Commit Graph

783583 Commits

Author SHA1 Message Date
Guenter Roeck
8894891446 of: unittest: Disable interrupt node tests for old world MAC systems
On systems with OF_IMAP_OLDWORLD_MAC set in of_irq_workarounds, the
devicetree interrupt parsing code is different, causing unit tests of
devicetree interrupt nodes to fail. Due to a bug in unittest code, which
tries to dereference an uninitialized pointer, this results in a crash.

OF: /testcase-data/phandle-tests/consumer-a: arguments longer than property
Unable to handle kernel paging request for data at address 0x00bc616e
Faulting instruction address: 0xc08e9468
Oops: Kernel access of bad area, sig: 11 [#1]
BE PREEMPT PowerMac
Modules linked in:
CPU: 0 PID: 1 Comm: swapper Not tainted 4.14.72-rc1-yocto-standard+ #1
task: cf8e0000 task.stack: cf8da000
NIP:  c08e9468 LR: c08ea5bc CTR: c08ea5ac
REGS: cf8dbb50 TRAP: 0300   Not tainted  (4.14.72-rc1-yocto-standard+)
MSR:  00001032 <ME,IR,DR,RI>  CR: 82004044  XER: 00000000
DAR: 00bc616e DSISR: 40000000
GPR00: c08ea5bc cf8dbc00 cf8e0000 c13ca517 c13ca517 c13ca8a0 00000066 00000002
GPR08: 00000063 00bc614e c0b05865 000affff 82004048 00000000 c00047f0 00000000
GPR16: c0a80000 c0a9cc34 c13ca517 c0ad1134 05ffffff 000affff c0b05860 c0abeef8
GPR24: cecec278 cecec278 c0a8c4d0 c0a885e0 c13ca8a0 05ffffff c13ca8a0 c13ca517

NIP [c08e9468] device_node_gen_full_name+0x30/0x15c
LR [c08ea5bc] device_node_string+0x190/0x3c8
Call Trace:
[cf8dbc00] [c007f670] trace_hardirqs_on_caller+0x118/0x1fc (unreliable)
[cf8dbc40] [c08ea5bc] device_node_string+0x190/0x3c8
[cf8dbcb0] [c08eb794] pointer+0x25c/0x4d0
[cf8dbd00] [c08ebcbc] vsnprintf+0x2b4/0x5ec
[cf8dbd60] [c08ec00c] vscnprintf+0x18/0x48
[cf8dbd70] [c008e268] vprintk_store+0x4c/0x22c
[cf8dbda0] [c008ecac] vprintk_emit+0x94/0x130
[cf8dbdd0] [c008ff54] printk+0x5c/0x6c
[cf8dbe10] [c0b8ddd4] of_unittest+0x2220/0x26f8
[cf8dbea0] [c0004434] do_one_initcall+0x4c/0x184
[cf8dbf00] [c0b4534c] kernel_init_freeable+0x13c/0x1d8
[cf8dbf30] [c0004814] kernel_init+0x24/0x118
[cf8dbf40] [c0013398] ret_from_kernel_thread+0x5c/0x64

The problem was observed when running a qemu test for the g3beige machine
with devicetree unittests enabled.

Disable interrupt node tests on affected systems to avoid both false
unittest failures and the crash.

With this patch in place, unittest on the affected system passes with
the following message.

	dt-test ### end of unittest - 144 passed, 0 failed

Fixes: 53a42093d9 ("of: Add device tree selftests")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2018-10-10 06:43:37 -05:00
Greg Kroah-Hartman
bb2d8f2f61 chrome-platform-fixes-for-v4.19-rc8
This contains a fix to 57e94c8b97, which caused
 cros_ec based chromebooks to truncate an entire column of their built-in
 keyboard.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE6gYDF28Li+nEiKLaHwn1ewov5lgFAlu9fNgACgkQHwn1ewov
 5lh8hQ//UTmPH+KU/Ex+PkUyoRAEyQycF78dMJGDk+JUBEGclrqUhHeIWoXvW1ov
 KMQr6mStcXBssZRUUhsyL8YmoC9dwGJzBU5oyZY8OjMaJMAiTq4RxxJLPrVVRp3F
 fq+d+STEPN7wQmAo+jzq1d/Kdq5Y0IZ5G/C4qmj85jbx9dERnRgR6KJQTXS82qcJ
 t6sI3CbKBfvC+DkVnDcZZTO934pwzaP4Fj+gLlBRGTEUFwbnrs3Yid9x9dMvctY4
 zagnHo0ZQqAWqY/vjlVvJ/C0SV8JDcq3gP8QUrFnDhwFqvUBpM/60HN+VyKv2YoA
 7DIV0Txdka1KvaBKW4gTsS7yP9AgprpfHDNirx1UTRWAZ8LMdFRVj7CEluMNuled
 WMMQXVaecL5EQJ6pFd7kDr7X8oIrNe2o6fD4QyaT/Llzlf3dVpQm13ZKmI3ws3zu
 422DSKcMMIjDJ7kdmT3fNHLhbRG7LdhK1fVRVAQT+OMYxhZ5/Pcvr3emq8F+WWhF
 +4nyAlwhemPf9m0tfC6yWtZ3Bbv3ycILeIJE3t6jom1MRR9WRVS85sIlxJm6M+MO
 cRjvIRNVgPaDKw1iawIV+hhleQvA0Q8ncEdxfD2thei9ilzeLVFsYpXW2HFN4rW0
 sMdtYB+Y6vjHCIXno0ET4qgG5uqMWkMKMErFaPArTUQD8pzRft4=
 =NoBP
 -----END PGP SIGNATURE-----

Merge tag 'tag-chrome-platform-fixes-for-v4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform

Benson writes:
  "chrome-platform fix for v4.19-rc8

   This contains a fix to 57e94c8b97 ("mfd: cros-ec: Increase maximum
   mkbp event size"), which caused cros_ec based chromebooks to truncate
   an entire column of their built-in keyboard."

* tag 'tag-chrome-platform-fixes-for-v4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform:
  mfd: cros-ec: copy the whole event in get_next_event_xfer
2018-10-10 08:48:39 +02:00
Greg Kroah-Hartman
c350a1d466 Merge branch 'for-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu
Dennis writes:
  "percpu fixes for-4.19-rc8

   The new percpu allocator introduced in 4.14 had a missing free for
   the percpu metadata. This caused a memory leak when percpu memory is
   being churned resulting in the allocation and deallocation of percpu
   memory chunks"

* 'for-4.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu:
  percpu: stop leaking bitmap metadata blocks
2018-10-10 08:47:32 +02:00
Greg Kroah-Hartman
3a0671e7ba gfs2 4.19 fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbvNixAAoJENW/n+sDE2U6/JUP/RzK7ICc71+ahFNMWVlp1wUK
 X7RIHfa6Ksbt23OwTmDuxueoszm9OcOg1QDjQ/p9quRjLuI/h3t8jPS4s4t5Pwgi
 qAmyJetdlJ6kHFYQB7QX1Fpu3/vysRLZ+xoD9RaXCNLHW6cUwkXedMpEQ0xb7xjA
 deGTwKx8jAteDZZRU1LYAj5pC4vWxV5OwpehRSHZvPu6S75xg+l1KIHt5iheFH5a
 fHDahEpsrUdTELYtET6VKWwRZdk5QMVsUxpAJjZT2afueEbGKg2kKaaFILoRfYrK
 Sbp5Fyj408BOzIRa75sqUEejb4fl2x051VaU94F0DpWsrgmCrn6HZTR8ttM/GTYf
 WijV4pqLzk2OHZKH5Lq5ZmzbCLq8MR7gJhGjXv6BzhCXGoRRO/mDL0V8XIj5PqUt
 F15saoRyDN58szfvVnu8injzlc//AFDBQi1HXSWRGKBLgQd0j1nbgZjPberB7Rkq
 kP05ZX7jaGm1/wtIDRYRQq30McWA4h8Gs3XGIst4MQlhZ/Z9jMeTqHlr9jFuI0Zh
 I8zs7zphD3vztsF7pavar0ooDl0zCyT1awhNYPMIlcD/NMad9+6pSfqBXuehRL4d
 e+9fYA/eBoSy1hxkrB/fmoh5w9DqNf+46U/nOprRL2AWKHNAiinVmsr7piVnRx1E
 9V0PxIwlnmt5buV1OXaR
 =xVBn
 -----END PGP SIGNATURE-----

Merge tag 'gfs2-4.19.fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2

Andreas writes:
  "gfs2 4.19 fix:

   This fixes a regression introduced in commit 64bc06bb32 "gfs2:
   iomap buffered write support""

* tag 'gfs2-4.19.fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
  gfs2: Fix iomap buffered write support for journaled files
2018-10-10 08:46:11 +02:00
Greg Kroah-Hartman
3d647e6268 s390 fixes for 4.19-rc8
Four more patches for 4.19
 
  - Fix resume after suspend-to-disk if resume-CPU != suspend-CPU
 
  - Fix vfio-ccw check for pinned pages
 
  - Two patches to avoid a usercopy-whitelist warning in vfio-ccw
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJbvEC8AAoJEDjwexyKj9rg9vEIANHnOfx9qzM6grkvc3hH4kTR
 VSZ2kZE+bQOqmxUF2XiOuBZkjX6EWZKmWwL8p+5uIydxkqmUvDtG2hYqo7GKkddP
 e3Qze+pSNz4uU+LT4t3wOUJfL1R1Pgrdea7rSr1DwbQQ8K4FiEImMr9pDfVPaHjq
 XDnkpIwavG1s4Lxlkc6IbGHX0tYt2wp2lXO/QEp8sLjqAdUBnOiZhA3Ssy8veS+M
 Q0u0Vgara5enhq9UDevr6e+jJ5w1qT4SZ0T38eif4FJSJMSZpWFe9qI92gKCIv9U
 3oBZM/Qof0He9ow/Yl57rgxLmt8VGXiO5rL+VfT7j0H6kGkmao79SCvgyon0R+M=
 =/FjH
 -----END PGP SIGNATURE-----

Merge tag 's390-4.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Martin writes:
  "s390 fixes for 4.19-rc8

   Four more patches for 4.19:
    - Fix resume after suspend-to-disk if resume-CPU != suspend-CPU
    - Fix vfio-ccw check for pinned pages
    - Two patches to avoid a usercopy-whitelist warning in vfio-ccw"

* tag 's390-4.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/cio: Fix how vfio-ccw checks pinned pages
  s390/cio: Refactor alloc of ccw_io_region
  s390/cio: Convert ccw_io_region to pointer
  s390/hibernate: fix error handling when suspend cpu != resume cpu
2018-10-10 08:44:35 +02:00
Greg Kroah-Hartman
701f2eb6f9 A few MIPS fixes for 4.19:
- Avoid suboptimal placement of our VDSO when using the legacy mmap
   layout, which can prevent statically linked programs that were able to
   allocate large amounts of memory using the brk syscall prior to the
   introduction of our VDSO from functioning correctly.
 
 - Fix up CONFIG_CMDLINE handling for platforms which ought to ignore DT
   arguments but have incorrectly used them & lost other arguments since
   v3.16.
 
 - Fix a path in MAINTAINERS to use valid wildcards.
 
 - Fixup a regression from v4.17 in memset() for systems using
   CPU_DADDI_WORKAROUNDS.
 -----BEGIN PGP SIGNATURE-----
 
 iIsEABYIADMWIQRgLjeFAZEXQzy86/s+p5+stXUA3QUCW7zsfxUccGF1bC5idXJ0
 b25AbWlwcy5jb20ACgkQPqefrLV1AN0CzAEAksqhQt+PJpWTQtdQs05nuRMec0ey
 2wOt2fjRTY9hd9UA/31ftnc520IJ9A5HXHlypPiA5SqtbaD6Z6YcIi0PcmUO
 =0/Ro
 -----END PGP SIGNATURE-----

Merge tag 'mips_fixes_4.19_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux

Paul writes:
  "A few MIPS fixes for 4.19:

   - Avoid suboptimal placement of our VDSO when using the legacy mmap
     layout, which can prevent statically linked programs that were able
     to allocate large amounts of memory using the brk syscall prior to
     the introduction of our VDSO from functioning correctly.

   - Fix up CONFIG_CMDLINE handling for platforms which ought to ignore
     DT arguments but have incorrectly used them & lost other arguments
     since v3.16.

   - Fix a path in MAINTAINERS to use valid wildcards.

   - Fixup a regression from v4.17 in memset() for systems using
     CPU_DADDI_WORKAROUNDS."

* tag 'mips_fixes_4.19_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
  MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression
  MAINTAINERS: MIPS/LOONGSON2 ARCHITECTURE - Use the normal wildcard style
  MIPS: Fix CONFIG_CMDLINE handling
  MIPS: VDSO: Always map near top of user memory
2018-10-10 08:43:15 +02:00
Emil Karlson
d4d2313a3c
mfd: cros-ec: copy the whole event in get_next_event_xfer
Commit 57e94c8b97 caused cros-ec keyboard events
be truncated on many chromebooks so that Left and Right keys on Column 12 were
always 0. Use ret as memcpy len to fix this.

The old code was using ec_dev->event_size, which is the event payload/data size
excluding event_type header, for the length of the memcpy operation. Use ret
as memcpy length to avoid the off by one and copy the whole msg->data.

Fixes: 57e94c8b97 ("mfd: cros-ec: Increase maximum mkbp event size")

Acked-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Tested-by: Emil Renner Berthing <kernel@esmil.dk>
Signed-off-by: Emil Karlson <jekarlson@gmail.com>
Signed-off-by: Benson Leung <bleung@chromium.org>
2018-10-09 20:57:30 -07:00
Damien Le Moal
9864cd5dc5 dm: fix report zone remapping to account for partition offset
If dm-linear or dm-flakey are layered on top of a partition of a zoned
block device, remapping of the start sector and write pointer position
of the zones reported by a report zones BIO must be modified to account
for the target table entry mapping (start offset within the device and
entry mapping with the dm device).  If the target's backing device is a
partition of a whole disk, the start sector on the physical device of
the partition must also be accounted for when modifying the zone
information.  However, dm_remap_zone_report() was not considering this
last case, resulting in incorrect zone information remapping with
targets using disk partitions.

Fix this by calculating the target backing device start sector using
the position of the completed report zones BIO and the unchanged
position and size of the original report zone BIO. With this value
calculated, the start sector and write pointer position of the target
zones can be correctly remapped.

Fixes: 10999307c1 ("dm: introduce dm_remap_zone_report()")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2018-10-09 14:20:13 -04:00
Shenghui Wang
c7cd55504a dm cache: destroy migration_cache if cache target registration failed
Commit 7e6358d244 ("dm: fix various targets to dm_register_target
after module __init resources created") inadvertently introduced this
bug when it moved dm_register_target() after the call to KMEM_CACHE().

Fixes: 7e6358d244 ("dm: fix various targets to dm_register_target after module __init resources created")
Cc: stable@vger.kernel.org
Signed-off-by: Shenghui Wang <shhuiw@foxmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2018-10-09 13:53:03 -04:00
David S. Miller
4cf34c0cf6 Merge branch 'ena-fixes'
Arthur Kiyanovski says:

====================
minor bug fixes for ENA Ethernet driver

Arthur Kiyanovski (4):
  net: ena: fix warning in rmmod caused by double iounmap
  net: ena: fix rare bug when failed restart/resume is followed by
    driver removal
  net: ena: fix NULL dereference due to untimely napi initialization
  net: ena: fix auto casting to boolean
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-09 10:49:50 -07:00
Arthur Kiyanovski
248ab77342 net: ena: fix auto casting to boolean
Eliminate potential auto casting compilation error.

Fixes: 1738cd3ed3 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-09 10:49:49 -07:00
Arthur Kiyanovski
78a55d05de net: ena: fix NULL dereference due to untimely napi initialization
napi poll functions should be initialized before running request_irq(),
to handle a rare condition where there is a pending interrupt, causing
the ISR to fire immediately while the poll function wasn't set yet,
causing a NULL dereference.

Fixes: 1738cd3ed3 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-09 10:49:49 -07:00
Arthur Kiyanovski
d7703ddbd7 net: ena: fix rare bug when failed restart/resume is followed by driver removal
In a rare scenario when ena_device_restore() fails, followed by device
remove, an FLR will not be issued. In this case, the device will keep
sending asynchronous AENQ keep-alive events, even after driver removal,
leading to memory corruption.

Fixes: 8c5c7abdeb ("net: ena: add power management ops to the ENA driver")
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-09 10:49:49 -07:00
Arthur Kiyanovski
d79c3888bd net: ena: fix warning in rmmod caused by double iounmap
Memory mapped with devm_ioremap is automatically freed when the driver
is disconnected from the device. Therefore there is no need to
explicitly call devm_iounmap.

Fixes: 0857d92f71 ("net: ena: add missing unmap bars on device removal")
Fixes: 411838e7b4 ("net: ena: fix rare kernel crash when bar memory remap fails")
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-09 10:49:49 -07:00
Andreas Gruenbacher
dc480feb45 gfs2: Fix iomap buffered write support for journaled files
Commit 64bc06bb32 broke buffered writes to journaled files (chattr
+j): we'll try to journal the buffer heads of the page being written to
in gfs2_iomap_journaled_page_done.  However, the iomap code no longer
creates buffer heads, so we'll BUG() in gfs2_page_add_databufs.  Fix
that by creating buffer heads ourself when needed.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
2018-10-09 18:20:13 +02:00
Chris Boot
41591b38f5 mmc: block: avoid multiblock reads for the last sector in SPI mode
On some SD cards over SPI, reading with the multiblock read command the last
sector will leave the card in a bad state.

Remove last sectors from the multiblock reading cmd.

Signed-off-by: Chris Boot <bootc@bootc.net>
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Cc: stable@vger.kernel.org # v4.10+
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
2018-10-09 09:23:00 +02:00
Greg Kroah-Hartman
64c5e530ac ARC updates for 4.19-rc8
- Fix clone syscall to update Thread pointer register
 
  - Make/build updates (needed for AGL/OE builds)   [Alexey]
 
  - Typo fix [Colin Ian King]
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJbu7S9AAoJEGnX8d3iisJedk4QAMM6mlNYRNsryVlDHPlIv90D
 yKSqdKBbcJPmrRlD7wEe5fy17CBg8lCuBKKf4kEkQ60f+TPJ5zYstrGzjiIC2TtR
 SPTDr4aQdmzyEZbxaFw63KUyDPKioIdUNVmzSC0R5QGnvbJj30+5cMnSWTJQamC8
 NAzYSOZCCi8VtXON77fwbnxXdN3/6y+sguYF33N0d3EuNJch+plOvYFQAZTYhB0i
 XT6ve8sa5YwVf2zmD5CtVQlihUP0iOPBkwIKMrBWtXzt/flrc90iFDOsd4uK7Kih
 WvtVlGfKkJuAhL/lMn3I5epV+zYpYR0YhwTXrCVHsNiRr4Qo7uuJx/uEId/Bk7oZ
 JJNcAZZ+d0eJ5iith9Kv4Oi+9VAo+MsaozvQOhUzAalJlA3J/kV2+40DRnjtj1HG
 LBYToKjGKlNAZ+y5o9ygTpOlluZCNsCExsjAp4T4kXNvm8hJs/P9xrjVd7APzRuz
 rMHJMJgQB8P2YaNvDm5O1ZBgD5ePKviKwuPmyuHF5LWvlh8RzEbKiGnT0diS8Ius
 /lAZJKH8EQVNrCNbp0A5EVOQ4sYxjeJnnwbMLNvOs0PYuUNunsP7fiIiwwUEPgxP
 ahqQgnRKtcxyHYI30lpzQGyLUTy45RjURNHlEhcffQhLJj5zhDmgA2e96RXBr5zH
 X3FBPTFjhzHjVABv/iZZ
 =MxJ3
 -----END PGP SIGNATURE-----

Merge tag 'arc-4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc

Vineet writes:
   "ARC updates for 4.19-rc8
    - Fix clone syscall to update Thread pointer register
    - Make/build updates (needed for AGL/OE builds)   [Alexey]
    - Typo fix [Colin Ian King]"

* tag 'arc-4.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  ARC: clone syscall to setp r25 as thread pointer
  ARC: build: Don't set CROSS_COMPILE in arch's Makefile
  ARC: fix spelling mistake "entires" -> "entries"
  ARC: build: Get rid of toolchain check
  ARCv2: build: use mcpu=hs38 iso generic mcpu=archs
2018-10-09 09:17:46 +02:00
Kees Cook
184d47f0fd x86/mm: Avoid VLA in pgd_alloc()
Arnd Bergmann reported that turning on -Wvla found a new (unintended) VLA usage:

  arch/x86/mm/pgtable.c: In function 'pgd_alloc':
  include/linux/build_bug.h:29:45: error: ISO C90 forbids variable length array 'u_pmds' [-Werror=vla]
  arch/x86/mm/pgtable.c:190:34: note: in expansion of macro 'static_cpu_has'
   #define PREALLOCATED_USER_PMDS  (static_cpu_has(X86_FEATURE_PTI) ? \
                                    ^~~~~~~~~~~~~~
  arch/x86/mm/pgtable.c:431:16: note: in expansion of macro 'PREALLOCATED_USER_PMDS'
    pmd_t *u_pmds[PREALLOCATED_USER_PMDS];
                ^~~~~~~~~~~~~~~~~~~~~~

Use the actual size of the array that is used for X86_FEATURE_PTI,
which is known at build time, instead of the variable size.

[ mingo: Squashed original fix with followup fix to avoid bisection breakage, wrote new changelog. ]

Reported-by: Arnd Bergmann <arnd@arndb.de>
Original-written-by: Arnd Bergmann <arnd@arndb.de>
Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hpe.com>
Fixes: 1be3f247c288 ("x86/mm: Avoid VLA in pgd_alloc()")
Link: http://lkml.kernel.org/r/20181008235434.GA35035@beast
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-10-09 08:55:07 +02:00
Srikar Dronamraju
e054637597 mm, sched/numa: Remove remaining traces of NUMA rate-limiting
Remove the leftover pglist_data::numabalancing_migrate_lock and its
initialization, we stopped using this lock with:

  efaffc5e40 ("mm, sched/numa: Remove rate-limiting of automatic NUMA balancing migration")

[ mingo: Rewrote the changelog. ]

Signed-off-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Linux-MM <linux-mm@kvack.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1538824999-31230-1-git-send-email-srikar@linux.vnet.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-10-09 08:30:51 +02:00
Reinette Chatre
49e00eee00 x86/intel_rdt: Fix out-of-bounds memory access in CBM tests
While the DOC at the beginning of lib/bitmap.c explicitly states that
"The number of valid bits in a given bitmap does _not_ need to be an
exact multiple of BITS_PER_LONG.", some of the bitmap operations do
indeed access BITS_PER_LONG portions of the provided bitmap no matter
the size of the provided bitmap. For example, if bitmap_intersects()
is provided with an 8 bit bitmap the operation will access
BITS_PER_LONG bits from the provided bitmap. While the operation
ensures that these extra bits do not affect the result, the memory
is still accessed.

The capacity bitmasks (CBMs) are typically stored in u32 since they
can never exceed 32 bits. A few instances exist where a bitmap_*
operation is performed on a CBM by simply pointing the bitmap operation
to the stored u32 value.

The consequence of this pattern is that some bitmap_* operations will
access out-of-bounds memory when interacting with the provided CBM. This
is confirmed with a KASAN test that reports:

 BUG: KASAN: stack-out-of-bounds in __bitmap_intersects+0xa2/0x100

and

 BUG: KASAN: stack-out-of-bounds in __bitmap_weight+0x58/0x90

Fix this by moving any CBM provided to a bitmap operation needing
BITS_PER_LONG to an 'unsigned long' variable.

[ tglx: Changed related function arguments to unsigned long and got rid
	of the _cbm extra step ]

Fixes: 72d5050566 ("x86/intel_rdt: Add utilities to test pseudo-locked region possibility")
Fixes: 49f7b4efa1 ("x86/intel_rdt: Enable setting of exclusive mode")
Fixes: d9b48c86eb ("x86/intel_rdt: Display resource groups' allocations' size in bytes")
Fixes: 95f0b77efa ("x86/intel_rdt: Initialize new resource group with sane defaults")
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: fenghua.yu@intel.com
Cc: tony.luck@intel.com
Cc: gavin.hindman@intel.com
Cc: jithu.joseph@intel.com
Cc: dave.hansen@intel.com
Cc: hpa@zytor.com
Link: https://lkml.kernel.org/r/69a428613a53f10e80594679ac726246020ff94f.1538686926.git.reinette.chatre@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-10-09 08:02:15 +02:00
David Howells
c1e15b4944 rxrpc: Fix the packet reception routine
The rxrpc_input_packet() function and its call tree was built around the
assumption that data_ready() handler called from UDP to inform a kernel
service that there is data to be had was non-reentrant.  This means that
certain locking could be dispensed with.

This, however, turns out not to be the case with a multi-queue network card
that can deliver packets to multiple cpus simultaneously.  Each of those
cpus can be in the rxrpc_input_packet() function at the same time.

Fix by adding or changing some structure members:

 (1) Add peer->rtt_input_lock to serialise access to the RTT buffer.

 (2) Make conn->service_id into a 32-bit variable so that it can be
     cmpxchg'd on all arches.

 (3) Add call->input_lock to serialise access to the Rx/Tx state.  Note
     that although the Rx and Tx states are (almost) entirely separate,
     there's no point completing the separation and having separate locks
     since it's a bi-phasal RPC protocol rather than a bi-direction
     streaming protocol.  Data transmission and data reception do not take
     place simultaneously on any particular call.

and making the following functional changes:

 (1) In rxrpc_input_data(), hold call->input_lock around the core to
     prevent simultaneous producing of packets into the Rx ring and
     updating of tracking state for a particular call.

 (2) In rxrpc_input_ping_response(), only read call->ping_serial once, and
     check it before checking RXRPC_CALL_PINGING as that's a cheaper test.
     The bit test and bit clear can then be combined.  No further locking
     is needed here.

 (3) In rxrpc_input_ack(), take call->input_lock after we've parsed much of
     the ACK packet.  The superseded ACK check is then done both before and
     after the lock is taken.

     The handing of ackinfo data is split, parsing before the lock is taken
     and processing with it held.  This is keyed on rxMTU being non-zero.

     Congestion management is also done within the locked section.

 (4) In rxrpc_input_ackall(), take call->input_lock around the Tx window
     rotation.  The ACKALL packet carries no information and is only really
     useful after all packets have been transmitted since it's imprecise.

 (5) In rxrpc_input_implicit_end_call(), we use rx->incoming_lock to
     prevent calls being simultaneously implicitly ended on two cpus and
     also to prevent any races with incoming call setup.

 (6) In rxrpc_input_packet(), use cmpxchg() to effect the service upgrade
     on a connection.  It is only permitted to happen once for a
     connection.

 (7) In rxrpc_new_incoming_call(), we have to recheck the routing inside
     rx->incoming_lock to see if someone else set up the call, connection
     or peer whilst we were getting there.  We can't trust the values from
     the earlier routing check unless we pin refs on them - which we want
     to avoid.

     Further, we need to allow for an incoming call to have its state
     changed on another CPU between us making it live and us adjusting it
     because the conn is now in the RXRPC_CONN_SERVICE state.

 (8) In rxrpc_peer_add_rtt(), take peer->rtt_input_lock around the access
     to the RTT buffer.  Don't need to lock around setting peer->rtt.

For reference, the inventory of state-accessing or state-altering functions
used by the packet input procedure is:

> rxrpc_input_packet()
  * PACKET CHECKING

  * ROUTING
    > rxrpc_post_packet_to_local()
    > rxrpc_find_connection_rcu() - uses RCU
      > rxrpc_lookup_peer_rcu() - uses RCU
      > rxrpc_find_service_conn_rcu() - uses RCU
      > idr_find() - uses RCU

  * CONNECTION-LEVEL PROCESSING
    - Service upgrade
      - Can only happen once per conn
      ! Changed to use cmpxchg
    > rxrpc_post_packet_to_conn()
    - Setting conn->hi_serial
      - Probably safe not using locks
      - Maybe use cmpxchg

  * CALL-LEVEL PROCESSING
    > Old-call checking
      > rxrpc_input_implicit_end_call()
        > rxrpc_call_completed()
	> rxrpc_queue_call()
	! Need to take rx->incoming_lock
	> __rxrpc_disconnect_call()
	> rxrpc_notify_socket()
    > rxrpc_new_incoming_call()
      - Uses rx->incoming_lock for the entire process
        - Might be able to drop this earlier in favour of the call lock
      > rxrpc_incoming_call()
      	! Conflicts with rxrpc_input_implicit_end_call()
    > rxrpc_send_ping()
      - Don't need locks to check rtt state
      > rxrpc_propose_ACK

  * PACKET DISTRIBUTION
    > rxrpc_input_call_packet()
      > rxrpc_input_data()
	* QUEUE DATA PACKET ON CALL
	> rxrpc_reduce_call_timer()
	  - Uses timer_reduce()
	! Needs call->input_lock()
	> rxrpc_receiving_reply()
	  ! Needs locking around ack state
	  > rxrpc_rotate_tx_window()
	  > rxrpc_end_tx_phase()
	> rxrpc_proto_abort()
	> rxrpc_input_dup_data()
	- Fills the Rx buffer
	- rxrpc_propose_ACK()
	- rxrpc_notify_socket()

      > rxrpc_input_ack()
	* APPLY ACK PACKET TO CALL AND DISCARD PACKET
	> rxrpc_input_ping_response()
	  - Probably doesn't need any extra locking
	  ! Need READ_ONCE() on call->ping_serial
	  > rxrpc_input_check_for_lost_ack()
	    - Takes call->lock to consult Tx buffer
	  > rxrpc_peer_add_rtt()
	    ! Needs to take a lock (peer->rtt_input_lock)
	    ! Could perhaps manage with cmpxchg() and xadd() instead
	> rxrpc_input_requested_ack
	  - Consults Tx buffer
	    ! Probably needs a lock
	  > rxrpc_peer_add_rtt()
	> rxrpc_propose_ack()
	> rxrpc_input_ackinfo()
	  - Changes call->tx_winsize
	    ! Use cmpxchg to handle change
	    ! Should perhaps track serial number
	  - Uses peer->lock to record MTU specification changes
	> rxrpc_proto_abort()
	! Need to take call->input_lock
	> rxrpc_rotate_tx_window()
	> rxrpc_end_tx_phase()
	> rxrpc_input_soft_acks()
	- Consults the Tx buffer
	> rxrpc_congestion_management()
	  - Modifies the Tx annotations
	  ! Needs call->input_lock()
	  > rxrpc_queue_call()

      > rxrpc_input_abort()
	* APPLY ABORT PACKET TO CALL AND DISCARD PACKET
	> rxrpc_set_call_completion()
	> rxrpc_notify_socket()

      > rxrpc_input_ackall()
	* APPLY ACKALL PACKET TO CALL AND DISCARD PACKET
	! Need to take call->input_lock
	> rxrpc_rotate_tx_window()
	> rxrpc_end_tx_phase()

    > rxrpc_reject_packet()

There are some functions used by the above that queue the packet, after
which the procedure is terminated:

 - rxrpc_post_packet_to_local()
   - local->event_queue is an sk_buff_head
   - local->processor is a work_struct
 - rxrpc_post_packet_to_conn()
   - conn->rx_queue is an sk_buff_head
   - conn->processor is a work_struct
 - rxrpc_reject_packet()
   - local->reject_queue is an sk_buff_head
   - local->processor is a work_struct

And some that offload processing to process context:

 - rxrpc_notify_socket()
   - Uses RCU lock
   - Uses call->notify_lock to call call->notify_rx
   - Uses call->recvmsg_lock to queue recvmsg side
 - rxrpc_queue_call()
   - call->processor is a work_struct
 - rxrpc_propose_ACK()
   - Uses call->lock to wrap __rxrpc_propose_ACK()

And a bunch that complete a call, all of which use call->state_lock to
protect the call state:

 - rxrpc_call_completed()
 - rxrpc_set_call_completion()
 - rxrpc_abort_call()
 - rxrpc_proto_abort()
   - Also uses rxrpc_queue_call()

Fixes: 17926a7932 ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
Signed-off-by: David Howells <dhowells@redhat.com>
2018-10-08 22:42:04 +01:00
David Howells
4e2abd3c05 rxrpc: Fix the rxrpc_tx_packet trace line
Fix the rxrpc_tx_packet trace line by storing the where parameter.

Fixes: 4764c0da69 ("rxrpc: Trace packet transmission")
Signed-off-by: David Howells <dhowells@redhat.com>
2018-10-08 22:42:04 +01:00
David Howells
647530924f rxrpc: Fix connection-level abort handling
Fix connection-level abort handling to cache the abort and error codes
properly so that a new incoming call can be properly aborted if it races
with the parent connection being aborted by another CPU.

The abort_code and error parameters can then be dropped from
rxrpc_abort_calls().

Fixes: f5c17aaeb2 ("rxrpc: Calls should only have one terminal state")
Signed-off-by: David Howells <dhowells@redhat.com>
2018-10-08 22:42:04 +01:00
David Howells
298bc15b20 rxrpc: Only take the rwind and mtu values from latest ACK
Move the out-of-order and duplicate ACK packet check to before the call to
rxrpc_input_ackinfo() so that the receive window size and MTU size are only
checked in the latest ACK packet and don't regress.

Fixes: 248f219cb8 ("rxrpc: Rewrite the data and ack handling code")
Signed-off-by: David Howells <dhowells@redhat.com>
2018-10-08 22:42:04 +01:00
David Howells
dfe9952246 rxrpc: Carry call state out of locked section in rxrpc_rotate_tx_window()
Carry the call state out of the locked section in rxrpc_rotate_tx_window()
rather than sampling it afterwards.  This is only used to select tracepoint
data, but could have changed by the time we do the tracepoint.

Signed-off-by: David Howells <dhowells@redhat.com>
2018-10-08 15:57:36 +01:00
David Howells
c479d5f2c2 rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window()
We should only call the function to end a call's Tx phase if we rotated the
marked-last packet out of the transmission buffer.

Make rxrpc_rotate_tx_window() return an indication of whether it just
rotated the packet marked as the last out of the transmit buffer, carrying
the information out of the locked section in that function.

We can then check the return value instead of examining RXRPC_CALL_TX_LAST.

Fixes: 70790dbe3f ("rxrpc: Pass the last Tx packet marker in the annotation buffer")
Signed-off-by: David Howells <dhowells@redhat.com>
2018-10-08 15:55:20 +01:00
David Howells
bfd2821117 rxrpc: Don't need to take the RCU read lock in the packet receiver
We don't need to take the RCU read lock in the rxrpc packet receive
function because it's held further up the stack in the IP input routine
around the UDP receive routines.

Fix this by dropping the RCU read lock calls from rxrpc_input_packet().
This simplifies the code.

Fixes: 70790dbe3f ("rxrpc: Pass the last Tx packet marker in the annotation buffer")
Signed-off-by: David Howells <dhowells@redhat.com>
2018-10-08 15:45:56 +01:00
David Howells
5271953cad rxrpc: Use the UDP encap_rcv hook
Use the UDP encap_rcv hook to cut the bit out of the rxrpc packet reception
in which a packet is placed onto the UDP receive queue and then immediately
removed again by rxrpc.  Going via the queue in this manner seems like it
should be unnecessary.

This does, however, require the invention of a value to place in encap_type
as that's one of the conditions to switch packets out to the encap_rcv
hook.  Possibly the value doesn't actually matter for anything other than
sockopts on the UDP socket, which aren't accessible outside of rxrpc
anyway.

This seems to cut a bit of time out of the time elapsed between each
sk_buff being timestamped and turning up in rxrpc (the final number in the
following trace excerpts).  I measured this by making the rxrpc_rx_packet
trace point print the time elapsed between the skb being timestamped and
the current time (in ns), e.g.:

	... 424.278721: rxrpc_rx_packet: ...  ACK 25026

So doing a 512MiB DIO read from my test server, with an unmodified kernel:

	N       min     max     sum		mean    stddev
	27605   2626    7581    7.83992e+07     2840.04 181.029

and with the patch applied:

	N       min     max     sum		mean    stddev
	27547   1895    12165   6.77461e+07     2459.29 255.02

Signed-off-by: David Howells <dhowells@redhat.com>
2018-10-08 15:45:18 +01:00
Greg Kroah-Hartman
0854ba5ff5 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
David writes:
  "Sparc fixes:

   1) Minor fallthru comment tweaks from Gustavo A. R. Silva.

   2) VLA removal from Kees Cook.

   3) Make sparc vdso Makefile match x86, from Masahiro Yamada.

   4) Fix clock divider programming in mach64 driver, from Mikulas
      Patocka."

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sparc64: fix fall-through annotation
  sparc32: fix fall-through annotation
  sparc: vdso: clean-up vdso Makefile
  oradax: remove redundant null check before kfree
  sparc64: viohs: Remove VLA usage
  sbus: Use of_get_child_by_name helper
  sparc: Convert to using %pOFn instead of device_node.name
  mach64: detect the dot clock divider correctly on sparc
2018-10-08 16:25:01 +02:00
Eric Dumazet
262f9d811c bpf: do not blindly change rlimit in reuseport net selftest
If the current process has unlimited RLIMIT_MEMLOCK,
we should should leave it as is.

Fixes: 941ff6f11c ("bpf: fix rlimit in reuseport net selftest")
Signed-off-by: John Sperbeck <jsperbeck@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2018-10-08 10:30:55 +02:00
Martin Schwidefsky
7c75544983 Another fix for vfio-ccw: make sure it accesses the correct entries
in the pfn_array_table arrays when checking pinned pages.
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAluzj1QSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+v7XUP+wb2d4ozavFlkykTR84vI9ysy94Evg4p
 N2yVGbMoVctFfktXLGnwkKmYG0k0Euaf7qVUt6djZ2vUUDiOo7PwEYUgKGpjVXx3
 QULXcDlogjMA61D9guBpIUD9EuzUxSqFjaBjb6uVf1DTxxyeiCb3t331zpJMBUtU
 YnO1MIp1ULMl0a9e97bxNcr0YixoHzaEhafHBN4N9E5X49SS1noNQPpFU3ftAjfL
 6TOKe8UhC/8u+qCPmmEvzjJgoQFF7ihjq4muPP7zkNa0aC/7iPcq6c6dhsdxnBcx
 K0hHgv37m2TT614iYj46Oiwi0q5KKpiBlWjrQMp2GCDRUskyIG8qtoly980M2CJP
 H3BL48ktugy0q7+ev8BVkYdTsJOqcuu5ouuIjg7jHQF+iet1R9OgqofEjik/WgcK
 gZwDEXi03ERUmKhhbrqu73OP1PB6TJzfy4KQxL1ue2WT6NksbTP2R5wNEjCwLF6B
 pVtV77LN+wMNdJPCcMBOSA3cj2zdeMVNd7dUnIkrWiA+60JDDFOfcL149mXClNwA
 PZcZNlAB8fnV3k9G82kjia7ELVShbMTCY4SCKEu3azXPeHO4Czmm/XJfAtUS43K4
 DZO4FEHqeahfL7UB7xPUL1f5VJ7HdVLDtbjA75vr2T0u1/cSZ1nfZos3ps5Evbvu
 /mZib2ePerNe
 =shZx
 -----END PGP SIGNATURE-----

Merge tag 'vfio-ccw-20181002' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw into fixes

Pull vfio-ccw from Cornelia Huck with the following changes:

 - Another fix for vfio-ccw: make sure it accesses the correct entries
   in the pfn_array_table arrays when checking pinned pages.
2018-10-08 09:08:21 +02:00
Dave Airlie
5ba15878f2 Merge branch 'linux-4.19' of git://github.com/skeggsb/linux into drm-fixes
runtime refcount fix for mst connectors.

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Ben Skeggs <bskeggs@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/CABDvA=nydWjs26=TZHqistLXjCwm-vHmrisbP6K=FMZ5gW1wnQ@mail.gmail.com
2018-10-08 16:37:59 +10:00
Gustavo A. R. Silva
b7dc10b64f sparc64: fix fall-through annotation
Replace "fallthru" with a proper "fall through" annotation.

This fix is part of the ongoing efforts to enabling
-Wimplicit-fallthrough

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 22:42:02 -07:00
Gustavo A. R. Silva
c4beb225f9 sparc32: fix fall-through annotation
Replace "fallthru" with a proper "fall through" annotation.

This fix is part of the ongoing efforts to enabling
-Wimplicit-fallthrough

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 22:42:02 -07:00
Masahiro Yamada
8cf7765d33 sparc: vdso: clean-up vdso Makefile
arch/sparc/vdso/Makefile is a replica of arch/x86/entry/vdso/Makefile.

Clean-up the Makefile in the same way as I did for x86:

 - Remove unnecessary export
 - Put the generated linker script to $(obj)/ instead of $(src)/
 - Simplify cmd_vdso2c

The corresponding x86 commits are:

 - 61615faf0a ("x86/build/vdso: Remove unnecessary export in Makefile")
 - 1742ed2088 ("x86/build/vdso: Put generated linker scripts to $(obj)/")
 - c5fcdbf155 ("x86/build/vdso: Simplify 'cmd_vdso2c'")

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 22:42:01 -07:00
Colin Ian King
16e2a9d396 oradax: remove redundant null check before kfree
A null check before a kfree is redundant, so remove it.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 22:42:00 -07:00
Kees Cook
31a43fa794 sparc64: viohs: Remove VLA usage
In the quest to remove all stack VLA usage from the kernel[1], this
allocates a fixed size array for the maximum number of cookies and
adds a runtime sanity check.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1
RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 22:42:00 -07:00
Rob Herring
df58f37b5d sbus: Use of_get_child_by_name helper
Use the of_get_child_by_name() helper instead of open coding searching
for the '/options' node. This removes directly accessing the name
pointer as well.

Cc: "David S. Miller" <davem@davemloft.net>
Cc: sparclinux@vger.kernel.org
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 22:41:08 -07:00
Rob Herring
0b9871a3a8 sparc: Convert to using %pOFn instead of device_node.name
In preparation to remove the node name pointer from struct device_node,
convert printf users to use the %pOFn format specifier.

Cc: "David S. Miller" <davem@davemloft.net>
Cc: sparclinux@vger.kernel.org
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 22:41:07 -07:00
Mikulas Patocka
76ebebd246 mach64: detect the dot clock divider correctly on sparc
On Sun Ultra 5, it happens that the dot clock is not set up properly for
some videomodes. For example, if we set the videomode "r1024x768x60" in
the firmware, Linux would incorrectly set a videomode with refresh rate
180Hz when booting (suprisingly, my LCD monitor can display it, although
display quality is very low).

The reason is this: Older mach64 cards set the divider in the register
VCLK_POST_DIV. The register has four 2-bit fields (the field that is
actually used is specified in the lowest two bits of the register
CLOCK_CNTL). The 2 bits select divider "1, 2, 4, 8". On newer mach64 cards,
there's another bit added - the top four bits of PLL_EXT_CNTL extend the
divider selection, so we have possible dividers "1, 2, 4, 8, 3, 5, 6, 12".
The Linux driver clears the top four bits of PLL_EXT_CNTL and never sets
them, so it can work regardless if the card supports them. However, the
sparc64 firmware may set these extended dividers during boot - and the
mach64 driver detects incorrect dot clock in this case.

This patch makes the driver read the additional divider bit from
PLL_EXT_CNTL and calculate the initial refresh rate properly.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Acked-by: David S. Miller <davem@davemloft.net>
Reviewed-by: Ville Syrjälä <syrjala@sci.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 22:41:05 -07:00
David S. Miller
e2a322a0c8 Merge branch 'net-smc-userspace-breakage-fixes'
Eugene Syromiatnikov says:

====================
net/smc: userspace breakage fixes

These two patches correct some userspace-affecting issues introduced
during 4.19 development cycle, specifically:
 * New structure "struct smcd_diag_dmbinfo" has been defined in a way
   that would lead to different layout of the structure on most 32-bit
   ABIs in comparison with layout on 64-bit ABIs;
 * One of the commits renamed an UAPI-exposed field name.

Changes since v1:
 * Managed not to forget to add --cover-letter.
 * Commit ID format in commit message has been changed in accordance
   with Sergei Shtylyov's recommendations.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 21:06:28 -07:00
Eugene Syromiatnikov
d4f0006a08 net/smc: retain old name for diag_mode field
Commit c601171d7a ("net/smc: provide smc mode in smc_diag.c") changed
the name of diag_fallback field of struct smc_diag_msg structure
to diag_mode.  However, this structure is a part of UAPI, and this change
breaks user space applications that use it ([1], for example).  Since
the new name is more suitable, convert the field to a union that provides
access to the data via both the new and the old name.

[1] https://gitlab.com/strace/strace/blob/v4.24/netlink_smc_diag.c#L165

Fixes: c601171d7a ("net/smc: provide smc mode in smc_diag.c")
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 21:06:28 -07:00
Eugene Syromiatnikov
a21048c8ec net/smc: use __aligned_u64 for 64-bit smc_diag fields
Commit 4b1b7d3b30 ("net/smc: add SMC-D diag support") introduced
new UAPI-exposed structure, struct smcd_diag_dmbinfo.  However,
it's not usable by compat binaries, as it has different layout there.
Probably, the most straightforward fix that will avoid similar issues
in the future is to use __aligned_u64 for 64-bit fields.

Fixes: 4b1b7d3b30 ("net/smc: add SMC-D diag support")
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 21:06:28 -07:00
Al Viro
6d4c407744 net: sched: cls_u32: fix hnode refcounting
cls_u32.c misuses refcounts for struct tc_u_hnode - it counts references
via ->hlist and via ->tp_root together.  u32_destroy() drops the former
and, in case when there had been links, leaves the sucker on the list.
As the result, there's nothing to protect it from getting freed once links
are dropped.
That also makes the "is it busy" check incapable of catching the root
hnode - it *is* busy (there's a reference from tp), but we don't see it as
something separate.  "Is it our root?" check partially covers that, but
the problem exists for others' roots as well.

AFAICS, the minimal fix preserving the existing behaviour (where it doesn't
include oopsen, that is) would be this:
        * count tp->root and tp_c->hlist as separate references.  I.e.
have u32_init() set refcount to 2, not 1.
	* in u32_destroy() we always drop the former;
in u32_destroy_hnode() - the latter.

	That way we have *all* references contributing to refcount.  List
removal happens in u32_destroy_hnode() (called only when ->refcnt is 1)
an in u32_destroy() in case of tc_u_common going away, along with
everything reachable from it.  IOW, that way we know that
u32_destroy_key() won't free something still on the list (or pointed to by
someone's ->root).

Reproducer:

tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol ip prio 100 handle 1: \
u32 divisor 1
tc filter add dev eth0 parent ffff: protocol ip prio 200 handle 2: \
u32 divisor 1
tc filter add dev eth0 parent ffff: protocol ip prio 100 \
handle 1:0:11 u32 ht 1: link 801: offset at 0 mask 0f00 shift 6 \
plus 0 eat match ip protocol 6 ff
tc filter delete dev eth0 parent ffff: protocol ip prio 200
tc filter change dev eth0 parent ffff: protocol ip prio 100 \
handle 1:0:11 u32 ht 1: link 0: offset at 0 mask 0f00 shift 6 plus 0 \
eat match ip protocol 6 ff
tc filter delete dev eth0 parent ffff: protocol ip prio 100

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 21:02:37 -07:00
Jiri Kosina
7e823644b6 udp: Unbreak modules that rely on external __skb_recv_udp() availability
Commit 2276f58ac5 ("udp: use a separate rx queue for packet reception")
turned static inline __skb_recv_udp() from being a trivial helper around
__skb_recv_datagram() into a UDP specific implementaion, making it
EXPORT_SYMBOL_GPL() at the same time.

There are external modules that got broken by __skb_recv_udp() not being
visible to them. Let's unbreak them by making __skb_recv_udp EXPORT_SYMBOL().

Rationale (one of those) why this is actually "technically correct" thing
to do: __skb_recv_udp() used to be an inline wrapper around
__skb_recv_datagram(), which itself (still, and correctly so, I believe)
is EXPORT_SYMBOL().

Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Eric Dumazet <edumazet@google.com>
Fixes: 2276f58ac5 ("udp: use a separate rx queue for packet reception")
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-07 20:33:10 -07:00
Mike Rapoport
6685b35736 percpu: stop leaking bitmap metadata blocks
The commit ca460b3c96 ("percpu: introduce bitmap metadata blocks")
introduced bitmap metadata blocks. These metadata blocks are allocated
whenever a new chunk is created, but they are never freed. Fix it.

Fixes: ca460b3c96 ("percpu: introduce bitmap metadata blocks")
Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dennis Zhou <dennis@kernel.org>
2018-10-07 14:50:12 -07:00
Greg Kroah-Hartman
0238df646e Linux 4.19-rc7 2018-10-07 17:26:02 +02:00
Greg Kroah-Hartman
fb1c592cf4 Char/Misc fixes for 4.19-rc7
Here are 8 small fixes for some char/misc driver issues
 
 Included here are:
 	- fpga driver fixes
 	- thunderbolt bugfixes
 	- firmware core revert/fix
 	- hv core fix
 	- hv tool fix
 
 All of these have been in linux-next with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW7mgvw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+yltNwCgp0XpcCTEoBCiBInhPHYpR4xnclYAoId6nfC5
 89LJS04eEQzbiQJpigLt
 =U6rt
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

I wrote:
  "Char/Misc fixes for 4.19-rc7

   Here are 8 small fixes for some char/misc driver issues

   Included here are:
	- fpga driver fixes
	- thunderbolt bugfixes
	- firmware core revert/fix
	- hv core fix
	- hv tool fix

   All of these have been in linux-next with no reported issues."

* tag 'char-misc-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  thunderbolt: Initialize after IOMMUs
  thunderbolt: Do not handle ICM events after domain is stopped
  firmware: Always initialize the fw_priv list object
  docs: fpga: document fpga manager flags
  fpga: bridge: fix obvious function documentation error
  tools: hv: fcopy: set 'error' in case an unknown operation was requested
  fpga: do not access region struct after fpga_region_unregister
  Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect()
2018-10-07 08:15:57 +02:00
Greg Kroah-Hartman
4ebaf0754c Serial driver fixes for 4.19-rc7
Here are 3 small serial driver fixes for 4.19-rc7
   - 2 sh-sci bugfixes for reported issues
   - a revert of the PM handling for the 8250_dw code
 
 All of these have been in linux-next with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW7mhRw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ykYngCghu5cEWdhIHHZh9PsRh4PBcE1LgUAoLhsnAw/
 f3yufssSk5Wx8+OZmTK/
 =xIYc
 -----END PGP SIGNATURE-----

Merge tag 'tty-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

I wrote:
  "Serial driver fixes for 4.19-rc7

   Here are 3 small serial driver fixes for 4.19-rc7
    - 2 sh-sci bugfixes for reported issues
    - a revert of the PM handling for the 8250_dw code

   All of these have been in linux-next with no reported issues."

* tag 'tty-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  Revert "serial: sh-sci: Allow for compressed SCIF address"
  Revert "serial: sh-sci: Remove SCIx_RZ_SCIFA_REGTYPE"
  Revert "serial: 8250_dw: Fix runtime PM handling"
2018-10-07 08:14:59 +02:00
Greg Kroah-Hartman
cc02f85287 USB fixes for 4.19-rc7
Here are some small USB fixes for 4.19-rc7
 
 These include:
    - the usual xhci bugfixes for reported issues
    - some new serial driver device ids
    - bugfix for the option serial driver for some devices
    - bugfix for the cdc_acm driver that has been there for a long time.
 
 All of these have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW7mhwQ8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ykuxwCguad2aZql74xxtxDqrHG/9exX/YUAn1UhGfdR
 nCfSTmSLt1WZXg3X+fUH
 =Vm1C
 -----END PGP SIGNATURE-----

Merge tag 'usb-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

I wrote:
  "USB fixes for 4.19-rc7

   Here are some small USB fixes for 4.19-rc7

   These include:
     - the usual xhci bugfixes for reported issues
     - some new serial driver device ids
     - bugfix for the option serial driver for some devices
     - bugfix for the cdc_acm driver that has been there for a long time.

   All of these have been in linux-next for a while with no reported
   issues."

* tag 'usb-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: xhci-mtk: resume USB3 roothub first
  xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
  usb: cdc_acm: Do not leak URB buffers
  USB: serial: simple: add Motorola Tetra MTP6550 id
  USB: serial: option: add two-endpoints device-id flag
  USB: serial: option: improve Quectel EP06 detection
2018-10-07 08:14:06 +02:00