1. 29 Sep, 2017 4 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 42057e18
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "Mixed bugfixes. Perhaps the most interesting one is a latent bug that
        was finally triggered by PCID support"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm/x86: Handle async PF in RCU read-side critical sections
        KVM: nVMX: Fix nested #PF intends to break L1's vmlauch/vmresume
        KVM: VMX: use cmpxchg64
        KVM: VMX: simplify and fix vmx_vcpu_pi_load
        KVM: VMX: avoid double list add with VT-d posted interrupts
        KVM: VMX: extract __pi_post_block
        KVM: PPC: Book3S HV: Check for updated HDSISR on P9 HDSI exception
        KVM: nVMX: fix HOST_CR3/HOST_CR4 cache
      42057e18
    • Linus Torvalds's avatar
      Merge branch 'fixes-v4.14-rc3' of... · 95d3652e
      Linus Torvalds authored
      Merge branch 'fixes-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
      
      Pull keys fixes from James Morris:
       "Notable here is a rewrite of big_key crypto by Jason Donenfeld to
        address some issues in the original code.
      
        From Jason's commit log:
         "This started out as just replacing the use of crypto/rng with
          get_random_bytes_wait, so that we wouldn't use bad randomness at
          boot time. But, upon looking further, it appears that there were
          even deeper underlying cryptographic problems, and that this seems
          to have been committed with very little crypto review. So, I rewrote
          the whole thing, trying to keep to the conventions introduced by the
          previous author, to fix these cryptographic flaws."
      
        There has been positive review of the new code by Eric Biggers and
        Herbert Xu, and it passes basic testing via the keyutils test suite.
        Eric also manually tested it.
      
        Generally speaking, we likely need to improve the amount of crypto
        review for kernel crypto users including keys (I'll post a note
        separately to ksummit-discuss)"
      
      * 'fixes-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        security/keys: rewrite all of big_key crypto
        security/keys: properly zero out sensitive key material in big_key
        KEYS: use kmemdup() in request_key_auth_new()
        KEYS: restrict /proc/keys by credentials at open time
        KEYS: reset parent each time before searching key_user_tree
        KEYS: prevent KEYCTL_READ on negative key
        KEYS: prevent creating a different user's keyrings
        KEYS: fix writing past end of user-supplied buffer in keyring_read()
        KEYS: fix key refcount leak in keyctl_read_key()
        KEYS: fix key refcount leak in keyctl_assume_authority()
        KEYS: don't revoke uninstantiated key in request_key_auth_new()
        KEYS: fix cred refcount leak in request_key_auth_new()
      95d3652e
    • Boqun Feng's avatar
      kvm/x86: Handle async PF in RCU read-side critical sections · b862789a
      Boqun Feng authored
      Sasha Levin reported a WARNING:
      
      | WARNING: CPU: 0 PID: 6974 at kernel/rcu/tree_plugin.h:329
      | rcu_preempt_note_context_switch kernel/rcu/tree_plugin.h:329 [inline]
      | WARNING: CPU: 0 PID: 6974 at kernel/rcu/tree_plugin.h:329
      | rcu_note_context_switch+0x16c/0x2210 kernel/rcu/tree.c:458
      ...
      | CPU: 0 PID: 6974 Comm: syz-fuzzer Not tainted 4.13.0-next-20170908+ #246
      | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
      | 1.10.1-1ubuntu1 04/01/2014
      | Call Trace:
      ...
      | RIP: 0010:rcu_preempt_note_context_switch kernel/rcu/tree_plugin.h:329 [inline]
      | RIP: 0010:rcu_note_context_switch+0x16c/0x2210 kernel/rcu/tree.c:458
      | RSP: 0018:ffff88003b2debc8 EFLAGS: 00010002
      | RAX: 0000000000000001 RBX: 1ffff1000765bd85 RCX: 0000000000000000
      | RDX: 1ffff100075d7882 RSI: ffffffffb5c7da20 RDI: ffff88003aebc410
      | RBP: ffff88003b2def30 R08: dffffc0000000000 R09: 0000000000000001
      | R10: 0000000000000000 R11: 0000000000000000 R12: ffff88003b2def08
      | R13: 0000000000000000 R14: ffff88003aebc040 R15: ffff88003aebc040
      | __schedule+0x201/0x2240 kernel/sched/core.c:3292
      | schedule+0x113/0x460 kernel/sched/core.c:3421
      | kvm_async_pf_task_wait+0x43f/0x940 arch/x86/kernel/kvm.c:158
      | do_async_page_fault+0x72/0x90 arch/x86/kernel/kvm.c:271
      | async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1069
      | RIP: 0010:format_decode+0x240/0x830 lib/vsprintf.c:1996
      | RSP: 0018:ffff88003b2df520 EFLAGS: 00010283
      | RAX: 000000000000003f RBX: ffffffffb5d1e141 RCX: ffff88003b2df670
      | RDX: 0000000000000001 RSI: dffffc0000000000 RDI: ffffffffb5d1e140
      | RBP: ffff88003b2df560 R08: dffffc0000000000 R09: 0000000000000000
      | R10: ffff88003b2df718 R11: 0000000000000000 R12: ffff88003b2df5d8
      | R13: 0000000000000064 R14: ffffffffb5d1e140 R15: 0000000000000000
      | vsnprintf+0x173/0x1700 lib/vsprintf.c:2136
      | sprintf+0xbe/0xf0 lib/vsprintf.c:2386
      | proc_self_get_link+0xfb/0x1c0 fs/proc/self.c:23
      | get_link fs/namei.c:1047 [inline]
      | link_path_walk+0x1041/0x1490 fs/namei.c:2127
      ...
      
      This happened when the host hit a page fault, and delivered it as in an
      async page fault, while the guest was in an RCU read-side critical
      section.  The guest then tries to reschedule in kvm_async_pf_task_wait(),
      but rcu_preempt_note_context_switch() would treat the reschedule as a
      sleep in RCU read-side critical section, which is not allowed (even in
      preemptible RCU).  Thus the WARN.
      
      To cure this, make kvm_async_pf_task_wait() go to the halt path if the
      PF happens in a RCU read-side critical section.
      Reported-by: default avatarSasha Levin <levinsasha928@gmail.com>
      Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarBoqun Feng <boqun.feng@gmail.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      b862789a
    • Wanpeng Li's avatar
      KVM: nVMX: Fix nested #PF intends to break L1's vmlauch/vmresume · 305d0ab4
      Wanpeng Li authored
      ------------[ cut here ]------------
       WARNING: CPU: 4 PID: 5280 at /home/kernel/linux/arch/x86/kvm//vmx.c:11394 nested_vmx_vmexit+0xc2b/0xd70 [kvm_intel]
       CPU: 4 PID: 5280 Comm: qemu-system-x86 Tainted: G        W  OE   4.13.0+ #17
       RIP: 0010:nested_vmx_vmexit+0xc2b/0xd70 [kvm_intel]
       Call Trace:
        ? emulator_read_emulated+0x15/0x20 [kvm]
        ? segmented_read+0xae/0xf0 [kvm]
        vmx_inject_page_fault_nested+0x60/0x70 [kvm_intel]
        ? vmx_inject_page_fault_nested+0x60/0x70 [kvm_intel]
        x86_emulate_instruction+0x733/0x810 [kvm]
        vmx_handle_exit+0x2f4/0xda0 [kvm_intel]
        ? kvm_arch_vcpu_ioctl_run+0xd2f/0x1c60 [kvm]
        kvm_arch_vcpu_ioctl_run+0xdab/0x1c60 [kvm]
        ? kvm_arch_vcpu_load+0x62/0x230 [kvm]
        kvm_vcpu_ioctl+0x340/0x700 [kvm]
        ? kvm_vcpu_ioctl+0x340/0x700 [kvm]
        ? __fget+0xfc/0x210
        do_vfs_ioctl+0xa4/0x6a0
        ? __fget+0x11d/0x210
        SyS_ioctl+0x79/0x90
        entry_SYSCALL_64_fastpath+0x23/0xc2
      
      A nested #PF is triggered during L0 emulating instruction for L2. However, it
      doesn't consider we should not break L1's vmlauch/vmresme. This patch fixes
      it by queuing the #PF exception instead ,requesting an immediate VM exit from
      L2 and keeping the exception for L1 pending for a subsequent nested VM exit.
      
      This should actually work all the time, making vmx_inject_page_fault_nested
      totally unnecessary.  However, that's not working yet, so this patch can work
      around the issue in the meanwhile.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Signed-off-by: default avatarWanpeng Li <wanpeng.li@hotmail.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      305d0ab4
  2. 28 Sep, 2017 11 commits
    • Linus Torvalds's avatar
      Merge tag 'acpi-4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 770b782f
      Linus Torvalds authored
      Pull ACPI fix from Rafael Wysocki:
       "This fixes an APEI problem that may cause a reported error to be
        missed due to a race condition"
      
      * tag 'acpi-4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI / APEI: clear error status before acknowledging the error
      770b782f
    • Linus Torvalds's avatar
      Merge tag 'pm-4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 74de8187
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These fix a deadlock in the operating performance points (OPP)
        framework introduced during the 4.11 cycle, more issues with duplicate
        device objects for cpufreq-dt and cpufreq documentation.
      
        Specifics:
      
         - Fix a deadlock in the operating performance points (OPP) framework
           caused by a notifier callback taking a lock that's already held by
           its caller (Viresh Kumar).
      
         - Prevent the ti-cpufreq and cpufreq-dt-platdev drivers from
           attempting to register conflicting device objects which triggers a
           warning from sysfs (Suniel Mahesh).
      
         - Drop a stale reference to a piece of intel_pstate documentation
           that's not in the tree any more (Rafael Wysocki)"
      
      * tag 'pm-4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpufreq: docs: Drop intel-pstate.txt from index.txt
        cpufreq: dt: Fix sysfs duplicate filename creation for platform-device
        PM / OPP: Call notifier without holding opp_table->lock
      74de8187
    • Linus Torvalds's avatar
      Merge tag 'xfs-4.14-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 02a2b053
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
      
       - fix various problems with the copy-on-write extent maps getting freed
         at the wrong time
      
       - fix printk format specifier problems
      
       - report zeroing operation outcomes instead of dropping them on the
         floor
      
       - fix some crashes when dio operations partially fail
      
       - fix a race condition between unwritten extent conversion & dio read
      
       - fix some incorrect tests in the inode log item processing
      
       - correct the delayed allocation space reservations on rmap filesystems
      
       - fix some problems checking for dax support
      
      * tag 'xfs-4.14-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: revert "xfs: factor rmap btree size into the indlen calculations"
        xfs: Capture state of the right inode in xfs_iflush_done
        xfs: perag initialization should only touch m_ag_max_usable for AG 0
        xfs: update i_size after unwritten conversion in dio completion
        iomap_dio_rw: Allocate AIO completion queue before submitting dio
        xfs: validate bdev support for DAX inode flag
        xfs: remove redundant re-initialization of total_nr_pages
        xfs: Output warning message when discard option was enabled even though the device does not support discard
        xfs: report zeroed or not correctly in xfs_zero_range()
        xfs: kill meaningless variable 'zero'
        fs/xfs: Use %pS printk format for direct addresses
        xfs: evict CoW fork extents when performing finsert/fcollapse
        xfs: don't unconditionally clear the reflink flag on zero-block files
      02a2b053
    • Linus Torvalds's avatar
      Revert "Bluetooth: Add option for disabling legacy ioctl interfaces" · e49aa15e
      Linus Torvalds authored
      This reverts commit dbbccdc4.
      
      It turns out that the "legacy" users aren't so legacy at all, and that
      turning off the legacy ioctl will break the current Qt bluetooth stack
      for bluetooth LE devices that were released just a couple of months ago.
      
      So it's simply not true that this was a legacy interface that hasn't
      been needed and is only limited to old legacy BT devices.  Because I
      actually read Kconfig help messages, and actively try to turn off
      features that I don't need, I turned the option off.
      
      Then I spent _way_ too much time debugging BLE issues until I realized
      that it wasn't the Qt and subsurface development that had broken one of
      my dive computer BLE downloads, but simply my broken kernel config.
      
      Maybe in a decade it will be true that this is a legacy interface.  And
      maybe with a better help-text and correct dependencies, this kind of
      legacy removal might be acceptable.  But as things are right now both
      the commit message and the Kconfig help text were misleading, and the
      Kconfig option had the wrong dependenencies.
      
      There's no reason to keep that broken Kconfig option in the tree.
      
      Cc: Marcel Holtmann <marcel@holtmann.org>
      Cc: Johan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e49aa15e
    • Rafael J. Wysocki's avatar
      Merge branch 'acpi-apei' · 333d1774
      Rafael J. Wysocki authored
      * acpi-apei:
        ACPI / APEI: clear error status before acknowledging the error
      333d1774
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma · 91735832
      Linus Torvalds authored
      Pull rdma fixes from Doug Ledford:
       "Second -rc update for 4.14.
      
        Both Mellanox and Intel had a series of -rc fixes that landed this
        week. The Mellanox bunch is spread throughout the stack and not just
        in their driver, where as the Intel bunch was mostly in the hfi1
        driver. And, several of the fixes in the hfi1 driver were more than
        just simple 5 line fixes. As a result, the hfi1 driver fixes has a
        sizable LOC count.
      
        Everything else is as one would expect in an RC cycle in terms of LOC
        count. One item that might jump out and make you think "That's not an
        rc item" is the fix that corrects a typo. But, that change fixes a
        typo in a user visible API that was just added in this merge window,
        so if we fix it now, we can fix it. If we don't, the typo is in the
        API forever. Another that might not appear to be a fix at first glance
        is the Simplify mlx5_ib_cont_pages patch, but the simplification
        allows them to fix a bug in the existing function whenever the length
        of an SGE exceeded page size. We also had to revert one patch from the
        merge window that was wrong.
      
        Summary:
      
         - a few core fixes
         - a few ipoib fixes
         - a few mlx5 fixes
         - a 7-patch hfi1 related series"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
        IB/hfi1: Unsuccessful PCIe caps tuning should not fail driver load
        IB/hfi1: On error, fix use after free during user context setup
        Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0"
        IB/hfi1: Return correct value in general interrupt handler
        IB/hfi1: Check eeprom config partition validity
        IB/hfi1: Only reset QSFP after link up and turn off AOC TX
        IB/hfi1: Turn off AOC TX after offline substates
        IB/mlx5: Fix NULL deference on mlx5_ib_update_xlt failure
        IB/mlx5: Simplify mlx5_ib_cont_pages
        IB/ipoib: Fix inconsistency with free_netdev and free_rdma_netdev
        IB/ipoib: Fix sysfs Pkey create<->remove possible deadlock
        IB: Correct MR length field to be 64-bit
        IB/core: Fix qp_sec use after free access
        IB/core: Fix typo in the name of the tag-matching cap struct
      91735832
    • Rafael J. Wysocki's avatar
      Merge branches 'pm-opp' and 'pm-cpufreq' · abeb19a2
      Rafael J. Wysocki authored
      * pm-opp:
        PM / OPP: Call notifier without holding opp_table->lock
      
      * pm-cpufreq:
        cpufreq: docs: Drop intel-pstate.txt from index.txt
        cpufreq: dt: Fix sysfs duplicate filename creation for platform-device
      abeb19a2
    • Linus Torvalds's avatar
      Merge tag 'seccomp-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 26e811cd
      Linus Torvalds authored
      Pull seccomp fix from Kees Cook:
       "Fix refcounting bug in CRIU interface, noticed by Chris Salls (Oleg &
        Tycho)"
      
      * tag 'seccomp-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
      26e811cd
    • Paolo Bonzini's avatar
      KVM: VMX: use cmpxchg64 · c0a1666b
      Paolo Bonzini authored
      This fixes a compilation failure on 32-bit systems.
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      c0a1666b
    • Oleg Nesterov's avatar
      seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() · 66a733ea
      Oleg Nesterov authored
      As Chris explains, get_seccomp_filter() and put_seccomp_filter() can end
      up using different filters. Once we drop ->siglock it is possible for
      task->seccomp.filter to have been replaced by SECCOMP_FILTER_FLAG_TSYNC.
      
      Fixes: f8e529ed ("seccomp, ptrace: add support for dumping seccomp filters")
      Reported-by: default avatarChris Salls <chrissalls5@gmail.com>
      Cc: stable@vger.kernel.org # needs s/refcount_/atomic_/ for v4.12 and earlier
      Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
      [tycho: add __get_seccomp_filter vs. open coding refcount_inc()]
      Signed-off-by: default avatarTycho Andersen <tycho@docker.com>
      [kees: tweak commit log]
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      66a733ea
    • Rafael J. Wysocki's avatar
      cpufreq: docs: Drop intel-pstate.txt from index.txt · 8aba2333
      Rafael J. Wysocki authored
      Commit 33fc30b4 (cpufreq: intel_pstate: Document the current
      behavior and user interface) dropped the intel-pstate.txt file
      from Documentation/cpu-freq/, but it did not update the index.txt
      file in there accordingly, so do that now.
      
      Fixes: 33fc30b4 (cpufreq: intel_pstate: Document the current behavior and user interface)
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      8aba2333
  3. 27 Sep, 2017 16 commits
    • James Morris's avatar
      Merge commit 'keys-fixes-20170927' into fixes-v4.14-rc3 · 2569e7e1
      James Morris authored
      From David Howells:
      
      "There are two sets of patches here:
       (1) A bunch of core keyrings bug fixes from Eric Biggers.
      
       (2) Fixing big_key to use safe crypto from Jason A. Donenfeld."
      2569e7e1
    • Tyler Baicar's avatar
      ACPI / APEI: clear error status before acknowledging the error · aaf2c2fb
      Tyler Baicar authored
      Currently we acknowledge errors before clearing the error status.
      This could cause a new error to be populated by firmware in-between
      the error acknowledgment and the error status clearing which would
      cause the second error's status to be cleared without being handled.
      So, clear the error status before acknowledging the errors.
      
      Also, make sure to acknowledge the error if the error status read
      fails.
      Signed-off-by: default avatarTyler Baicar <tbaicar@codeaurora.org>
      Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      aaf2c2fb
    • Linus Torvalds's avatar
      Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · 9cd6681c
      Linus Torvalds authored
      Pull quota and isofs fixes from Jan Kara:
       "Two quota fixes (fallout of the quota locking changes) and an isofs
        build fix"
      
      * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        quota: Fix quota corruption with generic/232 test
        isofs: fix build regression
        quota: add missing lock into __dquot_transfer()
      9cd6681c
    • Linus Torvalds's avatar
      Merge tag 'linux-kselftest-4.14-rc3-fixes' of... · 225d3b67
      Linus Torvalds authored
      Merge tag 'linux-kselftest-4.14-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kselftest fixes from Shuah Khan:
       "This update consists of:
      
         - fixes to several existing tests
      
         - a test for regression introduced by b9470c27 ("inet: kill
           smallest_size and smallest_port")
      
         - seccomp support for glibc 2.26 siginfo_t.h
      
         - fixes to kselftest framework and tests to run make O=dir use-case
      
         - fixes to silence unnecessary test output to de-clutter test results"
      
      * tag 'linux-kselftest-4.14-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: (28 commits)
        selftests: timers: set-timer-lat: Fix hang when testing unsupported alarms
        selftests: timers: set-timer-lat: fix hang when std out/err are redirected
        selftests/memfd: correct run_tests.sh permission
        selftests/seccomp: Support glibc 2.26 siginfo_t.h
        selftests: futex: Makefile: fix for loops in targets to run silently
        selftests: Makefile: fix for loops in targets to run silently
        selftests: mqueue: Use full path to run tests from Makefile
        selftests: futex: copy sub-dir test scripts for make O=dir run
        selftests: lib.mk: copy test scripts and test files for make O=dir run
        selftests: sync: kselftest and kselftest-clean fail for make O=dir case
        selftests: sync: use TEST_CUSTOM_PROGS instead of TEST_PROGS
        selftests: lib.mk: add TEST_CUSTOM_PROGS to allow custom test run/install
        selftests: watchdog: fix to use TEST_GEN_PROGS and remove clean
        selftests: lib.mk: fix test executable status check to use full path
        selftests: Makefile: clear LDFLAGS for make O=dir use-case
        selftests: lib.mk: kselftest and kselftest-clean fail for make O=dir case
        Makefile: kselftest and kselftest-clean fail for make O=dir case
        selftests/net: msg_zerocopy enable build with older kernel headers
        selftests: actually run the various net selftests
        selftest: add a reuseaddr test
        ...
      225d3b67
    • Linus Torvalds's avatar
      Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7031b641
      Linus Torvalds authored
      Pull x86 fpu fixes and cleanups from Ingo Molnar:
       "This is _way_ more cleanups than fixes, but the bugs were subtle and
        hard to hit, and the primary reason for them existing was the
        unnecessary historical complexity of some of the x86/fpu interfaces.
      
        The first bunch of commits clean up and simplify the xstate user copy
        handling functions, in reaction to the collective head-scratching
        about the xstate user-copy handling code that leads up to the fix for
        this SkyLake xstate handling bug:
      
           0852b374: x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs
      
        The cleanups don't change any functionality, they just (hopefully)
        make it all clearer, more consistent, more debuggable and more robust.
      
        Note that most of the linecount increase comes from these commits,
        where we better split the user/kernel copy logic by having more
        variants, instead repeated fragile patterns of:
      
                     if (kbuf) {
                             memcpy(kbuf + pos, data, copy);
                     } else {
                             if (__copy_to_user(ubuf + pos, data, copy))
                                     return -EFAULT;
                     }
      
        The next bunch of commits simplify the FPU state-machine to get rid of
        old lazy-FPU idiosyncrasies - a defensive simplification to make all
        the code easier to review and fix. No change in functionality.
      
        Then there's a couple of additional debugging tweaks: static checker
        warning fix and move an FPU related warning to under WARN_ON_FPU(),
        followed by another bunch of commits that represent a finegrained
        split-up of the fixes from Eric Biggers to handle weird xstate bits
        properly.
      
        I did this finegrained split-up because some of these fixes also
        impact the ABI for weird xstate handling, for which we'd like to have
        good bisection results, should they cause any problems. (We also had
        one regression with the more monolithic fixes, so splitting it all up
        sounded prudent for robustness reasons as well.)
      
        About the whole series: the commits up to 03eaec81 have been in
        -next for months - but I've recently rebased them to remove a state
        machine clean-up commit that was objected to, and to make it more
        bisectable - so technically it's a new, rebased tree.
      
        Robustness history: this series had some regressions along the way,
        and all reported regressions have been fixed. All but one of the
        regressions manifested itself as easy to report warnings. The previous
        version of this latest series was also in linux-next, with one
        (warning-only) regression reported which is fixed in the latest
        version.
      
        Barring last minute brown paper bag bugs (and the commits are now
        older by a day which I'd hope helps paperbag reduction), I'm
        reasonably confident about its general robustness.
      
        Famous last words ..."
      
      * 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (42 commits)
        x86/fpu: Use using_compacted_format() instead of open coded X86_FEATURE_XSAVES
        x86/fpu: Use validate_xstate_header() to validate the xstate_header in copy_user_to_xstate()
        x86/fpu: Eliminate the 'xfeatures' local variable in copy_user_to_xstate()
        x86/fpu: Copy the full header in copy_user_to_xstate()
        x86/fpu: Use validate_xstate_header() to validate the xstate_header in copy_kernel_to_xstate()
        x86/fpu: Eliminate the 'xfeatures' local variable in copy_kernel_to_xstate()
        x86/fpu: Copy the full state_header in copy_kernel_to_xstate()
        x86/fpu: Use validate_xstate_header() to validate the xstate_header in __fpu__restore_sig()
        x86/fpu: Use validate_xstate_header() to validate the xstate_header in xstateregs_set()
        x86/fpu: Introduce validate_xstate_header()
        x86/fpu: Rename fpu__activate_fpstate_read/write() to fpu__prepare_[read|write]()
        x86/fpu: Rename fpu__activate_curr() to fpu__initialize()
        x86/fpu: Simplify and speed up fpu__copy()
        x86/fpu: Fix stale comments about lazy FPU logic
        x86/fpu: Rename fpu::fpstate_active to fpu::initialized
        x86/fpu: Remove fpu__current_fpstate_write_begin/end()
        x86/fpu: Fix fpu__activate_fpstate_read() and update comments
        x86/fpu: Reinitialize FPU registers if restoring FPU state fails
        x86/fpu: Don't let userspace set bogus xcomp_bv
        x86/fpu: Turn WARN_ON() in context switch into WARN_ON_FPU()
        ...
      7031b641
    • Harish Chegondi's avatar
      IB/hfi1: Unsuccessful PCIe caps tuning should not fail driver load · 828bcbdc
      Harish Chegondi authored
      Failure to tune PCIe capabilities should not fail driver load. This can
      cause the driver load to fail on systems with any of the following:
      1. HFI's parent is not root. Example: HFI card is behind a PCIe bridge.
      2. HFI's parent is not PCI Express capable.
      In these situations, failure to tune PCIe capabilities should be logged
      in the system message logs but not cause the driver load to fail.
      
      This patch also ensures pcie capability word DevCtl is written only
      after a successful read and the capability tuning process continues
      even if read/write of the pcie capability word DevCtl fails.
      
      Fixes: c53df62c ("IB/hfi1: Check return values from PCI config API calls")
      Fixes: bf70a775 ("staging/rdma/hfi1: Enable WFR PCIe extended tags from the driver")
      Reviewed-by: default avatarMichael J. Ruhl <michael.j.ruhl@intel.com>
      Reviewed-by: default avatarMike Marciniszyn <mike.marciniszyn@intel.com>
      Reviewed-by: default avatarJakub Byczkowski <jakub.byczkowski@intel.com>
      Signed-off-by: default avatarHarish Chegondi <harish.chegondi@intel.com>
      Signed-off-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      828bcbdc
    • Michael J. Ruhl's avatar
      IB/hfi1: On error, fix use after free during user context setup · b8f42738
      Michael J. Ruhl authored
      During base context setup, if setup_base_ctxt() fails, the context is
      deallocated. This is incorrect because the context is referenced on
      return, to notify any waiting subcontext.  If there are no subcontexts
      the pointer will be invalid.
      
      Reorganize the error path so that deallocate_ctxt() is called after all
      the possible subcontexts have been notified.
      Reviewed-by: default avatarIra Weiny <ira.weiny@intel.com>
      Signed-off-by: default avatarMichael J. Ruhl <michael.j.ruhl@intel.com>
      Signed-off-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      b8f42738
    • Alex Estrin's avatar
      Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0" · 612601d0
      Alex Estrin authored
      commit 9a9b8112 will cause core to fail UD QP from being destroyed
      on ipoib unload, therefore cause resources leakage.
      On pkey change event above patch modifies mgid before calling underlying
      driver to detach it from QP. Drivers' detach_mcast() will fail to find
      modified mgid it was never given to attach in a first place.
      Core qp->usecnt will never go down, so ib_destroy_qp() will fail.
      
      IPoIB driver actually does take care of new broadcast mgid based on new
      pkey by destroying an old mcast object in ipoib_mcast_dev_flush())
      ....
      	if (priv->broadcast) {
      		rb_erase(&priv->broadcast->rb_node, &priv->multicast_tree);
      		list_add_tail(&priv->broadcast->list, &remove_list);
      		priv->broadcast = NULL;
      	}
      ...
      
      then in restarted ipoib_macst_join_task() creating a new broadcast mcast
      object, sending join request and on completion tells the driver to attach
      to reinitialized QP:
      ...
      if (!priv->broadcast) {
      ...
      	broadcast = ipoib_mcast_alloc(dev, 0);
      ...
      	memcpy(broadcast->mcmember.mgid.raw, priv->dev->broadcast + 4,
      	       sizeof (union ib_gid));
      	priv->broadcast = broadcast;
      ...
      
      Fixes: 9a9b8112 ("IB/ipoib: Update broadcast object if PKey value was changed in index 0")
      Cc: stable@vger.kernel.org
      Reviewed-by: default avatarMike Marciniszyn <mike.marciniszyn@intel.com>
      Reviewed-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
      Signed-off-by: default avatarAlex Estrin <alex.estrin@intel.com>
      Signed-off-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
      Reviewed-by: default avatarFeras Daoud <ferasda@mellanox.com>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      612601d0
    • Kamenee Arumugam's avatar
      IB/hfi1: Return correct value in general interrupt handler · 09592af5
      Kamenee Arumugam authored
      The general interrupt handler returns IRQ_HANDLED whether an IRQ
      was handled or not.
      Determine if an IRQ was handled and return the correct value.
      Reviewed-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
      Reviewed-by: default avatarMichael J. Ruhl <michael.j.ruhl@intel.com>
      Signed-off-by: default avatarKamenee Arumugam <kamenee.arumugam@intel.com>
      Signed-off-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      09592af5
    • Jan Sokolowski's avatar
      IB/hfi1: Check eeprom config partition validity · 753b19af
      Jan Sokolowski authored
      Relying on a trailing magic value is incorrect. There are instances where
      this is not present as trailing magic value has a specific purpose which is
      not partition validation. Instead use the header magic value which is
      present in all variants of the platform configuration and is intended for
      validation. This is also used in other locations in the driver.
      
      Fixes: bc5214ee (IB/hfi1: Handle missing magic values in config file)
      Reviewed-by: default avatarJakub Byczkowski <jakub.byczkowski@intel.com>
      Signed-off-by: default avatarJan Sokolowski <jan.sokolowski@intel.com>
      Signed-off-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      753b19af
    • Sebastian Sanchez's avatar
      IB/hfi1: Only reset QSFP after link up and turn off AOC TX · 30e10527
      Sebastian Sanchez authored
      QSFP reset enables AOC transmitters by default. They should be off
      before moving to high power mode to complete the setup. There is no
      need to reset the QSFP during LNI failure as it was reset at link down.
      Reviewed-by: default avatarMike Marciniszyn <mike.marciniszyn@intel.com>
      Reviewed-by: default avatarJakub Byczkowski <jakub.byczkowski@intel.com>
      Signed-off-by: default avatarSebastian Sanchez <sebastian.sanchez@intel.com>
      Signed-off-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      30e10527
    • Sebastian Sanchez's avatar
      IB/hfi1: Turn off AOC TX after offline substates · df5efdd9
      Sebastian Sanchez authored
      Offline.quietDuration was added in the 8051 firmware, and the driver
      only turns off the AOC transmitters when offline.quiet is reached.
      However, the AOC transmitters need to be turned off at the new state.
      Therefore, turn off the AOC transmitters at any offline substates
      including offline.quiet and offline.quietDuration, then recheck we
      reached offline.quiet to support backwards compatibility.
      Reviewed-by: default avatarJakub Byczkowski <jakub.byczkowski@intel.com>
      Reviewed-by: default avatarMike Marciniszyn <mike.marciniszyn@intel.com>
      Signed-off-by: default avatarSebastian Sanchez <sebastian.sanchez@intel.com>
      Signed-off-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      df5efdd9
    • Paolo Bonzini's avatar
      KVM: VMX: simplify and fix vmx_vcpu_pi_load · 31afb2ea
      Paolo Bonzini authored
      The simplify part: do not touch pi_desc.nv, we can set it when the
      VCPU is first created.  Likewise, pi_desc.sn is only handled by
      vmx_vcpu_pi_load, do not touch it in __pi_post_block.
      
      The fix part: do not check kvm_arch_has_assigned_device, instead
      check the SN bit to figure out whether vmx_vcpu_pi_put ran before.
      This matches what the previous patch did in pi_post_block.
      
      Cc: Huangweidong <weidong.huang@huawei.com>
      Cc: Gonglei <arei.gonglei@huawei.com>
      Cc: wangxin <wangxinxin.wang@huawei.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Tested-by: default avatarLongpeng (Mike) <longpeng2@huawei.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      31afb2ea
    • Paolo Bonzini's avatar
      KVM: VMX: avoid double list add with VT-d posted interrupts · 8b306e2f
      Paolo Bonzini authored
      In some cases, for example involving hot-unplug of assigned
      devices, pi_post_block can forget to remove the vCPU from the
      blocked_vcpu_list.  When this happens, the next call to
      pi_pre_block corrupts the list.
      
      Fix this in two ways.  First, check vcpu->pre_pcpu in pi_pre_block
      and WARN instead of adding the element twice in the list.  Second,
      always do the list removal in pi_post_block if vcpu->pre_pcpu is
      set (not -1).
      
      The new code keeps interrupts disabled for the whole duration of
      pi_pre_block/pi_post_block.  This is not strictly necessary, but
      easier to follow.  For the same reason, PI.ON is checked only
      after the cmpxchg, and to handle it we just call the post-block
      code.  This removes duplication of the list removal code.
      
      Cc: Huangweidong <weidong.huang@huawei.com>
      Cc: Gonglei <arei.gonglei@huawei.com>
      Cc: wangxin <wangxinxin.wang@huawei.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Tested-by: default avatarLongpeng (Mike) <longpeng2@huawei.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      8b306e2f
    • Paolo Bonzini's avatar
      KVM: VMX: extract __pi_post_block · cd39e117
      Paolo Bonzini authored
      Simple code movement patch, preparing for the next one.
      
      Cc: Huangweidong <weidong.huang@huawei.com>
      Cc: Gonglei <arei.gonglei@huawei.com>
      Cc: wangxin <wangxinxin.wang@huawei.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Tested-by: default avatarLongpeng (Mike) <longpeng2@huawei.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      cd39e117
    • Jan Kara's avatar
      quota: Fix quota corruption with generic/232 test · 4c6bb696
      Jan Kara authored
      Eric has reported that since commit d2faa415 "quota: Do not acquire
      dqio_sem for dquot overwrites in v2 format" test generic/232
      occasionally fails due to quota information being incorrect. Indeed that
      commit was too eager to remove dqio_sem completely from the path that
      just overwrites quota structure with updated information. Although that
      is innocent on its own, another process that inserts new quota structure
      to the same block can perform read-modify-write cycle of that block thus
      effectively discarding quota information update if they race in a wrong
      way.
      
      Fix the problem by acquiring dqio_sem for reading for overwrites of
      quota structure. Note that it *is* possible to completely avoid taking
      dqio_sem in the overwrite path however that will require modifying path
      inserting / deleting quota structures to avoid RMW cycles of the full
      block and for now it is not clear whether it is worth the hassle.
      
      Fixes: d2faa415Reported-and-tested-by: default avatarEric Whitney <enwlinux@gmail.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      4c6bb696
  4. 26 Sep, 2017 9 commits