1. 10 Jan, 2019 6 commits
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-4.21-rc2-v2' of... · 4f548c25
      Linus Torvalds authored
      Merge tag 'riscv-for-linus-4.21-rc2-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
      
      Pull RISC-V updates from Palmer Dabbelt:
       "This tag contains a handful of updates that slipped through the cracks
        during the merge window due to the holidays. The fixes are mostly
        independent, with the exception of one larger audit-related branch.
      
        Core RISC-V updates:
      
         - The BSS has been moved, which shrinks flat images.
      
         - A fix to test-bpf so it compiles on RV64I-based systems.
      
         - A fix to respect the kernel commandline when there is no device
           tree.
      
         - A fix to prevent CPUs from trying to put themselves to sleep when
           bringing down the system.
      
         - Support for MODULE_SECTIONS on RV32I-based systems.
      
         - [new in v2] The addition of an SBI earlycon driver. This is
           definately a new feature, but I'd like to include it now because I
           dropped this patch when submitting the merge window PR that removed
           our EARLY_PRINTK support.
      
        RISC-V audit updates:
      
         - The addition of NR_syscalls into unistd.h, which is necessary for
           CONFIG_FTRACE_SYSCALLS.
      
         - The definition of CREATE_TRACE_POINTS so __tracepoint_sys_{enter,exit}
           get defined.
      
         - A fix for trace_sys_exit() so we can enable HAVE_SYSCALL_TRACEPOINTS
      
        As usual, I've tested this by booting a Fedora-based image on a recent
        QEMU (this time just whatever I had lying around).
      
      * tag 'riscv-for-linus-4.21-rc2-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
        tty/serial: Add RISC-V SBI earlycon support
        riscv: add HAVE_SYSCALL_TRACEPOINTS to Kconfig
        riscv: fix trace_sys_exit hook
        riscv: define CREATE_TRACE_POINTS in ptrace.c
        riscv: define NR_syscalls in unistd.h
        riscv: audit: add audit hook in do_syscall_trace_enter/exit()
        riscv: add audit support
        RISC-V: Support MODULE_SECTIONS mechanism on RV32
        MAINTAINERS: SiFive drivers: add myself as a SiFive driver maintainer
        MAINTAINERS: SiFive drivers: change the git tree to a SiFive git tree
        riscv: don't stop itself in smp_send_stop
        arch: riscv: support kernel command line forcing when no DTB passed
        tools uapi: fix RISC-V 64-bit support
        RISC-V: Make BSS section as the last section in vmlinux.lds.S
      4f548c25
    • Linus Torvalds's avatar
      Merge tag 'vfio-v5.0-rc2' of git://github.com/awilliam/linux-vfio · 1bdbe227
      Linus Torvalds authored
      Pull VFIO fixes from Alex Williamson:
      
       - Fix trace header include path for in-tree builds (Masahiro Yamada)
      
       - Fix overflow in unmap wrap-around test (Alex Williamson)
      
      * tag 'vfio-v5.0-rc2' of git://github.com/awilliam/linux-vfio:
        vfio/type1: Fix unmap overflow off-by-one
        vfio/pci: set TRACE_INCLUDE_PATH to fix the build error
      1bdbe227
    • Linus Torvalds's avatar
      Merge tag 'sound-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · f0ebbe9b
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A collection of small fixes for USB-audio, HD-audio and cs46xx.
      
        The USB-audio fixes are for out-of-bound accesses and a regression in
        the recent cleanup, while HD-audio fixes are usual device-specific
        quirks"
      
      * tag 'sound-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
        ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225
        ALSA: usb-audio: fix CM6206 register definitions
        ALSA: cs46xx: Potential NULL dereference in probe
        ALSA: hda/realtek - Support Dell headset mode for New AIO platform
        ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
        ALSA: usb-audio: Always check descriptor sizes in parser code
        ALSA: usb-audio: Check mixer unit descriptors more strictly
        ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
      f0ebbe9b
    • Linus Torvalds's avatar
      Merge tag 'mtd/fixes-for-5.0-rc2' of git://git.infradead.org/linux-mtd · e7446be4
      Linus Torvalds authored
      Pull mtd fixes from Boris Brezillon:
       "Core MTD Fixes:
      
         - Fix a bug introduced when exposing MTD devs as NVMEM providers and
           check for add_mtd_device() return code everywhere
      
        raw NAND fixes:
      
         - Fix a memory corruption in the QCOM driver"
      
      * tag 'mtd/fixes-for-5.0-rc2' of git://git.infradead.org/linux-mtd:
        mtd: rawnand: qcom: fix memory corruption that causes panic
        mtd: Check add_mtd_device() ret code
        mtd: Fix the check on nvmem_register() ret code
      e7446be4
    • Guo Ren's avatar
      csky: fixup compile error with CPU 810. · 70c25259
      Guo Ren authored
      This bug is from commit f553aa1c ("csky: fixup relocation error with
      807 & 860").
      
      I forgot to compile with 810 for that patch.
      Signed-off-by: default avatarGuo Ren <ren_guo@c-sky.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      70c25259
    • Sean Christopherson's avatar
      mm/mmu_notifier: mm/rmap.c: Fix a mmu_notifier range bug in try_to_unmap_one · ba422731
      Sean Christopherson authored
      The conversion to use a structure for mmu_notifier_invalidate_range_*()
      unintentionally changed the usage in try_to_unmap_one() to init the
      'struct mmu_notifier_range' with vma->vm_start instead of @address,
      i.e. it invalidates the wrong address range.  Revert to the correct
      address range.
      
      Manifests as KVM use-after-free WARNINGs and subsequent "BUG: Bad page
      state in process X" errors when reclaiming from a KVM guest due to KVM
      removing the wrong pages from its own mappings.
      
      Reported-by: leozinho29_eu@hotmail.com
      Reported-by: default avatarMike Galbraith <efault@gmx.de>
      Reported-and-tested-by: default avatarAdam Borowski <kilobyte@angband.pl>
      Reviewed-by: default avatarJérôme Glisse <jglisse@redhat.com>
      Reviewed-by: default avatarPankaj gupta <pagupta@redhat.com>
      Cc: Christian König <christian.koenig@amd.com>
      Cc: Jan Kara <jack@suse.cz>
      Cc: Matthew Wilcox <mawilcox@microsoft.com>
      Cc: Ross Zwisler <zwisler@kernel.org>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Felix Kuehling <felix.kuehling@amd.com>
      Cc: Ralph Campbell <rcampbell@nvidia.com>
      Cc: John Hubbard <jhubbard@nvidia.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Fixes: ac46d4f3 ("mm/mmu_notifier: use structure for invalidate_range_start/end calls v2")
      Signed-off-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ba422731
  2. 09 Jan, 2019 20 commits
  3. 08 Jan, 2019 10 commits
    • Amadeusz Sławiński's avatar
      ALSA: usb-audio: fix CM6206 register definitions · f5c9571e
      Amadeusz Sławiński authored
      fix typo after a recent commit causing headphones to have no sound
      
      Fixes: ad43d528 (ALSA: usb-audio: Define registers for CM6206)
      Signed-off-by: default avatarAmadeusz Sławiński <amade@asmblr.net>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      f5c9571e
    • David Herrmann's avatar
      fork: record start_time late · 7b558513
      David Herrmann authored
      This changes the fork(2) syscall to record the process start_time after
      initializing the basic task structure but still before making the new
      process visible to user-space.
      
      Technically, we could record the start_time anytime during fork(2).  But
      this might lead to scenarios where a start_time is recorded long before
      a process becomes visible to user-space.  For instance, with
      userfaultfd(2) and TLS, user-space can delay the execution of fork(2)
      for an indefinite amount of time (and will, if this causes network
      access, or similar).
      
      By recording the start_time late, it much closer reflects the point in
      time where the process becomes live and can be observed by other
      processes.
      
      Lastly, this makes it much harder for user-space to predict and control
      the start_time they get assigned.  Previously, user-space could fork a
      process and stall it in copy_thread_tls() before its pid is allocated,
      but after its start_time is recorded.  This can be misused to later-on
      cycle through PIDs and resume the stalled fork(2) yielding a process
      that has the same pid and start_time as a process that existed before.
      This can be used to circumvent security systems that identify processes
      by their pid+start_time combination.
      
      Even though user-space was always aware that start_time recording is
      flaky (but several projects are known to still rely on start_time-based
      identification), changing the start_time to be recorded late will help
      mitigate existing attacks and make it much harder for user-space to
      control the start_time a process gets assigned.
      Reported-by: default avatarJann Horn <jannh@google.com>
      Signed-off-by: default avatarTom Gundersen <teg@jklm.no>
      Signed-off-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7b558513
    • Alex Williamson's avatar
      vfio/type1: Fix unmap overflow off-by-one · 58fec830
      Alex Williamson authored
      The below referenced commit adds a test for integer overflow, but in
      doing so prevents the unmap ioctl from ever including the last page of
      the address space.  Subtract one to compare to the last address of the
      unmap to avoid the overflow and wrap-around.
      
      Fixes: 71a7d3d7 ("vfio/type1: silence integer overflow warning")
      Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291
      Cc: stable@vger.kernel.org # v4.15+
      Reported-by: default avatarPei Zhang <pezhang@redhat.com>
      Debugged-by: default avatarPeter Xu <peterx@redhat.com>
      Reviewed-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Reviewed-by: default avatarPeter Xu <peterx@redhat.com>
      Tested-by: default avatarPeter Xu <peterx@redhat.com>
      Reviewed-by: default avatarCornelia Huck <cohuck@redhat.com>
      Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
      58fec830
    • Guo Ren's avatar
      irqchip/csky: fixup handle_irq_perbit break irq · 56752b21
      Guo Ren authored
      The handle_irq_perbit function loop every bit in hwirq local variable.
      
      handle_irq_perbit(hwirq) {
        for_everyt_bit_in(hwirq) {
      	handle_domain_irq()
      		->irq_exit()
      		->invoke_softirq()
      		->__do_softirq()
      		->local_irq_enable() // Here will cause new interrupt.
        }
      }
      
      When new interrupt coming at local_irq_enable, it will finish another
      interrupt handler and pull down the interrupt source. But hwirq is the
      local variable for handle_irq_perbit(), it can't get new interrupt
      controller pending reg status. So we need update hwirq with pending reg
      in every loop.
      
      Also change write_relax to writel could prevent stw from fast retire.
      When local_irq is enabled, intc regs is really set-in.
      Signed-off-by: default avatarGuo Ren <ren_guo@c-sky.com>
      Cc: Lu Baoquan <lu.baoquan@intellif.com>
      56752b21
    • Guo Ren's avatar
      csky: fixup compile error with pte_alloc · 2a60aa14
      Guo Ren authored
      Commit: 4cf58924 remove the address argument of pte_alloc without
      modify csky related code. linux-5.0-rc1 compile failed with csky.
      
      Remove the unnecessary address testing in pte_alloc().
      Signed-off-by: default avatarGuo Ren <ren_guo@c-sky.com>
      Cc: Joel Fernandes (Google) <joel@joelfernandes.org>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      2a60aa14
    • Masahiro Yamada's avatar
      vfio/pci: set TRACE_INCLUDE_PATH to fix the build error · d1fc1176
      Masahiro Yamada authored
      drivers/vfio/pci/vfio_pci_nvlink2.c cannot be compiled for in-tree
      building.
      
          CC      drivers/vfio/pci/vfio_pci_nvlink2.o
        In file included from drivers/vfio/pci/trace.h:102,
                         from drivers/vfio/pci/vfio_pci_nvlink2.c:29:
        ./include/trace/define_trace.h:89:42: fatal error: ./trace.h: No such file or directory
         #include TRACE_INCLUDE(TRACE_INCLUDE_FILE)
                                                ^
        compilation terminated.
        make[1]: *** [scripts/Makefile.build;277: drivers/vfio/pci/vfio_pci_nvlink2.o] Error 1
      
      To fix the build error, let's tell include/trace/define_trace.h the
      location of drivers/vfio/pci/trace.h
      
      Fixes: 7f928917 ("vfio_pci: Add NVIDIA GV100GL [Tesla V100 SXM2] subdriver")
      Reported-by: default avatarLaura Abbott <labbott@redhat.com>
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Reviewed-by: default avatarCornelia Huck <cohuck@redhat.com>
      Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
      d1fc1176
    • Guo Ren's avatar
      csky: fixup CACHEV1 store instruction fast retire · 96354ad7
      Guo Ren authored
      For I/O access, 810/807 store instruction fast retire will cause wrong
      primitive. For example:
      
      	stw (clear interrupt source)
      	stw (unmask interrupt controller)
      	enable interrupt
      
      stw is fast retire instruction. When PC is run at enable interrupt
      stage, the clear interrupt source hasn't finished. It will cause another
      wrong irq-enter.
      
      So use mb() to prevent above.
      Signed-off-by: default avatarGuo Ren <ren_guo@c-sky.com>
      Cc: Lu Baoquan <lu.baoquan@intellif.com>
      96354ad7
    • Guo Ren's avatar
      csky: fixup relocation error with 807 & 860 · f553aa1c
      Guo Ren authored
      810 doesn't support jsri instruction and csky-as will leave
      jsri + nop for relocation. Module-probe need replace them with
      lrw + jsr.
      Signed-off-by: default avatarGuo Ren <ren_guo@c-sky.com>
      Cc: Hui Kai <huikai@acoinfo.com>
      f553aa1c
    • Christian Lamparter's avatar
      mtd: rawnand: qcom: fix memory corruption that causes panic · 81d9bdf5
      Christian Lamparter authored
      This patch fixes a memory corruption that occurred in the
      qcom-nandc driver since it was converted to nand_scan().
      
      On boot, an affected device will panic from a NPE at a weird place:
      | Unable to handle kernel NULL pointer dereference at virtual address 0
      | pgd = (ptrval)
      | [00000000] *pgd=00000000
      | Internal error: Oops: 80000005 [#1] SMP ARM
      | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.9 #0
      | Hardware name: Generic DT based system
      | PC is at   (null)
      | LR is at nand_block_isbad+0x90/0xa4
      | pc : [<00000000>]    lr : [<c0592240>]    psr: 80000013
      | sp : cf839d40  ip : 00000000  fp : cfae9e20
      | r10: cf815810  r9 : 00000000  r8 : 00000000
      | r7 : 00000000  r6 : 00000000  r5 : 00000001  r4 : cf815810
      | r3 : 00000000  r2 : cfae9810  r1 : ffffffff  r0 : cf815810
      | Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
      | Control: 10c5387d  Table: 8020406a  DAC: 00000051
      | Process swapper/0 (pid: 1, stack limit = 0x(ptrval))
      | [<c0592240>] (nand_block_isbad) from [<c0580a94>]
      | [<c0580a94>] (allocate_partition) from [<c05811e4>]
      | [<c05811e4>] (add_mtd_partitions) from [<c0581164>]
      | [<c0581164>] (parse_mtd_partitions) from [<c057def4>]
      | [<c057def4>] (mtd_device_parse_register) from [<c059d274>]
      | [<c059d274>] (qcom_nandc_probe) from [<c0567f00>]
      
      The problem is that the nand_scan()'s qcom_nand_attach_chip callback
      is updating the nandc->max_cwperpage from 1 to 4. This causes the
      sg_init_table of clear_bam_transaction() in the driver's
      qcom_nandc_block_bad() to memset much more than what was initially
      allocated by alloc_bam_transaction().
      
      This patch restores the old behavior by reallocating the shared bam
      transaction alloc_bam_transaction() after the chip was identified,
      but before mtd_device_parse_register() (which is an alias for
      mtd_device_register() - see panic) gets called. This fixes the
      corruption and the driver is working again.
      
      Cc: stable@vger.kernel.org
      Fixes: 6a3cec64 ("mtd: rawnand: qcom: convert driver to nand_scan()")
      Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Acked-by: default avatarMiquel Raynal <miquel.raynal@bootlin.com>
      Signed-off-by: default avatarBoris Brezillon <bbrezillon@kernel.org>
      81d9bdf5
    • Dan Carpenter's avatar
      ALSA: cs46xx: Potential NULL dereference in probe · 1524f4e4
      Dan Carpenter authored
      The "chip->dsp_spos_instance" can be NULL on some of the ealier error
      paths in snd_cs46xx_create().
      Reported-by: default avatar"Yavuz, Tuba" <tuba@ece.ufl.edu>
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      1524f4e4
  4. 07 Jan, 2019 4 commits
    • Palmer Dabbelt's avatar
      Fix a handful of audit-related issue · 80100942
      Palmer Dabbelt authored
      This is sort of a mix between a new feature and a bug fix.  I've managed
      to screw up merging this patch set a handful of times but I think it's
      OK this time around.  The main new feature here is audit support for
      RISC-V, with some fixes to audit-related bugs that cropped up along the
      way:
      
      * The addition of NR_syscalls into unistd.h, which is necessary for
        CONFIG_FTRACE_SYSCALLS.
      * The definition of CREATE_TRACE_POINTS so
        __tracepoint_sys_{enter,exit} get defined.
      * A fix for trace_sys_exit() so we can enable
        CONFIG_HAVE_SYSCALL_TRACEPOINTS.
      80100942
    • David Abdurachmanov's avatar
      riscv: add HAVE_SYSCALL_TRACEPOINTS to Kconfig · 5aeb1b36
      David Abdurachmanov authored
      I looked into Documentation/trace/ftrace-design.rst and, I think,
      we check all the boxes needed for HAVE_SYSCALL_TRACEPOINTS.
      Signed-off-by: default avatarDavid Abdurachmanov <david.abdurachmanov@gmail.com>
      Signed-off-by: default avatarPalmer Dabbelt <palmer@sifive.com>
      5aeb1b36
    • David Abdurachmanov's avatar
      riscv: fix trace_sys_exit hook · 775800b0
      David Abdurachmanov authored
      Fix compilation error.
      Signed-off-by: default avatarDavid Abdurachmanov <david.abdurachmanov@gmail.com>
      Signed-off-by: default avatarPalmer Dabbelt <palmer@sifive.com>
      775800b0
    • David Abdurachmanov's avatar
      riscv: define CREATE_TRACE_POINTS in ptrace.c · 008e901b
      David Abdurachmanov authored
      Define CREATE_TRACE_POINTS in order to create functions and structures
      for the trace events. This is needed if HAVE_SYSCALL_TRACEPOINTS and
      CONFIG_FTRACE_SYSCALLS are enabled, otherwise we get linking errors:
      
      [..]
        MODPOST vmlinux.o
      kernel/trace/trace_syscalls.o: In function `.L0 ':
      trace_syscalls.c:(.text+0x1152): undefined reference to `__tracepoint_sys_enter'
      trace_syscalls.c:(.text+0x126c): undefined reference to `__tracepoint_sys_enter'
      trace_syscalls.c:(.text+0x1328): undefined reference to `__tracepoint_sys_enter'
      trace_syscalls.c:(.text+0x14aa): undefined reference to `__tracepoint_sys_enter'
      trace_syscalls.c:(.text+0x1684): undefined reference to `__tracepoint_sys_exit'
      trace_syscalls.c:(.text+0x17a0): undefined reference to `__tracepoint_sys_exit'
      trace_syscalls.c:(.text+0x185c): undefined reference to `__tracepoint_sys_exit'
      trace_syscalls.c:(.text+0x19de): undefined reference to `__tracepoint_sys_exit'
      arch/riscv/kernel/ptrace.o: In function `.L0 ':
      ptrace.c:(.text+0x4dc): undefined reference to `__tracepoint_sys_enter'
      ptrace.c:(.text+0x632): undefined reference to `__tracepoint_sys_exit'
      make: *** [Makefile:1036: vmlinux] Error 1
      Signed-off-by: default avatarDavid Abdurachmanov <david.abdurachmanov@gmail.com>
      Fixes: b78002b395b4 ("riscv: add HAVE_SYSCALL_TRACEPOINTS to Kconfig")
      Signed-off-by: default avatarPalmer Dabbelt <palmer@sifive.com>
      008e901b