Commit Graph

886875 Commits

Author SHA1 Message Date
Alexey Dobriyan
e06689bf57 proc: change ->nlink under proc_subdir_lock
Currently gluing PDE into global /proc tree is done under lock, but
changing ->nlink is not.  Additionally struct proc_dir_entry::nlink is
not atomic so updates can be lost.

Link: http://lkml.kernel.org/r/20190925202436.GA17388@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-12-04 19:44:11 -08:00
Yu Zhao
3cde287bb4 mm/memory.c: replace is_zero_pfn with is_huge_zero_pmd for thp
For hugely mapped thp, we use is_huge_zero_pmd() to check if it's zero
page or not.

We do fill ptes with my_zero_pfn() when we split zero thp pmd, but this
is not what we have in vm_normal_page_pmd() -- pmd_trans_huge_lock()
makes sure of it.

This is a trivial fix for /proc/pid/numa_maps, and AFAIK nobody
complains about it.

Gerald Schaefer asked:
: Maybe the description could also mention the symptom of this bug?
: I would assume that it affects anon/dirty accounting in gather_pte_stats(),
: for huge mappings, if zero page mappings are not correctly recognized.

I came across this while I was looking at the code, so I'm not aware of
any symptom.

Link: http://lkml.kernel.org/r/20191108192629.201556-1-yuzhao@google.com
Signed-off-by: Yu Zhao <yuzhao@google.com>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Ralph Campbell <rcampbell@nvidia.com>
Cc: Will Deacon <will@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: "Aneesh Kumar K . V" <aneesh.kumar@linux.ibm.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: Thomas Hellstrom <thellstrom@vmware.com>
Cc: Souptick Joarder <jrdr.linux@gmail.com>
Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-12-04 19:44:11 -08:00
Konstantin Khlebnikov
ebc5d83d04 mm/memcontrol: use vmstat names for printing statistics
Use common names from vmstat array when possible.  This gives not much
difference in code size for now, but should help in keeping interfaces
consistent.

  add/remove: 0/2 grow/shrink: 2/0 up/down: 70/-72 (-2)
  Function                                     old     new   delta
  memory_stat_format                           984    1050     +66
  memcg_stat_show                              957     961      +4
  memcg1_event_names                            32       -     -32
  mem_cgroup_lru_names                          40       -     -40
  Total: Before=14485337, After=14485335, chg -0.00%

Link: http://lkml.kernel.org/r/157113012508.453.80391533767219371.stgit@buzz
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-12-04 19:44:11 -08:00
Konstantin Khlebnikov
9d7ea9a297 mm/vmstat: add helpers to get vmstat item names for each enum type
Statistics in vmstat is combined from counters with different structure,
but names for them are merged into one array.

This patch adds trivial helpers to get name for each item:

  const char *zone_stat_name(enum zone_stat_item item);
  const char *numa_stat_name(enum numa_stat_item item);
  const char *node_stat_name(enum node_stat_item item);
  const char *writeback_stat_name(enum writeback_stat_item item);
  const char *vm_event_name(enum vm_event_item item);

Names for enum writeback_stat_item are folded in the middle of
vmstat_text so this patch moves declaration into header to calculate
offset of following items.

Also this patch reuses piece of node stat names for lru list names:

  const char *lru_list_name(enum lru_list lru);

This returns common lru list names: "inactive_anon", "active_anon",
"inactive_file", "active_file", "unevictable".

[khlebnikov@yandex-team.ru: do not use size of vmstat_text as count of /proc/vmstat items]
  Link: http://lkml.kernel.org/r/157152151769.4139.15423465513138349343.stgit@buzz
  Link: https://lore.kernel.org/linux-mm/cd1c42ae-281f-c8a8-70ac-1d01d417b2e1@infradead.org/T/#u
Link: http://lkml.kernel.org/r/157113012325.453.562783073839432766.stgit@buzz
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: YueHaibing <yuehaibing@huawei.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-12-04 19:44:11 -08:00
Roman Gushchin
a264df74df mm: memcg/slab: wait for !root kmem_cache refcnt killing on root kmem_cache destruction
Christian reported a warning like the following obtained during running
some KVM-related tests on s390:

    WARNING: CPU: 8 PID: 208 at lib/percpu-refcount.c:108 percpu_ref_exit+0x50/0x58
    Modules linked in: kvm(-) xt_CHECKSUM xt_MASQUERADE bonding xt_tcpudp ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ip6table_na>
    CPU: 8 PID: 208 Comm: kworker/8:1 Not tainted 5.2.0+ #66
    Hardware name: IBM 2964 NC9 712 (LPAR)
    Workqueue: events sysfs_slab_remove_workfn
    Krnl PSW : 0704e00180000000 0000001529746850 (percpu_ref_exit+0x50/0x58)
               R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
    Krnl GPRS: 00000000ffff8808 0000001529746740 000003f4e30e8e18 0036008100000000
               0000001f00000000 0035008100000000 0000001fb3573ab8 0000000000000000
               0000001fbdb6de00 0000000000000000 0000001529f01328 0000001fb3573b00
               0000001fbb27e000 0000001fbdb69300 000003e009263d00 000003e009263cd0
    Krnl Code: 0000001529746842: f0a0000407fe        srp        4(11,%r0),2046,0
               0000001529746848: 47000700            bc         0,1792
              #000000152974684c: a7f40001            brc        15,152974684e
              >0000001529746850: a7f4fff2            brc        15,1529746834
               0000001529746854: 0707                bcr        0,%r7
               0000001529746856: 0707                bcr        0,%r7
               0000001529746858: eb8ff0580024        stmg       %r8,%r15,88(%r15)
               000000152974685e: a738ffff            lhi        %r3,-1
    Call Trace:
    ([<000003e009263d00>] 0x3e009263d00)
     [<00000015293252ea>] slab_kmem_cache_release+0x3a/0x70
     [<0000001529b04882>] kobject_put+0xaa/0xe8
     [<000000152918cf28>] process_one_work+0x1e8/0x428
     [<000000152918d1b0>] worker_thread+0x48/0x460
     [<00000015291942c6>] kthread+0x126/0x160
     [<0000001529b22344>] ret_from_fork+0x28/0x30
     [<0000001529b2234c>] kernel_thread_starter+0x0/0x10
    Last Breaking-Event-Address:
     [<000000152974684c>] percpu_ref_exit+0x4c/0x58
    ---[ end trace b035e7da5788eb09 ]---

The problem occurs because kmem_cache_destroy() is called immediately
after deleting of a memcg, so it races with the memcg kmem_cache
deactivation.

flush_memcg_workqueue() at the beginning of kmem_cache_destroy() is
supposed to guarantee that all deactivation processes are finished, but
failed to do so.  It waits for an rcu grace period, after which all
children kmem_caches should be deactivated.  During the deactivation
percpu_ref_kill() is called for non root kmem_cache refcounters, but it
requires yet another rcu grace period to finish the transition to the
atomic (dead) state.

So in a rare case when not all children kmem_caches are destroyed at the
moment when the root kmem_cache is about to be gone, we need to wait
another rcu grace period before destroying the root kmem_cache.

This issue can be triggered only with dynamically created kmem_caches
which are used with memcg accounting.  In this case per-memcg child
kmem_caches are created.  They are deactivated from the cgroup removing
path.  If the destruction of the root kmem_cache is racing with the
removal of the cgroup (both are quite complicated multi-stage
processes), the described issue can occur.  The only known way to
trigger it in the real life, is to unload some kernel module which
creates a dedicated kmem_cache, used from different memory cgroups with
GFP_ACCOUNT flag.  If the unloading happens immediately after calling
rmdir on the corresponding cgroup, there is some chance to trigger the
issue.

Link: http://lkml.kernel.org/r/20191129025011.3076017-1-guro@fb.com
Fixes: f0a3a24b53 ("mm: memcg/slab: rework non-root kmem_cache lifecycle management")
Signed-off-by: Roman Gushchin <guro@fb.com>
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-12-04 19:44:11 -08:00
zhong jiang
2e7d31704c mm/kasan/common.c: fix compile error
I hit the following compile error in arch/x86/

   mm/kasan/common.c: In function kasan_populate_vmalloc:
   mm/kasan/common.c:797:2: error: implicit declaration of function flush_cache_vmap; did you mean flush_rcu_work? [-Werror=implicit-function-declaration]
     flush_cache_vmap(shadow_start, shadow_end);
     ^~~~~~~~~~~~~~~~
     flush_rcu_work
   cc1: some warnings being treated as errors

Link: http://lkml.kernel.org/r/1575363013-43761-1-git-send-email-zhongjiang@huawei.com
Fixes: 3c5c3cfb9e ("kasan: support backing vmalloc space with real shadow memory")
Signed-off-by: zhong jiang <zhongjiang@huawei.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Daniel Axtens <dja@axtens.net>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-12-04 19:44:11 -08:00
Linus Torvalds
2f13437b89 Two fixes and one patch that was missed:
Fixes:
 
   - Missing __print_hex_dump undef for processing new function in trace events
   - Stop WARN_ON messages when lockdown disables tracing on boot up
 
  Enhancement:
 
   - Debug option to inject trace events from userspace (for rasdaemon)
 
 The enhancement has its own config option and is non invasive. It's been
 discussed for sever months and should have been added to my original
 push, but I never pulled it into my queue.
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCXehlhRQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qlGgAQCszcDuNyVllj0VwWi4i+0FAQcI12Ad
 W0NGZm0wObGExwD8CDR/CdHq9ulizFQjJfopG6b5Uc3Z4NNJ+QGnMxzBuwo=
 =k31z
 -----END PGP SIGNATURE-----

Merge tag 'trace-v5.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull more tracing updates from Steven Rostedt:
 "Two fixes and one patch that was missed:

  Fixes:

   - Missing __print_hex_dump undef for processing new function in trace
     events

   - Stop WARN_ON messages when lockdown disables tracing on boot up

  Enhancement:

   - Debug option to inject trace events from userspace (for rasdaemon)"

The enhancement has its own config option and is non invasive. It's been
discussed for sever months and should have been added to my original
push, but I never pulled it into my queue.

* tag 'trace-v5.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing: Do not create directories if lockdown is in affect
  tracing: Introduce trace event injection
  tracing: Fix __print_hex_dump scope
2019-12-04 19:13:52 -08:00
Jens Axboe
78076bb64a io_uring: use hash table for poll command lookups
We recently changed this from a single list to an rbtree, but for some
real life workloads, the rbtree slows down the submission/insertion
case enough so that it's the top cycle consumer on the io_uring side.
In testing, using a hash table is a more well rounded compromise. It
is fast for insertion, and as long as it's sized appropriately, it
works well for the cancellation case as well. Running TAO with a lot
of network sockets, this removes io_poll_req_insert() from spending
2% of the CPU cycles.

Reported-by: Dan Melnic <dmm@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-12-04 20:12:58 -07:00
Linus Torvalds
056df578c2 ARC updates for 5.5-rc1
- Jump Label support for ARC
 
  - kmemleak enabled
 
  - arc mm backend TLB Miss / flush optimizations
 
  - nSIM platform switching to dwuart (vs. arcuart) and ensuing defconfig
    updates and cleanups
 
  - axs platform pll / video-mode updates
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEOXpuCuR6hedrdLCJadfx3eKKwl4FAl3oOlcACgkQadfx3eKK
 wl4HZBAAoE2crAUVCNN+5WweCbkW0UDB69AVcxjRWuL/3y4Va0rfyJyNDjc4g8+p
 QUG8RN2+Pdq3Z7zH0dW5JxRuEWNR5QxKF+KJtaFuEXzLG/XgiMonWBKRocP/SDf9
 oBAe+4beYabhAMc4Kz6SnwbHtFxUCUrRAP5CxlrhW7FF1oK4f5qQ0D8vt3NlgNDJ
 mfBZrsmVUkyiPs19x3uFylgZk4xglw2sV3p8RH+g+40YV+WiG1Xh31ViET4MNctv
 dYuF+EgErtuKHIIknpAbRjCwGSj0Q53L/6HNRoJpTnVKBlqrtLuc5LorG9UeIH6g
 pZJAGAt4GuYaarXX2wPeb69sA+GfVHMVbcZKBCm5UdxpiR3Q+fGk/1aWsb97HZW3
 2uUVq8mEaltXhJDU+Mmym8rfpECvZ8JL3nEJ5r9eTQH+1DhAa7FdRIAW+oO4N4xE
 KahVYzICInrykkn6gFOAA04cr4L3asZ16MHwn02C47FKoUjoM7PVWoVbIz32Dc8P
 7ErMP9TWLc51+ko5hiTxHHRWozpwHCxQavcopgRlZLO3iX1MkmFtYyork8t0Oior
 8jSCwcGBm9XCBMkGznhvVcPQOGMB6/9hhHhgNBPcp5bjMz8GoeZx+dFnW7cKzj4D
 TgsfgqpGzvAF4QWHhmx/f32+Yw5/UTJUzjmXguFKgEJidqIDKIc=
 =DK3r
 -----END PGP SIGNATURE-----

Merge tag 'arc-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc

Pull ARC updates from Vineet Gupta

 - Jump Label support for ARC

 - kmemleak enabled

 - arc mm backend TLB Miss / flush optimizations

 - nSIM platform switching to dwuart (vs. arcuart) and ensuing defconfig
   updates and cleanups

 - axs platform pll / video-mode updates

* tag 'arc-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  ARC: add kmemleak support
  ARC: [plat-axs10x]: remove hardcoded video mode from bootargs
  ARC: [plat-axs10x]: use pgu pll instead of fixed clock
  ARC: ARCv2: jump label: implement jump label patching
  ARC: mm: tlb flush optim: elide redundant uTLB invalidates for MMUv3
  ARC: mm: tlb flush optim: elide repeated uTLB invalidate in loop
  ARC: mm: tlb flush optim: Make TLBWriteNI fallback to TLBWrite if not available
  ARC: mm: TLB Miss optim: avoid re-reading ECR
  ARCv2: mm: TLB Miss optim: Use double world load/stores LDD/STD
  ARCv2: mm: TLB Miss optim: SMP builds can cache pgd pointer in mmu scratch reg
  ARC: nSIM_700: remove unused network options
  ARC: nSIM_700: switch to DW UART usage
  ARC: merge HAPS-HS with nSIM-HS configs
  ARC: HAPS: cleanup defconfigs from unused ETH drivers
  ARC: HAPS: add HIGHMEM memory zone to DTS
  ARC: HAPS: use same UART configuration everywhere
  ARC: HAPS: cleanup defconfigs from unused IO-related options
  ARC: regenerate nSIM and HAPS defconfigs
2019-12-04 19:06:18 -08:00
Stanislav Fomichev
ef8c84effc selftests/bpf: De-flake test_tcpbpf
It looks like BPF program that handles BPF_SOCK_OPS_STATE_CB state
can race with the bpf_map_lookup_elem("global_map"); I sometimes
see the failures in this test and re-running helps.

Since we know that we expect the callback to be called 3 times (one
time for listener socket, two times for both ends of the connection),
let's export this number and add simple retry logic around that.

Also, let's make EXPECT_EQ() not return on failure, but continue
evaluating all conditions; that should make potential debugging
easier.

With this fix in place I don't observe the flakiness anymore.

Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Cc: Lawrence Brakmo <brakmo@fb.com>
Link: https://lore.kernel.org/bpf/20191204190955.170934-1-sdf@google.com
2019-12-04 18:01:05 -08:00
Hans Verkuil
a284e11c37 Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers
This increment of rmi_smbus in rmi_smb_read/write_block() causes
garbage to be read/written.

The first read of SMB_MAX_COUNT bytes is fine, but after that
it is nonsense. Trial-and-error showed that by dropping the
increment of rmiaddr everything is fine and the F54 function
properly works.

I tried a hack with rmi_smb_write_block() as well (writing to the
same F54 touchpad data area, then reading it back), and that
suggests that there too the rmiaddr increment has to be dropped.
It makes sense that if it has to be dropped for read, then it has
to be dropped for write as well.

It looks like the initial work with F54 was done using i2c, not smbus,
and it seems nobody ever tested F54 with smbus. The other functions
all read/write less than SMB_MAX_COUNT as far as I can tell, so this
issue was never noticed with non-F54 functions.

With this change I can read out the touchpad data correctly on my
Lenovo X1 Carbon 6th Gen laptop.

Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Link: https://lore.kernel.org/r/8dd22e21-4933-8e9c-a696-d281872c8de7@xs4all.nl
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2019-12-04 17:58:16 -08:00
Lucas Stach
86bcd3a129 Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash
F34 is a bit special as it reinitializes the device and related driver
structs during the firmware update. This clears the fn_irq_mask which
will then prevent F34 from receiving further interrupts, leading to
timeouts during the firmware update. Make sure to reinitialize the
IRQ enables at the appropriate times.

The issue is in F34 code, but the commit in the fixes tag exposed the
issue, as before this commit things would work by accident.

Fixes: 363c53875a (Input: synaptics-rmi4 - avoid processing unknown IRQs)
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Link: https://lore.kernel.org/r/20191129133514.23224-1-l.stach@pengutronix.de
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2019-12-04 17:58:16 -08:00
Hans de Goede
df5b5e555b Input: goodix - add upside-down quirk for Teclast X89 tablet
The touchscreen on the Teclast X89 is mounted upside down in relation to
the display orientation (the touchscreen itself is mounted upright, but the
display is mounted upside-down). Add a quirk for this so that we send
coordinates which match the display orientation.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Bastien Nocera <hadess@hadess.net>
Link: https://lore.kernel.org/r/20191202085636.6650-1-hdegoede@redhat.com
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2019-12-04 17:58:16 -08:00
Mathew King
25b2f1b77a Input: add privacy screen toggle keycode
Add keycode for toggling electronic privacy screen to the keycodes
definition. Some new laptops have a privacy screen which can be toggled
with a key on the keyboard.

Signed-off-by: Mathew King <mathewk@chromium.org>
Link: https://lore.kernel.org/r/20191017163208.235518-1-mathewk@chromium.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2019-12-04 17:58:15 -08:00
Marcel Holtmann
d4b675e1b5 Input: uinput - fix returning EPOLLOUT from uinput_poll
Always return EPOLLOUT from uinput_poll to allow polling /dev/uinput
for writable state.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Link: https://lore.kernel.org/r/20191204025014.5189-1-marcel@holtmann.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2019-12-04 17:58:15 -08:00
Stanislav Fomichev
6bf6affe18 selftests/bpf: Bring back c++ include/link test
Commit 5c26f9a783 ("libbpf: Don't use cxx to test_libpf target")
converted existing c++ test to c. We still want to include and
link against libbpf from c++ code, so reinstate this test back,
this time in a form of a selftest with a clear comment about
its purpose.

v2:
* -lelf -> $(LDLIBS) (Andrii Nakryiko)

Fixes: 5c26f9a783 ("libbpf: Don't use cxx to test_libpf target")
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20191202215931.248178-1-sdf@google.com
2019-12-04 17:57:55 -08:00
Dmitry Torokhov
1e55c176f8 Input: snvs_pwrkey - remove gratuitous NULL initializers
Gratuitous NULL initializers rarely help and often prevent compiler
from warning about using uninitialized variable. Let's remove them.

Reviewed-by: Anson Huang <Anson.Huang@nxp.com>
Link: https://lore.kernel.org/r/20191125211407.GA97812@dtor-ws
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2019-12-04 17:56:55 -08:00
Stanislav Fomichev
01d434ce98 selftests/bpf: Don't hard-code root cgroup id
Commit 40430452fd ("kernfs: use 64bit inos if ino_t is 64bit") changed
the way cgroup ids are exposed to the userspace. Instead of assuming
fixed root id, let's query it.

Fixes: 40430452fd ("kernfs: use 64bit inos if ino_t is 64bit")
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20191202200143.250793-1-sdf@google.com
2019-12-04 17:56:22 -08:00
Jesper Dangaard Brouer
edbca120a8 samples/bpf: Fix broken xdp_rxq_info due to map order assumptions
In the days of using bpf_load.c the order in which the 'maps' sections
were defines in BPF side (*_kern.c) file, were used by userspace side
to identify the map via using the map order as an index. In effect the
order-index is created based on the order the maps sections are stored
in the ELF-object file, by the LLVM compiler.

This have also carried over in libbpf via API bpf_map__next(NULL, obj)
to extract maps in the order libbpf parsed the ELF-object file.

When BTF based maps were introduced a new section type ".maps" were
created. I found that the LLVM compiler doesn't create the ".maps"
sections in the order they are defined in the C-file. The order in the
ELF file is based on the order the map pointer is referenced in the code.

This combination of changes lead to xdp_rxq_info mixing up the map
file-descriptors in userspace, resulting in very broken behaviour, but
without warning the user.

This patch fix issue by instead using bpf_object__find_map_by_name()
to find maps via their names. (Note, this is the ELF name, which can
be longer than the name the kernel retains).

Fixes: be5bca44aa ("samples: bpf: convert some XDP samples from bpf_load to libbpf")
Fixes: 451d1dc886 ("samples: bpf: update map definition to new syntax BTF-defined map")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/157529025128.29832.5953245340679936909.stgit@firesoul
2019-12-04 17:54:15 -08:00
Martin Varghese
d04ac224b1 net: Fixed updating of ethertype in skb_mpls_push()
The skb_mpls_push was not updating ethertype of an ethernet packet if
the packet was originally received from a non ARPHRD_ETHER device.

In the below OVS data path flow, since the device corresponding to
port 7 is an l3 device (ARPHRD_NONE) the skb_mpls_push function does
not update the ethertype of the packet even though the previous
push_eth action had added an ethernet header to the packet.

recirc_id(0),in_port(7),eth_type(0x0800),ipv4(tos=0/0xfc,ttl=64,frag=no),
actions:push_eth(src=00:00:00:00:00:00,dst=00:00:00:00:00:00),
push_mpls(label=13,tc=0,ttl=64,bos=1,eth_type=0x8847),4

Fixes: 8822e270d6 ("net: core: move push MPLS functionality from OvS to core helper")
Signed-off-by: Martin Varghese <martin.varghese@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 17:11:25 -08:00
Dave Airlie
b53bd16fec mgag200- Fix hw with broken 'startadd' support (Thomas)
mst- Avoid skipping payloads in payload deletion loop (Wayne)
 omap- Fix dma_addr refcounting (Tomi)
 
 Cc: Wayne Lin <Wayne.Lin@amd.com>
 Cc: Tomi Valkeinen <tomi.valkeinen@ti.com>
 Cc: Thomas Zimmermann <tzimmermann@suse.de>
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEHF6rntfJ3enn8gh8cywAJXLcr3kFAl3oI3gACgkQcywAJXLc
 r3nPiwf/fIV+EHiCZvnSZfEH9+RTX5LObSf5ngsGNSIspFwTHhJzX5rPOw7as8Vr
 4aceiIJ8/T797V6h53+zHbax945kCIl+kLxUTIisM+EaFHVWjrcUeYm2M+z4ZfZh
 QxMwRuMzPjIIOgRqMzWz7Tr447ypcGG/LmGpTGgjbnybTFJZQp2or3hO5BX+5tpB
 jtNB6sTbiBpdfAmojGHvIpXIc6/0hj+q4slqO4+UkpQGFQdQ5FhUuIjyCibZ0X0a
 JNlvGAYSpbANviXNdakLatwlEFBA/kRKZoaNVrpO1oFHvIsU8fAAoagKkfjgbmjf
 coLv6MoT6rv8uzx0ifhiG12TnHNDWg==
 =trVZ
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-next-fixes-2019-12-04' of git://anongit.freedesktop.org/drm/drm-misc into drm-next

mgag200- Fix hw with broken 'startadd' support (Thomas)
mst- Avoid skipping payloads in payload deletion loop (Wayne)
omap- Fix dma_addr refcounting (Tomi)

Cc: Wayne Lin <Wayne.Lin@amd.com>
Cc: Tomi Valkeinen <tomi.valkeinen@ti.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Sean Paul <sean@poorly.run>
Link: https://patchwork.freedesktop.org/patch/msgid/20191204212255.GA256395@art_vandelay
2019-12-05 11:11:11 +10:00
Alexandru Ardelean
099ffd7edd NFC: NCI: use new delay structure for SPI transfer delays
In a recent change to the SPI subsystem [1], a new `delay` struct was added
to replace the `delay_usecs`. This change replaces the current `delay_secs`
with `delay` for this driver.

The `spi_transfer_delay_exec()` function [in the SPI framework] makes sure
that both `delay_usecs` & `delay` are used (in this order to preserve
backwards compatibility).

[1] commit bebcfd272d ("spi: introduce `delay` field for
`spi_transfer` + spi_transfer_delay_exec()")

Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 17:00:58 -08:00
Russell King
38ecd706ca net: sfp: fix hwmon
The referenced commit below allowed more than one hwmon device to be
created per SFP, which is definitely not what we want. Avoid this by
only creating the hwmon device just as we transition to WAITDEV state.

Fixes: 139d3a212a ("net: sfp: allow modules with slow diagnostics to probe")
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 16:57:52 -08:00
Russell King
0cb96b5749 net: sfp: fix unbind
When unbinding, we don't correctly tear down the module state, leaving
(for example) the hwmon registration behind. Ensure everything is
properly removed by sending a remove event at unbind.

Fixes: 6b0da5c9c1 ("net: sfp: track upstream's attachment state in state machine")
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 16:56:42 -08:00
Dave Airlie
b7fa0cde29 drm/tegra: Fixes for v5.5-rc1
This is a set of small fixes, mostly for regressions introduced with the
 DMA API and DisplayPort support in the main pull request for v5.5-rc1.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEiOrDCAFJzPfAjcif3SOs138+s6EFAl3nqUkTHHRyZWRpbmdA
 bnZpZGlhLmNvbQAKCRDdI6zXfz6zob7fEAC58H3yuqwztw2lmf3rZNPqDh3imClQ
 XCq8bMNDun09rus1H5qz3+GEj1ADhwKdNGI+It8GTEOSruCewAv5OClk04Ios/7p
 p0cyN+glbn0QEoK+pxCq1HxYk4H4QVjUg37X8n/zHag6d2Th8A6lR6mAzV/Uq/I4
 D31/3sX83+YxhdIu+XN/69yLkqIiWlSU8CT17gXvSO9wZGu23rgzngWy4TbrNRUw
 C/SHa2Eb/f11xssepXazCRvfz5s++cdfgG5EWg5Ux2v/2zpuP5yDZiWYMa0aM1lY
 qhuGFEdea51KMMU6JRA0zckuYj4y0nhElgHqzNhUeeKQokDnvNB9NxsSXUKJgtB9
 QiFIJCvLYE4WCiPqjjaNel/kZQ4NJw8PppqnQYnGsYW8jXP7GT1B9h+KBMFDPT6F
 nG6+eYgBCpL81A70q38zn/NV1IP48n6KVrsFI6g+5qi+iJsQVXbhGFWHLAkJVzJB
 rSYKpU8CfyR0zXQKVJa5ikqfpC9W4FoUtpTh3KTOFcO7f54RGms2O/l2DU/F1Iu3
 Qz5EyXYBk8MmDlN/zjTeEiorQXLQMzBSDaJPJ0jqcpFehVkHceWNpCvsIXAX9RCR
 W6zGTNOmWVwZSv5cRWv9XWIP2LQczSsjw4HJqQyBaCIrGnwVDxX7IImCvqkQSyTp
 sCOIBX0tnIvRWw==
 =3LYB
 -----END PGP SIGNATURE-----

Merge tag 'drm/tegra/for-5.5-rc1-fixes' of git://anongit.freedesktop.org/tegra/linux into drm-next

drm/tegra: Fixes for v5.5-rc1

This is a set of small fixes, mostly for regressions introduced with the
DMA API and DisplayPort support in the main pull request for v5.5-rc1.

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Thierry Reding <thierry.reding@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191204124316.3534855-1-thierry.reding@gmail.com
2019-12-05 10:56:12 +10:00
Shannon Nelson
ffac2027e1 ionic: keep users rss hash across lif reset
If the user has specified their own RSS hash key, don't
lose it across queue resets such as DOWN/UP, MTU change,
and number of channels change.  This is fixed by moving
the key initialization to a little earlier in the lif
creation.

Also, let's clean up the RSS config a little better on
the way down by setting it all to 0.

Fixes: aa3198819b ("ionic: Add RSS support")
Signed-off-by: Shannon Nelson <snelson@pensando.io>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 16:37:37 -08:00
Jonathan Lemon
86c76c0989 xdp: obtain the mem_id mutex before trying to remove an entry.
A lockdep splat was observed when trying to remove an xdp memory
model from the table since the mutex was obtained when trying to
remove the entry, but not before the table walk started:

Fix the splat by obtaining the lock before starting the table walk.

Fixes: c3f812cea0 ("page_pool: do not release pool until inflight == 0.")
Reported-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: Jonathan Lemon <jonathan.lemon@gmail.com>
Tested-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 16:35:18 -08:00
Aaron Conole
95219afbb9 act_ct: support asymmetric conntrack
The act_ct TC module shares a common conntrack and NAT infrastructure
exposed via netfilter.  It's possible that a packet needs both SNAT and
DNAT manipulation, due to e.g. tuple collision.  Netfilter can support
this because it runs through the NAT table twice - once on ingress and
again after egress.  The act_ct action doesn't have such capability.

Like netfilter hook infrastructure, we should run through NAT twice to
keep the symmetry.

Fixes: b57dc7c13e ("net/sched: Introduce action ct")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 16:31:15 -08:00
Aaron Conole
5d50aa83e2 openvswitch: support asymmetric conntrack
The openvswitch module shares a common conntrack and NAT infrastructure
exposed via netfilter.  It's possible that a packet needs both SNAT and
DNAT manipulation, due to e.g. tuple collision.  Netfilter can support
this because it runs through the NAT table twice - once on ingress and
again after egress.  The openvswitch module doesn't have such capability.

Like netfilter hook infrastructure, we should run through NAT twice to
keep the symmetry.

Fixes: 05752523e5 ("openvswitch: Interface with NAT.")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 16:31:15 -08:00
Jens Axboe
08bdcc35f0 io-wq: clear node->next on list deletion
If someone removes a node from a list, and then later adds it back to
a list, we can have invalid data in ->next. This can cause all sorts
of issues. One such use case is the IORING_OP_POLL_ADD command, which
will do just that if we race and get woken twice without any pending
events. This is a pretty rare case, but can happen under extreme loads.
Dan reports that he saw the following crash:

BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD d283ce067 P4D d283ce067 PUD e5ca04067 PMD 0
Oops: 0002 [#1] SMP
CPU: 17 PID: 10726 Comm: tao:fast-fiber Kdump: loaded Not tainted 5.2.9-02851-gac7bc042d2d1 #116
Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A17 05/03/2019
RIP: 0010:io_wqe_enqueue+0x3e/0xd0
Code: 34 24 74 55 8b 47 58 48 8d 6f 50 85 c0 74 50 48 89 df e8 35 7c 75 00 48 83 7b 08 00 48 8b 14 24 0f 84 84 00 00 00 48 8b 4b 10 <48> 89 11 48 89 53 10 83 63 20 fe 48 89 c6 48 89 df e8 0c 7a 75 00
RSP: 0000:ffffc90006858a08 EFLAGS: 00010082
RAX: 0000000000000002 RBX: ffff889037492fc0 RCX: 0000000000000000
RDX: ffff888e40cc11a8 RSI: ffff888e40cc11a8 RDI: ffff889037492fc0
RBP: ffff889037493010 R08: 00000000000000c3 R09: ffffc90006858ab8
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888e40cc11a8
R13: 0000000000000000 R14: 00000000000000c3 R15: ffff888e40cc1100
FS:  00007fcddc9db700(0000) GS:ffff88903fa40000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000e479f5003 CR4: 00000000007606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
 <IRQ>
 io_poll_wake+0x12f/0x2a0
 __wake_up_common+0x86/0x120
 __wake_up_common_lock+0x7a/0xc0
 sock_def_readable+0x3c/0x70
 tcp_rcv_established+0x557/0x630
 tcp_v6_do_rcv+0x118/0x3c0
 tcp_v6_rcv+0x97e/0x9d0
 ip6_protocol_deliver_rcu+0xe3/0x440
 ip6_input+0x3d/0xc0
 ? ip6_protocol_deliver_rcu+0x440/0x440
 ipv6_rcv+0x56/0xd0
 ? ip6_rcv_finish_core.isra.18+0x80/0x80
 __netif_receive_skb_one_core+0x50/0x70
 netif_receive_skb_internal+0x2f/0xa0
 napi_gro_receive+0x125/0x150
 mlx5e_handle_rx_cqe+0x1d9/0x5a0
 ? mlx5e_poll_tx_cq+0x305/0x560
 mlx5e_poll_rx_cq+0x49f/0x9c5
 mlx5e_napi_poll+0xee/0x640
 ? smp_reschedule_interrupt+0x16/0xd0
 ? reschedule_interrupt+0xf/0x20
 net_rx_action+0x286/0x3d0
 __do_softirq+0xca/0x297
 irq_exit+0x96/0xa0
 do_IRQ+0x54/0xe0
 common_interrupt+0xf/0xf
 </IRQ>
RIP: 0033:0x7fdc627a2e3a
Code: 31 c0 85 d2 0f 88 f6 00 00 00 55 48 89 e5 41 57 41 56 4c 63 f2 41 55 41 54 53 48 83 ec 18 48 85 ff 0f 84 c7 00 00 00 48 8b 07 <41> 89 d4 49 89 f5 48 89 fb 48 85 c0 0f 84 64 01 00 00 48 83 78 10

when running a networked workload with about 5000 sockets being polled
for. Fix this by clearing node->next when the node is being removed from
the list.

Fixes: 6206f0e180 ("io-wq: shrink io_wq_work a bit")
Reported-by: Dan Melnic <dmm@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-12-04 17:26:57 -07:00
Aneesh Kumar K.V
551003fff7 powerpc/pmem: Convert to EXPORT_SYMBOL_GPL
All other architecture export this as GPL symbol

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20191202064018.155083-1-aneesh.kumar@linux.ibm.com
2019-12-05 09:17:42 +11:00
Ard Biesheuvel
b6afd1234c powerpc/archrandom: fix arch_get_random_seed_int()
Commit 01c9348c76

  powerpc: Use hardware RNG for arch_get_random_seed_* not arch_get_random_*

updated arch_get_random_[int|long]() to be NOPs, and moved the hardware
RNG backing to arch_get_random_seed_[int|long]() instead. However, it
failed to take into account that arch_get_random_int() was implemented
in terms of arch_get_random_long(), and so we ended up with a version
of the former that is essentially a NOP as well.

Fix this by calling arch_get_random_seed_long() from
arch_get_random_seed_int() instead.

Fixes: 01c9348c76 ("powerpc: Use hardware RNG for arch_get_random_seed_* not arch_get_random_*")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20191204115015.18015-1-ardb@kernel.org
2019-12-05 08:21:16 +11:00
Wayne Lin
e5a6ca27eb drm/dp_mst: Correct the bug in drm_dp_update_payload_part1()
[Why]
If the payload_state is DP_PAYLOAD_DELETE_LOCAL in series, current
code doesn't delete the payload at current index and just move the
index to next one after shuffling payloads.

[How]
Drop the i++ increasing part in for loop head and decide whether
to increase the index or not according to payload_state of current
payload.

Changes since v1:
* Refine the code to have it easy reading
* Amend the commit message to meet the way code is modified now.

Signed-off-by: Wayne Lin <Wayne.Lin@amd.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Fixes: 706246c761 ("drm/dp_mst: Refactor drm_dp_update_payload_part1()")
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Juston Li <juston.li@intel.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: Sean Paul <sean@poorly.run>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v5.1+
[Added cc for stable]
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191203042423.5961-1-Wayne.Lin@amd.com
2019-12-04 15:31:16 -05:00
David S. Miller
7b3b209e61 Merge branch 'net-convert-ipv6_stub-to-ip6_dst_lookup_flow'
Sabrina Dubroca says:

====================
net: convert ipv6_stub to ip6_dst_lookup_flow

Xiumei Mu reported a bug in a VXLAN over IPsec setup:

  IPv6 | ESP | VXLAN

Using this setup, packets go out unencrypted, because VXLAN over IPv6
gets its route from ipv6_stub->ipv6_dst_lookup (in vxlan6_get_route),
which doesn't perform an XFRM lookup.

This patchset first makes ip6_dst_lookup_flow suitable for some
existing users of ipv6_stub->ipv6_dst_lookup by adding a 'net'
argument, then converts all those users.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 12:27:13 -08:00
Sabrina Dubroca
6c8991f415 net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
ipv6_stub uses the ip6_dst_lookup function to allow other modules to
perform IPv6 lookups. However, this function skips the XFRM layer
entirely.

All users of ipv6_stub->ip6_dst_lookup use ip_route_output_flow (via the
ip_route_output_key and ip_route_output helpers) for their IPv4 lookups,
which calls xfrm_lookup_route(). This patch fixes this inconsistent
behavior by switching the stub to ip6_dst_lookup_flow, which also calls
xfrm_lookup_route().

This requires some changes in all the callers, as these two functions
take different arguments and have different return types.

Fixes: 5f81bd2e5d ("ipv6: export a stub for IPv6 symbols used by vxlan")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 12:27:13 -08:00
Sabrina Dubroca
c4e85f73af net: ipv6: add net argument to ip6_dst_lookup_flow
This will be used in the conversion of ipv6_stub to ip6_dst_lookup_flow,
as some modules currently pass a net argument without a socket to
ip6_dst_lookup. This is equivalent to commit 343d60aada ("ipv6: change
ipv6_stub_impl.ipv6_dst_lookup to take net argument").

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-04 12:27:12 -08:00
Linus Torvalds
aedc0650f9 * PPC secure guest support
* small x86 cleanup
 * fix for an x86-specific out-of-bounds write on a ioctl (not guest triggerable,
   data not attacker-controlled)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJd551cAAoJEL/70l94x66D+JkH/R3eEOyvckPmYmzd0lnV8mQ/
 7e0n2G/aD+iLZkcCbUnMaImdmSJmoEEJCPjgPk/5nJ3zUi5b/ABWyidEM5uf19Hl
 rzKBg0DR7BiQptPnZv2JMwEVKu3JOTchMykqu9xXChQlICocZ0xjdOA6nQ19p0Lv
 FulDw5MUaWrXevIzCBskQ38zJejRQA6CpD1lQkHn7LKS9p3p+BsAOd/Ouy87RfWG
 b3ktECNbXyO6KStrrhgm+z8pviWY+kqYklyBlDOOwxWif0x8WvNDpQLoVo+ZuhLU
 Me8YJ1BN75vFlxzh6ZK5exBUnm9E3fGVKIaaF+dpuds2x+j4HnYl+lZCm89MdqY=
 =Q4v7
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull more KVM updates from Paolo Bonzini:

 - PPC secure guest support

 - small x86 cleanup

 - fix for an x86-specific out-of-bounds write on a ioctl (not guest
   triggerable, data not attacker-controlled)

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  kvm: vmx: Stop wasting a page for guest_msrs
  KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
  Documentation: kvm: Fix mention to number of ioctls classes
  powerpc: Ultravisor: Add PPC_UV config option
  KVM: PPC: Book3S HV: Support reset of secure guest
  KVM: PPC: Book3S HV: Handle memory plug/unplug to secure VM
  KVM: PPC: Book3S HV: Radix changes for secure guest
  KVM: PPC: Book3S HV: Shared pages support for secure guests
  KVM: PPC: Book3S HV: Support for running secure guests
  mm: ksm: Export ksm_madvise()
  KVM x86: Move kvm cpuid support out of svm
2019-12-04 11:08:30 -08:00
Linus Torvalds
6cdc7f2efc Second set of RISC-V updates for v5.5-rc1
A few minor RISC-V updates for v5.5-rc1 that arrived late.
 
 New features:
 
 - Dump some kernel virtual memory map details to the console if
   CONFIG_DEBUG_VM is enabled
 
 Other improvements:
 
 - Enable more debugging options in the primary defconfigs
 
 Cleanups:
 
 - Clean up Kconfig indentation
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEElRDoIDdEz9/svf2Kx4+xDQu9KksFAl3ncs4ACgkQx4+xDQu9
 KktjTBAAguXH7c/9QIiTXnxhQgqvoJgP5R5CIEOM8PU9aTGwVIU8xgMVRY46GdSq
 mtCaokxgWougrFmngh5eHNdRes539w/IqTX+T7MdtIijHsotvAVdeT0w9U+bxAFA
 +zyGDff0OoAwxXKTMCgPfbhHjJ0CQsBJACoh9Qf89KU9xysYYTofdcEaKuK6uMiz
 KqEwNep0GWurIu4+8Q9jkRV302PSH6rAoamz82TE4/u8vaUOGDWXdHRRJWOFIUbM
 RnWKuPQGGpaBhcj4IHasHZncC7ZuqoFkb0Si+lzPr/4a3XGpUwYSyKzNn1mWz9K7
 xLsnzK+w4AxCz+oH1bkpMzEpzb3Hd29W3a9E6dCkuEfJlBrfQ7O76pYYlrSZ6Wag
 ANyWVRZDVcX8MRQHjxExbrCTH7O+LEpV8oL6GnVLx8UeC2jBbyvG0xCh2fB0QpSC
 etoH0M9tkAQis/jjGAvcBZ47mVT3tesV/19OP3uoYPLh2JdwEOPeUQE3jq3do302
 gmLOFuS6YAEWQHV8ca2cXvI5RER2SWfl+TgiGNJXGakfbwFg+1bzZsqeC39fqkPo
 /f//LyrmU0plqVzAKd+ZpwR2NfjRfMI5vChBTN87Gx/mI/8AiVKuuEOCyaTTp44W
 axtRHs0z9rbqb3FuTSfJGhbiTSt29iILIUi2jkHS3v6M+mGKTRA=
 =IXlq
 -----END PGP SIGNATURE-----

Merge tag 'riscv/for-v5.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull more RISC-V updates from Paul Walmsley:
 "A few minor RISC-V updates for v5.5-rc1 that arrived late.

  New features:

   - Dump some kernel virtual memory map details to the console if
     CONFIG_DEBUG_VM is enabled

  Other improvements:

   - Enable more debugging options in the primary defconfigs

  Cleanups:

   - Clean up Kconfig indentation"

* tag 'riscv/for-v5.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  RISC-V: Add address map dumper
  riscv: defconfigs: enable more debugging options
  riscv: defconfigs: enable debugfs
  riscv: Fix Kconfig indentation
2019-12-04 11:07:00 -08:00
Linus Torvalds
ef66f6b8e3 Cleanup some leftover para-virtualization pieces
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJd5/h/AAoJEKurIx+X31iBmkQQAKir8H4eAzsZbhGWc4KYL/f9
 uCzSYCehgcZrR3dvf/vVrK0lKDvR0G1mho3gYTxpANhCwdEdACOZaKyF9On+w3Go
 iBdO0XSxxz2A7TX3BznDu55crD98961mP6vKSodAQRjIEWRyw9WE6wpJpuEOeooh
 2NMhcflM2HYK1Ygfxxl343dJbkaUy0ZPl7oGNKECBhyyCt36kzK5+7KJi9R4zqxu
 pFnGRFt3cxLREp4dl3tmXDLhYr21rMWkKu4rHCojic+lrWmxb2aftQuHoSDcWuix
 o/X4XQrlqu1nE2VaxUFdQ3FphVJFOhwUkx4pUt24aG2fqrSdPZwIHmDgw9rg1mJx
 ga4SSASDLfFuZy7yLjm0oe3np2WJwPXAR3CG/7LEd7kA1/wgaSA97LYOoHU9duz+
 /XbpWFeNP1IJHu09hdnkRIPbeEH3ur+AzY9cAmt8FscGi/QN7dK341Lr3hCyd71K
 rI4+bz9XJQsUQ06eTtkFHgiSyPTpaqCbdwfWuo6ujrtiB45PQt6hAT4apMbxhrlP
 0Tialx9bG8QvcfeNF0Da1IZYj/lgN5fSzCYKqRX75ZG8U4vER1zhSVrG1ZgeerY8
 dTX8ts0HEJKRgAYQata2j7fHD00BJc4V72blPZM7DzNPOmtHN2edlA0QuQZAmJKt
 JEkdWyA0XmnH2HLV6Ej9
 =dKZ1
 -----END PGP SIGNATURE-----

Merge tag 'please-pull-misc-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux

Pull ia64 update from Tony Luck:
 "Cleanup some leftover para-virtualization pieces"

* tag 'please-pull-misc-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
  ia64: remove stale paravirt leftovers
2019-12-04 11:05:13 -08:00
Linus Torvalds
b92f3d32e0 Additional ACPI updates for 5.5-rc1
- Fix locking issue in acpi_os_map_cleanup() leading to a race
    condition that can be harnessed for provoking a kernel panic
    from user space (Francesco Ruggeri).
 
  - Fix parameter check in acpi_bus_get_private_data() (Vamshi K
    Sthambamkadi).
 
  - Allow GPE 0xFF to be masked via kernel command line (Yunfeng Ye).
 
  - Add a new lid switch blacklist entry for Acer Switch 10 SW5-032
    to the ACPI button driver (Hans de Goede).
 
  - Clean up Kconfig (Krzysztof Kozlowski).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl3nhzoSHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRxeiwQAKfF2fviDutNhGVq8fYzB+CzSZnnvMeR
 EtH67z/RE/x9NqO16efhgKvdV4IIXhsDsvsQX4Ern5qsOanzdiEMUWOXSrLMJvTY
 BqlLTifNDNd7JA1ik464eRaU8Ajg++1QaFGWTOHqbAsKZiyMSARxrBKn9GAguGNr
 BRy6tSTnBl8K8h5TvpPUP8r9Py/GsUK8oUQIRKeYvfuhkNwnuTO0yOuDlYEQqjD2
 VVJ5PgYbZh2Nem2xl3DsgCf155ekoniaYuCKkok+nx20pioCxkcqbbHkUM/ZiMIY
 MHppOyho4uB6g1DCR78LgZ+JL7DpTKcnupLcMaZooxQoFcsh3i0R+fdCp6Bv2O9J
 SI7rdGHlmF7bL+t/mPM6STboEvNk8HoacP9lDMrjKJzM7v0N7zQF/hQn3VzYnsq/
 W/ptIcOw2xoQ9/PK+e8U6tNv6uP5QQG60imiVsEYx+zSjRXuSJCJmu30jJyuvvO8
 /UuNbUwOvNVh9QwU1MFX0I3JBLe+oxaBn3owuzm3nDHo/+yMCGV6e49yzMIoE2kD
 JFuJQiFkwJUlWlk3YcnRtiXLMMHOVH/ni7jUJWNy64LGbJx4pqtazpiHlzYSEf4f
 UDawPvs/AOeKJ2TiLpCuflfgowvGJHEZxfjsmY6KDmnmW1kKRuwo2hABJcmBwn8Y
 nEjN2SqAq1Td
 =l4tH
 -----END PGP SIGNATURE-----

Merge tag 'acpi-5.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull additional ACPI updates from Rafael Wysocki:
 "These close a nasty race condition in the ACPI memory mappings
  management code and an invalid parameter check in a library routing,
  allow GPE 0xFF to be masked via kernel command line, add a new lid
  switch blacklist entry and clean up Kconfig.

  Specifics:

   - Fix locking issue in acpi_os_map_cleanup() leading to a race
     condition that can be harnessed for provoking a kernel panic from
     user space (Francesco Ruggeri)

   - Fix parameter check in acpi_bus_get_private_data() (Vamshi K
     Sthambamkadi)

   - Allow GPE 0xFF to be masked via kernel command line (Yunfeng Ye)

   - Add a new lid switch blacklist entry for Acer Switch 10 SW5-032 to
     the ACPI button driver (Hans de Goede)

   - Clean up Kconfig (Krzysztof Kozlowski)"

* tag 'acpi-5.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
  ACPI: Fix Kconfig indentation
  ACPI: OSL: only free map once in osl.c
  ACPI: button: Add DMI quirk for Acer Switch 10 SW5-032 lid-switch
  ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100
2019-12-04 10:56:35 -08:00
Linus Torvalds
ef867c12f3 Additional power management updates for 5.5-rc1
- Avoid a race condition in the ACPI EC driver that may cause
    systems to be unable to leave suspend-to-idle (Rafael Wysocki).
 
  - Drop the "disabled" field, which is redundant, from struct
    cpuidle_state (Rafael Wysocki).
 
  - Reintroduce device PM QoS frequency constraints (temporarily
    introduced and than dropped during the 5.4 cycle) in preparation
    for adding QoS support to devfreq (Leonard Crestez).
 
  - Clean up indentation (in multiple places) and the cpuidle drivers
    help text in Kconfig (Krzysztof Kozlowski, Randy Dunlap).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl3nhpQSHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRxQj4P/2HbVROWMON7q9iWhgO59qABEbqU8M7L
 DaJ2gu+bDe3FQ9Ek6Y2EObfGw3nl9riyGbZH/jVmcOkbuXE+aQXv/j7eEnM9G35+
 8+JSfhucVsohaHVxT2ROMv+7YD+pLyWK1ivuVK/dNcvmxQaC9CKrmn3GF2ujkqNR
 ahdRRzZobGeC6mc8tms3GYpWkd1R5zd74ALGVsw9i/eB3P/YgrlS8HaQynpbaflZ
 qhRKZgsTf8QD6+OG+6HQhWpOfAlG36dsJnvuk0Oa0Cpnw+Zfj6WoR1jpL9ufNWBM
 Re1faTfppy6Hnyxr62Ytkbq2pYozTVAnQM+TKNIGoqxA4OIXvhgQpBqApmuJXpRx
 ZFBfr943f7I2jmAAznHeiW9l3n+4h725rpoxKapnlO3OMRDwCTqxbMahiS+CDULd
 gSu4prnoBdd9WrwiR7M1PA4X2Eb2M0kYFQUr7BltlTgjLHjQy47Mnazh9WxYBAv8
 p1tip39QHeZcdO3rdW1O21ljNekEIOFAi5bVVECsR6RyA+KR+vHgFP9pMUWyCpgU
 +rde+MdGKIL3sw/szNhTTDfQ49vz/ObcipJg3/rakq6jXeFL4n5NwMy5jYrquPlx
 xxHx3Yp1PCBEZ1TXS6+JjznvQBU/G/7YvoWobpqwN/IL1wa55rWOX8Ah1+YnfLzF
 fGzh0EvPJKyM
 =KAyd
 -----END PGP SIGNATURE-----

Merge tag 'pm-5.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull additional power management updates from Rafael Wysocki:
 "These fix an ACPI EC driver bug exposed by the recent rework of the
  suspend-to-idle code flow, reintroduce frequency constraints into
  device PM QoS (in preparation for adding QoS support to devfreq), drop
  a redundant field from struct cpuidle_state and clean up Kconfig in
  some places.

  Specifics:

   - Avoid a race condition in the ACPI EC driver that may cause systems
     to be unable to leave suspend-to-idle (Rafael Wysocki)

   - Drop the "disabled" field, which is redundant, from struct
     cpuidle_state (Rafael Wysocki)

   - Reintroduce device PM QoS frequency constraints (temporarily
     introduced and than dropped during the 5.4 cycle) in preparation
     for adding QoS support to devfreq (Leonard Crestez)

   - Clean up indentation (in multiple places) and the cpuidle drivers
     help text in Kconfig (Krzysztof Kozlowski, Randy Dunlap)"

* tag 'pm-5.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI: PM: s2idle: Rework ACPI events synchronization
  ACPI: EC: Rework flushing of pending work
  PM / devfreq: Add missing locking while setting suspend_freq
  PM / QoS: Restore DEV_PM_QOS_MIN/MAX_FREQUENCY
  PM / QoS: Reorder pm_qos/freq_qos/dev_pm_qos structs
  PM / QoS: Initial kunit test
  PM / QoS: Redefine FREQ_QOS_MAX_DEFAULT_VALUE to S32_MAX
  power: avs: Fix Kconfig indentation
  cpufreq: Fix Kconfig indentation
  cpuidle: minor Kconfig help text fixes
  cpuidle: Drop disabled field from struct cpuidle_state
  cpuidle: Fix Kconfig indentation
2019-12-04 10:48:09 -08:00
Jens Axboe
2d28390aff io_uring: ensure deferred timeouts copy necessary data
If we defer a timeout, we should ensure that we copy the timespec
when we have consumed the sqe. This is similar to commit f67676d160
for read/write requests. We already did this correctly for timeouts
deferred as links, but do it generally and use the infrastructure added
by commit 1a6b74fc87 instead of having the timeout deferral use its
own.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-12-04 11:12:08 -07:00
Aurelien Aptel
9a7d5a9e6d cifs: fix possible uninitialized access and race on iface_list
iface[0] was accessed regardless of the count value and without
locking.

* check count before accessing any ifaces
* make copy of iface list (it's a simple POD array) and use it without
  locking.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
2019-12-04 11:51:18 -06:00
Paulo Alcantara (SUSE)
3345bb44ba cifs: Fix lookup of SMB connections on multichannel
With the addition of SMB session channels, we introduced new TCP
server pointers that have no sessions or tcons associated with them.

In this case, when we started looking for TCP connections, we might
end up picking session channel rather than the master connection,
hence failing to get either a session or a tcon.

In order to fix that, this patch introduces a new "is_channel" field
to TCP_Server_Info structure so we can skip session channels during
lookup of connections.

Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2019-12-04 11:50:32 -06:00
Jens Axboe
901e59bba9 io_uring: allow IO_SQE_* flags on IORING_OP_TIMEOUT
There's really no reason why we forbid things like link/drain etc on
regular timeout commands. Enable the usual SQE flags on timeouts.

Reported-by: 李通洲 <carter.li@eoitek.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-12-04 10:34:03 -07:00
Christoph Hellwig
1cea335d1d iomap: fix sub-page uptodate handling
bio completions can race when a page spans more than one file system
block.  Add a spinlock to synchronize marking the page uptodate.

Fixes: 9dc55f1389 ("iomap: add support for sub-pagesize buffered I/O without buffer heads")
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2019-12-04 09:33:52 -08:00
Alex Williamson
9917b54ade Merge branch 'v5.5/vfio/jiang-yi-irq-bypass-unregister-v1' into v5.5/vfio/next 2019-12-04 10:15:56 -07:00
Tomi Valkeinen
d9c148cfaf drm/omap: fix dma_addr refcounting
cec4fa7511 ("drm/omap: use refcount API to
track the number of users of dma_addr") changed omap_gem.c to use
refcounting API to track dma_addr uses.  However, the driver only tracks
the refcounts for non-contiguous buffers, and the patch didn't fully
take this in account.

After the patch, the driver always decreased refcount in omap_gem_unpin,
instead of decreasing the refcount only for non-contiguous buffers. This
leads to refcounting mismatch.

As for the contiguous cases the refcount is never increased, fix this
issue by returning from omap_gem_unpin if the buffer being unpinned is
contiguous.

Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191114080343.30704-1-tomi.valkeinen@ti.com
Fixes: cec4fa7511 ("drm/omap: use refcount API to track the number of users of dma_addr")
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
2019-12-04 19:11:28 +02:00
Jens Axboe
bca1c43cb2 null_blk: remove unused variable warning on !CONFIG_BLK_DEV_ZONED
If BLK_DEV_ZONED isn't set, 'ret' isn't used. This makes gcc complain,
rightfully. Move ret where it is used.

Fixes: 979d54475e ("null_blk: cleanup null_gendisk_register")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-12-04 09:17:41 -07:00
Ming Lei
f1acbf2186 brd: warn on un-aligned buffer
Queue dma alignment limit requires users(fs, target, ...) of block layer
to pass aligned buffer.

So far brd doesn't support un-aligned buffer, even though it is easy
to support it.

However, given brd is often used for debug purpose, and there are other
drivers which can't support un-aligned buffer too.

So add warning so that brd users know what to fix.

Reported-by: Stephen Rust <srust@blockbridge.com>
Cc: Stephen Rust <srust@blockbridge.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-12-04 09:04:26 -07:00