1. 08 Jun, 2017 7 commits
  2. 07 Jun, 2017 5 commits
  3. 01 Jun, 2017 5 commits
  4. 30 May, 2017 2 commits
  5. 26 May, 2017 3 commits
    • Jan H. Schönherr's avatar
      KVM: x86: Fix virtual wire mode · 52b54190
      Jan H. Schönherr authored
      Intel SDM says, that at most one LAPIC should be configured with ExtINT
      delivery. KVM configures all LAPICs this way. This causes pic_unlock()
      to kick the first available vCPU from the internal KVM data structures.
      If this vCPU is not the BSP, but some not-yet-booted AP, the BSP may
      never realize that there is an interrupt.
      
      Fix that by enabling ExtINT delivery only for the BSP.
      
      This allows booting a Linux guest without a TSC in the above situation.
      Otherwise the BSP gets stuck in calibrate_delay_converge().
      Signed-off-by: default avatarJan H. Schönherr <jschoenh@amazon.de>
      Reviewed-by: default avatarWanpeng Li <wanpeng.li@hotmail.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      52b54190
    • Jan H. Schönherr's avatar
      KVM: nVMX: Fix handling of lmsw instruction · e1d39b17
      Jan H. Schönherr authored
      The decision whether or not to exit from L2 to L1 on an lmsw instruction is
      based on bogus values: instead of using the information encoded within the
      exit qualification, it uses the data also used for the mov-to-cr
      instruction, which boils down to using whatever is in %eax at that point.
      
      Use the correct values instead.
      
      Without this fix, an L1 may not get notified when a 32-bit Linux L2
      switches its secondary CPUs to protected mode; the L1 is only notified on
      the next modification of CR0. This short time window poses a problem, when
      there is some other reason to exit to L1 in between. Then, L2 will be
      resumed in real mode and chaos ensues.
      Signed-off-by: default avatarJan H. Schönherr <jschoenh@amazon.de>
      Reviewed-by: default avatarWanpeng Li <wanpeng.li@hotmail.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      e1d39b17
    • Wanpeng Li's avatar
      KVM: X86: Fix preempt the preemption timer cancel · 5acc1ca4
      Wanpeng Li authored
      Preemption can occur during cancel preemption timer, and there will be
      inconsistent status in lapic, vmx and vmcs field.
      
                CPU0                    CPU1
      
        preemption timer vmexit
        handle_preemption_timer(vCPU0)
          kvm_lapic_expired_hv_timer
            vmx_cancel_hv_timer
              vmx->hv_deadline_tsc = -1
              vmcs_clear_bits
              /* hv_timer_in_use still true */
        sched_out
                                 sched_in
                                 kvm_arch_vcpu_load
                                   vmx_set_hv_timer
                                     write vmx->hv_deadline_tsc
                                     vmcs_set_bits
                                 /* back in kvm_lapic_expired_hv_timer */
                                 hv_timer_in_use = false
                                 ...
                                 vmx_vcpu_run
                                   vmx_arm_hv_run
                                     write preemption timer deadline
                                   spurious preemption timer vmexit
                                     handle_preemption_timer(vCPU0)
                                       kvm_lapic_expired_hv_timer
                                         WARN_ON(!apic->lapic_timer.hv_timer_in_use);
      
      This can be reproduced sporadically during boot of L2 on a
      preemptible L1, causing a splat on L1.
      
       WARNING: CPU: 3 PID: 1952 at arch/x86/kvm/lapic.c:1529 kvm_lapic_expired_hv_timer+0xb5/0xd0 [kvm]
       CPU: 3 PID: 1952 Comm: qemu-system-x86 Not tainted 4.12.0-rc1+ #24 RIP: 0010:kvm_lapic_expired_hv_timer+0xb5/0xd0 [kvm]
        Call Trace:
        handle_preemption_timer+0xe/0x20 [kvm_intel]
        vmx_handle_exit+0xc9/0x15f0 [kvm_intel]
        ? lock_acquire+0xdb/0x250
        ? lock_acquire+0xdb/0x250
        ? kvm_arch_vcpu_ioctl_run+0xdf3/0x1ce0 [kvm]
        kvm_arch_vcpu_ioctl_run+0xe55/0x1ce0 [kvm]
        kvm_vcpu_ioctl+0x384/0x7b0 [kvm]
        ? kvm_vcpu_ioctl+0x384/0x7b0 [kvm]
        ? __fget+0xf3/0x210
        do_vfs_ioctl+0xa4/0x700
        ? __fget+0x114/0x210
        SyS_ioctl+0x79/0x90
        do_syscall_64+0x8f/0x750
        ? trace_hardirqs_on_thunk+0x1a/0x1c
        entry_SYSCALL64_slow_path+0x25/0x25
      
      This patch fixes it by disabling preemption while cancelling
      preemption timer.  This way cancel_hv_timer is atomic with
      respect to kvm_arch_vcpu_load.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Signed-off-by: default avatarWanpeng Li <wanpeng.li@hotmail.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      5acc1ca4
  6. 22 May, 2017 2 commits
    • Linus Torvalds's avatar
      Linux 4.12-rc2 · 08332893
      Linus Torvalds authored
      08332893
    • Linus Torvalds's avatar
      x86: fix 32-bit case of __get_user_asm_u64() · 33c9e972
      Linus Torvalds authored
      The code to fetch a 64-bit value from user space was entirely buggered,
      and has been since the code was merged in early 2016 in commit
      b2f68038 ("x86/mm/32: Add support for 64-bit __get_user() on 32-bit
      kernels").
      
      Happily the buggered routine is almost certainly entirely unused, since
      the normal way to access user space memory is just with the non-inlined
      "get_user()", and the inlined version didn't even historically exist.
      
      The normal "get_user()" case is handled by external hand-written asm in
      arch/x86/lib/getuser.S that doesn't have either of these issues.
      
      There were two independent bugs in __get_user_asm_u64():
      
       - it still did the STAC/CLAC user space access marking, even though
         that is now done by the wrapper macros, see commit 11f1a4b9
         ("x86: reorganize SMAP handling in user space accesses").
      
         This didn't result in a semantic error, it just means that the
         inlined optimized version was hugely less efficient than the
         allegedly slower standard version, since the CLAC/STAC overhead is
         quite high on modern Intel CPU's.
      
       - the double register %eax/%edx was marked as an output, but the %eax
         part of it was touched early in the asm, and could thus clobber other
         inputs to the asm that gcc didn't expect it to touch.
      
         In particular, that meant that the generated code could look like
         this:
      
              mov    (%eax),%eax
              mov    0x4(%eax),%edx
      
         where the load of %edx obviously was _supposed_ to be from the 32-bit
         word that followed the source of %eax, but because %eax was
         overwritten by the first instruction, the source of %edx was
         basically random garbage.
      
      The fixes are trivial: remove the extraneous STAC/CLAC entries, and mark
      the 64-bit output as early-clobber to let gcc know that no inputs should
      alias with the output register.
      
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Benjamin LaHaise <bcrl@kvack.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: stable@kernel.org   # v4.8+
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      33c9e972
  7. 21 May, 2017 7 commits
    • Linus Torvalds's avatar
      Clean up x86 unsafe_get/put_user() type handling · 334a023e
      Linus Torvalds authored
      Al noticed that unsafe_put_user() had type problems, and fixed them in
      commit a7cc722f ("fix unsafe_put_user()"), which made me look more
      at those functions.
      
      It turns out that unsafe_get_user() had a type issue too: it limited the
      largest size of the type it could handle to "unsigned long".  Which is
      fine with the current users, but doesn't match our existing normal
      get_user() semantics, which can also handle "u64" even when that does
      not fit in a long.
      
      While at it, also clean up the type cast in unsafe_put_user().  We
      actually want to just make it an assignment to the expected type of the
      pointer, because we actually do want warnings from types that don't
      convert silently.  And it makes the code more readable by not having
      that one very long and complex line.
      
      [ This patch might become stable material if we ever end up back-porting
        any new users of the unsafe uaccess code, but as things stand now this
        doesn't matter for any current existing uses. ]
      
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      334a023e
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · f3926e4c
      Linus Torvalds authored
      Pull misc uaccess fixes from Al Viro:
       "Fix for unsafe_put_user() (no callers currently in mainline, but
        anyone starting to use it will step into that) + alpha osf_wait4()
        infoleak fix"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        osf_wait4(): fix infoleak
        fix unsafe_put_user()
      f3926e4c
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 970c305a
      Linus Torvalds authored
      Pull scheduler fix from Thomas Gleixner:
       "A single scheduler fix:
      
        Prevent idle task from ever being preempted. That makes sure that
        synchronize_rcu_tasks() which is ignoring idle task does not pretend
        that no task is stuck in preempted state. If that happens and idle was
        preempted on a ftrace trampoline the machine crashes due to
        inconsistent state"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/core: Call __schedule() from do_idle() without enabling preemption
      970c305a
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e7a3d627
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "A set of small fixes for the irq subsystem:
      
         - Cure a data ordering problem with chained interrupts
      
         - Three small fixlets for the mbigen irq chip"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq: Fix chained interrupt data ordering
        irqchip/mbigen: Fix the clear register offset calculation
        irqchip/mbigen: Fix potential NULL dereferencing
        irqchip/mbigen: Fix memory mapping code
      e7a3d627
    • Al Viro's avatar
      osf_wait4(): fix infoleak · a8c39544
      Al Viro authored
      failing sys_wait4() won't fill struct rusage...
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      a8c39544
    • Al Viro's avatar
      fix unsafe_put_user() · a7cc722f
      Al Viro authored
      __put_user_size() relies upon its first argument having the same type as what
      the second one points to; the only other user makes sure of that and
      unsafe_put_user() should do the same.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      a7cc722f
    • Linus Torvalds's avatar
      Merge tag 'trace-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 56f410cf
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
      
       - Fix a bug caused by not cleaning up the new instance unique triggers
         when deleting an instance. It also creates a selftest that triggers
         that bug.
      
       - Fix the delayed optimization happening after kprobes boot up self
         tests being removed by freeing of init memory.
      
       - Comment kprobes on why the delay optimization is not a problem for
         removal of modules, to keep other developers from searching that
         riddle.
      
       - Fix another case of rcu not watching in stack trace tracing.
      
      * tag 'trace-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Make sure RCU is watching before calling a stack trace
        kprobes: Document how optimized kprobes are removed from module unload
        selftests/ftrace: Add test to remove instance with active event triggers
        selftests/ftrace: Fix bashisms
        ftrace: Remove #ifdef from code and add clear_ftrace_function_probes() stub
        ftrace/instances: Clear function triggers when removing instances
        ftrace: Simplify glob handling in unregister_ftrace_function_probe_func()
        tracing/kprobes: Enforce kprobes teardown after testing
        tracing: Move postpone selftests to core from early_initcall
      56f410cf
  8. 20 May, 2017 9 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 894e2164
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A small collection of fixes that should go into this cycle.
      
         - a pull request from Christoph for NVMe, which ended up being
           manually applied to avoid pulling in newer bits in master. Mostly
           fibre channel fixes from James, but also a few fixes from Jon and
           Vijay
      
         - a pull request from Konrad, with just a single fix for xen-blkback
           from Gustavo.
      
         - a fuseblk bdi fix from Jan, fixing a regression in this series with
           the dynamic backing devices.
      
         - a blktrace fix from Shaohua, replacing sscanf() with kstrtoull().
      
         - a request leak fix for drbd from Lars, fixing a regression in the
           last series with the kref changes. This will go to stable as well"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        nvmet: release the sq ref on rdma read errors
        nvmet-fc: remove target cpu scheduling flag
        nvme-fc: stop queues on error detection
        nvme-fc: require target or discovery role for fc-nvme targets
        nvme-fc: correct port role bits
        nvme: unmap CMB and remove sysfs file in reset path
        blktrace: fix integer parse
        fuseblk: Fix warning in super_setup_bdi_name()
        block: xen-blkback: add null check to avoid null pointer dereference
        drbd: fix request leak introduced by locking/atomic, kref: Kill kref_sub()
      894e2164
    • Vijay Immanuel's avatar
      nvmet: release the sq ref on rdma read errors · 549f01ae
      Vijay Immanuel authored
      On rdma read errors, release the sq ref that was taken
      when the req was initialized. This avoids a hang in
      nvmet_sq_destroy() when the queue is being freed.
      Signed-off-by: default avatarVijay Immanuel <vijayi@attalasystems.com>
      Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      549f01ae
    • James Smart's avatar
      nvmet-fc: remove target cpu scheduling flag · 4b8ba5fa
      James Smart authored
      Remove NVMET_FCTGTFEAT_NEEDS_CMD_CPUSCHED. It's unnecessary.
      Signed-off-by: default avatarJames Smart <james.smart@broadcom.com>
      Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      4b8ba5fa
    • James Smart's avatar
      nvme-fc: stop queues on error detection · 2952a879
      James Smart authored
      Per the recommendation by Sagi on:
      http://lists.infradead.org/pipermail/linux-nvme/2017-April/009261.html
      
      Rather than waiting for reset work thread to stop queues and abort the ios,
      immediately stop the queues on error detection. Reset thread will restop
      the queues (as it's called on other paths), but it does not appear to have
      a side effect.
      Signed-off-by: default avatarJames Smart <james.smart@broadcom.com>
      Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      2952a879
    • James Smart's avatar
      nvme-fc: require target or discovery role for fc-nvme targets · 85e6a6ad
      James Smart authored
      In order to create an association, the remoteport must be
      serving either a target role or a discovery role.
      Signed-off-by: default avatarJames Smart <james.smart@broadcom.com>
      Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      85e6a6ad
    • James Smart's avatar
      nvme-fc: correct port role bits · 41231090
      James Smart authored
      FC Port roles is a bit mask, not individual values.
      Correct nvme definitions to unique bits.
      Signed-off-by: default avatarJames Smart <james.smart@broadcom.com>
      Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      41231090
    • Jon Derrick's avatar
      nvme: unmap CMB and remove sysfs file in reset path · f63572df
      Jon Derrick authored
      CMB doesn't get unmapped until removal while getting remapped on every
      reset. Add the unmapping and sysfs file removal to the reset path in
      nvme_pci_disable to match the mapping path in nvme_pci_enable.
      
      Fixes: 202021c1 ("nvme : Add sysfs entry for NVMe CMBs when appropriate")
      Signed-off-by: default avatarJon Derrick <jonathan.derrick@intel.com>
      Acked-by: default avatarKeith Busch <keith.busch@intel.com>
      Reviewed-By: default avatarStephen Bates <sbates@raithlin.com>
      Cc: <stable@vger.kernel.org> # 4.9+
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      f63572df
    • Linus Torvalds's avatar
      Merge tag 'staging-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · ef82f1ad
      Linus Torvalds authored
      Pull staging driver fixes from Greg KH:
       "Here are a number of staging driver fixes for 4.12-rc2
      
        Most of them are typec driver fixes found by reviewers and users of
        the code. There are also some removals of files no longer needed in
        the tree due to the ion driver rewrite in 4.12-rc1, as well as some
        wifi driver fixes. And to round it out, a MAINTAINERS file update.
      
        All have been in linux-next with no reported issues"
      
      * tag 'staging-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (22 commits)
        MAINTAINERS: greybus-dev list is members-only
        staging: fsl-dpaa2/eth: add ETHERNET dependency
        staging: typec: fusb302: refactor resume retry mechanism
        staging: typec: fusb302: reset i2c_busy state in error
        staging: rtl8723bs: remove re-positioned call to kfree in os_dep/ioctl_cfg80211.c
        staging: rtl8192e: GetTs Fix invalid TID 7 warning.
        staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD.
        staging: rtl8192e: fix 2 byte alignment of register BSSIDR.
        staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory.
        staging: vc04_services: Fix bulk cache maintenance
        staging: ccree: remove extraneous spin_unlock_bh() in error handler
        staging: typec: Fix sparse warnings about incorrect types
        staging: typec: fusb302: do not free gpio from managed resource
        staging: typec: tcpm: Fix Port Power Role field in PS_RDY messages
        staging: typec: tcpm: Respond to Discover Identity commands
        staging: typec: tcpm: Set correct flags in PD request messages
        staging: typec: tcpm: Drop duplicate PD messages
        staging: typec: fusb302: Fix chip->vbus_present init value
        staging: typec: fusb302: Fix module autoload
        staging: typec: tcpci: declare private structure as static
        ...
      ef82f1ad
    • Linus Torvalds's avatar
      Merge tag 'usb-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 32026293
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a number of small USB fixes for 4.12-rc2
      
        Most of them come from Johan, in his valiant quest to fix up all
        drivers that could be affected by "malicious" USB devices. There's
        also some fixes for more "obscure" drivers to handle some of the
        vmalloc stack fallout (which for USB drivers, was always the case, but
        very few people actually ran those systems...)
      
        Other than that, the normal set of xhci and gadget and musb driver
        fixes as well.
      
        All have been in linux-next with no reported issues"
      
      * tag 'usb-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (42 commits)
        usb: musb: tusb6010_omap: Do not reset the other direction's packet size
        usb: musb: Fix trying to suspend while active for OTG configurations
        usb: host: xhci-plat: propagate return value of platform_get_irq()
        xhci: Fix command ring stop regression in 4.11
        xhci: remove GFP_DMA flag from allocation
        USB: xhci: fix lock-inversion problem
        usb: host: xhci-ring: don't need to clear interrupt pending for MSI enabled hcd
        usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
        xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton
        usb: xhci: trace URB before giving it back instead of after
        USB: serial: qcserial: add more Lenovo EM74xx device IDs
        USB: host: xhci: use max-port define
        USB: hub: fix SS max number of ports
        USB: hub: fix non-SS hub-descriptor handling
        USB: hub: fix SS hub-descriptor handling
        USB: usbip: fix nonconforming hub descriptor
        USB: gadget: dummy_hcd: fix hub-descriptor removable fields
        doc-rst: fixed kernel-doc directives in usb/typec.rst
        USB: core: of: document reference taken by companion helper
        USB: ehci-platform: fix companion-device leak
        ...
      32026293