Calculation did not use IIO_DEGREE_TO_RAD and implemented a variant to
avoid precision loss as we aim a nano value. The offset added to avoid
rounding error, though, doesn't give us a close result to the expected
value. E.g.
For 1000dps, the result should be:
(1000 * pi ) / 180 >> 15 ~= 0.000532632218
But with current calculation we get
$ cat scale
0.000547890
Fix the calculation by just doing the maths involved for a nano value
val * pi * 10e12 / (180 * 2^15)
so we get a closer result.
$ cat scale
0.000532632
Fixes: c14dca07a3 ("iio: cros_ec_sensors: add ChromeOS EC Contiguous Sensors driver")
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
In remove, the clock is disabled before canceling the
delayed work. This means that the delayed work may be
touching unclocked hardware.
Fix by disabling the clock after the delayed work is
fully canceled. This is consistent with the probe error
path order.
Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
If probe errors out after request_irq(), its error path
does not explicitly cancel the delayed work, which may
have been scheduled by the interrupt handler.
This means the delayed work may still be running when
the core frees the private structure (struct xadc).
This is a potential use-after-free.
Fix by inserting cancel_delayed_work_sync() in the probe
error path.
Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
When cancel_delayed_work() returns, the delayed work may still
be running. This means that the core could potentially free
the private structure (struct xadc) while the delayed work
is still using it. This is a potential use-after-free.
Fix by calling cancel_delayed_work_sync(), which waits for
any residual work to finish before returning.
Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
When issuing the write DAC register and write eeprom command, the two
powerdown bits (PD0 and PD1) are assumed by the chip to be present in
the bytes sent. Leaving them at 0 implies "powerdown disabled" which is
a different state that the current one. By adding the current state of
the powerdown in the i2c write, the chip will correctly power-on exactly
like as it is at the moment of store_eeprom call.
This is documented in MCP4725's datasheet, FIGURE 6-2: "Write Commands
for DAC Input Register and EEPROM" and MCP4726's datasheet, FIGURE 6-3:
"Write All Memory Command".
Signed-off-by: Jean-Francois Dagenais <jeff.dagenais@gmail.com>
Acked-by: Peter Meerwald-Stadler <pmeerw@pmeerw.net>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Permission checks on current's netns should be done only when
netns are enabled.
Reported-by: Dominik Brodowski <linux@dominikbrodowski.net>
Fixes: 23bf1b6be9
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
In case request_region fails, the fix returns an error code to
avoid NULL pointer dereference.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
In case ioremap_nocache fails, the fix releases chip and returns
an error code upstream to avoid NULL pointer dereference.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAlyMMnkACgkQiiy9cAdy
T1ElsAv/YV7vKbDgJOQfb925LbHqaythYQf8Z9CLwJdjW96k0pNP0bB8KPgw/4dE
t0Z1rzEoS7X7A1mh52tUUWEa1ygeOekMankJZtXzkMe2rl9m846jO/ynUDB0CFlE
5OuRdFpjSMlTdHIRw8F5GTBwO8PM/MYWvoNyO9+foJp+Z/rFtTtrPuAcJvr3NP/O
vyOXXVZ+xbqWYe1s/WGzk04Fzm6gB5V0BQyUZmmf3jZen+5vmDKRa2QMlqk0tt5O
DDZYj8utkgSGtEapWPWzgWU9gIWNSN5GdeKprIGLwESKxMrGrZiZDErpHDzwPKJX
MMPlZVvpU7BYtnMQCe82EQ74Nu/YDcMCCQjnaQDWcbQVEM/bt7Z4RXVEFcVsFO9s
aXwK3iRYYjLcIxuBxM3NWeZMPa5C4u6rCMjDNp91oKm5OZtJrZmB4JOHGwoeVYEF
pJZhT/txmuws828qLmuVCh9IOKouzRH3UxZ/PBKMEtnix9rX7juqSaHCh8pxlW+1
3vQdxnx2
=dG+z
-----END PGP SIGNATURE-----
Merge tag '5.1-rc-smb3' of git://git.samba.org/sfrench/cifs-2.6
Pull more smb3 updates from Steve French:
"Various tracing and debugging improvements, crediting fixes, some
cleanup, and important fallocate fix (fixes three xfstests) and lock
fix.
Summary:
- Various additional dynamic tracing tracepoints
- Debugging improvements (including ability to query the server via
SMB3 fsctl from userspace tools which can help with stats and
debugging)
- One minor performance improvement (root directory inode caching)
- Crediting (SMB3 flow control) fixes
- Some cleanup (docs and to mknod)
- Important fixes: one to smb3 implementation of fallocate zero range
(which fixes three xfstests) and a POSIX lock fix"
* tag '5.1-rc-smb3' of git://git.samba.org/sfrench/cifs-2.6: (22 commits)
CIFS: fix POSIX lock leak and invalid ptr deref
SMB3: Allow SMB3 FSCTL queries to be sent to server from tools
cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc
smb2: fix typo in definition of a few error flags
CIFS: make mknod() an smb_version_op
cifs: minor documentation updates
cifs: remove unused value pointed out by Coverity
SMB3: passthru query info doesn't check for SMB3 FSCTL passthru
smb3: add dynamic tracepoints for simple fallocate and zero range
cifs: fix smb3_zero_range so it can expand the file-size when required
cifs: add SMB2_ioctl_init/free helpers to be used with compounding
smb3: Add dynamic trace points for various compounded smb3 ops
cifs: cache FILE_ALL_INFO for the shared root handle
smb3: display volume serial number for shares in /proc/fs/cifs/DebugData
cifs: simplify how we handle credits in compound_send_recv()
smb3: add dynamic tracepoint for timeout waiting for credits
smb3: display security information in /proc/fs/cifs/DebugData more accurately
cifs: add a timeout argument to wait_for_free_credits
cifs: prevent starvation in wait_for_free_credits for multi-credit requests
cifs: wait_for_free_credits() make it possible to wait for >=1 credits
...
Yauheni Kaliuta pointed out that PTR_TO_STACK store/load verifier test
was failing on powerpc64 BE, and rightfully indicated that the PPC_LD()
macro is not masking away the last two bits of the offset per the ISA,
resulting in the generation of 'lwa' instruction instead of the intended
'ld' instruction.
Segher also pointed out that we can't simply mask away the last two bits
as that will result in loading/storing from/to a memory location that
was not intended.
This patch addresses this by using ldx/stdx if the offset is not
word-aligned. We load the offset into a temporary register (TMP_REG_2)
and use that as the index register in a subsequent ldx/stdx. We fix
PPC_LD() macro to mask off the last two bits, but enhance PPC_BPF_LL()
and PPC_BPF_STL() to factor in the offset value and generate the proper
instruction sequence. We also convert all existing users of PPC_LD() and
PPC_STD() to use these macros. All existing uses of these macros have
been audited to ensure that TMP_REG_2 can be clobbered.
Fixes: 156d0e290e ("powerpc/ebpf/jit: Implement JIT compiler for extended BPF")
Cc: stable@vger.kernel.org # v4.9+
Reported-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
When the umem is cleaned up, the task that created it might already be
gone. If the task was gone, the xdp_umem_release function did not free
the pages member of struct xdp_umem.
It turned out that the task lookup was not needed at all; The code was
a left-over when we moved from task accounting to user accounting [1].
This patch fixes the memory leak by removing the task lookup logic
completely.
[1] https://lore.kernel.org/netdev/20180131135356.19134-3-bjorn.topel@gmail.com/
Link: https://lore.kernel.org/netdev/c1cb2ca8-6a14-3980-8672-f3de0bb38dfd@suse.cz/
Fixes: c0c77d8fb7 ("xsk: add user memory registration support sockopt")
Reported-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Same reasons than the ones explained in commit 4179cb5a4c
("vxlan: test dev->flags & IFF_UP before calling netif_rx()")
netif_rx_ni() or napi_gro_frags() must be called under a strict contract.
At device dismantle phase, core networking clears IFF_UP
and flush_all_backlogs() is called after rcu grace period
to make sure no incoming packet might be in a cpu backlog
and still referencing the device.
A similar protocol is used for gro layer.
Most drivers call netif_rx() from their interrupt handler,
and since the interrupts are disabled at device dismantle,
netif_rx() does not have to check dev->flags & IFF_UP
Virtual drivers do not have this guarantee, and must
therefore make the check themselves.
Fixes: 1bd4978a88 ("tun: honor IFF_UP in tun_get_user()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
If an interrupt is already pending when the interrupt is enabled on the
GXL phy, no IRQ will ever be triggered.
The fix is simply to make sure pending IRQs are cleared before setting
up the irq mask.
Fixes: cf127ff20a ("net: phy: meson-gxl: add interrupt support")
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Adds missing sphinx documentation to the
socket.c's functions. Also fixes some whitespaces.
I also changed the style of older documentation as an
effort to have an uniform documentation style.
Signed-off-by: Pedro Tammela <pctammela@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull UML updates from Richard Weinberger:
"Bugfix for the UML block device driver"
* 'for-linus-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
um: Fix for a possible OOPS in ubd initialization
um: Remove duplicated include from vector_user.c
for 32-bit guests
s390: interrupt cleanup, introduction of the Guest Information Block,
preparation for processor subfunctions in cpu models
PPC: bug fixes and improvements, especially related to machine checks
and protection keys
x86: many, many cleanups, including removing a bunch of MMU code for
unnecessary optimizations; plus AVIC fixes.
Generic: memcg accounting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJci+7XAAoJEL/70l94x66DUMkIAKvEefhceySHYiTpfefjLjIC
16RewgHa+9CO4Oo5iXiWd90fKxtXLXmxDQOS4VGzN0rxvLGRw/fyXIxL1MDOkaAO
l8SLSNuewY4XBUgISL3PMz123r18DAGOuy9mEcYU/IMesYD2F+wy5lJ17HIGq6X2
RpoF1p3qO1jfkPTKOob6Ixd4H5beJNPKpdth7LY3PJaVhDxgouj32fxnLnATVSnN
gENQ10fnt8BCjshRYW6Z2/9bF15JCkUFR1xdBW2/xh1oj+kvPqqqk2bEN1eVQzUy
2hT/XkwtpthqjSbX8NNavWRSFnOnbMLTRKQyIXmFVsM5VoSrwtiGsCFzBgcT++I=
=XIzU
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM updates from Paolo Bonzini:
"ARM:
- some cleanups
- direct physical timer assignment
- cache sanitization for 32-bit guests
s390:
- interrupt cleanup
- introduction of the Guest Information Block
- preparation for processor subfunctions in cpu models
PPC:
- bug fixes and improvements, especially related to machine checks
and protection keys
x86:
- many, many cleanups, including removing a bunch of MMU code for
unnecessary optimizations
- AVIC fixes
Generic:
- memcg accounting"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (147 commits)
kvm: vmx: fix formatting of a comment
KVM: doc: Document the life cycle of a VM and its resources
MAINTAINERS: Add KVM selftests to existing KVM entry
Revert "KVM/MMU: Flush tlb directly in the kvm_zap_gfn_range()"
KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()
KVM: PPC: Fix compilation when KVM is not enabled
KVM: Minor cleanups for kvm_main.c
KVM: s390: add debug logging for cpu model subfunctions
KVM: s390: implement subfunction processor calls
arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
KVM: arm/arm64: Remove unused timer variable
KVM: PPC: Book3S: Improve KVM reference counting
KVM: PPC: Book3S HV: Fix build failure without IOMMU support
Revert "KVM: Eliminate extra function calls in kvm_get_dirty_log_protect()"
x86: kvmguest: use TSC clocksource if invariant TSC is exposed
KVM: Never start grow vCPU halt_poll_ns from value below halt_poll_ns_grow_start
KVM: Expose the initial start value in grow_halt_poll_ns() as a module parameter
KVM: grow_halt_poll_ns() should never shrink vCPU halt_poll_ns
KVM: x86/mmu: Consolidate kvm_mmu_zap_all() and kvm_mmu_zap_mmio_sptes()
KVM: x86/mmu: WARN if zapping a MMIO spte results in zapping children
...
error checks.
-----BEGIN PGP SIGNATURE-----
iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCXIukmxQccm9zdGVkdEBn
b29kbWlzLm9yZwAKCRAp5XQQmuv6qi+PAQCKf6Yz7LZ3oBtjKy7jJRhkAn3Ie5Ls
n7KOXnOGntO1cgD/RdynJcFtpwgDxuj7L/c3iInel0B/rdU5VLbglXy+2AA=
=y/ft
-----END PGP SIGNATURE-----
Merge tag 'trace-v5.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fixes and cleanups from Steven Rostedt:
"This contains a series of last minute clean ups, small fixes and error
checks"
* tag 'trace-v5.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing/probe: Verify alloc_trace_*probe() result
tracing/probe: Check event/group naming rule at parsing
tracing/probe: Check the size of argument name and body
tracing/probe: Check event name length correctly
tracing/probe: Check maxactive error cases
tracing: kdb: Fix ftdump to not sleep
trace/probes: Remove kernel doc style from non kernel doc comment
tracing/probes: Make reserved_field_names static
- Fix a NULL-pointer dereference issue in the ACPI device
matching code of the AMD IOMMU driver
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEr9jSbILcajRFYWYyK/BELZcBGuMFAlyLxm0ACgkQK/BELZcB
GuM/1Q//VjiedvREnuin2vx+XXsK1qxFPDNFnUegFUI/DdhzRz3kFhmwHlA4/8+Q
AxIi3RQYHPBtOyAagcuWeSmjzef2mRLwFcADHhlCZYaBPx9E2rk455VXoCFVGIgj
s7gTtVcdDphxh6SUCbX9KIwET/go+WGw/tVYcDcCqtGONKSiOOmRLWqdrmvbKQwz
DOOIMYCZzL7t00oFhjZK/YMu8Yy8VgdeCkHRIQgJyrAxNq0CcJaRvTeA931UIkQr
RC/npS5p/GEXGQLExY8tWDq78LLRfSzovIS1URBfm8eRRfnLUUCdbn3r2CX7Oxnb
ouEteLKEeXPBuHQtlPYRxNWsCpOn99rMYkS7O6luwnBU6WPCvwiTgMb3AaI65QTV
kDMfSABYu1SJ3W/2MaH+Nk+5XGjgk3aWNkvU7s/LqDkcQ0tx2N98XQEyDNj9jY0W
lYyYQrpDEOYOgJZZ2ih/Vm1mUaOK1IolJOjFFIoZ9ov1jcbkwf+8dXaJ+JZaOKar
UPzJsYhA3DUJ5QzSf0tTviIy3lO2fIB08C3eL7ZWxQVLd3MaOR4ufUMZUvFcvfYK
MNwoWwiKghNBeiwjmR2VmUkOdYiWlsmq3sxiecV/NFZX76rMCt1neZTqyrOD/KV/
SiJbwYfVmDSlkokEfGrqNpfSmJsUYcDBurfokrdd+LInRSUjlAg=
=squ6
-----END PGP SIGNATURE-----
Merge tag 'iommu-fix-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull IOMMU fix from Joerg Roedel:
"Fix a NULL-pointer dereference issue in the ACPI device matching code
of the AMD IOMMU driver"
* tag 'iommu-fix-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/amd: Fix NULL dereference bug in match_hid_uid
- An improvement from Ard Biesheuvel, who noted that the identity map
setup was taking a long time due to flush_cache_louis().
- Update a comment about dma_ops from Wolfram Sang.
- Remove use of "-p" with ld, where this flag has been a no-op since
2004.
- Remove the printing of the virtual memory layout, which is no longer
useful since we hide pointers.
- Correct SCU help text.
- Remove legacy TWD registration method.
- Add pgprot_device() implementation for mapping PCI sysfs resource
files.
- Initialise PFN limits earlier for kmemleak.
- Fix argument count to match macro definition (affects clang builds)
- Use unified assembler language almost everywhere for clang, and
other clang improvements (from Stefan Agner, Nathan Chancellor).
- Support security extension for noMMU and other noMMU cleanups
(from Vladimir Murzin).
- Remove unnecessary SMP bringup code (which was incorrectly copy'n'
pasted from the ARM platform implementations) and remove it from
the arch code to discourge further copys of it appearing.
- Add Cortex A9 erratum preventing kexec working on some SoCs.
- AMBA bus identification updates from Mike Leach.
- More use of raw spinlocks to avoid -RT kernel issues
(from Yang Shi and Sebastian Andrzej Siewior).
- MCPM hyp/svc mode mismatch fixes from Marek Szyprowski.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIUAwUAXIvD9vTnkBvkraxkAQIiiw/41bA3yIv+4J/t7vw6PkMRzFwRG8YYc+ms
Rw6wlJIeBkiq2m5XOTNswMMjSDbYu0n5utzFTsf65nFxW2i34XkaC1kDws+vNdtx
WrEPSj6sjXSjuWEV5O3neET5Wc+z+tEJRkRs7E/e/2x1DE4kzYWNy1UT3ohamZmh
HN1Z9C7ijX5toPQ4AtiX12pc8f6CcodBsRUfebYf0+A7cVTyCkIxvMlvhparQjMW
8e4kLRuNvbHuzbbtlPCNMwnLR85FwM463OByk8F0nZ0RShQduAbnHaSZjVwLZUn5
8MMY4Yir7+R3sKc348kqE8WEVgKbeZYrgDJmM1RezJWfEblyFHnanNr/DWeskmZR
4ZFIESNAwQuTSIeCRhllBsGWrEU3pP8bnSTVAEKdv403rWTsRiA+R5/aMKMkfubK
1zNx8B3JszI4FeHVTW0l+2yVBbwm8ZTqHMBuSUF61I292ZrUXfaC+MgZ7CuhD1n9
vKO2MxuKb3BULJmpX5uT8RzBcRA/7eTDZrLkCUmSHmxwIMdkC4cVKyT33s9rue0J
kT/W/iKB9QB4KuHVRVdOJ2VX/KN5YjsRNc5D4kW1Ml9gfdQ3ohWA4yZzPR26KeRE
dHGcCbKK6jHyLxSQdJl1wItGBBUrAKV3u5IDgTClbE9X2LmJIbXwnMdAPC9WVJNb
BfUPlCLS9w==
=U6og
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
Pull ARM updates from Russell King:
- An improvement from Ard Biesheuvel, who noted that the identity map
setup was taking a long time due to flush_cache_louis().
- Update a comment about dma_ops from Wolfram Sang.
- Remove use of "-p" with ld, where this flag has been a no-op since
2004.
- Remove the printing of the virtual memory layout, which is no longer
useful since we hide pointers.
- Correct SCU help text.
- Remove legacy TWD registration method.
- Add pgprot_device() implementation for mapping PCI sysfs resource
files.
- Initialise PFN limits earlier for kmemleak.
- Fix argument count to match macro definition (affects clang builds)
- Use unified assembler language almost everywhere for clang, and other
clang improvements (from Stefan Agner, Nathan Chancellor).
- Support security extension for noMMU and other noMMU cleanups (from
Vladimir Murzin).
- Remove unnecessary SMP bringup code (which was incorrectly copy'n'
pasted from the ARM platform implementations) and remove it from the
arch code to discourge further copys of it appearing.
- Add Cortex A9 erratum preventing kexec working on some SoCs.
- AMBA bus identification updates from Mike Leach.
- More use of raw spinlocks to avoid -RT kernel issues (from Yang Shi
and Sebastian Andrzej Siewior).
- MCPM hyp/svc mode mismatch fixes from Marek Szyprowski.
* tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm: (32 commits)
ARM: 8849/1: NOMMU: Fix encodings for PMSAv8's PRBAR4/PRLAR4
ARM: 8848/1: virt: Align GIC version check with arm64 counterpart
ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
ARM: 8845/1: use unified assembler in c files
ARM: 8844/1: use unified assembler in assembly files
ARM: 8843/1: use unified assembler in headers
ARM: 8841/1: use unified assembler in macros
ARM: 8840/1: use a raw_spinlock_t in unwind
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
ARM: 8837/1: coresight: etmv4: Update ID register table to add UCI support
ARM: 8836/1: drivers: amba: Update component matching to use the CoreSight UCI values.
ARM: 8838/1: drivers: amba: Updates to component identification for driver matching.
ARM: 8833/1: Ensure that NEON code always compiles with Clang
ARM: avoid Cortex-A9 livelock on tight dmb loops
ARM: smp: remove arch-provided "pen_release"
ARM: actions: remove boot_lock and pen_release
ARM: oxnas: remove CPU hotplug implementation
ARM: qcom: remove unnecessary boot_lock
ARM: 8832/1: NOMMU: Limit visibility for CONFIG_FLASH_{MEM_BASE,SIZE}
ARM: 8831/1: NOMMU: pmsa-v8: remove unneeded semicolon
...
transport improvements, and a reworking of the peer_db_addr to all for
better abstraction
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJci/y4AAoJEG5mS6x6i9IjyPkQAJvUPQwQ8r4MD/+rD+mNDe/E
uZDh10x8upLnO0OvD0hPy6mMm+lcwYnCNpTyBhuQr1Lnp/y3pucSa3tRAzCeuYfx
cEvftE9AJ1CfA54YR5VCJTR90EhKQ4oJziD3zvuZpQvnm+0JW7C6lWBIGoBx5gtk
uhdIeN5QyfGPfZcmXjGoSNaYNpqq+6maJkcgV3eATWZdtIZX1Ts6qrJP/RhdH/qy
LrF+rwFU5Diz206jkw6p3AHqU4jT2uzvEAxNV4WIOQ6iuZMKqEHcDBmBtYNoouyw
4+1G4e6mgrl5xd83lRNwtiUTPD6cN+RrGfGPFOyvM8luJheL6Zq/tDdRbDPFXO+M
rlpcRhUtih7x8ev3V/3buRsf/gSmDY+TlYwQ/OPx0U9zjfYAzc+SIEmTjRX+axvZ
/LEi9z+PXLJP6BMS7CjmEfuwlZtx1tV93gtlaDLGhdtbw0dK6qJScV7Fudl7CG4Q
HOl9qDQOoK2oDd8fSb4vm8N0augLNm42ynRwfLKceJpL9Uv2FSlkET9Gt45zmtqz
LLW9N4gvMIW148/i1S2+66rJKdJdvW3v3yqpBab4TigMLEBoIr9QMua5Dd84qGYx
YqPKBKqVAVtSIslQGPrKEZJEg6d8DJcj1XDbdaLCxtEiJw2rvn3TURg7FTeo47FE
FnIuFsui+wHrLHC97XSz
=7EC8
-----END PGP SIGNATURE-----
Merge tag 'ntb-5.1' of git://github.com/jonmason/ntb
Pull NTB updates from Jon Mason:
- fixes for switchtec debugability and mapping table entries
- NTB transport improvements
- a reworking of the peer_db_addr for better abstraction
* tag 'ntb-5.1' of git://github.com/jonmason/ntb:
NTB: add new parameter to peer_db_addr() db_bit and db_data
NTB: ntb_transport: Ensure the destination buffer is mapped for TX DMA
NTB: ntb_transport: Free MWs in ntb_transport_link_cleanup()
ntb_hw_switchtec: Added support of >=4G memory windows
ntb_hw_switchtec: NT req id mapping table register entry number should be 512
ntb_hw_switchtec: debug print 64bit aligned crosslink BAR Numbers
This is a straight port of Al's fix for the aio poll implementation,
since the io_uring version is heavily based on that. The below
description is almost straight from that patch, just modified to
fit the io_uring situation.
io_poll() has to cope with several unpleasant problems:
* requests that might stay around indefinitely need to
be made visible for io_cancel(2); that must not be done to
a request already completed, though.
* in cases when ->poll() has placed us on a waitqueue,
wakeup might have happened (and request completed) before ->poll()
returns.
* worse, in some early wakeup cases request might end
up re-added into the queue later - we can't treat "woken up and
currently not in the queue" as "it's not going to stick around
indefinitely"
* ... moreover, ->poll() might have decided not to
put it on any queues to start with, and that needs to be distinguished
from the previous case
* ->poll() might have tried to put us on more than one queue.
Only the first will succeed for io poll, so we might end up missing
wakeups. OTOH, we might very well notice that only after the
wakeup hits and request gets completed (all before ->poll() gets
around to the second poll_wait()). In that case it's too late to
decide that we have an error.
req->woken was an attempt to deal with that. Unfortunately, it was
broken. What we need to keep track of is not that wakeup has happened -
the thing might come back after that. It's that async reference is
already gone and won't come back, so we can't (and needn't) put the
request on the list of cancellables.
The easiest case is "request hadn't been put on any waitqueues"; we
can tell by seeing NULL apt.head, and in that case there won't be
anything async. We should either complete the request ourselves
(if vfs_poll() reports anything of interest) or return an error.
In all other cases we get exclusion with wakeups by grabbing the
queue lock.
If request is currently on queue and we have something interesting
from vfs_poll(), we can steal it and complete the request ourselves.
If it's on queue and vfs_poll() has not reported anything interesting,
we either put it on the cancellable list, or, if we know that it
hadn't been put on all queues ->poll() wanted it on, we steal it and
return an error.
If it's _not_ on queue, it's either been already dealt with (in which
case we do nothing), or there's io_poll_complete_work() about to be
executed. In that case we either put it on the cancellable list,
or, if we know it hadn't been put on all queues ->poll() wanted it on,
simulate what cancel would've done.
Fixes: 221c5eb233 ("io_uring: add support for IORING_OP_POLL")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
- fix memory access if logo is bigger than the screen (Manfred
Schlaegl)
- silence fbcon logo on 'quiet' boots (Prarit Bhargava)
- use kvmalloc() for scrollback buffer in fbcon (Konstantin Khorenko)
- misc fixes (Colin Ian King, YueHaibing, Matteo Croce, Mathieu
Malaterre, Anders Roxell, Arnd Bergmann)
- misc cleanups (Rob Herring, Lubomir Rintel, Greg Kroah-Hartman,
Jani Nikula, Michal Vokáč)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJci4YTAAoJEH4ztj+gR8IL8jkP/0BkuxHS1ZCP/JAbah/yM838
yuULNSxsO5FqmoH7n7AqDZ8j0NttMEQirzxN7vv5QkZi6QxWVHIFMaxqQSB4DfMg
lLF9LFAL/tzKBc5f3dVnD2YzJpNpg715ncfY55Jz0o/as2RE9OLlmwxYGF1VRLIG
EsBjYm4b0iVCOSu2YxecNCfPoy2LhwdqM8dxXdVgyuDRqxwoD2giC5pNDQVUMvQ3
037S256DblvedGNdj7g0QmmdvOmsd8jjhE/hJmjrvIp43pHDuFSH9mRZufKTVF3l
kXIlrJahH35w/Fv2rdWM4PlmuAKBIm49NVaZFfCodjCLIBidPSWNctKQnhY71Skf
oJSqftgiApVIGweKXYQnFpw964LVe5q85xeVRj3zLr9LCuo4EhiP8ue58eFnwWud
FTLEgiWSlomrd98t2C6HEnEUMv6XlulI2mAMmqBTZmmV/Vm1hiwHkL6sMFLfuB1A
Ee1m6LIqMombGsUwkUmRRGqWNeunX1TETVDCXuPb9EyyigSaA1PDtANF9UzXWMNf
ZKU9Vz0Lq3TFuhr5PolLjiAvXgxf9YLk36VgCu9CoGh/GFpMqRGoDPQkGOxy81E9
FpXTk7A7XmtUiwX4Tfxy6RrRBBtZWwvuBP79/yyEpl+IVbES/nS6R8TekQp5jbZj
r/1Z8shbwO4hltu6z14X
=+ZFI
-----END PGP SIGNATURE-----
Merge tag 'fbdev-v5.1' of git://github.com/bzolnier/linux
Pull fbdev updates from Bartlomiej Zolnierkiewicz:
"Just a couple of small fixes and cleanups:
- fix memory access if logo is bigger than the screen (Manfred
Schlaegl)
- silence fbcon logo on 'quiet' boots (Prarit Bhargava)
- use kvmalloc() for scrollback buffer in fbcon (Konstantin Khorenko)
- misc fixes (Colin Ian King, YueHaibing, Matteo Croce, Mathieu
Malaterre, Anders Roxell, Arnd Bergmann)
- misc cleanups (Rob Herring, Lubomir Rintel, Greg Kroah-Hartman,
Jani Nikula, Michal Vokáč)"
* tag 'fbdev-v5.1' of git://github.com/bzolnier/linux:
fbdev: mbx: fix a misspelled variable name
fbdev: omap2: fix warnings in dss core
video: fbdev: Fix potential NULL pointer dereference
fbcon: Silence fbcon logo on 'quiet' boots
printk: Export console_printk
ARM: dts: imx28-cfa10036: Fix the reset gpio signal polarity
video: ssd1307fb: Do not hard code active-low reset sequence
dt-bindings: display: ssd1307fb: Remove reset-active-low from examples
fbdev: fbmem: fix memory access if logo is bigger than the screen
video/fbdev: refactor video= cmdline parsing
fbdev: mbx: fix up debugfs file creation
fbdev: omap2: no need to check return value of debugfs_create functions
video: fbdev: geode: remove ifdef OLPC noise
video: offb: annotate implicit fall throughs
omapfb: fix typo
fbdev: Use of_node_name_eq for node name comparisons
fbcon: use kvmalloc() for scrollback buffer
fbdev: chipsfb: remove set but not used variable 'size'
fbdev/via: fix spelling mistake "Expandsion" -> "Expansion"
Pull i2c fixes from Wolfram Sang:
"A set of driver bugfixes and an improvement for a core helper"
* 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: i2c-designware-platdrv: Always use a dynamic adapter number
i2c: i2c-designware-platdrv: Cleanup setting of the adapter number
i2c: add extra check to safe DMA buffer helper
i2c: i2c-stm32f7: Fix SDADEL minimum formula
i2c: rcar: explain the lockless design
i2c: rcar: fix concurrency issue related to ICDMAER
i2c: sis630: correct format strings
i2c: mediatek: modify threshold passed to i2c_get_dma_safe_msg_buf()
Some gleaning after the first batch; mostly about HD-audio quirks but
also some NULL dereference fixes in corner cases and a random build
error fix, too.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlyLaFQOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE/uEBAAkbxovGK+AdyAuIeByavDJjMUgyF+RCUhh2Lh
tINcberr1YIAPnyZO0cBsa3FlYg0IIGqsgEBQlNsusB5mev8tMg2WjuCLyp2WRvT
DbhA9uQ9sI3O1irOf+uICwB5gwji6JaAO9csYM9dq0f4YcMklNqowlCIYWwF4arL
X0Upm52UPRd0DU/LrL1DkjNij+GSRRGBbjbgwJ5zA1aqHf8YYl7tpdEmAiSabJAV
fhPbBrl8BOtk4WPscjygvdiUsoDivLSGvzBvG40DaJDDHNtY5e3Ie0nEwHSbC4Pf
VV+RgA7kDPBwxdD2jYQu8rfVgjjKGyojQkB90nyfNqvcgoeJOXTo0sIIoUzgKG/l
BYm4bmZwv27l592WQvnXpfbpMlPshqoi9TdDJ/o2gV5+O+NIzfkExHOtTFvct4jl
5wWfEPOgQW2ugxPX9nI6GozHMVhIxrog1IOqmiHC9O8chQ3mmhHntV03g/3BW5bo
LDCbfeogUifyJeA+G3U2ObPBGjhrrxPZt+6nNh9jJZPLgPQyuw1nkj22v0d9UbUk
SmRFDyifvMZHetbJl+FPpDjdBKwdRAdT2EKTy3BXNduabwuT1Ho8LxAkZSGQKclg
e4SdOtARpVNwjaEihS9Cz9YFbSldtO8yAUk3QxNuwuHJbvp9X/hw8Ye7kGEpXrPb
Gpc8pyo=
=F1m3
-----END PGP SIGNATURE-----
Merge tag 'sound-fix-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Some cleaning after the first batch; mostly about HD-audio quirks but
also some NULL dereference fixes in corner cases and a random build
error fix, too"
* tag 'sound-fix-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB
ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO
ALSA: hda/realtek: merge alc_fixup_headset_jack to alc295_fixup_chromebook
ALSA: pcm: Fix function name in kernel-doc comment
ALSA: hda: hdmi - add Icelake support
ALSA: hda - add more quirks for HP Z2 G4 and HP Z240
ALSA: hda/realtek - Fixed Headset Mic JD not stable
ALSA: hda/realtek: Enable headset MIC of Acer TravelMate X514-51T with ALC255
ALSA: hda/tegra: avoid build error without CONFIG_PM
ALSA: usx2y: Fix potential NULL pointer dereference
ALSA: hda: Avoid NULL pointer dereference at snd_hdac_stream_start()
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJcivCBAAoJEAx081l5xIa+5OcQAKh/k6N1o83OIlw4OjWXZN/z
YIyj/E/RjDwtXweXWC9cbv41hqWxYrUWQ6JrFgH19vF4grbOlpBpvlr2tQXyGS2c
Gl87+w/VUBYXHe+SqFNsMq8SQQCAKfxb1hIXOScmpBHrCYK21NT8ulw6CY32d3Da
QF+VhA3P4MOdecrrINA+GbxM0Pf/E3qjLA8U2jbZsW7vIYC5AyLuwTXFTC9vVR5S
JfMfjU6T2m8eX0x79S8scinMqfkMsrdwBgG53FkRTi0DJb65ab97/cCtHVABrS/4
xoF52Gb1uSin1S4KliWyB7Z+UcieYPhsLdo/983Vp56oZta2Rgi5R3L+cPLNgKGj
+kFJBGT25zgtl+va5XqZ9CYkb/zW08nif7USWt+B6XGJ2ppyyyLX+jLoQHZK8ywn
1CC/IYMKs+vRA+2N7MfZHgx2LAIGtpxCL6xYuyfJuWOCb/TNR+ijpnmbBRClDdfF
mvL4sPCLT84ntpgFXOnbtWx+uRNTLWdtJaL3M3ovtlESLT3xdXSJnXHs0pc3+ygi
rVTLPl3yjGCqGPf9Rv33g3c4dSIWkwSbRgWjTYhRQukd9rqZNxywC8AbgyAAHadS
JefVt3G7dJgKOrb+5nyBWQYaq8I+Q/DjRJv3o36qCBsmGExeDR5IawTAQtjGmoZl
LXA2uyuLoGGFHKUcdYU5
=vzKe
-----END PGP SIGNATURE-----
Merge tag 'drm-next-2019-03-15' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes and updates from Dave Airlie:
"A few various fixes pulls and one late etnaviv pull but it was nearly
all fixes anyways.
etnaviv:
- late next pull
- mmu mapping fix
- build non-ARM arches
- misc fixes
i915:
- HDCP state handling fix
- shrinker interaction fix
- atomic state leak fix
qxl:
- kick out framebuffers early fix
amdgpu:
- Powerplay fixes
- DC fixes
- BACO turned off for now on vega20
- Locking fix
- KFD MQD fix
- gfx9 golden register updates"
* tag 'drm-next-2019-03-15' of git://anongit.freedesktop.org/drm/drm: (43 commits)
drm/amdgpu: Update gc golden setting for vega family
drm/amd/powerplay: correct power reading on fiji
drm/amd/powerplay: set max fan target temperature as 105C
drm/i915: Relax mmap VMA check
drm/i915: Fix atomic state leak when resetting HDMI link
drm/i915: Acquire breadcrumb ref before cancelling
drm/i915/selftests: Always free spinner on __sseu_prepare error
drm/i915: Reacquire priolist cache after dropping the engine lock
drm/i915: Protect i915_active iterators from the shrinker
drm/i915: HDCP state handling in ddi_update_pipe
drm/qxl: remove conflicting framebuffers earlier
drm/fb-helper: call vga_remove_vgacon automatically.
drm: move i915_kick_out_vgacon to vgaarb
drm/amd/display: don't call dm_pp_ function from an fpu block
drm: add __user attribute to ptr_to_compat()
drm/amdgpu: clear PDs/PTs only after initializing them
drm/amd/display: Pass app_tf by value rather than by reference
Revert "drm/amdgpu: use BACO reset on vega20 if platform support"
drm/amd/powerplay: show the right override pcie parameters
drm/amd/powerplay: honor the OD settings
...
- Fix some clang/smatch/sparse warnings about uninitialized variables.
- Clean up some typedef usage.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEUzaAxoMeQq6m2jMV+H93GTRKtOsFAlyH+rEACgkQ+H93GTRK
tOsoYA/+MBjGB3rbDAZfY7/tlTnQS4Yc7XsBz9C0SvLul0/CbcTPM1w8CO0clH3d
OxemwdqpoxZkcet3Sv1m2/sr6PVM+7r6f2vn0j19iPOI5soF0hX4XLnvkNhFZbm0
cl25rO9GuXcG7U7iLXdjyGrXNc+8Hy5kmZJzx3MA7DPTjkEQGgWrB4XIgvNnv0k9
cIfJtuC9FKFO1/+6oTWid1v+HCPea7m8ORosWgh0q6S9noPAE63vDbesrxHpI3i4
TLu5L3r6IXHzLRuCcDcB7aPu98L9eLhrBSBqEuiFlkf03ASJqAO4jMarV73WSdvO
YR1CcWaOGO1W6VRp67N9iLw5WZxplG9n0NaecM1w70g84wSimNmmtBnzHNnfIa8P
ZopsLJgflQV18qcmjWTnzeNF5RvAu7tQRLLmzJkLiZjQzmk9mr+t41MeIybho9eZ
zDs8ePN56pUJ6xqaLFTx4MdUkJ8LlllOqsKa7tILu1w76ClGEtSGo48Y/eog+aAu
MIOAjFY9esUNdVlMu8fsa83DWg31AlwTPYQ5nlrRQ1Xk1GGPAr8lzfQTOG+NI1qo
eWM8NRqaFDYI/1Ruy3keOsAfuNQkOiNrLz8ge3xH9Y10+meMejoaOLgWMdnyDlYZ
WxmhlYkmVycpZXmm9lR9Dt7qKLg+6texQccbkNUjPwrA8bTs5Ek=
=YIiT
-----END PGP SIGNATURE-----
Merge tag 'xfs-5.1-merge-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Pull xfs cleanups from Darrick Wong:
"Here's a few more cleanups that trickled in for the merge window.
It's all fixes for static checker complaints and slowly unwinding
typedef usage. The four patches here have gone through a few days
worth of fstest runs with no new problems observed.
Summary:
- Fix some clang/smatch/sparse warnings about uninitialized
variables.
- Clean up some typedef usage"
* tag 'xfs-5.1-merge-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: clean up xfs_dir2_leaf_addname
xfs: zero initialize highstale and lowstale in xfs_dir2_leaf_addname
xfs: clean up xfs_dir2_leafn_add
xfs: Zero initialize highstale and lowstale in xfs_dir2_leafn_add
We've continued mainly to fix bugs in this round, as f2fs has been shipped
in more devices. Especially, we've focused on stabilizing checkpoint=disable
feature, and provided some interfaces for QA.
Enhancement:
- expose FS_NOCOW_FL for pin_file
- run discard jobs at unmount time with timeout
- tune discarding thread to avoid idling which consumes power
- some checking codes to address vulnerabilities
- give random value to i_generation
- shutdown with more flags for QA
Bug fix:
- clean up stale objects when mount is failed along with checkpoint=disable
- fix system being stuck due to wrong count by atomic writes
- handle some corrupted disk cases
- fix a deadlock in f2fs_read_inline_dir
We've also added some minor build errors and clean-up patches.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE00UqedjCtOrGVvQiQBSofoJIUNIFAlyKk4YACgkQQBSofoJI
UNIMVw//Rb3nmbQkMW/86DxtHDxuS8GEJmle0DiHeFMHgwy0ET0uZs9/AEfmuejC
95cXnF44QfVaFwkOXCK6aKXJXwN0+ZS0YvV/gPE8lgU6sdQhJBox5DC+rx+OwFq5
rZiF8qvE8iyM9Xt+RfMBGufzUb+LKBz0ozQFZpKJiNTBBf5vpeqMYASEEfxiEmZz
GvvUNSBRw39OB5zTl5l2hnoNqkoFu6XHnf4f9+DnraVi8SuQzj6hdqsx0nYTHfLi
Rax8kA4HUwoVgjhaLLXFbbhWIQ83bcZ0cj6wq7Lr7NbbIi7bKYP6sxtKjbe2Fuql
m9Chm2LIvD1BfJnjdTk2krqY7Z4bX/4gmXukno/8X/cjWkpBV6HFWS73iTgrJjU2
d8kBFXwlIn+JlATSjsTtdfvKkTwxUhaGw1bBA96Am4c5tLQyOqyYWcfQA/tam/v4
dM9EQX5ZeRb6NXDeIxkXNfTSpDRnqlhJsTV5aK8qporyF1RkKVbyCpSt1P4q3KO5
UwsGZLFAVMzFaUVfyIS7dR5QVczQUTCH4g0yFNpBMvF8epOA4+jbYxQeGZfqFK3H
mTC/Ba+VWWdYW2pZRNc9TnBsHg/xadMJq7EQb/ykGBe6JZJfB0wREj4LSr1lGK9a
cU8JFGyqg1Rt/uRP0bb5IIec1YVton3Lq8ND9VZPNcV/mS5Gehg=
=9BoH
-----END PGP SIGNATURE-----
Merge tag 'f2fs-for-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs
Pull f2fs updates from Jaegeuk Kim:
"We've continued mainly to fix bugs in this round, as f2fs has been
shipped in more devices. Especially, we've focused on stabilizing
checkpoint=disable feature, and provided some interfaces for QA.
Enhancements:
- expose FS_NOCOW_FL for pin_file
- run discard jobs at unmount time with timeout
- tune discarding thread to avoid idling which consumes power
- some checking codes to address vulnerabilities
- give random value to i_generation
- shutdown with more flags for QA
Bug fixes:
- clean up stale objects when mount is failed along with
checkpoint=disable
- fix system being stuck due to wrong count by atomic writes
- handle some corrupted disk cases
- fix a deadlock in f2fs_read_inline_dir
We've also added some minor build error fixes and clean-up patches"
* tag 'f2fs-for-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (53 commits)
f2fs: set pin_file under CAP_SYS_ADMIN
f2fs: fix to avoid deadlock in f2fs_read_inline_dir()
f2fs: fix to adapt small inline xattr space in __find_inline_xattr()
f2fs: fix to do sanity check with inode.i_inline_xattr_size
f2fs: give some messages for inline_xattr_size
f2fs: don't trigger read IO for beyond EOF page
f2fs: fix to add refcount once page is tagged PG_private
f2fs: remove wrong comment in f2fs_invalidate_page()
f2fs: fix to use kvfree instead of kzfree
f2fs: print more parameters in trace_f2fs_map_blocks
f2fs: trace f2fs_ioc_shutdown
f2fs: fix to avoid deadlock of atomic file operations
f2fs: fix to dirty inode for i_mode recovery
f2fs: give random value to i_generation
f2fs: no need to take page lock in readdir
f2fs: fix to update iostat correctly in IPU path
f2fs: fix encrypted page memory leak
f2fs: make fault injection covering __submit_flush_wait()
f2fs: fix to retry fill_super only if recovery failed
f2fs: silence VM_WARN_ON_ONCE in mempool_alloc
...
In case create_singlethread_workqueue fails, the check returns
an error to callers to avoid potential NULL pointer dereferences.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Merge the left-over patches from Andrew Morton.
This merges the remaining two patches from Andrew's pile of "little bit
more MM". I mulled it over, and we emailed back and forth with Josef,
and he pointed out where I was wrong.
Rule #51 of kernel maintenance: when somebody makes it clear that they
know the code better than you did, stop arguing and just apply the damn
patch.
Add a third patch by me to add a comment for the case that I had thought
was buggy and Josef corrected me on.
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
filemap: add a comment about FAULT_FLAG_RETRY_NOWAIT behavior
filemap: drop the mmap_sem for all blocking operations
filemap: kill page_cache_read usage in filemap_fault
There are several statements that contain extra spacing in
the indentation; clean this up by removing spaces. Also
add { } braces on if statement to keep to kernel coding
style.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
There is a statement that is indented incorrectly; replace
spaces with a tab.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
We initially interpreted the fwmark parameter as a flag that simply turned
on the feature, using the whole skb->mark field as the index into the CAKE
tin_order array. However, it is quite common for different applications to
use different parts of the mask field for their own purposes, each using a
different mask.
Support this use of subsets of the mark by interpreting the TCA_CAKE_FWMARK
parameter as a bitmask to apply to the fwmark field when reading it. The
result will be right-shifted by the number of unset lower bits of the mask
before looking up the tin.
In the original commit message we also failed to credit Felix Resch with
originally suggesting the fwmark feature back in 2017; so the Suggested-By
in this commit covers the whole fwmark feature.
Fixes: 0b5c7efdfc ("sch_cake: Permit use of connmarks as tin classifiers")
Suggested-by: Felix Resch <fuller@beif.de>
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
netdev_alloc_skb can fail and return a NULL pointer which is
dereferenced without a check. The patch avoids such a scenario.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
When sending non-linear skbs with jumbo frames, we set up the non-paged
data and mark that as a last segment, although the paged fragments are
also prepared. This will stall the TX queue and trigger a watchdog warning
(a simple reproducer is to run an iperf client mode TCP test with a large
MTU - networking fails instantly).
Fix by checking if the skb is non-linear.
Signed-off-by: Aaro Koskinen <aaro.koskinen@nokia.com>
Acked-by: Jose Abreu <joabreu@synopsys.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 0e80bdc9a7 ("stmmac: first frame prep at the end of xmit
routine") overlooked jumbo frames when re-ordering the code, and as a
result the own bit was not getting set anymore for the first jumbo frame
descriptor. Commit 487e2e22ab ("net: stmmac: Set OWN bit for jumbo
frames") tried to fix this, but now the bit is getting set too early and
the DMA may start while we are still setting up the remaining descriptors.
And with the chain mode the own bit remains still unset.
Fix by setting the own bit at the end of xmit also with jumbo frames.
Fixes: 0e80bdc9a7 ("stmmac: first frame prep at the end of xmit routine")
Fixes: 487e2e22ab ("net: stmmac: Set OWN bit for jumbo frames")
Signed-off-by: Aaro Koskinen <aaro.koskinen@nokia.com>
Acked-by: Jose Abreu <joabreu@synopsys.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
I thought Josef Bacik's patch to drop the mmap_sem was buggy, because
when looking at the error cases, there was one case where we returned
VM_FAULT_RETRY without actually dropping the mmap_sem.
Josef had to explain to me (using small words) that yes, that's actually
what we're supposed to do, and his patch was correct. Which not only
convinced me he knew what he was doing and I should stop arguing with
him, but also that I should add a comment to the case I was confused
about.
Patiently-pointed-out-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
register_snap_client may return NULL, all the callers
check it, but only print a warning. This will result in
NULL pointer dereference in unregister_snap_client and other
places.
It has always been used like this since v2.6
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The series to add memcg accounting to KVM allocations[1] states:
There are many KVM kernel memory allocations which are tied to the
life of the VM process and should be charged to the VM process's
cgroup.
While it is correct to account KVM kernel allocations to the cgroup of
the process that created the VM, it's technically incorrect to state
that the KVM kernel memory allocations are tied to the life of the VM
process. This is because the VM itself, i.e. struct kvm, is not tied to
the life of the process which created it, rather it is tied to the life
of its associated file descriptor. In other words, kvm_destroy_vm() is
not invoked until fput() decrements its associated file's refcount to
zero. A simple example is to fork() in Qemu and have the child sleep
indefinitely; kvm_destroy_vm() isn't called until Qemu closes its file
descriptor *and* the rogue child is killed.
The allocations are guaranteed to be *accounted* to the process which
created the VM, but only because KVM's per-{VM,vCPU} ioctls reject the
ioctl() with -EIO if kvm->mm != current->mm. I.e. the child can keep
the VM "alive" but can't do anything useful with its reference.
Note that because 'struct kvm' also holds a reference to the mm_struct
of its owner, the above behavior also applies to userspace allocations.
Given that mucking with a VM's file descriptor can lead to subtle and
undesirable behavior, e.g. memcg charges persisting after a VM is shut
down, explicitly document a VM's lifecycle and its impact on the VM's
resources.
Alternatively, KVM could aggressively free resources when the creating
process exits, e.g. via mmu_notifier->release(). However, mmu_notifier
isn't guaranteed to be available, and freeing resources when the creator
exits is likely to be error prone and fragile as KVM would need to
ensure that it only freed resources that are truly out of reach. In
practice, the existing behavior shouldn't be problematic as a properly
configured system will prevent a child process from being moved out of
the appropriate cgroup hierarchy, i.e. prevent hiding the process from
the OOM killer, and will prevent an unprivileged user from being able to
to hold a reference to struct kvm via another method, e.g. debugfs.
[1]https://patchwork.kernel.org/patch/10806707/
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Currently we only drop the mmap_sem if there is contention on the page
lock. The idea is that we issue readahead and then go to lock the page
while it is under IO and we want to not hold the mmap_sem during the IO.
The problem with this is the assumption that the readahead does anything.
In the case that the box is under extreme memory or IO pressure we may end
up not reading anything at all for readahead, which means we will end up
reading in the page under the mmap_sem.
Even if the readahead does something, it could get throttled because of io
pressure on the system and the process is in a lower priority cgroup.
Holding the mmap_sem while doing IO is problematic because it can cause
system-wide priority inversions. Consider some large company that does a
lot of web traffic. This large company has load balancing logic in it's
core web server, cause some engineer thought this was a brilliant plan.
This load balancing logic gets statistics from /proc about the system,
which trip over processes mmap_sem for various reasons. Now the web
server application is in a protected cgroup, but these other processes may
not be, and if they are being throttled while their mmap_sem is held we'll
stall, and cause this nice death spiral.
Instead rework filemap fault path to drop the mmap sem at any point that
we may do IO or block for an extended period of time. This includes while
issuing readahead, locking the page, or needing to call ->readpage because
readahead did not occur. Then once we have a fully uptodate page we can
return with VM_FAULT_RETRY and come back again to find our nicely in-cache
page that was gotten outside of the mmap_sem.
This patch also adds a new helper for locking the page with the mmap_sem
dropped. This doesn't make sense currently as generally speaking if the
page is already locked it'll have been read in (unless there was an error)
before it was unlocked. However a forthcoming patchset will change this
with the ability to abort read-ahead bio's if necessary, making it more
likely that we could contend for a page lock and still have a not uptodate
page. This allows us to deal with this case by grabbing the lock and
issuing the IO without the mmap_sem held, and then returning
VM_FAULT_RETRY to come back around.
[josef@toxicpanda.com: v6]
Link: http://lkml.kernel.org/r/20181212152757.10017-1-josef@toxicpanda.com
[kirill@shutemov.name: fix race in filemap_fault()]
Link: http://lkml.kernel.org/r/20181228235106.okk3oastsnpxusxs@kshutemo-mobl1
[akpm@linux-foundation.org: coding style fixes]
Link: http://lkml.kernel.org/r/20181211173801.29535-4-josef@toxicpanda.com
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Tested-by: syzbot+b437b5a429d680cf2217@syzkaller.appspotmail.com
Cc: Dave Chinner <david@fromorbit.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Patch series "drop the mmap_sem when doing IO in the fault path", v6.
Now that we have proper isolation in place with cgroups2 we have started
going through and fixing the various priority inversions. Most are all
gone now, but this one is sort of weird since it's not necessarily a
priority inversion that happens within the kernel, but rather because of
something userspace does.
We have giant applications that we want to protect, and parts of these
giant applications do things like watch the system state to determine how
healthy the box is for load balancing and such. This involves running
'ps' or other such utilities. These utilities will often walk
/proc/<pid>/whatever, and these files can sometimes need to
down_read(&task->mmap_sem). Not usually a big deal, but we noticed when
we are stress testing that sometimes our protected application has latency
spikes trying to get the mmap_sem for tasks that are in lower priority
cgroups.
This is because any down_write() on a semaphore essentially turns it into
a mutex, so even if we currently have it held for reading, any new readers
will not be allowed on to keep from starving the writer. This is fine,
except a lower priority task could be stuck doing IO because it has been
throttled to the point that its IO is taking much longer than normal. But
because a higher priority group depends on this completing it is now stuck
behind lower priority work.
In order to avoid this particular priority inversion we want to use the
existing retry mechanism to stop from holding the mmap_sem at all if we
are going to do IO. This already exists in the read case sort of, but
needed to be extended for more than just grabbing the page lock. With
io.latency we throttle at submit_bio() time, so the readahead stuff can
block and even page_cache_read can block, so all these paths need to have
the mmap_sem dropped.
The other big thing is ->page_mkwrite. btrfs is particularly shitty here
because we have to reserve space for the dirty page, which can be a very
expensive operation. We use the same retry method as the read path, and
simply cache the page and verify the page is still setup properly the next
pass through ->page_mkwrite().
I've tested these patches with xfstests and there are no regressions.
This patch (of 3):
If we do not have a page at filemap_fault time we'll do this weird forced
page_cache_read thing to populate the page, and then drop it again and
loop around and find it. This makes for 2 ways we can read a page in
filemap_fault, and it's not really needed. Instead add a FGP_FOR_MMAP
flag so that pagecache_get_page() will return a unlocked page that's in
pagecache. Then use the normal page locking and readpage logic already in
filemap_fault. This simplifies the no page in page cache case
significantly.
[akpm@linux-foundation.org: fix comment text]
[josef@toxicpanda.com: don't unlock null page in FGP_FOR_MMAP case]
Link: http://lkml.kernel.org/r/20190312201742.22935-1-josef@toxicpanda.com
Link: http://lkml.kernel.org/r/20181211173801.29535-2-josef@toxicpanda.com
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
- Tell userspace about whether a particular hardware workaround for
one of the Spectre vulnerabilities is available, so that userspace
can inform the guest.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJceLfNAAoJEJ2a6ncsY3GfWnMH/1H4BQOcWnyBMkGX/IIVYmYP
Fxr9QdYdp+sRDmIgtKugARiW/cNdmrcTlW9qsOSD/sNpCtEjQ0t3R717f51DvSvC
J+RAnBD6dOP5qplvsUTPoU5xnkqBhxkyTJnEbG6zWGyvQNqLQlJEe3xI91c5r6RB
PiurQMtE7Mw/YyPpkthTQcm+JSgZX5QDd+KNkzL1rcfAV/4HlSXblAklwYgdsbch
m/X1HmnZVG/Seh9hH3q8hvp/YaPFvHOvoPWXaifwrZ3xNQ/tgCyGNJp+wupoay6K
RYHfsYmfoW0AbLnJqLH0Zbm9xDwkoZYjLbdWht4N/B5G0P0vkpQ86bdauabxCXI=
=mkez
-----END PGP SIGNATURE-----
Merge tag 'kvm-ppc-next-5.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into HEAD
Third PPC KVM update for 5.1
- Tell userspace about whether a particular hardware workaround for
one of the Spectre vulnerabilities is available, so that userspace
can inform the guest.
It's safe to assume Paolo and Radim are maintaining the KVM selftests
given that the vast majority of commits have their SOBs. Play nice
with get_maintainers and make it official.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This reverts commit 71883a62fc.
The above commit contains an optimization to kvm_zap_gfn_range which
uses gfn-limited TLB flushes, if enabled. If using these limited flushes,
kvm_zap_gfn_range passes lock_flush_tlb=false to slot_handle_level_range
which creates a race when the function unlocks to call cond_resched.
See an example of this race below:
CPU 0 CPU 1 CPU 3
// zap_direct_gfn_range
mmu_lock()
// *ptep == pte_1
*ptep = 0
if (lock_flush_tlb)
flush_tlbs()
mmu_unlock()
// In invalidate range
// MMU notifier
mmu_lock()
if (pte != 0)
*ptep = 0
flush = true
if (flush)
flush_remote_tlbs()
mmu_unlock()
return
// Host MM reallocates
// page previously
// backing guest memory.
// Guest accesses
// invalid page
// through pte_1
// in its TLB!!
Tested: Ran all kvm-unit-tests on a Intel Haswell machine with and
without this patch. The patch introduced no new failures.
Signed-off-by: Ben Gardon <bgardon@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Use the request tag for logging instead of the scsi command serial
number.
Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[jejb: fix commit oneliner]
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This isn't a straight port of commit 84c4e1f89f for aio.c, since
io_uring doesn't use files in exactly the same way. But it's pretty
close. See the commit message for that commit.
This essentially fixes a use-after-free with the poll command
handling, but it takes cue from Linus's approach to just simplifying
the file handling. We move the setup of the file into a higher level
location, so the individual commands don't have to deal with it. And
then we release the reference when we free the associated io_kiocb.
Fixes: 221c5eb233 ("io_uring: add support for IORING_OP_POLL")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Now that we're using the xdr_stream functions to decode the header,
the test for the minimum reply length is redundant.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Handle the SYSTEM_ERR rpc error by retrying the RPC call as if it
were a garbage argument.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Ensure that when the "garbage args" case falls through, we do set
an error of EIO.
Fixes: a0584ee9ae ("SUNRPC: Use struct xdr_stream when decoding...")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
When the socket is closed, we currently send an EAGAIN error to all
pending requests in order to ask them to retransmit. Use ENOTCONN
instead, to ensure that they try to reconnect before attempting to
transmit.
This also helps SOFTCONN tasks to behave correctly in this
situation.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
