Commit Graph

767641 Commits

Author SHA1 Message Date
Johan Hovold 01b3cdfca2 USB: serial: keyspan_pda: fix modem-status error handling
Fix broken modem-status error handling which could lead to bits of slab
data leaking to user space.

Fixes: 3b36a8fd67 ("usb: fix uninitialized variable warning in keyspan_pda")
Cc: stable <stable@vger.kernel.org>     # 2.6.27
Signed-off-by: Johan Hovold <johan@kernel.org>
2018-07-06 10:32:14 +02:00
Linus Torvalds c42c12a905 amdgpu, i915, exynos, udl, sii8620 and core fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbPsIxAAoJEAx081l5xIa+assP/3i3tpzxASSaONcMoIzNFSv7
 8IXTKIaQpoIidhlh4M4i4xhvDoSLzZnB9Y/ITw9a2piceyTB0Oa1VmxDeYp9PqR1
 jM5Vuqt+WUSoxYAvwdqxbeMuTHY3C2Ff3POcW/siG/Bl0HIV+ajdvPIsh/Gy0/b9
 Q1G0YzZgH7D/VHaUipdjDtsFY+f2YSgM3p618P2A/lDP8WRW66y4CUNDdPPQ+UjU
 hLFyumOvywVHtvuDToeQezHrvbAbeYunt9nGx8RzPgL9X6m5+uX68y+HSxhcxR5T
 rzb5ozeFLT6R+7VKbY9XgXHTxuMQDEeEQQge6iWMDyBGIhfixW3BoH462spkfaCB
 6YceH3y2SsfSOPGax1wmUCQVUAFvPuUYPZv1D356f8AEEtpRTkrqkMd4QuAF9L7M
 Yvx7fhbWjIw3G0m4Sj6HYyBjRDzBSz1QiIq9W05+4EghGQAJ/2TcsXx7BApZz9VH
 01UawXxsurG6Z7JuIXiG7CdSCYklqi3RMnBlDG9TLLfLqzwpwpPjdQ4m7KZQk2dN
 8FoQKMfjzZsuDFVXtCCNEOf9khImiE31335rLvDAIYPqEDmhJb1Xu6r6UWCMgQgx
 iEqCJ4SSWjR6wpwcWB4cZ+7Lb8QlmZ3JgqtaoJ3a23C5lIN4lgyrtrHHsGLb4+j2
 q0vL5pN3uqSCIOeBOpzk
 =v25Z
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2018-07-06' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "This is the drm fixes for rc4.

  It's a bit larger than I'd like but the exynos cleanups are pretty
  mechanical, and I'd rather have them in sooner rather than later so we
  can avoid too much conflicts around them. The non-mechanincal exynos
  changes are mostly fixes for new feature recently introduced.

  Apart from the exynos updates, we have:

  i915:
   - GVT and GGTT mapping fixes

  amdgpu:
   - fix HDMI2.0 4K@60 Hz regression
   - Hotplug fixes for dual-GPU laptops to make power management better
   - misc vega12 bios fixes, a race fix and some typos.

  sii8620 bridge:
   - small fixes around mode setting

  core:
   - use kvzalloc to allocate blob property memory"

* tag 'drm-fixes-2018-07-06' of git://anongit.freedesktop.org/drm/drm: (34 commits)
  drm/amd/display: add a check for display depth validity
  drm/amd/display: adding ycbcr420 pixel encoding for hdmi
  drm/udl: fix display corruption of the last line
  drm/bridge/sii8620: Fix link mode selection
  drm/bridge/sii8620: Fix display of packed pixel modes
  drm/bridge/sii8620: Send AVI infoframe in all MHL versions
  drm/amdgpu: fix user fence write race condition
  drm/i915: Try GGTT mmapping whole object as partial
  drm/amdgpu/pm: fix display count in non-DC path
  drm/amdgpu: fix swapped emit_ib_size in vce3
  drm: Use kvzalloc for allocating blob property memory
  drm/i915/gvt: changed DDI mode emulation type
  drm/i915/gvt: fix a bug of partially write ggtt enties
  drm/exynos: Replace drm_dev_unref with drm_dev_put
  drm/exynos: Replace drm_gem_object_unreference_unlocked with put function
  drm/exynos: Replace drm_framebuffer_{un/reference} with put,get functions
  drm/exynos: ipp: use correct enum type
  drm/exynos: decon5433: Fix WINCONx reset value
  drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
  drm/exynos: fimc: Use real buffer width for configuring the hardware
  ...
2018-07-05 19:43:29 -07:00
Dan Williams 33cc2c9667 acpi, nfit: Fix scrub idle detection
The notification of scrub completion happens within the scrub workqueue.
That can clearly race someone running scrub_show() and work_busy()
before the workqueue has a chance to flush the recently completed work.
Add a flag to reliably indicate the idle vs busy state. Without this
change applications using poll(2) to wait for scrub-completion may
falsely wakeup and read ARS as being busy even though the thread is
going idle and then hang indefinitely.

Fixes: bc6ba80858 ("nfit, address-range-scrub: rework and simplify ARS...")
Cc: <stable@vger.kernel.org>
Reported-by: Vishal Verma <vishal.l.verma@intel.com>
Tested-by: Vishal Verma <vishal.l.verma@intel.com>
Reported-by: Lukasz Dorau <lukasz.dorau@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2018-07-05 19:33:53 -07:00
Linus Torvalds 97f4e14229 While cleaning out my INBOX, I found a few patches that were lost
in the noise. These are minor bug fixes and clean ups. Those include:
 
  - Avoiding a string overflow
  - Code that didn't match the comment (but should)
  - A small code optimization (use of a conditional)
  - Quieting printf warnings
  - Nuking unused code
  - Fixing function graph interrupt annotation
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCWz7ARhQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qmMqAQDTS7uvFLRR603WXyOazX6Y7FeiYFWp
 MUUZjnbG9u0bawEAulW53AM0OL3EAAaZKtPi8VtsT+uktR1GIynXrp+yoww=
 =yQDv
 -----END PGP SIGNATURE-----

Merge tag 'trace-v4.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fixes and cleanups from Steven Rostedt:
 "While cleaning out my INBOX, I found a few patches that were lost in
  the noise. These are minor bug fixes and clean ups. Those include:

   - avoid a string overflow

   - code that didn't match the comment (but should)

   - a small code optimization (use of a conditional)

   - quiet printf warnings

   - nuke unused code

   - fix function graph interrupt annotation"

* tag 'trace-v4.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing: Fix missing return symbol in function_graph output
  ftrace: Nuke clear_ftrace_function
  tracing: Use __printf markup to silence compiler
  tracing: Optimize trace_buffer_iter() logic
  tracing: Make create_filter() code match the comments
  tracing: Avoid string overflow
2018-07-05 19:29:07 -07:00
Dave Airlie c78d1f9d95 Fixups
- Fix several problems to IPPv2 merged to mainline recentely.
   . An align problem of width size that IPP driver incorrectly
     calculated the real buffer size.
   . Horizontal and vertical flip problem.
   . Per-plane global alpha for XRGB modes.
   . Incorrect variant of the YUV modes.
 - Fix plane overlapping problem.
   . The stange order of overlapping planes on XRGB modes
     by setting global alpha value to maximum value.
 
 Cleanup
 - Rename a enum type, drm_ipp_size_id, to one specific to Exynos,
   drm_exynos_ipp_limit_type.
 - Replace {un/reference} with {put,get} functions.
   . it replaces several reference/unreference functions with Linux
     kernel nameing standard.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJbOcEtAAoJEFc4NIkMQxK4fOIQALMX/zww/9iqbLmQCE0q1Idi
 VmEV/os/Is0yxYXndluKbSVrRlf4bi54ETATOVoxuIlBxPwbJn3q7CdXbOUsc123
 1n5PThLW9g7L9/oIPRgYXDn80rSdoy9AvR04f24AbP95xkCwLosxKOpMkFia9irH
 jaYXDuP0hxHXeMCt8B18OUM0JhY9rad7yPJgRINeFfRAWe1+qPoR68HeztVLCi4G
 f6VBkgoKDGH8ngQIEtkC0p6ouN/z8kcVtcA5Ob9KIld9hnztU84I7sidP4StkPUS
 kvbICe2ro7xPbEIRDn7AzjYAmPJHJEHxKrvbDlOoRGhRuqHHK8HyRhIiOsFYPZgW
 liGVXUvEaV7WjaSL6eAtzSxaLsPC9Z7lj0Ry/x/P+aZrREceaOkOI23C0g13zmPs
 MCVVnt0asJDPxI2o1epy1AQoAnaVVshuJhpRQYBvYhiNcL7JLyooczGuROFVkQ2q
 Chg9wgM8R5LEh6vnt7ZZHmD3bSsIY0OUzoQvoF1WP1EIItusYw5DQNL4CrbQY1rb
 oooz8UP+rGiPKnfZcNruBrT13EQdOE7dz26W+cHRjmZmDDU/8QDnaSnLqD3xr6Yv
 2vTyaB8pWWZttih01tADkDqA+rmRnd3ffyA1Zjwzv7Tey6pW8uqiSwoZrAZuj7ek
 aq0SJRXt6dvoY6nDFy5R
 =+7bq
 -----END PGP SIGNATURE-----

Merge tag 'exynos-drm-fixes-for-v4.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes

Fixups
- Fix several problems to IPPv2 merged to mainline recentely.
  . An align problem of width size that IPP driver incorrectly
    calculated the real buffer size.
  . Horizontal and vertical flip problem.
  . Per-plane global alpha for XRGB modes.
  . Incorrect variant of the YUV modes.
- Fix plane overlapping problem.
  . The stange order of overlapping planes on XRGB modes
    by setting global alpha value to maximum value.

Cleanup
- Rename a enum type, drm_ipp_size_id, to one specific to Exynos,
  drm_exynos_ipp_limit_type.
- Replace {un/reference} with {put,get} functions.
  . it replaces several reference/unreference functions with Linux
    kernel nameing standard.

Signed-off-by: Dave Airlie <airlied@redhat.com>

Link: https://patchwork.freedesktop.org/patch/msgid/1530512041-21392-1-git-send-email-inki.dae@samsung.com
2018-07-06 10:47:02 +10:00
Dave Airlie c8440a70bd Merge branch 'drm-fixes-4.18' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
- Fix an HDMI 2.0 4k@60 regression
- Hotplug fixes for PX/HG laptops
- Fixes for vbios changes in vega12
- Fix a race in the user fence code
- Fix a couple of misc typos

Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180705155206.2752-1-alexander.deucher@amd.com
2018-07-06 10:44:43 +10:00
Dave Airlie 0581a5cb06 A couple of GVT fixes, and a GGTT mmapping fix.
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEFWWmW3ewYy4RJOWc05gHnSar7m8FAls+DhEACgkQ05gHnSar
 7m/QRA/8CmWdYgRLWT9gc2OB8uWVWsKyMeO5Uvoy/3lnWPlmFO4J6wvOptVSxlfh
 yR89jIoxdb4204P5vjuI3dHD5WQFCiQzDTP438oIhFxc6KXr2osDMoy1laIpG31v
 XrV7dXk3lGOdkP+l6es0L4xo2IHpR9NLNtb61HNHmJFbsAPONG55wUW0VNDx17DY
 DyhyZtnI8Y+WZ8it95dn1E11MgKrQIpHKeWqAhJor2XaS6vHJkfzJFuNQh2V1dKm
 n9IbE1YexaYxC6ky7CEbDuSBu23NVsqZ0+QUHoq2qGj7s2i5PBzahCPZ+9TltypF
 fTCjtpXEhO3E2LCSUm/JEmZbl8zgKEzDBSRW/XMU2ryQby+AVTvtHIaFn9G1B8Ax
 dv0QCisNWmvA9m+jq2NfblffoD5aY0ME1eb6wKYf5XDIq8uysXHgSXP/3riaNcBb
 z4j/Bvf+qaBwxuOrbeZvwsjR8sgBxZR8sazUtUF1baiUODbya4dmWSiuQrBrDPtS
 5ZPw/glQhKcyFhAIN014Tn4opgbWnlMOgRaJOqb5EQ4tEcr6sCsiQBqgOE+A5eMR
 TWl27CsKkBvAthgemvLudlEdYkOe2OKwmUCuHhdYQAFL/nV4QzfP+7hpo17M8BIt
 hMYqmxf9pfHXILUkgDgv98q95ZaDkic5Aaa9nUQZVJ7iUQGpeZ0=
 =Euzf
 -----END PGP SIGNATURE-----

Merge tag 'drm-intel-fixes-2018-07-05' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

A couple of GVT fixes, and a GGTT mmapping fix.

Signed-off-by: Dave Airlie <airlied@redhat.com>

Link: https://patchwork.freedesktop.org/patch/msgid/8736wxq35t.fsf@intel.com
2018-07-06 10:44:09 +10:00
Dave Airlie b7716735bb Fixes for v4.18-rc4:
- A few small fixes for the sii8620 bridge.
 - Allocate blob property memory using kvzalloc instead of kmalloc.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEuXvWqAysSYEJGuVH/lWMcqZwE8MFAls+Gq4ACgkQ/lWMcqZw
 E8PrGxAAiDFICLETi/mmVNleRvmhYKiJIOIgyk6KlVg2EwGuYvJfU3WHmzdrV8rA
 6WPPiVoPI4KKYARBqS1nQCDByWx0ZJ+AXrJLpkzfctCKJGnBQKRjsykwD1jmoeY9
 EgXJbjLUbIpFzo4aeNUEuezXuFWQFuzRA+5EySiK5njE3wqowoRkX2m4yDRDayFH
 HgQzhIAl3iEQqx2lgmVo1Pn/yiPMev2kXFr6TIdGs8u2ompKSpFNTYdunjmfh45X
 m77lVx9OkynETnoIqo5sy+YGW+Hzc0II/Re+HBmqbSPc3TJOErzHJikMUd2NnLsi
 GAP5LnGuQAFiN7FqCiNxAyl+OtbDdw7MEWxCr2ec41vNOyLGbBN7Aqb7a68pAH8M
 MJcOnbinYpZns6FVsR8ZP5HW9jWvow4NWBKx2R7n2g2ysMed4N2EKEHznxPhvGVu
 f1b0PoBodZ/SdOuVsli4sHrn5iOxhYZF2S/ynhgsxjSeQ4gXpUMXgs9US5be7L0C
 DVxUIMYk5Nyhg2LCz/eHQnyT/hLj4VjvbYFsDgSWCJAO/u3QRuVPGDKLnDI6MOXH
 3+8z/3zkviz0dTKilY6v5EfnpFmGXmGNIj/DlnmpHstfJ8rwm2haaeauQZ00Uj1R
 namWJIwjxbRG539UhGPXYGW3+UTyHpzBhlrk9GXTawQ2iPfh2EU=
 =bfQR
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2018-07-05' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

Fixes for v4.18-rc4:
- A few small fixes for the sii8620 bridge.
- Allocate blob property memory using kvzalloc instead of kmalloc.

Signed-off-by: Dave Airlie <airlied@redhat.com>

Link: https://patchwork.freedesktop.org/patch/msgid/4267636e-bb7c-8f69-eeff-12e045b3e7e1@linux.intel.com
2018-07-06 10:41:29 +10:00
Olof Johansson f0463f3619 Fixes for omap for v4.18-rc cycle
Few dts fixes for regressions for various SoCs and
 devices for touchscreen wake, dra7 USB quirk, pinmux
 for beaglebone mmc, and emac clock.
 
 Also included is a change for ti-sysc to use kcalloc
 that Kees wanted to get into v4.18 as that's the last
 one he wanted to fix for improved defense against
 allocation overflows.
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEkgNvrZJU/QSQYIcQG9Q+yVyrpXMFAls92woRHHRvbnlAYXRv
 bWlkZS5jb20ACgkQG9Q+yVyrpXNM/g//ZB5+qrF+798I0EGpL92ZX1nq/8ZudpRl
 A/E4o/mYJ6ltKMhIT96yYTBmd1Vz6FB54UK/5WZtHAKl14WyTIcncj7g0Cd+dMlj
 KvXnZIdyUdK1WIrPzDzGSPWxuVbq8n2dkqee51QApNK7eYsUyDt/xmmUr+SX426u
 C4Yit4ff7GY16qQuRgcwuISuAE6rP7o4iPak0nNnB+8v6ghjXSsteC9VVzaE7ATa
 cW2+cR7nlzYkoTcWkBjv99htcm5/wT5VF+ugeVtgUswyRalLV9FOeTvwEtghCnIc
 Eo8zHGwLy2lvDI9QlboBEnmwLHtw0uUrdLLAS2tBJ4053ojCxJcNq5h4f6pcFjHC
 OjjKp/7TDI7xXHjWTuj4D4zLHbEzDag9kNmAk0eN3LfH3iQK6uTc1vLQT28sC2nC
 gvEodrvXqD0v4IQF8EVZ9n2feVc3lRj2b2FuXfcdNHXITrFSiL+P4lyYPmMPkMOn
 VevqLJ0xxUiRWr0GFeBQkBjZzDs7x9Rpk4qhXcsOBnB261aePvpMM8k875TmcU9s
 k+a1JQn3s7SuAoUvPa1AltEkmYRzPyPHszJC312izW9yMpMZUI0nS0gVZSKuL5Gg
 sFEmc1WevyoUhctebvR778wRl/41PMLGmMSTX5HVzcZpbEFxFJTLBH9AbaV3pblj
 V6UGlXvOS7s=
 =H1MU
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-v4.18/fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes

Fixes for omap for v4.18-rc cycle

Few dts fixes for regressions for various SoCs and
devices for touchscreen wake, dra7 USB quirk, pinmux
for beaglebone mmc, and emac clock.

Also included is a change for ti-sysc to use kcalloc
that Kees wanted to get into v4.18 as that's the last
one he wanted to fix for improved defense against
allocation overflows.

* tag 'omap-for-v4.18/fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: dts: omap3: Fix am3517 mdio and emac clock references
  ARM: dts: am335x-bone-common: Fix mmc0 Write Protect
  bus: ti-sysc: Use 2-factor allocator arguments
  ARM: dts: dra7: Disable metastability workaround for USB2
  ARM: dts: am437x: make edt-ft5x06 a wakeup source

Signed-off-by: Olof Johansson <olof@lixom.net>
2018-07-05 14:59:20 -07:00
Paul Burton 523402fa91
MIPS: Fix ioremap() RAM check
We currently attempt to check whether a physical address range provided
to __ioremap() may be in use by the page allocator by examining the
value of PageReserved for each page in the region - lowmem pages not
marked reserved are presumed to be in use by the page allocator, and
requests to ioremap them fail.

The way we check this has been broken since commit 92923ca3aa ("mm:
meminit: only set page reserved in the memblock region"), because
memblock will typically not have any knowledge of non-RAM pages and
therefore those pages will not have the PageReserved flag set. Thus when
we attempt to ioremap a region outside of RAM we incorrectly fail
believing that the region is RAM that may be in use.

In most cases ioremap() on MIPS will take a fast-path to use the
unmapped kseg1 or xkphys virtual address spaces and never hit this path,
so the only way to hit it is for a MIPS32 system to attempt to ioremap()
an address range in lowmem with flags other than _CACHE_UNCACHED.
Perhaps the most straightforward way to do this is using
ioremap_uncached_accelerated(), which is how the problem was discovered.

Fix this by making use of walk_system_ram_range() to test the address
range provided to __ioremap() against only RAM pages, rather than all
lowmem pages. This means that if we have a lowmem I/O region, which is
very common for MIPS systems, we're free to ioremap() address ranges
within it. A nice bonus is that the test is no longer limited to lowmem.

The approach here matches the way x86 performed the same test after
commit c81c8a1eee ("x86, ioremap: Speed up check for RAM pages") until
x86 moved towards a slightly more complicated check using walk_mem_res()
for unrelated reasons with commit 0e4c12b45a ("x86/mm, resource: Use
PAGE_KERNEL protection for ioremap of memory pages").

Signed-off-by: Paul Burton <paul.burton@mips.com>
Reported-by: Serge Semin <fancer.lancer@gmail.com>
Tested-by: Serge Semin <fancer.lancer@gmail.com>
Fixes: 92923ca3aa ("mm: meminit: only set page reserved in the memblock region")
Cc: James Hogan <jhogan@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: stable@vger.kernel.org # v4.2+
Patchwork: https://patchwork.linux-mips.org/patch/19786/
2018-07-05 14:43:21 -07:00
Linus Torvalds 0fa3ecd878 Fix up non-directory creation in SGID directories
sgid directories have special semantics, making newly created files in
the directory belong to the group of the directory, and newly created
subdirectories will also become sgid.  This is historically used for
group-shared directories.

But group directories writable by non-group members should not imply
that such non-group members can magically join the group, so make sure
to clear the sgid bit on non-directories for non-members (but remember
that sgid without group execute means "mandatory locking", just to
confuse things even more).

Reported-by: Jann Horn <jannh@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-05 12:36:36 -07:00
Christoph Hellwig 7ec916f82c Revert "iommu/intel-iommu: Enable CONFIG_DMA_DIRECT_OPS=y and clean up intel_{alloc,free}_coherent()"
This commit may cause a less than required dma mask to be used for
some allocations, which apparently leads to module load failures for
iwlwifi sometimes.

This reverts commit d657c5c73c.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Fabio Coatti <fabio.coatti@gmail.com>
Tested-by: Fabio Coatti <fabio.coatti@gmail.com>
2018-07-05 13:32:06 -06:00
Stefano Brivio 729c0c9dd5 cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf()
smb{2,3}_create_lease_buf() store a lease key in the lease
context for later usage on a lease break.

In most paths, the key is currently sourced from data that
happens to be on the stack near local variables for oplock in
SMB2_open() callers, e.g. from open_shroot(), whereas
smb2_open_file() properly allocates space on its stack for it.

The address of those local variables holding the oplock is then
passed to create_lease_buf handlers via SMB2_open(), and 16
bytes near oplock are used. This causes a stack out-of-bounds
access as reported by KASAN on SMB2.1 and SMB3 mounts (first
out-of-bounds access is shown here):

[  111.528823] BUG: KASAN: stack-out-of-bounds in smb3_create_lease_buf+0x399/0x3b0 [cifs]
[  111.530815] Read of size 8 at addr ffff88010829f249 by task mount.cifs/985
[  111.532838] CPU: 3 PID: 985 Comm: mount.cifs Not tainted 4.18.0-rc3+ #91
[  111.534656] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[  111.536838] Call Trace:
[  111.537528]  dump_stack+0xc2/0x16b
[  111.540890]  print_address_description+0x6a/0x270
[  111.542185]  kasan_report+0x258/0x380
[  111.544701]  smb3_create_lease_buf+0x399/0x3b0 [cifs]
[  111.546134]  SMB2_open+0x1ef8/0x4b70 [cifs]
[  111.575883]  open_shroot+0x339/0x550 [cifs]
[  111.591969]  smb3_qfs_tcon+0x32c/0x1e60 [cifs]
[  111.617405]  cifs_mount+0x4f3/0x2fc0 [cifs]
[  111.674332]  cifs_smb3_do_mount+0x263/0xf10 [cifs]
[  111.677915]  mount_fs+0x55/0x2b0
[  111.679504]  vfs_kern_mount.part.22+0xaa/0x430
[  111.684511]  do_mount+0xc40/0x2660
[  111.698301]  ksys_mount+0x80/0xd0
[  111.701541]  do_syscall_64+0x14e/0x4b0
[  111.711807]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  111.713665] RIP: 0033:0x7f372385b5fa
[  111.715311] Code: 48 8b 0d 99 78 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 66 78 2c 00 f7 d8 64 89 01 48
[  111.720330] RSP: 002b:00007ffff27049d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  111.722601] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f372385b5fa
[  111.724842] RDX: 000055c2ecdc73b2 RSI: 000055c2ecdc73f9 RDI: 00007ffff270580f
[  111.727083] RBP: 00007ffff2705804 R08: 000055c2ee976060 R09: 0000000000001000
[  111.729319] R10: 0000000000000000 R11: 0000000000000206 R12: 00007f3723f4d000
[  111.731615] R13: 000055c2ee976060 R14: 00007f3723f4f90f R15: 0000000000000000

[  111.735448] The buggy address belongs to the page:
[  111.737420] page:ffffea000420a7c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[  111.739890] flags: 0x17ffffc0000000()
[  111.741750] raw: 0017ffffc0000000 0000000000000000 dead000000000200 0000000000000000
[  111.744216] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  111.746679] page dumped because: kasan: bad access detected

[  111.750482] Memory state around the buggy address:
[  111.752562]  ffff88010829f100: 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00
[  111.754991]  ffff88010829f180: 00 00 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00
[  111.757401] >ffff88010829f200: 00 00 00 00 00 f1 f1 f1 f1 01 f2 f2 f2 f2 f2 f2
[  111.759801]                                               ^
[  111.762034]  ffff88010829f280: f2 02 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[  111.764486]  ffff88010829f300: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  111.766913] ==================================================================

Lease keys are however already generated and stored in fid data
on open and create paths: pass them down to the lease context
creation handlers and use them.

Suggested-by: Aurélien Aptel <aaptel@suse.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Fixes: b8c32dbb0d ("CIFS: Request SMB2.1 leases")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2018-07-05 13:48:25 -05:00
Paulo Alcantara 7ffbe65578 cifs: Fix infinite loop when using hard mount option
For every request we send, whether it is SMB1 or SMB2+, we attempt to
reconnect tcon (cifs_reconnect_tcon or smb2_reconnect) before carrying
out the request.

So, while server->tcpStatus != CifsNeedReconnect, we wait for the
reconnection to succeed on wait_event_interruptible_timeout(). If it
returns, that means that either the condition was evaluated to true, or
timeout elapsed, or it was interrupted by a signal.

Since we're not handling the case where the process woke up due to a
received signal (-ERESTARTSYS), the next call to
wait_event_interruptible_timeout() will _always_ fail and we end up
looping forever inside either cifs_reconnect_tcon() or smb2_reconnect().

Here's an example of how to trigger that:

$ mount.cifs //foo/share /mnt/test -o
username=foo,password=foo,vers=1.0,hard

(break connection to server before executing bellow cmd)
$ stat -f /mnt/test & sleep 140
[1] 2511

$ ps -aux -q 2511
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root      2511  0.0  0.0  12892  1008 pts/0    S    12:24   0:00 stat -f
/mnt/test

$ kill -9 2511

(wait for a while; process is stuck in the kernel)
$ ps -aux -q 2511
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root      2511 83.2  0.0  12892  1008 pts/0    R    12:24  30:01 stat -f
/mnt/test

By using 'hard' mount point means that cifs.ko will keep retrying
indefinitely, however we must allow the process to be killed otherwise
it would hang the system.

Signed-off-by: Paulo Alcantara <palcantara@suse.de>
Cc: stable@vger.kernel.org
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2018-07-05 13:48:25 -05:00
Stefano Brivio f46ecbd97f cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting
A "small" CIFS buffer is not big enough in general to hold a
setacl request for SMB2, and we end up overflowing the buffer in
send_set_info(). For instance:

 # mount.cifs //127.0.0.1/test /mnt/test -o username=test,password=test,nounix,cifsacl
 # touch /mnt/test/acltest
 # getcifsacl /mnt/test/acltest
 REVISION:0x1
 CONTROL:0x9004
 OWNER:S-1-5-21-2926364953-924364008-418108241-1000
 GROUP:S-1-22-2-1001
 ACL:S-1-5-21-2926364953-924364008-418108241-1000:ALLOWED/0x0/0x1e01ff
 ACL:S-1-22-2-1001:ALLOWED/0x0/R
 ACL:S-1-22-2-1001:ALLOWED/0x0/R
 ACL:S-1-5-21-2926364953-924364008-418108241-1000:ALLOWED/0x0/0x1e01ff
 ACL:S-1-1-0:ALLOWED/0x0/R
 # setcifsacl -a "ACL:S-1-22-2-1004:ALLOWED/0x0/R" /mnt/test/acltest

this setacl will cause the following KASAN splat:

[  330.777927] BUG: KASAN: slab-out-of-bounds in send_set_info+0x4dd/0xc20 [cifs]
[  330.779696] Write of size 696 at addr ffff88010d5e2860 by task setcifsacl/1012

[  330.781882] CPU: 1 PID: 1012 Comm: setcifsacl Not tainted 4.18.0-rc2+ #2
[  330.783140] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[  330.784395] Call Trace:
[  330.784789]  dump_stack+0xc2/0x16b
[  330.786777]  print_address_description+0x6a/0x270
[  330.787520]  kasan_report+0x258/0x380
[  330.788845]  memcpy+0x34/0x50
[  330.789369]  send_set_info+0x4dd/0xc20 [cifs]
[  330.799511]  SMB2_set_acl+0x76/0xa0 [cifs]
[  330.801395]  set_smb2_acl+0x7ac/0xf30 [cifs]
[  330.830888]  cifs_xattr_set+0x963/0xe40 [cifs]
[  330.840367]  __vfs_setxattr+0x84/0xb0
[  330.842060]  __vfs_setxattr_noperm+0xe6/0x370
[  330.843848]  vfs_setxattr+0xc2/0xd0
[  330.845519]  setxattr+0x258/0x320
[  330.859211]  path_setxattr+0x15b/0x1b0
[  330.864392]  __x64_sys_setxattr+0xc0/0x160
[  330.866133]  do_syscall_64+0x14e/0x4b0
[  330.876631]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  330.878503] RIP: 0033:0x7ff2e507db0a
[  330.880151] Code: 48 8b 0d 89 93 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 bc 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 56 93 2c 00 f7 d8 64 89 01 48
[  330.885358] RSP: 002b:00007ffdc4903c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  330.887733] RAX: ffffffffffffffda RBX: 000055d1170de140 RCX: 00007ff2e507db0a
[  330.890067] RDX: 000055d1170de7d0 RSI: 000055d115b39184 RDI: 00007ffdc4904818
[  330.892410] RBP: 0000000000000001 R08: 0000000000000000 R09: 000055d1170de7e4
[  330.894785] R10: 00000000000002b8 R11: 0000000000000246 R12: 0000000000000007
[  330.897148] R13: 000055d1170de0c0 R14: 0000000000000008 R15: 000055d1170de550

[  330.901057] Allocated by task 1012:
[  330.902888]  kasan_kmalloc+0xa0/0xd0
[  330.904714]  kmem_cache_alloc+0xc8/0x1d0
[  330.906615]  mempool_alloc+0x11e/0x380
[  330.908496]  cifs_small_buf_get+0x35/0x60 [cifs]
[  330.910510]  smb2_plain_req_init+0x4a/0xd60 [cifs]
[  330.912551]  send_set_info+0x198/0xc20 [cifs]
[  330.914535]  SMB2_set_acl+0x76/0xa0 [cifs]
[  330.916465]  set_smb2_acl+0x7ac/0xf30 [cifs]
[  330.918453]  cifs_xattr_set+0x963/0xe40 [cifs]
[  330.920426]  __vfs_setxattr+0x84/0xb0
[  330.922284]  __vfs_setxattr_noperm+0xe6/0x370
[  330.924213]  vfs_setxattr+0xc2/0xd0
[  330.926008]  setxattr+0x258/0x320
[  330.927762]  path_setxattr+0x15b/0x1b0
[  330.929592]  __x64_sys_setxattr+0xc0/0x160
[  330.931459]  do_syscall_64+0x14e/0x4b0
[  330.933314]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

[  330.936843] Freed by task 0:
[  330.938588] (stack is not available)

[  330.941886] The buggy address belongs to the object at ffff88010d5e2800
 which belongs to the cache cifs_small_rq of size 448
[  330.946362] The buggy address is located 96 bytes inside of
 448-byte region [ffff88010d5e2800, ffff88010d5e29c0)
[  330.950722] The buggy address belongs to the page:
[  330.952789] page:ffffea0004357880 count:1 mapcount:0 mapping:ffff880108fdca80 index:0x0 compound_mapcount: 0
[  330.955665] flags: 0x17ffffc0008100(slab|head)
[  330.957760] raw: 0017ffffc0008100 dead000000000100 dead000000000200 ffff880108fdca80
[  330.960356] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  330.963005] page dumped because: kasan: bad access detected

[  330.967039] Memory state around the buggy address:
[  330.969255]  ffff88010d5e2880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  330.971833]  ffff88010d5e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  330.974397] >ffff88010d5e2980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  330.976956]                                            ^
[  330.979226]  ffff88010d5e2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  330.981755]  ffff88010d5e2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  330.984225] ==================================================================

Fix this by allocating a regular CIFS buffer in
smb2_plain_req_init() if the request command is SMB2_SET_INFO.

Reported-by: Jianhong Yin <jiyin@redhat.com>
Fixes: 366ed846df ("cifs: Use smb 2 - 3 and cifsacl mount options setacl function")
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-and-tested-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2018-07-05 13:48:25 -05:00
Paulo Alcantara 6aa0c114ec cifs: Fix memory leak in smb2_set_ea()
This patch fixes a memory leak when doing a setxattr(2) in SMB2+.

Signed-off-by: Paulo Alcantara <palcantara@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-07-05 13:48:24 -05:00
Ronnie Sahlberg 81f39f951b cifs: fix SMB1 breakage
SMB1 mounting broke in commit 35e2cc1ba7
("cifs: Use correct packet length in SMB2_TRANSFORM header")
Fix it and also rename smb2_rqst_len to smb_rqst_len
to make it less unobvious that the function is also called from
CIFS/SMB1

Good job by Paulo reviewing and cleaning up Ronnie's original patch.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
2018-07-05 13:48:24 -05:00
Paulo Alcantara 8de8c4608f cifs: Fix validation of signed data in smb2
Fixes: c713c8770f ("cifs: push rfc1002 generation down the stack")

We failed to validate signed data returned by the server because
__cifs_calc_signature() now expects to sign the actual data in iov but
we were also passing down the rfc1002 length.

Fix smb3_calc_signature() to calculate signature of rfc1002 length prior
to passing only the actual data iov[1-N] to __cifs_calc_signature(). In
addition, there are a few cases where no rfc1002 length is passed so we
make sure there's one (iov_len == 4).

Signed-off-by: Paulo Alcantara <palcantara@suse.de>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2018-07-05 13:48:24 -05:00
Paulo Alcantara 27c32b49c3 cifs: Fix validation of signed data in smb3+
Fixes: c713c8770f ("cifs: push rfc1002 generation down the stack")

We failed to validate signed data returned by the server because
__cifs_calc_signature() now expects to sign the actual data in iov but
we were also passing down the rfc1002 length.

Fix smb3_calc_signature() to calculate signature of rfc1002 length prior
to passing only the actual data iov[1-N] to __cifs_calc_signature(). In
addition, there are a few cases where no rfc1002 length is passed so we
make sure there's one (iov_len == 4).

Signed-off-by: Paulo Alcantara <palcantara@suse.de>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2018-07-05 13:48:24 -05:00
Lars Persson 696e420bb2 cifs: Fix use after free of a mid_q_entry
With protocol version 2.0 mounts we have seen crashes with corrupt mid
entries. Either the server->pending_mid_q list becomes corrupt with a
cyclic reference in one element or a mid object fetched by the
demultiplexer thread becomes overwritten during use.

Code review identified a race between the demultiplexer thread and the
request issuing thread. The demultiplexer thread seems to be written
with the assumption that it is the sole user of the mid object until
it calls the mid callback which either wakes the issuer task or
deletes the mid.

This assumption is not true because the issuer task can be woken up
earlier by a signal. If the demultiplexer thread has proceeded as far
as setting the mid_state to MID_RESPONSE_RECEIVED then the issuer
thread will happily end up calling cifs_delete_mid while the
demultiplexer thread still is using the mid object.

Inserting a delay in the cifs demultiplexer thread widens the race
window and makes reproduction of the race very easy:

		if (server->large_buf)
			buf = server->bigbuf;

+		usleep_range(500, 4000);

		server->lstrp = jiffies;

To resolve this I think the proper solution involves putting a
reference count on the mid object. This patch makes sure that the
demultiplexer thread holds a reference until it has finished
processing the transaction.

Cc: stable@vger.kernel.org
Signed-off-by: Lars Persson <larper@axis.com>
Acked-by: Paulo Alcantara <palcantara@suse.de>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2018-07-05 13:48:24 -05:00
Linus Torvalds d02d21ea00 autofs: rename 'autofs' module back to 'autofs4'
It turns out that systemd has a bug: it wants to load the autofs module
early because of some initialization ordering with udev, and it doesn't
do that correctly.  Everywhere else it does the proper "look up module
name" that does the proper alias resolution, but in that early code, it
just uses a hardcoded "autofs4" for the module name.

The result of that is that as of commit a2225d931f ("autofs: remove
left-over autofs4 stubs"), you get

    systemd[1]: Failed to insert module 'autofs4': No such file or directory

in the system logs, and a lack of module loading.  All this despite the
fact that we had very clearly marked 'autofs4' as an alias for this
module.

What's so ridiculous about this is that literally everything else does
the module alias handling correctly, including really old versions of
systemd (that just used 'modprobe' to do this), and even all the other
systemd module loading code.

Only that special systemd early module load code is broken, hardcoding
the module names for not just 'autofs4', but also "ipv6", "unix",
"ip_tables" and "virtio_rng".  Very annoying.

Instead of creating an _additional_ separate compatibility 'autofs4'
module, just rely on the fact that everybody else gets this right, and
just call the module 'autofs4' for compatibility reasons, with 'autofs'
as the alias name.

That will allow the systemd people to fix their bugs, adding the proper
alias handling, and maybe even fix the name of the module to be just
"autofs" (so that they can _test_ the alias handling).  And eventually,
we can revert this silly compatibility hack.

See also

    https://github.com/systemd/systemd/issues/9501
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902946

for the systemd bug reports upstream and in the Debian bug tracker
respectively.

Fixes: a2225d931f ("autofs: remove left-over autofs4 stubs")
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Reported-by: Michael Biebl <biebl@debian.org>
Cc: Ian Kent <raven@themaw.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-05 11:35:04 -07:00
Greg Hackmann 1a381d4a0a arm64: remove no-op -p linker flag
Linking the ARM64 defconfig kernel with LLVM lld fails with the error:

  ld.lld: error: unknown argument: -p
  Makefile:1015: recipe for target 'vmlinux' failed

Without this flag, the ARM64 defconfig kernel successfully links with
lld and boots on Dragonboard 410c.

After digging through binutils source and changelogs, it turns out that
-p is only relevant to ancient binutils installations targeting 32-bit
ARM.  binutils accepts -p for AArch64 too, but it's always been
undocumented and silently ignored.  A comment in
ld/emultempl/aarch64elf.em explains that it's "Only here for backwards
compatibility".

Since this flag is a no-op on ARM64, we can safely drop it.

Acked-by: Will Deacon <will.deacon@arm.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-07-05 19:12:48 +01:00
Linus Torvalds 06c8563989 ACPI fixes for 4.18-rc4
- Revert part of a recent ACPICA regression fix that added leading
    newlines to ACPICA error messages and made the kernel log look
    broken (Rafael Wysocki).
 
  - Fix an ACPI battery driver regression introduced during the 4.17
    cycle due to incorrect error handling that made Thinkpad 13
    laptops crash on boot (Jouke Witteveen).
 
  - Fix up the recently added PPTT ACPI table support by covering
    the case when a PPTT structure represents a processors group
    correctly (Sudeep Holla).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJbPf5UAAoJEILEb/54YlRxQjUQAJp1vfYp9w/zVT0fDQZIgkmS
 k1BYw5LonMhGOls0qd8laQJ5g7wgc9rIeA6/oT/eCkvJVzOqYN0y49EKBdevLuB6
 3K7NeFJtJwvQFPhQrrDBN2PL5SN6ZL9e16MxPZXeVrWN2wMAAdCZiDQN1QyEZNj2
 SeFBnMiG/oYiX/87/mkbmwJyG8QX9onH6VywwRP1YGOpPnt/oLtpb3nPHh+Ep85Z
 +k2LmICGdUbIadYLhO9UlvyWxaUoVIoyGt/p51vgB2wezfkqg6phKPbl3v1+3z0l
 90R4Ls968yzdnZ/09e8ywAy2pUOPQe1BfzSxSrmW0+QF+83tHoOV8xoMo32571pb
 /kJn+9qOa6SNfKDTK1thLbSQDgWe02qalWXmCcSyHcUbPaIeEozymyrdF8TZ6xmR
 W190C+yQlSS8428B8fI8kPsslg1ZDjqRT2eSnvlAogLYX/wHHN5qygtKHc2iWMso
 WL98G9KmcxIt6HtDKUCkW49mW1bACnD3RhrOVczCGPbyqk4asclsMFzqV1W+emMN
 d0XaELMkkMaKfLAx3UPS+xNeMAQ/gshfUPm/oMbSjYrHpI+9l8XEUsirdjf3QWiY
 8lBUtW7wZPqU8wjUtUh7e7P1F0UFHK4Dzp39IgCWuCnvuid/2mfBwAJ2LcTCaxzx
 mYHKZwkBqs68wvuVQM1S
 =8VBX
 -----END PGP SIGNATURE-----

Merge tag 'acpi-4.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI fixes from Rafael Wysocki:
 "These fix a recent ACPICA regression, fix a battery driver regression
  introduced during the 4.17 cycle and fix up the recently added support
  for the PPTT ACPI table.

  Specifics:

   - Revert part of a recent ACPICA regression fix that added leading
     newlines to ACPICA error messages and made the kernel log look
     broken (Rafael Wysocki).

   - Fix an ACPI battery driver regression introduced during the 4.17
     cycle due to incorrect error handling that made Thinkpad 13 laptops
     crash on boot (Jouke Witteveen).

   - Fix up the recently added PPTT ACPI table support by covering the
     case when a PPTT structure represents a processors group correctly
     (Sudeep Holla)"

* tag 'acpi-4.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI / battery: Safe unregistering of hooks
  ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID is set
  ACPICA: Drop leading newlines from error messages
2018-07-05 09:52:30 -07:00
Linus Torvalds 90dc8b65d2 Power management fixes for 4.18-rc4
- Resume parallel PCI (non-PCIe) bridges on suspend-to-RAM (ACP S3)
    to avoid confusing the platform firmware which started to happen
    after a core power management regression fix that went in during
    the 4.17 cycle (Rafael Wysocki).
 
  - Fix up the recently added support for devices in multiple power
    domains by avoiding to power up the entire domain unnecessarily
    when attaching a device to it (Ulf Hansson).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJbPf3xAAoJEILEb/54YlRx6rcQAKlHlSZI1VwdnxJ1rYwyRLZ+
 4Ss5DQQnEUYTaJUXQiwlfmV7tYqrvqsGNP3v1/vlhftdae9zGgH++rju8QxeNHfr
 Yt/vTINIepbkH5Q747NSlw1MKpODIWqJKGdYmLNYeo8oKqAYHDmoipryk0r1J4ae
 zQyc5nHCDiQtDQsOa0xw7XlVyeLyaHIZCuQ4FAyElTQ7T9t3KyxNtskuXqpJPndd
 Kestr7P+Zx0km8GHMHZsY48IC6U561fkAhnk6S9wBUizzeMd+rQVzBLdAaJLS5Lr
 zIIDY6RuYcBYcWcVhg6l5510NfuqEeSF50YFjRY1AWezGoRDA5LJkfUeXOt5G4g+
 /uZqwL+8oLhTJptCDKPic9/kmTTCvIZxpZMQE391sAYdN6KpZfLpDWNToGEasr3v
 ux6XLCUkmv+DOmPztXUNeKv//stCSBsWUl1tbplrvQ4ksuVNZ1U1JQ4mS3Qs0ki0
 GXSCqxwM87EhrgJiRwxVd0SieC0szznYGs9zvVNsi1ecnC5SBUw3d+d5mwYdF/F4
 WD+qwuuAtEGCg8qPWVTRD6xp58dojZijpynPW21HsSFy//FWR1KJwBxfd1ZkxGD2
 iMntqTB3UGE/Nj5UKcsU8A6j8VojH7ndahfjdvWI9Tg8qE8g64xEjM3xomc3NevG
 YfvxlNIX1pnDZoIO4iYg
 =oF4i
 -----END PGP SIGNATURE-----

Merge tag 'pm-4.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fixes from Rafael Wysocki:
 "These fix a PCI power management regression introduced during the 4.17
  cycle and fix up the recently added support for devices in multiple
  power domains.

  Specifics:

   - Resume parallel PCI (non-PCIe) bridges on suspend-to-RAM (ACP S3)
     to avoid confusing the platform firmware which started to happen
     after a core power management regression fix that went in during
     the 4.17 cycle (Rafael Wysocki).

   - Fix up the recently added support for devices in multiple power
     domains by avoiding to power up the entire domain unnecessarily
     when attaching a device to it (Ulf Hansson)"

* tag 'pm-4.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  PM / Domains: Don't power on at attach for the multi PM domain case
  PCI / ACPI / PM: Resume bridges w/o drivers on suspend-to-RAM
2018-07-05 09:50:18 -07:00
Linus Torvalds b19b928209 RISC-V Fixus for 4.18-rc4
This patch set contains a handful of fixes for the RISC-V port:
 
 * A fix to R_RISCV_ADD32/R_RISCV_SUB32 relocations that allows modules
   that use these to load correctly.
 * The removal of of_platform_populate(), which is obselete.
 * The removal of irq-riscv-intc.h, which is obselete.
 * A fix to PTRACE_SETREGSET.
 * Fixes that allow the RV32I kernel to build (at least for Zong, I've
   got another patch on the mailing list that's necessary on my setup
   :)).
 
 I've just given these a defconfig build test.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAls9OjoTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRDvTKFQLMurQf1kD/9I6PVt6fqgUvNKdrG8x9XskOI0eTPh
 0+pZRUIOCu0cPBVE8YRLvuOs5wDzUsMDGNKC2UGV/Y8IJxBV2ObQ8KmrC8bbfiy6
 EzYVM8oA12oT6k77DmFUhoZf87djRwIvueVuqd+CQhPI/6YjIgInemTiP+8UXHHd
 fI0U4EtneiYWt7m8q9hZSXp0g7CtGLaadWRm88bDAhSEMif5O9WjQy1nAbT7WXeV
 cNV6w91nru/zKCO0TrDp6zfYdBPo/M0bKALW7s2GRN7Oj/SxOegLaAq+jFp9M09c
 5KLWCkcohUzsNrKgO9syHgCSm1V7pMOUsAVa7L+EisUR16WbnpZYGcHbyfCrCGwz
 c8TQ3kZcpxEbvEhK+sZQZ0uvD2vNbg3wLGJUBmw7T/OvuQSs3GMMbRNOvQAhZcHp
 uSqCdS7znYywFA/FRv8+/qttxSHEfPqrwWnduaL2lPnxGDDoBMa2QdYPd/iwajiT
 +Epd5mg3csmxGhEyD9W5nkM4wojZs/6Wic8GF89kBx8K9tnt93cs07JlI7jC4Y+B
 QCnuyMa3bjPSnHcAyhcK3Phor6Ik10JpLD3oiRngj3yWiuEtx3NX1dnHRDSGU7fw
 /57vVKeLKumE0BzrkNSEogq5bAaKCWbr8iCUPfa+XeWXpvgb57Z/AD4DJ1tf83cu
 wcZNg2jVd4Ylrw==
 =9Bi0
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-4.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux

Pull RISC-V fixes from Palmer Dabbelt:
 "This contains a handful of fixes for the RISC-V port:

   - A fix to R_RISCV_ADD32/R_RISCV_SUB32 relocations that allows
     modules that use these to load correctly.

   - The removal of of_platform_populate(), which is obselete.

   - The removal of irq-riscv-intc.h, which is obselete.

   - A fix to PTRACE_SETREGSET.

   - Fixes that allow the RV32I kernel to build (at least for Zong, I've
     got another patch on the mailing list that's necessary on my setup :)).

  I've just given these a defconfig build test"

* tag 'riscv-for-linus-4.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
  RISC-V: Fix PTRACE_SETREGSET bug.
  RISC-V: Don't include irq-riscv-intc.h
  riscv: remove unnecessary of_platform_populate call
  RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations
  RISC-V: Change variable type for 32-bit compatible
  RISC-V: Add definiion of extract symbol's index and type for 32-bit
  RISC-V: Select GENERIC_UCMPDI2 on RV32I
  RISC-V: Add conditional macro for zone of DMA32
2018-07-05 09:47:18 -07:00
Linus Torvalds 760885f282 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu
Pull m68knommu fix from Greg Ungerer:
 "A single fix for breakage introduced in this merge window"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
  m68k: fix "bad page state" oops on ColdFire boot
2018-07-05 09:45:25 -07:00
Mikita Lipski 413ff0b942 drm/amd/display: add a check for display depth validity
[why]
HDMI 2.0 fails to validate 4K@60 timing with 10 bpc
[how]
Adding a helper function that would verify if the display depth
assigned would pass a bandwidth validation.
Drop the display depth by one level till calculated pixel clk
is lower than maximum TMDS clk.

Bugzilla: https://bugs.freedesktop.org/106959

Tested-by: Mike Lothian <mike@fireburn.co.uk>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Mikita Lipski <mikita.lipski@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2018-07-05 10:19:53 -05:00
Rafael J. Wysocki e2a46a48b9 MAINTAINERS: Add myself as driver core changes reviewer
I really need to look at driver core changes before they are applied
due to PM dependencies and they sometimes get lost in the LKML
traffic, so add myself as an official driver core reviewer.

Signed-off-by: Rafael J. Wysocki <rafael@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-05 17:19:43 +02:00
Mikita Lipski a6311be8f0 drm/amd/display: adding ycbcr420 pixel encoding for hdmi
[why]
HDMI EDID's VSDB contains spectial timings for specifically
YCbCr 4:2:0 colour space. In those cases we need to verify
if the mode provided is one of the special ones has to use
YCbCr 4:2:0 pixel encoding for display info.
[how]
Verify if the mode is using specific ycbcr420 colour space with
the help of DRM helper function and assign the mode to use
ycbcr420 pixel encoding.

Tested-by: Mike Lothian <mike@fireburn.co.uk>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Mikita Lipski <mikita.lipski@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2018-07-05 10:19:18 -05:00
Lucas Stach 2c83a726d6 drm/etnaviv: bring back progress check in job timeout handler
When the hangcheck handler was replaced by the DRM scheduler timeout
handling we dropped the forward progress check, as this might allow
clients to hog the GPU for a long time with a big job.

It turns out that even reasonably well behaved clients like the
Armada Xorg driver occasionally trip over the 500ms timeout. Bring
back the forward progress check to get rid of the userspace regression.

We would still like to fix userspace to submit smaller batches
if possible, but that is for another day.

Cc: <stable@vger.kernel.org>
Fixes: 6d7a20c077 (drm/etnaviv: replace hangcheck with scheduler timeout)
Reported-by: Russell King <linux@armlinux.org.uk>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Eric Anholt <eric@anholt.net>
2018-07-05 14:16:20 +02:00
Stefan Mavrodiev b8ba357875 mmc: sunxi: Disable irq during pm_suspend
When mmc host controller enters suspend state, the clocks are
disabled, but irqs are not. For some reason the irqchip emits
false interrupts, which causes system lock loop.

Debug log is:
  ...
  sunxi-mmc 1c11000.mmc: setting clk to 52000000, rounded 51200000
  sunxi-mmc 1c11000.mmc: enabling the clock
  sunxi-mmc 1c11000.mmc: cmd 13(8000014d) arg 10000 ie 0x0000bbc6 len 0
  sunxi-mmc 1c11000.mmc: irq: rq (ptrval) mi 00000004 idi 00000000
  sunxi-mmc 1c11000.mmc: cmd 6(80000146) arg 3210101 ie 0x0000bbc6 len 0
  sunxi-mmc 1c11000.mmc: irq: rq (ptrval) mi 00000004 idi 00000000
  sunxi-mmc 1c11000.mmc: cmd 13(8000014d) arg 10000 ie 0x0000bbc6 len 0
  sunxi-mmc 1c11000.mmc: irq: rq (ptrval) mi 00000004 idi 00000000
  mmc1: new DDR MMC card at address 0001
  mmcblk1: mmc1:0001 AGND3R 14.6 GiB
  mmcblk1boot0: mmc1:0001 AGND3R partition 1 4.00 MiB
  mmcblk1boot1: mmc1:0001 AGND3R partition 2 4.00 MiB
  sunxi-mmc 1c11000.mmc: cmd 18(80003352) arg 0 ie 0x0000fbc2 len 409
  sunxi-mmc 1c11000.mmc: irq: rq (ptrval) mi 00004000 idi 00000002
   mmcblk1: p1
  sunxi-mmc 1c11000.mmc: irq: rq   (null) mi 00000000 idi 00000000
  sunxi-mmc 1c11000.mmc: irq: rq   (null) mi 00000000 idi 00000000
  sunxi-mmc 1c11000.mmc: irq: rq   (null) mi 00000000 idi 00000000
  sunxi-mmc 1c11000.mmc: irq: rq   (null) mi 00000000 idi 00000000
and so on...

This issue apears on eMMC cards, routed on MMC2 slot. The patch is
tested with A20-OLinuXino-MICRO/LIME/LIME2 boards.

Fixes: 9a8e1e8cc2 ("mmc: sunxi: Add runtime_pm support")
Signed-off-by: Stefan Mavrodiev <stefan@olimex.com>
Acked-by: Maxime Ripard <maxime.ripard@bootlin.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
2018-07-05 14:10:59 +02:00
Rafael J. Wysocki df958569db Merge branches 'acpi-tables' and 'acpica'
Merge ACPICA regression fix and a fix for the recently added PPTT
support.

* acpi-tables:
  ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID is set

* acpica:
  ACPICA: Drop leading newlines from error messages
2018-07-05 13:03:43 +02:00
Rafael J. Wysocki 88b96088e9 Merge branch 'pm-pci'
Merge a PCI power management regression fix.

* pm-pci:
  PCI / ACPI / PM: Resume bridges w/o drivers on suspend-to-RAM
2018-07-05 12:47:16 +02:00
Mikulas Patocka 99ec9e7751 drm/udl: fix display corruption of the last line
The displaylink hardware has such a peculiarity that it doesn't render a
command until next command is received. This produces occasional
corruption, such as when setting 22x11 font on the console, only the first
line of the cursor will be blinking if the cursor is located at some
specific columns.

When we end up with a repeating pixel, the driver has a bug that it leaves
one uninitialized byte after the command (and this byte is enough to flush
the command and render it - thus it fixes the screen corruption), however
whe we end up with a non-repeating pixel, there is no byte appended and
this results in temporary screen corruption.

This patch fixes the screen corruption by always appending a byte 0xAF at
the end of URB. It also removes the uninitialized byte.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
2018-07-05 16:44:51 +10:00
Masahiro Yamada 2893af07e5 arm64: add endianness option to LDFLAGS instead of LD
With the recent syntax extension, Kconfig is now able to evaluate the
compiler / toolchain capability.

However, accumulating flags to 'LD' is not compatible with the way
it works; 'LD' must be passed to Kconfig to call $(ld-option,...)
from Kconfig files.  If you tweak 'LD' in arch Makefile depending on
CONFIG_CPU_BIG_ENDIAN, this would end up with circular dependency
between Makefile and Kconfig.

Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-07-04 22:49:13 +01:00
Palmer Dabbelt 9a6a51154f
RISC-V: Fix the rv32i kernel build
These patches for building 32-bit RISC-V kernel.
 - Fix the compile errors and warnings on RV32I.
 - Fix some incompatible problem on RV32I.
 - Add format.h for compatible of print format.

The fixed width integer types format for Elf_Addr will move to
generic header by another patch. For now, there are some warning
about unexpected argument of type on RV32I.

Change in v1:
 - Fix some error in v1
 - Remove implementation of fixed width integer types format for Elf_Addr.
2018-07-04 14:12:53 -07:00
Jim Wilson 1db9b80980
RISC-V: Fix PTRACE_SETREGSET bug.
In riscv_gpr_set, pass regs instead of &regs to user_regset_copyin to fix
gdb segfault.

Signed-off-by: Jim Wilson <jimw@sifive.com>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-07-04 14:12:47 -07:00
Palmer Dabbelt 8606544890
RISC-V: Don't include irq-riscv-intc.h
This file has never existed in the upstream kernel, but it's guarded by
an #ifdef that's also never existed in the upstream kernel.  As a part
of our interrupt controller refactoring this header is no longer
necessary, but this reference managed to sneak in anyway.

Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-07-04 14:12:42 -07:00
Rob Herring f67f10b8a6
riscv: remove unnecessary of_platform_populate call
The DT core will call of_platform_default_populate, so it is not
necessary for arch specific code to call it unless there are custom
match entries, auxdata or parent device. Neither of those apply here, so
remove the call.

Cc: Palmer Dabbelt <palmer@sifive.com>
Cc: Albert Ou <aou@eecs.berkeley.edu>
Cc: linux-riscv@lists.infradead.org
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-07-04 14:12:38 -07:00
Andreas Schwab 781c8fe2da
RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations
The R_RISCV_ADD32/R_RISCV_SUB32 relocations should add/subtract the
address of the symbol (without overflow check), not its contents.

Signed-off-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-07-04 14:12:34 -07:00
Zong Li 7df8500217
RISC-V: Change variable type for 32-bit compatible
Signed-off-by: Zong Li <zong@andestech.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-07-04 13:56:52 -07:00
Zong Li c480d8911f
RISC-V: Add definiion of extract symbol's index and type for 32-bit
Use generic marco to get the index and type of symbol.

Signed-off-by: Zong Li <zong@andestech.com>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-07-04 13:54:08 -07:00
Zong Li 8f79125d28
RISC-V: Select GENERIC_UCMPDI2 on RV32I
On 32-bit, it need to use __ucmpdi2, otherwise, it can't find the __ucmpdi2
symbol.

Signed-off-by: Zong Li <zong@andestech.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-07-04 13:53:33 -07:00
Zong Li d5fad48cfb
RISC-V: Add conditional macro for zone of DMA32
The DMA32 is for 64-bit usage.

Signed-off-by: Zong Li <zong@andestech.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2018-07-04 13:53:21 -07:00
Souptick Joarder d7ef4899d7 sample/vfio-mdev: Change return type to vm_fault_t
convert mbochs_region_vm_fault and mbochs_dmabuf_vm_fault
to return vm_fault_t type.

Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-07-04 10:42:04 -06:00
Paul Kocialkowski 38fc424867 arm64: Use aarch64elf and aarch64elfb emulation mode variants
The aarch64linux and aarch64linuxb emulation modes are not supported by
bare-metal toolchains and Linux using them forbids building the kernel
with these toolchains.

Since there is apparently no reason to target these emulation modes, the
more generic elf modes are used instead, allowing to build on bare-metal
toolchains as well as the already-supported ones.

Fixes: 3d6a7b99e3 ("arm64: ensure the kernel is compiled for LP64")

Cc: stable@vger.kernel.org
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-07-04 17:37:01 +01:00
Maciej Purski 44f9a4b0dc drm/bridge/sii8620: Fix link mode selection
Current link mode values do not allow to enable packed pixel modes.

Select packed pixel clock mode, if needed, every time the link mode
register gets updated.

Signed-off-by: Maciej Purski <m.purski@samsung.com>
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1530204243-6370-4-git-send-email-m.purski@samsung.com
2018-07-04 16:27:51 +02:00
Maciej Purski fdddc65ab3 drm/bridge/sii8620: Fix display of packed pixel modes
Current implementation does not guarantee packed pixel modes working
with every dongle. There are some dongles, which require selecting
the output mode explicitly.

Write proper values to registers in packed_pixel mode, based on how it
is done in vendor's code. Select output color space: RGB
(no packed pixel) or YCBCR422 (packed pixel).

This reverts commit e8b92efa62
("drm/bridge/sii8620: fix display of packed pixel modes in MHL2").

Signed-off-by: Maciej Purski <m.purski@samsung.com>
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1530204243-6370-3-git-send-email-m.purski@samsung.com
2018-07-04 16:27:50 +02:00
Maciej Purski f0139752f7 drm/bridge/sii8620: Send AVI infoframe in all MHL versions
Currently AVI infoframe is sent only in MHL3. However, some MHL2 dongles
need AVI infoframe to work correctly in either packed pixel mode or
non-packed pixel mode.

Send AVI infoframe in set_infoframes() in every case. Create an
infoframe using drm_hdmi_infoframe_from_display_mode() instead of
manually filling each infoframe structure's field.

Signed-off-by: Maciej Purski <m.purski@samsung.com>
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1530204243-6370-2-git-send-email-m.purski@samsung.com
2018-07-04 16:27:49 +02:00
Olli Salonen 367b160fe4 USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
There are two versions of the Qivicon Zigbee stick in circulation. This
adds the second USB ID to the cp210x driver.

Signed-off-by: Olli Salonen <olli.salonen@iki.fi>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
2018-07-04 15:44:07 +02:00