Commit Graph

812277 Commits

Author SHA1 Message Date
Liu Bo 2698484178 blk-mq: remove duplicated definition of blk_mq_freeze_queue
As the prototype has been defined in "include/linux/blk-mq.h", the one
in "block/blk-mq.h" can be removed then.

Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-02-08 12:42:29 -07:00
Liu Bo 391f552af2 Blk-iolatency: warn on negative inflight IO counter
This is to catch any unexpected negative value of inflight IO counter.

Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-02-08 12:42:27 -07:00
Liu Bo 8c772a9bfc blk-iolatency: fix IO hang due to negative inflight counter
Our test reported the following stack, and vmcore showed that
->inflight counter is -1.

[ffffc9003fcc38d0] __schedule at ffffffff8173d95d
[ffffc9003fcc3958] schedule at ffffffff8173de26
[ffffc9003fcc3970] io_schedule at ffffffff810bb6b6
[ffffc9003fcc3988] blkcg_iolatency_throttle at ffffffff813911cb
[ffffc9003fcc3a20] rq_qos_throttle at ffffffff813847f3
[ffffc9003fcc3a48] blk_mq_make_request at ffffffff8137468a
[ffffc9003fcc3b08] generic_make_request at ffffffff81368b49
[ffffc9003fcc3b68] submit_bio at ffffffff81368d7d
[ffffc9003fcc3bb8] ext4_io_submit at ffffffffa031be00 [ext4]
[ffffc9003fcc3c00] ext4_writepages at ffffffffa03163de [ext4]
[ffffc9003fcc3d68] do_writepages at ffffffff811c49ae
[ffffc9003fcc3d78] __filemap_fdatawrite_range at ffffffff811b6188
[ffffc9003fcc3e30] filemap_write_and_wait_range at ffffffff811b6301
[ffffc9003fcc3e60] ext4_sync_file at ffffffffa030cee8 [ext4]
[ffffc9003fcc3ea8] vfs_fsync_range at ffffffff8128594b
[ffffc9003fcc3ee8] do_fsync at ffffffff81285abd
[ffffc9003fcc3f18] sys_fsync at ffffffff81285d50
[ffffc9003fcc3f28] do_syscall_64 at ffffffff81003c04
[ffffc9003fcc3f50] entry_SYSCALL_64_after_swapgs at ffffffff81742b8e

The ->inflight counter may be negative (-1) if

1) blk-iolatency was disabled when the IO was issued,

2) blk-iolatency was enabled before this IO reached its endio,

3) the ->inflight counter is decreased from 0 to -1 in endio()

In fact the hang can be easily reproduced by the below script,

H=/sys/fs/cgroup/unified/
P=/sys/fs/cgroup/unified/test

echo "+io" > $H/cgroup.subtree_control
mkdir -p $P

echo $$ > $P/cgroup.procs

xfs_io -f -d -c "pwrite 0 4k" /dev/sdg

echo "`cat /sys/block/sdg/dev` target=1000000" > $P/io.latency

xfs_io -f -d -c "pwrite 0 4k" /dev/sdg

This fixes the problem by freezing the queue so that while
enabling/disabling iolatency, there is no inflight rq running.

Note that quiesce_queue is not needed as this only updating iolatency
configuration about which dispatching request_queue doesn't care.

Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-02-08 12:42:26 -07:00
Linus Torvalds 27b4ad621e Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
 "This pull request is dedicated to the upcoming snowpocalypse parts 2
  and 3 in the Pacific Northwest:

   1) Drop profiles are broken because some drivers use dev_kfree_skb*
      instead of dev_consume_skb*, from Yang Wei.

   2) Fix IWLWIFI kconfig deps, from Luca Coelho.

   3) Fix percpu maps updating in bpftool, from Paolo Abeni.

   4) Missing station release in batman-adv, from Felix Fietkau.

   5) Fix some networking compat ioctl bugs, from Johannes Berg.

   6) ucc_geth must reset the BQL queue state when stopping the device,
      from Mathias Thore.

   7) Several XDP bug fixes in virtio_net from Toshiaki Makita.

   8) TSO packets must be sent always on queue 0 in stmmac, from Jose
      Abreu.

   9) Fix socket refcounting bug in RDS, from Eric Dumazet.

  10) Handle sparse cpu allocations in bpf selftests, from Martynas
      Pumputis.

  11) Make sure mgmt frames have enough tailroom in mac80211, from Felix
      Feitkau.

  12) Use safe list walking in sctp_sendmsg() asoc list traversal, from
      Greg Kroah-Hartman.

  13) Make DCCP's ccid_hc_[rt]x_parse_options always check for NULL
      ccid, from Eric Dumazet.

  14) Need to reload WoL password into bcmsysport device after deep
      sleeps, from Florian Fainelli.

  15) Remove filter from mask before freeing in cls_flower, from Petr
      Machata.

  16) Missing release and use after free in error paths of s390 qeth
      code, from Julian Wiedmann.

  17) Fix lockdep false positive in dsa code, from Marc Zyngier.

  18) Fix counting of ATU violations in mv88e6xxx, from Andrew Lunn.

  19) Fix EQ firmware assert in qed driver, from Manish Chopra.

  20) Don't default Caivum PTP to Y in kconfig, from Bjorn Helgaas"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (116 commits)
  net: dsa: b53: Fix for failure when irq is not defined in dt
  sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
  geneve: should not call rt6_lookup() when ipv6 was disabled
  net: Don't default Cavium PTP driver to 'y'
  net: broadcom: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: via-velocity: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: tehuti: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: sun: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: fsl_ucc_hdlc: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: fec_mpc52xx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: smsc: epic100: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: dscc4: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: tulip: de2104x: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: defxx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net/mlx5e: Don't overwrite pedit action when multiple pedit used
  net/mlx5e: Update hw flows when encap source mac changed
  qed*: Advance drivers version to 8.37.0.20
  qed: Change verbosity for coalescing message.
  qede: Fix system crash on configuring channels.
  qed: Consider TX tcs while deriving the max num_queues for PF.
  ...
2019-02-08 11:21:54 -08:00
Nicholas Kazlauskas 727962f030 drm/amd/display: Expose connector VRR range via debugfs
[Why]
It's useful to know the min and max vrr range for IGT testing.

[How]
Expose the min and max vfreq for the connector via a debugfs file
on the connector, "vrr_range".

Example usage: cat /sys/kernel/debug/dri/0/DP-1/vrr_range

Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2019-02-08 14:12:25 -05:00
Eric Anholt 82abf33766 drm/sched: Always trace the dependencies we wait on, to fix a race.
The entity->dependency can go away completely once we've called
drm_sched_entity_add_dependency_cb() (if the cb is called before we
get around to tracing).  The tracepoint is more useful if we trace
every dependency instead of just ones that get callbacks installed,
anyway, so just do that.

Fixes any easy-to-produce OOPS when tracing the scheduler on V3D with
"perf record -a -e gpu_scheduler:.\* glxgears" and DEBUG_SLAB enabled.

Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Christian König <christian.koenig@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2019-02-08 14:02:33 -05:00
Linus Torvalds 680905431b Char/Misc fixes for 5.0-rc6
Here are some small char and misc driver fixes for 5.0-rc6.
 
 Nothing huge here, some more binderfs fixups found as people use it, and
 there is a "large" selftest added to validate the binderfs code, which
 makes up the majority of this pull request.
 
 There's also some small mei and mic fixes to resolve some reported
 issues.
 
 All of these have been in linux-next for over a week with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXF03cw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ynULgCeILcTViHw5hJDl719p776CiVjOmMAn2wFXob9
 vk5MXb1j5Uf4liLz2x9K
 =jGjf
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char/misc fixes from Greg KH:
 "Here are some small char and misc driver fixes for 5.0-rc6.

  Nothing huge here, some more binderfs fixups found as people use it,
  and there is a "large" selftest added to validate the binderfs code,
  which makes up the majority of this pull request.

  There's also some small mei and mic fixes to resolve some reported
  issues.

  All of these have been in linux-next for over a week with no reported
  issues"

* tag 'char-misc-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  mic: vop: Fix crash on remove
  mic: vop: Fix use-after-free on remove
  binderfs: remove separate device_initcall()
  fpga: stratix10-soc: fix wrong of_node_put() in init function
  mic: vop: Fix broken virtqueues
  mei: free read cb on ctrl_wr list flush
  samples: mei: use /dev/mei0 instead of /dev/mei
  mei: me: add ice lake point device id.
  binderfs: respect limit on binder control creation
  binder: fix CONFIG_ANDROID_BINDER_DEVICES
  selftests: add binderfs selftests
2019-02-08 10:56:31 -08:00
Linus Torvalds 8c8e62cc98 Driver core fixes for 5.0-rc6
Here are some driver core fixes for 5.0-rc6.
 
 Well, not so much "driver core" as "debugfs".  There's a lot of
 outstanding debugfs cleanup patches coming in through different
 subsystem trees, and in that process the debugfs core was found that it
 really should return errors when something bad happens, to prevent
 random files from showing up in the root of debugfs afterward.  So
 debugfs was fixed up to handle this properly, and then two fixes for
 the relay and blk-mq code was needed as it was making invalid
 assumptions about debugfs return values.
 
 There's also a cacheinfo fix in here that resolves a tiny issue.
 
 All of these have been in linux-next for over a week with no reported
 problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXF069g8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yk0+gCgy9PTVAJR5ZbYtWTJOTdBnd7pfqMAoMuGxc+6
 LLEbfSykLRxEf5SeOJun
 =KP8e
 -----END PGP SIGNATURE-----

Merge tag 'driver-core-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core fixes from Greg KH:
 "Here are some driver core fixes for 5.0-rc6.

  Well, not so much "driver core" as "debugfs". There's a lot of
  outstanding debugfs cleanup patches coming in through different
  subsystem trees, and in that process the debugfs core was found that
  it really should return errors when something bad happens, to prevent
  random files from showing up in the root of debugfs afterward. So
  debugfs was fixed up to handle this properly, and then two fixes for
  the relay and blk-mq code was needed as it was making invalid
  assumptions about debugfs return values.

  There's also a cacheinfo fix in here that resolves a tiny issue.

  All of these have been in linux-next for over a week with no reported
  problems"

* tag 'driver-core-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  blk-mq: protect debugfs_create_files() from failures
  relay: check return of create_buf_file() properly
  debugfs: debugfs_lookup() should return NULL if not found
  debugfs: return error values, not NULL
  debugfs: fix debugfs_rename parameter checking
  cacheinfo: Keep the old value if of_property_read_u32 fails
2019-02-08 10:53:44 -08:00
Linus Torvalds e464f50c05 Staging/IIO driver fixes for 5.0-rc6
Here are some small iio and staging driver fixes for 5.0-rc6.
 
 Nothing big, just resolve some reported IIO driver issues, and one
 staging driver bug.  One staging driver patch was added and then
 reverted as well.
 
 All of these have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXF08/g8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yncDQCdHPommvFLUaEcsStGC8Ijg6kBn8IAoJTxwIvQ
 Qt9HCHiSuniry6xGY+UP
 =lZ/Y
 -----END PGP SIGNATURE-----

Merge tag 'staging-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging/IIO driver fixes from Greg KH:
 "Here are some small iio and staging driver fixes for 5.0-rc6.

  Nothing big, just resolve some reported IIO driver issues, and one
  staging driver bug. One staging driver patch was added and then
  reverted as well.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'staging-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  Revert "staging: erofs: keep corrupted fs from crashing kernel in erofs_namei()"
  staging: erofs: keep corrupted fs from crashing kernel in erofs_namei()
  staging: octeon: fix broken phylib usage
  iio: ti-ads8688: Update buffer allocation for timestamps
  tools: iio: iio_generic_buffer: make num_loops signed
  iio: adc: axp288: Fix TS-pin handling
  iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius
2019-02-08 10:51:59 -08:00
Linus Torvalds e22a15d1c4 TTY/Serial fixes for 5.0-rc6
Here are some small tty and serial fixes for 5.0-rc6.
 
 Nothing huge, just a few small fixes for reported issues.  The speakup
 fix is in here as it is a tty operation issue.
 
 All of these have been in linux-next for a while with no reported
 problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXF09tg8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yniTwCfQ9Owr8XFJRW7QC0BPKDjohqewA8AniK/9YJ/
 l73fnvsXELOX9eE/ixCx
 =0ylh
 -----END PGP SIGNATURE-----

Merge tag 'tty-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull tty/serial fixes from Greg KH:
 "Here are some small tty and serial fixes for 5.0-rc6.

  Nothing huge, just a few small fixes for reported issues. The speakup
  fix is in here as it is a tty operation issue.

  All of these have been in linux-next for a while with no reported
  problems"

* tag 'tty-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  serial: fix race between flush_to_ldisc and tty_open
  staging: speakup: fix tty-operation NULL derefs
  serial: sh-sci: Do not free irqs that have already been freed
  serial: 8250_pci: Make PCI class test non fatal
  tty: serial: 8250_mtk: Fix potential NULL pointer dereference
2019-02-08 10:49:55 -08:00
Linus Torvalds 00a159a000 USB fixes for 5.0-rc6
Here are some small USB fixes for 5.0-rc6.
 
 Nothing huge, the normal amount of USB gadget fixes as well as some USB
 phy fixes.  There's also a typec fix as well.  Full details are in the
 shortlog.
 
 All of these have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXF0/lA8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yl6eQCghkBzTYeI+3EeDmgHuXytebeukL8AoLUA+PqG
 5Xx1AOUpyiYiNU2BgO0H
 =qovg
 -----END PGP SIGNATURE-----

Merge tag 'usb-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Grek KH:
 "Here are some small USB fixes for 5.0-rc6.

  Nothing huge, the normal amount of USB gadget fixes as well as some
  USB phy fixes. There's also a typec fix as well. Full details are in
  the shortlog.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'usb-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: typec: tcpm: Correct the PPS out_volt calculation
  usb: gadget: musb: fix short isoc packets with inventra dma
  usb: phy: am335x: fix race condition in _probe
  usb: dwc3: exynos: Fix error handling of clk_prepare_enable
  usb: phy: fix link errors
  usb: gadget: udc: net2272: Fix bitwise and boolean operations
  usb: dwc3: gadget: Handle 0 xfer length for OUT EP
2019-02-08 10:48:26 -08:00
Linus Torvalds bd5ff862ec Changes since last update:
- Fix cache coherency problem with writeback mappings
 - Fix buffer deadlock when shutting fs down
 - Fix a null pointer dereference when running online repair
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEUzaAxoMeQq6m2jMV+H93GTRKtOsFAlxYbyEACgkQ+H93GTRK
 tOtLNg//VIiU6w1EgiQBgk8XxN3i9YQLBIzfbtgZGtLJWX8zYnGx9H4iVfZ9UDr8
 eKFoPVLvqZo5mutuot+3+ps5H4z6g9BotS048FJjFoarQwtYqnG3tcFkmLDInKW1
 jTPWBV/P7w+ODyPO082SyQ+Zn9pooyXkPoBbgA+vbQoqIsY5IF7VeFasrFMtRu21
 PEm/CpMxK5VMly+5ceOoqtdlWvRPDfczLfzW/iDZ4Qs2itUqFA6TJo5TD7kd4A/f
 yrjV6H5tWtp0uvBCBDq4W225uVUFVWC+wTrrII6qbvuDBNWfBsQ65GczYubAAu9X
 kdJdY3xj/Br1dk6jLTciCjihbjJ49xaxXfLAokNkh1pjHqHyinB5ALXC0dG4o+eo
 d5y5qo10zt3HZ8Kzr8753SzxRBjGbQhok+ytrBSpX8GckhAXmH5S6WZDFDh6PbJj
 5PSwvL7FNbS4M/Myjl+dwk3kWLVrGV2SglOJxCCsqCZPxNzopIrNf1uazLTZV+/2
 d+G7LQPXSvjK/iLfDQH/6sBIREx0nd3H/6mnmWBg/1xMD6z/Hgn8GJvAE8luRtOi
 usXYcjlkSEOSwxbUC4fCo0CrPp8DOHbrEEO4pavTN+GVIYsIen0ghq/x0HfcOCEu
 XguyRTYdQXnLZNo3zCqmnU4/C1W2L5Oce4IDznH8PEIgqAqXXrQ=
 =XsPH
 -----END PGP SIGNATURE-----

Merge tag 'xfs-5.0-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

Pull xfs fixes from Darrick Wong:
 "Here are a handful of XFS fixes to fix a data corruption problem, a
  crasher bug, and a deadlock.

  Summary:

   - Fix cache coherency problem with writeback mappings

   - Fix buffer deadlock when shutting fs down

   - Fix a null pointer dereference when running online repair"

* tag 'xfs-5.0-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: set buffer ops when repair probes for btree type
  xfs: end sync buffer I/O properly on shutdown error
  xfs: eof trim writeback mapping as soon as it is cached
2019-02-08 10:46:14 -08:00
Linus Torvalds adcbc921d3 drm amdgpu, vmwgfx, i915, omap, sun4i fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcXNDUAAoJEAx081l5xIa+YA4P/iQVY9pqFPjvomNHN+WtuIG4
 iSAp/8fXmLnLch/JJoU5uwL/WuudIj/hryad3rJ5VR0nALF3+L8bbruEry7XeiL7
 QrocTD9lVLxijQtwIKZjWe88+gQ5u1aI2NwK/ThfFVkXiwmQ7dDvSnKw2oy1tdAk
 Yq37xWLqDz/KTK1D/IN9GHFo74OblvGseYYY70w2/JczDbP6k8Y8++JmffIhI+Cw
 vu4bXlvEiZSiT42fGGLFmnZAnhXo+j3Ws8PEh3MLUu75jF3pX1Zyi5+7aI//Kan3
 MwmYBHTRpAdWSZaAxYdrvaTc7tRm+1iRT0NkZEtXzKk8YMktWsJb7TxnsvzSrYh6
 jdydjrwRwbLAvJz5WOnAunFJNV9zAFNL6R8dzYoE9/S683Qa/7bDDeJvVax4ifQQ
 ZFByZep4/5oJ4BTwnY1bfiCZztZGr1FfMHg8HWikablkF9G8eODE0AccTFojvcFc
 44cmQzceJN9harxGdzPJjjMRT7DtLlOzl8/6LGo4kGfsIMG5NaREbglQLLyVyXms
 MkI+efdlyIYpZV5W4Jf/RqEkSu2qnVe7UVGer1aW8yq+G0fedAsc8Bx4gL8YaaJQ
 bLa1MI5SszvtD0+KJ6hpK1/L2bnZzXMr3cXUe9noz91KlCnnWlaMDC1keg2RrYpG
 CaczuvcpPdBmOYXwWoMc
 =X7tw
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2019-02-08' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Missed fixes last week as had nothing until amdgpu showed up on
  Saturday. Other stuff has since rolled in along with some more amdgpu
  fixes, so we have two weeks of those, and some i915, vmwgfx, sun4i,
  rockchip and omap fixes.

  amdgpu/radeon:
   - fix crash on passthrough for SI
   - fencing fix for shared buffers
   - APU hwmon fix
   - API powerplay fix
   - eDP freesync fix
   - PASID mgr locking fix
   - KFD warning fix
   - DC/powerplay fix
   - raven revision ids fix
   - vega20 doorbell fix

  i915:
   - SNB display fix
   - SKL srckey mask fix
   - ICL DDI clock selection fix

  vmwgfx:
   - DMA API fix
   - IOMMU detection fix
   - display fixes

  sun4i:
   - tcon clock fix

  rockchip:
   - SPDX identifier fix

  omap:
   - DSI fixes"

* tag 'drm-fixes-2019-02-08' of git://anongit.freedesktop.org/drm/drm: (28 commits)
  drm/omap: dsi: Hack-fix DSI bus flags
  drm/omap: dsi: Fix OF platform depopulate
  drm/omap: dsi: Fix crash in DSI debug dumps
  drm/i915: Try to sanitize bogus DPLL state left over by broken SNB BIOSen
  drm/amd/display: Attach VRR properties for eDP connectors
  drm/amdkfd: Fix if preprocessor statement above kfd_fill_iolink_info_for_cpu
  drm/amdgpu: use spin_lock_irqsave to protect vm_manager.pasid_idr
  drm/i915: always return something on DDI clock selection
  drm/i915: Fix skl srckey mask bits
  drm/vmwgfx: Improve on IOMMU detection
  drm/vmwgfx: Fix setting of dma masks
  drm/vmwgfx: Also check for crtc status while checking for DU active
  drm/vmwgfx: Fix an uninitialized fence handle value
  drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
  drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
  drm/amdgpu: fix the incorrect external id for raven series
  drm/amdgpu: Implement doorbell self-ring for NBIO 7.4
  drm/amd/display: Fix fclk idle state
  drm/amdgpu: Transfer fences to dmabuf importer
  drm/amd/powerplay: Fix missing break in switch
  ...
2019-02-08 10:43:15 -08:00
Lukas Bulwahn 9ab7d228e9 MAINTAINERS: unify reference to xen-devel list
In the linux kernel MAINTAINERS file, largely
  "xen-devel@lists.xenproject.org (moderated for non-subscribers)"
is used to refer to the xen-devel mailing list.

The DRM DRIVERS FOR XEN section entry mentions
xen-devel@lists.xen.org instead, but that is just the same
mailing list as the mailing list above.

Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
2019-02-08 17:18:00 +01:00
Takashi Iwai 00a399cad1 ALSA: pcm: Revert capture stream behavior change in blocking mode
In the commit 62ba568f7a ("ALSA: pcm: Return 0 when size <
start_threshold in capture"), we changed the behavior of
__snd_pcm_lib_xfer() to return immediately with 0 when a capture
stream has a high start_threshold.  This was intended to be a
correction of the behavior consistency and looked harmless, but this
was the culprit of the recent breakage reported by syzkaller, which
was fixed by the commit e190161f96 ("ALSA: pcm: Fix tight loop of
OSS capture stream").

At the time for the OSS fix, I didn't touch the behavior for ALSA
native API, as assuming that this behavior actually is good.  But this
turned out to be also broken actually for a similar deployment,
e.g. one thread goes to a write loop in blocking mode while another
thread controls the start/stop of the stream manually.

Overall, the original commit is harmful, and it brings less merit to
keep that behavior.  Let's revert it.

Fixes: 62ba568f7a ("ALSA: pcm: Return 0 when size < start_threshold in capture")
Fixes: e190161f96 ("ALSA: pcm: Fix tight loop of OSS capture stream")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-02-08 16:54:31 +01:00
Peter Zijlstra 0521e8be21 x86/mm/cpa: Fix set_mce_nospec()
The recent commit fe0937b24f ("x86/mm/cpa: Fold cpa_flush_range() and
cpa_flush_array() into a single cpa_flush() function") accidentally made
the call to make_addr_canonical_again() go away, which breaks
set_mce_nospec().

Re-instate the call to convert the address back into canonical form right
before invoking either CLFLUSH or INVLPG. Rename the function while at it
to be shorter (and less MAGA).

Fixes: fe0937b24f ("x86/mm/cpa: Fold cpa_flush_range() and cpa_flush_array() into a single cpa_flush() function")
Reported-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Tony Luck <tony.luck@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Rik van Riel <riel@surriel.com>
Link: https://lkml.kernel.org/r/20190208120859.GH32511@hirez.programming.kicks-ass.net
2019-02-08 14:31:56 +01:00
Takashi Iwai 0a5cf9e88b ASoC: Fixes for v5.0
A selection of driver specific fixes here, along with a few core fixes:
 
  - A fixup for some MFD devices that were broken by the previous fixes
    for deferred probe.
  - A fix for potential out of bounds array accesses when ordering DAPM
    power/up down sequences.
  - Avoid use after free issue when unloading and reloading drivers using
    topologies.
 -----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCgAxFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAlxddp0THGJyb29uaWVA
 a2VybmVsLm9yZwAKCRAk1otyXVSH0NCKB/9mEJoN8R7d6rIigr/dwNaJXG2EPgjQ
 tc5ckj1pnai/mInWjccQkDDVFo/lgbTJiDi/sYmMDbmkNiGFfwN1SeH6O7MSc2sq
 Nsq3V7ym6QqEANzRnE/yOXRbp/rs0/1hGh8rXNUEOfWkbfn1ns7tMOl1XKzhhB0q
 ndUKGSsM+hMRQS2JoqrSc6g2EUzwSRKrhcJhqSNnHB7hkaUa42MJODxzy7YHMO5B
 LOVg8TYWup2a5FFjQOIODJ/mwCjQUsrgj87AEJ6o+p/cM50fHAGaJYhsGUypQsC3
 dN2AR87mcyROtgo334YzqV/CwF25LAG2Cf9QOfhNbaVZIXz37e71SYJ3
 =muA4
 -----END PGP SIGNATURE-----

Merge tag 'asoc-fix-v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v5.0

A selection of driver specific fixes here, along with a few core fixes:

 - A fixup for some MFD devices that were broken by the previous fixes
   for deferred probe.
 - A fix for potential out of bounds array accesses when ordering DAPM
   power/up down sequences.
 - Avoid use after free issue when unloading and reloading drivers using
   topologies.
2019-02-08 14:07:18 +01:00
Thomas Gleixner 1a1fb985f2 futex: Handle early deadlock return correctly
commit 56222b212e ("futex: Drop hb->lock before enqueueing on the
rtmutex") changed the locking rules in the futex code so that the hash
bucket lock is not longer held while the waiter is enqueued into the
rtmutex wait list. This made the lock and the unlock path symmetric, but
unfortunately the possible early exit from __rt_mutex_proxy_start() due to
a detected deadlock was not updated accordingly. That allows a concurrent
unlocker to observe inconsitent state which triggers the warning in the
unlock path.

futex_lock_pi()                         futex_unlock_pi()
  lock(hb->lock)
  queue(hb_waiter)				lock(hb->lock)
  lock(rtmutex->wait_lock)
  unlock(hb->lock)
                                        // acquired hb->lock
                                        hb_waiter = futex_top_waiter()
                                        lock(rtmutex->wait_lock)
  __rt_mutex_proxy_start()
     ---> fail
          remove(rtmutex_waiter);
     ---> returns -EDEADLOCK
  unlock(rtmutex->wait_lock)
                                        // acquired wait_lock
                                        wake_futex_pi()
                                        rt_mutex_next_owner()
					  --> returns NULL
                                          --> WARN

  lock(hb->lock)
  unqueue(hb_waiter)

The problem is caused by the remove(rtmutex_waiter) in the failure case of
__rt_mutex_proxy_start() as this lets the unlocker observe a waiter in the
hash bucket but no waiter on the rtmutex, i.e. inconsistent state.

The original commit handles this correctly for the other early return cases
(timeout, signal) by delaying the removal of the rtmutex waiter until the
returning task reacquired the hash bucket lock.

Treat the failure case of __rt_mutex_proxy_start() in the same way and let
the existing cleanup code handle the eventual handover of the rtmutex
gracefully. The regular rt_mutex_proxy_start() gains the rtmutex waiter
removal for the failure case, so that the other callsites are still
operating correctly.

Add proper comments to the code so all these details are fully documented.

Thanks to Peter for helping with the analysis and writing the really
valuable code comments.

Fixes: 56222b212e ("futex: Drop hb->lock before enqueueing on the rtmutex")
Reported-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Co-developed-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Cc: Stefan Liebler <stli@linux.ibm.com>
Cc: Sebastian Sewior <bigeasy@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1901292311410.1950@nanos.tec.linutronix.de
2019-02-08 13:00:36 +01:00
Davidlohr Bueso 6f568ebe2a futex: Fix barrier comment
The current comment for the barrier that guarantees that waiter increment
is always before taking the hb spinlock (barrier (A)) needs to be fixed as
it is misplaced.

This is obviously referring to hb_waiters_inc, which is a full barrier.

Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190206185602.949-1-dave@stgolabs.net
2019-02-08 13:00:35 +01:00
Zachary Hays dcf6e2e38a mmc: block: handle complete_work on separate workqueue
The kblockd workqueue is created with the WQ_MEM_RECLAIM flag set.
This generates a rescuer thread for that queue that will trigger when
the CPU is under heavy load and collect the uncompleted work.

In the case of mmc, this creates the possibility of a deadlock when
there are multiple partitions on the device as other blk-mq work is
also run on the same queue. For example:

- worker 0 claims the mmc host to work on partition 1
- worker 1 attempts to claim the host for partition 2 but has to wait
  for worker 0 to finish
- worker 0 schedules complete_work to release the host
- rescuer thread is triggered after time-out and collects the dangling
  work
- rescuer thread attempts to complete the work in order starting with
  claim host
- the task to release host is now blocked by a task to claim it and
  will never be called

The above results in multiple hung tasks that lead to failures to
mount partitions.

Handling complete_work on a separate workqueue avoids this by keeping
the work completion tasks separate from the other blk-mq work. This
allows the host to be released without getting blocked by other tasks
attempting to claim the host.

Signed-off-by: Zachary Hays <zhays@lexmark.com>
Fixes: 81196976ed ("mmc: block: Add blk-mq support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
2019-02-08 12:24:17 +01:00
Matti Kurkela e8b22d0a32 Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
Like Fujitsu CELSIUS H760, the H780 also has a three-button Elantech
touchpad, but the driver needs to be told so to enable the middle touchpad
button.

The elantech_dmi_force_crc_enabled quirk was not necessary with the H780.

Also document the fw_version and caps values detected for both H760 and
H780 models.

Signed-off-by: Matti Kurkela <Matti.Kurkela@iki.fi>
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2019-02-07 23:52:06 -08:00
Gilad Ben-Yossef 1358c13a48 crypto: ccree - fix resume race condition on init
We were enabling autosuspend, which is using data set by the
hash module, prior to the hash module being inited, casuing
a crash on resume as part of the startup sequence if the race
was lost.

This was never a real problem because the PM infra was using low
res timers so we were always winning the race, until commit 8234f6734c
("PM-runtime: Switch autosuspend over to using hrtimers") changed that :-)

Fix this by seperating the PM setup and enablement and doing the
latter only at the end of the init sequence.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: stable@kernel.org # v4.20
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-02-08 15:28:02 +08:00
Arun Parameswaran 39841cc1cb net: dsa: b53: Fix for failure when irq is not defined in dt
Fixes the issues with non BCM58XX chips in the b53 driver
failing, when the irq is not specified in the device tree.

Removed the check for BCM58XX in b53_srab_prepare_irq(),
so the 'port->irq' will be set to '-EXIO' if the irq is not
specified in the device tree.

Fixes: 16994374a6 ("net: dsa: b53: Make SRAB driver manage port interrupts")
Fixes: b2ddc48a81 ("net: dsa: b53: Do not fail when IRQ are not initialized")
Signed-off-by: Arun Parameswaran <arun.parameswaran@broadcom.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-02-07 18:18:37 -08:00
Dave Airlie dada163c5e drm-misc-fixes for v5.0-rc6:
- Fixes to omap/dsi encoder.
 - Clock fix for sun4i.
 - Licensing header fix for rockchip.
 - Fix division by zero in the mode when trying to set a mode on
   i915 with GVT-g enabled.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEuXvWqAysSYEJGuVH/lWMcqZwE8MFAlxb6lcACgkQ/lWMcqZw
 E8OpAQ//VspiZ8iU5GO8beSu6HP92WFUVxHyJ0tZMYLrtcjqTltAM3PljMGJa7s1
 DMv0RWJrZP+Vo1Qr+oGRGsBftOvpJbu0/Nt0OfOiG6Qo1Hb+rJgoKqXSEbBlufXP
 A2DcBR6aio1RhPuSEqsw91LoWh6qXmyQPpy9gNerChNaOMCWLJCmjtiSEI8gkdHq
 EqRvnUWPn3Tlg6lPZKpOOxIlp5UR+BP1yWvipEDkPxtKUhoEvPy/ien9LCkgA8+0
 JFLv9yHOW5NVA4zrodSIFs3qk1yTFEifkce4JObme8YZ01ejT23PHwHOhP7BWdt9
 Yn3ESABcvxW1cUHvFUzP3jFyWrHyDcv/ZA2gAxDQ/utb7pB3mMzW0sdANU+BZ0tc
 SS9wQnl/q35z83L96GyBPNUFAb3QOLN7X8V+pghwmTJ/IOrvn/+qyYINbmQSXPcR
 +Od6qLx0n8kEmZOp6GgVcF/wSTULltPbR6heYYqYRbR+TN82IYMn+00UWWtVF2z+
 mfYpaFMbw9DBbO0A75q8PV15WbvR+dCX4ii5MWxMuv+m4gObwUkr5gV+eHs8Da6Q
 WmH8kiXak22Q1gu6ZdqO+dB2dew0gXqRXsNyeKA6JC0Z8feGpDwZUPt9gqQYHMUF
 fJoO/LPaQsIaZ+nnMFdbZcoHsdGbynxIML4SSpge/GerkA2XAUI=
 =ONtd
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2019-02-07' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

drm-misc-fixes for v5.0-rc6:
- Fixes to omap/dsi encoder.
- Clock fix for sun4i.
- Licensing header fix for rockchip.
- Fix division by zero in the mode when trying to set a mode on
  i915 with GVT-g enabled.

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/84462cef-609f-e2af-084a-f9fe2b05c53e@linux.intel.com
2019-02-08 10:32:49 +10:00
Dave Airlie 151e3d6add drm/i915 fixes for v5.0-rc6:
- SNB DPLL sanitize
 - ICL DDI clock selection
 - SLK srckey mask
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEFWWmW3ewYy4RJOWc05gHnSar7m8FAlxb4ncACgkQ05gHnSar
 7m/8tg/+Kvp8ueti2ZdSfbtoOQML4r1Q8Mg4T8l5L41PHPtVvyvUxPeQd8t0nkum
 G1C++lq+qzoyHpLRB5hO5CciyuuWlzK9EXprYtaCu/4W1QJbECWwPMcU9hitdI5h
 fCAsLwPYTx9eiCsO+1cRIAbhEo/S9U5WJ0+SMPZtALLZItkKaCUAJ9qhyQPlLlYN
 ZdkZjTc416BLMNXxoclorMmg/5IMYgwdcovivifuDaZQ7TJLZDow0vBemIMNtnce
 FZPyeoyjHq04deG2CR1HQYgYCPRI9U0LoGaEYb7lltNJHCCHxWEZ/MmPCxdI9ZgK
 CJfkPPSyhFrEPrRYcOX5ERuADQdNk2BEBdrEpm5gvrGkZrH14QZza5PvEF+CoqQB
 9Xvh5Jeo7aZ8tXW71BgvV1WpHSnravrVwV2JPf51wEY47MBIj7YpGErIrFM1VdB+
 pw40pPk6VwD1qisqrj+dVeAYLkSgLZJgcHp7E0ACu6IWWoeNRKniKuSVn5hcyHNQ
 Ql6AK0Bj6MK+3opotdRCjhguS50rSd14nainEhp+t1qji/GnuYDBUqAJn0xhfhOo
 cpUgCp0oZCUzK4cJb/hLUBtiJCDolFkrRnGXhhsf34raPbjasky7ZBfS6DGrvLHT
 D/tZJY2wXW2EUROHvxuhTIpFebnE2y+GvMnKxhGPZa/+Mzv9WX8=
 =3RSQ
 -----END PGP SIGNATURE-----

Merge tag 'drm-intel-fixes-2019-02-07-1' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

drm/i915 fixes for v5.0-rc6:
- SNB DPLL sanitize
- ICL DDI clock selection
- SLK srckey mask

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/87lg2s6nur.fsf@intel.com
2019-02-08 10:30:57 +10:00
Linus Torvalds 74e96711e3 platform-drivers-x86 for v5.0-2
Correct Documentation/ABI 4.21 KernelVersion to 5.0.
 
 The following is an automated git shortlog grouped by driver:
 
 Documentation/ABI:
  -  Correct mlxreg-io KernelVersion for 5.0
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcXLDcAAoJEKbMaAwKp364z6wH/2sXsncu1ohf79YNXeeBlJKO
 Zy8MCU3uhwY78+x9FLphDRhR5PlvulFflJg1i/eHEWYZ8BTd6gI1CevbAb18XZ2F
 RGeHzGKvV40L+mn6ykGXWmCLAnEfCS1ICBLwpM9o9O22FKjNqPv0etryQE9whJ/J
 mH8tPL4tMU3Y41HxMPl/e/K1tGNsRD3WRQp3AvgS3GimtEQHm4uHqvpaijc/I5UZ
 7STLWIm6e60lwHUGyqg2O4MxWUEZ0D129qw2kG1Bj6EOx0y90htqTeZunwbJxCGt
 GvJG6PnGDfWakzHreyqb8pxNoJqO3dFzpIympZ5+lFRy47APxBxKYx1hLwYl1Rs=
 =DUJg
 -----END PGP SIGNATURE-----

Merge tag 'platform-drivers-x86-v5.0-2' of git://git.infradead.org/linux-platform-drivers-x86

Pull x86 platform driver fixlet from Darren Hart:
 "Correct Documentation/ABI 4.21 KernelVersion to 5.0"

* tag 'platform-drivers-x86-v5.0-2' of git://git.infradead.org/linux-platform-drivers-x86:
  Documentation/ABI: Correct mlxreg-io KernelVersion for 5.0
2019-02-07 15:54:45 -07:00
Linus Torvalds e303a067ce Three security fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJcXHSEAAoJEL/70l94x66DpJUH/Rl3uJGdezeL/BgDkABruIuv
 kJwjWUPjjVtcrz1UPjc8YENDG7g0tLDlFajRXXxMJh+MWMDi/YED27ev4fbGJEnZ
 ApApV0pWNLev+Y5QK4GRn4T9iW4HSuqlDW3gjj9PP0E/93lX8DCALQ+yD1sGsmmE
 yG+0rGOcWqlxD3pPhVESHmi/AGzsD82GDe2in8z/iET8ucxy1lmFlISEYbSxXNa/
 o06C65The6sIn3IrqbP3aKEZ9mrpCe51pJm0YwJJpmg6UWcBiNuU+lbzg6qOthP7
 1fmYy+j/BM+9cFEnFxp8gUW4LWTtlta5cDcDJhTXdaw8XFroac+T1z6ZGQd7838=
 =iKIE
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Three security fixes"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
  KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
  kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
2019-02-07 15:53:26 -07:00
Linus Torvalds ee6c0737a0 Two small nfsd bugfixes for 5.0, for an RDMA bug and a file clone bug.
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcXJY6AAoJECebzXlCjuG+scAP/jm9ETUxC3E9ZcVetSLs7vf1
 AxHVsr3E3qf9uViq/+1NBRJ/BKE1Porzi1Uz01ie5MdY6SHWFMxvIvZrTRuEAhbc
 VA9xeRcnX+7RkPWik3sepSUieVy8KgJDMxdE07HwwyzST14I1s5Ev79wo6XiYlTw
 3+ZdZe19Y4owmTkbDiLsxJVsI2Y8b+9BIhZ9/ICRyFzZclnyLdO15HTDr4q7E9cw
 ZEZMOoljX4cjY8cD7tqf68QECxZYm4a8Ba+L6P+oqKajq/6yUrocXA2UG65EMtIQ
 LtMIdpkC+zHFagRQBC3ymqEWTpX9ED6TA4H4ZSdh6UH8NwYXHsxQUYfI4Oetju/B
 iqWBbXpwg2jMNRDhXS/KdNezYcGjYGJZ03dezeSP/GwojoiKALD0iXxWU2zyq0Qs
 crnhmc2j1wZZl5CFXLCYwjDjHbeH6gWGfLuzAv1Q9/jQUitQ2CpC4t1MCRdOlWBt
 cqjCleF6Rd3oVk51BdYPm5OyCHyQjrrXmOsx8aHkY774p7TqsaHBjSreTBjQWhO8
 wAfnr6yS4/21Hfrji52Nf4Q6UJ1FFEWB0wXJhYAHzem1RsPGSbnEDam6Bpd6Bh0d
 ZxAU4spoVhezQPjF4JCmHfiAJ7rbegfltJa669rE5L1kbUYYE6TAAcOm8RTSWoPZ
 iGxkg/en5XiGsOGH9AyB
 =++rV
 -----END PGP SIGNATURE-----

Merge tag 'nfsd-5.0-1' of git://linux-nfs.org/~bfields/linux

Pull nfsd fixes from Bruce Fields:
 "Two small nfsd bugfixes for 5.0, for an RDMA bug and a file clone bug"

* tag 'nfsd-5.0-1' of git://linux-nfs.org/~bfields/linux:
  svcrdma: Remove max_sge check at connect time
  nfsd: Fix error return values for nfsd4_clone_file_range()
2019-02-07 15:44:45 -07:00
Linus Torvalds 8b5cdbe595 - Fix DM core's missing memory barrier before waitqueue_active() calls.
- Fix DM core's clone_bio() to work when cloning a subset of a bio with
   an integrity payload; bio_integrity_trim() wasn't getting called due
   to bio_trim()'s early return.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJcXGHSAAoJEMUj8QotnQNaZMcIAMxj39Gvh/e2dx5zKuHBPO4+
 e5aMnCGzFwTdV4lfmfIU8pa5CAxAQXWOO5fH5IMzAI2rne5uczHK5a1V5YrL5OuP
 P0j0UNKt58FZlRiXxaMwURoRZeJ2nKe0R+LWw1W5cEGGM45C5okMaWrdmbdHOk9/
 G09yk8SsjXAGhuadCcY+aY7SrLi6KAaz3A9G/EzU8r9QirLkRVyaDmXIZrD8+Kgv
 8gmSlL3LvQbUUU70gPEU7yXp86+/lZi5VQysBSG7aOZcmBsZuNeXOTgt/7DWFJ7S
 Wj81Ib9pOg0PPYweB7PZ53BKRTydlTpzfEKaeG5+gFJgn6NPxR22SeOb1WnZ0Lg=
 =rtij
 -----END PGP SIGNATURE-----

Merge tag 'for-5.0/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:
 "Both of these fixes address issues in changes merged for 5.0-rc4:

   - Fix DM core's missing memory barrier before waitqueue_active()
     calls.

   - Fix DM core's clone_bio() to work when cloning a subset of a bio
     with an integrity payload; bio_integrity_trim() wasn't getting
     called due to bio_trim()'s early return"

* tag 'for-5.0/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm: don't use bio_trim() afterall
  dm: add memory barrier before waitqueue_active
2019-02-07 15:42:43 -07:00
Thomas Gleixner 8087f40736 irqchip update for 5.0-rc6
- Another GICv3 ITS fix for devices sharing the same DevID
 - Don't return invalid data on exhaustion of the GICv3 LPI pool
 - Fix a GICv3 field decoding bug leading to memory over-allocation
 - Init GICv4 at boot time instead of lazy init
 - Fix interrupt masking on PJ4
 -----BEGIN PGP SIGNATURE-----
 
 iQJJBAABCgAzFiEEn9UcU+C1Yxj9lZw9I9DQutE9ekMFAlxaspYVHG1hcmMuenlu
 Z2llckBhcm0uY29tAAoJECPQ0LrRPXpDMS8QAIUNTdbpgtCc/3Lr4n1qHlzGCR1N
 n4FHYgpR1txcPcVyu92jLxEwnlzSw2zjexuqUNaUYVUKe6wzEAXpDba+dDhvLrW5
 JfT1RE7cDMWu34iKAorGg1sqAb3yl67d6Oi88abbNdv3zSa9EVyVBRp3eTWotNzg
 EAtVorirI41CZNirt3ZU0TRMX0wAc5g7HTq0AwBcQSsg0P6ZCyVqZU5w/JNsPzWH
 VIpYue8XlDNQ8SDJHRppHhyrghVHG0tpSHKo9I8cA9+4CK6CMd8OwZhdNsf2ISiL
 vcEOyuOQfIIyTry59F11eiwlMNa4nmsLlmzezOZUeb3NafxsqMmDsbjbOiDMIkzh
 WUt8BlWOSyy2sWlokX3Qu9CLlWxa+QydGokNdUufLYOAVQG+VDUD5lpaposUSNAe
 0thGXenlBO43NqTdldZu2L6E0Wb0M0CTuILOSg6M+6olTR5hsGJiUaV+3WLJHQi3
 gLzbAFu5JRzpJWqOPh/9pF5dQQIZ8Ls/C2oJlYt+CTiYA3je4pzWzEsmP2CBTYUy
 WZEq/mhcze0kFu2b7FnYNhvYkSPool4t5GajwoBYb34N2rnJa7KVYsBDAV0gUJ1t
 MZbTTzWUeWpsm31uZlvKiPSDHqpUPucZ9HtqBH8OKef6IZz4tMK7v9qx1yZ/C2ZL
 dSNbXHBEI7X44Ea2
 =Crvb
 -----END PGP SIGNATURE-----

Merge tag 'irqchip-5.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent

Pull irqchip updates from Marc Zyngier:

- Another GICv3 ITS fix for devices sharing the same DevID
- Don't return invalid data on exhaustion of the GICv3 LPI pool
- Fix a GICv3 field decoding bug leading to memory over-allocation
- Init GICv4 at boot time instead of lazy init
- Fix interrupt masking on PJ4
2019-02-07 21:12:40 +01:00
Jan Kara 0803de7804 blktrace: Show requests without sector
Currently, blktrace will not show requests that don't have any data as
rq->__sector is initialized to -1 which is out of device range and thus
discarded by act_log_check(). This is most notably the case for cache
flush requests sent to the device. Fix the problem by making
blk_rq_trace_sector() return 0 for requests without initialized sector.

Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-02-07 12:57:17 -07:00
Vladimir Kondratiev 05dc6001af
mips: cm: reprime error cause
Accordingly to the documentation
---cut---
The GCR_ERROR_CAUSE.ERR_TYPE field and the GCR_ERROR_MULT.ERR_TYPE
fields can be cleared by either a reset or by writing the current
value of GCR_ERROR_CAUSE.ERR_TYPE to the
GCR_ERROR_CAUSE.ERR_TYPE register.
---cut---
Do exactly this. Original value of cm_error may be safely written back;
it clears error cause and keeps other bits untouched.

Fixes: 3885c2b463 ("MIPS: CM: Add support for reporting CM cache errors")
Signed-off-by: Vladimir Kondratiev <vladimir.kondratiev@linux.intel.com>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org # v4.3+
2019-02-07 11:55:24 -08:00
Yifeng Li 8a96669d77
mips: loongson64: remove unreachable(), fix loongson_poweroff().
On my Yeeloong 8089, I noticed the machine fails to shutdown
properly, and often, the function mach_prepare_reboot() is
unexpectedly executed, thus the machine reboots instead. A
wait loop is needed to ensure the system is in a well-defined
state before going down.

In commit 997e93d4df ("MIPS: Hang more efficiently on
halt/powerdown/restart"), a general superset of the wait loop for all
platforms is already provided, so we don't need to implement our own.

This commit simply removes the unreachable() compiler marco after
mach_prepare_reboot(), thus allowing the execution of machine_hang().
My test shows that the machine is now able to shutdown successfully.

Please note that there are two different bugs preventing the machine
from shutting down, another work-in-progress commit is needed to
fix a lockup in cpufreq / i8259 driver, please read Reference, this
commit does not fix that bug.

Reference: https://lkml.org/lkml/2019/2/5/908
Signed-off-by: Yifeng Li <tomli@tomli.me>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: linux-mips@vger.kernel.org
Cc: Huacai Chen <chenhc@lemote.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
Cc: linux-kernel@vger.kernel.org
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: stable@vger.kernel.org # v4.17+
2019-02-07 11:50:14 -08:00
Manuel Reinhardt 2bc16b9f32 ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
The commit a60945fd08 ("ALSA: usb-audio: move implicit fb quirks to
separate function") introduced an error in the handling of quirks for
implicit feedback endpoints. This commit fixes this.

If a quirk successfully sets up an implicit feedback endpoint, usb-audio
no longer tries to find the implicit fb endpoint itself.

Fixes: a60945fd08 ("ALSA: usb-audio: move implicit fb quirks to separate function")
Signed-off-by: Manuel Reinhardt <manuel.rhdt@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-02-07 20:04:43 +01:00
David S. Miller ec7fd009e8 Merge branch 'ipv6-fixes'
Hangbin Liu says:

====================
fix two kernel panics when disabled IPv6 on boot up

When disabled IPv6 on boot up, since there is no ipv6 route tables, we should
not call rt6_lookup. Fix them by checking if we have inet6_dev pointer on
netdevice.

v2: Fix idev reference leak, declarations and code mixing as Stefano,
    Eric pointed. Since we only want to check if idev exists and not
    reference it, use __in6_dev_get() insteand of in6_dev_get().
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-02-07 10:48:42 -08:00
Hangbin Liu 173656acca sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
If we disabled IPv6 from the kernel command line (ipv6.disable=1), we should
not call ip6_err_gen_icmpv6_unreach(). This:

  ip link add sit1 type sit local 192.0.2.1 remote 192.0.2.2 ttl 1
  ip link set sit1 up
  ip addr add 198.51.100.1/24 dev sit1
  ping 198.51.100.2

if IPv6 is disabled at boot time, will crash the kernel.

v2: there's no need to use in6_dev_get(), use __in6_dev_get() instead,
    as we only need to check that idev exists and we are under
    rcu_read_lock() (from netif_receive_skb_internal()).

Reported-by: Jianlin Shi <jishi@redhat.com>
Fixes: ca15a078bd ("sit: generate icmpv6 error when receiving icmpv4 error")
Cc: Oussama Ghorbel <ghorbel@pivasoftware.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-02-07 10:48:42 -08:00
Hangbin Liu c0a47e44c0 geneve: should not call rt6_lookup() when ipv6 was disabled
When we add a new GENEVE device with IPv6 remote, checking only for
IS_ENABLED(CONFIG_IPV6) is not enough as we may disable IPv6 in the
kernel command line (ipv6.disable=1), and calling rt6_lookup() would
cause a NULL pointer dereference.

v2:
- don't mix declarations and code (reported by Stefano Brivio, Eric Dumazet)
- there's no need to use in6_dev_get() as we only need to check that
  idev exists (reported by David Ahern). This is under RTNL, so we can
  simply use __in6_dev_get() instead (Stefano, Eric).

Reported-by: Jianlin Shi <jishi@redhat.com>
Fixes: c40e89fd35 ("geneve: configure MTU based on a lower device")
Cc: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-02-07 10:48:42 -08:00
Peter Shier ecec76885b KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
Bugzilla: 1671904

There are multiple code paths where an hrtimer may have been started to
emulate an L1 VMX preemption timer that can result in a call to free_nested
without an intervening L2 exit where the hrtimer is normally
cancelled. Unconditionally cancel in free_nested to cover all cases.

Embargoed until Feb 7th 2019.

Signed-off-by: Peter Shier <pshier@google.com>
Reported-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Reported-by: Felix Wilhelm <fwilhelm@google.com>
Cc: stable@kernel.org
Message-Id: <20181011184646.154065-1-pshier@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-07 19:03:01 +01:00
Paolo Bonzini 353c0956a6 KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
Bugzilla: 1671930

Emulation of certain instructions (VMXON, VMCLEAR, VMPTRLD, VMWRITE with
memory operand, INVEPT, INVVPID) can incorrectly inject a page fault
when passed an operand that points to an MMIO address.  The page fault
will use uninitialized kernel stack memory as the CR2 and error code.

The right behavior would be to abort the VM with a KVM_EXIT_INTERNAL_ERROR
exit to userspace; however, it is not an easy fix, so for now just
ensure that the error code and CR2 are zero.

Embargoed until Feb 7th 2019.

Reported-by: Felix Wilhelm <fwilhelm@google.com>
Cc: stable@kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-07 19:02:56 +01:00
Jann Horn cfa3938117 kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
kvm_ioctl_create_device() does the following:

1. creates a device that holds a reference to the VM object (with a borrowed
   reference, the VM's refcount has not been bumped yet)
2. initializes the device
3. transfers the reference to the device to the caller's file descriptor table
4. calls kvm_get_kvm() to turn the borrowed reference to the VM into a real
   reference

The ownership transfer in step 3 must not happen before the reference to the VM
becomes a proper, non-borrowed reference, which only happens in step 4.
After step 3, an attacker can close the file descriptor and drop the borrowed
reference, which can cause the refcount of the kvm object to drop to zero.

This means that we need to grab a reference for the device before
anon_inode_getfd(), otherwise the VM can disappear from under us.

Fixes: 852b6d57dc ("kvm: add device control API")
Cc: stable@kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-07 19:02:38 +01:00
Jurica Vukadin 4cd3016ce9 ALSA: hda - Add quirk for HP EliteBook 840 G5
This enables mute LED support and fixes switching jacks when the laptop
is docked.

Signed-off-by: Jurica Vukadin <jurica.vukadin@rt-rk.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-02-07 18:09:09 +01:00
Russell King 50d6b3cf94 ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug
If we have a kernel configured for periodic timer interrupts, and we
have cpuidle enabled, then we end up with CPU1 losing timer interupts
after a hotplug.

This can manifest itself in RCU stall warnings, or userspace becoming
unresponsive.

The problem is that the kernel initially wants to use the TWD timer
for interrupts, but the TWD loses context when we enter the C3 cpuidle
state.  Nothing reprograms the TWD after idle.

We have solved this in the past by switching to broadcast timer ticks,
and cpuidle44xx switches to that mode at boot time.  However, there is
nothing to switch from periodic mode local timers after a hotplug
operation.

We call tick_broadcast_enter() in omap_enter_idle_coupled(), which one
would expect would take care of the issue, but internally this only
deals with one-shot local timers - tick_broadcast_enable() on the other
hand only deals with periodic local timers.  So, we need to call both.

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
[tony@atomide.com: just standardized the subject line]
Signed-off-by: Tony Lindgren <tony@atomide.com>
2019-02-07 07:48:22 -08:00
Eric W. Biederman 7146db3317 signal: Better detection of synchronous signals
Recently syzkaller was able to create unkillablle processes by
creating a timer that is delivered as a thread local signal on SIGHUP,
and receiving SIGHUP SA_NODEFERER.  Ultimately causing a loop failing
to deliver SIGHUP but always trying.

When the stack overflows delivery of SIGHUP fails and force_sigsegv is
called.  Unfortunately because SIGSEGV is numerically higher than
SIGHUP next_signal tries again to deliver a SIGHUP.

From a quality of implementation standpoint attempting to deliver the
timer SIGHUP signal is wrong.  We should attempt to deliver the
synchronous SIGSEGV signal we just forced.

We can make that happening in a fairly straight forward manner by
instead of just looking at the signal number we also look at the
si_code.  In particular for exceptions (aka synchronous signals) the
si_code is always greater than 0.

That still has the potential to pick up a number of asynchronous
signals as in a few cases the same si_codes that are used
for synchronous signals are also used for asynchronous signals,
and SI_KERNEL is also included in the list of possible si_codes.

Still the heuristic is much better and timer signals are definitely
excluded.  Which is enough to prevent all known ways for someone
sending a process signals fast enough to cause unexpected and
arguably incorrect behavior.

Cc: stable@vger.kernel.org
Fixes: a27341cd5f ("Prioritize synchronous signals over 'normal' signals")
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2019-02-07 09:00:36 -06:00
Eric W. Biederman 35634ffa17 signal: Always notice exiting tasks
Recently syzkaller was able to create unkillablle processes by
creating a timer that is delivered as a thread local signal on SIGHUP,
and receiving SIGHUP SA_NODEFERER.  Ultimately causing a loop
failing to deliver SIGHUP but always trying.

Upon examination it turns out part of the problem is actually most of
the solution.  Since 2.5 signal delivery has found all fatal signals,
marked the signal group for death, and queued SIGKILL in every threads
thread queue relying on signal->group_exit_code to preserve the
information of which was the actual fatal signal.

The conversion of all fatal signals to SIGKILL results in the
synchronous signal heuristic in next_signal kicking in and preferring
SIGHUP to SIGKILL.  Which is especially problematic as all
fatal signals have already been transformed into SIGKILL.

Instead of dequeueing signals and depending upon SIGKILL to
be the first signal dequeued, first test if the signal group
has already been marked for death.  This guarantees that
nothing in the signal queue can prevent a process that needs
to exit from exiting.

Cc: stable@vger.kernel.org
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Ref: ebf5ebe31d2c ("[PATCH] signal-fixes-2.5.59-A4")
History Tree: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2019-02-07 08:59:50 -06:00
Sylwester Nawrocki 860b454c2c
ASoC: samsung: Prevent clk_get_rate() calls in atomic context
This patch moves clk_get_rate() call from trigger() to hw_params()
callback to avoid calling sleeping clk API from atomic context
and prevent deadlock as indicated below.

Before this change clk_get_rate() was being called with same
spinlock held as the one passed to the clk API when registering
clocks exposed by the I2S driver.

[   82.109780] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:908
[   82.117009] in_atomic(): 1, irqs_disabled(): 128, pid: 1554, name: speaker-test
[   82.124235] 3 locks held by speaker-test/1554:
[   82.128653]  #0: cc8c5328 (snd_pcm_link_rwlock){...-}, at: snd_pcm_stream_lock_irq+0x20/0x38
[   82.137058]  #1: ec9eda17 (&(&substream->self_group.lock)->rlock){..-.}, at: snd_pcm_ioctl+0x900/0x1268
[   82.146417]  #2: 6ac279bf (&(&pri_dai->spinlock)->rlock){..-.}, at: i2s_trigger+0x64/0x6d4
[   82.154650] irq event stamp: 8144
[   82.157949] hardirqs last  enabled at (8143): [<c0a0f574>] _raw_read_unlock_irq+0x24/0x5c
[   82.166089] hardirqs last disabled at (8144): [<c0a0f6a8>] _raw_read_lock_irq+0x18/0x58
[   82.174063] softirqs last  enabled at (8004): [<c01024e4>] __do_softirq+0x3a4/0x66c
[   82.181688] softirqs last disabled at (7997): [<c012d730>] irq_exit+0x140/0x168
[   82.188964] Preemption disabled at:
[   82.188967] [<00000000>]   (null)
[   82.195728] CPU: 6 PID: 1554 Comm: speaker-test Not tainted 5.0.0-rc5-00192-ga6e6caca8f03 #191
[   82.204302] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[   82.210376] [<c0111a54>] (unwind_backtrace) from [<c010d8f4>] (show_stack+0x10/0x14)
[   82.218084] [<c010d8f4>] (show_stack) from [<c09ef004>] (dump_stack+0x90/0xc8)
[   82.225278] [<c09ef004>] (dump_stack) from [<c0152980>] (___might_sleep+0x22c/0x2c8)
[   82.232990] [<c0152980>] (___might_sleep) from [<c0a0a2e4>] (__mutex_lock+0x28/0xa3c)
[   82.240788] [<c0a0a2e4>] (__mutex_lock) from [<c0a0ad80>] (mutex_lock_nested+0x1c/0x24)
[   82.248763] [<c0a0ad80>] (mutex_lock_nested) from [<c04923dc>] (clk_prepare_lock+0x78/0xec)
[   82.257079] [<c04923dc>] (clk_prepare_lock) from [<c049538c>] (clk_core_get_rate+0xc/0x5c)
[   82.265309] [<c049538c>] (clk_core_get_rate) from [<c0766b18>] (i2s_trigger+0x490/0x6d4)
[   82.273369] [<c0766b18>] (i2s_trigger) from [<c074fec4>] (soc_pcm_trigger+0x100/0x140)
[   82.281254] [<c074fec4>] (soc_pcm_trigger) from [<c07378a0>] (snd_pcm_do_start+0x2c/0x30)
[   82.289400] [<c07378a0>] (snd_pcm_do_start) from [<c07376cc>] (snd_pcm_action_single+0x38/0x78)
[   82.298065] [<c07376cc>] (snd_pcm_action_single) from [<c073a450>] (snd_pcm_ioctl+0x910/0x1268)
[   82.306734] [<c073a450>] (snd_pcm_ioctl) from [<c0292344>] (do_vfs_ioctl+0x90/0x9ec)
[   82.314443] [<c0292344>] (do_vfs_ioctl) from [<c0292cd4>] (ksys_ioctl+0x34/0x60)
[   82.321808] [<c0292cd4>] (ksys_ioctl) from [<c0101000>] (ret_fast_syscall+0x0/0x28)
[   82.329431] Exception stack(0xeb875fa8 to 0xeb875ff0)
[   82.334459] 5fa0:                   00033c18 b6e31000 00000004 00004142 00033d80 00033d80
[   82.342605] 5fc0: 00033c18 b6e31000 00008000 00000036 00008000 00000000 beea38a8 00008000
[   82.350748] 5fe0: b6e3142c beea384c b6da9a30 b6c9212c
[   82.355789]
[   82.357245] ======================================================
[   82.363397] WARNING: possible circular locking dependency detected
[   82.369551] 5.0.0-rc5-00192-ga6e6caca8f03 #191 Tainted: G        W
[   82.376395] ------------------------------------------------------
[   82.382548] speaker-test/1554 is trying to acquire lock:
[   82.387834] 6d2007f4 (prepare_lock){+.+.}, at: clk_prepare_lock+0x78/0xec
[   82.394593]
[   82.394593] but task is already holding lock:
[   82.400398] 6ac279bf (&(&pri_dai->spinlock)->rlock){..-.}, at: i2s_trigger+0x64/0x6d4
[   82.408197]
[   82.408197] which lock already depends on the new lock.
[   82.416343]
[   82.416343] the existing dependency chain (in reverse order) is:
[   82.423795]
[   82.423795] -> #1 (&(&pri_dai->spinlock)->rlock){..-.}:
[   82.430472]        clk_mux_set_parent+0x34/0xb8
[   82.434975]        clk_core_set_parent_nolock+0x1c4/0x52c
[   82.440347]        clk_set_parent+0x38/0x6c
[   82.444509]        of_clk_set_defaults+0xc8/0x308
[   82.449186]        of_clk_add_provider+0x84/0xd0
[   82.453779]        samsung_i2s_probe+0x408/0x5f8
[   82.458376]        platform_drv_probe+0x48/0x98
[   82.462879]        really_probe+0x224/0x3f4
[   82.467037]        driver_probe_device+0x70/0x1c4
[   82.471716]        bus_for_each_drv+0x44/0x8c
[   82.476049]        __device_attach+0xa0/0x138
[   82.480382]        bus_probe_device+0x88/0x90
[   82.484715]        deferred_probe_work_func+0x6c/0xbc
[   82.489741]        process_one_work+0x200/0x740
[   82.494246]        worker_thread+0x2c/0x4c8
[   82.498408]        kthread+0x128/0x164
[   82.502131]        ret_from_fork+0x14/0x20
[   82.506204]          (null)
[   82.508976]
[   82.508976] -> #0 (prepare_lock){+.+.}:
[   82.514264]        __mutex_lock+0x60/0xa3c
[   82.518336]        mutex_lock_nested+0x1c/0x24
[   82.522756]        clk_prepare_lock+0x78/0xec
[   82.527088]        clk_core_get_rate+0xc/0x5c
[   82.531421]        i2s_trigger+0x490/0x6d4
[   82.535494]        soc_pcm_trigger+0x100/0x140
[   82.539913]        snd_pcm_do_start+0x2c/0x30
[   82.544246]        snd_pcm_action_single+0x38/0x78
[   82.549012]        snd_pcm_ioctl+0x910/0x1268
[   82.553345]        do_vfs_ioctl+0x90/0x9ec
[   82.557417]        ksys_ioctl+0x34/0x60
[   82.561229]        ret_fast_syscall+0x0/0x28
[   82.565477]        0xbeea384c
[   82.568421]
[   82.568421] other info that might help us debug this:
[   82.568421]
[   82.576394]  Possible unsafe locking scenario:
[   82.576394]
[   82.582285]        CPU0                    CPU1
[   82.586792]        ----                    ----
[   82.591297]   lock(&(&pri_dai->spinlock)->rlock);
[   82.595977]                                lock(prepare_lock);
[   82.601782]                                lock(&(&pri_dai->spinlock)->rlock);
[   82.608975]   lock(prepare_lock);
[   82.612268]
[   82.612268]  *** DEADLOCK ***

Fixes: 647d04f8e0 ("ASoC: samsung: i2s: Ensure the RCLK rate is properly determined")
Reported-by: Krzysztof Kozłowski <krzk@kernel.org>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2019-02-07 14:34:53 +00:00
Jiada Wang 76379dfbfd
ASoC: rsnd: ssiu: correct shift bit for ssiu9
Currently "0xf << 36" is used to
clear SSIU-9 internal buffer state, which overflows 32-bit value
according to user reference manual, it is always bit4 ~ bit7
of SSI_SYS_STATUS[1,3,5,7] registers indicate
SSIU-9's buffer state, so "0xf << 4" should be used.

This patch fix incorrect shifting issue in SSIU-9 case

Fixes: commit b7169ddea2 ("ASoC: rsnd: remove RSND_REG_ from rsnd_reg")

Signed-off-by: Jiada Wang <jiada_wang@mentor.com>
Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2019-02-07 12:04:44 +00:00
Linus Torvalds d47e3da175 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
Pull HID fix from Jiri Kosina:
 "A fix for a bug in hid-debug that can lock up the kernel in infinite
  loop (CVE-2019-3819), from Vladis Dronov"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
  HID: debug: fix the ring buffer implementation
2019-02-07 11:51:31 +00:00
James Morse 7d82602909 KVM: arm64: Forbid kprobing of the VHE world-switch code
On systems with VHE the kernel and KVM's world-switch code run at the
same exception level. Code that is only used on a VHE system does not
need to be annotated as __hyp_text as it can reside anywhere in the
kernel text.

__hyp_text was also used to prevent kprobes from patching breakpoint
instructions into this region, as this code runs at a different
exception level. While this is no longer true with VHE, KVM still
switches VBAR_EL1, meaning a kprobe's breakpoint executed in the
world-switch code will cause a hyp-panic.

echo "p:weasel sysreg_save_guest_state_vhe" > /sys/kernel/debug/tracing/kprobe_events
echo 1 > /sys/kernel/debug/tracing/events/kprobes/weasel/enable
lkvm run -k /boot/Image --console serial -p "console=ttyS0 earlycon=uart,mmio,0x3f8"

  # lkvm run -k /boot/Image -m 384 -c 3 --name guest-1474
  Info: Placing fdt at 0x8fe00000 - 0x8fffffff
  Info: virtio-mmio.devices=0x200@0x10000:36

  Info: virtio-mmio.devices=0x200@0x10200:37

  Info: virtio-mmio.devices=0x200@0x10400:38

[  614.178186] Kernel panic - not syncing: HYP panic:
[  614.178186] PS:404003c9 PC:ffff0000100d70e0 ESR:f2000004
[  614.178186] FAR:0000000080080000 HPFAR:0000000000800800 PAR:1d00007edbadc0de
[  614.178186] VCPU:00000000f8de32f1
[  614.178383] CPU: 2 PID: 1482 Comm: kvm-vcpu-0 Not tainted 5.0.0-rc2 #10799
[  614.178446] Call trace:
[  614.178480]  dump_backtrace+0x0/0x148
[  614.178567]  show_stack+0x24/0x30
[  614.178658]  dump_stack+0x90/0xb4
[  614.178710]  panic+0x13c/0x2d8
[  614.178793]  hyp_panic+0xac/0xd8
[  614.178880]  kvm_vcpu_run_vhe+0x9c/0xe0
[  614.178958]  kvm_arch_vcpu_ioctl_run+0x454/0x798
[  614.179038]  kvm_vcpu_ioctl+0x360/0x898
[  614.179087]  do_vfs_ioctl+0xc4/0x858
[  614.179174]  ksys_ioctl+0x84/0xb8
[  614.179261]  __arm64_sys_ioctl+0x28/0x38
[  614.179348]  el0_svc_common+0x94/0x108
[  614.179401]  el0_svc_handler+0x38/0x78
[  614.179487]  el0_svc+0x8/0xc
[  614.179558] SMP: stopping secondary CPUs
[  614.179661] Kernel Offset: disabled
[  614.179695] CPU features: 0x003,2a80aa38
[  614.179758] Memory Limit: none
[  614.179858] ---[ end Kernel panic - not syncing: HYP panic:
[  614.179858] PS:404003c9 PC:ffff0000100d70e0 ESR:f2000004
[  614.179858] FAR:0000000080080000 HPFAR:0000000000800800 PAR:1d00007edbadc0de
[  614.179858] VCPU:00000000f8de32f1 ]---

Annotate the VHE world-switch functions that aren't marked
__hyp_text using NOKPROBE_SYMBOL().

Signed-off-by: James Morse <james.morse@arm.com>
Fixes: 3f5c90b890 ("KVM: arm64: Introduce VHE-specific kvm_vcpu_run")
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2019-02-07 11:44:47 +00:00
Suzuki K Poulose 280cebfd05 KVM: arm64: Relax the restriction on using stage2 PUD huge mapping
We restrict mapping the PUD huge pages in stage2 to only when the
stage2 has 4 level page table, leaving the feature unused with
the default IPA size. But we could use it even with a 3
level page table, i.e, when the PUD level is folded into PGD,
just like the stage1. Relax the condition to allow using the
PUD huge page mappings at stage2 when it is possible.

Cc: Christoffer Dall <christoffer.dall@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2019-02-07 11:44:47 +00:00
Marc Zyngier 309a205688 arm: KVM: Add missing kvm_stage2_has_pmd() helper
Fixup 32bit by providing the now required helper.

Cc: Suzuki Poulose <suzuki.poulose@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2019-02-07 11:44:47 +00:00