Commit Graph

825523 Commits

Author SHA1 Message Date
Greg Kroah-Hartman
80045e1442 Merge tag 'misc-habanalabs-fixes-2019-03-26' of git://people.freedesktop.org/~gabbayo/linux into char-misc-next:
Oded writes:

The following bug fixes are included in this tag:

- Fix host crash upon resume after suspend
- Fix MMU related bugs which result in user's jobs getting stuck
- Fix race between user context cleanup and hard-reset which results in
  host crash
- Fix sparse warning

* tag 'misc-habanalabs-fixes-2019-03-26' of git://people.freedesktop.org/~gabbayo/linux: (265 commits)
  habanalabs: cast to expected type
  habanalabs: prevent host crash during suspend/resume
  habanalabs: perform accounting for active CS
  habanalabs: fix mapping with page size bigger than 4KB
  habanalabs: complete user context cleanup before hard reset
  habanalabs: fix bug when mapping very large memory area
  habanalabs: fix MMU number of pages calculation
  Linux 5.1-rc2
  clocksource/drivers/clps711x: Remove board support
  ext4: prohibit fstrim in norecovery mode
  ext4: cleanup bh release code in ext4_ind_remove_space()
  ext4: brelse all indirect buffer in ext4_ind_remove_space()
  genirq: Mark expected switch case fall-through
  clocksource/drivers/riscv: Fix clocksource mask
  x86/gart: Exclude GART aperture from kcore
  cifs: update internal module version number
  SMB3: Fix SMB3.1.1 guest mounts to Samba
  cifs: Fix slab-out-of-bounds when tracing SMB tcon
  cifs: allow guest mounts to work for smb3.11
  fix incorrect error code mapping for OBJECTID_NOT_FOUND
  ...
2019-03-26 17:17:40 +09:00
Arnd Bergmann
3d54d10c6a usb: mtu3: fix EXTCON dependency
When EXTCON is a loadable module, mtu3 fails to link as built-in:

drivers/usb/mtu3/mtu3_plat.o: In function `mtu3_probe':
mtu3_plat.c:(.text+0x690): undefined reference to `extcon_get_edev_by_phandle'

Add a Kconfig dependency to force mtu3 also to be a loadable module
if extconn is, but still allow it to be built without extcon.

Fixes: d0ed062a8b ("usb: mtu3: dual-role mode support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-26 16:48:56 +09:00
Aditya Pakki
41f00e6e9e usb: usb251xb: fix to avoid potential NULL pointer dereference
of_match_device in usb251xb_probe can fail and returns a NULL pointer.
The patch avoids a potential NULL pointer dereference in this scenario.

Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Reviewed-by: Richard Leitner <richard.leitner@skidata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-26 16:48:55 +09:00
Chen-Yu Tsai
e671765e52 usb: core: Try generic PHY_MODE_USB_HOST if usb_phy_roothub_set_mode fails
Some PHYs do not support PHY_MODE_USB_HOST_SS, i.e. USB 3.0 or higher.
Fall back and try the more generic PHY_MODE_USB_HOST if it fails.

Fixes: b97a313483 ("usb: core: comply to PHY framework")
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Tested-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-26 16:48:55 +09:00
Chen-Yu Tsai
1396929e8a phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs
While only the first PHY supports mode switching, the remaining PHYs
work in USB host mode. They should support set_mode with mode=USB_HOST
instead of failing. This is especially needed now that the USB core does
set_mode for all USB ports, which was added in commit b97a313483 ("usb:
core: comply to PHY framework").

Make set_mode with mode=USB_HOST a no-op instead of failing for the
non-OTG USB PHYs.

Fixes: 6ba43c2919 ("phy-sun4i-usb: Add support for phy_set_mode")
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-26 16:48:55 +09:00
Vinod Koul
d498bc0ce8 MAINTAINERS: Fix uniphier-mdmac.c file path
Commit 32e74aabeb ("dmaengine: uniphier-mdmac: add UniPhier MIO DMAC
driver") wrongly put filepath for uniphier-mdmac.c, fix it

Fixes: 32e74aabeb ("dmaengine: uniphier-mdmac: add UniPhier MIO DMAC driver")
Reported-by: Joe Perches <joe@perches.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
2019-03-26 10:55:47 +05:30
Kangjie Lu
fba1bdd2a9 scsi: qla4xxx: fix a potential NULL pointer dereference
In case iscsi_lookup_endpoint fails, the fix returns -EINVAL to avoid NULL
pointer dereference.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Acked-by: Manish Rangankar <mrangankar@marvell.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-03-25 22:24:30 -04:00
Dave Carroll
b6554cfe09 scsi: aacraid: Insure we don't access PCIe space during AER/EEH
There are a few windows during AER/EEH when we can access PCIe I/O mapped
registers. This will harden the access to insure we do not allow PCIe
access during errors

Signed-off-by: Dave Carroll <david.carroll@microsemi.com>
Reviewed-by: Sagar Biradar <sagar.biradar@microchip.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-03-25 22:19:01 -04:00
Sreekanth Reddy
c2fe742ff6 scsi: mpt3sas: Fix kernel panic during expander reset
During expander reset handling, the driver invokes kernel function
scsi_host_find_tag() to obtain outstanding requests associated with the
scsi host managed by the driver. Driver loops from tag value zero to hba
queue depth to obtain the outstanding scmds. But when blk-mq is enabled,
the block layer may return stale entry for one or more requests. This may
lead to kernel panic if the returned value is inaccessible or the memory
pointed by the returned value is reused.

Reference of upstream discussion:

	https://patchwork.kernel.org/patch/10734933/

Instead of calling scsi_host_find_tag() API for each and every smid (smid
is tag +1) from one to shost->can_queue, now driver will call this API (to
obtain the outstanding scmd) only for those smid's which are outstanding at
the driver level.

Driver will determine whether this smid is outstanding at driver level by
looking into it's corresponding MPI request frame, if its MPI request frame
is empty, then it means that this smid is free and does not need to call
scsi_host_find_tag() for it.  By doing this, driver will invoke
scsi_host_find_tag() for only those tags which are outstanding at the
driver level.

Driver will check whether particular MPI request frame is empty or not by
looking into the "DevHandle" field. If this field is zero then it means
that this MPI request is empty. For active MPI request DevHandle must be
non-zero.

Also driver will memset the MPI request frame once the corresponding scmd
is processed (i.e. just before calling
scmd->done function).

Signed-off-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-03-25 21:53:48 -04:00
Heiner Kallweit
d29f5aa0bc net: phy: don't clear BMCR in genphy_soft_reset
So far we effectively clear the BMCR register. Some PHY's can deal
with this (e.g. because they reset BMCR to a default as part of a
soft-reset) whilst on others this causes issues because e.g. the
autoneg bit is cleared. Marvell is an example, see also thread [0].
So let's be a little bit more gentle and leave all bits we're not
interested in as-is. This change is needed for PHY drivers to
properly deal with the original patch.

[0] https://marc.info/?t=155264050700001&r=1&w=2

Fixes: 6e2d85ec05 ("net: phy: Stop with excessive soft reset")
Tested-by: Phil Reid <preid@electromag.com.au>
Tested-by: liweihang <liweihang@hisilicon.com>
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-25 17:08:21 -07:00
Lukas Wunner
0fa635aec9 PCI/LINK: Deduplicate bandwidth reports for multi-function devices
If a multi-function device's bandwidth is already limited when it is
enumerated, a message is logged only for function 0.  By contrast, when
downtraining occurs after enumeration, a message is logged for all
functions.  That's because the former uses pcie_report_downtraining(),
whereas the latter uses __pcie_print_link_status() (which doesn't filter
functions != 0).  I am seeing this happen on a MacBookPro9,1 with a GPU
(function 0) and an integrated HDA controller (function 1).

Avoid this incongruence by calling pcie_report_downtraining() in both
cases.

Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alexandru Gagniuc <alex.gagniuc@dellteam.com>
2019-03-25 17:59:07 -05:00
Lukas Wunner
55397ce8df PCI/LINK: Clear bandwidth notification interrupt before enabling it
When booting a MacBookPro9,1, duplicate link downtraining messages are
logged for the devices directly attached to the two CPU-internal Root Ports
of the Core i7 3615QM:  Once on device enumeration and once on enablement
of the bandwidth notification interrupt on the Root Ports.

Duplicate messages do not occur with Root Ports on the PCH and Downstream
Ports on the Thunderbolt controller:  Only a single message is logged for
these, namely on device enumeration.

The reason for the duplicate messages is a stale interrupt in the Link
Status register of the 3615QM's internal Root Ports.  Avoid by clearing the
interrupt before enabling it.

An alternative approach would be to clear the interrupt already on device
enumeration or to report link downtraining only if the speed has changed.
That way, link downtraining occurring between device enumeration and
enablement of the bandwidth notification interrupt could be caught.
However clearing stale interrupts before enabling them is a standard
operating procedure for any driver and keeping the two steps in one place
makes the code easier to follow.

Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alexandru Gagniuc <alex.gagniuc@dellteam.com>
2019-03-25 17:59:06 -05:00
Alexandru Gagniuc
3e82a7f903 PCI/LINK: Supply IRQ handler so level-triggered IRQs are acked
A threaded IRQ with a NULL handler does not work with level-triggered
interrupts.  request_threaded_irq() will return an error:

  genirq: Threaded irq requested with handler=NULL and !ONESHOT for irq 16
  pcie_bw_notification: probe of 0000:00:1b.0:pcie010 failed with error -22

For level interrupts we need to silence the interrupt before exiting the
IRQ handler, so just clear the PCI_EXP_LNKSTA_LBMS bit there.

Fixes: e8303bb7a7 ("PCI/LINK: Report degraded links via link bandwidth notification")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
2019-03-25 17:58:50 -05:00
Srinivas Pandruvada
92a3e426ec cpufreq: intel_pstate: Also use CPPC nominal_perf for base_frequency
The ACPI specification states that if the "Guaranteed Performance
Register" is not implemented, the OSPM assumes guaranteed performance
to always be equal to nominal performance.

So for invalid or unimplemented guaranteed performance register, use
nominal performance as guaranteed performance.

This change will fall back to nominal_perf when guranteed_perf is
invalid.  If nominal_perf is also invalid or not present, fall back
to the existing implementation, which is to read from HWP Capabilities
MSR.

Fixes: 86d333a8cc ("cpufreq: intel_pstate: Add base_frequency attribute")
Suggested-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Cc: 4.20+ <stable@vger.kernel.org> # 4.20+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2019-03-25 23:57:21 +01:00
Srinivas Pandruvada
edef1ef134 ACPI / CPPC: Fix guaranteed performance handling
As per the ACPI specification, "Guaranteed Performance Register" is
a "Buffer" field and it cannot be "Integer", so treat the "Integer"
type for "Guaranteed Performance Register" field as invalid and
ignore its value in that case.

Also save one cpc_read() call when "Guaranteed Performance Register"
is not present, which means a register defined as:
"Register(SystemMemory, 0, 0, 0, 0)".

Fixes: 29523f0953 ("ACPI / CPPC: Add support for guaranteed performance")
Suggested-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Cc: 4.20+ <stable@vger.kernel.org> # 4.20+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2019-03-25 23:57:21 +01:00
Linus Torvalds
a3ac7917b7 Revert "parport: daisy: use new parport device model"
This reverts commit 1aec421120.

Steven Rostedt reports that it causes a hang at bootup and bisected it
to this commit.

The troigger is apparently a module alias for "parport_lowlevel" that
points to "parport_pc", which causes a hang with

    modprobe -q -- parport_lowlevel

blocking forever with a backtrace like this:

    wait_for_completion_killable+0x1c/0x28
    call_usermodehelper_exec+0xa7/0x108
    __request_module+0x351/0x3d8
    get_lowlevel_driver+0x28/0x41 [parport]
    __parport_register_driver+0x39/0x1f4 [parport]
    daisy_drv_init+0x31/0x4f [parport]
    parport_bus_init+0x5d/0x7b [parport]
    parport_default_proc_register+0x26/0x1000 [parport]
    do_one_initcall+0xc2/0x1e0
    do_init_module+0x50/0x1d4
    load_module+0x1c2e/0x21b3
    sys_init_module+0xef/0x117

Supid says:
 "Due to the new device model daisy driver will now try to find the
  parallel ports while trying to register its driver so that it can bind
  with them. Now, since daisy driver is loaded while parport bus is
  initialising the list of parport is still empty and it tries to load
  the lowlevel driver, which has an alias set to parport_pc, now causes
  a deadlock"

But I don't think the daisy driver should be loaded by the parport
initialization in the first place, so let's revert the whole change.

If the daisy driver can just initialize separately on its own (like a
driver should), instead of hooking into the parport init sequence
directly, this issue probably would go away.

Reported-and-bisected-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Reported-by: Michal Kubecek <mkubecek@suse.cz>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-03-25 14:49:00 -07:00
Ilya Dryomov
187df76325 libceph: fix breakage caused by multipage bvecs
A bvec can now consist of multiple physically contiguous pages.
This means that bvec_iter_advance() can move to a different page while
staying in the same bvec (i.e. ->bi_bvec_done != 0).

The messenger works in terms of segments which can now be defined as
the smaller of a bvec and a page.  The "more bytes to process in this
segment" condition holds only if bvec_iter_advance() leaves us in the
same bvec _and_ in the same page.  On next bvec (possibly in the same
page) and on next page (possibly in the same bvec) we may need to set
->last_piece.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2019-03-25 22:28:07 +01:00
Aaro Koskinen
9498da46d1 staging: octeon-ethernet: fix incorrect PHY mode
When connecting PHY, we set the mode to PHY_INTERFACE_MODE_GMII which is
not always correct. Specifically on boards where RGMII_RXID is needed
networking now longer works with at803x after commit 6d4cd041f0
("net: phy: at803x: disable delay only for RGMII mode").

Fix by passing the correct mode. Tested on EdgeRouter Lite
(RGMII_RXID, at803x PHY) and D-Link DSR-500N (RGMII, broadcom PHY).

Fixes: 6d4cd041f0 ("net: phy: at803x: disable delay only for RGMII mode")
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-26 05:54:18 +09:00
Dan Carpenter
9b9c87cf51 staging: vc04_services: Fix an error code in vchiq_probe()
We need to set "err" on this error path.

Fixes: 187ac53e59 ("staging: vchiq_arm: rework probe and init functions")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-26 05:54:18 +09:00
Gao Xiang
b6391ac734 staging: erofs: fix error handling when failed to read compresssed data
Complete read error handling paths for all three kinds of
compressed pages:

 1) For cache-managed pages, PG_uptodate will be checked since
    read_endio will unlock and SetPageUptodate for these pages;

 2) For inplaced pages, read_endio cannot SetPageUptodate directly
    since it should be used to mark the final decompressed data,
    PG_error will be set with page locked for IO error instead;

 3) For staging pages, PG_error is used, which is similar to
    what we do for inplaced pages.

Fixes: 3883a79abd ("staging: erofs: introduce VLE decompression support")
Cc: <stable@vger.kernel.org> # 4.19+
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-26 05:54:18 +09:00
Malcolm Priestley
3b9c2f2e0e staging: vt6655: Fix interrupt race condition on device start up.
It appears on some slower systems that the driver can find its way
out of the workqueue while the interrupt is disabled by continuous polling
by it.

Move MACvIntEnable to vnt_interrupt_work so that it is always enabled
on all routes out of vnt_interrupt_process.

Move MACvIntDisable so that the device doesn't keep polling the system
while the workqueue is being processed.

Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
CC: stable@vger.kernel.org # v4.2+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-26 05:54:17 +09:00
Dave Airlie
de53874a0f - A bunch of fixes to cleanup path in meson
- Fix the DMT TDMS clock filtering on meson
 - Fix an issue with NV12 buffers on rockchip when scaling is active
 - Fix a couple of use-after-free
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQRcEzekXsqa64kGDp7j7w1vZxhRxQUCXJixJAAKCRDj7w1vZxhR
 xTmiAQCVzG4gSQLsB0qHBA5FpvzMTgeVAYZkKYV4A2X0mLgkjAEAwsSspEBCAKyw
 zlE88ohe+2QQzmxuib7JoPLFD1In4wo=
 =ozhR
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2019-03-25' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

- A bunch of fixes to cleanup path in meson
- Fix the DMT TDMS clock filtering on meson
- Fix an issue with NV12 buffers on rockchip when scaling is active
- Fix a couple of use-after-free

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Maxime Ripard <maxime.ripard@bootlin.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190325104523.obnfelgvaglyhe5e@flea
2019-03-26 06:32:09 +10:00
Roman Penyaev
9bf7933fc3 io_uring: offload write to async worker in case of -EAGAIN
In case of direct write -EAGAIN will be returned if page cache was
previously populated.  To avoid immediate completion of a request
with -EAGAIN error write has to be offloaded to the async worker,
like io_read() does.

Signed-off-by: Roman Penyaev <rpenyaev@suse.de>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: linux-block@vger.kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-03-25 13:13:21 -06:00
Ming Lei
e6d1fa584e sbitmap: order READ/WRITE freed instance and setting clear bit
Inside sbitmap_queue_clear(), once the clear bit is set, it will be
visiable to allocation path immediately. Meantime READ/WRITE on old
associated instance(such as request in case of blk-mq) may be
out-of-order with the setting clear bit, so race with re-allocation
may be triggered.

Adds one memory barrier for ordering READ/WRITE of the freed associated
instance with setting clear bit for avoiding race with re-allocation.

The following kernel oops triggerd by block/006 on aarch64 may be fixed:

[  142.330954] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000330
[  142.338794] Mem abort info:
[  142.341554]   ESR = 0x96000005
[  142.344632]   Exception class = DABT (current EL), IL = 32 bits
[  142.350500]   SET = 0, FnV = 0
[  142.353544]   EA = 0, S1PTW = 0
[  142.356678] Data abort info:
[  142.359528]   ISV = 0, ISS = 0x00000005
[  142.363343]   CM = 0, WnR = 0
[  142.366305] user pgtable: 64k pages, 48-bit VAs, pgdp = 000000002a3c51c0
[  142.372983] [0000000000000330] pgd=0000000000000000, pud=0000000000000000
[  142.379777] Internal error: Oops: 96000005 [#1] SMP
[  142.384613] Modules linked in: null_blk ib_isert iscsi_target_mod ib_srpt target_core_mod ib_srp scsi_transport_srp vfat fat rpcrdma sunrpc rdma_ucm ib_iser rdma_cm iw_cm libiscsi ib_umad scsi_transport_iscsi ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core sbsa_gwdt crct10dif_ce ghash_ce ipmi_ssif sha2_ce ipmi_devintf sha256_arm64 sg sha1_ce ipmi_msghandler ip_tables xfs libcrc32c mlx5_core sdhci_acpi mlxfw ahci_platform at803x sdhci libahci_platform qcom_emac mmc_core hdma hdma_mgmt i2c_dev [last unloaded: null_blk]
[  142.429753] CPU: 7 PID: 1983 Comm: fio Not tainted 5.0.0.cki #2
[  142.449458] pstate: 00400005 (nzcv daif +PAN -UAO)
[  142.454239] pc : __blk_mq_free_request+0x4c/0xa8
[  142.458830] lr : blk_mq_free_request+0xec/0x118
[  142.463344] sp : ffff00003360f6a0
[  142.466646] x29: ffff00003360f6a0 x28: ffff000010e70000
[  142.471941] x27: ffff801729a50048 x26: 0000000000010000
[  142.477232] x25: ffff00003360f954 x24: ffff7bdfff021440
[  142.482529] x23: 0000000000000000 x22: 00000000ffffffff
[  142.487830] x21: ffff801729810000 x20: 0000000000000000
[  142.493123] x19: ffff801729a50000 x18: 0000000000000000
[  142.498413] x17: 0000000000000000 x16: 0000000000000001
[  142.503709] x15: 00000000000000ff x14: ffff7fe000000000
[  142.509003] x13: ffff8017dcde09a0 x12: 0000000000000000
[  142.514308] x11: 0000000000000001 x10: 0000000000000008
[  142.519597] x9 : ffff8017dcde09a0 x8 : 0000000000002000
[  142.524889] x7 : ffff8017dcde0a00 x6 : 000000015388f9be
[  142.530187] x5 : 0000000000000001 x4 : 0000000000000000
[  142.535478] x3 : 0000000000000000 x2 : 0000000000000000
[  142.540777] x1 : 0000000000000001 x0 : ffff00001041b194
[  142.546071] Process fio (pid: 1983, stack limit = 0x000000006460a0ea)
[  142.552500] Call trace:
[  142.554926]  __blk_mq_free_request+0x4c/0xa8
[  142.559181]  blk_mq_free_request+0xec/0x118
[  142.563352]  blk_mq_end_request+0xfc/0x120
[  142.567444]  end_cmd+0x3c/0xa8 [null_blk]
[  142.571434]  null_complete_rq+0x20/0x30 [null_blk]
[  142.576194]  blk_mq_complete_request+0x108/0x148
[  142.580797]  null_handle_cmd+0x1d4/0x718 [null_blk]
[  142.585662]  null_queue_rq+0x60/0xa8 [null_blk]
[  142.590171]  blk_mq_try_issue_directly+0x148/0x280
[  142.594949]  blk_mq_try_issue_list_directly+0x9c/0x108
[  142.600064]  blk_mq_sched_insert_requests+0xb0/0xd0
[  142.604926]  blk_mq_flush_plug_list+0x16c/0x2a0
[  142.609441]  blk_flush_plug_list+0xec/0x118
[  142.613608]  blk_finish_plug+0x3c/0x4c
[  142.617348]  blkdev_direct_IO+0x3b4/0x428
[  142.621336]  generic_file_read_iter+0x84/0x180
[  142.625761]  blkdev_read_iter+0x50/0x78
[  142.629579]  aio_read.isra.6+0xf8/0x190
[  142.633409]  __io_submit_one.isra.8+0x148/0x738
[  142.637912]  io_submit_one.isra.9+0x88/0xb8
[  142.642078]  __arm64_sys_io_submit+0xe0/0x238
[  142.646428]  el0_svc_handler+0xa0/0x128
[  142.650238]  el0_svc+0x8/0xc
[  142.653104] Code: b9402a63 f9000a7f 3100047f 540000a0 (f9419a81)
[  142.659202] ---[ end trace 467586bc175eb09d ]---

Fixes: ea86ea2cdc ("sbitmap: ammortize cost of clearing bits")
Reported-and-bisected_and_tested-by: Yi Zhang <yi.zhang@redhat.com>
Cc: Yi Zhang <yi.zhang@redhat.com>
Cc: "jianchao.wang" <jianchao.w.wang@oracle.com>
Reviewed-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-03-25 13:05:47 -06:00
Jens Axboe
e861857545 blk-mq: fix sbitmap ws_active for shared tags
We now wrap sbitmap waitqueues in an active counter, so we can avoid
iterating wakeups unless we have waiters there. This works as long as
everyone that's manipulating the waitqueues use the proper helpers. For
the tag wait case for shared tags, however, we add ourselves to the
waitqueue without incrementing/decrementing the ->ws_active count. This
means that wakeups can take a long time to happen.

Fix this by manually doing the inc/dec as needed for the wait queue
handling.

Reported-by: Michael Leun <kbug@newton.leun.net>
Tested-by: Michael Leun <kbug@newton.leun.net>
Cc: stable@vger.kernel.org
Reviewed-by: Omar Sandoval <osandov@fb.com>
Fixes: 5d2ee7122c ("sbitmap: optimize wakeup check")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-03-25 13:05:47 -06:00
Pierre-Yves MORDRET
9dfec7ca0b dmaengine: stm32-mdma: Revert "dmaengine: stm32-mdma: Add a check on read_u32_array"
This reverts commit 906b40b246 ("dmaengine: stm32-mdma: Add a check on
read_u32_array")

As stated by bindings "st,ahb-addr-masks" is optional.
The statement inserted by this commit makes this property
mandatory and prevents MDMA to be probed in case property not present.

Signed-off-by: Pierre-Yves MORDRET <pierre-yves.mordret@st.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
2019-03-25 21:56:54 +05:30
Jonathan Hunter
9395874219 arm64: tegra: Disable CQE Support for SDMMC4 on Tegra186
Enabling CQE support on Tegra186 Jetson TX2 has introduced a regression
that is causing accesses to the file-system on the eMMC to fail. Errors
such as the following have been observed ...

 mmc2: running CQE recovery
 mmc2: mmc_select_hs400 failed, error -110
 print_req_error: I/O error, dev mmcblk2, sector 8 flags 80700
 mmc2: cqhci: CQE failed to exit halt state

For now disable CQE support for Tegra186 until this issue is resolved.

Fixes: dfd3cb6feb arm64: tegra: Add CQE Support for SDMMC4
Signed-off-by: Jonathan Hunter <jonathanh@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-03-25 17:12:20 +01:00
Arnd Bergmann
2e8c54db3b i.MX fixes for 5.1:
- Correct phy mode setting of imx6dl-yapp4 board to fix a problem
    caused by commit 5ecdd77c61 ("net: dsa: qca8k: disable delay
    for RGMII mode").
  - Add a missing of_node_put call to fix leaked reference detected by
    coccinelle in imx51 machine code.
  - Fix imx6q cpuidle driver bug which causes that CPU might not wake up
    at expected time.
  - Increase reset duration of Ethernet phy Micrel KSZ9031RNX to fix
    transmission timeouts error seen on imx6qdl-phytec-pfla02 board.
  - Correct SPDX License Identifier style for imx6ull-pinfunc-snvs.h.
  - Fix 'bus-witdh' typos in imx6qdl-icore-rqs.dtsi.
  - Correct pseudo PHY address of switch device for imx6dl-yapp4 board.
  - Update PWM driver options in imx defconfig files due to the change
    on driver part.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJclKQNAAoJEFBXWFqHsHzOSugIAJGMo/4tEOijA6oysBhzwE3A
 xy7nHp92RxAZEImjE14NRNgyS6zTZd51PWn3CQjjtw+x+6OBsk4kI+ftQvxp1irg
 7ag6uvjZ5lPaW04tF6bUbI9vZd9+Fsy1z7D/hTzsPPj7w7iH+2rMgWsNwma/ZZ9r
 UFmSfkgxE1kj8sHsnm3EoryKLeu69gD1p+chsWwe4/zxeo+yDeOQuXc1fc05HN5Y
 JOPvHk8PWPDNHwhu8XX20aPGGZpjxi75uhwGDbIQnVCp/k4fDZyDxKfNKcZSrFbK
 JsDxGRIRYd+TXM/E/UJ1TdXsmP6pUoyMXVJi3+0nk0QqLnQqjkdTP2O9MRt+Qng=
 =jCPr
 -----END PGP SIGNATURE-----

Merge tag 'imx-fixes-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/fixes

i.MX fixes for 5.1:
 - Correct phy mode setting of imx6dl-yapp4 board to fix a problem
   caused by commit 5ecdd77c61 ("net: dsa: qca8k: disable delay
   for RGMII mode").
 - Add a missing of_node_put call to fix leaked reference detected by
   coccinelle in imx51 machine code.
 - Fix imx6q cpuidle driver bug which causes that CPU might not wake up
   at expected time.
 - Increase reset duration of Ethernet phy Micrel KSZ9031RNX to fix
   transmission timeouts error seen on imx6qdl-phytec-pfla02 board.
 - Correct SPDX License Identifier style for imx6ull-pinfunc-snvs.h.
 - Fix 'bus-witdh' typos in imx6qdl-icore-rqs.dtsi.
 - Correct pseudo PHY address of switch device for imx6dl-yapp4 board.
 - Update PWM driver options in imx defconfig files due to the change
   on driver part.

* tag 'imx-fixes-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
  ARM: imx_v4_v5_defconfig: enable PWM driver
  ARM: imx_v6_v7_defconfig: continue compiling the pwm driver
  ARM: dts: imx6dl-yapp4: Use correct pseudo PHY address for the switch
  ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi
  ARM: dts: imx6ull: Use the correct style for SPDX License Identifier
  ARM: dts: pfla02: increase phy reset duration
  ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
  ARM: imx51: fix a leaked reference by adding missing of_node_put
  ARM: dts: imx6dl-yapp4: Use rgmii-id phy mode on the cpu port
2019-03-25 17:06:41 +01:00
Arnd Bergmann
9e75ad5d8f io_uring: fix big-endian compat signal mask handling
On big-endian architectures, the signal masks are differnet
between 32-bit and 64-bit tasks, so we have to use a different
function for reading them from user space.

io_cqring_wait() initially got this wrong, and always interprets
this as a native structure. This is ok on x86 and most arm64,
but not on s390, ppc64be, mips64be, sparc64 and parisc.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-03-25 10:06:03 -06:00
Arnd Bergmann
0cee41d4d0 This pull request contains Broadcom ARM/ARM64-based SoCs fixes for 5.1,
please pull the following:
 
 - Eric provides fixes for the bcm2835-pm driver: added missing depends
   on MFD_CORE for the ARM64 definition of ARCH_BCM2835, fixing error
   paths on initialization and fixing the PM_IMAGE_PERI power domain
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEm+Rq3+YGJdiR9yuFh9CWnEQHBwQFAlyRTXMACgkQh9CWnEQH
 BwTKOBAAiN0SyRVtCQmomvrIOMTJilmUs+BZrcPnjlIEcxCdUcXn+qxKKgYdtXbR
 KWkrlZypv3LwTbFE9DiBxIT0f3pmBt0c8oeDdiX3uyhUHAaWBasD3+b1XBx8oyYR
 u3wU0A94tVHBvmXHIaDpbPx07Vq2LZ5U8nOGID4A5YTz12v7uzlSY6spdPZz774w
 vMLA/TrXWTvnx+MIF9zHshq/+CuOG9w3Ne86B2rCpTAAX1MxLyGNAu1dkFD/yFEl
 maBcBQJy3G2wgGCgudw3d+LMGMhwP0FKNdspblQ0yxiayPJDkHm+oOfdrF74gW00
 DldAW4nqelDkJJ6KVMuLVlkcTkUf8VXYQX+EJP0K/V3fvfiDf3pr8wK+yp95GvEc
 8/p/HwLWGQjATxUBgJIRORfTUPOTYbJUX3q6n2Wn8EKuTwWSl+mQGrsrGbv31N8I
 6+Mo2eKhxMxmdsfcN3Ox++m9XXqTlds2wXuSYq77lT0kXspq5HuaMu1PsRPsvDFN
 pbAqaKgf7DPoUQBrGFaJJgjB1bj+gG/7r4rTcNXEHxQcAneo20TuGtwjNq2rxVVY
 8fn9eDbSrh/e7wduXf6hhrV/akn2tq5bLYUSqcWmFCpskITbz4wDbAyMtLt8qZty
 WGZBmnP7e3O3qa9wJvOkC4HKmb878+eNNn8Uvl6k/riu34kUmj8=
 =0kxj
 -----END PGP SIGNATURE-----

Merge tag 'arm-soc/for-5.1/soc-fixes' of https://github.com/Broadcom/stblinux into arm/fixes

This pull request contains Broadcom ARM/ARM64-based SoCs fixes for 5.1,
please pull the following:

- Eric provides fixes for the bcm2835-pm driver: added missing depends
  on MFD_CORE for the ARM64 definition of ARCH_BCM2835, fixing error
  paths on initialization and fixing the PM_IMAGE_PERI power domain

* tag 'arm-soc/for-5.1/soc-fixes' of https://github.com/Broadcom/stblinux:
  arm64: bcm2835: Add missing dependency on MFD_CORE.
  soc: bcm: bcm2835-pm: Fix error paths of initialization.
  soc: bcm: bcm2835-pm: Fix PM_IMAGE_PERI power domain support.
2019-03-25 17:05:30 +01:00
Arnd Bergmann
274a8ddcbc This pull request contains Broadcom ARM-based SoCs Device Tree fixes for
5.1, please pull the following:
 
 - Helen fixes the HDMI hot-pug detect GPIO polarity for the Rasperry Pi
   model B revision 2
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEm+Rq3+YGJdiR9yuFh9CWnEQHBwQFAlyRTfsACgkQh9CWnEQH
 BwQbWBAAohl51B5h7cJGWz2F53tP9fDGcDL8CN1D2gIIid/3IPQtxhC7Z+Gdj0SF
 mlSUmibKF1LeIgYYH0y/q5sSiW1Srew5ukkgYLGIiJ49YRysvgbAn0WYue7QMU8G
 jegJBHy5Gz7JJvue+3KFaoZwDLos+IRI9vAeLMcK3PoQey4lfHS2s0NOkAVLxbcc
 bOLdCNSOLDrw+wFM3MgtNqNQPjCg7X4eTJEg5pKwGFwjFdlGQqSNQ6u/SWKg6w64
 eb3CLxzihIgX7s473HD7reK2Q+yhjj1mSWDC0HWTstJ90suMBeW3yQMf7v/IwRE/
 iRLRlbsD0mCq1JMG8TuYmm3eq18PkFAteF2Hm6fMhdR1lE/QNQM2f/W7itYmMqZC
 /kL/bkvthpoDAkCjTNEBtgOri1N9oJWVgC77asUc1gAKz5SwBpkPQSNZzxy5Tuqz
 WNNd9v3lxnS5tnsqs//Iqgt23KTouD3w4MAGVkI4eVpjh1Kz83H+OrgU1fBxoqKl
 rer8h4yS2sYkHfdZsnMZ/H+GBNqme8tVJufzasr03h60mXIFzNOy8RLaexZTslil
 UP3d5e8fZo7u4BeNh7925R/K5pX+HjcmndXoQPflwoZ3SdulICgT8naDfEpoqpLQ
 UTNuhDvlNY1ec7mnZQ5GwcDUwQ77e6KsNqwq2vMtffIMyGc/4j0=
 =XW7G
 -----END PGP SIGNATURE-----

Merge tag 'arm-soc/for-5.1/devicetree-fixes' of https://github.com/Broadcom/stblinux into arm/fixes

This pull request contains Broadcom ARM-based SoCs Device Tree fixes for
5.1, please pull the following:

- Helen fixes the HDMI hot-pug detect GPIO polarity for the Rasperry Pi
  model B revision 2

* tag 'arm-soc/for-5.1/devicetree-fixes' of https://github.com/Broadcom/stblinux:
  ARM: dts: bcm283x: Fix hdmi hpd gpio pull
2019-03-25 17:04:47 +01:00
Linus Walleij
fa9463564e ARM: dts: nomadik: Fix polarity of SPI CS
The SPI DT bindings are for historical reasons a pitfall,
the ability to flag a GPIO line as active high/low with
the second cell flags was introduced later so the SPI
subsystem will only accept the bool flag spi-cs-high
to indicate that the line is active high.

It worked by mistake, but the mistake was corrected
in another commit.

The comment in the DTS file was also misleading: this
CS is indeed active high.

Fixes: cffbb02daf ("ARM: dts: nomadik: Augment NHK15 panel setting")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-03-25 17:03:34 +01:00
Arnd Bergmann
44cd905041 Renesas ARM Based SoC Fixes for v5.1
R-Car Gen3 E3 (r8a77990) and RZ/G2E (r8a774c0) SoCs:
 * Correct SCIF5 DMA channels
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE4nzZofWswv9L/nKF189kaWo3T74FAlyLegEACgkQ189kaWo3
 T76QFBAAlYeKbR0QsA92hciDmlWMMvp26LPXDlI8Ue+vcxi9Weps1t2H2ZcCl0Hc
 vt5EVp5fnM15gpMwDNMVKZan7NKuxPrIqXYO23oR/YW4GUV/H9gwKteAwHEcXVp3
 7kp9OvYkPYAXNoFxK8kh26qVoeBZxckdRchHdNq/A+3dXjuamA+s04OK62S5N+4r
 eEWPZ446IOJZEswN6DCC3uF+92JLW3TrjMoRkqWm+LrKbvFFFgokx8DD+kf3+pES
 ZZzS9yuY+U/BK0mvRs7GbLNoC83b1TMp2AJDZjf0eA6gs+Nxi+2/AwtNgU7kMRlZ
 ucBc9qhg3K8r9UZQw83sWs6wcAsBLsgv9KJjY34KFJdXxHWXNIB2hvAUV1uA++hq
 Vz+wYa+zs7xW2BlSbaw8awa+o1BP01+hjLdsEJg3WJsMM+ayBOB5J3mZ28YHktlE
 Y6YLD+zxp2GsIA6FaMoJfiocZfm0AutRWyF59OHqhwKHenq+LFL3/J0lNsTEeDTm
 pU1tlNoxglxMEHIatV8YQtSngrPDeTjny0MIb2k94XXbB3ljL+bXph8JlG3hb8od
 X5ekBoLWQY+VrB/6Hy2cHQdJSWaZTf/KYF3QyFO8790MJU8rjQ208oYRiTax5U1i
 K2KIquikCDOiFbRgZy3bR1J9wJUdnrx/EI9qzMyjv+hrcWpxJTM=
 =6Y1e
 -----END PGP SIGNATURE-----

Merge tag 'renesas-fixes-for-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into arm/fixes

Renesas ARM Based SoC Fixes for v5.1

R-Car Gen3 E3 (r8a77990) and RZ/G2E (r8a774c0) SoCs:
* Correct SCIF5 DMA channels

* tag 'renesas-fixes-for-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas:
  arm64: dts: renesas: r8a774c0: Fix SCIF5 DMA channels
  arm64: dts: renesas: r8a77990: Fix SCIF5 DMA channels
2019-03-25 17:02:31 +01:00
Sekhar Nori
2dbed152e2 ARM: davinci: fix build failure with allnoconfig
allnoconfig build with just ARCH_DAVINCI enabled
fails because drivers/clk/davinci/* depends on
REGMAP being enabled.

Fix it by selecting REGMAP_MMIO when building in
DaVinci support.

Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Reviewed-by: David Lechner <david@lechnology.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-03-25 16:59:30 +01:00
Takashi Iwai
113ce08109 ALSA: pcm: Don't suspend stream in unrecoverable PCM state
Currently PCM core sets each opened stream forcibly to SUSPENDED state
via snd_pcm_suspend_all() call, and the user-space is responsible for
re-triggering the resume manually either via snd_pcm_resume() or
prepare call.  The scheme works fine usually, but there are corner
cases where the stream can't be resumed by that call: the streams
still in OPEN state before finishing hw_params.  When they are
suspended, user-space cannot perform resume or prepare because they
haven't been set up yet.  The only possible recovery is to re-open the
device, which isn't nice at all.  Similarly, when a stream is in
DISCONNECTED state, it makes no sense to change it to SUSPENDED
state.  Ditto for in SETUP state; which you can re-prepare directly.

So, this patch addresses these issues by filtering the PCM streams to
be suspended by checking the PCM state.  When a stream is in either
OPEN, SETUP or DISCONNECTED as well as already SUSPENDED, the suspend
action is skipped.

To be noted, this problem was originally reported for the PCM runtime
PM on HD-audio.  And, the runtime PM problem itself was already
addressed (although not intended) by the code refactoring commits
3d21ef0b49 ("ALSA: pcm: Suspend streams globally via device type PM
ops") and 17bc4815de ("ALSA: pci: Remove superfluous
snd_pcm_suspend*() calls").  These commits eliminated the
snd_pcm_suspend*() calls from the runtime PM suspend callback code
path, hence the racy OPEN state won't appear while runtime PM.
(FWIW, the race window is between snd_pcm_open_substream() and the
first power up in azx_pcm_open().)

Although the runtime PM issue was already "fixed", the same problem is
still present for the system PM, hence this patch is still needed.
And for stable trees, this patch alone should suffice for fixing the
runtime PM problem, too.

Reported-and-tested-by: Jon Hunter <jonathanh@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-03-25 16:36:30 +01:00
Darrick J. Wong
ed79dac98c xfs: prohibit fstrim in norecovery mode
The xfs fstrim implementation uses the free space btrees to find free
space that can be discarded.  If we haven't recovered the log, the bnobt
will be stale and we absolutely *cannot* use stale metadata to zap the
underlying storage.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
2019-03-25 08:03:29 -07:00
Joerg Roedel
8bc32a2856 iommu: Don't print warning when IOMMU driver only supports unmanaged domains
Print the warning about the fall-back to IOMMU_DOMAIN_DMA in
iommu_group_get_for_dev() only when such a domain was
actually allocated.

Otherwise the user will get misleading warnings in the
kernel log when the iommu driver used doesn't support
IOMMU_DOMAIN_DMA and IOMMU_DOMAIN_IDENTITY.

Fixes: fccb4e3b8a ('iommu: Allow default domain type to be set on the kernel command line')
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2019-03-25 14:37:00 +01:00
Jeff Layton
945ab8f6de locks: wake any locks blocked on request before deadlock check
Andreas reported that he was seeing the tdbtorture test fail in some
cases with -EDEADLCK when it wasn't before. Some debugging showed that
deadlock detection was sometimes discovering the caller's lock request
itself in a dependency chain.

While we remove the request from the blocked_lock_hash prior to
reattempting to acquire it, any locks that are blocked on that request
will still be present in the hash and will still have their fl_blocker
pointer set to the current request.

This causes posix_locks_deadlock to find a deadlock dependency chain
when it shouldn't, as a lock request cannot block itself.

We are going to end up waking all of those blocked locks anyway when we
go to reinsert the request back into the blocked_lock_hash, so just do
it prior to checking for deadlocks. This ensures that any lock blocked
on the current request will no longer be part of any blocked request
chain.

URL: https://bugzilla.kernel.org/show_bug.cgi?id=202975
Fixes: 5946c4319e ("fs/locks: allow a lock request to block other requests.")
Cc: stable@vger.kernel.org
Reported-by: Andreas Schneider <asn@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
2019-03-25 08:36:24 -04:00
Michael Ellerman
d947075739 powerpc/64: Fix memcmp reading past the end of src/dest
Chandan reported that fstests' generic/026 test hit a crash:

  BUG: Unable to handle kernel data access at 0xc00000062ac40000
  Faulting instruction address: 0xc000000000092240
  Oops: Kernel access of bad area, sig: 11 [#1]
  LE SMP NR_CPUS=2048 DEBUG_PAGEALLOC NUMA pSeries
  CPU: 0 PID: 27828 Comm: chacl Not tainted 5.0.0-rc2-next-20190115-00001-g6de6dba64dda #1
  NIP:  c000000000092240 LR: c00000000066a55c CTR: 0000000000000000
  REGS: c00000062c0c3430 TRAP: 0300   Not tainted  (5.0.0-rc2-next-20190115-00001-g6de6dba64dda)
  MSR:  8000000002009033 <SF,VEC,EE,ME,IR,DR,RI,LE>  CR: 44000842  XER: 20000000
  CFAR: 00007fff7f3108ac DAR: c00000062ac40000 DSISR: 40000000 IRQMASK: 0
  GPR00: 0000000000000000 c00000062c0c36c0 c0000000017f4c00 c00000000121a660
  GPR04: c00000062ac3fff9 0000000000000004 0000000000000020 00000000275b19c4
  GPR08: 000000000000000c 46494c4500000000 5347495f41434c5f c0000000026073a0
  GPR12: 0000000000000000 c0000000027a0000 0000000000000000 0000000000000000
  GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  GPR20: c00000062ea70020 c00000062c0c38d0 0000000000000002 0000000000000002
  GPR24: c00000062ac3ffe8 00000000275b19c4 0000000000000001 c00000062ac30000
  GPR28: c00000062c0c38d0 c00000062ac30050 c00000062ac30058 0000000000000000
  NIP memcmp+0x120/0x690
  LR  xfs_attr3_leaf_lookup_int+0x53c/0x5b0
  Call Trace:
    xfs_attr3_leaf_lookup_int+0x78/0x5b0 (unreliable)
    xfs_da3_node_lookup_int+0x32c/0x5a0
    xfs_attr_node_addname+0x170/0x6b0
    xfs_attr_set+0x2ac/0x340
    __xfs_set_acl+0xf0/0x230
    xfs_set_acl+0xd0/0x160
    set_posix_acl+0xc0/0x130
    posix_acl_xattr_set+0x68/0x110
    __vfs_setxattr+0xa4/0x110
    __vfs_setxattr_noperm+0xac/0x240
    vfs_setxattr+0x128/0x130
    setxattr+0x248/0x600
    path_setxattr+0x108/0x120
    sys_setxattr+0x28/0x40
    system_call+0x5c/0x70
  Instruction dump:
  7d201c28 7d402428 7c295040 38630008 38840008 408201f0 4200ffe8 2c050000
  4182ff6c 20c50008 54c61838 7d201c28 <7d402428> 7d293436 7d4a3436 7c295040

The instruction dump decodes as:
  subfic  r6,r5,8
  rlwinm  r6,r6,3,0,28
  ldbrx   r9,0,r3
  ldbrx   r10,0,r4      <-

Which shows us doing an 8 byte load from c00000062ac3fff9, which
crosses the page boundary at c00000062ac40000 and faults.

It's not OK for memcmp to read past the end of the source or
destination buffers if that would cross a page boundary, because we
don't know that the next page is mapped.

As pointed out by Segher, we can read past the end of the source or
destination as long as we don't cross a 4K boundary, because that's
our minimum page size on all platforms.

The bug is in the code at the .Lcmp_rest_lt8bytes label. When we get
there we know that s1 is 8-byte aligned and we have at least 1 byte to
read, so a single 8-byte load won't read past the end of s1 and cross
a page boundary.

But we have to be more careful with s2. So check if it's within 8
bytes of a 4K boundary and if so go to the byte-by-byte loop.

Fixes: 2d9ee327ad ("powerpc/64: Align bytes before fall back to .Lshort in powerpc64 memcmp()")
Cc: stable@vger.kernel.org # v4.19+
Reported-by: Chandan Rajendra <chandan@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Segher Boessenkool <segher@kernel.crashing.org>
Tested-by: Chandan Rajendra <chandan@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2019-03-25 23:33:26 +11:00
Neil Armstrong
3d565a21f2 drm/meson: fix TMDS clock filtering for DMT monitors
DMT monitors does not necessarely report a maximum TMDS clock
in a VSDB EDID extension.

In this case, all modes are wrongly rejected, including
the DRM fallback EDID.

This patch only rejects modes whith clock > max_tmds_clock if
the max_tmds_clock is specified. This will only reject
4:2:0 HDMI2.0 modes, who reports a clock > max_tmds_clock.

Reported-by: Maxime Jourdan <mjourdan@baylibre.com>
Fixes: d7d8fb7046 ("drm/meson: add HDMI div40 TMDS mode")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Tested-by: Maxime Jourdan <mjourdan@baylibre.com>
Reviewed-by: Maxime Jourdan <mjourdan@baylibre.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190320081110.1718-1-narmstrong@baylibre.com
2019-03-25 11:19:50 +01:00
Jean-Philippe Brucker
2d8f92897a drm/meson: Uninstall IRQ handler
meson_drv_unbind() doesn't unregister the IRQ handler, which can lead to
use-after-free if the IRQ fires after unbind:

[   64.656876] Unable to handle kernel paging request at virtual address ffff000011706dbc
...
[   64.662001] pc : meson_irq+0x18/0x30 [meson_drm]

I'm assuming that a similar problem could happen on the error path of
bind(), so uninstall the IRQ handler there as well.

Fixes: bbbe775ec5 ("drm: Add support for Amlogic Meson Graphic Controller")
Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190322152657.13752-2-jean-philippe.brucker@arm.com
2019-03-25 11:18:47 +01:00
Jean-Philippe Brucker
776e78677f drm/meson: Fix invalid pointer in meson_drv_unbind()
meson_drv_bind() registers a meson_drm struct as the device's privdata,
but meson_drv_unbind() tries to retrieve a drm_device. This may cause a
segfault on shutdown:

[ 5194.593429] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000197
 ...
[ 5194.788850] Call trace:
[ 5194.791349]  drm_dev_unregister+0x1c/0x118 [drm]
[ 5194.795848]  meson_drv_unbind+0x50/0x78 [meson_drm]

Retrieve the right pointer in meson_drv_unbind().

Fixes: bbbe775ec5 ("drm: Add support for Amlogic Meson Graphic Controller")
Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190322152657.13752-1-jean-philippe.brucker@arm.com
2019-03-25 11:18:31 +01:00
Erik Schmauss
aa9aaa4d61 ACPI: use different default debug value than ACPICA
Rather than setting debug output flags during early init, its makes
more sense to simply re-define ACPI_DEBUG_DEFAULT specifically for
Linux.

ACPICA commit 60903715711f4b00ca1831779a8a23279a66497d

Link: https://github.com/acpica/acpica/commit/60903715
Fixes: ce5cbf5349 ("ACPI: Set debug output flags independent of ACPICA")
Reported-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Tested-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2019-03-25 10:45:59 +01:00
Kangjie Lu
6cf4511e97 gpio: aspeed: fix a potential NULL pointer dereference
In case devm_kzalloc, the patch returns ENOMEM to avoid potential
NULL pointer dereference.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
2019-03-25 09:26:48 +01:00
Robert Tarasov
a51143001d drm/udl: Refactor edid retrieving in UDL driver (v2)
Now drm/udl driver uses drm_do_get_edid() function to retrieve and
validate all blocks of EDID data. Old approach had insufficient
validation routine and had problems with retrieving of extra blocks

Signed-off-by: Robert Tarasov <tutankhamen@chromium.org>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
[airlied: Fix spelling mistakes]
Link: https://patchwork.freedesktop.org/patch/msgid/20190314225339.162386-1-tutankhamen@chromium.org
2019-03-25 15:58:15 +10:00
Noralf Trønnes
3f04e0a6cf drm: Fix drm_release() and device unplug
If userspace has open fd(s) when drm_dev_unplug() is run, it will result
in drm_dev_unregister() being called twice. First in drm_dev_unplug() and
then later in drm_release() through the call to drm_put_dev().

Since userspace already holds a ref on drm_device through the drm_minor,
it's not necessary to add extra ref counting based on no open file
handles. Instead just drm_dev_put() unconditionally in drm_dev_unplug().

We now have this:
- Userpace holds a ref on drm_device as long as there's open fd(s)
- The driver holds a ref on drm_device as long as it's bound to the
  struct device

When both sides are done with drm_device, it is released.

Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
Reviewed-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Sean Paul <sean@poorly.run>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190208140103.28919-2-noralf@tronnes.org
2019-03-25 15:58:05 +10:00
David S. Miller
27602e2c44 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Alexei Starovoitov says:

====================
pull-request: bpf 2019-03-24

The following pull-request contains BPF updates for your *net* tree.

The main changes are:

1) libbpf verision fix up from Daniel.

2) fix liveness propagation from Jakub.

3) fix verbose print of refcounted regs from Martin.

4) fix for large map allocations from Martynas.

5) fix use after free in sanitize_ptr_alu from Xu.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-24 23:45:35 -04:00
Alexei Starovoitov
a7d6ac3761 Merge branch 'libbpf-fixup'
Daniel Borkmann says:

====================
First one is fixing version in Makefile and shared object and
second one clarifies bump in version. Thanks!

v1 -> v2:
  - Fix up soname, thanks Stanislav!
====================

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2019-03-24 19:49:05 -07:00
Daniel Borkmann
63197f78bc bpf, libbpf: clarify bump in libbpf version info
The current documentation suggests that we would need to bump the
libbpf version on every change. Lets clarify this a bit more and
reflect what we do today in practice, that is, bumping it once per
development cycle.

Fixes: 76d1b894c5 ("libbpf: Document API and ABI conventions")
Reported-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2019-03-24 19:49:04 -07:00
Daniel Borkmann
1d382264d9 bpf, libbpf: fix version info and add it to shared object
Even though libbpf's versioning script for the linker (libbpf.map)
is pointing to 0.0.2, the BPF_EXTRAVERSION in the Makefile has
not been updated along with it and is therefore still on 0.0.1.

While fixing up, I also noticed that the generated shared object
versioning information is missing, typical convention is to have
a linker name (libbpf.so), soname (libbpf.so.0) and real name
(libbpf.so.0.0.2) for library management. This is based upon the
LIBBPF_VERSION as well.

The build will then produce the following bpf libraries:

  # ll libbpf*
  libbpf.a
  libbpf.so -> libbpf.so.0.0.2
  libbpf.so.0 -> libbpf.so.0.0.2
  libbpf.so.0.0.2

  # readelf -d libbpf.so.0.0.2 | grep SONAME
  0x000000000000000e (SONAME)             Library soname: [libbpf.so.0]

And install them accordingly:

  # rm -rf /tmp/bld; mkdir /tmp/bld; make -j$(nproc) O=/tmp/bld install

  Auto-detecting system features:
  ...                        libelf: [ on  ]
  ...                           bpf: [ on  ]

    CC       /tmp/bld/libbpf.o
    CC       /tmp/bld/bpf.o
    CC       /tmp/bld/nlattr.o
    CC       /tmp/bld/btf.o
    CC       /tmp/bld/libbpf_errno.o
    CC       /tmp/bld/str_error.o
    CC       /tmp/bld/netlink.o
    CC       /tmp/bld/bpf_prog_linfo.o
    CC       /tmp/bld/libbpf_probes.o
    CC       /tmp/bld/xsk.o
    LD       /tmp/bld/libbpf-in.o
    LINK     /tmp/bld/libbpf.a
    LINK     /tmp/bld/libbpf.so.0.0.2
    LINK     /tmp/bld/test_libbpf
    INSTALL  /tmp/bld/libbpf.a
    INSTALL  /tmp/bld/libbpf.so.0.0.2

  # ll /usr/local/lib64/libbpf.*
  /usr/local/lib64/libbpf.a
  /usr/local/lib64/libbpf.so -> libbpf.so.0.0.2
  /usr/local/lib64/libbpf.so.0 -> libbpf.so.0.0.2
  /usr/local/lib64/libbpf.so.0.0.2

Fixes: 1bf4b05810 ("tools: bpftool: add probes for eBPF program types")
Fixes: 1b76c13e4b ("bpf tools: Introduce 'bpf' library and add bpf feature check")
Reported-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2019-03-24 19:49:04 -07:00