Vignesh Raghavendra [Thu, 19 Mar 2020 11:03:39 +0000 (16:33 +0530)]
 
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
Terminate and flush DMA internal buffers, before pushing RX data to
higher layer. Otherwise, this will lead to data corruption, as driver
would end up pushing stale buffer data to higher layer while actual data
is still stuck inside DMA hardware and has yet not arrived at the
memory.
While at that, replace deprecated dmaengine_terminate_all() with
dmaengine_terminate_async().
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20200319110344.21348-2-vigneshr@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Ujfalusi [Fri, 20 Mar 2020 12:52:00 +0000 (14:52 +0200)]
 
serial: 8250_omap: Fix sleeping function called from invalid context during probe
When booting j721e the following bug is printed:
[    1.154821] BUG: sleeping function called from invalid context at kernel/sched/completion.c:99
[    1.154827] in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 12, name: kworker/0:1
[    1.154832] 3 locks held by kworker/0:1/12:
[    1.154836]  #0: 
ffff000840030728 ((wq_completion)events){+.+.}, at: process_one_work+0x1d4/0x6e8
[    1.154852]  #1: 
ffff80001214fdd8 (deferred_probe_work){+.+.}, at: process_one_work+0x1d4/0x6e8
[    1.154860]  #2: 
ffff00084060b170 (&dev->mutex){....}, at: __device_attach+0x38/0x138
[    1.154872] irq event stamp: 63096
[    1.154881] hardirqs last  enabled at (63095): [<
ffff800010b74318>] _raw_spin_unlock_irqrestore+0x70/0x78
[    1.154887] hardirqs last disabled at (63096): [<
ffff800010b740d8>] _raw_spin_lock_irqsave+0x28/0x80
[    1.154893] softirqs last  enabled at (62254): [<
ffff800010080c88>] _stext+0x488/0x564
[    1.154899] softirqs last disabled at (62247): [<
ffff8000100fdb3c>] irq_exit+0x114/0x140
[    1.154906] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 
5.6.0-rc6-next-20200318-00094-g45e4089b0bd3 #221
[    1.154911] Hardware name: Texas Instruments K3 J721E SoC (DT)
[    1.154917] Workqueue: events deferred_probe_work_func
[    1.154923] Call trace:
[    1.154928]  dump_backtrace+0x0/0x190
[    1.154933]  show_stack+0x14/0x20
[    1.154940]  dump_stack+0xe0/0x148
[    1.154946]  ___might_sleep+0x150/0x1f0
[    1.154952]  __might_sleep+0x4c/0x80
[    1.154957]  wait_for_completion_timeout+0x40/0x140
[    1.154964]  ti_sci_set_device_state+0xa0/0x158
[    1.154969]  ti_sci_cmd_get_device_exclusive+0x14/0x20
[    1.154977]  ti_sci_dev_start+0x34/0x50
[    1.154984]  genpd_runtime_resume+0x78/0x1f8
[    1.154991]  __rpm_callback+0x3c/0x140
[    1.154996]  rpm_callback+0x20/0x80
[    1.155001]  rpm_resume+0x568/0x758
[    1.155007]  __pm_runtime_resume+0x44/0xb0
[    1.155013]  omap8250_probe+0x2b4/0x508
[    1.155019]  platform_drv_probe+0x50/0xa0
[    1.155023]  really_probe+0xd4/0x318
[    1.155028]  driver_probe_device+0x54/0xe8
[    1.155033]  __device_attach_driver+0x80/0xb8
[    1.155039]  bus_for_each_drv+0x74/0xc0
[    1.155044]  __device_attach+0xdc/0x138
[    1.155049]  device_initial_probe+0x10/0x18
[    1.155053]  bus_probe_device+0x98/0xa0
[    1.155058]  deferred_probe_work_func+0x74/0xb0
[    1.155063]  process_one_work+0x280/0x6e8
[    1.155068]  worker_thread+0x48/0x430
[    1.155073]  kthread+0x108/0x138
[    1.155079]  ret_from_fork+0x10/0x18
To fix the bug we need to first call pm_runtime_enable() prior to any
pm_runtime calls.
Reported-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20200320125200.6772-1-peter.ujfalusi@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Vignesh Raghavendra [Thu, 19 Mar 2020 10:32:30 +0000 (16:02 +0530)]
 
serial: 8250: 8250_omap: Fix throttle to call stop_rx()
Call stop_rx() to halt reception when throttle is requested. Update
unthrottle callback to restart reception.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20200319103230.16867-3-vigneshr@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Vignesh Raghavendra [Thu, 19 Mar 2020 10:32:29 +0000 (16:02 +0530)]
 
serial: 8250_port: Don't service RX FIFO if throttled
When port's throttle callback is called, it should stop pushing any more
data into TTY buffer to avoid buffer overflow. This means driver has to
stop HW from receiving more data and assert the HW flow control. For
UARTs with auto HW flow control (such as 8250_omap) manual assertion of
flow control line is not possible and only way is to allow RX FIFO to
fill up, thus trigger auto HW flow control logic.
Therefore make sure that 8250 generic IRQ handler does not drain data
when port is stopped (i.e UART_LSR_DR is unset in read_status_mask). Not
servicing, RX FIFO would trigger auto HW flow control when FIFO
occupancy reaches preset threshold, thus halting RX.
Since, error conditions in UART_LSR register are cleared just by reading
the register, data has to be drained in case there are FIFO errors, else
error information will lost.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20200319103230.16867-2-vigneshr@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Raviteja Narayanam [Thu, 19 Mar 2020 09:44:51 +0000 (15:14 +0530)]
 
serial: uartps: Add TACTIVE check in cdns_uart_tx_empty function
Make sure that all bytes are transmitted out of Uart by monitoring
CDNS_UART_SR_TACTIVE bit as well.
Signed-off-by: Raviteja Narayanam <raviteja.narayanam@xilinx.com>
Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
Acked-by: Maarten Brock <m.brock@vanmierlo.com>
Link: https://lore.kernel.org/r/e2514818af5973be291cc117d07739f068b71639.1584610774.git.shubhrajyoti.datta@xilinx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Raviteja Narayanam [Thu, 19 Mar 2020 09:44:50 +0000 (15:14 +0530)]
 
serial: uartps: Remove unconditional wait inside set_termios
set_termios function should not wait for the transmit FIFO empty
(CDNS_UART_SR_TXEMPTY) unconditionally. The tty layer takes care
of it based on the parameter passed (TCSANOW/TCSADRAIN/TCSAFLUSH).
Signed-off-by: Raviteja Narayanam <raviteja.narayanam@xilinx.com>
Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
Link: https://lore.kernel.org/r/536e190dd5bbb474007a67e6323c048288942a28.1584610774.git.shubhrajyoti.datta@xilinx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Mon, 23 Mar 2020 07:02:55 +0000 (08:02 +0100)]
 
Merge 5.6-rc7 into tty-next
We need the tty fixes in here as well.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linus Torvalds [Mon, 23 Mar 2020 01:31:56 +0000 (18:31 -0700)]
 
Linux 5.6-rc7
Linus Torvalds [Sun, 22 Mar 2020 18:35:33 +0000 (11:35 -0700)]
 
Merge tag 'for-5.6-rc6-tag' of git://git./linux/kernel/git/kdave/linux
Pull btrfs fixes from David Sterba:
 "Two fixes.
  The first is a regression: when dropping some incompat bits the
  conditions were reversed. The other is a fix for rename whiteout
  potentially leaving stack memory linked to a list"
* tag 'for-5.6-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: fix removal of raid[56|1c34} incompat flags after removing block group
  btrfs: fix log context list corruption after rename whiteout error
Linus Torvalds [Sun, 22 Mar 2020 17:46:50 +0000 (10:46 -0700)]
 
Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
 "10 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  x86/mm: split vmalloc_sync_all()
  mm, slub: prevent kmalloc_node crashes and memory leaks
  mm/mmu_notifier: silence PROVE_RCU_LIST warnings
  epoll: fix possible lost wakeup on epoll_ctl() path
  mm: do not allow MADV_PAGEOUT for CoW pages
  mm, memcg: throttle allocators based on ancestral memory.high
  mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
  page-flags: fix a crash at SetPageError(THP_SWAP)
  mm/hotplug: fix hot remove failure in SPARSEMEM|!VMEMMAP case
  memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
Joerg Roedel [Sun, 22 Mar 2020 01:22:41 +0000 (18:22 -0700)]
 
x86/mm: split vmalloc_sync_all()
Commit 
3f8fd02b1bf1 ("mm/vmalloc: Sync unmappings in
__purge_vmap_area_lazy()") introduced a call to vmalloc_sync_all() in
the vunmap() code-path.  While this change was necessary to maintain
correctness on x86-32-pae kernels, it also adds additional cycles for
architectures that don't need it.
Specifically on x86-64 with CONFIG_VMAP_STACK=y some people reported
severe performance regressions in micro-benchmarks because it now also
calls the x86-64 implementation of vmalloc_sync_all() on vunmap().  But
the vmalloc_sync_all() implementation on x86-64 is only needed for newly
created mappings.
To avoid the unnecessary work on x86-64 and to gain the performance
back, split up vmalloc_sync_all() into two functions:
	* vmalloc_sync_mappings(), and
	* vmalloc_sync_unmappings()
Most call-sites to vmalloc_sync_all() only care about new mappings being
synchronized.  The only exception is the new call-site added in the
above mentioned commit.
Shile Zhang directed us to a report of an 80% regression in reaim
throughput.
Fixes: 3f8fd02b1bf1 ("mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()")
Reported-by: kernel test robot <oliver.sang@intel.com>
Reported-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Tested-by: Borislav Petkov <bp@suse.de>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>	[GHES]
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20191009124418.8286-1-joro@8bytes.org
Link: https://lists.01.org/hyperkitty/list/lkp@lists.01.org/thread/4D3JPPHBNOSPFK2KEPC6KGKS6J25AIDB/
Link: http://lkml.kernel.org/r/20191113095530.228959-1-shile.zhang@linux.alibaba.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Vlastimil Babka [Sun, 22 Mar 2020 01:22:37 +0000 (18:22 -0700)]
 
mm, slub: prevent kmalloc_node crashes and memory leaks
Sachin reports [1] a crash in SLUB __slab_alloc():
  BUG: Kernel NULL pointer dereference on read at 0x000073b0
  Faulting instruction address: 0xc0000000003d55f4
  Oops: Kernel access of bad area, sig: 11 [#1]
  LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
  Modules linked in:
  CPU: 19 PID: 1 Comm: systemd Not tainted 5.6.0-rc2-next-
20200218-autotest #1
  NIP:  
c0000000003d55f4 LR: 
c0000000003d5b94 CTR: 
0000000000000000
  REGS: 
c0000008b37836d0 TRAP: 0300   Not tainted  (5.6.0-rc2-next-
20200218-autotest)
  MSR:  
8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 
24004844  XER: 
00000000
  CFAR: 
c00000000000dec4 DAR: 
00000000000073b0 DSISR: 
40000000 IRQMASK: 1
  GPR00: 
c0000000003d5b94 c0000008b3783960 c00000000155d400 c0000008b301f500
  GPR04: 
0000000000000dc0 0000000000000002 c0000000003443d8 c0000008bb398620
  GPR08: 
00000008ba2f0000 0000000000000001 0000000000000000 0000000000000000
  GPR12: 
0000000024004844 c00000001ec52a00 0000000000000000 0000000000000000
  GPR16: 
c0000008a1b20048 c000000001595898 c000000001750c18 0000000000000002
  GPR20: 
c000000001750c28 c000000001624470 0000000fffffffe0 5deadbeef0000122
  GPR24: 
0000000000000001 0000000000000dc0 0000000000000002 c0000000003443d8
  GPR28: 
c0000008b301f500 c0000008bb398620 0000000000000000 c00c000002287180
  NIP ___slab_alloc+0x1f4/0x760
  LR __slab_alloc+0x34/0x60
  Call Trace:
    ___slab_alloc+0x334/0x760 (unreliable)
    __slab_alloc+0x34/0x60
    __kmalloc_node+0x110/0x490
    kvmalloc_node+0x58/0x110
    mem_cgroup_css_online+0x108/0x270
    online_css+0x48/0xd0
    cgroup_apply_control_enable+0x2ec/0x4d0
    cgroup_mkdir+0x228/0x5f0
    kernfs_iop_mkdir+0x90/0xf0
    vfs_mkdir+0x110/0x230
    do_mkdirat+0xb0/0x1a0
    system_call+0x5c/0x68
This is a PowerPC platform with following NUMA topology:
  available: 2 nodes (0-1)
  node 0 cpus:
  node 0 size: 0 MB
  node 0 free: 0 MB
  node 1 cpus: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
  node 1 size: 35247 MB
  node 1 free: 30907 MB
  node distances:
  node   0   1
    0:  10  40
    1:  40  10
  possible numa nodes: 0-31
This only happens with a mmotm patch "mm/memcontrol.c: allocate
shrinker_map on appropriate NUMA node" [2] which effectively calls
kmalloc_node for each possible node.  SLUB however only allocates
kmem_cache_node on online N_NORMAL_MEMORY nodes, and relies on
node_to_mem_node to return such valid node for other nodes since commit
a561ce00b09e ("slub: fall back to node_to_mem_node() node if allocating
on memoryless node").  This is however not true in this configuration
where the _node_numa_mem_ array is not initialized for nodes 0 and 2-31,
thus it contains zeroes and get_partial() ends up accessing
non-allocated kmem_cache_node.
A related issue was reported by Bharata (originally by Ramachandran) [3]
where a similar PowerPC configuration, but with mainline kernel without
patch [2] ends up allocating large amounts of pages by kmalloc-1k
kmalloc-512.  This seems to have the same underlying issue with
node_to_mem_node() not behaving as expected, and might probably also
lead to an infinite loop with CONFIG_SLUB_CPU_PARTIAL [4].
This patch should fix both issues by not relying on node_to_mem_node()
anymore and instead simply falling back to NUMA_NO_NODE, when
kmalloc_node(node) is attempted for a node that's not online, or has no
usable memory.  The "usable memory" condition is also changed from
node_present_pages() to N_NORMAL_MEMORY node state, as that is exactly
the condition that SLUB uses to allocate kmem_cache_node structures.
The check in get_partial() is removed completely, as the checks in
___slab_alloc() are now sufficient to prevent get_partial() being
reached with an invalid node.
[1] https://lore.kernel.org/linux-next/
3381CD91-AB3D-4773-BA04-
E7A072A63968@linux.vnet.ibm.com/
[2] https://lore.kernel.org/linux-mm/
fff0e636-4c36-ed10-281c-
8cdb0687c839@virtuozzo.com/
[3] https://lore.kernel.org/linux-mm/
20200317092624.GB22538@in.ibm.com/
[4] https://lore.kernel.org/linux-mm/
088b5996-faae-8a56-ef9c-
5b567125ae54@suse.cz/
Fixes: a561ce00b09e ("slub: fall back to node_to_mem_node() node if allocating on memoryless node")
Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Reported-by: PUVICHAKRAVARTHY RAMACHANDRAN <puvichakravarthy@in.ibm.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Tested-by: Bharata B Rao <bharata@linux.ibm.com>
Reviewed-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Christopher Lameter <cl@linux.com>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Nathan Lynch <nathanl@linux.ibm.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200320115533.9604-1-vbabka@suse.cz
Debugged-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Qian Cai [Sun, 22 Mar 2020 01:22:34 +0000 (18:22 -0700)]
 
mm/mmu_notifier: silence PROVE_RCU_LIST warnings
It is safe to traverse mm->notifier_subscriptions->list either under
SRCU read lock or mm->notifier_subscriptions->lock using
hlist_for_each_entry_rcu().  Silence the PROVE_RCU_LIST false positives,
for example,
  WARNING: suspicious RCU usage
  -----------------------------
  mm/mmu_notifier.c:484 RCU-list traversed in non-reader section!!
  other info that might help us debug this:
  rcu_scheduler_active = 2, debug_locks = 1
  3 locks held by libvirtd/802:
   #0: 
ffff9321e3f58148 (&mm->mmap_sem#2){++++}, at: do_mprotect_pkey+0xe1/0x3e0
   #1: 
ffffffff91ae6160 (mmu_notifier_invalidate_range_start){+.+.}, at: change_p4d_range+0x5fa/0x800
   #2: 
ffffffff91ae6e08 (srcu){....}, at: __mmu_notifier_invalidate_range_start+0x178/0x460
  stack backtrace:
  CPU: 7 PID: 802 Comm: libvirtd Tainted: G          I       5.6.0-rc6-next-
20200317+ #2
  Hardware name: HP ProLiant BL460c Gen8, BIOS I31 11/02/2014
  Call Trace:
    dump_stack+0xa4/0xfe
    lockdep_rcu_suspicious+0xeb/0xf5
    __mmu_notifier_invalidate_range_start+0x3ff/0x460
    change_p4d_range+0x746/0x800
    change_protection+0x1df/0x300
    mprotect_fixup+0x245/0x3e0
    do_mprotect_pkey+0x23b/0x3e0
    __x64_sys_mprotect+0x51/0x70
    do_syscall_64+0x91/0xae8
    entry_SYSCALL_64_after_hwframe+0x49/0xb3
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Paul E. McKenney <paulmck@kernel.org>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Link: http://lkml.kernel.org/r/20200317175640.2047-1-cai@lca.pw
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Roman Penyaev [Sun, 22 Mar 2020 01:22:30 +0000 (18:22 -0700)]
 
epoll: fix possible lost wakeup on epoll_ctl() path
This fixes possible lost wakeup introduced by commit 
a218cc491420.
Originally modifications to ep->wq were serialized by ep->wq.lock, but
in commit 
a218cc491420 ("epoll: use rwlock in order to reduce
ep_poll_callback() contention") a new rw lock was introduced in order to
relax fd event path, i.e. callers of ep_poll_callback() function.
After the change ep_modify and ep_insert (both are called on epoll_ctl()
path) were switched to ep->lock, but ep_poll (epoll_wait) was using
ep->wq.lock on wqueue list modification.
The bug doesn't lead to any wqueue list corruptions, because wake up
path and list modifications were serialized by ep->wq.lock internally,
but actual waitqueue_active() check prior wake_up() call can be
reordered with modifications of ep ready list, thus wake up can be lost.
And yes, can be healed by explicit smp_mb():
  list_add_tail(&epi->rdlink, &ep->rdllist);
  smp_mb();
  if (waitqueue_active(&ep->wq))
	wake_up(&ep->wp);
But let's make it simple, thus current patch replaces ep->wq.lock with
the ep->lock for wqueue modifications, thus wake up path always observes
activeness of the wqueue correcty.
Fixes: a218cc491420 ("epoll: use rwlock in order to reduce ep_poll_callback() contention")
Reported-by: Max Neunhoeffer <max@arangodb.com>
Signed-off-by: Roman Penyaev <rpenyaev@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Tested-by: Max Neunhoeffer <max@arangodb.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Christopher Kohlhoff <chris.kohlhoff@clearpool.io>
Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: Jason Baron <jbaron@akamai.com>
Cc: Jes Sorensen <jes.sorensen@gmail.com>
Cc: <stable@vger.kernel.org>	[5.1+]
Link: http://lkml.kernel.org/r/20200214170211.561524-1-rpenyaev@suse.de
References: https://bugzilla.kernel.org/show_bug.cgi?id=205933
Bisected-by: Max Neunhoeffer <max@arangodb.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michal Hocko [Sun, 22 Mar 2020 01:22:26 +0000 (18:22 -0700)]
 
mm: do not allow MADV_PAGEOUT for CoW pages
Jann has brought up a very interesting point [1].  While shared pages
are excluded from MADV_PAGEOUT normally, CoW pages can be easily
reclaimed that way.  This can lead to all sorts of hard to debug
problems.  E.g.  performance problems outlined by Daniel [2].
There are runtime environments where there is a substantial memory
shared among security domains via CoW memory and a easy to reclaim way
of that memory, which MADV_{COLD,PAGEOUT} offers, can lead to either
performance degradation in for the parent process which might be more
privileged or even open side channel attacks.
The feasibility of the latter is not really clear to me TBH but there is
no real reason for exposure at this stage.  It seems there is no real
use case to depend on reclaiming CoW memory via madvise at this stage so
it is much easier to simply disallow it and this is what this patch
does.  Put it simply MADV_{PAGEOUT,COLD} can operate only on the
exclusively owned memory which is a straightforward semantic.
[1] http://lkml.kernel.org/r/CAG48ez0G3JkMq61gUmyQAaCq=_TwHbi1XKzWRooxZkv08PQKuw@mail.gmail.com
[2] http://lkml.kernel.org/r/CAKOZueua_v8jHCpmEtTB6f3i9e2YnmX4mqdYVWhV4E=Z-n+zRQ@mail.gmail.com
Fixes: 9c276cc65a58 ("mm: introduce MADV_COLD")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Daniel Colascione <dancol@google.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: "Joel Fernandes (Google)" <joel@joelfernandes.org>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200312082248.GS23944@dhcp22.suse.cz
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Chris Down [Sun, 22 Mar 2020 01:22:23 +0000 (18:22 -0700)]
 
mm, memcg: throttle allocators based on ancestral memory.high
Prior to this commit, we only directly check the affected cgroup's
memory.high against its usage.  However, it's possible that we are being
reclaimed as a result of hitting an ancestor memory.high and should be
penalised based on that, instead.
This patch changes memory.high overage throttling to use the largest
overage in its ancestors when considering how many penalty jiffies to
charge.  This makes sure that we penalise poorly behaving cgroups in the
same way regardless of at what level of the hierarchy memory.high was
breached.
Fixes: 0e4b01df8659 ("mm, memcg: throttle allocators when failing reclaim over memory.high")
Reported-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Chris Down <chris@chrisdown.name>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Roman Gushchin <guro@fb.com>
Cc: <stable@vger.kernel.org>	[5.4.x+]
Link: http://lkml.kernel.org/r/8cd132f84bd7e16cdb8fde3378cdbf05ba00d387.1584036142.git.chris@chrisdown.name
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Chris Down [Sun, 22 Mar 2020 01:22:20 +0000 (18:22 -0700)]
 
mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
Commit 
0e4b01df8659 had a bunch of fixups to use the right division
method.  However, it seems that after all that it still wasn't right --
div_u64 takes a 32-bit divisor.
The headroom is still large (2^32 pages), so on mundane systems you
won't hit this, but this should definitely be fixed.
Fixes: 0e4b01df8659 ("mm, memcg: throttle allocators when failing reclaim over memory.high")
Reported-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Chris Down <chris@chrisdown.name>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Roman Gushchin <guro@fb.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: <stable@vger.kernel.org>	[5.4.x+]
Link: http://lkml.kernel.org/r/80780887060514967d414b3cd91f9a316a16ab98.1584036142.git.chris@chrisdown.name
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Qian Cai [Sun, 22 Mar 2020 01:22:17 +0000 (18:22 -0700)]
 
page-flags: fix a crash at SetPageError(THP_SWAP)
Commit 
bd4c82c22c36 ("mm, THP, swap: delay splitting THP after swapped
out") supported writing THP to a swap device but forgot to upgrade an
older commit 
df8c94d13c7e ("page-flags: define behavior of FS/IO-related
flags on compound pages") which could trigger a crash during THP
swapping out with DEBUG_VM_PGFLAGS=y,
  kernel BUG at include/linux/page-flags.h:317!
  page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page))
  page:
fffff3b2ec3a8000 refcount:512 mapcount:0 mapping:
000000009eb0338c index:0x7f6e58200 head:
fffff3b2ec3a8000 order:9 compound_mapcount:0 compound_pincount:0
  anon flags: 0x45fffe0000d8454(uptodate|lru|workingset|owner_priv_1|writeback|head|reclaim|swapbacked)
  end_swap_bio_write()
    SetPageError(page)
      VM_BUG_ON_PAGE(1 && PageCompound(page))
  <IRQ>
  bio_endio+0x297/0x560
  dec_pending+0x218/0x430 [dm_mod]
  clone_endio+0xe4/0x2c0 [dm_mod]
  bio_endio+0x297/0x560
  blk_update_request+0x201/0x920
  scsi_end_request+0x6b/0x4b0
  scsi_io_completion+0x509/0x7e0
  scsi_finish_command+0x1ed/0x2a0
  scsi_softirq_done+0x1c9/0x1d0
  __blk_mqnterrupt+0xf/0x20
  </IRQ>
Fix by checking PF_NO_TAIL in those places instead.
Fixes: bd4c82c22c36 ("mm, THP, swap: delay splitting THP after swapped out")
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: "Huang, Ying" <ying.huang@intel.com>
Acked-by: Rafael Aquini <aquini@redhat.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200310235846.1319-1-cai@lca.pw
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Baoquan He [Sun, 22 Mar 2020 01:22:13 +0000 (18:22 -0700)]
 
mm/hotplug: fix hot remove failure in SPARSEMEM|!VMEMMAP case
In section_deactivate(), pfn_to_page() doesn't work any more after
ms->section_mem_map is resetting to NULL in SPARSEMEM|!VMEMMAP case.  It
causes a hot remove failure:
  kernel BUG at mm/page_alloc.c:4806!
  invalid opcode: 0000 [#1] SMP PTI
  CPU: 3 PID: 8 Comm: kworker/u16:0 Tainted: G        W         5.5.0-next-
20200205+ #340
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015
  Workqueue: kacpi_hotplug acpi_hotplug_work_fn
  RIP: 0010:free_pages+0x85/0xa0
  Call Trace:
   __remove_pages+0x99/0xc0
   arch_remove_memory+0x23/0x4d
   try_remove_memory+0xc8/0x130
   __remove_memory+0xa/0x11
   acpi_memory_device_remove+0x72/0x100
   acpi_bus_trim+0x55/0x90
   acpi_device_hotplug+0x2eb/0x3d0
   acpi_hotplug_work_fn+0x1a/0x30
   process_one_work+0x1a7/0x370
   worker_thread+0x30/0x380
   kthread+0x112/0x130
   ret_from_fork+0x35/0x40
Let's move the ->section_mem_map resetting after
depopulate_section_memmap() to fix it.
[akpm@linux-foundation.org: remove unneeded initialization, per David]
Fixes: ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug")
Signed-off-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Wei Yang <richardw.yang@linux.intel.com>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200307084229.28251-2-bhe@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Chunguang Xu [Sun, 22 Mar 2020 01:22:10 +0000 (18:22 -0700)]
 
memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
An eventfd monitors multiple memory thresholds of the cgroup, closes them,
the kernel deletes all events related to this eventfd.  Before all events
are deleted, another eventfd monitors the memory threshold of this cgroup,
leading to a crash:
  BUG: kernel NULL pointer dereference, address: 
0000000000000004
  #PF: supervisor write access in kernel mode
  #PF: error_code(0x0002) - not-present page
  PGD 
800000033058e067 P4D 
800000033058e067 PUD 
3355ce067 PMD 0
  Oops: 0002 [#1] SMP PTI
  CPU: 2 PID: 14012 Comm: kworker/2:6 Kdump: loaded Not tainted 5.6.0-rc4 #3
  Hardware name: LENOVO 20AWS01K00/20AWS01K00, BIOS GLET70WW (2.24 ) 05/21/2014
  Workqueue: events memcg_event_remove
  RIP: 0010:__mem_cgroup_usage_unregister_event+0xb3/0x190
  RSP: 0018:
ffffb47e01c4fe18 EFLAGS: 
00010202
  RAX: 
0000000000000001 RBX: 
ffff8bb223a8a000 RCX: 
0000000000000001
  RDX: 
0000000000000001 RSI: 
ffff8bb22fb83540 RDI: 
0000000000000001
  RBP: 
ffffb47e01c4fe48 R08: 
0000000000000000 R09: 
0000000000000010
  R10: 
000000000000000c R11: 
071c71c71c71c71c R12: 
ffff8bb226aba880
  R13: 
ffff8bb223a8a480 R14: 
0000000000000000 R15: 
0000000000000000
  FS:  
0000000000000000(0000) GS:
ffff8bb242680000(0000) knlGS:
0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 
0000000080050033
  CR2: 
0000000000000004 CR3: 
000000032c29c003 CR4: 
00000000001606e0
  Call Trace:
    memcg_event_remove+0x32/0x90
    process_one_work+0x172/0x380
    worker_thread+0x49/0x3f0
    kthread+0xf8/0x130
    ret_from_fork+0x35/0x40
  CR2: 
0000000000000004
We can reproduce this problem in the following ways:
1. We create a new cgroup subdirectory and a new eventfd, and then we
   monitor multiple memory thresholds of the cgroup through this eventfd.
2.  closing this eventfd, and __mem_cgroup_usage_unregister_event ()
   will be called multiple times to delete all events related to this
   eventfd.
The first time __mem_cgroup_usage_unregister_event() is called, the
kernel will clear all items related to this eventfd in thresholds->
primary.
Since there is currently only one eventfd, thresholds-> primary becomes
empty, so the kernel will set thresholds-> primary and hresholds-> spare
to NULL.  If at this time, the user creates a new eventfd and monitor
the memory threshold of this cgroup, kernel will re-initialize
thresholds-> primary.
Then when __mem_cgroup_usage_unregister_event () is called for the
second time, because thresholds-> primary is not empty, the system will
access thresholds-> spare, but thresholds-> spare is NULL, which will
trigger a crash.
In general, the longer it takes to delete all events related to this
eventfd, the easier it is to trigger this problem.
The solution is to check whether the thresholds associated with the
eventfd has been cleared when deleting the event.  If so, we do nothing.
[akpm@linux-foundation.org: fix comment, per Kirill]
Fixes: 907860ed381a ("cgroups: make cftype.unregister_event() void-returning")
Signed-off-by: Chunguang Xu <brookxu@tencent.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/077a6f67-aefa-4591-efec-f2f3af2b0b02@gmail.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sat, 21 Mar 2020 19:08:26 +0000 (12:08 -0700)]
 
Merge tag 'block-5.6-
20200320' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
 "Just two NVMe fabrics fixes that should go into 5.6"
* tag 'block-5.6-
20200320' of git://git.kernel.dk/linux-block:
  nvmet-tcp: set MSG_MORE only if we actually have more to send
  nvme-rdma: Avoid double freeing of async event data
Linus Torvalds [Sat, 21 Mar 2020 18:54:47 +0000 (11:54 -0700)]
 
Merge tag 'io_uring-5.6-
20200320' of git://git.kernel.dk/linux-block
Pull io_uring fixes from Jens Axboe:
 "Two different fixes in here:
   - Fix for a potential NULL pointer deref for links with async or
     drain marked (Pavel)
   - Fix for not properly checking RLIMIT_NOFILE for async punted
     operations.
     This affects openat/openat2, which were added this cycle, and
     accept4. I did a full audit of other cases where we might check
     current->signal->rlim[] and found only RLIMIT_FSIZE for buffered
     writes and fallocate. That one is fixed and queued for 5.7 and
     marked stable"
* tag 'io_uring-5.6-
20200320' of git://git.kernel.dk/linux-block:
  io_uring: make sure accept honor rlimit nofile
  io_uring: make sure openat/openat2 honor rlimit nofile
  io_uring: NULL-deref for IOSQE_{ASYNC,DRAIN}
Linus Torvalds [Sat, 21 Mar 2020 18:50:36 +0000 (11:50 -0700)]
 
Merge branch 'turbostat' of git://git./linux/kernel/git/lenb/linux
Pull turbostat updates from Len Brown:
 "Update to turbostat v20.03.20.
  These patches unlock the full turbostat features for some new
  machines, plus a couple other minor tweaks"
* 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux:
  tools/power turbostat: update version
  tools/power turbostat: Print cpuidle information
  tools/power turbostat: Fix 32-bit capabilities warning
  tools/power turbostat: Fix missing SYS_LPI counter on some Chromebooks
  tools/power turbostat: Support Elkhart Lake
  tools/power turbostat: Support Jasper Lake
  tools/power turbostat: Support Ice Lake server
  tools/power turbostat: Support Tiger Lake
  tools/power turbostat: Fix gcc build warnings
  tools/power turbostat: Support Cometlake
Linus Torvalds [Sat, 21 Mar 2020 15:51:45 +0000 (08:51 -0700)]
 
Merge tag 'powerpc-5.6-5' of git://git./linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
 "Two fixes for bugs introduced this cycle:
   - fix a crash when shutting down a KVM PR guest (our original style
     of KVM which doesn't use hypervisor mode)
   - fix for the recently added 32-bit KASAN_VMALLOC support
  Thanks to: Christophe Leroy, Greg Kurz, Sean Christopherson"
* tag 'powerpc-5.6-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  KVM: PPC: Fix kernel crash with PR KVM
  powerpc/kasan: Fix shadow memory protection with CONFIG_KASAN_VMALLOC
Len Brown [Mon, 18 Nov 2019 02:18:31 +0000 (21:18 -0500)]
 
tools/power turbostat: update version
A stitch in time saves nine.
Signed-off-by: Len Brown <len.brown@intel.com>
Len Brown [Sat, 21 Mar 2020 04:47:47 +0000 (00:47 -0400)]
 
tools/power turbostat: Print cpuidle information
Print cpuidle driver and governor.
Originally-by: Antti Laakso <antti.laakso@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Jens Axboe [Sat, 21 Mar 2020 01:14:16 +0000 (19:14 -0600)]
 
Merge branch 'nvme-5.6-rc6' of git://git.infradead.org/nvme into block-5.6
Pull NVMe fixes from Keith:
"Two late nvme fabrics fixes for 5.6: a double free with the rdma
 transport, and a regression fix for tcp; please pull."
* 'nvme-5.6-rc6' of git://git.infradead.org/nvme:
  nvmet-tcp: set MSG_MORE only if we actually have more to send
  nvme-rdma: Avoid double freeing of async event data
Filipe Manana [Fri, 20 Mar 2020 18:43:48 +0000 (18:43 +0000)]
 
btrfs: fix removal of raid[56|1c34} incompat flags after removing block group
We are incorrectly dropping the raid56 and raid1c34 incompat flags when
there are still raid56 and raid1c34 block groups, not when we do not any
of those anymore. The logic just got unintentionally broken after adding
the support for the raid1c34 modes.
Fix this by clear the flags only if we do not have block groups with the
respective profiles.
Fixes: 9c907446dce3 ("btrfs: drop incompat bit for raid1c34 after last block group is gone")
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Sagi Grimberg [Thu, 12 Mar 2020 23:06:38 +0000 (16:06 -0700)]
 
nvmet-tcp: set MSG_MORE only if we actually have more to send
When we send PDU data, we want to optimize the tcp stack
operation if we have more data to send. So when we set MSG_MORE
when:
- We have more fragments coming in the batch, or
- We have a more data to send in this PDU
- We don't have a data digest trailer
- We optimize with the SUCCESS flag and omit the NVMe completion
  (used if sq_head pointer update is disabled)
This addresses a regression in QD=1 with SUCCESS flag optimization
as we unconditionally set MSG_MORE when we didn't actually have
more data to send.
Fixes: 70583295388a ("nvmet-tcp: implement C2HData SUCCESS optimization")
Reported-by: Mark Wunderlich <mark.wunderlich@intel.com>
Tested-by: Mark Wunderlich <mark.wunderlich@intel.com>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Linus Torvalds [Fri, 20 Mar 2020 16:28:25 +0000 (09:28 -0700)]
 
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
 - Fix panic() when it occurs during secondary CPU startup
 - Fix "kpti=off" when KASLR is enabled
 - Fix howler in compat syscall table for vDSO clock_getres() fallback
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: compat: Fix syscall number of compat_clock_getres
  arm64: kpti: Fix "kpti=off" when KASLR is enabled
  arm64: smp: fix crash_smp_send_stop() behaviour
  arm64: smp: fix smp_send_stop() behaviour
Linus Torvalds [Fri, 20 Mar 2020 16:24:22 +0000 (09:24 -0700)]
 
Merge tag 'char-misc-5.6-rc7' of git://git./linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
 "Here are some small different driver fixes for 5.6-rc7:
   - binderfs fix, yet again
   - slimbus new device id added
   - hwtracing bugfixes for reported issues and a new device id
  All of these have been in linux-next with no reported issues"
* tag 'char-misc-5.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  intel_th: pci: Add Elkhart Lake CPU support
  intel_th: Fix user-visible error codes
  intel_th: msu: Fix the unexpected state warning
  stm class: sys-t: Fix the use of time_after()
  slimbus: ngd: add v2.1.0 compatible
  binderfs: use refcount for binder control devices too
Linus Torvalds [Fri, 20 Mar 2020 16:20:38 +0000 (09:20 -0700)]
 
Merge tag 'staging-5.6-rc7' of git://git./linux/kernel/git/gregkh/staging
Pull staging/IIO fixes from Greg KH:
 "Here are a number of small staging and IIO driver fixes for 5.6-rc7
  Nothing major here, just resolutions for some reported problems:
   - iio bugfixes for a number of different drivers
   - greybus loopback_test fixes
   - wfx driver fixes
  All of these have been in linux-next with no reported issues"
* tag 'staging-5.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
  staging: greybus: loopback_test: fix potential path truncations
  staging: greybus: loopback_test: fix potential path truncation
  staging: greybus: loopback_test: fix poll-mask build breakage
  staging: wfx: fix RCU usage between hif_join() and ieee80211_bss_get_ie()
  staging: wfx: fix RCU usage in wfx_join_finalize()
  staging: wfx: make warning about pending frame less scary
  staging: wfx: fix lines ending with a comma instead of a semicolon
  staging: wfx: fix warning about freeing in-use mutex during device unregister
  staging/speakup: fix get_word non-space look-ahead
  iio: ping: set pa_laser_ping_cfg in of_ping_match
  iio: chemical: sps30: fix missing triggered buffer dependency
  iio: st_sensors: remap SMO8840 to LIS2DH12
  iio: light: vcnl4000: update sampling periods for vcnl4040
  iio: light: vcnl4000: update sampling periods for vcnl4200
  iio: accel: adxl372: Set iio_chan BE
  iio: magnetometer: ak8974: Fix negative raw values in sysfs
  iio: trigger: stm32-timer: disable master mode when stopping
  iio: adc: stm32-dfsdm: fix sleep in atomic context
  iio: adc: at91-sama5d2_adc: fix differential channels in triggered mode
Linus Torvalds [Fri, 20 Mar 2020 16:16:35 +0000 (09:16 -0700)]
 
Merge tag 'usb-5.6-rc7' of git://git./linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
 "Here are some small USB fixes for 5.6-rc7. And there's a thunderbolt
  driver fix thrown in for good measure as well.
  These fixes are:
   - new device ids for usb-serial drivers
   - thunderbolt error code fix
   - xhci driver fixes
   - typec fixes
   - cdc-acm driver fixes
   - chipidea driver fix
   - more USB quirks added for devices that need them.
  All of these have been in linux-next with no reported issues"
* tag 'usb-5.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  USB: cdc-acm: fix rounding error in TIOCSSERIAL
  USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
  usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
  usb: chipidea: udc: fix sleeping function called from invalid context
  USB: serial: pl2303: add device-id for HP LD381
  USB: serial: option: add ME910G1 ECM composition 0x110b
  usb: host: xhci-plat: add a shutdown
  usb: typec: ucsi: displayport: Fix a potential race during registration
  usb: typec: ucsi: displayport: Fix NULL pointer dereference
  USB: Disable LPM on WD19's Realtek Hub
  usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c
  xhci: Do not open code __print_symbolic() in xhci trace events
  thunderbolt: Fix error code in tb_port_is_width_supported()
Linus Torvalds [Fri, 20 Mar 2020 16:13:35 +0000 (09:13 -0700)]
 
Merge tag 'tty-5.6-rc7' of git://git./linux/kernel/git/gregkh/tty
Pull tty fixes from Greg KH:
 "Here are three small tty_io bugfixes for reported issues that Eric has
  resolved for 5.6-rc7
  All of these have been in linux-next with no reported issues"
* tag 'tty-5.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  tty: fix compat TIOCGSERIAL checking wrong function ptr
  tty: fix compat TIOCGSERIAL leaking uninitialized memory
  tty: drop outdated comments about release_tty() locking
Linus Torvalds [Fri, 20 Mar 2020 16:10:29 +0000 (09:10 -0700)]
 
Merge tag 'sound-5.6-rc7' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
 "A few fixes covering the issues reported by syzkaller, a couple of
  fixes for the MIDI decoding bug, and a few usual HD-audio quirks.
  Some of them are about ALSA core stuff, but they are small fixes just
  for corner cases, and nothing thrilling"
* tag 'sound-5.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
  ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
  ALSA: seq: oss: Fix running status after receiving sysex
  ALSA: seq: virmidi: Fix running status after receiving sysex
  ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
  ALSA: hda/realtek: Fix pop noise on ALC225
  ALSA: line6: Fix endless MIDI read loop
  ALSA: pcm: oss: Avoid plugin buffer overflow
Linus Torvalds [Fri, 20 Mar 2020 16:03:54 +0000 (09:03 -0700)]
 
Merge tag 'drm-fixes-2020-03-20' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
 "Hope you are well hiding out above the garage. A few amdgpu changes
  but nothing too major. I've had a wisdom tooth out this week so
  haven't been to on top of things, but all seems good.
  core:
   - fix lease warning
  i915:
   - Track active elements during dequeue
   - Fix failure to handle all MCR ranges
   - Revert unnecessary workaround
  amdgpu:
   - Pageflip fix
   - VCN clockgating fixes
   - GPR debugfs fix for umr
   - GPU reset fix
   - eDP fix for MBP
   - DCN2.x fix
  dw-hdmi:
   - fix AVI frame colorimetry
  komeda:
   - fix compiler warning
  bochs:
   - downgrade a binding failure to a warning"
* tag 'drm-fixes-2020-03-20' of git://anongit.freedesktop.org/drm/drm:
  drm/amd/display: Fix pageflip event race condition for DCN.
  drm/amdgpu: fix typo for vcn2.5/jpeg2.5 idle check
  drm/amdgpu: fix typo for vcn2/jpeg2 idle check
  drm/amdgpu: fix typo for vcn1 idle check
  drm/lease: fix WARNING in idr_destroy
  drm/i915: Handle all MCR ranges
  Revert "drm/i915/tgl: Add extra hdc flush workaround"
  drm/i915/execlists: Track active elements during dequeue
  drm/bochs: downgrade pci_request_region failure from error to warning
  drm/amd/display: Add link_rate quirk for Apple 15" MBP 2017
  drm/amdgpu: add fbdev suspend/resume on gpu reset
  drm/amd/amdgpu: Fix GPR read from debugfs (v2)
  drm/amd/display: fix typos for dcn20_funcs and dcn21_funcs struct
  drm/komeda: mark PM functions as __maybe_unused
  drm/bridge: dw-hdmi: fix AVI frame colorimetry
Jens Axboe [Fri, 20 Mar 2020 02:16:56 +0000 (20:16 -0600)]
 
io_uring: make sure accept honor rlimit nofile
Just like commit 
4022e7af86be, this fixes the fact that
IORING_OP_ACCEPT ends up using get_unused_fd_flags(), which checks
current->signal->rlim[] for limits.
Add an extra argument to __sys_accept4_file() that allows us to pass
in the proper nofile limit, and grab it at request prep time.
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Jens Axboe [Fri, 20 Mar 2020 01:23:18 +0000 (19:23 -0600)]
 
io_uring: make sure openat/openat2 honor rlimit nofile
Dmitry reports that a test case shows that io_uring isn't honoring a
modified rlimit nofile setting. get_unused_fd_flags() checks the task
signal->rlimi[] for the limits. As this isn't easily inheritable,
provide a __get_unused_fd_flags() that takes the value instead. Then we
can grab it when the request is prepared (from the original task), and
pass that in when we do the async part part of the open.
Reported-by: Dmitry Kadashev <dkadashev@gmail.com>
Tested-by: Dmitry Kadashev <dkadashev@gmail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Len Brown [Fri, 20 Mar 2020 03:24:17 +0000 (23:24 -0400)]
 
tools/power turbostat: Fix 32-bit capabilities warning
warning: `turbostat' uses 32-bit capabilities (legacy support in use)
Signed-off-by: Len Brown <len.brown@intel.com>
Len Brown [Thu, 19 Mar 2020 22:26:05 +0000 (18:26 -0400)]
 
tools/power turbostat: Fix missing SYS_LPI counter on some Chromebooks
Some Chromebook BIOS' do not export an ACPI LPIT, which is how
Linux finds the residency counter for CPU and SYSTEM low power states,
that is exports in /sys/devices/system/cpu/cpuidle/*residency_us
When these sysfs attributes are missing, check the debugfs attrubte
from the pmc_core driver, which accesses the same counter value.
Signed-off-by: Len Brown <len.brown@intel.com>
Chen Yu [Wed, 18 Mar 2020 10:55:48 +0000 (18:55 +0800)]
 
tools/power turbostat: Support Elkhart Lake
From a turbostat point of view the Tremont-based Elkhart Lake
is very similar to Goldmont, reuse the code of Goldmont.
Elkhart Lake does not support 'group turbo limit counter'
nor C3, adjust the code accordingly.
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Chen Yu [Tue, 14 Jan 2020 04:09:45 +0000 (12:09 +0800)]
 
tools/power turbostat: Support Jasper Lake
Jasper Lake, like Elkhart Lake, uses a Tremont CPU.
So reuse the code.
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Chen Yu [Tue, 14 Jan 2020 04:06:49 +0000 (12:06 +0800)]
 
tools/power turbostat: Support Ice Lake server
From a turbostat point of view, Ice Lake server looks like Sky Lake server.
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Chen Yu [Tue, 14 Jan 2020 04:04:55 +0000 (12:04 +0800)]
 
tools/power turbostat: Support Tiger Lake
From a turbostat point of view, Tiger Lake looks like Ice Lake.
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Len Brown [Thu, 19 Mar 2020 22:33:12 +0000 (18:33 -0400)]
 
tools/power turbostat: Fix gcc build warnings
Warning: â€˜__builtin_strncpy’ specified bound 20 equals destination size
	[-Wstringop-truncation]
reduce param to strncpy, to guarantee that a null byte is always copied
into destination buffer.
Signed-off-by: Len Brown <len.brown@intel.com>
Chen Yu [Thu, 31 Oct 2019 13:14:22 +0000 (21:14 +0800)]
 
tools/power turbostat: Support Cometlake
From a turbostat point of view, Cometlake is like Kabylake.
Suggested-by: Rui Zhang <rui.zhang@intel.com>
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Dave Airlie [Fri, 20 Mar 2020 02:51:34 +0000 (12:51 +1000)]
 
Merge tag 'drm-intel-fixes-2020-03-19' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
drm/i915 fixes for v5.6-rc7:
- Track active elements during dequeue
- Fix failure to handle all MCR ranges
- Revert unnecessary workaround
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/877dzgepvu.fsf@intel.com
Dave Airlie [Fri, 20 Mar 2020 02:48:10 +0000 (12:48 +1000)]
 
Merge tag 'amd-drm-fixes-5.6-2020-03-19' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
amd-drm-fixes-5.6-2020-03-19:
amdgpu:
- Pageflip fix
- VCN clockgating fixes
- GPR debugfs fix for umr
- GPU reset fix
- eDP fix for MBP
- DCN2.x fix
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200319204054.1036478-1-alexander.deucher@amd.com
Greg Kurz [Wed, 18 Mar 2020 17:43:30 +0000 (18:43 +0100)]
 
KVM: PPC: Fix kernel crash with PR KVM
With PR KVM, shutting down a VM causes the host kernel to crash:
[  314.219284] BUG: Unable to handle kernel data access on read at 0xc00800000176c638
[  314.219299] Faulting instruction address: 0xc008000000d4ddb0
cpu 0x0: Vector: 300 (Data Access) at [
c00000036da077a0]
    pc: 
c008000000d4ddb0: kvmppc_mmu_pte_flush_all+0x68/0xd0 [kvm_pr]
    lr: 
c008000000d4dd94: kvmppc_mmu_pte_flush_all+0x4c/0xd0 [kvm_pr]
    sp: 
c00000036da07a30
   msr: 
900000010280b033
   dar: 
c00800000176c638
 dsisr: 
40000000
  current = 0xc00000036d4c0000
  paca    = 0xc000000001a00000   irqmask: 0x03   irq_happened: 0x01
    pid   = 1992, comm = qemu-system-ppc
Linux version 5.6.0-master-gku+ (greg@palmb) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #17 SMP Wed Mar 18 13:49:29 CET 2020
enter ? for help
[
c00000036da07ab0] 
c008000000d4fbe0 kvmppc_mmu_destroy_pr+0x28/0x60 [kvm_pr]
[
c00000036da07ae0] 
c0080000009eab8c kvmppc_mmu_destroy+0x34/0x50 [kvm]
[
c00000036da07b00] 
c0080000009e50c0 kvm_arch_vcpu_destroy+0x108/0x140 [kvm]
[
c00000036da07b30] 
c0080000009d1b50 kvm_vcpu_destroy+0x28/0x80 [kvm]
[
c00000036da07b60] 
c0080000009e4434 kvm_arch_destroy_vm+0xbc/0x190 [kvm]
[
c00000036da07ba0] 
c0080000009d9c2c kvm_put_kvm+0x1d4/0x3f0 [kvm]
[
c00000036da07c00] 
c0080000009da760 kvm_vm_release+0x38/0x60 [kvm]
[
c00000036da07c30] 
c000000000420be0 __fput+0xe0/0x310
[
c00000036da07c90] 
c0000000001747a0 task_work_run+0x150/0x1c0
[
c00000036da07cf0] 
c00000000014896c do_exit+0x44c/0xd00
[
c00000036da07dc0] 
c0000000001492f4 do_group_exit+0x64/0xd0
[
c00000036da07e00] 
c000000000149384 sys_exit_group+0x24/0x30
[
c00000036da07e20] 
c00000000000b9d0 system_call+0x5c/0x68
This is caused by a use-after-free in kvmppc_mmu_pte_flush_all()
which dereferences vcpu->arch.book3s which was previously freed by
kvmppc_core_vcpu_free_pr(). This happens because kvmppc_mmu_destroy()
is called after kvmppc_core_vcpu_free() since commit 
ff030fdf5573
("KVM: PPC: Move kvm_vcpu_init() invocation to common code").
The kvmppc_mmu_destroy() helper calls one of the following depending
on the KVM backend:
- kvmppc_mmu_destroy_hv() which does nothing (Book3s HV)
- kvmppc_mmu_destroy_pr() which undoes the effects of
  kvmppc_mmu_init() (Book3s PR 32-bit)
- kvmppc_mmu_destroy_pr() which undoes the effects of
  kvmppc_mmu_init() (Book3s PR 64-bit)
- kvmppc_mmu_destroy_e500() which does nothing (BookE e500/e500mc)
It turns out that this is only relevant to PR KVM actually. And both
32 and 64 backends need vcpu->arch.book3s to be valid when calling
kvmppc_mmu_destroy_pr(). So instead of calling kvmppc_mmu_destroy()
from kvm_arch_vcpu_destroy(), call kvmppc_mmu_destroy_pr() at the
beginning of kvmppc_core_vcpu_free_pr(). This is consistent with
kvmppc_mmu_init() being the last call in kvmppc_core_vcpu_create_pr().
For the same reason, if kvmppc_core_vcpu_create_pr() returns an
error then this means that kvmppc_mmu_init() was either not called
or failed, in which case kvmppc_mmu_destroy() should not be called.
Drop the line in the error path of kvm_arch_vcpu_create().
Fixes: ff030fdf5573 ("KVM: PPC: Move kvm_vcpu_init() invocation to common code")
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/158455341029.178873.15248663726399374882.stgit@bahia.lan
Mario Kleiner [Mon, 2 Mar 2020 06:17:32 +0000 (07:17 +0100)]
 
drm/amd/display: Fix pageflip event race condition for DCN.
Commit '
16f17eda8bad ("drm/amd/display: Send vblank and user
events at vsartup for DCN")' introduces a new way of pageflip
completion handling for DCN, and some trouble.
The current implementation introduces a race condition, which
can cause pageflip completion events to be sent out one vblank
too early, thereby confusing userspace and causing flicker:
prepare_flip_isr():
1. Pageflip programming takes the ddev->event_lock.
2. Sets acrtc->pflip_status == AMDGPU_FLIP_SUBMITTED
3. Releases ddev->event_lock.
--> Deadline for surface address regs double-buffering passes on
    target pipe.
4. dc_commit_updates_for_stream() MMIO programs the new pageflip
   into hw, but too late for current vblank.
=> pflip_status == AMDGPU_FLIP_SUBMITTED, but flip won't complete
   in current vblank due to missing the double-buffering deadline
   by a tiny bit.
5. VSTARTUP trigger point in vblank is reached, VSTARTUP irq fires,
   dm_dcn_crtc_high_irq() gets called.
6. Detects pflip_status == AMDGPU_FLIP_SUBMITTED and assumes the
   pageflip has been completed/will complete in this vblank and
   sends out pageflip completion event to userspace and resets
   pflip_status = AMDGPU_FLIP_NONE.
=> Flip completion event sent out one vblank too early.
This behaviour has been observed during my testing with measurement
hardware a couple of time.
The commit message says that the extra flip event code was added to
dm_dcn_crtc_high_irq() to prevent missing to send out pageflip events
in case the pflip irq doesn't fire, because the "DCH HUBP" component
is clock gated and doesn't fire pflip irqs in that state. Also that
this clock gating may happen if no planes are active. This suggests
that the problem addressed by that commit can't happen if planes
are active.
The proposed solution is therefore to only execute the extra pflip
completion code iff the count of active planes is zero and otherwise
leave pflip completion handling to the pflip irq handler, for a
more race-free experience.
Note that i don't know if this fixes the problem the original commit
tried to address, as i don't know what the test scenario was. It
does fix the observed too early pageflip events though and points
out the problem introduced.
Fixes: 16f17eda8bad ("drm/amd/display: Send vblank and user events at vsartup for DCN")
Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Linus Torvalds [Thu, 19 Mar 2020 19:45:14 +0000 (12:45 -0700)]
 
Merge tag 'mmc-v5.6-rc6' of git://git./linux/kernel/git/ulfh/mmc
Pull MMC fixes from Ulf Hansson:
 - rtsx_pci: Fix support for some various speed modes
 - sdhci-of-at91: Fix support for GPIO card detect on SAMA5D2
 - sdhci-cadence: Fix support for DDR52 speed mode for eMMC on UniPhier
 - sdhci-acpi: Fix broken WP support on Acer Aspire Switch 10
 - sdhci-acpi: Workaround FW bug for suspend on Lenovo Miix 320
* tag 'mmc-v5.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: rtsx_pci: Fix support for speed-modes that relies on tuning
  mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2
  mmc: sdhci-cadence: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN for UniPhier
  mmc: sdhci-acpi: Disable write protect detection on Acer Aspire Switch 10 (SW5-012)
  mmc: sdhci-acpi: Switch signal voltage back to 3.3V on suspend on external microSD on Lenovo Miix 320
Vincenzo Frascino [Thu, 19 Mar 2020 14:11:38 +0000 (14:11 +0000)]
 
arm64: compat: Fix syscall number of compat_clock_getres
The syscall number of compat_clock_getres was erroneously set to 247
(__NR_io_cancel!) instead of 264. This causes the vDSO fallback of
clock_getres() to land on the wrong syscall for compat tasks.
Fix the numbering.
Cc: <stable@vger.kernel.org>
Fixes: 53c489e1dfeb6 ("arm64: compat: Add missing syscall numbers")
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Linus Torvalds [Thu, 19 Mar 2020 17:19:11 +0000 (10:19 -0700)]
 
Merge tag '5.6-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
 "Three small smb3 fixes, two for stable"
* tag '5.6-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  CIFS: fiemap: do not return EINVAL if get nothing
  CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first
  cifs: potential unintitliazed error code in cifs_getattr()
Linus Torvalds [Thu, 19 Mar 2020 16:57:48 +0000 (09:57 -0700)]
 
Merge tag 'kbuild-fixes-v5.6-3' of git://git./linux/kernel/git/masahiroy/linux-kbuild
Pull Kbuild fixes from Masahiro Yamada:
 - fix __uint128_t capability test in Kconfig when GCC that defaults to
   32-bit is used to build the 64-bit kernel
 - suppress new noisy Clang warnings -Wpointer-to-enum-cast
 - move the namespace field in Module.symvers for the backward
   compatibility reason for the depmod tool
 - use available compression for initramdisk when INTRAMFS_SOURCE is
   defined, which was the original behavior
 - fix modpost to handle correct large section numbers when it refers to
   modversion CRCs and module namespaces
 - fix comments and documents
* tag 'kbuild-fixes-v5.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  scripts/kallsyms: fix wrong kallsyms_relative_base
  modpost: Get proper section index by get_secindex() instead of st_shndx
  initramfs: restore default compression behavior
  modpost: move the namespace field in Module.symvers last
  kbuild: Disable -Wpointer-to-enum-cast
  kbuild: doc: fix references to other documents
  int128: fix __uint128_t compiler test in Kconfig
  kconfig: introduce m32-flag and m64-flag
  kbuild: Fix inconsistent comment
Corentin Labbe [Wed, 18 Mar 2020 15:26:49 +0000 (15:26 +0000)]
 
rtc: max8907: add missing select REGMAP_IRQ
I have hit the following build error:
  armv7a-hardfloat-linux-gnueabi-ld: drivers/rtc/rtc-max8907.o: in function `max8907_rtc_probe':
  rtc-max8907.c:(.text+0x400): undefined reference to `regmap_irq_get_virq'
max8907 should select REGMAP_IRQ
Fixes: 94c01ab6d7544 ("rtc: add MAX8907 RTC driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mikhail Petrov [Wed, 11 Mar 2020 20:37:09 +0000 (23:37 +0300)]
 
scripts/kallsyms: fix wrong kallsyms_relative_base
There is the code in the read_symbol function in 'scripts/kallsyms.c':
	if (is_ignored_symbol(name, type))
		return NULL;
	/* Ignore most absolute/undefined (?) symbols. */
	if (strcmp(name, "_text") == 0)
		_text = addr;
But the is_ignored_symbol function returns true for name="_text" and
type='A'. So the next condition is not executed and the _text variable
is always zero.
It makes the wrong kallsyms_relative_base symbol as a result of the code
(CONFIG_KALLSYMS_BASE_RELATIVE is defined):
	if (base_relative) {
		output_label("kallsyms_relative_base");
		output_address(relative_base);
		printf("\n");
	}
Because the output_address function uses the _text variable.
So the kallsyms_lookup function and all related functions in the kernel
do not work properly. For example, the stack trace in oops:
 Call Trace:
 [
aa095e58] [
809feab8] kobj_ns_ops_tbl+0x7ff09ac8/0x7ff1c1c4 (unreliable)
 [
aa095e98] [
80002b64] kobj_ns_ops_tbl+0x7f50db74/0x80000010
 [
aa095ef8] [
809c3d24] kobj_ns_ops_tbl+0x7feced34/0x7ff1c1c4
 [
aa095f28] [
80002ed0] kobj_ns_ops_tbl+0x7f50dee0/0x80000010
 [
aa095f38] [
8000f238] kobj_ns_ops_tbl+0x7f51a248/0x80000010
The right stack trace:
 Call Trace:
 [
aa095e58] [
809feab8] module_vdu_video_init+0x2fc/0x3bc (unreliable)
 [
aa095e98] [
80002b64] do_one_initcall+0x40/0x1f0
 [
aa095ef8] [
809c3d24] kernel_init_freeable+0x164/0x1d8
 [
aa095f28] [
80002ed0] kernel_init+0x14/0x124
 [
aa095f38] [
8000f238] ret_from_kernel_thread+0x14/0x1c
[masahiroy@kernel.org:
This issue happens on binutils <= 2.22
The following commit fixed it:
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=
d2667025dd30611514810c28bee9709e4623012a
The symbol type of _text is 'T' on binutils >= 2.23
The minimal supported binutils version for the kernel build is 2.21
]
Signed-off-by: Mikhail Petrov <Mikhail.Petrov@mir.dev>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Will Deacon [Wed, 18 Mar 2020 20:38:29 +0000 (20:38 +0000)]
 
arm64: kpti: Fix "kpti=off" when KASLR is enabled
Enabling KASLR forces the use of non-global page-table entries for kernel
mappings, as this is a decision that we have to make very early on before
mapping the kernel proper. When used in conjunction with the "kpti=off"
command-line option, it is possible to use non-global kernel mappings but
with the kpti trampoline disabled.
Since commit 
09e3c22a86f6 ("arm64: Use a variable to store non-global
mappings decision"), arm64_kernel_unmapped_at_el0() reflects only the use of
non-global mappings and does not take into account whether the kpti
trampoline is enabled. This breaks context switching of the TPIDRRO_EL0
register for 64-bit tasks, where the clearing of the register is deferred to
the ret-to-user code, but it also breaks the ARM SPE PMU driver which
helpfully recommends passing "kpti=off" on the command line!
Report whether or not KPTI is actually enabled in
arm64_kernel_unmapped_at_el0() and check the 'arm64_use_ng_mappings' global
variable directly when determining the protection flags for kernel mappings.
Cc: Mark Brown <broonie@kernel.org>
Reported-by: Hongbo Yao <yaohongbo@huawei.com>
Tested-by: Hongbo Yao <yaohongbo@huawei.com>
Fixes: 09e3c22a86f6 ("arm64: Use a variable to store non-global mappings decision")
Signed-off-by: Will Deacon <will@kernel.org>
Dave Airlie [Thu, 19 Mar 2020 01:47:41 +0000 (11:47 +1000)]
 
Merge tag 'drm-misc-fixes-2020-03-18-1' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
- drm/lease: fix WARNING in idr_destroy
- Fix AVI frame colorimetry in the dw-hdmi bridge.
- Fix compiler warning in komeda by annotating functions as __maybe_unused.
- Downgrade bochs pci_request_region failure from error to warning to
  workaround firmware fb.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/7654ac39-deb8-c9ca-9fd5-ef77b2636380@linux.intel.com
James Zhu [Wed, 18 Mar 2020 21:12:12 +0000 (17:12 -0400)]
 
drm/amdgpu: fix typo for vcn2.5/jpeg2.5 idle check
fix typo for vcn2.5/jpeg2.5 idle check
Signed-off-by: James Zhu <James.Zhu@amd.com>
Reviewed-by: Leo Liu <leo.liu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
James Zhu [Wed, 18 Mar 2020 21:10:56 +0000 (17:10 -0400)]
 
drm/amdgpu: fix typo for vcn2/jpeg2 idle check
fix typo for vcn2/jpeg2 idle check
Signed-off-by: James Zhu <James.Zhu@amd.com>
Reviewed-by: Leo Liu <leo.liu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
James Zhu [Wed, 18 Mar 2020 21:09:05 +0000 (17:09 -0400)]
 
drm/amdgpu: fix typo for vcn1 idle check
fix typo for vcn1 idle check
Signed-off-by: James Zhu <James.Zhu@amd.com>
Reviewed-by: Leo Liu <leo.liu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Linus Torvalds [Wed, 18 Mar 2020 11:52:21 +0000 (07:52 -0400)]
 
locks: reinstate locks_delete_block optimization
There is measurable performance impact in some synthetic tests due to
commit 
6d390e4b5d48 (locks: fix a potential use-after-free problem when
wakeup a waiter). Fix the race condition instead by clearing the
fl_blocker pointer after the wake_up, using explicit acquire/release
semantics.
This does mean that we can no longer use the clearing of fl_blocker as
the wait condition, so switch the waiters over to checking whether the
fl_blocked_member list_head is empty.
Reviewed-by: yangerkun <yangerkun@huawei.com>
Reviewed-by: NeilBrown <neilb@suse.de>
Fixes: 6d390e4b5d48 (locks: fix a potential use-after-free problem when wakeup a waiter)
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Xiao Yang [Wed, 18 Mar 2020 10:34:16 +0000 (18:34 +0800)]
 
modpost: Get proper section index by get_secindex() instead of st_shndx
(uint16_t) st_shndx is limited to 65535(i.e. SHN_XINDEX) so sym_get_data() gets
wrong section index by st_shndx if requested symbol contains extended section
index that is more than 65535.  In this case, we need to get proper section index
by .symtab_shndx section.
Module.symvers generated by building kernel with "-ffunction-sections -fdata-sections"
shows the issue.
Fixes: 56067812d5b0 ("kbuild: modversions: add infrastructure for emitting relative CRCs")
Fixes: e84f9fbbece1 ("modpost: refactor namespace_from_kstrtabns() to not hard-code section name")
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Linus Torvalds [Tue, 17 Mar 2020 18:04:09 +0000 (11:04 -0700)]
 
mm: slub: be more careful about the double cmpxchg of freelist
This is just a cleanup addition to Jann's fix to properly update the
transaction ID for the slub slowpath in commit 
fd4d9c7d0c71 ("mm: slub:
add missing TID bump..").
The transaction ID is what protects us against any concurrent accesses,
but we should really also make sure to make the 'freelist' comparison
itself always use the same freelist value that we then used as the new
next free pointer.
Jann points out that if we do all of this carefully, we could skip the
transaction ID update for all the paths that only remove entries from
the lists, and only update the TID when adding entries (to avoid the ABA
issue with cmpxchg and list handling re-adding a previously seen value).
But this patch just does the "make sure to cmpxchg the same value we
used" rather than then try to be clever.
Acked-by: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jann Horn [Tue, 17 Mar 2020 00:28:45 +0000 (01:28 +0100)]
 
mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
When kmem_cache_alloc_bulk() attempts to allocate N objects from a percpu
freelist of length M, and N > M > 0, it will first remove the M elements
from the percpu freelist, then call ___slab_alloc() to allocate the next
element and repopulate the percpu freelist. ___slab_alloc() can re-enable
IRQs via allocate_slab(), so the TID must be bumped before ___slab_alloc()
to properly commit the freelist head change.
Fix it by unconditionally bumping c->tid when entering the slowpath.
Cc: stable@vger.kernel.org
Fixes: ebe909e0fdb3 ("slub: improve bulk alloc strategy")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Qiujun Huang [Wed, 18 Mar 2020 07:53:50 +0000 (15:53 +0800)]
 
drm/lease: fix WARNING in idr_destroy
drm_lease_create takes ownership of leases. And leases will be released
by drm_master_put.
drm_master_put
    ->drm_master_destroy
            ->idr_destroy
So we needn't call idr_destroy again.
Reported-and-tested-by: syzbot+05835159fe322770fe3d@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/1584518030-4173-1-git-send-email-hqjagain@gmail.com
Eric Biggers [Mon, 24 Feb 2020 18:20:44 +0000 (10:20 -0800)]
 
tty: fix compat TIOCGSERIAL checking wrong function ptr
Commit 
77654350306a ("take compat TIOC[SG]SERIAL treatment into
tty_compat_ioctl()") changed the compat version of TIOCGSERIAL to start
checking for the presence of the ->set_serial function pointer rather
than ->get_serial.  This appears to be a copy-and-paste error, since
->get_serial is the function pointer that is called as well as the
pointer that is checked by the non-compat version of TIOCGSERIAL.
Fix this by checking the correct function pointer.
Fixes: 77654350306a ("take compat TIOC[SG]SERIAL treatment into tty_compat_ioctl()")
Cc: <stable@vger.kernel.org> # v4.20+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20200224182044.234553-3-ebiggers@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Eric Biggers [Mon, 24 Feb 2020 18:20:43 +0000 (10:20 -0800)]
 
tty: fix compat TIOCGSERIAL leaking uninitialized memory
Commit 
77654350306a ("take compat TIOC[SG]SERIAL treatment into
tty_compat_ioctl()") changed the compat version of TIOCGSERIAL to start
copying a whole 'serial_struct32' to userspace rather than individual
fields, but failed to initialize all padding and fields -- namely the
hole after the 'iomem_reg_shift' field, and the 'reserved' field.
Fix this by initializing the struct to zero.
[v2: use sizeof, and convert the adjacent line for consistency.]
Reported-by: syzbot+8da9175e28eadcb203ce@syzkaller.appspotmail.com
Fixes: 77654350306a ("take compat TIOC[SG]SERIAL treatment into tty_compat_ioctl()")
Cc: <stable@vger.kernel.org> # v4.20+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20200224182044.234553-2-ebiggers@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Eric Biggers [Mon, 24 Feb 2020 07:33:59 +0000 (23:33 -0800)]
 
tty: drop outdated comments about release_tty() locking
The current version of the TTY code unlocks the tty_struct(s) before
release_tty() rather than after.  Moreover, tty_unlock_pair() no longer
exists.  Thus, remove the outdated comments regarding tty_unlock_pair().
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20200224073359.292795-1-ebiggers@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nishad Kamdar [Mon, 2 Mar 2020 14:36:46 +0000 (20:06 +0530)]
 
tty: n_tracesink: Use the correct style for SPDX License Identifier
This patch corrects the SPDX License Identifier style in
header file related to Kernel driver API to route trace data.
For C header files Documentation/process/license-rules.rst
mandates C-like comments (opposed to C source files where
C++ style should be used).
Changes made by using a script provided by Joe Perches here:
https://lkml.org/lkml/2019/2/7/46.
Suggested-by: Joe Perches <joe@perches.com>
Signed-off-by: Nishad Kamdar <nishadkamdar@gmail.com>
Link: https://lore.kernel.org/r/20200302143642.GA3335@nishad
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nishad Kamdar [Sun, 1 Mar 2020 17:04:25 +0000 (22:34 +0530)]
 
tty: hvc: Use the correct style for SPDX License Identifier
This patch corrects the SPDX License Identifier style in
header file related to the HVC driver.
For C header files Documentation/process/license-rules.rst
mandates C-like comments (opposed to C source files where
C++ style should be used).
Changes made by using a script provided by Joe Perches here:
https://lkml.org/lkml/2019/2/7/46.
Suggested-by: Joe Perches <joe@perches.com>
Signed-off-by: Nishad Kamdar <nishadkamdar@gmail.com>
Link: https://lore.kernel.org/r/20200301170419.GA7125@nishad
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Wed, 11 Mar 2020 09:29:05 +0000 (10:29 +0100)]
 
tty: nozomi: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().
Also rewrite the code in a standard if-form instead of ugly
conditional operators.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200311092905.24362-1-tiwai@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Wed, 11 Mar 2020 09:29:30 +0000 (10:29 +0100)]
 
tty: serial: pch_uart: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200311092930.24433-1-tiwai@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alexandre Belloni [Fri, 14 Feb 2020 14:14:55 +0000 (15:14 +0100)]
 
tty: nozomi: fix spelling mistake "reserverd" -> "reserved"
The reserved bits should be named reserved.
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Link: https://lore.kernel.org/r/20200214141455.20902-1-alexandre.belloni@bootlin.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Chunyan Zhang [Wed, 18 Mar 2020 10:50:49 +0000 (18:50 +0800)]
 
serial: sprd: remove redundant sprd_port cleanup
We don't need to cleanup sprd_port anymore, since we've dropped the way
of using the sprd_port[] array to get port index.
Reviewed-by: Baolin Wang <baolin.wang7@gmail.com>
Signed-off-by: Chunyan Zhang <chunyan.zhang@unisoc.com>
Link: https://lore.kernel.org/r/20200318105049.19623-3-zhang.lyra@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Chunyan Zhang [Wed, 18 Mar 2020 10:50:48 +0000 (18:50 +0800)]
 
serial: sprd: getting port index via serial aliases only
This patch simplifies the process of getting serial port number, with
this patch, serial devices must have aliases configured in devicetree.
The serial port searched out via sprd_port array maybe wrong if we don't
have serial alias defined in devicetree, and specify console with command
line, we would get the wrong port number if other serial ports probe
failed before console's. So using aliases is mandatory.
Reviewed-by: Baolin Wang <baolin.wang7@gmail.com>
Signed-off-by: Chunyan Zhang <chunyan.zhang@unisoc.com>
Link: https://lore.kernel.org/r/20200318105049.19623-2-zhang.lyra@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ricky Wu [Mon, 16 Mar 2020 02:52:32 +0000 (10:52 +0800)]
 
mmc: rtsx_pci: Fix support for speed-modes that relies on tuning
The TX/RX register should not be treated the same way to allow for better
support of tuning. Fix this by using a default initial value for TX.
Signed-off-by: Ricky Wu <ricky_wu@realtek.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200316025232.1167-1-ricky_wu@realtek.com
[Ulf: Updated changelog]
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alexander Shishkin [Tue, 17 Mar 2020 06:22:15 +0000 (08:22 +0200)]
 
intel_th: pci: Add Elkhart Lake CPU support
This adds support for the Trace Hub in Elkhart Lake CPU.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200317062215.15598-7-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alexander Shishkin [Tue, 17 Mar 2020 06:22:14 +0000 (08:22 +0200)]
 
intel_th: Fix user-visible error codes
There are a few places in the driver that end up returning ENOTSUPP to
the user, replace those with EINVAL.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Fixes: ba82664c134ef ("intel_th: Add Memory Storage Unit driver")
Cc: stable@vger.kernel.org # v4.4+
Link: https://lore.kernel.org/r/20200317062215.15598-6-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alexander Shishkin [Tue, 17 Mar 2020 06:22:13 +0000 (08:22 +0200)]
 
intel_th: msu: Fix the unexpected state warning
The unexpected state warning should only warn on illegal state
transitions. Fix that.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Fixes: 615c164da0eb4 ("intel_th: msu: Introduce buffer interface")
Cc: stable@vger.kernel.org # v5.4+
Link: https://lore.kernel.org/r/20200317062215.15598-5-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alexander Shishkin [Tue, 17 Mar 2020 06:22:11 +0000 (08:22 +0200)]
 
stm class: sys-t: Fix the use of time_after()
The operands of time_after() are in a wrong order in both instances in
the sys-t driver. Fix that.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Fixes: 39f10239df75 ("stm class: p_sys-t: Add support for CLOCKSYNC packets")
Fixes: d69d5e83110f ("stm class: Add MIPI SyS-T protocol support")
Cc: stable@vger.kernel.org # v4.20+
Link: https://lore.kernel.org/r/20200317062215.15598-3-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Wed, 18 Mar 2020 10:20:42 +0000 (11:20 +0100)]
 
Merge tag 'iio-fixes-for-5.6a' of git://git./linux/kernel/git/jic23/iio into staging-linus
Jonathan writes:
First set of IIO fixes in the 5.6 cycle.
* adxl372
  - Fix marking of buffered values as big endian.
* ak8974
  - Fix wrong handling of negative values when read from sysfs.
* at91-sama5d2
  - Fix differential mode by ensuring configuration set correctly.
* ping
  - Use the write sensor type for of_ping_match table.
* sps30
  - Kconfig build dependency fix.
* st-sensors
  - Fix a wrong identification of which part the SMO8840 ACPI ID indicates.
* stm32-dsfdm
  - Fix a sleep in atomic issue by not using a trigger when it makes no sense.
* stm32-timer
  - Make sure master mode is disabled when stopping.
* vcnl400
  - Update some sampling periods based on new docs.
* tag 'iio-fixes-for-5.6a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio:
  iio: ping: set pa_laser_ping_cfg in of_ping_match
  iio: chemical: sps30: fix missing triggered buffer dependency
  iio: st_sensors: remap SMO8840 to LIS2DH12
  iio: light: vcnl4000: update sampling periods for vcnl4040
  iio: light: vcnl4000: update sampling periods for vcnl4200
  iio: accel: adxl372: Set iio_chan BE
  iio: magnetometer: ak8974: Fix negative raw values in sysfs
  iio: trigger: stm32-timer: disable master mode when stopping
  iio: adc: stm32-dfsdm: fix sleep in atomic context
  iio: adc: at91-sama5d2_adc: fix differential channels in triggered mode
Vincent Chen [Wed, 18 Mar 2020 00:40:27 +0000 (08:40 +0800)]
 
tty: serial: Add CONSOLE_POLL support to SiFive UART
Add CONSOLE_POLL support for future KGDB porting.
Signed-off-by: Vincent Chen <vincent.chen@sifive.com>
Changes since v1:
1. Fix the compile error reported by kbuild test robot
Link: https://lore.kernel.org/r/1584492027-23236-1-git-send-email-vincent.chen@sifive.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Wed, 18 Mar 2020 09:42:57 +0000 (10:42 +0100)]
 
Merge tag 'usb-serial-5.6-rc7' of https://git./linux/kernel/git/johan/usb-serial into usb-linus
Johan writes:
USB-serial fixes for 5.6-rc7
Here are a couple of new device ids for 5.6-rc.
All have been in linux-next with no reported issues.
* tag 'usb-serial-5.6-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial:
  USB: serial: pl2303: add device-id for HP LD381
  USB: serial: option: add ME910G1 ECM composition 0x110b
Cristian Marussi [Wed, 11 Mar 2020 17:12:45 +0000 (17:12 +0000)]
 
arm64: smp: fix crash_smp_send_stop() behaviour
On a system configured to trigger a crash_kexec() reboot, when only one CPU
is online and another CPU panics while starting-up, crash_smp_send_stop()
will fail to send any STOP message to the other already online core,
resulting in fail to freeze and registers not properly saved.
Moreover even if the proper messages are sent (case CPUs > 2)
it will similarly fail to account for the booting CPU when executing
the final stop wait-loop, so potentially resulting in some CPU not
been waited for shutdown before rebooting.
A tangible effect of this behaviour can be observed when, after a panic
with kexec enabled and loaded, on the following reboot triggered by kexec,
the cpu that could not be successfully stopped fails to come back online:
[  362.291022] ------------[ cut here ]------------
[  362.291525] kernel BUG at arch/arm64/kernel/cpufeature.c:886!
[  362.292023] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[  362.292400] Modules linked in:
[  362.292970] CPU: 3 PID: 0 Comm: swapper/3 Kdump: loaded Not tainted 
5.6.0-rc4-00003-gc780b890948a #105
[  362.293136] Hardware name: Foundation-v8A (DT)
[  362.293382] pstate: 
200001c5 (nzCv dAIF -PAN -UAO)
[  362.294063] pc : has_cpuid_feature+0xf0/0x348
[  362.294177] lr : verify_local_elf_hwcaps+0x84/0xe8
[  362.294280] sp : 
ffff800011b1bf60
[  362.294362] x29: 
ffff800011b1bf60 x28: 
0000000000000000
[  362.294534] x27: 
0000000000000000 x26: 
0000000000000000
[  362.294631] x25: 
0000000000000000 x24: 
ffff80001189a25c
[  362.294718] x23: 
0000000000000000 x22: 
0000000000000000
[  362.294803] x21: 
ffff8000114aa018 x20: 
ffff800011156a00
[  362.294897] x19: 
ffff800010c944a0 x18: 
0000000000000004
[  362.294987] x17: 
0000000000000000 x16: 
0000000000000000
[  362.295073] x15: 
00004e53b831ae3c x14: 
00004e53b831ae3c
[  362.295165] x13: 
0000000000000384 x12: 
0000000000000000
[  362.295251] x11: 
0000000000000000 x10: 
00400032b5503510
[  362.295334] x9 : 
0000000000000000 x8 : 
ffff800010c7e204
[  362.295426] x7 : 
00000000410fd0f0 x6 : 
0000000000000001
[  362.295508] x5 : 
00000000410fd0f0 x4 : 
0000000000000000
[  362.295592] x3 : 
0000000000000000 x2 : 
ffff8000100939d8
[  362.295683] x1 : 
0000000000180420 x0 : 
0000000000180480
[  362.296011] Call trace:
[  362.296257]  has_cpuid_feature+0xf0/0x348
[  362.296350]  verify_local_elf_hwcaps+0x84/0xe8
[  362.296424]  check_local_cpu_capabilities+0x44/0x128
[  362.296497]  secondary_start_kernel+0xf4/0x188
[  362.296998] Code: 
52805001 72a00301 6b01001f 54000ec0 (
d4210000)
[  362.298652] SMP: stopping secondary CPUs
[  362.300615] Starting crashdump kernel...
[  362.301168] Bye!
[    0.000000] Booting Linux on physical CPU 0x0000000003 [0x410fd0f0]
[    0.000000] Linux version 
5.6.0-rc4-00003-gc780b890948a (crimar01@
e120937-lin) (gcc version 8.3.0 (GNU Toolchain for the A-profile Architecture 8.3-2019.03 (arm-rel-8.36))) #105 SMP PREEMPT Fri Mar 6 17:00:42 GMT 2020
[    0.000000] Machine model: Foundation-v8A
[    0.000000] earlycon: pl11 at MMIO 0x000000001c090000 (options '')
[    0.000000] printk: bootconsole [pl11] enabled
.....
[    0.138024] rcu: Hierarchical SRCU implementation.
[    0.153472] its@
2f020000: unable to locate ITS domain
[    0.154078] its@
2f020000: Unable to locate ITS domain
[    0.157541] EFI services will not be available.
[    0.175395] smp: Bringing up secondary CPUs ...
[    0.209182] psci: failed to boot CPU1 (-22)
[    0.209377] CPU1: failed to boot: -22
[    0.274598] Detected PIPT I-cache on CPU2
[    0.278707] GICv3: CPU2: found redistributor 1 region 0:0x000000002f120000
[    0.285212] CPU2: Booted secondary processor 0x0000000001 [0x410fd0f0]
[    0.369053] Detected PIPT I-cache on CPU3
[    0.372947] GICv3: CPU3: found redistributor 2 region 0:0x000000002f140000
[    0.378664] CPU3: Booted secondary processor 0x0000000002 [0x410fd0f0]
[    0.401707] smp: Brought up 1 node, 3 CPUs
[    0.404057] SMP: Total of 3 processors activated.
Make crash_smp_send_stop() account also for the online status of the
calling CPU while evaluating how many CPUs are effectively online: this way
the right number of STOPs is sent and all other stopped-cores's registers
are properly saved.
Fixes: 78fd584cdec05 ("arm64: kdump: implement machine_crash_shutdown()")
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Cristian Marussi [Wed, 11 Mar 2020 17:12:44 +0000 (17:12 +0000)]
 
arm64: smp: fix smp_send_stop() behaviour
On a system with only one CPU online, when another one CPU panics while
starting-up, smp_send_stop() will fail to send any STOP message to the
other already online core, resulting in a system still responsive and
alive at the end of the panic procedure.
[  186.700083] CPU3: shutdown
[  187.075462] CPU2: shutdown
[  187.162869] CPU1: shutdown
[  188.689998] ------------[ cut here ]------------
[  188.691645] kernel BUG at arch/arm64/kernel/cpufeature.c:886!
[  188.692079] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[  188.692444] Modules linked in:
[  188.693031] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 
5.6.0-rc4-00001-g338d25c35a98 #104
[  188.693175] Hardware name: Foundation-v8A (DT)
[  188.693492] pstate: 
200001c5 (nzCv dAIF -PAN -UAO)
[  188.694183] pc : has_cpuid_feature+0xf0/0x348
[  188.694311] lr : verify_local_elf_hwcaps+0x84/0xe8
[  188.694410] sp : 
ffff800011b1bf60
[  188.694536] x29: 
ffff800011b1bf60 x28: 
0000000000000000
[  188.694707] x27: 
0000000000000000 x26: 
0000000000000000
[  188.694801] x25: 
0000000000000000 x24: 
ffff80001189a25c
[  188.694905] x23: 
0000000000000000 x22: 
0000000000000000
[  188.694996] x21: 
ffff8000114aa018 x20: 
ffff800011156a38
[  188.695089] x19: 
ffff800010c944a0 x18: 
0000000000000004
[  188.695187] x17: 
0000000000000000 x16: 
0000000000000000
[  188.695280] x15: 
0000249dbde5431e x14: 
0262cbe497efa1fa
[  188.695371] x13: 
0000000000000002 x12: 
0000000000002592
[  188.695472] x11: 
0000000000000080 x10: 
00400032b5503510
[  188.695572] x9 : 
0000000000000000 x8 : 
ffff800010c80204
[  188.695659] x7 : 
00000000410fd0f0 x6 : 
0000000000000001
[  188.695750] x5 : 
00000000410fd0f0 x4 : 
0000000000000000
[  188.695836] x3 : 
0000000000000000 x2 : 
ffff8000100939d8
[  188.695919] x1 : 
0000000000180420 x0 : 
0000000000180480
[  188.696253] Call trace:
[  188.696410]  has_cpuid_feature+0xf0/0x348
[  188.696504]  verify_local_elf_hwcaps+0x84/0xe8
[  188.696591]  check_local_cpu_capabilities+0x44/0x128
[  188.696666]  secondary_start_kernel+0xf4/0x188
[  188.697150] Code: 
52805001 72a00301 6b01001f 54000ec0 (
d4210000)
[  188.698639] ---[ end trace 
3f12ca47652f7b72 ]---
[  188.699160] Kernel panic - not syncing: Attempted to kill the idle task!
[  188.699546] Kernel Offset: disabled
[  188.699828] CPU features: 0x00004,
20c02008
[  188.700012] Memory Limit: none
[  188.700538] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---
[root@arch ~]# echo Helo
Helo
[root@arch ~]# cat /proc/cpuinfo | grep proce
processor	: 0
Make smp_send_stop() account also for the online status of the calling CPU
while evaluating how many CPUs are effectively online: this way, the right
number of STOPs is sent, so enforcing a proper freeze of the system at the
end of panic even under the above conditions.
Fixes: 08e875c16a16c ("arm64: SMP support")
Reported-by: Dave Martin <Dave.Martin@arm.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Anthony Mallet [Thu, 12 Mar 2020 13:31:01 +0000 (14:31 +0100)]
 
USB: cdc-acm: fix rounding error in TIOCSSERIAL
By default, tty_port_init() initializes those parameters to a multiple
of HZ. For instance in line 69 of tty_port.c:
   port->close_delay = (50 * HZ) / 100;
https://github.com/torvalds/linux/blob/master/drivers/tty/tty_port.c#L69
With e.g. CONFIG_HZ = 250 (as this is the case for Ubuntu 18.04
linux-image-4.15.0-37-generic), the default setting for close_delay is
thus 125.
When ioctl(fd, TIOCGSERIAL, &s) is executed, the setting returned in
user space is '12' (125/10). When ioctl(fd, TIOCSSERIAL, &s) is then
executed with the same setting '12', the value is interpreted as '120'
which is different from the current setting and a EPERM error may be
raised by set_serial_info() if !CAP_SYS_ADMIN.
https://github.com/torvalds/linux/blob/master/drivers/usb/class/cdc-acm.c#L919
Fixes: ba2d8ce9db0a6 ("cdc-acm: implement TIOCSSERIAL to avoid blocking close(2)")
Signed-off-by: Anthony Mallet <anthony.mallet@laas.fr>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200312133101.7096-2-anthony.mallet@laas.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Anthony Mallet [Thu, 12 Mar 2020 13:31:00 +0000 (14:31 +0100)]
 
USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
close_delay and closing_wait are specified in hundredth of a second but stored
internally in jiffies. Use the jiffies_to_msecs() and msecs_to_jiffies()
functions to convert from each other.
Signed-off-by: Anthony Mallet <anthony.mallet@laas.fr>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200312133101.7096-1-anthony.mallet@laas.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Hans de Goede [Fri, 13 Mar 2020 12:07:08 +0000 (13:07 +0100)]
 
usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
We have been receiving bug reports that ethernet connections over
RTL8153 based ethernet adapters stops working after a while with
errors like these showing up in dmesg when the ethernet stops working:
[12696.189484] r8152 6-1:1.0 enp10s0u1: Tx timeout
[12702.333456] r8152 6-1:1.0 enp10s0u1: Tx timeout
[12707.965422] r8152 6-1:1.0 enp10s0u1: Tx timeout
This has been reported on Dell WD15 docks, Belkin USB-C Express Dock 3.1
docks and with generic USB to ethernet dongles using the RTL8153
chipsets. Some users have tried adding usbcore.quirks=0bda:8153:k to
the kernel commandline and all users who have tried this report that
this fixes this.
Also note that we already have an existing NO_LPM quirk for the RTL8153
used in the Microsoft Surface Dock (where it uses a different usb-id).
This commit adds a NO_LPM quirk for the generic Realtek RTL8153
0bda:8153 usb-id, fixing the Tx timeout errors on these devices.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=198931
Cc: stable@vger.kernel.org
Cc: russianneuromancer@ya.ru
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20200313120708.100339-1-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Chen [Mon, 16 Mar 2020 03:10:34 +0000 (11:10 +0800)]
 
usb: chipidea: udc: fix sleeping function called from invalid context
The code calls pm_runtime_get_sync with irq disabled, it causes below
warning:
BUG: sleeping function called from invalid context at
wer/runtime.c:1075
in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid:
er/u8:1
CPU: 1 PID: 37 Comm: kworker/u8:1 Not tainted
20200304-00181-gbebfd2a5be98 #1588
Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
Workqueue: ci_otg ci_otg_work
[<
c010e8bd>] (unwind_backtrace) from [<
c010a315>]
1/0x14)
[<
c010a315>] (show_stack) from [<
c0987d29>]
5/0x94)
[<
c0987d29>] (dump_stack) from [<
c013e77f>]
+0xeb/0x118)
[<
c013e77f>] (___might_sleep) from [<
c052fa1d>]
esume+0x75/0x78)
[<
c052fa1d>] (__pm_runtime_resume) from [<
c0627a33>]
0x23/0x74)
[<
c0627a33>] (ci_udc_pullup) from [<
c062fb93>]
nect+0x2b/0xcc)
[<
c062fb93>] (usb_gadget_connect) from [<
c062769d>]
_connect+0x59/0x104)
[<
c062769d>] (ci_hdrc_gadget_connect) from [<
c062778b>]
ssion+0x43/0x48)
[<
c062778b>] (ci_udc_vbus_session) from [<
c062f997>]
s_connect+0x17/0x9c)
[<
c062f997>] (usb_gadget_vbus_connect) from [<
c062634d>]
bd/0x128)
[<
c062634d>] (ci_otg_work) from [<
c0134719>]
rk+0x149/0x404)
[<
c0134719>] (process_one_work) from [<
c0134acb>]
0xf7/0x3bc)
[<
c0134acb>] (worker_thread) from [<
c0139433>]
x118)
[<
c0139433>] (kthread) from [<
c01010bd>]
(ret_from_fork+0x11/0x34)
Tested-by: Dmitry Osipenko <digetx@gmail.com>
Cc: <stable@vger.kernel.org> #v5.5
Fixes: 72dc8df7920f ("usb: chipidea: udc: protect usb interrupt enable")
Reported-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/r/20200316031034.17847-2-peter.chen@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Murphy Zhou [Sat, 14 Mar 2020 03:38:31 +0000 (11:38 +0800)]
 
CIFS: fiemap: do not return EINVAL if get nothing
If we call fiemap on a truncated file with none blocks allocated,
it makes sense we get nothing from this call. No output means
no blocks have been counted, but the call succeeded. It's a valid
response.
Simple example reproducer:
xfs_io -f 'truncate 2M' -c 'fiemap -v' /cifssch/testfile
xfs_io: ioctl(FS_IOC_FIEMAP) ["/cifssch/testfile"]: Invalid argument
Signed-off-by: Murphy Zhou <jencce.kernel@gmail.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
CC: Stable <stable@vger.kernel.org>
Shyam Prasad N [Mon, 9 Mar 2020 08:35:09 +0000 (01:35 -0700)]
 
CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first
The num_remote_opens counter keeps track of the number of open files which must be
maintained by the server at any point. This is a per-tree-connect counter, and the value
of this counter gets displayed in the /proc/fs/cifs/Stats output as a following...
Open files: 0 total (local), 1 open on server
                             ^^^^^^^^^^^^^^^^
As a thumb-rule, we want to increment this counter for each open/create that we
successfully execute on the server. Similarly, we should decrement the counter when
we successfully execute a close.
In this case, an increment was being missed in case of smb2_query_dir_first,
in case of successful open. As a result, we would underflow the counter and we
could even see the counter go to negative after sufficient smb2_query_dir_first calls.
I tested the stats counter for a bunch of filesystem operations with the fix.
And it looks like the counter looks correct to me.
I also check if we missed the increments and decrements elsewhere. It does not
seem so. Few other cases where an open is done and we don't increment the counter are
the compound calls where the corresponding close is also sent in the request.
Signed-off-by: Shyam Prasad N <nspmangalore@gmail.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Dan Carpenter [Fri, 28 Feb 2020 09:22:59 +0000 (12:22 +0300)]
 
cifs: potential unintitliazed error code in cifs_getattr()
Smatch complains that "rc" could be uninitialized.
    fs/cifs/inode.c:2206 cifs_getattr() error: uninitialized symbol 'rc'.
Changing it to "return 0;" improves readability as well.
Fixes: cc1baf98c8f6 ("cifs: do not ignore the SYNC flags in getattr")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Jian-Hong Pan [Tue, 17 Mar 2020 08:28:09 +0000 (16:28 +0800)]
 
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
A headset on the desktop like Acer N50-600 does not work, until quirk
ALC662_FIXUP_ACER_NITRO_HEADSET_MODE is applied.
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200317082806.73194-3-jian-hong@endlessm.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Jian-Hong Pan [Tue, 17 Mar 2020 08:28:07 +0000 (16:28 +0800)]
 
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
The Acer desktop X2660G with ALC662 can't detect the headset microphone
until ALC662_FIXUP_ACER_X2660G_HEADSET_MODE quirk applied.
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200317082806.73194-2-jian-hong@endlessm.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Linus Torvalds [Tue, 17 Mar 2020 16:38:03 +0000 (09:38 -0700)]
 
Merge branch 'for-linus' of git://git./linux/kernel/git/hid/hid
Pull HID fixes from Jiri Kosina:
 - string buffer formatting fixes in picolcd and sensor drivers, from
   Takashi Iwai
 - two new device IDs from Chen-Tsung Hsieh and Tony Fischetti
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
  HID: add ALWAYS_POLL quirk to lenovo pixart mouse
  HID: google: add moonball USB id
  HID: hid-sensor-custom: Use scnprintf() for avoiding potential buffer overflow
  HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow
Andy Shevchenko [Mon, 17 Feb 2020 11:40:16 +0000 (13:40 +0200)]
 
serial: 8250_port: Disable DMA operations for kernel console
It would be too tricky and error prone to allow DMA operations on
kernel console.
One of the concern is when DMA is a separate device, for example on
Intel CherryTrail platforms, and might need special work around to be
functional, see the commit
  
eebb3e8d8aaf ("ACPI / LPSS: override power state for LPSS DMA device")
for more information.
Another one is that kernel console is used in atomic context, e.g.
when printing crucial information to the user (Oops or crash),
and DMA may not serve due to power management complications
including non-atomic ACPI calls but not limited to it (see above).
Besides that, other concerns are described in the commit
  
84b40e3b57ee ("serial: 8250: omap: Disable DMA for console UART")
done for OMAP UART and may be repeated here.
Disable any kind of DMA operations on kernel console due to above concerns.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20200217114016.49856-7-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Andy Shevchenko [Mon, 17 Feb 2020 11:40:15 +0000 (13:40 +0200)]
 
serial: 8250_port: Don't use power management for kernel console
Doing any kind of power management for kernel console is really bad idea.
First of all, it runs in poll and atomic mode. This fact attaches a limitation
on the functions that might be called. For example, pm_runtime_get_sync() might
sleep and thus can't be used. This call needs, for example, to bring the device
to powered on state on the system, where the power on sequence may require
on-atomic operations, such as Intel Cherrytrail with ACPI enumerated UARTs.
That said, on ACPI enabled platforms it might even call firmware for a job.
On the other hand pm_runtime_get() doesn't guarantee that device will become
powered on fast enough.
Besides that, imagine the case when console is about to print a kernel Oops and
it's powered off. In such an emergency case calling the complex functions is
not the best what we can do, taking into consideration that user wants to see
at least something of the last kernel word before it passes away.
Here we modify the 8250 console code to prevent runtime power management.
Note, there is a behaviour change for OMAP boards. It will require to detach
kernel console to become idle.
Link: https://lists.openwall.net/linux-kernel/2018/09/29/65
Suggested-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20200217114016.49856-6-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Andy Shevchenko [Mon, 17 Feb 2020 11:40:12 +0000 (13:40 +0200)]
 
serial: core: Allow detach and attach serial device for console
In the future we would like to disable power management on the serial devices
used as kernel consoles to avoid weird behaviour in some cases. However,
disabling PM may prevent system to go to deep sleep states, which in its turn
leads to the higher power consumption.
Tony Lindgren proposed a work around, i.e. allow user to detach such consoles
to make PM working again. In case user wants to see what's going on, it also
provides a mechanism to attach console back.
Link: https://lists.openwall.net/linux-kernel/2018/09/29/65
Suggested-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20200217114016.49856-3-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Tue, 17 Mar 2020 14:26:43 +0000 (15:26 +0100)]
 
Merge branch 'for-5.7-console-exit' of git://git./linux/kernel/git/pmladek/printk into tty-next
We need the console patches in here as well for futher work from Andy.
* 'for-5.7-console-exit' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
  console: Introduce ->exit() callback
  console: Don't notify user space when unregister non-listed console
  console: Avoid positive return code from unregister_console()
  console: Drop misleading comment
  console: Use for_each_console() helper in unregister_console()
  console: Drop double check for console_drivers being non-NULL
  console: Don't perform test for CON_BRL flag
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>