Commit Graph

768266 Commits

Author SHA1 Message Date
Steven Rostedt (VMware)
6f57ed681e sparc/time: Add missing __init to init_tick_ops()
Code that was added to force gcc not to inline any function that isn't
explicitly declared as inline uncovered that init_tick_ops() isn't
marked as "__init". It is only called by __init functions and more
importantly it too calls an __init function which would require it to be
__init as well.

Link: http://lkml.kernel.org/r/201806060444.hdHcKOBy%fengguang.wu@intel.com

Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-07-30 12:48:29 -07:00
Linus Torvalds
527838d470 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
 "Misc fixes:

   - a build race fix

   - a Xen entry fix

   - a TSC_DEADLINE quirk future-proofing fix"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/boot: Fix if_changed build flip/flop bug
  x86/entry/64: Remove %ebx handling from error_entry/exit
  x86/apic: Future-proof the TSC_DEADLINE quirk for SKX
2018-07-30 12:16:03 -07:00
Linus Torvalds
ae3e10aba5 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
 "Misc fixes:

   - a deadline scheduler related bug fix which triggered a kernel
     warning

   - an RT_RUNTIME_SHARE fix

   - a stop_machine preemption fix

   - a potential NULL dereference fix in sched_domain_debug_one()"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE
  sched/deadline: Update rq_clock of later_rq when pushing a task
  stop_machine: Disable preemption after queueing stopper threads
  sched/topology: Check variable group before dereferencing it
2018-07-30 12:13:56 -07:00
Linus Torvalds
0634922a78 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
 "Misc fixes:

   - AMD IBS data corruptor fix (uncovered by UBSAN)

   - an Intel PEBS entry unwind error fix

   - a HW-tracing crash fix

   - a MAINTAINERS update"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/core: Fix crash when using HW tracing kernel filters
  perf/x86/intel: Fix unwind errors from PEBS entries (mk-II)
  MAINTAINERS: Add Naveen N. Rao as kprobes co-maintainer
  perf/x86/amd/ibs: Don't access non-started event
2018-07-30 11:45:30 -07:00
Linus Torvalds
fb20c03d37 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull locking fixes from Ingo Molnar:
 "A paravirt UP-patching fix, and an I2C MUX driver lockdep warning fix"

* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  locking/pvqspinlock/x86: Use LOCK_PREFIX in __pv_queued_spin_unlock() assembly code
  i2c/mux, locking/core: Annotate the nested rt_mutex usage
  locking/rtmutex: Allow specifying a subclass for nested locking
2018-07-30 11:37:16 -07:00
Linus Torvalds
d464b0314c Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull EFI fix from Ingo Molnar:
 "An UEFI variables fix for SEV guests"

* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/efi: Access EFI MMIO data as unencrypted when SEV is active
2018-07-30 11:07:34 -07:00
Linus Torvalds
acb1872577 Linux 4.18-rc7 2018-07-29 14:44:52 -07:00
Linus Torvalds
3cfb6772d4 Some miscellaneous ext4 fixes for 4.18; one fix is for a regression
introduced in 4.18-rc4.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAlteF34ACgkQ8vlZVpUN
 gaMQugf+LjlbbncSEuPxZ+C3CnSGkEzjrg8IRylZA2uf04Z5Bax8K5gqvXLx7ZtF
 Qz3vzmrYpaUV8UiaMy0SGLCRWebwoxPEN7ZX3/W1PfeymP3wQ4DLw37059AzLfsq
 Vzh9w3N1At1plUee7iJ2MDBU830Q0a917jjnpZ+M0AtQx/BzP8QEISuzp4JWICqe
 NbJDVybMWoW2YOSpMPiihxSFqCDx5rMyAJ1vllboopZK+XAjpQ/visnLh3aT3o71
 7cTPl9gI2rbwYbJk8kM5fmXhWqSARHARV1bpZNOUnCAUU1E2Se7aETjggQ0QzJE/
 mIc7wCzFLrrY8+iakwdhb5Aw3qOPyg==
 =ZdXo
 -----END PGP SIGNATURE-----

Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 fixes from Ted Ts'o:
 "Some miscellaneous ext4 fixes for 4.18; one fix is for a regression
  introduced in 4.18-rc4.

  Sorry for the late-breaking pull. I was originally going to wait for
  the next merge window, but Eric Whitney found a regression introduced
  in 4.18-rc4, so I decided to push out the regression plus the other
  fixes now. (The other commits have been baking in linux-next since
  early July)"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: fix check to prevent initializing reserved inodes
  ext4: check for allocation block validity with block group locked
  ext4: fix inline data updates with checksums enabled
  ext4: clear mmp sequence number when remounting read-only
  ext4: fix false negatives *and* false positives in ext4_check_descriptors()
2018-07-29 13:13:45 -07:00
Linus Torvalds
01cfb7937a squashfs: be more careful about metadata corruption
Anatoly Trosinenko reports that a corrupted squashfs image can cause a
kernel oops.  It turns out that squashfs can end up being confused about
negative fragment lengths.

The regular squashfs_read_data() does check for negative lengths, but
squashfs_read_metadata() did not, and the fragment size code just
blindly trusted the on-disk value.  Fix both the fragment parsing and
the metadata reading code.

Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-29 12:44:46 -07:00
Theodore Ts'o
5012284700 ext4: fix check to prevent initializing reserved inodes
Commit 8844618d8a: "ext4: only look at the bg_flags field if it is
valid" will complain if block group zero does not have the
EXT4_BG_INODE_ZEROED flag set.  Unfortunately, this is not correct,
since a freshly created file system has this flag cleared.  It gets
almost immediately after the file system is mounted read-write --- but
the following somewhat unlikely sequence will end up triggering a
false positive report of a corrupted file system:

   mkfs.ext4 /dev/vdc
   mount -o ro /dev/vdc /vdc
   mount -o remount,rw /dev/vdc

Instead, when initializing the inode table for block group zero, test
to make sure that itable_unused count is not too large, since that is
the case that will result in some or all of the reserved inodes
getting cleared.

This fixes the failures reported by Eric Whiteney when running
generic/230 and generic/231 in the the nojournal test case.

Fixes: 8844618d8a ("ext4: only look at the bg_flags field if it is valid")
Reported-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2018-07-29 15:34:00 -04:00
Linus Torvalds
a26fb01c28 In reaction to the fixes to address CVE-2018-1108, some Linux
distributions that have certain systemd versions in some cases
 combined with patches to libcrypt for FIPS/FEDRAMP compliance, have
 led to boot-time stalls for some hardware.  The reaction by some
 distros and Linux sysadmins has been to install packages that try to
 do complicated things with the CPU and hope that leads to randomness.
 To mitigate this, if RDRAND is available, mix it into entropy provided
 by userspace.  It won't hurt. and it will probably help.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAltdBIcACgkQ8vlZVpUN
 gaMklgf+IuPF7Pn9skIUDtyBRGHL/retaHcfCkabpmsb+zPwS5u+IWS9VGplgMMs
 UsYWlUhZLqi2LA8uPNFAu4wl9kbkDiA1SSlALEGb/iGsUDf1ac9ooltX7jI7I3Ms
 YOTTTdL/gQ58DwBCyGpwTgGW05tN9hcLKb9RXwXau5MZ2oCaqvllQ3gmjbYteIRH
 lBN6bhvc5VGhbmcLleDXrPVjxtS9bMV6Z4F6+2b2Ka7nxExwT/WyAyAD6gsJ3xqj
 77c+YniAbg4LYEHoGUVqi+IsSIzmUVbhsqn5JVtoto9eJrasaWxVynWZVkYVZ2fy
 WwBRA9v042x7vyowGl5Vf7K0jviBjQ==
 =3Lu2
 -----END PGP SIGNATURE-----

Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random

Pull random fixes from Ted Ts'o:
 "In reaction to the fixes to address CVE-2018-1108, some Linux
  distributions that have certain systemd versions in some cases
  combined with patches to libcrypt for FIPS/FEDRAMP compliance, have
  led to boot-time stalls for some hardware.

  The reaction by some distros and Linux sysadmins has been to install
  packages that try to do complicated things with the CPU and hope that
  leads to randomness.

  To mitigate this, if RDRAND is available, mix it into entropy provided
  by userspace. It won't hurt, and it will probably help"

* tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
  random: mix rdrand with entropy sent in from userspace
2018-07-28 19:40:06 -07:00
Linus Torvalds
2ffb57dfa7 GPIO fixes for v4.18:
- OF flag fix for special regulator flags.
 - Fix up the Uniphier IRQ callback.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbXLz9AAoJEEEQszewGV1zVkQP+gNNAXmivj2Pd1faLHrInz68
 Dc5e45V4NAHUNFBo69H8I5oF3PesoftMEOBOtr+FAbxkvjxGLzQrILCSp8r2TOoj
 nAabeGv0DVyjgW6tLgjhYclNXcifvA4ICTDg7XdbfATthESoSVUbhvT35CGuUbOu
 +sGybPVDnZ6TVeNUToA1fGnSQpvsx5NgsDZ2nWbSIrtDTgx+2Nx7Ht7hDVn6hw8I
 uYP/CQkiF+oFvdlLVHzz9e1rZx5/E91Okvv+g//kK7pCFdkmhp7AbYCr8sHhVNeQ
 FcYLYoPPfyyxJWFAHWrjdTYCZelgEa+mRVV7gC0sIADYGpfTLhaXVr/ywPdtAakB
 IZXQ8Of9CtI+9k7cOBsrRdNclpfsH0YKXd4THyjJOGlJqeoTmu0H0cya933cz1De
 96PG+7lVlzSGcj2AxYjrQTIrg78vfRw3pcoc87x74J+YNzuYtYFdeYHKua/Rhax3
 WZOs+BeYZT12zsGmEky/CrdPppHs0j6wUrsIRa4k+a650G/hDoVo4+Lgv7J589NQ
 zEz7fnESXvaLPZsvDyehfIm+KgQ2tvMLahyes2F+SDg2mceNKiXFbpGP6pIeuu/V
 X5l2qBD7PyHGihKFOTZ8JC/RzJwSwEGPeDZiB9nuKd94NloUaMlXJjUwyfcU4VPf
 McTwzqK05zmaOcgH2XHO
 =ksOs
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v4.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO fixes from Linus Walleij:
 "Just a smallish OF fix and a driver fix:

   - OF flag fix for special regulator flags

   - fix up the Uniphier IRQ callback"

* tag 'gpio-v4.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: uniphier: set legitimate irq trigger type in .to_irq hook
  gpio: of: Handle fixed regulator flags properly
2018-07-28 15:43:14 -07:00
Linus Torvalds
7648c44680 One more fix for 4.18:
- Revert an errata workaround for the BCM5300X platform that was
     merged for v4.18-rc2 but has been found to cause hangs on at least
     systems using the BCM4718A1.
 -----BEGIN PGP SIGNATURE-----
 
 iIsEABYIADMWIQRgLjeFAZEXQzy86/s+p5+stXUA3QUCW1zA0hUccGF1bC5idXJ0
 b25AbWlwcy5jb20ACgkQPqefrLV1AN2QyAEAxicOismTbPgSI+2oiaOjJbF5KjXi
 cPNCtDkjwkUafU4A/1jvJlXpw6UHRwFAr6fcfnPMcK6QyYiQ9NnSWz46QYkI
 =X4uV
 -----END PGP SIGNATURE-----

Merge tag 'mips_fixes_4.18_5' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux

Pull MIPS fix from Paul Burton:
 "Here's one more MIPS fix, reverting an errata workaround that was
  merged for v4.18-rc2 but has since been found to cause system hangs on
  some BCM4718A1-based systems by the OpenWRT project"

* tag 'mips_fixes_4.18_5' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
  Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
2018-07-28 12:32:28 -07:00
Linus Torvalds
dd63bf22fc Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
 "Some driver bugfixes"

* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: imx: use open drain for recovery GPIO
  i2c: rcar: handle RXDMA HW behaviour on Gen3
  i2c: imx: Fix reinit_completion() use
  i2c: davinci: Avoid zero value of CLKH
2018-07-28 10:04:40 -07:00
Linus Torvalds
eb181a814c for-linus-20180727
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAltbc20QHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpgh4D/9GYQcjk9qLVFxkv5ucAUvCuxEL6gjsMf4W
 M/QdxVIrwh3zpvsH++2IXXn+xH+UjujMA5NkzhsSr4+hsSO2iAGOYMJbroNfhsTD
 onvQQ6NTaHPu/+PZs0otVK4KMWHwZGWOV6YU00TWTfRgzRmGEsSMe91oeBIXVv9w
 v6d09twaLSY0lUkAAbcdu5fuFBtXu4Bxy60qyHEKkAdWWHEUYaZLrODhVjoGg2V4
 KdAWS5X4A6kJMcPcoOvG6RFtpf71boaip9o/DRLUWhGdIQnI38UgSCUmz1XMYnik
 Sq8r74vqCm8IhIOLTlxnPrMHHbKv7JZhY3Ow9fxnS6HZRNI0aPX31Yml6NULqnWh
 MsQh+6gZXd3xC1O7txEQn4a15Lk0OLXa8HJcIn5ADNxqz5/r/g0mPUG9HmPSIalO
 ISFF/9UKQFcAd0RjHR+bEEH2VMznz59UWKfdOsmwFZtZSCmR1ucj0xAKDj+oP1JS
 ZsgZ09K2GezrL4GEueocISo9ACIWgDWH8T7/bTxlBok0IYbybAfmOe+MZInL1Tf4
 pklmoXm3ntgV3Pq8Ptk05LYyIgAaUIltuSiR3AFaXIADX0wNtV0ZgysIWgHf3BSA
 18j+I1yPG1IwBdM8xNwxi56xMQR84uY5tsIyafbfj+laRI2nH5OIYjNZnrKpm957
 4xZUgIECBA==
 =2ogY
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20180727' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:
 "Bigger than usual at this time, mostly due to the O_DIRECT corruption
  issue and the fact that I was on vacation last week. This contains:

   - NVMe pull request with two fixes for the FC code, and two target
     fixes (Christoph)

   - a DIF bio reset iteration fix (Greg Edwards)

   - two nbd reply and requeue fixes (Josef)

   - SCSI timeout fixup (Keith)

   - a small series that fixes an issue with bio_iov_iter_get_pages(),
     which ended up causing corruption for larger sized O_DIRECT writes
     that ended up racing with buffered writes (Martin Wilck)"

* tag 'for-linus-20180727' of git://git.kernel.dk/linux-block:
  block: reset bi_iter.bi_done after splitting bio
  block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs
  blkdev: __blkdev_direct_IO_simple: fix leak in error case
  block: bio_iov_iter_get_pages: fix size of last iovec
  nvmet: only check for filebacking on -ENOTBLK
  nvmet: fixup crash on NULL device path
  scsi: set timed out out mq requests to complete
  blk-mq: export setting request completion state
  nvme: if_ready checks to fail io to deleting controller
  nvmet-fc: fix target sgl list on large transfers
  nbd: handle unexpected replies better
  nbd: don't requeue the same request twice.
2018-07-27 12:51:00 -07:00
Linus Torvalds
864af0d40c Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
 "11 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  kvm, mm: account shadow page tables to kmemcg
  zswap: re-check zswap_is_full() after do zswap_shrink()
  include/linux/eventfd.h: include linux/errno.h
  mm: fix vma_is_anonymous() false-positives
  mm: use vma_init() to initialize VMAs on stack and data segments
  mm: introduce vma_init()
  mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL
  ipc/sem.c: prevent queue.status tearing in semop
  mm: disallow mappings that conflict for devm_memremap_pages()
  kasan: only select SLUB_DEBUG with SYSFS=y
  delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
2018-07-27 10:30:47 -07:00
Linus Torvalds
1a3d8691fd pci-v4.18-fixes-4
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAltbU2MUHGJoZWxnYWFz
 QGdvb2dsZS5jb20ACgkQWYigwDrT+vy6QxAAlUYBbT1OD0X2XjDgwG9TaxxqBHMT
 w8VTxMUQmMuQRZP8F+xLUksC6lwRGNU8ZPbN4p7d5VMO1PoyKuubUbOgtGSjg7lz
 SQEbUntQ2s4JCxeu1sUyUwDwW0LSMcunluYnWKzut2B6R/yWopJc/1sOsORYwHBf
 SaAVttFayaDl+u2I9hWn5JpHAgTsu+6rpUY1Hs79GI3DAKbSMTy0J0w/5J+eqQUO
 hwuWJqG4hFF9U/zaTqP89EbB181b/OFNathk/Neh3Ge1KnGRHPmE86146ZJSuk4q
 QfYfhzLtzNWaJcjaDyG0hmqX4hNDHWREyPAXgBJ+oxegAQs67Zj1waaKGQ7bY58i
 j911Jd14j30ZnruB4nhsLE/DQJa5cU3WjyFbiL6+qicBWWrKGj3ahoIi5V/j882Q
 z7V+VeBTxpz0LhxTOSC83yZRbUwY6TlcVVW5yJYDI3NXI9ixfOzeh9QFFhSveSbM
 P/3EFv6vrg1V145RlaRPBzXfiDZwqPCL3udBOeK2Z+5jgfTr6yOg0c64c5D+tpR1
 nGm+VKqNaYAeTayeGByWiOOyt4CbL3WXOi+L+tRSjfYjffbh1CyiqRuVrbP/PG64
 o6vg3yfKStR6DXbNpxFvDfsrc69NAaJEH5TBQOeuT3abZF0UwnUvL9TF3Y5cSdjj
 nyaamyAUMSflqAk=
 =Lmx6
 -----END PGP SIGNATURE-----

Merge tag 'pci-v4.18-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fix from Bjorn Helgaas:
 "Fix a use-after-free error in fatal error recovery (Thomas Tai)"

* tag 'pci-v4.18-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI/AER: Work around use-after-free in pcie_do_fatal_recovery()
2018-07-27 10:28:51 -07:00
Linus Torvalds
6284c99cf1 More arm64 fixes:
- Fix disabling of kpti on Thunder-X machines
 
 - Fix premature BUILD_BUG_ON() found with randconfig
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABCgAGBQJbWu8qAAoJELescNyEwWM09ugIAKGyQrDM0gEUEuv5eoAU2/qf
 lpcsUiKKn4J0QNJFf8fEeNDHA/Ji56ev/VG0DZiBupfMIbN/q59IPft/NLcQn44L
 +XCYunHjIrgDoSuCYjTpvElhaPOD6d1PkMeJKGDoo6GLM9+T7JlIb+tczq+TWnnK
 YfoowNaq/OJqCk920kvazJ1bi/9KFF67JuP5jP07zvkk2PwI/CaWVFvlovJ/1sZL
 qtLaC2wx8ViHoONx+HIRuFZBUfckTWd3uAgSGFhZ4yl0gSCxIK1ABQPjUlbGicK/
 QiF1Pb7MtdfLyfTgrnOJLbKiH8NAu65boidvJiIRpCu6qWaHXqNvRhZaYm8fmVM=
 =V+76
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "Inevitably, after saying that I hoped we would be done on the fixes
  front, a couple of issues have cropped up over the last week. Next
  time I'll stay schtum.

  We've fixed an over-eager BUILD_BUG_ON() which Arnd ran into with
  arndconfig, as well as ensuring that KPTI really is disabled on
  Thunder-X1, where the cure is worse than the disease (this regressed
  when we reworked the heterogeneous CPU feature checking).

  Summary:

   - Fix disabling of kpti on Thunder-X machines

   - Fix premature BUILD_BUG_ON() found with randconfig"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
  arm64: Check for errata before evaluating cpu features
2018-07-27 10:26:02 -07:00
Rafał Miłecki
d5ea019f8a
Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
This reverts commit 2a027b47db ("MIPS: BCM47XX: Enable 74K Core
ExternalSync for PCIe erratum").

Enabling ExternalSync caused a regression for BCM4718A1 (used e.g. in
Netgear E3000 and ASUS RT-N16): it simply hangs during PCIe
initialization. It's likely that BCM4717A1 is also affected.

I didn't notice that earlier as the only BCM47XX devices with PCIe I
own are:
1) BCM4706 with 2 x 14e4:4331
2) BCM4706 with 14e4:4360 and 14e4:4331
it appears that BCM4706 is unaffected.

While BCM5300X-ES300-RDS.pdf seems to document that erratum and its
workarounds (according to quotes provided by Tokunori) it seems not even
Broadcom follows them.

According to the provided info Broadcom should define CONF7_ES in their
SDK's mipsinc.h and implement workaround in the si_mips_init(). Checking
both didn't reveal such code. It *could* mean Broadcom also had some
problems with the given workaround.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Reported-by: Michael Marley <michael@michaelmarley.com>
Patchwork: https://patchwork.linux-mips.org/patch/20032/
URL: https://bugs.openwrt.org/index.php?do=details&task_id=1688
Cc: Tokunori Ikegami <ikegami@allied-telesis.co.jp>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: Chris Packham <chris.packham@alliedtelesis.co.nz>
Cc: James Hogan <jhogan@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
2018-07-27 10:07:32 -07:00
Linus Torvalds
3c9fdefe51 two imx fixes and one i915 fix.
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbWpu3AAoJEAx081l5xIa+AmwP/1gDKkU5lUGayb2DOUltPN7g
 Z8Ky702geTIbjMXy4kksCFbJmRZuQSe+ish8wUC0f6lf57kAijgdZlEswzpIXYEA
 bF+U/N0JgD6FX2qeLfqEK0LBDZv4bF2UiMHgGx+2iY6I5oJ5tiZtt9HumuYPr32j
 LwH6nfkAJ34ikB2GcslS9+oPVF97QmgcjlueK9t18FSJjciO/lOL8/bdq8jsczk5
 LZZxudG0BW4d6LGnjI34JMyAb4X4/5JhbgH1sbndmCEl9h/uQc/iR7mCishgcwpc
 K7PHXWs5qmb7Zlc53p9I2oINJeyX6bs55STrFGZkFbRtgeUipk6rFJPcDyVp8Mlc
 lVFQzrWoEMILzCAG10hW0Xnb8Yotz7R95Eieh5LIumkSW9gEntSvCStQkC4L7eoN
 OLub+GcfE4vWecWNPX06IK9XEIJoU2uOF02d5szKycziQhXybeDkhhr1fCuZoaKH
 D/8JxIQB/65ZZaDV9hVrl2JbNKsb63n7r1l1yTzcZ5KU5BGni2+kbuYJu/hR0ZdT
 os63w14Ymp/dmOJS+R/RyO5yANDm+MO4yXDvW53B23j3okmv1DToUs7vAdyfi6BL
 8ib1j6RraYDKxRaw8VLnT5zXz6ydlR5VlearOX+EFBvu/ibnX0GgNUIbHbbDxvLV
 qdl7/uCDuoTRmrb+cuSW
 =phft
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2018-07-27' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Not much happening this week which is good: two imx display fixes and
  one i915 quirk addition"

* tag 'drm-fixes-2018-07-27' of git://anongit.freedesktop.org/drm/drm:
  drm/i915/glk: Add Quirk for GLK NUC HDMI port issues.
  gpu: ipu-csi: Check for field type alternate
  drm/imx: imx-ldb: check if channel is enabled before printing warning
  drm/imx: imx-ldb: disable LDB on driver bind
2018-07-27 10:03:08 -07:00
Linus Torvalds
49b1622bdb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input fixes from Dmitry Torokhov:

 - a couple of new device IDs added to Elan i2c touchpad controller
   driver

 - another entry in i8042 reset quirk list

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
  Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
  MAINTAINERS: Add file patterns for serio device tree bindings
  Input: elan_i2c - add ACPI ID for lenovo ideapad 330
2018-07-27 09:53:45 -07:00
Linus Torvalds
3ebb6fb03d Various fixes to the tracing infrastructure:
- Fix double free when the reg() call fails in event_trigger_callback()
 
  - Fix anomoly of snapshot causing tracing_on flag to change
 
  - Add selftest to test snapshot and tracing_on affecting each other
 
  - Fix setting of tracepoint flag on error that prevents probes from
    being deleted.
 
  - Fix another possible double free that is similar to event_trigger_callback()
 
  - Quiet a gcc warning of a false positive unused variable
 
  - Fix crash of partial exposed task->comm to trace events
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCW1pToBQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qijEAQCzqQsnlO6YBCYajRBq2wFaM7J6tVnJ
 LxLZlVE8lJlHZQD/YpyGOPq98CB81BfQV7RA/CAVd4RZAhTjldDgGyfL/QI=
 =wU8I
 -----END PGP SIGNATURE-----

Merge tag 'trace-v4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fixes from Steven Rostedt:
 "Various fixes to the tracing infrastructure:

   - Fix double free when the reg() call fails in
     event_trigger_callback()

   - Fix anomoly of snapshot causing tracing_on flag to change

   - Add selftest to test snapshot and tracing_on affecting each other

   - Fix setting of tracepoint flag on error that prevents probes from
     being deleted.

   - Fix another possible double free that is similar to
     event_trigger_callback()

   - Quiet a gcc warning of a false positive unused variable

   - Fix crash of partial exposed task->comm to trace events"

* tag 'trace-v4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  kthread, tracing: Don't expose half-written comm when creating kthreads
  tracing: Quiet gcc warning about maybe unused link variable
  tracing: Fix possible double free in event_enable_trigger_func()
  tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
  selftests/ftrace: Add snapshot and tracing_on test case
  ring_buffer: tracing: Inherit the tracing setting to next ring buffer
  tracing: Fix double free of event_trigger_data
2018-07-27 09:50:33 -07:00
Linus Torvalds
f636d300cd Changes since last update:
- Fix some uninitialized variable errors
 - Fix an incorrect check in metadata verifiers
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEUzaAxoMeQq6m2jMV+H93GTRKtOsFAltYpkoACgkQ+H93GTRK
 tOsMAA//Tyt2rjGGrvtPUiI9xhDDbYM+Eds19IWhye9LyNQCHXdmrCicsBvoEyCC
 5XSAT5lofeLNIbiTS88aC0b4sr2LLban6YsTBHGTlRxUTrnCSpCCDIgXJswxLjmT
 jivIumvKL3sxgmXubwe6gnjoLCNGIy3JrdCu4vFf6JGWAj6U5HyZ5hjtj74nuPtg
 w6BMEptJIOmQwGzSjQY76dQ5ekliVuOtYISY6gRAfVPVvwURgIzZdQPi4qV5Kw/d
 n2nA6rvMBUcMUSVvXWS1ryOWsy4HrB9LXzbr5Kb0NgaVKnAqSCYGIGMJSEsiO/7Y
 P83Doo6N8fYh8QEUOLqJ76XTkkrzoo3fvo7IZXUGMERXx90UliEAI/k6hWy6awtT
 cCQatAcOp+8r5PvMJ9ZIivAwDId06PwpuDntOATIamGkNEo4vo0LO189fQP+i8RD
 LIbEcLcGOHVjjTZgGqJCfDWVPiFtG8ZdZp9bvmpW9aREzMGl/tXnvI2QsSwZu+lU
 87efBqztYGm4U4D5grdV/ynbT1E4E9ggtI2pVHG2ipJnZ+UeTiOCw68lDcUDT0JA
 lU2fPUKzUR3v+U6s26AJFKcX2HCG4G75cJozBuH82xcPnUT0m3PMde0ZhFzVnvg4
 w8T+bIS0Q/f310SSAitu1qfG5cx2f6I5j107jhldvcibRmqEZLE=
 =Ovtv
 -----END PGP SIGNATURE-----

Merge tag 'xfs-4.18-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

Pull xfs fixes from Darrick Wong:

 - Fix some uninitialized variable errors

 - Fix an incorrect check in metadata verifiers

* tag 'xfs-4.18-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: properly handle free inodes in extent hint validators
  xfs: Initialize variables in xfs_alloc_get_rec before using them
2018-07-27 09:25:09 -07:00
Greg Edwards
5151842b9d block: reset bi_iter.bi_done after splitting bio
After the bio has been updated to represent the remaining sectors, reset
bi_done so bio_rewind_iter() does not rewind further than it should.

This resolves a bio_integrity_process() failure on reads where the
original request was split.

Fixes: 63573e359d ("bio-integrity: Restore original iterator on verify stage")
Signed-off-by: Greg Edwards <gedwards@ddn.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-07-27 09:10:34 -06:00
Shakeel Butt
d97e5e6160 kvm, mm: account shadow page tables to kmemcg
The size of kvm's shadow page tables corresponds to the size of the
guest virtual machines on the system.  Large VMs can spend a significant
amount of memory as shadow page tables which can not be left as system
memory overhead.  So, account shadow page tables to the kmemcg.

[shakeelb@google.com: replace (GFP_KERNEL|__GFP_ACCOUNT) with GFP_KERNEL_ACCOUNT]
  Link: http://lkml.kernel.org/r/20180629140224.205849-1-shakeelb@google.com
Link: http://lkml.kernel.org/r/20180627181349.149778-1-shakeelb@google.com
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Greg Thelen <gthelen@google.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Peter Feiner <pfeiner@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Li Wang
16e536ef47 zswap: re-check zswap_is_full() after do zswap_shrink()
/sys/../zswap/stored_pages keeps rising in a zswap test with
"zswap.max_pool_percent=0" parameter.  But it should not compress or
store pages any more since there is no space in the compressed pool.

Reproduce steps:
  1. Boot kernel with "zswap.enabled=1"
  2. Set the max_pool_percent to 0
      # echo 0 > /sys/module/zswap/parameters/max_pool_percent
  3. Do memory stress test to see if some pages have been compressed
      # stress --vm 1 --vm-bytes $mem_available"M" --timeout 60s
  4. Watching the 'stored_pages' number increasing or not

The root cause is:

  When zswap_max_pool_percent is set to 0 via kernel parameter,
  zswap_is_full() will always return true due to zswap_shrink().  But if
  the shinking is able to reclain a page successfully the code then
  proceeds to compressing/storing another page, so the value of
  stored_pages will keep changing.

To solve the issue, this patch adds a zswap_is_full() check again after
  zswap_shrink() to make sure it's now under the max_pool_percent, and to
  not compress/store if we reached the limit.

Link: http://lkml.kernel.org/r/20180530103936.17812-1-liwang@redhat.com
Signed-off-by: Li Wang <liwang@redhat.com>
Acked-by: Dan Streetman <ddstreet@ieee.org>
Cc: Seth Jennings <sjenning@redhat.com>
Cc: Huang Ying <huang.ying.caritas@gmail.com>
Cc: Yu Zhao <yuzhao@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Arnd Bergmann
fa3fc2ad99 include/linux/eventfd.h: include linux/errno.h
The new gasket staging driver ran into a randconfig build failure when
CONFIG_EVENTFD is disabled:

  In file included from drivers/staging/gasket/gasket_interrupt.h:11,
                   from drivers/staging/gasket/gasket_interrupt.c:4:
  include/linux/eventfd.h: In function 'eventfd_ctx_fdget':
  include/linux/eventfd.h:51:9: error: implicit declaration of function 'ERR_PTR' [-Werror=implicit-function-declaration]

I can't see anything wrong with including eventfd.h before err.h, so the
easiest fix is to make it possible to do this by including the file
where it is needed.

Link: http://lkml.kernel.org/r/20180724110737.3985088-1-arnd@arndb.de
Fixes: 9a69f5087c ("drivers/staging: Gasket driver framework + Apex driver")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Eric Biggers <ebiggers@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Kirill A. Shutemov
bfd40eaff5 mm: fix vma_is_anonymous() false-positives
vma_is_anonymous() relies on ->vm_ops being NULL to detect anonymous
VMA.  This is unreliable as ->mmap may not set ->vm_ops.

False-positive vma_is_anonymous() may lead to crashes:

	next ffff8801ce5e7040 prev ffff8801d20eca50 mm ffff88019c1e13c0
	prot 27 anon_vma ffff88019680cdd8 vm_ops 0000000000000000
	pgoff 0 file ffff8801b2ec2d00 private_data 0000000000000000
	flags: 0xff(read|write|exec|shared|mayread|maywrite|mayexec|mayshare)
	------------[ cut here ]------------
	kernel BUG at mm/memory.c:1422!
	invalid opcode: 0000 [#1] SMP KASAN
	CPU: 0 PID: 18486 Comm: syz-executor3 Not tainted 4.18.0-rc3+ #136
	Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
	01/01/2011
	RIP: 0010:zap_pmd_range mm/memory.c:1421 [inline]
	RIP: 0010:zap_pud_range mm/memory.c:1466 [inline]
	RIP: 0010:zap_p4d_range mm/memory.c:1487 [inline]
	RIP: 0010:unmap_page_range+0x1c18/0x2220 mm/memory.c:1508
	Call Trace:
	 unmap_single_vma+0x1a0/0x310 mm/memory.c:1553
	 zap_page_range_single+0x3cc/0x580 mm/memory.c:1644
	 unmap_mapping_range_vma mm/memory.c:2792 [inline]
	 unmap_mapping_range_tree mm/memory.c:2813 [inline]
	 unmap_mapping_pages+0x3a7/0x5b0 mm/memory.c:2845
	 unmap_mapping_range+0x48/0x60 mm/memory.c:2880
	 truncate_pagecache+0x54/0x90 mm/truncate.c:800
	 truncate_setsize+0x70/0xb0 mm/truncate.c:826
	 simple_setattr+0xe9/0x110 fs/libfs.c:409
	 notify_change+0xf13/0x10f0 fs/attr.c:335
	 do_truncate+0x1ac/0x2b0 fs/open.c:63
	 do_sys_ftruncate+0x492/0x560 fs/open.c:205
	 __do_sys_ftruncate fs/open.c:215 [inline]
	 __se_sys_ftruncate fs/open.c:213 [inline]
	 __x64_sys_ftruncate+0x59/0x80 fs/open.c:213
	 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
	 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Reproducer:

	#include <stdio.h>
	#include <stddef.h>
	#include <stdint.h>
	#include <stdlib.h>
	#include <string.h>
	#include <sys/types.h>
	#include <sys/stat.h>
	#include <sys/ioctl.h>
	#include <sys/mman.h>
	#include <unistd.h>
	#include <fcntl.h>

	#define KCOV_INIT_TRACE			_IOR('c', 1, unsigned long)
	#define KCOV_ENABLE			_IO('c', 100)
	#define KCOV_DISABLE			_IO('c', 101)
	#define COVER_SIZE			(1024<<10)

	#define KCOV_TRACE_PC  0
	#define KCOV_TRACE_CMP 1

	int main(int argc, char **argv)
	{
		int fd;
		unsigned long *cover;

		system("mount -t debugfs none /sys/kernel/debug");
		fd = open("/sys/kernel/debug/kcov", O_RDWR);
		ioctl(fd, KCOV_INIT_TRACE, COVER_SIZE);
		cover = mmap(NULL, COVER_SIZE * sizeof(unsigned long),
				PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
		munmap(cover, COVER_SIZE * sizeof(unsigned long));
		cover = mmap(NULL, COVER_SIZE * sizeof(unsigned long),
				PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
		memset(cover, 0, COVER_SIZE * sizeof(unsigned long));
		ftruncate(fd, 3UL << 20);
		return 0;
	}

This can be fixed by assigning anonymous VMAs own vm_ops and not relying
on it being NULL.

If ->mmap() failed to set ->vm_ops, mmap_region() will set it to
dummy_vm_ops.  This way we will have non-NULL ->vm_ops for all VMAs.

Link: http://lkml.kernel.org/r/20180724121139.62570-4-kirill.shutemov@linux.intel.com
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reported-by: syzbot+3f84280d52be9b7083cc@syzkaller.appspotmail.com
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Kirill A. Shutemov
2c4541e24c mm: use vma_init() to initialize VMAs on stack and data segments
Make sure to initialize all VMAs properly, not only those which come
from vm_area_cachep.

Link: http://lkml.kernel.org/r/20180724121139.62570-3-kirill.shutemov@linux.intel.com
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Kirill A. Shutemov
027232da7c mm: introduce vma_init()
Not all VMAs allocated with vm_area_alloc().  Some of them allocated on
stack or in data segment.

The new helper can be use to initialize VMA properly regardless where it
was allocated.

Link: http://lkml.kernel.org/r/20180724121139.62570-2-kirill.shutemov@linux.intel.com
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Dan Williams
31c5bda3a6 mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL
Commit e763848843 ("mm: introduce MEMORY_DEVICE_FS_DAX and
CONFIG_DEV_PAGEMAP_OPS") added two EXPORT_SYMBOL_GPL() symbols, but
these symbols are required by the inlined put_page(), thus accidentally
making put_page() a GPL export only.  This breaks OpenAFS (at least).

Mark them EXPORT_SYMBOL() instead.

Link: http://lkml.kernel.org/r/153128611970.2928.11310692420711601254.stgit@dwillia2-desk3.amr.corp.intel.com
Fixes: e763848843 ("mm: introduce MEMORY_DEVICE_FS_DAX and CONFIG_DEV_PAGEMAP_OPS")
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Reported-by: Joe Gorse <jhgorse@gmail.com>
Reported-by: John Hubbard <jhubbard@nvidia.com>
Tested-by: Joe Gorse <jhgorse@gmail.com>
Tested-by: John Hubbard <jhubbard@nvidia.com>
Cc: Jérôme Glisse <jglisse@redhat.com>
Cc: Mark Vitale <mvitale@sinenomine.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Davidlohr Bueso
f075faa300 ipc/sem.c: prevent queue.status tearing in semop
In order for load/store tearing prevention to work, _all_ accesses to
the variable in question need to be done around READ and WRITE_ONCE()
macros.  Ensure everyone does so for q->status variable for
semtimedop().

Link: http://lkml.kernel.org/r/20180717052654.676-1-dave@stgolabs.net
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Dave Jiang
15d36fecd0 mm: disallow mappings that conflict for devm_memremap_pages()
When pmem namespaces created are smaller than section size, this can
cause an issue during removal and gpf was observed:

  general protection fault: 0000 1 SMP PTI
  CPU: 36 PID: 3941 Comm: ndctl Tainted: G W 4.14.28-1.el7uek.x86_64 #2
  task: ffff88acda150000 task.stack: ffffc900233a4000
  RIP: 0010:__put_page+0x56/0x79
  Call Trace:
    devm_memremap_pages_release+0x155/0x23a
    release_nodes+0x21e/0x260
    devres_release_all+0x3c/0x48
    device_release_driver_internal+0x15c/0x207
    device_release_driver+0x12/0x14
    unbind_store+0xba/0xd8
    drv_attr_store+0x27/0x31
    sysfs_kf_write+0x3f/0x46
    kernfs_fop_write+0x10f/0x18b
    __vfs_write+0x3a/0x16d
    vfs_write+0xb2/0x1a1
    SyS_write+0x55/0xb9
    do_syscall_64+0x79/0x1ae
    entry_SYSCALL_64_after_hwframe+0x3d/0x0

Add code to check whether we have a mapping already in the same section
and prevent additional mappings from being created if that is the case.

Link: http://lkml.kernel.org/r/152909478401.50143.312364396244072931.stgit@djiang5-desk3.ch.intel.com
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Robert Elliott <elliott@hpe.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Arnd Bergmann
03758dbbe2 kasan: only select SLUB_DEBUG with SYSFS=y
Building with KASAN and SLUB but without sysfs now results in a
build-time error:

  WARNING: unmet direct dependencies detected for SLUB_DEBUG
    Depends on [n]: SLUB [=y] && SYSFS [=n]
    Selected by [y]:
    - KASAN [=y] && HAVE_ARCH_KASAN [=y] && (SLUB [=y] || SLAB [=n] && !DEBUG_SLAB [=n]) && SLUB [=y]
  mm/slub.c:4565:12: error: 'list_locations' defined but not used [-Werror=unused-function]
   static int list_locations(struct kmem_cache *s, char *buf,
              ^~~~~~~~~~~~~~
  mm/slub.c:4406:13: error: 'validate_slab_cache' defined but not used [-Werror=unused-function]
   static long validate_slab_cache(struct kmem_cache *s)

This disallows that broken configuration in Kconfig.

Link: http://lkml.kernel.org/r/20180709154019.1693026-1-arnd@arndb.de
Fixes: dd275caf4a ("kasan: depend on CONFIG_SLUB_DEBUG")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Christoph Lameter <cl@linux.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Tejun Heo
b512719f77 delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
While forking, if delayacct init fails due to memory shortage, it
continues expecting all delayacct users to check task->delays pointer
against NULL before dereferencing it, which all of them used to do.

Commit c96f5471ce ("delayacct: Account blkio completion on the correct
task"), while updating delayacct_blkio_end() to take the target task
instead of always using %current, made the function test NULL on
%current->delays and then continue to operated on @p->delays.  If
%current succeeded init while @p didn't, it leads to the following
crash.

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
 IP: __delayacct_blkio_end+0xc/0x40
 PGD 8000001fd07e1067 P4D 8000001fd07e1067 PUD 1fcffbb067 PMD 0
 Oops: 0000 [#1] SMP PTI
 CPU: 4 PID: 25774 Comm: QIOThread0 Not tainted 4.16.0-9_fbk1_rc2_1180_g6b593215b4d7 #9
 RIP: 0010:__delayacct_blkio_end+0xc/0x40
 Call Trace:
  try_to_wake_up+0x2c0/0x600
  autoremove_wake_function+0xe/0x30
  __wake_up_common+0x74/0x120
  wake_up_page_bit+0x9c/0xe0
  mpage_end_io+0x27/0x70
  blk_update_request+0x78/0x2c0
  scsi_end_request+0x2c/0x1e0
  scsi_io_completion+0x20b/0x5f0
  blk_mq_complete_request+0xa2/0x100
  ata_scsi_qc_complete+0x79/0x400
  ata_qc_complete_multiple+0x86/0xd0
  ahci_handle_port_interrupt+0xc9/0x5c0
  ahci_handle_port_intr+0x54/0xb0
  ahci_single_level_irq_intr+0x3b/0x60
  __handle_irq_event_percpu+0x43/0x190
  handle_irq_event_percpu+0x20/0x50
  handle_irq_event+0x2a/0x50
  handle_edge_irq+0x80/0x1c0
  handle_irq+0xaf/0x120
  do_IRQ+0x41/0xc0
  common_interrupt+0xf/0xf

Fix it by updating delayacct_blkio_end() check @p->delays instead.

Link: http://lkml.kernel.org/r/20180724175542.GP1934745@devbig577.frc2.facebook.com
Fixes: c96f5471ce ("delayacct: Account blkio completion on the correct task")
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Dave Jones <dsj@fb.com>
Debugged-by: Dave Jones <dsj@fb.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Josh Snyder <joshs@netflix.com>
Cc: <stable@vger.kernel.org>	[4.15+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-26 19:38:03 -07:00
Dave Airlie
050d2a5533 drm/imx: imx-drm ldb and ipu-v3 csi fixes
- Disable the LVDS Display Bridge (LDB) on driver bind. This is
   necessary to guarantee correct LVDS signals in case the bootloader
   left the LVDS output active.
 - Remove false positive warning about disabled second LVDS channel in
   dual-channel mode. In this mode, the second LVDS channel can not be
   used separately. If the second channel is correctly described as
   disabled in the device tree, the driver warned about this anyway.
 - Fix the CSI confiuration to not only enable interlaced capture mode
   for V4L2_FIELD_SEQ_BT and V4L2_FIELD_SEQ_TB, but also for the
   V4L2_FIELD_ALTERNATE interlacing mode. Before, it incorrectly tried
   to capture progressive frames in that case.
 -----BEGIN PGP SIGNATURE-----
 
 iI4EABYIADYWIQRRO6F6WdpH1R0vGibVhaclGDdiwAUCW1G4zRgccGhpbGlwcC56
 YWJlbEBnbWFpbC5jb20ACgkQ1YWnJRg3YsCZSgEAhIjcChl3NqsgqDzs4H1Pj+42
 WS0OAHA6FSo5Jt1mthoA/jUbHp3tpEu1S4z1bUm3Hi5cifmZX2Jg/QLjsF4hzewK
 =6eNq
 -----END PGP SIGNATURE-----

Merge tag 'imx-drm-fixes-2018-07-20' of git://git.pengutronix.de/git/pza/linux into drm-fixes

drm/imx: imx-drm ldb and ipu-v3 csi fixes

- Disable the LVDS Display Bridge (LDB) on driver bind. This is
  necessary to guarantee correct LVDS signals in case the bootloader
  left the LVDS output active.
- Remove false positive warning about disabled second LVDS channel in
  dual-channel mode. In this mode, the second LVDS channel can not be
  used separately. If the second channel is correctly described as
  disabled in the device tree, the driver warned about this anyway.
- Fix the CSI confiuration to not only enable interlaced capture mode
  for V4L2_FIELD_SEQ_BT and V4L2_FIELD_SEQ_TB, but also for the
  V4L2_FIELD_ALTERNATE interlacing mode. Before, it incorrectly tried
  to capture progressive frames in that case.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1532100423.3438.8.camel@pengutronix.de
2018-07-27 12:17:31 +10:00
Dave Airlie
5a75cd11a8 - Only a quirk for GLK NUC HDMI port issues
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJbWfkAAAoJEPpiX2QO6xPKv/EH/iWq/0JmNuWzET+PZM12Jam7
 24Y9k2VgPzs68h+R+IUagMZz6J2UvSKgt8/GFayTTJa8ylrNjMzRcGqOt0mvRvqo
 IeVFzivtctqbXyi6V6e5zPAoUdH7xgj/OPWoq32AyI9qIoehuLGRNa0PyT3Jp+M9
 Z3uHJoYjy0KB0rmDR0IG2WtmIwYjRXdptHnHaoSRERK3mB+5JTXtKLn8I0V0bvSA
 ZDHornYLJGPtCFEWV3/rW2xOajOyAjzAxmepc/6B5bUZa12DMHqWmf0dHZR2iBn9
 SO3OawAFf2TjsVDm4E2/ZarNjUVXx2T0D0bS4yrFybupcLkWVqOHaUsfIxNwxVs=
 =pPNH
 -----END PGP SIGNATURE-----

Merge tag 'drm-intel-fixes-2018-07-26' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

- Only a quirk for GLK NUC HDMI port issues

Signed-off-by: Dave Airlie <airlied@redhat.com>

Link: https://patchwork.freedesktop.org/patch/msgid/20180726163856.GA21162@intel.com
2018-07-27 12:11:31 +10:00
Martin Wilck
17d51b10d7 block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs
bio_iov_iter_get_pages() currently only adds pages for the next non-zero
segment from the iov_iter to the bio. That's suboptimal for callers,
which typically try to pin as many pages as fit into the bio. This patch
converts the current bio_iov_iter_get_pages() into a static helper, and
introduces a new helper that allocates as many pages as

 1) fit into the bio,
 2) are present in the iov_iter,
 3) and can be pinned by MM.

Error is returned only if zero pages could be pinned. Because of 3), a
zero return value doesn't necessarily mean all pages have been pinned.
Callers that have to pin every page in the iov_iter must still call this
function in a loop (this is currently the case).

This change matters most for __blkdev_direct_IO_simple(), which calls
bio_iov_iter_get_pages() only once. If it obtains less pages than
requested, it returns a "short write" or "short read", and
__generic_file_write_iter() falls back to buffered writes, which may
lead to data corruption.

Fixes: 72ecad22d9 ("block: support a full bio worth of IO for simplified bdev direct-io")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-07-26 11:52:36 -06:00
Martin Wilck
9362dd1109 blkdev: __blkdev_direct_IO_simple: fix leak in error case
Fixes: 72ecad22d9 ("block: support a full bio worth of IO for simplified bdev direct-io")
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-07-26 11:52:33 -06:00
Martin Wilck
b403ea2404 block: bio_iov_iter_get_pages: fix size of last iovec
If the last page of the bio is not "full", the length of the last
vector slot needs to be corrected. This slot has the index
(bio->bi_vcnt - 1), but only in bio->bi_io_vec. In the "bv" helper
array, which is shifted by the value of bio->bi_vcnt at function
invocation, the correct index is (nr_pages - 1).

v2: improved readability following suggestions from Ming Lei.
v3: followed a formatting suggestion from Christoph Hellwig.

Fixes: 2cefe4dbaa ("block: add bio_iov_iter_get_pages()")
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-07-26 11:52:29 -06:00
Jens Axboe
78e18063a9 Merge branch 'nvme-4.18' of git://git.infradead.org/nvme into for-linus
Pull NVMe fixes from Christoph:

"Two small fixes each for the FC code and the target."

* 'nvme-4.18' of git://git.infradead.org/nvme:
  nvmet: only check for filebacking on -ENOTBLK
  nvmet: fixup crash on NULL device path
  nvme: if_ready checks to fail io to deleting controller
  nvmet-fc: fix target sgl list on large transfers
2018-07-26 11:48:44 -06:00
Thomas Tai
bd91b56cb3 PCI/AER: Work around use-after-free in pcie_do_fatal_recovery()
When an fatal error is received by a non-bridge device, the device is
removed, and pci_stop_and_remove_bus_device() deallocates the device
structure.  The freed device structure is used by subsequent code to send
uevents and print messages.

Hold a reference on the device until we're finished using it.  This is not
an ideal fix because pcie_do_fatal_recovery() should not use the device at
all after removing it, but that's too big a project for right now.

Fixes: 7e9084b367 ("PCI/AER: Handle ERR_FATAL with removal and re-enumeration of devices")
Signed-off-by: Thomas Tai <thomas.tai@oracle.com>
[bhelgaas: changelog, reduce get/put coverage]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
2018-07-26 12:13:04 -05:00
Linus Torvalds
cd3f77d74a USB fixes for 4.18-rc7
Here are a number of USB fixes and new device ids for 4.18-rc7.
 
 The largest number are a bunch of gadget driver fixes that got delayed
 in being submitted earlier due to vacation schedules, but nothing really
 huge is present in them.  There are some new device ids and some PHY
 driver fixes that were connected to some USB ones.  Full details are in
 the shortlog.
 
 All have been in linux-next for a while with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW1nXnQ8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymoWACfTbc0TF6u9hNALIS9nsgLxevZLjYAnA5RJ12y
 TTBeXMIAvCUKILAXPQok
 =spWc
 -----END PGP SIGNATURE-----

Merge tag 'usb-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are a number of USB fixes and new device ids for 4.18-rc7.

  The largest number are a bunch of gadget driver fixes that got delayed
  in being submitted earlier due to vacation schedules, but nothing
  really huge is present in them. There are some new device ids and some
  PHY driver fixes that were connected to some USB ones. Full details
  are in the shortlog.

  All have been in linux-next for a while with no reported issues"

* tag 'usb-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (28 commits)
  usb: core: handle hub C_PORT_OVER_CURRENT condition
  usb: xhci: Fix memory leak in xhci_endpoint_reset()
  usb: typec: tcpm: Fix sink PDO starting index for PPS APDO selection
  usb: gadget: f_fs: Only return delayed status when len is 0
  usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
  usb: dwc2: Fix inefficient copy of unaligned buffers
  usb: dwc2: Fix DMA alignment to start at allocated boundary
  usb: dwc3: rockchip: Fix PHY documentation links.
  tools: usb: ffs-test: Fix build on big endian systems
  usb: gadget: aspeed: Workaround memory ordering issue
  usb: dwc3: gadget: remove redundant variable maxpacket
  usb: dwc2: avoid NULL dereferences
  usb/phy: fix PPC64 build errors in phy-fsl-usb.c
  usb: dwc2: host: do not delay retries for CONTROL IN transfers
  usb: gadget: u_audio: protect stream runtime fields with stream spinlock
  usb: gadget: u_audio: remove cached period bytes value
  usb: gadget: u_audio: remove caching of stream buffer parameters
  usb: gadget: u_audio: update hw_ptr in iso_complete after data copied
  usb: gadget: u_audio: fix pcm/card naming in g_audio_setup()
  usb: gadget: f_uac2: fix error handling in afunc_bind (again)
  ...
2018-07-26 09:29:29 -07:00
Linus Torvalds
fd4f84faec staging driver fixes for 4.18-rc7
Here are 3 small staging driver fixes for 4.18-rc7.  One is a revert of
 an earlier patch that turned out to be incorrect, one is a fix for the
 speakup drivers, and the last a fix for the ks7010 driver to resolve a
 regression.
 
 All of these have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW1nWRg8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yn3sgCfRfyR5eWd//zjOd+RPK5pgVmntpsAn2RO4/hF
 3/QBUH8Pnd0fQDCE87w8
 =T47D
 -----END PGP SIGNATURE-----

Merge tag 'staging-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging driver fixes from Greg KH:
 "Here are three small staging driver fixes for 4.18-rc7.

  One is a revert of an earlier patch that turned out to be incorrect,
  one is a fix for the speakup drivers, and the last a fix for the
  ks7010 driver to resolve a regression.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'staging-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: speakup: fix wraparound in uaccess length check
  staging: ks7010: call 'hostif_mib_set_request_int' instead of 'hostif_mib_set_request_bool'
  Revert "staging:r8188eu: Use lib80211 to support TKIP"
2018-07-26 09:26:41 -07:00
Linus Torvalds
a5f9e5dab3 Driver core fixes for 4.18-rc7
This is a single driver core fix for 4.18-rc7.  It partially reverts a
 previous commit to resolve some reported issues.
 
 It has been in linux-next for a while now with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW1nVXg8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ylt+ACgnOBM409ab+U2z/0EZcJrd3fXjXcAn1XD1e5p
 Y0fBLaJ/sB+VpyiRP/gK
 =WxMr
 -----END PGP SIGNATURE-----

Merge tag 'driver-core-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core fix from Greg KH:
 "This is a single driver core fix for 4.18-rc7. It partially reverts a
  previous commit to resolve some reported issues.

  It has been in linux-next for a while now with no reported issues"

* tag 'driver-core-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  driver core: Partially revert "driver core: correct device's shutdown order"
2018-07-26 09:25:03 -07:00
Linus Torvalds
9bd591839e ACPI fix for 4.18-rc7
Fix a recent ACPICA regression causing the AML parser to get confused
 and fail in some situations involving incorrect AML in an ACPI table
 (Erik Schmauss).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJbWdSOAAoJEILEb/54YlRxkccP/3kxz1Fr4lmwDaXkReOR1Zxa
 ShdoKKdruDXMXYGMnJWw+jilhbRb6fWQq6jWzmpAOnd0l98voGYFhdelMp6JhyNi
 4ei5SnM5HML4QJPR3xUhXYhEUwDy4YZIaubjXE7w4IDeh33eJG4h/LO90nzlWb15
 Ge08iv8cQmZIOFVrnn2T5OWlseMAelCWVh++v9W40ns2RjDOIisH3eELvM90zlZ+
 7BtD3jzeSp7DHzvYYdlSToEsiIAccWhttSiKZ4ViyWu2ncnxcO+ymzKkvh9jxWFr
 8olAP9xnV3ceS1/m4vkfuhQb2JmDPz5quChLrLAbe5LfZiA1zLBprBs+tdIYbn/7
 jmWvRR7oD0rF8itBoGb6oheOWA1M40hfsH3s+zh+IJRWFDkiFLdV5c3YCZvPLLEc
 zv4swo/29I06gDlWWUu1Tq1TmnDX4Z62ZGo7VSw0d+5UHgqWaUpaTLn99Fl+zlaJ
 lGyPFlee9ou7NBbi1yzcqLrstv7q79IgLBL1khvrLJOFB8WksPKUW1EnIOB2TjBa
 YRj11pdMsJnvo6I5h9YY/fVR6vJxFVcUSITMPjKq2vQ/bOIeELTryEvMSX3FW2y8
 KRv39zrTx1tDY2l2NHbDgbEoLd7DZ6u0DVahkU4oSumBSnebqIvhz24shpWzo9nm
 Pgt3WRd2siIMm7FtFF+2
 =B+ti
 -----END PGP SIGNATURE-----

Merge tag 'acpi-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI fix from Rafael Wysocki:
 "Fix a recent ACPICA regression causing the AML parser to get confused
  and fail in some situations involving incorrect AML in an ACPI table
  (Erik Schmauss)"

* tag 'acpi-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPICA: AML Parser: ignore dispatcher error status during table load
2018-07-26 09:23:17 -07:00
Linus Torvalds
99015e94f2 Power management fix for 4.18-rc7
Fix up the recently introduced cpufreq driver for Qualcomm Kryo
 processors by adding a terminating NULL entry to its table of
 device IDs (YueHaibing).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJbWdP8AAoJEILEb/54YlRxuxUP/AutbdUh/t83FRRXVtNa+uBx
 SAJ3SHn4TCJ4GKAYj5+/ca5ztj7eO9PilGdCk2gtSLW269nE8zvrm0tSjJ3boh0n
 QFUu/y53ZwAreB2Xa5p52sRolCpvEybSD0Ha0nY70w3ShvEQ3ggwRG8AskpS8d1j
 lw3CQ/r36EYO+B8oo9kvkNq8GUQloQJQK4+pYc6CNHi1I8LPhQtx11c0KJp6TsKm
 4eTOqIooyFXvJwLMPUvebgv2CzcZFTEfQFNllrBmxufmfzgL84vAQuS2rsdQLyK6
 B0WZwFoktNZ/xKg/U/cmMnpEyZMbmxSXJroCNxAQ8Qbn/VTnaQo72VouWYvIKcrD
 fPIbSUJM6QIpvSfVkc9rHt04GS3XCewY83BnkREQOT2IZTu8I5IXso0fNYU4ks3K
 8Fkda8eRBHbcVu2+UUo88etGIZqoTmy47A1sJnHnNS2Wvsgecm38y5bIP/rekDrt
 fVu4A3mpyzwncXX+hB57NEhit2OKvzV8p8XNEBwZQGLjTl4xgUe4pDpneybxDeJW
 0oNPEIOgNB2VdF2yNh936OoVTQna0/3CwVBIM3mijRZOxCGtUAq/SFAe377aR7XX
 IYpi1fXuq4Q6pWSXOf3VlwR7atFYCEmQ/u9vEMiJ/Xtox130SVPwlSpl1ZRioXD5
 12V6HezJHaF7h1SfQSud
 =I8t3
 -----END PGP SIGNATURE-----

Merge tag 'pm-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fix from Rafael Wysocki:
 "Fix up the recently introduced cpufreq driver for Qualcomm Kryo
  processors by adding a terminating NULL entry to its table of device
  IDs (YueHaibing)"

* tag 'pm-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  cpufreq: qcom-kryo: add NULL entry to the end of_device_id array
2018-07-26 09:21:28 -07:00
Snild Dolkow
3e536e222f kthread, tracing: Don't expose half-written comm when creating kthreads
There is a window for racing when printing directly to task->comm,
allowing other threads to see a non-terminated string. The vsnprintf
function fills the buffer, counts the truncated chars, then finally
writes the \0 at the end.

	creator                     other
	vsnprintf:
	  fill (not terminated)
	  count the rest            trace_sched_waking(p):
	  ...                         memcpy(comm, p->comm, TASK_COMM_LEN)
	  write \0

The consequences depend on how 'other' uses the string. In our case,
it was copied into the tracing system's saved cmdlines, a buffer of
adjacent TASK_COMM_LEN-byte buffers (note the 'n' where 0 should be):

	crash-arm64> x/1024s savedcmd->saved_cmdlines | grep 'evenk'
	0xffffffd5b3818640:     "irq/497-pwr_evenkworker/u16:12"

...and a strcpy out of there would cause stack corruption:

	[224761.522292] Kernel panic - not syncing: stack-protector:
	    Kernel stack is corrupted in: ffffff9bf9783c78

	crash-arm64> kbt | grep 'comm\|trace_print_context'
	#6  0xffffff9bf9783c78 in trace_print_context+0x18c(+396)
	      comm (char [16]) =  "irq/497-pwr_even"

	crash-arm64> rd 0xffffffd4d0e17d14 8
	ffffffd4d0e17d14:  2f71726900000000 5f7277702d373934   ....irq/497-pwr_
	ffffffd4d0e17d24:  726f776b6e657665 3a3631752f72656b   evenkworker/u16:
	ffffffd4d0e17d34:  f9780248ff003231 cede60e0ffffff9b   12..H.x......`..
	ffffffd4d0e17d44:  cede60c8ffffffd4 00000fffffffffd4   .....`..........

The workaround in e09e28671 (use strlcpy in __trace_find_cmdline) was
likely needed because of this same bug.

Solved by vsnprintf:ing to a local buffer, then using set_task_comm().
This way, there won't be a window where comm is not terminated.

Link: http://lkml.kernel.org/r/20180726071539.188015-1-snild@sony.com

Cc: stable@vger.kernel.org
Fixes: bc0c38d139 ("ftrace: latency tracer infrastructure")
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Snild Dolkow <snild@sony.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
2018-07-26 09:59:33 -04:00
Steven Rostedt (VMware)
2519c1bbe3 tracing: Quiet gcc warning about maybe unused link variable
Commit 57ea2a34ad ("tracing/kprobes: Fix trace_probe flags on
enable_trace_kprobe() failure") added an if statement that depends on another
if statement that gcc doesn't see will initialize the "link" variable and
gives the warning:

 "warning: 'link' may be used uninitialized in this function"

It is really a false positive, but to quiet the warning, and also to make
sure that it never actually is used uninitialized, initialize the "link"
variable to NULL and add an if (!WARN_ON_ONCE(!link)) where the compiler
thinks it could be used uninitialized.

Cc: stable@vger.kernel.org
Fixes: 57ea2a34ad ("tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
2018-07-25 22:33:50 -04:00
Steven Rostedt (VMware)
15cc78644d tracing: Fix possible double free in event_enable_trigger_func()
There was a case that triggered a double free in event_trigger_callback()
due to the called reg() function freeing the trigger_data and then it
getting freed again by the error return by the caller. The solution there
was to up the trigger_data ref count.

Code inspection found that event_enable_trigger_func() has the same issue,
but is not as easy to trigger (requires harder to trigger failures). It
needs to be solved slightly different as it needs more to clean up when the
reg() function fails.

Link: http://lkml.kernel.org/r/20180725124008.7008e586@gandalf.local.home

Cc: stable@vger.kernel.org
Fixes: 7862ad1846 ("tracing: Add 'enable_event' and 'disable_event' event trigger commands")
Reivewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
2018-07-25 21:25:16 -04:00