1. 01 Oct, 2019 4 commits
    • Greg Kurz's avatar
      powerpc/xive: Fix bogus error code returned by OPAL · 80fc2795
      Greg Kurz authored
      commit 6ccb4ac2 upstream.
      
      There's a bug in skiboot that causes the OPAL_XIVE_ALLOCATE_IRQ call
      to return the 32-bit value 0xffffffff when OPAL has run out of IRQs.
      Unfortunatelty, OPAL return values are signed 64-bit entities and
      errors are supposed to be negative. If that happens, the linux code
      confusingly treats 0xffffffff as a valid IRQ number and panics at some
      point.
      
      A fix was recently merged in skiboot:
      
      e97391ae2bb5 ("xive: fix return value of opal_xive_allocate_irq()")
      
      but we need a workaround anyway to support older skiboots already
      in the field.
      
      Internally convert 0xffffffff to OPAL_RESOURCE which is the usual error
      returned upon resource exhaustion.
      
      Cc: stable@vger.kernel.org # v4.12+
      Signed-off-by: default avatarGreg Kurz <groug@kaod.org>
      Reviewed-by: default avatarCédric Le Goater <clg@kaod.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/156821713818.1985334.14123187368108582810.stgit@bahia.lan
      (groug: fix arch/powerpc/platforms/powernv/opal-wrappers.S instead of
              non-existing arch/powerpc/platforms/powernv/opal-call.c)
      Signed-off-by: default avatarGreg Kurz <groug@kaod.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      80fc2795
    • Leon Romanovsky's avatar
      RDMA/restrack: Protect from reentry to resource return path · 4eb92a11
      Leon Romanovsky authored
      commit fe9bc164 upstream.
      
      Nullify the resource task struct pointer to ensure that subsequent calls
      won't try to release task_struct again.
      
      ------------[ cut here ]------------
      ODEBUG: free active (active state 1) object type: rcu_head hint:
      (null)
      WARNING: CPU: 0 PID: 6048 at lib/debugobjects.c:329
      debug_print_object+0x16a/0x210 lib/debugobjects.c:326
      Kernel panic - not syncing: panic_on_warn set ...
      
      CPU: 0 PID: 6048 Comm: syz-executor022 Not tainted
      4.19.0-rc7-next-20181008+ #89
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
      Google 01/01/2011
      Call Trace:
        __dump_stack lib/dump_stack.c:77 [inline]
        dump_stack+0x244/0x3ab lib/dump_stack.c:113
        panic+0x238/0x4e7 kernel/panic.c:184
        __warn.cold.8+0x163/0x1ba kernel/panic.c:536
        report_bug+0x254/0x2d0 lib/bug.c:186
        fixup_bug arch/x86/kernel/traps.c:178 [inline]
        do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
        do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290
        invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969
      RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326
      Code: 41 88 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14
      dd
      60 02 41 88 4c 89 fe 48 c7 c7 00 f8 40 88 e8 36 2f b4 fd <0f> 0b 83 05
      a9
      f4 5e 06 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f
      RSP: 0018:ffff8801d8c3eda8 EFLAGS: 00010086
      RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
      RDX: 0000000000000000 RSI: ffffffff8164d235 RDI: 0000000000000005
      RBP: ffff8801d8c3ede8 R08: ffff8801d70aa280 R09: ffffed003b5c3eda
      R10: ffffed003b5c3eda R11: ffff8801dae1f6d7 R12: 0000000000000001
      R13: ffffffff8939a760 R14: 0000000000000000 R15: ffffffff8840fca0
        __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
        debug_check_no_obj_freed+0x3ae/0x58d lib/debugobjects.c:818
        kmem_cache_free+0x202/0x290 mm/slab.c:3759
        free_task_struct kernel/fork.c:163 [inline]
        free_task+0x16e/0x1f0 kernel/fork.c:457
        __put_task_struct+0x2e6/0x620 kernel/fork.c:730
        put_task_struct include/linux/sched/task.h:96 [inline]
        finish_task_switch+0x66c/0x900 kernel/sched/core.c:2715
        context_switch kernel/sched/core.c:2834 [inline]
        __schedule+0x8d7/0x21d0 kernel/sched/core.c:3480
        schedule+0xfe/0x460 kernel/sched/core.c:3524
        freezable_schedule include/linux/freezer.h:172 [inline]
        futex_wait_queue_me+0x3f9/0x840 kernel/futex.c:2530
        futex_wait+0x45c/0xa50 kernel/futex.c:2645
        do_futex+0x31a/0x26d0 kernel/futex.c:3528
        __do_sys_futex kernel/futex.c:3589 [inline]
        __se_sys_futex kernel/futex.c:3557 [inline]
        __x64_sys_futex+0x472/0x6a0 kernel/futex.c:3557
        do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
        entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x446549
      Code: e8 2c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
      48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
      ff 0f 83 2b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
      RSP: 002b:00007f3a998f5da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
      RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446549
      RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc38
      RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc3c
      R13: 2f646e6162696e69 R14: 666e692f7665642f R15: 00000000006dbd2c
      Kernel Offset: disabled
      
      Reported-by: syzbot+71aff6ea121ffefc280f@syzkaller.appspotmail.com
      Fixes: ed7a01fd ("RDMA/restrack: Release task struct which was hold by CM_ID object")
      Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
      Cc: Pavel Machek <pavel@denx.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4eb92a11
    • Juliet Kim's avatar
      net/ibmvnic: free reset work of removed device from queue · 373f9092
      Juliet Kim authored
      [ Upstream commit 1c2977c0 ]
      
      Commit 36f1031c ("ibmvnic: Do not process reset during or after
       device removal") made the change to exit reset if the driver has been
      removed, but does not free reset work items of the adapter from queue.
      
      Ensure all reset work items are freed when breaking out of the loop early.
      
      Fixes: 36f1031c ("ibmnvic: Do not process reset during or after device removal”)
      Signed-off-by: default avatarJuliet Kim <julietk@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      373f9092
    • Marcel Holtmann's avatar
      Revert "Bluetooth: validate BLE connection interval updates" · 2af977b0
      Marcel Holtmann authored
      [ Upstream commit 68d19d7d ]
      
      This reverts commit c49a8682.
      
      There are devices which require low connection intervals for usable operation
      including keyboards and mice. Forcing a static connection interval for
      these types of devices has an impact in latency and causes a regression.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      2af977b0
  2. 21 Sep, 2019 36 commits