1. 08 Feb, 2019 2 commits
    • Thomas Gleixner's avatar
      futex: Handle early deadlock return correctly · 1a1fb985
      Thomas Gleixner authored
      commit 56222b21 ("futex: Drop hb->lock before enqueueing on the
      rtmutex") changed the locking rules in the futex code so that the hash
      bucket lock is not longer held while the waiter is enqueued into the
      rtmutex wait list. This made the lock and the unlock path symmetric, but
      unfortunately the possible early exit from __rt_mutex_proxy_start() due to
      a detected deadlock was not updated accordingly. That allows a concurrent
      unlocker to observe inconsitent state which triggers the warning in the
      unlock path.
      
      futex_lock_pi()                         futex_unlock_pi()
        lock(hb->lock)
        queue(hb_waiter)				lock(hb->lock)
        lock(rtmutex->wait_lock)
        unlock(hb->lock)
                                              // acquired hb->lock
                                              hb_waiter = futex_top_waiter()
                                              lock(rtmutex->wait_lock)
        __rt_mutex_proxy_start()
           ---> fail
                remove(rtmutex_waiter);
           ---> returns -EDEADLOCK
        unlock(rtmutex->wait_lock)
                                              // acquired wait_lock
                                              wake_futex_pi()
                                              rt_mutex_next_owner()
      					  --> returns NULL
                                                --> WARN
      
        lock(hb->lock)
        unqueue(hb_waiter)
      
      The problem is caused by the remove(rtmutex_waiter) in the failure case of
      __rt_mutex_proxy_start() as this lets the unlocker observe a waiter in the
      hash bucket but no waiter on the rtmutex, i.e. inconsistent state.
      
      The original commit handles this correctly for the other early return cases
      (timeout, signal) by delaying the removal of the rtmutex waiter until the
      returning task reacquired the hash bucket lock.
      
      Treat the failure case of __rt_mutex_proxy_start() in the same way and let
      the existing cleanup code handle the eventual handover of the rtmutex
      gracefully. The regular rt_mutex_proxy_start() gains the rtmutex waiter
      removal for the failure case, so that the other callsites are still
      operating correctly.
      
      Add proper comments to the code so all these details are fully documented.
      
      Thanks to Peter for helping with the analysis and writing the really
      valuable code comments.
      
      Fixes: 56222b21 ("futex: Drop hb->lock before enqueueing on the rtmutex")
      Reported-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Co-developed-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Signed-off-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Tested-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: linux-s390@vger.kernel.org
      Cc: Stefan Liebler <stli@linux.ibm.com>
      Cc: Sebastian Sewior <bigeasy@linutronix.de>
      Cc: stable@vger.kernel.org
      Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1901292311410.1950@nanos.tec.linutronix.de
      1a1fb985
    • Davidlohr Bueso's avatar
      futex: Fix barrier comment · 6f568ebe
      Davidlohr Bueso authored
      The current comment for the barrier that guarantees that waiter increment
      is always before taking the hb spinlock (barrier (A)) needs to be fixed as
      it is misplaced.
      
      This is obviously referring to hb_waiters_inc, which is a full barrier.
      Reported-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Signed-off-by: default avatarDavidlohr Bueso <dbueso@suse.de>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Link: https://lkml.kernel.org/r/20190206185602.949-1-dave@stgolabs.net
      6f568ebe
  2. 07 Feb, 2019 13 commits
  3. 06 Feb, 2019 5 commits
    • Mike Snitzer's avatar
      dm: don't use bio_trim() afterall · fa8db494
      Mike Snitzer authored
      bio_trim() has an early return, which makes it _not_ idempotent, if the
      offset is 0 and the bio's bi_size already matches the requested size.
      Prior to DM, all users of bio_trim() were fine with this.  But DM has
      exposed the fact that bio_trim()'s early return is incompatible with a
      cloned bio whose integrity payload must be trimmed via
      bio_integrity_trim().
      
      Fix this by reverting DM back to doing the equivalent of bio_trim() but
      in an idempotent manner (so bio_integrity_trim is always performed).
      
      Follow-on work is needed to assess what benefit bio_trim()'s early
      return is providing to its existing callers.
      Reported-by: default avatarMilan Broz <gmazyland@gmail.com>
      Fixes: 57c36519 ("dm: fix clone_bio() to trigger blk_recount_segments()")
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      fa8db494
    • Mikulas Patocka's avatar
      dm: add memory barrier before waitqueue_active · 645efa84
      Mikulas Patocka authored
      Block core changes to switch bio-based IO accounting to be percpu had a
      side-effect of altering DM core to now rely on calling waitqueue_active
      (in both bio-based and request-based) to check if another task is in
      dm_wait_for_completion().
      
      A memory barrier is needed before calling waitqueue_active().  DM core
      doesn't piggyback on a preceding memory barrier so it must explicitly
      use its own.
      
      For more details on why using waitqueue_active() without a preceding
      barrier is unsafe, please see the comment before the waitqueue_active()
      definition in include/linux/wait.h.
      
      Add the missing memory barrier by switching to using wq_has_sleeper().
      
      Fixes: 6f757231 ("dm: remove the pending IO accounting")
      Fixes: c4576aed ("dm: fix request-based dm's use of dm_wait_for_completion")
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      645efa84
    • Chuck Lever's avatar
      svcrdma: Remove max_sge check at connect time · e248aa7b
      Chuck Lever authored
      Two and a half years ago, the client was changed to use gathered
      Send for larger inline messages, in commit 655fec69 ("xprtrdma:
      Use gathered Send for large inline messages"). Several fixes were
      required because there are a few in-kernel device drivers whose
      max_sge is 3, and these were broken by the change.
      
      Apparently my memory is going, because some time later, I submitted
      commit 25fd86ec ("svcrdma: Don't overrun the SGE array in
      svc_rdma_send_ctxt"), and after that, commit f3c1fd0e ("svcrdma:
      Reduce max_send_sges"). These too incorrectly assumed in-kernel
      device drivers would have more than a few Send SGEs available.
      
      The fix for the server side is not the same. This is because the
      fundamental problem on the server is that, whether or not the client
      has provisioned a chunk for the RPC reply, the server must squeeze
      even the most complex RPC replies into a single RDMA Send. Failing
      in the send path because of Send SGE exhaustion should never be an
      option.
      
      Therefore, instead of failing when the send path runs out of SGEs,
      switch to using a bounce buffer mechanism to handle RPC replies that
      are too complex for the device to send directly. That allows us to
      remove the max_sge check to enable drivers with small max_sge to
      work again.
      Reported-by: default avatarDon Dutile <ddutile@redhat.com>
      Fixes: 25fd86ec ("svcrdma: Don't overrun the SGE array in ...")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      e248aa7b
    • Trond Myklebust's avatar
      nfsd: Fix error return values for nfsd4_clone_file_range() · e3fdc89c
      Trond Myklebust authored
      If the parameter 'count' is non-zero, nfsd4_clone_file_range() will
      currently clobber all errors returned by vfs_clone_file_range() and
      replace them with EINVAL.
      
      Fixes: 42ec3d4c ("vfs: make remap_file_range functions take and...")
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      Cc: stable@vger.kernel.org # v4.20+
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      e3fdc89c
    • Takashi Iwai's avatar
      ALSA: hda/ca0132 - Fix build error without CONFIG_PCI · c97617a8
      Takashi Iwai authored
      A call of pci_iounmap() call without CONFIG_PCI leads to a build error
      on some architectures.  We tried to address this and add a check of
      IS_ENABLED(CONFIG_PCI), but this still doesn't seem enough for sh.
      Ideally we should fix it globally, it's really a corner case, so let's
      paper over it with a simpler ifdef.
      
      Fixes: 1e73359a ("ALSA: hda/ca0132 - make pci_iounmap() call conditional")
      Reported-by: default avatarKuninori Morimoto <kuninori.morimoto.gx@renesas.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      c97617a8
  4. 05 Feb, 2019 3 commits
    • Charles Keepax's avatar
      ALSA: compress: Fix stop handling on compressed capture streams · 4f2ab5e1
      Charles Keepax authored
      It is normal user behaviour to start, stop, then start a stream
      again without closing it. Currently this works for compressed
      playback streams but not capture ones.
      
      The states on a compressed capture stream go directly from OPEN to
      PREPARED, unlike a playback stream which moves to SETUP and waits
      for a write of data before moving to PREPARED. Currently however,
      when a stop is sent the state is set to SETUP for both types of
      streams. This leaves a capture stream in the situation where a new
      start can't be sent as that requires the state to be PREPARED and
      a new set_params can't be sent as that requires the state to be
      OPEN. The only option being to close the stream, and then reopen.
      
      Correct this issues by allowing snd_compr_drain_notify to set the
      state depending on the stream direction, as we already do in
      set_params.
      
      Fixes: 49bb6402 ("ALSA: compress_core: Add support for capture streams")
      Signed-off-by: default avatarCharles Keepax <ckeepax@opensource.cirrus.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      4f2ab5e1
    • Michael S. Tsirkin's avatar
      virtio: drop internal struct from UAPI · 9c0644ee
      Michael S. Tsirkin authored
      There's no reason to expose struct vring_packed in UAPI - if we do we
      won't be able to change or drop it, and it's not part of any interface.
      
      Let's move it to virtio_ring.c
      
      Cc: Tiwei Bie <tiwei.bie@intel.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      9c0644ee
    • Udo Eberhardt's avatar
      ALSA: usb-audio: Add support for new T+A USB DAC · 3bff2407
      Udo Eberhardt authored
      This patch adds the T+A VID to the generic check in order to enable
      native DSD support for T+A devices. This works with the new T+A USB
      DAC model SD3100HV and will also work with future devices which
      support the XMOS/Thesycon style DSD format.
      Signed-off-by: default avatarUdo Eberhardt <udo.eberhardt@thesycon.de>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      3bff2407
  5. 03 Feb, 2019 6 commits
    • Linus Torvalds's avatar
      Linux 5.0-rc5 · 8834f560
      Linus Torvalds authored
      8834f560
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 24b888d8
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A few updates for x86:
      
         - Fix an unintended sign extension issue in the fault handling code
      
         - Rename the new resource control config switch so it's less
           confusing
      
         - Avoid setting up EFI info in kexec when the EFI runtime is
           disabled.
      
         - Fix the microcode version check in the AMD microcode loader so it
           only loads higher version numbers and never downgrades
      
         - Set EFER.LME in the 32bit trampoline before returning to long mode
           to handle older AMD/KVM behaviour properly.
      
         - Add Darren and Andy as x86/platform reviewers"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/resctrl: Avoid confusion over the new X86_RESCTRL config
        x86/kexec: Don't setup EFI info if EFI runtime is not enabled
        x86/microcode/amd: Don't falsely trick the late loading mechanism
        MAINTAINERS: Add Andy and Darren as arch/x86/platform/ reviewers
        x86/fault: Fix sign-extend unintended sign extension
        x86/boot/compressed/64: Set EFER.LME=1 in 32-bit trampoline before returning to long mode
        x86/cpu: Add Atom Tremont (Jacobsville)
      24b888d8
    • Linus Torvalds's avatar
      Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · cc6810e3
      Linus Torvalds authored
      Pull cpu hotplug fixes from Thomas Gleixner:
       "Two fixes for the cpu hotplug machinery:
      
         - Replace the overly clever 'SMT disabled by BIOS' detection logic as
           it breaks KVM scenarios and prevents speculation control updates
           when the Hyperthreads are brought online late after boot.
      
         - Remove a redundant invocation of the speculation control update
           function"
      
      * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM
        x86/speculation: Remove redundant arch_smt_update() invocation
      cc6810e3
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 58f6d428
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
       "A pile of perf updates:
      
         - Fix broken sanity check in the /proc/sys/kernel/perf_cpu_time_max_percent
           write handler
      
         - Cure a perf script crash which caused by an unitinialized data
           structure
      
         - Highlight the hottest instruction in perf top and not a random one
      
         - Cure yet another clang issue when building perf python
      
         - Handle topology entries with no CPU correctly in the tools
      
         - Handle perf data which contains both tracepoints and performance
           counter entries correctly.
      
         - Add a missing NULL pointer check in perf ordered_events_free()"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf script: Fix crash when processing recorded stat data
        perf top: Fix wrong hottest instruction highlighted
        perf tools: Handle TOPOLOGY headers with no CPU
        perf python: Remove -fstack-clash-protection when building with some clang versions
        perf core: Fix perf_proc_update_handler() bug
        perf script: Fix crash with printing mixed trace point and other events
        perf ordered_events: Fix crash in ordered_events__free
      58f6d428
    • Linus Torvalds's avatar
      Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 89401be6
      Linus Torvalds authored
      Pull EFI fix from Thomas Gleixner:
       "The dump info for the efi page table debugging lacks a terminator
        which causes the kernel to crash when the debugfile is read"
      
      * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        efi/arm64: Fix debugfs crash by adding a terminator for ptdump marker
      89401be6
    • Linus Torvalds's avatar
      Merge tag 'for-5.0-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 312b3a93
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
      
       - regression fix: transaction commit can run away due to delayed ref
         waiting heuristic, this is not necessary now because of the proper
         reservation mechanism introduced in 5.0
      
       - regression fix: potential crash due to use-before-check of an ERR_PTR
         return value
      
       - fix for transaction abort during transaction commit that needs to
         properly clean up pending block groups
      
       - fix deadlock during b-tree node/leaf splitting, when this happens on
         some of the fundamental trees, we must prevent new tree block
         allocation to re-enter indirectly via the block group flushing path
      
       - potential memory leak after errors during mount
      
      * tag 'for-5.0-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: On error always free subvol_name in btrfs_mount
        btrfs: clean up pending block groups when transaction commit aborts
        btrfs: fix potential oops in device_list_add
        btrfs: don't end the transaction for delayed refs in throttle
        Btrfs: fix deadlock when allocating tree block during leaf/node split
      312b3a93
  6. 02 Feb, 2019 11 commits
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-5.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 12491ed3
      Linus Torvalds authored
      Pull Devicetree fix from Rob Herring:
       "A single fix for building DT bindings in-tree"
      
      * tag 'devicetree-fixes-for-5.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        dt-bindings: Fix dt_binding_check target for in tree builds
      12491ed3
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-5.0-rc5' of... · 74b13e7e
      Linus Torvalds authored
      Merge tag 'riscv-for-linus-5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
      
      Pull RISC-V fixes from Palmer Dabbelt:
       "This contains a handful of mostly-independent patches:
      
         - make our port respect TIF_NEED_RESCHED, which fixes
           CONFIG_PREEMPT=y kernels
      
         - fix double-put of OF nodes
      
         - fix a misspelling of target in our Kconfig
      
         - generic PCIe is enabled in our defconfig
      
         - fix our SBI early console to properly handle line
           endings
      
         - fix max_low_pfn being counted in PFNs
      
         - a change to TASK_UNMAPPED_BASE to match what other
           arches do
      
        This has passed my standard 'boot Fedora' flow"
      
      * tag 'riscv-for-linus-5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
        riscv: Adjust mmap base address at a third of task size
        riscv: fixup max_low_pfn with PFN_DOWN.
        tty/serial: use uart_console_write in the RISC-V SBL early console
        RISC-V: defconfig: Add CRYPTO_DEV_VIRTIO=y
        RISC-V: defconfig: Enable Generic PCIE by default
        RISC-V: defconfig: Move CONFIG_PCI{,E_XILINX}
        RISC-V: Kconfig: fix spelling mistake "traget" -> "target"
        RISC-V: asm/page.h: fix spelling mistake "CONFIG_64BITS" -> "CONFIG_64BIT"
        RISC-V: fix bad use of of_node_put
        RISC-V: Add _TIF_NEED_RESCHED check for kernel thread when CONFIG_PREEMPT=y
      74b13e7e
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20190202' of git://git.kernel.dk/linux-block · c8864cb7
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A few fixes that should go into this release. This contains:
      
         - MD pull request from Song, fixing a recovery OOM issue (Alexei)
      
         - Fix for a sync related stall (Jianchao)
      
         - Dummy callback for timeouts (Tetsuo)
      
         - IDE atapi sense ordering fix (me)"
      
      * tag 'for-linus-20190202' of git://git.kernel.dk/linux-block:
        ide: ensure atapi sense request aren't preempted
        blk-mq: fix a hung issue when fsync
        block: pass no-op callback to INIT_WORK().
        md/raid5: fix 'out of memory' during raid cache recovery
      c8864cb7
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 3cde55ee
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Five minor bug fixes.
      
        The libfc one is a tiny memory leak, the zfcp one is an incorrect user
        visible parameter and the rest are on error legs or obscure features"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
        scsi: bnx2fc: Fix error handling in probe()
        scsi: scsi_debug: fix write_same with virtual_gb problem
        scsi: libfc: free skb when receiving invalid flogi resp
        scsi: zfcp: fix sysfs block queue limit output for max_segment_size
      3cde55ee
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · b9de6efe
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "24 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (24 commits)
        autofs: fix error return in autofs_fill_super()
        autofs: drop dentry reference only when it is never used
        fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
        mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
        psi: clarify the Kconfig text for the default-disable option
        mm, memory_hotplug: __offline_pages fix wrong locking
        mm: hwpoison: use do_send_sig_info() instead of force_sig()
        kasan: mark file common so ftrace doesn't trace it
        init/Kconfig: fix grammar by moving a closing parenthesis
        lib/test_kmod.c: potential double free in error handling
        mm, oom: fix use-after-free in oom_kill_process
        mm/hotplug: invalid PFNs from pfn_to_online_page()
        mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages
        psi: fix aggregation idle shut-off
        mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
        mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
        oom, oom_reaper: do not enqueue same task twice
        mm: migrate: make buffer_migrate_page_norefs() actually succeed
        kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
        x86_64: increase stack size for KASAN_EXTRA
        ...
      b9de6efe
    • Qian Cai's avatar
      efi/arm64: Fix debugfs crash by adding a terminator for ptdump marker · 74c953ca
      Qian Cai authored
      When reading 'efi_page_tables' debugfs triggers an out-of-bounds access here:
      
        arch/arm64/mm/dump.c: 282
        if (addr >= st->marker[1].start_address) {
      
      called from:
      
        arch/arm64/mm/dump.c: 331
        note_page(st, addr, 2, pud_val(pud));
      
      because st->marker++ is is called after "UEFI runtime end" which is the
      last element in addr_marker[]. Therefore, add a terminator like the one
      for kernel_page_tables, so it can be skipped to print out non-existent
      markers.
      
      Here's the KASAN bug report:
      
        # cat /sys/kernel/debug/efi_page_tables
        ---[ UEFI runtime start ]---
        0x0000000020000000-0x0000000020010000          64K PTE       RW NX SHD AF ...
        0x0000000020200000-0x0000000021340000       17664K PTE       RW NX SHD AF ...
        ...
        0x0000000021920000-0x0000000021950000         192K PTE       RW x  SHD AF ...
        0x0000000021950000-0x00000000219a0000         320K PTE       RW NX SHD AF ...
        ---[ UEFI runtime end ]---
        ---[ (null) ]---
        ---[ (null) ]---
      
         BUG: KASAN: global-out-of-bounds in note_page+0x1f0/0xac0
         Read of size 8 at addr ffff2000123f2ac0 by task read_all/42464
         Call trace:
          dump_backtrace+0x0/0x298
          show_stack+0x24/0x30
          dump_stack+0xb0/0xdc
          print_address_description+0x64/0x2b0
          kasan_report+0x150/0x1a4
          __asan_report_load8_noabort+0x30/0x3c
          note_page+0x1f0/0xac0
          walk_pgd+0xb4/0x244
          ptdump_walk_pgd+0xec/0x140
          ptdump_show+0x40/0x50
          seq_read+0x3f8/0xad0
          full_proxy_read+0x9c/0xc0
          __vfs_read+0xfc/0x4c8
          vfs_read+0xec/0x208
          ksys_read+0xd0/0x15c
          __arm64_sys_read+0x84/0x94
          el0_svc_handler+0x258/0x304
          el0_svc+0x8/0xc
      
        The buggy address belongs to the variable:
         __compound_literal.0+0x20/0x800
      
        Memory state around the buggy address:
         ffff2000123f2980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         ffff2000123f2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
        >ffff2000123f2a80: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00
                                                  ^
         ffff2000123f2b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         ffff2000123f2b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
      
      [ ardb: fix up whitespace ]
      [ mingo: fix up some moar ]
      Signed-off-by: default avatarQian Cai <cai@lca.pw>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Fixes: 9d80448a ("efi/arm64: Add debugfs node to dump UEFI runtime page tables")
      Link: http://lkml.kernel.org/r/20190202095017.13799-2-ard.biesheuvel@linaro.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      74c953ca
    • Johannes Weiner's avatar
      x86/resctrl: Avoid confusion over the new X86_RESCTRL config · e6d42931
      Johannes Weiner authored
      "Resource Control" is a very broad term for this CPU feature, and a term
      that is also associated with containers, cgroups etc. This can easily
      cause confusion.
      
      Make the user prompt more specific. Match the config symbol name.
      
       [ bp: In the future, the corresponding ARM arch-specific code will be
         under ARM_CPU_RESCTRL and the arch-agnostic bits will be carved out
         under the CPU_RESCTRL umbrella symbol. ]
      Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: Babu Moger <Babu.Moger@amd.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Cc: linux-doc@vger.kernel.org
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Pu Wen <puwen@hygon.cn>
      Cc: Reinette Chatre <reinette.chatre@intel.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: x86-ml <x86@kernel.org>
      Link: https://lkml.kernel.org/r/20190130195621.GA30653@cmpxchg.org
      e6d42931
    • Linus Torvalds's avatar
      Merge tag 'xtensa-20190201' of git://github.com/jcmvbkbc/linux-xtensa · cd984a5b
      Linus Torvalds authored
      Pull xtensa fixes from Max Filippov:
      
       - fix ccount_timer_shutdown for secondary CPUs
      
       - fix secondary CPU initialization
      
       - fix secondary CPU reset vector clash with double exception vector
      
       - fix present CPUs when booting with 'maxcpus' parameter
      
       - limit possible CPUs by configured NR_CPUS
      
       - issue a warning if xtensa PIC is asked to retrigger anything other
         than software IRQ
      
       - fix masking/unmasking of the first two IRQs on xtensa MX PIC
      
       - fix typo in Kconfig description for user space unaligned access
         feature
      
       - fix Kconfig warning for selecting BUILTIN_DTB
      
      * tag 'xtensa-20190201' of git://github.com/jcmvbkbc/linux-xtensa:
        xtensa: SMP: limit number of possible CPUs by NR_CPUS
        xtensa: rename BUILTIN_DTB to BUILTIN_DTB_SOURCE
        xtensa: Fix typo use space=>user space
        drivers/irqchip: xtensa-mx: fix mask and unmask
        drivers/irqchip: xtensa: add warning to irq_retrigger
        xtensa: SMP: mark each possible CPU as present
        xtensa: smp_lx200_defconfig: fix vectors clash
        xtensa: SMP: fix secondary CPU initialization
        xtensa: SMP: fix ccount_timer_shutdown
      cd984a5b
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 8b050fe4
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "Although we're still debugging a few minor arm64-specific issues in
        mainline, I didn't want to hold this lot up in the meantime.
      
        We've got an additional KASLR fix after the previous one wasn't quite
        complete, a fix for a performance regression when mapping executable
        pages into userspace and some fixes for kprobe blacklisting. All
        candidates for stable.
      
        Summary:
      
         - Fix module loading when KASLR is configured but disabled at runtime
      
         - Fix accidental IPI when mapping user executable pages
      
         - Ensure hyp-stub and KVM world switch code cannot be kprobed"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: hibernate: Clean the __hyp_text to PoC after resume
        arm64: hyp-stub: Forbid kprobing of the hyp-stub
        arm64: kprobe: Always blacklist the KVM world-switch code
        arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
        arm64: Do not issue IPIs for user executable ptes
      8b050fe4
    • Linus Torvalds's avatar
      Merge tag '5.0-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 33640d71
      Linus Torvalds authored
      Pull smb3 fixes from Steve French:
       "SMB3 fixes, some from this week's SMB3 test evemt, 5 for stable and a
        particularly important one for queryxattr (see xfstests 70 and 117)"
      
      * tag '5.0-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: update internal module version number
        CIFS: fix use-after-free of the lease keys
        CIFS: Do not consider -ENODATA as stat failure for reads
        CIFS: Do not count -ENODATA as failure for query directory
        CIFS: Fix trace command logging for SMB2 reads and writes
        CIFS: Fix possible oops and memory leaks in async IO
        cifs: limit amount of data we request for xattrs to CIFSMaxBufSize
        cifs: fix computation for MAX_SMB2_HDR_SIZE
      33640d71
    • Linus Torvalds's avatar
      Merge tag 'apparmor-pr-2019-02-01' of... · b7bd29b5
      Linus Torvalds authored
      Merge tag 'apparmor-pr-2019-02-01' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
      
      Pull apparmor bug fixes from John Johansen:
       "Two bug fixes for apparmor:
      
         - Fix aa_label_build() error handling for failed merges
      
         - Fix warning about unused function apparmor_ipv6_postroute"
      
      * tag 'apparmor-pr-2019-02-01' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
        apparmor: Fix aa_label_build() error handling for failed merges
        apparmor: Fix warning about unused function apparmor_ipv6_postroute
      b7bd29b5