1. 25 Jun, 2019 6 commits
  2. 22 Jun, 2019 11 commits
    • Linus Torvalds's avatar
      Linux 5.2-rc6 · 4b972a01
      Linus Torvalds authored
      4b972a01
    • Linus Torvalds's avatar
      Merge tag 'iommu-fix-v5.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 6698a71a
      Linus Torvalds authored
      Pull iommu fix from Joerg Roedel:
       "Revert a commit from the previous pile of fixes which causes new
        lockdep splats. It is better to revert it for now and work on a better
        and more well tested fix"
      
      * tag 'iommu-fix-v5.2-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        Revert "iommu/vt-d: Fix lock inversion between iommu->lock and device_domain_lock"
      6698a71a
    • Peter Xu's avatar
      Revert "iommu/vt-d: Fix lock inversion between iommu->lock and device_domain_lock" · 0aafc8ae
      Peter Xu authored
      This reverts commit 7560cc3c.
      
      With 5.2.0-rc5 I can easily trigger this with lockdep and iommu=pt:
      
          ======================================================
          WARNING: possible circular locking dependency detected
          5.2.0-rc5 #78 Not tainted
          ------------------------------------------------------
          swapper/0/1 is trying to acquire lock:
          00000000ea2b3beb (&(&iommu->lock)->rlock){+.+.}, at: domain_context_mapping_one+0xa5/0x4e0
          but task is already holding lock:
          00000000a681907b (device_domain_lock){....}, at: domain_context_mapping_one+0x8d/0x4e0
          which lock already depends on the new lock.
          the existing dependency chain (in reverse order) is:
          -> #1 (device_domain_lock){....}:
                 _raw_spin_lock_irqsave+0x3c/0x50
                 dmar_insert_one_dev_info+0xbb/0x510
                 domain_add_dev_info+0x50/0x90
                 dev_prepare_static_identity_mapping+0x30/0x68
                 intel_iommu_init+0xddd/0x1422
                 pci_iommu_init+0x16/0x3f
                 do_one_initcall+0x5d/0x2b4
                 kernel_init_freeable+0x218/0x2c1
                 kernel_init+0xa/0x100
                 ret_from_fork+0x3a/0x50
          -> #0 (&(&iommu->lock)->rlock){+.+.}:
                 lock_acquire+0x9e/0x170
                 _raw_spin_lock+0x25/0x30
                 domain_context_mapping_one+0xa5/0x4e0
                 pci_for_each_dma_alias+0x30/0x140
                 dmar_insert_one_dev_info+0x3b2/0x510
                 domain_add_dev_info+0x50/0x90
                 dev_prepare_static_identity_mapping+0x30/0x68
                 intel_iommu_init+0xddd/0x1422
                 pci_iommu_init+0x16/0x3f
                 do_one_initcall+0x5d/0x2b4
                 kernel_init_freeable+0x218/0x2c1
                 kernel_init+0xa/0x100
                 ret_from_fork+0x3a/0x50
      
          other info that might help us debug this:
           Possible unsafe locking scenario:
                 CPU0                    CPU1
                 ----                    ----
            lock(device_domain_lock);
                                         lock(&(&iommu->lock)->rlock);
                                         lock(device_domain_lock);
            lock(&(&iommu->lock)->rlock);
      
           *** DEADLOCK ***
          2 locks held by swapper/0/1:
           #0: 00000000033eb13d (dmar_global_lock){++++}, at: intel_iommu_init+0x1e0/0x1422
           #1: 00000000a681907b (device_domain_lock){....}, at: domain_context_mapping_one+0x8d/0x4e0
      
          stack backtrace:
          CPU: 2 PID: 1 Comm: swapper/0 Not tainted 5.2.0-rc5 #78
          Hardware name: LENOVO 20KGS35G01/20KGS35G01, BIOS N23ET50W (1.25 ) 06/25/2018
          Call Trace:
           dump_stack+0x85/0xc0
           print_circular_bug.cold.57+0x15c/0x195
           __lock_acquire+0x152a/0x1710
           lock_acquire+0x9e/0x170
           ? domain_context_mapping_one+0xa5/0x4e0
           _raw_spin_lock+0x25/0x30
           ? domain_context_mapping_one+0xa5/0x4e0
           domain_context_mapping_one+0xa5/0x4e0
           ? domain_context_mapping_one+0x4e0/0x4e0
           pci_for_each_dma_alias+0x30/0x140
           dmar_insert_one_dev_info+0x3b2/0x510
           domain_add_dev_info+0x50/0x90
           dev_prepare_static_identity_mapping+0x30/0x68
           intel_iommu_init+0xddd/0x1422
           ? printk+0x58/0x6f
           ? lockdep_hardirqs_on+0xf0/0x180
           ? do_early_param+0x8e/0x8e
           ? e820__memblock_setup+0x63/0x63
           pci_iommu_init+0x16/0x3f
           do_one_initcall+0x5d/0x2b4
           ? do_early_param+0x8e/0x8e
           ? rcu_read_lock_sched_held+0x55/0x60
           ? do_early_param+0x8e/0x8e
           kernel_init_freeable+0x218/0x2c1
           ? rest_init+0x230/0x230
           kernel_init+0xa/0x100
           ret_from_fork+0x3a/0x50
      
      domain_context_mapping_one() is taking device_domain_lock first then
      iommu lock, while dmar_insert_one_dev_info() is doing the reverse.
      
      That should be introduced by commit:
      
      7560cc3c ("iommu/vt-d: Fix lock inversion between iommu->lock and
                    device_domain_lock", 2019-05-27)
      
      So far I still cannot figure out how the previous deadlock was
      triggered (I cannot find iommu lock taken before calling of
      iommu_flush_dev_iotlb()), however I'm pretty sure that that change
      should be incomplete at least because it does not fix all the places
      so we're still taking the locks in different orders, while reverting
      that commit is very clean to me so far that we should always take
      device_domain_lock first then the iommu lock.
      
      We can continue to try to find the real culprit mentioned in
      7560cc3c, but for now I think we should revert it to fix current
      breakage.
      
      CC: Joerg Roedel <joro@8bytes.org>
      CC: Lu Baolu <baolu.lu@linux.intel.com>
      CC: dave.jiang@intel.com
      Signed-off-by: default avatarPeter Xu <peterx@redhat.com>
      Tested-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      0aafc8ae
    • Linus Torvalds's avatar
      Merge tag 'pci-v5.2-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · b253d5f3
      Linus Torvalds authored
      Pull PCI fix from Bjorn Helgaas:
       "If an IOMMU is present, ignore the P2PDMA whitelist we added for v5.2
        because we don't yet know how to support P2PDMA in that case (Logan
        Gunthorpe)"
      
      * tag 'pci-v5.2-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI/P2PDMA: Ignore root complex whitelist when an IOMMU is present
      b253d5f3
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · f4102766
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Three driver fixes (and one version number update): a suspend hang in
        ufs, a qla hard lock on module removal and a qedi panic during
        discovery"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: qla2xxx: Fix hardlockup in abort command during driver remove
        scsi: ufs: Avoid runtime suspend possibly being blocked forever
        scsi: qedi: update driver version to 8.37.0.20
        scsi: qedi: Check targetname while finding boot target information
      f4102766
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.2-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · a8282bf0
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "This is a frustratingly large batch at rc5. Some of these were sent
        earlier but were missed by me due to being distracted by other things,
        and some took a while to track down due to needing manual bisection on
        old hardware. But still we clearly need to improve our testing of KVM,
        and of 32-bit, so that we catch these earlier.
      
        Summary: seven fixes, all for bugs introduced this cycle.
      
         - The commit to add KASAN support broke booting on 32-bit SMP
           machines, due to a refactoring that moved some setup out of the
           secondary CPU path.
      
         - A fix for another 32-bit SMP bug introduced by the fast syscall
           entry implementation for 32-bit BOOKE. And a build fix for the same
           commit.
      
         - Our change to allow the DAWR to be force enabled on Power9
           introduced a bug in KVM, where we clobber r3 leading to a host
           crash.
      
         - The same commit also exposed a previously unreachable bug in the
           nested KVM handling of DAWR, which could lead to an oops in a
           nested host.
      
         - One of the DMA reworks broke the b43legacy WiFi driver on some
           people's powermacs, fix it by enabling a 30-bit ZONE_DMA on 32-bit.
      
         - A fix for TLB flushing in KVM introduced a new bug, as it neglected
           to also flush the ERAT, this could lead to memory corruption in the
           guest.
      
        Thanks to: Aaro Koskinen, Christoph Hellwig, Christophe Leroy, Larry
        Finger, Michael Neuling, Suraj Jitindar Singh"
      
      * tag 'powerpc-5.2-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        KVM: PPC: Book3S HV: Invalidate ERAT when flushing guest TLB entries
        powerpc: enable a 30-bit ZONE_DMA for 32-bit pmac
        KVM: PPC: Book3S HV: Only write DAWR[X] when handling h_set_dawr in real mode
        KVM: PPC: Book3S HV: Fix r3 corruption in h_set_dabr()
        powerpc/32: fix build failure on book3e with KVM
        powerpc/booke: fix fast syscall entry on SMP
        powerpc/32s: fix initial setup of segment registers on secondary CPU
      a8282bf0
    • Marcel Holtmann's avatar
      Bluetooth: Fix regression with minimum encryption key size alignment · 693cd8ce
      Marcel Holtmann authored
      When trying to align the minimum encryption key size requirement for
      Bluetooth connections, it turns out doing this in a central location in
      the HCI connection handling code is not possible.
      
      Original Bluetooth version up to 2.0 used a security model where the
      L2CAP service would enforce authentication and encryption.  Starting
      with Bluetooth 2.1 and Secure Simple Pairing that model has changed into
      that the connection initiator is responsible for providing an encrypted
      ACL link before any L2CAP communication can happen.
      
      Now connecting Bluetooth 2.1 or later devices with Bluetooth 2.0 and
      before devices are causing a regression.  The encryption key size check
      needs to be moved out of the HCI connection handling into the L2CAP
      channel setup.
      
      To achieve this, the current check inside hci_conn_security() has been
      moved into l2cap_check_enc_key_size() helper function and then called
      from four decisions point inside L2CAP to cover all combinations of
      Secure Simple Pairing enabled devices and device using legacy pairing
      and legacy service security model.
      
      Fixes: d5bb334a ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections")
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203643Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      693cd8ce
    • Kees Cook's avatar
      x86/asm: Pin sensitive CR0 bits · 8dbec27a
      Kees Cook authored
      With sensitive CR4 bits pinned now, it's possible that the WP bit for
      CR0 might become a target as well.
      
      Following the same reasoning for the CR4 pinning, pin CR0's WP
      bit. Contrary to the cpu feature dependend CR4 pinning this can be done
      with a constant value.
      Suggested-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: kernel-hardening@lists.openwall.com
      Link: https://lkml.kernel.org/r/20190618045503.39105-4-keescook@chromium.org
      8dbec27a
    • Kees Cook's avatar
      x86/asm: Pin sensitive CR4 bits · 873d50d5
      Kees Cook authored
      Several recent exploits have used direct calls to the native_write_cr4()
      function to disable SMEP and SMAP before then continuing their exploits
      using userspace memory access.
      
      Direct calls of this form can be mitigate by pinning bits of CR4 so that
      they cannot be changed through a common function. This is not intended to
      be a general ROP protection (which would require CFI to defend against
      properly), but rather a way to avoid trivial direct function calling (or
      CFI bypasses via a matching function prototype) as seen in:
      
      https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
      (https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308)
      
      The goals of this change:
      
       - Pin specific bits (SMEP, SMAP, and UMIP) when writing CR4.
      
       - Avoid setting the bits too early (they must become pinned only after
         CPU feature detection and selection has finished).
      
       - Pinning mask needs to be read-only during normal runtime.
      
       - Pinning needs to be checked after write to validate the cr4 state
      
      Using __ro_after_init on the mask is done so it can't be first disabled
      with a malicious write.
      
      Since these bits are global state (once established by the boot CPU and
      kernel boot parameters), they are safe to write to secondary CPUs before
      those CPUs have finished feature detection. As such, the bits are set at
      the first cr4 write, so that cr4 write bugs can be detected (instead of
      silently papered over). This uses a few bytes less storage of a location we
      don't have: read-only per-CPU data.
      
      A check is performed after the register write because an attack could just
      skip directly to the register write. Such a direct jump is possible because
      of how this function may be built by the compiler (especially due to the
      removal of frame pointers) where it doesn't add a stack frame (function
      exit may only be a retq without pops) which is sufficient for trivial
      exploitation like in the timer overwrites mentioned above).
      
      The asm argument constraints gain the "+" modifier to convince the compiler
      that it shouldn't make ordering assumptions about the arguments or memory,
      and treat them as changed.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: kernel-hardening@lists.openwall.com
      Link: https://lkml.kernel.org/r/20190618045503.39105-3-keescook@chromium.org
      873d50d5
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · c356dc4b
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix leak of unqueued fragments in ipv6 nf_defrag, from Guillaume
          Nault.
      
       2) Don't access the DDM interface unless the transceiver implements it
          in bnx2x, from Mauro S. M. Rodrigues.
      
       3) Don't double fetch 'len' from userspace in sock_getsockopt(), from
          JingYi Hou.
      
       4) Sign extension overflow in lio_core, from Colin Ian King.
      
       5) Various netem bug fixes wrt. corrupted packets from Jakub Kicinski.
      
       6) Fix epollout hang in hvsock, from Sunil Muthuswamy.
      
       7) Fix regression in default fib6_type, from David Ahern.
      
       8) Handle memory limits in tcp_fragment more appropriately, from Eric
          Dumazet.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (24 commits)
        tcp: refine memory limit test in tcp_fragment()
        inet: clear num_timeout reqsk_alloc()
        net: mvpp2: debugfs: Add pmap to fs dump
        ipv6: Default fib6_type to RTN_UNICAST when not set
        net: hns3: Fix inconsistent indenting
        net/af_iucv: always register net_device notifier
        net/af_iucv: build proper skbs for HiperTransport
        net/af_iucv: remove GFP_DMA restriction for HiperTransport
        net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge()
        hvsock: fix epollout hang from race condition
        net/udp_gso: Allow TX timestamp with UDP GSO
        net: netem: fix use after free and double free with packet corruption
        net: netem: fix backlog accounting for corrupted GSO frames
        net: lio_core: fix potential sign-extension overflow on large shift
        tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
        ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL
        ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
        tun: wake up waitqueues after IFF_UP is set
        net: remove duplicate fetch in sock_getsockopt
        tipc: fix issues with early FAILOVER_MSG from peer
        ...
      c356dc4b
    • Eric Dumazet's avatar
      tcp: refine memory limit test in tcp_fragment() · b6653b36
      Eric Dumazet authored
      tcp_fragment() might be called for skbs in the write queue.
      
      Memory limits might have been exceeded because tcp_sendmsg() only
      checks limits at full skb (64KB) boundaries.
      
      Therefore, we need to make sure tcp_fragment() wont punish applications
      that might have setup very low SO_SNDBUF values.
      
      Fixes: f070ef2a ("tcp: tcp_fragment() should apply sane memory limits")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarChristoph Paasch <cpaasch@apple.com>
      Tested-by: default avatarChristoph Paasch <cpaasch@apple.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b6653b36
  3. 21 Jun, 2019 18 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · 121bddf3
      Linus Torvalds authored
      Pull rdma fixes from Doug Ledford:
       "This is probably our last -rc pull request. We don't have anything
        else outstanding at the moment anyway, and with the summer months on
        us and people taking trips, I expect the next weeks leading up to the
        merge window to be pretty calm and sedate.
      
        This has two simple, no brainer fixes for the EFA driver.
      
        Then it has ten not quite so simple fixes for the hfi1 driver. The
        problem with them is that they aren't simply one liner typo fixes.
        They're still fixes, but they're more complex issues like livelock
        under heavy load where the answer was to change work queue usage and
        spinlock usage to resolve the problem, or issues with orphaned
        requests during certain types of failures like link down which
        required some more complex work to fix too. They all look like
        legitimate fixes to me, they just aren't small like I wish they were.
      
        Summary:
      
         - 2 minor EFA fixes
      
         - 10 hfi1 fixes related to scaling issues"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        RDMA/efa: Handle mmap insertions overflow
        RDMA/efa: Fix success return value in case of error
        IB/hfi1: Handle port down properly in pio
        IB/hfi1: Handle wakeup of orphaned QPs for pio
        IB/hfi1: Wakeup QPs orphaned on wait list after flush
        IB/hfi1: Use aborts to trigger RC throttling
        IB/hfi1: Create inline to get extended headers
        IB/hfi1: Silence txreq allocation warnings
        IB/hfi1: Avoid hardlockup with flushlist_lock
        IB/hfi1: Correct tid qp rcd to match verbs context
        IB/hfi1: Close PSM sdma_progress sleep window
        IB/hfi1: Validate fault injection opcode user input
      121bddf3
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.2-3' of git://git.linux-nfs.org/projects/anna/linux-nfs · c036f7da
      Linus Torvalds authored
      Pull more NFS client fixes from Anna Schumaker:
       "These are mostly refcounting issues that people have found recently.
        The revert fixes a suspend recovery performance issue.
      
         - SUNRPC: Fix a credential refcount leak
      
         - Revert "SUNRPC: Declare RPC timers as TIMER_DEFERRABLE"
      
         - SUNRPC: Fix xps refcount imbalance on the error path
      
         - NFS4: Only set creation opendata if O_CREAT"
      
      * tag 'nfs-for-5.2-3' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        SUNRPC: Fix a credential refcount leak
        Revert "SUNRPC: Declare RPC timers as TIMER_DEFERRABLE"
        net :sunrpc :clnt :Fix xps refcount imbalance on the error path
        NFS4: Only set creation opendata if O_CREAT
      c036f7da
    • Andy Lutomirski's avatar
      x86/vdso: Prevent segfaults due to hoisted vclock reads · ff17bbe0
      Andy Lutomirski authored
      GCC 5.5.0 sometimes cleverly hoists reads of the pvclock and/or hvclock
      pages before the vclock mode checks.  This creates a path through
      vclock_gettime() in which no vclock is enabled at all (due to disabled
      TSC on old CPUs, for example) but the pvclock or hvclock page
      nevertheless read.  This will segfault on bare metal.
      
      This fixes commit 459e3a21 ("gcc-9: properly declare the
      {pv,hv}clock_page storage") in the sense that, before that commit, GCC
      didn't seem to generate the offending code.  There was nothing wrong
      with that commit per se, and -stable maintainers should backport this to
      all supported kernels regardless of whether the offending commit was
      present, since the same crash could just as easily be triggered by the
      phase of the moon.
      
      On GCC 9.1.1, this doesn't seem to affect the generated code at all, so
      I'm not too concerned about performance regressions from this fix.
      
      Cc: stable@vger.kernel.org
      Cc: x86@kernel.org
      Cc: Borislav Petkov <bp@alien8.de>
      Reported-by: default avatarDuncan Roe <duncan_roe@optusnet.com.au>
      Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ff17bbe0
    • Trond Myklebust's avatar
      SUNRPC: Fix a credential refcount leak · 19d55046
      Trond Myklebust authored
      All callers of __rpc_clone_client() pass in a value for args->cred,
      meaning that the credential gets assigned and referenced in
      the call to rpc_new_client().
      Reported-by: default avatarIdo Schimmel <idosch@idosch.org>
      Fixes: 79caa5fa ("SUNRPC: Cache cred of process creating the rpc_client")
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      Tested-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      19d55046
    • Anna Schumaker's avatar
      Revert "SUNRPC: Declare RPC timers as TIMER_DEFERRABLE" · 502980e8
      Anna Schumaker authored
      Jon Hunter reports:
        "I have been noticing intermittent failures with a system suspend test on
         some of our machines that have a NFS mounted root file-system. Bisecting
         this issue points to your commit 43123581 ("SUNRPC: Declare RPC
         timers as TIMER_DEFERRABLE") and reverting this on top of v5.2-rc3 does
         appear to resolve the problem.
      
         The cause of the suspend failure appears to be a long delay observed
         sometimes when resuming from suspend, and this is causing our test to
         timeout."
      
      This reverts commit 43123581.
      Reported-by: default avatarJon Hunter <jonathanh@nvidia.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      502980e8
    • Lin Yi's avatar
      net :sunrpc :clnt :Fix xps refcount imbalance on the error path · b9622614
      Lin Yi authored
      rpc_clnt_add_xprt take a reference to struct rpc_xprt_switch, but forget
      to release it before return, may lead to a memory leak.
      Signed-off-by: default avatarLin Yi <teroincn@163.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      b9622614
    • Benjamin Coddington's avatar
      NFS4: Only set creation opendata if O_CREAT · 90910519
      Benjamin Coddington authored
      We can end up in nfs4_opendata_alloc during task exit, in which case
      current->fs has already been cleaned up.  This leads to a crash in
      current_umask().
      
      Fix this by only setting creation opendata if we are actually doing an open
      with O_CREAT.  We can drop the check for NULL nfs4_open_createattrs, since
      O_CREAT will never be set for the recovery path.
      Suggested-by: default avatarTrond Myklebust <trondmy@hammerspace.com>
      Signed-off-by: default avatarBenjamin Coddington <bcodding@redhat.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      90910519
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · a4c33bbb
      Linus Torvalds authored
      Pull ARM fix from Russell King:
       "Just one ARM fix this time around for Jason Donenfeld, fixing a
        problem with the VDSO generation on big endian"
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 8867/1: vdso: pass --be8 to linker if necessary
      a4c33bbb
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2019-06-21' of git://anongit.freedesktop.org/drm/drm · 0728f6c3
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Just catching up on the week since back from holidays, everything
        seems quite sane.
      
        core:
         - copy_to_user fix for really legacy codepaths.
      
        vmwgfx:
         - two dma fixes
         - one virt hw interaction fix
      
        i915:
         - modesetting fix
         - gvt fix
      
        panfrost:
         - BO unmapping fix
      
        imx:
         - image converter fixes"
      
      * tag 'drm-fixes-2019-06-21' of git://anongit.freedesktop.org/drm/drm:
        drm/i915: Don't clobber M/N values during fastset check
        drm: return -EFAULT if copy_to_user() fails
        drm/panfrost: Make sure a BO is only unmapped when appropriate
        drm/i915/gvt: ignore unexpected pvinfo write
        gpu: ipu-v3: image-convert: Fix image downsize coefficients
        gpu: ipu-v3: image-convert: Fix input bytesperline for packed formats
        gpu: ipu-v3: image-convert: Fix input bytesperline width/height align
        drm/vmwgfx: fix a warning due to missing dma_parms
        drm/vmwgfx: Honor the sg list segment size limitation
        drm/vmwgfx: Use the backdoor port if the HB port is not available
      0728f6c3
    • Linus Torvalds's avatar
      Merge tag 'staging-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · db54615e
      Linus Torvalds authored
      Pull staging/IIO/counter fixes from Greg KH:
       "Here are some small driver bugfixes for some staging/iio/counter
        drivers.
      
        Staging and IIO have been lumped together for a while, as those
        subsystems cross the areas a log, and counter is used by IIO, so
        that's why they are all in one pull request here.
      
        These are small fixes for reported issues in some iio drivers, the
        erofs filesystem, and a build issue for counter code.
      
        All have been in linux-next with no reported issues"
      
      * tag 'staging-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: erofs: add requirements field in superblock
        counter/ftm-quaddec: Add missing dependencies in Kconfig
        staging: iio: adt7316: Fix build errors when GPIOLIB is not set
        iio: temperature: mlx90632 Relax the compatibility check
        iio: imu: st_lsm6dsx: fix PM support for st_lsm6dsx i2c controller
        staging:iio:ad7150: fix threshold mode config bit
      db54615e
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · b7b8a44f
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are a number of small driver fixes for 5.2-rc6
      
        Nothing major, just fixes for reported issues:
         - soundwire fixes
         - thunderbolt fixes
         - MAINTAINERS update for fpga maintainer change
         - binder bugfix
         - habanalabs 64bit pointer fix
         - documentation updates
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'char-misc-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        habanalabs: use u64_to_user_ptr() for reading user pointers
        doc: fix documentation about UIO_MEM_LOGICAL using
        MAINTAINERS / Documentation: Thorsten Scherer is the successor of Gavin Schenk
        docs: fb: Add TER16x32 to the available font names
        MAINTAINERS: fpga: hand off maintainership to Moritz
        thunderbolt: Implement CIO reset correctly for Titan Ridge
        binder: fix possible UAF when freeing buffer
        thunderbolt: Make sure device runtime resume completes before taking domain lock
        soundwire: intel: set dai min and max channels correctly
        soundwire: stream: fix bad unlock balance
        soundwire: stream: fix out of boundary access on port properties
      b7b8a44f
    • Linus Torvalds's avatar
      Merge tag 'usb-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · cf242421
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are four small USB fixes for 5.2-rc6.
      
        They include two xhci bugfixes, a chipidea fix, and a small dwc2 fix.
        Nothing major, just nice things to get resolved for reported issues.
      
        All have been in linux-next with no reported issues"
      
      * tag 'usb-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        xhci: detect USB 3.2 capable host controllers correctly
        usb: xhci: Don't try to recover an endpoint if port is in error state.
        usb: dwc2: Use generic PHY width in params setup
        usb: chipidea: udc: workaround for endpoint conflict issue
      cf242421
    • Linus Torvalds's avatar
      Merge tag 'spdx-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx · c884d8ac
      Linus Torvalds authored
      Pull still more SPDX updates from Greg KH:
       "Another round of SPDX updates for 5.2-rc6
      
        Here is what I am guessing is going to be the last "big" SPDX update
        for 5.2. It contains all of the remaining GPLv2 and GPLv2+ updates
        that were "easy" to determine by pattern matching. The ones after this
        are going to be a bit more difficult and the people on the spdx list
        will be discussing them on a case-by-case basis now.
      
        Another 5000+ files are fixed up, so our overall totals are:
      	Files checked:            64545
      	Files with SPDX:          45529
      
        Compared to the 5.1 kernel which was:
      	Files checked:            63848
      	Files with SPDX:          22576
      
        This is a huge improvement.
      
        Also, we deleted another 20000 lines of boilerplate license crud,
        always nice to see in a diffstat"
      
      * tag 'spdx-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx: (65 commits)
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 507
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 506
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 505
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 504
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 503
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 502
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 501
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 498
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 497
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 496
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 495
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 491
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 490
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 489
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 488
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 487
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 486
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 485
        ...
      c884d8ac
    • Linus Torvalds's avatar
      Merge tag '5.2-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 05512b0f
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Four small SMB3 fixes, all for stable"
      
      * tag '5.2-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: fix GlobalMid_Lock bug in cifs_reconnect
        SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
        cifs: add spinlock for the openFileList to cifsInodeInfo
        cifs: fix panic in smb2_reconnect
      05512b0f
    • Dave Airlie's avatar
      Merge tag 'imx-drm-fixes-2019-06-20' of git://git.pengutronix.de/git/pza/linux into drm-fixes · 5eab9cf8
      Dave Airlie authored
      drm/imx: ipu-v3 image converter fixes
      
      This series fixes input buffer alignment and downsizer configuration
      to adhere to IPU mem2mem CSC/scaler hardware restrictions in certain
      downscaling ratios.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Philipp Zabel <p.zabel@pengutronix.de>
      Link: https://patchwork.freedesktop.org/patch/msgid/1561040798.14349.20.camel@pengutronix.de
      5eab9cf8
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2019-06-20' of... · 91cbf5d2
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2019-06-20' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
      
      drm/i915 fixes for v5.2-rc6:
      - GVT: Fix reserved PVINFO register write (Weinan)
      - Avoid clobbering M/N values in fastset fuzzy checks (Ville)
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Jani Nikula <jani.nikula@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/87pnn8sbdp.fsf@intel.com
      91cbf5d2
    • Dave Airlie's avatar
      Merge tag 'drm-misc-fixes-2019-06-19' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes · ea37e1a3
      Dave Airlie authored
      panfrost- Only unmap BO's if they're mapped (Boris)
      core- Handle buffer desc copy_to_user failure properly (Dan)
      
      Cc: Boris Brezillon <boris.brezillon@collabora.com>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Sean Paul <sean@poorly.run>
      Link: https://patchwork.freedesktop.org/patch/msgid/20190619192745.GA145841@art_vandelay
      ea37e1a3
    • Dave Airlie's avatar
      Merge branch 'vmwgfx-fixes-5.2' of git://people.freedesktop.org/~thomash/linux into drm-fixes · 47e3c4c9
      Dave Airlie authored
      A couple of fixes for vmwgfx. Two fixes for a DMA sg-list debug warning
      message. These are not cc'd stable since there is no evidence of actual
      breakage.
      On fix for the high-bandwidth backdoor port which is cc'd stable due to
      upcoming hardware, on which the code would otherwise break.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Thomas Hellstrom <VMware> <thomas@shipmail.org>
      Link: https://patchwork.freedesktop.org/patch/msgid/20190618072255.2720-1-thomas@shipmail.org
      47e3c4c9
  4. 20 Jun, 2019 5 commits
    • Jason A. Donenfeld's avatar
      ARM: 8867/1: vdso: pass --be8 to linker if necessary · c5d0e49e
      Jason A. Donenfeld authored
      The commit fe00e50b ("ARM: 8858/1: vdso: use $(LD) instead of $(CC)
      to link VDSO") removed the passing of CFLAGS, since ld doesn't take
      those directly. However, prior, big-endian ARM was relying on gcc to
      translate its -mbe8 option into ld's --be8 option. Lacking this, ld
      generated be32 code, making the VDSO generate SIGILL when called by
      userspace.
      
      This commit passes --be8 if CONFIG_CPU_ENDIAN_BE8 is enabled.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      c5d0e49e
    • Linus Torvalds's avatar
      Merge tag 'ovl-fixes-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 4ae004a9
      Linus Torvalds authored
      Pull overlayfs fixes from Miklos Szeredi:
       "Fix two regressions in this cycle, and a couple of older bugs"
      
      * tag 'ovl-fixes-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: make i_ino consistent with st_ino in more cases
        ovl: fix typo in MODULE_PARM_DESC
        ovl: fix bogus -Wmaybe-unitialized warning
        ovl: don't fail with disconnected lower NFS
        ovl: fix wrong flags check in FS_IOC_FS[SG]ETXATTR ioctls
      4ae004a9
    • Linus Torvalds's avatar
      Merge tag 'fuse-fixes-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse · b910f6a7
      Linus Torvalds authored
      Pull fuse fix from Miklos Szeredi:
       "Just a single revert, fixing a regression in -rc1"
      
      * tag 'fuse-fixes-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
        Revert "fuse: require /dev/fuse reads to have enough buffer capacity"
      b910f6a7
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · b3e97833
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "Fixes for ARM and x86, plus selftest patches and nicer structs for
        nested state save/restore"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: nVMX: reorganize initial steps of vmx_set_nested_state
        KVM: arm/arm64: Fix emulated ptimer irq injection
        tests: kvm: Check for a kernel warning
        kvm: tests: Sort tests in the Makefile alphabetically
        KVM: x86/mmu: Allocate PAE root array when using SVM's 32-bit NPT
        KVM: x86: Modify struct kvm_nested_state to have explicit fields for data
        KVM: fix typo in documentation
        KVM: nVMX: use correct clean fields when copying from eVMCS
        KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy
        KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST
        KVM: arm64: Implement vq_present() as a macro
      b3e97833
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · e9293874
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "This is mainly a couple of email address updates to MAINTAINERS, but
        we've also fixed a UAPI build issue with musl libc and an accidental
        double-initialisation of our pgd_cache due to a naming conflict with a
        weak symbol.
      
        There are a couple of outstanding issues that have been reported, but
        it doesn't look like they're new and we're still a long way off from
        fully debugging them.
      
        Summary:
      
         - Fix use of #include in UAPI headers for compatability with musl libc
      
         - Update email addresses in MAINTAINERS
      
         - Fix initialisation of pgd_cache due to name collision with weak symbol"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64/mm: don't initialize pgd_cache twice
        MAINTAINERS: Update my email address
        arm64/sve: <uapi/asm/ptrace.h> should not depend on <uapi/linux/prctl.h>
        arm64: ssbd: explicitly depend on <linux/prctl.h>
        MAINTAINERS: Update my email address to use @kernel.org
      e9293874