm/syscalls_64.c static const char *syscalltbl_powerpc_64[] = { [0] = "restart_syscall", [1] = "exit", [2] = "fork", [3] = "read", [4] = "write", [5] = "open", [6] = "close", [7] = "waitpid", [8] = "creat", perfbuilder@d7a7af166a80:/git/perf$ tail /tmp/build/perf/arch/powerpc/include/generated/asm/syscalls_64.c [381] = "pwritev2", [382] = "kexec_file_load", [383] = "statx", [384] = "pkey_alloc", [385] = "pkey_free", [386] = "pkey_mprotect", [387] = "rseq", [388] = "io_pgetevents", }; #define SYSCALLTBL_POWERPC_64_MAX_ID 388 perfbuilder@d7a7af166a80:/git/perf$ head /tmp/build/perf/arch/powerpc/include/generated/asm/syscalls_32.c static const char *syscalltbl_powerpc_32[] = { [0] = "restart_syscall", [1] = "exit", [2] = "fork", [3] = "read", [4] = "write", [5] = "open", [6] = "close", [7] = "waitpid", [8] = "creat", perfbuilder@d7a7af166a80:/git/perf$ tail /tmp/build/perf/arch/powerpc/include/generated/asm/syscalls_32.c [381] = "pwritev2", [382] = "kexec_file_load", [383] = "statx", [384] = "pkey_alloc", [385] = "pkey_free", [386] = "pkey_mprotect", [387] = "rseq", [388] = "io_pgetevents", }; #define SYSCALLTBL_POWERPC_32_MAX_ID 388 perfbuilder@d7a7af166a80:/git/perf$ Signed-off-by: Ravi Bangoria Reported-by: Arnaldo Carvalho de Melo Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Michael Ellerman Cc: Namhyung Kim Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/20190110094936.3132-1-ravi.bangoria@linux.ibm.com Signed-off-by: Arnaldo Carvalho de Melo commit f299e0bdbaeb60fd8829f42e53a7457cc5a6f4a2 Author: José Roberto de Souza Date: Wed Dec 5 10:48:50 2018 -0800 drm: Fix documentation generation for DP_DPCD_QUIRK_NO_PSR The DP_DPCD_QUIRK_NO_PSR comment is missing colon causing this warning when generating kernel documentation. ./include/drm/drm_dp_helper.h:1374: warning: Incorrect use of kernel-doc format: * @DP_DPCD_QUIRK_NO_PSR Fixes: 1035f4a65f58 ("drm/i915: Disable PSR in Apple panels") Cc: Dhinakaran Pandiyan Signed-off-by: José Roberto de Souza Reviewed-by: Dhinakaran Pandiyan Link: https://patchwork.freedesktop.org/patch/msgid/20181205184850.13218-1-jose.souza@intel.com (cherry picked from commit ed17b555303c74a35f226268523b1695dbd4617d) Signed-off-by: Jani Nikula commit 70e31424eabe4923a2140eb86f704c75db6a5c87 Author: Daniele Ceraolo Spurio Date: Wed Jan 9 17:32:32 2019 -0800 drm/i915: init per-engine WAs for all engines commit 4a15c75c4246 ("drm/i915: Introduce per-engine workarounds") refactored the workaround code to have functions per-engine, but didn't call any of them from logical_xcs_ring_init. Since we do have a non-RCS workaround for KBL (WaKBLVECSSemaphoreWaitPoll) we do need to call intel_engine_init_workarounds for non-RCS engines. Note that whitelist is still RCS-only. v2: move the call to logical_ring_init (Chris) Fixes: 4a15c75c4246 ("drm/i915: Introduce per-engine workarounds") Cc: Tvrtko Ursulin Cc: Chris Wilson Signed-off-by: Daniele Ceraolo Spurio Reviewed-by: Chris Wilson Signed-off-by: Tvrtko Ursulin Link: https://patchwork.freedesktop.org/patch/msgid/20190110013232.8972-2-daniele.ceraolospurio@intel.com (cherry picked from commit a60acb223fecc77531540196008ac2de89e2a162) Signed-off-by: Jani Nikula commit 280d479b310298dfeb1d6f9a1617eca37beb6ce4 Author: Chris Wilson Date: Sat Dec 22 03:06:23 2018 +0000 drm/i915: Unwind failure on pinning the gen7 ppgtt If we fail to pin the ggtt vma slot for the ppgtt page tables, we need to unwind the locals before reporting the error. Or else on subsequent attempts to bind the page tables into the ggtt, we will already believe that the vma has been pinned and continue on blithely. If something else should happen to be at that location, choas ensues. Fixes: a2bbf7148342 ("drm/i915/gtt: Only keep gen6 page directories pinned while active") Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Cc: Mika Kuoppala Cc: Matthew Auld Cc: # v4.19+ Reviewed-by: Matthew Auld Link: https://patchwork.freedesktop.org/patch/msgid/20181222030623.21710-1-chris@chris-wilson.co.uk (cherry picked from commit d4de753526f4d99f541f1b6ed1d963005c09700c) Signed-off-by: Jani Nikula commit 107c595c2a277be65b28762f12e1dad243e05623 Author: Chris Wilson Date: Fri Dec 7 11:05:54 2018 +0000 drm/i915: Skip the ERR_PTR error state Although commit fb6f0b64e455 ("drm/i915: Prevent machine hang from Broxton's vtd w/a and error capture") applied cleanly after a 24 month hiatus, the code had moved on with new methods for peeking and fetching the captured gpu info. Make sure we catch all uses of the stashed error state and avoid dereferencing the error pointer. v2: Move error pointer determination into i915_gpu_capture_state v3: Restore early check to avoid capturing and then throwing away subsequent GPU error states. Fixes: fb6f0b64e455 ("drm/i915: Prevent machine hang from Broxton's vtd w/a and error capture") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: Joonas Lahtinen Reviewed-by: Tvrtko Ursulin Link: https://patchwork.freedesktop.org/patch/msgid/20181207110554.19897-1-chris@chris-wilson.co.uk (cherry picked from commit e6154e4cb8b0d3692f84ca0d66b4e1ba0389b134) Signed-off-by: Jani Nikula commit 1035f4a65f58407951d8d2f54c289c2b252e499c Author: José Roberto de Souza Date: Mon Dec 3 16:33:55 2018 -0800 drm/i915: Disable PSR in Apple panels i915 yet don't support PSR in Apple panels, so lets keep it disabled while we work on that. v2: Renamed DP_DPCD_QUIRK_PSR_NOT_CURRENTLY_SUPPORTED to DP_DPCD_QUIRK_NO_PSR (Ville) v3: Adding documentation to DP_DPCD_QUIRK_NO_PSR(Dhinakaran and Jani) Fixed typo in comment of the new quirk entry(Jani) Fixes: 598c6cfe0690 (drm/i915/psr: Enable PSR1 on gen-9+ HW) Cc: Jani Nikula Cc: Ville Syrjälä Cc: Rodrigo Vivi Cc: Dhinakaran Pandiyan Reviewed-by: Dhinakaran Pandiyan Signed-off-by: José Roberto de Souza Link: https://patchwork.freedesktop.org/patch/msgid/20181204003403.23361-1-jose.souza@intel.com (cherry picked from commit 7c5c641a930ed06ca317ee39faee7d5824266348) Signed-off-by: Jani Nikula commit 038a0a8d2972962aa8d5adc250ce28cd0b2a3448 Merge: bfeffd1552837 f0e9943725186 Author: Jani Nikula Date: Thu Jan 10 15:02:03 2019 +0200 Merge tag 'gvt-fixes-2019-01-09' of https://github.com/intel/gvt-linux into drm-intel-fixes gvt-fixes-2019-01-09 - Fix one race issue between pre-scan of guest workload with submission Signed-off-by: Jani Nikula From: Zhenyu Wang Link: https://patchwork.freedesktop.org/patch/msgid/20190109050151.GL11631@zhen-hp.sh.intel.com commit 70c25259537c073584eb906865307687275b527f Author: Guo Ren Date: Thu Jan 10 20:28:39 2019 +0800 csky: fixup compile error with CPU 810. This bug is from commit f553aa1c13cb ("csky: fixup relocation error with 807 & 860"). I forgot to compile with 810 for that patch. Signed-off-by: Guo Ren Cc: Arnd Bergmann Signed-off-by: Linus Torvalds commit b5f034845e70916fd33e172fad5ad530a29c10ab Author: Linus Walleij Date: Tue Jan 8 00:08:18 2019 +0100 ARM: dts: kirkwood: Fix polarity of GPIO fan lines These two lines are active high, not active low. The bug was found when we changed the kernel to respect the polarity defined in the device tree. Fixes: 1b90e06b1429 ("ARM: kirkwood: Use devicetree to define DNS-32[05] fan") Cc: Jamie Lentin Cc: Guenter Roeck Cc: Jason Cooper Cc: Andrew Lunn Cc: Gregory Clement Cc: Sebastian Hesselbarth Cc: Julien D'Ascenzio Reviewed-by: Andrew Lunn Tested-by: Jamie Lentin Reported-by: Julien D'Ascenzio Tested-by: Julien D'Ascenzio Signed-off-by: Linus Walleij Signed-off-by: Gregory CLEMENT commit 59c4dccbc3676144091783c8b46bd51daa4f80bc Author: Baruch Siach Date: Wed Dec 12 08:43:26 2018 +0200 arm64: dts: marvell: mcbin: fix PCIe reset signal The MPP52 signal is on the seconds GPIO instance of CP0, which corresponds to the &cp0_gpio2 handle. Rename the property name to the standard '-gpios' suffix while at it. Fixes: b83e1669adce6 ("arm64: dts: marvell: mcbin: add support for PCIe") Signed-off-by: Baruch Siach Signed-off-by: Gregory CLEMENT commit 132ac39cffbcfed80ada38ef0fc6d34d95da7be6 Author: Heinrich Schuchardt Date: Fri Dec 21 17:45:03 2018 +0100 arm64: dts: marvell: armada-ap806: reserve PSCI area The memory area [0x4000000-0x4200000[ is occupied by the PSCI firmware. Any attempt to access it from Linux leads to an immediate crash. So let's make the same memory reservation as the vendor kernel. [gregory: added as comment that this region matches the mainline U-boot] Signed-off-by: Heinrich Schuchardt Signed-off-by: Gregory CLEMENT commit d9ed41962ee202f653a5fa8d2ea0f52924abe629 Author: Will Deacon Date: Wed Jan 9 10:34:49 2019 +0000 arm64: asm-prototypes: Fix fat-fingered typo in comment Some of the right letters, not necessarily in the right order: CONFIG_MODEVERIONS -> CONFIG_MODVERSIONS Signed-off-by: Will Deacon commit ba422731316dde1e22dcc84b83c7349dc0ce1c3c Author: Sean Christopherson Date: Wed Jan 9 16:51:17 2019 -0800 mm/mmu_notifier: mm/rmap.c: Fix a mmu_notifier range bug in try_to_unmap_one The conversion to use a structure for mmu_notifier_invalidate_range_*() unintentionally changed the usage in try_to_unmap_one() to init the 'struct mmu_notifier_range' with vma->vm_start instead of @address, i.e. it invalidates the wrong address range. Revert to the correct address range. Manifests as KVM use-after-free WARNINGs and subsequent "BUG: Bad page state in process X" errors when reclaiming from a KVM guest due to KVM removing the wrong pages from its own mappings. Reported-by: leozinho29_eu@hotmail.com Reported-by: Mike Galbraith Reported-and-tested-by: Adam Borowski Reviewed-by: Jérôme Glisse Reviewed-by: Pankaj gupta Cc: Christian König Cc: Jan Kara Cc: Matthew Wilcox Cc: Ross Zwisler Cc: Dan Williams Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Michal Hocko Cc: Felix Kuehling Cc: Ralph Campbell Cc: John Hubbard Cc: Andrew Morton Fixes: ac46d4f3c432 ("mm/mmu_notifier: use structure for invalidate_range_start/end calls v2") Signed-off-by: Sean Christopherson Signed-off-by: Linus Torvalds commit 4089e272ac61603931beb024d4d640de2cb390e0 Author: Tetsuo Handa Date: Thu Jan 10 19:19:31 2019 +0900 gpu/drm: Fix lock held when returning to user space. We need to call drm_modeset_acquire_fini() when drm_atomic_state_alloc() failed or call drm_modeset_acquire_init() after drm_atomic_state_alloc() succeeded. Signed-off-by: Tetsuo Handa Reported-by: syzbot Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/1547115571-21219-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp commit ca27e4cd0bdd87e33fda38e6e3d18d36d54356d4 Author: Vincent Guittot Date: Thu Jan 10 10:00:40 2019 +0100 PM-runtime: Fix autosuspend_delay on 32bits arch Cast autosuspend_delay to u64 to make sure that the full computation of 'expires' or slack will be done in u64, even on 32bits arch. Otherwise, any delay greater than 2^31 nsec can overflow if signed 32bits is used when converting delay from msec to nsec. Fixes: 8234f6734c5d (PM-runtime: Switch autosuspend over to using hrtimers) Reported-by: Tony Lindgren Tested-by: Tony Lindgren Signed-off-by: Vincent Guittot Signed-off-by: Rafael J. Wysocki commit 1f7b7081568bca281f4ef42096206180cfaced00 Author: Ladislav Michl Date: Thu Jan 10 00:19:44 2019 +0100 PM-runtime: Fix 'jiffies' in comments after switch to hrtimers PM-runtime now uses the hrtimers infrastructure for autosuspend, however comments still reference 'jiffies'. Fixes: 8234f6734c5d (PM-runtime: Switch autosuspend over to using hrtimers) Signed-off-by: Ladislav Michl Signed-off-by: Rafael J. Wysocki commit 85f5a4d666fd9be73856ed16bb36c5af5b406b29 Author: Ilya Dryomov Date: Tue Jan 8 19:47:38 2019 +0100 rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set There is a window between when RBD_DEV_FLAG_REMOVING is set and when the device is removed from rbd_dev_list. During this window, we set "already" and return 0. Returning 0 from write(2) can confuse userspace tools because 0 indicates that nothing was written. In particular, "rbd unmap" will retry the write multiple times a second: 10:28:05.463299 write(4, "0", 1) = 0 10:28:05.463509 write(4, "0", 1) = 0 10:28:05.463720 write(4, "0", 1) = 0 10:28:05.463942 write(4, "0", 1) = 0 10:28:05.464155 write(4, "0", 1) = 0 Cc: stable@vger.kernel.org Signed-off-by: Ilya Dryomov Tested-by: Dongsheng Yang commit c25748acc5c20786ecb7518bfeae8fcef93472d6 Author: Peter Ujfalusi Date: Wed Dec 19 13:47:26 2018 +0200 ARM: dts: da850-lcdk: Correct the sound card name To avoid the following error: asoc-simple-card sound: ASoC: Failed to create card debugfs directory Which is because the card name contains '/' character, which can not be used in file or directory names. Signed-off-by: Peter Ujfalusi Signed-off-by: Sekhar Nori commit bd540ebe68c3017194a1caa38e075bbbc0832749 Author: Peter Ujfalusi Date: Wed Dec 19 13:47:25 2018 +0200 ARM: dts: da850-lcdk: Correct the audio codec regulators Add the board level fixed regulators for 3.3V and 1.8V which is used to power - among other things - the tlv320aic3106 codec. Apart from removing the following warning during boot: tlv320aic3x-codec 0-0018: Invalid supply voltage(s) AVDD: -22, DVDD: -22 With the correct voltages the driver can select correct OCMV value to reduce pop noise. Signed-off-by: Peter Ujfalusi Signed-off-by: Sekhar Nori commit 7fca69d4e43fa1ae9cb4f652772c132dc5a659c6 Author: Peter Ujfalusi Date: Wed Dec 19 13:47:24 2018 +0200 ARM: dts: da850-evm: Correct the sound card name To avoid the following error: asoc-simple-card sound: ASoC: Failed to create card debugfs directory Which is because the card name contains '/' character, which can not be used in file or directory names. Signed-off-by: Peter Ujfalusi Signed-off-by: Sekhar Nori commit 706edaa88835e3d8de8920584ad5da76dd3d6666 Author: Peter Ujfalusi Date: Wed Dec 19 13:47:23 2018 +0200 ARM: dts: da850-evm: Correct the audio codec regulators Add the board level fixed regulators for 3.3V and 1.8V which is used to power - among other things - the tlv320aic3106 codec. Apart from removing the following warning during boot: tlv320aic3x-codec 0-0018: Too high supply voltage(s) AVDD: 5000000, DVDD: 5000000 With the correct voltages the driver can select correct OCMV value to reduce pop noise. Signed-off-by: Peter Ujfalusi Signed-off-by: Sekhar Nori commit 054b8dc381b1c784852ad3e109270d236a58b71d Author: Bartosz Golaszewski Date: Thu Jan 3 16:11:04 2019 +0100 ARM: davinci: omapl138-hawk: fix label names in GPIO lookup entries Since commit 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") the gpiochip label no longer has an ID suffix. Update the GPIO lookup entries. Fixes: 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") Cc: stable@vger.kernel.org Signed-off-by: Bartosz Golaszewski Signed-off-by: Sekhar Nori commit 7f1015b29d9b9eb1cd3c038d6c30d698c6d7782e Author: Bartosz Golaszewski Date: Thu Jan 3 16:11:03 2019 +0100 ARM: davinci: dm644x-evm: fix label names in GPIO lookup entries Since commit 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") the gpiochip label no longer has an ID suffix. Update the GPIO lookup entries. Fixes: 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") Cc: stable@vger.kernel.org Signed-off-by: Bartosz Golaszewski Signed-off-by: Sekhar Nori commit 94777ed3b644a1af09843f729b2a3f25794bed0f Author: Bartosz Golaszewski Date: Thu Jan 3 16:11:02 2019 +0100 ARM: davinci: dm355-evm: fix label names in GPIO lookup entries Since commit 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") the gpiochip label no longer has an ID suffix. Update the GPIO lookup entries. Fixes: 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") Cc: stable@vger.kernel.org Signed-off-by: Bartosz Golaszewski Signed-off-by: Sekhar Nori commit c3f08cceb6a59f328f1c847b002729d1584c7a32 Author: Bartosz Golaszewski Date: Thu Jan 3 16:11:01 2019 +0100 ARM: davinci: da850-evm: fix label names in GPIO lookup entries Since commit 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") the gpiochip label no longer has an ID suffix. Update the GPIO lookup entries. Fixes: 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") Cc: stable@vger.kernel.org Signed-off-by: Bartosz Golaszewski Signed-off-by: Sekhar Nori commit cc557afb4d10cba175fd08d51c557004a229eded Author: Bartosz Golaszewski Date: Thu Jan 3 16:11:00 2019 +0100 ARM: davinci: da830-evm: fix label names in GPIO lookup entries Since commit 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") the gpiochip label no longer has an ID suffix. Update the GPIO lookup entries. Fixes: 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") Cc: stable@vger.kernel.org Signed-off-by: Bartosz Golaszewski Signed-off-by: Sekhar Nori commit 66a8d5bfb518f9f12d47e1d2dce1732279f9451e Author: Ivan Mironov Date: Tue Jan 8 12:23:53 2019 +0500 drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock Strict requirement of pixclock to be zero breaks support of SDL 1.2 which contains hardcoded table of supported video modes with non-zero pixclock values[1]. To better understand which pixclock values are considered valid and how driver should handle these values, I briefly examined few existing fbdev drivers and documentation in Documentation/fb/. And it looks like there are no strict rules on that and actual behaviour varies: * some drivers treat (pixclock == 0) as "use defaults" (uvesafb.c); * some treat (pixclock == 0) as invalid value which leads to -EINVAL (clps711x-fb.c); * some pass converted pixclock value to hardware (uvesafb.c); * some are trying to find nearest value from predefined table (vga16fb.c, video_gx.c). Given this, I believe that it should be safe to just ignore this value if changing is not supported. It seems that any portable fbdev application which was not written only for one specific device working under one specific kernel version should not rely on any particular behaviour of pixclock anyway. However, while enabling SDL1 applications to work out of the box when there is no /etc/fb.modes with valid settings, this change affects the video mode choosing logic in SDL. Depending on current screen resolution, contents of /etc/fb.modes and resolution requested by application, this may lead to user-visible difference (not always): image will be displayed in a right way, but it will be aligned to the left instead of center. There is no "right behaviour" here as well, as emulated fbdev, opposing to old fbdev drivers, simply ignores any requsts of video mode changes with resolutions smaller than current. The easiest way to reproduce this problem is to install sdl-sopwith[2], remove /etc/fb.modes file if it exists, and then try to run sopwith from console without X. At least in Fedora 29, sopwith may be simply installed from standard repositories. [1] SDL 1.2.15 source code, src/video/fbcon/SDL_fbvideo.c, vesa_timings [2] http://sdl-sopwith.sourceforge.net/ Signed-off-by: Ivan Mironov Cc: stable@vger.kernel.org Fixes: 79e539453b34e ("DRM: i915: add mode setting support") Fixes: 771fe6b912fca ("drm/radeon: introduce kernel modesetting for radeon hardware") Fixes: 785b93ef8c309 ("drm/kms: move driver specific fb common code to helper functions (v2)") Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20190108072353.28078-3-mironov.ivan@gmail.com commit 62d85b3bf9d978ed4b6b2aeef5cf0ccf1423906e Author: Ivan Mironov Date: Tue Jan 8 12:23:52 2019 +0500 drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 SDL 1.2 sets all fields related to the pixel format to zero in some cases[1]. Prior to commit db05c48197759 ("drm: fb-helper: Reject all pixel format changing requests"), there was an unintentional workaround for this that existed for more than a decade. First in device-specific DRM drivers, then here in drm_fb_helper.c. Previous code containing this workaround just ignores pixel format fields from userspace code. Not a good thing either, as this way, driver may silently use pixel format different from what client actually requested, and this in turn will lead to displaying garbage on the screen. I think that returning EINVAL to userspace in this particular case is the right option, so I decided to left code from problematic commit untouched instead of just reverting it entirely. Here is the steps required to reproduce this problem exactly: 1) Compile fceux[2] with SDL 1.2.15 and without GTK or OpenGL support. SDL should be compiled with fbdev support (which is on by default). 2) Create /etc/fb.modes with following contents (values seems not used, and just required to trigger problematic code in SDL): mode "test" geometry 1 1 1 1 1 timings 1 1 1 1 1 1 1 endmode 3) Create ~/.fceux/fceux.cfg with following contents: SDL.Hotkeys.Quit = 27 SDL.DoubleBuffering = 1 4) Ensure that screen resolution is at least 1280x960 (e.g. append "video=Virtual-1:1280x960-32" to the kernel cmdline for qemu/QXL). 5) Try to run fceux on VT with some ROM file[3]: # ./fceux color_test.nes [1] SDL 1.2.15 source code, src/video/fbcon/SDL_fbvideo.c, FB_SetVideoMode() [2] http://www.fceux.com [3] Example ROM: https://github.com/bokuweb/rustynes/blob/master/roms/color_test.nes Reported-by: saahriktu Suggested-by: saahriktu Cc: stable@vger.kernel.org Fixes: db05c48197759 ("drm: fb-helper: Reject all pixel format changing requests") Signed-off-by: Ivan Mironov [danvet: Delete misleading comment.] Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20190108072353.28078-2-mironov.ivan@gmail.com Link: https://patchwork.freedesktop.org/patch/msgid/20190108072353.28078-2-mironov.ivan@gmail.com commit 5db470e229e22b7eda6e23b5566e532c96fb5bc3 Author: Jaegeuk Kim Date: Wed Jan 9 19:17:14 2019 -0800 loop: drop caches if offset or block_size are changed If we don't drop caches used in old offset or block_size, we can get old data from new offset/block_size, which gives unexpected data to user. For example, Martijn found a loopback bug in the below scenario. 1) LOOP_SET_FD loads first two pages on loop file 2) LOOP_SET_STATUS64 changes the offset on the loop file 3) mount is failed due to the cached pages having wrong superblock Cc: Jens Axboe Cc: linux-block@vger.kernel.org Reported-by: Martijn Coenen Reviewed-by: Bart Van Assche Signed-off-by: Jaegeuk Kim Signed-off-by: Jens Axboe commit 31aa6503a15ba00182ea6dbbf51afb63bf9e851d Author: Yuchung Cheng Date: Tue Jan 8 18:12:24 2019 -0800 bpf: correctly set initial window on active Fast Open sender The existing BPF TCP initial congestion window (TCP_BPF_IW) does not to work on (active) Fast Open sender. This is because it changes the (initial) window only if data_segs_out is zero -- but data_segs_out is also incremented on SYN-data. This patch fixes the issue by proerly accounting for SYN-data additionally. Fixes: fc7478103c84 ("bpf: Adds support for setting initial cwnd") Signed-off-by: Yuchung Cheng Reviewed-by: Neal Cardwell Acked-by: Lawrence Brakmo Signed-off-by: Alexei Starovoitov commit 27de1f541f1f911bc2242ae68ef7375247b36c7d Author: Anup Patel Date: Tue Dec 4 19:25:05 2018 +0530 tty/serial: Add RISC-V SBI earlycon support In RISC-V, the M-mode runtime firmware provide SBI calls for debug prints. This patch adds earlycon support using RISC-V SBI console calls. To enable it, just pass "earlycon=sbi" in kernel parameters. Signed-off-by: Anup Patel Acked-by: Greg Kroah-Hartman Reviewed-by: Palmer Dabbelt Signed-off-by: Palmer Dabbelt commit 649d4968860ba708636ad643bd52b28027367042 Author: Jonathan Corbet Date: Wed Jan 9 13:59:32 2019 -0700 block: fix kerneldoc comment for blk_attempt_plug_merge() Commit 5f0ed774ed29 ("block: sum requests in the plug structure") removed the request_count parameter from block_attempt_plug_merge(), but did not remove the associated kerneldoc comment, introducing this warning to the docs build: ./block/blk-core.c:685: warning: Excess function parameter 'request_count' description in 'blk_attempt_plug_merge' Remove the obsolete description and make things a little quieter. Signed-off-by: Jonathan Corbet Signed-off-by: Jens Axboe commit a799aea0988ea0d1b1f263e996fdad2f6133c680 Author: wenxu Date: Wed Jan 9 10:40:11 2019 +0800 netfilter: nft_flow_offload: Fix reverse route lookup Using the following example: client 1.1.1.7 ---> 2.2.2.7 which dnat to 10.0.0.7 server The first reply packet (ie. syn+ack) uses an incorrect destination address for the reverse route lookup since it uses: daddr = ct->tuplehash[!dir].tuple.dst.u3.ip; which is 2.2.2.7 in the scenario that is described above, while this should be: daddr = ct->tuplehash[dir].tuple.src.u3.ip; that is 10.0.0.7. Signed-off-by: wenxu Signed-off-by: Pablo Neira Ayuso commit e7f45099442a380f8e087b6a8aadc36e887df1cc Author: Santosh kumar pradhan Date: Wed Jan 9 22:08:26 2019 +0530 sunrpc: kernel BUG at kernel/cred.c:825! Init missing debug member magic with CRED_MAGIC. Signed-off-by: Santosh kumar pradhan Reported-by: Dave Jones Signed-off-by: Anna Schumaker commit 321c46b91550adc03054125fa7a1639390608e1a Author: Rafał Miłecki Date: Thu Jan 3 08:34:17 2019 +0100 MIPS: BCM47XX: Setup struct device for the SoC So far we never had any device registered for the SoC. This resulted in some small issues that we kept ignoring like: 1) Not working GPIOLIB_IRQCHIP (gpiochip_irqchip_add_key() failing) 2) Lack of proper tree in the /sys/devices/ 3) mips_dma_alloc_coherent() silently handling empty coherent_dma_mask Kernel 4.19 came with a lot of DMA changes and caused a regression on bcm47xx. Starting with the commit f8c55dc6e828 ("MIPS: use generic dma noncoherent ops for simple noncoherent platforms") DMA coherent allocations just fail. Example: [ 1.114914] bgmac_bcma bcma0:2: Allocation of TX ring 0x200 failed [ 1.121215] bgmac_bcma bcma0:2: Unable to alloc memory for DMA [ 1.127626] bgmac_bcma: probe of bcma0:2 failed with error -12 [ 1.133838] bgmac_bcma: Broadcom 47xx GBit MAC driver loaded The bgmac driver also triggers a WARNING: [ 0.959486] ------------[ cut here ]------------ [ 0.964387] WARNING: CPU: 0 PID: 1 at ./include/linux/dma-mapping.h:516 bgmac_enet_probe+0x1b4/0x5c4 [ 0.973751] Modules linked in: [ 0.976913] CPU: 0 PID: 1 Comm: swapper Not tainted 4.19.9 #0 [ 0.982750] Stack : 804a0000 804597c4 00000000 00000000 80458fd8 8381bc2c 838282d4 80481a47 [ 0.991367] 8042e3ec 00000001 804d38f0 00000204 83980000 00000065 8381bbe0 6f55b24f [ 0.999975] 00000000 00000000 80520000 00002018 00000000 00000075 00000007 00000000 [ 1.008583] 00000000 80480000 000ee811 00000000 00000000 00000000 80432c00 80248db8 [ 1.017196] 00000009 00000204 83980000 803ad7b0 00000000 801feeec 00000000 804d0000 [ 1.025804] ... [ 1.028325] Call Trace: [ 1.030875] [<8000aef8>] show_stack+0x58/0x100 [ 1.035513] [<8001f8b4>] __warn+0xe4/0x118 [ 1.039708] [<8001f9a4>] warn_slowpath_null+0x48/0x64 [ 1.044935] [<80248db8>] bgmac_enet_probe+0x1b4/0x5c4 [ 1.050101] [<802498e0>] bgmac_probe+0x558/0x590 [ 1.054906] [<80252fd0>] bcma_device_probe+0x38/0x70 [ 1.060017] [<8020e1e8>] really_probe+0x170/0x2e8 [ 1.064891] [<8020e714>] __driver_attach+0xa4/0xec [ 1.069784] [<8020c1e0>] bus_for_each_dev+0x58/0xb0 [ 1.074833] [<8020d590>] bus_add_driver+0xf8/0x218 [ 1.079731] [<8020ef24>] driver_register+0xcc/0x11c [ 1.084804] [<804b54cc>] bgmac_init+0x1c/0x44 [ 1.089258] [<8000121c>] do_one_initcall+0x7c/0x1a0 [ 1.094343] [<804a1d34>] kernel_init_freeable+0x150/0x218 [ 1.099886] [<803a082c>] kernel_init+0x10/0x104 [ 1.104583] [<80005878>] ret_from_kernel_thread+0x14/0x1c [ 1.110107] ---[ end trace f441c0d873d1fb5b ]--- This patch setups a "struct device" (and passes it to the bcma) which allows fixing all the mentioned problems. It'll also require a tiny bcma patch which will follow through the wireless tree & its maintainer. Fixes: f8c55dc6e828 ("MIPS: use generic dma noncoherent ops for simple noncoherent platforms") Signed-off-by: Rafał Miłecki Signed-off-by: Paul Burton Acked-by: Hauke Mehrtens Cc: Christoph Hellwig Cc: Linus Walleij Cc: linux-wireless@vger.kernel.org Cc: Ralf Baechle Cc: James Hogan Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org # v4.19+ commit 41af167fbc0032f9d7562854f58114eaa9270336 Author: Thomas Bogendoerfer Date: Wed Jan 9 18:12:16 2019 +0100 MIPS: jazz: fix 64bit build 64bit JAZZ builds failed with linux-next/arch/mips/jazz/jazzdma.c: In function `vdma_init`: /linux-next/arch/mips/jazz/jazzdma.c:77:30: error: implicit declaration of function `KSEG1ADDR`; did you mean `CKSEG1ADDR`? [-Werror=implicit-function-declaration] pgtbl = (VDMA_PGTBL_ENTRY *)KSEG1ADDR(pgtbl); ^~~~~~~~~ CKSEG1ADDR /linux-next/arch/mips/jazz/jazzdma.c:77:10: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] pgtbl = (VDMA_PGTBL_ENTRY *)KSEG1ADDR(pgtbl); ^ In file included from /linux-next/arch/mips/include/asm/barrier.h:11:0, from /linux-next/include/linux/compiler.h:248, from /linux-next/include/linux/kernel.h:10, from /linux-next/arch/mips/jazz/jazzdma.c:11: /linux-next/arch/mips/include/asm/addrspace.h:41:29: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] #define _ACAST32_ (_ATYPE_)(_ATYPE32_) /* widen if necessary */ ^ /linux-next/arch/mips/include/asm/addrspace.h:53:25: note: in expansion of macro `_ACAST32_` #define CPHYSADDR(a) ((_ACAST32_(a)) & 0x1fffffff) ^~~~~~~~~ /linux-next/arch/mips/jazz/jazzdma.c:84:44: note: in expansion of macro `CPHYSADDR` r4030_write_reg32(JAZZ_R4030_TRSTBL_BASE, CPHYSADDR(pgtbl)); Using correct casts and CKSEG1ADDR when dealing with the pgtbl setup fixes this. Signed-off-by: Thomas Bogendoerfer Signed-off-by: Paul Burton Cc: Ralf Baechle Cc: James Hogan Cc: linux-mips@vger.kernel.org Cc: linux-kernel@vger.kernel.org commit 1c1eba86339c8517814863bc7dd21e2661a84e77 Author: Christian König Date: Mon Jan 7 14:43:55 2019 +0100 drm/amdgpu: disable system memory page tables for now We hit a problem with IOMMU with that. Disable until we have time to debug further. Signed-off-by: Christian König Reviewed-by: Michel Dänzer Signed-off-by: Alex Deucher commit 0c6c8125582714e1fd3544983eba3d750db0f5b8 Author: Jim Qu Date: Mon Dec 17 17:00:50 2018 +0800 drm/amdgpu: set WRITE_BURST_LENGTH to 64B to workaround SDMA1 hang effect asics: VEGA10 and VEGA12 Signed-off-by: Jim Qu Acked-by: Alex Deucher Signed-off-by: Alex Deucher commit 3e958fe67720b37d04ab8ef81b9d507a56a09bbc Author: Tao Zhou Date: Tue Jan 8 15:08:44 2019 +0800 drm/amdgpu: fix CPDMA hang in PRT mode for VEGA20 Fix CPDMA hang in PRT mode for both VEGA10 and VEGA20 Signed-off-by: Tao Zhou Tested-by: Yukun.Li Acked-by: Alex Deucher Signed-off-by: Alex Deucher commit 549aff770ccfec368aa8f0652dbce8b1e8e6715a Author: Arnaldo Carvalho de Melo Date: Wed Jan 9 16:19:24 2019 -0300 perf symbols: Add 'arch_cpu_idle' to the list of kernel idle symbols When testing 'perf top' on a armhf system (32-bit, Orange Pi Zero), I noticed that 'arch_cpu_idle' dominated, add it to the list of idle symbols, so that we can see what is that being done when not idle. Cc: Adrian Hunter Cc: Jiri Olsa Cc: Namhyung Kim Link: https://lkml.kernel.org/n/tip-4q2b5g4p2hrstrhp9t2mrlho@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit b8a38ea64dc714a64f8fb76e311a4f15a3f67861 Author: Andrey Smirnov Date: Mon Jan 7 19:08:49 2019 -0800 nvme: don't initlialize ctrl->cntlid twice ctrl->cntlid will already be initialized from id->cntlid for non-NVME_F_FABRICS controllers few lines below. For NVME_F_FABRICS controllers this field should already be initialized, otherwise the check if (ctrl->cntlid != le16_to_cpu(id->cntlid)) below will always be a no-op. Signed-off-by: Andrey Smirnov Reviewed-by: Keith Busch Reviewed-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit 6299358d198a0635da2dd3c4b3ec37789e811e44 Author: James Dingwall Date: Tue Jan 8 10:20:51 2019 -0700 nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN If a device provides an NQN it is expected to be globally unique. Unfortunately some firmware revisions for Intel 760p/Pro 7600p devices did not satisfy this requirement. In these circumstances if a system has >1 affected device then only one device is enabled. If this quirk is enabled then the device supplied subnqn is ignored and we fallback to generating one as if the field was empty. In this case we also suppress the version check so we don't print a warning when the quirk is enabled. Reviewed-by: Keith Busch Signed-off-by: James Dingwall Signed-off-by: Christoph Hellwig commit 3da584f57133e51aeb84aaefae5e3d69531a1e4f Author: Keith Busch Date: Tue Jan 8 09:37:43 2019 -0700 nvme: pad fake subsys NQN vid and ssvid with zeros We need to preserve the leading zeros in the vid and ssvid when generating a unique NQN. Truncating these may lead to naming collisions. Signed-off-by: Keith Busch Signed-off-by: Christoph Hellwig commit c7055fd15ff46d92eb0dd1c16a4fe010d58224c8 Author: Hannes Reinecke Date: Tue Jan 8 12:46:58 2019 +0100 nvme-multipath: zero out ANA log buffer When nvme_init_identify() fails the ANA log buffer is deallocated but _not_ set to NULL. This can cause double free oops when this controller is deleted without ever being reconnected. Signed-off-by: Hannes Reinecke Signed-off-by: Christoph Hellwig commit 9846ac0143fe9872e92fe2a1ddff868ad05bdbb6 Author: Sagi Grimberg Date: Mon Jan 7 23:54:23 2019 -0800 nvme-fabrics: unset write/poll queues for discovery controllers Even if user-space sent it to us, it got it wrong so lets help by disallowing it. Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit e85037a2e90ac9aa448a08927d7a7436206c6000 Author: Sagi Grimberg Date: Mon Dec 31 23:58:30 2018 -0800 nvme-tcp: don't ask if controller is fabrics For sure we are a fabric driver. Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit e9c2edc098921173920df370c69b5c38fe52df56 Author: Sagi Grimberg Date: Mon Dec 31 23:58:29 2018 -0800 nvme-tcp: remove dead code We should never touch the opal device from the transport driver. Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig commit dcca1662727220d18fa351097ddff33f95f516c5 Author: Hongbo Yao Date: Mon Jan 7 10:22:07 2019 +0800 nvme-pci: fix out of bounds access in nvme_cqe_pending There is an out of bounds array access in nvme_cqe_peding(). When enable irq_thread for nvme interrupt, there is racing between the nvmeq->cq_head updating and reading. nvmeq->cq_head is updated in nvme_update_cq_head(), if nvmeq->cq_head equals nvmeq->q_depth and before its value set to zero, nvme_cqe_pending() uses its value as an array index, the index will be out of bounds. Signed-off-by: Hongbo Yao [hch: slight coding style update] Signed-off-by: Christoph Hellwig commit 8fae268b40f5191227ae7050a99cb2cf1b914ddd Author: Keith Busch Date: Fri Jan 4 15:04:33 2019 -0700 nvme-pci: rerun irq setup on IO queue init errors If the driver is unable to create a subset of IO queues for any reason, the read/write and polled queue sets will not match the actual allocated hardware contexts. This leaves gaps in the CPU affinity mappings and causes the following kernel panic after blk_mq_map_queue_type() returns a NULL hctx. BUG: unable to handle kernel NULL pointer dereference at 0000000000000198 #PF error: [normal kernel read fault] PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 64 PID: 1171 Comm: kworker/u259:1 Not tainted 4.20.0+ #241 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-2.fc27 04/01/2014 Workqueue: nvme-wq nvme_scan_work [nvme_core] RIP: 0010:blk_mq_init_allocated_queue+0x2d9/0x440 RSP: 0018:ffffb1bf0abc3cd0 EFLAGS: 00010286 RAX: 000000000000001f RBX: ffff8ea744cf0718 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 000000000000007c RDI: ffffffff9109a820 RBP: ffff8ea7565f7008 R08: 000000000000001f R09: 000000000000003f R10: ffffb1bf0abc3c00 R11: 0000000000000000 R12: 000000000001d008 R13: ffff8ea7565f7008 R14: 000000000000003f R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8ea757200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000198 CR3: 0000000013058000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: blk_mq_init_queue+0x35/0x60 nvme_validate_ns+0xc6/0x7c0 [nvme_core] ? nvme_identify_ctrl.isra.56+0x7e/0xc0 [nvme_core] nvme_scan_work+0xc8/0x340 [nvme_core] ? __wake_up_common+0x6d/0x120 ? try_to_wake_up+0x55/0x410 process_one_work+0x1e9/0x3d0 worker_thread+0x2d/0x3d0 ? process_one_work+0x3d0/0x3d0 kthread+0x111/0x130 ? kthread_park+0x90/0x90 ret_from_fork+0x1f/0x30 Modules linked in: nvme nvme_core serio_raw CR2: 0000000000000198 Fix by re-running the interrupt vector setup from scratch using a reduced count that may be successful until the created queues matches the irq affinity plus polling queue sets. Signed-off-by: Keith Busch Reviewed-by: Sagi Grimberg Reviewed-by: Ming Lei Signed-off-by: Christoph Hellwig commit cc667f6d5de023ee131e96bb88e5cddca23272bd Author: Liviu Dudau Date: Sat Dec 29 17:23:43 2018 +0000 nvme-pci: use the same attributes when freeing host_mem_desc_bufs. When using HMB the PCIe host driver allocates host_mem_desc_bufs using dma_alloc_attrs() but frees them using dma_free_coherent(). Use the correct dma_free_attrs() function to free the buffers. Signed-off-by: Liviu Dudau Signed-off-by: Christoph Hellwig commit c61e678f30da733a1b7fdd5983d0770de2e6009c Author: Jianchao Wang Date: Mon Dec 24 11:15:53 2018 +0800 nvme-pci: fix the wrong setting of nr_maps We only set the nr_maps to 3 if poll queues are supported. Signed-off-by: Jianchao Wang Signed-off-by: Christoph Hellwig commit 4064e47c82810586975b4304b105056389beaa06 Merge: a88cc8da0279f 56752b21755ae Author: Linus Torvalds Date: Wed Jan 9 10:00:11 2019 -0800 Merge tag 'csky-for-linus-5.0-rc1' of git://github.com/c-sky/csky-linux Pull arch/csky bug fixes from Guo Ren: "Here are some fixup patches for 5.0-rc1: - fix compile error with pte_alloc - fix handle_irq_perbit break irq flow - fix CACHEV1 store instruction fast retire - fix module relocation error with 807 & 860 - add csky kernel features to documentation" * tag 'csky-for-linus-5.0-rc1' of git://github.com/c-sky/csky-linux: irqchip/csky: fixup handle_irq_perbit break irq csky: fixup compile error with pte_alloc csky: fixup CACHEV1 store instruction fast retire csky: fixup relocation error with 807 & 860 Documentation/features: Add csky kernel features commit 47cb393ee4815e10ab66f981fed581afdcc7caac Author: John Pittman Date: Tue Jan 8 16:56:13 2019 -0500 block: doc: add slice_idle_us to bfq documentation Of the tunables available for the bfq I/O scheduler, the only one missing from the documentation in 'Documentation/block/bfq-iosched.txt' is slice_idle_us. Add this tunable to the documentation and a short explanation of its purpose. Acked-by: Paolo Valente Signed-off-by: John Pittman Signed-off-by: Jens Axboe commit a6d8654d885d7d79a3fb82da64eaa489ca332a82 Author: Filipe Manana Date: Tue Jan 8 11:44:41 2019 +0000 Btrfs: fix deadlock when using free space tree due to block group creation When modifying the free space tree we can end up COWing one of its extent buffers which in turn might result in allocating a new chunk, which in turn can result in flushing (finish creation) of pending block groups. If that happens we can deadlock because creating a pending block group needs to update the free space tree, and if any of the updates tries to modify the same extent buffer that we are COWing, we end up in a deadlock since we try to write lock twice the same extent buffer. So fix this by skipping pending block group creation if we are COWing an extent buffer from the free space tree. This is a case missed by commit 5ce555578e091 ("Btrfs: fix deadlock when writing out free space caches"). Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202173 Fixes: 5ce555578e091 ("Btrfs: fix deadlock when writing out free space caches") CC: stable@vger.kernel.org # 4.18+ Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba commit d8b5524242108cb7d28c9b8b9aded7c1edd0e8a8 Author: Filipe Manana Date: Tue Jan 8 11:43:07 2019 +0000 Btrfs: fix race between reflink/dedupe and relocation The recent rework that makes btrfs' remap_file_range operation use the generic helper generic_remap_file_range_prep() introduced a race between relocation and reflinking (for both cloning and deduplication) the file extents between the source and destination inodes. This happens because we no longer lock the source range anymore, and we do not lock it anymore because we wait for direct IO writes and writeback to complete early on the code path right after locking the inodes, which guarantees no other file operations interfere with the reflinking. However there is one exception which is relocation, since it replaces the byte number of file extents items in the fs tree after locking the range the file extent items represent. This is a problem because after finding each file extent to clone in the fs tree, the reflink process copies the file extent item into a local buffer, releases the search path, inserts new file extent items in the destination range and then increments the reference count for the extent mentioned in the file extent item that it previously copied to the buffer. If right after copying the file extent item into the buffer and releasing the path the relocation process updates the file extent item to point to the new extent, the reflink process ends up creating a delayed reference to increment the reference count of the old extent, for which the relocation process already created a delayed reference to drop it. This results in failure to run delayed references because we will attempt to increment the count of a reference that was already dropped. This is illustrated by the following diagram: CPU 1 CPU 2 relocation is running btrfs_clone_files() btrfs_clone() --> finds extent item in source range point to extent at bytenr X --> copies it into a local buffer --> releases path replace_file_extents() --> successfully locks the range represented by the file extent item --> replaces disk_bytenr field in the file extent item with some other value Y --> creates delayed reference to increment reference count for extent at bytenr Y --> creates delayed reference to drop the extent at bytenr X --> starts transaction --> creates delayed reference to increment extent at bytenr X When this race is hit the running transaction ends up getting aborted with an -EIO error and a trace like the following is produced: [ 4382.553858] WARNING: CPU: 2 PID: 3648 at fs/btrfs/extent-tree.c:1552 lookup_inline_extent_backref+0x4f4/0x650 [btrfs] (...) [ 4382.556293] CPU: 2 PID: 3648 Comm: btrfs Tainted: G W 4.20.0-rc6-btrfs-next-41 #1 [ 4382.556294] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014 [ 4382.556308] RIP: 0010:lookup_inline_extent_backref+0x4f4/0x650 [btrfs] (...) [ 4382.556310] RSP: 0018:ffffac784408f738 EFLAGS: 00010202 [ 4382.556311] RAX: 0000000000000001 RBX: ffff8980673c3a48 RCX: 0000000000000001 [ 4382.556312] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000 [ 4382.556312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 4382.556313] R10: 0000000000000001 R11: ffff897f40000000 R12: 0000000000001000 [ 4382.556313] R13: 00000000c224f000 R14: ffff89805de9bd40 R15: ffff8980453f4548 [ 4382.556315] FS: 00007f5e759178c0(0000) GS:ffff89807b300000(0000) knlGS:0000000000000000 [ 4382.563130] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4382.563562] CR2: 00007f2e9789fcbc CR3: 0000000120512001 CR4: 00000000003606e0 [ 4382.564005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4382.564451] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4382.564887] Call Trace: [ 4382.565343] insert_inline_extent_backref+0x55/0xe0 [btrfs] [ 4382.565796] __btrfs_inc_extent_ref.isra.60+0x88/0x260 [btrfs] [ 4382.566249] ? __btrfs_run_delayed_refs+0x93/0x1650 [btrfs] [ 4382.566702] __btrfs_run_delayed_refs+0xa22/0x1650 [btrfs] [ 4382.567162] btrfs_run_delayed_refs+0x7e/0x1d0 [btrfs] [ 4382.567623] btrfs_commit_transaction+0x50/0x9c0 [btrfs] [ 4382.568112] ? _raw_spin_unlock+0x24/0x30 [ 4382.568557] ? block_rsv_release_bytes+0x14e/0x410 [btrfs] [ 4382.569006] create_subvol+0x3c8/0x830 [btrfs] [ 4382.569461] ? btrfs_mksubvol+0x317/0x600 [btrfs] [ 4382.569906] btrfs_mksubvol+0x317/0x600 [btrfs] [ 4382.570383] ? rcu_sync_lockdep_assert+0xe/0x60 [ 4382.570822] ? __sb_start_write+0xd4/0x1c0 [ 4382.571262] ? mnt_want_write_file+0x24/0x50 [ 4382.571712] btrfs_ioctl_snap_create_transid+0x117/0x1a0 [btrfs] [ 4382.572155] ? _copy_from_user+0x66/0x90 [ 4382.572602] btrfs_ioctl_snap_create+0x66/0x80 [btrfs] [ 4382.573052] btrfs_ioctl+0x7c1/0x30e0 [btrfs] [ 4382.573502] ? mem_cgroup_commit_charge+0x8b/0x570 [ 4382.573946] ? do_raw_spin_unlock+0x49/0xc0 [ 4382.574379] ? _raw_spin_unlock+0x24/0x30 [ 4382.574803] ? __handle_mm_fault+0xf29/0x12d0 [ 4382.575215] ? do_vfs_ioctl+0xa2/0x6f0 [ 4382.575622] ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs] [ 4382.576020] do_vfs_ioctl+0xa2/0x6f0 [ 4382.576405] ksys_ioctl+0x70/0x80 [ 4382.576776] __x64_sys_ioctl+0x16/0x20 [ 4382.577137] do_syscall_64+0x60/0x1b0 [ 4382.577488] entry_SYSCALL_64_after_hwframe+0x49/0xbe (...) [ 4382.578837] RSP: 002b:00007ffe04bf64c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 4382.579174] RAX: ffffffffffffffda RBX: 00005564136f3050 RCX: 00007f5e74724dd7 [ 4382.579505] RDX: 00007ffe04bf64d0 RSI: 000000005000940e RDI: 0000000000000003 [ 4382.579848] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000044 [ 4382.580164] R10: 0000000000000541 R11: 0000000000000202 R12: 00005564136f3010 [ 4382.580477] R13: 0000000000000003 R14: 00005564136f3035 R15: 00005564136f3050 [ 4382.580792] irq event stamp: 0 [ 4382.581106] hardirqs last enabled at (0): [<0000000000000000>] (null) [ 4382.581441] hardirqs last disabled at (0): [] copy_process.part.32+0x6e2/0x2320 [ 4382.581772] softirqs last enabled at (0): [] copy_process.part.32+0x6e2/0x2320 [ 4382.582095] softirqs last disabled at (0): [<0000000000000000>] (null) [ 4382.582413] ---[ end trace d3c188e3e9367382 ]--- [ 4382.623855] BTRFS: error (device sdc) in btrfs_run_delayed_refs:2981: errno=-5 IO failure [ 4382.624295] BTRFS info (device sdc): forced readonly Fix this by locking the source range before searching for the file extent items in the fs tree, since the relocation process will try to lock the range a file extent item represents before updating it with the new extent location. Fixes: 34a28e3d7753 ("Btrfs: use generic_remap_file_range_prep() for cloning and deduplication") Signed-off-by: Filipe Manana Signed-off-by: David Sterba commit f7fa1107f30e13255fb9a5359d357e07d3721b0b Author: Filipe Manana Date: Tue Jan 8 11:42:54 2019 +0000 Btrfs: fix race between cloning range ending at eof and writeback The recent rework that makes btrfs' remap_file_range operation use the generic helper generic_remap_file_range_prep() introduced a race between writeback and cloning a range that covers the eof extent of the source file into a destination offset that is greater then the same file's size. This happens because we now wait for writeback to complete before doing the truncation of the eof block, while previously we did the truncation and then waited for writeback to complete. This leads to a race between writeback of the truncated block and cloning the file extents in the source range, because we copy each file extent item we find in the fs root into a buffer, then release the path and then increment the reference count for the extent referred in that file extent item we copied, which can no longer exist if writeback of the truncated eof block completes after we copied the file extent item into the buffer and before we incremented the reference count. This is illustrated by the following diagram: CPU 1 CPU 2 btrfs_clone_files() btrfs_cont_expand() btrfs_truncate_block() --> zeroes part of the page containg eof, marking it for delalloc btrfs_clone() --> finds extent item covering eof, points to extent at bytenr X --> copies it into a local buffer --> releases path writeback starts btrfs_finish_ordered_io() insert_reserved_file_extent() __btrfs_drop_extents() --> creates delayed reference to drop the extent at bytenr X --> starts transaction --> creates delayed reference to increment extent at bytenr X When this race is hit the running transaction ends up getting aborted with an -EIO error and a trace like the following is produced: [ 4382.553858] WARNING: CPU: 2 PID: 3648 at fs/btrfs/extent-tree.c:1552 lookup_inline_extent_backref+0x4f4/0x650 [btrfs] (...) [ 4382.556293] CPU: 2 PID: 3648 Comm: btrfs Tainted: G W 4.20.0-rc6-btrfs-next-41 #1 [ 4382.556294] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014 [ 4382.556308] RIP: 0010:lookup_inline_extent_backref+0x4f4/0x650 [btrfs] (...) [ 4382.556310] RSP: 0018:ffffac784408f738 EFLAGS: 00010202 [ 4382.556311] RAX: 0000000000000001 RBX: ffff8980673c3a48 RCX: 0000000000000001 [ 4382.556312] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000 [ 4382.556312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 4382.556313] R10: 0000000000000001 R11: ffff897f40000000 R12: 0000000000001000 [ 4382.556313] R13: 00000000c224f000 R14: ffff89805de9bd40 R15: ffff8980453f4548 [ 4382.556315] FS: 00007f5e759178c0(0000) GS:ffff89807b300000(0000) knlGS:0000000000000000 [ 4382.563130] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4382.563562] CR2: 00007f2e9789fcbc CR3: 0000000120512001 CR4: 00000000003606e0 [ 4382.564005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4382.564451] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4382.564887] Call Trace: [ 4382.565343] insert_inline_extent_backref+0x55/0xe0 [btrfs] [ 4382.565796] __btrfs_inc_extent_ref.isra.60+0x88/0x260 [btrfs] [ 4382.566249] ? __btrfs_run_delayed_refs+0x93/0x1650 [btrfs] [ 4382.566702] __btrfs_run_delayed_refs+0xa22/0x1650 [btrfs] [ 4382.567162] btrfs_run_delayed_refs+0x7e/0x1d0 [btrfs] [ 4382.567623] btrfs_commit_transaction+0x50/0x9c0 [btrfs] [ 4382.568112] ? _raw_spin_unlock+0x24/0x30 [ 4382.568557] ? block_rsv_release_bytes+0x14e/0x410 [btrfs] [ 4382.569006] create_subvol+0x3c8/0x830 [btrfs] [ 4382.569461] ? btrfs_mksubvol+0x317/0x600 [btrfs] [ 4382.569906] btrfs_mksubvol+0x317/0x600 [btrfs] [ 4382.570383] ? rcu_sync_lockdep_assert+0xe/0x60 [ 4382.570822] ? __sb_start_write+0xd4/0x1c0 [ 4382.571262] ? mnt_want_write_file+0x24/0x50 [ 4382.571712] btrfs_ioctl_snap_create_transid+0x117/0x1a0 [btrfs] [ 4382.572155] ? _copy_from_user+0x66/0x90 [ 4382.572602] btrfs_ioctl_snap_create+0x66/0x80 [btrfs] [ 4382.573052] btrfs_ioctl+0x7c1/0x30e0 [btrfs] [ 4382.573502] ? mem_cgroup_commit_charge+0x8b/0x570 [ 4382.573946] ? do_raw_spin_unlock+0x49/0xc0 [ 4382.574379] ? _raw_spin_unlock+0x24/0x30 [ 4382.574803] ? __handle_mm_fault+0xf29/0x12d0 [ 4382.575215] ? do_vfs_ioctl+0xa2/0x6f0 [ 4382.575622] ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs] [ 4382.576020] do_vfs_ioctl+0xa2/0x6f0 [ 4382.576405] ksys_ioctl+0x70/0x80 [ 4382.576776] __x64_sys_ioctl+0x16/0x20 [ 4382.577137] do_syscall_64+0x60/0x1b0 [ 4382.577488] entry_SYSCALL_64_after_hwframe+0x49/0xbe (...) [ 4382.578837] RSP: 002b:00007ffe04bf64c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 4382.579174] RAX: ffffffffffffffda RBX: 00005564136f3050 RCX: 00007f5e74724dd7 [ 4382.579505] RDX: 00007ffe04bf64d0 RSI: 000000005000940e RDI: 0000000000000003 [ 4382.579848] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000044 [ 4382.580164] R10: 0000000000000541 R11: 0000000000000202 R12: 00005564136f3010 [ 4382.580477] R13: 0000000000000003 R14: 00005564136f3035 R15: 00005564136f3050 [ 4382.580792] irq event stamp: 0 [ 4382.581106] hardirqs last enabled at (0): [<0000000000000000>] (null) [ 4382.581441] hardirqs last disabled at (0): [] copy_process.part.32+0x6e2/0x2320 [ 4382.581772] softirqs last enabled at (0): [] copy_process.part.32+0x6e2/0x2320 [ 4382.582095] softirqs last disabled at (0): [<0000000000000000>] (null) [ 4382.582413] ---[ end trace d3c188e3e9367382 ]--- [ 4382.623855] BTRFS: error (device sdc) in btrfs_run_delayed_refs:2981: errno=-5 IO failure [ 4382.624295] BTRFS info (device sdc): forced readonly Fix this by waiting for writeback to complete after truncating the eof block. Fixes: 34a28e3d7753 ("Btrfs: use generic_remap_file_range_prep() for cloning and deduplication") Signed-off-by: Filipe Manana Signed-off-by: David Sterba commit 498c203d855eaf6571b63ea860a53862c4fe91b7 Author: Arnaldo Carvalho de Melo Date: Wed Jan 9 10:02:12 2019 -0300 tools include uapi: Sync linux/if_link.h copy with the kernel sources To pick the changes from: a428afe82f98 ("net: bridge: add support for user-controlled bool options") a025fb5f49ad ("geneve: Allow configuration of DF behaviour") b4d3069783bc ("vxlan: Allow configuration of DF behaviour") Silencing this tools/ build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/if_link.h' differs from latest version at 'include/uapi/linux/if_link.h' Cc: Adrian Hunter Cc: David S. Miller Cc: Jiri Olsa Cc: Namhyung Kim Cc: Nikolay Aleksandrov Cc: Stefano Brivio Link: https://lkml.kernel.org/n/tip-wq410s2wuqv5k980bidw0ju8@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 0e141d1c65c1dd31c914eb2e11651adcc1a15912 Author: Quentin Perret Date: Wed Jan 9 10:42:36 2019 +0000 cpufreq: scmi: Fix frequency invariance in slow path The scmi-cpufreq driver calls the arch_set_freq_scale() callback on frequency changes to provide scale-invariant load-tracking signals to the scheduler. However, in the slow path, it does so while specifying the current and max frequencies in different units, hence resulting in a broken freq_scale factor. Fix this by passing all frequencies in KHz, as stored in the CPUFreq frequency table. Fixes: 99d6bdf33877 (cpufreq: add support for CPU DVFS based on SCMI message protocol) Signed-off-by: Quentin Perret Acked-by: Viresh Kumar Acked-by: Sudeep Holla Cc: 4.17+ # v4.17+ Signed-off-by: Rafael J. Wysocki commit 7604bf0920985c9280c8b24e2f0c3e4ed47f502f Author: Otto Sabart Date: Wed Jan 9 00:56:51 2019 +0100 doc: trace: fix reference to cpuidle documentation file Old cpuidle/sysfs.txt file was replaced in aa5eee355b46. So, refer to an updated file. Fixes: aa5eee355b46 (Documentation: admin-guide: PM: Add cpuidle document) Signed-off-by: Otto Sabart Signed-off-by: Rafael J. Wysocki commit 3e2ffd655cc6a694608d997738989ff5572a8266 Author: Michael S. Tsirkin Date: Wed Jan 2 15:57:49 2019 -0500 include/linux/compiler*.h: fix OPTIMIZER_HIDE_VAR Since commit 815f0ddb346c ("include/linux/compiler*.h: make compiler-*.h mutually exclusive") clang no longer reuses the OPTIMIZER_HIDE_VAR macro from compiler-gcc - instead it gets the version in include/linux/compiler.h. Unfortunately that version doesn't actually prevent compiler from optimizing out the variable. Fix up by moving the macro out from compiler-gcc.h to compiler.h. Compilers without incline asm support will keep working since it's protected by an ifdef. Also fix up comments to match reality since we are no longer overriding any macros. Build-tested with gcc and clang. Fixes: 815f0ddb346c ("include/linux/compiler*.h: make compiler-*.h mutually exclusive") Cc: Eli Friedman Cc: Joe Perches Cc: Linus Torvalds Reviewed-by: Nick Desaulniers Signed-off-by: Michael S. Tsirkin Signed-off-by: Miguel Ojeda commit f8c15790e4d8bdf2d21a5e9d43b5f97983af1222 Author: Tomi Valkeinen Date: Thu Jan 3 13:59:54 2019 +0200 drm/bridge: tc358767: use DP connector if no panel set tc358767 driver sets the connector type always to eDP. This patch sets the type to DP if there is no panel defined, which implies that there's a DP connector on the board. Signed-off-by: Tomi Valkeinen Reviewed-by: Andrzej Hajda Signed-off-by: Andrzej Hajda Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-8-tomi.valkeinen@ti.com commit 7923e09c7a766e2d58de7fc395bb84c18e5bc625 Author: Tomi Valkeinen Date: Thu Jan 3 13:59:53 2019 +0200 drm/bridge: tc358767: fix output H/V syncs The H and V syncs of the DP output are always set to active high. This patch fixes the syncs by configuring them according to the videomode. Signed-off-by: Tomi Valkeinen Reviewed-by: Andrzej Hajda Signed-off-by: Andrzej Hajda Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-7-tomi.valkeinen@ti.com commit 51b9e62eb6950c762162ab7eb8390990179be067 Author: Tomi Valkeinen Date: Thu Jan 3 13:59:52 2019 +0200 drm/bridge: tc358767: reject modes which require too much BW The current driver accepts any videomode with pclk < 154MHz. This is not correct, as with 1 lane and/or 1.62Mbps speed not all videomodes can be supported. Add code to reject modes that require more bandwidth that is available. Signed-off-by: Tomi Valkeinen Reviewed-by: Andrzej Hajda Signed-off-by: Andrzej Hajda Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-6-tomi.valkeinen@ti.com commit 9a63bd6fe1b5590ffa42ae2ed22ee21363293e31 Author: Tomi Valkeinen Date: Thu Jan 3 13:59:51 2019 +0200 drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value Initially DP0_SRCCTRL is set to a static value which includes DP0_SRCCTRL_LANES_2 and DP0_SRCCTRL_BW27, even when only 1 lane of 1.62Gbps speed is used. DP1_SRCCTRL is configured to a magic number. This patch changes the configuration as follows: Configure DP0_SRCCTRL by using tc_srcctrl() which provides the correct value. DP1_SRCCTRL needs two bits to be set to the same value as DP0_SRCCTRL: SSCG and BW27. All other bits can be zero. Signed-off-by: Tomi Valkeinen Reviewed-by: Andrzej Hajda Signed-off-by: Andrzej Hajda Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-5-tomi.valkeinen@ti.com commit 4d9d54a730434cc068dd3515ba6116697196f77b Author: Tomi Valkeinen Date: Thu Jan 3 13:59:50 2019 +0200 drm/bridge: tc358767: fix single lane configuration PHY_2LANE bit is always set in DP_PHY_CTRL, breaking 1 lane use. Set PHY_2LANE only when 2 lanes are used. Signed-off-by: Tomi Valkeinen Reviewed-by: Andrzej Hajda Signed-off-by: Andrzej Hajda Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-4-tomi.valkeinen@ti.com commit adf4109896bbee27fd2ac3b48d22d6a0062fe517 Author: Tomi Valkeinen Date: Thu Jan 3 13:59:49 2019 +0200 drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE DP1_SRCCTRL register and PHY_2LANE field did not have matching defines. Add these. Signed-off-by: Tomi Valkeinen Reviewed-by: Andrzej Hajda Signed-off-by: Andrzej Hajda Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-3-tomi.valkeinen@ti.com commit 4842379cbe6e851de914a7132f76f4e200b9a98b Author: Tomi Valkeinen Date: Thu Jan 3 13:59:48 2019 +0200 drm/bridge: tc358767: add bus flags tc358767 driver does not set DRM bus_flags, even if it does configures the polarity settings into its registers. This means that the DPI source can't configure the polarities correctly. Add sync flags accordingly. Signed-off-by: Tomi Valkeinen Reviewed-by: Andrzej Hajda Signed-off-by: Andrzej Hajda Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-2-tomi.valkeinen@ti.com commit e4f358916d528d479c3c12bd2fd03f2d5a576380 Author: WANG Chao Date: Tue Dec 11 00:37:25 2018 +0800 x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE Commit 4cd24de3a098 ("x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support") replaced the RETPOLINE define with CONFIG_RETPOLINE checks. Remove the remaining pieces. [ bp: Massage commit message. ] Fixes: 4cd24de3a098 ("x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support") Signed-off-by: WANG Chao Signed-off-by: Borislav Petkov Reviewed-by: Zhenzhong Duan Reviewed-by: Masahiro Yamada Cc: "H. Peter Anvin" Cc: Andi Kleen Cc: Andrew Morton Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Daniel Borkmann Cc: David Woodhouse Cc: Geert Uytterhoeven Cc: Jessica Yu Cc: Jiri Kosina Cc: Kees Cook Cc: Konrad Rzeszutek Wilk Cc: Luc Van Oostenryck Cc: Michal Marek Cc: Miguel Ojeda Cc: Peter Zijlstra Cc: Tim Chen Cc: Vasily Gorbik Cc: linux-kbuild@vger.kernel.org Cc: srinivas.eeda@oracle.com Cc: stable Cc: x86-ml Link: https://lkml.kernel.org/r/20181210163725.95977-1-chao.wang@ucloud.cn commit 90802938f7e88045ace123e105e22e8c3e7f9c7e Author: Borislav Petkov Date: Tue Jan 8 17:38:29 2019 +0100 x86/cache: Rename config option to CONFIG_X86_RESCTRL CONFIG_RESCTRL is too generic. The final goal is to have a generic option called like this which is selected by the arch-specific ones CONFIG_X86_RESCTRL and CONFIG_ARM64_RESCTRL. The generic one will cover the resctrl filesystem and other generic and shared bits of functionality. Signed-off-by: Borislav Petkov Suggested-by: Ingo Molnar Requested-by: Linus Torvalds Cc: Babu Moger Cc: Fenghua Yu Cc: James Morse Cc: Reinette Chatre Cc: Tony Luck Cc: x86@kernel.org Link: http://lkml.kernel.org/r/20190108171401.GC12235@zn.tnic commit d1dd42110d2727e81b9265841a62bc84c454c3a2 Author: Kailang Yang Date: Wed Jan 9 17:05:24 2019 +0800 ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 Disable Headset Mic VREF for headset mode of ALC225. This will be controlled by coef bits of headset mode functions. [ Fixed a compile warning and code simplification -- tiwai ] Signed-off-by: Kailang Yang Cc: Signed-off-by: Takashi Iwai commit 4d4b0c52bde470c379f5d168d5c139ad866cb808 Author: Kailang Yang Date: Wed Jan 9 16:23:37 2019 +0800 ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 Forgot to add unplug function to unplug state of headset mode for ALC225. Signed-off-by: Kailang Yang Cc: Signed-off-by: Takashi Iwai commit 576b50ea235699d83758c0c514c65b8d486a159d Merge: 64598e8b6fdaf ee412f14693a3 Author: Ingo Molnar Date: Wed Jan 9 07:59:40 2019 +0100 Merge tag 'perf-core-for-mingo-5.0-20190108' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/core fixes and improvements from Arnaldo Carvalho de Melo: perf top: Arnaldo Carvalho de Melo: - Lift restriction on using callchains without "sym" in --sort perf trace: Arnaldo Carvalho de Melo: - Fix ')' placement in "interrupted" syscall lines. - Fix alignment for [continued] lines. perf tests: Florian Fainelli: - Add a test for the ARM 32-bit [vectors] page. tools lib traceevent: Tzvetomir Stoyanov: - Introduce new libtracevent API: tep_override_comm(). - Initialize host_bigendian at tep_handle allocation. - More namespacing changes. - Remove superfluous APIs. tools headers uapi: Arnaldo Carvalho de Melo: . Update linux/{fs,vhost}.h, grab a copy o linux/mount.h, where the MS_ mount flags were moved. Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 1cb95e072ede5e3d6a54eefd520db21b45985896 Author: Dan Williams Date: Tue Jan 8 15:34:52 2019 -0800 libnvdimm/dimm: Fix security capability detection for non-Intel NVDIMMs Kees reports a crash with the following signature... RIP: 0010:nvdimm_visible+0x79/0x80 [..] Call Trace: internal_create_group+0xf4/0x380 sysfs_create_groups+0x46/0xb0 device_add+0x331/0x680 nd_async_device_register+0x15/0x60 async_run_entry_fn+0x38/0x100 ...when starting a QEMU environment with "label-less" DIMM. Without labels QEMU does not publish any DSM methods. Without defined methods the NVDIMM_FAMILY type is not established and the nfit driver will skip registering security operations. In that case the security state should be initialized to a negative value in __nvdimm_create() and nvdimm_visible() should skip interrogating the specific ops. However, since 'enum nvdimm_security_state' was only defined to contain positive values the "if (nvdimm->sec.state < 0)" check always fails. Define a negative error state to allow negative state values to be handled as expected. Fixes: f2989396553a ("acpi/nfit, libnvdimm: Introduce nvdimm_security_ops") Reviewed-by: Dave Jiang Reported-by: Kees Cook Tested-by: Kees Cook Signed-off-by: Dan Williams commit ccb7f15a8a3c0c7a35389e4c8e083c424b4df79d Author: Nathan Chancellor Date: Tue Jan 8 22:00:37 2019 -0700 nfit: Mark some functions as __maybe_unused On arm64 little endian allyesconfig: drivers/acpi/nfit/intel.c:149:12: warning: unused function 'intel_security_unlock' [-Wunused-function] static int intel_security_unlock(struct nvdimm *nvdimm, ^ drivers/acpi/nfit/intel.c:230:12: warning: unused function 'intel_security_erase' [-Wunused-function] static int intel_security_erase(struct nvdimm *nvdimm, ^ drivers/acpi/nfit/intel.c:279:12: warning: unused function 'intel_security_query_overwrite' [-Wunused-function] static int intel_security_query_overwrite(struct nvdimm *nvdimm) ^ drivers/acpi/nfit/intel.c:316:12: warning: unused function 'intel_security_overwrite' [-Wunused-function] static int intel_security_overwrite(struct nvdimm *nvdimm, ^ 4 warnings generated. Mark these functions as __maybe_unused because they are only used when CONFIG_X86 is set. Fixes: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs") Suggested-by: Dan Williams Signed-off-by: Nathan Chancellor Signed-off-by: Dan Williams commit f0e9943725186ddbdc9718a559c26c5f507262f2 Author: Zhenyu Wang Date: Sat Dec 29 11:13:10 2018 +0800 drm/i915/gvt: Fix workload request allocation before request add In commit 6bb2a2af8b1b ("drm/i915/gvt: Fix crash after request->hw_context change"), forgot to handle workload scan path in ELSP handler case which was to optimize scanning earlier instead of in gvt submission thread, so request alloc and add was splitting then which is against right process. This trys to do a partial revert of that commit which still has workload request alloc helper and make sure shadow state population is handled after request alloc for target state buffer. v3: Fix missed workload status setting in request alloc error path v2: Fix dispatch workload err path that should add request after alloc anyway. Fixes: 6bb2a2af8b1b ("drm/i915/gvt: Fix crash after request->hw_context change") Cc: Bin Yang Cc: Chris Wilson Tested-by: Bin Yang Reviewed-by: Xiaolin Zhang Signed-off-by: Zhenyu Wang commit 40405851af73c59678ffd8f490e6b288c7fbaf29 Author: Jeff Moyer Date: Tue Jan 8 16:57:34 2019 -0500 block: clarify documentation for blk_{start|finish}_plug There was some confusion about what these functions did. Make it clear that this is a hint for upper layers to pass to the block layer, and that it does not guarantee that I/O will not be submitted between a start and finish plug. Reported-by: "Darrick J. Wong" Reviewed-by: Darrick J. Wong Reviewed-by: Ming Lei Signed-off-by: Jeff Moyer Signed-off-by: Jens Axboe commit cc29a1b0a3f2597ce887d339222fa85b9307706d Author: Logan Gunthorpe Date: Tue Jan 8 13:50:43 2019 -0700 scsi: isci: initialize shost fully before calling scsi_add_host() scsi_mq_setup_tags(), which is called by scsi_add_host(), calculates the command size to allocate based on the prot_capabilities. In the isci driver, scsi_host_set_prot() is called after scsi_add_host() so the command size gets calculated to be smaller than it needs to be. Eventually, scsi_mq_init_request() locates the 'prot_sdb' after the command assuming it was sized correctly and a buffer overrun may occur. However, seeing blk_mq_alloc_rqs() rounds up to the nearest cache line size, the mistake can go unnoticed. The bug was noticed after the struct request size was reduced by commit 9d037ad707ed ("block: remove req->timeout_list") Which likely reduced the allocated space for the request by an entire cache line, enough that the overflow could be hit and it caused a panic, on boot, at: RIP: 0010:t10_pi_complete+0x77/0x1c0 Call Trace: sd_done+0xf5/0x340 scsi_finish_command+0xc3/0x120 blk_done_softirq+0x83/0xb0 __do_softirq+0xa1/0x2e6 irq_exit+0xbc/0xd0 call_function_single_interrupt+0xf/0x20 sd_done() would call scsi_prot_sg_count() which reads the number of entities in 'prot_sdb', but seeing 'prot_sdb' is located after the end of the allocated space it reads a garbage number and erroneously calls t10_pi_complete(). To prevent this, the calls to scsi_host_set_prot() are moved into isci_host_alloc() before the call to scsi_add_host(). Out of caution, also move the similar call to scsi_host_set_guard(). Fixes: 3d2d75254915 ("[SCSI] isci: T10 DIF support") Link: http://lkml.kernel.org/r/da851333-eadd-163a-8c78-e1f4ec5ec857@deltatee.com Signed-off-by: Logan Gunthorpe Cc: Intel SCU Linux support Cc: Artur Paszkiewicz Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: Christoph Hellwig Cc: Jens Axboe Cc: Jeff Moyer Reviewed-by: Jeff Moyer Reviewed-by: Jens Axboe Signed-off-by: Martin K. Petersen commit a88cc8da0279f8e481b0d90e51a0a1cffac55906 Merge: 9cb2feb4d21d9 73444bc4d8f92 Author: Linus Torvalds Date: Tue Jan 8 18:58:29 2019 -0800 Merge branch 'akpm' (patches from Andrew) Merge misc fixes from Andrew Morton: "14 fixes" * emailed patches from Andrew Morton : mm, page_alloc: do not wake kswapd with zone lock held hugetlbfs: revert "use i_mmap_rwsem for more pmd sharing synchronization" hugetlbfs: revert "Use i_mmap_rwsem to fix page fault/truncate race" mm: page_mapped: don't assume compound page is huge or THP mm/memory.c: initialise mmu_notifier_range correctly tools/vm/page_owner: use page_owner_sort in the use example kasan: fix krealloc handling for tag-based mode kasan: make tag based mode work with CONFIG_HARDENED_USERCOPY kasan, arm64: use ARCH_SLAB_MINALIGN instead of manual aligning mm, memcg: fix reclaim deadlock with writeback mm/usercopy.c: no check page span for stack objects slab: alien caches must not be initialized if the allocation of the alien cache failed fork, memcg: fix cached_stacks case zram: idle writeback fixes and cleanup commit 5bd5f66cf142703e163459e1b36b73e265f0a0da Author: Gustavo A. R. Silva Date: Tue Nov 27 22:32:18 2018 -0600 scsi: lpfc: lpfc_sli: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Notice that, in this particular case, I replaced "Drop thru" and "Fall Thru" with "fall through" annotations, which is what GCC is expecting to find. Also, in some cases a dash is added as a token in order to separate the "fall through" annotation from the rest of the comment on the same line, which is what GCC is expecting to find. Addresses-Coverity-ID: 114979 ("Missing break in switch") Addresses-Coverity-ID: 114980 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva Acked-by: Dick Kennedy Signed-off-by: Martin K. Petersen commit 12de280b36f0e0599c7f170aa7f1058f3aeb6d9d Author: Gustavo A. R. Silva Date: Thu Jan 3 10:47:44 2019 -0600 scsi: smartpqi_init: fix boolean expression in pqi_device_remove_start Fix boolean expression by using logical AND operator '&&' instead of bitwise operator '&'. This issue was detected with the help of Coccinelle. Fixes: 1e46731efd9c ("scsi: smartpqi: check for null device pointers") Signed-off-by: Gustavo A. R. Silva Signed-off-by: Gustavo A. R. Silva Acked-by: Don Brace Signed-off-by: Martin K. Petersen commit 3f7e62bba0003f9c68f599f5997c4647ef5b4f4e Author: Stanley Chu Date: Thu Jan 3 22:08:05 2019 +0800 scsi: core: Synchronize request queue PM status only on successful resume The commit 356fd2663cff ("scsi: Set request queue runtime PM status back to active on resume") fixed up the inconsistent RPM status between request queue and device. However changing request queue RPM status shall be done only on successful resume, otherwise status may be still inconsistent as below, Request queue: RPM_ACTIVE Device: RPM_SUSPENDED This ends up soft lockup because requests can be submitted to underlying devices but those devices and their required resource are not resumed. For example, After above inconsistent status happens, IO request can be submitted to UFS device driver but required resource (like clock) is not resumed yet thus lead to warning as below call stack, WARN_ON(hba->clk_gating.state != CLKS_ON); ufshcd_queuecommand scsi_dispatch_cmd scsi_request_fn __blk_run_queue cfq_insert_request __elv_add_request blk_flush_plug_list blk_finish_plug jbd2_journal_commit_transaction kjournald2 We may see all behind IO requests hang because of no response from storage host or device and then soft lockup happens in system. In the end, system may crash in many ways. Fixes: 356fd2663cff (scsi: Set request queue runtime PM status back to active on resume) Cc: stable@vger.kernel.org Signed-off-by: Stanley Chu Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen commit 251f24e63fc291f288f765663e62cd575f048fd5 Author: Julia Lawall Date: Sun Dec 30 16:53:13 2018 +0100 scsi: pm80xx: reduce indentation Delete tab aligning a statement with the right hand side of a preceding assignment rather than the left hand side. Found with the help of Coccinelle. [mkp: added space] Signed-off-by: Julia Lawall Acked-by: Jack Wang Signed-off-by: Martin K. Petersen commit 72b4a0465f995175a2e22cf4a636bf781f1f28a7 Author: YueHaibing Date: Thu Dec 20 11:16:07 2018 +0800 scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param The return code should be check while qla4xxx_copy_from_fwddb_param fails. Signed-off-by: YueHaibing Acked-by: Manish Rangankar Signed-off-by: Martin K. Petersen commit d1f38d995e984db36449661fcbad1649c21883e7 Author: Tomas Henzl Date: Wed Jan 2 16:07:25 2019 +0100 scsi: megaraid_sas: correct an info message This was apparently forgotten in 894169db1 ("scsi: megaraid_sas: Use 63-bit DMA addressing"). Signed-off-by: Tomas Henzl Signed-off-by: Martin K. Petersen commit 621a4367d69509f35abb4559a2dd7179ea5acada Author: Leo Zhang Date: Mon Dec 24 00:18:27 2018 +0800 scsi: target/iscsi: fix error msg typo when create lio_qr_cache failed Signed-off-by: Leo Zhang Signed-off-by: Martin K. Petersen commit 44759979a49bfd2d20d789add7fa81a21eb1a4ab Author: Ivan Mironov Date: Sun Dec 23 12:41:58 2018 +0500 scsi: sd: Fix cache_type_store() Changing of caching mode via /sys/devices/.../scsi_disk/.../cache_type may fail if device responds to MODE SENSE command with DPOFUA flag set, and then checks this flag to be not set on MODE SELECT command. In this scenario, when trying to change cache_type, write always fails: # echo "none" >cache_type bash: echo: write error: Invalid argument And following appears in dmesg: [13007.865745] sd 1:0:1:0: [sda] Sense Key : Illegal Request [current] [13007.865753] sd 1:0:1:0: [sda] Add. Sense: Invalid field in parameter list From SBC-4 r15, 6.5.1 "Mode pages overview", description of DEVICE-SPECIFIC PARAMETER field in the mode parameter header: ... The write protect (WP) bit for mode data sent with a MODE SELECT command shall be ignored by the device server. ... The DPOFUA bit is reserved for mode data sent with a MODE SELECT command. ... The remaining bits in the DEVICE-SPECIFIC PARAMETER byte are also reserved and shall be set to zero. [mkp: shuffled commentary to commit description] Cc: stable@vger.kernel.org Signed-off-by: Ivan Mironov Signed-off-by: Martin K. Petersen commit d972f3dce8d161e2142da0ab1ef25df00e2f21a9 Author: Jason Gunthorpe Date: Tue Jan 8 23:27:06 2019 +0000 packet: Do not leak dev refcounts on error exit 'dev' is non NULL when the addr_len check triggers so it must goto a label that does the dev_put otherwise dev will have a leaked refcount. This bug causes the ib_ipoib module to become unloadable when using systemd-network as it triggers this check on InfiniBand links. Fixes: 99137b7888f4 ("packet: validate address length") Reported-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe Acked-by: Willem de Bruijn Signed-off-by: David S. Miller commit 9cb2feb4d21d97386eb25c7b67e2793efcc1e70a Author: Stafford Horne Date: Tue Jan 8 22:15:15 2019 +0900 arch/openrisc: Fix issues with access_ok() The commit 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'") exposed incorrect implementations of access_ok() macro in several architectures. This change fixes 2 issues found in OpenRISC. OpenRISC was not properly using parenthesis for arguments and also using arguments twice. This patch fixes those 2 issues. I test booted this patch with v5.0-rc1 on qemu and it's working fine. Cc: Guenter Roeck Cc: Linus Torvalds Reported-by: Linus Torvalds Signed-off-by: Stafford Horne Signed-off-by: Linus Torvalds commit 8a7f02f67c395949c768ae1cf4f12905a81e3cde Author: Xiaochun Lee Date: Sat Jan 5 16:08:38 2019 +0800 ACPI/nfit: delete the function to_acpi_nfit_desc The function to_acpi_nfit_desc and function to_acpi_desc do the same things,delete the function to_acpi_nfit_desc, and keep the inline function to_acpi_desc. Signed-off-by: Xiaochun Lee Signed-off-by: Dan Williams commit dadbcb450cb22acbc06bb53edf2bcc9261cb78f3 Author: Xiaochun Lee Date: Mon Jan 7 10:33:36 2019 +0800 ACPI/nfit: delete the redundant header file The header file "intel.h" is repeated here, So delete one. Signed-off-by: Xiaochun Lee Signed-off-by: Dan Williams commit 73444bc4d8f92e46a20cb6bd3342fc2ea75c6787 Author: Mel Gorman Date: Tue Jan 8 15:23:39 2019 -0800 mm, page_alloc: do not wake kswapd with zone lock held syzbot reported the following regression in the latest merge window and it was confirmed by Qian Cai that a similar bug was visible from a different context. ====================================================== WARNING: possible circular locking dependency detected 4.20.0+ #297 Not tainted ------------------------------------------------------ syz-executor0/8529 is trying to acquire lock: 000000005e7fb829 (&pgdat->kswapd_wait){....}, at: __wake_up_common_lock+0x19e/0x330 kernel/sched/wait.c:120 but task is already holding lock: 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: spin_lock include/linux/spinlock.h:329 [inline] 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: rmqueue_bulk mm/page_alloc.c:2548 [inline] 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: __rmqueue_pcplist mm/page_alloc.c:3021 [inline] 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: rmqueue_pcplist mm/page_alloc.c:3050 [inline] 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: rmqueue mm/page_alloc.c:3072 [inline] 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: get_page_from_freelist+0x1bae/0x52a0 mm/page_alloc.c:3491 It appears to be a false positive in that the only way the lock ordering should be inverted is if kswapd is waking itself and the wakeup allocates debugging objects which should already be allocated if it's kswapd doing the waking. Nevertheless, the possibility exists and so it's best to avoid the problem. This patch flags a zone as needing a kswapd using the, surprisingly, unused zone flag field. The flag is read without the lock held to do the wakeup. It's possible that the flag setting context is not the same as the flag clearing context or for small races to occur. However, each race possibility is harmless and there is no visible degredation in fragmentation treatment. While zone->flag could have continued to be unused, there is potential for moving some existing fields into the flags field instead. Particularly read-mostly ones like zone->initialized and zone->contiguous. Link: http://lkml.kernel.org/r/20190103225712.GJ31517@techsingularity.net Fixes: 1c30844d2dfe ("mm: reclaim small amounts of memory when an external fragmentation event occurs") Reported-by: syzbot+93d94a001cfbce9e60e1@syzkaller.appspotmail.com Signed-off-by: Mel Gorman Acked-by: Vlastimil Babka Tested-by: Qian Cai Cc: Dmitry Vyukov Cc: Vlastimil Babka Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ddeaab32a89f04b7e2a2df8771583a719c4ac6b7 Author: Mike Kravetz Date: Tue Jan 8 15:23:36 2019 -0800 hugetlbfs: revert "use i_mmap_rwsem for more pmd sharing synchronization" This reverts b43a9990055958e70347c56f90ea2ae32c67334c The reverted commit caused issues with migration and poisoning of anon huge pages. The LTP move_pages12 test will cause an "unable to handle kernel NULL pointer" BUG would occur with stack similar to: RIP: 0010:down_write+0x1b/0x40 Call Trace: migrate_pages+0x81f/0xb90 __ia32_compat_sys_migrate_pages+0x190/0x190 do_move_pages_to_node.isra.53.part.54+0x2a/0x50 kernel_move_pages+0x566/0x7b0 __x64_sys_move_pages+0x24/0x30 do_syscall_64+0x5b/0x180 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The purpose of the reverted patch was to fix some long existing races with huge pmd sharing. It used i_mmap_rwsem for this purpose with the idea that this could also be used to address truncate/page fault races with another patch. Further analysis has determined that i_mmap_rwsem can not be used to address all these hugetlbfs synchronization issues. Therefore, revert this patch while working an another approach to the underlying issues. Link: http://lkml.kernel.org/r/20190103235452.29335-2-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz Reported-by: Jan Stancek Cc: Michal Hocko Cc: Hugh Dickins Cc: Naoya Horiguchi Cc: "Aneesh Kumar K . V" Cc: Andrea Arcangeli Cc: "Kirill A . Shutemov" Cc: Davidlohr Bueso Cc: Prakash Sangappa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e7c58097793ef15d58fadf190ee58738fbf447cd Author: Mike Kravetz Date: Tue Jan 8 15:23:32 2019 -0800 hugetlbfs: revert "Use i_mmap_rwsem to fix page fault/truncate race" This reverts c86aa7bbfd5568ba8a82d3635d8f7b8a8e06fe54 The reverted commit caused ABBA deadlocks when file migration raced with file eviction for specific hugetlbfs files. This was discovered with a modified version of the LTP move_pages12 test. The purpose of the reverted patch was to close a long existing race between hugetlbfs file truncation and page faults. After more analysis of the patch and impacted code, it was determined that i_mmap_rwsem can not be used for all required synchronization. Therefore, revert this patch while working an another approach to the underlying issue. Link: http://lkml.kernel.org/r/20190103235452.29335-1-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz Reported-by: Jan Stancek Cc: Michal Hocko Cc: Hugh Dickins Cc: Naoya Horiguchi Cc: "Aneesh Kumar K . V" Cc: Andrea Arcangeli Cc: "Kirill A . Shutemov" Cc: Davidlohr Bueso Cc: Prakash Sangappa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8ab88c7169b7fba98812ead6524b9d05bc76cf00 Author: Jan Stancek Date: Tue Jan 8 15:23:28 2019 -0800 mm: page_mapped: don't assume compound page is huge or THP LTP proc01 testcase has been observed to rarely trigger crashes on arm64: page_mapped+0x78/0xb4 stable_page_flags+0x27c/0x338 kpageflags_read+0xfc/0x164 proc_reg_read+0x7c/0xb8 __vfs_read+0x58/0x178 vfs_read+0x90/0x14c SyS_read+0x60/0xc0 The issue is that page_mapped() assumes that if compound page is not huge, then it must be THP. But if this is 'normal' compound page (COMPOUND_PAGE_DTOR), then following loop can keep running (for HPAGE_PMD_NR iterations) until it tries to read from memory that isn't mapped and triggers a panic: for (i = 0; i < hpage_nr_pages(page); i++) { if (atomic_read(&page[i]._mapcount) >= 0) return true; } I could replicate this on x86 (v4.20-rc4-98-g60b548237fed) only with a custom kernel module [1] which: - allocates compound page (PAGEC) of order 1 - allocates 2 normal pages (COPY), which are initialized to 0xff (to satisfy _mapcount >= 0) - 2 PAGEC page structs are copied to address of first COPY page - second page of COPY is marked as not present - call to page_mapped(COPY) now triggers fault on access to 2nd COPY page at offset 0x30 (_mapcount) [1] https://github.com/jstancek/reproducers/blob/master/kernel/page_mapped_crash/repro.c Fix the loop to iterate for "1 << compound_order" pages. Kirrill said "IIRC, sound subsystem can producuce custom mapped compound pages". Link: http://lkml.kernel.org/r/c440d69879e34209feba21e12d236d06bc0a25db.1543577156.git.jstancek@redhat.com Fixes: e1534ae95004 ("mm: differentiate page_mapped() from page_mapcount() for compound pages") Signed-off-by: Jan Stancek Debugged-by: Laszlo Ersek Suggested-by: "Kirill A. Shutemov" Acked-by: Michal Hocko Acked-by: Kirill A. Shutemov Reviewed-by: David Hildenbrand Reviewed-by: Andrea Arcangeli Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 1ed7293ac40c5b1950b8ab21b6bc1838578ae2ad Author: Matthew Wilcox Date: Tue Jan 8 15:23:25 2019 -0800 mm/memory.c: initialise mmu_notifier_range correctly One of the paths in follow_pte_pmd() initialised the mmu_notifier_range incorrectly. Link: http://lkml.kernel.org/r/20190103002126.GM6310@bombadil.infradead.org Fixes: ac46d4f3c432 ("mm/mmu_notifier: use structure for invalidate_range_start/end calls v2") Signed-off-by: Matthew Wilcox Tested-by: Dave Chinner Reviewed-by: Jérôme Glisse Cc: John Hubbard Cc: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit aff876dcf4461f311adbdf39ce48c134b3f99c49 Author: Miles Chen Date: Tue Jan 8 15:23:22 2019 -0800 tools/vm/page_owner: use page_owner_sort in the use example The example in comment does not useable because the output binary is named "page_owner_sort", not "sort". Also add a reference to Documentation/vm/page_owner.rst Link: http://lkml.kernel.org/r/1546515361-8317-1-git-send-email-miles.chen@mediatek.com Signed-off-by: Miles Chen Reviewed-by: Andrew Morton Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit a3fe7cdf02e318870fb71218726cc2321ff41f30 Author: Andrey Konovalov Date: Tue Jan 8 15:23:18 2019 -0800 kasan: fix krealloc handling for tag-based mode Right now tag-based KASAN can retag the memory that is reallocated via krealloc and return a differently tagged pointer even if the same slab object gets used and no reallocated technically happens. There are a few issues with this approach. One is that krealloc callers can't rely on comparing the return value with the passed argument to check whether reallocation happened. Another is that if a caller knows that no reallocation happened, that it can access object memory through the old pointer, which leads to false positives. Look at nf_ct_ext_add() to see an example. Fix this by keeping the same tag if the memory don't actually gets reallocated during krealloc. Link: http://lkml.kernel.org/r/bb2a71d17ed072bcc528cbee46fcbd71a6da3be4.1546540962.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov Cc: Andrey Ryabinin Cc: Christoph Lameter Cc: Dmitry Vyukov Cc: Mark Rutland Cc: Vincenzo Frascino Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 96fedce27e1356a2fff1c270710d9405848db562 Author: Andrey Konovalov Date: Tue Jan 8 15:23:15 2019 -0800 kasan: make tag based mode work with CONFIG_HARDENED_USERCOPY With CONFIG_HARDENED_USERCOPY enabled __check_heap_object() compares and then subtracts a potentially tagged pointer with a non-tagged address of the page that this pointer belongs to, which leads to unexpected behavior. Untag the pointer in __check_heap_object() before doing any of these operations. Link: http://lkml.kernel.org/r/7e756a298d514c4482f52aea6151db34818d395d.1546540962.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov Cc: Andrey Ryabinin Cc: Christoph Lameter Cc: Dmitry Vyukov Cc: Mark Rutland Cc: Vincenzo Frascino Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit eb214f2dda31ffa989033b1e0f848ba0d3cb6188 Author: Andrey Konovalov Date: Tue Jan 8 15:23:11 2019 -0800 kasan, arm64: use ARCH_SLAB_MINALIGN instead of manual aligning Instead of changing cache->align to be aligned to KASAN_SHADOW_SCALE_SIZE in kasan_cache_create() we can reuse the ARCH_SLAB_MINALIGN macro. Link: http://lkml.kernel.org/r/52ddd881916bcc153a9924c154daacde78522227.1546540962.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov Suggested-by: Vincenzo Frascino Cc: Andrey Ryabinin Cc: Christoph Lameter Cc: Dmitry Vyukov Cc: Mark Rutland Cc: Vincenzo Frascino Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 63f3655f950186752236bb88a22f8252c11ce394 Author: Michal Hocko Date: Tue Jan 8 15:23:07 2019 -0800 mm, memcg: fix reclaim deadlock with writeback Liu Bo has experienced a deadlock between memcg (legacy) reclaim and the ext4 writeback task1: wait_on_page_bit+0x82/0xa0 shrink_page_list+0x907/0x960 shrink_inactive_list+0x2c7/0x680 shrink_node_memcg+0x404/0x830 shrink_node+0xd8/0x300 do_try_to_free_pages+0x10d/0x330 try_to_free_mem_cgroup_pages+0xd5/0x1b0 try_charge+0x14d/0x720 memcg_kmem_charge_memcg+0x3c/0xa0 memcg_kmem_charge+0x7e/0xd0 __alloc_pages_nodemask+0x178/0x260 alloc_pages_current+0x95/0x140 pte_alloc_one+0x17/0x40 __pte_alloc+0x1e/0x110 alloc_set_pte+0x5fe/0xc20 do_fault+0x103/0x970 handle_mm_fault+0x61e/0xd10 __do_page_fault+0x252/0x4d0 do_page_fault+0x30/0x80 page_fault+0x28/0x30 task2: __lock_page+0x86/0xa0 mpage_prepare_extent_to_map+0x2e7/0x310 [ext4] ext4_writepages+0x479/0xd60 do_writepages+0x1e/0x30 __writeback_single_inode+0x45/0x320 writeback_sb_inodes+0x272/0x600 __writeback_inodes_wb+0x92/0xc0 wb_writeback+0x268/0x300 wb_workfn+0xb4/0x390 process_one_work+0x189/0x420 worker_thread+0x4e/0x4b0 kthread+0xe6/0x100 ret_from_fork+0x41/0x50 He adds "task1 is waiting for the PageWriteback bit of the page that task2 has collected in mpd->io_submit->io_bio, and tasks2 is waiting for the LOCKED bit the page which tasks1 has locked" More precisely task1 is handling a page fault and it has a page locked while it charges a new page table to a memcg. That in turn hits a memory limit reclaim and the memcg reclaim for legacy controller is waiting on the writeback but that is never going to finish because the writeback itself is waiting for the page locked in the #PF path. So this is essentially ABBA deadlock: lock_page(A) SetPageWriteback(A) unlock_page(A) lock_page(B) lock_page(B) pte_alloc_pne shrink_page_list wait_on_page_writeback(A) SetPageWriteback(B) unlock_page(B) # flush A, B to clear the writeback This accumulating of more pages to flush is used by several filesystems to generate a more optimal IO patterns. Waiting for the writeback in legacy memcg controller is a workaround for pre-mature OOM killer invocations because there is no dirty IO throttling available for the controller. There is no easy way around that unfortunately. Therefore fix this specific issue by pre-allocating the page table outside of the page lock. We have that handy infrastructure for that already so simply reuse the fault-around pattern which already does this. There are probably other hidden __GFP_ACCOUNT | GFP_KERNEL allocations from under a fs page locked but they should be really rare. I am not aware of a better solution unfortunately. [akpm@linux-foundation.org: fix mm/memory.c:__do_fault()] [akpm@linux-foundation.org: coding-style fixes] [mhocko@kernel.org: enhance comment, per Johannes] Link: http://lkml.kernel.org/r/20181214084948.GA5624@dhcp22.suse.cz Link: http://lkml.kernel.org/r/20181213092221.27270-1-mhocko@kernel.org Fixes: c3b94f44fcb0 ("memcg: further prevent OOM with too many dirty pages") Signed-off-by: Michal Hocko Reported-by: Liu Bo Debugged-by: Liu Bo Acked-by: Kirill A. Shutemov Acked-by: Johannes Weiner Reviewed-by: Liu Bo Cc: Jan Kara Cc: Dave Chinner Cc: Theodore Ts'o Cc: Vladimir Davydov Cc: Shakeel Butt Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7bff3c06997374fb9b9991536a547b840549a813 Author: Qian Cai Date: Tue Jan 8 15:23:04 2019 -0800 mm/usercopy.c: no check page span for stack objects It is easy to trigger this with CONFIG_HARDENED_USERCOPY_PAGESPAN=y, usercopy: Kernel memory overwrite attempt detected to spans multiple pages (offset 0, size 23)! kernel BUG at mm/usercopy.c:102! For example, print_worker_info char name[WQ_NAME_LEN] = { }; char desc[WORKER_DESC_LEN] = { }; probe_kernel_read(name, wq->name, sizeof(name) - 1); probe_kernel_read(desc, worker->desc, sizeof(desc) - 1); __copy_from_user_inatomic check_object_size check_heap_object check_page_span This is because on-stack variables could cross PAGE_SIZE boundary, and failed this check, if (likely(((unsigned long)ptr & (unsigned long)PAGE_MASK) == ((unsigned long)end & (unsigned long)PAGE_MASK))) ptr = FFFF889007D7EFF8 end = FFFF889007D7F00E Hence, fix it by checking if it is a stack object first. [keescook@chromium.org: improve comments after reorder] Link: http://lkml.kernel.org/r/20190103165151.GA32845@beast Link: http://lkml.kernel.org/r/20181231030254.99441-1-cai@lca.pw Signed-off-by: Qian Cai Signed-off-by: Kees Cook Acked-by: Kees Cook Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 09c2e76ed734a1d36470d257a778aaba28e86531 Author: Christoph Lameter Date: Tue Jan 8 15:23:00 2019 -0800 slab: alien caches must not be initialized if the allocation of the alien cache failed Callers of __alloc_alien() check for NULL. We must do the same check in __alloc_alien_cache to avoid NULL pointer dereferences on allocation failures. Link: http://lkml.kernel.org/r/010001680f42f192-82b4e12e-1565-4ee0-ae1f-1e98974906aa-000000@email.amazonses.com Fixes: 49dfc304ba241 ("slab: use the lock on alien_cache, instead of the lock on array_cache") Fixes: c8522a3a5832b ("Slab: introduce alloc_alien") Signed-off-by: Christoph Lameter Reported-by: syzbot+d6ed4ec679652b4fd4e4@syzkaller.appspotmail.com Reviewed-by: Andrew Morton Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ba4a45746c362b665e245c50b870615f02f34781 Author: Shakeel Butt Date: Tue Jan 8 15:22:57 2019 -0800 fork, memcg: fix cached_stacks case Commit 5eed6f1dff87 ("fork,memcg: fix crash in free_thread_stack on memcg charge fail") fixes a crash caused due to failed memcg charge of the kernel stack. However the fix misses the cached_stacks case which this patch fixes. So, the same crash can happen if the memcg charge of a cached stack is failed. Link: http://lkml.kernel.org/r/20190102180145.57406-1-shakeelb@google.com Fixes: 5eed6f1dff87 ("fork,memcg: fix crash in free_thread_stack on memcg charge fail") Signed-off-by: Shakeel Butt Acked-by: Michal Hocko Acked-by: Rik van Riel Cc: Rik van Riel Cc: Roman Gushchin Cc: Johannes Weiner Cc: Tejun Heo Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 1d69a3f8ae77e3dbfdc1356225cce5ea9c366aec Author: Minchan Kim Date: Tue Jan 8 15:22:53 2019 -0800 zram: idle writeback fixes and cleanup This patch includes some fixes and cleanup for idle-page writeback. 1. writeback_limit interface Now writeback_limit interface is rather conusing. For example, once writeback limit budget is exausted, admin can see 0 from /sys/block/zramX/writeback_limit which is same semantic with disable writeback_limit at this moment. IOW, admin cannot tell that zero came from disable writeback limit or exausted writeback limit. To make the interface clear, let's sepatate enable of writeback limit to another knob - /sys/block/zram0/writeback_limit_enable * before: while true : # to re-enable writeback limit once previous one is used up echo 0 > /sys/block/zram0/writeback_limit echo $((200<<20)) > /sys/block/zram0/writeback_limit .. .. # used up the writeback limit budget * new # To enable writeback limit, from the beginning, admin should # enable it. echo $((200<<20)) > /sys/block/zram0/writeback_limit echo 1 > /sys/block/zram/0/writeback_limit_enable while true : echo $((200<<20)) > /sys/block/zram0/writeback_limit .. .. # used up the writeback limit budget It's much strightforward. 2. fix condition check idle/huge writeback mode check The mode in writeback_store is not bit opeartion any more so no need to use bit operations. Furthermore, current condition check is broken in that it does writeback every pages regardless of huge/idle. 3. clean up idle_store No need to use goto. [minchan@kernel.org: missed spin_lock_init] Link: http://lkml.kernel.org/r/20190103001601.GA255139@google.com Link: http://lkml.kernel.org/r/20181224033529.19450-1-minchan@kernel.org Signed-off-by: Minchan Kim Suggested-by: John Dias Cc: Sergey Senozhatsky Cc: John Dias Cc: Srinivas Paladugu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 917cb8a72a94d198073ad1e087685f801292042d Author: Steve Wise Date: Mon Jan 7 11:01:13 2019 -0800 RDMA/cma: Add cm_id restrack resource based on kernel or user cm_id type A recent regression causes a null ptr crash when dumping cm_id resources. The cma is incorrectly adding all cm_id restrack resources as kernel mode. Fixes: af8d70375d56 ("RDMA/restrack: Resource-tracker should not use uobject pointers") Signed-off-by: Steve Wise Reviewed-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 19a220dd1e8a1b1d8e5e2f8f4a25313c4b02d527 Author: Jerome Brunet Date: Tue Aug 28 14:27:35 2018 +0200 arm64: defconfig: enable modules for amlogic s400 sound card Compile the necessary drivers as modules, including codecs, for the s400 sound card. Signed-off-by: Jerome Brunet Signed-off-by: Kevin Hilman commit c235316d935a19deedc2fc48076798c9a56e1a7c Author: Lyude Paul Date: Tue Jan 8 16:11:29 2019 -0500 drm/dp_mst: Add __must_check to drm_dp_mst_topology_mgr_resume() Since I've had to fix two cases of drivers not checking the return code from this function, let's make the compiler complain so this doesn't come up again in the future. Changes since v1: * Remove unneeded __must_check in function declaration - danvet Signed-off-by: Lyude Paul Cc: Jerry Zuo Reviewed-by: Daniel Vetter Reviewed-by: Harry Wentland Link: https://patchwork.freedesktop.org/patch/msgid/20190108211133.32564-4-lyude@redhat.com commit 2d1af6a11cb9d88e0e3dd10258904c437fe1b315 Author: Lyude Paul Date: Tue Jan 8 16:11:28 2019 -0500 drm/amdgpu: Don't fail resume process if resuming atomic state fails This is an ugly one unfortunately. Currently, all DRM drivers supporting atomic modesetting will save the state that userspace had set before suspending, then attempt to restore that state on resume. This probably worked very well at one point, like many other things, until DP MST came into the picture. While it's easy to restore state on normal display connectors that were disconnected during suspend regardless of their state post-resume, this can't really be done with MST because of the fact that setting up a downstream sink requires performing sideband transactions between the source and the MST hub, sending out the ACT packets, etc. Because of this, there isn't really a guarantee that we can restore the atomic state we had before suspend once we've resumed. This sucks pretty bad, but so far I haven't run into any compositors that this actually causes serious issues with. Most compositors will notice the hotplug we send afterwards, and then reprobe state. Since nouveau and i915 also don't fail the suspend/resume process due to failing to restore the atomic state, let's make amdgpu match this behavior. Better to resume the GPU properly, then to stop the process half way because of a potentially unavoidable atomic commit failure. Eventually, we'll have a real fix for this problem on the DRM level. But we've got some more important low-hanging fruit to deal with first. Signed-off-by: Lyude Paul Reviewed-by: Harry Wentland Cc: Jerry Zuo Cc: # v4.15+ Link: https://patchwork.freedesktop.org/patch/msgid/20190108211133.32564-3-lyude@redhat.com commit fe7553bef8d676d1d8b40666868b33ec39b9df5d Author: Lyude Paul Date: Tue Jan 8 16:11:27 2019 -0500 drm/amdgpu: Don't ignore rc from drm_dp_mst_topology_mgr_resume() drm_dp_mst_topology_mgr_resume() returns whether or not it managed to find the topology in question after a suspend resume cycle, and the driver is supposed to check this value and disable MST accordingly if it's gone-in addition to sending a hotplug in order to notify userspace that something changed during suspend. Currently, amdgpu just makes the mistake of ignoring the return code from drm_dp_mst_topology_mgr_resume() which means that if a topology was removed in suspend, amdgpu never notices and assumes it's still connected which leads to all sorts of problems. So, fix this by actually checking the rc from drm_dp_mst_topology_mgr_resume(). Also, reformat the rest of the function while we're at it to fix the over-indenting. Signed-off-by: Lyude Paul Reviewed-by: Harry Wentland Cc: Jerry Zuo Cc: # v4.15+ Link: https://patchwork.freedesktop.org/patch/msgid/20190108211133.32564-2-lyude@redhat.com commit 715849ab31f8e57bbad84cc6c38912aeba6beb21 Author: Pablo Neira Ayuso Date: Tue Jan 8 23:18:58 2019 +0100 netfilter: nf_tables: selective rule dump needs table to be specified Table needs to be specified for selective rule dumps per chain. Fixes: 241faeceb849c ("netfilter: nf_tables: Speed up selective rule dumps") Reported-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso commit b91d9036883793122cf6575ca4dfbfbdd201a83d Author: Taehee Yoo Date: Fri Jan 4 17:56:16 2019 +0900 netfilter: nf_tables: fix leaking object reference count There is no code that decreases the reference count of stateful objects in error path of the nft_add_set_elem(). this causes a leak of reference count of stateful objects. Test commands: $nft add table ip filter $nft add counter ip filter c1 $nft add map ip filter m1 { type ipv4_addr : counter \;} $nft add element ip filter m1 { 1 : c1 } $nft add element ip filter m1 { 1 : c1 } $nft delete element ip filter m1 { 1 } $nft delete counter ip filter c1 Result: Error: Could not process rule: Device or resource busy delete counter ip filter c1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ At the second 'nft add element ip filter m1 { 1 : c1 }', the reference count of the 'c1' is increased then it tries to insert into the 'm1'. but the 'm1' already has same element so it returns -EEXIST. But it doesn't decrease the reference count of the 'c1' in the error path. Due to a leak of the reference count of the 'c1', the 'c1' can't be removed by 'nft delete counter ip filter c1'. Fixes: 8aeff920dcc9 ("netfilter: nf_tables: add stateful object reference to set elements") Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso commit 310529e663ed975d564cf029f878583e70c3b8a3 Author: Phil Sutter Date: Sun Dec 30 17:27:43 2018 +0100 netfilter: nf_tables: Fix for endless loop when dumping ruleset __nf_tables_dump_rules() stores the current idx value into cb->args[0] before returning to caller. With multiple chains present, cb->args[0] is therefore updated after each chain's rules have been traversed. This though causes the final nf_tables_dump_rules() run (which should return an skb->len of zero since no rules are left to dump) to continue dumping rules for each but the first chain. Fix this by moving the cb->args[0] update to nf_tables_dump_rules(). With no final action to be performed anymore in __nf_tables_dump_rules(), drop 'out_unfinished' jump label and 'rc' variable - instead return the appropriate value directly. Fixes: 241faeceb849c ("netfilter: nf_tables: Speed up selective rule dumps") Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso commit 4314b1f68a3f655f75010ab04bb57419eab34ec3 Merge: 11287b693d038 4fabf3bf93a19 Author: David S. Miller Date: Tue Jan 8 16:53:54 2019 -0500 Merge branch 'mlxsw-fixes' Daniel Borkmann says: ==================== pull-request: bpf 2019-01-08 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix BSD'ism in sendmsg(2) to rewrite unspecified IPv6 dst for unconnected UDP sockets with [::1] _after_ cgroup BPF invocation, from Andrey. 2) Follow-up fix to the speculation fix where we need to reject a corner case for sanitation when ptr and scalars are mixed in the same alu op. Also, some unrelated minor doc fixes, from Daniel. 3) Fix BPF kselftest's incorrect uses of create_and_get_cgroup() by not assuming fd of zero value to be the result of an error case, from Stanislav. ==================== Signed-off-by: David S. Miller commit 4fabf3bf93a194c7fa5288da3e0af37e4b943cf3 Author: Ido Schimmel Date: Tue Jan 8 16:48:14 2019 +0000 selftests: forwarding: Add a test for VLAN deletion Add a VLAN on a bridge port, delete it and make sure the PVID VLAN is not affected. Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 674bed5df4cab8f96d04f7b99608883a48f9226b Author: Ido Schimmel Date: Tue Jan 8 16:48:13 2019 +0000 mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion When a VLAN is deleted from a bridge port we should not change the PVID unless the deleted VLAN is the PVID. Fixes: fe9ccc785de5 ("mlxsw: spectrum_switchdev: Don't batch VLAN operations") Signed-off-by: Ido Schimmel Acked-by: Jiri Pirko Signed-off-by: David S. Miller commit 289fb44df4e4c3fe977ee4b451e1d11e10227654 Author: Ido Schimmel Date: Tue Jan 8 16:48:12 2019 +0000 selftests: forwarding: Fix test for different devices When running the test on the Spectrum ASIC the generated packets are counted on the ingress filter and injected back to the pipeline because of the 'pass' action. The router block then drops the packets due to checksum error, as the test generates packets with zero checksum. When running the test on an emulator that is not as strict about checksum errors the test fails since packets are counted twice. Once by the emulated ASIC on its ingress filter and again by the kernel as the emulator does not perform checksum validation and allows the packets to be trapped by a matching host route. Fix this by changing the action to 'drop', which will prevent the packet from continuing further in the pipeline to the router block. For veth pairs this change is essentially a NOP given packets are only processed once (by the kernel). Fixes: a0b61f3d8ebf ("selftests: forwarding: vxlan_bridge_1d: Add an ECN decap test") Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: David S. Miller commit 279737939a8194f02fa352ab4476a1b241f44ef4 Author: Ido Schimmel Date: Tue Jan 8 16:48:11 2019 +0000 net: bridge: Fix VLANs memory leak When adding / deleting VLANs to / from a bridge port, the bridge driver first tries to propagate the information via switchdev and falls back to the 8021q driver in case the underlying driver does not support switchdev. This can result in a memory leak [1] when VXLAN and mlxsw ports are enslaved to the bridge: $ ip link set dev vxlan0 master br0 # No mlxsw ports are enslaved to 'br0', so mlxsw ignores the switchdev # notification and the bridge driver adds the VLAN on 'vxlan0' via the # 8021q driver $ bridge vlan add vid 10 dev vxlan0 pvid untagged # mlxsw port is enslaved to the bridge $ ip link set dev swp1 master br0 # mlxsw processes the switchdev notification and the 8021q driver is # skipped $ bridge vlan del vid 10 dev vxlan0 This results in 'struct vlan_info' and 'struct vlan_vid_info' being leaked, as they were allocated by the 8021q driver during VLAN addition, but never freed as the 8021q driver was skipped during deletion. Fix this by introducing a new VLAN private flag that indicates whether the VLAN was added on the port by switchdev or the 8021q driver. If the VLAN was added by the 8021q driver, then we make sure to delete it via the 8021q driver as well. [1] unreferenced object 0xffff88822d20b1e8 (size 256): comm "bridge", pid 2532, jiffies 4295216998 (age 1188.830s) hex dump (first 32 bytes): e0 42 97 ce 81 88 ff ff 00 00 00 00 00 00 00 00 .B.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000f82d851d>] kmem_cache_alloc_trace+0x1be/0x330 [<00000000e0178b02>] vlan_vid_add+0x661/0x920 [<00000000218ebd5f>] __vlan_add+0x1be9/0x3a00 [<000000006eafa1ca>] nbp_vlan_add+0x8b3/0xd90 [<000000003535392c>] br_vlan_info+0x132/0x410 [<00000000aedaa9dc>] br_afspec+0x75c/0x870 [<00000000f5716133>] br_setlink+0x3dc/0x6d0 [<00000000aceca5e2>] rtnl_bridge_setlink+0x615/0xb30 [<00000000a2f2d23e>] rtnetlink_rcv_msg+0x3a3/0xa80 [<0000000064097e69>] netlink_rcv_skb+0x152/0x3c0 [<000000008be8d614>] rtnetlink_rcv+0x21/0x30 [<000000009ab2ca25>] netlink_unicast+0x52f/0x740 [<00000000e7d9ac96>] netlink_sendmsg+0x9c7/0xf50 [<000000005d1e2050>] sock_sendmsg+0xbe/0x120 [<00000000d51426bc>] ___sys_sendmsg+0x778/0x8f0 [<00000000b9d7b2cc>] __sys_sendmsg+0x112/0x270 unreferenced object 0xffff888227454308 (size 32): comm "bridge", pid 2532, jiffies 4295216998 (age 1188.882s) hex dump (first 32 bytes): 88 b2 20 2d 82 88 ff ff 88 b2 20 2d 82 88 ff ff .. -...... -.... 81 00 0a 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000f82d851d>] kmem_cache_alloc_trace+0x1be/0x330 [<0000000018050631>] vlan_vid_add+0x3e6/0x920 [<00000000218ebd5f>] __vlan_add+0x1be9/0x3a00 [<000000006eafa1ca>] nbp_vlan_add+0x8b3/0xd90 [<000000003535392c>] br_vlan_info+0x132/0x410 [<00000000aedaa9dc>] br_afspec+0x75c/0x870 [<00000000f5716133>] br_setlink+0x3dc/0x6d0 [<00000000aceca5e2>] rtnl_bridge_setlink+0x615/0xb30 [<00000000a2f2d23e>] rtnetlink_rcv_msg+0x3a3/0xa80 [<0000000064097e69>] netlink_rcv_skb+0x152/0x3c0 [<000000008be8d614>] rtnetlink_rcv+0x21/0x30 [<000000009ab2ca25>] netlink_unicast+0x52f/0x740 [<00000000e7d9ac96>] netlink_sendmsg+0x9c7/0xf50 [<000000005d1e2050>] sock_sendmsg+0xbe/0x120 [<00000000d51426bc>] ___sys_sendmsg+0x778/0x8f0 [<00000000b9d7b2cc>] __sys_sendmsg+0x112/0x270 Fixes: d70e42b22dd4 ("mlxsw: spectrum: Enable VxLAN enslavement to VLAN-aware bridges") Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Cc: Roopa Prabhu Cc: Nikolay Aleksandrov Cc: bridge@lists.linux-foundation.org Acked-by: Nikolay Aleksandrov Signed-off-by: David S. Miller commit 16dc42e4511172aa3a4d49931597582c9ff78843 Author: Ido Schimmel Date: Tue Jan 8 16:48:10 2019 +0000 selftests: mlxsw: Add a test case for VLAN addition error flow Add a test case for the issue fixed by previous commit. In case the offloading of an unsupported VxLAN tunnel was triggered by adding the mapped VLAN to a local port, then error should be returned to the user. Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: David S. Miller commit 412283eedc138381e24d8c1304a3c5b298c503c4 Author: Ido Schimmel Date: Tue Jan 8 16:48:08 2019 +0000 mlxsw: spectrum_nve: Replace error code with EINVAL Adding a VLAN on a port can trigger the offload of a VXLAN tunnel which is already a member in the VLAN. In case the configuration of the VXLAN is not supported, the driver would return -EOPNOTSUPP. This is problematic since bridge code does not interpret this as error, but rather that it should try to setup the VLAN using the 8021q driver instead of switchdev. Fixes: d70e42b22dd4 ("mlxsw: spectrum: Enable VxLAN enslavement to VLAN-aware bridges") Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: David S. Miller commit 457e20d659247a09524e276aed46f19d853701d0 Author: Ido Schimmel Date: Tue Jan 8 16:48:07 2019 +0000 mlxsw: spectrum_switchdev: Avoid returning errors in commit phase Drivers are not supposed to return errors in switchdev commit phase if they returned OK in prepare phase. Otherwise, a WARNING is emitted. However, when the offloading of a VXLAN tunnel is triggered by the addition of a VLAN on a local port, it is not possible to guarantee that the commit phase will succeed without doing a lot of work. In these cases, the artificial division between prepare and commit phase does not make sense, so simply do the work in the prepare phase. Fixes: d70e42b22dd4 ("mlxsw: spectrum: Enable VxLAN enslavement to VLAN-aware bridges") Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: David S. Miller commit 143a8e038ac599ca73c6354c8af6a8fdeee9fa7d Author: Ido Schimmel Date: Tue Jan 8 16:48:06 2019 +0000 mlxsw: spectrum: Add VXLAN dependency for spectrum When VXLAN is a loadable module, MLXSW_SPECTRUM must not be built-in: drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c:2547: undefined reference to `vxlan_fdb_find_uc' Add Kconfig dependency to enforce usable configurations. Fixes: 1231e04f5bba ("mlxsw: spectrum_switchdev: Add support for VxLAN encapsulation") Signed-off-by: Ido Schimmel Reported-by: kbuild test robot Reviewed-by: Petr Machata Signed-off-by: David S. Miller commit 8adbe212a159d9c78a90fca1d854f6e63452426b Author: Jiri Pirko Date: Tue Jan 8 16:48:05 2019 +0000 mlxsw: spectrum: Disable lag port TX before removing it Make sure that lag port TX is disabled before mlxsw_sp_port_lag_leave() is called and prevent from possible EMAD error. Fixes: 0d65fc13042f ("mlxsw: spectrum: Implement LAG port join/leave") Signed-off-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit 04d075b7aa8433dc3c98e14c571705effc318cd8 Author: Nir Dotan Date: Tue Jan 8 16:48:04 2019 +0000 mlxsw: spectrum_acl: Remove ASSERT_RTNL()s in module removal flow Removal of the mlxsw driver on Spectrum-2 platforms hits an ASSERT_RTNL() in Spectrum-2 ACL Bloom filter and in ERP removal paths. This happens because the multicast router implementation in Spectrum-2 relies on ACLs. Taking the RTNL lock upon driver removal is useless since the driver first removes its ports and unregisters from notifiers so concurrent writes cannot happen at that time. The assertions were originally put as a reminder for future work involving ERP background optimization, but having these assertions only during addition serves this purpose as well. Therefore remove the ASSERT_RTNL() in both places related to ERP and Bloom filter removal. Fixes: cf7221a4f5a5 ("mlxsw: spectrum_router: Add Multicast routing support for Spectrum-2") Signed-off-by: Nir Dotan Reviewed-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit ff0db43cd6c530ff944773ccf48ece55d32d0c22 Author: Nir Dotan Date: Tue Jan 8 16:48:03 2019 +0000 mlxsw: spectrum_acl: Add cleanup after C-TCAM update error condition When writing to C-TCAM, mlxsw driver uses cregion->ops->entry_insert(). In case of C-TCAM HW insertion error, the opposite action should take place. Add error handling case in which the C-TCAM region entry is removed, by calling cregion->ops->entry_remove(). Fixes: a0a777b9409f ("mlxsw: spectrum_acl: Start using A-TCAM") Signed-off-by: Nir Dotan Reviewed-by: Jiri Pirko Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller commit f5c9571e2265b3cbfad2ed41ba60c3da474daa61 Author: Amadeusz Sławiński Date: Tue Jan 8 21:03:11 2019 +0100 ALSA: usb-audio: fix CM6206 register definitions fix typo after a recent commit causing headphones to have no sound Fixes: ad43d528a7ac (ALSA: usb-audio: Define registers for CM6206) Signed-off-by: Amadeusz Sławiński Signed-off-by: Takashi Iwai commit 11287b693d03830010356339e4ceddf47dee34fa Author: Heiner Kallweit Date: Mon Jan 7 21:49:09 2019 +0100 r8169: load Realtek PHY driver module before r8169 This soft dependency works around an issue where sometimes the genphy driver is used instead of the dedicated PHY driver. The root cause of the issue isn't clear yet. People reported the unloading/re-loading module r8169 helps, and also configuring this soft dependency in the modprobe config files. Important just seems to be that the realtek module is loaded before r8169. Once this has been applied preliminary fix 38af4b903210 ("net: phy: add workaround for issue where PHY driver doesn't bind to the device") will be removed. Fixes: f1e911d5d0df ("r8169: add basic phylib support") Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit c4a32b266da7bb702e60381ca0c35eaddbc89a6c Author: Yu Zhao Date: Mon Jan 7 15:51:15 2019 -0700 drm/amdgpu: validate user GEM object size When creating frame buffer, userspace may request to attach to a previously allocated GEM object that is smaller than what GPU requires. Validation must be done to prevent out-of-bound DMA, otherwise it could be exploited to reveal sensitive data. This fix is not done in a common code path because individual driver might have different requirement. Cc: stable@vger.kernel.org # v4.2+ Reviewed-by: Michel Dänzer Signed-off-by: Yu Zhao Signed-off-by: Alex Deucher commit 89f23b6efef554766177bf51aa754bce14c3e7da Author: Yu Zhao Date: Mon Jan 7 15:51:14 2019 -0700 drm/amdgpu: validate user pitch alignment Userspace may request pitch alignment that is not supported by GPU. Some requests 32, but GPU ignores it and uses default 64 when cpp is 4. If GEM object is allocated based on the smaller alignment, GPU DMA will go out of bound. Cc: stable@vger.kernel.org # v4.2+ Reviewed-by: Michel Dänzer Signed-off-by: Yu Zhao Signed-off-by: Alex Deucher commit fadcb8f9fc89f7b517ce48f30e0b607b16d99d63 Author: Evan Quan Date: Tue Jan 8 12:22:24 2019 +0800 drm/amd/powerplay: drop the unnecessary uclk hard min setting Since soft min setting is enough. Hard min setting is redundant. Reported-by: Likun Gao Signed-off-by: Evan Quan Acked-by: Alex Deucher Reviewed-by: Likun Gao Signed-off-by: Alex Deucher commit fff0d3f7686942bd544b53a48d1b76bd62c46946 Author: Evan Quan Date: Tue Jan 8 10:33:35 2019 +0800 drm/amd/powerplay: avoid possible buffer overflow Make sure the clock level enforced is within the allowed ranges. Signed-off-by: Evan Quan Reviewed-by: Alex Deucher Reviewed-by: Likun Gao Signed-off-by: Alex Deucher commit 0624e145fb2ba87c752bec355af12f43cb52cd68 Author: Evan Quan Date: Mon Jan 7 18:56:14 2019 +0800 drm/amd/powerplay: create pp_od_clk_voltage device file under OD support Since pp_od_clk_voltage device file is for OD related sysfs operations. Signed-off-by: Evan Quan Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher commit a0071840d2040ea1b27e5a008182b09b88defc15 Author: Bryan Whitehead Date: Mon Jan 7 14:00:09 2019 -0500 lan743x: Remove phy_read from link status change function It has been noticed that some phys do not have the registers required by the previous implementation. To fix this, instead of using phy_read, the required information is extracted from the phy_device structure. fixes: 23f0703c125b ("lan743x: Add main source files for new lan743x driver") Signed-off-by: Bryan Whitehead Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller commit 8139d493daf1ef19d34192f95e92e19dc19b648a Author: Evan Quan Date: Mon Jan 7 18:38:30 2019 +0800 drm/amd/powerplay: update OD support flag for SKU with no OD capabilities For those ASICs with no overdrive capabilities, the OD support flag will be reset. Signed-off-by: Evan Quan Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher commit b7ea4894aa867aaf1c31bfb4b00a3c3e38eedf95 Author: Eugene Syromiatnikov Date: Mon Jan 7 16:22:38 2019 +0100 ptp: uapi: change _IOW to IOWR in PTP_SYS_OFFSET_EXTENDED definition The ioctl command is read/write (or just read, if the fact that user space writes n_samples field is ignored). Signed-off-by: Eugene Syromiatnikov Signed-off-by: David S. Miller commit 895ac1376d5abcb94ca1b70a595579f253237790 Author: Eugene Syromiatnikov Date: Mon Jan 7 16:22:29 2019 +0100 ptp: check that rsv field is zero in struct ptp_sys_offset_extended Otherwise it is impossible to use it for something else, as it will break userspace that puts garbage there. The same check should be done in other structures, but the fact that data in reserved fields is ignored is already part of the kernel ABI. Signed-off-by: Eugene Syromiatnikov Signed-off-by: David S. Miller commit 6a829eb8619fbdde6d7d627ad582fe119805f39d Author: Trond Myklebust Date: Thu Jan 3 09:04:45 2019 -0500 SUNRPC: Fix TCP receive code on archs with flush_dcache_page() After receiving data into the page cache, we need to call flush_dcache_page() for the architectures that define it. Fixes: 277e4ab7d530b ("SUNRPC: Simplify TCP receive code by switching...") Reported-by: Geert Uytterhoeven Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v4.20 Tested-by: Geert Uytterhoeven Signed-off-by: Anna Schumaker commit 7b55851367136b1efd84d98fea81ba57a98304cf Author: David Herrmann Date: Tue Jan 8 13:58:52 2019 +0100 fork: record start_time late This changes the fork(2) syscall to record the process start_time after initializing the basic task structure but still before making the new process visible to user-space. Technically, we could record the start_time anytime during fork(2). But this might lead to scenarios where a start_time is recorded long before a process becomes visible to user-space. For instance, with userfaultfd(2) and TLS, user-space can delay the execution of fork(2) for an indefinite amount of time (and will, if this causes network access, or similar). By recording the start_time late, it much closer reflects the point in time where the process becomes live and can be observed by other processes. Lastly, this makes it much harder for user-space to predict and control the start_time they get assigned. Previously, user-space could fork a process and stall it in copy_thread_tls() before its pid is allocated, but after its start_time is recorded. This can be misused to later-on cycle through PIDs and resume the stalled fork(2) yielding a process that has the same pid and start_time as a process that existed before. This can be used to circumvent security systems that identify processes by their pid+start_time combination. Even though user-space was always aware that start_time recording is flaky (but several projects are known to still rely on start_time-based identification), changing the start_time to be recorded late will help mitigate existing attacks and make it much harder for user-space to control the start_time a process gets assigned. Reported-by: Jann Horn Signed-off-by: Tom Gundersen Signed-off-by: David Herrmann Signed-off-by: Linus Torvalds commit ee412f14693a3fe2645b3528603dfd37dd05118a Author: Arnaldo Carvalho de Melo Date: Tue Jan 8 13:53:23 2019 -0300 tools include uapi: Sync linux/vhost.h with the kernel sources To get the changes in: 4b86713236e4 ("vhost: split structs into a separate header file") Silencing this perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/vhost.h' differs from latest version at 'include/uapi/linux/vhost.h' diff -u tools/include/uapi/linux/vhost.h include/uapi/linux/vhost.h Those didn't touch things used in tools, i.e. the following continues working: $ tools/perf/trace/beauty/vhost_virtio_ioctl.sh static const char *vhost_virtio_ioctl_cmds[] = { [0x00] = "SET_FEATURES", [0x01] = "SET_OWNER", [0x02] = "RESET_OWNER", [0x03] = "SET_MEM_TABLE", [0x04] = "SET_LOG_BASE", [0x07] = "SET_LOG_FD", [0x10] = "SET_VRING_NUM", [0x11] = "SET_VRING_ADDR", [0x12] = "SET_VRING_BASE", [0x13] = "SET_VRING_ENDIAN", [0x14] = "GET_VRING_ENDIAN", [0x20] = "SET_VRING_KICK", [0x21] = "SET_VRING_CALL", [0x22] = "SET_VRING_ERR", [0x23] = "SET_VRING_BUSYLOOP_TIMEOUT", [0x24] = "GET_VRING_BUSYLOOP_TIMEOUT", [0x25] = "SET_BACKEND_FEATURES", [0x30] = "NET_SET_BACKEND", [0x40] = "SCSI_SET_ENDPOINT", [0x41] = "SCSI_CLEAR_ENDPOINT", [0x42] = "SCSI_GET_ABI_VERSION", [0x43] = "SCSI_SET_EVENTS_MISSED", [0x44] = "SCSI_GET_EVENTS_MISSED", [0x60] = "VSOCK_SET_GUEST_CID", [0x61] = "VSOCK_SET_RUNNING", }; static const char *vhost_virtio_ioctl_read_cmds[] = { [0x00] = "GET_FEATURES", [0x12] = "GET_VRING_BASE", [0x26] = "GET_BACKEND_FEATURES", }; $ At some point in the eBPFication of perf, using something like: # perf trace -e ioctl(cmd=VHOST_VRING*) Will setup a BPF filter right at the raw_syscalls:sys_enter tracepoint, i.e. filtering at the origin. Cc: Adrian Hunter Cc: Jiri Olsa Cc: Luis Cláudio Gonçalves Cc: Michael S. Tsirkin Cc: Namhyung Kim Cc: Paolo Bonzini Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-g28usrt7l59lwq3wuh8vzbig@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit fdc42ca190c7d8976f4f9240752f0bd008270b72 Author: Arnaldo Carvalho de Melo Date: Tue Jan 8 13:48:14 2019 -0300 tools include uapi: Sync linux/fs.h copy with the kernel sources To get the changes in: e262e32d6bde ("vfs: Suppress MS_* flag defs within the kernel unless explicitly enabled") That made the mount flags string table generator to switch to using mount.h instead. This silences the following perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/fs.h' differs from latest version at 'include/uapi/linux/fs.h' diff -u tools/include/uapi/linux/fs.h include/uapi/linux/fs.h Cc: Adrian Hunter Cc: David Howells Cc: Jiri Olsa Cc: Luis Cláudio Gonçalves Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-mosz81pa6iwxko4p2owbm3ss@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 1c23397d2a6a077ab32f01c01406c2fe61b7b3a4 Author: Arnaldo Carvalho de Melo Date: Tue Jan 8 13:46:43 2019 -0300 perf beauty: Switch from using uapi/linux/fs.h to uapi/linux/mount.h As now we'll update our fs.h copy and what tools/perf/trace/beauty/mount_flags.sh needs just got moved to mount.h, use that instead. Cc: Adrian Hunter Cc: David Howells Cc: Jiri Olsa Cc: Luis Cláudio Gonçalves Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-ls19h376xukeouxrw9dswkcn@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 250bfc87ddc427fa001bbc8bc1468ce5fc06645b Author: Arnaldo Carvalho de Melo Date: Tue Jan 8 13:42:37 2019 -0300 tools include uapi: Grab a copy of linux/mount.h We were using a copy of uapi/linux/fs.h to create the mount syscall 'flags' string table to use in 'perf trace', to convert from the number obtained via the raw_syscalls:sys_enter into a string, using tools/perf/trace/beauty/mount_flags.sh, but in e262e32d6bde ("vfs: Suppress MS_* flag defs within the kernel unless explicitly enabled") those defines got moved to linux/mount.h, so grab a copy of mount.h too. Keep the uapi/linux/fs.h as we'll use it for the SEEK_ constants. Cc: Adrian Hunter Cc: David Howells Cc: Jiri Olsa Cc: Luis Cláudio Gonçalves Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-i2ricmpwpdrpukfq3298jr1z@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 6e17f58c486d9554341f70aa5b63b8fbed07b3fa Author: Dan Carpenter Date: Sat Jan 5 16:06:48 2019 +0300 xprtrdma: Double free in rpcrdma_sendctxs_create() The clean up is handled by the caller, rpcrdma_buffer_create(), so this call to rpcrdma_sendctxs_destroy() leads to a double free. Fixes: ae72950abf99 ("xprtrdma: Add data structure to manage RDMA Send arguments") Signed-off-by: Dan Carpenter Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker commit 4429b668e0375206408617d6440e3bb76c56c7d2 Author: Dan Carpenter Date: Sat Jan 5 16:06:07 2019 +0300 xprtrdma: Fix error code in rpcrdma_buffer_create() This should return -ENOMEM if __alloc_workqueue_key() fails, but it returns success. Fixes: 6d2d0ee27c7a ("xprtrdma: Replace rpcrdma_receive_wq with a per-xprt workqueue") Signed-off-by: Dan Carpenter Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker commit 58fec830fc19208354895d9832785505046d6c01 Author: Alex Williamson Date: Mon Jan 7 22:13:22 2019 -0700 vfio/type1: Fix unmap overflow off-by-one The below referenced commit adds a test for integer overflow, but in doing so prevents the unmap ioctl from ever including the last page of the address space. Subtract one to compare to the last address of the unmap to avoid the overflow and wrap-around. Fixes: 71a7d3d78e3c ("vfio/type1: silence integer overflow warning") Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291 Cc: stable@vger.kernel.org # v4.15+ Reported-by: Pei Zhang Debugged-by: Peter Xu Reviewed-by: Dan Carpenter Reviewed-by: Peter Xu Tested-by: Peter Xu Reviewed-by: Cornelia Huck Signed-off-by: Alex Williamson commit f2e14cd2c93699aa0aeaa8240457ab359f1258ff Author: Arnaldo Carvalho de Melo Date: Tue Jan 8 10:56:59 2019 -0300 perf top: Lift restriction on using callchains without "sym" in --sort This restriction is not present in 'perf report' and since 'perf top' uses the same hists browser, remove it from it as well. With this we create per event buckets with callchain trees, so that # perf top --sort dso -g --no-children Bucketizes samples by DSO and below it shows the callchains leading to functions in this DSO. Try also: # perf top -e sched:*switch -g --no-children To see the callchains leading to sched switches, pressing 'E' to expand all one can quickly see the most common scheduler switches and what leads to them, for instance, calls to IO, futexes, etc. Acked-by: Namhyung Kim Cc: Adrian Hunter Cc: Jiri Olsa Link: https://lkml.kernel.org/r/20190107140854.GA28965@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 9231967e2f515fce9e19687c0c40dfda416b3512 Author: Tzvetomir Stoyanov Date: Fri Nov 30 23:08:13 2018 -0500 tools lib traceevent: Remove tep_data_event_from_type() API In order to make libtraceevent into a proper library, its API should be straightforward. After discussion with Steven Rostedt, we decided to remove the tep_data_event_from_type() API and to replace it with tep_find_event(), as it does the same. Signed-off-by: Tzvetomir Stoyanov Cc: Andrew Morton Cc: Jiri Olsa Cc: Namhyung Kim Link: http://lkml.kernel.org/r/20181201040852.913841066@goodmis.org Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Arnaldo Carvalho de Melo commit 4104e604277016b3e6a7d120368054f9d2716953 Author: Tzvetomir Stoyanov Date: Fri Nov 30 23:08:12 2018 -0500 tools lib traceevent: Rename tep_is_file_bigendian() to tep_file_bigendian() In order to make libtraceevent into a proper library, its API should be straightforward. After a discussion with Steven Rostedt, we decided to rename a few APIs, to have more intuitive names. This patch renames tep_is_file_bigendian() to tep_file_bigendian(). Signed-off-by: Tzvetomir Stoyanov Cc: Andrew Morton Cc: Jiri Olsa Cc: Namhyung Kim Link: http://lkml.kernel.org/r/20181201040852.767549746@goodmis.org Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Arnaldo Carvalho de Melo commit f87ce7c43f36d4abff91b19edadd23939f99ff98 Author: Tzvetomir Stoyanov Date: Fri Nov 30 23:08:11 2018 -0500 tools lib traceevent: Changed return logic of tep_register_event_handler() API In order to make libtraceevent into a proper library, its API should be straightforward. The tep_register_event_handler() functions returns -1 in case it successfully registers the new event handler. Such return code is used by the other library APIs in case of an error. To unify the return logic of tep_register_event_handler() with the other APIs, this patch introduces enum tep_reg_handler, which is used by this function as return value, to handle all possible successful return cases. Signed-off-by: Tzvetomir Stoyanov Cc: Andrew Morton Cc: Jiri Olsa Cc: Namhyung Kim Link: http://lkml.kernel.org/r/20181201040852.628034497@goodmis.org Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Arnaldo Carvalho de Melo commit 6d2d6fd7e3ee0daf0d8308741792b3ec41aafd0c Author: Tzvetomir Stoyanov Date: Fri Nov 30 23:08:10 2018 -0500 tools lib traceevent: Changed return logic of trace_seq_printf() and trace_seq_vprintf() APIs In order to make libtraceevent into a proper library, its API should be straightforward. The trace_seq_printf() and trace_seq_vprintf() APIs have inconsistent returned values with the other trace_seq_* APIs. This path changes the return logic of trace_seq_printf() and trace_seq_vprintf() to return the number of printed characters, as the other trace_seq_* related APIs. Signed-off-by: Tzvetomir Stoyanov Cc: Andrew Morton Cc: Jiri Olsa Cc: Namhyung Kim Link: http://lkml.kernel.org/r/20181201040852.485792891@goodmis.org Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Arnaldo Carvalho de Melo commit 2e4318a287bdf815140462257ab8697f5289a12f Author: Tzvetomir Stoyanov Date: Fri Nov 30 23:08:09 2018 -0500 tools lib traceevent: Rename struct cmdline to struct tep_cmdline In order to make libtraceevent a proper library, variables, data structures and functions should have a unique prefix to prevent name space conflicts. That prefix will be "tep_". This patch renames 'struct cmdline' to 'struct tep_cmdline'. Signed-off-by: Tzvetomir Stoyanov Cc: Andrew Morton Cc: Jiri Olsa Cc: Namhyung Kim Link: http://lkml.kernel.org/r/20181201040852.358871851@goodmis.org Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Arnaldo Carvalho de Melo commit eed14f4b075ec594ac09921b998bf3dd61f5886b Author: Tzvetomir Stoyanov Date: Fri Nov 30 23:08:08 2018 -0500 tools lib traceevent: Initialize host_bigendian at tep_handle allocation This patch initializes the host_bigendian member of the tep_handle structure with the byte order of the current host, when this handler is created - in tep_alloc() API. We need this in order to remove the tep_set_host_bigendian() API. Signed-off-by: Tzvetomir Stoyanov Cc: Andrew Morton Cc: Jiri Olsa Cc: Namhyung Kim Link: http://lkml.kernel.org/r/20181201040852.216292134@goodmis.org Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Arnaldo Carvalho de Melo commit ca3958b1c0968a6f3105e211355f128ce871e796 Author: Tzvetomir Stoyanov Date: Fri Nov 30 10:44:11 2018 -0500 tools lib traceevent: Introduce new libtracevent API: tep_override_comm() This patch adds a new API of tracevent library: tep_override_comm() It registers a pid / command mapping. If a mapping with the same pid already exists, the entry is updated with the new command. Signed-off-by: Tzvetomir Stoyanov Cc: Andrew Morton Cc: Jiri Olsa Cc: Namhyung Kim Link: http://lkml.kernel.org/r/20181130154648.038915912@goodmis.org Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Arnaldo Carvalho de Melo commit 21327c7843e9169d5e2e527713e60e6c9842a56c Author: Florian Fainelli Date: Thu Dec 20 19:43:37 2018 -0800 perf tests: Add a test for the ARM 32-bit [vectors] page perf on ARM requires CONFIG_KUSER_HELPERS to be turned on to allow some independance with respect to the ARM CPU being used. Add a test which tries to locate the [vectors] page, created when CONFIG_KUSER_HELPERS is turned on to help asses the system's health. Signed-off-by: Florian Fainelli Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Chris Healy Cc: Greg Kroah-Hartman Cc: Kim Phillips Cc: Lucas Stach Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Ravi Bangoria Cc: Russell King Cc: Thomas Gleixner Cc: Thomas Richter Link: http://lkml.kernel.org/r/20181221034337.26663-3-f.fainelli@gmail.com Signed-off-by: Arnaldo Carvalho de Melo commit 011532379b7c2de6757e129037bdfc8d704bce23 Author: Florian Fainelli Date: Thu Dec 20 19:43:36 2018 -0800 perf tools: Make find_vdso_map() more modular In preparation for checking that the vectors page on the ARM architecture, refactor the find_vdso_map() function to accept finding an arbitrary string and create a dedicated helper function for that under util/find-map.c and update the filename to find-map.c and all references to it: perf-read-vdso.c and util/vdso.c. Signed-off-by: Florian Fainelli Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Chris Healy Cc: Greg Kroah-Hartman Cc: Kim Phillips Cc: Lucas Stach Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Ravi Bangoria Cc: Russell King Cc: Thomas Gleixner Cc: Thomas Richter Link: http://lkml.kernel.org/r/20181221034337.26663-2-f.fainelli@gmail.com Signed-off-by: Arnaldo Carvalho de Melo commit ac6e022cbfdce215ad545e91d9827060855da3d7 Author: Arnaldo Carvalho de Melo Date: Mon Jan 7 16:54:38 2019 -0300 perf trace: Fix alignment for [continued] lines We were not taking into account the "... [continued]" printed characters, fix it. Cc: Adrian Hunter Cc: Jiri Olsa Cc: Luis Cláudio Gonçalves Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-qt20y0acmf8k0bzisce8kw95@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 172bf02d564bdb6df8410f64720fa2c68e755d1a Author: Arnaldo Carvalho de Melo Date: Mon Jan 7 16:24:27 2019 -0300 perf trace: Fix ')' placement in "interrupted" syscall lines When we get the sys_enter for a syscall we check if the last one is still waiting for its matching sys_exit, if so we print this: 468.753 ( ): firefox/32382 poll(ufds: 0x7f3988d3dd00, nfds: 7, timeout_msecs: 4294967295) ... 449.575 ( 0.004 ms): Softwar~cThrea/32434 futex(uaddr: 0x7f39a18a9b70, op: WAKE|PRIVATE_FLAG, val: 1) = 0 At some point we'll get that poll sys_exit event and will print a "[continued]" line. While making the sizing of the alignment after the syscall arg list and its result configurable, so that we can mimic strace, which uses a smaller alingment by default, a bug was introduced where the closing parens appeared before the syscall name and its arg list, fix it. Fixes: 4b8a240ed5e0 ("perf trace: Add alignment spaces after the closing parens") Cc: Adrian Hunter Cc: Jiri Olsa Cc: Luis Cláudio Gonçalves Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-oi45i54s59h1w1kmgpzrfuum@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 56752b21755aef598709d143684cb363db98a7d2 Author: Guo Ren Date: Tue Jan 8 20:49:24 2019 +0800 irqchip/csky: fixup handle_irq_perbit break irq The handle_irq_perbit function loop every bit in hwirq local variable. handle_irq_perbit(hwirq) { for_everyt_bit_in(hwirq) { handle_domain_irq() ->irq_exit() ->invoke_softirq() ->__do_softirq() ->local_irq_enable() // Here will cause new interrupt. } } When new interrupt coming at local_irq_enable, it will finish another interrupt handler and pull down the interrupt source. But hwirq is the local variable for handle_irq_perbit(), it can't get new interrupt controller pending reg status. So we need update hwirq with pending reg in every loop. Also change write_relax to writel could prevent stw from fast retire. When local_irq is enabled, intc regs is really set-in. Signed-off-by: Guo Ren Cc: Lu Baoquan commit 2a60aa14a9a0333b3eef58150bc1ef654f7321ef Author: Guo Ren Date: Tue Jan 8 20:31:43 2019 +0800 csky: fixup compile error with pte_alloc Commit: 4cf58924951e remove the address argument of pte_alloc without modify csky related code. linux-5.0-rc1 compile failed with csky. Remove the unnecessary address testing in pte_alloc(). Signed-off-by: Guo Ren Cc: Joel Fernandes (Google) Cc: Guenter Roeck Cc: Arnd Bergmann Cc: Linus Torvalds commit d1fc1176c055c9ec9c6ec4d113a284e0bad9d09a Author: Masahiro Yamada Date: Tue Jan 8 12:08:03 2019 +0900 vfio/pci: set TRACE_INCLUDE_PATH to fix the build error drivers/vfio/pci/vfio_pci_nvlink2.c cannot be compiled for in-tree building. CC drivers/vfio/pci/vfio_pci_nvlink2.o In file included from drivers/vfio/pci/trace.h:102, from drivers/vfio/pci/vfio_pci_nvlink2.c:29: ./include/trace/define_trace.h:89:42: fatal error: ./trace.h: No such file or directory #include TRACE_INCLUDE(TRACE_INCLUDE_FILE) ^ compilation terminated. make[1]: *** [scripts/Makefile.build;277: drivers/vfio/pci/vfio_pci_nvlink2.o] Error 1 To fix the build error, let's tell include/trace/define_trace.h the location of drivers/vfio/pci/trace.h Fixes: 7f92891778df ("vfio_pci: Add NVIDIA GV100GL [Tesla V100 SXM2] subdriver") Reported-by: Laura Abbott Signed-off-by: Masahiro Yamada Reviewed-by: Cornelia Huck Signed-off-by: Alex Williamson commit d3a28a53630e1ca10f59562ef560e3f70785cb09 Author: Hauke Mehrtens Date: Sun Jan 6 19:50:37 2019 +0100 serial: lantiq: Do not swap register read/writes The ltq_r32() and ltq_w32() macros use the __raw_readl() and __raw_writel() functions which do not swap the value to little endian. On the big endian vrx200 SoC the UART is operated in big endian IO mode, the readl() and write() functions convert the value to little endian first and then the driver does not work any more on this SoC. Currently the vrx200 SoC selects the CONFIG_SWAP_IO_SPACE option, without this option the serial driver would work, but PCI devices do not work any more. This patch makes the driver use the __raw_readl() and __raw_writel() functions which do not swap the endianness. On big endian system it is assumed that the device should be access in big endian IO mode and on a little endian system it would be access in little endian mode. Fixes: 89b8bd2082bb ("serial: lantiq: Use readl/writel instead of ltq_r32/ltq_w32") Signed-off-by: Hauke Mehrtens Acked-by: John Crispin Signed-off-by: Greg Kroah-Hartman commit b9fcb0e6b7052b7e2d18fed1d673f8247060c32c Author: David Brown Date: Mon Jan 7 12:15:03 2019 -0700 usb: storage: Remove outdated URL from MAINTAINERS This website hasn't worked for quite some time. Signed-off-by: David Brown Cc: Matt Dharm Signed-off-by: Greg Kroah-Hartman commit 96354ad79e2e59f9d620669c8e1ac2452440c260 Author: Guo Ren Date: Tue Jan 8 20:17:49 2019 +0800 csky: fixup CACHEV1 store instruction fast retire For I/O access, 810/807 store instruction fast retire will cause wrong primitive. For example: stw (clear interrupt source) stw (unmask interrupt controller) enable interrupt stw is fast retire instruction. When PC is run at enable interrupt stage, the clear interrupt source hasn't finished. It will cause another wrong irq-enter. So use mb() to prevent above. Signed-off-by: Guo Ren Cc: Lu Baoquan commit 64598e8b6fdaf28e37c3530f8b95a9f8ef6af131 Merge: 3bd6e94bec122 03fa483821c0b Author: Ingo Molnar Date: Tue Jan 8 16:31:19 2019 +0100 Merge tag 'perf-core-for-mingo-4.21-20190104' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo: perf annotate: Ivan Krylov: - Pass filename to objdump via execl, fixing usage with filenames with special characters. perf report: Jin Yao: Fix wrong iteration count in --branch-history perf stat: Jin Yao: - Fix endless wait for child process perf test: Arnaldo Carvalho de Melo: - Use a fallback to get the pathname in vfs_getname in tools build: Jiri Olsa: - Allow overriding CFLAGS assignments. Misc: Arnaldo Carvalho de Melo: - Syncronize UAPI headers Mattias Jacobsson: - Remove redundant va_end() in strbuf_addv() Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit a3869d43c9800cf39496615361c83635fa3e7c82 Author: Corentin Labbe Date: Mon Jan 7 17:22:23 2019 +0000 PCI: amlogic: Fix build failure due to missing gpio header Building the driver when GPIOLIB=n is not selected is causing the following compilation failure: drivers/pci/controller/dwc/pci-meson.c: In function 'meson_pcie_assert_reset': drivers/pci/controller/dwc/pci-meson.c:290:2: error: implicit declaration of function 'gpiod_set_value_cansleep'; did you mean 'gpio_set_value_cansleep'? [-Werror=implicit-function-declaration] gpiod_set_value_cansleep(mp->reset_gpio, 0); ^~~~~~~~~~~~~~~~~~~~~~~~ gpio_set_value_cansleep drivers/pci/controller/dwc/pci-meson.c: In function 'meson_pcie_probe': drivers/pci/controller/dwc/pci-meson.c:540:19: error: implicit declaration of function 'devm_gpiod_get'; did you mean 'devm_gpio_free'? [-Werror=implicit-function-declaration] mp->reset_gpio = devm_gpiod_get(dev, "reset", GPIOD_OUT_LOW); ^~~~~~~~~~~~~~ devm_gpio_free drivers/pci/controller/dwc/pci-meson.c:540:48: error: 'GPIOD_OUT_LOW' undeclared (first use in this function); did you mean 'GPIOF_INIT_LOW'? mp->reset_gpio = devm_gpiod_get(dev, "reset", GPIOD_OUT_LOW); ^~~~~~~~~~~~~ GPIOF_INIT_LOW Add the missing linux/gpio/consumer.h header to fix it. Fixes: 9c0ef6d34fdb ("PCI: amlogic: Add the Amlogic Meson PCIe controller driver") Signed-off-by: Corentin Labbe [lorenzo.pieralisi@arm.com: commit log] Signed-off-by: Lorenzo Pieralisi Signed-off-by: Bjorn Helgaas commit 735df0ff6ece7b8759a744158f5d246fae4739f4 Author: Greg Kroah-Hartman Date: Fri Dec 21 08:54:40 2018 +0100 Documentation: driver core: remove use of BUS_ATTR We are getting rid of the "raw" BUS_ATTR() macro, so fix up the documentation to not refer to it anymore. Cc: "Rafael J. Wysocki" Signed-off-by: Greg Kroah-Hartman commit dfd32cad146e3624970eee9329e99d2c6ef751b3 Author: Luis Chamberlain Date: Wed Dec 19 12:30:34 2018 -0800 dma-mapping: remove dma_zalloc_coherent() dma_zalloc_coherent() is no longer needed as it has no users because dma_alloc_coherent() already zeroes out memory for us. The Coccinelle grammar rule that used to check for dma_alloc_coherent() + memset() is modified so that it just tells the user that the memset is not needed anymore. Suggested-by: Christoph Hellwig Signed-off-by: Luis Chamberlain Signed-off-by: Christoph Hellwig commit 07a85fe14254e01bcf37f4d2e0a13f093378620b Author: Luis Chamberlain Date: Wed Dec 19 12:24:08 2018 -0800 cross-tree: phase out dma_zalloc_coherent() on headers The last few stragglers coccinelle doesn't pick up are on driver specific header files. Phase those out as well as dma_alloc_coherent() zeroes out the memory as well now too. Suggested-by: Christoph Hellwig Signed-off-by: Luis Chamberlain Signed-off-by: Christoph Hellwig commit 750afb08ca71310fcf0c4e2cb1565c63b8235b60 Author: Luis Chamberlain Date: Fri Jan 4 09:23:09 2019 +0100 cross-tree: phase out dma_zalloc_coherent() We already need to zero out memory for dma_alloc_coherent(), as such using dma_zalloc_coherent() is superflous. Phase it out. This change was generated with the following Coccinelle SmPL patch: @ replace_dma_zalloc_coherent @ expression dev, size, data, handle, flags; @@ -dma_zalloc_coherent(dev, size, handle, flags) +dma_alloc_coherent(dev, size, handle, flags) Suggested-by: Christoph Hellwig Signed-off-by: Luis Chamberlain [hch: re-ran the script on the latest tree] Signed-off-by: Christoph Hellwig commit f553aa1c13cbc29aaf420349a28fc33ca98440e5 Author: Guo Ren Date: Tue Jan 8 19:52:22 2019 +0800 csky: fixup relocation error with 807 & 860 810 doesn't support jsri instruction and csky-as will leave jsri + nop for relocation. Module-probe need replace them with lrw + jsr. Signed-off-by: Guo Ren Cc: Hui Kai commit 81d9bdf59092e4755fc4307c93c4589ef0fe2e0f Author: Christian Lamparter Date: Sun Dec 23 01:31:26 2018 +0100 mtd: rawnand: qcom: fix memory corruption that causes panic This patch fixes a memory corruption that occurred in the qcom-nandc driver since it was converted to nand_scan(). On boot, an affected device will panic from a NPE at a weird place: | Unable to handle kernel NULL pointer dereference at virtual address 0 | pgd = (ptrval) | [00000000] *pgd=00000000 | Internal error: Oops: 80000005 [#1] SMP ARM | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.9 #0 | Hardware name: Generic DT based system | PC is at (null) | LR is at nand_block_isbad+0x90/0xa4 | pc : [<00000000>] lr : [] psr: 80000013 | sp : cf839d40 ip : 00000000 fp : cfae9e20 | r10: cf815810 r9 : 00000000 r8 : 00000000 | r7 : 00000000 r6 : 00000000 r5 : 00000001 r4 : cf815810 | r3 : 00000000 r2 : cfae9810 r1 : ffffffff r0 : cf815810 | Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none | Control: 10c5387d Table: 8020406a DAC: 00000051 | Process swapper/0 (pid: 1, stack limit = 0x(ptrval)) | [] (nand_block_isbad) from [] | [] (allocate_partition) from [] | [] (add_mtd_partitions) from [] | [] (parse_mtd_partitions) from [] | [] (mtd_device_parse_register) from [] | [] (qcom_nandc_probe) from [] The problem is that the nand_scan()'s qcom_nand_attach_chip callback is updating the nandc->max_cwperpage from 1 to 4. This causes the sg_init_table of clear_bam_transaction() in the driver's qcom_nandc_block_bad() to memset much more than what was initially allocated by alloc_bam_transaction(). This patch restores the old behavior by reallocating the shared bam transaction alloc_bam_transaction() after the chip was identified, but before mtd_device_parse_register() (which is an alias for mtd_device_register() - see panic) gets called. This fixes the corruption and the driver is working again. Cc: stable@vger.kernel.org Fixes: 6a3cec64f18c ("mtd: rawnand: qcom: convert driver to nand_scan()") Signed-off-by: Christian Lamparter Acked-by: Miquel Raynal Signed-off-by: Boris Brezillon commit 2f66196208c98b3d1b4294edffb2c5a8197be899 Author: Sudeep Holla Date: Mon Jan 7 18:51:53 2019 +0000 cpufreq: check if policy is inactive early in __cpufreq_get() cpuinfo_cur_freq gets current CPU frequency as detected by hardware while scaling_cur_freq last known CPU frequency. Some platforms may not allow checking the CPU frequency of an offline CPU or the associated resources may have been released via cpufreq_exit when the CPU gets offlined, in which case the policy would have been invalidated already. If we attempt to get current frequency from the hardware, it may result in hang or crash. For example on Juno, I see: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000188 [0000000000000188] pgd=0000000000000000 Internal error: Oops: 96000004 [#1] PREEMPT SMP Modules linked in: CPU: 5 PID: 4202 Comm: cat Not tainted 4.20.0-08251-ga0f2c0318a15-dirty #87 Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform pstate: 40000005 (nZcv daif -PAN -UAO) pc : scmi_cpufreq_get_rate+0x34/0xb0 lr : scmi_cpufreq_get_rate+0x34/0xb0 Call trace: scmi_cpufreq_get_rate+0x34/0xb0 __cpufreq_get+0x34/0xc0 show_cpuinfo_cur_freq+0x24/0x78 show+0x40/0x60 sysfs_kf_seq_show+0xc0/0x148 kernfs_seq_show+0x44/0x50 seq_read+0xd4/0x480 kernfs_fop_read+0x15c/0x208 __vfs_read+0x60/0x188 vfs_read+0x94/0x150 ksys_read+0x6c/0xd8 __arm64_sys_read+0x24/0x30 el0_svc_common+0x78/0x100 el0_svc_handler+0x38/0x78 el0_svc+0x8/0xc ---[ end trace 3d1024e58f77f6b2 ]--- So fix the issue by checking if the policy is invalid early in __cpufreq_get before attempting to get the current frequency. Signed-off-by: Sudeep Holla Acked-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki commit 6529870cb0323823f49b3e95d1760383910f96cd Author: Madhavan Srinivasan Date: Sun Dec 9 14:55:36 2018 +0530 powerpc/perf: Update perf_regs structure to include MMCRA On each sample, Monitor Mode Control Register A (MMCRA) content is saved in pt_regs. MMCRA does not have a entry as-is in the pt_regs but instead, MMCRA content is saved in the "dsisr" register of pt_regs. Patch adds another entry to the perf_regs structure to include the "MMCRA" printing which internally maps to the "dsisr" of pt_regs. It also check for the MMCRA availability in the platform and present value accordingly mpe: This was the 2nd patch in a series with commit 333804dc3b7a ("powerpc/perf: Update perf_regs structure to include SIER") but I accidentally only merged the 1st patch, so merge this one now. Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman commit 1524f4e47f90b27a3ac84efbdd94c63172246a6f Author: Dan Carpenter Date: Tue Jan 8 10:43:30 2019 +0300 ALSA: cs46xx: Potential NULL dereference in probe The "chip->dsp_spos_instance" can be NULL on some of the ealier error paths in snd_cs46xx_create(). Reported-by: "Yavuz, Tuba" Signed-off-by: Dan Carpenter Cc: Signed-off-by: Takashi Iwai commit a77d1d196bc63b37d9b4d1b614884669e8e79d32 Author: Tycho Andersen Date: Mon Jan 7 16:16:31 2019 -0700 samples/seccomp: Fix 32-bit build Both the .o and the actual executable need to be built with -m32 in order to link correctly. Reported-by: Ingo Molnar Signed-off-by: Tycho Andersen Reviewed-by: Kees Cook Cc: Borislav Petkov Cc: James Morris Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: fec7b6690541 ("samples: add an example of seccomp user trap") Link: http://lkml.kernel.org/r/20190107231631.1849-1-tycho@tycho.ws Signed-off-by: Ingo Molnar commit b0407d820b65272fcaa77e0dd1347dc7678d23b8 Author: Gustavo A. R. Silva Date: Mon Jan 7 12:34:31 2019 -0600 hwmon: (occ) Fix potential integer overflow Cast get_unaligned_be32(...) to u64 in order to give the compiler complete information about the proper arithmetic to use and avoid a potential integer overflow. Notice that such function call is used in contexts that expect expressions of type u64 (64 bits, unsigned); and the following expressions are currently being evaluated using 32-bit arithmetic: val = get_unaligned_be32(&power->update_tag) * occ->powr_sample_time_us; val = get_unaligned_be32(&power->vdn.update_tag) * occ->powr_sample_time_us; Addresses-Coverity-ID: 1442357 ("Unintentional integer overflow") Addresses-Coverity-ID: 1442476 ("Unintentional integer overflow") Addresses-Coverity-ID: 1442508 ("Unintentional integer overflow") Fixes: ff692d80b2e2 ("hwmon (occ): Add sensor types and versions") Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Reviewed-by: Eddie James Signed-off-by: Guenter Roeck commit 977e4899c9b4bea787531b0837af5ed442e3118f Merge: 26d92e951fe0a 2dc0f02da14e1 Author: David S. Miller Date: Mon Jan 7 22:49:35 2019 -0500 Merge ra.kernel.org:/pub/scm/linux/kernel/git/bpf/bpf Daniel Borkmann says: ==================== pull-request: bpf 2019-01-08 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix BSD'ism in sendmsg(2) to rewrite unspecified IPv6 dst for unconnected UDP sockets with [::1] _after_ cgroup BPF invocation, from Andrey. 2) Follow-up fix to the speculation fix where we need to reject a corner case for sanitation when ptr and scalars are mixed in the same alu op. Also, some unrelated minor doc fixes, from Daniel. 3) Fix BPF kselftest's incorrect uses of create_and_get_cgroup() by not assuming fd of zero value to be the result of an error case, from Stanislav. ==================== Signed-off-by: David S. Miller commit 2dc0f02da14e19f510694f8d8bbcb0f2f63e0646 Merge: a8911d6d58785 80f21ff987eb3 Author: Alexei Starovoitov Date: Mon Jan 7 15:52:00 2019 -0800 Merge branch 'bpf-doc-updates' Daniel Borkmann says: ==================== Two trivial doc follow-ups to i) remove deprecated kern_version mentioning in the design qa and ii) to mention stand-alone build and license of libbpf. Thanks! ==================== Signed-off-by: Alexei Starovoitov commit 80f21ff987eb377140d27102285f8dd1167b335c Author: Daniel Borkmann Date: Mon Jan 7 22:57:18 2019 +0100 bpf, doc: add note for libbpf's stand-alone build Given this came up couple of times, add a note to libbpf's readme about the semi-automated mirror for a stand-alone build which is officially managed by BPF folks. While at it, also explicitly state the libbpf license in the readme file. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit a769fa7208b94f37b6240215dc6970f9d76fc58c Author: Daniel Borkmann Date: Mon Jan 7 22:57:17 2019 +0100 bpf, doc: update design qa to reflect kern_version requirement Update the bpf_design_QA.rst to also reflect recent changes in 6c4fc209fcf9 ("bpf: remove useless version check for prog load"). Suggested-by: Quentin Monnet Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit c64a2b0516a02361d8deb1f038647c29020d0852 Author: Souptick Joarder Date: Sat Jan 5 01:00:29 2019 +0530 ceph: use vmf_error() in ceph_filemap_fault() This code is converted to use vmf_error(). Signed-off-by: Souptick Joarder Reviewed-by: Ilya Dryomov Signed-off-by: Ilya Dryomov commit 02b2f549d502b46e68b97ea1452fb8853b3327dd Author: Dongsheng Yang Date: Tue Dec 18 04:31:48 2018 -0500 libceph: allow setting abort_on_full for rbd Introduce a new option abort_on_full, default to false. Then we can get -ENOSPC when the pool is full, or reaches quota. [ Don't show abort_on_full in /proc/mounts. ] Signed-off-by: Dongsheng Yang Reviewed-by: Ilya Dryomov Signed-off-by: Ilya Dryomov commit 565dc8a4f55e491935bfb04866068d21784ea9a4 Author: Alban Bedel Date: Mon Jan 7 20:45:15 2019 +0100 MIPS: ath79: Enable OF serial ports in the default config CONFIG_SERIAL_OF_PLATFORM is needed to get a working console on the OF boards, enable it in the default config to get a working setup out of the box. Signed-off-by: Alban Bedel Signed-off-by: Paul Burton Cc: linux-mips@vger.kernel.org Cc: Ralf Baechle Cc: James Hogan Cc: linux-kernel@vger.kernel.org commit 390d1b461eec4b15aed78df0ce72a5c4bc40d619 Author: Hauke Mehrtens Date: Sun Jan 6 19:44:12 2019 +0100 MIPS: lantiq: Use CP0_LEGACY_COMPARE_IRQ Instead of using the lantiq specific MIPS_CPU_TIMER_IRQ use the generic CP0_LEGACY_COMPARE_IRQ constant for the timer interrupt number. MIPS_CPU_TIMER_IRQ was already defined to 7 for both supported SoC families. Signed-off-by: Hauke Mehrtens Signed-off-by: Paul Burton Cc: jhogan@kernel.org Cc: ralf@linux-mips.org Cc: john@phrozen.org Cc: linux-mips@linux-mips.org Cc: linux-mips@vger.kernel.org commit 2b4dba55b04b212a7fd1f0395b41d79ee3a9801b Author: Hauke Mehrtens Date: Sun Jan 6 19:44:11 2019 +0100 MIPS: lantiq: Fix IPI interrupt handling This makes SMP on the vrx200 work again, by removing all the MIPS CPU interrupt specific code and making it fully use the generic MIPS CPU interrupt controller. The mti,cpu-interrupt-controller from irq-mips-cpu.c now handles the CPU interrupts and also the IPI interrupts which are used to communication between the CPUs in a SMP system. The generic interrupt code was already used before but the interrupt vectors were overwritten again when we called set_vi_handler() in the lantiq interrupt driver and we also provided our own plat_irq_dispatch() function which overwrote the weak generic implementation. Now the code uses the generic handler for the MIPS CPU interrupts including the IPI interrupts and registers a handler for the CPU interrupts which are handled by the lantiq ICU with irq_set_chained_handler() which was already called before. Calling the set_c0_status() function is also not needed any more because the generic MIPS CPU interrupt already activates the needed bits. Fixes: 1eed40043579 ("MIPS: smp-mt: Use CPU interrupt controller IPI IRQ domain support") Cc: stable@kernel.org # v4.12 Signed-off-by: Hauke Mehrtens Signed-off-by: Paul Burton Cc: jhogan@kernel.org Cc: ralf@linux-mips.org Cc: john@phrozen.org Cc: linux-mips@linux-mips.org Cc: linux-mips@vger.kernel.org commit a8911d6d5878587767a78c6bde371298ca2a3be3 Author: Stanislav Fomichev Date: Mon Jan 7 09:46:46 2019 -0800 selftests/bpf: fix incorrect users of create_and_get_cgroup We have some tests that assume create_and_get_cgroup returns -1 on error which is incorrect (it returns 0 on error). Since fd might be zero in general case, change create_and_get_cgroup to return -1 on error and fix the users that assume 0 on error. Fixes: f269099a7e7a ("tools/bpf: add a selftest for bpf_get_current_cgroup_id() helper") Fixes: 7d2c6cfc5411 ("bpf: use --cgroup in test_suite if supplied") v2: - instead of fixing the uses that assume -1 on error, convert the users that assume 0 on error (fd might be zero in general case) Signed-off-by: Stanislav Fomichev Signed-off-by: Alexei Starovoitov commit a9666c1cae8dbcd1a9aacd08a778bf2a28eea300 Author: Leon Romanovsky Date: Mon Dec 24 11:05:16 2018 +0200 RDMA/nldev: Don't expose unsafe global rkey to regular user Unsafe global rkey is considered dangerous because it exposes memory registered for all memory in the system. Only users with a QP on the same PD can use the rkey, and generally those QPs will already know the value. However, out of caution, do not expose the value to unprivleged users on the local system. Require CAP_NET_ADMIN instead. Cc: # 4.16 Fixes: 29cf1351d450 ("RDMA/nldev: provide detailed PD information") Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit 26d92e951fe0a44ee4aec157cabb65a818cc8151 Author: Cong Wang Date: Sat Jan 5 23:45:26 2019 -0800 smc: move unhash as early as possible in smc_release() In smc_release() we release smc->clcsock before unhash the smc sock, but a parallel smc_diag_dump() may be still reading smc->clcsock, therefore this could cause a use-after-free as reported by syzbot. Reported-and-tested-by: syzbot+fbd1e5476e4c94c7b34e@syzkaller.appspotmail.com Fixes: 51f1de79ad8e ("net/smc: replace sock_put worker by socket refcounting") Cc: Ursula Braun Signed-off-by: Cong Wang Reported-by: syzbot+0bf2e01269f1274b4b03@syzkaller.appspotmail.com Reported-by: syzbot+e3132895630f957306bc@syzkaller.appspotmail.com Signed-off-by: David S. Miller commit 7acf8b36a2ac6eb4fdc53c4d862570089e56c69e Author: Jason Gunthorpe Date: Mon Jan 7 17:54:14 2019 +0000 phy: ti: Fix compilation failures without REGMAP This driver requires regmap or the compile fails: drivers/phy/ti/phy-gmii-sel.c:43:27: error: array type has incomplete element type ‘struct reg_field’ const struct reg_field (*regfields)[PHY_GMII_SEL_LAST]; Add it to kconfig. Signed-off-by: Jason Gunthorpe Signed-off-by: David S. Miller commit f687ccea10d23a9b0faed67ceac535b76604669a Author: Gal Pressman Date: Mon Jan 7 13:36:56 2019 +0200 RDMA/uverbs: Fix post send success return value in case of error If get QP object fails 'ret' must be assigned with a proper error code. Fixes: 9a0738575f26 ("RDMA/uverbs: Use uverbs_response() for remaining response copying") Signed-off-by: Gal Pressman Signed-off-by: Jason Gunthorpe commit 6b68835b5af4feb2a3f31592a52a1a68d7c1b1f3 Author: Qian Cai Date: Mon Jan 7 16:42:07 2019 +0000 ACPI/IORT: Fix build when CONFIG_IOMMU_API=n Commit 8097e53eaba2 ("ACPI/IORT: Use helper functions to access dev->iommu_fwspec") changed by mistake the iort_fwspec_iommu_ops() stub definition (compiled in when CONFIG_IOMMU_API=n), that caused the following compilation failure: drivers/acpi/arm64/iort.c:880:1: error: expected identifier or '(' before '{' token { return NULL; } ^ drivers/acpi/arm64/iort.c:879:39: warning: 'iort_fwspec_iommu_ops' used but never defined static inline const struct iommu_ops *iort_fwspec_iommu_ops(struct device *dev); ^~~~~~~~~~~~~~~~~~~~~ Fix it. Fixes: 8097e53eaba2 ("ACPI/IORT: Use helper functions to access dev->iommu_fwspec") Signed-off-by: Qian Cai [lorenzo.pieralisi@arm.com: updated tags and log] Signed-off-by: Lorenzo Pieralisi Acked-by: Hanjun Guo Cc: Will Deacon Cc: Sudeep Holla Cc: Catalin Marinas Cc: Joerg Roedel Signed-off-by: Will Deacon commit 4c84edc11b76590859b1e45dd676074c59602dc4 Author: JianJhen Chen Date: Sun Jan 6 11:28:13 2019 +0800 net: bridge: fix a bug on using a neighbour cache entry without checking its state When handling DNAT'ed packets on a bridge device, the neighbour cache entry from lookup was used without checking its state. It means that a cache entry in the NUD_STALE state will be used directly instead of entering the NUD_DELAY state to confirm the reachability of the neighbor. This problem becomes worse after commit 2724680bceee ("neigh: Keep neighbour cache entries if number of them is small enough."), since all neighbour cache entries in the NUD_STALE state will be kept in the neighbour table as long as the number of cache entries does not exceed the value specified in gc_thresh1. This commit validates the state of a neighbour cache entry before using the entry. Signed-off-by: JianJhen Chen Reviewed-by: JinLin Chen Signed-off-by: David S. Miller commit 801009424e05cf110f016d7fac7fcf20ef94941a Merge: 2cffc9569050a 5aeb1b36cedd3 Author: Palmer Dabbelt Date: Mon Jan 7 08:45:47 2019 -0800 Fix a handful of audit-related issue This is sort of a mix between a new feature and a bug fix. I've managed to screw up merging this patch set a handful of times but I think it's OK this time around. The main new feature here is audit support for RISC-V, with some fixes to audit-related bugs that cropped up along the way: * The addition of NR_syscalls into unistd.h, which is necessary for CONFIG_FTRACE_SYSCALLS. * The definition of CREATE_TRACE_POINTS so __tracepoint_sys_{enter,exit} get defined. * A fix for trace_sys_exit() so we can enable CONFIG_HAVE_SYSCALL_TRACEPOINTS. commit f87d8ad9233f115db92c6c087d58403b0009ed36 Author: Gustavo A. R. Silva Date: Sat Jan 5 10:52:23 2019 -0600 tipc: fix memory leak in tipc_nl_compat_publ_dump There is a memory leak in case genlmsg_put fails. Fix this by freeing *args* before return. Addresses-Coverity-ID: 1476406 ("Resource leak") Fixes: 46273cf7e009 ("tipc: fix a missing check of genlmsg_put") Signed-off-by: Gustavo A. R. Silva Acked-by: Ying Xue Signed-off-by: David S. Miller commit a29c3c09bad18ac2c91dfdbcc892a7a37e407227 Author: Bjørn Mork Date: Sat Jan 5 14:32:39 2019 +0100 cdc_ether: trivial whitespace readability fix This function is unreadable enough without indenting mismatches and unnecessary line breaks. Signed-off-by: Bjørn Mork Signed-off-by: David S. Miller commit 3483254b89438e60f719937376c5e0ce2bc46761 Author: Jack Stocker Date: Thu Jan 3 21:56:53 2019 +0000 USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB To match the Corsair Strafe RGB, the Corsair K70 RGB also requires USB_QUIRK_DELAY_CTRL_MSG to completely resolve boot connection issues discussed here: https://github.com/ckb-next/ckb-next/issues/42. Otherwise roughly 1 in 10 boots the keyboard will fail to be detected. Patch that applied delay control quirk for Corsair Strafe RGB: cb88a0588717 ("usb: quirks: add control message delay for 1b1c:1b20") Previous K70 RGB patch to add delay-init quirk: 7a1646d92257 ("Add delay-init quirk for Corsair K70 RGB keyboards") Signed-off-by: Jack Stocker Cc: stable Signed-off-by: Greg Kroah-Hartman commit ff2a8c532c14fd22fb26a36574d9ff199afbbe54 Author: Saranya Gopal Date: Sun Jan 6 08:14:02 2019 +0530 usbcore: Select only first configuration for non-UAC3 compliant devices In most of the UAC1 and UAC2 audio devices, the first configuration is most often the best configuration. However, with recent patch to support UAC3 configuration, second configuration was unintentionally chosen for some of the UAC1/2 devices that had more than one configuration. This was because of the existing check after the audio config check which selected any config which had a non-vendor class. This patch fixes this issue. Fixes: f13912d3f014 ("usbcore: Select UAC3 configuration for audio if present") Reported-by: Con Kolivas Signed-off-by: Saranya Gopal Tested-by: Con Kolivas Cc: stable Signed-off-by: Greg Kroah-Hartman commit 0a99cc4b8ee83885ab9f097a3737d1ab28455ac0 Author: Icenowy Zheng Date: Thu Jan 3 11:26:18 2019 +0800 USB: storage: add quirk for SMI SM3350 The SMI SM3350 USB-UFS bridge controller cannot handle long sense request correctly and will make the chip refuse to do read/write when requested long sense. Add a bad sense quirk for it. Signed-off-by: Icenowy Zheng Cc: stable Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman commit c5603d2fdb424849360fe7e3f8c1befc97571b8c Author: Icenowy Zheng Date: Thu Jan 3 11:26:17 2019 +0800 USB: storage: don't insert sane sense for SPC3+ when bad sense specified Currently the code will set US_FL_SANE_SENSE flag unconditionally if device claims SPC3+, however we should allow US_FL_BAD_SENSE flag to prevent this behavior, because SMI SM3350 UFS-USB bridge controller, which claims SPC4, will show strange behavior with 96-byte sense (put the chip into a wrong state that cannot read/write anything). Check the presence of US_FL_BAD_SENSE when assuming US_FL_SANE_SENSE on SPC4+ devices. Signed-off-by: Icenowy Zheng Cc: stable Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman commit 34aabf918717dd14e05051896aaecd3b16b53d95 Author: Daniele Palmas Date: Fri Dec 28 16:15:41 2018 +0100 usb: cdc-acm: send ZLP for Telit 3G Intel based modems Telit 3G Intel based modems require zero packet to be sent if out data size is equal to the endpoint max packet size. Signed-off-by: Daniele Palmas Cc: stable Signed-off-by: Greg Kroah-Hartman commit 5aeb1b36cedd3a1dfdbfe368629fed52dee34103 Author: David Abdurachmanov Date: Thu Dec 6 16:26:35 2018 +0100 riscv: add HAVE_SYSCALL_TRACEPOINTS to Kconfig I looked into Documentation/trace/ftrace-design.rst and, I think, we check all the boxes needed for HAVE_SYSCALL_TRACEPOINTS. Signed-off-by: David Abdurachmanov Signed-off-by: Palmer Dabbelt commit 775800b0f1d7303d4fd8ce0e0d9eca4ff2f338f2 Author: David Abdurachmanov Date: Thu Dec 6 16:26:34 2018 +0100 riscv: fix trace_sys_exit hook Fix compilation error. Signed-off-by: David Abdurachmanov Signed-off-by: Palmer Dabbelt commit 008e901b70282183b52ee80d838d2994b2610231 Author: David Abdurachmanov Date: Mon Dec 10 21:43:55 2018 +0100 riscv: define CREATE_TRACE_POINTS in ptrace.c Define CREATE_TRACE_POINTS in order to create functions and structures for the trace events. This is needed if HAVE_SYSCALL_TRACEPOINTS and CONFIG_FTRACE_SYSCALLS are enabled, otherwise we get linking errors: [..] MODPOST vmlinux.o kernel/trace/trace_syscalls.o: In function `.L0 ': trace_syscalls.c:(.text+0x1152): undefined reference to `__tracepoint_sys_enter' trace_syscalls.c:(.text+0x126c): undefined reference to `__tracepoint_sys_enter' trace_syscalls.c:(.text+0x1328): undefined reference to `__tracepoint_sys_enter' trace_syscalls.c:(.text+0x14aa): undefined reference to `__tracepoint_sys_enter' trace_syscalls.c:(.text+0x1684): undefined reference to `__tracepoint_sys_exit' trace_syscalls.c:(.text+0x17a0): undefined reference to `__tracepoint_sys_exit' trace_syscalls.c:(.text+0x185c): undefined reference to `__tracepoint_sys_exit' trace_syscalls.c:(.text+0x19de): undefined reference to `__tracepoint_sys_exit' arch/riscv/kernel/ptrace.o: In function `.L0 ': ptrace.c:(.text+0x4dc): undefined reference to `__tracepoint_sys_enter' ptrace.c:(.text+0x632): undefined reference to `__tracepoint_sys_exit' make: *** [Makefile:1036: vmlinux] Error 1 Signed-off-by: David Abdurachmanov Fixes: b78002b395b4 ("riscv: add HAVE_SYSCALL_TRACEPOINTS to Kconfig") Signed-off-by: Palmer Dabbelt commit 45ef1aa8a0e3b0da449c619035b0841f28abca63 Author: David Abdurachmanov Date: Mon Dec 10 21:43:54 2018 +0100 riscv: define NR_syscalls in unistd.h This macro is used by kernel/trace/{trace.h,trace_syscalls.c} if we have CONFIG_FTRACE_SYSCALLS enabled. Signed-off-by: David Abdurachmanov Fixes: b78002b395b4 ("riscv: add HAVE_SYSCALL_TRACEPOINTS to Kconfig") Signed-off-by: Palmer Dabbelt commit 0aea89430a4c79c65c541c947497007d33fbe002 Author: David Abdurachmanov Date: Mon Oct 29 11:48:54 2018 +0100 riscv: audit: add audit hook in do_syscall_trace_enter/exit() This patch adds auditing functions on entry to and exit from every system call invocation. Signed-off-by: David Abdurachmanov Signed-off-by: Palmer Dabbelt commit efe75c494f57890900caf6c8a0667db35bfaf56a Author: David Abdurachmanov Date: Mon Oct 29 11:48:53 2018 +0100 riscv: add audit support On RISC-V (riscv) audit is supported through generic lib/audit.c. The patch adds required arch specific definitions. Signed-off-by: David Abdurachmanov Signed-off-by: Palmer Dabbelt commit 2cffc9569050a8dbc0c4a6ee7186c0919487c3ec Author: Zong Li Date: Fri Dec 7 17:02:16 2018 +0800 RISC-V: Support MODULE_SECTIONS mechanism on RV32 This patch supports dynamic generate got and plt sections mechanism on rv32. It contains the modification as follows: - Always enable MODULE_SECTIONS (both rv64 and rv32) - Change the fixed size type. This patch had been tested by following modules: btrfs 6795991 0 - Live 0xa544b000 test_static_keys 17304 0 - Live 0xa28be000 zstd_compress 1198986 1 btrfs, Live 0xa2a25000 zstd_decompress 608112 1 btrfs, Live 0xa24e7000 lzo 8787 0 - Live 0xa2049000 xor 27461 1 btrfs, Live 0xa2041000 zram 78849 0 - Live 0xa2276000 netdevsim 55909 0 - Live 0xa202d000 tun 211534 0 - Live 0xa21b5000 fuse 566049 0 - Live 0xa25fb000 nfs_layout_flexfiles 192597 0 - Live 0xa229b000 ramoops 74895 0 - Live 0xa2019000 xfs 3973221 0 - Live 0xa507f000 libcrc32c 3053 2 btrfs,xfs, Live 0xa34af000 lzo_compress 17302 2 btrfs,lzo, Live 0xa347d000 lzo_decompress 7178 2 btrfs,lzo, Live 0xa3451000 raid6_pq 142086 1 btrfs, Live 0xa33a4000 reed_solomon 31022 1 ramoops, Live 0xa31eb000 test_bitmap 3734 0 - Live 0xa31af000 test_bpf 1588736 0 - Live 0xa2c11000 test_kmod 41161 0 - Live 0xa29f8000 test_module 1356 0 - Live 0xa299e000 test_printf 6024 0 [permanent], Live 0xa2971000 test_static_key_base 5797 1 test_static_keys, Live 0xa2931000 test_user_copy 4382 0 - Live 0xa28c9000 xxhash 70501 2 zstd_compress,zstd_decompress, Live 0xa2055000 Signed-off-by: Zong Li Signed-off-by: Palmer Dabbelt commit 3b56adcf94d03533666e87e41d23ac91756cec9b Author: Paul Walmsley Date: Mon Dec 17 16:09:59 2018 -0800 MAINTAINERS: SiFive drivers: add myself as a SiFive driver maintainer I'll be helping Palmer review drivers for SiFive-specific IP blocks, so add myself to the MAINTAINERS file. Cc: Albert Ou Cc: Palmer Dabbelt Cc: linux-kernel@vger.kernel.org Cc: linux-riscv@lists.infradead.org Signed-off-by: Paul Walmsley Signed-off-by: Paul Walmsley Signed-off-by: Palmer Dabbelt commit af5f462c2d9ed227ffca4c8d02eb38679c9b8846 Author: Paul Walmsley Date: Mon Dec 17 16:09:58 2018 -0800 MAINTAINERS: SiFive drivers: change the git tree to a SiFive git tree Update the git tree URL for drivers for SiFive-related IP blocks to point to a SiFive-managed URL. Cc: Albert Ou Cc: Palmer Dabbelt Cc: linux-kernel@vger.kernel.org Cc: linux-riscv@lists.infradead.org Signed-off-by: Paul Walmsley Signed-off-by: Paul Walmsley Signed-off-by: Palmer Dabbelt commit 37a107ff6dcd773da4dc75b62b9bf4349dd7300f Author: Andreas Schwab Date: Tue Dec 11 11:20:40 2018 +0100 riscv: don't stop itself in smp_send_stop Add IPI_CPU_STOP message and use it in smp_send_stop to stop other cpus, but not itself. Mark cpu offline on reception of IPI_CPU_STOP. Signed-off-by: Andreas Schwab Reviewed-by: Atish Patra Signed-off-by: Palmer Dabbelt commit 8fd6e05c7463b635e51ec7df0a1858c1b5a6e350 Author: Paul Walmsley Date: Mon Dec 17 19:15:12 2018 -0800 arch: riscv: support kernel command line forcing when no DTB passed CONFIG_CMDLINE_FORCE doesn't work on RISC-V when no DTB is passed into the kernel. This is because the code that forces the kernel command line only runs if a valid DTB is present at boot. During debugging, it's useful to have the ability to force kernel command lines even when no DTB is present. This patch adds support for doing so. Cc: Palmer Dabbelt Cc: Albert Ou Cc: linux-riscv@lists.infradead.org Cc: linux-kernel@vger.kernel.org (open list) Signed-off-by: Paul Walmsley Signed-off-by: Paul Walmsley Signed-off-by: Palmer Dabbelt commit d0df00e30e4bf9bc27ddbd092ad683ff6121b360 Author: Aurelien Jarno Date: Tue Dec 25 15:46:24 2018 +0100 tools uapi: fix RISC-V 64-bit support The BPF library is not built on 64-bit RISC-V, as the BPF feature is not detected. Looking more in details, feature/test-bpf.c fails to build with the following error: | In file included from /tmp/linux-4.19.12/tools/include/uapi/asm/bitsperlong.h:17, | from /tmp/linux-4.19.12/tools/include/uapi/asm-generic/unistd.h:2, | from /usr/include/riscv64-linux-gnu/asm/unistd.h:1, | from test-bpf.c:2: | /tmp/linux-4.19.12/tools/include/asm-generic/bitsperlong.h:14:2: error: #error Inconsistent word size. Check asm/bitsperlong.h | #error Inconsistent word size. Check asm/bitsperlong.h | ^~~~~ The UAPI from the tools directory is missing RISC-V support, therefore bitsperlong.h from asm-generic is used, defaulting to 32 bits. Fix that by adding tools/arch/riscv/include/uapi/asm/bitsperlong.h as a copy of arch/riscv/include/uapi/asm/bitsperlong.h and by updating tools/include/uapi/asm/bitsperlong.h. Signed-off-by: Aurelien Jarno Signed-off-by: Palmer Dabbelt commit 22e6a2e14cb8ebcae059488cf24e778e4058c2bf Author: Anup Patel Date: Wed Dec 19 18:06:57 2018 +0530 RISC-V: Make BSS section as the last section in vmlinux.lds.S The objcopy only emits loadable sections when creating flat kernel Image. To have minimal possible size of flat kernel Image, we should have all non-loadable sections after loadable sections. Currently, execption table section (loadable section) is after BSS section (non-loadable section) in the RISC-V vmlinux.lds.S. This is not optimal for having minimal flat kernel Image size hence this patch makes BSS section as the last section in RISC-V vmlinux.lds.S. In addition, we make BSS section aligned to 16byte instead of PAGE aligned which further reduces flat kernel Image size by few KBs. The flat kernel Image size of Linux-4.20-rc4 using GCC 8.2.0 is 8819980 bytes with current RISC-V vmlinux.lds.S and it reduces to 7991740 bytes with this patch applied. In summary, this patch reduces Linux-4.20-rc4 flat kernel Image size by 809 KB. Signed-off-by: Anup Patel Reviewed-by: Bin Meng Signed-off-by: Palmer Dabbelt commit d0c2d2101b4c1a41e6ebeca6a28c70df43d2a6a3 Author: Kunihiko Hayashi Date: Fri Nov 9 10:42:07 2018 +0900 reset: uniphier-glue: Add AHCI reset control support in glue layer Add a reset line included in AHCI glue layer to enable AHCI core implemented in UniPhier SoCs. Signed-off-by: Kunihiko Hayashi Signed-off-by: Philipp Zabel commit 69af3d1b8a91cf9b426c4238964df847036bf214 Author: Kunihiko Hayashi Date: Fri Nov 9 10:42:06 2018 +0900 dt-bindings: reset: uniphier: Add AHCI core reset description Add compatible strings for reset control of AHCI core implemented in UniPhier SoCs. The reset control belongs to AHCI glue layer. Signed-off-by: Kunihiko Hayashi Reviewed-by: Rob Herring Signed-off-by: Philipp Zabel commit 3eb8f765f5aeca6e4195246f41e534025f69eee8 Author: Kunihiko Hayashi Date: Fri Nov 9 10:42:05 2018 +0900 reset: uniphier-usb3: Rename to reset-uniphier-glue This driver works for controlling the reset lines including USB3 glue layer, however, this can be applied to other glue layers. Now this patch renames the driver from "reset-uniphier-usb3" to "reset-uniphier-glue". At the same time, this changes CONFIG_RESET_UNIPHIER_USB3 to CONFIG_RESET_UNIPHIER_GLUE. Signed-off-by: Kunihiko Hayashi Signed-off-by: Philipp Zabel commit 21b22136b4330abd1467e59fbe651ae4d18f0357 Author: Kunihiko Hayashi Date: Fri Nov 9 10:42:04 2018 +0900 dt-bindings: reset: uniphier: Replace the expression of USB3 with generic peripherals Replace the expression of "USB3 glue layer" with the glue layer of the generic peripherals to allow other devices to use it. The reset control belongs to this glue layer. Signed-off-by: Kunihiko Hayashi Reviewed-by: Rob Herring Signed-off-by: Philipp Zabel commit a277105b239bdcb6490ec51366413643dbc8ed4a Author: Dinh Nguyen Date: Mon Nov 5 14:05:49 2018 -0600 ARM: socfpga: dts: document "altr,stratix10-rst-mgr" binding "altr,stratix10-rst-mgr" is used for the Stratix10 reset manager. Signed-off-by: Dinh Nguyen Signed-off-by: Philipp Zabel commit b3ca9888f35fa6919569cf27c929dc0ac49e9716 Author: Dinh Nguyen Date: Tue Nov 13 12:50:48 2018 -0600 reset: socfpga: add an early reset driver for SoCFPGA Create a separate reset driver that uses the reset operations in reset-simple. The reset driver for the SoCFPGA platform needs to register early in order to be able bring online timers that needed early in the kernel bootup. We do not need this early reset driver for Stratix10, because on arm64, Linux does not need the timers are that in reset. Linux is able to run just fine with the internal armv8 timer. Thus, we use a new binding "altr,stratix10-rst-mgr" for the Stratix10 platform. The Stratix10 platform will continue to use the reset-simple platform driver, while the 32-bit platforms(Cyclone5/Arria5/Arria10) will use the early reset driver. Signed-off-by: Dinh Nguyen [p.zabel@pengutronix.de: fixed socfpga of_device_id in reset-simple] Signed-off-by: Philipp Zabel commit 151f72f493f2605ebbed0198362eed05918ed839 Author: Colin Ian King Date: Wed Nov 14 21:49:35 2018 +0000 reset: fix null pointer dereference on dev by dev_name The call to dev_name will dereference dev, however, dev is later being null checked, so there is a possibility of a null pointer dereference on dev by the call to dev_name. Fix this by null checking dev first before the call to dev_name Detected by CoverityScan, CID#1475475 ("Dereference before null check") Fixes: 2a6cb2b1d83b ("reset: Add reset_control_get_count()") Signed-off-by: Colin Ian King Signed-off-by: Philipp Zabel commit eaf91db0ab22dc2c664a9782f2f31dcbc410f3b5 Author: Geert Uytterhoeven Date: Tue Nov 13 13:47:44 2018 +0100 reset: Add reset_control_get_count() Currently the reset core has internal support for counting the number of resets for a device described in DT. Generalize this to devices using lookup resets, and export it for public use. This will be used by generic drivers that need to be sure a device is controlled by a single, dedicated reset line (e.g. vfio-platform). Signed-off-by: Geert Uytterhoeven [p.zabel@pengutronix.de: fixed a typo in reset_control_get_count comment] Signed-off-by: Philipp Zabel commit 12c62b9d6ce57d37f3c03cc902c30498909fbc42 Author: Geert Uytterhoeven Date: Mon Oct 8 13:15:43 2018 +0200 reset: Improve reset controller kernel docs Grammar and indentation fixes. Signed-off-by: Geert Uytterhoeven [p.zabel@pengutronix.de: dropped "shared among" -> "shared between"] Signed-off-by: Philipp Zabel commit 42f03ab3c75197e8fec2dbd6b50bc699619aab9b Author: Eugeniy Paltsev Date: Wed Oct 17 17:05:52 2018 +0300 ARC: HSDK: improve reset driver As for today HSDK reset driver implements only .reset() callback. In case of driver which implements one of standard reset controller usage pattern (call *_deassert() in probe(), call *_assert() in remove()) that leads to inoperability of this reset driver. Improve HSDK reset driver by calling .reset() callback inside of .deassert() callback to avoid each reset controller user adaptation for work with both reset methods (reset() and {.assert() & .deassert()} pair) Signed-off-by: Eugeniy Paltsev Signed-off-by: Philipp Zabel commit eeb2c4fb6a3d0ebed35fbc13a255f691c8b8d7e5 Author: Jacob Wen Date: Mon Jan 7 09:59:59 2019 +0800 rds: use DIV_ROUND_UP instead of ceil Yes indeed, DIV_ROUND_UP is in kernel.h. Signed-off-by: Jacob Wen Signed-off-by: David S. Miller commit 10262b0b53666cbc506989b17a3ead1e9c3b43b4 Author: Heiner Kallweit Date: Sun Jan 6 20:44:00 2019 +0100 r8169: don't try to read counters if chip is in a PCI power-save state Avoid log spam caused by trying to read counters from the chip whilst it is in a PCI power-save state. Reference: https://bugzilla.kernel.org/show_bug.cgi?id=107421 Fixes: 1ef7286e7f36 ("r8169: Dereference MMIO address immediately before use") Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller commit 7775665aadc48a562051834a73519129bf717d73 Author: Larry Finger Date: Wed Jan 2 20:12:47 2019 -0600 staging: rtl8188eu: Fix module loading from tasklet for WEP encryption Commit 2b2ea09e74a5 ("staging:r8188eu: Use lib80211 to decrypt WEP-frames") causes scheduling while atomic bugs followed by a hard freeze whenever the driver tries to connect to a WEP-encrypted network. Experimentation showed that the freezes were eliminated when module lib80211 was preloaded, which can be forced by calling lib80211_get_crypto_ops() directly rather than indirectly through try_then_request_module(). With this change, no BUG messages are logged. Fixes: 2b2ea09e74a5 ("staging:r8188eu: Use lib80211 to decrypt WEP-frames") Cc: Stable # v4.17+ Cc: Michael Straube Cc: Ivan Safonov Signed-off-by: Larry Finger Signed-off-by: Greg Kroah-Hartman commit 84cad97a717f5749a0236abd5ce68da582ea074f Author: Larry Finger Date: Wed Jan 2 20:12:46 2019 -0600 staging: rtl8188eu: Fix module loading from tasklet for CCMP encryption Commit 6bd082af7e36 ("staging:r8188eu: use lib80211 CCMP decrypt") causes scheduling while atomic bugs followed by a hard freeze whenever the driver tries to connect to a CCMP-encrypted network. Experimentation showed that the freezes were eliminated when module lib80211 was preloaded, which can be forced by calling lib80211_get_crypto_ops() directly rather than indirectly through try_then_request_module(). With this change, no BUG messages are logged. Fixes: 6bd082af7e36 ("staging:r8188eu: use lib80211 CCMP decrypt") Cc: Stable # v4.17+ Reported-and-tested-by: Michael Straube Cc: Ivan Safonov Signed-off-by: Larry Finger Signed-off-by: Greg Kroah-Hartman commit 8a5aaf97cc4876a9b61cb3b7c07128d4569ac536 Author: Guo Ren Date: Fri Jan 4 11:17:33 2019 +0800 Documentation/features: Add csky kernel features core/ cBPF-JIT : TODO | core/ eBPF-JIT : TODO | core/ generic-idle-thread : ok | core/ jump-labels : TODO | core/ tracehook : ok | debug/ KASAN : TODO | debug/ gcov-profile-all : TODO | debug/ kgdb : TODO | debug/ kprobes-on-ftrace : TODO | debug/ kprobes : TODO | debug/ kretprobes : TODO | debug/ optprobes : TODO | debug/ stackprotector : TODO | debug/ uprobes : TODO | debug/ user-ret-profiler : TODO | io/ dma-contiguous : ok | locking/ cmpxchg-local : TODO | locking/ lockdep : TODO | locking/ queued-rwlocks : ok | locking/ queued-spinlocks : TODO | locking/ rwsem-optimized : TODO | perf/ kprobes-event : TODO | perf/ perf-regs : TODO | perf/ perf-stackdump : TODO | sched/ membarrier-sync-core : TODO | sched/ numa-balancing : .. | seccomp/ seccomp-filter : TODO | time/ arch-tick-broadcast : TODO | time/ clockevents : ok | time/ context-tracking : TODO | time/ irq-time-acct : TODO | time/ modern-timekeeping : ok | time/ virt-cpuacct : TODO | vm/ ELF-ASLR : TODO | vm/ PG_uncached : TODO | vm/ THP : .. | vm/ batch-unmap-tlb-flush: TODO | vm/ huge-vmap : TODO | vm/ ioremap_prot : TODO | vm/ numa-memblock : .. | vm/ pte_special : TODO | Signed-off-by: Guo Ren Cc: Arnd Bergmann commit a64597227d0de5610407fcc95dc835745a53f5d0 Author: Biju Das Date: Wed Dec 12 12:17:11 2018 +0000 soc: renesas: r8a774c0-sysc: Fix initialization order of 3DG-{A,B} The workaround for the wrong hierarchy of the 3DG-{A,B} power domains on RZ/G2E ES1.0 corrected the parent domains. However, the 3DG-{A,B} power domains were still initialized and powered in the wrong order, causing 3DG operation to fail. Fix this by changing the order in the table at runtime, when running on an affected SoC. This work is based on the work done by Geert for R-Car E3. Fixes: f37d211c687588328 ("soc: renesas: rcar-sysc: Add r8a774c0 support") Signed-off-by: Biju Das Reviewed-by: Geert Uytterhoeven Signed-off-by: Simon Horman commit 0fac32f24ceadad801ef1f4de468f1d5186c808d Author: Christophe JAILLET Date: Sat Dec 29 01:05:40 2018 +0100 i3c: master: Fix an error checking typo in 'cdns_i3c_master_probe()' Fix a cut'n'paste typo. Checking 'master->sysclk' is expected here. Fixes: 603f2bee2c54 ("i3c: master: Add driver for Cadence IP") Signed-off-by: Christophe JAILLET Signed-off-by: Boris Brezillon commit 0aaa81377c5a01f686bcdb8c7a6929a7bf330c68 Author: Oliver Hartkopp Date: Fri Jan 4 15:55:26 2019 +0100 can: gw: ensure DLC boundaries after CAN frame modification Muyu Yu provided a POC where user root with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Michael Kubecek suggested to drop frames that have a DLC exceeding the available space after the modification process and provided a patch that can handle CAN FD frames too. Within this patch we also limit the length for the checksum calculations to the maximum of Classic CAN data length (8). CAN frames that are dropped by these additional checks are counted with the CGW_DELETED counter which indicates misconfigurations in can-gw rules. This fixes CVE-2019-3701. Reported-by: Muyu Yu Reported-by: Marcus Meissner Suggested-by: Michal Kubecek Tested-by: Muyu Yu Tested-by: Oliver Hartkopp Signed-off-by: Oliver Hartkopp Cc: linux-stable # >= v3.2 Signed-off-by: Marc Kleine-Budde Signed-off-by: David S. Miller commit 01cd364a15f42575ef4aac8f82ff05516ea5da9a Author: Stephen Warren Date: Thu Jan 3 10:23:24 2019 -0700 net/mlx4: replace pci_{,un}map_sg with dma_{,un}map_sg pci_{,un}map_sg are deprecated and replaced by dma_{,un}map_sg. This is especially relevant since the rest of the driver uses the DMA API. Fix the driver to use the replacement APIs. Signed-off-by: Stephen Warren Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller commit f65e192af35058e5c82da9e90871b472d24912bc Author: Stephen Warren Date: Thu Jan 3 10:23:23 2019 -0700 net/mlx4: Get rid of page operation after dma_alloc_coherent This patch solves a crash at the time of mlx4 driver unload or system shutdown. The crash occurs because dma_alloc_coherent() returns one value in mlx4_alloc_icm_coherent(), but a different value is passed to dma_free_coherent() in mlx4_free_icm_coherent(). In turn this is because when allocated, that pointer is passed to sg_set_buf() to record it, then when freed it is re-calculated by calling lowmem_page_address(sg_page()) which returns a different value. Solve this by recording the value that dma_alloc_coherent() returns, and passing this to dma_free_coherent(). This patch is roughly equivalent to commit 378efe798ecf ("RDMA/hns: Get rid of page operation after dma_alloc_coherent"). Based-on-code-from: Christoph Hellwig Signed-off-by: Stephen Warren Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller commit 2b6f0090a3335b7bdd03ca520c35591159463041 Author: Boris Brezillon Date: Wed Jan 2 15:36:54 2019 +0100 mtd: Check add_mtd_device() ret code add_mtd_device() can fail. We should always check its return value and gracefully handle the failure case. Fix the call sites where this not done (in mtdpart.c) and add a __must_check attribute to the prototype to avoid this kind of mistakes. Signed-off-by: Boris Brezillon commit 19e16fb4f319b84b3220e98abf726218beba8c34 Author: Boris Brezillon Date: Wed Jan 2 15:36:53 2019 +0100 mtd: Fix the check on nvmem_register() ret code Commit 20167b70c894 ("nvmem: use EOPNOTSUPP instead of ENOSYS") changed the nvmem_register() ret code from ENOSYS to EOPNOTSUPP when CONFIG_NVMEM is not enabled, but the check in mtd_nvmem_add() was not adjusted accordingly. Cc: Bartosz Golaszewski Cc: Alban Bedel Fixes: c4dfa25ab307 ("mtd: add support for reading MTD devices via the nvmem API") Reported-by: kernel test robot Signed-off-by: Boris Brezillon Reviewed-by: Bartosz Golaszewski Signed-off-by: Boris Brezillon commit 1cd824361eed0f3621e32df1be15159c91f137d9 Merge: bfeffd1552837 74d4b4e0f43e5 Author: Mark Brown Date: Mon Jan 7 12:42:14 2019 +0000 Merge branch 'regmap-4.21' into regmap-5.0 commit 8070ba6348608aa1da15eb83dbaa9ece596aaa67 Author: Arnd Bergmann Date: Mon Dec 10 22:00:23 2018 +0100 ARM: shmobile: fix build regressions A number of Kconfig options have become available now to random ARM platforms outside of ARCH_MULTIPLATFORM, which now causes Kconfig warnings, and other build errors when those select options that lack additional dependencies, e.g.: WARNING: unmet direct dependencies detected for HAVE_ARM_ARCH_TIMER Depends on [n]: CPU_V7 [=n] Selected by [y]: - ARCH_RCAR_GEN2 [=y] && SOC_RENESAS [=y] - ARCH_R8A73A4 [=y] && SOC_RENESAS [=y] && ARM [=y] WARNING: unmet direct dependencies detected for SYS_SUPPORTS_EM_STI Depends on [n]: GENERIC_CLOCKEVENTS [=n] Selected by [y]: - ARCH_EMEV2 [=y] && SOC_RENESAS [=y] && ARM [=y] Put the old dependency on ARCH_RENESAS back for the moment to restore the previous behavior. Fixes: 062887bf5ef7 ("ARM: shmobile: Move SoC Kconfig symbols to drivers/soc/renesas/") Signed-off-by: Arnd Bergmann Acked-by: Geert Uytterhoeven Signed-off-by: Simon Horman commit 2b531d71595d2b5b12782a49b23c335869e2621e Author: Hans de Goede Date: Fri Jan 4 23:10:54 2019 +0100 ACPI / PMIC: xpower: Fix TS-pin current-source handling The current-source used for the battery temp-sensor (TS) is shared with the GPADC. For proper fuel-gauge and charger operation the TS current-source needs to be permanently on. But to read the GPADC we need to temporary switch the TS current-source to ondemand, so that the GPADC can use it, otherwise we will always read an all 0 value. The switching from on to on-ondemand is not necessary when the TS current-source is off (this happens on devices which do not have a TS). Prior to this commit there were 2 issues with our handling of the TS current-source switching: 1) We were writing hardcoded values to the ADC TS pin-ctrl register, overwriting various other unrelated bits. Specifically we were overwriting the current-source setting for the TS and GPIO0 pins, forcing it to 80ųA independent of its original setting. On a Chuwi Vi10 tablet this was causing us to get a too high adc value (due to a too high current-source) resulting in acpi_lpat_raw_to_temp() returning -ENOENT, resulting in: ACPI Error: AE_ERROR, Returned by Handler for [UserDefinedRegion] ACPI Error: Method parse/execution failed \_SB.SXP1._TMP, AE_ERROR This commit fixes this by using regmap_update_bits to change only the relevant bits. 2) At the end of intel_xpower_pmic_get_raw_temp() we were unconditionally enabling the TS current-source even on devices where the TS-pin is not used and the current-source thus was off on entry of the function. This commit fixes this by checking if the TS current-source is off when entering intel_xpower_pmic_get_raw_temp() and if so it is left as is. Fixes: 58eefe2f3f53 (ACPI / PMIC: xpower: Do pinswitch ... reading GPADC) Signed-off-by: Hans de Goede Acked-by: Andy Shevchenko Cc: 4.14+ # 4.14+ Signed-off-by: Rafael J. Wysocki commit c2a7c55a04065c3b0c32d23b099db7ea1dbf6250 Author: Kailang Yang Date: Thu Jan 3 15:53:39 2019 +0800 ALSA: hda/realtek - Support Dell headset mode for New AIO platform Dell has new platform for ALC274. This will support to enable headset mode. Signed-off-by: Kailang Yang Cc: Signed-off-by: Takashi Iwai commit 605c0351fa36e857e29d34ebab2719d9c04e95f6 Author: Larry Finger Date: Wed Jan 2 14:02:08 2019 -0600 MAINTAINERS: Add entry for staging driver r8188eu This entry was missed when the driver was added. Signed-off-by: Larry Finger Signed-off-by: Greg Kroah-Hartman commit cbb2ebf70daf7f7d97d3811a2ff8e39655b8c184 Author: Hui Peng Date: Tue Dec 25 18:11:52 2018 -0500 ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks In `create_composite_quirk`, the terminating condition of for loops is `quirk->ifnum < 0`. So any composite quirks should end with `struct snd_usb_audio_quirk` object with ifnum < 0. for (quirk = quirk_comp->data; quirk->ifnum >= 0; ++quirk) { ..... } the data field of Bower's & Wilkins PX headphones usb device device quirks do not end with {.ifnum = -1}, wihch may result in out-of-bound read. This Patch fix the bug by adding an ending quirk object. Fixes: 240a8af929c7 ("ALSA: usb-audio: Add a quirck for B&W PX headphones") Signed-off-by: Hui Peng Cc: Signed-off-by: Takashi Iwai commit 3e96d7280f16e2f787307f695a31296b9e4a1cd7 Author: Takashi Iwai Date: Wed Jan 2 17:12:21 2019 +0100 ALSA: usb-audio: Always check descriptor sizes in parser code There are a few places where we access the data without checking the actual object size from the USB audio descriptor. This may result in OOB access, as recently reported. This patch addresses these missing checks. Most of added codes are simple bLength checks in the caller side. For the input and output terminal parsers, we put the length check in the parser functions. For the input terminal, a new argument is added to distinguish between UAC1 and the rest, as they treat different objects. Reported-by: Mathias Payer Reported-by: Hui Peng Tested-by: Hui Peng Cc: Signed-off-by: Takashi Iwai commit 0bfe5e434e6665b3590575ec3c5e4f86a1ce51c9 Author: Takashi Iwai Date: Wed Dec 19 14:04:47 2018 +0100 ALSA: usb-audio: Check mixer unit descriptors more strictly We've had some sanity checks of the mixer unit descriptors but they are too loose and some corner cases are overlooked. Add more strict checks in uac_mixer_unit_get_channels() for avoiding possible OOB accesses by malformed descriptors. This also changes the semantics of uac_mixer_unit_get_channels() slightly. Now it returns zero for the cases where the descriptor lacks of bmControls instead of -EINVAL. Then the caller side skips the mixer creation for such unit while it keeps parsing it. This corresponds to the case like Maya44. Cc: Signed-off-by: Takashi Iwai commit f4351a199cc120ff9d59e06d02e8657d08e6cc46 Author: Takashi Iwai Date: Wed Dec 19 12:36:27 2018 +0100 ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() The parser for the processing unit reads bNrInPins field before the bLength sanity check, which may lead to an out-of-bound access when a malformed descriptor is given. Fix it by assignment after the bLength check. Cc: Signed-off-by: Takashi Iwai commit 4a22fc534f2f55808c41197cf17d829099032acb Author: Dan Carpenter Date: Fri Jan 4 09:47:25 2019 +0300 watchdog: tqmx86: Fix a couple IS_ERR() vs NULL bugs These functions return NULL on error but we accidentally check for IS_ERR() instead. Fixes: e3c21e088f89 ("watchdog: tqmx86: Add watchdog driver for the IO controller") Signed-off-by: Dan Carpenter Reviewed-by: Andrew Lunn Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck commit 3aa8b8bbc142eeaac89891de584535ceb7fce405 Author: NeilBrown Date: Sun Dec 30 14:21:52 2018 +1100 watchdog: mt7621_wdt/rt2880_wdt: Fix compilation problem These files need #include to compile correctly. Fixes: ac3167257b9f ("headers: separate linux/mod_devicetable.h from linux/platform_device.h") Signed-off-by: NeilBrown Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck commit 862523297778775a0543110dcbf2ca832782f675 Author: Hans de Goede Date: Wed Nov 28 17:57:56 2018 +0100 gpiolib-acpi: Remove unnecessary WARN_ON from acpi_gpiochip_free_interrupts acpi_gpiochip_alloc_event only continues allocating an event and adding it to the list if gpiochip_request_own_desc does not return an error. So events with an error desc are never placed on the events list and this check is really not necessary. Suggested-by: Andy Shevchenko Signed-off-by: Hans de Goede Acked-by: Mika Westerberg Signed-off-by: Linus Walleij commit de96e9fea7ba56042f105b6fe163447b280eb800 Author: Greg Kroah-Hartman Date: Thu Jan 3 10:23:47 2019 +0100 sysfs: convert BUG_ON to WARN_ON It's rude to crash the system just because the developer did something wrong, as it prevents them from usually even seeing what went wrong. So convert the few BUG_ON() calls that have snuck into the sysfs code over the years to WARN_ON() to make it more "friendly". All of these are able to be recovered from, so it makes no sense to crash. Reported-by: Linus Torvalds Reviewed-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman commit 07bd14ccc3049f9c0147a91a4227a571f981601a Author: Wei Yongjun Date: Wed Dec 26 11:28:24 2018 +0000 hwmon: (lm80) Fix missing unlock on error in set_fan_div() Add the missing unlock before return from function set_fan_div() in the error handling case. Fixes: c9c63915519b ("hwmon: (lm80) fix a missing check of the status of SMBus read") Signed-off-by: Wei Yongjun Signed-off-by: Guenter Roeck commit 9de15c95a63f527c8f7a968cd95e6ec71fc6891d Author: Guenter Roeck Date: Wed Dec 26 13:56:15 2018 -0800 hwmon: (nct6775) Enable IO mapping for NCT6797D and NCT6798D Similar to other recent chips from Nuvoton, IO mapping may be disabled by default. Enable it when instantiating the driver and after resume. Fixes: 0599682b826f ("hwmon: (nct6775) Add support for NCT6798D") Fixes: e41da286a2fd ("hwmon: (nct6775) Add support for NCT6797D") Reported-by: Michael Cook Cc: Michael Cook Signed-off-by: Guenter Roeck commit 264142bc70ec039e26d8f3b46a717e8037f59ca0 Author: Guenter Roeck Date: Wed Dec 26 07:34:31 2018 -0800 hwmon: (nct6775) Fix chip ID for NCT6798D The chip ID is 0xd42[8-f], not 0xd45[8-f]. Fixes: 0599682b826f ("hwmon: (nct6775) Add support for NCT6798D") Reported-by: Michael Cook Cc: Michael Cook Signed-off-by: Guenter Roeck commit 3bd6e94bec122a951d462c239b47954cf5f36e33 Author: Masahiro Yamada Date: Mon Jan 7 11:08:08 2019 +0900 arch: restore generic-y += shmparam.h for some architectures For some reasons, I accidentally got rid of "generic-y += shmparam.h" from some architectures. Restore them to fix building c6x, h8300, hexagon, m68k, microblaze, openrisc, and unicore32. Fixes: d6e4b3e326d8 ("arch: remove redundant UAPI generic-y defines") Signed-off-by: Masahiro Yamada Signed-off-by: Linus Torvalds commit bfeffd155283772bbe78c6a05dec7c0128ee500c Author: Linus Torvalds Date: Sun Jan 6 17:08:20 2019 -0800 Linux 5.0-rc1 commit 85e1ffbd42f664965dc05f6e9851c06379f27fb2 Merge: ac5eed2b41776 d86271af64602 Author: Linus Torvalds Date: Sun Jan 6 16:33:10 2019 -0800 Merge tag 'kbuild-v4.21-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull more Kbuild updates from Masahiro Yamada: - improve boolinit.cocci and use_after_iter.cocci semantic patches - fix alignment for kallsyms - move 'asm goto' compiler test to Kconfig and clean up jump_label CONFIG option - generate asm-generic wrappers automatically if arch does not implement mandatory UAPI headers - remove redundant generic-y defines - misc cleanups * tag 'kbuild-v4.21-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kconfig: rename generated .*conf-cfg to *conf-cfg kbuild: remove unnecessary stubs for archheader and archscripts kbuild: use assignment instead of define ... endef for filechk_* rules arch: remove redundant UAPI generic-y defines kbuild: generate asm-generic wrappers if mandatory headers are missing arch: remove stale comments "UAPI Header export list" riscv: remove redundant kernel-space generic-y kbuild: change filechk to surround the given command with { } kbuild: remove redundant target cleaning on failure kbuild: clean up rule_dtc_dt_yaml kbuild: remove UIMAGE_IN and UIMAGE_OUT jump_label: move 'asm goto' support test to Kconfig kallsyms: lower alignment on ARM scripts: coccinelle: boolinit: drop warnings on named constants scripts: coccinelle: check for redeclaration kconfig: remove unused "file" field of yylval union nds32: remove redundant kernel-space generic-y nios2: remove unneeded HAS_DMA define commit ac5eed2b41776b05cf03aac761d3bb5e64eea24c Merge: 574823bfab82d 2573be22e5b6f Author: Linus Torvalds Date: Sun Jan 6 16:30:14 2019 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf tooling updates form Ingo Molnar: "A final batch of perf tooling changes: mostly fixes and small improvements" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (29 commits) perf session: Add comment for perf_session__register_idle_thread() perf thread-stack: Fix thread stack processing for the idle task perf thread-stack: Allocate an array of thread stacks perf thread-stack: Factor out thread_stack__init() perf thread-stack: Allow for a thread stack array perf thread-stack: Avoid direct reference to the thread's stack perf thread-stack: Tidy thread_stack__bottom() usage perf thread-stack: Simplify some code in thread_stack__process() tools gpio: Allow overriding CFLAGS tools power turbostat: Override CFLAGS assignments and add LDFLAGS to build command tools thermal tmon: Allow overriding CFLAGS assignments tools power x86_energy_perf_policy: Override CFLAGS assignments and add LDFLAGS to build command perf c2c: Increase the HITM ratio limit for displayed cachelines perf c2c: Change the default coalesce setup perf trace beauty ioctl: Beautify USBDEVFS_ commands perf trace beauty: Export function to get the files for a thread perf trace: Wire up ioctl's USBDEBFS_ cmd table generator perf beauty ioctl: Add generator for USBDEVFS_ ioctl commands tools headers uapi: Grab a copy of usbdevice_fs.h perf trace: Store the major number for a file when storing its pathname ... commit 574823bfab82d9d8fa47f422778043fbb4b4f50e Author: Linus Torvalds Date: Sat Jan 5 17:50:59 2019 -0800 Change mincore() to count "mapped" pages rather than "cached" pages The semantics of what "in core" means for the mincore() system call are somewhat unclear, but Linux has always (since 2.3.52, which is when mincore() was initially done) treated it as "page is available in page cache" rather than "page is mapped in the mapping". The problem with that traditional semantic is that it exposes a lot of system cache state that it really probably shouldn't, and that users shouldn't really even care about. So let's try to avoid that information leak by simply changing the semantics to be that mincore() counts actual mapped pages, not pages that might be cheaply mapped if they were faulted (note the "might be" part of the old semantics: being in the cache doesn't actually guarantee that you can access them without IO anyway, since things like network filesystems may have to revalidate the cache before use). In many ways the old semantics were somewhat insane even aside from the information leak issue. From the very beginning (and that beginning is a long time ago: 2.3.52 was released in March 2000, I think), the code had a comment saying Later we can get more picky about what "in core" means precisely. and this is that "later". Admittedly it is much later than is really comfortable. NOTE! This is a real semantic change, and it is for example known to change the output of "fincore", since that program literally does a mmmap without populating it, and then doing "mincore()" on that mapping that doesn't actually have any pages in it. I'm hoping that nobody actually has any workflow that cares, and the info leak is real. We may have to do something different if it turns out that people have valid reasons to want the old semantics, and if we can limit the information leak sanely. Cc: Kevin Easton Cc: Jiri Kosina Cc: Masatake YAMATO Cc: Andrew Morton Cc: Greg KH Cc: Peter Zijlstra Cc: Michal Hocko Signed-off-by: Linus Torvalds commit 94bd8a05cd4de344a9a57e52ef7d99550251984f Author: Linus Torvalds Date: Sun Jan 6 11:15:04 2019 -0800 Fix 'acccess_ok()' on alpha and SH Commit 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'") broke both alpha and SH booting in qemu, as noticed by Guenter Roeck. It turns out that the bug wasn't actually in that commit itself (which would have been surprising: it was mostly a no-op), but in how the addition of access_ok() to the strncpy_from_user() and strnlen_user() functions now triggered the case where those functions would test the access of the very last byte of the user address space. The string functions actually did that user range test before too, but they did it manually by just comparing against user_addr_max(). But with user_access_begin() doing the check (using "access_ok()"), it now exposed problems in the architecture implementations of that function. For example, on alpha, the access_ok() helper macro looked like this: #define __access_ok(addr, size) \ ((get_fs().seg & (addr | size | (addr+size))) == 0) and what it basically tests is of any of the high bits get set (the USER_DS masking value is 0xfffffc0000000000). And that's completely wrong for the "addr+size" check. Because it's off-by-one for the case where we check to the very end of the user address space, which is exactly what the strn*_user() functions do. Why? Because "addr+size" will be exactly the size of the address space, so trying to access the last byte of the user address space will fail the __access_ok() check, even though it shouldn't. As a result, the user string accessor functions failed consistently - because they literally don't know how long the string is going to be, and the max access is going to be that last byte of the user address space. Side note: that alpha macro is buggy for another reason too - it re-uses the arguments twice. And SH has another version of almost the exact same bug: #define __addr_ok(addr) \ ((unsigned long __force)(addr) < current_thread_info()->addr_limit.seg) so far so good: yes, a user address must be below the limit. But then: #define __access_ok(addr, size) \ (__addr_ok((addr) + (size))) is wrong with the exact same off-by-one case: the case when "addr+size" is exactly _equal_ to the limit is actually perfectly fine (think "one byte access at the last address of the user address space") The SH version is actually seriously buggy in another way: it doesn't actually check for overflow, even though it did copy the _comment_ that talks about overflow. So it turns out that both SH and alpha actually have completely buggy implementations of access_ok(), but they happened to work in practice (although the SH overflow one is a serious serious security bug, not that anybody likely cares about SH security). This fixes the problems by using a similar macro on both alpha and SH. It isn't trying to be clever, the end address is based on this logic: unsigned long __ao_end = __ao_a + __ao_b - !!__ao_b; which basically says "add start and length, and then subtract one unless the length was zero". We can't subtract one for a zero length, or we'd just hit an underflow instead. For a lot of access_ok() users the length is a constant, so this isn't actually as expensive as it initially looks. Reported-and-tested-by: Guenter Roeck Cc: Matt Turner Cc: Yoshinori Sato Signed-off-by: Linus Torvalds commit baa6707381285e68cc472efba58e7e736057aacc Merge: 215240462a967 8094c3ceb21ad Author: Linus Torvalds Date: Sun Jan 6 12:21:11 2019 -0800 Merge tag 'fscrypt_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt Pull fscrypt updates from Ted Ts'o: "Add Adiantum support for fscrypt" * tag 'fscrypt_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt: fscrypt: add Adiantum support commit 215240462a9672db771bb60adcc1c4fdf40e8ec4 Merge: e2b745f469ec0 191ce17876c93 Author: Linus Torvalds Date: Sun Jan 6 12:19:23 2019 -0800 Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 bug fixes from Ted Ts'o: "Fix a number of ext4 bugs" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: fix special inode number checks in __ext4_iget() ext4: track writeback errors using the generic tracking infrastructure ext4: use ext4_write_inode() when fsyncing w/o a journal ext4: avoid kernel warning when writing the superblock to a dead device ext4: fix a potential fiemap/page fault deadlock w/ inline_data ext4: make sure enough credits are reserved for dioread_nolock writes commit e2b745f469ec0f3165ba5ffaee3ce40f98d77878 Merge: 12133258d7fe3 8270f3a11ceef Author: Linus Torvalds Date: Sun Jan 6 11:47:26 2019 -0800 Merge tag 'dma-mapping-4.21-1' of git://git.infradead.org/users/hch/dma-mapping Pull dma-mapping fixes from Christoph Hellwig: "Fix various regressions introduced in this cycles: - fix dma-debug tracking for the map_page / map_single consolidatation - properly stub out DMA mapping symbols for !HAS_DMA builds to avoid link failures - fix AMD Gart direct mappings - setup the dma address for no kernel mappings using the remap allocator" * tag 'dma-mapping-4.21-1' of git://git.infradead.org/users/hch/dma-mapping: dma-direct: fix DMA_ATTR_NO_KERNEL_MAPPING for remapped allocations x86/amd_gart: fix unmapping of non-GART mappings dma-mapping: remove a few unused exports dma-mapping: properly stub out the DMA API for !CONFIG_HAS_DMA dma-mapping: remove dmam_{declare,release}_coherent_memory dma-mapping: implement dmam_alloc_coherent using dmam_alloc_attrs dma-mapping: implement dma_map_single_attrs using dma_map_page_attrs commit 12133258d7fe309b42a35677549c606b15a0822d Merge: 66e012f6188fb cdd6a4a0e2ec5 Author: Linus Torvalds Date: Sun Jan 6 11:40:06 2019 -0800 Merge tag 'tag-chrome-platform-for-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform Pull chrome platform updates from Benson Leung: - Changes for EC_MKBP_EVENT_SENSOR_FIFO handling. - Also, maintainership changes. Olofj out, Enric balletbo in. * tag 'tag-chrome-platform-for-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform: MAINTAINERS: add maintainers for ChromeOS EC sub-drivers MAINTAINERS: platform/chrome: Add Enric as a maintainer MAINTAINERS: platform/chrome: remove myself as maintainer platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup platform/chrome: straighten out cros_ec_get_{next,host}_event() error codes commit 66e012f6188fb37b18c774277f34fb52278059c3 Merge: b5aef86e089a2 4d5a91fd1f42a Author: Linus Torvalds Date: Sun Jan 6 11:37:44 2019 -0800 Merge tag 'hwlock-v4.21' of git://github.com/andersson/remoteproc Pull hwspinlock updates from Bjorn Andersson: "This adds support for the hardware semaphores found in STM32MP1" * tag 'hwlock-v4.21' of git://github.com/andersson/remoteproc: hwspinlock: fix return value check in stm32_hwspinlock_probe() hwspinlock: add STM32 hwspinlock device dt-bindings: hwlock: Document STM32 hwspinlock bindings commit 373282e7ab6840cd583a223fa90628f2d8293c26 Author: John Pittman Date: Fri Jan 4 12:06:37 2019 -0500 null_blk: add zoned config support information If the kernel is built without CONFIG_BLK_DEV_ZONED, a modprobe of the null_blk driver with zoned=1 fails with 'Invalid argument'. This can be confusing to users, prompting a search as to why the parameter is invalid. To assist in that search, add a bit more information to the failure, additionally adding to the documentation that CONFIG_BLK_DEV_ZONED is needed for zoned=1. Reviewed-by: Bart Van Assche Signed-off-by: John Pittman Added null_blk prefix to error message. Signed-off-by: Jens Axboe commit 8094c3ceb21ad93896fd4d238e8ba41911932eaf Author: Eric Biggers Date: Sun Jan 6 08:36:21 2019 -0500 fscrypt: add Adiantum support Add support for the Adiantum encryption mode to fscrypt. Adiantum is a tweakable, length-preserving encryption mode with security provably reducible to that of XChaCha12 and AES-256, subject to a security bound. It's also a true wide-block mode, unlike XTS. See the paper "Adiantum: length-preserving encryption for entry-level processors" (https://eprint.iacr.org/2018/720.pdf) for more details. Also see commit 059c2a4d8e16 ("crypto: adiantum - add Adiantum support"). On sufficiently long messages, Adiantum's bottlenecks are XChaCha12 and the NH hash function. These algorithms are fast even on processors without dedicated crypto instructions. Adiantum makes it feasible to enable storage encryption on low-end mobile devices that lack AES instructions; currently such devices are unencrypted. On ARM Cortex-A7, on 4096-byte messages Adiantum encryption is about 4 times faster than AES-256-XTS encryption; decryption is about 5 times faster. In fscrypt, Adiantum is suitable for encrypting both file contents and names. With filenames, it fixes a known weakness: when two filenames in a directory share a common prefix of >= 16 bytes, with CTS-CBC their encrypted filenames share a common prefix too, leaking information. Adiantum does not have this problem. Since Adiantum also accepts long tweaks (IVs), it's also safe to use the master key directly for Adiantum encryption rather than deriving per-file keys, provided that the per-file nonce is included in the IVs and the master key isn't used for any other encryption mode. This configuration saves memory and improves performance. A new fscrypt policy flag is added to allow users to opt-in to this configuration. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o commit 97274b6126193cca2b820579f5d758589a2badc2 Merge: 466f89e9ec8c6 1cbbcfbbd56ef Author: Alexei Starovoitov Date: Sat Jan 5 21:32:39 2019 -0800 Merge branch 'reject-ptr-scalar-mix' Daniel Borkmann says: ==================== Follow-up fix to 979d63d50c0c ("bpf: prevent out of bounds speculation on pointer arithmetic") in order to reject a corner case for sanitation when ptr / scalars are mixed in the same alu op. ==================== Signed-off-by: Alexei Starovoitov commit 1cbbcfbbd56efd994d643428c69467fe3c8ab672 Author: Daniel Borkmann Date: Sun Jan 6 00:54:38 2019 +0100 bpf: add various test cases for alu op on mixed dst register types Add couple of test_verifier tests to check sanitation of alu op insn with pointer and scalar type coming from different paths. This also includes BPF insns of the test reproducer provided by Jann Horn. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit d3bd7413e0ca40b60cf60d4003246d067cafdeda Author: Daniel Borkmann Date: Sun Jan 6 00:54:37 2019 +0100 bpf: fix sanitation of alu op with pointer / scalar type from different paths While 979d63d50c0c ("bpf: prevent out of bounds speculation on pointer arithmetic") took care of rejecting alu op on pointer when e.g. pointer came from two different map values with different map properties such as value size, Jann reported that a case was not covered yet when a given alu op is used in both "ptr_reg += reg" and "numeric_reg += reg" from different branches where we would incorrectly try to sanitize based on the pointer's limit. Catch this corner case and reject the program instead. Fixes: 979d63d50c0c ("bpf: prevent out of bounds speculation on pointer arithmetic") Reported-by: Jann Horn Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit b5aef86e089a2d85a6d627372287785d08938cbe Merge: 15b215e5aa299 93fb7f19985a0 Author: Linus Torvalds Date: Sat Jan 5 18:35:02 2019 -0800 Merge tag 'docs-5.0-fixes' of git://git.lwn.net/linux Pull documentation fixes from Jonathan Corbet: "A handful of late-arriving documentation fixes" * tag 'docs-5.0-fixes' of git://git.lwn.net/linux: doc: filesystems: fix bad references to nonexistent ext4.rst file Documentation/admin-guide: update URL of LKML information link Docs/kernel-api.rst: Remove blk-tag.c reference commit 15b215e5aa29993c1b0f46693a1b482296bcf08e Merge: d7252d0d36375 c820518f6ca15 Author: Linus Torvalds Date: Sat Jan 5 18:33:21 2019 -0800 Merge tag 'firewire-update' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 Pull firewire fixlet from Stefan Richter: "Remove an explicit dependency in Kconfig which is implied by another dependency" * tag 'firewire-update' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: firewire: Remove depends on HAS_DMA in case of platform dependency commit d7252d0d36375fe8c544098469a21d03fa267a55 Merge: 0fe4e2d5cd931 59f75fd0e3153 Author: Linus Torvalds Date: Sat Jan 5 18:29:13 2019 -0800 Merge tag 'for-linus-20190104' of git://git.kernel.dk/linux-block Pull block updates and fixes from Jens Axboe: - Pulled in MD changes that Shaohua had queued up for 4.21. Unfortunately we lost Shaohua late 2018, I'm sending these in on his behalf. - In conjunction with the above, I added a CREDITS entry for Shaoua. - sunvdc queue restart fix (Ming) * tag 'for-linus-20190104' of git://git.kernel.dk/linux-block: Add CREDITS entry for Shaohua Li block: sunvdc: don't run hw queue synchronously from irq context md: fix raid10 hang issue caused by barrier raid10: refactor common wait code from regular read/write request md: remvoe redundant condition check lib/raid6: add option to skip algo benchmarking lib/raid6: sort algos in rough performance order lib/raid6: check for assembler SSSE3 support lib/raid6: avoid __attribute_const__ redefinition lib/raid6: add missing include for raid6test md: remove set but not used variable 'bi_rdev' commit 0fe4e2d5cd931ad2ff99d61cfdd5c6dc0c3ec60b Merge: 3954e1d0310e3 9ddf32a8df9e3 Author: Linus Torvalds Date: Sat Jan 5 18:25:19 2019 -0800 Merge tag 'drm-next-2019-01-05' of git://anongit.freedesktop.org/drm/drm Pull drm fixes from Dave Airlie: "Happy New Year, just decloaking from leave to get some stuff from the last week in before rc1: core: - two regression fixes for damage blob and atomic i915 gvt: - Some missed GVT fixes from the original pull amdgpu: - new PCI IDs - SR-IOV fixes - DC fixes - Vega20 fixes" * tag 'drm-next-2019-01-05' of git://anongit.freedesktop.org/drm/drm: (53 commits) drm: Put damage blob when destroy plane state drm: fix null pointer dereference on null state pointer drm/amdgpu: Add new VegaM pci id drm/ttm: Use drm_debug_printer for all ttm_bo_mem_space_debug output drm/amdgpu: add Vega20 PSP ASD firmware loading drm/amd/display: Fix MST dp_blank REG_WAIT timeout drm/amd/display: validate extended dongle caps drm/amd/display: Use div_u64 for flip timestamp ns to ms drm/amdgpu/uvd:Change uvd ring name convention drm/amd/powerplay: add Vega20 LCLK DPM level setting support drm/amdgpu: print process info when job timeout drm/amdgpu/nbio7.4: add hw bug workaround for vega20 drm/amdgpu/nbio6.1: add hw bug workaround for vega10/12 drm/amd/display: Optimize passive update planes. drm/amd/display: verify lane status before exiting verify link cap drm/amd/display: Fix bug with not updating VSP infoframe drm/amd/display: Add retry to read ddc_clock pin drm/amd/display: Don't skip link training for empty dongle drm/amd/display: Wait edp HPD to high in detect_sink drm/amd/display: fix surface update sequence ... commit 3954e1d0310e30e743431b58918825c4d4fe8812 Merge: a8a6b1186b1a2 9c6260de505b6 Author: Linus Torvalds Date: Sat Jan 5 18:20:51 2019 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull rdma fixes from Jason Gunthorpe: "Over the break a few defects were found, so this is a -rc style pull request of various small things that have been posted. - An attempt to shorten RCU grace period driven delays showed crashes during heavier testing, and has been entirely reverted - A missed merge/rebase error between the advise_mr and ib_device_ops series - Some small static analysis driven fixes from Julia and Aditya - Missed ability to create a XRC_INI in the devx verbs interop series" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: infiniband/qedr: Potential null ptr dereference of qp infiniband: bnxt_re: qplib: Check the return value of send_message IB/ipoib: drop useless LIST_HEAD IB/core: Add advise_mr to the list of known ops Revert "IB/mlx5: Fix long EEH recover time with NVMe offloads" IB/mlx5: Allow XRC INI usage via verbs in DEVX context commit a8a6b1186b1a209647483c2ff81e0d59c43dbdd3 Merge: 7671c14e6aca7 399382f801820 Author: Linus Torvalds Date: Sat Jan 5 18:15:37 2019 -0800 Merge tag 'fbdev-v4.21' of git://github.com/bzolnier/linux Pull fbdev updates from Bartlomiej Zolnierkiewicz: "This time the pull request is really small. The most notable changes are fixing fbcon to not cause crash on unregister_framebuffer() operation when there is more than one framebuffer, adding config option to center the bootup logo and making FB_BACKLIGHT config option tristate (which in turn uncovered incorrect FB_BACKLIGHT usage by DRM's nouveau driver). Summary: - fix fbcon to not cause crash on unregister_framebuffer() when there is more than one framebuffer (Noralf Trønnes) - improve support for small rotated displays (Peter Rosin) - fix probe failure handling in udlfb driver (Dan Carpenter) - add config option to center the bootup logo (Peter Rosin) - make FB_BACKLIGHT config option tristate (Rob Clark) - remove superfluous HAS_DMA dependency for goldfishfb driver (Geert Uytterhoeven) - misc fixes (Alexey Khoroshilov, YueHaibing, Colin Ian King, Lubomir Rintel) - misc cleanups (Yangtao Li, Wen Yang) also there is DRM's nouveau driver fix for wrong FB_BACKLIGHT config option usage (FB_BACKLIGHT is for internal fbdev subsystem use only)" * tag 'fbdev-v4.21' of git://github.com/bzolnier/linux: drm/nouveau: fix incorrect FB_BACKLIGHT usage in Kconfig fbdev: fbcon: Fix unregister crash when more than one framebuffer fbdev: Remove depends on HAS_DMA in case of platform dependency pxa168fb: trivial typo fix fbdev: fsl-diu: remove redundant null check on cmap fbdev: omap2: omapfb: convert to DEFINE_SHOW_ATTRIBUTE fbdev: uvesafb: fix spelling mistake "memoery" -> "memory" fbdev: fbmem: add config option to center the bootup logo fbdev: fbmem: make fb_show_logo_line return the end instead of the height video: fbdev: pxafb: Fix "WARNING: invalid free of devm_ allocated data" fbdev: fbmem: behave better with small rotated displays and many CPUs video: clps711x-fb: release disp device node in probe() fbdev: make FB_BACKLIGHT a tristate udlfb: fix some inconsistent NULL checking commit 7671c14e6aca7a816a29a85eba47d9bccb7d23ae Merge: 926b02d3eb547 81482d13f37b1 Author: Linus Torvalds Date: Sat Jan 5 18:13:35 2019 -0800 Merge branch 'i2c/for-5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c updates from Wolfram Sang: "I2C has only driver updates for you this time. Mostly new IDs/DT compatibles, also SPDX conversions, small cleanups. STM32F7 got FastMode+ and PM support, Axxia some reliabilty improvements" * 'i2c/for-5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (26 commits) i2c: Add Actions Semiconductor Owl family S700 I2C support dt-bindings: i2c: Add S700 support for Actions Semi Soc's i2c: ismt: Add support for Intel Cedar Fork i2c: tegra: Switch to SPDX identifier i2c: tegra: Add missing kerneldoc for some fields i2c: tegra: Cleanup kerneldoc comments i2c: axxia: support sequence command mode dt-bindings: i2c: rcar: Add r8a774c0 support dt-bindings: i2c: sh_mobile: Add r8a774c0 support i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E) i2c: i2c-cros-ec-tunnel: Switch to SPDX identifier. i2c: powermac: Use of_node_name_eq for node name comparisons i2c-axxia: check for error conditions first i2c-axxia: dedicated function to set client addr dt-bindings: i2c: Use correct vendor prefix for Atmel i2c: tegra: replace spin_lock_irqsave with spin_lock in ISR eeprom: at24: add support for 24c2048 dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string i2c: i2c-stm32f7: add PM Runtime support i2c: sh_mobile: add support for r8a77990 (R-Car E3) ... commit 926b02d3eb547daa1d56cf9b586f31b270488b77 Merge: cf26057a94411 72199051af620 Author: Linus Torvalds Date: Sat Jan 5 17:57:34 2019 -0800 Merge tag 'pci-v4.21-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI updates from Bjorn Helgaas: - Remove unused lists from ASPM pcie_link_state (Frederick Lawler) - Fix Broadcom CNB20LE host bridge unintended sign extension (Colin Ian King) - Expand Kconfig "PF" acronyms (Randy Dunlap) - Update MAINTAINERS for arch/x86/kernel/early-quirks.c (Bjorn Helgaas) - Add missing include to drivers/pci.h (Alexandru Gagniuc) - Override Synopsys USB 3.x HAPS device class so dwc3-haps can claim it instead of xhci (Thinh Nguyen) - Clean up P2PDMA documentation (Randy Dunlap) - Allow runtime PM even if driver doesn't supply callbacks (Jarkko Nikula) - Remove status check after submitting Switchtec MRPC Firmware Download commands to avoid Completion Timeouts (Kelvin Cao) - Set Switchtec coherent DMA mask to allow 64-bit DMA (Boris Glimcher) - Fix Switchtec SWITCHTEC_IOCTL_EVENT_IDX_ALL flag overwrite issue (Joey Zhang) - Enable write combining for Switchtec MRPC Input buffers (Kelvin Cao) - Add Switchtec MRPC DMA mode support (Wesley Sheng) - Skip VF scanning on powerpc, which does this in firmware (Sebastian Ott) - Add Amlogic Meson PCIe controller driver and DT bindings (Yue Wang) - Constify histb dw_pcie_host_ops structure (Julia Lawall) - Support multiple power domains for imx6 (Leonard Crestez) - Constify layerscape driver data (Stefan Agner) - Update imx6 Kconfig to allow imx6 PCIe in imx7 kernel (Trent Piepho) - Support armada8k GPIO reset (Baruch Siach) - Support suspend/resume support on imx6 (Leonard Crestez) - Don't hard-code DesignWare DBI/ATU offst (Stephen Warren) - Skip i.MX6 PHY setup on i.MX7D (Andrey Smirnov) - Remove Jianguo Sun from HiSilicon STB maintainers (Lorenzo Pieralisi) - Mask DesignWare interrupts instead of disabling them to avoid lost interrupts (Marc Zyngier) - Add locking when acking DesignWare interrupts (Marc Zyngier) - Ack DesignWare interrupts in the proper callbacks (Marc Zyngier) - Use devm resource parser in mediatek (Honghui Zhang) - Remove unused mediatek "num-lanes" DT property (Honghui Zhang) - Add UniPhier PCIe controller driver and DT bindings (Kunihiko Hayashi) - Enable MSI for imx6 downstream components (Richard Zhu) * tag 'pci-v4.21-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: (40 commits) PCI: imx: Enable MSI from downstream components s390/pci: skip VF scanning PCI/IOV: Add flag so platforms can skip VF scanning PCI/IOV: Factor out sriov_add_vfs() PCI: uniphier: Add UniPhier PCIe host controller support dt-bindings: PCI: Add UniPhier PCIe host controller description PCI: amlogic: Add the Amlogic Meson PCIe controller driver dt-bindings: PCI: meson: add DT bindings for Amlogic Meson PCIe controller arm64: dts: mt7622: Remove un-used property for PCIe arm: dts: mt7623: Remove un-used property for PCIe dt-bindings: PCI: MediaTek: Remove un-used property PCI: mediatek: Remove un-used variant in struct mtk_pcie_port MAINTAINERS: Remove Jianguo Sun from HiSilicon STB DWC entry PCI: dwc: Don't hard-code DBI/ATU offset PCI: imx: Add imx6sx suspend/resume support PCI: armada8k: Add support for gpio controlled reset signal PCI: dwc: Adjust Kconfig to allow IMX6 PCIe host on IMX7 PCI: dwc: layerscape: Constify driver data PCI: imx: Add multi-pd support PCI: Override Synopsys USB 3.x HAPS device class ... commit cf26057a9441173ad552e90cea3344607075c9ad Merge: 1686cc1a31f45 bd8879faafe6d Author: Linus Torvalds Date: Sat Jan 5 17:53:40 2019 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid Pull HID updates from Jiri Kosina: - high-resolution scrolling support that gracefully handles differences between MS and Logitech implementations in HW, from Peter Hutterer and Harry Cutts - MSI IRQ support for intel-ish driver, from Song Hongyan - support for new hardware (Cougar 700K, Odys Winbook 13, ASUS FX503VD, ASUS T101HA) from Daniel M. Lambea, Hans de Goede and Aleix Roca Nonell - other small assorted fixups * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid: (22 commits) HID: i2c-hid: Add Odys Winbook 13 to descriptor override HID: lenovo: Add checks to fix of_led_classdev_register HID: intel-ish-hid: add MSI interrupt support HID: debug: Change to use DEFINE_SHOW_ATTRIBUTE macro HID: doc: fix wrong data structure reference for UHID_OUTPUT HID: intel-ish-hid: fixes incorrect error handling HID: asus: Add support for the ASUS T101HA keyboard dock HID: logitech: Use LDJ_DEVICE macro for existing Logitech mice HID: logitech: Enable high-resolution scrolling on Logitech mice HID: logitech: Add function to enable HID++ 1.0 "scrolling acceleration" HID: logitech-hidpp: fix typo, hiddpp to hidpp HID: input: use the Resolution Multiplier for high-resolution scrolling HID: core: process the Resolution Multiplier HID: core: store the collections as a basic tree Input: add `REL_WHEEL_HI_RES` and `REL_HWHEEL_HI_RES` HID: input: support Microsoft wireless radio control hotkey HID: use macros in IS_INPUT_APPLICATION HID: asus: Add support for the ASUS FX503VD laptop HID: asus: Add event handler to catch unmapped Asus Vendor UsagePage codes HID: cougar: Add support for Cougar 700K Gaming Keyboard ... commit 1686cc1a31f45a3fd090e5d0c6fce777422e13fa Merge: 5c4a60831aa6d 5f30b2e823484 Author: Linus Torvalds Date: Sat Jan 5 17:51:36 2019 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching Pull livepatch update from Jiri Kosina: "Return value checking fixup in livepatching samples, from Nicholas Mc Guire" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching: livepatch: check kzalloc return values commit d86271af64602e7c86c003b27f27c7216706ff96 Author: Masahiro Yamada Date: Sat Jan 5 12:01:51 2019 +0900 kconfig: rename generated .*conf-cfg to *conf-cfg Remove the dot-prefixing since it is just a matter of the .gitignore file. Signed-off-by: Masahiro Yamada commit f7de64b73172e0c4cc900c14a432b76f0347ee9e Author: Masahiro Yamada Date: Thu Jan 3 10:47:05 2019 +0900 kbuild: remove unnecessary stubs for archheader and archscripts Make simply skips a missing rule when it is marked as .PHONY. Remove the dummy targets. Signed-off-by: Masahiro Yamada commit ba97df45581f09a987ffa38444c33ed6a0a9479e Author: Masahiro Yamada Date: Thu Jan 3 10:16:54 2019 +0900 kbuild: use assignment instead of define ... endef for filechk_* rules You do not have to use define ... endef for filechk_* rules. For simple cases, the use of assignment looks cleaner, IMHO. I updated the usage for scripts/Kbuild.include in case somebody misunderstands the 'define ... endif' is the requirement. Signed-off-by: Masahiro Yamada Acked-by: Heiko Carstens commit d6e4b3e326d8b44675b9e19534347d97073826aa Author: Masahiro Yamada Date: Thu Jan 3 10:10:39 2019 +0900 arch: remove redundant UAPI generic-y defines Now that Kbuild automatically creates asm-generic wrappers for missing mandatory headers, it is redundant to list the same headers in generic-y and mandatory-y. Suggested-by: Sam Ravnborg Signed-off-by: Masahiro Yamada Acked-by: Sam Ravnborg commit 919987318a129b4d0c2203a3c6fd2d804be77100 Author: Masahiro Yamada Date: Thu Jan 3 10:10:38 2019 +0900 kbuild: generate asm-generic wrappers if mandatory headers are missing Some time ago, Sam pointed out a certain degree of overwrap between generic-y and mandatory-y. (https://lkml.org/lkml/2017/7/10/121) I tweaked the meaning of mandatory-y a little bit; now it defines the minimum set of ASM headers that all architectures must have. If arch does not have specific implementation of a mandatory header, Kbuild will let it fallback to the asm-generic one by automatically generating a wrapper. This will allow to drop lots of redundant generic-y defines. Previously, "mandatory" was used in the context of UAPI, but I guess this can be extended to kernel space ASM headers. Suggested-by: Sam Ravnborg Signed-off-by: Masahiro Yamada Acked-by: Sam Ravnborg commit d4ce5458ea1b7d8ca49c436d602095c4912777d3 Author: Masahiro Yamada Date: Thu Jan 3 10:10:37 2019 +0900 arch: remove stale comments "UAPI Header export list" These comments are leftovers of commit fcc8487d477a ("uapi: export all headers under uapi directories"). Prior to that commit, exported headers must be explicitly added to header-y. Now, all headers under the uapi/ directories are exported. Signed-off-by: Masahiro Yamada commit 8c4fa8b8d48326353afaf6934edd5f1cc49ee90b Author: Masahiro Yamada Date: Thu Jan 3 10:10:36 2019 +0900 riscv: remove redundant kernel-space generic-y This commit removes redundant generic-y defines in arch/riscv/include/asm/Kbuild. [1] It is redundant to define the same generic-y in both arch/$(ARCH)/include/asm/Kbuild and arch/$(ARCH)/include/uapi/asm/Kbuild. Remove the following generic-y: errno.h fcntl.h ioctl.h ioctls.h ipcbuf.h mman.h msgbuf.h param.h poll.h posix_types.h resource.h sembuf.h setup.h shmbuf.h signal.h socket.h sockios.h stat.h statfs.h swab.h termbits.h termios.h types.h [2] It is redundant to define generic-y when arch-specific implementation exists in arch/$(ARCH)/include/asm/*.h Remove the following generic-y: cacheflush.h module.h Signed-off-by: Masahiro Yamada commit ad774086356da92a477a87916613d96f4b36005c Author: Masahiro Yamada Date: Mon Dec 31 17:24:09 2018 +0900 kbuild: change filechk to surround the given command with { } filechk_* rules often consist of multiple 'echo' lines. They must be surrounded with { } or ( ) to work correctly. Otherwise, only the string from the last 'echo' would be written into the target. Let's take care of that in the 'filechk' in scripts/Kbuild.include to clean up filechk_* rules. Signed-off-by: Masahiro Yamada commit 172caf1993b7a6503a9f7faf589e2cf26eb1f219 Author: Masahiro Yamada Date: Mon Dec 31 17:24:08 2018 +0900 kbuild: remove redundant target cleaning on failure Since commit 9c2af1c7377a ("kbuild: add .DELETE_ON_ERROR special target"), the target file is automatically deleted on failure. The boilerplate code ... || { rm -f $@; false; } is unneeded. Signed-off-by: Masahiro Yamada commit f5688663db9b207d7d31f30f388417504b16b76c Author: Masahiro Yamada Date: Mon Dec 31 13:09:00 2018 +0900 kbuild: clean up rule_dtc_dt_yaml Commit 3a2429e1faf4 ("kbuild: change if_changed_rule for multi-line recipe") and commit 4f0e3a57d6eb ("kbuild: Add support for DT binding schema checks") came in via different sub-systems. This is a follow-up cleanup. Signed-off-by: Masahiro Yamada commit 786ac51a48465da56f333652ec1d8b215bb272fe Author: Masahiro Yamada Date: Mon Dec 31 10:05:01 2018 +0900 kbuild: remove UIMAGE_IN and UIMAGE_OUT The only/last user of UIMAGE_IN/OUT was removed by commit 4722a3e6b716 ("microblaze: fix multiple bugs in arch/microblaze/boot/Makefile"). The input and output should always be $< and $@. Signed-off-by: Masahiro Yamada commit e9666d10a5677a494260d60d1fa0b73cc7646eb3 Author: Masahiro Yamada Date: Mon Dec 31 00:14:15 2018 +0900 jump_label: move 'asm goto' support test to Kconfig Currently, CONFIG_JUMP_LABEL just means "I _want_ to use jump label". The jump label is controlled by HAVE_JUMP_LABEL, which is defined like this: #if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_JUMP_LABEL) # define HAVE_JUMP_LABEL #endif We can improve this by testing 'asm goto' support in Kconfig, then make JUMP_LABEL depend on CC_HAS_ASM_GOTO. Ugly #ifdef HAVE_JUMP_LABEL will go away, and CONFIG_JUMP_LABEL will match to the real kernel capability. Signed-off-by: Masahiro Yamada Acked-by: Michael Ellerman (powerpc) Tested-by: Sedat Dilek commit 72d3ebb929de339f991fc49b58942d2d5ecdb753 Author: Mathias Krause Date: Sun Dec 30 13:36:00 2018 +0100 kallsyms: lower alignment on ARM As mentioned in the info pages of gas, the '.align' pseudo op's interpretation of the alignment value is architecture specific. It might either be a byte value or taken to the power of two. On ARM it's actually the latter which leads to unnecessary large alignments of 16 bytes for 32 bit builds or 256 bytes for 64 bit builds. Fix this by switching to '.balign' instead which is consistent across all architectures. Signed-off-by: Mathias Krause Cc: Catalin Marinas Cc: Will Deacon Signed-off-by: Masahiro Yamada commit c3003315fbf442d99a73a3fc5288dbf89a735e38 Author: Julia Lawall Date: Sat Dec 29 07:14:16 2018 +0100 scripts: coccinelle: boolinit: drop warnings on named constants Coccinelle doesn't always have access to the values of named (#define) constants, and they may likely often be bound to true and false values anyway, resulting in false positives. So stop warning about them. Signed-off-by: Julia Lawall Signed-off-by: Masahiro Yamada commit dc7884f34a5da79c61a9443c465a99512dc7bb15 Author: Julia Lawall Date: Fri Dec 28 15:49:01 2018 +0100 scripts: coccinelle: check for redeclaration Avoid reporting on the use of an iterator index variable when the variable is redeclared. Signed-off-by: Julia Lawall Signed-off-by: Masahiro Yamada commit a5003571e627789d8104ebdbe3ae24be41ea071a Author: Masahiro Yamada Date: Fri Dec 21 15:23:02 2018 +0900 kconfig: remove unused "file" field of yylval union This has never been used. Signed-off-by: Masahiro Yamada commit 5c0ab286aeb1b7feeb50c138f2d9d80b3b04c276 Author: Masahiro Yamada Date: Sun Dec 16 23:14:11 2018 +0900 nds32: remove redundant kernel-space generic-y This commit removes redundant generic-y defines in arch/nds32/include/asm/Kbuild. [1] It is redundant to define the same generic-y in both arch/$(ARCH)/include/asm/Kbuild and arch/$(ARCH)/include/uapi/asm/Kbuild. Remove the following generic-y: bitsperlong.h bpf_perf_event.h errno.h fcntl.h ioctl.h ioctls.h mman.h shmbuf.h stat.h [2] It is redundant to define generic-y when arch-specific implementation exists in arch/$(ARCH)/include/asm/*.h Remove the following generic-y: ftrace.h Signed-off-by: Masahiro Yamada commit fd8658b58030b1815ba8bccfc02692c9fa718996 Author: Masahiro Yamada Date: Mon Nov 26 16:42:10 2018 +0900 nios2: remove unneeded HAS_DMA define kernel/dma/Kconfig globally defines HAS_DMA as follows: config HAS_DMA bool depends on !NO_DMA default y Signed-off-by: Masahiro Yamada Reviewed-by: Christoph Hellwig commit 5c4a60831aa6d937cec9cf17aef8eb6c1851bfcd Merge: c280230254635 24ef9ec891c76 Author: Linus Torvalds Date: Sat Jan 5 16:07:28 2019 -0800 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux Pull thermal management updates from Zhang Rui: - Add locking for cooling device sysfs attribute in case the cooling device state is changed by userspace and thermal framework simultaneously. (Thara Gopinath) - Fix a problem that passive cooling is reset improperly after system suspend/resume. (Wei Wang) - Cleanup the driver/thermal/ directory by moving intel and qcom platform specific drivers to platform specific sub-directories. (Amit Kucheria) - Some trivial cleanups. (Lukasz Luba, Wolfram Sang) * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: thermal/intel: fixup for Kconfig string parsing tightening up drivers: thermal: Move QCOM_SPMI_TEMP_ALARM into the qcom subdir drivers: thermal: Move various drivers for intel platforms into a subdir thermal: Fix locking in cooling device sysfs update cur_state Thermal: do not clear passive state during system sleep thermal: zx2967_thermal: simplify getting .driver_data thermal: st: st_thermal: simplify getting .driver_data thermal: spear_thermal: simplify getting .driver_data thermal: rockchip_thermal: simplify getting .driver_data thermal: int340x_thermal: int3400_thermal: simplify getting .driver_data thermal: remove unused function parameter commit c280230254635da33703dd8f4a10cad23f640fb0 Merge: a67012412e5a8 9d216211fded2 Author: Linus Torvalds Date: Sat Jan 5 16:01:16 2019 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal Pull thermal SoC updates from Eduardo Valentin: - Tegra DT binding documentation for Tegra194 - Armada now supports ap806 and cp110 - RCAR thermal now supports R8A774C0 and R8A77990 - Fixes on thermal_hwmon, IMX, generic-ADC, ST, RCAR, Broadcom, Uniphier, QCOM, Tegra, PowerClamp, and Armada thermal drivers. * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal: (22 commits) thermal: generic-adc: Fix adc to temp interpolation thermal: rcar_thermal: add R8A77990 support dt-bindings: thermal: rcar-thermal: add R8A77990 support thermal: rcar_thermal: add R8A774C0 support dt-bindings: thermal: rcar-thermal: add R8A774C0 support dt-bindings: cp110: document the thermal interrupt capabilities dt-bindings: ap806: document the thermal interrupt capabilities MAINTAINERS: thermal: add entry for Marvell MVEBU thermal driver thermal: armada: add overheat interrupt support thermal: st: fix Makefile typo thermal: uniphier: Convert to SPDX identifier thermal/intel_powerclamp: Change to use DEFINE_SHOW_ATTRIBUTE macro thermal: tegra: soctherm: Change to use DEFINE_SHOW_ATTRIBUTE macro dt-bindings: thermal: tegra-bpmp: Add Tegra194 support thermal: imx: save one condition block for normal case of nvmem initialization thermal: imx: fix for dependency on cpu-freq thermal: tsens: qcom: do not create duplicate regmap debugfs entries thermal: armada: Use PTR_ERR_OR_ZERO in armada_thermal_probe_legacy() dt-bindings: thermal: rcar-gen3-thermal: All variants use 3 interrupts thermal: broadcom: use devm_thermal_zone_of_sensor_register ... commit d4a7e9bb74b5aaf07b89f6531c080b1130bdf019 Author: David Ahern Date: Sat Jan 5 07:35:04 2019 -0800 ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses I realized the last patch calls dev_get_by_index_rcu in a branch not holding the rcu lock. Add the calls to rcu_read_lock and rcu_read_unlock. Fixes: ec90ad334986 ("ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address") Signed-off-by: David Ahern Signed-off-by: David S. Miller commit a67012412e5a820c44239af9712a1a6037b33fd4 Merge: 7e928df80d30b dc56367cb5dbf Author: Linus Torvalds Date: Sat Jan 5 14:08:00 2019 -0800 Merge tag 'trace-v4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull ftrace sh build fix from Steven Rostedt: "It appears that the zero-day bot did find a bug in my sh build. And that I didn't have the bad code in my config file when I cross compiled it, although there are a few other errors in sh that makes it not build for me, I missed that I added one more" * tag 'trace-v4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: sh: ftrace: Fix missing parenthesis in WARN_ON() commit 7e928df80d30b7664b5822784c95b4a54dc7cfbf Merge: 3cd6d495db2a0 d5c7076b772ad Author: Linus Torvalds Date: Sat Jan 5 14:05:06 2019 -0800 Merge tag '4.21-smb3-small-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull smb3 fixes from Steve French: "Three fixes, one for stable, one adds the (most secure) SMB3.1.1 dialect to default list requested" * tag '4.21-smb3-small-fixes' of git://git.samba.org/sfrench/cifs-2.6: smb3: add smb3.1.1 to default dialect list cifs: fix confusing warning message on reconnect smb3: fix large reads on encrypted connections commit 3cd6d495db2a0acfd2854f43aac8bfc5914bc89c Merge: acda9efa8c62d 31af12efd0a25 Author: Linus Torvalds Date: Sat Jan 5 14:02:22 2019 -0800 Merge tag 'iomap-4.21-merge-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull iomap maintainer update from Darrick Wong: "Christoph Hellwig and I have decided to take responsibility for the fs iomap code rather than let it languish further" * tag 'iomap-4.21-merge-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: iomap: take responsibility for the filesystem iomap code commit acda9efa8c62d4baa0395c83bda43f252137e302 Merge: c7eaf342ecb16 90be9b86da903 Author: Linus Torvalds Date: Sat Jan 5 14:00:56 2019 -0800 Merge tag 'xfs-4.21-merge-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fixlets from Darrick Wong: "Remove a couple of unnecessary local variables" * tag 'xfs-4.21-merge-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: xfs_fsops: drop useless LIST_HEAD xfs: xfs_buf: drop useless LIST_HEAD commit c7eaf342ecb164d79275a6c1c93aef19293a4aaf Merge: 35004f2e55807 5ccedf1ccd710 Author: Linus Torvalds Date: Sat Jan 5 13:58:08 2019 -0800 Merge tag 'ceph-for-4.21-rc1' of git://github.com/ceph/ceph-client Pull ceph updates from Ilya Dryomov: "A fairly quiet round: a couple of messenger performance improvements from myself and a few cap handling fixes from Zheng" * tag 'ceph-for-4.21-rc1' of git://github.com/ceph/ceph-client: ceph: don't encode inode pathes into reconnect message ceph: update wanted caps after resuming stale session ceph: skip updating 'wanted' caps if caps are already issued ceph: don't request excl caps when mount is readonly ceph: don't update importing cap's mseq when handing cap export libceph: switch more to bool in ceph_tcp_sendmsg() libceph: use MSG_SENDPAGE_NOTLAST with ceph_tcp_sendpage() libceph: use sock_no_sendpage() as a fallback in ceph_tcp_sendpage() libceph: drop last_piece logic from write_partial_message_data() ceph: remove redundant assignment ceph: cleanup splice_dentry() commit 35004f2e55807a1a1491db24ab512dd2f770a130 Author: Olof Johansson Date: Sat Jan 5 13:21:18 2019 -0800 lib/genalloc.c: include vmalloc.h Fixes build break on most ARM/ARM64 defconfigs: lib/genalloc.c: In function 'gen_pool_add_virt': lib/genalloc.c:190:10: error: implicit declaration of function 'vzalloc_node'; did you mean 'kzalloc_node'? lib/genalloc.c:190:8: warning: assignment to 'struct gen_pool_chunk *' from 'int' makes pointer from integer without a cast [-Wint-conversion] lib/genalloc.c: In function 'gen_pool_destroy': lib/genalloc.c:254:3: error: implicit declaration of function 'vfree'; did you mean 'kfree'? Fixes: 6862d2fc8185 ('lib/genalloc.c: use vzalloc_node() to allocate the bitmap') Cc: Huang Shijie Cc: Andrew Morton Cc: Alexey Skidanov Signed-off-by: Olof Johansson Signed-off-by: Linus Torvalds commit 505b050fdf42097883b2d37b8e796e1f11dbef50 Merge: 9b286efeb5eb5 718c43038f287 Author: Linus Torvalds Date: Sat Jan 5 13:25:58 2019 -0800 Merge branch 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs mount API prep from Al Viro: "Mount API prereqs. Mostly that's LSM mount options cleanups. There are several minor fixes in there, but nothing earth-shattering (leaks on failure exits, mostly)" * 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (27 commits) mount_fs: suppress MAC on MS_SUBMOUNT as well as MS_KERNMOUNT smack: rewrite smack_sb_eat_lsm_opts() smack: get rid of match_token() smack: take the guts of smack_parse_opts_str() into a new helper LSM: new method: ->sb_add_mnt_opt() selinux: rewrite selinux_sb_eat_lsm_opts() selinux: regularize Opt_... names a bit selinux: switch away from match_token() selinux: new helper - selinux_add_opt() LSM: bury struct security_mnt_opts smack: switch to private smack_mnt_opts selinux: switch to private struct selinux_mnt_opts LSM: hide struct security_mnt_opts from any generic code selinux: kill selinux_sb_get_mnt_opts() LSM: turn sb_eat_lsm_opts() into a method nfs_remount(): don't leak, don't ignore LSM options quietly btrfs: sanitize security_mnt_opts use selinux; don't open-code a loop in sb_finish_set_opts() LSM: split ->sb_set_mnt_opts() out of ->sb_kern_mount() new helper: security_sb_eat_lsm_opts() ... commit 9b286efeb5eb5aaa2712873fc1f928b2f879dbde Merge: 47f3f4eb7834e e4f2283cc6ffe Author: Linus Torvalds Date: Sat Jan 5 13:18:59 2019 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull trivial vfs updates from Al Viro: "A few cleanups + Neil's namespace_unlock() optimization" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: exec: make prepare_bprm_creds static genheaders: %-s had been there since v6; %-*s - since v7 VFS: use synchronize_rcu_expedited() in namespace_unlock() iov_iter: reduce code duplication commit 47f3f4eb7834ea424b0704bffd0d3e3c8ffbc3a1 Merge: f1c2f8857c5aa edefae94b7b9f Author: Linus Torvalds Date: Sat Jan 5 12:48:25 2019 -0800 Merge tag 'mips_fixes_4.21_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS fixes from Paul Burton: "A few early MIPS fixes for 4.21: - The Broadcom BCM63xx platform sees a fix for resetting the BCM6368 ethernet switch, and the removal of a platform device we've never had a driver for. - The Alchemy platform sees a few fixes for bitrot that occurred within the past few cycles. - We now enable vectored interrupt support for the MediaTek MT7620 SoC, which makes sense since they're supported by the SoC but in this case also works around a bug relating to the location of exception vectors when using a recent version of U-Boot. - The atomic64_fetch_*_relaxed() family of functions see a fix for a regression in MIPS64 kernels since v4.19. - Cavium Octeon III CN7xxx systems will now disable their RGMII interfaces rather than attempt to enable them & warn about the lack of support for doing so, as they did since initial CN7xxx ethernet support was added in v4.7. - The Microsemi/Microchip MSCC SoCs gain a MAINTAINERS entry. - .mailmap now provides consistency for Dengcheng Zhu's name & current email address" * tag 'mips_fixes_4.21_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: OCTEON: mark RGMII interface disabled on OCTEON III MIPS: Fix a R10000_LLSC_WAR logic in atomic.h MIPS: BCM63XX: drop unused and broken DSP platform device mailmap: Update name spelling and email for Dengcheng Zhu MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8 MAINTAINERS: Add a maintainer for MSCC MIPS SoCs MIPS: Alchemy: update dma masks for devboard devices MIPS: Alchemy: update cpu-feature-overrides MIPS: Alchemy: drop DB1000 IrDA support bits MIPS: alchemy: cpu_all_mask is forbidden for clock event devices MIPS: BCM63XX: fix switch core reset on BCM6368 commit f1c2f8857c5aa6c92aa903bc06437503422e5925 Merge: cd08f68c659f4 074400a7be612 Author: Linus Torvalds Date: Sat Jan 5 11:48:44 2019 -0800 Merge tag 'powerpc-4.21-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "A fix for the recent access_ok() change, which broke the build. We recently added a use of type in order to squash a warning elsewhere about type being unused. A handful of other minor build fixes, and one defconfig update. Thanks to: Christian Lamparter, Christophe Leroy, Diana Craciun, Mathieu Malaterre" * tag 'powerpc-4.21-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc: Drop use of 'type' from access_ok() KVM: PPC: Book3S HV: radix: Fix uninitialized var build error powerpc/configs: Add PPC4xx_OCM to ppc40x_defconfig powerpc/4xx/ocm: Fix phys_addr_t printf warnings powerpc/4xx/ocm: Fix compilation error due to PAGE_KERNEL usage powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' commit cd08f68c659f42f9ec23b25b9cefd1ef49dc78b5 Merge: 670b321f4150b dfbaecb2b707c Author: Linus Torvalds Date: Sat Jan 5 11:44:20 2019 -0800 Merge branch 'parisc-4.21-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc fix from Helge Deller: "Fix boot issues with a series of parisc servers since kernel 4.20. Remapping kernel text with set_kernel_text_rw() missed to remap from lowest up until the highest huge-page aligned kernel text addresss" * 'parisc-4.21-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Remap hugepage-aligned pages in set_kernel_text_rw() commit 670b321f4150bfc8a2261f4db3fcdab21738506b Merge: b23b0ea3708c3 21c7acc439b55 Author: Linus Torvalds Date: Sat Jan 5 11:35:55 2019 -0800 Merge tag 'for-4.21' of git://git.sourceforge.jp/gitroot/uclinux-h8/linux Pull h8300 fix from Yoshinori Sato: "Build problem fix" * tag 'for-4.21' of git://git.sourceforge.jp/gitroot/uclinux-h8/linux: h8300: pci: Remove local declaration of pcibios_penalize_isa_irq commit b23b0ea3708c3dec599966fc856836aca48835b9 Merge: 078a5a4faf64f 00f8ccd0c95f4 Author: Linus Torvalds Date: Sat Jan 5 11:30:37 2019 -0800 Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull more ARM SoC updates from Olof Johansson: "A few updates that we merged late but are low risk for regressions for other platforms (and a few other straggling patches): - I mis-tagged the 'drivers' branch, and missed 3 patches. Merged in here. They're for a driver for the PL353 SRAM controller and a build fix for the qualcomm scm driver. - A new platform, RDA Micro RDA8810PL (Cortex-A5 w/ integrated Vivante GPU, 256MB RAM, Wifi). This includes some acked platform-specific drivers (serial, etc). This also include DTs for two boards with this SoC, OrangePi 2G and OrangePi i86. - i.MX8 is another new platform (NXP, 4x Cortex-A53 + Cortex-M4, 4K video playback offload). This is the first i.MX 64-bit SoC. - Some minor updates to Samsung boards (adding a few peripherals in DTs). - Small rework for SMP bootup on STi platforms. - A couple of TEE driver fixes. - A couple of new config options (bcm2835 thermal, Uniphier MDMAC) enabled in defconfigs" * tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (27 commits) ARM: multi_v7_defconfig: enable CONFIG_UNIPHIER_MDMAC arm64: defconfig: Re-enable bcm2835-thermal driver MAINTAINERS: Add entry for RDA Micro SoC architecture tty: serial: Add RDA8810PL UART driver ARM: dts: rda8810pl: Add interrupt support for UART dt-bindings: serial: Document RDA Micro UART ARM: dts: rda8810pl: Add timer support ARM: dts: Add devicetree for OrangePi i96 board ARM: dts: Add devicetree for OrangePi 2G IoT board ARM: dts: Add devicetree for RDA8810PL SoC ARM: Prepare RDA8810PL SoC dt-bindings: arm: Document RDA8810PL and reference boards dt-bindings: Add RDA Micro vendor prefix ARM: sti: remove pen_release and boot_lock arm64: dts: exynos: Add Bluetooth chip to TM2(e) boards arm64: dts: imx8mq-evk: enable watchdog arm64: dts: imx8mq: add watchdog devices MAINTAINERS: add i.MX8 DT path to i.MX architecture arm64: add support for i.MX8M EVK board arm64: add basic DTS for i.MX8MQ ... commit 078a5a4faf64fefaf13478a9091782432cad33fa Merge: 1205b62390eed 7e0b44e870cf2 Author: Linus Torvalds Date: Sat Jan 5 11:28:39 2019 -0800 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "I'm safely chained back up to my desk, so please pull these arm64 fixes for -rc1 that address some issues that cropped up during the merge window: - Prevent KASLR from mapping the top page of the virtual address space - Fix device-tree probing of SDEI driver - Fix incorrect register offset definition in Hisilicon DDRC PMU driver - Fix compilation issue with older binutils not liking unsigned immediates - Fix uapi headers so that libc can provide its own sigcontext definition - Fix handling of private compat syscalls - Hook up compat io_pgetevents() syscall for 32-bit tasks - Cleanup to arm64 Makefile (including now to avoid silly conflicts)" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: compat: Hook up io_pgetevents() for 32-bit tasks arm64: compat: Don't pull syscall number from regs in arm_compat_syscall arm64: compat: Avoid sending SIGILL for unallocated syscall numbers arm64/sve: Disentangle from arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition drivers/perf: hisi: Fixup one DDRC PMU register offset arm64: replace arm64-obj-* in Makefile with obj-* arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region firmware: arm_sdei: Fix DT platform device creation firmware: arm_sdei: fix wrong of_node_put() in init function arm64: entry: remove unused register aliases arm64: smp: Fix compilation error commit 1205b62390eed4e747232d183fbf412a5aecacd9 Merge: 9ee3b3f4a5eb5 6de92920a717e Author: Linus Torvalds Date: Sat Jan 5 11:23:17 2019 -0800 Merge tag 'for-4.21' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM updates from Russell King: "Included in this update: - Florian Fainelli noticed that userspace segfaults caused by the lack of kernel-userspace helpers was hard to diagnose; we now issue a warning when userspace tries to use the helpers but the kernel has them disabled. - Ben Dooks wants compatibility for the old ATAG serial number with DT systems. - Some cleanup of assembly by Nicolas Pitre. - User accessors optimisation from Vincent Whitchurch. - More robust kdump on SMP systems from Yufen Wang. - Sebastian Andrzej Siewior noticed problems with the SMP "boot_lock" on RT kernels, and so we convert the Versatile series of platforms to use a raw spinlock instead, consolidating the Versatile implementation. We entirely remove the boot_lock on OMAP systems, where it's unnecessary. Further patches for other systems will be submitted for the following merge window. - Start switching old StrongARM-11x0 systems to use gpiolib rather than their private GPIO implementation - mostly PCMCIA bits. - ARM Kconfig cleanups. - Cleanup a mostly harmless mistake in the recent Spectre patch in 4.20 (which had the effect that data that can be placed into the init sections was incorrectly always placed in the rodata section)" * tag 'for-4.21' of git://git.armlinux.org.uk/~rmk/linux-arm: (25 commits) ARM: omap2: remove unnecessary boot_lock ARM: versatile: rename and comment SMP implementation ARM: versatile: convert boot_lock to raw ARM: vexpress/realview: consolidate immitation CPU hotplug ARM: fix the cockup in the previous patch ARM: sa1100/cerf: switch to using gpio_led_register_device() ARM: sa1100/assabet: switch to using gpio leds ARM: sa1100/assabet: add gpio keys support for right-hand two buttons ARM: sa1111: remove legacy GPIO interfaces pcmcia: sa1100*: remove redundant bvd1/bvd2 setting ARM: pxa/lubbock: switch PCMCIA to MAX1600 library ARM: pxa/mainstone: switch PCMCIA to MAX1600 library and gpiod APIs ARM: sa1100/neponset: switch PCMCIA to MAX1600 library and gpiod APIs ARM: sa1100/jornada720: switch PCMCIA to gpiod APIs pcmcia: add MAX1600 library ARM: sa1100: explicitly register sa11x0-pcmcia devices ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+ ARM: 8812/1: Optimise copy_{from/to}_user for !CPU_USE_DOMAINS ARM: 8811/1: always list both ldrd/strd registers explicitly ARM: 8808/1: kexec:offline panic_smp_self_stop CPU ... commit 9ee3b3f4a5eb523ef27675ac2fcd2269b9d68767 Merge: a65981109f294 f50fd2d8524c1 Author: Linus Torvalds Date: Sat Jan 5 09:50:07 2019 -0800 Merge tag 'csky-for-linus-4.21' of git://github.com/c-sky/csky-linux Pull arch/csky updates from Guo Ren: "Here are three main features (cpu_hotplug, basic ftrace, basic perf) and some bugfixes: Features: - Add CPU-hotplug support for SMP - Add ftrace with function trace and function graph trace - Add Perf support - Add EM_CSKY_OLD 39 - optimize kernel panic print. - remove syscall_exit_work Bugfixes: - fix abiv2 mmap(... O_SYNC) failure - fix gdb coredump error - remove vdsp implement for kernel - fix qemu failure to bootup sometimes - fix ftrace call-graph panic - fix device tree node reference leak - remove meaningless header-y - fix save hi,lo,dspcr regs in switch_stack - remove unused members in processor.h" * tag 'csky-for-linus-4.21' of git://github.com/c-sky/csky-linux: csky: Add perf support for C-SKY csky: Add EM_CSKY_OLD 39 clocksource/drivers/c-sky: fixup ftrace call-graph panic csky: ftrace call graph supported. csky: basic ftrace supported csky: remove unused members in processor.h csky: optimize kernel panic print. csky: stacktrace supported. csky: CPU-hotplug supported for SMP clocksource/drivers/c-sky: fixup qemu fail to bootup sometimes. csky: fixup save hi,lo,dspcr regs in switch_stack. csky: remove syscall_exit_work csky: fixup remove vdsp implement for kernel. csky: bugfix gdb coredump error. csky: fixup abiv2 mmap(... O_SYNC) failed. csky: define syscall_get_arch() elf-em.h: add EM_CSKY csky: remove meaningless header-y csky: Don't leak device tree node reference commit a65981109f294ba7e64b33ad3b4575a4636fce66 Merge: 3fed6ae4b027f b685a7350ae76 Author: Linus Torvalds Date: Sat Jan 5 09:16:18 2019 -0800 Merge branch 'akpm' (patches from Andrew) Merge more updates from Andrew Morton: - procfs updates - various misc bits - lib/ updates - epoll updates - autofs - fatfs - a few more MM bits * emailed patches from Andrew Morton : (58 commits) mm/page_io.c: fix polled swap page in checkpatch: add Co-developed-by to signature tags docs: fix Co-Developed-by docs drivers/base/platform.c: kmemleak ignore a known leak fs: don't open code lru_to_page() fs/: remove caller signal_pending branch predictions mm/: remove caller signal_pending branch predictions arch/arc/mm/fault.c: remove caller signal_pending_branch predictions kernel/sched/: remove caller signal_pending branch predictions kernel/locking/mutex.c: remove caller signal_pending branch predictions mm: select HAVE_MOVE_PMD on x86 for faster mremap mm: speed up mremap by 20x on large regions mm: treewide: remove unused address argument from pte_alloc functions initramfs: cleanup incomplete rootfs scripts/gdb: fix lx-version string output kernel/kcov.c: mark write_comp_data() as notrace kernel/sysctl: add panic_print into sysctl panic: add options to print system info when panic happens bfs: extra sanity checking and static inode bitmap exec: separate MM_ANONPAGES and RLIMIT_STACK accounting ... commit 8270f3a11ceef64bdb0ab141180e8d2f17c619ec Author: Christoph Hellwig Date: Fri Jan 4 18:31:48 2019 +0100 dma-direct: fix DMA_ATTR_NO_KERNEL_MAPPING for remapped allocations We need to return a dma_addr_t even if we don't have a kernel mapping. Do so by consolidating the phys_to_dma call in a single place and jump to it from all the branches that return successfully. Fixes: bfd56cd60521 ("dma-mapping: support highmem in the generic remap allocator") Reported-by: Liviu Dudau Tested-by: Liviu Dudau commit 06f55fd2d22742ed7e725124dfea68936d12ce40 Author: Christoph Hellwig Date: Fri Jan 4 09:50:33 2019 +0100 x86/amd_gart: fix unmapping of non-GART mappings In many cases we don't have to create a GART mapping at all, which also means there is nothing to unmap. Fix the range check that was incorrectly modified when removing the mapping_error method. Fixes: 9e8aa6b546 ("x86/amd_gart: remove the mapping_error dma_map_ops method") Reported-by: Michal Kubecek Signed-off-by: Christoph Hellwig Tested-by: Michal Kubecek commit 466f89e9ec8c6868131c2d2ba9cd5f536879c42a Merge: ec90ad334986f 976b4f3a4646f Author: Alexei Starovoitov Date: Fri Jan 4 20:23:33 2019 -0800 Merge branch 'udpv6_sendmsg-addr_any-fix' Andrey Ignatov says: ==================== The patch set fixes BSD'ism in sys_sendmsg to rewrite unspecified destination IPv6 for unconnected UDP sockets in sys_sendmsg with [::1] in case when either CONFIG_CGROUP_BPF is enabled or when sys_sendmsg BPF hook sets destination IPv6 to [::]. Patch 1 is the fix and provides more details. Patch 2 adds two test cases to verify the fix. v1->v2: * Fix compile error in patch 1. ==================== Signed-off-by: Alexei Starovoitov commit 976b4f3a4646fbf0d189caca25f91f82e4be4b5a Author: Andrey Ignatov Date: Fri Jan 4 01:07:08 2019 -0800 selftests/bpf: Test [::] -> [::1] rewrite in sys_sendmsg in test_sock_addr Test that sys_sendmsg BPF hook doesn't break sys_sendmsg behaviour to rewrite destination IPv6 = [::] with [::1] (BSD'ism). Two test cases are added: 1) User passes dst IPv6 = [::] and BPF_CGROUP_UDP6_SENDMSG program doesn't touch it. 2) User passes dst IPv6 != [::], but BPF_CGROUP_UDP6_SENDMSG program rewrites it with [::]. In both cases [::1] is used by sys_sendmsg code eventually and datagram is sent successfully for unconnected UDP socket. Example of relevant output: Test case: sendmsg6: set dst IP = [::] (BSD'ism) .. [PASS] Test case: sendmsg6: preserve dst IP = [::] (BSD'ism) .. [PASS] Signed-off-by: Andrey Ignatov Signed-off-by: Alexei Starovoitov commit e8e36984080b55ac5e57bdb09a5b570f2fc8e963 Author: Andrey Ignatov Date: Fri Jan 4 01:07:07 2019 -0800 bpf: Fix [::] -> [::1] rewrite in sys_sendmsg sys_sendmsg has supported unspecified destination IPv6 (wildcard) for unconnected UDP sockets since 876c7f41. When [::] is passed by user as destination, sys_sendmsg rewrites it with [::1] to be consistent with BSD (see "BSD'ism" comment in the code). This didn't work when cgroup-bpf was enabled though since the rewrite [::] -> [::1] happened before passing control to cgroup-bpf block where fl6.daddr was updated with passed by user sockaddr_in6.sin6_addr (that might or might not be changed by BPF program). That way if user passed [::] as dst IPv6 it was first rewritten with [::1] by original code from 876c7f41, but then rewritten back with [::] by cgroup-bpf block. It happened even when BPF_CGROUP_UDP6_SENDMSG program was not present (CONFIG_CGROUP_BPF=y was enough). The fix is to apply BSD'ism after cgroup-bpf block so that [::] is replaced with [::1] no matter where it came from: passed by user to sys_sendmsg or set by BPF_CGROUP_UDP6_SENDMSG program. Fixes: 1cedee13d25a ("bpf: Hooks for sys_sendmsg") Reported-by: Nitin Rawat Signed-off-by: Andrey Ignatov Signed-off-by: Alexei Starovoitov commit bb351abaf5cd4f9237e1b3094d9cc04853de6d95 Author: Weiping Zhang Date: Wed Dec 26 11:56:33 2018 +0800 block: add documentation for io_timeout Add documentation for /sys/block//queue/io_timeout. Reviewed-by: Bart Van Assche Signed-off-by: Weiping Zhang Signed-off-by: Jens Axboe commit 3fed6ae4b027f9c93be18520f87bd06bdffd196b Author: Christoph Hellwig Date: Fri Jan 4 13:03:08 2019 -0800 ia64: fix compile without swiotlb Some non-generic ia64 configs don't build swiotlb, and thus should not pull in the generic non-coherent DMA infrastructure. Fixes: 68c608345c ("swiotlb: remove dma_mark_clean") Reported-by: Tony Luck Signed-off-by: Christoph Hellwig Signed-off-by: Tony Luck Signed-off-by: Linus Torvalds commit 170d13ca3a2fdaaa0283399247631b76b441cca2 Author: Linus Torvalds Date: Fri Jan 4 17:52:49 2019 -0800 x86: re-introduce non-generic memcpy_{to,from}io This has been broken forever, and nobody ever really noticed because it's purely a performance issue. Long long ago, in commit 6175ddf06b61 ("x86: Clean up mem*io functions") Brian Gerst simplified the memory copies to and from iomem, since on x86, the instructions to access iomem are exactly the same as the regular instructions. That is technically true, and things worked, and nobody said anything. Besides, back then the regular memcpy was pretty simple and worked fine. Nobody noticed except for David Laight, that is. David has a testing a TLP monitor he was writing for an FPGA, and has been occasionally complaining about how memcpy_toio() writes things one byte at a time. Which is completely unacceptable from a performance standpoint, even if it happens to technically work. The reason it's writing one byte at a time is because while it's technically true that accesses to iomem are the same as accesses to regular memory on x86, the _granularity_ (and ordering) of accesses matter to iomem in ways that they don't matter to regular cached memory. In particular, when ERMS is set, we default to using "rep movsb" for larger memory copies. That is indeed perfectly fine for real memory, since the whole point is that the CPU is going to do cacheline optimizations and executes the memory copy efficiently for cached memory. With iomem? Not so much. With iomem, "rep movsb" will indeed work, but it will copy things one byte at a time. Slowly and ponderously. Now, originally, back in 2010 when commit 6175ddf06b61 was done, we didn't use ERMS, and this was much less noticeable. Our normal memcpy() was simpler in other ways too. Because in fact, it's not just about using the string instructions. Our memcpy() these days does things like "read and write overlapping values" to handle the last bytes of the copy. Again, for normal memory, overlapping accesses isn't an issue. For iomem? It can be. So this re-introduces the specialized memcpy_toio(), memcpy_fromio() and memset_io() functions. It doesn't particularly optimize them, but it tries to at least not be horrid, or do overlapping accesses. In fact, this uses the existing __inline_memcpy() function that we still had lying around that uses our very traditional "rep movsl" loop followed by movsw/movsb for the final bytes. Somebody may decide to try to improve on it, but if we've gone almost a decade with only one person really ever noticing and complaining, maybe it's not worth worrying about further, once it's not _completely_ broken? Reported-by: David Laight Signed-off-by: Linus Torvalds commit a959dc88f9c8900296ccf13e2f3e1cbc555a8917 Author: Linus Torvalds Date: Sat May 21 21:55:19 2016 -0700 Use __put_user_goto in __put_user_size() and unsafe_put_user() This actually enables the __put_user_goto() functionality in unsafe_put_user(). For an example of the effect of this, this is the code generated for the unsafe_put_user(signo, &infop->si_signo, Efault); in the waitid() system call: movl %ecx,(%rbx) # signo, MEM[(struct __large_struct *)_2] It's just one single store instruction, along with generating an exception table entry pointing to the Efault label case in case that instruction faults. Before, we would generate this: xorl %edx, %edx movl %ecx,(%rbx) # signo, MEM[(struct __large_struct *)_3] testl %edx, %edx jne .L309 with the exception table generated for that 'mov' instruction causing us to jump to a stub that set %edx to -EFAULT and then jumped back to the 'testl' instruction. So not only do we now get rid of the extra code in the normal sequence, we also avoid unnecessarily keeping that extra error register live across it all. Signed-off-by: Linus Torvalds commit 4a789213c9a54c8b618924d3421e56e98df8a447 Author: Linus Torvalds Date: Sat May 21 21:44:51 2016 -0700 x86 uaccess: Introduce __put_user_goto This is finally the actual reason for the odd error handling in the "unsafe_get/put_user()" functions, introduced over three years ago. Using a "jump to error label" interface is somewhat odd, but very convenient as a programming interface, and more importantly, it fits very well with simply making the target be the exception handler address directly from the inline asm. The reason it took over three years to actually do this? We need "asm goto" support for it, which only became the default on x86 last year. It's now been a year that we've forced asm goto support (see commit e501ce957a78 "x86: Force asm-goto"), and so let's just do it here too. [ Side note: this commit was originally done back in 2016. The above commentary about timing is obviously about it only now getting merged into my real upstream tree - Linus ] Sadly, gcc still only supports "asm goto" with asms that do not have any outputs, so we are limited to only the put_user case for this. Maybe in several more years we can do the get_user case too. Signed-off-by: Linus Torvalds commit ec90ad334986fa5856d11dd272f7f22fa86c55c4 Author: David Ahern Date: Fri Jan 4 16:58:15 2019 -0800 ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address Similar to c5ee066333eb ("ipv6: Consider sk_bound_dev_if when binding a socket to an address"), binding a socket to v4 mapped addresses needs to consider if the socket is bound to a device. This problem also exists from the beginning of git history. Signed-off-by: David Ahern Signed-off-by: David S. Miller commit dfbaecb2b707cfdc5276b548d52b437384bd6483 Author: Helge Deller Date: Fri Jan 4 23:32:53 2019 +0100 parisc: Remap hugepage-aligned pages in set_kernel_text_rw() The alternative coding patch for parisc in kernel 4.20 broke booting machines with PA8500-PA8700 CPUs. The problem is, that for such machines the parisc kernel automatically utilizes huge pages to access kernel text code, but the set_kernel_text_rw() function, which is used shortly before applying any alternative patches, didn't used the correctly hugepage-aligned addresses to remap the kernel text read-writeable. Fixes: 3847dab77421 ("parisc: Add alternative coding infrastructure") Cc: [4.20] Signed-off-by: Helge Deller commit 00f8ccd0c95f4e604297057a5bccec86c0903d14 Merge: 8e564895c30ca 3e730e858139c Author: Olof Johansson Date: Fri Jan 4 14:30:36 2019 -0800 Merge branch 'next/drivers' into next/late Merge in a few missing patches from the pull request (my copy of the branch was behind the staged version in linux-next). * next/drivers: memory: pl353: Add driver for arm pl353 static memory controller dt-bindings: memory: Add pl353 smc controller devicetree binding information firmware: qcom: scm: fix compilation error when disabled Signed-off-by: Olof Johansson commit 8e564895c30ca73cd9788aecb845879ddee987c3 Author: Masahiro Yamada Date: Fri Dec 21 17:51:24 2018 +0900 ARM: multi_v7_defconfig: enable CONFIG_UNIPHIER_MDMAC Enable the UniPhier MIO DMAC driver. This is used as the DMA engine for accelerating the SD/eMMC controller drivers. Signed-off-by: Masahiro Yamada Signed-off-by: Olof Johansson commit ae84e4a8eb6f0d7f3b902ce238f285e98cf2ac12 Author: Jeff Kirsher Date: Fri Jan 4 10:48:02 2019 -0800 ixgbe: fix Kconfig when driver is not a module The new ability added to the driver to use mii_bus to handle MII related ioctls is causing compile issues when the driver is compiled into the kernel (i.e. not a module). The problem was in selecting MDIO_DEVICE instead of the preferred PHYLIB Kconfig option. The reason being that MDIO_DEVICE had a dependency on PHYLIB and would be compiled as a module when PHYLIB was a module, no matter whether ixgbe was compiled into the kernel. CC: Dave Jones CC: Steve Douthit CC: Florian Fainelli Signed-off-by: Jeff Kirsher Reviewed-by: Stephen Douthit Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller commit 8d933670452107e41165bea70a30dffbd281bef1 Author: Eric Dumazet Date: Fri Jan 4 11:00:00 2019 -0800 ipv6: make icmp6_send() robust against null skb->dev syzbot was able to crash one host with the following stack trace : kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 8625 Comm: syz-executor4 Not tainted 4.20.0+ #8 RIP: 0010:dev_net include/linux/netdevice.h:2169 [inline] RIP: 0010:icmp6_send+0x116/0x2d30 net/ipv6/icmp.c:426 icmpv6_send smack_socket_sock_rcv_skb security_sock_rcv_skb sk_filter_trim_cap __sk_receive_skb dccp_v6_do_rcv release_sock This is because a RX packet found socket owned by user and was stored into socket backlog. Before leaving RCU protected section, skb->dev was cleared in __sk_receive_skb(). When socket backlog was finally handled at release_sock() time, skb was fed to smack_socket_sock_rcv_skb() then icmp6_send() We could fix the bug in smack_socket_sock_rcv_skb(), or simply make icmp6_send() more robust against such possibility. In the future we might provide to icmp6_send() the net pointer instead of infering it. Fixes: d66a8acbda92 ("Smack: Inform peer that IPv6 traffic has been blocked") Signed-off-by: Eric Dumazet Cc: Piotr Sawicki Cc: Casey Schaufler Reported-by: syzbot Acked-by: Casey Schaufler Signed-off-by: David S. Miller commit 3271a4821882a64214acc1bd7b173900ec70c9bf Author: Peter Oskolkov Date: Fri Jan 4 09:43:08 2019 -0800 selftests: net: fix/improve ip_defrag selftest Commit ade446403bfb ("net: ipv4: do not handle duplicate fragments as overlapping") changed IPv4 defragmentation so that duplicate fragments, as well as _some_ fragments completely covered by previously delivered fragments, do not lead to the whole frag queue being discarded. This makes the existing ip_defrag selftest flaky. This patch * makes sure that negative IPv4 defrag tests generate truly overlapping fragments that trigger defrag queue drops; * tests that duplicate IPv4 fragments do not trigger defrag queue drops; * makes a couple of minor tweaks to the test aimed at increasing its code coverage and reduce flakiness. Signed-off-by: Peter Oskolkov Signed-off-by: David S. Miller commit f87118d5760f00af7228033fbe783c7f380d2866 Author: Daniele Palmas Date: Fri Jan 4 13:26:10 2019 +0100 qmi_wwan: add MTU default to qmap network interface This patch adds MTU default value to qmap network interface in order to avoid "RTNETLINK answers: No buffer space available" error when setting an ipv6 address. Signed-off-by: Daniele Palmas Acked-by: Bjørn Mork Signed-off-by: David S. Miller commit 75e7fb0a87a11c085a58ce583be3f4b1369584e7 Merge: cff1e01f16f84 bb989501abcaf Author: David S. Miller Date: Fri Jan 4 13:33:57 2019 -0800 Merge branch 'hns-fixes' Huazhong Tan says: ==================== net: hns: Bugfixes for HNS driver This patchset includes bugfixes for the HNS ethernet controller driver. Every patch is independent. ==================== Signed-off-by: David S. Miller commit bb989501abcafa0de5f18b0ec0ec459b5b817908 Author: Yonglong Liu Date: Fri Jan 4 20:18:11 2019 +0800 net: hns: Fix use after free identified by SLUB debug When enable SLUB debug, than remove hns_enet_drv module, SLUB debug will identify a use after free bug: [134.189505] Unable to handle kernel paging request at virtual address 006b6b6b6b6b6b6b [134.197553] Mem abort info: [134.200381] ESR = 0x96000004 [134.203487] Exception class = DABT (current EL), IL = 32 bits [134.209497] SET = 0, FnV = 0 [134.212596] EA = 0, S1PTW = 0 [134.215777] Data abort info: [134.218701] ISV = 0, ISS = 0x00000004 [134.222596] CM = 0, WnR = 0 [134.225606] [006b6b6b6b6b6b6b] address between user and kernel address ranges [134.232851] Internal error: Oops: 96000004 [#1] SMP [134.237798] CPU: 21 PID: 27834 Comm: rmmod Kdump: loaded Tainted: G OE 4.19.5-1.2.34.aarch64 #1 [134.247856] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.58 10/24/2018 [134.255181] pstate: 20000005 (nzCv daif -PAN -UAO) [134.260044] pc : hns_ae_put_handle+0x38/0x60 [134.264372] lr : hns_ae_put_handle+0x24/0x60 [134.268700] sp : ffff00001be93c50 [134.272054] x29: ffff00001be93c50 x28: ffff802faaec8040 [134.277442] x27: 0000000000000000 x26: 0000000000000000 [134.282830] x25: 0000000056000000 x24: 0000000000000015 [134.288284] x23: ffff0000096fe098 x22: ffff000001050070 [134.293671] x21: ffff801fb3c044a0 x20: ffff80afb75ec098 [134.303287] x19: ffff80afb75ec098 x18: 0000000000000000 [134.312945] x17: 0000000000000000 x16: 0000000000000000 [134.322517] x15: 0000000000000002 x14: 0000000000000000 [134.332030] x13: dead000000000100 x12: ffff7e02bea3c988 [134.341487] x11: ffff80affbee9e68 x10: 0000000000000000 [134.351033] x9 : 6fffff8000008101 x8 : 0000000000000000 [134.360569] x7 : dead000000000100 x6 : ffff000009579748 [134.370059] x5 : 0000000000210d00 x4 : 0000000000000000 [134.379550] x3 : 0000000000000001 x2 : 0000000000000000 [134.388813] x1 : 6b6b6b6b6b6b6b6b x0 : 0000000000000000 [134.397993] Process rmmod (pid: 27834, stack limit = 0x00000000d474b7fd) [134.408498] Call trace: [134.414611] hns_ae_put_handle+0x38/0x60 [134.422208] hnae_put_handle+0xd4/0x108 [134.429563] hns_nic_dev_remove+0x60/0xc0 [hns_enet_drv] [134.438342] platform_drv_remove+0x2c/0x70 [134.445958] device_release_driver_internal+0x174/0x208 [134.454810] driver_detach+0x70/0xd8 [134.461913] bus_remove_driver+0x64/0xe8 [134.469396] driver_unregister+0x34/0x60 [134.476822] platform_driver_unregister+0x20/0x30 [134.485130] hns_nic_dev_driver_exit+0x14/0x6e4 [hns_enet_drv] [134.494634] __arm64_sys_delete_module+0x238/0x290 struct hnae_handle is a member of struct hnae_vf_cb, so when vf_cb is freed, than use hnae_handle will cause use after free panic. This patch frees vf_cb after hnae_handle used. Signed-off-by: Yonglong Liu Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit c77804be53369dd4c15bfc376cf9b45948194cab Author: Yonglong Liu Date: Fri Jan 4 20:18:10 2019 +0800 net: hns: Fix WARNING when hns modules installed Commit 308c6cafde01 ("net: hns: All ports can not work when insmod hns ko after rmmod.") add phy_stop in hns_nic_init_phy(), In the branch of "net", this method is effective, but in the branch of "net-next", it will cause a WARNING when hns modules loaded, reference to commit 2b3e88ea6528 ("net: phy: improve phy state checking"): [10.092168] ------------[ cut here ]------------ [10.092171] called from state READY [10.092189] WARNING: CPU: 4 PID: 1 at ../drivers/net/phy/phy.c:854 phy_stop+0x90/0xb0 [10.092192] Modules linked in: [10.092197] CPU: 4 PID:1 Comm:swapper/0 Not tainted 4.20.0-rc7-next-20181220 #1 [10.092200] Hardware name: Huawei TaiShan 2280 /D05, BIOS Hisilicon D05 UEFI 16.12 Release 05/15/2017 [10.092202] pstate: 60000005 (nZCv daif -PAN -UAO) [10.092205] pc : phy_stop+0x90/0xb0 [10.092208] lr : phy_stop+0x90/0xb0 [10.092209] sp : ffff00001159ba90 [10.092212] x29: ffff00001159ba90 x28: 0000000000000007 [10.092215] x27: ffff000011180068 x26: ffff0000110a5620 [10.092218] x25: ffff0000113b6000 x24: ffff842f96dac000 [10.092221] x23: 0000000000000000 x22: 0000000000000000 [10.092223] x21: ffff841fb8425e18 x20: ffff801fb3a56438 [10.092226] x19: ffff801fb3a56000 x18: ffffffffffffffff [10.092228] x17: 0000000000000000 x16: 0000000000000000 [10.092231] x15: ffff00001122d6c8 x14: ffff00009159b7b7 [10.092234] x13: ffff00001159b7c5 x12: ffff000011245000 [10.092236] x11: 0000000005f5e0ff x10: ffff00001159b750 [10.092239] x9 : 00000000ffffffd0 x8 : 0000000000000465 [10.092242] x7 : ffff0000112457f8 x6 : ffff0000113bd7ce [10.092245] x5 : 0000000000000000 x4 : 0000000000000000 [10.092247] x3 : 00000000ffffffff x2 : ffff000011245828 [10.092250] x1 : 4b5860bd05871300 x0 : 0000000000000000 [10.092253] Call trace: [10.092255] phy_stop+0x90/0xb0 [10.092260] hns_nic_init_phy+0xf8/0x110 [10.092262] hns_nic_try_get_ae+0x4c/0x3b0 [10.092264] hns_nic_dev_probe+0x1fc/0x480 [10.092268] platform_drv_probe+0x50/0xa0 [10.092271] really_probe+0x1f4/0x298 [10.092273] driver_probe_device+0x58/0x108 [10.092275] __driver_attach+0xdc/0xe0 [10.092278] bus_for_each_dev+0x74/0xc8 [10.092280] driver_attach+0x20/0x28 [10.092283] bus_add_driver+0x1b8/0x228 [10.092285] driver_register+0x60/0x110 [10.092288] __platform_driver_register+0x40/0x48 [10.092292] hns_nic_dev_driver_init+0x18/0x20 [10.092296] do_one_initcall+0x5c/0x180 [10.092299] kernel_init_freeable+0x198/0x240 [10.092303] kernel_init+0x10/0x108 [10.092306] ret_from_fork+0x10/0x18 [10.092308] ---[ end trace 1396dd0278e397eb ]--- This WARNING occurred because of calling phy_stop before phy_start. The root cause of the problem in commit '308c6cafde01' is: Reference to hns_nic_init_phy, the flag phydev->supported is changed after phy_connect_direct. The flag phydev->supported is 0x6ff when hns modules is loaded, so will not change Fiber Port power(Reference to marvell.c), which is power on at default. Then the flag phydev->supported is changed to 0x6f, so Fiber Port power is off when removing hns modules. When hns modules installed again, the flag phydev->supported is default value 0x6ff, so will not change Fiber Port power(now is off), causing mac link not up problem. So the solution is change phy flags before phy_connect_direct. Fixes: 308c6cafde01 ("net: hns: All ports can not work when insmod hns ko after rmmod.") Signed-off-by: Yonglong Liu Signed-off-by: Huazhong Tan Signed-off-by: David S. Miller commit 59f75fd0e31532bdcf65f754516cac2954d5ddc7 Author: Jens Axboe Date: Fri Jan 4 14:27:09 2019 -0700 Add CREDITS entry for Shaohua Li Signed-off-by: Jens Axboe commit b685a7350ae76bc0f388e24b36d06a63776c68ee Author: Jens Axboe Date: Thu Jan 3 15:29:15 2019 -0800 mm/page_io.c: fix polled swap page in swap_readpage() wants to do polling to bring in pages if asked to, but it doesn't mark the bio as being polled. Additionally, the looping around the blk_poll() check isn't correct - if we get a zero return, we should call io_schedule(), we can't just assume that the bio has completed. The regular bio->bi_private check should be used for that. Link: http://lkml.kernel.org/r/e15243a8-2cdf-c32c-ecee-f289377c8ef9@kernel.dk Signed-off-by: Jens Axboe Reviewed-by: Andrew Morton Cc: Christoph Hellwig Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d499480cc435ff153bf7e2e7ee6ab6ac44306c28 Author: Jorge Ramirez-Ortiz Date: Thu Jan 3 15:29:12 2019 -0800 checkpatch: add Co-developed-by to signature tags As per Documentation/process/submitting-patches, Co-developed-by is a valid signature. This commit removes the warning. Link: http://lkml.kernel.org/r/1544808928-20002-3-git-send-email-jorge.ramirez-ortiz@linaro.org Signed-off-by: Jorge Ramirez-Ortiz Cc: Greg Kroah-Hartman Cc: Himanshu Jha Cc: Joe Perches Cc: Jonathan Cameron Cc: Jonathan Corbet Cc: Niklas Cassel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ae67ee6c5e1d5b6acdb0d51fddde651834096d75 Author: Jorge Ramirez-Ortiz Date: Thu Jan 3 15:29:09 2019 -0800 docs: fix Co-Developed-by docs The accepted terminology will be Co-developed-by therefore lose the capital letter from now on. Link: http://lkml.kernel.org/r/1544808928-20002-2-git-send-email-jorge.ramirez-ortiz@linaro.org Signed-off-by: Jorge Ramirez-Ortiz Acked-by: Himanshu Jha Cc: Jonathan Cameron Cc: Joe Perches Cc: Greg Kroah-Hartman Cc: Niklas Cassel Cc: Jonathan Corbet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 967d3010df8b6f6f9aa95c198edc5fe3646ebf36 Author: Qian Cai Date: Thu Jan 3 15:29:05 2019 -0800 drivers/base/platform.c: kmemleak ignore a known leak unreferenced object 0xffff808ec6dc5a80 (size 128): comm "swapper/0", pid 1, jiffies 4294938063 (age 2560.530s) hex dump (first 32 bytes): ff ff ff ff 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b ........kkkkkkkk 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk backtrace: [<00000000476dcf8c>] kmem_cache_alloc_trace+0x430/0x500 [<000000004f708d37>] platform_device_register_full+0xbc/0x1e8 [<000000006c2a7ec7>] acpi_create_platform_device+0x370/0x450 [<00000000ef135642>] acpi_default_enumeration+0x34/0x78 [<000000003bd9a052>] acpi_bus_attach+0x2dc/0x3e0 [<000000003cf4f7f2>] acpi_bus_attach+0x108/0x3e0 [<000000003cf4f7f2>] acpi_bus_attach+0x108/0x3e0 [<000000002968643e>] acpi_bus_scan+0xb0/0x110 [<0000000010dd0bd7>] acpi_scan_init+0x1a8/0x410 [<00000000965b3c5a>] acpi_init+0x408/0x49c [<00000000ed4b9fe2>] do_one_initcall+0x178/0x7f4 [<00000000a5ac5a74>] kernel_init_freeable+0x9d4/0xa9c [<0000000070ea6c15>] kernel_init+0x18/0x138 [<00000000fb8fff06>] ret_from_fork+0x10/0x1c [<0000000041273a0d>] 0xffffffffffffffff Then, faddr2line pointed out this line, /* * This memory isn't freed when the device is put, * I don't have a nice idea for that though. Conceptually * dma_mask in struct device should not be a pointer. * See http://thread.gmane.org/gmane.linux.kernel.pci/9081 */ pdev->dev.dma_mask = kmalloc(sizeof(*pdev->dev.dma_mask), GFP_KERNEL); Since this leak has existed for more than 8 years and it does not reference other parts of the memory, let kmemleak ignore it, so users don't need to waste time reporting this in the future. Link: http://lkml.kernel.org/r/20181206160751.36211-1-cai@gmx.us Signed-off-by: Qian Cai Reviewed-by: Andrew Morton Cc: Greg Kroah-Hartman Cc: "Rafael J . Wysocki" Cc: Catalin Marinas Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f86196ea8737c98ea96e5f95c99d0367be39a5d2 Author: Nikolay Borisov Date: Thu Jan 3 15:29:02 2019 -0800 fs: don't open code lru_to_page() Multiple filesystems open code lru_to_page(). Rectify this by moving the macro from mm_inline (which is specific to lru stuff) to the more generic mm.h header and start using the macro where appropriate. No functional changes. Link: http://lkml.kernel.org/r/20181129104810.23361-1-nborisov@suse.com Link: https://lkml.kernel.org/r/20181129075301.29087-1-nborisov@suse.com Signed-off-by: Nikolay Borisov Acked-by: Michal Hocko Reviewed-by: David Hildenbrand Reviewed-by: Mike Rapoport Acked-by: Pankaj gupta Acked-by: "Yan, Zheng" [ceph] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 08d405c8b845a4b871fa3606c9ebe0d0f3b74614 Author: Davidlohr Bueso Date: Thu Jan 3 15:28:58 2019 -0800 fs/: remove caller signal_pending branch predictions This is already done for us internally by the signal machinery. [akpm@linux-foundation.org: fix fs/buffer.c] Link: http://lkml.kernel.org/r/20181116002713.8474-7-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit fa45f1162f28cbba6c38180647b7b300f317ecb4 Author: Davidlohr Bueso Date: Thu Jan 3 15:28:55 2019 -0800 mm/: remove caller signal_pending branch predictions This is already done for us internally by the signal machinery. Link: http://lkml.kernel.org/r/20181116002713.8474-5-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d8d7d842e8286a98fb56df9caf5d19b46e01ba4b Author: Davidlohr Bueso Date: Thu Jan 3 15:28:51 2019 -0800 arch/arc/mm/fault.c: remove caller signal_pending_branch predictions This is already done for us internally by the signal machinery. Link: http://lkml.kernel.org/r/20181116002713.8474-4-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Vineet Gupta Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 34ec35ad8f5f4624e8391dbb83afb4c791f027e3 Author: Davidlohr Bueso Date: Thu Jan 3 15:28:48 2019 -0800 kernel/sched/: remove caller signal_pending branch predictions This is already done for us internally by the signal machinery. Link: http://lkml.kernel.org/r/20181116002713.8474-3-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Peter Zijlstra Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3bb5f4ac55dd91d516e7e36b45c94bd57efbb068 Author: Davidlohr Bueso Date: Thu Jan 3 15:28:44 2019 -0800 kernel/locking/mutex.c: remove caller signal_pending branch predictions This is already done for us internally by the signal machinery. Link: http://lkml.kernel.org/r/20181116002713.8474-2-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Peter Zijlstra Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9f132f7e145506efc0744426cb338b18a54afc3b Author: Joel Fernandes (Google) Date: Thu Jan 3 15:28:41 2019 -0800 mm: select HAVE_MOVE_PMD on x86 for faster mremap Moving page-tables at the PMD-level on x86 is known to be safe. Enable this option so that we can do fast mremap when possible. Link: http://lkml.kernel.org/r/20181108181201.88826-4-joelaf@google.com Signed-off-by: Joel Fernandes (Google) Suggested-by: Kirill A. Shutemov Acked-by: Kirill A. Shutemov Cc: Julia Lawall Cc: Michal Hocko Cc: William Kucharski Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 2c91bd4a4e2e530582d6fd643ea7b86b27907151 Author: Joel Fernandes (Google) Date: Thu Jan 3 15:28:38 2019 -0800 mm: speed up mremap by 20x on large regions Android needs to mremap large regions of memory during memory management related operations. The mremap system call can be really slow if THP is not enabled. The bottleneck is move_page_tables, which is copying each pte at a time, and can be really slow across a large map. Turning on THP may not be a viable option, and is not for us. This patch speeds up the performance for non-THP system by copying at the PMD level when possible. The speedup is an order of magnitude on x86 (~20x). On a 1GB mremap, the mremap completion times drops from 3.4-3.6 milliseconds to 144-160 microseconds. Before: Total mremap time for 1GB data: 3521942 nanoseconds. Total mremap time for 1GB data: 3449229 nanoseconds. Total mremap time for 1GB data: 3488230 nanoseconds. After: Total mremap time for 1GB data: 150279 nanoseconds. Total mremap time for 1GB data: 144665 nanoseconds. Total mremap time for 1GB data: 158708 nanoseconds. If THP is enabled the optimization is mostly skipped except in certain situations. [joel@joelfernandes.org: fix 'move_normal_pmd' unused function warning] Link: http://lkml.kernel.org/r/20181108224457.GB209347@google.com Link: http://lkml.kernel.org/r/20181108181201.88826-3-joelaf@google.com Signed-off-by: Joel Fernandes (Google) Acked-by: Kirill A. Shutemov Reviewed-by: William Kucharski Cc: Julia Lawall Cc: Michal Hocko Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4cf58924951ef80eec636b863e7a53973c44261a Author: Joel Fernandes (Google) Date: Thu Jan 3 15:28:34 2019 -0800 mm: treewide: remove unused address argument from pte_alloc functions Patch series "Add support for fast mremap". This series speeds up the mremap(2) syscall by copying page tables at the PMD level even for non-THP systems. There is concern that the extra 'address' argument that mremap passes to pte_alloc may do something subtle architecture related in the future that may make the scheme not work. Also we find that there is no point in passing the 'address' to pte_alloc since its unused. This patch therefore removes this argument tree-wide resulting in a nice negative diff as well. Also ensuring along the way that the enabled architectures do not do anything funky with the 'address' argument that goes unnoticed by the optimization. Build and boot tested on x86-64. Build tested on arm64. The config enablement patch for arm64 will be posted in the future after more testing. The changes were obtained by applying the following Coccinelle script. (thanks Julia for answering all Coccinelle questions!). Following fix ups were done manually: * Removal of address argument from pte_fragment_alloc * Removal of pte_alloc_one_fast definitions from m68k and microblaze. // Options: --include-headers --no-includes // Note: I split the 'identifier fn' line, so if you are manually // running it, please unsplit it so it runs for you. virtual patch @pte_alloc_func_def depends on patch exists@ identifier E2; identifier fn =~ "^(__pte_alloc|pte_alloc_one|pte_alloc|__pte_alloc_kernel|pte_alloc_one_kernel)$"; type T2; @@ fn(... - , T2 E2 ) { ... } @pte_alloc_func_proto_noarg depends on patch exists@ type T1, T2, T3, T4; identifier fn =~ "^(__pte_alloc|pte_alloc_one|pte_alloc|__pte_alloc_kernel|pte_alloc_one_kernel)$"; @@ ( - T3 fn(T1, T2); + T3 fn(T1); | - T3 fn(T1, T2, T4); + T3 fn(T1, T2); ) @pte_alloc_func_proto depends on patch exists@ identifier E1, E2, E4; type T1, T2, T3, T4; identifier fn =~ "^(__pte_alloc|pte_alloc_one|pte_alloc|__pte_alloc_kernel|pte_alloc_one_kernel)$"; @@ ( - T3 fn(T1 E1, T2 E2); + T3 fn(T1 E1); | - T3 fn(T1 E1, T2 E2, T4 E4); + T3 fn(T1 E1, T2 E2); ) @pte_alloc_func_call depends on patch exists@ expression E2; identifier fn =~ "^(__pte_alloc|pte_alloc_one|pte_alloc|__pte_alloc_kernel|pte_alloc_one_kernel)$"; @@ fn(... -, E2 ) @pte_alloc_macro depends on patch exists@ identifier fn =~ "^(__pte_alloc|pte_alloc_one|pte_alloc|__pte_alloc_kernel|pte_alloc_one_kernel)$"; identifier a, b, c; expression e; position p; @@ ( - #define fn(a, b, c) e + #define fn(a, b) e | - #define fn(a, b) e + #define fn(a) e ) Link: http://lkml.kernel.org/r/20181108181201.88826-2-joelaf@google.com Signed-off-by: Joel Fernandes (Google) Suggested-by: Kirill A. Shutemov Acked-by: Kirill A. Shutemov Cc: Michal Hocko Cc: Julia Lawall Cc: Kirill A. Shutemov Cc: William Kucharski Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit ff1522bb7d98450c72aea729f0b4147bc9986aed Author: David Engraf Date: Thu Jan 3 15:28:31 2019 -0800 initramfs: cleanup incomplete rootfs Unpacking an external initrd may fail e.g. not enough memory. This leads to an incomplete rootfs because some files might be extracted already. Fixed by cleaning the rootfs so the kernel is not using an incomplete rootfs. Link: http://lkml.kernel.org/r/20181030151805.5519-1-david.engraf@sysgo.com Signed-off-by: David Engraf Cc: Dominik Brodowski Cc: Greg Kroah-Hartman Cc: Philippe Ombredanne Cc: Arnd Bergmann Cc: Luc Van Oostenryck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b058809bfc8faeb7b7cae047666e23375a060059 Author: Changbin Du Date: Thu Jan 3 15:28:27 2019 -0800 scripts/gdb: fix lx-version string output A bug is present in GDB which causes early string termination when parsing variables. This has been reported [0], but we should ensure that we can support at least basic printing of the core kernel strings. For current gdb version (has been tested with 7.3 and 8.1), 'lx-version' only prints one character. (gdb) lx-version L(gdb) This can be fixed by casting 'linux_banner' as (char *). (gdb) lx-version Linux version 4.19.0-rc1+ (changbin@acer) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #21 SMP Sat Sep 1 21:43:30 CST 2018 [0] https://sourceware.org/bugzilla/show_bug.cgi?id=20077 [kbingham@kernel.org: add detail to commit message] Link: http://lkml.kernel.org/r/20181111162035.8356-1-kieran.bingham@ideasonboard.com Fixes: 2d061d999424 ("scripts/gdb: add version command") Signed-off-by: Du Changbin Signed-off-by: Kieran Bingham Acked-by: Jan Kiszka Cc: Jan Kiszka Cc: Jason Wessel Cc: Daniel Thompson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 634724431607f6f46c495dfef801a1c8b44a96d9 Author: Anders Roxell Date: Thu Jan 3 15:28:24 2019 -0800 kernel/kcov.c: mark write_comp_data() as notrace Since __sanitizer_cov_trace_const_cmp4 is marked as notrace, the function called from __sanitizer_cov_trace_const_cmp4 shouldn't be traceable either. ftrace_graph_caller() gets called every time func write_comp_data() gets called if it isn't marked 'notrace'. This is the backtrace from gdb: #0 ftrace_graph_caller () at ../arch/arm64/kernel/entry-ftrace.S:179 #1 0xffffff8010201920 in ftrace_caller () at ../arch/arm64/kernel/entry-ftrace.S:151 #2 0xffffff8010439714 in write_comp_data (type=5, arg1=0, arg2=0, ip=18446743524224276596) at ../kernel/kcov.c:116 #3 0xffffff8010439894 in __sanitizer_cov_trace_const_cmp4 (arg1=, arg2=) at ../kernel/kcov.c:188 #4 0xffffff8010201874 in prepare_ftrace_return (self_addr=18446743524226602768, parent=0xffffff801014b918, frame_pointer=18446743524223531344) at ./include/generated/atomic-instrumented.h:27 #5 0xffffff801020194c in ftrace_graph_caller () at ../arch/arm64/kernel/entry-ftrace.S:182 Rework so that write_comp_data() that are called from __sanitizer_cov_trace_*_cmp*() are marked as 'notrace'. Commit 903e8ff86753 ("kernel/kcov.c: mark funcs in __sanitizer_cov_trace_pc() as notrace") missed to mark write_comp_data() as 'notrace'. When that patch was created gcc-7 was used. In lib/Kconfig.debug config KCOV_ENABLE_COMPARISONS depends on $(cc-option,-fsanitize-coverage=trace-cmp) That code path isn't hit with gcc-7. However, it were that with gcc-8. Link: http://lkml.kernel.org/r/20181206143011.23719-1-anders.roxell@linaro.org Signed-off-by: Anders Roxell Signed-off-by: Arnd Bergmann Co-developed-by: Arnd Bergmann Acked-by: Steven Rostedt (VMware) Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 81c9d43f94870be66146739c6e61df40dc17bb64 Author: Feng Tang Date: Thu Jan 3 15:28:20 2019 -0800 kernel/sysctl: add panic_print into sysctl So that we can also runtime chose to print out the needed system info for panic, other than setting the kernel cmdline. Link: http://lkml.kernel.org/r/1543398842-19295-3-git-send-email-feng.tang@intel.com Signed-off-by: Feng Tang Suggested-by: Steven Rostedt Acked-by: Steven Rostedt (VMware) Cc: Thomas Gleixner Cc: John Stultz Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d999bd9392dea7c1a9ac43b8680b22c4425ae4c7 Author: Feng Tang Date: Thu Jan 3 15:28:17 2019 -0800 panic: add options to print system info when panic happens Kernel panic issues are always painful to debug, partially because it's not easy to get enough information of the context when panic happens. And we have ramoops and kdump for that, while this commit tries to provide a easier way to show the system info by adding a cmdline parameter, referring some idea from sysrq handler. Link: http://lkml.kernel.org/r/1543398842-19295-2-git-send-email-feng.tang@intel.com Signed-off-by: Feng Tang Reviewed-by: Kees Cook Acked-by: Steven Rostedt (VMware) Cc: Thomas Gleixner Cc: John Stultz Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d1877155891020cb26ad4fba45bfee52d8da9951 Author: Tigran Aivazian Date: Thu Jan 3 15:28:14 2019 -0800 bfs: extra sanity checking and static inode bitmap Strengthen validation of BFS superblock against corruption. Make in-core inode bitmap static part of superblock info structure. Print a warning when mounting a BFS filesystem created with "-N 512" option as only 510 files can be created in the root directory. Make the kernel messages more uniform. Update the 'prefix' passed to bfs_dump_imap() to match the current naming of operations. White space and comments cleanup. Link: http://lkml.kernel.org/r/CAK+_RLkFZMduoQF36wZFd3zLi-6ZutWKsydjeHFNdtRvZZEb4w@mail.gmail.com Signed-off-by: Tigran Aivazian Reported-by: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 655c16a8ce9c15842547f40ce23fd148aeccc074 Author: Oleg Nesterov Date: Thu Jan 3 15:28:11 2019 -0800 exec: separate MM_ANONPAGES and RLIMIT_STACK accounting get_arg_page() checks bprm->rlim_stack.rlim_cur and re-calculates the "extra" size for argv/envp pointers every time, this is a bit ugly and even not strictly correct: acct_arg_size() must not account this size. Remove all the rlimit code in get_arg_page(). Instead, add bprm->argmin calculated once at the start of __do_execve_file() and change copy_strings to check bprm->p >= bprm->argmin. The patch adds the new helper, prepare_arg_pages() which initializes bprm->argc/envc and bprm->argmin. [oleg@redhat.com: fix !CONFIG_MMU version of get_arg_page()] Link: http://lkml.kernel.org/r/20181126122307.GA1660@redhat.com [akpm@linux-foundation.org: use max_t] Link: http://lkml.kernel.org/r/20181112160910.GA28440@redhat.com Signed-off-by: Oleg Nesterov Acked-by: Kees Cook Tested-by: Guenter Roeck Cc: "Eric W. Biederman" Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8099b047ecc431518b9bb6bdbba3549bbecdc343 Author: Oleg Nesterov Date: Thu Jan 3 15:28:07 2019 -0800 exec: load_script: don't blindly truncate shebang string load_script() simply truncates bprm->buf and this is very wrong if the length of shebang string exceeds BINPRM_BUF_SIZE-2. This can silently truncate i_arg or (worse) we can execute the wrong binary if buf[2:126] happens to be the valid executable path. Change load_script() to return ENOEXEC if it can't find '\n' or zero in bprm->buf. Note that '\0' can come from either prepare_binprm()->memset() or from kernel_read(), we do not care. Link: http://lkml.kernel.org/r/20181112160931.GA28463@redhat.com Signed-off-by: Oleg Nesterov Acked-by: Kees Cook Acked-by: Michal Hocko Cc: Ben Woodard Cc: "Eric W. Biederman" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit fb5bf31722d0805a3f394f7d59f2e8cd07acccb7 Author: Yi Wang Date: Thu Jan 3 15:28:03 2019 -0800 fork: fix some -Wmissing-prototypes warnings We get a warning when building kernel with W=1: kernel/fork.c:167:13: warning: no previous prototype for `arch_release_thread_stack' [-Wmissing-prototypes] kernel/fork.c:779:13: warning: no previous prototype for `fork_init' [-Wmissing-prototypes] Add the missing declaration in head file to fix this. Also, remove arch_release_thread_stack() completely because no arch seems to implement it since bb9d81264 (arch: remove tile port). Link: http://lkml.kernel.org/r/1542170087-23645-1-git-send-email-wang.yi59@zte.com.cn Signed-off-by: Yi Wang Acked-by: Michal Hocko Acked-by: Mike Rapoport Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 306790f75ac2fe021a900395255e468807002c42 Author: Carmeli Tamir Date: Thu Jan 3 15:28:00 2019 -0800 fat: new inline functions to determine the FAT variant (32, 16 or 12) This patch introduces 3 new inline functions - is_fat12, is_fat16 and is_fat32, and replaces every occurrence in the code in which the FS variant (whether this is FAT12, FAT16 or FAT32) was previously checked using msdos_sb_info->fat_bits. Link: http://lkml.kernel.org/r/1544990640-11604-4-git-send-email-carmeli.tamir@gmail.com Signed-off-by: Carmeli Tamir Acked-by: OGAWA Hirofumi Reviewed-by: Sergey Senozhatsky Cc: Johannes Thumshirn Cc: Bart Van Assche Cc: Martin K. Petersen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit d19dc016187502dda6b8095e44eb46a18e89b2b3 Author: Carmeli Tamir Date: Thu Jan 3 15:27:56 2019 -0800 fat: move MAX_FAT to fat.h and change it to inline function MAX_FAT is useless in msdos_fs.h, since it uses the MSDOS_SB function that is defined in fat.h. So really, this macro can be only called from code that already includes fat.h. Hence, this patch moves it to fat.h, right after MSDOS_SB is defined. I also changed it to an inline function in order to save the double call to MSDOS_SB. This was suggested by joe@perches.com in the previous version. This patch is required for the next in the series, in which the variant (whether this is FAT12, FAT16 or FAT32) checks are replaced with new macros. Link: http://lkml.kernel.org/r/1544990640-11604-3-git-send-email-carmeli.tamir@gmail.com Signed-off-by: Carmeli Tamir Acked-by: OGAWA Hirofumi Reviewed-by: Sergey Senozhatsky Cc: Bart Van Assche Cc: Johannes Thumshirn Cc: Martin K. Petersen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit b553337a57cf4f077464292520f4e975ea4cda83 Author: Carmeli Tamir Date: Thu Jan 3 15:27:53 2019 -0800 fat: remove FAT_FIRST_ENT macro The comment edited in this patch was the only reference to the FAT_FIRST_ENT macro, which is not used anymore. Moreover, the commented line of code does not compile with the current code. Since the FAT_FIRST_ENT macro checks the FAT variant in a way that the patch series changes, I removed it, and instead wrote a clear explanation of what was checked. I verified that the changed comment is correct according to Microsoft FAT spec, search for "BPB_Media" in the following references: 1. Microsoft FAT specification 2005 (http://read.pudn.com/downloads77/ebook/294884/FAT32%20Spec%20%28SDA%20Contribution%29.pdf). Search for 'volume label'. 2. Microsoft Extensible Firmware Initiative, FAT32 File System Specification (https://staff.washington.edu/dittrich/misc/fatgen103.pdf). Search for 'volume label'. Link: http://lkml.kernel.org/r/1544990640-11604-2-git-send-email-carmeli.tamir@gmail.com Signed-off-by: Carmeli Tamir Acked-by: OGAWA Hirofumi Reviewed-by: Sergey Senozhatsky Cc: Bart Van Assche Cc: Johannes Thumshirn Cc: Martin K. Petersen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9da22854761a76c45d78aa2ae2b4bbd504b4f171 Author: Carmeli Tamir Date: Thu Jan 3 15:27:49 2019 -0800 include/uapi/linux/msdos_fs.h: use MSDOS_NAME for volume label size The FAT file system volume label file stored in the root directory should match the volume label field in the FAT boot sector. As consequence, the max length of these fields ought to be the same. This patch replaces the magic '11' usef in the struct fat_boot_sector with MSDOS_NAME, which is used in struct msdos_dir_entry. Please check the following references: 1. Microsoft FAT specification 2005 (http://read.pudn.com/downloads77/ebook/294884/FAT32%20Spec%20%28SDA%20Contribution%29.pdf). Search for 'volume label'. 2. Microsoft Extensible Firmware Initiative, FAT32 File System Specification (https://staff.washington.edu/dittrich/misc/fatgen103.pdf). Search for 'volume label'. 3. User space code that creates FAT filesystem sometimes uses MSDOS_NAME for the label, sometimes not. Search for 'if (memcmp(label, NO_NAME, MSDOS_NAME))'. I consider to make the same patch there as well. https://github.com/dosfstools/dosfstools/blob/master/src/mkfs.fat.c Link: http://lkml.kernel.org/r/1543096879-82837-1-git-send-email-carmeli.tamir@gmail.com Signed-off-by: Carmeli Tamir Reviewed-by: Sergey Senozhatsky Reviewed-by: Johannes Thumshirn Acked-by: OGAWA Hirofumi Cc: Jens Axboe Cc: Bart Van Assche Cc: Martin K. Petersen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f93ca1ed9ba09fa54d372ab17649d781384e34f7 Author: Ernesto A. Fernández Date: Thu Jan 3 15:27:46 2019 -0800 hfsplus: return file attributes on statx The immutable, append-only and no-dump attributes can only be retrieved with an ioctl; implement the ->getattr() method to return them on statx. Do not return the inode birthtime yet, because the issue of how best to handle the post-2038 timestamps is still under discussion. This patch is needed to pass xfstests generic/424. Link: http://lkml.kernel.org/r/20181014163558.sxorxlzjqccq2lpw@eaf Signed-off-by: Ernesto A. Fernández Cc: Viacheslav Dubeyko Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit f5162216b7dab0c07e070b8b7f98891a85047f59 Author: Ian Kent Date: Thu Jan 3 15:27:43 2019 -0800 autofs: add strictexpire mount option Commit 092a53452bb7 ("autofs: take more care to not update last_used on path walk") helped to (partially) resolve a problem where automounts were not expiring due to aggressive accesses from user space. This patch was later reverted because, for very large environments, it meant more mount requests from clients and when there are a lot of clients this caused a fairly significant increase in server load. But there is a need for both types of expire check, depending on use case, so add a mount option to allow for strict update of last use of autofs dentrys (which just means not updating the last use on path walk access). Link: http://lkml.kernel.org/r/154296973880.9889.14085372741514507967.stgit@pluto-themaw-net Signed-off-by: Ian Kent Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9d8719a42e4671cfe27733d82b5a071295ab9975 Author: Ian Kent Date: Thu Jan 3 15:27:39 2019 -0800 autofs: change catatonic setting to a bit flag Change the superblock info. catatonic setting to be part of a flags bit field. Link: http://lkml.kernel.org/r/154296973142.9889.17275721668508589639.stgit@pluto-themaw-net Signed-off-by: Ian Kent Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 9bf964c9cee40285808ce973be7a266876404501 Author: Ian Kent Date: Thu Jan 3 15:27:36 2019 -0800 autofs: simplify parse_options() function call The parse_options() function uses a long list of parameters, most of which are present in the super block info structure already. The mount parameters set in parse_options() options don't require cleanup so using the super block info struct directly is simpler. Link: http://lkml.kernel.org/r/154296972423.9889.9368859245676473329.stgit@pluto-themaw-net Signed-off-by: Ian Kent Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 55f0d8205dc6399826332c21bc56626868cd453d Author: Ian Kent Date: Thu Jan 3 15:27:33 2019 -0800 autofs: improve ioctl sbi checks Al Viro made some suggestions to improve the implementation of commit 0633da48f0 ("fix autofs_sbi() does not check super block type"). The check is unnecessary in all cases except for ioctl usage so placing the check in the super block accessor function adds a small overhead to the common case where it isn't needed. So it's sufficient to do this in the ioctl code only. Also the check in the ioctl code is needlessly complex. [akpm@linux-foundation.org: declare autofs_fs_type in .h, not .c] Link: http://lkml.kernel.org/r/154296970987.9889.1597442413573683096.stgit@pluto-themaw-net Signed-off-by: Ian Kent Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 7c8f71935a65a584c48cbe478aaffc52292d6e00 Author: Alexey Dobriyan Date: Thu Jan 3 15:27:29 2019 -0800 init/main.c: make "initcall_level_names[]" const char * Initcall names should not be changed. Link: http://lkml.kernel.org/r/20181124091829.GD10969@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 86c051793b4c941ee4481725d57cf2a27f6b3aaf Author: Davidlohr Bueso Date: Thu Jan 3 15:27:26 2019 -0800 fs/epoll: deal with wait_queue only once There is no reason why we rearm the waitiqueue upon every fetch_events retry (for when events are found yet send_events() fails). If nothing else, this saves four lock operations per retry, and furthermore reduces the scope of the lock even further. [akpm@linux-foundation.org: restore code to original position, fix and reflow comment] Link: http://lkml.kernel.org/r/20181114182532.27981-2-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Jason Baron Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 35cff1a6e0236500584a8ae227fe08120d9b5ee2 Author: Davidlohr Bueso Date: Thu Jan 3 15:27:22 2019 -0800 fs/epoll: rename check_events label to send_events It is currently called check_events because it, well, did exactly that. However, since the lockless ep_events_available() call, the label no longer checks, but just sends the events. Rename as such. Link: http://lkml.kernel.org/r/20181114182532.27981-1-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Al Viro Cc: Jason Baron Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit abc610e01c663e25c41a3bdcbc4115cd7fbb047b Author: Davidlohr Bueso Date: Thu Jan 3 15:27:19 2019 -0800 fs/epoll: avoid barrier after an epoll_wait(2) timeout Upon timeout, we can just exit out of the loop, without the cost of the changing the task's state with an smp_store_mb call. Just exit out of the loop and be done - setting the task state afterwards will be, of course, redundant. [dave@stgolabs.net: forgotten fixlets] Link: http://lkml.kernel.org/r/20181109155258.jxcr4t2pnz6zqct3@linux-r8p5 Link: http://lkml.kernel.org/r/20181108051006.18751-7-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Al Viro Cc: Davidlohr Bueso Cc: Jason Baron Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c5a282e9635e9c7382821565083db5d260085e3e Author: Davidlohr Bueso Date: Thu Jan 3 15:27:15 2019 -0800 fs/epoll: reduce the scope of wq lock in epoll_wait() This patch aims at reducing ep wq.lock hold times in epoll_wait(2). For the blocking case, there is no need to constantly take and drop the spinlock, which is only needed to manipulate the waitqueue. The call to ep_events_available() is now lockless, and only exposed to benign races. Here, if false positive (returns available events and does not see another thread deleting an epi from the list) we call into send_events and then the list's state is correctly seen. Otoh, if a false negative and we don't see a list_add_tail(), for example, from irq callback, then it is rechecked again before blocking, which will see the correct state. In order for more accuracy to see concurrent list_del_init(), use the list_empty_careful() variant -- of course, this won't be safe against insertions from wakeup. For the overflow list we obviously need to prevent load/store tearing as we don't want to see partial values while the ready list is disabled. [dave@stgolabs.net: forgotten fixlets] Link: http://lkml.kernel.org/r/20181109155258.jxcr4t2pnz6zqct3@linux-r8p5 Link: http://lkml.kernel.org/r/20181108051006.18751-6-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Suggested-by: Jason Baron Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 21877e1a5b520132f54515f8835c963056418b4c Author: Davidlohr Bueso Date: Thu Jan 3 15:27:12 2019 -0800 fs/epoll: robustify ep->mtx held checks Insted of just commenting how important it is, lets make it more robust and add a lockdep_assert_held() call. Link: http://lkml.kernel.org/r/20181108051006.18751-5-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Al Viro Cc: Jason Baron Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 76699a67f3041ff4c7af6d6ee9be2bfbf1ffb671 Author: Davidlohr Bueso Date: Thu Jan 3 15:27:09 2019 -0800 fs/epoll: drop ovflist branch prediction The ep->ovflist is a secondary ready-list to temporarily store events that might occur when doing sproc without holding the ep->wq.lock. This accounts for every time we check for ready events and also send events back to userspace; both callbacks, particularly the latter because of copy_to_user, can account for a non-trivial time. As such, the unlikely() check to see if the pointer is being used, seems both misleading and sub-optimal. In fact, we go to an awful lot of trouble to sync both lists, and populating the ovflist is far from an uncommon scenario. For example, profiling a concurrent epoll_wait(2) benchmark, with CONFIG_PROFILE_ANNOTATED_BRANCHES shows that for a two threads a 33% incorrect rate was seen; and when incrementally increasing the number of epoll instances (which is used, for example for multiple queuing load balancing models), up to a 90% incorrect rate was seen. Similarly, by deleting the prediction, 3% throughput boost was seen across incremental threads. Link: http://lkml.kernel.org/r/20181108051006.18751-4-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Al Viro Cc: Jason Baron Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 4e0982a00564c80cb849a892043450860ef91e14 Author: Davidlohr Bueso Date: Thu Jan 3 15:27:05 2019 -0800 fs/epoll: simplify ep_send_events_proc() ready-list loop The current logic is a bit convoluted. Lets simplify this with a standard list_for_each_entry_safe() loop instead and just break out after maxevents is reached. While at it, remove an unnecessary indentation level in the loop when there are in fact ready events. Link: http://lkml.kernel.org/r/20181108051006.18751-3-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Al Viro Cc: Jason Baron Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 74bdc129850c32eaddc625ce557da560303fbf25 Author: Davidlohr Bueso Date: Thu Jan 3 15:27:02 2019 -0800 fs/epoll: remove max_nests argument from ep_call_nested() Patch series "epoll: some miscellaneous optimizations". The following are some incremental optimizations on some of the epoll core. Each patch has the details, but together, the series is seen to shave off measurable cycles on a number of systems and workloads. For example, on a 40-core IB, a pipetest as well as parallel epoll_wait() benchmark show around a 20-30% increase in raw operations per second when the box is fully occupied (incremental thread counts), and up to 15% performance improvement with lower counts. Passes ltp epoll related testcases. This patch(of 6): All callers pass the EP_MAX_NESTS constant already, so lets simplify this a tad and get rid of the redundant parameter for nested eventpolls. Link: http://lkml.kernel.org/r/20181108051006.18751-2-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reviewed-by: Andrew Morton Cc: Al Viro Cc: Jason Baron Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 77b8c0a8e47484e205b01dfedcd224770aa9d800 Author: Joe Perches Date: Thu Jan 3 15:26:59 2019 -0800 checkpatch: warn on const char foo[] = "bar"; declarations These declarations should generally be static const to avoid poor compilation and runtime performance where compilers tend to initialize the const declaration for every call instead of using .rodata for the string. Miscellanea: - Convert spaces to tabs for indentation in 2 adjacent checks Link: http://lkml.kernel.org/r/10ea5f4b087dc911e41e187a4a2b5e79c7529aa3.camel@perches.com Signed-off-by: Joe Perches Cc: Rasmus Villemoes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 05391772a72d49c37e6e4cb8e871be57beb66155 Author: huang.zijiang Date: Thu Jan 3 15:26:55 2019 -0800 drivers/firmware/memmap.c: modify memblock_alloc to memblock_alloc_nopanic memblock_alloc() never returns NULL because panic never returns. Link: http://lkml.kernel.org/r/1545640882-42009-1-git-send-email-huang.zijiang@zte.com.cn Signed-off-by: huang.zijiang Acked-by: Mike Rapoport Cc: Michal Hocko Cc: Stephen Rothwell Cc: Michael Ellerman Cc: Yi Wang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 6862d2fc81859f88c1f3f660886427893f2b4f3f Author: Huang Shijie Date: Thu Jan 3 15:26:51 2019 -0800 lib/genalloc.c: use vzalloc_node() to allocate the bitmap Some devices may have big memory on chip, such as over 1G. In some cases, the nbytes maybe bigger then 4M which is the bounday of the memory buddy system (4K default). So use vzalloc_node() to allocate the bitmap. Also use vfree to free it. Link: http://lkml.kernel.org/r/20181225015701.6289-1-sjhuang@iluvatar.ai Signed-off-by: Huang Shijie Reviewed-by: Andrew Morton Cc: Alexey Skidanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 439e00b76a5fb1662e3ae49fc48bd3f950575b9d Author: Yury Norov Date: Thu Jan 3 15:26:48 2019 -0800 lib/find_bit_benchmark.c: align test_find_next_and_bit with others Contrary to other tests, test_find_next_and_bit() test uses tab formatting in output and get_cycles() instead of ktime_get(). get_cycles() is not supported by some arches, so ktime_get() fits better in generic code. Fix it and minor style issues, so the output looks like this: Start testing find_bit() with random-filled bitmap find_next_bit: 7142816 ns, 163282 iterations find_next_zero_bit: 8545712 ns, 164399 iterations find_last_bit: 6332032 ns, 163282 iterations find_first_bit: 20509424 ns, 16606 iterations find_next_and_bit: 4060016 ns, 73424 iterations Start testing find_bit() with sparse bitmap find_next_bit: 55984 ns, 656 iterations find_next_zero_bit: 19197536 ns, 327025 iterations find_last_bit: 65088 ns, 656 iterations find_first_bit: 5923712 ns, 656 iterations find_next_and_bit: 29088 ns, 1 iterations Link: http://lkml.kernel.org/r/20181123174803.10916-1-ynorov@caviumnetworks.com Signed-off-by: Yury Norov Reviewed-by: Andrew Morton Cc: "Norov, Yuri" Cc: Clement Courbet Cc: Geert Uytterhoeven Cc: Alexey Dobriyan Cc: Matthew Wilcox Cc: Rasmus Villemoes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 52fbf1134d479234d7e64ba9dcbaea23405f229e Author: Alexey Skidanov Date: Thu Jan 3 15:26:44 2019 -0800 lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk gen_pool_alloc_algo() uses different allocation functions implementing different allocation algorithms. With gen_pool_first_fit_align() allocation function, the returned address should be aligned on the requested boundary. If chunk start address isn't aligned on the requested boundary, the returned address isn't aligned too. The only way to get properly aligned address is to initialize the pool with chunks aligned on the requested boundary. If want to have an ability to allocate buffers aligned on different boundaries (for example, 4K, 1MB, ...), the chunk start address should be aligned on the max possible alignment. This happens because gen_pool_first_fit_align() looks for properly aligned memory block without taking into account the chunk start address alignment. To fix this, we provide chunk start address to gen_pool_first_fit_align() and change its implementation such that it starts looking for properly aligned block with appropriate offset (exactly as is done in CMA). Link: https://lkml.kernel.org/lkml/a170cf65-6884-3592-1de9-4c235888cc8a@intel.com Link: http://lkml.kernel.org/r/1541690953-4623-1-git-send-email-alexey.skidanov@intel.com Signed-off-by: Alexey Skidanov Reviewed-by: Andrew Morton Cc: Logan Gunthorpe Cc: Daniel Mentz Cc: Mathieu Desnoyers Cc: Laura Abbott Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3fc2579e6f162fcff964f5aa01c8a29438ca5c05 Author: Matthew Wilcox Date: Thu Jan 3 15:26:41 2019 -0800 fls: change parameter to unsigned int When testing in userspace, UBSAN pointed out that shifting into the sign bit is undefined behaviour. It doesn't really make sense to ask for the highest set bit of a negative value, so just turn the argument type into an unsigned int. Some architectures (eg ppc) already had it declared as an unsigned int, so I don't expect too many problems. Link: http://lkml.kernel.org/r/20181105221117.31828-1-willy@infradead.org Signed-off-by: Matthew Wilcox Acked-by: Thomas Gleixner Acked-by: Geert Uytterhoeven Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit e6310f0fb5cd3f65244dbdef2fb264859891c7ec Author: Alexey Dobriyan Date: Thu Jan 3 15:26:37 2019 -0800 include/linux/printk.h: drop silly "static inline asmlinkage" from dump_stack() Empty function will be inlined so asmlinkage doesn't do anything. Link: http://lkml.kernel.org/r/20181124093530.GE10969@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Acked-by: Joey Pabalinas Cc: Petr Mladek Cc: Sergey Senozhatsky Cc: Steven Rostedt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 300133d372b7b541c7e7c5e8d63ea5439f9865b6 Author: Souptick Joarder Date: Thu Jan 3 15:26:34 2019 -0800 drivers/dma-buf/udmabuf.c: convert to use vm_fault_t Use new return type vm_fault_t for fault handler. Link: http://lkml.kernel.org/r/20181106173628.GA12989@jordon-HP-15-Notebook-PC Signed-off-by: Souptick Joarder Cc: Gerd Hoffmann Cc: Sumit Semwal Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 304ae42739b108305f8d7b3eb3c1aec7c2b643a9 Author: Tetsuo Handa Date: Thu Jan 3 15:26:31 2019 -0800 kernel/hung_task.c: break RCU locks based on jiffies check_hung_uninterruptible_tasks() is currently calling rcu_lock_break() for every 1024 threads. But check_hung_task() is very slow if printk() was called, and is very fast otherwise. If many threads within some 1024 threads called printk(), the RCU grace period might be extended enough to trigger RCU stall warnings. Therefore, calling rcu_lock_break() for every some fixed jiffies will be safer. Link: http://lkml.kernel.org/r/1544800658-11423-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp Signed-off-by: Tetsuo Handa Acked-by: Paul E. McKenney Cc: Petr Mladek Cc: Sergey Senozhatsky Cc: Dmitry Vyukov Cc: "Rafael J. Wysocki" Cc: Vitaly Kuznetsov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 168e06f7937d96c7222037d8a05565e8a6eb00fe Author: Liu, Chuansheng Date: Thu Jan 3 15:26:27 2019 -0800 kernel/hung_task.c: force console verbose before panic Based on commit 401c636a0eeb ("kernel/hung_task.c: show all hung tasks before panic"), we could get the call stack of hung task. However, if the console loglevel is not high, we still can not see the useful panic information in practice, and in most cases users don't set console loglevel to high level. This patch is to force console verbose before system panic, so that the real useful information can be seen in the console, instead of being like the following, which doesn't have hung task information. INFO: task init:1 blocked for more than 120 seconds. Tainted: G U W 4.19.0-quilt-2e5dc0ac-g51b6c21d76cc #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. Kernel panic - not syncing: hung_task: blocked tasks CPU: 2 PID: 479 Comm: khungtaskd Tainted: G U W 4.19.0-quilt-2e5dc0ac-g51b6c21d76cc #1 Call Trace: dump_stack+0x4f/0x65 panic+0xde/0x231 watchdog+0x290/0x410 kthread+0x12c/0x150 ret_from_fork+0x35/0x40 reboot: panic mode set: p,w Kernel Offset: 0x34000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) Link: http://lkml.kernel.org/r/27240C0AC20F114CBF8149A2696CBE4A6015B675@SHSMSX101.ccr.corp.intel.com Signed-off-by: Chuansheng Liu Reviewed-by: Petr Mladek Reviewed-by: Sergey Senozhatsky Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 527edbc18a70e745740ef31edb0ffefb2f161afa Author: Masahiro Yamada Date: Thu Jan 3 15:26:23 2019 -0800 build_bug.h: remove most of dummy BUILD_BUG_ON stubs for Sparse The introduction of these dummy BUILD_BUG_ON stubs dates back to commmit 903c0c7cdc21 ("sparse: define dummy BUILD_BUG_ON definition for sparse"). At that time, BUILD_BUG_ON() was implemented with the negative array trick *and* the link-time trick, like this: extern int __build_bug_on_failed; #define BUILD_BUG_ON(condition) \ do { \ ((void)sizeof(char[1 - 2*!!(condition)])); \ if (condition) __build_bug_on_failed = 1; \ } while(0) Sparse is more strict about the negative array trick than GCC because Sparse requires the array length to be really constant. Here is the simple test code for the macro above: static const int x = 0; BUILD_BUG_ON(x); GCC is absolutely fine with it (-Wvla was enabled only very recently), but Sparse warns like this: error: bad constant expression error: cannot size expression (If you are using a newer version of Sparse, you will see a different warning message, "warning: Variable length array is used".) Anyway, Sparse was producing many false positives, and noisier than it should be at that time. With the previous commit, the leftover negative array trick is gone. Sparse is fine with the current BUILD_BUG_ON(), which is implemented by using the 'error' attribute. I am keeping the stub for BUILD_BUG_ON_ZERO(). Otherwise, Sparse would complain about the following code, which GCC is fine with: static const int x = 0; int y = BUILD_BUG_ON_ZERO(x); Link: http://lkml.kernel.org/r/1542856462-18836-3-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Acked-by: Kees Cook Reviewed-by: Luc Van Oostenryck Reviewed-by: Nick Desaulniers Tested-by: Nick Desaulniers Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit c60d3b79423aab402085c30b33bfff5354a61d8b Author: Masahiro Yamada Date: Thu Jan 3 15:26:20 2019 -0800 build_bug.h: remove negative-array fallback for BUILD_BUG_ON() The kernel can only be compiled with an optimization option (-O2, -Os, or the currently proposed -Og). Hence, __OPTIMIZE__ is always defined in the kernel source. The fallback for the -O0 case is just hypothetical and pointless. Moreover, commit 0bb95f80a38f ("Makefile: Globally enable VLA warning") enabled -Wvla warning. The use of variable length arrays is banned. Link: http://lkml.kernel.org/r/1542856462-18836-2-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Acked-by: Kees Cook Reviewed-by: Nick Desaulniers Tested-by: Nick Desaulniers Cc: Luc Van Oostenryck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 3fe5dbfef47e992b810cbe82af1df02d8255fb8c Author: Alexey Dobriyan Date: Thu Jan 3 15:26:16 2019 -0800 Documentation/process/coding-style.rst: don't use "extern" with function prototypes `extern' with function prototypes makes lines longer and creates more characters on the screen. Do not bug people with checkpatch.pl warnings for now as fallout can be devastating. Link: http://lkml.kernel.org/r/20181101134153.GA29267@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 09be178400829dddc1189b50a7888495dd26aa84 Author: Cheng Lin Date: Thu Jan 3 15:26:13 2019 -0800 proc/sysctl: fix return error for proc_doulongvec_minmax() If the number of input parameters is less than the total parameters, an EINVAL error will be returned. For example, we use proc_doulongvec_minmax to pass up to two parameters with kern_table: { .procname = "monitor_signals", .data = &monitor_sigs, .maxlen = 2*sizeof(unsigned long), .mode = 0644, .proc_handler = proc_doulongvec_minmax, }, Reproduce: When passing two parameters, it's work normal. But passing only one parameter, an error "Invalid argument"(EINVAL) is returned. [root@cl150 ~]# echo 1 2 > /proc/sys/kernel/monitor_signals [root@cl150 ~]# cat /proc/sys/kernel/monitor_signals 1 2 [root@cl150 ~]# echo 3 > /proc/sys/kernel/monitor_signals -bash: echo: write error: Invalid argument [root@cl150 ~]# echo $? 1 [root@cl150 ~]# cat /proc/sys/kernel/monitor_signals 3 2 [root@cl150 ~]# The following is the result after apply this patch. No error is returned when the number of input parameters is less than the total parameters. [root@cl150 ~]# echo 1 2 > /proc/sys/kernel/monitor_signals [root@cl150 ~]# cat /proc/sys/kernel/monitor_signals 1 2 [root@cl150 ~]# echo 3 > /proc/sys/kernel/monitor_signals [root@cl150 ~]# echo $? 0 [root@cl150 ~]# cat /proc/sys/kernel/monitor_signals 3 2 [root@cl150 ~]# There are three processing functions dealing with digital parameters, __do_proc_dointvec/__do_proc_douintvec/__do_proc_doulongvec_minmax. This patch deals with __do_proc_doulongvec_minmax, just as __do_proc_dointvec does, adding a check for parameters 'left'. In __do_proc_douintvec, its code implementation explicitly does not support multiple inputs. static int __do_proc_douintvec(...){ ... /* * Arrays are not supported, keep this simple. *Do not* add * support for them. */ if (vleft != 1) { *lenp = 0; return -EINVAL; } ... } So, just __do_proc_doulongvec_minmax has the problem. And most use of proc_doulongvec_minmax/proc_doulongvec_ms_jiffies_minmax just have one parameter. Link: http://lkml.kernel.org/r/1544081775-15720-1-git-send-email-cheng.lin130@zte.com.cn Signed-off-by: Cheng Lin Acked-by: Luis Chamberlain Reviewed-by: Kees Cook Cc: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit afe922c2daae4a8f0101a30658c886c2b6eb2a96 Author: Alexey Dobriyan Date: Thu Jan 3 15:26:09 2019 -0800 fs/proc/base.c: slightly faster /proc/*/limits Header of /proc/*/limits is a fixed string, so print it directly without formatting specifiers. Link: http://lkml.kernel.org/r/20181203164242.GB6904@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 230f72e9f6dc7b22ee92dc03a393429447b4395c Author: Alexey Dobriyan Date: Thu Jan 3 15:26:05 2019 -0800 fs/proc/inode.c: delete unnecessary variable in proc_alloc_inode() Link: http://lkml.kernel.org/r/20181203164015.GA6904@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Andrew Morton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 81966d83492620bf42d94d580370c59ff8d02772 Author: Eric Biggers Date: Thu Jan 3 15:26:00 2019 -0800 fs/proc/util.c: include fs/proc/internal.h for name_to_int() name_to_int() is defined in fs/proc/util.c and declared in fs/proc/internal.h, but the declaration isn't included at the point of the definition. Include the header to enforce that the definition matches the declaration. This addresses a gcc warning when -Wmissing-prototypes is enabled. Link: http://lkml.kernel.org/r/20181115001833.49371-1-ebiggers@kernel.org Signed-off-by: Eric Biggers Reviewed-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit 8da0b4f692c6d90b09c91f271517db746a22ff67 Author: Benjamin Gordon Date: Thu Jan 3 15:25:56 2019 -0800 fs/proc/base.c: use ns_capable instead of capable for timerslack_ns Access to timerslack_ns is controlled by a process having CAP_SYS_NICE in its effective capability set, but the current check looks in the root namespace instead of the process' user namespace. Since a process is allowed to do other activities controlled by CAP_SYS_NICE inside a namespace, it should also be able to adjust timerslack_ns. Link: http://lkml.kernel.org/r/20181030180012.232896-1-bmgordon@google.com Signed-off-by: Benjamin Gordon Acked-by: "Eric W. Biederman" Cc: John Stultz Cc: "Eric W. Biederman" Cc: Kees Cook Cc: "Serge E. Hallyn" Cc: Thomas Gleixner Cc: Arjan van de Ven Cc: Oren Laadan Cc: Ruchi Kandoi Cc: Rom Lemarchand Cc: Todd Kjos Cc: Colin Cross Cc: Nick Kralevich Cc: Dmitry Shmidt Cc: Elliott Hughes Cc: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds commit cff1e01f16f84083e5b4e3a98331ba405fb3fbb5 Author: Linus Walleij Date: Thu Jan 3 22:31:32 2019 +0100 net: dsa: mt7530: Drop unused GPIO include This driver uses GPIO descriptors only, is not used so drop the include. Signed-off-by: Linus Walleij Reviewed-by: Vivien Didelot Signed-off-by: David S. Miller commit 0c06a0919782cbe5f33d0f1411ca059e9bfb8190 Merge: 41e4e2cd75346 44039e00171b0 Author: David S. Miller Date: Fri Jan 4 13:06:07 2019 -0800 Merge branch 'GUE-error-recursion' Stefano Brivio says: ==================== Fix two further potential unbounded recursions in GUE error handlers Patch 1/2 takes care of preventing the issue fixed by commit 11789039da53 ("fou: Prevent unbounded recursion in GUE error handler") also with UDP-Lite payloads -- I just realised this might happen from a syzbot report. Patch 2/2 fixes the issue for both UDP and UDP-Lite on IPv6, which I also forgot to deal with in that same commit. ==================== Signed-off-by: David S. Miller commit 44039e00171b0fe930c07ff7b43e6023eaf1ed31 Author: Stefano Brivio Date: Thu Jan 3 21:43:35 2019 +0100 fou6: Prevent unbounded recursion in GUE error handler I forgot to deal with IPv6 in commit 11789039da53 ("fou: Prevent unbounded recursion in GUE error handler"). Now syzbot reported what might be the same type of issue, caused by gue6_err(), that is, handling exceptions for direct UDP encapsulation in GUE (UDP-in-UDP) leads to unbounded recursion in the GUE exception handler. As it probably doesn't make sense to set up GUE this way, and it's currently not even possible to configure this, skip exception handling for UDP (or UDP-Lite) packets encapsulated in UDP (or UDP-Lite) packets with GUE on IPv6. Reported-by: syzbot+4ad25edc7a33e4ab91e0@syzkaller.appspotmail.com Reported-by: Willem de Bruijn Reported-by: Eric Dumazet Fixes: b8a51b38e4d4 ("fou, fou6: ICMP error handlers for FoU and GUE") Signed-off-by: Stefano Brivio Signed-off-by: David S. Miller commit bc6e019b6ee65ff4ebf3ca272f774cf6c67db669 Author: Stefano Brivio Date: Thu Jan 3 21:43:34 2019 +0100 fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite In commit 11789039da53 ("fou: Prevent unbounded recursion in GUE error handler"), I didn't take care of the case where UDP-Lite is encapsulated into UDP or UDP-Lite with GUE. From a syzbot report about a possibly similar issue with GUE on IPv6, I just realised the same thing might happen with a UDP-Lite inner payload. Also skip exception handling for inner UDP-Lite protocol. Fixes: 11789039da53 ("fou: Prevent unbounded recursion in GUE error handler") Signed-off-by: Stefano Brivio Signed-off-by: David S. Miller commit 41e4e2cd75346667b0c531c07dab05cce5b06d15 Author: Yi-Hung Wei Date: Thu Jan 3 09:51:57 2019 -0800 openvswitch: Fix IPv6 later frags parsing The previous commit fa642f08839b ("openvswitch: Derive IP protocol number for IPv6 later frags") introduces IP protocol number parsing for IPv6 later frags that can mess up the network header length calculation logic, i.e. nh_len < 0. However, the network header length calculation is mainly for deriving the transport layer header in the key extraction process which the later fragment does not apply. Therefore, this commit skips the network header length calculation to fix the issue. Reported-by: Chris Mi Reported-by: Greg Rose Fixes: fa642f08839b ("openvswitch: Derive IP protocol number for IPv6 later frags") Signed-off-by: Yi-Hung Wei Signed-off-by: David S. Miller commit ba3e1847d6471f30241f11069d8f153ed8cb052b Author: Claudiu Beznea Date: Thu Jan 3 14:59:35 2019 +0000 net: macb: remove unnecessary code Commit 653e92a9175e ("net: macb: add support for padding and fcs computation") introduced a bug fixed by commit 899ecaedd155 ("net: ethernet: cadence: fix socket buffer corruption problem"). Code removed in this patch is not reachable at all so remove it. Fixes: 653e92a9175e ("net: macb: add support for padding and fcs computation") Cc: Tristram Ha Signed-off-by: Claudiu Beznea Signed-off-by: David S. Miller commit a09b42ba1a5e1cbeb934fd94cb7b5b9018bf15c7 Author: Linus Walleij Date: Thu Jan 3 13:36:43 2019 +0100 net: dsa: microchip: Drop unused GPIO includes This driver does not use the old GPIO includes so drop them. Signed-off-by: Linus Walleij Reviewed-by: Vivien Didelot Signed-off-by: David S. Miller commit ebdefe4656470870579f1c42fa2e20dcda699263 Merge: f8c468e853792 46721c3d9e273 Author: David S. Miller Date: Fri Jan 4 12:57:31 2019 -0800 Merge branch 'qed-fixes' Denis Bolotin says: ==================== qed: Misc fixes in qed This patch series fixes 2 potential bugs in qed. Please consider applying to net. ==================== Signed-off-by: David S. Miller commit 46721c3d9e273aea880e9ff835b0e1271e1cd2fb Author: Denis Bolotin Date: Thu Jan 3 12:02:40 2019 +0200 qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier Make sure chain element is updated before ringing the doorbell. Signed-off-by: Denis Bolotin Signed-off-by: Ariel Elior Signed-off-by: David S. Miller commit 2d533a9287f2011632977e87ce2783f4c689c984 Author: Denis Bolotin Date: Thu Jan 3 12:02:39 2019 +0200 qed: Fix qed_chain_set_prod() for PBL chains with non power of 2 page count In PBL chains with non power of 2 page count, the producer is not at the beginning of the chain when index is 0 after a wrap. Therefore, after the producer index wrap around, page index should be calculated more carefully. Signed-off-by: Denis Bolotin Signed-off-by: Ariel Elior Signed-off-by: David S. Miller commit 594cc251fdd0d231d342d88b2fdff4bc42fb0690 Author: Linus Torvalds Date: Fri Jan 4 12:56:09 2019 -0800 make 'user_access_begin()' do 'access_ok()' Originally, the rule used to be that you'd have to do access_ok() separately, and then user_access_begin() before actually doing the direct (optimized) user access. But experience has shown that people then decide not to do access_ok() at all, and instead rely on it being implied by other operations or similar. Which makes it very hard to verify that the access has actually been range-checked. If you use the unsafe direct user accesses, hardware features (either SMAP - Supervisor Mode Access Protection - on x86, or PAN - Privileged Access Never - on ARM) do force you to use user_access_begin(). But nothing really forces the range check. By putting the range check into user_access_begin(), we actually force people to do the right thing (tm), and the range check vill be visible near the actual accesses. We have way too long a history of people trying to avoid them. Signed-off-by: Linus Torvalds commit f8c468e8537925e0c4607263f498a1b7c0c8982e Author: David Rientjes Date: Wed Jan 2 13:01:43 2019 -0800 net, skbuff: do not prefer skb allocation fails early Commit dcda9b04713c ("mm, tree wide: replace __GFP_REPEAT by __GFP_RETRY_MAYFAIL with more useful semantic") replaced __GFP_REPEAT in alloc_skb_with_frags() with __GFP_RETRY_MAYFAIL when the allocation may directly reclaim. The previous behavior would require reclaim up to 1 << order pages for skb aligned header_len of order > PAGE_ALLOC_COSTLY_ORDER before failing, otherwise the allocations in alloc_skb() would loop in the page allocator looking for memory. __GFP_RETRY_MAYFAIL makes both allocations failable under memory pressure, including for the HEAD allocation. This can cause, among many other things, write() to fail with ENOTCONN during RPC when under memory pressure. These allocations should succeed as they did previous to dcda9b04713c even if it requires calling the oom killer and additional looping in the page allocator to find memory. There is no way to specify the previous behavior of __GFP_REPEAT, but it's unlikely to be necessary since the previous behavior only guaranteed that 1 << order pages would be reclaimed before failing for order > PAGE_ALLOC_COSTLY_ORDER. That reclaim is not guaranteed to be contiguous memory, so repeating for such large orders is usually not beneficial. Removing the setting of __GFP_RETRY_MAYFAIL to restore the previous behavior, specifically not allowing alloc_skb() to fail for small orders and oom kill if necessary rather than allowing RPCs to fail. Fixes: dcda9b04713c ("mm, tree wide: replace __GFP_REPEAT by __GFP_RETRY_MAYFAIL with more useful semantic") Signed-off-by: David Rientjes Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller commit 8d68100ab4ad92560a16a68b72e068613ac4d573 Author: Wen Yang Date: Thu Jan 3 01:09:53 2019 +0800 soc/fsl/qe: fix err handling of ucc_of_parse_tdm Currently there are some issues with the ucc_of_parse_tdm function: 1, a possible null pointer dereference in ucc_of_parse_tdm, detected by the semantic patch deref_null.cocci, with the following warning: drivers/soc/fsl/qe/qe_tdm.c:177:21-24: ERROR: pdev is NULL but dereferenced. 2, dev gets modified, so in any case that devm_iounmap() will fail even when the new pdev is valid, because the iomap was done with a different pdev. 3, there is no driver bind with the "fsl,t1040-qe-si" or "fsl,t1040-qe-siram" device. So allocating resources using devm_*() with these devices won't provide a cleanup path for these resources when the caller fails. This patch fixes them. Suggested-by: Li Yang Suggested-by: Christophe LEROY Signed-off-by: Wen Yang Reviewed-by: Peng Hao CC: Julia Lawall CC: Zhao Qiang CC: David S. Miller CC: netdev@vger.kernel.org CC: linuxppc-dev@lists.ozlabs.org CC: linux-kernel@vger.kernel.org Signed-off-by: David S. Miller commit 36352991835ce99e46b4441dd0eb6980f9a83e8f Author: Kai-Heng Feng Date: Wed Jan 2 14:45:07 2019 +0800 r8169: Add support for new Realtek Ethernet There are two new Realtek Ethernet devices which are re-branded r8168h. Add the IDs to to support them. Signed-off-by: Kai-Heng Feng Reviewed-by: Heiner Kallweit Signed-off-by: David S. Miller commit 7c1e8a3817c55d73b27cc29b84075999c8894179 Author: Arthur Gautier Date: Mon Dec 31 02:10:58 2018 +0000 netlink: fixup regression in RTM_GETADDR This commit fixes a regression in AF_INET/RTM_GETADDR and AF_INET6/RTM_GETADDR. Before this commit, the kernel would stop dumping addresses once the first skb was full and end the stream with NLMSG_DONE(-EMSGSIZE). The error shouldn't be sent back to netlink_dump so the callback is kept alive. The userspace is expected to call back with a new empty skb. Changes from V1: - The error is not handled in netlink_dump anymore but rather in inet_dump_ifaddr and inet6_dump_addr directly as suggested by David Ahern. Fixes: d7e38611b81e ("net/ipv4: Put target net when address dump fails due to bad attributes") Fixes: 242afaa6968c ("net/ipv6: Put target net when address dump fails due to bad attributes") Cc: David Ahern Cc: "David S . Miller" Cc: netdev@vger.kernel.org Signed-off-by: Arthur Gautier Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 1492623e837fe7ca6296f7f5411328307e242771 Author: Christophe JAILLET Date: Sat Dec 29 17:42:22 2018 +0100 octeontx2-af: Fix a resource leak in an error handling path in 'cgx_probe()' If an error occurs after the call to 'pci_alloc_irq_vectors()', we must call 'pci_free_irq_vectors()' in order to avoid a resource leak. The same sequence is already in place in the corresponding 'cgx_remove()' function. Fixes: 1463f382f58d ("octeontx2-af: Add support for CGX link management") Signed-off-by: Christophe JAILLET Signed-off-by: David S. Miller commit e4f2283cc6ffefbe414317a0d89b602811b577ac Merge: 4addd2640fcae a40612ef0ee1e f91528955d009 Author: Al Viro Date: Fri Jan 4 14:02:59 2019 -0500 Merge branches 'misc.misc' and 'work.iov_iter' into for-linus commit 0b2c8f8b6b0c7530e2866c95862546d0da2057b0 Author: Linus Torvalds Date: Fri Jan 4 10:23:10 2019 -0800 i915: fix missing user_access_end() in page fault exception case When commit fddcd00a49e9 ("drm/i915: Force the slow path after a user-write error") unified the error handling for various user access problems, it didn't do the user_access_end() that is needed for the unsafe_put_user() case. It's not a huge deal: a missed user_access_end() will only mean that SMAP protection isn't active afterwards, and for the error case we'll be returning to user mode soon enough anyway. But it's wrong, and adding the proper user_access_end() is trivial enough (and doing it for the other error cases where it isn't needed doesn't hurt). I noticed it while doing the same prep-work for changing user_access_begin() that precipitated the access_ok() changes in commit 96d4f267e40f ("Remove 'type' argument from access_ok() function"). Fixes: fddcd00a49e9 ("drm/i915: Force the slow path after a user-write error") Cc: Chris Wilson Cc: Joonas Lahtinen Cc: stable@kernel.org # v4.20 Signed-off-by: Linus Torvalds commit 03fa483821c0b4db7c2b1453d3332f397d82313f Author: Arnaldo Carvalho de Melo Date: Fri Jan 4 15:10:00 2019 -0300 perf test shell: Use a fallback to get the pathname in vfs_getname Some kernels, like 4.19.13-300.fc29.x86_64 in fedora 29, fail with the existing probe definition asking for the contents of result->name, working when we ask for the 'filename' variable instead, so add a fallback to that. Now those tests are back working on fedora 29 systems with that kernel: # perf test vfs_getname 65: Use vfs_getname probe to get syscall args filenames : Ok 66: Add vfs_getname probe to get syscall args filenames : Ok 67: Check open filename arg using perf trace + vfs_getname: Ok # Cc: Adrian Hunter Cc: Jiri Olsa Cc: Namhyung Kim Link: https://lkml.kernel.org/n/tip-klt3n0i58dfqttveti09q3fi@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 4caf4ebfe4cf0ea262eb9e829bb254a6a6d58acc Author: Linus Torvalds Date: Fri Jan 4 09:58:25 2019 -0800 Fix access_ok() fallout for sparc32 and powerpc These two architectures actually had an intentional use of the 'type' argument to access_ok() just to avoid warnings. I had actually noticed the powerpc one, but forgot to then fix it up. And I missed the sparc32 case entirely. This is hopefully all of it. Reported-by: Mathieu Malaterre Reported-by: Guenter Roeck Fixes: 96d4f267e40f ("Remove 'type' argument from access_ok() function") Signed-off-by: Linus Torvalds commit 1f8ce09b36c41a026a37a24b20efa32000892a64 Author: YueHaibing Date: Fri Jan 4 06:03:40 2019 +0000 xen/pvcalls: remove set but not used variable 'intf' Fixes gcc '-Wunused-but-set-variable' warning: drivers/xen/pvcalls-back.c: In function 'pvcalls_sk_state_change': drivers/xen/pvcalls-back.c:286:28: warning: variable 'intf' set but not used [-Wunused-but-set-variable] It not used since e6587cdbd732 ("pvcalls-back: set -ENOTCONN in pvcalls_conn_back_read") Signed-off-by: YueHaibing Reviewed-by: Boris Ostrovsky Signed-off-by: Boris Ostrovsky commit f712a86c1406abf50b0dcff0500c723e2aca050a Author: Arnaldo Carvalho de Melo Date: Thu Jan 3 16:03:46 2019 -0300 perf python: Make sure the python binding output directory is in place Instead of doing an unconditional mkdir, use a dummy Makefile variable to check if the directory is there and if not, create it. This is better than what we had and will help with other python bindings that are in development, like one involved with python backtraces. Cc: Adrian Hunter Cc: Jiri Olsa Cc: Namhyung Kim Link: https://lkml.kernel.org/n/tip-iis6us2nocw3y4uuoon9osd7@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 099be748865eece21362aee416c350c0b1ae34df Author: Mattias Jacobsson <2pi@mok.nu> Date: Sat Dec 29 15:17:50 2018 +0100 perf strbuf: Remove redundant va_end() in strbuf_addv() Each call to va_copy() should have one, and only one, corresponding call to va_end(). In strbuf_addv() some code paths result in va_end() getting called multiple times. Remove the superfluous va_end(). Signed-off-by: Mattias Jacobsson <2pi@mok.nu> Cc: Jiri Olsa Cc: Peter Zijlstra Cc: Sanskriti Sharma Link: http://lkml.kernel.org/r/20181229141750.16945-1-2pi@mok.nu Fixes: ce49d8436cff ("perf strbuf: Match va_{add,copy} with va_end") Signed-off-by: Arnaldo Carvalho de Melo commit 442b4eb3af44906fcbb526d98c314b27f8c9acf3 Author: Ivan Krylov Date: Sun Oct 14 11:18:03 2018 +0300 perf annotate: Pass filename to objdump via execl The symbol__disassemble() function uses shell to launch objdump and filter its output via grep. Passing filenames by interpolating them into the command line via "%s" may lead to problems if said filenames contain special characters. Instead, pass the filename as a command line argument where it is not subject to any kind of interpretation, then use quoted shell interpolation to build the strings we need safely. Signed-off-by: Ivan Krylov Acked-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20181014111803.5d83b806@Tarkus Signed-off-by: Arnaldo Carvalho de Melo commit a3366db06bb656cef2e03f30f780d93059bcc594 Author: Jin Yao Date: Fri Jan 4 14:10:30 2019 +0800 perf report: Fix wrong iteration count in --branch-history By calculating the removed loops, we can get the iteration count. But the iteration count could be reported incorrectly, reporting impossibly high counts. That's because previous code uses the number of removed LBR entries for the iteration count. That's not good. Fix this by increasing the iteration count when a loop is detected. When matching the chain, the iteration count would be added up, finally we need to compute the average value when printing out. For example, $ perf report --branch-history --stdio --no-children Before: ---f2 +0 | |--33.62%--f1 +9 (cycles:1) | f1 +0 | main +22 (cycles:1) | main +17 | main +38 (cycles:1) | main +27 | f1 +26 (cycles:1) | f1 +24 | f2 +27 (cycles:7) | f2 +0 | f1 +19 (cycles:1) | f1 +14 | f2 +27 (cycles:11) | f2 +0 | f1 +9 (cycles:1 iter:2968 avg_cycles:3) | f1 +0 | main +22 (cycles:1 iter:2968 avg_cycles:3) | main +17 | main +38 (cycles:1 iter:2968 avg_cycles:3) 2968 is an impossible high iteration count and avg_cycles is too small. After: ---f2 +0 | |--33.62%--f1 +9 (cycles:1) | f1 +0 | main +22 (cycles:1) | main +17 | main +38 (cycles:1) | main +27 | f1 +26 (cycles:1) | f1 +24 | f2 +27 (cycles:7) | f2 +0 | f1 +19 (cycles:1) | f1 +14 | f2 +27 (cycles:11) | f2 +0 | f1 +9 (cycles:1 iter:1 avg_cycles:23) | f1 +0 | main +22 (cycles:1 iter:1 avg_cycles:23) | main +17 | main +38 (cycles:1 iter:1 avg_cycles:23) avg_cycles:23 is the average cycles of this iteration. Fixes: c4ee06251d42 ("perf report: Calculate the average cycles of iterations") Signed-off-by: Jin Yao Cc: Alexander Shishkin Cc: Andi Kleen Cc: Jiri Olsa Cc: Kan Liang Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1546582230-17507-1-git-send-email-yao.jin@linux.intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 86c22ab7227f59169f64275875c97ef495668b77 Author: Arnaldo Carvalho de Melo Date: Fri Jan 4 12:13:34 2019 -0300 tools headers x86: Sync asm/cpufeatures.h copy with the kernel sources To get the changes from: a0aea130afeb ("KVM: x86: Add CPUID support for new instruction WBNOINVD") 20c3a2c33e9f ("x86/speculation: Add support for STIBP always-on preferred mode") Cc: Adrian Hunter Cc: Jiri Olsa Cc: Namhyung Kim Cc: Paolo Bonzini Cc: Robert Hoo Cc: Thomas Gleixner Cc: Thomas Lendacky Link: https://lkml.kernel.org/n/tip-aonti3bu9rhnqe5hlawbidcp@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 8c91fd605e1a66050c9c4dbc3e159a08e8c5f7d4 Author: Arnaldo Carvalho de Melo Date: Fri Jan 4 12:08:31 2019 -0300 tools headers uapi: Sync copy of asm-generic/unistd.h with the kernel sources To get the changes in: b7d624ab4312 asm-generic: unistd.h: fixup broken macro include. 4e21565b7fd4 asm-generic: add kexec_file_load system call to unistd.h With this the 'kexec_file_load' syscall will be added to arm64's syscall table and will appear on the output of 'perf trace' on that platform. This silences this tools/perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/asm-generic/unistd.h' differs from latest version at 'include/uapi/asm-generic/unistd.h' diff -u tools/include/uapi/asm-generic/unistd.h include/uapi/asm-generic/unistd.h Cc: Adrian Hunter Cc: AKASHI Takahiro Cc: Arnd Bergmann Cc: Guo Ren Cc: Jiri Olsa Cc: Namhyung Kim Cc: Will Deacon Link: https://lkml.kernel.org/n/tip-er8j7qhavtdw0kdga3zswynm@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 558517c52c87da91a963708fe589044172470653 Author: Arnaldo Carvalho de Melo Date: Fri Jan 4 11:45:03 2019 -0300 tools headers uapi: Sync linux/kvm.h with the kernel sources To get the changes from these csets: 2bc39970e932 ("x86/kvm/hyper-v: Introduce KVM_GET_SUPPORTED_HV_CPUID") 2a31b9db1535 ("kvm: introduce manual dirty log reprotect") That results in these new KVM IOCTLs being supported in 'perf trace' when beautifying the cmd ioctl syscall argument: $ cp include/uapi/linux/kvm.h tools/include/uapi/linux/kvm.h $ tools/perf/trace/beauty/kvm_ioctl.sh > after $ diff -u before after --- before 2019-01-04 11:44:23.506605301 -0300 +++ after 2019-01-04 11:44:36.878730583 -0300 @@ -86,6 +86,8 @@ [0xbd] = "HYPERV_EVENTFD", [0xbe] = "GET_NESTED_STATE", [0xbf] = "SET_NESTED_STATE", + [0xc0] = "CLEAR_DIRTY_LOG", + [0xc1] = "GET_SUPPORTED_HV_CPUID", [0xe0] = "CREATE_DEVICE", [0xe1] = "SET_DEVICE_ATTR", [0xe2] = "GET_DEVICE_ATTR", $ At some point we should be able to do something: # perf trace -e ioctl(cmd == KVM_CLEAR_DIRTY_LOG) And have just those ioctls, optionally with callchains, etc. Cc: Adrian Hunter Cc: Jiri Olsa Cc: Namhyung Kim Cc: Paolo Bonzini Cc: Vitaly Kuznetsov Link: https://lkml.kernel.org/n/tip-konm3iigl2os6ritt7d2bori@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 4001b6a080aaca9a13ea07ae8972b82fdbd9ea6b Author: Arnaldo Carvalho de Melo Date: Fri Jan 4 11:41:42 2019 -0300 tools headers uapi: Sync linux/in.h copy from the kernel sources To get the changes in this cset: 65cab850f0ee ("net: Allow class-e address assignment via ifconfig ioctl") The macros changed in this cset are not used in tools/, so this is just to silence this perf tools build warning: Warning: Kernel ABI header at 'tools/include/uapi/linux/in.h' differs from latest version at 'include/uapi/linux/in.h' diff -u tools/include/uapi/linux/in.h include/uapi/linux/in.h Cc: Dave Taht Cc: David S. Miller Cc: Adrian Hunter Cc: Jiri Olsa Cc: Namhyung Kim Link: https://lkml.kernel.org/n/tip-smghvyxb3budqd1e70i0ylw1@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 8858ecb5a28d871b79aa5b4eed45414b553a5b6e Author: Arnaldo Carvalho de Melo Date: Fri Jan 4 11:36:10 2019 -0300 tools headers uapi: Update i915_drm.h To get the changes in these csets: fe841686470d Revert "drm/i915/perf: add a parameter to control the size of OA buffer" cd956bfcd0f5 drm/i915/perf: add a parameter to control the size of OA buffer 4bdafb9ddfa4 drm/i915: Remove i915.enable_ppgtt override Not one of them result in any changes in tools/perf/, this is just to silence this perf build warning: Warning: Kernel ABI header at 'tools/include/uapi/drm/i915_drm.h' differs from latest version at 'include/uapi/drm/i915_drm.h' diff -u tools/include/uapi/drm/i915_drm.h include/uapi/drm/i915_drm.h Cc: Adrian Hunter Cc: Chris Wilson Cc: Jiri Olsa Cc: Joonas Lahtinen Cc: Lionel Landwerlin Cc: Namhyung Kim Link: https://lkml.kernel.org/n/tip-mdw7ta6qz7d2rl77gf00uqe8@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 536cdb684d2d5139708d290b9dc124b1420886c1 Author: Jiri Olsa Date: Thu Jan 3 17:13:50 2019 +0100 tools iio: Override CFLAGS assignments So user could specify outside CFLAGS values. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: Andy Shevchenko Cc: Hartmut Knaack Cc: Jonathan Cameron Cc: Lars-Peter Clausen Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20190103161350.11446-3-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 302df34c4e64b9e83ee31cbf508b38b62b428bd6 Author: Jiri Olsa Date: Thu Jan 3 17:13:49 2019 +0100 tools thermal tmon: Use -O3 instead of -O1 if available Using -O3 instead of -O1 if it's supported by compiler. Signed-off-by: Jiri Olsa Cc: Alexander Shishkin Cc: Brian Norris Cc: Markus Mayer Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Zhang Rui Link: http://lkml.kernel.org/r/20190103161350.11446-2-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 6de92920a717ea2b7b45bb3d651b8bb951eab185 Merge: 97b6f89f7269b 07a496de4c7eb Author: Russell King Date: Fri Jan 4 14:34:46 2019 +0000 Merge commit 'smp-hotplug^{/omap2}' into for-linus commit 7e0b44e870cf265bb4a73fd25e0508c7363fcbd6 Author: Will Deacon Date: Thu Jan 3 17:55:12 2019 +0000 arm64: compat: Hook up io_pgetevents() for 32-bit tasks Commit 73aeb2cbcdc9 ("ARM: 8787/1: wire up io_pgetevents syscall") hooked up the io_pgetevents() system call for 32-bit ARM, so we can do the same for the compat wrapper on arm64. Signed-off-by: Will Deacon commit 53290432145a8eb143fe29e06e9c1465d43dc723 Author: Will Deacon Date: Thu Jan 3 18:00:39 2019 +0000 arm64: compat: Don't pull syscall number from regs in arm_compat_syscall The syscall number may have been changed by a tracer, so we should pass the actual number in from the caller instead of pulling it from the saved r7 value directly. Cc: Cc: Pi-Hsun Shih Reviewed-by: Dave Martin Signed-off-by: Will Deacon commit 169113ece0f29ebe884a6cfcf57c1ace04d8a36a Author: Will Deacon Date: Thu Jan 3 17:45:07 2019 +0000 arm64: compat: Avoid sending SIGILL for unallocated syscall numbers The ARM Linux kernel handles the EABI syscall numbers as follows: 0 - NR_SYSCALLS-1 : Invoke syscall via syscall table NR_SYSCALLS - 0xeffff : -ENOSYS (to be allocated in future) 0xf0000 - 0xf07ff : Private syscall or -ENOSYS if not allocated > 0xf07ff : SIGILL Our compat code gets this wrong and ends up sending SIGILL in response to all syscalls greater than NR_SYSCALLS which have a value greater than 0x7ff in the bottom 16 bits. Fix this by defining the end of the ARM private syscall region and checking the syscall number against that directly. Update the comment while we're at it. Cc: Cc: Dave Martin Reported-by: Pi-Hsun Shih Signed-off-by: Will Deacon commit 9966a05c7b80f075f2bc7e48dbb108d3f2927234 Author: Dave Martin Date: Fri Jan 4 13:09:51 2019 +0000 arm64/sve: Disentangle from Currently, provides common definitions for describing SVE context structures that are also used by the ptrace definitions in . For this reason, a #include of was added in ptrace.h, but it this turns out that this can interact badly with userspace code that tries to include ptrace.h on top of the libc headers (which may provide their own shadow definitions for sigcontext.h). To make the headers easier for userspace to consume, this patch bounces the common definitions into an __SVE_* namespace and moves them to a backend header that can be included by the other headers as appropriate. This should allow ptrace.h to be used alongside libc's sigcontext.h (if any) without ill effects. This should make the situation unambiguous: is the header to include for the sigframe-specific definitions, while is the header to include for ptrace-specific definitions. To avoid conflicting with existing usage, remains the canonical way to get the common definitions for SVE_VQ_MIN, sve_vq_from_vl() etc., both in userspace and in the kernel: relying on these being defined as a side effect of including just was never intended to be safe. Signed-off-by: Dave Martin Signed-off-by: Will Deacon commit ee1b465b303591d3a04d403122bbc0d7026520fb Author: Dave Martin Date: Fri Jan 4 13:09:50 2019 +0000 arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition SVE_PT_REGS_OFFSET is supposed to indicate the offset for skipping over the ptrace NT_ARM_SVE header (struct user_sve_header) to the start of the SVE register data proper. However, currently SVE_PT_REGS_OFFSET is defined in terms of struct sve_context, which is wrong: that structure describes the SVE header in the signal frame, not in the ptrace regset. This patch fixes the definition to use the ptrace header structure struct user_sve_header instead. By good fortune, the two structures are the same size anyway, so there is no functional or ABI change. Signed-off-by: Dave Martin Signed-off-by: Will Deacon commit 074400a7be61250d9f0ccec07d5c35ffec4d8d22 Author: Mathieu Malaterre Date: Fri Jan 4 10:27:58 2019 +0100 powerpc: Drop use of 'type' from access_ok() In commit 05a4ab823983 ("powerpc/uaccess: fix warning/error with access_ok()") an attempt was made to remove a warning by referencing the variable `type`. However in commit 96d4f267e40f ("Remove 'type' argument from access_ok() function") the variable `type` has been removed, breaking the build: arch/powerpc/include/asm/uaccess.h:66:32: error: ‘type’ undeclared (first use in this function) This essentially reverts commit 05a4ab823983 ("powerpc/uaccess: fix warning/error with access_ok()") to fix the error. Fixes: 96d4f267e40f ("Remove 'type' argument from access_ok() function") Signed-off-by: Mathieu Malaterre [mpe: Reword change log slightly.] Signed-off-by: Michael Ellerman commit 1690d8bb91e370ab772062b79bd434ce815c4729 Author: Viresh Kumar Date: Fri Jan 4 15:14:33 2019 +0530 cpufreq: scpi/scmi: Fix freeing of dynamic OPPs Since the commit 2a4eb7358aba "OPP: Don't remove dynamic OPPs from _dev_pm_opp_remove_table()", dynamically created OPP aren't automatically removed anymore by dev_pm_opp_cpumask_remove_table(). This affects the scpi and scmi cpufreq drivers which no longer free OPPs on failures or on invocations of the policy->exit() callback. Create a generic OPP helper dev_pm_opp_remove_all_dynamic() which can be called from these drivers instead of dev_pm_opp_cpumask_remove_table(). In dev_pm_opp_remove_all_dynamic(), we need to make sure that the opp_list isn't getting accessed simultaneously from other parts of the OPP core while the helper is freeing dynamic OPPs, i.e. we can't drop the opp_table->lock while traversing through the OPP list. And to accomplish that, this patch also creates _opp_kref_release_unlocked() which can be called from this new helper with the opp_table lock already held. Cc: 4.20 # v4.20 Reported-by: Valentin Schneider Fixes: 2a4eb7358aba "OPP: Don't remove dynamic OPPs from _dev_pm_opp_remove_table()" Signed-off-by: Viresh Kumar Tested-by: Valentin Schneider Reviewed-by: Sudeep Holla Signed-off-by: Rafael J. Wysocki commit d538d94f0ca86cfedc892cc427169219acb3c2f7 Merge: f460772291f81 96d4f267e40f9 Author: Michael Ellerman Date: Fri Jan 4 22:07:47 2019 +1100 Merge branch 'master' into fixes We have a fix to apply on top of commit 96d4f267e40f ("Remove 'type' argument from access_ok() function"), so merge master to get it. commit 09ad32dc6dc23beb638c48d0a2e5a9eaa8e85c6c Author: Rafael J. Wysocki Date: Thu Jan 3 11:30:07 2019 +0100 cpuidle / Documentation: Update cpuidle MAINTAINERS entry Update the MAINTAINERS entry for cpuidle by making it clear that it is not just drivers and adding a documentation record to it. Signed-off-by: Rafael J. Wysocki commit eb4f5213251833567570df1a09803f895653274d Author: Shaokun Zhang Date: Fri Jan 4 14:21:34 2019 +0800 drivers/perf: hisi: Fixup one DDRC PMU register offset For DDRC PMU, each PMU counter is fixed-purpose. There is a mismatch between perf list and driver definition on rw_chg event. # perf list | grep chg hisi_sccl1_ddrc0/rnk_chg/ [Kernel PMU event] hisi_sccl1_ddrc0/rw_chg/ [Kernel PMU event] But the register offset of rw_chg event is not defined in the driver, meanwhile bnk_chg register offset is mis-defined, let's fixup it. Fixes: 904dcf03f086 ("perf: hisi: Add support for HiSilicon SoC DDRC PMU driver") Cc: stable@vger.kernel.org Cc: John Garry Cc: Will Deacon Cc: Mark Rutland Reported-by: Weijian Huang Signed-off-by: Shaokun Zhang Signed-off-by: Will Deacon commit 2f328fea47ac9020ac47c88dd01cd8f93da55bcc Author: Masahiro Yamada Date: Fri Jan 4 09:18:41 2019 +0900 arm64: replace arm64-obj-* in Makefile with obj-* Use the standard obj-$(CONFIG_...) syntex. The behavior is still the same. Signed-off-by: Masahiro Yamada Signed-off-by: Will Deacon commit 48e638fb68be8fecdca0611beff53a9c947704e3 Author: Christoph Hellwig Date: Tue Jan 1 17:14:39 2019 +0100 dma-mapping: remove a few unused exports Now that the slow path DMA API calls are implemented out of line a few helpers only used by them don't need to be exported anymore. Signed-off-by: Christoph Hellwig commit ed6ccf10f24bdfc1955bc8b976ddedc370fc3869 Author: Christoph Hellwig Date: Wed Dec 26 07:52:13 2018 +0100 dma-mapping: properly stub out the DMA API for !CONFIG_HAS_DMA This avoids link failures in drivers using the DMA API, when they are compiled for user mode Linux with CONFIG_COMPILE_TEST=y. Fixes: 356da6d0cd ("dma-mapping: bypass indirect calls for dma-direct") Signed-off-by: Christoph Hellwig commit 4788ba5792cc1368ba4867e1488dc168b4fe97b7 Author: Christoph Hellwig Date: Wed Dec 26 07:51:44 2018 +0100 dma-mapping: remove dmam_{declare,release}_coherent_memory These functions have never been used. Signed-off-by: Christoph Hellwig commit d7076f07840851bbe57cb21ba052d6a4a9b1efa9 Author: Christoph Hellwig Date: Tue Dec 25 17:44:19 2018 +0100 dma-mapping: implement dmam_alloc_coherent using dmam_alloc_attrs dmam_alloc_coherent is just the default no-flags case of dmam_alloc_attrs, so take advantage of this similar to the non-managed version. Signed-off-by: Christoph Hellwig commit 2e05ea5cdc1ac55d9ef678ed5ea6c38acf7fd2a3 Author: Christoph Hellwig Date: Tue Dec 25 08:50:35 2018 +0100 dma-mapping: implement dma_map_single_attrs using dma_map_page_attrs And also switch the way we implement the unmap side around to stay consistent. This ensures dma-debug works again because it records which function we used for mapping to ensure it is also used for unmapping, and also reduces further code duplication. Last but not least this also officially allows calling dma_sync_single_* for mappings created using dma_map_page, which is perfectly fine given that the sync calls only take a dma_addr_t, but not a virtual address or struct page. Fixes: 7f0fee242e ("dma-mapping: merge dma_unmap_page_attrs and dma_unmap_single_attrs") Signed-off-by: Christoph Hellwig Tested-by: LABBE Corentin commit 9ddf32a8df9e342371aaf9233d59739a356231e6 Merge: 74136a3d47f51 c75ff001f4fe2 Author: Dave Airlie Date: Fri Jan 4 14:09:12 2019 +1000 Merge tag 'drm-misc-next-fixes-2019-01-02' of git://anongit.freedesktop.org/drm/drm-misc into drm-next Fixes for v4.21: - Fix null pointer dereference on null state pointer. - Fix leaking damage clip when destroying plane state. Signed-off-by: Dave Airlie From: Maarten Lankhorst Link: https://patchwork.freedesktop.org/patch/msgid/46c4dbcd-dc23-7b46-fda9-16fe33e6ceef@linux.intel.com commit dc56367cb5dbf9d593e4b12373489df9a7edb72c Author: Steven Rostedt (VMware) Date: Thu Jan 3 22:02:39 2019 -0500 sh: ftrace: Fix missing parenthesis in WARN_ON() Adding a function inside a WARN_ON() didn't close the WARN_ON parathesis. Link: http://lkml.kernel.org/r/201901020958.28Mzbs0O%fengguang.wu@intel.com Cc: linux-sh@vger.kernel.org Cc: Yoshinori Sato Cc: Rich Felker Reported-by: kbuild test robot Fixes: cec8d0e7f06e ("sh: ftrace: Use ftrace_graph_get_ret_stack() instead of curr_ret_stack") Signed-off-by: Steven Rostedt (VMware) commit 96d4f267e40f9509e8a66e2b39e8b95655617693 Author: Linus Torvalds Date: Thu Jan 3 18:57:57 2019 -0800 Remove 'type' argument from access_ok() function Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument of the user address range verification function since we got rid of the old racy i386-only code to walk page tables by hand. It existed because the original 80386 would not honor the write protect bit when in kernel mode, so you had to do COW by hand before doing any user access. But we haven't supported that in a long time, and these days the 'type' argument is a purely historical artifact. A discussion about extending 'user_access_begin()' to do the range checking resulted this patch, because there is no way we're going to move the old VERIFY_xyz interface to that model. And it's best done at the end of the merge window when I've done most of my merges, so let's just get this done once and for all. This patch was mostly done with a sed-script, with manual fix-ups for the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form. There were a couple of notable cases: - csky still had the old "verify_area()" name as an alias. - the iter_iov code had magical hardcoded knowledge of the actual values of VERIFY_{READ,WRITE} (not that they mattered, since nothing really used it) - microblaze used the type argument for a debug printout but other than those oddities this should be a total no-op patch. I tried to fix up all architectures, did fairly extensive grepping for access_ok() uses, and the changes are trivial, but I may have missed something. Any missed conversion should be trivially fixable, though. Signed-off-by: Linus Torvalds commit 135143b2cac43d2a1ec73b53033b9473fbbcce6d Merge: 810574ca7e2f9 bf77ae4c98d72 Author: Linus Torvalds Date: Thu Jan 3 14:33:46 2019 -0800 Merge tag 'locks-v4.21-2' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux Pull file locking bugfix from Jeff Layton: "This is a one-line fix for a bug that syzbot turned up in the new patches to mitigate the thundering herd when a lock is released" * tag 'locks-v4.21-2' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux: locks: fix error in locks_move_blocks() commit 810574ca7e2f95d149023f4ea247d6672f69f9af Merge: 43d86ee8c639d 3e9ad24b0e91c Author: Linus Torvalds Date: Thu Jan 3 13:08:00 2019 -0800 Merge tag 'sound-fix-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Among a few HD-audio fixes, the only significant one is the regression fix on some machines like Dell XPS due to the default binding changes. We ended up reverting the whole since the fix for ASoC HD-audio driver won't be available immediately" * tag 'sound-fix-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda - Revert DSP detection on legacy HD-audio driver ALSA: hda/tegra: clear pending irq handlers ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops commit 43d86ee8c639df750529b4d8f062b328b61c423e Merge: 645ff1e8e704c c5ee066333ebc Author: Linus Torvalds Date: Thu Jan 3 12:53:47 2019 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: "Several fixes here. Basically split down the line between newly introduced regressions and long existing problems: 1) Double free in tipc_enable_bearer(), from Cong Wang. 2) Many fixes to nf_conncount, from Florian Westphal. 3) op->get_regs_len() can throw an error, check it, from Yunsheng Lin. 4) Need to use GFP_ATOMIC in *_add_hash_mac_address() of fsl/fman driver, from Scott Wood. 5) Inifnite loop in fib_empty_table(), from Yue Haibing. 6) Use after free in ax25_fillin_cb(), from Cong Wang. 7) Fix socket locking in nr_find_socket(), also from Cong Wang. 8) Fix WoL wakeup enable in r8169, from Heiner Kallweit. 9) On 32-bit sock->sk_stamp is not thread-safe, from Deepa Dinamani. 10) Fix ptr_ring wrap during queue swap, from Cong Wang. 11) Missing shutdown callback in hinic driver, from Xue Chaojing. 12) Need to return NULL on error from ip6_neigh_lookup(), from Stefano Brivio. 13) BPF out of bounds speculation fixes from Daniel Borkmann" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (57 commits) ipv6: Consider sk_bound_dev_if when binding a socket to an address ipv6: Fix dump of specific table with strict checking bpf: add various test cases to selftests bpf: prevent out of bounds speculation on pointer arithmetic bpf: fix check_map_access smin_value test when pointer contains offset bpf: restrict unknown scalars of mixed signed bounds for unprivileged bpf: restrict stack pointer arithmetic for unprivileged bpf: restrict map value pointer arithmetic for unprivileged bpf: enable access to ax register also from verifier rewrite bpf: move tmp variable into ax register in interpreter bpf: move {prev_,}insn_idx into verifier env isdn: fix kernel-infoleak in capi_unlocked_ioctl ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create() error net/hamradio/6pack: use mod_timer() to rearm timers net-next/hinic:add shutdown callback net: hns3: call hns3_nic_net_open() while doing HNAE3_UP_CLIENT ip: validate header length on virtual device xmit tap: call skb_probe_transport_header after setting skb->dev ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() net: rds: remove unnecessary NULL check ... commit d5c7076b772ad7dcdb92303397b36aee8fa0d25d Author: Steve French Date: Thu Jan 3 02:37:21 2019 -0600 smb3: add smb3.1.1 to default dialect list SMB3.1.1 dialect has additional security (among other) features and should be requested when mounting to modern servers so it can be used if the server supports it. Add SMB3.1.1 to the default list of dialects requested. Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit cdd6a4a0e2ec590c30ad0e965fa08bf37461cadb Author: Enric Balletbo i Serra Date: Mon Dec 17 10:54:09 2018 +0100 MAINTAINERS: add maintainers for ChromeOS EC sub-drivers There are multiple ChromeOS EC sub-drivers spread in different subsystems, as all of them are related to the Chrome stuff add Benson and myself as a maintainers for all these sub-drivers. Signed-off-by: Enric Balletbo i Serra Signed-off-by: Benson Leung Acked-by: Wolfram Sang Acked-by: Chanwoo Choi Acked-by: Jonathan Cameron Acked-by: Alexandre Belloni Acked-by: Lee Jones Acked-by: Sebastian Reichel Acked-by: Guenter Roeck commit 4d5a91fd1f42a821d14b92b082b8e71be9911ba5 Author: Wei Yongjun Date: Thu Jan 3 07:02:30 2019 +0000 hwspinlock: fix return value check in stm32_hwspinlock_probe() In case of error, the function devm_ioremap_resource() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Fixes: f24fcff1d267 ("hwspinlock: add STM32 hwspinlock device") Acked-by: Benjamin Gaignard Signed-off-by: Wei Yongjun Signed-off-by: Bjorn Andersson commit 81482d13f37b1c9354d9bf5491699d993b193246 Author: Parthiban Nallathambi Date: Tue Dec 11 09:04:47 2018 +0100 i2c: Add Actions Semiconductor Owl family S700 I2C support Add S700 to the list of devices supported by Owl I2C driver. Add Actions Semiconductor Owl family S700 I2C driver. Signed-off-by: Parthiban Nallathambi Reviewed-by: Manivannan Sadhasivam Signed-off-by: Wolfram Sang commit 78c0c25a8c08d76d12dd682de259f303baf25770 Author: Parthiban Nallathambi Date: Tue Dec 11 09:04:45 2018 +0100 dt-bindings: i2c: Add S700 support for Actions Semi Soc's Add s700 compatible string to Actions Semi SoC dt-bindings. Signed-off-by: Parthiban Nallathambi Reviewed-by: Rob Herring Signed-off-by: Wolfram Sang commit 5cda2d86de3ef7c926e441481c8e46ae3d1943cf Author: Jarkko Nikula Date: Wed Dec 19 09:01:58 2018 +0200 i2c: ismt: Add support for Intel Cedar Fork Add PCI ID for the Intel Cedar Fork iSMT SMBus controller. Signed-off-by: Jarkko Nikula Acked-by: Neil Horman [wsa: kept sorting] Signed-off-by: Wolfram Sang commit 805e4c8b61bd62f6d3f416c915cb9bb423835fee Author: Arnaldo Carvalho de Melo Date: Thu Jan 3 14:59:11 2019 -0300 tools beauty: Make the prctl option table generator catch all PR_ options In ba8308856564 ("arm64: add prctl control for resetting ptrauth keys") the PR_PAC_RESET_KEYS prctl option was introduced, get that into the regex in addition to PR_GET_* and PR_SET_*: So just get everything that matches '^#define PR_\w+' this ends up adding these entries: $ tools/perf/trace/beauty/prctl_option.sh > after $ diff -u before after --- before 2019-01-03 14:58:51.541807353 -0300 +++ after 2019-01-03 15:17:05.909583804 -0300 @@ -19,12 +19,18 @@ [20] = "SET_ENDIAN", [21] = "GET_SECCOMP", [22] = "SET_SECCOMP", + [23] = "CAPBSET_READ", + [24] = "CAPBSET_DROP", [25] = "GET_TSC", [26] = "SET_TSC", [27] = "GET_SECUREBITS", [28] = "SET_SECUREBITS", [29] = "SET_TIMERSLACK", [30] = "GET_TIMERSLACK", + [31] = "TASK_PERF_EVENTS_DISABLE", + [32] = "TASK_PERF_EVENTS_ENABLE", + [33] = "MCE_KILL", + [34] = "MCE_KILL_GET", [35] = "SET_MM", [36] = "SET_CHILD_SUBREAPER", [37] = "GET_CHILD_SUBREAPER", @@ -33,8 +39,13 @@ [40] = "GET_TID_ADDRESS", [41] = "SET_THP_DISABLE", [42] = "GET_THP_DISABLE", + [43] = "MPX_ENABLE_MANAGEMENT", + [44] = "MPX_DISABLE_MANAGEMENT", [45] = "SET_FP_MODE", [46] = "GET_FP_MODE", + [47] = "CAP_AMBIENT", + [50] = "SVE_SET_VL", + [51] = "SVE_GET_VL", [52] = "GET_SPECULATION_CTRL", [53] = "SET_SPECULATION_CTRL", [54] = "PAC_RESET_KEYS", $ Cc: Adrian Hunter Cc: Jiri Olsa Cc: Kristina Martsenko Cc: Namhyung Kim Cc: Will Deacon Link: https://lkml.kernel.org/n/tip-sg2pkmtjr5988bhbcp4yp6sw@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit c8a43c18a97845e7f94ed7d181c11f41964976a2 Author: Yueyi Li Date: Mon Dec 24 07:40:07 2018 +0000 arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region When KASLR is enabled (CONFIG_RANDOMIZE_BASE=y), the top 4K of kernel virtual address space may be mapped to physical addresses despite being reserved for ERR_PTR values. Fix the randomization of the linear region so that we avoid mapping the last page of the virtual address space. Cc: Ard Biesheuvel Signed-off-by: liyueyi [will: rewrote commit message; merged in suggestion from Ard] Signed-off-by: Will Deacon commit acafce48b07bf5f9994a38e7fe237193d43d092e Author: James Morse Date: Fri Dec 21 19:25:19 2018 +0000 firmware: arm_sdei: Fix DT platform device creation It turns out the dt-probing part of this wasn't tested properly after it was merged. commit 3aa0582fdb82 ("of: platform: populate /firmware/ node from of_platform_default_populate_init()") changed the core-code to generate the platform devices, meaning the driver's attempt fails, and it bails out. Fix this by removing the manual platform-device creation for DT systems, core code has always done this for us. CC: Nicolas Saenz Julienne Signed-off-by: James Morse Signed-off-by: Will Deacon commit c3790b3799f8d75d93d26f6fd7bb569fc8c8b0cb Author: Nicolas Saenz Julienne Date: Fri Dec 21 19:25:18 2018 +0000 firmware: arm_sdei: fix wrong of_node_put() in init function After finding a "firmware" dt node arm_sdei tries to match it's compatible string with it. To do so it's calling of_find_matching_node() which already takes care of decreasing the refcount on the "firmware" node. We are then incorrectly decreasing the refcount on that node again. This patch removes the unwarranted call to of_node_put(). Signed-off-by: Nicolas Saenz Julienne Signed-off-by: James Morse Signed-off-by: Will Deacon commit 8c2c596f8f453ffa6ef3bf14abc48a86b5431e56 Author: Mark Rutland Date: Thu Jan 3 13:23:10 2019 +0000 arm64: entry: remove unused register aliases In commit: 3b7142752e4bee15 ("arm64: convert native/compat syscall entry to C") ... we moved the syscall invocation code from assembly to C, but left behind a number of register aliases which are now unused. Let's remove them before they confuse someone. Cc: Catalin Marinas Reviewed-by: Dave Martin Signed-off-by: Mark Rutland Signed-off-by: Will Deacon commit 3d32c4531958c433a6ee087f31891cb02d6b68d9 Author: Arnaldo Carvalho de Melo Date: Thu Jan 3 14:56:20 2019 -0300 tools headers uapi: Sync prctl.h with the kernel sources To get the changes in ba8308856564 ("arm64: add prctl control for resetting ptrauth keys"), that introduce a prctl with a name that needs to be catch by the prctl cmd table generator, which will be done in the next cset. Cc: Adrian Hunter Cc: Jiri Olsa Cc: Kristina Martsenko Cc: Namhyung Kim Cc: Will Deacon Link: https://lkml.kernel.org/n/tip-a1pahzc8lci0ey1fjvv1chdm@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit abc856259a6dc513868ad91e00a70379825d59c4 Author: Likun Gao Date: Wed Jan 2 12:20:12 2019 +0800 drm/amdgpu: make gfx9 enter into rlc safe mode when set MGCG MGCG should RLC enter into safe mode first. Signed-off-by: Likun Gao Reviewed-by: Huang Rui Signed-off-by: Alex Deucher commit 96d8f63c44e5d4db48d98c40bb74d0a0e47ae301 Author: Kent Russell Date: Thu Jan 3 08:33:15 2019 -0500 drm/amdgpu: Cleanup 2 compiler warnings These 2 variables are unused now, so remove their references. Fixes: e4ae0fc drm/amdgpu: implement gfx8 post_soft_reset Fixes: 5e01c09 drm/amdgpu/gfx_v8_0: Reorder the gfx, kiq and kcq rings test sequence Signed-off-by: Kent Russell Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher commit 94f45df8aaa35471ab3fc802c2cf1b75c8107500 Author: Arnaldo Carvalho de Melo Date: Thu Jan 3 13:53:59 2019 -0300 tools headers x86: Sync disabled-features.h To silence the following tools/perf build warning: Warning: Kernel ABI header at 'tools/arch/x86/include/asm/disabled-features.h' differs from latest version at 'arch/x86/include/asm/disabled-features.h' diff -u tools/arch/x86/include/asm/disabled-features.h arch/x86/include/asm/disabled-features.h Picking up the changes in dae0a1059300 ("x86/cpufeatures, x86/fault: Mark SMAP as disabled when configured out") that didn't entail any functionality change in the tooling side. Cc: Adrian Hunter Cc: Andy Lutomirski Cc: Jiri Olsa Cc: Namhyung Kim Link: https://lkml.kernel.org/n/tip-vvge5xh6ii12oszexqknbgwp@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo commit 93fb7f19985a08bbe3b76da0b35e97b6e472e4a5 Author: Otto Sabart Date: Wed Jan 2 21:01:21 2019 +0100 doc: filesystems: fix bad references to nonexistent ext4.rst file The ext4.rst file does not exist anymore. This patch changes all references to point to the whole ext4 directory. Fixes: d3091215921b ("docs: move ext4 administrative docs to admin-guide/") Signed-off-by: Otto Sabart Signed-off-by: Jonathan Corbet commit 2d457d5506f88b3f6e63577387203f68fce472a9 Author: Ramunas Geciauskas Date: Sat Dec 29 16:00:00 2018 -0500 Documentation/admin-guide: update URL of LKML information link Information regarding linux-kernel mailing list is no longer hosted on tux.org Update the link to point to the one available at kernel.org Signed-off-by: Ramunas Geciauskas Signed-off-by: Jonathan Corbet commit caaf3c83d2842c859d141711806d949f71c5f241 Author: Marcos Paulo de Souza Date: Tue Jan 1 22:40:14 2019 -0200 Docs/kernel-api.rst: Remove blk-tag.c reference After 7ca01926463a, legacy rq tagging was removed, so block/blk-tag.c does not exists anymore. When generating pdfdocs, sphinx complains about this missing file: Error: Cannot open file ./block/blk-tag.c Error: Cannot open file ./block/blk-tag.c Error: Cannot open file ./block/blk-tag.c Error: Cannot open file ./block/blk-tag.c So remove blk-tag.c traces from kernel-api.rst file to silence these warnings. Signed-off-by: Marcos Paulo de Souza Signed-off-by: Jonathan Corbet commit 24ef9ec891c761483c5270528781b8637b908eef Author: Stephen Rothwell Date: Mon Dec 17 10:57:15 2018 +1100 thermal/intel: fixup for Kconfig string parsing tightening up Signed-off-by: Stephen Rothwell commit 43bfeb45109ad154df4dde67d3d04a8876a3bfc1 Author: Ming Lei Date: Thu Jan 3 09:19:48 2019 +0800 block: sunvdc: don't run hw queue synchronously from irq context vdc_blk_queue_start() may be called from irq context, so we can't run queue via blk_mq_start_hw_queues() since we never allow to run queue from irq context. Use blk_mq_start_stopped_hw_queues(q, true) to fix this issue. Fixes: fa182a1fa97dff56cd ("sunvdc: convert to blk-mq") Reported-by: Anatoly Pugachev Tested-by: Anatoly Pugachev Cc: Anatoly Pugachev Cc: sparclinux@vger.kernel.org Acked-by: David S. Miller Signed-off-by: Ming Lei Signed-off-by: Jens Axboe commit dc629c211c65ee5c8f1c4976886d4a5f33f50674 Merge: 645ff1e8e704c e820d55cb99dd Author: Jens Axboe Date: Thu Jan 3 08:21:02 2019 -0700 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md into for-linus Pull the pending 4.21 changes for md from Shaohua. * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md: md: fix raid10 hang issue caused by barrier raid10: refactor common wait code from regular read/write request md: remvoe redundant condition check lib/raid6: add option to skip algo benchmarking lib/raid6: sort algos in rough performance order lib/raid6: check for assembler SSSE3 support lib/raid6: avoid __attribute_const__ redefinition lib/raid6: add missing include for raid6test md: remove set but not used variable 'bi_rdev' commit 1236cd2bad8bc9038af90830cf017c770fdba03c Author: Shaokun Zhang Date: Sat Dec 29 09:43:17 2018 +0800 arm64: smp: Fix compilation error For arm64: updates for 4.21, there is a compilation error: arch/arm64/kernel/head.S: Assembler messages: arch/arm64/kernel/head.S:824: Error: missing ')' arch/arm64/kernel/head.S:824: Error: missing ')' arch/arm64/kernel/head.S:824: Error: missing ')' arch/arm64/kernel/head.S:824: Error: unexpected characters following instruction at operand 2 -- `mov x2,#(2)|(2U<<(8))' scripts/Makefile.build:391: recipe for target 'arch/arm64/kernel/head.o' failed make[1]: *** [arch/arm64/kernel/head.o] Error 1 GCC version is gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609 Let's fix it using the UL() macro. Fixes: 66f16a24512f ("arm64: smp: Rework early feature mismatched detection") Cc: Catalin Marinas Cc: Will Deacon Tested-by: John Stultz Signed-off-by: Shaokun Zhang [will: consistent use of UL() for all shifts in asm constants] Signed-off-by: Will Deacon commit 8a99255a50c0b4c2a449b96fd8d45fcc8d72c701 Author: Jin Yao Date: Thu Jan 3 15:40:45 2019 +0800 perf stat: Fix endless wait for child process We hit a 'perf stat' issue by using following script: #!/bin/bash sleep 1000 & exec perf stat -a -e cycles -I1000 -- sleep 5 Since "perf stat" is launched by exec, the "sleep 1000" would be the child process of "perf stat". The wait4() call will not return because it's waiting for the child process "sleep 1000" to end. So 'perf stat' doesn't return even after 5s passes. This patch lets 'perf stat' return when the specified child process ends (in this case, the specified child process is "sleep 5"). Committer testing: # cat test.sh #!/bin/bash sleep 10 & exec perf stat -a -e cycles -I1000 -- sleep 5 # Before: # time ./test.sh # time counts unit events 1.001113090 108,453,351 cycles 2.002062196 142,075,435 cycles 3.002896194 164,801,068 cycles 4.003731666 107,062,140 cycles 5.002068867 112,241,832 cycles real 0m10.066s user 0m0.016s sys 0m0.101s # After: # time ./test.sh # time counts unit events 1.001016096 91,412,027 cycles 2.002014963 124,063,708 cycles 3.002883964 125,993,929 cycles 4.003706470 120,465,734 cycles 5.002006778 163,560,355 cycles real 0m5.123s user 0m0.014s sys 0m0.105s # Signed-off-by: Jin Yao Reviewed-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: Andi Kleen Cc: Kan Liang Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1546501245-4512-1-git-send-email-yao.jin@linux.intel.com Signed-off-by: Arnaldo Carvalho de Melo commit 2573be22e5b6f24a0cabc97715c808c47e29eaaf Merge: 6d101ba6be2a2 b25756df5b28c Author: Ingo Molnar Date: Thu Jan 3 14:05:16 2019 +0100 Merge tag 'perf-core-for-mingo-4.21-20190103' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo: perf c2c: Jiri Olsa: - Change the default coalesce setup to from '--coalesce pid,iaddr' to just '--coalesce iaddr'. - Increase the HITM ratio limit for displayed cachelines. perf script: Andi Kleen: - Fix LBR skid dump problems in brstackinsn. perf trace: Arnaldo Carvalho de Melo: - Check if the raw_syscalls:sys_{enter,exit} are setup before setting tp filter. - Do not hardcode the size of the tracepoint common_ fields. - Beautify USBDEFFS_ ioctl commands. Colin Ian King: - Use correct SECCOMP prefix spelling, "SECOMP_*" -> "SECCOMP_*". perf python: Jiri Olsa: - Do not force closing original perf descriptor in evlist.get_pollfd(). tools misc: Jiri Olsa: - Allow overriding CFLAGS and LDFLAGS. perf build: Stanislav Fomichev: - Don't unconditionally link the libbfd feature test to -liberty and -lz thread-stack: Adrian Hunter: - Fix processing for the idle task, having a stack per cpu. Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit bd8879faafe6d057237461c4d58d8b0d37b9e3ee Merge: f8f807441eefd 8c32d47b151b6 0e1f37d120ec3 7f5592742a429 aeed35faee526 31a8b3ee16e30 16767229940fb 74fbc7d371d9a Author: Jiri Kosina Date: Thu Jan 3 12:50:28 2019 +0100 Merge branches 'for-4.20/upstream-fixes', 'for-4.21/core', 'for-4.21/hid-asus', 'for-4.21/hid-core', 'for-4.21/hid-cougar', 'for-4.21/hidraw', 'for-4.21/highres-wheel' and 'for-4.21/ish' into for-linus commit b9ced18acf68dffebe6888c7ec765a2b1db7a039 Author: Chao Fan Date: Wed Dec 26 11:34:50 2018 +0800 ACPI: NUMA: Use correct type for printing addresses on i386-PAE The addresses of NUMA nodes are not printed correctly on i386-PAE which is misleading. Here is a debian9-32bit with PAE in a QEMU guest having more than 4G of memory: qemu-system-i386 \ -hda /var/lib/libvirt/images/debian32.qcow2 \ -m 5G \ -enable-kvm \ -smp 10 \ -numa node,mem=512M,nodeid=0,cpus=0 \ -numa node,mem=512M,nodeid=1,cpus=1 \ -numa node,mem=512M,nodeid=2,cpus=2 \ -numa node,mem=512M,nodeid=3,cpus=3 \ -numa node,mem=512M,nodeid=4,cpus=4 \ -numa node,mem=512M,nodeid=5,cpus=5 \ -numa node,mem=512M,nodeid=6,cpus=6 \ -numa node,mem=512M,nodeid=7,cpus=7 \ -numa node,mem=512M,nodeid=8,cpus=8 \ -numa node,mem=512M,nodeid=9,cpus=9 \ -serial stdio Because of the wrong value type, it prints as below: [ 0.021049] ACPI: SRAT Memory (0x0 length 0xa0000) in proximity domain 0 enabled [ 0.021740] ACPI: SRAT Memory (0x100000 length 0x1ff00000) in proximity domain 0 enabled [ 0.022425] ACPI: SRAT Memory (0x20000000 length 0x20000000) in proximity domain 1 enabled [ 0.023092] ACPI: SRAT Memory (0x40000000 length 0x20000000) in proximity domain 2 enabled [ 0.023764] ACPI: SRAT Memory (0x60000000 length 0x20000000) in proximity domain 3 enabled [ 0.024431] ACPI: SRAT Memory (0x80000000 length 0x20000000) in proximity domain 4 enabled [ 0.025104] ACPI: SRAT Memory (0xa0000000 length 0x20000000) in proximity domain 5 enabled [ 0.025791] ACPI: SRAT Memory (0x0 length 0x20000000) in proximity domain 6 enabled [ 0.026412] ACPI: SRAT Memory (0x20000000 length 0x20000000) in proximity domain 7 enabled [ 0.027118] ACPI: SRAT Memory (0x40000000 length 0x20000000) in proximity domain 8 enabled [ 0.027802] ACPI: SRAT Memory (0x60000000 length 0x20000000) in proximity domain 9 enabled The upper half of the start address of the NUMA domains between 6 and 9 inclusive was cut, so the printed values are incorrect. Fix the value type, to get the correct values in the log as follows: [ 0.023698] ACPI: SRAT Memory (0x0 length 0xa0000) in proximity domain 0 enabled [ 0.024325] ACPI: SRAT Memory (0x100000 length 0x1ff00000) in proximity domain 0 enabled [ 0.024981] ACPI: SRAT Memory (0x20000000 length 0x20000000) in proximity domain 1 enabled [ 0.025659] ACPI: SRAT Memory (0x40000000 length 0x20000000) in proximity domain 2 enabled [ 0.026317] ACPI: SRAT Memory (0x60000000 length 0x20000000) in proximity domain 3 enabled [ 0.026980] ACPI: SRAT Memory (0x80000000 length 0x20000000) in proximity domain 4 enabled [ 0.027635] ACPI: SRAT Memory (0xa0000000 length 0x20000000) in proximity domain 5 enabled [ 0.028311] ACPI: SRAT Memory (0x100000000 length 0x20000000) in proximity domain 6 enabled [ 0.028985] ACPI: SRAT Memory (0x120000000 length 0x20000000) in proximity domain 7 enabled [ 0.029667] ACPI: SRAT Memory (0x140000000 length 0x20000000) in proximity domain 8 enabled [ 0.030334] ACPI: SRAT Memory (0x160000000 length 0x20000000) in proximity domain 9 enabled Signed-off-by: Chao Fan [ rjw: Subject & changelog ] Signed-off-by: Rafael J. Wysocki commit f8f807441eefddc3c6d8a378421f0ede6361d565 Author: Hans de Goede Date: Wed Dec 26 15:31:56 2018 +0100 HID: i2c-hid: Add Odys Winbook 13 to descriptor override The Odys Winbook 13 uses a SIPODEV SP1064 touchpad, which does not supply descriptors, add this to the DMI descriptor override list, fixing the touchpad not working. BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1526312 Reported-by: Rene Wagner Signed-off-by: Hans de Goede Signed-off-by: Jiri Kosina commit 6ae16dfb61bce538d48b7fe98160fada446056c5 Author: Aditya Pakki Date: Mon Dec 24 15:39:14 2018 -0600 HID: lenovo: Add checks to fix of_led_classdev_register In lenovo_probe_tpkbd(), the function of_led_classdev_register() could return an error value that is unchecked. The fix adds these checks. Signed-off-by: Aditya Pakki Signed-off-by: Jiri Kosina commit 088d923a11e683af28ad9cea9b66782fff588495 Author: Rafael J. Wysocki Date: Wed Jan 2 12:13:52 2019 +0100 cpufreq / Documentation: Update cpufreq MAINTAINERS entry Update the MAINTAINERS entry for cpufreq by making it clear that it is not just drivers and adding current documentation records to it. Signed-off-by: Rafael J. Wysocki Acked-by: Viresh Kumar commit 3f2d347e851ef4464dea49504cde85e5eef67b2d Author: Beomho Seo Date: Fri Dec 21 15:32:28 2018 +0100 mfd: exynos-lpass: Enable UART module support This patch enables proper interrupts routing between UART module in Exynos Audio SubSystem and the rest of the SoC. This routing is completely transparent for UART device and CPU/GIC. UART driver requests interrupts from the respective controller and enables/masks/handles it by itself via standard methods. There are boards (for example TM2), which use UART module in Exynos Audio SubStem for communication with BlueTooth chip. Signed-off-by: Beomho Seo [mszyprow: rephrased commit message, added UART reset] Signed-off-by: Marek Szyprowski Reviewed-by: Sylwester Nawrocki Signed-off-by: Lee Jones commit 9e28989d41c0eab57ec0bb156617a8757406ff8a Author: Kangjie Lu Date: Thu Dec 20 15:12:11 2018 -0600 mfd: mc13xxx: Fix a missing check of a register-read failure When mc13xxx_reg_read() fails, "old_adc0" is uninitialized and will contain random value. Further execution uses "old_adc0" even when mc13xxx_reg_read() fails. The fix checks the return value of mc13xxx_reg_read(), and exits the execution when it fails. Signed-off-by: Kangjie Lu Signed-off-by: Lee Jones commit c1f3375be60c562e24460d41b75e564c0a429835 Author: Cheng-Yi Chiang Date: Tue Dec 18 17:06:26 2018 +0800 mfd: cros_ec: Add commands to control codec Add EC host commands to control codec on EC. Signed-off-by: Cheng-Yi Chiang Signed-off-by: Lee Jones commit 4bcb83e055033592e8672a8deb7b209eed936e11 Author: Richard Fitzgerald Date: Fri Dec 14 14:39:14 2018 +0000 mfd: madera: Remove spurious semicolon in while loop Coccinelle warning of a spurious semicolon on the closing brace of a while loop. Signed-off-by: Richard Fitzgerald Signed-off-by: Lee Jones commit f7b1e49c670370eeb21e0d7feb7eaa2468ad7ae2 Author: Yangtao Li Date: Sat Dec 15 03:29:18 2018 -0500 mfd: rave-sp: Fix typo in rave_sp_checksum comment Caculated -> Calculated Signed-off-by: Yangtao Li Signed-off-by: Lee Jones commit ddf5aaa8eecb6ccf51f311a513c3a5011fbe0d54 Author: Paul Cercueil Date: Sun Dec 16 15:10:44 2018 +0100 mfd: ingenic-tcu: Fix bit field description in header The description of the bit was inverted. Signed-off-by: Paul Cercueil Signed-off-by: Lee Jones commit 75d4c5e03c2ae9902ab521024b10291f6fc9515b Author: Keerthy Date: Sun Dec 9 19:29:31 2018 +0530 mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() Use devm_regmap_add_irq_chip and clean up error path in probe and also the remove function. Reported-by: Christian Hohnstaedt Signed-off-by: Keerthy Reviewed-by: Sebastian Reichel Signed-off-by: Lee Jones commit 38df91cc0b82d053234accf4429eafd2f5a4d401 Author: Rob Herring Date: Wed Dec 5 13:50:31 2018 -0600 mfd: Use of_node_name_eq() for node name comparisons Convert string compares of DT node names to use of_node_name_eq() helper instead. This removes direct access to the node name pointer. Signed-off-by: Rob Herring Signed-off-by: Lee Jones commit 18e294ddafaeb80a1e2e10c9bd750a6cb8388d5b Author: Enric Balletbo i Serra Date: Mon Dec 10 19:00:02 2018 +0100 mfd: cros_ec_dev: Add missing mfd_remove_devices() call in remove The driver adds different MFD child devices via mfd_add_devices() and hence it is required to call mfd_remove_devices() to remove MFD child devices. Fixes: 5e0115581bbc ("cros_ec: Move cros_ec_dev module to drivers/mfd") Signed-off-by: Enric Balletbo i Serra Signed-off-by: Lee Jones commit ea90e7b47f0a8bd2fe14e9a88f523de7c67db90a Author: Oskari Lemmela Date: Sat Dec 8 19:58:47 2018 +0200 mfd: axp20x: Add supported cells for AXP803 Parts of the AXP803 are compatible with their counterparts on the AXP813. These include the GPIO, ADC, AC and battery power supplies. Signed-off-by: Oskari Lemmela Reviewed-by: Chen-Yu Tsai Tested-by: Vasily Khoruzhick Signed-off-by: Chen-Yu Tsai Signed-off-by: Lee Jones commit 753a8d083e085c6f552c7982749de4cc7c40e2ac Author: Chen-Yu Tsai Date: Sat Dec 8 19:58:46 2018 +0200 mfd: axp20x: Re-align MFD cell entries In the axp20x driver, the various mfd_cell lists had varying amounts of indentation, sometimes even within the same list. For the axp288, there's no alignment at all. Re-align the right hand side of the assignments with the least amount of tabs possible. Also collapse the closing bracket and the opening bracket of the next entry onto the same line for the axp288, to be consistent with all the other mfd_cell lists. This patch is whitespace change only. No functionality is modified. Signed-off-by: Chen-Yu Tsai Signed-off-by: Oskari Lemmela Signed-off-by: Lee Jones commit 4a19f9a65375ca9781b3ca9e810ece92edfc3e78 Author: Oskari Lemmela Date: Tue Nov 20 19:52:10 2018 +0200 mfd: axp20x: Add AC power supply cell for AXP813 As axp20x-ac-power-supply now supports AXP813, add a cell for it. Signed-off-by: Oskari Lemmela Reviewed-by: Quentin Schulz Reviewed-by: Chen-Yu Tsai Tested-by: Vasily Khoruzhick Signed-off-by: Lee Jones commit 04c801c18ded421845324255e660147a6f58dcd6 Author: Charles Keepax Date: Wed Nov 28 10:04:22 2018 +0000 mfd: wm5110: Add missing ASRC rate register Signed-off-by: Charles Keepax Signed-off-by: Lee Jones commit 504e4175829c44328773b96ad9c538e4783a8d22 Author: Jonathan Marek Date: Mon Nov 19 14:53:17 2018 -0500 mfd: qcom_rpm: write fw_version to CTRL_REG This is required as part of the initialization sequence on certain SoCs. If these registers are not initialized, the hardware can be unresponsive. This fixes the driver on apq8060 (HP TouchPad device). Signed-off-by: Jonathan Marek Signed-off-by: Lee Jones commit ac4ca4b9f4623ba5e1ea7a582f286567c611e027 Author: Jonathan Hunter Date: Tue Nov 13 08:56:31 2018 +0000 mfd: tps6586x: Handle interrupts on suspend The tps6586x driver creates an irqchip that is used by its various child devices for managing interrupts. The tps6586x-rtc device is one of its children that uses the tps6586x irqchip. When using the tps6586x-rtc as a wake-up device from suspend, the following is seen: PM: Syncing filesystems ... done. Freezing user space processes ... (elapsed 0.001 seconds) done. OOM killer disabled. Freezing remaining freezable tasks ... (elapsed 0.000 seconds) done. Disabling non-boot CPUs ... Entering suspend state LP1 Enabling non-boot CPUs ... CPU1 is up tps6586x 3-0034: failed to read interrupt status tps6586x 3-0034: failed to read interrupt status The reason why the tps6586x interrupt status cannot be read is because the tps6586x interrupt is not masked during suspend and when the tps6586x-rtc interrupt occurs, to wake-up the device, the interrupt is seen before the i2c controller has been resumed in order to read the tps6586x interrupt status. The tps6586x-rtc driver sets it's interrupt as a wake-up source during suspend, which gets propagated to the parent tps6586x interrupt. However, the tps6586x-rtc driver cannot disable it's interrupt during suspend otherwise we would never be woken up and so the tps6586x must disable it's interrupt instead. Prevent the tps6586x interrupt handler from executing on exiting suspend before the i2c controller has been resumed by disabling the tps6586x interrupt on entering suspend and re-enabling it on resuming from suspend. Cc: stable@vger.kernel.org Signed-off-by: Jon Hunter Reviewed-by: Dmitry Osipenko Tested-by: Dmitry Osipenko Acked-by: Thierry Reding Signed-off-by: Lee Jones commit 7f9472134a5af31bad191f074a5d416146da26f7 Author: Richard Fitzgerald Date: Mon Nov 12 15:28:37 2018 +0000 mfd: madera: Add shared data for accessory detection Add variables to struct madera that will be shared by the extcon and audio codec drivers to synchronize output state during accessory detection. Also add a mutex to protect the DAPM pointer. Signed-off-by: Richard Fitzgerald Signed-off-by: Lee Jones commit 628f3dfe4c7b35bbe63ec194ca6da857b00b0083 Author: Jean Delvare Date: Mon Nov 12 10:49:42 2018 +0100 mfd: at91-usart: Add platform dependency It doesn't make sense to present option MFD_AT91_USART by default if not building an AT91 kernel, as the drivers which depend on it are not available. Fixes: 7d3aa342cef7 ("mfd: at91-usart: Add MFD driver for USART") Signed-off-by: Jean Delvare Signed-off-by: Lee Jones commit b0aff01e7aa6ad2d6998ef1323843212d1db8b04 Author: Dien Pham Date: Wed Oct 3 15:58:41 2018 +0200 mfd: bd9571mwv: Add volatile register to make DVFS work Because BD9571MWV_DVFS_MONIVDAC is not defined in the volatile table, the physical register value is not updated by regmap and DVFS doesn't work as expected. Fix it! Fixes: d3ea21272094 ("mfd: Add ROHM BD9571MWV-M MFD PMIC driver") Signed-off-by: Dien Pham [wsa: rebase, add 'Fixes', reword commit message] Signed-off-by: Wolfram Sang Reviewed-by: Marek Vasut Signed-off-by: Lee Jones commit 10628e3ecf544fa2e4e24f8e112d95c37884dc98 Author: Dan Carpenter Date: Thu Oct 25 15:43:44 2018 +0300 mfd: ab8500-core: Return zero in get_register_interruptible() This function is supposed to return zero on success or negative error codes on error. Unfortunately, there is a bug so it sometimes returns non-zero, positive numbers on success. I noticed this bug during review and I can't test it. It does appear that the return is sometimes propogated back to _regmap_read() where all non-zero returns are treated as failure so this may affect run time. Fixes: 47c1697508f2 ("mfd: Align ab8500 with the abx500 interface") Signed-off-by: Dan Carpenter Reviewed-by: Linus Walleij Signed-off-by: Lee Jones commit a54e950fdec3cde98caa04bc601cbdc95d0d319c Author: Geert Uytterhoeven Date: Wed Nov 7 14:50:01 2018 +0100 mfd: tmio: Typo s/use use/use/ Signed-off-by: Geert Uytterhoeven Reviewed-by: Wolfram Sang Reviewed-by: Simon Horman Signed-off-by: Lee Jones commit a177276aa098aa47a100d51a13eaaef029604b6d Author: Nicolas Boichat Date: Mon Oct 22 10:55:06 2018 +0800 mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported If the PMIC ID is unknown, the current code would call irq_domain_remove and panic, as pmic->irq_domain is only initialized by mt6397_irq_init. Return immediately with an error, if the chip ID is unsupported. Signed-off-by: Nicolas Boichat Signed-off-by: Lee Jones commit a3888f62fe66429fad3be7f2ba962e1e08c26fd6 Author: Nathan Chancellor Date: Wed Oct 17 17:56:28 2018 -0700 mfd: db8500-prcmu: Fix some section annotations When building the kernel with Clang, the following section mismatch warnings appear: WARNING: vmlinux.o(.text+0x7239cc): Section mismatch in reference from the function db8500_prcmu_probe() to the function .init.text:init_prcm_registers() The function db8500_prcmu_probe() references the function __init init_prcm_registers(). This is often because db8500_prcmu_probe lacks a __init annotation or the annotation of init_prcm_registers is wrong. WARNING: vmlinux.o(.text+0x723e28): Section mismatch in reference from the function db8500_prcmu_probe() to the function .init.text:fw_project_name() The function db8500_prcmu_probe() references the function __init fw_project_name(). This is often because db8500_prcmu_probe lacks a __init annotation or the annotation of fw_project_name is wrong. db8500_prcmu_probe should not be marked as __init so remove the __init annotation from fw_project_name and init_prcm_registers. Signed-off-by: Nathan Chancellor Signed-off-by: Lee Jones commit 8838555089f0345b87f4277fe5a8dd647dc65589 Author: Nathan Chancellor Date: Wed Oct 17 10:13:23 2018 -0700 mfd: twl-core: Fix section annotations on {,un}protect_pm_master When building the kernel with Clang, the following section mismatch warning appears: WARNING: vmlinux.o(.text+0x3d84a3b): Section mismatch in reference from the function twl_probe() to the function .init.text:unprotect_pm_master() The function twl_probe() references the function __init unprotect_pm_master(). This is often because twl_probe lacks a __init annotation or the annotation of unprotect_pm_master is wrong. Remove the __init annotation on the *protect_pm_master functions so there is no more mismatch. Signed-off-by: Nathan Chancellor Signed-off-by: Lee Jones commit 55a7f0065533f71991c720457ea24ff2fe909f81 Author: Steve French Date: Tue Jan 1 17:19:45 2019 -0600 cifs: fix confusing warning message on reconnect When DFS is not used on the mount we should not be mentioning DFS in the warning message on reconnect (it could be confusing). Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit 6d2f84eee098540ae857998fe32f29b9e2cd9613 Author: Paul Aurich Date: Mon Dec 31 14:13:34 2018 -0800 smb3: fix large reads on encrypted connections When passing a large read to receive_encrypted_read(), ensure that the demultiplex_thread knows that a MID was processed. Without this, those operations never complete. This is a similar issue/fix to lease break handling: commit 7af929d6d05ba5564139718e30d5bc96bdbc716a ("smb3: fix lease break problem introduced by compounding") CC: Stable # 4.19+ Fixes: b24df3e30cbf ("cifs: update receive_encrypted_standard to handle compounded responses") Signed-off-by: Paul Aurich Tested-by: Yves-Alexis Perez Signed-off-by: Steve French Reviewed-by: Ronnie Sahlberg commit c5ee066333ebc322a24a00a743ed941a0c68617e Author: David Ahern Date: Wed Jan 2 18:57:09 2019 -0800 ipv6: Consider sk_bound_dev_if when binding a socket to an address IPv6 does not consider if the socket is bound to a device when binding to an address. The result is that a socket can be bound to eth0 and then bound to the address of eth1. If the device is a VRF, the result is that a socket can only be bound to an address in the default VRF. Resolve by considering the device if sk_bound_dev_if is set. This problem exists from the beginning of git history. Signed-off-by: David Ahern Signed-off-by: David S. Miller commit 73155879b3c1ac3ace35208a54a3a160ec520bef Author: David Ahern Date: Wed Jan 2 18:26:13 2019 -0800 ipv6: Fix dump of specific table with strict checking Dump of a specific table with strict checking enabled is looping. The problem is that the end of the table dump is not marked in the cb. When dumping a specific table, cb args 0 and 1 are not used (they are the hash index and entry with an hash table index when dumping all tables). Re-use args[0] to hold a 'done' flag for the specific table dump. Fixes: 13e38901d46ca ("net/ipv6: Plumb support for filtering route dumps") Reported-by: Jakub Kicinski Signed-off-by: David Ahern Signed-off-by: David S. Miller commit 645ff1e8e704c4f33ab1fcd3c87f95cb9b6d7144 Merge: d548e65904ae4 592b15ba7260f Author: Linus Torvalds Date: Wed Jan 2 18:56:59 2019 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input updates from Dmitry Torokhov: "A tiny pull request this merge window unfortunately, should get more material in for the next release: - new driver for Raspberry Pi's touchscreen (firmware interface) - miscellaneous input driver fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G Input: atmel_mxt_ts - don't try to free unallocated kernel memory Input: drv2667 - fix indentation issues Input: touchscreen - fix coding style issue Input: add official Raspberry Pi's touchscreen driver Input: nomadik-ske-keypad - fix a loop timeout test Input: rotary-encoder - don't log EPROBE_DEFER to kernel log Input: olpc_apsp - remove set but not used variable 'np' Input: olpc_apsp - enable the SP clock Input: olpc_apsp - check FIFO status on open(), not probe() Input: olpc_apsp - drop CONFIG_OLPC dependency clk: mmp2: add SP clock dt-bindings: marvell,mmp2: Add clock id for the SP clock Input: ad7879 - drop platform data support commit d548e65904ae43b0637d200a2441fc94e0589c30 Merge: 77d0b194b2df0 a691ffb46edd7 Author: Linus Torvalds Date: Wed Jan 2 18:54:45 2019 -0800 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio/vhost updates from Michael Tsirkin: "Features, fixes, cleanups: - discard in virtio blk - misc fixes and cleanups" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: vhost: correct the related warning message vhost: split structs into a separate header file virtio: remove deprecated VIRTIO_PCI_CONFIG() vhost/vsock: switch to a mutex for vhost_vsock_hash virtio_blk: add discard and write zeroes support commit 77d0b194b2df04a1992f882d96ff4e2bd8bb8fe0 Merge: b79f9f93eb483 427c5ce4417cb Author: Linus Torvalds Date: Wed Jan 2 18:49:58 2019 -0800 Merge tag 'for-4.21/block-20190102' of git://git.kernel.dk/linux-block Pull more block updates from Jens Axboe: - Dead code removal for loop/sunvdc (Chengguang) - Mark BIDI support for bsg as deprecated, logging a single dmesg warning if anyone is actually using it (Christoph) - blkcg cleanup, killing a dead function and making the tryget_closest variant easier to read (Dennis) - Floppy fixes, one fixing a regression in swim3 (Finn) - lightnvm use-after-free fix (Gustavo) - gdrom leak fix (Wenwen) - a set of drbd updates (Lars, Luc, Nathan, Roland) * tag 'for-4.21/block-20190102' of git://git.kernel.dk/linux-block: (28 commits) block/swim3: Fix regression on PowerBook G3 block/swim3: Fix -EBUSY error when re-opening device after unmount block/swim3: Remove dead return statement block/amiflop: Don't log error message on invalid ioctl gdrom: fix a memory leak bug lightnvm: pblk: fix use-after-free bug block: sunvdc: remove redundant code block: loop: remove redundant code bsg: deprecate BIDI support in bsg blkcg: remove unused __blkg_release_rcu() blkcg: clean up blkg_tryget_closest() drbd: Change drbd_request_detach_interruptible's return type to int drbd: Avoid Clang warning about pointless switch statment drbd: introduce P_ZEROES (REQ_OP_WRITE_ZEROES on the "wire") drbd: skip spurious timeout (ping-timeo) when failing promote drbd: don't retry connection if peers do not agree on "authentication" settings drbd: fix print_st_err()'s prototype to match the definition drbd: avoid spurious self-outdating with concurrent disconnect / down drbd: do not block when adjusting "disk-options" while IO is frozen drbd: fix comment typos ... commit b79f9f93eb483f2757b089bb4e1eb3827a609080 Merge: 0f2107daec813 745d51dc8a29e Author: Linus Torvalds Date: Wed Jan 2 18:47:56 2019 -0800 Merge tag 'for-4.21/libata-20190102' of git://git.kernel.dk/linux-block Pull libata fix from Jens Axboe: "This libata change missed the original libata pull request. Just a single fix in here, fixing a missed reference drop" * tag 'for-4.21/libata-20190102' of git://git.kernel.dk/linux-block: ata: pata_macio: add of_node_put() commit 0f2107daec8137e1ea8bcd6df1323ffe46a2e873 Merge: 01766d27d265a 08972760d366b Author: Linus Torvalds Date: Wed Jan 2 18:45:50 2019 -0800 Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull more clk updates from Stephen Boyd: "One more patch to generalize a set of DT binding defines now before -rc1 comes out. This way the SoC DTS files can use the proper defines from a stable tag" * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: imx8qxp: make the name of clock ID generic commit 01766d27d265afe7e93a8aa033afae5635d5aba0 Merge: 35ddb06a46753 f4747b9c68b88 Author: Linus Torvalds Date: Wed Jan 2 18:43:57 2019 -0800 Merge tag 'devprop-4.21-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull device properties framework fixes from Rafael Wysocki: "Fix two potential NULL pointer dereferences found by Coverity in the software nodes code introduced recently (Colin Ian King)" * tag 'devprop-4.21-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: drivers: base: swnode: check if swnode is NULL before dereferencing it drivers: base: swnode: check if pointer p is NULL before dereferencing it commit 35ddb06a467538434b4139fbf5c02a2ef073162a Merge: 6aa293d8ff093 d69e11648e486 Author: Linus Torvalds Date: Wed Jan 2 18:41:38 2019 -0800 Merge tag 'mailbox-v4.21' of git://git.linaro.org/landing-teams/working/fujitsu/integration Pull mailbox updates from Jassi Brar: - Introduce device-managed registration devm_mbox_controller_un/register and convert drivers to use it - Introduce flush api to support clients that must busy-wait in atomic context - Support multiple controllers per device - Hi3660: a bugfix and constify ops structure - TI-MsgMgr: off by one bugfix. - BCM: switch to spdx license - Tegra-HSP: support for shared mailboxes and suspend/resume. * tag 'mailbox-v4.21' of git://git.linaro.org/landing-teams/working/fujitsu/integration: (30 commits) mailbox: tegra-hsp: Use device-managed registration API mailbox: tegra-hsp: use devm_kstrdup_const() mailbox: tegra-hsp: Add suspend/resume support mailbox: tegra-hsp: Add support for shared mailboxes dt-bindings: tegra186-hsp: Add shared mailboxes mailbox: Allow multiple controllers per device mailbox: Support blocking transfers in atomic context mailbox: ti-msgmgr: Use device-managed registration API mailbox: stm32-ipcc: Use device-managed registration API mailbox: rockchip: Use device-managed registration API mailbox: qcom-apcs: Use device-managed registration API mailbox: platform-mhu: Use device-managed registration API mailbox: omap: Use device-managed registration API mailbox: mtk-cmdq: Remove needless devm_kfree() calls mailbox: mtk-cmdq: Use device-managed registration API mailbox: xgene-slimpro: Use device-managed registration API mailbox: sti: Use device-managed registration API mailbox: altera: Use device-managed registration API mailbox: imx: Use device-managed registration API mailbox: hi6220: Use device-managed registration API ... commit 6aa293d8ff0939802a6c86cee6cd152c1b0a7a0d Merge: 04a17edeca524 940b241d9050f Author: Linus Torvalds Date: Wed Jan 2 18:39:22 2019 -0800 Merge branch 'for-linus-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml Pull UML updates from Richard Weinberger: - DISCARD support for our block device driver - Many TLB flush optimizations - Various smaller fixes - And most important, Anton agreed to help me maintaining UML * 'for-linus-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml: um: Remove obsolete reenable_XX calls um: writev needs Add Anton Ivanov to UML maintainers um: remove redundant generic-y um: Optimize Flush TLB for force/fork case um: Avoid marking pages with "changed protection" um: Skip TLB flushing where not needed um: Optimize TLB operations v2 um: Remove unnecessary faulted check in uaccess.c um: Add support for DISCARD in the UBD Driver um: Remove unsafe printks from the io thread um: Clean-up command processing in UML UBD driver um: Switch to block-mq constants in the UML UBD driver um: Make GCOV depend on !KCOV um: Include sys/uio.h to have writev() um: Add HAVE_DEBUG_BUGVERBOSE um: Update maintainers file entry commit 04a17edeca524b71dbb5be41a7002d247fbf34c0 Merge: e6b9257280846 ec10574d00da0 Author: Linus Torvalds Date: Wed Jan 2 18:37:01 2019 -0800 Merge tag 's390-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 updates from Martin Schwidefsky: - A larger update for the zcrypt / AP bus code: + Update two inline assemblies in the zcrypt driver to make gcc happy + Add a missing reply code for invalid special commands for zcrypt + Allow AP device reset to be triggered from user space + Split the AP scan function into smaller, more readable functions - Updates for vfio-ccw and vfio-ap + Add maintainers and reviewer for vfio-ccw + Include facility.h in vfio_ap_drv.c to avoid fragile include chain + Simplicy vfio-ccw state machine - Use the common code version of bust_spinlocks - Make use of the DEFINE_SHOW_ATTRIBUTE - Fix three incorrect file permissions in the DASD driver - Remove bit spin-lock from the PCI interrupt handler - Fix GFP_ATOMIC vs GFP_KERNEL in the PCI code * tag 's390-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/zcrypt: rework ap scan bus code s390/zcrypt: make sysfs reset attribute trigger queue reset s390/pci: fix sleeping in atomic during hotplug s390/pci: remove bit_lock usage in interrupt handler s390/drivers: fix proc/debugfs file permissions s390: convert to DEFINE_SHOW_ATTRIBUTE MAINTAINERS/vfio-ccw: add Farhan and Eric, make Halil Reviewer vfio: ccw: Merge BUSY and BOXED states s390: use common bust_spinlocks() s390/zcrypt: improve special ap message cmd handling s390/ap: rework assembler functions to use unions for in/out register variables s390: vfio-ap: include for test_facility() commit bf77ae4c98d721a9aae3840970d46669a78e034a Author: NeilBrown Date: Thu Jan 3 11:04:08 2019 +1100 locks: fix error in locks_move_blocks() After moving all requests from fl->fl_blocked_requests to new->fl_blocked_requests it is nonsensical to do anything to all the remaining elements, there aren't any. This should do something to all the requests that have been moved. For simplicity, it does it to all requests in the target list. Setting "f->fl_blocker = new" to all members of new->fl_blocked_requests is "obviously correct" as it preserves the invariant of the linkage among requests. Reported-by: syzbot+239d99847eb49ecb3899@syzkaller.appspotmail.com Fixes: 5946c4319ebb ("fs/locks: allow a lock request to block other requests.") Signed-off-by: NeilBrown Signed-off-by: Jeff Layton commit be63004336d008b71f93dfe166f503ae2e53a32e Merge: d63967e475ae1 a67825f519514 Author: David S. Miller Date: Wed Jan 2 16:38:59 2019 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Alexei Starovoitov says: ==================== pull-request: bpf 2019-01-02 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) prevent out of bounds speculation on pointer arithmetic, from Daniel. 2) typo fix, from Xiaozhou. ==================== Signed-off-by: David S. Miller commit e6b92572808467f35fd159d47c45b650de29e722 Merge: e45428a436765 260f71eff493a Author: Linus Torvalds Date: Wed Jan 2 16:35:23 2019 -0800 Merge tag 'nfs-for-4.21-1' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client updates from Anna Schumaker: "Stable bugfixes: - xprtrdma: Yet another double DMA-unmap # v4.20 Features: - Allow some /proc/sys/sunrpc entries without CONFIG_SUNRPC_DEBUG - Per-xprt rdma receive workqueues - Drop support for FMR memory registration - Make port= mount option optional for RDMA mounts Other bugfixes and cleanups: - Remove unused nfs4_xdev_fs_type declaration - Fix comments for behavior that has changed - Remove generic RPC credentials by switching to 'struct cred' - Fix crossing mountpoints with different auth flavors - Various xprtrdma fixes from testing and auditing the close code - Fixes for disconnect issues when using xprtrdma with krb5 - Clean up and improve xprtrdma trace points - Fix NFS v4.2 async copy reboot recovery" * tag 'nfs-for-4.21-1' of git://git.linux-nfs.org/projects/anna/linux-nfs: (63 commits) sunrpc: convert to DEFINE_SHOW_ATTRIBUTE sunrpc: Add xprt after nfs4_test_session_trunk() sunrpc: convert unnecessary GFP_ATOMIC to GFP_NOFS sunrpc: handle ENOMEM in rpcb_getport_async NFS: remove unnecessary test for IS_ERR(cred) xprtrdma: Prevent leak of rpcrdma_rep objects NFSv4.2 fix async copy reboot recovery xprtrdma: Don't leak freed MRs xprtrdma: Add documenting comment for rpcrdma_buffer_destroy xprtrdma: Replace outdated comment for rpcrdma_ep_post xprtrdma: Update comments in frwr_op_send SUNRPC: Fix some kernel doc complaints SUNRPC: Simplify defining common RPC trace events NFS: Fix NFSv4 symbolic trace point output xprtrdma: Trace mapping, alloc, and dereg failures xprtrdma: Add trace points for calls to transport switch methods xprtrdma: Relocate the xprtrdma_mr_map trace points xprtrdma: Clean up of xprtrdma chunk trace points xprtrdma: Remove unused fields from rpcrdma_ia xprtrdma: Cull dprintk() call sites ... commit e45428a436765fcd154d461a2739b5640916dc00 Merge: 85f78456f286d 0ad30ff67bd3e Author: Linus Torvalds Date: Wed Jan 2 16:21:50 2019 -0800 Merge tag 'nfsd-4.21' of git://linux-nfs.org/~bfields/linux Pull nfsd updates from Bruce Fields: "Thanks to Vasily Averin for fixing a use-after-free in the containerized NFSv4.2 client, and cleaning up some convoluted backchannel server code in the process. Otherwise, miscellaneous smaller bugfixes and cleanup" * tag 'nfsd-4.21' of git://linux-nfs.org/~bfields/linux: (25 commits) nfs: fixed broken compilation in nfs_callback_up_net() nfs: minor typo in nfs4_callback_up_net() sunrpc: fix debug message in svc_create_xprt() sunrpc: make visible processing error in bc_svc_process() sunrpc: remove unused xpo_prep_reply_hdr callback sunrpc: remove svc_rdma_bc_class sunrpc: remove svc_tcp_bc_class sunrpc: remove unused bc_up operation from rpc_xprt_ops sunrpc: replace svc_serv->sv_bc_xprt by boolean flag sunrpc: use-after-free in svc_process_common() sunrpc: use SVC_NET() in svcauth_gss_* functions nfsd: drop useless LIST_HEAD lockd: Show pid of lockd for remote locks NFSD remove OP_CACHEME from 4.2 op_flags nfsd: Return EPERM, not EACCES, in some SETATTR cases sunrpc: fix cache_head leak due to queued request nfsd: clean up indentation, increase indentation in switch statement svcrdma: Optimize the logic that selects the R_key to invalidate nfsd: fix a warning in __cld_pipe_upcall() nfsd4: fix crash on writing v4_end_grace before nfsd startup ... commit a67825f5195145f840939d0f85fc40b6b1077329 Merge: 8b6b25cf93b73 80c9b2fae87bb Author: Alexei Starovoitov Date: Wed Jan 2 16:01:25 2019 -0800 Merge branch 'prevent-oob-under-speculation' Daniel Borkmann says: ==================== This set fixes an out of bounds case under speculative execution by implementing masking of pointer alu into the verifier. For details please see the individual patches. Thanks! v2 -> v3: - 8/9: change states_equal condition into old->speculative && !cur->speculative, thanks Jakub! - 8/9: remove incorrect speculative state test in propagate_liveness(), thanks Jakub! v1 -> v2: - Typo fixes in commit msg and a comment, thanks David! ==================== Signed-off-by: Alexei Starovoitov commit 80c9b2fae87bb5c5698940da1a981f14f89518d1 Author: Daniel Borkmann Date: Thu Jan 3 00:58:35 2019 +0100 bpf: add various test cases to selftests Add various map value pointer related test cases to test_verifier kselftest to reflect recent changes and improve test coverage. The tests include basic masking functionality, unprivileged behavior on pointer arithmetic which goes oob, mixed bounds tests, negative unknown scalar but resulting positive offset for access and helper range, handling of arithmetic from multiple maps, various masking scenarios with subsequent map value access and others including two test cases from Jann Horn for prior fixes. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit 979d63d50c0c0f7bc537bf821e056cc9fe5abd38 Author: Daniel Borkmann Date: Thu Jan 3 00:58:34 2019 +0100 bpf: prevent out of bounds speculation on pointer arithmetic Jann reported that the original commit back in b2157399cc98 ("bpf: prevent out-of-bounds speculation") was not sufficient to stop CPU from speculating out of bounds memory access: While b2157399cc98 only focussed on masking array map access for unprivileged users for tail calls and data access such that the user provided index gets sanitized from BPF program and syscall side, there is still a more generic form affected from BPF programs that applies to most maps that hold user data in relation to dynamic map access when dealing with unknown scalars or "slow" known scalars as access offset, for example: - Load a map value pointer into R6 - Load an index into R7 - Do a slow computation (e.g. with a memory dependency) that loads a limit into R8 (e.g. load the limit from a map for high latency, then mask it to make the verifier happy) - Exit if R7 >= R8 (mispredicted branch) - Load R0 = R6[R7] - Load R0 = R6[R0] For unknown scalars there are two options in the BPF verifier where we could derive knowledge from in order to guarantee safe access to the memory: i) While /<=/>= variants won't allow to derive any lower or upper bounds from the unknown scalar where it would be safe to add it to the map value pointer, it is possible through ==/!= test however. ii) another option is to transform the unknown scalar into a known scalar, for example, through ALU ops combination such as R &= followed by R |= or any similar combination where the original information from the unknown scalar would be destroyed entirely leaving R with a constant. The initial slow load still precedes the latter ALU ops on that register, so the CPU executes speculatively from that point. Once we have the known scalar, any compare operation would work then. A third option only involving registers with known scalars could be crafted as described in [0] where a CPU port (e.g. Slow Int unit) would be filled with many dependent computations such that the subsequent condition depending on its outcome has to wait for evaluation on its execution port and thereby executing speculatively if the speculated code can be scheduled on a different execution port, or any other form of mistraining as described in [1], for example. Given this is not limited to only unknown scalars, not only map but also stack access is affected since both is accessible for unprivileged users and could potentially be used for out of bounds access under speculation. In order to prevent any of these cases, the verifier is now sanitizing pointer arithmetic on the offset such that any out of bounds speculation would be masked in a way where the pointer arithmetic result in the destination register will stay unchanged, meaning offset masked into zero similar as in array_index_nospec() case. With regards to implementation, there are three options that were considered: i) new insn for sanitation, ii) push/pop insn and sanitation as inlined BPF, iii) reuse of ax register and sanitation as inlined BPF. Option i) has the downside that we end up using from reserved bits in the opcode space, but also that we would require each JIT to emit masking as native arch opcodes meaning mitigation would have slow adoption till everyone implements it eventually which is counter-productive. Option ii) and iii) have both in common that a temporary register is needed in order to implement the sanitation as inlined BPF since we are not allowed to modify the source register. While a push / pop insn in ii) would be useful to have in any case, it requires once again that every JIT needs to implement it first. While possible, amount of changes needed would also be unsuitable for a -stable patch. Therefore, the path which has fewer changes, less BPF instructions for the mitigation and does not require anything to be changed in the JITs is option iii) which this work is pursuing. The ax register is already mapped to a register in all JITs (modulo arm32 where it's mapped to stack as various other BPF registers there) and used in constant blinding for JITs-only so far. It can be reused for verifier rewrites under certain constraints. The interpreter's tmp "register" has therefore been remapped into extending the register set with hidden ax register and reusing that for a number of instructions that needed the prior temporary variable internally (e.g. div, mod). This allows for zero increase in stack space usage in the interpreter, and enables (restricted) generic use in rewrites otherwise as long as such a patchlet does not make use of these instructions. The sanitation mask is dynamic and relative to the offset the map value or stack pointer currently holds. There are various cases that need to be taken under consideration for the masking, e.g. such operation could look as follows: ptr += val or val += ptr or ptr -= val. Thus, the value to be sanitized could reside either in source or in destination register, and the limit is different depending on whether the ALU op is addition or subtraction and depending on the current known and bounded offset. The limit is derived as follows: limit := max_value_size - (smin_value + off). For subtraction: limit := umax_value + off. This holds because we do not allow any pointer arithmetic that would temporarily go out of bounds or would have an unknown value with mixed signed bounds where it is unclear at verification time whether the actual runtime value would be either negative or positive. For example, we have a derived map pointer value with constant offset and bounded one, so limit based on smin_value works because the verifier requires that statically analyzed arithmetic on the pointer must be in bounds, and thus it checks if resulting smin_value + off and umax_value + off is still within map value bounds at time of arithmetic in addition to time of access. Similarly, for the case of stack access we derive the limit as follows: MAX_BPF_STACK + off for subtraction and -off for the case of addition where off := ptr_reg->off + ptr_reg->var_off.value. Subtraction is a special case for the masking which can be in form of ptr += -val, ptr -= -val, or ptr -= val. In the first two cases where we know that the value is negative, we need to temporarily negate the value in order to do the sanitation on a positive value where we later swap the ALU op, and restore original source register if the value was in source. The sanitation of pointer arithmetic alone is still not fully sufficient as is, since a scenario like the following could happen ... PTR += 0x1000 (e.g. K-based imm) PTR -= BIG_NUMBER_WITH_SLOW_COMPARISON PTR += 0x1000 PTR -= BIG_NUMBER_WITH_SLOW_COMPARISON [...] ... which under speculation could end up as ... PTR += 0x1000 PTR -= 0 [ truncated by mitigation ] PTR += 0x1000 PTR -= 0 [ truncated by mitigation ] [...] ... and therefore still access out of bounds. To prevent such case, the verifier is also analyzing safety for potential out of bounds access under speculative execution. Meaning, it is also simulating pointer access under truncation. We therefore "branch off" and push the current verification state after the ALU operation with known 0 to the verification stack for later analysis. Given the current path analysis succeeded it is likely that the one under speculation can be pruned. In any case, it is also subject to existing complexity limits and therefore anything beyond this point will be rejected. In terms of pruning, it needs to be ensured that the verification state from speculative execution simulation must never prune a non-speculative execution path, therefore, we mark verifier state accordingly at the time of push_stack(). If verifier detects out of bounds access under speculative execution from one of the possible paths that includes a truncation, it will reject such program. Given we mask every reg-based pointer arithmetic for unprivileged programs, we've been looking into how it could affect real-world programs in terms of size increase. As the majority of programs are targeted for privileged-only use case, we've unconditionally enabled masking (with its alu restrictions on top of it) for privileged programs for the sake of testing in order to check i) whether they get rejected in its current form, and ii) by how much the number of instructions and size will increase. We've tested this by using Katran, Cilium and test_l4lb from the kernel selftests. For Katran we've evaluated balancer_kern.o, Cilium bpf_lxc.o and an older test object bpf_lxc_opt_-DUNKNOWN.o and l4lb we've used test_l4lb.o as well as test_l4lb_noinline.o. We found that none of the programs got rejected by the verifier with this change, and that impact is rather minimal to none. balancer_kern.o had 13,904 bytes (1,738 insns) xlated and 7,797 bytes JITed before and after the change. Most complex program in bpf_lxc.o had 30,544 bytes (3,817 insns) xlated and 18,538 bytes JITed before and after and none of the other tail call programs in bpf_lxc.o had any changes either. For the older bpf_lxc_opt_-DUNKNOWN.o object we found a small increase from 20,616 bytes (2,576 insns) and 12,536 bytes JITed before to 20,664 bytes (2,582 insns) and 12,558 bytes JITed after the change. Other programs from that object file had similar small increase. Both test_l4lb.o had no change and remained at 6,544 bytes (817 insns) xlated and 3,401 bytes JITed and for test_l4lb_noinline.o constant at 5,080 bytes (634 insns) xlated and 3,313 bytes JITed. This can be explained in that LLVM typically optimizes stack based pointer arithmetic by using K-based operations and that use of dynamic map access is not overly frequent. However, in future we may decide to optimize the algorithm further under known guarantees from branch and value speculation. Latter seems also unclear in terms of prediction heuristics that today's CPUs apply as well as whether there could be collisions in e.g. the predictor's Value History/Pattern Table for triggering out of bounds access, thus masking is performed unconditionally at this point but could be subject to relaxation later on. We were generally also brainstorming various other approaches for mitigation, but the blocker was always lack of available registers at runtime and/or overhead for runtime tracking of limits belonging to a specific pointer. Thus, we found this to be minimally intrusive under given constraints. With that in place, a simple example with sanitized access on unprivileged load at post-verification time looks as follows: # bpftool prog dump xlated id 282 [...] 28: (79) r1 = *(u64 *)(r7 +0) 29: (79) r2 = *(u64 *)(r7 +8) 30: (57) r1 &= 15 31: (79) r3 = *(u64 *)(r0 +4608) 32: (57) r3 &= 1 33: (47) r3 |= 1 34: (2d) if r2 > r3 goto pc+19 35: (b4) (u32) r11 = (u32) 20479 | 36: (1f) r11 -= r2 | Dynamic sanitation for pointer 37: (4f) r11 |= r2 | arithmetic with registers 38: (87) r11 = -r11 | containing bounded or known 39: (c7) r11 s>>= 63 | scalars in order to prevent 40: (5f) r11 &= r2 | out of bounds speculation. 41: (0f) r4 += r11 | 42: (71) r4 = *(u8 *)(r4 +0) 43: (6f) r4 <<= r1 [...] For the case where the scalar sits in the destination register as opposed to the source register, the following code is emitted for the above example: [...] 16: (b4) (u32) r11 = (u32) 20479 17: (1f) r11 -= r2 18: (4f) r11 |= r2 19: (87) r11 = -r11 20: (c7) r11 s>>= 63 21: (5f) r2 &= r11 22: (0f) r2 += r0 23: (61) r0 = *(u32 *)(r2 +0) [...] JIT blinding example with non-conflicting use of r10: [...] d5: je 0x0000000000000106 _ d7: mov 0x0(%rax),%edi | da: mov $0xf153246,%r10d | Index load from map value and e0: xor $0xf153259,%r10 | (const blinded) mask with 0x1f. e7: and %r10,%rdi |_ ea: mov $0x2f,%r10d | f0: sub %rdi,%r10 | Sanitized addition. Both use r10 f3: or %rdi,%r10 | but do not interfere with each f6: neg %r10 | other. (Neither do these instructions f9: sar $0x3f,%r10 | interfere with the use of ax as temp fd: and %r10,%rdi | in interpreter.) 100: add %rax,%rdi |_ 103: mov 0x0(%rdi),%eax [...] Tested that it fixes Jann's reproducer, and also checked that test_verifier and test_progs suite with interpreter, JIT and JIT with hardening enabled on x86-64 and arm64 runs successfully. [0] Speculose: Analyzing the Security Implications of Speculative Execution in CPUs, Giorgi Maisuradze and Christian Rossow, https://arxiv.org/pdf/1801.04084.pdf [1] A Systematic Evaluation of Transient Execution Attacks and Defenses, Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, Daniel Gruss, https://arxiv.org/pdf/1811.05441.pdf Fixes: b2157399cc98 ("bpf: prevent out-of-bounds speculation") Reported-by: Jann Horn Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit b7137c4eab85c1cf3d46acdde90ce1163b28c873 Author: Daniel Borkmann Date: Thu Jan 3 00:58:33 2019 +0100 bpf: fix check_map_access smin_value test when pointer contains offset In check_map_access() we probe actual bounds through __check_map_access() with offset of reg->smin_value + off for lower bound and offset of reg->umax_value + off for the upper bound. However, even though the reg->smin_value could have a negative value, the final result of the sum with off could be positive when pointer arithmetic with known and unknown scalars is combined. In this case we reject the program with an error such as "R min value is negative, either use unsigned index or do a if (index >=0) check." even though the access itself would be fine. Therefore extend the check to probe whether the actual resulting reg->smin_value + off is less than zero. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit 9d7eceede769f90b66cfa06ad5b357140d5141ed Author: Daniel Borkmann Date: Thu Jan 3 00:58:32 2019 +0100 bpf: restrict unknown scalars of mixed signed bounds for unprivileged For unknown scalars of mixed signed bounds, meaning their smin_value is negative and their smax_value is positive, we need to reject arithmetic with pointer to map value. For unprivileged the goal is to mask every map pointer arithmetic and this cannot reliably be done when it is unknown at verification time whether the scalar value is negative or positive. Given this is a corner case, the likelihood of breaking should be very small. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit e4298d25830a866cc0f427d4bccb858e76715859 Author: Daniel Borkmann Date: Thu Jan 3 00:58:31 2019 +0100 bpf: restrict stack pointer arithmetic for unprivileged Restrict stack pointer arithmetic for unprivileged users in that arithmetic itself must not go out of bounds as opposed to the actual access later on. Therefore after each adjust_ptr_min_max_vals() with a stack pointer as a destination we simulate a check_stack_access() of 1 byte on the destination and once that fails the program is rejected for unprivileged program loads. This is analog to map value pointer arithmetic and needed for masking later on. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit 0d6303db7970e6f56ae700fa07e11eb510cda125 Author: Daniel Borkmann Date: Thu Jan 3 00:58:30 2019 +0100 bpf: restrict map value pointer arithmetic for unprivileged Restrict map value pointer arithmetic for unprivileged users in that arithmetic itself must not go out of bounds as opposed to the actual access later on. Therefore after each adjust_ptr_min_max_vals() with a map value pointer as a destination it will simulate a check_map_access() of 1 byte on the destination and once that fails the program is rejected for unprivileged program loads. We use this later on for masking any pointer arithmetic with the remainder of the map value space. The likelihood of breaking any existing real-world unprivileged eBPF program is very small for this corner case. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit 9b73bfdd08e73231d6a90ae6db4b46b3fbf56c30 Author: Daniel Borkmann Date: Thu Jan 3 00:58:29 2019 +0100 bpf: enable access to ax register also from verifier rewrite Right now we are using BPF ax register in JIT for constant blinding as well as in interpreter as temporary variable. Verifier will not be able to use it simply because its use will get overridden from the former in bpf_jit_blind_insn(). However, it can be made to work in that blinding will be skipped if there is prior use in either source or destination register on the instruction. Taking constraints of ax into account, the verifier is then open to use it in rewrites under some constraints. Note, ax register already has mappings in every eBPF JIT. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit 144cd91c4c2bced6eb8a7e25e590f6618a11e854 Author: Daniel Borkmann Date: Thu Jan 3 00:58:28 2019 +0100 bpf: move tmp variable into ax register in interpreter This change moves the on-stack 64 bit tmp variable in ___bpf_prog_run() into the hidden ax register. The latter is currently only used in JITs for constant blinding as a temporary scratch register, meaning the BPF interpreter will never see the use of ax. Therefore it is safe to use it for the cases where tmp has been used earlier. This is needed to later on allow restricted hidden use of ax in both interpreter and JITs. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit c08435ec7f2bc8f4109401f696fd55159b4b40cb Author: Daniel Borkmann Date: Thu Jan 3 00:58:27 2019 +0100 bpf: move {prev_,}insn_idx into verifier env Move prev_insn_idx and insn_idx from the do_check() function into the verifier environment, so they can be read inside the various helper functions for handling the instructions. It's easier to put this into the environment rather than changing all call-sites only to pass it along. insn_idx is useful in particular since this later on allows to hold state in env->insn_aux_data[env->insn_idx]. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Alexei Starovoitov commit 9c6260de505b63638dd86fcc33849b17f6146d94 Author: Aditya Pakki Date: Mon Dec 24 12:24:45 2018 -0600 infiniband/qedr: Potential null ptr dereference of qp idr_find() may fail and return a NULL pointer. The fix checks the return value of the function and returns an error in case of NULL. Signed-off-by: Aditya Pakki Acked-by: Michal Kalderon Signed-off-by: Jason Gunthorpe commit 94edd87a1c59f3efa6fdf4e98d6d492e6cec6173 Author: Aditya Pakki Date: Wed Dec 26 12:56:22 2018 -0600 infiniband: bnxt_re: qplib: Check the return value of send_message In bnxt_qplib_map_tc2cos(), bnxt_qplib_rcfw_send_message() can return an error value but it is lost. Propagate this error to the callers. Signed-off-by: Aditya Pakki Acked-By: Devesh Sharma Signed-off-by: Jason Gunthorpe commit 2fb458953a892020f36a323f386d8c7009f10777 Author: Julia Lawall Date: Sun Dec 23 09:57:01 2018 +0100 IB/ipoib: drop useless LIST_HEAD Drop LIST_HEAD where the variable it declares is never used. Commit 31c02e215700 ("IPoIB: Avoid using stale last_send counter when reaping AHs") removed the uses, but not the declaration. The semantic patch that fixes this problem is as follows: (http://coccinelle.lip6.fr/) // @@ identifier x; @@ - LIST_HEAD(x); ... when != x // Fixes: 31c02e215700 ("IPoIB: Avoid using stale last_send counter when reaping AHs") Signed-off-by: Julia Lawall Reviewed-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe commit edefae94b7b9f10d5efe32dece5a36e9d9ecc29e Author: Aaro Koskinen Date: Wed Jan 2 20:43:01 2019 +0200 MIPS: OCTEON: mark RGMII interface disabled on OCTEON III Commit 885872b722b7 ("MIPS: Octeon: Add Octeon III CN7xxx interface detection") added RGMII interface detection for OCTEON III, but it results in the following logs: [ 7.165984] ERROR: Unsupported Octeon model in __cvmx_helper_rgmii_probe [ 7.173017] ERROR: Unsupported Octeon model in __cvmx_helper_rgmii_probe The current RGMII routines are valid only for older OCTEONS that use GMX/ASX hardware blocks. On later chips AGL should be used, but support for that is missing in the mainline. Until that is added, mark the interface as disabled. Fixes: 885872b722b7 ("MIPS: Octeon: Add Octeon III CN7xxx interface detection") Signed-off-by: Aaro Koskinen Signed-off-by: Paul Burton Cc: Ralf Baechle Cc: James Hogan Cc: linux-mips@vger.kernel.org Cc: stable@vger.kernel.org # 4.7+ commit 6e863844ad6effecac92a67a43b8467a8c2e129f Author: Lukasz Luba Date: Wed Dec 5 12:05:55 2018 +0100 PM: sleep: call devfreq suspend/resume Devfreq framework supports suspend of its devices. Call the the devfreq interface and allow devfreq devices preserve/restore their states during suspend/resume. Suggested-by: Tobias Jakobi Reviewed-by: Chanwoo Choi Signed-off-by: Lukasz Luba Signed-off-by: Rafael J. Wysocki commit 72199051af6205049e96ee7ed34f4fc5f44d1baf Merge: cdf4f4dc118ba 75cb8d20c112a Author: Bjorn Helgaas Date: Wed Jan 2 15:31:15 2019 -0600 Merge branch 'pci/imx6' - Enable MSI for imx6 downstream components (Richard Zhu) * pci/imx6: PCI: imx: Enable MSI from downstream components commit cdf4f4dc118bafd97d0148d53730e396ece11afa Merge: c266b026ae7a5 7e6d5cd88a6f4 Author: Bjorn Helgaas Date: Wed Jan 2 15:31:15 2019 -0600 Merge branch 'remotes/lorenzo/pci/uniphier' - Add UniPhier PCIe controller driver and DT bindings (Kunihiko Hayashi) * remotes/lorenzo/pci/uniphier: PCI: uniphier: Add UniPhier PCIe host controller support dt-bindings: PCI: Add UniPhier PCIe host controller description # Conflicts: # drivers/pci/controller/dwc/Kconfig # drivers/pci/controller/dwc/Makefile commit c266b026ae7a51f876eb74e15ff63f834fe35976 Merge: c8778707c23a9 41c5c5b0e7c8a Author: Bjorn Helgaas Date: Wed Jan 2 15:31:10 2019 -0600 Merge branch 'remotes/lorenzo/pci/mediatek' - Use devm resource parser in mediatek (Honghui Zhang) - Remove unused mediatek "num-lanes" DT property (Honghui Zhang) * remotes/lorenzo/pci/mediatek: arm64: dts: mt7622: Remove un-used property for PCIe arm: dts: mt7623: Remove un-used property for PCIe dt-bindings: PCI: MediaTek: Remove un-used property PCI: mediatek: Remove un-used variant in struct mtk_pcie_port PCI: mediatek: Use devm_of_pci_get_host_bridge_resources() to parse DT commit c8778707c23a906576c1fdb40dd6ba4090c11773 Merge: 6a790bf0eac44 3f7bb2ec20ce0 Author: Bjorn Helgaas Date: Wed Jan 2 15:31:09 2019 -0600 Merge branch 'remotes/lorenzo/pci/dwc-msi' - Mask DesignWare interrupts instead of disabling them to avoid lost interrupts (Marc Zyngier) - Add locking when acking DesignWare interrupts (Marc Zyngier) - Ack DesignWare interrupts in the proper callbacks (Marc Zyngier) * remotes/lorenzo/pci/dwc-msi: PCI: dwc: Move interrupt acking into the proper callback PCI: dwc: Take lock when ACKing an interrupt PCI: dwc: Use interrupt masking instead of disabling commit 6a790bf0eac449c3b4dd844c2e799037531f6401 Merge: 33f3fd75b7548 ffeccc22d59cd Author: Bjorn Helgaas Date: Wed Jan 2 15:31:08 2019 -0600 Merge branch 'remotes/lorenzo/pci/dwc' - Constify histb dw_pcie_host_ops structure (Julia Lawall) - Support multiple power domains for imx6 (Leonard Crestez) - Constify layerscape driver data (Stefan Agner) - Update imx6 Kconfig to allow imx6 PCIe in imx7 kernel (Trent Piepho) - Support armada8k GPIO reset (Baruch Siach) - Support suspend/resume support on imx6 (Leonard Crestez) - Don't hard-code DesignWare DBI/ATU offst (Stephen Warren) - Skip i.MX6 PHY setup on i.MX7D (Andrey Smirnov) - Remove Jianguo Sun from HiSilicon STB maintainers (Lorenzo Pieralisi) * remotes/lorenzo/pci/dwc: MAINTAINERS: Remove Jianguo Sun from HiSilicon STB DWC entry PCI: dwc: Don't hard-code DBI/ATU offset PCI: imx: Add imx6sx suspend/resume support PCI: armada8k: Add support for gpio controlled reset signal PCI: dwc: Adjust Kconfig to allow IMX6 PCIe host on IMX7 PCI: dwc: layerscape: Constify driver data PCI: imx: Add multi-pd support dt-bindings: imx6q-pcie: Add multi-pd bindings for imx6sx PCI: histb: Constify dw_pcie_host_ops structure commit 33f3fd75b754818a6a3d40c4dd441b68b48bea0d Merge: 6ee86cac1cc41 9c0ef6d34fdbf Author: Bjorn Helgaas Date: Wed Jan 2 15:31:07 2019 -0600 Merge branch 'remotes/lorenzo/pci/amlogic' - Add Amlogic Meson PCIe controller driver and DT bindings (Yue Wang) * remotes/lorenzo/pci/amlogic: PCI: amlogic: Add the Amlogic Meson PCIe controller driver dt-bindings: PCI: meson: add DT bindings for Amlogic Meson PCIe controller commit 6ee86cac1cc415031b443d8b584305696a300d1e Merge: 54aed1909db69 7dc20ab1b9c43 Author: Bjorn Helgaas Date: Wed Jan 2 15:31:06 2019 -0600 Merge branch 'pci/virtualization' - Skip VF scanning on powerpc, which does this in firmware (Sebastian Ott) * pci/virtualization: s390/pci: skip VF scanning PCI/IOV: Add flag so platforms can skip VF scanning PCI/IOV: Factor out sriov_add_vfs() commit 54aed1909db69f9b160bf36dd4ec314f0c91b56a Merge: 6f7cebea6b13d f7eb7b8a4f72b Author: Bjorn Helgaas Date: Wed Jan 2 15:31:05 2019 -0600 Merge branch 'pci/switchtec' - Remove status check after submitting Switchtec MRPC Firmware Download commands to avoid Completion Timeouts (Kelvin Cao) - Set Switchtec coherent DMA mask to allow 64-bit DMA (Boris Glimcher) - Fix Switchtec SWITCHTEC_IOCTL_EVENT_IDX_ALL flag overwrite issue (Joey Zhang) - Enable write combining for Switchtec MRPC Input buffers (Kelvin Cao) - Add Switchtec MRPC DMA mode support (Wesley Sheng) * pci/switchtec: switchtec: Add MRPC DMA mode support switchtec: Improve MRPC efficiency by enabling write combining switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite switchtec: Set DMA coherent mask switchtec: Remove immediate status check after submitting MRPC command commit 6f7cebea6b13d178ad9066bb3e190150cdfe9c75 Merge: baa12e5f3acb3 c5eb1190074cf Author: Bjorn Helgaas Date: Wed Jan 2 15:31:05 2019 -0600 Merge branch 'pci/pm' - Allow runtime PM even if driver doesn't supply callbacks (Jarkko Nikula) * pci/pm: PCI / PM: Allow runtime PM without callback functions commit baa12e5f3acb3cd500c85c4be2c97e769af199fd Merge: e6397dfcb58d8 fcf9ab35ba418 Author: Bjorn Helgaas Date: Wed Jan 2 15:31:04 2019 -0600 Merge branch 'pci/peer-to-peer' - Clean up P2PDMA documentation (Randy Dunlap) * pci/peer-to-peer: PCI/P2PDMA: Clean up documentation and kernel-doc commit e6397dfcb58d8fcecea314026d4539c85f0dd94b Merge: 84e0e72722098 03e6742584af8 Author: Bjorn Helgaas Date: Wed Jan 2 15:31:03 2019 -0600 Merge branch 'pci/misc' - Expand Kconfig "PF" acronyms (Randy Dunlap) - Update MAINTAINERS for arch/x86/kernel/early-quirks.c (Bjorn Helgaas) - Add missing include to drivers/pci.h (Alexandru Gagniuc) - Override Synopsys USB 3.x HAPS device class so dwc3-haps can claim it instead of xhci (Thinh Nguyen) * pci/misc: PCI: Override Synopsys USB 3.x HAPS device class PCI: Move Synopsys HAPS platform device IDs PCI: Add missing include to drivers/pci.h PCI: Remove unnecessary space before function pointer arguments MAINTAINERS: Add x86 early-quirks.c file pattern to PCI subsystem PCI: Expand the "PF" acronym in Kconfig help text commit 84e0e72722098c7ced6362d1219c2a40a9d109fa Merge: 2caa4dc607a70 53bb565fc5439 Author: Bjorn Helgaas Date: Wed Jan 2 15:31:02 2019 -0600 Merge branch 'pci/enumeration' - Fix Broadcom CNB20LE host bridge unintended sign extension (Colin Ian King) * pci/enumeration: x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) commit 2caa4dc607a7025ab40c5bf9c2e2b0dae99ad09a Merge: 651022382c7f8 3c259a1c36636 Author: Bjorn Helgaas Date: Wed Jan 2 15:31:02 2019 -0600 Merge branch 'pci/aspm' - Remove unused lists from ASPM pcie_link_state (Frederick Lawler) * pci/aspm: PCI/ASPM: Remove unused lists from struct pcie_link_state commit e49cddcd0ab08f2a3bf3fea8554ea45ae1446d26 Author: Tiecheng Zhou Date: Mon Dec 24 08:55:45 2018 +0800 drm/amdgpu/gfx_v8_0: Reorder the gfx, kiq and kcq rings test sequence The kiq ring and the very first compute ring may fail occasionally if they are tested directly following kiq_kcq_enable. Insert the gfx ring test before kiq ring test to delay the kiq and kcq ring tests will fix the issue. Acked-by: Alex Deucher Signed-off-by: Tiecheng Zhou Signed-off-by: Alex Deucher commit b8cf66182eddb22e9c7539821ed6eecdb4f86d1a Author: Emily Deng Date: Sat Dec 29 17:46:05 2018 +0800 drm/amdgpu/sriov:Correct pfvf exchange logic The pfvf exchange need be in exclusive mode. And add pfvf exchange in gpu reset. Signed-off-by: Emily Deng Reviewed-By: Xiangliang Yu Signed-off-by: Alex Deucher commit 048b9b0f5ceefb2691834ac62f8459ebb7d3100e Author: Evan Quan Date: Thu Dec 27 14:23:30 2018 +0800 drm/amd/powerplay: support BOOTUP_DEFAULT power profile mode This can avoid unexpected profile mode change after running compute workload. Signed-off-by: Evan Quan Acked-by: Alex Deucher Signed-off-by: Alex Deucher commit baf3c982dfbf7b0742039e6fef3f1fe1ba4079ab Author: Emily Deng Date: Wed Dec 26 18:08:54 2018 +0800 drm/amdgpu/virtual_dce: No need to pin the cursor bo For virtual display feature, no need to pin cursor bo. Signed-off-by: Emily Deng Reviewed-by: Huang Rui Signed-off-by: Alex Deucher commit 47bbcc1e92385b595e92e11e29076185c820a0b8 Author: Emily Deng Date: Wed Dec 26 18:09:33 2018 +0800 drm/amdgpu/virtual_dce: No need to pin the fb's bo For virtual display, no need to pin the fb's bo. Signed-off-by: Emily Deng Reviewed-by: Huang Rui Signed-off-by: Alex Deucher commit 85f78456f286da46fb054c7d45e4193cb757ac83 Merge: cacf02df4b84d 574d356b7a02c Author: Linus Torvalds Date: Wed Jan 2 12:11:01 2019 -0800 Merge tag '9p-for-4.21' of git://github.com/martinetd/linux Pull 9p updates from Dominique Martinet: "Missing prototype warning fix and a syzkaller fix when a 9p server advertises a too small msize" * tag '9p-for-4.21' of git://github.com/martinetd/linux: 9p/net: put a lower bound on msize net/9p: include trans_common.h to fix missing prototype warning. commit cacf02df4b84d261d76db3d290ccb6b951df28c0 Merge: 74673fc50babc fea170804b4dc Author: Linus Torvalds Date: Wed Jan 2 12:08:29 2019 -0800 Merge tag '4.21-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs updates from Steve French: - four fixes for stable - improvements to DFS including allowing failover to alternate targets - some small performance improvements * tag '4.21-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6: (39 commits) cifs: update internal module version number cifs: we can not use small padding iovs together with encryption cifs: Minor Kconfig clarification cifs: Always resolve hostname before reconnecting cifs: Add support for failover in cifs_reconnect_tcon() cifs: Add support for failover in smb2_reconnect() cifs: Only free DFS target list if we actually got one cifs: start DFS cache refresher in cifs_mount() cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() cifs: Add support for failover in cifs_reconnect() cifs: Add support for failover in cifs_mount() cifs: remove set but not used variable 'sep' cifs: Make use of DFS cache to get new DFS referrals cifs: minor updates to documentation cifs: check kzalloc return cifs: remove set but not used variable 'server' cifs: Use kzfree() to free password cifs: Fix to use kmem_cache_free() instead of kfree() cifs: update for current_kernel_time64() removal cifs: Add DFS cache routines ... commit 74673fc50babc9be22b32c4ce697fceb51c7671a Merge: 19f2e267a5d0d 0db51ef26e878 Author: Linus Torvalds Date: Wed Jan 2 11:05:43 2019 -0800 Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull TPM updates from James Morris: - Support for partial reads of /dev/tpm0. - Clean up for TPM 1.x code: move the commands to tpm1-cmd.c and make everything to use the same data structure for building TPM commands i.e. struct tpm_buf. * 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (25 commits) tpm: add support for partial reads tpm: tpm_ibmvtpm: fix kdoc warnings tpm: fix kdoc for tpm2_flush_context_cmd() tpm: tpm_try_transmit() refactor error flow. tpm: use u32 instead of int for PCR index tpm1: reimplement tpm1_continue_selftest() using tpm_buf tpm1: reimplement SAVESTATE using tpm_buf tpm1: rename tpm1_pcr_read_dev to tpm1_pcr_read() tpm1: implement tpm1_pcr_read_dev() using tpm_buf structure tpm: tpm1: rewrite tpm1_get_random() using tpm_buf structure tpm: tpm-space.c remove unneeded semicolon tpm: tpm-interface.c drop unused macros tpm: add tpm_auto_startup() into tpm-interface.c tpm: factor out tpm_startup function tpm: factor out tpm 1.x pm suspend flow into tpm1-cmd.c tpm: move tpm 1.x selftest code from tpm-interface.c tpm1-cmd.c tpm: factor out tpm1_get_random into tpm1-cmd.c tpm: move tpm_getcap to tpm1-cmd.c tpm: move tpm1_pcr_extend to tpm1-cmd.c tpm: factor out tpm_get_timeouts() ... commit 19f2e267a5d0d26282a64f8f788c482852c95324 Merge: 1ac5cd4978794 20bb4cb4fb9fb Author: Linus Torvalds Date: Wed Jan 2 10:56:09 2019 -0800 Merge branch 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull smack updates from James Morris: "Two Smack patches for 4.21. Jose's patch adds missing documentation and Zoran's fleshes out the access checks on keyrings" * 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Smack: Improve Documentation smack: fix access permissions for keyring commit 1ac5cd4978794bd060d448acc0305e9fc996ba92 Author: Linus Torvalds Date: Wed Jan 2 10:46:03 2019 -0800 block: don't use un-ordered __set_current_state(TASK_UNINTERRUPTIBLE) This mostly reverts commit 849a370016a5 ("block: avoid ordered task state change for polled IO"). It was wrongly claiming that the ordering wasn't necessary. The memory barrier _is_ necessary. If something is truly polling and not going to sleep, it's the whole state setting that is unnecessary, not the memory barrier. Whenever you set your state to a sleeping state, you absolutely need the memory barrier. Note that sometimes the memory barrier can be elsewhere. For example, the ordering might be provided by an external lock, or by setting the process state to sleeping before adding yourself to the wait queue list that is used for waking up (where the wait queue lock itself will guarantee that any wakeup will correctly see the sleeping state). But none of those cases were true here. NOTE! Some of the polling paths may indeed be able to drop the state setting entirely, at which point the memory barrier also goes away. (Also note that this doesn't revert the TASK_RUNNING cases: there is no race between a wakeup and setting the process state to TASK_RUNNING, since the end result doesn't depend on ordering). Cc: Jens Axboe Cc: Christoph Hellwig Signed-off-by: Linus Torvalds commit d63967e475ae10f286dbd35e189cb241e0b1f284 Author: Eric Dumazet Date: Wed Jan 2 09:20:27 2019 -0800 isdn: fix kernel-infoleak in capi_unlocked_ioctl Since capi_ioctl() copies 64 bytes after calling capi20_get_manufacturer() we need to ensure to not leak information to user. BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32 CPU: 0 PID: 11245 Comm: syz-executor633 Not tainted 4.20.0-rc7+ #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x173/0x1d0 lib/dump_stack.c:113 kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613 kmsan_internal_check_memory+0x9d4/0xb00 mm/kmsan/kmsan.c:704 kmsan_copy_to_user+0xab/0xc0 mm/kmsan/kmsan_hooks.c:601 _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32 capi_ioctl include/linux/uaccess.h:177 [inline] capi_unlocked_ioctl+0x1a0b/0x1bf0 drivers/isdn/capi/capi.c:939 do_vfs_ioctl+0xebd/0x2bf0 fs/ioctl.c:46 ksys_ioctl fs/ioctl.c:713 [inline] __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl+0x1da/0x270 fs/ioctl.c:718 __x64_sys_ioctl+0x4a/0x70 fs/ioctl.c:718 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x440019 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffdd4659fb8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440019 RDX: 0000000020000080 RSI: 00000000c0044306 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004018a0 R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----data.i@capi_unlocked_ioctl Variable was created at: capi_ioctl drivers/isdn/capi/capi.c:747 [inline] capi_unlocked_ioctl+0x82/0x1bf0 drivers/isdn/capi/capi.c:939 do_vfs_ioctl+0xebd/0x2bf0 fs/ioctl.c:46 Bytes 12-63 of 64 are uninitialized Memory access of size 64 starts at ffff88807ac5fce8 Data copied to user address 0000000020000080 Signed-off-by: Eric Dumazet Reported-by: syzbot Cc: Karsten Keil Signed-off-by: David S. Miller commit 7adf3246092f5e87ed0fa610e8088fae416c581f Author: Stefano Brivio Date: Wed Jan 2 13:29:27 2019 +0100 ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create() error In ip6_neigh_lookup(), we must not return errors coming from neigh_create(): if creation of a neighbour entry fails, the lookup should return NULL, in the same way as it's done in __neigh_lookup(). Otherwise, callers legitimately checking for a non-NULL return value of the lookup function might dereference an invalid pointer. For instance, on neighbour table overflow, ndisc_router_discovery() crashes ndisc_update() by passing ERR_PTR(-ENOBUFS) as 'neigh' argument. Reported-by: Jianlin Shi Fixes: f8a1b43b709d ("net/ipv6: Create a neigh_lookup for FIB entries") Signed-off-by: Stefano Brivio Reviewed-by: David Ahern Signed-off-by: David S. Miller commit 202700e30740c6568b5a6943662f3829566dd533 Author: Eric Dumazet Date: Wed Jan 2 04:24:20 2019 -0800 net/hamradio/6pack: use mod_timer() to rearm timers Using del_timer() + add_timer() is generally unsafe on SMP, as noticed by syzbot. Use mod_timer() instead. kernel BUG at kernel/time/timer.c:1136! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 1026 Comm: kworker/u4:4 Not tainted 4.20.0+ #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound flush_to_ldisc RIP: 0010:add_timer kernel/time/timer.c:1136 [inline] RIP: 0010:add_timer+0xa81/0x1470 kernel/time/timer.c:1134 Code: 4d 89 7d 40 48 c7 85 70 fe ff ff 00 00 00 00 c7 85 7c fe ff ff ff ff ff ff 48 89 85 90 fe ff ff e9 e6 f7 ff ff e8 cf 42 12 00 <0f> 0b e8 c8 42 12 00 0f 0b e8 c1 42 12 00 4c 89 bd 60 fe ff ff e9 RSP: 0018:ffff8880a7fdf5a8 EFLAGS: 00010293 RAX: ffff8880a7846340 RBX: dffffc0000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff816f3ee1 RDI: ffff88808a514ff8 RBP: ffff8880a7fdf760 R08: 0000000000000007 R09: ffff8880a7846c58 R10: ffff8880a7846340 R11: 0000000000000000 R12: ffff88808a514ff8 R13: ffff88808a514ff8 R14: ffff88808a514dc0 R15: 0000000000000030 FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000061c500 CR3: 00000000994d9000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: decode_prio_command drivers/net/hamradio/6pack.c:903 [inline] sixpack_decode drivers/net/hamradio/6pack.c:971 [inline] sixpack_receive_buf drivers/net/hamradio/6pack.c:457 [inline] sixpack_receive_buf+0xf9c/0x1470 drivers/net/hamradio/6pack.c:434 tty_ldisc_receive_buf+0x164/0x1c0 drivers/tty/tty_buffer.c:465 tty_port_default_receive_buf+0x114/0x190 drivers/tty/tty_port.c:38 receive_buf drivers/tty/tty_buffer.c:481 [inline] flush_to_ldisc+0x3b2/0x590 drivers/tty/tty_buffer.c:533 process_one_work+0xd0c/0x1ce0 kernel/workqueue.c:2153 worker_thread+0x143/0x14a0 kernel/workqueue.c:2296 kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")