1. 16 May, 2020 8 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 5d438e07
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "A new testcase for guest debugging (gdbstub) that exposed a bunch of
        bugs, mostly for AMD processors. And a few other x86 fixes"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
        KVM: x86: Fix pkru save/restore when guest CR4.PKE=0, move it to x86.c
        KVM: SVM: Disable AVIC before setting V_IRQ
        KVM: Introduce kvm_make_all_cpus_request_except()
        KVM: VMX: pass correct DR6 for GD userspace exit
        KVM: x86, SVM: isolate vcpu->arch.dr6 from vmcb->save.dr6
        KVM: SVM: keep DR6 synchronized with vcpu->arch.dr6
        KVM: nSVM: trap #DB and #BP to userspace if guest debugging is on
        KVM: selftests: Add KVM_SET_GUEST_DEBUG test
        KVM: X86: Fix single-step with KVM_SET_GUEST_DEBUG
        KVM: X86: Set RTM for DB_VECTOR too for KVM_EXIT_DEBUG
        KVM: x86: fix DR6 delivery for various cases of #DB injection
        KVM: X86: Declare KVM_CAP_SET_GUEST_DEBUG properly
      5d438e07
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.7-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · befc42e5
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - A fix for unrecoverable SLB faults in the interrupt exit path,
         introduced by the recent rewrite of interrupt exit in C.
      
       - Four fixes for our KUAP (Kernel Userspace Access Prevention) support
         on 64-bit. These are all fairly minor with the exception of the
         change to evaluate the get/put_user() arguments before we enable user
         access, which reduces the amount of code we run with user access
         enabled.
      
       - A fix for our secure boot IMA rules, if enforcement of module
         signatures is enabled at runtime rather than build time.
      
       - A fix to our 32-bit VDSO clock_getres() which wasn't falling back to
         the syscall for unknown clocks.
      
       - A build fix for CONFIG_PPC_KUAP_DEBUG on 32-bit BookS, and another
         for 40x.
      
      Thanks to: Christophe Leroy, Hugh Dickins, Nicholas Piggin, Aurelien
      Jarno, Mimi Zohar, Nayna Jain.
      
      * tag 'powerpc-5.7-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/40x: Make more space for system call exception
        powerpc/vdso32: Fallback on getres syscall when clock is unknown
        powerpc/32s: Fix build failure with CONFIG_PPC_KUAP_DEBUG
        powerpc/ima: Fix secure boot rules in ima arch policy
        powerpc/64s/kuap: Restore AMR in fast_interrupt_return
        powerpc/64s/kuap: Restore AMR in system reset exception
        powerpc/64/kuap: Move kuap checks out of MSR[RI]=0 regions of exit code
        powerpc/64s: Fix unrecoverable SLB crashes due to preemption check
        powerpc/uaccess: Evaluate macro arguments once, before user access is allowed
      befc42e5
    • Linus Torvalds's avatar
      Merge tag 'csky-for-linus-5.7-rc6' of git://github.com/c-sky/csky-linux · 26b089a7
      Linus Torvalds authored
      Pull csky updates from Guo Ren:
      
       - fix for copy_from/to_user (a hard-to-find bug, thx Viro)
      
       - fix for calltrace panic without FRAME_POINT
      
       - two fixes for perf
      
       - two build fixes
      
       - four fixes for non-fatal bugs (msa, rm dis_irq, cleanup psr,
         gdbmacros.txt)
      
      * tag 'csky-for-linus-5.7-rc6' of git://github.com/c-sky/csky-linux:
        csky: Fixup raw_copy_from_user()
        csky: Fixup gdbmacros.txt with name sp in thread_struct
        csky: Fixup remove unnecessary save/restore PSR code
        csky: Fixup remove duplicate irq_disable
        csky: Fixup calltrace panic
        csky: Fixup perf callchain unwind
        csky: Fixup msa highest 3 bits mask
        csky: Fixup perf probe -x hungup
        csky: Fixup compile error for abiv1 entry.S
        csky/ftrace: Fixup error when disable CONFIG_DYNAMIC_FTRACE
      26b089a7
    • Linus Torvalds's avatar
      Merge tag 'arm-soc-fixes-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 5c33696f
      Linus Torvalds authored
      Pull ARM SoC/dt fixes from Arnd Bergmann:
       "This round of fixes is almost exclusively device tree changes, with
        trivial defconfig fixes and one compiler warning fix added in.
      
        A number of patches are to fix dtc warnings, in particular on Amlogic,
        i.MX and Rockchips.
      
        Other notable changes include:
      
        Renesas:
         - Fix a wrong clock configuration on R-Mobile A1
         - Fix IOMMU support on R-Car V3H
      
        Allwinner
         - Multiple audio fixes
      
        Qualcomm
         - Use a safe CPU voltage on MSM8996
         - Fixes to match a late audio driver change
      
        Rockchip:
         - Some fixes for the newly added Pinebook Pro
      
        NXP i.MX:
         - Fix I2C1 pinctrl configuration for i.MX27 phytec-phycard board
         - Fix imx6dl-yapp4-ursa board Ethernet connection
      
        OMAP:
         - A regression fix for non-existing can device on am534x-idk
         - Fix flakey wlan on droid4 where some devices would not connect at
           all because of internal pull being used with an external pull
         - Fix occasional missed wake-up events on droid4 modem uart"
      
      * tag 'arm-soc-fixes-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (51 commits)
        ARM: dts: iwg20d-q7-dbcm-ca: Remove unneeded properties in hdmi@39
        ARM: dts: renesas: Make hdmi encoder nodes compliant with DT bindings
        arm64: dts: renesas: Make hdmi encoder nodes compliant with DT bindings
        arm64: defconfig: add MEDIA_PLATFORM_SUPPORT
        arm64: defconfig: ARCH_R8A7795: follow changed config symbol name
        arm64: defconfig: add DRM_DISPLAY_CONNECTOR
        arm64: defconfig: DRM_DUMB_VGA_DAC: follow changed config symbol name
        ARM: oxnas: make ox820_boot_secondary static
        ARM: dts: r8a7740: Add missing extal2 to CPG node
        ARM: dts: omap4-droid4: Fix occasional lost wakeirq for uart1
        ARM: dts: omap4-droid4: Fix flakey wlan by disabling internal pull for gpio
        arm64: dts: allwinner: a64: Remove unused SPDIF sound card
        arm64: dts: allwinner: a64: pinetab: Fix cpvdd supply name
        arm64: dts: meson-g12: remove spurious blank line
        arm64: dts: meson-g12b-khadas-vim3: add missing frddr_a status property
        arm64: dts: meson-g12-common: fix dwc2 clock names
        arm64: dts: meson-g12b-ugoos-am6: fix usb vbus-supply
        arm64: dts: freescale: imx8mp: update input_val for AUDIOMIX_BIT_STREAM
        ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes
        ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
        ...
      5c33696f
    • Linus Torvalds's avatar
      Merge tag 'block-5.7-2020-05-16' of git://git.kernel.dk/linux-block · 3d1c1e59
      Linus Torvalds authored
      Pull block fix from Jens Axboe:
       "Just a single NVMe pull in here, with a single fix for a missing DMA
        read memory barrier for completions"
      
      * tag 'block-5.7-2020-05-16' of git://git.kernel.dk/linux-block:
        nvme-pci: dma read memory barrier for completions
      3d1c1e59
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v5.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · cf0ca701
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
       "A bunch of pin control fixes, some a bit overly ripe, sorry about
        that. We have important systems like Intel laptops and Qualcomm mobile
        chips covered.
      
         - Pad lock register on Intel Sunrisepoint had the wrong offset
      
         - Fix pin config setting for the Baytrail GPIO chip
      
         - Fix a compilation warning in the Mediatek driver
      
         - Fix a function group name in the Actions driver
      
         - Fix a behaviour bug in the edge polarity code in the Qualcomm
           driver
      
         - Add a missing spinlock in the Intel Cherryview driver
      
         - Add affinity callbacks to the Qualcomm MSMGPIO chip"
      
      * tag 'pinctrl-v5.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: qcom: Add affinity callbacks to msmgpio IRQ chip
        pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
        pinctrl: qcom: fix wrong write in update_dual_edge
        pinctrl: actions: fix function group name for i2c0_group
        pinctrl: mediatek: remove shadow variable declaration
        pinctrl: baytrail: Enable pin configuration setting for GPIO chip
        pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H
      cf0ca701
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.7-2020-05-15' of git://git.kernel.dk/linux-block · 18e70f3a
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "Two small fixes that should go into this release:
      
         - Check and handle zero length splice (Pavel)
      
         - Fix a regression in this merge window for fixed files used with
           polled block IO"
      
      * tag 'io_uring-5.7-2020-05-15' of git://git.kernel.dk/linux-block:
        io_uring: polled fixed file must go through free iteration
        io_uring: fix zero len do_splice()
      18e70f3a
    • Jens Axboe's avatar
      Merge branch 'nvme-5.7' of git://git.infradead.org/nvme into block-5.7 · 39489553
      Jens Axboe authored
      Pull NVMe fix from Christoph.
      
      * 'nvme-5.7' of git://git.infradead.org/nvme:
        nvme-pci: dma read memory barrier for completions
      39489553
  2. 15 May, 2020 30 commits
  3. 14 May, 2020 2 commits
    • Olga Kornievskaia's avatar
      NFSv3: fix rpc receive buffer size for MOUNT call · 8eed292b
      Olga Kornievskaia authored
      Prior to commit e3d3ab64dd66 ("SUNRPC: Use au_rslack when
      computing reply buffer size"), there was enough slack in the reply
      buffer to commodate filehandles of size 60bytes. However, the real
      problem was that the reply buffer size for the MOUNT operation was
      not correctly calculated. Received buffer size used the filehandle
      size for NFSv2 (32bytes) which is much smaller than the allowed
      filehandle size for the v3 mounts.
      
      Fix the reply buffer size (decode arguments size) for the MNT command.
      
      Fixes: 2c94b8ec ("SUNRPC: Use au_rslack when computing reply buffer size")
      Signed-off-by: default avatarOlga Kornievskaia <kolga@netapp.com>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      8eed292b
    • Eric Dumazet's avatar
      tcp: fix error recovery in tcp_zerocopy_receive() · e776af60
      Eric Dumazet authored
      If user provides wrong virtual address in TCP_ZEROCOPY_RECEIVE
      operation we want to return -EINVAL error.
      
      But depending on zc->recv_skip_hint content, we might return
      -EIO error if the socket has SOCK_DONE set.
      
      Make sure to return -EINVAL in this case.
      
      BUG: KMSAN: uninit-value in tcp_zerocopy_receive net/ipv4/tcp.c:1833 [inline]
      BUG: KMSAN: uninit-value in do_tcp_getsockopt+0x4494/0x6320 net/ipv4/tcp.c:3685
      CPU: 1 PID: 625 Comm: syz-executor.0 Not tainted 5.7.0-rc4-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x1c9/0x220 lib/dump_stack.c:118
       kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
       __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
       tcp_zerocopy_receive net/ipv4/tcp.c:1833 [inline]
       do_tcp_getsockopt+0x4494/0x6320 net/ipv4/tcp.c:3685
       tcp_getsockopt+0xf8/0x1f0 net/ipv4/tcp.c:3728
       sock_common_getsockopt+0x13f/0x180 net/core/sock.c:3131
       __sys_getsockopt+0x533/0x7b0 net/socket.c:2177
       __do_sys_getsockopt net/socket.c:2192 [inline]
       __se_sys_getsockopt+0xe1/0x100 net/socket.c:2189
       __x64_sys_getsockopt+0x62/0x80 net/socket.c:2189
       do_syscall_64+0xb8/0x160 arch/x86/entry/common.c:297
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      RIP: 0033:0x45c829
      Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
      RSP: 002b:00007f1deeb72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
      RAX: ffffffffffffffda RBX: 00000000004e01e0 RCX: 000000000045c829
      RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000009
      RBP: 000000000078bf00 R08: 0000000020000200 R09: 0000000000000000
      R10: 00000000200001c0 R11: 0000000000000246 R12: 00000000ffffffff
      R13: 00000000000001d8 R14: 00000000004d3038 R15: 00007f1deeb736d4
      
      Local variable ----zc@do_tcp_getsockopt created at:
       do_tcp_getsockopt+0x1a74/0x6320 net/ipv4/tcp.c:3670
       do_tcp_getsockopt+0x1a74/0x6320 net/ipv4/tcp.c:3670
      
      Fixes: 05255b82 ("tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Acked-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e776af60