panic the kernel) and some fixes for CONFIG_VMAP_STACK.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAlgxCMoACgkQ8vlZVpUN
gaOX3Af/QOphB5pKrKijhDK9H40nKS6lHtL7klJpvRafUMtVxBDOP3dsRISyGMdF
w+gQQQv+eFEPefwGcYzdO4PN7FFVirAF9RS/NTFSIB/c8V6FfHzn/DeiftU7CLRW
ljTP7y8M9eo35TsU8s9D7wfbyfY55MEANiAP8vnpx4JKDb86I/8Eaa6YS91v17vp
/7TKSUt7PE6UUp7mgTRCX8vK9SxJJ8Xvg2hSzulfrO1DdsfW61RQYXwif+biR85T
uxFPnV0yvji2EU4cpeIekPqJKUb9Av0aIbSwg19QqcAE0xqxvtSRBKlYnF2IRTuv
OXoaC30d4UcQrNCkxPDAdH/0BMdcNQ==
=y+5G
-----END PGP SIGNATURE-----
Merge tag 'ext4_for_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
Pull ext4 fixes from Ted Ts'o:
"A security fix (so a maliciously corrupted file system image won't
panic the kernel) and some fixes for CONFIG_VMAP_STACK"
* tag 'ext4_for_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: sanity check the block and cluster size at mount time
fscrypto: don't use on-stack buffer for key derivation
fscrypto: don't use on-stack buffer for filename encryption
With the new (in 4.9) option to use a virtually-mapped stack
(CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for
the scatterlist crypto API because they may not be directly mappable to
struct page. get_crypt_info() was using a stack buffer to hold the
output from the encryption operation used to derive the per-file key.
Fix it by using a heap buffer.
This bug could most easily be observed in a CONFIG_DEBUG_SG kernel
because this allowed the BUG in sg_set_buf() to be triggered.
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
With the new (in 4.9) option to use a virtually-mapped stack
(CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for
the scatterlist crypto API because they may not be directly mappable to
struct page. For short filenames, fname_encrypt() was encrypting a
stack buffer holding the padded filename. Fix it by encrypting the
filename in-place in the output buffer, thereby making the temporary
buffer unnecessary.
This bug could most easily be observed in a CONFIG_DEBUG_SG kernel
because this allowed the BUG in sg_set_buf() to be triggered.
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Pull i2c fixes from Wolfram Sang:
"Some I2C driver bugfixes (and one documentation fix)"
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: i2c-mux-pca954x: fix deselect enabling for device-tree
i2c: digicolor: use clk_disable_unprepare instead of clk_unprepare
i2c: mux: fix up dependencies
i2c: Documentation: i2c-topology: fix minor whitespace nit
i2c: mux: demux-pinctrl: make drivers with no pinctrl work again
ARM:
- Fix handling of the 32bit cycle counter
- Fix cycle counter filtering
x86:
- Fix a race leading to double unregistering of user notifiers
- Amend oversight in kvm_arch_set_irq that turned Hyper-V code dead
- Use SRCU around kvm_lapic_set_vapic_addr
- Avoid recursive flushing of asynchronous page faults
- Do not rely on deferred update in KVM_GET_CLOCK, which fixes #GP
- Let userspace know that KVM_GET_CLOCK is useful with master clock;
4.9 changed the return value to better match the guest clock, but
didn't provide means to let guests take advantage of it
-----BEGIN PGP SIGNATURE-----
iQEcBAABCAAGBQJYMKbdAAoJEED/6hsPKofoPcEIAJF7hsuO3B2dMfUTz1EK+4IH
B7JXr9mlAAEG61y82EY06Es+3gt69XBiE5iKBpxlL6jIJJiUOd+oOdygV0hv4D0K
G6A03DsCWX16yJKjS7oGq4WOAiDGOpk7SU5YYlFZGqCzhaqScY2ecQFKEUYayJtt
nXG+i22eFKccrD8wlkm3ZYEjl1Hif7bUmHfxL/CBec1cDNxOys1dB24VsZl90n89
7pMUtzOTskUXjbNX+cKmFtR18/XUdlucnn0w9AApf3M8GnmUxIjIaeFSLbzuNz84
U2o3LdxrYysSKSsc7VleHtWVfCbPbC62vpUI51XdNw0u7BHlKkVdvBfJEUmSpkw=
=Crjd
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fixes from Radim Krčmář:
"ARM:
- Fix handling of the 32bit cycle counter
- Fix cycle counter filtering
x86:
- Fix a race leading to double unregistering of user notifiers
- Amend oversight in kvm_arch_set_irq that turned Hyper-V code dead
- Use SRCU around kvm_lapic_set_vapic_addr
- Avoid recursive flushing of asynchronous page faults
- Do not rely on deferred update in KVM_GET_CLOCK, which fixes #GP
- Let userspace know that KVM_GET_CLOCK is useful with master clock;
4.9 changed the return value to better match the guest clock, but
didn't provide means to let guests take advantage of it"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: x86: merge kvm_arch_set_irq and kvm_arch_set_irq_inatomic
KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
KVM: async_pf: avoid recursive flushing of work items
kvm: kvmclock: let KVM_GET_CLOCK return whether the master clock is in use
KVM: Disable irq while unregistering user notifier
KVM: x86: do not go through vcpu in __get_kvmclock_ns
KVM: arm64: Fix the issues when guest PMCCFILTR is configured
arm64: KVM: pmu: Fix AArch32 cycle counter access
Deselect functionality can be ignored for device-trees with
"i2c-mux-idle-disconnect" entries if no platform_data is available.
By enabling the deselect functionality outside the platform_data
block the logic works as it did in previous kernels.
Fixes: 7fcac9807175 ("i2c: i2c-mux-pca954x: convert to use an explicit i2c mux core")
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Alex Hemme <ahemme@cisco.com>
Signed-off-by: Ziyang Wu <ziywu@cisco.com>
[touched up a few minor issues /peda]
Signed-off-by: Peter Rosin <peda@axentia.se>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Fixes marked for stable:
- Fix system reset interrupt winkle wakeups (Nicholas Piggin)
- Fix setting of AIL in hypervisor mode (Benjamin Herrenschmidt)
Fixes for code merged this cycle:
- Fix exception vector build with 2.23 era binutils (Hugh Dickins)
- Fix missing update of HID register on secondary CPUs (Aneesh Kumar K.V)
Other:
- Fix missing pr_cont()s in show_stack() (Michael Ellerman)
- Fix missing pr_cont()s in print_msr_bits() et. al. (Michael Ellerman)
- Fix missing pr_cont()s in show_regs() (Michael Ellerman)
- Fix missing pr_cont()s in instruction dump (Andrew Donnellan)
- Invalidate ERAT on tlbiel for POWER9 DD1 (Michael Neuling)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJYMBJ5AAoJEFHr6jzI4aWA7hcP/1y8rTxNE+QYFMgkAVOJRDNL
t11jhvzWd+IQKCQnp+UtxlVUsMunwcE57nLu/gSndTwd801yBshslFhPjCljKt7o
g2oO4C+j90Vm6/0pg/HN51QPaCESwzZd8N6Xf0ApLfnxJ8elY9FSKfVmxWOfZnxo
heKWCjQTw+LVH04sIB09vo4Jf6djhC1mlVyxpH+6pG5rP6ftgse82wtTQQR2dVlk
tgfPNP2+wXF1Yl5vGFv/Q8p73RgcHUHok3spvmVQ1sZ+a8ezh2F/FhHeUlfyfuaq
s35MMgF3JAxXizNZ4I7oqCDpI6M1NCmuQI9QULHHKRMVunV3x8Zf3/FeFpWDD3y/
RCqk5oWIeemYbtX9i9suVYJVLr3Qz6tCjN9jlIl8EnIhsDAKrKOjkrCP4ke9Nzv1
eQMmtAQJC4dib0DqNbAfuvEtnLFbL83xmmBHKG/GY77iKtvJEB2Wx5rC5LZ6Dw9a
Ua1cBN+d1gBU1gBIKwa/fCkLxS0o+6LBGrZOd39r931Zw0ETl4miTuFdQiNJ2PnG
BMnUK0I6FfKRgAFa0d4UXbqLv4HI6Nh8MEMTpoQ+oCK9Rbn0ZcmFfdzHWzLZmHg4
NQ/1CiS17IKEHYSRI/r4M7jq6obem3x7wPJWsfySu0cs8YG2BjdfUcs+ff5TR/xV
jEGarBJgZ4bArqOw4TEI
=+6XC
-----END PGP SIGNATURE-----
Merge tag 'powerpc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
"Fixes marked for stable:
- fix system reset interrupt winkle wakeups
- fix setting of AIL in hypervisor mode
Fixes for code merged this cycle:
- fix exception vector build with 2.23 era binutils
- fix missing update of HID register on secondary CPUs
Other:
- fix missing pr_cont()s
- invalidate ERAT on tlbiel for POWER9 DD1"
* tag 'powerpc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/mm: Fix missing update of HID register on secondary CPUs
powerpc/mm/radix: Invalidate ERAT on tlbiel for POWER9 DD1
powerpc/64: Fix setting of AIL in hypervisor mode
powerpc/oops: Fix missing pr_cont()s in instruction dump
powerpc/oops: Fix missing pr_cont()s in show_regs()
powerpc/oops: Fix missing pr_cont()s in print_msr_bits() et. al.
powerpc/oops: Fix missing pr_cont()s in show_stack()
powerpc: Fix exception vector build with 2.23 era binutils
powerpc/64s: Fix system reset interrupt winkle wakeups
Pull crypto fixes from Herbert Xu:
"This fixes the following issues:
- Compiler warning in caam driver that was the last one remaining
- Do not register aes-xts in caam drivers on unsupported platforms
- Regression in algif_hash interface that may lead to an oops"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: algif_hash - Fix NULL hash crash with shash
crypto: caam - fix type mismatch warning
crypto: caam - do not register AES-XTS mode on LP units
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJYL4dwAAoJEL1qUBy3i3wmQRcQAIV7MyLseDqAWP7GfM5EPNfB
dmeBmZo6YxMFLcdbUAnZSV7xPlSLDPnTxEjA6lxtRfLSTAan8C5/u8/sNYBsn2U/
DKmgpFhoa+iaJ0xWa3tXH5qCPy6+s5pzywylCS/avTYV1x8pRIlN4dhoXJ30rkvT
24h7D0DO7YRWJ/GhvCpvR4wM/qMjtwqBfB4qfn14M0VJ6oDQqYANhg5lWfSIDFAf
piuzNcKVDj9vkTOAWOdGeULpqO9fSIUkJay3lvKJlFTaiDceXBwPO4V68wG20OSp
+3Ogtvjvu2uOMu6rj9vsxwza4ZgbEGuancnwUTheKeA3Ces4eDORMzVtjOw5o815
85b+qUiyzRzha8RKGQ4uI2zkPC+oQilH+VHm6G7QP0GYzIeUjiHQH9pxTVWqUsma
BswUU2n2573BBh+vaUcs4uTIKJSgOaJYlHrE+Mkx6sz8ZLUp2ExgUyIY60Pt2M95
Aa1g+36wsoSSM1w8wIzeOXR6VXkibhJZYJCbzk3Jh8jtuZDvm0y5+75sqJVg2jBR
ktU52Df7F225EqZGfsQCevfG04MD9gbUma5XcQGDy7YqrbZLioqfiAr49QzP8IZ8
NoZ6gexZFJMb9O0W8GCTaFNnTO12BHlX079OXjlF2i/QUG9vjwuejmnjRo6wIfEx
MJetG1DBWS70i9q5mXAN
=wkRu
-----END PGP SIGNATURE-----
Merge tag 'leds_4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds
Pull LED subsystem update from Jacek Anaszewski:
"I'd like to announce a new co-maintainer - Pavel Machek"
* tag 'leds_4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds:
MAINTAINERS: Add LED subsystem co-maintainer
Some driver fixes which we pending in my tree:
o return error code fix in edma driver
o Kconfig fix for genric allocator in mmp_tdma
o fix uninitialized value in sun6i
o Runtime pm fixes for cppi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJYL7m3AAoJEHwUBw8lI4NHp44P/32zeRq9e9UcnT8UD9DEFJv/
yr18IKCmwFm8awfiezRfT9AJ+eV/i9SjiYC48E8RD/s3Lyorhtu0CH6aumoH7wi7
mrvvaHjRXfeM6BsYbIcmXDvU9jSe/UMOB/GC/h7qsbfBwIuOrVB9YSR+2zJX4y+S
bbk22ZLV537lpojE41eu8AbIHfieaPkye7GJCreJi+fs60w1kM9sdCj+PGFRFFoi
rcrK+gpVP7N7C/D91LDNd5oEZ0I0NP+yW39iHQ/QBG+tbkG/XCt14FkJZ2kMUSkJ
0EtcwBUFyRJAkDfvy/oCJRz3oVA/AExw6+2F2i8VPRhOQSL5QpF0xnCd6lvnj0lo
lf6qjDSZiUFb/BVqT+o9U07ALah9dmdPD1qb6hjWejZt9f5fo5VhKo74F11qkj8Q
HTugC7/t2dDqhmg+K4NMFasWMaGUlh4dVittcAWksZ686oNlCdC8PeHhiBaZLBhI
0Mg4Otr3WaZSgTSNzmQPDcRZsiSPQ2ZzeU689427tUHPwX8JDsjGsu3L6jOVIMjh
jTPxILfLAQcEiKa5xNmyu/nOMEenHbH8Y2yi+9QOBNtmMCWR41iHa1+DKfUxSYLH
XhKIlbI2YfzmhPeiNnyR67XmQ3iJr3+xFFHwXSX8nXsIJ5algc1JPHMYafbjo/AT
hBKKAhaz/iabty/1Xhbk
=55tg
-----END PGP SIGNATURE-----
Merge tag 'dmaengine-fix-4.9-rc6' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fixes from Vinod Koul:
"Some driver fixes which we pending in my tree:
- return error code fix in edma driver
- Kconfig fix for genric allocator in mmp_tdma
- fix uninitialized value in sun6i
- Runtime pm fixes for cppi"
* tag 'dmaengine-fix-4.9-rc6' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: cppi41: More PM runtime fixes
dmaengine: cpp41: Fix handling of error path
dmaengine: cppi41: Fix unpaired pm runtime when only a USB hub is connected
dmaengine: cppi41: Fix list not empty warning on module removal
dmaengine: sun6i: fix the uninitialized value for v_lli
dmaengine: mmp_tdma: add missing select GENERIC_ALLOCATOR in Kconfig
dmaengine: edma: Fix error return code in edma_alloc_chan_resources()
kvm_arch_set_irq is unused since commit b97e6de9c96. Merge
its functionality with kvm_arch_set_irq_inatomic.
Reported-by: Jiang Biao <jiang.biao2@zte.com.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
This was reported by syzkaller:
[ INFO: possible recursive locking detected ]
4.9.0-rc4+ #49 Not tainted
---------------------------------------------
kworker/2:1/5658 is trying to acquire lock:
([ 1644.769018] (&work->work)
[< inline >] list_empty include/linux/compiler.h:243
[<ffffffff8128dd60>] flush_work+0x0/0x660 kernel/workqueue.c:1511
but task is already holding lock:
([ 1644.769018] (&work->work)
[<ffffffff812916ab>] process_one_work+0x94b/0x1900 kernel/workqueue.c:2093
stack backtrace:
CPU: 2 PID: 5658 Comm: kworker/2:1 Not tainted 4.9.0-rc4+ #49
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: events async_pf_execute
ffff8800676ff630 ffffffff81c2e46b ffffffff8485b930 ffff88006b1fc480
0000000000000000 ffffffff8485b930 ffff8800676ff7e0 ffffffff81339b27
ffff8800676ff7e8 0000000000000046 ffff88006b1fcce8 ffff88006b1fccf0
Call Trace:
...
[<ffffffff8128ddf3>] flush_work+0x93/0x660 kernel/workqueue.c:2846
[<ffffffff812954ea>] __cancel_work_timer+0x17a/0x410 kernel/workqueue.c:2916
[<ffffffff81295797>] cancel_work_sync+0x17/0x20 kernel/workqueue.c:2951
[<ffffffff81073037>] kvm_clear_async_pf_completion_queue+0xd7/0x400 virt/kvm/async_pf.c:126
[< inline >] kvm_free_vcpus arch/x86/kvm/x86.c:7841
[<ffffffff810b728d>] kvm_arch_destroy_vm+0x23d/0x620 arch/x86/kvm/x86.c:7946
[< inline >] kvm_destroy_vm virt/kvm/kvm_main.c:731
[<ffffffff8105914e>] kvm_put_kvm+0x40e/0x790 virt/kvm/kvm_main.c:752
[<ffffffff81072b3d>] async_pf_execute+0x23d/0x4f0 virt/kvm/async_pf.c:111
[<ffffffff8129175c>] process_one_work+0x9fc/0x1900 kernel/workqueue.c:2096
[<ffffffff8129274f>] worker_thread+0xef/0x1480 kernel/workqueue.c:2230
[<ffffffff812a5a94>] kthread+0x244/0x2d0 kernel/kthread.c:209
[<ffffffff831f102a>] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433
The reason is that kvm_put_kvm is causing the destruction of the VM, but
the page fault is still on the ->queue list. The ->queue list is owned
by the VCPU, not by the work items, so we cannot just add list_del to
the work item.
Instead, use work->vcpu to note async page faults that have been resolved
and will be processed through the done list. There is no need to flush
those.
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Userspace can read the exact value of kvmclock by reading the TSC
and fetching the timekeeping parameters out of guest memory. This
however is brittle and not necessary anymore with KVM 4.11. Provide
a mechanism that lets userspace know if the new KVM_GET_CLOCK
semantics are in effect, and---since we are at it---if the clock
is stable across all VCPUs.
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Function user_notifier_unregister should be called only once for each
registered user notifier.
Function kvm_arch_hardware_disable can be executed from an IPI context
which could cause a race condition with a VCPU returning to user mode
and attempting to unregister the notifier.
Signed-off-by: Ignacio Alvarado <ikalvarado@google.com>
Cc: stable@vger.kernel.org
Fixes: 18863bdd60f8 ("KVM: x86 shared msr infrastructure")
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Going through the first VCPU is wrong if you follow a KVM_SET_CLOCK with
a KVM_GET_CLOCK immediately after, without letting the VCPU run and
call kvm_guest_time_update.
To fix this, compute the kvmclock value ourselves, using the master
clock (tsc, nsec) pair as the base and the host CPU frequency as
the scale.
Reported-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
- Revert a recent ACPICA cleanup that attempted to get rid of all
FADT version 2 legacy, but broke ACPI thermal management on at
least one system (Rafael Wysocki).
- Fix cross-compiled builds of ACPI tools that stopped working
after a recent cleanup related to the handling of header files
in ACPICA (Lv Zheng).
- Fix a locking issue in the PCC channel initialization code that
invokes devm_request_irq() under a spinlock (among other things)
and causes lockdep to complain (Hoan Tran).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJYL2zcAAoJEILEb/54YlRx344P/1TDKMXiyWh8JmAAWFAPdK49
jZpRS+hD15droQuhpBLz7KJDpmAU/KKOg+dRrtl4NpYMf+ApWtkBUblUYE/8d/sv
L9WSoTx6KlxhSI+Av5BqaCyIYUwMtn4NRT2MP8lz9eQ1A91M+RWvdKm/8XzsppXc
spCVi0NxO8qRIJjnFgkYdLRvGYLVMmCTkf2ptxnao5SnmyE/wefhZCW/bZFFEAiY
QIIXkCZrdJ1PH0mre7P2+CvmAzdlxl02A/3aZquNTjDD33KBGvhQcvASGxrnAvs+
QG4EF29cHO2XAxPo50PLkn5kE+Fef3ulSi2hpKIOqdayRFmCPEFneHed9E1G5hNA
05nzMbw9nvz9QGFnqaWDbebfhueJ6ztqxgnqPb8j4YXTsr8P8giGj3Djk2eawCX+
F67OCm0c0NZpo63zqAsCd3WC9s2MOKNntnRGq4dJ2xNfC6qk0+eJLCDaCxoKoOn4
oMwYU+AWgjxK/vsXKL0RNQfd1xkuy3E4/HCy1knPkpYpJpC29qqFwcKH8DbLig/+
PZ1yRC2ZZ1EqxUpRjEoGuU9g2ElkY6pqjTGh1qquB9PiYQrTK/HYGjnW23eKb1tH
iUj/kSO486nlUP1hOk77BOUoKOBjDrt9o520WNHn3yLDknljZsUcG2QtmlO6fmpS
BLxyCWXWCJcsPyEcGSoY
=9ZhJ
-----END PGP SIGNATURE-----
Merge tag 'acpi-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"They fix an ACPI thermal management regression introduced by a recent
FADT handling cleanup, an ACPI tools build issue introduced by a
recent ACPICA commit and a PCC mailbox initialization bug causing
lockdep to complain loudly.
Specifics:
- Revert a recent ACPICA cleanup that attempted to get rid of all
FADT version 2 legacy, but broke ACPI thermal management on at
least one system (Rafael Wysocki).
- Fix cross-compiled builds of ACPI tools that stopped working after
a recent cleanup related to the handling of header files in ACPICA
(Lv Zheng).
- Fix a locking issue in the PCC channel initialization code that
invokes devm_request_irq() under a spinlock (among other things)
and causes lockdep to complain (Hoan Tran)"
* tag 'acpi-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
tools/power/acpi: Remove direct kernel source include reference
mailbox: PCC: Fix lockdep warning when request PCC channel
Revert "ACPICA: FADT support cleanup"
Pull kbuild fixes from Michal Marek:
"Here are some regression fixes for kbuild:
- modversion support for exported asm symbols (Nick Piggin). The
affected architectures need separate patches adding
asm-prototypes.h.
- fix rebuilds of lib-ksyms.o (Nick Piggin)
- -fno-PIE builds (Sebastian Siewior and Borislav Petkov). This is
not a kernel regression, but one of the Debian gcc package.
Nevertheless, it's quite annoying, so I think it should go into
mainline and stable now"
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
kbuild: Steal gcc's pie from the very beginning
kbuild: be more careful about matching preprocessed asm ___EXPORT_SYMBOL
x86/kexec: add -fno-PIE
scripts/has-stack-protector: add -fno-PIE
kbuild: add -fno-PIE
kbuild: modversions for EXPORT_SYMBOL() for asm
kbuild: prevent lib-ksyms.o rebuilds
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJYLznTAAoJECebzXlCjuG+ThgP/0tQByIqOKGqUNcEE0MLT4/+
E2/V/Basi3tnCIatAjYZiAN/rKnO5f4iuyh7PKG/bzlYluLv5MLq68HUia8EorN8
LExNvZAwYhjEQwDTzhBSityLHWmCwy3G0yYsJQ1DnbUdh8wAKr7lj4R0sr8RGJc1
GxgWnlhi2lAJSGYRa8tYHzh0tTXGOCoR8POKXFJ91PTx8gEO6VzULvbIQm0RLSow
+LGW36ov/ChQtJzVJsfcW6Hf4wHFevrtVTPtLWckMEtRq/DJ7hS2btgc02hpqFZm
MK7wywHT35LV+DvU6QPmwUUaf5IXJjWx0W7thOsjWbYMbAHC/0D3De8bgGaAI3B1
nB+B96BpGrALyhTX2pXQiQxsavXBl37BOGl3Ft03WrAVI4aJsfkaWDRS2X1jxfXI
zhGBN2vseoiJblie95hLIgvMtkRmOq4E44oNDiP9zKTwrIkISoz5jmvLHY/8Mj7E
NCof2P+K6ays8ywD2DqHlJKmiGA7PdNT87ZeeS4ZFvEjWSd4S1pfa0R+jg5FVxZl
Vl7QQX5D/Ep+sXszJin4dYQnl844+sVMVaj6CdQOK0udml81UZTRO5fvjNexs3e4
4Zd/ymC/XGs6Hz3pbPeIkAd/MzXCK0zNojNAdZnicOMzQpG2sZ76SJRZQg0sTCFH
EP6QTWxOog4lnDfML13E
=F2DQ
-----END PGP SIGNATURE-----
Merge tag 'nfsd-4.9-2' of git://linux-nfs.org/~bfields/linux
Pull nfsd bugfix from Bruce Fields:
"Just one fix for an NFS/RDMA crash"
* tag 'nfsd-4.9-2' of git://linux-nfs.org/~bfields/linux:
sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp transports
Three trivial fixes: a regression fix for ASRock mobo, a
use-after-free fix at hot-unplug of USB-audio, and a quirk for new
Thinkpad models.
-----BEGIN PGP SIGNATURE-----
iQIrBAABCAAVBQJYLsqoDhx0aXdhaUBzdXNlLmRlAAoJEGwxgFQ9KSmkF+gQAIyL
IJROXA6MWSHMaUUa0zToCBYscF+Z1CXavqLkBVGpaMGLM9m4CLkWavmxIIJkfr/1
XDTDgu6fvDQ0mRBSp3VnxKZGGf0V9fvdODWD7ueCZNHgdNMxMCMwAPaZwTJVk41L
1W/OfJG/w059L7zY0ZQ05zNphF9noav8Qdb685QdXY5brD92KbGs4TYNHl/D4bw7
rkT/dcLAxKfSg3Bnwi0Dong5MmXSH+IqvaapHVlhoBkHala5iHZS4URZKS2JgdUl
nbHFY1kDK5DBN4hHixrRMWqf6MP+ASA/zdEFUeQzoZ9mo/oYjbHURr63+chYkj5I
Y3yzn4YOEL9O+SdShRYdr6YCHpIJzuvwZCwIPLUlnXrqHoeJPkBnb4J8JiMmqm7O
F/REdLJoUldqEp3UhBePSSg53UI9qceB1QMYk8YIQy0yyom20uBuQ4GbXnyKQrLl
MpRb8sfh1GATaTfEshqH+52t7taRPv9VPtGAmDHOLYpcmWhfrJ7Kc6Mh60yTJJbd
91V4lNib8fV3eqWsW5+l25xzMku8FSIQHgUtG4zW2uOVD3lQiuYS6L8jYiBBApas
Tgvuowh3Y0toDDH5VTAtorUzYEKF203uqOytey3SgVyTz4lErrzdp+JyaeobGhHv
BIZKgV1Q00r+FNi7LC4thS9K6yvXLtXPc2mI4OMu
=aKgB
-----END PGP SIGNATURE-----
Merge tag 'sound-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Three trivial fixes:
A regression fix for ASRock mobo, a use-after-free fix at hot-unplug
of USB-audio, and a quirk for new Thinkpad models"
* tag 'sound-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: usb-audio: Fix use-after-free of usb_device at disconnect
ALSA: hda - Fix mic regression by ASRock mobo fixup
ALSA: hda - add a new condition to check if it is thinkpad
- Finally, after being puzzled by a bunch of recurrent UML
build failures on randconfigs from the build robot, Keno
Fischer nailed it: GPIO_DEVRES is optional and depends on
HAS_IOMEM even though many users just unconditionally rely
on it to be available. And it *should* be available:
garbage collection is nice for this and it *certainly* has
nothing to do with having IOMEM. So we got rid of it, and
now the UML builds should JustWork(TM).
- Do not call .get_direction() on sleeping GPIO chips on the
fastpath when locking GPIOs for interrupts: it is done
from atomic context, no way.
- Some driver fixes.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJYLr35AAoJEEEQszewGV1zdGkP/jPFN1oInhLFxRul2RBoI6kH
2D681F1c90PuEnLQU4JhzHjXizVn91u3/9tvGV7jpKePYe+Xvj8b1La8B+FPJ+Xr
jc4OwXiiH0Q5hbDS8WkO6lrR7wY9sqJPl+Z7iOTQy7nuBJgsAq9A+h9clqAttQaI
9QYrk4lb3V1tEnUZszu9/Bp0F/YQNHOMAgZvvsWz1S5wN1RD0Uk1YpEkXfQLL7H3
sv20Wvl3IXuggkDoHciSlb7Z/Kjtn0dgYiKSSSsr2Ph9yQTVWVfIf2r1NJUyZ5j5
C8bvD6/tgSPgoHZY+nx+wOhl7BxLNzTGPGiUVRuL9b2XhS0zyuBZx+SGIMvdaczi
t8+OLGub5z4Yqk9Fg18iql6KFoPXMtpvYHm9bWlevQm7KwMtky+HUU3VyzgV6UUD
7/pw62XF9gn06i7DI9mwEqRu2xZTPKEOj3Xz4WgW2g7HL4oXe8OvFvUG1arXTcLp
vvjD0bG7owmN51vsCu0XbACUEC2bIPLkHncd0Azn8/aWTgDRoukkJvlFx3AOGHIE
QdUBycQJ2WDlpcfbCuN+6YGFM+NOMWKy0T1R+121tvK3AYae69BuRxhb3L2BldY9
nNrJ5hOM1+ZA6jN+hjJPZH0JgvEzQyq/91QnjSJiTHnuLLkflP0Sm53YWdbS/OXE
/tvYeTw/a2O5xWSTtMSu
=MySu
-----END PGP SIGNATURE-----
Merge tag 'gpio-v4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"These are hopefully the last GPIO fixes for v4.9. The most important
is that it fixes the UML randconfig builds that have been nagging me
for some time and me being confused about where the problem was really
sitting, now this fix give this nice feeling that everything is solid
and builds fine.
Summary:
- Finally, after being puzzled by a bunch of recurrent UML build
failures on randconfigs from the build robot, Keno Fischer nailed
it: GPIO_DEVRES is optional and depends on HAS_IOMEM even though
many users just unconditionally rely on it to be available. And it
*should* be available: garbage collection is nice for this and it
*certainly* has nothing to do with having IOMEM. So we got rid of
it, and now the UML builds should JustWork(TM).
- Do not call .get_direction() on sleeping GPIO chips on the fastpath
when locking GPIOs for interrupts: it is done from atomic context,
no way.
- Some driver fixes"
* tag 'gpio-v4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: Remove GPIO_DEVRES option
gpio: tc3589x: fix up .get_direction()
gpio: do not double-check direction on sleeping chips
gpio: pca953x: Move memcpy into mutex lock for set multiple
gpio: pca953x: Fix corruption of other gpios in set_multiple.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJYLlIgAAoJEAx081l5xIa+mjoP/2wh9hcrX4bG4XWnixR/KSf/
xAtqsNl87oQE6cq+PGD0WsmyCjnLFKbvi12ChM0slu3r4qSRlAOtmdGaqmha/jkv
8Km4tBgxrxsh8H+rN/x+1aXCVbt8H2qeOikeQgHTdluX7fnBs37vJAfccw7W010p
Ezv5N65UEgtS+HxDBKp5hQG3416ycU1gj1cmRMYhzTKp5EFSB48zoZ+r1dH07/MG
989D1v/YkR/KyKTj+mhdsPZ6lKLdnEWP1SHR7kRQcxrxBJGgtYIiRY4x7TSKBa+x
EoyX3srhex/TvYrlmlMZqqXhE8ddgvjJmE3zV5mDFJOgDtaSvZBdkU5IxjSPJfzK
yfEz6vUlLxGxsIxlT6oG7CBghsuZtED7vDbDOdf+2HR1X/i/i3VMnAKrLe/p8Z4L
VwRkf3Pri+PV4iZpT8jSMFVE0uXLLswK/UyFpAT07JbwqxbPceQa6FB0IlAwcAJd
ueFq+nQ6CdL4h98YNNqCaKAIa/686lf0Vh+6BHY4Pqp8ePSVdCpbEKd08UDHoAw2
RYHMNQY6gvS+P7laN+qFUC1nLIvd3ynhHRqIsaZgCraVjKJaGBbkT8WaV9LeGeO+
/+Se9zbvlZmnFO0ynhRJZITY/n2hgaRcLgzwV611F1qHVk6ZcUac0AOR8NQleXm/
psGWhW/QNog3VObrlC/M
=EAA/
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-for-v4.9-rc6-brown-paper-bag' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"i915 fixes + 2 mediatek regressions.
So some i915 fixes came in which I thought they might so I'm sending
those along with two reverts for two patches to the mediatek driver
that didn't seem to build so well, I've fixed up my -fixes ARM build
and .config so I could see it, but yes brown paper bag time"
* tag 'drm-fixes-for-v4.9-rc6-brown-paper-bag' of git://people.freedesktop.org/~airlied/linux:
Revert "drm/mediatek: set vblank_disable_allowed to true"
Revert "drm/mediatek: fix a typo of OD_CFG to OD_RELAYMODE"
drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch specified in the VBT
drm/i915: Refresh that status of MST capable connectors in ->detect()
drm/i915: Grab the rotation from the passed plane state for VLV sprites
drm/i915: Mark CPU cache as dirty when used for rendering
Recently algif_hash has been changed to allow null hashes. This
triggers a bug when used with an shash algorithm whereby it will
cause a crash during the digest operation.
This patch fixes it by avoiding the digest operation and instead
doing an init followed by a final which avoids the buggy code in
shash.
This patch also ensures that the result buffer is freed after an
error so that it is not returned as a genuine hash result on the
next recv call.
The shash/ahash wrapper code will be fixed later to handle this
case correctly.
Fixes: 493b2ed3f760 ("crypto: algif_hash - Handle NULL hashes correctly")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Laura Abbott <labbott@redhat.com>
We need to update on secondaries for the selected MMU mode.
Fixes: ad410674f560 ("powerpc/mm: Update the HID bit when switching from radix to hash")
Reported-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
KVM calls kvm_pmu_set_counter_event_type() when PMCCFILTR is configured.
But this function can't deals with PMCCFILTR correctly because the evtCount
bits of PMCCFILTR, which is reserved 0, conflits with the SW_INCR event
type of other PMXEVTYPER<n> registers. To fix it, when eventsel == 0, this
function shouldn't return immediately; instead it needs to check further
if select_idx is ARMV8_PMU_CYCLE_IDX.
Another issue is that KVM shouldn't copy the eventsel bits of PMCCFILTER
blindly to attr.config. Instead it ought to convert the request to the
"cpu cycle" event type (i.e. 0x11).
To support this patch and to prevent duplicated definitions, a limited
set of ARMv8 perf event types were relocated from perf_event.c to
asm/perf_event.h.
Cc: stable@vger.kernel.org # 4.6+
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Wei Huang <wei@redhat.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
We're missing the handling code for the cycle counter accessed
from a 32bit guest, leading to unexpected results.
Cc: stable@vger.kernel.org # 4.6+
Signed-off-by: Wei Huang <wei@redhat.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
On POWER9 DD1, when we do a local TLB invalidate we also need to explicitly
invalidate the ERAT.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
since clk_prepare_enable() is used to get i2c->clk, we should
use clk_disable_unprepare() to release it for the error path.
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
i915 misc fixes.
* tag 'drm-intel-fixes-2016-11-17' of ssh://git.freedesktop.org/git/drm-intel:
drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch specified in the VBT
drm/i915: Refresh that status of MST capable connectors in ->detect()
drm/i915: Grab the rotation from the passed plane state for VLV sprites
drm/i915: Mark CPU cache as dirty when used for rendering
Pull block fixes from Jens Axboe:
"A set of fixes, one for NVMe from Keith, and a set for nvme-{rdma,t,f}
from the usual suspects, fixing actual problems that would be a shame
to release 4.9 with"
* 'for-linus' of git://git.kernel.dk/linux-block:
nvme/pci: Don't free queues on error
nvmet-rdma: drain the queue-pair just before freeing it
nvme-rdma: stop and free io queues on connect failure
nvmet-rdma: don't forget to delete a queue from the list of connection failed
nvmet: Don't queue fatal error work if csts.cfs is set
nvme-rdma: reject non-connect commands before the queue is live
nvmet-rdma: Fix possible NULL deref when handling rdma cm events
- Misc Intel hfi1 fixes
- Misc Mellanox mlx4, mlx5, and rxe fixes
- A couple cxgb4 fixes
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJYLQfQAAoJELgmozMOVy/doFMQAI96k4C9TJhtSNywdUhmqEDP
09IZFWVPuVFdgB//eFnUlqQackHn70RGNJfM+wDLRuNvyDaIJ21pSTqLeVkPJPaN
7kHmNo2OiYqo5evq2rFV0Jaaf9mj+zkmQBWE5vLLuNqoYWNBuPrNMY5O88o09TPQ
umN04md9VYoTjg0eya9ESTE+RUsYO1QL16VEXLZt8HonDGQUe+Z8nGh6VtKBQV+t
34li0vPRj2DGaWuZXWjgKTSxniHtKrds5uEzTxucNYXfz0NrfLTTlADDgPwHQ7qW
Utbv18/C8j6hTQgogiUTASSyJCDnYC6g1Ovn9vY8bgu6Vo2FjHCaQyuubQQKGCtl
IzX8ahf5z+pAm88hU6e6I0Hi+wPMtc8VT8XBJnhKjxC8qxH+OZNCBlNH3NWroIYo
uC0mV0pzhh/FERHK/cDujeecu4n8V2WiOs59Ta3R6ys8nO5CxwVGup0OOXK2ZG2X
Qfm+aj3xf0Dk06n03Y77l/iofKnxtEECPm6BqjL6JKUymFbqOZhkCUWO84sKEBbQ
egqwpBuHkrqQLcVBWPabkkBLtHS5H+7AHKxxCJq8NJQflDgu7t+q+PT4A4YXq6Mb
jNKdlTvz8ov+SniH8A7KHIiAGgSAzTBQKsTDLYAJdMuzj7HnNXO3oubd1CoAa05H
8KhN0XDWVB01LeVW7rts
=qeYK
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma
Pull rmda fixes from Doug Ledford.
"First round of -rc fixes.
Due to various issues, I've been away and couldn't send a pull request
for about three weeks. There were a number of -rc patches that built
up in the meantime (some where there already from the early -rc
stages). Obviously, there were way too many to send now, so I tried to
pare the list down to the more important patches for the -rc cycle.
Most of the code has had plenty of soak time at the various vendor's
testing setups, so I doubt there will be another -rc pull request this
cycle. I also tried to limit the patches to those with smaller
footprints, so even though a shortlog is longer than I would like, the
actual diffstat is mostly very small with the exception of just three
files that had more changes, and a couple files with pure removals.
Summary:
- Misc Intel hfi1 fixes
- Misc Mellanox mlx4, mlx5, and rxe fixes
- A couple cxgb4 fixes"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (34 commits)
iw_cxgb4: invalidate the mr when posting a read_w_inv wr
iw_cxgb4: set *bad_wr for post_send/post_recv errors
IB/rxe: Update qp state for user query
IB/rxe: Clear queue buffer when modifying QP to reset
IB/rxe: Fix handling of erroneous WR
IB/rxe: Fix kernel panic in UDP tunnel with GRO and RX checksum
IB/mlx4: Fix create CQ error flow
IB/mlx4: Check gid_index return value
IB/mlx5: Fix NULL pointer dereference on debug print
IB/mlx5: Fix fatal error dispatching
IB/mlx5: Resolve soft lock on massive reg MRs
IB/mlx5: Use cache line size to select CQE stride
IB/mlx5: Validate requested RQT size
IB/mlx5: Fix memory leak in query device
IB/core: Avoid unsigned int overflow in sg_alloc_table
IB/core: Add missing check for addr_resolve callback return value
IB/core: Set routable RoCE gid type for ipv4/ipv6 networks
IB/cm: Mark stale CM id's whenever the mad agent was unregistered
IB/uverbs: Fix leak of XRC target QPs
IB/hfi1: Remove incorrect IS_ERR check
...
Pull vfs fixes from Al Viro:
"A couple of regression fixes"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fix iov_iter_advance() for ITER_PIPE
xattr: Fix setting security xattrs on sockfs
Without ".owner = THIS_MODULE" it is possible to crash the kernel
by unloading the Orangefs module while someone is reading debugfs
files.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJYLfvEAAoJEM9EDqnrzg2+sHEQAJo4jn/sAQvO04ujaMrViLmy
5+V93F7jwGFeLvAwjMvPAeBb+UmlgqjVi0VT85RzEe6eNOKN9qlj9ZNDutOfnbhr
H6qu8AQsbO0znSTQuJA1M2Hca9h66EnN0pT8xW4wat1cCdAf6X6HcFcr1lZIRKZd
E17EygXi+IW0c0evIq4UBsD0DfTZgtC4ONrR9N7+zprlg2PVX35So6Lr0ODceJQs
StWHrZW9hDZ6KR8WocupuHPR8brOe+P5PU14fPzR1+EH7BsTf8uxWK7CfTE5ov0C
UNkNeh81BOkwIQDFoPCJ5asaipdi5RRNTIQekhhQ2GnaaCdmCKln8OLjqDZZOmDj
KRGB4mdPcCb3XlvMH3SaXNmyhmjt2cTS0/TQPexrTqjSNmbXmnzJOCguweoTIJ5w
CgEnsrNp8GwlZo12Z8JkFGxC39ifjH4F+KFetU+eUNjw9Tce+zHwgEvsAMqDhWw8
FJQWy+snG7m8ooytRObWPepchnd2XHkrJv4yu8uw3GirM+YTlxvuWnB54hVH17FQ
0vKYhdAXBUmeeyyNKApBSGQezPWD9hfAY5Di7JGJlaTiai3pVxgXd8YY4DGXHj3t
ebPpxEnlWrRLC5Cazd0yC9CoR8azQp9zvRgfPuPEM4wJSjUFVfmasmFg7s99h3Zq
vnTqfV/uQwLm9f+3CfNB
=s21f
-----END PGP SIGNATURE-----
Merge tag 'for-linus-4.9-rc5-ofs-1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux
Pull orangefs fix from Mike Marshall:
"orangefs: add .owner to debugfs file_operations
Without ".owner = THIS_MODULE" it is possible to crash the kernel by
unloading the Orangefs module while someone is reading debugfs files"
* tag 'for-linus-4.9-rc5-ofs-1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
orangefs: add .owner to debugfs file_operations
Prior to 3.15, there was a race between zap_pte_range() and
page_mkclean() where writes to a page could be lost. Dave Hansen
discovered by inspection that there is a similar race between
move_ptes() and page_mkclean().
We've been able to reproduce the issue by enlarging the race window with
a msleep(), but have not been able to hit it without modifying the code.
So, we think it's a real issue, but is difficult or impossible to hit in
practice.
The zap_pte_range() issue is fixed by commit 1cf35d47712d("mm: split
'tlb_flush_mmu()' into tlb flushing and memory freeing parts"). And
this patch is to fix the race between page_mkclean() and mremap().
Here is one possible way to hit the race: suppose a process mmapped a
file with READ | WRITE and SHARED, it has two threads and they are bound
to 2 different CPUs, e.g. CPU1 and CPU2. mmap returned X, then thread
1 did a write to addr X so that CPU1 now has a writable TLB for addr X
on it. Thread 2 starts mremaping from addr X to Y while thread 1
cleaned the page and then did another write to the old addr X again.
The 2nd write from thread 1 could succeed but the value will get lost.
thread 1 thread 2
(bound to CPU1) (bound to CPU2)
1: write 1 to addr X to get a
writeable TLB on this CPU
2: mremap starts
3: move_ptes emptied PTE for addr X
and setup new PTE for addr Y and
then dropped PTL for X and Y
4: page laundering for N by doing
fadvise FADV_DONTNEED. When done,
pageframe N is deemed clean.
5: *write 2 to addr X
6: tlb flush for addr X
7: munmap (Y, pagesize) to make the
page unmapped
8: fadvise with FADV_DONTNEED again
to kick the page off the pagecache
9: pread the page from file to verify
the value. If 1 is there, it means
we have lost the written 2.
*the write may or may not cause segmentation fault, it depends on
if the TLB is still on the CPU.
Please note that this is only one specific way of how the race could
occur, it didn't mean that the race could only occur in exact the above
config, e.g. more than 2 threads could be involved and fadvise() could
be done in another thread, etc.
For anonymous pages, they could race between mremap() and page reclaim:
THP: a huge PMD is moved by mremap to a new huge PMD, then the new huge
PMD gets unmapped/splitted/pagedout before the flush tlb happened for
the old huge PMD in move_page_tables() and we could still write data to
it. The normal anonymous page has similar situation.
To fix this, check for any dirty PTE in move_ptes()/move_huge_pmd() and
if any, did the flush before dropping the PTL. If we did the flush for
every move_ptes()/move_huge_pmd() call then we do not need to do the
flush in move_pages_tables() for the whole range. But if we didn't, we
still need to do the whole range flush.
Alternatively, we can track which part of the range is flushed in
move_ptes()/move_huge_pmd() and which didn't to avoid flushing the whole
range in move_page_tables(). But that would require multiple tlb
flushes for the different sub-ranges and should be less efficient than
the single whole range flush.
KBuild test on my Sandybridge desktop doesn't show any noticeable change.
v4.9-rc4:
real 5m14.048s
user 32m19.800s
sys 4m50.320s
With this commit:
real 5m13.888s
user 32m19.330s
sys 4m51.200s
Reported-by: Dave Hansen <dave.hansen@intel.com>
Signed-off-by: Aaron Lu <aaron.lu@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Building the caam driver on arm64 produces a harmless warning:
drivers/crypto/caam/caamalg.c:140:139: warning: comparison of distinct pointer types lacks a cast
We can use min_t to tell the compiler which type we want it to use
here.
Fixes: 5ecf8ef9103c ("crypto: caam - fix sg dump")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Fix use of u32 instead of int for checking for negative errors values
as pointed out by Dan Carpenter <dan.carpenter@oracle.com>.
And while testing the PM runtime error path by randomly returning
failed values in runtime resume, I noticed two more places that need
fixing:
- If pm_runtime_get_sync() fails in probe, we still need to do
pm_runtime_put_sync() to keep the use count happy. We could call
pm_runtime_put_noidle() on the error path, but we're just going
to call pm_runtime_disable() after that so pm_runtime_put_sync()
will do what we want
- We should print an error if pm_runtime_get_sync() fails in
cppi41_dma_alloc_chan_resources() so we know where it happens
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: 740b4be3f742 ("dmaengine: cpp41: Fix handling of error path")
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
iov_iter_advance() needs to decrement iter->count by the number of
bytes we'd moved beyond. Normal flavours do that, but ITER_PIPE
doesn't and ITER_PIPE generic_file_read_iter() for O_DIRECT files
ends up with a bogus fallback to page cache read, resulting in incorrect
values for file offset and bytes read.
Signed-off-by: Abhi Das <adas@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
The IOP_XATTR flag is set on sockfs because sockfs supports getting the
"system.sockprotoname" xattr. Since commit 6c6ef9f2, this flag is checked for
setxattr support as well. This is wrong on sockfs because security xattr
support there is supposed to be provided by security_inode_setsecurity. The
smack security module relies on socket labels (xattrs).
Fix this by adding a security xattr handler on sockfs that returns
-EAGAIN, and by checking for -EAGAIN in setxattr.
We cannot simply check for -EOPNOTSUPP in setxattr because there are
filesystems that neither have direct security xattr support nor support
via security_inode_setsecurity. A more proper fix might be to move the
call to security_inode_setsecurity into sockfs, but it's not clear to me
if that is safe: we would end up calling security_inode_post_setxattr after
that as well.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJYLPBxAAoJEAx081l5xIa+qfIQAJCK90sXfXwGdvYcQLkYQgho
WvgRAL04U15tI29oyy96gSwLWk+1S6kLmXOKMmzlNCxdAaVMa3GhXOq/Zixxi2aR
a2blw05r2Pp/CC/TDf9xNlgmZIVWWjlHSOzKyi4KgelZWz1yG02LsiO6nQZQlm2z
IF8b83lLAQGey4EOEGGpQBkHa7oxfglWwq8XjjwuqREc8os0FFq/5WivBKu+QOA9
TwUv7FNjqeV5NzV9JNp94tFKYE3QldNemT0hrmYFud4R4JADs+QEwZ9yokRa6DF8
RXU18xxRzmpZMGL2aXE/KqivEHY7FLsVg2m+KAZJZtbKo8Et2Bz5etEjvH4v0SXn
1FJRSplXIcggleOPlurhT2XvIr0vqgIdcdizsXdN0+f2tKQljTDRgES825MTFQWm
mY1AEVtcDI6GdJcSCORUCr5K1pyBlaMCqYs8jgIznBoX8VrxMx6VpA0u9r7/rX60
WRcUMXkqr+cR/3NEcu2YvN3c8M/TX1gmEek8URWm2EEE8SmwxnMudQLYNgeqBFSn
i1LeNOtmFcG6MCwYQCbsNEz7iYJOjwgsZLoJh6WMNYCuUg9l7syVxXgg5l5q3DFc
UnvDLPIxnPe+BtMXAodlueEmaPK0niytqIc8RGWx9RWu5TsN9S+I6BmS9PjCd43X
GzMfpPGbY/57BMdddQh7
=TZCv
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-for-v4.9-rc6' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes fr9om Dave Airlie:
"Fixes for amdgpu, and a bunch of arm drivers.
There seems to be an uptick in the ARM drivers sending things for
fixes which is good, so I've decided to dequeue a bit early, more
stuff may arrive before the weekend.
This contains mediatek, arcpgu, sunxi, fsl-dcu display controller
fixes along with 3 amdgpu fixes, one for a fencing issue with
secondary GPUs"
* tag 'drm-fixes-for-v4.9-rc6' of git://people.freedesktop.org/~airlied/linux:
drm/amdgpu:fix vpost_needed routine
drm/amdgpu/powerplay: drop a redundant NULL check
drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
drm/arcpgu: Accommodate adv7511 switch to DRM bridge
drm/fsl-dcu: disable planes before disabling CRTC
drm/fsl-dcu: update all registers on flush
drm/fsl-dcu: do not update when modifying irq registers
drm/sun4i: Propagate error to the caller
drm/sun4i: Fix error handling
drm/mediatek: modify the factor to make the pll_rate set in the 1G-2G range
drm/mediatek: enhance the HDMI driving current
drm/mediatek: do mtk_hdmi_send_infoframe after HDMI clock enable
drm/mediatek: clear IRQ status before enable OVL interrupt
drm/mediatek: set vblank_disable_allowed to true
drm/mediatek: fix a typo of OD_CFG to OD_RELAYMODE
drm/sun4i: rgb: Remove the bridge enable/disable functions
drm/sun4i: rgb: Enable panel after controller
Also, rearrange things a bit to have a common c4iw_invalidate_mr()
function used everywhere that we need to invalidate.
Fixes: 49b53a93a64a ("iw_cxgb4: add fast-path for small REG_MR operations")
Signed-off-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
There are a few cases in c4iw_post_send() and c4iw_post_receive()
where *bad_wr is not set when an error is returned. This can
cause a crash if the application tries to use bad_wr.
Signed-off-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
The method rxe_qp_error() transitions QP to error state
and make sure the QP is drained. It did not though update
the QP state for user's query.
This patch fixes this.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Signed-off-by: Yonatan Cohen <yonatanc@mellanox.com>
Reviewed-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
RXE resets the send-q only once in rxe_qp_init_req() when
QP is created, but when the QP is reused after QP reset, the send-q
holds previous garbage data.
This garbage data wrongly fails CQEs that otherwise
should have completed successfully.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Signed-off-by: Yonatan Cohen <yonatanc@mellanox.com>
Reviewed-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
