Commit Graph

811752 Commits

Author SHA1 Message Date
David S. Miller
3da15ad3e9 mlx5-fixes-2019-01-25
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcS2rdAAoJEEg/ir3gV/o+CZ8IAMX4yWUWjzgrIDdOc1OEgHJQ
 FDCMtTDm/I+m1UInAgoigRia2RyIL99N81Vrx+p+otCOml/U5IXPt5tuJfSNQYZ3
 p9MibQSXtKJ9jhowOVZdYlTx9CXti75BS45wHKZPlL7V+gCC2Q7/8aviuRlkQKAN
 4pQNDreNiiB8PznXG/yCyzEu0Kc9M/Bv89xdLynVpDTxBfEfI8xSv4PttUcAxaQ5
 Fs/489wuODyhAczOquQj1dvn61zUamaPp6z0h+GbZOCQv0AO7ABRZl+7o5C5r+rA
 i7R4ak6WIgW3snIzhCdpynPfas8kUIvxJjkNCZuoFsefrBRsNv5RvtfCkuzyms4=
 =3epF
 -----END PGP SIGNATURE-----

Merge tag 'mlx5-fixes-2019-01-25' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

Saeed Mahameed says:

====================
Mellanox, mlx5 fixes 2019-01-25

This series introduces some fixes to mlx5 driver.
For more information please see tag log below.

Please pull and let me know if there is any problem.

For -stable v4.13
('net/mlx5e: Allow MAC invalidation while spoofchk is ON')

For -stable v4.18
('Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager"')
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-27 11:06:45 -08:00
Linus Torvalds
983542434e Fix persistent register offsets of altera_edac, from Thor Thayer.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAlxNl8YACgkQEsHwGGHe
 VUr3mBAAkUj7sGjvgChf0nWu2fdgBMsgWEQsw1p+zc3tobAdSAEqVrBq4qavjGwM
 WBekudrSsBeutA3Tq7S6CRuJrMO1eOH09569vsDoHBrRJkkJeeRLZhyW3hMdcmJe
 DgqlZ7QfWmVM/cGvCtOdKLYpzAXS/mXB5gtW+JQn2VWqFry1lLnCZIIMXqoqGk0U
 7ZqT4qX8XTDYwSqukG012jtfxxd/ppXnkDSMcz3SVO0CvJJE+Ps4W5HKKdFzmk85
 waVv2d3mT3+37CTPVeBR/r27d6zJDZhJEzv8yQ7npflVWiOFHk4yOce26w7doFQ2
 TX8CwpM1wgP1HxLRH4ZdiV6csCjFH7AN0H1RYyD1OrgTB0+8wfR2LH1X8JP+Q9pN
 vVEqwu2zuYYdZkhRs8GlKBIS8ic63Lc1kXS12UJIBLsdj5XSC9uzSqwv8wkqNhzn
 9zd8a5ZMcs9H1rjSnbygtWbCpG04ZDXZoTAgEwFnANaszRMyRp5qR9JOnOY3odZ4
 384wpuarUtrH5+vjMB+IWZfAsZbOzAxViA1X9F515nCPJzLfZucBuwt+KeM5dsO3
 60rA0bBylanlVmheDhSlr5DWCflnl2H0lfkKcXh98+1eBidoijI6+/Zq5Iyh6yR3
 pSM8MwocNOSs79rUxZzbEkJ5+33SuVFPMpnhkFxAna1rgR83e5E=
 =Ihry
 -----END PGP SIGNATURE-----

Merge tag 'edac_fix_for_5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp

Pull EDAC fix from Borislav Petkov:
 "Fix persistent register offsets of altera_edac, from Thor Thayer"

* tag 'edac_fix_for_5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp:
  EDAC, altera: Fix S10 persistent register offset
2019-01-27 11:00:37 -08:00
Linus Torvalds
419967d53f for-linus-20190127
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAlxNt5IQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgplPtD/90REklPF4wdDmg1FXyGa7VU5iImwfqIDUY
 Vie2EQ/FOwMNb7F0t74KN2QJhC0H0kUp3RYj4vZULXWWs/Sai/zhc34lcP4SLbfC
 vkCvH526f/U167ZDbym2O2W4QYltYp5wxvM8PbIvlh2ASlsd4JN8goekC6B3vXnd
 as7ZHM81vzQo6BMAfabIRYyBdkVkDyIktoYqGB7sV8CN1Al5SzguFfE0D2EU4Su5
 Rg7UCKihy0MJV8hIDErX7UzIXwqJ0qf3sDQ0/PTtF/Tfwm1S5uk65l3VBVhqgZfk
 0q9N4FvyxaWjjsCTjPMOq8P69G7LnjXGSTm1Y3gAeXwkUEBfNQOKadxBmCpyIRA7
 mVi50IgzcpsjOBFptd7NHufvxLH+KPKgWMnMa9PeO4m7LwPzjlLPtlpmAk5ssNcv
 zwVn21Zcz2PJ8TwL/VKv8vAGraT6BjiC0uCsiQXIXZskuhOBZorx+dpd87QHb/Gf
 VVFahE1aCIfRF/ARf5VLanCzijN6XVx3sT/GSHWzetpbzKqMSQ35N2O6QONuanP2
 TY3BI4P9AJww8FsaIoYwTZEn3jIhz+SYUcZkOcCBSU1SeQBk9nNPlOHszyaO5Did
 KlS8H/tdlpBqLVtmKCp3XNmVSdCwLJR9/RVNnRkbMMlRZzde1+VpxanqV8Tff8UL
 /GI2r0Z5Rw==
 =9xzu
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20190127' of git://git.kernel.dk/linux-block

Pull block revert from Jens Axboe:
 "Silly error snuck into a patch from the last series, let's do a revert
  to avoid a potential use-after-free"

* tag 'for-linus-20190127' of git://git.kernel.dk/linux-block:
  Revert "block: cover another queue enter recursion via BIO_QUEUE_ENTERED"
2019-01-27 10:58:20 -08:00
Bernard Pidoux
b0cf029234 net/rose: fix NULL ax25_cb kernel panic
When an internally generated frame is handled by rose_xmit(),
rose_route_frame() is called:

        if (!rose_route_frame(skb, NULL)) {
                dev_kfree_skb(skb);
                stats->tx_errors++;
                return NETDEV_TX_OK;
        }

We have the same code sequence in Net/Rom where an internally generated
frame is handled by nr_xmit() calling nr_route_frame(skb, NULL).
However, in this function NULL argument is tested while it is not in
rose_route_frame().
Then kernel panic occurs later on when calling ax25cmp() with a NULL
ax25_cb argument as reported many times and recently with syzbot.

We need to test if ax25 is NULL before using it.

Testing:
Built kernel with CONFIG_ROSE=y.

Signed-off-by: Bernard Pidoux <f6bvp@free.fr>
Acked-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: syzbot+1a2c456a1ea08fa5b5f7@syzkaller.appspotmail.com
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Bernard Pidoux <f6bvp@free.fr>
Cc: linux-hams@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-27 10:40:01 -08:00
Tomonori Sakita
6571ebce11 net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
If fill_level was not zero and status was not BUSY,
result of "tx_prod - tx_cons - inuse" might be zero.
Subtracting 1 unconditionally results invalid negative return value
on this case.
Make sure not to return an negative value.

Signed-off-by: Tomonori Sakita <tomonori.sakita@sord.co.jp>
Signed-off-by: Atsushi Nemoto <atsushi.nemoto@sord.co.jp>
Reviewed-by: Dalon L Westergreen <dalon.westergreen@linux.intel.com>
Acked-by: Thor Thayer <thor.thayer@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-27 10:39:07 -08:00
Cong Wang
63346650c1 netrom: switch to sock timer API
sk_reset_timer() and sk_stop_timer() properly handle
sock refcnt for timer function. Switching to them
could fix a refcounting bug reported by syzbot.

Reported-and-tested-by: syzbot+defa700d16f1bd1b9a05@syzkaller.appspotmail.com
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-hams@vger.kernel.org
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-27 10:38:04 -08:00
David S. Miller
c303a9b297 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:

====================
pull request (net): ipsec 2019-01-25

1) Several patches to fix the fallout from the recent
   tree based policy lookup work. From Florian Westphal.

2) Fix VTI for IPCOMP for 'not compressed' IPCOMP packets.
   We need an extra IPIP handler to process these packets
   correctly. From Su Yanjun.

3) Fix validation of template and selector families for
   MODE_ROUTEOPTIMIZATION with ipv4-in-ipv6 packets.
   This can lead to a stack-out-of-bounds because
   flowi4 struct is treated as flowi6 struct.
   Fix from Florian Westphal.

4) Restore the default behaviour of the xfrm set-mark
   in the output path. This was changed accidentally
   when mark setting was extended to the input path.
   From Benedict Wong.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-27 10:30:01 -08:00
Max Filippov
25384ce5f9 xtensa: SMP: limit number of possible CPUs by NR_CPUS
This fixes the following warning at boot when the kernel is booted on a
board with more CPU cores than was configured in NR_CPUS:

  smp_init_cpus: Core Count = 8
  smp_init_cpus: Core Id = 0
  ------------[ cut here ]------------
  WARNING: CPU: 0 PID: 0 at include/linux/cpumask.h:121 smp_init_cpus+0x54/0x74
  Modules linked in:
  CPU: 0 PID: 0 Comm: swapper Not tainted 5.0.0-rc3-00015-g1459333f88a0 #124
  Call Trace:
    __warn$part$3+0x6a/0x7c
    warn_slowpath_null+0x35/0x3c
    smp_init_cpus+0x54/0x74
    setup_arch+0x1c0/0x1d0
    start_kernel+0x44/0x310
    _startup+0x107/0x107

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-27 10:04:30 -08:00
Linus Torvalds
1fc7f56db7 Quite a few fixes for x86: nested virtualization save/restore, AMD nested virtualization
and virtual APIC, 32-bit fixes, an important fix to restore operation on older
 processors, and a bunch of hyper-v bugfixes.  Several are marked stable.
 
 There are also fixes for GCC warnings and for a GCC/objtool interaction.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJcTBqRAAoJEL/70l94x66DF8wH/0LKWQd4ay54OgpfdPRcUqXa
 yW10qqnO5OZfpI19UU2rfv2QXrdSOnDafgN6xiQ2Dz7m3JsZB7gBDsCCYKzeUgCz
 YB0UVcX1ZS+gr3igDDHIw3lWPBUqDIzKmEJO++9nAbDi4gOmWaPQ8vWrfORWAZcl
 yx2nCjeljjbO65UdRTdr3TkUNbpFlJ2NEUrzzco8OgChNB9QoxLTSJHrZxeZ7dNn
 J/ZDAaBwRxXN/aKH0A3+pwUFrP5nGuronT6nGo1048WWrlQzdMp7qh8fPtTBvWJ4
 uqUrrYc7jY/EhfZ4k/aAUGkAdt4IZI1KyHjhqtmB9zf+hezphUJv66QYQGVTFts=
 =yUth
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Quite a few fixes for x86: nested virtualization save/restore, AMD
  nested virtualization and virtual APIC, 32-bit fixes, an important fix
  to restore operation on older processors, and a bunch of hyper-v
  bugfixes. Several are marked stable.

  There are also fixes for GCC warnings and for a GCC/objtool interaction"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86: Mark expected switch fall-throughs
  KVM: x86: fix TRACE_INCLUDE_PATH and remove -I. header search paths
  KVM: selftests: check returned evmcs version range
  x86/kvm/hyper-v: nested_enable_evmcs() sets vmcs_version incorrectly
  KVM: VMX: Move vmx_vcpu_run()'s VM-Enter asm blob to a helper function
  kvm: selftests: Fix region overlap check in kvm_util
  kvm: vmx: fix some -Wmissing-prototypes warnings
  KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1
  svm: Fix AVIC incomplete IPI emulation
  svm: Add warning message for AVIC IPI invalid target
  KVM: x86: WARN_ONCE if sending a PV IPI returns a fatal error
  KVM: x86: Fix PV IPIs for 32-bit KVM host
  x86/kvm/hyper-v: recommend using eVMCS only when it is enabled
  x86/kvm/hyper-v: don't recommend doing reset via synthetic MSR
  kvm: x86/vmx: Use kzalloc for cached_vmcs12
  KVM: VMX: Use the correct field var when clearing VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL
  KVM: x86: Fix single-step debugging
  x86/kvm/hyper-v: don't announce GUEST IDLE MSR support
2019-01-27 09:21:00 -08:00
Linus Torvalds
c180f1b04b Fix a xen-swiotlb regression on arm64
-----BEGIN PGP SIGNATURE-----
 
 iQI/BAABCgApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAlxNeJQLHGhjaEBsc3Qu
 ZGUACgkQD55TZVIEUYOkdQ//TcxUT2STxjnTnfgLqrR2EVTSI9v0gJSNHuMObl6t
 AdrwgBcRsnQU/GMgpS9NwucPM1WavM7WnIxuuLa2NmgDnqsnmy6SXYO8df59nzpS
 iKzB0+9OvZ6cvAYw/NGZRJUmIZIg7gyDrdIkXfj91O/0hKNuU3IcJvjecVsk2oL5
 00QlI1stJcid4gYyVJ1Vs7QW2MA36JPDFqA7UCC5+lyOqTPilIdJxjLXTMAyYO1F
 5rhN10i4sXimwi/GApyAv7xXj+JH+fNvzy1Mq+lbnY7rrEDeh5jXisBkr5UTVfEB
 ipXm5SHzWcfny0HrYY6Nhpdim8YCLEiQz4eYkFNo/SY2ioOFbFDYFM25n05mOeo0
 vd3KXalj9/qj6u9U6k7KoW1JFUAy7goYHEOowQi9z1VvsvqcLDCcEJn29ugskssG
 UxeqA/25PKHCVHuAB51did0odMlihjnfbnEy35w5RcVaT6FaZQSqLZTmSZfHjl2u
 ngzQFMowECaGpLqyI0IM1NhS52Qv61BnZfs9QC7pKznoBjlfSE+hPW1RC2mOfrnS
 Yv1hygJLQDaRo4ZTb2SeGLRHe8hCwW/BF6/OAuVKtmu7WYGMo2IrHC3M6yXfCxKm
 Nh9vOti+uJI8e7CUGPmi9M26btIT/G8snS43KdrlKwLhkiVkt3ADmVbxWbHGr6My
 5BQ=
 =UfrA
 -----END PGP SIGNATURE-----

Merge tag 'dma-mapping-5.0-2' of git://git.infradead.org/users/hch/dma-mapping

Pull dma-mapping fix from Christoph Hellwig:
 "Fix a xen-swiotlb regression on arm64"

* tag 'dma-mapping-5.0-2' of git://git.infradead.org/users/hch/dma-mapping:
  arm64/xen: fix xen-swiotlb cache flushing
2019-01-27 09:18:05 -08:00
Linus Torvalds
6a2651b55b libnvdimm v5.0-rc4
* Fix support for NVDIMMs that implement the ACPI standard label
   methods.
 * Fix error handling for security overwrite (memory leak / userspace
   hang condition), and another one-line security cleanup
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcTOoMAAoJEB7SkWpmfYgCVxAP/0YiOcsf6gtloMIfKLZr7Y0N
 R/8gH6ChWqv+aXQJ7UOA7MDkSSzL5y9SXRFy8a7lO7jb/V4OiNpqEejB4++J9AZO
 n55V1J6nGrPo6qk7r1nm7KL6s2PX38UKJE2lc73D/geyVhAunhfCkDRUVNVFSpbo
 zwNrWb25NxnB5wgBzvg1nsmMOVp0yPGe+D+4UeIZKzXN6bkupAk0cgBIl3JComDy
 aad/id0loClhD6Wu7OJFRutC/eMokRNveEQUSK6fZrRqgJeonkjRetehGGzfdOtO
 W/YqlvwRe3fpuCAmJQfdMZba+h9WDmpwL1KA5txWJmA2oy4IF28xyhRoOAzkcx2/
 WAYv/Zad47Lr39t2zcupvqMj9DgxObBDmTbpkuGsYnvKGp6qEFfO7EEmoan8JuMN
 QURgCIWTwdDTqinETHi6OXgZLwOTyDV0COQV+YD6Jop8gh0UZNayLQGn79P2FJDm
 rF304QfzKrPcnGRfbJf3WTeofOHcfHp0Q0E6oyHvzhgxWy3gIDJo30+J0oLgk7cR
 5WZnlg1k6ySrrOzqAvdm/xKMX4lQ/OlZ2uswFenPBPO7OKzQ3cBCY2WCfUuLH9Xx
 RlK7t5O2MBwx8VtUDCbN/+AIlDRbPjS+r6NiJcHXFgnrMI9EDJqIFLZI500b5hkj
 np5nqzdEs4Akd7YANvKj
 =E4Rz
 -----END PGP SIGNATURE-----

Merge tag 'libnvdimm-fixes-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm

Pull libnvdimm fixes from Dan Williams:
 "A fix for namespace label support for non-Intel NVDIMMs that implement
  the ACPI standard label method.

  This has apparently never worked and could wait for v5.1. However it
  has enough visibility with hardware vendors [1] and distro bug
  trackers [2], and low enough risk that I decided it should go in for
  -rc4. The other fixups target the new, for v5.0, nvdimm security
  functionality. The larger init path fixup closes a memory leak and a
  potential userspace lockup due to missed notifications.

    [1] https://github.com/pmem/ndctl/issues/78
    [2] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1811785

  These have all soaked in -next for a week with no reported issues.

  Summary:

   - Fix support for NVDIMMs that implement the ACPI standard label
     methods.

   - Fix error handling for security overwrite (memory leak / userspace
     hang condition), and another one-line security cleanup"

* tag 'libnvdimm-fixes-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  acpi/nfit: Fix command-supported detection
  acpi/nfit: Block function zero DSMs
  libnvdimm/security: Require nvdimm_security_setup_events() to succeed
  nfit_test: fix security state pull for nvdimm security nfit_test
2019-01-27 09:11:51 -08:00
Linus Torvalds
78e372e650 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input fixes from Dmitry Torokhov:
 "A fixup for the input_event fix for y2038 Sparc64, and couple other
  minor fixes"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: input_event - fix the CONFIG_SPARC64 mixup
  Input: olpc_apsp - assign priv->dev earlier
  Input: uinput - fix undefined behavior in uinput_validate_absinfo()
  Input: raspberrypi-ts - fix link error
  Input: xpad - add support for SteelSeries Stratus Duo
  Input: input_event - provide override for sparc64
2019-01-27 09:07:03 -08:00
Linus Torvalds
037222ad3f Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Count ttl-dropped frames properly in mac80211, from Bob Copeland.

 2) Integer overflow in ktime handling of bcm can code, from Oliver
    Hartkopp.

 3) Fix RX desc handling wrt. hw checksumming in ravb, from Simon
    Horman.

 4) Various hash key fixes in hv_netvsc, from Haiyang Zhang.

 5) Use after free in ax25, from Eric Dumazet.

 6) Several fixes to the SSN support in SCTP, from Xin Long.

 7) Do not process frames after a NAPI reschedule in ibmveth, from
    Thomas Falcon.

 8) Fix NLA_POLICY_NESTED arguments, from Johannes Berg.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (42 commits)
  qed: Revert error handling changes.
  cfg80211: extend range deviation for DMG
  cfg80211: reg: remove warn_on for a normal case
  mac80211: Add attribute aligned(2) to struct 'action'
  mac80211: don't initiate TDLS connection if station is not associated to AP
  nl80211: fix NLA_POLICY_NESTED() arguments
  ibmveth: Do not process frames after calling napi_reschedule
  net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP
  net: usb: asix: ax88772_bind return error when hw_reset fail
  MAINTAINERS: Update cavium networking drivers
  net/mlx4_core: Fix error handling when initializing CQ bufs in the driver
  net/mlx4_core: Add masking for a few queries on HCA caps
  sctp: set flow sport from saddr only when it's 0
  sctp: set chunk transport correctly when it's a new asoc
  sctp: improve the events for sctp stream adding
  sctp: improve the events for sctp stream reset
  ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel
  ax25: fix possible use-after-free
  sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
  hv_netvsc: fix typos in code comments
  ...
2019-01-27 08:59:12 -08:00
Christoph Hellwig
4ea899ead2 iomap: fix a use after free in iomap_dio_rw
Introduce a local wait_for_completion variable to avoid an access to the
potentially freed dio struture after dropping the last reference count.

Also use the chance to document the completion behavior to make the
refcounting clear to the reader of the code.

Fixes: ff6a9292e6 ("iomap: implement direct I/O")
Reported-by: Chandan Rajendra <chandan@linux.ibm.com>
Reported-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Tested-by: Chandan Rajendra <chandan@linux.ibm.com>
Tested-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2019-01-27 08:47:42 -08:00
Piotr Jaroszynski
8e47a45732 iomap: get/put the page in iomap_page_create/release()
migrate_page_move_mapping() expects pages with private data set to have
a page_count elevated by 1.  This is what used to happen for xfs through
the buffer_heads code before the switch to iomap in commit 82cb14175e
("xfs: add support for sub-pagesize writeback without buffer_heads").
Not having the count elevated causes move_pages() to fail on memory
mapped files coming from xfs.

Make iomap compatible with the migrate_page_move_mapping() assumption by
elevating the page count as part of iomap_page_create() and lowering it
in iomap_page_release().

It causes the move_pages() syscall to misbehave on memory mapped files
from xfs.  It does not not move any pages, which I suppose is "just" a
perf issue, but it also ends up returning a positive number which is out
of spec for the syscall.  Talking to Michal Hocko, it sounds like
returning positive numbers might be a necessary update to move_pages()
anyway though.

Fixes: 82cb14175e ("xfs: add support for sub-pagesize writeback without buffer_heads")
Signed-off-by: Piotr Jaroszynski <pjaroszynski@nvidia.com>
[hch: actually get/put the page iomap_migrate_page() to make it work
      properly]
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2019-01-27 08:46:45 -08:00
Jens Axboe
947b7ac135 Revert "block: cover another queue enter recursion via BIO_QUEUE_ENTERED"
We can't touch a bio after ->make_request_fn(), for all we know it could
already have been completed by the time this function returns.

This reverts commit 698cef1739.

Reported-by: syzbot+4df6ca820108fd248943@syzkaller.appspotmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-01-27 06:35:28 -07:00
Linus Torvalds
7c2614bf7a a set of small smb3 fixes, some fixing various crediting issues discovered during xfstest runs, five for stable
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAlxLV8IACgkQiiy9cAdy
 T1HRIgv/fieDI6HBXAoK9mXzVLJXCZ1IxVZTygC3Xn/bCaxHerS+QSe88w0r1QTZ
 KLCoT7pBBy06uTowX4/cAF0IYTStsYWngBsH3+HL4EEchkZAVe02wAJ8QOCXs9YU
 UjoMvNLmcyrzwNt8EduNM2jUUpOL8EHiZOQKUvLt1Vdo3xBtyB3Nkttji92YLOQb
 Cxs0RJdKNaalMphOQwAtbdbZwlL79KGSA0gMm9W2VD744YKMjQ3uGXaTuoe6+w19
 voYKVTSelgyZg51yzF20x1Pl3OV/8L6tWgN1BIcKZbfGBshJhhcD93Pef7bmhxNS
 Y2yF3SPr/zcdgEkwigVlNs1uBCBBeU04/yQr+YvJwNcjsRTcTKOMuquxq4gXM1P8
 7f8gA1u0n1H70YKK29sd3sl7Iu8rHVacwlxjfoAcCjMe0VQvOJtR+V/zwP2uWr8T
 IjX05unBe/B1v+NXqNdkOpE6ZaiJtt2ny5NDZhfeubOouBLsey7/g/gSx48ICrq+
 U20kKsb6
 =CCH2
 -----END PGP SIGNATURE-----

Merge tag '5.0-rc3-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb3 fixes from Steve French:
 "A set of small smb3 fixes, some fixing various crediting issues
  discovered during xfstest runs, five for stable"

* tag '5.0-rc3-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData
  smb3: add credits we receive from oplock/break PDUs
  CIFS: Fix mounts if the client is low on credits
  CIFS: Do not assume one credit for async responses
  CIFS: Fix credit calculations in compound mid callback
  CIFS: Fix credit calculation for encrypted reads with errors
  CIFS: Fix credits calculations for reads with errors
  CIFS: Do not reconnect TCP session in add_credits()
  smb3: Cleanup license mess
  CIFS: Fix possible hang during async MTU reads and writes
  cifs: fix memory leak of an allocated cifs_ntsd structure
2019-01-26 15:38:22 -08:00
Linus Torvalds
2580acb2a1 VFIO fixes for v5.0-rc4
- Cleanup licenses in new files (Thomas Gleixner)
 
  - Cleanup new compiler warnings (Alexey Kardashevskiy)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJcS2z3AAoJECObm247sIsiN2wQAJCnxohEh2HAbu9C6aIZ4jVW
 hn+XkO1GkTyk8n/8k1BuiV62JRuNk7bEZ8U+eYNUHJT/dVZSicfu4yRf8rQJVewl
 CGpAPUOB4TpfWJi2e9dx6CKnkj9ctq2opTY1+a/ZPospHQ0S/MG3aSPnkUi4wFwh
 wvgVKyIRx5tDqkUEf6DMZalM/9P4xFKVhZT/SCbvbyL63HaMZhxR5Geizi4YoYuh
 b1wVBJ1I5kkivDNXyoeg4zxPipVNpxbfYrMse2WR6U5xEcU5N5mS/8fPE/Kpqi73
 oGPc3uAx1I2vCyybSVdnCmJ8KZCFRILWTBQSj9/YlS6jU3djCfI5slZp/DPKxc/A
 G49tIgnTWa8e/+zS8ogAeMle6Tb6fccaDDyb+LoL8NxInZiGXqyaU7z+biGaojS+
 Me/hzWaVJ4Cyy9lQEX9xGVBrcGqsd0e2XT5dEQaQ4MkaLOv9wGIYB1ZbA5X4tfrS
 GkC2qwKHPKJnz11BqJ52BT4RfbrzpNx+YesTMV3wZgPyf+yYkySDghfUdPxnL6bv
 rM056Tr0g4k7bPlvh/Ve1lthNLeOvBwR3OX+JOfDAwwBI4RPjS8iChnR1R3ydkFY
 ULLHl2nbCwZx8S6jhiYOc95qJveQFrWbySH/kRYedenn6mAbsmbhQcFN4v+gT/vj
 XBC6nvC1g9YkLw6oo0h5
 =3dYP
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v5.0-rc4' of git://github.com/awilliam/linux-vfio

Pull VFIO fixes from Alex Williamson:

 - cleanup licenses in new files (Thomas Gleixner)

 - cleanup new compiler warnings (Alexey Kardashevskiy)

* tag 'vfio-v5.0-rc4' of git://github.com/awilliam/linux-vfio:
  vfio-pci/nvlink2: Fix ancient gcc warnings
  vfio/pci: Cleanup license mess
2019-01-26 15:27:04 -08:00
Linus Torvalds
7930851ef1 SCSI fixes on 20190125
Six fixes, all of which appear to have user visible consequences.  The
 DMA one is a regression fix from the merge window and of the others,
 four are driver specific and one specific to the target code.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXEt6GSYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishbxoAP0R0z0J
 fdCRn9AMRbZ3xJzD+E6V2gw38Gdgm8rR5mT1gQEAv1VxZwOAb9Qxbcr+l4uybqZr
 Q55H31I/IvBgNm84jH0=
 =vkW7
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Six fixes, all of which appear to have user visible consequences.

  The DMA one is a regression fix from the merge window and of the
  others, four are driver specific and one specific to the target code"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: ufs: Use explicit access size in ufshcd_dump_regs
  scsi: tcmu: fix use after free
  scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
  scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport
  scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport
  scsi: communicate max segment size to the DMA mapping code
2019-01-26 15:03:43 -08:00
Linus Torvalds
6b8f915916 for-linus-20190125
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAlxLdgsQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpoVGD/4sGYQqfiXogQIJYbPH2RRPrJuLIIITjiAv
 lPXX1wx/tvz/ktwKJE2OiWTES0JjdH1HlC+7/0L/fLb8DXiKBmFuUHlwhureoL9Y
 o//BIQKuaje35kyHITTy2UAJOOqnNtJTaAP2AfkL+eOcj/V/G5rJIfLGs9QtuAR7
 sRJ+uhg1EbW/+uO0bULDmG6WUjxFu8mqcw3i6g0VVLVOnXB2EKcZTl3KPrdAXrUp
 XtmouERga6OfAUSJyZmTSV136mL+opRB2WFFVeIzjQfLmyItDGbSX/YPS8oJ2pow
 v7630F+CMrd4aKpqqtnAhfWpGqd0Xw7cYfZ9MKTJmZPmGzf9a1fQFpmgZosD4Dh3
 7MrhboU4TUt9PdXESA7CmE7LkTp99ghfj5/ysKrSV5h3HsH2RbLxJk91Rx3vmAWD
 u1xWRYL+GYLH6ZwOLvM1iqBrrLN3mUyrx98SaMgoXuqNzmQmgz9LPeA0Gt09FJbo
 uj+ebg4dRwuThjni4xQhl3zL2RQy7nlTDFDdKOz/XoiYk2NUVksss+sxGjNarHj0
 b5pCD4HOp57OreGExaOARpBRah5HSNdQtBRsIOnbyEq6f/e1LsIY23Z9nNF0deGO
 sZzgsbnsn+zg8bC6T/Gk4UY6XdCcgaS3SL04SVKAE3lO6A4C/Awo8DgD9Bl1zpC1
 HQlNkl5fBg==
 =iucY
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20190125' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:
 "A collection of fixes for this release. This contains:

   - Silence sparse rightfully complaining about non-static wbt
     functions (Bart)

   - Fixes for the zoned comments/ioctl documentation (Damien)

   - direct-io fix that's been lingering for a while (Ernesto)

   - cgroup writeback fix (Tejun)

   - Set of NVMe patches for nvme-rdma/tcp (Sagi, Hannes, Raju)

   - Block recursion tracking fix (Ming)

   - Fix debugfs command flag naming for a few flags (Jianchao)"

* tag 'for-linus-20190125' of git://git.kernel.dk/linux-block:
  block: Fix comment typo
  uapi: fix ioctl documentation
  blk-wbt: Declare local functions static
  blk-mq: fix the cmd_flag_name array
  nvme-multipath: drop optimization for static ANA group IDs
  nvmet-rdma: fix null dereference under heavy load
  nvme-rdma: rework queue maps handling
  nvme-tcp: fix timeout handler
  nvme-rdma: fix timeout handler
  writeback: synchronize sync(2) against cgroup writeback membership switches
  block: cover another queue enter recursion via BIO_QUEUE_ENTERED
  direct-io: allow direct writes to empty inodes
2019-01-26 12:42:41 -08:00
Jisheng Zhang
f36c1f9a8d i3c: master: dw: fix deadlock
In dw_i3c_master_irq_handler(), we already have gotten
&master->xferqueue.lock, if we try to get the same lock again in
dw_i3c_master_dequeue_xfer(), deadlock happens.

We fix this issue by introduing dw_i3c_master_dequeue_xfer_locked()
which does all what dw_i3c_master_dequeue_xfer() does without trying
to lock &master->xferqueue.lock.

Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Acked-by: Vitor Soares <vitor.soares@synopsys.com>
Signed-off-by: Boris Brezillon <bbrezillon@kernel.org>
2019-01-26 11:14:25 +01:00
Corentin Labbe
687cffd345 xtensa: rename BUILTIN_DTB to BUILTIN_DTB_SOURCE
When building some xtensa config, I hit the following warning:
  drivers/staging/mt7621-dts/Kconfig:4:warning: 'BUILTIN_DTB' has wrong type.
  'select' only accept arguments of bool and tristate type

It is due to some arch use BUILTIN_DTB as a flag for the need to builtin
dtb but xtensa use it as a string for which dtb to bulltin.
But for this (which dtb to build), it is better to use
BUILTIN_DTB_SOURCE like other arch do.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-26 02:02:16 -08:00
Corentin Labbe
ad33cc8052 xtensa: Fix typo use space=>user space
This patch fix a simple typo.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-26 02:02:15 -08:00
Max Filippov
eb271710ec drivers/irqchip: xtensa-mx: fix mask and unmask
xtensa_irq_mask and xtensa_irq_unmask don't do the right thing when
called for the first two external IRQs. Treat these IRQs as per-CPU
IRQs.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-26 02:02:15 -08:00
Max Filippov
bb6652363b drivers/irqchip: xtensa: add warning to irq_retrigger
XEA2 and MX PIC can only retrigger software interrupts. Issue a warning
if an interrupt of any other type is retriggered.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-26 02:02:14 -08:00
Max Filippov
8b1c42cdd7 xtensa: SMP: mark each possible CPU as present
Otherwise it is impossible to enable CPUs after booting with 'maxcpus'
parameter.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-26 02:02:14 -08:00
Max Filippov
306b38305c xtensa: smp_lx200_defconfig: fix vectors clash
Secondary CPU reset vector overlaps part of the double exception handler
code, resulting in weird crashes and hangups when running user code.
Move exception vectors one page up so that they don't clash with the
secondary CPU reset vector.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-26 02:02:13 -08:00
Max Filippov
32a7726c4f xtensa: SMP: fix secondary CPU initialization
- add missing memory barriers to the secondary CPU synchronization spin
  loops; add comment to the matching memory barrier in the boot_secondary
  and __cpu_die functions;
- use READ_ONCE/WRITE_ONCE to access cpu_start_id/cpu_start_ccount
  instead of reading/writing them directly;
- re-initialize cpu_running every time before starting secondary CPU to
  flush possible previous CPU startup results.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-01-26 02:02:13 -08:00
Ingo Molnar
b844ff366f perf/core improvements and fixes:
BPF:
 
   Song Liu:
 
   - Fix synthesized PERF_RECORD_KSYMBOL/BPF_EVENT
 
   Arnaldo Carvalho de Melo:
 
   - Add bpf_map() helper, to make BPF map declararions more compact and
     allow for BTF annotations to be made transparently.
 
 perf script python:
 
   Tony Jones:
 
   - Remove explicit shebangs.
 
   - Fix the PYTHON=python3 builds.
 
 Core:
 
   Davidlohr Bueso:
 
   - Update rbtree implementation, getting it closer to the kernel one.
 
   - Use cached rbtrees.
 
   Arnaldo Carvalho de Melo:
 
   - Remove some needless headers from .c and .h files fixing up the fallout,
     to reduce building time when changes are made to .h files
 
 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCXEuYhwAKCRCyPKLppCJ+
 J6PcAP0TCNtSV0UF/tuaocj6dEGoaYgLNZCyLWbn0oUEC50jXwEAglHH1oiwR6vV
 hTdMS0EIXr0hBh66C3LKtPmScSsJtAY=
 =VSg9
 -----END PGP SIGNATURE-----

Merge tag 'perf-core-for-mingo-5.0-20190126' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/core

Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo:

BPF:

  Song Liu:

  - Fix synthesized PERF_RECORD_KSYMBOL/BPF_EVENT

  Arnaldo Carvalho de Melo:

  - Add bpf_map() helper, to make BPF map declararions more compact and
    allow for BTF annotations to be made transparently.

perf script python:

  Tony Jones:

  - Remove explicit shebangs.

  - Fix the PYTHON=python3 builds.

Core:

  Davidlohr Bueso:

  - Update rbtree implementation, getting it closer to the kernel one.

  - Use cached rbtrees.

  Arnaldo Carvalho de Melo:

  - Remove some needless headers from .c and .h files fixing up the fallout,
    to reduce building time when changes are made to .h files

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2019-01-26 10:50:29 +01:00
David S. Miller
abfd04f738 qed: Revert error handling changes.
This is new code and not bug fixes.

This reverts all changes added by merge commit
8fb18be93e

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-25 15:32:28 -08:00
Linus Torvalds
ba60697593 MMC host:
- sdhci-acpi: Fixup build dependency for PCI
  - sdhci-omap: Resolve Kconfig warnings on keystone
  - sdhci-iproc: Propagate errors from DT parsing
  - meson-gx: Fixup IRQ handling in release callback
  - meson-gx: Use signal re-sampling to fixup tuning
  - dw_mmc-bluefield: Fix the license information
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAlxLErEXHHVsZi5oYW5z
 c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjClVKQ//QubCzRscykWiSa0Lhbc/KnBx
 6gP5OkWSFEVKK1MwbeWKszebIeZaA1VbBbrWHZy0rW7BiP3xbl5TJXjLwfOqqaSa
 ogS2bCwIxGbUy2YpvgcY6NzwXutuaXpCaEewlaeBMK8yALY12R9kX+mpV4msOs4Z
 20KOfSbAprRAjRjv7zV+BNk7Qm/KY5MG8oRzepGBfUGCcQQglZH35Jfhd4ZYCWKo
 lPrFmZC+3ETdAaHTIguulO9iM7c3xs/Ggs4S80X59zvMjCCnRNOU6w+1LSKytwcH
 AV/78BY1M9YPbRkd2pDxkSmT5zZTJYC1L/enuGqZAtJr5oP6uiuyboRpdXoWWCrv
 ydh2msTLeCv+exYcV8bGqmaVdFdQlVMIY6IzRq/NqtdcMUfpxerk9DFjtcd/tpBk
 WS1UCEJzkj7UG15QLE9NLFeqUwdX6yphWtuT87b0V+Fj3n2LWbXkp4848+SA4CFl
 PEbFUl2eTx96hGQdfphQkMdQmv7A5sSazHBCTqsSUCVnXHyCk5P5En/zrRod6FQe
 qj0T2aCMxBEE6gzsiZZruURsKEJG2LR6JX39ahewvb25XPHC81WVAUD/bEyeMxG+
 i213c3BE2OoCNvaewWWbYph7PKEJETu0Vl0dMg50deR1L4abzFW1K8hktpR5Mxek
 cYLLC16wEJRGlhOZvLQ=
 =aPVD
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

Pull MMC fixes from Ulf Hansson:

 - sdhci-acpi: Fixup build dependency for PCI

 - sdhci-omap: Resolve Kconfig warnings on keystone

 - sdhci-iproc: Propagate errors from DT parsing

 - meson-gx: Fixup IRQ handling in release callback

 - meson-gx: Use signal re-sampling to fixup tuning

 - dw_mmc-bluefield: Fix the license information

* tag 'mmc-v5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: dw_mmc-bluefield: : Fix the license information
  mmc: meson-gx: enable signal re-sampling together with tuning
  mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
  mmc: meson-gx: Free irq in release() callback
  mmc: host: Fix Kconfig warnings on keystone_defconfig
  mmc: sdhci-acpi: Make PCI dependency explicit
2019-01-25 13:07:03 -10:00
Linus Torvalds
d488bd21a4 Char/Misc driver fixes for 5.0-rc4
Here are some small char and misc driver fixes to resolve some reported
 issues, as well as a number of binderfs fixups that were found after
 auditing the filesystem code by Al Viro.  As binderfs hasn't been in a
 previous release yet, it's good to get these in now before the first
 users show up.
 
 All of these have been in linux-next for a bit with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXEr/Iw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymLqACgsYcCs0r/RMqXfvMqJ7beUGq02ioAoNPD0hQh
 Z76nfI+21TiuXx24JCfZ
 =Fo1U
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char/misc driver fixes from Greg KH:
 "Here are some small char and misc driver fixes to resolve some
  reported issues, as well as a number of binderfs fixups that were
  found after auditing the filesystem code by Al Viro. As binderfs
  hasn't been in a previous release yet, it's good to get these in now
  before the first users show up.

  All of these have been in linux-next for a bit with no reported
  issues"

* tag 'char-misc-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (26 commits)
  i3c: master: Fix an error checking typo in 'cdns_i3c_master_probe()'
  binderfs: switch from d_add() to d_instantiate()
  binderfs: drop lock in binderfs_binder_ctl_create
  binderfs: kill_litter_super() before cleanup
  binderfs: rework binderfs_binder_device_create()
  binderfs: rework binderfs_fill_super()
  binderfs: prevent renaming the control dentry
  binderfs: remove outdated comment
  binderfs: use __u32 for device numbers
  binderfs: use correct include guards in header
  misc: pvpanic: fix warning implicit declaration
  char/mwave: fix potential Spectre v1 vulnerability
  misc: ibmvsm: Fix potential NULL pointer dereference
  binderfs: fix error return code in binderfs_fill_super()
  mei: me: add denverton innovation engine device IDs
  mei: me: mark LBG devices as having dma support
  mei: dma: silent the reject message
  binderfs: handle !CONFIG_IPC_NS builds
  binderfs: reserve devices for initial mount
  binderfs: rename header to binderfs.h
  ...
2019-01-25 13:03:34 -10:00
Linus Torvalds
96f18cb89f Staging driver fixes for 5.0-rc4
Here are some small staging driver fixes for 5.0-rc4.
 
 They resolve some reported bugs and add a new device id for one driver.
 Nothing major at all, but all good to have.
 
 All of these have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXEr+Xw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymMhQCgvyEifc3BlhEp6AJtznXTqgIrBXUAn363S3zJ
 k0o8Rr4iONcRwyIbWMn5
 =mO7R
 -----END PGP SIGNATURE-----

Merge tag 'staging-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging driver fixes from Greg KH:
 "Here are some small staging driver fixes for 5.0-rc4.

  They resolve some reported bugs and add a new device id for one
  driver. Nothing major at all, but all good to have.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'staging-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: android: ion: Support cpu access during dma_buf_detach
  staging: rtl8723bs: Fix build error with Clang when inlining is disabled
  staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
  staging: vchiq: Fix local event signalling
  Staging: wilc1000: unlock on error in init_chip()
  staging: wilc1000: fix memory leak in wilc_add_rx_gtk
  staging: wilc1000: fix registration frame size
2019-01-25 13:02:12 -10:00
Linus Torvalds
473721f9c6 TTY/Serial driver fixes for 5.0-rc4
Here are a number of small tty core and serial driver fixes for 5.0-rc4
 to resolve some reported issues.
 
 Nothing major, the small serial driver fixes, a tty core fixup for a
 crash that was reported, and some good vt fixes from Nicolas Pitre as he
 seems to be auditing that chunk of code a lot lately.
 
 All of these have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXEr9zw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ylgaQCcCpv3UHszx+ZemlyPUB3ZGEa1l48AoLd3VB46
 cRO5Cf78Dr/FO73bWjLR
 =zjYg
 -----END PGP SIGNATURE-----

Merge tag 'tty-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull tty/serial driver fixes from Greg KH:
 "Here are a number of small tty core and serial driver fixes for
  5.0-rc4 to resolve some reported issues.

  Nothing major, the small serial driver fixes, a tty core fixup for a
  crash that was reported, and some good vt fixes from Nicolas Pitre as
  he seems to be auditing that chunk of code a lot lately.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'tty-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
  tty: serial: qcom_geni_serial: Allow mctrl when flow control is disabled
  tty: Handle problem if line discipline does not have receive_buf
  vgacon: unconfuse vc_origin when using soft scrollback
  vt: invoke notifier on screen size change
  vt: always call notifier with the console lock held
  vt: make vt_console_print() compatible with the unicode screen buffer
  tty/n_hdlc: fix __might_sleep warning
  serial: 8250: Fix serial8250 initialization crash
  uart: Fix crash in uart_write and uart_put_char
2019-01-25 12:58:40 -10:00
Linus Torvalds
b48cef32b6 USB/PHY fixes for 5.0-rc4
Here are a number of small USB and PHY driver fixes for 5.0-rc4.
 
 Nothing major at all, just the usual selection of USB gadget bugfixes,
 some new USB serial driver ids, some SPDX fixes, and some PHY driver
 fixes for reported issues.
 
 All of these have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXEr9Iw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yltXACg1ycTrlsIDEtj0fQb0KpgmovzYMEAn02nv62w
 +6bHM1m+RZvKw5DnOrKb
 =g6YM
 -----END PGP SIGNATURE-----

Merge tag 'usb-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB/PHY fixes from Greg KH:
 "Here are a number of small USB and PHY driver fixes for 5.0-rc4.

  Nothing major at all, just the usual selection of USB gadget bugfixes,
  some new USB serial driver ids, some SPDX fixes, and some PHY driver
  fixes for reported issues.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'usb-5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  USB: serial: keyspan_usa: add proper SPDX lines for .h files
  USB: EHCI: ehci-mv: add MODULE_DEVICE_TABLE
  USB: leds: fix regression in usbport led trigger
  usb: chipidea: fix static checker warning for NULL pointer
  MAINTAINERS: email address update in MAINTAINERS entries
  USB: usbip: delete README file
  USB: serial: pl2303: add new PID to support PL2303TB
  usb: dwc2: gadget: Fix Remote Wakeup interrupt bit clearing
  phy: ath79-usb: Fix the main reset name to match the DT binding
  phy: ath79-usb: Fix the power on error path
  phy: fix build breakage: add PHY_MODE_SATA
  phy: ti: ensure priv is not null before dereferencing it
  USB: serial: ftdi_sio: fix GPIO not working in autosuspend
  usb: gadget: Potential NULL dereference on allocation error
  usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
  usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup
  usb: dwc3: gadget: synchronize_irq dwc irq in suspend
  USB: serial: simple: add Motorola Tetra TPG2200 device id
2019-01-25 12:57:09 -10:00
Kees Cook
ed5f13261c selftests/seccomp: Enhance per-arch ptrace syscall skip tests
Passing EPERM during syscall skipping was confusing since the test wasn't
actually exercising the errno evaluation -- it was just passing a literal
"1" (EPERM). Instead, expand the tests to check both direct value returns
(positive, 45000 in this case), and errno values (negative, -ESRCH in this
case) to check both fake success and fake failure during syscall skipping.

Reported-by: Colin Ian King <colin.king@canonical.com>
Fixes: a33b2d0359 ("selftests/seccomp: Add tests for basic ptrace actions")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuah@kernel.org>
2019-01-25 15:13:35 -07:00
Sean Young
7e35a5940f selftests: Use lirc.h from kernel tree, not from system
When the system lirc.h is older than v4.16, you will get errors like:

ir_loopback.c:32:16: error: field ‘proto’ has incomplete type
  enum rc_proto proto;

Cc: Shuah Khan <shuah@kernel.org>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Shuah Khan <shuah@kernel.org>
2019-01-25 14:58:46 -07:00
Colin Ian King
2b531b6137 selftests: cpu-hotplug: fix case where CPUs offline > CPUs present
The cpu-hotplug test assumes that we can offline the maximum CPU as
described by /sys/devices/system/cpu/offline.  However, in the case
where the number of CPUs exceeds like kernel configuration then
the offline count can be greater than the present count and we end
up trying to test the offlining of a CPU that is not available to
offline.  Fix this by testing the maximum present CPU instead.

Also, the test currently offlines the CPU and does not online it,
so fix this by onlining the CPU after the test.

Fixes: d89dffa976 ("fault-injection: add selftests for cpu and memory hotplug")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Shuah Khan <shuah@kernel.org>
2019-01-25 14:57:45 -07:00
Or Gerlitz
6ce966fd26 net/mlx5e: Unblock setting vid 0 for VFs through the uplink rep
It turns out that libvirt uses 0-vid as a default if no vlan was
set for the guest (which is the case for switchdev mode) and errs
if we disallow that:

error: Failed to start domain vm75
error: Cannot set interface MAC/vlanid to 6a:66:2d:48:92:c2/0 \
		for ifname enp59s0f0 vf 0: Operation not supported

So allow this in order not to break existing systems.

Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reported-by: Maor Dickman <maord@mellanox.com>
Reviewed-by: Gavi Teitz <gavi@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2019-01-25 12:00:29 -08:00
Or Gerlitz
c12ecc2305 net/mlx5e: Move to use common phys port names for vport representors
With VF LAG commit 491c37e49b "net/mlx5e: In case of LAG, one switch
parent id is used for all representors", both uplinks and all the VFs
(on both of them) get the same switchdev id.

This cause the provisioning system method to identify the rep of a given
VF from the parent PF PCI device using switchev id and physical port
name to break, since VFm of PF0 will have the (id, name) as VFm of PF1.

To fix that, we align to use the framework agreed upstream and set by
nfp commit 168c478e10 "nfp: wire get_phys_port_name on representors":

$ cat /sys/class/net/eth4_*/phys_port_name
p0
pf0vf0
pf0vf1

Now, the names will be different, e.g. pf0vf0 vs. pf1vf0.

Fixes: 491c37e49b ("net/mlx5e: In case of LAG, one switch parent id is used for all representors")
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reported-by: Waleed Musa <waleedm@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2019-01-25 12:00:29 -08:00
Aya Levin
9d2cbdc5d3 net/mlx5e: Allow MAC invalidation while spoofchk is ON
Prior to this patch the driver prohibited spoof checking on invalid MAC.
Now the user can set this configuration if it wishes to.

This is required since libvirt might invalidate the VF Mac by setting it
to zero, while spoofcheck is ON.

Fixes: 1ab2068a4c ("net/mlx5: Implement vports admin state backup/restore")
Signed-off-by: Aya Levin <ayal@mellanox.com>
Reviewed-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2019-01-25 12:00:29 -08:00
Moni Shoua
33814e5d12 net/mlx5: Take lock with IRQs disabled to avoid deadlock
The lock in qp_table might be taken from process context or from
interrupt context. This may lead to a deadlock unless it is taken with
IRQs disabled.

Discovered by lockdep

================================
WARNING: inconsistent lock state
4.20.0-rc6
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W}

python/12572 [HC1[1]:SC0[0]:HE0:SE1] takes:
00000000052a4df4 (&(&table->lock)->rlock#2){?.+.}, /0x50 [mlx5_core]
{HARDIRQ-ON-W} state was registered at:
  _raw_spin_lock+0x33/0x70
  mlx5_get_rsc+0x1a/0x50 [mlx5_core]
  mlx5_ib_eqe_pf_action+0x493/0x1be0 [mlx5_ib]
  process_one_work+0x90c/0x1820
  worker_thread+0x87/0xbb0
  kthread+0x320/0x3e0
  ret_from_fork+0x24/0x30
irq event stamp: 103928
hardirqs last  enabled at (103927): [] nk+0x1a/0x1c
hardirqs last disabled at (103928): [] unk+0x1a/0x1c
softirqs last  enabled at (103924): [] tcp_sendmsg+0x31/0x40
softirqs last disabled at (103922): [] 80

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&(&table->lock)->rlock#2);

    lock(&(&table->lock)->rlock#2);

 *** DEADLOCK ***

Fixes: 032080ab43 ("IB/mlx5: Lock QP during page fault handling")
Signed-off-by: Moni Shoua <monis@mellanox.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2019-01-25 12:00:28 -08:00
Shay Agroskin
92b3277294 net/mlx5e: Fix wrong private flag usage causing checksum disable
MLX5E_PFLAG_* definitions were changed from bitmask to enumerated
values. However, in mlx5e_open_rq(), the proper API (MLX5E_GET_PFLAG macro)
was not used to read the flag value of MLX5E_PFLAG_RX_NO_CSUM_COMPLETE.
Fixed it.

Fixes: 8ff57c18e9 ("net/mlx5e: Improve ethtool private-flags code structure")
Signed-off-by: Shay Agroskin <shayag@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2019-01-25 12:00:28 -08:00
Bodong Wang
4e046de0f5 Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager"
This reverts commit 5f5991f36d.

With the original commit, eswitch instance will not be initialized for
a function which is vport group manager but not eswitch manager such as
host PF on SmartNIC (BlueField) card. This will result in a kernel crash
when such a vport group manager is trying to access vports in its group.
E.g, PF vport manager (not eswitch manager) tries to configure the MAC
of its VF vport, a kernel trace will happen similar as bellow:

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
 ...
 RIP: 0010:mlx5_eswitch_get_vport_config+0xc/0x180 [mlx5_core]
 ...

Fixes: 5f5991f36d ("net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager")
Signed-off-by: Bodong Wang <bodong@mellanox.com>
Reported-by: Yuval Avnery <yuvalav@mellanox.com>
Reviewed-by: Daniel Jurgens <danielj@mellanox.com>
Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2019-01-25 12:00:28 -08:00
Feras Daoud
6ab4aba00f IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start
The following BUG was reported by kasan:

 BUG: KASAN: use-after-free in ipoib_cm_tx_start+0x430/0x1390 [ib_ipoib]
 Read of size 80 at addr ffff88034c30bcd0 by task kworker/u16:1/24020

 Workqueue: ipoib_wq ipoib_cm_tx_start [ib_ipoib]
 Call Trace:
  dump_stack+0x9a/0xeb
  print_address_description+0xe3/0x2e0
  kasan_report+0x18a/0x2e0
  ? ipoib_cm_tx_start+0x430/0x1390 [ib_ipoib]
  memcpy+0x1f/0x50
  ipoib_cm_tx_start+0x430/0x1390 [ib_ipoib]
  ? kvm_clock_read+0x1f/0x30
  ? ipoib_cm_skb_reap+0x610/0x610 [ib_ipoib]
  ? __lock_is_held+0xc2/0x170
  ? process_one_work+0x880/0x1960
  ? process_one_work+0x912/0x1960
  process_one_work+0x912/0x1960
  ? wq_pool_ids_show+0x310/0x310
  ? lock_acquire+0x145/0x440
  worker_thread+0x87/0xbb0
  ? process_one_work+0x1960/0x1960
  kthread+0x314/0x3d0
  ? kthread_create_worker_on_cpu+0xc0/0xc0
  ret_from_fork+0x3a/0x50

 Allocated by task 0:
  kasan_kmalloc+0xa0/0xd0
  kmem_cache_alloc_trace+0x168/0x3e0
  path_rec_create+0xa2/0x1f0 [ib_ipoib]
  ipoib_start_xmit+0xa98/0x19e0 [ib_ipoib]
  dev_hard_start_xmit+0x159/0x8d0
  sch_direct_xmit+0x226/0xb40
  __dev_queue_xmit+0x1d63/0x2950
  neigh_update+0x889/0x1770
  arp_process+0xc47/0x21f0
  arp_rcv+0x462/0x760
  __netif_receive_skb_core+0x1546/0x2da0
  netif_receive_skb_internal+0xf2/0x590
  napi_gro_receive+0x28e/0x390
  ipoib_ib_handle_rx_wc_rss+0x873/0x1b60 [ib_ipoib]
  ipoib_rx_poll_rss+0x17d/0x320 [ib_ipoib]
  net_rx_action+0x427/0xe30
  __do_softirq+0x28e/0xc42

 Freed by task 26680:
  __kasan_slab_free+0x11d/0x160
  kfree+0xf5/0x360
  ipoib_flush_paths+0x532/0x9d0 [ib_ipoib]
  ipoib_set_mode_rss+0x1ad/0x560 [ib_ipoib]
  set_mode+0xc8/0x150 [ib_ipoib]
  kernfs_fop_write+0x279/0x440
  __vfs_write+0xd8/0x5c0
  vfs_write+0x15e/0x470
  ksys_write+0xb8/0x180
  do_syscall_64+0x9b/0x420
  entry_SYSCALL_64_after_hwframe+0x49/0xbe

 The buggy address belongs to the object at ffff88034c30bcc8
                which belongs to the cache kmalloc-512 of size 512
 The buggy address is located 8 bytes inside of
                512-byte region [ffff88034c30bcc8, ffff88034c30bec8)
 The buggy address belongs to the page:

The following race between change mode and xmit flow is the reason for
this use-after-free:

Change mode     Send packet 1 to GID XX      Send packet 2 to GID XX
     |                    |                             |
   start                  |                             |
     |                    |                             |
     |                    |                             |
     |         Create new path for GID XX               |
     |           and update neigh path                  |
     |                    |                             |
     |                    |                             |
     |                    |                             |
 flush_paths              |                             |
                          |                             |
               queue_work(cm.start_task)                |
                          |                 Path for GID XX not found
                          |                      create new path
                          |
                          |
               start_task runs with old
                    released path

There is no locking to protect the lifetime of the path through the
ipoib_cm_tx struct, so delete it entirely and always use the newly looked
up path under the priv->lock.

Fixes: 546481c281 ("IB/ipoib: Fix memory corruption in ipoib cm mode connect flow")
Signed-off-by: Feras Daoud <ferasda@mellanox.com>
Reviewed-by: Erez Shitrit <erezsh@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2019-01-25 12:17:54 -07:00
David S. Miller
517952756e Just a few small fixes:
* avoid trying to operate TDLS when not connection,
    this is not valid and led to issues
  * count TTL-dropped frames in mesh better
  * deal with new WiGig channels in regulatory code
  * remove a WARN_ON() that can trigger due to benign
    races during device/driver registration
  * fix nested netlink policy maxattrs (syzkaller)
  * fix hwsim n_limits (syzkaller)
  * propagate __aligned(2) to a surrounding struct
  * return proper error in virt_wifi error path
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEH1e1rEeCd0AIMq6MB8qZga/fl8QFAlxLDJoACgkQB8qZga/f
 l8SgpQ//W9ZulmDuuuR2qBijFP3JfAZQyruAX+D4Ddp/dGdJWcRLOXhz7U/IhvfM
 wuak6e7LQvJnlPDhbkwpJDyQXeva7OmN5j0JNcg4MjIszkPPATz8GctdQfcIAzKg
 pxhx6p8tpUUTQdDv87u4rNHrLoa+nyx8GKBqk7Ec0FeOt3LOtp8vOv+S7XNYJlHG
 J28DiU3bBWBusumfZ1hqwAcrx3NN3vHylc9WFcQjZPPJ/o9ygPxlpdbkle9XUaNu
 wFFDB9hQw4cSuLCR1/aZ4Ixf1ZFX5BG76iQAkwfiIDPgl0ViXq38Nebd4d8bM3l6
 dUEhIYVHpXzfz5EbpSGp5sNCqajXQ+KKmqq7QhOC8PKafCZ56FeqQWpQ4ZTOHMEs
 AGFxnXWp6TOc/MdJR/bB+JELVoOWkn9K146/5BkiIc8z4Ca7yz7fF23KIw3PVi4M
 Ucy6DknPwq60ytn6Mfaxc3XnQlmsJ4UbMNZ9EhL94c9tiWJt4Abm3Xk52on/AA9u
 1sXeia+85V2xMyd0P3GStSl3gxoHVikQ10/0BbHtbJTlTAkl3BP1ytZiVCOCOqFs
 o16A59U8V9Ilt9ZvgN9wOQ2ckPnFi8RjLZRZQwwrmVCaFIeQ0BtT6FErpml3H47x
 fODWB0DZ2HLbbalaRjKEP/DXr2vZu9UT33cJILjCvm5C4Kvae3Y=
 =uCO9
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-for-davem-2019-01-25' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
Just a few small fixes:
 * avoid trying to operate TDLS when not connection,
   this is not valid and led to issues
 * count TTL-dropped frames in mesh better
 * deal with new WiGig channels in regulatory code
 * remove a WARN_ON() that can trigger due to benign
   races during device/driver registration
 * fix nested netlink policy maxattrs (syzkaller)
 * fix hwsim n_limits (syzkaller)
 * propagate __aligned(2) to a surrounding struct
 * return proper error in virt_wifi error path
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-25 10:59:36 -08:00
Yishai Hadas
f8ade8e242 IB/uverbs: Fix ioctl query port to consider device disassociation
Methods cannot peak into the ufile, the only way to get a ucontext and
hence a device is via the ib_uverbs_get_ucontext() call or inspecing a
locked uobject.

Otherwise during/after disassociation the pointers may be null or free'd.

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000078
 PGD 800000005ece6067 P4D 800000005ece6067 PUD 5ece7067 PMD 0
 Oops: 0000 [#1] SMP PTI
 CPU: 0 PID: 10631 Comm: ibv_ud_pingpong Tainted: GW  OE     4.20.0-rc6+ #3
 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
 RIP: 0010:ib_uverbs_handler_UVERBS_METHOD_QUERY_PORT+0x53/0x191 [ib_uverbs]
 Code: 80 00 00 00 31 c0 48 8b 47 40 48 8d 5c 24 38 48 8d 6c 24
               08 48 89 df 48 8b 40 08 4c 8b a0 18 03 00 00 31 c0 f3 48 ab 48 89
               ef <49> 83 7c 24 78 00 b1 06 f3 48 ab 0f 84 89 00 00 00 45 31  c9 31 d2
 RSP: 0018:ffffb54802ccfb10 EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffffb54802ccfb48 RCX:0000000000000000
 RDX: fffffffffffffffa RSI: ffffb54802ccfcf8 RDI:ffffb54802ccfb18
 RBP: ffffb54802ccfb18 R08: ffffb54802ccfd18 R09:0000000000000000
 R10: 0000000000000000 R11: 00000000000000d0 R12:0000000000000000
 R13: ffffb54802ccfcb0 R14: ffffb54802ccfc48 R15:ffff9f736e0059a0
 FS:  00007f55a6bd7740(0000) GS:ffff9f737ba00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000078 CR3: 0000000064214000 CR4:00000000000006f0
 Call Trace:
  ib_uverbs_cmd_verbs.isra.5+0x94d/0xa60 [ib_uverbs]
  ? copy_port_attr_to_resp+0x120/0x120 [ib_uverbs]
  ? arch_tlb_finish_mmu+0x16/0xc0
  ? tlb_finish_mmu+0x1f/0x30
  ? unmap_region+0xd9/0x120
  ib_uverbs_ioctl+0xbc/0x120 [ib_uverbs]
  do_vfs_ioctl+0xa9/0x620
  ? __do_munmap+0x29f/0x3a0
  ksys_ioctl+0x60/0x90
  __x64_sys_ioctl+0x16/0x20
  do_syscall_64+0x5b/0x180
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
 RIP: 0033:0x7f55a62cb567

Fixes: 641d1207d2 ("IB/core: Move query port to ioctl")
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2019-01-25 11:58:06 -07:00
Mark Bloch
c1b03c25f5 RDMA/mlx5: Fix flow creation on representors
The intention of the flow_is_supported was to disable the entire tree and
methods that allow raw flow creation, but the grammar syntax has this
disable the entire UVERBS_FLOW object. Since the method requires a
MLX5_IB_OBJECT_FLOW_MATCHER there is no need to do anything, as it is
automatically disabled when matchers are disabled.

This restores the ability to create flow steering rules on representors
via regular verbs.

Fixes: a1462351b5 ("RDMA/mlx5: Fail early if user tries to create flows on IB representors")
Signed-off-by: Mark Bloch <markb@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2019-01-25 11:58:06 -07:00
Yishai Hadas
425784aa5b IB/uverbs: Fix OOPs upon device disassociation
The async_file might be freed before the disassociation has been ended,
causing qp shutdown to use after free on it.

Since uverbs_destroy_ufile_hw is not a fence, it returns if a
disassociation is ongoing in another thread. It has to be written this way
to avoid deadlock. However this means that the ufile FD close cannot
destroy anything that may still be used by an active kref, such as the the
async_file.

To fix that move the kref_put() to be in ib_uverbs_release_file().

 BUG: unable to handle kernel paging request at ffffffffba682787
 PGD bc80e067 P4D bc80e067 PUD bc80f063 PMD 1313df163 PTE 80000000bc682061
 Oops: 0003 [#1] SMP PTI
 CPU: 1 PID: 32410 Comm: bash Tainted: G           OE 4.20.0-rc6+ #3
 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
 RIP: 0010:__pv_queued_spin_lock_slowpath+0x1b3/0x2a0
 Code: 98 83 e2 60 49 89 df 48 8b 04 c5 80 18 72 ba 48 8d
		ba 80 32 02 00 ba 00 80 00 00 4c 8d 65 14 41 bd 01 00 00 00 48 01 c7 85
		d2 <48> 89 2f 48 89 fb 74 14 8b 45 08 85 c0 75 42 84 d2 74 6b f3 90 83
 RSP: 0018:ffffc1bbc064fb58 EFLAGS: 00010006
 RAX: ffffffffba65f4e7 RBX: ffff9f209c656c00 RCX: 0000000000000001
 RDX: 0000000000008000 RSI: 0000000000000000 RDI: ffffffffba682787
 RBP: ffff9f217bb23280 R08: 0000000000000001 R09: 0000000000000000
 R10: ffff9f209d2c7800 R11: ffffffffffffffe8 R12: ffff9f217bb23294
 R13: 0000000000000001 R14: 0000000000000000 R15: ffff9f209c656c00
 FS:  00007fac55aad740(0000) GS:ffff9f217bb00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: ffffffffba682787 CR3: 000000012f8e0000 CR4: 00000000000006e0
 Call Trace:
  _raw_spin_lock_irq+0x27/0x30
  ib_uverbs_release_uevent+0x1e/0xa0 [ib_uverbs]
  uverbs_free_qp+0x7e/0x90 [ib_uverbs]
  destroy_hw_idr_uobject+0x1c/0x50 [ib_uverbs]
  uverbs_destroy_uobject+0x2e/0x180 [ib_uverbs]
  __uverbs_cleanup_ufile+0x73/0x90 [ib_uverbs]
  uverbs_destroy_ufile_hw+0x5d/0x120 [ib_uverbs]
  ib_uverbs_remove_one+0xea/0x240 [ib_uverbs]
  ib_unregister_device+0xfb/0x200 [ib_core]
  mlx5_ib_remove+0x51/0xe0 [mlx5_ib]
  mlx5_remove_device+0xc1/0xd0 [mlx5_core]
  mlx5_unregister_device+0x3d/0xb0 [mlx5_core]
  remove_one+0x2a/0x90 [mlx5_core]
  pci_device_remove+0x3b/0xc0
  device_release_driver_internal+0x16d/0x240
  unbind_store+0xb2/0x100
  kernfs_fop_write+0x102/0x180
  __vfs_write+0x36/0x1a0
  ? __alloc_fd+0xa9/0x170
  ? set_close_on_exec+0x49/0x70
  vfs_write+0xad/0x1a0
  ksys_write+0x52/0xc0
  do_syscall_64+0x5b/0x180
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
 RIP: 0033:0x7fac551aac60

Cc: <stable@vger.kernel.org> # 4.2
Fixes: 036b106357 ("IB/uverbs: Enable device removal when there are active user space applications")
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2019-01-25 11:58:06 -07:00
Alexandre Ghiti
ae662eec8a
riscv: Adjust mmap base address at a third of task size
This ratio is the most used among all other architectures and make
icache_hygiene libhugetlbfs test pass: this test mmap lots of
hugepages whose addresses, without this patch, reach the end of
the process user address space.

Signed-off-by: Alexandre Ghiti <aghiti@upmem.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-01-25 10:50:53 -08:00