Commit Graph

841837 Commits

Author SHA1 Message Date
Linus Torvalds
a5fff14a0c Merge branch 'akpm' (patches from Andrew)
Merge more fixes from Andrew Morton:
 "5 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  swap_readpage(): avoid blk_wake_io_task() if !synchronous
  devres: allow const resource arguments
  mm/vmscan.c: prevent useless kswapd loops
  fs/userfaultfd.c: disable irqs for fault_pending and event locks
  mm/page_alloc.c: fix regression with deferred struct page init
2019-07-05 11:39:56 +09:00
Linus Torvalds
ecbe5086ad ARM: SoC fixes
Likely our final small batch of fixes for 5.2:
 
  - Some fixes for USB on davinci, regressions were due to the recent
    conversion of the OCHI driver to use GPIO regulators
 
  - A fixup of kconfig dependencies for a TI irq controller
 
  - A switch of armada-38x to avoid dropped characters on uart, caused by
    switch of base inherited platform description earlier this year
 -----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCAAtFiEElf+HevZ4QCAJmMQ+jBrnPN6EHHcFAl0eQuQPHG9sb2ZAbGl4
 b20ubmV0AAoJEIwa5zzehBx3hI8P/25Kx4vAcgzmZezixE3fT7TTE8ks7EpOmNRS
 P4DWheWehRlctaLjehWhsdOLcMyhMqa5WF3PgCw5j31c6zPLoe8ZiC8nizjVMKxu
 5vzMbN3R4MN5iFN8w9qzOYP2wHqZsnLoM/Epig9xei4kWvohq89QVW0R6lWg4xv0
 i40AyhLapbSCmLXJNd0N47jgjFek23aqAVbXyhq/GTlCDHAELF9gKZ+Zif3frPzH
 ZBCNB3pAiazOmMKp3BzKyM8Qbl/KQLEfWTXV3luGiHDJgO94guVvzrKYxsxTfJxd
 fsqrvqLp7S2pvHVcvF2PVeORl+5xAeP0nabuHwFHLi+E6VIzL9NS1h/h7Qoy5eAC
 Dj7aM+smsqAwId5s+oIhHtVrsfLK8AQ4TE53mUVTN2iikuJc04xYj72tIwB1LL2X
 99vYn+bRoitkYfff3XpuvJzOptAYKOvMsWmbCQ6ChckXXvqs6kKmsVvwAesqg/7j
 tsXy5iDVMuZiAvWcNstAiQtJggKC7tegWFBnqDLtKd7z1x3KivsErBJdR5x8f5vZ
 uxGOt8sS1fRChc03V0qFsrHAMc/0FBz4OdXYy0E83y3X7SYHbkoxOu6ZIioCBSWF
 9RFiKr55FNa6DrNBok6/tsqN9sBkcqwEk9kRZRmdC4zIRzIyg+SR09PEea3Nf66+
 KNmOEGs/
 =2Hcr
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

Pull ARM SoC fixes from Olof Johansson:
 "Likely our final small batch of fixes for 5.2:

   - Some fixes for USB on davinci, regressions were due to the recent
     conversion of the OCHI driver to use GPIO regulators

   - A fixup of kconfig dependencies for a TI irq controller

   - A switch of armada-38x to avoid dropped characters on uart, caused
     by switch of base inherited platform description earlier this year"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
  ARM: davinci: da830-evm: fix GPIO lookup for OHCI
  ARM: davinci: omapl138-hawk: add missing regulator constraints for OHCI
  ARM: davinci: da830-evm: add missing regulator constraints for OHCI
  soc: ti: fix irq-ti-sci link error
  ARM: dts: armada-xp-98dx3236: Switch to armada-38x-uart serial node
2019-07-05 11:35:45 +09:00
Linus Torvalds
cde357c392 dax fix v5.2-rc8
- Fix xarray entry association for mixed mappings
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdHpMDAAoJEB7SkWpmfYgCJ0wP/2fgMgoh1YBv4DU4gsNs328G
 pyTX3i6d+KoEmfvlcoOzU3lNtjf2S81H3QIkfTJG75uE9/3jNKOh+tPunj3/wIOv
 iHbpBZVK5OpE2f9FFNM785cTt7hBqBtR38N/PdKGFPSMzN9vX794rmvS8Ri0bHd4
 9zmSvdnrkdu0U4BGmBRZdUOCUIdDrtQClKJBRtG5Ksb194zf7lt/jm4k9WFMqfYA
 89mR/KHQhmhDnjyBynQa0TRtShlf/DsxtWiPyLT9FzD1RZt9+tFVLANRQEmFFAp2
 eb+b+LT35AdEEwErv7RkCCGSGKA7KXy7+hyETsoPMBXG08Q77nogG+zb/j0wCwvK
 SsQpo1aqmIeJRBQOXbYeqhn6VR9YuVMFlgaSfOcn/noQDHUIeKis2pnOMeKX36MN
 xHTQm9hSgG+0Des5UoAd4eNH5fDmwuUJK4o4kVGG3pKPuTzyW1gLyo7ItewleE7c
 7rOhLMU55mqUizxsBfEOO6qiJED64iQ2K3mve5I22YetaYCfdrNnU8x5iS9FEcir
 CATYHilKevowwVZg2a7Iy5FquYsQghMhZe4iF5gzjF+zEpj0Wi8S0nVsCtX8Js3S
 p/f3TFmc2i4ZCFPbOAAdYOuagU6pFbuSFQyjtljo5sjD3JKBXitgEaAepFXMtVSA
 EXEQYBgj5CoQ8ClF/eiA
 =NNXl
 -----END PGP SIGNATURE-----

Merge tag 'dax-fix-5.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm

Pull dax fix from Dan Williams:
 "A single dax fix that has been soaking awaiting other fixes under
  discussion to join it. As it is getting late in the cycle lets proceed
  with this fix and save follow-on changes for post-v5.3-rc1.

   - Fix xarray entry association for mixed mappings"

* tag 'dax-fix-5.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  dax: Fix xarray entry association for mixed mappings
2019-07-05 11:32:11 +09:00
Linus Torvalds
2cd7cdc7e4 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull do_move_mount() fix from Al Viro:
 "Regression fix"

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  vfs: move_mount: reject moving kernel internal mounts
2019-07-05 11:21:36 +09:00
Oleg Nesterov
8751853091 swap_readpage(): avoid blk_wake_io_task() if !synchronous
swap_readpage() sets waiter = bio->bi_private even if synchronous = F,
this means that the caller can get the spurious wakeup after return.

This can be fatal if blk_wake_io_task() does
set_current_state(TASK_RUNNING) after the caller does
set_special_state(), in the worst case the kernel can crash in
do_task_dead().

Link: http://lkml.kernel.org/r/20190704160301.GA5956@redhat.com
Fixes: 0619317ff8 ("block: add polled wakeup task helper")
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Qian Cai <cai@lca.pw>
Acked-by: Hugh Dickins <hughd@google.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-05 11:12:07 +09:00
Arnd Bergmann
eef778c99c devres: allow const resource arguments
devm_ioremap_resource() does not currently take 'const' arguments, which
results in a warning from the first driver trying to do it anyway:

  drivers/gpio/gpio-amd-fch.c: In function 'amd_fch_gpio_probe':
  drivers/gpio/gpio-amd-fch.c:171:49: error: passing argument 2 of 'devm_ioremap_resource' discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
    priv->base = devm_ioremap_resource(&pdev->dev, &amd_fch_gpio_iores);
                                                   ^~~~~~~~~~~~~~~~~~~

Change the prototype to allow it, as there is no real reason not to.

Link: http://lkml.kernel.org/r/20190628150049.1108048-1-arnd@arndb.de
Fixes: 9bb2e0452508 ("gpio: amd: Make resource struct const")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Enrico Weigelt <info@metux.net>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
Cc: Ulf Hansson <ulf.hansson@linaro.org>
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-05 11:12:07 +09:00
Shakeel Butt
dffcac2cb8 mm/vmscan.c: prevent useless kswapd loops
In production we have noticed hard lockups on large machines running
large jobs due to kswaps hoarding lru lock within isolate_lru_pages when
sc->reclaim_idx is 0 which is a small zone.  The lru was couple hundred
GiBs and the condition (page_zonenum(page) > sc->reclaim_idx) in
isolate_lru_pages() was basically skipping GiBs of pages while holding
the LRU spinlock with interrupt disabled.

On further inspection, it seems like there are two issues:

(1) If kswapd on the return from balance_pgdat() could not sleep (i.e.
    node is still unbalanced), the classzone_idx is unintentionally set
    to 0 and the whole reclaim cycle of kswapd will try to reclaim only
    the lowest and smallest zone while traversing the whole memory.

(2) Fundamentally isolate_lru_pages() is really bad when the
    allocation has woken kswapd for a smaller zone on a very large machine
    running very large jobs.  It can hoard the LRU spinlock while skipping
    over 100s of GiBs of pages.

This patch only fixes (1).  (2) needs a more fundamental solution.  To
fix (1), in the kswapd context, if pgdat->kswapd_classzone_idx is
invalid use the classzone_idx of the previous kswapd loop otherwise use
the one the waker has requested.

Link: http://lkml.kernel.org/r/20190701201847.251028-1-shakeelb@google.com
Fixes: e716f2eb24 ("mm, vmscan: prevent kswapd sleeping prematurely due to mismatched classzone_idx")
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Yang Shi <yang.shi@linux.alibaba.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Hillf Danton <hdanton@sina.com>
Cc: Roman Gushchin <guro@fb.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-05 11:12:07 +09:00
Eric Biggers
cbcfa130a9 fs/userfaultfd.c: disable irqs for fault_pending and event locks
When IOCB_CMD_POLL is used on a userfaultfd, aio_poll() disables IRQs
and takes kioctx::ctx_lock, then userfaultfd_ctx::fd_wqh.lock.

This may have to wait for userfaultfd_ctx::fd_wqh.lock to be released by
userfaultfd_ctx_read(), which in turn can be waiting for
userfaultfd_ctx::fault_pending_wqh.lock or
userfaultfd_ctx::event_wqh.lock.

But elsewhere the fault_pending_wqh and event_wqh locks are taken with
IRQs enabled.  Since the IRQ handler may take kioctx::ctx_lock, lockdep
reports that a deadlock is possible.

Fix it by always disabling IRQs when taking the fault_pending_wqh and
event_wqh locks.

Commit ae62c16e10 ("userfaultfd: disable irqs when taking the
waitqueue lock") didn't fix this because it only accounted for the
fd_wqh lock, not the other locks nested inside it.

Link: http://lkml.kernel.org/r/20190627075004.21259-1-ebiggers@kernel.org
Fixes: bfe4037e72 ("aio: implement IOCB_CMD_POLL")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reported-by: syzbot+fab6de82892b6b9c6191@syzkaller.appspotmail.com
Reported-by: syzbot+53c0b767f7ca0dc0c451@syzkaller.appspotmail.com
Reported-by: syzbot+a3accb352f9c22041cfa@syzkaller.appspotmail.com
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: <stable@vger.kernel.org>	[4.19+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-05 11:12:07 +09:00
Juergen Gross
b9705d8778 mm/page_alloc.c: fix regression with deferred struct page init
Commit 0e56acae4b ("mm: initialize MAX_ORDER_NR_PAGES at a time
instead of doing larger sections") is causing a regression on some
systems when the kernel is booted as Xen dom0.

The system will just hang in early boot.

Reason is an endless loop in get_page_from_freelist() in case the first
zone looked at has no free memory.  deferred_grow_zone() is always
returning true due to the following code snipplet:

  /* If the zone is empty somebody else may have cleared out the zone */
  if (!deferred_init_mem_pfn_range_in_zone(&i, zone, &spfn, &epfn,
                                           first_deferred_pfn)) {
          pgdat->first_deferred_pfn = ULONG_MAX;
          pgdat_resize_unlock(pgdat, &flags);
          return true;
  }

This in turn results in the loop as get_page_from_freelist() is assuming
forward progress can be made by doing some more struct page
initialization.

Link: http://lkml.kernel.org/r/20190620160821.4210-1-jgross@suse.com
Fixes: 0e56acae4b ("mm: initialize MAX_ORDER_NR_PAGES at a time instead of doing larger sections")
Signed-off-by: Juergen Gross <jgross@suse.com>
Suggested-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Acked-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Pavel Tatashin <pasha.tatashin@soleen.com>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-05 11:12:07 +09:00
Linus Torvalds
c212ddaee2 sound fixes for 5.2
Here are a collection of small fixes for:
 - A race with ASoC HD-audio registration
 - LINE6 usb-audio memory overwrite by malformed descriptor
 - FireWire MIDI handling
 - Missing cast for bit shifts in a few USB-audio quirks
 - The wrong function calls in minor OSS sequencer code paths
 - A couple of HD-audio quirks
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl0cmzoOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE+Tvw/+L6btk7A3kIAFU5RVf1dNVBzuaHcXm0/AZl4I
 AfiyVTNtSHSwaxXFSnWuAE1Y6fxVOcs9iRMToxQCZlWqjsF5I8GA8OEpRA2hqrgb
 C1BxlNeriOJMoD9wazRM6hmgprmwKS4ssGYEb9EMKyWbKcZ2IAExmQNLKAnd1Uhr
 KH8Ryc6CGqYUbtafHCmhpfI7ROgZBDydO7LWWiUpCl2GNFMMeX9Q16WueEjBgNvL
 qXWW8r5ix67qZuODKGdhei0JmZGSkrR1uT9EMqx15cks6+NsLAFVRy8/h2k/sbob
 ut9VTn4N7kGoXVnqpcOIQNZuvOr8NkG7gDEVILmPqeI+0w/Gm+mhNSSZl3aEo8G2
 F/smMeqPSgZQfWVouH56u1QKDps5kCKenSar6a+7SuATLL5LUq4xDkw9o/T/nb9i
 8ijp4ZtyKUt+YQvtQrjuGunzbhhaZywTBNodKtxHzqzMPnqGQhma6SWx+bxvLYOO
 hoNfU8i2nfg6MoBh1Q6aKZgE+Oz8c2kjOnkQsxV5pYrMGqPMTLNaz+s3+Sq7G9Wc
 Zy2lZ1rNJditG/oqyVGfOMt7qu/fOeo//lfX1ZSQ95W+lSs3hYrMeckPpuhWRwCD
 YK9zMQ9kuRYooHZJgf0F62EoN+/PUXvozAHXUBsDw7XwWUULX9ffUoZewFUj2NwY
 mKer+p8=
 =KxxN
 -----END PGP SIGNATURE-----

Merge tag 'sound-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Here are a collection of small fixes for:

   - A race with ASoC HD-audio registration

   - LINE6 usb-audio memory overwrite by malformed descriptor

   - FireWire MIDI handling

   - Missing cast for bit shifts in a few USB-audio quirks

   - The wrong function calls in minor OSS sequencer code paths

   - A couple of HD-audio quirks"

* tag 'sound-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: line6: Fix write on zero-sized buffer
  ALSA: hda: Fix widget_mutex incomplete protection
  ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
  ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
  ALSA: hda/realtek - Change front mic location for Lenovo M710q
  ALSA: usb-audio: fix sign unintended sign extension on left shifts
  ALSA: hda/realtek: Add quirks for several Clevo notebook barebones
2019-07-05 02:03:50 +09:00
Jann Horn
6994eefb00 ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
Fix two issues:

When called for PTRACE_TRACEME, ptrace_link() would obtain an RCU
reference to the parent's objective credentials, then give that pointer
to get_cred().  However, the object lifetime rules for things like
struct cred do not permit unconditionally turning an RCU reference into
a stable reference.

PTRACE_TRACEME records the parent's credentials as if the parent was
acting as the subject, but that's not the case.  If a malicious
unprivileged child uses PTRACE_TRACEME and the parent is privileged, and
at a later point, the parent process becomes attacker-controlled
(because it drops privileges and calls execve()), the attacker ends up
with control over two processes with a privileged ptrace relationship,
which can be abused to ptrace a suid binary and obtain root privileges.

Fix both of these by always recording the credentials of the process
that is requesting the creation of the ptrace relationship:
current_cred() can't change under us, and current is the proper subject
for access control.

This change is theoretically userspace-visible, but I am not aware of
any code that it will actually break.

Fixes: 64b875f7ac ("ptrace: Capture the ptracer's creds not PT_PTRACE_CAP")
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-05 02:00:41 +09:00
Linus Torvalds
550d1f5bda This includes three fixes:
- Fixes a deadlock from a previous fix to keep module loading
    and function tracing text modifications from stepping on each other.
    (this has a few patches to help document the issue in comments)
 
  - Fix a crash when the snapshot buffer gets out of sync with the
    main ring buffer.
 
  - Fix a memory leak when reading the memory logs
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCXRzBCBQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qnDaAP9qTFBOFtgIGCT5wVP8xjQeESxh1b8R
 tbaT7/U2oPpeiwEAvp1mYo5UYcc8KauBqVaLSLJVN4pv07xiZF5Qgh9C1QE=
 =m2IT
 -----END PGP SIGNATURE-----

Merge tag 'trace-v5.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fixes from Steven Rostedt:
 "This includes three fixes:

   - Fix a deadlock from a previous fix to keep module loading and
     function tracing text modifications from stepping on each other
     (this has a few patches to help document the issue in comments)

   - Fix a crash when the snapshot buffer gets out of sync with the main
     ring buffer

   - Fix a memory leak when reading the memory logs"

* tag 'trace-v5.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  ftrace/x86: Anotate text_mutex split between ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare()
  tracing/snapshot: Resize spare buffer if size changed
  tracing: Fix memory leak in tracing_err_log_open()
  ftrace/x86: Add a comment to why we take text_mutex in ftrace_arch_code_modify_prepare()
  ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code()
2019-07-04 10:26:17 +09:00
Linus Torvalds
179c96d9f7 A single fixup for the SPI CS gpios that regressed
in the current kernel cycle.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdHJ83AAoJEEEQszewGV1zStUP/joc3S0VFFVXQjCxzZysQbpw
 cea8SVMOvhaDYp+lQugDIqyYQsSbD+kstozHNsyL1rgRoL5WWESrA65acmDIuEaO
 C30uqg6C/MJ9VgTg0m0DKLCWpfz8ZCTsfah8Ln8l1uYOmBNdK5dpzx5YZT+Ir3m5
 a+NoH77t1xRERrtiFjwYLgZB1/HX6FCTF6xglSX8ni1TL1yyMzLBBcd8+EA/TFWY
 ngXy/bnJKixPDVPTFspXQl3+8QwerHMmXxxs02vDpYW3wVDJiOvrHa/63tMswPce
 3K2Ir1tHkU2EhbdY0Dr9xEDFbXF3jGsN6Na1Xb/shlYMT7v5wp99eLPwV32sAGzu
 NWDxPezPmbm1dzMmjodh8rh57Tuy4wTFPZoo0El2xHmmphB5lcL7IfqpqTZ0zP/y
 3/7tQePtcvT0NmDC7HLQjqeoEwBenTA7m5jUO0GJ2++T0FbE3wLH/7Q4IX1L8W9S
 BFXiejhDVbkWwjPpq6MbXEtfaDGDFrWb8mgvY/H3iTzGtl5z6lALtFC12eyQWiqs
 bz/YnrFyAcf2ZlCoLQzoWnN4TDXIEA5bdhaQIswVkwOhPCYq9qb9YrX7MI++vRnh
 soIWZ0I84Vl5oKdTq78OJUggHiTI5rJA5xQaUtqOIDD+HoXWr7Sb6H2aUda9uP0Y
 jD8KvOJnZNUGxkt5IdiQ
 =C8n2
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v5.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO fix from Linus Walleij:
 "A single fixup for the SPI CS gpios that regressed in the current
  kernel cycle"

* tag 'gpio-v5.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio/spi: Fix spi-gpio regression on active high CS
2019-07-04 09:59:08 +09:00
Matias Karhumaa
eca9443293 Bluetooth: Fix faulty expression for minimum encryption key size check
Fix minimum encryption key size check so that HCI_MIN_ENC_KEY_SIZE is
also allowed as stated in the comment.

This bug caused connection problems with devices having maximum
encryption key size of 7 octets (56-bit).

Fixes: 693cd8ce3f ("Bluetooth: Fix regression with minimum encryption key size alignment")
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203997
Signed-off-by: Matias Karhumaa <matias.karhumaa@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-03 16:09:09 +08:00
Linus Torvalds
6e692c3b72 SMB3 fix (for stable as well) for crash mishandling one of the Windows reparse point symlink tags
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAl0b67IACgkQiiy9cAdy
 T1H/Ngv/XNc9l/OEHwyWZ1QnSCBKZyLyD5ZcKQRFFkfiktmQ8FtPUzf4qKlHxX1h
 ssefwBIbkW1+DG2sgvrL7OfqnPDnSezVoifvRmbh0nFX8anWhtChZMc0s+xiLtz2
 SbDBugNSkc8l9fvQz5A6VPJ3TcNA+VsSE2rr1HuimS9S4RAy1RsPhhWNyUh3GV5A
 SWuD7bsnxZ7/H2l+hx+s2O5RLDFoeniEIGFTsH9/f7Q19YGJtf6arnUlyUaZjkXK
 bPV2jZyalRUznK7RSFDLu49fS2zH8/m6MfBYyat31SZVtLFcQC/ijhKYTWr8wrKu
 +iQPlX+IDk4rfH/++7PXJJv1sKFLZNEs22dOi1YG0FgkRtMNA8HzmJqVFLcgoB2d
 QD7Ahj4dE0ghXv1dLMjfKdchNbkrWiygfpje54AkhU9SWUIS/EljDbQSq3e/wpAW
 i9HxCGCmmTPFzVKDVhyaBXHi6h5pzd7FfNNS4iJ2Lsy5PRLOHBMxaX1wknu/8vP0
 IIWuB9Hh
 =1zkr
 -----END PGP SIGNATURE-----

Merge tag '5.2-rc6-smb3-fix' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fix from Steve French:
 "SMB3 fix (for stable as well) for crash mishandling one of the Windows
  reparse point symlink tags"

* tag '5.2-rc6-smb3-fix' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: fix crash querying symlinks stored as reparse-points
2019-07-03 16:06:36 +08:00
Linus Torvalds
8d68d93255 for-linus-20190701
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE7btrcuORLb1XUhEwjrBW1T7ssS0FAl0aKR4ACgkQjrBW1T7s
 sS2kNhAAqjjTGNHdFLIPP35dDH+e/6xPVQIfteIQXHfus8QyKVDiNdvIMfCsdqEk
 Igm+7gx+LXBmDEpC7gb6ezr8onpvddy5pQYbjOGsQY9rYuvogzPy2K3HRDGqZuLX
 Ze8joMjgk052m0i+N9OSsOP1odScnlgu5HrI2qaT0H5xX1vSmDH07rDIuUkBT0HK
 A8eqGvU6Is34gJMCsalF+BcqEu0ce07hbr2gp+WHYyaa78u0gkTYh6DlMJRLKZQX
 Nj427EViXgvOSUDLk9/7rQc5ZUIgDfxDcw67eqnQeD9gQ72wg3YW2RtlLhjhkaNP
 8uZjeEltb3+ZOz/SiNJ66cetmD+khwSfIxFz5KCiOlVTqRiJK9XJp75V3t438YxF
 ih9aIrkl0GrWE+k4MBI/OQJqEx1I/o256OjwhB7/lfMMDePgSXeI7BCTqd6gK9go
 TqgAm4n3fWP2PN7gR752Dm4DGT551BeyiijUIuWAdS9CFWb1O5Vf8uk+XYT8TKM0
 7grGfBMqN/95jB0l8R+SnPGkQ6n4rEkDaYam75yPxW2aF3X2CQaCKt6xJZR6qOdz
 HGRiQ0Qcd3emPX2SYy/9EloT/URez6y7zsZeUYqhoF3XZCYUtcfhAbD1zZxHCG4e
 0gPJe+cBbLtUdqDpf+KJY8X6Mes+738UcMFU+Cs9tSTC2luGOMI=
 =Keym
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20190701' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux

Pull pidfd fork() fix from Christian Brauner:
 "A single small fix for copy_process() in kernel/fork.c:

  With Al's removal of ksys_close() from cleanup paths in copy_process()
  a bug was introduced. When anon_inode_getfile() failed the cleanup was
  correctly performed but the error code was not propagated to callers
  of copy_process() causing them to operate on a nonsensical pointer.

  The fix is a simple on-liner which makes sure that a proper negative
  error code is returned from copy_process().

  syzkaller has also verified that the bug is not reproducible with this
  fix"

* tag 'for-linus-20190701' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
  fork: return proper negative error code
2019-07-03 16:00:21 +08:00
Linus Torvalds
4b1fe9b58e arm64 fixes for 5.2
- Fix module allocation when running with KASLR enabled
 
 - Fix broken build due to bug in LLVM linker (ld.lld)
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAl0Z9bIACgkQt6xw3ITB
 YzS70gf/Trw6+Yy1dHSyz5f2W9OtedFFv+rEGcvUkF6kYFffw7taNj30K6otjkK7
 CYPp9kWYpFhGgE7VwAfQ9NGyAwZ62IvGhQDYdAG72Y39zX7yQ4OHWKdr8K53KYN8
 CThcgXxEPoZw1pP7fwXkaBiiljW6JGF64Hv3ybA1vzGmjiv6wdjO3pQlbXkJu4kk
 xlsLSLOZUDawcRuVNGWwPiToxopVTcAJ3lapYBVmO2dSO00QYv1jvJgV0tK6n68q
 ZQMJbTdNHLIKMRdLcDBGQAwetWkkZ5LazwuiaHQcSQcRgp7IkKrIvEz8vzkdAvcR
 jniDc7bbKYlvlJdiquIOH2l1ElEQyQ==
 =Pp2j
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "Fix a build failure with the LLVM linker and a module allocation
  failure when KASLR is active:

   - Fix module allocation when running with KASLR enabled

   - Fix broken build due to bug in LLVM linker (ld.lld)"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
  arm64: kaslr: keep modules inside module region when KASAN is enabled
2019-07-03 15:57:30 +08:00
Olof Johansson
2659dc8d22 This set of patches fixes regressions introduced in v5.2 kernel when DA8xx
OHCI driver was converted over to use GPIO regulators.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJdG3dJAAoJEGFBu2jqvgRNUdEP/06CH3kwX/VLJjyjG8lpm504
 T8Xr1akrvwjUCtdMy2XFvGfP7Mg8cABIKN8eUqbCjusw4E4mCCh1AMnLoXUtZN1M
 LK/MNQ4WznREu4ZNjj/nqAAfKV/mGB2Ym7GToj57p0C6DXXxXE4GKpD2Tlrpxm8g
 cLk7efyCU5j5/MM9fgWVViV5LEf15tR6jRY4M4FRhZUF0CP/MWsAnrsmZuywIfSi
 ihGrYfdkyhAjgYInCQw3ZMNtUD+0Ohf1QmKkzmHhE7UF5FklBLFY6uOPHdwcYqPL
 ymhToPRquYIAU95vuCXHZRSV5HaeM47yn1SegCeNvSLr0QiEI5+31l9QOAku/dbs
 JLlW4hXeLvsayVF3c27K0QztDTEpv+jYDEJQ2sxjkoJkdJsQZc//tWJObw8cfWlV
 b61gM1bcbYOVQX3uFDdznjreKmdk+6oGhzFAeGY05jIHBL/y+afFYw0U6knolJAy
 p9FisEcI8XdAP2CBxc9W+Yy7YM5/H6Lvx5MmFCWfzOYl+InKL1IyIjNuCXmyjLSr
 WBxnM9Dpry2aaZYY6XN5h1wO34jmIduyQGBQO+n2fsgnBuy4J4i1+SEodZcfeFgv
 FZmLxJVGi/CHs2iypDoa3hU8Ny9/hr5ErN8fSai3a5vDNKML8VEpml+IbA6Xbxe1
 l/PRRsxag7uvJOfoQW6f
 =vwpF
 -----END PGP SIGNATURE-----

Merge tag 'davinci-fixes-for-v5.2-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci into arm/fixes

This set of patches fixes regressions introduced in v5.2 kernel when DA8xx
OHCI driver was converted over to use GPIO regulators.

* tag 'davinci-fixes-for-v5.2-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci:
  ARM: davinci: da830-evm: fix GPIO lookup for OHCI
  ARM: davinci: omapl138-hawk: add missing regulator constraints for OHCI
  ARM: davinci: da830-evm: add missing regulator constraints for OHCI
  + Linux 5.2-rc7

Signed-off-by: Olof Johansson <olof@lixom.net>
2019-07-02 15:13:20 -07:00
Linus Walleij
fbbf145a0e gpio/spi: Fix spi-gpio regression on active high CS
I ran into an intriguing bug caused by
commit ""spi: gpio: Don't request CS GPIO in DT use-case"
affecting all SPI GPIO devices with an active high
chip select line.

The commit switches the CS gpio handling over to the GPIO
core, which will parse and handle "cs-gpios" from the OF
node without even calling down to the driver to get the
job done.

However the GPIO core handles the standard bindings in
Documentation/devicetree/bindings/spi/spi-controller.yaml
that specifies that active high CS needs to be specified
using "spi-cs-high" in the DT node.

The code in drivers/spi/spi-gpio.c never respected this
and never tried to inspect subnodes to see if they contained
"spi-cs-high" like the gpiolib OF quirks does. Instead the
only way to get an active high CS was to tag it in the
device tree using the flags cell such as
cs-gpios = <&gpio 4 GPIO_ACTIVE_HIGH>;

This alters the quirks to not inspect the subnodes of SPI
masters on "spi-gpio" for the standard attribute "spi-cs-high",
making old device trees work as expected.

This semantic is a bit ambigous, but just allowing the
flags on the GPIO descriptor to modify polarity is what
the kernel at large mostly uses so let's encourage that.

Fixes: 249e2632dc ("spi: gpio: Don't request CS GPIO in DT use-case")
Cc: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: linux-gpio@vger.kernel.org
Cc: linux-spi@vger.kernel.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-07-02 22:31:37 +02:00
Jiri Kosina
074376ac0e ftrace/x86: Anotate text_mutex split between ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare()
ftrace_arch_code_modify_prepare() is acquiring text_mutex, while the
corresponding release is happening in ftrace_arch_code_modify_post_process().

This has already been documented in the code, but let's also make the fact
that this is intentional clear to the semantic analysis tools such as sparse.

Link: http://lkml.kernel.org/r/nycvar.YFH.7.76.1906292321170.27227@cbobk.fhfr.pm

Fixes: 39611265ed ("ftrace/x86: Add a comment to why we take text_mutex in ftrace_arch_code_modify_prepare()")
Fixes: d5b844a2cf ("ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code()")
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
2019-07-02 15:41:35 -04:00
Takashi Iwai
3450121997 ALSA: line6: Fix write on zero-sized buffer
LINE6 drivers allocate the buffers based on the value returned from
usb_maxpacket() calls.  The manipulated device may return zero for
this, and this results in the kmalloc() with zero size (and it may
succeed) while the other part of the driver code writes the packet
data with the fixed size -- which eventually overwrites.

This patch adds a simple sanity check for the invalid buffer size for
avoiding that problem.

Reported-by: syzbot+219f00fb49874dcaea17@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-07-02 20:11:22 +02:00
Bartosz Golaszewski
4f2fe64677 ARM: davinci: da830-evm: fix GPIO lookup for OHCI
The fixed regulator driver doesn't specify any con_id for gpio lookup
so it must be NULL in the table entry.

Fixes: 274e4c3361 ("ARM: davinci: da830-evm: add a fixed regulator for ohci-da8xx")
Cc: stable@vger.kernel.org
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
2019-07-02 20:18:33 +05:30
Bartosz Golaszewski
ed667776d6 ARM: davinci: omapl138-hawk: add missing regulator constraints for OHCI
We need to enable status changes for the fixed power supply for the USB
controller.

Fixes: 1d272894ec ("ARM: davinci: omapl138-hawk: add a fixed regulator for ohci-da8xx")
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
2019-07-02 20:18:33 +05:30
Bartosz Golaszewski
018ad05232 ARM: davinci: da830-evm: add missing regulator constraints for OHCI
We need to enable status changes for the fixed power supply for the USB
controller.

Fixes: 274e4c3361 ("ARM: davinci: da830-evm: add a fixed regulator for ohci-da8xx")
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
2019-07-02 20:18:33 +05:30
Arnd Bergmann
521a503f52 soc: ti: fix irq-ti-sci link error
The irqchip driver depends on the SoC specific driver, but we want
to be able to compile-test it elsewhere:

WARNING: unmet direct dependencies detected for TI_SCI_INTA_MSI_DOMAIN
  Depends on [n]: SOC_TI [=n]
  Selected by [y]:
  - TI_SCI_INTA_IRQCHIP [=y] && TI_SCI_PROTOCOL [=y]

drivers/irqchip/irq-ti-sci-inta.o: In function `ti_sci_inta_irq_domain_probe':
irq-ti-sci-inta.c:(.text+0x204): undefined reference to `ti_sci_inta_msi_create_irq_domain'

Rearrange the Kconfig and Makefile so we build the soc driver whenever
its users are there, regardless of the SOC_TI option.

Fixes: 49b323157b ("soc: ti: Add MSI domain bus support for Interrupt Aggregator")
Fixes: f011df6179 ("irqchip/ti-sci-inta: Add msi domain support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Acked-by: Santosh Shilimkar <ssantosh@kernel.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
2019-07-01 15:26:09 -07:00
Olof Johansson
180ae50952 mvebu fixes for 5.2 (part 2)
Use the armada-38x-uart compatible strings for Armada XP 98dx3236 SoCs
 in order to not loose character anymore.
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQYqXDMF3cvSLY+g9cLBhiOFHI71QUCXRYouQAKCRALBhiOFHI7
 1XlVAJ0Qjg4gFXUrf7MUpn8LuUi6UTEf3ACdGLW5ZT78BM78TiEGG79H+WsJ/ow=
 =jxUU
 -----END PGP SIGNATURE-----

Merge tag 'mvebu-fixes-5.2-2' of git://git.infradead.org/linux-mvebu into arm/fixes

mvebu fixes for 5.2 (part 2)

Use the armada-38x-uart compatible strings for Armada XP 98dx3236 SoCs
in order to not loose character anymore.

* tag 'mvebu-fixes-5.2-2' of git://git.infradead.org/linux-mvebu:
  ARM: dts: armada-xp-98dx3236: Switch to armada-38x-uart serial node

Signed-off-by: Olof Johansson <olof@lixom.net>
2019-07-01 15:14:09 -07:00
Evan Green
98482377dc ALSA: hda: Fix widget_mutex incomplete protection
The widget_mutex was introduced to serialize callers to
hda_widget_sysfs_{re}init. However, its protection of the sysfs widget array
is incomplete. For example, it is acquired around the call to
hda_widget_sysfs_reinit(), which actually creates the new array, but isn't
still acquired when codec->num_nodes and codec->start_nid is updated. So
the lock ensures one thread sets up the new array at a time, but doesn't
ensure which thread's value will end up in codec->num_nodes. If a larger
num_nodes wins but a smaller array was set up, the next call to
refresh_widgets() will touch free memory as it iterates over codec->num_nodes
that aren't there.

The widget_lock really protects both the tree as well as codec->num_nodes,
start_nid, and end_nid, so make sure it's held across that update. It should
also be held during snd_hdac_get_sub_nodes(), so that a very old read from that
function doesn't end up clobbering a later update.

Fixes: ed180abba7 ("ALSA: hda: Fix race between creating and refreshing sysfs entries")
Signed-off-by: Evan Green <evgreen@chromium.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-07-01 20:13:04 +02:00
Takashi Sakamoto
7fbd1753b6 ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
In IEC 61883-6, 8 MIDI data streams are multiplexed into single
MIDI conformant data channel. The index of stream is calculated by
modulo 8 of the value of data block counter.

In fireworks, the value of data block counter in CIP header has a quirk
with firmware version v5.0.0, v5.7.3 and v5.8.0. This brings ALSA
IEC 61883-1/6 packet streaming engine to miss detection of MIDI
messages.

This commit fixes the miss detection to modify the value of data block
counter for the modulo calculation.

For maintainers, this bug exists since a commit 18f5ed365d ("ALSA:
fireworks/firewire-lib: add support for recent firmware quirk") in Linux
kernel v4.2. There're many changes since the commit.  This fix can be
backported to Linux kernel v4.4 or later. I tagged a base commit to the
backport for your convenience.

Besides, my work for Linux kernel v5.3 brings heavy code refactoring and
some structure members are renamed in 'sound/firewire/amdtp-stream.h'.
The content of this patch brings conflict when merging -rc tree with
this patch and the latest tree. I request maintainers to solve the
conflict to replace 'tx_first_dbc' with 'ctx_data.tx.first_dbc'.

Fixes: df075feefb ("ALSA: firewire-lib: complete AM824 data block processing layer")
Cc: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-07-01 16:59:02 +02:00
Eric Biggers
570d7a98e7 vfs: move_mount: reject moving kernel internal mounts
sys_move_mount() crashes by dereferencing the pointer MNT_NS_INTERNAL,
a.k.a. ERR_PTR(-EINVAL), if the old mount is specified by fd for a
kernel object with an internal mount, such as a pipe or memfd.

Fix it by checking for this case and returning -EINVAL.

[AV: what we want is is_mounted(); use that instead of making the
condition even more convoluted]

Reproducer:

    #include <unistd.h>

    #define __NR_move_mount         429
    #define MOVE_MOUNT_F_EMPTY_PATH 0x00000004

    int main()
    {
    	int fds[2];

    	pipe(fds);
        syscall(__NR_move_mount, fds[0], "", -1, "/", MOVE_MOUNT_F_EMPTY_PATH);
    }

Reported-by: syzbot+6004acbaa1893ad013f0@syzkaller.appspotmail.com
Fixes: 2db154b3ea ("vfs: syscall: Add move_mount(2) to move mounts around")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2019-07-01 10:46:36 -04:00
Christian Brauner
28dd29c06d
fork: return proper negative error code
Make sure to return a proper negative error code from copy_process()
when anon_inode_getfile() fails with CLONE_PIDFD.
Otherwise _do_fork() will not detect an error and get_task_pid() will
operator on a nonsensical pointer:

R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
R13: 00007ffc15fbb0ff R14: 00007ff07e47e9c0 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 7990 Comm: syz-executor290 Not tainted 5.2.0-rc6+ #9
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__read_once_size include/linux/compiler.h:194 [inline]
RIP: 0010:get_task_pid+0xe1/0x210 kernel/pid.c:372
Code: 89 ff e8 62 27 5f 00 49 8b 07 44 89 f1 4c 8d bc c8 90 01 00 00 eb 0c
e8 0d fe 25 00 49 81 c7 38 05 00 00 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74
08 4c 89 ff e8 31 27 5f 00 4d 8b 37 e8 f9 47 12 00
RSP: 0018:ffff88808a4a7d78 EFLAGS: 00010203
RAX: 00000000000000a7 RBX: dffffc0000000000 RCX: ffff888088180600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88808a4a7d90 R08: ffffffff814fb3a8 R09: ffffed1015d66bf8
R10: ffffed1015d66bf8 R11: 1ffff11015d66bf7 R12: 0000000000041ffc
R13: 1ffff11011494fbc R14: 0000000000000000 R15: 000000000000053d
FS:  00007ff07e47e700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004b5100 CR3: 0000000094df2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
  _do_fork+0x1b9/0x5f0 kernel/fork.c:2360
  __do_sys_clone kernel/fork.c:2454 [inline]
  __se_sys_clone kernel/fork.c:2448 [inline]
  __x64_sys_clone+0xc1/0xd0 kernel/fork.c:2448
  do_syscall_64+0xfe/0x140 arch/x86/entry/common.c:301
  entry_SYSCALL_64_after_hwframe+0x49/0xbe

Link: https://lore.kernel.org/lkml/000000000000e0dc0d058c9e7142@google.com
Reported-and-tested-by: syzbot+002e636502bc4b64eb5c@syzkaller.appspotmail.com
Fixes: 6fd2fe494b ("copy_process(): don't use ksys_close() on cleanups")
Cc: Jann Horn <jannh@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Christian Brauner <christian@brauner.io>
2019-07-01 16:43:30 +02:00
Linus Torvalds
6fbc7275c7 Linux 5.2-rc7 2019-06-30 11:25:36 +08:00
Linus Torvalds
39132f746e powerpc fixes for 5.2 #7
One fix for a regression in my commit adding KUAP (Kernel User Access
 Prevention) on Radix, which incorrectly touched the AMR in the early machine
 check handler.
 
 Thanks to:
   Nicholas Piggin.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdF00aAAoJEFHr6jzI4aWAT2UQAJCnXrBsNJd7WikZE8NzwdmM
 G6bioGCSPgNuWDwaxgpi6RSilET3poBBt+NpttgOslZtzif/5mrLIuYqwQYgOTbL
 Oa4CnzVBHnBDFKqcqe/Sm7cKuvd7KO8RVbyfhNuQbm1y9Nqr3vPYKwQ6CTz7bth4
 AatNvjP12Ag8hDwk3VpOOiG88jKpj/N3V7PLNWOt9jn8B3rCWm5/7xZ84VSNWdRQ
 /MvdGAcFAboywZMj44u8mBpT7+EueFa/vVbpCj8gv9QhRSSGwSL1jZ5wNu2Iv6D+
 IxxZqdO3KHJVixEAC4fs5KWCuA84uhjlRMkP2BXTgKNZT3qXaLx0e8Qv9okg/xAU
 dAuZEQ0cv+gxdCblEiVZ+jjG0LQsntwXJwnsCeWjcHQr6S0umd2utFLl1N3HTqfx
 QhgatD5pTGvGU2WHO4+dhXeh0nITVfcB2E3cM0DHUgCESc1BGmK0MtS1kHYiQptt
 BMY5Y92D3vndmnoLTZzQ2DFj5of2u49+y0Cpti7RhJN9yV836bPGm1K8GnropHz8
 7HHYS4hV3HBFUlYH7zHLp4BMNg3nkdTK+WTR6HwFFSREzM59NZtVg5xJVk0j66GK
 mZIJoVOSQ0Sac03xYqwtdxdupxoulXy+khBcjC56OxxOEMIfjS66ZnawTDhI2jVf
 EI7VE3Y4hzrA4pMTw9fp
 =I22i
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-5.2-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fix from Michael Ellerman:
 "One fix for a regression in my commit adding KUAP (Kernel User Access
  Prevention) on Radix, which incorrectly touched the AMR in the early
  machine check handler.

  Thanks to Nicholas Piggin"

* tag 'powerpc-5.2-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/64s/exception: Fix machine check early corrupting AMR
2019-06-30 11:20:52 +08:00
Linus Torvalds
7c15f41e87 Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull SMP fixes from Thomas Gleixner:
 "Two small changes for the cpu hotplug code:

   - Prevent out of bounds access which actually might crash the machine
     caused by a missing bounds check in the fail injection code

   - Warn about unsupported migitation mode command line arguments to
     make people aware that they typoed the paramater. Not necessarily a
     fix but quite some people tripped over that"

* 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  cpu/hotplug: Fix out-of-bounds read when setting fail state
  cpu/speculation: Warn on unsupported mitigations= parameter
2019-06-30 11:19:17 +08:00
Linus Torvalds
728254541e Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
 "Misc fixes all over the place:

   - might_sleep() atomicity fix in the microcode loader

   - resctrl boundary condition fix

   - APIC arithmethics bug fix for frequencies >= 4.2 GHz

   - three 5-level paging crash fixes

   - two speculation fixes

   - a perf/stacktrace fix"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/unwind/orc: Fall back to using frame pointers for generated code
  perf/x86: Always store regs->ip in perf_callchain_kernel()
  x86/speculation: Allow guests to use SSBD even if host does not
  x86/mm: Handle physical-virtual alignment mismatch in phys_p4d_init()
  x86/boot/64: Add missing fixup_pointer() for next_early_pgt access
  x86/boot/64: Fix crash if kernel image crosses page table boundary
  x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz
  x86/resctrl: Prevent possible overrun during bitmap operations
  x86/microcode: Fix the microcode load on CPU hotplug for real
2019-06-29 19:42:30 +08:00
Linus Torvalds
57103eb7c6 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
 "Various fixes, most of them related to bugs perf fuzzing found in the
  x86 code"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/x86/regs: Use PERF_REG_EXTENDED_MASK
  perf/x86: Remove pmu->pebs_no_xmm_regs
  perf/x86: Clean up PEBS_XMM_REGS
  perf/x86/regs: Check reserved bits
  perf/x86: Disable extended registers for non-supported PMUs
  perf/ioctl: Add check for the sample_period value
  perf/core: Fix perf_sample_regs_user() mm check
2019-06-29 19:39:17 +08:00
Linus Torvalds
eed7d30e12 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq fixes from Ingo Molnar:
 "Diverse irqchip driver fixes"

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  irqchip/gic-v3-its: Fix command queue pointer comparison bug
  irqchip/mips-gic: Use the correct local interrupt map registers
  irqchip/ti-sci-inta: Fix kernel crash if irq_create_fwspec_mapping fail
  irqchip/irq-csky-mpintc: Support auto irq deliver to all cpus
2019-06-29 19:36:53 +08:00
Linus Torvalds
a7211bc9f3 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull EFI fixes from Ingo Molnar:
 "Four fixes:
   - fix a kexec crash on arm64
   - fix a reboot crash on some Android platforms
   - future-proof the code for upcoming ACPI 6.2 changes
   - fix a build warning on x86"

* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  efibc: Replace variable set function in notifier call
  x86/efi: fix a -Wtype-limits compilation warning
  efi/bgrt: Drop BGRT status field reserved bits check
  efi/memreserve: deal with memreserve entries in unmapped memory
2019-06-29 19:32:09 +08:00
Linus Torvalds
2407e48606 Power management fix for 5.2-rc7
Avoid skipping bus-level PCI power management during system
 resume for PCIe ports left in D0 during the preceding suspend
 transition on platforms where the power states of those ports
 can change out of the PCI layer's control.
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl0XJzcSHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRxylwQAI8owd3eQV6UNDybkT5MiP0lWb9nbl83
 2ouxla+FtAzRFJC0yW4RK86cW4i/Yl8767KV2yqX/69ftmz4XhZBJ63ijKAEoG6o
 tHFyY7twy7Sr0MvPRD9rtjUkmdOx9z0OFKHgLhSzC/V4PvgGZTt+eYBm1Bp3icZp
 ZY9CFx/bSt9tURY//VqXhvBWT6pEpn1B1D7hsiAp041EwhtTONNs7xAa7ucIP+aG
 Ufyb0waVYmiFCX+Lrt/gHzEO2YIpTHIUw3DaMcbR8plHc1gpYtbuZ2ZMScgt2TgL
 f0s7GeMOXtF3sODOd/1mhg127ShWbqUkf8EHDyU3JAWa9aesLr3BoFGtKyAT1rbg
 O9nyJGBGj5ByUNefua0S8+q0kWI2XHdLAQ8CHBlBQx5W1x1Yg2EeV2Kosxjuhfdp
 5K9wFIiPG0F/rtGoAA61dMH9tt87NnY8PgeCyHLFUCoJbhySWr18kwrwrdkimqa5
 9FR8OTa8CHGQ/0bPvw+w8S9FdxiEM6yw4wuMLIy3c+a22+lgIiPvkgqzdsWYULdX
 CrI62jvz5SvoTwK/UEp9PrCnnHbp4crbSp73Vgo1o1bi5eeaaSobRECq+IbN0T3P
 X1H/xn+18mUqmCg4WtDX++14Fe1rMHoe/5CqqE/mp8aCqE9q/3fbAs9INnWJcyrP
 a2O0Wk0jLE76
 =eGQi
 -----END PGP SIGNATURE-----

Merge tag 'pm-5.2-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fix from Rafael Wysocki:
 "Avoid skipping bus-level PCI power management during system resume for
  PCIe ports left in D0 during the preceding suspend transition on
  platforms where the power states of those ports can change out of the
  PCI layer's control"

* tag 'pm-5.2-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  PCI: PM: Avoid skipping bus-level PM on platforms without ACPI
2019-06-29 19:29:45 +08:00
Linus Torvalds
01305db842 XArray updates for 5.2-rc6
Account XArray nodes for the page cache to the appropriate cgroup
   (Johannes Weiner)
 Fix idr_get_next() when called under the RCU lock (Matthew Wilcox)
 Add a test for xa_insert() (Matthew Wilcox)
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEejHryeLBw/spnjHrDpNsjXcpgj4FAl0WuKsACgkQDpNsjXcp
 gj73zgf9Eb477PuwYZpFBA9ZxI5v/6WyqbaWXKdqEhotARgIUuv1CfVnkt1IJE6P
 Z3QCRABZ3pIKHgIErJN53B7AdvdONUO4Xf9VFBqmxeWE7F9L3sROOpXc8IrR26kV
 hITQn8mwgacNQ8mLtQmcSFaCVC2E7yVNBhVd5zmcA6jNIAFsOJcP06KLJTe94OXe
 AB9TJvswxpzAEX8emHQ/a1SFBNZWJ7b53hBcu8CJn8CuGDxmo1/+qqoRyNY+WrDO
 OohFk2u1j6Esfc6j0k+Akt8mEFyfU2oxFfv5MjL0KYEyrHoU84eZljFGgf7rQqGj
 fqH9RO8J8eoj4D/3XaLL5QYRLIxRaw==
 =AXZy
 -----END PGP SIGNATURE-----

Merge tag 'xarray-5.2-rc6' of git://git.infradead.org/users/willy/linux-dax

Pull XArray fixes from Matthew Wilcox:

 - Account XArray nodes for the page cache to the appropriate cgroup
   (Johannes Weiner)

 - Fix idr_get_next() when called under the RCU lock (Matthew Wilcox)

 - Add a test for xa_insert() (Matthew Wilcox)

* tag 'xarray-5.2-rc6' of git://git.infradead.org/users/willy/linux-dax:
  XArray tests: Add check_insert
  idr: Fix idr_get_next race with idr_remove
  mm: fix page cache convergence regression
2019-06-29 17:14:57 +08:00
Linus Torvalds
0839c53762 Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
 "15 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL
  mm, swap: fix THP swap out
  fork,memcg: alloc_thread_stack_node needs to set tsk->stack
  MAINTAINERS: add CLANG/LLVM BUILD SUPPORT info
  mm/vmalloc.c: avoid bogus -Wmaybe-uninitialized warning
  mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
  initramfs: fix populate_initrd_image() section mismatch
  mm/oom_kill.c: fix uninitialized oc->constraint
  mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge
  mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails
  signal: remove the wrong signal_pending() check in restore_user_sigmask()
  fs/binfmt_flat.c: make load_flat_shared_library() work
  mm/mempolicy.c: fix an incorrect rebind node in mpol_rebind_nodemask
  fs/proc/array.c: allow reporting eip/esp for all coredumping threads
  mm/dev_pfn: exclude MEMORY_DEVICE_PRIVATE while computing virtual address
2019-06-29 17:11:01 +08:00
Linus Torvalds
f8b5c72227 ARC fixes for 5.2-rc7
- hsdk platform unifying apertures
 
  - build system CROSS_COMPILE prefix
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJdFqxcAAoJEGnX8d3iisJebpAP/3clqurFHD7pVwqzq5TImlDN
 u5t4GqMqPAVnbXArv5iiHJIGRwkcPHMoZB5qj/h303zKmNfwMQ4CAjQlDC2YDaGg
 7dk6ovitiO+ZyH7F7viF8uU11cU2vUnuLZ1vP+KVEbu1mUConL4KYj9KMJUoO+VX
 KWdhsVEE+b/fQV1hXb/Jvqciithi3F+B7QKJPVSz39FHOpfQzCBq4yn6aMfKcSvR
 bAWog824yLApOLtfDlM2/+bR8gpxmacOBn5duutymBVoB2Tz9Pop/jcDcQJi836e
 b2iCia6vygOLv3XHFf4zf0VPIeCGmncT8P48QydUAiaYd7dalURkVETqm2YS9LR2
 Pu9D5X6xPw6/0mHNVJ6gWcuDSfN/qHX++m8IDrSJF+3/f/12PBqm4HBIFy7GumVl
 nh99DJTo8LHIDcr5ZSavb8tmtSp1oL/3QFT7ydwP60XyOjlu8ZzP7/S/ycZHMKHV
 bX4sVyvtwtejQ0Gahmt8m+MxraI183yuFRZpIEXE2YbQfbMbPdIeUgiTiDQWphxs
 UCtnucepxKrGKLqpdWn9SxlGtO84Gl7/YROYfk+jJR7IwKK7blnfqzBL7JtfZ/CN
 X5qIYkqfyaqMWuQYpPRdZNqy1K76l30rR6LWLJ9BjXJNKtxv4eflPApG3RSIEwyY
 ijAp+v3+TvmZRSP+yQM7
 =Mhn6
 -----END PGP SIGNATURE-----

Merge tag 'arc-5.2-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc

Pull ARC fixes from Vineet Gupta:

 - hsdk platform unifying apertures

 - build system CROSS_COMPILE prefix

* tag 'arc-5.2-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  ARC: [plat-hsdk]: unify memory apertures configuration
  ARC: build: Try to guess CROSS_COMPILE with cc-cross-prefix
2019-06-29 17:05:58 +08:00
Linus Torvalds
c57582adfd Minor RISC-V fixes and one defconfig update for the v5.2-rc series.
The fixes have no functional impact:
 
 - Fix some comment text in the memory management vmalloc_fault path.
 
 - Fix some warnings from the DT compiler in our newly-added DT files.
 
 - Change the newly-added DT bindings such that SoC IP blocks with
   external I/O are marked as "disabled" by default, then enable them
   explicitly in board DT files when the devices are used on the board.
   This aligns the bindings with existing upstream practice.
 
 - Add the MIT license as an option for a minor header file, at the
   request of one of the U-Boot maintainers.
 
 The RISC-V defconfig update builds the SiFive SPI driver and the
 MMC-SPI driver by default.  The intention here is to make v5.2 more
 usable for testers and users with RISC-V hardware.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEElRDoIDdEz9/svf2Kx4+xDQu9KksFAl0WljgACgkQx4+xDQu9
 KksbXQ//fohS8vHCMCkqj3rtKM3fuf9DRdZZbZf0WdPL5463JxTTK8JULrrawjL5
 j57Ve/EFRQFVSELBtWd0u/4sgAcgGmyJWnfexk3LYISNMZCjBe6Zuz+7Q9Ykbhoa
 YKpjOreDeO+fbQpGqMHK2suD5WFVXsDfiI3TmHE6xGIm0sWdpANawpz2K4CzBkEO
 XOaOsmVPT8HfN2f0XodCmzo2VrGNeEutqyxc9+X1Ah0nxBecj56t9TK9wnseTWrE
 hWjnMw2KMZFTnmtOOQ8kB0EfcRDZ8AvXymAb1BHwuWwmxLFrGELsGKRWzrH+qhyT
 4mlexMjdyz69N1uYWieO6FWGMqbIm+ncR7cMwIl2hOErtJiSoUf5cwGhflXMk9ph
 b/oWmNzLGE/7ib/Uo1tfaBmdEYzlzziEtkB0DDWIf16wqMVK5zyoPknnHC7WPIBa
 7WyN+2FKA7b0440Kqfywgq9CMZ3odvhXCLAEmFBdwaa9wyKGsOR6sUZhPXGUSjyL
 oKe4oszbKmqaUboxTo/YzDYHpD4BPGoBMievY8kCO+TcewN2ARczJngQyc2FLS+B
 BUMFZmTUr85pt1pcnNqK84D5N6alldLqLbKwczYq3PvtHzIR2kFUfZGMwQ0DlEh2
 IOJMDcmHehuCmCAz4jnNykOlJPDIMIYiVLeUtGp+1IwZjcvLfxg=
 =+HL9
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-v5.2/fixes-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fixes from Paul Walmsley:
 "Minor RISC-V fixes and one defconfig update.

  The fixes have no functional impact:

   - Fix some comment text in the memory management vmalloc_fault path.

   - Fix some warnings from the DT compiler in our newly-added DT files.

   - Change the newly-added DT bindings such that SoC IP blocks with
     external I/O are marked as "disabled" by default, then enable them
     explicitly in board DT files when the devices are used on the
     board. This aligns the bindings with existing upstream practice.

   - Add the MIT license as an option for a minor header file, at the
     request of one of the U-Boot maintainers.

  The RISC-V defconfig update builds the SiFive SPI driver and the
  MMC-SPI driver by default. The intention here is to make v5.2 more
  usable for testers and users with RISC-V hardware"

* tag 'riscv-for-v5.2/fixes-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  riscv: mm: Fix code comment
  dt-bindings: clock: sifive: add MIT license as an option for the header file
  dt-bindings: riscv: resolve 'make dt_binding_check' warnings
  riscv: dts: Re-organize the DT nodes
  RISC-V: defconfig: enable MMC & SPI for RISC-V
2019-06-29 17:04:21 +08:00
Linus Torvalds
c949c30b26 Two more NFS client fixes for Linux 5.2
Stable bugfixes:
 - SUNRPC: Fix up calculation of client message length # 5.1+
 - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O # 4.8+
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEnZ5MQTpR7cLU7KEp18tUv7ClQOsFAl0Wf3EACgkQ18tUv7Cl
 QOs2ORAA5/CXFa471jUldOsHejxfFoddFBkuqf8qZ1AF3TZdFuITAsq+xydxfO5U
 hYzUUlOTKedEi+ISYLFs1tjU/nYRQJv7fFZxVwq6uDZ53Z/doiMLAIR67Eq7EcTY
 KBWA9zdldnBzb0S87+hkbmaNPR5pjqxBzLEfMmOQEAAh5pSGf5YSeUNTXLGj4wBd
 iXf25o1VSjUmNpSHaA3KsrqTJ4mJ7+i/17Iny1c4xRgZbJtoTm44DpceHCheJpbl
 DymRSgjSr0vFjJbufcKkbF2OPp1ZsnkDiKyJmZzgPOa3+TMGzisU5yiASoac6D+j
 gs426yEz9rvR/TMZtFS05nfu2clKuS8foLGwZelJ7XjQSXJgObCb4xf97jLIOWNb
 J+BWwsTmUIQS+fMUQDA+rlbyepJ+skVZpbjmUy+/Uy52oqtnYK6uTD469NdmxBwr
 7z2pnCUjJFTqo6BHeCQgR5XlSt1MGDByamcVAWONS+9zJttRhfUOjq0PIOLSrsBK
 5zRzJxtBoYLwP5py3zKAeV9RcvDNSgh5U6P0hhFRtHfqMUmtGeA58nNND2S6Qm3/
 vAB7WZL0aVSvc3zpz7qdctitMESQNspCkMooAp/EoIime3YkqKCS+AgED9jKLhJR
 /5eqtr6tehh6A4dshzSlDF7cFrKyUd+ulS0IN8vt1V2TYgOQmbY=
 =FATk
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-5.2-4' of git://git.linux-nfs.org/projects/anna/linux-nfs

Pull two more NFS client fixes from Anna Schumaker:
 "These are both stable fixes.

  One to calculate the correct client message length in the case of
  partial transmissions. And the other to set the proper TCP timeout for
  flexfiles"

* tag 'nfs-for-5.2-4' of git://git.linux-nfs.org/projects/anna/linux-nfs:
  NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O
  SUNRPC: Fix up calculation of client message length
2019-06-29 17:02:22 +08:00
Linus Torvalds
43251dbd6a A small fix for a potential -rc1 regression from Jeff.
-----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAl0WLe4THGlkcnlvbW92
 QGdtYWlsLmNvbQAKCRBKf944AhHzizPrB/4tNUS8J9mW9Zd3xLAzZmwjq+WAfCV8
 wp3IjBHCgvn9SmTYOJtozjTLJVlmeGNVyrCaWbtzQ2YLKvyBTCUF4kg9EG7FMX9a
 ixzlHb2+Wu46LYWiA7jhUnoKNMMl1swm01BOvfmGprSwV70BAEF0i2/D7WHikolX
 rgcwGb58vUMmXQ1VGfIO9Pox2a8jaZNj82BZnDniMDxetZ5sRsZXGy43s14zC6Lt
 YnwDT70Y7+Pr9SwHMA5bnZ8kCtQpr0qAHmDVhEd965Io1XZ+2/EHF5IwqK0xGg+e
 KUQdRyhMWjIGG34SWMt5tbT+9Lzeju4CAka9NPSJ1tRtFnk1AvpILbnB
 =TpFR
 -----END PGP SIGNATURE-----

Merge tag 'ceph-for-5.2-rc7' of git://github.com/ceph/ceph-client

Pull ceph fix from Ilya Dryomov:
 "A small fix for a potential -rc1 regression from Jeff"

* tag 'ceph-for-5.2-rc7' of git://github.com/ceph/ceph-client:
  ceph: fix ceph_mdsc_build_path to not stop on first component
2019-06-29 17:01:02 +08:00
Linus Torvalds
5b607ba862 SCSI fixes on 20190628
One simple fix for a driver use after free.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXRanDiYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pisheLdAQDqNfwa
 zjLaPyTcuvDDyl5l6P1/HwP+wko3Ssan30kb/QEA+1fMxV1FqtwLADP9QVA1OMTc
 1E72PEHf7oEaXmRMXfM=
 =oJHK
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fix from James Bottomley:
 "One simple fix for a driver use after free"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
2019-06-29 16:59:45 +08:00
Linus Torvalds
9dda12b6fa for-linus-20190628
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl0WM9YQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpmkyEADVPjXlIZETBpAl/oK/StNc1NMdfgBiWaX7
 kQHbFu3V4soDpvR8iQvMVyFc7dUpwo9lmgxIOcZSfdCf/ciJ/G4trhH4UljXfRsj
 2vdKV3rZXragrclN0zGtW90sBBYxSilaezzRQbnnXjEgGaHFkeJJR3xW00UMoGrm
 GDO2gSQdhDKqhJtKjiCASkyN9uWMkcLFdsGErPgA6e4S3NTbaLKaY/xFUCcMF7aX
 N1aYkIfdyl38QUU/N+5WLgiJYHkiZNqcrJ+a5aECioqqiNh9ST+UR1jCgo7tlt4h
 b3Gb5mxP0CPUuTh3VQD8GHCaPzDsxUIxThJkz5aih3M9NEQmm5Du0GDChaDuMoUR
 zyFT/Yl4JfeO93mlpxGUyC5WyFCQdj0QOBuyxInCchvJC5kbpRflMuKt+xRYlSqg
 331njdykyKkgutagLzzTME38RPUbttZVmbc6K422PXKkYW+FOlS352FZpl5qxDOu
 5+ihOXOLvO09VXu6kcC5UH4Yi6nuGYDS95oIZhJ0OODx10xnKSE4ZozlPXAEreAR
 NVJN7vbHVqLnphuplRK9Kh0VngdIhLkeTsUxaTnX6UQSioHPDJPqPP5nfSu9Xkyo
 e+2UAXkfVjnw45jAu8Mrsu0KhabCB5Pde8Jk+kmqPcuWXQEN5OHqeA09vtvKj81J
 lIagz1NZxw==
 =WzXj
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20190628' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:
 "Just two small fixes.

  One from Paolo, fixing a silly mistake in BFQ. The other one is from
  me, ensuring that we have ->file cleared in the io_uring request a bit
  earlier. That avoids a use-before-free, if we encounter an error
  before ->file is assigned"

* tag 'for-linus-20190628' of git://git.kernel.dk/linux-block:
  block, bfq: fix operator in BFQQ_TOTALLY_SEEKY
  io_uring: ensure req->file is cleared on allocation
2019-06-29 16:58:35 +08:00
Linus Torvalds
061913712d Pin control fixes for the v5.2 cycle:
- Fix IRQ setup in the MCP23s08.
 - Fix pin setup on pins > 31 in the Ocelot driver.
 - Fix IRQs in the Mediatek driver.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdFd2eAAoJEEEQszewGV1zW8AP/jkDznsyrjSkHOFSjiAjv5aF
 Yte85bupFkw5y2dMwH/nyF/dQOz34ZwmVA4fuIn/IcY+0+PbdRVJ9dd2suNhO9o3
 LULso6rTayKh0+9U+ARS/D9sW73jOvUbAdSCMacGLqwmzaiAUBDdopfQobYq7j3Y
 ikjeEhHMRoMOJmXOk9JJ9nENBfRS/wGU/G7hALOiuLd/A0X7YkGVP4Y3ViKA77Ec
 Y7Dcd7fV57XXxh5vvQIbtLrzAY4LlJiFpXyK8p3rf8Fewq2NT2N3oQgQdsap7Dce
 8pZxbBr6sw8X++yc2t1OLMkfM6y6iLoHVdwpmOQmU3ZV+3JINWq8Y8oRvH6nOXkM
 fLBowKEhc1TMFZzujUkDq+tHZw+1ofOJdJHplRsLC9Yy5dP0tEyuyuKhnIByNY63
 mH6C4uNYT5h2SPN6aYF1GFdk8b89jQ3r3fdvSAjbEiJ0FTBueuzQlv5iS1Ujhkh7
 gTkWVX0MG6faEKn8rEElZVAECf0TlCYov76OG2UF0+nZTbA2aeIjnmnQpcwZhgVl
 ll1IGiJfKcyqihvbQJv2ZEZliozA3nqon7K9+R68FL3NnJewQcMRx959FG+eMhQw
 oNp4IPfUSu+4O+m5VjwMeONXHIAMFYQ2MO0idMQGU80BXi+o8gjW/BJYo4WPTlHc
 bcUfedYYxJzOpYvoKuto
 =/GFO
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-v5.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:
 "Sorry to bomb in fixes this late. Maybe I can comfort you by saying it
  is only driver fixes, and mostly IRQ handling which is something GPIO
  and pin control drivers never get right. You think it works and then
  it doesn't.

  Summary:

   - Fix IRQ setup in the MCP23s08.

   - Fix pin setup on pins > 31 in the Ocelot driver.

   - Fix IRQs in the Mediatek driver"

* tag 'pinctrl-v5.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: mediatek: Update cur_mask in mask/mask ops
  pinctrl: mediatek: Ignore interrupts that are wake only during resume
  pinctrl: ocelot: fix pinmuxing for pins after 31
  pinctrl: ocelot: fix gpio direction for pins after 31
  pinctrl: mcp23s08: Fix add_data and irqchip_add_nested call order
2019-06-29 16:51:10 +08:00
Vinod Koul
8f9fab480c linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL
DIV_ROUND_UP_ULL adds the two arguments and then invokes
DIV_ROUND_DOWN_ULL.  But on a 32bit system the addition of two 32 bit
values can overflow.  DIV_ROUND_DOWN_ULL does it correctly and stashes
the addition into a unsigned long long so cast the result to unsigned
long long here to avoid the overflow condition.

[akpm@linux-foundation.org: DIV_ROUND_UP_ULL must be an rval]
Link: http://lkml.kernel.org/r/20190625100518.30753-1-vkoul@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-06-29 16:43:45 +08:00
Huang Ying
1a5f439c7c mm, swap: fix THP swap out
0-Day test system reported some OOM regressions for several THP
(Transparent Huge Page) swap test cases.  These regressions are bisected
to 6861428921 ("block: always define BIO_MAX_PAGES as 256").  In the
commit, BIO_MAX_PAGES is set to 256 even when THP swap is enabled.  So the
bio_alloc(gfp_flags, 512) in get_swap_bio() may fail when swapping out
THP.  That causes the OOM.

As in the patch description of 6861428921 ("block: always define
BIO_MAX_PAGES as 256"), THP swap should use multi-page bvec to write THP
to swap space.  So the issue is fixed via doing that in get_swap_bio().

BTW: I remember I have checked the THP swap code when 6861428921
("block: always define BIO_MAX_PAGES as 256") was merged, and thought the
THP swap code needn't to be changed.  But apparently, I was wrong.  I
should have done this at that time.

Link: http://lkml.kernel.org/r/20190624075515.31040-1-ying.huang@intel.com
Fixes: 6861428921 ("block: always define BIO_MAX_PAGES as 256")
Signed-off-by: "Huang, Ying" <ying.huang@intel.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-06-29 16:43:45 +08:00
Andrea Arcangeli
1bf4580e00 fork,memcg: alloc_thread_stack_node needs to set tsk->stack
Commit 5eed6f1dff ("fork,memcg: fix crash in free_thread_stack on
memcg charge fail") corrected two instances, but there was a third
instance of this bug.

Without setting tsk->stack, if memcg_charge_kernel_stack fails, it'll
execute free_thread_stack() on a dangling pointer.

Enterprise kernels are compiled with VMAP_STACK=y so this isn't
critical, but custom VMAP_STACK=n builds should have some performance
advantage, with the drawback of risking to fail fork because compaction
didn't succeed.  So as long as VMAP_STACK=n is a supported option it's
worth fixing it upstream.

Link: http://lkml.kernel.org/r/20190619011450.28048-1-aarcange@redhat.com
Fixes: 9b6f7e163c ("mm: rework memcg kernel stack accounting")
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Reviewed-by: Rik van Riel <riel@surriel.com>
Acked-by: Roman Gushchin <guro@fb.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-06-29 16:43:45 +08:00