Bjorn Helgaas [Tue, 14 Nov 2017 18:11:26 +0000 (12:11 -0600)]
Merge branch 'pci/switchtec' into next
* pci/switchtec:
switchtec: Make struct event_regs static
Bjorn Helgaas [Tue, 14 Nov 2017 18:11:25 +0000 (12:11 -0600)]
Merge branch 'pci/resource' into next
* pci/resource:
PCI: Fail pci_map_rom() if the option ROM is invalid
PCI: Move pci_map_rom() error path
x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f)
PCI: Add pci_resize_resource() for resizing BARs
PCI: Add resizable BAR infrastructure
PCI: Add PCI resource type mask #define
Bjorn Helgaas [Tue, 14 Nov 2017 18:11:24 +0000 (12:11 -0600)]
Merge branch 'pci/portdrv' into next
* pci/portdrv:
PCI/portdrv: Turn off PCIe services during shutdown
Bjorn Helgaas [Tue, 14 Nov 2017 18:11:23 +0000 (12:11 -0600)]
Merge branch 'pci/msi' into next
* pci/msi:
PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation
PCI/portdrv: Factor out Interrupt Message Number lookup
PCI/portdrv: Consolidate comments
PCI/portdrv: Add #defines for AER and DPC Interrupt Message Number masks
Bjorn Helgaas [Tue, 14 Nov 2017 18:11:22 +0000 (12:11 -0600)]
Merge branch 'pci/misc' into next
* pci/misc:
PCI: Fix kernel-doc build warning
PCI: Move PCI_QUIRKS to the PCI bus menu
alpha/PCI: Make pdev_save_srm_config() static
PCI: Remove unused declarations
PCI: Remove redundant pci_dev, pci_bus, resource declarations
PCI: Remove redundant pcibios_set_master() declarations
PCI/PME: Handle invalid data when reading Root Status
x86/pci/intel_mid_pci: Constify intel_mid_pci_ops and make it __initconst
PCI: Constify pci_dev_type structure
Bjorn Helgaas [Tue, 14 Nov 2017 18:11:22 +0000 (12:11 -0600)]
Merge branch 'pci/hotplug' into next
* pci/hotplug:
PCI: pciehp: Do not clear Presence Detect Changed during initialization
PCI: pciehp: Fix race condition handling surprise link down
PCI: Distribute available resources to hotplug-capable bridges
PCI: Distribute available buses to hotplug-capable bridges
PCI: Do not allocate more buses than available in parent
PCI: Open-code the two pass loop when scanning bridges
PCI: Move pci_hp_add_bridge() to drivers/pci/probe.c
PCI: Add for_each_pci_bridge() helper
PCI: shpchp: Convert timers to use timer_setup()
PCI: cpqphp: Convert timers to use timer_setup()
PCI: pciehp: Convert timers to use timer_setup()
PCI: ibmphp: Use common error handling code in unconfigure_boot_device()
Bjorn Helgaas [Tue, 14 Nov 2017 18:11:21 +0000 (12:11 -0600)]
Merge branch 'pci/endpoint' into next
* pci/endpoint:
misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi()
misc: pci_endpoint_test: Fix pci_endpoint_test not releasing resources on remove
misc: pci_endpoint_test: Fix failure path return values in probe
misc: pci_endpoint_test: Avoid triggering a BUG()
misc: pci_endpoint_test: Prevent some integer overflows
Bjorn Helgaas [Tue, 14 Nov 2017 18:11:20 +0000 (12:11 -0600)]
Merge branch 'pci/aspm' into next
* pci/aspm:
PCI/ASPM: Add L1 Substates definitions
PCI/ASPM: Reformat ASPM register definitions
PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD
PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time
PCI/ASPM: Deal with missing root ports in link state handling
Bjorn Helgaas [Tue, 14 Nov 2017 18:11:20 +0000 (12:11 -0600)]
Merge branch 'pci/aer' into next
* pci/aer:
PCI/AER: Report non-fatal errors only to the affected endpoint
Bjorn Helgaas [Tue, 14 Nov 2017 18:11:19 +0000 (12:11 -0600)]
Merge branch 'pci/acpi' into next
* pci/acpi:
ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
Bjorn Helgaas [Mon, 13 Nov 2017 14:36:40 +0000 (08:36 -0600)]
PCI/ASPM: Add L1 Substates definitions
Add and use #defines for L1 Substate register fields instead of hard-coding
the masks. Also update comments to use names from the spec. No functional
change intended.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Vidya Sagar <vidyas@nvidia.com>
Bjorn Helgaas [Fri, 10 Nov 2017 21:13:10 +0000 (15:13 -0600)]
PCI/ASPM: Reformat ASPM register definitions
Reformat register field definitions in the style used elsewhere and align
comments with names used in the spec. No functional change intended.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Vidya Sagar <vidyas@nvidia.com>
Bjorn Helgaas [Mon, 13 Nov 2017 21:05:50 +0000 (15:05 -0600)]
PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD
Previously we programmed the LTR_L1.2_THRESHOLD in the parent (upstream)
device using the capability pointer of the *child* (downstream) device,
which corrupted some random word of the parent's config space.
Use the parent's L1 SS capability pointer to program its
LTR_L1.2_THRESHOLD.
Fixes: aeda9adebab8 ("PCI/ASPM: Configure L1 substate settings")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Vidya Sagar <vidyas@nvidia.com>
CC: stable@vger.kernel.org # v4.11+
CC: Rajat Jain <rajatja@google.com>
Bjorn Helgaas [Mon, 13 Nov 2017 14:50:30 +0000 (08:50 -0600)]
PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time
Every Port that supports the L1.2 substate advertises its Port
Common_Mode_Restore_Time, i.e., the time the Port requires to re-establish
common mode when exiting L1.2 (see PCIe r3.1, sec 7.33.2).
Per sec 5.5.3.3.1, when exiting L1.2, the Downstream Port (the device at
the upstream end of the link) must send TS1 training sequences for at least
T(COMMONMODE) after it detects electrical idle exit on the Link. We want
this to be long enough for both ends of the Link, so we should set it to
the maximum of the Port Common_Mode_Restore_Time for the upstream and
downstream components on the Link.
Previously we only looked at the Port Common_Mode_Restore_Time of the
upstream device, so if the downstream device required more time, we didn't
program the upstream device's T(COMMONMODE) correctly.
Fixes: f1f0366dd6be ("PCI/ASPM: Calculate and save the L1.2 timing parameters")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Vidya Sagar <vidyas@nvidia.com>
Acked-by: Rajat Jain <rajatja@google.com>
CC: stable@vger.kernel.org # v4.11+
Randy Dunlap [Mon, 30 Oct 2017 00:07:11 +0000 (17:07 -0700)]
PCI: Fix kernel-doc build warning
Fix build error in kernel-doc notation:
../drivers/pci/pci.c:3479: ERROR: Unexpected indentation.
"::" tells the kernel-doc "reStructuredText" processor that the following
block is a literal block of some blob that should be kept as is.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
[bhelgaas: add hint about "::" meaning]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Changbin Du [Wed, 8 Nov 2017 00:26:53 +0000 (18:26 -0600)]
PCI: Fail pci_map_rom() if the option ROM is invalid
If we detect a invalid PCI option ROM (e.g., invalid ROM header signature),
we should unmap it immediately and fail. It doesn't make any sense to
return a mapped area with size of 0.
I have seen this case on Intel GVTg vGPU, which has no VBIOS. It will not
cause a real problem, but we should skip it as early as possible.
Signed-off-by: Changbin Du <changbin.du@intel.com>
[bhelgaas: split non-functional change into separate patch]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Changbin Du [Wed, 8 Nov 2017 00:22:26 +0000 (18:22 -0600)]
PCI: Move pci_map_rom() error path
Move pci_map_rom() error code to the end to prepare for adding another
error path. No functional change intended.
Signed-off-by: Changbin Du <changbin.du@intel.com>
[bhelgaas: split non-functional change into separate patch]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Randy Dunlap [Thu, 2 Nov 2017 22:14:02 +0000 (15:14 -0700)]
PCI: Move PCI_QUIRKS to the PCI bus menu
Localize PCI_QUIRKS in the PCI bus menu.
Move PCI_QUIRKS to the PCI bus menu instead of the (often broken) General
Setup EXPERT menu. The prompt still depends on EXPERT.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Bjorn Helgaas [Thu, 28 Sep 2017 21:52:51 +0000 (16:52 -0500)]
alpha/PCI: Make pdev_save_srm_config() static
pdev_save_srm_config() and struct pdev_srm_saved_conf are only used in
arch/alpha/kernel/pci.c, so make them static there.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Bjorn Helgaas [Wed, 4 Oct 2017 20:40:46 +0000 (15:40 -0500)]
PCI: Remove unused declarations
Remove these unused declarations:
pcibios_config_init() # never defined anywhere
pcibios_scan_root() # only defined by x86
pcibios_get_irq_routing_table() # only defined by x86
pcibios_set_irq_routing() # only defined by x86
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Bjorn Helgaas [Wed, 4 Oct 2017 20:15:22 +0000 (15:15 -0500)]
PCI: Remove redundant pci_dev, pci_bus, resource declarations
<linux/pci.h> defines struct pci_bus and struct pci_dev and includes the
struct resource definition before including <asm/pci.h>. Nobody includes
<asm/pci.h> directly, so they don't need their own declarations.
Remove the redundant struct pci_dev, pci_bus, resource declarations.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Jesper Nilsson <jesper.nilsson@axis.com> # CRIS
Acked-by: Ralf Baechle <ralf@linux-mips.org> # MIPS
Bjorn Helgaas [Thu, 28 Sep 2017 22:02:42 +0000 (17:02 -0500)]
PCI: Remove redundant pcibios_set_master() declarations
All users of pcibios_set_master() include <linux/pci.h>, which already has
a declaration. Remove the unnecessary declarations from the <asm/pci.h>
files.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Jesper Nilsson <jesper.nilsson@axis.com> # CRIS
Acked-by: Ralf Baechle <ralf@linux-mips.org> # MIPS
Qiang [Thu, 28 Sep 2017 03:54:34 +0000 (11:54 +0800)]
PCI/PME: Handle invalid data when reading Root Status
PCIe PME and native hotplug share the same interrupt number, so hotplug
interrupts are also processed by PME. In some cases, e.g., a Link Down
interrupt, a device may be present but unreachable, so when we try to
read its Root Status register, the read fails and we get all ones data
(0xffffffff).
Previously, we interpreted that data as PCI_EXP_RTSTA_PME being set, i.e.,
"some device has asserted PME," so we scheduled pcie_pme_work_fn(). This
caused an infinite loop because pcie_pme_work_fn() tried to handle PME
requests until PCI_EXP_RTSTA_PME is cleared, but with the link down,
PCI_EXP_RTSTA_PME can't be cleared.
Check for the invalid 0xffffffff data everywhere we read the Root Status
register.
1469d17dd341 ("PCI: pciehp: Handle invalid data when reading from
non-existent devices") added similar checks in the hotplug driver.
Signed-off-by: Qiang Zheng <zhengqiang10@huawei.com>
[bhelgaas: changelog, also check in pcie_pme_work_fn(), use "~0" to follow
other similar checks]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Mika Westerberg [Fri, 13 Oct 2017 18:35:47 +0000 (21:35 +0300)]
PCI: pciehp: Do not clear Presence Detect Changed during initialization
It is possible that the hotplug event has already happened before the
driver is attached to a PCIe hotplug downstream port. If we just clear the
status we never get the hotplug interrupt and thus the event will be
missed.
To make sure that does not happen, we leave Presence Detect Changed bit
untouched during initialization. Then once the event is unmasked we get an
interrupt and handle the hotplug event properly.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Mika Westerberg [Fri, 13 Oct 2017 18:35:46 +0000 (21:35 +0300)]
PCI: pciehp: Fix race condition handling surprise link down
A surprise link down may retrain very quickly causing the same slot
generate a link up event before handling the link down event completes.
Since the link is active, the power off work queued from the first link
down will cause a second down event when power is disabled. However, the
link up event sets the slot state to POWERON_STATE before the event to
handle this is enqueued, making the second down event believe it needs to
do something.
This creates constant link up and down event cycle.
To prevent this it is better to handle each event at the time in order it
occurred, so change the driver to use ordered workqueue instead.
A normal device hotplug triggers two events (presense detect and link up)
that are already handled properly in the driver but we currently log an
error if we find an existing device in the slot. Since this is not an error
change the log level to be debug instead to avoid scaring users.
This is based on the original work by Ashok Raj.
Link: https://patchwork.kernel.org/patch/9469023
Suggested-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Mika Westerberg [Fri, 13 Oct 2017 18:35:45 +0000 (21:35 +0300)]
PCI: Distribute available resources to hotplug-capable bridges
The same problem that we have with bus space applies to other resources
as well. Linux only allocates the minimal amount of resources so that
the devices currently present barely fit there. This prevents extending
the chain later on because the resource windows allocated for hotplug
downstream ports are too small.
Follow what we already did for bus number and assign all available extra
resources to hotplug-capable bridges. This makes it possible to extend the
hierarchy later.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Mika Westerberg [Fri, 13 Oct 2017 18:35:44 +0000 (21:35 +0300)]
PCI: Distribute available buses to hotplug-capable bridges
System BIOS sometimes allocates extra bus space for hotplug-capable PCIe
root/downstream ports. This space is needed if the device plugged to the
port will have more hotplug-capable downstream ports. A good example of
this is Thunderbolt. Each Thunderbolt device contains a PCIe switch and
one or more hotplug-capable PCIe downstream ports where the daisy chain
can be extended.
Currently Linux only allocates minimal bus space to make sure all the
enumerated devices barely fit there. The BIOS reserved extra space is
not taken into consideration at all. Because of this we run out of bus
space pretty quickly when more PCIe devices are attached to hotplug
downstream ports in order to extend the chain.
Modify the PCI core so we distribute the available BIOS allocated bus space
equally between hotplug-capable bridges to make sure there is enough bus
space for extending the hierarchy later on.
Update kernel docs of the affected functions.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Mika Westerberg [Fri, 13 Oct 2017 18:35:43 +0000 (21:35 +0300)]
PCI: Do not allocate more buses than available in parent
One can ask more buses to be reserved for hotplug bridges by passing
pci=hpbussize=N in the kernel command line. If the parent bus does not
have enough bus space available we incorrectly create child bus with the
requested number of subordinate buses.
In the example below hpbussize is set to one more than we have available
buses in the root port:
pci 0000:07:00.0: [8086:1578] type 01 class 0x060400
pci 0000:07:00.0: scanning [bus 00-00] behind bridge, pass 0
pci 0000:07:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring
pci 0000:07:00.0: scanning [bus 00-00] behind bridge, pass 1
pci_bus 0000:08: busn_res: can not insert [bus 08-ff] under [bus 07-3f] (conflicts with (null) [bus 07-3f])
pci_bus 0000:08: scanning bus
...
pci_bus 0000:0a: bus scan returning with max=40
pci_bus 0000:0a: busn_res: [bus 0a-ff] end is updated to 40
pci_bus 0000:0a: [bus 0a-40] partially hidden behind bridge 0000:07 [bus 07-3f]
pci_bus 0000:08: bus scan returning with max=40
pci_bus 0000:08: busn_res: [bus 08-ff] end is updated to 40
Instead of allowing this, limit the subordinate number to be less than or
equal the maximum subordinate number allocated for the parent bus (if it
has any).
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
[bhelgaas: remove irrelevant dmesg messages]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Mika Westerberg [Fri, 13 Oct 2017 18:35:42 +0000 (21:35 +0300)]
PCI: Open-code the two pass loop when scanning bridges
The current scanning code is really hard to understand because it calls
the same function in a loop where pass value is changed without any
comments explaining it:
for (pass = 0; pass < 2; pass++)
for_each_pci_bridge(dev, bus)
max = pci_scan_bridge(bus, dev, max, pass);
Unfamiliar reader cannot tell easily what is the purpose of this loop
without looking at internals of pci_scan_bridge().
In order to make this bit easier to understand, open-code the loop in
pci_scan_child_bus() and pci_hp_add_bridge() with added comments.
No functional changes intended.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Mika Westerberg [Fri, 13 Oct 2017 18:35:41 +0000 (21:35 +0300)]
PCI: Move pci_hp_add_bridge() to drivers/pci/probe.c
There is not much point of having a file with a single function in it.
Instead we can just move pci_hp_add_bridge() to drivers/pci/probe.c and
make it available always when PCI core is enabled.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
[bhelgaas: convert printk to dev_err()]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Andy Shevchenko [Fri, 20 Oct 2017 20:38:54 +0000 (15:38 -0500)]
PCI: Add for_each_pci_bridge() helper
The following pattern is often used:
list_for_each_entry(dev, &bus->devices, bus_list) {
if (pci_is_bridge(dev)) {
...
}
}
Add a for_each_pci_bridge() helper to make that code easier to write and
read by reducing indentation level. It also saves one or few lines of code
in each occurrence.
Convert PCI core parts here at the same time.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[bhelgaas: fold in http://lkml.kernel.org/r/
20171013165352.25550-1-andriy.shevchenko@linux.intel.com]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Kees Cook [Fri, 20 Oct 2017 20:11:42 +0000 (15:11 -0500)]
PCI: shpchp: Convert timers to use timer_setup()
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Arvind Yadav <arvind.yadav.cs@gmail.com>
Cc: Quentin Lambert <lambert.quentin@gmail.com>
Cc: Aleksandr Bezzubikov <zuban32s@gmail.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Kees Cook [Mon, 16 Oct 2017 23:18:02 +0000 (16:18 -0700)]
PCI: cpqphp: Convert timers to use timer_setup()
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly. This has the result of fixing
pushbutton_helper_thread(), which was truncating the event pointer to 32
bits.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Arvind Yadav <arvind.yadav.cs@gmail.com>
Cc: Quentin Lambert <lambert.quentin@gmail.com>
Cc: Aleksandr Bezzubikov <zuban32s@gmail.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Kees Cook [Thu, 5 Oct 2017 00:53:48 +0000 (17:53 -0700)]
PCI: pciehp: Convert timers to use timer_setup()
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly. This fixes what appears to be a bug
in passing the wrong pointer to the timer handler (address of ctrl pointer
instead of ctrl pointer).
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Mayurkumar Patel <mayurkumar.patel@intel.com>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Markus Elfring [Mon, 30 Oct 2017 12:26:32 +0000 (13:26 +0100)]
PCI: ibmphp: Use common error handling code in unconfigure_boot_device()
Combine two error paths that emit the same message and return the same
error code.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
[bhelgaas: changelog]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Sinan Kaya [Wed, 25 Oct 2017 19:01:02 +0000 (15:01 -0400)]
PCI/portdrv: Turn off PCIe services during shutdown
Some of the PCIe services such as AER are being left enabled during
shutdown. This might cause spurious AER errors while SOC is being powered
down.
Clean up the PCIe services gracefully during shutdown to clear these false
positives.
Signed-off-by: Sinan Kaya <okaya@codeaurora.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Kishon Vijay Abraham I [Wed, 11 Oct 2017 08:44:38 +0000 (14:14 +0530)]
misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi()
pci_disable_msi() throws a Kernel BUG if the driver has successfully
requested an IRQ and not released it. Fix it here by freeing IRQs before
invoking pci_disable_msi().
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Kishon Vijay Abraham I [Wed, 11 Oct 2017 08:44:37 +0000 (14:14 +0530)]
misc: pci_endpoint_test: Fix pci_endpoint_test not releasing resources on remove
sscanf(misc_device->name, DRV_MODULE_NAME ".%d", &id) in
pci_endpoint_test_remove() returns 0, which results in returning early
without releasing the resources. This is as a result of misc_device not
having a valid name. Fix it here.
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Kishon Vijay Abraham I [Wed, 11 Oct 2017 08:44:36 +0000 (14:14 +0530)]
misc: pci_endpoint_test: Fix failure path return values in probe
Return value of pci_endpoint_test_probe is not set properly in a couple of
failure cases. Fix it here.
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Dan Carpenter [Sat, 30 Sep 2017 08:16:51 +0000 (11:16 +0300)]
misc: pci_endpoint_test: Avoid triggering a BUG()
If you call ida_simple_remove(&pci_endpoint_test_ida, id) with a negative
"id" then it triggers an immediate BUG_ON(). Let's not allow that.
Fixes: 2c156ac71c6b ("misc: Add host side PCI driver for PCI test function device")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Kishon Vijay Abraham I <kishon@ti.com>
Christian König [Tue, 24 Oct 2017 19:40:29 +0000 (14:40 -0500)]
x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f)
Manually enable a 64GB 64-bit BAR so we have enough room for graphics
devices with large framebuffers.
Most BIOSes don't enable this for compatibility reasons.
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Christian König [Tue, 24 Oct 2017 19:40:26 +0000 (14:40 -0500)]
PCI: Add pci_resize_resource() for resizing BARs
Add a pci_resize_resource() interface to allow device drivers to resize
BARs of their devices.
This is useful for devices with large local storage, e.g., graphics
devices. These devices often only expose 256MB BARs initially to be
compatible with 32-bit systems.
This function only tries to reprogram the windows of the bridge directly
above the requesting device and only the BAR of the same type (usually mem,
64bit, prefetchable). This is done to avoid disturbing other drivers by
changing the BARs of their devices.
Drivers should use the following sequence to resize their BARs:
1. Disable memory decoding of the device using the PCI cfg dword.
2. Use pci_release_resource() to release all BARs which can move during the
resize, including the one you want to resize.
3. Call pci_resize_resource() for each BAR you want to resize.
4. Call pci_assign_unassigned_bus_resources() to reassign new locations
for all BARs which are not resized, but could move.
5. If everything worked as expected, enable memory decoding in the device
again using the PCI cfg dword.
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Christian König [Tue, 24 Oct 2017 19:40:20 +0000 (14:40 -0500)]
PCI: Add resizable BAR infrastructure
Add resizable BAR infrastructure, including defines and helper functions to
read the possible sizes of a BAR and update its size. See PCIe r3.1, sec
7.22.
Link: https://pcisig.com/sites/default/files/specification_documents/ECN_Resizable-BAR_24Apr2008.pdf
Signed-off-by: Christian König <christian.koenig@amd.com>
[bhelgaas: rename to functions with "rebar" (to match #defines), drop shift
#defines, drop "_MASK" suffixes, fix typos, fix kerneldoc]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Christian König [Wed, 18 Oct 2017 13:58:17 +0000 (15:58 +0200)]
PCI: Add PCI resource type mask #define
Add a #define for the PCI resource type mask. We use this mask multiple
times in the bus setup.
Signed-off-by: Christian König <christian.koenig@amd.com>
[bhelgaas: move to setup-bus.c]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Bjorn Helgaas [Fri, 20 Oct 2017 13:57:16 +0000 (08:57 -0500)]
PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation
When setting up portdrv MSI/MSI-X interrupts, we previously allocated the
maximum possible number of vectors, read the Interrupt Message Numbers for
each service, saved the IRQ for each, freed the vectors, and finally used
the largest Message Number to reallocate only as many vectors as we need.
The problem is that freeing the vectors invalidates their IRQs, so the
saved IRQ numbers may now be invalid, which can result in errors like
this:
pcie_pme: probe of 0000:00:00.0:pcie001 failed with error -22
pciehp 0000:00:00.0:pcie004: Cannot get irq 20 for the hotplug controller
aer: probe of 0000:00:00.0:pcie002 failed with error -22
dpc 0000:00:00.0:pcie010: request IRQ22 failed: -22
Change the setup so we save the Interrupt Message Numbers (not the IRQs)
before we free the original setup, then use the Message Numbers to compute
the IRQs (via pci_irq_vector()) *after* we reallocate the vectors.
This should always be safe for MSI-X because the Message Numbers are fixed.
For MSI, the hardware is allowed to change Message Numbers when we update
the MSI Multiple Message Enable field when reallocating the vectors, but
since we allocate enough vectors to accommodate the largest Message Number
we found, that's unlikely. See PCIe r3.1, sec 7.8.2, 7.10.10, 7.31.2.
Fixes: 3674cc49da9a ("PCI/portdrv: Use pci_irq_alloc_vectors()")
Based-on-patch-by: Dongdong Liu <liudongdong3@huawei.com>
Tested-by: Dongdong Liu <liudongdong3@huawei.com> # HiSilicon hip08
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Bjorn Helgaas [Fri, 20 Oct 2017 13:48:06 +0000 (08:48 -0500)]
PCI/portdrv: Factor out Interrupt Message Number lookup
Factor out Interrupt Message Number lookup from the MSI/MSI-X interrupt
setup. One side effect is that we only have to check once to see if we
have enough vectors for all the services. No functional change intended.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Bjorn Helgaas [Thu, 19 Oct 2017 21:09:26 +0000 (16:09 -0500)]
PCI/portdrv: Consolidate comments
Consolidate some repetitive comments so we can see the code better. No
functional change.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Dongdong Liu [Wed, 11 Oct 2017 10:52:58 +0000 (18:52 +0800)]
PCI/portdrv: Add #defines for AER and DPC Interrupt Message Number masks
In the AER case, the mask isn't strictly necessary because there are no
higher-order bits above the Interrupt Message Number, but using a #define
will make it possible to grep for it.
Suggested-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Dongdong Liu <liudongdong3@huawei.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Dan Carpenter [Sat, 30 Sep 2017 08:15:52 +0000 (11:15 +0300)]
misc: pci_endpoint_test: Prevent some integer overflows
"size + max" can have an arithmetic overflow when we're allocating:
orig_src_addr = dma_alloc_coherent(dev, size + alignment, ...
Add a few checks to prevent that.
Fixes: 13107c60681f ("misc: pci_endpoint_test: Add support to provide aligned buffer addresses")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Kishon Vijay Abraham I <kishon@ti.com>
Colin Ian King [Thu, 5 Oct 2017 10:01:45 +0000 (11:01 +0100)]
switchtec: Make struct event_regs static
The structure event_regs is local to the source and does not need to be in
global scope, so make it static.
Cleans up sparse warning:
symbol 'event_regs' was not declared. Should it be static
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Logan Gunthorpe <logang@deltatee.com>
Bhumika Goyal [Mon, 18 Sep 2017 16:24:55 +0000 (21:54 +0530)]
x86/pci/intel_mid_pci: Constify intel_mid_pci_ops and make it __initconst
Make this const as it is only used during a copy operation. This usage is
inside init function and the structure is not referenced after
initialisation, so make it __initconst too.
Signed-off-by: Bhumika Goyal <bhumirks@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Bhumika Goyal [Tue, 12 Sep 2017 11:13:33 +0000 (16:43 +0530)]
PCI: Constify pci_dev_type structure
Make this const as it not modified in the file referencing it. It is only
stored in a const field 'type' of a device structure. Also, add const to
the variable declaration in the header file.
Signed-off-by: Bhumika Goyal <bhumirks@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Ard Biesheuvel [Mon, 2 Oct 2017 14:08:40 +0000 (15:08 +0100)]
PCI/ASPM: Deal with missing root ports in link state handling
Even though it is unconventional, some PCIe host implementations omit the
root ports entirely, and simply consist of a host bridge (which is not
modeled as a device in the PCI hierarchy) and a link.
When the downstream device is an endpoint, our current code does not seem
to mind this unusual configuration. However, when PCIe switches are
involved, the ASPM code assumes that any downstream switch port has a
parent, and blindly dereferences the bus->parent->self field of the pci_dev
struct to chain the downstream link state to the link state of the root
port. Given that the root port is missing, the link is not modeled at all,
and nor is the link state, and attempting to access it results in a NULL
pointer dereference and a crash.
Avoid this by allowing the link state chain to terminate at the downstream
port if no root port exists.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Gabriele Paoloni [Thu, 28 Sep 2017 14:33:05 +0000 (15:33 +0100)]
PCI/AER: Report non-fatal errors only to the affected endpoint
Previously, if an non-fatal error was reported by an endpoint, we
called report_error_detected() for the endpoint, every sibling on the
bus, and their descendents. If any of them did not implement the
.error_detected() method, do_recovery() failed, leaving all these
devices unrecovered.
For example, the system described in the bugzilla below has two devices:
0000:74:02.0 [19e5:a230] SAS controller, driver has .error_detected()
0000:74:03.0 [19e5:a235] SATA controller, driver lacks .error_detected()
When a device such as 74:02.0 reported a non-fatal error, do_recovery()
failed because 74:03.0 lacked an .error_detected() method. But per PCIe
r3.1, sec 6.2.2.2.2, such an error does not compromise the Link and
does not affect 74:03.0:
Non-fatal errors are uncorrectable errors which cause a particular
transaction to be unreliable but the Link is otherwise fully functional.
Isolating Non-fatal from Fatal errors provides Requester/Receiver logic
in a device or system management software the opportunity to recover from
the error without resetting the components on the Link and disturbing
other transactions in progress. Devices not associated with the
transaction in error are not impacted by the error.
Report non-fatal errors only to the endpoint that reported them. We really
want to check for AER_NONFATAL here, but the current code structure doesn't
allow that. Looking for pci_channel_io_normal is the best we can do now.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=197055
Fixes: 6c2b374d7485 ("PCI-Express AER implemetation: AER core and aerdriver")
Signed-off-by: Gabriele Paoloni <gabriele.paoloni@huawei.com>
Signed-off-by: Dongdong Liu <liudongdong3@huawei.com>
[bhelgaas: changelog]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Vitaly Kuznetsov [Thu, 14 Sep 2017 14:50:14 +0000 (16:50 +0200)]
ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
Hyper-V instances support PCI pass-through which is implemented through PV
pci-hyperv driver. When a device is passed through, a new root PCI bus is
created in the guest. The bus sits on top of VMBus and has no associated
information in ACPI. acpi_pci_add_bus() in this case proceeds all the way
to acpi_evaluate_dsm(), which reports
ACPI: \: failed to evaluate _DSM (0x1001)
While acpi_pci_slot_enumerate() and acpiphp_enumerate_slots() are protected
against ACPI_HANDLE() being NULL and do nothing, acpi_evaluate_dsm() is not
and gives us the error. It seems the correct fix is to not do anything in
acpi_pci_add_bus() in such cases.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Linus Torvalds [Sun, 1 Oct 2017 21:54:54 +0000 (14:54 -0700)]
Linux 4.14-rc3
Linus Torvalds [Sun, 1 Oct 2017 20:55:32 +0000 (13:55 -0700)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
"This contains the following fixes and improvements:
- Avoid dereferencing an unprotected VMA pointer in the fault signal
generation code
- Fix inline asm call constraints for GCC 4.4
- Use existing register variable to retrieve the stack pointer
instead of forcing the compiler to create another indirect access
which results in excessive extra 'mov %rsp, %<dst>' instructions
- Disable branch profiling for the memory encryption code to prevent
an early boot crash
- Fix a sparse warning caused by casting the __user annotation in
__get_user_asm_u64() away
- Fix an off by one error in the loop termination of the error patch
in the x86 sysfs init code
- Add missing CPU IDs to various Intel specific drivers to enable the
functionality on recent hardware
- More (init) constification in the numachip code"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/asm: Use register variable to get stack pointer value
x86/mm: Disable branch profiling in mem_encrypt.c
x86/asm: Fix inline asm call constraints for GCC 4.4
perf/x86/intel/uncore: Correct num_boxes for IIO and IRP
perf/x86/intel/rapl: Add missing CPU IDs
perf/x86/msr: Add missing CPU IDs
perf/x86/intel/cstate: Add missing CPU IDs
x86: Don't cast away the __user in __get_user_asm_u64()
x86/sysfs: Fix off-by-one error in loop termination
x86/mm: Fix fault error path using unsafe vma pointer
x86/numachip: Add const and __initconst to numachip2_clockevent
Linus Torvalds [Sun, 1 Oct 2017 20:03:16 +0000 (13:03 -0700)]
Merge branch 'timers-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull timer fixes from Thomas Gleixner:
"This adds a new timer wheel function which is required for the
conversion of the timer callback function from the 'unsigned long
data' argument to 'struct timer_list *timer'. This conversion has two
benefits:
1) It makes struct timer_list smaller
2) Many callers hand in a pointer to the timer or to the structure
containing the timer, which happens via type casting both at setup
and in the callback. This change gets rid of the typecasts.
Once the conversion is complete, which is planned for 4.15, the old
setup function and the intermediate typecast in the new setup function
go away along with the data field in struct timer_list.
Merging this now into mainline allows a smooth queueing of the actual
conversion in the affected maintainer trees without creating
dependencies"
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
um/time: Fixup namespace collision
timer: Prepare to change timer callback argument type
Linus Torvalds [Sun, 1 Oct 2017 19:34:42 +0000 (12:34 -0700)]
Merge branch 'smp-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull smp/hotplug fixes from Thomas Gleixner:
"This addresses the fallout of the new lockdep mechanism which covers
completions in the CPU hotplug code.
The lockdep splats are false positives, but there is no way to
annotate that reliably. The solution is to split the completions for
CPU up and down, which requires some reshuffling of the failure
rollback handling as well"
* 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
smp/hotplug: Hotplug state fail injection
smp/hotplug: Differentiate the AP completion between up and down
smp/hotplug: Differentiate the AP-work lockdep class between up and down
smp/hotplug: Callback vs state-machine consistency
smp/hotplug: Rewrite AP state machine core
smp/hotplug: Allow external multi-instance rollback
smp/hotplug: Add state diagram
Linus Torvalds [Sun, 1 Oct 2017 19:10:02 +0000 (12:10 -0700)]
Merge branch 'sched-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull scheduler fixes from Thomas Gleixner:
"The scheduler pull request comes with the following updates:
- Prevent a divide by zero issue by validating the input value of
sysctl_sched_time_avg
- Make task state printing consistent all over the place and have
explicit state characters for IDLE and PARKED so they wont be
displayed as 'D' state which confuses tools"
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/sysctl: Check user input value of sysctl_sched_time_avg
sched/debug: Add explicit TASK_PARKED printing
sched/debug: Ignore TASK_IDLE for SysRq-W
sched/debug: Add explicit TASK_IDLE printing
sched/tracing: Use common task-state helpers
sched/tracing: Fix trace_sched_switch task-state printing
sched/debug: Remove unused variable
sched/debug: Convert TASK_state to hex
sched/debug: Implement consistent task-state printing
Linus Torvalds [Sun, 1 Oct 2017 19:06:31 +0000 (12:06 -0700)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull perf fixes from Thomas Gleixner:
- Prevent a division by zero in the perf aux buffer handling
- Sync kernel headers with perf tool headers
- Fix a build failure in the syscalltbl code
- Make the debug messages of perf report --call-graph work correctly
- Make sure that all required perf files are in the MANIFEST for
container builds
- Fix the atrr.exclude kernel handling so it respects the
perf_event_paranoid and the user permissions
- Make perf test on s390x work correctly
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/aux: Only update ->aux_wakeup in non-overwrite mode
perf test: Fix vmlinux failure on s390x part 2
perf test: Fix vmlinux failure on s390x
perf tools: Fix syscalltbl build failure
perf report: Fix debug messages with --call-graph option
perf evsel: Fix attr.exclude_kernel setting for default cycles:p
tools include: Sync kernel ABI headers with tooling headers
perf tools: Get all of tools/{arch,include}/ in the MANIFEST
Linus Torvalds [Sun, 1 Oct 2017 19:02:47 +0000 (12:02 -0700)]
Merge branch 'locking-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull locking fixes from Thomas Gleixner:
"Two fixes for locking:
- Plug a hole the pi_stat->owner serialization which was changed
recently and failed to fixup two usage sites.
- Prevent reordering of the rwsem_has_spinner() check vs the
decrement of rwsem count in up_write() which causes a missed
wakeup"
* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
locking/rwsem-xadd: Fix missed wakeup due to reordering of load
futex: Fix pi_state->owner serialization
Linus Torvalds [Sun, 1 Oct 2017 19:00:56 +0000 (12:00 -0700)]
Merge branch 'irq-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull irq fixes from Thomas Gleixner:
- Add a missing NULL pointer check in free_irq()
- Fix a memory leak/memory corruption in the generic irq chip
- Add missing rcu annotations for radix tree access
- Use ffs instead of fls when extracting data from a chip register in
the MIPS GIC irq driver
- Fix the unmasking of IPI interrupts in the MIPS GIC driver so they
end up at the target CPU and not at CPU0
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
irq/generic-chip: Don't replace domain's name
irqdomain: Add __rcu annotations to radix tree accessors
irqchip/mips-gic: Use effective affinity to unmask
irqchip/mips-gic: Fix shifts to extract register fields
genirq: Check __free_irq() return value for NULL
Linus Torvalds [Sun, 1 Oct 2017 18:12:29 +0000 (11:12 -0700)]
Merge branch 'core-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull objtool fixes from Thomas Gleixner:
"Two small fixes for objtool:
- Support frame pointer setup via 'lea (%rsp), %rbp' which was not
yet supported and caused build warnings
- Disable unreacahble warnings for GCC4.4 and older to avoid false
positives caused by the compiler itself"
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
objtool: Support unoptimized frame pointer setup
objtool: Skip unreachable warnings for GCC 4.4 and older
Linus Torvalds [Sat, 30 Sep 2017 19:52:32 +0000 (12:52 -0700)]
Merge tag 'mtd/fixes-for-4.14-rc3' of git://git.infradead.org/linux-mtd
Pull mtd fixes from Boris Brezillon:
- Fix partition alignment check in mtdcore.c
- Fix a buffer overflow in the Atmel NAND driver
* tag 'mtd/fixes-for-4.14-rc3' of git://git.infradead.org/linux-mtd:
mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user
mtd: Fix partition alignment check on multi-erasesize devices
Linus Torvalds [Sat, 30 Sep 2017 19:50:56 +0000 (12:50 -0700)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Eight mostly minor fixes for recently discovered issues in drivers"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: ILLEGAL REQUEST + ASC==27 => target failure
scsi: aacraid: Add a small delay after IOP reset
scsi: scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add()
scsi: scsi_transport_fc: set scsi_target_id upon rescan
scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
scsi: aacraid: error: testing array offset 'bus' after use
scsi: lpfc: Don't return internal MBXERR_ERROR code from probe function
scsi: aacraid: Fix 2T+ drives on SmartIOC-2000
Linus Torvalds [Sat, 30 Sep 2017 02:35:41 +0000 (19:35 -0700)]
Merge tag 'platform-drivers-x86-v4.14-2' of git://git.infradead.org/linux-platform-drivers-x86
Pull x86 platform drivers fix from Darren Hart:
"Newly discovered species of fujitsu laptops break some assumptions
about ACPI device pairings.
fujitsu-laptop: Don't oops when FUJ02E3 is not present"
* tag 'platform-drivers-x86-v4.14-2' of git://git.infradead.org/linux-platform-drivers-x86:
platform/x86: fujitsu-laptop: Don't oops when FUJ02E3 is not presnt
Linus Torvalds [Sat, 30 Sep 2017 02:33:32 +0000 (19:33 -0700)]
Merge tag 'led_fixes-4.14-rc3' of git://git./linux/kernel/git/j.anaszewski/linux-leds
Pull LED fixes from Jacek Anaszewski:
"Four fixes for the as3645a LED flash controller and one update to
MAINTAINERS"
* tag 'led_fixes-4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds:
MAINTAINERS: Add entry for MediaTek PMIC LED driver
as3645a: Unregister indicator LED on device unbind
as3645a: Use integer numbers for parsing LEDs
dt: bindings: as3645a: Use LED number to refer to LEDs
as3645a: Use ams,input-max-microamp as documented in DT bindings
Linus Torvalds [Fri, 29 Sep 2017 19:59:59 +0000 (12:59 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs
Pull waitid fix from Al Viro:
"Fix infoleak in waitid()"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fix infoleak in waitid(2)
Linus Torvalds [Fri, 29 Sep 2017 19:57:35 +0000 (12:57 -0700)]
Merge branch 'for-4.14-rc3' of git://git./linux/kernel/git/kdave/linux
Pull btrfs fixes from David Sterba:
"We've collected a bunch of isolated fixes, for crashes, user-visible
behaviour or missing bits from other subsystem cleanups from the past.
The overall number is not small but I was not able to make it
significantly smaller. Most of the patches are supposed to go to
stable"
* 'for-4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
btrfs: log csums for all modified extents
Btrfs: fix unexpected result when dio reading corrupted blocks
btrfs: Report error on removing qgroup if del_qgroup_item fails
Btrfs: skip checksum when reading compressed data if some IO have failed
Btrfs: fix kernel oops while reading compressed data
Btrfs: use btrfs_op instead of bio_op in __btrfs_map_block
Btrfs: do not backup tree roots when fsync
btrfs: remove BTRFS_FS_QUOTA_DISABLING flag
btrfs: propagate error to btrfs_cmp_data_prepare caller
btrfs: prevent to set invalid default subvolid
Btrfs: send: fix error number for unknown inode types
btrfs: fix NULL pointer dereference from free_reloc_roots()
btrfs: finish ordered extent cleaning if no progress is found
btrfs: clear ordered flag on cleaning up ordered extents
Btrfs: fix incorrect {node,sector}size endianness from BTRFS_IOC_FS_INFO
Btrfs: do not reset bio->bi_ops while writing bio
Btrfs: use the new helper wbc_to_write_flags
Linus Torvalds [Fri, 29 Sep 2017 19:55:33 +0000 (12:55 -0700)]
Merge tag 'md/4.14-rc3' of git://git./linux/kernel/git/shli/md
Pull MD fixes from Shaohua Li:
"A few fixes for MD. Mainly fix a problem introduced in 4.13, which we
retry bio for some code paths but not all in some situations"
* tag 'md/4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md:
md/raid5: cap worker count
dm-raid: fix a race condition in request handling
md: fix a race condition for flush request handling
md: separate request handling
Linus Torvalds [Fri, 29 Sep 2017 19:46:13 +0000 (12:46 -0700)]
Merge tag 'pci-v4.14-fixes-3' of git://git./linux/kernel/git/helgaas/pci
Pull PCI fixes from Bjorn Helgaas:
- fix CONFIG_PCI=n build error (introduced in v4.14-rc1) (Geert
Uytterhoeven)
- fix a race in sysfs driver_override store/show (Nicolai Stange)
* tag 'pci-v4.14-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: Fix race condition with driver_override
PCI: Add dummy pci_acs_enabled() for CONFIG_PCI=n build
Linus Torvalds [Fri, 29 Sep 2017 19:43:36 +0000 (12:43 -0700)]
Merge tag 'drm-fixes-for-v4.14-rc3' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Regular fixes pull, some amdkfd, amdgpu, etnaviv, sun4i, qxl, tegra
fixes.
I've got an outstanding pull for i915 but it wasn't on an rc2 base so
I wanted to ship these out first, I might get to it before rc3 or I
might not"
* tag 'drm-fixes-for-v4.14-rc3' of git://people.freedesktop.org/~airlied/linux:
drm/tegra: trace: Fix path to include
qxl: fix framebuffer unpinning
drm/sun4i: cec: Enable back CEC-pin framework
drm/amdkfd: Print event limit messages only once per process
drm/amdkfd: Fix kernel-queue wrapping bugs
drm/amdkfd: Fix incorrect destroy_mqd parameter
drm/radeon: disable hard reset in hibernate for APUs
drm/amdgpu: revert tile table update for oland
etnaviv: fix gem object list corruption
etnaviv: fix submit error path
qxl: fix primary surface handling
drm/amdkfd: check for null dev to avoid a null pointer dereference
Linus Torvalds [Fri, 29 Sep 2017 19:37:07 +0000 (12:37 -0700)]
Merge tag 'iommu-fixes-v4.14-rc2' of git://git./linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
- A comment fix for 'struct iommu_ops'
- Format string fixes for AMD IOMMU, unfortunatly I missed that during
review.
- Limit mediatek physical addresses to 32 bit for v7s to fix a warning
triggered in io-page-table code.
- Fix dma-sync in io-pgtable-arm-v7s code
* tag 'iommu-fixes-v4.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu: Fix comment for iommu_ops.map_sg
iommu/amd: pr_err() strings should end with newlines
iommu/mediatek: Limit the physical address in 32bit for v7s
iommu/io-pgtable-arm-v7s: Need dma-sync while there is no QUIRK_NO_DMA
Linus Torvalds [Fri, 29 Sep 2017 19:31:35 +0000 (12:31 -0700)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux
Pull arm64 fixes from Catalin Marinas:
- SPsel register initialisation on reset as the architecture defines
its state as unknown
- Use READ_ONCE when dereferencing pmd_t pointers to avoid race
conditions in page_vma_mapped_walk() (or fast GUP) with concurrent
modifications of the page table
- Avoid invoking the mm fault handling code for kernel addresses (check
against TASK_SIZE) which would otherwise result in calling
might_sleep() in atomic context
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: fault: Route pte translation faults via do_translation_fault
arm64: mm: Use READ_ONCE when dereferencing pointer to pte table
arm64: Make sure SPsel is always set
Linus Torvalds [Fri, 29 Sep 2017 19:24:28 +0000 (12:24 -0700)]
Merge tag 'for-linus-4.14c-rc3-tag' of git://git./linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
- avoid a warning when compiling with clang
- consider read-only bits in xen-pciback when writing to a BAR
- fix a boot crash of pv-domains
* tag 'for-linus-4.14c-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping
xen-pciback: relax BAR sizing write value check
x86/xen: clean up clang build warning
Linus Torvalds [Fri, 29 Sep 2017 19:18:55 +0000 (12:18 -0700)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
"Mixed bugfixes. Perhaps the most interesting one is a latent bug that
was finally triggered by PCID support"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm/x86: Handle async PF in RCU read-side critical sections
KVM: nVMX: Fix nested #PF intends to break L1's vmlauch/vmresume
KVM: VMX: use cmpxchg64
KVM: VMX: simplify and fix vmx_vcpu_pi_load
KVM: VMX: avoid double list add with VT-d posted interrupts
KVM: VMX: extract __pi_post_block
KVM: PPC: Book3S HV: Check for updated HDSISR on P9 HDSI exception
KVM: nVMX: fix HOST_CR3/HOST_CR4 cache
Al Viro [Fri, 29 Sep 2017 17:43:15 +0000 (13:43 -0400)]
fix infoleak in waitid(2)
kernel_waitid() can return a PID, an error or 0. rusage is filled in the first
case and waitid(2) rusage should've been copied out exactly in that case, *not*
whenever kernel_waitid() has not returned an error. Compat variant shares that
braino; none of kernel_wait4() callers do, so the below ought to fix it.
Reported-and-tested-by: Alexander Potapenko <glider@google.com>
Fixes: ce72a16fa705 ("wait4(2)/waitid(2): separate copying rusage to userland")
Cc: stable@vger.kernel.org # v4.13
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Andrey Ryabinin [Fri, 29 Sep 2017 14:15:36 +0000 (17:15 +0300)]
x86/asm: Use register variable to get stack pointer value
Currently we use current_stack_pointer() function to get the value
of the stack pointer register. Since commit:
f5caf621ee35 ("x86/asm: Fix inline asm call constraints for Clang")
... we have a stack register variable declared. It can be used instead of
current_stack_pointer() function which allows to optimize away some
excessive "mov %rsp, %<dst>" instructions:
-mov %rsp,%rdx
-sub %rdx,%rax
-cmp $0x3fff,%rax
-ja
ffffffff810722fd <ist_begin_non_atomic+0x2d>
+sub %rsp,%rax
+cmp $0x3fff,%rax
+ja
ffffffff810722fa <ist_begin_non_atomic+0x2a>
Remove current_stack_pointer(), rename __asm_call_sp to current_stack_pointer
and use it instead of the removed function.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20170929141537.29167-1-aryabinin@virtuozzo.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tom Lendacky [Fri, 29 Sep 2017 16:24:19 +0000 (11:24 -0500)]
x86/mm: Disable branch profiling in mem_encrypt.c
Some routines in mem_encrypt.c are called very early in the boot process,
e.g. sme_encrypt_kernel(). When CONFIG_TRACE_BRANCH_PROFILING=y is defined
the resulting branch profiling associated with the check to see if SME is
active results in a kernel crash. Disable branch profiling for
mem_encrypt.c by defining DISABLE_BRANCH_PROFILING before including any
header files.
Reported-by: kernel test robot <lkp@01.org>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20170929162419.6016.53390.stgit@tlendack-t1.amdoffice.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Ingo Molnar [Fri, 29 Sep 2017 17:31:46 +0000 (19:31 +0200)]
Merge tag 'perf-urgent-for-mingo-4.14-
20170928' of git://git./linux/kernel/git/acme/linux into perf/urgent
Pull perf/urgent fixes from Arnaldo Carvalho de Melo:
- Fix syscalltbl build failure (Akemi Yagi)
- Fix attr.exclude_kernel setting for default cycles:p, this time for
!root with kernel.perf_event_paranoid = -1 (Arnaldo Carvalho de Melo)
- Sync kernel ABI headers with tooling headers (Ingo Molnar)
- Remove misleading debug messages with --call-graph option (Mengting Zhang)
- Revert vmlinux symbol resolution patches for s390x (Thomas Richter)
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Linus Torvalds [Fri, 29 Sep 2017 17:26:35 +0000 (10:26 -0700)]
Merge branch 'fixes-v4.14-rc3' of git://git./linux/kernel/git/jmorris/linux-security
Pull keys fixes from James Morris:
"Notable here is a rewrite of big_key crypto by Jason Donenfeld to
address some issues in the original code.
From Jason's commit log:
"This started out as just replacing the use of crypto/rng with
get_random_bytes_wait, so that we wouldn't use bad randomness at
boot time. But, upon looking further, it appears that there were
even deeper underlying cryptographic problems, and that this seems
to have been committed with very little crypto review. So, I rewrote
the whole thing, trying to keep to the conventions introduced by the
previous author, to fix these cryptographic flaws."
There has been positive review of the new code by Eric Biggers and
Herbert Xu, and it passes basic testing via the keyutils test suite.
Eric also manually tested it.
Generally speaking, we likely need to improve the amount of crypto
review for kernel crypto users including keys (I'll post a note
separately to ksummit-discuss)"
* 'fixes-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
security/keys: rewrite all of big_key crypto
security/keys: properly zero out sensitive key material in big_key
KEYS: use kmemdup() in request_key_auth_new()
KEYS: restrict /proc/keys by credentials at open time
KEYS: reset parent each time before searching key_user_tree
KEYS: prevent KEYCTL_READ on negative key
KEYS: prevent creating a different user's keyrings
KEYS: fix writing past end of user-supplied buffer in keyring_read()
KEYS: fix key refcount leak in keyctl_read_key()
KEYS: fix key refcount leak in keyctl_assume_authority()
KEYS: don't revoke uninstantiated key in request_key_auth_new()
KEYS: fix cred refcount leak in request_key_auth_new()
Will Deacon [Fri, 29 Sep 2017 11:27:41 +0000 (12:27 +0100)]
arm64: fault: Route pte translation faults via do_translation_fault
We currently route pte translation faults via do_page_fault, which elides
the address check against TASK_SIZE before invoking the mm fault handling
code. However, this can cause issues with the path walking code in
conjunction with our word-at-a-time implementation because
load_unaligned_zeropad can end up faulting in kernel space if it reads
across a page boundary and runs into a page fault (e.g. by attempting to
read from a guard region).
In the case of such a fault, load_unaligned_zeropad has registered a
fixup to shift the valid data and pad with zeroes, however the abort is
reported as a level 3 translation fault and we dispatch it straight to
do_page_fault, despite it being a kernel address. This results in calling
a sleeping function from atomic context:
BUG: sleeping function called from invalid context at arch/arm64/mm/fault.c:313
in_atomic(): 0, irqs_disabled(): 0, pid: 10290
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[...]
[<
ffffff8e016cd0cc>] ___might_sleep+0x134/0x144
[<
ffffff8e016cd158>] __might_sleep+0x7c/0x8c
[<
ffffff8e016977f0>] do_page_fault+0x140/0x330
[<
ffffff8e01681328>] do_mem_abort+0x54/0xb0
Exception stack(0xfffffffb20247a70 to 0xfffffffb20247ba0)
[...]
[<
ffffff8e016844fc>] el1_da+0x18/0x78
[<
ffffff8e017f399c>] path_parentat+0x44/0x88
[<
ffffff8e017f4c9c>] filename_parentat+0x5c/0xd8
[<
ffffff8e017f5044>] filename_create+0x4c/0x128
[<
ffffff8e017f59e4>] SyS_mkdirat+0x50/0xc8
[<
ffffff8e01684e30>] el0_svc_naked+0x24/0x28
Code:
36380080 d5384100 f9400800 9402566d (
d4210000)
---[ end trace
2d01889f2bca9b9f ]---
Fix this by dispatching all translation faults to do_translation_faults,
which avoids invoking the page fault logic for faults on kernel addresses.
Cc: <stable@vger.kernel.org>
Reported-by: Ankit Jain <ankijain@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Will Deacon [Fri, 29 Sep 2017 10:29:55 +0000 (11:29 +0100)]
arm64: mm: Use READ_ONCE when dereferencing pointer to pte table
On kernels built with support for transparent huge pages, different CPUs
can access the PMD concurrently due to e.g. fast GUP or page_vma_mapped_walk
and they must take care to use READ_ONCE to avoid value tearing or caching
of stale values by the compiler. Unfortunately, these functions call into
our pgtable macros, which don't use READ_ONCE, and compiler caching has
been observed to cause the following crash during ext4 writeback:
PC is at check_pte+0x20/0x170
LR is at page_vma_mapped_walk+0x2e0/0x540
[...]
Process doio (pid: 2463, stack limit = 0xffff00000f2e8000)
Call trace:
[<
ffff000008233328>] check_pte+0x20/0x170
[<
ffff000008233758>] page_vma_mapped_walk+0x2e0/0x540
[<
ffff000008234adc>] page_mkclean_one+0xac/0x278
[<
ffff000008234d98>] rmap_walk_file+0xf0/0x238
[<
ffff000008236e74>] rmap_walk+0x64/0xa0
[<
ffff0000082370c8>] page_mkclean+0x90/0xa8
[<
ffff0000081f3c64>] clear_page_dirty_for_io+0x84/0x2a8
[<
ffff00000832f984>] mpage_submit_page+0x34/0x98
[<
ffff00000832fb4c>] mpage_process_page_bufs+0x164/0x170
[<
ffff00000832fc8c>] mpage_prepare_extent_to_map+0x134/0x2b8
[<
ffff00000833530c>] ext4_writepages+0x484/0xe30
[<
ffff0000081f6ab4>] do_writepages+0x44/0xe8
[<
ffff0000081e5bd4>] __filemap_fdatawrite_range+0xbc/0x110
[<
ffff0000081e5e68>] file_write_and_wait_range+0x48/0xd8
[<
ffff000008324310>] ext4_sync_file+0x80/0x4b8
[<
ffff0000082bd434>] vfs_fsync_range+0x64/0xc0
[<
ffff0000082332b4>] SyS_msync+0x194/0x1e8
This is because page_vma_mapped_walk loads the PMD twice before calling
pte_offset_map: the first time without READ_ONCE (where it gets all zeroes
due to a concurrent pmdp_invalidate) and the second time with READ_ONCE
(where it sees a valid table pointer due to a concurrent pmd_populate).
However, the compiler inlines everything and caches the first value in
a register, which is subsequently used in pte_offset_phys which returns
a junk pointer that is later dereferenced when attempting to access the
relevant pte.
This patch fixes the issue by using READ_ONCE in pte_offset_phys to ensure
that a stale value is not used. Whilst this is a point fix for a known
failure (and simple to backport), a full fix moving all of our page table
accessors over to {READ,WRITE}_ONCE and consistently using READ_ONCE in
page_vma_mapped_walk is in the works for a future kernel release.
Cc: Jon Masters <jcm@redhat.com>
Cc: Timur Tabi <timur@codeaurora.org>
Cc: <stable@vger.kernel.org>
Fixes: f27176cfc363 ("mm: convert page_mkclean_one() to use page_vma_mapped_walk()")
Tested-by: Richard Ruigrok <rruigrok@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Boqun Feng [Fri, 29 Sep 2017 11:01:45 +0000 (19:01 +0800)]
kvm/x86: Handle async PF in RCU read-side critical sections
Sasha Levin reported a WARNING:
| WARNING: CPU: 0 PID: 6974 at kernel/rcu/tree_plugin.h:329
| rcu_preempt_note_context_switch kernel/rcu/tree_plugin.h:329 [inline]
| WARNING: CPU: 0 PID: 6974 at kernel/rcu/tree_plugin.h:329
| rcu_note_context_switch+0x16c/0x2210 kernel/rcu/tree.c:458
...
| CPU: 0 PID: 6974 Comm: syz-fuzzer Not tainted 4.13.0-next-
20170908+ #246
| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
| 1.10.1-1ubuntu1 04/01/2014
| Call Trace:
...
| RIP: 0010:rcu_preempt_note_context_switch kernel/rcu/tree_plugin.h:329 [inline]
| RIP: 0010:rcu_note_context_switch+0x16c/0x2210 kernel/rcu/tree.c:458
| RSP: 0018:
ffff88003b2debc8 EFLAGS:
00010002
| RAX:
0000000000000001 RBX:
1ffff1000765bd85 RCX:
0000000000000000
| RDX:
1ffff100075d7882 RSI:
ffffffffb5c7da20 RDI:
ffff88003aebc410
| RBP:
ffff88003b2def30 R08:
dffffc0000000000 R09:
0000000000000001
| R10:
0000000000000000 R11:
0000000000000000 R12:
ffff88003b2def08
| R13:
0000000000000000 R14:
ffff88003aebc040 R15:
ffff88003aebc040
| __schedule+0x201/0x2240 kernel/sched/core.c:3292
| schedule+0x113/0x460 kernel/sched/core.c:3421
| kvm_async_pf_task_wait+0x43f/0x940 arch/x86/kernel/kvm.c:158
| do_async_page_fault+0x72/0x90 arch/x86/kernel/kvm.c:271
| async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1069
| RIP: 0010:format_decode+0x240/0x830 lib/vsprintf.c:1996
| RSP: 0018:
ffff88003b2df520 EFLAGS:
00010283
| RAX:
000000000000003f RBX:
ffffffffb5d1e141 RCX:
ffff88003b2df670
| RDX:
0000000000000001 RSI:
dffffc0000000000 RDI:
ffffffffb5d1e140
| RBP:
ffff88003b2df560 R08:
dffffc0000000000 R09:
0000000000000000
| R10:
ffff88003b2df718 R11:
0000000000000000 R12:
ffff88003b2df5d8
| R13:
0000000000000064 R14:
ffffffffb5d1e140 R15:
0000000000000000
| vsnprintf+0x173/0x1700 lib/vsprintf.c:2136
| sprintf+0xbe/0xf0 lib/vsprintf.c:2386
| proc_self_get_link+0xfb/0x1c0 fs/proc/self.c:23
| get_link fs/namei.c:1047 [inline]
| link_path_walk+0x1041/0x1490 fs/namei.c:2127
...
This happened when the host hit a page fault, and delivered it as in an
async page fault, while the guest was in an RCU read-side critical
section. The guest then tries to reschedule in kvm_async_pf_task_wait(),
but rcu_preempt_note_context_switch() would treat the reschedule as a
sleep in RCU read-side critical section, which is not allowed (even in
preemptible RCU). Thus the WARN.
To cure this, make kvm_async_pf_task_wait() go to the halt path if the
PF happens in a RCU read-side critical section.
Reported-by: Sasha Levin <levinsasha928@gmail.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Wanpeng Li [Fri, 29 Sep 2017 01:16:44 +0000 (18:16 -0700)]
KVM: nVMX: Fix nested #PF intends to break L1's vmlauch/vmresume
------------[ cut here ]------------
WARNING: CPU: 4 PID: 5280 at /home/kernel/linux/arch/x86/kvm//vmx.c:11394 nested_vmx_vmexit+0xc2b/0xd70 [kvm_intel]
CPU: 4 PID: 5280 Comm: qemu-system-x86 Tainted: G W OE 4.13.0+ #17
RIP: 0010:nested_vmx_vmexit+0xc2b/0xd70 [kvm_intel]
Call Trace:
? emulator_read_emulated+0x15/0x20 [kvm]
? segmented_read+0xae/0xf0 [kvm]
vmx_inject_page_fault_nested+0x60/0x70 [kvm_intel]
? vmx_inject_page_fault_nested+0x60/0x70 [kvm_intel]
x86_emulate_instruction+0x733/0x810 [kvm]
vmx_handle_exit+0x2f4/0xda0 [kvm_intel]
? kvm_arch_vcpu_ioctl_run+0xd2f/0x1c60 [kvm]
kvm_arch_vcpu_ioctl_run+0xdab/0x1c60 [kvm]
? kvm_arch_vcpu_load+0x62/0x230 [kvm]
kvm_vcpu_ioctl+0x340/0x700 [kvm]
? kvm_vcpu_ioctl+0x340/0x700 [kvm]
? __fget+0xfc/0x210
do_vfs_ioctl+0xa4/0x6a0
? __fget+0x11d/0x210
SyS_ioctl+0x79/0x90
entry_SYSCALL_64_fastpath+0x23/0xc2
A nested #PF is triggered during L0 emulating instruction for L2. However, it
doesn't consider we should not break L1's vmlauch/vmresme. This patch fixes
it by queuing the #PF exception instead ,requesting an immediate VM exit from
L2 and keeping the exception for L1 pending for a subsequent nested VM exit.
This should actually work all the time, making vmx_inject_page_fault_nested
totally unnecessary. However, that's not working yet, so this patch can work
around the issue in the meanwhile.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Ethan Zhao [Mon, 4 Sep 2017 05:59:34 +0000 (13:59 +0800)]
sched/sysctl: Check user input value of sysctl_sched_time_avg
System will hang if user set sysctl_sched_time_avg to 0:
[root@XXX ~]# sysctl kernel.sched_time_avg_ms=0
Stack traceback for pid 0
0xffff883f6406c600 0 0 1 3 R 0xffff883f6406cf50 *swapper/3
ffff883f7ccc3ae8 0000000000000018 ffffffff810c4dd0 0000000000000000
0000000000017800 ffff883f7ccc3d78 0000000000000003 ffff883f7ccc3bf8
ffffffff810c4fc9 ffff883f7ccc3c08 00000000810c5043 ffff883f7ccc3c08
Call Trace:
<IRQ> [<
ffffffff810c4dd0>] ? update_group_capacity+0x110/0x200
[<
ffffffff810c4fc9>] ? update_sd_lb_stats+0x109/0x600
[<
ffffffff810c5507>] ? find_busiest_group+0x47/0x530
[<
ffffffff810c5b84>] ? load_balance+0x194/0x900
[<
ffffffff810ad5ca>] ? update_rq_clock.part.83+0x1a/0xe0
[<
ffffffff810c6d42>] ? rebalance_domains+0x152/0x290
[<
ffffffff810c6f5c>] ? run_rebalance_domains+0xdc/0x1d0
[<
ffffffff8108a75b>] ? __do_softirq+0xfb/0x320
[<
ffffffff8108ac85>] ? irq_exit+0x125/0x130
[<
ffffffff810b3a17>] ? scheduler_ipi+0x97/0x160
[<
ffffffff81052709>] ? smp_reschedule_interrupt+0x29/0x30
[<
ffffffff8173a1be>] ? reschedule_interrupt+0x6e/0x80
<EOI> [<
ffffffff815bc83c>] ? cpuidle_enter_state+0xcc/0x230
[<
ffffffff815bc80c>] ? cpuidle_enter_state+0x9c/0x230
[<
ffffffff815bc9d7>] ? cpuidle_enter+0x17/0x20
[<
ffffffff810cd6dc>] ? cpu_startup_entry+0x38c/0x420
[<
ffffffff81053373>] ? start_secondary+0x173/0x1e0
Because divide-by-zero error happens in function:
update_group_capacity()
update_cpu_capacity()
scale_rt_capacity()
{
...
total = sched_avg_period() + delta;
used = div_u64(avg, total);
...
}
To fix this issue, check user input value of sysctl_sched_time_avg, keep
it unchanged when hitting invalid input, and set the minimum limit of
sysctl_sched_time_avg to 1 ms.
Reported-by: James Puthukattukaran <james.puthukattukaran@oracle.com>
Signed-off-by: Ethan Zhao <ethan.zhao@oracle.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: efault@gmx.de
Cc: ethan.kernel@gmail.com
Cc: keescook@chromium.org
Cc: mcgrof@kernel.org
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/1504504774-18253-1-git-send-email-ethan.zhao@oracle.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Josh Poimboeuf [Thu, 28 Sep 2017 21:58:26 +0000 (16:58 -0500)]
x86/asm: Fix inline asm call constraints for GCC 4.4
The kernel test bot (run by Xiaolong Ye) reported that the following commit:
f5caf621ee35 ("x86/asm: Fix inline asm call constraints for Clang")
is causing double faults in a kernel compiled with GCC 4.4.
Linus subsequently diagnosed the crash pattern and the buggy commit and found that
the issue is with this code:
register unsigned int __asm_call_sp asm("esp");
#define ASM_CALL_CONSTRAINT "+r" (__asm_call_sp)
Even on a 64-bit kernel, it's using ESP instead of RSP. That causes GCC
to produce the following bogus code:
ffffffff8147461d: 89 e0 mov %esp,%eax
ffffffff8147461f: 4c 89 f7 mov %r14,%rdi
ffffffff81474622: 4c 89 fe mov %r15,%rsi
ffffffff81474625: ba 20 00 00 00 mov $0x20,%edx
ffffffff8147462a: 89 c4 mov %eax,%esp
ffffffff8147462c: e8 bf 52 05 00 callq
ffffffff814c98f0 <copy_user_generic_unrolled>
Despite the absurdity of it backing up and restoring the stack pointer
for no reason, the bug is actually the fact that it's only backing up
and restoring the lower 32 bits of the stack pointer. The upper 32 bits
are getting cleared out, corrupting the stack pointer.
So change the '__asm_call_sp' register variable to be associated with
the actual full-size stack pointer.
This also requires changing the __ASM_SEL() macro to be based on the
actual compiled arch size, rather than the CONFIG value, because
CONFIG_X86_64 compiles some files with '-m32' (e.g., realmode and vdso).
Otherwise Clang fails to build the kernel because it complains about the
use of a 64-bit register (RSP) in a 32-bit file.
Reported-and-Bisected-and-Tested-by: kernel test robot <xiaolong.ye@intel.com>
Diagnosed-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Dmitriy Vyukov <dvyukov@google.com>
Cc: LKP <lkp@01.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matthias Kaehlcke <mka@chromium.org>
Cc: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: f5caf621ee35 ("x86/asm: Fix inline asm call constraints for Clang")
Link: http://lkml.kernel.org/r/20170928215826.6sdpmwtkiydiytim@treble
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Peter Zijlstra [Fri, 22 Sep 2017 16:37:28 +0000 (18:37 +0200)]
sched/debug: Add explicit TASK_PARKED printing
Currently TASK_PARKED is masqueraded as TASK_INTERRUPTIBLE, give it
its own print state because it will not in fact get woken by regular
wakeups and is a long-term state.
This requires moving TASK_PARKED into the TASK_REPORT mask, and since
that latter needs to be a contiguous bitmask, we need to shuffle the
bits around a bit.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Peter Zijlstra [Fri, 22 Sep 2017 16:32:41 +0000 (18:32 +0200)]
sched/debug: Ignore TASK_IDLE for SysRq-W
Markus reported that tasks in TASK_IDLE state are reported by SysRq-W,
which results in undesirable clutter.
Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Peter Zijlstra [Fri, 22 Sep 2017 16:30:40 +0000 (18:30 +0200)]
sched/debug: Add explicit TASK_IDLE printing
Markus reported that kthreads that idle using TASK_IDLE instead of
TASK_INTERRUPTIBLE are reported in as TASK_UNINTERRUPTIBLE and things
like htop mark those red.
This is undesirable, so add an explicit state for TASK_IDLE.
Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Peter Zijlstra [Fri, 22 Sep 2017 16:23:31 +0000 (18:23 +0200)]
sched/tracing: Use common task-state helpers
Remove yet another task-state char instance.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Prateek Sood [Thu, 7 Sep 2017 14:30:58 +0000 (20:00 +0530)]
locking/rwsem-xadd: Fix missed wakeup due to reordering of load
If a spinner is present, there is a chance that the load of
rwsem_has_spinner() in rwsem_wake() can be reordered with
respect to decrement of rwsem count in __up_write() leading
to wakeup being missed:
spinning writer up_write caller
--------------- -----------------------
[S] osq_unlock() [L] osq
spin_lock(wait_lock)
sem->count=0xFFFFFFFF00000001
+0xFFFFFFFF00000000
count=sem->count
MB
sem->count=0xFFFFFFFE00000001
-0xFFFFFFFF00000001
spin_trylock(wait_lock)
return
rwsem_try_write_lock(count)
spin_unlock(wait_lock)
schedule()
Reordering of atomic_long_sub_return_release() in __up_write()
and rwsem_has_spinner() in rwsem_wake() can cause missing of
wakeup in up_write() context. In spinning writer, sem->count
and local variable count is 0XFFFFFFFE00000001. It would result
in rwsem_try_write_lock() failing to acquire rwsem and spinning
writer going to sleep in rwsem_down_write_failed().
The smp_rmb() will make sure that the spinner state is
consulted after sem->count is updated in up_write context.
Signed-off-by: Prateek Sood <prsood@codeaurora.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dave@stgolabs.net
Cc: longman@redhat.com
Cc: parri.andrea@gmail.com
Cc: sramana@codeaurora.org
Link: http://lkml.kernel.org/r/1504794658-15397-1-git-send-email-prsood@codeaurora.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Peter Zijlstra [Fri, 22 Sep 2017 16:19:53 +0000 (18:19 +0200)]
sched/tracing: Fix trace_sched_switch task-state printing
Convert trace_sched_switch to use the common task-state helpers and
fix the "X" and "Z" order, possibly they ended up in the wrong order
because TASK_REPORT has them in the wrong order too.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Peter Zijlstra [Fri, 22 Sep 2017 16:14:08 +0000 (18:14 +0200)]
sched/debug: Remove unused variable
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Peter Zijlstra [Fri, 22 Sep 2017 16:13:36 +0000 (18:13 +0200)]
sched/debug: Convert TASK_state to hex
Bit patterns are easier in hex.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Peter Zijlstra [Fri, 22 Sep 2017 16:09:26 +0000 (18:09 +0200)]
sched/debug: Implement consistent task-state printing
Currently get_task_state() and task_state_to_char() report different
states, create a number of common helpers and unify the reported state
space.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Thomas Gleixner [Fri, 29 Sep 2017 08:07:44 +0000 (10:07 +0200)]
um/time: Fixup namespace collision
The new timer_setup() function for struct timer_list collides with a
private um function. Rename it.
Fixes: 686fef928bba ("timer: Prepare to change timer callback argument type")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Richard Weinberger <richard@nod.at>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: user-mode-linux-devel@lists.sourceforge.net
Cc: Kees Cook <keescook@chromium.org>
Alexander Shishkin [Wed, 6 Sep 2017 16:08:11 +0000 (19:08 +0300)]
perf/aux: Only update ->aux_wakeup in non-overwrite mode
The following commit:
d9a50b0256 ("perf/aux: Ensure aux_wakeup represents most recent wakeup index")
changed the AUX wakeup position calculation to rounddown(), which causes
a division-by-zero in AUX overwrite mode (aka "snapshot mode").
The zero denominator results from the fact that perf record doesn't set
aux_watermark to anything, in which case the kernel will set it to half
the AUX buffer size, but only for non-overwrite mode. In the overwrite
mode aux_watermark stays zero.
The good news is that, AUX overwrite mode, wakeups don't happen and
related bookkeeping is not relevant, so we can simply forego the whole
wakeup updates.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: will.deacon@arm.com
Link: http://lkml.kernel.org/r/20170906160811.16510-1-alexander.shishkin@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Dave Airlie [Fri, 29 Sep 2017 07:11:04 +0000 (17:11 +1000)]
Merge tag 'drm-misc-fixes-2017-09-28-1' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes
Driver Changes:
- qxl: fix primary surface and fb unpinning (Gerd)
- sun41: fix CEC_PIN config gate now that media has been merged (Hans)
- tegra: fix TRACE_INCLUDE_PATH (Thierry)
Cc: Thierry Reding <treding@nvidia.com>
Cc: Hans Verkuil <hverkuil@xs4all.nl>
Cc: Gerd Hoffmann <kraxel@redhat.com>
* tag 'drm-misc-fixes-2017-09-28-1' of git://anongit.freedesktop.org/git/drm-misc:
drm/tegra: trace: Fix path to include
qxl: fix framebuffer unpinning
drm/sun4i: cec: Enable back CEC-pin framework
qxl: fix primary surface handling