Commit Graph

796992 Commits

Author SHA1 Message Date
Linus Torvalds 6a1ac56c23 LED fixes for 4.20-rc2
-----BEGIN PGP SIGNATURE-----
 
 iJEEABYIADkWIQQUwxxKyE5l/npt8ARiEGxRG/Sl2wUCW+SJrBscamFjZWsuYW5h
 c3pld3NraUBnbWFpbC5jb20ACgkQYhBsURv0pdtTfAEAg9TNQi+IAth1TuEfbsrO
 ykB2PDEPD0wZnWh/sEIYhdAA/3zhYeqPq4X9PLhtRZQ2fJFE2Uw/4BTmSAqffD+L
 2ZwG
 =MA3z
 -----END PGP SIGNATURE-----

Merge tag 'led-fixes-for-4.20-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds

Pull LED fixes from Jacek Anaszewski:
 "All three fixes are related to the newly added pattern trigger:

   - remove mutex_lock() from timer callback, which would trigger
     problems related to sleeping in atomic context, the removal is
     harmless since mutex protection turned out to be redundant in this
     case

   - fix pattern parsing to properly handle intervals with brightness == 0

   - fix typos in the ABI documentation"

* tag 'led-fixes-for-4.20-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds:
  Documentation: ABI: led-trigger-pattern: Fix typos
  leds: trigger: Fix sleeping function called from invalid context
  Fix pattern handling optimalization
2018-11-08 17:49:04 -06:00
Linus Torvalds d464572a80 sound fixes for 4.20-rc2
Two small regression fixes for HD-audio: one about vga_switcheroo and
 runtime PM, and another about Oops on some Thinkpads.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlvkO+UOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE9tFA/9FQ/0sR8cnsiBku2fNTcfjka9xrDYZPSQ15Po
 Irx8uukzfWAEGC1DOEQ7PuOFC4xaSP+a064zwOlGL5jJcBvPuUQrRfvn8nJUBY5j
 dFG8N+65XTURpkHTAqGlLJXNyUeNMnm6QX5DI95rXjmCkf7z4HXmSWdBUQS+Rwe7
 2U/V+RAuDnv3RdGk9SB57ArrZniizsACHrIUSvMNit2Namm68SnK1YQLdrwUwbfD
 /PygaznnMUP1djIATqAZP/CN18rvL5Yljim98RO5pxbZqxZ4xFzrRCdeucSaEaX8
 lXE/+eUaAmecy0rVd6PwaW5RITAqpQsUWsUmHHLbpLGSbTvqB1+BX7Ilqw6KFbmD
 vwBGlXCeDnOtxX1d2nniWhJh9/3c9caBHp1vOPxU0qYU1zhw0+kUktZHatvBx2mq
 y3y8TWgFg1t4kIUZcKkKztOJGrLgixTGHeLZ2n5UBpDTJRNX718tkmbXydOgTVu9
 68k0CUKZrB1X8j0h9YEDl3YH1qIBkT6FnRQgadpIUNQ6EZpQVABEa0CbQJOSzkL8
 20yf5PShXn4doezT8g9lme4jlIlo7h84u+Jpkf6Z0wskU+afps+WWj+pyIMadj6x
 QeuEyStqSTndD37ju5/7SwLhYX0FBuL392mHPCeDb0M3XuNqhnS+pb/3S20jeVmh
 NvdNNGc=
 =TOgu
 -----END PGP SIGNATURE-----

Merge tag 'sound-4.20-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Two small regression fixes for HD-audio: one about vga_switcheroo and
  runtime PM, and another about Oops on some Thinkpads"

* tag 'sound-4.20-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks
  vga_switcheroo: Fix missing gpu_bound call at audio client registration
2018-11-08 17:45:42 -06:00
John Garry 89c38422e0 of, numa: Validate some distance map rules
Currently the NUMA distance map parsing does not validate the distance
table for the distance-matrix rules 1-2 in [1].

However the arch NUMA code may enforce some of these rules, but not all.
Such is the case for the arm64 port, which does not enforce the rule that
the distance between separates nodes cannot equal LOCAL_DISTANCE.

The patch adds the following rules validation:
- distance of node to self equals LOCAL_DISTANCE
- distance of separate nodes > LOCAL_DISTANCE

This change avoids a yet-unresolved crash reported in [2].

A note on dealing with symmetrical distances between nodes:

Validating symmetrical distances between nodes is difficult. If it were
mandated in the bindings that every distance must be recorded in the
table, then it would be easy. However, it isn't.

In addition to this, it is also possible to record [b, a] distance only
(and not [a, b]). So, when processing the table for [b, a], we cannot
assert that current distance of [a, b] != [b, a] as invalid, as [a, b]
distance may not be present in the table and current distance would be
default at REMOTE_DISTANCE.

As such, we maintain the policy that we overwrite distance [a, b] = [b, a]
for b > a. This policy is different to kernel ACPI SLIT validation, which
allows non-symmetrical distances (ACPI spec SLIT rules allow it). However,
the distance debug message is dropped as it may be misleading (for a distance
which is later overwritten).

Some final notes on semantics:

- It is implied that it is the responsibility of the arch NUMA code to
  reset the NUMA distance map for an error in distance map parsing.

- It is the responsibility of the FW NUMA topology parsing (whether OF or
  ACPI) to enforce NUMA distance rules, and not arch NUMA code.

[1] Documents/devicetree/bindings/numa.txt
[2] https://www.spinics.net/lists/arm-kernel/msg683304.html

Cc: stable@vger.kernel.org # 4.7
Signed-off-by: John Garry <john.garry@huawei.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2018-11-08 12:44:34 -06:00
Robin Murphy 6778be4e52 of/device: Really only set bus DMA mask when appropriate
of_dma_configure() was *supposed* to be following the same logic as
acpi_dma_configure() and only setting bus_dma_mask if some range was
specified by the firmware. However, it seems that subtlety got lost in
the process of fitting it into the differently-shaped control flow, and
as a result the force_dma==true case ends up always setting the bus mask
to the 32-bit default, which is not what anyone wants.

Make sure we only touch it if the DT actually said so.

Fixes: 6c2fb2ea76 ("of/device: Set bus DMA mask as appropriate")
Reported-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Reported-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Tested-by: John Stultz <john.stultz@linaro.org>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Robert Richter <robert.richter@cavium.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2018-11-08 12:44:34 -06:00
Jerome Brunet d6ee1e7e90 clk: meson: axg: mark fdiv2 and fdiv3 as critical
Similar to gxbb and gxl platforms, axg SCPI Cortex-M co-processor
uses the fdiv2 and fdiv3 to, among other things, provide the cpu
clock.

Until clock hand-off mechanism makes its way to CCF and the generic
SCPI claims platform specific clocks, these clocks must be marked as
critical to make sure they are never disabled when needed by the
co-processor.

Fixes: 05f814402d ("clk: meson: add fdiv clock gates")
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
2018-11-08 10:21:21 -08:00
Christian Hewitt e2576c8bdf clk: meson-gxbb: set fclk_div3 as CLK_IS_CRITICAL
On the Khadas VIM2 (GXM) and LePotato (GXL) board there are problems
with reboot; e.g. a ~60 second delay between issuing reboot and the
board power cycling (and in some OS configurations reboot will fail
and require manual power cycling).

Similar to 'commit c987ac6f1f ("clk:
meson-gxbb: set fclk_div2 as CLK_IS_CRITICAL")' the SCPI Cortex-M4
Co-Processor seems to depend on FCLK_DIV3 being operational.

Until commit 05f814402d ("clk:
meson: add fdiv clock gates"), this clock was modeled and left on by
the bootloader.

We don't have precise documentation about the SCPI Co-Processor and
its clock requirement so we are learning things the hard way.

Marking this clock as critical solves the problem but it should not
be viewed as final solution. Ideally, the SCPI driver should claim
these clocks. We also depends on some clock hand-off mechanism
making its way to CCF, to make sure the clock stays on between its
registration and the SCPI driver probe.

Fixes: 05f814402d ("clk: meson: add fdiv clock gates")
Signed-off-by: Christian Hewitt <christianshewitt@gmail.com>
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
2018-11-08 10:12:46 -08:00
Ard Biesheuvel 24cc61d8cb arm64: memblock: don't permit memblock resizing until linear mapping is up
Bhupesh reports that having numerous memblock reservations at early
boot may result in the following crash:

  Unable to handle kernel paging request at virtual address ffff80003ffe0000
  ...
  Call trace:
   __memcpy+0x110/0x180
   memblock_add_range+0x134/0x2e8
   memblock_reserve+0x70/0xb8
   memblock_alloc_base_nid+0x6c/0x88
   __memblock_alloc_base+0x3c/0x4c
   memblock_alloc_base+0x28/0x4c
   memblock_alloc+0x2c/0x38
   early_pgtable_alloc+0x20/0xb0
   paging_init+0x28/0x7f8

This is caused by the fact that we permit memblock resizing before the
linear mapping is up, and so the memblock_reserved() array is moved
into memory that is not mapped yet.

So let's ensure that this crash can no longer occur, by deferring to
call to memblock_allow_resize() to after the linear mapping has been
created.

Reported-by: Bhupesh Sharma <bhsharma@redhat.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Tested-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-11-08 17:54:03 +00:00
Ard Biesheuvel 26a4676faa arm64: mm: define NET_IP_ALIGN to 0
On arm64, there is no need to add 2 bytes of padding to the start of
each network buffer just to make the IP header appear 32-bit aligned.

Since this might actually adversely affect DMA performance some
platforms, let's override NET_IP_ALIGN to 0 to get rid of this
padding.

Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-11-08 17:50:26 +00:00
Ilya Dryomov 23c625ce30 libceph: assume argonaut on the server side
No one is running pre-argonaut.  In addition one of the argonaut
features (NOSRCADDR) has been required since day one (and a half,
2.6.34 vs 2.6.35) of the kernel client.

Allow for the possibility of reusing these feature bits later.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
2018-11-08 17:51:11 +01:00
Luis Henriques 71f2cc64d0 ceph: quota: fix null pointer dereference in quota check
This patch fixes a possible null pointer dereference in
check_quota_exceeded, detected by the static checker smatch, with the
following warning:

   fs/ceph/quota.c:240 check_quota_exceeded()
    error: we previously assumed 'realm' could be null (see line 188)

Fixes: b7a2921765 ("ceph: quota: support for ceph.quota.max_files")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luis Henriques <lhenriques@suse.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2018-11-08 17:51:11 +01:00
Luis Henriques c2c6d3ce0d ceph: add destination file data sync before doing any remote copy
If we try to copy into a file that was just written, any data that is
remote copied will be overwritten by our buffered writes once they are
flushed.  When this happens, the call to invalidate_inode_pages2_range
will also return a -EBUSY error.

This patch fixes this by also sync'ing the destination file before
starting any copy.

Fixes: 503f82a993 ("ceph: support copy_file_range file operation")
Signed-off-by: Luis Henriques <lhenriques@suse.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2018-11-08 17:50:37 +01:00
Kuninori Morimoto bb39ba6a8d sata_rcar: convert to SPDX identifiers
This patch updates license to use SPDX-License-Identifier
instead of verbose license text.

Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-11-08 06:32:16 -07:00
Anton Ivanov 0033dfd92a ubd: fix missing initialization of io_req
The SYNC path doesn't initialize io_req->error, which can cause
random errors. Before the conversion to blk-mq, we always
completed requests with BLK_STS_OK status, but now we actually
look at the error field and this issue becomes apparent.

Signed-off-by: Anton Ivanov <anton.ivanov@cambridgegreys.com>

[axboe: fixed up commit message to explain what is actually going on]

Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-11-08 06:16:09 -07:00
H. Peter Anvin (Intel) d0ffb805b7 arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
Alpha has had c_ispeed and c_ospeed, but still set speeds in c_cflags
using arbitrary flags. Because BOTHER is not defined, the general
Linux code doesn't allow setting arbitrary baud rates, and because
CBAUDEX == 0, we can have an array overrun of the baud_rate[] table in
drivers/tty/tty_baudrate.c if (c_cflags & CBAUD) == 037.

Resolve both problems by #defining BOTHER to 037 on Alpha.

However, userspace still needs to know if setting BOTHER is actually
safe given legacy kernels (does anyone actually care about that on
Alpha anymore?), so enable the TCGETS2/TCSETS*2 ioctls on Alpha, even
though they use the same structure. Define struct termios2 just for
compatibility; it is the exact same structure as struct termios. In a
future patchset, this will be cleaned up so the uapi headers are
usable from libc.

Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Eugene Syromiatnikov <esyr@redhat.com>
Cc: <linux-alpha@vger.kernel.org>
Cc: <linux-serial@vger.kernel.org>
Cc: Johan Hovold <johan@kernel.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-08 04:09:30 -08:00
Linus Torvalds b00d209241 Small improvements to Compiler Attributes:
- Define asm_volatile_goto for non-gcc compilers
     From Nick Desaulniers
 
   - Improve the explanation of compiler_attributes.h
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEPjU5OPd5QIZ9jqqOGXyLc2htIW0FAlvkElAACgkQGXyLc2ht
 IW1QnhAA3RDKTCK2Y5GsTbZpA3NDItnjKXqCFW24YyHookcgnKrytnsZgFCUKZBA
 ys551crML+7HeFC2HdipORLuG+cXbjEl5IzblTAqOQQGmPa9g+kVWOiMiZhJWTVT
 gHrkwZKxSV3ndbsCHtnX9UEFwjOWFGfdvdhe33pcFZefAXd7y/fjLnlPBdPq5zh0
 BnHoLPRvuWFR+m2qOWbVTn/bq1JqpfTsn1fFC5aFFTruQRGBcPbpa1yoPiB6tVsJ
 OLdlScnS9J7zafGE65Ig+x57rYADV7c7Wm8kupwpo7Qvrmnhg4skUp7YGb/O4XiO
 sbH6N+Tn0PD3EzxxZGq1ZBq+ZirM2sfqYsWJmf+igfUU+fP/tmkl5JZtuIeW9c2J
 9GZcMfn5LZkraPGV6eZBTou7Kdz33vLmPXGPOc49BZGWSthjQ/8NYD5yjfZvK2xv
 TFV2DdQ+WQizejwdsuAUrxOHCUUeLJEjsAkQrHKhzPWRs448bkAVWTy3IN1Z+g1o
 spElAy8PIK8XFVyAa8o/SPhB0sghIHERA4p7Y+utKdF/D/sy13cDd27R/Dzf/282
 tu0tpb00glFYUHtDUpYKBFjYY76upcukPJ/QtQXDzI7ohRfULs7lHrxqFQBqzlKy
 mqDh5tmLNKdziQp5nttCAh3q/s8Bl591M/0aTKRYcY9yFp2Ezs0=
 =QZoP
 -----END PGP SIGNATURE-----

Merge tag 'compiler-attributes-for-linus-v4.20-rc2' of https://github.com/ojeda/linux

Pull compiler attribute fixlets from Miguel Ojeda:
 "Small improvements to Compiler Attributes:

   - Define asm_volatile_goto for non-gcc compilers (Nick Desaulniers)

   - Improve the explanation of compiler_attributes.h"

* tag 'compiler-attributes-for-linus-v4.20-rc2' of https://github.com/ojeda/linux:
  Compiler Attributes: improve explanation of header
  include/linux/compiler*.h: define asm_volatile_goto
2018-11-08 07:06:58 -05:00
Linus Torvalds d50ffc585d MTD changes:
* Kill a VLA in sa1100
 
 SPI NOR changes:
 * Make sure ->addr_width is restored when SFDP parsing fails
 * Propate errors happening in cqspi_direct_read_execute()
 
 NAND changes:
 * Fix kernel-doc mismatch
 * Fix nanddev_neraseblocks() to return the correct value
 * Avoid selection of BCH_CONST_PARAMS when some users require
   dynamic BCH settings
 -----BEGIN PGP SIGNATURE-----
 
 iQJQBAABCgA6FiEEKmCqpbOU668PNA69Ze02AX4ItwAFAlvkDewcHGJvcmlzLmJy
 ZXppbGxvbkBib290bGluLmNvbQAKCRBl7TYBfgi3ACLTD/9DyyWKnH5xJAc/bjj0
 o2cka+L5xW/jUiUMUhNJqwcOCD11PiuXAxsHlJY6HhGXldl4hm8T6rFagmo0B897
 HaK2rn0guTERzJUk6EUKiX8wwenwuv6lpAfEGfcUPJe7EMEm5L7e5ETtwGUVEWBt
 rcRakt5m3VTIW7g7BzExxAalcNuAs80u8RVflsvS2TRLuFo63SnyI4JCo/7k/11a
 3itq3x4PNQJcsuKZzX0b7rWO3crB/McCtRStSF11ZCDD5X7KmHKrULBEhaDMfezS
 2SzRYe9l8ZtEE3INZny+73H6s6aIhPdTR5UMj9vIyZLDe58nsrzwBBs0jUwttogD
 QZkzRylGSkNKBfN/FIFkL3NcTY5ub5caVIT04JCdSc28k/HdprHfQC7VMj9o9iLU
 FcNsCMU6lmrL3WxudzSng4mZ89JCzoZyjOI5i5i9lM4Hxj+hTehKyIZllc9aT7PR
 l1H9zr+djscNXfQSHEljJbzcFuHVbViILobO3ASbOIsaUiv6RTTZ4kiyEeXoke0C
 Tg2TNCo3az5xZGhHrY9qvJXYFlNJrilU3K926gKAG3s0LVOCXK43D+N1Nm2q6ISu
 Bzzg6ND6Lzey2l4zhFGGqpLyA81bbhgyKs6xi5NCSU7NDAdAo2+fwgbkE95/SXP/
 w7oJq1FSia9PDgaBUeTPFdT7EA==
 =uVyq
 -----END PGP SIGNATURE-----

Merge tag 'mtd/fixes-for-4.20-rc2' of git://git.infradead.org/linux-mtd

Pull MTD fixes from Boris Brezillon:
 "MTD changes:
   - Kill a VLA in sa1100

  SPI NOR changes:
   - Make sure ->addr_width is restored when SFDP parsing fails
   - Propate errors happening in cqspi_direct_read_execute()

  NAND changes:
   - Fix kernel-doc mismatch
   - Fix nanddev_neraseblocks() to return the correct value
   - Avoid selection of BCH_CONST_PARAMS when some users require dynamic
     BCH settings"

* tag 'mtd/fixes-for-4.20-rc2' of git://git.infradead.org/linux-mtd:
  mtd: nand: Fix nanddev_pos_next_page() kernel-doc header
  mtd: sa1100: avoid VLA in sa1100_setup_mtd
  mtd: spi-nor: Reset nor->addr_width when SFDP parsing failed
  mtd: spi-nor: cadence-quadspi: Return error code in cqspi_direct_read_execute()
  mtd: nand: Fix nanddev_neraseblocks()
  mtd: nand: drop kernel-doc notation for a deleted function parameter
  mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
2018-11-08 07:04:29 -05:00
H. Peter Anvin 991a251940 termios, tty/tty_baudrate.c: fix buffer overrun
On architectures with CBAUDEX == 0 (Alpha and PowerPC), the code in tty_baudrate.c does
not do any limit checking on the tty_baudrate[] array, and in fact a
buffer overrun is possible on both architectures. Add a limit check to
prevent that situation.

This will be followed by a much bigger cleanup/simplification patch.

Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
Requested-by: Cc: Johan Hovold <johan@kernel.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Eugene Syromiatnikov <esyr@redhat.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-08 03:36:45 -08:00
Mikulas Patocka 943210ba80 vt: fix broken display when running aptitude
If you run aptitude on framebuffer console, the display is corrupted. The
corruption is caused by the commit d8ae7242. The patch adds "offset" to
"start" when calling scr_memsetw, but it forgets to do the same addition
on a subsequent call to do_update_region.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Fixes: d8ae724271 ("vt: preserve unicode values corresponding to screen characters")
Reviewed-by: Nicolas Pitre <nico@linaro.org>
Cc: stable@vger.kernel.org	# 4.19
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-08 03:36:40 -08:00
Miguel Ojeda 24efee412c Compiler Attributes: improve explanation of header
Explain better what "optional" attributes are, and avoid calling
them so to avoid confusion. Simply retain "Optional" as a word
to look for in the comments.

Moreover, add a couple sentences to explain a bit more the intention
and the documentation links.

Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
2018-11-08 11:33:52 +01:00
Eric W. Biederman 9c8e0a1b68 mount: Prevent MNT_DETACH from disconnecting locked mounts
Timothy Baldwin <timbaldwin@fastmail.co.uk> wrote:
> As per mount_namespaces(7) unprivileged users should not be able to look under mount points:
>
>   Mounts that come as a single unit from more privileged mount are locked
>   together and may not be separated in a less privileged mount namespace.
>
> However they can:
>
> 1. Create a mount namespace.
> 2. In the mount namespace open a file descriptor to the parent of a mount point.
> 3. Destroy the mount namespace.
> 4. Use the file descriptor to look under the mount point.
>
> I have reproduced this with Linux 4.16.18 and Linux 4.18-rc8.
>
> The setup:
>
> $ sudo sysctl kernel.unprivileged_userns_clone=1
> kernel.unprivileged_userns_clone = 1
> $ mkdir -p A/B/Secret
> $ sudo mount -t tmpfs hide A/B
>
>
> "Secret" is indeed hidden as expected:
>
> $ ls -lR A
> A:
> total 0
> drwxrwxrwt 2 root root 40 Feb 12 21:08 B
>
> A/B:
> total 0
>
>
> The attack revealing "Secret":
>
> $ unshare -Umr sh -c "exec unshare -m ls -lR /proc/self/fd/4/ 4<A"
> /proc/self/fd/4/:
> total 0
> drwxr-xr-x 3 root root 60 Feb 12 21:08 B
>
> /proc/self/fd/4/B:
> total 0
> drwxr-xr-x 2 root root 40 Feb 12 21:08 Secret
>
> /proc/self/fd/4/B/Secret:
> total 0

I tracked this down to put_mnt_ns running passing UMOUNT_SYNC and
disconnecting all of the mounts in a mount namespace.  Fix this by
factoring drop_mounts out of drop_collected_mounts and passing
0 instead of UMOUNT_SYNC.

There are two possible behavior differences that result from this.
- No longer setting UMOUNT_SYNC will no longer set MNT_SYNC_UMOUNT on
  the vfsmounts being unmounted.  This effects the lazy rcu walk by
  kicking the walk out of rcu mode and forcing it to be a non-lazy
  walk.
- No longer disconnecting locked mounts will keep some mounts around
  longer as they stay because the are locked to other mounts.

There are only two users of drop_collected mounts: audit_tree.c and
put_mnt_ns.

In audit_tree.c the mounts are private and there are no rcu lazy walks
only calls to iterate_mounts. So the changes should have no effect
except for a small timing effect as the connected mounts are disconnected.

In put_mnt_ns there may be references from process outside the mount
namespace to the mounts.  So the mounts remaining connected will
be the bug fix that is needed.  That rcu walks are allowed to continue
appears not to be a problem especially as the rcu walk change was about
an implementation detail not about semantics.

Cc: stable@vger.kernel.org
Fixes: 5ff9d8a65c ("vfs: Lock in place mounts from more privileged users")
Reported-by: Timothy Baldwin <timbaldwin@fastmail.co.uk>
Tested-by: Timothy Baldwin <timbaldwin@fastmail.co.uk>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2018-11-08 01:05:32 -06:00
Thomas Richter 0bb2ae1b26 s390/perf: Change CPUM_CF return code in event init function
The function perf_init_event() creates a new event and
assignes it to a PMU. This a done in a loop over all existing
PMUs. For each listed PMU the event init function is called
and if this function does return any other error than -ENOENT,
the loop is terminated the creation of the event fails.

If the event is invalid, return -ENOENT to try other PMUs.

Signed-off-by: Thomas Richter <tmricht@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-11-08 07:58:16 +01:00
Juri Lelli e6a2d72c10 posix-cpu-timers: Remove useless call to check_dl_overrun()
check_dl_overrun() is used to send a SIGXCPU to users that asked to be
informed when a SCHED_DEADLINE runtime overruns occur.

The function is called by check_thread_timers() already, so the call in
check_process_timers() is redundant/wrong (even though harmless).

Remove it.

Fixes: 34be39305a ("sched/deadline: Implement "runtime overrun signal" support")
Signed-off-by: Juri Lelli <juri.lelli@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Daniel Bristot de Oliveira <bristot@redhat.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: linux-rt-users@vger.kernel.org
Cc: mtk.manpages@gmail.com
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Luca Abeni <luca.abeni@santannapisa.it>
Cc: Claudio Scordino <claudio@evidence.eu.com>
Link: https://lkml.kernel.org/r/20181107111032.32291-1-juri.lelli@redhat.com
2018-11-08 07:43:35 +01:00
Michał Mirosław b25ddb00bc qlcnic: remove assumption that vlan_tci != 0
VLAN.TCI == 0 is perfectly valid (802.1p), so allow it to be accelerated.

Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-07 22:37:55 -08:00
Michał Mirosław e84b47941e ibmvnic: fix accelerated VLAN handling
Don't request tag insertion when it isn't present in outgoing skb.

Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-07 22:36:21 -08:00
Eric W. Biederman df7342b240 mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
Jonathan Calmels from NVIDIA reported that he's able to bypass the
mount visibility security check in place in the Linux kernel by using
a combination of the unbindable property along with the private mount
propagation option to allow a unprivileged user to see a path which
was purposefully hidden by the root user.

Reproducer:
  # Hide a path to all users using a tmpfs
  root@castiana:~# mount -t tmpfs tmpfs /sys/devices/
  root@castiana:~#

  # As an unprivileged user, unshare user namespace and mount namespace
  stgraber@castiana:~$ unshare -U -m -r

  # Confirm the path is still not accessible
  root@castiana:~# ls /sys/devices/

  # Make /sys recursively unbindable and private
  root@castiana:~# mount --make-runbindable /sys
  root@castiana:~# mount --make-private /sys

  # Recursively bind-mount the rest of /sys over to /mnnt
  root@castiana:~# mount --rbind /sys/ /mnt

  # Access our hidden /sys/device as an unprivileged user
  root@castiana:~# ls /mnt/devices/
  breakpoint cpu cstate_core cstate_pkg i915 intel_pt isa kprobe
  LNXSYSTM:00 msr pci0000:00 platform pnp0 power software system
  tracepoint uncore_arb uncore_cbox_0 uncore_cbox_1 uprobe virtual

Solve this by teaching copy_tree to fail if a mount turns out to be
both unbindable and locked.

Cc: stable@vger.kernel.org
Fixes: 5ff9d8a65c ("vfs: Lock in place mounts from more privileged users")
Reported-by: Jonathan Calmels <jcalmels@nvidia.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2018-11-08 00:30:30 -06:00
Eric W. Biederman 25d202ed82 mount: Retest MNT_LOCKED in do_umount
It was recently pointed out that the one instance of testing MNT_LOCKED
outside of the namespace_sem is in ksys_umount.

Fix that by adding a test inside of do_umount with namespace_sem and
the mount_lock held.  As it helps to fail fails the existing test is
maintained with an additional comment pointing out that it may be racy
because the locks are not held.

Cc: stable@vger.kernel.org
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Fixes: 5ff9d8a65c ("vfs: Lock in place mounts from more privileged users")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2018-11-08 00:14:21 -06:00
David S. Miller b1870a6d3f Merge branch 'FDDI-defza-Fix-a-bunch-of-small-issues'
Maciej W. Rozycki says:

====================
FDDI: defza: Fix a bunch of small issues

 Here is a bunch of small fixes addressing issues that I missed in my
final round of testing.  None of these affect run-time behaviour.  One was
actually found by the kbuild bot, which turned out to be more pedantic
than my compiler.  See individual change descriptions for details.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-07 21:53:31 -08:00
Maciej W. Rozycki 8f5365ebf7 FDDI: defza: Make the driver version string constant
The driver version string is obviously not meant to be changed at run
time, so mark it `const'.

Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-07 21:53:31 -08:00
Maciej W. Rozycki 04453b6b24 FDDI: defza: Move SMT Tx data buffer declaration next to its skb
Move the temporary data buffer used when tapping into the SMT Tx queue
from the outer function level into the conditional block it's actually
used in and its containing skb is also declared, making the structure of
code better.

Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-07 21:53:31 -08:00
Maciej W. Rozycki 5f5fae37db FDDI: defza: Add missing comment closing
Fix:

drivers/net/fddi/defza.h:238:1: warning: "/*" within comment [-Wcomment]

by adding a missing comment closing.

Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-07 21:53:30 -08:00
Maciej W. Rozycki 96ed82cc1f FDDI: defza: Fix SPDX annotation
The SPDX annotation for this driver does not match the license text,
which specifies GNU GPL 2 or later.  Make the two match by correcting
the SPDX tag.

Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-07 21:53:30 -08:00
Jann Horn d2f007dbe7 userns: also map extents in the reverse map to kernel IDs
The current logic first clones the extent array and sorts both copies, then
maps the lower IDs of the forward mapping into the lower namespace, but
doesn't map the lower IDs of the reverse mapping.

This means that code in a nested user namespace with >5 extents will see
incorrect IDs. It also breaks some access checks, like
inode_owner_or_capable() and privileged_wrt_inode_uidgid(), so a process
can incorrectly appear to be capable relative to an inode.

To fix it, we have to make sure that the "lower_first" members of extents
in both arrays are translated; and we have to make sure that the reverse
map is sorted *after* the translation (since otherwise the translation can
break the sorting).

This is CVE-2018-18955.

Fixes: 6397fac491 ("userns: bump idmap limits to 340")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Tested-by: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2018-11-07 23:51:16 -06:00
Vasily Averin de59fae004 ext4: fix buffer leak in __ext4_read_dirblock() on error path
Fixes: dc6982ff4d ("ext4: refactor code to read directory blocks ...")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 3.9
2018-11-07 22:36:23 -05:00
David S. Miller 69e362985f Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue
Jeff Kirsher says:

====================
Intel Wired LAN Driver Updates 2018-11-07

This series contains fixes to igb, i40e and ice drivers.

Anirudh fixes an issue during rebuild of the ice driver, where we need
to set the carrier state, as well as start or stop the queues all based
on the link status.  Removed functions that were duplicating current
functionality in the VSI rebuild/replay framework.

Dave fixes a potential resource collision during the remove path, so add
a check to see if we are in the middle of a reset.  Fixed the remove
path to ensure we call netif_napi_del() to free vectors before we set
vsi->netdev to NULL.

Akeem fixes an issue when the receive or transmit pause parameter is
set, results in link loss on the interface.  Fixed the spelling of
"Enabling" in error message.

Victor fixes potential memory leak by also freeing the related VSI
contexts in the unload path.

Md Fahad fixes a flag during port VLAN insertion, which was not being
set properly.

Brett fixes a transmit timeout during stress due to the hardware tail
and software tail were incorrectly out of sync.

Miroslav Lichvar fixes the igb PHC timecounter update interval to be
sure the timecounter is updated in time.

Chinh fixes the req_speeds variable to be u16 instead of u8 so that it
can handle all the link speeds.

Jake fixes i40e to add back the missing feature flags, which was causing
IP-in-IP offloads to be reported as not supported.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-07 17:08:51 -08:00
Lyude Paul 63237f8748 drm/amd/amdgpu/dm: Fix dm_dp_create_fake_mst_encoder()
[why]
Removing connector reusage from DM to match the rest of the tree ended
up revealing an issue that was surprisingly subtle. The original amdgpu
code for DC that was submitted appears to have left a chunk in
dm_dp_create_fake_mst_encoder() that tries to find a "master encoder",
the likes of which isn't actually used or stored anywhere. It does so at
the wrong time as well by trying to access parts of the drm_connector
from the encoder init before it's actually been initialized. This
results in a NULL pointer deref on MST hotplugs:

[  160.696613] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[  160.697234] PGD 0 P4D 0
[  160.697814] Oops: 0010 [#1] SMP PTI
[  160.698430] CPU: 2 PID: 64 Comm: kworker/2:1 Kdump: loaded Tainted: G           O      4.19.0Lyude-Test+ #2
[  160.699020] Hardware name: HP HP ZBook 15 G4/8275, BIOS P70 Ver. 01.22 05/17/2018
[  160.699672] Workqueue: events_long drm_dp_mst_link_probe_work [drm_kms_helper]
[  160.700322] RIP: 0010:          (null)
[  160.700920] Code: Bad RIP value.
[  160.701541] RSP: 0018:ffffc9000029fc78 EFLAGS: 00010206
[  160.702183] RAX: 0000000000000000 RBX: ffff8804440ed468 RCX: ffff8804440e9158
[  160.702778] RDX: 0000000000000000 RSI: ffff8804556c5700 RDI: ffff8804440ed000
[  160.703408] RBP: ffff880458e21800 R08: 0000000000000002 R09: 000000005fca0a25
[  160.704002] R10: ffff88045a077a3d R11: ffff88045a077a3c R12: ffff8804440ed000
[  160.704614] R13: ffff880458e21800 R14: ffff8804440e9000 R15: ffff8804440e9000
[  160.705260] FS:  0000000000000000(0000) GS:ffff88045f280000(0000) knlGS:0000000000000000
[  160.705854] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  160.706478] CR2: ffffffffffffffd6 CR3: 000000000200a001 CR4: 00000000003606e0
[  160.707124] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  160.707724] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  160.708372] Call Trace:
[  160.708998]  ? dm_dp_add_mst_connector+0xed/0x1d0 [amdgpu]
[  160.709625]  ? drm_dp_add_port+0x2fa/0x470 [drm_kms_helper]
[  160.710284]  ? wake_up_q+0x54/0x70
[  160.710877]  ? __mutex_unlock_slowpath.isra.18+0xb3/0x110
[  160.711512]  ? drm_dp_dpcd_access+0xe7/0x110 [drm_kms_helper]
[  160.712161]  ? drm_dp_send_link_address+0x155/0x1e0 [drm_kms_helper]
[  160.712762]  ? drm_dp_check_and_send_link_address+0xa3/0xd0 [drm_kms_helper]
[  160.713408]  ? drm_dp_mst_link_probe_work+0x4b/0x80 [drm_kms_helper]
[  160.714013]  ? process_one_work+0x1a1/0x3a0
[  160.714667]  ? worker_thread+0x30/0x380
[  160.715326]  ? wq_update_unbound_numa+0x10/0x10
[  160.715939]  ? kthread+0x112/0x130
[  160.716591]  ? kthread_create_worker_on_cpu+0x70/0x70
[  160.717262]  ? ret_from_fork+0x35/0x40
[  160.717886] Modules linked in: amdgpu(O) vfat fat snd_hda_codec_generic joydev i915 chash gpu_sched ttm i2c_algo_bit drm_kms_helper snd_hda_codec_hdmi hp_wmi syscopyarea iTCO_wdt sysfillrect sparse_keymap sysimgblt fb_sys_fops snd_hda_intel usbhid wmi_bmof drm snd_hda_codec btusb snd_hda_core intel_rapl btrtl x86_pkg_temp_thermal btbcm btintel coretemp snd_pcm crc32_pclmul bluetooth psmouse snd_timer snd pcspkr i2c_i801 mei_me i2c_core soundcore mei tpm_tis wmi tpm_tis_core hp_accel ecdh_generic lis3lv02d tpm video rfkill acpi_pad input_polldev hp_wireless pcc_cpufreq crc32c_intel serio_raw tg3 xhci_pci xhci_hcd [last unloaded: amdgpu]
[  160.720141] CR2: 0000000000000000

Somehow the connector reusage DM was using for MST connectors managed to
paper over this issue entirely; hence why this was never caught until
now.

[how]
Since this code isn't used anywhere and seems useless anyway, we can
just drop it entirely. This appears to fix the issue on my HP ZBook with
an AMD WX4150.

Signed-off-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2018-11-07 18:21:05 -05:00
Jerry (Fangzhi) Zuo 0e6613e46f drm/amd/display: Drop reusing drm connector for MST
[why]
It is not safe to keep existing connector while entire topology
has been removed. Could lead potential impact to uapi.
Entirely unregister all the connectors on the topology,
and use a new set of connectors when the topology is plugged back
on.

[How]
Remove the drm connector entirely each time when the
corresponding MST topology is gone.
When hotunplug a connector (e.g., DP2)
1. Remove connector from userspace.
2. Drop it's reference.
When hotplug back on:
1. Detect new topology, and create new connectors.
2. Notify userspace with sysfs hotplug event.
3. Reprobe new connectors, and reassign CRTC from old (e.g., DP2)
to new (e.g., DP3) connector.

Signed-off-by: Jerry (Fangzhi) Zuo <Jerry.Zuo@amd.com>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2018-11-07 18:20:56 -05:00
Jerry (Fangzhi) Zuo 8be17ac95f drm/amd/display: Cleanup MST non-atomic code workaround
[why]
It is not correct to touch aconnector within atomic_check.

[How]
It was added as workaround before, and no longer needed.

Signed-off-by: Jerry (Fangzhi) Zuo <Jerry.Zuo@amd.com>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2018-11-07 18:20:49 -05:00
Evan Quan 108110a3ff drm/amd/powerplay: always use fast UCLK switching when UCLK DPM enabled
With UCLK DPM enabled, slow switching is not supported any more.

Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Feifei Xu <Feifei.Xu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2018-11-07 18:20:40 -05:00
Evan Quan 3c7eda0b65 drm/amd/powerplay: set a default fclk/gfxclk ratio
Otherwise big gap between these two clocks may causes
some hangs.

Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Feifei Xu <Feifei.Xu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2018-11-07 18:20:32 -05:00
Keith Busch f3587d76da block: Clear kernel memory before copying to user
If the kernel allocates a bounce buffer for user read data, this memory
needs to be cleared before copying it to the user, otherwise it may leak
kernel memory to user space.

Laurence Oberman <loberman@redhat.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-11-07 15:41:31 -07:00
Geert Uytterhoeven e31d36b0a4 MAINTAINERS: Fix remaining pointers to obsolete libata.git
libata.git no longer exists.  Replace the remaining pointers to it by
pointers to the block tree, which is where all libata development
happens now.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-11-07 15:27:26 -07:00
Jens Axboe 6961cd4d0f ubd: fix missing lock around request issue
We need to hold the device lock (and disable interrupts) while
writing new commands, or we could be interrupted while that
is happening and read invalid requests in the completion path.

Fixes: 4e6da0fe80 ("um: Convert ubd driver to blk-mq")
Tested-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-11-07 14:34:05 -07:00
Geert Uytterhoeven 406e7f986b Documentation: ABI: led-trigger-pattern: Fix typos
- Spelling s/brigntess/brightness/,
  - Double "use".

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
2018-11-07 21:43:46 +01:00
Baolin Wang 3a40cfe8ba leds: trigger: Fix sleeping function called from invalid context
We will meet below issue due to mutex_lock() is called in interrupt context.
The mutex lock is used to protect the pattern trigger data, but before changing
new pattern trigger data (pattern values or repeat value) by users, we always
cancel the timer firstly to clear previous patterns' performance. That means
there is no race in pattern_trig_timer_function(), so we can drop the mutex
lock in pattern_trig_timer_function() to avoid this issue.

Moreover we can move the timer cancelling into mutex protection, since there
is no deadlock risk if we remove the mutex lock in pattern_trig_timer_function().

BUG: sleeping function called from invalid context at kernel/locking/mutex.c:254
in_atomic(): 1, irqs_disabled(): 0, pid: 0, name: swapper/1
CPU: 1 PID: 0 Comm: swapper/1 Not tainted
4.20.0-rc1-koelsch-00841-ga338c8181013c1a9 #171
Hardware name: Generic R-Car Gen2 (Flattened Device Tree)
[<c020f19c>] (unwind_backtrace) from [<c020aecc>] (show_stack+0x10/0x14)
[<c020aecc>] (show_stack) from [<c07affb8>] (dump_stack+0x7c/0x9c)
[<c07affb8>] (dump_stack) from [<c02417d4>] (___might_sleep+0xf4/0x158)
[<c02417d4>] (___might_sleep) from [<c07c92c4>] (mutex_lock+0x18/0x60)
[<c07c92c4>] (mutex_lock) from [<c067b28c>] (pattern_trig_timer_function+0x1c/0x11c)
[<c067b28c>] (pattern_trig_timer_function) from [<c027f6fc>] (call_timer_fn+0x1c/0x90)
[<c027f6fc>] (call_timer_fn) from [<c027f944>] (expire_timers+0x94/0xa4)
[<c027f944>] (expire_timers) from [<c027fc98>] (run_timer_softirq+0x108/0x15c)
[<c027fc98>] (run_timer_softirq) from [<c02021cc>] (__do_softirq+0x1d4/0x258)
[<c02021cc>] (__do_softirq) from [<c0224d24>] (irq_exit+0x64/0xc4)
[<c0224d24>] (irq_exit) from [<c0268dd0>] (__handle_domain_irq+0x80/0xb4)
[<c0268dd0>] (__handle_domain_irq) from [<c045e1b0>] (gic_handle_irq+0x58/0x90)
[<c045e1b0>] (gic_handle_irq) from [<c02019f8>] (__irq_svc+0x58/0x74)
Exception stack(0xeb483f60 to 0xeb483fa8)
3f60: 00000000 00000000 eb9afaa0 c0217e80 00000000 ffffe000 00000000 c0e06408
3f80: 00000002 c0e0647c c0c6a5f0 00000000 c0e04900 eb483fb0 c0207ea8 c0207e98
3fa0: 60020013 ffffffff
[<c02019f8>] (__irq_svc) from [<c0207e98>] (arch_cpu_idle+0x1c/0x38)
[<c0207e98>] (arch_cpu_idle) from [<c0247ca8>] (do_idle+0x138/0x268)
[<c0247ca8>] (do_idle) from [<c0248050>] (cpu_startup_entry+0x18/0x1c)
[<c0248050>] (cpu_startup_entry) from [<402022ec>] (0x402022ec)

Fixes: 5fd752b6b3 ("leds: core: Introduce LED pattern trigger")
Signed-off-by: Baolin Wang <baolin.wang@linaro.org>
Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
2018-11-07 21:43:25 +01:00
Johannes Thumshirn df376b2ed5 block: respect virtual boundary mask in bvecs
With drivers that are settting a virtual boundary constrain, we are
seeing a lot of bio splitting and smaller I/Os being submitted to the
driver.

This happens because the bio gap detection code does not account cases
where PAGE_SIZE - 1 is bigger than queue_virt_boundary() and thus will
split the bio unnecessarily.

Cc: Jan Kara <jack@suse.cz>
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-11-07 13:04:22 -07:00
Linus Torvalds 85758777c2 hwmon fixes for v4.20-rc2
- Remove bogus __init annotations in ibmpowernv driver
 - Fix double-free in error handling of __hwmon_device_register()
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJb4enqAAoJEMsfJm/On5mBcX4QAJntHN4e0jXYqe6kY0lq5DBT
 pvL43WoqkpjM5//vOzyLXBAvM2nlZvisCBPGVnB9TD0kPZ8cdG00SEuwrOXyt8Pr
 RoTbiPXV4PY3t2Ksmm8KPmbkysbAJMKsNsfGCQqy3HK+8OrbHjgsrBvdrDF9bCDO
 d4tPttVidZuTx4X7+kSCkpwUqTslOFw1kcOs4meGSPi1lHphwRXwI2+pC/fgz+IQ
 voqG5v20fJEZ6AM9rVEn/qRQubNGmBxenMyo5LuPjwJzTLo6xtVgdE6zGtxiKeJE
 NIgJxKvwFAdVsHOqMU1O+THsi7l1HefMK0K/1vS1X49UOnwE/CcOLznxRfdd9yqm
 dxaqqnTrUQ453HCjnlT79FSQPINAWDMsyu7ztsHQ2864rfkCZgpiEPDtvt15rT/K
 f5QutzRYOO2bma+tSumprlAU3TXnXuTohbFBxis+384N1VuBtxwJ63dY3cG9Ed6v
 xCOqxndB/y8epHErujFBSX1NO5NE8bU3W9eW7CITrqrxclUuG9F5RkKDbyFYyRnk
 HNR7RB2SBF5M4XdZQwjH+IGR9j288ChUGKbzEJNDVFbTfdD29Sw6MbSS4dmkNepL
 9KKdBWEu/Q2py5Z0SXpY+kAwIl3MIixZ0Uofqt43R9KGdHZaBRxuKrcd8Kppsu7A
 4OZxBtHSF9Z9MAWvDTiv
 =MwAW
 -----END PGP SIGNATURE-----

Merge tag 'hwmon-for-v4.20-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

Pull hwmon fixes from Guenter Roeck:

 - Remove bogus __init annotations in ibmpowernv driver

 - Fix double-free in error handling of __hwmon_device_register()

* tag 'hwmon-for-v4.20-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hwmon: (ibmpowernv) Remove bogus __init annotations
  hwmon: (core) Fix double-free in __hwmon_device_register()
2018-11-07 11:39:07 -08:00
Omar Sandoval d6fd0ae25c Btrfs: fix missing delayed iputs on unmount
There's a race between close_ctree() and cleaner_kthread().
close_ctree() sets btrfs_fs_closing(), and the cleaner stops when it
sees it set, but this is racy; the cleaner might have already checked
the bit and could be cleaning stuff. In particular, if it deletes unused
block groups, it will create delayed iputs for the free space cache
inodes. As of "btrfs: don't run delayed_iputs in commit", we're no
longer running delayed iputs after a commit. Therefore, if the cleaner
creates more delayed iputs after delayed iputs are run in
btrfs_commit_super(), we will leak inodes on unmount and get a busy
inode crash from the VFS.

Fix it by parking the cleaner before we actually close anything. Then,
any remaining delayed iputs will always be handled in
btrfs_commit_super(). This also ensures that the commit in close_ctree()
is really the last commit, so we can get rid of the commit in
cleaner_kthread().

The fstest/generic/475 followed by 476 can trigger a crash that
manifests as a slab corruption caused by accessing the freed kthread
structure by a wake up function. Sample trace:

[ 5657.077612] BUG: unable to handle kernel NULL pointer dereference at 00000000000000cc
[ 5657.079432] PGD 1c57a067 P4D 1c57a067 PUD da10067 PMD 0
[ 5657.080661] Oops: 0000 [#1] PREEMPT SMP
[ 5657.081592] CPU: 1 PID: 5157 Comm: fsstress Tainted: G        W         4.19.0-rc8-default+ #323
[ 5657.083703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626cc-prebuilt.qemu-project.org 04/01/2014
[ 5657.086577] RIP: 0010:shrink_page_list+0x2f9/0xe90
[ 5657.091937] RSP: 0018:ffffb5c745c8f728 EFLAGS: 00010287
[ 5657.092953] RAX: 0000000000000074 RBX: ffffb5c745c8f830 RCX: 0000000000000000
[ 5657.094590] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff9a8747fdf3d0
[ 5657.095987] RBP: ffffb5c745c8f9e0 R08: 0000000000000000 R09: 0000000000000000
[ 5657.097159] R10: ffff9a8747fdf5e8 R11: 0000000000000000 R12: ffffb5c745c8f788
[ 5657.098513] R13: ffff9a877f6ff2c0 R14: ffff9a877f6ff2c8 R15: dead000000000200
[ 5657.099689] FS:  00007f948d853b80(0000) GS:ffff9a877d600000(0000) knlGS:0000000000000000
[ 5657.101032] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5657.101953] CR2: 00000000000000cc CR3: 00000000684bd000 CR4: 00000000000006e0
[ 5657.103159] Call Trace:
[ 5657.103776]  shrink_inactive_list+0x194/0x410
[ 5657.104671]  shrink_node_memcg.constprop.84+0x39a/0x6a0
[ 5657.105750]  shrink_node+0x62/0x1c0
[ 5657.106529]  try_to_free_pages+0x1a4/0x500
[ 5657.107408]  __alloc_pages_slowpath+0x2c9/0xb20
[ 5657.108418]  __alloc_pages_nodemask+0x268/0x2b0
[ 5657.109348]  kmalloc_large_node+0x37/0x90
[ 5657.110205]  __kmalloc_node+0x236/0x310
[ 5657.111014]  kvmalloc_node+0x3e/0x70

Fixes: 30928e9baa ("btrfs: don't run delayed_iputs in commit")
Signed-off-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ add trace ]
Signed-off-by: David Sterba <dsterba@suse.com>
2018-11-07 20:17:45 +01:00
Jacob Keller d5596fd467 i40e: enable NETIF_F_NTUPLE and NETIF_F_HW_TC at driver load
The assignment of the feature flag NETIF_F_NTUPLE and NETIF_F_HW_TC
occurs prior to the initial setup of the local hw_features variable.

This means the features are set as user-changeable, but are not set in
the currently active feature list. This results in the features being
disabled at the driver's initial load.

Move the assignment after the initial assignment of hw_features, and
assign to the local variable. This ensures that NETIF_F_NTUPLE and
NETIF_F_HW_TC are marked as user-changeable, and also enables them by
default when the driver loads.

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2018-11-07 10:32:15 -08:00
Jacob Keller ba766b8b99 i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features
Since commit bacd75cfac ("i40e/i40evf: Add capability exchange for
outer checksum", 2017-04-06) the i40e driver has not reported support
for IP-in-IP offloads. This likely occurred due to a bad rebase, as the
commit extracts hw_enc_features into its own variable. As part of this
change, it dropped the NETIF_F_FSO_IPXIP flags from the
netdev->hw_enc_features. This was unfortunately not caught during code
review.

Fix this by adding back the missing feature flags.

For reference, NETIF_F_GSO_IPXIP4 was added in commit 7e13318daa
("net: define gso types for IPx over IPv4 and IPv6", 2016-05-20),
replacing NETIF_F_GSO_IPIP and NETIF_F_GSO_SIT.

NETIF_F_GSO_IPXIP6 was added in commit bf2d1df395 ("intel: Add support
for IPv6 IP-in-IP offload", 2016-05-20).

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2018-11-07 09:45:42 -08:00
Chinh T Cao ffe498237b ice: Change req_speeds to be u16
Since the req_speeds field in struct ice_link_status is a u8,
req_speeds & ICE_AQ_LINK_SPEED_40GB always returns 0. This was caught
by a coverity scan.

Fix this by changing req_speeds to be u16.

Reported-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Chinh T Cao <chinh.t.cao@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2018-11-07 09:37:28 -08:00