platform/kernel/linux-rpi.git
3 years agommc: sdhci-esdhc-imx: Remove non-DT stub
Fabio Estevam [Sun, 14 Mar 2021 23:08:23 +0000 (20:08 -0300)]
mmc: sdhci-esdhc-imx: Remove non-DT stub

i.MX has been converted to a devicetree only platform, so remove
the non-DT stub for sdhci_esdhc_imx_probe_dt().

Also, make the driver depend on OF now.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20210314230824.148969-1-festevam@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agomemstick: Remove useless else branch
Joey Pabalan [Sat, 13 Mar 2021 17:37:40 +0000 (12:37 -0500)]
memstick: Remove useless else branch

Remove else branch on line 334 of memstick.c, after the return of the
previous branch. Found by checkpatch.

Signed-off-by: Joey Pabalan <jpabalanb@gmail.com>
Link: https://lore.kernel.org/r/20210313173740.GA580681@joeylaptop
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: core: Fix hanging on I/O during system suspend for removable cards
Ulf Hansson [Wed, 10 Mar 2021 15:29:00 +0000 (16:29 +0100)]
mmc: core: Fix hanging on I/O during system suspend for removable cards

The mmc core uses a PM notifier to temporarily during system suspend, turn
off the card detection mechanism for removal/insertion of (e)MMC/SD/SDIO
cards. Additionally, the notifier may be used to remove an SDIO card
entirely, if a corresponding SDIO functional driver don't have the system
suspend/resume callbacks assigned. This behaviour has been around for a
very long time.

However, a recent bug report tells us there are problems with this
approach. More precisely, when receiving the PM_SUSPEND_PREPARE
notification, we may end up hanging on I/O to be completed, thus also
preventing the system from getting suspended.

In the end what happens, is that the cancel_delayed_work_sync() in
mmc_pm_notify() ends up waiting for mmc_rescan() to complete - and since
mmc_rescan() wants to claim the host, it needs to wait for the I/O to be
completed first.

Typically, this problem is triggered in Android, if there is ongoing I/O
while the user decides to suspend, resume and then suspend the system
again. This due to that after the resume, an mmc_rescan() work gets punted
to the workqueue, which job is to verify that the card remains inserted
after the system has resumed.

To fix this problem, userspace needs to become frozen to suspend the I/O,
prior to turning off the card detection mechanism. Therefore, let's drop
the PM notifiers for mmc subsystem altogether and rely on the card
detection to be turned off/on as a part of the system_freezable_wq, that we
are already using.

Moreover, to allow and SDIO card to be removed during system suspend, let's
manage this from a ->prepare() callback, assigned at the mmc_host_class
level. In this way, we can use the parent device (the mmc_host_class
device), to remove the card device that is the child, in the
device_prepare() phase.

Reported-by: Kiwoong Kim <kwmad.kim@samsung.com>
Cc: stable@vger.kernel.org # v4.5+
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20210310152900.149380-1-ulf.hansson@linaro.org
Reviewed-by: Kiwoong Kim <kwmad.kim@samsung.com>
3 years agommc: sdio: fix a typo in the comment of SDIO_SD_REV_3_00
Jisheng Zhang [Thu, 11 Mar 2021 09:41:57 +0000 (17:41 +0800)]
mmc: sdio: fix a typo in the comment of SDIO_SD_REV_3_00

I believe "Spev" is typo, should be "Spec".

Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Link: https://lore.kernel.org/r/20210311174157.561dada9@xhacker.debian
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: sdhci: Use "mmc" directly rather than "host->mmc"
Jisheng Zhang [Thu, 11 Mar 2021 09:40:46 +0000 (17:40 +0800)]
mmc: sdhci: Use "mmc" directly rather than "host->mmc"

Clean up the code to use the "mmc" directly instead of "host->mmc".
If the code sits in hot code path, this clean up also brings trvial
performance improvement. Take the sdhci_post_req() for example:

before the patch:
     ...
     8d0: a9be7bfd  stp x29, x30, [sp, #-32]!
     8d4: 910003fd  mov x29, sp
     8d8: f9000bf3  str x19, [sp, #16]
     8dc: f9400833  ldr x19, [x1, #16]
     8e0: b9404261  ldr w1, [x19, #64]
     8e4: 34000161  cbz w1, 910 <sdhci_post_req+0x50>
     8e8: f9424400  ldr x0, [x0, #1160]
     8ec: d2800004  mov x4, #0x0                    // #0
     8f0: b9401a61  ldr w1, [x19, #24]
     8f4: b9403262  ldr w2, [x19, #48]
     8f8: f9400000  ldr x0, [x0]
     8fc: f278003f  tst x1, #0x100
     900: f9401e61  ldr x1, [x19, #56]
     904: 1a9f17e3  cset w3, eq  // eq = none
     908: 11000463  add w3, w3, #0x1
     90c: 94000000  bl 0 <dma_unmap_sg_attrs>
     ...

After the patch:
     ...
     8d0: a9be7bfd  stp x29, x30, [sp, #-32]!
     8d4: 910003fd  mov x29, sp
     8d8: f9000bf3  str x19, [sp, #16]
     8dc: f9400833  ldr x19, [x1, #16]
     8e0: b9404261  ldr w1, [x19, #64]
     8e4: 34000141  cbz w1, 90c <sdhci_post_req+0x4c>
     8e8: b9401a61  ldr w1, [x19, #24]
     8ec: d2800004  mov x4, #0x0                    // #0
     8f0: b9403262  ldr w2, [x19, #48]
     8f4: f9400000  ldr x0, [x0]
     8f8: f278003f  tst x1, #0x100
     8fc: f9401e61  ldr x1, [x19, #56]
     900: 1a9f17e3  cset w3, eq  // eq = none
     904: 11000463  add w3, w3, #0x1
     908: 94000000  bl 0 <dma_unmap_sg_attrs>
     ...

We saved one ldr instruction: "ldr     x0, [x0, #1160]"

Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20210311174046.597d1951@xhacker.debian
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: sdhci-pci: Avoid comma separated statements
Jisheng Zhang [Thu, 11 Mar 2021 10:14:32 +0000 (18:14 +0800)]
mmc: sdhci-pci: Avoid comma separated statements

Use semicolons.

Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20210311181432.6385cd2b@xhacker.debian
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: via-sdmmc: remove unneeded variable 'ret'
Yang Li [Tue, 9 Mar 2021 06:47:58 +0000 (14:47 +0800)]
mmc: via-sdmmc: remove unneeded variable 'ret'

Fix the following coccicheck warning:
./drivers/mmc/host/via-sdmmc.c:1274:5-8: Unneeded variable: "ret".
Return "0" on line 1295

Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Yang Li <yang.lee@linux.alibaba.com>
Link: https://lore.kernel.org/r/1615272478-52458-1-git-send-email-yang.lee@linux.alibaba.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: dw_mmc: simplify optional reset handling
Philipp Zabel [Fri, 5 Mar 2021 09:07:24 +0000 (10:07 +0100)]
mmc: dw_mmc: simplify optional reset handling

As of commit bb475230b8e5 ("reset: make optional functions really
optional"), the reset framework API calls use NULL pointers to describe
optional, non-present reset controls.

This allows to return errors from devm_reset_control_get_optional and to
call reset_control_(de)assert unconditionally.

Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Link: https://lore.kernel.org/r/20210305090724.18832-1-p.zabel@pengutronix.de
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: sdhci-st: simplify optional reset handling
Philipp Zabel [Fri, 5 Mar 2021 09:08:27 +0000 (10:08 +0100)]
mmc: sdhci-st: simplify optional reset handling

As of commit bb475230b8e5 ("reset: make optional functions really
optional"), the reset framework API calls use NULL pointers to describe
optional, non-present reset controls.

This allows to return errors from devm_reset_control_get_optional and to
call reset_control_(de)assert unconditionally.

Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Link: https://lore.kernel.org/r/20210305090827.19124-1-p.zabel@pengutronix.de
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agomemstick: core: Assign error code of mspro_block_resume()
Jia-Ju Bai [Fri, 5 Mar 2021 02:14:45 +0000 (18:14 -0800)]
memstick: core: Assign error code of mspro_block_resume()

When mspro_block_init_card() fails, no error return code of
mspro_block_resume() is assigned/propagated. Let's fix this.

Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Link: https://lore.kernel.org/r/20210305021445.3435-1-baijiaju1990@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: core: Remove mq->use_cqe from the struct mmc_queue
Luca Porzio [Mon, 15 Feb 2021 00:32:18 +0000 (01:32 +0100)]
mmc: core: Remove mq->use_cqe from the struct mmc_queue

The host->cqe_enabled is already containing the needed information about
whether the CQE is enabled or not, hence there is no need to keep another
copy of it around.

Signed-off-by: Luca Porzio <lporzio@micron.com>
Signed-off-by: Zhan Liu <zliua@micron.com>
Link: https://lore.kernel.org/r/20210215003217.GA12240@lupo-laptop
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: block: Fix error path in mmc_blk_probe()
Ulf Hansson [Wed, 3 Mar 2021 12:20:49 +0000 (13:20 +0100)]
mmc: block: Fix error path in mmc_blk_probe()

Returning zero to indicate success, when we actually have failed to probe
is wrong. As a matter of fact, it leads to that mmc_blk_remove() gets
called at a card removal and then triggers "NULL pointer dereference"
splats. This is because mmc_blk_remove() relies on data structures and
pointers to be setup from mmc_blk_probe(), of course.

There have been no errors reported about this, which is most likely because
mmc_blk_probe() never fails like this. Nevertheless, let's fix the code by
propagating the error codes correctly and prevent us from leaking memory by
calling also destroy_workqueue() in the error path.

Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Link: https://lore.kernel.org/r/20210303122049.151986-4-ulf.hansson@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: block: Simplify logging during probe about added partitions
Ulf Hansson [Wed, 3 Mar 2021 12:20:48 +0000 (13:20 +0100)]
mmc: block: Simplify logging during probe about added partitions

To simplify the code, move the logging into the common mmc_blk_alloc_req()
and drop the rather useless information about the partition type/id.

Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Link: https://lore.kernel.org/r/20210303122049.151986-3-ulf.hansson@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: block: Drop use of unlikely() in mmc_blk_probe()
Ulf Hansson [Wed, 3 Mar 2021 12:20:47 +0000 (13:20 +0100)]
mmc: block: Drop use of unlikely() in mmc_blk_probe()

mmc_blk_probe() isn't a hotpath, which makes it's questionable to use
unlikely(). Therefore let's simply drop it.

Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Link: https://lore.kernel.org/r/20210303122049.151986-2-ulf.hansson@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: renesas_sdhi: use custom mask for TMIO_MASK_ALL
Wolfram Sang [Thu, 4 Mar 2021 09:29:03 +0000 (10:29 +0100)]
mmc: renesas_sdhi: use custom mask for TMIO_MASK_ALL

Populate the new member for custom mask values to make sure this value
is applied whenever needed. Also, rename the define holding the value
because this is not only about initialization anymore.

Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Link: https://lore.kernel.org/r/20210304092903.8534-1-wsa+renesas@sang-engineering.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: sdhci: Check for reset prior to DMA address unmap
Pradeep P V K [Wed, 3 Mar 2021 08:32:11 +0000 (14:02 +0530)]
mmc: sdhci: Check for reset prior to DMA address unmap

For data read commands, SDHC may initiate data transfers even before it
completely process the command response. In case command itself fails,
driver un-maps the memory associated with data transfer but this memory
can still be accessed by SDHC for the already initiated data transfer.
This scenario can lead to un-mapped memory access error.

To avoid this scenario, reset SDHC (when command fails) prior to
un-mapping memory. Resetting SDHC ensures that all in-flight data
transfers are either aborted or completed. So we don't run into this
scenario.

Swap the reset, un-map steps sequence in sdhci_request_done().

Suggested-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
Signed-off-by: Pradeep P V K <pragalla@codeaurora.org>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/1614760331-43499-1-git-send-email-pragalla@qti.qualcomm.com
Cc: stable@vger.kernel.org # v4.9+
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: sdhci-pci-o2micro: Add missing checks in sdhci_pci_o2_probe
Dinghao Liu [Fri, 26 Feb 2021 08:41:46 +0000 (16:41 +0800)]
mmc: sdhci-pci-o2micro: Add missing checks in sdhci_pci_o2_probe

It's odd to adopt different error handling on failure of
pci_read_config_dword(). Check the return value and terminate
execution flow on failure of all pci_read_config_dword() calls
in this function.

Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Link: https://lore.kernel.org/r/20210226084146.29095-1-dinghao.liu@zju.edu.cn
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: sdhci-pci-gli: Enable short circuit protection mechanism of GL9755
Renius Chen [Thu, 25 Feb 2021 11:13:07 +0000 (19:13 +0800)]
mmc: sdhci-pci-gli: Enable short circuit protection mechanism of GL9755

Short circuit protection mechanism of GL9755 is disabled by HW default
setting. Enable short circuit protection to prevent GL9755 from being
damaged by short circuit or over current.

Signed-off-by: Renius Chen <reniuschengl@gmail.com>
Link: https://lore.kernel.org/r/20210225111307.62975-1-reniuschengl@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: sdhci-esdhc-imx: validate pinctrl before use it
Peng Fan [Thu, 25 Feb 2021 03:10:04 +0000 (11:10 +0800)]
mmc: sdhci-esdhc-imx: validate pinctrl before use it

When imx_data->pinctrl is not a valid pointer, pinctrl_lookup_state
will trigger kernel panic.

When we boot Dual OS on Jailhouse hypervisor, we let the 1st Linux to
configure pinmux ready for the 2nd OS, so the 2nd OS not have pinctrl
settings.

Similar to this commit b62eee9f804e ("mmc: sdhci-esdhc-imx: no fail when no pinctrl available").

Reviewed-by: Bough Chen <haobo.chen@nxp.com>
Reviewed-by: Alice Guo <alice.guo@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Link: https://lore.kernel.org/r/1614222604-27066-6-git-send-email-peng.fan@oss.nxp.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agodt-bindings: mmc: fsl-imx-esdhc: add clock bindings
Peng Fan [Thu, 25 Feb 2021 03:10:03 +0000 (11:10 +0800)]
dt-bindings: mmc: fsl-imx-esdhc: add clock bindings

Add clock bindings for fsl-imx-esdhc yaml

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Link: https://lore.kernel.org/r/1614222604-27066-5-git-send-email-peng.fan@oss.nxp.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agodt-bindings: mmc: fsl-imx-esdhc: add pinctrl bindings
Peng Fan [Thu, 25 Feb 2021 03:10:00 +0000 (11:10 +0800)]
dt-bindings: mmc: fsl-imx-esdhc: add pinctrl bindings

Add pinctrl bindings for fsl-imx-esdhc yaml

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Link: https://lore.kernel.org/r/1614222604-27066-2-git-send-email-peng.fan@oss.nxp.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: tmio: support custom irq masks
Wolfram Sang [Tue, 23 Feb 2021 10:08:29 +0000 (11:08 +0100)]
mmc: tmio: support custom irq masks

SDHI Gen2+ has a different value for TMIO_MASK_ALL, so add a member to
support that. If the member is not used, the previous default value is
applied.

Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Link: https://lore.kernel.org/r/20210223100830.25125-2-wsa+renesas@sang-engineering.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: core: Set read only for SD cards with permanent write protect bit
Seunghui Lee [Mon, 22 Feb 2021 08:31:56 +0000 (17:31 +0900)]
mmc: core: Set read only for SD cards with permanent write protect bit

Some of SD cards sets permanent write protection bit in their CSD register,
due to lifespan or internal problem. To avoid unnecessary I/O write
operations, let's parse the bits in the CSD during initialization and mark
the card as read only for this case.

Signed-off-by: Seunghui Lee <sh043.lee@samsung.com>
Link: https://lore.kernel.org/r/20210222083156.19158-1-sh043.lee@samsung.com
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: uniphier-sd: Fix a resource leak in the remove function
Christophe JAILLET [Sat, 20 Feb 2021 14:29:53 +0000 (15:29 +0100)]
mmc: uniphier-sd: Fix a resource leak in the remove function

A 'tmio_mmc_host_free()' call is missing in the remove function, in order
to balance a 'tmio_mmc_host_alloc()' call in the probe.
This is done in the error handling path of the probe, but not in the remove
function.

Add the missing call.

Fixes: 3fd784f745dd ("mmc: uniphier-sd: add UniPhier SD/eMMC controller driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Link: https://lore.kernel.org/r/20210220142953.918608-1-christophe.jaillet@wanadoo.fr
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: uniphier-sd: Fix an error handling path in uniphier_sd_probe()
Christophe JAILLET [Sat, 20 Feb 2021 14:29:35 +0000 (15:29 +0100)]
mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe()

A 'uniphier_sd_clk_enable()' call should be balanced by a corresponding
'uniphier_sd_clk_disable()' call.
This is done in the remove function, but not in the error handling path of
the probe.

Add the missing call.

Fixes: 3fd784f745dd ("mmc: uniphier-sd: add UniPhier SD/eMMC controller driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Link: https://lore.kernel.org/r/20210220142935.918554-1-christophe.jaillet@wanadoo.fr
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: tmio: remove workaround for NON_REMOVABLE
Wolfram Sang [Thu, 18 Feb 2021 11:02:24 +0000 (12:02 +0100)]
mmc: tmio: remove workaround for NON_REMOVABLE

RPM handling has been improved twice since this comment, and also SCC
handling has been improved a lot. All the testing we did (Geert's and
Niklas' and Wolfram's board farms) with the workaround removed did not
lead to problems, so it is time to get rid of it to the best of our
knowledge.

Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Link: https://lore.kernel.org/r/20210218110224.6910-1-wsa+renesas@sang-engineering.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: core: Reduce code duplication to mmc_spi_send_{csd|cid}
Yue Hu [Mon, 15 Feb 2021 01:51:16 +0000 (09:51 +0800)]
mmc: core: Reduce code duplication to mmc_spi_send_{csd|cid}

mmc_spi_send_{csd|cid} have similar function body. Let's remove the
duplicated part to simplify the code, just add opcode to distinguish
them in changed mmc_spi_send_cxd().

Signed-off-by: Yue Hu <huyue2@yulong.com>
Link: https://lore.kernel.org/r/20210215015116.1355-1-zbestahu@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agommc: dw_mmc: Drop redundant call to ->card_event callback
Ulf Hansson [Wed, 3 Feb 2021 18:42:29 +0000 (19:42 +0100)]
mmc: dw_mmc: Drop redundant call to ->card_event callback

The ->card_event callback isn't being used by any of the dw_mmc variants.
It's likely a leftover from an earlier change, hence let's just drop the
redundant call to it.

Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
3 years agommc: core: Drop reference counting of the bus_ops
Ulf Hansson [Fri, 12 Feb 2021 13:16:10 +0000 (14:16 +0100)]
mmc: core: Drop reference counting of the bus_ops

When the mmc_rescan work is enabled for execution (host->rescan_disable),
it's the only instance per mmc host that is allowed to set/clear the
host->bus_ops pointer.

Besides the mmc_rescan work, there are a couple of scenarios when the
host->bus_ops pointer may be accessed. Typically, those can be described as
as below:

*)
Upper mmc driver layers (like the mmc block device driver or an SDIO
functional driver) needs to execute a host->bus_ops callback. This can be
considered as safe without having to use some special locking mechanism,
because they operate on top of the struct mmc_card. As long as there is a
card to operate upon, the mmc core guarantees that there is a host->bus_ops
assigned as well. Note that, upper layer mmc drivers are of course
responsible to clean up from themselves from their ->remove() callbacks,
otherwise things would fall apart anyways.

**)
Via the mmc host instance, we may need to force a removal of an inserted
mmc card. This happens when a mmc host driver gets unbind, for example. In
this case, we protect the host->bus_ops pointer from concurrent accesses,
by disabling the mmc_rescan work upfront (host->rescan_disable). See
mmc_stop_host() for example.

This said, it seems like the reference counting of the host->bus_ops
pointer at some point have become superfluous. As this is an old mechanism
of the mmc core, it a bit difficult to digest the history of when that
could have happened. However, let's drop the reference counting to avoid
unnecessary code-paths and lockings.

Cc: Pierre Ossman <pierre@ossman.eu>
Cc: Russell King <linux@armlinux.org.uk>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Reviewed-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20210212131610.236843-1-ulf.hansson@linaro.org
3 years agommc: core: Drop superfluous validations in mmc_hw|sw_reset()
Ulf Hansson [Fri, 12 Feb 2021 13:15:32 +0000 (14:15 +0100)]
mmc: core: Drop superfluous validations in mmc_hw|sw_reset()

The mmc_hw|sw_reset() APIs are designed to be called solely from upper
layers, which means drivers that operates on top of the struct mmc_card,
like the mmc block device driver and an SDIO functional driver.

Additionally, as long as the struct mmc_host has a valid pointer to a
struct mmc_card, the corresponding host->bus_ops pointer stays valid and
assigned.

For these reasons, let's drop the superfluous reference counting and the
redundant validations in mmc_hw|sw_reset().

Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Reviewed-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20210212131532.236775-1-ulf.hansson@linaro.org
3 years agommc: core: Do a power cycle when the CMD11 fails
DooHyun Hwang [Wed, 10 Feb 2021 04:59:36 +0000 (13:59 +0900)]
mmc: core: Do a power cycle when the CMD11 fails

A CMD11 is sent to the SD/SDIO card to start the voltage switch procedure
into 1.8V I/O. According to the SD spec a power cycle is needed of the
card, if it turns out that the CMD11 fails. Let's fix this, to allow a
retry of the initialization without the voltage switch, to succeed.

Note that, whether it makes sense to also retry with the voltage switch
after the power cycle is a bit more difficult to know. At this point, we
treat it like the CMD11 isn't supported and therefore we skip it when
retrying.

Signed-off-by: DooHyun Hwang <dh0421.hwang@samsung.com>
Link: https://lore.kernel.org/r/20210210045936.7809-1-dh0421.hwang@samsung.com
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
3 years agoLinux 5.12-rc5
Linus Torvalds [Sun, 28 Mar 2021 22:48:16 +0000 (15:48 -0700)]
Linux 5.12-rc5

3 years agoMerge tag 'perf-tools-fixes-for-v5.12-2020-03-28' of git://git.kernel.org/pub/scm...
Linus Torvalds [Sun, 28 Mar 2021 20:22:54 +0000 (13:22 -0700)]
Merge tag 'perf-tools-fixes-for-v5.12-2020-03-28' of git://git./linux/kernel/git/acme/linux

Pull perf tooling fixes from Arnaldo Carvalho de Melo:

 - Avoid write of uninitialized memory when generating PERF_RECORD_MMAP*
   records.

 - Fix 'perf top' BPF support related crash with perf_event_paranoid=3 +
   kptr_restrict.

 - Validate raw event with sysfs exported format bits.

 - Fix waipid on SIGCHLD delivery bugs in 'perf daemon'.

 - Change to use bash for daemon test on Debian, where the default is
   dash and thus fails for use of bashisms in this test.

 - Fix memory leak in vDSO found using ASAN.

 - Remove now useless (due to the fact that BPF now supports static
   vars) failing sub test "BPF relocation checker".

 - Fix auxtrace queue conflict.

 - Sync linux/kvm.h with the kernel sources.

* tag 'perf-tools-fixes-for-v5.12-2020-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
  perf test: Change to use bash for daemon test
  perf record: Fix memory leak in vDSO found using ASAN
  perf test: Remove now useless failing sub test "BPF relocation checker"
  perf daemon: Return from kill functions
  perf daemon: Force waipid for all session on SIGCHLD delivery
  perf top: Fix BPF support related crash with perf_event_paranoid=3 + kptr_restrict
  perf pmu: Validate raw event with sysfs exported format bits
  perf synthetic events: Avoid write of uninitialized memory when generating PERF_RECORD_MMAP* records
  tools headers UAPI: Sync linux/kvm.h with the kernel sources
  perf synthetic-events: Fix uninitialized 'kernel_thread' variable
  perf auxtrace: Fix auxtrace queue conflict

3 years agoMerge tag 'auxdisplay-for-linus-v5.12-rc6' of git://github.com/ojeda/linux
Linus Torvalds [Sun, 28 Mar 2021 20:20:38 +0000 (13:20 -0700)]
Merge tag 'auxdisplay-for-linus-v5.12-rc6' of git://github.com/ojeda/linux

Pull auxdisplay fix from Miguel Ojeda:
 "Remove in_interrupt() usage (Sebastian Andrzej Siewior)"

* tag 'auxdisplay-for-linus-v5.12-rc6' of git://github.com/ojeda/linux:
  auxdisplay: Remove in_interrupt() usage.

3 years agoMerge tag 'x86-urgent-2021-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sun, 28 Mar 2021 19:19:16 +0000 (12:19 -0700)]
Merge tag 'x86-urgent-2021-03-28' of git://git./linux/kernel/git/tip/tip

Pull x86 fixes from Ingo Molnar:
 "Two fixes:

   - Fix build failure on Ubuntu with new GCC packages that turn
     on -fcf-protection

   - Fix SME memory encryption PTE encoding bug - AFAICT the code
     worked on 4K page sizes (level 1) but had the wrong shift at
     higher page level orders (level 2 and higher)"

* tag 'x86-urgent-2021-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/build: Turn off -fcf-protection for realmode targets
  x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc()

3 years agoMerge tag 'locking-urgent-2021-03-28' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 28 Mar 2021 19:12:22 +0000 (12:12 -0700)]
Merge tag 'locking-urgent-2021-03-28' of git://git./linux/kernel/git/tip/tip

Pull locking fix from Ingo Molnar:
 "Fix the non-debug mutex_lock_io_nested() method to map to
  mutex_lock_io() instead of mutex_lock().

  Right now nothing uses this API explicitly, but this is an
  accident waiting to happen"

* tag 'locking-urgent-2021-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  locking/mutex: Fix non debug version of mutex_lock_io_nested()

3 years agoMerge tag '5.12-rc4-smb3' of git://git.samba.org/sfrench/cifs-2.6
Linus Torvalds [Sun, 28 Mar 2021 19:06:21 +0000 (12:06 -0700)]
Merge tag '5.12-rc4-smb3' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:
 "Five cifs/smb3 fixes, two for stable.

  Includes an important fix for encryption and an ACL fix, as well as a
  fix for possible reflink data corruption"

* tag '5.12-rc4-smb3' of git://git.samba.org/sfrench/cifs-2.6:
  smb3: fix cached file size problems in duplicate extents (reflink)
  cifs: Silently ignore unknown oplock break handle
  cifs: revalidate mapping when we open files for SMB1 POSIX
  cifs: Fix chmod with modefromsid when an older ACE already exists.
  cifs: Adjust key sizes and key generation routines for AES256 encryption

3 years agoMerge tag 'io_uring-5.12-2021-03-27' of git://git.kernel.dk/linux-block
Linus Torvalds [Sun, 28 Mar 2021 18:42:05 +0000 (11:42 -0700)]
Merge tag 'io_uring-5.12-2021-03-27' of git://git.kernel.dk/linux-block

Pull io_uring fixes from Jens Axboe:

 - Use thread info versions of flag testing, as discussed last week.

 - The series enabling PF_IO_WORKER to just take signals, instead of
   needing to special case that they do not in a bunch of places. Ends
   up being pretty trivial to do, and then we can revert all the special
   casing we're currently doing.

 - Kill dead pointer assignment

 - Fix hashed part of async work queue trace

 - Fix sign extension issue for IORING_OP_PROVIDE_BUFFERS

 - Fix a link completion ordering regression in this merge window

 - Cancellation fixes

* tag 'io_uring-5.12-2021-03-27' of git://git.kernel.dk/linux-block:
  io_uring: remove unsued assignment to pointer io
  io_uring: don't cancel extra on files match
  io_uring: don't cancel-track common timeouts
  io_uring: do post-completion chore on t-out cancel
  io_uring: fix timeout cancel return code
  Revert "signal: don't allow STOP on PF_IO_WORKER threads"
  Revert "kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing"
  Revert "kernel: treat PF_IO_WORKER like PF_KTHREAD for ptrace/signals"
  Revert "signal: don't allow sending any signals to PF_IO_WORKER threads"
  kernel: stop masking signals in create_io_thread()
  io_uring: handle signals for IO threads like a normal thread
  kernel: don't call do_exit() for PF_IO_WORKER threads
  io_uring: maintain CQE order of a failed link
  io-wq: fix race around pending work on teardown
  io_uring: do ctx sqd ejection in a clear context
  io_uring: fix provide_buffers sign extension
  io_uring: don't skip file_end_write() on reissue
  io_uring: correct io_queue_async_work() traces
  io_uring: don't use {test,clear}_tsk_thread_flag() for current

3 years agoMerge tag 'block-5.12-2021-03-27' of git://git.kernel.dk/linux-block
Linus Torvalds [Sun, 28 Mar 2021 18:37:42 +0000 (11:37 -0700)]
Merge tag 'block-5.12-2021-03-27' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:

 - Fix regression from this merge window with the xarray partition
   change, which allowed partition counts that overflow the u8 that
   holds the partition number (Ming)

 - Fix zone append warning (Johannes)

 - Segmentation count fix for multipage bvecs (David)

 - Partition scan fix (Chris)

* tag 'block-5.12-2021-03-27' of git://git.kernel.dk/linux-block:
  block: don't create too many partitions
  block: support zone append bvecs
  block: recalculate segment count for multi-segment discards correctly
  block: clear GD_NEED_PART_SCAN later in bdev_disk_changed

3 years agoMerge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Linus Torvalds [Sun, 28 Mar 2021 18:34:47 +0000 (11:34 -0700)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Seven fixes, all in drivers (qla2xxx, mkt3sas, qedi, target,
  ibmvscsi).

  The most serious are the target pscsi oom and the qla2xxx revert which
  can otherwise cause a use after free"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: target: pscsi: Clean up after failure in pscsi_map_sg()
  scsi: target: pscsi: Avoid OOM in pscsi_map_sg()
  scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
  scsi: qedi: Fix error return code of qedi_alloc_global_queues()
  scsi: Revert "qla2xxx: Make sure that aborted commands are freed"
  scsi: ibmvfc: Make ibmvfc_wait_for_ops() MQ aware
  scsi: ibmvfc: Fix potential race in ibmvfc_wait_for_ops()

3 years agoio_uring: remove unsued assignment to pointer io
Colin Ian King [Fri, 26 Mar 2021 19:52:51 +0000 (19:52 +0000)]
io_uring: remove unsued assignment to pointer io

There is an assignment to io that is never read after the assignment,
the assignment is redundant and can be removed.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoio_uring: don't cancel extra on files match
Pavel Begunkov [Thu, 25 Mar 2021 18:32:45 +0000 (18:32 +0000)]
io_uring: don't cancel extra on files match

As tasks always wait and kill their io-wq on exec/exit, files are of no
more concern to us, so we don't need to specifically cancel them by hand
in those cases. Moreover we should not, because io_match_task() looks at
req->task->files now, which is always true and so leads to extra
cancellations, that wasn't a case before per-task io-wq.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/0566c1de9b9dd417f5de345c817ca953580e0e2e.1616696997.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoio_uring: don't cancel-track common timeouts
Pavel Begunkov [Thu, 25 Mar 2021 18:32:44 +0000 (18:32 +0000)]
io_uring: don't cancel-track common timeouts

Don't account usual timeouts (i.e. not linked) as REQ_F_INFLIGHT but
keep behaviour prior to dd59a3d595cc1 ("io_uring: reliably cancel linked
timeouts").

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/104441ef5d97e3932113d44501fda0df88656b83.1616696997.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoio_uring: do post-completion chore on t-out cancel
Pavel Begunkov [Thu, 25 Mar 2021 18:32:43 +0000 (18:32 +0000)]
io_uring: do post-completion chore on t-out cancel

Don't forget about io_commit_cqring() + io_cqring_ev_posted() after
exit/exec cancelling timeouts. Both functions declared only after
io_kill_timeouts(), so to avoid tons of forward declarations move
it down.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/72ace588772c0f14834a6a4185d56c445a366fb4.1616696997.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoio_uring: fix timeout cancel return code
Pavel Begunkov [Thu, 25 Mar 2021 18:32:42 +0000 (18:32 +0000)]
io_uring: fix timeout cancel return code

When we cancel a timeout we should emit a sensible return code, like
-ECANCELED but not 0, otherwise it may trick users.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/7b0ad1065e3bd1994722702bd0ba9e7bc9b0683b.1616696997.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoRevert "signal: don't allow STOP on PF_IO_WORKER threads"
Jens Axboe [Fri, 26 Mar 2021 00:23:44 +0000 (18:23 -0600)]
Revert "signal: don't allow STOP on PF_IO_WORKER threads"

This reverts commit 4db4b1a0d1779dc159f7b87feb97030ec0b12597.

The IO threads allow and handle SIGSTOP now, so don't special case them
anymore in task_set_jobctl_pending().

Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoRevert "kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing"
Jens Axboe [Fri, 26 Mar 2021 00:22:11 +0000 (18:22 -0600)]
Revert "kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing"

This reverts commit 15b2219facadec583c24523eed40fa45865f859f.

Before IO threads accepted signals, the freezer using take signals to wake
up an IO thread would cause them to loop without any way to clear the
pending signal. That is no longer the case, so stop special casing
PF_IO_WORKER in the freezer.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoRevert "kernel: treat PF_IO_WORKER like PF_KTHREAD for ptrace/signals"
Jens Axboe [Fri, 26 Mar 2021 00:18:59 +0000 (18:18 -0600)]
Revert "kernel: treat PF_IO_WORKER like PF_KTHREAD for ptrace/signals"

This reverts commit 6fb8f43cede0e4bd3ead847de78d531424a96be9.

The IO threads do allow signals now, including SIGSTOP, and we can allow
ptrace attach. Attaching won't reveal anything interesting for the IO
threads, but it will allow eg gdb to attach to a task with io_urings
and IO threads without complaining. And once attached, it will allow
the usual introspection into regular threads.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoRevert "signal: don't allow sending any signals to PF_IO_WORKER threads"
Jens Axboe [Fri, 26 Mar 2021 00:18:15 +0000 (18:18 -0600)]
Revert "signal: don't allow sending any signals to PF_IO_WORKER threads"

This reverts commit 5be28c8f85ce99ed2d329d2ad8bdd18ea19473a5.

IO threads now take signals just fine, so there's no reason to limit them
specifically. Revert the change that prevented that from happening.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agokernel: stop masking signals in create_io_thread()
Jens Axboe [Fri, 26 Mar 2021 15:05:22 +0000 (09:05 -0600)]
kernel: stop masking signals in create_io_thread()

This is racy - move the blocking into when the task is created and
we're marking it as PF_IO_WORKER anyway. The IO threads are now
prepared to handle signals like SIGSTOP as well, so clear that from
the mask to allow proper stopping of IO threads.

Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Reported-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoio_uring: handle signals for IO threads like a normal thread
Jens Axboe [Fri, 26 Mar 2021 00:16:06 +0000 (18:16 -0600)]
io_uring: handle signals for IO threads like a normal thread

We go through various hoops to disallow signals for the IO threads, but
there's really no reason why we cannot just allow them. The IO threads
never return to userspace like a normal thread, and hence don't go through
normal signal processing. Instead, just check for a pending signal as part
of the work loop, and call get_signal() to handle it for us if anything
is pending.

With that, we can support receiving signals, including special ones like
SIGSTOP.

Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoblock: don't create too many partitions
Ming Lei [Sat, 27 Mar 2021 07:13:09 +0000 (15:13 +0800)]
block: don't create too many partitions

Commit a33df75c6328 ("block: use an xarray for disk->part_tbl") drops the
check on max supported number of partitionsr, and allows partition with
bigger partition numbers to be added. However, ->bd_partno is defined as
u8, so partition index of xarray table may not match with ->bd_partno.
Then delete_partition() may delete one unmatched partition, and caused
use-after-free.

Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Reported-by: syzbot+8fede7e30c7cee0de139@syzkaller.appspotmail.com
Fixes: a33df75c6328 ("block: use an xarray for disk->part_tbl")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agosmb3: fix cached file size problems in duplicate extents (reflink)
Steve French [Fri, 26 Mar 2021 23:41:55 +0000 (18:41 -0500)]
smb3: fix cached file size problems in duplicate extents (reflink)

There were two problems (one of which could cause data corruption)
that were noticed with duplicate extents (ie reflink)
when debugging why various xfstests were being incorrectly skipped
(e.g. generic/138, generic/140, generic/142). First, we were not
updating the file size locally in the cache when extending a
file due to reflink (it would refresh after actimeo expires)
but xfstest was checking the size immediately which was still
0 so caused the test to be skipped.  Second, we were setting
the target file size (which could shrink the file) in all cases
to the end of the reflinked range rather than only setting the
target file size when reflink would extend the file.

CC: <stable@vger.kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
3 years agocifs: Silently ignore unknown oplock break handle
Vincent Whitchurch [Fri, 19 Mar 2021 13:57:11 +0000 (14:57 +0100)]
cifs: Silently ignore unknown oplock break handle

Make SMB2 not print out an error when an oplock break is received for an
unknown handle, similar to SMB1.  The debug message which is printed for
these unknown handles may also be misleading, so fix that too.

The SMB2 lease break path is not affected by this patch.

Without this, a program which writes to a file from one thread, and
opens, reads, and writes the same file from another thread triggers the
below errors several times a minute when run against a Samba server
configured with "smb2 leases = no".

 CIFS: VFS: \\192.168.0.1 No task to wake, unknown frame received! NumMids 2
 00000000424d53fe 00000040 00000000 00000012  .SMB@...........
 0000001000000001 00000000 ffffffff ffffffff  ................
 0000002000000000 00000000 00000000 00000000  ................
 0000003000000000 00000000 00000000 00000000  ................

Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Reviewed-by: Tom Talpey <tom@talpey.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
3 years agocifs: revalidate mapping when we open files for SMB1 POSIX
Ronnie Sahlberg [Thu, 25 Mar 2021 06:26:35 +0000 (16:26 +1000)]
cifs: revalidate mapping when we open files for SMB1 POSIX

RHBZ: 1933527

Under SMB1 + POSIX, if an inode is reused on a server after we have read and
cached a part of a file, when we then open the new file with the
re-cycled inode there is a chance that we may serve the old data out of cache
to the application.
This only happens for SMB1 (deprecated) and when posix are used.
The simplest solution to avoid this race is to force a revalidate
on smb1-posix open.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
3 years agocifs: Fix chmod with modefromsid when an older ACE already exists.
Shyam Prasad N [Fri, 26 Mar 2021 10:28:16 +0000 (10:28 +0000)]
cifs: Fix chmod with modefromsid when an older ACE already exists.

My recent fixes to cifsacl to maintain inherited ACEs had
regressed modefromsid when an older ACL already exists.

Found testing xfstest 495 with modefromsid mount option

Fixes: f5065508897a ("cifs: Retain old ACEs when converting between mode bits and ACL")

Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
3 years agokernel: don't call do_exit() for PF_IO_WORKER threads
Jens Axboe [Fri, 26 Mar 2021 14:57:10 +0000 (08:57 -0600)]
kernel: don't call do_exit() for PF_IO_WORKER threads

Right now we're never calling get_signal() from PF_IO_WORKER threads, but
in preparation for doing so, don't handle a fatal signal for them. The
workers have state they need to cleanup when exiting, so just return
instead of calling do_exit() on their behalf. The threads themselves will
detect a fatal signal and do proper shutdown.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoMerge tag 'for-5.12/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Fri, 26 Mar 2021 19:21:05 +0000 (12:21 -0700)]
Merge tag 'for-5.12/dm-fixes-2' of git://git./linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - Fix DM verity target's optional argument processing.

 - Fix DM core's zoned model and zone sectors checks.

 - Fix spurious "detected capacity change" pr_info() when creating new
   DM device.

 - Fix DM ioctl out of bounds array access in handling of
   DM_LIST_DEVICES_CMD when no devices exist.

* tag 'for-5.12/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm ioctl: fix out of bounds array access when no devices
  dm: don't report "detected capacity change" on device creation
  dm table: Fix zoned model check and zone sectors check
  dm verity: fix DM_VERITY_OPTS_MAX value

3 years agodm ioctl: fix out of bounds array access when no devices
Mikulas Patocka [Fri, 26 Mar 2021 18:32:32 +0000 (14:32 -0400)]
dm ioctl: fix out of bounds array access when no devices

If there are not any dm devices, we need to zero the "dev" argument in
the first structure dm_name_list. However, this can cause out of
bounds write, because the "needed" variable is zero and len may be
less than eight.

Fix this bug by reporting DM_BUFFER_FULL_FLAG if the result buffer is
too small to hold the "nl->dev" value.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
3 years agoMerge tag 'acpi-5.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael...
Linus Torvalds [Fri, 26 Mar 2021 18:33:39 +0000 (11:33 -0700)]
Merge tag 'acpi-5.12-rc5' of git://git./linux/kernel/git/rafael/linux-pm

Pull ACPI fixes from Rafael Wysocki:
 "These fix a memory management regression in ACPICA, repair an ACPI
  blacklist entry damaged inadvertently during the 5.11 cycle and fix
  the bookkeeping of devices with the same primary device ID in the ACPI
  core.

  Specifics:

   - Make ACPICA use the same object cache consistently when allocating
     and freeing objects (Vegard Nossum)

   - Add a callback pointer removed inadvertently during the 5.11 cycle
     to the ACPI backlight blacklist entry for Sony VPCEH3U1E (Chris
     Chiu)

   - Make the ACPI device enumeration core use IDA for creating names of
     ACPI device objects with the same primary device ID to avoid using
     duplicate device object names in some cases (Andy Shevchenko)"

* tag 'acpi-5.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPICA: Always create namespace nodes using acpi_ns_create_node()
  ACPI: scan: Use unique number for instance_no
  ACPI: video: Add missing callback back for Sony VPCEH3U1E

3 years agoMerge tag 'pm-5.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Linus Torvalds [Fri, 26 Mar 2021 18:29:36 +0000 (11:29 -0700)]
Merge tag 'pm-5.12-rc5' of git://git./linux/kernel/git/rafael/linux-pm

Pull power management fixes from Rafael Wysocki:
 "These fix an issue related to device links in the runtime PM framework
  and debugfs usage in the Energy Model code.

  Specifics:

   - Modify the runtime PM device suspend to avoid suspending supplier
     devices before the consumer device's status changes to
     RPM_SUSPENDED (Rafael Wysocki)

   - Change the Energy Model code to prevent it from attempting to
     create its main debugfs directory too early (Lukasz Luba)"

* tag 'pm-5.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  PM: EM: postpone creating the debugfs dir till fs_initcall
  PM: runtime: Defer suspending suppliers

3 years agoMerge tag 'soc-fixes-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Linus Torvalds [Fri, 26 Mar 2021 18:19:38 +0000 (11:19 -0700)]
Merge tag 'soc-fixes-5.12' of git://git./linux/kernel/git/soc/soc

Pull ARM SoC fixes from Arnd Bergmann:
 "Too many fixes have accumulated in the soc tree, so this is a fairly
  large set. As usual, most of the fixes are for devicetree files, but
  there are also notable code changes for imx and omap regressions as
  well as some maintainer file updates.

  imx:
   - Fix an Ethernet issue on imx6ul-14x14-evk board that is caused by
     independent PHY reset.

   - Add missing `dma-coherent` property for LayerScape device trees to
     fix a kernel BUG report.

   - Use IRQCHIP_DECLARE for AVIC driver to fix a boot issue on i.MX25
     with fw_devlink=on.

   - Add missing I2C pinctrl entry for imx8mp-phyboard-pollux-rdk board
     to fix the broken I2C GPIO recovery support.

   - Add `fsl,use-minimum-ecc` property for imx6ull-myir-mys-6ulx-eval
     device tree to fix UBI filesystem mount failure.

  at91:
   - wrong phy address that blocks Ethernet use on boards with sama5d27
     SoM1

   - restrictive pin possibilities for sam9x60

  omap:
   - Fix ocp interconnect bus access error reporting for omap_l3_noc by
     setting IRQF_NO_THREAD

   - Fix changed mmc slot order regression by adding mmc aliases for
     am335x

   - Fix dra7 reboot regression caused by invalid pcie reset map

   - Fix smartreflex init regression caused by dropped legacy data

   - Fix ti-sysc driver warning on unbind if reset is not deasserted

   - Fix flakey reset deassert for dra7 iva

  stm32:
   - MAINTAINER file updates

  broadcom:
   - brcmstb SoC ID build fix

   - MAINTAINER file updates"

* tag 'soc-fixes-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
  MAINTAINERS: Add Alain Volmat as STM32 I2C/SMBUS maintainer
  MAINTAINERS: Remove Vincent Abriou for STM/STI DRM drivers.
  MAINTAINERS: Update some st.com email addresses to foss.st.com
  ARM: dts: imx6ull: fix ubi filesystem mount failed
  ARM: imx6ul-14x14-evk: Do not reset the Ethernet PHYs independently
  arm64: dts: imx8mp-phyboard-pollux-rdk: Add missing pinctrl entry
  arm64: dts: ls1012a: mark crypto engine dma coherent
  arm64: dts: ls1043a: mark crypto engine dma coherent
  arm64: dts: ls1046a: mark crypto engine dma coherent
  ARM: imx: avic: Convert to using IRQCHIP_DECLARE
  ARM: dts: at91: sam9x60: fix mux-mask to match product's datasheet
  ARM: dts: at91: sam9x60: fix mux-mask for PA7 so it can be set to A, B and C
  ARM: dts: at91-sama5d27_som1: fix phy address to 7
  soc: ti: omap-prm: Fix occasional abort on reset deassert for dra7 iva
  bus: ti-sysc: Fix warning on unbind if reset is not deasserted
  ARM: OMAP2+: Fix smartreflex init regression after dropping legacy data
  soc: ti: omap-prm: Fix reboot issue with invalid pcie reset map for dra7
  MAINTAINERS: rectify BROADCOM PMB (POWER MANAGEMENT BUS) DRIVER
  ARM: dts: am33xx: add aliases for mmc interfaces
  bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD

3 years agoMerge tag 'for-linus-5.12b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 26 Mar 2021 18:15:25 +0000 (11:15 -0700)]
Merge tag 'for-linus-5.12b-rc5-tag' of git://git./linux/kernel/git/xen/tip

Pull xen fixes from Juergen Gross:
 "This contains a small series with a more elegant fix of a problem
  which was originally fixed in rc2"

* tag 'for-linus-5.12b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  Revert "xen: fix p2m size in dom0 for disabled memory hotplug case"
  xen/x86: make XEN_BALLOON_MEMORY_HOTPLUG_LIMIT depend on MEMORY_HOTPLUG

3 years agoMerge tag 'drm-fixes-2021-03-26' of git://anongit.freedesktop.org/drm/drm
Linus Torvalds [Fri, 26 Mar 2021 18:05:18 +0000 (11:05 -0700)]
Merge tag 'drm-fixes-2021-03-26' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "As expected last week things were overly quiet so this week things
  seem to have caught up. It still isn't too major.

  msm and amdgpu lead the size here, the msm fixes are pretty varied
  across the driver, the amdgpu one is mostly the S0ix fixes with some
  other minor ones. Otherwise there are a few i915 fixes and one each
  for nouveau, etnaviv and rcar-du.

  msm:
   - pll fixes
   - shutdown hook fix
   - runtime resume fix
   - clear_oob fix
   - kms locking fix
   - display aux retry fix

  rcar-du:
   - warn_on in encoder init fix

  etnaviv:
   - Use FOLL_FORCE and FOLL_LONGTERM

  i915:
   - DisplayPort LTTPR fixes around link training and limiting it
     according to supported spec version.
   - Fix enabled_planes bitmask to really represent only logically
     enabled planes.
   - Fix DSS CTL registers for ICL DSI transcoders
   - Fix the GT fence revocation runtime PM logic.

  nouveau:
   - cursor size regression fix

  amdgpu:
   - S0ix fixes
   - Add PCI ID
   - Polaris PCIe DPM fix
   - Display fix for high refresh rate monitors"

* tag 'drm-fixes-2021-03-26' of git://anongit.freedesktop.org/drm/drm: (37 commits)
  drm/nouveau/kms/nve4-nv108: Limit cursors to 128x128
  drm/i915: Fix the GT fence revocation runtime PM logic
  drm/amdgpu/display: restore AUX_DPHY_TX_CONTROL for DCN2.x
  drm/amdgpu: Add additional Sienna Cichlid PCI ID
  drm/amd/pm: workaround for audio noise issue
  drm/i915/dsc: fix DSS CTL register usage for ICL DSI transcoders
  drm/i915: Fix enabled_planes bitmask
  drm/i915: Disable LTTPR support when the LTTPR rev < 1.4
  drm/i915: Disable LTTPR support when the DPCD rev < 1.4
  drm/i915/ilk-glk: Fix link training on links with LTTPRs
  drm/msm/disp/dpu1: icc path needs to be set before dpu runtime resume
  drm/amdgpu: skip kfd suspend/resume for S0ix
  drm/amdgpu: drop S0ix checks around CG/PG in suspend
  drm/amdgpu: skip CG/PG for gfx during S0ix
  drm/amdgpu: update comments about s0ix suspend/resume
  drm/amdgpu/swsmu: skip gfx cgpg on s0ix suspend
  drm/amdgpu: re-enable suspend phase 2 for S0ix
  drm/amdgpu: move s0ix check into amdgpu_device_ip_suspend_phase2 (v3)
  drm/amdgpu: clean up non-DC suspend/resume handling
  drm/amdgpu: don't evict vram on APUs for suspend to ram (v4)
  ...

3 years agoremove Dan Murphy from TI from MAINTAINERS
Pavel Machek [Fri, 26 Mar 2021 09:01:52 +0000 (10:01 +0100)]
remove Dan Murphy from TI from MAINTAINERS

Dan's address bounces, and has been bouncing for some time as he moved
to other projects.

I believe TI should be more careful with this, and should assign
alternate contacts for their drivers.

Anyway what we can do now is to remove the obsolete address.

Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agoMerge branches 'acpi-video' and 'acpi-scan'
Rafael J. Wysocki [Fri, 26 Mar 2021 15:55:56 +0000 (16:55 +0100)]
Merge branches 'acpi-video' and 'acpi-scan'

* acpi-video:
  ACPI: video: Add missing callback back for Sony VPCEH3U1E

* acpi-scan:
  ACPI: scan: Use unique number for instance_no

3 years agoMerge branch 'pm-em'
Rafael J. Wysocki [Fri, 26 Mar 2021 15:44:26 +0000 (16:44 +0100)]
Merge branch 'pm-em'

* pm-em:
  PM: EM: postpone creating the debugfs dir till fs_initcall

3 years agocifs: Adjust key sizes and key generation routines for AES256 encryption
Shyam Prasad N [Thu, 25 Mar 2021 12:34:54 +0000 (12:34 +0000)]
cifs: Adjust key sizes and key generation routines for AES256 encryption

For AES256 encryption (GCM and CCM), we need to adjust the size of a few
fields to 32 bytes instead of 16 to accommodate the larger keys.

Also, the L value supplied to the key generator needs to be changed from
to 256 when these algorithms are used.

Keeping the ioctl struct for dumping keys of the same size for now.
Will send out a different patch for that one.

Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
CC: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Steve French <stfrench@microsoft.com>
3 years agoperf test: Change to use bash for daemon test
Leo Yan [Sat, 20 Mar 2021 10:45:54 +0000 (18:45 +0800)]
perf test: Change to use bash for daemon test

When executing the daemon test on Arm64 and x86 with Debian (Buster)
distro, both skip the test case with the log:

  # ./perf test -v 76
  76: daemon operations                                               :
  --- start ---
  test child forked, pid 11687
  test daemon list
  trap: SIGINT: bad trap
  ./tests/shell/daemon.sh: 173: local: cpu-clock: bad variable name
  test child finished with -2
  ---- end ----
  daemon operations: Skip

So the error happens for the variable expansion when use local variable
in the shell script.  Since Debian Buster uses dash but not bash as
non-interactive shell, when execute the daemon testing, it hits a known
issue for dash which was reported [1].

To resolve this issue, one option is to add double quotes for all local
variables assignment, so need to change the code from:

  local line=`perf daemon --config ${config} -x: | head -2 | tail -1`

  ... to:

  local line="`perf daemon --config ${config} -x: | head -2 | tail -1`"

But the testing script has bunch of local variables, this leads to big
changes for whole script.

On the other hand, the testing script asks to use the "local" feature
which is bash-specific, so this patch explicitly uses "#!/bin/bash" to
ensure running the script with bash.

After:

  # ./perf test -v 76
  76: daemon operations                                               :
  --- start ---
  test child forked, pid 11329
  test daemon list
  test daemon reconfig
  test daemon stop
  test daemon signal
  signal 12 sent to session 'test [11596]'
  signal 12 sent to session 'test [11596]'
  test daemon ping
  test daemon lock
  test child finished with 0
  ---- end ----
  daemon operations: Ok

[1] https://bugs.launchpad.net/ubuntu/+source/dash/+bug/139097

Fixes: 2291bb915b55 ("perf tests: Add daemon 'list' command test")
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20210320104554.529213-1-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
3 years agoMerge tag 'drm-msm-fixes-2021-02-25' of https://gitlab.freedesktop.org/drm/msm into...
Dave Airlie [Fri, 26 Mar 2021 02:59:21 +0000 (12:59 +1000)]
Merge tag 'drm-msm-fixes-2021-02-25' of https://gitlab.freedesktop.org/drm/msm into drm-fixes

- pll fixes
- shutdown hook fix
- runtime resume fix
- clear_oob fix
- kms locking fix
- display aux retry fix

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Rob Clark <robdclark@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/CAF6AEGvmiMKRms_NVavD=NA_jbuexZUcqqL35ke7umqpp-TxMw@mail.gmail.com
3 years agoMerge tag 'integrity-v5.12-fix' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Thu, 25 Mar 2021 23:46:43 +0000 (16:46 -0700)]
Merge tag 'integrity-v5.12-fix' of git://git./linux/kernel/git/zohar/linux-integrity

Pull integrity fix from Mimi Zohar:
 "Just one patch to address a NULL ptr dereferencing when there is a
  mismatch between the user enabled LSMs and IMA/EVM"

* tag 'integrity-v5.12-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  integrity: double check iint_cache was initialized

3 years agoMerge tag 'for-5.12-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave...
Linus Torvalds [Thu, 25 Mar 2021 22:38:22 +0000 (15:38 -0700)]
Merge tag 'for-5.12-rc4-tag' of git://git./linux/kernel/git/kdave/linux

Pull btrfs fixes from David Sterba:
 "Fixes for issues that have some user visibility and are simple enough
  for this time of development cycle:

   - a few fixes for rescue= mount option, adding more checks for
     missing trees

   - fix sleeping in atomic context on qgroup deletion

   - fix subvolume deletion on mount

   - fix build with M= syntax

   - fix checksum mismatch error message for direct io"

* tag 'for-5.12-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: fix check_data_csum() error message for direct I/O
  btrfs: fix sleep while in non-sleep context during qgroup removal
  btrfs: fix subvolume/snapshot deletion not triggered on mount
  btrfs: fix build when using M=fs/btrfs
  btrfs: do not initialize dev replace for bad dev root
  btrfs: initialize device::fs_info always
  btrfs: do not initialize dev stats if we have no dev_root
  btrfs: zoned: remove outdated WARN_ON in direct IO

3 years agoMerge tag 'amd-drm-fixes-5.12-2021-03-24' of https://gitlab.freedesktop.org/agd5f...
Dave Airlie [Thu, 25 Mar 2021 20:28:17 +0000 (06:28 +1000)]
Merge tag 'amd-drm-fixes-5.12-2021-03-24' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes

amd-drm-fixes-5.12-2021-03-24:

amdgpu:
- S0ix fixes
- Add PCI ID
- Polaris PCIe DPM fix
- Display fix for high refresh rate monitors

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210324210630.3949-1-alexander.deucher@amd.com
3 years agoMerge branch 'linux-5.12' of git://github.com/skeggsb/linux into drm-fixes
Dave Airlie [Thu, 25 Mar 2021 20:25:08 +0000 (06:25 +1000)]
Merge branch 'linux-5.12' of git://github.com/skeggsb/linux into drm-fixes

- cursor size fix

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Ben Skeggs <skeggsb@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/CACAvsv7js90N_PYc8JncQA9Hu0yjbg+vPw109FKxJ538nZ=fag@mail.gmail.com
3 years agoMerge tag 'drm-intel-fixes-2021-03-25-1' of git://anongit.freedesktop.org/drm/drm...
Dave Airlie [Thu, 25 Mar 2021 20:21:18 +0000 (06:21 +1000)]
Merge tag 'drm-intel-fixes-2021-03-25-1' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

- DisplayPort LTTPR fixes around link training and limiting it
  according to supported spec version. (Imre)
- Fix enabled_planes bitmask to really represent only logically
  enabled planes (Ville).
- Fix DSS CTL registers for ICL DSI transcoders (Jani)
- Fix the GT fence revocation runtime PM logic. (Imre)

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/YFxYdrjqeUtSu+3p@intel.com
3 years agoMerge tag 'drm-misc-fixes-2021-03-25' of git://anongit.freedesktop.org/drm/drm-misc...
Dave Airlie [Thu, 25 Mar 2021 20:18:14 +0000 (06:18 +1000)]
Merge tag 'drm-misc-fixes-2021-03-25' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

drm-misc-fixes for v5.12:
- Use FOLL_FORCE and FOLL_LONGTERM in etnaviv

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/72d4c9ce-6709-4e0f-a715-79fdcebb48e7@linux.intel.com
3 years agoio_uring: maintain CQE order of a failed link
Pavel Begunkov [Thu, 25 Mar 2021 19:05:14 +0000 (19:05 +0000)]
io_uring: maintain CQE order of a failed link

Arguably we want CQEs of linked requests be in a strict order of
submission as it always was. Now if init of a request fails its CQE may
be posted before all prior linked requests including the head of the
link. Fix it by failing it last.

Fixes: de59bc104c24f ("io_uring: fail links more in io_submit_sqe()")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b7a96b05832e7ab23ad55f84092a2548c4a888b0.1616699075.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoMerge branch 'akpm' (patches from Andrew)
Linus Torvalds [Thu, 25 Mar 2021 18:43:43 +0000 (11:43 -0700)]
Merge branch 'akpm' (patches from Andrew)

Merge misc fixes from Andrew Morton:
 "14 patches.

  Subsystems affected by this patch series: mm (hugetlb, kasan, gup,
  selftests, z3fold, kfence, memblock, and highmem), squashfs, ia64,
  gcov, and mailmap"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  mailmap: update Andrey Konovalov's email address
  mm/highmem: fix CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP
  mm: memblock: fix section mismatch warning again
  kfence: make compatible with kmemleak
  gcov: fix clang-11+ support
  ia64: fix format strings for err_inject
  ia64: mca: allocate early mca with GFP_ATOMIC
  squashfs: fix xattr id and id lookup sanity checks
  squashfs: fix inode lookup sanity checks
  z3fold: prevent reclaim/free race for headless pages
  selftests/vm: fix out-of-tree build
  mm/mmu_notifiers: ensure range_end() is paired with range_start()
  kasan: fix per-page tags for non-page_alloc pages
  hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared mappings

3 years agoMerge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Linus Torvalds [Thu, 25 Mar 2021 18:23:35 +0000 (11:23 -0700)]
Merge tag 'for-linus' of git://git./linux/kernel/git/rdma/rdma

Pull rdma fixes from Jason Gunthorpe:
 "Not much going on, just some small bug fixes:

   - Typo causing a regression in mlx5 devx

   - Regression in the recent hns rework causing the HW to get out of
     sync

   - Long-standing cxgb4 adaptor crash when destroying cm ids"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
  RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server
  RDMA/hns: Fix bug during CMDQ initialization
  RDMA/mlx5: Fix typo in destroy_mkey inbox

3 years agoMerge tag 'mfd-fixes-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd
Linus Torvalds [Thu, 25 Mar 2021 18:11:45 +0000 (11:11 -0700)]
Merge tag 'mfd-fixes-5.12' of git://git./linux/kernel/git/lee/mfd

Pull mfs fix from Lee Jones:
 "Unconstify editable placeholder structures"

* tag 'mfd-fixes-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
  mfd: intel_quark_i2c_gpio: Revert "Constify static struct resources"

3 years agoMerge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Linus Torvalds [Thu, 25 Mar 2021 18:07:40 +0000 (11:07 -0700)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "Minor fixes all over, ranging from typos to tests to errata
  workarounds:

   - Fix possible memory hotplug failure with KASLR

   - Fix FFR value in SVE kselftest

   - Fix backtraces reported in /proc/$pid/stack

   - Disable broken CnP implementation on NVIDIA Carmel

   - Typo fixes and ACPI documentation clarification

   - Fix some W=1 warnings"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: kernel: disable CNP on Carmel
  arm64/process.c: fix Wmissing-prototypes build warnings
  kselftest/arm64: sve: Do not use non-canonical FFR register value
  arm64: mm: correct the inside linear map range during hotplug check
  arm64: kdump: update ppos when reading elfcorehdr
  arm64: cpuinfo: Fix a typo
  Documentation: arm64/acpi : clarify arm64 support of IBFT
  arm64: stacktrace: don't trace arch_stack_walk()
  arm64: csum: cast to the proper type

3 years agomailmap: update the email address for Chris Chiu
Chris Chiu [Thu, 25 Mar 2021 14:04:19 +0000 (22:04 +0800)]
mailmap: update the email address for Chris Chiu

Redirect my older email addresses in the git logs.

Signed-off-by: Chris Chiu <chris.chiu@canonical.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agomailmap: update Andrey Konovalov's email address
Andrey Konovalov [Thu, 25 Mar 2021 04:37:56 +0000 (21:37 -0700)]
mailmap: update Andrey Konovalov's email address

Use my personal email, the @google.com one will stop functioning soon.

Link: https://lkml.kernel.org/r/ead0e9c32a2f70e0bde6f63b3b9470e0ef13d2ee.1616107969.git.andreyknvl@google.com
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agomm/highmem: fix CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP
Ira Weiny [Thu, 25 Mar 2021 04:37:53 +0000 (21:37 -0700)]
mm/highmem: fix CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP

The kernel test robot found that __kmap_local_sched_out() was not
correctly skipping the guard pages when DEBUG_KMAP_LOCAL_FORCE_MAP was
set.[1] This was due to DEBUG_HIGHMEM check being used.

Change the configuration check to be correct.

[1] https://lore.kernel.org/lkml/20210304083825.GB17830@xsang-OptiPlex-9020/

Link: https://lkml.kernel.org/r/20210318230657.1497881-1-ira.weiny@intel.com
Fixes: 0e91a0c6984c ("mm/highmem: Provide CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP")
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Reported-by: kernel test robot <oliver.sang@intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Oliver Sang <oliver.sang@intel.com>
Cc: Chaitanya Kulkarni <Chaitanya.Kulkarni@wdc.com>
Cc: David Sterba <dsterba@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agomm: memblock: fix section mismatch warning again
Mike Rapoport [Thu, 25 Mar 2021 04:37:50 +0000 (21:37 -0700)]
mm: memblock: fix section mismatch warning again

Commit 34dc2efb39a2 ("memblock: fix section mismatch warning") marked
memblock_bottom_up() and memblock_set_bottom_up() as __init, but they
could be referenced from non-init functions like
memblock_find_in_range_node() on architectures that enable
CONFIG_ARCH_KEEP_MEMBLOCK.

For such builds kernel test robot reports:

   WARNING: modpost: vmlinux.o(.text+0x74fea4): Section mismatch in reference from the function memblock_find_in_range_node() to the function .init.text:memblock_bottom_up()
   The function memblock_find_in_range_node() references the function __init memblock_bottom_up().
   This is often because memblock_find_in_range_node lacks a __init  annotation or the annotation of memblock_bottom_up is wrong.

Replace __init annotations with __init_memblock annotations so that the
appropriate section will be selected depending on
CONFIG_ARCH_KEEP_MEMBLOCK.

Link: https://lore.kernel.org/lkml/202103160133.UzhgY0wt-lkp@intel.com
Link: https://lkml.kernel.org/r/20210316171347.14084-1-rppt@kernel.org
Fixes: 34dc2efb39a2 ("memblock: fix section mismatch warning")
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agokfence: make compatible with kmemleak
Marco Elver [Thu, 25 Mar 2021 04:37:47 +0000 (21:37 -0700)]
kfence: make compatible with kmemleak

Because memblock allocations are registered with kmemleak, the KFENCE
pool was seen by kmemleak as one large object.  Later allocations
through kfence_alloc() that were registered with kmemleak via
slab_post_alloc_hook() would then overlap and trigger a warning.
Therefore, once the pool is initialized, we can remove (free) it from
kmemleak again, since it should be treated as allocator-internal and be
seen as "free memory".

The second problem is that kmemleak is passed the rounded size, and not
the originally requested size, which is also the size of KFENCE objects.
To avoid kmemleak scanning past the end of an object and trigger a
KFENCE out-of-bounds error, fix the size if it is a KFENCE object.

For simplicity, to avoid a call to kfence_ksize() in
slab_post_alloc_hook() (and avoid new IS_ENABLED(CONFIG_DEBUG_KMEMLEAK)
guard), just call kfence_ksize() in mm/kmemleak.c:create_object().

Link: https://lkml.kernel.org/r/20210317084740.3099921-1-elver@google.com
Signed-off-by: Marco Elver <elver@google.com>
Reported-by: Luis Henriques <lhenriques@suse.de>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Luis Henriques <lhenriques@suse.de>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agogcov: fix clang-11+ support
Nick Desaulniers [Thu, 25 Mar 2021 04:37:44 +0000 (21:37 -0700)]
gcov: fix clang-11+ support

LLVM changed the expected function signatures for llvm_gcda_start_file()
and llvm_gcda_emit_function() in the clang-11 release.  Users of
clang-11 or newer may have noticed their kernels failing to boot due to
a panic when enabling CONFIG_GCOV_KERNEL=y +CONFIG_GCOV_PROFILE_ALL=y.
Fix up the function signatures so calling these functions doesn't panic
the kernel.

Link: https://reviews.llvm.org/rGcdd683b516d147925212724b09ec6fb792a40041
Link: https://reviews.llvm.org/rG13a633b438b6500ecad9e4f936ebadf3411d0f44
Link: https://lkml.kernel.org/r/20210312224132.3413602-2-ndesaulniers@google.com
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Reported-by: Prasad Sodagudi <psodagud@quicinc.com>
Suggested-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Fangrui Song <maskray@google.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Cc: <stable@vger.kernel.org> [5.4+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agoia64: fix format strings for err_inject
Sergei Trofimovich [Thu, 25 Mar 2021 04:37:41 +0000 (21:37 -0700)]
ia64: fix format strings for err_inject

Fix warning with %lx / u64 mismatch:

  arch/ia64/kernel/err_inject.c: In function 'show_resources':
  arch/ia64/kernel/err_inject.c:62:22: warning:
    format '%lx' expects argument of type 'long unsigned int',
    but argument 3 has type 'u64' {aka 'long long unsigned int'}
     62 |  return sprintf(buf, "%lx", name[cpu]);   \
        |                      ^~~~~~~

Link: https://lkml.kernel.org/r/20210313104312.1548232-1-slyfox@gentoo.org
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agoia64: mca: allocate early mca with GFP_ATOMIC
Sergei Trofimovich [Thu, 25 Mar 2021 04:37:38 +0000 (21:37 -0700)]
ia64: mca: allocate early mca with GFP_ATOMIC

The sleep warning happens at early boot right at secondary CPU
activation bootup:

    smp: Bringing up secondary CPUs ...
    BUG: sleeping function called from invalid context at mm/page_alloc.c:4942
    in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1
    CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.12.0-rc2-00007-g79e228d0b611-dirty #99
    ..
    Call Trace:
      show_stack+0x90/0xc0
      dump_stack+0x150/0x1c0
      ___might_sleep+0x1c0/0x2a0
      __might_sleep+0xa0/0x160
      __alloc_pages_nodemask+0x1a0/0x600
      alloc_page_interleave+0x30/0x1c0
      alloc_pages_current+0x2c0/0x340
      __get_free_pages+0x30/0xa0
      ia64_mca_cpu_init+0x2d0/0x3a0
      cpu_init+0x8b0/0x1440
      start_secondary+0x60/0x700
      start_ap+0x750/0x780
    Fixed BSP b0 value from CPU 1

As I understand interrupts are not enabled yet and system has a lot of
memory.  There is little chance to sleep and switch to GFP_ATOMIC should
be a no-op.

Link: https://lkml.kernel.org/r/20210315085045.204414-1-slyfox@gentoo.org
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agosquashfs: fix xattr id and id lookup sanity checks
Phillip Lougher [Thu, 25 Mar 2021 04:37:35 +0000 (21:37 -0700)]
squashfs: fix xattr id and id lookup sanity checks

The checks for maximum metadata block size is missing
SQUASHFS_BLOCK_OFFSET (the two byte length count).

Link: https://lkml.kernel.org/r/2069685113.2081245.1614583677427@webmail.123-reg.co.uk
Fixes: f37aa4c7366e23f ("squashfs: add more sanity checks in id lookup")
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Cc: Sean Nyekjaer <sean@geanix.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agosquashfs: fix inode lookup sanity checks
Sean Nyekjaer [Thu, 25 Mar 2021 04:37:32 +0000 (21:37 -0700)]
squashfs: fix inode lookup sanity checks

When mouting a squashfs image created without inode compression it fails
with: "unable to read inode lookup table"

It turns out that the BLOCK_OFFSET is missing when checking the
SQUASHFS_METADATA_SIZE agaist the actual size.

Link: https://lkml.kernel.org/r/20210226092903.1473545-1-sean@geanix.com
Fixes: eabac19e40c0 ("squashfs: add more sanity checks in inode lookup")
Signed-off-by: Sean Nyekjaer <sean@geanix.com>
Acked-by: Phillip Lougher <phillip@squashfs.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agoz3fold: prevent reclaim/free race for headless pages
Thomas Hebb [Thu, 25 Mar 2021 04:37:29 +0000 (21:37 -0700)]
z3fold: prevent reclaim/free race for headless pages

Commit ca0246bb97c2 ("z3fold: fix possible reclaim races") introduced
the PAGE_CLAIMED flag "to avoid racing on a z3fold 'headless' page
release." By atomically testing and setting the bit in each of
z3fold_free() and z3fold_reclaim_page(), a double-free was avoided.

However, commit dcf5aedb24f8 ("z3fold: stricter locking and more careful
reclaim") appears to have unintentionally broken this behavior by moving
the PAGE_CLAIMED check in z3fold_reclaim_page() to after the page lock
gets taken, which only happens for non-headless pages.  For headless
pages, the check is now skipped entirely and races can occur again.

I have observed such a race on my system:

    page:00000000ffbd76b7 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x165316
    flags: 0x2ffff0000000000()
    raw: 02ffff0000000000 ffffea0004535f48 ffff8881d553a170 0000000000000000
    raw: 0000000000000000 0000000000000011 00000000ffffffff 0000000000000000
    page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
    ------------[ cut here ]------------
    kernel BUG at include/linux/mm.h:707!
    invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
    CPU: 2 PID: 291928 Comm: kworker/2:0 Tainted: G    B             5.10.7-arch1-1-kasan #1
    Hardware name: Gigabyte Technology Co., Ltd. H97N-WIFI/H97N-WIFI, BIOS F9b 03/03/2016
    Workqueue: zswap-shrink shrink_worker
    RIP: 0010:__free_pages+0x10a/0x130
    Code: c1 e7 06 48 01 ef 45 85 e4 74 d1 44 89 e6 31 d2 41 83 ec 01 e8 e7 b0 ff ff eb da 48 c7 c6 e0 32 91 88 48 89 ef e8 a6 89 f8 ff <0f> 0b 4c 89 e7 e8 fc 79 07 00 e9 33 ff ff ff 48 89 ef e8 ff 79 07
    RSP: 0000:ffff88819a2ffb98 EFLAGS: 00010296
    RAX: 0000000000000000 RBX: ffffea000594c5a8 RCX: 0000000000000000
    RDX: 1ffffd4000b298b7 RSI: 0000000000000000 RDI: ffffea000594c5b8
    RBP: ffffea000594c580 R08: 000000000000003e R09: ffff8881d5520bbb
    R10: ffffed103aaa4177 R11: 0000000000000001 R12: ffffea000594c5b4
    R13: 0000000000000000 R14: ffff888165316000 R15: ffffea000594c588
    FS:  0000000000000000(0000) GS:ffff8881d5500000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 00007f7c8c3654d8 CR3: 0000000103f42004 CR4: 00000000001706e0
    Call Trace:
     z3fold_zpool_shrink+0x9b6/0x1240
     shrink_worker+0x35/0x90
     process_one_work+0x70c/0x1210
     worker_thread+0x539/0x1200
     kthread+0x330/0x400
     ret_from_fork+0x22/0x30
    Modules linked in: rfcomm ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ccm algif_aead des_generic libdes ecb algif_skcipher cmac bnep md4 algif_hash af_alg vfat fat intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel iwlmvm hid_logitech_hidpp kvm at24 mac80211 snd_hda_codec_realtek iTCO_wdt snd_hda_codec_generic intel_pmc_bxt snd_hda_codec_hdmi ledtrig_audio iTCO_vendor_support mei_wdt mei_hdcp snd_hda_intel snd_intel_dspcfg libarc4 soundwire_intel irqbypass iwlwifi soundwire_generic_allocation rapl soundwire_cadence intel_cstate snd_hda_codec intel_uncore btusb joydev mousedev snd_usb_audio pcspkr btrtl uvcvideo nouveau btbcm i2c_i801 btintel snd_hda_core videobuf2_vmalloc i2c_smbus snd_usbmidi_lib videobuf2_memops bluetooth snd_hwdep soundwire_bus snd_soc_rt5640 videobuf2_v4l2 cfg80211 snd_soc_rl6231 videobuf2_common snd_rawmidi lpc_ich alx videodev mdio snd_seq_device snd_soc_core mc ecdh_generic mxm_wmi mei_me
     hid_logitech_dj wmi snd_compress e1000e ac97_bus mei ttm rfkill snd_pcm_dmaengine ecc snd_pcm snd_timer snd soundcore mac_hid acpi_pad pkcs8_key_parser it87 hwmon_vid crypto_user fuse ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 dm_crypt cbc encrypted_keys trusted tpm rng_core usbhid dm_mod crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper xhci_pci xhci_pci_renesas i915 video intel_gtt i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec drm agpgart
    ---[ end trace 126d646fc3dc0ad8 ]---

To fix the issue, re-add the earlier test and set in the case where we
have a headless page.

Link: https://lkml.kernel.org/r/c8106dbe6d8390b290cd1d7f873a2942e805349e.1615452048.git.tommyhebb@gmail.com
Fixes: dcf5aedb24f8 ("z3fold: stricter locking and more careful reclaim")
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
Reviewed-by: Vitaly Wool <vitaly.wool@konsulko.com>
Cc: Jongseok Kim <ks77sj@gmail.com>
Cc: Snild Dolkow <snild@sony.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agoselftests/vm: fix out-of-tree build
Rong Chen [Thu, 25 Mar 2021 04:37:26 +0000 (21:37 -0700)]
selftests/vm: fix out-of-tree build

When building out-of-tree, attempting to make target from $(OUTPUT) directory:

  make[1]: *** No rule to make target '$(OUTPUT)/protection_keys.c', needed by '$(OUTPUT)/protection_keys_32'.

Link: https://lkml.kernel.org/r/20210315094700.522753-1-rong.a.chen@intel.com
Signed-off-by: Rong Chen <rong.a.chen@intel.com>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Shuah Khan <shuah@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agomm/mmu_notifiers: ensure range_end() is paired with range_start()
Sean Christopherson [Thu, 25 Mar 2021 04:37:23 +0000 (21:37 -0700)]
mm/mmu_notifiers: ensure range_end() is paired with range_start()

If one or more notifiers fails .invalidate_range_start(), invoke
.invalidate_range_end() for "all" notifiers.  If there are multiple
notifiers, those that did not fail are expecting _start() and _end() to
be paired, e.g.  KVM's mmu_notifier_count would become imbalanced.
Disallow notifiers that can fail _start() from implementing _end() so
that it's unnecessary to either track which notifiers rejected _start(),
or had already succeeded prior to a failed _start().

Note, the existing behavior of calling _start() on all notifiers even
after a previous notifier failed _start() was an unintented "feature".
Make it canon now that the behavior is depended on for correctness.

As of today, the bug is likely benign:

  1. The only caller of the non-blocking notifier is OOM kill.
  2. The only notifiers that can fail _start() are the i915 and Nouveau
     drivers.
  3. The only notifiers that utilize _end() are the SGI UV GRU driver
     and KVM.
  4. The GRU driver will never coincide with the i195/Nouveau drivers.
  5. An imbalanced kvm->mmu_notifier_count only causes soft lockup in the
     _guest_, and the guest is already doomed due to being an OOM victim.

Fix the bug now to play nice with future usage, e.g.  KVM has a
potential use case for blocking memslot updates in KVM while an
invalidation is in-progress, and failure to unblock would result in said
updates being blocked indefinitely and hanging.

Found by inspection.  Verified by adding a second notifier in KVM that
periodically returns -EAGAIN on non-blockable ranges, triggering OOM,
and observing that KVM exits with an elevated notifier count.

Link: https://lkml.kernel.org/r/20210311180057.1582638-1-seanjc@google.com
Fixes: 93065ac753e4 ("mm, oom: distinguish blockable mode for mmu notifiers")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Suggested-by: Jason Gunthorpe <jgg@ziepe.ca>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Ben Gardon <bgardon@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: "Jérôme Glisse" <jglisse@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Dimitri Sivanich <dimitri.sivanich@hpe.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agokasan: fix per-page tags for non-page_alloc pages
Andrey Konovalov [Thu, 25 Mar 2021 04:37:20 +0000 (21:37 -0700)]
kasan: fix per-page tags for non-page_alloc pages

To allow performing tag checks on page_alloc addresses obtained via
page_address(), tag-based KASAN modes store tags for page_alloc
allocations in page->flags.

Currently, the default tag value stored in page->flags is 0x00.
Therefore, page_address() returns a 0x00ffff...  address for pages that
were not allocated via page_alloc.

This might cause problems.  A particular case we encountered is a
conflict with KFENCE.  If a KFENCE-allocated slab object is being freed
via kfree(page_address(page) + offset), the address passed to kfree()
will get tagged with 0x00 (as slab pages keep the default per-page
tags).  This leads to is_kfence_address() check failing, and a KFENCE
object ending up in normal slab freelist, which causes memory
corruptions.

This patch changes the way KASAN stores tag in page-flags: they are now
stored xor'ed with 0xff.  This way, KASAN doesn't need to initialize
per-page flags for every created page, which might be slow.

With this change, page_address() returns natively-tagged (with 0xff)
pointers for pages that didn't have tags set explicitly.

This patch fixes the encountered conflict with KFENCE and prevents more
similar issues that can occur in the future.

Link: https://lkml.kernel.org/r/1a41abb11c51b264511d9e71c303bb16d5cb367b.1615475452.git.andreyknvl@google.com
Fixes: 2813b9c02962 ("kasan, mm, arm64: tag non slab memory allocated via pagealloc")
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Reviewed-by: Marco Elver <elver@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Peter Collingbourne <pcc@google.com>
Cc: Evgenii Stepanov <eugenis@google.com>
Cc: Branislav Rankov <Branislav.Rankov@arm.com>
Cc: Kevin Brodsky <kevin.brodsky@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agohugetlb_cgroup: fix imbalanced css_get and css_put pair for shared mappings
Miaohe Lin [Thu, 25 Mar 2021 04:37:17 +0000 (21:37 -0700)]
hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared mappings

The current implementation of hugetlb_cgroup for shared mappings could
have different behavior.  Consider the following two scenarios:

 1.Assume initial css reference count of hugetlb_cgroup is 1:
  1.1 Call hugetlb_reserve_pages with from = 1, to = 2. So css reference
      count is 2 associated with 1 file_region.
  1.2 Call hugetlb_reserve_pages with from = 2, to = 3. So css reference
      count is 3 associated with 2 file_region.
  1.3 coalesce_file_region will coalesce these two file_regions into
      one. So css reference count is 3 associated with 1 file_region
      now.

 2.Assume initial css reference count of hugetlb_cgroup is 1 again:
  2.1 Call hugetlb_reserve_pages with from = 1, to = 3. So css reference
      count is 2 associated with 1 file_region.

Therefore, we might have one file_region while holding one or more css
reference counts. This inconsistency could lead to imbalanced css_get()
and css_put() pair. If we do css_put one by one (i.g. hole punch case),
scenario 2 would put one more css reference. If we do css_put all
together (i.g. truncate case), scenario 1 will leak one css reference.

The imbalanced css_get() and css_put() pair would result in a non-zero
reference when we try to destroy the hugetlb cgroup. The hugetlb cgroup
directory is removed __but__ associated resource is not freed. This
might result in OOM or can not create a new hugetlb cgroup in a busy
workload ultimately.

In order to fix this, we have to make sure that one file_region must
hold exactly one css reference. So in coalesce_file_region case, we
should release one css reference before coalescence. Also only put css
reference when the entire file_region is removed.

The last thing to note is that the caller of region_add() will only hold
one reference to h_cg->css for the whole contiguous reservation region.
But this area might be scattered when there are already some
file_regions reside in it. As a result, many file_regions may share only
one h_cg->css reference. In order to ensure that one file_region must
hold exactly one css reference, we should do css_get() for each
file_region and release the reference held by caller when they are done.

[linmiaohe@huawei.com: fix imbalanced css_get and css_put pair for shared mappings]
Link: https://lkml.kernel.org/r/20210316023002.53921-1-linmiaohe@huawei.com
Link: https://lkml.kernel.org/r/20210301120540.37076-1-linmiaohe@huawei.com
Fixes: 075a61d07a8e ("hugetlb_cgroup: add accounting for shared mappings")
Reported-by: kernel test robot <lkp@intel.com> (auto build test ERROR)
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Wanpeng Li <liwp.linux@gmail.com>
Cc: Mina Almasry <almasrymina@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3 years agoio-wq: fix race around pending work on teardown
Jens Axboe [Thu, 25 Mar 2021 16:16:12 +0000 (10:16 -0600)]
io-wq: fix race around pending work on teardown

syzbot reports that it's triggering the warning condition on having
pending work on shutdown:

WARNING: CPU: 1 PID: 12346 at fs/io-wq.c:1061 io_wq_destroy fs/io-wq.c:1061 [inline]
WARNING: CPU: 1 PID: 12346 at fs/io-wq.c:1061 io_wq_put+0x153/0x260 fs/io-wq.c:1072
Modules linked in:
CPU: 1 PID: 12346 Comm: syz-executor.5 Not tainted 5.12.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:io_wq_destroy fs/io-wq.c:1061 [inline]
RIP: 0010:io_wq_put+0x153/0x260 fs/io-wq.c:1072
Code: 8d e8 71 90 ea 01 49 89 c4 41 83 fc 40 7d 4f e8 33 4d 97 ff 42 80 7c 2d 00 00 0f 85 77 ff ff ff e9 7a ff ff ff e8 1d 4d 97 ff <0f> 0b eb b9 8d 6b ff 89 ee 09 de bf ff ff ff ff e8 18 51 97 ff 09
RSP: 0018:ffffc90001ebfb08 EFLAGS: 00010293
RAX: ffffffff81e16083 RBX: ffff888019038040 RCX: ffff88801e86b780
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000040
RBP: 1ffff1100b2f8a80 R08: ffffffff81e15fce R09: ffffed100b2f8a82
R10: ffffed100b2f8a82 R11: 0000000000000000 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8880597c5400 R15: ffff888019038000
FS:  00007f8dcd89c700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055e9a054e160 CR3: 000000001dfb8000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 io_uring_clean_tctx+0x1b7/0x210 fs/io_uring.c:8802
 __io_uring_files_cancel+0x13c/0x170 fs/io_uring.c:8820
 io_uring_files_cancel include/linux/io_uring.h:47 [inline]
 do_exit+0x258/0x2340 kernel/exit.c:780
 do_group_exit+0x168/0x2d0 kernel/exit.c:922
 get_signal+0x1734/0x1ef0 kernel/signal.c:2773
 arch_do_signal_or_restart+0x3c/0x610 arch/x86/kernel/signal.c:811
 handle_signal_work kernel/entry/common.c:147 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0xac/0x1e0 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x48/0x180 kernel/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x465f69

which shouldn't happen, but seems to be possible due to a race on whether
or not the io-wq manager sees a fatal signal first, or whether the io-wq
workers do. If we race with queueing work and then send a fatal signal to
the owning task, and the io-wq worker sees that before the manager sets
IO_WQ_BIT_EXIT, then it's possible to have the worker exit and leave work
behind.

Just turn the WARN_ON_ONCE() into a cancelation condition instead.

Reported-by: syzbot+77a738a6bc947bf639ca@syzkaller.appspotmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
3 years agoRDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server
Potnuri Bharat Teja [Wed, 24 Mar 2021 19:04:53 +0000 (00:34 +0530)]
RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server

Not setting the ipv6 bit while destroying ipv6 listening servers may
result in potential fatal adapter errors due to lookup engine memory hash
errors. Therefore always set ipv6 field while destroying ipv6 listening
servers.

Fixes: 830662f6f032 ("RDMA/cxgb4: Add support for active and passive open connection with IPv6 address")
Link: https://lore.kernel.org/r/20210324190453.8171-1-bharat@chelsio.com
Signed-off-by: Potnuri Bharat Teja <bharat@chelsio.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
3 years agoarm64: kernel: disable CNP on Carmel
Rich Wiley [Wed, 24 Mar 2021 00:28:09 +0000 (17:28 -0700)]
arm64: kernel: disable CNP on Carmel

On NVIDIA Carmel cores, CNP behaves differently than it does on standard
ARM cores. On Carmel, if two cores have CNP enabled and share an L2 TLB
entry created by core0 for a specific ASID, a non-shareable TLBI from
core1 may still see the shared entry. On standard ARM cores, that TLBI
will invalidate the shared entry as well.

This causes issues with patchsets that attempt to do local TLBIs based
on cpumasks instead of broadcast TLBIs. Avoid these issues by disabling
CNP support for NVIDIA Carmel cores.

Signed-off-by: Rich Wiley <rwiley@nvidia.com>
Link: https://lore.kernel.org/r/20210324002809.30271-1-rwiley@nvidia.com
[will: Fix pre-existing whitespace issue]
Signed-off-by: Will Deacon <will@kernel.org>
3 years agoarm64/process.c: fix Wmissing-prototypes build warnings
Maninder Singh [Wed, 24 Mar 2021 06:54:58 +0000 (12:24 +0530)]
arm64/process.c: fix Wmissing-prototypes build warnings

Fix GCC warnings reported when building with "-Wmissing-prototypes":

  arch/arm64/kernel/process.c:261:6: warning: no previous prototype for '__show_regs' [-Wmissing-prototypes]
      261 | void __show_regs(struct pt_regs *regs)
          |      ^~~~~~~~~~~
  arch/arm64/kernel/process.c:307:6: warning: no previous prototype for '__show_regs_alloc_free' [-Wmissing-prototypes]
      307 | void __show_regs_alloc_free(struct pt_regs *regs)
          |      ^~~~~~~~~~~~~~~~~~~~~~
  arch/arm64/kernel/process.c:365:5: warning: no previous prototype for 'arch_dup_task_struct' [-Wmissing-prototypes]
      365 | int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
          |     ^~~~~~~~~~~~~~~~~~~~
  arch/arm64/kernel/process.c:546:41: warning: no previous prototype for '__switch_to' [-Wmissing-prototypes]
      546 | __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
          |                                         ^~~~~~~~~~~
  arch/arm64/kernel/process.c:710:25: warning: no previous prototype for 'arm64_preempt_schedule_irq' [-Wmissing-prototypes]
      710 | asmlinkage void __sched arm64_preempt_schedule_irq(void)
          |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~

Link: https://lore.kernel.org/lkml/202103192250.AennsfXM-lkp@intel.com
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Maninder Singh <maninder1.s@samsung.com>
Link: https://lore.kernel.org/r/1616568899-986-1-git-send-email-maninder1.s@samsung.com
Signed-off-by: Will Deacon <will@kernel.org>