Commit Graph

738564 Commits

Author SHA1 Message Date
Daniel Vacek 864b75f9d6 mm/page_alloc: fix memmap_init_zone pageblock alignment
Commit b92df1de5d ("mm: page_alloc: skip over regions of invalid pfns
where possible") introduced a bug where move_freepages() triggers a
VM_BUG_ON() on uninitialized page structure due to pageblock alignment.
To fix this, simply align the skipped pfns in memmap_init_zone() the
same way as in move_freepages_block().

Seen in one of the RHEL reports:

  crash> log | grep -e BUG -e RIP -e Call.Trace -e move_freepages_block -e rmqueue -e freelist -A1
  kernel BUG at mm/page_alloc.c:1389!
  invalid opcode: 0000 [#1] SMP
  --
  RIP: 0010:[<ffffffff8118833e>]  [<ffffffff8118833e>] move_freepages+0x15e/0x160
  RSP: 0018:ffff88054d727688  EFLAGS: 00010087
  --
  Call Trace:
   [<ffffffff811883b3>] move_freepages_block+0x73/0x80
   [<ffffffff81189e63>] __rmqueue+0x263/0x460
   [<ffffffff8118c781>] get_page_from_freelist+0x7e1/0x9e0
   [<ffffffff8118caf6>] __alloc_pages_nodemask+0x176/0x420
  --
  RIP  [<ffffffff8118833e>] move_freepages+0x15e/0x160
   RSP <ffff88054d727688>

  crash> page_init_bug -v | grep RAM
  <struct resource 0xffff88067fffd2f8>          1000 -        9bfff	System RAM (620.00 KiB)
  <struct resource 0xffff88067fffd3a0>        100000 -     430bffff	System RAM (  1.05 GiB = 1071.75 MiB = 1097472.00 KiB)
  <struct resource 0xffff88067fffd410>      4b0c8000 -     4bf9cfff	System RAM ( 14.83 MiB = 15188.00 KiB)
  <struct resource 0xffff88067fffd480>      4bfac000 -     646b1fff	System RAM (391.02 MiB = 400408.00 KiB)
  <struct resource 0xffff88067fffd560>      7b788000 -     7b7fffff	System RAM (480.00 KiB)
  <struct resource 0xffff88067fffd640>     100000000 -    67fffffff	System RAM ( 22.00 GiB)

  crash> page_init_bug | head -6
  <struct resource 0xffff88067fffd560>      7b788000 -     7b7fffff	System RAM (480.00 KiB)
  <struct page 0xffffea0001ede200>   1fffff00000000  0 <struct pglist_data 0xffff88047ffd9000> 1 <struct zone 0xffff88047ffd9800> DMA32          4096    1048575
  <struct page 0xffffea0001ede200> 505736 505344 <struct page 0xffffea0001ed8000> 505855 <struct page 0xffffea0001edffc0>
  <struct page 0xffffea0001ed8000>                0  0 <struct pglist_data 0xffff88047ffd9000> 0 <struct zone 0xffff88047ffd9000> DMA               1       4095
  <struct page 0xffffea0001edffc0>   1fffff00000400  0 <struct pglist_data 0xffff88047ffd9000> 1 <struct zone 0xffff88047ffd9800> DMA32          4096    1048575
  BUG, zones differ!

Note that this range follows two not populated sections
68000000-77ffffff in this zone.  7b788000-7b7fffff is the first one
after a gap.  This makes memmap_init_zone() skip all the pfns up to the
beginning of this range.  But this range is not pageblock (2M) aligned.
In fact no range has to be.

  crash> kmem -p 77fff000 78000000 7b5ff000 7b600000 7b787000 7b788000
        PAGE        PHYSICAL      MAPPING       INDEX CNT FLAGS
  ffffea0001e00000  78000000                0        0  0 0
  ffffea0001ed7fc0  7b5ff000                0        0  0 0
  ffffea0001ed8000  7b600000                0        0  0 0	<<<<
  ffffea0001ede1c0  7b787000                0        0  0 0
  ffffea0001ede200  7b788000                0        0  1 1fffff00000000

Top part of page flags should contain nodeid and zonenr, which is not
the case for page ffffea0001ed8000 here (<<<<).

  crash> log | grep -o fffea0001ed[^\ ]* | sort -u
  fffea0001ed8000
  fffea0001eded20
  fffea0001edffc0

  crash> bt -r | grep -o fffea0001ed[^\ ]* | sort -u
  fffea0001ed8000
  fffea0001eded00
  fffea0001eded20
  fffea0001edffc0

Initialization of the whole beginning of the section is skipped up to
the start of the range due to the commit b92df1de5d.  Now any code
calling move_freepages_block() (like reusing the page from a freelist as
in this example) with a page from the beginning of the range will get
the page rounded down to start_page ffffea0001ed8000 and passed to
move_freepages() which crashes on assertion getting wrong zonenr.

  >         VM_BUG_ON(page_zone(start_page) != page_zone(end_page));

Note, page_zone() derives the zone from page flags here.

From similar machine before commit b92df1de5d28:

  crash> kmem -p 77fff000 78000000 7b5ff000 7b600000 7b7fe000 7b7ff000
        PAGE        PHYSICAL      MAPPING       INDEX CNT FLAGS
  fffff73941e00000  78000000                0        0  1 1fffff00000000
  fffff73941ed7fc0  7b5ff000                0        0  1 1fffff00000000
  fffff73941ed8000  7b600000                0        0  1 1fffff00000000
  fffff73941edff80  7b7fe000                0        0  1 1fffff00000000
  fffff73941edffc0  7b7ff000 ffff8e67e04d3ae0     ad84  1 1fffff00020068 uptodate,lru,active,mappedtodisk

All the pages since the beginning of the section are initialized.
move_freepages()' not gonna blow up.

The same machine with this fix applied:

  crash> kmem -p 77fff000 78000000 7b5ff000 7b600000 7b7fe000 7b7ff000
        PAGE        PHYSICAL      MAPPING       INDEX CNT FLAGS
  ffffea0001e00000  78000000                0        0  0 0
  ffffea0001e00000  7b5ff000                0        0  0 0
  ffffea0001ed8000  7b600000                0        0  1 1fffff00000000
  ffffea0001edff80  7b7fe000                0        0  1 1fffff00000000
  ffffea0001edffc0  7b7ff000 ffff88017fb13720        8  2 1fffff00020068 uptodate,lru,active,mappedtodisk

At least the bare minimum of pages is initialized preventing the crash
as well.

Customers started to report this as soon as 7.4 (where b92df1de5d was
merged in RHEL) was released.  I remember reports from
September/October-ish times.  It's not easily reproduced and happens on
a handful of machines only.  I guess that's why.  But that does not make
it less serious, I think.

Though there actually is a report here:
  https://bugzilla.kernel.org/show_bug.cgi?id=196443

And there are reports for Fedora from July:
  https://bugzilla.redhat.com/show_bug.cgi?id=1473242
and CentOS:
  https://bugs.centos.org/view.php?id=13964
and we internally track several dozens reports for RHEL bug
  https://bugzilla.redhat.com/show_bug.cgi?id=1525121

Link: http://lkml.kernel.org/r/0485727b2e82da7efbce5f6ba42524b429d0391a.1520011945.git.neelx@redhat.com
Fixes: b92df1de5d ("mm: page_alloc: skip over regions of invalid pfns where possible")
Signed-off-by: Daniel Vacek <neelx@redhat.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: Pavel Tatashin <pasha.tatashin@oracle.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-03-09 16:40:01 -08:00
Daniel Vacek 379b03b7fa mm/memblock.c: hardcode the end_pfn being -1
This is just a cleanup.  It aids handling the special end case in the
next commit.

[akpm@linux-foundation.org: make it work against current -linus, not against -mm]
[akpm@linux-foundation.org: make it work against current -linus, not against -mm some more]
Link: http://lkml.kernel.org/r/1ca478d4269125a99bcfb1ca04d7b88ac1aee924.1520011944.git.neelx@redhat.com
Signed-off-by: Daniel Vacek <neelx@redhat.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Pavel Tatashin <pasha.tatashin@oracle.com>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-03-09 16:40:01 -08:00
Andrea Arcangeli 96312e6128 mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT
KVM is hanging during postcopy live migration with userfaultfd because
get_user_pages_unlocked is not capable to handle FOLL_NOWAIT.

Earlier FOLL_NOWAIT was only ever passed to get_user_pages.

Specifically faultin_page (the callee of get_user_pages_unlocked caller)
doesn't know that if FAULT_FLAG_RETRY_NOWAIT was set in the page fault
flags, when VM_FAULT_RETRY is returned, the mmap_sem wasn't actually
released (even if nonblocking is not NULL).  So it sets *nonblocking to
zero and the caller won't release the mmap_sem thinking it was already
released, but it wasn't because of FOLL_NOWAIT.

Link: http://lkml.kernel.org/r/20180302174343.5421-2-aarcange@redhat.com
Fixes: ce53053ce3 ("kvm: switch get_user_page_nowait() to get_user_pages_unlocked()")
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-03-09 16:40:01 -08:00
Kees Cook 1b4cfe3c0a lib/bug.c: exclude non-BUG/WARN exceptions from report_bug()
Commit b8347c2196 ("x86/debug: Handle warnings before the notifier
chain, to fix KGDB crash") changed the ordering of fixups, and did not
take into account the case of x86 processing non-WARN() and non-BUG()
exceptions.  This would lead to output of a false BUG line with no other
information.

In the case of a refcount exception, it would be immediately followed by
the refcount WARN(), producing very strange double-"cut here":

  lkdtm: attempting bad refcount_inc() overflow
  ------------[ cut here ]------------
  Kernel BUG at 0000000065f29de5 [verbose debug info unavailable]
  ------------[ cut here ]------------
  refcount_t overflow at lkdtm_REFCOUNT_INC_OVERFLOW+0x6b/0x90 in cat[3065], uid/euid: 0/0
  WARNING: CPU: 0 PID: 3065 at kernel/panic.c:657 refcount_error_report+0x9a/0xa4
  ...

In the prior ordering, exceptions were searched first:

   do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
   ...
                if (fixup_exception(regs, trapnr))
                        return 0;

  -               if (fixup_bug(regs, trapnr))
  -                       return 0;
  -

As a result, fixup_bugs()'s is_valid_bugaddr() didn't take into account
needing to search the exception list first, since that had already
happened.

So, instead of searching the exception list twice (once in
is_valid_bugaddr() and then again in fixup_exception()), just add a
simple sanity check to report_bug() that will immediately bail out if a
BUG() (or WARN()) entry is not found.

Link: http://lkml.kernel.org/r/20180301225934.GA34350@beast
Fixes: b8347c2196 ("x86/debug: Handle warnings before the notifier chain, to fix KGDB crash")
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Richard Weinberger <richard.weinberger@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-03-09 16:40:01 -08:00
Kees Cook 0862ca422b bug: use %pB in BUG and stack protector failure
The BUG and stack protector reports were still using a raw %p.  This
changes it to %pB for more meaningful output.

Link: http://lkml.kernel.org/r/20180301225704.GA34198@beast
Fixes: ad67b74d24 ("printk: hash addresses printed with %p")
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Richard Weinberger <richard.weinberger@gmail.com>,
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-03-09 16:40:01 -08:00
Michal Hocko 4704dea36d hugetlb: fix surplus pages accounting
Dan Rue has noticed that libhugetlbfs test suite fails counter test:

  # mount_point="/mnt/hugetlb/"
  # echo 200 > /proc/sys/vm/nr_hugepages
  # mkdir -p "${mount_point}"
  # mount -t hugetlbfs hugetlbfs "${mount_point}"
  # export LD_LIBRARY_PATH=/root/libhugetlbfs/libhugetlbfs-2.20/obj64
  # /root/libhugetlbfs/libhugetlbfs-2.20/tests/obj64/counters
  Starting testcase "/root/libhugetlbfs/libhugetlbfs-2.20/tests/obj64/counters", pid 3319
  Base pool size: 0
  Clean...
  FAIL    Line 326: Bad HugePages_Total: expected 0, actual 1

The bug was bisected to 0c397daea1 ("mm, hugetlb: further simplify
hugetlb allocation API").

The reason is that alloc_surplus_huge_page() misaccounts per node
surplus pages.  We should increase surplus_huge_pages_node rather than
nr_huge_pages_node which is already handled by alloc_fresh_huge_page.

Link: http://lkml.kernel.org/r/20180221191439.GM2231@dhcp22.suse.cz
Fixes: 0c397daea1 ("mm, hugetlb: further simplify hugetlb allocation API")
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reported-by: Dan Rue <dan.rue@linaro.org>
Tested-by: Dan Rue <dan.rue@linaro.org>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-03-09 16:40:01 -08:00
Leon Romanovsky 28e9091e31 RDMA/mlx5: Fix integer overflow while resizing CQ
The user can provide very large cqe_size which will cause to integer
overflow as it can be seen in the following UBSAN warning:

=======================================================================
UBSAN: Undefined behaviour in drivers/infiniband/hw/mlx5/cq.c:1192:53
signed integer overflow:
64870 * 65536 cannot be represented in type 'int'
CPU: 0 PID: 267 Comm: syzkaller605279 Not tainted 4.15.0+ #90 Hardware
name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
Call Trace:
 dump_stack+0xde/0x164
 ? dma_virt_map_sg+0x22c/0x22c
 ubsan_epilogue+0xe/0x81
 handle_overflow+0x1f3/0x251
 ? __ubsan_handle_negate_overflow+0x19b/0x19b
 ? lock_acquire+0x440/0x440
 mlx5_ib_resize_cq+0x17e7/0x1e40
 ? cyc2ns_read_end+0x10/0x10
 ? native_read_msr_safe+0x6c/0x9b
 ? cyc2ns_read_end+0x10/0x10
 ? mlx5_ib_modify_cq+0x220/0x220
 ? sched_clock_cpu+0x18/0x200
 ? lookup_get_idr_uobject+0x200/0x200
 ? rdma_lookup_get_uobject+0x145/0x2f0
 ib_uverbs_resize_cq+0x207/0x3e0
 ? ib_uverbs_ex_create_cq+0x250/0x250
 ib_uverbs_write+0x7f9/0xef0
 ? cyc2ns_read_end+0x10/0x10
 ? print_irqtrace_events+0x280/0x280
 ? ib_uverbs_ex_create_cq+0x250/0x250
 ? uverbs_devnode+0x110/0x110
 ? sched_clock_cpu+0x18/0x200
 ? do_raw_spin_trylock+0x100/0x100
 ? __lru_cache_add+0x16e/0x290
 __vfs_write+0x10d/0x700
 ? uverbs_devnode+0x110/0x110
 ? kernel_read+0x170/0x170
 ? sched_clock_cpu+0x18/0x200
 ? security_file_permission+0x93/0x260
 vfs_write+0x1b0/0x550
 SyS_write+0xc7/0x1a0
 ? SyS_read+0x1a0/0x1a0
 ? trace_hardirqs_on_thunk+0x1a/0x1c
 entry_SYSCALL_64_fastpath+0x1e/0x8b
RIP: 0033:0x433549
RSP: 002b:00007ffe63bd1ea8 EFLAGS: 00000217
=======================================================================

Cc: syzkaller <syzkaller@googlegroups.com>
Cc: <stable@vger.kernel.org> # 3.13
Fixes: bde51583f4 ("IB/mlx5: Add support for resize CQ")
Reported-by: Noa Osherovich <noaos@mellanox.com>
Reviewed-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2018-03-09 18:10:48 -05:00
Doug Ledford 212a0cbc56 Revert "RDMA/mlx5: Fix integer overflow while resizing CQ"
The original commit of this patch has a munged log message that is
missing several of the tags the original author intended to be on the
patch.  This was due to patchworks misinterpreting a cut-n-paste
separator line as an end of message line and munging the mbox that was
used to import the patch:

https://patchwork.kernel.org/patch/10264089/

The original patch will be reapplied with a fixed commit message so the
proper tags are applied.

This reverts commit aa0de36a40.

Signed-off-by: Doug Ledford <dledford@redhat.com>
2018-03-09 18:07:46 -05:00
Linus Torvalds c68a2cf07a pci-v4.16-fixes-3
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAlqiut4UHGJoZWxnYWFz
 QGdvb2dsZS5jb20ACgkQWYigwDrT+vx64g//XKYaUwlc6e2c0XxTmpOe/v/V/NF3
 nXCvkmZRb2GW3xsYyrzzHBeUJtgRVBZ58yQtw7jXqS8DxyXiGzGEGrCHOzWOXiFm
 JppL24KgdZk/Az4Fo1rN8h6bydeeTbkztLJBzBDQghmeaj7VQiI+aePjUAFmOvd/
 rBg25nERo3yI/bPh6lMjLwZp3e89+cKn7na9FX8xKt32T2YSVqnjYFn6xoiC6UMY
 9Gaferv5ZECdTViq9lZKHTqg8f4Xjc/ln3qYMs/CXf3qNb6gt1gtA8f5X78z7l24
 h3MIwe7nxX0iyKjUImQeRSsXcSvDYiZHqwHJilm5TKmvwl+r3OB5D6YsfMRP2GN8
 CRNiNUQApxGRqo+NJOoR1Ca+tkWjfnFClOMzDC1b0zwKBlLSyHGSUKIsoQ160djs
 8aZZqKiVLeHgZrEWrb1601VeOjxDzdNfLn0/8fMsDS4avhoAUVL/Rqze8nowaDcM
 98AJuGu8of3tWfz7A7WiBn9Y17R8tIYwdjAtL6O9YlhdpiazUkLo9HmquKXK5Yv7
 2Q5+uoMPXsVN5OXKGKOXWTo1YarqQRK3c1iTK9kb8wolkKTcuSN62wHDtsxWzDCG
 VxEwjz/yrbiNiTqznT4iSlXvlUwPl65W0+TFnLRh0LFXtjUAHiYcL5qEe3ah7TWc
 vf1Mc1v8SJiUtmU=
 =2F4R
 -----END PGP SIGNATURE-----

Merge tag 'pci-v4.16-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fixes from Bjorn Helgaas:

 - fix sparc build issue when OF_IRQ not enabled (Guenter Roeck)

 - fix enumeration of devices below switches on DesignWare-based
   controllers (Koen Vandeputte)

* tag 'pci-v4.16-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: dwc: Fix enumeration end when reaching root subordinate
  PCI: Move of_irq_parse_and_map_pci() declaration under OF_IRQ
2018-03-09 13:31:08 -08:00
Linus Torvalds 99d7d64b60 fbdev fix for v4.16-rc5:
- fix kernel data leak in FBIOGETCMAP_SPARC ioctl (Peter Malone)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJaorOYAAoJEH4ztj+gR8ILAMcP/3OuHo2Oh9czd5LjhdpiHDA/
 liXIAWs8ujMGE0BNNXIeLJ8VCpXDRAqWdsEDzamIjrag8Um7oBCp/TLlHwwJl7nK
 P6vDn3QHdz7eWYSC7hs6bphlPlYVI9a8VpZOMxvj5w25oZfWADaaVDdmjofwXG4j
 6AjNb0F8Ls+SaprZABj7l9h7/zeX5AvtraTZz6hSwvxsoxR12YnpaeRzaFdaidux
 HV28RgHU1Yn6nTSSSu5oQVnWsknMxftowrd8ZMwqG3O7Ukn50nsSPEMeZmY/XoDb
 EZtPPodGzBKZYnZ/ZHYdh0MDFh8/n/tIbDzFeoqli2bTjhIzx3aELnvYrJF1RPlp
 YTGtYK+IHTZQZv8BxyHmrnSIfPi7rVqTPijybe4t9Feyq+TNfb0uBk12t//duO3W
 23hj4jAVIyWBOibstzKov8PaPusq3xlvJ0Pc0bsaEEzY6+ED5crhMGWONMkA7ekV
 Jq37G5N4egDK4dBI5nvnNVvejZ5fp9KjEDU7gowYEpjMIUS9n09xK1+pXa3mfsiX
 6LaDNEzDDOkt745c+j7NfLE+aFUH/SqHiEdOHbmd9/HSHYNcflBmBMMsgYbJ6mX0
 oeoKcD/8aYkTxEdqRNMqGSC+6uf2/7+KuPXV66Sf9DkGInpqAWDUxDAs8XrcczXl
 1Y8RaGn6cdi72nkZStQb
 =ukkh
 -----END PGP SIGNATURE-----

Merge tag 'fbdev-v4.16-rc5' of git://github.com/bzolnier/linux

Pull fbdev fix from Bartlomiej Zolnierkiewicz:
 "Just a single fix to close a kernel data leak in FBIOGETCMAP_SPARC
  ioctl"

* tag 'fbdev-v4.16-rc5' of git://github.com/bzolnier/linux:
  fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
2018-03-09 13:25:21 -08:00
Linus Torvalds 65307f2e05 amdgfx, i915, sun4i fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaoihEAAoJEAx081l5xIa+VukP/iO0Et1GzmcLvE1XHuOwm5q+
 tG4IgkLSF50IfU0OHc0BWPFoTeypicRJvuLM+NubMf/dg3l8y/UbIWqOJBntnkNX
 o3018iw4/pFIvpBE8x2g2ozEk8qEfiaTfZkTfNKuH1ZUFugZR44j9OWbeYmZYd6i
 GwmSLgLunbE0Bt3XqSHLm4VtbV2FCI1vj65IzYcEWygSa8sugADaeKZ+NvS77MOb
 yF2d+Tlx5IkD0fkOt34MsDH/0F+RGEUCmgJfgiy+AuA/SD/v7cZQinTOkpzm0LkV
 YSSugc7XVqjqugEWjt7yniirGlIPfcdJTzUB99OQ4rCGFhpSRZVB54RVGeOch/LS
 UogyW/cWG9sivgdUg7sXw5ws12NX5LpR8FHwXYxBJRZs+TQXnpEy1Idh4IxZzVF/
 wFhqckNxVo1POZLy2xhTyd4ML49JvVAZ4E+3WmniDKXRImD9S7bV35yPXQ2XA2rj
 KjJaYGntihrvHSvLseOc/cb5KxwvxQGT1yw6fiSGPV1n7kUemzLAMxAmBKnL+IPB
 QKzB5POnaqOsOg6GBmkXv3nGfLWQq1NIiK6XOlfBpW5g80WxuBlLN+gcgaaG5qKT
 CJGbVuQe5kptSXSsTXU1+e6oJre2FOtAncq3aQlPKS7EptqtPxSw0PWiZLsVXiVj
 /sZU6fBlCYGJoXIq25xK
 =tkxA
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-for-v4.16-rc5' of git://people.freedesktop.org/~airlied/linux

Pull drm fixes from Dave Airlie:
 "There are a small set of sun4i and i915 fixes, and many more amdgpu
  fixes:

  sun4i:
   - divide by zero fix
   - clock and LVDS fixes

  i915:
   - fix for perf
   - race fix

  amdgpu:
   - a bit more than we are normally comfortable with at this point,
     however it does fix a lot of display issues with the new DC code
     which result in black screens in various configurations along with
     some run of the mill gpu configuration fixes.

     I'm happy enough that the fixes are limited to the DC code and
     should fix a bunch of issues on the new raven ridge APUs that we
     are seeing shipped now"

* tag 'drm-fixes-for-v4.16-rc5' of git://people.freedesktop.org/~airlied/linux: (42 commits)
  drm/amd/display: validate plane format on primary plane
  drm/amdgpu:Always save uvd vcpu_bo in VM Mode
  drm/amdgpu:Correct max uvd handles
  drm/amd/display: early return if not in vga mode in disable_vga
  drm/amd/display: Fix takover from VGA mode
  drm/amd/display: Fix memleaks when atomic check fails.
  drm/amd/display: Return success when enabling interrupt
  drm/amd/display: Use crtc enable/disable_vblank hooks
  drm/amd/display: update infoframe after dig fe is turned on
  drm/amd/display: fix boot-up on vega10
  drm/amd/display: fix cursor related Pstate hang
  drm/amd/display: Set irq state only on existing crtcs
  drm/amd/display: Fixed non-native modes not lighting up
  drm/amd/display: Call update_stream_signal directly from amdgpu_dm
  drm/amd/display: Make create_stream_for_sink more consistent
  drm/amd/display: Don't block dual-link DVI modes
  drm/amd/display: Don't allow dual-link DVI on all ASICs.
  drm/amd/display: Pass signal directly to enable_tmds_output
  drm/amd/display: Remove unnecessary fail labels in create_stream_for_sink
  drm/amd/display: Move MAX_TMDS_CLOCK define to header
  ...
2018-03-09 13:18:02 -08:00
Linus Torvalds dfbab3fa45 sound fixes for 4.16-rc5
Two type of fixes:
 
 - The usual stuff, a handful HD-audio quirks for various machines
 
 - Further hardening against ALSA sequencer ioctl/write races that
   are triggered by fuzzer
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlqiXaEOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE/M8hAAwwOMDYE4DjhHn0MkzBZO75wBu6jZAQ0KdWUl
 sc2l7+i/0NvdR3CVBoGi8AddyqM/9QCoaqxS8i18wq4xcWgGNf2tzkBCjE8SRuUN
 briisw1RdKhXvciwMh2a82Cd03zKPwK6lTuxQbLNWbNGoldQJJ5gU5jXS5x3NHbE
 vyjo1TYasi7Lxv3FqXv0uWmJzOaU8CD7Tpow0gbm017iNIjqm7Y2BN59Z1FbEvlg
 kP2SSh9+cnaWXGZew2OYq4bBDWbVgVdIqVa5u56wL5akyIwMTAxjTrI4Az7vF7uT
 TEvHwBxvdxe+y+dr7j/bZLws3Nsq0gNrHwk7mK9+Xg94sSs6aqrQVveSL821Xelp
 I3K3PXHMv6ke7w+ywowj4ZdN4YGJP6f8jZfsEsU1LcFiYaelZwbYmLw/QWl27yJq
 Ao5YFbj6k32fTCl6R/FOiWDm6MMO17/XoNYAjahxxuvC3ZdyxZNZi4oDvSvMWlF+
 eG0lrk0yZrrN7Xl9vNWOTdVnoFfPQNaXSxk3veRbWwyYpIDmvSnQz0YgTHTXwfW1
 ehodmSWFiQ6yabpCQEy1gWgiFfG2f9Pjbk1tznHUR+eg2Kwx5RZuQGbuoZxDPJcB
 LojsJ/hJGxCB96gjy388k6kEmDSOkUolgHLhp68oBHnbRC+6vRs/LWDP+pblWjid
 X7NpsHc=
 =jnDF
 -----END PGP SIGNATURE-----

Merge tag 'sound-4.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Two type of fixes:

   - The usual stuff, a handful HD-audio quirks for various machines

   - Further hardening against ALSA sequencer ioctl/write races that are
     triggered by fuzzer"

* tag 'sound-4.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda: add dock and led support for HP ProBook 640 G2
  ALSA: hda: add dock and led support for HP EliteBook 820 G3
  ALSA: hda/realtek - Make dock sound work on ThinkPad L570
  ALSA: seq: Remove superfluous snd_seq_queue_client_leave_cells() call
  ALSA: seq: More protection for concurrent write and ioctl races
  ALSA: seq: Don't allow resizing pool in use
  ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
  ALSA: hda/realtek: Limit mic boost on T480
  ALSA: hda/realtek - Add headset mode support for Dell laptop
  ALSA: hda/realtek - Add support headset mode for DELL WYSE
  ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines
2018-03-09 10:01:59 -08:00
Marc Zyngier e21da1c992 arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
A recent update to the ARM SMCCC ARCH_WORKAROUND_1 specification
allows firmware to return a non zero, positive value to describe
that although the mitigation is implemented at the higher exception
level, the CPU on which the call is made is not affected.

Let's relax the check on the return value from ARCH_WORKAROUND_1
so that we only error out if the returned value is negative.

Fixes: b092201e00 ("arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support")
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-03-09 17:52:07 +00:00
Matthew Wilcox ff690eeed8 Documentation/sphinx: Fix Directive import error
Sphinx 1.7 removed sphinx.util.compat.Directive so people
who have upgraded cannot build the documentation.  Switch to
docutils.parsers.rst.Directive which has been available since
docutils 0.5 released in 2009.

Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1083694
Co-developed-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Jani Nikula <jani.nikula@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2018-03-09 10:46:14 -07:00
Linus Torvalds 719ea86151 Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
Pull overlayfs fixes from Miklos Szeredi:
 "This fixes a corner case for NFS exporting (introduced in this cycle)
  as well as fixing miscellaneous bugs"

* 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
  ovl: update Kconfig texts
  ovl: redirect_dir=nofollow should not follow redirect for opaque lower
  ovl: fix ptr_ret.cocci warnings
  ovl: check ERR_PTR() return value from ovl_lookup_real()
  ovl: check lower ancestry on encode of lower dir file handle
  ovl: hash non-dir by lower inode for fsnotify
2018-03-09 09:46:14 -08:00
Linus Torvalds 2d9b1d69c3 Changes since last update:
- Fix some iomap locking problems
 - Don't allocate cow blocks when we're zeroing file data
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCgAGBQJamePeAAoJEPh/dxk0SrTryPgP/0sh8xcAFUHR0ad7D74nSp3o
 1gjBi6Yl+i+hn5SZ/gkKPa5YFjTMaefcTV8rpZm3uPYbTf75TTscjKDDczFNEqoh
 CDKOeyfOchVSjhRI5ExElBh5ToxDgh+HMzzlmxk+olfWA+BXjJj2J2iLh871v9Ym
 hQl7xOYUDPu1xZz+jLhDLKG2Gd/R97ez2KZM43gKMAUsQ7eUbz6CtV73cFT+tNfP
 jjIe3xp6ohbJYJalMThbNcI2mOOssnCM8BHUDBJib7N4CXucJYTMpDAcGvNoFKul
 +K2Icyip1/6CS4LkWDpP29ayiH+sTbZk8/ipioe27hXXHGqKG84HQOBefRZmo4o0
 CC64SoomuxQX6V7qL6hf0Sz82QQbl+ToSliZ97xXP5o84/OxhggZGqVdykTR2+DB
 4POaJzRPmYJKPO4Q0yT2worB4oepAUrridJnaQE0y9F80xnLTvJxpD53atLCHulj
 Ht9NlvnvqndDYaYjQwvucOmdR9vCos3OjZCaXnYgL+EpbgZUvMeQoxuyBUBTdQeQ
 CNGq3EDssI75gD67sWeyFc+gOST259XofANw3mvlu3KS2/huviORJkDYdtzi2/LL
 gkCN9OW9CmXOaAiylE8dSAu98SAR+c83wmahMeBA2mq5vYrQU4rIDGYZi/Mulne4
 tD7eW5nlvps9Fsvf58fd
 =T9nM
 -----END PGP SIGNATURE-----

Merge tag 'xfs-4.16-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

Pull xfs fixes from Darrick Wong:

 - Fix some iomap locking problems

 - Don't allocate cow blocks when we're zeroing file data

* tag 'xfs-4.16-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: don't block on the ilock for RWF_NOWAIT
  xfs: don't start out with the exclusive ilock for direct I/O
  xfs: don't allocate COW blocks for zeroing holes or unwritten extents
2018-03-09 09:37:29 -08:00
Darren Hart (VMware) 32d7b19bad platform/x86: dell-smbios: Resolve dependency error on DCDBAS
When the DELL_SMBIOS_SMM backend is enabled, the DELL_SMBIOS symbol
depends on DELL_DCDBAS, and we must avoid the situation where
DELL_SMBIOS=y and DCDBAS=m.

Adding the conditional dependency to DELL_SMBIOS such as:

depends !DELL_SMBIOS_SMM || (DCDBAS || DCDBAS=n)

results in the Kconfig tooling complaining about a circular dependency,
although it appears to work in practice.

Avoid the errors by simplifying the dependency and forcing DELL_SMBIOS
to be <= DCDBAS if DCDBAS is enabled (thanks to Greg KH for the
suggestion).

Cc: Mario.Limonciello@dell.com
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
2018-03-09 09:35:46 -08:00
Darren Hart (VMware) 329d58b890 platform/x86: Allow for SMBIOS backend defaults
Avoid accidental configurations by setting default y for DELL_SMBIOS
backends. Avoid this impacting the default build size, by making them
dependent on DELL_SMBIOS, so they only appear when DELL_SMBIOS is
manually selected, or by DELL_LAPTOP or DELL_WMI.

While DELL_SMBIOS does have a prompt, it does not have any dependencies.
Keeping DELL_SMBIOS visible, despite being "select"ed by DELL_LAPTOP and
DELL_WMI, is a deliberate choice to provide context for the WMI and SMM
backends, which would otherwise appear to float without context within
the menu.

Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
2018-03-09 09:35:44 -08:00
Mario Limonciello 25d47027e1 platform/x86: dell-smbios: Link all dell-smbios-* modules together
Some race conditions were raised due to dell-smbios and its backends
not being ready by the time that a consumer would call one of the
exported methods.

To avoid this problem, guarantee that all initialization has been
done by linking them all together and running init for them all.

As part of this change the Kconfig needs to be adjusted so that
CONFIG_DELL_SMBIOS_SMM and CONFIG_DELL_SMBIOS_WMI are boolean
rather than modules.

CONFIG_DELL_SMBIOS is a visually selectable option again and both
CONFIG_DELL_SMBIOS_WMI and CONFIG_DELL_SMBIOS_SMM are optional.

Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
[dvhart: Update prompt and help text for DELL_SMBIOS_* backends]
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
2018-03-09 09:35:42 -08:00
Mario Limonciello 94f77cb168 platform/x86: dell-smbios: Rename dell-smbios source to dell-smbios-base
This is being done to faciliate a later change to link all the dell-smbios
drivers together.

Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
2018-03-09 09:35:30 -08:00
Mario Limonciello b53539625e platform/x86: dell-smbios: Correct some style warnings
WARNING: function definition argument 'struct calling_interface_buffer *'
should also have an identifier name
+       int (*call_fn)(struct calling_interface_buffer *);

WARNING: Block comments use * on subsequent lines
+       /* 4 bytes of table header, plus 7 bytes of Dell header,
	plus at least
+          6 bytes of entry */

WARNING: Block comments use a trailing */ on a separate line
+          6 bytes of entry */

Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
2018-03-09 09:35:16 -08:00
Linus Torvalds a525df0558 powerpc fixes for 4.16 #5
One notable fix to properly advertise our support for a new firmware feature,
 caused by two series conflicting semantically but not textually.
 
 There's a new ioctl for the new ocxl driver, which is not a fix, but needed to
 complete the userspace API and good to have before the driver is in a released
 kernel.
 
 Finally three minor selftest fixes, and a fix for intermittent build failures
 for some obscure platforms, caused by a missing make dependency.
 
 Thanks to:
   Alastair D'Silva, Bharata B Rao, Guenter Roeck.
 -----BEGIN PGP SIGNATURE-----
 
 iQIwBAABCAAaBQJaomOTExxtcGVAZWxsZXJtYW4uaWQuYXUACgkQUevqPMjhpYBV
 LQ/+MyHQH7d/lhqRLWa3BVgy9mn2QfFTkRNMi46eqIWyk6wD5Qf//gzO+vTDzcEO
 rzkBu3XwhuhDCpCInLtJH17X8iKVy65Uk2JQ808pZTm0WnNTBv0ag251QARDg//B
 S1QmCQGJkpoUJ85+IDqQzV90K2o13BPWkAOrVh40G5GASvFGZRdxuTuo4DKeIe/j
 0yri2LRuL+cpcfmZqaJVco8l2tqJEi6zJRhL/ORrLr4XSy0clxF1q1MYshNWPDsB
 3l4r/yKz2aMltplknVVrpdMThUTD311kknIHoQuuEYvd6GxDz52d3B1lvE5Xb8EB
 sNJQX6q8ydab0u79/tTsXUm/EyfmMd6HMKOeVnQim19tnEe0wW6VkaPDNWWXa66U
 hW0qx7rX+zMSHzEcgLF7HKirzCQi2oS5ZMqXvhHlOPBb8Iy0O5za670AtvMGgm7/
 NKXKML31opgXmTcU2ZxBMrtL0S8ft3wHCKRLkB6H8GHE+6//Ps87bQaUo4v2KsOr
 2T/2w6TVtAwxLrASpCVonfcmIjjjIK4WILaOKp24Yzyv0eqen6Z3/kkga37sLgj8
 f11HzTfFWO5ckroHrJSVCOC48eWb+O1CWRwS4rofL1jLfucpv6VFTPK6F4G47pAj
 pZyIJMTem0AEgsxVBJlsw6TibGH5W6rzDE/2WpEqxb7iZh0=
 =ajRr
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 "One notable fix to properly advertise our support for a new firmware
  feature, caused by two series conflicting semantically but not
  textually.

  There's a new ioctl for the new ocxl driver, which is not a fix, but
  needed to complete the userspace API and good to have before the
  driver is in a released kernel.

  Finally three minor selftest fixes, and a fix for intermittent build
  failures for some obscure platforms, caused by a missing make
  dependency.

  Thanks to: Alastair D'Silva, Bharata B Rao, Guenter Roeck"

* tag 'powerpc-4.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/pseries: Fix vector5 in ibm architecture vector table
  ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL
  ocxl: Add get_metadata IOCTL to share OCXL information to userspace
  selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
  selftests/powerpc: Fix missing clean of pmu/lib.o
  powerpc/boot: Fix random libfdt related build errors
  selftests/powerpc: Skip tm-trap if transactional memory is not enabled
2018-03-09 09:33:48 -08:00
Ross Zwisler 1d037577c3 loop: Fix lost writes caused by missing flag
The following commit:

commit aa4d86163e ("block: loop: switch to VFS ITER_BVEC")

replaced __do_lo_send_write(), which used ITER_KVEC iterators, with
lo_write_bvec() which uses ITER_BVEC iterators.  In this change, though,
the WRITE flag was lost:

-       iov_iter_kvec(&from, ITER_KVEC | WRITE, &kvec, 1, len);
+       iov_iter_bvec(&i, ITER_BVEC, bvec, 1, bvec->bv_len);

This flag is necessary for the DAX case because we make decisions based on
whether or not the iterator is a READ or a WRITE in dax_iomap_actor() and
in dax_iomap_rw().

We end up going through this path in configurations where we combine a PMEM
device with 4k sectors, a loopback device and DAX.  The consequence of this
missed flag is that what we intend as a write actually turns into a read in
the DAX code, so no data is ever written.

The very simplest test case is to create a loopback device and try and
write a small string to it, then hexdump a few bytes of the device to see
if the write took.  Without this patch you read back all zeros, with this
you read back the string you wrote.

For XFS this causes us to fail or panic during the following xfstests:

	xfs/074 xfs/078 xfs/216 xfs/217 xfs/250

For ext4 we have a similar issue where writes never happen, but we don't
currently have any xfstests that use loopback and show this issue.

Fix this by restoring the WRITE flag argument to iov_iter_bvec().  This
causes the xfstests to all pass.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@vger.kernel.org
Fixes: commit aa4d86163e ("block: loop: switch to VFS ITER_BVEC")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-03-09 08:36:36 -07:00
Masahiro Yamada bd2746f09e clocksource/atmel-st: Add 'depends on HAS_IOMEM' to fix unmet dependency
The ATMEL_ST config selects MFD_SYSCON, but does not depend on HAS_IOMEM.

Compile testing on architecture without HAS_IOMEM causes "unmet direct
dependencies" in Kconfig phase. Detected by "make ARCH=score allyesconfig".

Add the proper dependency to the ATMEL_ST config.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Link: https://lkml.kernel.org/r/1520335233-11277-1-git-send-email-yamada.masahiro@socionext.com
2018-03-09 11:11:58 +01:00
Boqun Feng 6b0ef92fee rtmutex: Make rt_mutex_futex_unlock() safe for irq-off callsites
When running rcutorture with TREE03 config, CONFIG_PROVE_LOCKING=y, and
kernel cmdline argument "rcutorture.gp_exp=1", lockdep reports a
HARDIRQ-safe->HARDIRQ-unsafe deadlock:

 ================================
 WARNING: inconsistent lock state
 4.16.0-rc4+ #1 Not tainted
 --------------------------------
 inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
 takes:
 __schedule+0xbe/0xaf0
 {IN-HARDIRQ-W} state was registered at:
   _raw_spin_lock+0x2a/0x40
   scheduler_tick+0x47/0xf0
...
 other info that might help us debug this:
  Possible unsafe locking scenario:
        CPU0
        ----
   lock(&rq->lock);
   <Interrupt>
     lock(&rq->lock);
  *** DEADLOCK ***
 1 lock held by rcu_torture_rea/724:
 rcu_torture_read_lock+0x0/0x70
 stack backtrace:
 CPU: 2 PID: 724 Comm: rcu_torture_rea Not tainted 4.16.0-rc4+ #1
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
 Call Trace:
  lock_acquire+0x90/0x200
  ? __schedule+0xbe/0xaf0
  _raw_spin_lock+0x2a/0x40
  ? __schedule+0xbe/0xaf0
  __schedule+0xbe/0xaf0
  preempt_schedule_irq+0x2f/0x60
  retint_kernel+0x1b/0x2d
 RIP: 0010:rcu_read_unlock_special+0x0/0x680
  ? rcu_torture_read_unlock+0x60/0x60
  __rcu_read_unlock+0x64/0x70
  rcu_torture_read_unlock+0x17/0x60
  rcu_torture_reader+0x275/0x450
  ? rcutorture_booster_init+0x110/0x110
  ? rcu_torture_stall+0x230/0x230
  ? kthread+0x10e/0x130
  kthread+0x10e/0x130
  ? kthread_create_worker_on_cpu+0x70/0x70
  ? call_usermodehelper_exec_async+0x11a/0x150
  ret_from_fork+0x3a/0x50

This happens with the following even sequence:

	preempt_schedule_irq();
	  local_irq_enable();
	  __schedule():
	    local_irq_disable(); // irq off
	    ...
	    rcu_note_context_switch():
	      rcu_note_preempt_context_switch():
	        rcu_read_unlock_special():
	          local_irq_save(flags);
	          ...
		  raw_spin_unlock_irqrestore(...,flags); // irq remains off
	          rt_mutex_futex_unlock():
	            raw_spin_lock_irq();
	            ...
	            raw_spin_unlock_irq(); // accidentally set irq on

	    <return to __schedule()>
	    rq_lock():
	      raw_spin_lock(); // acquiring rq->lock with irq on

which means rq->lock becomes a HARDIRQ-unsafe lock, which can cause
deadlocks in scheduler code.

This problem was introduced by commit 02a7c234e5 ("rcu: Suppress
lockdep false-positive ->boost_mtx complaints"). That brought the user
of rt_mutex_futex_unlock() with irq off.

To fix this, replace the *lock_irq() in rt_mutex_futex_unlock() with
*lock_irq{save,restore}() to make it safe to call rt_mutex_futex_unlock()
with irq off.

Fixes: 02a7c234e5 ("rcu: Suppress lockdep false-positive ->boost_mtx complaints")
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: "Paul E . McKenney" <paulmck@linux.vnet.ibm.com>
Link: https://lkml.kernel.org/r/20180309065630.8283-1-boqun.feng@gmail.com
2018-03-09 11:06:16 +01:00
Francis Deslauriers c07a8f8b08 x86/kprobes: Fix kernel crash when probing .entry_trampoline code
Disable the kprobe probing of the entry trampoline:

.entry_trampoline is a code area that is used to ensure page table
isolation between userspace and kernelspace.

At the beginning of the execution of the trampoline, we load the
kernel's CR3 register. This has the effect of enabling the translation
of the kernel virtual addresses to physical addresses. Before this
happens most kernel addresses can not be translated because the running
process' CR3 is still used.

If a kprobe is placed on the trampoline code before that change of the
CR3 register happens the kernel crashes because int3 handling pages are
not accessible.

To fix this, add the .entry_trampoline section to the kprobe blacklist
to prohibit the probing of code before all the kernel pages are
accessible.

Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: mathieu.desnoyers@efficios.com
Cc: mhiramat@kernel.org
Link: http://lkml.kernel.org/r/1520565492-4637-2-git-send-email-francis.deslauriers@efficios.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-03-09 09:58:36 +01:00
Song Liu bd903afeb5 perf/core: Fix ctx_event_type in ctx_resched()
In ctx_resched(), EVENT_FLEXIBLE should be sched_out when EVENT_PINNED is
added. However, ctx_resched() calculates ctx_event_type before checking
this condition. As a result, pinned events will NOT get higher priority
than flexible events.

The following shows this issue on an Intel CPU (where ref-cycles can
only use one hardware counter).

  1. First start:
       perf stat -C 0 -e ref-cycles  -I 1000
  2. Then, in the second console, run:
       perf stat -C 0 -e ref-cycles:D -I 1000

The second perf uses pinned events, which is expected to have higher
priority. However, because it failed in ctx_resched(). It is never
run.

This patch fixes this by calculating ctx_event_type after re-evaluating
event_type.

Reported-by: Ephraim Park <ephiepark@fb.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: <jolsa@redhat.com>
Cc: <kernel-team@fb.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Fixes: 487f05e18a ("perf/core: Optimize event rescheduling on active contexts")
Link: http://lkml.kernel.org/r/20180306055504.3283731-1-songliubraving@fb.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-03-09 08:03:02 +01:00
Jens Axboe e576b7b528 Merge branch 'nvme-4.16-rc5' of git://git.infradead.org/nvme into for-linus
Pull NVMe fixes for this series from Keith:

"A few late fixes for 4.16:

 * Reverting sysfs slave device links for native nvme multipathing.
   The hidden disk attributes broke common user tools.

 * A fix for a PPC pci error handling regression.

 * Update pci interrupt count to consider the actual IRQ spread, fixing
   potentially poor initial queue affinity.

 * Off-by-one errors in nvme-fc queue sizes

 * A fabrics discovery fix to be more tolerant with user tools."

* 'nvme-4.16-rc5' of git://git.infradead.org/nvme:
  nvme_fc: rework sqsize handling
  nvme-fabrics: Ignore nr_io_queues option for discovery controllers
  Revert "nvme: create 'slaves' and 'holders' entries for hidden controllers"
  nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors
  nvme-pci: Fix EEH failure on ppc
2018-03-08 19:12:59 -07:00
Dave Airlie b0655d668f Merge branch 'drm-fixes-4.16' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
Fixes for 4.16.  A bit bigger than I would have liked, but most of that
is DC fixes which Harry helped me pull together from the past few weeks.
Highlights:
- Fix DL DVI with DC
- Various RV fixes for DC
- Overlay fixes for DC
- Fix HDMI2 handling on boards without HBR tables in the vbios
- Fix crash with pass-through on SI on amdgpu
- Fix RB harvesting on KV
- Fix hibernation failures on UVD with certain cards

* 'drm-fixes-4.16' of git://people.freedesktop.org/~agd5f/linux: (35 commits)
  drm/amd/display: validate plane format on primary plane
  drm/amdgpu:Always save uvd vcpu_bo in VM Mode
  drm/amdgpu:Correct max uvd handles
  drm/amd/display: early return if not in vga mode in disable_vga
  drm/amd/display: Fix takover from VGA mode
  drm/amd/display: Fix memleaks when atomic check fails.
  drm/amd/display: Return success when enabling interrupt
  drm/amd/display: Use crtc enable/disable_vblank hooks
  drm/amd/display: update infoframe after dig fe is turned on
  drm/amd/display: fix boot-up on vega10
  drm/amd/display: fix cursor related Pstate hang
  drm/amd/display: Set irq state only on existing crtcs
  drm/amd/display: Fixed non-native modes not lighting up
  drm/amd/display: Call update_stream_signal directly from amdgpu_dm
  drm/amd/display: Make create_stream_for_sink more consistent
  drm/amd/display: Don't block dual-link DVI modes
  drm/amd/display: Don't allow dual-link DVI on all ASICs.
  drm/amd/display: Pass signal directly to enable_tmds_output
  drm/amd/display: Remove unnecessary fail labels in create_stream_for_sink
  drm/amd/display: Move MAX_TMDS_CLOCK define to header
  ...
2018-03-09 09:23:02 +10:00
Dave Airlie f5732e66a7 sun4i fixes on clk, division by zero and LVDS.
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJan8AiAAoJEEN0HIUfOBk0M3MP/RX26ihtgnSikYoJU1zdjs1w
 uX3ejVdgP24mhzN1iqBqKRJxnDNuOVlBn27qmcSFAW4ytUirq8Esx0FG5sQOyYZO
 kggvydpbrEQfa5jybcTrlS5nr8NXOfWaIQ33hCLzcsDttAnw/dEY0owhWGj4j5cO
 Nq1b4N85d0XC6XrbjGnqLz924qeS4JArOA9Ee/uBumNf0LsozpeYNKBeRf00KmQG
 V8ayzXLordcmQTm74Xm2LcSBH62c+tBeGNIiKlWI4U579AWopaWqPonIrAqItKrr
 rdRKkGBZ2nl3Am5fnSgiHmSdyMJrAhdwAlyZFWx0RkSTUQOUWSp+pRy6qM/Q2yC6
 PC7KK6ZIBXKjtXgEJtpx0JKZJIkU0m4aJ4IN6LGSh22U1RgjZLSWuIev1lthHWeY
 AsUNahpbUUxVI3X/IU3I7K70E5zk5JHmOPBBqD7CvWftJPEQqGwd9fU+wynM5o+9
 gjMxszhwnoUsdX22gL0E1X0Xvw/j5WE3KpTPFftu7dg+03ZXB6fSDoK/SDEwpXWX
 i8qbG7hRu7aZ4Gzp2376BVZq7EhzaPrNNfRPZtG6goXrhN2ZzRxSWceFD/XXVdzX
 8QAWEXituDYA/pXQVEzsC73tjv3fstkbU6FyPOuG1Q+Hjqgtp+/dCo1hRkfvz7YV
 +eP78iV0oUq3EqSh0OzI
 =tIwH
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2018-03-07' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

sun4i fixes on clk, division by zero and LVDS.

* tag 'drm-misc-fixes-2018-03-07' of git://anongit.freedesktop.org/drm/drm-misc:
  drm/sun4i: crtc: Call drm_crtc_vblank_on / drm_crtc_vblank_off
  drm/sun4i: rgb: Fix potential division by zero
  drm/sun4i: tcon: Reduce the scope of the LVDS error a bit
  drm/sun4i: Release exclusive clock lock when disabling TCON
  drm/sun4i: Fix dclk_set_phase
2018-03-09 09:22:44 +10:00
Dave Airlie aa87d62f7e - 2 fixes: 1 for perf and 1 execlist submission race.
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJaoA9cAAoJEPpiX2QO6xPKfI8H/1M+nPvIfaqZHpnBSvLhOZ95
 py3qBQ72HvAlWaChH0FBAaUkWO7g38buMoUQrXn2d5dwU+RSoRC6AsEQE/ZqntN4
 QMYMMqKx8Qnd4zkYcPx2mZD414uKHKYS7TvTK1HrslCexOteDjG7myQxURnrwM3u
 DvJJzr0FDo5zW6kgT2sA3VXv/Fvc2heExy5QodIoF4ajU/TcU7HqC4ZiMkaigZA6
 j4oWrEdf0jukWTLsgzikVwn6j0+HUapKQfHi1/OMn4cf5mTtDTTHqQVE4qjyRhuh
 oXnVZYWjIn4QL8mK9Ql5yJvjrsQLvxWT24FErPloz9ustl+t9A+6Zx4vPiibOUk=
 =Wni1
 -----END PGP SIGNATURE-----

Merge tag 'drm-intel-fixes-2018-03-07' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

- 2 fixes: 1 for perf and 1 execlist submission race.

* tag 'drm-intel-fixes-2018-03-07' of git://anongit.freedesktop.org/drm/drm-intel:
  drm/i915: Suspend submission tasklets around wedging
  drm/i915/perf: fix perf stream opening lock
2018-03-09 09:22:19 +10:00
Linus Torvalds e67548254b MIPS fixes for 4.16-rc5
A miscellaneous pile of MIPS fixes for 4.16:
  - Move put_compat_sigset() to evade hardened usercopy warnings (4.16)
  - Select ARCH_HAVE_PC_{SERIO,PARPORT} for Loongson64 platforms (4.16)
  - Fix kzalloc() failure handling in ath25 (3.19) and Octeon (4.0)
  - Fix disabling of IPIs during BMIPS suspend (3.19)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEd80NauSabkiESfLYbAtpk944dnoFAlqhPTwACgkQbAtpk944
 dnq+WA//UR0iGZWc+FlpSAKjvVMWecvjQx81RhoBsFL18TmhDp9dtAVrm+oDmlJB
 /WpnA+BZCM58oEeXYNZ4dc4k4nD9VQTrFksaFJkVKBNyuVEiZbv3u21v6NKbUYBw
 0S4J2YKkUWtLIPFi5aymzPWn1bajY/Q2wi/1REeTIdcVeghWQDd/iShjYpSnvpCY
 XGvZebJyzFVigX404Z7WFDNoO9GhsZwdOMe00nW536ph2LFyCE6U65VzwdmvVZkr
 95kpnfQAb5aYv1/2jFEhyoX2ddhHuCmT+TfJ5Db68dd3AXkV/pdOjcNMdPOhmlFB
 ebDlFw91XKoAT360M/JtQkamZt09Zzl+Ea7lJ7Me4N6JGmEcqIjrZc7tNTUKknnW
 2W8WhrDpuZ2x4x3jx0ckGSvFFYhtkcFqNTktTjMYOSwmSiyd1Txe2VPLSVHy3d3J
 SbE3ioqnbIq+LHiVEqtFxmmsqrfgrh36v+Mc3kihQCCybTji+dGH8GR3bF7ccLOW
 6rpENPPVlP6/A/UNeNfH4d6apjhVBLuo1qdo22KEDKz6o9OUI3UKTKUG9wGhzvho
 rV+2LaYgtn4qmYoqjxBp2NgxZRkuw5TdYOXQL0XQl8te2L7bWyGXqWazfhbwMLpT
 p6yZaMIzPJhpPbhsyh/gTjqqPFmf86lFQW6SXwsbOT1aZnK9tGs=
 =X1dj
 -----END PGP SIGNATURE-----

Merge tag 'mips_fixes_4.16_4' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips

Pull MIPS fixes from James Hogan:
 "A miscellaneous pile of MIPS fixes for 4.16:

   - move put_compat_sigset() to evade hardened usercopy warnings (4.16)

   - select ARCH_HAVE_PC_{SERIO,PARPORT} for Loongson64 platforms (4.16)

   - fix kzalloc() failure handling in ath25 (3.19) and Octeon (4.0)

   - fix disabling of IPIs during BMIPS suspend (3.19)"

* tag 'mips_fixes_4.16_4' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips:
  MIPS: BMIPS: Do not mask IPIs during suspend
  MIPS: Loongson64: Select ARCH_MIGHT_HAVE_PC_SERIO
  MIPS: Loongson64: Select ARCH_MIGHT_HAVE_PC_PARPORT
  signals: Move put_compat_sigset to compat.h to silence hardened usercopy
  MIPS: OCTEON: irq: Check for null return on kzalloc allocation
  MIPS: ath25: Check for kzalloc allocation failure
2018-03-08 10:03:12 -08:00
Linus Torvalds 98577c6aa2 Revert a problematic patch that constified something imporperly.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE6gYDF28Li+nEiKLaHwn1ewov5lgFAlqgyYIACgkQHwn1ewov
 5lieCw/7BjbXmRtZeFrhemLCCYXhXEts/CtWY9RvrIHz8ugLUJjGrxOqdAFcR1xw
 EiXyaVVzc/Gp3qNiqTHTUB3q04A8T4aOuhRZ95T0z3MJrz3wxZkJFVepUYs2ffbO
 HbvOxXIz6lni01RmFtb/owv5w7jZcuSjyBYtepKO+e0ktW7Szq1QVD/jTVqCJOj0
 0aPQH7FFEZM8ZANobYoQ6X6zvGDob+KKrv35qZj+pQpeMhAkjQlc5FGwifNSetMq
 TCUUof6MN678v7a4P3uuSDtbYLYIsay1gM32KRNroVavyqk2D+X9xvtbQkVxRc6b
 43wRQdFi69qz8sAoKuerZvrSUo0P740zXlj3qNZVNe1HjdPhPdXnP/z5Ylp2QWRX
 AImtqHd57iMUMz981RhdAIZ2y9P248B9hCxP40xNMImPcJAWdCJlTvLhl1tRg0ta
 sivKuREXOvYMmvEWnbYpj3hJYmfd6R6EQ4xKlexYf35QASMZMQcYm+8+5t5qZhde
 Ew+uhyIR8IlaJgvBrcwevFL3KJMI8OSpjSrNJfBg6rf/vRo3e4Vb1xnciChOWx0p
 Zvwb+nU5WBY/8CnUtCztCz5RxUJ4+IWzK282b9j8BrwrSMEfdMiRq1sgZefirbgT
 T1xpbLtq8VcykTCwBMc0BfexbyvCkekD09MIlHShqrWrobVvbPM=
 =L80Q
 -----END PGP SIGNATURE-----

Merge tag 'chrome-platform-4.16-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform

Pull chrome platform fix from Benson Leung:
 "Revert a problematic patch that constified something imporperly"

* tag 'chrome-platform-4.16-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform:
  Revert "platform/chrome: chromeos_laptop: make chromeos_laptop const"
2018-03-08 10:00:47 -08:00
James Smart d157e5343c nvme_fc: rework sqsize handling
Corrected four outstanding issues in the transport around sqsize.

1: Create Connection LS is sending the 1's-based sqsize, should be
sending the 0's-based value.

2: allocation of hw queue is using the 0's-base size. It should be
using the 1's-based value.

3: normalization of ctrl.sqsize by MQES is using MQES+1 (1's-based
value). It should be MQES (0's-based value).

4: Missing clause to ensure queue_count not larger than ctrl->sqsize.

Corrected by:
Clean up routines that pass queue size around. The queue size value is
the actual count (1's-based) value and determined from ctrl->sqsize + 1.

Routines that send 0's-based value adapt from queue size.

Sset ctrl->sqsize properly for MQES.

Added clause to nsure queue_count not larger than ctrl->sqsize + 1.

Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <keith.busch@intel.com>
2018-03-08 10:39:58 -07:00
Dennis Wassenberg 099fd6ca0a ALSA: hda: add dock and led support for HP ProBook 640 G2
This patch adds missing initialisation for HP 2013 UltraSlim Dock
Line-In/Out PINs and activates keyboard mute/micmute leds
for HP ProBook 640 G2

Signed-off-by: Dennis Wassenberg <dennis.wassenberg@secunet.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-08 17:37:10 +01:00
Dennis Wassenberg aea8081720 ALSA: hda: add dock and led support for HP EliteBook 820 G3
This patch adds missing initialisation for HP 2013 UltraSlim Dock
Line-In/Out PINs and activates keyboard mute/micmute leds
for HP EliteBook 820 G3

Signed-off-by: Dennis Wassenberg <dennis.wassenberg@secunet.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-08 17:36:51 +01:00
Jens Axboe 9296080a18 Merge branch 'stable/for-jens-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen into for-linus
Pull a xen_blkfront fix from Konrad:

"It has one simple fix for the multi-queue support not showing up after
a block device was detached/re-attached."

* 'stable/for-jens-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  xen-blkfront: move negotiate_mq to cover all cases of new VBDs
2018-03-08 09:24:52 -07:00
Roland Dreier 0475821e22 nvme-fabrics: Ignore nr_io_queues option for discovery controllers
This removes a dependency on the order options are passed when creating
a fabrics controller.  With the old code, if "nr_io_queues" appears before
an "nqn" option specifying the discovery controller, then nr_io_queues
is overridden with zero.  If "nr_io_queues" appears after specifying the
discovery controller, then the nr_io_queues option is used to set the
number of queues, and the driver attempts to establish IO connections
to the discovery controller (which doesn't work).

It seems better to ignore (and warn about) the "nr_io_queues" option
if userspace has already asked to connect to the discovery controller.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Reviewed-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <keith.busch@intel.com>
2018-03-08 09:19:17 -07:00
James Hogan 55fe6da9ef kbuild: Handle builtin dtb file names containing hyphens
cmd_dt_S_dtb constructs the assembly source to incorporate a devicetree
FDT (that is, the .dtb file) as binary data in the kernel image. This
assembly source contains labels before and after the binary data. The
label names incorporate the file name of the corresponding .dtb file.
Hyphens are not legal characters in labels, so .dtb files built into the
kernel with hyphens in the file name result in errors like the
following:

bcm3368-netgear-cvg834g.dtb.S: Assembler messages:
bcm3368-netgear-cvg834g.dtb.S:5: Error: : no such section
bcm3368-netgear-cvg834g.dtb.S:5: Error: junk at end of line, first unrecognized character is `-'
bcm3368-netgear-cvg834g.dtb.S:6: Error: unrecognized opcode `__dtb_bcm3368-netgear-cvg834g_begin:'
bcm3368-netgear-cvg834g.dtb.S:8: Error: unrecognized opcode `__dtb_bcm3368-netgear-cvg834g_end:'
bcm3368-netgear-cvg834g.dtb.S:9: Error: : no such section
bcm3368-netgear-cvg834g.dtb.S:9: Error: junk at end of line, first unrecognized character is `-'

Fix this by updating cmd_dt_S_dtb to transform all hyphens from the file
name to underscores when constructing the labels.

As of v4.16-rc2, 1139 .dts files across ARM64, ARM, MIPS and PowerPC
contain hyphens in their names, but the issue only currently manifests
on Broadcom MIPS platforms, as that is the only place where such files
are built into the kernel. For example when CONFIG_DT_NETGEAR_CVG834G=y,
or on BMIPS kernels when the dtbs target is used (in the latter case it
admittedly shouldn't really build all the dtb.o files, but thats a
separate issue).

Fixes: 695835511f ("MIPS: BMIPS: rename bcm96358nb4ser to bcm6358-neufbox4-sercom")
Signed-off-by: James Hogan <jhogan@kernel.org>
Reviewed-by: Frank Rowand <frowand.list@gmail.com>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Kevin Cernekee <cernekee@gmail.com>
Cc: <stable@vger.kernel.org> # 4.9+
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-03-09 01:14:38 +09:00
Matteo Croce 61fc470814 scripts/bloat-o-meter: fix typos in help
The bloat-o-meter script has two typos in the help, fix both.

Fixes: 192efb7a1f ("bloat-o-meter: provide 3 different arguments for data, function and All")
Signed-off-by: Matteo Croce <mcroce@redhat.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-03-09 01:12:31 +09:00
Seunghun Han b3b7c4795c x86/MCE: Serialize sysfs changes
The check_interval file in

  /sys/devices/system/machinecheck/machinecheck<cpu number>

directory is a global timer value for MCE polling. If it is changed by one
CPU, mce_restart() broadcasts the event to other CPUs to delete and restart
the MCE polling timer and __mcheck_cpu_init_timer() reinitializes the
mce_timer variable.

If more than one CPU writes a specific value to the check_interval file
concurrently, mce_timer is not protected from such concurrent accesses and
all kinds of explosions happen. Since only root can write to those sysfs
variables, the issue is not a big deal security-wise.

However, concurrent writes to these configuration variables is void of
reason so the proper thing to do is to serialize the access with a mutex.

Boris:

 - Make store_int_with_restart() use device_store_ulong() to filter out
   negative intervals
 - Limit min interval to 1 second
 - Correct locking
 - Massage commit message

Signed-off-by: Seunghun Han <kkamagui@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20180302202706.9434-1-kkamagui@gmail.com
2018-03-08 15:36:27 +01:00
Tony Luck fa94d0c6e0 x86/MCE: Save microcode revision in machine check records
Updating microcode used to be relatively rare. Now that it has become
more common we should save the microcode version in a machine check
record to make sure that those people looking at the error have this
important information bundled with the rest of the logged information.

[ Borislav: Simplify a bit. ]

Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Yazen Ghannam <yazen.ghannam@amd.com>
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20180301233449.24311-1-tony.luck@intel.com
2018-03-08 15:34:49 +01:00
Arvind Yadav 351b2bcced xen: xenbus: use put_device() instead of kfree()
Never directly free @dev after calling device_register(), even
if it returned an error! Always use put_device() to give up the
reference initialized.

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
2018-03-08 15:30:30 +01:00
Dennis Wassenberg e4c07b3b66 ALSA: hda/realtek - Make dock sound work on ThinkPad L570
One version of Lenovo Thinkpad T570 did not use ALC298
(like other Kaby Lake devices). Instead it uses ALC292.
In order to make the Lenovo dock working with that codec
the dock quirk for ALC292 will be used.

Signed-off-by: Dennis Wassenberg <dennis.wassenberg@secunet.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-08 14:22:34 +01:00
Seunghun Han c5b679f5c9 x86/pti: Fix a comment typo
s/visinble/visible/

Signed-off-by: Seunghun Han <kkamagui@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/1520397135-132809-1-git-send-email-kkamagui@gmail.com
2018-03-08 12:33:21 +01:00
Takashi Iwai 85d59b57be ALSA: seq: Remove superfluous snd_seq_queue_client_leave_cells() call
With the previous two fixes for the write / ioctl races:
  ALSA: seq: Don't allow resizing pool in use
  ALSA: seq: More protection for concurrent write and ioctl races
the cells aren't any longer in queues at the point calling
snd_seq_pool_done() in snd_seq_ioctl_set_client_pool().  Hence the
function call snd_seq_queue_client_leave_cells() can be dropped safely
from there.

Suggested-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-08 12:06:07 +01:00
Takashi Iwai 7bd8009156 ALSA: seq: More protection for concurrent write and ioctl races
This patch is an attempt for further hardening against races between
the concurrent write and ioctls.  The previous fix d15d662e89
("ALSA: seq: Fix racy pool initializations") covered the race of the
pool initialization at writer and the pool resize ioctl by the
client->ioctl_mutex (CVE-2018-1000004).  However, basically this mutex
should be applied more widely to the whole write operation for
avoiding the unexpected pool operations by another thread.

The only change outside snd_seq_write() is the additional mutex
argument to helper functions, so that we can unlock / relock the given
mutex temporarily during schedule() call for blocking write.

Fixes: d15d662e89 ("ALSA: seq: Fix racy pool initializations")
Reported-by: 范龙飞 <long7573@126.com>
Reported-by: Nicolai Stange <nstange@suse.de>
Reviewed-and-tested-by: Nicolai Stange <nstange@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-08 12:05:37 +01:00
Ashok Raj a5321aec64 x86/microcode: Synchronize late microcode loading
Original idea by Ashok, completely rewritten by Borislav.

Before you read any further: the early loading method is still the
preferred one and you should always do that. The following patch is
improving the late loading mechanism for long running jobs and cloud use
cases.

Gather all cores and serialize the microcode update on them by doing it
one-by-one to make the late update process as reliable as possible and
avoid potential issues caused by the microcode update.

[ Borislav: Rewrite completely. ]

Co-developed-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Tested-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Arjan Van De Ven <arjan.van.de.ven@intel.com>
Link: https://lkml.kernel.org/r/20180228102846.13447-8-bp@alien8.de
2018-03-08 10:19:26 +01:00
Borislav Petkov cfb52a5a09 x86/microcode: Request microcode on the BSP
... so that any newer version can land in the cache and can later be
fished out by the application functions. Do that before grabbing the
hotplug lock.

Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Tested-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Arjan Van De Ven <arjan.van.de.ven@intel.com>
Link: https://lkml.kernel.org/r/20180228102846.13447-7-bp@alien8.de
2018-03-08 10:19:26 +01:00
Borislav Petkov d8c3b52c00 x86/microcode/intel: Look into the patch cache first
The cache might contain a newer patch - look in there first.

A follow-on change will make sure newest patches are loaded into the
cache of microcode patches.

Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Tested-by: Ashok Raj <ashok.raj@intel.com>
Cc: Arjan Van De Ven <arjan.van.de.ven@intel.com>
Link: https://lkml.kernel.org/r/20180228102846.13447-6-bp@alien8.de
2018-03-08 10:19:26 +01:00