1. 25 Feb, 2016 1 commit
    • Mike Krinkin's avatar
      KVM: x86: MMU: fix ubsan index-out-of-range warning · 17e4bce0
      Mike Krinkin authored
      Ubsan reports the following warning due to a typo in
      update_accessed_dirty_bits template, the patch fixes
      the typo:
      
      [  168.791851] ================================================================================
      [  168.791862] UBSAN: Undefined behaviour in arch/x86/kvm/paging_tmpl.h:252:15
      [  168.791866] index 4 is out of range for type 'u64 [4]'
      [  168.791871] CPU: 0 PID: 2950 Comm: qemu-system-x86 Tainted: G           O L  4.5.0-rc5-next-20160222 #7
      [  168.791873] Hardware name: LENOVO 23205NG/23205NG, BIOS G2ET95WW (2.55 ) 07/09/2013
      [  168.791876]  0000000000000000 ffff8801cfcaf208 ffffffff81c9f780 0000000041b58ab3
      [  168.791882]  ffffffff82eb2cc1 ffffffff81c9f6b4 ffff8801cfcaf230 ffff8801cfcaf1e0
      [  168.791886]  0000000000000004 0000000000000001 0000000000000000 ffffffffa1981600
      [  168.791891] Call Trace:
      [  168.791899]  [<ffffffff81c9f780>] dump_stack+0xcc/0x12c
      [  168.791904]  [<ffffffff81c9f6b4>] ? _atomic_dec_and_lock+0xc4/0xc4
      [  168.791910]  [<ffffffff81da9e81>] ubsan_epilogue+0xd/0x8a
      [  168.791914]  [<ffffffff81daafa2>] __ubsan_handle_out_of_bounds+0x15c/0x1a3
      [  168.791918]  [<ffffffff81daae46>] ? __ubsan_handle_shift_out_of_bounds+0x2bd/0x2bd
      [  168.791922]  [<ffffffff811287ef>] ? get_user_pages_fast+0x2bf/0x360
      [  168.791954]  [<ffffffffa1794050>] ? kvm_largepages_enabled+0x30/0x30 [kvm]
      [  168.791958]  [<ffffffff81128530>] ? __get_user_pages_fast+0x360/0x360
      [  168.791987]  [<ffffffffa181b818>] paging64_walk_addr_generic+0x1b28/0x2600 [kvm]
      [  168.792014]  [<ffffffffa1819cf0>] ? init_kvm_mmu+0x1100/0x1100 [kvm]
      [  168.792019]  [<ffffffff8129e350>] ? debug_check_no_locks_freed+0x350/0x350
      [  168.792044]  [<ffffffffa1819cf0>] ? init_kvm_mmu+0x1100/0x1100 [kvm]
      [  168.792076]  [<ffffffffa181c36d>] paging64_gva_to_gpa+0x7d/0x110 [kvm]
      [  168.792121]  [<ffffffffa181c2f0>] ? paging64_walk_addr_generic+0x2600/0x2600 [kvm]
      [  168.792130]  [<ffffffff812e848b>] ? debug_lockdep_rcu_enabled+0x7b/0x90
      [  168.792178]  [<ffffffffa17d9a4a>] emulator_read_write_onepage+0x27a/0x1150 [kvm]
      [  168.792208]  [<ffffffffa1794d44>] ? __kvm_read_guest_page+0x54/0x70 [kvm]
      [  168.792234]  [<ffffffffa17d97d0>] ? kvm_task_switch+0x160/0x160 [kvm]
      [  168.792238]  [<ffffffff812e848b>] ? debug_lockdep_rcu_enabled+0x7b/0x90
      [  168.792263]  [<ffffffffa17daa07>] emulator_read_write+0xe7/0x6d0 [kvm]
      [  168.792290]  [<ffffffffa183b620>] ? em_cr_write+0x230/0x230 [kvm]
      [  168.792314]  [<ffffffffa17db005>] emulator_write_emulated+0x15/0x20 [kvm]
      [  168.792340]  [<ffffffffa18465f8>] segmented_write+0xf8/0x130 [kvm]
      [  168.792367]  [<ffffffffa1846500>] ? em_lgdt+0x20/0x20 [kvm]
      [  168.792374]  [<ffffffffa14db512>] ? vmx_read_guest_seg_ar+0x42/0x1e0 [kvm_intel]
      [  168.792400]  [<ffffffffa1846d82>] writeback+0x3f2/0x700 [kvm]
      [  168.792424]  [<ffffffffa1846990>] ? em_sidt+0xa0/0xa0 [kvm]
      [  168.792449]  [<ffffffffa185554d>] ? x86_decode_insn+0x1b3d/0x4f70 [kvm]
      [  168.792474]  [<ffffffffa1859032>] x86_emulate_insn+0x572/0x3010 [kvm]
      [  168.792499]  [<ffffffffa17e71dd>] x86_emulate_instruction+0x3bd/0x2110 [kvm]
      [  168.792524]  [<ffffffffa17e6e20>] ? reexecute_instruction.part.110+0x2e0/0x2e0 [kvm]
      [  168.792532]  [<ffffffffa14e9a81>] handle_ept_misconfig+0x61/0x460 [kvm_intel]
      [  168.792539]  [<ffffffffa14e9a20>] ? handle_pause+0x450/0x450 [kvm_intel]
      [  168.792546]  [<ffffffffa15130ea>] vmx_handle_exit+0xd6a/0x1ad0 [kvm_intel]
      [  168.792572]  [<ffffffffa17f6a6c>] ? kvm_arch_vcpu_ioctl_run+0xbdc/0x6090 [kvm]
      [  168.792597]  [<ffffffffa17f6bcd>] kvm_arch_vcpu_ioctl_run+0xd3d/0x6090 [kvm]
      [  168.792621]  [<ffffffffa17f6a6c>] ? kvm_arch_vcpu_ioctl_run+0xbdc/0x6090 [kvm]
      [  168.792627]  [<ffffffff8293b530>] ? __ww_mutex_lock_interruptible+0x1630/0x1630
      [  168.792651]  [<ffffffffa17f5e90>] ? kvm_arch_vcpu_runnable+0x4f0/0x4f0 [kvm]
      [  168.792656]  [<ffffffff811eeb30>] ? preempt_notifier_unregister+0x190/0x190
      [  168.792681]  [<ffffffffa17e0447>] ? kvm_arch_vcpu_load+0x127/0x650 [kvm]
      [  168.792704]  [<ffffffffa178e9a3>] kvm_vcpu_ioctl+0x553/0xda0 [kvm]
      [  168.792727]  [<ffffffffa178e450>] ? vcpu_put+0x40/0x40 [kvm]
      [  168.792732]  [<ffffffff8129e350>] ? debug_check_no_locks_freed+0x350/0x350
      [  168.792735]  [<ffffffff82946087>] ? _raw_spin_unlock+0x27/0x40
      [  168.792740]  [<ffffffff8163a943>] ? handle_mm_fault+0x1673/0x2e40
      [  168.792744]  [<ffffffff8129daa8>] ? trace_hardirqs_on_caller+0x478/0x6c0
      [  168.792747]  [<ffffffff8129dcfd>] ? trace_hardirqs_on+0xd/0x10
      [  168.792751]  [<ffffffff812e848b>] ? debug_lockdep_rcu_enabled+0x7b/0x90
      [  168.792756]  [<ffffffff81725a80>] do_vfs_ioctl+0x1b0/0x12b0
      [  168.792759]  [<ffffffff817258d0>] ? ioctl_preallocate+0x210/0x210
      [  168.792763]  [<ffffffff8174aef3>] ? __fget+0x273/0x4a0
      [  168.792766]  [<ffffffff8174acd0>] ? __fget+0x50/0x4a0
      [  168.792770]  [<ffffffff8174b1f6>] ? __fget_light+0x96/0x2b0
      [  168.792773]  [<ffffffff81726bf9>] SyS_ioctl+0x79/0x90
      [  168.792777]  [<ffffffff82946880>] entry_SYSCALL_64_fastpath+0x23/0xc1
      [  168.792780] ================================================================================
      Signed-off-by: default avatarMike Krinkin <krinkin.m.u@gmail.com>
      Reviewed-by: default avatarXiao Guangrong <guangrong.xiao@linux.intel.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      17e4bce0
  2. 24 Feb, 2016 3 commits
    • Christian Borntraeger's avatar
      KVM: async_pf: do not warn on page allocation failures · d7444794
      Christian Borntraeger authored
      In async_pf we try to allocate with NOWAIT to get an element quickly
      or fail. This code also handle failures gracefully. Lets silence
      potential page allocation failures under load.
      
      qemu-system-s39: page allocation failure: order:0,mode:0x2200000
      [...]
      Call Trace:
      ([<00000000001146b8>] show_trace+0xf8/0x148)
      [<000000000011476a>] show_stack+0x62/0xe8
      [<00000000004a36b8>] dump_stack+0x70/0x98
      [<0000000000272c3a>] warn_alloc_failed+0xd2/0x148
      [<000000000027709e>] __alloc_pages_nodemask+0x94e/0xb38
      [<00000000002cd36a>] new_slab+0x382/0x400
      [<00000000002cf7ac>] ___slab_alloc.constprop.30+0x2dc/0x378
      [<00000000002d03d0>] kmem_cache_alloc+0x160/0x1d0
      [<0000000000133db4>] kvm_setup_async_pf+0x6c/0x198
      [<000000000013dee8>] kvm_arch_vcpu_ioctl_run+0xd48/0xd58
      [<000000000012fcaa>] kvm_vcpu_ioctl+0x372/0x690
      [<00000000002f66f6>] do_vfs_ioctl+0x3be/0x510
      [<00000000002f68ec>] SyS_ioctl+0xa4/0xb8
      [<0000000000781c5e>] system_call+0xd6/0x264
      [<000003ffa24fa06a>] 0x3ffa24fa06a
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Reviewed-by: default avatarDominik Dingel <dingel@linux.vnet.ibm.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      d7444794
    • Paolo Bonzini's avatar
      KVM: x86: fix conversion of addresses to linear in 32-bit protected mode · 0c1d77f4
      Paolo Bonzini authored
      Commit e8dd2d2d ("Silence compiler warning in arch/x86/kvm/emulate.c",
      2015-09-06) broke boot of the Hurd.  The bug is that the "default:"
      case actually could modify "la", but after the patch this change is
      not reflected in *linear.
      
      The bug is visible whenever a non-zero segment base causes the linear
      address to wrap around the 4GB mark.
      
      Fixes: e8dd2d2d
      Cc: stable@vger.kernel.org
      Reported-by: default avatarAurelien Jarno <aurelien@aurel32.net>
      Tested-by: default avatarAurelien Jarno <aurelien@aurel32.net>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      0c1d77f4
    • Paolo Bonzini's avatar
      KVM: x86: fix missed hardware breakpoints · 172b2386
      Paolo Bonzini authored
      Sometimes when setting a breakpoint a process doesn't stop on it.
      This is because the debug registers are not loaded correctly on
      VCPU load.
      
      The following simple reproducer from Oleg Nesterov tries using debug
      registers in two threads.  To see the bug, run a 2-VCPU guest with
      "taskset -c 0" and run "./bp 0 1" inside the guest.
      
          #include <unistd.h>
          #include <signal.h>
          #include <stdlib.h>
          #include <stdio.h>
          #include <sys/wait.h>
          #include <sys/ptrace.h>
          #include <sys/user.h>
          #include <asm/debugreg.h>
          #include <assert.h>
      
          #define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
      
          unsigned long encode_dr7(int drnum, int enable, unsigned int type, unsigned int len)
          {
              unsigned long dr7;
      
              dr7 = ((len | type) & 0xf)
                  << (DR_CONTROL_SHIFT + drnum * DR_CONTROL_SIZE);
              if (enable)
                  dr7 |= (DR_GLOBAL_ENABLE << (drnum * DR_ENABLE_SIZE));
      
              return dr7;
          }
      
          int write_dr(int pid, int dr, unsigned long val)
          {
              return ptrace(PTRACE_POKEUSER, pid,
                      offsetof (struct user, u_debugreg[dr]),
                      val);
          }
      
          void set_bp(pid_t pid, void *addr)
          {
              unsigned long dr7;
              assert(write_dr(pid, 0, (long)addr) == 0);
              dr7 = encode_dr7(0, 1, DR_RW_EXECUTE, DR_LEN_1);
              assert(write_dr(pid, 7, dr7) == 0);
          }
      
          void *get_rip(int pid)
          {
              return (void*)ptrace(PTRACE_PEEKUSER, pid,
                      offsetof(struct user, regs.rip), 0);
          }
      
          void test(int nr)
          {
              void *bp_addr = &&label + nr, *bp_hit;
              int pid;
      
              printf("test bp %d\n", nr);
              assert(nr < 16); // see 16 asm nops below
      
              pid = fork();
              if (!pid) {
                  assert(ptrace(PTRACE_TRACEME, 0,0,0) == 0);
                  kill(getpid(), SIGSTOP);
                  for (;;) {
                      label: asm (
                          "nop; nop; nop; nop;"
                          "nop; nop; nop; nop;"
                          "nop; nop; nop; nop;"
                          "nop; nop; nop; nop;"
                      );
                  }
              }
      
              assert(pid == wait(NULL));
              set_bp(pid, bp_addr);
      
              for (;;) {
                  assert(ptrace(PTRACE_CONT, pid, 0, 0) == 0);
                  assert(pid == wait(NULL));
      
                  bp_hit = get_rip(pid);
                  if (bp_hit != bp_addr)
                      fprintf(stderr, "ERR!! hit wrong bp %ld != %d\n",
                          bp_hit - &&label, nr);
              }
          }
      
          int main(int argc, const char *argv[])
          {
              while (--argc) {
                  int nr = atoi(*++argv);
                  if (!fork())
                      test(nr);
              }
      
              while (wait(NULL) > 0)
                  ;
              return 0;
          }
      
      Cc: stable@vger.kernel.org
      Suggested-by: default avatarNadav Amit <namit@cs.technion.ac.il>
      Reported-by: default avatarAndrey Wagin <avagin@gmail.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      172b2386
  3. 19 Feb, 2016 2 commits
  4. 17 Feb, 2016 16 commits
    • Jessica Yu's avatar
      ftrace/module: remove ftrace module notifier · 7dcd182b
      Jessica Yu authored
      Remove the ftrace module notifier in favor of directly calling
      ftrace_module_enable() and ftrace_release_mod() in the module loader.
      Hard-coding the function calls directly in the module loader removes
      dependence on the module notifier call chain and provides better
      visibility and control over what gets called when, which is important
      to kernel utilities such as livepatch.
      
      This fixes a notifier ordering issue in which the ftrace module notifier
      (and hence ftrace_module_enable()) for coming modules was being called
      after klp_module_notify(), which caused livepatch modules to initialize
      incorrectly. This patch removes dependence on the module notifier call
      chain in favor of hard coding the corresponding function calls in the
      module loader. This ensures that ftrace and livepatch code get called in
      the correct order on patch module load and unload.
      
      Fixes: 5156dca3 ("ftrace: Fix the race between ftrace and insmod")
      Signed-off-by: default avatarJessica Yu <jeyu@redhat.com>
      Reviewed-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Reviewed-by: default avatarPetr Mladek <pmladek@suse.cz>
      Acked-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Reviewed-by: default avatarMiroslav Benes <mbenes@suse.cz>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      7dcd182b
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 28507135
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A collection of fixes from the past few weeks that should go into 4.5.
        This contains:
      
         - Overflow fix for sysfs discard show function from Alan.
      
         - A stacking limit init fix for max_dev_sectors, so we don't end up
           artificially capping some use cases.  From Keith.
      
         - Have blk-mq proper end unstarted requests on a dying queue, instead
           of pushing that to the driver.  From Keith.
      
         - NVMe:
              - Update to Kconfig description for NVME_SCSI, since it was
                vague and having it on is important for some SUSE distros.
                From Christoph.
              - Set of fixes from Keith, around surprise removal. Also kills
                the no-merge flag, so it supports merging.
      
         - Set of fixes for lightnvm from Matias, Javier, and Wenwei.
      
         - Fix null_blk oops when asked for lightnvm, but not available.  From
           Matias.
      
         - Copy-to-user EINTR fix from Hannes, fixing a case where SG_IO fails
           if interrupted by a signal.
      
         - Two floppy fixes from Jiri, fixing signal handling and blocking
           open.
      
         - A use-after-free fix for O_DIRECT, from Mike Krinkin.
      
         - A block module ref count fix from Roman Pen.
      
         - An fs IO wait accounting fix for O_DSYNC from Stephane Gasparini.
      
         - Smaller reallo fix for xen-blkfront from Bob Liu.
      
         - Removal of an unused struct member in the deadline IO scheduler,
           from Tahsin.
      
         - Also from Tahsin, properly initialize inode struct members
           associated with cgroup writeback, if enabled.
      
         - From Tejun, ensure that we keep the superblock pinned during cgroup
           writeback"
      
      * 'for-linus' of git://git.kernel.dk/linux-block: (25 commits)
        blk: fix overflow in queue_discard_max_hw_show
        writeback: initialize inode members that track writeback history
        writeback: keep superblock pinned during cgroup writeback association switches
        bio: return EINTR if copying to user space got interrupted
        NVMe: Rate limit nvme IO warnings
        NVMe: Poll device while still active during remove
        NVMe: Requeue requests on suspended queues
        NVMe: Allow request merges
        NVMe: Fix io incapable return values
        blk-mq: End unstarted requests on dying queue
        block: Initialize max_dev_sectors to 0
        null_blk: oops when initializing without lightnvm
        block: fix module reference leak on put_disk() call for cgroups throttle
        nvme: fix Kconfig description for BLK_DEV_NVME_SCSI
        kernel/fs: fix I/O wait not accounted for RW O_DSYNC
        floppy: refactor open() flags handling
        lightnvm: allow to force mm initialization
        lightnvm: check overflow and correct mlc pairs
        lightnvm: fix request intersection locking in rrpc
        lightnvm: warn if irqs are disabled in lock laddr
        ...
      28507135
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-4.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · c28b947d
      Linus Torvalds authored
      Pull DeviceTree fixes from Rob Herring:
      
       - Fix irq msi-map calculation for nonzero rid-base.
      
       - Binding doc updates for GICv3, fsl-imx-uart, and S3C RTC.
      
      * tag 'devicetree-fixes-for-4.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        rtc: s3c: Document required clocks in the DT binding
        serial: fsl-imx-uart: Fix typo in fsl,dte-mode description
        dt-bindings: arm, gic-v3: require that reserved cells are always 0
        of/irq: Fix msi-map calculation for nonzero rid-base
      c28b947d
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 35683dd3
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "This has two main sets of fixes:
      
         - A bunch of Exynos fixes, mainly for their MIC component.
      
         - vblank regression fixes from Mario, apparantly some changes in 4.4
           caused some vblank breakage on radeon/nouveau, this set fixes all
           the issues seen.
      
        There is also a revert of one of the MST changse, that I was
        overzealous in including, that broke 30" MST monitors, and two qxl
        fixes"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/qxl: fix erroneous return value
        drm/nouveau/display: Enable vblank irqs after display engine is on again.
        drm/radeon/pm: Handle failure of drm_vblank_get.
        drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)
        drm: Fix drm_vblank_pre/post_modeset regression from Linux 4.4
        drm: Prevent vblank counter bumps > 1 with active vblank clients. (v2)
        drm: No-Op redundant calls to drm_vblank_off() (v2)
        drm/qxl: use kmalloc_array to alloc reloc_info in qxl_process_single_command
        Revert "drm/dp/mst: change MST detection scheme"
        drm/exynos/decon: fix disable clocks order
        drm/exynos: fix incorrect cpu address for dma_mmap_attrs()
        drm/exynos: exynos5433_decon: fix wrong state in decon_vblank_enable
        drm/exynos: exynos5433_decon: fix wrong state assignment in decon_enable
        drm/exynos: dsi: restore support for drm bridge
        drm/exynos: mic: make all functions static
        drm/exynos: mic: convert to component framework
        drm/exynos: mic: use devm_clk interface
        drm/exynos: fix types for compilation on 64bit architectures
        drm/exynos: ipp: fix incorrect format specifiers in debug messages
        drm/exynos: depend on ARCH_EXYNOS for DRM_EXYNOS
      35683dd3
    • Linus Torvalds's avatar
      Merge tag 'trace-fixes-v4.5-rc4' of... · a9f70bd4
      Linus Torvalds authored
      Merge tag 'trace-fixes-v4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
      
      Pull tracing fixes from Steven Rostedt:
       "This includes two fixes.
      
        The first is something that has come up a few times and has been
        worked out individually, but it's come up now enough that the problem
        should be generic.  Tracepoints are protected by RCU sched.  There are
        several tracepoints within core infrastructure like kfree().  If a
        tracepoint is called when the CPU is going down, or when it's coming
        up but has yet to be recognized by RCU, a RCU warning is triggered.
      
        This is a true bug as that tracepoint is not protected by RCU.
        Usually, this is taken care of by testing for cpu online as a
        tracepoint condition.  But as this is happening more often, moving it
        from a individual tracepoint to a check in the tracepoint
        infrastructure is more robust.
      
        Note, there is now a duplicate of a cpu online test, because this
        update does not remove the individual checks.  But the overhead is
        small enough that the removal can be done in another release.
      
        The second change is strange linker breakage due to the branch
        tracer's builtin_constant_p() check failing, and treating the
        condition as a variable instead of a constant.  Arnd Bergmann found
        that this can be fixed by testing !!(cond) instead of just (cond)"
      
      * tag 'trace-fixes-v4.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Fix freak link error caused by branch tracer
        tracepoints: Do not trace when cpu is offline
      a9f70bd4
    • Alan's avatar
      blk: fix overflow in queue_discard_max_hw_show · 18f922d0
      Alan authored
      We get this right for queue_discard_max_show but not max_hw_show. Follow the
      same pattern as queue_discard_max_show instead so that we don't truncate.
      Signed-off-by: default avatarAlan Cox <alan@linux.intel.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      18f922d0
    • Anton Protopopov's avatar
      drm/qxl: fix erroneous return value · dada168b
      Anton Protopopov authored
      The qxl_gem_prime_mmap() function returns ENOSYS instead of -ENOSYS
      Signed-off-by: default avatarAnton Protopopov <a.s.protopopov@gmail.com>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      dada168b
    • Mario Kleiner's avatar
      drm/nouveau/display: Enable vblank irqs after display engine is on again. · ff683df7
      Mario Kleiner authored
      In the display resume path, move the calls to drm_vblank_on()
      after the point when the display engine is running again.
      
      Since changes were made to drm_update_vblank_count() in Linux 4.4+
      to emulate hw vblank counters via vblank timestamping, the function
      drm_vblank_on() now needs working high precision vblank timestamping
      and therefore working scanout position queries at time of call.
      These don't work before the display engine gets restarted, causing
      miscalculation of vblank counter increments and thereby large forward
      jumps in vblank count at display resume. These jumps can cause client
      hangs on resume, or desktop hangs in the case of composited desktops.
      
      Fix this Linux 4.4 regression by reordering calls accordingly.
      Signed-off-by: default avatarMario Kleiner <mario.kleiner.de@gmail.com>
      Cc: <stable@vger.kernel.org> # 4.4+
      Cc: Ben Skeggs <bskeggs@redhat.com>
      Cc: ville.syrjala@linux.intel.com
      Cc: daniel.vetter@ffwll.ch
      Cc: dri-devel@lists.freedesktop.org
      Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      ff683df7
    • Mario Kleiner's avatar
      drm/radeon/pm: Handle failure of drm_vblank_get. · e0b34e38
      Mario Kleiner authored
      Make sure that drm_vblank_get/put() stay balanced in
      case drm_vblank_get fails, by skipping the corresponding
      put.
      Signed-off-by: default avatarMario Kleiner <mario.kleiner.de@gmail.com>
      Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Cc: michel@daenzer.net
      Cc: dri-devel@lists.freedesktop.org
      Cc: alexander.deucher@amd.com
      Cc: christian.koenig@amd.com
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      e0b34e38
    • Mario Kleiner's avatar
      drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2) · bb74fc1b
      Mario Kleiner authored
      drm_vblank_offdelay can have three different types of values:
      
      < 0 is to be always treated the same as dev->vblank_disable_immediate
      = 0 is to be treated as "never disable vblanks"
      > 0 is to be treated as disable immediate if kms driver wants it
          that way via dev->vblank_disable_immediate. Otherwise it is
          a disable timeout in msecs.
      
      This got broken in Linux 3.18+ for the implementation of
      drm_vblank_on. If the user specified a value of zero which should
      always reenable vblank irqs in this function, a kms driver could
      override the users choice by setting vblank_disable_immediate
      to true. This patch fixes the regression and keeps the user in
      control.
      
      v2: Only reenable vblank if there are clients left or the user
          requested to "never disable vblanks" via offdelay 0. Enabling
          vblanks even in the "delayed disable" case (offdelay > 0) was
          specifically added by Ville in commit cd19e52a
          ("drm: Kick start vblank interrupts at drm_vblank_on()"),
          but after discussion it turns out that this was done by accident.
      
          Citing Ville: "I think it just ended up as a mess due to changing
          some of the semantics of offdelay<0 vs. offdelay==0 vs.
          disable_immediate during the review of the series. So yeah, given
          how drm_vblank_put() works now, I'd just make this check for
          offdelay==0."
      Signed-off-by: default avatarMario Kleiner <mario.kleiner.de@gmail.com>
      Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      
      Cc: <stable@vger.kernel.org> # 3.18+
      Cc: michel@daenzer.net
      Cc: vbabka@suse.cz
      Cc: ville.syrjala@linux.intel.com
      Cc: daniel.vetter@ffwll.ch
      Cc: dri-devel@lists.freedesktop.org
      Cc: alexander.deucher@amd.com
      Cc: christian.koenig@amd.com
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      bb74fc1b
    • Mario Kleiner's avatar
      drm: Fix drm_vblank_pre/post_modeset regression from Linux 4.4 · c61934ed
      Mario Kleiner authored
      Changes to drm_update_vblank_count() in Linux 4.4 broke the
      behaviour of the pre/post modeset functions as the new update
      code doesn't deal with hw vblank counter resets inbetween calls
      to drm_vblank_pre_modeset an drm_vblank_post_modeset, as it
      should.
      
      This causes mistreatment of such hw counter resets as counter
      wraparound, and thereby large forward jumps of the software
      vblank counter which in turn cause vblank event dispatching
      and vblank waits to fail/hang --> userspace clients hang.
      
      This symptom was reported on radeon-kms to cause a infinite
      hang of KDE Plasma 5 shell's login procedure, preventing users
      from logging in.
      
      Fix this by detecting when drm_update_vblank_count() is called
      inside a pre->post modeset interval. If so, clamp valid vblank
      increments to the safe values 0 and 1, pretty much restoring
      the update behavior of the old update code of Linux 4.3 and
      earlier. Also reset the last recorded hw vblank count at call
      to drm_vblank_post_modeset() to be safe against hw that after
      modesetting, dpms on etc. only fires its first vblank irq after
      drm_vblank_post_modeset() was already called.
      Reported-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Signed-off-by: default avatarMario Kleiner <mario.kleiner.de@gmail.com>
      Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Tested-by: default avatarVlastimil Babka <vbabka@suse.cz>
      
      Cc: <stable@vger.kernel.org> # 4.4+
      Cc: michel@daenzer.net
      Cc: vbabka@suse.cz
      Cc: ville.syrjala@linux.intel.com
      Cc: daniel.vetter@ffwll.ch
      Cc: dri-devel@lists.freedesktop.org
      Cc: alexander.deucher@amd.com
      Cc: christian.koenig@amd.com
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      c61934ed
    • Mario Kleiner's avatar
      drm: Prevent vblank counter bumps > 1 with active vblank clients. (v2) · 99b8e715
      Mario Kleiner authored
      This fixes a regression introduced by the new drm_update_vblank_count()
      implementation in Linux 4.4:
      
      Restrict the bump of the software vblank counter in drm_update_vblank_count()
      to a safe maximum value of +1 whenever there is the possibility that
      concurrent readers of vblank timestamps could be active at the moment,
      as the current implementation of the timestamp caching and updating is
      not safe against concurrent readers for calls to store_vblank() with a
      bump of anything but +1. A bump != 1 would very likely return corrupted
      timestamps to userspace, because the same slot in the cache could
      be concurrently written by store_vblank() and read by one of those
      readers in a non-atomic fashion and without the read-retry logic
      detecting this collision.
      
      Concurrent readers can exist while drm_update_vblank_count() is called
      from the drm_vblank_off() or drm_vblank_on() functions or other non-vblank-
      irq callers. However, all those calls are happening with the vbl_lock
      locked thereby preventing a drm_vblank_get(), so the vblank refcount
      can't increase while drm_update_vblank_count() is executing. Therefore
      a zero vblank refcount during execution of that function signals that
      is safe for arbitrary counter bumps if called from outside vblank irq,
      whereas a non-zero count is not safe.
      
      Whenever the function is called from vblank irq, we have to assume concurrent
      readers could show up any time during its execution, even if the refcount
      is currently zero, as vblank irqs are usually only enabled due to the
      presence of readers, and because when it is called from vblank irq it
      can't hold the vbl_lock to protect it from sudden bumps in vblank refcount.
      Therefore also restrict bumps to +1 when the function is called from vblank
      irq.
      
      Such bumps of more than +1 can happen at other times than reenabling
      vblank irqs, e.g., when regular vblank interrupts get delayed by more
      than 1 frame due to long held locks, long irq off periods, realtime
      preemption on RT kernels, or system management interrupts.
      
      A better solution would be to rewrite the timestamp caching to use
      full seqlocks to allow concurrent writes and reads for arbitrary
      vblank counter increments.
      
      v2: Add code comment that this is essentially a hack and should
          be replaced by a full seqlock implementation for caching of
          timestamps.
      Signed-off-by: default avatarMario Kleiner <mario.kleiner.de@gmail.com>
      Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      
      Cc: <stable@vger.kernel.org> # 4.4+
      Cc: michel@daenzer.net
      Cc: vbabka@suse.cz
      Cc: ville.syrjala@linux.intel.com
      Cc: daniel.vetter@ffwll.ch
      Cc: dri-devel@lists.freedesktop.org
      Cc: alexander.deucher@amd.com
      Cc: christian.koenig@amd.com
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      99b8e715
    • Mario Kleiner's avatar
      drm: No-Op redundant calls to drm_vblank_off() (v2) · e8235891
      Mario Kleiner authored
      Otherwise if a kms driver calls into drm_vblank_off() more than once
      before calling drm_vblank_on() again, the redundant calls to
      vblank_disable_and_save() will call drm_update_vblank_count()
      while hw vblank counters and vblank timestamping are in a undefined
      state during modesets, dpms off etc.
      
      At least with the legacy drm helpers it is not unusual to
      get multiple calls to drm_vblank_off and drm_vblank_on, e.g.,
      half a dozen calls to drm_vblank_off and two calls to drm_vblank_on
      were observed on radeon-kms during dpms-off -> dpms-on transition.
      
      We don't no-op calls from atomic modesetting drivers, as they
      should do a proper job of tracking hw state.
      
      Fixes large jumps of the software maintained vblank counter due to
      the hardware vblank counter resetting to zero during dpms off or
      modeset, e.g., if radeon-kms is modified to use drm_vblank_off/on
      instead of drm_vblank_pre/post_modeset().
      
      This fixes a regression caused by the changes made to
      drm_update_vblank_count() in Linux 4.4.
      
      v2: Don't no-op on atomic modesetting drivers, per suggestion
          of Daniel Vetter.
      Signed-off-by: default avatarMario Kleiner <mario.kleiner.de@gmail.com>
      Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Cc: <stable@vger.kernel.org> # 4.4+
      Cc: michel@daenzer.net
      Cc: vbabka@suse.cz
      Cc: ville.syrjala@linux.intel.com
      Cc: alexander.deucher@amd.com
      Cc: christian.koenig@amd.com
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      e8235891
    • Gerd Hoffmann's avatar
      drm/qxl: use kmalloc_array to alloc reloc_info in qxl_process_single_command · 34855706
      Gerd Hoffmann authored
      This avoids integer overflows on 32bit machines when calculating
      reloc_info size, as reported by Alan Cox.
      
      Cc: stable@vger.kernel.org
      Cc: gnomes@lxorguk.ukuu.org.uk
      Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      34855706
    • Dave Airlie's avatar
      Merge branch 'exynos-drm-fixes' of... · e8f051e9
      Dave Airlie authored
      Merge branch 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes
      
        Summary:
         - fix compilation warnings on ARM64bit.
         - fix mic driver initialization.
           . MIC is a part of KMS so it converts it to use component framework
             like other KMS drivers did.
         - fix wrong driver state and disable clock order on DECON driver.
         - fix incorrect use of dma_mmap_attrs function.
      
      * 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos:
        drm/exynos/decon: fix disable clocks order
        drm/exynos: fix incorrect cpu address for dma_mmap_attrs()
        drm/exynos: exynos5433_decon: fix wrong state in decon_vblank_enable
        drm/exynos: exynos5433_decon: fix wrong state assignment in decon_enable
        drm/exynos: dsi: restore support for drm bridge
        drm/exynos: mic: make all functions static
        drm/exynos: mic: convert to component framework
        drm/exynos: mic: use devm_clk interface
        drm/exynos: fix types for compilation on 64bit architectures
        drm/exynos: ipp: fix incorrect format specifiers in debug messages
        drm/exynos: depend on ARCH_EXYNOS for DRM_EXYNOS
      e8f051e9
    • Dave Airlie's avatar
      Revert "drm/dp/mst: change MST detection scheme" · 8ae22cb4
      Dave Airlie authored
      This reverts commit cfcfa086.
      
      This causes the tiling properties to break in some unexpected ways,
      
      Revert it for now.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      8ae22cb4
  5. 16 Feb, 2016 8 commits
  6. 15 Feb, 2016 10 commits
    • Arnd Bergmann's avatar
      tracing: Fix freak link error caused by branch tracer · b33c8ff4
      Arnd Bergmann authored
      In my randconfig tests, I came across a bug that involves several
      components:
      
      * gcc-4.9 through at least 5.3
      * CONFIG_GCOV_PROFILE_ALL enabling -fprofile-arcs for all files
      * CONFIG_PROFILE_ALL_BRANCHES overriding every if()
      * The optimized implementation of do_div() that tries to
        replace a library call with an division by multiplication
      * code in drivers/media/dvb-frontends/zl10353.c doing
      
              u32 adc_clock = 450560; /* 45.056 MHz */
              if (state->config.adc_clock)
                      adc_clock = state->config.adc_clock;
              do_div(value, adc_clock);
      
      In this case, gcc fails to determine whether the divisor
      in do_div() is __builtin_constant_p(). In particular, it
      concludes that __builtin_constant_p(adc_clock) is false, while
      __builtin_constant_p(!!adc_clock) is true.
      
      That in turn throws off the logic in do_div() that also uses
      __builtin_constant_p(), and instead of picking either the
      constant- optimized division, and the code in ilog2() that uses
      __builtin_constant_p() to figure out whether it knows the answer at
      compile time. The result is a link error from failing to find
      multiple symbols that should never have been called based on
      the __builtin_constant_p():
      
      dvb-frontends/zl10353.c:138: undefined reference to `____ilog2_NaN'
      dvb-frontends/zl10353.c:138: undefined reference to `__aeabi_uldivmod'
      ERROR: "____ilog2_NaN" [drivers/media/dvb-frontends/zl10353.ko] undefined!
      ERROR: "__aeabi_uldivmod" [drivers/media/dvb-frontends/zl10353.ko] undefined!
      
      This patch avoids the problem by changing __trace_if() to check
      whether the condition is known at compile-time to be nonzero, rather
      than checking whether it is actually a constant.
      
      I see this one link error in roughly one out of 1600 randconfig builds
      on ARM, and the patch fixes all known instances.
      
      Link: http://lkml.kernel.org/r/1455312410-1058841-1-git-send-email-arnd@arndb.deAcked-by: default avatarNicolas Pitre <nico@linaro.org>
      Fixes: ab3c9c68 ("branch tracer, intel-iommu: fix build with CONFIG_BRANCH_TRACER=y")
      Cc: stable@vger.kernel.org # v2.6.30+
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      b33c8ff4
    • Steven Rostedt (Red Hat)'s avatar
      tracepoints: Do not trace when cpu is offline · f3775549
      Steven Rostedt (Red Hat) authored
      The tracepoint infrastructure uses RCU sched protection to enable and
      disable tracepoints safely. There are some instances where tracepoints are
      used in infrastructure code (like kfree()) that get called after a CPU is
      going offline, and perhaps when it is coming back online but hasn't been
      registered yet.
      
      This can probuce the following warning:
      
       [ INFO: suspicious RCU usage. ]
       4.4.0-00006-g0fe53e8-dirty #34 Tainted: G S
       -------------------------------
       include/trace/events/kmem.h:141 suspicious rcu_dereference_check() usage!
      
       other info that might help us debug this:
      
       RCU used illegally from offline CPU!  rcu_scheduler_active = 1, debug_locks = 1
       no locks held by swapper/8/0.
      
       stack backtrace:
        CPU: 8 PID: 0 Comm: swapper/8 Tainted: G S              4.4.0-00006-g0fe53e8-dirty #34
        Call Trace:
        [c0000005b76c78d0] [c0000000008b9540] .dump_stack+0x98/0xd4 (unreliable)
        [c0000005b76c7950] [c00000000010c898] .lockdep_rcu_suspicious+0x108/0x170
        [c0000005b76c79e0] [c00000000029adc0] .kfree+0x390/0x440
        [c0000005b76c7a80] [c000000000055f74] .destroy_context+0x44/0x100
        [c0000005b76c7b00] [c0000000000934a0] .__mmdrop+0x60/0x150
        [c0000005b76c7b90] [c0000000000e3ff0] .idle_task_exit+0x130/0x140
        [c0000005b76c7c20] [c000000000075804] .pseries_mach_cpu_die+0x64/0x310
        [c0000005b76c7cd0] [c000000000043e7c] .cpu_die+0x3c/0x60
        [c0000005b76c7d40] [c0000000000188d8] .arch_cpu_idle_dead+0x28/0x40
        [c0000005b76c7db0] [c000000000101e6c] .cpu_startup_entry+0x50c/0x560
        [c0000005b76c7ed0] [c000000000043bd8] .start_secondary+0x328/0x360
        [c0000005b76c7f90] [c000000000008a6c] start_secondary_prolog+0x10/0x14
      
      This warning is not a false positive either. RCU is not protecting code that
      is being executed while the CPU is offline.
      
      Instead of playing "whack-a-mole(TM)" and adding conditional statements to
      the tracepoints we find that are used in this instance, simply add a
      cpu_online() test to the tracepoint code where the tracepoint will be
      ignored if the CPU is offline.
      
      Use of raw_smp_processor_id() is fine, as there should never be a case where
      the tracepoint code goes from running on a CPU that is online and suddenly
      gets migrated to a CPU that is offline.
      
      Link: http://lkml.kernel.org/r/1455387773-4245-1-git-send-email-kda@linux-powerpc.orgReported-by: default avatarDenis Kirjanov <kda@linux-powerpc.org>
      Fixes: 97e1c18e ("tracing: Kernel Tracepoints")
      Cc: stable@vger.kernel.org # v2.6.28+
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      f3775549
    • Andrzej Hajda's avatar
      drm/exynos/decon: fix disable clocks order · 00780f3b
      Andrzej Hajda authored
      Decon requires that clocks should be disabled in reverse order. Otherwise
      system hangs.
      Signed-off-by: default avatarAndrzej Hajda <a.hajda@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      00780f3b
    • Marek Szyprowski's avatar
      drm/exynos: fix incorrect cpu address for dma_mmap_attrs() · d380a163
      Marek Szyprowski authored
      dma_mmap_attrs() should be called with cpu address returned by
      dma_alloc_attrs(). Existing code however passed pages array base as cpu
      address. This worked only by a pure luck on ARM architecture. This patch
      fixes this issue.
      Signed-off-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      d380a163
    • Marek Szyprowski's avatar
      drm/exynos: exynos5433_decon: fix wrong state in decon_vblank_enable · 74ebc706
      Marek Szyprowski authored
      BIT_IRQS_ENABLED was never set because of incorrect test in
      decon_vlank_enable() function, what resulted in lack of enabling vblank
      support. This patch fixes this issue.
      Signed-off-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      74ebc706
    • Marek Szyprowski's avatar
      drm/exynos: exynos5433_decon: fix wrong state assignment in decon_enable · c90f950c
      Marek Szyprowski authored
      Patch ebf3fd40 ("drm/exynos: add
      pm_runtime to DECON 5433") removed some code from decon_enable()
      function, but it left set_bit(BIT_SUSPENDED, &ctx->flags) call, which
      was earlier called only in error path. This patch removes it, what
      finally lets driver to go out of suspended state.
      Signed-off-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      c90f950c
    • Marek Szyprowski's avatar
      drm/exynos: dsi: restore support for drm bridge · e7ad6606
      Marek Szyprowski authored
      This patch fixes issue introduced by commit
      cf67cc9a ("drm/exynos: remove struct
      exynos_drm_display"), which removed assigning of drm bridge to drm
      encoder. Lack of it caused that no bridge callbacks were called on
      encoder enable/disable actions.
      Signed-off-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      e7ad6606
    • Marek Szyprowski's avatar
      drm/exynos: mic: make all functions static · 8b0be572
      Marek Szyprowski authored
      There is no point exposing all internal functions to global kernel name
      space, so make all internals functions static.
      Signed-off-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      8b0be572
    • Marek Szyprowski's avatar
      drm/exynos: mic: convert to component framework · 622688f3
      Marek Szyprowski authored
      MIC is SoC component and important part of kms pipeline on Exynos5433,
      so convert it to use component framework like other KMS/CRTC drivers.
      MIC driver is already listed on KMS component driver list in Exynos DRM
      core, so without this conversion, initialization of Exynos DRM core
      fails on Exynos 5433 SoC.
      Signed-off-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      622688f3
    • Marek Szyprowski's avatar
      drm/exynos: mic: use devm_clk interface · 38b5e5f4
      Marek Szyprowski authored
      Drivers should use devm_clk* interface instead of of_clk* functions.
      Signed-off-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      38b5e5f4