Daniel Axtens [Wed, 18 Dec 2019 04:51:49 +0000 (20:51 -0800)]
kasan: don't assume percpu shadow allocations will succeed
syzkaller and the fault injector showed that I was wrong to assume that
we could ignore percpu shadow allocation failures.
Handle failures properly. Merge all the allocated areas back into the
free list and release the shadow, then clean up and return NULL. The
shadow is released unconditionally, which relies upon the fact that the
release function is able to tolerate pages not being present.
Also clean up shadows in the recovery path - currently they are not
released, which leaks a bit of memory.
Link: http://lkml.kernel.org/r/20191205140407.1874-3-dja@axtens.net
Fixes:
3c5c3cfb9ef4 ("kasan: support backing vmalloc space with real shadow memory")
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reported-by: syzbot+82e323920b78d54aaed5@syzkaller.appspotmail.com
Reported-by: syzbot+59b7daa4315e07a994f1@syzkaller.appspotmail.com
Reviewed-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Qian Cai <cai@lca.pw>
Cc: Uladzislau Rezki (Sony) <urezki@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Daniel Axtens [Wed, 18 Dec 2019 04:51:46 +0000 (20:51 -0800)]
kasan: use apply_to_existing_page_range() for releasing vmalloc shadow
kasan_release_vmalloc uses apply_to_page_range to release vmalloc
shadow. Unfortunately, apply_to_page_range can allocate memory to fill
in page table entries, which is not what we want.
Also, kasan_release_vmalloc is called under free_vmap_area_lock, so if
apply_to_page_range does allocate memory, we get a sleep in atomic bug:
BUG: sleeping function called from invalid context at mm/page_alloc.c:4681
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 15087, name:
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x199/0x216 lib/dump_stack.c:118
___might_sleep.cold.97+0x1f5/0x238 kernel/sched/core.c:6800
__might_sleep+0x95/0x190 kernel/sched/core.c:6753
prepare_alloc_pages mm/page_alloc.c:4681 [inline]
__alloc_pages_nodemask+0x3cd/0x890 mm/page_alloc.c:4730
alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2211
alloc_pages include/linux/gfp.h:532 [inline]
__get_free_pages+0xc/0x40 mm/page_alloc.c:4786
__pte_alloc_one_kernel include/asm-generic/pgalloc.h:21 [inline]
pte_alloc_one_kernel include/asm-generic/pgalloc.h:33 [inline]
__pte_alloc_kernel+0x1d/0x200 mm/memory.c:459
apply_to_pte_range mm/memory.c:2031 [inline]
apply_to_pmd_range mm/memory.c:2068 [inline]
apply_to_pud_range mm/memory.c:2088 [inline]
apply_to_p4d_range mm/memory.c:2108 [inline]
apply_to_page_range+0x77d/0xa00 mm/memory.c:2133
kasan_release_vmalloc+0xa7/0xc0 mm/kasan/common.c:970
__purge_vmap_area_lazy+0xcbb/0x1f30 mm/vmalloc.c:1313
try_purge_vmap_area_lazy mm/vmalloc.c:1332 [inline]
free_vmap_area_noflush+0x2ca/0x390 mm/vmalloc.c:1368
free_unmap_vmap_area mm/vmalloc.c:1381 [inline]
remove_vm_area+0x1cc/0x230 mm/vmalloc.c:2209
vm_remove_mappings mm/vmalloc.c:2236 [inline]
__vunmap+0x223/0xa20 mm/vmalloc.c:2299
__vfree+0x3f/0xd0 mm/vmalloc.c:2356
__vmalloc_area_node mm/vmalloc.c:2507 [inline]
__vmalloc_node_range+0x5d5/0x810 mm/vmalloc.c:2547
__vmalloc_node mm/vmalloc.c:2607 [inline]
__vmalloc_node_flags mm/vmalloc.c:2621 [inline]
vzalloc+0x6f/0x80 mm/vmalloc.c:2666
alloc_one_pg_vec_page net/packet/af_packet.c:4233 [inline]
alloc_pg_vec net/packet/af_packet.c:4258 [inline]
packet_set_ring+0xbc0/0x1b50 net/packet/af_packet.c:4342
packet_setsockopt+0xed7/0x2d90 net/packet/af_packet.c:3695
__sys_setsockopt+0x29b/0x4d0 net/socket.c:2117
__do_sys_setsockopt net/socket.c:2133 [inline]
__se_sys_setsockopt net/socket.c:2130 [inline]
__x64_sys_setsockopt+0xbe/0x150 net/socket.c:2130
do_syscall_64+0xfa/0x780 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Switch to using the apply_to_existing_page_range() helper instead, which
won't allocate memory.
[akpm@linux-foundation.org: s/apply_to_existing_pages/apply_to_existing_page_range/]
Link: http://lkml.kernel.org/r/20191205140407.1874-2-dja@axtens.net
Fixes:
3c5c3cfb9ef4 ("kasan: support backing vmalloc space with real shadow memory")
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Qian Cai <cai@lca.pw>
Cc: Uladzislau Rezki (Sony) <urezki@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Daniel Axtens [Wed, 18 Dec 2019 04:51:41 +0000 (20:51 -0800)]
mm/memory.c: add apply_to_existing_page_range() helper
apply_to_page_range() takes an address range, and if any parts of it are
not covered by the existing page table hierarchy, it allocates memory to
fill them in.
In some use cases, this is not what we want - we want to be able to
operate exclusively on PTEs that are already in the tables.
Add apply_to_existing_page_range() for this. Adjust the walker
functions for apply_to_page_range to take 'create', which switches them
between the old and new modes.
This will be used in KASAN vmalloc.
[akpm@linux-foundation.org: reduce code duplication]
[akpm@linux-foundation.org: s/apply_to_existing_pages/apply_to_existing_page_range/]
[akpm@linux-foundation.org: initialize __apply_to_page_range::err]
Link: http://lkml.kernel.org/r/20191205140407.1874-1-dja@axtens.net
Signed-off-by: Daniel Axtens <dja@axtens.net>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Uladzislau Rezki (Sony) <urezki@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Daniel Axtens <dja@axtens.net>
Cc: Qian Cai <cai@lca.pw>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrey Ryabinin [Wed, 18 Dec 2019 04:51:38 +0000 (20:51 -0800)]
kasan: fix crashes on access to memory mapped by vm_map_ram()
With CONFIG_KASAN_VMALLOC=y any use of memory obtained via vm_map_ram()
will crash because there is no shadow backing that memory.
Instead of sprinkling additional kasan_populate_vmalloc() calls all over
the vmalloc code, move it into alloc_vmap_area(). This will fix
vm_map_ram() and simplify the code a bit.
[aryabinin@virtuozzo.com: v2]
Link: http://lkml.kernel.org/r/20191205095942.1761-1-aryabinin@virtuozzo.comLink:
Fixes:
3c5c3cfb9ef4 ("kasan: support backing vmalloc space with real shadow memory")
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Cc: Daniel Axtens <dja@axtens.net>
Cc: Alexander Potapenko <glider@google.com>
Cc: Daniel Axtens <dja@axtens.net>
Cc: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 17 Dec 2019 21:27:02 +0000 (13:27 -0800)]
Merge tag 'for-5.5-rc2-tag' of git://git./linux/kernel/git/kdave/linux
Pull btrfs fixes from David Sterba:
"A mix of regression fixes and regular fixes for stable trees:
- fix swapped error messages for qgroup enable/rescan
- fixes for NO_HOLES feature with clone range
- fix deadlock between iget/srcu lock/synchronize srcu while freeing
an inode
- fix double lock on subvolume cross-rename
- tree log fixes
* fix missing data checksums after replaying a log tree
* also teach tree-checker about this problem
* skip log replay on orphaned roots
- fix maximum devices constraints for RAID1C -3 and -4
- send: don't print warning on read-only mount regarding orphan
cleanup
- error handling fixes"
* tag 'for-5.5-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
btrfs: send: remove WARN_ON for readonly mount
btrfs: do not leak reloc root if we fail to read the fs root
btrfs: skip log replay on orphaned roots
btrfs: handle ENOENT in btrfs_uuid_tree_iterate
btrfs: abort transaction after failed inode updates in create_subvol
Btrfs: fix hole extent items with a zero size after range cloning
Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues
Btrfs: make tree checker detect checksum items with overlapping ranges
Btrfs: fix missing data checksums after replaying a log tree
btrfs: return error pointer from alloc_test_extent_buffer
btrfs: fix devs_max constraints for raid1c3 and raid1c4
btrfs: tree-checker: Fix error format string for size_t
btrfs: don't double lock the subvol_sem for rename exchange
btrfs: handle error in btrfs_cache_block_group
btrfs: do not call synchronize_srcu() in inode_tree_del
Btrfs: fix cloning range with a hole when using the NO_HOLES feature
btrfs: Fix error messages in qgroup_rescan_init
Linus Torvalds [Tue, 17 Dec 2019 21:10:11 +0000 (13:10 -0800)]
early init: fix error handling when opening /dev/console
The comment says "this should never fail", but it definitely can fail
when you have odd initial boot filesystems, or kernel configurations.
So get the error handling right: filp_open() returns an error pointer.
Reported-by: Jesse Barnes <jsbarnes@google.com>
Reported-by: youling 257 <youling257@gmail.com>
Fixes:
8243186f0cc7 ("fs: remove ksys_dup()")
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 17 Dec 2019 21:08:41 +0000 (13:08 -0800)]
Merge tag 'regulator-fix-v5.5-rc2' of git://git./linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"A small set of fixes for mostly minor issues here, the only real code
ones are Wen Yang's fixes for error handling in the core and Christian
Marussi's list_voltage() change which is a fix for disruptively bad
performance for regulators with continuous voltage control (which are
rare)"
* tag 'regulator-fix-v5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: rn5t618: fix module aliases
regulator: max77650: add of_match table
regulator: core: avoid unneeded .list_voltage calls
regulator: s5m8767: Fix a warning message
regulator: core: fix regulator_register() error paths to properly release rdev
regulator: fix use after free issue
Linus Torvalds [Tue, 17 Dec 2019 21:06:31 +0000 (13:06 -0800)]
Merge tag 'spi-fix-v5.5-rc2' of git://git./linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A relatively large set of fixes here, the biggest part of it is for
fallout from the GPIO descriptor rework that affected several of the
devices with usable native chip select support. There's also some new
PCI IDs for Intel Jasper Lake devices.
The conversion to platform_get_irq() in the fsl driver is an
incremental fix for build errors introduced on SPARC by the earlier
fix for error handling in probe in that driver"
* tag 'spi-fix-v5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: fsl: use platform_get_irq() instead of of_irq_to_resource()
spi: nxp-fspi: Ensure width is respected in spi-mem operations
spi: spi-ti-qspi: Fix a bug when accessing non default CS
spi: fsl: don't map irq during probe
spi: spi-cavium-thunderx: Add missing pci_release_regions()
spi: sprd: Fix the incorrect SPI register
gpiolib: of: Make of_gpio_spi_cs_get_count static
spi: fsl: Handle the single hardwired chipselect case
gpio: Handle counting of Freescale chipselects
spi: fsl: Fix GPIO descriptor support
spi: dw: Correct handling of native chipselect
spi: cadence: Correct handling of native chipselect
spi: pxa2xx: Add support for Intel Jasper Lake
Linus Torvalds [Tue, 17 Dec 2019 19:17:03 +0000 (11:17 -0800)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 fix from Ingo Molnar:
"Fix kexec booting with certain EFI memory map layouts"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/efi: Update e820 with reserved EFI boot services data to fix kexec breakage
Linus Torvalds [Tue, 17 Dec 2019 19:11:08 +0000 (11:11 -0800)]
Merge branch 'timers-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull timer fixes from Ingo Molnar:
"Add HPET quirks for the Intel 'Coffee Lake H' and 'Ice Lake' platforms"
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/intel: Disable HPET on Intel Ice Lake platforms
x86/intel: Disable HPET on Intel Coffee Lake H platforms
Linus Torvalds [Tue, 17 Dec 2019 19:09:05 +0000 (11:09 -0800)]
Merge branch 'sched-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull scheduler fix from Ingo Molnar:
"Fix the guest-nice cpustat values in /proc"
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/cputime, proc/stat: Fix incorrect guest nice cpustat value
Linus Torvalds [Tue, 17 Dec 2019 19:03:57 +0000 (11:03 -0800)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull perf tooling fixes from Ingo Molnar:
"These are all perf tooling changes: most of them are fixes.
Note that the large CPU count related fixes go beyond regression
fixes, but the IPI-flood symptoms are severe enough that I think
justifies their inclusion"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (38 commits)
perf vendor events s390: Remove name from L1D_RO_EXCL_WRITES description
perf vendor events s390: Fix counter long description for DTLB1_GPAGE_WRITES
libtraceevent: Allow custom libdir path
perf header: Fix false warning when there are no duplicate cache entries
perf metricgroup: Fix printing event names of metric group with multiple events
perf/x86/pmu-events: Fix Kernel_Utilization metric
perf top: Do not bail out when perf_env__read_cpuid() returns ENOSYS
perf arch: Make the default get_cpuid() return compatible error
tools headers kvm: Sync linux/kvm.h with the kernel sources
tools headers UAPI: Update tools's copy of drm.h headers
tools headers UAPI: Sync drm/i915_drm.h with the kernel sources
perf inject: Fix processing of ID index for injected instruction tracing
perf report: Bail out --mem-mode if mem info is not available
perf report: Make -F more strict like -s
perf report/top TUI: Replace pr_err() with ui__error()
libtraceevent: Copy pkg-config file to output folder when using O=
libtraceevent: Fix lib installation with O=
perf kvm: Clarify the 'perf kvm' -i and -o command line options
tools arch x86: Sync asm/cpufeatures.h with the kernel sources
perf beauty: Add CLEAR_SIGHAND support for clone's flags arg
...
Linus Torvalds [Tue, 17 Dec 2019 19:00:46 +0000 (11:00 -0800)]
Merge branch 'locking-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull locking fixes from Ingo Molnar:
"Tone down mutex debugging complaints, and annotate/fix spinlock
debugging data accesses for KCSAN"
* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
Revert "locking/mutex: Complain upon mutex API misuse in IRQ contexts"
locking/spinlock/debug: Fix various data races
Linus Torvalds [Tue, 17 Dec 2019 18:39:55 +0000 (10:39 -0800)]
Merge branch 'efi-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull EFI fixes from Ingo Molnar:
"Protect presistent EFI memory reservations from kexec, fix EFIFB early
console, EFI stub graphics output fixes and other misc fixes."
* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
efi: Don't attempt to map RCI2 config table if it doesn't exist
efi/earlycon: Remap entire framebuffer after page initialization
efi: Fix efi_loaded_image_t::unload type
efi/gop: Fix memory leak in __gop_query32/64()
efi/gop: Return EFI_SUCCESS if a usable GOP was found
efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs
efi/memreserve: Register reservations as 'reserved' in /proc/iomem
Ingo Molnar [Tue, 17 Dec 2019 11:28:02 +0000 (12:28 +0100)]
Merge tag 'perf-urgent-for-mingo-5.5-
20191216' of git://git./linux/kernel/git/acme/linux into perf/urgent
Pull perf/urgent fixes:
perf top:
Arnaldo Carvalho de Melo:
- Do not bail out when perf_env__read_cpuid() returns ENOSYS, which
has been reported happening on aarch64.
perf metricgroup:
Kajol Jain:
- Fix printing event names of metric group with multiple events
vendor events:
x86:
Ravi Bangoria:
- Fix Kernel_Utilization metric.
s390:
Ed Maste:
- Fix counter long description for DTLB1_GPAGE_WRITES and L1D_RO_EXCL_WRITES.
perf header:
Michael Petlan:
- Fix false warning when there are no duplicate cache entries
libtraceevent:
Sudip Mukherjee:
- Allow custom libdir path
API headers:
Arnaldo Carvalho de Melo:
- Sync linux/kvm.h with the kernel sources.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Linus Torvalds [Tue, 17 Dec 2019 00:43:07 +0000 (16:43 -0800)]
Merge tag 'armsoc-fixes' of git://git./linux/kernel/git/soc/soc
Pull ARM SoC fixes from Olof Johansson:
"I didn't get a batch in this weekend, so here's what we queued up last
week and today.
- A couple of defconfigs add back debugfs -- it used to be implicitly
enabled through CONFIG_TRACING, but
0e4a459f56c32d3e ("tracing:
Remove unnecessary DEBUG_FS dependency") removed that.
- The rest are mostly minor fixlets of the usual kind; some DT
tweaks, a headerfile refactor that needs a build fix now, etc"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (30 commits)
ARM: bcm: Add missing sentinel to bcm2711_compat[]
ARM: shmobile: defconfig: Restore debugfs support
bus: ti-sysc: Fix missing reset delay handling
ARM: imx: Fix boot crash if ocotp is not found
ARM: imx_v6_v7_defconfig: Explicitly restore CONFIG_DEBUG_FS
ARM: dts: imx6ul-evk: Fix peripheral regulator
arm64: dts: ls1028a: fix reboot node
ARM: mmp: include the correct cputype.h
ARM: dts: am437x-gp/epos-evm: fix panel compatible
arm64: dts: ls1028a: fix typo in TMU calibration data
ARM: imx: Correct ocotp id for serial number support of i.MX6ULL/ULZ SoCs
ARM: dts: bcm283x: Fix critical trip point
ARM: omap2plus_defconfig: Add back DEBUG_FS
ARM: omap2plus_defconfig: enable NET_SWITCHDEV
ARM: dts: am335x-sancloud-bbe: fix phy mode
bus: ti-sysc: Fix missing force mstandby quirk handling
reset: Do not register resource data for missing resets
reset: Fix {of,devm}_reset_control_array_get kerneldoc return types
reset: brcmstb: Remove resource checks
dt-bindings: reset: Fix brcmstb-reset example
...
Olof Johansson [Mon, 16 Dec 2019 19:33:29 +0000 (11:33 -0800)]
Merge tag 'arm-soc/for-5.5/soc-fixes' of https://github.com/Broadcom/stblinux into arm/fixes
This pull request contains Broadcom ARM-based SoCs machine fixes for
5.5-rc1, please pull the following:
- H. Nikolaus adds a missing sentinel entry to the BCM2711 machine
descriptor compatible array which would make multiplatform kernels fail
to boot
* tag 'arm-soc/for-5.5/soc-fixes' of https://github.com/Broadcom/stblinux:
ARM: bcm: Add missing sentinel to bcm2711_compat[]
Link: https://lore.kernel.org/r/20191216035701.15534-1-f.fainelli@gmail.com
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Mon, 16 Dec 2019 19:33:13 +0000 (11:33 -0800)]
Merge tag 'samsung-fixes-5.5' of https://git./linux/kernel/git/krzk/linux into arm/fixes
Samsung fixes for v5.5
1. Restore debugfs support in exynos_defconfig (as now it is not
selected as dependency of tracing). Debugfs is required by systemd
and several tests.
2. Maintainers updates.
* tag 'samsung-fixes-5.5' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux:
ARM: exynos_defconfig: Restore debugfs support
MAINTAINERS: Include Samsung SoC serial driver in Samsung SoC entry
MAINTAINERS: Update Lukasz Luba's email address
Link: https://lore.kernel.org/r/20191215121316.32091-1-krzk@kernel.org
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Mon, 16 Dec 2019 19:33:04 +0000 (11:33 -0800)]
Merge tag 'renesas-fixes-for-v5.5-tag1' of git://git./linux/kernel/git/geert/renesas-devel into arm/fixes
Renesas fixes for v5.5
- Restore debugfs support
* tag 'renesas-fixes-for-v5.5-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel:
ARM: shmobile: defconfig: Restore debugfs support
Link: https://lore.kernel.org/r/20191213213719.18122-1-geert+renesas@glider.be
Signed-off-by: Olof Johansson <olof@lixom.net>
Linus Torvalds [Mon, 16 Dec 2019 18:06:04 +0000 (10:06 -0800)]
Merge tag 'linux-kselftest-5.5-rc2' of git://git./linux/kernel/git/shuah/linux-kselftest
Pull kselftest fixes from Shuah Khan:
- ftrace and safesetid test fixes from Masami Hiramatsu
- Kunit fixes from Brendan Higgins, Iurii Zaikin, and Heidi Fahim
- Kselftest framework fixes from SeongJae Park and Michael Ellerman
* tag 'linux-kselftest-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
kselftest: Support old perl versions
kselftest/runner: Print new line in print of timeout log
selftests: Fix dangling documentation references to kselftest_module.sh
Documentation: kunit: add documentation for kunit_tool
Documentation: kunit: fix typos and gramatical errors
kunit: testing kunit: Bug fix in test_run_timeout function
fs/ext4/inode-test: Fix inode test on 32 bit platforms.
selftests: safesetid: Fix Makefile to set correct test program
selftests: safesetid: Check the return value of setuid/setgid
selftests: safesetid: Move link library to LDLIBS
selftests/ftrace: Fix multiple kprobe testcase
selftests/ftrace: Do not to use absolute debugfs path
selftests/ftrace: Fix ftrace test cases to check unsupported
selftests/ftrace: Fix to check the existence of set_ftrace_filter
Eric Auger [Tue, 26 Nov 2019 17:54:13 +0000 (18:54 +0100)]
iommu: fix KASAN use-after-free in iommu_insert_resv_region
In case the new region gets merged into another one, the nr list node is
freed. Checking its type while completing the merge algorithm leads to
a use-after-free. Use new->type instead.
Fixes:
4dbd258ff63e ("iommu: Revisit iommu_insert_resv_region() implementation")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reported-by: Qian Cai <cai@lca.pw>
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Cc: Stable <stable@vger.kernel.org> #v5.3+
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 16 Dec 2019 03:50:23 +0000 (19:50 -0800)]
Fix root mounting with no mount options
The "trivial conversion" in commit
cccaa5e33525 ("init: use do_mount()
instead of ksys_mount()") was totally broken, since it didn't handle the
case of a NULL mount data pointer. And while I had "tested" it (and
presumably Dominik had too) that bug was hidden by me having options.
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Reported-by: Ondřej Jirman <megi@xff.cz>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reported-and-tested-by: Borislav Petkov <bp@suse.de>
Tested-by: Chris Clayton <chris2553@googlemail.com>
Tested-by: Eric Biggers <ebiggers@kernel.org>
Tested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Tested-by: Guido Günther <agx@sigxcpu.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ed Maste [Thu, 12 Dec 2019 14:53:46 +0000 (14:53 +0000)]
perf vendor events s390: Remove name from L1D_RO_EXCL_WRITES description
In
7fcfa9a2d9 an unintended prefix "Counter:18 Name:" was removed from
the description for L1D_RO_EXCL_WRITES, but the extra name remained in
the description. Remove it too.
Fixes:
7fcfa9a2d9a7 ("perf list: Fix s390 counter long description for L1D_RO_EXCL_WRITES")
Signed-off-by: Ed Maste <emaste@freebsd.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Greentime Hu <green.hu@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Nick Hu <nickhu@andestech.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Cc: Vincent Chen <deanbo422@gmail.com>
Link: http://lore.kernel.org/lkml/20191212145346.5026-1-emaste@freefall.freebsd.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Ed Maste [Thu, 12 Dec 2019 14:34:46 +0000 (14:34 +0000)]
perf vendor events s390: Fix counter long description for DTLB1_GPAGE_WRITES
The cf_z13 counter DTLB1_GPAGE_WRITES included a prefix
'Counter:132\tName:'.
This is incorrect; remove the prefix as with
7fcfa9a2d9 for cf_z14.
Signed-off-by: Ed Maste <emaste@freebsd.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Greentime Hu <green.hu@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Nick Hu <nickhu@andestech.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Cc: Vincent Chen <deanbo422@gmail.com>
Link: http://lore.kernel.org/lkml/20191212143446.88582-1-emaste@freefall.freebsd.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Sudip Mukherjee [Sat, 7 Dec 2019 11:14:40 +0000 (11:14 +0000)]
libtraceevent: Allow custom libdir path
When I use prefix=/usr and try to install libtraceevent in my laptop it
tries to install in /usr/lib64. I am not having any folder as /usr/lib64
and also the debian policy doesnot allow installing in /usr/lib64. It
should be in /usr/lib/x86_64-linux-gnu/.
Quote: No package for a 64 bit architecture may install files in
/usr/lib64/ or in a subdirectory of it.
ref: https://www.debian.org/doc/debian-policy/ch-opersys.html
Make it more flexible by allowing to mention libdir_relative while
installing so that distros can mention the path according to their
policy or use the default one.
Signed-off-by: Sudipm Mukherjee <sudipm.mukherjee@gmail.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Sudipm Mukherjee <sudipm.mukherjee@gmail.com>
Cc: linux-trace-devel@vger.kernel.org
Link: http://lore.kernel.org/lkml/20191207111440.6574-1-sudipm.mukherjee@gmail.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Christophe Leroy [Thu, 12 Dec 2019 17:47:24 +0000 (17:47 +0000)]
spi: fsl: use platform_get_irq() instead of of_irq_to_resource()
Unlike irq_of_parse_and_map() which has a dummy definition on SPARC,
of_irq_to_resource() hasn't.
But as platform_get_irq() can be used instead and is generic, use it.
Reported-by: kbuild test robot <lkp@intel.com>
Suggested-by: Mark Brown <broonie@kernel.org>
Fixes:
3194d2533eff ("spi: fsl: don't map irq during probe")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Link: https://lore.kernel.org/r/091a277fd0b3356dca1e29858c1c96983fc9cb25.1576172743.git.christophe.leroy@c-s.fr
Signed-off-by: Mark Brown <broonie@kernel.org>
Michael Walle [Wed, 11 Dec 2019 19:57:30 +0000 (20:57 +0100)]
spi: nxp-fspi: Ensure width is respected in spi-mem operations
Make use of a core helper to ensure the desired width is respected
when calling spi-mem operators.
Otherwise only the SPI controller will be matched with the flash chip,
which might lead to wrong widths. Also consider the width specified by
the user in the device tree.
Fixes:
a5356aef6a90 ("spi: spi-mem: Add driver for NXP FlexSPI controller")
Signed-off-by: Michael Walle <michael@walle.cc>
Link: https://lore.kernel.org/r/20191211195730.26794-1-michael@walle.cc
Signed-off-by: Mark Brown <broonie@kernel.org>
Andreas Kemnade [Wed, 11 Dec 2019 22:16:00 +0000 (23:16 +0100)]
regulator: rn5t618: fix module aliases
platform device aliases were missing, preventing
autoloading of module.
Fixes:
811b700630ff ("regulator: rn5t618: add driver for Ricoh RN5T618 regulators")
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Link: https://lore.kernel.org/r/20191211221600.29438-1-andreas@kemnade.info
Signed-off-by: Mark Brown <broonie@kernel.org>
H. Nikolaus Schaller [Sun, 15 Dec 2019 07:49:02 +0000 (08:49 +0100)]
ARM: bcm: Add missing sentinel to bcm2711_compat[]
commit
781fa0a95424 ("ARM: bcm: Add support for BCM2711 SoC")
breaks boot of many other platforms (e.g. OMAP or i.MX6) if
CONFIG_ARCH_BCM2835 is enabled in addition to some multiplatform
config (e.g. omap2plus_defconfig). The symptom is that the OMAP
based board does not show any activity beyond "Starting Kernel ..."
even with earlycon.
Reverting the mentioned commit makes it work again.
The real fix is to add the missing NULL sentinel to the
bcm2711_compat[] variable-length array.
Fixes:
781fa0a95424 ("ARM: bcm: Add support for BCM2711 SoC")
Acked-by: Stefan Wahren <wahrenst@gmx.net>
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Linus Torvalds [Sun, 15 Dec 2019 23:16:08 +0000 (15:16 -0800)]
Linux 5.5-rc2
Linus Torvalds [Sun, 15 Dec 2019 22:58:13 +0000 (14:58 -0800)]
Merge tag 'for-linus' of git://git./linux/kernel/git/rdma/rdma
Pull rdma fixes from Doug Ledford:
"A small collection of -rc fixes. Mostly. One API addition, but that's
because we wanted to use it in a fix. There's also a bug fix that is
going to render the 5.5 kernel's soft-RoCE driver incompatible with
all soft-RoCE versions prior, but it's required to actually implement
the protocol according to the RoCE spec and required in order for the
soft-RoCE driver to be able to successfully work with actual RoCE
hardware.
Summary:
- Update Steve Wise info
- Fix for soft-RoCE crc calculations (will break back compatibility,
but only with the soft-RoCE driver, which has had this bug since it
was introduced and it is an on-the-wire bug, but will make
soft-RoCE fully compatible with real RoCE hardware)
- cma init fixup
- counters oops fix
- fix for mlx4 init/teardown sequence
- fix for mkx5 steering rules
- introduce a cleanup API, which isn't a fix, but we want to use it
in the next fix
- fix for mlx5 memory management that uses API in previous patch"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
IB/mlx5: Fix device memory flows
IB/core: Introduce rdma_user_mmap_entry_insert_range() API
IB/mlx5: Fix steering rule of drop and count
IB/mlx4: Follow mirror sequence of device add during device removal
RDMA/counter: Prevent auto-binding a QP which are not tracked with res
rxe: correctly calculate iCRC for unaligned payloads
Update mailmap info for Steve Wise
RDMA/cma: add missed unregister_pernet_subsys in init failure
Linus Torvalds [Sun, 15 Dec 2019 20:27:31 +0000 (12:27 -0800)]
Merge tag 'riscv/for-v5.5-rc2' of git://git./linux/kernel/git/riscv/linux
Pull RISC-V fixes from Paul Walmsley:
"Two minor build fixes:
- Fix builds of the ELF loader when built with 'make -j1' (nommu
only)
- Fix CONFIG_SOC_SIFIVE builds when CONFIG_TTY is disabled (found
during randconfig testing)"
* tag 'riscv/for-v5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: only select serial sifive if TTY is enabled
riscv: Fix build dependency for loader
Linus Torvalds [Sun, 15 Dec 2019 20:24:44 +0000 (12:24 -0800)]
Merge tag 'for-linus-5.5b-rc2-tag' of git://git./linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
"Two fixes: one for a resource accounting bug in some configurations
and a fix for another patch which went into rc1"
* tag 'for-linus-5.5b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen/balloon: fix ballooned page accounting without hotplug enabled
xen-blkback: prevent premature module unload
Linus Torvalds [Sun, 15 Dec 2019 19:36:12 +0000 (11:36 -0800)]
Merge branch 'remove-ksys-mount-dup' of git://git./linux/kernel/git/brodo/linux
Pull ksys_mount() and ksys_dup() removal from Dominik Brodowski:
"This small series replaces all in-kernel calls to the
userspace-focused ksys_mount() and ksys_dup() with calls to
kernel-centric functions:
For each replacement of ksys_mount() with do_mount(), one needs to
verify that the first and third parameter (char *dev_name, char *type)
are strings allocated in kernelspace and that the fifth parameter
(void *data) is either NULL or refers to a full page (only occurence
in init/do_mounts.c::do_mount_root()). The second and fourth
parameters (char *dir_name, unsigned long flags) are passed by
ksys_mount() to do_mount() unchanged, and therefore do not require
particular care.
Moreover, instead of pretending to be userspace, the opening of
/dev/console as stdin/stdout/stderr can be implemented using in-kernel
functions as well. Thereby, ksys_dup() can be removed for good"
[ This doesn't get rid of the special "kernel init runs with KERNEL_DS"
case, but it at least removes _some_ of the users of "treat kernel
pointers as user pointers for our magical init sequence".
One day we'll hopefully be rid of it all, and can initialize our
init_thread addr_limit to USER_DS. - Linus ]
* 'remove-ksys-mount-dup' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux:
fs: remove ksys_dup()
init: unify opening /dev/console as stdin/stdout/stderr
init: use do_mount() instead of ksys_mount()
initrd: use do_mount() instead of ksys_mount()
devtmpfs: use do_mount() instead of ksys_mount()
Linus Torvalds [Sun, 15 Dec 2019 00:10:22 +0000 (16:10 -0800)]
Merge tag 'Wimplicit-fallthrough-5.5-rc2' of git://git./linux/kernel/git/gustavoars/linux
Pull fall through fix from Gustavo Silva:
"Fix compile error on sh by marking expected switch fall-through"
* tag 'Wimplicit-fallthrough-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux:
sh: kgdb: Mark expected switch fall-throughs
Linus Torvalds [Sat, 14 Dec 2019 20:51:57 +0000 (12:51 -0800)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"24 fixes, all in drivers. The lion's share (16) are qla2xxx and the
rest are iscsi (3), ufs (2), smarpqi, lpfc and libsas"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (24 commits)
scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
scsi: iscsi: Fix a potential deadlock in the timeout handler
scsi: smartpqi: Update attribute name to `driver_version`
scsi: libsas: stop discovering if oob mode is disconnected
scsi: ufs: Disable autohibern8 feature in Cadence UFS
scsi: iscsi: qla4xxx: fix double free in probe
scsi: ufs: Give an unique ID to each ufs-bsg
scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB
scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI
scsi: qla2xxx: Don't defer relogin unconditonally
scsi: qla2xxx: Send Notify ACK after N2N PLOGI
scsi: qla2xxx: Configure local loop for N2N target
scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length
scsi: qla2xxx: Don't call qlt_async_event twice
scsi: qla2xxx: Allow PLOGI in target mode
scsi: qla2xxx: Change discovery state before PLOGI
scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
scsi: qla2xxx: Initialize free_work before flushing it
scsi: qla2xxx: Use explicit LOGO in target mode
scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd
...
Linus Torvalds [Sat, 14 Dec 2019 20:49:20 +0000 (12:49 -0800)]
Merge tag 'char-misc-5.5-rc2' of git://git./linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are six small fixes for some reported char/misc driver issues:
- fix build warnings with new 'awk' with the raid6 code
- four interconnect driver bugfixes
- binder fix for reported problem
All of these except the binder fix have been in linux-next with no
reported issues. The binder fix is "new" but Todd says it is good as
he has tested it :)"
* tag 'char-misc-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
binder: fix incorrect calculation for num_valid
interconnect: qcom: msm8974: Walk the list safely on node removal
interconnect: qcom: qcs404: Walk the list safely on node removal
interconnect: qcom: sdm845: Walk the list safely on node removal
interconnect: qcom: Fix Kconfig indentation
lib: raid6: fix awk build warnings
Linus Torvalds [Sat, 14 Dec 2019 20:45:36 +0000 (12:45 -0800)]
Merge tag 'driver-core-5.5-rc2' of git://git./linux/kernel/git/gregkh/driver-core
Pull driver core fixes from Greg KH:
"Here are two small driver core fixes to resolve some reported issues
The first is to handle the much-reported (by the build systems)
problem that superH does not boot anymore.
The second handles an issue in the new platform logic that a number of
people ran into with the automated tests in kbuild
Both of these have been in linux-next with no reported issues"
* tag 'driver-core-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
drivers: Fix boot problem on SuperH
of/platform: Unconditionally pause/resume sync state during kernel init
Linus Torvalds [Sat, 14 Dec 2019 20:43:57 +0000 (12:43 -0800)]
Merge tag 'staging-5.5-rc2' of git://git./linux/kernel/git/gregkh/staging
Pull staging/IIO fixes from Greg KH:
"Here are a number of small staging and IIO driver fixes for reported
issues for 5.5-rc2
Nothing major, a bunch of tiny IIO driver issues resolved, and some
staging driver fixes for things that people ran into with 5.5-rc1.
Full details are in the shortlog.
All of these have been in linux-next with no reported issues"
* tag 'staging-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (28 commits)
fbtft: Fix the initialization from property algorithm
staging: rtl8712: fix interface sanity check
staging: rtl8188eu: fix interface sanity check
staging: gigaset: add endpoint-type sanity check
staging: gigaset: fix illegal free on probe errors
staging: gigaset: fix general protection fault on probe
staging: vchiq: call unregister_chrdev_region() when driver registration fails
staging: exfat: fix multiple definition error of `rename_file'
staging/wlan-ng: add CRC32 dependency in Kconfig
staging: hp100: Fix build error without ETHERNET
staging: fbtft: Do not hardcode SPI CS polarity inversion
staging: exfat: properly support discard in clr_alloc_bitmap()
staging/octeon: Mark Ethernet driver as BROKEN
iio: adc: max9611: Fix too short conversion time delay
iio: ad7949: fix channels mixups
iio: imu: st_lsm6dsx: do not power-off accel if events are enabled
iio: imu: st_lsm6dsx: track hw FIFO buffering with fifo_mask
iio: imu: st_lsm6dsx: fix decimation factor estimation
iio: imu: inv_mpu6050: fix temperature reporting using bad unit
iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
...
Linus Torvalds [Sat, 14 Dec 2019 20:40:39 +0000 (12:40 -0800)]
Merge tag 'usb-5.5-rc2' of git://git./linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are some small USB driver fixes for reported issues for 5.5-rc2
There's the usual gadget and xhci fixes, as well as some other
problems that syzbot has been finding during it's fuzzing runs. Full
details are in the shortlog.
All of these have been in linux-next with no reported issues"
* tag 'usb-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (21 commits)
usb: dwc3: pci: add ID for the Intel Comet Lake -H variant
xhci: make sure interrupts are restored to correct state
xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour.
xhci: Increase STS_HALT timeout in xhci_suspend()
usb: xhci: only set D3hot for pci device
xhci: fix USB3 device initiated resume race with roothub autosuspend
xhci: Fix memory leak in xhci_add_in_port()
USB: Fix incorrect DMA allocations for local memory pool drivers
usb: gadget: fix wrong endpoint desc
usb: dwc3: ep0: Clear started flag on completion
usb: dwc3: gadget: Clear started flag for non-IOC
usb: dwc3: gadget: Fix logical condition
USB: atm: ueagle-atm: add missing endpoint check
USB: adutux: fix interface sanity check
USB: idmouse: fix interface sanity checks
USB: serial: io_edgeport: fix epic endpoint lookup
usb: mon: Fix a deadlock in usbmon between mmap and read
usb: common: usb-conn-gpio: Don't log an error on probe deferral
usb: core: urb: fix URB structure initialization function
usb: typec: fix use after free in typec_register_port()
...
Linus Torvalds [Sat, 14 Dec 2019 20:34:37 +0000 (12:34 -0800)]
Merge tag 's390-5.5-3' of git://git./linux/kernel/git/s390/linux
Pull s390 updates from Vasily Gorbik:
- Add support for KASAN_VMALLOC feature.
- Remove the last user of problematic diag 0x44 call.
- Adjust sampling interval and avoid sample data block overflow
condition on pressure in perf code.
- Prefer EOPNOTSUPP over ENOTSUPP and comments fixes.
* tag 's390-5.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/kasan: add KASAN_VMALLOC support
s390: remove last diag 0x44 caller
s390/uv: use EOPNOTSUPP instead of ENOTSUPP
s390/cpum_sf: Avoid SBD overflow condition in irq handler
s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
s390/test_unwind: fix spelling mistake "reqister" -> "register"
s390/spinlock: remove confusing comment in arch_spin_lock_wait
Linus Torvalds [Sat, 14 Dec 2019 20:32:28 +0000 (12:32 -0800)]
Merge branch 'linus' of git://git./linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
"Fix another build problem for Wireguard without Crypto"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: arm/curve25519 - add arch-specific key generation function
Linus Torvalds [Sat, 14 Dec 2019 19:44:14 +0000 (11:44 -0800)]
Merge tag '5.5-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull cfis fixes from Steve French:
"Three small smb3 fixes: this addresses two recent issues reported in
additional testing during rc1, a refcount underflow and a problem with
an intermittent crash in SMB2_open_init"
* tag '5.5-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
CIFS: Close cached root handle only if it has a lease
SMB3: Fix crash in SMB2_open_init due to uninitialized field in compounding path
smb3: fix refcount underflow warning on unmount when no directory leases
Linus Torvalds [Sat, 14 Dec 2019 19:13:54 +0000 (11:13 -0800)]
Merge tag 'ovl-fixes-5.5-rc2' of git://git./linux/kernel/git/mszeredi/vfs
Pull overlayfs fixes from Miklos Szeredi:
"Fix some bugs and documentation"
* tag 'ovl-fixes-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
docs: filesystems: overlayfs: Fix restview warnings
docs: filesystems: overlayfs: Rename overlayfs.txt to .rst
ovl: relax WARN_ON() on rename to self
ovl: fix corner case of non-unique st_dev;st_ino
ovl: don't use a temp buf for encoding real fh
ovl: make sure that real fid is 32bit aligned in memory
ovl: fix lookup failure on multi lower squashfs
Todd Kjos [Fri, 13 Dec 2019 20:25:31 +0000 (12:25 -0800)]
binder: fix incorrect calculation for num_valid
For BINDER_TYPE_PTR and BINDER_TYPE_FDA transactions, the
num_valid local was calculated incorrectly causing the
range check in binder_validate_ptr() to miss out-of-bounds
offsets.
Fixes:
bde4a19fc04f ("binder: use userspace pointer as base of buffer space")
Signed-off-by: Todd Kjos <tkjos@google.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191213202531.55010-1-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linus Torvalds [Fri, 13 Dec 2019 23:05:00 +0000 (15:05 -0800)]
Merge tag 'nios2-v5.5-rc2' of git://git./linux/kernel/git/lftan/nios2
Pull nios2 fix from Ley Foon Tan:
"Fix nios2 ioremap regression"
* tag 'nios2-v5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2:
nios2: Fix ioremap
Linus Torvalds [Fri, 13 Dec 2019 23:03:25 +0000 (15:03 -0800)]
Merge tag 'devicetree-fixes-for-5.5' of git://git./linux/kernel/git/robh/linux
Pull Devicetree fixes from Rob Herring:
- Fix for dependency tracking caused by unittest interaction
- Fix some schema errors in Tegra memory controller schema
- Update Maxime Ripard's email address
- Review fixes to TI cpsw-switch
- Add wakeup-source prop for STM32 rproc. Got dropped in the schema
conversion.
* tag 'devicetree-fixes-for-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
of/platform: Unconditionally pause/resume sync state during kernel init
dt-bindings: memory-controllers: tegra: Fix type references
dt-bindings: Change maintainer address
dt-bindings: net: ti: cpsw-switch: update to fix comments
dt-bindings: remoteproc: stm32: add wakeup-source property
Linus Torvalds [Fri, 13 Dec 2019 22:58:24 +0000 (14:58 -0800)]
Merge tag 'for_linus' of git://git./linux/kernel/git/mst/vhost
Pull virtio fixes from Michael Tsirkin:
"Some fixes and cleanup patches"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
virtio_balloon: divide/multiply instead of shifts
virtio_balloon: name cleanups
virtio-balloon: fix managed page counts when migrating pages between zones
Linus Torvalds [Fri, 13 Dec 2019 22:52:03 +0000 (14:52 -0800)]
Merge tag 'pci-v5.5-fixes-1' of git://git./linux/kernel/git/helgaas/pci
Pull PCI fix from Bjorn Helgaas:
"Fix rockchip outbound ATU issue that prevented Google Kevin
Chromebooks from booting (Enric Balletbo i Serra)"
* tag 'pci-v5.5-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: rockchip: Fix IO outbound ATU register number
Linus Torvalds [Fri, 13 Dec 2019 22:45:40 +0000 (14:45 -0800)]
Merge branch 'i2c/for-next' of git://git./linux/kernel/git/wsa/linux
Pull i2c updates from Wolfram Sang:
- removal of an old API where all in-kernel users have been converted
as of this merge window.
- a kdoc fix
- a new helper that will make dependencies for the next API conversion
a tad easier
* 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: add helper to check if a client has a driver attached
i2c: fix header file kernel-doc warning
i2c: remove i2c_new_dummy() API
Linus Torvalds [Fri, 13 Dec 2019 22:43:26 +0000 (14:43 -0800)]
Merge tag 'pm-5.5-rc2' of git://git./linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These add PM QoS support to devfreq and fix a few issues in that
subsystem, fix two cpuidle issues and do one minor cleanup in there,
and address an ACPI power management problem related to devices with
special power management requirements, like fans.
Specifics:
- Add PM QoS support, based on the frequency QoS introduced during
the 5.4 cycle, to devfreq (Leonard Crestez).
- Fix some assorted devfreq issues (Leonard Crestez).
- Fix an unintentional cpuidle behavior change (introduced during the
5.4 cycle) related to the active polling time limit (Marcelo
Tosatti).
- Fix a recently introduced cpuidle helper function and do a minor
cleanup in the cpuidle core (Rafael Wysocki).
- Avoid adding devices with special power management requirements,
like fans, to the generic ACPI PM domain (Rafael Wysocki)"
* tag 'pm-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpuidle: Drop unnecessary type cast in cpuidle_poll_time()
cpuidle: Fix cpuidle_driver_state_disabled()
ACPI: PM: Avoid attaching ACPI PM domain to certain devices
cpuidle: use first valid target residency as poll time
PM / devfreq: Use PM QoS for sysfs min/max_freq
PM / devfreq: Add PM QoS support
PM / devfreq: Don't fail devfreq_dev_release if not in list
PM / devfreq: Introduce get_freq_range helper
PM / devfreq: Set scaling_max_freq to max on OPP notifier error
PM / devfreq: Fix devfreq_notifier_call returning errno
Linus Torvalds [Fri, 13 Dec 2019 22:40:38 +0000 (14:40 -0800)]
Merge tag 'sound-5.5-rc2' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A small collection of fixes.
The main changes are fixes for a couple of regressions in AMD HD-audio
and FireWire that were introduced in 5.5-rc1. The rest are small fixes
for echoaudio and FireWire, as well as a usual Dell HD-audio fixup"
* tag 'sound-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek - Line-out jack doesn't work on a Dell AIO
ALSA: hda/hdmi - Fix duplicate unref of pci_dev
ALSA: fireface: fix return value in error path of isochronous resources reservation
ALSA: oxfw: fix return value in error path of isochronous resources reservation
ALSA: firewire-motu: fix double unlocked 'motu->mutex'
ALSA: echoaudio: simplify get_audio_levels
Linus Torvalds [Fri, 13 Dec 2019 22:36:45 +0000 (14:36 -0800)]
Merge tag 'drm-fixes-2019-12-13' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Usual round of rc2 fixes.
i915 and amdgpu leading the charge, but a few others in here,
including some nouveau fixes, all seems pretty for rc2, but hey it's a
Fri 13th pull so I'm sure it'll cause untold bad fortune.
dma-buf:
- memory leak fix
- expand MAINTAINERS scope
core:
- fix mode matching for drivers not using picture_aspect_ratio
nouveau:
- panel scaling fix
- MST BPC fix
- atomic fixes
i915:
- GPU hang on idle transition
- GLK+ FBC corruption fix
- non-priv OA access on Tigerlake
- HDCP state fix
- CI found race fixes
amdgpu:
- renoir DC fixes
- GFX8 fence flush alignment with userspace
- Arcturus power profile fix
- DC aux + i2c over aux fixes
- GPUVM invalidation semaphore fixes
- gfx10 golden registers update
mgag200:
- expand startadd fix
panfrost:
- devfreq fix
- memory fixes
mcde:
- DSI pointer deref fix"
* tag 'drm-fixes-2019-12-13' of git://anongit.freedesktop.org/drm/drm: (51 commits)
drm/amdgpu: add invalidate semaphore limit for SRIOV in gmc10
drm/amdgpu: add invalidate semaphore limit for SRIOV and picasso in gmc9
drm/amdgpu: avoid using invalidate semaphore for picasso
Revert "drm/amdgpu: dont schedule jobs while in reset"
drm/amdgpu: fix license on Kconfig and Makefiles
drm/amdgpu/gfx10: update gfx golden settings for navi14
drm/amdgpu/gfx10: update gfx golden settings
drm/amdgpu/gfx10: update gfx golden settings for navi14
drm/amdgpu/gfx10: update gfx golden settings
drm/i915: Serialise with remote retirement
drm/amd/display: include linux/slab.h where needed
drm/amd/display: fix undefined struct member reference
drm/nouveau/kms/nv50-: fix panel scaling
drm/nouveau/kms/nv50-: Limit MST BPC to 8
drm/nouveau/kms/nv50-: Store the bpc we're using in nv50_head_atom
drm/nouveau/kms/nv50-: Call outp_atomic_check_view() before handling PBN
drm/nouveau: Fix drm-core using atomic code-paths on pre-nv50 hardware
drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit
drm/i915/gt: Detect if we miss WaIdleLiteRestore
drm/i915/hdcp: Nuke intel_hdcp_transcoder_config()
...
Linus Torvalds [Fri, 13 Dec 2019 22:27:19 +0000 (14:27 -0800)]
Merge tag 'for-linus-
20191212' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
- stable fix for the bi_size overflow. Not a corruption issue, but a
case wher we could merge but disallowed (Andreas)
- NVMe pull request via Keith, with various fixes.
- MD pull request from Song.
- Merge window regression fix for the rq passthrough stats (Logan)
- Remove unused blkcg_drain_queue() function (Guoqing)
* tag 'for-linus-
20191212' of git://git.kernel.dk/linux-block:
blk-cgroup: remove blkcg_drain_queue
block: fix NULL pointer dereference in account statistics with IDE
md: make sure desc_nr less than MD_SB_DISKS
md: raid1: check rdev before reference in raid1_sync_request func
raid5: need to set STRIPE_HANDLE for batch head
block: fix "check bi_size overflow before merge"
nvme/pci: Fix read queue count
nvme/pci Limit write queue sizes to possible cpus
nvme/pci: Fix write and poll queue types
nvme/pci: Remove last_cq_head
nvme: Namepace identification descriptor list is optional
nvme-fc: fix double-free scenarios on hw queues
nvme: else following return is not needed
nvme: add error message on mismatching controller ids
nvme_fc: add module to ops template to allow module references
nvmet-loop: Avoid preallocating big SGL for data
nvme-fc: Avoid preallocating big SGL for data
nvme-rdma: Avoid preallocating big SGL for data
Linus Torvalds [Fri, 13 Dec 2019 22:24:54 +0000 (14:24 -0800)]
Merge tag 'io_uring-5.5-
20191212' of git://git.kernel.dk/linux-block
Pull io_uring fixes from Jens Axboe:
- A tweak to IOSQE_IO_LINK (also marked for stable) to allow links that
don't sever if the result is < 0.
This is mostly for linked timeouts, where if we ask for a pure
timeout we always get -ETIME. This makes links useless for that case,
hence allow a case where it works.
- Five minor optimizations to fix and improve cases that regressed
since v5.4.
- An SQTHREAD locking fix.
- A sendmsg/recvmsg iov assignment fix.
- Net fix where read_iter/write_iter don't honor IOCB_NOWAIT, and
subsequently ensuring that works for io_uring.
- Fix a case where for an invalid opcode we might return -EBADF instead
of -EINVAL, if the ->fd of that sqe was set to an invalid fd value.
* tag 'io_uring-5.5-
20191212' of git://git.kernel.dk/linux-block:
io_uring: ensure we return -EINVAL on unknown opcode
io_uring: add sockets to list of files that support non-blocking issue
net: make socket read/write_iter() honor IOCB_NOWAIT
io_uring: only hash regular files for async work execution
io_uring: run next sqe inline if possible
io_uring: don't dynamically allocate poll data
io_uring: deferred send/recvmsg should assign iov
io_uring: sqthread should grab ctx->uring_lock for submissions
io-wq: briefly spin for new work after finishing work
io-wq: remove worker->wait waitqueue
io_uring: allow unbreakable links
Linus Torvalds [Fri, 13 Dec 2019 22:13:15 +0000 (14:13 -0800)]
Merge tag 'for-5.5/dm-fixes' of git://git./linux/kernel/git/device-mapper/linux-dm
Pull device mapper fixes from Mike Snitzer:
- Fix DM multipath by restoring full path selector functionality for
bio-based configurations that don't haave a SCSI device handler.
- Fix dm-btree removal to ensure non-root btree nodes have at least
(max_entries / 3) entries. This resolves userspace thin_check
utility's report of "too few entries in btree_node".
- Fix both the DM thin-provisioning and dm-clone targets to properly
flush the data device prior to metadata commit. This resolves the
potential for inconsistency across a power loss event when the data
device has a volatile writeback cache.
- Small documentation fixes to dm-clone and dm-integrity.
* tag 'for-5.5/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
docs: dm-integrity: remove reference to ARC4
dm thin: Flush data device before committing metadata
dm thin metadata: Add support for a pre-commit callback
dm clone: Flush destination device before committing metadata
dm clone metadata: Use a two phase commit
dm clone metadata: Track exact changes per transaction
dm btree: increase rebalance threshold in __rebalance2()
dm: add dm-clone to the documentation index
dm mpath: remove harmful bio-based optimization
Linus Torvalds [Fri, 13 Dec 2019 22:02:12 +0000 (14:02 -0800)]
Merge tag 'sizeof_field-v5.5-rc2' of git://git./linux/kernel/git/kees/linux
Pull FIELD_SIZEOF conversion from Kees Cook:
"A mostly mechanical treewide conversion from FIELD_SIZEOF() to
sizeof_field(). This avoids the redundancy of having 2 macros
(actually 3) doing the same thing, and consolidates on sizeof_field().
While "field" is not an accurate name, it is the common name used in
the kernel, and doesn't result in any unintended innuendo.
As there are still users of FIELD_SIZEOF() in -next, I will clean up
those during this coming development cycle and send the final old
macro removal patch at that time"
* tag 'sizeof_field-v5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
treewide: Use sizeof_field() macro
MIPS: OCTEON: Replace SIZEOF_FIELD() macro
Olof Johansson [Fri, 13 Dec 2019 20:43:33 +0000 (12:43 -0800)]
Merge tag 'omap-for-v5.5/fixes-rc1-signed' of git://git./linux/kernel/git/tmlind/linux-omap into arm/fixes
Fixes for omap variants for v5.5-rc1 cycle
This series of changes contains fixes for issues recently noticed:
- The ti-sysc interconnect target module driver needs fixes for
mstandby quirk handling and reset delay
- We need to configure am335x-sancloud-bbe to use rgmii-id mode because of
the phy changes done earlier
- NET_SWITCHDEV is no longer selected in Kconfig but a dependency and we
must enable CONFIG_NET_SWITCHDEV to have TI_CPSW_SWITCHDEV
- We are still relying on DEBUG_FS at least for PM configuration, let's
add it back
- We need to update compatible for am437x-gp/epos-evm because of the
recent changes to use generic panels
* tag 'omap-for-v5.5/fixes-rc1-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
bus: ti-sysc: Fix missing reset delay handling
ARM: dts: am437x-gp/epos-evm: fix panel compatible
ARM: omap2plus_defconfig: Add back DEBUG_FS
ARM: omap2plus_defconfig: enable NET_SWITCHDEV
ARM: dts: am335x-sancloud-bbe: fix phy mode
bus: ti-sysc: Fix missing force mstandby quirk handling
Link: https://lore.kernel.org/r/pull-1576254925-709310@atomide.com
Signed-off-by: Olof Johansson <olof@lixom.net>
Anand Jain [Thu, 5 Dec 2019 11:39:07 +0000 (19:39 +0800)]
btrfs: send: remove WARN_ON for readonly mount
We log warning if root::orphan_cleanup_state is not set to
ORPHAN_CLEANUP_DONE in btrfs_ioctl_send(). However if the filesystem is
mounted as readonly we skip the orphan item cleanup during the lookup
and root::orphan_cleanup_state remains at the init state 0 instead of
ORPHAN_CLEANUP_DONE (2). So during send in btrfs_ioctl_send() we hit the
warning as below.
WARN_ON(send_root->orphan_cleanup_state != ORPHAN_CLEANUP_DONE);
WARNING: CPU: 0 PID: 2616 at /Volumes/ws/btrfs-devel/fs/btrfs/send.c:7090 btrfs_ioctl_send+0xb2f/0x18c0 [btrfs]
::
RIP: 0010:btrfs_ioctl_send+0xb2f/0x18c0 [btrfs]
::
Call Trace:
::
_btrfs_ioctl_send+0x7b/0x110 [btrfs]
btrfs_ioctl+0x150a/0x2b00 [btrfs]
::
do_vfs_ioctl+0xa9/0x620
? __fget+0xac/0xe0
ksys_ioctl+0x60/0x90
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x49/0x130
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reproducer:
mkfs.btrfs -fq /dev/sdb
mount /dev/sdb /btrfs
btrfs subvolume create /btrfs/sv1
btrfs subvolume snapshot -r /btrfs/sv1 /btrfs/ss1
umount /btrfs
mount -o ro /dev/sdb /btrfs
btrfs send /btrfs/ss1 -f /tmp/f
The warning exists because having orphan inodes could confuse send and
cause it to fail or produce incorrect streams. The two cases that would
cause such send failures, which are already fixed are:
1) Inodes that were unlinked - these are orphanized and remain with a
link count of 0. These caused send operations to fail because it
expected to always find at least one path for an inode. However this
is no longer a problem since send is now able to deal with such
inodes since commit
46b2f4590aab ("Btrfs: fix send failure when root
has deleted files still open") and treats them as having been
completely removed (the state after an orphan cleanup is performed).
2) Inodes that were in the process of being truncated. These resulted in
send not knowing about the truncation and potentially issue write
operations full of zeroes for the range from the new file size to the
old file size. This is no longer a problem because we no longer
create orphan items for truncation since commit
f7e9e8fc792f ("Btrfs:
stop creating orphan items for truncate").
As such before these commits, the WARN_ON here provided a clue in case
something went wrong. Instead of being a warning against the
root::orphan_cleanup_state value, it could have been more accurate by
checking if there were actually any orphan items, and then issue a
warning only if any exists, but that would be more expensive to check.
Since orphanized inodes no longer cause problems for send, just remove
the warning.
Reported-by: Christoph Anton Mitterer <calestyo@scientia.net>
Link: https://lore.kernel.org/linux-btrfs/21cb5e8d059f6e1496a903fa7bfc0a297e2f5370.camel@scientia.net/
CC: stable@vger.kernel.org # 4.19+
Suggested-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Josef Bacik [Fri, 6 Dec 2019 14:37:18 +0000 (09:37 -0500)]
btrfs: do not leak reloc root if we fail to read the fs root
If we fail to read the fs root corresponding with a reloc root we'll
just break out and free the reloc roots. But we remove our current
reloc_root from this list higher up, which means we'll leak this
reloc_root. Fix this by adding ourselves back to the reloc_roots list
so we are properly cleaned up.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Josef Bacik [Fri, 6 Dec 2019 14:37:17 +0000 (09:37 -0500)]
btrfs: skip log replay on orphaned roots
My fsstress modifications coupled with generic/475 uncovered a failure
to mount and replay the log if we hit a orphaned root. We do not want
to replay the log for an orphan root, but it's completely legitimate to
have an orphaned root with a log attached. Fix this by simply skipping
replaying the log. We still need to pin it's root node so that we do
not overwrite it while replaying other logs, as we re-read the log root
at every stage of the replay.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Josef Bacik [Fri, 6 Dec 2019 16:39:00 +0000 (11:39 -0500)]
btrfs: handle ENOENT in btrfs_uuid_tree_iterate
If we get an -ENOENT back from btrfs_uuid_iter_rem when iterating the
uuid tree we'll just continue and do btrfs_next_item(). However we've
done a btrfs_release_path() at this point and no longer have a valid
path. So increment the key and go back and do a normal search.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Josef Bacik [Fri, 6 Dec 2019 14:37:15 +0000 (09:37 -0500)]
btrfs: abort transaction after failed inode updates in create_subvol
We can just abort the transaction here, and in fact do that for every
other failure in this function except these two cases.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Filipe Manana [Thu, 5 Dec 2019 16:58:41 +0000 (16:58 +0000)]
Btrfs: fix hole extent items with a zero size after range cloning
Normally when cloning a file range if we find an implicit hole at the end
of the range we assume it is because the NO_HOLES feature is enabled.
However that is not always the case. One well known case [1] is when we
have a power failure after mixing buffered and direct IO writes against
the same file.
In such cases we need to punch a hole in the destination file, and if
the NO_HOLES feature is not enabled, we need to insert explicit file
extent items to represent the hole. After commit
690a5dbfc51315
("Btrfs: fix ENOSPC errors, leading to transaction aborts, when cloning
extents"), we started to insert file extent items representing the hole
with an item size of 0, which is invalid and should be 53 bytes (the size
of a btrfs_file_extent_item structure), resulting in all sorts of
corruptions and invalid memory accesses. This is detected by the tree
checker when we attempt to write a leaf to disk.
The problem can be sporadically triggered by test case generic/561 from
fstests. That test case does not exercise power failure and creates a new
filesystem when it starts, so it does not use a filesystem created by any
previous test that tests power failure. However the test does both
buffered and direct IO writes (through fsstress) and it's precisely that
which is creating the implicit holes in files. That happens even before
the commit mentioned earlier. I need to investigate why we get those
implicit holes to check if there is a real problem or not. For now this
change fixes the regression of introducing file extent items with an item
size of 0 bytes.
Fix the issue by calling btrfs_punch_hole_range() without passing a
btrfs_clone_extent_info structure, which ensures file extent items are
inserted to represent the hole with a correct item size. We were passing
a btrfs_clone_extent_info with a value of 0 for its 'item_size' field,
which was causing the insertion of file extent items with an item size
of 0.
[1] https://www.spinics.net/lists/linux-btrfs/msg75350.html
Reported-by: David Sterba <dsterba@suse.com>
Fixes:
690a5dbfc51315 ("Btrfs: fix ENOSPC errors, leading to transaction aborts, when cloning extents")
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Filipe Manana [Fri, 6 Dec 2019 12:27:39 +0000 (12:27 +0000)]
Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues
When a tree mod log user no longer needs to use the tree it calls
btrfs_put_tree_mod_seq() to remove itself from the list of users and
delete all no longer used elements of the tree's red black tree, which
should be all elements with a sequence number less then our equals to
the caller's sequence number. However the logic is broken because it
can delete and free elements from the red black tree that have a
sequence number greater then the caller's sequence number:
1) At a point in time we have sequence numbers 1, 2, 3 and 4 in the
tree mod log;
2) The task which got assigned the sequence number 1 calls
btrfs_put_tree_mod_seq();
3) Sequence number 1 is deleted from the list of sequence numbers;
4) The current minimum sequence number is computed to be the sequence
number 2;
5) A task using sequence number 2 is at tree_mod_log_rewind() and gets
a pointer to one of its elements from the red black tree through
a call to tree_mod_log_search();
6) The task with sequence number 1 iterates the red black tree of tree
modification elements and deletes (and frees) all elements with a
sequence number less then or equals to 2 (the computed minimum sequence
number) - it ends up only leaving elements with sequence numbers of 3
and 4;
7) The task with sequence number 2 now uses the pointer to its element,
already freed by the other task, at __tree_mod_log_rewind(), resulting
in a use-after-free issue. When CONFIG_DEBUG_PAGEALLOC=y it produces
a trace like the following:
[16804.546854] general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[16804.547451] CPU: 0 PID: 28257 Comm: pool Tainted: G W 5.4.0-rc8-btrfs-next-51 #1
[16804.548059] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
[16804.548666] RIP: 0010:rb_next+0x16/0x50
(...)
[16804.550581] RSP: 0018:
ffffb948418ef9b0 EFLAGS:
00010202
[16804.551227] RAX:
6b6b6b6b6b6b6b6b RBX:
ffff90e0247f6600 RCX:
6b6b6b6b6b6b6b6b
[16804.551873] RDX:
0000000000000000 RSI:
0000000000000000 RDI:
ffff90e0247f6600
[16804.552504] RBP:
ffff90dffe0d4688 R08:
0000000000000001 R09:
0000000000000000
[16804.553136] R10:
ffff90dffa4a0040 R11:
0000000000000000 R12:
000000000000002e
[16804.553768] R13:
ffff90e0247f6600 R14:
0000000000001663 R15:
ffff90dff77862b8
[16804.554399] FS:
00007f4b197ae700(0000) GS:
ffff90e036a00000(0000) knlGS:
0000000000000000
[16804.555039] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[16804.555683] CR2:
00007f4b10022000 CR3:
00000002060e2004 CR4:
00000000003606f0
[16804.556336] DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
[16804.556968] DR3:
0000000000000000 DR6:
00000000fffe0ff0 DR7:
0000000000000400
[16804.557583] Call Trace:
[16804.558207] __tree_mod_log_rewind+0xbf/0x280 [btrfs]
[16804.558835] btrfs_search_old_slot+0x105/0xd00 [btrfs]
[16804.559468] resolve_indirect_refs+0x1eb/0xc70 [btrfs]
[16804.560087] ? free_extent_buffer.part.19+0x5a/0xc0 [btrfs]
[16804.560700] find_parent_nodes+0x388/0x1120 [btrfs]
[16804.561310] btrfs_check_shared+0x115/0x1c0 [btrfs]
[16804.561916] ? extent_fiemap+0x59d/0x6d0 [btrfs]
[16804.562518] extent_fiemap+0x59d/0x6d0 [btrfs]
[16804.563112] ? __might_fault+0x11/0x90
[16804.563706] do_vfs_ioctl+0x45a/0x700
[16804.564299] ksys_ioctl+0x70/0x80
[16804.564885] ? trace_hardirqs_off_thunk+0x1a/0x20
[16804.565461] __x64_sys_ioctl+0x16/0x20
[16804.566020] do_syscall_64+0x5c/0x250
[16804.566580] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[16804.567153] RIP: 0033:0x7f4b1ba2add7
(...)
[16804.568907] RSP: 002b:
00007f4b197adc88 EFLAGS:
00000246 ORIG_RAX:
0000000000000010
[16804.569513] RAX:
ffffffffffffffda RBX:
00007f4b100210d8 RCX:
00007f4b1ba2add7
[16804.570133] RDX:
00007f4b100210d8 RSI:
00000000c020660b RDI:
0000000000000003
[16804.570726] RBP:
000055de05a6cfe0 R08:
0000000000000000 R09:
00007f4b197add44
[16804.571314] R10:
0000000000000000 R11:
0000000000000246 R12:
00007f4b197add48
[16804.571905] R13:
00007f4b197add40 R14:
00007f4b100210d0 R15:
00007f4b197add50
(...)
[16804.575623] ---[ end trace
87317359aad4ba50 ]---
Fix this by making btrfs_put_tree_mod_seq() skip deletion of elements that
have a sequence number equals to the computed minimum sequence number, and
not just elements with a sequence number greater then that minimum.
Fixes:
bd989ba359f2ac ("Btrfs: add tree modification log functions")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Filipe Manana [Mon, 2 Dec 2019 11:01:03 +0000 (11:01 +0000)]
Btrfs: make tree checker detect checksum items with overlapping ranges
Having checksum items, either on the checksums tree or in a log tree, that
represent ranges that overlap each other is a sign of a corruption. Such
case confuses the checksum lookup code and can result in not being able to
find checksums or find stale checksums.
So add a check for such case.
This is motivated by a recent fix for a case where a log tree had checksum
items covering ranges that overlap each other due to extent cloning, and
resulted in missing checksums after replaying the log tree. It also helps
detect past issues such as stale and outdated checksums due to overlapping,
commit
27b9a8122ff71a ("Btrfs: fix csum tree corruption, duplicate and
outdated checksums").
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Filipe Manana [Thu, 5 Dec 2019 16:58:30 +0000 (16:58 +0000)]
Btrfs: fix missing data checksums after replaying a log tree
When logging a file that has shared extents (reflinked with other files or
with itself), we can end up logging multiple checksum items that cover
overlapping ranges. This confuses the search for checksums at log replay
time causing some checksums to never be added to the fs/subvolume tree.
Consider the following example of a file that shares the same extent at
offsets 0 and 256Kb:
[ bytenr
13893632, offset 64Kb, len 64Kb ]
0 64Kb
[ bytenr
13631488, offset 64Kb, len 192Kb ]
64Kb 256Kb
[ bytenr
13893632, offset 0, len 256Kb ]
256Kb 512Kb
When logging the inode, at tree-log.c:copy_items(), when processing the
file extent item at offset 0, we log a checksum item covering the range
13959168 to
14024704, which corresponds to
13893632 + 64Kb and
13893632 +
64Kb + 64Kb, respectively.
Later when processing the extent item at offset 256K, we log the checksums
for the range from
13893632 to
14155776 (which corresponds to
13893632 +
256Kb). These checksums get merged with the checksum item for the range
from
13631488 to
13893632 (
13631488 + 256Kb), logged by a previous fsync.
So after this we get the two following checksum items in the log tree:
(...)
item 6 key (EXTENT_CSUM EXTENT_CSUM
13631488) itemoff 3095 itemsize 512
range start
13631488 end
14155776 length 524288
item 7 key (EXTENT_CSUM EXTENT_CSUM
13959168) itemoff 3031 itemsize 64
range start
13959168 end
14024704 length 65536
The first one covers the range from the second one, they overlap.
So far this does not cause a problem after replaying the log, because
when replaying the file extent item for offset 256K, we copy all the
checksums for the extent
13893632 from the log tree to the fs/subvolume
tree, since searching for an checksum item for bytenr
13893632 leaves us
at the first checksum item, which covers the whole range of the extent.
However if we write 64Kb to file offset 256Kb for example, we will
not be able to find and copy the checksums for the last 128Kb of the
extent at bytenr
13893632, referenced by the file range 384Kb to 512Kb.
After writing 64Kb into file offset 256Kb we get the following extent
layout for our file:
[ bytenr
13893632, offset 64K, len 64Kb ]
0 64Kb
[ bytenr
13631488, offset 64Kb, len 192Kb ]
64Kb 256Kb
[ bytenr
14155776, offset 0, len 64Kb ]
256Kb 320Kb
[ bytenr
13893632, offset 64Kb, len 192Kb ]
320Kb 512Kb
After fsync'ing the file, if we have a power failure and then mount
the filesystem to replay the log, the following happens:
1) When replaying the file extent item for file offset 320Kb, we
lookup for the checksums for the extent range from
13959168
(
13893632 + 64Kb) to
14155776 (
13893632 + 256Kb), through a call
to btrfs_lookup_csums_range();
2) btrfs_lookup_csums_range() finds the checksum item that starts
precisely at offset
13959168 (item 7 in the log tree, shown before);
3) However that checksum item only covers 64Kb of data, and not 192Kb
of data;
4) As a result only the checksums for the first 64Kb of data referenced
by the file extent item are found and copied to the fs/subvolume tree.
The remaining 128Kb of data, file range 384Kb to 512Kb, doesn't get
the corresponding data checksums found and copied to the fs/subvolume
tree.
5) After replaying the log userspace will not be able to read the file
range from 384Kb to 512Kb, because the checksums are missing and
resulting in an -EIO error.
The following steps reproduce this scenario:
$ mkfs.btrfs -f /dev/sdc
$ mount /dev/sdc /mnt/sdc
$ xfs_io -f -c "pwrite -S 0xa3 0 256K" /mnt/sdc/foobar
$ xfs_io -c "fsync" /mnt/sdc/foobar
$ xfs_io -c "pwrite -S 0xc7 256K 256K" /mnt/sdc/foobar
$ xfs_io -c "reflink /mnt/sdc/foobar 320K 0 64K" /mnt/sdc/foobar
$ xfs_io -c "fsync" /mnt/sdc/foobar
$ xfs_io -c "pwrite -S 0xe5 256K 64K" /mnt/sdc/foobar
$ xfs_io -c "fsync" /mnt/sdc/foobar
<power failure>
$ mount /dev/sdc /mnt/sdc
$ md5sum /mnt/sdc/foobar
md5sum: /mnt/sdc/foobar: Input/output error
$ dmesg | tail
[165305.003464] BTRFS info (device sdc): no csum found for inode 257 start 401408
[165305.004014] BTRFS info (device sdc): no csum found for inode 257 start 405504
[165305.004559] BTRFS info (device sdc): no csum found for inode 257 start 409600
[165305.005101] BTRFS info (device sdc): no csum found for inode 257 start 413696
[165305.005627] BTRFS info (device sdc): no csum found for inode 257 start 417792
[165305.006134] BTRFS info (device sdc): no csum found for inode 257 start 421888
[165305.006625] BTRFS info (device sdc): no csum found for inode 257 start 425984
[165305.007278] BTRFS info (device sdc): no csum found for inode 257 start 430080
[165305.008248] BTRFS warning (device sdc): csum failed root 5 ino 257 off 393216 csum 0x1337385e expected csum 0x00000000 mirror 1
[165305.009550] BTRFS warning (device sdc): csum failed root 5 ino 257 off 393216 csum 0x1337385e expected csum 0x00000000 mirror 1
Fix this simply by deleting first any checksums, from the log tree, for the
range of the extent we are logging at copy_items(). This ensures we do not
get checksum items in the log tree that have overlapping ranges.
This is a long time issue that has been present since we have the clone
(and deduplication) ioctl, and can happen both when an extent is shared
between different files and within the same file.
A test case for fstests follows soon.
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Dan Carpenter [Tue, 3 Dec 2019 11:24:58 +0000 (14:24 +0300)]
btrfs: return error pointer from alloc_test_extent_buffer
Callers of alloc_test_extent_buffer have not correctly interpreted the
return value as error pointer, as alloc_test_extent_buffer should behave
as alloc_extent_buffer. The self-tests were unaffected but
btrfs_find_create_tree_block could call both functions and that would
cause problems up in the call chain.
Fixes:
faa2dbf004e8 ("Btrfs: add sanity tests for new qgroup accounting code")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
David Sterba [Wed, 27 Nov 2019 15:10:54 +0000 (16:10 +0100)]
btrfs: fix devs_max constraints for raid1c3 and raid1c4
The value 0 for devs_max means to spread the allocated chunks over all
available devices, eg. stripe for RAID0 or RAID5. This got mistakenly
copied to the RAID1C3/4 profiles. The intention is to have exactly 3 and
4 copies respectively.
Fixes:
47e6f7423b91 ("btrfs: add support for 3-copy replication (raid1c3)")
Fixes:
8d6fac0087e5 ("btrfs: add support for 4-copy replication (raid1c4)")
Signed-off-by: David Sterba <dsterba@suse.com>
Andreas Färber [Fri, 8 Nov 2019 21:38:52 +0000 (22:38 +0100)]
btrfs: tree-checker: Fix error format string for size_t
Argument BTRFS_FILE_EXTENT_INLINE_DATA_START is defined as offsetof(),
which returns type size_t, so we need %zu instead of %lu.
This fixes a build warning on 32-bit ARM:
../fs/btrfs/tree-checker.c: In function 'check_extent_data_item':
../fs/btrfs/tree-checker.c:230:43: warning: format '%lu' expects argument of type 'long unsigned int', but argument 5 has type 'unsigned int' [-Wformat=]
230 | "invalid item size, have %u expect [%lu, %u)",
| ~~^
| long unsigned int
| %u
Fixes:
153a6d299956 ("btrfs: tree-checker: Check item size before reading file extent type")
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Andreas Färber <afaerber@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Josef Bacik [Tue, 19 Nov 2019 18:59:20 +0000 (13:59 -0500)]
btrfs: don't double lock the subvol_sem for rename exchange
If we're rename exchanging two subvols we'll try to lock this lock
twice, which is bad. Just lock once if either of the ino's are subvols.
Fixes:
cdd1fedf8261 ("btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Josef Bacik [Tue, 19 Nov 2019 18:59:00 +0000 (13:59 -0500)]
btrfs: handle error in btrfs_cache_block_group
We have a BUG_ON(ret < 0) in find_free_extent from
btrfs_cache_block_group. If we fail to allocate our ctl we'll just
panic, which is not good. Instead just go on to another block group.
If we fail to find a block group we don't want to return ENOSPC, because
really we got a ENOMEM and that's the root of the problem. Save our
return from btrfs_cache_block_group(), and then if we still fail to make
our allocation return that ret so we get the right error back.
Tested with inject-error.py from bcc.
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Josef Bacik [Tue, 19 Nov 2019 18:59:35 +0000 (13:59 -0500)]
btrfs: do not call synchronize_srcu() in inode_tree_del
Testing with the new fsstress uncovered a pretty nasty deadlock with
lookup and snapshot deletion.
Process A
unlink
-> final iput
-> inode_tree_del
-> synchronize_srcu(subvol_srcu)
Process B
btrfs_lookup <- srcu_read_lock() acquired here
-> btrfs_iget
-> find inode that has I_FREEING set
-> __wait_on_freeing_inode()
We're holding the srcu_read_lock() while doing the iget in order to make
sure our fs root doesn't go away, and then we are waiting for the inode
to finish freeing. However because the free'ing process is doing a
synchronize_srcu() we deadlock.
Fix this by dropping the synchronize_srcu() in inode_tree_del(). We
don't need people to stop accessing the fs root at this point, we're
only adding our empty root to the dead roots list.
A larger much more invasive fix is forthcoming to address how we deal
with fs roots, but this fixes the immediate problem.
Fixes:
76dda93c6ae2 ("Btrfs: add snapshot/subvolume destroy ioctl")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Geert Uytterhoeven [Mon, 9 Dec 2019 10:13:27 +0000 (11:13 +0100)]
ARM: shmobile: defconfig: Restore debugfs support
Since commit
0e4a459f56c32d3e ("tracing: Remove unnecessary DEBUG_FS
dependency"), CONFIG_DEBUG_FS is no longer auto-enabled. This breaks
booting Debian 9, as systemd needs debugfs:
[FAILED] Failed to mount /sys/kernel/debug.
See 'systemctl status sys-kernel-debug.mount' for details.
[DEPEND] Dependency failed for Local File Systems.
...
You are in emergGive root password for maintenance
(or press Control-D to continue):
Fix this by enabling CONFIG_DEBUG_FS explicitly.
See also commit
18977008f44c66bd ("ARM: multi_v7_defconfig: Restore
debugfs support").
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Link: https://lore.kernel.org/r/20191209101327.26571-1-geert+renesas@glider.be
Filipe Manana [Thu, 5 Dec 2019 16:57:39 +0000 (16:57 +0000)]
Btrfs: fix cloning range with a hole when using the NO_HOLES feature
When using the NO_HOLES feature if we clone a range that contains a hole
and a temporary ENOSPC happens while dropping extents from the target
inode's range, we can end up failing and aborting the transaction with
-EEXIST or with a corrupt file extent item, that has a length greater
than it should and overlaps with other extents. For example when cloning
the following range from inode A to inode B:
Inode A:
extent A1 extent A2
[ ----------- ] [ hole, implicit, 4MB length ] [ ------------- ]
0 1MB 5MB 6MB
Range to clone: [1MB, 6MB)
Inode B:
extent B1 extent B2 extent B3 extent B4
[ ---------- ] [ --------- ] [ ---------- ] [ ---------- ]
0 1MB 1MB 2MB 2MB 5MB 5MB 6MB
Target range: [1MB, 6MB) (same as source, to make it easier to explain)
The following can happen:
1) btrfs_punch_hole_range() gets -ENOSPC from __btrfs_drop_extents();
2) At that point, 'cur_offset' is set to 1MB and __btrfs_drop_extents()
set 'drop_end' to 2MB, meaning it was able to drop only extent B2;
3) We then compute 'clone_len' as 'drop_end' - 'cur_offset' = 2MB - 1MB =
1MB;
4) We then attempt to insert a file extent item at inode B with a file
offset of 5MB, which is the value of clone_info->file_offset. This
fails with error -EEXIST because there's already an extent at that
offset (extent B4);
5) We abort the current transaction with -EEXIST and return that error
to user space as well.
Another example, for extent corruption:
Inode A:
extent A1 extent A2
[ ----------- ] [ hole, implicit, 10MB length ] [ ------------- ]
0 1MB 11MB 12MB
Inode B:
extent B1 extent B2
[ ----------- ] [ --------- ] [ ----------------------------- ]
0 1MB 1MB 5MB 5MB 12MB
Target range: [1MB, 12MB) (same as source, to make it easier to explain)
1) btrfs_punch_hole_range() gets -ENOSPC from __btrfs_drop_extents();
2) At that point, 'cur_offset' is set to 1MB and __btrfs_drop_extents()
set 'drop_end' to 5MB, meaning it was able to drop only extent B2;
3) We then compute 'clone_len' as 'drop_end' - 'cur_offset' = 5MB - 1MB =
4MB;
4) We then insert a file extent item at inode B with a file offset of 11MB
which is the value of clone_info->file_offset, and a length of 4MB (the
value of 'clone_len'). So we get 2 extents items with ranges that
overlap and an extent length of 4MB, larger then the extent A2 from
inode A (1MB length);
5) After that we end the transaction, balance the btree dirty pages and
then start another or join the previous transaction. It might happen
that the transaction which inserted the incorrect extent was committed
by another task so we end up with extent corruption if a power failure
happens.
So fix this by making sure we attempt to insert the extent to clone at
the destination inode only if we are past dropping the sub-range that
corresponds to a hole.
Fixes:
690a5dbfc51315 ("Btrfs: fix ENOSPC errors, leading to transaction aborts, when cloning extents")
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Nikolay Borisov [Mon, 18 Nov 2019 12:16:44 +0000 (14:16 +0200)]
btrfs: Fix error messages in qgroup_rescan_init
The branch of qgroup_rescan_init which is executed from the mount
path prints wrong errors messages. The textual print out in case
BTRFS_QGROUP_STATUS_FLAG_RESCAN/BTRFS_QGROUP_STATUS_FLAG_ON are not
set are transposed. Fix it by exchanging their place.
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Rafael J. Wysocki [Fri, 13 Dec 2019 09:29:45 +0000 (10:29 +0100)]
Merge branches 'pm-cpuidle' and 'acpi-pm'
* pm-cpuidle:
cpuidle: Drop unnecessary type cast in cpuidle_poll_time()
cpuidle: Fix cpuidle_driver_state_disabled()
cpuidle: use first valid target residency as poll time
* acpi-pm:
ACPI: PM: Avoid attaching ACPI PM domain to certain devices
Juergen Gross [Thu, 12 Dec 2019 14:17:50 +0000 (15:17 +0100)]
xen/balloon: fix ballooned page accounting without hotplug enabled
When CONFIG_XEN_BALLOON_MEMORY_HOTPLUG is not defined
reserve_additional_memory() will set balloon_stats.target_pages to a
wrong value in case there are still some ballooned pages allocated via
alloc_xenballooned_pages().
This will result in balloon_process() no longer be triggered when
ballooned pages are freed in batches.
Reported-by: Nicholas Tsirakis <niko.tsirakis@gmail.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Paul Durrant [Tue, 10 Dec 2019 14:53:05 +0000 (14:53 +0000)]
xen-blkback: prevent premature module unload
Objects allocated by xen_blkif_alloc come from the 'blkif_cache' kmem
cache. This cache is destoyed when xen-blkif is unloaded so it is
necessary to wait for the deferred free routine used for such objects to
complete. This necessity was missed in commit
14855954f636 "xen-blkback:
allow module to be cleanly unloaded". This patch fixes the problem by
taking/releasing extra module references in xen_blkif_alloc/free()
respectively.
Signed-off-by: Paul Durrant <pdurrant@amazon.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Pavel Shilovsky [Tue, 10 Dec 2019 19:44:52 +0000 (11:44 -0800)]
CIFS: Close cached root handle only if it has a lease
SMB2_tdis() checks if a root handle is valid in order to decide
whether it needs to close the handle or not. However if another
thread has reference for the handle, it may end up with putting
the reference twice. The extra reference that we want to put
during the tree disconnect is the reference that has a directory
lease. So, track the fact that we have a directory lease and
close the handle only in that case.
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Steve French [Tue, 10 Dec 2019 04:34:10 +0000 (22:34 -0600)]
SMB3: Fix crash in SMB2_open_init due to uninitialized field in compounding path
Ran into an intermittent crash in
SMB2_open_init+0x2f6/0x970
due to oparms.cifs_sb not being initialized when called from:
smb2_compound_op+0x45d/0x1690
Zero the whole oparms struct in the compounding path before setting up the
oparms so we don't risk any uninitialized fields.
Fixes:
fdef665ba44a ("smb3: fix mode passed in on create for modetosid mount option")
Signed-off-by: Steve French <stfrench@microsoft.com>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Dave Airlie [Fri, 13 Dec 2019 04:50:01 +0000 (14:50 +1000)]
Merge tag 'drm-fixes-5.5-2019-12-12' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
drm-fixes-5.5-2019-12-12:
amdgpu:
- DC fixes for renoir
- Gfx8 fence flush align with mesa
- Power profile fix for arcturus
- Freesync fix
- DC I2c over aux fix
- DC aux defer fix
- GPU reset fix
- GPUVM invalidation semaphore fixes for PCO and SR-IOV
- Golden settings updates for gfx10
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191212223211.8034-1-alexander.deucher@amd.com
Dave Airlie [Fri, 13 Dec 2019 04:44:08 +0000 (14:44 +1000)]
Merge tag 'drm-intel-fixes-2019-12-12' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
- Fix user reported issue #673: GPU hang on transition to idle
- Avoid corruption on the top of the screen on GLK+ by disabling FBC
- Fix non-privileged access to OA on Tigerlake
- Fix HDCP code not to touch global state when just computing commit
- Fix CI splat by saving irqstate around virtual_context_destroy
- Serialise context retirement possibly on another CPU
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191212100759.GA22260@jlahtine-desk.ger.corp.intel.com
Dave Airlie [Fri, 13 Dec 2019 04:32:30 +0000 (14:32 +1000)]
Merge tag 'drm-misc-next-fixes-2019-12-12' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
-mgag200: more startadd mitigation (Thomas)
-panfrost: devfreq fix + several memory fixes (Steven, Boris)
Cc: Boris Brezillon <boris.brezillon@collabora.com>
Cc: Steven Price <steven.price@arm.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Sean Paul <sean@poorly.run>
Link: https://patchwork.freedesktop.org/patch/msgid/20191212140145.GA145200@art_vandelay
Saravana Kannan [Mon, 9 Dec 2019 19:31:19 +0000 (11:31 -0800)]
of/platform: Unconditionally pause/resume sync state during kernel init
Commit
5e6669387e22 ("of/platform: Pause/resume sync state during init
and of_platform_populate()") paused/resumed sync state during init only
if Linux had parsed and populated a devicetree.
However, the check for that (of_have_populated_dt()) can change after
of_platform_default_populate_init() executes. One example of this is
when devicetree unittests are enabled. This causes an unmatched
pause/resume of sync state. To avoid this, just unconditionally
pause/resume sync state during init.
Fixes:
5e6669387e22 ("of/platform: Pause/resume sync state during init and of_platform_populate()")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Saravana Kannan <saravanak@google.com>
Reviewed-by: Frank Rowand <frowand.list@gmail.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Rob Herring [Wed, 11 Dec 2019 14:51:01 +0000 (08:51 -0600)]
dt-bindings: memory-controllers: tegra: Fix type references
Json-schema requires a $ref to be under an 'allOf' if there are
additional constraints otherwise the additional constraints are
ignored. (Note that this behavior will be changed in draft8.)
Fixes:
641262f5e1ed ("dt-bindings: memory: Add binding for NVIDIA Tegra30 External Memory Controller")
Fixes:
785685b7a106 ("dt-bindings: memory: Add binding for NVIDIA Tegra30 Memory Controller")
Fixes:
8da65c377b21 ("dt-bindings: memory: tegra30: Convert to Tegra124 YAML")
Cc: Thierry Reding <treding@nvidia.com>
Cc: Jonathan Hunter <jonathanh@nvidia.com>
Cc: linux-tegra@vger.kernel.org
Reviewed-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Maxime Ripard [Mon, 9 Dec 2019 09:32:48 +0000 (10:32 +0100)]
dt-bindings: Change maintainer address
While my email address has changed for a while, all the schemas I
contributed still have the old one unfortunately. Update it.
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Signed-off-by: Rob Herring <robh@kernel.org>
Yishai Hadas [Thu, 12 Dec 2019 10:02:37 +0000 (12:02 +0200)]
IB/mlx5: Fix device memory flows
Fix device memory flows so that only once there will be no live mmaped
VA to a given allocation the matching object will be destroyed.
This prevents a potential scenario that existing VA that was mmaped by
one process might still be used post its deallocation despite that it's
owned now by other process.
The above is achieved by integrating with IB core APIs to manage
mmap/munmap. Only once the refcount will become 0 the DM object and its
underlay area will be freed.
Fixes:
3b113a1ec3d4 ("IB/mlx5: Support device memory type attribute")
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Link: https://lore.kernel.org/r/20191212100237.330654-3-leon@kernel.org
Signed-off-by: Doug Ledford <dledford@redhat.com>
Yishai Hadas [Thu, 12 Dec 2019 10:02:36 +0000 (12:02 +0200)]
IB/core: Introduce rdma_user_mmap_entry_insert_range() API
Introduce rdma_user_mmap_entry_insert_range() API to be used once the
required key for the given entry should be in a given range.
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Link: https://lore.kernel.org/r/20191212100237.330654-2-leon@kernel.org
Signed-off-by: Doug Ledford <dledford@redhat.com>
Enric Balletbo i Serra [Wed, 11 Dec 2019 09:34:50 +0000 (10:34 +0100)]
PCI: rockchip: Fix IO outbound ATU register number
Since
62240a88004b ("PCI: rockchip: Drop storing driver private outbound
resource data), the offset calculation is wrong to access the register
number to program the IO outbound ATU.
Fix this by computing the ATU IO register number based on the number of MEM
registers, not the size of the IO region.
This causes 'synchronous external aborts' like the following:
mwifiex_pcie 0000:01:00.0: enabling device (0000 -> 0002)
mwifiex_pcie: PCI memory map Virt0:
00000000a573ad00 PCI memory map Virt2:
00000000783126c4
Internal error: synchronous external abort:
96000210 [#1] PREEMPT SMP
Modules linked in: mwifiex_pcie(+) mwifiex uvcvideo cfg80211 atmel_mxt_ts videobuf2_vmalloc ...
CPU: 2 PID: 269 Comm: systemd-udevd Not tainted 5.4.0+ #327
Hardware name: Google Kevin (DT)
pstate:
60000005 (nZCv daif -PAN -UAO)
pc : mwifiex_register_dev+0x264/0x3f8 [mwifiex_pcie]
lr : mwifiex_register_dev+0x150/0x3f8 [mwifiex_pcie]
sp :
ffff800012073860
x29:
ffff800012073860 x28:
ffff8000100a2e28
x27:
ffff8000118b6210 x26:
ffff800008f57458
x25:
ffff0000ecfda000 x24:
0000000000000001
x23:
ffff0000e9905080 x22:
ffff800008f5d000
x21:
ffff0000eecea078 x20:
ffff0000e9905080
x19:
ffff0000eecea000 x18:
0000000000000001
x17:
0000000000000000 x16:
0000000000000000
x15:
ffffffffffffffff x14:
ffff8000118998c8
x13:
ffff000000000000 x12:
0000000000000008
x11:
0101010101010101 x10:
ffff7f7fffff7fff
x9 :
0000000000000000 x8 :
ffff0000e3c24240
x7 :
0000000000000000 x6 :
ffff0000e3c24148
x5 :
ffff0000e3c24148 x4 :
ffff0000e7975ec8
x3 :
0000000000000001 x2 :
0000000000002b42
x1 :
ffff800012c00008 x0 :
ffff0000e9905080
Call trace:
mwifiex_register_dev+0x264/0x3f8 [mwifiex_pcie]
mwifiex_add_card+0x2f8/0x430 [mwifiex]
mwifiex_pcie_probe+0x98/0x148 [mwifiex_pcie]
pci_device_probe+0x110/0x1a8
...
Code:
a8c67bfd d65f03c0 f942ac01 91002021 (
b9400021)
Suggested-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Fixes:
62240a88004b ("PCI: rockchip: Drop storing driver private outbound resource data)
Link: https://lore.kernel.org/r/20191211093450.7481-1-enric.balletbo@collabora.com
Reported-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Reported-by: Vicente Bergas <vicencb@gmail.com>
Tested-by: Vicente Bergas <vicencb@gmail.com>
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Andrew Murray <andrew.murray@arm.com>
changzhu [Tue, 10 Dec 2019 14:50:16 +0000 (22:50 +0800)]
drm/amdgpu: add invalidate semaphore limit for SRIOV in gmc10
It may fail to load guest driver in round 2 when using invalidate
semaphore for SRIOV. So it needs to avoid using invalidate semaphore
for SRIOV.
Signed-off-by: changzhu <Changfeng.Zhu@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Huang Rui <ray.huang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
changzhu [Tue, 10 Dec 2019 14:00:59 +0000 (22:00 +0800)]
drm/amdgpu: add invalidate semaphore limit for SRIOV and picasso in gmc9
It may fail to load guest driver in round 2 or cause Xstart problem
when using invalidate semaphore for SRIOV or picasso. So it needs avoid
using invalidate semaphore for SRIOV and picasso.
Signed-off-by: changzhu <Changfeng.Zhu@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Huang Rui <ray.huang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Maor Gottlieb [Thu, 12 Dec 2019 09:12:14 +0000 (11:12 +0200)]
IB/mlx5: Fix steering rule of drop and count
There are two flow rule destinations: QP and packet. While users are
setting DROP packet rule, the QP should not be set as a destination.
Fixes:
3b3233fbf02e ("IB/mlx5: Add flow counters binding support")
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Reviewed-by: Raed Salem <raeds@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Link: https://lore.kernel.org/r/20191212091214.315005-4-leon@kernel.org
Signed-off-by: Doug Ledford <dledford@redhat.com>
Parav Pandit [Thu, 12 Dec 2019 09:12:13 +0000 (11:12 +0200)]
IB/mlx4: Follow mirror sequence of device add during device removal
Current code device add sequence is:
ib_register_device()
ib_mad_init()
init_sriov_init()
register_netdev_notifier()
Therefore, the remove sequence should be,
unregister_netdev_notifier()
close_sriov()
mad_cleanup()
ib_unregister_device()
However it is not above.
Hence, make do above remove sequence.
Fixes:
fa417f7b520ee ("IB/mlx4: Add support for IBoE")
Signed-off-by: Parav Pandit <parav@mellanox.com>
Reviewed-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Link: https://lore.kernel.org/r/20191212091214.315005-3-leon@kernel.org
Signed-off-by: Doug Ledford <dledford@redhat.com>
Mark Zhang [Thu, 12 Dec 2019 09:12:12 +0000 (11:12 +0200)]
RDMA/counter: Prevent auto-binding a QP which are not tracked with res
Some QPs (e.g. XRC QP) are not tracked in kernel, in this case they have
an invalid res and should not be bound to any dynamically-allocated
counter in auto mode.
This fixes below call trace:
BUG: kernel NULL pointer dereference, address:
0000000000000390
PGD
80000001a7233067 P4D
80000001a7233067 PUD
1a7215067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 2 PID: 24822 Comm: ibv_xsrq_pingpo Not tainted 5.4.0-rc5+ #21
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-2.fc27 04/01/2014
RIP: 0010:rdma_counter_bind_qp_auto+0x142/0x270 [ib_core]
Code: e1 48 85 c0 48 89 c2 0f 84 bc 00 00 00 49 8b 06 48 39 42 48 75 d6 40 3a aa 90 00 00 00 75 cd 49 8b 86 00 01 00 00 48 8b 4a 28 <8b> 80 90 03 00 00 39 81 90 03 00 00 75 b4 85 c0 74 b0 48 8b 04 24
RSP: 0018:
ffffc900003f39c0 EFLAGS:
00010246
RAX:
0000000000000000 RBX:
0000000000000001 RCX:
0000000000000000
RDX:
ffff88820020ec00 RSI:
0000000000000004 RDI:
ffffffffffffffc0
RBP:
0000000000000001 R08:
ffff888224149ff0 R09:
ffffc900003f3968
R10:
ffffffffffffffff R11:
ffff8882249c5848 R12:
ffffffffffffffff
R13:
ffff88821d5aca50 R14:
ffff8881f7690800 R15:
ffff8881ff890000
FS:
00007fe53a3e1740(0000) GS:
ffff888237b00000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000000000000390 CR3:
00000001a7292006 CR4:
00000000003606a0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000fffe0ff0 DR7:
0000000000000400
Call Trace:
_ib_modify_qp+0x3a4/0x3f0 [ib_core]
? lookup_get_idr_uobject.part.8+0x23/0x40 [ib_uverbs]
modify_qp+0x322/0x3e0 [ib_uverbs]
ib_uverbs_modify_qp+0x43/0x70 [ib_uverbs]
ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xb1/0xf0 [ib_uverbs]
ib_uverbs_run_method+0x6be/0x760 [ib_uverbs]
? uverbs_disassociate_api+0xd0/0xd0 [ib_uverbs]
ib_uverbs_cmd_verbs+0x18d/0x3a0 [ib_uverbs]
? get_acl+0x1a/0x120
? __alloc_pages_nodemask+0x15d/0x2c0
ib_uverbs_ioctl+0xa7/0x110 [ib_uverbs]
do_vfs_ioctl+0xa5/0x610
ksys_ioctl+0x60/0x90
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x48/0x110
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes:
99fa331dc862 ("RDMA/counter: Add "auto" configuration mode support")
Signed-off-by: Mark Zhang <markz@mellanox.com>
Reviewed-by: Maor Gottlieb <maorg@mellanox.com>
Reviewed-by: Ido Kalir <idok@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Link: https://lore.kernel.org/r/20191212091214.315005-2-leon@kernel.org
Signed-off-by: Doug Ledford <dledford@redhat.com>
Linus Torvalds [Thu, 12 Dec 2019 18:56:37 +0000 (10:56 -0800)]
Merge tag 'ceph-for-5.5-rc2' of git://github.com/ceph/ceph-client
Pull ceph fixes from Ilya Dryomov:
"A fix to avoid a corner case when scheduling cap reclaim in batches
from Xiubo, a patch to add some observability into cap waiters from
Jeff and a couple of cleanups"
* tag 'ceph-for-5.5-rc2' of git://github.com/ceph/ceph-client:
ceph: add more debug info when decoding mdsmap
ceph: switch to global cap helper
ceph: trigger the reclaim work once there has enough pending caps
ceph: show tasks waiting on caps in debugfs caps file
ceph: convert int fields in ceph_mount_options to unsigned int
Dominik Brodowski [Tue, 23 Oct 2018 14:24:09 +0000 (16:24 +0200)]
fs: remove ksys_dup()
ksys_dup() is used only at one place in the kernel, namely to duplicate
fd 0 of /dev/console to stdout and stderr. The same functionality can be
achieved by using functions already available within the kernel namespace.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Dominik Brodowski [Tue, 23 Oct 2018 14:00:10 +0000 (16:00 +0200)]
init: unify opening /dev/console as stdin/stdout/stderr
Merge the two instances where /dev/console is opened as
stdin/stdout/stderr.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Olof Johansson [Thu, 12 Dec 2019 17:38:22 +0000 (09:38 -0800)]
Merge tag 'imx-fixes-5.5' of git://git./linux/kernel/git/shawnguo/linux into arm/fixes
i.MX fixes for 5.5:
- Add missing jedec,spi-nor compatible for imx6ul-14x14-evk board,
so that SPI NOR device can be probed.
- Fix power button of E60K02 board by removing LDORTC2 regulator.
- A couple of fixes on serial number support of i.MX6ULL/ULZ SoCs to
remove the boot regression caused by
8267ff89b713 ("ARM: imx: Add
serial number support for i.MX6/7 SoCs").
- A couple of fixes on LS1028A SoC TMU regarding to calibration data
and reboot register configuration.
- Fix a regression seen on imx6ul-evk board by marking always-on for
the regulator that is shared by many peripherals.
- Explicitly restore CONFIG_DEBUG_FS in imx_v6_v7_defconfig.
* tag 'imx-fixes-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
ARM: imx: Fix boot crash if ocotp is not found
ARM: imx_v6_v7_defconfig: Explicitly restore CONFIG_DEBUG_FS
ARM: dts: imx6ul-evk: Fix peripheral regulator
arm64: dts: ls1028a: fix reboot node
arm64: dts: ls1028a: fix typo in TMU calibration data
ARM: imx: Correct ocotp id for serial number support of i.MX6ULL/ULZ SoCs
ARM: dts: e60k02: fix power button
ARM: dts: imx6ul: imx6ul-14x14-evk.dtsi: Fix SPI NOR probing
Link: https://lore.kernel.org/r/20191212122427.GK15858@dragon
Signed-off-by: Olof Johansson <olof@lixom.net>
Rafael J. Wysocki [Wed, 11 Dec 2019 10:30:50 +0000 (11:30 +0100)]
cpuidle: Drop unnecessary type cast in cpuidle_poll_time()
The data type of the target_residency_ns field in struct cpuidle_state
is u64, so it does not need to be cast into u64.
Get rid of the unnecessary type cast.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
projects / platform / kernel / linux-rpi.git / log