1. 08 Aug, 2019 4 commits
    • Paolo Valente's avatar
      block, bfq: handle NULL return value by bfq_init_rq() · fd03177c
      Paolo Valente authored
      As reported in [1], the call bfq_init_rq(rq) may return NULL in case
      of OOM (in particular, if rq->elv.icq is NULL because memory
      allocation failed in failed in ioc_create_icq()).
      
      This commit handles this circumstance.
      
      [1] https://lkml.org/lkml/2019/7/22/824
      
      Cc: Hsin-Yi Wang <hsinyi@google.com>
      Cc: Nicolas Boichat <drinkcat@chromium.org>
      Cc: Doug Anderson <dianders@chromium.org>
      Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Reported-by: default avatarHsin-Yi Wang <hsinyi@google.com>
      Reviewed-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarPaolo Valente <paolo.valente@linaro.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      fd03177c
    • Paolo Valente's avatar
      block, bfq: move update of waker and woken list to queue freeing · 3f758e84
      Paolo Valente authored
      Since commit 13a857a4 ("block, bfq: detect wakers and
      unconditionally inject their I/O"), every bfq_queue has a pointer to a
      waker bfq_queue and a list of the bfq_queues it may wake. In this
      respect, when a bfq_queue, say Q, remains with no I/O source attached
      to it, Q cannot be woken by any other bfq_queue, and cannot wake any
      other bfq_queue. Then Q must be removed from the woken list of its
      possible waker bfq_queue, and all bfq_queues in the woken list of Q
      must stop having a waker bfq_queue.
      
      Q remains with no I/O source in two cases: when the last process
      associated with Q exits or when such a process gets associated with a
      different bfq_queue. Unfortunately, commit 13a857a4 ("block, bfq:
      detect wakers and unconditionally inject their I/O") performed the
      above updates only in the first case.
      
      This commit fixes this bug by moving these updates to when Q gets
      freed. This is a simple and safe way to handle all cases, as both the
      above events, process exit and re-association, lead to Q being freed
      soon, and because dangling references would come out only after Q gets
      freed (if no update were performed).
      
      Fixes: 13a857a4 ("block, bfq: detect wakers and unconditionally inject their I/O")
      Reported-by: default avatarDouglas Anderson <dianders@chromium.org>
      Tested-by: default avatarDouglas Anderson <dianders@chromium.org>
      Signed-off-by: default avatarPaolo Valente <paolo.valente@linaro.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      3f758e84
    • Paolo Valente's avatar
      block, bfq: reset last_completed_rq_bfqq if the pointed queue is freed · 08d383a7
      Paolo Valente authored
      Since commit 13a857a4 ("block, bfq: detect wakers and
      unconditionally inject their I/O"), BFQ stores, in a per-device
      pointer last_completed_rq_bfqq, the last bfq_queue that had an I/O
      request completed. If some bfq_queue receives new I/O right after the
      last request of last_completed_rq_bfqq has been completed, then
      last_completed_rq_bfqq may be a waker bfq_queue.
      
      But if the bfq_queue last_completed_rq_bfqq points to is freed, then
      last_completed_rq_bfqq becomes a dangling reference. This commit
      resets last_completed_rq_bfqq if the pointed bfq_queue is freed.
      
      Fixes: 13a857a4 ("block, bfq: detect wakers and unconditionally inject their I/O")
      Reported-by: default avatarDouglas Anderson <dianders@chromium.org>
      Tested-by: default avatarDouglas Anderson <dianders@chromium.org>
      Signed-off-by: default avatarPaolo Valente <paolo.valente@linaro.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      08d383a7
    • He Zhe's avatar
      block: aoe: Fix kernel crash due to atomic sleep when exiting · 430380b4
      He Zhe authored
      Since commit 3582dd29 ("aoe: convert aoeblk to blk-mq"), aoedev_downdev
      has had the possibility of sleeping and causing the following crash.
      
      BUG: scheduling while atomic: rmmod/2242/0x00000003
      Modules linked in: aoe
      Preemption disabled at:
      [<ffffffffc01d95e5>] flush+0x95/0x4a0 [aoe]
      CPU: 7 PID: 2242 Comm: rmmod Tainted: G          I       5.2.3 #1
      Hardware name: Intel Corporation S5520HC/S5520HC, BIOS S5500.86B.01.10.0025.030220091519 03/02/2009
      Call Trace:
       dump_stack+0x4f/0x6a
       ? flush+0x95/0x4a0 [aoe]
       __schedule_bug.cold+0x44/0x54
       __schedule+0x44f/0x680
       schedule+0x44/0xd0
       blk_mq_freeze_queue_wait+0x46/0xb0
       ? wait_woken+0x80/0x80
       blk_mq_freeze_queue+0x1b/0x20
       aoedev_downdev+0x111/0x160 [aoe]
       flush+0xff/0x4a0 [aoe]
       aoedev_exit+0x23/0x30 [aoe]
       aoe_exit+0x35/0x948 [aoe]
       __se_sys_delete_module+0x183/0x210
       __x64_sys_delete_module+0x16/0x20
       do_syscall_64+0x4d/0x130
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      RIP: 0033:0x7f24e0043b07
      Code: 73 01 c3 48 8b 0d 89 73 0b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f
      1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff
      ff 73 01 c3 48 8b 0d 59 73 0b 00 f7 d8 64 89 01 48
      RSP: 002b:00007ffe18f7f1e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
      RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f24e0043b07
      RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000555c3ecf87c8
      RBP: 00007ffe18f7f1f0 R08: 0000000000000000 R09: 0000000000000000
      R10: 00007f24e00b4ac0 R11: 0000000000000206 R12: 00007ffe18f7f238
      R13: 00007ffe18f7f410 R14: 00007ffe18f80e73 R15: 0000555c3ecf8760
      
      This patch, handling in the same way of pass two, unlocks the locks and
      restart pass one after aoedev_downdev is done.
      
      Fixes: 3582dd29 ("aoe: convert aoeblk to blk-mq")
      Signed-off-by: default avatarHe Zhe <zhe.he@windriver.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      430380b4
  2. 07 Aug, 2019 3 commits
    • Jens Axboe's avatar
      libata: add SG safety checks in SFF pio transfers · 752ead44
      Jens Axboe authored
      Abort processing of a command if we run out of mapped data in the
      SG list. This should never happen, but a previous bug caused it to
      be possible. Play it safe and attempt to abort nicely if we don't
      have more SG segments left.
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      752ead44
    • Jens Axboe's avatar
      libata: have ata_scsi_rw_xlat() fail invalid passthrough requests · 2d727150
      Jens Axboe authored
      For passthrough requests, libata-scsi takes what the user passes in
      as gospel. This can be problematic if the user fills in the CDB
      incorrectly. One example of that is in request sizes. For read/write
      commands, the CDB contains fields describing the transfer length of
      the request. These should match with the SG_IO header fields, but
      libata-scsi currently does no validation of that.
      
      Check that the number of blocks in the CDB for passthrough requests
      matches what was mapped into the request. If the CDB asks for more
      data then the validated SG_IO header fields, error it.
      Reported-by: default avatarKrishna Ram Prakash R <krp@gtux.in>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      2d727150
    • Jens Axboe's avatar
      block: fix O_DIRECT error handling for bio fragments · e15c2ffa
      Jens Axboe authored
      0eb6ddfb tried to fix this up, but introduced a use-after-free
      of dio. Additionally, we still had an issue with error handling,
      as reported by Darrick:
      
      "I noticed a regression in xfs/747 (an unreleased xfstest for the
      xfs_scrub media scanning feature) on 5.3-rc3.  I'll condense that down
      to a simpler reproducer:
      
      error-test: 0 209 linear 8:48 0
      error-test: 209 1 error
      error-test: 210 6446894 linear 8:48 210
      
      Basically we have a ~3G /dev/sdd and we set up device mapper to fail IO
      for sector 209 and to pass the io to the scsi device everywhere else.
      
      On 5.3-rc3, performing a directio pread of this range with a < 1M buffer
      (in other words, a request for fewer than MAX_BIO_PAGES bytes) yields
      EIO like you'd expect:
      
      pread64(3, 0x7f880e1c7000, 1048576, 0)  = -1 EIO (Input/output error)
      pread: Input/output error
      +++ exited with 0 +++
      
      But doing it with a larger buffer succeeds(!):
      
      pread64(3, "XFSB\0\0\20\0\0\0\0\0\0\fL\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1146880, 0) = 1146880
      read 1146880/1146880 bytes at offset 0
      1 MiB, 1 ops; 0.0009 sec (1.124 GiB/sec and 1052.6316 ops/sec)
      +++ exited with 0 +++
      
      (Note that the part of the buffer corresponding to the dm-error area is
      uninitialized)
      
      On 5.3-rc2, both commands would fail with EIO like you'd expect.  The
      only change between rc2 and rc3 is commit 0eb6ddfb ("block: Fix
      __blkdev_direct_IO() for bio fragments").
      
      AFAICT we end up in __blkdev_direct_IO with a 1120K buffer, which gets
      split into two bios: one for the first BIO_MAX_PAGES worth of data (1MB)
      and a second one for the 96k after that."
      
      Fix this by noting that it's always safe to dereference dio if we get
      BLK_QC_T_EAGAIN returned, as end_io hasn't been run for that case. So
      we can safely increment the dio size before calling submit_bio(), and
      then decrement it on failure (not that it really matters, as the bio
      and dio are going away).
      
      For error handling, return to the original method of just using 'ret'
      for tracking the error, and the size tracking in dio->size.
      
      Fixes: 0eb6ddfb ("block: Fix __blkdev_direct_IO() for bio fragments")
      Fixes: 6a43074e ("block: properly handle IOCB_NOWAIT for async O_DIRECT IO")
      Reported-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      e15c2ffa
  3. 06 Aug, 2019 1 commit
  4. 02 Aug, 2019 1 commit
    • Stefan Haberland's avatar
      s390/dasd: fix endless loop after read unit address configuration · 41995342
      Stefan Haberland authored
      After getting a storage server event that causes the DASD device driver
      to update its unit address configuration during a device shutdown there is
      the possibility of an endless loop in the device driver.
      
      In the system log there will be ongoing DASD error messages with RC: -19.
      
      The reason is that the loop starting the ruac request only terminates when
      the retry counter is decreased to 0. But in the sleep_on function there are
      early exit paths that do not decrease the retry counter.
      
      Prevent an endless loop by handling those cases separately.
      
      Remove the unnecessary do..while loop since the sleep_on function takes
      care of retries by itself.
      
      Fixes: 8e09f215 ("[S390] dasd: add hyper PAV support to DASD device driver, part 1")
      Cc: stable@vger.kernel.org # 2.6.25+
      Signed-off-by: default avatarStefan Haberland <sth@linux.ibm.com>
      Reviewed-by: default avatarJan Hoeppner <hoeppner@linux.ibm.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      41995342
  5. 01 Aug, 2019 1 commit
    • Damien Le Moal's avatar
      block: Fix __blkdev_direct_IO() for bio fragments · 0eb6ddfb
      Damien Le Moal authored
      The recent fix to properly handle IOCB_NOWAIT for async O_DIRECT IO
      (patch 6a43074e) introduced two problems with BIO fragment handling
      for direct IOs:
      1) The dio size processed is calculated by incrementing the ret variable
      by the size of the bio fragment issued for the dio. However, this size
      is obtained directly from bio->bi_iter.bi_size AFTER the bio submission
      which may result in referencing the bi_size value after the bio
      completed, resulting in an incorrect value use.
      2) The ret variable is not incremented by the size of the last bio
      fragment issued for the bio, leading to an invalid IO size being
      returned to the user.
      
      Fix both problem by using dio->size (which is incremented before the bio
      submission) to update the value of ret after bio submissions, including
      for the last bio fragment issued.
      
      Fixes: 6a43074e ("block: properly handle IOCB_NOWAIT for async O_DIRECT IO")
      Reported-by: default avatarMasato Suzuki <masato.suzuki@wdc.com>
      Signed-off-by: default avatarDamien Le Moal <damien.lemoal@wdc.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      0eb6ddfb
  6. 31 Jul, 2019 4 commits
    • Denis Efremov's avatar
      MAINTAINERS: floppy: take over maintainership · 3d0b63c5
      Denis Efremov authored
      I would like to maintain the floppy driver. After the recent fixes,
      I think I know the code pretty well. Nowadays I've got 2 physical 3.5"
      readers to test all the changes.
      Signed-off-by: default avatarDenis Efremov <efremov@linux.com>
      Acked-by: default avatarWill Deacon <will@kernel.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      3d0b63c5
    • Munehisa Kamata's avatar
      nbd: replace kill_bdev() with __invalidate_device() again · 2b5c8f00
      Munehisa Kamata authored
      Commit abbbdf12 ("replace kill_bdev() with __invalidate_device()")
      once did this, but 29eaadc0 ("nbd: stop using the bdev everywhere")
      resurrected kill_bdev() and it has been there since then. So buffer_head
      mappings still get killed on a server disconnection, and we can still
      hit the BUG_ON on a filesystem on the top of the nbd device.
      
        EXT4-fs (nbd0): mounted filesystem with ordered data mode. Opts: (null)
        block nbd0: Receive control failed (result -32)
        block nbd0: shutting down sockets
        print_req_error: I/O error, dev nbd0, sector 66264 flags 3000
        EXT4-fs warning (device nbd0): htree_dirblock_to_tree:979: inode #2: lblock 0: comm ls: error -5 reading directory block
        print_req_error: I/O error, dev nbd0, sector 2264 flags 3000
        EXT4-fs error (device nbd0): __ext4_get_inode_loc:4690: inode #2: block 283: comm ls: unable to read itable block
        EXT4-fs error (device nbd0) in ext4_reserve_inode_write:5894: IO failure
        ------------[ cut here ]------------
        kernel BUG at fs/buffer.c:3057!
        invalid opcode: 0000 [#1] SMP PTI
        CPU: 7 PID: 40045 Comm: jbd2/nbd0-8 Not tainted 5.1.0-rc3+ #4
        Hardware name: Amazon EC2 m5.12xlarge/, BIOS 1.0 10/16/2017
        RIP: 0010:submit_bh_wbc+0x18b/0x190
        ...
        Call Trace:
         jbd2_write_superblock+0xf1/0x230 [jbd2]
         ? account_entity_enqueue+0xc5/0xf0
         jbd2_journal_update_sb_log_tail+0x94/0xe0 [jbd2]
         jbd2_journal_commit_transaction+0x12f/0x1d20 [jbd2]
         ? __switch_to_asm+0x40/0x70
         ...
         ? lock_timer_base+0x67/0x80
         kjournald2+0x121/0x360 [jbd2]
         ? remove_wait_queue+0x60/0x60
         kthread+0xf8/0x130
         ? commit_timeout+0x10/0x10 [jbd2]
         ? kthread_bind+0x10/0x10
         ret_from_fork+0x35/0x40
      
      With __invalidate_device(), I no longer hit the BUG_ON with sync or
      unmount on the disconnected device.
      
      Fixes: 29eaadc0 ("nbd: stop using the bdev everywhere")
      Cc: linux-block@vger.kernel.org
      Cc: Ratna Manoj Bolla <manoj.br@gmail.com>
      Cc: nbd@other.debian.org
      Cc: stable@vger.kernel.org
      Cc: David Woodhouse <dwmw@amazon.com>
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarMunehisa Kamata <kamatam@amazon.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      2b5c8f00
    • Miquel Raynal's avatar
      ata: libahci: do not complain in case of deferred probe · 090bb803
      Miquel Raynal authored
      Retrieving PHYs can defer the probe, do not spawn an error when
      -EPROBE_DEFER is returned, it is normal behavior.
      
      Fixes: b1a9edbd ("ata: libahci: allow to use multiple PHYs")
      Reviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarMiquel Raynal <miquel.raynal@bootlin.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      090bb803
    • Jackie Liu's avatar
      io_uring: fix KASAN use after free in io_sq_wq_submit_work · d0ee8791
      Jackie Liu authored
      [root@localhost ~]# ./liburing/test/link
      
      QEMU Standard PC report that:
      
      [   29.379892] CPU: 0 PID: 84 Comm: kworker/u2:2 Not tainted 5.3.0-rc2-00051-g4010b622-dirty #86
      [   29.379902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
      [   29.379913] Workqueue: io_ring-wq io_sq_wq_submit_work
      [   29.379929] Call Trace:
      [   29.379953]  dump_stack+0xa9/0x10e
      [   29.379970]  ? io_sq_wq_submit_work+0xbf4/0xe90
      [   29.379986]  print_address_description.cold.6+0x9/0x317
      [   29.379999]  ? io_sq_wq_submit_work+0xbf4/0xe90
      [   29.380010]  ? io_sq_wq_submit_work+0xbf4/0xe90
      [   29.380026]  __kasan_report.cold.7+0x1a/0x34
      [   29.380044]  ? io_sq_wq_submit_work+0xbf4/0xe90
      [   29.380061]  kasan_report+0xe/0x12
      [   29.380076]  io_sq_wq_submit_work+0xbf4/0xe90
      [   29.380104]  ? io_sq_thread+0xaf0/0xaf0
      [   29.380152]  process_one_work+0xb59/0x19e0
      [   29.380184]  ? pwq_dec_nr_in_flight+0x2c0/0x2c0
      [   29.380221]  worker_thread+0x8c/0xf40
      [   29.380248]  ? __kthread_parkme+0xab/0x110
      [   29.380265]  ? process_one_work+0x19e0/0x19e0
      [   29.380278]  kthread+0x30b/0x3d0
      [   29.380292]  ? kthread_create_on_node+0xe0/0xe0
      [   29.380311]  ret_from_fork+0x3a/0x50
      
      [   29.380635] Allocated by task 209:
      [   29.381255]  save_stack+0x19/0x80
      [   29.381268]  __kasan_kmalloc.constprop.6+0xc1/0xd0
      [   29.381279]  kmem_cache_alloc+0xc0/0x240
      [   29.381289]  io_submit_sqe+0x11bc/0x1c70
      [   29.381300]  io_ring_submit+0x174/0x3c0
      [   29.381311]  __x64_sys_io_uring_enter+0x601/0x780
      [   29.381322]  do_syscall_64+0x9f/0x4d0
      [   29.381336]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      [   29.381633] Freed by task 84:
      [   29.382186]  save_stack+0x19/0x80
      [   29.382198]  __kasan_slab_free+0x11d/0x160
      [   29.382210]  kmem_cache_free+0x8c/0x2f0
      [   29.382220]  io_put_req+0x22/0x30
      [   29.382230]  io_sq_wq_submit_work+0x28b/0xe90
      [   29.382241]  process_one_work+0xb59/0x19e0
      [   29.382251]  worker_thread+0x8c/0xf40
      [   29.382262]  kthread+0x30b/0x3d0
      [   29.382272]  ret_from_fork+0x3a/0x50
      
      [   29.382569] The buggy address belongs to the object at ffff888067172140
                      which belongs to the cache io_kiocb of size 224
      [   29.384692] The buggy address is located 120 bytes inside of
                      224-byte region [ffff888067172140, ffff888067172220)
      [   29.386723] The buggy address belongs to the page:
      [   29.387575] page:ffffea00019c5c80 refcount:1 mapcount:0 mapping:ffff88806ace5180 index:0x0
      [   29.387587] flags: 0x100000000000200(slab)
      [   29.387603] raw: 0100000000000200 dead000000000100 dead000000000122 ffff88806ace5180
      [   29.387617] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
      [   29.387624] page dumped because: kasan: bad access detected
      
      [   29.387920] Memory state around the buggy address:
      [   29.388771]  ffff888067172080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
      [   29.390062]  ffff888067172100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
      [   29.391325] >ffff888067172180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [   29.392578]                                         ^
      [   29.393480]  ffff888067172200: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
      [   29.394744]  ffff888067172280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [   29.396003] ==================================================================
      [   29.397260] Disabling lock debugging due to kernel taint
      
      io_sq_wq_submit_work free and read req again.
      
      Cc: Zhengyuan Liu <liuzhengyuan@kylinos.cn>
      Cc: linux-block@vger.kernel.org
      Cc: stable@vger.kernel.org
      Fixes: f7b76ac9 ("io_uring: fix counter inc/dec mismatch in async_list")
      Signed-off-by: default avatarJackie Liu <liuyun01@kylinos.cn>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      d0ee8791
  7. 30 Jul, 2019 1 commit
    • Jan Kara's avatar
      loop: Fix mount(2) failure due to race with LOOP_SET_FD · 89e524c0
      Jan Kara authored
      Commit 33ec3e53 ("loop: Don't change loop device under exclusive
      opener") made LOOP_SET_FD ioctl acquire exclusive block device reference
      while it updates loop device binding. However this can make perfectly
      valid mount(2) fail with EBUSY due to racing LOOP_SET_FD holding
      temporarily the exclusive bdev reference in cases like this:
      
      for i in {a..z}{a..z}; do
              dd if=/dev/zero of=$i.image bs=1k count=0 seek=1024
              mkfs.ext2 $i.image
              mkdir mnt$i
      done
      
      echo "Run"
      for i in {a..z}{a..z}; do
              mount -o loop -t ext2 $i.image mnt$i &
      done
      
      Fix the problem by not getting full exclusive bdev reference in
      LOOP_SET_FD but instead just mark the bdev as being claimed while we
      update the binding information. This just blocks new exclusive openers
      instead of failing them with EBUSY thus fixing the problem.
      
      Fixes: 33ec3e53 ("loop: Don't change loop device under exclusive opener")
      Cc: stable@vger.kernel.org
      Tested-by: default avatarKai-Heng Feng <kai.heng.feng@canonical.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      89e524c0
  8. 29 Jul, 2019 2 commits
  9. 28 Jul, 2019 13 commits
    • Linus Torvalds's avatar
      Linux 5.3-rc2 · 609488bc
      Linus Torvalds authored
      609488bc
    • Linus Torvalds's avatar
      Merge tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · c622fc5f
      Linus Torvalds authored
      Pull structleak fix from Kees Cook:
       "Disable gcc-based stack variable auto-init under KASAN (Arnd
        Bergmann).
      
        This fixes a bunch of build warnings under KASAN and the
        gcc-plugin-based stack auto-initialization features (which are
        arguably redundant, so better to let KASAN control this)"
      
      * tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
      c622fc5f
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v5.3' of... · 8e61ea11
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - add compile_commands.json to .gitignore
      
       - fix false-positive warning from gen_compile_commands.py after
         allnoconfig build
      
       - remove unused code
      
      * tag 'kbuild-fixes-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kbuild: remove unused single-used-m
        gen_compile_commands: lower the entry count threshold
        .gitignore: Add compilation database file
        kbuild: remove unused objectify macro
      8e61ea11
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 04ce9318
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small char and misc driver fixes for 5.3-rc2 to resolve
        some reported issues.
      
        Nothing major at all, some binder bugfixes for issues found, some new
        mei device ids, firmware building warning fixes, habanalabs fixes, a
        few other build fixes, and a MAINTAINERS update.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'char-misc-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        test_firmware: fix a memory leak bug
        hpet: Fix division by zero in hpet_time_div()
        eeprom: make older eeprom drivers select NVMEM_SYSFS
        vmw_balloon: Remove Julien from the maintainers list
        fpga-manager: altera-ps-spi: Fix build error
        mei: me: add mule creek canyon (EHL) device ids
        binder: prevent transactions to context manager from its own process.
        binder: Set end of SG buffer area properly.
        firmware: Fix missing inline
        firmware: fix build errors in paged buffer handling code
        habanalabs: don't reset device when getting VRHOT
        habanalabs: use %pad for printing a dma_addr_t
      04ce9318
    • Linus Torvalds's avatar
      Merge tag 'tty-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 572782b2
      Linus Torvalds authored
      Pull tty fixes from Greg KH:
       "Here are two tty/vt fixes:
      
         - delete the netx-serial driver as the arch has been removed, no need
           to keep the serial driver for it around either.
      
         - vt console_lock fix to resolve a reported noisy warning at runtime
      
        Both of these have been in linux-next with no reported issues"
      
      * tag 'tty-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        vt: Grab console_lock around con_is_bound in show_bind
        tty: serial: netx: Delete driver
      572782b2
    • Linus Torvalds's avatar
      Merge tag 'spdx-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx · ad28fd1c
      Linus Torvalds authored
      Pull SPDX fixes from Greg KH:
       "Here are some small SPDX fixes for 5.3-rc2 for things that came in
        during the 5.3-rc1 merge window that we previously missed.
      
        Only three small patches here:
      
         - two uapi patches to resolve some SPDX tags that were not correct
      
         - fix an invalid SPDX tag in the iomap Makefile file
      
        All have been properly reviewed on the public mailing lists"
      
      * tag 'spdx-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx:
        iomap: fix Invalid License ID
        treewide: remove SPDX "WITH Linux-syscall-note" from kernel-space headers again
        treewide: add "WITH Linux-syscall-note" to SPDX tag of uapi headers
      ad28fd1c
    • Linus Torvalds's avatar
      Merge tag 'usb-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 29af915c
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some small fixes for 5.3-rc2. All of these resolve some
        reported issues, some more than others :)
      
        Included in here is:
      
         - xhci fix for an annoying issue with odd devices
      
         - reversion of some usb251xb patches that should not have been merged
      
         - usb pci quirk additions and fixups
      
         - usb storage fix
      
         - usb host controller error test fix
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        xhci: Fix crash if scatter gather is used with Immediate Data Transfer (IDT).
        usb: usb251xb: Reallow swap-dx-lanes to apply to the upstream port
        Revert "usb: usb251xb: Add US port lanes inversion property"
        Revert "usb: usb251xb: Add US lanes inversion dts-bindings"
        usb: wusbcore: fix unbalanced get/put cluster_id
        usb/hcd: Fix a NULL vs IS_ERR() bug in usb_hcd_setup_local_mem()
        usb-storage: Add a limitation for blk_queue_max_hw_sectors()
        usb: pci-quirks: Minor cleanup for AMD PLL quirk
        usb: pci-quirks: Correct AMD PLL quirk detection
      29af915c
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 5bb575bc
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "Here's the first batch of fixes for this release cycle.
      
        Main diffstat here is the re-deletion of netx. I messed up and most
        likely didn't remove the files from the index when I test-merged this
        and saw conflicts, and from there on out 'git rerere' remembered the
        mistake and I missed checking it. Here it's done again as expected.
      
        Besides that:
      
         - A defconfig refresh + enabling of new drivers for u8500
      
         - i.MX fixlets for i2c/SAI/pinmux
      
         - sleep.S build fix for Davinci
      
         - Broadcom devicetree build/warning fix"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        ARM: defconfig: u8500: Add new drivers
        ARM: defconfig: u8500: Refresh defconfig
        ARM: dts: bcm: bcm47094: add missing #cells for mdio-bus-mux
        ARM: davinci: fix sleep.S build error on ARMv4
        arm64: dts: imx8mq: fix SAI compatible
        arm64: dts: imx8mm: Correct SAI3 RXC/TXFS pin's mux option #1
        ARM: dts: imx6ul: fix clock frequency property name of I2C buses
        ARM: Delete netx a second time
        ARM: dts: imx7ulp: Fix usb-phy unit address format
      5bb575bc
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a9815a4f
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A set of x86 fixes and functional updates:
      
         - Prevent stale huge I/O TLB mappings on 32bit. A long standing bug
           which got exposed by KPTI support for 32bit
      
         - Prevent bogus access_ok() warnings in arch_stack_walk_user()
      
         - Add display quirks for Lenovo devices which have height and width
           swapped
      
         - Add the missing CR2 fixup for 32 bit async pagefaults. Fallout of
           the CR2 bug fix series.
      
         - Unbreak handling of force enabled HPET by moving the 'is HPET
           counting' check back to the original place.
      
         - A more accurate check for running on a hypervisor platform in the
           MDS mitigation code. Not perfect, but more accurate than the
           previous one.
      
         - Update a stale and confusing comment vs. IRQ stacks"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/speculation/mds: Apply more accurate check on hypervisor platform
        x86/hpet: Undo the early counter is counting check
        x86/entry/32: Pass cr2 to do_async_page_fault()
        x86/irq/64: Update stale comment
        x86/sysfb_efi: Add quirks for some devices with swapped width and height
        x86/stacktrace: Prevent access_ok() warnings in arch_stack_walk_user()
        mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
        x86/mm: Sync also unmappings in vmalloc_sync_all()
        x86/mm: Check for pfn instead of page in vmalloc_sync_one()
      a9815a4f
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e24ce84e
      Linus Torvalds authored
      Pull scheduler fixes from Thomas Gleixner:
       "Two fixes for the fair scheduling class:
      
         - Prevent freeing memory which is accessible by concurrent readers
      
         - Make the RCU annotations for numa groups consistent"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/fair: Use RCU accessors consistently for ->numa_group
        sched/fair: Don't free p->numa_faults with concurrent readers
      e24ce84e
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 750991f9
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
       "A pile of perf related fixes:
      
        Kernel:
         - Fix SLOTS PEBS event constraints for Icelake CPUs
      
         - Add the missing mask bit to allow counting hardware generated
           prefetches on L3 for Icelake CPUs
      
         - Make the test for hypervisor platforms more accurate (as far as
           possible)
      
         - Handle PMUs correctly which override event->cpu
      
         - Yet another missing fallthrough annotation
      
        Tools:
           perf.data:
              - Fix loading of compressed data split across adjacent records
              - Fix buffer size setting for processing CPU topology perf.data
                header.
      
           perf stat:
              - Fix segfault for event group in repeat mode
              - Always separate "stalled cycles per insn" line, it was being
                appended to the "instructions" line.
      
           perf script:
              - Fix --max-blocks man page description.
              - Improve man page description of metrics.
              - Fix off by one in brstackinsn IPC computation.
      
           perf probe:
              - Avoid calling freeing routine multiple times for same pointer.
      
           perf build:
              - Do not use -Wshadow on gcc < 4.8, avoiding too strict warnings
                treated as errors, breaking the build"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/intel: Mark expected switch fall-throughs
        perf/core: Fix creating kernel counters for PMUs that override event->cpu
        perf/x86: Apply more accurate check on hypervisor platform
        perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x register
        perf/x86/intel: Fix SLOTS PEBS event constraint
        perf build: Do not use -Wshadow on gcc < 4.8
        perf probe: Avoid calling freeing routine multiple times for same pointer
        perf probe: Set pev->nargs to zero after freeing pev->args entries
        perf session: Fix loading of compressed data split across adjacent records
        perf stat: Always separate stalled cycles per insn
        perf stat: Fix segfault for event group in repeat mode
        perf tools: Fix proper buffer size for feature processing
        perf script: Fix off by one in brstackinsn IPC computation
        perf script: Improve man page description of metrics
        perf script: Fix --max-blocks man page description
      750991f9
    • Linus Torvalds's avatar
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 431f288e
      Linus Torvalds authored
      Pull locking fixes from Thomas Gleixner:
       "A set of locking fixes:
      
         - Address the fallout of the rwsem rework. Missing ACQUIREs and a
           sanity check to prevent a use-after-free
      
         - Add missing checks for unitialized mutexes when mutex debugging is
           enabled.
      
         - Remove the bogus code in the generic SMP variant of
           arch_futex_atomic_op_inuser()
      
         - Fixup the #ifdeffery in lockdep to prevent compile warnings"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/mutex: Test for initialized mutex
        locking/lockdep: Clean up #ifdef checks
        locking/lockdep: Hide unused 'class' variable
        locking/rwsem: Add ACQUIRE comments
        tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
        lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop
        locking/rwsem: Add missing ACQUIRE to read_slowpath exit when queue is empty
        locking/rwsem: Don't call owner_on_cpu() on read-owner
        futex: Cleanup generic SMP variant of arch_futex_atomic_op_inuser()
      431f288e
    • Linus Torvalds's avatar
      Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 13fbe991
      Linus Torvalds authored
      Pull objtool fix from Thomas Gleixner:
       "A single robustness fix for objtool to handle unbalanced CLAC
        invocations under all circumstances"
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        objtool: Improve UACCESS coverage
      13fbe991
  10. 27 Jul, 2019 10 commits
    • Linus Torvalds's avatar
      Merge tag 'Wimplicit-fallthrough-5.3-rc2' of... · 88c50834
      Linus Torvalds authored
      Merge tag 'Wimplicit-fallthrough-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux
      
      Pull Wimplicit-fallthrough enablement from Gustavo A. R. Silva:
       "This marks switch cases where we are expecting to fall through, and
        globally enables the -Wimplicit-fallthrough option in the main
        Makefile.
      
        Finally, some missing-break fixes that have been tagged for -stable:
      
         - drm/amdkfd: Fix missing break in switch statement
      
         - drm/amdgpu/gfx10: Fix missing break in switch statement
      
        With these changes, we completely get rid of all the fall-through
        warnings in the kernel"
      
      * tag 'Wimplicit-fallthrough-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux:
        Makefile: Globally enable fall-through warning
        drm/i915: Mark expected switch fall-throughs
        drm/amd/display: Mark expected switch fall-throughs
        drm/amdkfd/kfd_mqd_manager_v10: Avoid fall-through warning
        drm/amdgpu/gfx10: Fix missing break in switch statement
        drm/amdkfd: Fix missing break in switch statement
        perf/x86/intel: Mark expected switch fall-throughs
        mtd: onenand_base: Mark expected switch fall-through
        afs: fsclient: Mark expected switch fall-throughs
        afs: yfsclient: Mark expected switch fall-throughs
        can: mark expected switch fall-throughs
        firewire: mark expected switch fall-throughs
      88c50834
    • Linus Torvalds's avatar
      Merge tag 's390-5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 43e317c1
      Linus Torvalds authored
      Pull s390 updates from Heiko Carstens:
      
       - Add ABI to kernel image file which allows e.g. the file utility to
         figure out the kernel version.
      
       - Wire up clone3 system call.
      
       - Add support for kasan bitops instrumentation.
      
       - uapi header cleanup: use __u{16,32,64} instead of uint{16,32,64}_t.
      
       - Provide proper ARCH_ZONE_DMA_BITS so the s390 DMA zone is correctly
         defined with 2 GB instead of the default value of 1 MB.
      
       - Farhan Ali leaves the group of vfio-ccw maintainers.
      
       - Various small vfio-ccw fixes.
      
       - Add missing locking for airq_areas array in virtio code.
      
       - Minor qdio improvements.
      
      * tag 's390-5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        MAINTAINERS: vfio-ccw: Remove myself as the maintainer
        s390/mm: use shared variables for sysctl range check
        virtio/s390: fix race on airq_areas[]
        s390/dma: provide proper ARCH_ZONE_DMA_BITS value
        s390/kasan: add bitops instrumentation
        s390/bitops: make test functions return bool
        s390: wire up clone3 system call
        kbuild: enable arch/s390/include/uapi/asm/zcrypt.h for uapi header test
        s390: use __u{16,32,64} instead of uint{16,32,64}_t in uapi header
        s390/hypfs: fix a typo in the name of a function
        s390/qdio: restrict QAOB usage to IQD unicast queues
        s390/qdio: add sanity checks to the fast-requeue path
        s390: enable detection of kernel version from bzImage
        Documentation: fix vfio-ccw doc
        vfio-ccw: Update documentation for csch/hsch
        vfio-ccw: Don't call cp_free if we are processing a channel program
        vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
        vfio-ccw: Fix memory leak and don't call cp_free in cp_init
        vfio-ccw: Fix misleading comment when setting orb.cmd.c64
      43e317c1
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 5efbd937
      Linus Torvalds authored
      Pull Devicetree fixes from Rob Herring:
       "The nvmem changes would typically go thru Greg's tree, but they were
        missed in the merge window. [ Acked by Greg ]
      
        Summary:
      
         - Fix mismatches in $id values and actual filenames. Now checked by
           tools.
      
         - Convert nvmem binding to DT schema
      
         - Fix a typo in of_property_read_bool() kerneldoc
      
         - Remove some redundant description in al-fic interrupt-controller"
      
      * tag 'devicetree-fixes-for-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        dt-bindings: Fix more $id value mismatches filenames
        dt-bindings: nvmem: SID: Fix the examples node names
        dt-bindings: nvmem: Add YAML schemas for the generic NVMEM bindings
        of: Fix typo in kerneldoc
        dt-bindings: interrupt-controller: al-fic: remove redundant binding
        dt-bindings: clk: allwinner,sun4i-a10-ccu: Correct path in $id
      5efbd937
    • Linus Torvalds's avatar
      Merge tag 'libnvdimm-fixes-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 523634db
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
       "A collection of locking and async operations fixes for v5.3-rc2. These
        had been soaking in a branch targeting the merge window, but missed
        due to a regression hunt. This fixed up version has otherwise been in
        -next this past week with no reported issues.
      
        In order to gain confidence in the locking changes the pull also
        includes a debug / instrumentation patch to enable lockdep coverage
        for libnvdimm subsystem operations that depend on the device_lock for
        exclusion. As mentioned in the changelog it is a hack, but it works
        and documents the locking expectations of the sub-system in a way that
        others can use lockdep to verify. The driver core touches got an ack
        from Greg.
      
        Summary:
      
         - Fix duplicate device_unregister() calls (multiple threads competing
           to do unregister work when scheduling device removal from a sysfs
           attribute of the self-same device).
      
         - Fix badblocks registration order bug. Ensure region badblocks are
           initialized in advance of namespace registration.
      
         - Fix a deadlock between the bus lock and probe operations.
      
         - Export device-core infrastructure to coordinate async operations
           via the device ->dead state.
      
         - Add device-core infrastructure to validate device_lock() usage with
           lockdep"
      
      * tag 'libnvdimm-fixes-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        driver-core, libnvdimm: Let device subsystems add local lockdep coverage
        libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
        libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
        libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
        libnvdimm/region: Register badblocks before namespaces
        libnvdimm/bus: Prevent duplicate device_unregister() calls
        drivers/base: Introduce kill_device()
      523634db
    • Masahiro Yamada's avatar
      kbuild: remove unused single-used-m · b25e8a23
      Masahiro Yamada authored
      This is unused since commit 9f69a496 ("kbuild: split out *.mod out
      of {single,multi}-used-m rules").
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      b25e8a23
    • Masahiro Yamada's avatar
      gen_compile_commands: lower the entry count threshold · cb36955a
      Masahiro Yamada authored
      Running gen_compile_commands.py after building the kernel with
      allnoconfig gave this:
      
      $ ./scripts/gen_compile_commands.py
      WARNING: Found 449 entries. Have you compiled the kernel?
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      cb36955a
    • Toru Komatsu's avatar
      .gitignore: Add compilation database file · 26c4c71b
      Toru Komatsu authored
      This file is used by clangd to use language server protocol.
      It can be generated at each compile using scripts/gen_compile_commands.py.
      Therefore it is different depending on the environment and should be
      ignored.
      Signed-off-by: default avatarToru Komatsu <k0ma@utam0k.jp>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      26c4c71b
    • Masahiro Yamada's avatar
      kbuild: remove unused objectify macro · b2eff092
      Masahiro Yamada authored
      Commit 415008af ("docs-rst: convert lsm from DocBook to ReST")
      removed the last users of this macro.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      b2eff092
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20190726-2' of git://git.kernel.dk/linux-block · 5168afe6
      Linus Torvalds authored
      Pull block DMA segment fix from Jens Axboe:
       "Here's the virtual boundary segment size fix"
      
      * tag 'for-linus-20190726-2' of git://git.kernel.dk/linux-block:
        block: fix max segment size handling in blk_queue_virt_boundary
      5168afe6
    • Linus Torvalds's avatar
      Merge tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux · 40233e7c
      Linus Torvalds authored
      Pull selinux fix from Paul Moore:
       "One small SELinux patch to add some proper bounds/overflow checking
        when adding a new sid/secid"
      
      * tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
        selinux: check sidtab limit before adding a new entry
      40233e7c