Commit Graph

782682 Commits

Author SHA1 Message Date
Linus Torvalds
48751b562b overlayfs fixes for 4.19-rc4
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQSQHSd0lITzzeNWNm3h3BK/laaZPAUCW5qpOgAKCRDh3BK/laaZ
 PDCQAQCIKLg0aLeWOkfUO76mBjlp5srKgJfrqpFoyuozD6l2fQEAl/W2x9NOduV+
 PK4sCYMT8SpI0hMrbv9P4zZ683kmaA8=
 =RnZU
 -----END PGP SIGNATURE-----

Merge tag 'ovl-fixes-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

Pull overlayfs fixes from Miklos Szeredi:
 "This fixes a regression in the recent file stacking update, reported
  and fixed by Amir Goldstein. The fix is fairly trivial, but involves
  adding a fadvise() f_op and the associated churn in the vfs. As
  discussed on -fsdevel, there are other possible uses for this method,
  than allowing proper stacking for overlays.

  And there's one other fix for a syzkaller detected oops"

* tag 'ovl-fixes-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
  ovl: fix oopses in ovl_fill_super() failure paths
  ovl: add ovl_fadvise()
  vfs: implement readahead(2) using POSIX_FADV_WILLNEED
  vfs: add the fadvise() file operation
  Documentation/filesystems: update documentation of file_operations
  ovl: fix GPF in swapfile_activate of file from overlayfs over xfs
  ovl: respect FIEMAP_FLAG_SYNC flag
2018-09-13 19:21:40 -10:00
Linus Torvalds
4d8d9f540b for-linus-20180913
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAlubFpAQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpoYnEADQYssR8J6leHkYgrAT4zhuhNLALknzHj49
 F/s6U3npw1CkUOyNEJ52KScVDEv+bvKIjxXbpVOB1qXqtZWNQ9HkEwAEQWVg11T9
 xfbvqDyk/qywfx/cKt+Fko8wcuCX4F4tDX8io9RWeosWg/W5oOPJ8vjh54j0kUXK
 xzY947eNorYqjwDYUj56JsVkHObTA8PWg578tgnbYNQtXvJMhWLL4YlfqsbtTMfb
 SuQ/AVRhsFPfCMX+0Qj5vu08UwrZ7VDkPKpqUpKfQPqB5VLpKbbCItMt32rCujj9
 Ptmo81kEVxZaj9vqqst2wbUp3RVAN5SzcuXoj20GGP2HpWEwBAe8kxgsOVzEgOhx
 dNPX2XjfsN0FGN0nPXbYSN0IPeyoxDSgImWRwrdZCaSTXm/96apnzPXNXt0kWh4L
 3RP82Y655AtDEfZwVCkUFwqUIgyYm978vgGn/3zf682mBeQImon0AMAJk3QPNj7f
 Re8acaPyix39D0+RYfeEHzO9UM1PQ2QF9IX9DwnSrHfoEWEnjPlaEZIbO5fGPKUV
 ny+nGoadWqosOUz6/OJuo+MDzE7BlbN25KTN4xcLQlaKxblLJNoPhbgafR1AloTi
 DkBXztwAYC9n49D+eiclHplJG0xcWmKyAj3FrINJsW1wkiH2LBjZVC4SX0NJh9Ei
 RsFc6NdSDQ==
 =1Jo5
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20180913' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:
 "Three fixes that should go into this series. This contains:

   - Increase number of policies supported by blk-cgroup.

     With blk-iolatency, we now have four in kernel, but we had a hard
     limit of three...

   - Fix regression in null_blk, where the zoned supported broke
     queue_mode=0 (bio based).

   - NVMe pull request, with a single fix for an issue in the rdma code"

* tag 'for-linus-20180913' of git://git.kernel.dk/linux-block:
  null_blk: fix zoned support for non-rq based operation
  blk-cgroup: increase number of supported policies
  nvmet-rdma: fix possible bogus dereference under heavy load
2018-09-13 19:16:11 -10:00
Linus Torvalds
a0efc03b79 - DM verity fix for crash due to using vmalloc'd buffers with the
asynchronous crypto hadsh API.
 
 - Fix to both DM crypt and DM integrity targets to discontinue using
   CRYPTO_TFM_REQ_MAY_SLEEP because its use of GFP_KERNEL can lead to
   deadlock by recursing back into a filesystem.
 
 - Various DM raid fixes related to reshape and rebuild races.
 
 - Fix for DM thin-provisioning to avoid data corruption that was a
   side-effect of needing to abort DM thin metadata transaction due to
   running out of metadata space.  Fix is to reserve a small amount of
   metadata space so that once it is used the DM thin-pool can finish its
   active transaction before switching to read-only mode.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJbmq1sAAoJEMUj8QotnQNa9hwIANBzgefmIoBA8hCqlS7Nzogh
 moHAbaUONYxAVksJ5s4Divpa4RE8jSZ8AiVJizbLj94XxqnpA5x4pmhtUs3OdWxq
 4FW8fZvb2L1IMeshajMsO+rKrL6y8uwYnRI5zSJRKxhV2frj1VZ4ioMEXMGrwqjO
 jwNYFWglX5G3eIohUIDxgXki/WkacndQlsy2T6Utx0idz50usOt1pNON/GPhRsXd
 yWbvxQWuaZlm6+TF1ygsrXr1nMwRwDw0pdjY9sRQ3hHmuYQ24Wgkwf5Ggi5US7VZ
 iwgK8dppR8zWqwRyxRYahJvQvwcnC18mewFAmuDQfvPXqvUHtuhWaxzE4D9c3L0=
 =yIoD
 -----END PGP SIGNATURE-----

Merge tag 'for-4.19/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - DM verity fix for crash due to using vmalloc'd buffers with the
   asynchronous crypto hadsh API.

 - Fix to both DM crypt and DM integrity targets to discontinue using
   CRYPTO_TFM_REQ_MAY_SLEEP because its use of GFP_KERNEL can lead to
   deadlock by recursing back into a filesystem.

 - Various DM raid fixes related to reshape and rebuild races.

 - Fix for DM thin-provisioning to avoid data corruption that was a
   side-effect of needing to abort DM thin metadata transaction due to
   running out of metadata space. Fix is to reserve a small amount of
   metadata space so that once it is used the DM thin-pool can finish
   its active transaction before switching to read-only mode.

* tag 'for-4.19/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm thin metadata: try to avoid ever aborting transactions
  dm raid: bump target version, update comments and documentation
  dm raid: fix RAID leg rebuild errors
  dm raid: fix rebuild of specific devices by updating superblock
  dm raid: fix stripe adding reshape deadlock
  dm raid: fix reshape race on small devices
  dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL recursion deadlock
  dm verity: fix crash on bufio buffer that was allocated with vmalloc
2018-09-13 19:12:55 -10:00
Linus Torvalds
0f9aeeac1d i915, amdgpu and a single nouveau cleanup
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbmxVCAAoJEAx081l5xIa+H0EP/2F5S+VeVX/GQB3hs5xdNubj
 fBGWorXefXRySPOtS0SdSjHnPnJCUgWnHnKOGrBAxtqRaImnqZLra9HztdV7WbBI
 mzhfw39cekWX6q2/5WoTP2IxaujVMEyCFX9lgW+96msFktuwvmNGA6QP9MtOfyfV
 oBzjrtoQSJYHx7uzDDiAzghMKm6EGbkDjqHnOuO3HGNc2N+mPlNd4cIaReAehOkG
 r1PqOn26CRi9y/bsDgERLEiQURS4kHLz6QaGotJtMVrQblFuNwwk4eBEL9FjkGur
 f9jNnRAW9MXk/lPkXjWCwPV5wYcHW7XpldL0pZKTnL/Od6Fm956Ecoda72cRquMe
 4Rt+LOlZueNEcY4WyDnT9i5kYdE18TYvYNW5SpWXT2ZwhHmRgsblZsO+nTufndGT
 +GxGAalsLB8wSVh0m3h2TdJeULINzHoN287i6KXZOoc0tR4yXh3Bek3k5K1Sajiv
 3Ehp4mzOEBcut7qR9P8KNoOtt5lExp8LwxHcpwbl+rYeFUhNUr1ffuLBV59bVLt7
 sluZQ9+UVHu72XSXdXRtB9WeyKPToZBkh2+rwad4SPLpUKwJuyXJim/IHKfGt0O9
 BeilehpFVerP4RyB7dK3PRRzKS0zQmfVlr5x1WDXwir1RHDjWdoyLvHFzwn5OKSH
 rIGf2J64oreok1UrCKyN
 =NZvZ
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2018-09-14' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "This is the general drm fixes pull for rc4.

  i915:
   - Two GVT fixes (one for the mm reference issue you pointed out)
   - Gen 2 video playback fix
   - IPS timeout error suppression on Broadwell

  amdgpu:
   - Small memory leak
   - SR-IOV reset
   - locking fix
   - updated SDMA golden registers

  nouveau:
   - Remove some leftover debugging"

* tag 'drm-fixes-2018-09-14' of git://anongit.freedesktop.org/drm/drm:
  drm/nouveau/devinit: fix warning when PMU/PRE_OS is missing
  drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk
  drm/i915/overlay: Allocate physical registers from stolen
  drm/amdgpu: move PSP init prior to IH in gpu reset
  drm/amdgpu: Fix SDMA hang in prt mode v2
  drm/amdgpu: fix amdgpu_mn_unlock() in the CS error path
  drm/i915/bdw: Increase IPS disable timeout to 100ms
  drm/i915/gvt: Fix the incorrect length of child_device_config issue
  drm/i915/gvt: Fix life cycle reference on KVM mm
2018-09-13 18:54:47 -10:00
Linus Torvalds
145ea6f10d pstore fixes for v4.19-rc4:
- Handle page-vs-byte offset handling between iomap and vmap (Bin Yang)
 -----BEGIN PGP SIGNATURE-----
 Comment: Kees Cook <kees@outflux.net>
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAluakCIWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJnq1D/9a9PFwxBflN3Wi9G2SMJuCF8y1
 vb+auPyMtk2gpnDnE/GbumwLfB/ZW/1JSBNncCmSnFOjeK3M0m4e0gz0XU2AQaT6
 BTNFZlVe649a6zct59nEQRILG1aPP5UdKv4eE2mJ+XOFEi3DSTMgtsmFhftrngGZ
 Gp8XYaNgf6JIL25fUtfgZd5YiwbR+ZdLZdcd+qlIliJF80rup/QftdgRsPJk0kUS
 b8yE6sWNnP1NDzlUWcAWXy231lewbbUsdYAQ11RLThl8Glogz3hlxLKIbCuKFymd
 IGwSyShnZFczO6qN6Rcvx5o8PIgbTH+1ntQc3s3PNuXOpOmOk7F2YspkAEqLY3//
 4Gy+jphSmg12JAzPy7B1m0UT8nCE0S9qfi7tnQ0Dti0rvu+vS1dyqFlqbTgN9Hb3
 Wfi8u/rNvUT5XqB0afq5v7U6On7mjHfW6PwcwqZJZtEblERqv+DOgRUPjWkack6E
 x64IA0UzlEX2AlWHiBxGcwd55kIvk+xI94VVy2K8QcbWlGeM5Ij7WDMABTkmJn5L
 3I8EwoIpg9qtoabKOywOQuj6m9Dovvo0Dv8juUtHARBUJZC0fEpakTdPZEQoiSBs
 7Vox1UTzY+QqJch1ayEvjmqJNkPsAor7zqfVX4Ub85tuECAEs+MtQDbZCZUTXR7I
 WN5N1QBDpuwC8tupCg==
 =8krP
 -----END PGP SIGNATURE-----

Merge tag 'pstore-v4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull pstore fix from Kees Cook:
 "This fixes a 6 year old pstore bug that everyone just got lucky in
  avoiding, likely due only using page-aligned persistent ram regions:

   - Handle page-vs-byte offset handling between iomap and vmap (Bin Yang)"

* tag 'pstore-v4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  pstore: Fix incorrect persistent ram buffer mapping
2018-09-13 18:52:41 -10:00
Linus Torvalds
4624d6ea1b MMC host:
- meson-mx-sdio: Fix OF child-node lookup
  - omap_hsmmc: Fix wakeirq handling on removal
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAluae48XHHVsZi5oYW5z
 c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCn6uhAAg2pv2tvr0+9YqikncIzIu/OE
 64PPKjC99tyjC20MPurPPMEvdIDU+XmPUPp1BSarIdd796LBgKOu28hD89zxtip9
 8F/hQrF3e1J4Q4wp0i3r36w5rzsTUiN9Zf+x9mX0sC1Ph2vRl96HwJQfyl9j9i7j
 1AC5cpwjv/id8EbdFwQeqlz3pVHkGrg/Iu/J/Uxlon5TzDvFOlHsYqx9eQX5RTdW
 3jXubNc6cXdISiNCoLEb19NFHf58AFITjEqkm2e4l5wDQYIkQq7kp1n0xIuYJzjT
 O0mbWLsrz9Gdvw4E89PXb+QGNIlqPEZGdcBgm/M3RzbawH/RW21G2Yrv4WIzvV2I
 Fnw6rrbP8n6W33MgBnYOCSISRpq8wFm2QsFAfdxBjemUnVod/o3Bcgq4VlQOhqr5
 AR9aJtTttj/EyVqvngXKbyG4ANXBi3/c4z2VMioLb7f4wbCtnL07yZCanDkIcy2B
 W2x0vO+b2FUvVXgNOg2IU09FcbFDUhxCv5a9OS/NAKxkVPmcTg2G7KLbLW7Om6si
 VEKj6ti75yf3DFJ0atcPTnVcv7vae5ghXKXYyZd5KyhU85LLA9huctMMWPSg18ZP
 slkvyFXayykI5Xh6lJ/xbl0kembEf2+QyxNjR73WY5g7s1m2Zm4XcYPWPvYmn6G7
 aSZ3duOZvjGyow2hl8o=
 =wopj
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

Pull MMC host fixes from Ulf Hansson:

 - meson-mx-sdio: Fix OF child-node lookup

 - omap_hsmmc: Fix wakeirq handling on removal

* tag 'mmc-v4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: meson-mx-sdio: fix OF child-node lookup
  mmc: omap_hsmmc: fix wakeirq handling on removal
2018-09-13 18:49:23 -10:00
Linus Torvalds
bd5bca1381 Pin control fixes for the v4.19 kernel cycle:
- A complicated IRQ fix for the MSM driver (see commit).
 
 - Fix the group/function check in the Ingenic driver.
 
 - Deal with a possible NULL pointer dereference in the Madera
   driver.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbmlOCAAoJEEEQszewGV1zXTAP+gLLyF9Txaa4t65wGYnbafoi
 6DgGHOCvgxvro8M1vlWViDLmGdHGvMqSA0kHdpur5H+91tHIsHFTvZwiUtOQrwiG
 nNJVK+ijNPLnVQNALqFbxasDCLs3FPQU+8KsQfQ/L4K3hz848+B/3Rqb/zxur/rY
 miGPgivvXqdKr//o+lh9ekK+xrc9Je1PMUoRbXaZWBVMNqRB38NnRpkcFmTnfYUS
 VGn6gXhJ33pajQCQOJLXppRP0z7hN5L1g8W2JOmZucZdRZjTVRxv99dUiFLxneEX
 r9mvAS4W0pQLZOSsmOFCc/R64W3Znr8sQaJjlH6La76zazNCE8wGYhOgFnfQgHoH
 z08WRSdd34xXGjzI0ipOHS0NdvM2V8tQQTSAzlE8qc5ItNSbyAmmHCrj9iodAQ7F
 B1N4/YQTfly8vlnO8jRWF1E3AJ6zcwLu8Irh4MiBqUPxSF9SsQvDJIoQsD0HpsT3
 bWl6dUmr96NhVwzuatITIfX8NHhR3YPTWgSir4ri4ybRuLTrA0iOH8UBfdegL0gM
 xLfAAQt1VjU4ZN2s9b+IzXjsB0N/TPCbxDFlLOGgxn1/hdU4e8+2oD6R9Ba98jLx
 e2DQ9D8raJo76069yQ0wzu92zFj5oEY71praWA3hDBa+HOzgx9xeryb9WHEzuYkR
 iCjRSnCUO3Mbf6EukIy3
 =g3Rc
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:

 - A complicated IRQ fix for the MSM driver (see commit)

 - Fix the group/function check in the Ingenic driver

 - Deal with a possible NULL pointer dereference in the Madera driver

* tag 'pinctrl-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: madera: Fix possible NULL pointer with pdata config
  pinctrl: ingenic: Fix group & function error checking
  pinctrl: msm: Really mask level interrupts to prevent latching
2018-09-13 18:47:45 -10:00
Linus Torvalds
f1c03a4651 Merge branch 'for-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
Pull percpu maintainership update from Tejun Heo:
 "This updates the MAINTAINERS file to transfer the percpu tree
  maintainership to Dennis Zhou.

  Dennis rewrote a good portion of the percpu allocator, knows most of
  percpu related code, is already listed as a co-maintainer, has been
  reliable, and now sits right behind me. I'll keep reviewing and
  involved with percpu stuff and am sure that Dennis will soon make a
  better maintainer than I ever was"

* 'for-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
  MAINTAINERS: Make Dennis the percpu tree maintainer
2018-09-13 16:35:25 -10:00
Linus Torvalds
72d4c6e589 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rkuo/linux-hexagon-kernel
Pull hexagon fixes from Richard Kuo:
 "Some fixes for compile warnings"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rkuo/linux-hexagon-kernel:
  hexagon: modify ffs() and fls() to return int
  arch/hexagon: fix kernel/dma.c build warning
2018-09-13 16:33:26 -10:00
Linus Torvalds
1d176582c7 s390 fixes for 4.19-rc4
One fix for the zcrypt driver to correctly handle incomplete
 encryption/decryption operations.
 
 A cleanup for the aqmask/apmask parsing to avoid variable
 length arrays on the stack.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJbmkYUAAoJEDjwexyKj9rgrugH/21Uf1S0mkkRfDeYxD6lJva6
 zNmEZ3V+GXc8L/0CisFWQOcIU1fO+jozp9HPGkQxeTvAuqIfVhBRVoMMxiTRaZb3
 xdSBel8EvAGxlZq/6eq6fU59HPWGm+N53rC9J5MMQQqgpSmq8F2QeO5CoidflRh8
 bdio9cliLsjPu+3P2JU3noolhb/f577J3dgP4gKARRpOfh8vUI7NLU3Mham+7886
 ASjG8s/zr9spPnrErJusloOLDJt4M94J8KrIbB/WAT1wZv7GxClaGsCoyCuk4cDt
 TV8zIgMK9TChedwMOO0T8WMaxq+XJV+iI0dC1eZ7xNUlaIBw+UbifxCG335L3E0=
 =dHq1
 -----END PGP SIGNATURE-----

Merge tag 's390-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Martin Schwidefsky:

 - One fix for the zcrypt driver to correctly handle incomplete
   encryption/decryption operations.

 - A cleanup for the aqmask/apmask parsing to avoid variable length
   arrays on the stack.

* tag 's390-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/zcrypt: remove VLA usage from the AP bus
  s390/crypto: Fix return code checking in cbc_paes_crypt()
2018-09-13 16:22:24 -10:00
Linus Torvalds
7a9cdebdcc mm: get rid of vmacache_flush_all() entirely
Jann Horn points out that the vmacache_flush_all() function is not only
potentially expensive, it's buggy too.  It also happens to be entirely
unnecessary, because the sequence number overflow case can be avoided by
simply making the sequence number be 64-bit.  That doesn't even grow the
data structures in question, because the other adjacent fields are
already 64-bit.

So simplify the whole thing by just making the sequence number overflow
case go away entirely, which gets rid of all the complications and makes
the code faster too.  Win-win.

[ Oleg Nesterov points out that the VMACACHE_FULL_FLUSHES statistics
  also just goes away entirely with this ]

Reported-by: Jann Horn <jannh@google.com>
Suggested-by: Will Deacon <will.deacon@arm.com>
Acked-by: Davidlohr Bueso <dave@stgolabs.net>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-09-13 15:18:04 -10:00
Dave Airlie
2b6318a09f Merge branch 'linux-4.19' of git://github.com/skeggsb/linux into drm-fixes
One more nouveau fix to remove some debug warnings.

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Ben Skeggs <bskeggs@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/CABDvA==GF63dy8a9j611=-0x8G6FRu7uC-ZQypsLO_hqV4OAcA@mail.gmail.com
2018-09-14 09:38:42 +10:00
Dave Airlie
25824ca38e Merge branch 'drm-fixes-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
A few fixes for 4.19:
- Fix a small memory leak
- SR-IOV reset fix
- Fix locking in MMU-notifier error path
- Updated SDMA golden settings to fix a PRT hang

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180912154735.2683-1-alexander.deucher@amd.com
2018-09-14 09:36:35 +10:00
Dave Airlie
db7f06d490 This contains a regression fix for video playbacks on gen 2 hardware,
a IPS timeout error suppression on Broadwell and GVT bucked with
 "Most critical one is to fix KVM's mm reference when we access guest memory,
 issue was raised by Linus [1], and another one with virtual opregion fix."
 
 [1] - https://lists.freedesktop.org/archives/intel-gvt-dev/2018-August/004130.html
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJbmEJvAAoJEPpiX2QO6xPKNNMIAItkqjJpqsGZq0Ii1/ph3D9U
 gX3Jj4H7ZoAoE/c+wx2nNADjmn8RhV7PnKrGFuXmLkRJaNJllXA8U7h7YfWqRBT9
 jQ0RIuFdbfiRrwHmqtEZ2q3XP4HCWbdSIigimO/Lk/A2l+sCY8oA+9bGB7IRxeRV
 e162GARNsxN0a8D+5i+KR0mrTezSoKOvYFtUFp76UKUDAKrK85XNQsn1TR8ZMXGC
 fIi03y6ZM66I+bzIsq15HEj/jrRcaXm7xjd94/HetqeVJaEOEs2ztfaex+v3yDnC
 meWZKWCJ5x9noqHTO3XdHJGlKnfFQxopZsINNiqpqwOKpH7oaHWyAnnUrafJfhA=
 =/IQQ
 -----END PGP SIGNATURE-----

Merge tag 'drm-intel-fixes-2018-09-11' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

This contains a regression fix for video playbacks on gen 2 hardware,
a IPS timeout error suppression on Broadwell and GVT bucked with
"Most critical one is to fix KVM's mm reference when we access guest memory,
issue was raised by Linus [1], and another one with virtual opregion fix."

[1] - https://lists.freedesktop.org/archives/intel-gvt-dev/2018-August/004130.html

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180911223229.GA30328@intel.com
2018-09-14 09:33:16 +10:00
Johannes Berg
1cebf8f143 socket: fix struct ifreq size in compat ioctl
As reported by Reobert O'Callahan, since Viro's commit to kill
dev_ifsioc() we attempt to copy too much data in compat mode,
which may lead to EFAULT when the 32-bit version of struct ifreq
sits at/near the end of a page boundary, and the next page isn't
mapped.

Fix this by passing the approprate compat/non-compat size to copy
and using that, as before the dev_ifsioc() removal. This works
because only the embedded "struct ifmap" has different size, and
this is only used in SIOCGIFMAP/SIOCSIFMAP which has a different
handler. All other parts of the union are naturally compatible.

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=199469.

Fixes: bf4405737f ("kill dev_ifsioc()")
Reported-by: Robert O'Callahan <robert@ocallahan.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 16:01:06 -07:00
Tejun Heo
1194c41546 MAINTAINERS: Make Dennis the percpu tree maintainer
Dennis rewrote a significant portion of the percpu allocator and has
shown that he can respond in a timely and helpful manner when issues
are reported against percpu allocator.

Let's make Dennis the percpu tree maintainer.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Dennis Zhou <dennis@kernel.org>
Cc: Christoph Lameter <cl@linux.com>
2018-09-13 12:16:36 -07:00
Toke Høiland-Jørgensen
c56cae23c6 gso_segment: Reset skb->mac_len after modifying network header
When splitting a GSO segment that consists of encapsulated packets, the
skb->mac_len of the segments can end up being set wrong, causing packet
drops in particular when using act_mirred and ifb interfaces in
combination with a qdisc that splits GSO packets.

This happens because at the time skb_segment() is called, network_header
will point to the inner header, throwing off the calculation in
skb_reset_mac_len(). The network_header is subsequently adjust by the
outer IP gso_segment handlers, but they don't set the mac_len.

Fix this by adding skb_reset_mac_len() calls to both the IPv4 and IPv6
gso_segment handlers, after they modify the network_header.

Many thanks to Eric Dumazet for his help in identifying the cause of
the bug.

Acked-by: Dave Taht <dave.taht@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 12:09:32 -07:00
David S. Miller
bffb9b51a2 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Johan Hedberg says:

====================
pull request: bluetooth 2018-09-13

A few Bluetooth fixes for the 4.19-rc series:

 - Fixed rw_semaphore leak in hci_ldisc
 - Fixed local Out-of-Band pairing data handling

Let me know if there are any issues pulling. Thanks.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 12:06:12 -07:00
David S. Miller
79140335ac Merge branch 'tls-don-t-leave-keys-in-kernel-memory'
Sabrina Dubroca says:

====================
tls: don't leave keys in kernel memory

There are a few places where the RX/TX key for a TLS socket is copied
to kernel memory. This series clears those memory areas when they're no
longer needed.

v2: add union tls_crypto_context, following Vakul Garg's comment
    swap patch 2 and 3, using new union in patch 3
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 12:03:47 -07:00
Sabrina Dubroca
c844eb46b7 tls: clear key material from kernel memory when do_tls_setsockopt_conf fails
Fixes: 3c4d755915 ("tls: kernel TLS support")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 12:03:47 -07:00
Sabrina Dubroca
86029d10af tls: zero the crypto information from tls_context before freeing
This contains key material in crypto_send_aes_gcm_128 and
crypto_recv_aes_gcm_128.

Introduce union tls_crypto_context, and replace the two identical
unions directly embedded in struct tls_context with it. We can then
use this union to clean up the memory in the new tls_ctx_free()
function.

Fixes: 3c4d755915 ("tls: kernel TLS support")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 12:03:47 -07:00
Sabrina Dubroca
7cba09c6d5 tls: don't copy the key out of tls12_crypto_info_aes_gcm_128
There's no need to copy the key to an on-stack buffer before calling
crypto_aead_setkey().

Fixes: 3c4d755915 ("tls: kernel TLS support")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 12:03:47 -07:00
Vasily Khoruzhick
f0e0d04413 neighbour: confirm neigh entries when ARP packet is received
Update 'confirmed' timestamp when ARP packet is received. It shouldn't
affect locktime logic and anyway entry can be confirmed by any higher-layer
protocol. Thus it makes sense to confirm it when ARP packet is received.

Fixes: 77d7123342 ("neighbour: update neigh timestamps iff update is effective")
Signed-off-by: Vasily Khoruzhick <vasilykh@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 12:01:29 -07:00
Roopa Prabhu
56a49d7048 net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
This fix addresses https://bugzilla.kernel.org/show_bug.cgi?id=201071

Commit 5025f7f7d5 wrongly relied on __dev_change_flags to notify users of
dev flag changes in the case when dev->rtnl_link_state = RTNL_LINK_INITIALIZED.
Fix it by indicating flag changes explicitly to __dev_notify_flags.

Fixes: 5025f7f7d5 ("rtnetlink: add rtnl_link_state check in rtnl_configure_link")
Reported-By: Liam mcbirnie <liam.mcbirnie@boeing.com>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 11:01:32 -07:00
Willy Tarreau
9824dfae57 net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
Fields ->dev and ->next of struct ipddp_route may be copied to
userspace on the SIOCFINDIPDDPRT ioctl. This is only accessible
to CAP_NET_ADMIN though. Let's manually copy the relevant fields
instead of using memcpy().

BugLink: http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.html
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 10:35:57 -07:00
Stephen Hemminger
018349d70f hv_netvsc: fix schedule in RCU context
When netvsc device is removed it can call reschedule in RCU context.
This happens because canceling the subchannel setup work could (in theory)
cause a reschedule when manipulating the timer.

To reproduce, run with lockdep enabled kernel and unbind
a network device from hv_netvsc (via sysfs).

[  160.682011] WARNING: suspicious RCU usage
[  160.707466] 4.19.0-rc3-uio+ #2 Not tainted
[  160.709937] -----------------------------
[  160.712352] ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section!
[  160.723691]
[  160.723691] other info that might help us debug this:
[  160.723691]
[  160.730955]
[  160.730955] rcu_scheduler_active = 2, debug_locks = 1
[  160.762813] 5 locks held by rebind-eth.sh/1812:
[  160.766851]  #0: 000000008befa37a (sb_writers#6){.+.+}, at: vfs_write+0x184/0x1b0
[  160.773416]  #1: 00000000b097f236 (&of->mutex){+.+.}, at: kernfs_fop_write+0xe2/0x1a0
[  160.783766]  #2: 0000000041ee6889 (kn->count#3){++++}, at: kernfs_fop_write+0xeb/0x1a0
[  160.787465]  #3: 0000000056d92a74 (&dev->mutex){....}, at: device_release_driver_internal+0x39/0x250
[  160.816987]  #4: 0000000030f6031e (rcu_read_lock){....}, at: netvsc_remove+0x1e/0x250 [hv_netvsc]
[  160.828629]
[  160.828629] stack backtrace:
[  160.831966] CPU: 1 PID: 1812 Comm: rebind-eth.sh Not tainted 4.19.0-rc3-uio+ #2
[  160.832952] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v1.0 11/26/2012
[  160.832952] Call Trace:
[  160.832952]  dump_stack+0x85/0xcb
[  160.832952]  ___might_sleep+0x1a3/0x240
[  160.832952]  __flush_work+0x57/0x2e0
[  160.832952]  ? __mutex_lock+0x83/0x990
[  160.832952]  ? __kernfs_remove+0x24f/0x2e0
[  160.832952]  ? __kernfs_remove+0x1b2/0x2e0
[  160.832952]  ? mark_held_locks+0x50/0x80
[  160.832952]  ? get_work_pool+0x90/0x90
[  160.832952]  __cancel_work_timer+0x13c/0x1e0
[  160.832952]  ? netvsc_remove+0x1e/0x250 [hv_netvsc]
[  160.832952]  ? __lock_is_held+0x55/0x90
[  160.832952]  netvsc_remove+0x9a/0x250 [hv_netvsc]
[  160.832952]  vmbus_remove+0x26/0x30
[  160.832952]  device_release_driver_internal+0x18a/0x250
[  160.832952]  unbind_store+0xb4/0x180
[  160.832952]  kernfs_fop_write+0x113/0x1a0
[  160.832952]  __vfs_write+0x36/0x1a0
[  160.832952]  ? rcu_read_lock_sched_held+0x6b/0x80
[  160.832952]  ? rcu_sync_lockdep_assert+0x2e/0x60
[  160.832952]  ? __sb_start_write+0x141/0x1a0
[  160.832952]  ? vfs_write+0x184/0x1b0
[  160.832952]  vfs_write+0xbe/0x1b0
[  160.832952]  ksys_write+0x55/0xc0
[  160.832952]  do_syscall_64+0x60/0x1b0
[  160.832952]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  160.832952] RIP: 0033:0x7fe48f4c8154

Resolve this by getting RTNL earlier. This is safe because the subchannel
work queue does trylock on RTNL and will detect the race.

Fixes: 7b2ee50c0c ("hv_netvsc: common detach logic")
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 10:30:26 -07:00
Bin Yang
831b624df1 pstore: Fix incorrect persistent ram buffer mapping
persistent_ram_vmap() returns the page start vaddr.
persistent_ram_iomap() supports non-page-aligned mapping.

persistent_ram_buffer_map() always adds offset-in-page to the vaddr
returned from these two functions, which causes incorrect mapping of
non-page-aligned persistent ram buffer.

By default ftrace_size is 4096 and max_ftrace_cnt is nr_cpu_ids. Without
this patch, the zone_sz in ramoops_init_przs() is 4096/nr_cpu_ids which
might not be page aligned. If the offset-in-page > 2048, the vaddr will be
in next page. If the next page is not mapped, it will cause kernel panic:

[    0.074231] BUG: unable to handle kernel paging request at ffffa19e0081b000
...
[    0.075000] RIP: 0010:persistent_ram_new+0x1f8/0x39f
...
[    0.075000] Call Trace:
[    0.075000]  ramoops_init_przs.part.10.constprop.15+0x105/0x260
[    0.075000]  ramoops_probe+0x232/0x3a0
[    0.075000]  platform_drv_probe+0x3e/0xa0
[    0.075000]  driver_probe_device+0x2cd/0x400
[    0.075000]  __driver_attach+0xe4/0x110
[    0.075000]  ? driver_probe_device+0x400/0x400
[    0.075000]  bus_for_each_dev+0x70/0xa0
[    0.075000]  driver_attach+0x1e/0x20
[    0.075000]  bus_add_driver+0x159/0x230
[    0.075000]  ? do_early_param+0x95/0x95
[    0.075000]  driver_register+0x70/0xc0
[    0.075000]  ? init_pstore_fs+0x4d/0x4d
[    0.075000]  __platform_driver_register+0x36/0x40
[    0.075000]  ramoops_init+0x12f/0x131
[    0.075000]  do_one_initcall+0x4d/0x12c
[    0.075000]  ? do_early_param+0x95/0x95
[    0.075000]  kernel_init_freeable+0x19b/0x222
[    0.075000]  ? rest_init+0xbb/0xbb
[    0.075000]  kernel_init+0xe/0xfc
[    0.075000]  ret_from_fork+0x3a/0x50

Signed-off-by: Bin Yang <bin.yang@intel.com>
[kees: add comments describing the mapping differences, updated commit log]
Fixes: 24c3d2f342 ("staging: android: persistent_ram: Make it possible to use memory outside of bootmem")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2018-09-13 09:14:57 -07:00
Cong Wang
f5b9bac745 net_sched: notify filter deletion when deleting a chain
When we delete a chain of filters, we need to notify
user-space we are deleting each filters in this chain
too.

Fixes: 32a4f5ecd7 ("net: sched: introduce chain object to uapi")
Cc: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 09:07:40 -07:00
Takashi Iwai
37a3a98ef6 ALSA: hda - Enable runtime PM only for discrete GPU
The recent change of vga_switcheroo allowed the runtime PM for
HD-audio on AMD GPUs, but this also resulted in a regression.  When
the HD-audio controller driver gets runtime-suspended, HD-audio link
is turned off, and the hotplug notification is ignored.  This leads to
the inconsistent audio state (the connection isn't notified and ELD is
ignored).

The best fix would be to implement the proper ELD notification via the
audio component, but it's still not ready.  As a quick workaround,
this patch adds the check of runtime_idle and allows the runtime
suspend only when the vga_switcheroo is bound with discrete GPU.
That is, a system with a single GPU and APU would be again without
runtime PM to keep the HD-audio link for the hotplug notification and
ELD read out.

Also, the codec->auto_runtime_pm flag is set only for the discrete GPU
at the time GPU gets bound via vga_switcheroo (i.e. only dGPU is
forcibly runtime-PM enabled), so that APU can still get the ELD
notification.

For identifying which GPU is bound, a new vga_switcheroo client
callback, gpu_bound, is implemented.  The vga_switcheroo simply calls
this when GPU is bound, and tells whether it's dGPU or APU.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200945
Fixes: 07f4f97d7b ("vga_switcheroo: Use device link for HDA controller")
Reported-by: Jian-Hong Pan <jian-hong@endlessm.com>
Tested-by: Jian-Hong Pan <jian-hong@endlessm.com>
Acked-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-09-13 17:58:30 +02:00
Juergen Gross
ad4f15dc2c xen/netfront: don't bug in case of too many frags
Commit 57f230ab04 ("xen/netfront: raise max number of slots in
xennet_get_responses()") raised the max number of allowed slots by one.
This seems to be problematic in some configurations with netback using
a larger MAX_SKB_FRAGS value (e.g. old Linux kernel with MAX_SKB_FRAGS
defined as 18 instead of nowadays 17).

Instead of BUG_ON() in this case just fall back to retransmission.

Fixes: 57f230ab04 ("xen/netfront: raise max number of slots in xennet_get_responses()")
Cc: stable@vger.kernel.org
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 08:22:15 -07:00
Xin Long
22d0bd82cc ipv6: use rt6_info members when dst is set in rt6_fill_node
In inet6_rtm_getroute, since Commit 93531c6743 ("net/ipv6: separate
handling of FIB entries from dst based routes"), it has used rt->from
to dump route info instead of rt.

However for some route like cache, some of its information like flags
or gateway is not the same as that of the 'from' one. It caused 'ip
route get' to dump the wrong route information.

In Jianlin's testing, the output information even lost the expiration
time for a pmtu route cache due to the wrong fib6_flags.

So change to use rt6_info members for dst addr, src addr, flags and
gateway when it tries to dump a route entry without fibmatch set.

v1->v2:
  - not use rt6i_prefsrc.
  - also fix the gw dump issue.

Fixes: 93531c6743 ("net/ipv6: separate handling of FIB entries from dst based routes")
Reported-by: Jianlin Shi <jishi@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-13 08:20:37 -07:00
Takashi Sakamoto
498fe23aad ALSA: oxfw: fix memory leak of private data
Although private data of sound card instance is usually allocated in the
tail of the instance, drivers in ALSA firewire stack allocate the private
data before allocating the instance. In this case, the private data
should be released explicitly at .private_free callback of the instance.

This commit fixes memory leak following to the above design.

Fixes: 6c29230e2a ('ALSA: oxfw: delayed registration of sound card')
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-09-13 15:15:39 +02:00
Takashi Sakamoto
8d28277c06 ALSA: firewire-tascam: fix memory leak of private data
Although private data of sound card instance is usually allocated in the
tail of the instance, drivers in ALSA firewire stack allocate the private
data before allocating the instance. In this case, the private data
should be released explicitly at .private_free callback of the instance.

This commit fixes memory leak following to the above design.

Fixes: b610386c8a ('ALSA: firewire-tascam: deleyed registration of sound card')
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-09-13 15:14:39 +02:00
Takashi Sakamoto
a49a83ab05 ALSA: firewire-digi00x: fix memory leak of private data
Although private data of sound card instance is usually allocated in the
tail of the instance, drivers in ALSA firewire stack allocate the private
data before allocating the instance. In this case, the private data
should be released explicitly at .private_free callback of the instance.

This commit fixes memory leak following to the above design.

Fixes: 86c8dd7f4d ('ALSA: firewire-digi00x: delayed registration of sound card')
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-09-13 15:12:57 +02:00
Linus Torvalds
54eda9df17 pci-v4.19-fixes-1
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAluZ1pkUHGJoZWxnYWFz
 QGdvb2dsZS5jb20ACgkQWYigwDrT+vxllw//R9UVckBvd7AUseb/8EMUt3GIqvhy
 xy9thJy9cygQF+6Ti9K9TA4aTTriyW7Ur4/lvlSnciffYiZhydaR6MJEgO9+C3wa
 v/Ev9dUHYANVT8z3Q7KVwu1KaNXcb3RBIs0rg0BAqJUzhMNZo4i5NJzxTC5DvnzB
 P8brxz8Oa+IiAdBkJyDDuJ7QK+yIiApcbYWdcnAEwuSxTh3vBSEFjr9hks6TPZUd
 Vp5k2kYOdaslBBKg2yRqK3NcUaWNVpoqXJkVnFpfd6OA3aDPQ79t20se5lkMbpK+
 CbbXWgE2LXnh0wfTDx1nexD9/PbkGHO+NxKX0LRHnedBbWGlOoQVoaXIe/7x79cX
 EWyDG+r0SC5QD5Paj/OtD+Is98PsP5AUiddxnZRUnyIZlJHe9Ja8vV0SuAus8Pjt
 E5AarnLVLrCZGU3XIqj4vy1Kh12TZp2ZaBdFnNkdW+cL7XcRHm9wTEtn4COJKKy5
 MvW2VnEMbIy+JmXZ16R67Ggc9/yU6W/qjzauw0+BkdJSHnrKWRDkfVcuSYf7LquD
 INcTpRekBEPyrgsc5IRvJc+UE7AXUYPpkJ6VkNNwXuB+AVB/3s7LjTEoboWYEp1Y
 QSC4BYClEaUVStgQQ7mTRzvIacIIoYQcEhTJOLVZ2R2o4bWJxZ8Aio2sT2MssZfL
 S6/6csccKXNLS+E=
 =oXm8
 -----END PGP SIGNATURE-----

Merge tag 'pci-v4.19-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fixes from Bjorn Helgaas:

 - Add Tyrel Datwyler as maintainer for PPC64 RPA hotplug (Tyrel
   Datwyler)

 - Add Gustavo Pimentel as DesignWare PCI maintainer (Joao Pinto)

 - Fix a Switchtec Spectre v1 vulnerability (Gustavo A. R. Silva)

 - Revert an unnecessary Intel 300 ACS quirk (Mika Westerberg)

 - Fix pciehp hot-add/powerfault detection that left indicators in wrong
   state (Keith Busch)

 - Fix pci_reset_bus() logic error (Dennis Dalessandro)

 - Revert IB/hfi1 PCI reset change that caused a deadlock (Dennis
   Dalessandro)

 - Allow enabling PASID on Root Complex Integrated Endpoints (Felix
   Kuehling)

* tag 'pci-v4.19-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: Fix enabling of PASID on RC integrated endpoints
  IB/hfi1,PCI: Allow bus reset while probing
  PCI: Fix faulty logic in pci_reset_bus()
  PCI: pciehp: Fix hot-add vs powerfault detection order
  switchtec: Fix Spectre v1 vulnerability
  Revert "PCI: Add ACS quirk for Intel 300 series"
  MAINTAINERS: Add Gustavo Pimentel as DesignWare PCI maintainer
  MAINTAINERS: Add entries for PPC64 RPA PCI hotplug drivers
2018-09-12 19:39:56 -10:00
Linus Torvalds
d3bd5973c7 A few fixes that came around or after the merge window, except
for cd2315d "ipmi: kcs_bmc: don't change device name" which is for a
 driver that very few people use, and those people need the change.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJbmb2pAAoJEGHzjJCRm/+B73kP/j+dbKDEYJoBzHl+ni7yJNnv
 gfmmJ8mmjB0ia7Y8rAcd3VkyzUnTtRliHs8j78VLmMHHOfQYR55xWbJmV53qJnTA
 umq4SaDpmLAxnCxRlmaB6/s2HvMFVXWzgs4Ke8xVqA8cL37i/JDyHBe1wc+xkZcB
 6rj5Sg8WgJTsbybTOCDvSAN99tdo5o8TjfTLk94isVuEbFz/3qcsIxdofJQvYwJ8
 c/TC5zVY6pvUmTZEl6bIBT1GzLRnrCpijM4GBsmKCrL/ZRb+UW/vryWUcKMxs6oY
 IhCfXAM6rl83cgfH6SHZjjruDMnUFZxpyQvR+bqEnZpp3RJ5D5SQQkLNMwrR9cCV
 wdIz/n+LYATbiSOUJgJOlFsjUv1xQ4V1F92Krln8Kir/+rDkkb/75mBS7edNl606
 iPQDdrg193Rz8xEqmuf9CcmRsft+9QxcdzsSOt8ZZQSHIS1TAyQc1pwtkFeyExXP
 n1CVbx3+toX2J9LGfUq0h4ntcEcfW9qZRz8gAhZ4Gj5S4N3ih2KU2xo8lRQ+HRAk
 8XGnSy/6IidnPn/r7onvC37RoDNltSPELm1CZxt510dZWX0GQw6G5e/TParjbvqY
 3HsJZ3fGsWyzCDcblfBS010Rdz4K4vb2KFZ1da4Xrt568g1ciLY/BJrrn6ltSif/
 hmxDJ/KY4iMfwiPz/E20
 =nuBB
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.19' of git://github.com/cminyard/linux-ipmi

Pull IPMI bugfixes from Corey Minyard:
 "A few fixes that came around or after the merge window, except for
  commit cd2315d471 ("ipmi: kcs_bmc: don't change device name") which
  is for a driver that very few people use, and those people need the
  change"

* tag 'for-linus-4.19' of git://github.com/cminyard/linux-ipmi:
  ipmi: Fix NULL pointer dereference in ssif_probe
  ipmi: Fix I2C client removal in the SSIF driver
  ipmi: Move BT capabilities detection to the detect call
  ipmi: Rework SMI registration failure
  ipmi: kcs_bmc: don't change device name
2018-09-12 19:33:56 -10:00
Brijesh Singh
3702a0585e crypto: ccp - add timeout support in the SEV command
Currently, the CCP driver assumes that the SEV command issued to the PSP
will always return (i.e. it will never hang).  But recently, firmware bugs
have shown that a command can hang.  Since of the SEV commands are used
in probe routines, this can cause boot hangs and/or loss of virtualization
capabilities.

To protect against firmware bugs, add a timeout in the SEV command
execution flow.  If a command does not complete within the specified
timeout then return -ETIMEOUT and stop the driver from executing any
further commands since the state of the SEV firmware is unknown.

Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gary Hook <Gary.Hook@amd.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-09-13 13:27:43 +08:00
Linus Torvalds
7428b2e5d0 nouveau runpm and MST race fixes.
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbmLg2AAoJEAx081l5xIa+794QAJeBd7XnrQtMS+BWMet0G4Dh
 yY1t3LAsP75GiyI73Zbf1mWIdNk1hxli9+9+XVSrK9Yt2oh/AD+Q8BBGW7V3b17S
 BvpAhKdQNJut8NskfTKvFE5lz/oMrJCKYFYh/vwigfOXo9ELg9imUcKMQJqHLzPP
 SEiS4EgQ00h97FSodqYLj8E8sSIGx61xKkCBgczcpXq6SrxQAIZGW0Ut7cKUebl+
 VON1sccI6xKCqVHqv/mqkm/Cugc5c6bj+AUII9NvXljAKptNjb8c813XbjwCCfzC
 5OMX084ZXl94jAbqZjJXDYu640tkUpx1+o3eJZOfWz4dM7oTWU59+AHxytQWmF8P
 T73o9+r93cQSP0YUb070LkSPr/YSBldb3PFk22mzRX1kHeHPuLzMGGr37Xj/3RI9
 Uilddus6n2S7JzLdPl3RNLnDfVwRopc/E7VUbUCMDKrbHjV2tvsyZvBDDgPXCU68
 cxG/VXKQsa4yicMbXUCjl+vGwaXZLve1wGGx/ee9Ooaqa7b7L297NWpxqhl3PjhL
 G2gySbwa7gItRPw34fhNlzmEoNFk+JyAp3EOYOZQM78+IBKRSwhDVJOrbAjY+H1F
 c+sUOdBk+yLQ15MVbhFeq+1puJETnV3ZmJgHjNDUUhRcJamilqfLBNiNUfGm4Pqp
 9E8QZTq8BgZqWJE9ep0m
 =GbIW
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2018-09-12' of git://anongit.freedesktop.org/drm/drm

Pull drm nouveau fixes from Dave Airlie:
 "I'm sending this separately as it's a bit larger than I generally like
  for one driver, but it does contain a bunch of make my nvidia laptop
  not die (runpm) and a bunch to make my docking station and monitor
  display stuff (mst) fixes.

  Lyude has spent a lot of time on these, and we are putting the fixes
  into distro kernels as well asap, as it helps a bunch of standard
  Lenovo laptops, so I'm fairly happy things are better than they were
  before these patches, but I decided to split them out just for
  clarification"

* tag 'drm-fixes-2018-09-12' of git://anongit.freedesktop.org/drm/drm:
  drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels
  drm/nouveau/disp: fix DP disable race
  drm/nouveau/disp: move eDP panel power handling
  drm/nouveau/disp: remove unused struct member
  drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
  drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer
  drm/nouveau: fix oops in client init failure path
  drm/nouveau: Fix nouveau_connector_ddc_detect()
  drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload
  drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
  drm/nouveau: Reset MST branching unit before enabling
  drm/nouveau: Only write DP_MSTM_CTRL when needed
  drm/nouveau: Remove useless poll_enable() call in drm_load()
  drm/nouveau: Remove useless poll_disable() call in switcheroo_set_state()
  drm/nouveau: Remove useless poll_enable() call in switcheroo_set_state()
  drm/nouveau: Fix deadlocks in nouveau_connector_detect()
  drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
  drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests
  drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()
  drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
2018-09-12 17:36:47 -10:00
Linus Torvalds
67b076095d Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Fix up several Kconfig dependencies in netfilter, from Martin Willi
    and Florian Westphal.

 2) Memory leak in be2net driver, from Petr Oros.

 3) Memory leak in E-Switch handling of mlx5 driver, from Raed Salem.

 4) mlx5_attach_interface needs to check for errors, from Huy Nguyen.

 5) tipc_release() needs to orphan the sock, from Cong Wang.

 6) Need to program TxConfig register after TX/RX is enabled in r8169
    driver, not beforehand, from Maciej S. Szmigiero.

 7) Handle 64K PAGE_SIZE properly in ena driver, from Netanel Belgazal.

 8) Fix crash regression in ip_do_fragment(), from Taehee Yoo.

 9) syzbot can create conditions where kernel log is flooded with
    synflood warnings due to creation of many listening sockets, fix
    that. From Willem de Bruijn.

10) Fix RCU issues in rds socket layer, from Cong Wang.

11) Fix vlan matching in nfp driver, from Pieter Jansen van Vuuren.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (59 commits)
  nfp: flower: reject tunnel encap with ipv6 outer headers for offloading
  nfp: flower: fix vlan match by checking both vlan id and vlan pcp
  tipc: check return value of __tipc_dump_start()
  s390/qeth: don't dump past end of unknown HW header
  s390/qeth: use vzalloc for QUERY OAT buffer
  s390/qeth: switch on SG by default for IQD devices
  s390/qeth: indicate error when netdev allocation fails
  rds: fix two RCU related problems
  r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
  erspan: fix error handling for erspan tunnel
  erspan: return PACKET_REJECT when the appropriate tunnel is not found
  tcp: rate limit synflood warnings further
  MIPS: lantiq: dma: add dev pointer
  netfilter: xt_hashlimit: use s->file instead of s->private
  netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT
  netfilter: cttimeout: ctnl_timeout_find_get() returns incorrect pointer to type
  netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT
  netfilter: conntrack: reset tcp maxwin on re-register
  qmi_wwan: Support dynamic config on Quectel EP06
  ethernet: renesas: convert to SPDX identifiers
  ...
2018-09-12 17:32:50 -10:00
Ben Skeggs
3483f08106 drm/nouveau/devinit: fix warning when PMU/PRE_OS is missing
Messed up when sending pull request and sent an outdated version of
previous patch, this fixes it up to remove warnings.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2018-09-13 10:56:58 +10:00
Jens Axboe
b228ba1cb9 null_blk: fix zoned support for non-rq based operation
The supported added for zones in null_blk seem to assume that only rq
based operation is possible. But this depends on the queue_mode setting,
if this is set to 0, then cmd->bio is what we need to be operating on.
Right now any attempt to load null_blk with queue_mode=0 will
insta-crash, since cmd->rq is NULL and null_handle_cmd() assumes it to
always be set.

Make the zoned code deal with bio's instead, or pass in the
appropriate sector/nr_sectors instead.

Fixes: ca4b2a0119 ("null_blk: add zone support")
Tested-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-09-12 18:21:11 -06:00
Dan Carpenter
097f5863b1 cifs: read overflow in is_valid_oplock_break()
We need to verify that the "data_offset" is within bounds.

Reported-by: Dr Silvio Cesare of InfoSect <silvio.cesare@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-09-12 17:13:34 -05:00
Tushar Dave
4c3d795cb0 bpf: use __GFP_COMP while allocating page
Helper bpg_msg_pull_data() can allocate multiple pages while
linearizing multiple scatterlist elements into one shared page.
However, if the shared page has size > PAGE_SIZE, using
copy_page_to_iter() causes below warning.

e.g.
[ 6367.019832] WARNING: CPU: 2 PID: 7410 at lib/iov_iter.c:825
page_copy_sane.part.8+0x0/0x8

To avoid above warning, use __GFP_COMP while allocating multiple
contiguous pages.

Fixes: 015632bb30 ("bpf: sk_msg program helper bpf_sk_msg_pull_data")
Signed-off-by: Tushar Dave <tushar.n.dave@oracle.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2018-09-12 23:47:28 +02:00
Alexei Starovoitov
dd066823db bpf/verifier: disallow pointer subtraction
Subtraction of pointers was accidentally allowed for unpriv programs
by commit 82abbf8d2f. Revert that part of commit.

Fixes: 82abbf8d2f ("bpf: do not allow root to mangle valid pointers")
Reported-by: Jann Horn <jannh@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2018-09-12 23:30:02 +02:00
David S. Miller
4851bfd64d Merge branch 'nfp-flower-fixes'
Jakub Kicinski says:

====================
nfp: flower: fixes for flower offload

Two fixes for flower matching and tunnel encap.  Pieter fixes
VLAN matching if the entire VLAN id is masked out and match
is only performed on the PCP field.  Louis adds validation of
tunnel flags for encap, most importantly we should not offload
actions on IPv6 tunnels if it's not supported.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-12 13:18:30 -07:00
Louis Peens
224de549f0 nfp: flower: reject tunnel encap with ipv6 outer headers for offloading
This fixes a bug where ipv6 tunnels would report that it is
getting offloaded to hardware but would actually be rejected
by hardware.

Fixes: b27d6a95a7 ("nfp: compile flower vxlan tunnel set actions")
Signed-off-by: Louis Peens <louis.peens@netronome.com>
Reviewed-by: John Hurley <john.hurley@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-12 13:18:30 -07:00
Pieter Jansen van Vuuren
db191db813 nfp: flower: fix vlan match by checking both vlan id and vlan pcp
Previously we only checked if the vlan id field is present when trying
to match a vlan tag. The vlan id and vlan pcp field should be treated
independently.

Fixes: 5571e8c9f2 ("nfp: extend flower matching capabilities")
Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-12 13:18:30 -07:00
Cong Wang
12a78b026f tipc: check return value of __tipc_dump_start()
When __tipc_dump_start() fails with running out of memory,
we have no reason to continue, especially we should avoid
calling tipc_dump_done().

Fixes: 8f5c5fcf35 ("tipc: call start and done ops directly in __tipc_nl_compat_dumpit()")
Reported-and-tested-by: syzbot+3f8324abccfbf8c74a9f@syzkaller.appspotmail.com
Cc: Jon Maloy <jon.maloy@ericsson.com>
Cc: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-12 13:15:04 -07:00
David S. Miller
6b4d24de29 Merge branch 'qeth-fixes'
Julian Wiedmann says:

====================
s390/qeth: fixes 2018-09-12

please apply the following qeth fixes for -net.

Patch 1 resolves a regression in an error path, while patch 2 enables
the SG support by default that was newly introduced with 4.19.
Patch 3 takes care of a longstanding problem with large-order
allocations, and patch 4 fixes a potential out-of-bounds access.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-12 13:12:52 -07:00
Julian Wiedmann
0ac1487c4b s390/qeth: don't dump past end of unknown HW header
For inbound data with an unsupported HW header format, only dump the
actual HW header. We have no idea how much payload follows it, and what
it contains. Worst case, we dump past the end of the Inbound Buffer and
access whatever is located next in memory.

Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-12 13:12:51 -07:00