1. 04 Sep, 2019 2 commits
    • Gustavo Romero's avatar
      powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts · a8318c13
      Gustavo Romero authored
      When in userspace and MSR FP=0 the hardware FP state is unrelated to
      the current process. This is extended for transactions where if tbegin
      is run with FP=0, the hardware checkpoint FP state will also be
      unrelated to the current process. Due to this, we need to ensure this
      hardware checkpoint is updated with the correct state before we enable
      FP for this process.
      
      Unfortunately we get this wrong when returning to a process from a
      hardware interrupt. A process that starts a transaction with FP=0 can
      take an interrupt. When the kernel returns back to that process, we
      change to FP=1 but with hardware checkpoint FP state not updated. If
      this transaction is then rolled back, the FP registers now contain the
      wrong state.
      
      The process looks like this:
         Userspace:                      Kernel
      
                     Start userspace
                      with MSR FP=0 TM=1
                        < -----
         ...
         tbegin
         bne
                     Hardware interrupt
                         ---- >
                                          <do_IRQ...>
                                          ....
                                          ret_from_except
                                            restore_math()
      				        /* sees FP=0 */
                                              restore_fp()
                                                tm_active_with_fp()
      					    /* sees FP=1 (Incorrect) */
                                                load_fp_state()
                                              FP = 0 -> 1
                        < -----
                     Return to userspace
                       with MSR TM=1 FP=1
                       with junk in the FP TM checkpoint
         TM rollback
         reads FP junk
      
      When returning from the hardware exception, tm_active_with_fp() is
      incorrectly making restore_fp() call load_fp_state() which is setting
      FP=1.
      
      The fix is to remove tm_active_with_fp().
      
      tm_active_with_fp() is attempting to handle the case where FP state
      has been changed inside a transaction. In this case the checkpointed
      and transactional FP state is different and hence we must restore the
      FP state (ie. we can't do lazy FP restore inside a transaction that's
      used FP). It's safe to remove tm_active_with_fp() as this case is
      handled by restore_tm_state(). restore_tm_state() detects if FP has
      been using inside a transaction and will set load_fp and call
      restore_math() to ensure the FP state (checkpoint and transaction) is
      restored.
      
      This is a data integrity problem for the current process as the FP
      registers are corrupted. It's also a security problem as the FP
      registers from one process may be leaked to another.
      
      Similarly for VMX.
      
      A simple testcase to replicate this will be posted to
      tools/testing/selftests/powerpc/tm/tm-poison.c
      
      This fixes CVE-2019-15031.
      
      Fixes: a7771176 ("powerpc: Don't enable FP/Altivec if not checkpointed")
      Cc: stable@vger.kernel.org # 4.15+
      Signed-off-by: default avatarGustavo Romero <gromero@linux.ibm.com>
      Signed-off-by: default avatarMichael Neuling <mikey@neuling.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20190904045529.23002-2-gromero@linux.vnet.ibm.com
      a8318c13
    • Gustavo Romero's avatar
      powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction · 8205d5d9
      Gustavo Romero authored
      When we take an FP unavailable exception in a transaction we have to
      account for the hardware FP TM checkpointed registers being
      incorrect. In this case for this process we know the current and
      checkpointed FP registers must be the same (since FP wasn't used
      inside the transaction) hence in the thread_struct we copy the current
      FP registers to the checkpointed ones.
      
      This copy is done in tm_reclaim_thread(). We use thread->ckpt_regs.msr
      to determine if FP was on when in userspace. thread->ckpt_regs.msr
      represents the state of the MSR when exiting userspace. This is setup
      by check_if_tm_restore_required().
      
      Unfortunatley there is an optimisation in giveup_all() which returns
      early if tsk->thread.regs->msr (via local variable `usermsr`) has
      FP=VEC=VSX=SPE=0. This optimisation means that
      check_if_tm_restore_required() is not called and hence
      thread->ckpt_regs.msr is not updated and will contain an old value.
      
      This can happen if due to load_fp=255 we start a userspace process
      with MSR FP=1 and then we are context switched out. In this case
      thread->ckpt_regs.msr will contain FP=1. If that same process is then
      context switched in and load_fp overflows, MSR will have FP=0. If that
      process now enters a transaction and does an FP instruction, the FP
      unavailable will not update thread->ckpt_regs.msr (the bug) and MSR
      FP=1 will be retained in thread->ckpt_regs.msr.  tm_reclaim_thread()
      will then not perform the required memcpy and the checkpointed FP regs
      in the thread struct will contain the wrong values.
      
      The code path for this happening is:
      
             Userspace:                      Kernel
                         Start userspace
                          with MSR FP/VEC/VSX/SPE=0 TM=1
                            < -----
             ...
             tbegin
             bne
             fp instruction
                         FP unavailable
                             ---- >
                                              fp_unavailable_tm()
      					  tm_reclaim_current()
      					    tm_reclaim_thread()
      					      giveup_all()
      					        return early since FP/VMX/VSX=0
      						/* ckpt MSR not updated (Incorrect) */
      					      tm_reclaim()
      					        /* thread_struct ckpt FP regs contain junk (OK) */
                                                    /* Sees ckpt MSR FP=1 (Incorrect) */
      					      no memcpy() performed
      					        /* thread_struct ckpt FP regs not fixed (Incorrect) */
      					  tm_recheckpoint()
      					     /* Put junk in hardware checkpoint FP regs */
                                               ....
                            < -----
                         Return to userspace
                           with MSR TM=1 FP=1
                           with junk in the FP TM checkpoint
             TM rollback
             reads FP junk
      
      This is a data integrity problem for the current process as the FP
      registers are corrupted. It's also a security problem as the FP
      registers from one process may be leaked to another.
      
      This patch moves up check_if_tm_restore_required() in giveup_all() to
      ensure thread->ckpt_regs.msr is updated correctly.
      
      A simple testcase to replicate this will be posted to
      tools/testing/selftests/powerpc/tm/tm-poison.c
      
      Similarly for VMX.
      
      This fixes CVE-2019-15030.
      
      Fixes: f48e91e8 ("powerpc/tm: Fix FP and VMX register corruption")
      Cc: stable@vger.kernel.org # 4.12+
      Signed-off-by: default avatarGustavo Romero <gromero@linux.vnet.ibm.com>
      Signed-off-by: default avatarMichael Neuling <mikey@neuling.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20190904045529.23002-1-gromero@linux.vnet.ibm.com
      8205d5d9
  2. 12 Aug, 2019 1 commit
  3. 31 Jul, 2019 3 commits
  4. 30 Jul, 2019 2 commits
    • Michael Ellerman's avatar
      powerpc/spe: Mark expected switch fall-throughs · 7db57e77
      Michael Ellerman authored
      Mark switch cases where we are expecting to fall through.
      
      Fixes errors such as below, seen with mpc85xx_defconfig:
      
        arch/powerpc/kernel/align.c: In function 'emulate_spe':
        arch/powerpc/kernel/align.c:178:8: error: this statement may fall through
          ret |= __get_user_inatomic(temp.v[3], p++);
              ^~
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20190730141917.21817-1-mpe@ellerman.id.au
      7db57e77
    • Aneesh Kumar K.V's avatar
      powerpc/nvdimm: Pick nearby online node if the device node is not online · da1115fd
      Aneesh Kumar K.V authored
      Currently, nvdimm subsystem expects the device numa node for SCM device to be
      an online node. It also doesn't try to bring the device numa node online. Hence
      if we use a non-online numa node as device node we hit crashes like below. This
      is because we try to access uninitialized NODE_DATA in different code paths.
      
      cpu 0x0: Vector: 300 (Data Access) at [c0000000fac53170]
          pc: c0000000004bbc50: ___slab_alloc+0x120/0xca0
          lr: c0000000004bc834: __slab_alloc+0x64/0xc0
          sp: c0000000fac53400
         msr: 8000000002009033
         dar: 73e8
       dsisr: 80000
        current = 0xc0000000fabb6d80
        paca    = 0xc000000003870000   irqmask: 0x03   irq_happened: 0x01
          pid   = 7, comm = kworker/u16:0
      Linux version 5.2.0-06234-g76bd729b2644 (kvaneesh@ltc-boston123) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #135 SMP Thu Jul 11 05:36:30 CDT 2019
      enter ? for help
      [link register   ] c0000000004bc834 __slab_alloc+0x64/0xc0
      [c0000000fac53400] c0000000fac53480 (unreliable)
      [c0000000fac53500] c0000000004bc818 __slab_alloc+0x48/0xc0
      [c0000000fac53560] c0000000004c30a0 __kmalloc_node_track_caller+0x3c0/0x6b0
      [c0000000fac535d0] c000000000cfafe4 devm_kmalloc+0x74/0xc0
      [c0000000fac53600] c000000000d69434 nd_region_activate+0x144/0x560
      [c0000000fac536d0] c000000000d6b19c nd_region_probe+0x17c/0x370
      [c0000000fac537b0] c000000000d6349c nvdimm_bus_probe+0x10c/0x230
      [c0000000fac53840] c000000000cf3cc4 really_probe+0x254/0x4e0
      [c0000000fac538d0] c000000000cf429c driver_probe_device+0x16c/0x1e0
      [c0000000fac53950] c000000000cf0b44 bus_for_each_drv+0x94/0x130
      [c0000000fac539b0] c000000000cf392c __device_attach+0xdc/0x200
      [c0000000fac53a50] c000000000cf231c bus_probe_device+0x4c/0xf0
      [c0000000fac53a90] c000000000ced268 device_add+0x528/0x810
      [c0000000fac53b60] c000000000d62a58 nd_async_device_register+0x28/0xa0
      [c0000000fac53bd0] c0000000001ccb8c async_run_entry_fn+0xcc/0x1f0
      [c0000000fac53c50] c0000000001bcd9c process_one_work+0x46c/0x860
      [c0000000fac53d20] c0000000001bd4f4 worker_thread+0x364/0x5f0
      [c0000000fac53db0] c0000000001c7260 kthread+0x1b0/0x1c0
      [c0000000fac53e20] c00000000000b954 ret_from_kernel_thread+0x5c/0x68
      
      The patch tries to fix this by picking the nearest online node as the SCM node.
      This does have a problem of us losing the information that SCM node is
      equidistant from two other online nodes. If applications need to understand these
      fine-grained details we should express then like x86 does via
      /sys/devices/system/node/nodeX/accessY/initiators/
      
      With the patch we get
      
       # numactl -H
      available: 2 nodes (0-1)
      node 0 cpus:
      node 0 size: 0 MB
      node 0 free: 0 MB
      node 1 cpus: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
      node 1 size: 130865 MB
      node 1 free: 129130 MB
      node distances:
      node   0   1
        0:  10  20
        1:  20  10
       # cat /sys/bus/nd/devices/region0/numa_node
      0
       # dmesg | grep papr_scm
      [   91.332305] papr_scm ibm,persistent-memory:ibm,pmemory@44104001: Region registered with target node 2 and online node 0
      Signed-off-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20190729095128.23707-1-aneesh.kumar@linux.ibm.com
      da1115fd
  5. 29 Jul, 2019 1 commit
  6. 28 Jul, 2019 14 commits
    • Michael Ellerman's avatar
      powerpc: Wire up clone3 syscall · cee3536d
      Michael Ellerman authored
      Wire up the new clone3 syscall added in commit 7f192e3c ("fork:
      add clone3").
      
      This requires a ppc_clone3 wrapper, in order to save the non-volatile
      GPRs before calling into the generic syscall code. Otherwise we hit
      the BUG_ON in CHECK_FULL_REGS in copy_thread().
      
      Lightly tested using Christian's test code on a Power8 LE VM.
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Acked-by: default avatarChristian Brauner <christian@brauner.io>
      Link: https://lore.kernel.org/r/20190724140259.23554-1-mpe@ellerman.id.au
      cee3536d
    • Linus Torvalds's avatar
      Linux 5.3-rc2 · 609488bc
      Linus Torvalds authored
      609488bc
    • Linus Torvalds's avatar
      Merge tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · c622fc5f
      Linus Torvalds authored
      Pull structleak fix from Kees Cook:
       "Disable gcc-based stack variable auto-init under KASAN (Arnd
        Bergmann).
      
        This fixes a bunch of build warnings under KASAN and the
        gcc-plugin-based stack auto-initialization features (which are
        arguably redundant, so better to let KASAN control this)"
      
      * tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
      c622fc5f
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v5.3' of... · 8e61ea11
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - add compile_commands.json to .gitignore
      
       - fix false-positive warning from gen_compile_commands.py after
         allnoconfig build
      
       - remove unused code
      
      * tag 'kbuild-fixes-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kbuild: remove unused single-used-m
        gen_compile_commands: lower the entry count threshold
        .gitignore: Add compilation database file
        kbuild: remove unused objectify macro
      8e61ea11
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 04ce9318
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small char and misc driver fixes for 5.3-rc2 to resolve
        some reported issues.
      
        Nothing major at all, some binder bugfixes for issues found, some new
        mei device ids, firmware building warning fixes, habanalabs fixes, a
        few other build fixes, and a MAINTAINERS update.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'char-misc-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        test_firmware: fix a memory leak bug
        hpet: Fix division by zero in hpet_time_div()
        eeprom: make older eeprom drivers select NVMEM_SYSFS
        vmw_balloon: Remove Julien from the maintainers list
        fpga-manager: altera-ps-spi: Fix build error
        mei: me: add mule creek canyon (EHL) device ids
        binder: prevent transactions to context manager from its own process.
        binder: Set end of SG buffer area properly.
        firmware: Fix missing inline
        firmware: fix build errors in paged buffer handling code
        habanalabs: don't reset device when getting VRHOT
        habanalabs: use %pad for printing a dma_addr_t
      04ce9318
    • Linus Torvalds's avatar
      Merge tag 'tty-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 572782b2
      Linus Torvalds authored
      Pull tty fixes from Greg KH:
       "Here are two tty/vt fixes:
      
         - delete the netx-serial driver as the arch has been removed, no need
           to keep the serial driver for it around either.
      
         - vt console_lock fix to resolve a reported noisy warning at runtime
      
        Both of these have been in linux-next with no reported issues"
      
      * tag 'tty-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        vt: Grab console_lock around con_is_bound in show_bind
        tty: serial: netx: Delete driver
      572782b2
    • Linus Torvalds's avatar
      Merge tag 'spdx-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx · ad28fd1c
      Linus Torvalds authored
      Pull SPDX fixes from Greg KH:
       "Here are some small SPDX fixes for 5.3-rc2 for things that came in
        during the 5.3-rc1 merge window that we previously missed.
      
        Only three small patches here:
      
         - two uapi patches to resolve some SPDX tags that were not correct
      
         - fix an invalid SPDX tag in the iomap Makefile file
      
        All have been properly reviewed on the public mailing lists"
      
      * tag 'spdx-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx:
        iomap: fix Invalid License ID
        treewide: remove SPDX "WITH Linux-syscall-note" from kernel-space headers again
        treewide: add "WITH Linux-syscall-note" to SPDX tag of uapi headers
      ad28fd1c
    • Linus Torvalds's avatar
      Merge tag 'usb-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 29af915c
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some small fixes for 5.3-rc2. All of these resolve some
        reported issues, some more than others :)
      
        Included in here is:
      
         - xhci fix for an annoying issue with odd devices
      
         - reversion of some usb251xb patches that should not have been merged
      
         - usb pci quirk additions and fixups
      
         - usb storage fix
      
         - usb host controller error test fix
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        xhci: Fix crash if scatter gather is used with Immediate Data Transfer (IDT).
        usb: usb251xb: Reallow swap-dx-lanes to apply to the upstream port
        Revert "usb: usb251xb: Add US port lanes inversion property"
        Revert "usb: usb251xb: Add US lanes inversion dts-bindings"
        usb: wusbcore: fix unbalanced get/put cluster_id
        usb/hcd: Fix a NULL vs IS_ERR() bug in usb_hcd_setup_local_mem()
        usb-storage: Add a limitation for blk_queue_max_hw_sectors()
        usb: pci-quirks: Minor cleanup for AMD PLL quirk
        usb: pci-quirks: Correct AMD PLL quirk detection
      29af915c
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 5bb575bc
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "Here's the first batch of fixes for this release cycle.
      
        Main diffstat here is the re-deletion of netx. I messed up and most
        likely didn't remove the files from the index when I test-merged this
        and saw conflicts, and from there on out 'git rerere' remembered the
        mistake and I missed checking it. Here it's done again as expected.
      
        Besides that:
      
         - A defconfig refresh + enabling of new drivers for u8500
      
         - i.MX fixlets for i2c/SAI/pinmux
      
         - sleep.S build fix for Davinci
      
         - Broadcom devicetree build/warning fix"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        ARM: defconfig: u8500: Add new drivers
        ARM: defconfig: u8500: Refresh defconfig
        ARM: dts: bcm: bcm47094: add missing #cells for mdio-bus-mux
        ARM: davinci: fix sleep.S build error on ARMv4
        arm64: dts: imx8mq: fix SAI compatible
        arm64: dts: imx8mm: Correct SAI3 RXC/TXFS pin's mux option #1
        ARM: dts: imx6ul: fix clock frequency property name of I2C buses
        ARM: Delete netx a second time
        ARM: dts: imx7ulp: Fix usb-phy unit address format
      5bb575bc
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a9815a4f
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A set of x86 fixes and functional updates:
      
         - Prevent stale huge I/O TLB mappings on 32bit. A long standing bug
           which got exposed by KPTI support for 32bit
      
         - Prevent bogus access_ok() warnings in arch_stack_walk_user()
      
         - Add display quirks for Lenovo devices which have height and width
           swapped
      
         - Add the missing CR2 fixup for 32 bit async pagefaults. Fallout of
           the CR2 bug fix series.
      
         - Unbreak handling of force enabled HPET by moving the 'is HPET
           counting' check back to the original place.
      
         - A more accurate check for running on a hypervisor platform in the
           MDS mitigation code. Not perfect, but more accurate than the
           previous one.
      
         - Update a stale and confusing comment vs. IRQ stacks"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/speculation/mds: Apply more accurate check on hypervisor platform
        x86/hpet: Undo the early counter is counting check
        x86/entry/32: Pass cr2 to do_async_page_fault()
        x86/irq/64: Update stale comment
        x86/sysfb_efi: Add quirks for some devices with swapped width and height
        x86/stacktrace: Prevent access_ok() warnings in arch_stack_walk_user()
        mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
        x86/mm: Sync also unmappings in vmalloc_sync_all()
        x86/mm: Check for pfn instead of page in vmalloc_sync_one()
      a9815a4f
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e24ce84e
      Linus Torvalds authored
      Pull scheduler fixes from Thomas Gleixner:
       "Two fixes for the fair scheduling class:
      
         - Prevent freeing memory which is accessible by concurrent readers
      
         - Make the RCU annotations for numa groups consistent"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/fair: Use RCU accessors consistently for ->numa_group
        sched/fair: Don't free p->numa_faults with concurrent readers
      e24ce84e
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 750991f9
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
       "A pile of perf related fixes:
      
        Kernel:
         - Fix SLOTS PEBS event constraints for Icelake CPUs
      
         - Add the missing mask bit to allow counting hardware generated
           prefetches on L3 for Icelake CPUs
      
         - Make the test for hypervisor platforms more accurate (as far as
           possible)
      
         - Handle PMUs correctly which override event->cpu
      
         - Yet another missing fallthrough annotation
      
        Tools:
           perf.data:
              - Fix loading of compressed data split across adjacent records
              - Fix buffer size setting for processing CPU topology perf.data
                header.
      
           perf stat:
              - Fix segfault for event group in repeat mode
              - Always separate "stalled cycles per insn" line, it was being
                appended to the "instructions" line.
      
           perf script:
              - Fix --max-blocks man page description.
              - Improve man page description of metrics.
              - Fix off by one in brstackinsn IPC computation.
      
           perf probe:
              - Avoid calling freeing routine multiple times for same pointer.
      
           perf build:
              - Do not use -Wshadow on gcc < 4.8, avoiding too strict warnings
                treated as errors, breaking the build"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/intel: Mark expected switch fall-throughs
        perf/core: Fix creating kernel counters for PMUs that override event->cpu
        perf/x86: Apply more accurate check on hypervisor platform
        perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x register
        perf/x86/intel: Fix SLOTS PEBS event constraint
        perf build: Do not use -Wshadow on gcc < 4.8
        perf probe: Avoid calling freeing routine multiple times for same pointer
        perf probe: Set pev->nargs to zero after freeing pev->args entries
        perf session: Fix loading of compressed data split across adjacent records
        perf stat: Always separate stalled cycles per insn
        perf stat: Fix segfault for event group in repeat mode
        perf tools: Fix proper buffer size for feature processing
        perf script: Fix off by one in brstackinsn IPC computation
        perf script: Improve man page description of metrics
        perf script: Fix --max-blocks man page description
      750991f9
    • Linus Torvalds's avatar
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 431f288e
      Linus Torvalds authored
      Pull locking fixes from Thomas Gleixner:
       "A set of locking fixes:
      
         - Address the fallout of the rwsem rework. Missing ACQUIREs and a
           sanity check to prevent a use-after-free
      
         - Add missing checks for unitialized mutexes when mutex debugging is
           enabled.
      
         - Remove the bogus code in the generic SMP variant of
           arch_futex_atomic_op_inuser()
      
         - Fixup the #ifdeffery in lockdep to prevent compile warnings"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/mutex: Test for initialized mutex
        locking/lockdep: Clean up #ifdef checks
        locking/lockdep: Hide unused 'class' variable
        locking/rwsem: Add ACQUIRE comments
        tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
        lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop
        locking/rwsem: Add missing ACQUIRE to read_slowpath exit when queue is empty
        locking/rwsem: Don't call owner_on_cpu() on read-owner
        futex: Cleanup generic SMP variant of arch_futex_atomic_op_inuser()
      431f288e
    • Linus Torvalds's avatar
      Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 13fbe991
      Linus Torvalds authored
      Pull objtool fix from Thomas Gleixner:
       "A single robustness fix for objtool to handle unbalanced CLAC
        invocations under all circumstances"
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        objtool: Improve UACCESS coverage
      13fbe991
  7. 27 Jul, 2019 10 commits
    • Linus Torvalds's avatar
      Merge tag 'Wimplicit-fallthrough-5.3-rc2' of... · 88c50834
      Linus Torvalds authored
      Merge tag 'Wimplicit-fallthrough-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux
      
      Pull Wimplicit-fallthrough enablement from Gustavo A. R. Silva:
       "This marks switch cases where we are expecting to fall through, and
        globally enables the -Wimplicit-fallthrough option in the main
        Makefile.
      
        Finally, some missing-break fixes that have been tagged for -stable:
      
         - drm/amdkfd: Fix missing break in switch statement
      
         - drm/amdgpu/gfx10: Fix missing break in switch statement
      
        With these changes, we completely get rid of all the fall-through
        warnings in the kernel"
      
      * tag 'Wimplicit-fallthrough-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux:
        Makefile: Globally enable fall-through warning
        drm/i915: Mark expected switch fall-throughs
        drm/amd/display: Mark expected switch fall-throughs
        drm/amdkfd/kfd_mqd_manager_v10: Avoid fall-through warning
        drm/amdgpu/gfx10: Fix missing break in switch statement
        drm/amdkfd: Fix missing break in switch statement
        perf/x86/intel: Mark expected switch fall-throughs
        mtd: onenand_base: Mark expected switch fall-through
        afs: fsclient: Mark expected switch fall-throughs
        afs: yfsclient: Mark expected switch fall-throughs
        can: mark expected switch fall-throughs
        firewire: mark expected switch fall-throughs
      88c50834
    • Linus Torvalds's avatar
      Merge tag 's390-5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 43e317c1
      Linus Torvalds authored
      Pull s390 updates from Heiko Carstens:
      
       - Add ABI to kernel image file which allows e.g. the file utility to
         figure out the kernel version.
      
       - Wire up clone3 system call.
      
       - Add support for kasan bitops instrumentation.
      
       - uapi header cleanup: use __u{16,32,64} instead of uint{16,32,64}_t.
      
       - Provide proper ARCH_ZONE_DMA_BITS so the s390 DMA zone is correctly
         defined with 2 GB instead of the default value of 1 MB.
      
       - Farhan Ali leaves the group of vfio-ccw maintainers.
      
       - Various small vfio-ccw fixes.
      
       - Add missing locking for airq_areas array in virtio code.
      
       - Minor qdio improvements.
      
      * tag 's390-5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        MAINTAINERS: vfio-ccw: Remove myself as the maintainer
        s390/mm: use shared variables for sysctl range check
        virtio/s390: fix race on airq_areas[]
        s390/dma: provide proper ARCH_ZONE_DMA_BITS value
        s390/kasan: add bitops instrumentation
        s390/bitops: make test functions return bool
        s390: wire up clone3 system call
        kbuild: enable arch/s390/include/uapi/asm/zcrypt.h for uapi header test
        s390: use __u{16,32,64} instead of uint{16,32,64}_t in uapi header
        s390/hypfs: fix a typo in the name of a function
        s390/qdio: restrict QAOB usage to IQD unicast queues
        s390/qdio: add sanity checks to the fast-requeue path
        s390: enable detection of kernel version from bzImage
        Documentation: fix vfio-ccw doc
        vfio-ccw: Update documentation for csch/hsch
        vfio-ccw: Don't call cp_free if we are processing a channel program
        vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
        vfio-ccw: Fix memory leak and don't call cp_free in cp_init
        vfio-ccw: Fix misleading comment when setting orb.cmd.c64
      43e317c1
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 5efbd937
      Linus Torvalds authored
      Pull Devicetree fixes from Rob Herring:
       "The nvmem changes would typically go thru Greg's tree, but they were
        missed in the merge window. [ Acked by Greg ]
      
        Summary:
      
         - Fix mismatches in $id values and actual filenames. Now checked by
           tools.
      
         - Convert nvmem binding to DT schema
      
         - Fix a typo in of_property_read_bool() kerneldoc
      
         - Remove some redundant description in al-fic interrupt-controller"
      
      * tag 'devicetree-fixes-for-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        dt-bindings: Fix more $id value mismatches filenames
        dt-bindings: nvmem: SID: Fix the examples node names
        dt-bindings: nvmem: Add YAML schemas for the generic NVMEM bindings
        of: Fix typo in kerneldoc
        dt-bindings: interrupt-controller: al-fic: remove redundant binding
        dt-bindings: clk: allwinner,sun4i-a10-ccu: Correct path in $id
      5efbd937
    • Linus Torvalds's avatar
      Merge tag 'libnvdimm-fixes-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 523634db
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
       "A collection of locking and async operations fixes for v5.3-rc2. These
        had been soaking in a branch targeting the merge window, but missed
        due to a regression hunt. This fixed up version has otherwise been in
        -next this past week with no reported issues.
      
        In order to gain confidence in the locking changes the pull also
        includes a debug / instrumentation patch to enable lockdep coverage
        for libnvdimm subsystem operations that depend on the device_lock for
        exclusion. As mentioned in the changelog it is a hack, but it works
        and documents the locking expectations of the sub-system in a way that
        others can use lockdep to verify. The driver core touches got an ack
        from Greg.
      
        Summary:
      
         - Fix duplicate device_unregister() calls (multiple threads competing
           to do unregister work when scheduling device removal from a sysfs
           attribute of the self-same device).
      
         - Fix badblocks registration order bug. Ensure region badblocks are
           initialized in advance of namespace registration.
      
         - Fix a deadlock between the bus lock and probe operations.
      
         - Export device-core infrastructure to coordinate async operations
           via the device ->dead state.
      
         - Add device-core infrastructure to validate device_lock() usage with
           lockdep"
      
      * tag 'libnvdimm-fixes-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        driver-core, libnvdimm: Let device subsystems add local lockdep coverage
        libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
        libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
        libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
        libnvdimm/region: Register badblocks before namespaces
        libnvdimm/bus: Prevent duplicate device_unregister() calls
        drivers/base: Introduce kill_device()
      523634db
    • Masahiro Yamada's avatar
      kbuild: remove unused single-used-m · b25e8a23
      Masahiro Yamada authored
      This is unused since commit 9f69a496 ("kbuild: split out *.mod out
      of {single,multi}-used-m rules").
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      b25e8a23
    • Masahiro Yamada's avatar
      gen_compile_commands: lower the entry count threshold · cb36955a
      Masahiro Yamada authored
      Running gen_compile_commands.py after building the kernel with
      allnoconfig gave this:
      
      $ ./scripts/gen_compile_commands.py
      WARNING: Found 449 entries. Have you compiled the kernel?
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      cb36955a
    • Toru Komatsu's avatar
      .gitignore: Add compilation database file · 26c4c71b
      Toru Komatsu authored
      This file is used by clangd to use language server protocol.
      It can be generated at each compile using scripts/gen_compile_commands.py.
      Therefore it is different depending on the environment and should be
      ignored.
      Signed-off-by: default avatarToru Komatsu <k0ma@utam0k.jp>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      26c4c71b
    • Masahiro Yamada's avatar
      kbuild: remove unused objectify macro · b2eff092
      Masahiro Yamada authored
      Commit 415008af ("docs-rst: convert lsm from DocBook to ReST")
      removed the last users of this macro.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      b2eff092
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20190726-2' of git://git.kernel.dk/linux-block · 5168afe6
      Linus Torvalds authored
      Pull block DMA segment fix from Jens Axboe:
       "Here's the virtual boundary segment size fix"
      
      * tag 'for-linus-20190726-2' of git://git.kernel.dk/linux-block:
        block: fix max segment size handling in blk_queue_virt_boundary
      5168afe6
    • Linus Torvalds's avatar
      Merge tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux · 40233e7c
      Linus Torvalds authored
      Pull selinux fix from Paul Moore:
       "One small SELinux patch to add some proper bounds/overflow checking
        when adding a new sid/secid"
      
      * tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
        selinux: check sidtab limit before adding a new entry
      40233e7c
  8. 26 Jul, 2019 7 commits
    • Rob Herring's avatar
      dt-bindings: Fix more $id value mismatches filenames · e1ff7390
      Rob Herring authored
      The path in the schema '$id' values are wrong. Fix them.
      Signed-off-by: default avatarRob Herring <robh@kernel.org>
      e1ff7390
    • Maxime Ripard's avatar
      dt-bindings: nvmem: SID: Fix the examples node names · ce842e73
      Maxime Ripard authored
      Now that the examples are validated, the examples in the SID binding
      generates an error since the node names aren't one of the valid ones.
      
      Let's switch for one that is ok.
      Signed-off-by: default avatarMaxime Ripard <maxime.ripard@bootlin.com>
      Signed-off-by: default avatarRob Herring <robh@kernel.org>
      ce842e73
    • Maxime Ripard's avatar
      dt-bindings: nvmem: Add YAML schemas for the generic NVMEM bindings · c61f0256
      Maxime Ripard authored
      The nvmem providers and consumers have a bunch of generic properties that
      are needed in a device tree. Add a YAML schemas for those.
      Reviewed-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarMaxime Ripard <maxime.ripard@bootlin.com>
      [Srini: Changed licence to (GPL-2.0 OR BSD-2-Clause)]
      Signed-off-by: default avatarSrinivas Kandagatla <srinivas.kandagatla@linaro.org>
      Signed-off-by: default avatarRob Herring <robh@kernel.org>
      c61f0256
    • Thierry Reding's avatar
      of: Fix typo in kerneldoc · f1765a18
      Thierry Reding authored
      "Findfrom" is not a word. Replace the function synopsis by something
      that makes sense.
      Signed-off-by: default avatarThierry Reding <treding@nvidia.com>
      Signed-off-by: default avatarRob Herring <robh@kernel.org>
      f1765a18
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · a6898389
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Nine fixes: The most important core one is the dma_max_mapping_size
        fix that corrects the boot problem Gunter Roeck was having. A couple
        of other driver only fixes are significant, like the cxgbi selector
        support addition, the alua 2 second delay and the fdomain build fix"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
        scsi: ibmvfc: fix WARN_ON during event pool release
        scsi: fcoe: fix a typo
        scsi: megaraid_sas: Make some functions static
        scsi: megaraid_sas: fix panic on loading firmware crashdump
        scsi: megaraid_sas: fix spelling mistake "megarid_sas" -> "megaraid_sas"
        scsi: core: fix the dma_max_mapping_size call
        scsi: fdomain: fix building pcmcia front-end
        scsi: target: cxgbit: add support for IEEE_8021QAZ_APP_SEL_STREAM selector
      a6898389
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2019-07-26' of git://anongit.freedesktop.org/drm/drm · e2921f9f
      Linus Torvalds authored
      Pull drm fixes from Daniel Vetter:
       "Dave seems to collect an entire streak of things happening, so again
        me typing pull summary.
      
        Nothing nefarious here, most of the fixes are for new stuff or things
        users won't see. The amd-display patches are a bit different, and very
        much look like they should have at least some cc: stable tags. Might
        be amd is a bit too comfortable with their internal tree and not
        enough looking at upstream. Dave&me are looking into this, in case
        something needs rectified with process here.
      
        Also no intel fixes pull, but intel CI is general become rather good,
        still I guess expect a notch more for -rc3.
      
        Summary:
      
        amdgpu:
         - fixes for (new in 5.3) hw support (vega20, navi)
         - disable RAS
         - lots of display fixes all over (audio, DSC, dongle, clock mgr)
      
        ttm:
         - fix dma_free_attrs calls to appease dma debugging
      
        msm:
         - fixes for dma-api, locking debug and compiler splats
      
        core:
         - fix cmdline mode to not apply rotation if not specified (new in 5.3)
         - compiler warn fix"
      
      * tag 'drm-fixes-2019-07-26' of git://anongit.freedesktop.org/drm/drm: (46 commits)
        drm/amd/display: Set enabled to false at start of audio disable
        drm/amdgpu/smu: move fan rpm query into the asic specific code
        drm/amd/powerplay: custom peak clock freq for navi10
        drm: silence variable 'conn' set but not used
        drm/msm: stop abusing dma_map/unmap for cache
        drm/msm/dpu: Correct dpu encoder spinlock initialization
        drm/msm: correct NULL pointer dereference in context_init
        drm/amd/display: handle active dongle port type is DP++ or DP case
        drm/amd/display: do not read link setting if edp not connected
        drm/amd/display: Increase size of audios array
        drm/amd/display: drop ASSERT() if eDP panel is not connected
        drm/amd/display: Only enable audio if speaker allocation exists
        drm/amd/display: Fix dc_create failure handling and 666 color depths
        drm/amd/display: allocate 4 ddc engines for RV2
        drm/amd/display: put back front end initialization sequence
        drm/amd/display: Wait for flip to complete
        drm/amd/display: Change min_h_sync_width from 8 to 4
        drm/amd/display: use encoder's engine id to find matched free audio device
        drm/amd/display: fix DMCU hang when going into Modern Standby
        drm/amd/display: Disable Audio on reinitialize hardware
        ...
      e2921f9f
    • Christoph Hellwig's avatar
      block: fix max segment size handling in blk_queue_virt_boundary · c6c84f78
      Christoph Hellwig authored
      We should only set the max segment size to unlimited if we actually
      have a virt boundary.  Otherwise we accidentally clear that limit
      when called from the SCSI midlayer, which always calls
      blk_queue_virt_boundary, even if that mask is 0.
      
      Fixes: 7ad388d8 ("scsi: core: add a host / host template field for the virt boundary")
      Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      c6c84f78