Linus Torvalds [Fri, 8 Dec 2017 21:11:57 +0000 (13:11 -0800)]
Merge tag 'drm-fixes-for-v4.15-rc3' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"This pull is a bit larger than I'd like but a large bunch of it is
license fixes, AMD wanted to fix the licenses for a bunch of files
that were missing them,
Otherwise a bunch of TTM regression fix since the hugepage support,
some i915 and gvt fixes, a core connector free in a safe context fix,
and one bridge fix"
* tag 'drm-fixes-for-v4.15-rc3' of git://people.freedesktop.org/~airlied/linux: (26 commits)
drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback
Revert "drm/i915: Display WA #1133 WaFbcSkipSegments:cnl, glk"
drm/vc4: Fix false positive WARN() backtrace on refcount_inc() usage
drm/i915: Call i915_gem_init_userptr() before taking struct_mutex
drm/exynos: remove unnecessary function declaration
drm/exynos: remove unnecessary descrptions
drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
drm/exynos: Fix dma-buf import
drm/ttm: swap consecutive allocated pooled pages v4
drm: safely free connectors from connector_iter
drm/i915/gvt: set max priority for gvt context
drm/i915/gvt: Don't mark vgpu context as inactive when preempted
drm/i915/gvt: Limit read hw reg to active vgpu
drm/i915/gvt: Export intel_gvt_render_mmio_to_ring_id()
drm/i915/gvt: Emulate PCI expansion ROM base address register
drm/ttm: swap consecutive allocated cached pages v3
drm/ttm: roundup the shrink request to prevent skip huge pool
drm/ttm: add page order support in ttm_pages_put
drm/ttm: add set_pages_wb for handling page order more than zero
drm/ttm: add page order in page pool
...
Linus Torvalds [Fri, 8 Dec 2017 21:03:02 +0000 (13:03 -0800)]
Merge tag 'md/4.15-rc2' of git://git./linux/kernel/git/shli/md
Pull md fixes from Shaohua Li:
"Some MD fixes.
The notable one is a raid5-cache deadlock bug with dm-raid, others are
not significant"
* tag 'md/4.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md:
md/raid1/10: add missed blk plug
md: limit mdstat resync progress to max_sectors
md/r5cache: move mddev_lock() out of r5c_journal_mode_set()
md/raid5: correct degraded calculation in raid5_error
Linus Torvalds [Fri, 8 Dec 2017 21:00:51 +0000 (13:00 -0800)]
Merge tag 'devicetree-fixes-for-4.15-part2' of git://git./linux/kernel/git/robh/linux
Pull DeviceTree fixes from Rob Herring:
"Another set of DT fixes:
- Fixes from overlay code rework. A trifecta of fixes to the locking,
an out of bounds access, and a memory leak in of_overlay_apply()
- Clean-up at25 eeprom binding document
- Remove leading '0x' in unit-addresses from binding docs"
* tag 'devicetree-fixes-for-4.15-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
of: overlay: Make node skipping in init_overlay_changeset() clearer
of: overlay: Fix out-of-bounds write in init_overlay_changeset()
of: overlay: Fix (un)locking in of_overlay_apply()
of: overlay: Fix memory leak in of_overlay_apply() error path
dt-bindings: eeprom: at25: Document device-specific compatible values
dt-bindings: eeprom: at25: Grammar s/are can/can/
dt-bindings: Remove leading 0x from bindings notation
of: overlay: Remove else after goto
of: Spelling s/changset/changeset/
of: unittest: Remove bogus overlay mutex release from overlay_data_add()
Linus Torvalds [Fri, 8 Dec 2017 20:58:51 +0000 (12:58 -0800)]
Merge tag 'for_linus' of git://git./linux/kernel/git/mst/vhost
Pull virtio bugfixes from Michael Tsirkin:
"A couple of minor bugfixes"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
virtio_net: fix return value check in receive_mergeable()
virtio_mmio: add cleanup for virtio_mmio_remove
virtio_mmio: add cleanup for virtio_mmio_probe
Linus Torvalds [Fri, 8 Dec 2017 20:53:43 +0000 (12:53 -0800)]
Merge tag 'for-linus-4.15-rc3-tag' of git://git./linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
"Just two small fixes for the new pvcalls frontend driver"
* tag 'for-linus-4.15-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen/pvcalls: Fix a check in pvcalls_front_remove()
xen/pvcalls: check for xenbus_read() errors
Linus Torvalds [Fri, 8 Dec 2017 20:52:09 +0000 (12:52 -0800)]
Merge tag 'powerpc-4.15-4' of git://git./linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
"One notable fix for kexec on Power9, where we were not clearing MMU
PID properly which sometimes leads to hangs. Finally debugged to a
root cause by Nick.
A revert of a patch which tried to rework our panic handling to get
more output on the console, but inadvertently broke reporting the
panic to the hypervisor, which apparently people care about.
Then a fix for an oops in the PMU code, and finally some s/%p/%px/ in
xmon.
Thanks to: David Gibson, Nicholas Piggin, Ravi Bangoria"
* tag 'powerpc-4.15-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/xmon: Don't print hashed pointers in xmon
powerpc/64s: Initialize ISAv3 MMU registers before setting partition table
Revert "powerpc: Do not call ppc_md.panic in fadump panic notifier"
powerpc/perf: Fix oops when grouping different pmu events
Linus Torvalds [Fri, 8 Dec 2017 18:10:17 +0000 (10:10 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux
Pull s390 fixes from Martin Schwidefsky:
- three more patches in regard to the SPDX license tags. The missing
tags for the files in arch/s390/kvm will be merged via the KVM tree.
With that all s390 related files should have their SPDX tags.
- a patch to get rid of 'struct timespec' in the DASD driver.
- bug fixes
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390: fix compat system call table
s390/mm: fix off-by-one bug in 5-level page table handling
s390: Remove redudant license text
s390: add a few more SPDX identifiers
s390/dasd: prevent prefix I/O error
s390: always save and restore all registers on context switch
s390/dasd: remove 'struct timespec' usage
s390/qdio: restrict target-full handling to IQDIO
s390/qdio: consider ERROR buffers for inbound-full condition
s390/virtio: add BSD license to virtio-ccw
Linus Torvalds [Fri, 8 Dec 2017 18:08:23 +0000 (10:08 -0800)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"Fix some more FP register fallout from the SVE patches and also some
problems with the PGD tracking in our software PAN emulation code,
after we received a crash report from a 3.18 kernel running a
backport.
Summary:
- fix SW PAN pgd shadowing for kernel threads, EFI and exiting user
tasks
- fix FP register leak when a task_struct is re-allocated
- fix potential use-after-free in FP state tracking used by KVM"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64/sve: Avoid dereference of dead task_struct in KVM guest entry
arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
arm64: fpsimd: Abstract out binding of task's fpsimd context to the cpu.
arm64: fpsimd: Prevent registers leaking from dead tasks
Linus Torvalds [Fri, 8 Dec 2017 18:05:53 +0000 (10:05 -0800)]
Merge tag 'acpi-4.15-rc3' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"This fixes an out of bounds warning from KASAN in the ACPI CPPC
driver"
* tag 'acpi-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / CPPC: Fix KASAN global out of bounds warning
Linus Torvalds [Fri, 8 Dec 2017 17:58:10 +0000 (09:58 -0800)]
Merge tag 'pm-4.15-rc3' of git://git./linux/kernel/git/rafael/linux-pm
Pull power management fix from Rafael Wysocki:
"This fixes an issue in the device runtime PM framework that prevents
customer devices from resuming if runtime PM is disabled for one or
more of their supplier devices (as reflected by device links between
those devices)"
* tag 'pm-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
PM / runtime: Fix handling of suppliers with disabled runtime PM
Geert Uytterhoeven [Fri, 8 Dec 2017 13:13:03 +0000 (14:13 +0100)]
of: overlay: Make node skipping in init_overlay_changeset() clearer
Make it more clear that nodes without "__overlay__" subnodes are
skipped, by reverting the logic and using continue.
This also reduces indentation level.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Rob Herring <robh@kernel.org>
Geert Uytterhoeven [Fri, 8 Dec 2017 13:13:02 +0000 (14:13 +0100)]
of: overlay: Fix out-of-bounds write in init_overlay_changeset()
If an overlay has no "__symbols__" node, but it has nodes without
"__overlay__" subnodes at the end (e.g. a "__fixups__" node), after
filling in all fragments for nodes with "__overlay__" subnodes,
"fragment = &fragments[cnt]" will point beyond the end of the allocated
array.
Hence writing to "fragment->overlay" will overwrite unallocated memory,
which may lead to a crash later.
Fix this by deferring both the assignment to "fragment" and the
offending write afterwards until we know for sure the node has an
"__overlay__" subnode, and thus a valid entry in "fragments[]".
Fixes: 61b4de4e0b384f4a ("of: overlay: minor restructuring")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Rob Herring <robh@kernel.org>
Dave Airlie [Thu, 7 Dec 2017 22:17:53 +0000 (08:17 +1000)]
Merge tag 'drm-misc-fixes-2017-12-07' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
regression fix for vc4 + rpm stable fix for analogix bridge
* tag 'drm-misc-fixes-2017-12-07' of git://anongit.freedesktop.org/drm/drm-misc:
drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback
drm/vc4: Fix false positive WARN() backtrace on refcount_inc() usage
Dave Airlie [Thu, 7 Dec 2017 22:17:09 +0000 (08:17 +1000)]
Merge tag 'drm-intel-fixes-2017-12-07' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
- Fix for fd.o bug #103997 CNL eDP + HDMI causing a machine hard hang (James)
- Fix to allow suspending with a wedged GPU to hopefully unwedge it (Chris)
- Fix for Gen2 vblank timestap/frame counter jumps (Ville)
- Revert of a W/A for enabling FBC on CNL/GLK for certain images
and sizes (Rodrigo)
- Lockdep fix for i915 userptr code (Chris)
gvt-fixes-2017-12-06
- Fix invalid hw reg read value for vGPU (Xiong)
- Fix qemu warning on PCI ROM bar missing (Changbin)
- Workaround preemption regression (Zhenyu)
* tag 'drm-intel-fixes-2017-12-07' of git://anongit.freedesktop.org/drm/drm-intel:
Revert "drm/i915: Display WA #1133 WaFbcSkipSegments:cnl, glk"
drm/i915: Call i915_gem_init_userptr() before taking struct_mutex
drm/i915/gvt: set max priority for gvt context
drm/i915/gvt: Don't mark vgpu context as inactive when preempted
drm/i915/gvt: Limit read hw reg to active vgpu
drm/i915/gvt: Export intel_gvt_render_mmio_to_ring_id()
drm/i915/gvt: Emulate PCI expansion ROM base address register
drm/i915/cnl: Mask previous DDI - PLL mapping
drm/i915: Fix vblank timestamp/frame counter jumps on gen2
drm/i915: Skip switch-to-kernel-context on suspend when wedged
Dave Airlie [Thu, 7 Dec 2017 22:15:09 +0000 (08:15 +1000)]
Merge tag 'exynos-drm-fixes-for-v4.15-rc3' of git://git./linux/kernel/git/daeinki/drm-exynos into drm-fixes
- fix page fault issue due to using wrong device object in prime import.
- drop NONCONTIG flag without IOMMU support.
- remove unnecessary members and declaration.
* tag 'exynos-drm-fixes-for-v4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos:
drm/exynos: remove unnecessary function declaration
drm/exynos: remove unnecessary descrptions
drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
drm/exynos: Fix dma-buf import
Yunjian Wang [Mon, 4 Dec 2017 06:02:19 +0000 (14:02 +0800)]
virtio_net: fix return value check in receive_mergeable()
The function virtqueue_get_buf_ctx() could return NULL, the return
value 'buf' need to be checked with NULL, not value 'ctx'.
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
weiping zhang [Wed, 6 Dec 2017 13:59:32 +0000 (21:59 +0800)]
virtio_mmio: add cleanup for virtio_mmio_remove
cleanup all resource allocated by virtio_mmio_probe.
Signed-off-by: weiping zhang <zhangweiping@didichuxing.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
weiping zhang [Wed, 6 Dec 2017 13:59:16 +0000 (21:59 +0800)]
virtio_mmio: add cleanup for virtio_mmio_probe
As mentioned at drivers/base/core.c:
/*
* NOTE: _Never_ directly free @dev after calling this function, even
* if it returned an error! Always use put_device() to give up the
* reference initialized in this function instead.
*/
so we don't free vm_dev until vm_dev.dev.release be called.
Signed-off-by: weiping zhang <zhangweiping@didichuxing.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Marek Szyprowski [Tue, 21 Nov 2017 07:49:36 +0000 (08:49 +0100)]
drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback
get_modes() callback might be called asynchronously from the DRM core and
it is not synchronized with bridge_enable(), which sets proper runtime PM
state of the main DP device. Fix this by calling pm_runtime_get_sync()
before calling drm_get_edid(), which in turn calls drm_dp_i2c_xfer() and
analogix_dp_transfer() to ensure that main DP device is runtime active
when doing any access to its registers.
This fixes the following kernel issue on Samsung Exynos5250 Snow board:
Unhandled fault: imprecise external abort (0x406) at 0x00000000
pgd =
c0004000
[
00000000] *pgd=
00000000
Internal error: : 406 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 62 Comm: kworker/0:2 Not tainted
4.13.0-rc2-00364-g4a97a3da420b #3357
Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
Workqueue: events output_poll_execute
task:
edc14800 task.stack:
edcb2000
PC is at analogix_dp_transfer+0x15c/0x2fc
LR is at analogix_dp_transfer+0x134/0x2fc
pc : [<
c0468538>] lr : [<
c0468510>] psr:
60000013
sp :
edcb3be8 ip :
0000002a fp :
00000001
r10:
00000000 r9 :
edcb3cd8 r8 :
edcb3c40
r7 :
00000000 r6 :
edd3b380 r5 :
edd3b010 r4 :
00000064
r3 :
00000000 r2 :
f0ad3000 r1 :
edcb3c40 r0 :
edd3b010
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control:
10c5387d Table:
4000406a DAC:
00000051
Process kworker/0:2 (pid: 62, stack limit = 0xedcb2210)
Stack: (0xedcb3be8 to 0xedcb4000)
[<
c0468538>] (analogix_dp_transfer) from [<
c0424ba4>] (drm_dp_i2c_do_msg+0x8c/0x2b4)
[<
c0424ba4>] (drm_dp_i2c_do_msg) from [<
c0424e64>] (drm_dp_i2c_xfer+0x98/0x214)
[<
c0424e64>] (drm_dp_i2c_xfer) from [<
c057b2d8>] (__i2c_transfer+0x140/0x29c)
[<
c057b2d8>] (__i2c_transfer) from [<
c057b4a4>] (i2c_transfer+0x70/0xe4)
[<
c057b4a4>] (i2c_transfer) from [<
c0441de4>] (drm_do_probe_ddc_edid+0xb4/0x114)
[<
c0441de4>] (drm_do_probe_ddc_edid) from [<
c0441e5c>] (drm_probe_ddc+0x18/0x28)
[<
c0441e5c>] (drm_probe_ddc) from [<
c0445728>] (drm_get_edid+0x124/0x2d4)
[<
c0445728>] (drm_get_edid) from [<
c0465ea0>] (analogix_dp_get_modes+0x90/0x114)
[<
c0465ea0>] (analogix_dp_get_modes) from [<
c0425e8c>] (drm_helper_probe_single_connector_modes+0x198/0x68c)
[<
c0425e8c>] (drm_helper_probe_single_connector_modes) from [<
c04325d4>] (drm_setup_crtcs+0x1b4/0xd18)
[<
c04325d4>] (drm_setup_crtcs) from [<
c04344a8>] (drm_fb_helper_hotplug_event+0x94/0xd0)
[<
c04344a8>] (drm_fb_helper_hotplug_event) from [<
c0425a50>] (drm_kms_helper_hotplug_event+0x24/0x28)
[<
c0425a50>] (drm_kms_helper_hotplug_event) from [<
c04263ec>] (output_poll_execute+0x6c/0x174)
[<
c04263ec>] (output_poll_execute) from [<
c0136f18>] (process_one_work+0x188/0x3fc)
[<
c0136f18>] (process_one_work) from [<
c01371f4>] (worker_thread+0x30/0x4b8)
[<
c01371f4>] (worker_thread) from [<
c013daf8>] (kthread+0x128/0x164)
[<
c013daf8>] (kthread) from [<
c0108510>] (ret_from_fork+0x14/0x24)
Code:
0a000002 ea000009 e2544001 0a00004a (
e59537c8)
---[ end trace
cddc7919c79f7878 ]---
Reported-by: Misha Komarovskiy <zombah@gmail.com>
CC: stable@vger.kernel.org # v4.10+
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Archit Taneja <architt@codeaurora.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20171121074936.22520-1-m.szyprowski@samsung.com
Joonas Lahtinen [Thu, 7 Dec 2017 11:35:32 +0000 (13:35 +0200)]
Merge tag 'gvt-fixes-2017-12-06' of https://github.com/intel/gvt-linux into drm-intel-fixes
gvt-fixes-2017-12-06
- Fix invalid hw reg read value for vGPU (Xiong)
- Fix qemu warning on PCI ROM bar missing (Changbin)
- Workaround preemption regression (Zhenyu)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20171206075105.wlh2ojubjczlstox@zhen-hp.sh.intel.com
Radhakrishna Sripada [Wed, 6 Dec 2017 22:25:07 +0000 (14:25 -0800)]
Revert "drm/i915: Display WA #1133 WaFbcSkipSegments:cnl, glk"
This reverts commit
8f067837c4b713ce2e69be95af7b2a5eb3bd7de8.
HSD says "WA withdrawn. It was causing corruption with some images.
WA is not strictly necessary since this bug just causes loss of FBC
compression with some sizes and images, but doesn't break anything."
Fixes: 8f067837c4b7 ("drm/i915: Display WA #1133 WaFbcSkipSegments:cnl, glk")
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Radhakrishna Sripada <radhakrishna.sripada@intel.com>
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20171117010825.23118-1-radhakrishna.sripada@intel.com
(cherry picked from commit
0cfecb7c4b9b45ed1776162e132b43f92564f3f4)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Boris Brezillon [Wed, 22 Nov 2017 20:39:28 +0000 (21:39 +0100)]
drm/vc4: Fix false positive WARN() backtrace on refcount_inc() usage
With CONFIG_REFCOUNT_FULL enabled, refcount_inc() complains when it's
passed a refcount object that has its counter set to 0. In this driver,
this is a valid use case since we want to increment ->usecnt only when
the BO object starts to be used by real HW components and this is
definitely not the case when the BO is created.
Fix the problem by using refcount_inc_not_zero() instead of
refcount_inc() and fallback to refcount_set(1) when
refcount_inc_not_zero() returns false. Note that this 2-steps operation
is not racy here because the whole section is protected by a mutex
which guarantees that the counter does not change between the
refcount_inc_not_zero() and refcount_set() calls.
Fixes: b9f19259b84d ("drm/vc4: Add the DRM_IOCTL_VC4_GEM_MADVISE ioctl")
Reported-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Acked-by: Eric Anholt <eric@anholt.net>
Link: https://patchwork.freedesktop.org/patch/msgid/20171122203928.28135-1-boris.brezillon@free-electrons.com
Chris Wilson [Wed, 22 Nov 2017 17:26:21 +0000 (17:26 +0000)]
drm/i915: Call i915_gem_init_userptr() before taking struct_mutex
We don't need struct_mutex to initialise userptr (it just allocates a
workqueue for itself etc), but we do need struct_mutex later on in
i915_gem_init() in order to feed requests onto the HW.
This should break the chain
[ 385.697902] ======================================================
[ 385.697907] WARNING: possible circular locking dependency detected
[ 385.697913] 4.14.0-CI-Patchwork_7234+ #1 Tainted: G U
[ 385.697917] ------------------------------------------------------
[ 385.697922] perf_pmu/2631 is trying to acquire lock:
[ 385.697927] (&mm->mmap_sem){++++}, at: [<
ffffffff811bfe1e>] __might_fault+0x3e/0x90
[ 385.697941]
but task is already holding lock:
[ 385.697946] (&cpuctx_mutex){+.+.}, at: [<
ffffffff8116fe8c>] perf_event_ctx_lock_nested+0xbc/0x1d0
[ 385.697957]
which lock already depends on the new lock.
[ 385.697963]
the existing dependency chain (in reverse order) is:
[ 385.697970]
-> #4 (&cpuctx_mutex){+.+.}:
[ 385.697980] __mutex_lock+0x86/0x9b0
[ 385.697985] perf_event_init_cpu+0x5a/0x90
[ 385.697991] perf_event_init+0x178/0x1a4
[ 385.697997] start_kernel+0x27f/0x3f1
[ 385.698003] verify_cpu+0x0/0xfb
[ 385.698006]
-> #3 (pmus_lock){+.+.}:
[ 385.698015] __mutex_lock+0x86/0x9b0
[ 385.698020] perf_event_init_cpu+0x21/0x90
[ 385.698025] cpuhp_invoke_callback+0xca/0xc00
[ 385.698030] _cpu_up+0xa7/0x170
[ 385.698035] do_cpu_up+0x57/0x70
[ 385.698039] smp_init+0x62/0xa6
[ 385.698044] kernel_init_freeable+0x97/0x193
[ 385.698050] kernel_init+0xa/0x100
[ 385.698055] ret_from_fork+0x27/0x40
[ 385.698058]
-> #2 (cpu_hotplug_lock.rw_sem){++++}:
[ 385.698068] cpus_read_lock+0x39/0xa0
[ 385.698073] apply_workqueue_attrs+0x12/0x50
[ 385.698078] __alloc_workqueue_key+0x1d8/0x4d8
[ 385.698134] i915_gem_init_userptr+0x5f/0x80 [i915]
[ 385.698176] i915_gem_init+0x7c/0x390 [i915]
[ 385.698213] i915_driver_load+0x99e/0x15c0 [i915]
[ 385.698250] i915_pci_probe+0x33/0x90 [i915]
[ 385.698256] pci_device_probe+0xa1/0x130
[ 385.698262] driver_probe_device+0x293/0x440
[ 385.698267] __driver_attach+0xde/0xe0
[ 385.698272] bus_for_each_dev+0x5c/0x90
[ 385.698277] bus_add_driver+0x16d/0x260
[ 385.698282] driver_register+0x57/0xc0
[ 385.698287] do_one_initcall+0x3e/0x160
[ 385.698292] do_init_module+0x5b/0x1fa
[ 385.698297] load_module+0x2374/0x2dc0
[ 385.698302] SyS_finit_module+0xaa/0xe0
[ 385.698307] entry_SYSCALL_64_fastpath+0x1c/0xb1
[ 385.698311]
-> #1 (&dev->struct_mutex){+.+.}:
[ 385.698320] __mutex_lock+0x86/0x9b0
[ 385.698361] i915_mutex_lock_interruptible+0x4c/0x130 [i915]
[ 385.698403] i915_gem_fault+0x206/0x760 [i915]
[ 385.698409] __do_fault+0x1a/0x70
[ 385.698413] __handle_mm_fault+0x7c4/0xdb0
[ 385.698417] handle_mm_fault+0x154/0x300
[ 385.698440] __do_page_fault+0x2d6/0x570
[ 385.698445] page_fault+0x22/0x30
[ 385.698449]
-> #0 (&mm->mmap_sem){++++}:
[ 385.698459] lock_acquire+0xaf/0x200
[ 385.698464] __might_fault+0x68/0x90
[ 385.698470] _copy_to_user+0x1e/0x70
[ 385.698475] perf_read+0x1aa/0x290
[ 385.698480] __vfs_read+0x23/0x120
[ 385.698484] vfs_read+0xa3/0x150
[ 385.698488] SyS_read+0x45/0xb0
[ 385.698493] entry_SYSCALL_64_fastpath+0x1c/0xb1
[ 385.698497]
other info that might help us debug this:
[ 385.698505] Chain exists of:
&mm->mmap_sem --> pmus_lock --> &cpuctx_mutex
[ 385.698517] Possible unsafe locking scenario:
[ 385.698522] CPU0 CPU1
[ 385.698526] ---- ----
[ 385.698529] lock(&cpuctx_mutex);
[ 385.698553] lock(pmus_lock);
[ 385.698558] lock(&cpuctx_mutex);
[ 385.698564] lock(&mm->mmap_sem);
[ 385.698568]
*** DEADLOCK ***
[ 385.698574] 1 lock held by perf_pmu/2631:
[ 385.698578] #0: (&cpuctx_mutex){+.+.}, at: [<
ffffffff8116fe8c>] perf_event_ctx_lock_nested+0xbc/0x1d0
[ 385.698589]
stack backtrace:
[ 385.698595] CPU: 3 PID: 2631 Comm: perf_pmu Tainted: G U 4.14.0-CI-Patchwork_7234+ #1
[ 385.698602] Hardware name: /NUC6CAYB, BIOS AYAPLCEL.86A.0040.2017.0619.1722 06/19/2017
[ 385.698609] Call Trace:
[ 385.698615] dump_stack+0x5f/0x86
[ 385.698621] print_circular_bug.isra.18+0x1d0/0x2c0
[ 385.698627] __lock_acquire+0x19c3/0x1b60
[ 385.698634] ? generic_exec_single+0x77/0xe0
[ 385.698640] ? lock_acquire+0xaf/0x200
[ 385.698644] lock_acquire+0xaf/0x200
[ 385.698650] ? __might_fault+0x3e/0x90
[ 385.698655] __might_fault+0x68/0x90
[ 385.698660] ? __might_fault+0x3e/0x90
[ 385.698665] _copy_to_user+0x1e/0x70
[ 385.698670] perf_read+0x1aa/0x290
[ 385.698675] __vfs_read+0x23/0x120
[ 385.698682] ? __fget+0x101/0x1f0
[ 385.698686] vfs_read+0xa3/0x150
[ 385.698691] SyS_read+0x45/0xb0
[ 385.698696] entry_SYSCALL_64_fastpath+0x1c/0xb1
[ 385.698701] RIP: 0033:0x7ff1c46876ed
[ 385.698705] RSP: 002b:
00007fff13552f90 EFLAGS:
00000293 ORIG_RAX:
0000000000000000
[ 385.698712] RAX:
ffffffffffffffda RBX:
ffffc90000647ff0 RCX:
00007ff1c46876ed
[ 385.698718] RDX:
0000000000000010 RSI:
00007fff13552fa0 RDI:
0000000000000005
[ 385.698723] RBP:
000056063d300580 R08:
0000000000000000 R09:
0000000000000060
[ 385.698729] R10:
0000000000000000 R11:
0000000000000293 R12:
0000000000000046
[ 385.698734] R13:
00007fff13552c6f R14:
00007ff1c6279d00 R15:
00007ff1c6279a40
Testcase: igt/perf_pmu
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20171122172621.16158-1-chris@chris-wilson.co.uk
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
(cherry picked from commit
ee48700dd57d9ce783ec40f035b324d0b75632e4)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Heiko Carstens [Wed, 6 Dec 2017 15:11:27 +0000 (16:11 +0100)]
s390: fix compat system call table
When wiring up the socket system calls the compat entries were
incorrectly set. Not all of them point to the corresponding compat
wrapper functions, which clear the upper 33 bits of user space
pointers, like it is required.
Fixes: 977108f89c989 ("s390: wire up separate socketcalls system calls")
Cc: <stable@vger.kernel.org> # v4.3+
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Linus Torvalds [Thu, 7 Dec 2017 02:33:17 +0000 (18:33 -0800)]
Merge tag 'for_linus-4.15-rc2' of git://git./linux/kernel/git/jwessel/kgdb
Pull kgdb fixes from Jason Wessel:
- Fix long standing problem with kdb kallsyms_symbol_next() return
value
- Add new co-maintainer Daniel Thompson
* tag 'for_linus-4.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/kgdb:
kgdb/kdb/debug_core: Add co-maintainer Daniel Thompson
kdb: Fix handling of kallsyms_symbol_next() return value
Linus Torvalds [Thu, 7 Dec 2017 02:23:27 +0000 (18:23 -0800)]
proc: show si_ptr in /proc/<pid>/timers without hashing
It's a user pointer, and while the permissions of the file are pretty
questionable (should it really be readable to everybody), hashing the
pointer isn't going to be the solution.
We should take a closer look at more of the /proc/<pid> file permissions
in general. Sure, we do want many of them to often be readable (for
'ps' and friends), but I think we should probably do a few conversions
from S_IRUGO to S_IRUSR.
Reported-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 7 Dec 2017 02:16:20 +0000 (18:16 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/gerg/m68knommu
Pull m68knommu fixes from Greg Ungerer:
"There are two fixes here. One to add a missing linker section to the
m68k architecture linker scripts, the other to fix a defconfig build
problem"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
m68k/defconfig: fix stmark2 broken local compilation
m68k: add missing SOFTIRQENTRY_TEXT linker section
Linus Torvalds [Thu, 7 Dec 2017 01:47:29 +0000 (17:47 -0800)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull misc x86 fixes from Ingo Molnar:
- make CR4 handling irq-safe, which bug vmware guests ran into
- don't crash on early IRQs in Xen guests
- don't crash secondary CPU bringup if #UD assisted WARN()ings are
triggered
- make X86_BUG_FXSAVE_LEAK optional on newer AMD CPUs that have the fix
- fix AMD Fam17h microcode loading
- fix broadcom_postcore_init() if ACPI is disabled
- fix resume regression in __restore_processor_context()
- fix Sparse warnings
- fix a GCC-8 warning
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/vdso: Change time() prototype to match __vdso_time()
x86: Fix Sparse warnings about non-static functions
x86/power: Fix some ordering bugs in __restore_processor_context()
x86/PCI: Make broadcom_postcore_init() check acpi_disabled
x86/microcode/AMD: Add support for fam17h microcode loading
x86/cpufeatures: Make X86_BUG_FXSAVE_LEAK detectable in CPUID on AMD
x86/idt: Load idt early in start_secondary
x86/xen: Support early interrupts in xen pv guests
x86/tlb: Disable interrupts when changing CR4
x86/tlb: Refactor CR4 setting and shadow write
Linus Torvalds [Thu, 7 Dec 2017 01:45:36 +0000 (17:45 -0800)]
Merge branch 'smp-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull CPU hotplug fix from Ingo Molnar:
"A single fix moving the smp-call queue flush step to the intended
point in the state machine"
* 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
Linus Torvalds [Thu, 7 Dec 2017 01:43:26 +0000 (17:43 -0800)]
Merge branch 'sched-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
"This includes a fix for the add_wait_queue() queue ordering brown
paperbag bug, plus PELT accounting fixes for cgroups scheduling
artifacts"
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/fair: Update and fix the runnable propagation rule
sched/wait: Fix add_wait_queue() behavioral change
Linus Torvalds [Thu, 7 Dec 2017 01:41:24 +0000 (17:41 -0800)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
"This includes perf namespace support kernel side fixes, plus an
accumulated set of perf tooling fixes - including UAPI header
synchronization that should make the perf build less noisy"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (31 commits)
tooling/headers: Synchronize updated s390 and x86 UAPI headers
tools headers: Syncronize mman.h ABI header
tools headers: Synchronize prctl.h ABI header
tools headers: Synchronize KVM arch ABI headers
tools headers: Synchronize drm/i915_drm.h
tools headers uapi: Synchronize drm/drm.h
tools headers: Synchronize perf_event.h header
tools headers: Synchronize kernel ABI headers wrt SPDX tags
tools/headers: Synchronize kernel x86 UAPI headers
perf intel-pt: Bring instruction decoder files into line with the kernel
perf test: Fix test 21 for s390x
perf bench numa: Fixup discontiguous/sparse numa nodes
perf top: Use signal interface for SIGWINCH handler
perf top: Fix window dimensions change handling
perf: Fix header.size for namespace events
perf top: Ignore kptr_restrict when not sampling the kernel
perf record: Ignore kptr_restrict when not sampling the kernel
perf report: Ignore kptr_restrict when not sampling the kernel
perf evlist: Add helper to check if attr.exclude_kernel is set in all evsels
perf test shell: Fix test case probe libc's inet_pton on s390x
...
Linus Torvalds [Thu, 7 Dec 2017 01:39:44 +0000 (17:39 -0800)]
Merge branch 'locking-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull lockdep fix from Ingo Molnar:
"Fix a possible NULL dereference for the (rare) case when a task
doesn't have ->xhlocks space allocated due to kmalloc() OOM-ing"
* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
locking/lockdep: Fix possible NULL deref
Inki Dae [Thu, 23 Nov 2017 09:27:57 +0000 (18:27 +0900)]
drm/exynos: remove unnecessary function declaration
Removed exynos_drm_get_dma_device funtion declaration on top
of exynos_drm_drv.c file.
We can remove this declaration by moving the implementation
of this function upwards.
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Inki Dae [Thu, 23 Nov 2017 09:32:06 +0000 (18:32 +0900)]
drm/exynos: remove unnecessary descrptions
Removed two descriptions to 'da_start' and 'da_space_size'
from exynos_drm_private structure.
These members don't exist anymore.
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Marek Szyprowski [Wed, 22 Nov 2017 13:14:47 +0000 (14:14 +0100)]
drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
When no IOMMU is available, all GEM buffers allocated by Exynos DRM driver
are contiguous, because of the underlying dma_alloc_attrs() function
provides only such buffers. In such case it makes no sense to keep
BO_NONCONTIG flag for the allocated GEM buffers. This allows to avoid
failures for buffer contiguity checks in the subsequent operations on GEM
objects.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
CC: stable@vger.kernel.org # v4.4+
Marek Szyprowski [Mon, 30 Oct 2017 07:28:09 +0000 (08:28 +0100)]
drm/exynos: Fix dma-buf import
When IOMMU support was enabled, dma-buf import in Exynos DRM was broken
since commit
f43c35966a5a ("drm/exynos: use real device for DMA-mapping
operations") due to using wrong struct device in drm_gem_prime_import()
function. This patch fixes following kernel BUG caused by incorrect buffer
mapping to DMA address space:
exynos-sysmmu
14650000.sysmmu:
14450000.mixer: PAGE FAULT occurred at 0xb2e00000
------------[ cut here ]------------
kernel BUG at drivers/iommu/exynos-iommu.c:449!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted
4.14.0-rc4-next-20171016-00033-g990d723669fd #3165
Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
task:
c0e0b7c0 task.stack:
c0e00000
PC is at exynos_sysmmu_irq+0x1d0/0x24c
LR is at exynos_sysmmu_irq+0x154/0x24c
------------[ cut here ]------------
Reported-by: Marian Mihailescu <mihailescu2m@gmail.com>
Fixes: f43c35966a5a ("drm/exynos: use real device for DMA-mapping operations")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Tobias Jakobi <tjakobi@math.uni-bielefeld.de>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Linus Torvalds [Wed, 6 Dec 2017 23:47:51 +0000 (15:47 -0800)]
Merge branch 'irq-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull irq fixes from Ingo Molnar:
"Two fixes: use bool type consistently, plus a irq_matrix_available()
bugfix"
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
irqdesc: Use bool return type instead of int
genirq/matrix: Fix the precedence fix for real
Linus Torvalds [Wed, 6 Dec 2017 23:20:51 +0000 (15:20 -0800)]
Merge branch 'efi-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull EFI fixes from Ingo Molnar:
"Misc fixes: world-readable pointer removal from sysfs, a ESRT kfree()
bug fix and a comment update"
* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
efi: Add comment to avoid future expanding of sysfs systab
efi/esrt: Use memunmap() instead of kfree() to free the remapping
efi: Move some sysfs files to be read-only by root
Linus Torvalds [Wed, 6 Dec 2017 22:53:32 +0000 (14:53 -0800)]
Merge branch 'core-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull core fixes from Ingo Molnar:
"Two fixes:
- objtool cross-build fixes
- removal of an obsolete CPU-hotplug state name from comments"
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
objtool: Fix 64-bit build on 32-bit host
cpu/hotplug: Fix state name in takedown_cpu() comment
Dave Airlie [Wed, 6 Dec 2017 22:29:26 +0000 (08:29 +1000)]
Merge tag 'drm-misc-fixes-2017-12-06' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
Just the connector_iter corner-case regression fix.
* tag 'drm-misc-fixes-2017-12-06' of git://anongit.freedesktop.org/drm/drm-misc:
drm: safely free connectors from connector_iter
Jason Wessel [Tue, 5 Dec 2017 19:26:27 +0000 (13:26 -0600)]
kgdb/kdb/debug_core: Add co-maintainer Daniel Thompson
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Daniel Thompson [Mon, 2 Mar 2015 14:13:36 +0000 (14:13 +0000)]
kdb: Fix handling of kallsyms_symbol_next() return value
kallsyms_symbol_next() returns a boolean (true on success). Currently
kdb_read() tests the return value with an inequality that
unconditionally evaluates to true.
This is fixed in the obvious way and, since the conditional branch is
supposed to be unreachable, we also add a WARN_ON().
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Geert Uytterhoeven [Tue, 5 Dec 2017 15:27:03 +0000 (16:27 +0100)]
of: overlay: Fix (un)locking in of_overlay_apply()
The special overlay mutex is taken first, hence it should be released
last in the error path.
of_resolve_phandles() must be called with of_mutex held. Without it, a
node and new phandle could be added via of_attach_node(), making the max
phandle wrong.
free_overlay_changeset() must be called with of_mutex held, if any
non-trivial cleanup is to be done.
Hence move "mutex_lock(&of_mutex)" up, as suggested by Frank, and merge
the two tail statements of the success and error paths, now they became
identical.
Note that while the two mutexes are adjacent, we still need both:
__of_changeset_apply_notify(), which is called by __of_changeset_apply()
unlocks of_mutex, then does notifications then locks of_mutex. So the
mutex get released in the middle of of_overlay_apply()
Fixes: f948d6d8b792bb90 ("of: overlay: avoid race condition between applying multiple overlays")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Geert Uytterhoeven [Tue, 5 Dec 2017 15:27:02 +0000 (16:27 +0100)]
of: overlay: Fix memory leak in of_overlay_apply() error path
If of_resolve_phandles() fails, free_overlay_changeset() is called in
the error path. However, that function returns early if the list hasn't
been initialized yet, before freeing the object.
Explicitly calling kfree() instead would solve that issue. However, that
complicates matter, by having to consider which of two different methods
to use to dispose of the same object.
Hence make free_overlay_changeset() consider initialization state of the
different parts of the object, making it always safe to call (once!) to
dispose of a (partially) initialized overlay_changeset:
- Only destroy the changeset if the list was initialized,
- Make init_overlay_changeset() store the ID in ovcs->id on success,
to avoid calling idr_remove() with an error value or an already
released ID.
Reported-by: Colin King <colin.king@canonical.com>
Fixes: f948d6d8b792bb90 ("of: overlay: avoid race condition between applying multiple overlays")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Ingo Molnar [Wed, 6 Dec 2017 21:41:53 +0000 (22:41 +0100)]
tooling/headers: Synchronize updated s390 and x86 UAPI headers
There were two trivial updates to these upstream UAPI headers:
arch/s390/include/uapi/asm/kvm.h
arch/s390/include/uapi/asm/kvm_perf.h
arch/x86/lib/x86-opcode-map.txt
Synchronize them with their tooling copies.
(The x86 opcode map includes a new instruction pattern now.)
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Ingo Molnar [Wed, 6 Dec 2017 21:39:39 +0000 (22:39 +0100)]
Merge branch 'linus' into perf/urgent, to synchronize UAPI headers
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Mikulas Patocka [Sat, 2 Dec 2017 22:17:44 +0000 (16:17 -0600)]
objtool: Fix 64-bit build on 32-bit host
The new ORC unwinder breaks the build of a 64-bit kernel on a 32-bit
host. Building the kernel on a i386 or x32 host fails with:
orc_dump.c: In function 'orc_dump':
orc_dump.c:105:26: error: passing argument 2 of 'elf_getshdrnum' from incompatible pointer type [-Werror=incompatible-pointer-types]
if (elf_getshdrnum(elf, &nr_sections)) {
^
In file included from /usr/local/include/gelf.h:32:0,
from elf.h:22,
from warn.h:26,
from orc_dump.c:20:
/usr/local/include/libelf.h:304:12: note: expected 'size_t * {aka unsigned int *}' but argument is of type 'long unsigned int *'
extern int elf_getshdrnum (Elf *__elf, size_t *__dst);
^~~~~~~~~~~~~~
orc_dump.c:190:17: error: format '%lx' expects argument of type 'long unsigned int', but argument 3 has type 'Elf64_Sxword {aka long long int}' [-Werror=format=]
printf("%s+%lx:", name, rela.r_addend);
~~^ ~~~~~~~~~~~~~
%llx
Fix the build failure.
Another problem is that if the user specifies HOSTCC or HOSTLD
variables, they are ignored in the objtool makefile. Change the
Makefile to respect these variables.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sven Joachim <svenjoac@gmx.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 627fce14809b ("objtool: Add ORC unwind table generation")
Link: http://lkml.kernel.org/r/19f0e64d8e07e30a7b307cd010eb780c404fe08d.1512252895.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Geert Uytterhoeven [Thu, 30 Nov 2017 13:29:46 +0000 (14:29 +0100)]
dt-bindings: eeprom: at25: Document device-specific compatible values
Document the recommended presence of a device-specific compatible value,
and list examples that are already in use or soon will be.
This will allow checkpatch to validate compatible values in DTS.
Update the example to match current best practices (generic node name,
specific compatible value first).
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Rob Herring <robh@kernel.org>
Geert Uytterhoeven [Thu, 30 Nov 2017 13:29:45 +0000 (14:29 +0100)]
dt-bindings: eeprom: at25: Grammar s/are can/can/
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Rob Herring <robh@kernel.org>
Mathieu Malaterre [Wed, 29 Nov 2017 20:55:15 +0000 (21:55 +0100)]
dt-bindings: Remove leading 0x from bindings notation
Improve the binding example by removing all the leading 0x to fix the
following dtc warnings:
Warning (unit_address_format): Node /XXX unit name should not have leading "0x"
Converted using the following command:
find Documentation/devicetree/bindings -name "*.txt" -exec sed -i -e 's/([^ ])\@0x([0-9a-f])/$1\@$2/g' {} +
This is a follow up to commit
48c926cd3414
Signed-off-by: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Geert Uytterhoeven [Tue, 28 Nov 2017 08:26:33 +0000 (09:26 +0100)]
of: overlay: Remove else after goto
If an "if" branch is terminated by a "goto", there's no need to have an
"else" statement and an indented block of code.
Remove the "else" statement to simplify the code flow for the casual
reviewer.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Rob Herring <robh@kernel.org>
Geert Uytterhoeven [Tue, 28 Nov 2017 08:25:23 +0000 (09:25 +0100)]
of: Spelling s/changset/changeset/
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Rob Herring <robh@kernel.org>
Geert Uytterhoeven [Mon, 27 Nov 2017 14:46:27 +0000 (15:46 +0100)]
of: unittest: Remove bogus overlay mutex release from overlay_data_add()
overlay_data_add() never takes the special overlay mutex, so it must not
be released in the error patch.
Presumably the call to of_overlay_mutex_unlock() is a relic from v1 of
the patch.
Fixes: f948d6d8b792bb90 ("of: overlay: avoid race condition between applying multiple overlays")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Arnd Bergmann [Mon, 4 Dec 2017 15:01:55 +0000 (16:01 +0100)]
x86/vdso: Change time() prototype to match __vdso_time()
gcc-8 warns that time() is an alias for __vdso_time() but the two
have different prototypes:
arch/x86/entry/vdso/vclock_gettime.c:327:5: error: 'time' alias between functions of incompatible types 'int(time_t *)' {aka 'int(long int *)'} and 'time_t(time_t *)' {aka 'long int(long int *)'} [-Werror=attribute-alias]
int time(time_t *t)
^~~~
arch/x86/entry/vdso/vclock_gettime.c:318:16: note: aliased declaration here
I could not figure out whether this is intentional, but I see that
changing it to return time_t avoids the warning.
Returning 'int' from time() is also a bit questionable, as it causes an
overflow in y2038 even on 64-bit architectures that use a 64-bit time_t
type. On 32-bit architecture with 64-bit time_t, time() should always
be implement by the C library by calling a (to be added) clock_gettime()
variant that takes a sufficiently wide argument.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Link: http://lkml.kernel.org/r/20171204150203.852959-1-arnd@arndb.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Dave Airlie [Wed, 6 Dec 2017 20:27:13 +0000 (06:27 +1000)]
Merge branch 'drm-fixes-4.15' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
ttm and license fixes
* 'drm-fixes-4.15' of git://people.freedesktop.org/~agd5f/linux:
drm/ttm: swap consecutive allocated pooled pages v4
drm/ttm: swap consecutive allocated cached pages v3
drm/ttm: roundup the shrink request to prevent skip huge pool
drm/ttm: add page order support in ttm_pages_put
drm/ttm: add set_pages_wb for handling page order more than zero
drm/ttm: add page order in page pool
drm/ttm: use NUM_PAGES_TO_ALLOC always
drm/amdgpu: add license to files where it was missing
drm/amdgpu: add license to Makefiles
Dave Martin [Wed, 6 Dec 2017 16:45:47 +0000 (16:45 +0000)]
arm64/sve: Avoid dereference of dead task_struct in KVM guest entry
When deciding whether to invalidate FPSIMD state cached in the cpu,
the backend function sve_flush_cpu_state() attempts to dereference
__this_cpu_read(fpsimd_last_state). However, this is not safe:
there is no guarantee that this task_struct pointer is still valid,
because the task could have exited in the meantime.
This means that we need another means to get the appropriate value
of TIF_SVE for the associated task.
This patch solves this issue by adding a cached copy of the TIF_SVE
flag in fpsimd_last_state, which we can check without dereferencing
the task pointer.
In particular, although this patch is not a KVM fix per se, this
means that this check is now done safely in the KVM world switch
path (which is currently the only user of this code).
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Christoffer Dall <christoffer.dall@linaro.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Linus Torvalds [Wed, 6 Dec 2017 18:53:02 +0000 (10:53 -0800)]
Merge tag 'iommu-v4.15-rc3' of git://github.com/awilliam/linux-vfio
Pull IOMMU fix from Alex Williamson:
"Fix VT-d handling of scatterlists where sg->offset exceeds PAGE_SIZE"
* tag 'iommu-v4.15-rc3' of git://github.com/awilliam/linux-vfio:
iommu/vt-d: Fix scatterlist offset handling
Linus Torvalds [Wed, 6 Dec 2017 18:49:14 +0000 (10:49 -0800)]
Merge tag 'sound-4.15-rc3' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"All fixes are small and for stable:
- a PCM ioctl race fix
- yet another USB-audio hardening for malicious descriptors
- Realtek ALC257 codec support"
* tag 'sound-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: pcm: prevent UAF in snd_pcm_info
ALSA: hda/realtek - New codec support for ALC257
ALSA: usb-audio: Add check return value for usb_string()
ALSA: usb-audio: Fix out-of-bound error
ALSA: seq: Remove spurious WARN_ON() at timer check
Colin Ian King [Wed, 6 Dec 2017 17:33:58 +0000 (17:33 +0000)]
x86: Fix Sparse warnings about non-static functions
Functions x86_vector_debug_show(), uv_handle_nmi() and uv_nmi_setup_common()
are local to the source and do not need to be in global scope, so make them
static.
Fixes up various sparse warnings.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Mike Travis <mike.travis@hpe.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jiri Kosina <trivial@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Russ Anderson <russ.anderson@hpe.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: kernel-janitors@vger.kernel.org
Cc: travis@sgi.com
Link: http://lkml.kernel.org/r/20171206173358.24388-1-colin.king@canonical.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Dave Young [Wed, 6 Dec 2017 09:50:10 +0000 (09:50 +0000)]
efi: Add comment to avoid future expanding of sysfs systab
/sys/firmware/efi/systab shows several different values, it breaks sysfs
one file one value design. But since there are already userspace tools
depend on it eg. kexec-tools so add code comment to alert future expanding
of this file.
Signed-off-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20171206095010.24170-4-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Pan Bian [Wed, 6 Dec 2017 09:50:09 +0000 (09:50 +0000)]
efi/esrt: Use memunmap() instead of kfree() to free the remapping
The remapping result of memremap() should be freed with memunmap(), not kfree().
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: <stable@vger.kernel.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20171206095010.24170-3-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Greg Kroah-Hartman [Wed, 6 Dec 2017 09:50:08 +0000 (09:50 +0000)]
efi: Move some sysfs files to be read-only by root
Thanks to the scripts/leaking_addresses.pl script, it was found that
some EFI values should not be readable by non-root users.
So make them root-only, and to do that, add a __ATTR_RO_MODE() macro to
make this easier, and use it in other places at the same time.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Tested-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Cc: stable <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20171206095010.24170-2-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Vincent Guittot [Thu, 16 Nov 2017 14:21:52 +0000 (15:21 +0100)]
sched/fair: Update and fix the runnable propagation rule
Unlike running, the runnable part can't be directly propagated through
the hierarchy when we migrate a task. The main reason is that runnable
time can be shared with other sched_entities that stay on the rq and
this runnable time will also remain on prev cfs_rq and must not be
removed.
Instead, we can estimate what should be the new runnable of the prev
cfs_rq and check that this estimation stay in a possible range. The
prop_runnable_sum is a good estimation when adding runnable_sum but
fails most often when we remove it. Instead, we could use the formula
below instead:
gcfs_rq's runnable_sum = gcfs_rq->avg.load_sum / gcfs_rq->load.weight
which assumes that tasks are equally runnable which is not true but
easy to compute.
Beside these estimates, we have several simple rules that help us to filter
out wrong ones:
- ge->avg.runnable_sum <= than LOAD_AVG_MAX
- ge->avg.runnable_sum >= ge->avg.running_sum (ge->avg.util_sum << LOAD_AVG_MAX)
- ge->avg.runnable_sum can't increase when we detach a task
The effect of these fixes is better cgroups balancing.
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Ben Segall <bsegall@google.com>
Cc: Chris Mason <clm@fb.com>
Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: Josef Bacik <josef@toxicpanda.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Morten Rasmussen <morten.rasmussen@arm.com>
Cc: Paul Turner <pjt@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yuyang Du <yuyang.du@intel.com>
Link: http://lkml.kernel.org/r/1510842112-21028-1-git-send-email-vincent.guittot@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Omar Sandoval [Wed, 6 Dec 2017 07:15:31 +0000 (23:15 -0800)]
sched/wait: Fix add_wait_queue() behavioral change
The following cleanup commit:
50816c48997a ("sched/wait: Standardize internal naming of wait-queue entries")
... unintentionally changed the behavior of add_wait_queue() from
inserting the wait entry at the head of the wait queue to the tail
of the wait queue.
Beyond a negative performance impact this change in behavior
theoretically also breaks wait queues which mix exclusive and
non-exclusive waiters, as non-exclusive waiters will not be
woken up if they are queued behind enough exclusive waiters.
Signed-off-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: kernel-team@fb.com
Fixes: ("sched/wait: Standardize internal naming of wait-queue entries")
Link: http://lkml.kernel.org/r/a16c8ccffd39bd08fdaa45a5192294c784b803a7.1512544324.git.osandov@fb.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Peter Zijlstra [Wed, 6 Dec 2017 16:32:47 +0000 (17:32 +0100)]
locking/lockdep: Fix possible NULL deref
We can't invalidate xhlocks when we've not yet allocated any.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Fixes: f52be5708076 ("locking/lockdep: Untangle xhlock history save/restore from task independence")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Brendan Jackman [Wed, 6 Dec 2017 10:59:11 +0000 (10:59 +0000)]
cpu/hotplug: Fix state name in takedown_cpu() comment
CPUHP_AP_SCHED_MIGRATE_DYING doesn't exist, it looks like this was
supposed to refer to CPUHP_AP_SCHED_STARTING's teardown callback,
i.e. sched_cpu_dying().
Signed-off-by: Brendan Jackman <brendan.jackman@arm.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Perret <quentin.perret@arm.com>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20171206105911.28093-1-brendan.jackman@arm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Will Deacon [Wed, 6 Dec 2017 10:51:12 +0000 (10:51 +0000)]
arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
enter_lazy_tlb is called when a kernel thread rides on the back of
another mm, due to a context switch or an explicit call to unuse_mm
where a call to switch_mm is elided.
In these cases, it's important to keep the saved ttbr value up to date
with the active mm, otherwise we can end up with a stale value which
points to a potentially freed page table.
This patch implements enter_lazy_tlb for arm64, so that the saved ttbr0
is kept up-to-date with the active mm for kernel threads.
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Vinayak Menon <vinmenon@codeaurora.org>
Cc: <stable@vger.kernel.org>
Fixes: 39bc88e5e38e9b21 ("arm64: Disable TTBR0_EL1 during normal kernel execution")
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Reported-by: Vinayak Menon <vinmenon@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Will Deacon [Wed, 6 Dec 2017 10:42:10 +0000 (10:42 +0000)]
arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
update_saved_ttbr0 mandates that mm->pgd is not swapper, since swapper
contains kernel mappings and should never be installed into ttbr0. However,
this means that callers must avoid passing the init_mm to update_saved_ttbr0
which in turn can cause the saved ttbr0 value to be out-of-date in the context
of the idle thread. For example, EFI runtime services may leave the saved ttbr0
pointing at the EFI page table, and kernel threads may end up with stale
references to freed page tables.
This patch changes update_saved_ttbr0 so that the init_mm points the saved
ttbr0 value to the empty zero page, which always exists and never contains
valid translations. EFI and switch can then call into update_saved_ttbr0
unconditionally.
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Vinayak Menon <vinmenon@codeaurora.org>
Cc: <stable@vger.kernel.org>
Fixes: 39bc88e5e38e9b21 ("arm64: Disable TTBR0_EL1 during normal kernel execution")
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Reported-by: Vinayak Menon <vinmenon@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Dave Martin [Wed, 6 Dec 2017 16:45:46 +0000 (16:45 +0000)]
arm64: fpsimd: Abstract out binding of task's fpsimd context to the cpu.
There is currently some duplicate logic to associate current's
FPSIMD context with the cpu when loading FPSIMD state into the cpu
regs.
Subsequent patches will update that logic, so in order to ensure it
only needs to be done in one place, this patch factors the relevant
code out into a new function fpsimd_bind_to_cpu().
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Dave Martin [Tue, 5 Dec 2017 14:56:42 +0000 (14:56 +0000)]
arm64: fpsimd: Prevent registers leaking from dead tasks
Currently, loading of a task's fpsimd state into the CPU registers
is skipped if that task's state is already present in the registers
of that CPU.
However, the code relies on the struct fpsimd_state * (and by
extension struct task_struct *) to unambiguously identify a task.
There is a particular case in which this doesn't work reliably:
when a task exits, its task_struct may be recycled to describe a
new task.
Consider the following scenario:
1) Task P loads its fpsimd state onto cpu C.
per_cpu(fpsimd_last_state, C) := P;
P->thread.fpsimd_state.cpu := C;
2) Task X is scheduled onto C and loads its fpsimd state on C.
per_cpu(fpsimd_last_state, C) := X;
X->thread.fpsimd_state.cpu := C;
3) X exits, causing X's task_struct to be freed.
4) P forks a new child T, which obtains X's recycled task_struct.
T == X.
T->thread.fpsimd_state.cpu == C (inherited from P).
5) T is scheduled on C.
T's fpsimd state is not loaded, because
per_cpu(fpsimd_last_state, C) == T (== X) &&
T->thread.fpsimd_state.cpu == C.
(This is the check performed by fpsimd_thread_switch().)
So, T gets X's registers because the last registers loaded onto C
were those of X, in (2).
This patch fixes the problem by ensuring that the sched-in check
fails in (5): fpsimd_flush_task_state(T) is called when T is
forked, so that T->thread.fpsimd_state.cpu == C cannot be true.
This relies on the fact that T is not schedulable until after
copy_thread() completes.
Once T's fpsimd state has been loaded on some CPU C there may still
be other cpus D for which per_cpu(fpsimd_last_state, D) ==
&X->thread.fpsimd_state. But D is necessarily != C in this case,
and the check in (5) must fail.
An alternative fix would be to do refcounting on task_struct. This
would result in each CPU holding a reference to the last task whose
fpsimd state was loaded there. It's not clear whether this is
preferable, and it involves higher overhead than the fix proposed
in this patch. It would also move all the task_struct freeing
work into the context switch critical section, or otherwise some
deferred cleanup mechanism would need to be introduced, neither of
which seems obviously justified.
Cc: <stable@vger.kernel.org>
Fixes: 005f78cd8849 ("arm64: defer reloading a task's FPSIMD state to userland resume")
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
[will: word-smithed the comment so it makes more sense]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Dan Carpenter [Tue, 5 Dec 2017 14:38:54 +0000 (17:38 +0300)]
xen/pvcalls: Fix a check in pvcalls_front_remove()
bedata->ref can't be less than zero because it's unsigned. This affects
certain error paths in probe. We first set ->ref = -1 and then we set
it to a valid value later.
Fixes: 219681909913 ("xen/pvcalls: connect to the backend")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Dan Carpenter [Tue, 5 Dec 2017 14:38:43 +0000 (17:38 +0300)]
xen/pvcalls: check for xenbus_read() errors
Smatch complains that "len" is uninitialized if xenbus_read() fails so
let's add some error handling.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Christian König [Mon, 4 Dec 2017 10:26:14 +0000 (11:26 +0100)]
drm/ttm: swap consecutive allocated pooled pages v4
When we detect consecutive allocation of pages swap them to avoid
accidentally freeing them as huge page.
v2: use swap
v3: check if it's really the first allocated page
v4: don't touch the loop variable
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Roger He <Hongbo.He@amd.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Tested-by: Dieter Nützel <Dieter@nuetzel-hh.de>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Michael Ellerman [Wed, 6 Dec 2017 12:23:28 +0000 (23:23 +1100)]
powerpc/xmon: Don't print hashed pointers in xmon
Since commit
ad67b74d2469 ("printk: hash addresses printed with %p")
pointers printed with %p are hashed, ie. you don't see the actual
pointer value but rather a cryptographic hash of its value.
In xmon we want to see the actual pointer values, because xmon is a
debugger, so replace %p with %px which prints the actual pointer
value.
We justify doing this in xmon because 1) xmon is a kernel crash
debugger, it's only accessible via the console 2) xmon doesn't print
to dmesg, so the pointers it prints are not able to be leaked that
way.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Nicholas Piggin [Wed, 6 Dec 2017 08:21:14 +0000 (18:21 +1000)]
powerpc/64s: Initialize ISAv3 MMU registers before setting partition table
kexec can leave MMU registers set when booting into a new kernel,
the PIDR (Process Identification Register) in particular. The boot
sequence does not zero PIDR, so it only gets set when CPUs first
switch to a userspace processes (until then it's running a kernel
thread with effective PID = 0).
This leaves a window where a process table entry and page tables are
set up due to user processes running on other CPUs, that happen to
match with a stale PID. The CPU with that PID may cause speculative
accesses that address quadrant 0 (aka userspace addresses), which will
result in cached translations and PWC (Page Walk Cache) for that
process, on a CPU which is not in the mm_cpumask and so they will not
be invalidated properly.
The most common result is the kernel hanging in infinite page fault
loops soon after kexec (usually in schedule_tail, which is usually the
first non-speculative quadrant 0 access to a new PID) due to a stale
PWC. However being a stale translation error, it could result in
anything up to security and data corruption problems.
Fix this by zeroing out PIDR at boot and kexec.
Fixes: 7e381c0ff618 ("powerpc/mm/radix: Add mmu context handling callback for radix")
Cc: stable@vger.kernel.org # v4.7+
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Andy Lutomirski [Thu, 30 Nov 2017 15:57:57 +0000 (07:57 -0800)]
x86/power: Fix some ordering bugs in __restore_processor_context()
__restore_processor_context() had a couple of ordering bugs. It
restored GSBASE after calling load_gs_index(), and the latter can
call into tracing code. It also tried to restore segment registers
before restoring the LDT, which is straight-up wrong.
Reorder the code so that we restore GSBASE, then the descriptor
tables, then the segments.
This fixes two bugs. First, it fixes a regression that broke resume
under certain configurations due to irqflag tracing in
native_load_gs_index(). Second, it fixes resume when the userspace
process that initiated suspect had funny segments. The latter can be
reproduced by compiling this:
// SPDX-License-Identifier: GPL-2.0
/*
* ldt_echo.c - Echo argv[1] while using an LDT segment
*/
int main(int argc, char **argv)
{
int ret;
size_t len;
char *buf;
const struct user_desc desc = {
.entry_number = 0,
.base_addr = 0,
.limit = 0xfffff,
.seg_32bit = 1,
.contents = 0, /* Data, grow-up */
.read_exec_only = 0,
.limit_in_pages = 1,
.seg_not_present = 0,
.useable = 0
};
if (argc != 2)
errx(1, "Usage: %s STRING", argv[0]);
len = asprintf(&buf, "%s\n", argv[1]);
if (len < 0)
errx(1, "Out of memory");
ret = syscall(SYS_modify_ldt, 1, &desc, sizeof(desc));
if (ret < -1)
errno = -ret;
if (ret)
err(1, "modify_ldt");
asm volatile ("movw %0, %%es" :: "rm" ((unsigned short)7));
write(1, buf, len);
return 0;
}
and running ldt_echo >/sys/power/mem
Without the fix, the latter causes a triple fault on resume.
Fixes: ca37e57bbe0c ("x86/entry/64: Add missing irqflags tracing to native_load_gs_index()")
Reported-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lkml.kernel.org/r/6b31721ea92f51ea839e79bd97ade4a75b1eeea2.1512057304.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Rafael J. Wysocki [Fri, 1 Dec 2017 14:08:12 +0000 (15:08 +0100)]
x86/PCI: Make broadcom_postcore_init() check acpi_disabled
acpi_os_get_root_pointer() may return a valid address even if acpi_disabled
is set, but the host bridge information from the ACPI tables is not going
to be used in that case and the Broadcom host bridge initialization should
not be skipped then, So make broadcom_postcore_init() check acpi_disabled
too to avoid this issue.
Fixes: 6361d72b04d1 (x86/PCI: read Broadcom CNB20LE host bridge info before PCI scan)
Reported-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Linux PCI <linux-pci@vger.kernel.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/3186627.pxZj1QbYNg@aspire.rjw.lan
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tom Lendacky [Thu, 30 Nov 2017 22:46:40 +0000 (16:46 -0600)]
x86/microcode/AMD: Add support for fam17h microcode loading
The size for the Microcode Patch Block (MPB) for an AMD family 17h
processor is 3200 bytes. Add a #define for fam17h so that it does
not default to 2048 bytes and fail a microcode load/update.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@alien8.de>
Link: https://lkml.kernel.org/r/20171130224640.15391.40247.stgit@tlendack-t1.amdoffice.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Rudolf Marek [Tue, 28 Nov 2017 21:01:06 +0000 (22:01 +0100)]
x86/cpufeatures: Make X86_BUG_FXSAVE_LEAK detectable in CPUID on AMD
The latest AMD AMD64 Architecture Programmer's Manual
adds a CPUID feature XSaveErPtr (CPUID_Fn80000008_EBX[2]).
If this feature is set, the FXSAVE, XSAVE, FXSAVEOPT, XSAVEC, XSAVES
/ FXRSTOR, XRSTOR, XRSTORS always save/restore error pointers,
thus making the X86_BUG_FXSAVE_LEAK workaround obsolete on such CPUs.
Signed-off-by: Rudolf Marek <r.marek@assembler.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Tested-by: Borislav Petkov <bp@suse.de>
Cc: Andy Lutomirski <luto@amacapital.net>
Link: https://lkml.kernel.org/r/bdcebe90-62c5-1f05-083c-eba7f08b2540@assembler.cz
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Daniel Vetter [Mon, 4 Dec 2017 20:48:18 +0000 (21:48 +0100)]
drm: safely free connectors from connector_iter
In
commit
613051dac40da1751ab269572766d3348d45a197
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Wed Dec 14 00:08:06 2016 +0100
drm: locking&new iterators for connector_list
we've went to extreme lengths to make sure connector iterations works
in any context, without introducing any additional locking context.
This worked, except for a small fumble in the implementation:
When we actually race with a concurrent connector unplug event, and
our temporary connector reference turns out to be the final one, then
everything breaks: We call the connector release function from
whatever context we happen to be in, which can be an irq/atomic
context. And connector freeing grabs all kinds of locks and stuff.
Fix this by creating a specially safe put function for connetor_iter,
which (in this rare case) punts the cleanup to a worker.
Reported-by: Ben Widawsky <ben@bwidawsk.net>
Cc: Ben Widawsky <ben@bwidawsk.net>
Fixes: 613051dac40d ("drm: locking&new iterators for connector_list")
Cc: Dave Airlie <airlied@gmail.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Sean Paul <seanpaul@chromium.org>
Cc: <stable@vger.kernel.org> # v4.11+
Reviewed-by: Dave Airlie <airlied@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20171204204818.24745-1-daniel.vetter@ffwll.ch
Zhenyu Wang [Mon, 4 Dec 2017 02:42:58 +0000 (10:42 +0800)]
drm/i915/gvt: set max priority for gvt context
This is to workaround guest driver hang regression after
preemption enable that gvt hasn't enabled handling of that
for guest workload. So in effect this disables preemption
for gvt context now.
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
(cherry picked from commit
1603660b3342269c95fcafee1945790342a8c28e)
Zhenyu Wang [Fri, 1 Dec 2017 06:59:53 +0000 (14:59 +0800)]
drm/i915/gvt: Don't mark vgpu context as inactive when preempted
We shouldn't mark inactive for vGPU context if preempted,
which would still be re-scheduled later. So keep active state.
Fixes: d6c0511300dc ("drm/i915/execlists: Distinguish the incomplete context notifies")
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
(cherry picked from commit
da5f99eaccc10e30bf82eb02b1be74703b878720)
Xiong Zhang [Mon, 6 Nov 2017 21:23:02 +0000 (05:23 +0800)]
drm/i915/gvt: Limit read hw reg to active vgpu
mmio_read_from_hw() let vgpu could read hw reg, if vgpu's workload
is running on hw, things is good. Otherwise vgpu will get other
vgpu's reg val, it is unsafe.
This patch limit such hw access to active vgpu. If vgpu isn't
running on hw, the reg read of this vgpu will get the last active
val which saved at schedule_out.
v2: ring timestamp is walking continuously even if the ring is idle.
so read hw directly. (Zhenyu)
Signed-off-by: Xiong Zhang <xiong.y.zhang@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
(cherry picked from commit
295764cd2ff41e2c1bc8af4050de77cec5e7a1c0)
Zhi Wang [Sat, 30 Sep 2017 09:42:20 +0000 (17:42 +0800)]
drm/i915/gvt: Export intel_gvt_render_mmio_to_ring_id()
Since many emulation logic needs to convert the offset of ring registers
into ring id, we export it for other caller which might need it.
Signed-off-by: Zhi Wang <zhi.a.wang@intel.com>
(cherry picked from commit
62a6a53786fc4b4e7543cc63b704dbb3f7df4c0f)
Changbin Du [Thu, 2 Nov 2017 05:33:42 +0000 (13:33 +0800)]
drm/i915/gvt: Emulate PCI expansion ROM base address register
Our vGPU doesn't have a device ROM, we need follow the PCI spec to
report this info to drivers. Otherwise, we would see below errors.
Inspecting possible rom at 0xfe049000 (vd=8086:1912 bdf=00:10.0)
qemu-system-x86_64: vfio-pci: Cannot read device rom at
00000000-0000-0000-0000-
000000000001
Device option ROM contents are probably invalid (check dmesg).
Skip option ROM probe with rombar=0, or load from file with romfile=No option rom signature (got 4860)
I will also send a improvement patch to PCI subsystem related to PCI ROM.
But no idea to omit below error, since no pattern to detect vbios shadow
without touch its content.
0000:00:10.0: Invalid PCI ROM header signature: expecting 0xaa55, got 0x0000
Signed-off-by: Changbin Du <changbin.du@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
(cherry picked from commit
c4270d122ccff963a021d1beb893d6192336af96)
Linus Torvalds [Wed, 6 Dec 2017 01:59:29 +0000 (17:59 -0800)]
x86: don't hash faulting address in oops printout
Things like this will probably keep showing up for other architectures
and other special cases.
I actually thought we already used %lx for this, and that is indeed
_historically_ the case, but we moved to %p when merging the 32-bit and
64-bit cases as a convenient way to get the formatting right (ie
automatically picking "%08lx" vs "%016lx" based on register size).
So just turn this %p into %px.
Reported-by: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Kees Cook [Tue, 5 Dec 2017 01:24:54 +0000 (17:24 -0800)]
locking/refcounts: Do not force refcount_t usage as GPL-only export
The refcount_t protection on x86 was not intended to use the stricter
GPL export. This adjusts the linkage again to avoid a regression in
the availability of the refcount API.
Reported-by: Dave Airlie <airlied@gmail.com>
Fixes: 7a46ec0e2f48 ("locking/refcounts, x86/asm: Implement fast refcount overflow protection")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Robb Glasser [Tue, 5 Dec 2017 17:16:55 +0000 (09:16 -0800)]
ALSA: pcm: prevent UAF in snd_pcm_info
When the device descriptor is closed, the `substream->runtime` pointer
is freed. But another thread may be in the ioctl handler, case
SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which
calls snd_pcm_info() which accesses the now freed `substream->runtime`.
Note: this fixes CVE-2017-0861
Signed-off-by: Robb Glasser <rglasser@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
George Cherian [Mon, 4 Dec 2017 14:06:54 +0000 (14:06 +0000)]
ACPI / CPPC: Fix KASAN global out of bounds warning
Default value of pcc_subspace_idx is -1.
Make sure to check pcc_subspace_idx before using the same as array index.
This will avoid following KASAN warnings too.
[ 15.113449] ==================================================================
[ 15.116983] BUG: KASAN: global-out-of-bounds in cppc_get_perf_caps+0xf3/0x3b0
[ 15.116983] Read of size 8 at addr
ffffffffb9a5c0d8 by task swapper/0/1
[ 15.116983] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 4.15.0-rc2+ #2
[ 15.116983] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016
[ 15.116983] Call Trace:
[ 15.116983] dump_stack+0x7c/0xbb
[ 15.116983] print_address_description+0x1df/0x290
[ 15.116983] kasan_report+0x28a/0x370
[ 15.116983] ? cppc_get_perf_caps+0xf3/0x3b0
[ 15.116983] cppc_get_perf_caps+0xf3/0x3b0
[ 15.116983] ? cpc_read+0x210/0x210
[ 15.116983] ? __rdmsr_on_cpu+0x90/0x90
[ 15.116983] ? rdmsrl_on_cpu+0xa9/0xe0
[ 15.116983] ? rdmsr_on_cpu+0x100/0x100
[ 15.116983] ? wrmsrl_on_cpu+0x9c/0xd0
[ 15.116983] ? wrmsrl_on_cpu+0x9c/0xd0
[ 15.116983] ? wrmsr_on_cpu+0xe0/0xe0
[ 15.116983] __intel_pstate_cpu_init.part.16+0x3a2/0x530
[ 15.116983] ? intel_pstate_init_cpu+0x197/0x390
[ 15.116983] ? show_no_turbo+0xe0/0xe0
[ 15.116983] ? __lockdep_init_map+0xa0/0x290
[ 15.116983] intel_pstate_cpu_init+0x30/0x60
[ 15.116983] cpufreq_online+0x155/0xac0
[ 15.116983] cpufreq_add_dev+0x9b/0xb0
[ 15.116983] subsys_interface_register+0x1ae/0x290
[ 15.116983] ? bus_unregister_notifier+0x40/0x40
[ 15.116983] ? mark_held_locks+0x83/0xb0
[ 15.116983] ? _raw_write_unlock_irqrestore+0x32/0x60
[ 15.116983] ? intel_pstate_setup+0xc/0x104
[ 15.116983] ? intel_pstate_setup+0xc/0x104
[ 15.116983] ? cpufreq_register_driver+0x1ce/0x2b0
[ 15.116983] cpufreq_register_driver+0x1ce/0x2b0
[ 15.116983] ? intel_pstate_setup+0x104/0x104
[ 15.116983] intel_pstate_register_driver+0x3a/0xa0
[ 15.116983] intel_pstate_init+0x3c4/0x434
[ 15.116983] ? intel_pstate_setup+0x104/0x104
[ 15.116983] ? intel_pstate_setup+0x104/0x104
[ 15.116983] do_one_initcall+0x9c/0x206
[ 15.116983] ? parameq+0xa0/0xa0
[ 15.116983] ? initcall_blacklisted+0x150/0x150
[ 15.116983] ? lock_downgrade+0x2c0/0x2c0
[ 15.116983] kernel_init_freeable+0x327/0x3f0
[ 15.116983] ? start_kernel+0x612/0x612
[ 15.116983] ? _raw_spin_unlock_irq+0x29/0x40
[ 15.116983] ? finish_task_switch+0xdd/0x320
[ 15.116983] ? finish_task_switch+0x8e/0x320
[ 15.116983] ? rest_init+0xd0/0xd0
[ 15.116983] kernel_init+0xf/0x11a
[ 15.116983] ? rest_init+0xd0/0xd0
[ 15.116983] ret_from_fork+0x24/0x30
[ 15.116983] The buggy address belongs to the variable:
[ 15.116983] __key.36299+0x38/0x40
[ 15.116983] Memory state around the buggy address:
[ 15.116983]
ffffffffb9a5bf80: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa
[ 15.116983]
ffffffffb9a5c000: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa
[ 15.116983] >
ffffffffb9a5c080: fa fa fa fa 00 fa fa fa fa fa fa fa 00 00 00 00
[ 15.116983] ^
[ 15.116983]
ffffffffb9a5c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 15.116983]
ffffffffb9a5c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 15.116983] ==================================================================
Fixes: 85b1407bf6d2 (ACPI / CPPC: Make CPPC ACPI driver aware of PCC subspace IDs)
Reported-by: Changbin Du <changbin.du@intel.com>
Signed-off-by: George Cherian <george.cherian@cavium.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Christian König [Mon, 4 Dec 2017 10:17:54 +0000 (11:17 +0100)]
drm/ttm: swap consecutive allocated cached pages v3
When we detect consecutive allocation of pages swap them to avoid
accidentally freeing them as huge page.
v2: use swap
v3: check if it's really the first allocated page
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Roger He <Hongbo.He@amd.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Roger He [Tue, 21 Nov 2017 08:47:16 +0000 (16:47 +0800)]
drm/ttm: roundup the shrink request to prevent skip huge pool
e.g. shrink reqeust is less than 512, the logic will skip huge pool
Reviewed-by: Chunming Zhou <david1.zhou@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Roger He <Hongbo.He@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Roger He [Tue, 21 Nov 2017 06:24:48 +0000 (14:24 +0800)]
drm/ttm: add page order support in ttm_pages_put
Reviewed-by: Chunming Zhou <david1.zhou@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Roger He <Hongbo.He@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Roger He [Wed, 22 Nov 2017 07:09:33 +0000 (15:09 +0800)]
drm/ttm: add set_pages_wb for handling page order more than zero
Reviewed-by: Chunming Zhou <david1.zhou@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Roger He <Hongbo.He@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Roger He [Tue, 21 Nov 2017 01:37:52 +0000 (09:37 +0800)]
drm/ttm: add page order in page pool
to indicate page order for each element in the pool
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Roger He <Hongbo.He@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Roger He [Tue, 21 Nov 2017 01:58:26 +0000 (09:58 +0800)]
drm/ttm: use NUM_PAGES_TO_ALLOC always
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Roger He <Hongbo.He@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Linus Torvalds [Tue, 5 Dec 2017 18:31:32 +0000 (10:31 -0800)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"A bunch of fixes for aacraid, a set of coherency fixes that only
affect non-coherent platforms and one coccinelle detected null check
after use"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: libsas: align sata_device's rps_resp on a cacheline
scsi: use dma_get_cache_alignment() as minimum DMA alignment
scsi: dma-mapping: always provide dma_get_cache_alignment
scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg
scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path
scsi: aacraid: Perform initialization reset only once
scsi: aacraid: Check for PCI state of device in a generic way
Linus Torvalds [Tue, 5 Dec 2017 18:10:15 +0000 (10:10 -0800)]
Merge tag 'for-linus' of git://git./linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"Here is the first rc pull request for RDMA. This includes an important
core fix for a regression in iWarp if SELinux is enabled, a fix for a
compilation regression introduced in this merge window, and one
obscure kconfig combination that oops's the kernel.
For drivers, we have hns fixes needed to make their devices work on
certain ARM IOMMU configurations, a stack data leak for hfi1, and
various testing discovered -rc bug fixes for i40iw.
This cycle we pushed back on the driver maintainers to have better
commit messages for -rc material"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
IB/core: Only enforce security for InfiniBand
RDMA/hns: Get rid of page operation after dma_alloc_coherent
RDMA/hns: Get rid of virt_to_page and vmap calls after dma_alloc_coherent
RDMA/hns: Fix the issue of IOVA not page continuous in hip08
IB/core: Init subsys if compiled to vmlinuz-core
RDMA/cma: Make sure that PSN is not over max allowed
i40iw: Notify user of established connection after QP in RTS
i40iw: Move MPA request event for loopback after connect
i40iw: Correct ARP index mask
i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE
i40iw: Allocate a sdbuf per CQP WQE
IB: INFINIBAND should depend on HAS_DMA
IB/hfi1: Initialize bth1 in 16B rc ack builder
Linus Torvalds [Tue, 5 Dec 2017 18:06:23 +0000 (10:06 -0800)]
Merge tag 'char-misc-4.15-rc3' of git://git./linux/kernel/git/gregkh/char-misc
Pull char/misc fixes from Greg KH:
"Here are some small misc driver fixes for 4.15-rc3 to resolve reported
issues. Specifically these are:
- binder fix for a memory leak
- vpd driver fixes for a number of reported problems
- hyperv driver fix for memory accesses where it shouldn't be.
All of these have been in linux-next for a while. There's also one
more MAINTAINERS file update that came in today to get the Android
developer's emails correct, which is also in this pull request, that
was not in linux-next, but should not be an issue"
* tag 'char-misc-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
MAINTAINERS: update Android driver maintainers.
firmware: vpd: Fix platform driver and device registration/unregistration
firmware: vpd: Tie firmware kobject to device lifetime
firmware: vpd: Destroy vpd sections in remove function
hv: kvp: Avoid reading past allocated blocks from KVP file
Drivers: hv: vmbus: Fix a rescind issue
ANDROID: binder: fix transaction leak.
Linus Torvalds [Tue, 5 Dec 2017 18:00:14 +0000 (10:00 -0800)]
Merge tag 'driver-core-4.15-rc3' of git://git./linux/kernel/git/gregkh/driver-core
Pull driver core fixes from Greg KH:
"Here are 3 small fixes for some reported issues:
- a debugfs build error that lots of people have reported
- a Kconfig help text cleanup now that the firmware is not in the
kernel tree
- an ISA bus bug fix for a reported issue that has been there since
2.6.18.
All of these have been in linux-next with no reported issues"
* tag 'driver-core-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
firmware: cleanup FIRMWARE_IN_KERNEL message
isa: Prevent NULL dereference in isa_bus driver callbacks
debugfs: fix debugfs_real_fops() build error
Linus Torvalds [Tue, 5 Dec 2017 17:57:34 +0000 (09:57 -0800)]
Merge tag 'staging-4.15-rc3' of git://git./linux/kernel/git/gregkh/staging
Pull staging and iio driver fixes from Greg KH:
"Here are a number of small staging and iio driver fixes for reported
issues for 4.15-rc3. Nothing major here, the majority is IIO issues,
like normal, but there are also some small bugfixes for a few staging
drivers as well.
Full details are in the shortlog.
All of these have been in linux-next for a while with no reported
issues"
* tag 'staging-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
iio: stm32: fix adc/trigger link error
iio: health: max30102: Temperature should be in milli Celsius
iio: fix kernel-doc build errors
iio: adc: meson-saradc: Meson8 and Meson8b do not have REG11 and REG13
iio: adc: meson-saradc: initialize the bandgap correctly on older SoCs
iio: adc: meson-saradc: fix the bit_idx of the adc_en clock
iio: proximity: sx9500: Assign interrupt from GpioIo()
iio: adc: cpcap: fix incorrect validation
staging: octeon-usb: use __delay() instead of cvmx_wait()
staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
staging: ccree: fix leak of import() after init()
staging: comedi: ni_atmio: fix license warning.
projects / openwrt / staging / blogic.git / log