Commit Graph

768022 Commits

Author SHA1 Message Date
Peter Zijlstra 6cbc304f2f perf/x86/intel: Fix unwind errors from PEBS entries (mk-II)
Vince reported the perf_fuzzer giving various unwinder warnings and
Josh reported:

> Deja vu.  Most of these are related to perf PEBS, similar to the
> following issue:
>
>   b8000586c9 ("perf/x86/intel: Cure bogus unwind from PEBS entries")
>
> This is basically the ORC version of that.  setup_pebs_sample_data() is
> assembling a franken-pt_regs which ORC isn't happy about.  RIP is
> inconsistent with some of the other registers (like RSP and RBP).

And where the previous unwinder only needed BP,SP ORC also requires
IP. But we cannot spoof IP because then the sample will get displaced,
entirely negating the point of PEBS.

So cure the whole thing differently by doing the unwind early; this
does however require a means to communicate we did the unwind early.
We (ab)use an unused sample_type bit for this, which we set on events
that fill out the data->callchain before the normal
perf_prepare_sample().

Debugged-by: Josh Poimboeuf <jpoimboe@redhat.com>
Reported-by: Vince Weaver <vincent.weaver@maine.edu>
Tested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Tested-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-07-25 11:46:21 +02:00
Ananth N Mavinakayanahalli 4799f6856f MAINTAINERS: Add Naveen N. Rao as kprobes co-maintainer
Naveen has been contributing consistently reviewing and hardening
kprobes for some time now. I have not been able to do the same due
to other commitments.

Signed-off-by: Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>
Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: akpm@linux-foundation.org
Cc: mhiramat@kernel.org
Link: http://lkml.kernel.org/r/153180735790.1914.15547706781664285286.stgit@thinktux
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-07-24 17:01:28 +02:00
Thomas Gleixner d2753e6b48 perf/x86/amd/ibs: Don't access non-started event
Paul Menzel reported the following bug:

> Enabling the undefined behavior sanitizer and building GNU/Linux 4.18-rc5+
> (with some unrelated commits) with GCC 8.1.0 from Debian Sid/unstable, the
> warning below is shown.
>
> > [    2.111913]
> > ================================================================================
> > [    2.111917] UBSAN: Undefined behaviour in arch/x86/events/amd/ibs.c:582:24
> > [    2.111919] member access within null pointer of type 'struct perf_event'
> > [    2.111926] CPU: 0 PID: 144 Comm: udevadm Not tainted 4.18.0-rc5-00316-g4864b68cedf2 #104
> > [    2.111928] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970
> > [    2.111930] Call Trace:
> > [    2.111943]  dump_stack+0x55/0x89
> > [    2.111949]  ubsan_epilogue+0xb/0x33
> > [    2.111953]  handle_null_ptr_deref+0x7f/0x90
> > [    2.111958]  __ubsan_handle_type_mismatch_v1+0x55/0x60
> > [    2.111964]  perf_ibs_handle_irq+0x596/0x620

The code dereferences event before checking the STARTED bit. Patch
below should cure the issue.

The warning should not trigger, if I analyzed the thing correctly.
(And Paul's testing confirms this.)

Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Tested-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul Menzel <pmenzel+linux-x86@molgen.mpg.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Link: http://lkml.kernel.org/r/alpine.DEB.2.21.1807200958390.1580@nanos.tec.linutronix.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-07-24 09:51:10 +02:00
Linus Torvalds d72e90f33a Linux 4.18-rc6 2018-07-22 14:12:20 -07:00
Linus Torvalds 7441308421 NVMe fixes for 4.18-rc6:
- fix a regression in 4.18 that causes a memory leak on probe failure
    (Keith Bush)
  - fix a deadlock in the passthrough ioctl code (Scott Bauer)
  - don't enable AENs if not supported (Weiping Zhang)
  - fix an old regression in metadata handling in the passthrough ioctl
    code (Roland Dreier)
 -----BEGIN PGP SIGNATURE-----
 
 iQI/BAABCgApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAltUe8YLHGhjaEBsc3Qu
 ZGUACgkQD55TZVIEUYM6TQ//UDrKbhnW6x2Vl7wfSyPjG1lADDXjLrIPoy2+WJNN
 ylgRl0Ezv7bXvj9gdwkDcgeoN0ua6gf88vjrwgem27BySPNeDMWYaaaAbwUaHxJd
 rsW/ogaB3gHrgn0MWn7OPb/WT2bQtoq55ivBP9A1ExRAdZ6RjM8qQc/7dkPFCaLf
 XxUE1+udgFVp5a7nbFb6TRdaZmxzYgkDU1PTgERD8RTmBes7K5uOQtO5whFVHU7b
 tveIXLmybgpB0BDN8R9x1uHRtjRmIdgSrJ6H+ps5cc+LB/wHTWvRd/hdlC++Ug8u
 k3+ifvsOLDdTz0xFW+0256edCyStQvVQYog7EcjxHL2GViSyxUayJWKE3XVI7DFW
 tClP6IW39XqTbYs0LGJmv1POufiQUUD3I6xHgE3R3Yb5CyE4EKrNnBkAK4F2pX6n
 Y9rgSY3cjswi/qn9vKZr2DVkEl1oqGiFVBV6PxMZwIHnIoJfZQ4ZwsPgEaeridil
 +GjyF6j2mI5DtrJ9rN8UYENDVioqb1r+1TXt9k/t4bmaK4IWms2+/w9YHfH+4hUr
 M64CkvQa7/wHhE3oIEzgOWLDhvksNyyZQHR6BkMGlwGg7xvO2FuQZlong6MlTVyc
 bgVNPf71X705xuYfXOHCxkSvviWAJlJtsB7r+R6ez6ikngagt2VOK+yPeSesRnux
 kCo=
 =PvXH
 -----END PGP SIGNATURE-----

Merge tag 'nvme-for-4.18' of git://git.infradead.org/nvme

Pull NVMe fixes from Christoph Hellwig:

 - fix a regression in 4.18 that causes a memory leak on probe failure
   (Keith Bush)

 - fix a deadlock in the passthrough ioctl code (Scott Bauer)

 - don't enable AENs if not supported (Weiping Zhang)

 - fix an old regression in metadata handling in the passthrough ioctl
   code (Roland Dreier)

* tag 'nvme-for-4.18' of git://git.infradead.org/nvme:
  nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD
  nvme: don't enable AEN if not supported
  nvme: ensure forward progress during Admin passthru
  nvme-pci: fix memory leak on probe failure
2018-07-22 13:21:45 -07:00
Linus Torvalds 165ea0d1c2 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
 "Fix several places that screw up cleanups after failures halfway
  through opening a file (one open-coding filp_clone_open() and getting
  it wrong, two misusing alloc_file()). That part is -stable fodder from
  the 'work.open' branch.

  And Christoph's regression fix for uapi breakage in aio series;
  include/uapi/linux/aio_abi.h shouldn't be pulling in the kernel
  definition of sigset_t, the reason for doing so in the first place had
  been bogus - there's no need to expose struct __aio_sigset in
  aio_abi.h at all"

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  aio: don't expose __aio_sigset in uapi
  ocxlflash_getfile(): fix double-iput() on alloc_file() failures
  cxl_getfile(): fix double-iput() on alloc_file() failures
  drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open()
2018-07-22 12:04:51 -07:00
Al Viro f88a333b44 alpha: fix osf_wait4() breakage
kernel_wait4() expects a userland address for status - it's only
rusage that goes as a kernel one (and needs a copyout afterwards)

[ Also, fix the prototype of kernel_wait4() to have that __user
  annotation   - Linus ]

Fixes: 92ebce5ac5 ("osf_wait4: switch to kernel_wait4()")
Cc: stable@kernel.org # v4.13+
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-22 11:51:30 -07:00
Linus Torvalds 45ae4df922 ARM: SoC fixes for 4.18-rc
- Fix interrupt type on ethernet switch for i.MX-based RDU2
  - GPC on i.MX exposed too large a register window which resulted in
    userspace being able to crash the machine.
  - Fixup of bad merge resolution moving GPIO DT nodes under pinctrl
    on droid4.
 -----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCAAtFiEElf+HevZ4QCAJmMQ+jBrnPN6EHHcFAltToboPHG9sb2ZAbGl4
 b20ubmV0AAoJEIwa5zzehBx3gP4P/3Mntu351wZpaczDQZFQxSvxnmT2Ocr9YKFR
 u5UOoE1hTCxOHcrZO7C/EbIKaqD1QhpxMPevcqpOid0glAiEj6D0c0qewAML2vwH
 gGENHX5z5phwrK7RDJZhBiH2jKCg8ttOn0QSoHxGGZNSPAL2nimMwD0IbiqTI5dx
 SkqecCPBwmizpfltdOCRRhN9RCiIvzcqoyLz0HjZ/sff1Y+t3U+alq227rZkQOki
 bj9uD+XkKYZzgiECd6HfMtPHUSUusSXcpF/TyfdnHeyHpF1E3InPVC7dbTASFnxb
 C6zrX99c2Fu11TV7Kkkn1LTwA0rRuXQmSV7ZWZMOqQBrONqGpy0CPIY+LA1xYGCd
 8VtgP7qj0m7XKkPyEriwNDSKKE+c7cCYn9VpR6Kg5xmw0DUCTohMQmeZRo2sMylT
 UlYMjNKQ53IuPullwRaJVM63kA3CuFo3fyStg18SYcx2lRFO8lcGJYqjqd91KkDF
 ZW/tG9V6v7lz/3J3XUOFTJNWwi1CUKEIMM3ObtfDAZToyS1zbe5kX+kiTcUnvGty
 wv3aWCknQnru++vYhtIYLsqwu/NwoJLTWppEmX4YxoV8fW4Yw95e3zjwzWn7rczQ
 dNv7b4Hz/gpDZk7o3dpBpajTCzhh549bDfY9yxBpkd+otUKvgjKkKvsiqCkFV+j7
 dcs5FMT5
 =VFnX
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:

 - Fix interrupt type on ethernet switch for i.MX-based RDU2

 - GPC on i.MX exposed too large a register window which resulted in
   userspace being able to crash the machine.

 - Fixup of bad merge resolution moving GPIO DT nodes under pinctrl on
   droid4.

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch
  soc: imx: gpc: restrict register range for regmap access
  ARM: dts: omap4-droid4: fix dts w.r.t. pwm
2018-07-21 17:27:42 -07:00
Linus Torvalds ef81e63e17 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fix from Ingo Molnar:
 "A single fix for a MCE-polling regression, which prevented the
  disabling of polling"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/MCE: Remove min interval polling limitation
2018-07-21 17:25:49 -07:00
Linus Torvalds 43227e098c Merge branch 'x86-pti-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 pti fixes from Ingo Molnar:
 "An APM fix, and a BTS hardware-tracing fix related to PTI changes"

* 'x86-pti-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/apm: Don't access __preempt_count with zeroed fs
  x86/events/intel/ds: Fix bts_interrupt_threshold alignment
2018-07-21 17:23:58 -07:00
Linus Torvalds 48b1db7c7a Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
 "Two fixes: a stop-machine preemption fix and a SCHED_DEADLINE fix"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/deadline: Fix switched_from_dl() warning
  stop_machine: Disable preemption when waking two stopper threads
2018-07-21 17:21:34 -07:00
Linus Torvalds ea75a2c715 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull core kernel fixes from Ingo Molnar:
 "This is mostly the copy_to_user_mcsafe() related fixes from Dan
  Williams, and an ORC fix for Clang"

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling
  lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe()
  lib/iov_iter: Document _copy_to_iter_flushcache()
  lib/iov_iter: Document _copy_to_iter_mcsafe()
  objtool: Use '.strtab' if '.shstrtab' doesn't exist, to support ORC tables on Clang
2018-07-21 16:52:08 -07:00
Linus Torvalds ffb48e7924 powerpc fixes for 4.18 #4
Two regression fixes, one for xmon disassembly formatting and the other to fix
 the E500 build.
 
 Two commits to fix a potential security issue in the VFIO code under obscure
 circumstances.
 
 And finally a fix to the Power9 idle code to restore SPRG3, which is user
 visible and used for sched_getcpu().
 
 Thanks to:
   Alexey Kardashevskiy, David Gibson. Gautham R. Shenoy, James Clarke.
 -----BEGIN PGP SIGNATURE-----
 
 iQIwBAABCAAaBQJbUrFqExxtcGVAZWxsZXJtYW4uaWQuYXUACgkQUevqPMjhpYCW
 mQ//eYpaYIkEthXH0uHUN2wpWZlhbg0wUtjclsT5RUonDwMC2PM9BUuLk61RtIlD
 jbi39GrUISHf13U1Ydhb3e1I5B+TpDe6hgb/dGUMAXPe6rt+jFREogZR+vgIU0ep
 Q8ta1GIgbI6La0zXn5o3apUtqR7bAQ3cWD2T8vN4tQmAQZPw1fV13cZZ2kFs5JFO
 aYX8pD76wkAUz8Im+bweziRSRYdAIi8Oxt1Cdyg9Oti5y4fp4LuQKa/qbfkswkkk
 2ycG3TWr4Ln8RM/GaUPW1UPh1Zd8b6et7vUnhxO1g/JdEXlnm9A+DifJFrUk/+y8
 DsyofdXUj+u+LXX/H8uqqse7ysfvkC53R15Jo8irISsIgYZcv4yKsZKGJR27wHGV
 h9KBDA0ZK+czU2jK4gZAdMTs1IICgXGUVIL+nI8U1sRBep3CI3HguqBVoC/MGes3
 WR2+8i2diL1m2jAHR5Nd3+ArBpI876ZalhDmM1Mv3GRUAvjo9nsehk32/nfBDYUM
 nPQd1vi3F6w1MSlj7aqA3quTeGANwlnOcdC4QB++tz7oO1sY6ZYZtii3jsGSluXL
 vP/Mxvz2AG3v9KPCDQJqzx0n3vMAmGphetddxYl1X1dSwbwLNx0GggKNe0xw6sjp
 6lbin0w/Ot79VoSEncuRdm1hrtIktwubsH5CGB7Gxke5Kgk=
 =Sfmf
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 "Two regression fixes, one for xmon disassembly formatting and the
  other to fix the E500 build.

  Two commits to fix a potential security issue in the VFIO code under
  obscure circumstances.

  And finally a fix to the Power9 idle code to restore SPRG3, which is
  user visible and used for sched_getcpu().

  Thanks to: Alexey Kardashevskiy, David Gibson. Gautham R. Shenoy,
  James Clarke"

* tag 'powerpc-4.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle)
  powerpc/Makefile: Assemble with -me500 when building for E500
  KVM: PPC: Check if IOMMU page is contained in the pinned physical page
  vfio/spapr: Use IOMMU pageshift rather than pagesize
  powerpc/xmon: Fix disassembly since printf changes
2018-07-21 16:46:53 -07:00
Linus Torvalds 55b636b419 for-4.18-rc5-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAltSwkIACgkQxWXV+ddt
 WDtMBQ//UXMjHaXvFmC0SM6NczuYQR51hLYtJFIKig93XK5goVpUBTNbxO7LX/Tn
 4zKoKyVhkW1884V6mRiC+G23QLbo0BQZA7DExfyJ3jylQdjZMBm+K+r19OtGQf5v
 CII7oUwni03KIiXIqiFAL5dLWebVQpG5EKJbh8GLZsmg6xNcyVaUqZ/fHXajbZiv
 ldEBtHBKIv7WWTJmylMBKMWnRz+jqU91fXPahoU6R5qivODrLt1o/PMuSjVNhaxe
 iDldHfdOaiQmLHB/1kOGyv492oW5mSSVNDE8LjEDZ61tDNlAcUyuKUWIRBxDEDtD
 6D7rlVQXJ/N7sJ6+UYmJKsRpHL+NOkyzSZ0QEU/sm1Xpm8gkhHuuofRPrVCtd3l1
 ZSbwvlrdyjigVEBfM3IbToQ/K6Rc1ZGId20OAs9PCQbb+mj9IxPIncZ7pI1c4hlh
 pPEjcYsp14JbCTjctFalcqTiFY5tHRQsx+GUFnDyOcdL7Mi+CoH+0Jy61Vgz9GQE
 7s934cfEC0ot/f66kAL/PZzxUfC7TePqaa+sDfS5BIkJ4M6lPMxS5De5R4Z0+Nzr
 DXgQAlgXmxfRjpOYMTH9D0EDdSeJaNmVHgk7hFbiYk/KX3oyd4NmgI9Cfao8rQJv
 2yd8wF2httfSJKD4b/Hv9r6Ho/Bw9PK59BvWOKYhSj6IGl32utw=
 =f7eB
 -----END PGP SIGNATURE-----

Merge tag 'for-4.18-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fix from David Sterba:
 "A fix of a corruption regarding fsync and clone, under some very
  specific conditions explained in the patch.

  The fix is marked for stable 3.16+ so I'd like to get it merged now
  given the impact"

* tag 'for-4.18-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  Btrfs: fix file data corruption after cloning a range and fsync
2018-07-21 16:42:03 -07:00
Linus Torvalds 490fc05386 mm: make vm_area_alloc() initialize core fields
Like vm_area_dup(), it initializes the anon_vma_chain head, and the
basic mm pointer.

The rest of the fields end up being different for different users,
although the plan is to also initialize the 'vm_ops' field to a dummy
entry.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-21 15:24:03 -07:00
Linus Torvalds 95faf6992d mm: make vm_area_dup() actually copy the old vma data
.. and re-initialize th eanon_vma_chain head.

This removes some boiler-plate from the users, and also makes it clear
why it didn't need use the 'zalloc()' version.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-21 14:48:45 -07:00
Linus Torvalds 3928d4f5ee mm: use helper functions for allocating and freeing vm_area structs
The vm_area_struct is one of the most fundamental memory management
objects, but the management of it is entirely open-coded evertwhere,
ranging from allocation and freeing (using kmem_cache_[z]alloc and
kmem_cache_free) to initializing all the fields.

We want to unify this in order to end up having some unified
initialization of the vmas, and the first step to this is to at least
have basic allocation functions.

Right now those functions are literally just wrappers around the
kmem_cache_*() calls.  This is a purely mechanical conversion:

    # new vma:
    kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL) -> vm_area_alloc()

    # copy old vma
    kmem_cache_alloc(vm_area_cachep, GFP_KERNEL) -> vm_area_dup(old)

    # free vma
    kmem_cache_free(vm_area_cachep, vma) -> vm_area_free(vma)

to the point where the old vma passed in to the vm_area_dup() function
isn't even used yet (because I've left all the old manual initialization
alone).

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-21 13:48:51 -07:00
Linus Torvalds 191a3afa98 Merge branch 'akpm' (patches from Andrew)
Merge fixes from Andrew Morton:
 "5 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  mm: memcg: fix use after free in mem_cgroup_iter()
  mm/huge_memory.c: fix data loss when splitting a file pmd
  fat: fix memory allocation failure handling of match_strdup()
  MAINTAINERS: Peter has moved
  mm/memblock: add missing include <linux/bootmem.h>
2018-07-21 13:14:17 -07:00
Jing Xia 9f15bde671 mm: memcg: fix use after free in mem_cgroup_iter()
It was reported that a kernel crash happened in mem_cgroup_iter(), which
can be triggered if the legacy cgroup-v1 non-hierarchical mode is used.

Unable to handle kernel paging request at virtual address 6b6b6b6b6b6b8f
......
Call trace:
  mem_cgroup_iter+0x2e0/0x6d4
  shrink_zone+0x8c/0x324
  balance_pgdat+0x450/0x640
  kswapd+0x130/0x4b8
  kthread+0xe8/0xfc
  ret_from_fork+0x10/0x20

  mem_cgroup_iter():
      ......
      if (css_tryget(css))    <-- crash here
	    break;
      ......

The crashing reason is that mem_cgroup_iter() uses the memcg object whose
pointer is stored in iter->position, which has been freed before and
filled with POISON_FREE(0x6b).

And the root cause of the use-after-free issue is that
invalidate_reclaim_iterators() fails to reset the value of iter->position
to NULL when the css of the memcg is released in non- hierarchical mode.

Link: http://lkml.kernel.org/r/1531994807-25639-1-git-send-email-jing.xia@unisoc.com
Fixes: 6df38689e0 ("mm: memcontrol: fix possible memcg leak due to interrupted reclaim")
Signed-off-by: Jing Xia <jing.xia.mail@gmail.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: <chunyan.zhang@unisoc.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-21 12:50:46 -07:00
Hugh Dickins e1f1b1572e mm/huge_memory.c: fix data loss when splitting a file pmd
__split_huge_pmd_locked() must check if the cleared huge pmd was dirty,
and propagate that to PageDirty: otherwise, data may be lost when a huge
tmpfs page is modified then split then reclaimed.

How has this taken so long to be noticed?  Because there was no problem
when the huge page is written by a write system call (shmem_write_end()
calls set_page_dirty()), nor when the page is allocated for a write fault
(fault_dirty_shared_page() calls set_page_dirty()); but when allocated for
a read fault (which MAP_POPULATE simulates), no set_page_dirty().

Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1807111741430.1106@eggly.anvils
Fixes: d21b9e57c7 ("thp: handle file pages in split_huge_pmd()")
Signed-off-by: Hugh Dickins <hughd@google.com>
Reported-by: Ashwin Chaugule <ashwinch@google.com>
Reviewed-by: Yang Shi <yang.shi@linux.alibaba.com>
Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: "Huang, Ying" <ying.huang@intel.com>
Cc: <stable@vger.kernel.org>	[4.8+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-21 12:50:46 -07:00
OGAWA Hirofumi 35033ab988 fat: fix memory allocation failure handling of match_strdup()
In parse_options(), if match_strdup() failed, parse_options() leaves
opts->iocharset in unexpected state (i.e.  still pointing the freed
string).  And this can be the cause of double free.

To fix, this initialize opts->iocharset always when freeing.

Link: http://lkml.kernel.org/r/8736wp9dzc.fsf@mail.parknet.co.jp
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Reported-by: syzbot+90b8e10515ae88228a92@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-21 12:50:46 -07:00
Peter Senna Tschudin 5a6964944c MAINTAINERS: Peter has moved
Update my E-mail address in the MAINTAINERS file.

Link: http://lkml.kernel.org/r/20180710144702.1308-1-peter.senna@gmail.com
Signed-off-by: Peter Senna Tschudin <peter.senna@gmail.com>
Reviewed-by: Sebastian Reichel <sebastian.reichel@collabora.co.uk>
Acked-by: Martyn Welch <martyn.welch@collabora.co.uk>
Cc: David S. Miller <davem@davemloft.net>
Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Martin Donnelly <martin.donnelly@ge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-21 12:50:46 -07:00
Mathieu Malaterre 1937367205 mm/memblock: add missing include <linux/bootmem.h>
Commit 26f09e9b3a ("mm/memblock: add memblock memory allocation apis")
introduced two new function definitions:

  memblock_virt_alloc_try_nid_nopanic()
  memblock_virt_alloc_try_nid()

and commit ea1f5f3712 ("mm: define memblock_virt_alloc_try_nid_raw")
introduced the following function definition:

  memblock_virt_alloc_try_nid_raw()

This commit adds an include of header file <linux/bootmem.h> to provide
the missing function prototypes.  This silences the following gcc warning
(W=1):

  mm/memblock.c:1334:15: warning: no previous prototype for `memblock_virt_alloc_try_nid_raw' [-Wmissing-prototypes]
  mm/memblock.c:1371:15: warning: no previous prototype for `memblock_virt_alloc_try_nid_nopanic' [-Wmissing-prototypes]
  mm/memblock.c:1407:15: warning: no previous prototype for `memblock_virt_alloc_try_nid' [-Wmissing-prototypes]

Also adds #ifdef blockers to prevent compilation failure on mips/ia64
where CONFIG_NO_BOOTMEM=n as could be seen in commit commit 6cc22dc08a
("revert "mm/memblock: add missing include <linux/bootmem.h>"").

Because Makefile already does:

  obj-$(CONFIG_HAVE_MEMBLOCK) += memblock.o

The #ifdef has been simplified from:

  #if defined(CONFIG_HAVE_MEMBLOCK) && defined(CONFIG_NO_BOOTMEM)

to simply:

  #if defined(CONFIG_NO_BOOTMEM)

Link: http://lkml.kernel.org/r/20180626184422.24974-1-malat@debian.org
Signed-off-by: Mathieu Malaterre <malat@debian.org>
Suggested-by: Tony Luck <tony.luck@intel.com>
Suggested-by: Michal Hocko <mhocko@kernel.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-21 12:50:46 -07:00
Linus Torvalds 48e5aee81f VFIO fixes for v4.18
- Harden potential Spectre v1 issue (Gustavo A. R. Silva)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJbUkZ6AAoJECObm247sIsiykUP/0W1R4NGUDqxUfNorCoDO7l1
 Z7zuYogIar8M2gUI4/Bwgc0XTUnp2fG9oYtRxxMO+ShPLnFpLXe5tXUYX/T/iwlL
 1/rmlb8oEmHiXdre151V4wXgqgvCbzGx7e+Gp0KBnUxS+QLCFFDef0o/2iSyj4vA
 qisOwW6jD8WP5NQJguhHzelTMukdI6BdJa2PdsRtJ0f0xR/ZtSIZ6yR+QtogjyHP
 5BklBrV/xF0fLSG/UPem9uJxVD+dWeC4aU7g9Wy5oDx9GX66HeySolEULwlrtSwX
 rsYoyL42omskFsHyChKoaL2WftH1GeJ835Ba2b8ruor8OlMsbE3zSppFNuKn2cUx
 EIpGNUdvluyGKf1mSH5lmd1JSTDn8MH8NVydTM0cMbgmdm/sxgi88s0mrj4gQNTS
 L0gU3f+rGBKsQL7z6qlWWEJYTyanujHbjmAAElMmrY8ZWszOwnczwyojINnRIspu
 RQyvgzpJ0OBceg7/h/DOQfBbu1keds24aPaGxqnnmAxo8Egedayu+fBCSG2ZAaNS
 vBBR9Evr141A4AXX7Yi4qTxSrEgkG+jrHfjY7/i1zaQQ0wkOsrItYjnrTzLz4LxE
 60QO8IaaeW7UkwNMQ2OcvGGZasOB5K15Dgd7UQE2wmkwoALs+esLYeV7iMB2UrhT
 vF67ihVZwfqN9KFz37i/
 =XzK1
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v4.18-rc6' of git://github.com/awilliam/linux-vfio

Pull VFIO fix from Alex Williamson:
 "Harden potential Spectre v1 issue (Gustavo A. R. Silva)"

* tag 'vfio-v4.18-rc6' of git://github.com/awilliam/linux-vfio:
  vfio/pci: Fix potential Spectre v1
2018-07-20 14:27:02 -07:00
Linus Torvalds b4460a9586 - Fix DM writecache target to allow an optional offset to the start of
the data and metadata area.  This allows userspace tools (e.g. LVM2)
   to place a header and metadata at the front of the writecache device
   for its use.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJbUjNdAAoJEMUj8QotnQNa3NsH/RfalVY4y+Y8TSyfz20oHHcf
 Gxr0dMKQPYYeuAMxqcVyn9IhowZpcoBNbR050NEDpBjsE2augf0t2Ixl08gOn6Hx
 QJECHxqMQsIcSnvQLqqf4DGXU78WiacbYlLXI+7fnvddWrV+VRALSDxiuQAbCKue
 Oj/LSsRh/zhf9ruMWURrHpy8k/GOEZzrhgH3as6OZcYgLYaakv3yGY42vPmSbIj+
 RXmTzfJzxxxkWXAg6IIqawFlxZunLkcOhd1jSAE46Gh8NGe4jbP6U3AprMyp2yyB
 E388aggr7CgZqsCWp84EcAWa30f0G9+XlUFqB4ydQO/Mp39WH3VX2r5QBLBo2+8=
 =BN6D
 -----END PGP SIGNATURE-----

Merge tag 'for-4.18/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fix from Mike Snitzer:
 "Fix DM writecache target to allow an optional offset to the start of
  the data and metadata area.

  This allows userspace tools (e.g. LVM2) to place a header and metadata
  at the front of the writecache device for its use"

* tag 'for-4.18/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm writecache: support optional offset for start of device
2018-07-20 14:24:17 -07:00
Olof Johansson 5858610f0d i.MX fixes for 4.18, round 4:
- A fix for i.MX6 RDU2 board on the wrong IRQ type of Marvell switch,
    which might result in a race condition in the interrupt handler and
    cause the OS to miss all future events.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJbUVhyAAoJEFBXWFqHsHzOss4H/3nHBKfbjC0twTK3J4ou3jDO
 3JboghAt6bxKb/aS1zi8h3d7HDchV5FRkp87TX0qWss6RpS/cMPvQv2DCtgJIYMr
 M/M59oxJJsZpen105tMiUFermrPEGz7vmy4FkmG8t2giSQj78XZYQnZsp77AcTyC
 IP2wNcVBYwfis3GvDuKgBduZlAV42tqL0U02HsaOvmHjhGcqLzJxlwDAa2es6/zU
 KmbBatTR78oP2xf68BXQVB+x8WEjLxNI9J3c4uuLjYTxDxCKU+QNi57XS1VXp13q
 72x0lxhe9uTOC+tipvTvj449RigOIfqhlyg7IIE/5xOIKZFUfZZSYZmQ00lx1O4=
 =grcI
 -----END PGP SIGNATURE-----

Merge tag 'imx-fixes-4.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes

i.MX fixes for 4.18, round 4:
 - A fix for i.MX6 RDU2 board on the wrong IRQ type of Marvell switch,
   which might result in a race condition in the interrupt handler and
   cause the OS to miss all future events.

* tag 'imx-fixes-4.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
  ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch

Signed-off-by: Olof Johansson <olof@lixom.net>
2018-07-20 14:22:11 -07:00
Linus Torvalds 18cadf9f37 SCSI fixes on 20180720
A set of 8 obvious fixes.  Three (2 qla2xxx and the cxlflash oopses)
 are regressions, two from 4.17 and one from the merge window.  The
 hpsa change is user visible, but it fixes an error users have
 complained about.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCW1IqByYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishdB2AP9AaX1z
 DXIwcYZJgwbX3rKTrwGM96mFTziFKPKoyuf7vgEA/5/ghgKbjmJX3oWWymEZ6Gw9
 lA2sW47939WEulq88ns=
 =ObTl
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "A set of 8 obvious fixes.

  Three (2 qla2xxx and the cxlflash oopses) are regressions, two from
  4.17 and one from the merge window. The hpsa change is user visible,
  but it fixes an error users have complained about"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: cxlflash: fix assignment of the backend operations
  scsi: qedi: Send driver state to MFW
  scsi: qedf: Send the driver state to MFW
  scsi: hpsa: correct enclosure sas address
  scsi: sd_zbc: Fix variable type and bogus comment
  scsi: qla2xxx: Fix NULL pointer dereference for fcport search
  scsi: qla2xxx: Fix kernel crash due to late workqueue allocation
  scsi: qla2xxx: Fix inconsistent DMA mem alloc/free
2018-07-20 11:47:08 -07:00
Linus Torvalds 47736af324 IOMMU Fixes for Linux v4.18-rc5:
Only one revert:
 
 	* Revert an Intel VT-d patch that caused issues with the i915 GPU
 	  driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJbUfPKAAoJECvwRC2XARrjRH4P/3hX1p1pg5/1RRclYZstmCwC
 k9AEgNtdUnfCba5qc76c7Eu4MRlkB9cUCAOTT779pj/AHNjs2iwqxkGYvssSp/qF
 P/NxorIS6KkQx91pbRZBA5f/k4H53IyfkedphL8UD4tDYoRU8rsnKnf2muJdBggG
 WAOcsrww6wQh+etYzb7SV4h/BNgeMxr33kpMjWhHNWMQg3ZB+EjF4iRcFK5zLu1o
 2p0+UkH5PUBiOzTMm3tjrnT8p5UVzIW7IR2pWP0sRxk+fltSZevlHpZr/1Rruu0L
 jYU5H9wj3Njgkdl5TE6jO1gdVMTIduOmiMKgyD7dJY0C0WwWhjUjAIVi9BfodjdA
 lB1cF/Fcq9IV1GBh04avd/pb4Rt5LeILWnL3Ne4UKErTqSYLcMqDkpWvBfOj+1wC
 8RZDJWhc5k0AzOl/aQSX8pemIte9FiZ95kQTC8eY1eQa4kuXOYzcLqSdXF6LE5xd
 yU2rzJpwJkcpBChsZHwSDOGgeog8/OlsXxg5+EQ5pBRwoA+gzAT8pPkWIfmEbfvG
 p/lQEU3dIFsFxfkhnVOq9wT8PbQmlOLWot7Fomta7uKf/v50MylJ6jycFVNE4siB
 wowig+RPMicF0PbDEykFY1lKHAH+hn6eWEur9oKi2xaFByirQMtfrRCyvtHUoPNJ
 ec6jybkHE3flxq8KJUb9
 =rpjL
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull IOMMU fix from Joerg Roedel:
 "Only one revert, for an an Intel VT-d patch that caused issues with
  the i915 GPU driver"

* tag 'iommu-fixes-v4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  Revert "iommu/vt-d: Clean up pasid quirk for pre-production devices"
2018-07-20 11:43:21 -07:00
Linus Torvalds de87dcdedc platform-drivers-x86 for v4.18-2
The Dell laptop ACPI video brightness control is now back
 after fixing a regression brought by SMM refactoring.
 
 The following is an automated git shortlog grouped by driver:
 
 dell-laptop:
  -  Fix backlight detection
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEhiZOUlnC9oKN3n3AmT3/83c5Sy0FAltSCxIACgkQmT3/83c5
 Sy3NHw//ZQIsa0wWMAQjLWycM0YwWFUO03o6blxwRl1R9molg48CkPclFJAxeU3z
 m53uhhahD0fGiEBLRrgLXwBtVniU0jOOrBzQBUEQop1e0jg2sNXMpbysH5lpaWgw
 AJpYrdTskn93pTWrJMH260z2M75vKU1sk0ejZ9xyvdq5v2ArpJjFGn69LQgzQQEs
 ho5pez5pOhrf9+7Duj9h/GX/Wzb5i6pngkIaE4mctTOJyoIJxYRr4SHJUYDSzFzG
 yD4W9/5dARRHQSJpnPDqg5Fqzy3Cyr6NzNm0f5zx+1I/DrG0t9iODI+EkFYMT14E
 Sg35zW5xkEXB/w7OoUZh1F1rsYofWHjShl6IM/j61T2HW6eK0W9sbJDZr+iOWFLT
 nIVkuhycZ4L5teHiPCx0Cq19PY5vLm5F88Uvddyh0J2995ivhRb4UbvLl+D322XW
 gDYQlqay56hZzc72Yz662MHL03fs9bsPVyBIXKn2ZfKMRO46W3LRlNHL9WkRKijA
 2YMDB9UuYKHyYWZ9tWa+tEC3QekSCVR3P3D6dYF+pWP87IArNOnAlFqe7X/7yP3f
 otyMi+WHz5DyOyNgQZw5OFTHhRWg40UJMejfIco1UJUnEGdpsEOLQLD6g/Yntwzb
 H4mbwQLYh/RjDwjaDfEIxJqF7TngOTBGi6X9CHBcamxWz1zFeB4=
 =2Nl1
 -----END PGP SIGNATURE-----

Merge tag 'platform-drivers-x86-v4.18-2' of git://git.infradead.org/linux-platform-drivers-x86

Pull x86 platform driver fixes from Andy Shevchenko:
 "The Dell laptop ACPI video brightness control is now back after fixing
  a regression brought by SMM refactoring"

* tag 'platform-drivers-x86-v4.18-2' of git://git.infradead.org/linux-platform-drivers-x86:
  platform/x86: dell-laptop: Fix backlight detection
2018-07-20 11:37:30 -07:00
Linus Torvalds 2a0ea7df1f ARC fixes for 4.18-rc6
- Fix CONFIG_SWAP [Alexey]
 
  - Robistify cmpxchg emulation for systems w/o atomics [Alexey / PeterZ]
 
  - Allow mprotext(PROT_EXEC) for stack mappings [Vineet]
 
  - HSDK platform enable PCIe, APG GPIO [Gustavo]
 
  - miscll other fixes, config updates etc
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJbUimaAAoJEGnX8d3iisJeBRIP/23CVvREA/TzEd+F5s+5aI3E
 ZnC87eyibuzYmZdLNq65V7WVhjjpP+ijSEss4xoTgMjdrsFylVZTxdwZcSKjhZp1
 kvNKmpxYOWfrvYAqKeMEL/LhzDxQB7Q3sHMulYMAHQBz1vN4lZndMwzlwS/dHXMM
 bm8b4Z3IhxVfQM2IbfTXa2NapEFx5U1K06sF35a5wTJ9acu4Jp4nr/iREmwplPy9
 eKjN6UUv7RpRpLdF/bzi3rLZ6rQtuu+SP6e11t5YO+Yrdq6Qg/M0hiGvnxhHDljP
 lDYed4k1+daq0Cogg8nOX06vAi7JYy+YGgYAVjXAMHNibwF+Cqk/KKZoS4M6C4co
 3QulXi9hbrcGszUXvbJKbwQztmFa1wuLt3wLsZKJJ+E/B78t1TpXlXuQSZbtjVrv
 r5CRAi/q1EeeRP3d3IsKYL9LEQkpksCv3fAhNmbNwKy0TmXEhyerO55umMnJ0Pc+
 fd86QIu+91aNL8LH6IesuFFFccrS65vIFu2neNQcV0q2neSVoFKQrYrQ/g14nVw/
 ycXOjVKJsTTosKFJhWFDOptUTRiySa0k6VEy92jGtSb/TQRfWLNoTGNVkU20oNrn
 a4ckeUnYyaG+63Y0YW3yCUkMHBVtx4i0PPYv8BZt4CXB8dYaPKiRTKQE5uundgkO
 e09YDZW8qPB9Y/T5WK88
 =qvRf
 -----END PGP SIGNATURE-----

Merge tag 'arc-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc

Pull ARC fixes from Vineet Gupta:
 "ARC is back after radio silence in 4.17:

   - Fix CONFIG_SWAP [Alexey]

   - Robustify cmpxchg emulation for systems w/o atomics [Alexey /
     PeterZ]

   - Allow mprotext(PROT_EXEC) for stack mappings [Vineet]

   - HSDK platform enable PCIe, APG GPIO [Gustavo]

   - miscll other fixes, config updates etc"

* tag 'arc-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  ARCv2: [plat-hsdk]: Save accl reg pair by default
  ARC: mm: allow mprotect to make stack mappings executable
  ARC: Fix CONFIG_SWAP
  ARC: [arcompact] entry.S: minor code movement
  ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
  ARC: configs: remove no longer needed CONFIG_DEVPTS_MULTIPLE_INSTANCES
  ARC: Improve cmpxchg syscall implementation
  ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform
  ARC: [plat-hsdk] Add PCIe support
  ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
  ARC: Explicitly add -mmedium-calls to CFLAGS
2018-07-20 11:33:22 -07:00
Linus Torvalds 293bccc5b2 nds32 patches for 4.18
Here is the nds32 patch set based on 4.18-rc1.
 Contained in here are the bug fixes and building error fixes for nds32.
 
 These are the LTP20170427 testing results.
 
 Total Tests: 1902
 Total Skipped Tests: 593
 Total Failures: 418
 Kernel Version: 4.18.0-rc1-00006-g987553894f0c-dirty
 Machine Architecture: nds32
 
 Signed-off-by: Greentime Hu <greentime@andestech.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
 iQIcBAABAgAGBQJbQxfIAAoJEHfB0l0b2JxE5kYP/A3jMMfWMxaW6DqYjszxT1ew
 TFfTKX6FcRTiUqLchMJumgdFKq5CKjESq9Ir2tp1QNvF19LH1Z6dfwQja6NQzJlO
 tfJ1t3O1lEM9Qqvvu/Oe8nkXZoGmnVsdPW3hCRkuJmIgcW0oePQBALdNDRnhXAuw
 riwgzavvF9SkRE0uSuGz//0MGB/6KrnJw6jEdCdxuWVHdrQBQ79BD9KfK7ZQFQg+
 wCAeN8bMbP2j7vr1SpclbUvdzj21/Y6mI3OMBHYcXnb9VWkk+Hl0ph2AyYZHTXVh
 nRjkxU1WcCL3S3yWHJYjwxN0SBKBCFhv8Yitt3r0WnW9PWz3DdQGdMPghC2VDikU
 xTmOX/3511fl99aDM0vLDn3nZDnQjLHsb9kF3EEIn7om/Q20WHPpgvZ6zfEVgQKZ
 BPghp3pJilBsB/rKmWqw3RDrVHIBRlzLz70KJOn/S5y1e0jFcKEIs5/f945hDjsz
 18LifgAywPI7GwbKzIT6GvI242yxC+gA7SHw+pRGVa1HRkL7ujiPMAJ+emkUchLN
 Il7jONxN328zLNSEGCdVfJf7uqUN6i5tfM488hpZXPQZ/QP0uTuvtHjruDCNJVWg
 rKaz3eo4YwdMDlYpaFYLfS7/nIVLGKY6wkdPaFvmhgw6xnWfVEATWP+VgEh2056v
 kIzuxUJjjR8Ocwv/ooMG
 =9cq3
 -----END PGP SIGNATURE-----

Merge tag 'nds32-for-linus-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux

Pull nds32 updates from Greentime Hu:
 "Bug fixes and build ixes for nds32"

* tag 'nds32-for-linus-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux:
  nds32: fix build error "relocation truncated to fit: R_NDS32_25_PCREL_RELA" when make allyesconfig
  nds32: To simplify the implementation of update_mmu_cache()
  nds32: Fix the dts pointer is not passed correctly issue.
  nds32: To implement these icache invalidation APIs since nds32 cores don't snoop data cache. This issue is found by Guo Ren. Based on the Documentation/core-api/cachetlb.rst and it says:
  nds32: Fix build error caused by configuration flag rename
  nds32: define __NDS32_E[BL]__ for sparse
2018-07-20 11:18:33 -07:00
Linus Torvalds bfa54a3a00 Power management fix for 4.18-rc6
Fix a relatively old initialization issue in intel_pstate causing
 the pcc-cpufreq driver to be used instead of it on some HP Proliant
 systems, which turned into a functional regression during the 4.17
 cycle, because pcc-cpufreq is a scalability disaster and that was
 amplified by the idle loop rework done at that time (Rafael Wysocki).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJbUZFtAAoJEILEb/54YlRx1OQP/jX6+uaIOtiDP24LByroWaG7
 BXRxxh530PRSUYzmgqxX22w4vsnty611Dprr8wZgg05mR5g+2erGVy20Z9va7aje
 7g5obpRvRrP2g4sxjgaG9Xza27yjwd1+ZmkpzIudDaHiv0WePUbJJjDLULJUi43X
 ynRGdZnHIYjOnCVV4nvkRiMzxgv5kfYRPYTaGjawTRCt9v9cQOPvvEHe+qG+uloO
 kBGKdFnNQPRHspRV2X5T0J1lXEdb6HaEBWQOabjbWAxaTLGvNBWg6c2FuN0mIpmq
 jKEhi2o4lH+X4XsmP3GPK4Spl0l4gSAIvaI5wrb+XNPmdDeBMcSECf0HSSabOPa6
 CLfjfmWH8BNZmLOWq8Wmn3OF9UsMtzoMTUqglWEJaCLTAQXkAgvusb8ZTajNnYX8
 LmcDeICT96+jzpZM99wbUAu/4/a/WSc1r56+qeJP1Nejo9QgnstvxSllx6FQzIYX
 tXqezvXOhtgTjZU+Td46SIkjKlR4Ebwknjjl3RGmJwahjZVcBLj65oMK+dH9W/Iu
 vy5l2+PI1kG+hGXRyQZ/pPpNamAMuq5SlDiqWbwoogeOq1ZLz0NF9OVjUgNAeO8C
 Kbfa3ezQYjW3/ZhHjnIgnzliHYeg/4Y6SjZerXOd6m1qkYsxHR7oy2KwHgH/6ATi
 PYtu6T8OHl+XrCidPFXy
 =h+O6
 -----END PGP SIGNATURE-----

Merge tag 'pm-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fix from Rafael Wysocki:
 "Fix a relatively old initialization issue in intel_pstate causing the
  pcc-cpufreq driver to be used instead of it on some HP Proliant
  systems.

  This turned into a functional regression during the 4.17 cycle,
  because pcc-cpufreq is a scalability disaster and that was amplified
  by the idle loop rework done at that time (Rafael Wysocki).

* tag 'pm-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  cpufreq: intel_pstate: Register when ACPI PCCH is present
2018-07-20 11:12:27 -07:00
Linus Torvalds 73894397e7 ACPI fix for 4.18-rc6
Extend the recently added suspend-to-idle quirk for Thinkpad X1
 Carbon 6th to other systems from that familiy which turned out
 to need it too (Robin Johnson).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJbUZB0AAoJEILEb/54YlRxlwAQALUKtcTSRb0uJax0KAKLpTYn
 9UM9w5omQwKxsdS8Y8NMuvoz6w5X0GKRQvwCPcfLuVkin7fTehNgM5v+lFwtwlL6
 cjVdtX2m2sVhBb2pABelCoeVDnFhnpDd0gMjQg9pkq4AqkCzqw8jbGHYZxV86jfB
 cTgkLLjbFzCGg82cHYY7wcnRPCkzMv01r1PhSNc13RzqyoV4AqH/60ucuNkISTOz
 Qn7mewo9heDNn4TWFh9tcUFX/PrKFVYquwr+awW5YAGJv9cwwsy9nLXddncQKZRV
 F7L5ytxkH7U8yXFUHP2mGOeqQKAnMYlrRXgMlEoV2iio1SYuKnoldNUsaDE3lTWQ
 4SyNmSNJiVr8qxBXccrSf19DK9AfyjDgkI4HGQsQkSbm5dN0tA9FuOch5VG4E4eg
 p4bygETJrzlNwr7eIxGPdA3qV3oSv3jAw+fhY/cixeYblJG4cgaqj7UttZpkIcjA
 6r3oLz3/Q5X3I3mVoY46ieGaF/H/SrV60TaEEhNdLiUkGztz69K4i3sLU7HCJagK
 kMhMi//l4KyP85qtXGBc/DnSpKZ39Gm6AGZ0A+xY7L4FXkYl/aUZ0uAKwtz2ZvPA
 rdTffpG+zEnZ/HMTVy6MVfnYDo9jx2DtqSOyklVcNNISOmTY9iyVjTpbWMn+Ddit
 9i7oJfoRBRWiHMzJVC4b
 =I8Cg
 -----END PGP SIGNATURE-----

Merge tag 'acpi-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI fix from Rafael Wysocki:
 "Extend the recently added suspend-to-idle quirk for Thinkpad X1 Carbon
  6th to other systems from that familiy which turned out to need it too
  (Robin Johnson)"

* tag 'acpi-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems
2018-07-20 11:09:10 -07:00
Roland Dreier 9b38276813 nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD
The old code in nvme_user_cmd() passed the userspace virtual address
from nvme_passthru_cmd.metadata as the length of the metadata buffer
as well as the address to nvme_submit_user_cmd().

Fixes: 63263d60 ("nvme: Use metadata for passthrough commands")
Signed-off-by: Roland Dreier <roland@purestorage.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2018-07-20 07:43:59 -07:00
Damien Thébault 2502e5a025 platform/x86: dell-laptop: Fix backlight detection
Fix return code check for "max brightness" ACPI call.

The Dell laptop ACPI video brightness control is not present on dell
laptops anymore, but was present in older kernel versions.

The code that checks the return value is incorrect since the SMM
refactoring.

The old code was:
  if (buffer->output[0] == 0)

Which was changed to:
  ret = dell_send_request(...)
  if (ret)

However, dell_send_request() will return 0 if buffer->output[0] == 0,
so we must change the check to:
  if (ret == 0)

This issue was found on a Dell M4800 laptop, and the fix tested on it
as well.

Fixes: 549b4930f0 ("dell-smbios: Introduce dispatcher for SMM calls")
Signed-off-by: Damien Thébault <damien@dtbo.net>
Tested-by: Damien Thébault <damien@dtbo.net>
Reviewed-by: Pali Rohár <pali.rohar@gmail.com>
Reviewed-by: Mario Limonciello <mario.limonciello@dell.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2018-07-20 15:29:59 +03:00
Lu Baolu 2db1581e1f Revert "iommu/vt-d: Clean up pasid quirk for pre-production devices"
This reverts commit ab96746aaa.

The commit ab96746aaa ("iommu/vt-d: Clean up pasid quirk for
pre-production devices") triggers ECS mode on some platforms
which have broken ECS support. As the result, graphic device
will be inoperable on boot.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107017

Cc: Ashok Raj <ashok.raj@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2018-07-20 13:55:56 +02:00
Linus Torvalds 28c20cc73b nouveau and amdgpu fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbUUjOAAoJEAx081l5xIa+x9MP/A1LsxZlZd1dkzGfBoKHq9oc
 fIknKBDU372rExEM/f0J5mE00ETi/+4YnkTtQZ1eQKYUyUtxwUbX5hEdbwsKkN8H
 wQvENY+hqE0vplFLibUf/+ZveCwuFmk8DzsdzxvmmcBkrQGM7dnF4VE8Yb/DpwT7
 VK8t4IDwkhdgVmqu445dgwtJIDyEKyxO1rlelDWS6BPXMi+ySwNRWaNZWxZG2n0J
 fozSor7nElkSd/795WOUM0B344K9ZiZaex4mJi7XcZgo/IWTB4l+PWKUTvQvBlaP
 HIZOvbBryISW/ingnLRmq2UsuHLpgmveZyBN4BLqcZettxc2EcIgKMlGHZdi2nSL
 OjPzfneTKeiV47kFK66Rns+NnpOPxatb0YF94AweFvpOhXS8XR2lzJOsIeTVyab8
 Q1c0WMa70SD0bjRNRuX3HeVG9IKNnpEWYus1xDXC6aE79tBmIVCFSejMbVT3BC6V
 5Fc/Jpx6ODtObXArr/XMZrMsKr6JPEGK6GobV/fvaddgAPj2hoqXESVE6b5ReI3y
 MlSvHGzIN8oar+2vtResGrDxJE27pgCw7big/IR+VV7RPLEP6Mpo3EgMnCyhhdZk
 S/a+RxgHDv+2KSOjwqm3mha3g74+R0qN5LbYf7ghOl/7zNaiKQ7xIdsf5UEgDp57
 kkQXTu7fUdRunTtgcO8v
 =8E++
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2018-07-20' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Just two sets of driver fixes this week to follow up on the set from
  earlier in the week and hopefully get me realigned schedule wise.

  amdgpu:
   - ACP fix for boards with multiple I2S instances
   - DP fix for CZ, vega
   - hybrid laptop fixes
   - Resume regression fix

  nouveau:
   - large memory systems and Pascal fix
   - MST race fixes
   - runtime PM fix"

* tag 'drm-fixes-2018-07-20' of git://anongit.freedesktop.org/drm/drm:
  drm/nouveau/fb/gp100-: disable address remapper
  drm/amd/amdgpu: creating two I2S instances for stoney/cz (v2)
  drm/amdgpu: add another ATPX quirk for TOPAZ
  drm/amd/display: Fix DP HBR2 Eye Diagram Pattern on Carrizo
  drm/amdgpu: Make sure IB tests flushed after IP resume
  drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs
  drm/nouveau: Remove bogus crtc check in pmops_runtime_idle
  drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()
  drm/nouveau: Avoid looping through fake MST connectors
  drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
  drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
  drm/nouveau/kms/nv50-: ensure window updates are submitted when flushing mst disables
2018-07-19 20:17:47 -07:00
Uwe Kleine-König e01a06c808 ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch
The Marvell switches report their interrupts in a level sensitive way.
When using edge sensitive detection a race condition in the interrupt
handler of the swich might result in the OS to miss all future events
which might make the switch non-functional.

The problem is that both mv88e6xxx_g2_irq_thread_fn() and
mv88e6xxx_g1_irq_thread_work() sample the irq cause register
(MV88E6XXX_G2_INT_SRC and MV88E6XXX_G1_STS respectively) once and then
handle the observed sources. If after sampling but before all observed
irq sources are handled a new irq source gets active this is not noticed
by the handler which returns unsuspecting, but the interrupt line stays
active which prevents the edge detector to kick in.

All device trees but imx6qdl-zii-rdu2 get this right (most of them by
not specifying an interrupt parent). So fix imx6qdl-zii-rdu2
accordingly.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Fixes: f64992d1a9 ("ARM: dts: imx6: RDU2: Add Switch interrupts")
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
2018-07-20 10:50:44 +08:00
Dave Airlie 02e546eacc Merge branch 'linux-4.18' of git://github.com/skeggsb/linux into drm-fixes
- fix problem with pascal and large memory systems
- fix a bunch of MST problems
- fix a runtime PM interaction with MST

Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/CACAvsv79O8deSts2fxJ_oS6=q8yA+OgwBSEpp5R=BQBmWa+oyg@mail.gmail.com
2018-07-20 10:27:53 +10:00
Dave Airlie b83ce39b92 Merge branch 'drm-fixes-4.18' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
Fixes for 4.18.  The ACP patch is a bit bigger than I would like
at this point, but it should have gone in long ago, it just fell
through the cracks.  The others are pretty small and straight-forward.
- ACP fix for boards with 2 I2S instances
- DP fix for CZ, vega
- Fix for a hybrid graphics laptop
- Fix a resume regression

Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180718162603.2747-1-alexander.deucher@amd.com
2018-07-20 10:23:44 +10:00
Olof Johansson 8b369c0073 i.MX fixes for 4.18, round 3:
- Restrict GPC driver on register range that is accessible by regmap,
    so that we can avoid user space from triggering imprecise external
    abort exception.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJbUD1eAAoJEFBXWFqHsHzOdR4IALmrzHZHPLKzfPmQitoO3c/E
 qCcM8kAOoEPg9toIj3Gkte3XCRS7+gYaPhwvtJ48n3x0zcB7mSs/PhiKbpF+e/gK
 /4w6iDoeqhkb+ITcn1qeM8OpsYhDV5FF2NLsoKjQmOhVts9yg/JUwMP4nTIElOM5
 cAEAzCM/RCkZjte8NWDgculB2Wre/AsNEiSlVU8p3uZl8UY30BDnvMmlQ1eewSsi
 gARfkI49AEQJZVIO9LClGRmkg1NMDnPGM1Bh0tUWMX7UhvPfO97VfshJtVklDi26
 o29rC6nmLV7D/jfpWbcEKuVAXkOuRFf/3h8Wi4hN1577L1V0l+ABNhkpC14pmvo=
 =Klg3
 -----END PGP SIGNATURE-----

Merge tag 'imx-fixes-4.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes

i.MX fixes for 4.18, round 3:
 - Restrict GPC driver on register range that is accessible by regmap,
   so that we can avoid user space from triggering imprecise external
   abort exception.

* tag 'imx-fixes-4.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
  soc: imx: gpc: restrict register range for regmap access

Signed-off-by: Olof Johansson <olof@lixom.net>
2018-07-19 15:09:59 -07:00
Olof Johansson 1f9f163500 One omap dts mismerge fix
The dts patch for droid4 PWM vibrator has added gpio6 entries to the wrong
 node. Let's fix it with a note that there seems to be also other GPIO PWM
 issues to fix still to get the PWM vibrator working. So this can wait for
 v4.19 merge cycle if necessary.
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEkgNvrZJU/QSQYIcQG9Q+yVyrpXMFAltQPwERHHRvbnlAYXRv
 bWlkZS5jb20ACgkQG9Q+yVyrpXMvERAAqzZoTW6Qd6WnxRQIrIpNHTPpyuiu7uGU
 DdaJUvHCn93JfJyuG6VCwSph8SI8o+YVQGV67Rr7TO7GDW8WGrcuMnfB+0z6Xm6Y
 HbTlXVP3sImykowoAEFF4VJmSclj5qzYk2n72KlpT7pJQnJqe0DmigCV/IkFn9A6
 q1fSKcQH7A0qjPOdefgF/zPVgNbxy1JkO/dzKyXZPc0LmjpwWfNWntbPyqNWi7om
 oazVpRwM+8640S7wBhYBn2T0KoQZus8pU/Oy03UAgrUbL4yhcOhZhYJKrmvXmXcW
 e/V8k071zrLc9XVL1DYVfFmHA4mzve6efmQnem2krpaki5n6jF5YEkayhiXqC0B2
 RF24oKFsuztRTgkkJfGumiuassF3wGdPpAPL2DwFIX5qJwqvcg96AhzdAMc5Af4m
 FTFMhtcYgf5G1/yDI8IyVQNoqvBci/n7/zUd7NBluizcZm5YIrcShzAh/WERgxuO
 3x+fDhCAP1zzeyFAJlOMhNCYWesRTuT/9kQrP95saXjfcbaXZt8hsARJgXA8x2V/
 40ONNcvrAMbC10jqAPzXdTgSdHTFO2cZs3DdCwHSvkFFhfczH/E/2OOKzfxZCxHL
 2OCcCOWuZD3WyUlYs01vZOMWPzN/2gJYi4upAMSxyUDN67ios8TKOBM+VU5Ec2Vh
 5TqC8lQfmew=
 =1jV8
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-v4.18/fixes-rc5-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes

One omap dts mismerge fix

The dts patch for droid4 PWM vibrator has added gpio6 entries to the wrong
node. Let's fix it with a note that there seems to be also other GPIO PWM
issues to fix still to get the PWM vibrator working. So this can wait for
v4.19 merge cycle if necessary.

* tag 'omap-for-v4.18/fixes-rc5-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: dts: omap4-droid4: fix dts w.r.t. pwm

Signed-off-by: Olof Johansson <olof@lixom.net>
2018-07-19 15:07:12 -07:00
Linus Torvalds fb7d1bcf16 pci-v4.18-fixes-3
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAltQ1y4UHGJoZWxnYWFz
 QGdvb2dsZS5jb20ACgkQWYigwDrT+vyzKA//T8+ePVGcIBZhyEDy3gX0V/WXF5Sr
 feOWCy5YWsY3gWkQ1XIU40kPox+6/bsO8Cte74aO5m1cWShpqEJntuFkOInNz9ag
 6gkN1j3G7B8VjpzWlH9rML2d2QVcnm8POBkmtwEgBw8rdAumD25MFsvjENhVkdeL
 LOLzi+8kPRQl8UK33HnawU6spLgHCosSVVInIjPyNpSzw+agbW+s0i4/kmWXnB8C
 9P4VieQ3dzyfzX1W5ty82Ck6Gd6gOXI42hVls9EFrJnuxQIUPe5pX14dqFzVFP3G
 j9SrUTPbnoZ3yVxW4mhibCv3v8+vyTxPhkradj4zt1dk4Cq4+s1Z9+l8vPjChIkQ
 X679bNgI1x3xIdtUc5OcIdNI9LyzmCKZ309iNPO0bTD/gHvXromw4wqvOUCkBEoa
 HkTJeFXf+h7DsFNAcj6ntaQAbUcwjsOgHLhikhZJ8nUcxvjLvnIZ0imzytBuyboJ
 L7GV0VurwVgi2yHhdzsQ9qiSO4iTXnSe05urxzZyIn8mFETOxB6Kai2kmvAKTpqx
 DR0/gZMWHYd40zRtPmcpFbzPCJAaTtks2/C/IzOeUkSRDSLsc5IhmjduG5pNAfqC
 ikf/WrWNbZHXbLAGyD37YElhYOl7StcNz3yZtlvvbx1iNjWikU4NJR/GwgNeHZ3j
 sRI2Trz8bfJW4AE=
 =SV5J
 -----END PGP SIGNATURE-----

Merge tag 'pci-v4.18-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fixes from Bjorn Helgaas:

 - Fix crashes that happen when PHY drivers are left disabled in the V3
   Semiconductor, MediaTek, Faraday, Aardvark, DesignWare, Versatile,
   and X-Gene host controller drivers (Sergei Shtylyov)

 - Fix a NULL pointer dereference in the endpoint library configfs
   support (Kishon Vijay Abraham I)

 - Fix a race condition in Hyper-V IRQ handling (Dexuan Cui)

* tag 'pci-v4.18-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: v3-semi: Fix I/O space page leak
  PCI: mediatek: Fix I/O space page leak
  PCI: faraday: Fix I/O space page leak
  PCI: aardvark: Fix I/O space page leak
  PCI: designware: Fix I/O space page leak
  PCI: versatile: Fix I/O space page leak
  PCI: xgene: Fix I/O space page leak
  PCI: OF: Fix I/O space page leak
  PCI: endpoint: Fix NULL pointer dereference error when CONFIGFS is disabled
  PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg()
2018-07-19 11:54:04 -07:00
Vineet Gupta af1fc5baa7 ARCv2: [plat-hsdk]: Save accl reg pair by default
This manifsted as strace segfaulting on HSDK because gcc was targetting
the accumulator registers as GPRs, which kernek was not saving/restoring
by default.

Cc: stable@vger.kernel.org   #4.14+
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2018-07-19 10:36:45 -07:00
Linus Torvalds f39f28ff82 sound fixes for 4.18-rc6
A rawmidi race fix and three trivial HD-audio quirks.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAltQZuYOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE8P4A//Xaf6cy3XejK9zPaV/Ony+IiJfcpRbbug/Mhc
 eV1l+a/+DJNpeEJQScDtQjQejDnyytF3643sJ2VHVGMX3NEWeasfkJ3943FEijOK
 RkSW5VtXSExXcshwwu8JSllEXWK48rUzjYXT8ORccfQWn9mE1xfRFkMKalj2+f17
 0joP7N2wxc5Xw44Gkq9iFcadxyfUo/dj6/MNdSU+HpcwLFszCsVDY6t3pfwQykm9
 WEsalkAUARSMAo6ZnS67lLwH+9aqb7Zt5tPke44FT/LSAOlu8oJnqWrhwOQSZmRg
 hm5UF2yo9N29CKJwhSLNN1Me+Ko8OGaEVzB4bXYnhmCQi+YcVvL4lR3kTPCZQhVE
 ExI3vjGFi9EjCd8V1Oe5OxqAjdpLQgRzScGYszmry1U6jiZus2pc90D2s55ABqE7
 ZBmG6i+Ee9ltDPBbZMrsN7N2+M+hXq/10yy5pLZukA0YJpe5ec1iyJmvvduEodbh
 jKyzGh/+tFQGlUpgsJoBa0+K7C/UzaKJyPhp7+iSLrLUcaXdv4mWvQYWUZzzI8zW
 3GPPTUdpqm67eFRg1HgOQ0YWslgyuASCcsH/qmAfD+9ilEKe+r7EffYf79dm99JJ
 gF5ocX5zHS5JpRHxD5RZi+Vd3fj7wcj+NKAiIAIOFS3JLDScTG9n/5vP4K7W9vRI
 F+Q5s+c=
 =vsVz
 -----END PGP SIGNATURE-----

Merge tag 'sound-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A rawmidi race fix and three trivial HD-audio quirks"

* tag 'sound-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/realtek - Yet another Clevo P950 quirk entry
  ALSA: rawmidi: Change resized buffers atomically
  ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
  ALSA: hda: add mute led support for HP ProBook 455 G5
2018-07-19 07:43:17 -07:00
Robin H. Johnson 2c4d6baf1b ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems
The ec_no_wakeup matcher added for Thinkpad X1 Carbon 6th gen systems
beyond matched only a single DMI model (20KGS3JF01), that didn't cover
my laptop (20KH002JUS). Change to match based on DMI product family to
cover all X1 6th gen systems.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2018-07-19 16:42:15 +02:00
Linus Torvalds b4394c3435 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
 "This fixes an allocation error-path bug in af_alg discovered by
  syzkaller"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: af_alg - Initialize sg_num_bytes in error code path
2018-07-19 07:32:44 -07:00
Filipe Manana bd3599a0e1 Btrfs: fix file data corruption after cloning a range and fsync
When we clone a range into a file we can end up dropping existing
extent maps (or trimming them) and replacing them with new ones if the
range to be cloned overlaps with a range in the destination inode.
When that happens we add the new extent maps to the list of modified
extents in the inode's extent map tree, so that a "fast" fsync (the flag
BTRFS_INODE_NEEDS_FULL_SYNC not set in the inode) will see the extent maps
and log corresponding extent items. However, at the end of range cloning
operation we do truncate all the pages in the affected range (in order to
ensure future reads will not get stale data). Sometimes this truncation
will release the corresponding extent maps besides the pages from the page
cache. If this happens, then a "fast" fsync operation will miss logging
some extent items, because it relies exclusively on the extent maps being
present in the inode's extent tree, leading to data loss/corruption if
the fsync ends up using the same transaction used by the clone operation
(that transaction was not committed in the meanwhile). An extent map is
released through the callback btrfs_invalidatepage(), which gets called by
truncate_inode_pages_range(), and it calls __btrfs_releasepage(). The
later ends up calling try_release_extent_mapping() which will release the
extent map if some conditions are met, like the file size being greater
than 16Mb, gfp flags allow blocking and the range not being locked (which
is the case during the clone operation) nor being the extent map flagged
as pinned (also the case for cloning).

The following example, turned into a test for fstests, reproduces the
issue:

  $ mkfs.btrfs -f /dev/sdb
  $ mount /dev/sdb /mnt

  $ xfs_io -f -c "pwrite -S 0x18 9000K 6908K" /mnt/foo
  $ xfs_io -f -c "pwrite -S 0x20 2572K 156K" /mnt/bar

  $ xfs_io -c "fsync" /mnt/bar
  # reflink destination offset corresponds to the size of file bar,
  # 2728Kb minus 4Kb.
  $ xfs_io -c ""reflink ${SCRATCH_MNT}/foo 0 2724K 15908K" /mnt/bar
  $ xfs_io -c "fsync" /mnt/bar

  $ md5sum /mnt/bar
  95a95813a8c2abc9aa75a6c2914a077e  /mnt/bar

  <power fail>

  $ mount /dev/sdb /mnt
  $ md5sum /mnt/bar
  207fd8d0b161be8a84b945f0df8d5f8d  /mnt/bar
  # digest should be 95a95813a8c2abc9aa75a6c2914a077e like before the
  # power failure

In the above example, the destination offset of the clone operation
corresponds to the size of the "bar" file minus 4Kb. So during the clone
operation, the extent map covering the range from 2572Kb to 2728Kb gets
trimmed so that it ends at offset 2724Kb, and a new extent map covering
the range from 2724Kb to 11724Kb is created. So at the end of the clone
operation when we ask to truncate the pages in the range from 2724Kb to
2724Kb + 15908Kb, the page invalidation callback ends up removing the new
extent map (through try_release_extent_mapping()) when the page at offset
2724Kb is passed to that callback.

Fix this by setting the bit BTRFS_INODE_NEEDS_FULL_SYNC whenever an extent
map is removed at try_release_extent_mapping(), forcing the next fsync to
search for modified extents in the fs/subvolume tree instead of relying on
the presence of extent maps in memory. This way we can continue doing a
"fast" fsync if the destination range of a clone operation does not
overlap with an existing range or if any of the criteria necessary to
remove an extent map at try_release_extent_mapping() is not met (file
size not bigger then 16Mb or gfp flags do not allow blocking).

CC: stable@vger.kernel.org # 3.16+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-07-19 15:36:31 +02:00
Ben Skeggs 2f958e8240 drm/nouveau/fb/gp100-: disable address remapper
This was causing problems on a system with a large amount of RAM, where
display push buffers were being fetched incorrectly when placed in high
system memory addresses.

While this commit will resolve the issue on that particular system, the
issue will be avoided completely with another patch to more fully solve
problems with display and large amounts of system memory on Pascal.

It's still probably a good idea to disable this to prevent weird issues
in the future.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-07-19 14:36:51 +10:00
Linus Torvalds 024ddc0ce1 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
 "Lots of fixes, here goes:

   1) NULL deref in qtnfmac, from Gustavo A. R. Silva.

   2) Kernel oops when fw download fails in rtlwifi, from Ping-Ke Shih.

   3) Lost completion messages in AF_XDP, from Magnus Karlsson.

   4) Correct bogus self-assignment in rhashtable, from Rishabh
      Bhatnagar.

   5) Fix regression in ipv6 route append handling, from David Ahern.

   6) Fix masking in __set_phy_supported(), from Heiner Kallweit.

   7) Missing module owner set in x_tables icmp, from Florian Westphal.

   8) liquidio's timeouts are HZ dependent, fix from Nicholas Mc Guire.

   9) Link setting fixes for sh_eth and ravb, from Vladimir Zapolskiy.

  10) Fix NULL deref when using chains in act_csum, from Davide Caratti.

  11) XDP_REDIRECT needs to check if the interface is up and whether the
      MTU is sufficient. From Toshiaki Makita.

  12) Net diag can do a double free when killing TCP_NEW_SYN_RECV
      connections, from Lorenzo Colitti.

  13) nf_defrag in ipv6 can unnecessarily hold onto dst entries for a
      full minute, delaying device unregister. From Eric Dumazet.

  14) Update MAC entries in the correct order in ixgbe, from Alexander
      Duyck.

  15) Don't leave partial mangles bpf program in jit_subprogs, from
      Daniel Borkmann.

  16) Fix pfmemalloc SKB state propagation, from Stefano Brivio.

  17) Fix ACK handling in DCTCP congestion control, from Yuchung Cheng.

  18) Use after free in tun XDP_TX, from Toshiaki Makita.

  19) Stale ipv6 header pointer in ipv6 gre code, from Prashant Bhole.

  20) Don't reuse remainder of RX page when XDP is set in mlx4, from
      Saeed Mahameed.

  21) Fix window probe handling of TCP rapair sockets, from Stefan
      Baranoff.

  22) Missing socket locking in smc_ioctl(), from Ursula Braun.

  23) IPV6_ILA needs DST_CACHE, from Arnd Bergmann.

  24) Spectre v1 fix in cxgb3, from Gustavo A. R. Silva.

  25) Two spots in ipv6 do a rol32() on a hash value but ignore the
      result. Fixes from Colin Ian King"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (176 commits)
  tcp: identify cryptic messages as TCP seq # bugs
  ptp: fix missing break in switch
  hv_netvsc: Fix napi reschedule while receive completion is busy
  MAINTAINERS: Drop inactive Vitaly Bordug's email
  net: cavium: Add fine-granular dependencies on PCI
  net: qca_spi: Fix log level if probe fails
  net: qca_spi: Make sure the QCA7000 reset is triggered
  net: qca_spi: Avoid packet drop during initial sync
  ipv6: fix useless rol32 call on hash
  ipv6: sr: fix useless rol32 call on hash
  net: sched: Using NULL instead of plain integer
  net: usb: asix: replace mii_nway_restart in resume path
  net: cxgb3_main: fix potential Spectre v1
  lib/rhashtable: consider param->min_size when setting initial table size
  net/smc: reset recv timeout after clc handshake
  net/smc: add error handling for get_user()
  net/smc: optimize consumer cursor updates
  net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
  ipv6: ila: select CONFIG_DST_CACHE
  net: usb: rtl8150: demote allmulti message to dev_dbg()
  ...
2018-07-18 19:32:54 -07:00