Linux guests on Haswell (and also SandyBridge and Broadwell, at least)
would crash if you decided to run a host command that uses PEBS, like
perf record -e 'cpu/mem-stores/pp' -a
This happens because KVM is using VMX MSR switching to disable PEBS, but
SDM [2015-12] 18.4.4.4 Re-configuring PEBS Facilities explains why it
isn't safe:
When software needs to reconfigure PEBS facilities, it should allow a
quiescent period between stopping the prior event counting and setting
up a new PEBS event. The quiescent period is to allow any latent
residual PEBS records to complete its capture at their previously
specified buffer address (provided by IA32_DS_AREA).
There might not be a quiescent period after the MSR switch, so a CPU
ends up using host's MSR_IA32_DS_AREA to access an area in guest's
memory. (Or MSR switching is just buggy on some models.)
The guest can learn something about the host this way:
If the guest doesn't map address pointed by MSR_IA32_DS_AREA, it results
in #PF where we leak host's MSR_IA32_DS_AREA through CR2.
After that, a malicious guest can map and configure memory where
MSR_IA32_DS_AREA is pointing and can therefore get an output from
host's tracing.
This is not a critical leak as the host must initiate with PEBS tracing
and I have not been able to get a record from more than one instruction
before vmentry in vmx_vcpu_run() (that place has most registers already
overwritten with guest's).
We could disable PEBS just few instructions before vmentry, but
disabling it earlier shouldn't affect host tracing too much.
We also don't need to switch MSR_IA32_PEBS_ENABLE on VMENTRY, but that
optimization isn't worth its code, IMO.
(If you are implementing PEBS for guests, be sure to handle the case
where both host and guest enable PEBS, because this patch doesn't.)
Fixes: 26a4f3c08d ("perf/x86: disable PEBS on a guest entry.")
Cc: <stable@vger.kernel.org>
Reported-by: Jiří Olša <jolsa@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Thomas Huth discovered that a guest could cause a hard hang of a
host CPU by setting the Instruction Authority Mask Register (IAMR)
to a suitable value. It turns out that this is because when the
code was added to context-switch the new special-purpose registers
(SPRs) that were added in POWER8, we forgot to add code to ensure
that they were restored to a sane value on guest exit.
This adds code to set those registers where a bad value could
compromise the execution of the host kernel to a suitable neutral
value on guest exit.
Cc: stable@vger.kernel.org # v3.14+
Fixes: b005255e12
Reported-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Tiny fixes branch this week, in fact only one patch.
Turns out the USB support for a Renesas board was developed on a pre-release
board that ended up being changed before shipping. To avoid breakage on those
boards, and avoid confusion, it's a reasonable idea to patch now instead of
later. There are no known users of the pre-release variant any more.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJW3ImHAAoJEIwa5zzehBx3/tcP/2lW14P7exYAcqIke9qagz9D
88n59MDwu+GOaiU3G/SbzClDItmEKs/sTZjPvl9l/n1cFEj//9smrsK7brklE8wk
IB3cIUBzJCSXNffBPLs0qXjrIgf86c/t5LNJCsXXritY83/wT6+YgIUKv3IaGjqW
mxXvf3Y7ymqVB7favDoThSeT8/fApRBp8d0+Z3Dr31CvmmMTp4nRg2773E2ZZYCj
pC7LaPZvAUN7ko5pnl6FtY19H+bj6hsvk2dV68xotQAvQZudDbhgZUb+yZhWxOiF
BXNYNRQxh8nVhILG8Iup48I5NEJbMmFKR0PwGaIaI29Mo2eR6FX1NXD3e6iGFx2+
xS7Jr4AW7+7t4zzOsmTUGkDJkxjkMq9wO7xkrqotYE0lPqyOKqswaOHQYKDNXJK6
ejGuzIpSvKWuuiUQSYkbm6+nR4tob96SU6fz25/ZZxRNqrd9+XCqpgKu/ZFSusYM
84C/5mwt5KzAeXoB5GnuEUIfm5uRGWWOxPYa4CknPVsEQTS0bBEiAjyYm+grPctB
DvXq4K8Ba5AJ2pA1qe8cQ0bhJuTyqkQwv9nQN5bO5SUgrAI/8ha/bSoI+AJWXmGE
RZ1Lw3JeLuaUWSPZdcCp1gQh6zWdS6bbZIPxJgZd6wMkBAdRrJscvVXwSS4lWJW5
rDINOiN37GE7/iKISuvs
=aA8l
-----END PGP SIGNATURE-----
Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fix from Olof Johansson:
"Tiny fixes branch this week, in fact only one patch.
Turns out the USB support for a Renesas board was developed on a
pre-release board that ended up being changed before shipping. To
avoid breakage on those boards, and avoid confusion, it's a reasonable
idea to patch now instead of later. There are no known users of the
pre-release variant any more"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: dts: porter: remove enable prop from HS-USB device node
Pull ARM fixes from Russell King:
"Just two ARM fixes this time: one to fix the hyp-stub for older ARM
CPUs, and another to fix the set_memory_xx() permission functions to
deal with zero sizes correctly"
* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
ARM: 8544/1: set_memory_xx fixes
ARM: 8534/1: virt: fix hyp-stub build for pre-ARMv7 CPUs
Pull ceph fix from Sage Weil:
"This is a final commit we missed to align the protocol compatibility
with the feature bits.
It decodes a few extra fields in two different messages and reports
EIO when they are used (not yet supported)"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
ceph: initial CEPH_FEATURE_FS_FILE_LAYOUT_V2 support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJW20osAAoJEEtJtSqsAOnW3asP/jsw0ctg6yrbHFc3eiqcFOpb
2eyADlOYcE+B/djawvKcL4S0ubAqPKbO7VrecQIeqnJsPVAYRqfY4COIALOfcnTa
3KC6Rc03UtBMUz6qjPqx3x54DFYzA9GSYcfGJVuvBeqohu24tsHtrqS4/GtL3qGN
JYQ7dbVb7A+tdBL9SPaFGxJugcM7n5Th1rCTApiLk51joyzlGjswCwG9Gj8/ihIs
81/zM9P8DZTsMTzPqzvLy7HKCpTwJ3DVA0mAmt6FTA2xpTrWixvTBRopsW4kkAso
ma6JbCaJ5HiNWmlMWaVY0wJTg5XNXUoO9vBI7Ix1weF0MqbtVq62JUWUjNxWt5FH
d4q9+eQKJ334NXfrnbcFGrc1v4n4LtmgRnTrOxY5ik72CeK+oh6gsAUs5Bvb4Rqn
AzyBBDbLR0x3VUmkXDMHgQx9t2AgiVBxMAtSnJ9BT+Z5Bx0g/WYn+K3JXJm4pTWI
wu5sxSmKDHn4nbu4UB1cl1F1CGPWknhv0HmG/1pP7nn0JsvnjuV/+lm9cfPISfzo
+96OCFKgoKUt2Pg+xPTwLcK5t6a7dzwxcKJMaMMzmI6L0FFL90b6CFacJBnnU65a
QEpP3Lj7TUH9jnvUJEuSbnwoW/myN6CnFf6P+yzZuN/WOVXrdF0vrjfcgBSxElvV
SBHrZg6lPdqqk9Wrd424
=E4vJ
-----END PGP SIGNATURE-----
Merge tag 'upstream-4.5-rc7' of git://git.infradead.org/linux-ubifs
Pull UBI fix from Richard Weinberger:
"This contains a single bug fix for UBI"
* tag 'upstream-4.5-rc7' of git://git.infradead.org/linux-ubifs:
ubi: Fix out of bounds write in volume update code
Pull UML fixes from Richard Weinberger:
"This contains three bug/build fixes"
* 'for-linus-4.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
um: use %lx format specifiers for unsigned longs
um: Export pm_power_off
Revert "um: Fix get_signal() usage"
Pull MIPS fixes from Ralf Baechle:
"Another round of fixes for 4.5:
- Fix the use of an undocumented syntactial variant of the .type
pseudo op which is not supported by the LLVM assembler.
- Fix invalid initialization on S-cache-less systems.
- Fix possible information leak from the kernel stack for SIGFPE.
- Fix handling of copy_{from,to}_user() return value in KVM
- Fix the last instance of irq_to_gpio() which now was causing build
errors"
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: traps: Fix SIGFPE information leak from `do_ov' and `do_trap_or_bp'
MIPS: kvm: Fix ioctl error handling.
MIPS: scache: Fix scache init with invalid line size.
MIPS: Avoid variant of .type unsupported by LLVM Assembler
MIPS: jz4740: Fix surviving instance of irq_to_gpio()
Pull i2c fix from Wolfram Sang:
"One I2C bugfix ensuring correct memory allocation in a driver"
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: brcmstb: allocate correct amount of memory for regmap
Here are some USB driver ids for 4.5-rc7, and the removal of a driver we
merged in 4.5-rc1 but it turns out it's not needed as the hardware is the
same as a driver we already have in the tree. This was only figured out
after doing a lot of cleanup on it, gotta love vendor-provided drivers...
The new device ids for the devices for this driver will be added later on
when testing is completed, but for now, we will remove the driver to keep
people from accidentally cleaning it up.
All of these have been in linux-next for a while with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEABECAAYFAlbbRQwACgkQMUfUDdst+ymafACfUdM+kY6JrFmiZMB4eu4t78o9
EtQAoLE3Z7EWw+qZ71LFCkEu06hx8PSH
=HwpY
-----END PGP SIGNATURE-----
Merge tag 'usb-4.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are some USB driver ids for 4.5-rc7, and the removal of a driver
we merged in 4.5-rc1 but it turns out it's not needed as the hardware
is the same as a driver we already have in the tree.
This was only figured out after doing a lot of cleanup on it, gotta
love vendor-provided drivers... The new device ids for the devices
for this driver will be added later on when testing is completed, but
for now, we will remove the driver to keep people from accidentally
cleaning it up.
All of these have been in linux-next for a while with no reported
issues"
* tag 'usb-4.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
USB: qcserial: add Sierra Wireless EM74xx device ID
Revert "USB: serial: add Moxa UPORT 11x0 driver"
USB: serial: option: add support for Quectel UC20
USB: serial: option: add support for Telit LE922 PID 0x1045
USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder
USB: qcserial: add Dell Wireless 5809e Gobi 4G HSPA+ (rev3)
usb: chipidea: otg: change workqueue ci_otg as freezable
static analysis from cppcheck detected %x being used for
unsigned longs:
[arch/x86/um/os-Linux/task_size.c:112]: (warning) %x in format
string (no. 1) requires 'unsigned int' but the argument type
is 'unsigned long'.
Use %lx instead of %x
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Commit db2f24dc24
was plain wrong. I did not realize the we are
allowed to loop here.
In fact we have to loop and must not return to userspace
before all SIGSEGVs have been delivered.
Other archs do this directly in their entry code, UML
does it here.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Richard Weinberger <richard@nod.at>
ubi_start_leb_change() allocates too few bytes.
ubi_more_leb_change_data() will write up to req->upd_bytes +
ubi->min_io_size bytes.
Cc: stable@vger.kernel.org
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Boris Brezillon <boris.brezillon@free-electrons.com>
It's our tradition to get a high volume of fixes late at rc7: this
time, X32 ABI breakage was found and this resulted in a high number
LOCs. The necessary changes to ALSA core codes were fairly
straightforward, and more importantly, they are specific to X32, thus
should be safe to apply.
Other than that, rather a collection of small fixes:
- Removal of the code that blocks too long at closing the OSS
sequencer client (which was spotted by syzkaller, unsurprisingly)
- Fixes races at HD-audio HDMI i915 audio binding
- a few HDSP/HDPM zero-division fixes
- Quirks for HD-audio and USB-audio as usual
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJW2yCGAAoJEGwxgFQ9KSmkijgQAJddLx3JVpuFS1xh1AxdnoY4
DV/3nSHOWJ1e6MfBlkp8+V14AcuA/AG+iRUONkA6il2dGKW5oArpCwXoV14P3eK+
hrMM1UtSikyiPdnzm2lKZVI2D/aZcrIgsUsBtX+tMunzaO8DhvPwblyL8bMbdbf9
tflrZ0FfiDrt45tjCklUFEzdzqI3qmIg4vl/GMM7og5MnHnM/WaOaamq7Fi6CGar
LujpGIQ2Loz82t7kbjAn3pOVY5IrHSihvYYNUQ4gke1rkZqY3e13CcZ8Z6y/aYkf
yaaIgFbdklTpydukEAUaT0EQ2KSMrzAFwejrw3ywOtSivv/bi+sHb/tNFRgLNay9
BR7Nz+Aw/8oQsnbkUI/FMmfdGNqldfzJ2ukyReFV5+k4E4hZtLsvUh/iPb9VaJ4p
xD4Oiqi9cAYcL8MxgbwntlgHPraKovdGXlIdnmv0Jkl4/FOlVLJ3wWpSqYnWlhOo
DqtrjahJTWGT0Gy7Mwg59hy+2CqDJ6YCa3iPwBTsOebIVOE6ZRxP1H3sQS8Phxjr
uW9pRdcx+Y5tPbhOoJqqkAmL4cpkRrfQMfXqGGf+sKL24Yz/fevDl1F/qvcViyc1
VWy/H4sTLSLoX4zfDd4fvg+2iCNGNVhou5Ixld9SLcZwFg2PF2a06RBH44WdV/Gq
CwMyGnvN6omx0CUcnl05
=6vCP
-----END PGP SIGNATURE-----
Merge tag 'sound-4.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"It's our tradition to get a high volume of fixes late at rc7: this
time, X32 ABI breakage was found and this resulted in a high number
LOCs. The necessary changes to ALSA core codes were fairly
straightforward, and more importantly, they are specific to X32, thus
should be safe to apply.
Other than that, rather a collection of small fixes:
- Removal of the code that blocks too long at closing the OSS
sequencer client (which was spotted by syzkaller, unsurprisingly)
- Fixes races at HD-audio HDMI i915 audio binding
- a few HDSP/HDPM zero-division fixes
- Quirks for HD-audio and USB-audio as usual"
* tag 'sound-4.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - hdmi defer to register acomp eld notifier
ALSA: hda - hdmi add wmb barrier for audio component
ALSA: hda - Fix mic issues on Acer Aspire E1-472
ALSA: seq: oss: Don't drain at closing a client
ALSA: usb-audio: Add a quirk for Plantronics DA45
ALSA: hdsp: Fix wrong boolean ctl value accesses
ALSA: hdspm: Fix zero-division
ALSA: hdspm: Fix wrong boolean ctl value accesses
ALSA: timer: Fix ioctls for X32 ABI
ALSA: timer: Fix broken compat timer user status ioctl
ALSA: rawmidi: Fix ioctls X32 ABI
ALSA: rawmidi: Use comapt_put_timespec()
ALSA: pcm: Fix ioctls for X32 ABI
ALSA: ctl: Fix ioctls for X32 ABI
One minor fix on pxa driver to fix the cyclic dma tranfers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJW2xUkAAoJEHwUBw8lI4NH8vEQANW6zbFFLya5/V7zM8uGDiyT
lXFM9fYjuGQ625W+TxKvbQF9nwfYFMFaeGWM10DqhW+uDSMQHWNEmOLlBgVaG57M
MRzKXGma6tGpPttANF0uIkv4kLz6FXnZ4RnzEzYaQeZKu1cyoJX0v1Il5KyRSD4S
lIBs3PmtCNMeJikDLjPXsChx0hBuB5FXFIXpiD93wAZ8GVPDgIg67mLuCRGO5TuZ
mKvRxBlr4AF8XXvEmCOkExADwbD8NlvjbMEM6PNtc3SkB7B7QPtdb8UHW7+ovBYQ
i9ws/MXO3dhFCC00c/VHQc5gZB8gltXKk2Bw25ageOAv17lS9HzI5heATUHSDyO9
8TVu6BJq3Cw6qxZ4L9sxv8DWLRZ5VkdokYK7KDpvOUXKQ1RcmE+AKBzr3lVfyU+2
Xji5+/KrVujFi0j2a2QB/jGB0sxHNwuPhIkyUvKuG3bSD6AbSKDKLnHDtkvE21Fx
wwFMMN7Y/mebEHcPi3pVjs5nPwshItfUoAjUwzquUxv6qkCAf+kKp3681PnAxk3t
nDSNIy1SjH3VnqBc9N7ngmYmNn9gnAxVnPQ82zWNT0Ifqtjga2bqWRAqvvs/8dxO
tiCrQzP7G1NwVLYVoQpahe8lCKZG4jvLPFlD4Il0j4om0kddIkShF0MpSHp3B5B8
Ten2XNlyUltGWo8kdyxH
=2qcB
-----END PGP SIGNATURE-----
Merge tag 'dmaengine-fix-4.5-rc7' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fix from Vinod Koul:
"One minor fix on pxa driver to fix the cyclic dma tranfers"
* tag 'dmaengine-fix-4.5-rc7' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: pxa_dma: fix cyclic transfers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJW2tpIAAoJEAhfPr2O5OEVJOkP/0QKNBOyvonEvVGCNDzvlPnz
stFLRKFyzHRA9KQKPcZ2UMHaP3UFy4uUbdK1YOUMvYN8CUBmhr4QOlZcmLwCGROx
0BtGqWeGwjM1gbDby4c+/8nvl+dPehNNtv1d5jjtu53bPylg7rQTM337QnBykXFC
qWW/NvlHWqcfR2TUW+8saAJ5l/R2gWYuAIreIgbImXFB5mBHBZ0QmtnW/radPlU6
pUTsRxIaw1IYJ0qpEmVYaTZiVwax6i55KJBKONjzqGPM3Bk/+XOuqyUfID3Ogvb5
u10B4x6l+UvFMKqWZNXeCSalsdw5NI3yaBo6MAjUCpIlVPR4o15RM1mlvkFn0x+1
fNnX+lpJcFamytXAGkQ8qbCNGd03AmXVusMs+gXnJIET98UGDa44F0l5/D9Uy+Wg
dcGuVTDH/WnwO/UndCFqT2R1hAx1CwOoVseIRL3stQ0xrxHA39kuoB98r4knBh+o
AD4bVzHX+lwZmtOAqOgS6mIx5h+lCGlOomDLmfRt7T6UP8YVCFg2tuCRrO83OR+e
+6u7z3fnhn6zpUQ3VsjI8qoILVg4UctHeJ8u0Ygks3FYFWsFaNJriZH0iiNhiFcS
dbGQjSvBp9svbFz9KmvB/mh4hrJjwTOFf/U9sR/KkBqRb/rAsPv6DFkDZBtV/91D
H9B5sI6sYD4CCsldqXph
=lhV9
-----END PGP SIGNATURE-----
Merge tag 'media/v4.5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
Pull media fixes from Mauro Carvalho Chehab:
- some last time changes before we stablize the new entity function
integer numbers at uAPI
- probe: fix erroneous return value on i2c/adp1653 driver
- fix tx 5v detect regression on adv7604 driver
- fix missing unlock on error in vpfe_prepare_pipeline() on
davinci_vpfe driver
* tag 'media/v4.5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
[media] media: Sanitise the reserved fields of the G_TOPOLOGY IOCTL arguments
[media] media.h: postpone connectors entities
[media] media.h: use hex values for range offsets, move connectors base up.
[media] adv7604: fix tx 5v detect regression
[media] media.h: get rid of MEDIA_ENT_F_CONN_TEST
[media] [for,v4.5] media.h: increase the spacing between function ranges
[media] media: i2c/adp1653: probe: fix erroneous return value
[media] media: davinci_vpfe: fix missing unlock on error in vpfe_prepare_pipeline()
Pull libnvcimm fix from Dan Williams:
"One straggling fix for NVDIMM support.
The KVM/QEMU enabling for NVDIMMs has recently reached the point where
it is able to accept some ACPI _DSM requests from a guest VM. However
they immediately found that the 4.5-rc kernel is unusable because the
kernel's 'nfit' driver fails to load upon seeing a valid "not
supported" response from the virtual BIOS for an address range scrub
command.
It is not mandatory that a platform implement address range scrubbing,
so this fix from Vishal properly treats the 'not supported' response
as 'skip scrubbing and continue loading the driver'"
* 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
nfit: Continue init even if ARS commands are unimplemented
Two fairly simple fixes. One is a regression with ipr firmware
loading caused by one of the trivial patches in the last merge window
which failed to strip the \n from the file name string, so now the
firmware loader no longer works leading to a lot of unhappy ipr users;
fix by stripping the \n. The second is a memory leak within SCSI: the
BLK_PREP_INVALID state was introduced a recent fix but we forgot to
account for it correctly when freeing state, resulting in memory
leakage. Add the correct state freeing in scsi_prep_return().
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABAgAGBQJW2hlQAAoJEDeqqVYsXL0McMQIALFgkpEzXrk4Jmrls1bNH4pM
6+lMCRFHt97g5PXWg+C4icmH3cHi70Nu3qllbkDcvMUzBdlTN5lQIXIsunOHNf1B
Tt9ZxwknCJMRFHr2PVdjILrF+fpsEoHBgFykpy8mvgS4A0Cj1I9qALYSID42hyIL
Y8JP9Hq7oHG8Dsndttpa7nkq4HoD1X7q2YcX5fJ+I+h06bs7bL+lEszS6UjRIbgX
+WFgDAbczpz4HgB/ZWSlgEw5Dn06boRAZQaIoYkXTtUlLgqx825WOPhyaTWMKrXe
QuE7sPgf5wRvuq+gSnzRX/ieKMgB0zr3kpO6ZPMwXMVccBfDF+ZHj9w/wl5ULpk=
=gJYE
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Two fairly simple fixes.
One is a regression with ipr firmware loading caused by one of the
trivial patches in the last merge window which failed to strip the \n
from the file name string, so now the firmware loader no longer works
leading to a lot of unhappy ipr users; fix by stripping the \n.
The second is a memory leak within SCSI: the BLK_PREP_INVALID state
was introduced a recent fix but we forgot to account for it correctly
when freeing state, resulting in memory leakage. Add the correct
state freeing in scsi_prep_return()"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
ipr: Fix regression when loading firmware
SCSI: Free resources when we return BLKPREP_INVALID
Pull libata fixes from Tejun Heo:
"Assorted fixes for libata drivers.
- Turns out HDIO_GET_32BIT ioctl was subtly broken all along.
- Recent update to ahci external port handling was incorrectly
marking hotpluggable ports as external making userland handle
devices connected to those ports incorrectly.
- ahci_xgene needs its own irq handler to work around a hardware
erratum. libahci updated to allow irq handler override.
- Misc driver specific updates"
* 'for-4.5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
ata: ahci: don't mark HotPlugCapable Ports as external/removable
ahci: Workaround for ThunderX Errata#22536
libata: Align ata_device's id on a cacheline
Adding Intel Lewisburg device IDs for SATA
pata-rb532-cf: get rid of the irq_to_gpio() call
libata: fix HDIO_GET_32BIT ioctl
ahci_xgene: Implement the workaround to fix the missing of the edge interrupt for the HOST_IRQ_STAT.
ata: Remove the AHCI_HFLAG_EDGE_IRQ support from libahci.
libahci: Implement the capability to override the generic ahci interrupt handler.
Pull block fixes from Jens Axboe:
"Round 2 of this. I cut back to the bare necessities, the patch is
still larger than it usually would be at this time, due to the number
of NVMe fixes in there. This pull request contains:
- The 4 core fixes from Ming, that fix both problems with exceeding
the virtual boundary limit in case of merging, and the gap checking
for cloned bio's.
- NVMe fixes from Keith and Christoph:
- Regression on larger user commands, causing problems with
reading log pages (for instance). This touches both NVMe,
and the block core since that is now generally utilized also
for these types of commands.
- Hot removal fixes.
- User exploitable issue with passthrough IO commands, if !length
is given, causing us to fault on writing to the zero
page.
- Fix for a hang under error conditions
- And finally, the current series regression for umount with cgroup
writeback, where the final flush would happen async and hence open
up window after umount where the device wasn't consistent. fsck
right after umount would show this. From Tejun"
* 'for-linus2' of git://git.kernel.dk/linux-block:
block: support large requests in blk_rq_map_user_iov
block: fix blk_rq_get_max_sectors for driver private requests
nvme: fix max_segments integer truncation
nvme: set queue limits for the admin queue
writeback: flush inode cgroup wb switches instead of pinning super_block
NVMe: Fix 0-length integrity payload
NVMe: Don't allow unsupported flags
NVMe: Move error handling to failed reset handler
NVMe: Simplify device reset failure
NVMe: Fix namespace removal deadlock
NVMe: Use IDA for namespace disk naming
NVMe: Don't unmap controller registers on reset
block: merge: get the 1st and last bvec via helpers
block: get the 1st and last bvec via helpers
block: check virt boundary in bio_will_gap()
block: bio: introduce helpers to get the 1st and last bvec
- One fix to an error path in the core
- One fix for RoCE in the core
- Two related fixes for the core/mlx5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJW2F4JAAoJELgmozMOVy/dDMkP/A2yE2fzBvle4Tbx6d68Z6BE
i/HqiYCh37Bbxv4dy57S95VM+3Snjk0MrwvvyxLegL2P5kpCBK2fX9hb+TcBMr19
BXPt8NgTjtoWbcYL55VoMVo0QLGUKy4H9H8R40ajtoRnUYGceZnwiGOVvtm2SsfP
Ua6YbN4E1OK8ZlAzJWRPdlOWJ/rCq9yIa/0HkDhCI0gbxDbwJwae8OnVzgmK7WT6
TxpG/ewfK2Nwo9GpAJq7Zemb96qnRzZCTP9EcAb/QA3CYLUTZbr57uFqzZfF8t8g
UVv1mlmnwDjbz+HZQfOxwIvpoD1xVUY2qAmrRxGWrwSNH/Peib++LcTaAxXWo/AP
lH9P9ZHFqdy4E7QmmchU0Pi2KV9jsT+ISIL2fqPrt4e3FKxbpEheDd9vPwwdLMUW
co2o0cmYRf9VLQSa67mG8GO7+Wjyk63e0TLxVbCK+JBv8XXuhwyeGo+Sfdodelk+
qeU+vsOpjbx9+YiPUhu4HcOvL5KqjZzas/PJpvAYzW6/UDVOeKwj2f+3Im8LdTu8
Zxdz7Q/0epagAramMD5f5v3QZeDKCQvHUnCGbZT3/Mj4tYTj4pUCTKfsNaTvMXKh
vXj8MiJH8wwL3VE/2ddZqQqcf0PQUJQQgDsJ5/rH4Rkuq6wQ4/1je+34simGWATp
la6CHiqauSdqiBDMEUJq
=e9oB
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma
Pull rdma fixes from Doug Ledford:
"Additional 4.5-rc6 fixes.
I have four patches today. I had previously thought I had submitted
two of them last week, but they were accidentally skipped :-(.
- One fix to an error path in the core
- One fix for RoCE in the core
- Two related fixes for the core/mlx5"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
IB/core: Use GRH when the path hop-limit > 0
IB/{core, mlx5}: Fix input len in vendor part of create_qp/srq
IB/mlx5: Avoid using user-index for SRQs
IB/core: Fix missed clean call in registration path
Pull drm fixes from Dave Airlie:
"This contains one i915 patch twice, as I merged it locally for
testing, and then pulled some stuff in on top, and then Jani sent to
me, I didn't think it was worth redoing all the merges of what I had
tested.
Summary:
- amdgpu/radeon fixes for some more power management and VM races.
- Two i915 fixes, one for the a recent regression, one another power
management fix for skylake.
- Two tegra dma mask fixes for a regression.
- One ast fix for a typo I made transcribing the userspace driver,
that I'd like to get into stable so I don't forget about it"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
gpu: host1x: Set DMA ops on device creation
gpu: host1x: Set DMA mask
drm/amdgpu: return from atombios_dp_get_dpcd only when error
drm/amdgpu/cz: remove commented out call to enable vce pg
drm/amdgpu/powerplay/cz: enable/disable vce dpm independent of vce pg
drm/amdgpu/cz: enable/disable vce dpm even if vce pg is disabled
drm/amdgpu/gfx8: specify which engine to wait before vm flush
drm/amdgpu: apply gfx_v8 fixes to gfx_v7 as well
drm/amd/powerplay: send event to notify powerplay all modules are initialized.
drm/amd/powerplay: export AMD_PP_EVENT_COMPLETE_INIT task to amdgpu.
drm/radeon/pm: update current crtc info after setting the powerstate
drm/amdgpu/pm: update current crtc info after setting the powerstate
drm/i915: Balance assert_rpm_wakelock_held() for !IS_ENABLED(CONFIG_PM)
drm/i915/skl: Fix power domain suspend sequence
drm/ast: Fix incorrect register check for DRAM width
drm/i915: Balance assert_rpm_wakelock_held() for !IS_ENABLED(CONFIG_PM)
- Prevent the graph tracer from crashing when used over
suspend-to-RAM on x86 by pausing it before invoking
do_suspend_lowlevel() and un-pausing it when that function
has returned (Todd Brandt).
- Fix build issues in the qoriq and mediatek cpufreq drivers
related to broken dependencies on THERMAL (Arnd Bergmann).
/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJW2gpWAAoJEILEb/54YlRx+rQQAKK1IZeuiigv2NxxiX/reSaG
YXhgXGpn+aKl/wayLlauq1ZcL9UFH7Hz0c5iy8VqtOs7uRNtqiQ/9UwSkjsHQcYG
nzKUjEF3Bk5ntn8L4Ou1XBeP+GeSoZqAArNFH03mVB+uCx22J5HbSAIE+cAqqtwn
SjK5rdQT5H3DDaNKbGhu3oRBx1OyVY5lltn6H9cfEBG+LuPsjKCT4RWsVpXuh/f0
p6/Bz2Uz88crY0UXfUlFnCKVd0HlLk3QR7Z5nYzUqGVQMBjj2ARhBCcTAQqtC8U1
kDdBoTKT8TQZzit4K5H2cGwTBtVznHgOM/KCs6PP9dLe4j69vO+Ozf0l9WE17ooX
vKHz2MgQTXU93+2wjcwCTVjFrbtE/l7/mcY7Ed97i0p9B2i/R90jIvezo14w4+0U
r9msKR4apUeq53uLLCWtBN6/+B3uiajvzzJUxmEL2hdT3mdnAfX/P8ydbqIKZSL3
Z1L7pC1zVsr3hcmR345tDU2RS8fuliDI6YK9O3t5MAxHW8nupbRK3BafuRBebH/S
2g+36nc08FMcf2ciImCejMQhXVN5QdfMvYvwrE59Uyktj/Yp3AG4xzu242PAgBvd
K2X/pt1RBdBqOa6OOovciA0paqg2CRGGYXoSHiyXVzrCb2QM4gaNRihaJZdk+vDn
lfdXgv9wmDKafVvR/EzJ
=iTIP
-----END PGP SIGNATURE-----
Merge tag 'pm+acpi-4.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management and ACPI fixes from Rafael Wysocki:
"Two build fixes for cpufreq drivers (including one for breakage
introduced recently) and a fix for a graph tracer crash when used over
suspend-to-RAM on x86.
Specifics:
- Prevent the graph tracer from crashing when used over suspend-to-
RAM on x86 by pausing it before invoking do_suspend_lowlevel() and
un-pausing it when that function has returned (Todd Brandt).
- Fix build issues in the qoriq and mediatek cpufreq drivers related
to broken dependencies on THERMAL (Arnd Bergmann)"
* tag 'pm+acpi-4.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
PM / sleep / x86: Fix crash on graph trace through x86 suspend
cpufreq: mediatek: allow building as a module
cpufreq: qoriq: allow building as module with THERMAL=m
- Ensure struct page array fits within vmemmap area
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJW1NaCAAoJELescNyEwWM0Sl8H/3jJiGQixMLmjdfUsZVrtdk5
0Smn4HKYxv3AV2WQ6+miOquOhMz3xrGIHaOf1Zf4GSo3n02drq3pmHqrM2muBpp5
tmw9Q36dApXKIztpBQDqk7yCEpY7rELtIjvaOjta3OOLFbBnTsdGdkp+EWEn6m1g
NJ6Cnw96KMHnivbwLpVzbeRQni9E+oJIhpv4p/wy5gSTqMCdJIBsfK3/uv3rszLZ
O70F6+ZL9a2wUc4SnSUESpEuFmwoZHWROlZreZlHXQzmuyqpYIJK/JxBMaaz2yC/
2L2k3kEmgfRwxjh5Jcp5yzKxCJH0ZUYYGoDKoDaIb8iP3SrlTlfp8jBorANIxcY=
=dfNx
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fix from Will Deacon:
"Arm64 fix for -rc7. Without it, our struct page array can overflow
the vmemmap region on systems with a large PHYS_OFFSET.
Nothing else on the radar at the moment, so hopefully that's it for
4.5 from us.
Summary: Ensure struct page array fits within vmemmap area"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: vmemmap: use virtual projection of linear region
• a lock ordering problem between the page lock and the internal f->sem
mutex, which was causing occasional deadlocks in garbage collection, and
• a scan failure causing moved directories to sometimes end up appearing
to have hard links.
There are also a couple of trivial MAINTAINERS file updates.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlbaGIsACgkQdwG7hYl686OpGQCgu0l4E7cQ/v1Af9kZatj6fnzN
LvcAnR3SzmiH1jxNGSY7C1mUQWosRl/9
=Ker9
-----END PGP SIGNATURE-----
Merge tag 'for-linus-20160304' of git://git.infradead.org/linux-mtd
Pull jffs2 fixes from David Woodhouse:
"This contains two important JFFS2 fixes marked for stable:
- a lock ordering problem between the page lock and the internal
f->sem mutex, which was causing occasional deadlocks in garbage
collection
- a scan failure causing moved directories to sometimes end up
appearing to have hard links.
There are also a couple of trivial MAINTAINERS file updates"
* tag 'for-linus-20160304' of git://git.infradead.org/linux-mtd:
MAINTAINERS: add maintainer entry for FREESCALE GPMI NAND driver
Fix directory hardlinks from deleted directories
jffs2: Fix page lock / f->sem deadlock
Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"
MAINTAINERS: update Han's email
Pull btrfs fix from Chris Mason:
"Filipe nailed down a problem where tree log replay would do some work
that orphan code wasn't expecting to be done yet, leading to BUG_ON"
* 'for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
Btrfs: fix loading of orphan roots leading to BUG_ON
a tasks "comm" field. But this prevented filtering on a comm field that
is within a trace event (like sched_migrate_task).
When trying to filter on when a program migrated, this change prevented
the filtering of the sched_migrate_task.
To fix this, the event fields are examined first, and then the extra fields
like "comm" and "cpu" are examined. Also, instead of testing to assign
the comm filter function based on the field's name, the generic comm field
is given a new filter type (FILTER_COMM). When this field is used to filter
the type is checked. The same is done for the cpu filter field.
Two new special filter types are added: "COMM" and "CPU". This allows users
to still filter the tasks comm for events that have "comm" as one of their
fields, in cases that users would like to filter sched_migrate_task on the
comm of the task that called the event, and not the comm of the task that
is being migrated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJW2argAAoJEKKk/i67LK/8b78H/32nYPizDIsK/p2bL1mgbtMl
vrkcfb+maPOC7cjB+CdQmyV4EIVpSn06XFouYghGprdoVocVyBuIflxn0j3Gbymy
zLCg8lR70KTATTqst1wsWMbnh+UvAKNEiXj8jf2qcK2xhgalXMDwsTC4+LDlLugu
YAx89lmsjK1YpP/wIzMww2jQG+07Nhm9gHWXF2MC3egZ+sgYxARnfds0yTcGgS8o
dc/yJGZDCI44JMDNThcCFxNvsmoTa9tpm+JNe2YTht6KCympa+Ht9Jj9MMlD06cq
M5CqMQlok+mrVsW5LbJPCk1u83ynr6d/PcPQuT2nykRx8bGvKjA7AKMPaxw1Jz4=
=ixBz
-----END PGP SIGNATURE-----
Merge tag 'trace-fixes-v4.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fix from Steven Rostedt:
"A feature was added in 4.3 that allowed users to filter trace points
on a tasks "comm" field. But this prevented filtering on a comm field
that is within a trace event (like sched_migrate_task).
When trying to filter on when a program migrated, this change
prevented the filtering of the sched_migrate_task.
To fix this, the event fields are examined first, and then the extra
fields like "comm" and "cpu" are examined. Also, instead of testing
to assign the comm filter function based on the field's name, the
generic comm field is given a new filter type (FILTER_COMM). When
this field is used to filter the type is checked. The same is done
for the cpu filter field.
Two new special filter types are added: "COMM" and "CPU". This allows
users to still filter the tasks comm for events that have "comm" as
one of their fields, in cases that users would like to filter
sched_migrate_task on the comm of the task that called the event, and
not the comm of the task that is being migrated"
* tag 'trace-fixes-v4.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Do not have 'comm' filter override event 'comm' field
If firmware doesn't implement any of the ARS commands, take that to
mean that ARS is unsupported, and continue to initialize regions without
bad block lists. We cannot make the assumption that ARS commands will be
unconditionally supported on all NVDIMMs.
Reported-by: Haozhong Zhang <haozhong.zhang@intel.com>
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
Acked-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Tested-by: Haozhong Zhang <haozhong.zhang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Allow zero size updates. This makes set_memory_xx() consistent with x86, s390 and arm64 and makes apply_to_page_range() not to BUG() when loading modules.
Signed-off-by: Mika Penttilä mika.penttila@nextfour.com
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Two small fixes that restore PRIME support.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJW2anuAAoJEN0jrNd/PrOh13MQALkg+XDrpvSoE+EKezEx1p6W
MDFjNF8jMuxX+5VNudKjghKr7MRXEmiAY+8BvF7t1+jpQB5eK/t7VKF0PS1Zu1ZW
/hwtbeFP+DexIM3vz0y1KA0ixCQWt4v1aGMaj6R2n2BNoC0jVlGPHxFBGfRZj2hs
R/MgjRmh1Em0h8me+Bbao3K79DlH1rtieXtHgIDZ1tPG1N/aKfhR9R+xw0IB9cRe
FCuClsaUuY8Cj70bialoXyxkS/rlb4nNmHNdY1QA4EUSVpij/8iJ2jZNOlfLr7Fr
4AKcXGRz95OED8v3IS/RwyabYZ8cy5ZHQsfpRJbs771vMSbG+KDsQYtgpcQ6ytKY
TQ82ibbkR6YmHblJ62GRxmQFGUut5ZztZ3c3mn/l2LUR74S2vGpbXn22Sa+dC1IG
2Hx1sNCs7zk9BgKhaUDTpwGSiMtV0CgDuUS8joCXG2oHmQoDUChyi7kX5ipkQVhl
0OvK8A3D5roBCbgeBT2yK1m7ckwLrwihxrkMArq/397h9AyUwYztPupxoHKP9x1p
HwnqvsHANCjA+32k4JlUx2MyatOmiR2Fd6d5dvyxbJ6PzoD39IjZWW8g6TzYSjES
4ejNJGIg3JL2kshRbr/O13YPuG/fbhNfKTV/QJCJZMkZ1lhye5jvJnCtc11/JN1A
INS5gV8PKid90GuQA4Bq
=u/CF
-----END PGP SIGNATURE-----
Merge tag 'drm/tegra/for-4.5-rc7' of git://anongit.freedesktop.org/tegra/linux into drm-fixes
drm/tegra: Fixes for v4.5-rc7
Two small fixes that restore PRIME support.
* tag 'drm/tegra/for-4.5-rc7' of git://anongit.freedesktop.org/tegra/linux:
gpu: host1x: Set DMA ops on device creation
gpu: host1x: Set DMA mask
Avoid sending a partially initialised `siginfo_t' structure along SIGFPE
signals issued from `do_ov' and `do_trap_or_bp', leading to information
leaking from the kernel stack.
Signed-off-by: Maciej W. Rozycki <macro@imgtec.com>
Cc: stable@vger.kernel.org
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
* pm-cpufreq-fixes:
cpufreq: mediatek: allow building as a module
cpufreq: qoriq: allow building as module with THERMAL=m
* pm-sleep-fixes:
PM / sleep / x86: Fix crash on graph trace through x86 suspend
Add support for the format change of MClientReply/MclientCaps.
Also add code that denies access to inodes with pool_ns layouts.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Currently host1x-instanciated devices have their dma_ops left to NULL,
which makes any DMA operation (like buffer import) on ARM64 fallback
to the dummy_dma_ops and fail with an error.
This patch calls of_dma_configure() with the host1x node when creating
such a device, so the proper DMA operations are set.
Suggested-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
The default DMA mask covers a 32 bits address range, but host1x devices
can address a larger range on TK1 and TX1. Set the DMA mask to the range
addressable when we use the IOMMU to prevent the use of bounce buffers.
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Commit 9f61668073 "tracing: Allow triggers to filter for CPU ids and
process names" added a 'comm' filter that will filter events based on the
current tasks struct 'comm'. But this now hides the ability to filter events
that have a 'comm' field too. For example, sched_migrate_task trace event.
That has a 'comm' field of the task to be migrated.
echo 'comm == "bash"' > events/sched_migrate_task/filter
will now filter all sched_migrate_task events for tasks named "bash" that
migrates other tasks (in interrupt context), instead of seeing when "bash"
itself gets migrated.
This fix requires a couple of changes.
1) Change the look up order for filter predicates to look at the events
fields before looking at the generic filters.
2) Instead of basing the filter function off of the "comm" name, have the
generic "comm" filter have its own filter_type (FILTER_COMM). Test
against the type instead of the name to assign the filter function.
3) Add a new "COMM" filter that works just like "comm" but will filter based
on the current task, even if the trace event contains a "comm" field.
Do the same for "cpu" field, adding a FILTER_CPU and a filter "CPU".
Cc: stable@vger.kernel.org # v4.3+
Fixes: 9f61668073 "tracing: Allow triggers to filter for CPU ids and process names"
Reported-by: Matt Fleming <matt@codeblueprint.co.uk>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Defer to register acomp eld notifier until hdmi audio driver
is fully ready.
After registering eld notifier, gfx driver can use this
callback function to notify audio driver the monitor
connection event. However this action may happen when
audio driver is adding the pins or doing other initialization.
This is not always safe, however. For example, using
per_pin->lock before the lock is initialized.
Let's register the eld notifier after the initialization is done.
Signed-off-by: Libin Yang <libin.yang@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
To make sure audio_ptr is set before intel_audio_codec_enable()
or intel_audio_codec_disable() calling pin_eld_notify(),
this patch adds wmb barrier to prevent optimizing.
Signed-off-by: Libin Yang <libin.yang@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
lbarx/stbcx. are implemented on e6500, but not on e5500.
Likewise, SMT is on e6500, but not on e5500.
So, avoid executing an unimplemented instruction by only locking
when needed (i.e. in the presence of SMT).
Signed-off-by: Scott Wood <oss@buserror.net>
Small conflict as I had the balance in my tree already for testing.
* tag 'drm-intel-fixes-2016-03-03' of git://anongit.freedesktop.org/drm-intel:
drm/i915: Balance assert_rpm_wakelock_held() for !IS_ENABLED(CONFIG_PM)
drm/i915/skl: Fix power domain suspend sequence
When looking for orphan roots during mount we can end up hitting a
BUG_ON() (at root-item.c:btrfs_find_orphan_roots()) if a log tree is
replayed and qgroups are enabled. This is because after a log tree is
replayed, a transaction commit is made, which triggers qgroup extent
accounting which in turn does backref walking which ends up reading and
inserting all roots in the radix tree fs_info->fs_root_radix, including
orphan roots (deleted snapshots). So after the log tree is replayed, when
finding orphan roots we hit the BUG_ON with the following trace:
[118209.182438] ------------[ cut here ]------------
[118209.183279] kernel BUG at fs/btrfs/root-tree.c:314!
[118209.184074] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[118209.185123] Modules linked in: btrfs dm_flakey dm_mod crc32c_generic ppdev xor raid6_pq evdev sg parport_pc parport acpi_cpufreq tpm_tis tpm psmouse
processor i2c_piix4 serio_raw pcspkr i2c_core button loop autofs4 ext4 crc16 mbcache jbd2 sd_mod sr_mod cdrom ata_generic virtio_scsi ata_piix libata
virtio_pci virtio_ring virtio scsi_mod e1000 floppy [last unloaded: btrfs]
[118209.186318] CPU: 14 PID: 28428 Comm: mount Tainted: G W 4.5.0-rc5-btrfs-next-24+ #1
[118209.186318] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS by qemu-project.org 04/01/2014
[118209.186318] task: ffff8801ec131040 ti: ffff8800af34c000 task.ti: ffff8800af34c000
[118209.186318] RIP: 0010:[<ffffffffa04237d7>] [<ffffffffa04237d7>] btrfs_find_orphan_roots+0x1fc/0x244 [btrfs]
[118209.186318] RSP: 0018:ffff8800af34faa8 EFLAGS: 00010246
[118209.186318] RAX: 00000000ffffffef RBX: 00000000ffffffef RCX: 0000000000000001
[118209.186318] RDX: 0000000080000000 RSI: 0000000000000001 RDI: 00000000ffffffff
[118209.186318] RBP: ffff8800af34fb08 R08: 0000000000000001 R09: 0000000000000000
[118209.186318] R10: ffff8800af34f9f0 R11: 6db6db6db6db6db7 R12: ffff880171b97000
[118209.186318] R13: ffff8801ca9d65e0 R14: ffff8800afa2e000 R15: 0000160000000000
[118209.186318] FS: 00007f5bcb914840(0000) GS:ffff88023edc0000(0000) knlGS:0000000000000000
[118209.186318] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[118209.186318] CR2: 00007f5bcaceb5d9 CR3: 00000000b49b5000 CR4: 00000000000006e0
[118209.186318] Stack:
[118209.186318] fffffbffffffffff 010230ffffffffff 0101000000000000 ff84000000000000
[118209.186318] fbffffffffffffff 30ffffffffffffff 0000000000000101 ffff880082348000
[118209.186318] 0000000000000000 ffff8800afa2e000 ffff8800afa2e000 0000000000000000
[118209.186318] Call Trace:
[118209.186318] [<ffffffffa042e2db>] open_ctree+0x1e37/0x21b9 [btrfs]
[118209.186318] [<ffffffffa040a753>] btrfs_mount+0x97e/0xaed [btrfs]
[118209.186318] [<ffffffff8108e1c0>] ? trace_hardirqs_on+0xd/0xf
[118209.186318] [<ffffffff8117b87e>] mount_fs+0x67/0x131
[118209.186318] [<ffffffff81192d2b>] vfs_kern_mount+0x6c/0xde
[118209.186318] [<ffffffffa0409f81>] btrfs_mount+0x1ac/0xaed [btrfs]
[118209.186318] [<ffffffff8108e1c0>] ? trace_hardirqs_on+0xd/0xf
[118209.186318] [<ffffffff8108c26b>] ? lockdep_init_map+0xb9/0x1b3
[118209.186318] [<ffffffff8117b87e>] mount_fs+0x67/0x131
[118209.186318] [<ffffffff81192d2b>] vfs_kern_mount+0x6c/0xde
[118209.186318] [<ffffffff81195637>] do_mount+0x8a6/0x9e8
[118209.186318] [<ffffffff8119598d>] SyS_mount+0x77/0x9f
[118209.186318] [<ffffffff81493017>] entry_SYSCALL_64_fastpath+0x12/0x6b
[118209.186318] Code: 64 00 00 85 c0 89 c3 75 24 f0 41 80 4c 24 20 20 49 8b bc 24 f0 01 00 00 4c 89 e6 e8 e8 65 00 00 85 c0 89 c3 74 11 83 f8 ef 75 02 <0f> 0b
4c 89 e7 e8 da 72 00 00 eb 1c 41 83 bc 24 00 01 00 00 00
[118209.186318] RIP [<ffffffffa04237d7>] btrfs_find_orphan_roots+0x1fc/0x244 [btrfs]
[118209.186318] RSP <ffff8800af34faa8>
[118209.230735] ---[ end trace 83938f987d85d477 ]---
So fix this by not treating the error -EEXIST, returned when attempting
to insert a root already inserted by the backref walking code, as an error.
The following test case for xfstests reproduces the bug:
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_cleanup()
{
_cleanup_flakey
cd /
rm -f $tmp.*
}
# get standard environment, filters and checks
. ./common/rc
. ./common/filter
. ./common/dmflakey
# real QA test starts here
_supported_fs btrfs
_supported_os Linux
_require_scratch
_require_dm_target flakey
_require_metadata_journaling $SCRATCH_DEV
rm -f $seqres.full
_scratch_mkfs >>$seqres.full 2>&1
_init_flakey
_mount_flakey
_run_btrfs_util_prog quota enable $SCRATCH_MNT
# Create 2 directories with one file in one of them.
# We use these just to trigger a transaction commit later, moving the file from
# directory a to directory b and doing an fsync against directory a.
mkdir $SCRATCH_MNT/a
mkdir $SCRATCH_MNT/b
touch $SCRATCH_MNT/a/f
sync
# Create our test file with 2 4K extents.
$XFS_IO_PROG -f -s -c "pwrite -S 0xaa 0 8K" $SCRATCH_MNT/foobar | _filter_xfs_io
# Create a snapshot and delete it. This doesn't really delete the snapshot
# immediately, just makes it inaccessible and invisible to user space, the
# snapshot is deleted later by a dedicated kernel thread (cleaner kthread)
# which is woke up at the next transaction commit.
# A root orphan item is inserted into the tree of tree roots, so that if a
# power failure happens before the dedicated kernel thread does the snapshot
# deletion, the next time the filesystem is mounted it resumes the snapshot
# deletion.
_run_btrfs_util_prog subvolume snapshot $SCRATCH_MNT $SCRATCH_MNT/snap
_run_btrfs_util_prog subvolume delete $SCRATCH_MNT/snap
# Now overwrite half of the extents we wrote before. Because we made a snapshpot
# before, which isn't really deleted yet (since no transaction commit happened
# after we did the snapshot delete request), the non overwritten extents get
# referenced twice, once by the default subvolume and once by the snapshot.
$XFS_IO_PROG -c "pwrite -S 0xbb 4K 8K" $SCRATCH_MNT/foobar | _filter_xfs_io
# Now move file f from directory a to directory b and fsync directory a.
# The fsync on the directory a triggers a transaction commit (because a file
# was moved from it to another directory) and the file fsync leaves a log tree
# with file extent items to replay.
mv $SCRATCH_MNT/a/f $SCRATCH_MNT/a/b
$XFS_IO_PROG -c "fsync" $SCRATCH_MNT/a
$XFS_IO_PROG -c "fsync" $SCRATCH_MNT/foobar
echo "File digest before power failure:"
md5sum $SCRATCH_MNT/foobar | _filter_scratch
# Now simulate a power failure and mount the filesystem to replay the log tree.
# After the log tree was replayed, we used to hit a BUG_ON() when processing
# the root orphan item for the deleted snapshot. This is because when processing
# an orphan root the code expected to be the first code inserting the root into
# the fs_info->fs_root_radix radix tree, while in reallity it was the second
# caller attempting to do it - the first caller was the transaction commit that
# took place after replaying the log tree, when updating the qgroup counters.
_flakey_drop_and_remount
echo "File digest before after failure:"
# Must match what he got before the power failure.
md5sum $SCRATCH_MNT/foobar | _filter_scratch
_unmount_flakey
status=0
exit
Fixes: 2d9e977610 ("Btrfs: use btrfs_get_fs_root in resolve_indirect_ref")
Cc: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
This patch adds support for larger requests in blk_rq_map_user_iov by
allowing it to build multiple bios for a request. This functionality
used to exist for the non-vectored blk_rq_map_user in the past, and
this patch reuses the existing functionality for it on the unmap side,
which stuck around. Thanks to the iov_iter API supporting multiple
bios is fairly trivial, as we can just iterate the iov until we've
consumed the whole iov_iter.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Jeff Lien <Jeff.Lien@hgst.com>
Tested-by: Jeff Lien <Jeff.Lien@hgst.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Driver private request types should not get the artifical cap for the
FS requests. This is important to use the full device capabilities
for internal command or NVMe pass through commands.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Jeff Lien <Jeff.Lien@hgst.com>
Tested-by: Jeff Lien <Jeff.Lien@hgst.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Updated by me to use an explicit check for the one command type that
does support extended checking, instead of relying on the ordering
of the enum command values - as suggested by Keith.
Signed-off-by: Jens Axboe <axboe@fb.com>
The block layer uses an unsigned short for max_segments. The way we
calculate the value for NVMe tends to generate very large 32-bit values,
which after integer truncation may lead to a zero value instead of
the desired outcome.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Jeff Lien <Jeff.Lien@hgst.com>
Tested-by: Jeff Lien <Jeff.Lien@hgst.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Factor out a helper to set all the device specific queue limits and apply
them to the admin queue in addition to the I/O queues. Without this the
command size on the admin queue is arbitrarily low, and the missing
other limitations are just minefields waiting for victims.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Jeff Lien <Jeff.Lien@hgst.com>
Tested-by: Jeff Lien <Jeff.Lien@hgst.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
If cgroup writeback is in use, inodes can be scheduled for
asynchronous wb switching. Before 5ff8eaac16 ("writeback: keep
superblock pinned during cgroup writeback association switches"), this
could race with umount leading to super_block being destroyed while
inodes are pinned for wb switching. 5ff8eaac16 fixed it by bumping
s_active while wb switches are in flight; however, this allowed
in-flight wb switches to make umounts asynchronous when the userland
expected synchronosity - e.g. fsck immediately following umount may
fail because the device is still busy.
This patch removes the problematic super_block pinning and instead
makes generic_shutdown_super() flush in-flight wb switches. wb
switches are now executed on a dedicated isw_wq so that they can be
flushed and isw_nr_in_flight keeps track of the number of in-flight wb
switches so that flushing can be avoided in most cases.
v2: Move cgroup_writeback_umount() further below and add MS_ACTIVE
check in inode_switch_wbs() as Jan an Al suggested.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Tahsin Erdogan <tahsin@google.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Link: http://lkml.kernel.org/g/CAAeU0aNCq7LGODvVGRU-oU_o-6enii5ey0p1c26D1ZzYwkDc5A@mail.gmail.com
Fixes: 5ff8eaac16 ("writeback: keep superblock pinned during cgroup writeback association switches")
Cc: stable@vger.kernel.org #v4.5
Reviewed-by: Jan Kara <jack@suse.cz>
Tested-by: Tahsin Erdogan <tahsin@google.com>
Signed-off-by: Jens Axboe <axboe@fb.com>