Commit Graph

811685 Commits

Author SHA1 Message Date
Thomas Gleixner 1a1fb985f2 futex: Handle early deadlock return correctly
commit 56222b212e ("futex: Drop hb->lock before enqueueing on the
rtmutex") changed the locking rules in the futex code so that the hash
bucket lock is not longer held while the waiter is enqueued into the
rtmutex wait list. This made the lock and the unlock path symmetric, but
unfortunately the possible early exit from __rt_mutex_proxy_start() due to
a detected deadlock was not updated accordingly. That allows a concurrent
unlocker to observe inconsitent state which triggers the warning in the
unlock path.

futex_lock_pi()                         futex_unlock_pi()
  lock(hb->lock)
  queue(hb_waiter)				lock(hb->lock)
  lock(rtmutex->wait_lock)
  unlock(hb->lock)
                                        // acquired hb->lock
                                        hb_waiter = futex_top_waiter()
                                        lock(rtmutex->wait_lock)
  __rt_mutex_proxy_start()
     ---> fail
          remove(rtmutex_waiter);
     ---> returns -EDEADLOCK
  unlock(rtmutex->wait_lock)
                                        // acquired wait_lock
                                        wake_futex_pi()
                                        rt_mutex_next_owner()
					  --> returns NULL
                                          --> WARN

  lock(hb->lock)
  unqueue(hb_waiter)

The problem is caused by the remove(rtmutex_waiter) in the failure case of
__rt_mutex_proxy_start() as this lets the unlocker observe a waiter in the
hash bucket but no waiter on the rtmutex, i.e. inconsistent state.

The original commit handles this correctly for the other early return cases
(timeout, signal) by delaying the removal of the rtmutex waiter until the
returning task reacquired the hash bucket lock.

Treat the failure case of __rt_mutex_proxy_start() in the same way and let
the existing cleanup code handle the eventual handover of the rtmutex
gracefully. The regular rt_mutex_proxy_start() gains the rtmutex waiter
removal for the failure case, so that the other callsites are still
operating correctly.

Add proper comments to the code so all these details are fully documented.

Thanks to Peter for helping with the analysis and writing the really
valuable code comments.

Fixes: 56222b212e ("futex: Drop hb->lock before enqueueing on the rtmutex")
Reported-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Co-developed-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Cc: Stefan Liebler <stli@linux.ibm.com>
Cc: Sebastian Sewior <bigeasy@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1901292311410.1950@nanos.tec.linutronix.de
2019-02-08 13:00:36 +01:00
Davidlohr Bueso 6f568ebe2a futex: Fix barrier comment
The current comment for the barrier that guarantees that waiter increment
is always before taking the hb spinlock (barrier (A)) needs to be fixed as
it is misplaced.

This is obviously referring to hb_waiters_inc, which is a full barrier.

Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190206185602.949-1-dave@stgolabs.net
2019-02-08 13:00:35 +01:00
Linus Torvalds 74e96711e3 platform-drivers-x86 for v5.0-2
Correct Documentation/ABI 4.21 KernelVersion to 5.0.
 
 The following is an automated git shortlog grouped by driver:
 
 Documentation/ABI:
  -  Correct mlxreg-io KernelVersion for 5.0
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcXLDcAAoJEKbMaAwKp364z6wH/2sXsncu1ohf79YNXeeBlJKO
 Zy8MCU3uhwY78+x9FLphDRhR5PlvulFflJg1i/eHEWYZ8BTd6gI1CevbAb18XZ2F
 RGeHzGKvV40L+mn6ykGXWmCLAnEfCS1ICBLwpM9o9O22FKjNqPv0etryQE9whJ/J
 mH8tPL4tMU3Y41HxMPl/e/K1tGNsRD3WRQp3AvgS3GimtEQHm4uHqvpaijc/I5UZ
 7STLWIm6e60lwHUGyqg2O4MxWUEZ0D129qw2kG1Bj6EOx0y90htqTeZunwbJxCGt
 GvJG6PnGDfWakzHreyqb8pxNoJqO3dFzpIympZ5+lFRy47APxBxKYx1hLwYl1Rs=
 =DUJg
 -----END PGP SIGNATURE-----

Merge tag 'platform-drivers-x86-v5.0-2' of git://git.infradead.org/linux-platform-drivers-x86

Pull x86 platform driver fixlet from Darren Hart:
 "Correct Documentation/ABI 4.21 KernelVersion to 5.0"

* tag 'platform-drivers-x86-v5.0-2' of git://git.infradead.org/linux-platform-drivers-x86:
  Documentation/ABI: Correct mlxreg-io KernelVersion for 5.0
2019-02-07 15:54:45 -07:00
Linus Torvalds e303a067ce Three security fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJcXHSEAAoJEL/70l94x66DpJUH/Rl3uJGdezeL/BgDkABruIuv
 kJwjWUPjjVtcrz1UPjc8YENDG7g0tLDlFajRXXxMJh+MWMDi/YED27ev4fbGJEnZ
 ApApV0pWNLev+Y5QK4GRn4T9iW4HSuqlDW3gjj9PP0E/93lX8DCALQ+yD1sGsmmE
 yG+0rGOcWqlxD3pPhVESHmi/AGzsD82GDe2in8z/iET8ucxy1lmFlISEYbSxXNa/
 o06C65The6sIn3IrqbP3aKEZ9mrpCe51pJm0YwJJpmg6UWcBiNuU+lbzg6qOthP7
 1fmYy+j/BM+9cFEnFxp8gUW4LWTtlta5cDcDJhTXdaw8XFroac+T1z6ZGQd7838=
 =iKIE
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Three security fixes"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
  KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
  kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
2019-02-07 15:53:26 -07:00
Linus Torvalds ee6c0737a0 Two small nfsd bugfixes for 5.0, for an RDMA bug and a file clone bug.
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcXJY6AAoJECebzXlCjuG+scAP/jm9ETUxC3E9ZcVetSLs7vf1
 AxHVsr3E3qf9uViq/+1NBRJ/BKE1Porzi1Uz01ie5MdY6SHWFMxvIvZrTRuEAhbc
 VA9xeRcnX+7RkPWik3sepSUieVy8KgJDMxdE07HwwyzST14I1s5Ev79wo6XiYlTw
 3+ZdZe19Y4owmTkbDiLsxJVsI2Y8b+9BIhZ9/ICRyFzZclnyLdO15HTDr4q7E9cw
 ZEZMOoljX4cjY8cD7tqf68QECxZYm4a8Ba+L6P+oqKajq/6yUrocXA2UG65EMtIQ
 LtMIdpkC+zHFagRQBC3ymqEWTpX9ED6TA4H4ZSdh6UH8NwYXHsxQUYfI4Oetju/B
 iqWBbXpwg2jMNRDhXS/KdNezYcGjYGJZ03dezeSP/GwojoiKALD0iXxWU2zyq0Qs
 crnhmc2j1wZZl5CFXLCYwjDjHbeH6gWGfLuzAv1Q9/jQUitQ2CpC4t1MCRdOlWBt
 cqjCleF6Rd3oVk51BdYPm5OyCHyQjrrXmOsx8aHkY774p7TqsaHBjSreTBjQWhO8
 wAfnr6yS4/21Hfrji52Nf4Q6UJ1FFEWB0wXJhYAHzem1RsPGSbnEDam6Bpd6Bh0d
 ZxAU4spoVhezQPjF4JCmHfiAJ7rbegfltJa669rE5L1kbUYYE6TAAcOm8RTSWoPZ
 iGxkg/en5XiGsOGH9AyB
 =++rV
 -----END PGP SIGNATURE-----

Merge tag 'nfsd-5.0-1' of git://linux-nfs.org/~bfields/linux

Pull nfsd fixes from Bruce Fields:
 "Two small nfsd bugfixes for 5.0, for an RDMA bug and a file clone bug"

* tag 'nfsd-5.0-1' of git://linux-nfs.org/~bfields/linux:
  svcrdma: Remove max_sge check at connect time
  nfsd: Fix error return values for nfsd4_clone_file_range()
2019-02-07 15:44:45 -07:00
Linus Torvalds 8b5cdbe595 - Fix DM core's missing memory barrier before waitqueue_active() calls.
- Fix DM core's clone_bio() to work when cloning a subset of a bio with
   an integrity payload; bio_integrity_trim() wasn't getting called due
   to bio_trim()'s early return.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJcXGHSAAoJEMUj8QotnQNaZMcIAMxj39Gvh/e2dx5zKuHBPO4+
 e5aMnCGzFwTdV4lfmfIU8pa5CAxAQXWOO5fH5IMzAI2rne5uczHK5a1V5YrL5OuP
 P0j0UNKt58FZlRiXxaMwURoRZeJ2nKe0R+LWw1W5cEGGM45C5okMaWrdmbdHOk9/
 G09yk8SsjXAGhuadCcY+aY7SrLi6KAaz3A9G/EzU8r9QirLkRVyaDmXIZrD8+Kgv
 8gmSlL3LvQbUUU70gPEU7yXp86+/lZi5VQysBSG7aOZcmBsZuNeXOTgt/7DWFJ7S
 Wj81Ib9pOg0PPYweB7PZ53BKRTydlTpzfEKaeG5+gFJgn6NPxR22SeOb1WnZ0Lg=
 =rtij
 -----END PGP SIGNATURE-----

Merge tag 'for-5.0/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:
 "Both of these fixes address issues in changes merged for 5.0-rc4:

   - Fix DM core's missing memory barrier before waitqueue_active()
     calls.

   - Fix DM core's clone_bio() to work when cloning a subset of a bio
     with an integrity payload; bio_integrity_trim() wasn't getting
     called due to bio_trim()'s early return"

* tag 'for-5.0/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm: don't use bio_trim() afterall
  dm: add memory barrier before waitqueue_active
2019-02-07 15:42:43 -07:00
Peter Shier ecec76885b KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
Bugzilla: 1671904

There are multiple code paths where an hrtimer may have been started to
emulate an L1 VMX preemption timer that can result in a call to free_nested
without an intervening L2 exit where the hrtimer is normally
cancelled. Unconditionally cancel in free_nested to cover all cases.

Embargoed until Feb 7th 2019.

Signed-off-by: Peter Shier <pshier@google.com>
Reported-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Reported-by: Felix Wilhelm <fwilhelm@google.com>
Cc: stable@kernel.org
Message-Id: <20181011184646.154065-1-pshier@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-07 19:03:01 +01:00
Paolo Bonzini 353c0956a6 KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
Bugzilla: 1671930

Emulation of certain instructions (VMXON, VMCLEAR, VMPTRLD, VMWRITE with
memory operand, INVEPT, INVVPID) can incorrectly inject a page fault
when passed an operand that points to an MMIO address.  The page fault
will use uninitialized kernel stack memory as the CR2 and error code.

The right behavior would be to abort the VM with a KVM_EXIT_INTERNAL_ERROR
exit to userspace; however, it is not an easy fix, so for now just
ensure that the error code and CR2 are zero.

Embargoed until Feb 7th 2019.

Reported-by: Felix Wilhelm <fwilhelm@google.com>
Cc: stable@kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-07 19:02:56 +01:00
Jann Horn cfa3938117 kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
kvm_ioctl_create_device() does the following:

1. creates a device that holds a reference to the VM object (with a borrowed
   reference, the VM's refcount has not been bumped yet)
2. initializes the device
3. transfers the reference to the device to the caller's file descriptor table
4. calls kvm_get_kvm() to turn the borrowed reference to the VM into a real
   reference

The ownership transfer in step 3 must not happen before the reference to the VM
becomes a proper, non-borrowed reference, which only happens in step 4.
After step 3, an attacker can close the file descriptor and drop the borrowed
reference, which can cause the refcount of the kvm object to drop to zero.

This means that we need to grab a reference for the device before
anon_inode_getfd(), otherwise the VM can disappear from under us.

Fixes: 852b6d57dc ("kvm: add device control API")
Cc: stable@kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-07 19:02:38 +01:00
Linus Torvalds d47e3da175 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
Pull HID fix from Jiri Kosina:
 "A fix for a bug in hid-debug that can lock up the kernel in infinite
  loop (CVE-2019-3819), from Vladis Dronov"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
  HID: debug: fix the ring buffer implementation
2019-02-07 11:51:31 +00:00
Linus Torvalds 6f64e3a4de sound fixes for 5.0-rc6
A collection of a few small fixes.  The most significant one is the
 fix for the possible race at loading HD-audio drivers.  This has been
 present for long time and surfaced only in a rare occasion, but
 finally spotted out.
 
 The rest are usual device-specific fixes for HD-audio and USB-audio.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlxb2goOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE/X6Q//S6CGJ1UEL545R6kExhIkQDgpB6a0mu6nagpt
 i72cKvrqdns6sdQWaRa4NE4p9OG6Epuk/6GzWSJQ0coGe65VvtJI3MSYlcla4C0X
 4oPQs9ApTVmxFhb4dYxjc9j4xWP5AVQZnh/f8KuRxH7Wa9DP4stCBp9Ueo3PBshg
 9T12lQ2bYmjXvqjjJE6CbRObe5CuqVC5y9OtD6SEkbVdQuVSmLOfJx8W+UZdBk1/
 A6BQat+3YGlc2zgIc/ZZzlUIQoOo2PnjslCRZYPS6bxBJ4jcGqSqVnMoqZ50IqDt
 udmTdL/9oJPNMt5ZGXabaTMx2RaTzenC69mm+FfpjJDrlxfwn3aoyg+Sgf2Dqj9x
 4tt2lPIkv49CuXsZIoySx07KyH5P9Y33zLOgikf76Ju6IpXfU4rQ+HpjliyQ8jeG
 F9z1L5Dks+8Xmk8QR0qbsN74fMs9vbHwp/QAQEVywWReNnHvtdrY9OEbwtaM3HBA
 lYNKLFcpdtjek4Ap7i5xZ5JOOY5IP1HaVpNyB1yoRIVxXGjDS4accAzaCmnp/61S
 5fofnwIyFdsAP30Iy0XJOyOVA+Eni5sUpljBKEFZmrtgbG0Rhy+YncAda44e6L/b
 IsVWLLWfNwMznFKa/EADP0s0QNhp0HVZU6t4pVbSCMeUq/U8CEz0Z313hOITH0tS
 AaTlfR0=
 =aD7u
 -----END PGP SIGNATURE-----

Merge tag 'sound-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A collection of a few small fixes.

  The most significant one is the fix for the possible race at loading
  HD-audio drivers. This has been present for long time and surfaced
  only in a rare occasion, but finally spotted out"

* tag 'sound-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/ca0132 - Fix build error without CONFIG_PCI
  ALSA: compress: Fix stop handling on compressed capture streams
  ALSA: usb-audio: Add support for new T+A USB DAC
  ALSA: hda - Serialize codec registrations
  ALSA: hda/realtek - Use a common helper for hp pin reference
  ALSA: hda/realtek - Fix lose hp_pins for disable auto mute
  ALSA: hda/realtek - Headset microphone support for System76 darp5
2019-02-07 08:33:56 +00:00
Linus Torvalds b0314565da virtio: fixes
A small fix for a uapi header, and a fix for VDPA for non-x86 guests.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcWfKsAAoJECgfDbjSjVRpz8AIALAFWg40sy8n1LjcDoTar9oP
 YRrKUD7ag4dL8I41kbu4Vk8GQG1cSKFxk+PnZ4lhyiJGUgcd267qoUf3Kk9MxL94
 IvMxa/Y2qPiSpEIwJGDxikJNaqcSDTJXYgs6zjCLHgo35WUbmAxVh3iZDWkpaKKl
 mql+DsotNhEYE5BGAi8OhPIbGOtumkhCy6JySBD+trHyivKIotKaPN6PoNudPRQU
 ipP1YlTZQL2vYp3vwbwjaO4IKo/17IDQtzHxLQU2Q1ZORSPOctjffmF74qfDkNKl
 pqWYXwVbq8/EuKyhNexAqU3vkSQaLUEMthzi5d/Z7QYeJt/K5xcpgkKHYm1lZ/U=
 =XTXV
 -----END PGP SIGNATURE-----

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

Pull virtio fixes from Michael Tsirkin:
 "A small fix for a uapi header, and a fix for VDPA for non-x86 guests"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  virtio: drop internal struct from UAPI
  virtio: support VIRTIO_F_ORDER_PLATFORM
2019-02-07 08:05:28 +00:00
Linus Torvalds 4879f11615 This has two fixes for uprobe code.
- Cut and paste fix to have uprobe printks say "uprobe" and not "kprobe"
 
  - Add terminating '\0' byte when copying of function arguments
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCXFsNwBQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qlSLAP9iup0t8BrDYcJQCNIJK+7hwBdB642c
 11qbWE7aXfsyUwEAu78tJfQfmBeZz7mHxKeMkTHQHE2IqV5qU311twOFiAE=
 =zkXr
 -----END PGP SIGNATURE-----

Merge tag 'trace-v5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fixes from Steven Rostedt:
 "This has two fixes for uprobe code.

   - Cut and paste fix to have uprobe printks say "uprobe" and not
     "kprobe"

   - Add terminating '\0' byte when copying function arguments"

* tag 'trace-v5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing/uprobes: Fix output for multiple string arguments
  tracing: uprobes: Fix typo in pr_fmt string
2019-02-07 07:59:01 +00:00
Linus Torvalds 076a3f5537 fuse fixes for 5.0-rc6
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQSQHSd0lITzzeNWNm3h3BK/laaZPAUCXFls+wAKCRDh3BK/laaZ
 PC+hAQDRkyJeAmMzpHwvv/IASqpJgc6HrSzH0p201lDyARcKIAD+MWxZHYP4ltAn
 WVTLIvYT1xsoqGG3plfZ/d1iNbAWcwU=
 =cL/O
 -----END PGP SIGNATURE-----

Merge tag 'fuse-fixes-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse

Pull fuse fixes from Miklos Szeredi:
 "A fix for a CUSE regression introduced in v4.20, as well as fixes for
  a couple of old bugs"

* tag 'fuse-fixes-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: decrement NR_WRITEBACK_TEMP on the right page
  fuse: call pipe_buf_release() under pipe lock
  cuse: fix ioctl
  fuse: handle zero sized retrieve correctly
2019-02-07 07:52:08 +00:00
Linus Torvalds b66bc77767 Pin control fixes for the v5.0 series:
- Mediatek Kconfig fix
 - Sunxi regulator, IRQ banks and pin base fixup
 - Intel Cherryview Strago DMI workaround
 - Potential regmap problem on mcp23s08
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcWpVcAAoJEEEQszewGV1z2TQP/0dTB96i4VxpQuJSed2ery3X
 CClF6YjCdWuNX4T25TrkT+5Ovavg8hKySIus3yItx0BgqrEb2cXo1F9+RNOH3Azx
 XorOmBBA6pOHPsvm70Skr/wnMX9RVct6vU5yyj5+izPtwxgt/SsvRIXYHADVbhWP
 9n/ZCcCIOehnNoAIN2DYoQdsYWb/0986h3kJNXEy1jtxZbHHnxZxqOGdP51OxkqV
 TwuCRTsgnYc4Xxuf2OyHXlS/kZOnLGXyZSwJP/djHBguQMkSOo/w83KSraPJt1DH
 EbXY5KIVSOmvQ8xLw0/5iqV0ImQ0f0HF+Byf0DL0UkXXnGDh3SPLKayGoMTy2KmR
 GGIxwZ47Kwl51O40zz7aSX9tn+XiAAD+I0qxJZQ3JkOxHiu8AVnc8aLrdjMejKyM
 5gZwPfexJDHFnmGwwpiTTsvv1sxppqdMqf+w25XS9C7a1gGZkzA0R80rrv19MqLh
 KmQrp+Jz1tyvku6eU7RltqR2sS8XHjOE9qz/Tr28T/J/bTBvXqe1Ci7JWTcpoWz4
 M1muV4a3W91xGJG9S/v3vHCJTrmlwZQ+vC9qlUzRamJ1EZ9Rz3WoKjEqQgKqGf3R
 4+mT+sXrbvN+LMwlvOoS1mYMULpZVQ3oTnYGwefLViuLwK/SOHyZ7CYuQnaWhOwX
 r/ETB1S02VCDFOT8jBJD
 =mYO4
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-v5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:

 - Mediatek Kconfig fix

 - Sunxi regulator, IRQ banks and pin base fixup

 - Intel Cherryview Strago DMI workaround

 - Potential regmap problem on mcp23s08

* tag 'pinctrl-v5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: sunxi: Correct number of IRQ banks on H6 main pin controller
  pinctrl: mcp23s08: spi: Fix regmap allocation for mcp23s18
  pinctrl: cherryview: fix Strago DMI workaround
  pinctrl: sunxi: Consider pin_base when calculating regulator array index
  pinctrl: sunxi: Fix and simplify pin bank regulator handling
  pinctrl: mediatek: fix Kconfig build errors for moore core
2019-02-07 07:47:08 +00:00
Mike Snitzer fa8db4948f dm: don't use bio_trim() afterall
bio_trim() has an early return, which makes it _not_ idempotent, if the
offset is 0 and the bio's bi_size already matches the requested size.
Prior to DM, all users of bio_trim() were fine with this.  But DM has
exposed the fact that bio_trim()'s early return is incompatible with a
cloned bio whose integrity payload must be trimmed via
bio_integrity_trim().

Fix this by reverting DM back to doing the equivalent of bio_trim() but
in an idempotent manner (so bio_integrity_trim is always performed).

Follow-on work is needed to assess what benefit bio_trim()'s early
return is providing to its existing callers.

Reported-by: Milan Broz <gmazyland@gmail.com>
Fixes: 57c36519e4 ("dm: fix clone_bio() to trigger blk_recount_segments()")
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2019-02-06 17:24:37 -05:00
Mikulas Patocka 645efa84f6 dm: add memory barrier before waitqueue_active
Block core changes to switch bio-based IO accounting to be percpu had a
side-effect of altering DM core to now rely on calling waitqueue_active
(in both bio-based and request-based) to check if another task is in
dm_wait_for_completion().

A memory barrier is needed before calling waitqueue_active().  DM core
doesn't piggyback on a preceding memory barrier so it must explicitly
use its own.

For more details on why using waitqueue_active() without a preceding
barrier is unsafe, please see the comment before the waitqueue_active()
definition in include/linux/wait.h.

Add the missing memory barrier by switching to using wq_has_sleeper().

Fixes: 6f75723190 ("dm: remove the pending IO accounting")
Fixes: c4576aed8d ("dm: fix request-based dm's use of dm_wait_for_completion")
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2019-02-06 17:24:37 -05:00
Chuck Lever e248aa7be8 svcrdma: Remove max_sge check at connect time
Two and a half years ago, the client was changed to use gathered
Send for larger inline messages, in commit 655fec6987 ("xprtrdma:
Use gathered Send for large inline messages"). Several fixes were
required because there are a few in-kernel device drivers whose
max_sge is 3, and these were broken by the change.

Apparently my memory is going, because some time later, I submitted
commit 25fd86eca1 ("svcrdma: Don't overrun the SGE array in
svc_rdma_send_ctxt"), and after that, commit f3c1fd0ee2 ("svcrdma:
Reduce max_send_sges"). These too incorrectly assumed in-kernel
device drivers would have more than a few Send SGEs available.

The fix for the server side is not the same. This is because the
fundamental problem on the server is that, whether or not the client
has provisioned a chunk for the RPC reply, the server must squeeze
even the most complex RPC replies into a single RDMA Send. Failing
in the send path because of Send SGE exhaustion should never be an
option.

Therefore, instead of failing when the send path runs out of SGEs,
switch to using a bounce buffer mechanism to handle RPC replies that
are too complex for the device to send directly. That allows us to
remove the max_sge check to enable drivers with small max_sge to
work again.

Reported-by: Don Dutile <ddutile@redhat.com>
Fixes: 25fd86eca1 ("svcrdma: Don't overrun the SGE array in ...")
Cc: stable@vger.kernel.org
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2019-02-06 15:32:34 -05:00
Trond Myklebust e3fdc89ca4 nfsd: Fix error return values for nfsd4_clone_file_range()
If the parameter 'count' is non-zero, nfsd4_clone_file_range() will
currently clobber all errors returned by vfs_clone_file_range() and
replace them with EINVAL.

Fixes: 42ec3d4c02 ("vfs: make remap_file_range functions take and...")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Cc: stable@vger.kernel.org # v4.20+
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2019-02-06 15:32:05 -05:00
Takashi Iwai c97617a81a ALSA: hda/ca0132 - Fix build error without CONFIG_PCI
A call of pci_iounmap() call without CONFIG_PCI leads to a build error
on some architectures.  We tried to address this and add a check of
IS_ENABLED(CONFIG_PCI), but this still doesn't seem enough for sh.
Ideally we should fix it globally, it's really a corner case, so let's
paper over it with a simpler ifdef.

Fixes: 1e73359a24 ("ALSA: hda/ca0132 - make pci_iounmap() call conditional")
Reported-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-02-06 07:17:17 +01:00
Charles Keepax 4f2ab5e1d1 ALSA: compress: Fix stop handling on compressed capture streams
It is normal user behaviour to start, stop, then start a stream
again without closing it. Currently this works for compressed
playback streams but not capture ones.

The states on a compressed capture stream go directly from OPEN to
PREPARED, unlike a playback stream which moves to SETUP and waits
for a write of data before moving to PREPARED. Currently however,
when a stop is sent the state is set to SETUP for both types of
streams. This leaves a capture stream in the situation where a new
start can't be sent as that requires the state to be PREPARED and
a new set_params can't be sent as that requires the state to be
OPEN. The only option being to close the stream, and then reopen.

Correct this issues by allowing snd_compr_drain_notify to set the
state depending on the stream direction, as we already do in
set_params.

Fixes: 49bb6402f1 ("ALSA: compress_core: Add support for capture streams")
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-02-05 22:01:41 +01:00
Michael S. Tsirkin 9c0644ee4a virtio: drop internal struct from UAPI
There's no reason to expose struct vring_packed in UAPI - if we do we
won't be able to change or drop it, and it's not part of any interface.

Let's move it to virtio_ring.c

Cc: Tiwei Bie <tiwei.bie@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-02-05 15:29:48 -05:00
Udo Eberhardt 3bff2407fb ALSA: usb-audio: Add support for new T+A USB DAC
This patch adds the T+A VID to the generic check in order to enable
native DSD support for T+A devices. This works with the new T+A USB
DAC model SD3100HV and will also work with future devices which
support the XMOS/Thesycon style DSD format.

Signed-off-by: Udo Eberhardt <udo.eberhardt@thesycon.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-02-05 17:21:55 +01:00
Linus Torvalds 8834f5600c Linux 5.0-rc5 2019-02-03 13:48:04 -08:00
Linus Torvalds 24b888d8d5 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
 "A few updates for x86:

   - Fix an unintended sign extension issue in the fault handling code

   - Rename the new resource control config switch so it's less
     confusing

   - Avoid setting up EFI info in kexec when the EFI runtime is
     disabled.

   - Fix the microcode version check in the AMD microcode loader so it
     only loads higher version numbers and never downgrades

   - Set EFER.LME in the 32bit trampoline before returning to long mode
     to handle older AMD/KVM behaviour properly.

   - Add Darren and Andy as x86/platform reviewers"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/resctrl: Avoid confusion over the new X86_RESCTRL config
  x86/kexec: Don't setup EFI info if EFI runtime is not enabled
  x86/microcode/amd: Don't falsely trick the late loading mechanism
  MAINTAINERS: Add Andy and Darren as arch/x86/platform/ reviewers
  x86/fault: Fix sign-extend unintended sign extension
  x86/boot/compressed/64: Set EFER.LME=1 in 32-bit trampoline before returning to long mode
  x86/cpu: Add Atom Tremont (Jacobsville)
2019-02-03 09:08:12 -08:00
Linus Torvalds cc6810e36b Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull cpu hotplug fixes from Thomas Gleixner:
 "Two fixes for the cpu hotplug machinery:

   - Replace the overly clever 'SMT disabled by BIOS' detection logic as
     it breaks KVM scenarios and prevents speculation control updates
     when the Hyperthreads are brought online late after boot.

   - Remove a redundant invocation of the speculation control update
     function"

* 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM
  x86/speculation: Remove redundant arch_smt_update() invocation
2019-02-03 09:02:03 -08:00
Linus Torvalds 58f6d4287a Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Thomas Gleixner:
 "A pile of perf updates:

   - Fix broken sanity check in the /proc/sys/kernel/perf_cpu_time_max_percent
     write handler

   - Cure a perf script crash which caused by an unitinialized data
     structure

   - Highlight the hottest instruction in perf top and not a random one

   - Cure yet another clang issue when building perf python

   - Handle topology entries with no CPU correctly in the tools

   - Handle perf data which contains both tracepoints and performance
     counter entries correctly.

   - Add a missing NULL pointer check in perf ordered_events_free()"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf script: Fix crash when processing recorded stat data
  perf top: Fix wrong hottest instruction highlighted
  perf tools: Handle TOPOLOGY headers with no CPU
  perf python: Remove -fstack-clash-protection when building with some clang versions
  perf core: Fix perf_proc_update_handler() bug
  perf script: Fix crash with printing mixed trace point and other events
  perf ordered_events: Fix crash in ordered_events__free
2019-02-03 08:59:51 -08:00
Linus Torvalds 89401be658 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull EFI fix from Thomas Gleixner:
 "The dump info for the efi page table debugging lacks a terminator
  which causes the kernel to crash when the debugfile is read"

* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  efi/arm64: Fix debugfs crash by adding a terminator for ptdump marker
2019-02-03 08:57:05 -08:00
Linus Torvalds 312b3a93dd for-5.0-rc4-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAlxWtJgACgkQxWXV+ddt
 WDsDow//ZpnyDwQWvSIfF2UUQOPlcBjbHKuBA7rU0wdybW635QYGR0mqnI+1VnMj
 7ssUkeN6N0a2gQzrUG4Y+zpdzOWv2xQ4jKZ9GMOp9gwyzEFyPkcFXOnmM8UfYtVu
 e3fK65e8BZHmTeu0kGKah4Dt1g0t4fUmhsKR4Pfp5YNJC+zuuGTwUW1K/ZQHXJ+3
 kTHc7WP1lsF7wgaZ+Gl+Kvp8fVrHVdygMVTdRBW8QaBgPLa/KExvK62jW+NmCYhj
 7OIkWdew7e8IXc3Ie5IbOomHAv7IgqqgiO9VO9+n0EpyV4UobUgxrgBKJ+0yc1Ya
 eidbKhMslwUE50y00JVm+vw0gwQHkR+hZDn/mRB6xiIeI8tu/yQIJZ6AhYJXoByR
 cu8+SNO5Z5dOZ1f146ZH8lnkr24tuSnkDUhbRDR5pdb4tAHHej2ALzhbfbwbPEpF
 IverYLw5fOMGeRU/mBsjkVadpSZ4S0HVNU85ERdhLtVLK1PSaY2UkUaA+Ii5y7au
 EYDjaGMflmJ8cAVqgtgedEff2n8OKDnzRZlz4IPLI73MVSITGZkM7PmYmYsLm2Bs
 mDPnmyqR8kzcd1RRtSeZTvqOpAIZG+QUOmD2jiKrchmp54Sz0V/HJWRs3aQybD6Q
 ph0yAcbkvgp/ewe5IFgaI0kcyH7zYdL6GtiI2WUE3/8DObgrgsA=
 =E2PP
 -----END PGP SIGNATURE-----

Merge tag 'for-5.0-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fixes from David Sterba:

 - regression fix: transaction commit can run away due to delayed ref
   waiting heuristic, this is not necessary now because of the proper
   reservation mechanism introduced in 5.0

 - regression fix: potential crash due to use-before-check of an ERR_PTR
   return value

 - fix for transaction abort during transaction commit that needs to
   properly clean up pending block groups

 - fix deadlock during b-tree node/leaf splitting, when this happens on
   some of the fundamental trees, we must prevent new tree block
   allocation to re-enter indirectly via the block group flushing path

 - potential memory leak after errors during mount

* tag 'for-5.0-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: On error always free subvol_name in btrfs_mount
  btrfs: clean up pending block groups when transaction commit aborts
  btrfs: fix potential oops in device_list_add
  btrfs: don't end the transaction for delayed refs in throttle
  Btrfs: fix deadlock when allocating tree block during leaf/node split
2019-02-03 08:48:33 -08:00
Linus Torvalds 12491ed354 A single fix for building DT bindings in-tree.
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCgAuFiEEktVUI4SxYhzZyEuo+vtdtY28YcMFAlxVtl0QHHJvYmhAa2Vy
 bmVsLm9yZwAKCRD6+121jbxhw7wHD/4qMBS9JpAki/RV3Y9NN/FwWRYC4HS59K7s
 XnCt0oQBdGeiu6hxEaZLsUMurIxsfP87YE6sM9iwiE1JqwKnPl8727BNMd8AGeGP
 dT0Q8MXY/VYksegw+IG2E2L7ILAh2TDuHBt5t8ZKFgAzxvebVo9Cjj/hCp/c9j4l
 AUAONZ/sSvyl/ejmkQWTuJpA1ns+GN/OUzHgiNytGat/1gfcNaiKJlZxChVdN7SX
 Vqwxoih/J44LYQibUEIM/WyeNwqfEA440bI0xxoIVomfEH1lV3RNmXg2lrmZrdgi
 yax9+iUzH81wzWOIlWYYLV06bqt77wyxUTOMA4thFH5pXoI9FoH4IvqC+W75Z4xN
 DSQ9rSz7Gx5uDa01ttWI5kiFMcWVqPSuzsx+6dzpmJWII5WPEqSGFA3WniiJe+fG
 pc/s2xNVXQxhvfXi+WSjFZBxv7cKtvBtIOi2oOLlmOy4MDu1BiJ8St3+1eMv4laN
 7/ZmyDMVhIL45cRn28rLZ0NZY5340nit6QcihOwpQ9LElBXPOQ1NVTEjtNlw6SPd
 RHhYIF4bVGuJKYaIB8aU4QobIKIsL0rHfr2NY0xnJNzcJ02Jr+dv1brX6Nqd9msH
 ybnQByAIBG5zrxQPZvik5v4BxEHr4JPITUrxNLkP1HNc7/Vq0HBcCJjsw/ruRLQi
 67/Zo8Ijvg==
 =cHtH
 -----END PGP SIGNATURE-----

Merge tag 'devicetree-fixes-for-5.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

Pull Devicetree fix from Rob Herring:
 "A single fix for building DT bindings in-tree"

* tag 'devicetree-fixes-for-5.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
  dt-bindings: Fix dt_binding_check target for in tree builds
2019-02-02 10:34:32 -08:00
Linus Torvalds 74b13e7efe RISC-V Fixes for 5.0-rc5
This patch set contains a handful of mostly-independent patches:
 
 * A patch that causes our port to respect TIF_NEED_RESCHED, which fixes
   CONFIG_PREEMPT=y kernels.
 * A fix to avoid double-put on OF nodes.
 * Fix a misspelling of target in our Kconfig.
 * Generic PCIe is enabled in our defconfig.
 * A fix to our SBI early console to properly handle line endings.
 * A fix such that max_low_pfn is counted in PFNs.
 * A change to TASK_UNMAPPED_BASE to match what other arches do.
 
 This has passed by standard "boot Fedora" flow.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAlxR5B4THHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRDvTKFQLMurQf7aEACfy+2EHqgTo5lzRZCwxmjzb4rm5gyH
 1GuR+2NPiwjPADxCqpO7tLFwSoLWU46K7GKfTrjXWbW2hNfBiHfPv62mPSX7dWR0
 kbUMRK0z5qm4mE1K8mmDFWPntGchuuRz1rfPI2Dv8McVybz2MbrvlrJ3zXXK/Qcu
 07cWbmeGd2RWIfj+tSYo+i5Aq4VPWQ6X00ToZlIZ4/4v69mFVgjqTIcc3Jx7unt1
 vGFRjP8jDVibwFAE1yDcUl9OCxqW/wUuwTpPW2HgN+55dktjBxvESl/pMl0AeGYk
 ehKdsaBVk/BkQT2XkYDIPxqK4Yb0VsuPOoH0Jsj+l3tSGjSeRA/LwlHiY7hALIVj
 LTg2FvEKs++hLnzwV6D5Qqj8TcdowSm/hDJttjEewM+IhLPOVGLz16yRcM9jIC7E
 1Jc6ByTo6HgVxhasF/ehT5SowJc1nOR3nS9VVd2P0yYysdN0m/kcfSgxQ1GoXMmC
 2tnMlwJO7pm8akuV2ifxUsM6KlRP47auLtTbRxuebpYnd6YKng7NRLF8Um2tgck4
 wtULBEXZCLYhHB55Lyy+wWDr7Pi3XK7qyvoTNP+AEJHcPtI23TsGKzB0Hu2unvxE
 s9r+0NGuiiuLAsR6Jba9FFSeZR7mJ9u1Bm0fz89Ob6dr1lYf0UUjqqQfHTfVZr40
 F7SqTyD+pe7IoQ==
 =Z3YY
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux

Pull RISC-V fixes from Palmer Dabbelt:
 "This contains a handful of mostly-independent patches:

   - make our port respect TIF_NEED_RESCHED, which fixes
     CONFIG_PREEMPT=y kernels

   - fix double-put of OF nodes

   - fix a misspelling of target in our Kconfig

   - generic PCIe is enabled in our defconfig

   - fix our SBI early console to properly handle line
     endings

   - fix max_low_pfn being counted in PFNs

   - a change to TASK_UNMAPPED_BASE to match what other
     arches do

  This has passed my standard 'boot Fedora' flow"

* tag 'riscv-for-linus-5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
  riscv: Adjust mmap base address at a third of task size
  riscv: fixup max_low_pfn with PFN_DOWN.
  tty/serial: use uart_console_write in the RISC-V SBL early console
  RISC-V: defconfig: Add CRYPTO_DEV_VIRTIO=y
  RISC-V: defconfig: Enable Generic PCIE by default
  RISC-V: defconfig: Move CONFIG_PCI{,E_XILINX}
  RISC-V: Kconfig: fix spelling mistake "traget" -> "target"
  RISC-V: asm/page.h: fix spelling mistake "CONFIG_64BITS" -> "CONFIG_64BIT"
  RISC-V: fix bad use of of_node_put
  RISC-V: Add _TIF_NEED_RESCHED check for kernel thread when CONFIG_PREEMPT=y
2019-02-02 10:26:14 -08:00
Linus Torvalds c8864cb70f for-linus-20190202
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAlxVxeIQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpq35EADCoVRFF8mi7wBhNvfN/yLqC9sgnqJM7vF3
 gPpm/E4MsTzCXrhgRmulrikfM8ywOT5ZBgIQp+BrhQgDZIlJ9fcyinFjU7o/gRm5
 R32IMJ4o7uh+YKWQyRSQu1WCaF3hvbNGUT7duMfTKjZ6t9TxTBgy46wYhb7YmNAP
 Ur8C1+4NfF/aHp59n6COM70KdYfswRxtgdEHGfmHAbmKDpvAeC+7I2LPpjTf5bH/
 YULnxk5sQFvCINDJH4zprZ0lSDy+63qk+Q1xxqpFNR1tnmRIVNvKhPPB5xfRLvzB
 mw3JdtwnvoY8Yv6eCs0u7mZs5L3I8zTI+4RtHH9nPD7ykIiUHpejgaRc4TGy2tox
 Dpgfc/Nvdsscpuy4QcFNHbWWBUu5pa5Li+KVS0FEP9FmD5UhcvVmZaZK+V6NuGO4
 9G9wraASFasPK7I0FMHlWLMIWKdj4s4n/H55QnP6yvFsnsrFaqnDwybUFiicjFkv
 hmNQmq8+5p0n3ZBVGQ/SI//vPUjuaFUKU2MhhW0NVz+KkgmEnOJ+W+C77//U33l+
 zhBURtdlnqfImFejEayhhtCtMATJcf2E1rHlA3nM6JyVWMRvQR6asb78QhAKZd6w
 el7rqRdWMwryUYFaROVurfOBMPFdhhyDB1qrOzAZIkhFqWwM9GX6+MH/y8+00HSA
 aA/rXg/daw==
 =8Zz+
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20190202' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:
 "A few fixes that should go into this release. This contains:

   - MD pull request from Song, fixing a recovery OOM issue (Alexei)

   - Fix for a sync related stall (Jianchao)

   - Dummy callback for timeouts (Tetsuo)

   - IDE atapi sense ordering fix (me)"

* tag 'for-linus-20190202' of git://git.kernel.dk/linux-block:
  ide: ensure atapi sense request aren't preempted
  blk-mq: fix a hung issue when fsync
  block: pass no-op callback to INIT_WORK().
  md/raid5: fix 'out of memory' during raid cache recovery
2019-02-02 10:16:28 -08:00
Linus Torvalds 3cde55ee79 SCSI fixes on 20190201
Five minor bug fixes.  The libfc one is a tiny memory leak, the zfcp
 one is an incorrect user visible parameter and the rest are on error
 legs or obscure features.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXFTUrCYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishe/hAQCDic6S
 FcD8TPv4jAt3qWun5vVCFAGCEuGet73p89sxpQEA51KcGrFjR9oCtZkd9nIzJL7M
 enGaQ0RtT8wPMSUNklE=
 =t6p4
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Five minor bug fixes.

  The libfc one is a tiny memory leak, the zfcp one is an incorrect user
  visible parameter and the rest are on error legs or obscure features"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
  scsi: bnx2fc: Fix error handling in probe()
  scsi: scsi_debug: fix write_same with virtual_gb problem
  scsi: libfc: free skb when receiving invalid flogi resp
  scsi: zfcp: fix sysfs block queue limit output for max_segment_size
2019-02-02 10:12:53 -08:00
Linus Torvalds b9de6efed2 Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
 "24 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (24 commits)
  autofs: fix error return in autofs_fill_super()
  autofs: drop dentry reference only when it is never used
  fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
  mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
  psi: clarify the Kconfig text for the default-disable option
  mm, memory_hotplug: __offline_pages fix wrong locking
  mm: hwpoison: use do_send_sig_info() instead of force_sig()
  kasan: mark file common so ftrace doesn't trace it
  init/Kconfig: fix grammar by moving a closing parenthesis
  lib/test_kmod.c: potential double free in error handling
  mm, oom: fix use-after-free in oom_kill_process
  mm/hotplug: invalid PFNs from pfn_to_online_page()
  mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages
  psi: fix aggregation idle shut-off
  mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
  mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
  oom, oom_reaper: do not enqueue same task twice
  mm: migrate: make buffer_migrate_page_norefs() actually succeed
  kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
  x86_64: increase stack size for KASAN_EXTRA
  ...
2019-02-02 09:32:58 -08:00
Qian Cai 74c953ca5f efi/arm64: Fix debugfs crash by adding a terminator for ptdump marker
When reading 'efi_page_tables' debugfs triggers an out-of-bounds access here:

  arch/arm64/mm/dump.c: 282
  if (addr >= st->marker[1].start_address) {

called from:

  arch/arm64/mm/dump.c: 331
  note_page(st, addr, 2, pud_val(pud));

because st->marker++ is is called after "UEFI runtime end" which is the
last element in addr_marker[]. Therefore, add a terminator like the one
for kernel_page_tables, so it can be skipped to print out non-existent
markers.

Here's the KASAN bug report:

  # cat /sys/kernel/debug/efi_page_tables
  ---[ UEFI runtime start ]---
  0x0000000020000000-0x0000000020010000          64K PTE       RW NX SHD AF ...
  0x0000000020200000-0x0000000021340000       17664K PTE       RW NX SHD AF ...
  ...
  0x0000000021920000-0x0000000021950000         192K PTE       RW x  SHD AF ...
  0x0000000021950000-0x00000000219a0000         320K PTE       RW NX SHD AF ...
  ---[ UEFI runtime end ]---
  ---[ (null) ]---
  ---[ (null) ]---

   BUG: KASAN: global-out-of-bounds in note_page+0x1f0/0xac0
   Read of size 8 at addr ffff2000123f2ac0 by task read_all/42464
   Call trace:
    dump_backtrace+0x0/0x298
    show_stack+0x24/0x30
    dump_stack+0xb0/0xdc
    print_address_description+0x64/0x2b0
    kasan_report+0x150/0x1a4
    __asan_report_load8_noabort+0x30/0x3c
    note_page+0x1f0/0xac0
    walk_pgd+0xb4/0x244
    ptdump_walk_pgd+0xec/0x140
    ptdump_show+0x40/0x50
    seq_read+0x3f8/0xad0
    full_proxy_read+0x9c/0xc0
    __vfs_read+0xfc/0x4c8
    vfs_read+0xec/0x208
    ksys_read+0xd0/0x15c
    __arm64_sys_read+0x84/0x94
    el0_svc_handler+0x258/0x304
    el0_svc+0x8/0xc

  The buggy address belongs to the variable:
   __compound_literal.0+0x20/0x800

  Memory state around the buggy address:
   ffff2000123f2980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   ffff2000123f2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
  >ffff2000123f2a80: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00
                                            ^
   ffff2000123f2b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   ffff2000123f2b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

[ ardb: fix up whitespace ]
[ mingo: fix up some moar ]

Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Fixes: 9d80448ac9 ("efi/arm64: Add debugfs node to dump UEFI runtime page tables")
Link: http://lkml.kernel.org/r/20190202095017.13799-2-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2019-02-02 11:27:29 +01:00
Johannes Weiner e6d429313e x86/resctrl: Avoid confusion over the new X86_RESCTRL config
"Resource Control" is a very broad term for this CPU feature, and a term
that is also associated with containers, cgroups etc. This can easily
cause confusion.

Make the user prompt more specific. Match the config symbol name.

 [ bp: In the future, the corresponding ARM arch-specific code will be
   under ARM_CPU_RESCTRL and the arch-agnostic bits will be carved out
   under the CPU_RESCTRL umbrella symbol. ]

Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Babu Moger <Babu.Moger@amd.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Morse <james.morse@arm.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: linux-doc@vger.kernel.org
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Pu Wen <puwen@hygon.cn>
Cc: Reinette Chatre <reinette.chatre@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190130195621.GA30653@cmpxchg.org
2019-02-02 10:34:52 +01:00
Linus Torvalds cd984a5be2 xtensa fixes for v5.0-rc5
- fix ccount_timer_shutdown for secondary CPUs;
 - fix secondary CPU initialization;
 - fix secondary CPU reset vector clash with double exception vector;
 - fix present CPUs when booting with 'maxcpus' parameter;
 - limit possible CPUs by configured NR_CPUS;
 - issue a warning if xtensa PIC is asked to retrigger anything other
   than software IRQ;
 - fix masking/unmasking of the first two IRQs on xtensa MX PIC;
 - fix typo in Kconfig description for user space unaligned access
   feature;
 - fix Kconfig warning for selecting BUILTIN_DTB.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEK2eFS5jlMn3N6xfYUfnMkfg/oEQFAlxUn8MTHGpjbXZia2Jj
 QGdtYWlsLmNvbQAKCRBR+cyR+D+gRAX6D/4oOJd7TghbVdSC82rIQXRBxmlWB1YV
 tPtb/W3qrkkM8c693FbAoLFNoikYFftzn4EomTz1KtkBxq7HjZmmphiTU5E23Zg5
 nonnBkcFnm4Yfr4gLaTJl3rMqJNbDTMg6EyCPRHVI43Ux1jA9j/T2MN/dMZox+5a
 PU2q8k/HHDAlumOPj93MIKBb8XA9Sq9Jfpw2Jnlc0r8b4fR/9pKfVPOcsqs/jv3x
 BFIIH/vPvl2/j+DShpFcYnK8VgRo6zj2ny343J4zYqXspky43ZMMIaE/ZpkT592b
 uheDQYHAHvpZT+FD8waE5P5quBS5P+CmZIbuz7YTxB1VTcoV+OGGCpAvpj5CqmNr
 Mj2f3Yar+4q/QczHP+/42zGVDoJ/3dLBIu9IqSjWkY90qgncd9TD+dMWzI2ejJU7
 LPMIAw//Y/L4m3TAg84GFfGkOjzGQUXGQGl+9sqIr3eOWgoouXatq6L4F2CxCnz2
 zMKT0HFzdxs1gt13oRngugyfK1xRF0H5DW2eNt4dsFURIeIUP5cqou0v+b+CA3Li
 sbvI6yJ0g9tRf1f0yDnSRlvm0nB56zsXKGz5uuD6MiMOleUM3N41+IqCPHwuH0F1
 wNyYSWZEkt1t88rQxnter1+sDpi4brW0BZMVUSHsf+USqcwMrwu9ZmFKj08nihMP
 dCEHHlVGizOEsQ==
 =Pim9
 -----END PGP SIGNATURE-----

Merge tag 'xtensa-20190201' of git://github.com/jcmvbkbc/linux-xtensa

Pull xtensa fixes from Max Filippov:

 - fix ccount_timer_shutdown for secondary CPUs

 - fix secondary CPU initialization

 - fix secondary CPU reset vector clash with double exception vector

 - fix present CPUs when booting with 'maxcpus' parameter

 - limit possible CPUs by configured NR_CPUS

 - issue a warning if xtensa PIC is asked to retrigger anything other
   than software IRQ

 - fix masking/unmasking of the first two IRQs on xtensa MX PIC

 - fix typo in Kconfig description for user space unaligned access
   feature

 - fix Kconfig warning for selecting BUILTIN_DTB

* tag 'xtensa-20190201' of git://github.com/jcmvbkbc/linux-xtensa:
  xtensa: SMP: limit number of possible CPUs by NR_CPUS
  xtensa: rename BUILTIN_DTB to BUILTIN_DTB_SOURCE
  xtensa: Fix typo use space=>user space
  drivers/irqchip: xtensa-mx: fix mask and unmask
  drivers/irqchip: xtensa: add warning to irq_retrigger
  xtensa: SMP: mark each possible CPU as present
  xtensa: smp_lx200_defconfig: fix vectors clash
  xtensa: SMP: fix secondary CPU initialization
  xtensa: SMP: fix ccount_timer_shutdown
2019-02-01 16:56:30 -08:00
Linus Torvalds 8b050fe42d arm64 fixes for -rc5
- Fix module loading when KASLR is configured but disabled at runtime
 
 - Fix accidental IPI when mapping user executable pages
 
 - Ensure hyp-stub and KVM world switch code cannot be kprobed
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAlxUWvEACgkQt6xw3ITB
 YzTNGwgAgAk1D4xfe01rasMK8dnogIMNbpxeeAuiwwFuXq/lBqo2UDX8UMt6qW9k
 b0rLpzyVelhPRJ3lQ90XvIv279cFBjHQT42YyVLlAnzkYz89kPKZweE7cWetO3sV
 kB7uJIaCfstGAp13p2ztN1KzHeIFKxk14gUa9jgmVdbHdJt+L5WdNUExs4+0jgnq
 lxBPWwvluzEc6mmpniIpF7em+svIci5M4al2gjxKVO7DI5slphOEZ4+VSGeSDxTI
 jOzTilS8UfldEnwjndl/hKes9r65afeLSDXvkJTTpfXB9jnKS54FJzy1QCibSRLT
 SHY9xkA3VEgJBifmpCEuJoNs2XaBFQ==
 =Eh1r
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "Although we're still debugging a few minor arm64-specific issues in
  mainline, I didn't want to hold this lot up in the meantime.

  We've got an additional KASLR fix after the previous one wasn't quite
  complete, a fix for a performance regression when mapping executable
  pages into userspace and some fixes for kprobe blacklisting. All
  candidates for stable.

  Summary:

   - Fix module loading when KASLR is configured but disabled at runtime

   - Fix accidental IPI when mapping user executable pages

   - Ensure hyp-stub and KVM world switch code cannot be kprobed"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: hibernate: Clean the __hyp_text to PoC after resume
  arm64: hyp-stub: Forbid kprobing of the hyp-stub
  arm64: kprobe: Always blacklist the KVM world-switch code
  arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
  arm64: Do not issue IPIs for user executable ptes
2019-02-01 16:54:25 -08:00
Linus Torvalds 33640d718c SMB3 fixes, some from this week's SMB3 test evemt, 5 for stable and a particularly important one for queryxattr (see xfstests 70 and 117)
-----BEGIN PGP SIGNATURE-----
 
 iQGyBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAlxUf8kACgkQiiy9cAdy
 T1Fy8Qv4rlgVRBPcSJpvZKhFjMd5KskVIDnP0tOc5od+Mg+547eAg7UKKnJVDgKS
 OUtiP8uC/UErWvQ214hoXF1sMwoG+rDdTRdIOVDLD2a2gIIJzaIPADhYt4w5kiAX
 nO9NwPwk03KTzNUQmpdFPofbLK4csmJUR4kBNE+XhZTulmw9BkplGXnNkQGjsEdf
 nY6YdfqofE//DmR/KB1BylD0lxDtnfuB5zoELPmM6X4iWtD9W6pKVg23huEv+Dmh
 80LdYt77vI4RKEzOAmsYEpROdAmlCksVQC1nlh5EHOuMN/9TCdpdWRahJWWhbbKr
 /b8TuD+0QUUKEQdGvwM8DM/OCjnwoJphzI8CK1VzRpM4XkZxpQTzng2zVFPNzs4Y
 wwKCsxxTO7ePGg6hE/DTnRn9XJtKbR1nQsIjHcw6rE0ydl+P6YRZDUEehqyRU+jd
 Z09XCPS1+zeUPE6PRE9wlrIt7QdxOynufhaWRKf18b2b4cfKbNGcd+rMMZPagUQe
 x2CMkEU=
 =qX/z
 -----END PGP SIGNATURE-----

Merge tag '5.0-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb3 fixes from Steve French:
 "SMB3 fixes, some from this week's SMB3 test evemt, 5 for stable and a
  particularly important one for queryxattr (see xfstests 70 and 117)"

* tag '5.0-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: update internal module version number
  CIFS: fix use-after-free of the lease keys
  CIFS: Do not consider -ENODATA as stat failure for reads
  CIFS: Do not count -ENODATA as failure for query directory
  CIFS: Fix trace command logging for SMB2 reads and writes
  CIFS: Fix possible oops and memory leaks in async IO
  cifs: limit amount of data we request for xattrs to CIFSMaxBufSize
  cifs: fix computation for MAX_SMB2_HDR_SIZE
2019-02-01 16:53:01 -08:00
Linus Torvalds b7bd29b530 Bug Fixes
- Fix aa_label_build() error handling for failed merges
 - Fix warning about unused function apparmor_ipv6_postroute
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE7cSDD705q2rFEEf7BS82cBjVw9gFAlxUbasACgkQBS82cBjV
 w9hEyA//XLzkJ6mdreIWLSO0KO8dwCwpWyJ5EFIx3R+2Nrz3BVN2/Ysg+GZ2oEdD
 iF8OEVW/RBjapHbtZeruu8tqfU9i3WYyc/cIpsdZTZ2yIfRikyV/bT21/XggAe4g
 cGhcNVvTpVxwDFHT1YdQFHeDrcJ4nHeGVcErQ0oDV3KJRIUII8uKUmJzxiFqFQjq
 iPZHcaU3b65RrPIaxfEIk6anBW9UwInnXBdOQqjxLCg1efLBfmpT3HpUbfQrTmIq
 zh2xSgTFVS8jRbg8N7HIQDR8GZTew1x6yWx6v84fE+8NfqXEuOwo3+EPGcJWfB4i
 9W+nLlmyrJ5wyFJ4dpWzj7ZMAwuZYKSOSgXIVh2ew9bI13KUthymQ+pWJ6S91Rxf
 Z3zPzjHG3RuyeHuZqiNknM6iXgmfR+PaVk2aq22No40BsXiNjTO8l0kSH36HQKCh
 vpOC1VVXq7B0+Xe6FVQd5R1KydXwO2DrYkO4ygyrYqWXD0F6bFhQyZJlbf2las7B
 DtGjC6+nhh9eQPaYDQ5IIJEhFmNSqE+q+yRqNgcN1vj+gPEayw2KqG67Nt50UjmW
 6Lz3tTZJIw8NRSgUYqRzsJfocCADRamHgysWD+etd3mPnQbFXU5Nx6qwztcpzISP
 fHZY75etD+fkg7pR4FvzqO7EpACtZnk/Yx2BTEjUOnTuUY9hjc0=
 =dMPT
 -----END PGP SIGNATURE-----

Merge tag 'apparmor-pr-2019-02-01' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor

Pull apparmor bug fixes from John Johansen:
 "Two bug fixes for apparmor:

   - Fix aa_label_build() error handling for failed merges

   - Fix warning about unused function apparmor_ipv6_postroute"

* tag 'apparmor-pr-2019-02-01' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
  apparmor: Fix aa_label_build() error handling for failed merges
  apparmor: Fix warning about unused function apparmor_ipv6_postroute
2019-02-01 16:18:38 -08:00
Ian Kent f585b283e3 autofs: fix error return in autofs_fill_super()
In autofs_fill_super() on error of get inode/make root dentry the return
should be ENOMEM as this is the only failure case of the called
functions.

Link: http://lkml.kernel.org/r/154725123240.11260.796773942606871359.stgit@pluto-themaw-net
Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-01 15:46:24 -08:00
Pan Bian 63ce5f552b autofs: drop dentry reference only when it is never used
autofs_expire_run() calls dput(dentry) to drop the reference count of
dentry.  However, dentry is read via autofs_dentry_ino(dentry) after
that.  This may result in a use-free-bug.  The patch drops the reference
count of dentry only when it is never used.

Link: http://lkml.kernel.org/r/154725122396.11260.16053424107144453867.stgit@pluto-themaw-net
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-01 15:46:24 -08:00
Jan Kara c27d82f52f fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
When superblock has lots of inodes without any pagecache (like is the
case for /proc), drop_pagecache_sb() will iterate through all of them
without dropping sb->s_inode_list_lock which can lead to softlockups
(one of our customers hit this).

Fix the problem by going to the slow path and doing cond_resched() in
case the process needs rescheduling.

Link: http://lkml.kernel.org/r/20190114085343.15011-1-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Acked-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-01 15:46:24 -08:00
David Hildenbrand e0a352fabc mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
We had a race in the old balloon compaction code before b1123ea6d3
("mm: balloon: use general non-lru movable page feature") refactored it
that became visible after backporting 195a8c43e9 ("virtio-balloon:
deflate via a page list") without the refactoring.

The bug existed from commit d6d86c0a7f ("mm/balloon_compaction:
redesign ballooned pages management") till b1123ea6d3 ("mm: balloon:
use general non-lru movable page feature").  d6d86c0a7f
("mm/balloon_compaction: redesign ballooned pages management") was
backported to 3.12, so the broken kernels are stable kernels [3.12 -
4.7].

There was a subtle race between dropping the page lock of the newpage in
__unmap_and_move() and checking for __is_movable_balloon_page(newpage).

Just after dropping this page lock, virtio-balloon could go ahead and
deflate the newpage, effectively dequeueing it and clearing PageBalloon,
in turn making __is_movable_balloon_page(newpage) fail.

This resulted in dropping the reference of the newpage via
putback_lru_page(newpage) instead of put_page(newpage), leading to
page->lru getting modified and a !LRU page ending up in the LRU lists.
With 195a8c43e9 ("virtio-balloon: deflate via a page list")
backported, one would suddenly get corrupted lists in
release_pages_balloon():

- WARNING: CPU: 13 PID: 6586 at lib/list_debug.c:59 __list_del_entry+0xa1/0xd0
- list_del corruption. prev->next should be ffffe253961090a0, but was dead000000000100

Nowadays this race is no longer possible, but it is hidden behind very
ugly handling of __ClearPageMovable() and __PageMovable().

__ClearPageMovable() will not make __PageMovable() fail, only
PageMovable().  So the new check (__PageMovable(newpage)) will still
hold even after newpage was dequeued by virtio-balloon.

If anybody would ever change that special handling, the BUG would be
introduced again.  So instead, make it explicit and use the information
of the original isolated page before migration.

This patch can be backported fairly easy to stable kernels (in contrast
to the refactoring).

Link: http://lkml.kernel.org/r/20190129233217.10747-1-david@redhat.com
Fixes: d6d86c0a7f ("mm/balloon_compaction: redesign ballooned pages management")
Signed-off-by: David Hildenbrand <david@redhat.com>
Reported-by: Vratislav Bendel <vbendel@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Rafael Aquini <aquini@redhat.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Vratislav Bendel <vbendel@redhat.com>
Cc: Rafael Aquini <aquini@redhat.com>
Cc: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: <stable@vger.kernel.org>	[3.12 - 4.7]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-01 15:46:24 -08:00
Johannes Weiner 7b2489d37e psi: clarify the Kconfig text for the default-disable option
The current help text caused some confusion in online forums about
whether or not to default-enable or default-disable psi in vendor
kernels.  This is because it doesn't communicate the reason for why we
made this setting configurable in the first place: that the overhead is
non-zero in an artificial scheduler stress test.

Since this isn't representative of real workloads, and the effect was
not measurable in scheduler-heavy real world applications such as the
webservers and memcache installations at Facebook, it's fair to point
out that this is a pretty cautious option to select.

Link: http://lkml.kernel.org/r/20190129233617.16767-1-hannes@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-01 15:46:24 -08:00
Michal Hocko e3df4c6e48 mm, memory_hotplug: __offline_pages fix wrong locking
Jan has noticed that we do double unlock on some failure paths when
offlining a page range.  This is indeed the case when
test_pages_in_a_zone respp.  start_isolate_page_range fail.  This was an
omission when forward porting the debugging patch from an older kernel.

Fix the issue by dropping mem_hotplug_done from the failure condition
and keeping the single unlock in the catch all failure path.

Link: http://lkml.kernel.org/r/20190115120307.22768-1-mhocko@kernel.org
Fixes: 7960509329 ("mm, memory_hotplug: print reason for the offlining failure")
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reported-by: Jan Kara <jack@suse.cz>
Reviewed-by: Jan Kara <jack@suse.cz>
Tested-by: Jan Kara <jack@suse.cz>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-01 15:46:23 -08:00
Naoya Horiguchi 6376360ecb mm: hwpoison: use do_send_sig_info() instead of force_sig()
Currently memory_failure() is racy against process's exiting, which
results in kernel crash by null pointer dereference.

The root cause is that memory_failure() uses force_sig() to forcibly
kill asynchronous (meaning not in the current context) processes.  As
discussed in thread https://lkml.org/lkml/2010/6/8/236 years ago for OOM
fixes, this is not a right thing to do.  OOM solves this issue by using
do_send_sig_info() as done in commit d2d393099d ("signal:
oom_kill_task: use SEND_SIG_FORCED instead of force_sig()"), so this
patch is suggesting to do the same for hwpoison.  do_send_sig_info()
properly accesses to siglock with lock_task_sighand(), so is free from
the reported race.

I confirmed that the reported bug reproduces with inserting some delay
in kill_procs(), and it never reproduces with this patch.

Note that memory_failure() can send another type of signal using
force_sig_mceerr(), and the reported race shouldn't happen on it because
force_sig_mceerr() is called only for synchronous processes (i.e.
BUS_MCEERR_AR happens only when some process accesses to the corrupted
memory.)

Link: http://lkml.kernel.org/r/20190116093046.GA29835@hori1.linux.bs1.fc.nec.co.jp
Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Reported-by: Jane Chu <jane.chu@oracle.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: William Kucharski <william.kucharski@oracle.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-01 15:46:23 -08:00
Anders Roxell 0d0c8de878 kasan: mark file common so ftrace doesn't trace it
When option CONFIG_KASAN is enabled toghether with ftrace, function
ftrace_graph_caller() gets in to a recursion, via functions
kasan_check_read() and kasan_check_write().

 Breakpoint 2, ftrace_graph_caller () at ../arch/arm64/kernel/entry-ftrace.S:179
 179             mcount_get_pc             x0    //     function's pc
 (gdb) bt
 #0  ftrace_graph_caller () at ../arch/arm64/kernel/entry-ftrace.S:179
 #1  0xffffff90101406c8 in ftrace_caller () at ../arch/arm64/kernel/entry-ftrace.S:151
 #2  0xffffff90106fd084 in kasan_check_write (p=0xffffffc06c170878, size=4) at ../mm/kasan/common.c:105
 #3  0xffffff90104a2464 in atomic_add_return (v=<optimized out>, i=<optimized out>) at ./include/generated/atomic-instrumented.h:71
 #4  atomic_inc_return (v=<optimized out>) at ./include/generated/atomic-fallback.h:284
 #5  trace_graph_entry (trace=0xffffffc03f5ff380) at ../kernel/trace/trace_functions_graph.c:441
 #6  0xffffff9010481774 in trace_graph_entry_watchdog (trace=<optimized out>) at ../kernel/trace/trace_selftest.c:741
 #7  0xffffff90104a185c in function_graph_enter (ret=<optimized out>, func=<optimized out>, frame_pointer=18446743799894897728, retp=<optimized out>) at ../kernel/trace/trace_functions_graph.c:196
 #8  0xffffff9010140628 in prepare_ftrace_return (self_addr=18446743592948977792, parent=0xffffffc03f5ff418, frame_pointer=18446743799894897728) at ../arch/arm64/kernel/ftrace.c:231
 #9  0xffffff90101406f4 in ftrace_graph_caller () at ../arch/arm64/kernel/entry-ftrace.S:182
 Backtrace stopped: previous frame identical to this frame (corrupt stack?)
 (gdb)

Rework so that the kasan implementation isn't traced.

Link: http://lkml.kernel.org/r/20181212183447.15890-1-anders.roxell@linaro.org
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Acked-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-01 15:46:23 -08:00
Jonathan Neuschäfer 9807683384 init/Kconfig: fix grammar by moving a closing parenthesis
Link: http://lkml.kernel.org/r/20190129150813.15785-1-j.neuschaefer@gmx.net
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-01 15:46:23 -08:00
Dan Carpenter db7ddeab3c lib/test_kmod.c: potential double free in error handling
There is a copy and paste bug so we set "config->test_driver" to NULL
twice instead of setting "config->test_fs".  Smatch complains that it
leads to a double free:

  lib/test_kmod.c:840 __kmod_config_init() warn: 'config->test_fs' double freed

Link: http://lkml.kernel.org/r/20190121140011.GA14283@kadam
Fixes: d9c6a72d6f ("kmod: add test driver to stress test the module loader")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-01 15:46:23 -08:00