Commit Graph

857637 Commits

Author SHA1 Message Date
YueHaibing
99fccf33c2 btrfs: remove set but not used variable 'offset'
Fixes gcc '-Wunused-but-set-variable' warning:

fs/btrfs/volumes.c: In function __btrfs_map_block:
fs/btrfs/volumes.c:6023:6: warning:
 variable offset set but not used [-Wunused-but-set-variable]

It is not used any more since commit 343abd1c0ca9 ("btrfs: Use
btrfs_get_io_geometry appropriately")

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2019-09-09 14:58:58 +02:00
Filipe Manana
690a5dbfc5 Btrfs: fix ENOSPC errors, leading to transaction aborts, when cloning extents
When cloning extents (or deduplicating) we create a transaction with a
space reservation that considers we will drop or update a single file
extent item of the destination inode (that we modify a single leaf). That
is fine for the vast majority of scenarios, however it might happen that
we need to drop many file extent items, and adjust at most two file extent
items, in the destination root, which can span multiple leafs. This will
lead to either the call to btrfs_drop_extents() to fail with ENOSPC or
the subsequent calls to btrfs_insert_empty_item() or btrfs_update_inode()
(called through clone_finish_inode_update()) to fail with ENOSPC. Such
failure results in a transaction abort, leaving the filesystem in a
read-only mode.

In order to fix this we need to follow the same approach as the hole
punching code, where we create a local reservation with 1 unit and keep
ending and starting transactions, after balancing the btree inode,
when __btrfs_drop_extents() returns ENOSPC. So fix this by making the
extent cloning call calls the recently added btrfs_punch_hole_range()
helper, which is what does the mentioned work for hole punching, and
make sure whenever we drop extent items in a transaction, we also add a
replacing file extent item, to avoid corruption (a hole) if after ending
a transaction and before starting a new one, the old transaction gets
committed and a power failure happens before we finish cloning.

A test case for fstests follows soon.

Reported-by: David Goodwin <david@codepoets.co.uk>
Link: https://lore.kernel.org/linux-btrfs/a4a4cf31-9cf4-e52c-1f86-c62d336c9cd1@codepoets.co.uk/
Reported-by: Sam Tygier <sam@tygier.co.uk>
Link: https://lore.kernel.org/linux-btrfs/82aace9f-a1e3-1f0b-055f-3ea75f7a41a0@tygier.co.uk/
Fixes: b6f3409b21 ("Btrfs: reserve sufficient space for ioctl clone")
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2019-09-09 14:58:58 +02:00
Filipe Manana
9cba40a693 Btrfs: factor out extent dropping code from hole punch handler
Move the code that is responsible for dropping extents in a range out of
btrfs_punch_hole() into a new helper function, btrfs_punch_hole_range(),
so that later it can be used by the reflinking (extent cloning and dedup)
code to fix a ENOSPC bug.

Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2019-09-09 14:58:58 +02:00
Linus Torvalds
f74c2bb987 Linux 5.3-rc8 2019-09-08 13:33:15 -07:00
Linus Torvalds
983f700eab Fix Oops in Clang-compiled kernels (Nick Desaulniers)
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEPjU5OPd5QIZ9jqqOGXyLc2htIW0FAl11AIYACgkQGXyLc2ht
 IW1uAQ/+LkwyLy5NfQG0FuWJBsciE8a4dNpN51d8l4EnCsYZVyJXvzleQ0fYGYW3
 xfecrc6bArjN1yZzYhQLJyxZbCFfSRVCu+fCx03uRR2kKXmMPNasjMf/tEm3RgGd
 YOeWpE1cQEJ5t7RuR+HJJoS7oEvUWLOb/rKGV2K6hvQZyv4kYW4uJStUKjUHcDwx
 uIISv7FOOoEY1ZPwtTjbhSRULyBZddDPusWV455j5sAiJD6L15kg6t9/FLaKD+hu
 yA1Z9dv53XFEb5n3s2A9IujpD46N4BykXBB82+GAFYbei+6Ca6mpJp0DaYY2gwqP
 K4XmL+YPwIW0xN7Nv/otM6sehHf40UepWaPhvNKlaicQGAbwTpYEwFp7bViaZ2Sv
 Tj0tDAjkuhAGvdtLc367zyCIEP3XHwyfv8SnoNYiNtb7fcv9hhUsxLOFkr+XKt5S
 jdO0xZH0hGF42yr+MsjIdRXoAfZEHFqETy8paorgxqU02NScpmi/+r8pcTo8pqV3
 w7ziJTB6hoWPw2RNA/VphxucwnbCnZD79P35sE8nhBS94OSi4o27wBZ+B1hCg08Z
 /6ZCT2VlDfgIszH+ueQLa4b53lzTI6EDYyMomLJEvM1jLkSmojzTIzWgMfiN3E4T
 gIu/8ogDHCmDM+nT94/7YYhWcEefuzzO1YYilKCZ4IZxU5DyrlQ=
 =+sX1
 -----END PGP SIGNATURE-----

Merge tag 'compiler-attributes-for-linus-v5.3-rc8' of git://github.com/ojeda/linux

Pull section attribute fix from Miguel Ojeda:
 "Fix Oops in Clang-compiled kernels (Nick Desaulniers)"

* tag 'compiler-attributes-for-linus-v5.3-rc8' of git://github.com/ojeda/linux:
  include/linux/compiler.h: fix Oops for Clang-compiled kernels
2019-09-08 09:34:55 -07:00
Linus Torvalds
def8b72f0e GPIO fixes for the v5.3 series:
all related to the PCA953x driver when handling chips with
 more than 8 ports, now that works again.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAl10s9IACgkQQRCzN7AZ
 XXOy4w/8C9HdOgg4CPCJM8YmBZUiTxbLBjAxyIQ0bkdFB65GcGXwWurhFwguXg1G
 kS9pGDeibW/2pEgF6skONwLIBELXlLaJiuT2y/Vzyoi1oV4URimUDNVlkbwXikUp
 6HVzAO6Xo7rCXy4mfQ92rNeVFe2YWBowUgPpfKjTA6Dz+953eDaLg53LRNhdwBW1
 RVda9Mufr3cUqH4mTC/pH3xnZAJNUxwq7JJ+bX+jYWgNb+LGgIoXCKLRkU1F4TeF
 qwKGFrg590/QCg2qgqoZmUS5B7NuQoe1N9AuPS6UIURlpzz7bOhg3Z9K3db07bdB
 D2yzZhfY3wi4oefe9MpUzgqhVfrRS4F+OBhSLsCCDkRxE4P8+ybrIGQh0sfwy34i
 4NwZdtZLWi8MPeXhRoZGUdP4j/63FqCEwFJcWWN4YVRpLBKN5IVC0R663tC24YTD
 SReSZrvzd/a5URCKDhTm3DJf6JbiaOmNE7LzdZK1qcgVd9E/vKDlrdZNSLxi6G0p
 nCvlQ4QhxCswvRnNafIuFn2HWmcAYj4VinrprtQnlIYFjXvx1uEaSi12Qv2sZOKv
 CTSYFL7+T4xegXVR+5M9VhCSj6fbGJiUZShQ4wXctOdIkHfIyJm+pRVLLaZVHwBm
 YslXu3mmjFiuYfxgP5c9KNki5gH1sU/caqbwtbMwgQBO4sjC6fg=
 =MYtE
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v5.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO fixes from Linus Walleij:
 "All related to the PCA953x driver when handling chips with more than 8
  ports, now that works again"

* tag 'gpio-v5.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: pca953x: use pca953x_read_regs instead of regmap_bulk_read
  gpio: pca953x: correct type of reg_direction
2019-09-08 09:30:31 -07:00
Nick Desaulniers
bfafddd8de include/linux/compiler.h: fix Oops for Clang-compiled kernels
GCC unescapes escaped string section names while Clang does not. Because
__section uses the `#` stringification operator for the section name, it
doesn't need to be escaped.

This fixes an Oops observed in distro's that use systemd and not
net.core.bpf_jit_enable=1, when their kernels are compiled with Clang.

Link: https://github.com/ClangBuiltLinux/linux/issues/619
Link: https://bugs.llvm.org/show_bug.cgi?id=42950
Link: https://marc.info/?l=linux-netdev&m=156412960619946&w=2
Link: https://lore.kernel.org/lkml/20190904181740.GA19688@gmail.com/
Acked-by: Will Deacon <will@kernel.org>
Reported-by: Sedat Dilek <sedat.dilek@gmail.com>
Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
[Cherry-picked from the __section cleanup series for 5.3]
[Adjusted commit message]
Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
2019-09-08 14:53:58 +02:00
Linus Torvalds
950b07c14e Revert "x86/apic: Include the LDR when clearing out APIC registers"
This reverts commit 558682b529.

Chris Wilson reports that it breaks his CPU hotplug test scripts.  In
particular, it breaks offlining and then re-onlining the boot CPU, which
we treat specially (and the BIOS does too).

The symptoms are that we can offline the CPU, but it then does not come
back online again:

    smpboot: CPU 0 is now offline
    smpboot: Booting Node 0 Processor 0 APIC 0x0
    smpboot: do_boot_cpu failed(-1) to wakeup CPU#0

Thomas says he knows why it's broken (my personal suspicion: our magic
handling of the "cpu0_logical_apicid" thing), but for 5.3 the right fix
is to just revert it, since we've never touched the LDR bits before, and
it's not worth the risk to do anything else at this stage.

[ Hotpluging of the boot CPU is special anyway, and should be off by
  default. See the "BOOTPARAM_HOTPLUG_CPU0" config option and the
  cpu0_hotplug kernel parameter.

  In general you should not do it, and it has various known limitations
  (hibernate and suspend require the boot CPU, for example).

  But it should work, even if the boot CPU is special and needs careful
  treatment       - Linus ]

Link: https://lore.kernel.org/lkml/156785100521.13300.14461504732265570003@skylake-alporthouse-com/
Reported-by: Chris Wilson <chris@chris-wilson.co.uk>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Bandan Das <bsd@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-09-07 14:25:54 -07:00
Linus Torvalds
b3a9964cfa Documentation update for 5.3-rc8
Here is a few small patches for the documenation file that came in
 through the char-misc tree in -rc7 for your tree.  They fix the mistake
 in the .rst format that kept the table of companies from showing up in
 the html output, and most importantly, add people's names to the list
 showing support for our process.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXXPyjA8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ylx1ACfTV2bj5y47d2JOL4K9fG5MOwQ4NUAoIDpi/eS
 q+Ere5H4JyL+cPi8mELt
 =FvIF
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull Documentation updates from Greg KH:
 "A few small patches for the documenation file that came in through the
  char-misc tree in -rc7 for your tree.

  They fix the mistake in the .rst format that kept the table of
  companies from showing up in the html output, and most importantly,
  add people's names to the list showing support for our process"

* tag 'char-misc-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  Documentation/process: Add Qualcomm process ambassador for hardware security issues
  Documentation/process/embargoed-hardware-issues: Microsoft ambassador
  Documentation/process: Add Google contact for embargoed hardware issues
  Documentation/process: Volunteer as the ambassador for Xen
2019-09-07 11:48:28 -07:00
Trilok Soni
a8e0abae2f Documentation/process: Add Qualcomm process ambassador for hardware security issues
Add Trilok Soni as process ambassador for hardware security issues
from Qualcomm.

Signed-off-by: Trilok Soni <tsoni@codeaurora.org>
Link: https://lore.kernel.org/r/1567796517-8964-1-git-send-email-tsoni@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-09-07 18:30:54 +01:00
Linus Torvalds
d3464ccd10 dmaengine late fixes for 5.3
Some late fixes for drivers:
  - memory leak in ti crossbar dma driver
  - cleanup of omap dma probe
  - Fix for link list configuration in sprd dma driver
  - Handling fixed for DMACHCLR if iommu is mapped in rcar dma
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdc2UTAAoJEHwUBw8lI4NHOyMP/R/rB6DdQ1TLbe+NciH/0WZT
 OL0oTSQ3K3pCiA9XqPa1VXaOwPo0w3151Fzd44pfhoQkKGXUpBNHDRSfsV4kvajA
 E9weDEfvatrsh9N5R7ml+sWpsu+dd28NyCIOydDVOx+QjS4f9qZyNcUsnKNKlEij
 N2ZCQpBozQa8kXhDymI5V1ldJSA8OzOqTgdRGKJFwg69hzpUSrkfSbjjhCubA943
 LFLrQ1yp2lRwvd1HAKQutWGzzbXV9PiFCYWTcxHClaYjjhqNY/HBRppAw/Nfi4Qt
 C4JV2fi7IXTqNU5VJD6bfDtL4K2+oA0xkhuqdolrWFu0n1KBDDzC99zPEcjysQrK
 TWaGSNzR0oH9Xgk2IM75Srjorn3ErU5VSW0M8TSVBCoEj8Jt/R2GVFOrtCNMF8KN
 7Lv48FZQsv8SoMeEgH6Kq4GuqRtFbqVzJdkeHpjfNe0hih5PNNW1+VM2RTkoJkPd
 qG7YavUqKbOTbR+QXVY9TLyV14/fp5OnDhrBWZ4vJxU0waHkxNbNLIlEChs8Pa9O
 6UVnpl3bnKzDdFUEf6am5kjOEzTfxlbWcm5AA8rNyGHStDucgq/3c/FLZCuEPLtf
 VPrbR8oMe9iHZjRLwjSgVc1EjfWhmYeAOEBnAhi4duhgq+sXBfomrp8Y1B4voCkA
 m1UxFdLiAl+n1p4MQ9vA
 =rSgu
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-fix-5.3' of git://git.infradead.org/users/vkoul/slave-dma

Pull dmaengine fixes from Vinod Koul:
 "Some late fixes for drivers:

   - memory leak in ti crossbar dma driver

   - cleanup of omap dma probe

   - Fix for link list configuration in sprd dma driver

   - Handling fixed for DMACHCLR if iommu is mapped in rcar dma"

* tag 'dmaengine-fix-5.3' of git://git.infradead.org/users/vkoul/slave-dma:
  dmaengine: rcar-dmac: Fix DMACHCLR handling if iommu is mapped
  dmaengine: sprd: Fix the DMA link-list configuration
  dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
  dmaengine: ti: dma-crossbar: Fix a memory leak bug
2019-09-07 10:00:34 -07:00
Linus Torvalds
1e3778cb22 SCSI fixes on 20190906
Just a single lpfc fix adjusting the number of available queues for
 high CPU count systems.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXXK/9iYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishUTCAP9C9a9W
 sUBdDpe1bedPFJBBqT3540rucXGlSINXpm20RAEA7C9BkrHk7wFpCmieZscdDG2v
 T5o0P6RYDEShcm91HLk=
 =lrs3
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fix from James Bottomley:
 "Just a single lpfc fix adjusting the number of available queues for
  high CPU count systems"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: lpfc: Raise config max for lpfc_fcp_mq_threshold variable
2019-09-06 16:18:43 -07:00
Linus Torvalds
7641033e17 libnvdimm fix v5.3-rc8
- Restore support for 1GB alignment namespaces, truncate the end of
   misaligned namespaces.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdcrYBAAoJEB7SkWpmfYgCIdoQAISVni+8vLZBWe9em1oCeFRP
 xcb/2uyI3r0Ctmc8MrUKP58z1LBexhxomdAPK2gtnKkQ7zP8W/M2cFhpoA9bdp5A
 +yAlCg1N+WjjJ19AEaxicDhtuOzDnPUVJu4AHmGfhTYyunz/+lcMeyBKrpIXrou4
 NxU1SNm7/fQw9k6/aKBbEOYwrYplhxtcVMmNW1p70unHvaS0tIG7qdVYph8GVdbz
 JnMVBz2hW1KlqGo4PVkglNeK65eolX/8be5VJSVQrSu7phsCbICFQCViz73dnrt7
 0rpcdb8HlW1zh/n/7rxHVTBwWdIylMVm1DXX0BiXcj+vX64Nt5vbfSZAxIm+wzJu
 yr8vJ7LmWWMlza0gqwPkeOMCeUuHUeGgjn0OFohsN0S+XmoyBIyNUxwYvbJdpIf0
 8n31HWMMC76TwE5elO1Z3HjXfCfEV9kKpNLdAhi//xuHVKh9nQOYvidm/kTDEKJR
 +9r4Df4IZtQJIS5o10Q4kffiokxPEIy7QNrwn4/p53v4vSK65yiSTHajbxgcUFcC
 SFB1db3tv4TmWnVrzvqKowJE1TtSHyW9pHr33EVRaiCFnWgnsQsWPqdP5SmO+WZX
 lH4PhUMaVSN2ROZTQFg4EYreh2X/+IlOfhKyLFsoN+wQjMv3VXK8wxpsUtFVllmF
 Ja9QGiNImyW0kId//IKK
 =CEfh
 -----END PGP SIGNATURE-----

Merge tag 'libnvdimm-fix-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm

Pull libnvdimm fix from Dan Williams:
 "Restore support for 1GB alignment namespaces, truncate the end of
  misaligned namespaces"

* tag 'libnvdimm-fix-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  libnvdimm/pfn: Fix namespace creation on misaligned addresses
2019-09-06 16:14:32 -07:00
Linus Torvalds
9772152b4b Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input fix from Dmitry Torokhov:
 "A tiny update from Benjamin removing a mistakenly added Elan PNP ID so
  that the device is again handled by hid-multitouch"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
2019-09-06 16:12:30 -07:00
Benjamin Tissoires
0c043d70d0 Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
Looks like the Bios of the Lenovo Legion Y7000 is using ELAN061B
when the actual device is supposed to be used with hid-multitouch.

Remove it from the list of the supported device, hoping that
no one will complain about the loss in functionality.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=203467
Fixes: 738c06d0e4 ("Input: elan_i2c - add hardware ID for multiple Lenovo laptops")
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2019-09-06 15:40:22 -07:00
Linus Torvalds
36daa831b5 ARM: SoC fixes
There are three more fixes for this week:
 
 - The Windows-on-ARM laptops require a workaround to
   prevent crashing at boot from ACPI
 - The Renesas "draak" board needs one bugfix for
   the backlight regulator
 - Also for Renesas, the "hihope" board accidentally
   had its eMMC turned off in the 5.3 merge window.
 
 Signed-off-by: Arnd Bergmann <arnd@arndb.de>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJdcrXdAAoJEJpsee/mABjZ99QP/0Js6+FE+JXOsiUuREdiU8JC
 CmKPbtPT+IyOP+068bpkU1cWWVJ0fyF126D7mfsQfL/VrQTnqCAqkytBidUmh5kX
 LT0392kaB+zLlbCgxX3xdBOBpMT2j/kFE9YbtBQG59867zH1Y5q6U/Pek0lWze39
 llraW2Nlwr/SW+Ffw0tGLXi8dl9FVYNl3jNKfK2/EM51kEeqwTcJvI0WXgOtsUK3
 oiEamod7mQNGEcqnxWf/W9Pj76Y8dlw5H7Q2aTqsb4bYOB0QdCUZqiLfXhyQn0qZ
 wy3bnC5Y+nIg9N2I4GRp0MLQ54xdN41gZtX25OdmPIvawxnf2dfwinN9EeGxUn3G
 RTgv4eBRRNVlheEdUkoyvLaz9jtOO5NCebti9foYcZv9HDEoIHhCqCjgmU7DrW+2
 eP+6pTwnbokbCDtsQ4okfJrAlMkOz4ynGs3sDwzqyxwXKr8Ez0Gho7nVbrRakH4A
 fOmDAZEqcNNGCUC5S1LLZNVLC0hp7HDb50uqJnVcirSxw2Qr/RPxw7lY4iaG1Gcd
 g8NXmLlkWIGpKe4VofPDqRq7Z5UrpAlefpaO3YVV5k1GH3Z6qmDZpP2ItEdue4yr
 wagaHBuv/eJD8xdEij4uPzx+TshZ7JHcO4IjnTE9rUaPi62tyNigJsuik8LNq5zv
 Lm3ZJwXLhzUDG3XUS+JD
 =f5ge
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

Pull ARM SoC fixes from Arnd Bergmann:
 "There are three more fixes for this week:

   - The Windows-on-ARM laptops require a workaround to prevent crashing
     at boot from ACPI

   - The Renesas 'draak' board needs one bugfix for the backlight
     regulator

   - Also for Renesas, the 'hihope' board accidentally had its eMMC
     turned off in the 5.3 merge window"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
  soc: qcom: geni: Provide parameter error checking
  arm64: dts: renesas: hihope-common: Fix eMMC status
  arm64: dts: renesas: r8a77995: draak: Fix backlight regulator name
2019-09-06 12:53:31 -07:00
Linus Torvalds
30d7030b2f configfs fixes for 5.3
- fix removal vs attribute read/write races (Al Viro)
 -----BEGIN PGP SIGNATURE-----
 
 iQI/BAABCgApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAl1yfl8LHGhjaEBsc3Qu
 ZGUACgkQD55TZVIEUYMXug//bsbudYEZVq1eInmMx6WJkHpYj1jc/gsNxtQiK00P
 dEsUg6GmwrXWcYefEl21hZi8Q7bij0uACmfZ6hxO/PjG1NjElkpUNsZC5WBZMkUg
 IiebsdzPr0KfnIZs7yvQfPYW0l9wvnGr8pGvgT+oWLlcHlPxS7+HBb86vlLWFsxO
 lxWShN3LhyPndPwItauXIZ4Zux6IonsQQpouJm/P1xcK206d3n9rB2hH45XupI9S
 2PhOY6YWfe5wgQN7GgXuMdwnvH+v1M/ELzbiz80aAnlTLQKDsi2n+g2KtYdoJBzD
 6pCzHgQDaW6O2XZJKTQ1xgAnIVKKO1GeRVZ2aZrXe588hJMe9JyJmj/uAltUJ0hJ
 YoIPZIXcU/Tl9O/4uPvqXgxcTCGCBYwHKQJa3d9krJtjrrUU/Secw57YLW0RLm1K
 FkPUSugEAb79l4f5L6dgowLaJwQ7RA+oDfXyvadJNi+Bb6E6PCQcb3rSDINPm4GB
 SXwzh2x1WlEVYz/1XaXYDf0YvmDpvTtRfNJmYng+OJscDkzQF8D2Jk5sjRxjUYys
 yjwDI++z/L0+iwl/BPIFZM/im+Tl8/MVzgB45pG1k8VBKB5L2a2G9CMty4WGkZSs
 rq9XiLbpsGapGoif+nVLoECLLDJmHULqa+wzI04FNpjhWihirqoK2JAV8rQ8MoOo
 1LE=
 =7/hj
 -----END PGP SIGNATURE-----

Merge tag 'configfs-for-5.3' of git://git.infradead.org/users/hch/configfs

Pull configfs fixes from Christoph Hellwig:
 "Late configfs fixes from Al that fix pretty nasty removal vs attribute
  access races"

* tag 'configfs-for-5.3' of git://git.infradead.org/users/hch/configfs:
  configfs: provide exclusion between IO and removals
  configfs: new object reprsenting tree fragments
  configfs_register_group() shouldn't be (and isn't) called in rmdirable parts
  configfs: stash the data we need into configfs_buffer at open time
2019-09-06 12:44:08 -07:00
Linus Torvalds
76f5e9f870 IOMMU Fixes for Linux v5.3-rc7
Including:
 
 	* Revert for an Intel VT-d patch that caused problems for some
 	  users.
 
 	* Removal of a feature in the Intel VT-d driver that was never
 	  supported in hardware. This qualifies as a fix because the
 	  code for this feature sets reserved bits in the invalidation
 	  queue descriptor, causing failed invalidations on real
 	  hardware.
 
 	* Two fixes for AMD IOMMU driver to fix a race condition and to
 	  add a missing IOTLB flush when kernel is booted in kdump mode.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEr9jSbILcajRFYWYyK/BELZcBGuMFAl1ydqsACgkQK/BELZcB
 GuMXZg//TbZjRmobBbtk+7yotzYS7S3W9WNcT97T7x+xKluCjh41j5QDRCajHZQI
 q+b8Dl0kzvydFOCdS4au7lF9sX/QV0yA20JIxgHQ4RiX5L9C7TAuCzXZxASYwryv
 CSHo5dHcIVLtfClW5wIAmo+PPDgQkZV6eY2BnTF1fkked+tf+rpH0MohdafFn9Oy
 gXKblNR6NMIDt7QnuhHLqF3/7aU8TVLQsk7zmieqEXxZN6FIEl4OeOADX/2zYjJh
 G2YaHGdyG8vvQuKarUMiEADKLMaxM8kfGcDCu0HJeXlz6cLiw3joM2E6V2FvEfTA
 25Jwc22784EG2DoosV6HMMGFrYIcMIhb4tXVsSTU2W+mypsPfad2IYk3TrBG9QV3
 Lb3AnpqcY79HEE6GtE1D8iX0b0rFIkEwMj7zxIX2najgsOxkNt9C8UnWrIPOtWvs
 eEaUFRnA/lKVsXWl09WD5gMboRZqRSMmmQWp0sIKtdscHLo8TmdTPefSPMNDQLG5
 odjxg91w/3Rbx11j49AqO6gZ9gpcYGnTBFpIVemC8WGmts6+R9QZ9OnkfWdUxXf2
 FKOBaWPYnsoh71pXsz9v9tW4iQPD5+81hR/92Nf8PdFgGgCyOhhf+PtbkFBCbXo5
 r40y8jQ21SIHYOF06m3u24DUK+KETvpNHmyS65r5C6yDWPJMoq8=
 =SEs8
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull IOMMU fixes from Joerg Roedel:

 - Revert an Intel VT-d patch that caused problems for some users.

 - Removal of a feature in the Intel VT-d driver that was never
   supported in hardware. This qualifies as a fix because the code for
   this feature sets reserved bits in the invalidation queue descriptor,
   causing failed invalidations on real hardware.

 - Two fixes for AMD IOMMU driver to fix a race condition and to add a
   missing IOTLB flush when kernel is booted in kdump mode.

* tag 'iommu-fixes-v5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/amd: Fix race in increase_address_space()
  iommu/amd: Flush old domains in kdump kernel
  iommu/vt-d: Remove global page flush support
  Revert "iommu/vt-d: Avoid duplicated pci dma alias consideration"
2019-09-06 12:22:36 -07:00
Linus Torvalds
0445971000 MMC core:
- Fix card init for some eMMCs that need retries for CMD6
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAl1yMP4XHHVsZi5oYW5z
 c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCklcBAAlaHw4FDXLwOzj9O5d1slPK3U
 wttFl0REMY8KQSVckIVBbt3jtv3SO6Zb3mDL76ELPJPoooiXLTzjoQXTj0Oxrdv7
 E9y96gohFLLioiN5NfNfYNnVyMYUKwZqkFhR+t9DuMofkxW2K1Nh8CRThXpNhowT
 TT9B7cXlCyByLp1JyXRzt2A+4fhp/xSAfrD88iiPjBLcaGB8Z7BJT9G//VeIr0Xm
 JDLokxw6exyWjUQUATmPNFBeT6vykK26hXYZS4NnXXNlBfSTZpTId7lI3pF3QZrN
 RQUAU4oMw8k9Snv+ZNtPKufx86QmpbXBa7Ilzh9Qcpyopn7YiaSEo2hABBcLgJVl
 q7v0jr0LfpEzsxiX4rPibrYuJhOg8Hv1eSQtTLMAi4bFJHhhiLR7UVz6DT6MPwnp
 VrpUL6kLt9lXwm6sVcUCxiZ3GvQOqs++XJGyR+JWCt1/nJi57UnOX4qbtc8X9IaW
 6xfdVn4Vr/jfNJfBtyI1FMo1Aqhg0yWSiGkdag0bwXVHL7UUHS1CVCTYCN8FXMrW
 iKqRcriSN+C+5C6pbXtGbCM2O3fwpIas2Mj7hrcoRERMBNa6GGn99si7dWwQPJ1h
 6rBnss0g6+17K4yvN09YwYaQixp3bLVmktCCvz+EgUYGrAXAdkOc1WD3TuHnoMQI
 cjOxBinCiPDUyRUm9/A=
 =jpf+
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

Pull MMC fix from Ulf Hansson:
 "Revert in order to fix card init for some eMMCs that need retries for
  CMD6"

* tag 'mmc-v5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  Revert "mmc: core: do not retry CMD6 in __mmc_switch()"
2019-09-06 09:01:49 -07:00
Linus Torvalds
08d433d812 drm fixes for 5.3-rc8 (or final)
nouveau:
 - add missing MODULE_FIRMWARE definitions
 
 igenic:
 - hardcode panel type DPI
 
 vmwgfx:
 - double free fix
 
 core:
 - command line mode parser fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdcgYAAAoJEAx081l5xIa+Td4QAKUcxyaAMbAjJde49nsrWQvY
 pyLdNLLDmE3xBPCetERn8QMgGr9K4c0mcVZ2deWVU/WS10BWEe5T0JlwfTqH7VnH
 rmCWh5dJiHCN9sjcoM9XbOJGbOiO6b0vNd4SMwHtMLfdeIHWHJovPhsfbD89NSux
 NxYQRYh9l1+vsbJC6kznAi/9Itg4xQ6BCeGFgq/vJjRA23E6+D7lKeZK9cykEV7Q
 fevjePoFtdmuzurbWS8gEWF/1mBTp7beAUTJYn5hdh3mj4HXtrmy71XaCwzj1nqd
 ssn3tOmmIvTmqvoU3aR7WbOsHIiaynU0HGh4sAUoZ8BLbuk6LtqGtGSuXrevYtS0
 q2QYCL0fSd2qUP64zz/hQAF0Pbfw0kUoyec/AQdVl+0Uk4rcrtLmpYNsw/2l2fKZ
 t5rq1quZ5FnD2GSNSi308ZhmHhjlluQzsd4oezYZndIiIG9mEPGfgrlvfWJqiFO4
 MAvVhP/NilvUnTvocVZtDe+kU3WGeqOUKK5T4aKaQeR1pbh4YF5aJpAoiOHtMldq
 W9Dm4sXu2PSdCzFl77k9QJ7XrUC9/dlr2SZ69K7G49LKTraVaQfNeXgvSftYKjWk
 eO8Kxk9QvGFdtwr2K5AOHOCcBtOQOl5l8RmrgAr9nGe3OZRP4+Bc1EEhYaTFdc6n
 EVIZe4yo/G8yX52/wR6L
 =dOSF
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2019-09-06' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Live from my friend's couch in Barcelona, latest round of drm fixes.

  The command line parser regression fixes look a bit larger because
  they come with selftests included for the bugs they fix. Otherwise a
  single nouveau, single ingenic and single vmwgfx fix:

  nouveau:
   - add missing MODULE_FIRMWARE definitions

  igenic:
   - hardcode panel type DPI

  vmwgfx:
   - double free fix

  core:
   - command line mode parser fixes"

* tag 'drm-fixes-2019-09-06' of git://anongit.freedesktop.org/drm/drm:
  drm/vmwgfx: Fix double free in vmw_recv_msg()
  drm/nouveau/sec2/gp102: add missing MODULE_FIRMWAREs
  drm/selftests: modes: Add more unit tests for the cmdline parser
  drm/modes: Introduce a whitelist for the named modes
  drm/modes: Fix the command line parser to take force options into account
  drm/modes: Add a switch to differentiate free standing options
  drm/ingenic: Hardcode panel type to DPI
2019-09-06 08:58:19 -07:00
Linus Torvalds
9d098a6234 virtio, vhost, balloon: bugfixes
A couple of last minute bugfixes. And a revert of a failed attempt at
 metadata access optimization - we'll try again in the next cycle.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJdb6MSAAoJECgfDbjSjVRpWq0IALJqn4RTQJiFUg4pa6qV1Uxb
 DJtHCmYhW+m9VB+5gmKJ9ugFcBbdbSEy81kwrc6lKywTttevk+whrlRry49ufbMx
 htoRFGG4gm2RgmXNkV92RQwrz0ajtG0hjm3/Gaxi2OzOudpB4/DJnUcXJKEa2UvD
 qAH4n9SN6QXQ6zfU20EvNyA0++RwIkg9xx0r5IZ8eddOlS5tqFasr7TkMBr7Tj9V
 a1QkCVGfCDUBpthMwrOuJpYkTWf2vRyarqWUvxsJbFqyECossHIYM7EWGu8apFYW
 pbQbn8bXVNNJoA8ERmCkiptHQALK8qeONu0MOarnDVRXvGni4OHTuXJfMYyCkEY=
 =RqIf
 -----END PGP SIGNATURE-----

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

Pull virtio fixes from Michael Tsirkin:
 "virtio, vhost, and balloon bugfixes.

  A couple of last minute bugfixes. And a revert of a failed attempt at
  metadata access optimization - we'll try again in the next cycle"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  mm/balloon_compaction: suppress allocation warnings
  Revert "vhost: access vq metadata through kernel virtual address"
  vhost: Remove unnecessary variable
  virtio-net: lower min ring num_free for efficiency
  vhost/test: fix build for vhost test
  vhost/test: fix build for vhost test
2019-09-06 08:56:06 -07:00
Linus Torvalds
13da6ac106 powerpc fixes for 5.3 #5
One fix for a boot hang on some Freescale machines when PREEMPT is enabled.
 
 Two CVE fixes for bugs in our handling of FP registers and transactional memory,
 both of which can result in corrupted FP state, or FP state leaking between
 processes.
 
 Thanks to:
   Chris Packham, Christophe Leroy, Gustavo Romero, Michael Neuling.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAl1x06oTHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgCZzD/90EyaWJVS8WPZopoIdnuOfB/F7EZFY
 Lhgd640S1p4o8BUZaQ1T19JOzp6HlO38myOptBufY0BsIJW0M2GwngnBPzSPW8r7
 ImTTf5cU0CDe2m3OJdfBrVpnGmUsmoWxwrsFJZ9wbsXhCwbbUzOUuxD/B9wBIGi/
 sPpTlaYZBhu3cKs9EWPKAODJhtEf55Q1c62gftfj8Y5u8uxQGinYInCghAUr+3Zv
 uCw1CSxOV7yGxfgc1sbOptidOiG4Pljw4EDCUFLpjWTYgPVERASbPHs3C4xuAHGq
 IYuNDUJbwrxMU9BKLFzvL4MKWa5XtzLE34oY8SuyyVAbIQTszgCn2rIwlJXH88PO
 UtId9accmS+dy2lRI+90dC0qeTgUUIZXS1NF0cl5YNRN0TlMyjHL2/sRxCZF2svF
 EaGNjTQLAsfX0ccO9xQr8+KBSfFURMEkO8QQAR0lzJmIgbvSuzfjlZpbcYd2Nqfe
 EiYU4GeAQSn14vi0ZMdRWxc1rki9pPhGkrUwToDALsiEedRB03olM955uecf7fra
 S8MzHFBYh8Apd/lsAj53uAbL2rIHDJ5+6/eezYp7bRbo6FlvWDs9kmYTX3p3ixq1
 Q4gDHfbwnWxxhjUBri5QNZF9YHgkyGPURGpIbdXk9R4Hc7ihQWwDBcSrueca51Ug
 m97SLF5/+yWx0A==
 =C+wa
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-5.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 "One fix for a boot hang on some Freescale machines when PREEMPT is
  enabled.

  Two CVE fixes for bugs in our handling of FP registers and
  transactional memory, both of which can result in corrupted FP state,
  or FP state leaking between processes.

  Thanks to: Chris Packham, Christophe Leroy, Gustavo Romero, Michael
  Neuling"

* tag 'powerpc-5.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts
  powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction
  powerpc/64e: Drop stale call to smp_processor_id() which hangs SMP startup
2019-09-06 08:54:45 -07:00
Sasha Levin
1f493162b5 Documentation/process/embargoed-hardware-issues: Microsoft ambassador
Add Sasha Levin as Microsoft's process ambassador.

Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Link: https://lore.kernel.org/r/20190906095852.23568-1-sashal@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-09-06 12:11:09 +02:00
Lee Jones
8928e917ae soc: qcom: geni: Provide parameter error checking
When booting with ACPI, the Geni Serial Engine is not set as the I2C/SPI
parent and thus, the wrapper (parent device) is unassigned.  This causes
the kernel to crash with a null dereference error.

Link: https://lore.kernel.org/r/20190905082555.15020-1-lee.jones@linaro.org
Fixes: 8bc529b253 ("soc: qcom: geni: Add support for ACPI")
Acked-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-09-06 11:08:08 +02:00
Joerg Roedel
754265bcab iommu/amd: Fix race in increase_address_space()
After the conversion to lock-less dma-api call the
increase_address_space() function can be called without any
locking. Multiple CPUs could potentially race for increasing
the address space, leading to invalid domain->mode settings
and invalid page-tables. This has been happening in the wild
under high IO load and memory pressure.

Fix the race by locking this operation. The function is
called infrequently so that this does not introduce
a performance regression in the dma-api path again.

Reported-by: Qian Cai <cai@lca.pw>
Fixes: 256e4621c2 ('iommu/amd: Make use of the generic IOVA allocator')
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2019-09-06 10:55:51 +02:00
Stuart Hayes
36b7200f67 iommu/amd: Flush old domains in kdump kernel
When devices are attached to the amd_iommu in a kdump kernel, the old device
table entries (DTEs), which were copied from the crashed kernel, will be
overwritten with a new domain number.  When the new DTE is written, the IOMMU
is told to flush the DTE from its internal cache--but it is not told to flush
the translation cache entries for the old domain number.

Without this patch, AMD systems using the tg3 network driver fail when kdump
tries to save the vmcore to a network system, showing network timeouts and
(sometimes) IOMMU errors in the kernel log.

This patch will flush IOMMU translation cache entries for the old domain when
a DTE gets overwritten with a new domain number.

Signed-off-by: Stuart Hayes <stuart.w.hayes@gmail.com>
Fixes: 3ac3e5ee5e ('iommu/amd: Copy old trans table from old kernel')
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2019-09-06 10:34:30 +02:00
Dave Airlie
1e19ec6c3c drm-misc-fixes for v5.3 final:
- Make ingenic panel type DPI insteado f unknown.
 - Fixes for command line parser modes.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEuXvWqAysSYEJGuVH/lWMcqZwE8MFAl1xOnsACgkQ/lWMcqZw
 E8O5Gw//fo85tbQwbKH59QwT96oZ/r7DWchQpLz8EJDfxbHgSeAhu6xgJaB/DZ6+
 Hqp091OIFHuufXW5Xl7teXixs67ChLrtJc2iokA/RbMnLt7xWtSbf4w1Y3nYJ/p+
 kG2kfvjimGQDMB3WL+gUpaRXBD2adc7S0EFsf4VVhVw1CfHG8RYrARtsPMV7SCox
 F3d+J6ZHj2zyTZuSeDDg11N/bPrNTLKV7/cCX/cg5hKdDBkK0jfyLMwMqGB6Nd1D
 s2kMyjqL7HEJpf6cXTqpWd/Du5fUgKi7sX7UWtW6vyd0IUnCWOUNmY4uRgKFRf2O
 YeTH+Qt5gfBdg4vUe4iZLiILfgS9N2p806v3yMQodrXWD47DrXD1NFEQNq0AfIUV
 nfyaccU1cgoBts/m9vJOOFgZGu8+b5YCVTdtgUi96o7P4+XZcy/85nE4c/c0fBUK
 D30tlrCzqv9zrhotf60atN/eqbiMW4wJycSk4QNx1kFb8R9+ZzQvQN7FfZkO4oiU
 qzO9c3fmE7qeHZdAm5g9OzamjOIw5esj7L0kEhczZ/9MU7XnJz2eKrE3SxhT3mdf
 r2l5K02q0GZ54KmmhScVOeVAI8B/Fp0An3r7vpsIumPevtgQfLHcj88iT9Q23wZz
 y5L9eS77DeZiJftcQB6FzGQ810bl9O24nNByW3+yu46SX+hfLS8=
 =cZhy
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2019-09-05' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

drm-misc-fixes for v5.3 final:
- Make ingenic panel type DPI insteado f unknown.
- Fixes for command line parser modes.

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/606d87b2-1840-c893-eb30-d6c471c9e50a@linux.intel.com
2019-09-06 16:27:46 +10:00
Dave Airlie
7610bb0bde Merge branch 'vmwgfx-fixes-5.3' of git://people.freedesktop.org/~thomash/linux into drm-fixes
Single vmwgfx double free fix.

Signed-off-by: Dave Airlie <airlied@redhat.com>
2019-09-06 16:24:56 +10:00
Hillf Danton
d41a3effbb keys: Fix missing null pointer check in request_key_auth_describe()
If a request_key authentication token key gets revoked, there's a window in
which request_key_auth_describe() can see it with a NULL payload - but it
makes no check for this and something like the following oops may occur:

	BUG: Kernel NULL pointer dereference at 0x00000038
	Faulting instruction address: 0xc0000000004ddf30
	Oops: Kernel access of bad area, sig: 11 [#1]
	...
	NIP [...] request_key_auth_describe+0x90/0xd0
	LR [...] request_key_auth_describe+0x54/0xd0
	Call Trace:
	[...] request_key_auth_describe+0x54/0xd0 (unreliable)
	[...] proc_keys_show+0x308/0x4c0
	[...] seq_read+0x3d0/0x540
	[...] proc_reg_read+0x90/0x110
	[...] __vfs_read+0x3c/0x70
	[...] vfs_read+0xb4/0x1b0
	[...] ksys_read+0x7c/0x130
	[...] system_call+0x5c/0x70

Fix this by checking for a NULL pointer when describing such a key.

Also make the read routine check for a NULL pointer to be on the safe side.

[DH: Modified to not take already-held rcu lock and modified to also check
 in the read routine]

Fixes: 04c567d931 ("[PATCH] Keys: Fix race between two instantiators of a key")
Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-09-05 14:19:25 -07:00
Linus Torvalds
a3f5e1f578 sound fixes for 5.3-rc8
A collection of small HD-audio fixes:
 - A regression fix for Realtek codecs due to the recent initialization
   procedure change
 - A fix for potential endless loop at the quirk table lookup
 - Quirks for Lenovo, ASUS and HP machines
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl1xCjYOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE9WChAAiCWz7aBTrLz4fxj/t/QC2mADXgulrKBlP4qt
 ACMcxnZdwyJUDw5d38BH8/ATPPzzrhExtUKcAJ9rkzEjyLB3GfhfnAsPW5bCl9Mv
 XPZp55b7Tju6WotKwkNWVDSXfGexlEmVVW67+JkjyNtK5kAIwc7TTP3aMawQ7acv
 Gpsu7TSyXaqQax8GdVUuVypQB/PVR7ow6yW+7uz46jeeZiNIdbuZj2Mo7WawgCnz
 lJDjOFbsJyI/Oa1ZkNI1RrN4UkLvtqawh+qnUJJ2k4KLJdDpo5Q2oHZqokxWnDxT
 fzbHRB00MAjjA4bg2LiRhkdb0+9AV/fl5bf5DnMCExaE+rzDH5avmnjwQBJ1R6SK
 u9Ca1pPpMcbn352mibkqdFG8l0BwKUtPX/x60HyRtA0Mzel9Bi3nshjrUzQ/11Y4
 cqwiVbxw4k0jPvm97xElFWusraspLb7ehCHsap+0Y5irDl1IcvE6+16cqKivIeof
 DVYZ0KW8EKPa0ULF3PEMRBqBWeJspX8zu65em89HiQv2G6wLb7cARx6nuO9ItiTn
 JMx9bo3aMe3xe5a+DpBXECGw3V7snsMhTNNW7b9so2aKgbw6yfdJvEz0hYqEqMcM
 u9ef6F50WayPe4dreV9Ed5+mjjAXMxrExjzOLzYeAOCUlFaVw7PXW4UE5L7xn1Lj
 bCuMAtY=
 =SHx5
 -----END PGP SIGNATURE-----

Merge tag 'sound-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A collection of small HD-audio fixes:

   - A regression fix for Realtek codecs due to the recent
     initialization procedure change

   - A fix for potential endless loop at the quirk table lookup

   - Quirks for Lenovo, ASUS and HP machines"

* tag 'sound-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
  ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL
  ALSA: hda/realtek - Add quirk for HP Pavilion 15
  ALSA: hda/realtek - Fix overridden device-specific initialization
  ALSA: hda - Fix potential endless loop at applying quirks
2019-09-05 10:26:20 -07:00
Linus Torvalds
19e4147a04 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
 "Misc fixes:

   - EFI boot fix for signed kernels

   - an AC flags fix related to UBSAN

   - Hyper-V infinite loop fix"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/hyper-v: Fix overflow bug in fill_gva_list()
  x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
  x86/boot: Preserve boot_params.secure_boot from sanitizing
2019-09-05 09:47:32 -07:00
Linus Torvalds
262f7eeddc Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
 "This fixes an ABI bug introduced this cycle, plus fixes a throttling
  bug"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/core: Fix uclamp ABI bug, clean up and robustify sched_read_attr() ABI logic and code
  sched/fair: Don't assign runtime for throttled cfs_rq
2019-09-05 09:38:31 -07:00
Linus Torvalds
13133f933a clang-format update for 5.3
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEPjU5OPd5QIZ9jqqOGXyLc2htIW0FAl1wAawACgkQGXyLc2ht
 IW18Kw//bBBF1AfQ1PQUITjC11r+bNZIavCIK/DogL4Q68Oa7byhUX9zoKCpZMKz
 YkRFQ3QRQ+IiIr88GuSzkeMktqNgN4cu1mvcc544uw7T6FVMaXe8HhPm89kAXJgu
 ABHn3mhpv9ziTMZCVeTtdgV28FtF3PnkJ93ul8+4y260JaY/Zx3x0pp6aVX+UkCZ
 82V5zGu1B4jF2eqXjBTvj2ZwfSFXRiiFWswswBZZhiyFecv4VZ9xFnD5aR4DCbWy
 yOsejXdU8h94nnm91Bt90qR2aqrGHpEWsKAyopqM8pXU1ZmMjB+qvrgbcDFqt3RC
 lsK8DHK3WVbwwPN6UnFkysVy3QTP9Ru2ih6ZQA+bhb+//VGen/BXLW3NRauJqwqi
 4FF3OCvUO6d2ZHWvA69KNF6PRFBXRbxuFLFpaHXlPEOr8R4y03mEXqk375e6DH++
 ZvOQQ5r1FFSUoE4tZYgeftZF9mYdkcZgJs0FS5C9YzzrEAGQB0ZunlOftuw0NgOV
 ZxjN1rHMF1eoFKYOgWIlI+xZc83G6ZWWdEy7yw3qcM/4ymtPfLYf+sWzFxyA5ylF
 VXt6zuRP5y+0JQi2o5t/5nBmCD4uDie31yRcAqv0uo+cRH11pw5KUXt8TV5rCLnZ
 qBaWX817U51qHq3rLmp5tvaxX/Yyz3Mj4hi9eppddjUQLAQlWu4=
 =Q7CS
 -----END PGP SIGNATURE-----

Merge tag 'clang-format-for-linus-v5.3-rc8' of git://github.com/ojeda/linux

Pull clang-format update from Miguel Ojeda:
 "Update with the latest for_each macro list"

* tag 'clang-format-for-linus-v5.3-rc8' of git://github.com/ojeda/linux:
  clang-format: Update with the latest for_each macro list
2019-09-05 09:23:02 -07:00
Arnd Bergmann
13212a648f Second Round of Renesas ARM Based SoC Fixes for v5.3
* RZ/G2M based HiHope main board
   - Re-enabled accidently disabled SDHI3 (eMMC) support
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE4nzZofWswv9L/nKF189kaWo3T74FAl1w1ksACgkQ189kaWo3
 T75WQBAAoPH+Gt2LUEhfya7cVbCEVAX6kkbVh5qSwmaGG3ZF3jBFlCZBaORQh4LA
 Ymm/WGWA9hzamNTDeGH0cePKN1QGGNRy4Z9ICxt8+uDiaCFJilKLD3q3wq0NVNRY
 SvepE82KYn3CVXL+3pZAi4za2VbJqSSFBWyTrEURXLmOjWdmg0IsARbW5JDgcCwY
 NPK4Ohc2GKdIMtGagDZ3EzkeU7f0N2sbyMqSKbe/AXhI3qF8FTiR0Lmj7ik4HAay
 UXLV/IPlupN+cTY4QW6PzziTZ1A2drrYigO5H9QFoyvSRyHswiXAN/36QYPx5Lir
 i/PH7+x9CxkSM42h1ujLURxdlhUfV6pErSMhcp9BBJRhVhrz0BDRSmuiBOzmN3xi
 eDPC/gc66KXv4rTMOYXb12WfT59O6dVXKaGQVYMFWqO3hf2Y6Uo6SWg07JGjvdNQ
 Oapi2oJPWVOV2xPZMQuAqTffnUYJekdkLrjrEUUaWV7Gip+3mXILNWiJOGVZ4j8/
 Z2/yEYpJdSnhRiaZemvNDqcbR1spnOsxlBQKaWvC2Q2DOUb694Fp1cfAOJ5+XoQA
 wlddZYujZj0mnZ557rOQbWOxAxkwdzBl8tgLQ5fnRFrtmqHLTHnOhXiFuz6cPM3e
 tfihOemfp3wJUb1QZuELHaAKcTDcwIwhIjqV7jc//sAOIUcG/Fg=
 =rBep
 -----END PGP SIGNATURE-----

Merge tag 'renesas-fixes2-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into arm/fixes

Second Round of Renesas ARM Based SoC Fixes for v5.3

* RZ/G2M based HiHope main board
  - Re-enabled accidently disabled SDHI3 (eMMC) support

* tag 'renesas-fixes2-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas:
  arm64: dts: renesas: hihope-common: Fix eMMC status

Link: https://lore.kernel.org/r/cover.1567675986.git.horms+renesas@verge.net.au
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-09-05 17:56:30 +02:00
Dan Carpenter
08b0c89160 drm/vmwgfx: Fix double free in vmw_recv_msg()
We recently added a kfree() after the end of the loop:

	if (retries == RETRIES) {
		kfree(reply);
		return -EINVAL;
	}

There are two problems.  First the test is wrong and because retries
equals RETRIES if we succeed on the last iteration through the loop.
Second if we fail on the last iteration through the loop then the kfree
is a double free.

When you're reading this code, please note the break statement at the
end of the while loop.  This patch changes the loop so that if it's not
successful then "reply" is NULL and we can test for that afterward.

Cc: <stable@vger.kernel.org>
Fixes: 6b7c3b86f0 ("drm/vmwgfx: fix memory leak when too many retries have occurred")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
2019-09-05 14:44:28 +02:00
Kees Cook
f56f791f6d Documentation/process: Add Google contact for embargoed hardware issues
This adds myself as the Google contact for embargoed hardware security
issues and fixes some small typos.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Matt Linton <amuse@google.com>
Cc: Matthew Garrett <mjg59@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Guenter Roeck <groeck@chromium.org>
Link: https://lore.kernel.org/r/201909040922.56496BF70@keescook
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-09-05 07:43:34 +02:00
Andrew Cooper
02e740aeca Documentation/process: Volunteer as the ambassador for Xen
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Link: https://lore.kernel.org/r/20190904181702.19788-1-andrew.cooper3@citrix.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-09-05 07:43:30 +02:00
Al Viro
b0841eefd9 configfs: provide exclusion between IO and removals
Make sure that attribute methods are not called after the item
has been removed from the tree.  To do so, we
	* at the point of no return in removals, grab ->frag_sem
exclusive and mark the fragment dead.
	* call the methods of attributes with ->frag_sem taken
shared and only after having verified that the fragment is still
alive.

	The main benefit is for method instances - they are
guaranteed that the objects they are accessing *and* all ancestors
are still there.  Another win is that we don't need to bother
with extra refcount on config_item when opening a file -
the item will be alive for as long as it stays in the tree, and
we won't touch it/attributes/any associated data after it's
been removed from the tree.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2019-09-04 22:33:51 +02:00
Linus Torvalds
3b47fd5ca9 NFS client bugfixes for Linux 5.3
Highlights include:
 
 Bugfixes:
 - Fix inode fileid checks in attribute revalidation code
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEESQctxSBg8JpV8KqEZwvnipYKAPIFAl1v7lYACgkQZwvnipYK
 APIwmBAAnaHqHBqOCB6aYl6gn9jEiazlklw6/3FsIv4RFc5z5chVI2lMlFtRxy06
 VeUepxU02TzBjB6tN5M+o0jy8aaZbgwYIpSToZTG4f0hVN8YywiBpP5UXC1fK9Om
 4bQPFk+WkCXGzv18wy1G6E3Zej0Jtz4mtFEv/ezijyxt9hqSkGiW0HqAZwGMjWBL
 8m92aEk4fR0QTIs3GOSiA5UPEPJtYU5QdPey9qTupt0dpDidp6e8tTFBOvOKnuHp
 Czf4uMyMM47ysiVsLScYqhrobrk9xEOpR9nZ5S1BLxWwHoTIiLx4kcZO21LHsFim
 DVppZyDs0Jc9Zvz57ljLxaQh02v5nZqKzwgo4Ig7kMnYfx2A5LQz+3aX+Hj71RPv
 rKBWLIyBt1V2YmyJqpnVNKp7tTB8sGOd4fHMVHmKQ+7VYVYtZt6P6YIgr8T2nTn3
 qYBR+OreXu+cgsg60ORTC63Yd9wxolv9NERKOapzp7bZ4SG057QwNj+jPD5pyiYX
 uf+tHuStC3ST6N90mSwYUTUEg69TSCHGqkeWrIBZQmz0kZbpiZSb99eUSAY7gmF/
 js0+T6d8kO/QxwTkdV5V/SILa+9wbd8SJcxcMuzIfPEwo2fq8TGVzXZhkCl9dhMT
 Dykie+TLxFvFVPiadjhNoqvLPPQb03goQYL1l+DKvADC9BemmjY=
 =dEk2
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-5.3-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfix from Trond Myklebust:
 "Regression fix inode fileid checks in attribute revalidation code"

* tag 'nfs-for-5.3-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  NFS: Fix inode fileid checks in attribute revalidation code
2019-09-04 11:09:53 -07:00
Ingo Molnar
1251201c0d sched/core: Fix uclamp ABI bug, clean up and robustify sched_read_attr() ABI logic and code
Thadeu Lima de Souza Cascardo reported that 'chrt' broke on recent kernels:

  $ chrt -p $$
  chrt: failed to get pid 26306's policy: Argument list too long

and he has root-caused the bug to the following commit increasing sched_attr
size and breaking sched_read_attr() into returning -EFBIG:

  a509a7cd79 ("sched/uclamp: Extend sched_setattr() to support utilization clamping")

The other, bigger bug is that the whole sched_getattr() and sched_read_attr()
logic of checking non-zero bits in new ABI components is arguably broken,
and pretty much any extension of the ABI will spuriously break the ABI.
That's way too fragile.

Instead implement the perf syscall's extensible ABI instead, which we
already implement on the sched_setattr() side:

 - if user-attributes have the same size as kernel attributes then the
   logic is unchanged.

 - if user-attributes are larger than the kernel knows about then simply
   skip the extra bits, but set attr->size to the (smaller) kernel size
   so that tooling can (in principle) handle older kernel as well.

 - if user-attributes are smaller than the kernel knows about then just
   copy whatever user-space can accept.

Also clean up the whole logic:

 - Simplify the code flow - there's no need for 'ret' for example.

 - Standardize on 'kattr/uattr' and 'ksize/usize' naming to make sure we
   always know which side we are dealing with.

 - Why is it called 'read' when what it does is to copy to user? This
   code is so far away from VFS read() semantics that the naming is
   actively confusing. Name it sched_attr_copy_to_user() instead, which
   mirrors other copy_to_user() functionality.

 - Move the attr->size assignment from the head of sched_getattr() to the
   sched_attr_copy_to_user() function. Nothing else within the kernel
   should care about the size of the structure.

With these fixes the sched_getattr() syscall now nicely supports an
extensible ABI in both a forward and backward compatible fashion, and
will also fix the chrt bug.

As an added bonus the bogus -EFBIG return is removed as well, which as
Thadeu noted should have been -E2BIG to begin with.

Reported-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Tested-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Tested-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Cc: Arnaldo Carvalho de Melo <acme@infradead.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Patrick Bellasi <patrick.bellasi@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: a509a7cd79 ("sched/uclamp: Extend sched_setattr() to support utilization clamping")
Link: https://lkml.kernel.org/r/20190904075532.GA26751@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2019-09-04 19:51:30 +02:00
Arnd Bergmann
d9a2b63ca9 Renesas ARM Based SoC Fixes for v5.3
* R-Car D3 (r8a77995) based Draak Board
   - Correct backlight regulator name in device tree
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE4nzZofWswv9L/nKF189kaWo3T74FAl1WsAkACgkQ189kaWo3
 T76iZA//ST+Llf3DLMcmhFHci2ld8khWl+NcxVAKDjDXgxZ85jxqzxs2b8kshYoV
 xAIdt+zwS5GOXpXjDbuw2uufLTEGrmS8v98NxBlxvmdr35PKQE6wXRs+YfisXlhL
 bnY4pG8AT3NnN8iiQ4DWkRVmfvc2joaWmyczELvrPCSzLtguCAkjm9m7hfPiVxT+
 L5tf01LhYGxRdYoXI/c+kIDyYfgQOhcGMkIk22R3p+l9QM2NE8HqhMPqAqPLYTNA
 c/bueDoPxyFdNp7drPMTdkWzovQ0fsslXT1GvbZ6MHJN4e2OurcGHsoU5m/gUJrH
 f6C6y3Jw/nInRI13SeI3hAAHnmycND1O5TPqfYMJksmJU2c5x1Zabj2Su4ztNUPa
 rMxF4wgqPzqLXDT1xcCacdgUketgYrRmcGUE/KkEIZxcx2eVrLN9TSZ8iOr0ic/E
 pwxWUF9OobNYb20sJEiV3esYAwcQq/tqSnr6Hd4vBd2ptqZAOq81mfvt4wnJuwuO
 jAAtyV7cdO49lpKf97WfCdqZvArpohKoF6w4Zi9TDBtFGkOj5lkNATc7w6eJkcye
 vUDmJ2+9zR+auGMCn3kwzG62yO4KJDnGJgjxMsXh1Kt1MQgpVI2wTFczJUaC4/M2
 Lcq+pShfI1qYvAeyy+80RRkR5jiyfGncrrpq1dnYeX6HC8E946w=
 =YACQ
 -----END PGP SIGNATURE-----

Merge tag 'renesas-fixes-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into arm/fixes

Renesas ARM Based SoC Fixes for v5.3

* R-Car D3 (r8a77995) based Draak Board
  - Correct backlight regulator name in device tree

* tag 'renesas-fixes-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas:
  arm64: dts: renesas: r8a77995: draak: Fix backlight regulator name

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-09-04 14:38:47 +02:00
Gustavo Romero
a8318c13e7 powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts
When in userspace and MSR FP=0 the hardware FP state is unrelated to
the current process. This is extended for transactions where if tbegin
is run with FP=0, the hardware checkpoint FP state will also be
unrelated to the current process. Due to this, we need to ensure this
hardware checkpoint is updated with the correct state before we enable
FP for this process.

Unfortunately we get this wrong when returning to a process from a
hardware interrupt. A process that starts a transaction with FP=0 can
take an interrupt. When the kernel returns back to that process, we
change to FP=1 but with hardware checkpoint FP state not updated. If
this transaction is then rolled back, the FP registers now contain the
wrong state.

The process looks like this:
   Userspace:                      Kernel

               Start userspace
                with MSR FP=0 TM=1
                  < -----
   ...
   tbegin
   bne
               Hardware interrupt
                   ---- >
                                    <do_IRQ...>
                                    ....
                                    ret_from_except
                                      restore_math()
				        /* sees FP=0 */
                                        restore_fp()
                                          tm_active_with_fp()
					    /* sees FP=1 (Incorrect) */
                                          load_fp_state()
                                        FP = 0 -> 1
                  < -----
               Return to userspace
                 with MSR TM=1 FP=1
                 with junk in the FP TM checkpoint
   TM rollback
   reads FP junk

When returning from the hardware exception, tm_active_with_fp() is
incorrectly making restore_fp() call load_fp_state() which is setting
FP=1.

The fix is to remove tm_active_with_fp().

tm_active_with_fp() is attempting to handle the case where FP state
has been changed inside a transaction. In this case the checkpointed
and transactional FP state is different and hence we must restore the
FP state (ie. we can't do lazy FP restore inside a transaction that's
used FP). It's safe to remove tm_active_with_fp() as this case is
handled by restore_tm_state(). restore_tm_state() detects if FP has
been using inside a transaction and will set load_fp and call
restore_math() to ensure the FP state (checkpoint and transaction) is
restored.

This is a data integrity problem for the current process as the FP
registers are corrupted. It's also a security problem as the FP
registers from one process may be leaked to another.

Similarly for VMX.

A simple testcase to replicate this will be posted to
tools/testing/selftests/powerpc/tm/tm-poison.c

This fixes CVE-2019-15031.

Fixes: a7771176b4 ("powerpc: Don't enable FP/Altivec if not checkpointed")
Cc: stable@vger.kernel.org # 4.15+
Signed-off-by: Gustavo Romero <gromero@linux.ibm.com>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190904045529.23002-2-gromero@linux.vnet.ibm.com
2019-09-04 22:31:13 +10:00
Gustavo Romero
8205d5d98e powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction
When we take an FP unavailable exception in a transaction we have to
account for the hardware FP TM checkpointed registers being
incorrect. In this case for this process we know the current and
checkpointed FP registers must be the same (since FP wasn't used
inside the transaction) hence in the thread_struct we copy the current
FP registers to the checkpointed ones.

This copy is done in tm_reclaim_thread(). We use thread->ckpt_regs.msr
to determine if FP was on when in userspace. thread->ckpt_regs.msr
represents the state of the MSR when exiting userspace. This is setup
by check_if_tm_restore_required().

Unfortunatley there is an optimisation in giveup_all() which returns
early if tsk->thread.regs->msr (via local variable `usermsr`) has
FP=VEC=VSX=SPE=0. This optimisation means that
check_if_tm_restore_required() is not called and hence
thread->ckpt_regs.msr is not updated and will contain an old value.

This can happen if due to load_fp=255 we start a userspace process
with MSR FP=1 and then we are context switched out. In this case
thread->ckpt_regs.msr will contain FP=1. If that same process is then
context switched in and load_fp overflows, MSR will have FP=0. If that
process now enters a transaction and does an FP instruction, the FP
unavailable will not update thread->ckpt_regs.msr (the bug) and MSR
FP=1 will be retained in thread->ckpt_regs.msr.  tm_reclaim_thread()
will then not perform the required memcpy and the checkpointed FP regs
in the thread struct will contain the wrong values.

The code path for this happening is:

       Userspace:                      Kernel
                   Start userspace
                    with MSR FP/VEC/VSX/SPE=0 TM=1
                      < -----
       ...
       tbegin
       bne
       fp instruction
                   FP unavailable
                       ---- >
                                        fp_unavailable_tm()
					  tm_reclaim_current()
					    tm_reclaim_thread()
					      giveup_all()
					        return early since FP/VMX/VSX=0
						/* ckpt MSR not updated (Incorrect) */
					      tm_reclaim()
					        /* thread_struct ckpt FP regs contain junk (OK) */
                                              /* Sees ckpt MSR FP=1 (Incorrect) */
					      no memcpy() performed
					        /* thread_struct ckpt FP regs not fixed (Incorrect) */
					  tm_recheckpoint()
					     /* Put junk in hardware checkpoint FP regs */
                                         ....
                      < -----
                   Return to userspace
                     with MSR TM=1 FP=1
                     with junk in the FP TM checkpoint
       TM rollback
       reads FP junk

This is a data integrity problem for the current process as the FP
registers are corrupted. It's also a security problem as the FP
registers from one process may be leaked to another.

This patch moves up check_if_tm_restore_required() in giveup_all() to
ensure thread->ckpt_regs.msr is updated correctly.

A simple testcase to replicate this will be posted to
tools/testing/selftests/powerpc/tm/tm-poison.c

Similarly for VMX.

This fixes CVE-2019-15030.

Fixes: f48e91e87e ("powerpc/tm: Fix FP and VMX register corruption")
Cc: stable@vger.kernel.org # 4.12+
Signed-off-by: Gustavo Romero <gromero@linux.vnet.ibm.com>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190904045529.23002-1-gromero@linux.vnet.ibm.com
2019-09-04 22:31:13 +10:00
Nadav Amit
02fa5d7b17 mm/balloon_compaction: suppress allocation warnings
There is no reason to print warnings when balloon page allocation fails,
as they are expected and can be handled gracefully.  Since VMware
balloon now uses balloon-compaction infrastructure, and suppressed these
warnings before, it is also beneficial to suppress these warnings to
keep the same behavior that the balloon had before.

Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
2019-09-04 07:42:01 -04:00
Michael S. Tsirkin
3d2c7d3704 Revert "vhost: access vq metadata through kernel virtual address"
This reverts commit 7f466032dc ("vhost: access vq metadata through
kernel virtual address").  The commit caused a bunch of issues, and
while commit 73f628ec9e ("vhost: disable metadata prefetch
optimization") disabled the optimization it's not nice to keep lots of
dead code around.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-09-04 07:39:48 -04:00
Yunsheng Lin
896fc242bc vhost: Remove unnecessary variable
It is unnecessary to use ret variable to return the error
code, just return the error code directly.

Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-09-04 06:21:17 -04:00
? jiang
718be6bab2 virtio-net: lower min ring num_free for efficiency
This change lowers ring buffer reclaim threshold from 1/2*queue to budget
for better performance. According to our test with qemu + dpdk, packet
dropping happens when the guest is not able to provide free buffer in
avail ring timely with default 1/2*queue. The value in the patch has been
tested and does show better performance.

Test setup: iperf3 to generate packets to guest (total 30mins, pps 400k, UDP)
avg packets drop before: 2842
avg packets drop after: 360(-87.3%)

Further, current code suffers from a starvation problem: the amount of
work done by try_fill_recv is not bounded by the budget parameter, thus
(with large queues) once in a while userspace gets blocked for a long
time while queue is being refilled. Trigger refills earlier to make sure
the amount of work to do is limited.

Signed-off-by: jiangkidd <jiangkidd@hotmail.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-09-04 06:21:17 -04:00
Tiwei Bie
264b563b86 vhost/test: fix build for vhost test
Since vhost_exceeds_weight() was introduced, callers need to specify
the packet weight and byte weight in vhost_dev_init(). Note that, the
packet weight isn't counted in this patch to keep the original behavior
unchanged.

Fixes: e82b9b0727 ("vhost: introduce vhost_exceeds_weight()")
Cc: stable@vger.kernel.org
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
2019-09-04 06:21:17 -04:00
Tiwei Bie
93d2c4de8d vhost/test: fix build for vhost test
Since below commit, callers need to specify the iov_limit in
vhost_dev_init() explicitly.

Fixes: b46a0bf78a ("vhost: fix OOB in get_rx_bufs()")
Cc: stable@vger.kernel.org
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
2019-09-04 06:21:17 -04:00
Hui Wang
2a36c16efa ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
This ThinkCentre machine has a new realtek codec alc222, it is not
in the support list, we add it in the realtek.c then this machine
can apply FIXUPs for the realtek codec.

And this machine has two front mics which can't be handled
by PA so far, it uses the pin 0x18 and 0x19 as the front mics, as
a result the existing FIXUP ALC294_FIXUP_LENOVO_MIC_LOCATION doesn't
work on this machine. Fortunately another FIXUP
ALC283_FIXUP_HEADSET_MIC also can change the location for one of the
two mics on this machine.

Link: https://lore.kernel.org/r/20190904055327.9883-1-hui.wang@canonical.com
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-09-04 08:36:57 +02:00