Commit Graph

678884 Commits

Author SHA1 Message Date
Mathias Nyman 3134bc9c52 xhci: cleanup finish_td() skip option
finish_td() could be called with a skip option to bypass most of the
function and only call xhci_td_cleanup() at the end.

Remove this skip option and call xhci_td_cleanup() directly instead
when needed

No functional changes

Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-15 22:17:46 +02:00
Mathias Nyman d36374fdfb xhci: cleanup virtual endoint structure, remove stopped_stream
Get rid of stopped_stream member in virtual endpoint structure as
it is only used in one case when cleaning a halted endpoint.

Pass it as function parameter instead.

No functional changes

Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-15 22:17:46 +02:00
Mathias Nyman ade2e3a148 xhci: handle transfer events without TRB pointer
Most transfer events have a TRB pointer indicating which TRB caused
the event.
In the case of streams, transfer events such as
USB Transaction error may have its TRB pointer set to zero.

driver won't know which stream or what TRB on that stream caused
the error, but it can issue a soft reset to recover the transfer.
A soft reset will clear the host side halt of the endpoint without
clearing Data toggle or sequence number, and let the transfer
continue from where it halted.

see xhci section 4.12 streams and 4.6.8.2 soft retry.

USB Transaction errors with a zero TRB pointer are seen with
UAS usb devices.

Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-15 22:17:46 +02:00
Mathias Nyman 5eee4b6b4f xhci: support calling cleanup_halted_endpoint with soft retry
Add soft reset support to cleanup_halted_endpoint().
using soft reset will prevent it from setting a new dequeue pointer to
start the transfer from. Let it continue where it halted.

Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-15 22:17:46 +02:00
Mathias Nyman 217491487c xhci: Add support for endpoint soft reset
xhci supports soft retry recovery when the host halted the host side of an
endopint but the connected USB device is not aware of the halt.

In this case xhci needs to issue a reset endopint command  with a TSP
(Transfer State Preserve) flag set which preserves the Data toggle
and Sequence number of the endpoint.

This feature is needed to handle a few special transfer event types
such as USB Transaction error that don't always point to a causing TRB.

see xhci 4.6.8.1 for more details

Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-15 22:17:46 +02:00
Mathias Nyman b3368382ef xhci: refactor transfer event errors and completion codes
Parse the transfer event first, and remove duplicate debugging
code.

Reorder completion codes according to endpoint state.

No functional changes

We are not handling some transfer events correcly and need to
clean up this before fixing it

Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-15 22:17:46 +02:00
Mathias Nyman c5628a2af8 xhci: remove endpoint ring cache
Anurag Kumar Vulisha reported several issues with xhci endpoint
ring caching.

31 Rings are cached per device before a ring is freed.
These cached rings are not used as default if a new ring is needed.
They are only used if the driver fails to allocate memory for a ring.

The current ring cache is more a reason to why we run out memory than a
help when we actually do so.

Anurag Kumar Vulisha tried to use cached rings as a first option and
found new issues with cached ring initialization.
Cached rings were first zeroed and then manually reinitialized with link
trbs etc, but forgetting to set some important bits like cycle toggle bit.

Remove the ring cache completely as it's a faulty premature optimization
eating memory

Reported-by: Anurag Kumar Vulisha <anuragku@xilinx.com>
Tested-by: Anurag Kumar Vulisha <anuragku@xilinx.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-15 22:17:46 +02:00
Mathias Nyman d590c23111 usb: Avoid unnecessary LPM enabling and disabling during suspend and resume
The original motivation for disabling/enabling Link PM at device
suspend/resume was to force link state to go via U0 before suspend sets
the link state to U3. Going directly from U2 to U3 is not allowed.

Disabling LPM will forced the link state to U0, but will send a lot of
Set port feature requests for evert suspend and resume.

This is not needed as Hub hardware will take care of going via U0
when a U2 -> U3 transition is requested [1]

[1] USB 3.1 specification section 10.16.2.10 Set Port Feature:

"If the value is 3, then host software wants to selectively suspend the
device connected to this port. The hub shall transition the link to U3
from any of the other U states using allowed link state transitions.
If the port is not already in the U0 state, then it shall transition the
port to the U0 state and then initiate the transition to U3.
While this state is active, the hub does not propagate downstream-directed
traffic to this port, but the hub will respond to resume signaling from the
port"

Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-15 22:17:46 +02:00
Johan Hovold ce046e5d9b thermal: max77620: fix pinmux conflict on reprobe
Use the new helper for reusing a device-tree node of another device
instead of managing the node references explicitly.

This also makes sure that the new of_node_reuse flag is set if the
device is ever reprobed, something which specifically now avoids driver
core from attempting to claim any pinmux resources already claimed by
the parent device.

Fixes: ec4664b3fd ("thermal: max77620: Add thermal driver for reporting junction temp")
Cc: Laxman Dewangan <ldewangan@nvidia.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 11:07:32 +02:00
Johan Hovold c592fafbdb thermal: max77620: fix device-node reference imbalance
The thermal child device reuses the parent MFD-device device-tree node
when registering a thermal zone, but did not take a reference to the
node.

This leads to a reference imbalance, and potential use-after-free, when
the node reference is dropped by the platform-bus device destructor
(once for the child and later again for the parent).

Fix this by dropping any reference already held to a device-tree node
and getting a reference to the parent's node which will be balanced on
reprobe or on platform-device release, whichever comes first.

Note that simply clearing the of_node pointer on probe errors and on
driver unbind would not allow the use of device-managed resources as
specifically thermal_zone_of_sensor_unregister() claims that a valid
device-tree node pointer is needed during deregistration (even if it
currently does not seem to use it).

Fixes: ec4664b3fd ("thermal: max77620: Add thermal driver for reporting junction temp")
Cc: stable <stable@vger.kernel.org>     # 4.9
Cc: Laxman Dewangan <ldewangan@nvidia.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 11:07:32 +02:00
Johan Hovold 2bf6986712 USB: of: fix root-hub device-tree node handling
In an attempt to work around a pinmux over-allocation issue in driver
core, commit dc5878abf4 ("usb: core: move root hub's device node
assignment after it is added to bus") moved the device-tree node
assignment until after the root hub had been registered.

This not only makes the device-tree node unavailable to the usb driver
during probe, but also prevents the of_node from being linked to in
sysfs and causes a race with user-space for the (recently added) devspec
attribute.

Use the new device_set_of_node_from_dev() helper to reuse the node of
the sysdev device, something which now prevents driver core from trying
to reclaim any pinctrl pins during probe.

Fixes: dc5878abf4 ("usb: core: move root hub's device node assignment after it is added to bus")
Fixes: 51fa91475e ("usb/core: Added devspec sysfs entry for devices behind the usb hub")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 11:07:32 +02:00
Johan Hovold ed032c1bed driver core: fix automatic pinctrl management
Commit ab78029ecc ("drivers/pinctrl: grab default handles from device
core") added automatic pin-control management to driver core by looking
up and setting any default pinctrl state found in device tree while a
device is being probed.

This obviously runs into problems as soon as device-tree nodes are
reused for child devices which are later also probed as pins would
already have been claimed by the ancestor device.

For example if a USB host controller claims a pin, its root hub would
consequently fail to probe when its device-tree node is set to the node
of the controller:

    pinctrl-single 48002030.pinmux: pin PIN204 already requested by 48064800.ehci; cannot claim for usb1
    pinctrl-single 48002030.pinmux: pin-204 (usb1) status -22
    pinctrl-single 48002030.pinmux: could not request pin 204 (PIN204) from group usb_dbg_pins  on device pinctrl-single
    usb usb1: Error applying setting, reverse things back
    usb: probe of usb1 failed with error -22

Fix this by checking the new of_node_reused flag and skipping automatic
pinctrl configuration during probe if set.

Note that the flag is checked in driver core rather than in pinctrl
(e.g. in pinctrl_dt_to_map()) which would specifically have prevented
intentional use of a parent's pinctrl properties by a child device
(should such a need ever arise).

Fixes: ab78029ecc ("drivers/pinctrl: grab default handles from device core")
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 11:07:32 +02:00
Johan Hovold 4e75e1d7da driver core: add helper to reuse a device-tree node
Add a helper function to be used when reusing the device-tree node of
another device.

It is fairly common for drivers to reuse the device-tree node of a
parent (or other ancestor) device when creating class or bus devices
(e.g. gpio chips, i2c adapters, iio chips, spi masters, serdev, phys,
usb root hubs). But reusing a device-tree node may cause problems if the
new device is later probed as for example driver core would currently
attempt to reinitialise an already active associated pinmux
configuration.

Other potential issues include the platform-bus code unconditionally
dropping the device-tree node reference in its device destructor,
reinitialisation of other bus-managed resources such as clocks, and the
recently added DMA-setup in driver core.

Note that for most examples above this is currently not an issue as the
devices are never probed, but this is a problem for the USB bus which
has recently gained device-tree support. This was discovered and
worked-around in a rather ad-hoc fashion by commit dc5878abf4 ("usb:
core: move root hub's device node assignment after it is added to bus")
by not setting the of_node pointer until after the root-hub device has
been registered.

Instead we can allow devices to reuse a device-tree node by setting a
flag in their struct device that can be used by core, bus and driver
code to avoid resources from being over-allocated.

Note that the helper also grabs an extra reference to the device node,
which specifically balances the unconditional put in the platform-device
destructor.

Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 11:07:32 +02:00
Johan Hovold 60a93cffcf USB: of: document reference taken by child-lookup helper
Document that the child-node lookup helper takes a reference to the
device-tree node which needs to be dropped after use.

Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 11:07:32 +02:00
Johan Hovold e271b2c909 USB: core: fix device node leak
Make sure to release any OF device-node reference taken when creating
the USB device.

Note that we currently do not hold a reference to the root hub
device-tree node (i.e. the parent controller node).

Fixes: 69bec72598 ("USB: core: let USB device know device node")
Cc: stable <stable@vger.kernel.org>	# v4.6
Acked-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 11:07:32 +02:00
Andy Shevchenko 0bd08fc8db usb: misc: usbsevseg: Use sysfs_match_string() helper
Use sysfs_match_string() helper instead of open coded variant.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:54:40 +02:00
Lu Baolu d3be974a9c usb/early: Remove trace_printk() callers in xhci-dbc
Trace_printk() was used to log debug messages in xhci-dbc.c where
printk() isn't feasible. As there should not be a single caller to
trace_printk() in normal kernels, replace them with empty functions.

Cc: Vlastimil Babka <vbabka.lkml@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:54:40 +02:00
Arvind Yadav 0f4c3f9021 usb: mtu3: Handle return value of clk_prepare_enable
clk_prepare_enable() can fail here and we must check its return value.

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:54:40 +02:00
Yuyang Du b891245bff usbip: vhci-hcd: Clean up the code by adding a new macro
Each vhci has 2*VHCI_HC_PORTS ports, in which VHCI_HC_PORTS
ports are HighSpeed (or below), and VHCI_HC_PORTS are SuperSpeed.
This new macro VHCI_PORTS reflects this configuration.

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du a5c7f019c7 usbip: vhci-hcd: Add USB3 port status bits
As USB3 has (slightly) different bit meanings in the port
status. Add a new status bit array for USB3.

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du df9032c13d usbip: Add USB_SPEED_SUPER as valid arg
With this patch, USB_SPEED_SUPER is a valid speed when attaching
a USB3 SuperSpeed device.

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du 1c9de5bf42 usbip: vhci-hcd: Add USB3 SuperSpeed support
This patch adds a USB3 HCD to an existing USB2 HCD and provides
the support of SuperSpeed, in case the device can only be enumerated
with SuperSpeed.

The bulk of the added code in usb3_bos_desc and hub_control to support
SuperSpeed is borrowed from the commit 1cd8fd2887 ("usb: gadget:
dummy_hcd: add SuperSpeed support").

With this patch, each vhci will have VHCI_HC_PORTS HighSpeed ports
and VHCI_HC_PORTS SuperSpeed ports.

Suggested-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du 03cd00d538 usbip: vhci-hcd: Set the vhci structure up to work
This patch enables the new vhci structure. Its lock protects
both the USB2 hub and the shared USB3 hub.

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du dff3565b8e usbip: vhci-hcd: Rework vhci_hcd_init
A vhci struct is added as the platform-specific data to the vhci
platform device, in order to get the vhci by its platform device.
This is done in vhci_hcd_init().

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du 89a73d281f usbip: vhci-hcd: Move VHCI platform device into vhci struct
Every VHCI is a platform device, so move the platform_device struct
into the VHCI struct.

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du 559e9c00b3 usbip: vhci-hcd: Add vhci struct
In order to support SuperSpeed devices, a USB3 HCD is added to
share the USB2 HCD. As a result, a VHCI is composed of two
vhci_hcds associated with the two HCDs respectively. So we add
another level of abstraction, vhci, and thus this vhci structure.

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:09 +02:00
Yuyang Du 5ec0edc965 usbip: vhci-hcd: Rename function names to reflect their struct names
These helper function names are renamed to have their full struct
names to avoid confusion:

 - hcd_to_vhci() -> hcd_to_vhci_hcd()
 - vhci_to_hcd() -> vhci_hcd_to_hcd()
 - vdev_to_vhci() -> vdev_to_vhci_hcd()

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:09 +02:00
Arvind Yadav 264ffb194a usb: host: ehci-exynos: Handle return value of clk_prepare_enable
clk_prepare_enable() can fail here and we must check its return value.

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:48:24 +02:00
Benjamin Herrenschmidt 7cf916bd63 usb: Fix typo in the definition of Endpoint[out]Request
The current definition is wrong. This breaks my upcoming
Aspeed virtual hub driver.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:48:24 +02:00
Yuyang Du e55dea8ede usb: usbip tool: Fix parse_status()
In parse_status(), all nports number of idev's are initiated to
0 by memset(), it is simply wrong, because parse_status() reads
the status sys file one by one, therefore, it can only update the
according vhci_driver->idev's for it to parse.

Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:48:24 +02:00
Yuyang Du fd92b7deb9 usb: usbip tool: Fix refresh_imported_device_list()
The commit 0775a9cbc6 ("usbip: vhci extension: modifications
to vhci driver") introduced multiple controllers, but the status
of the ports are only extracted from the first status file, fix it.

Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:48:24 +02:00
Yuyang Du aa3ecb9154 usb: usbip tool: Add ncontrollers in vhci_driver structure
A new field ncontrollers is added to the vhci_driver structure.
And this field is stored by scanning the vhci_hcd* dirs in the
platform udev.

Suggested-and-reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:48:24 +02:00
Yuyang Du c3509715fc usb: usbip tool: Check the return of get_nports()
If we get nonpositive number of ports, there is no sense to
continue, then fail gracefully.

In addition, the commit 0775a9cbc6 ("usbip: vhci extension:
modifications to vhci driver") introduced configurable numbers of
controllers and ports, but we have a static port number maximum,
MAXNPORT. If exceeded, the idev array will be overflown. We fix
it by validating the nports to make sure the port number max is
not exceeded.

Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:48:24 +02:00
Michael Grzeschik b3b51417d0 usb: usbip: set buffer pointers to NULL after free
The usbip stack dynamically allocates the transfer_buffer and
setup_packet of each urb that got generated by the tcp to usb stub code.
As these pointers are always used only once we will set them to NULL
after use. This is done likewise to the free_urb code in vudc_dev.c.
This patch fixes double kfree situations where the usbip remote side
added the URB_FREE_BUFFER.

Cc: stable@vger.kernel.org
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:48:24 +02:00
Alan Stern c01b244ad8 USB: add usbfs ioctl to retrieve the connection speed
The usbfs interface does not provide any way for the user to learn the
speed at which a device is connected.  The current API includes a
USBDEVFS_CONNECTINFO ioctl, but all it provides is the device's
address and a one-bit value indicating whether the connection is low
speed.  That may have sufficed in the era of USB-1.1, but it isn't
good enough today.

This patch introduces a new ioctl, USBDEVFS_GET_SPEED, which returns a
numeric value indicating the speed of the connection: unknown, low,
full, high, wireless, super, or super-plus.

Similar information (not exactly the same) is available through sysfs,
but it seems reasonable to provide the actual value in usbfs.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Reinhard Huck <reinhard.huck@thesycon.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:48:24 +02:00
Greg Kroah-Hartman 81606aea23 Merge 4.12-rc5 into usb-next
We want the USB fixes in here as well.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-12 08:43:53 +02:00
Linus Torvalds 32c1431eea Linux 4.12-rc5 2017-06-11 16:48:20 -07:00
Linus Torvalds 32627645e9 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull key subsystem fixes from James Morris:
 "Here are a bunch of fixes for Linux keyrings, including:

   - Fix up the refcount handling now that key structs use the
     refcount_t type and the refcount_t ops don't allow a 0->1
     transition.

   - Fix a potential NULL deref after error in x509_cert_parse().

   - Don't put data for the crypto algorithms to use on the stack.

   - Fix the handling of a null payload being passed to add_key().

   - Fix incorrect cleanup an uninitialised key_preparsed_payload in
     key_update().

   - Explicit sanitisation of potentially secure data before freeing.

   - Fixes for the Diffie-Helman code"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (23 commits)
  KEYS: fix refcount_inc() on zero
  KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP API
  crypto : asymmetric_keys : verify_pefile:zero memory content before freeing
  KEYS: DH: add __user annotations to keyctl_kdf_params
  KEYS: DH: ensure the KDF counter is properly aligned
  KEYS: DH: don't feed uninitialized "otherinfo" into KDF
  KEYS: DH: forbid using digest_null as the KDF hash
  KEYS: sanitize key structs before freeing
  KEYS: trusted: sanitize all key material
  KEYS: encrypted: sanitize all key material
  KEYS: user_defined: sanitize key payloads
  KEYS: sanitize add_key() and keyctl() key payloads
  KEYS: fix freeing uninitialized memory in key_update()
  KEYS: fix dereferencing NULL payload with nonzero length
  KEYS: encrypted: use constant-time HMAC comparison
  KEYS: encrypted: fix race causing incorrect HMAC calculations
  KEYS: encrypted: fix buffer overread in valid_master_desc()
  KEYS: encrypted: avoid encrypting/decrypting stack buffers
  KEYS: put keyring if install_session_keyring_to_cred() fails
  KEYS: Delete an error message for a failed memory allocation in get_derived_key()
  ...
2017-06-11 16:17:29 -07:00
Linus Torvalds 6d53cefb18 compiler, clang: properly override 'inline' for clang
Commit abb2ea7dfd ("compiler, clang: suppress warning for unused
static inline functions") just caused more warnings due to re-defining
the 'inline' macro.

So undef it before re-defining it, and also add the 'notrace' attribute
like the gcc version that this is overriding does.

Maybe this makes clang happier.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-06-11 15:51:56 -07:00
Linus Torvalds 5ad9345d23 Improve performance by using a lockless update mechanism suggested by
Linus, and make sure we refresh per-CPU entropy returned get_random_*
 as soon as the CRNG is initialized.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAlk9i5UACgkQ8vlZVpUN
 gaO2HQf9H2QKe6B52l5YzXedKbspCaAwELmnpyOGY4pI5mvcf9y9MJMAHPD8yHcv
 Oc/TWV/KWxdhXh24e9djFKAPdJxqrhdN+m42lFJrFI3djrS9QbiMUR0Fg3O63mPa
 w7/GLrwYWVjKfzEIzh37xcpKg1QYi328ePbRqtt33qrUgj9TOEwywjaHpB57HaGP
 Jbskx+3GN/yvDFZBYeaYxSyCCAOt4qtjzOlRyyX7wyp3nPXfg88gZKUfTpmmElm/
 znbP1+VSWVOiPtOKXG+2T9OwRjO3zQg3rV+G5FZALAADeUdBlLiTC0xOefTDugZJ
 mNxNNxVCr8eNVONvCdKy4RXbvsr75A==
 =+3lu
 -----END PGP SIGNATURE-----

Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random

Pull randomness fixes from Ted Ts'o:
 "Improve performance by using a lockless update mechanism suggested by
  Linus, and make sure we refresh per-CPU entropy returned get_random_*
  as soon as the CRNG is initialized"

* tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
  random: invalidate batched entropy after crng init
  random: use lockless method of accessing and updating f->reg_idx
2017-06-11 12:02:01 -07:00
Linus Torvalds 5e38b72ac1 Fix various bug fixes in ext4 caused by races and memory allocation
failures.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAlk9it4ACgkQ8vlZVpUN
 gaNE2wgAiuo9pHO5cUzRhP5HG8Jz4vE2l6mpuPq2JbhT+xGFbvjX+UhA+DN6Cw35
 EK+MnBC6h2wFoQrEOLbavNWc94nb6HZWw2riheK4sst80hBpeclwInCVCw1DLmu6
 +Nx8fzXVqjSf57Qi8CR09AGovSFBgfAJFi8aJTe8KXaSRPx48bWFxK6glgIG5gRw
 VEOyEg5kPRYoUNA8ewsunC67V32ljYF2IZSzTTlrcqaLsXi+SWeiJ2hceYfgI0qz
 fZB1EFBvmGBsdsFM2SHiJpME6fzMEQqx7oTyNC8DhCxMRVd29WjxeqCwcU4nV0Q5
 jJaCKJftJ/q/eLKn7ksezhoL0A96BA==
 =Z9eH
 -----END PGP SIGNATURE-----

Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 fixes from Ted Ts'o:
 "Fix various bug fixes in ext4 caused by races and memory allocation
  failures"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: fix fdatasync(2) after extent manipulation operations
  ext4: fix data corruption for mmap writes
  ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO
  ext4: fix quota charging for shared xattr blocks
  ext4: remove redundant check for encrypted file on dio write path
  ext4: remove unused d_name argument from ext4_search_dir() et al.
  ext4: fix off-by-one error when writing back pages before dio read
  ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
  ext4: keep existing extra fields when inode expands
  ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
  ext4: fix off-by-in in loop termination in ext4_find_unwritten_pgoff()
  ext4: fix SEEK_HOLE
  jbd2: preserve original nofs flag during journal restart
  ext4: clear lockdep subtype for quota files on quota off
2017-06-11 11:57:47 -07:00
Linus Torvalds f986e31bb4 A few overdue GPIO patches for the v4.12 kernel:
- Fix debounce logic on the Aspeed platform.
 
 - Fix the "virtual gpio" things on the Intel Crystal Cove.
 
 - Fix the blink counter selection on the MVEBU platform.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJZPV5LAAoJEEEQszewGV1zGp4P/3j51eWRAa0WFJkfYvVRyaEK
 7ONoZIapHMOGG4NUX8dSYkhl1FdbAj+b2rcI3EXFU4ViYGAxwbiyKoHFLNT7iFmy
 dg1slDeQdmjtC7TAL8+SWm9txzWtXvH5VTEjumXyRDy1Flbu8ax62HbuIjGrrPAz
 urcn+ieh6oB7a1TCnKVQ/a9B5vo5bVFgyLq9Q3lfwdPxfQT3jr8tK10/H/83TAkQ
 UqCKWDSEv2UCHsfZQ+4X1P8H1UPFBs6kZHU4IKslmpfew8uPT9WTBth0BmlbgnDJ
 8pIPBR6/n0LoP9Mu44wDldmYs6oew7kDhJmEuY3xcfcoL/A52E9YiIE8h8iDf6dv
 dT/wZmAa+R+enzPFCYPW9Rh4IJ/nBWwgk3yJIoV3Qb/6lL3A3NqPp08ogk9SJtBs
 +bL3QMUsPbCqfl8lsn8IW81KSBVsZlh0PNSzqrsjNIffVlrF02WA4SMrmcNj0A//
 ZqtvFI6DDPBlfUtNv3JuPgdygVjlpukcMaRQkTzqRPEGavMmBuK/5dBMIgZ2S4/3
 eOMc76qUhlKqGoTQB5ZMinbZKS2fJRF/QzFGR8Jjnccq4B89J7AymxoNVu6lf+q/
 ysOLmzq4ZWxq5ZTzr17oCRSA2OM9LbOssJtCvu4xcWr7Tl81lBfmvQ6pbue4fven
 shOl8CINr8XsgI9aE/RU
 =m9bD
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v4.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO fixes from Linus Walleij:
 "A few overdue GPIO patches for the v4.12 kernel.

   - Fix debounce logic on the Aspeed platform.

   - Fix the "virtual gpio" things on the Intel Crystal Cove.

   - Fix the blink counter selection on the MVEBU platform"

* tag 'gpio-v4.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: mvebu: fix gpio bank registration when pwm is used
  gpio: mvebu: fix blink counter register selection
  MAINTAINERS: remove self from GPIO maintainers
  gpio: crystalcove: Do not write regular gpio registers for virtual GPIOs
  gpio: aspeed: Don't attempt to debounce if disabled
2017-06-11 11:34:27 -07:00
Linus Torvalds 9cd9cb0ba3 Char/Misc driver fixes for 4.12-rc5
Here are some small driver fixes for 4.12-rc5.  Nothing major here, just
 some small bugfixes found by people testing, and a MAINTAINERS file
 update for the genwqe driver.
 
 All have been in linux-next with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWTzvyw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yk77gCfW0NKwl0QGf2ZMVKaKRJLl7v/paoAn3F9WkiX
 ANLK4wPW8/yQ9O5kmjZA
 =pGR7
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char/misc driver fixes from Greg KH:
 "Here are some small driver fixes for 4.12-rc5. Nothing major here,
  just some small bugfixes found by people testing, and a MAINTAINERS
  file update for the genwqe driver.

  All have been in linux-next with no reported issues"

[ The cxl driver fix came in through the powerpc tree earlier ]

* tag 'char-misc-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  cxl: Avoid double free_irq() for psl,slice interrupts
  mei: make sysfs modalias format similar as uevent modalias
  drivers: char: mem: Fix wraparound check to allow mappings up to the end
  MAINTAINERS: Change maintainer of genwqe driver
  goldfish_pipe: use GFP_ATOMIC under spin lock
  firmware: vpd: do not leak kobjects
  firmware: vpd: avoid potential use-after-free when destroying section
  firmware: vpd: do not leave freed section attributes to the list
2017-06-11 11:29:15 -07:00
Linus Torvalds 21c9eb7ca3 Staging/IIO fixes for 4.12-rc5
These are mostly all IIO driver fixes, resolving a number of tiny
 issues.  There's also a ccree and lustre fix in here as well, both
 fix problems found in those codebases.
 
 All have been in linux-next with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWTz0Fg8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yneTgCgvf05mecm4Hw98dGUXyaRUe0K578An1Ten4bh
 sKVoFoxRlzQVF0KHUkQy
 =pJOF
 -----END PGP SIGNATURE-----

Merge tag 'staging-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging/IIO fixes from Greg KH:
 "These are mostly all IIO driver fixes, resolving a number of tiny
  issues. There's also a ccree and lustre fix in here as well, both fix
  problems found in those codebases.

  All have been in linux-next with no reported issues"

* tag 'staging-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: ccree: fix buffer copy
  staging/lustre/lov: remove set_fs() call from lov_getstripe()
  staging: ccree: add CRYPTO dependency
  iio: adc: sun4i-gpadc-iio: fix parent device being used in devm function
  iio: light: ltr501 Fix interchanged als/ps register field
  iio: adc: bcm_iproc_adc: swap primary and secondary isr handler's
  iio: trigger: fix NULL pointer dereference in iio_trigger_write_current()
  iio: adc: max9611: Fix attribute measure unit
  iio: adc: ti_am335x_adc: allocating too much in probe
  iio: adc: sun4i-gpadc-iio: Fix module autoload when OF devices are registered
  iio: adc: sun4i-gpadc-iio: Fix module autoload when PLATFORM devices are registered
  iio: proximity: as3935: fix iio_trigger_poll issue
  iio: proximity: as3935: fix AS3935_INT mask
  iio: adc: Max9611: checking for ERR_PTR instead of NULL in probe
  iio: proximity: as3935: recalibrate RCO after resume
2017-06-11 11:25:51 -07:00
Linus Torvalds 246baac2fd USB fixes for 4.12-rc5
Here are some small USB fixes for 4.12-rc5
 
 They are for some reported issues in the chipidea and gadget drivers.
 Nothing major.  All have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWTzztQ8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymdXACgjqMbdAmv2tS2Ng1dRMtqsi/TXqsAn18ZBKpK
 jKwoGlzOCVWYfIFx5nNp
 =A7ix
 -----END PGP SIGNATURE-----

Merge tag 'usb-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are some small USB fixes for 4.12-rc5

  They are for some reported issues in the chipidea and gadget drivers.
  Nothing major. All have been in linux-next for a while with no
  reported issues"

* tag 'usb-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: gadget: udc: renesas_usb3: Fix PN_INT_ENA disabling timing
  usb: gadget: udc: renesas_usb3: lock for PN_ registers access
  usb: gadget: udc: renesas_usb3: fix deadlock by spinlock
  usb: gadget: udc: renesas_usb3: fix pm_runtime functions calling
  usb: gadget: f_mass_storage: Serialize wake and sleep execution
  usb: dwc2: add support for the DWC2 controller on Meson8 SoCs
  phy: qualcomm: phy-qcom-qmp: fix application of sizeof to pointer
  usb: musb: dsps: keep VBUS on for host-only mode
  usb: chipidea: core: check before accessing ci_role in ci_role_show
  usb: chipidea: debug: check before accessing ci_role
  phy: qcom-qmp: fix return value check in qcom_qmp_phy_create()
  usb: chipidea: udc: fix NULL pointer dereference if udc_start failed
  usb: chipidea: imx: Do not access CLKONOFF on i.MX51
2017-06-11 11:23:10 -07:00
Linus Torvalds ef918d3c80 SCSI fixes on 20170610
This is a set of user visible fixes (excepting one format string
 change).  Four of the qla2xxx fixes only affect the firmware dump
 path, but it's still important to the enterprise.  The rest are
 various NULL pointer crash conditions or outright driver hangs.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJZPGMCAAoJEAVr7HOZEZN4jekQAJN1x7WIB4HuI3EoHSSMej8h
 bdssAbqQn/H++nIJ/e6ZRHKt0P6ngSzXuIb4lwbOJUQa7sxEWaWDeXywPEqjDYqP
 BBjloYOrAff492uYXL48xjG4Xl4qOxb8GfKT7iFptIzAdk/2Rxhj56XqlhY7IMSG
 ut4binbz+3v0NEKnI6od+uxvXAc6EumyF0zW9a4rbjK/wAukciRIGWkOrsQpa8cJ
 VdgUsMdbpjTlYbMnPfHa+oUqKkWir3PI9rQ01AvMUugrqAXiAPLgoHFB6H8eVVn7
 vzVnJd31RoUrv6JNnWcRsi0VWsciPw5XBpd6VRVjZUdOlUds3vW7n1G2ut5TfAAp
 sYkFSuhxcWgp3QJpqDbS/l976dXyfdzhQpahgYLbRAuhoi8HDmcpwzTdWC9a41tw
 k2sqAbgZd60ZHu8OSrD2HqJrkMqSXzklMkZMS33nfE1Ki7c+aWHImby4P+lEKIIw
 nJCiVc3yO+TcWvdH5w+6Fu/nA0HJ9OcFEk1P+4Xz38n5o/WcduoXG6NgpVT+mKXO
 zQZDEYbWQYixDEs1m8fJpTHu5p2tXYzdMS9L/Fa0B2MQ3kY9XIT41rHqnJPBOp2R
 wKXksIyzQagW6r0bQ2lFkth0elLHGxDlwfCDgrN6zQFrdBcpRfT+GdTDpDWiWggt
 qgIbBvEO4sd12V5miQsK
 =jZXV
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "This is a set of user visible fixes (excepting one format string
  change).

  Four of the qla2xxx fixes only affect the firmware dump path, but it's
  still important to the enterprise. The rest are various NULL pointer
  crash conditions or outright driver hangs"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: cxgb4i: libcxgbi: in error case RST tcp conn
  scsi: scsi_debug: Avoid PI being disabled when TPGS is enabled
  scsi: qla2xxx: Fix extraneous ref on sp's after adapter break
  scsi: lpfc: prevent potential null pointer dereference
  scsi: lpfc: Avoid NULL pointer dereference in lpfc_els_abort()
  scsi: lpfc: nvmet_fc: fix format string
  scsi: qla2xxx: Fix crash due to NULL pointer dereference of ctx
  scsi: qla2xxx: Fix mailbox pointer error in fwdump capture
  scsi: qla2xxx: Set bit 15 for DIAG_ECHO_TEST MBC
  scsi: qla2xxx: Modify T262 FW dump template to specify same start/end to debug customer issues
  scsi: qla2xxx: Fix crash due to mismatch mumber of Q-pair creation for Multi queue
  scsi: qla2xxx: Fix NULL pointer access due to redundant fc_host_port_name call
  scsi: qla2xxx: Fix recursive loop during target mode configuration for ISP25XX leaving system unresponsive
  scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
  scsi: qla2xxx: don't disable a not previously enabled PCI device
2017-06-11 11:21:08 -07:00
Linus Torvalds 8f56821d1d Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
Pull libnvdimm fix from Dan Williams:
 "We expanded the device-dax fs type in 4.12 to be a generic provider of
  a struct dax_device with an embedded inode. However, Sasha found some
  basic negative testing was not run to verify that this fs cleanly
  handles being mounted directly.

  Note that the fresh rebase was done to remove an unnecessary Cc:
  <stable> tag, but this commit otherwise had a build success
  notification from the 0day robot."

* 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  device-dax: fix 'dax' device filesystem inode destruction crash
2017-06-11 11:15:09 -07:00
Linus Torvalds 9d66af6bbf Fix hexagon build error
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJZPKckAAoJEMsfJm/On5mB7ngQAKqyaAJ1Nrr2+Dur//XhDcIj
 Q3FgBJL2ip9s3S9NTgfXy3N16s/h9XoBU3SNvpzOOaeeSSGvdaTPJSsQieJ/Vtbo
 FOp1kp25W/nz6NCrhLxFK1dMLIg+128nsjm2XhzoPC6CfxXSUpxwGQX5CwfqBFP5
 2mfW6htJUiVenjS6QIDM3/fP0hcSgAsiSfTY3flQxn8dBzXgKFJgI6u4VuoqWV3U
 6+NgPSjRJa0aUeZj8z9Kf+1mjoecaBh2cKoztPGLm6tznbSrUJWP1euSLi4DmEQl
 NvQWhi/Sk3B73fNHqJ3k+n2ZsFOErodFnUAGh5Q+18Tz7L9l8TXBF8god7yZYhbO
 YZC9IeJ34fQcnMxvHS26WBADfm6hjRqtRa0BABWtwOio18vhALjqBbCjzlsgp7Cx
 tE///cNk8eGUbR1V/g0i44mSTIv5xBwDnZ9yHoALWVWvefYkHAT3tr1GmlaulKJM
 d2Olv4eLf9FeBkciA57cBJNNx5Mi9kM6VssDkaxVsSYQm7ZA4vFNCRqi9GgvPdAx
 NYPifhxGMn+so5wBDwH1HKbeTFBTgM7TRkZlOJLqPH/p6o6WnlpnvgweaP4YT0cP
 uR9Q75F/NAhMgomqoDkcJlbmup6kfSPku8wuGUoDR2qbU59wOw/rWcyqgc0CFDHg
 ptn2N+FcS/ZH3OSDbe5y
 =TDsn
 -----END PGP SIGNATURE-----

Merge tag 'hexagon-for-linus-v4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

Pull hexagon fix from Guenter Roeck:
 "This fixes a build error seen when building hexagon images.

  Richard sent me an Ack, but didn't reply when asked if he wants me to
  send the patch to you directly, so I figured I'd just do it"

* tag 'hexagon-for-linus-v4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hexagon: Use raw_copy_to_user
2017-06-11 11:09:15 -07:00
Linus Torvalds 9d0eb46246 Bug fixes (ARM, s390, x86)
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJZPOhfAAoJEL/70l94x66DNgYH/i1pbBmsxeYxWEoScLDTVYZa
 gLKHpjpciCBcKdMGSuBXeP702pi85N/TG7M2XIT/nXmFHYsie9RUSWXK63IZxpPx
 7wRNocstQU+DyMAP3pagJIFPnhUT9ufCZYFDin8sQoh1Dk1xbV38WaUPb/YfPYIt
 xGyti2SzT/CiBOR5zQiNb8m8k+M19QGzjcglHRq5Uk/oSElaw635M6u3PZD0Zvtd
 9L3NhtDYp1tUpG2Rc/5fXX651BVl+J6+xMukuAJBSqcI2hNfe0oM7tTi6larPHPo
 eguW0ChU2qat7Gjob18oKlLAMGwPHt+p7utH2pju5UTWFdPBY2lxUgv5Yfd3Qzo=
 =C/gM
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Bug fixes (ARM, s390, x86)"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: async_pf: avoid async pf injection when in guest mode
  KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid emulation
  arm: KVM: Allow unaligned accesses at HYP
  arm64: KVM: Allow unaligned accesses at EL2
  arm64: KVM: Preserve RES1 bits in SCTLR_EL2
  KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages
  KVM: nVMX: Fix exception injection
  kvm: async_pf: fix rcu_irq_enter() with irqs enabled
  KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
  KVM: s390: fix ais handling vs cpu model
  KVM: arm/arm64: Fix isues with GICv2 on GICv3 migration
2017-06-11 11:07:25 -07:00
Wanpeng Li 9bc1f09f6f KVM: async_pf: avoid async pf injection when in guest mode
INFO: task gnome-terminal-:1734 blocked for more than 120 seconds.
       Not tainted 4.12.0-rc4+ #8
 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
 gnome-terminal- D    0  1734   1015 0x00000000
 Call Trace:
  __schedule+0x3cd/0xb30
  schedule+0x40/0x90
  kvm_async_pf_task_wait+0x1cc/0x270
  ? __vfs_read+0x37/0x150
  ? prepare_to_swait+0x22/0x70
  do_async_page_fault+0x77/0xb0
  ? do_async_page_fault+0x77/0xb0
  async_page_fault+0x28/0x30

This is triggered by running both win7 and win2016 on L1 KVM simultaneously,
and then gives stress to memory on L1, I can observed this hang on L1 when
at least ~70% swap area is occupied on L0.

This is due to async pf was injected to L2 which should be injected to L1,
L2 guest starts receiving pagefault w/ bogus %cr2(apf token from the host
actually), and L1 guest starts accumulating tasks stuck in D state in
kvm_async_pf_task_wait() since missing PAGE_READY async_pfs.

This patch fixes the hang by doing async pf when executing L1 guest.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-11 08:39:24 +02:00