1. 16 May, 2019 2 commits
    • Jackie Liu's avatar
      io_uring: adjust smp_rmb inside io_cqring_events · dc6ce4bc
      Jackie Liu authored
      Whenever smp_rmb is required to use io_cqring_events,
      keep smp_rmb inside the function io_cqring_events.
      Signed-off-by: default avatarJackie Liu <liuyun01@kylinos.cn>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      dc6ce4bc
    • Roman Penyaev's avatar
      io_uring: fix infinite wait in khread_park() on io_finish_async() · 2bbcd6d3
      Roman Penyaev authored
      This fixes couple of races which lead to infinite wait of park completion
      with the following backtraces:
      
        [20801.303319] Call Trace:
        [20801.303321]  ? __schedule+0x284/0x650
        [20801.303323]  schedule+0x33/0xc0
        [20801.303324]  schedule_timeout+0x1bc/0x210
        [20801.303326]  ? schedule+0x3d/0xc0
        [20801.303327]  ? schedule_timeout+0x1bc/0x210
        [20801.303329]  ? preempt_count_add+0x79/0xb0
        [20801.303330]  wait_for_completion+0xa5/0x120
        [20801.303331]  ? wake_up_q+0x70/0x70
        [20801.303333]  kthread_park+0x48/0x80
        [20801.303335]  io_finish_async+0x2c/0x70
        [20801.303336]  io_ring_ctx_wait_and_kill+0x95/0x180
        [20801.303338]  io_uring_release+0x1c/0x20
        [20801.303339]  __fput+0xad/0x210
        [20801.303341]  task_work_run+0x8f/0xb0
        [20801.303342]  exit_to_usermode_loop+0xa0/0xb0
        [20801.303343]  do_syscall_64+0xe0/0x100
        [20801.303349]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
        [20801.303380] Call Trace:
        [20801.303383]  ? __schedule+0x284/0x650
        [20801.303384]  schedule+0x33/0xc0
        [20801.303386]  io_sq_thread+0x38a/0x410
        [20801.303388]  ? __switch_to_asm+0x40/0x70
        [20801.303390]  ? wait_woken+0x80/0x80
        [20801.303392]  ? _raw_spin_lock_irqsave+0x17/0x40
        [20801.303394]  ? io_submit_sqes+0x120/0x120
        [20801.303395]  kthread+0x112/0x130
        [20801.303396]  ? kthread_create_on_node+0x60/0x60
        [20801.303398]  ret_from_fork+0x35/0x40
      
       o kthread_park() waits for park completion, so io_sq_thread() loop
         should check kthread_should_park() along with khread_should_stop(),
         otherwise if kthread_park() is called before prepare_to_wait()
         the following schedule() never returns:
      
         CPU#0                    CPU#1
      
         io_sq_thread_stop():     io_sq_thread():
      
                                     while(!kthread_should_stop() && !ctx->sqo_stop) {
      
            ctx->sqo_stop = 1;
            kthread_park()
      
      	                            prepare_to_wait();
                                          if (kthread_should_stop() {
      				    }
                                          schedule();   <<< nobody checks park flag,
      				                  <<< so schedule and never return
      
       o if the flag ctx->sqo_stop is observed by the io_sq_thread() loop
         it is quite possible, that kthread_should_park() check and the
         following kthread_parkme() is never called, because kthread_park()
         has not been yet called, but few moments later is is called and
         waits there for park completion, which never happens, because
         kthread has already exited:
      
         CPU#0                    CPU#1
      
         io_sq_thread_stop():     io_sq_thread():
      
            ctx->sqo_stop = 1;
                                     while(!kthread_should_stop() && !ctx->sqo_stop) {
                                         <<< observe sqo_stop and exit the loop
      			       }
      
      			       if (kthread_should_park())
      			           kthread_parkme();  <<< never called, since was
      					              <<< never parked
      
            kthread_park()           <<< waits forever for park completion
      
      In the current patch we quit the loop by only kthread_should_park()
      check (kthread_park() is synchronous, so kthread_should_stop() is
      never observed), and we abandon ->sqo_stop flag, since it is racy.
      At the end of the io_sq_thread() we unconditionally call parmke(),
      since we've exited the loop by the park flag.
      Signed-off-by: default avatarRoman Penyaev <rpenyaev@suse.de>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: linux-block@vger.kernel.org
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      2bbcd6d3
  2. 15 May, 2019 2 commits
    • Jens Axboe's avatar
      io_uring: remove 'ev_flags' argument · c71ffb67
      Jens Axboe authored
      We always pass in 0 for the cqe flags argument, since the support for
      "this read hit page cache" hint was dropped.
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      c71ffb67
    • Jens Axboe's avatar
      io_uring: fix failure to verify SQ_AFF cpu · 44a9bd18
      Jens Axboe authored
      The test case we have is rightfully failing with the current kernel:
      
      io_uring_setup(1, 0x7ffe2cafebe0), flags: IORING_SETUP_SQPOLL|IORING_SETUP_SQ_AFF, resv: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000, sq_thread_cpu: 4
      expected -1, got 3
      
      This is in a vm, and CPU3 is the last valid one, hence asking for 4
      should fail the setup with -EINVAL, not succeed. The problem is that
      we're using array_index_nospec() with nr_cpu_ids as the index, hence we
      wrap and end up using CPU0 instead of CPU4. This makes the setup
      succeed where it should be failing.
      
      We don't need to use array_index_nospec() as we're not indexing any
      array with this. Instead just compare with nr_cpu_ids directly. This
      is fine as we're checking with cpu_online() afterwards.
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      44a9bd18
  3. 13 May, 2019 3 commits
    • Stefan Bühler's avatar
      io_uring: fix race condition reading SQE data · e2033e33
      Stefan Bühler authored
      When punting to workers the SQE gets copied after the initial try.
      There is a race condition between reading SQE data for the initial try
      and copying it for punting it to the workers.
      
      For example io_rw_done calls kiocb->ki_complete even if it was prepared
      for IORING_OP_FSYNC (and would be NULL).
      
      The easiest solution for now is to alway prepare again in the worker.
      
      req->file is safe to prepare though as long as it is checked before use.
      Signed-off-by: default avatarStefan Bühler <source@stbuehler.de>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      e2033e33
    • Linus Torvalds's avatar
      Merge tag 'iommu-updates-v5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/joro/iommu · a13f0655
      Linus Torvalds authored
      Pull IOMMU updates from Joerg Roedel:
      
       - ATS support for ARM-SMMU-v3.
      
       - AUX domain support in the IOMMU-API and the Intel VT-d driver. This
         adds support for multiple DMA address spaces per (PCI-)device. The
         use-case is to multiplex devices between host and KVM guests in a
         more flexible way than supported by SR-IOV.
      
       - the rest are smaller cleanups and fixes, two of which needed to be
         reverted after testing in linux-next.
      
      * tag 'iommu-updates-v5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (45 commits)
        Revert "iommu/amd: Flush not present cache in iommu_map_page"
        Revert "iommu/amd: Remove the leftover of bypass support"
        iommu/vt-d: Fix leak in intel_pasid_alloc_table on error path
        iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
        iommu/vt-d: Set intel_iommu_gfx_mapped correctly
        iommu/amd: Flush not present cache in iommu_map_page
        iommu/vt-d: Cleanup: no spaces at the start of a line
        iommu/vt-d: Don't request page request irq under dmar_global_lock
        iommu/vt-d: Use struct_size() helper
        iommu/mediatek: Fix leaked of_node references
        iommu/amd: Remove amd_iommu_pd_list
        iommu/arm-smmu: Log CBFRSYNRA register on context fault
        iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel
        iommu/arm-smmu-v3: Disable tagged pointers
        iommu/arm-smmu-v3: Add support for PCI ATS
        iommu/arm-smmu-v3: Link domains and devices
        iommu/arm-smmu-v3: Add a master->domain pointer
        iommu/arm-smmu-v3: Store SteamIDs in master
        iommu/arm-smmu-v3: Rename arm_smmu_master_data to arm_smmu_master
        ACPI/IORT: Check ATS capability in root complex nodes
        ...
      a13f0655
    • Linus Torvalds's avatar
      Merge tag 'linux-watchdog-5.2-rc1' of git://www.linux-watchdog.org/linux-watchdog · 55472bae
      Linus Torvalds authored
      Pull watchdog updates from Wim Van Sebroeck:
      
       - a new watchdog driver for the ROHM BD70528 watchdog block
      
       - a new watchdog driver for the i.MX system controller watchdog
      
       - conversions to use device managed functions and other improvements
      
       - refactor watchdog_init_timeout
      
       - make watchdog core configurable as module
      
       - pretimeout governors improvements
      
       - a lot of other fixes
      
      * tag 'linux-watchdog-5.2-rc1' of git://www.linux-watchdog.org/linux-watchdog: (114 commits)
        watchdog: Enforce that at least one pretimeout governor is enabled
        watchdog: stm32: add dynamic prescaler support
        watchdog: Improve Kconfig entry ordering and dependencies
        watchdog: npcm: Enable modular builds
        watchdog: Make watchdog core configurable as module
        watchdog: Move pretimeout governor configuration up
        watchdog: Use depends instead of select for pretimeout governors
        watchdog: rtd119x: drop unused module.h include
        watchdog: intel_scu: make it explicitly non-modular
        watchdog: coh901327: make it explicitly non-modular
        watchdog: ziirave_wdt: drop warning after calling watchdog_init_timeout
        watchdog: xen_wdt: drop warning after calling watchdog_init_timeout
        watchdog: stm32_iwdg: drop warning after calling watchdog_init_timeout
        watchdog: st_lpc_wdt: drop warning after calling watchdog_init_timeout
        watchdog: sp5100_tco: drop warning after calling watchdog_init_timeout
        watchdog: renesas_wdt: drop warning after calling watchdog_init_timeout
        watchdog: nic7018_wdt: drop warning after calling watchdog_init_timeout
        watchdog: ni903x_wdt: drop warning after calling watchdog_init_timeout
        watchdog: imx_sc_wdt: drop warning after calling watchdog_init_timeout
        watchdog: i6300esb: drop warning after calling watchdog_init_timeout
        ...
      55472bae
  4. 12 May, 2019 4 commits
    • Linus Torvalds's avatar
      Merge tag 'upstream-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/ubifs · d7a02fa0
      Linus Torvalds authored
      Pull UBI/UBIFS updates from Richard Weinberger:
      
       - fscrypt framework usage updates
      
       - One huge fix for xattr unlink
      
       - Cleanup of fscrypt ifdefs
      
       - Fix for our new UBIFS auth feature
      
      * tag 'upstream-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
        ubi: wl: Fix uninitialized variable
        ubifs: Drop unnecessary setting of zbr->znode
        ubifs: Remove ifdefs around CONFIG_UBIFS_ATIME_SUPPORT
        ubifs: Remove #ifdef around CONFIG_FS_ENCRYPTION
        ubifs: Limit number of xattrs per inode
        ubifs: orphan: Handle xattrs like files
        ubifs: journal: Handle xattrs like files
        ubifs: find.c: replace swap function with built-in one
        ubifs: Do not skip hash checking in data nodes
        ubifs: work around high stack usage with clang
        ubifs: remove unused function __ubifs_shash_final
        ubifs: remove unnecessary #ifdef around fscrypt_ioctl_get_policy()
        ubifs: remove unnecessary calls to set up directory key
      d7a02fa0
    • Linus Torvalds's avatar
      Merge tag 'mtd/for-5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mtd/linux · 4dbf09fe
      Linus Torvalds authored
      Pull MTD updates from Richard Weinberger:
       "MTD core changes:
         - New AFS partition parser
         - Update MAINTAINERS entry
         - Use of fall-throughs markers
      
        NAND core changes:
         - Support having the bad block markers in either the first, second or
           last page of a block. The combination of all three location is now
           possible.
         - Constification of NAND_OP_PARSER(_PATTERN) elements.
         - Generic NAND DT bindings changed to yaml format (can be used to
           check the proposed bindings. First platform to be fully supported:
           sunxi.
         - Stopped using several legacy hooks.
         - Preparation to use the generic NAND layer with the addition of
           several helpers and the removal of the struct nand_chip from
           generic functions.
         - Kconfig cleanup to prepare the introduction of external ECC engines
           support.
         - Fallthrough comments.
         - Introduction of the SPI-mem dirmap API for SPI-NAND devices.
      
        Raw NAND controller drivers changes:
         - nandsim:
            - Switch to ->exec-op().
         - meson:
            - Misc cleanups and fixes.
            - New OOB layout.
         - Sunxi:
            - A23/A33 NAND DMA support.
         - Ingenic:
            - Full reorganization and cleanup.
            - Clear separation between NAND controller and ECC engine.
            - Support JZ4740 an JZ4725B.
         - Denali:
            - Clear controller/chip separation.
            - ->exec_op() migration.
            - Various cleanups.
         - fsl_elbc:
            - Enable software ECC support.
         - Atmel:
            - Sam9x60 support.
         - GPMI:
            - Introduce the GPMI_IS_MXS() macro.
         - Various trivial/spelling/coding style fixes.
      
        SPI NOR core changes:
         - Print all JEDEC ID bytes on error
         - Fix comment of spi_nor_find_best_erase_type()
         - Add region locking flags for s25fl512s
      
        SPI NOR controller drivers changes:
         - intel-spi:
            - Avoid crossing 4K address boundary on read/write
            - Add support for Intel Comet Lake SPI serial flash"
      
      * tag 'mtd/for-5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mtd/linux: (120 commits)
        mtd: part: fix incorrect format specifier for an unsigned long long
        mtd: lpddr_cmds: Mark expected switch fall-through
        mtd: phram: Mark expected switch fall-throughs
        mtd: cfi_cmdset_0002: Mark expected switch fall-throughs
        mtd: cfi_util: mark expected switch fall-throughs
        MAINTAINERS: MTD Git repository is hosted on kernel.org
        MAINTAINERS: Update jffs2 entry
        mtd: afs: add v2 partition parsing
        mtd: afs: factor the IIS read into partition parser
        mtd: afs: factor footer parsing into the v1 part parsing
        mtd: factor out v1 partition parsing
        mtd: afs: simplify partition detection
        mtd: afs: simplify partition parsing
        mtd: partitions: Add OF support to AFS partitions
        mtd: partitions: Add AFS partitions DT bindings
        mtd: afs: Move AFS partition parser to parsers subdir
        mtd: maps: Make uclinux_ram_map static
        mtd: maps: Allow MTD_PHYSMAP with MTD_RAM
        MAINTAINERS: Add myself as MTD maintainer
        MAINTAINERS: Remove my name from the MTD and NAND entries
        ...
      4dbf09fe
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/uml · 983dfa4b
      Linus Torvalds authored
      Pull UML updates from Richard Weinberger:
      
       - Kconfig cleanups
      
       - Fix cpu_all_mask() usage
      
       - Various bug fixes
      
      * tag 'for-linus-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/uml:
        um: irq: don't set the chip for all irqs
        um: define set_pte_at() as a static inline function, not a macro
        um: remove uses of variable length arrays
        um: remove unused variable
        uml: fix a boot splat wrt use of cpu_all_mask
        um: Do not unlock mutex that is not hold.
        hostfs: fix mismatch between link_file definition and declaration
        arch: um: drivers: Kconfig: pedantic formatting
        arch: um: Kconfig: pedantic indention cleanups
        um: Revert to using stack for pt_regs in signal handling
      983dfa4b
    • Linus Torvalds's avatar
      Merge tag 'tag-chrome-platform-for-v5.2' of... · 47782361
      Linus Torvalds authored
      Merge tag 'tag-chrome-platform-for-v5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux
      
      Pull chrome platform updates from Benson Leung:
       "CrOS EC:
         - Add EC host command support using rpmsg
         - Add new CrOS USB PD logging driver
         - Transfer spi messages at high priority
         - Add support to trace CrOS EC commands
         - Minor fixes and cleanups in protocol and debugfs
      
        Wilco EC:
         - Standardize Wilco EC mailbox interface
         - Add h1_gpio status to debugfs"
      
      * tag 'tag-chrome-platform-for-v5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux:
        platform/chrome: cros_ec_proto: Add trace event to trace EC commands
        platform/chrome: cros_ec_debugfs: Use cros_ec_cmd_xfer_status helper
        platform/chrome: cros_ec: Add EC host command support using rpmsg
        platform/chrome: wilco_ec: Add h1_gpio status to debugfs
        platform/chrome: wilco_ec: Standardize mailbox interface
        platform/chrome: cros_ec_proto: check for NULL transfer function
        platform/chrome: Add CrOS USB PD logging driver
        platform/chrome: cros_ec_spi: Transfer messages at high priority
        platform/chrome: cros_ec_debugfs: no need to check return value of debugfs_create functions
        platform/chrome: cros_ec_debugfs: Remove dev_warn when console log is not supported
      47782361
  5. 11 May, 2019 4 commits
    • Linus Torvalds's avatar
      Merge tag 'gpio-v5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 8148c17b
      Linus Torvalds authored
      Pull gpio updates from Linus Walleij:
       "This is the bulk of the GPIO changes for the v5.2 kernel cycle. A bit
        later than usual because I was ironing out my own mistakes. I'm
        holding some stuff back for the next kernel as a result, and this
        should be a healthy and well tested batch.
      
        Core changes:
      
         - The gpiolib MMIO driver has been enhanced to handle two direction
           registers, i.e. one register to set lines as input and one register
           to set lines as output. It turns out some silicon engineer thinks
           the ability to configure a line as input and output at the same
           time makes sense, this can be debated but includes a lot of analog
           electronics reasoning, and the registers are there and need to be
           handled consistently. Unsurprisingly, we enforce the lines to be
           either inputs or outputs in such schemes.
      
         - Send in the proper argument value to .set_config() dispatched to
           the pin control subsystem. Nobody used it before, now someone does,
           so fix it to work as expected.
      
         - The ACPI gpiolib portions can now handle pin bias setting (pull up
           or pull down). This has been in the ACPI spec for years and we
           finally have it properly integrated with Linux GPIOs. It was based
           on an observation from Andy Schevchenko that Thomas Petazzoni's
           changes to the core for biasing the PCA950x GPIO expander actually
           happen to fit hand-in-glove with what the ACPI core needed. Such
           nice synergies happen sometimes.
      
        New drivers:
      
         - A new driver for the Mellanox BlueField GPIO controller. This is
           using 64bit MMIO registers and can configure lines as inputs and
           outputs at the same time and after improving the MMIO library we
           handle it just fine. Interesting.
      
         - A new IXP4xx proper gpiochip driver with hierarchical interrupts
           should be coming in from the ARM SoC tree as well.
      
        Driver enhancements:
      
         - The PCA053x driver handles the CAT9554 GPIO expander.
      
         - The PCA053x driver handles the NXP PCAL6416 GPIO expander.
      
         - Wake-up support on PCA053x GPIO lines.
      
         - OMAP now does a nice asynchronous IRQ handling on wake-ups by
           letting everything wake up on edges, and this makes runtime PM work
           as expected too.
      
        Misc:
      
         - Several cleanups such as devres fixes.
      
         - Get rid of some languager comstructs that cause problems when
           compiling with LLVMs clang.
      
         - Documentation review and update"
      
      * tag 'gpio-v5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (85 commits)
        gpio: Update documentation
        docs: gpio: convert docs to ReST and rename to *.rst
        gpio: sch: Remove write-only core_base
        gpio: pxa: Make two symbols static
        gpiolib: acpi: Respect pin bias setting
        gpiolib: acpi: Add acpi_gpio_update_gpiod_lookup_flags() helper
        gpiolib: acpi: Set pin value, based on bias, more accurately
        gpiolib: acpi: Change type of dflags
        gpiolib: Introduce GPIO_LOOKUP_FLAGS_DEFAULT
        gpiolib: Make use of enum gpio_lookup_flags consistent
        gpiolib: Indent entry values of enum gpio_lookup_flags
        gpio: pca953x: add support for pca6416
        dt-bindings: gpio: pca953x: document the nxp,pca6416
        gpio: pca953x: add pcal6416 to the of_device_id table
        gpio: gpio-omap: Remove conditional pm_runtime handling for GPIO interrupts
        gpio: gpio-omap: configure edge detection for level IRQs for idle wakeup
        tracing: stop making gpio tracing configurable
        gpio: pca953x: Configure wake-up path when wake-up is enabled
        gpio: of: Optimize quirk checks
        gpio: mmio: Drop bgpio_dir_inverted
        ...
      8148c17b
    • Linus Torvalds's avatar
      Merge tag 'vfio-v5.2-rc1' of git://github.com/awilliam/linux-vfio · 6fe567df
      Linus Torvalds authored
      Pull VFIO updates from Alex Williamson:
      
       - Improve dev_printk() usage (Bjorn Helgaas)
      
       - Fix issue with blocking in !TASK_RUNNING state while waiting for
         userspace to release devices (Farhan Ali)
      
       - Fix error path cleanup in nvlink setup (Greg Kurz)
      
       - mdev-core cleanups and fixes in preparation for more use cases (Parav
         Pandit)
      
       - Cornelia has volunteered as an official vfio reviewer (Cornelia Huck)
      
      * tag 'vfio-v5.2-rc1' of git://github.com/awilliam/linux-vfio:
        vfio: Add Cornelia Huck as reviewer
        vfio/mdev: Avoid inline get and put parent helpers
        vfio/mdev: Fix aborting mdev child device removal if one fails
        vfio/mdev: Follow correct remove sequence
        vfio/mdev: Avoid masking error code to EBUSY
        vfio/mdev: Drop redundant extern for exported symbols
        vfio/mdev: Removed unused kref
        vfio/mdev: Avoid release parent reference during error path
        vfio-pci/nvlink2: Fix potential VMA leak
        vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING"
        vfio: Use dev_printk() when possible
      6fe567df
    • Linus Torvalds's avatar
      Merge branch 'next-tomoyo2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · c367dc8d
      Linus Torvalds authored
      Pull tomoyo updates from James Morris:
       "Fixes to enable fuzz testing, and a fix for calculating whether a
        filesystem is user-modifiable"
      
      * 'next-tomoyo2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        tomoyo: Don't emit WARNING: string while fuzzing testing.
        tomoyo: Change pathname calculation for read-only filesystems.
        tomoyo: Check address length before reading address family
        tomoyo: Add a kernel config option for fuzzing testing.
      c367dc8d
    • Linus Torvalds's avatar
      Merge tag 'xtensa-20190510' of git://github.com/jcmvbkbc/linux-xtensa · 7a557521
      Linus Torvalds authored
      Pull xtensa updates from Max Filippov:
      
       - implement atomic operations using exclusive access Xtensa option
         operations
      
       - add support for Xtensa cores with memory protection unit (MPU)
      
       - clean up xtensa-specific kernel-only headers
      
       - fix error path in simdisk_setup
      
      * tag 'xtensa-20190510' of git://github.com/jcmvbkbc/linux-xtensa:
        xtensa: implement initialize_cacheattr for MPU cores
        xtensa: add exclusive atomics support
        xtensa: clean up inline assembly in futex.h
        xtensa: replace variant/core.h with asm/core.h
        xtensa: drop ifdef __KERNEL__ from kernel-only headers
        xtensa: set proper error code for simdisk_setup()
        xtensa: fix incorrect fd close in error case of simdisk_setup()
      7a557521
  6. 10 May, 2019 17 commits
    • Tetsuo Handa's avatar
      tomoyo: Don't emit WARNING: string while fuzzing testing. · 4ad98ac4
      Tetsuo Handa authored
      Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing
      testing.") enabled the learning mode, but syzkaller is detecting any
      "WARNING:" string as a crash. Thus, disable TOMOYO's quota warning if
      built for fuzzing testing.
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarJames Morris <jamorris@linux.microsoft.com>
      4ad98ac4
    • Tetsuo Handa's avatar
      tomoyo: Change pathname calculation for read-only filesystems. · 27df4b4a
      Tetsuo Handa authored
      Commit 5625f2e3 ("TOMOYO: Change pathname for non-rename()able
      filesystems.") intended to be applied to filesystems where the content is
      not controllable from the userspace (e.g. proc, sysfs, securityfs), based
      on an assumption that such filesystems do not support rename() operation.
      
      But it turned out that read-only filesystems also do not support rename()
      operation despite the content is controllable from the userspace, and that
      commit is annoying TOMOYO users who want to use e.g. squashfs as the root
      filesystem due to use of local name which does not start with '/'.
      
      Therefore, based on an assumption that filesystems which require the
      device argument upon mount() request is an indication that the content
      is controllable from the userspace, do not use local name if a filesystem
      does not support rename() operation but requires the device argument upon
      mount() request.
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarJames Morris <jamorris@linux.microsoft.com>
      27df4b4a
    • Tetsuo Handa's avatar
      tomoyo: Check address length before reading address family · e6193f78
      Tetsuo Handa authored
      KMSAN will complain if valid address length passed to bind()/connect()/
      sendmsg() is shorter than sizeof("struct sockaddr"->sa_family) bytes.
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarJames Morris <jamorris@linux.microsoft.com>
      e6193f78
    • Tetsuo Handa's avatar
      tomoyo: Add a kernel config option for fuzzing testing. · e80b1859
      Tetsuo Handa authored
      syzbot is reporting kernel panic triggered by memory allocation fault
      injection before loading TOMOYO's policy [1]. To make the fuzzing tests
      useful, we need to assign a profile other than "disabled" (no-op) mode.
      Therefore, let's allow syzbot to load TOMOYO's built-in policy for
      "learning" mode using a kernel config option. This option must not be
      enabled for kernels built for production system, for this option also
      disables domain/program checks when modifying policy configuration via
      /sys/kernel/security/tomoyo/ interface.
      
      [1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95Reported-by: default avatarsyzbot <syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com>
      Reported-by: default avatarsyzbot <syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com>
      Reported-by: default avatarsyzbot <syzbot+2ee3f8974c2e7dc69feb@syzkaller.appspotmail.com>
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarJames Morris <jamorris@linux.microsoft.com>
      e80b1859
    • Linus Torvalds's avatar
      Merge tag 'docs-5.2a' of git://git.lwn.net/linux · 1fb3b526
      Linus Torvalds authored
      Pull more documentation updates from Jonathan Corbet:
       "Some late arriving documentation changes. In particular, this contains
        the conversion of the x86 docs to RST, which has been in the works for
        some time but needed a couple of final tweaks"
      
      * tag 'docs-5.2a' of git://git.lwn.net/linux: (29 commits)
        Documentation: x86: convert x86_64/machinecheck to reST
        Documentation: x86: convert x86_64/cpu-hotplug-spec to reST
        Documentation: x86: convert x86_64/fake-numa-for-cpusets to reST
        Documentation: x86: convert x86_64/5level-paging.txt to reST
        Documentation: x86: convert x86_64/mm.txt to reST
        Documentation: x86: convert x86_64/uefi.txt to reST
        Documentation: x86: convert x86_64/boot-options.txt to reST
        Documentation: x86: convert i386/IO-APIC.txt to reST
        Documentation: x86: convert usb-legacy-support.txt to reST
        Documentation: x86: convert orc-unwinder.txt to reST
        Documentation: x86: convert resctrl_ui.txt to reST
        Documentation: x86: convert microcode.txt to reST
        Documentation: x86: convert pti.txt to reST
        Documentation: x86: convert amd-memory-encryption.txt to reST
        Documentation: x86: convert intel_mpx.txt to reST
        Documentation: x86: convert protection-keys.txt to reST
        Documentation: x86: convert pat.txt to reST
        Documentation: x86: convert mtrr.txt to reST
        Documentation: x86: convert tlb.txt to reST
        Documentation: x86: convert zero-page.txt to reST
        ...
      1fb3b526
    • Linus Torvalds's avatar
      Merge tag 'printk-for-5.2-fixes' of... · e290e6af
      Linus Torvalds authored
      Merge tag 'printk-for-5.2-fixes' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
      
      Pull printk fixup from Petr Mladek:
       "Replace the problematic probe_kernel_read() with original simple
        pointer checks in vsprintf()"
      
      * tag 'printk-for-5.2-fixes' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
        vsprintf: Do not break early boot with probing addresses
      e290e6af
    • Linus Torvalds's avatar
      Merge tag 'pidfd-fixes-v5.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux · 3232b43f
      Linus Torvalds authored
      Pull pidfd fixes from Christian Brauner:
       "This fixes two bugs:
      
         - The first one reported by Linus whereby the pidfd-metadata binary
           was not placed in a .gitignore file.
      
         - The second one is rather urgent and fixes a locking issue found by
           syzkaller.
      
           What happened is that during process creation we need to check
           whether the cgroup we are in allows us to fork. To perform this
           check the cgroup needs to guard itself against threadgroup changes
           and takes a lock.
      
           Prior to CLONE_PIDFD the cleanup target "bad_fork_free_pid" would
           also need to release said lock. That's not true anymore since
           CLONE_PIDFD so this is fixed here.
      
           Syzkaller has tested the patch and was not able to reproduce the
           issue"
      
      * tag 'pidfd-fixes-v5.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux:
        fork: do not release lock that wasn't taken
        samples: add .gitignore for pidfd-metadata
      3232b43f
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v5.2-1' of git://git.infradead.org/linux-platform-drivers-x86 · 7817ffd2
      Linus Torvalds authored
      Pull x86 platform driver updates from Andy Shevchenko:
       "Gathered pile of patches for Platform Drivers x86. No surprises and no
        merge conflicts. Business as usual.
      
        Summary:
      
         - New driver of power button for Basin Cove PMIC.
      
         - ASUS WMI driver has got a Fn lock mode switch support.
      
         - Resolve a never end story with non working Wi-Fi on newer Lenovo
           Ideapad computers. Now the black list is replaced with white list.
      
         - New facility to debug S0ix failures on Intel Atom platforms. The
           Intel PMC and accompanying drivers are cleaned up.
      
         - Mellanox got a new TmFifo driver. Besides tachometer sensor and
           watchdog are enabled on Mellanox platforms.
      
         - The information of embedded controller is now recognized on new
           Thinkpads. Bluetooth driver on Thinkpads is blacklisted for some
           models.
      
         - Touchscreen DMI driver extended to support 'jumper ezpad 6 pro b'
           and Myria MY8307 2-in-1.
      
         - Additionally few small fixes here and there for WMI and ACPI laptop
           drivers.
      
         - The following is an automated git shortlog grouped by driver:
      
         - alienware-wmi:
            - printing the wrong error code
            - fix kfree on potentially uninitialized pointer
      
         - asus-wmi:
            - Add fn-lock mode switch support
      
         - dell-laptop:
            - fix rfkill functionality
      
         - dell-rbtn:
            - Add missing #include
      
         - ideapad-laptop:
            - Remove no_hw_rfkill_list
      
         - intel_pmc_core:
            - Allow to dump debug registers on S0ix failure
            - Convert to a platform_driver
            - Mark local function static
      
         - intel_pmc_ipc:
            - Don't map non-used optional resources
            - Apply same width for offset definitions
            - Use BIT() macro
            - adding error handling
      
         - intel_punit_ipc:
            - Revert "Fix resource ioremap warning"
      
         - mlx-platform:
            - Add mlx-wdt platform driver activation
            - Add support for tachometer speed register
            - Add TmFifo driver for Mellanox BlueField Soc
      
         - sony-laptop:
            - Fix unintentional fall-through
      
         - thinkpad_acpi:
            - cleanup for Thinkpad ACPI led
            - Mark expected switch fall-throughs
            - fix spelling mistake "capabilites" -> "capabilities"
            - Read EC information on newer models
            - Disable Bluetooth for some machines
      
         - touchscreen_dmi:
            - Add info for 'jumper ezpad 6 pro b' touchscreen
            - Add info for Myria MY8307 2-in-1"
      
      * tag 'platform-drivers-x86-v5.2-1' of git://git.infradead.org/linux-platform-drivers-x86: (26 commits)
        platform/x86: Add support for Basin Cove power button
        platform/x86: asus-wmi: Add fn-lock mode switch support
        platform/x86: ideapad-laptop: Remove no_hw_rfkill_list
        platform/x86: touchscreen_dmi: Add info for 'jumper ezpad 6 pro b' touchscreen
        platform/x86: thinkpad_acpi: cleanup for Thinkpad ACPI led
        platform/x86: thinkpad_acpi: Mark expected switch fall-throughs
        platform/x86: sony-laptop: Fix unintentional fall-through
        platform/x86: alienware-wmi: printing the wrong error code
        platform/x86: intel_pmc_core: Allow to dump debug registers on S0ix failure
        platform/x86: intel_pmc_core: Convert to a platform_driver
        platform/x86: mlx-platform: Add mlx-wdt platform driver activation
        platform/x86: mlx-platform: Add support for tachometer speed register
        platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc
        platform/x86: thinkpad_acpi: fix spelling mistake "capabilites" -> "capabilities"
        platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning"
        platform/x86: intel_pmc_ipc: Don't map non-used optional resources
        platform/x86: intel_pmc_ipc: Apply same width for offset definitions
        platform/x86: intel_pmc_ipc: Use BIT() macro
        platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
        platform/x86: dell-laptop: fix rfkill functionality
        ...
      7817ffd2
    • Linus Torvalds's avatar
      Merge tag 'fbdev-v5.2' of git://github.com/bzolnier/linux · cccd559e
      Linus Torvalds authored
      Pull fbdev updates from Bartlomiej Zolnierkiewicz:
       "Four small fixes for fb core, updates for udlfb, sm712fb, macfb and
        atafb drivers. Redundant code removals from amba-clcd and atmel_lcdfb
        drivers. Minor fixes/cleanups for other fb drivers
      
        Detailed summary:
      
         - fix regression in fbcon logo handling on 'quiet' boots (Andreas
           Schwab)
      
         - fix divide-by-zero error in fb_var_to_videomode() (Shile Zhang)
      
         - fix 'WARNING in __alloc_pages_nodemask' bug (Jiufei Xue)
      
         - list all PCI memory BARs as conflicting apertures (Gerd Hoffmann)
      
         - update udlfb driver: fix sleeping inside spinlock, add mutex around
           rendering calls and remove redundant code (Mikulas Patocka)
      
         - update sm712fb driver: fix SM720 support related issues (Yifeng Li)
      
         - update macfb driver: fix DAFB colour table pointer initialization
           and remove redundant code (Finn Thain)
      
         - update atafb driver: fix kexec support, use dev_*() calls instead
           of printk() and remove obsolete module support (Geert Uytterhoeven)
      
         - add support to mxsfb driver for skipping display initialization for
           flicker-free display takeover from bootloader (Melchior Franz)
      
         - remove Versatile and Nomadik board families support from amba-clcd
           driver as they are handled by DRM driver nowadays (Linus Walleij)
      
         - remove no longer needed AVR and platform_data support from
           atmel_lcdfb driver (Alexandre Belloni)
      
         - misc fixes (Colin Ian King, Julia Lawall, Gustavo A. R. Silva,
           Aditya Pakki, Kangjie Lu, YueHaibing)
      
         - misc cleanups (Enrico Weigelt, Kefeng Wang)"
      
      * tag 'fbdev-v5.2' of git://github.com/bzolnier/linux: (38 commits)
        video: fbdev: Use dev_get_drvdata()
        fbcon: Don't reset logo_shown when logo is currently shown
        video: fbdev: atmel_lcdfb: remove set but not used variable 'pdata'
        video: fbdev: mxsfb: remove set but not used variable 'line_count'
        video: fbdev: pvr2fb: remove set but not used variable 'size'
        fbdev: fix WARNING in __alloc_pages_nodemask bug
        video: amba-clcd: Decomission Versatile and Nomadik
        fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
        fbdev: fix divide error in fb_var_to_videomode
        fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
        fbdev: sm712fb: fix support for 1024x768-16 mode
        fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
        fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
        fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
        fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
        fbdev: sm712fb: fix brightness control on reboot, don't set SR30
        fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
        video: imsttfb: fix potential NULL pointer dereferences
        video: hgafb: fix potential NULL pointer dereference
        fbdev: list all pci memory bars as conflicting apertures
        ...
      cccd559e
    • Linus Torvalds's avatar
      Merge tag 'pwm/for-5.2-rc1' of... · cece6460
      Linus Torvalds authored
      Merge tag 'pwm/for-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
      
      Pull pwm updates from Thierry Reding:
       "Nothing out of the ordinary this cycle.
      
        The bulk of this is a collection of fixes for existing drivers and
        some cleanups. There's one new driver for i.MX SoCs and addition of
        support for some new variants to existing drivers"
      
      * tag 'pwm/for-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
        pwm: meson: Add clock source configuration for Meson G12A
        dt-bindings: pwm: Update bindings for the Meson G12A Family
        pwm: samsung: Don't uses devm_*() functions in ->request()
        pwm: Clear chip_data in pwm_put()
        pwm: Add i.MX TPM PWM driver support
        dt-bindings: pwm: Add i.MX TPM PWM binding
        pwm: imx27: Use devm_platform_ioremap_resource() to simplify code
        pwm: meson: Use the spin-lock only to protect register modifications
        pwm: meson: Don't disable PWM when setting duty repeatedly
        pwm: meson: Consider 128 a valid pre-divider
        pwm: sysfs: fix typo "its" -> "it's"
        pwm: tiehrpwm: Enable compilation for ARCH_K3
        dt-bindings: pwm: tiehrpwm: Add TI AM654 SoC specific compatible
        pwm: tiehrpwm: Update shadow register for disabling PWMs
        pwm: img: Turn final 'else if' into 'else' in img_pwm_config
        pwm: Fix deadlock warning when removing PWM device
      cece6460
    • Linus Torvalds's avatar
      Merge tag 'mailbox-v5.2' of git://git.linaro.org/landing-teams/working/fujitsu/integration · 15500c0a
      Linus Torvalds authored
      Pull mailbox updates from Jassi Brar:
      
       - New driver: Armada 37xx mailbox controller
      
       - Misc: Use devm_ api for imx and platform_get_irq for stm32
      
      * tag 'mailbox-v5.2' of git://git.linaro.org/landing-teams/working/fujitsu/integration:
        mailbox: Add support for Armada 37xx rWTM mailbox
        dt-bindings: mailbox: Document armada-3700-rwtm-mailbox binding
        mailbox: stm32-ipcc: check invalid irq
        mailbox: imx: use devm_platform_ioremap_resource() to simplify code
      15500c0a
    • Petr Mladek's avatar
      vsprintf: Do not break early boot with probing addresses · 2ac5a3bf
      Petr Mladek authored
      The commit 3e5903eb ("vsprintf: Prevent crash when dereferencing
      invalid pointers") broke boot on several architectures. The common
      pattern is that probe_kernel_read() is not working during early
      boot because userspace access framework is not ready.
      
      It is a generic problem. We have to avoid any complex external
      functions in vsprintf() code, especially in the common path.
      They might break printk() easily and are hard to debug.
      
      Replace probe_kernel_read() with some simple checks for obvious
      problems.
      
      Details:
      
      1. Report on Power:
      
      Kernel crashes very early during boot with with CONFIG_PPC_KUAP and
      CONFIG_JUMP_LABEL_FEATURE_CHECK_DEBUG
      
      The problem is the combination of some new code called via printk(),
      check_pointer() which calls probe_kernel_read(). That then calls
      allow_user_access() (PPC_KUAP) and that uses mmu_has_feature() too early
      (before we've patched features). With the JUMP_LABEL debug enabled that
      causes us to call printk() & dump_stack() and we end up recursing and
      overflowing the stack.
      
      Because it happens so early you don't get any output, just an apparently
      dead system.
      
      The stack trace (which you don't see) is something like:
      
        ...
        dump_stack+0xdc
        probe_kernel_read+0x1a4
        check_pointer+0x58
        string+0x3c
        vsnprintf+0x1bc
        vscnprintf+0x20
        printk_safe_log_store+0x7c
        printk+0x40
        dump_stack_print_info+0xbc
        dump_stack+0x8
        probe_kernel_read+0x1a4
        probe_kernel_read+0x19c
        check_pointer+0x58
        string+0x3c
        vsnprintf+0x1bc
        vscnprintf+0x20
        vprintk_store+0x6c
        vprintk_emit+0xec
        vprintk_func+0xd4
        printk+0x40
        cpufeatures_process_feature+0xc8
        scan_cpufeatures_subnodes+0x380
        of_scan_flat_dt_subnodes+0xb4
        dt_cpu_ftrs_scan_callback+0x158
        of_scan_flat_dt+0xf0
        dt_cpu_ftrs_scan+0x3c
        early_init_devtree+0x360
        early_setup+0x9c
      
      2. Report on s390:
      
      vsnprintf invocations, are broken on s390. For example, the early boot
      output now looks like this where the first (efault) should be
      the linux_banner:
      
      [    0.099985] (efault)
      [    0.099985] setup: Linux is running as a z/VM guest operating system in 64-bit mode
      [    0.100066] setup: The maximum memory size is 8192MB
      [    0.100070] cma: Reserved 4 MiB at (efault)
      [    0.100100] numa: NUMA mode: (efault)
      
      The reason for this, is that the code assumes that
      probe_kernel_address() works very early. This however is not true on
      at least s390. Uaccess on KERNEL_DS works only after page tables have
      been setup on s390, which happens with setup_arch()->paging_init().
      
      Any probe_kernel_address() invocation before that will return -EFAULT.
      
      Fixes: 3e5903eb ("vsprintf: Prevent crash when dereferencing invalid pointers")
      Link: http://lkml.kernel.org/r/20190510084213.22149-1-pmladek@suse.com
      Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
      Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
      Cc: "Tobin C . Harding" <me@tobin.cc>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: linux-kernel@vger.kernel.org
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: linuxppc-dev@lists.ozlabs.org
      Cc: Russell Currey <ruscur@russell.cc>
      Cc: Christophe Leroy <christophe.leroy@c-s.fr>
      Cc: Stephen Rothwell <sfr@ozlabs.org>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: linux-arch@vger.kernel.org
      Cc: linux-s390@vger.kernel.org
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Petr Mladek <pmladek@suse.com>
      Reviewed-by: default avatarSergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Signed-off-by: default avatarPetr Mladek <pmladek@suse.com>
      2ac5a3bf
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.2-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · b970afcf
      Linus Torvalds authored
      Pull powerpc updates from Michael Ellerman:
       "Slightly delayed due to the issue with printk() calling
        probe_kernel_read() interacting with our new user access prevention
        stuff, but all fixed now.
      
        The only out-of-area changes are the addition of a cpuhp_state, small
        additions to Documentation and MAINTAINERS updates.
      
        Highlights:
      
         - Support for Kernel Userspace Access/Execution Prevention (like
           SMAP/SMEP/PAN/PXN) on some 64-bit and 32-bit CPUs. This prevents
           the kernel from accidentally accessing userspace outside
           copy_to/from_user(), or ever executing userspace.
      
         - KASAN support on 32-bit.
      
         - Rework of where we map the kernel, vmalloc, etc. on 64-bit hash to
           use the same address ranges we use with the Radix MMU.
      
         - A rewrite into C of large parts of our idle handling code for
           64-bit Book3S (ie. power8 & power9).
      
         - A fast path entry for syscalls on 32-bit CPUs, for a 12-17% speedup
           in the null_syscall benchmark.
      
         - On 64-bit bare metal we have support for recovering from errors
           with the time base (our clocksource), however if that fails
           currently we hang in __delay() and never crash. We now have support
           for detecting that case and short circuiting __delay() so we at
           least panic() and reboot.
      
         - Add support for optionally enabling the DAWR on Power9, which had
           to be disabled by default due to a hardware erratum. This has the
           effect of enabling hardware breakpoints for GDB, the downside is a
           badly behaved program could crash the machine by pointing the DAWR
           at cache inhibited memory. This is opt-in obviously.
      
         - xmon, our crash handler, gets support for a read only mode where
           operations that could change memory or otherwise disturb the system
           are disabled.
      
        Plus many clean-ups, reworks and minor fixes etc.
      
        Thanks to: Christophe Leroy, Akshay Adiga, Alastair D'Silva, Alexey
        Kardashevskiy, Andrew Donnellan, Aneesh Kumar K.V, Anju T Sudhakar,
        Anton Blanchard, Ben Hutchings, Bo YU, Breno Leitao, Cédric Le Goater,
        Christopher M. Riedl, Christoph Hellwig, Colin Ian King, David Gibson,
        Ganesh Goudar, Gautham R. Shenoy, George Spelvin, Greg Kroah-Hartman,
        Greg Kurz, Horia Geantă, Jagadeesh Pagadala, Joel Stanley, Joe
        Perches, Julia Lawall, Laurentiu Tudor, Laurent Vivier, Lukas Bulwahn,
        Madhavan Srinivasan, Mahesh Salgaonkar, Mathieu Malaterre, Michael
        Neuling, Mukesh Ojha, Nathan Fontenot, Nathan Lynch, Nicholas Piggin,
        Nick Desaulniers, Oliver O'Halloran, Peng Hao, Qian Cai, Ravi
        Bangoria, Rick Lindsley, Russell Currey, Sachin Sant, Stewart Smith,
        Sukadev Bhattiprolu, Thomas Huth, Tobin C. Harding, Tyrel Datwyler,
        Valentin Schneider, Wei Yongjun, Wen Yang, YueHaibing"
      
      * tag 'powerpc-5.2-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (205 commits)
        powerpc/64s: Use early_mmu_has_feature() in set_kuap()
        powerpc/book3s/64: check for NULL pointer in pgd_alloc()
        powerpc/mm: Fix hugetlb page initialization
        ocxl: Fix return value check in afu_ioctl()
        powerpc/mm: fix section mismatch for setup_kup()
        powerpc/mm: fix redundant inclusion of pgtable-frag.o in Makefile
        powerpc/mm: Fix makefile for KASAN
        powerpc/kasan: add missing/lost Makefile
        selftests/powerpc: Add a signal fuzzer selftest
        powerpc/booke64: set RI in default MSR
        ocxl: Provide global MMIO accessors for external drivers
        ocxl: move event_fd handling to frontend
        ocxl: afu_irq only deals with IRQ IDs, not offsets
        ocxl: Allow external drivers to use OpenCAPI contexts
        ocxl: Create a clear delineation between ocxl backend & frontend
        ocxl: Don't pass pci_dev around
        ocxl: Split pci.c
        ocxl: Remove some unused exported symbols
        ocxl: Remove superfluous 'extern' from headers
        ocxl: read_pasid never returns an error, so make it void
        ...
      b970afcf
    • Christian Brauner's avatar
      fork: do not release lock that wasn't taken · c3b7112d
      Christian Brauner authored
      Avoid calling cgroup_threadgroup_change_end() without having called
      cgroup_threadgroup_change_begin() first.
      
      During process creation we need to check whether the cgroup we are in
      allows us to fork. To perform this check the cgroup needs to guard itself
      against threadgroup changes and takes a lock.
      Prior to CLONE_PIDFD the cleanup target "bad_fork_free_pid" would also need
      to call cgroup_threadgroup_change_end() because said lock had already been
      taken.
      However, this is not the case anymore with the addition of CLONE_PIDFD. We
      are now allocating a pidfd before we check whether the cgroup we're in can
      fork and thus prior to taking the lock. So when copy_process() fails at the
      right step it would release a lock we haven't taken.
      This bug is not even very subtle to be honest. It's just not very clear
      from the naming of cgroup_threadgroup_change_{begin,end}() that a lock is
      taken.
      
      Here's the relevant splat:
      
      entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
      RIP: 0023:0xf7fec849
      Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90
      90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90
      90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
      RSP: 002b:00000000ffed5a8c EFLAGS: 00000246 ORIG_RAX: 0000000000000078
      RAX: ffffffffffffffda RBX: 0000000000003ffc RCX: 0000000000000000
      RDX: 00000000200005c0 RSI: 0000000000000000 RDI: 0000000000000000
      RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
      R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
      ------------[ cut here ]------------
      DEBUG_LOCKS_WARN_ON(depth <= 0)
      WARNING: CPU: 1 PID: 7744 at kernel/locking/lockdep.c:4052 __lock_release
      kernel/locking/lockdep.c:4052 [inline]
      WARNING: CPU: 1 PID: 7744 at kernel/locking/lockdep.c:4052
      lock_release+0x667/0xa00 kernel/locking/lockdep.c:4321
      Kernel panic - not syncing: panic_on_warn set ...
      CPU: 1 PID: 7744 Comm: syz-executor007 Not tainted 5.1.0+ #4
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
      Google 01/01/2011
      Call Trace:
        __dump_stack lib/dump_stack.c:77 [inline]
        dump_stack+0x172/0x1f0 lib/dump_stack.c:113
        panic+0x2cb/0x65c kernel/panic.c:214
        __warn.cold+0x20/0x45 kernel/panic.c:566
        report_bug+0x263/0x2b0 lib/bug.c:186
        fixup_bug arch/x86/kernel/traps.c:179 [inline]
        fixup_bug arch/x86/kernel/traps.c:174 [inline]
        do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
        do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291
        invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:972
      RIP: 0010:__lock_release kernel/locking/lockdep.c:4052 [inline]
      RIP: 0010:lock_release+0x667/0xa00 kernel/locking/lockdep.c:4321
      Code: 0f 85 a0 03 00 00 8b 35 77 66 08 08 85 f6 75 23 48 c7 c6 a0 55 6b 87
      48 c7 c7 40 25 6b 87 4c 89 85 70 ff ff ff e8 b7 a9 eb ff <0f> 0b 4c 8b 85
      70 ff ff ff 4c 89 ea 4c 89 e6 4c 89 c7 e8 52 63 ff
      RSP: 0018:ffff888094117b48 EFLAGS: 00010086
      RAX: 0000000000000000 RBX: 1ffff11012822f6f RCX: 0000000000000000
      RDX: 0000000000000000 RSI: ffffffff815af236 RDI: ffffed1012822f5b
      RBP: ffff888094117c00 R08: ffff888092bfc400 R09: fffffbfff113301d
      R10: fffffbfff113301c R11: ffffffff889980e3 R12: ffffffff8a451df8
      R13: ffffffff8142e71f R14: ffffffff8a44cc80 R15: ffff888094117bd8
        percpu_up_read.constprop.0+0xcb/0x110 include/linux/percpu-rwsem.h:92
        cgroup_threadgroup_change_end include/linux/cgroup-defs.h:712 [inline]
        copy_process.part.0+0x47ff/0x6710 kernel/fork.c:2222
        copy_process kernel/fork.c:1772 [inline]
        _do_fork+0x25d/0xfd0 kernel/fork.c:2338
        __do_compat_sys_x86_clone arch/x86/ia32/sys_ia32.c:240 [inline]
        __se_compat_sys_x86_clone arch/x86/ia32/sys_ia32.c:236 [inline]
        __ia32_compat_sys_x86_clone+0xbc/0x140 arch/x86/ia32/sys_ia32.c:236
        do_syscall_32_irqs_on arch/x86/entry/common.c:334 [inline]
        do_fast_syscall_32+0x281/0xd54 arch/x86/entry/common.c:405
        entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
      RIP: 0023:0xf7fec849
      Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90
      90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90
      90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
      RSP: 002b:00000000ffed5a8c EFLAGS: 00000246 ORIG_RAX: 0000000000000078
      RAX: ffffffffffffffda RBX: 0000000000003ffc RCX: 0000000000000000
      RDX: 00000000200005c0 RSI: 0000000000000000 RDI: 0000000000000000
      RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
      R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
      Kernel Offset: disabled
      Rebooting in 86400 seconds..
      
      Reported-and-tested-by: syzbot+3286e58549edc479faae@syzkaller.appspotmail.com
      Fixes: b3e58382 ("clone: add CLONE_PIDFD")
      Signed-off-by: default avatarChristian Brauner <christian@brauner.io>
      c3b7112d
    • Christian Brauner's avatar
      samples: add .gitignore for pidfd-metadata · 8b0e1fea
      Christian Brauner authored
      Ignore the pidfd-metadata binary so it doesn't show up in unwanted
      scenarios.
      Reported-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarChristian Brauner <christian@brauner.io>
      8b0e1fea
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 8ea5b2ab
      Linus Torvalds authored
      Pull vfs mount fix from Al Viro:
       "Fix for umount -l/mount --move race caught by syzbot yesterday..."
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        do_move_mount(): fix an unsafe use of is_anon_ns()
      8ea5b2ab
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 601e6bcc
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "Several bug fixes, many are quick merge-window regression cures:
      
         - When NLM_F_EXCL is not set, allow same fib rule insertion. From
           Hangbin Liu.
      
         - Several cures in sja1105 DSA driver (while loop exit condition fix,
           return of negative u8, etc.) from Vladimir Oltean.
      
         - Handle tx/rx delays in realtek PHY driver properly, from Serge
           Semin.
      
         - Double free in cls_matchall, from Pieter Jansen van Vuuren.
      
         - Disable SIOCSHWTSTAMP in macvlan/vlan containers, from Hangbin Liu.
      
         - Endainness fixes in aqc111, from Oliver Neukum.
      
         - Handle errors in packet_init properly, from Haibing Yue.
      
         - Various W=1 warning fixes in kTLS, from Jakub Kicinski"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits)
        nfp: add missing kdoc
        net/tls: handle errors from padding_length()
        net/tls: remove set but not used variables
        docs/btf: fix the missing section marks
        nfp: bpf: fix static check error through tightening shift amount adjustment
        selftests: bpf: initialize bpf_object pointers where needed
        packet: Fix error path in packet_init
        net/tcp: use deferred jump label for TCP acked data hook
        net: aquantia: fix undefined devm_hwmon_device_register_with_info reference
        aqc111: fix double endianness swap on BE
        aqc111: fix writing to the phy on BE
        aqc111: fix endianness issue in aqc111_change_mtu
        vlan: disable SIOCSHWTSTAMP in container
        macvlan: disable SIOCSHWTSTAMP in container
        tipc: fix hanging clients using poll with EPOLLOUT flag
        tuntap: synchronize through tfiles array instead of tun->numqueues
        tuntap: fix dividing by zero in ebpf queue selection
        dwmac4_prog_mtl_tx_algorithms() missing write operation
        ptp_qoriq: fix NULL access if ptp dt node missing
        net/sched: avoid double free on matchall reoffload
        ...
      601e6bcc
  7. 09 May, 2019 8 commits