linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 4.18 000/197] 4.18.8-stable review
@ 2018-09-13 13:29 Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 001/197] act_ife: fix a potential use-after-free Greg Kroah-Hartman
                   ` (198 more replies)
  0 siblings, 199 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

This is the start of the stable review cycle for the 4.18.8 release.
There are 197 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Sat Sep 15 13:17:57 UTC 2018.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.8-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 4.18.8-rc1

Gustavo A. R. Silva <gustavo@embeddedor.com>
    ASoC: wm8994: Fix missing break in switch

Robert Munteanu <rombert@apache.org>
    HID: redragon: fix num lock and caps lock LEDs

Arnd Bergmann <arnd@arndb.de>
    x86: kvm: avoid unused variable warning

Junaid Shahid <junaids@google.com>
    kvm: x86: Set highest physical address bits in non-present/reserved SPTEs

Randy Dunlap <rdunlap@infradead.org>
    kbuild: make missing $DEPMOD a Warning instead of an Error

Juergen Gross <jgross@suse.com>
    x86/xen: don't write ptes directly in 32-bit PV guests

Juergen Gross <jgross@suse.com>
    x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear

Joel Fernandes (Google) <joel@joelfernandes.org>
    debugobjects: Make stack check warning more informative

Michel Dänzer <michel.daenzer@amd.com>
    drm/amdgpu: Don't warn on destroying a pinned BO

Michel Dänzer <michel.daenzer@amd.com>
    drm/amdgpu: Warn and update pin_size values when destroying a pinned BO

Michel Dänzer <michel.daenzer@amd.com>
    drm/amdgpu: Make pin_size values atomic

Michel Dänzer <michel.daenzer@amd.com>
    drm/amdgpu: Keep track of amount of pinned CPU visible VRAM

Chuanhua Lei <chuanhua.lei@linux.intel.com>
    x86/tsc: Prevent result truncation on 32bit

Jani Nikula <jani.nikula@intel.com>
    drm/i915: set DP Main Stream Attribute for color range on DDI platforms

Nadav Amit <namit@vmware.com>
    mm: respect arch_dup_mmap() return value

Randy Dunlap <rdunlap@infradead.org>
    uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name

Jan-Marek Glogowski <glogow@fbihome.de>
    drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse"

Christian König <christian.koenig@amd.com>
    drm/amdgpu: fix incorrect use of drm_file->pid

Christian König <christian.koenig@amd.com>
    drm/amdgpu: fix incorrect use of fcheck

Likun Gao <Likun.Gao@amd.com>
    drm/amdgpu:add VCN booting with firmware loaded by PSP

Likun Gao <Likun.Gao@amd.com>
    drm/amdgpu:add VCN support in PSP driver

Likun Gao <Likun.Gao@amd.com>
    drm/amdgpu:add new firmware id for VCN

James Zhu <jzhums@gmail.com>
    drm/amdgpu:add tmr mc address into amdgpu_firmware_info

James Zhu <jzhums@gmail.com>
    drm/amdgpu: update tmr mc address

Mikita Lipski <mikita.lipski@amd.com>
    drm/amd/display: Check if clock source in use before disabling

Mikita Lipski <mikita.lipski@amd.com>
    drm/amd/display: Pass connector id when executing VBIOS CT

Sandy Huang <hjc@rock-chips.com>
    drm/rockchip: vop: fix irq disabled after vop driver probed

Heiko Stuebner <heiko@sntech.de>
    drm/rockchip: vop: split out core clock enablement into separate functions

Julia Lawall <Julia.Lawall@lip6.fr>
    drm/rockchip: lvds: add missing of_node_put

Harry Wentland <harry.wentland@amd.com>
    drm/amd/display: Report non-DP display as disconnected without EDID

Leo (Sunpeng) Li <sunpeng.li@amd.com>
    drm/amd/display: Use requested HDMI aspect ratio

Mikita Lipski <mikita.lipski@amd.com>
    drm/amd/display: update clk for various HDMI color depths

Mikita Lipski <mikita.lipski@amd.com>
    drm/amd/display: Don't share clk source between DP and HDMI

Gustavo A. R. Silva <gustavo@embeddedor.com>
    drm/amd/display: fix type of variable

Kai-Heng Feng <kai.heng.feng@canonical.com>
    drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80

Lubosz Sarnecki <lubosz.sarnecki@collabora.com>
    drm/edid: Quirk Vive Pro VR headset non-desktop.

Rex Zhu <rex.zhu@amd.com>
    drm/amd/pp/Polaris12: Fix a chunk of registers missed to program

Evan Quan <evan.quan@amd.com>
    drm/amd/powerplay: fixed uninitialized value

Rex Zhu <rex.zhu@amd.com>
    drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST

Michel Dänzer <michel.daenzer@amd.com>
    drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode

Rex Zhu <rex.zhu@amd.com>
    drm/amdgpu: fix a reversed condition

Alex Deucher <alexander.deucher@amd.com>
    drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet

Rodrigo Vivi <rodrigo.vivi@intel.com>
    drm/i915: Free write_buf that we allocated with kzalloc.

Fredrik Schön <fredrikschon@gmail.com>
    drm/i915: Increase LSPCON timeout

Ville Syrjälä <ville.syrjala@linux.intel.com>
    drm/i915: Nuke the LVDS lid notifier

Chris Wilson <chris@chris-wilson.co.uk>
    drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks"

David Sterba <dsterba@suse.com>
    btrfs: fix mount and ioctl device scan ioctl race

David Sterba <dsterba@suse.com>
    btrfs: reorder initialization before the mount locks uuid_mutex

David Sterba <dsterba@suse.com>
    btrfs: lift uuid_mutex to callers of btrfs_parse_early_options

David Sterba <dsterba@suse.com>
    btrfs: lift uuid_mutex to callers of btrfs_scan_one_device

Anand Jain <anand.jain@oracle.com>
    btrfs: use device_list_mutex when removing stale devices

Anand Jain <anand.jain@oracle.com>
    btrfs: rename local devices for fs_devices in btrfs_free_stale_devices(

Anand Jain <anand.jain@oracle.com>
    btrfs: extend locked section when adding a new device in device_list_add

Anand Jain <anand.jain@oracle.com>
    btrfs: do btrfs_free_stale_devices outside of device_list_add

Marc Zyngier <marc.zyngier@arm.com>
    ARM: rockchip: Force CONFIG_PM on Rockchip systems

Marc Zyngier <marc.zyngier@arm.com>
    arm64: rockchip: Force CONFIG_PM on Rockchip systems

Bart Van Assche <bart.vanassche@wdc.com>
    btrfs: Fix a C compliance issue

Qu Wenruo <wqu@suse.com>
    btrfs: Don't remove block group that still has pinned down bytes

David Sterba <dsterba@suse.com>
    btrfs: lift uuid_mutex to callers of btrfs_open_devices

Qu Wenruo <wqu@suse.com>
    btrfs: check-integrity: Fix NULL pointer dereference for degraded mount

Qu Wenruo <wqu@suse.com>
    btrfs: tree-checker: Detect invalid and empty essential trees

Qu Wenruo <wqu@suse.com>
    btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized

Anand Jain <anand.jain@oracle.com>
    btrfs: fix in-memory value of total_devices after seed device deletion

Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
    btrfs: replace: Reset on-disk dev stats value after replace

Qu Wenruo <wqu@suse.com>
    btrfs: Exit gracefully when chunk map cannot be inserted to the tree

Lucas Stach <l.stach@pengutronix.de>
    drm/etnaviv: fix crash in GPU suspend when init failed due to buffer placement

Jim Mattson <jmattson@google.com>
    kvm: nVMX: Fix fault vector for VMX operation at CPL > 0

Sean Christopherson <sean.j.christopherson@intel.com>
    KVM: vmx: track host_state.loaded using a loaded_vmcs pointer

David Francis <David.Francis@amd.com>
    drm/amd/display: Read back max backlight value at boot

Levin Du <djw@t-chip.com.cn>
    clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399

Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
    powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.

Masahiro Yamada <yamada.masahiro@socionext.com>
    um: fix parallel building with O= option

Michael Ellerman <mpe@ellerman.id.au>
    powerpc/64s: Make rfi_flush_fallback a little more robust

Randy Dunlap <rdunlap@infradead.org>
    powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning

Steve French <stfrench@microsoft.com>
    smb3: if server does not support posix do not allow posix mount option

Steve French <stfrench@microsoft.com>
    SMB3: Number of requests sent should be displayed for SMB3 not just CIFS

Aurelien Aptel <aaptel@suse.com>
    CIFS: fix memory leak and remove dead code

Steve French <stfrench@microsoft.com>
    smb3: fix reset of bytes read and written stats

Bart Van Assche <bart.vanassche@wdc.com>
    cfq: Suppress compiler warnings about comparisons

YueHaibing <yuehaibing@huawei.com>
    RDS: IB: fix 'passing zero to ERR_PTR()' warning

nixiaoming <nixiaoming@huawei.com>
    selinux: cleanup dentry and inodes on error in selinuxfs

Breno Leitao <leitao@debian.org>
    selftests/powerpc: Kill child processes on SIGINT

Ralf Goebel <ralf.goebel@imago-technologies.com>
    iommu/omap: Fix cache flushes on L2 table entries

Matthias Kaehlcke <mka@chromium.org>
    ASoC: rt5677: Fix initialization of rt5677_of_match.data

Ian Abbott <abbotti@mev.co.uk>
    staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice

John Pittman <jpittman@redhat.com>
    dm kcopyd: avoid softlockup in run_complete_job

Thomas Petazzoni <thomas.petazzoni@bootlin.com>
    PCI: mvebu: Fix I/O space end address calculation

Roger Pau Monne <roger.pau@citrix.com>
    xen/balloon: fix balloon initialization for PVH Dom0

Dmitry Torokhov <dmitry.torokhov@gmail.com>
    Input: do not use WARN() in input_alloc_absinfo()

Wei Yongjun <weiyongjun1@huawei.com>
    NFSv4: Fix error handling in nfs4_sp4_select_mode()

Dan Carpenter <dan.carpenter@oracle.com>
    scsi: aic94xx: fix an error code in aic94xx_init()

Jianchao Wang <jianchao.w.wang@oracle.com>
    blk-mq: count the hctx as active before allocating tag

Hans de Goede <hdegoede@redhat.com>
    ACPI / scan: Initialize status to ACPI_STA_DEFAULT

Stefan Haberland <sth@linux.ibm.com>
    s390/dasd: fix panic for failed online processing

Stefan Haberland <sth@linux.ibm.com>
    s390/dasd: fix hanging offline processing due to canceled worker

Winnie Chang <winnie.chang@cypress.com>
    brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference

Greg Edwards <gedwards@ddn.com>
    block: bvec_nr_vecs() returns value for wrong slab

Sandipan Das <sandipan@linux.ibm.com>
    perf probe powerpc: Fix trace event post-processing

Dan Carpenter <dan.carpenter@oracle.com>
    powerpc: Fix size calculation using resource_size()

Michael Ellerman <mpe@ellerman.id.au>
    powerpc/uaccess: Enable get_user(u64, *p) on 32-bit

Yonghong Song <yhs@fb.com>
    bpf: fix bpffs non-array map seq_show issue

Anton Vasilyev <vasilyev@ispras.ru>
    pinctrl: axp209: Fix NULL pointer dereference after allocation

Chao Yu <yuchao0@huawei.com>
    f2fs: fix to clear PG_checked flag in set_page_dirty()

Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
    net/9p: fix error path of p9_virtio_probe

Tomas Bortoli <tomasbortoli@gmail.com>
    net/9p/trans_fd.c: fix race by holding the lock

Jonas Gorski <jonas.gorski@gmail.com>
    irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP

Dan Carpenter <dan.carpenter@oracle.com>
    irqchip/stm32: Fix init error handling

Palmer Dabbelt <palmer@sifive.com>
    RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO

Chao Yu <yuchao0@huawei.com>
    f2fs: fix avoid race between truncate and background GC

Chao Yu <yuchao0@huawei.com>
    f2fs: avoid race between zero_range and background GC

Benno Evers <bevers@mesosphere.com>
    perf tools: Check for null when copying nsinfo.

Denis Efremov <efremov@linux.com>
    coccicheck: return proper error code on fail

Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
    drm/amd/display: Guard against null crtc in CRC IRQ

Myron Stowe <myron.stowe@redhat.com>
    PCI: Match Root Port's MPS to endpoint's MPSS as necessary

Jian Shen <shenjian15@huawei.com>
    net: hns3: Fix for phy link issue when using marvell phy driver

Jens Axboe <axboe@kernel.dk>
    block: don't warn for flush on read-only device

Xi Wang <wangxi11@huawei.com>
    net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero

Kim Phillips <kim.phillips@arm.com>
    perf arm spe: Fix uninitialized record error variable

Erik Schmauss <erik.schmauss@intel.com>
    ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value

Gal Pressman <pressmangal@gmail.com>
    RDMA/hns: Fix usage of bitmap allocation functions return values

Richard Weinberger <richard@nod.at>
    ubi: Initialize Fastmap checkmapping correctly

Daniel Borkmann <daniel@iogearbox.net>
    tcp, ulp: add alias for all ulp modules

Florian Westphal <fw@strlen.de>
    netfilter: fix memory leaks on netlink_dump_start error

Aleh Filipovich <aleh@vaolix.com>
    platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360

Michal Hocko <mhocko@suse.com>
    netfilter: x_tables: do not fail xt_alloc_table_info too easilly

Guenter Roeck <linux@roeck-us.net>
    mfd: sm501: Set coherent_dma_mask when creating subdevices

Tan Hu <tan.hu@zte.com.cn>
    ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()

Philipp Rudo <prudo@linux.ibm.com>
    s390/kdump: Fix memleak in nt_vmcoreinfo

Florian Westphal <fw@strlen.de>
    netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses

Jesper Dangaard Brouer <brouer@redhat.com>
    samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM

Daniel Borkmann <daniel@iogearbox.net>
    bpf, sockmap: fix leakage of smap_psock_map_entry

Tariq Toukan <tariqt@mellanox.com>
    net/xdp: Fix suspicious RCU usage warning

Daniel Borkmann <daniel@iogearbox.net>
    bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist

Daniel Borkmann <daniel@iogearbox.net>
    tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach

Daniel Borkmann <daniel@iogearbox.net>
    bpf, sockmap: fix map elem deletion race with smap_stop_sock

Randy Dunlap <rdunlap@infradead.org>
    platform/x86: intel_punit_ipc: fix build errors

Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()

Mike Rapoport <rppt@linux.vnet.ibm.com>
    mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM

Andrey Ryabinin <aryabinin@virtuozzo.com>
    mm/fadvise.c: fix signed overflow UBSAN complaint

Srikar Dronamraju <srikar@linux.vnet.ibm.com>
    powerpc/topology: Get topology for shared processors at boot

Jerome Brunet <jbrunet@baylibre.com>
    pwm: meson: Fix mux clock names

Michael J. Ruhl <michael.j.ruhl@intel.com>
    IB/hfi1: Invalid NUMA node information can cause a divide by zero

Hans de Goede <hdegoede@redhat.com>
    i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value

Arnd Bergmann <arnd@arndb.de>
    x86/mce: Add notifier_block forward declaration

Suzuki K Poulose <suzuki.poulose@arm.com>
    virtio: pci-legacy: Validate queue pfn

Dan Carpenter <dan.carpenter@oracle.com>
    apparmor: fix an error code in __aa_create_ns()

Randy Dunlap <rdunlap@infradead.org>
    scripts: modpost: check memory allocation results

Johannes Berg <johannes.berg@intel.com>
    workqueue: re-add lockdep dependencies for flushing

Johannes Berg <johannes.berg@intel.com>
    workqueue: skip lockdep wq dependency in cancel_work_sync()

OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
    fat: validate ->i_start before using

James Morse <james.morse@arm.com>
    fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries

Marc Zyngier <marc.zyngier@arm.com>
    iommu/rockchip: Move irq request past pm_runtime_enable

Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
    hfsplus: fix NULL dereference in hfsplus_lookup()

Marc Zyngier <marc.zyngier@arm.com>
    iommu/rockchip: Handle errors returned from PM framework

Arnd Bergmann <arnd@arndb.de>
    reiserfs: change j_timestamp type to time64_t

Arnd Bergmann <arnd@arndb.de>
    fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds

Jann Horn <jannh@google.com>
    fork: don't copy inconsistent signal handler state to child

Laura Abbott <labbott@redhat.com>
    sunrpc: Don't use stack buffer with scatterlist

Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
    hfs: prevent crash on exit from failed search

Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    hfsplus: don't return 0 when fill_super() failed

Ronnie Sahlberg <lsahlber@redhat.com>
    cifs: check if SMB2 PDU size has been padded and suppress the warning

Stephen Hemminger <stephen@networkplumber.org>
    hv_netvsc: ignore devices that are not PCI

Jason Wang <jasowang@redhat.com>
    vhost: correctly check the iova range when waking virtqueue

Ido Schimmel <idosch@mellanox.com>
    mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge

Xin Long <lucien.xin@gmail.com>
    sctp: hold transport before accessing its asoc in sctp_transport_get_next

Jakub Kicinski <jakub.kicinski@netronome.com>
    nfp: wait for posted reconfigs when disabling the device

Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
    ip6_vti: fix a null pointer deference when destroy vti6 tunnel

Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
    ip6_vti: fix creating fallback tunnel device for vti6

Jerome Brunet <jbrunet@baylibre.com>
    Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit"

Azat Khuzhin <a3at.mail@gmail.com>
    r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices

Tariq Toukan <tariqt@mellanox.com>
    net/mlx5: Fix SQ offset in QPs with small RQ

David Ahern <dsahern@gmail.com>
    net/ipv6: Put lwtstate when destroying fib6_info

David Ahern <dsahern@gmail.com>
    net/ipv6: Only update MTU metric if it set

Hangbin Liu <liuhangbin@gmail.com>
    net/ipv6: init ip6 anycast rt->dst.input as ip6_input

Alexey Kodanev <alexey.kodanev@oracle.com>
    ipv6: don't get lwtstate twice in ip6_rt_copy_init()

Ahmad Fatoum <a.fatoum@pengutronix.de>
    net: macb: Fix regression breaking non-MDIO fixed-link PHYs

Xin Long <lucien.xin@gmail.com>
    erspan: set erspan_ver to 1 by default when adding an erspan dev

Xin Long <lucien.xin@gmail.com>
    sctp: remove useless start_fail from sctp_ht_iter in proc

Haiqing Bai <Haiqing.Bai@windriver.com>
    tipc: fix the big/little endian issue in tipc_dest

Dexuan Cui <decui@microsoft.com>
    hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe()

Cong Wang <xiyou.wangcong@gmail.com>
    tipc: fix a missing rhashtable_walk_exit()

Davide Caratti <dcaratti@redhat.com>
    net/sched: act_pedit: fix dump of extended layered op

Michael Chan <michael.chan@broadcom.com>
    bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA.

Michael Chan <michael.chan@broadcom.com>
    bnxt_en: Clean up unused functions.

Vlad Buslov <vladbu@mellanox.com>
    net: sched: action_ife: take reference to meta module

Cong Wang <xiyou.wangcong@gmail.com>
    act_ife: fix a potential deadlock

Cong Wang <xiyou.wangcong@gmail.com>
    act_ife: move tcfa_lock down to where necessary

Alexey Kodanev <alexey.kodanev@oracle.com>
    vti6: remove !skb->ignore_df check from vti6_xmit()

Florian Westphal <fw@strlen.de>
    tcp: do not restart timewait timer on rst reception

Anthony Wong <anthony.wong@ubuntu.com>
    r8169: add support for NCube 8168 network card

Kai-Heng Feng <kai.heng.feng@canonical.com>
    r8152: disable RX aggregation on new Dell TB16 dock

Manish Chopra <manish.chopra@cavium.com>
    qlge: Fix netdev features configuration.

Kees Cook <keescook@chromium.org>
    net: sched: Fix memory exposure from short TCA_U32_SEL

Anssi Hannula <anssi.hannula@bitwise.fi>
    net: macb: do not disable MDIO bus at open/close time

Doug Berger <opendmb@gmail.com>
    net: bcmgenet: use MAC link status for fixed phy

Eric Dumazet <edumazet@google.com>
    ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state

Cong Wang <xiyou.wangcong@gmail.com>
    act_ife: fix a potential use-after-free


-------------

Diffstat:

 Makefile                                           |   4 +-
 arch/arm/mach-rockchip/Kconfig                     |   1 +
 arch/arm64/Kconfig.platforms                       |   1 +
 arch/powerpc/include/asm/topology.h                |   5 +
 arch/powerpc/include/asm/uaccess.h                 |  13 +-
 arch/powerpc/kernel/exceptions-64s.S               |   6 +
 arch/powerpc/kernel/smp.c                          |   5 +
 arch/powerpc/mm/numa.c                             |  20 +--
 arch/powerpc/platforms/85xx/t1042rdb_diu.c         |   4 +
 arch/powerpc/platforms/pseries/ras.c               |   2 +-
 arch/powerpc/sysdev/mpic_msgr.c                    |   2 +-
 arch/riscv/kernel/vdso/Makefile                    |   4 +-
 arch/s390/kernel/crash_dump.c                      |  17 ++-
 arch/um/Makefile                                   |   3 +-
 arch/x86/include/asm/mce.h                         |   1 +
 arch/x86/include/asm/pgtable-3level.h              |   7 +-
 arch/x86/kernel/tsc.c                              |   4 +-
 arch/x86/kvm/mmu.c                                 |  43 ++++++-
 arch/x86/kvm/vmx.c                                 |  26 ++--
 arch/x86/kvm/x86.c                                 |  12 +-
 arch/x86/xen/mmu_pv.c                              |   7 +-
 block/bio.c                                        |   2 +-
 block/blk-core.c                                   |   4 +-
 block/blk-mq-tag.c                                 |   3 +
 block/blk-mq.c                                     |   8 +-
 block/cfq-iosched.c                                |  22 ++--
 drivers/acpi/acpica/hwregs.c                       |   9 +-
 drivers/acpi/scan.c                                |   5 +-
 drivers/clk/rockchip/clk-rk3399.c                  |   1 +
 drivers/gpu/drm/amd/amdgpu/amdgpu.h                |   6 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c             |   2 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c            |  23 ++--
 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c         |  38 ++++--
 drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c             |   2 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c            |   5 +
 drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c          |  21 +---
 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h            |   2 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h          |   4 +
 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c            |  17 +--
 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c       |  20 ++-
 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c              |   2 +-
 drivers/gpu/drm/amd/amdgpu/psp_v10_0.c             |   3 +
 drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c              |   3 +-
 drivers/gpu/drm/amd/amdgpu/vcn_v1_0.c              |  40 ++++--
 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c  |  10 +-
 .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c  |  10 +-
 .../gpu/drm/amd/display/dc/bios/command_table.c    |  18 +++
 drivers/gpu/drm/amd/display/dc/core/dc_link.c      |  11 ++
 drivers/gpu/drm/amd/display/dc/core/dc_resource.c  |  68 ++++++++---
 drivers/gpu/drm/amd/display/dc/dc.h                |   1 +
 .../gpu/drm/amd/display/dc/dce/dce_link_encoder.c  |   4 +-
 .../drm/amd/display/dc/dce100/dce100_resource.c    |   2 +-
 .../drm/amd/display/dc/dce110/dce110_compressor.c  |   2 +-
 .../amd/display/dc/dce110/dce110_hw_sequencer.c    |   4 +-
 .../gpu/drm/amd/display/dc/dce80/dce80_resource.c  |   3 +
 drivers/gpu/drm/amd/display/dc/inc/resource.h      |   5 +
 .../gpu/drm/amd/powerplay/hwmgr/smu7_powertune.c   |  43 +++++++
 drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c   |   5 +-
 drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c |   2 +-
 drivers/gpu/drm/drm_edid.c                         |   6 +-
 drivers/gpu/drm/etnaviv/etnaviv_gpu.c              |   1 +
 drivers/gpu/drm/i915/i915_drv.c                    |  10 --
 drivers/gpu/drm/i915/i915_drv.h                    |   8 --
 drivers/gpu/drm/i915/i915_reg.h                    |   1 +
 drivers/gpu/drm/i915/intel_ddi.c                   |   4 +
 drivers/gpu/drm/i915/intel_dp.c                    |  33 ++---
 drivers/gpu/drm/i915/intel_hdmi.c                  |   8 +-
 drivers/gpu/drm/i915/intel_lpe_audio.c             |   4 +-
 drivers/gpu/drm/i915/intel_lspcon.c                |   2 +-
 drivers/gpu/drm/i915/intel_lvds.c                  | 136 +--------------------
 drivers/gpu/drm/rockchip/rockchip_drm_vop.c        |  69 +++++++----
 drivers/gpu/drm/rockchip/rockchip_lvds.c           |   4 +-
 drivers/hid/hid-redragon.c                         |  26 +---
 drivers/i2c/i2c-core-acpi.c                        |   8 +-
 drivers/infiniband/hw/hfi1/affinity.c              |  24 +++-
 drivers/infiniband/hw/hns/hns_roce_pd.c            |   2 +-
 drivers/infiniband/hw/hns/hns_roce_qp.c            |   5 +-
 drivers/input/input.c                              |  16 ++-
 drivers/iommu/omap-iommu.c                         |   4 +-
 drivers/iommu/rockchip-iommu.c                     |  45 ++++---
 drivers/irqchip/irq-bcm7038-l1.c                   |   4 +
 drivers/irqchip/irq-stm32-exti.c                   |  25 ++--
 drivers/md/dm-kcopyd.c                             |   2 +
 drivers/mfd/sm501.c                                |   1 +
 drivers/mtd/ubi/vtbl.c                             |  20 +--
 drivers/net/ethernet/broadcom/bnxt/bnxt.c          |   9 +-
 drivers/net/ethernet/broadcom/bnxt/bnxt.h          |   3 +-
 drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c    |   7 +-
 drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c      |  20 ---
 drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h      |   1 -
 drivers/net/ethernet/broadcom/genet/bcmgenet.h     |   3 +
 drivers/net/ethernet/broadcom/genet/bcmmii.c       |  10 +-
 drivers/net/ethernet/cadence/macb_main.c           |  36 ++++--
 .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c    |   2 +-
 .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c    |   2 +
 drivers/net/ethernet/mellanox/mlx5/core/wq.c       |   5 +-
 drivers/net/ethernet/mellanox/mlxsw/spectrum.h     |   2 +
 .../net/ethernet/mellanox/mlxsw/spectrum_router.c  |  11 ++
 .../ethernet/mellanox/mlxsw/spectrum_switchdev.c   |  20 +++
 .../net/ethernet/netronome/nfp/nfp_net_common.c    |  48 +++++---
 drivers/net/ethernet/qlogic/qlge/qlge_main.c       |  23 ++--
 drivers/net/ethernet/realtek/r8169.c               |   7 +-
 drivers/net/ethernet/stmicro/stmmac/stmmac.h       |   1 -
 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c  |   5 +-
 drivers/net/hyperv/netvsc_drv.c                    |  16 ++-
 drivers/net/usb/r8152.c                            |   4 +-
 .../broadcom/brcm80211/brcmfmac/cfg80211.c         |   8 +-
 drivers/pci/controller/pci-mvebu.c                 |   2 +-
 drivers/pci/probe.c                                |  12 +-
 drivers/pinctrl/pinctrl-axp209.c                   |  26 +++-
 drivers/platform/x86/asus-nb-wmi.c                 |   1 +
 drivers/platform/x86/intel_punit_ipc.c             |   1 +
 drivers/pwm/pwm-meson.c                            |   3 +-
 drivers/s390/block/dasd_eckd.c                     |  10 +-
 drivers/scsi/aic94xx/aic94xx_init.c                |   4 +-
 drivers/staging/comedi/drivers/ni_mio_common.c     |   3 +-
 drivers/vhost/vhost.c                              |   2 +-
 drivers/virtio/virtio_pci_legacy.c                 |  14 ++-
 drivers/xen/xen-balloon.c                          |   2 +-
 fs/btrfs/check-integrity.c                         |   7 +-
 fs/btrfs/dev-replace.c                             |   6 +
 fs/btrfs/extent-tree.c                             |   2 +-
 fs/btrfs/relocation.c                              |  23 ++--
 fs/btrfs/super.c                                   |  44 ++++---
 fs/btrfs/tree-checker.c                            |  15 ++-
 fs/btrfs/volumes.c                                 |  94 ++++++++------
 fs/cifs/cifs_debug.c                               |   8 ++
 fs/cifs/connect.c                                  |   8 +-
 fs/cifs/smb2misc.c                                 |   7 ++
 fs/cifs/smb2pdu.c                                  | 103 ++++++++--------
 fs/dcache.c                                        |   3 +-
 fs/f2fs/data.c                                     |   8 ++
 fs/f2fs/file.c                                     |  48 +++++---
 fs/fat/cache.c                                     |  19 +--
 fs/fat/fat.h                                       |   5 +
 fs/fat/fatent.c                                    |   6 +-
 fs/hfs/brec.c                                      |   7 +-
 fs/hfsplus/dir.c                                   |   4 +-
 fs/hfsplus/super.c                                 |   4 +-
 fs/nfs/nfs4proc.c                                  |   2 +-
 fs/proc/kcore.c                                    |   4 +-
 fs/proc/vmcore.c                                   |   2 +
 fs/reiserfs/reiserfs.h                             |   2 +-
 include/linux/pci_ids.h                            |   2 +
 include/net/tcp.h                                  |   4 +
 include/uapi/linux/keyctl.h                        |   2 +-
 kernel/bpf/inode.c                                 |   8 +-
 kernel/bpf/sockmap.c                               | 120 ++++++++++--------
 kernel/fork.c                                      |   5 +-
 kernel/workqueue.c                                 |  45 ++++---
 lib/debugobjects.c                                 |   7 +-
 mm/Kconfig                                         |   2 +-
 mm/fadvise.c                                       |   8 +-
 net/9p/trans_fd.c                                  |  10 +-
 net/9p/trans_virtio.c                              |   3 +-
 net/core/xdp.c                                     |  14 +--
 net/ipv4/ip_gre.c                                  |   3 +
 net/ipv4/tcp_ipv4.c                                |   6 +
 net/ipv4/tcp_minisocks.c                           |   3 +-
 net/ipv4/tcp_ulp.c                                 |   4 +-
 net/ipv6/ip6_fib.c                                 |   7 +-
 net/ipv6/ip6_gre.c                                 |   1 +
 net/ipv6/ip6_vti.c                                 |   7 +-
 net/ipv6/netfilter/ip6t_rpfilter.c                 |  12 +-
 net/ipv6/route.c                                   |   3 +-
 net/netfilter/ipvs/ip_vs_core.c                    |  15 ++-
 net/netfilter/nf_conntrack_netlink.c               |  26 ++--
 net/netfilter/nfnetlink_acct.c                     |  29 ++---
 net/netfilter/x_tables.c                           |   7 +-
 net/rds/ib_frmr.c                                  |   1 +
 net/sched/act_ife.c                                |  78 +++++++-----
 net/sched/act_pedit.c                              |  18 ++-
 net/sched/cls_u32.c                                |  10 +-
 net/sctp/proc.c                                    |   8 --
 net/sctp/socket.c                                  |  22 ++--
 net/sunrpc/auth_gss/gss_krb5_crypto.c              |  12 +-
 net/tipc/name_table.c                              |  10 +-
 net/tipc/name_table.h                              |   9 +-
 net/tipc/socket.c                                  |   2 +
 net/tls/tls_main.c                                 |   1 +
 samples/bpf/xdp_redirect_cpu_user.c                |   3 +-
 samples/bpf/xdp_rxq_info_user.c                    |   3 +-
 scripts/coccicheck                                 |   5 +-
 scripts/depmod.sh                                  |   4 +-
 scripts/mod/modpost.c                              |   8 +-
 security/apparmor/policy_ns.c                      |   2 +-
 security/keys/dh.c                                 |   2 +-
 security/selinux/selinuxfs.c                       |  33 +++--
 sound/soc/codecs/rt5677.c                          |   2 +-
 sound/soc/codecs/wm8994.c                          |   1 +
 tools/perf/arch/arm64/util/arm-spe.c               |   1 +
 tools/perf/arch/powerpc/util/sym-handling.c        |   4 +-
 tools/perf/util/namespaces.c                       |   3 +
 tools/testing/selftests/powerpc/harness.c          |  18 ++-
 194 files changed, 1498 insertions(+), 954 deletions(-)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 001/197] act_ife: fix a potential use-after-free
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 002/197] ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state Greg Kroah-Hartman
                   ` (197 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jamal Hadi Salim, Cong Wang, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Cong Wang <xiyou.wangcong@gmail.com>

[ Upstream commit 6d784f1625ea68783cc1fb17de8f6cd3e1660c3f ]

Immediately after module_put(), user could delete this
module, so e->ops could be already freed before we call
e->ops->release().

Fix this by moving module_put() after ops->release().

Fixes: ef6980b6becb ("introduce IFE action")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sched/act_ife.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/sched/act_ife.c
+++ b/net/sched/act_ife.c
@@ -393,7 +393,6 @@ static void _tcf_ife_cleanup(struct tc_a
 	struct tcf_meta_info *e, *n;
 
 	list_for_each_entry_safe(e, n, &ife->metalist, metalist) {
-		module_put(e->ops->owner);
 		list_del(&e->metalist);
 		if (e->metaval) {
 			if (e->ops->release)
@@ -401,6 +400,7 @@ static void _tcf_ife_cleanup(struct tc_a
 			else
 				kfree(e->metaval);
 		}
+		module_put(e->ops->owner);
 		kfree(e);
 	}
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 002/197] ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 001/197] act_ife: fix a potential use-after-free Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 003/197] net: bcmgenet: use MAC link status for fixed phy Greg Kroah-Hartman
                   ` (196 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Geoff Alexander,
	David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet@google.com>

[ Upstream commit 431280eebed9f5079553daf003011097763e71fd ]

tcp uses per-cpu (and per namespace) sockets (net->ipv4.tcp_sk) internally
to send some control packets.

1) RST packets, through tcp_v4_send_reset()
2) ACK packets in SYN-RECV and TIME-WAIT state, through tcp_v4_send_ack()

These packets assert IP_DF, and also use the hashed IP ident generator
to provide an IPv4 ID number.

Geoff Alexander reported this could be used to build off-path attacks.

These packets should not be fragmented, since their size is smaller than
IPV4_MIN_MTU. Only some tunneled paths could eventually have to fragment,
regardless of inner IPID.

We really can use zero IPID, to address the flaw, and as a bonus,
avoid a couple of atomic operations in ip_idents_reserve()

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Geoff Alexander <alexandg@cs.unm.edu>
Tested-by: Geoff Alexander <alexandg@cs.unm.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv4/tcp_ipv4.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2516,6 +2516,12 @@ static int __net_init tcp_sk_init(struct
 		if (res)
 			goto fail;
 		sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
+
+		/* Please enforce IP_DF and IPID==0 for RST and
+		 * ACK sent in SYN-RECV and TIME-WAIT state.
+		 */
+		inet_sk(sk)->pmtudisc = IP_PMTUDISC_DO;
+
 		*per_cpu_ptr(net->ipv4.tcp_sk, cpu) = sk;
 	}
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 003/197] net: bcmgenet: use MAC link status for fixed phy
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 001/197] act_ife: fix a potential use-after-free Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 002/197] ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 004/197] net: macb: do not disable MDIO bus at open/close time Greg Kroah-Hartman
                   ` (195 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Doug Berger, Florian Fainelli,
	David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Doug Berger <opendmb@gmail.com>

[ Upstream commit c3c397c1f16c51601a3fac4fe0c63ad8aa85a904 ]

When using the fixed PHY with GENET (e.g. MOCA) the PHY link
status can be determined from the internal link status captured
by the MAC. This allows the PHY state machine to use the correct
link state with the fixed PHY even if MAC link event interrupts
are missed when the net device is opened.

Fixes: 8d88c6ebb34c ("net: bcmgenet: enable MoCA link state change detection")
Signed-off-by: Doug Berger <opendmb@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/broadcom/genet/bcmgenet.h |    3 +++
 drivers/net/ethernet/broadcom/genet/bcmmii.c   |   10 ++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h
@@ -186,6 +186,9 @@ struct bcmgenet_mib_counters {
 #define UMAC_MAC1			0x010
 #define UMAC_MAX_FRAME_LEN		0x014
 
+#define UMAC_MODE			0x44
+#define  MODE_LINK_STATUS		(1 << 5)
+
 #define UMAC_EEE_CTRL			0x064
 #define  EN_LPI_RX_PAUSE		(1 << 0)
 #define  EN_LPI_TX_PFC			(1 << 1)
--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
@@ -115,8 +115,14 @@ void bcmgenet_mii_setup(struct net_devic
 static int bcmgenet_fixed_phy_link_update(struct net_device *dev,
 					  struct fixed_phy_status *status)
 {
-	if (dev && dev->phydev && status)
-		status->link = dev->phydev->link;
+	struct bcmgenet_priv *priv;
+	u32 reg;
+
+	if (dev && dev->phydev && status) {
+		priv = netdev_priv(dev);
+		reg = bcmgenet_umac_readl(priv, UMAC_MODE);
+		status->link = !!(reg & MODE_LINK_STATUS);
+	}
 
 	return 0;
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 004/197] net: macb: do not disable MDIO bus at open/close time
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 003/197] net: bcmgenet: use MAC link status for fixed phy Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 005/197] net: sched: Fix memory exposure from short TCA_U32_SEL Greg Kroah-Hartman
                   ` (194 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anssi Hannula, Claudiu Beznea,
	David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Anssi Hannula <anssi.hannula@bitwise.fi>

[ Upstream commit 0da70f808029476001109b6cb076737bc04cea2e ]

macb_reset_hw() is called from macb_close() and indirectly from
macb_open(). macb_reset_hw() zeroes the NCR register, including the MPE
(Management Port Enable) bit.

This will prevent accessing any other PHYs for other Ethernet MACs on
the MDIO bus, which remains registered at macb_reset_hw() time, until
macb_init_hw() is called from macb_open() which sets the MPE bit again.

I.e. currently the MDIO bus has a short disruption at open time and is
disabled at close time until the interface is opened again.

Fix that by only touching the RE and TE bits when enabling and disabling
RX/TX.

v2: Make macb_init_hw() NCR write a single statement.

Fixes: 6c36a7074436 ("macb: Use generic PHY layer")
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Tested-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/cadence/macb_main.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- a/drivers/net/ethernet/cadence/macb_main.c
+++ b/drivers/net/ethernet/cadence/macb_main.c
@@ -1957,14 +1957,17 @@ static void macb_reset_hw(struct macb *b
 {
 	struct macb_queue *queue;
 	unsigned int q;
+	u32 ctrl = macb_readl(bp, NCR);
 
 	/* Disable RX and TX (XXX: Should we halt the transmission
 	 * more gracefully?)
 	 */
-	macb_writel(bp, NCR, 0);
+	ctrl &= ~(MACB_BIT(RE) | MACB_BIT(TE));
 
 	/* Clear the stats registers (XXX: Update stats first?) */
-	macb_writel(bp, NCR, MACB_BIT(CLRSTAT));
+	ctrl |= MACB_BIT(CLRSTAT);
+
+	macb_writel(bp, NCR, ctrl);
 
 	/* Clear all status flags */
 	macb_writel(bp, TSR, -1);
@@ -2152,7 +2155,7 @@ static void macb_init_hw(struct macb *bp
 	}
 
 	/* Enable TX and RX */
-	macb_writel(bp, NCR, MACB_BIT(RE) | MACB_BIT(TE) | MACB_BIT(MPE));
+	macb_writel(bp, NCR, macb_readl(bp, NCR) | MACB_BIT(RE) | MACB_BIT(TE));
 }
 
 /* The hash address register is 64 bits long and takes up two



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 005/197] net: sched: Fix memory exposure from short TCA_U32_SEL
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 004/197] net: macb: do not disable MDIO bus at open/close time Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 006/197] qlge: Fix netdev features configuration Greg Kroah-Hartman
                   ` (193 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Al Viro, Jamal Hadi Salim, Cong Wang,
	Jiri Pirko, David S. Miller, netdev, Kees Cook

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Kees Cook <keescook@chromium.org>

[ Upstream commit 98c8f125fd8a6240ea343c1aa50a1be9047791b8 ]

Via u32_change(), TCA_U32_SEL has an unspecified type in the netlink
policy, so max length isn't enforced, only minimum. This means nkeys
(from userspace) was being trusted without checking the actual size of
nla_len(), which could lead to a memory over-read, and ultimately an
exposure via a call to u32_dump(). Reachability is CAP_NET_ADMIN within
a namespace.

Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sched/cls_u32.c |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -912,6 +912,7 @@ static int u32_change(struct net *net, s
 	struct nlattr *opt = tca[TCA_OPTIONS];
 	struct nlattr *tb[TCA_U32_MAX + 1];
 	u32 htid, flags = 0;
+	size_t sel_size;
 	int err;
 #ifdef CONFIG_CLS_U32_PERF
 	size_t size;
@@ -1074,8 +1075,13 @@ static int u32_change(struct net *net, s
 	}
 
 	s = nla_data(tb[TCA_U32_SEL]);
+	sel_size = struct_size(s, keys, s->nkeys);
+	if (nla_len(tb[TCA_U32_SEL]) < sel_size) {
+		err = -EINVAL;
+		goto erridr;
+	}
 
-	n = kzalloc(sizeof(*n) + s->nkeys*sizeof(struct tc_u32_key), GFP_KERNEL);
+	n = kzalloc(offsetof(typeof(*n), sel) + sel_size, GFP_KERNEL);
 	if (n == NULL) {
 		err = -ENOBUFS;
 		goto erridr;
@@ -1090,7 +1096,7 @@ static int u32_change(struct net *net, s
 	}
 #endif
 
-	memcpy(&n->sel, s, sizeof(*s) + s->nkeys*sizeof(struct tc_u32_key));
+	memcpy(&n->sel, s, sel_size);
 	RCU_INIT_POINTER(n->ht_up, ht);
 	n->handle = handle;
 	n->fshift = s->hmask ? ffs(ntohl(s->hmask)) - 1 : 0;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 006/197] qlge: Fix netdev features configuration.
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 005/197] net: sched: Fix memory exposure from short TCA_U32_SEL Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 007/197] r8152: disable RX aggregation on new Dell TB16 dock Greg Kroah-Hartman
                   ` (192 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Manish, Benjamin Poirier, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Manish Chopra <manish.chopra@cavium.com>

[ Upstream commit 6750c87074c5b534d82fdaabb1deb45b8f1f57de ]

qlge_fix_features() is not supposed to modify hardware or
driver state, rather it is supposed to only fix requested
fetures bits. Currently qlge_fix_features() also goes for
interface down and up unnecessarily if there is not even
any change in features set.

This patch changes/fixes following -

1) Move reload of interface or device re-config from
   qlge_fix_features() to qlge_set_features().
2) Reload of interface in qlge_set_features() only if
   relevant feature bit (NETIF_F_HW_VLAN_CTAG_RX) is changed.
3) Get rid of qlge_fix_features() since driver is not really
   required to fix any features bit.

Signed-off-by: Manish <manish.chopra@cavium.com>
Reviewed-by: Benjamin Poirier <bpoirier@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/qlogic/qlge/qlge_main.c |   23 ++++++++---------------
 1 file changed, 8 insertions(+), 15 deletions(-)

--- a/drivers/net/ethernet/qlogic/qlge/qlge_main.c
+++ b/drivers/net/ethernet/qlogic/qlge/qlge_main.c
@@ -2384,26 +2384,20 @@ static int qlge_update_hw_vlan_features(
 	return status;
 }
 
-static netdev_features_t qlge_fix_features(struct net_device *ndev,
-	netdev_features_t features)
-{
-	int err;
-
-	/* Update the behavior of vlan accel in the adapter */
-	err = qlge_update_hw_vlan_features(ndev, features);
-	if (err)
-		return err;
-
-	return features;
-}
-
 static int qlge_set_features(struct net_device *ndev,
 	netdev_features_t features)
 {
 	netdev_features_t changed = ndev->features ^ features;
+	int err;
+
+	if (changed & NETIF_F_HW_VLAN_CTAG_RX) {
+		/* Update the behavior of vlan accel in the adapter */
+		err = qlge_update_hw_vlan_features(ndev, features);
+		if (err)
+			return err;
 
-	if (changed & NETIF_F_HW_VLAN_CTAG_RX)
 		qlge_vlan_mode(ndev, features);
+	}
 
 	return 0;
 }
@@ -4719,7 +4713,6 @@ static const struct net_device_ops qlge_
 	.ndo_set_mac_address	= qlge_set_mac_address,
 	.ndo_validate_addr	= eth_validate_addr,
 	.ndo_tx_timeout		= qlge_tx_timeout,
-	.ndo_fix_features	= qlge_fix_features,
 	.ndo_set_features	= qlge_set_features,
 	.ndo_vlan_rx_add_vid	= qlge_vlan_rx_add_vid,
 	.ndo_vlan_rx_kill_vid	= qlge_vlan_rx_kill_vid,



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 007/197] r8152: disable RX aggregation on new Dell TB16 dock
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 006/197] qlge: Fix netdev features configuration Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 008/197] r8169: add support for NCube 8168 network card Greg Kroah-Hartman
                   ` (191 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Kai-Heng Feng <kai.heng.feng@canonical.com>

[ Upstream commit 176eb614b118c96e7797f5ddefd10708c316f621 ]

There's a new Dell TB16 dock with a different iSerialNumber.

Apply the same fix from commit 0b1655143df0 ("r8152: disable RX
aggregation on Dell TB16 dock") to this model.

BugLink: https://bugs.launchpad.net/bugs/1785780
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/usb/r8152.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -5214,8 +5214,8 @@ static int rtl8152_probe(struct usb_inte
 		netdev->hw_features &= ~NETIF_F_RXCSUM;
 	}
 
-	if (le16_to_cpu(udev->descriptor.bcdDevice) == 0x3011 &&
-	    udev->serial && !strcmp(udev->serial, "000001000000")) {
+	if (le16_to_cpu(udev->descriptor.bcdDevice) == 0x3011 && udev->serial &&
+	    (!strcmp(udev->serial, "000001000000") || !strcmp(udev->serial, "000002000000"))) {
 		dev_info(&udev->dev, "Dell TB16 Dock, disable RX aggregation");
 		set_bit(DELL_TB_RX_AGG_BUG, &tp->flags);
 	}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 008/197] r8169: add support for NCube 8168 network card
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 007/197] r8152: disable RX aggregation on new Dell TB16 dock Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 009/197] tcp: do not restart timewait timer on rst reception Greg Kroah-Hartman
                   ` (190 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Anthony Wong, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Anthony Wong <anthony.wong@ubuntu.com>

[ Upstream commit 9fd0e09a4e86499639653243edfcb417a05c5c46 ]

This card identifies itself as:
  Ethernet controller [0200]: NCube Device [10ff:8168] (rev 06)
  Subsystem: TP-LINK Technologies Co., Ltd. Device [7470:3468]

Adding a new entry to rtl8169_pci_tbl makes the card work.

Link: http://launchpad.net/bugs/1788730
Signed-off-by: Anthony Wong <anthony.wong@ubuntu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/realtek/r8169.c |    1 +
 include/linux/pci_ids.h              |    2 ++
 2 files changed, 3 insertions(+)

--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
@@ -303,6 +303,7 @@ static const struct pci_device_id rtl816
 	{ PCI_DEVICE(PCI_VENDOR_ID_REALTEK,	0x8161), 0, 0, RTL_CFG_1 },
 	{ PCI_DEVICE(PCI_VENDOR_ID_REALTEK,	0x8167), 0, 0, RTL_CFG_0 },
 	{ PCI_DEVICE(PCI_VENDOR_ID_REALTEK,	0x8168), 0, 0, RTL_CFG_1 },
+	{ PCI_DEVICE(PCI_VENDOR_ID_NCUBE,	0x8168), 0, 0, RTL_CFG_1 },
 	{ PCI_DEVICE(PCI_VENDOR_ID_REALTEK,	0x8169), 0, 0, RTL_CFG_0 },
 	{ PCI_VENDOR_ID_DLINK,			0x4300,
 		PCI_VENDOR_ID_DLINK, 0x4b10,		 0, 0, RTL_CFG_1 },
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -3082,4 +3082,6 @@
 
 #define PCI_VENDOR_ID_OCZ		0x1b85
 
+#define PCI_VENDOR_ID_NCUBE		0x10ff
+
 #endif /* _LINUX_PCI_IDS_H */



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 009/197] tcp: do not restart timewait timer on rst reception
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 008/197] r8169: add support for NCube 8168 network card Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 010/197] vti6: remove !skb->ignore_df check from vti6_xmit() Greg Kroah-Hartman
                   ` (189 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Michal Tesar, Florian Westphal,
	Eric Dumazet, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Florian Westphal <fw@strlen.de>

[ Upstream commit 63cc357f7bba6729869565a12df08441a5995d9a ]

RFC 1337 says:
 ''Ignore RST segments in TIME-WAIT state.
   If the 2 minute MSL is enforced, this fix avoids all three hazards.''

So with net.ipv4.tcp_rfc1337=1, expected behaviour is to have TIME-WAIT sk
expire rather than removing it instantly when a reset is received.

However, Linux will also re-start the TIME-WAIT timer.

This causes connect to fail when tying to re-use ports or very long
delays (until syn retry interval exceeds MSL).

packetdrill test case:
// Demonstrate bogus rearming of TIME-WAIT timer in rfc1337 mode.
`sysctl net.ipv4.tcp_rfc1337=1`

0.000 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
0.000 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
0.000 bind(3, ..., ...) = 0
0.000 listen(3, 1) = 0

0.100 < S 0:0(0) win 29200 <mss 1460,nop,nop,sackOK,nop,wscale 7>
0.100 > S. 0:0(0) ack 1 <mss 1460,nop,nop,sackOK,nop,wscale 7>
0.200 < . 1:1(0) ack 1 win 257
0.200 accept(3, ..., ...) = 4

// Receive first segment
0.310 < P. 1:1001(1000) ack 1 win 46

// Send one ACK
0.310 > . 1:1(0) ack 1001

// read 1000 byte
0.310 read(4, ..., 1000) = 1000

// Application writes 100 bytes
0.350 write(4, ..., 100) = 100
0.350 > P. 1:101(100) ack 1001

// ACK
0.500 < . 1001:1001(0) ack 101 win 257

// close the connection
0.600 close(4) = 0
0.600 > F. 101:101(0) ack 1001 win 244

// Our side is in FIN_WAIT_1 & waits for ack to fin
0.7 < . 1001:1001(0) ack 102 win 244

// Our side is in FIN_WAIT_2 with no outstanding data.
0.8 < F. 1001:1001(0) ack 102 win 244
0.8 > . 102:102(0) ack 1002 win 244

// Our side is now in TIME_WAIT state, send ack for fin.
0.9 < F. 1002:1002(0) ack 102 win 244
0.9 > . 102:102(0) ack 1002 win 244

// Peer reopens with in-window SYN:
1.000 < S 1000:1000(0) win 9200 <mss 1460,nop,nop,sackOK,nop,wscale 7>

// Therefore, reply with ACK.
1.000 > . 102:102(0) ack 1002 win 244

// Peer sends RST for this ACK.  Normally this RST results
// in tw socket removal, but rfc1337=1 setting prevents this.
1.100 < R 1002:1002(0) win 244

// second syn. Due to rfc1337=1 expect another pure ACK.
31.0 < S 1000:1000(0) win 9200 <mss 1460,nop,nop,sackOK,nop,wscale 7>
31.0 > . 102:102(0) ack 1002 win 244

// .. and another RST from peer.
31.1 < R 1002:1002(0) win 244
31.2 `echo no timer restart;ss -m -e -a -i -n -t -o state TIME-WAIT`

// third syn after one minute.  Time-Wait socket should have expired by now.
63.0 < S 1000:1000(0) win 9200 <mss 1460,nop,nop,sackOK,nop,wscale 7>

// so we expect a syn-ack & 3whs to proceed from here on.
63.0 > S. 0:0(0) ack 1 <mss 1460,nop,nop,sackOK,nop,wscale 7>

Without this patch, 'ss' shows restarts of tw timer and last packet is
thus just another pure ack, more than one minute later.

This restores the original code from commit 283fd6cf0be690a83
("Merge in ANK networking jumbo patch") in netdev-vger-cvs.git .

For some reason the else branch was removed/lost in 1f28b683339f7
("Merge in TCP/UDP optimizations and [..]") and timer restart became
unconditional.

Reported-by: Michal Tesar <mtesar@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv4/tcp_minisocks.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -184,8 +184,9 @@ kill:
 				inet_twsk_deschedule_put(tw);
 				return TCP_TW_SUCCESS;
 			}
+		} else {
+			inet_twsk_reschedule(tw, TCP_TIMEWAIT_LEN);
 		}
-		inet_twsk_reschedule(tw, TCP_TIMEWAIT_LEN);
 
 		if (tmp_opt.saw_tstamp) {
 			tcptw->tw_ts_recent	  = tmp_opt.rcv_tsval;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 010/197] vti6: remove !skb->ignore_df check from vti6_xmit()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 009/197] tcp: do not restart timewait timer on rst reception Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 011/197] act_ife: move tcfa_lock down to where necessary Greg Kroah-Hartman
                   ` (188 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexey Kodanev, Steffen Klassert,
	David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alexey Kodanev <alexey.kodanev@oracle.com>

[ Upstream commit 9f2895461439fda2801a7906fb4c5fb3dbb37a0a ]

Before the commit d6990976af7c ("vti6: fix PMTU caching and reporting
on xmit") '!skb->ignore_df' check was always true because the function
skb_scrub_packet() was called before it, resetting ignore_df to zero.

In the commit, skb_scrub_packet() was moved below, and now this check
can be false for the packet, e.g. when sending it in the two fragments,
this prevents successful PMTU updates in such case. The next attempts
to send the packet lead to the same tx error. Moreover, vti6 initial
MTU value relies on PMTU adjustments.

This issue can be reproduced with the following LTP test script:
    udp_ipsec_vti.sh -6 -p ah -m tunnel -s 2000

Fixes: ccd740cbc6e0 ("vti6: Add pmtu handling to vti6_xmit.")
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/ip6_vti.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -481,7 +481,7 @@ vti6_xmit(struct sk_buff *skb, struct ne
 	}
 
 	mtu = dst_mtu(dst);
-	if (!skb->ignore_df && skb->len > mtu) {
+	if (skb->len > mtu) {
 		skb_dst_update_pmtu(skb, mtu);
 
 		if (skb->protocol == htons(ETH_P_IPV6)) {



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 011/197] act_ife: move tcfa_lock down to where necessary
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 010/197] vti6: remove !skb->ignore_df check from vti6_xmit() Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 012/197] act_ife: fix a potential deadlock Greg Kroah-Hartman
                   ` (187 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vlad Buslov, Jamal Hadi Salim,
	Cong Wang, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Cong Wang <xiyou.wangcong@gmail.com>

[ Upstream commit 4e407ff5cd67ec76eeeea1deec227b7982dc7f66 ]

The only time we need to take tcfa_lock is when adding
a new metainfo to an existing ife->metalist. We don't need
to take tcfa_lock so early and so broadly in tcf_ife_init().

This means we can always take ife_mod_lock first, avoid the
reverse locking ordering warning as reported by Vlad.

Reported-by: Vlad Buslov <vladbu@mellanox.com>
Tested-by: Vlad Buslov <vladbu@mellanox.com>
Cc: Vlad Buslov <vladbu@mellanox.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sched/act_ife.c |   36 +++++++++++++-----------------------
 1 file changed, 13 insertions(+), 23 deletions(-)

--- a/net/sched/act_ife.c
+++ b/net/sched/act_ife.c
@@ -265,10 +265,8 @@ static const char *ife_meta_id2name(u32
 #endif
 
 /* called when adding new meta information
- * under ife->tcf_lock for existing action
 */
-static int load_metaops_and_vet(struct tcf_ife_info *ife, u32 metaid,
-				void *val, int len, bool exists)
+static int load_metaops_and_vet(u32 metaid, void *val, int len)
 {
 	struct tcf_meta_ops *ops = find_ife_oplist(metaid);
 	int ret = 0;
@@ -276,13 +274,9 @@ static int load_metaops_and_vet(struct t
 	if (!ops) {
 		ret = -ENOENT;
 #ifdef CONFIG_MODULES
-		if (exists)
-			spin_unlock_bh(&ife->tcf_lock);
 		rtnl_unlock();
 		request_module("ife-meta-%s", ife_meta_id2name(metaid));
 		rtnl_lock();
-		if (exists)
-			spin_lock_bh(&ife->tcf_lock);
 		ops = find_ife_oplist(metaid);
 #endif
 	}
@@ -299,10 +293,9 @@ static int load_metaops_and_vet(struct t
 }
 
 /* called when adding new meta information
- * under ife->tcf_lock for existing action
 */
 static int add_metainfo(struct tcf_ife_info *ife, u32 metaid, void *metaval,
-			int len, bool atomic)
+			int len, bool atomic, bool exists)
 {
 	struct tcf_meta_info *mi = NULL;
 	struct tcf_meta_ops *ops = find_ife_oplist(metaid);
@@ -329,12 +322,16 @@ static int add_metainfo(struct tcf_ife_i
 		}
 	}
 
+	if (exists)
+		spin_lock_bh(&ife->tcf_lock);
 	list_add_tail(&mi->metalist, &ife->metalist);
+	if (exists)
+		spin_unlock_bh(&ife->tcf_lock);
 
 	return ret;
 }
 
-static int use_all_metadata(struct tcf_ife_info *ife)
+static int use_all_metadata(struct tcf_ife_info *ife, bool exists)
 {
 	struct tcf_meta_ops *o;
 	int rc = 0;
@@ -342,7 +339,7 @@ static int use_all_metadata(struct tcf_i
 
 	read_lock(&ife_mod_lock);
 	list_for_each_entry(o, &ifeoplist, list) {
-		rc = add_metainfo(ife, o->metaid, NULL, 0, true);
+		rc = add_metainfo(ife, o->metaid, NULL, 0, true, exists);
 		if (rc == 0)
 			installed += 1;
 	}
@@ -419,7 +416,6 @@ static void tcf_ife_cleanup(struct tc_ac
 		kfree_rcu(p, rcu);
 }
 
-/* under ife->tcf_lock for existing action */
 static int populate_metalist(struct tcf_ife_info *ife, struct nlattr **tb,
 			     bool exists)
 {
@@ -433,11 +429,11 @@ static int populate_metalist(struct tcf_
 			val = nla_data(tb[i]);
 			len = nla_len(tb[i]);
 
-			rc = load_metaops_and_vet(ife, i, val, len, exists);
+			rc = load_metaops_and_vet(i, val, len);
 			if (rc != 0)
 				return rc;
 
-			rc = add_metainfo(ife, i, val, len, exists);
+			rc = add_metainfo(ife, i, val, len, false, exists);
 			if (rc)
 				return rc;
 		}
@@ -531,8 +527,6 @@ static int tcf_ife_init(struct net *net,
 		p->eth_type = ife_type;
 	}
 
-	if (exists)
-		spin_lock_bh(&ife->tcf_lock);
 
 	if (ret == ACT_P_CREATED)
 		INIT_LIST_HEAD(&ife->metalist);
@@ -544,9 +538,6 @@ static int tcf_ife_init(struct net *net,
 metadata_parse_err:
 			if (ret == ACT_P_CREATED)
 				tcf_idr_release(*a, bind);
-
-			if (exists)
-				spin_unlock_bh(&ife->tcf_lock);
 			kfree(p);
 			return err;
 		}
@@ -561,18 +552,17 @@ metadata_parse_err:
 		 * as we can. You better have at least one else we are
 		 * going to bail out
 		 */
-		err = use_all_metadata(ife);
+		err = use_all_metadata(ife, exists);
 		if (err) {
 			if (ret == ACT_P_CREATED)
 				tcf_idr_release(*a, bind);
-
-			if (exists)
-				spin_unlock_bh(&ife->tcf_lock);
 			kfree(p);
 			return err;
 		}
 	}
 
+	if (exists)
+		spin_lock_bh(&ife->tcf_lock);
 	ife->tcf_action = parm->action;
 	if (exists)
 		spin_unlock_bh(&ife->tcf_lock);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 012/197] act_ife: fix a potential deadlock
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 011/197] act_ife: move tcfa_lock down to where necessary Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 013/197] net: sched: action_ife: take reference to meta module Greg Kroah-Hartman
                   ` (186 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jamal Hadi Salim, Cong Wang, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Cong Wang <xiyou.wangcong@gmail.com>

[ Upstream commit 5ffe57da29b3802baeddaa40909682bbb4cb4d48 ]

use_all_metadata() acquires read_lock(&ife_mod_lock), then calls
add_metainfo() which calls find_ife_oplist() which acquires the same
lock again. Deadlock!

Introduce __add_metainfo() which accepts struct tcf_meta_ops *ops
as an additional parameter and let its callers to decide how
to find it. For use_all_metadata(), it already has ops, no
need to find it again, just call __add_metainfo() directly.

And, as ife_mod_lock is only needed for find_ife_oplist(),
this means we can make non-atomic allocation for populate_metalist()
now.

Fixes: 817e9f2c5c26 ("act_ife: acquire ife_mod_lock before reading ifeoplist")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sched/act_ife.c |   34 +++++++++++++++++++++-------------
 1 file changed, 21 insertions(+), 13 deletions(-)

--- a/net/sched/act_ife.c
+++ b/net/sched/act_ife.c
@@ -294,22 +294,16 @@ static int load_metaops_and_vet(u32 meta
 
 /* called when adding new meta information
 */
-static int add_metainfo(struct tcf_ife_info *ife, u32 metaid, void *metaval,
-			int len, bool atomic, bool exists)
+static int __add_metainfo(const struct tcf_meta_ops *ops,
+			  struct tcf_ife_info *ife, u32 metaid, void *metaval,
+			  int len, bool atomic, bool exists)
 {
 	struct tcf_meta_info *mi = NULL;
-	struct tcf_meta_ops *ops = find_ife_oplist(metaid);
 	int ret = 0;
 
-	if (!ops)
-		return -ENOENT;
-
 	mi = kzalloc(sizeof(*mi), atomic ? GFP_ATOMIC : GFP_KERNEL);
-	if (!mi) {
-		/*put back what find_ife_oplist took */
-		module_put(ops->owner);
+	if (!mi)
 		return -ENOMEM;
-	}
 
 	mi->metaid = metaid;
 	mi->ops = ops;
@@ -317,7 +311,6 @@ static int add_metainfo(struct tcf_ife_i
 		ret = ops->alloc(mi, metaval, atomic ? GFP_ATOMIC : GFP_KERNEL);
 		if (ret != 0) {
 			kfree(mi);
-			module_put(ops->owner);
 			return ret;
 		}
 	}
@@ -331,6 +324,21 @@ static int add_metainfo(struct tcf_ife_i
 	return ret;
 }
 
+static int add_metainfo(struct tcf_ife_info *ife, u32 metaid, void *metaval,
+			int len, bool exists)
+{
+	const struct tcf_meta_ops *ops = find_ife_oplist(metaid);
+	int ret;
+
+	if (!ops)
+		return -ENOENT;
+	ret = __add_metainfo(ops, ife, metaid, metaval, len, false, exists);
+	if (ret)
+		/*put back what find_ife_oplist took */
+		module_put(ops->owner);
+	return ret;
+}
+
 static int use_all_metadata(struct tcf_ife_info *ife, bool exists)
 {
 	struct tcf_meta_ops *o;
@@ -339,7 +347,7 @@ static int use_all_metadata(struct tcf_i
 
 	read_lock(&ife_mod_lock);
 	list_for_each_entry(o, &ifeoplist, list) {
-		rc = add_metainfo(ife, o->metaid, NULL, 0, true, exists);
+		rc = __add_metainfo(o, ife, o->metaid, NULL, 0, true, exists);
 		if (rc == 0)
 			installed += 1;
 	}
@@ -433,7 +441,7 @@ static int populate_metalist(struct tcf_
 			if (rc != 0)
 				return rc;
 
-			rc = add_metainfo(ife, i, val, len, false, exists);
+			rc = add_metainfo(ife, i, val, len, exists);
 			if (rc)
 				return rc;
 		}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 013/197] net: sched: action_ife: take reference to meta module
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 012/197] act_ife: fix a potential deadlock Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 014/197] bnxt_en: Clean up unused functions Greg Kroah-Hartman
                   ` (185 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vlad Buslov, Cong Wang, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vlad Buslov <vladbu@mellanox.com>

[ Upstream commit 84cb8eb26cb9ce3c79928094962a475a9d850a53 ]

Recent refactoring of add_metainfo() caused use_all_metadata() to add
metainfo to ife action metalist without taking reference to module. This
causes warning in module_put called from ife action cleanup function.

Implement add_metainfo_and_get_ops() function that returns with reference
to module taken if metainfo was added successfully, and call it from
use_all_metadata(), instead of calling __add_metainfo() directly.

Example warning:

[  646.344393] WARNING: CPU: 1 PID: 2278 at kernel/module.c:1139 module_put+0x1cb/0x230
[  646.352437] Modules linked in: act_meta_skbtcindex act_meta_mark act_meta_skbprio act_ife ife veth nfsv3 nfs fscache xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c tun ebtable_filter ebtables ip6table_filter ip6_tables bridge stp llc mlx5_ib ib_uverbs ib_core intel_rapl sb_edac x86_pkg_temp_thermal mlx5_core coretemp kvm_intel kvm nfsd igb irqbypass crct10dif_pclmul devlink crc32_pclmul mei_me joydev ses crc32c_intel enclosure auth_rpcgss i2c_algo_bit ioatdma ptp mei pps_core ghash_clmulni_intel iTCO_wdt iTCO_vendor_support pcspkr dca ipmi_ssif lpc_ich target_core_mod i2c_i801 ipmi_si ipmi_devintf pcc_cpufreq wmi ipmi_msghandler nfs_acl lockd acpi_pad acpi_power_meter grace sunrpc mpt3sas raid_class scsi_transport_sas
[  646.425631] CPU: 1 PID: 2278 Comm: tc Not tainted 4.19.0-rc1+ #799
[  646.432187] Hardware name: Supermicro SYS-2028TP-DECR/X10DRT-P, BIOS 2.0b 03/30/2017
[  646.440595] RIP: 0010:module_put+0x1cb/0x230
[  646.445238] Code: f3 66 94 02 e8 26 ff fa ff 85 c0 74 11 0f b6 1d 51 30 94 02 80 fb 01 77 60 83 e3 01 74 13 65 ff 0d 3a 83 db 73 e9 2b ff ff ff <0f> 0b e9 00 ff ff ff e8 59 01 fb ff 85 c0 75 e4 48 c7 c2 20 62 6b
[  646.464997] RSP: 0018:ffff880354d37068 EFLAGS: 00010286
[  646.470599] RAX: 0000000000000000 RBX: ffffffffc0a52518 RCX: ffffffff8c2668db
[  646.478118] RDX: 0000000000000003 RSI: dffffc0000000000 RDI: ffffffffc0a52518
[  646.485641] RBP: ffffffffc0a52180 R08: fffffbfff814a4a4 R09: fffffbfff814a4a3
[  646.493164] R10: ffffffffc0a5251b R11: fffffbfff814a4a4 R12: 1ffff1006a9a6e0d
[  646.500687] R13: 00000000ffffffff R14: ffff880362bab890 R15: dead000000000100
[  646.508213] FS:  00007f4164c99800(0000) GS:ffff88036fe40000(0000) knlGS:0000000000000000
[  646.516961] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  646.523080] CR2: 00007f41638b8420 CR3: 0000000351df0004 CR4: 00000000001606e0
[  646.530595] Call Trace:
[  646.533408]  ? find_symbol_in_section+0x260/0x260
[  646.538509]  tcf_ife_cleanup+0x11b/0x200 [act_ife]
[  646.543695]  tcf_action_cleanup+0x29/0xa0
[  646.548078]  __tcf_action_put+0x5a/0xb0
[  646.552289]  ? nla_put+0x65/0xe0
[  646.555889]  __tcf_idr_release+0x48/0x60
[  646.560187]  tcf_generic_walker+0x448/0x6b0
[  646.564764]  ? tcf_action_dump_1+0x450/0x450
[  646.569411]  ? __lock_is_held+0x84/0x110
[  646.573720]  ? tcf_ife_walker+0x10c/0x20f [act_ife]
[  646.578982]  tca_action_gd+0x972/0xc40
[  646.583129]  ? tca_get_fill.constprop.17+0x250/0x250
[  646.588471]  ? mark_lock+0xcf/0x980
[  646.592324]  ? check_chain_key+0x140/0x1f0
[  646.596832]  ? debug_show_all_locks+0x240/0x240
[  646.601839]  ? memset+0x1f/0x40
[  646.605350]  ? nla_parse+0xca/0x1a0
[  646.609217]  tc_ctl_action+0x215/0x230
[  646.613339]  ? tcf_action_add+0x220/0x220
[  646.617748]  rtnetlink_rcv_msg+0x56a/0x6d0
[  646.622227]  ? rtnl_fdb_del+0x3f0/0x3f0
[  646.626466]  netlink_rcv_skb+0x18d/0x200
[  646.630752]  ? rtnl_fdb_del+0x3f0/0x3f0
[  646.634959]  ? netlink_ack+0x500/0x500
[  646.639106]  netlink_unicast+0x2d0/0x370
[  646.643409]  ? netlink_attachskb+0x340/0x340
[  646.648050]  ? _copy_from_iter_full+0xe9/0x3e0
[  646.652870]  ? import_iovec+0x11e/0x1c0
[  646.657083]  netlink_sendmsg+0x3b9/0x6a0
[  646.661388]  ? netlink_unicast+0x370/0x370
[  646.665877]  ? netlink_unicast+0x370/0x370
[  646.670351]  sock_sendmsg+0x6b/0x80
[  646.674212]  ___sys_sendmsg+0x4a1/0x520
[  646.678443]  ? copy_msghdr_from_user+0x210/0x210
[  646.683463]  ? lock_downgrade+0x320/0x320
[  646.687849]  ? debug_show_all_locks+0x240/0x240
[  646.692760]  ? do_raw_spin_unlock+0xa2/0x130
[  646.697418]  ? _raw_spin_unlock+0x24/0x30
[  646.701798]  ? __handle_mm_fault+0x1819/0x1c10
[  646.706619]  ? __pmd_alloc+0x320/0x320
[  646.710738]  ? debug_show_all_locks+0x240/0x240
[  646.715649]  ? restore_nameidata+0x7b/0xa0
[  646.720117]  ? check_chain_key+0x140/0x1f0
[  646.724590]  ? check_chain_key+0x140/0x1f0
[  646.729070]  ? __fget_light+0xbc/0xd0
[  646.733121]  ? __sys_sendmsg+0xd7/0x150
[  646.737329]  __sys_sendmsg+0xd7/0x150
[  646.741359]  ? __ia32_sys_shutdown+0x30/0x30
[  646.746003]  ? up_read+0x53/0x90
[  646.749601]  ? __do_page_fault+0x484/0x780
[  646.754105]  ? do_syscall_64+0x1e/0x2c0
[  646.758320]  do_syscall_64+0x72/0x2c0
[  646.762353]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  646.767776] RIP: 0033:0x7f4163872150
[  646.771713] Code: 8b 15 3c 7d 2b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb cd 66 0f 1f 44 00 00 83 3d b9 d5 2b 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 be cd 00 00 48 89 04 24
[  646.791474] RSP: 002b:00007ffdef7d6b58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  646.799721] RAX: ffffffffffffffda RBX: 0000000000000024 RCX: 00007f4163872150
[  646.807240] RDX: 0000000000000000 RSI: 00007ffdef7d6bd0 RDI: 0000000000000003
[  646.814760] RBP: 000000005b8b9482 R08: 0000000000000001 R09: 0000000000000000
[  646.822286] R10: 00000000000005e7 R11: 0000000000000246 R12: 00007ffdef7dad20
[  646.829807] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000679bc0
[  646.837360] irq event stamp: 6083
[  646.841043] hardirqs last  enabled at (6081): [<ffffffff8c220a7d>] __call_rcu+0x17d/0x500
[  646.849882] hardirqs last disabled at (6083): [<ffffffff8c004f06>] trace_hardirqs_off_thunk+0x1a/0x1c
[  646.859775] softirqs last  enabled at (5968): [<ffffffff8d4004a1>] __do_softirq+0x4a1/0x6ee
[  646.868784] softirqs last disabled at (6082): [<ffffffffc0a78759>] tcf_ife_cleanup+0x39/0x200 [act_ife]
[  646.878845] ---[ end trace b1b8c12ffe51e657 ]---

Fixes: 5ffe57da29b3 ("act_ife: fix a potential deadlock")
Signed-off-by: Vlad Buslov <vladbu@mellanox.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sched/act_ife.c |   16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

--- a/net/sched/act_ife.c
+++ b/net/sched/act_ife.c
@@ -324,6 +324,20 @@ static int __add_metainfo(const struct t
 	return ret;
 }
 
+static int add_metainfo_and_get_ops(const struct tcf_meta_ops *ops,
+				    struct tcf_ife_info *ife, u32 metaid,
+				    bool exists)
+{
+	int ret;
+
+	if (!try_module_get(ops->owner))
+		return -ENOENT;
+	ret = __add_metainfo(ops, ife, metaid, NULL, 0, true, exists);
+	if (ret)
+		module_put(ops->owner);
+	return ret;
+}
+
 static int add_metainfo(struct tcf_ife_info *ife, u32 metaid, void *metaval,
 			int len, bool exists)
 {
@@ -347,7 +361,7 @@ static int use_all_metadata(struct tcf_i
 
 	read_lock(&ife_mod_lock);
 	list_for_each_entry(o, &ifeoplist, list) {
-		rc = __add_metainfo(o, ife, o->metaid, NULL, 0, true, exists);
+		rc = add_metainfo_and_get_ops(o, ife, o->metaid, exists);
 		if (rc == 0)
 			installed += 1;
 	}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 014/197] bnxt_en: Clean up unused functions.
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 013/197] net: sched: action_ife: take reference to meta module Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 015/197] bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA Greg Kroah-Hartman
                   ` (184 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Chan, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michael Chan <michael.chan@broadcom.com>

[ Upstream commit ad95c27bdb930105f3eea02621bda157caf2862d ]

Remove unused bnxt_subtract_ulp_resources().  Change
bnxt_get_max_func_irqs() to static since it is only locally used.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/broadcom/bnxt/bnxt.c     |    2 +-
 drivers/net/ethernet/broadcom/bnxt/bnxt.h     |    1 -
 drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c |   15 ---------------
 drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h |    1 -
 4 files changed, 1 insertion(+), 18 deletions(-)

--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -5912,7 +5912,7 @@ void bnxt_set_max_func_cp_rings(struct b
 	bp->hw_resc.max_cp_rings = max;
 }
 
-unsigned int bnxt_get_max_func_irqs(struct bnxt *bp)
+static unsigned int bnxt_get_max_func_irqs(struct bnxt *bp)
 {
 	struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
 
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1469,7 +1469,6 @@ unsigned int bnxt_get_max_func_stat_ctxs
 void bnxt_set_max_func_stat_ctxs(struct bnxt *bp, unsigned int max);
 unsigned int bnxt_get_max_func_cp_rings(struct bnxt *bp);
 void bnxt_set_max_func_cp_rings(struct bnxt *bp, unsigned int max);
-unsigned int bnxt_get_max_func_irqs(struct bnxt *bp);
 int bnxt_get_avail_msix(struct bnxt *bp, int num);
 int bnxt_reserve_rings(struct bnxt *bp);
 void bnxt_tx_disable(struct bnxt *bp);
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c
@@ -220,21 +220,6 @@ int bnxt_get_ulp_msix_base(struct bnxt *
 	return 0;
 }
 
-void bnxt_subtract_ulp_resources(struct bnxt *bp, int ulp_id)
-{
-	ASSERT_RTNL();
-	if (bnxt_ulp_registered(bp->edev, ulp_id)) {
-		struct bnxt_en_dev *edev = bp->edev;
-		unsigned int msix_req, max;
-
-		msix_req = edev->ulp_tbl[ulp_id].msix_requested;
-		max = bnxt_get_max_func_cp_rings(bp);
-		bnxt_set_max_func_cp_rings(bp, max - msix_req);
-		max = bnxt_get_max_func_stat_ctxs(bp);
-		bnxt_set_max_func_stat_ctxs(bp, max - 1);
-	}
-}
-
 static int bnxt_send_msg(struct bnxt_en_dev *edev, int ulp_id,
 			 struct bnxt_fw_msg *fw_msg)
 {
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h
@@ -90,7 +90,6 @@ static inline bool bnxt_ulp_registered(s
 
 int bnxt_get_ulp_msix_num(struct bnxt *bp);
 int bnxt_get_ulp_msix_base(struct bnxt *bp);
-void bnxt_subtract_ulp_resources(struct bnxt *bp, int ulp_id);
 void bnxt_ulp_stop(struct bnxt *bp);
 void bnxt_ulp_start(struct bnxt *bp);
 void bnxt_ulp_sriov_cfg(struct bnxt *bp, int num_vfs);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 015/197] bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA.
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 014/197] bnxt_en: Clean up unused functions Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 016/197] net/sched: act_pedit: fix dump of extended layered op Greg Kroah-Hartman
                   ` (183 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Chan, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michael Chan <michael.chan@broadcom.com>

[ Upstream commit 00fe9c326d2027f2437dea38ef0e82f9d02d94c0 ]

Currently, the driver adjusts the bp->hw_resc.max_cp_rings by the number
of MSIX vectors used by RDMA.  There is one code path in open that needs
to check the true max_cp_rings including any used by RDMA.  This code
is now checking for the reduced max_cp_rings which will fail when the
number of cp rings is very small.

To fix this in a clean way, we don't adjust max_cp_rings anymore.
Instead, we add a helper bnxt_get_max_func_cp_rings_for_en() to get the
reduced max_cp_rings when appropriate.

Fixes: ec86f14ea506 ("bnxt_en: Add ULP calls to stop and restart IRQs.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/broadcom/bnxt/bnxt.c       |    7 ++++---
 drivers/net/ethernet/broadcom/bnxt/bnxt.h       |    2 +-
 drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c |    7 ++++---
 drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c   |    5 -----
 4 files changed, 9 insertions(+), 12 deletions(-)

--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -5907,9 +5907,9 @@ unsigned int bnxt_get_max_func_cp_rings(
 	return bp->hw_resc.max_cp_rings;
 }
 
-void bnxt_set_max_func_cp_rings(struct bnxt *bp, unsigned int max)
+unsigned int bnxt_get_max_func_cp_rings_for_en(struct bnxt *bp)
 {
-	bp->hw_resc.max_cp_rings = max;
+	return bp->hw_resc.max_cp_rings - bnxt_get_ulp_msix_num(bp);
 }
 
 static unsigned int bnxt_get_max_func_irqs(struct bnxt *bp)
@@ -8492,7 +8492,8 @@ static void _bnxt_get_max_rings(struct b
 
 	*max_tx = hw_resc->max_tx_rings;
 	*max_rx = hw_resc->max_rx_rings;
-	*max_cp = min_t(int, hw_resc->max_irqs, hw_resc->max_cp_rings);
+	*max_cp = min_t(int, bnxt_get_max_func_cp_rings_for_en(bp),
+			hw_resc->max_irqs);
 	*max_cp = min_t(int, *max_cp, hw_resc->max_stat_ctxs);
 	max_ring_grps = hw_resc->max_hw_ring_grps;
 	if (BNXT_CHIP_TYPE_NITRO_A0(bp) && BNXT_PF(bp)) {
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1468,7 +1468,7 @@ int bnxt_hwrm_set_coal(struct bnxt *);
 unsigned int bnxt_get_max_func_stat_ctxs(struct bnxt *bp);
 void bnxt_set_max_func_stat_ctxs(struct bnxt *bp, unsigned int max);
 unsigned int bnxt_get_max_func_cp_rings(struct bnxt *bp);
-void bnxt_set_max_func_cp_rings(struct bnxt *bp, unsigned int max);
+unsigned int bnxt_get_max_func_cp_rings_for_en(struct bnxt *bp);
 int bnxt_get_avail_msix(struct bnxt *bp, int num);
 int bnxt_reserve_rings(struct bnxt *bp);
 void bnxt_tx_disable(struct bnxt *bp);
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
@@ -451,7 +451,7 @@ static int bnxt_hwrm_func_vf_resc_cfg(st
 
 	bnxt_hwrm_cmd_hdr_init(bp, &req, HWRM_FUNC_VF_RESOURCE_CFG, -1, -1);
 
-	vf_cp_rings = hw_resc->max_cp_rings - bp->cp_nr_rings;
+	vf_cp_rings = bnxt_get_max_func_cp_rings_for_en(bp) - bp->cp_nr_rings;
 	vf_stat_ctx = hw_resc->max_stat_ctxs - bp->num_stat_ctxs;
 	if (bp->flags & BNXT_FLAG_AGG_RINGS)
 		vf_rx_rings = hw_resc->max_rx_rings - bp->rx_nr_rings * 2;
@@ -544,7 +544,8 @@ static int bnxt_hwrm_func_cfg(struct bnx
 	max_stat_ctxs = hw_resc->max_stat_ctxs;
 
 	/* Remaining rings are distributed equally amongs VF's for now */
-	vf_cp_rings = (hw_resc->max_cp_rings - bp->cp_nr_rings) / num_vfs;
+	vf_cp_rings = (bnxt_get_max_func_cp_rings_for_en(bp) -
+		       bp->cp_nr_rings) / num_vfs;
 	vf_stat_ctx = (max_stat_ctxs - bp->num_stat_ctxs) / num_vfs;
 	if (bp->flags & BNXT_FLAG_AGG_RINGS)
 		vf_rx_rings = (hw_resc->max_rx_rings - bp->rx_nr_rings * 2) /
@@ -638,7 +639,7 @@ static int bnxt_sriov_enable(struct bnxt
 	 */
 	vfs_supported = *num_vfs;
 
-	avail_cp = hw_resc->max_cp_rings - bp->cp_nr_rings;
+	avail_cp = bnxt_get_max_func_cp_rings_for_en(bp) - bp->cp_nr_rings;
 	avail_stat = hw_resc->max_stat_ctxs - bp->num_stat_ctxs;
 	avail_cp = min_t(int, avail_cp, avail_stat);
 
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c
@@ -169,7 +169,6 @@ static int bnxt_req_msix_vecs(struct bnx
 		edev->ulp_tbl[ulp_id].msix_requested = avail_msix;
 	}
 	bnxt_fill_msix_vecs(bp, ent);
-	bnxt_set_max_func_cp_rings(bp, max_cp_rings - avail_msix);
 	edev->flags |= BNXT_EN_FLAG_MSIX_REQUESTED;
 	return avail_msix;
 }
@@ -178,7 +177,6 @@ static int bnxt_free_msix_vecs(struct bn
 {
 	struct net_device *dev = edev->net;
 	struct bnxt *bp = netdev_priv(dev);
-	int max_cp_rings, msix_requested;
 
 	ASSERT_RTNL();
 	if (ulp_id != BNXT_ROCE_ULP)
@@ -187,9 +185,6 @@ static int bnxt_free_msix_vecs(struct bn
 	if (!(edev->flags & BNXT_EN_FLAG_MSIX_REQUESTED))
 		return 0;
 
-	max_cp_rings = bnxt_get_max_func_cp_rings(bp);
-	msix_requested = edev->ulp_tbl[ulp_id].msix_requested;
-	bnxt_set_max_func_cp_rings(bp, max_cp_rings + msix_requested);
 	edev->ulp_tbl[ulp_id].msix_requested = 0;
 	edev->flags &= ~BNXT_EN_FLAG_MSIX_REQUESTED;
 	if (netif_running(dev)) {



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 016/197] net/sched: act_pedit: fix dump of extended layered op
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 015/197] bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 017/197] tipc: fix a missing rhashtable_walk_exit() Greg Kroah-Hartman
                   ` (182 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Davide Caratti, Cong Wang, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Davide Caratti <dcaratti@redhat.com>

[ Upstream commit 85eb9af182243ce9a8b72410d5321c440ac5f8d7 ]

in the (rare) case of failure in nla_nest_start(), missing NULL checks in
tcf_pedit_key_ex_dump() can make the following command

 # tc action add action pedit ex munge ip ttl set 64

dereference a NULL pointer:

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
 PGD 800000007d1cd067 P4D 800000007d1cd067 PUD 7acd3067 PMD 0
 Oops: 0002 [#1] SMP PTI
 CPU: 0 PID: 3336 Comm: tc Tainted: G            E     4.18.0.pedit+ #425
 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
 RIP: 0010:tcf_pedit_dump+0x19d/0x358 [act_pedit]
 Code: be 02 00 00 00 48 89 df 66 89 44 24 20 e8 9b b1 fd e0 85 c0 75 46 8b 83 c8 00 00 00 49 83 c5 08 48 03 83 d0 00 00 00 4d 39 f5 <66> 89 04 25 00 00 00 00 0f 84 81 01 00 00 41 8b 45 00 48 8d 4c 24
 RSP: 0018:ffffb5d4004478a8 EFLAGS: 00010246
 RAX: ffff8880fcda2070 RBX: ffff8880fadd2900 RCX: 0000000000000000
 RDX: 0000000000000002 RSI: ffffb5d4004478ca RDI: ffff8880fcda206e
 RBP: ffff8880fb9cb900 R08: 0000000000000008 R09: ffff8880fcda206e
 R10: ffff8880fadd2900 R11: 0000000000000000 R12: ffff8880fd26cf40
 R13: ffff8880fc957430 R14: ffff8880fc957430 R15: ffff8880fb9cb988
 FS:  00007f75a537a740(0000) GS:ffff8880fda00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000000 CR3: 000000007a2fa005 CR4: 00000000001606f0
 Call Trace:
  ? __nla_reserve+0x38/0x50
  tcf_action_dump_1+0xd2/0x130
  tcf_action_dump+0x6a/0xf0
  tca_get_fill.constprop.31+0xa3/0x120
  tcf_action_add+0xd1/0x170
  tc_ctl_action+0x137/0x150
  rtnetlink_rcv_msg+0x263/0x2d0
  ? _cond_resched+0x15/0x40
  ? rtnl_calcit.isra.30+0x110/0x110
  netlink_rcv_skb+0x4d/0x130
  netlink_unicast+0x1a3/0x250
  netlink_sendmsg+0x2ae/0x3a0
  sock_sendmsg+0x36/0x40
  ___sys_sendmsg+0x26f/0x2d0
  ? do_wp_page+0x8e/0x5f0
  ? handle_pte_fault+0x6c3/0xf50
  ? __handle_mm_fault+0x38e/0x520
  ? __sys_sendmsg+0x5e/0xa0
  __sys_sendmsg+0x5e/0xa0
  do_syscall_64+0x5b/0x180
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
 RIP: 0033:0x7f75a4583ba0
 Code: c3 48 8b 05 f2 62 2c 00 f7 db 64 89 18 48 83 cb ff eb dd 0f 1f 80 00 00 00 00 83 3d fd c3 2c 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ae cc 00 00 48 89 04 24
 RSP: 002b:00007fff60ee7418 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
 RAX: ffffffffffffffda RBX: 00007fff60ee7540 RCX: 00007f75a4583ba0
 RDX: 0000000000000000 RSI: 00007fff60ee7490 RDI: 0000000000000003
 RBP: 000000005b842d3e R08: 0000000000000002 R09: 0000000000000000
 R10: 00007fff60ee6ea0 R11: 0000000000000246 R12: 0000000000000000
 R13: 00007fff60ee7554 R14: 0000000000000001 R15: 000000000066c100
 Modules linked in: act_pedit(E) ip6table_filter ip6_tables iptable_filter binfmt_misc crct10dif_pclmul ext4 crc32_pclmul mbcache ghash_clmulni_intel jbd2 pcbc snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm aesni_intel crypto_simd snd_timer cryptd glue_helper snd joydev pcspkr soundcore virtio_balloon i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi virtio_net net_failover virtio_blk virtio_console failover qxl crc32c_intel drm_kms_helper syscopyarea serio_raw sysfillrect sysimgblt fb_sys_fops ttm drm ata_piix virtio_pci libata virtio_ring i2c_core virtio floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_pedit]
 CR2: 0000000000000000

Like it's done for other TC actions, give up dumping pedit rules and return
an error if nla_nest_start() returns NULL.

Fixes: 71d0ed7079df ("net/act_pedit: Support using offset relative to the conventional network headers")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sched/act_pedit.c |   18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@@ -109,16 +109,18 @@ static int tcf_pedit_key_ex_dump(struct
 {
 	struct nlattr *keys_start = nla_nest_start(skb, TCA_PEDIT_KEYS_EX);
 
+	if (!keys_start)
+		goto nla_failure;
 	for (; n > 0; n--) {
 		struct nlattr *key_start;
 
 		key_start = nla_nest_start(skb, TCA_PEDIT_KEY_EX);
+		if (!key_start)
+			goto nla_failure;
 
 		if (nla_put_u16(skb, TCA_PEDIT_KEY_EX_HTYPE, keys_ex->htype) ||
-		    nla_put_u16(skb, TCA_PEDIT_KEY_EX_CMD, keys_ex->cmd)) {
-			nlmsg_trim(skb, keys_start);
-			return -EINVAL;
-		}
+		    nla_put_u16(skb, TCA_PEDIT_KEY_EX_CMD, keys_ex->cmd))
+			goto nla_failure;
 
 		nla_nest_end(skb, key_start);
 
@@ -128,6 +130,9 @@ static int tcf_pedit_key_ex_dump(struct
 	nla_nest_end(skb, keys_start);
 
 	return 0;
+nla_failure:
+	nla_nest_cancel(skb, keys_start);
+	return -EINVAL;
 }
 
 static int tcf_pedit_init(struct net *net, struct nlattr *nla,
@@ -395,7 +400,10 @@ static int tcf_pedit_dump(struct sk_buff
 	opt->bindcnt = p->tcf_bindcnt - bind;
 
 	if (p->tcfp_keys_ex) {
-		tcf_pedit_key_ex_dump(skb, p->tcfp_keys_ex, p->tcfp_nkeys);
+		if (tcf_pedit_key_ex_dump(skb,
+					  p->tcfp_keys_ex,
+					  p->tcfp_nkeys))
+			goto nla_put_failure;
 
 		if (nla_put(skb, TCA_PEDIT_PARMS_EX, s, opt))
 			goto nla_put_failure;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 017/197] tipc: fix a missing rhashtable_walk_exit()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 016/197] net/sched: act_pedit: fix dump of extended layered op Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 018/197] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() Greg Kroah-Hartman
                   ` (181 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Herbert Xu, Ying Xue, Cong Wang,
	David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Cong Wang <xiyou.wangcong@gmail.com>

[ Upstream commit bd583fe30427500a2d0abe25724025b1cb5e2636 ]

rhashtable_walk_exit() must be paired with rhashtable_walk_enter().

Fixes: 40f9f4397060 ("tipc: Fix tipc_sk_reinit race conditions")
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/tipc/socket.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -2675,6 +2675,8 @@ void tipc_sk_reinit(struct net *net)
 
 		rhashtable_walk_stop(&iter);
 	} while (tsk == ERR_PTR(-EAGAIN));
+
+	rhashtable_walk_exit(&iter);
 }
 
 static struct tipc_sock *tipc_sk_lookup(struct net *net, u32 portid)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 018/197] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 017/197] tipc: fix a missing rhashtable_walk_exit() Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 019/197] tipc: fix the big/little endian issue in tipc_dest Greg Kroah-Hartman
                   ` (180 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dexuan Cui, Stephen Hemminger,
	K. Y. Srinivasan, Haiyang Zhang, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dexuan Cui <decui@microsoft.com>

[ Upstream commit e04e7a7bbd4bbabef4e1a58367e5fc9b2edc3b10 ]

This patch fixes the race between netvsc_probe() and
rndis_set_subchannel(), which can cause a deadlock.

These are the related 3 paths which show the deadlock:

path #1:
    Workqueue: hv_vmbus_con vmbus_onmessage_work [hv_vmbus]
    Call Trace:
     schedule
     schedule_preempt_disabled
     __mutex_lock
     __device_attach
     bus_probe_device
     device_add
     vmbus_device_register
     vmbus_onoffer
     vmbus_onmessage_work
     process_one_work
     worker_thread
     kthread
     ret_from_fork

path #2:
    schedule
     schedule_preempt_disabled
     __mutex_lock
     netvsc_probe
     vmbus_probe
     really_probe
     __driver_attach
     bus_for_each_dev
     driver_attach_async
     async_run_entry_fn
     process_one_work
     worker_thread
     kthread
     ret_from_fork

path #3:
    Workqueue: events netvsc_subchan_work [hv_netvsc]
    Call Trace:
     schedule
     rndis_set_subchannel
     netvsc_subchan_work
     process_one_work
     worker_thread
     kthread
     ret_from_fork

Before path #1 finishes, path #2 can start to run, because just before
the "bus_probe_device(dev);" in device_add() in path #1, there is a line
"object_uevent(&dev->kobj, KOBJ_ADD);", so systemd-udevd can
immediately try to load hv_netvsc and hence path #2 can start to run.

Next, path #2 offloads the subchannal's initialization to a workqueue,
i.e. path #3, so we can end up in a deadlock situation like this:

Path #2 gets the device lock, and is trying to get the rtnl lock;
Path #3 gets the rtnl lock and is waiting for all the subchannel messages
to be processed;
Path #1 is trying to get the device lock, but since #2 is not releasing
the device lock, path #1 has to sleep; since the VMBus messages are
processed one by one, this means the sub-channel messages can't be
procedded, so #3 has to sleep with the rtnl lock held, and finally #2
has to sleep... Now all the 3 paths are sleeping and we hit the deadlock.

With the patch, we can make sure #2 gets both the device lock and the
rtnl lock together, gets its job done, and releases the locks, so #1
and #3 will not be blocked for ever.

Fixes: 8195b1396ec8 ("hv_netvsc: fix deadlock on hotplug")
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Cc: Stephen Hemminger <sthemmin@microsoft.com>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/hyperv/netvsc_drv.c |   11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -2101,6 +2101,16 @@ static int netvsc_probe(struct hv_device
 
 	memcpy(net->dev_addr, device_info.mac_adr, ETH_ALEN);
 
+	/* We must get rtnl lock before scheduling nvdev->subchan_work,
+	 * otherwise netvsc_subchan_work() can get rtnl lock first and wait
+	 * all subchannels to show up, but that may not happen because
+	 * netvsc_probe() can't get rtnl lock and as a result vmbus_onoffer()
+	 * -> ... -> device_add() -> ... -> __device_attach() can't get
+	 * the device lock, so all the subchannels can't be processed --
+	 * finally netvsc_subchan_work() hangs for ever.
+	 */
+	rtnl_lock();
+
 	if (nvdev->num_chn > 1)
 		schedule_work(&nvdev->subchan_work);
 
@@ -2119,7 +2129,6 @@ static int netvsc_probe(struct hv_device
 	else
 		net->max_mtu = ETH_DATA_LEN;
 
-	rtnl_lock();
 	ret = register_netdevice(net);
 	if (ret != 0) {
 		pr_err("Unable to register netdev.\n");



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 019/197] tipc: fix the big/little endian issue in tipc_dest
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 018/197] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 020/197] sctp: remove useless start_fail from sctp_ht_iter in proc Greg Kroah-Hartman
                   ` (179 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Zhenbo Gao, Jon Maloy, Haiqing Bai,
	David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Haiqing Bai <Haiqing.Bai@windriver.com>

[ Upstream commit 30935198b7d0be12b1c45c328b66a7fdefb16256 ]

In function tipc_dest_push, the 32bit variables 'node' and 'port'
are stored separately in uppper and lower part of 64bit 'value'.
Then this value is assigned to dst->value which is a union like:
union
{
  struct {
    u32 port;
    u32 node;
  };
  u64 value;
}
This works on little-endian machines like x86 but fails on big-endian
machines.

The fix remove the 'value' stack parameter and even the 'value'
member of the union in tipc_dest, assign the 'node' and 'port' member
directly with the input parameter to avoid the endian issue.

Fixes: a80ae5306a73 ("tipc: improve destination linked list")
Signed-off-by: Zhenbo Gao <zhenbo.gao@windriver.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/tipc/name_table.c |   10 ++++------
 net/tipc/name_table.h |    9 ++-------
 2 files changed, 6 insertions(+), 13 deletions(-)

--- a/net/tipc/name_table.c
+++ b/net/tipc/name_table.c
@@ -980,20 +980,17 @@ int tipc_nl_name_table_dump(struct sk_bu
 
 struct tipc_dest *tipc_dest_find(struct list_head *l, u32 node, u32 port)
 {
-	u64 value = (u64)node << 32 | port;
 	struct tipc_dest *dst;
 
 	list_for_each_entry(dst, l, list) {
-		if (dst->value != value)
-			continue;
-		return dst;
+		if (dst->node == node && dst->port == port)
+			return dst;
 	}
 	return NULL;
 }
 
 bool tipc_dest_push(struct list_head *l, u32 node, u32 port)
 {
-	u64 value = (u64)node << 32 | port;
 	struct tipc_dest *dst;
 
 	if (tipc_dest_find(l, node, port))
@@ -1002,7 +999,8 @@ bool tipc_dest_push(struct list_head *l,
 	dst = kmalloc(sizeof(*dst), GFP_ATOMIC);
 	if (unlikely(!dst))
 		return false;
-	dst->value = value;
+	dst->node = node;
+	dst->port = port;
 	list_add(&dst->list, l);
 	return true;
 }
--- a/net/tipc/name_table.h
+++ b/net/tipc/name_table.h
@@ -133,13 +133,8 @@ void tipc_nametbl_stop(struct net *net);
 
 struct tipc_dest {
 	struct list_head list;
-	union {
-		struct {
-			u32 port;
-			u32 node;
-		};
-		u64 value;
-	};
+	u32 port;
+	u32 node;
 };
 
 struct tipc_dest *tipc_dest_find(struct list_head *l, u32 node, u32 port);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 020/197] sctp: remove useless start_fail from sctp_ht_iter in proc
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 019/197] tipc: fix the big/little endian issue in tipc_dest Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 021/197] erspan: set erspan_ver to 1 by default when adding an erspan dev Greg Kroah-Hartman
                   ` (178 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Xin Long, Neil Horman,
	Marcelo Ricardo Leitner, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Xin Long <lucien.xin@gmail.com>

[ Upstream commit 834539e69a5fe2aab33cc777ccfd4a4fcc5b9770 ]

After changing rhashtable_walk_start to return void, start_fail would
never be set other value than 0, and the checking for start_fail is
pointless, so remove it.

Fixes: 97a6ec4ac021 ("rhashtable: Change rhashtable_walk_start to return void")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sctp/proc.c |    4 ----
 1 file changed, 4 deletions(-)

--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
@@ -215,7 +215,6 @@ static const struct seq_operations sctp_
 struct sctp_ht_iter {
 	struct seq_net_private p;
 	struct rhashtable_iter hti;
-	int start_fail;
 };
 
 static void *sctp_transport_seq_start(struct seq_file *seq, loff_t *pos)
@@ -224,7 +223,6 @@ static void *sctp_transport_seq_start(st
 
 	sctp_transport_walk_start(&iter->hti);
 
-	iter->start_fail = 0;
 	return sctp_transport_get_idx(seq_file_net(seq), &iter->hti, *pos);
 }
 
@@ -232,8 +230,6 @@ static void sctp_transport_seq_stop(stru
 {
 	struct sctp_ht_iter *iter = seq->private;
 
-	if (iter->start_fail)
-		return;
 	sctp_transport_walk_stop(&iter->hti);
 }
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 021/197] erspan: set erspan_ver to 1 by default when adding an erspan dev
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 020/197] sctp: remove useless start_fail from sctp_ht_iter in proc Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 022/197] net: macb: Fix regression breaking non-MDIO fixed-link PHYs Greg Kroah-Hartman
                   ` (177 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jianlin Shi, Xin Long, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Xin Long <lucien.xin@gmail.com>

[ Upstream commit 84581bdae9587023cea1d139523f0ef0f28bd88d ]

After erspan_ver is introudced, if erspan_ver is not set in iproute, its
value will be left 0 by default. Since Commit 02f99df1875c ("erspan: fix
invalid erspan version."), it has broken the traffic due to the version
check in erspan_xmit if users are not aware of 'erspan_ver' param, like
using an old version of iproute.

To fix this compatibility problem, it sets erspan_ver to 1 by default
when adding an erspan dev in erspan_setup. Note that we can't do it in
ipgre_netlink_parms, as this function is also used by ipgre_changelink.

Fixes: 02f99df1875c ("erspan: fix invalid erspan version.")
Reported-by: Jianlin Shi <jishi@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv4/ip_gre.c  |    3 +++
 net/ipv6/ip6_gre.c |    1 +
 2 files changed, 4 insertions(+)

--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -1511,11 +1511,14 @@ nla_put_failure:
 
 static void erspan_setup(struct net_device *dev)
 {
+	struct ip_tunnel *t = netdev_priv(dev);
+
 	ether_setup(dev);
 	dev->netdev_ops = &erspan_netdev_ops;
 	dev->priv_flags &= ~IFF_TX_SKB_SHARING;
 	dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
 	ip_tunnel_setup(dev, erspan_net_id);
+	t->erspan_ver = 1;
 }
 
 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -1776,6 +1776,7 @@ static void ip6gre_netlink_parms(struct
 	if (data[IFLA_GRE_COLLECT_METADATA])
 		parms->collect_md = true;
 
+	parms->erspan_ver = 1;
 	if (data[IFLA_GRE_ERSPAN_VER])
 		parms->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 022/197] net: macb: Fix regression breaking non-MDIO fixed-link PHYs
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 021/197] erspan: set erspan_ver to 1 by default when adding an erspan dev Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 023/197] ipv6: dont get lwtstate twice in ip6_rt_copy_init() Greg Kroah-Hartman
                   ` (176 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ahmad Fatoum, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ahmad Fatoum <a.fatoum@pengutronix.de>

[ Upstream commit ab5f11055fdf8dfc3ddbd89e8e3cc550de41d1d3 ]

commit 739de9a1563a ("net: macb: Reorganize macb_mii bringup") broke
initializing macb on the EVB-KSZ9477 eval board.
There, of_mdiobus_register was called even for the fixed-link representing
the RGMII-link to the switch with the result that the driver attempts to
enumerate PHYs on a non-existent MDIO bus:

	libphy: MACB_mii_bus: probed
	mdio_bus f0028000.ethernet-ffffffff: fixed-link has invalid PHY address
	mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 0
        [snip]
	mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 31

The "MDIO" bus registration succeeds regardless, having claimed the reset GPIO,
and calling of_phy_register_fixed_link later on fails because it tries
to claim the same GPIO:

	macb f0028000.ethernet: broken fixed-link specification

Fix this by registering the fixed-link before calling mdiobus_register.

Fixes: 739de9a1563a ("net: macb: Reorganize macb_mii bringup")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/cadence/macb_main.c |   27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

--- a/drivers/net/ethernet/cadence/macb_main.c
+++ b/drivers/net/ethernet/cadence/macb_main.c
@@ -481,11 +481,6 @@ static int macb_mii_probe(struct net_dev
 
 	if (np) {
 		if (of_phy_is_fixed_link(np)) {
-			if (of_phy_register_fixed_link(np) < 0) {
-				dev_err(&bp->pdev->dev,
-					"broken fixed-link specification\n");
-				return -ENODEV;
-			}
 			bp->phy_node = of_node_get(np);
 		} else {
 			bp->phy_node = of_parse_phandle(np, "phy-handle", 0);
@@ -568,7 +563,7 @@ static int macb_mii_init(struct macb *bp
 {
 	struct macb_platform_data *pdata;
 	struct device_node *np;
-	int err;
+	int err = -ENXIO;
 
 	/* Enable management port */
 	macb_writel(bp, NCR, MACB_BIT(MPE));
@@ -591,12 +586,23 @@ static int macb_mii_init(struct macb *bp
 	dev_set_drvdata(&bp->dev->dev, bp->mii_bus);
 
 	np = bp->pdev->dev.of_node;
-	if (pdata)
-		bp->mii_bus->phy_mask = pdata->phy_mask;
+	if (np && of_phy_is_fixed_link(np)) {
+		if (of_phy_register_fixed_link(np) < 0) {
+			dev_err(&bp->pdev->dev,
+				"broken fixed-link specification %pOF\n", np);
+			goto err_out_free_mdiobus;
+		}
+
+		err = mdiobus_register(bp->mii_bus);
+	} else {
+		if (pdata)
+			bp->mii_bus->phy_mask = pdata->phy_mask;
+
+		err = of_mdiobus_register(bp->mii_bus, np);
+	}
 
-	err = of_mdiobus_register(bp->mii_bus, np);
 	if (err)
-		goto err_out_free_mdiobus;
+		goto err_out_free_fixed_link;
 
 	err = macb_mii_probe(bp->dev);
 	if (err)
@@ -606,6 +612,7 @@ static int macb_mii_init(struct macb *bp
 
 err_out_unregister_bus:
 	mdiobus_unregister(bp->mii_bus);
+err_out_free_fixed_link:
 	if (np && of_phy_is_fixed_link(np))
 		of_phy_deregister_fixed_link(np);
 err_out_free_mdiobus:



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 023/197] ipv6: dont get lwtstate twice in ip6_rt_copy_init()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 022/197] net: macb: Fix regression breaking non-MDIO fixed-link PHYs Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 024/197] net/ipv6: init ip6 anycast rt->dst.input as ip6_input Greg Kroah-Hartman
                   ` (175 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexey Kodanev, David Ahern, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alexey Kodanev <alexey.kodanev@oracle.com>

[ Upstream commit 93bbadd6e0a2a58e49d265b9b1aa58e621b60a26 ]

Commit 80f1a0f4e0cd ("net/ipv6: Put lwtstate when destroying fib6_info")
partially fixed the kmemleak [1], lwtstate can be copied from fib6_info,
with ip6_rt_copy_init(), and it should be done only once there.

rt->dst.lwtstate is set by ip6_rt_init_dst(), at the start of the function
ip6_rt_copy_init(), so there is no need to get it again at the end.

With this patch, lwtstate also isn't copied from RTF_REJECT routes.

[1]:
unreferenced object 0xffff880b6aaa14e0 (size 64):
  comm "ip", pid 10577, jiffies 4295149341 (age 1273.903s)
  hex dump (first 32 bytes):
    01 00 04 00 04 00 00 00 10 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000018664623>] lwtunnel_build_state+0x1bc/0x420
    [<00000000b73aa29a>] ip6_route_info_create+0x9f7/0x1fd0
    [<00000000ee2c5d1f>] ip6_route_add+0x14/0x70
    [<000000008537b55c>] inet6_rtm_newroute+0xd9/0xe0
    [<000000002acc50f5>] rtnetlink_rcv_msg+0x66f/0x8e0
    [<000000008d9cd381>] netlink_rcv_skb+0x268/0x3b0
    [<000000004c893c76>] netlink_unicast+0x417/0x5a0
    [<00000000f2ab1afb>] netlink_sendmsg+0x70b/0xc30
    [<00000000890ff0aa>] sock_sendmsg+0xb1/0xf0
    [<00000000a2e7b66f>] ___sys_sendmsg+0x659/0x950
    [<000000001e7426c8>] __sys_sendmsg+0xde/0x170
    [<00000000fe411443>] do_syscall_64+0x9f/0x4a0
    [<000000001be7b28b>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
    [<000000006d21f353>] 0xffffffffffffffff

Fixes: 6edb3c96a5f0 ("net/ipv6: Defer initialization of dst to data path")
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/route.c |    1 -
 1 file changed, 1 deletion(-)

--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -996,7 +996,6 @@ static void ip6_rt_copy_init(struct rt6_
 	rt->rt6i_src = ort->fib6_src;
 #endif
 	rt->rt6i_prefsrc = ort->fib6_prefsrc;
-	rt->dst.lwtstate = lwtstate_get(ort->fib6_nh.nh_lwtstate);
 }
 
 static struct fib6_node* fib6_backtrack(struct fib6_node *fn,



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 024/197] net/ipv6: init ip6 anycast rt->dst.input as ip6_input
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 023/197] ipv6: dont get lwtstate twice in ip6_rt_copy_init() Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 025/197] net/ipv6: Only update MTU metric if it set Greg Kroah-Hartman
                   ` (174 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hangbin Liu, David Ahern, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hangbin Liu <liuhangbin@gmail.com>

[ Upstream commit d23c4b6336ef30898dcdff351f21e633e7a64930 ]

Commit 6edb3c96a5f02 ("net/ipv6: Defer initialization of dst to data path")
forgot to handle anycast route and init anycast rt->dst.input to ip6_forward.
Fix it by setting anycast rt->dst.input back to ip6_input.

Fixes: 6edb3c96a5f02 ("net/ipv6: Defer initialization of dst to data path")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/route.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -956,7 +956,7 @@ static void ip6_rt_init_dst(struct rt6_i
 	rt->dst.error = 0;
 	rt->dst.output = ip6_output;
 
-	if (ort->fib6_type == RTN_LOCAL) {
+	if (ort->fib6_type == RTN_LOCAL || ort->fib6_type == RTN_ANYCAST) {
 		rt->dst.input = ip6_input;
 	} else if (ipv6_addr_type(&ort->fib6_dst.addr) & IPV6_ADDR_MULTICAST) {
 		rt->dst.input = ip6_mc_input;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 025/197] net/ipv6: Only update MTU metric if it set
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 024/197] net/ipv6: init ip6 anycast rt->dst.input as ip6_input Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 026/197] net/ipv6: Put lwtstate when destroying fib6_info Greg Kroah-Hartman
                   ` (173 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jan Janssen, David Ahern, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Ahern <dsahern@gmail.com>

[ Upstream commit 15a81b418e22a9aa4a0504471fdcb0f4ebf69b96 ]

Jan reported a regression after an update to 4.18.5. In this case ipv6
default route is setup by systemd-networkd based on data from an RA. The
RA contains an MTU of 1492 which is used when the route is first inserted
but then systemd-networkd pushes down updates to the default route
without the mtu set.

Prior to the change to fib6_info, metrics such as MTU were held in the
dst_entry and rt6i_pmtu in rt6_info contained an update to the mtu if
any. ip6_mtu would look at rt6i_pmtu first and use it if set. If not,
the value from the metrics is used if it is set and finally falling
back to the idev value.

After the fib6_info change metrics are contained in the fib6_info struct
and there is no equivalent to rt6i_pmtu. To maintain consistency with
the old behavior the new code should only reset the MTU in the metrics
if the route update has it set.

Fixes: d4ead6b34b67 ("net/ipv6: move metrics from dst to rt6_info")
Reported-by: Jan Janssen <medhefgo@web.de>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/ip6_fib.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -987,7 +987,10 @@ static int fib6_add_rt2node(struct fib6_
 					fib6_clean_expires(iter);
 				else
 					fib6_set_expires(iter, rt->expires);
-				fib6_metric_set(iter, RTAX_MTU, rt->fib6_pmtu);
+
+				if (rt->fib6_pmtu)
+					fib6_metric_set(iter, RTAX_MTU,
+							rt->fib6_pmtu);
 				return -EEXIST;
 			}
 			/* If we have the same destination and the same metric,



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 026/197] net/ipv6: Put lwtstate when destroying fib6_info
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 025/197] net/ipv6: Only update MTU metric if it set Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 027/197] net/mlx5: Fix SQ offset in QPs with small RQ Greg Kroah-Hartman
                   ` (172 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Ahern, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Ahern <dsahern@gmail.com>

[ Upstream commit 80f1a0f4e0cd4bfc8a74fc1c39843a6e7b206b95 ]

Prior to the introduction of fib6_info lwtstate was managed by the dst
code. With fib6_info releasing lwtstate needs to be done when the struct
is freed.

Fixes: 93531c674315 ("net/ipv6: separate handling of FIB entries from dst based routes")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/ip6_fib.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -198,6 +198,8 @@ void fib6_info_destroy_rcu(struct rcu_he
 		}
 	}
 
+	lwtstate_put(f6i->fib6_nh.nh_lwtstate);
+
 	if (f6i->fib6_nh.nh_dev)
 		dev_put(f6i->fib6_nh.nh_dev);
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 027/197] net/mlx5: Fix SQ offset in QPs with small RQ
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 026/197] net/ipv6: Put lwtstate when destroying fib6_info Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 028/197] r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices Greg Kroah-Hartman
                   ` (171 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tariq Toukan, Eran Ben Elisha,
	Saeed Mahameed, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tariq Toukan <tariqt@mellanox.com>

[ Upstream commit 639505d4397b8c654a8e2616f9cb70ece40c83f9 ]

Correct the formula for calculating the RQ page remainder,
which should be in byte granularity.  The result will be
non-zero only for RQs smaller than PAGE_SIZE, as an RQ size
is a power of 2.

Divide this by the SQ stride (MLX5_SEND_WQE_BB) to get the
SQ offset in strides granularity.

Fixes: d7037ad73daa ("net/mlx5: Fix QP fragmented buffer allocation")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Reviewed-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/mellanox/mlx5/core/wq.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/net/ethernet/mellanox/mlx5/core/wq.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/wq.c
@@ -139,14 +139,15 @@ int mlx5_wq_qp_create(struct mlx5_core_d
 		      struct mlx5_wq_ctrl *wq_ctrl)
 {
 	u32 sq_strides_offset;
+	u32 rq_pg_remainder;
 	int err;
 
 	mlx5_fill_fbc(MLX5_GET(qpc, qpc, log_rq_stride) + 4,
 		      MLX5_GET(qpc, qpc, log_rq_size),
 		      &wq->rq.fbc);
 
-	sq_strides_offset =
-		((wq->rq.fbc.frag_sz_m1 + 1) % PAGE_SIZE) / MLX5_SEND_WQE_BB;
+	rq_pg_remainder   = mlx5_wq_cyc_get_byte_size(&wq->rq) % PAGE_SIZE;
+	sq_strides_offset = rq_pg_remainder / MLX5_SEND_WQE_BB;
 
 	mlx5_fill_fbc_offset(ilog2(MLX5_SEND_WQE_BB),
 			     MLX5_GET(qpc, qpc, log_sq_size),



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 028/197] r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 027/197] net/mlx5: Fix SQ offset in QPs with small RQ Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 029/197] Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit" Greg Kroah-Hartman
                   ` (170 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, David S. Miller,
	netdev, Realtek linux nic maintainers, Azat Khuzhin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Azat Khuzhin <a3at.mail@gmail.com>

[ Upstream commit 05212ba8132b42047ab5d63d759c6f9c28e7eab5 ]

I have two Ethernet adapters:
  r8169 0000:03:01.0 eth0: RTL8169sb/8110sb, 00:14:d1:14:2d:49, XID 10000000, IRQ 18
  r8169 0000:01:00.0 eth0: RTL8168e/8111e, 64:66:b3:11:14:5d, XID 2c200000, IRQ 30
And after upgrading from linux 4.15 [1] to linux 4.18+ [2] RTL8169sb failed to
receive any packets. tcpdump shows a lot of checksum mismatch.

  [1]: a0f79386a4968b4925da6db2d1daffd0605a4402
  [2]: 0519359784328bfa92bf0931bf0cff3b58c16932 (4.19 merge window opened)

I started bisecting and the found that [3] breaks it. According to [4]:
  "For 8110S, 8110SB, and 8110SC series, the initial value of RxConfig
  needs to be set after the tx/rx is enabled."
So I moved rtl_init_rxcfg() after enabling tx/rs and now my adapter works
(RTL8168e works too).

  [3]: 3559d81e76bfe3803e89f2e04cf6ef7ab4f3aace
  [4]: e542a2269f232d61270ceddd42b73a4348dee2bb ("r8169: adjust the RxConfig
settings.")

Also drop "rx" from rtl_set_rx_tx_config_registers(), since it does nothing
with it already.

Fixes: 3559d81e76bfe3803e89f2e04cf6ef7ab4f3aace ("r8169: simplify
rtl_hw_start_8169")

Cc: Heiner Kallweit <hkallweit1@gmail.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Cc: Realtek linux nic maintainers <nic_swsd@realtek.com>
Signed-off-by: Azat Khuzhin <a3at.mail@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/realtek/r8169.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
@@ -5039,7 +5039,7 @@ static void rtl8169_hw_reset(struct rtl8
 	rtl_hw_reset(tp);
 }
 
-static void rtl_set_rx_tx_config_registers(struct rtl8169_private *tp)
+static void rtl_set_tx_config_registers(struct rtl8169_private *tp)
 {
 	/* Set DMA burst size and Interframe Gap Time */
 	RTL_W32(tp, TxConfig, (TX_DMA_BURST << TxDMAShift) |
@@ -5150,12 +5150,14 @@ static void rtl_hw_start(struct  rtl8169
 
 	rtl_set_rx_max_size(tp);
 	rtl_set_rx_tx_desc_registers(tp);
-	rtl_set_rx_tx_config_registers(tp);
+	rtl_set_tx_config_registers(tp);
 	RTL_W8(tp, Cfg9346, Cfg9346_Lock);
 
 	/* Initially a 10 us delay. Turned it into a PCI commit. - FR */
 	RTL_R8(tp, IntrMask);
 	RTL_W8(tp, ChipCmd, CmdTxEnb | CmdRxEnb);
+	rtl_init_rxcfg(tp);
+
 	rtl_set_rx_mode(tp->dev);
 	/* no early-rx interrupts */
 	RTL_W16(tp, MultiIntr, RTL_R16(tp, MultiIntr) & 0xf000);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 029/197] Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit"
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 028/197] r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 030/197] ip6_vti: fix creating fallback tunnel device for vti6 Greg Kroah-Hartman
                   ` (169 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jose Abreu, Joao Pinto, Vitor Soares,
	Giuseppe Cavallaro, Alexandre Torgue, Corentin Labbe,
	Jerome Brunet, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jerome Brunet <jbrunet@baylibre.com>

[ Upstream commit e5133f2f1261f8ab412e7fc5e3694c9f84328f89 ]

This reverts commit 4ae0169fd1b3c792b66be58995b7e6b629919ecf.

This change in the handling of the coalesce timer is causing regression on
(at least) amlogic platforms.

Network will break down very quickly (a few seconds) after starting
a download. This can easily be reproduced using iperf3 for example.

The problem has been reported on the S805, S905, S912 and A113 SoCs
(Realtek and Micrel PHYs) and it is likely impacting all Amlogics
platforms using Gbit ethernet

No problem was seen with the platform using 10/100 only PHYs (GXL internal)

Reverting change brings things back to normal and allows to use network
again until we better understand the problem with the coalesce timer.

Cc: Jose Abreu <joabreu@synopsys.com>
Cc: Joao Pinto <jpinto@synopsys.com>
Cc: Vitor Soares <soares@synopsys.com>
Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Cc: Alexandre Torgue <alexandre.torgue@st.com>
Cc: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/stmicro/stmmac/stmmac.h      |    1 -
 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c |    5 +----
 2 files changed, 1 insertion(+), 5 deletions(-)

--- a/drivers/net/ethernet/stmicro/stmmac/stmmac.h
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac.h
@@ -112,7 +112,6 @@ struct stmmac_priv {
 	u32 tx_count_frames;
 	u32 tx_coal_frames;
 	u32 tx_coal_timer;
-	bool tx_timer_armed;
 
 	int tx_coalesce;
 	int hwts_tx_en;
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -3126,16 +3126,13 @@ static netdev_tx_t stmmac_xmit(struct sk
 	 * element in case of no SG.
 	 */
 	priv->tx_count_frames += nfrags + 1;
-	if (likely(priv->tx_coal_frames > priv->tx_count_frames) &&
-	    !priv->tx_timer_armed) {
+	if (likely(priv->tx_coal_frames > priv->tx_count_frames)) {
 		mod_timer(&priv->txtimer,
 			  STMMAC_COAL_TIMER(priv->tx_coal_timer));
-		priv->tx_timer_armed = true;
 	} else {
 		priv->tx_count_frames = 0;
 		stmmac_set_tx_ic(priv, desc);
 		priv->xstats.tx_set_ic_bit++;
-		priv->tx_timer_armed = false;
 	}
 
 	skb_tx_timestamp(skb);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 030/197] ip6_vti: fix creating fallback tunnel device for vti6
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 029/197] Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit" Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 031/197] ip6_vti: fix a null pointer deference when destroy vti6 tunnel Greg Kroah-Hartman
                   ` (168 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Haishuang Yan, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>

[ Upstream commit e2948e5af8eeb6c945000772b7613b0323a0a203 ]

When set fb_tunnels_only_for_init_net to 1, don't create fallback tunnel
device for vti6 when a new namespace is created.

Tested:
[root@builder2 ~]# modprobe ip6_tunnel
[root@builder2 ~]# modprobe ip6_vti
[root@builder2 ~]# echo 1 > /proc/sys/net/core/fb_tunnels_only_for_init_net
[root@builder2 ~]# unshare -n
[root@builder2 ~]# ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/ip6_vti.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -1114,6 +1114,8 @@ static int __net_init vti6_init_net(stru
 	ip6n->tnls[0] = ip6n->tnls_wc;
 	ip6n->tnls[1] = ip6n->tnls_r_l;
 
+	if (!net_has_fallback_tunnels(net))
+		return 0;
 	err = -ENOMEM;
 	ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0",
 					NET_NAME_UNKNOWN, vti6_dev_setup);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 031/197] ip6_vti: fix a null pointer deference when destroy vti6 tunnel
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 030/197] ip6_vti: fix creating fallback tunnel device for vti6 Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 032/197] nfp: wait for posted reconfigs when disabling the device Greg Kroah-Hartman
                   ` (167 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Haishuang Yan, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>

[ Upstream commit 9c86336c15db1c48cbaddff56caf2be0a930e991 ]

If load ip6_vti module and create a network namespace when set
fb_tunnels_only_for_init_net to 1, then exit the namespace will
cause following crash:

[ 6601.677036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[ 6601.679057] PGD 8000000425eca067 P4D 8000000425eca067 PUD 424292067 PMD 0
[ 6601.680483] Oops: 0000 [#1] SMP PTI
[ 6601.681223] CPU: 7 PID: 93 Comm: kworker/u16:1 Kdump: loaded Tainted: G            E     4.18.0+ #3
[ 6601.683153] Hardware name: Fedora Project OpenStack Nova, BIOS seabios-1.7.5-11.el7 04/01/2014
[ 6601.684919] Workqueue: netns cleanup_net
[ 6601.685742] RIP: 0010:vti6_exit_batch_net+0x87/0xd0 [ip6_vti]
[ 6601.686932] Code: 7b 08 48 89 e6 e8 b9 ea d3 dd 48 8b 1b 48 85 db 75 ec 48 83 c5 08 48 81 fd 00 01 00 00 75 d5 49 8b 84 24 08 01 00 00 48 89 e6 <48> 8b 78 08 e8 90 ea d3 dd 49 8b 45 28 49 39 c6 4c 8d 68 d8 75 a1
[ 6601.690735] RSP: 0018:ffffa897c2737de0 EFLAGS: 00010246
[ 6601.691846] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dead000000000200
[ 6601.693324] RDX: 0000000000000015 RSI: ffffa897c2737de0 RDI: ffffffff9f2ea9e0
[ 6601.694824] RBP: 0000000000000100 R08: 0000000000000000 R09: 0000000000000000
[ 6601.696314] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8dc323c07e00
[ 6601.697812] R13: ffff8dc324a63100 R14: ffffa897c2737e30 R15: ffffa897c2737e30
[ 6601.699345] FS:  0000000000000000(0000) GS:ffff8dc33fdc0000(0000) knlGS:0000000000000000
[ 6601.701068] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6601.702282] CR2: 0000000000000008 CR3: 0000000424966002 CR4: 00000000001606e0
[ 6601.703791] Call Trace:
[ 6601.704329]  cleanup_net+0x1b4/0x2c0
[ 6601.705268]  process_one_work+0x16c/0x370
[ 6601.706145]  worker_thread+0x49/0x3e0
[ 6601.706942]  kthread+0xf8/0x130
[ 6601.707626]  ? rescuer_thread+0x340/0x340
[ 6601.708476]  ? kthread_bind+0x10/0x10
[ 6601.709266]  ret_from_fork+0x35/0x40

Reproduce:
modprobe ip6_vti
echo 1 > /proc/sys/net/core/fb_tunnels_only_for_init_net
unshare -n
exit

This because ip6n->tnls_wc[0] point to fallback device in default, but
in non-default namespace, ip6n->tnls_wc[0] will be NULL, so add the NULL
check comparatively.

Fixes: e2948e5af8ee ("ip6_vti: fix creating fallback tunnel device for vti6")
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/ip6_vti.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -1102,7 +1102,8 @@ static void __net_exit vti6_destroy_tunn
 	}
 
 	t = rtnl_dereference(ip6n->tnls_wc[0]);
-	unregister_netdevice_queue(t->dev, list);
+	if (t)
+		unregister_netdevice_queue(t->dev, list);
 }
 
 static int __net_init vti6_init_net(struct net *net)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 032/197] nfp: wait for posted reconfigs when disabling the device
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 031/197] ip6_vti: fix a null pointer deference when destroy vti6 tunnel Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 033/197] sctp: hold transport before accessing its asoc in sctp_transport_get_next Greg Kroah-Hartman
                   ` (166 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jakub Kicinski, Dirk van der Merwe,
	David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jakub Kicinski <jakub.kicinski@netronome.com>

[ Upstream commit 9ad716b95fd6c6be46a4f2d5936e514b5bcd744d ]

To avoid leaking a running timer we need to wait for the
posted reconfigs after netdev is unregistered.  In common
case the process of deinitializing the device will perform
synchronous reconfigs which wait for posted requests, but
especially with VXLAN ports being actively added and removed
there can be a race condition leaving a timer running after
adapter structure is freed leading to a crash.

Add an explicit flush after deregistering and for a good
measure a warning to check if timer is running just before
structures are freed.

Fixes: 3d780b926a12 ("nfp: add async reconfiguration mechanism")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/netronome/nfp/nfp_net_common.c |   48 +++++++++++++-------
 1 file changed, 33 insertions(+), 15 deletions(-)

--- a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
@@ -227,29 +227,16 @@ done:
 	spin_unlock_bh(&nn->reconfig_lock);
 }
 
-/**
- * nfp_net_reconfig() - Reconfigure the firmware
- * @nn:      NFP Net device to reconfigure
- * @update:  The value for the update field in the BAR config
- *
- * Write the update word to the BAR and ping the reconfig queue.  The
- * poll until the firmware has acknowledged the update by zeroing the
- * update word.
- *
- * Return: Negative errno on error, 0 on success
- */
-int nfp_net_reconfig(struct nfp_net *nn, u32 update)
+static void nfp_net_reconfig_sync_enter(struct nfp_net *nn)
 {
 	bool cancelled_timer = false;
 	u32 pre_posted_requests;
-	int ret;
 
 	spin_lock_bh(&nn->reconfig_lock);
 
 	nn->reconfig_sync_present = true;
 
 	if (nn->reconfig_timer_active) {
-		del_timer(&nn->reconfig_timer);
 		nn->reconfig_timer_active = false;
 		cancelled_timer = true;
 	}
@@ -258,14 +245,43 @@ int nfp_net_reconfig(struct nfp_net *nn,
 
 	spin_unlock_bh(&nn->reconfig_lock);
 
-	if (cancelled_timer)
+	if (cancelled_timer) {
+		del_timer_sync(&nn->reconfig_timer);
 		nfp_net_reconfig_wait(nn, nn->reconfig_timer.expires);
+	}
 
 	/* Run the posted reconfigs which were issued before we started */
 	if (pre_posted_requests) {
 		nfp_net_reconfig_start(nn, pre_posted_requests);
 		nfp_net_reconfig_wait(nn, jiffies + HZ * NFP_NET_POLL_TIMEOUT);
 	}
+}
+
+static void nfp_net_reconfig_wait_posted(struct nfp_net *nn)
+{
+	nfp_net_reconfig_sync_enter(nn);
+
+	spin_lock_bh(&nn->reconfig_lock);
+	nn->reconfig_sync_present = false;
+	spin_unlock_bh(&nn->reconfig_lock);
+}
+
+/**
+ * nfp_net_reconfig() - Reconfigure the firmware
+ * @nn:      NFP Net device to reconfigure
+ * @update:  The value for the update field in the BAR config
+ *
+ * Write the update word to the BAR and ping the reconfig queue.  The
+ * poll until the firmware has acknowledged the update by zeroing the
+ * update word.
+ *
+ * Return: Negative errno on error, 0 on success
+ */
+int nfp_net_reconfig(struct nfp_net *nn, u32 update)
+{
+	int ret;
+
+	nfp_net_reconfig_sync_enter(nn);
 
 	nfp_net_reconfig_start(nn, update);
 	ret = nfp_net_reconfig_wait(nn, jiffies + HZ * NFP_NET_POLL_TIMEOUT);
@@ -3609,6 +3625,7 @@ struct nfp_net *nfp_net_alloc(struct pci
  */
 void nfp_net_free(struct nfp_net *nn)
 {
+	WARN_ON(timer_pending(&nn->reconfig_timer) || nn->reconfig_posted);
 	if (nn->dp.netdev)
 		free_netdev(nn->dp.netdev);
 	else
@@ -3893,4 +3910,5 @@ void nfp_net_clean(struct nfp_net *nn)
 		return;
 
 	unregister_netdev(nn->dp.netdev);
+	nfp_net_reconfig_wait_posted(nn);
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 033/197] sctp: hold transport before accessing its asoc in sctp_transport_get_next
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 032/197] nfp: wait for posted reconfigs when disabling the device Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 034/197] mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge Greg Kroah-Hartman
                   ` (165 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+fe62a0c9aa6a85c6de16,
	Xin Long, Neil Horman, Marcelo Ricardo Leitner, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Xin Long <lucien.xin@gmail.com>

[ Upstream commit bab1be79a5169ac748d8292b20c86d874022d7ba ]

As Marcelo noticed, in sctp_transport_get_next, it is iterating over
transports but then also accessing the association directly, without
checking any refcnts before that, which can cause an use-after-free
Read.

So fix it by holding transport before accessing the association. With
that, sctp_transport_hold calls can be removed in the later places.

Fixes: 626d16f50f39 ("sctp: export some apis or variables for sctp_diag and reuse some for proc")
Reported-by: syzbot+fe62a0c9aa6a85c6de16@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sctp/proc.c   |    4 ----
 net/sctp/socket.c |   22 +++++++++++++++-------
 2 files changed, 15 insertions(+), 11 deletions(-)

--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
@@ -260,8 +260,6 @@ static int sctp_assocs_seq_show(struct s
 	}
 
 	transport = (struct sctp_transport *)v;
-	if (!sctp_transport_hold(transport))
-		return 0;
 	assoc = transport->asoc;
 	epb = &assoc->base;
 	sk = epb->sk;
@@ -318,8 +316,6 @@ static int sctp_remaddr_seq_show(struct
 	}
 
 	transport = (struct sctp_transport *)v;
-	if (!sctp_transport_hold(transport))
-		return 0;
 	assoc = transport->asoc;
 
 	list_for_each_entry_rcu(tsp, &assoc->peer.transport_addr_list,
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4881,9 +4881,14 @@ struct sctp_transport *sctp_transport_ge
 			break;
 		}
 
+		if (!sctp_transport_hold(t))
+			continue;
+
 		if (net_eq(sock_net(t->asoc->base.sk), net) &&
 		    t->asoc->peer.primary_path == t)
 			break;
+
+		sctp_transport_put(t);
 	}
 
 	return t;
@@ -4893,13 +4898,18 @@ struct sctp_transport *sctp_transport_ge
 					      struct rhashtable_iter *iter,
 					      int pos)
 {
-	void *obj = SEQ_START_TOKEN;
+	struct sctp_transport *t;
+
+	if (!pos)
+		return SEQ_START_TOKEN;
 
-	while (pos && (obj = sctp_transport_get_next(net, iter)) &&
-	       !IS_ERR(obj))
-		pos--;
+	while ((t = sctp_transport_get_next(net, iter)) && !IS_ERR(t)) {
+		if (!--pos)
+			break;
+		sctp_transport_put(t);
+	}
 
-	return obj;
+	return t;
 }
 
 int sctp_for_each_endpoint(int (*cb)(struct sctp_endpoint *, void *),
@@ -4958,8 +4968,6 @@ again:
 
 	tsp = sctp_transport_get_idx(net, &hti, *pos + 1);
 	for (; !IS_ERR_OR_NULL(tsp); tsp = sctp_transport_get_next(net, &hti)) {
-		if (!sctp_transport_hold(tsp))
-			continue;
 		ret = cb(tsp, p);
 		if (ret)
 			break;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 034/197] mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 033/197] sctp: hold transport before accessing its asoc in sctp_transport_get_next Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 035/197] vhost: correctly check the iova range when waking virtqueue Greg Kroah-Hartman
                   ` (164 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ido Schimmel, Petr Machata, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ido Schimmel <idosch@mellanox.com>

[ Upstream commit 602b74eda81311dbdb5dbab08c30f789f648ebdc ]

When a bridge device is removed, the VLANs are flushed from each
configured port. This causes the ports to decrement the reference count
on the associated FIDs (filtering identifier). If the reference count of
a FID is 1 and it has a RIF (router interface), then this RIF is
destroyed.

However, if no port is member in the VLAN for which a RIF exists, then
the RIF will continue to exist after the removal of the bridge. To
reproduce:

# ip link add name br0 type bridge vlan_filtering 1
# ip link set dev swp1 master br0
# ip link add link br0 name br0.10 type vlan id 10
# ip address add 192.0.2.0/24 dev br0.10
# ip link del dev br0

The RIF associated with br0.10 continues to exist.

Fix this by iterating over all the bridge device uppers when it is
destroyed and take care of destroying their RIFs.

Fixes: 99f44bb3527b ("mlxsw: spectrum: Enable L3 interfaces on top of bridge devices")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/mellanox/mlxsw/spectrum.h           |    2 +
 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c    |   11 ++++++++
 drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c |   20 +++++++++++++++
 3 files changed, 33 insertions(+)

--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.h
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.h
@@ -433,6 +433,8 @@ mlxsw_sp_netdevice_ipip_ul_event(struct
 void
 mlxsw_sp_port_vlan_router_leave(struct mlxsw_sp_port_vlan *mlxsw_sp_port_vlan);
 void mlxsw_sp_rif_destroy(struct mlxsw_sp_rif *rif);
+void mlxsw_sp_rif_destroy_by_dev(struct mlxsw_sp *mlxsw_sp,
+				 struct net_device *dev);
 
 /* spectrum_kvdl.c */
 int mlxsw_sp_kvdl_init(struct mlxsw_sp *mlxsw_sp);
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c
@@ -6228,6 +6228,17 @@ void mlxsw_sp_rif_destroy(struct mlxsw_s
 	mlxsw_sp_vr_put(mlxsw_sp, vr);
 }
 
+void mlxsw_sp_rif_destroy_by_dev(struct mlxsw_sp *mlxsw_sp,
+				 struct net_device *dev)
+{
+	struct mlxsw_sp_rif *rif;
+
+	rif = mlxsw_sp_rif_find_by_dev(mlxsw_sp, dev);
+	if (!rif)
+		return;
+	mlxsw_sp_rif_destroy(rif);
+}
+
 static void
 mlxsw_sp_rif_subport_params_init(struct mlxsw_sp_rif_params *params,
 				 struct mlxsw_sp_port_vlan *mlxsw_sp_port_vlan)
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
@@ -160,6 +160,24 @@ bool mlxsw_sp_bridge_device_is_offloaded
 	return !!mlxsw_sp_bridge_device_find(mlxsw_sp->bridge, br_dev);
 }
 
+static int mlxsw_sp_bridge_device_upper_rif_destroy(struct net_device *dev,
+						    void *data)
+{
+	struct mlxsw_sp *mlxsw_sp = data;
+
+	mlxsw_sp_rif_destroy_by_dev(mlxsw_sp, dev);
+	return 0;
+}
+
+static void mlxsw_sp_bridge_device_rifs_destroy(struct mlxsw_sp *mlxsw_sp,
+						struct net_device *dev)
+{
+	mlxsw_sp_rif_destroy_by_dev(mlxsw_sp, dev);
+	netdev_walk_all_upper_dev_rcu(dev,
+				      mlxsw_sp_bridge_device_upper_rif_destroy,
+				      mlxsw_sp);
+}
+
 static struct mlxsw_sp_bridge_device *
 mlxsw_sp_bridge_device_create(struct mlxsw_sp_bridge *bridge,
 			      struct net_device *br_dev)
@@ -198,6 +216,8 @@ static void
 mlxsw_sp_bridge_device_destroy(struct mlxsw_sp_bridge *bridge,
 			       struct mlxsw_sp_bridge_device *bridge_device)
 {
+	mlxsw_sp_bridge_device_rifs_destroy(bridge->mlxsw_sp,
+					    bridge_device->dev);
 	list_del(&bridge_device->list);
 	if (bridge_device->vlan_enabled)
 		bridge->vlan_enabled_exists = false;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 035/197] vhost: correctly check the iova range when waking virtqueue
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 034/197] mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 036/197] hv_netvsc: ignore devices that are not PCI Greg Kroah-Hartman
                   ` (163 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Peter Xu, Jason Wang,
	Michael S. Tsirkin, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jason Wang <jasowang@redhat.com>

[ Upstream commit 2d66f997f0545c8f7fc5cf0b49af1decb35170e7 ]

We don't wakeup the virtqueue if the first byte of pending iova range
is the last byte of the range we just got updated. This will lead a
virtqueue to wait for IOTLB updating forever. Fixing by correct the
check and wake up the virtqueue in this case.

Fixes: 6b1e6cc7855b ("vhost: new device IOTLB API")
Reported-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Tested-by: Peter Xu <peterx@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/vhost/vhost.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -951,7 +951,7 @@ static void vhost_iotlb_notify_vq(struct
 	list_for_each_entry_safe(node, n, &d->pending_list, node) {
 		struct vhost_iotlb_msg *vq_msg = &node->msg.iotlb;
 		if (msg->iova <= vq_msg->iova &&
-		    msg->iova + msg->size - 1 > vq_msg->iova &&
+		    msg->iova + msg->size - 1 >= vq_msg->iova &&
 		    vq_msg->type == VHOST_IOTLB_MISS) {
 			vhost_poll_queue(&node->vq->poll);
 			list_del(&node->node);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 036/197] hv_netvsc: ignore devices that are not PCI
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 035/197] vhost: correctly check the iova range when waking virtqueue Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 037/197] cifs: check if SMB2 PDU size has been padded and suppress the warning Greg Kroah-Hartman
                   ` (162 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Stephen Hemminger, David S. Miller

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Stephen Hemminger <stephen@networkplumber.org>

[ Upstream commit b93c1b5ac8643cc08bb74fa8ae21d6c63dfcb23d ]

Registering another device with same MAC address (such as TAP, VPN or
DPDK KNI) will confuse the VF autobinding logic.  Restrict the search
to only run if the device is known to be a PCI attached VF.

Fixes: e8ff40d4bff1 ("hv_netvsc: improve VF device matching")
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/hyperv/netvsc_drv.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -29,6 +29,7 @@
 #include <linux/netdevice.h>
 #include <linux/inetdevice.h>
 #include <linux/etherdevice.h>
+#include <linux/pci.h>
 #include <linux/skbuff.h>
 #include <linux/if_vlan.h>
 #include <linux/in.h>
@@ -1939,12 +1940,16 @@ static int netvsc_register_vf(struct net
 {
 	struct net_device *ndev;
 	struct net_device_context *net_device_ctx;
+	struct device *pdev = vf_netdev->dev.parent;
 	struct netvsc_device *netvsc_dev;
 	int ret;
 
 	if (vf_netdev->addr_len != ETH_ALEN)
 		return NOTIFY_DONE;
 
+	if (!pdev || !dev_is_pci(pdev) || dev_is_pf(pdev))
+		return NOTIFY_DONE;
+
 	/*
 	 * We will use the MAC address to locate the synthetic interface to
 	 * associate with the VF interface. If we don't find a matching



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 037/197] cifs: check if SMB2 PDU size has been padded and suppress the warning
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 036/197] hv_netvsc: ignore devices that are not PCI Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 038/197] hfsplus: dont return 0 when fill_super() failed Greg Kroah-Hartman
                   ` (161 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ronnie Sahlberg, Steve French, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ronnie Sahlberg <lsahlber@redhat.com>

[ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ]

Some SMB2/3 servers, Win2016 but possibly others too, adds padding
not only between PDUs in a compound but also to the final PDU.
This padding extends the PDU to a multiple of 8 bytes.

Check if the unexpected length looks like this might be the case
and avoid triggering the log messages for :

  "SMB2 server sent bad RFC1001 len %d not %d\n"

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/cifs/smb2misc.c |    7 +++++++
 1 file changed, 7 insertions(+)

--- a/fs/cifs/smb2misc.c
+++ b/fs/cifs/smb2misc.c
@@ -241,6 +241,13 @@ smb2_check_message(char *buf, unsigned i
 			return 0;
 
 		/*
+		 * Some windows servers (win2016) will pad also the final
+		 * PDU in a compound to 8 bytes.
+		 */
+		if (((clc_len + 7) & ~7) == len)
+			return 0;
+
+		/*
 		 * MacOS server pads after SMB2.1 write response with 3 bytes
 		 * of junk. Other servers match RFC1001 len to actual
 		 * SMB2/SMB3 frame length (header + smb2 response specific data)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 038/197] hfsplus: dont return 0 when fill_super() failed
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 037/197] cifs: check if SMB2 PDU size has been padded and suppress the warning Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 039/197] hfs: prevent crash on exit from failed search Greg Kroah-Hartman
                   ` (160 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tetsuo Handa, syzbot,
	Ernesto A .  Fernández, Andrew Morton, Al Viro,
	Linus Torvalds, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

[ Upstream commit 7464726cb5998846306ed0a7d6714afb2e37b25d ]

syzbot is reporting NULL pointer dereference at mount_fs() [1].  This is
because hfsplus_fill_super() is by error returning 0 when
hfsplus_fill_super() detected invalid filesystem image, and mount_bdev()
is returning NULL because dget(s->s_root) == NULL if s->s_root == NULL,
and mount_fs() is accessing root->d_sb because IS_ERR(root) == false if
root == NULL.  Fix this by returning -EINVAL when hfsplus_fill_super()
detected invalid filesystem image.

[1] https://syzkaller.appspot.com/bug?id=21acb6850cecbc960c927229e597158cf35f33d0

Link: http://lkml.kernel.org/r/d83ce31a-874c-dd5b-f790-41405983a5be@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: syzbot <syzbot+01ffaf5d9568dd1609f7@syzkaller.appspotmail.com>
Reviewed-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/hfsplus/super.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/fs/hfsplus/super.c
+++ b/fs/hfsplus/super.c
@@ -524,8 +524,10 @@ static int hfsplus_fill_super(struct sup
 		goto out_put_root;
 	if (!hfs_brec_read(&fd, &entry, sizeof(entry))) {
 		hfs_find_exit(&fd);
-		if (entry.type != cpu_to_be16(HFSPLUS_FOLDER))
+		if (entry.type != cpu_to_be16(HFSPLUS_FOLDER)) {
+			err = -EINVAL;
 			goto out_put_root;
+		}
 		inode = hfsplus_iget(sb, be32_to_cpu(entry.folder.id));
 		if (IS_ERR(inode)) {
 			err = PTR_ERR(inode);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 039/197] hfs: prevent crash on exit from failed search
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 038/197] hfsplus: dont return 0 when fill_super() failed Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 040/197] sunrpc: Dont use stack buffer with scatterlist Greg Kroah-Hartman
                   ` (159 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ernesto A .  Fernández,
	Anatoly Trosinenko, Viacheslav Dubeyko, Andrew Morton,
	Linus Torvalds, Sasha Levin

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 1449 bytes --]

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: "Ernesto A. Fernández" <ernesto.mnd.fernandez@gmail.com>

[ Upstream commit dc2572791d3a41bab94400af2b6bca9d71ccd303 ]

hfs_find_exit() expects fd->bnode to be NULL after a search has failed.
hfs_brec_insert() may instead set it to an error-valued pointer.  Fix
this to prevent a crash.

Link: http://lkml.kernel.org/r/53d9749a029c41b4016c495fc5838c9dba3afc52.1530294815.git.ernesto.mnd.fernandez@gmail.com
Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
Cc: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/hfs/brec.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/fs/hfs/brec.c
+++ b/fs/hfs/brec.c
@@ -75,9 +75,10 @@ int hfs_brec_insert(struct hfs_find_data
 	if (!fd->bnode) {
 		if (!tree->root)
 			hfs_btree_inc_height(tree);
-		fd->bnode = hfs_bnode_find(tree, tree->leaf_head);
-		if (IS_ERR(fd->bnode))
-			return PTR_ERR(fd->bnode);
+		node = hfs_bnode_find(tree, tree->leaf_head);
+		if (IS_ERR(node))
+			return PTR_ERR(node);
+		fd->bnode = node;
 		fd->record = -1;
 	}
 	new_node = NULL;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 040/197] sunrpc: Dont use stack buffer with scatterlist
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 039/197] hfs: prevent crash on exit from failed search Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 041/197] fork: dont copy inconsistent signal handler state to child Greg Kroah-Hartman
                   ` (158 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Laura Abbott, J. Bruce Fields, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Laura Abbott <labbott@redhat.com>

[ Upstream commit 44090cc876926277329e1608bafc01b9f6da627f ]

Fedora got a bug report from NFS:

kernel BUG at include/linux/scatterlist.h:143!
...
RIP: 0010:sg_init_one+0x7d/0x90
..
  make_checksum+0x4e7/0x760 [rpcsec_gss_krb5]
  gss_get_mic_kerberos+0x26e/0x310 [rpcsec_gss_krb5]
  gss_marshal+0x126/0x1a0 [auth_rpcgss]
  ? __local_bh_enable_ip+0x80/0xe0
  ? call_transmit_status+0x1d0/0x1d0 [sunrpc]
  call_transmit+0x137/0x230 [sunrpc]
  __rpc_execute+0x9b/0x490 [sunrpc]
  rpc_run_task+0x119/0x150 [sunrpc]
  nfs4_run_exchange_id+0x1bd/0x250 [nfsv4]
  _nfs4_proc_exchange_id+0x2d/0x490 [nfsv4]
  nfs41_discover_server_trunking+0x1c/0xa0 [nfsv4]
  nfs4_discover_server_trunking+0x80/0x270 [nfsv4]
  nfs4_init_client+0x16e/0x240 [nfsv4]
  ? nfs_get_client+0x4c9/0x5d0 [nfs]
  ? _raw_spin_unlock+0x24/0x30
  ? nfs_get_client+0x4c9/0x5d0 [nfs]
  nfs4_set_client+0xb2/0x100 [nfsv4]
  nfs4_create_server+0xff/0x290 [nfsv4]
  nfs4_remote_mount+0x28/0x50 [nfsv4]
  mount_fs+0x3b/0x16a
  vfs_kern_mount.part.35+0x54/0x160
  nfs_do_root_mount+0x7f/0xc0 [nfsv4]
  nfs4_try_mount+0x43/0x70 [nfsv4]
  ? get_nfs_version+0x21/0x80 [nfs]
  nfs_fs_mount+0x789/0xbf0 [nfs]
  ? pcpu_alloc+0x6ca/0x7e0
  ? nfs_clone_super+0x70/0x70 [nfs]
  ? nfs_parse_mount_options+0xb40/0xb40 [nfs]
  mount_fs+0x3b/0x16a
  vfs_kern_mount.part.35+0x54/0x160
  do_mount+0x1fd/0xd50
  ksys_mount+0xba/0xd0
  __x64_sys_mount+0x21/0x30
  do_syscall_64+0x60/0x1f0
  entry_SYSCALL_64_after_hwframe+0x49/0xbe

This is BUG_ON(!virt_addr_valid(buf)) triggered by using a stack
allocated buffer with a scatterlist. Convert the buffer for
rc4salt to be dynamically allocated instead.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1615258
Signed-off-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sunrpc/auth_gss/gss_krb5_crypto.c |   12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -169,7 +169,7 @@ make_checksum_hmac_md5(struct krb5_ctx *
 	struct scatterlist              sg[1];
 	int err = -1;
 	u8 *checksumdata;
-	u8 rc4salt[4];
+	u8 *rc4salt;
 	struct crypto_ahash *md5;
 	struct crypto_ahash *hmac_md5;
 	struct ahash_request *req;
@@ -183,14 +183,18 @@ make_checksum_hmac_md5(struct krb5_ctx *
 		return GSS_S_FAILURE;
 	}
 
+	rc4salt = kmalloc_array(4, sizeof(*rc4salt), GFP_NOFS);
+	if (!rc4salt)
+		return GSS_S_FAILURE;
+
 	if (arcfour_hmac_md5_usage_to_salt(usage, rc4salt)) {
 		dprintk("%s: invalid usage value %u\n", __func__, usage);
-		return GSS_S_FAILURE;
+		goto out_free_rc4salt;
 	}
 
 	checksumdata = kmalloc(GSS_KRB5_MAX_CKSUM_LEN, GFP_NOFS);
 	if (!checksumdata)
-		return GSS_S_FAILURE;
+		goto out_free_rc4salt;
 
 	md5 = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC);
 	if (IS_ERR(md5))
@@ -258,6 +262,8 @@ out_free_md5:
 	crypto_free_ahash(md5);
 out_free_cksum:
 	kfree(checksumdata);
+out_free_rc4salt:
+	kfree(rc4salt);
 	return err ? GSS_S_FAILURE : 0;
 }
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 041/197] fork: dont copy inconsistent signal handler state to child
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 040/197] sunrpc: Dont use stack buffer with scatterlist Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 042/197] fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds Greg Kroah-Hartman
                   ` (157 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jann Horn, Michal Hocko,
	Andrew Morton, Rik van Riel, Peter Zijlstra (Intel),
	Kees Cook, Oleg Nesterov, Linus Torvalds, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jann Horn <jannh@google.com>

[ Upstream commit 06e62a46bbba20aa5286102016a04214bb446141 ]

Before this change, if a multithreaded process forks while one of its
threads is changing a signal handler using sigaction(), the memcpy() in
copy_sighand() can race with the struct assignment in do_sigaction().  It
isn't clear whether this can cause corruption of the userspace signal
handler pointer, but it definitely can cause inconsistency between
different fields of struct sigaction.

Take the appropriate spinlock to avoid this.

I have tested that this patch prevents inconsistency between sa_sigaction
and sa_flags, which is possible before this patch.

Link: http://lkml.kernel.org/r/20180702145108.73189-1-jannh@google.com
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/fork.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1417,7 +1417,9 @@ static int copy_sighand(unsigned long cl
 		return -ENOMEM;
 
 	atomic_set(&sig->count, 1);
+	spin_lock_irq(&current->sighand->siglock);
 	memcpy(sig->action, current->sighand->action, sizeof(sig->action));
+	spin_unlock_irq(&current->sighand->siglock);
 	return 0;
 }
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 042/197] fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 041/197] fork: dont copy inconsistent signal handler state to child Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 043/197] reiserfs: change j_timestamp type to time64_t Greg Kroah-Hartman
                   ` (156 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Ganesh Goudar,
	David S. Miller, Rahul Lakkireddy, Alexey Dobriyan,
	Andrew Morton, Linus Torvalds, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit a2036a1ef2ee91acab01a0ae4a534070691a42ec ]

Without CONFIG_MMU, we get a build warning:

  fs/proc/vmcore.c:228:12: error: 'vmcoredd_mmap_dumps' defined but not used [-Werror=unused-function]
   static int vmcoredd_mmap_dumps(struct vm_area_struct *vma, unsigned long dst,

The function is only referenced from an #ifdef'ed caller, so
this uses the same #ifdef around it.

Link: http://lkml.kernel.org/r/20180525213526.2117790-1-arnd@arndb.de
Fixes: 7efe48df8a3d ("vmcore: append device dumps to vmcore as elf notes")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Ganesh Goudar <ganeshgr@chelsio.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/proc/vmcore.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/proc/vmcore.c
+++ b/fs/proc/vmcore.c
@@ -225,6 +225,7 @@ out_unlock:
 	return ret;
 }
 
+#ifdef CONFIG_MMU
 static int vmcoredd_mmap_dumps(struct vm_area_struct *vma, unsigned long dst,
 			       u64 start, size_t size)
 {
@@ -259,6 +260,7 @@ out_unlock:
 	mutex_unlock(&vmcoredd_mutex);
 	return ret;
 }
+#endif /* CONFIG_MMU */
 #endif /* CONFIG_PROC_VMCORE_DEVICE_DUMP */
 
 /* Read from the ELF header and then the crash dump. On error, negative value is



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 043/197] reiserfs: change j_timestamp type to time64_t
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 042/197] fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 044/197] iommu/rockchip: Handle errors returned from PM framework Greg Kroah-Hartman
                   ` (155 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Jan Kara,
	Jeff Mahoney, Andrew Morton, Linus Torvalds, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit 8b73ce6a4bae4fe12bcb2c361c0da4183c2e1b6f ]

This uses the deprecated time_t type but is write-only, and could be
removed, but as Jeff explains, having a timestamp can be usefule for
post-mortem analysis in crash dumps.

In order to remove one of the last instances of time_t, this changes the
type to time64_t, same as j_trans_start_time.

Link: http://lkml.kernel.org/r/20180622133315.221210-1-arnd@arndb.de
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Jan Kara <jack@suse.cz>
Cc: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/reiserfs/reiserfs.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/reiserfs/reiserfs.h
+++ b/fs/reiserfs/reiserfs.h
@@ -271,7 +271,7 @@ struct reiserfs_journal_list {
 
 	struct mutex j_commit_mutex;
 	unsigned int j_trans_id;
-	time_t j_timestamp;
+	time64_t j_timestamp; /* write-only but useful for crash dump analysis */
 	struct reiserfs_list_bitmap *j_list_bitmap;
 	struct buffer_head *j_commit_bh;	/* commit buffer head */
 	struct reiserfs_journal_cnode *j_realblock;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 044/197] iommu/rockchip: Handle errors returned from PM framework
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 043/197] reiserfs: change j_timestamp type to time64_t Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 045/197] hfsplus: fix NULL dereference in hfsplus_lookup() Greg Kroah-Hartman
                   ` (154 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Heiko Stuebner, Marc Zyngier,
	Olof Johansson, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marc Zyngier <marc.zyngier@arm.com>

[ Upstream commit 3fc7c5c0cff3150e471f5fd12f59971c6d2c6513 ]

pm_runtime_get_if_in_use can fail: either PM has been disabled
altogether (-EINVAL), or the device hasn't been enabled yet (0).
Sadly, the Rockchip IOMMU driver tends to conflate the two things
by considering a non-zero return value as successful.

This has the consequence of hiding other bugs, so let's handle this
case throughout the driver, with a WARN_ON_ONCE so that we can try
and work out what happened.

Fixes: 0f181d3cf7d98 ("iommu/rockchip: Add runtime PM support")
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/iommu/rockchip-iommu.c |   21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

--- a/drivers/iommu/rockchip-iommu.c
+++ b/drivers/iommu/rockchip-iommu.c
@@ -521,10 +521,11 @@ static irqreturn_t rk_iommu_irq(int irq,
 	u32 int_status;
 	dma_addr_t iova;
 	irqreturn_t ret = IRQ_NONE;
-	int i;
+	int i, err;
 
-	if (WARN_ON(!pm_runtime_get_if_in_use(iommu->dev)))
-		return 0;
+	err = pm_runtime_get_if_in_use(iommu->dev);
+	if (WARN_ON_ONCE(err <= 0))
+		return ret;
 
 	if (WARN_ON(clk_bulk_enable(iommu->num_clocks, iommu->clocks)))
 		goto out;
@@ -620,11 +621,15 @@ static void rk_iommu_zap_iova(struct rk_
 	spin_lock_irqsave(&rk_domain->iommus_lock, flags);
 	list_for_each(pos, &rk_domain->iommus) {
 		struct rk_iommu *iommu;
+		int ret;
 
 		iommu = list_entry(pos, struct rk_iommu, node);
 
 		/* Only zap TLBs of IOMMUs that are powered on. */
-		if (pm_runtime_get_if_in_use(iommu->dev)) {
+		ret = pm_runtime_get_if_in_use(iommu->dev);
+		if (WARN_ON_ONCE(ret < 0))
+			continue;
+		if (ret) {
 			WARN_ON(clk_bulk_enable(iommu->num_clocks,
 						iommu->clocks));
 			rk_iommu_zap_lines(iommu, iova, size);
@@ -891,6 +896,7 @@ static void rk_iommu_detach_device(struc
 	struct rk_iommu *iommu;
 	struct rk_iommu_domain *rk_domain = to_rk_domain(domain);
 	unsigned long flags;
+	int ret;
 
 	/* Allow 'virtual devices' (eg drm) to detach from domain */
 	iommu = rk_iommu_from_dev(dev);
@@ -909,7 +915,9 @@ static void rk_iommu_detach_device(struc
 	list_del_init(&iommu->node);
 	spin_unlock_irqrestore(&rk_domain->iommus_lock, flags);
 
-	if (pm_runtime_get_if_in_use(iommu->dev)) {
+	ret = pm_runtime_get_if_in_use(iommu->dev);
+	WARN_ON_ONCE(ret < 0);
+	if (ret > 0) {
 		rk_iommu_disable(iommu);
 		pm_runtime_put(iommu->dev);
 	}
@@ -946,7 +954,8 @@ static int rk_iommu_attach_device(struct
 	list_add_tail(&iommu->node, &rk_domain->iommus);
 	spin_unlock_irqrestore(&rk_domain->iommus_lock, flags);
 
-	if (!pm_runtime_get_if_in_use(iommu->dev))
+	ret = pm_runtime_get_if_in_use(iommu->dev);
+	if (!ret || WARN_ON_ONCE(ret < 0))
 		return 0;
 
 	ret = rk_iommu_enable(iommu);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 045/197] hfsplus: fix NULL dereference in hfsplus_lookup()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (43 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 044/197] iommu/rockchip: Handle errors returned from PM framework Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 046/197] iommu/rockchip: Move irq request past pm_runtime_enable Greg Kroah-Hartman
                   ` (153 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ernesto A .  Fernández, Wen Xu,
	Viacheslav Dubeyko, Andrew Morton, Linus Torvalds, Sasha Levin

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 1982 bytes --]

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: "Ernesto A. Fernández" <ernesto.mnd.fernandez@gmail.com>

[ Upstream commit a7ec7a4193a2eb3b5341243fc0b621c1ac9e4ec4 ]

An HFS+ filesystem can be mounted read-only without having a metadata
directory, which is needed to support hardlinks.  But if the catalog
data is corrupted, a directory lookup may still find dentries claiming
to be hardlinks.

hfsplus_lookup() does check that ->hidden_dir is not NULL in such a
situation, but mistakenly does so after dereferencing it for the first
time.  Reorder this check to prevent a crash.

This happens when looking up corrupted catalog data (dentry) on a
filesystem with no metadata directory (this could only ever happen on a
read-only mount).  Wen Xu sent the replication steps in detail to the
fsdevel list: https://bugzilla.kernel.org/show_bug.cgi?id=200297

Link: http://lkml.kernel.org/r/20180712215344.q44dyrhymm4ajkao@eaf
Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
Reported-by: Wen Xu <wen.xu@gatech.edu>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/hfsplus/dir.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/fs/hfsplus/dir.c
+++ b/fs/hfsplus/dir.c
@@ -78,13 +78,13 @@ again:
 				cpu_to_be32(HFSP_HARDLINK_TYPE) &&
 				entry.file.user_info.fdCreator ==
 				cpu_to_be32(HFSP_HFSPLUS_CREATOR) &&
+				HFSPLUS_SB(sb)->hidden_dir &&
 				(entry.file.create_date ==
 					HFSPLUS_I(HFSPLUS_SB(sb)->hidden_dir)->
 						create_date ||
 				entry.file.create_date ==
 					HFSPLUS_I(d_inode(sb->s_root))->
-						create_date) &&
-				HFSPLUS_SB(sb)->hidden_dir) {
+						create_date)) {
 			struct qstr str;
 			char name[32];
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 046/197] iommu/rockchip: Move irq request past pm_runtime_enable
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (44 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 045/197] hfsplus: fix NULL dereference in hfsplus_lookup() Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 047/197] fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries Greg Kroah-Hartman
                   ` (152 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Heiko Stuebner, Marc Zyngier,
	Olof Johansson, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marc Zyngier <marc.zyngier@arm.com>

[ Upstream commit 1aa55ca9b14af6cfd987ce4fdaf548f7067a5d07 ]

Enabling the interrupt early, before power has been applied to the
device, can result in an interrupt being delivered too early if:

- the IOMMU shares an interrupt with a VOP
- the VOP has a pending interrupt (after a kexec, for example)

In these conditions, we end-up taking the interrupt without
the IOMMU being ready to handle the interrupt (not powered on).

Moving the interrupt request past the pm_runtime_enable() call
makes sure we can at least access the IOMMU registers. Note that
this is only a partial fix, and that the VOP interrupt will still
be screaming until the VOP driver kicks in, which advocates for
a more synchronized interrupt enabling/disabling approach.

Fixes: 0f181d3cf7d98 ("iommu/rockchip: Add runtime PM support")
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/iommu/rockchip-iommu.c |   24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

--- a/drivers/iommu/rockchip-iommu.c
+++ b/drivers/iommu/rockchip-iommu.c
@@ -1161,17 +1161,6 @@ static int rk_iommu_probe(struct platfor
 	if (iommu->num_mmu == 0)
 		return PTR_ERR(iommu->bases[0]);
 
-	i = 0;
-	while ((irq = platform_get_irq(pdev, i++)) != -ENXIO) {
-		if (irq < 0)
-			return irq;
-
-		err = devm_request_irq(iommu->dev, irq, rk_iommu_irq,
-				       IRQF_SHARED, dev_name(dev), iommu);
-		if (err)
-			return err;
-	}
-
 	iommu->reset_disabled = device_property_read_bool(dev,
 					"rockchip,disable-mmu-reset");
 
@@ -1228,6 +1217,19 @@ static int rk_iommu_probe(struct platfor
 
 	pm_runtime_enable(dev);
 
+	i = 0;
+	while ((irq = platform_get_irq(pdev, i++)) != -ENXIO) {
+		if (irq < 0)
+			return irq;
+
+		err = devm_request_irq(iommu->dev, irq, rk_iommu_irq,
+				       IRQF_SHARED, dev_name(dev), iommu);
+		if (err) {
+			pm_runtime_disable(dev);
+			goto err_remove_sysfs;
+		}
+	}
+
 	return 0;
 err_remove_sysfs:
 	iommu_device_sysfs_remove(&iommu->iommu);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 047/197] fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (45 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 046/197] iommu/rockchip: Move irq request past pm_runtime_enable Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 048/197] fat: validate ->i_start before using Greg Kroah-Hartman
                   ` (151 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Morse, Alexey Dobriyan,
	Omar Sandoval, Andrew Morton, Linus Torvalds, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: James Morse <james.morse@arm.com>

[ Upstream commit df865e8337c397471b95f51017fea559bc8abb4a ]

elf_kcore_store_hdr() uses __pa() to find the physical address of
KCORE_RAM or KCORE_TEXT entries exported as program headers.

This trips CONFIG_DEBUG_VIRTUAL's checks, as the KCORE_TEXT entries are
not in the linear map.

Handle these two cases separately, using __pa_symbol() for the KCORE_TEXT
entries.

Link: http://lkml.kernel.org/r/20180711131944.15252-1-james.morse@arm.com
Signed-off-by: James Morse <james.morse@arm.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Omar Sandoval <osandov@fb.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/proc/kcore.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -384,8 +384,10 @@ static void elf_kcore_store_hdr(char *bu
 		phdr->p_flags	= PF_R|PF_W|PF_X;
 		phdr->p_offset	= kc_vaddr_to_offset(m->addr) + dataoff;
 		phdr->p_vaddr	= (size_t)m->addr;
-		if (m->type == KCORE_RAM || m->type == KCORE_TEXT)
+		if (m->type == KCORE_RAM)
 			phdr->p_paddr	= __pa(m->addr);
+		else if (m->type == KCORE_TEXT)
+			phdr->p_paddr	= __pa_symbol(m->addr);
 		else
 			phdr->p_paddr	= (elf_addr_t)-1;
 		phdr->p_filesz	= phdr->p_memsz	= m->size;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 048/197] fat: validate ->i_start before using
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (46 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 047/197] fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 049/197] workqueue: skip lockdep wq dependency in cancel_work_sync() Greg Kroah-Hartman
                   ` (150 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, OGAWA Hirofumi, Anatoly Trosinenko,
	Alan Cox, Al Viro, Andrew Morton, Linus Torvalds, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>

[ Upstream commit 0afa9626667c3659ef8bd82d42a11e39fedf235c ]

On corrupted FATfs may have invalid ->i_start.  To handle it, this checks
->i_start before using, and return proper error code.

Link: http://lkml.kernel.org/r/87o9f8y1t5.fsf_-_@mail.parknet.co.jp
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Tested-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Cc: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/fat/cache.c  |   19 ++++++++++++-------
 fs/fat/fat.h    |    5 +++++
 fs/fat/fatent.c |    6 +++---
 3 files changed, 20 insertions(+), 10 deletions(-)

--- a/fs/fat/cache.c
+++ b/fs/fat/cache.c
@@ -225,7 +225,8 @@ static inline void cache_init(struct fat
 int fat_get_cluster(struct inode *inode, int cluster, int *fclus, int *dclus)
 {
 	struct super_block *sb = inode->i_sb;
-	const int limit = sb->s_maxbytes >> MSDOS_SB(sb)->cluster_bits;
+	struct msdos_sb_info *sbi = MSDOS_SB(sb);
+	const int limit = sb->s_maxbytes >> sbi->cluster_bits;
 	struct fat_entry fatent;
 	struct fat_cache_id cid;
 	int nr;
@@ -234,6 +235,12 @@ int fat_get_cluster(struct inode *inode,
 
 	*fclus = 0;
 	*dclus = MSDOS_I(inode)->i_start;
+	if (!fat_valid_entry(sbi, *dclus)) {
+		fat_fs_error_ratelimit(sb,
+			"%s: invalid start cluster (i_pos %lld, start %08x)",
+			__func__, MSDOS_I(inode)->i_pos, *dclus);
+		return -EIO;
+	}
 	if (cluster == 0)
 		return 0;
 
@@ -250,9 +257,8 @@ int fat_get_cluster(struct inode *inode,
 		/* prevent the infinite loop of cluster chain */
 		if (*fclus > limit) {
 			fat_fs_error_ratelimit(sb,
-					"%s: detected the cluster chain loop"
-					" (i_pos %lld)", __func__,
-					MSDOS_I(inode)->i_pos);
+				"%s: detected the cluster chain loop (i_pos %lld)",
+				__func__, MSDOS_I(inode)->i_pos);
 			nr = -EIO;
 			goto out;
 		}
@@ -262,9 +268,8 @@ int fat_get_cluster(struct inode *inode,
 			goto out;
 		else if (nr == FAT_ENT_FREE) {
 			fat_fs_error_ratelimit(sb,
-				       "%s: invalid cluster chain (i_pos %lld)",
-				       __func__,
-				       MSDOS_I(inode)->i_pos);
+				"%s: invalid cluster chain (i_pos %lld)",
+				__func__, MSDOS_I(inode)->i_pos);
 			nr = -EIO;
 			goto out;
 		} else if (nr == FAT_ENT_EOF) {
--- a/fs/fat/fat.h
+++ b/fs/fat/fat.h
@@ -348,6 +348,11 @@ static inline void fatent_brelse(struct
 	fatent->fat_inode = NULL;
 }
 
+static inline bool fat_valid_entry(struct msdos_sb_info *sbi, int entry)
+{
+	return FAT_START_ENT <= entry && entry < sbi->max_cluster;
+}
+
 extern void fat_ent_access_init(struct super_block *sb);
 extern int fat_ent_read(struct inode *inode, struct fat_entry *fatent,
 			int entry);
--- a/fs/fat/fatent.c
+++ b/fs/fat/fatent.c
@@ -23,7 +23,7 @@ static void fat12_ent_blocknr(struct sup
 {
 	struct msdos_sb_info *sbi = MSDOS_SB(sb);
 	int bytes = entry + (entry >> 1);
-	WARN_ON(entry < FAT_START_ENT || sbi->max_cluster <= entry);
+	WARN_ON(!fat_valid_entry(sbi, entry));
 	*offset = bytes & (sb->s_blocksize - 1);
 	*blocknr = sbi->fat_start + (bytes >> sb->s_blocksize_bits);
 }
@@ -33,7 +33,7 @@ static void fat_ent_blocknr(struct super
 {
 	struct msdos_sb_info *sbi = MSDOS_SB(sb);
 	int bytes = (entry << sbi->fatent_shift);
-	WARN_ON(entry < FAT_START_ENT || sbi->max_cluster <= entry);
+	WARN_ON(!fat_valid_entry(sbi, entry));
 	*offset = bytes & (sb->s_blocksize - 1);
 	*blocknr = sbi->fat_start + (bytes >> sb->s_blocksize_bits);
 }
@@ -353,7 +353,7 @@ int fat_ent_read(struct inode *inode, st
 	int err, offset;
 	sector_t blocknr;
 
-	if (entry < FAT_START_ENT || sbi->max_cluster <= entry) {
+	if (!fat_valid_entry(sbi, entry)) {
 		fatent_brelse(fatent);
 		fat_fs_error(sb, "invalid access to FAT (entry 0x%08x)", entry);
 		return -EIO;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 049/197] workqueue: skip lockdep wq dependency in cancel_work_sync()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (47 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 048/197] fat: validate ->i_start before using Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:29 ` [PATCH 4.18 050/197] workqueue: re-add lockdep dependencies for flushing Greg Kroah-Hartman
                   ` (149 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Johannes Berg, Tejun Heo, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Johannes Berg <johannes.berg@intel.com>

[ Upstream commit d6e89786bed977f37f55ffca11e563f6d2b1e3b5 ]

In cancel_work_sync(), we can only have one of two cases, even
with an ordered workqueue:
 * the work isn't running, just cancelled before it started
 * the work is running, but then nothing else can be on the
   workqueue before it

Thus, we need to skip the lockdep workqueue dependency handling,
otherwise we get false positive reports from lockdep saying that
we have a potential deadlock when the workqueue also has other
work items with locking, e.g.

  work1_function() { mutex_lock(&mutex); ... }
  work2_function() { /* nothing */ }

  other_function() {
    queue_work(ordered_wq, &work1);
    queue_work(ordered_wq, &work2);
    mutex_lock(&mutex);
    cancel_work_sync(&work2);
  }

As described above, this isn't a problem, but lockdep will
currently flag it as if cancel_work_sync() was flush_work(),
which *is* a problem.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/workqueue.c |   37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -2843,7 +2843,8 @@ reflush:
 }
 EXPORT_SYMBOL_GPL(drain_workqueue);
 
-static bool start_flush_work(struct work_struct *work, struct wq_barrier *barr)
+static bool start_flush_work(struct work_struct *work, struct wq_barrier *barr,
+			     bool from_cancel)
 {
 	struct worker *worker = NULL;
 	struct worker_pool *pool;
@@ -2885,7 +2886,8 @@ static bool start_flush_work(struct work
 	 * workqueues the deadlock happens when the rescuer stalls, blocking
 	 * forward progress.
 	 */
-	if (pwq->wq->saved_max_active == 1 || pwq->wq->rescuer) {
+	if (!from_cancel &&
+	    (pwq->wq->saved_max_active == 1 || pwq->wq->rescuer)) {
 		lock_map_acquire(&pwq->wq->lockdep_map);
 		lock_map_release(&pwq->wq->lockdep_map);
 	}
@@ -2896,6 +2898,22 @@ already_gone:
 	return false;
 }
 
+static bool __flush_work(struct work_struct *work, bool from_cancel)
+{
+	struct wq_barrier barr;
+
+	if (WARN_ON(!wq_online))
+		return false;
+
+	if (start_flush_work(work, &barr, from_cancel)) {
+		wait_for_completion(&barr.done);
+		destroy_work_on_stack(&barr.work);
+		return true;
+	} else {
+		return false;
+	}
+}
+
 /**
  * flush_work - wait for a work to finish executing the last queueing instance
  * @work: the work to flush
@@ -2909,18 +2927,7 @@ already_gone:
  */
 bool flush_work(struct work_struct *work)
 {
-	struct wq_barrier barr;
-
-	if (WARN_ON(!wq_online))
-		return false;
-
-	if (start_flush_work(work, &barr)) {
-		wait_for_completion(&barr.done);
-		destroy_work_on_stack(&barr.work);
-		return true;
-	} else {
-		return false;
-	}
+	return __flush_work(work, false);
 }
 EXPORT_SYMBOL_GPL(flush_work);
 
@@ -2986,7 +2993,7 @@ static bool __cancel_work_timer(struct w
 	 * isn't executing.
 	 */
 	if (wq_online)
-		flush_work(work);
+		__flush_work(work, true);
 
 	clear_work_data(work);
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 050/197] workqueue: re-add lockdep dependencies for flushing
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (48 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 049/197] workqueue: skip lockdep wq dependency in cancel_work_sync() Greg Kroah-Hartman
@ 2018-09-13 13:29 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 051/197] scripts: modpost: check memory allocation results Greg Kroah-Hartman
                   ` (148 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:29 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Johannes Berg, Tejun Heo, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Johannes Berg <johannes.berg@intel.com>

[ Upstream commit 87915adc3f0acdf03c776df42e308e5a155c19af ]

In flush_work(), we need to create a lockdep dependency so that
the following scenario is appropriately tagged as a problem:

  work_function()
  {
    mutex_lock(&mutex);
    ...
  }

  other_function()
  {
    mutex_lock(&mutex);
    flush_work(&work); // or cancel_work_sync(&work);
  }

This is a problem since the work might be running and be blocked
on trying to acquire the mutex.

Similarly, in flush_workqueue().

These were removed after cross-release partially caught these
problems, but now cross-release was reverted anyway. IMHO the
removal was erroneous anyway though, since lockdep should be
able to catch potential problems, not just actual ones, and
cross-release would only have caught the problem when actually
invoking wait_for_completion().

Fixes: fd1a5b04dfb8 ("workqueue: Remove now redundant lock acquisitions wrt. workqueue flushes")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/workqueue.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -2652,6 +2652,9 @@ void flush_workqueue(struct workqueue_st
 	if (WARN_ON(!wq_online))
 		return;
 
+	lock_map_acquire(&wq->lockdep_map);
+	lock_map_release(&wq->lockdep_map);
+
 	mutex_lock(&wq->mutex);
 
 	/*
@@ -2905,6 +2908,11 @@ static bool __flush_work(struct work_str
 	if (WARN_ON(!wq_online))
 		return false;
 
+	if (!from_cancel) {
+		lock_map_acquire(&work->lockdep_map);
+		lock_map_release(&work->lockdep_map);
+	}
+
 	if (start_flush_work(work, &barr, from_cancel)) {
 		wait_for_completion(&barr.done);
 		destroy_work_on_stack(&barr.work);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 051/197] scripts: modpost: check memory allocation results
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (49 preceding siblings ...)
  2018-09-13 13:29 ` [PATCH 4.18 050/197] workqueue: re-add lockdep dependencies for flushing Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 052/197] apparmor: fix an error code in __aa_create_ns() Greg Kroah-Hartman
                   ` (147 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Yuexing Wang,
	Masahiro Yamada, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Randy Dunlap <rdunlap@infradead.org>

[ Upstream commit 1f3aa9002dc6a0d59a4b599b4fc8f01cf43ef014 ]

Fix missing error check for memory allocation functions in
scripts/mod/modpost.c.

Fixes kernel bugzilla #200319:
https://bugzilla.kernel.org/show_bug.cgi?id=200319

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Yuexing Wang <wangyxlandq@gmail.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 scripts/mod/modpost.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -672,7 +672,7 @@ static void handle_modversions(struct mo
 			if (ELF_ST_TYPE(sym->st_info) == STT_SPARC_REGISTER)
 				break;
 			if (symname[0] == '.') {
-				char *munged = strdup(symname);
+				char *munged = NOFAIL(strdup(symname));
 				munged[0] = '_';
 				munged[1] = toupper(munged[1]);
 				symname = munged;
@@ -1318,7 +1318,7 @@ static Elf_Sym *find_elf_symbol2(struct
 static char *sec2annotation(const char *s)
 {
 	if (match(s, init_exit_sections)) {
-		char *p = malloc(20);
+		char *p = NOFAIL(malloc(20));
 		char *r = p;
 
 		*p++ = '_';
@@ -1338,7 +1338,7 @@ static char *sec2annotation(const char *
 			strcat(p, " ");
 		return r;
 	} else {
-		return strdup("");
+		return NOFAIL(strdup(""));
 	}
 }
 
@@ -2036,7 +2036,7 @@ void buf_write(struct buffer *buf, const
 {
 	if (buf->size - buf->pos < len) {
 		buf->size += len + SZ;
-		buf->p = realloc(buf->p, buf->size);
+		buf->p = NOFAIL(realloc(buf->p, buf->size));
 	}
 	strncpy(buf->p + buf->pos, s, len);
 	buf->pos += len;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 052/197] apparmor: fix an error code in __aa_create_ns()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (50 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 051/197] scripts: modpost: check memory allocation results Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 053/197] virtio: pci-legacy: Validate queue pfn Greg Kroah-Hartman
                   ` (146 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dan Carpenter, John Johansen, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dan Carpenter <dan.carpenter@oracle.com>

[ Upstream commit 0a6b29230ec336189bab32498df3f06c8a6944d8 ]

We should return error pointers in this function.  Returning NULL
results in a NULL dereference in the caller.

Fixes: 73688d1ed0b8 ("apparmor: refactor prepare_ns() and make usable from different views")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 security/apparmor/policy_ns.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/security/apparmor/policy_ns.c
+++ b/security/apparmor/policy_ns.c
@@ -255,7 +255,7 @@ static struct aa_ns *__aa_create_ns(stru
 
 	ns = alloc_ns(parent->base.hname, name);
 	if (!ns)
-		return NULL;
+		return ERR_PTR(-ENOMEM);
 	ns->level = parent->level + 1;
 	mutex_lock_nested(&ns->lock, ns->level);
 	error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name, dir);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 053/197] virtio: pci-legacy: Validate queue pfn
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (51 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 052/197] apparmor: fix an error code in __aa_create_ns() Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 054/197] x86/mce: Add notifier_block forward declaration Greg Kroah-Hartman
                   ` (145 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Michael S. Tsirkin, Jason Wang,
	Marc Zyngier, Christoffer Dall, Peter Maydel,
	Jean-Philippe Brucker, Suzuki K Poulose, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Suzuki K Poulose <suzuki.poulose@arm.com>

[ Upstream commit 69599206ea9a3f8f2e94d46580579cbf9d08ad6c ]

Legacy PCI over virtio uses a 32bit PFN for the queue. If the
queue pfn is too large to fit in 32bits, which we could hit on
arm64 systems with 52bit physical addresses (even with 64K page
size), we simply miss out a proper link to the other side of
the queue.

Add a check to validate the PFN, rather than silently breaking
the devices.

Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Christoffer Dall <cdall@kernel.org>
Cc: Peter Maydel <peter.maydell@linaro.org>
Cc: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/virtio/virtio_pci_legacy.c |   14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

--- a/drivers/virtio/virtio_pci_legacy.c
+++ b/drivers/virtio/virtio_pci_legacy.c
@@ -122,6 +122,7 @@ static struct virtqueue *setup_vq(struct
 	struct virtqueue *vq;
 	u16 num;
 	int err;
+	u64 q_pfn;
 
 	/* Select the queue we're interested in */
 	iowrite16(index, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_SEL);
@@ -141,9 +142,17 @@ static struct virtqueue *setup_vq(struct
 	if (!vq)
 		return ERR_PTR(-ENOMEM);
 
+	q_pfn = virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT;
+	if (q_pfn >> 32) {
+		dev_err(&vp_dev->pci_dev->dev,
+			"platform bug: legacy virtio-mmio must not be used with RAM above 0x%llxGB\n",
+			0x1ULL << (32 + PAGE_SHIFT - 30));
+		err = -E2BIG;
+		goto out_del_vq;
+	}
+
 	/* activate the queue */
-	iowrite32(virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT,
-		  vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN);
+	iowrite32(q_pfn, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN);
 
 	vq->priv = (void __force *)vp_dev->ioaddr + VIRTIO_PCI_QUEUE_NOTIFY;
 
@@ -160,6 +169,7 @@ static struct virtqueue *setup_vq(struct
 
 out_deactivate:
 	iowrite32(0, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN);
+out_del_vq:
 	vring_del_virtqueue(vq);
 	return ERR_PTR(err);
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 054/197] x86/mce: Add notifier_block forward declaration
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (52 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 053/197] virtio: pci-legacy: Validate queue pfn Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 055/197] i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value Greg Kroah-Hartman
                   ` (144 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Thomas Gleixner,
	Nicolai Stange, H. Peter Anvin, Borislav Petkov, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit 704ae091b061082b37a9968621af4c290c641d50 ]

Without linux/irq.h, there is no declaration of notifier_block, leading to
a build warning:

In file included from arch/x86/kernel/cpu/mcheck/threshold.c:10:
arch/x86/include/asm/mce.h:151:46: error: 'struct notifier_block' declared inside parameter list will not be visible outside of this definition or declaration [-Werror]

It's sufficient to declare the struct tag here, which avoids pulling in
more header files.

Fixes: 447ae3166702 ("x86: Don't include linux/irq.h from asm/hardirq.h")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Nicolai Stange <nstange@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20180817100156.3009043-1-arnd@arndb.de
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/include/asm/mce.h |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/x86/include/asm/mce.h
+++ b/arch/x86/include/asm/mce.h
@@ -148,6 +148,7 @@ enum mce_notifier_prios {
 	MCE_PRIO_LOWEST		= 0,
 };
 
+struct notifier_block;
 extern void mce_register_decode_chain(struct notifier_block *nb);
 extern void mce_unregister_decode_chain(struct notifier_block *nb);
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 055/197] i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (53 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 054/197] x86/mce: Add notifier_block forward declaration Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 056/197] IB/hfi1: Invalid NUMA node information can cause a divide by zero Greg Kroah-Hartman
                   ` (143 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hans de Goede, Mika Westerberg,
	Wolfram Sang, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hans de Goede <hdegoede@redhat.com>

[ Upstream commit 0a30446c0dca3483c384b54a431cc951e15f7e79 ]

Currently acpi_gsb_i2c_read_bytes() directly returns i2c_transfer's return
value. i2c_transfer returns a value < 0 on error and 2 (for 2 successfully
executed transfers) on success. But the ACPI code expects 0 on success, so
currently acpi_gsb_i2c_read_bytes()'s caller does:

        if (status > 0)
                status = 0;

This commit makes acpi_gsb_i2c_read_bytes() return a value which can be
directly consumed by the ACPI code, mirroring acpi_gsb_i2c_write_bytes(),
this commit also makes acpi_gsb_i2c_read_bytes() explitcly check that
i2c_transfer returns 2, rather then accepting any value > 0.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/i2c/i2c-core-acpi.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

--- a/drivers/i2c/i2c-core-acpi.c
+++ b/drivers/i2c/i2c-core-acpi.c
@@ -453,8 +453,12 @@ static int acpi_gsb_i2c_read_bytes(struc
 		else
 			dev_err(&client->adapter->dev, "i2c read %d bytes from client@%#x starting at reg %#x failed, error: %d\n",
 				data_len, client->addr, cmd, ret);
-	} else {
+	/* 2 transfers must have completed successfully */
+	} else if (ret == 2) {
 		memcpy(data, buffer, data_len);
+		ret = 0;
+	} else {
+		ret = -EIO;
 	}
 
 	kfree(buffer);
@@ -595,8 +599,6 @@ i2c_acpi_space_handler(u32 function, acp
 		if (action == ACPI_READ) {
 			status = acpi_gsb_i2c_read_bytes(client, command,
 					gsb->data, info->access_length);
-			if (status > 0)
-				status = 0;
 		} else {
 			status = acpi_gsb_i2c_write_bytes(client, command,
 					gsb->data, info->access_length);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 056/197] IB/hfi1: Invalid NUMA node information can cause a divide by zero
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (54 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 055/197] i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 057/197] pwm: meson: Fix mux clock names Greg Kroah-Hartman
                   ` (142 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Gary Leshner, Mike Marciniszyn,
	Michael J. Ruhl, Dennis Dalessandro, Jason Gunthorpe,
	Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: "Michael J. Ruhl" <michael.j.ruhl@intel.com>

[ Upstream commit c513de490f808d8480346f9a58e6a4a5f3de12e7 ]

If the system BIOS does not supply NUMA node information to the
PCI devices, the NUMA node is selected by choosing the current
node.

This can lead to the following crash:

divide error: 0000 SMP
CPU: 0 PID: 4 Comm: kworker/0:0 Tainted: G          IOE
------------   3.10.0-693.21.1.el7.x86_64 #1
Hardware name: Intel Corporation S2600KP/S2600KP, BIOS
SE5C610.86B.01.01.0005.101720141054 10/17/2014
Workqueue: events work_for_cpu_fn
task: ffff880174480fd0 ti: ffff880174488000 task.ti: ffff880174488000
RIP: 0010: [<ffffffffc020ac69>] hfi1_dev_affinity_init+0x129/0x6a0 [hfi1]
RSP: 0018:ffff88017448bbf8  EFLAGS: 00010246
RAX: 0000000000000011 RBX: ffff88107ffba6c0 RCX: ffff88085c22e130
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880824ad0000
RBP: ffff88017448bc48 R08: 0000000000000011 R09: 0000000000000002
R10: ffff8808582b6ca0 R11: 0000000000003151 R12: ffff8808582b6ca0
R13: ffff8808582b6518 R14: ffff8808582b6010 R15: 0000000000000012
FS:  0000000000000000(0000) GS:ffff88085ec00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efc707404f0 CR3: 0000000001a02000 CR4: 00000000001607f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 hfi1_init_dd+0x14b3/0x27a0 [hfi1]
 ? pcie_capability_write_word+0x46/0x70
 ? hfi1_pcie_init+0xc0/0x200 [hfi1]
 do_init_one+0x153/0x4c0 [hfi1]
 ? sched_clock_cpu+0x85/0xc0
 init_one+0x1b5/0x260 [hfi1]
 local_pci_probe+0x4a/0xb0
 work_for_cpu_fn+0x1a/0x30
 process_one_work+0x17f/0x440
 worker_thread+0x278/0x3c0
 ? manage_workers.isra.24+0x2a0/0x2a0
 kthread+0xd1/0xe0
 ? insert_kthread_work+0x40/0x40
 ret_from_fork+0x77/0xb0
 ? insert_kthread_work+0x40/0x40

If the BIOS is not supplying NUMA information:
  - set the default table count to 1 for all possible nodes
  - select node 0 (instead of current NUMA) node to get consistent
    performance
  - generate an error indicating that the BIOS should be upgraded

Reviewed-by: Gary Leshner <gary.s.leshner@intel.com>
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>

Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>

Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/infiniband/hw/hfi1/affinity.c |   24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

--- a/drivers/infiniband/hw/hfi1/affinity.c
+++ b/drivers/infiniband/hw/hfi1/affinity.c
@@ -198,7 +198,7 @@ int node_affinity_init(void)
 		while ((dev = pci_get_device(ids->vendor, ids->device, dev))) {
 			node = pcibus_to_node(dev->bus);
 			if (node < 0)
-				node = numa_node_id();
+				goto out;
 
 			hfi1_per_node_cntr[node]++;
 		}
@@ -206,6 +206,18 @@ int node_affinity_init(void)
 	}
 
 	return 0;
+
+out:
+	/*
+	 * Invalid PCI NUMA node information found, note it, and populate
+	 * our database 1:1.
+	 */
+	pr_err("HFI: Invalid PCI NUMA node. Performance may be affected\n");
+	pr_err("HFI: System BIOS may need to be upgraded\n");
+	for (node = 0; node < node_affinity.num_possible_nodes; node++)
+		hfi1_per_node_cntr[node] = 1;
+
+	return 0;
 }
 
 static void node_affinity_destroy(struct hfi1_affinity_node *entry)
@@ -622,8 +634,14 @@ int hfi1_dev_affinity_init(struct hfi1_d
 	int curr_cpu, possible, i, ret;
 	bool new_entry = false;
 
-	if (node < 0)
-		node = numa_node_id();
+	/*
+	 * If the BIOS does not have the NUMA node information set, select
+	 * NUMA 0 so we get consistent performance.
+	 */
+	if (node < 0) {
+		dd_dev_err(dd, "Invalid PCI NUMA node. Performance may be affected\n");
+		node = 0;
+	}
 	dd->node = node;
 
 	local_mask = cpumask_of_node(dd->node);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 057/197] pwm: meson: Fix mux clock names
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (55 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 056/197] IB/hfi1: Invalid NUMA node information can cause a divide by zero Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 058/197] powerpc/topology: Get topology for shared processors at boot Greg Kroah-Hartman
                   ` (141 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jerome Brunet, Neil Armstrong,
	Thierry Reding, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jerome Brunet <jbrunet@baylibre.com>

[ Upstream commit b96e9eb62841c519ba1db32d036628be3cdef91f ]

Current clock name looks like this:
/soc/bus@ffd00000/pwm@1b000#mux0

This is bad because CCF uses the clock to create a directory in clk debugfs.
With such name, the directory creation (silently) fails and the debugfs
entry end up being created at the debugfs root.

With this change, the clock name will now be:
ffd1b000.pwm#mux0

This matches the clock naming scheme used in the ethernet and mmc driver.
It also fixes the problem with debugfs.

Fixes: 36af66a79056 ("pwm: Convert to using %pOF instead of full_name")
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pwm/pwm-meson.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/pwm/pwm-meson.c
+++ b/drivers/pwm/pwm-meson.c
@@ -458,7 +458,6 @@ static int meson_pwm_init_channels(struc
 				   struct meson_pwm_channel *channels)
 {
 	struct device *dev = meson->chip.dev;
-	struct device_node *np = dev->of_node;
 	struct clk_init_data init;
 	unsigned int i;
 	char name[255];
@@ -467,7 +466,7 @@ static int meson_pwm_init_channels(struc
 	for (i = 0; i < meson->chip.npwm; i++) {
 		struct meson_pwm_channel *channel = &channels[i];
 
-		snprintf(name, sizeof(name), "%pOF#mux%u", np, i);
+		snprintf(name, sizeof(name), "%s#mux%u", dev_name(dev), i);
 
 		init.name = name;
 		init.ops = &clk_mux_ops;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 058/197] powerpc/topology: Get topology for shared processors at boot
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (56 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 057/197] pwm: meson: Fix mux clock names Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 059/197] mm/fadvise.c: fix signed overflow UBSAN complaint Greg Kroah-Hartman
                   ` (140 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Manjunatha H R, Srikar Dronamraju,
	Michael Ellerman, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Srikar Dronamraju <srikar@linux.vnet.ibm.com>

[ Upstream commit 2ea62630681027c455117aa471ea3ab8bb099ead ]

On a shared LPAR, Phyp will not update the CPU associativity at boot
time. Just after the boot system does recognize itself as a shared
LPAR and trigger a request for correct CPU associativity. But by then
the scheduler would have already created/destroyed its sched domains.

This causes
  - Broken load balance across Nodes causing islands of cores.
  - Performance degradation esp if the system is lightly loaded
  - dmesg to wrongly report all CPUs to be in Node 0.
  - Messages in dmesg saying borken topology.
  - With commit 051f3ca02e46 ("sched/topology: Introduce NUMA identity
    node sched domain"), can cause rcu stalls at boot up.

The sched_domains_numa_masks table which is used to generate cpumasks
is only created at boot time just before creating sched domains and
never updated. Hence, its better to get the topology correct before
the sched domains are created.

For example on 64 core Power 8 shared LPAR, dmesg reports

  Brought up 512 CPUs
  Node 0 CPUs: 0-511
  Node 1 CPUs:
  Node 2 CPUs:
  Node 3 CPUs:
  Node 4 CPUs:
  Node 5 CPUs:
  Node 6 CPUs:
  Node 7 CPUs:
  Node 8 CPUs:
  Node 9 CPUs:
  Node 10 CPUs:
  Node 11 CPUs:
  ...
  BUG: arch topology borken
       the DIE domain not a subset of the NUMA domain
  BUG: arch topology borken
       the DIE domain not a subset of the NUMA domain

numactl/lscpu output will still be correct with cores spreading across
all nodes:

  Socket(s):             64
  NUMA node(s):          12
  Model:                 2.0 (pvr 004d 0200)
  Model name:            POWER8 (architected), altivec supported
  Hypervisor vendor:     pHyp
  Virtualization type:   para
  L1d cache:             64K
  L1i cache:             32K
  NUMA node0 CPU(s): 0-7,32-39,64-71,96-103,176-183,272-279,368-375,464-471
  NUMA node1 CPU(s): 8-15,40-47,72-79,104-111,184-191,280-287,376-383,472-479
  NUMA node2 CPU(s): 16-23,48-55,80-87,112-119,192-199,288-295,384-391,480-487
  NUMA node3 CPU(s): 24-31,56-63,88-95,120-127,200-207,296-303,392-399,488-495
  NUMA node4 CPU(s):     208-215,304-311,400-407,496-503
  NUMA node5 CPU(s):     168-175,264-271,360-367,456-463
  NUMA node6 CPU(s):     128-135,224-231,320-327,416-423
  NUMA node7 CPU(s):     136-143,232-239,328-335,424-431
  NUMA node8 CPU(s):     216-223,312-319,408-415,504-511
  NUMA node9 CPU(s):     144-151,240-247,336-343,432-439
  NUMA node10 CPU(s):    152-159,248-255,344-351,440-447
  NUMA node11 CPU(s):    160-167,256-263,352-359,448-455

Currently on this LPAR, the scheduler detects 2 levels of Numa and
created numa sched domains for all CPUs, but it finds a single DIE
domain consisting of all CPUs. Hence it deletes all numa sched
domains.

To address this, detect the shared processor and update topology soon
after CPUs are setup so that correct topology is updated just before
scheduler creates sched domain.

With the fix, dmesg reports:

  numa: Node 0 CPUs: 0-7 32-39 64-71 96-103 176-183 272-279 368-375 464-471
  numa: Node 1 CPUs: 8-15 40-47 72-79 104-111 184-191 280-287 376-383 472-479
  numa: Node 2 CPUs: 16-23 48-55 80-87 112-119 192-199 288-295 384-391 480-487
  numa: Node 3 CPUs: 24-31 56-63 88-95 120-127 200-207 296-303 392-399 488-495
  numa: Node 4 CPUs: 208-215 304-311 400-407 496-503
  numa: Node 5 CPUs: 168-175 264-271 360-367 456-463
  numa: Node 6 CPUs: 128-135 224-231 320-327 416-423
  numa: Node 7 CPUs: 136-143 232-239 328-335 424-431
  numa: Node 8 CPUs: 216-223 312-319 408-415 504-511
  numa: Node 9 CPUs: 144-151 240-247 336-343 432-439
  numa: Node 10 CPUs: 152-159 248-255 344-351 440-447
  numa: Node 11 CPUs: 160-167 256-263 352-359 448-455

and lscpu also reports:

  Socket(s):             64
  NUMA node(s):          12
  Model:                 2.0 (pvr 004d 0200)
  Model name:            POWER8 (architected), altivec supported
  Hypervisor vendor:     pHyp
  Virtualization type:   para
  L1d cache:             64K
  L1i cache:             32K
  NUMA node0 CPU(s): 0-7,32-39,64-71,96-103,176-183,272-279,368-375,464-471
  NUMA node1 CPU(s): 8-15,40-47,72-79,104-111,184-191,280-287,376-383,472-479
  NUMA node2 CPU(s): 16-23,48-55,80-87,112-119,192-199,288-295,384-391,480-487
  NUMA node3 CPU(s): 24-31,56-63,88-95,120-127,200-207,296-303,392-399,488-495
  NUMA node4 CPU(s):     208-215,304-311,400-407,496-503
  NUMA node5 CPU(s):     168-175,264-271,360-367,456-463
  NUMA node6 CPU(s):     128-135,224-231,320-327,416-423
  NUMA node7 CPU(s):     136-143,232-239,328-335,424-431
  NUMA node8 CPU(s):     216-223,312-319,408-415,504-511
  NUMA node9 CPU(s):     144-151,240-247,336-343,432-439
  NUMA node10 CPU(s):    152-159,248-255,344-351,440-447
  NUMA node11 CPU(s):    160-167,256-263,352-359,448-455

Reported-by: Manjunatha H R <manjuhr1@in.ibm.com>
Signed-off-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
[mpe: Trim / format change log]
Tested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/include/asm/topology.h |    5 +++++
 arch/powerpc/kernel/smp.c           |    5 +++++
 arch/powerpc/mm/numa.c              |   20 ++++++++++----------
 3 files changed, 20 insertions(+), 10 deletions(-)

--- a/arch/powerpc/include/asm/topology.h
+++ b/arch/powerpc/include/asm/topology.h
@@ -92,6 +92,7 @@ extern int stop_topology_update(void);
 extern int prrn_is_enabled(void);
 extern int find_and_online_cpu_nid(int cpu);
 extern int timed_topology_update(int nsecs);
+extern void __init shared_proc_topology_init(void);
 #else
 static inline int start_topology_update(void)
 {
@@ -113,6 +114,10 @@ static inline int timed_topology_update(
 {
 	return 0;
 }
+
+#ifdef CONFIG_SMP
+static inline void shared_proc_topology_init(void) {}
+#endif
 #endif /* CONFIG_NUMA && CONFIG_PPC_SPLPAR */
 
 #include <asm-generic/topology.h>
--- a/arch/powerpc/kernel/smp.c
+++ b/arch/powerpc/kernel/smp.c
@@ -1156,6 +1156,11 @@ void __init smp_cpus_done(unsigned int m
 	if (smp_ops && smp_ops->bringup_done)
 		smp_ops->bringup_done();
 
+	/*
+	 * On a shared LPAR, associativity needs to be requested.
+	 * Hence, get numa topology before dumping cpu topology
+	 */
+	shared_proc_topology_init();
 	dump_numa_cpu_topology();
 
 	/*
--- a/arch/powerpc/mm/numa.c
+++ b/arch/powerpc/mm/numa.c
@@ -1078,7 +1078,6 @@ static int prrn_enabled;
 static void reset_topology_timer(void);
 static int topology_timer_secs = 1;
 static int topology_inited;
-static int topology_update_needed;
 
 /*
  * Change polling interval for associativity changes.
@@ -1306,11 +1305,8 @@ int numa_update_cpu_topology(bool cpus_l
 	struct device *dev;
 	int weight, new_nid, i = 0;
 
-	if (!prrn_enabled && !vphn_enabled) {
-		if (!topology_inited)
-			topology_update_needed = 1;
+	if (!prrn_enabled && !vphn_enabled && topology_inited)
 		return 0;
-	}
 
 	weight = cpumask_weight(&cpu_associativity_changes_mask);
 	if (!weight)
@@ -1423,7 +1419,6 @@ int numa_update_cpu_topology(bool cpus_l
 
 out:
 	kfree(updates);
-	topology_update_needed = 0;
 	return changed;
 }
 
@@ -1551,6 +1546,15 @@ int prrn_is_enabled(void)
 	return prrn_enabled;
 }
 
+void __init shared_proc_topology_init(void)
+{
+	if (lppaca_shared_proc(get_lppaca())) {
+		bitmap_fill(cpumask_bits(&cpu_associativity_changes_mask),
+			    nr_cpumask_bits);
+		numa_update_cpu_topology(false);
+	}
+}
+
 static int topology_read(struct seq_file *file, void *v)
 {
 	if (vphn_enabled || prrn_enabled)
@@ -1608,10 +1612,6 @@ static int topology_update_init(void)
 		return -ENOMEM;
 
 	topology_inited = 1;
-	if (topology_update_needed)
-		bitmap_fill(cpumask_bits(&cpu_associativity_changes_mask),
-					nr_cpumask_bits);
-
 	return 0;
 }
 device_initcall(topology_update_init);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 059/197] mm/fadvise.c: fix signed overflow UBSAN complaint
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (57 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 058/197] powerpc/topology: Get topology for shared processors at boot Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 060/197] mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM Greg Kroah-Hartman
                   ` (139 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Ryabinin, icytxw,
	Andrew Morton, Alexander Potapenko, Dmitry Vyukov,
	Linus Torvalds, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Andrey Ryabinin <aryabinin@virtuozzo.com>

[ Upstream commit a718e28f538441a3b6612da9ff226973376cdf0f ]

Signed integer overflow is undefined according to the C standard.  The
overflow in ksys_fadvise64_64() is deliberate, but since it is signed
overflow, UBSAN complains:

	UBSAN: Undefined behaviour in mm/fadvise.c:76:10
	signed integer overflow:
	4 + 9223372036854775805 cannot be represented in type 'long long int'

Use unsigned types to do math.  Unsigned overflow is defined so UBSAN
will not complain about it.  This patch doesn't change generated code.

[akpm@linux-foundation.org: add comment explaining the casts]
Link: http://lkml.kernel.org/r/20180629184453.7614-1-aryabinin@virtuozzo.com
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: <icytxw@gmail.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 mm/fadvise.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/mm/fadvise.c
+++ b/mm/fadvise.c
@@ -72,8 +72,12 @@ int ksys_fadvise64_64(int fd, loff_t off
 		goto out;
 	}
 
-	/* Careful about overflows. Len == 0 means "as much as possible" */
-	endbyte = offset + len;
+	/*
+	 * Careful about overflows. Len == 0 means "as much as possible".  Use
+	 * unsigned math because signed overflows are undefined and UBSan
+	 * complains.
+	 */
+	endbyte = (u64)offset + (u64)len;
 	if (!len || endbyte < len)
 		endbyte = -1;
 	else



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 060/197] mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (58 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 059/197] mm/fadvise.c: fix signed overflow UBSAN complaint Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 061/197] fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Greg Kroah-Hartman
                   ` (138 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mike Rapoport, Michal Hocko,
	Pavel Tatashin, Randy Dunlap, Pasha Tatashin, Andrew Morton,
	Linus Torvalds, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mike Rapoport <rppt@linux.vnet.ibm.com>

[ Upstream commit d39f8fb4b7776dcb09ec3bf7a321547083078ee3 ]

The deferred memory initialization relies on section definitions, e.g
PAGES_PER_SECTION, that are only available when CONFIG_SPARSEMEM=y on
most architectures.

Initially DEFERRED_STRUCT_PAGE_INIT depended on explicit
ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT configuration option, but since
the commit 2e3ca40f03bb13709df4 ("mm: relax deferred struct page
requirements") this requirement was relaxed and now it is possible to
enable DEFERRED_STRUCT_PAGE_INIT on architectures that support
DISCONTINGMEM and NO_BOOTMEM which causes build failures.

For instance, setting SMP=y and DEFERRED_STRUCT_PAGE_INIT=y on arc
causes the following build failure:

    CC      mm/page_alloc.o
  mm/page_alloc.c: In function 'update_defer_init':
  mm/page_alloc.c:321:14: error: 'PAGES_PER_SECTION'
  undeclared (first use in this function); did you mean 'USEC_PER_SEC'?
        (pfn & (PAGES_PER_SECTION - 1)) == 0) {
                ^~~~~~~~~~~~~~~~~
                USEC_PER_SEC
  mm/page_alloc.c:321:14: note: each undeclared identifier is reported only once for each function it appears in
  In file included from include/linux/cache.h:5:0,
                   from include/linux/printk.h:9,
                   from include/linux/kernel.h:14,
                   from include/asm-generic/bug.h:18,
                   from arch/arc/include/asm/bug.h:32,
                   from include/linux/bug.h:5,
                   from include/linux/mmdebug.h:5,
                   from include/linux/mm.h:9,
                   from mm/page_alloc.c:18:
  mm/page_alloc.c: In function 'deferred_grow_zone':
  mm/page_alloc.c:1624:52: error: 'PAGES_PER_SECTION' undeclared (first use in this function); did you mean 'USEC_PER_SEC'?
    unsigned long nr_pages_needed = ALIGN(1 << order, PAGES_PER_SECTION);
                                                      ^
  include/uapi/linux/kernel.h:11:47: note: in definition of macro '__ALIGN_KERNEL_MASK'
   #define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))
                                                 ^~~~
  include/linux/kernel.h:58:22: note: in expansion of macro '__ALIGN_KERNEL'
   #define ALIGN(x, a)  __ALIGN_KERNEL((x), (a))
                        ^~~~~~~~~~~~~~
  mm/page_alloc.c:1624:34: note: in expansion of macro 'ALIGN'
    unsigned long nr_pages_needed = ALIGN(1 << order, PAGES_PER_SECTION);
                                    ^~~~~
  In file included from include/asm-generic/bug.h:18:0,
                   from arch/arc/include/asm/bug.h:32,
                   from include/linux/bug.h:5,
                   from include/linux/mmdebug.h:5,
                   from include/linux/mm.h:9,
                   from mm/page_alloc.c:18:
  mm/page_alloc.c: In function 'free_area_init_node':
  mm/page_alloc.c:6379:50: error: 'PAGES_PER_SECTION' undeclared (first use in this function); did you mean 'USEC_PER_SEC'?
    pgdat->static_init_pgcnt = min_t(unsigned long, PAGES_PER_SECTION,
                                                    ^
  include/linux/kernel.h:812:22: note: in definition of macro '__typecheck'
     (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
                        ^
  include/linux/kernel.h:836:24: note: in expansion of macro '__safe_cmp'
    __builtin_choose_expr(__safe_cmp(x, y), \
                          ^~~~~~~~~~
  include/linux/kernel.h:904:27: note: in expansion of macro '__careful_cmp'
   #define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <)
                             ^~~~~~~~~~~~~
  mm/page_alloc.c:6379:29: note: in expansion of macro 'min_t'
    pgdat->static_init_pgcnt = min_t(unsigned long, PAGES_PER_SECTION,
                               ^~~~~
  include/linux/kernel.h:836:2: error: first argument to '__builtin_choose_expr' not a constant
    __builtin_choose_expr(__safe_cmp(x, y), \
    ^
  include/linux/kernel.h:904:27: note: in expansion of macro '__careful_cmp'
   #define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <)
                             ^~~~~~~~~~~~~
  mm/page_alloc.c:6379:29: note: in expansion of macro 'min_t'
    pgdat->static_init_pgcnt = min_t(unsigned long, PAGES_PER_SECTION,
                               ^~~~~
  scripts/Makefile.build:317: recipe for target 'mm/page_alloc.o' failed

Let's make the DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM
as the systems that support DISCONTIGMEM do not seem to have that huge
amounts of memory that would make DEFERRED_STRUCT_PAGE_INIT relevant.

Link: http://lkml.kernel.org/r/1530279308-24988-1-git-send-email-rppt@linux.vnet.ibm.com
Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Pavel Tatashin <pasha.tatashin@oracle.com>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Pasha Tatashin <Pavel.Tatashin@microsoft.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 mm/Kconfig |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -635,7 +635,7 @@ config DEFERRED_STRUCT_PAGE_INIT
 	bool "Defer initialisation of struct pages to kthreads"
 	default n
 	depends on NO_BOOTMEM
-	depends on !FLATMEM
+	depends on SPARSEMEM
 	depends on !NEED_PER_CPU_KM
 	help
 	  Ordinarily all struct pages are initialised during early boot in a



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 061/197] fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (59 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 060/197] mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 062/197] platform/x86: intel_punit_ipc: fix build errors Greg Kroah-Hartman
                   ` (137 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tetsuo Handa, Vegard Nossum, Al Viro,
	Andrew Morton, Linus Torvalds, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

[ Upstream commit 6cd00a01f0c1ae6a852b09c59b8dd55cc6c35d1d ]

Since only dentry->d_name.len + 1 bytes out of DNAME_INLINE_LEN bytes
are initialized at __d_alloc(), we can't copy the whole size
unconditionally.

 WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (ffff8fa27465ac50)
 636f6e66696766732e746d70000000000010000000000000020000000188ffff
  i i i i i i i i i i i i i u u u u u u u u u u i i i i i u u u u
                                  ^
 RIP: 0010:take_dentry_name_snapshot+0x28/0x50
 RSP: 0018:ffffa83000f5bdf8 EFLAGS: 00010246
 RAX: 0000000000000020 RBX: ffff8fa274b20550 RCX: 0000000000000002
 RDX: ffffa83000f5be40 RSI: ffff8fa27465ac50 RDI: ffffa83000f5be60
 RBP: ffffa83000f5bdf8 R08: ffffa83000f5be48 R09: 0000000000000001
 R10: ffff8fa27465ac00 R11: ffff8fa27465acc0 R12: ffff8fa27465ac00
 R13: ffff8fa27465acc0 R14: 0000000000000000 R15: 0000000000000000
 FS:  00007f79737ac8c0(0000) GS:ffffffff8fc30000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: ffff8fa274c0b000 CR3: 0000000134aa7002 CR4: 00000000000606f0
  take_dentry_name_snapshot+0x28/0x50
  vfs_rename+0x128/0x870
  SyS_rename+0x3b2/0x3d0
  entry_SYSCALL_64_fastpath+0x1a/0xa4
  0xffffffffffffffff

Link: http://lkml.kernel.org/r/201709131912.GBG39012.QMJLOVFSFFOOtH@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Vegard Nossum <vegard.nossum@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/dcache.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -292,7 +292,8 @@ void take_dentry_name_snapshot(struct na
 		spin_unlock(&dentry->d_lock);
 		name->name = p->name;
 	} else {
-		memcpy(name->inline_name, dentry->d_iname, DNAME_INLINE_LEN);
+		memcpy(name->inline_name, dentry->d_iname,
+		       dentry->d_name.len + 1);
 		spin_unlock(&dentry->d_lock);
 		name->name = name->inline_name;
 	}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 062/197] platform/x86: intel_punit_ipc: fix build errors
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (60 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 061/197] fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 063/197] bpf, sockmap: fix map elem deletion race with smap_stop_sock Greg Kroah-Hartman
                   ` (136 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Zha Qipeng,
	platform-driver-x86, Andy Shevchenko, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Randy Dunlap <rdunlap@infradead.org>

[ Upstream commit 340fd4cff43f18bace9358d4decdc9b6ed0715be ]

Fix build errors by #including <linux/io.h>.

../drivers/platform/x86/intel_punit_ipc.c: In function 'ipc_read_status':
../drivers/platform/x86/intel_punit_ipc.c:55:2: error: implicit declaration of function 'readl' [-Werror=implicit-function-declaration]
  return readl(ipcdev->base[type][BASE_IFACE]);
../drivers/platform/x86/intel_punit_ipc.c: In function 'ipc_write_cmd':
../drivers/platform/x86/intel_punit_ipc.c:60:2: error: implicit declaration of function 'writel' [-Werror=implicit-function-declaration]
  writel(cmd, ipcdev->base[type][BASE_IFACE]);

Fixes: 447ae3166702 ("x86: Don't include linux/irq.h from asm/hardirq.h")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Zha Qipeng <qipeng.zha@intel.com>
Cc: platform-driver-x86@vger.kernel.org
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/platform/x86/intel_punit_ipc.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/platform/x86/intel_punit_ipc.c
+++ b/drivers/platform/x86/intel_punit_ipc.c
@@ -17,6 +17,7 @@
 #include <linux/bitops.h>
 #include <linux/device.h>
 #include <linux/interrupt.h>
+#include <linux/io.h>
 #include <linux/platform_device.h>
 #include <asm/intel_punit_ipc.h>
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 063/197] bpf, sockmap: fix map elem deletion race with smap_stop_sock
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (61 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 062/197] platform/x86: intel_punit_ipc: fix build errors Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 064/197] tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach Greg Kroah-Hartman
                   ` (135 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Daniel Borkmann, John Fastabend,
	Song Liu, Alexei Starovoitov, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniel Borkmann <daniel@iogearbox.net>

[ Upstream commit 166ab6f0a0702fdd4d865ad5090bf3094ed83428 ]

The smap_start_sock() and smap_stop_sock() are each protected under
the sock->sk_callback_lock from their call-sites except in the case
of sock_map_delete_elem() where we drop the old socket from the map
slot. This is racy because the same sock could be part of multiple
sock maps, so we run smap_stop_sock() in parallel, and given at that
point psock->strp_enabled might be true on both CPUs, we might for
example wrongly restore the sk->sk_data_ready / sk->sk_write_space.
Therefore, hold the sock->sk_callback_lock as well on delete. Looks
like 2f857d04601a ("bpf: sockmap, remove STRPARSER map_flags and add
multi-map support") had this right, but later on e9db4ef6bf4c ("bpf:
sockhash fix omitted bucket lock in sock_close") removed it again
from delete leaving this smap_stop_sock() instance unprotected.

Fixes: e9db4ef6bf4c ("bpf: sockhash fix omitted bucket lock in sock_close")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/bpf/sockmap.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/kernel/bpf/sockmap.c
+++ b/kernel/bpf/sockmap.c
@@ -1784,8 +1784,11 @@ static int sock_map_delete_elem(struct b
 	if (!psock)
 		goto out;
 
-	if (psock->bpf_parse)
+	if (psock->bpf_parse) {
+		write_lock_bh(&sock->sk_callback_lock);
 		smap_stop_sock(psock, sock);
+		write_unlock_bh(&sock->sk_callback_lock);
+	}
 	smap_list_map_remove(psock, &stab->sock_map[k]);
 	smap_release_sock(psock, sock);
 out:



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 064/197] tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (62 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 063/197] bpf, sockmap: fix map elem deletion race with smap_stop_sock Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 065/197] bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist Greg Kroah-Hartman
                   ` (134 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Daniel Borkmann, John Fastabend,
	Song Liu, Alexei Starovoitov, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniel Borkmann <daniel@iogearbox.net>

[ Upstream commit 90545cdc3f2b2ea700e24335610cd181e73756da ]

I found that in BPF sockmap programs once we either delete a socket
from the map or we updated a map slot and the old socket was purged
from the map that these socket can never get reattached into a map
even though their related psock has been dropped entirely at that
point.

Reason is that tcp_cleanup_ulp() leaves the old icsk->icsk_ulp_ops
intact, so that on the next tcp_set_ulp_id() the kernel returns an
-EEXIST thinking there is still some active ULP attached.

BPF sockmap is the only one that has this issue as the other user,
kTLS, only calls tcp_cleanup_ulp() from tcp_v4_destroy_sock() whereas
sockmap semantics allow dropping the socket from the map with all
related psock state being cleaned up.

Fixes: 1aa12bdf1bfb ("bpf: sockmap, add sock close() hook to remove socks")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv4/tcp_ulp.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/net/ipv4/tcp_ulp.c
+++ b/net/ipv4/tcp_ulp.c
@@ -129,6 +129,8 @@ void tcp_cleanup_ulp(struct sock *sk)
 	if (icsk->icsk_ulp_ops->release)
 		icsk->icsk_ulp_ops->release(sk);
 	module_put(icsk->icsk_ulp_ops->owner);
+
+	icsk->icsk_ulp_ops = NULL;
 }
 
 /* Change upper layer protocol for socket */



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 065/197] bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (63 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 064/197] tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 066/197] net/xdp: Fix suspicious RCU usage warning Greg Kroah-Hartman
                   ` (133 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Daniel Borkmann, John Fastabend,
	Song Liu, Alexei Starovoitov, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniel Borkmann <daniel@iogearbox.net>

[ Upstream commit 585f5a6252ee43ec8feeee07387e3fcc7e8bb292 ]

The current code in sock_map_ctx_update_elem() allows for BPF_EXIST
and BPF_NOEXIST map update flags. While on array-like maps this approach
is rather uncommon, e.g. bpf_fd_array_map_update_elem() and others
enforce map update flags to be BPF_ANY such that xchg() can be used
directly, the current implementation in sock map does not guarantee
that such operation with BPF_EXIST / BPF_NOEXIST is atomic.

The initial test does a READ_ONCE(stab->sock_map[i]) to fetch the
socket from the slot which is then tested for NULL / non-NULL. However
later after __sock_map_ctx_update_elem(), the actual update is done
through osock = xchg(&stab->sock_map[i], sock). Problem is that in
the meantime a different CPU could have updated / deleted a socket
on that specific slot and thus flag contraints won't hold anymore.

I've been thinking whether best would be to just break UAPI and do
an enforcement of BPF_ANY to check if someone actually complains,
however trouble is that already in BPF kselftest we use BPF_NOEXIST
for the map update, and therefore it might have been copied into
applications already. The fix to keep the current behavior intact
would be to add a map lock similar to the sock hash bucket lock only
for covering the whole map.

Fixes: 174a79ff9515 ("bpf: sockmap with sk redirect support")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/bpf/sockmap.c |  106 +++++++++++++++++++++++++++------------------------
 1 file changed, 57 insertions(+), 49 deletions(-)

--- a/kernel/bpf/sockmap.c
+++ b/kernel/bpf/sockmap.c
@@ -58,6 +58,7 @@ struct bpf_stab {
 	struct bpf_map map;
 	struct sock **sock_map;
 	struct bpf_sock_progs progs;
+	raw_spinlock_t lock;
 };
 
 struct bucket {
@@ -89,9 +90,9 @@ enum smap_psock_state {
 
 struct smap_psock_map_entry {
 	struct list_head list;
+	struct bpf_map *map;
 	struct sock **entry;
 	struct htab_elem __rcu *hash_link;
-	struct bpf_htab __rcu *htab;
 };
 
 struct smap_psock {
@@ -343,13 +344,18 @@ static void bpf_tcp_close(struct sock *s
 	e = psock_map_pop(sk, psock);
 	while (e) {
 		if (e->entry) {
-			osk = cmpxchg(e->entry, sk, NULL);
+			struct bpf_stab *stab = container_of(e->map, struct bpf_stab, map);
+
+			raw_spin_lock_bh(&stab->lock);
+			osk = *e->entry;
 			if (osk == sk) {
+				*e->entry = NULL;
 				smap_release_sock(psock, sk);
 			}
+			raw_spin_unlock_bh(&stab->lock);
 		} else {
 			struct htab_elem *link = rcu_dereference(e->hash_link);
-			struct bpf_htab *htab = rcu_dereference(e->htab);
+			struct bpf_htab *htab = container_of(e->map, struct bpf_htab, map);
 			struct hlist_head *head;
 			struct htab_elem *l;
 			struct bucket *b;
@@ -1644,6 +1650,7 @@ static struct bpf_map *sock_map_alloc(un
 		return ERR_PTR(-ENOMEM);
 
 	bpf_map_init_from_attr(&stab->map, attr);
+	raw_spin_lock_init(&stab->lock);
 
 	/* make sure page count doesn't overflow */
 	cost = (u64) stab->map.max_entries * sizeof(struct sock *);
@@ -1714,14 +1721,15 @@ static void sock_map_free(struct bpf_map
 	 * and a grace period expire to ensure psock is really safe to remove.
 	 */
 	rcu_read_lock();
+	raw_spin_lock_bh(&stab->lock);
 	for (i = 0; i < stab->map.max_entries; i++) {
 		struct smap_psock *psock;
 		struct sock *sock;
 
-		sock = xchg(&stab->sock_map[i], NULL);
+		sock = stab->sock_map[i];
 		if (!sock)
 			continue;
-
+		stab->sock_map[i] = NULL;
 		psock = smap_psock_sk(sock);
 		/* This check handles a racing sock event that can get the
 		 * sk_callback_lock before this case but after xchg happens
@@ -1733,6 +1741,7 @@ static void sock_map_free(struct bpf_map
 			smap_release_sock(psock, sock);
 		}
 	}
+	raw_spin_unlock_bh(&stab->lock);
 	rcu_read_unlock();
 
 	sock_map_remove_complete(stab);
@@ -1776,14 +1785,16 @@ static int sock_map_delete_elem(struct b
 	if (k >= map->max_entries)
 		return -EINVAL;
 
-	sock = xchg(&stab->sock_map[k], NULL);
+	raw_spin_lock_bh(&stab->lock);
+	sock = stab->sock_map[k];
+	stab->sock_map[k] = NULL;
+	raw_spin_unlock_bh(&stab->lock);
 	if (!sock)
 		return -EINVAL;
 
 	psock = smap_psock_sk(sock);
 	if (!psock)
-		goto out;
-
+		return 0;
 	if (psock->bpf_parse) {
 		write_lock_bh(&sock->sk_callback_lock);
 		smap_stop_sock(psock, sock);
@@ -1791,7 +1802,6 @@ static int sock_map_delete_elem(struct b
 	}
 	smap_list_map_remove(psock, &stab->sock_map[k]);
 	smap_release_sock(psock, sock);
-out:
 	return 0;
 }
 
@@ -1827,11 +1837,9 @@ out:
 static int __sock_map_ctx_update_elem(struct bpf_map *map,
 				      struct bpf_sock_progs *progs,
 				      struct sock *sock,
-				      struct sock **map_link,
 				      void *key)
 {
 	struct bpf_prog *verdict, *parse, *tx_msg;
-	struct smap_psock_map_entry *e = NULL;
 	struct smap_psock *psock;
 	bool new = false;
 	int err = 0;
@@ -1904,14 +1912,6 @@ static int __sock_map_ctx_update_elem(st
 		new = true;
 	}
 
-	if (map_link) {
-		e = kzalloc(sizeof(*e), GFP_ATOMIC | __GFP_NOWARN);
-		if (!e) {
-			err = -ENOMEM;
-			goto out_free;
-		}
-	}
-
 	/* 3. At this point we have a reference to a valid psock that is
 	 * running. Attach any BPF programs needed.
 	 */
@@ -1933,17 +1933,6 @@ static int __sock_map_ctx_update_elem(st
 		write_unlock_bh(&sock->sk_callback_lock);
 	}
 
-	/* 4. Place psock in sockmap for use and stop any programs on
-	 * the old sock assuming its not the same sock we are replacing
-	 * it with. Because we can only have a single set of programs if
-	 * old_sock has a strp we can stop it.
-	 */
-	if (map_link) {
-		e->entry = map_link;
-		spin_lock_bh(&psock->maps_lock);
-		list_add_tail(&e->list, &psock->maps);
-		spin_unlock_bh(&psock->maps_lock);
-	}
 	return err;
 out_free:
 	smap_release_sock(psock, sock);
@@ -1954,7 +1943,6 @@ out_progs:
 	}
 	if (tx_msg)
 		bpf_prog_put(tx_msg);
-	kfree(e);
 	return err;
 }
 
@@ -1964,36 +1952,57 @@ static int sock_map_ctx_update_elem(stru
 {
 	struct bpf_stab *stab = container_of(map, struct bpf_stab, map);
 	struct bpf_sock_progs *progs = &stab->progs;
-	struct sock *osock, *sock;
+	struct sock *osock, *sock = skops->sk;
+	struct smap_psock_map_entry *e;
+	struct smap_psock *psock;
 	u32 i = *(u32 *)key;
 	int err;
 
 	if (unlikely(flags > BPF_EXIST))
 		return -EINVAL;
-
 	if (unlikely(i >= stab->map.max_entries))
 		return -E2BIG;
 
-	sock = READ_ONCE(stab->sock_map[i]);
-	if (flags == BPF_EXIST && !sock)
-		return -ENOENT;
-	else if (flags == BPF_NOEXIST && sock)
-		return -EEXIST;
+	e = kzalloc(sizeof(*e), GFP_ATOMIC | __GFP_NOWARN);
+	if (!e)
+		return -ENOMEM;
 
-	sock = skops->sk;
-	err = __sock_map_ctx_update_elem(map, progs, sock, &stab->sock_map[i],
-					 key);
+	err = __sock_map_ctx_update_elem(map, progs, sock, key);
 	if (err)
 		goto out;
 
-	osock = xchg(&stab->sock_map[i], sock);
-	if (osock) {
-		struct smap_psock *opsock = smap_psock_sk(osock);
+	/* psock guaranteed to be present. */
+	psock = smap_psock_sk(sock);
+	raw_spin_lock_bh(&stab->lock);
+	osock = stab->sock_map[i];
+	if (osock && flags == BPF_NOEXIST) {
+		err = -EEXIST;
+		goto out_unlock;
+	}
+	if (!osock && flags == BPF_EXIST) {
+		err = -ENOENT;
+		goto out_unlock;
+	}
+
+	e->entry = &stab->sock_map[i];
+	e->map = map;
+	spin_lock_bh(&psock->maps_lock);
+	list_add_tail(&e->list, &psock->maps);
+	spin_unlock_bh(&psock->maps_lock);
 
-		smap_list_map_remove(opsock, &stab->sock_map[i]);
-		smap_release_sock(opsock, osock);
+	stab->sock_map[i] = sock;
+	if (osock) {
+		psock = smap_psock_sk(osock);
+		smap_list_map_remove(psock, &stab->sock_map[i]);
+		smap_release_sock(psock, osock);
 	}
+	raw_spin_unlock_bh(&stab->lock);
+	return 0;
+out_unlock:
+	smap_release_sock(psock, sock);
+	raw_spin_unlock_bh(&stab->lock);
 out:
+	kfree(e);
 	return err;
 }
 
@@ -2356,7 +2365,7 @@ static int sock_hash_ctx_update_elem(str
 	b = __select_bucket(htab, hash);
 	head = &b->head;
 
-	err = __sock_map_ctx_update_elem(map, progs, sock, NULL, key);
+	err = __sock_map_ctx_update_elem(map, progs, sock, key);
 	if (err)
 		goto err;
 
@@ -2382,8 +2391,7 @@ static int sock_hash_ctx_update_elem(str
 	}
 
 	rcu_assign_pointer(e->hash_link, l_new);
-	rcu_assign_pointer(e->htab,
-			   container_of(map, struct bpf_htab, map));
+	e->map = map;
 	spin_lock_bh(&psock->maps_lock);
 	list_add_tail(&e->list, &psock->maps);
 	spin_unlock_bh(&psock->maps_lock);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 066/197] net/xdp: Fix suspicious RCU usage warning
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (64 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 065/197] bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 067/197] bpf, sockmap: fix leakage of smap_psock_map_entry Greg Kroah-Hartman
                   ` (132 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tariq Toukan, Daniel Borkmann,
	Jesper Dangaard Brouer, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tariq Toukan <tariqt@mellanox.com>

[ Upstream commit 21b172ee11b6ec260bd7e6a27b11a8a8d392fce5 ]

Fix the warning below by calling rhashtable_lookup_fast.
Also, make some code movements for better quality and human
readability.

[  342.450870] WARNING: suspicious RCU usage
[  342.455856] 4.18.0-rc2+ #17 Tainted: G           O
[  342.462210] -----------------------------
[  342.467202] ./include/linux/rhashtable.h:481 suspicious rcu_dereference_check() usage!
[  342.476568]
[  342.476568] other info that might help us debug this:
[  342.476568]
[  342.486978]
[  342.486978] rcu_scheduler_active = 2, debug_locks = 1
[  342.495211] 4 locks held by modprobe/3934:
[  342.500265]  #0: 00000000e23116b2 (mlx5_intf_mutex){+.+.}, at:
mlx5_unregister_interface+0x18/0x90 [mlx5_core]
[  342.511953]  #1: 00000000ca16db96 (rtnl_mutex){+.+.}, at: unregister_netdev+0xe/0x20
[  342.521109]  #2: 00000000a46e2c4b (&priv->state_lock){+.+.}, at: mlx5e_close+0x29/0x60
[mlx5_core]
[  342.531642]  #3: 0000000060c5bde3 (mem_id_lock){+.+.}, at: xdp_rxq_info_unreg+0x93/0x6b0
[  342.541206]
[  342.541206] stack backtrace:
[  342.547075] CPU: 12 PID: 3934 Comm: modprobe Tainted: G           O      4.18.0-rc2+ #17
[  342.556621] Hardware name: Dell Inc. PowerEdge R730/0H21J3, BIOS 1.5.4 10/002/2015
[  342.565606] Call Trace:
[  342.568861]  dump_stack+0x78/0xb3
[  342.573086]  xdp_rxq_info_unreg+0x3f5/0x6b0
[  342.578285]  ? __call_rcu+0x220/0x300
[  342.582911]  mlx5e_free_rq+0x38/0xc0 [mlx5_core]
[  342.588602]  mlx5e_close_channel+0x20/0x120 [mlx5_core]
[  342.594976]  mlx5e_close_channels+0x26/0x40 [mlx5_core]
[  342.601345]  mlx5e_close_locked+0x44/0x50 [mlx5_core]
[  342.607519]  mlx5e_close+0x42/0x60 [mlx5_core]
[  342.613005]  __dev_close_many+0xb1/0x120
[  342.617911]  dev_close_many+0xa2/0x170
[  342.622622]  rollback_registered_many+0x148/0x460
[  342.628401]  ? __lock_acquire+0x48d/0x11b0
[  342.633498]  ? unregister_netdev+0xe/0x20
[  342.638495]  rollback_registered+0x56/0x90
[  342.643588]  unregister_netdevice_queue+0x7e/0x100
[  342.649461]  unregister_netdev+0x18/0x20
[  342.654362]  mlx5e_remove+0x2a/0x50 [mlx5_core]
[  342.659944]  mlx5_remove_device+0xe5/0x110 [mlx5_core]
[  342.666208]  mlx5_unregister_interface+0x39/0x90 [mlx5_core]
[  342.673038]  cleanup+0x5/0xbfc [mlx5_core]
[  342.678094]  __x64_sys_delete_module+0x16b/0x240
[  342.683725]  ? do_syscall_64+0x1c/0x210
[  342.688476]  do_syscall_64+0x5a/0x210
[  342.693025]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: 8d5d88527587 ("xdp: rhashtable with allocator ID to pointer mapping")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Suggested-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/core/xdp.c |   14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

--- a/net/core/xdp.c
+++ b/net/core/xdp.c
@@ -95,23 +95,15 @@ static void __xdp_rxq_info_unreg_mem_mod
 {
 	struct xdp_mem_allocator *xa;
 	int id = xdp_rxq->mem.id;
-	int err;
 
 	if (id == 0)
 		return;
 
 	mutex_lock(&mem_id_lock);
 
-	xa = rhashtable_lookup(mem_id_ht, &id, mem_id_rht_params);
-	if (!xa) {
-		mutex_unlock(&mem_id_lock);
-		return;
-	}
-
-	err = rhashtable_remove_fast(mem_id_ht, &xa->node, mem_id_rht_params);
-	WARN_ON(err);
-
-	call_rcu(&xa->rcu, __xdp_mem_allocator_rcu_free);
+	xa = rhashtable_lookup_fast(mem_id_ht, &id, mem_id_rht_params);
+	if (xa && !rhashtable_remove_fast(mem_id_ht, &xa->node, mem_id_rht_params))
+		call_rcu(&xa->rcu, __xdp_mem_allocator_rcu_free);
 
 	mutex_unlock(&mem_id_lock);
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 067/197] bpf, sockmap: fix leakage of smap_psock_map_entry
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (65 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 066/197] net/xdp: Fix suspicious RCU usage warning Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 068/197] samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM Greg Kroah-Hartman
                   ` (131 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Daniel Borkmann, John Fastabend,
	Song Liu, Alexei Starovoitov, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniel Borkmann <daniel@iogearbox.net>

[ Upstream commit d40b0116c94bd8fc2b63aae35ce8e66bb53bba42 ]

While working on sockmap I noticed that we do not always kfree the
struct smap_psock_map_entry list elements which track psocks attached
to maps. In the case of sock_hash_ctx_update_elem(), these map entries
are allocated outside of __sock_map_ctx_update_elem() with their
linkage to the socket hash table filled. In the case of sock array,
the map entries are allocated inside of __sock_map_ctx_update_elem()
and added with their linkage to the psock->maps. Both additions are
under psock->maps_lock each.

Now, we drop these elements from their psock->maps list in a few
occasions: i) in sock array via smap_list_map_remove() when an entry
is either deleted from the map from user space, or updated via
user space or BPF program where we drop the old socket at that map
slot, or the sock array is freed via sock_map_free() and drops all
its elements; ii) for sock hash via smap_list_hash_remove() in exactly
the same occasions as just described for sock array; iii) in the
bpf_tcp_close() where we remove the elements from the list via
psock_map_pop() and iterate over them dropping themselves from either
sock array or sock hash; and last but not least iv) once again in
smap_gc_work() which is a callback for deferring the work once the
psock refcount hit zero and thus the socket is being destroyed.

Problem is that the only case where we kfree() the list entry is
in case iv), which at that point should have an empty list in
normal cases. So in cases from i) to iii) we unlink the elements
without freeing where they go out of reach from us. Hence fix is
to properly kfree() them as well to stop the leakage. Given these
are all handled under psock->maps_lock there is no need for deferred
RCU freeing.

I later also ran with kmemleak detector and it confirmed the finding
as well where in the state before the fix the object goes unreferenced
while after the patch no kmemleak report related to BPF showed up.

  [...]
  unreferenced object 0xffff880378eadae0 (size 64):
    comm "test_sockmap", pid 2225, jiffies 4294720701 (age 43.504s)
    hex dump (first 32 bytes):
      00 01 00 00 00 00 ad de 00 02 00 00 00 00 ad de  ................
      50 4d 75 5d 03 88 ff ff 00 00 00 00 00 00 00 00  PMu]............
    backtrace:
      [<000000005225ac3c>] sock_map_ctx_update_elem.isra.21+0xd8/0x210
      [<0000000045dd6d3c>] bpf_sock_map_update+0x29/0x60
      [<00000000877723aa>] ___bpf_prog_run+0x1e1f/0x4960
      [<000000002ef89e83>] 0xffffffffffffffff
  unreferenced object 0xffff880378ead240 (size 64):
    comm "test_sockmap", pid 2225, jiffies 4294720701 (age 43.504s)
    hex dump (first 32 bytes):
      00 01 00 00 00 00 ad de 00 02 00 00 00 00 ad de  ................
      00 44 75 5d 03 88 ff ff 00 00 00 00 00 00 00 00  .Du]............
    backtrace:
      [<000000005225ac3c>] sock_map_ctx_update_elem.isra.21+0xd8/0x210
      [<0000000030e37a3a>] sock_map_update_elem+0x125/0x240
      [<000000002e5ce36e>] map_update_elem+0x4eb/0x7b0
      [<00000000db453cc9>] __x64_sys_bpf+0x1f9/0x360
      [<0000000000763660>] do_syscall_64+0x9a/0x300
      [<00000000422a2bb2>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
      [<000000002ef89e83>] 0xffffffffffffffff
  [...]

Fixes: e9db4ef6bf4c ("bpf: sockhash fix omitted bucket lock in sock_close")
Fixes: 54fedb42c653 ("bpf: sockmap, fix smap_list_map_remove when psock is in many maps")
Fixes: 2f857d04601a ("bpf: sockmap, remove STRPARSER map_flags and add multi-map support")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/bpf/sockmap.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

--- a/kernel/bpf/sockmap.c
+++ b/kernel/bpf/sockmap.c
@@ -376,6 +376,7 @@ static void bpf_tcp_close(struct sock *s
 			}
 			raw_spin_unlock_bh(&b->lock);
 		}
+		kfree(e);
 		e = psock_map_pop(sk, psock);
 	}
 	rcu_read_unlock();
@@ -1685,8 +1686,10 @@ static void smap_list_map_remove(struct
 
 	spin_lock_bh(&psock->maps_lock);
 	list_for_each_entry_safe(e, tmp, &psock->maps, list) {
-		if (e->entry == entry)
+		if (e->entry == entry) {
 			list_del(&e->list);
+			kfree(e);
+		}
 	}
 	spin_unlock_bh(&psock->maps_lock);
 }
@@ -1700,8 +1703,10 @@ static void smap_list_hash_remove(struct
 	list_for_each_entry_safe(e, tmp, &psock->maps, list) {
 		struct htab_elem *c = rcu_dereference(e->hash_link);
 
-		if (c == hash_link)
+		if (c == hash_link) {
 			list_del(&e->list);
+			kfree(e);
+		}
 	}
 	spin_unlock_bh(&psock->maps_lock);
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 068/197] samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (66 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 067/197] bpf, sockmap: fix leakage of smap_psock_map_entry Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 069/197] netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses Greg Kroah-Hartman
                   ` (130 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jean-Tsung Hsiao,
	Jesper Dangaard Brouer, Yonghong Song, Daniel Borkmann,
	Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jesper Dangaard Brouer <brouer@redhat.com>

[ Upstream commit 817b89beb9d8876450fcde9155e17425c329569d ]

It is common XDP practice to unload/deattach the XDP bpf program,
when the XDP sample program is Ctrl-C interrupted (SIGINT) or
killed (SIGTERM).

The samples/bpf programs xdp_redirect_cpu and xdp_rxq_info,
forgot to trap signal SIGTERM (which is the default signal used
by the kill command).

This was discovered by Red Hat QA, which automated scripts depend
on killing the XDP sample program after a timeout period.

Fixes: fad3917e361b ("samples/bpf: add cpumap sample program xdp_redirect_cpu")
Fixes: 0fca931a6f21 ("samples/bpf: program demonstrating access to xdp_rxq_info")
Reported-by: Jean-Tsung Hsiao <jhsiao@redhat.com>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 samples/bpf/xdp_redirect_cpu_user.c |    3 ++-
 samples/bpf/xdp_rxq_info_user.c     |    3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

--- a/samples/bpf/xdp_redirect_cpu_user.c
+++ b/samples/bpf/xdp_redirect_cpu_user.c
@@ -679,8 +679,9 @@ int main(int argc, char **argv)
 		return EXIT_FAIL_OPTION;
 	}
 
-	/* Remove XDP program when program is interrupted */
+	/* Remove XDP program when program is interrupted or killed */
 	signal(SIGINT, int_exit);
+	signal(SIGTERM, int_exit);
 
 	if (bpf_set_link_xdp_fd(ifindex, prog_fd[prog_num], xdp_flags) < 0) {
 		fprintf(stderr, "link set xdp fd failed\n");
--- a/samples/bpf/xdp_rxq_info_user.c
+++ b/samples/bpf/xdp_rxq_info_user.c
@@ -534,8 +534,9 @@ int main(int argc, char **argv)
 		exit(EXIT_FAIL_BPF);
 	}
 
-	/* Remove XDP program when program is interrupted */
+	/* Remove XDP program when program is interrupted or killed */
 	signal(SIGINT, int_exit);
+	signal(SIGTERM, int_exit);
 
 	if (bpf_set_link_xdp_fd(ifindex, prog_fd, xdp_flags) < 0) {
 		fprintf(stderr, "link set xdp fd failed\n");



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 069/197] netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (67 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 068/197] samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 070/197] s390/kdump: Fix memleak in nt_vmcoreinfo Greg Kroah-Hartman
                   ` (129 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Roman Mamedov, Florian Westphal,
	Pablo Neira Ayuso, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Florian Westphal <fw@strlen.de>

[ Upstream commit da786717e0894886301ed2536843c13f9e8fd53e ]

Roman reports that DHCPv6 client no longer sees replies from server
due to

ip6tables -t raw -A PREROUTING -m rpfilter --invert -j DROP

rule.  We need to set the F_IFACE flag for linklocal addresses, they
are scoped per-device.

Fixes: 47b7e7f82802 ("netfilter: don't set F_IFACE on ipv6 fib lookups")
Reported-by: Roman Mamedov <rm@romanrm.net>
Tested-by: Roman Mamedov <rm@romanrm.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/netfilter/ip6t_rpfilter.c |   12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

--- a/net/ipv6/netfilter/ip6t_rpfilter.c
+++ b/net/ipv6/netfilter/ip6t_rpfilter.c
@@ -26,6 +26,12 @@ static bool rpfilter_addr_unicast(const
 	return addr_type & IPV6_ADDR_UNICAST;
 }
 
+static bool rpfilter_addr_linklocal(const struct in6_addr *addr)
+{
+	int addr_type = ipv6_addr_type(addr);
+	return addr_type & IPV6_ADDR_LINKLOCAL;
+}
+
 static bool rpfilter_lookup_reverse6(struct net *net, const struct sk_buff *skb,
 				     const struct net_device *dev, u8 flags)
 {
@@ -48,7 +54,11 @@ static bool rpfilter_lookup_reverse6(str
 	}
 
 	fl6.flowi6_mark = flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;
-	if ((flags & XT_RPFILTER_LOOSE) == 0)
+
+	if (rpfilter_addr_linklocal(&iph->saddr)) {
+		lookup_flags |= RT6_LOOKUP_F_IFACE;
+		fl6.flowi6_oif = dev->ifindex;
+	} else if ((flags & XT_RPFILTER_LOOSE) == 0)
 		fl6.flowi6_oif = dev->ifindex;
 
 	rt = (void *)ip6_route_lookup(net, &fl6, skb, lookup_flags);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 070/197] s390/kdump: Fix memleak in nt_vmcoreinfo
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (68 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 069/197] netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 071/197] ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Greg Kroah-Hartman
                   ` (128 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Philipp Rudo, Heiko Carstens, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Philipp Rudo <prudo@linux.ibm.com>

[ Upstream commit 2d2e7075b87181ed0c675e4936e20bdadba02e1f ]

The vmcoreinfo of a crashed system is potentially fragmented. Thus the
crash kernel has an intermediate step where the vmcoreinfo is copied into a
temporary, continuous buffer in the crash kernel memory. This temporary
buffer is never freed. Free it now to prevent the memleak.

While at it replace all occurrences of "VMCOREINFO" by its corresponding
macro to prevent potential renaming issues.

Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/s390/kernel/crash_dump.c |   17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

--- a/arch/s390/kernel/crash_dump.c
+++ b/arch/s390/kernel/crash_dump.c
@@ -404,11 +404,13 @@ static void *get_vmcoreinfo_old(unsigned
 	if (copy_oldmem_kernel(nt_name, addr + sizeof(note),
 			       sizeof(nt_name) - 1))
 		return NULL;
-	if (strcmp(nt_name, "VMCOREINFO") != 0)
+	if (strcmp(nt_name, VMCOREINFO_NOTE_NAME) != 0)
 		return NULL;
 	vmcoreinfo = kzalloc_panic(note.n_descsz);
-	if (copy_oldmem_kernel(vmcoreinfo, addr + 24, note.n_descsz))
+	if (copy_oldmem_kernel(vmcoreinfo, addr + 24, note.n_descsz)) {
+		kfree(vmcoreinfo);
 		return NULL;
+	}
 	*size = note.n_descsz;
 	return vmcoreinfo;
 }
@@ -418,15 +420,20 @@ static void *get_vmcoreinfo_old(unsigned
  */
 static void *nt_vmcoreinfo(void *ptr)
 {
+	const char *name = VMCOREINFO_NOTE_NAME;
 	unsigned long size;
 	void *vmcoreinfo;
 
 	vmcoreinfo = os_info_old_entry(OS_INFO_VMCOREINFO, &size);
-	if (!vmcoreinfo)
-		vmcoreinfo = get_vmcoreinfo_old(&size);
+	if (vmcoreinfo)
+		return nt_init_name(ptr, 0, vmcoreinfo, size, name);
+
+	vmcoreinfo = get_vmcoreinfo_old(&size);
 	if (!vmcoreinfo)
 		return ptr;
-	return nt_init_name(ptr, 0, vmcoreinfo, size, "VMCOREINFO");
+	ptr = nt_init_name(ptr, 0, vmcoreinfo, size, name);
+	kfree(vmcoreinfo);
+	return ptr;
 }
 
 /*



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 071/197] ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (69 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 070/197] s390/kdump: Fix memleak in nt_vmcoreinfo Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 072/197] mfd: sm501: Set coherent_dma_mask when creating subdevices Greg Kroah-Hartman
                   ` (127 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tan Hu, Jiang Biao, Julian Anastasov,
	Simon Horman, Pablo Neira Ayuso, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tan Hu <tan.hu@zte.com.cn>

[ Upstream commit a53b42c11815d2357e31a9403ae3950517525894 ]

We came across infinite loop in ipvs when using ipvs in docker
env.

When ipvs receives new packets and cannot find an ipvs connection,
it will create a new connection, then if the dest is unavailable
(i.e. IP_VS_DEST_F_AVAILABLE), the packet will be dropped sliently.

But if the dropped packet is the first packet of this connection,
the connection control timer never has a chance to start and the
ipvs connection cannot be released. This will lead to memory leak, or
infinite loop in cleanup_net() when net namespace is released like
this:

    ip_vs_conn_net_cleanup at ffffffffa0a9f31a [ip_vs]
    __ip_vs_cleanup at ffffffffa0a9f60a [ip_vs]
    ops_exit_list at ffffffff81567a49
    cleanup_net at ffffffff81568b40
    process_one_work at ffffffff810a851b
    worker_thread at ffffffff810a9356
    kthread at ffffffff810b0b6f
    ret_from_fork at ffffffff81697a18

race condition:
    CPU1                           CPU2
    ip_vs_in()
      ip_vs_conn_new()
                                   ip_vs_del_dest()
                                     __ip_vs_unlink_dest()
                                       ~IP_VS_DEST_F_AVAILABLE
      cp->dest && !IP_VS_DEST_F_AVAILABLE
      __ip_vs_conn_put
    ...
    cleanup_net  ---> infinite looping

Fix this by checking whether the timer already started.

Signed-off-by: Tan Hu <tan.hu@zte.com.cn>
Reviewed-by: Jiang Biao <jiang.biao2@zte.com.cn>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/netfilter/ipvs/ip_vs_core.c |   15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1972,13 +1972,20 @@ ip_vs_in(struct netns_ipvs *ipvs, unsign
 	if (cp->dest && !(cp->dest->flags & IP_VS_DEST_F_AVAILABLE)) {
 		/* the destination server is not available */
 
-		if (sysctl_expire_nodest_conn(ipvs)) {
+		__u32 flags = cp->flags;
+
+		/* when timer already started, silently drop the packet.*/
+		if (timer_pending(&cp->timer))
+			__ip_vs_conn_put(cp);
+		else
+			ip_vs_conn_put(cp);
+
+		if (sysctl_expire_nodest_conn(ipvs) &&
+		    !(flags & IP_VS_CONN_F_ONE_PACKET)) {
 			/* try to expire the connection immediately */
 			ip_vs_conn_expire_now(cp);
 		}
-		/* don't restart its timer, and silently
-		   drop the packet. */
-		__ip_vs_conn_put(cp);
+
 		return NF_DROP;
 	}
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 072/197] mfd: sm501: Set coherent_dma_mask when creating subdevices
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (70 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 071/197] ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 073/197] netfilter: x_tables: do not fail xt_alloc_table_info too easilly Greg Kroah-Hartman
                   ` (126 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Lee Jones, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Guenter Roeck <linux@roeck-us.net>

[ Upstream commit 2f606da78230f09cf1a71fde6ee91d0c710fa2b2 ]

Instantiating the sm501 OHCI subdevice results in a kernel warning.

sm501-usb sm501-usb: SM501 OHCI
sm501-usb sm501-usb: new USB bus registered, assigned bus number 1
WARNING: CPU: 0 PID: 1 at ./include/linux/dma-mapping.h:516
ohci_init+0x194/0x2d8
Modules linked in:

CPU: 0 PID: 1 Comm: swapper Tainted: G        W
4.18.0-rc7-00178-g0b5b1f9a78b5 #1
PC is at ohci_init+0x194/0x2d8
PR is at ohci_init+0x168/0x2d8
PC  : 8c27844c SP  : 8f81dd94 SR  : 40008001
TEA : 29613060
R0  : 00000000 R1  : 00000000 R2  : 00000000 R3  : 00000202
R4  : 8fa98b88 R5  : 8c277e68 R6  : 00000000 R7  : 00000000
R8  : 8f965814 R9  : 8c388100 R10 : 8fa98800 R11 : 8fa98928
R12 : 8c48302c R13 : 8fa98920 R14 : 8c48302c
MACH: 00000096 MACL: 0000017c GBR : 00000000 PR  : 8c278420

Call trace:
 [<(ptrval)>] usb_add_hcd+0x1e8/0x6ec
 [<(ptrval)>] _dev_info+0x0/0x54
 [<(ptrval)>] arch_local_save_flags+0x0/0x8
 [<(ptrval)>] arch_local_irq_restore+0x0/0x24
 [<(ptrval)>] ohci_hcd_sm501_drv_probe+0x114/0x2d8
...

Initialize coherent_dma_mask when creating SM501 subdevices to fix
the problem.

Fixes: b6d6454fdb66f ("mfd: SM501 core driver")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/mfd/sm501.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/mfd/sm501.c
+++ b/drivers/mfd/sm501.c
@@ -715,6 +715,7 @@ sm501_create_subdev(struct sm501_devdata
 	smdev->pdev.name = name;
 	smdev->pdev.id = sm->pdev_id;
 	smdev->pdev.dev.parent = sm->dev;
+	smdev->pdev.dev.coherent_dma_mask = 0xffffffff;
 
 	if (res_count) {
 		smdev->pdev.resource = (struct resource *)(smdev+1);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 073/197] netfilter: x_tables: do not fail xt_alloc_table_info too easilly
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (71 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 072/197] mfd: sm501: Set coherent_dma_mask when creating subdevices Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 074/197] platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Greg Kroah-Hartman
                   ` (125 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Georgi Nikolov, Vlastimil Babka,
	Florian Westphal, Michal Hocko, Pablo Neira Ayuso, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michal Hocko <mhocko@suse.com>

[ Upstream commit a148ce15375fc664ad64762c751c0c2aecb2cafe ]

eacd86ca3b03 ("net/netfilter/x_tables.c: use kvmalloc()
in xt_alloc_table_info()") has unintentionally fortified
xt_alloc_table_info allocation when __GFP_RETRY has been dropped from
the vmalloc fallback. Later on there was a syzbot report that this
can lead to OOM killer invocations when tables are too large and
0537250fdc6c ("netfilter: x_tables: make allocation less aggressive")
has been merged to restore the original behavior. Georgi Nikolov however
noticed that he is not able to install his iptables anymore so this can
be seen as a regression.

The primary argument for 0537250fdc6c was that this allocation path
shouldn't really trigger the OOM killer and kill innocent tasks. On the
other hand the interface requires root and as such should allow what the
admin asks for. Root inside a namespaces makes this more complicated
because those might be not trusted in general. If they are not then such
namespaces should be restricted anyway. Therefore drop the __GFP_NORETRY
and replace it by __GFP_ACCOUNT to enfore memcg constrains on it.

Fixes: 0537250fdc6c ("netfilter: x_tables: make allocation less aggressive")
Reported-by: Georgi Nikolov <gnikolov@icdsoft.com>
Suggested-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/netfilter/x_tables.c |    7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1178,12 +1178,7 @@ struct xt_table_info *xt_alloc_table_inf
 	if (sz < sizeof(*info) || sz >= XT_MAX_TABLE_SIZE)
 		return NULL;
 
-	/* __GFP_NORETRY is not fully supported by kvmalloc but it should
-	 * work reasonably well if sz is too large and bail out rather
-	 * than shoot all processes down before realizing there is nothing
-	 * more to reclaim.
-	 */
-	info = kvmalloc(sz, GFP_KERNEL | __GFP_NORETRY);
+	info = kvmalloc(sz, GFP_KERNEL_ACCOUNT);
 	if (!info)
 		return NULL;
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 074/197] platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (72 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 073/197] netfilter: x_tables: do not fail xt_alloc_table_info too easilly Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 075/197] netfilter: fix memory leaks on netlink_dump_start error Greg Kroah-Hartman
                   ` (124 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Aleh Filipovich, Andy Shevchenko,
	Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Aleh Filipovich <aleh@vaolix.com>

[ Upstream commit 880b29ac107d15644bf4da228376ba3cd6af6d71 ]

Add entry to WMI keymap for lid flip event on Asus UX360.

On Asus Zenbook ux360 flipping lid from/to tablet mode triggers
keyscan code 0xfa which cannot be handled and results in kernel
log message "Unknown key fa pressed".

Signed-off-by: Aleh Filipovich<aleh@appnexus.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/platform/x86/asus-nb-wmi.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/platform/x86/asus-nb-wmi.c
+++ b/drivers/platform/x86/asus-nb-wmi.c
@@ -496,6 +496,7 @@ static const struct key_entry asus_nb_wm
 	{ KE_KEY, 0xC4, { KEY_KBDILLUMUP } },
 	{ KE_KEY, 0xC5, { KEY_KBDILLUMDOWN } },
 	{ KE_IGNORE, 0xC6, },  /* Ambient Light Sensor notification */
+	{ KE_KEY, 0xFA, { KEY_PROG2 } },           /* Lid flip action */
 	{ KE_END, 0},
 };
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 075/197] netfilter: fix memory leaks on netlink_dump_start error
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (73 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 074/197] platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 076/197] tcp, ulp: add alias for all ulp modules Greg Kroah-Hartman
                   ` (123 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, shaochun chen, Florian Westphal,
	Pablo Neira Ayuso, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Florian Westphal <fw@strlen.de>

[ Upstream commit 3e673b23b541b8e7f773b2d378d6eb99831741cd ]

Shaochun Chen points out we leak dumper filter state allocations
stored in dump_control->data in case there is an error before netlink sets
cb_running (after which ->done will be called at some point).

In order to fix this, add .start functions and move allocations there.

Same pattern as used in commit 90fd131afc565159c9e0ea742f082b337e10f8c6
("netfilter: nf_tables: move dumper state allocation into ->start").

Reported-by: shaochun chen <cscnull@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/netfilter/nf_conntrack_netlink.c |   26 +++++++++++++++++---------
 net/netfilter/nfnetlink_acct.c       |   29 +++++++++++++----------------
 2 files changed, 30 insertions(+), 25 deletions(-)

--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -821,6 +821,21 @@ ctnetlink_alloc_filter(const struct nlat
 #endif
 }
 
+static int ctnetlink_start(struct netlink_callback *cb)
+{
+	const struct nlattr * const *cda = cb->data;
+	struct ctnetlink_filter *filter = NULL;
+
+	if (cda[CTA_MARK] && cda[CTA_MARK_MASK]) {
+		filter = ctnetlink_alloc_filter(cda);
+		if (IS_ERR(filter))
+			return PTR_ERR(filter);
+	}
+
+	cb->data = filter;
+	return 0;
+}
+
 static int ctnetlink_filter_match(struct nf_conn *ct, void *data)
 {
 	struct ctnetlink_filter *filter = data;
@@ -1240,19 +1255,12 @@ static int ctnetlink_get_conntrack(struc
 
 	if (nlh->nlmsg_flags & NLM_F_DUMP) {
 		struct netlink_dump_control c = {
+			.start = ctnetlink_start,
 			.dump = ctnetlink_dump_table,
 			.done = ctnetlink_done,
+			.data = (void *)cda,
 		};
 
-		if (cda[CTA_MARK] && cda[CTA_MARK_MASK]) {
-			struct ctnetlink_filter *filter;
-
-			filter = ctnetlink_alloc_filter(cda);
-			if (IS_ERR(filter))
-				return PTR_ERR(filter);
-
-			c.data = filter;
-		}
 		return netlink_dump_start(ctnl, skb, nlh, &c);
 	}
 
--- a/net/netfilter/nfnetlink_acct.c
+++ b/net/netfilter/nfnetlink_acct.c
@@ -238,29 +238,33 @@ static const struct nla_policy filter_po
 	[NFACCT_FILTER_VALUE]	= { .type = NLA_U32 },
 };
 
-static struct nfacct_filter *
-nfacct_filter_alloc(const struct nlattr * const attr)
+static int nfnl_acct_start(struct netlink_callback *cb)
 {
-	struct nfacct_filter *filter;
+	const struct nlattr *const attr = cb->data;
 	struct nlattr *tb[NFACCT_FILTER_MAX + 1];
+	struct nfacct_filter *filter;
 	int err;
 
+	if (!attr)
+		return 0;
+
 	err = nla_parse_nested(tb, NFACCT_FILTER_MAX, attr, filter_policy,
 			       NULL);
 	if (err < 0)
-		return ERR_PTR(err);
+		return err;
 
 	if (!tb[NFACCT_FILTER_MASK] || !tb[NFACCT_FILTER_VALUE])
-		return ERR_PTR(-EINVAL);
+		return -EINVAL;
 
 	filter = kzalloc(sizeof(struct nfacct_filter), GFP_KERNEL);
 	if (!filter)
-		return ERR_PTR(-ENOMEM);
+		return -ENOMEM;
 
 	filter->mask = ntohl(nla_get_be32(tb[NFACCT_FILTER_MASK]));
 	filter->value = ntohl(nla_get_be32(tb[NFACCT_FILTER_VALUE]));
+	cb->data = filter;
 
-	return filter;
+	return 0;
 }
 
 static int nfnl_acct_get(struct net *net, struct sock *nfnl,
@@ -275,18 +279,11 @@ static int nfnl_acct_get(struct net *net
 	if (nlh->nlmsg_flags & NLM_F_DUMP) {
 		struct netlink_dump_control c = {
 			.dump = nfnl_acct_dump,
+			.start = nfnl_acct_start,
 			.done = nfnl_acct_done,
+			.data = (void *)tb[NFACCT_FILTER],
 		};
 
-		if (tb[NFACCT_FILTER]) {
-			struct nfacct_filter *filter;
-
-			filter = nfacct_filter_alloc(tb[NFACCT_FILTER]);
-			if (IS_ERR(filter))
-				return PTR_ERR(filter);
-
-			c.data = filter;
-		}
 		return netlink_dump_start(nfnl, skb, nlh, &c);
 	}
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 076/197] tcp, ulp: add alias for all ulp modules
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (74 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 075/197] netfilter: fix memory leaks on netlink_dump_start error Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 077/197] ubi: Initialize Fastmap checkmapping correctly Greg Kroah-Hartman
                   ` (122 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Daniel Borkmann, John Fastabend,
	Song Liu, Alexei Starovoitov, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniel Borkmann <daniel@iogearbox.net>

[ Upstream commit 037b0b86ecf5646f8eae777d8b52ff8b401692ec ]

Lets not turn the TCP ULP lookup into an arbitrary module loader as
we only intend to load ULP modules through this mechanism, not other
unrelated kernel modules:

  [root@bar]# cat foo.c
  #include <sys/types.h>
  #include <sys/socket.h>
  #include <linux/tcp.h>
  #include <linux/in.h>

  int main(void)
  {
      int sock = socket(PF_INET, SOCK_STREAM, 0);
      setsockopt(sock, IPPROTO_TCP, TCP_ULP, "sctp", sizeof("sctp"));
      return 0;
  }

  [root@bar]# gcc foo.c -O2 -Wall
  [root@bar]# lsmod | grep sctp
  [root@bar]# ./a.out
  [root@bar]# lsmod | grep sctp
  sctp                 1077248  4
  libcrc32c              16384  3 nf_conntrack,nf_nat,sctp
  [root@bar]#

Fix it by adding module alias to TCP ULP modules, so probing module
via request_module() will be limited to tcp-ulp-[name]. The existing
modules like kTLS will load fine given tcp-ulp-tls alias, but others
will fail to load:

  [root@bar]# lsmod | grep sctp
  [root@bar]# ./a.out
  [root@bar]# lsmod | grep sctp
  [root@bar]#

Sockmap is not affected from this since it's either built-in or not.

Fixes: 734942cc4ea6 ("tcp: ULP infrastructure")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/net/tcp.h  |    4 ++++
 net/ipv4/tcp_ulp.c |    2 +-
 net/tls/tls_main.c |    1 +
 3 files changed, 6 insertions(+), 1 deletion(-)

--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -2023,6 +2023,10 @@ int tcp_set_ulp_id(struct sock *sk, cons
 void tcp_get_available_ulp(char *buf, size_t len);
 void tcp_cleanup_ulp(struct sock *sk);
 
+#define MODULE_ALIAS_TCP_ULP(name)				\
+	__MODULE_INFO(alias, alias_userspace, name);		\
+	__MODULE_INFO(alias, alias_tcp_ulp, "tcp-ulp-" name)
+
 /* Call BPF_SOCK_OPS program that returns an int. If the return value
  * is < 0, then the BPF op failed (for example if the loaded BPF
  * program does not support the chosen operation or there is no BPF
--- a/net/ipv4/tcp_ulp.c
+++ b/net/ipv4/tcp_ulp.c
@@ -51,7 +51,7 @@ static const struct tcp_ulp_ops *__tcp_u
 #ifdef CONFIG_MODULES
 	if (!ulp && capable(CAP_NET_ADMIN)) {
 		rcu_read_unlock();
-		request_module("%s", name);
+		request_module("tcp-ulp-%s", name);
 		rcu_read_lock();
 		ulp = tcp_ulp_find(name);
 	}
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -45,6 +45,7 @@
 MODULE_AUTHOR("Mellanox Technologies");
 MODULE_DESCRIPTION("Transport Layer Security Support");
 MODULE_LICENSE("Dual BSD/GPL");
+MODULE_ALIAS_TCP_ULP("tls");
 
 enum {
 	TLSV4,



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 077/197] ubi: Initialize Fastmap checkmapping correctly
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (75 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 076/197] tcp, ulp: add alias for all ulp modules Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 078/197] RDMA/hns: Fix usage of bitmap allocation functions return values Greg Kroah-Hartman
                   ` (121 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lachmann, Juergen,
	Richard Weinberger, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Richard Weinberger <richard@nod.at>

[ Upstream commit 25677478474a91fa1b46f19a4a591a9848bca6fb ]

We cannot do it last, otherwithse it will be skipped for dynamic
volumes.

Reported-by: Lachmann, Juergen <juergen.lachmann@harman.com>
Fixes: 34653fd8c46e ("ubi: fastmap: Check each mapping only once")
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/mtd/ubi/vtbl.c |   20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

--- a/drivers/mtd/ubi/vtbl.c
+++ b/drivers/mtd/ubi/vtbl.c
@@ -579,6 +579,16 @@ static int init_volumes(struct ubi_devic
 		reserved_pebs += vol->reserved_pebs;
 
 		/*
+		 * We use ubi->peb_count and not vol->reserved_pebs because
+		 * we want to keep the code simple. Otherwise we'd have to
+		 * resize/check the bitmap upon volume resize too.
+		 * Allocating a few bytes more does not hurt.
+		 */
+		err = ubi_fastmap_init_checkmap(vol, ubi->peb_count);
+		if (err)
+			return err;
+
+		/*
 		 * In case of dynamic volume UBI knows nothing about how many
 		 * data is stored there. So assume the whole volume is used.
 		 */
@@ -620,16 +630,6 @@ static int init_volumes(struct ubi_devic
 			(long long)(vol->used_ebs - 1) * vol->usable_leb_size;
 		vol->used_bytes += av->last_data_size;
 		vol->last_eb_bytes = av->last_data_size;
-
-		/*
-		 * We use ubi->peb_count and not vol->reserved_pebs because
-		 * we want to keep the code simple. Otherwise we'd have to
-		 * resize/check the bitmap upon volume resize too.
-		 * Allocating a few bytes more does not hurt.
-		 */
-		err = ubi_fastmap_init_checkmap(vol, ubi->peb_count);
-		if (err)
-			return err;
 	}
 
 	/* And add the layout volume */



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 078/197] RDMA/hns: Fix usage of bitmap allocation functions return values
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (76 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 077/197] ubi: Initialize Fastmap checkmapping correctly Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 079/197] ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value Greg Kroah-Hartman
                   ` (120 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Gal Pressman, Lijun Ou,
	Jason Gunthorpe, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Gal Pressman <pressmangal@gmail.com>

[ Upstream commit a1ceeca679dccc492235f0f629d9e9f7b3d51ca8 ]

hns bitmap allocation functions return 0 on success and -1 on failure.
Callers of these functions wrongly used their return value as an errno,
fix that by making a proper conversion.

Fixes: a598c6f4c5a8 ("IB/hns: Simplify function of pd alloc and qp alloc")
Signed-off-by: Gal Pressman <pressmangal@gmail.com>
Acked-by: Lijun Ou <oulijun@huawei.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/infiniband/hw/hns/hns_roce_pd.c |    2 +-
 drivers/infiniband/hw/hns/hns_roce_qp.c |    5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

--- a/drivers/infiniband/hw/hns/hns_roce_pd.c
+++ b/drivers/infiniband/hw/hns/hns_roce_pd.c
@@ -37,7 +37,7 @@
 
 static int hns_roce_pd_alloc(struct hns_roce_dev *hr_dev, unsigned long *pdn)
 {
-	return hns_roce_bitmap_alloc(&hr_dev->pd_bitmap, pdn);
+	return hns_roce_bitmap_alloc(&hr_dev->pd_bitmap, pdn) ? -ENOMEM : 0;
 }
 
 static void hns_roce_pd_free(struct hns_roce_dev *hr_dev, unsigned long pdn)
--- a/drivers/infiniband/hw/hns/hns_roce_qp.c
+++ b/drivers/infiniband/hw/hns/hns_roce_qp.c
@@ -115,7 +115,10 @@ static int hns_roce_reserve_range_qp(str
 {
 	struct hns_roce_qp_table *qp_table = &hr_dev->qp_table;
 
-	return hns_roce_bitmap_alloc_range(&qp_table->bitmap, cnt, align, base);
+	return hns_roce_bitmap_alloc_range(&qp_table->bitmap, cnt, align,
+					   base) ?
+		       -ENOMEM :
+		       0;
 }
 
 enum hns_roce_qp_state to_hns_roce_state(enum ib_qp_state state)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 079/197] ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (77 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 078/197] RDMA/hns: Fix usage of bitmap allocation functions return values Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 080/197] perf arm spe: Fix uninitialized record error variable Greg Kroah-Hartman
                   ` (119 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mark Gross, Erik Schmauss,
	Rafael J. Wysocki, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Erik Schmauss <erik.schmauss@intel.com>

[ Upstream commit f016b19a9275089a2ab06c2144567c2ad8d5d6ad ]

The value coming from acpi_hw_read() should not be used if it
returns an error code, so check the status returned by it before
using that value in two places in acpi_hw_register_read().

Reported-by: Mark Gross <mark.gross@intel.com>
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
[ rjw: Changelog ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/acpi/acpica/hwregs.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

--- a/drivers/acpi/acpica/hwregs.c
+++ b/drivers/acpi/acpica/hwregs.c
@@ -528,13 +528,18 @@ acpi_status acpi_hw_register_read(u32 re
 
 		status =
 		    acpi_hw_read(&value64, &acpi_gbl_FADT.xpm2_control_block);
-		value = (u32)value64;
+		if (ACPI_SUCCESS(status)) {
+			value = (u32)value64;
+		}
 		break;
 
 	case ACPI_REGISTER_PM_TIMER:	/* 32-bit access */
 
 		status = acpi_hw_read(&value64, &acpi_gbl_FADT.xpm_timer_block);
-		value = (u32)value64;
+		if (ACPI_SUCCESS(status)) {
+			value = (u32)value64;
+		}
+
 		break;
 
 	case ACPI_REGISTER_SMI_COMMAND_BLOCK:	/* 8-bit access */



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 080/197] perf arm spe: Fix uninitialized record error variable
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (78 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 079/197] ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 081/197] net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero Greg Kroah-Hartman
                   ` (118 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kim Phillips, Adrian Hunter,
	Alexander Shishkin, Dongjiu Geng, Jiri Olsa, Namhyung Kim,
	Peter Zijlstra, Arnaldo Carvalho de Melo, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Kim Phillips <kim.phillips@arm.com>

[ Upstream commit 344353366591acf659a0d0dea498611da78d67e2 ]

The auxtrace init variable 'err' was not being initialized, leading perf
to abort early in an SPE record command when there was no explicit
error, rather only based whatever memory contents were on the stack.
Initialize it explicitly on getting an SPE successfully, the same way
cs-etm does.

Signed-off-by: Kim Phillips <kim.phillips@arm.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Dongjiu Geng <gengdongjiu@huawei.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Fixes: ffd3d18c20b8 ("perf tools: Add ARM Statistical Profiling Extensions (SPE) support")
Link: http://lkml.kernel.org/r/20180810174512.52900813e57cbccf18ce99a2@arm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 tools/perf/arch/arm64/util/arm-spe.c |    1 +
 1 file changed, 1 insertion(+)

--- a/tools/perf/arch/arm64/util/arm-spe.c
+++ b/tools/perf/arch/arm64/util/arm-spe.c
@@ -194,6 +194,7 @@ struct auxtrace_record *arm_spe_recordin
 	sper->itr.read_finish = arm_spe_read_finish;
 	sper->itr.alignment = 0;
 
+	*err = 0;
 	return &sper->itr;
 }
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 081/197] net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (79 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 080/197] perf arm spe: Fix uninitialized record error variable Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 082/197] block: dont warn for flush on read-only device Greg Kroah-Hartman
                   ` (117 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Xi Wang, Peng Li, Salil Mehta,
	David S. Miller, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Xi Wang <wangxi11@huawei.com>

[ Upstream commit 6c39d5278e62956238a681e4cfc69fae5507fc57 ]

According to the functional specification of hardware, the first
descriptor of response from command 'lookup vlan talbe' is not valid.
Currently, the first descriptor is parsed as normal value, which will
cause an expected error.

This patch fixes this problem by skipping the first descriptor.

Fixes: 46a3df9f9718 ("net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support")
Signed-off-by: Xi Wang <wangxi11@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -3911,7 +3911,7 @@ static bool hclge_is_all_function_id_zer
 #define HCLGE_FUNC_NUMBER_PER_DESC 6
 	int i, j;
 
-	for (i = 0; i < HCLGE_DESC_NUMBER; i++)
+	for (i = 1; i < HCLGE_DESC_NUMBER; i++)
 		for (j = 0; j < HCLGE_FUNC_NUMBER_PER_DESC; j++)
 			if (desc[i].data[j])
 				return false;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 082/197] block: dont warn for flush on read-only device
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (80 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 081/197] net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-17  4:04   ` Stefan Agner
  2018-09-13 13:30 ` [PATCH 4.18 083/197] net: hns3: Fix for phy link issue when using marvell phy driver Greg Kroah-Hartman
                   ` (116 subsequent siblings)
  198 siblings, 1 reply; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Stefan Agner, Jens Axboe, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jens Axboe <axboe@kernel.dk>

[ Upstream commit b089cfd95d32638335c551651a8e00fd2c4edb0b ]

Don't warn for a flush issued to a read-only device. It's not strictly
a writable command, as it doesn't change any on-media data by itself.

Reported-by: Stefan Agner <stefan@agner.ch>
Fixes: 721c7fc701c7 ("block: fail op_is_write() requests to read-only partitions")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 block/blk-core.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -2159,7 +2159,9 @@ static inline bool should_fail_request(s
 
 static inline bool bio_check_ro(struct bio *bio, struct hd_struct *part)
 {
-	if (part->policy && op_is_write(bio_op(bio))) {
+	const int op = bio_op(bio);
+
+	if (part->policy && (op_is_write(op) && !op_is_flush(op))) {
 		char b[BDEVNAME_SIZE];
 
 		WARN_ONCE(1,



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 083/197] net: hns3: Fix for phy link issue when using marvell phy driver
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (81 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 082/197] block: dont warn for flush on read-only device Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 084/197] PCI: Match Root Ports MPS to endpoints MPSS as necessary Greg Kroah-Hartman
                   ` (115 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jian Shen, Peng Li, Salil Mehta,
	David S. Miller, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jian Shen <shenjian15@huawei.com>

[ Upstream commit 60081dcc4fce385ade26d3145b2479789df0b7e5 ]

For marvell phy m88e1510, bit SUPPORTED_FIBRE of phydev->supported
is default on. Both phy_resume() and phy_suspend() will check the
SUPPORTED_FIBRE bit and write register of fibre page.

Currently in hns3 driver, the SUPPORTED_FIBRE bit will be cleared
after phy_connect_direct() finished. Because phy_resume() is called
in phy_connect_direct(), and phy_suspend() is called when disconnect
phy device, so the operation for fibre page register is not symmetrical.
It will cause phy link issue when reload hns3 driver.

This patch fixes it by disable the SUPPORTED_FIBRE before connecting
phy.

Fixes: 256727da7395 ("net: hns3: Add MDIO support to HNS3 Ethernet driver for hip08 SoC")
Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c
@@ -208,6 +208,8 @@ int hclge_mac_start_phy(struct hclge_dev
 	if (!phydev)
 		return 0;
 
+	phydev->supported &= ~SUPPORTED_FIBRE;
+
 	ret = phy_connect_direct(netdev, phydev,
 				 hclge_mac_adjust_link,
 				 PHY_INTERFACE_MODE_SGMII);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 084/197] PCI: Match Root Ports MPS to endpoints MPSS as necessary
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (82 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 083/197] net: hns3: Fix for phy link issue when using marvell phy driver Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 085/197] drm/amd/display: Guard against null crtc in CRC IRQ Greg Kroah-Hartman
                   ` (114 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Myron Stowe, Bjorn Helgaas,
	Jon Mason, Keith Busch, Sinan Kaya, Dongdong Liu, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Myron Stowe <myron.stowe@redhat.com>

[ Upstream commit 9f0e89359775ee21fe1ea732e34edb52aef5addf ]

In commit 27d868b5e6cf ("PCI: Set MPS to match upstream bridge"), we made
sure every device's MPS setting matches its upstream bridge, making it more
likely that a hot-added device will work in a system with an optimized MPS
configuration.

Recently I've started encountering systems where the endpoint device's MPSS
capability is less than its Root Port's current MPS value, thus the
endpoint is not capable of matching its upstream bridge's MPS setting (see:
bugzilla via "Link:" below).  This leaves the system vulnerable - the
upstream Root Port could respond with larger TLPs than the device can
handle, and the device will consider them to be 'Malformed'.

One could use the "pci=pcie_bus_safe" kernel parameter to work around the
issue, but that forces a user to supply a kernel parameter to get the
system to function reliably and may end up limiting MPS settings of other
unrelated, sub-topologies which could benefit from maintaining their larger
values.

Augment Keith's approach to include tuning down a Root Port's MPS setting
when its hot-added endpoint device is not capable of matching it.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=200527
Signed-off-by: Myron Stowe <myron.stowe@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Jon Mason <jdmason@kudzu.us>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Sinan Kaya <okaya@kernel.org>
Cc: Dongdong Liu <liudongdong3@huawei.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pci/probe.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -1725,7 +1725,7 @@ int pci_setup_device(struct pci_dev *dev
 static void pci_configure_mps(struct pci_dev *dev)
 {
 	struct pci_dev *bridge = pci_upstream_bridge(dev);
-	int mps, p_mps, rc;
+	int mps, mpss, p_mps, rc;
 
 	if (!pci_is_pcie(dev) || !bridge || !pci_is_pcie(bridge))
 		return;
@@ -1753,6 +1753,14 @@ static void pci_configure_mps(struct pci
 	if (pcie_bus_config != PCIE_BUS_DEFAULT)
 		return;
 
+	mpss = 128 << dev->pcie_mpss;
+	if (mpss < p_mps && pci_pcie_type(bridge) == PCI_EXP_TYPE_ROOT_PORT) {
+		pcie_set_mps(bridge, mpss);
+		pci_info(dev, "Upstream bridge's Max Payload Size set to %d (was %d, max %d)\n",
+			 mpss, p_mps, 128 << bridge->pcie_mpss);
+		p_mps = pcie_get_mps(bridge);
+	}
+
 	rc = pcie_set_mps(dev, p_mps);
 	if (rc) {
 		pci_warn(dev, "can't set Max Payload Size to %d; if necessary, use \"pci=pcie_bus_safe\" and report a bug\n",
@@ -1761,7 +1769,7 @@ static void pci_configure_mps(struct pci
 	}
 
 	pci_info(dev, "Max Payload Size set to %d (was %d, max %d)\n",
-		 p_mps, mps, 128 << dev->pcie_mpss);
+		 p_mps, mps, mpss);
 }
 
 static struct hpp_type0 pci_default_type0 = {



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 085/197] drm/amd/display: Guard against null crtc in CRC IRQ
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (83 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 084/197] PCI: Match Root Ports MPS to endpoints MPSS as necessary Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 086/197] coccicheck: return proper error code on fail Greg Kroah-Hartman
                   ` (113 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nicholas Kazlauskas, Sun peng Li,
	Leo Li, Alex Deucher, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>

[ Upstream commit dddc0557e3a02499ce336b1e2e67f5afaecccc80 ]

[Why]

A null pointer deference can occur if crtc is null in
amdgpu_dm_crtc_handle_crc_irq. This can happen if get_crtc_by_otg_inst
returns NULL during dm_crtc_high_irq, leading to a hang in some IGT
test cases.

[How]

Check that CRTC is non-null before accessing its fields.

Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Sun peng Li <Sunpeng.Li@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c
@@ -98,10 +98,16 @@ int amdgpu_dm_crtc_set_crc_source(struct
  */
 void amdgpu_dm_crtc_handle_crc_irq(struct drm_crtc *crtc)
 {
-	struct dm_crtc_state *crtc_state = to_dm_crtc_state(crtc->state);
-	struct dc_stream_state *stream_state = crtc_state->stream;
+	struct dm_crtc_state *crtc_state;
+	struct dc_stream_state *stream_state;
 	uint32_t crcs[3];
 
+	if (crtc == NULL)
+		return;
+
+	crtc_state = to_dm_crtc_state(crtc->state);
+	stream_state = crtc_state->stream;
+
 	/* Early return if CRC capture is not enabled. */
 	if (!crtc_state->crc_enabled)
 		return;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 086/197] coccicheck: return proper error code on fail
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (84 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 085/197] drm/amd/display: Guard against null crtc in CRC IRQ Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 087/197] perf tools: Check for null when copying nsinfo Greg Kroah-Hartman
                   ` (112 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Denis Efremov, Julia Lawall,
	Masahiro Yamada, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Denis Efremov <efremov@linux.com>

[ Upstream commit 512ddf7d7db056edfed3159ea7cb4e4a5eefddd4 ]

If coccicheck fails, it should return an error code distinct from zero
to signal about an internal problem. Current code instead of exiting with
the tool's error code returns the error code of 'echo "coccicheck failed"'
which is almost always equals to zero, thus failing the original intention
of alerting about a problem. This patch fixes the code.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Denis Efremov <efremov@linux.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 scripts/coccicheck |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/scripts/coccicheck
+++ b/scripts/coccicheck
@@ -128,9 +128,10 @@ run_cmd_parmap() {
 	fi
 	echo $@ >>$DEBUG_FILE
 	$@ 2>>$DEBUG_FILE
-	if [[ $? -ne 0 ]]; then
+	err=$?
+	if [[ $err -ne 0 ]]; then
 		echo "coccicheck failed"
-		exit $?
+		exit $err
 	fi
 }
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 087/197] perf tools: Check for null when copying nsinfo.
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (85 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 086/197] coccicheck: return proper error code on fail Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 088/197] f2fs: avoid race between zero_range and background GC Greg Kroah-Hartman
                   ` (111 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Benno Evers, Namhyung Kim,
	Alexander Shishkin, Jiri Olsa, Krister Johansen, Peter Zijlstra,
	Arnaldo Carvalho de Melo, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Benno Evers <bevers@mesosphere.com>

[ Upstream commit 3f4417d693b43fa240ac8bde4487f67745ca23d8 ]

The argument to nsinfo__copy() was assumed to be valid, but some code paths
exist that will lead to NULL being passed.

In particular, running 'perf script -D' on a perf.data file containing an
PERF_RECORD_MMAP event associating the '[vdso]' dso with pid 0 earlier in
the event stream will lead to a segfault.

Since all calling code is already checking for a non-null return value,
just return NULL for this case as well.

Signed-off-by: Benno Evers <bevers@mesosphere.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Krister Johansen <kjlx@templeofstupid.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20180810133614.9925-1-bevers@mesosphere.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 tools/perf/util/namespaces.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/tools/perf/util/namespaces.c
+++ b/tools/perf/util/namespaces.c
@@ -139,6 +139,9 @@ struct nsinfo *nsinfo__copy(struct nsinf
 {
 	struct nsinfo *nnsi;
 
+	if (nsi == NULL)
+		return NULL;
+
 	nnsi = calloc(1, sizeof(*nnsi));
 	if (nnsi != NULL) {
 		nnsi->pid = nsi->pid;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 088/197] f2fs: avoid race between zero_range and background GC
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (86 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 087/197] perf tools: Check for null when copying nsinfo Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 089/197] f2fs: fix avoid race between truncate " Greg Kroah-Hartman
                   ` (110 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Chao Yu <yuchao0@huawei.com>

[ Upstream commit c7079853c859c910b9d047a37891b4aafb8f8dd7 ]

Thread A				Background GC
- f2fs_zero_range
 - truncate_pagecache_range
					- gc_data_segment
					 - get_read_data_page
					  - move_data_page
					   - set_page_dirty
					   - set_cold_data
 - f2fs_do_zero_range
  - dn->data_blkaddr = NEW_ADDR;
  - f2fs_set_data_blkaddr

Actually, we don't need to set dirty & checked flag on the page, since
all valid data in the page should be zeroed by zero_range().

Use i_gc_rwsem[WRITE] to avoid such race condition.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/f2fs/file.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -1295,8 +1295,6 @@ static int f2fs_zero_range(struct inode
 	if (ret)
 		goto out_sem;
 
-	truncate_pagecache_range(inode, offset, offset + len - 1);
-
 	pg_start = ((unsigned long long) offset) >> PAGE_SHIFT;
 	pg_end = ((unsigned long long) offset + len) >> PAGE_SHIFT;
 
@@ -1326,12 +1324,19 @@ static int f2fs_zero_range(struct inode
 			unsigned int end_offset;
 			pgoff_t end;
 
+			down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
+
+			truncate_pagecache_range(inode,
+				(loff_t)index << PAGE_SHIFT,
+				((loff_t)pg_end << PAGE_SHIFT) - 1);
+
 			f2fs_lock_op(sbi);
 
 			set_new_dnode(&dn, inode, NULL, NULL, 0);
 			ret = f2fs_get_dnode_of_data(&dn, index, ALLOC_NODE);
 			if (ret) {
 				f2fs_unlock_op(sbi);
+				up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
 				goto out;
 			}
 
@@ -1340,7 +1345,9 @@ static int f2fs_zero_range(struct inode
 
 			ret = f2fs_do_zero_range(&dn, index, end);
 			f2fs_put_dnode(&dn);
+
 			f2fs_unlock_op(sbi);
+			up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
 
 			f2fs_balance_fs(sbi, dn.node_changed);
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 089/197] f2fs: fix avoid race between truncate and background GC
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (87 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 088/197] f2fs: avoid race between zero_range and background GC Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 090/197] RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO Greg Kroah-Hartman
                   ` (109 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Chao Yu <yuchao0@huawei.com>

[ Upstream commit a33c150237a20d97a174243bc658c86502f9d370 ]

Thread A				Background GC
- f2fs_setattr isize to 0
 - truncate_setsize
					- gc_data_segment
					 - f2fs_get_read_data_page page #0
					  - set_page_dirty
					  - set_cold_data
 - f2fs_truncate

- f2fs_setattr isize to 4k
- read 4k <--- hit data in cached page #0

Above race condition can cause read out invalid data in a truncated
page, fix it by i_gc_rwsem[WRITE] lock.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/f2fs/data.c |    4 ++++
 fs/f2fs/file.c |   37 +++++++++++++++++++++++--------------
 2 files changed, 27 insertions(+), 14 deletions(-)

--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -2149,8 +2149,12 @@ static void f2fs_write_failed(struct add
 
 	if (to > i_size) {
 		down_write(&F2FS_I(inode)->i_mmap_sem);
+		down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
+
 		truncate_pagecache(inode, i_size);
 		f2fs_truncate_blocks(inode, i_size, true);
+
+		up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
 		up_write(&F2FS_I(inode)->i_mmap_sem);
 	}
 }
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -782,22 +782,26 @@ int f2fs_setattr(struct dentry *dentry,
 	}
 
 	if (attr->ia_valid & ATTR_SIZE) {
-		if (attr->ia_size <= i_size_read(inode)) {
-			down_write(&F2FS_I(inode)->i_mmap_sem);
-			truncate_setsize(inode, attr->ia_size);
+		bool to_smaller = (attr->ia_size <= i_size_read(inode));
+
+		down_write(&F2FS_I(inode)->i_mmap_sem);
+		down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
+
+		truncate_setsize(inode, attr->ia_size);
+
+		if (to_smaller)
 			err = f2fs_truncate(inode);
-			up_write(&F2FS_I(inode)->i_mmap_sem);
-			if (err)
-				return err;
-		} else {
-			/*
-			 * do not trim all blocks after i_size if target size is
-			 * larger than i_size.
-			 */
-			down_write(&F2FS_I(inode)->i_mmap_sem);
-			truncate_setsize(inode, attr->ia_size);
-			up_write(&F2FS_I(inode)->i_mmap_sem);
+		/*
+		 * do not trim all blocks after i_size if target size is
+		 * larger than i_size.
+		 */
+		up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
+		up_write(&F2FS_I(inode)->i_mmap_sem);
+
+		if (err)
+			return err;
 
+		if (!to_smaller) {
 			/* should convert inline inode here */
 			if (!f2fs_may_inline_data(inode)) {
 				err = f2fs_convert_inline_inode(inode);
@@ -944,13 +948,18 @@ static int punch_hole(struct inode *inod
 
 			blk_start = (loff_t)pg_start << PAGE_SHIFT;
 			blk_end = (loff_t)pg_end << PAGE_SHIFT;
+
 			down_write(&F2FS_I(inode)->i_mmap_sem);
+			down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
+
 			truncate_inode_pages_range(mapping, blk_start,
 					blk_end - 1);
 
 			f2fs_lock_op(sbi);
 			ret = f2fs_truncate_hole(inode, pg_start, pg_end);
 			f2fs_unlock_op(sbi);
+
+			up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
 			up_write(&F2FS_I(inode)->i_mmap_sem);
 		}
 	}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 090/197] RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (88 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 089/197] f2fs: fix avoid race between truncate " Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 091/197] irqchip/stm32: Fix init error handling Greg Kroah-Hartman
                   ` (108 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Palmer Dabbelt,
	Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Palmer Dabbelt <palmer@sifive.com>

[ Upstream commit 4938c79bd0f5f3650c8c2cd4cdc972f0a6962ce4 ]

If you use a 64-bit compiler to build a 32-bit kernel then you'll get an
error when building the vDSO due to a library mismatch.  The happens
because the relevant "-march" argument isn't supplied to the GCC run
that generates one of the vDSO intermediate files.

I'm not actually sure what the right thing to do here is as I'm not
particularly familiar with the kernel build system.  I poked the
documentation and it appears that KCFLAGS is the correct thing to do
(it's suggested that should be used when building modules), but we set
KBUILD_CFLAGS in arch/riscv/Makefile.

This does at least fix the build error.

Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/riscv/kernel/vdso/Makefile |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/riscv/kernel/vdso/Makefile
+++ b/arch/riscv/kernel/vdso/Makefile
@@ -52,8 +52,8 @@ $(obj)/%.so: $(obj)/%.so.dbg FORCE
 # Add -lgcc so rv32 gets static muldi3 and lshrdi3 definitions.
 # Make sure only to export the intended __vdso_xxx symbol offsets.
 quiet_cmd_vdsold = VDSOLD  $@
-      cmd_vdsold = $(CC) $(KCFLAGS) $(call cc-option, -no-pie) -nostdlib $(SYSCFLAGS_$(@F)) \
-                           -Wl,-T,$(filter-out FORCE,$^) -o $@.tmp -lgcc && \
+      cmd_vdsold = $(CC) $(KBUILD_CFLAGS) $(call cc-option, -no-pie) -nostdlib -nostartfiles $(SYSCFLAGS_$(@F)) \
+                           -Wl,-T,$(filter-out FORCE,$^) -o $@.tmp && \
                    $(CROSS_COMPILE)objcopy \
                            $(patsubst %, -G __vdso_%, $(vdso-syms)) $@.tmp $@
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 091/197] irqchip/stm32: Fix init error handling
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (89 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 090/197] RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 092/197] irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Greg Kroah-Hartman
                   ` (107 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ludovic Barre, Dan Carpenter,
	Marc Zyngier, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dan Carpenter <dan.carpenter@oracle.com>

[ Upstream commit 4096165d55218a6f58b6c2ebc5d2428aa0aa70e4 ]

If there are any errors in stm32_exti_host_init() then it leads to a
NULL dereference in the callers.  The function should clean up after
itself.

Fixes: f9fc1745501e ("irqchip/stm32: Add host and driver data structures")
Reviewed-by: Ludovic Barre <ludovic.barre@st.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/irqchip/irq-stm32-exti.c |   25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

--- a/drivers/irqchip/irq-stm32-exti.c
+++ b/drivers/irqchip/irq-stm32-exti.c
@@ -602,17 +602,24 @@ stm32_exti_host_data *stm32_exti_host_in
 					sizeof(struct stm32_exti_chip_data),
 					GFP_KERNEL);
 	if (!host_data->chips_data)
-		return NULL;
+		goto free_host_data;
 
 	host_data->base = of_iomap(node, 0);
 	if (!host_data->base) {
 		pr_err("%pOF: Unable to map registers\n", node);
-		return NULL;
+		goto free_chips_data;
 	}
 
 	stm32_host_data = host_data;
 
 	return host_data;
+
+free_chips_data:
+	kfree(host_data->chips_data);
+free_host_data:
+	kfree(host_data);
+
+	return NULL;
 }
 
 static struct
@@ -664,10 +671,8 @@ static int __init stm32_exti_init(const
 	struct irq_domain *domain;
 
 	host_data = stm32_exti_host_init(drv_data, node);
-	if (!host_data) {
-		ret = -ENOMEM;
-		goto out_free_mem;
-	}
+	if (!host_data)
+		return -ENOMEM;
 
 	domain = irq_domain_add_linear(node, drv_data->bank_nr * IRQS_PER_BANK,
 				       &irq_exti_domain_ops, NULL);
@@ -724,7 +729,6 @@ out_free_domain:
 	irq_domain_remove(domain);
 out_unmap:
 	iounmap(host_data->base);
-out_free_mem:
 	kfree(host_data->chips_data);
 	kfree(host_data);
 	return ret;
@@ -751,10 +755,8 @@ __init stm32_exti_hierarchy_init(const s
 	}
 
 	host_data = stm32_exti_host_init(drv_data, node);
-	if (!host_data) {
-		ret = -ENOMEM;
-		goto out_free_mem;
-	}
+	if (!host_data)
+		return -ENOMEM;
 
 	for (i = 0; i < drv_data->bank_nr; i++)
 		stm32_exti_chip_init(host_data, i, node);
@@ -776,7 +778,6 @@ __init stm32_exti_hierarchy_init(const s
 
 out_unmap:
 	iounmap(host_data->base);
-out_free_mem:
 	kfree(host_data->chips_data);
 	kfree(host_data);
 	return ret;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 092/197] irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (90 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 091/197] irqchip/stm32: Fix init error handling Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 093/197] net/9p/trans_fd.c: fix race by holding the lock Greg Kroah-Hartman
                   ` (106 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jonas Gorski, Marc Zyngier, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jonas Gorski <jonas.gorski@gmail.com>

[ Upstream commit 0702bc4d2fe793018ad9aa0eb14bff7f526c4095 ]

When compiling bmips with SMP disabled, the build fails with:

drivers/irqchip/irq-bcm7038-l1.o: In function `bcm7038_l1_cpu_offline':
drivers/irqchip/irq-bcm7038-l1.c:242: undefined reference to `irq_set_affinity_locked'
make[5]: *** [vmlinux] Error 1

Fix this by adding and setting bcm7038_l1_cpu_offline only when actually
compiling for SMP. It wouldn't have been used anyway, as it requires
CPU_HOTPLUG, which in turn requires SMP.

Fixes: 34c535793bcb ("irqchip/bcm7038-l1: Implement irq_cpu_offline() callback")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/irqchip/irq-bcm7038-l1.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/drivers/irqchip/irq-bcm7038-l1.c
+++ b/drivers/irqchip/irq-bcm7038-l1.c
@@ -217,6 +217,7 @@ static int bcm7038_l1_set_affinity(struc
 	return 0;
 }
 
+#ifdef CONFIG_SMP
 static void bcm7038_l1_cpu_offline(struct irq_data *d)
 {
 	struct cpumask *mask = irq_data_get_affinity_mask(d);
@@ -241,6 +242,7 @@ static void bcm7038_l1_cpu_offline(struc
 	}
 	irq_set_affinity_locked(d, &new_affinity, false);
 }
+#endif
 
 static int __init bcm7038_l1_init_one(struct device_node *dn,
 				      unsigned int idx,
@@ -293,7 +295,9 @@ static struct irq_chip bcm7038_l1_irq_ch
 	.irq_mask		= bcm7038_l1_mask,
 	.irq_unmask		= bcm7038_l1_unmask,
 	.irq_set_affinity	= bcm7038_l1_set_affinity,
+#ifdef CONFIG_SMP
 	.irq_cpu_offline	= bcm7038_l1_cpu_offline,
+#endif
 };
 
 static int bcm7038_l1_map(struct irq_domain *d, unsigned int virq,



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 093/197] net/9p/trans_fd.c: fix race by holding the lock
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (91 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 092/197] irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 094/197] net/9p: fix error path of p9_virtio_probe Greg Kroah-Hartman
                   ` (105 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel, Eric Van Hensbergen, Ron Minnich, Latchesar Ionkov
  Cc: Greg Kroah-Hartman, stable, Tomas Bortoli,
	syzbot+735d926e9d1317c3310c, Yiwen Jiang, David S. Miller,
	Dominique Martinet, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tomas Bortoli <tomasbortoli@gmail.com>

[ Upstream commit 9f476d7c540cb57556d3cc7e78704e6cd5100f5f ]

It may be possible to run p9_fd_cancel() with a deleted req->req_list
and incur in a double del. To fix hold the client->lock while changing
the status, so the other threads will be synchronized.

Link: http://lkml.kernel.org/r/20180723184253.6682-1-tomasbortoli@gmail.com
Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
Reported-by: syzbot+735d926e9d1317c3310c@syzkaller.appspotmail.com
To: Eric Van Hensbergen <ericvh@gmail.com>
To: Ron Minnich <rminnich@sandia.gov>
To: Latchesar Ionkov <lucho@ionkov.net>
Cc: Yiwen Jiang <jiangyiwen@huwei.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/9p/trans_fd.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -199,15 +199,14 @@ static void p9_mux_poll_stop(struct p9_c
 static void p9_conn_cancel(struct p9_conn *m, int err)
 {
 	struct p9_req_t *req, *rtmp;
-	unsigned long flags;
 	LIST_HEAD(cancel_list);
 
 	p9_debug(P9_DEBUG_ERROR, "mux %p err %d\n", m, err);
 
-	spin_lock_irqsave(&m->client->lock, flags);
+	spin_lock(&m->client->lock);
 
 	if (m->err) {
-		spin_unlock_irqrestore(&m->client->lock, flags);
+		spin_unlock(&m->client->lock);
 		return;
 	}
 
@@ -219,7 +218,6 @@ static void p9_conn_cancel(struct p9_con
 	list_for_each_entry_safe(req, rtmp, &m->unsent_req_list, req_list) {
 		list_move(&req->req_list, &cancel_list);
 	}
-	spin_unlock_irqrestore(&m->client->lock, flags);
 
 	list_for_each_entry_safe(req, rtmp, &cancel_list, req_list) {
 		p9_debug(P9_DEBUG_ERROR, "call back req %p\n", req);
@@ -228,6 +226,7 @@ static void p9_conn_cancel(struct p9_con
 			req->t_err = err;
 		p9_client_cb(m->client, req, REQ_STATUS_ERROR);
 	}
+	spin_unlock(&m->client->lock);
 }
 
 static __poll_t
@@ -375,8 +374,9 @@ static void p9_read_work(struct work_str
 		if (m->req->status != REQ_STATUS_ERROR)
 			status = REQ_STATUS_RCVD;
 		list_del(&m->req->req_list);
-		spin_unlock(&m->client->lock);
+		/* update req->status while holding client->lock  */
 		p9_client_cb(m->client, m->req, status);
+		spin_unlock(&m->client->lock);
 		m->rc.sdata = NULL;
 		m->rc.offset = 0;
 		m->rc.capacity = 0;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 094/197] net/9p: fix error path of p9_virtio_probe
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (92 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 093/197] net/9p/trans_fd.c: fix race by holding the lock Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 095/197] f2fs: fix to clear PG_checked flag in set_page_dirty() Greg Kroah-Hartman
                   ` (104 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jean-Philippe Brucker, Greg Kurz,
	Eric Van Hensbergen, Ron Minnich, Latchesar Ionkov,
	Andrew Morton, Dominique Martinet, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>

[ Upstream commit 92aef4675d5b1b55404e1532379e343bed0e5cf2 ]

Currently when virtio_find_single_vq fails, we go through del_vqs which
throws a warning (Trying to free already-free IRQ).  Skip del_vqs if vq
allocation failed.

Link: http://lkml.kernel.org/r/20180524101021.49880-1-jean-philippe.brucker@arm.com
Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/9p/trans_virtio.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -571,7 +571,7 @@ static int p9_virtio_probe(struct virtio
 	chan->vq = virtio_find_single_vq(vdev, req_done, "requests");
 	if (IS_ERR(chan->vq)) {
 		err = PTR_ERR(chan->vq);
-		goto out_free_vq;
+		goto out_free_chan;
 	}
 	chan->vq->vdev->priv = chan;
 	spin_lock_init(&chan->lock);
@@ -624,6 +624,7 @@ out_free_tag:
 	kfree(tag);
 out_free_vq:
 	vdev->config->del_vqs(vdev);
+out_free_chan:
 	kfree(chan);
 fail:
 	return err;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 095/197] f2fs: fix to clear PG_checked flag in set_page_dirty()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (93 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 094/197] net/9p: fix error path of p9_virtio_probe Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 096/197] pinctrl: axp209: Fix NULL pointer dereference after allocation Greg Kroah-Hartman
                   ` (103 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Weichao Guo, Chao Yu, Jaegeuk Kim,
	Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Chao Yu <yuchao0@huawei.com>

[ Upstream commit 66110abc4c931f879d70e83e1281f891699364bf ]

PG_checked flag will be set on data page during GC, later, we can
recognize such page by the flag and migrate page to cold segment.

But previously, we don't clear this flag when invalidating data page,
after page redirtying, we will write it into wrong log.

Let's clear PG_checked flag in set_page_dirty() to avoid this.

Signed-off-by: Weichao Guo <guoweichao@huawei.com>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/f2fs/data.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -2494,6 +2494,10 @@ static int f2fs_set_data_page_dirty(stru
 	if (!PageUptodate(page))
 		SetPageUptodate(page);
 
+	/* don't remain PG_checked flag which was set during GC */
+	if (is_cold_data(page))
+		clear_cold_data(page);
+
 	if (f2fs_is_atomic_file(inode) && !f2fs_is_commit_atomic_write(inode)) {
 		if (!IS_ATOMIC_WRITTEN_PAGE(page)) {
 			f2fs_register_inmem_page(inode, page);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 096/197] pinctrl: axp209: Fix NULL pointer dereference after allocation
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (94 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 095/197] f2fs: fix to clear PG_checked flag in set_page_dirty() Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 097/197] bpf: fix bpffs non-array map seq_show issue Greg Kroah-Hartman
                   ` (102 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anton Vasilyev, Chen-Yu Tsai,
	Linus Walleij, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Anton Vasilyev <vasilyev@ispras.ru>

[ Upstream commit 504c76979bccec66e4c2e41f6a006e49e284466f ]

There is no check that allocation in axp20x_funcs_groups_from_mask
is successful.
The patch adds corresponding check and return values.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
Acked-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pinctrl/pinctrl-axp209.c |   26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

--- a/drivers/pinctrl/pinctrl-axp209.c
+++ b/drivers/pinctrl/pinctrl-axp209.c
@@ -316,7 +316,7 @@ static const struct pinctrl_ops axp20x_p
 	.get_group_pins		= axp20x_group_pins,
 };
 
-static void axp20x_funcs_groups_from_mask(struct device *dev, unsigned int mask,
+static int axp20x_funcs_groups_from_mask(struct device *dev, unsigned int mask,
 					  unsigned int mask_len,
 					  struct axp20x_pinctrl_function *func,
 					  const struct pinctrl_pin_desc *pins)
@@ -331,18 +331,22 @@ static void axp20x_funcs_groups_from_mas
 		func->groups = devm_kcalloc(dev,
 					    ngroups, sizeof(const char *),
 					    GFP_KERNEL);
+		if (!func->groups)
+			return -ENOMEM;
 		group = func->groups;
 		for_each_set_bit(bit, &mask_cpy, mask_len) {
 			*group = pins[bit].name;
 			group++;
 		}
 	}
+
+	return 0;
 }
 
-static void axp20x_build_funcs_groups(struct platform_device *pdev)
+static int axp20x_build_funcs_groups(struct platform_device *pdev)
 {
 	struct axp20x_pctl *pctl = platform_get_drvdata(pdev);
-	int i, pin, npins = pctl->desc->npins;
+	int i, ret, pin, npins = pctl->desc->npins;
 
 	pctl->funcs[AXP20X_FUNC_GPIO_OUT].name = "gpio_out";
 	pctl->funcs[AXP20X_FUNC_GPIO_OUT].muxval = AXP20X_MUX_GPIO_OUT;
@@ -366,13 +370,19 @@ static void axp20x_build_funcs_groups(st
 			pctl->funcs[i].groups[pin] = pctl->desc->pins[pin].name;
 	}
 
-	axp20x_funcs_groups_from_mask(&pdev->dev, pctl->desc->ldo_mask,
+	ret = axp20x_funcs_groups_from_mask(&pdev->dev, pctl->desc->ldo_mask,
 				      npins, &pctl->funcs[AXP20X_FUNC_LDO],
 				      pctl->desc->pins);
+	if (ret)
+		return ret;
 
-	axp20x_funcs_groups_from_mask(&pdev->dev, pctl->desc->adc_mask,
+	ret = axp20x_funcs_groups_from_mask(&pdev->dev, pctl->desc->adc_mask,
 				      npins, &pctl->funcs[AXP20X_FUNC_ADC],
 				      pctl->desc->pins);
+	if (ret)
+		return ret;
+
+	return 0;
 }
 
 static const struct of_device_id axp20x_pctl_match[] = {
@@ -424,7 +434,11 @@ static int axp20x_pctl_probe(struct plat
 
 	platform_set_drvdata(pdev, pctl);
 
-	axp20x_build_funcs_groups(pdev);
+	ret = axp20x_build_funcs_groups(pdev);
+	if (ret) {
+		dev_err(&pdev->dev, "failed to build groups\n");
+		return ret;
+	}
 
 	pctrl_desc = devm_kzalloc(&pdev->dev, sizeof(*pctrl_desc), GFP_KERNEL);
 	if (!pctrl_desc)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 097/197] bpf: fix bpffs non-array map seq_show issue
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (95 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 096/197] pinctrl: axp209: Fix NULL pointer dereference after allocation Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 098/197] powerpc/uaccess: Enable get_user(u64, *p) on 32-bit Greg Kroah-Hartman
                   ` (101 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexei Starovoitov, Yonghong Song,
	Daniel Borkmann, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Yonghong Song <yhs@fb.com>

[ Upstream commit dc1508a579e682a1e5f1ed0753390e0aa7c23a97 ]

In function map_seq_next() of kernel/bpf/inode.c,
the first key will be the "0" regardless of the map type.
This works for array. But for hash type, if it happens
key "0" is in the map, the bpffs map show will miss
some items if the key "0" is not the first element of
the first bucket.

This patch fixed the issue by guaranteeing to get
the first element, if the seq_show is just started,
by passing NULL pointer key to map_get_next_key() callback.
This way, no missing elements will occur for
bpffs hash table show even if key "0" is in the map.

Fixes: a26ca7c982cb5 ("bpf: btf: Add pretty print support to the basic arraymap")
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/bpf/inode.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

--- a/kernel/bpf/inode.c
+++ b/kernel/bpf/inode.c
@@ -196,19 +196,21 @@ static void *map_seq_next(struct seq_fil
 {
 	struct bpf_map *map = seq_file_to_map(m);
 	void *key = map_iter(m)->key;
+	void *prev_key;
 
 	if (map_iter(m)->done)
 		return NULL;
 
 	if (unlikely(v == SEQ_START_TOKEN))
-		goto done;
+		prev_key = NULL;
+	else
+		prev_key = key;
 
-	if (map->ops->map_get_next_key(map, key, key)) {
+	if (map->ops->map_get_next_key(map, prev_key, key)) {
 		map_iter(m)->done = true;
 		return NULL;
 	}
 
-done:
 	++(*pos);
 	return key;
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 098/197] powerpc/uaccess: Enable get_user(u64, *p) on 32-bit
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (96 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 097/197] bpf: fix bpffs non-array map seq_show issue Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 099/197] powerpc: Fix size calculation using resource_size() Greg Kroah-Hartman
                   ` (100 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michael Ellerman <mpe@ellerman.id.au>

[ Upstream commit f7a6947cd49b7ff4e03f1b4f7e7b223003d752ca ]

Currently if you build a 32-bit powerpc kernel and use get_user() to
load a u64 value it will fail to build with eg:

  kernel/rseq.o: In function `rseq_get_rseq_cs':
  kernel/rseq.c:123: undefined reference to `__get_user_bad'

This is hitting the check in __get_user_size() that makes sure the
size we're copying doesn't exceed the size of the destination:

  #define __get_user_size(x, ptr, size, retval)
  do {
  	retval = 0;
  	__chk_user_ptr(ptr);
  	if (size > sizeof(x))
  		(x) = __get_user_bad();

Which doesn't immediately make sense because the size of the
destination is u64, but it's not really, because __get_user_check()
etc. internally create an unsigned long and copy into that:

  #define __get_user_check(x, ptr, size)
  ({
  	long __gu_err = -EFAULT;
  	unsigned long  __gu_val = 0;

The problem being that on 32-bit unsigned long is not big enough to
hold a u64. We can fix this with a trick from hpa in the x86 code, we
statically check the type of x and set the type of __gu_val to either
unsigned long or unsigned long long.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/include/asm/uaccess.h |   13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

--- a/arch/powerpc/include/asm/uaccess.h
+++ b/arch/powerpc/include/asm/uaccess.h
@@ -250,10 +250,17 @@ do {								\
 	}							\
 } while (0)
 
+/*
+ * This is a type: either unsigned long, if the argument fits into
+ * that type, or otherwise unsigned long long.
+ */
+#define __long_type(x) \
+	__typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+
 #define __get_user_nocheck(x, ptr, size)			\
 ({								\
 	long __gu_err;						\
-	unsigned long __gu_val;					\
+	__long_type(*(ptr)) __gu_val;				\
 	const __typeof__(*(ptr)) __user *__gu_addr = (ptr);	\
 	__chk_user_ptr(ptr);					\
 	if (!is_kernel_addr((unsigned long)__gu_addr))		\
@@ -267,7 +274,7 @@ do {								\
 #define __get_user_check(x, ptr, size)					\
 ({									\
 	long __gu_err = -EFAULT;					\
-	unsigned long  __gu_val = 0;					\
+	__long_type(*(ptr)) __gu_val = 0;				\
 	const __typeof__(*(ptr)) __user *__gu_addr = (ptr);		\
 	might_fault();							\
 	if (access_ok(VERIFY_READ, __gu_addr, (size))) {		\
@@ -281,7 +288,7 @@ do {								\
 #define __get_user_nosleep(x, ptr, size)			\
 ({								\
 	long __gu_err;						\
-	unsigned long __gu_val;					\
+	__long_type(*(ptr)) __gu_val;				\
 	const __typeof__(*(ptr)) __user *__gu_addr = (ptr);	\
 	__chk_user_ptr(ptr);					\
 	barrier_nospec();					\



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 099/197] powerpc: Fix size calculation using resource_size()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (97 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 098/197] powerpc/uaccess: Enable get_user(u64, *p) on 32-bit Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 100/197] perf probe powerpc: Fix trace event post-processing Greg Kroah-Hartman
                   ` (99 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Tyrel Datwyler,
	Michael Ellerman, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dan Carpenter <dan.carpenter@oracle.com>

[ Upstream commit c42d3be0c06f0c1c416054022aa535c08a1f9b39 ]

The problem is the the calculation should be "end - start + 1" but the
plus one is missing in this calculation.

Fixes: 8626816e905e ("powerpc: add support for MPIC message register API")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/sysdev/mpic_msgr.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/sysdev/mpic_msgr.c
+++ b/arch/powerpc/sysdev/mpic_msgr.c
@@ -196,7 +196,7 @@ static int mpic_msgr_probe(struct platfo
 
 	/* IO map the message register block. */
 	of_address_to_resource(np, 0, &rsrc);
-	msgr_block_addr = ioremap(rsrc.start, rsrc.end - rsrc.start);
+	msgr_block_addr = ioremap(rsrc.start, resource_size(&rsrc));
 	if (!msgr_block_addr) {
 		dev_err(&dev->dev, "Failed to iomap MPIC message registers");
 		return -EFAULT;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 100/197] perf probe powerpc: Fix trace event post-processing
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (98 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 099/197] powerpc: Fix size calculation using resource_size() Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 101/197] block: bvec_nr_vecs() returns value for wrong slab Greg Kroah-Hartman
                   ` (98 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Aneesh Kumar, Sandipan Das,
	Naveen N. Rao, Jiri Olsa, Ravi Bangoria,
	Arnaldo Carvalho de Melo, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sandipan Das <sandipan@linux.ibm.com>

[ Upstream commit 354b064b8ebc1e1ede58550ca9e08bfa81e6af43 ]

In some cases, a symbol may have multiple aliases. Attempting to add an
entry probe for such symbols results in a probe being added at an
incorrect location while it fails altogether for return probes. This is
only applicable for binaries with debug information.

During the arch-dependent post-processing, the offset from the start of
the symbol at which the probe is to be attached is determined and added
to the start address of the symbol to get the probe's location.  In case
there are multiple aliases, this offset gets added multiple times for
each alias of the symbol and we end up with an incorrect probe location.

This can be verified on a powerpc64le system as shown below.

  $ nm /lib/modules/$(uname -r)/build/vmlinux | grep "sys_open$"
  ...
  c000000000414290 T __se_sys_open
  c000000000414290 T sys_open

  $ objdump -d /lib/modules/$(uname -r)/build/vmlinux | grep -A 10 "<__se_sys_open>:"

  c000000000414290 <__se_sys_open>:
  c000000000414290:       19 01 4c 3c     addis   r2,r12,281
  c000000000414294:       70 c4 42 38     addi    r2,r2,-15248
  c000000000414298:       a6 02 08 7c     mflr    r0
  c00000000041429c:       e8 ff a1 fb     std     r29,-24(r1)
  c0000000004142a0:       f0 ff c1 fb     std     r30,-16(r1)
  c0000000004142a4:       f8 ff e1 fb     std     r31,-8(r1)
  c0000000004142a8:       10 00 01 f8     std     r0,16(r1)
  c0000000004142ac:       c1 ff 21 f8     stdu    r1,-64(r1)
  c0000000004142b0:       78 23 9f 7c     mr      r31,r4
  c0000000004142b4:       78 1b 7e 7c     mr      r30,r3

  For both the entry probe and the return probe, the probe location
  should be _text+4276888 (0xc000000000414298). Since another alias
  exists for 'sys_open', the post-processing code will end up adding
  the offset (8 for powerpc64le) twice and perf will attempt to add
  the probe at _text+4276896 (0xc0000000004142a0) instead.

Before:

  # perf probe -v -a sys_open

  probe-definition(0): sys_open
  symbol:sys_open file:(null) line:0 offset:0 return:0 lazy:(null)
  0 arguments
  Looking at the vmlinux_path (8 entries long)
  Using /lib/modules/4.18.0-rc8+/build/vmlinux for symbols
  Open Debuginfo file: /lib/modules/4.18.0-rc8+/build/vmlinux
  Try to find probe point from debuginfo.
  Symbol sys_open address found : c000000000414290
  Matched function: __se_sys_open [2ad03a0]
  Probe point found: __se_sys_open+0
  Found 1 probe_trace_events.
  Opening /sys/kernel/debug/tracing/kprobe_events write=1
  Writing event: p:probe/sys_open _text+4276896
  Added new event:
    probe:sys_open       (on sys_open)
  ...

  # perf probe -v -a sys_open%return $retval

  probe-definition(0): sys_open%return
  symbol:sys_open file:(null) line:0 offset:0 return:1 lazy:(null)
  0 arguments
  Looking at the vmlinux_path (8 entries long)
  Using /lib/modules/4.18.0-rc8+/build/vmlinux for symbols
  Open Debuginfo file: /lib/modules/4.18.0-rc8+/build/vmlinux
  Try to find probe point from debuginfo.
  Symbol sys_open address found : c000000000414290
  Matched function: __se_sys_open [2ad03a0]
  Probe point found: __se_sys_open+0
  Found 1 probe_trace_events.
  Opening /sys/kernel/debug/tracing/README write=0
  Opening /sys/kernel/debug/tracing/kprobe_events write=1
  Parsing probe_events: p:probe/sys_open _text+4276896
  Group:probe Event:sys_open probe:p
  Writing event: r:probe/sys_open__return _text+4276896
  Failed to write event: Invalid argument
    Error: Failed to add events. Reason: Invalid argument (Code: -22)

After:

  # perf probe -v -a sys_open

  probe-definition(0): sys_open
  symbol:sys_open file:(null) line:0 offset:0 return:0 lazy:(null)
  0 arguments
  Looking at the vmlinux_path (8 entries long)
  Using /lib/modules/4.18.0-rc8+/build/vmlinux for symbols
  Open Debuginfo file: /lib/modules/4.18.0-rc8+/build/vmlinux
  Try to find probe point from debuginfo.
  Symbol sys_open address found : c000000000414290
  Matched function: __se_sys_open [2ad03a0]
  Probe point found: __se_sys_open+0
  Found 1 probe_trace_events.
  Opening /sys/kernel/debug/tracing/kprobe_events write=1
  Writing event: p:probe/sys_open _text+4276888
  Added new event:
    probe:sys_open       (on sys_open)
  ...

  # perf probe -v -a sys_open%return $retval

  probe-definition(0): sys_open%return
  symbol:sys_open file:(null) line:0 offset:0 return:1 lazy:(null)
  0 arguments
  Looking at the vmlinux_path (8 entries long)
  Using /lib/modules/4.18.0-rc8+/build/vmlinux for symbols
  Open Debuginfo file: /lib/modules/4.18.0-rc8+/build/vmlinux
  Try to find probe point from debuginfo.
  Symbol sys_open address found : c000000000414290
  Matched function: __se_sys_open [2ad03a0]
  Probe point found: __se_sys_open+0
  Found 1 probe_trace_events.
  Opening /sys/kernel/debug/tracing/README write=0
  Opening /sys/kernel/debug/tracing/kprobe_events write=1
  Parsing probe_events: p:probe/sys_open _text+4276888
  Group:probe Event:sys_open probe:p
  Writing event: r:probe/sys_open__return _text+4276888
  Added new event:
    probe:sys_open__return (on sys_open%return)
  ...

Reported-by: Aneesh Kumar <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Sandipan Das <sandipan@linux.ibm.com>
Acked-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Aneesh Kumar <aneesh.kumar@linux.vnet.ibm.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
Fixes: 99e608b5954c ("perf probe ppc64le: Fix probe location when using DWARF")
Link: http://lkml.kernel.org/r/20180809161929.35058-1-sandipan@linux.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 tools/perf/arch/powerpc/util/sym-handling.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/tools/perf/arch/powerpc/util/sym-handling.c
+++ b/tools/perf/arch/powerpc/util/sym-handling.c
@@ -141,8 +141,10 @@ void arch__post_process_probe_trace_even
 	for (i = 0; i < ntevs; i++) {
 		tev = &pev->tevs[i];
 		map__for_each_symbol(map, sym, tmp) {
-			if (map->unmap_ip(map, sym->start) == tev->point.address)
+			if (map->unmap_ip(map, sym->start) == tev->point.address) {
 				arch__fix_tev_from_maps(pev, tev, map, sym);
+				break;
+			}
 		}
 	}
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 101/197] block: bvec_nr_vecs() returns value for wrong slab
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (99 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 100/197] perf probe powerpc: Fix trace event post-processing Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 102/197] brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference Greg Kroah-Hartman
                   ` (97 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Greg Edwards, Jens Axboe, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Greg Edwards <gedwards@ddn.com>

[ Upstream commit d6c02a9beb67f13d5f14f23e72fa9981e8b84477 ]

In commit ed996a52c868 ("block: simplify and cleanup bvec pool
handling"), the value of the slab index is incremented by one in
bvec_alloc() after the allocation is done to indicate an index value of
0 does not need to be later freed.

bvec_nr_vecs() was not updated accordingly, and thus returns the wrong
value.  Decrement idx before performing the lookup.

Fixes: ed996a52c868 ("block: simplify and cleanup bvec pool handling")
Signed-off-by: Greg Edwards <gedwards@ddn.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 block/bio.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/block/bio.c
+++ b/block/bio.c
@@ -156,7 +156,7 @@ out:
 
 unsigned int bvec_nr_vecs(unsigned short idx)
 {
-	return bvec_slabs[idx].nr_vecs;
+	return bvec_slabs[--idx].nr_vecs;
 }
 
 void bvec_free(mempool_t *pool, struct bio_vec *bv, unsigned int idx)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 102/197] brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (100 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 101/197] block: bvec_nr_vecs() returns value for wrong slab Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 103/197] s390/dasd: fix hanging offline processing due to canceled worker Greg Kroah-Hartman
                   ` (96 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Winnie Chang, Chi-Hsien Lin,
	Kalle Valo, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Winnie Chang <winnie.chang@cypress.com>

[ Upstream commit 27a8aea13053700ad2a08189024df7e341d1ee51 ]

The kernel BUG happens when wowl is enabled from firmware. In
brcmf_wiphy_wowl_params(), cfg is a NULL pointer because it is
drvr->config returned from wiphy_to_cfg(), and drvr->config is not set
yet. To fix it, set drvr->config before brcmf_setup_wiphy() which
calls brcmf_wiphy_wowl_params().

Fixes: 856d5a011c86 ("brcmfmac: allocate struct brcmf_pub instance using wiphy_new()")
Signed-off-by: Winnie Chang <winnie.chang@cypress.com>
Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -6926,15 +6926,15 @@ struct brcmf_cfg80211_info *brcmf_cfg802
 	cfg->d11inf.io_type = (u8)io_type;
 	brcmu_d11_attach(&cfg->d11inf);
 
-	err = brcmf_setup_wiphy(wiphy, ifp);
-	if (err < 0)
-		goto priv_out;
-
 	/* regulatory notifer below needs access to cfg so
 	 * assign it now.
 	 */
 	drvr->config = cfg;
 
+	err = brcmf_setup_wiphy(wiphy, ifp);
+	if (err < 0)
+		goto priv_out;
+
 	brcmf_dbg(INFO, "Registering custom regulatory\n");
 	wiphy->reg_notifier = brcmf_cfg80211_reg_notifier;
 	wiphy->regulatory_flags |= REGULATORY_CUSTOM_REG;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 103/197] s390/dasd: fix hanging offline processing due to canceled worker
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (101 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 102/197] brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 104/197] s390/dasd: fix panic for failed online processing Greg Kroah-Hartman
                   ` (95 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jan Hoeppner, Stefan Haberland,
	Martin Schwidefsky, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Stefan Haberland <sth@linux.ibm.com>

[ Upstream commit 669f3765b755fd8739ab46ce3a9c6292ce8b3d2a ]

During offline processing two worker threads are canceled without
freeing the device reference which leads to a hanging offline process.

Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/s390/block/dasd_eckd.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/drivers/s390/block/dasd_eckd.c
+++ b/drivers/s390/block/dasd_eckd.c
@@ -2035,8 +2035,11 @@ static int dasd_eckd_basic_to_ready(stru
 
 static int dasd_eckd_online_to_ready(struct dasd_device *device)
 {
-	cancel_work_sync(&device->reload_device);
-	cancel_work_sync(&device->kick_validate);
+	if (cancel_work_sync(&device->reload_device))
+		dasd_put_device(device);
+	if (cancel_work_sync(&device->kick_validate))
+		dasd_put_device(device);
+
 	return 0;
 };
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 104/197] s390/dasd: fix panic for failed online processing
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (102 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 103/197] s390/dasd: fix hanging offline processing due to canceled worker Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 105/197] ACPI / scan: Initialize status to ACPI_STA_DEFAULT Greg Kroah-Hartman
                   ` (94 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jan Hoeppner, Stefan Haberland,
	Martin Schwidefsky, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Stefan Haberland <sth@linux.ibm.com>

[ Upstream commit 7c6553d4db03350dad0110c3224194c19df76a8f ]

Fix a panic that occurs for a device that got an error in
dasd_eckd_check_characteristics() during online processing.
For example the read configuration data command may have failed.

If this error occurs the device is not being set online and the earlier
invoked steps during online processing are rolled back. Therefore
dasd_eckd_uncheck_device() is called which needs a valid private
structure. But this pointer is not valid if
dasd_eckd_check_characteristics() has failed.

Check for a valid device->private pointer to prevent a panic.

Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/s390/block/dasd_eckd.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/s390/block/dasd_eckd.c
+++ b/drivers/s390/block/dasd_eckd.c
@@ -1780,6 +1780,9 @@ static void dasd_eckd_uncheck_device(str
 	struct dasd_eckd_private *private = device->private;
 	int i;
 
+	if (!private)
+		return;
+
 	dasd_alias_disconnect_device_from_lcu(device);
 	private->ned = NULL;
 	private->sneq = NULL;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 105/197] ACPI / scan: Initialize status to ACPI_STA_DEFAULT
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (103 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 104/197] s390/dasd: fix panic for failed online processing Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 106/197] blk-mq: count the hctx as active before allocating tag Greg Kroah-Hartman
                   ` (93 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hans de Goede, Rafael J. Wysocki,
	Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Hans de Goede <hdegoede@redhat.com>

[ Upstream commit 5971b0c1594d6c34e257101ed5fdffec65205c50 ]

Since commit 63347db0affa "ACPI / scan: Use acpi_bus_get_status() to
initialize ACPI_TYPE_DEVICE devs" the status field of normal acpi_devices
gets set to 0 by acpi_bus_type_and_status() and filled with its actual
value later when acpi_add_single_object() calls acpi_bus_get_status().

This means that any acpi_match_device_ids() calls in between will always
fail with -ENOENT.

We already have a workaround for this, which temporary forces status to
ACPI_STA_DEFAULT in drivers/acpi/x86/utils.c: acpi_device_always_present()
and the next commit in this series adds another acpi_match_device_ids()
call between status being initialized as 0 and the acpi_bus_get_status()
call.

Rather then adding another workaround, this commit makes
acpi_bus_type_and_status() initialize status to ACPI_STA_DEFAULT, this is
safe to do as the only code looking at status between the initialization
and the acpi_bus_get_status() call is those acpi_match_device_ids() calls.

Note this does mean that we need to (re)set status to 0 in case the
acpi_bus_get_status() call fails.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/acpi/scan.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -1612,7 +1612,8 @@ static int acpi_add_single_object(struct
 	 * Note this must be done before the get power-/wakeup_dev-flags calls.
 	 */
 	if (type == ACPI_BUS_TYPE_DEVICE)
-		acpi_bus_get_status(device);
+		if (acpi_bus_get_status(device) < 0)
+			acpi_set_device_status(device, 0);
 
 	acpi_bus_get_power_flags(device);
 	acpi_bus_get_wakeup_device_flags(device);
@@ -1690,7 +1691,7 @@ static int acpi_bus_type_and_status(acpi
 		 * acpi_add_single_object updates this once we've an acpi_device
 		 * so that acpi_bus_get_status' quirk handling can be used.
 		 */
-		*sta = 0;
+		*sta = ACPI_STA_DEFAULT;
 		break;
 	case ACPI_TYPE_PROCESSOR:
 		*type = ACPI_BUS_TYPE_PROCESSOR;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 106/197] blk-mq: count the hctx as active before allocating tag
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (104 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 105/197] ACPI / scan: Initialize status to ACPI_STA_DEFAULT Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 107/197] scsi: aic94xx: fix an error code in aic94xx_init() Greg Kroah-Hartman
                   ` (92 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ming Lei, Jianchao Wang, Jens Axboe,
	Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jianchao Wang <jianchao.w.wang@oracle.com>

[ Upstream commit d263ed9926823c462f99a7679e18f0c9e5b8550d ]

Currently, we count the hctx as active after allocate driver tag
successfully. If a previously inactive hctx try to get tag first
time, it may fails and need to wait. However, due to the stale tag
->active_queues, the other shared-tags users are still able to
occupy all driver tags while there is someone waiting for tag.
Consequently, even if the previously inactive hctx is waked up, it
still may not be able to get a tag and could be starved.

To fix it, we count the hctx as active before try to allocate driver
tag, then when it is waiting the tag, the other shared-tag users
will reserve budget for it.

Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jianchao Wang <jianchao.w.wang@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 block/blk-mq-tag.c |    3 +++
 block/blk-mq.c     |    8 ++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

--- a/block/blk-mq-tag.c
+++ b/block/blk-mq-tag.c
@@ -23,6 +23,9 @@ bool blk_mq_has_free_tags(struct blk_mq_
 
 /*
  * If a previously inactive queue goes active, bump the active user count.
+ * We need to do this before try to allocate driver tag, then even if fail
+ * to get tag when first time, the other shared-tag users could reserve
+ * budget for it.
  */
 bool __blk_mq_tag_busy(struct blk_mq_hw_ctx *hctx)
 {
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -285,7 +285,7 @@ static struct request *blk_mq_rq_ctx_ini
 		rq->tag = -1;
 		rq->internal_tag = tag;
 	} else {
-		if (blk_mq_tag_busy(data->hctx)) {
+		if (data->hctx->flags & BLK_MQ_F_TAG_SHARED) {
 			rq_flags = RQF_MQ_INFLIGHT;
 			atomic_inc(&data->hctx->nr_active);
 		}
@@ -367,6 +367,8 @@ static struct request *blk_mq_get_reques
 		if (!op_is_flush(op) && e->type->ops.mq.limit_depth &&
 		    !(data->flags & BLK_MQ_REQ_RESERVED))
 			e->type->ops.mq.limit_depth(op, data);
+	} else {
+		blk_mq_tag_busy(data->hctx);
 	}
 
 	tag = blk_mq_get_tag(data);
@@ -970,6 +972,7 @@ bool blk_mq_get_driver_tag(struct reques
 		.hctx = blk_mq_map_queue(rq->q, rq->mq_ctx->cpu),
 		.flags = wait ? 0 : BLK_MQ_REQ_NOWAIT,
 	};
+	bool shared;
 
 	might_sleep_if(wait);
 
@@ -979,9 +982,10 @@ bool blk_mq_get_driver_tag(struct reques
 	if (blk_mq_tag_is_reserved(data.hctx->sched_tags, rq->internal_tag))
 		data.flags |= BLK_MQ_REQ_RESERVED;
 
+	shared = blk_mq_tag_busy(data.hctx);
 	rq->tag = blk_mq_get_tag(&data);
 	if (rq->tag >= 0) {
-		if (blk_mq_tag_busy(data.hctx)) {
+		if (shared) {
 			rq->rq_flags |= RQF_MQ_INFLIGHT;
 			atomic_inc(&data.hctx->nr_active);
 		}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 107/197] scsi: aic94xx: fix an error code in aic94xx_init()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (105 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 106/197] blk-mq: count the hctx as active before allocating tag Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 108/197] NFSv4: Fix error handling in nfs4_sp4_select_mode() Greg Kroah-Hartman
                   ` (91 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Johannes Thumshirn,
	John Garry, Martin K. Petersen, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dan Carpenter <dan.carpenter@oracle.com>

[ Upstream commit 0756c57bce3d26da2592d834d8910b6887021701 ]

We accidentally return success instead of -ENOMEM on this error path.

Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/scsi/aic94xx/aic94xx_init.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/scsi/aic94xx/aic94xx_init.c
+++ b/drivers/scsi/aic94xx/aic94xx_init.c
@@ -1030,8 +1030,10 @@ static int __init aic94xx_init(void)
 
 	aic94xx_transport_template =
 		sas_domain_attach_transport(&aic94xx_transport_functions);
-	if (!aic94xx_transport_template)
+	if (!aic94xx_transport_template) {
+		err = -ENOMEM;
 		goto out_destroy_caches;
+	}
 
 	err = pci_register_driver(&aic94xx_pci_driver);
 	if (err)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 108/197] NFSv4: Fix error handling in nfs4_sp4_select_mode()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (106 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 107/197] scsi: aic94xx: fix an error code in aic94xx_init() Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 109/197] Input: do not use WARN() in input_alloc_absinfo() Greg Kroah-Hartman
                   ` (90 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wei Yongjun, Anna Schumaker, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Wei Yongjun <weiyongjun1@huawei.com>

[ Upstream commit 72bf75cfc00c02aa66ef6133048f37aa5d88825c ]

Error code is set in the error handling cases but never used. Fix it.

Fixes: 937e3133cd0b ("NFSv4.1: Ensure we clear the SP4_MACH_CRED flags in nfs4_sp4_select_mode()")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/nfs/nfs4proc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -7734,7 +7734,7 @@ static int nfs4_sp4_select_mode(struct n
 	}
 out:
 	clp->cl_sp4_flags = flags;
-	return 0;
+	return ret;
 }
 
 struct nfs41_exchange_id_data {



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 109/197] Input: do not use WARN() in input_alloc_absinfo()
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (107 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 108/197] NFSv4: Fix error handling in nfs4_sp4_select_mode() Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:30 ` [PATCH 4.18 110/197] xen/balloon: fix balloon initialization for PVH Dom0 Greg Kroah-Hartman
                   ` (89 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dmitry Vyukov, Dmitry Torokhov, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dmitry Torokhov <dmitry.torokhov@gmail.com>

[ Upstream commit 100294cee9a98bfd4d6cb2d1c8a8aef0e959b0c4 ]

Some of fuzzers set panic_on_warn=1 so that they can handle WARN()ings
the same way they handle full-blown kernel crashes. We used WARN() in
input_alloc_absinfo() to get a better idea where memory allocation
failed, but since then kmalloc() and friends started dumping call stack on
memory allocation failures anyway, so we are not getting anything extra
from WARN().

Because of the above, let's replace WARN with dev_err(). We use dev_err()
instead of simply removing message and relying on kcalloc() to give us
stack dump so that we'd know the instance of hardware device to which we
were trying to attach input device.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/input/input.c |   16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -480,11 +480,19 @@ EXPORT_SYMBOL(input_inject_event);
  */
 void input_alloc_absinfo(struct input_dev *dev)
 {
-	if (!dev->absinfo)
-		dev->absinfo = kcalloc(ABS_CNT, sizeof(*dev->absinfo),
-					GFP_KERNEL);
+	if (dev->absinfo)
+		return;
 
-	WARN(!dev->absinfo, "%s(): kcalloc() failed?\n", __func__);
+	dev->absinfo = kcalloc(ABS_CNT, sizeof(*dev->absinfo), GFP_KERNEL);
+	if (!dev->absinfo) {
+		dev_err(dev->dev.parent ?: &dev->dev,
+			"%s: unable to allocate memory\n", __func__);
+		/*
+		 * We will handle this allocation failure in
+		 * input_register_device() when we refuse to register input
+		 * device with ABS bits but without absinfo.
+		 */
+	}
 }
 EXPORT_SYMBOL(input_alloc_absinfo);
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 110/197] xen/balloon: fix balloon initialization for PVH Dom0
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (108 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 109/197] Input: do not use WARN() in input_alloc_absinfo() Greg Kroah-Hartman
@ 2018-09-13 13:30 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 111/197] PCI: mvebu: Fix I/O space end address calculation Greg Kroah-Hartman
                   ` (88 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Gabriel Bercarug,
	Roger Pau Monné,
	Juergen Gross, Boris Ostrovsky, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Roger Pau Monne <roger.pau@citrix.com>

[ Upstream commit 3596924a233e45aa918c961a902170fc4916461b ]

The current balloon code tries to calculate a delta factor for the
balloon target when running in HVM mode in order to account for memory
used by the firmware.

This workaround for memory accounting doesn't work properly on a PVH
Dom0, that has a static-max value different from the target value even
at startup. Note that this is not a problem for DomUs because guests are
started with a static-max value that matches the amount of RAM in the
memory map.

Fix this by forcefully setting target_diff for Dom0, regardless of
it's mode.

Reported-by: Gabriel Bercarug <bercarug@amazon.com>
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/xen/xen-balloon.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/xen/xen-balloon.c
+++ b/drivers/xen/xen-balloon.c
@@ -81,7 +81,7 @@ static void watch_target(struct xenbus_w
 			static_max = new_target;
 		else
 			static_max >>= PAGE_SHIFT - 10;
-		target_diff = xen_pv_domain() ? 0
+		target_diff = (xen_pv_domain() || xen_initial_domain()) ? 0
 				: static_max - balloon_stats.target_pages;
 	}
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 111/197] PCI: mvebu: Fix I/O space end address calculation
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (109 preceding siblings ...)
  2018-09-13 13:30 ` [PATCH 4.18 110/197] xen/balloon: fix balloon initialization for PVH Dom0 Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 112/197] dm kcopyd: avoid softlockup in run_complete_job Greg Kroah-Hartman
                   ` (87 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Thomas Petazzoni, Lorenzo Pieralisi,
	Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

[ Upstream commit dfd0309fd7b30a5baffaf47b2fccb88b46d64d69 ]

pcie->realio.end should be the address of last byte of the area,
therefore using resource_size() of another resource is not correct, we
must substract 1 to get the address of the last byte.

Fixes: 11be65472a427 ("PCI: mvebu: Adapt to the new device tree layout")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pci/controller/pci-mvebu.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/pci/controller/pci-mvebu.c
+++ b/drivers/pci/controller/pci-mvebu.c
@@ -1219,7 +1219,7 @@ static int mvebu_pcie_probe(struct platf
 		pcie->realio.start = PCIBIOS_MIN_IO;
 		pcie->realio.end = min_t(resource_size_t,
 					 IO_SPACE_LIMIT,
-					 resource_size(&pcie->io));
+					 resource_size(&pcie->io) - 1);
 	} else
 		pcie->realio = pcie->io;
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 112/197] dm kcopyd: avoid softlockup in run_complete_job
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (110 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 111/197] PCI: mvebu: Fix I/O space end address calculation Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 113/197] staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice Greg Kroah-Hartman
                   ` (86 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, John Pittman, Mike Snitzer, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: John Pittman <jpittman@redhat.com>

[ Upstream commit 784c9a29e99eb40b842c29ecf1cc3a79e00fb629 ]

It was reported that softlockups occur when using dm-snapshot ontop of
slow (rbd) storage.  E.g.:

[ 4047.990647] watchdog: BUG: soft lockup - CPU#10 stuck for 22s! [kworker/10:23:26177]
...
[ 4048.034151] Workqueue: kcopyd do_work [dm_mod]
[ 4048.034156] RIP: 0010:copy_callback+0x41/0x160 [dm_snapshot]
...
[ 4048.034190] Call Trace:
[ 4048.034196]  ? __chunk_is_tracked+0x70/0x70 [dm_snapshot]
[ 4048.034200]  run_complete_job+0x5f/0xb0 [dm_mod]
[ 4048.034205]  process_jobs+0x91/0x220 [dm_mod]
[ 4048.034210]  ? kcopyd_put_pages+0x40/0x40 [dm_mod]
[ 4048.034214]  do_work+0x46/0xa0 [dm_mod]
[ 4048.034219]  process_one_work+0x171/0x370
[ 4048.034221]  worker_thread+0x1fc/0x3f0
[ 4048.034224]  kthread+0xf8/0x130
[ 4048.034226]  ? max_active_store+0x80/0x80
[ 4048.034227]  ? kthread_bind+0x10/0x10
[ 4048.034231]  ret_from_fork+0x35/0x40
[ 4048.034233] Kernel panic - not syncing: softlockup: hung tasks

Fix this by calling cond_resched() after run_complete_job()'s callout to
the dm_kcopyd_notify_fn (which is dm-snap.c:copy_callback in the above
trace).

Signed-off-by: John Pittman <jpittman@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/md/dm-kcopyd.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/md/dm-kcopyd.c
+++ b/drivers/md/dm-kcopyd.c
@@ -487,6 +487,8 @@ static int run_complete_job(struct kcopy
 	if (atomic_dec_and_test(&kc->nr_jobs))
 		wake_up(&kc->destroyq);
 
+	cond_resched();
+
 	return 0;
 }
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 113/197] staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (111 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 112/197] dm kcopyd: avoid softlockup in run_complete_job Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 114/197] ASoC: rt5677: Fix initialization of rt5677_of_match.data Greg Kroah-Hartman
                   ` (85 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ian Abbott, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ian Abbott <abbotti@mev.co.uk>

[ Upstream commit e083926b3e269d4064825dcf2ad50c636fddf8cf ]

The PFI subdevice flags indicate that the subdevice is readable and
writeable, but that is only true for the supported "M-series" boards,
not the older "E-series" boards.  Only set the SDF_READABLE and
SDF_WRITABLE subdevice flags for the M-series boards.  These two flags
are mainly for informational purposes.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/comedi/drivers/ni_mio_common.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/staging/comedi/drivers/ni_mio_common.c
+++ b/drivers/staging/comedi/drivers/ni_mio_common.c
@@ -5446,11 +5446,11 @@ static int ni_E_init(struct comedi_devic
 	/* Digital I/O (PFI) subdevice */
 	s = &dev->subdevices[NI_PFI_DIO_SUBDEV];
 	s->type		= COMEDI_SUBD_DIO;
-	s->subdev_flags	= SDF_READABLE | SDF_WRITABLE | SDF_INTERNAL;
 	s->maxdata	= 1;
 	if (devpriv->is_m_series) {
 		s->n_chan	= 16;
 		s->insn_bits	= ni_pfi_insn_bits;
+		s->subdev_flags	= SDF_READABLE | SDF_WRITABLE | SDF_INTERNAL;
 
 		ni_writew(dev, s->state, NI_M_PFI_DO_REG);
 		for (i = 0; i < NUM_PFI_OUTPUT_SELECT_REGS; ++i) {
@@ -5459,6 +5459,7 @@ static int ni_E_init(struct comedi_devic
 		}
 	} else {
 		s->n_chan	= 10;
+		s->subdev_flags	= SDF_INTERNAL;
 	}
 	s->insn_config	= ni_pfi_insn_config;
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 114/197] ASoC: rt5677: Fix initialization of rt5677_of_match.data
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (112 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 113/197] staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 115/197] iommu/omap: Fix cache flushes on L2 table entries Greg Kroah-Hartman
                   ` (84 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Matthias Kaehlcke, Guenter Roeck,
	Andy Shevchenko, Mark Brown, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Matthias Kaehlcke <mka@chromium.org>

[ Upstream commit f861e3e28a3016a2064d9f600eaa92a530b732b4 ]

The driver expects to find the device id in rt5677_of_match.data, however
it is currently assigned to rt5677_of_match.type. Fix this.

The problem was found with the help of clang:
  sound/soc/codecs/rt5677.c:5010:36: warning: expression which evaluates to
  zero treated as a null pointer constant of type 'const void *'
  [-Wnon-literal-null-conversion]
    { .compatible = "realtek,rt5677", RT5677 },
                                      ^~~~~~

Fixes: ddc9e69b9dc2 ("ASoC: rt5677: Hide platform data in the module sources")
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/soc/codecs/rt5677.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/sound/soc/codecs/rt5677.c
+++ b/sound/soc/codecs/rt5677.c
@@ -5007,7 +5007,7 @@ static const struct regmap_config rt5677
 };
 
 static const struct of_device_id rt5677_of_match[] = {
-	{ .compatible = "realtek,rt5677", RT5677 },
+	{ .compatible = "realtek,rt5677", .data = (const void *)RT5677 },
 	{ }
 };
 MODULE_DEVICE_TABLE(of, rt5677_of_match);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 115/197] iommu/omap: Fix cache flushes on L2 table entries
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (113 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 114/197] ASoC: rt5677: Fix initialization of rt5677_of_match.data Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 116/197] selftests/powerpc: Kill child processes on SIGINT Greg Kroah-Hartman
                   ` (83 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Suman Anna, Ralf Goebel,
	Joerg Roedel, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ralf Goebel <ralf.goebel@imago-technologies.com>

[ Upstream commit 04c532a1cdc7e423656c07937aa4b5c1c2b064f9 ]

The base address used for DMA operations on the second-level table
did incorrectly include the offset for the table entry. The offset
was then added again which lead to incorrect behavior.

Operations on the L1 table are not affected.

The calculation of the base address is changed to point to the
beginning of the L2 table.

Fixes: bfee0cf0ee1d ("iommu/omap: Use DMA-API for performing cache flushes")
Acked-by: Suman Anna <s-anna@ti.com>
Signed-off-by: Ralf Goebel <ralf.goebel@imago-technologies.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/iommu/omap-iommu.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/iommu/omap-iommu.c
+++ b/drivers/iommu/omap-iommu.c
@@ -550,7 +550,7 @@ static u32 *iopte_alloc(struct omap_iomm
 
 pte_ready:
 	iopte = iopte_offset(iopgd, da);
-	*pt_dma = virt_to_phys(iopte);
+	*pt_dma = iopgd_page_paddr(iopgd);
 	dev_vdbg(obj->dev,
 		 "%s: da:%08x pgd:%p *pgd:%08x pte:%p *pte:%08x\n",
 		 __func__, da, iopgd, *iopgd, iopte, *iopte);
@@ -738,7 +738,7 @@ static size_t iopgtable_clear_entry_core
 		}
 		bytes *= nent;
 		memset(iopte, 0, nent * sizeof(*iopte));
-		pt_dma = virt_to_phys(iopte);
+		pt_dma = iopgd_page_paddr(iopgd);
 		flush_iopte_range(obj->dev, pt_dma, pt_offset, nent);
 
 		/*



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 116/197] selftests/powerpc: Kill child processes on SIGINT
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (114 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 115/197] iommu/omap: Fix cache flushes on L2 table entries Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 117/197] selinux: cleanup dentry and inodes on error in selinuxfs Greg Kroah-Hartman
                   ` (82 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Breno Leitao, Gustavo Romero,
	Michael Ellerman, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Breno Leitao <leitao@debian.org>

[ Upstream commit 7c27a26e1ed5a7dd709aa19685d2c98f64e1cf0c ]

There are some powerpc selftests, as tm/tm-unavailable, that run for a long
period (>120 seconds), and if it is interrupted, as pressing CRTL-C
(SIGINT), the foreground process (harness) dies but the child process and
threads continue to execute (with PPID = 1 now) in background.

In this case, you'd think the whole test exited, but there are remaining
threads and processes being executed in background. Sometimes these
zombies processes are doing annoying things, as consuming the whole CPU or
dumping things to STDOUT.

This patch fixes this problem by attaching an empty signal handler to
SIGINT in the harness process. This handler will interrupt (EINTR) the
parent process waitpid() call, letting the code to follow through the
normal flow, which will kill all the processes in the child process group.

This patch also fixes a typo.

Signed-off-by: Breno Leitao <leitao@debian.org>
Signed-off-by: Gustavo Romero <gromero@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 tools/testing/selftests/powerpc/harness.c |   18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

--- a/tools/testing/selftests/powerpc/harness.c
+++ b/tools/testing/selftests/powerpc/harness.c
@@ -85,13 +85,13 @@ wait:
 	return status;
 }
 
-static void alarm_handler(int signum)
+static void sig_handler(int signum)
 {
-	/* Jut wake us up from waitpid */
+	/* Just wake us up from waitpid */
 }
 
-static struct sigaction alarm_action = {
-	.sa_handler = alarm_handler,
+static struct sigaction sig_action = {
+	.sa_handler = sig_handler,
 };
 
 void test_harness_set_timeout(uint64_t time)
@@ -106,8 +106,14 @@ int test_harness(int (test_function)(voi
 	test_start(name);
 	test_set_git_version(GIT_VERSION);
 
-	if (sigaction(SIGALRM, &alarm_action, NULL)) {
-		perror("sigaction");
+	if (sigaction(SIGINT, &sig_action, NULL)) {
+		perror("sigaction (sigint)");
+		test_error(name);
+		return 1;
+	}
+
+	if (sigaction(SIGALRM, &sig_action, NULL)) {
+		perror("sigaction (sigalrm)");
 		test_error(name);
 		return 1;
 	}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 117/197] selinux: cleanup dentry and inodes on error in selinuxfs
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (115 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 116/197] selftests/powerpc: Kill child processes on SIGINT Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 118/197] RDS: IB: fix passing zero to ERR_PTR() warning Greg Kroah-Hartman
                   ` (81 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, nixiaoming, Paul Moore, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: nixiaoming <nixiaoming@huawei.com>

[ Upstream commit 7e4237faa7213c1cc1d0aa65a44c67ba4729ce9f ]

If the resource requested by d_alloc_name is not added to the linked
list through d_add, then dput needs to be called to release the
subsequent abnormal branch to avoid resource leakage.

Add missing dput to selinuxfs.c

Signed-off-by: nixiaoming <nixiaoming@huawei.com>
[PM: tweak the subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 security/selinux/selinuxfs.c |   33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1365,13 +1365,18 @@ static int sel_make_bools(struct selinux
 
 		ret = -ENOMEM;
 		inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
-		if (!inode)
+		if (!inode) {
+			dput(dentry);
 			goto out;
+		}
 
 		ret = -ENAMETOOLONG;
 		len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
-		if (len >= PAGE_SIZE)
+		if (len >= PAGE_SIZE) {
+			dput(dentry);
+			iput(inode);
 			goto out;
+		}
 
 		isec = (struct inode_security_struct *)inode->i_security;
 		ret = security_genfs_sid(fsi->state, "selinuxfs", page,
@@ -1586,8 +1591,10 @@ static int sel_make_avc_files(struct den
 			return -ENOMEM;
 
 		inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
-		if (!inode)
+		if (!inode) {
+			dput(dentry);
 			return -ENOMEM;
+		}
 
 		inode->i_fop = files[i].ops;
 		inode->i_ino = ++fsi->last_ino;
@@ -1632,8 +1639,10 @@ static int sel_make_initcon_files(struct
 			return -ENOMEM;
 
 		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
-		if (!inode)
+		if (!inode) {
+			dput(dentry);
 			return -ENOMEM;
+		}
 
 		inode->i_fop = &sel_initcon_ops;
 		inode->i_ino = i|SEL_INITCON_INO_OFFSET;
@@ -1733,8 +1742,10 @@ static int sel_make_perm_files(char *obj
 
 		rc = -ENOMEM;
 		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
-		if (!inode)
+		if (!inode) {
+			dput(dentry);
 			goto out;
+		}
 
 		inode->i_fop = &sel_perm_ops;
 		/* i+1 since perm values are 1-indexed */
@@ -1763,8 +1774,10 @@ static int sel_make_class_dir_entries(ch
 		return -ENOMEM;
 
 	inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
-	if (!inode)
+	if (!inode) {
+		dput(dentry);
 		return -ENOMEM;
+	}
 
 	inode->i_fop = &sel_class_ops;
 	inode->i_ino = sel_class_to_ino(index);
@@ -1838,8 +1851,10 @@ static int sel_make_policycap(struct sel
 			return -ENOMEM;
 
 		inode = sel_make_inode(fsi->sb, S_IFREG | 0444);
-		if (inode == NULL)
+		if (inode == NULL) {
+			dput(dentry);
 			return -ENOMEM;
+		}
 
 		inode->i_fop = &sel_policycap_ops;
 		inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
@@ -1932,8 +1947,10 @@ static int sel_fill_super(struct super_b
 
 	ret = -ENOMEM;
 	inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
-	if (!inode)
+	if (!inode) {
+		dput(dentry);
 		goto err;
+	}
 
 	inode->i_ino = ++fsi->last_ino;
 	isec = (struct inode_security_struct *)inode->i_security;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 118/197] RDS: IB: fix passing zero to ERR_PTR() warning
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (116 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 117/197] selinux: cleanup dentry and inodes on error in selinuxfs Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 119/197] cfq: Suppress compiler warnings about comparisons Greg Kroah-Hartman
                   ` (80 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, YueHaibing, Santosh Shilimkar,
	David S. Miller, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: YueHaibing <yuehaibing@huawei.com>

[ Upstream commit 5941923da29e84bc9e2a1abb2c14fffaf8d71e2f ]

Fix a static code checker warning:
 net/rds/ib_frmr.c:82 rds_ib_alloc_frmr() warn: passing zero to 'ERR_PTR'

The error path for ib_alloc_mr failure should set err to PTR_ERR.

Fixes: 1659185fb4d0 ("RDS: IB: Support Fastreg MR (FRMR) memory registration mode")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/rds/ib_frmr.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/rds/ib_frmr.c
+++ b/net/rds/ib_frmr.c
@@ -61,6 +61,7 @@ static struct rds_ib_mr *rds_ib_alloc_fr
 			 pool->fmr_attr.max_pages);
 	if (IS_ERR(frmr->mr)) {
 		pr_warn("RDS/IB: %s failed to allocate MR", __func__);
+		err = PTR_ERR(frmr->mr);
 		goto out_no_cigar;
 	}
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 119/197] cfq: Suppress compiler warnings about comparisons
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (117 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 118/197] RDS: IB: fix passing zero to ERR_PTR() warning Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 120/197] smb3: fix reset of bytes read and written stats Greg Kroah-Hartman
                   ` (79 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Jens Axboe, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bart Van Assche <bart.vanassche@wdc.com>

[ Upstream commit f7ecb1b109da1006a08d5675debe60990e824432 ]

This patch does not change any functionality but avoids that gcc
reports the following warnings when building with W=1:

block/cfq-iosched.c: In function ?cfq_back_seek_max_store?:
block/cfq-iosched.c:4741:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
  if (__data < (MIN))      \
             ^
block/cfq-iosched.c:4756:1: note: in expansion of macro ?STORE_FUNCTION?
 STORE_FUNCTION(cfq_back_seek_max_store, &cfqd->cfq_back_max, 0, UINT_MAX, 0);
 ^~~~~~~~~~~~~~
block/cfq-iosched.c: In function ?cfq_slice_idle_store?:
block/cfq-iosched.c:4741:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
  if (__data < (MIN))      \
             ^
block/cfq-iosched.c:4759:1: note: in expansion of macro ?STORE_FUNCTION?
 STORE_FUNCTION(cfq_slice_idle_store, &cfqd->cfq_slice_idle, 0, UINT_MAX, 1);
 ^~~~~~~~~~~~~~
block/cfq-iosched.c: In function ?cfq_group_idle_store?:
block/cfq-iosched.c:4741:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
  if (__data < (MIN))      \
             ^
block/cfq-iosched.c:4760:1: note: in expansion of macro ?STORE_FUNCTION?
 STORE_FUNCTION(cfq_group_idle_store, &cfqd->cfq_group_idle, 0, UINT_MAX, 1);
 ^~~~~~~~~~~~~~
block/cfq-iosched.c: In function ?cfq_low_latency_store?:
block/cfq-iosched.c:4741:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
  if (__data < (MIN))      \
             ^
block/cfq-iosched.c:4765:1: note: in expansion of macro ?STORE_FUNCTION?
 STORE_FUNCTION(cfq_low_latency_store, &cfqd->cfq_latency, 0, 1, 0);
 ^~~~~~~~~~~~~~
block/cfq-iosched.c: In function ?cfq_slice_idle_us_store?:
block/cfq-iosched.c:4775:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
  if (__data < (MIN))      \
             ^
block/cfq-iosched.c:4782:1: note: in expansion of macro ?USEC_STORE_FUNCTION?
 USEC_STORE_FUNCTION(cfq_slice_idle_us_store, &cfqd->cfq_slice_idle, 0, UINT_MAX);
 ^~~~~~~~~~~~~~~~~~~
block/cfq-iosched.c: In function ?cfq_group_idle_us_store?:
block/cfq-iosched.c:4775:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
  if (__data < (MIN))      \
             ^
block/cfq-iosched.c:4783:1: note: in expansion of macro ?USEC_STORE_FUNCTION?
 USEC_STORE_FUNCTION(cfq_group_idle_us_store, &cfqd->cfq_group_idle, 0, UINT_MAX);
 ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 block/cfq-iosched.c |   22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -4735,12 +4735,13 @@ USEC_SHOW_FUNCTION(cfq_target_latency_us
 static ssize_t __FUNC(struct elevator_queue *e, const char *page, size_t count)	\
 {									\
 	struct cfq_data *cfqd = e->elevator_data;			\
-	unsigned int __data;						\
+	unsigned int __data, __min = (MIN), __max = (MAX);		\
+									\
 	cfq_var_store(&__data, (page));					\
-	if (__data < (MIN))						\
-		__data = (MIN);						\
-	else if (__data > (MAX))					\
-		__data = (MAX);						\
+	if (__data < __min)						\
+		__data = __min;						\
+	else if (__data > __max)					\
+		__data = __max;						\
 	if (__CONV)							\
 		*(__PTR) = (u64)__data * NSEC_PER_MSEC;			\
 	else								\
@@ -4769,12 +4770,13 @@ STORE_FUNCTION(cfq_target_latency_store,
 static ssize_t __FUNC(struct elevator_queue *e, const char *page, size_t count)	\
 {									\
 	struct cfq_data *cfqd = e->elevator_data;			\
-	unsigned int __data;						\
+	unsigned int __data, __min = (MIN), __max = (MAX);		\
+									\
 	cfq_var_store(&__data, (page));					\
-	if (__data < (MIN))						\
-		__data = (MIN);						\
-	else if (__data > (MAX))					\
-		__data = (MAX);						\
+	if (__data < __min)						\
+		__data = __min;						\
+	else if (__data > __max)					\
+		__data = __max;						\
 	*(__PTR) = (u64)__data * NSEC_PER_USEC;				\
 	return count;							\
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 120/197] smb3: fix reset of bytes read and written stats
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (118 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 119/197] cfq: Suppress compiler warnings about comparisons Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 121/197] CIFS: fix memory leak and remove dead code Greg Kroah-Hartman
                   ` (78 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steve French, Aurelien Aptel, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steve French <stfrench@microsoft.com>

[ Upstream commit c281bc0c7412308c7ec0888904f7c99353da4796 ]

echo 0 > /proc/fs/cifs/Stats is supposed to reset the stats
but there were four (see example below) that were not reset
(bytes read and witten, total vfs ops and max ops
at one time).

...
0 session 0 share reconnects
Total vfs operations: 100 maximum at one time: 2

1) \\localhost\test
SMBs: 0
Bytes read: 502092  Bytes written: 31457286
TreeConnects: 0 total 0 failed
TreeDisconnects: 0 total 0 failed
...

This patch fixes cifs_stats_proc_write to properly reset
those four.

Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/cifs/cifs_debug.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -383,6 +383,10 @@ static ssize_t cifs_stats_proc_write(str
 		atomic_set(&totBufAllocCount, 0);
 		atomic_set(&totSmBufAllocCount, 0);
 #endif /* CONFIG_CIFS_STATS2 */
+		spin_lock(&GlobalMid_Lock);
+		GlobalMaxActiveXid = 0;
+		GlobalCurrentXid = 0;
+		spin_unlock(&GlobalMid_Lock);
 		spin_lock(&cifs_tcp_ses_lock);
 		list_for_each(tmp1, &cifs_tcp_ses_list) {
 			server = list_entry(tmp1, struct TCP_Server_Info,
@@ -395,6 +399,10 @@ static ssize_t cifs_stats_proc_write(str
 							  struct cifs_tcon,
 							  tcon_list);
 					atomic_set(&tcon->num_smbs_sent, 0);
+					spin_lock(&tcon->stat_lock);
+					tcon->bytes_read = 0;
+					tcon->bytes_written = 0;
+					spin_unlock(&tcon->stat_lock);
 					if (server->ops->clear_stats)
 						server->ops->clear_stats(tcon);
 				}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 121/197] CIFS: fix memory leak and remove dead code
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (119 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 120/197] smb3: fix reset of bytes read and written stats Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 122/197] SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Greg Kroah-Hartman
                   ` (77 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Aurelien Aptel, Dan Carpenter,
	Gustavo A. R. Silva, Paulo Alcantara, Steve French, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Aurelien Aptel <aaptel@suse.com>

[ Upstream commit 256b4c3f03d77d8c0dc69e3a6ceb3afd0d1810bd ]

also fixes error code in smb311_posix_mkdir() (where
the error assignment needs to go before the goto)
a typo that Dan Carpenter and Paulo and Gustavo
pointed out.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/cifs/smb2pdu.c |  101 ++++++++++++++++++++++++++----------------------------
 1 file changed, 50 insertions(+), 51 deletions(-)

--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1928,7 +1928,7 @@ int smb311_posix_mkdir(const unsigned in
 {
 	struct smb_rqst rqst;
 	struct smb2_create_req *req;
-	struct smb2_create_rsp *rsp;
+	struct smb2_create_rsp *rsp = NULL;
 	struct TCP_Server_Info *server;
 	struct cifs_ses *ses = tcon->ses;
 	struct kvec iov[3]; /* make sure at least one for each open context */
@@ -1943,27 +1943,31 @@ int smb311_posix_mkdir(const unsigned in
 	char *pc_buf = NULL;
 	int flags = 0;
 	unsigned int total_len;
-	__le16 *path = cifs_convert_path_to_utf16(full_path, cifs_sb);
-
-	if (!path)
-		return -ENOMEM;
+	__le16 *utf16_path = NULL;
 
 	cifs_dbg(FYI, "mkdir\n");
 
+	/* resource #1: path allocation */
+	utf16_path = cifs_convert_path_to_utf16(full_path, cifs_sb);
+	if (!utf16_path)
+		return -ENOMEM;
+
 	if (ses && (ses->server))
 		server = ses->server;
-	else
-		return -EIO;
+	else {
+		rc = -EIO;
+		goto err_free_path;
+	}
 
+	/* resource #2: request */
 	rc = smb2_plain_req_init(SMB2_CREATE, tcon, (void **) &req, &total_len);
-
 	if (rc)
-		return rc;
+		goto err_free_path;
+
 
 	if (smb3_encryption_required(tcon))
 		flags |= CIFS_TRANSFORM_REQ;
 
-
 	req->ImpersonationLevel = IL_IMPERSONATION;
 	req->DesiredAccess = cpu_to_le32(FILE_WRITE_ATTRIBUTES);
 	/* File attributes ignored on open (used in create though) */
@@ -1992,50 +1996,44 @@ int smb311_posix_mkdir(const unsigned in
 		req->sync_hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
 		rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
 						 &name_len,
-						 tcon->treeName, path);
-		if (rc) {
-			cifs_small_buf_release(req);
-			return rc;
-		}
+						 tcon->treeName, utf16_path);
+		if (rc)
+			goto err_free_req;
+
 		req->NameLength = cpu_to_le16(name_len * 2);
 		uni_path_len = copy_size;
-		path = copy_path;
+		/* free before overwriting resource */
+		kfree(utf16_path);
+		utf16_path = copy_path;
 	} else {
-		uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2;
+		uni_path_len = (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2;
 		/* MUST set path len (NameLength) to 0 opening root of share */
 		req->NameLength = cpu_to_le16(uni_path_len - 2);
 		if (uni_path_len % 8 != 0) {
 			copy_size = roundup(uni_path_len, 8);
 			copy_path = kzalloc(copy_size, GFP_KERNEL);
 			if (!copy_path) {
-				cifs_small_buf_release(req);
-				return -ENOMEM;
+				rc = -ENOMEM;
+				goto err_free_req;
 			}
-			memcpy((char *)copy_path, (const char *)path,
+			memcpy((char *)copy_path, (const char *)utf16_path,
 			       uni_path_len);
 			uni_path_len = copy_size;
-			path = copy_path;
+			/* free before overwriting resource */
+			kfree(utf16_path);
+			utf16_path = copy_path;
 		}
 	}
 
 	iov[1].iov_len = uni_path_len;
-	iov[1].iov_base = path;
+	iov[1].iov_base = utf16_path;
 	req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE;
 
 	if (tcon->posix_extensions) {
-		if (n_iov > 2) {
-			struct create_context *ccontext =
-			    (struct create_context *)iov[n_iov-1].iov_base;
-			ccontext->Next =
-				cpu_to_le32(iov[n_iov-1].iov_len);
-		}
-
+		/* resource #3: posix buf */
 		rc = add_posix_context(iov, &n_iov, mode);
-		if (rc) {
-			cifs_small_buf_release(req);
-			kfree(copy_path);
-			return rc;
-		}
+		if (rc)
+			goto err_free_req;
 		pc_buf = iov[n_iov-1].iov_base;
 	}
 
@@ -2044,32 +2042,33 @@ int smb311_posix_mkdir(const unsigned in
 	rqst.rq_iov = iov;
 	rqst.rq_nvec = n_iov;
 
-	rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags,
-			    &rsp_iov);
-
-	cifs_small_buf_release(req);
-	rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
-
-	if (rc != 0) {
+	/* resource #4: response buffer */
+	rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov);
+	if (rc) {
 		cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
 		trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid,
-				    CREATE_NOT_FILE, FILE_WRITE_ATTRIBUTES, rc);
-		goto smb311_mkdir_exit;
-	} else
-		trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid,
-				     ses->Suid, CREATE_NOT_FILE,
-				     FILE_WRITE_ATTRIBUTES);
+					   CREATE_NOT_FILE,
+					   FILE_WRITE_ATTRIBUTES, rc);
+		goto err_free_rsp_buf;
+	}
+
+	rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
+	trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid,
+				    ses->Suid, CREATE_NOT_FILE,
+				    FILE_WRITE_ATTRIBUTES);
 
 	SMB2_close(xid, tcon, rsp->PersistentFileId, rsp->VolatileFileId);
 
 	/* Eventually save off posix specific response info and timestaps */
 
-smb311_mkdir_exit:
-	kfree(copy_path);
-	kfree(pc_buf);
+err_free_rsp_buf:
 	free_rsp_buf(resp_buftype, rsp);
+	kfree(pc_buf);
+err_free_req:
+	cifs_small_buf_release(req);
+err_free_path:
+	kfree(utf16_path);
 	return rc;
-
 }
 #endif /* SMB311 */
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 122/197] SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (120 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 121/197] CIFS: fix memory leak and remove dead code Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 123/197] smb3: if server does not support posix do not allow posix mount option Greg Kroah-Hartman
                   ` (76 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steve French, Aurelien Aptel,
	Pavel Shilovsky, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steve French <stfrench@microsoft.com>

[ Upstream commit 289131e1f1e6ad8c661ec05e176b8f0915672059 ]

For SMB2/SMB3 the number of requests sent was not displayed
in /proc/fs/cifs/Stats unless CONFIG_CIFS_STATS2 was
enabled (only number of failed requests displayed). As
with earlier dialects, we should be displaying these
counters if CONFIG_CIFS_STATS is enabled. They
are important for debugging.

e.g. when you cat /proc/fs/cifs/Stats (before the patch)
Resources in use
CIFS Session: 1
Share (unique mount targets): 2
SMB Request/Response Buffer: 1 Pool size: 5
SMB Small Req/Resp Buffer: 1 Pool size: 30
Operations (MIDs): 0

0 session 0 share reconnects
Total vfs operations: 690 maximum at one time: 2

1) \\localhost\test
SMBs: 975
Negotiates: 0 sent 0 failed
SessionSetups: 0 sent 0 failed
Logoffs: 0 sent 0 failed
TreeConnects: 0 sent 0 failed
TreeDisconnects: 0 sent 0 failed
Creates: 0 sent 2 failed
Closes: 0 sent 0 failed
Flushes: 0 sent 0 failed
Reads: 0 sent 0 failed
Writes: 0 sent 0 failed
Locks: 0 sent 0 failed
IOCTLs: 0 sent 1 failed
Cancels: 0 sent 0 failed
Echos: 0 sent 0 failed
QueryDirectories: 0 sent 63 failed

Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/cifs/smb2pdu.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -360,7 +360,7 @@ smb2_plain_req_init(__le16 smb2_command,
 		       total_len);
 
 	if (tcon != NULL) {
-#ifdef CONFIG_CIFS_STATS2
+#ifdef CONFIG_CIFS_STATS
 		uint16_t com_code = le16_to_cpu(smb2_command);
 		cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]);
 #endif



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 123/197] smb3: if server does not support posix do not allow posix mount option
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (121 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 122/197] SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 124/197] powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning Greg Kroah-Hartman
                   ` (75 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steve French, Aurelien Aptel, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Steve French <stfrench@microsoft.com>

[ Upstream commit 8505c8bfd85a260c9dc5c47e15bd8c5357fcbcd2 ]

If user specifies "posix" on an SMB3.11 mount, then fail the mount
if server does not return the POSIX negotiate context indicating
support for posix.

Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/cifs/connect.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3031,11 +3031,15 @@ cifs_get_tcon(struct cifs_ses *ses, stru
 	}
 
 #ifdef CONFIG_CIFS_SMB311
-	if ((volume_info->linux_ext) && (ses->server->posix_ext_supported)) {
-		if (ses->server->vals->protocol_id == SMB311_PROT_ID) {
+	if (volume_info->linux_ext) {
+		if (ses->server->posix_ext_supported) {
 			tcon->posix_extensions = true;
 			printk_once(KERN_WARNING
 				"SMB3.11 POSIX Extensions are experimental\n");
+		} else {
+			cifs_dbg(VFS, "Server does not support mounting with posix SMB3.11 extensions.\n");
+			rc = -EOPNOTSUPP;
+			goto out_fail;
 		}
 	}
 #endif /* 311 */



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 124/197] powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (122 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 123/197] smb3: if server does not support posix do not allow posix mount option Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 125/197] powerpc/64s: Make rfi_flush_fallback a little more robust Greg Kroah-Hartman
                   ` (74 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Benjamin Herrenschmidt,
	Paul Mackerras, Michael Ellerman, Scott Wood, Kumar Gala,
	linuxppc-dev, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Randy Dunlap <rdunlap@infradead.org>

[ Upstream commit f5daf77a55ef0e695cc90c440ed6503073ac5e07 ]

Fix build errors and warnings in t1042rdb_diu.c by adding header files
and MODULE_LICENSE().

../arch/powerpc/platforms/85xx/t1042rdb_diu.c:152:1: warning: data definition has no type or storage class
 early_initcall(t1042rdb_diu_init);
../arch/powerpc/platforms/85xx/t1042rdb_diu.c:152:1: error: type defaults to 'int' in declaration of 'early_initcall' [-Werror=implicit-int]
../arch/powerpc/platforms/85xx/t1042rdb_diu.c:152:1: warning: parameter names (without types) in function declaration

and
WARNING: modpost: missing MODULE_LICENSE() in arch/powerpc/platforms/85xx/t1042rdb_diu.o

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Scott Wood <oss@buserror.net>
Cc: Kumar Gala <galak@kernel.crashing.org>
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/platforms/85xx/t1042rdb_diu.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/arch/powerpc/platforms/85xx/t1042rdb_diu.c
+++ b/arch/powerpc/platforms/85xx/t1042rdb_diu.c
@@ -9,8 +9,10 @@
  * option) any later version.
  */
 
+#include <linux/init.h>
 #include <linux/io.h>
 #include <linux/kernel.h>
+#include <linux/module.h>
 #include <linux/of.h>
 #include <linux/of_address.h>
 
@@ -150,3 +152,5 @@ static int __init t1042rdb_diu_init(void
 }
 
 early_initcall(t1042rdb_diu_init);
+
+MODULE_LICENSE("GPL");



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 125/197] powerpc/64s: Make rfi_flush_fallback a little more robust
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (123 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 124/197] powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 126/197] um: fix parallel building with O= option Greg Kroah-Hartman
                   ` (73 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Nicholas Piggin,
	Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michael Ellerman <mpe@ellerman.id.au>

[ Upstream commit 78ee9946371f5848ddfc88ab1a43867df8f17d83 ]

Because rfi_flush_fallback runs immediately before the return to
userspace it currently runs with the user r1 (stack pointer). This
means if we oops in there we will report a bad kernel stack pointer in
the exception entry path, eg:

  Bad kernel stack pointer 7ffff7150e40 at c0000000000023b4
  Oops: Bad kernel stack pointer, sig: 6 [#1]
  LE SMP NR_CPUS=32 NUMA PowerNV
  Modules linked in:
  CPU: 0 PID: 1246 Comm: klogd Not tainted 4.18.0-rc2-gcc-7.3.1-00175-g0443f8a69ba3 #7
  NIP:  c0000000000023b4 LR: 0000000010053e00 CTR: 0000000000000040
  REGS: c0000000fffe7d40 TRAP: 4100   Not tainted  (4.18.0-rc2-gcc-7.3.1-00175-g0443f8a69ba3)
  MSR:  9000000002803031 <SF,HV,VEC,VSX,FP,ME,IR,DR,LE>  CR: 44000442  XER: 20000000
  CFAR: c00000000000bac8 IRQMASK: c0000000f1e66a80
  GPR00: 0000000002000000 00007ffff7150e40 00007fff93a99900 0000000000000020
  ...
  NIP [c0000000000023b4] rfi_flush_fallback+0x34/0x80
  LR [0000000010053e00] 0x10053e00

Although the NIP tells us where we were, and the TRAP number tells us
what happened, it would still be nicer if we could report the actual
exception rather than barfing about the stack pointer.

We an do that fairly simply by loading the kernel stack pointer on
entry and restoring the user value before returning. That way we see a
regular oops such as:

  Unrecoverable exception 4100 at c00000000000239c
  Oops: Unrecoverable exception, sig: 6 [#1]
  LE SMP NR_CPUS=32 NUMA PowerNV
  Modules linked in:
  CPU: 0 PID: 1251 Comm: klogd Not tainted 4.18.0-rc3-gcc-7.3.1-00097-g4ebfcac65acd-dirty #40
  NIP:  c00000000000239c LR: 0000000010053e00 CTR: 0000000000000040
  REGS: c0000000f1e17bb0 TRAP: 4100   Not tainted  (4.18.0-rc3-gcc-7.3.1-00097-g4ebfcac65acd-dirty)
  MSR:  9000000002803031 <SF,HV,VEC,VSX,FP,ME,IR,DR,LE>  CR: 44000442  XER: 20000000
  CFAR: c00000000000bac8 IRQMASK: 0
  ...
  NIP [c00000000000239c] rfi_flush_fallback+0x3c/0x80
  LR [0000000010053e00] 0x10053e00
  Call Trace:
  [c0000000f1e17e30] [c00000000000b9e4] system_call+0x5c/0x70 (unreliable)

Note this shouldn't make the kernel stack pointer vulnerable to a
meltdown attack, because it should be flushed from the cache before we
return to userspace. The user r1 value will be in the cache, because
we load it in the return path, but that is harmless.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/kernel/exceptions-64s.S |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -1526,6 +1526,8 @@ TRAMP_REAL_BEGIN(stf_barrier_fallback)
 TRAMP_REAL_BEGIN(rfi_flush_fallback)
 	SET_SCRATCH0(r13);
 	GET_PACA(r13);
+	std	r1,PACA_EXRFI+EX_R12(r13)
+	ld	r1,PACAKSAVE(r13)
 	std	r9,PACA_EXRFI+EX_R9(r13)
 	std	r10,PACA_EXRFI+EX_R10(r13)
 	std	r11,PACA_EXRFI+EX_R11(r13)
@@ -1560,12 +1562,15 @@ TRAMP_REAL_BEGIN(rfi_flush_fallback)
 	ld	r9,PACA_EXRFI+EX_R9(r13)
 	ld	r10,PACA_EXRFI+EX_R10(r13)
 	ld	r11,PACA_EXRFI+EX_R11(r13)
+	ld	r1,PACA_EXRFI+EX_R12(r13)
 	GET_SCRATCH0(r13);
 	rfid
 
 TRAMP_REAL_BEGIN(hrfi_flush_fallback)
 	SET_SCRATCH0(r13);
 	GET_PACA(r13);
+	std	r1,PACA_EXRFI+EX_R12(r13)
+	ld	r1,PACAKSAVE(r13)
 	std	r9,PACA_EXRFI+EX_R9(r13)
 	std	r10,PACA_EXRFI+EX_R10(r13)
 	std	r11,PACA_EXRFI+EX_R11(r13)
@@ -1600,6 +1605,7 @@ TRAMP_REAL_BEGIN(hrfi_flush_fallback)
 	ld	r9,PACA_EXRFI+EX_R9(r13)
 	ld	r10,PACA_EXRFI+EX_R10(r13)
 	ld	r11,PACA_EXRFI+EX_R11(r13)
+	ld	r1,PACA_EXRFI+EX_R12(r13)
 	GET_SCRATCH0(r13);
 	hrfid
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 126/197] um: fix parallel building with O= option
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (124 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 125/197] powerpc/64s: Make rfi_flush_fallback a little more robust Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 127/197] powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX Greg Kroah-Hartman
                   ` (72 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Masahiro Yamada,
	Richard Weinberger, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Masahiro Yamada <yamada.masahiro@socionext.com>

[ Upstream commit 13d3d01e26b942ada7cfced68ccb6db49597874a ]

Randy Dunlap reports UML occasionally fails to build with -j<N> and
O=<builddir> options.

  make[1]: Entering directory '/home/rdunlap/mmotm-2018-0802-1529/UM64'
    UPD     include/generated/uapi/linux/version.h
    WRAP    arch/x86/include/generated/asm/dma-contiguous.h
    WRAP    arch/x86/include/generated/asm/export.h
    WRAP    arch/x86/include/generated/asm/early_ioremap.h
    WRAP    arch/x86/include/generated/asm/mcs_spinlock.h
    WRAP    arch/x86/include/generated/asm/mm-arch-hooks.h
    WRAP    arch/x86/include/generated/uapi/asm/bpf_perf_event.h
    WRAP    arch/x86/include/generated/uapi/asm/poll.h
    GEN     ./Makefile
  make[2]: *** No rule to make target 'archheaders'.  Stop.
  arch/um/Makefile:119: recipe for target 'archheaders' failed
  make[1]: *** [archheaders] Error 2
  make[1]: *** Waiting for unfinished jobs....
    UPD     include/config/kernel.release
  make[1]: *** wait: No child processes.  Stop.
  Makefile:146: recipe for target 'sub-make' failed
  make: *** [sub-make] Error 2

The cause of the problem is the use of '$(MAKE) KBUILD_SRC=',
which recurses to the top Makefile via the $(objtree)/Makefile
generated by scripts/mkmakefile.

When you run "make -j<N> O=<builddir> ARCH=um", Make can execute
'archheaders' and 'outputmakefile' targets simultaneously because
there is no dependency between them.

If it happens,

  $(Q)$(MAKE) KBUILD_SRC= ARCH=$(HEADER_ARCH) archheaders

... tries to run $(objtree)/Makefile that is being updated.

The correct way for the recursion is

  $(Q)$(MAKE) -f $(srctree)/Makefile ARCH=$(HEADER_ARCH) archheaders

..., which does not rely on the generated Makefile.

Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/um/Makefile |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/arch/um/Makefile
+++ b/arch/um/Makefile
@@ -122,8 +122,7 @@ archheaders:
 	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.asm-generic \
 	            kbuild-file=$(HOST_DIR)/include/uapi/asm/Kbuild \
 		    obj=$(HOST_DIR)/include/generated/uapi/asm
-	$(Q)$(MAKE) KBUILD_SRC= ARCH=$(HEADER_ARCH) archheaders
-
+	$(Q)$(MAKE) -f $(srctree)/Makefile ARCH=$(HEADER_ARCH) archheaders
 
 archprepare: include/generated/user_constants.h
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 127/197] powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (125 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 126/197] um: fix parallel building with O= option Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 128/197] clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Greg Kroah-Hartman
                   ` (71 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Michal Suchanek, Mahesh Salgaonkar,
	Michael Ellerman, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>

[ Upstream commit 74e96bf44f430cf7a01de19ba6cf49b361cdfd6e ]

The global mce data buffer that used to copy rtas error log is of 2048
(RTAS_ERROR_LOG_MAX) bytes in size. Before the copy we read
extended_log_length from rtas error log header, then use max of
extended_log_length and RTAS_ERROR_LOG_MAX as a size of data to be copied.
Ideally the platform (phyp) will never send extended error log with
size > 2048. But if that happens, then we have a risk of buffer overrun
and corruption. Fix this by using min_t instead.

Fixes: d368514c3097 ("powerpc: Fix corruption when grabbing FWNMI data")
Reported-by: Michal Suchanek <msuchanek@suse.com>
Signed-off-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/platforms/pseries/ras.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/platforms/pseries/ras.c
+++ b/arch/powerpc/platforms/pseries/ras.c
@@ -371,7 +371,7 @@ static struct rtas_error_log *fwnmi_get_
 		int len, error_log_length;
 
 		error_log_length = 8 + rtas_error_extended_log_length(h);
-		len = max_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
+		len = min_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
 		memset(global_mce_data_buf, 0, RTAS_ERROR_LOG_MAX);
 		memcpy(global_mce_data_buf, h, len);
 		errhdr = (struct rtas_error_log *)global_mce_data_buf;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 128/197] clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (126 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 127/197] powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 129/197] drm/amd/display: Read back max backlight value at boot Greg Kroah-Hartman
                   ` (70 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Levin Du, Heiko Stuebner, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Levin Du <djw@t-chip.com.cn>

[ Upstream commit 640332d1a089909df08bc9f3e42888a2019c66e2 ]

PWM2 is commonly used to control voltage of PWM regulator of VDD_LOG in
RK3399. On the Firefly-RK3399 board, PWM2 outputs 40 KHz square wave
from power on and the VDD_LOG is about 0.9V. When the kernel boots
normally into the system, the PWM2 keeps outputing PWM signal.

But the kernel hangs randomly after "Starting kernel ..." line on that
board. When it happens, PWM2 outputs high level which causes VDD_LOG
drops to 0.4V below the normal operating voltage.

By adding "pclk_rkpwm_pmu" to the rk3399_pmucru_critical_clocks array,
PWM clock is ensured to be prepared at startup and the PWM2 output is
normal. After repeated tests, the early boot hang is gone.

This patch works on both Firefly-RK3399 and ROC-RK3399-PC boards.

Signed-off-by: Levin Du <djw@t-chip.com.cn>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/clk/rockchip/clk-rk3399.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/clk/rockchip/clk-rk3399.c
+++ b/drivers/clk/rockchip/clk-rk3399.c
@@ -1523,6 +1523,7 @@ static const char *const rk3399_pmucru_c
 	"pclk_pmu_src",
 	"fclk_cm0s_src_pmu",
 	"clk_timer_src_pmu",
+	"pclk_rkpwm_pmu",
 };
 
 static void __init rk3399_clk_init(struct device_node *np)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 129/197] drm/amd/display: Read back max backlight value at boot
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (127 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 128/197] clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 130/197] KVM: vmx: track host_state.loaded using a loaded_vmcs pointer Greg Kroah-Hartman
                   ` (69 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, David Francis, Harry Wentland,
	Bhawanpreet Lakha, Alex Deucher, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Francis <David.Francis@amd.com>

[ Upstream commit 53a53f8687faf492df2644d8c18ff0217fc18730 ]

[Why]
If there is no program explicitly setting the backlight
brightness (for example, during a minimal install of linux), the
hardware defaults to maximum brightness but the backlight_device
defaults to 0 value.  Thus, settings displays the wrong brightness
value.

[How]
When creating the backlight device, set brightness to max

Signed-off-by: David Francis <David.Francis@amd.com>
Reviewed-by: Harry Wentland <Harry.Wentland@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -1334,6 +1334,7 @@ amdgpu_dm_register_backlight_device(stru
 	struct backlight_properties props = { 0 };
 
 	props.max_brightness = AMDGPU_MAX_BL_LEVEL;
+	props.brightness = AMDGPU_MAX_BL_LEVEL;
 	props.type = BACKLIGHT_RAW;
 
 	snprintf(bl_name, sizeof(bl_name), "amdgpu_bl%d",



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 130/197] KVM: vmx: track host_state.loaded using a loaded_vmcs pointer
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (128 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 129/197] drm/amd/display: Read back max backlight value at boot Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 131/197] kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 Greg Kroah-Hartman
                   ` (68 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini,
	Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sean Christopherson <sean.j.christopherson@intel.com>

[ Upstream commit bd9966de4e14fb559e89a06f7f5c9aab2cc028b9 ]

Using 'struct loaded_vmcs*' to track whether the CPU registers
contain host or guest state kills two birds with one stone.

  1. The (effective) boolean host_state.loaded is poorly named.
     It does not track whether or not host state is loaded into
     the CPU registers (which most readers would expect), but
     rather tracks if host state has been saved AND guest state
     is loaded.

  2. Using a loaded_vmcs pointer provides a more robust framework
     for the optimized guest/host state switching, especially when
     consideration per-VMCS enhancements.  To that end, WARN_ONCE
     if we try to switch to host state with a different VMCS than
     was last used to save host state.

Resolve an occurrence of the new WARN by setting loaded_vmcs after
the call to vmx_vcpu_put() in vmx_switch_vmcs().

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/vmx.c |   22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -939,17 +939,21 @@ struct vcpu_vmx {
 	/*
 	 * loaded_vmcs points to the VMCS currently used in this vcpu. For a
 	 * non-nested (L1) guest, it always points to vmcs01. For a nested
-	 * guest (L2), it points to a different VMCS.
+	 * guest (L2), it points to a different VMCS.  loaded_cpu_state points
+	 * to the VMCS whose state is loaded into the CPU registers that only
+	 * need to be switched when transitioning to/from the kernel; a NULL
+	 * value indicates that host state is loaded.
 	 */
 	struct loaded_vmcs    vmcs01;
 	struct loaded_vmcs   *loaded_vmcs;
+	struct loaded_vmcs   *loaded_cpu_state;
 	bool                  __launched; /* temporary, used in vmx_vcpu_run */
 	struct msr_autoload {
 		struct vmx_msrs guest;
 		struct vmx_msrs host;
 	} msr_autoload;
+
 	struct {
-		int           loaded;
 		u16           fs_sel, gs_sel, ldt_sel;
 #ifdef CONFIG_X86_64
 		u16           ds_sel, es_sel;
@@ -2750,10 +2754,11 @@ static void vmx_save_host_state(struct k
 #endif
 	int i;
 
-	if (vmx->host_state.loaded)
+	if (vmx->loaded_cpu_state)
 		return;
 
-	vmx->host_state.loaded = 1;
+	vmx->loaded_cpu_state = vmx->loaded_vmcs;
+
 	/*
 	 * Set host fs and gs selectors.  Unfortunately, 22.2.3 does not
 	 * allow segment selectors with cpl > 0 or ti == 1.
@@ -2815,11 +2820,14 @@ static void vmx_save_host_state(struct k
 
 static void __vmx_load_host_state(struct vcpu_vmx *vmx)
 {
-	if (!vmx->host_state.loaded)
+	if (!vmx->loaded_cpu_state)
 		return;
 
+	WARN_ON_ONCE(vmx->loaded_cpu_state != vmx->loaded_vmcs);
+
 	++vmx->vcpu.stat.host_state_reload;
-	vmx->host_state.loaded = 0;
+	vmx->loaded_cpu_state = NULL;
+
 #ifdef CONFIG_X86_64
 	if (is_long_mode(&vmx->vcpu))
 		rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
@@ -10517,8 +10525,8 @@ static void vmx_switch_vmcs(struct kvm_v
 		return;
 
 	cpu = get_cpu();
-	vmx->loaded_vmcs = vmcs;
 	vmx_vcpu_put(vcpu);
+	vmx->loaded_vmcs = vmcs;
 	vmx_vcpu_load(vcpu, cpu);
 	put_cpu();
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 131/197] kvm: nVMX: Fix fault vector for VMX operation at CPL > 0
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (129 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 130/197] KVM: vmx: track host_state.loaded using a loaded_vmcs pointer Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 132/197] drm/etnaviv: fix crash in GPU suspend when init failed due to buffer placement Greg Kroah-Hartman
                   ` (67 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jim Mattson, David Hildenbrand,
	Paolo Bonzini, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jim Mattson <jmattson@google.com>

[ Upstream commit 36090bf43a6b835a42f515cb515ff6fa293a25fe ]

The fault that should be raised for a privilege level violation is #GP
rather than #UD.

Fixes: 727ba748e110b4 ("kvm: nVMX: Enforce cpl=0 for VMX instructions")
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/vmx.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8123,7 +8123,7 @@ static int handle_vmon(struct kvm_vcpu *
 
 	/* CPL=0 must be checked manually. */
 	if (vmx_get_cpl(vcpu)) {
-		kvm_queue_exception(vcpu, UD_VECTOR);
+		kvm_inject_gp(vcpu, 0);
 		return 1;
 	}
 
@@ -8187,7 +8187,7 @@ static int handle_vmon(struct kvm_vcpu *
 static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
 {
 	if (vmx_get_cpl(vcpu)) {
-		kvm_queue_exception(vcpu, UD_VECTOR);
+		kvm_inject_gp(vcpu, 0);
 		return 0;
 	}
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 132/197] drm/etnaviv: fix crash in GPU suspend when init failed due to buffer placement
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (130 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 131/197] kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 133/197] btrfs: Exit gracefully when chunk map cannot be inserted to the tree Greg Kroah-Hartman
                   ` (66 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lucas Stach, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lucas Stach <l.stach@pengutronix.de>

[ Upstream commit 5b147465532365dc4e2fee8499d6ca1f52dd0d16 ]

When the suballocator was unable to provide a suitable buffer for the MMUv1
linear window, we roll back the GPU initialization. As the GPU is runtime
resumed at that point we need to clear the kernel cmdbuf suballoc entry to
properly skip any attempt to manipulate the cmdbuf when the GPU gets shut
down in the runtime suspend later on.

Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/etnaviv/etnaviv_gpu.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
@@ -799,6 +799,7 @@ int etnaviv_gpu_init(struct etnaviv_gpu
 
 free_buffer:
 	etnaviv_cmdbuf_free(&gpu->buffer);
+	gpu->buffer.suballoc = NULL;
 destroy_iommu:
 	etnaviv_iommu_destroy(gpu->mmu);
 	gpu->mmu = NULL;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 133/197] btrfs: Exit gracefully when chunk map cannot be inserted to the tree
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (131 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 132/197] drm/etnaviv: fix crash in GPU suspend when init failed due to buffer placement Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 134/197] btrfs: replace: Reset on-disk dev stats value after replace Greg Kroah-Hartman
                   ` (65 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Xu Wen, Qu Wenruo, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Qu Wenruo <wqu@suse.com>

[ Upstream commit 64f64f43c89aca1782aa672e0586f6903c5d8979 ]

It's entirely possible that a crafted btrfs image contains overlapping
chunks.

Although we can't detect such problem by tree-checker, it's not a
catastrophic problem, current extent map can already detect such problem
and return -EEXIST.

We just only need to exit gracefully and fail the mount.

Reported-by: Xu Wen <wen.xu@gatech.edu>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=200409
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/volumes.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -6563,10 +6563,14 @@ static int read_one_chunk(struct btrfs_f
 	write_lock(&map_tree->map_tree.lock);
 	ret = add_extent_mapping(&map_tree->map_tree, em, 0);
 	write_unlock(&map_tree->map_tree.lock);
-	BUG_ON(ret); /* Tree corruption */
+	if (ret < 0) {
+		btrfs_err(fs_info,
+			  "failed to add chunk map, start=%llu len=%llu: %d",
+			  em->start, em->len, ret);
+	}
 	free_extent_map(em);
 
-	return 0;
+	return ret;
 }
 
 static void fill_device_from_item(struct extent_buffer *leaf,



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 134/197] btrfs: replace: Reset on-disk dev stats value after replace
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (132 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 133/197] btrfs: Exit gracefully when chunk map cannot be inserted to the tree Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 135/197] btrfs: fix in-memory value of total_devices after seed device deletion Greg Kroah-Hartman
                   ` (64 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Misono Tomohiro, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>

[ Upstream commit 1e7e1f9e3aba00c9b9c323bfeeddafe69ff21ff6 ]

on-disk devs stats value is updated in btrfs_run_dev_stats(),
which is called during commit transaction, if device->dev_stats_ccnt
is not zero.

Since current replace operation does not touch dev_stats_ccnt,
on-disk dev stats value is not updated. Therefore "btrfs device stats"
may return old device's value after umount/mount
(Example: See "btrfs ins dump-t -t DEV $DEV" after btrfs/100 finish).

Fix this by just incrementing dev_stats_ccnt in
btrfs_dev_replace_finishing() when replace is succeeded and this will
update the values.

Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/dev-replace.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -677,6 +677,12 @@ static int btrfs_dev_replace_finishing(s
 	btrfs_rm_dev_replace_unblocked(fs_info);
 
 	/*
+	 * Increment dev_stats_ccnt so that btrfs_run_dev_stats() will
+	 * update on-disk dev stats value during commit transaction
+	 */
+	atomic_inc(&tgt_device->dev_stats_ccnt);
+
+	/*
 	 * this is again a consistent state where no dev_replace procedure
 	 * is running, the target device is part of the filesystem, the
 	 * source device is not part of the filesystem anymore and its 1st



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 135/197] btrfs: fix in-memory value of total_devices after seed device deletion
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (133 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 134/197] btrfs: replace: Reset on-disk dev stats value after replace Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 136/197] btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Greg Kroah-Hartman
                   ` (63 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Anand Jain <anand.jain@oracle.com>

[ Upstream commit b4993e64f78a9605b45252fa9ba385c88a1f4ce9 ]

In case of deleting the seed device the %cur_devices (seed) and the
%fs_devices (parent) are different. Now, as the parent
fs_devices::total_devices also maintains the total number of devices
including the seed device, so decrement its in-memory value for the
successful seed delete. We are already updating its corresponding
on-disk btrfs_super_block::number_devices value.

Signed-off-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/volumes.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -2029,6 +2029,9 @@ int btrfs_rm_device(struct btrfs_fs_info
 
 	cur_devices->num_devices--;
 	cur_devices->total_devices--;
+	/* Update total_devices of the parent fs_devices if it's seed */
+	if (cur_devices != fs_devices)
+		fs_devices->total_devices--;
 
 	if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state))
 		cur_devices->missing_devices--;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 136/197] btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (134 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 135/197] btrfs: fix in-memory value of total_devices after seed device deletion Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 137/197] btrfs: tree-checker: Detect invalid and empty essential trees Greg Kroah-Hartman
                   ` (62 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Xu Wen, Qu Wenruo, Gu Jinxiang,
	David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Qu Wenruo <wqu@suse.com>

[ Upstream commit 389305b2aa68723c754f88d9dbd268a400e10664 ]

Invalid reloc tree can cause kernel NULL pointer dereference when btrfs
does some cleanup of the reloc roots.

It turns out that fs_info::reloc_ctl can be NULL in
btrfs_recover_relocation() as we allocate relocation control after all
reloc roots have been verified.
So when we hit: note, we haven't called set_reloc_control() thus
fs_info::reloc_ctl is still NULL.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=199833
Reported-by: Xu Wen <wen.xu@gatech.edu>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Tested-by: Gu Jinxiang <gujx@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/relocation.c |   23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -1321,18 +1321,19 @@ static void __del_reloc_root(struct btrf
 	struct mapping_node *node = NULL;
 	struct reloc_control *rc = fs_info->reloc_ctl;
 
-	spin_lock(&rc->reloc_root_tree.lock);
-	rb_node = tree_search(&rc->reloc_root_tree.rb_root,
-			      root->node->start);
-	if (rb_node) {
-		node = rb_entry(rb_node, struct mapping_node, rb_node);
-		rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root);
+	if (rc) {
+		spin_lock(&rc->reloc_root_tree.lock);
+		rb_node = tree_search(&rc->reloc_root_tree.rb_root,
+				      root->node->start);
+		if (rb_node) {
+			node = rb_entry(rb_node, struct mapping_node, rb_node);
+			rb_erase(&node->rb_node, &rc->reloc_root_tree.rb_root);
+		}
+		spin_unlock(&rc->reloc_root_tree.lock);
+		if (!node)
+			return;
+		BUG_ON((struct btrfs_root *)node->data != root);
 	}
-	spin_unlock(&rc->reloc_root_tree.lock);
-
-	if (!node)
-		return;
-	BUG_ON((struct btrfs_root *)node->data != root);
 
 	spin_lock(&fs_info->trans_lock);
 	list_del_init(&root->root_list);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 137/197] btrfs: tree-checker: Detect invalid and empty essential trees
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (135 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 136/197] btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 138/197] btrfs: check-integrity: Fix NULL pointer dereference for degraded mount Greg Kroah-Hartman
                   ` (61 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Xu Wen, Qu Wenruo, Gu Jinxiang,
	David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Qu Wenruo <wqu@suse.com>

[ Upstream commit ba480dd4db9f1798541eb2d1c423fc95feee8d36 ]

A crafted image has empty root tree block, which will later cause NULL
pointer dereference.

The following trees should never be empty:
1) Tree root
   Must contain at least root items for extent tree, device tree and fs
   tree

2) Chunk tree
   Or we can't even bootstrap as it contains the mapping.

3) Fs tree
   At least inode item for top level inode (.).

4) Device tree
   Dev extents for chunks

5) Extent tree
   Must have corresponding extent for each chunk.

If any of them is empty, we are sure the fs is corrupted and no need to
mount it.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=199847
Reported-by: Xu Wen <wen.xu@gatech.edu>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Tested-by: Gu Jinxiang <gujx@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/tree-checker.c |   15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -396,9 +396,22 @@ static int check_leaf(struct btrfs_fs_in
 	 * skip this check for relocation trees.
 	 */
 	if (nritems == 0 && !btrfs_header_flag(leaf, BTRFS_HEADER_FLAG_RELOC)) {
+		u64 owner = btrfs_header_owner(leaf);
 		struct btrfs_root *check_root;
 
-		key.objectid = btrfs_header_owner(leaf);
+		/* These trees must never be empty */
+		if (owner == BTRFS_ROOT_TREE_OBJECTID ||
+		    owner == BTRFS_CHUNK_TREE_OBJECTID ||
+		    owner == BTRFS_EXTENT_TREE_OBJECTID ||
+		    owner == BTRFS_DEV_TREE_OBJECTID ||
+		    owner == BTRFS_FS_TREE_OBJECTID ||
+		    owner == BTRFS_DATA_RELOC_TREE_OBJECTID) {
+			generic_err(fs_info, leaf, 0,
+			"invalid root, root %llu must never be empty",
+				    owner);
+			return -EUCLEAN;
+		}
+		key.objectid = owner;
 		key.type = BTRFS_ROOT_ITEM_KEY;
 		key.offset = (u64)-1;
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 138/197] btrfs: check-integrity: Fix NULL pointer dereference for degraded mount
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (136 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 137/197] btrfs: tree-checker: Detect invalid and empty essential trees Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 139/197] btrfs: lift uuid_mutex to callers of btrfs_open_devices Greg Kroah-Hartman
                   ` (60 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Qu Wenruo, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Qu Wenruo <wqu@suse.com>

[ Upstream commit 9912bbf6440ba0555e91d3306520da01872c7c1d ]

Commit f8f84b2dfda5 ("btrfs: index check-integrity state hash by a dev_t")
changed how btrfsic indexes device state.

Now we need to access device->bdev->bd_dev, while for degraded mount
it's completely possible to have device->bdev as NULL, thus it will
trigger a NULL pointer dereference at mount time.

Fix it by checking if the device is degraded before accessing
device->bdev->bd_dev.

There are a lot of other places accessing device->bdev->bd_dev, however
the other call sites have either checked device->bdev, or the
device->bdev is passed from btrfsic_map_block(), so it won't cause harm.

Fixes: f8f84b2dfda5 ("btrfs: index check-integrity state hash by a dev_t")
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/check-integrity.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- a/fs/btrfs/check-integrity.c
+++ b/fs/btrfs/check-integrity.c
@@ -1539,7 +1539,12 @@ static int btrfsic_map_block(struct btrf
 	}
 
 	device = multi->stripes[0].dev;
-	block_ctx_out->dev = btrfsic_dev_state_lookup(device->bdev->bd_dev);
+	if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state) ||
+	    !device->bdev || !device->name)
+		block_ctx_out->dev = NULL;
+	else
+		block_ctx_out->dev = btrfsic_dev_state_lookup(
+							device->bdev->bd_dev);
 	block_ctx_out->dev_bytenr = multi->stripes[0].physical;
 	block_ctx_out->start = bytenr;
 	block_ctx_out->len = len;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 139/197] btrfs: lift uuid_mutex to callers of btrfs_open_devices
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (137 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 138/197] btrfs: check-integrity: Fix NULL pointer dereference for degraded mount Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 140/197] btrfs: Dont remove block group that still has pinned down bytes Greg Kroah-Hartman
                   ` (59 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Sterba <dsterba@suse.com>

[ Upstream commit f5194e34cabaddd348a90f950e0a8188dd26cdc0 ]

Prepartory work to fix race between mount and device scan.

The callers will have to manage the critical section, eg. mount wants to
scan and then call btrfs_open_devices without the ioctl scan walking in
and modifying the fs devices in the meantime.

Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/super.c   |    2 ++
 fs/btrfs/volumes.c |    4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1565,7 +1565,9 @@ static struct dentry *btrfs_mount_root(s
 		goto error_fs_info;
 	}
 
+	mutex_lock(&uuid_mutex);
 	error = btrfs_open_devices(fs_devices, mode, fs_type);
+	mutex_unlock(&uuid_mutex);
 	if (error)
 		goto error_fs_info;
 
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -1146,7 +1146,8 @@ int btrfs_open_devices(struct btrfs_fs_d
 {
 	int ret;
 
-	mutex_lock(&uuid_mutex);
+	lockdep_assert_held(&uuid_mutex);
+
 	mutex_lock(&fs_devices->device_list_mutex);
 	if (fs_devices->opened) {
 		fs_devices->opened++;
@@ -1156,7 +1157,6 @@ int btrfs_open_devices(struct btrfs_fs_d
 		ret = open_fs_devices(fs_devices, flags, holder);
 	}
 	mutex_unlock(&fs_devices->device_list_mutex);
-	mutex_unlock(&uuid_mutex);
 
 	return ret;
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 140/197] btrfs: Dont remove block group that still has pinned down bytes
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (138 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 139/197] btrfs: lift uuid_mutex to callers of btrfs_open_devices Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 141/197] btrfs: Fix a C compliance issue Greg Kroah-Hartman
                   ` (58 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Qu Wenruo, Filipe Manana,
	David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Qu Wenruo <wqu@suse.com>

[ Upstream commit 43794446548730ac8461be30bbe47d5d027d1d16 ]

[BUG]
Under certain KVM load and LTP tests, it is possible to hit the
following calltrace if quota is enabled:

BTRFS critical (device vda2): unable to find logical 8820195328 length 4096
BTRFS critical (device vda2): unable to find logical 8820195328 length 4096

WARNING: CPU: 0 PID: 49 at ../block/blk-core.c:172 blk_status_to_errno+0x1a/0x30
CPU: 0 PID: 49 Comm: kworker/u2:1 Not tainted 4.12.14-15-default #1 SLE15 (unreleased)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
Workqueue: btrfs-endio-write btrfs_endio_write_helper [btrfs]
task: ffff9f827b340bc0 task.stack: ffffb4f8c0304000
RIP: 0010:blk_status_to_errno+0x1a/0x30
Call Trace:
 submit_extent_page+0x191/0x270 [btrfs]
 ? btrfs_create_repair_bio+0x130/0x130 [btrfs]
 __do_readpage+0x2d2/0x810 [btrfs]
 ? btrfs_create_repair_bio+0x130/0x130 [btrfs]
 ? run_one_async_done+0xc0/0xc0 [btrfs]
 __extent_read_full_page+0xe7/0x100 [btrfs]
 ? run_one_async_done+0xc0/0xc0 [btrfs]
 read_extent_buffer_pages+0x1ab/0x2d0 [btrfs]
 ? run_one_async_done+0xc0/0xc0 [btrfs]
 btree_read_extent_buffer_pages+0x94/0xf0 [btrfs]
 read_tree_block+0x31/0x60 [btrfs]
 read_block_for_search.isra.35+0xf0/0x2e0 [btrfs]
 btrfs_search_slot+0x46b/0xa00 [btrfs]
 ? kmem_cache_alloc+0x1a8/0x510
 ? btrfs_get_token_32+0x5b/0x120 [btrfs]
 find_parent_nodes+0x11d/0xeb0 [btrfs]
 ? leaf_space_used+0xb8/0xd0 [btrfs]
 ? btrfs_leaf_free_space+0x49/0x90 [btrfs]
 ? btrfs_find_all_roots_safe+0x93/0x100 [btrfs]
 btrfs_find_all_roots_safe+0x93/0x100 [btrfs]
 btrfs_find_all_roots+0x45/0x60 [btrfs]
 btrfs_qgroup_trace_extent_post+0x20/0x40 [btrfs]
 btrfs_add_delayed_data_ref+0x1a3/0x1d0 [btrfs]
 btrfs_alloc_reserved_file_extent+0x38/0x40 [btrfs]
 insert_reserved_file_extent.constprop.71+0x289/0x2e0 [btrfs]
 btrfs_finish_ordered_io+0x2f4/0x7f0 [btrfs]
 ? pick_next_task_fair+0x2cd/0x530
 ? __switch_to+0x92/0x4b0
 btrfs_worker_helper+0x81/0x300 [btrfs]
 process_one_work+0x1da/0x3f0
 worker_thread+0x2b/0x3f0
 ? process_one_work+0x3f0/0x3f0
 kthread+0x11a/0x130
 ? kthread_create_on_node+0x40/0x40
 ret_from_fork+0x35/0x40

BTRFS critical (device vda2): unable to find logical 8820195328 length 16384
BTRFS: error (device vda2) in btrfs_finish_ordered_io:3023: errno=-5 IO failure
BTRFS info (device vda2): forced readonly
BTRFS error (device vda2): pending csums is 2887680

[CAUSE]
It's caused by race with block group auto removal:

- There is a meta block group X, which has only one tree block
  The tree block belongs to fs tree 257.
- In current transaction, some operation modified fs tree 257
  The tree block gets COWed, so the block group X is empty, and marked
  as unused, queued to be deleted.
- Some workload (like fsync) wakes up cleaner_kthread()
  Which will call btrfs_delete_unused_bgs() to remove unused block
  groups.
  So block group X along its chunk map get removed.
- Some delalloc work finished for fs tree 257
  Quota needs to get the original reference of the extent, which will
  read tree blocks of commit root of 257.
  Then since the chunk map gets removed, the above warning gets
  triggered.

[FIX]
Just let btrfs_delete_unused_bgs() skip block group which still has
pinned bytes.

However there is a minor side effect: currently we only queue empty
blocks at update_block_group(), and such empty block group with pinned
bytes won't go through update_block_group() again, such block group
won't be removed, until it gets new extent allocated and removed.

Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/extent-tree.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -10687,7 +10687,7 @@ void btrfs_delete_unused_bgs(struct btrf
 		/* Don't want to race with allocators so take the groups_sem */
 		down_write(&space_info->groups_sem);
 		spin_lock(&block_group->lock);
-		if (block_group->reserved ||
+		if (block_group->reserved || block_group->pinned ||
 		    btrfs_block_group_used(&block_group->item) ||
 		    block_group->ro ||
 		    list_is_singular(&block_group->list)) {



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 141/197] btrfs: Fix a C compliance issue
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (139 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 140/197] btrfs: Dont remove block group that still has pinned down bytes Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 142/197] arm64: rockchip: Force CONFIG_PM on Rockchip systems Greg Kroah-Hartman
                   ` (57 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Bart Van Assche, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bart Van Assche <bart.vanassche@wdc.com>

[ Upstream commit edf57cbf2b030781885e339f32e35a470d2f8eba ]

The C programming language does not allow to use preprocessor statements
inside macro arguments (pr_info() is defined as a macro). Hence rework
the pr_info() statement in btrfs_print_mod_info() such that it becomes
compliant. This patch allows tools like sparse to analyze the BTRFS
source code.

Fixes: 62e855771dac ("btrfs: convert printk(KERN_* to use pr_* calls")
Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/super.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -2370,7 +2370,7 @@ static __cold void btrfs_interface_exit(
 
 static void __init btrfs_print_mod_info(void)
 {
-	pr_info("Btrfs loaded, crc32c=%s"
+	static const char options[] = ""
 #ifdef CONFIG_BTRFS_DEBUG
 			", debug=on"
 #endif
@@ -2383,8 +2383,8 @@ static void __init btrfs_print_mod_info(
 #ifdef CONFIG_BTRFS_FS_REF_VERIFY
 			", ref-verify=on"
 #endif
-			"\n",
-			crc32c_impl());
+			;
+	pr_info("Btrfs loaded, crc32c=%s%s\n", crc32c_impl(), options);
 }
 
 static int __init init_btrfs_fs(void)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 142/197] arm64: rockchip: Force CONFIG_PM on Rockchip systems
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (140 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 141/197] btrfs: Fix a C compliance issue Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 143/197] ARM: " Greg Kroah-Hartman
                   ` (56 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Olof Johansson, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marc Zyngier <marc.zyngier@arm.com>

[ Upstream commit 7db7a8f5638a2ffe0c0c0d55b5186b6191fd6af7 ]

A number of the Rockchip-specific drivers (IOMMU, display controllers)
are now assuming that CONFIG_PM is set, and may completely misbehave
if that's not the case.

Since there is hardly any reason for this configuration option not
to be selected anyway, let's require it (in the same way Tegra already
does).

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/arm64/Kconfig.platforms |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/arm64/Kconfig.platforms
+++ b/arch/arm64/Kconfig.platforms
@@ -151,6 +151,7 @@ config ARCH_ROCKCHIP
 	select GPIOLIB
 	select PINCTRL
 	select PINCTRL_ROCKCHIP
+	select PM
 	select ROCKCHIP_TIMER
 	help
 	  This enables support for the ARMv8 based Rockchip chipsets,



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 143/197] ARM: rockchip: Force CONFIG_PM on Rockchip systems
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (141 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 142/197] arm64: rockchip: Force CONFIG_PM on Rockchip systems Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 144/197] btrfs: do btrfs_free_stale_devices outside of device_list_add Greg Kroah-Hartman
                   ` (55 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Olof Johansson, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marc Zyngier <marc.zyngier@arm.com>

[ Upstream commit d1558dfd9f22c99a5b8e1354ad881ee40749da89 ]

A number of the Rockchip-specific drivers (IOMMU, display controllers)
are now assuming that CONFIG_PM is set, and may completely misbehave
if that's not the case.

Since there is hardly any reason for this configuration option not
to be selected anyway, let's require it (in the same way Tegra already
does).

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/arm/mach-rockchip/Kconfig |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/arm/mach-rockchip/Kconfig
+++ b/arch/arm/mach-rockchip/Kconfig
@@ -17,6 +17,7 @@ config ARCH_ROCKCHIP
 	select ARM_GLOBAL_TIMER
 	select CLKSRC_ARM_GLOBAL_TIMER_SCHED_CLOCK
 	select ZONE_DMA if ARM_LPAE
+	select PM
 	help
 	  Support for Rockchip's Cortex-A9 Single-to-Quad-Core-SoCs
 	  containing the RK2928, RK30xx and RK31xx series.



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 144/197] btrfs: do btrfs_free_stale_devices outside of device_list_add
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (142 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 143/197] ARM: " Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 145/197] btrfs: extend locked section when adding a new device in device_list_add Greg Kroah-Hartman
                   ` (54 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Anand Jain <anand.jain@oracle.com>

[ Upstream commit 4306a97449f9a0f9e5229af7889d4401315355aa ]

btrfs_free_stale_devices() looks for device path reused for another
filesystem, and deletes the older fs_devices::device entry.

In preparation to handle locking in device_list_add, move
btrfs_free_stale_devices outside as these two functions serve a
different purpose.

Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/volumes.c |   15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -750,7 +750,8 @@ error_brelse:
  * error pointer when failed
  */
 static noinline struct btrfs_device *device_list_add(const char *path,
-			   struct btrfs_super_block *disk_super)
+			   struct btrfs_super_block *disk_super,
+			   bool *new_device_added)
 {
 	struct btrfs_device *device;
 	struct btrfs_fs_devices *fs_devices;
@@ -796,7 +797,7 @@ static noinline struct btrfs_device *dev
 		mutex_unlock(&fs_devices->device_list_mutex);
 
 		device->fs_devices = fs_devices;
-		btrfs_free_stale_devices(path, device);
+		*new_device_added = true;
 
 		if (disk_super->label[0])
 			pr_info("BTRFS: device label %s devid %llu transid %llu %s\n",
@@ -1221,6 +1222,7 @@ int btrfs_scan_one_device(const char *pa
 			  struct btrfs_fs_devices **fs_devices_ret)
 {
 	struct btrfs_super_block *disk_super;
+	bool new_device_added = false;
 	struct btrfs_device *device;
 	struct block_device *bdev;
 	struct page *page;
@@ -1246,11 +1248,14 @@ int btrfs_scan_one_device(const char *pa
 	}
 
 	mutex_lock(&uuid_mutex);
-	device = device_list_add(path, disk_super);
-	if (IS_ERR(device))
+	device = device_list_add(path, disk_super, &new_device_added);
+	if (IS_ERR(device)) {
 		ret = PTR_ERR(device);
-	else
+	} else {
 		*fs_devices_ret = device->fs_devices;
+		if (new_device_added)
+			btrfs_free_stale_devices(path, device);
+	}
 	mutex_unlock(&uuid_mutex);
 
 	btrfs_release_disk_super(page);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 145/197] btrfs: extend locked section when adding a new device in device_list_add
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (143 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 144/197] btrfs: do btrfs_free_stale_devices outside of device_list_add Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 146/197] btrfs: rename local devices for fs_devices in btrfs_free_stale_devices( Greg Kroah-Hartman
                   ` (53 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Anand Jain <anand.jain@oracle.com>

[ Upstream commit 9c6d173ea6e4c8c939ae6c257c7fc18f7b320316 ]

Make sure the device_list_lock is held the whole time:

* when the device is being looked up
* new device is initialized and put to the list
* the list counters are updated (fs_devices::opened, fs_devices::total_devices)

Signed-off-by: Anand Jain <anand.jain@oracle.com>
[ update changelog ]
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/volumes.c |   16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -765,21 +765,26 @@ static noinline struct btrfs_device *dev
 		if (IS_ERR(fs_devices))
 			return ERR_CAST(fs_devices);
 
+		mutex_lock(&fs_devices->device_list_mutex);
 		list_add(&fs_devices->fs_list, &fs_uuids);
 
 		device = NULL;
 	} else {
+		mutex_lock(&fs_devices->device_list_mutex);
 		device = find_device(fs_devices, devid,
 				disk_super->dev_item.uuid);
 	}
 
 	if (!device) {
-		if (fs_devices->opened)
+		if (fs_devices->opened) {
+			mutex_unlock(&fs_devices->device_list_mutex);
 			return ERR_PTR(-EBUSY);
+		}
 
 		device = btrfs_alloc_device(NULL, &devid,
 					    disk_super->dev_item.uuid);
 		if (IS_ERR(device)) {
+			mutex_unlock(&fs_devices->device_list_mutex);
 			/* we can safely leave the fs_devices entry around */
 			return device;
 		}
@@ -787,14 +792,13 @@ static noinline struct btrfs_device *dev
 		name = rcu_string_strdup(path, GFP_NOFS);
 		if (!name) {
 			btrfs_free_device(device);
+			mutex_unlock(&fs_devices->device_list_mutex);
 			return ERR_PTR(-ENOMEM);
 		}
 		rcu_assign_pointer(device->name, name);
 
-		mutex_lock(&fs_devices->device_list_mutex);
 		list_add_rcu(&device->dev_list, &fs_devices->devices);
 		fs_devices->num_devices++;
-		mutex_unlock(&fs_devices->device_list_mutex);
 
 		device->fs_devices = fs_devices;
 		*new_device_added = true;
@@ -841,12 +845,15 @@ static noinline struct btrfs_device *dev
 			 * with larger generation number or the last-in if
 			 * generation are equal.
 			 */
+			mutex_unlock(&fs_devices->device_list_mutex);
 			return ERR_PTR(-EEXIST);
 		}
 
 		name = rcu_string_strdup(path, GFP_NOFS);
-		if (!name)
+		if (!name) {
+			mutex_unlock(&fs_devices->device_list_mutex);
 			return ERR_PTR(-ENOMEM);
+		}
 		rcu_string_free(device->name);
 		rcu_assign_pointer(device->name, name);
 		if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state)) {
@@ -866,6 +873,7 @@ static noinline struct btrfs_device *dev
 
 	fs_devices->total_devices = btrfs_super_num_devices(disk_super);
 
+	mutex_unlock(&fs_devices->device_list_mutex);
 	return device;
 }
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 146/197] btrfs: rename local devices for fs_devices in btrfs_free_stale_devices(
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (144 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 145/197] btrfs: extend locked section when adding a new device in device_list_add Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 147/197] btrfs: use device_list_mutex when removing stale devices Greg Kroah-Hartman
                   ` (52 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Anand Jain <anand.jain@oracle.com>

[ Upstream commit fa6d2ae540a200a17bb7ee769f9df22d411c9404 ]

Over the years we named %fs_devices and %devices to represent the
struct btrfs_fs_devices and the struct btrfs_device. So follow the same
scheme here too. No functional changes.

Signed-off-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/volumes.c |   35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -634,43 +634,42 @@ static void pending_bios_fn(struct btrfs
  *		devices.
  */
 static void btrfs_free_stale_devices(const char *path,
-				     struct btrfs_device *skip_dev)
+				     struct btrfs_device *skip_device)
 {
-	struct btrfs_fs_devices *fs_devs, *tmp_fs_devs;
-	struct btrfs_device *dev, *tmp_dev;
+	struct btrfs_fs_devices *fs_devices, *tmp_fs_devices;
+	struct btrfs_device *device, *tmp_device;
 
-	list_for_each_entry_safe(fs_devs, tmp_fs_devs, &fs_uuids, fs_list) {
-
-		if (fs_devs->opened)
+	list_for_each_entry_safe(fs_devices, tmp_fs_devices, &fs_uuids, fs_list) {
+		if (fs_devices->opened)
 			continue;
 
-		list_for_each_entry_safe(dev, tmp_dev,
-					 &fs_devs->devices, dev_list) {
+		list_for_each_entry_safe(device, tmp_device,
+					 &fs_devices->devices, dev_list) {
 			int not_found = 0;
 
-			if (skip_dev && skip_dev == dev)
+			if (skip_device && skip_device == device)
 				continue;
-			if (path && !dev->name)
+			if (path && !device->name)
 				continue;
 
 			rcu_read_lock();
 			if (path)
-				not_found = strcmp(rcu_str_deref(dev->name),
+				not_found = strcmp(rcu_str_deref(device->name),
 						   path);
 			rcu_read_unlock();
 			if (not_found)
 				continue;
 
 			/* delete the stale device */
-			if (fs_devs->num_devices == 1) {
-				btrfs_sysfs_remove_fsid(fs_devs);
-				list_del(&fs_devs->fs_list);
-				free_fs_devices(fs_devs);
+			if (fs_devices->num_devices == 1) {
+				btrfs_sysfs_remove_fsid(fs_devices);
+				list_del(&fs_devices->fs_list);
+				free_fs_devices(fs_devices);
 				break;
 			} else {
-				fs_devs->num_devices--;
-				list_del(&dev->dev_list);
-				btrfs_free_device(dev);
+				fs_devices->num_devices--;
+				list_del(&device->dev_list);
+				btrfs_free_device(device);
 			}
 		}
 	}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 147/197] btrfs: use device_list_mutex when removing stale devices
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (145 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 146/197] btrfs: rename local devices for fs_devices in btrfs_free_stale_devices( Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 148/197] btrfs: lift uuid_mutex to callers of btrfs_scan_one_device Greg Kroah-Hartman
                   ` (51 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Anand Jain <anand.jain@oracle.com>

[ Upstream commit 7bcb8164ad9435068d9bc3b83b8a002c64d63ff6 ]

btrfs_free_stale_devices() finds a stale (not opened) device matching
path in the fs_uuid list. We are already under uuid_mutex so when we
check for each fs_devices, hold the device_list_mutex too.

Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/volumes.c |   25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -640,8 +640,11 @@ static void btrfs_free_stale_devices(con
 	struct btrfs_device *device, *tmp_device;
 
 	list_for_each_entry_safe(fs_devices, tmp_fs_devices, &fs_uuids, fs_list) {
-		if (fs_devices->opened)
+		mutex_lock(&fs_devices->device_list_mutex);
+		if (fs_devices->opened) {
+			mutex_unlock(&fs_devices->device_list_mutex);
 			continue;
+		}
 
 		list_for_each_entry_safe(device, tmp_device,
 					 &fs_devices->devices, dev_list) {
@@ -661,16 +664,18 @@ static void btrfs_free_stale_devices(con
 				continue;
 
 			/* delete the stale device */
-			if (fs_devices->num_devices == 1) {
-				btrfs_sysfs_remove_fsid(fs_devices);
-				list_del(&fs_devices->fs_list);
-				free_fs_devices(fs_devices);
+			fs_devices->num_devices--;
+			list_del(&device->dev_list);
+			btrfs_free_device(device);
+
+			if (fs_devices->num_devices == 0)
 				break;
-			} else {
-				fs_devices->num_devices--;
-				list_del(&device->dev_list);
-				btrfs_free_device(device);
-			}
+		}
+		mutex_unlock(&fs_devices->device_list_mutex);
+		if (fs_devices->num_devices == 0) {
+			btrfs_sysfs_remove_fsid(fs_devices);
+			list_del(&fs_devices->fs_list);
+			free_fs_devices(fs_devices);
 		}
 	}
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 148/197] btrfs: lift uuid_mutex to callers of btrfs_scan_one_device
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (146 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 147/197] btrfs: use device_list_mutex when removing stale devices Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 149/197] btrfs: lift uuid_mutex to callers of btrfs_parse_early_options Greg Kroah-Hartman
                   ` (50 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Sterba <dsterba@suse.com>

[ Upstream commit 899f9307c33ce4758c30a076b10ed54d5c91c6e7 ]

Prepartory work to fix race between mount and device scan.

The callers will have to manage the critical section, eg. mount wants to
scan and then call btrfs_open_devices without the ioctl scan walking in
and modifying the fs devices in the meantime.

Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/super.c   |   12 +++++++++++-
 fs/btrfs/volumes.c |    4 ++--
 2 files changed, 13 insertions(+), 3 deletions(-)

--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -917,8 +917,10 @@ static int btrfs_parse_early_options(con
 				error = -ENOMEM;
 				goto out;
 			}
+			mutex_lock(&uuid_mutex);
 			error = btrfs_scan_one_device(device_name,
 					flags, holder, fs_devices);
+			mutex_unlock(&uuid_mutex);
 			kfree(device_name);
 			if (error)
 				goto out;
@@ -1539,7 +1541,9 @@ static struct dentry *btrfs_mount_root(s
 			return ERR_PTR(error);
 	}
 
+	mutex_lock(&uuid_mutex);
 	error = btrfs_scan_one_device(device_name, mode, fs_type, &fs_devices);
+	mutex_unlock(&uuid_mutex);
 	if (error)
 		goto error_sec_opts;
 
@@ -2236,15 +2240,21 @@ static long btrfs_control_ioctl(struct f
 
 	switch (cmd) {
 	case BTRFS_IOC_SCAN_DEV:
+		mutex_lock(&uuid_mutex);
 		ret = btrfs_scan_one_device(vol->name, FMODE_READ,
 					    &btrfs_root_fs_type, &fs_devices);
+		mutex_unlock(&uuid_mutex);
 		break;
 	case BTRFS_IOC_DEVICES_READY:
+		mutex_lock(&uuid_mutex);
 		ret = btrfs_scan_one_device(vol->name, FMODE_READ,
 					    &btrfs_root_fs_type, &fs_devices);
-		if (ret)
+		if (ret) {
+			mutex_unlock(&uuid_mutex);
 			break;
+		}
 		ret = !(fs_devices->num_devices == fs_devices->total_devices);
+		mutex_unlock(&uuid_mutex);
 		break;
 	case BTRFS_IOC_GET_SUPPORTED_FEATURES:
 		ret = btrfs_ioctl_get_supported_features((void __user*)arg);
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -1241,6 +1241,8 @@ int btrfs_scan_one_device(const char *pa
 	int ret = 0;
 	u64 bytenr;
 
+	lockdep_assert_held(&uuid_mutex);
+
 	/*
 	 * we would like to check all the supers, but that would make
 	 * a btrfs mount succeed after a mkfs from a different FS.
@@ -1259,7 +1261,6 @@ int btrfs_scan_one_device(const char *pa
 		goto error_bdev_put;
 	}
 
-	mutex_lock(&uuid_mutex);
 	device = device_list_add(path, disk_super, &new_device_added);
 	if (IS_ERR(device)) {
 		ret = PTR_ERR(device);
@@ -1268,7 +1269,6 @@ int btrfs_scan_one_device(const char *pa
 		if (new_device_added)
 			btrfs_free_stale_devices(path, device);
 	}
-	mutex_unlock(&uuid_mutex);
 
 	btrfs_release_disk_super(page);
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 149/197] btrfs: lift uuid_mutex to callers of btrfs_parse_early_options
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (147 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 148/197] btrfs: lift uuid_mutex to callers of btrfs_scan_one_device Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 150/197] btrfs: reorder initialization before the mount locks uuid_mutex Greg Kroah-Hartman
                   ` (49 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Sterba <dsterba@suse.com>

[ Upstream commit 5139cff598d42b1e531f40c84691a7e945f04553 ]

Prepartory work to fix race between mount and device scan.

btrfs_parse_early_options calls the device scan from mount and we'll
need to let mount completely manage the critical section.

Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/super.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -892,6 +892,8 @@ static int btrfs_parse_early_options(con
 	char *device_name, *opts, *orig, *p;
 	int error = 0;
 
+	lockdep_assert_held(&uuid_mutex);
+
 	if (!options)
 		return 0;
 
@@ -917,10 +919,8 @@ static int btrfs_parse_early_options(con
 				error = -ENOMEM;
 				goto out;
 			}
-			mutex_lock(&uuid_mutex);
 			error = btrfs_scan_one_device(device_name,
 					flags, holder, fs_devices);
-			mutex_unlock(&uuid_mutex);
 			kfree(device_name);
 			if (error)
 				goto out;
@@ -1528,8 +1528,10 @@ static struct dentry *btrfs_mount_root(s
 	if (!(flags & SB_RDONLY))
 		mode |= FMODE_WRITE;
 
+	mutex_lock(&uuid_mutex);
 	error = btrfs_parse_early_options(data, mode, fs_type,
 					  &fs_devices);
+	mutex_unlock(&uuid_mutex);
 	if (error) {
 		return ERR_PTR(error);
 	}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 150/197] btrfs: reorder initialization before the mount locks uuid_mutex
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (148 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 149/197] btrfs: lift uuid_mutex to callers of btrfs_parse_early_options Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 151/197] btrfs: fix mount and ioctl device scan ioctl race Greg Kroah-Hartman
                   ` (48 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Sterba <dsterba@suse.com>

[ Upstream commit 399f7f4c42e8a58c8456264d5112287aefe44cf4 ]

In preparation to take a big lock, move resource initialization before
the critical section. It's not obvious from the diff, the desired order
is:

- initialize mount security options
- allocate temporary fs_info
- allocate superblock buffers

Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/super.c |   30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1528,14 +1528,6 @@ static struct dentry *btrfs_mount_root(s
 	if (!(flags & SB_RDONLY))
 		mode |= FMODE_WRITE;
 
-	mutex_lock(&uuid_mutex);
-	error = btrfs_parse_early_options(data, mode, fs_type,
-					  &fs_devices);
-	mutex_unlock(&uuid_mutex);
-	if (error) {
-		return ERR_PTR(error);
-	}
-
 	security_init_mnt_opts(&new_sec_opts);
 	if (data) {
 		error = parse_security_options(data, &new_sec_opts);
@@ -1543,12 +1535,6 @@ static struct dentry *btrfs_mount_root(s
 			return ERR_PTR(error);
 	}
 
-	mutex_lock(&uuid_mutex);
-	error = btrfs_scan_one_device(device_name, mode, fs_type, &fs_devices);
-	mutex_unlock(&uuid_mutex);
-	if (error)
-		goto error_sec_opts;
-
 	/*
 	 * Setup a dummy root and fs_info for test/set super.  This is because
 	 * we don't actually fill this stuff out until open_ctree, but we need
@@ -1561,8 +1547,6 @@ static struct dentry *btrfs_mount_root(s
 		goto error_sec_opts;
 	}
 
-	fs_info->fs_devices = fs_devices;
-
 	fs_info->super_copy = kzalloc(BTRFS_SUPER_INFO_SIZE, GFP_KERNEL);
 	fs_info->super_for_commit = kzalloc(BTRFS_SUPER_INFO_SIZE, GFP_KERNEL);
 	security_init_mnt_opts(&fs_info->security_opts);
@@ -1572,6 +1556,20 @@ static struct dentry *btrfs_mount_root(s
 	}
 
 	mutex_lock(&uuid_mutex);
+	error = btrfs_parse_early_options(data, mode, fs_type, &fs_devices);
+	mutex_unlock(&uuid_mutex);
+	if (error)
+		goto error_fs_info;
+
+	mutex_lock(&uuid_mutex);
+	error = btrfs_scan_one_device(device_name, mode, fs_type, &fs_devices);
+	mutex_unlock(&uuid_mutex);
+	if (error)
+		goto error_fs_info;
+
+	fs_info->fs_devices = fs_devices;
+
+	mutex_lock(&uuid_mutex);
 	error = btrfs_open_devices(fs_devices, mode, fs_type);
 	mutex_unlock(&uuid_mutex);
 	if (error)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 151/197] btrfs: fix mount and ioctl device scan ioctl race
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (149 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 150/197] btrfs: reorder initialization before the mount locks uuid_mutex Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 152/197] drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" Greg Kroah-Hartman
                   ` (47 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Sasha Levin

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Sterba <dsterba@suse.com>

[ Upstream commit 81ffd56b5745355b70d54ca4e1bdd0d64a66ff9f ]

Technically this extends the critical section covered by uuid_mutex to:

- parse early mount options -- here we can call device scan on paths
  that can be passed as 'device=/dev/...'

- scan the device passed to mount

- open the devices related to the fs_devices -- this increases
  fs_devices::opened

The race can happen when mount calls one of the scans and there's
another one called eg. by mkfs or 'btrfs dev scan':

Mount                                  Scan
-----                                  ----
scan_one_device (dev1, fsid1)
                                       scan_one_device (dev2, fsid1)
				           add the device
					   free stale devices
					       fsid1 fs_devices::opened == 0
					           find fsid1:dev1
					           free fsid1:dev1
					           if it's the last one,
					            free fs_devices of fsid1
						    too

open_devices (dev1, fsid1)
   dev1 not found

When fixed, the uuid mutex will make sure that mount will increase
fs_devices::opened and this will not be touched by the racing scan
ioctl.

Reported-and-tested-by: syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+ceb2606025ec1cc3479c@syzkaller.appspotmail.com
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>

Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/btrfs/super.c |   12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1557,19 +1557,19 @@ static struct dentry *btrfs_mount_root(s
 
 	mutex_lock(&uuid_mutex);
 	error = btrfs_parse_early_options(data, mode, fs_type, &fs_devices);
-	mutex_unlock(&uuid_mutex);
-	if (error)
+	if (error) {
+		mutex_unlock(&uuid_mutex);
 		goto error_fs_info;
+	}
 
-	mutex_lock(&uuid_mutex);
 	error = btrfs_scan_one_device(device_name, mode, fs_type, &fs_devices);
-	mutex_unlock(&uuid_mutex);
-	if (error)
+	if (error) {
+		mutex_unlock(&uuid_mutex);
 		goto error_fs_info;
+	}
 
 	fs_info->fs_devices = fs_devices;
 
-	mutex_lock(&uuid_mutex);
 	error = btrfs_open_devices(fs_devices, mode, fs_type);
 	mutex_unlock(&uuid_mutex);
 	if (error)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 152/197] drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks"
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (150 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 151/197] btrfs: fix mount and ioctl device scan ioctl race Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 153/197] drm/i915: Nuke the LVDS lid notifier Greg Kroah-Hartman
                   ` (46 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chris Wilson, Takashi Iwai,
	Pierre-Louis Bossart, Ville Syrjälä,
	Joonas Lahtinen, Rodrigo Vivi

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Chris Wilson <chris@chris-wilson.co.uk>

commit 75eef0f1ed478284911b8723a5bdb659499a7aac upstream.

The LPE audio is a child device of i915, it is powered up and down
alongside the igfx and presents no independent runtime interface. This
aptly fulfils the description of a "No-Callback" Device, so mark it
thus.

Fixes: 183c00350ccd ("drm/i915: Fix runtime PM for LPE audio")
Testcase: igt/pm_rpm/basic-pci-d3-state
Testcase: igt/pm_rpm/basic-rte
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: stable@vger.kernel.org
Reviewed-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180802140416.6062-1-chris@chris-wilson.co.uk
(cherry picked from commit 46e831abe864a6b59fa3de253a681c0f2ee1bf2f)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/intel_lpe_audio.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/drivers/gpu/drm/i915/intel_lpe_audio.c
+++ b/drivers/gpu/drm/i915/intel_lpe_audio.c
@@ -127,9 +127,7 @@ lpe_audio_platdev_create(struct drm_i915
 		return platdev;
 	}
 
-	pm_runtime_forbid(&platdev->dev);
-	pm_runtime_set_active(&platdev->dev);
-	pm_runtime_enable(&platdev->dev);
+	pm_runtime_no_callbacks(&platdev->dev);
 
 	return platdev;
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 153/197] drm/i915: Nuke the LVDS lid notifier
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (151 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 152/197] drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 154/197] drm/i915: Increase LSPCON timeout Greg Kroah-Hartman
                   ` (45 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wolfgang Draxinger, Vito Caputo,
	kitsunyan, Joonas Saarinen, Ville Syrjälä,
	Rodrigo Vivi

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ville Syrjälä <ville.syrjala@linux.intel.com>

commit 05c72e77ccda89ff624108b1b59a0fc43843f343 upstream.

We broke the LVDS notifier resume thing in (presumably) commit
e2c8b8701e2d ("drm/i915: Use atomic helpers for suspend, v2.") as
we no longer duplicate the current state in the LVDS notifier and
thus we never resume it properly either.

Instead of trying to fix it again let's just kill off the lid
notifier entirely. None of the machines tested thus far have
apparently needed it. Originally the lid notifier was added to
work around cases where the VBIOS was clobbering some of the
hardware state behind the driver's back, mostly on Thinkpads.
We now have a few report of Thinkpads working just fine without
the notifier. So maybe it was misdiagnosed originally, or
something else has changed (ACPI video stuff perhaps?).

If we do end up finding a machine where the VBIOS is still causing
problems I would suggest that we first try setting various bits in
the VBIOS scratch registers. There are several to choose from that
may instruct the VBIOS to steer clear.

With the notifier gone we'll also stop looking at the panel status
in ->detect().

v2: Nuke enum modeset_restore (Rodrigo)

Cc: stable@vger.kernel.org
Cc: Wolfgang Draxinger <wdraxinger.maillist@draxit.de>
Cc: Vito Caputo <vcaputo@pengaru.com>
Cc: kitsunyan <kitsunyan@airmail.cc>
Cc: Joonas Saarinen <jza@saunalahti.fi>
Tested-by: Vito Caputo <vcaputo@pengaru.com> # Thinkapd X61s
Tested-by: kitsunyan <kitsunyan@airmail.cc> # ThinkPad X200
Tested-by: Joonas Saarinen <jza@saunalahti.fi> # Fujitsu Siemens U9210
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105902
References: https://lists.freedesktop.org/archives/intel-gfx/2018-June/169315.html
References: https://bugs.freedesktop.org/show_bug.cgi?id=21230
Fixes: e2c8b8701e2d ("drm/i915: Use atomic helpers for suspend, v2.")
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180717174216.22252-1-ville.syrjala@linux.intel.com
Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/i915_drv.c   |   10 --
 drivers/gpu/drm/i915/i915_drv.h   |    8 --
 drivers/gpu/drm/i915/intel_lvds.c |  136 --------------------------------------
 3 files changed, 2 insertions(+), 152 deletions(-)

--- a/drivers/gpu/drm/i915/i915_drv.c
+++ b/drivers/gpu/drm/i915/i915_drv.c
@@ -919,7 +919,6 @@ static int i915_driver_init_early(struct
 	spin_lock_init(&dev_priv->uncore.lock);
 
 	mutex_init(&dev_priv->sb_lock);
-	mutex_init(&dev_priv->modeset_restore_lock);
 	mutex_init(&dev_priv->av_mutex);
 	mutex_init(&dev_priv->wm.wm_mutex);
 	mutex_init(&dev_priv->pps_mutex);
@@ -1560,11 +1559,6 @@ static int i915_drm_suspend(struct drm_d
 	pci_power_t opregion_target_state;
 	int error;
 
-	/* ignore lid events during suspend */
-	mutex_lock(&dev_priv->modeset_restore_lock);
-	dev_priv->modeset_restore = MODESET_SUSPENDED;
-	mutex_unlock(&dev_priv->modeset_restore_lock);
-
 	disable_rpm_wakeref_asserts(dev_priv);
 
 	/* We do a lot of poking in a lot of registers, make sure they work
@@ -1764,10 +1758,6 @@ static int i915_drm_resume(struct drm_de
 
 	intel_fbdev_set_suspend(dev, FBINFO_STATE_RUNNING, false);
 
-	mutex_lock(&dev_priv->modeset_restore_lock);
-	dev_priv->modeset_restore = MODESET_DONE;
-	mutex_unlock(&dev_priv->modeset_restore_lock);
-
 	intel_opregion_notify_adapter(dev_priv, PCI_D0);
 
 	enable_rpm_wakeref_asserts(dev_priv);
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -1003,12 +1003,6 @@ struct i915_gem_mm {
 #define I915_ENGINE_DEAD_TIMEOUT  (4 * HZ)  /* Seqno, head and subunits dead */
 #define I915_SEQNO_DEAD_TIMEOUT   (12 * HZ) /* Seqno dead with active head */
 
-enum modeset_restore {
-	MODESET_ON_LID_OPEN,
-	MODESET_DONE,
-	MODESET_SUSPENDED,
-};
-
 #define DP_AUX_A 0x40
 #define DP_AUX_B 0x10
 #define DP_AUX_C 0x20
@@ -1740,8 +1734,6 @@ struct drm_i915_private {
 
 	unsigned long quirks;
 
-	enum modeset_restore modeset_restore;
-	struct mutex modeset_restore_lock;
 	struct drm_atomic_state *modeset_restore_state;
 	struct drm_modeset_acquire_ctx reset_ctx;
 
--- a/drivers/gpu/drm/i915/intel_lvds.c
+++ b/drivers/gpu/drm/i915/intel_lvds.c
@@ -44,8 +44,6 @@
 /* Private structure for the integrated LVDS support */
 struct intel_lvds_connector {
 	struct intel_connector base;
-
-	struct notifier_block lid_notifier;
 };
 
 struct intel_lvds_pps {
@@ -454,26 +452,9 @@ static bool intel_lvds_compute_config(st
 	return true;
 }
 
-/*
- * Detect the LVDS connection.
- *
- * Since LVDS doesn't have hotlug, we use the lid as a proxy.  Open means
- * connected and closed means disconnected.  We also send hotplug events as
- * needed, using lid status notification from the input layer.
- */
 static enum drm_connector_status
 intel_lvds_detect(struct drm_connector *connector, bool force)
 {
-	struct drm_i915_private *dev_priv = to_i915(connector->dev);
-	enum drm_connector_status status;
-
-	DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n",
-		      connector->base.id, connector->name);
-
-	status = intel_panel_detect(dev_priv);
-	if (status != connector_status_unknown)
-		return status;
-
 	return connector_status_connected;
 }
 
@@ -498,117 +479,6 @@ static int intel_lvds_get_modes(struct d
 	return 1;
 }
 
-static int intel_no_modeset_on_lid_dmi_callback(const struct dmi_system_id *id)
-{
-	DRM_INFO("Skipping forced modeset for %s\n", id->ident);
-	return 1;
-}
-
-/* The GPU hangs up on these systems if modeset is performed on LID open */
-static const struct dmi_system_id intel_no_modeset_on_lid[] = {
-	{
-		.callback = intel_no_modeset_on_lid_dmi_callback,
-		.ident = "Toshiba Tecra A11",
-		.matches = {
-			DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"),
-			DMI_MATCH(DMI_PRODUCT_NAME, "TECRA A11"),
-		},
-	},
-
-	{ }	/* terminating entry */
-};
-
-/*
- * Lid events. Note the use of 'modeset':
- *  - we set it to MODESET_ON_LID_OPEN on lid close,
- *    and set it to MODESET_DONE on open
- *  - we use it as a "only once" bit (ie we ignore
- *    duplicate events where it was already properly set)
- *  - the suspend/resume paths will set it to
- *    MODESET_SUSPENDED and ignore the lid open event,
- *    because they restore the mode ("lid open").
- */
-static int intel_lid_notify(struct notifier_block *nb, unsigned long val,
-			    void *unused)
-{
-	struct intel_lvds_connector *lvds_connector =
-		container_of(nb, struct intel_lvds_connector, lid_notifier);
-	struct drm_connector *connector = &lvds_connector->base.base;
-	struct drm_device *dev = connector->dev;
-	struct drm_i915_private *dev_priv = to_i915(dev);
-
-	if (dev->switch_power_state != DRM_SWITCH_POWER_ON)
-		return NOTIFY_OK;
-
-	mutex_lock(&dev_priv->modeset_restore_lock);
-	if (dev_priv->modeset_restore == MODESET_SUSPENDED)
-		goto exit;
-	/*
-	 * check and update the status of LVDS connector after receiving
-	 * the LID nofication event.
-	 */
-	connector->status = connector->funcs->detect(connector, false);
-
-	/* Don't force modeset on machines where it causes a GPU lockup */
-	if (dmi_check_system(intel_no_modeset_on_lid))
-		goto exit;
-	if (!acpi_lid_open()) {
-		/* do modeset on next lid open event */
-		dev_priv->modeset_restore = MODESET_ON_LID_OPEN;
-		goto exit;
-	}
-
-	if (dev_priv->modeset_restore == MODESET_DONE)
-		goto exit;
-
-	/*
-	 * Some old platform's BIOS love to wreak havoc while the lid is closed.
-	 * We try to detect this here and undo any damage. The split for PCH
-	 * platforms is rather conservative and a bit arbitrary expect that on
-	 * those platforms VGA disabling requires actual legacy VGA I/O access,
-	 * and as part of the cleanup in the hw state restore we also redisable
-	 * the vga plane.
-	 */
-	if (!HAS_PCH_SPLIT(dev_priv))
-		intel_display_resume(dev);
-
-	dev_priv->modeset_restore = MODESET_DONE;
-
-exit:
-	mutex_unlock(&dev_priv->modeset_restore_lock);
-	return NOTIFY_OK;
-}
-
-static int
-intel_lvds_connector_register(struct drm_connector *connector)
-{
-	struct intel_lvds_connector *lvds = to_lvds_connector(connector);
-	int ret;
-
-	ret = intel_connector_register(connector);
-	if (ret)
-		return ret;
-
-	lvds->lid_notifier.notifier_call = intel_lid_notify;
-	if (acpi_lid_notifier_register(&lvds->lid_notifier)) {
-		DRM_DEBUG_KMS("lid notifier registration failed\n");
-		lvds->lid_notifier.notifier_call = NULL;
-	}
-
-	return 0;
-}
-
-static void
-intel_lvds_connector_unregister(struct drm_connector *connector)
-{
-	struct intel_lvds_connector *lvds = to_lvds_connector(connector);
-
-	if (lvds->lid_notifier.notifier_call)
-		acpi_lid_notifier_unregister(&lvds->lid_notifier);
-
-	intel_connector_unregister(connector);
-}
-
 /**
  * intel_lvds_destroy - unregister and free LVDS structures
  * @connector: connector to free
@@ -641,8 +511,8 @@ static const struct drm_connector_funcs
 	.fill_modes = drm_helper_probe_single_connector_modes,
 	.atomic_get_property = intel_digital_connector_atomic_get_property,
 	.atomic_set_property = intel_digital_connector_atomic_set_property,
-	.late_register = intel_lvds_connector_register,
-	.early_unregister = intel_lvds_connector_unregister,
+	.late_register = intel_connector_register,
+	.early_unregister = intel_connector_unregister,
 	.destroy = intel_lvds_destroy,
 	.atomic_destroy_state = drm_atomic_helper_connector_destroy_state,
 	.atomic_duplicate_state = intel_digital_connector_duplicate_state,
@@ -1108,8 +978,6 @@ void intel_lvds_init(struct drm_i915_pri
 	 * 2) check for VBT data
 	 * 3) check to see if LVDS is already on
 	 *    if none of the above, no panel
-	 * 4) make sure lid is open
-	 *    if closed, act like it's not there for now
 	 */
 
 	/*



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 154/197] drm/i915: Increase LSPCON timeout
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (152 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 153/197] drm/i915: Nuke the LVDS lid notifier Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 155/197] drm/i915: Free write_buf that we allocated with kzalloc Greg Kroah-Hartman
                   ` (44 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Shashank Sharma, Imre Deak,
	Jani Nikula, Rodrigo Vivi, Fredrik Schön

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Fredrik Schön <fredrikschon@gmail.com>

commit 299c2a904b1e8d5096d4813df6371357d97a6cd1 upstream.

100 ms is not enough time for the LSPCON adapter on Intel NUC devices to
settle. This causes dropped display modes at boot or screen reconfiguration.
Empirical testing can reproduce the error up to a timeout of 190 ms. Basic
boot and stress testing at 200 ms has not (yet) failed.

Increase timeout to 400 ms to get some margin of error.

Changes from v1:
The initial suggestion of 1000 ms was lowered due to concerns about delaying
valid timeout cases.
Update patch metadata.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107503
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1570392
Fixes: 357c0ae9198a ("drm/i915/lspcon: Wait for expected LSPCON mode to settle")
Cc: Shashank Sharma <shashank.sharma@intel.com>
Cc: Imre Deak <imre.deak@intel.com>
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: <stable@vger.kernel.org> # v4.11+
Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Reviewed-by: Shashank Sharma <shashank.sharma@intel.com>
Signed-off-by: Fredrik Schön <fredrik.schon@gmail.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180817200728.8154-1-fredrik.schon@gmail.com
(cherry picked from commit 59f1c8ab30d6f9042562949f42cbd3f3cf69de94)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/intel_lspcon.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/i915/intel_lspcon.c
+++ b/drivers/gpu/drm/i915/intel_lspcon.c
@@ -74,7 +74,7 @@ static enum drm_lspcon_mode lspcon_wait_
 	DRM_DEBUG_KMS("Waiting for LSPCON mode %s to settle\n",
 		      lspcon_mode_name(mode));
 
-	wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 100);
+	wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 400);
 	if (current_mode != mode)
 		DRM_ERROR("LSPCON mode hasn't settled\n");
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 155/197] drm/i915: Free write_buf that we allocated with kzalloc.
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (153 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 154/197] drm/i915: Increase LSPCON timeout Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 156/197] drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet Greg Kroah-Hartman
                   ` (43 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Brian J Wood, Ramalingam C,
	Sean Paul, Jani Nikula, Rodrigo Vivi, Chris Wilson

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Rodrigo Vivi <rodrigo.vivi@intel.com>

commit 1b1b1162745e5f9e5c6c095afc8081df3edabc50 upstream.

We use kzalloc to allocate the write_buf that we use for
i2c transfer on hdcp write. But it seems that we are forgetting
to free the memory that is not needed after i2c transfer is
completed.

Reported-by: Brian J Wood <brian.j.wood@intel.com>
Fixes: 2320175feb74 ("drm/i915: Implement HDCP for HDMI")
Cc: Ramalingam C <ramalingam.c@intel.com>
Cc: Sean Paul <seanpaul@chromium.org>
Cc: Jani Nikula <jani.nikula@linux.intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Cc: <stable@vger.kernel.org> # v4.17+
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Link: https://patchwork.freedesktop.org/patch/msgid/20180823205136.31310-1-rodrigo.vivi@intel.com
(cherry picked from commit 62d3a8deaa10b8346d979d0dabde56c33b742afa)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/intel_hdmi.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/drivers/gpu/drm/i915/intel_hdmi.c
+++ b/drivers/gpu/drm/i915/intel_hdmi.c
@@ -933,8 +933,12 @@ static int intel_hdmi_hdcp_write(struct
 
 	ret = i2c_transfer(adapter, &msg, 1);
 	if (ret == 1)
-		return 0;
-	return ret >= 0 ? -EIO : ret;
+		ret = 0;
+	else if (ret >= 0)
+		ret = -EIO;
+
+	kfree(write_buf);
+	return ret;
 }
 
 static



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 156/197] drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (154 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 155/197] drm/i915: Free write_buf that we allocated with kzalloc Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 157/197] drm/amdgpu: fix a reversed condition Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Leo Liu, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alex Deucher <alexander.deucher@amd.com>

commit afb1436c7b44ab928e6369a4d48e3abb8215241e upstream.

Was missed when updating the uvd 6 module.

Fixes: 1aac3c9180 (drm/amdgpu: fix insert nop for UVD6 ring)
Reviewed-by: Leo Liu <leo.liu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c
@@ -1569,7 +1569,6 @@ static const struct amdgpu_ring_funcs uv
 static const struct amdgpu_ring_funcs uvd_v6_0_ring_vm_funcs = {
 	.type = AMDGPU_RING_TYPE_UVD,
 	.align_mask = 0xf,
-	.nop = PACKET0(mmUVD_NO_OP, 0),
 	.support_64bit_ptrs = false,
 	.get_rptr = uvd_v6_0_ring_get_rptr,
 	.get_wptr = uvd_v6_0_ring_get_wptr,
@@ -1587,7 +1586,7 @@ static const struct amdgpu_ring_funcs uv
 	.emit_hdp_flush = uvd_v6_0_ring_emit_hdp_flush,
 	.test_ring = uvd_v6_0_ring_test_ring,
 	.test_ib = amdgpu_uvd_ring_test_ib,
-	.insert_nop = amdgpu_ring_insert_nop,
+	.insert_nop = uvd_v6_0_ring_insert_nop,
 	.pad_ib = amdgpu_ring_generic_pad_ib,
 	.begin_use = amdgpu_uvd_ring_begin_use,
 	.end_use = amdgpu_uvd_ring_end_use,



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 157/197] drm/amdgpu: fix a reversed condition
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (155 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 156/197] drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 158/197] drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Evan Quan, Alex Deucher, Rex Zhu

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Rex Zhu <rex.zhu@amd.com>

commit ccf9ef0b0d10434dec5046bcfc4e834a7b1830fd upstream.

This test was reversed so it would end up leading to vddnb value
can't be read via hwmon on APU.

Reviewed-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Rex Zhu <Rex.Zhu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
@@ -1157,7 +1157,7 @@ static ssize_t amdgpu_hwmon_show_vddnb(s
 	int r, size = sizeof(vddnb);
 
 	/* only APUs have vddnb */
-	if  (adev->flags & AMD_IS_APU)
+	if  (!(adev->flags & AMD_IS_APU))
 		return -EINVAL;
 
 	/* Can't get voltage when the card is off */



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 158/197] drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (156 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 157/197] drm/amdgpu: fix a reversed condition Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 159/197] drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Paul Menzel, Alex Deucher,
	Junwei Zhang, Michel Dänzer

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michel Dänzer <michel.daenzer@amd.com>

commit 226127a67e31a9518d9516d3e4890759b379d874 upstream.

We were testing the register offset, instead of the value stored in the
register, therefore always timing out the loop.

This reduces suspend time of the system in the bug report below by ~600
ms.

Cc: stable@vger.kernel.org
Bugzilla: https://bugs.freedesktop.org/107277
Tested-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Junwei Zhang <Jerry.Zhang@amd.com>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
@@ -3433,7 +3433,7 @@ static void gfx_v9_0_enter_rlc_safe_mode
 
 		/* wait for RLC_SAFE_MODE */
 		for (i = 0; i < adev->usec_timeout; i++) {
-			if (!REG_GET_FIELD(SOC15_REG_OFFSET(GC, 0, mmRLC_SAFE_MODE), RLC_SAFE_MODE, CMD))
+			if (!REG_GET_FIELD(RREG32_SOC15(GC, 0, mmRLC_SAFE_MODE), RLC_SAFE_MODE, CMD))
 				break;
 			udelay(1);
 		}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 159/197] drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (157 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 158/197] drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 160/197] drm/amd/powerplay: fixed uninitialized value Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Evan Quan, Alex Deucher, Rex Zhu

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Rex Zhu <rex.zhu@amd.com>

commit 8a50bb47a863c3cb8950a2e810448c9a82a9d446 upstream.

the voltage showed in debugfs and hwmon should be in mV

Reviewed-by: Evan Quan <evan.quan@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Rex Zhu <Rex.Zhu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c
+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c
@@ -244,6 +244,7 @@ static int smu8_initialize_dpm_defaults(
 	return 0;
 }
 
+/* convert form 8bit vid to real voltage in mV*4 */
 static uint32_t smu8_convert_8Bit_index_to_voltage(
 			struct pp_hwmgr *hwmgr, uint16_t voltage)
 {
@@ -1702,13 +1703,13 @@ static int smu8_read_sensor(struct pp_hw
 	case AMDGPU_PP_SENSOR_VDDNB:
 		tmp = (cgs_read_ind_register(hwmgr->device, CGS_IND_REG__SMC, ixSMUSVI_NB_CURRENTVID) &
 			CURRENT_NB_VID_MASK) >> CURRENT_NB_VID__SHIFT;
-		vddnb = smu8_convert_8Bit_index_to_voltage(hwmgr, tmp);
+		vddnb = smu8_convert_8Bit_index_to_voltage(hwmgr, tmp) / 4;
 		*((uint32_t *)value) = vddnb;
 		return 0;
 	case AMDGPU_PP_SENSOR_VDDGFX:
 		tmp = (cgs_read_ind_register(hwmgr->device, CGS_IND_REG__SMC, ixSMUSVI_GFX_CURRENTVID) &
 			CURRENT_GFX_VID_MASK) >> CURRENT_GFX_VID__SHIFT;
-		vddgfx = smu8_convert_8Bit_index_to_voltage(hwmgr, (u16)tmp);
+		vddgfx = smu8_convert_8Bit_index_to_voltage(hwmgr, (u16)tmp) / 4;
 		*((uint32_t *)value) = vddgfx;
 		return 0;
 	case AMDGPU_PP_SENSOR_UVD_VCLK:



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 160/197] drm/amd/powerplay: fixed uninitialized value
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (158 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 159/197] drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 161/197] drm/amd/pp/Polaris12: Fix a chunk of registers missed to program Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Evan Quan, Huang Rui, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Evan Quan <evan.quan@amd.com>

commit 1ce0688f3f6a9e9d34ae66bf779d54855def7bec upstream.

The 'result' is not initialized correctly. It causes the API
return an error code even on success.

Signed-off-by: Evan Quan <evan.quan@amd.com>
Acked-by: Huang Rui <ray.huang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c
+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c
@@ -490,7 +490,7 @@ static int vega12_get_number_dpm_level(s
 static int vega12_get_dpm_frequency_by_index(struct pp_hwmgr *hwmgr,
 		PPCLK_e clkID, uint32_t index, uint32_t *clock)
 {
-	int result;
+	int result = 0;
 
 	/*
 	 *SMU expects the Clock ID to be in the top 16 bits.



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 161/197] drm/amd/pp/Polaris12: Fix a chunk of registers missed to program
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (159 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 160/197] drm/amd/powerplay: fixed uninitialized value Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 162/197] drm/edid: Quirk Vive Pro VR headset non-desktop Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Deucher, Rex Zhu

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Rex Zhu <rex.zhu@amd.com>

commit 2d227ec2c11c568910299e8f913bac2dda47397c upstream.

DIDTConfig_Polaris12[] table missed a big chunk of data.

Pointed by aidan.fabius <aidan.fabius@coreavi.com>

Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Rex Zhu <Rex.Zhu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/powerplay/hwmgr/smu7_powertune.c |   43 +++++++++++++++++++
 1 file changed, 43 insertions(+)

--- a/drivers/gpu/drm/amd/powerplay/hwmgr/smu7_powertune.c
+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/smu7_powertune.c
@@ -403,6 +403,49 @@ static const struct gpu_pt_config_reg DI
 	{   ixDIDT_SQ_CTRL1,                   DIDT_SQ_CTRL1__MAX_POWER_MASK,                      DIDT_SQ_CTRL1__MAX_POWER__SHIFT,                    0xffff,     GPU_CONFIGREG_DIDT_IND },
 
 	{   ixDIDT_SQ_CTRL_OCP,                DIDT_SQ_CTRL_OCP__UNUSED_0_MASK,                    DIDT_SQ_CTRL_OCP__UNUSED_0__SHIFT,                  0x0000,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL_OCP,                DIDT_SQ_CTRL_OCP__OCP_MAX_POWER_MASK,               DIDT_SQ_CTRL_OCP__OCP_MAX_POWER__SHIFT,             0xffff,     GPU_CONFIGREG_DIDT_IND },
+
+	{   ixDIDT_SQ_CTRL2,                   DIDT_SQ_CTRL2__MAX_POWER_DELTA_MASK,                DIDT_SQ_CTRL2__MAX_POWER_DELTA__SHIFT,              0x3853,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL2,                   DIDT_SQ_CTRL2__UNUSED_0_MASK,                       DIDT_SQ_CTRL2__UNUSED_0__SHIFT,                     0x0000,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL2,                   DIDT_SQ_CTRL2__SHORT_TERM_INTERVAL_SIZE_MASK,       DIDT_SQ_CTRL2__SHORT_TERM_INTERVAL_SIZE__SHIFT,     0x005a,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL2,                   DIDT_SQ_CTRL2__UNUSED_1_MASK,                       DIDT_SQ_CTRL2__UNUSED_1__SHIFT,                     0x0000,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL2,                   DIDT_SQ_CTRL2__LONG_TERM_INTERVAL_RATIO_MASK,       DIDT_SQ_CTRL2__LONG_TERM_INTERVAL_RATIO__SHIFT,     0x0000,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL2,                   DIDT_SQ_CTRL2__UNUSED_2_MASK,                       DIDT_SQ_CTRL2__UNUSED_2__SHIFT,                     0x0000,     GPU_CONFIGREG_DIDT_IND },
+
+	{   ixDIDT_SQ_STALL_CTRL,              DIDT_SQ_STALL_CTRL__DIDT_STALL_CTRL_ENABLE_MASK,    DIDT_SQ_STALL_CTRL__DIDT_STALL_CTRL_ENABLE__SHIFT,  0x0001,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_STALL_CTRL,              DIDT_SQ_STALL_CTRL__DIDT_STALL_DELAY_HI_MASK,       DIDT_SQ_STALL_CTRL__DIDT_STALL_DELAY_HI__SHIFT,     0x0001,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_STALL_CTRL,              DIDT_SQ_STALL_CTRL__DIDT_STALL_DELAY_LO_MASK,       DIDT_SQ_STALL_CTRL__DIDT_STALL_DELAY_LO__SHIFT,     0x0001,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_STALL_CTRL,              DIDT_SQ_STALL_CTRL__DIDT_HI_POWER_THRESHOLD_MASK,   DIDT_SQ_STALL_CTRL__DIDT_HI_POWER_THRESHOLD__SHIFT, 0x0ebb,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_STALL_CTRL,              DIDT_SQ_STALL_CTRL__UNUSED_0_MASK,                  DIDT_SQ_STALL_CTRL__UNUSED_0__SHIFT,                0x0000,     GPU_CONFIGREG_DIDT_IND },
+
+	{   ixDIDT_SQ_TUNING_CTRL,             DIDT_SQ_TUNING_CTRL__DIDT_TUNING_ENABLE_MASK,       DIDT_SQ_TUNING_CTRL__DIDT_TUNING_ENABLE__SHIFT,     0x0001,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_TUNING_CTRL,             DIDT_SQ_TUNING_CTRL__MAX_POWER_DELTA_HI_MASK,       DIDT_SQ_TUNING_CTRL__MAX_POWER_DELTA_HI__SHIFT,     0x3853,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_TUNING_CTRL,             DIDT_SQ_TUNING_CTRL__MAX_POWER_DELTA_LO_MASK,       DIDT_SQ_TUNING_CTRL__MAX_POWER_DELTA_LO__SHIFT,     0x3153,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_TUNING_CTRL,             DIDT_SQ_TUNING_CTRL__UNUSED_0_MASK,                 DIDT_SQ_TUNING_CTRL__UNUSED_0__SHIFT,               0x0000,     GPU_CONFIGREG_DIDT_IND },
+
+	{   ixDIDT_SQ_CTRL0,                   DIDT_SQ_CTRL0__DIDT_CTRL_EN_MASK,                   DIDT_SQ_CTRL0__DIDT_CTRL_EN__SHIFT,                 0x0001,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL0,                   DIDT_SQ_CTRL0__USE_REF_CLOCK_MASK,                  DIDT_SQ_CTRL0__USE_REF_CLOCK__SHIFT,                0x0000,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL0,                   DIDT_SQ_CTRL0__PHASE_OFFSET_MASK,                   DIDT_SQ_CTRL0__PHASE_OFFSET__SHIFT,                 0x0000,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL0,                   DIDT_SQ_CTRL0__DIDT_CTRL_RST_MASK,                  DIDT_SQ_CTRL0__DIDT_CTRL_RST__SHIFT,                0x0000,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL0,                   DIDT_SQ_CTRL0__DIDT_CLK_EN_OVERRIDE_MASK,           DIDT_SQ_CTRL0__DIDT_CLK_EN_OVERRIDE__SHIFT,         0x0000,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL0,                   DIDT_SQ_CTRL0__DIDT_MAX_STALLS_ALLOWED_HI_MASK,     DIDT_SQ_CTRL0__DIDT_MAX_STALLS_ALLOWED_HI__SHIFT,   0x0010,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL0,                   DIDT_SQ_CTRL0__DIDT_MAX_STALLS_ALLOWED_LO_MASK,     DIDT_SQ_CTRL0__DIDT_MAX_STALLS_ALLOWED_LO__SHIFT,   0x0010,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_SQ_CTRL0,                   DIDT_SQ_CTRL0__UNUSED_0_MASK,                       DIDT_SQ_CTRL0__UNUSED_0__SHIFT,                     0x0000,     GPU_CONFIGREG_DIDT_IND },
+
+	{   ixDIDT_TD_WEIGHT0_3,               DIDT_TD_WEIGHT0_3__WEIGHT0_MASK,                    DIDT_TD_WEIGHT0_3__WEIGHT0__SHIFT,                  0x000a,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_TD_WEIGHT0_3,               DIDT_TD_WEIGHT0_3__WEIGHT1_MASK,                    DIDT_TD_WEIGHT0_3__WEIGHT1__SHIFT,                  0x0010,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_TD_WEIGHT0_3,               DIDT_TD_WEIGHT0_3__WEIGHT2_MASK,                    DIDT_TD_WEIGHT0_3__WEIGHT2__SHIFT,                  0x0017,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_TD_WEIGHT0_3,               DIDT_TD_WEIGHT0_3__WEIGHT3_MASK,                    DIDT_TD_WEIGHT0_3__WEIGHT3__SHIFT,                  0x002f,     GPU_CONFIGREG_DIDT_IND },
+
+	{   ixDIDT_TD_WEIGHT4_7,               DIDT_TD_WEIGHT4_7__WEIGHT4_MASK,                    DIDT_TD_WEIGHT4_7__WEIGHT4__SHIFT,                  0x0046,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_TD_WEIGHT4_7,               DIDT_TD_WEIGHT4_7__WEIGHT5_MASK,                    DIDT_TD_WEIGHT4_7__WEIGHT5__SHIFT,                  0x005d,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_TD_WEIGHT4_7,               DIDT_TD_WEIGHT4_7__WEIGHT6_MASK,                    DIDT_TD_WEIGHT4_7__WEIGHT6__SHIFT,                  0x0000,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_TD_WEIGHT4_7,               DIDT_TD_WEIGHT4_7__WEIGHT7_MASK,                    DIDT_TD_WEIGHT4_7__WEIGHT7__SHIFT,                  0x0000,     GPU_CONFIGREG_DIDT_IND },
+
+	{   ixDIDT_TD_CTRL1,                   DIDT_TD_CTRL1__MIN_POWER_MASK,                      DIDT_TD_CTRL1__MIN_POWER__SHIFT,                    0x0000,     GPU_CONFIGREG_DIDT_IND },
+	{   ixDIDT_TD_CTRL1,                   DIDT_TD_CTRL1__MAX_POWER_MASK,                      DIDT_TD_CTRL1__MAX_POWER__SHIFT,                    0xffff,     GPU_CONFIGREG_DIDT_IND },
+
+	{   ixDIDT_TD_CTRL_OCP,                DIDT_TD_CTRL_OCP__UNUSED_0_MASK,                    DIDT_TD_CTRL_OCP__UNUSED_0__SHIFT,                  0x0000,     GPU_CONFIGREG_DIDT_IND },
 	{   ixDIDT_TD_CTRL_OCP,                DIDT_TD_CTRL_OCP__OCP_MAX_POWER_MASK,               DIDT_TD_CTRL_OCP__OCP_MAX_POWER__SHIFT,             0x00ff,     GPU_CONFIGREG_DIDT_IND },
 
 	{   ixDIDT_TD_CTRL2,                   DIDT_TD_CTRL2__MAX_POWER_DELTA_MASK,                DIDT_TD_CTRL2__MAX_POWER_DELTA__SHIFT,              0x3fff,     GPU_CONFIGREG_DIDT_IND },



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 162/197] drm/edid: Quirk Vive Pro VR headset non-desktop.
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (160 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 161/197] drm/amd/pp/Polaris12: Fix a chunk of registers missed to program Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 163/197] drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lubosz Sarnecki, Daniel Stone

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lubosz Sarnecki <lubosz.sarnecki@collabora.com>

commit 6931317c714885f2d792e8150ef6715d416ac681 upstream.

This adds the Vive Pro's EDID information and
sets EDID_QUIRK_NON_DESKTOP.

Signed-off-by: Lubosz Sarnecki <lubosz.sarnecki@collabora.com>
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Cc: <stable@vger.kernel.org> # v4.15+
Link: https://patchwork.freedesktop.org/patch/msgid/20180529115215.4526-1-lubosz.sarnecki@collabora.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/drm_edid.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -163,8 +163,9 @@ static const struct edid_quirk {
 	/* Rotel RSX-1058 forwards sink's EDID but only does HDMI 1.1*/
 	{ "ETR", 13896, EDID_QUIRK_FORCE_8BPC },
 
-	/* HTC Vive VR Headset */
+	/* HTC Vive and Vive Pro VR Headsets */
 	{ "HVR", 0xaa01, EDID_QUIRK_NON_DESKTOP },
+	{ "HVR", 0xaa02, EDID_QUIRK_NON_DESKTOP },
 
 	/* Oculus Rift DK1, DK2, and CV1 VR Headsets */
 	{ "OVR", 0x0001, EDID_QUIRK_NON_DESKTOP },



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 163/197] drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (161 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 162/197] drm/edid: Quirk Vive Pro VR headset non-desktop Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 164/197] drm/amd/display: fix type of variable Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Daniel Vetter

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Kai-Heng Feng <kai.heng.feng@canonical.com>

commit 25da75043f8690fd083878447c91f289dfb63b87 upstream.

Another panel that reports "DFP 1.x compliant TMDS" but it supports 6bpc
instead of 8 bpc.

Apply 6 bpc quirk for the panel to fix it.

BugLink: https://bugs.launchpad.net/bugs/1788308
Cc: <stable@vger.kernel.org> # v4.8+
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20180823055332.7723-1-kai.heng.feng@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/drm_edid.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -116,6 +116,9 @@ static const struct edid_quirk {
 	/* CPT panel of Asus UX303LA reports 8 bpc, but is a 6 bpc panel */
 	{ "CPT", 0x17df, EDID_QUIRK_FORCE_6BPC },
 
+	/* SDC panel of Lenovo B50-80 reports 8 bpc, but is a 6 bpc panel */
+	{ "SDC", 0x3652, EDID_QUIRK_FORCE_6BPC },
+
 	/* Belinea 10 15 55 */
 	{ "MAX", 1516, EDID_QUIRK_PREFER_LARGE_60 },
 	{ "MAX", 0x77e, EDID_QUIRK_PREFER_LARGE_60 },



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 164/197] drm/amd/display: fix type of variable
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (162 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 163/197] drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 165/197] drm/amd/display: Dont share clk source between DP and HDMI Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Gustavo A. R. Silva <gustavo@embeddedor.com>

commit fe78627d430435d22316fe39f2012ece31bf23c2 upstream.

Currently, the maximum value that *counter* can reach is 255, and
code at line 150: while (counter < 1000) { implies a bigger value
could be expected.

Fix this by changing the type of variable *counter* from uint8_t
to uint16_t.

Addresses-Coverity-ID: 1470030 ("Operands don't affect result")
Fixes: 2b6199a1d1b7 ("drm/amd/display: replace msleep with udelay in fbc path")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/display/dc/dce110/dce110_compressor.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/amd/display/dc/dce110/dce110_compressor.c
+++ b/drivers/gpu/drm/amd/display/dc/dce110/dce110_compressor.c
@@ -143,7 +143,7 @@ static void wait_for_fbc_state_changed(
 	struct dce110_compressor *cp110,
 	bool enabled)
 {
-	uint8_t counter = 0;
+	uint16_t counter = 0;
 	uint32_t addr = mmFBC_STATUS;
 	uint32_t value;
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 165/197] drm/amd/display: Dont share clk source between DP and HDMI
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (163 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 164/197] drm/amd/display: fix type of variable Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 166/197] drm/amd/display: update clk for various HDMI color depths Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mikita Lipski, Hersen Wu,
	Bhawanpreet Lakha, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mikita Lipski <mikita.lipski@amd.com>

commit 3e27e10e2ecee0d3a0083f8ae76354ac9c6ad15c upstream.

[why]
Prevent clock source sharing between HDMI and DP connectors.
DP shouldn't be sharing its ref clock with phy clock,
which caused an issue of older ASICS booting up with multiple
diplays plugged in.

[how]
Add an extra check that would prevent HDMI and DP sharing clk.

Signed-off-by: Mikita Lipski <mikita.lipski@amd.com>
Reviewed-by: Hersen Wu <hersenxs.wu@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/display/dc/core/dc_resource.c       |   22 +++++++++++++++-
 drivers/gpu/drm/amd/display/dc/dc.h                     |    1 
 drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c |    2 -
 drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c   |    3 ++
 4 files changed, 26 insertions(+), 2 deletions(-)

--- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
@@ -330,6 +330,9 @@ bool resource_are_streams_timing_synchro
 				!= stream2->timing.pix_clk_khz)
 		return false;
 
+	if (stream1->clamping.c_depth != stream2->clamping.c_depth)
+		return false;
+
 	if (stream1->phy_pix_clk != stream2->phy_pix_clk
 			&& (!dc_is_dp_signal(stream1->signal)
 			|| !dc_is_dp_signal(stream2->signal)))
@@ -337,6 +340,20 @@ bool resource_are_streams_timing_synchro
 
 	return true;
 }
+static bool is_dp_and_hdmi_sharable(
+		struct dc_stream_state *stream1,
+		struct dc_stream_state *stream2)
+{
+	if (stream1->ctx->dc->caps.disable_dp_clk_share)
+		return false;
+
+	if (stream1->clamping.c_depth != COLOR_DEPTH_888 ||
+	    stream2->clamping.c_depth != COLOR_DEPTH_888)
+	return false;
+
+	return true;
+
+}
 
 static bool is_sharable_clk_src(
 	const struct pipe_ctx *pipe_with_clk_src,
@@ -348,7 +365,10 @@ static bool is_sharable_clk_src(
 	if (pipe_with_clk_src->stream->signal == SIGNAL_TYPE_VIRTUAL)
 		return false;
 
-	if (dc_is_dp_signal(pipe_with_clk_src->stream->signal))
+	if (dc_is_dp_signal(pipe_with_clk_src->stream->signal) ||
+		(dc_is_dp_signal(pipe->stream->signal) &&
+		!is_dp_and_hdmi_sharable(pipe_with_clk_src->stream,
+				     pipe->stream)))
 		return false;
 
 	if (dc_is_hdmi_signal(pipe_with_clk_src->stream->signal)
--- a/drivers/gpu/drm/amd/display/dc/dc.h
+++ b/drivers/gpu/drm/amd/display/dc/dc.h
@@ -77,6 +77,7 @@ struct dc_caps {
 	bool dual_link_dvi;
 	bool post_blend_color_processing;
 	bool force_dp_tps4_for_cp2520;
+	bool disable_dp_clk_share;
 };
 
 struct dc_dcc_surface_param {
--- a/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c
@@ -884,7 +884,7 @@ static bool construct(
 	dc->caps.i2c_speed_in_khz = 40;
 	dc->caps.max_cursor_size = 128;
 	dc->caps.dual_link_dvi = true;
-
+	dc->caps.disable_dp_clk_share = true;
 	for (i = 0; i < pool->base.pipe_count; i++) {
 		pool->base.timing_generators[i] =
 			dce100_timing_generator_create(
--- a/drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c
@@ -902,6 +902,7 @@ static bool dce80_construct(
 	}
 
 	dc->caps.max_planes =  pool->base.pipe_count;
+	dc->caps.disable_dp_clk_share = true;
 
 	if (!resource_construct(num_virtual_links, dc, &pool->base,
 			&res_create_funcs))
@@ -1087,6 +1088,7 @@ static bool dce81_construct(
 	}
 
 	dc->caps.max_planes =  pool->base.pipe_count;
+	dc->caps.disable_dp_clk_share = true;
 
 	if (!resource_construct(num_virtual_links, dc, &pool->base,
 			&res_create_funcs))
@@ -1268,6 +1270,7 @@ static bool dce83_construct(
 	}
 
 	dc->caps.max_planes =  pool->base.pipe_count;
+	dc->caps.disable_dp_clk_share = true;
 
 	if (!resource_construct(num_virtual_links, dc, &pool->base,
 			&res_create_funcs))



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 166/197] drm/amd/display: update clk for various HDMI color depths
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (164 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 165/197] drm/amd/display: Dont share clk source between DP and HDMI Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 167/197] drm/amd/display: Use requested HDMI aspect ratio Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mikita Lipski, Charlene Liu,
	Bhawanpreet Lakha, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mikita Lipski <mikita.lipski@amd.com>

commit 81aca8e75c1b046865fb2badef95a0dcff6f73de upstream.

[why]
When programming tonga's connector's backend we didn't take
in account that HDMI's colour depth might be more than 8bpc
therefore we need to add a switch statement that would adjust
the pixel clock accordingly.

[how]
Add a switch statement updating clock by its appropriate
coefficient.

Signed-off-by: Mikita Lipski <mikita.lipski@amd.com>
Reviewed-by: Charlene Liu <Charlene.Liu@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/display/dc/bios/command_table.c |   18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

--- a/drivers/gpu/drm/amd/display/dc/bios/command_table.c
+++ b/drivers/gpu/drm/amd/display/dc/bios/command_table.c
@@ -808,6 +808,24 @@ static enum bp_result transmitter_contro
 	 * (=1: 8bpp, =1.25: 10bpp, =1.5:12bpp, =2: 16bpp)
 	 * LVDS mode: usPixelClock = pixel clock
 	 */
+	if  (cntl->signal == SIGNAL_TYPE_HDMI_TYPE_A) {
+		switch (cntl->color_depth) {
+		case COLOR_DEPTH_101010:
+			params.usSymClock =
+				cpu_to_le16((le16_to_cpu(params.usSymClock) * 30) / 24);
+			break;
+		case COLOR_DEPTH_121212:
+			params.usSymClock =
+				cpu_to_le16((le16_to_cpu(params.usSymClock) * 36) / 24);
+			break;
+		case COLOR_DEPTH_161616:
+			params.usSymClock =
+				cpu_to_le16((le16_to_cpu(params.usSymClock) * 48) / 24);
+			break;
+		default:
+			break;
+		}
+	}
 
 	if (EXEC_BIOS_CMD_TABLE(UNIPHYTransmitterControl, params))
 		result = BP_RESULT_OK;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 167/197] drm/amd/display: Use requested HDMI aspect ratio
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (165 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 166/197] drm/amd/display: update clk for various HDMI color depths Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 168/197] drm/amd/display: Report non-DP display as disconnected without EDID Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Leo (Sunpeng) Li, Mikita Lipski,
	Bhawanpreet Lakha, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Leo (Sunpeng) Li <sunpeng.li@amd.com>

commit e11d41472a50742c16d53c968e143fb498fa482f upstream.

[Why]
The DRM mode's HDMI picture aspect ratio field was never saved in
dc_stream's timing struct. This causes us to mistake a new stream to
have the same timings as the old, even though the user has requested a
different aspect ratio.

[How]
Save DRM's aspect ratio field within dc_stream's timing struct.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107153
Signed-off-by: Leo (Sunpeng) Li <sunpeng.li@amd.com>
Reviewed-by: Mikita Lipski <Mikita.Lipski@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c |    9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -2124,13 +2124,8 @@ convert_color_depth_from_display_info(co
 static enum dc_aspect_ratio
 get_aspect_ratio(const struct drm_display_mode *mode_in)
 {
-	int32_t width = mode_in->crtc_hdisplay * 9;
-	int32_t height = mode_in->crtc_vdisplay * 16;
-
-	if ((width - height) < 10 && (width - height) > -10)
-		return ASPECT_RATIO_16_9;
-	else
-		return ASPECT_RATIO_4_3;
+	/* 1-1 mapping, since both enums follow the HDMI spec. */
+	return (enum dc_aspect_ratio) mode_in->picture_aspect_ratio;
 }
 
 static enum dc_color_space



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 168/197] drm/amd/display: Report non-DP display as disconnected without EDID
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (166 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 167/197] drm/amd/display: Use requested HDMI aspect ratio Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 169/197] drm/rockchip: lvds: add missing of_node_put Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Harry Wentland, Alex Deucher,
	Nicholas Kazlauskas

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Harry Wentland <harry.wentland@amd.com>

commit 01dc285d5cd89b77686d8baef8482c58d7dc3ead upstream.

[Why]
Some boards seem to have a problem where HPD is high on HDMI even though
no display is connected. We don't want to report these as connected. DP
spec still requires us to report DP displays as connected when HPD is
high but we can't read the EDID in order to go to fail-safe mode.

[How]
If connector_signal is not DP abort detection if we can't retrieve the
EDID.

v2: Add Bugzilla and stable

Bugzilla: https://bugs.freedesktop.org/107390
Bugzilla: https://bugs.freedesktop.org/106846
Cc: stable@vger.kernel.org
Signed-off-by: Harry Wentland <harry.wentland@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/display/dc/core/dc_link.c |   11 +++++++++++
 1 file changed, 11 insertions(+)

--- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
@@ -728,6 +728,17 @@ bool dc_link_detect(struct dc_link *link
 			break;
 		case EDID_NO_RESPONSE:
 			DC_LOG_ERROR("No EDID read.\n");
+
+			/*
+			 * Abort detection for non-DP connectors if we have
+			 * no EDID
+			 *
+			 * DP needs to report as connected if HDP is high
+			 * even if we have no EDID in order to go to
+			 * fail-safe mode
+			 */
+			if (!dc_is_dp_signal(link->connector_signal))
+				return false;
 		default:
 			break;
 		}



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 169/197] drm/rockchip: lvds: add missing of_node_put
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (167 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 168/197] drm/amd/display: Report non-DP display as disconnected without EDID Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:31 ` [PATCH 4.18 170/197] drm/rockchip: vop: split out core clock enablement into separate functions Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Julia Lawall, Heiko Stuebner

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Julia Lawall <Julia.Lawall@lip6.fr>

commit ebfb081edc8afd250a6d290c37481bfb2262e7cb upstream.

The device node iterators perform an of_node_get on each iteration, so a
jump out of the loop requires an of_node_put.

The semantic patch that fixes this problem is as follows
(http://coccinelle.lip6.fr):

// <smpl>
@@
expression root,e;
local idexpression child;
iterator name for_each_child_of_node;
@@

 for_each_child_of_node(root, child) {
   ... when != of_node_put(child)
       when != e = child
+  of_node_put(child);
?  break;
   ...
}
... when != child
// </smpl>

Fixes: 34cc0aa25456 ("drm/rockchip: Add support for Rockchip Soc LVDS")
Cc: stable@vger.kernel.org
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/1527102436-13447-6-git-send-email-Julia.Lawall@lip6.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/rockchip/rockchip_lvds.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/gpu/drm/rockchip/rockchip_lvds.c
+++ b/drivers/gpu/drm/rockchip/rockchip_lvds.c
@@ -363,8 +363,10 @@ static int rockchip_lvds_bind(struct dev
 		of_property_read_u32(endpoint, "reg", &endpoint_id);
 		ret = drm_of_find_panel_or_bridge(dev->of_node, 1, endpoint_id,
 						  &lvds->panel, &lvds->bridge);
-		if (!ret)
+		if (!ret) {
+			of_node_put(endpoint);
 			break;
+		}
 	}
 	if (!child_count) {
 		DRM_DEV_ERROR(dev, "lvds port does not have any children\n");



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 170/197] drm/rockchip: vop: split out core clock enablement into separate functions
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (168 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 169/197] drm/rockchip: lvds: add missing of_node_put Greg Kroah-Hartman
@ 2018-09-13 13:31 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 171/197] drm/rockchip: vop: fix irq disabled after vop driver probed Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:31 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Heiko Stuebner, Ezequiel Garcia, Tomasz Figa

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Heiko Stuebner <heiko@sntech.de>

commit e2810a7167df14c762e085fae5aade38425b71bf upstream.

Judging from the iommu code, both the hclk and aclk are necessary for
register access. Split them off into separate functions from the regular
vop enablement, so that we can use them elsewhere as well.

Fixes: d0b912bd4c23 ("iommu/rockchip: Request irqs in rk_iommu_probe()")
[prerequisite change for the actual fix]
Cc: stable@vger.kernel.org
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Ezequiel Garcia <ezequiel@collabora.com>
Reviewed-by: Tomasz Figa <tfiga@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20180612132028.27490-2-heiko@sntech.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/rockchip/rockchip_drm_vop.c |   44 +++++++++++++++++++---------
 1 file changed, 31 insertions(+), 13 deletions(-)

--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
@@ -486,6 +486,31 @@ static void vop_line_flag_irq_disable(st
 	spin_unlock_irqrestore(&vop->irq_lock, flags);
 }
 
+static int vop_core_clks_enable(struct vop *vop)
+{
+	int ret;
+
+	ret = clk_enable(vop->hclk);
+	if (ret < 0)
+		return ret;
+
+	ret = clk_enable(vop->aclk);
+	if (ret < 0)
+		goto err_disable_hclk;
+
+	return 0;
+
+err_disable_hclk:
+	clk_disable(vop->hclk);
+	return ret;
+}
+
+static void vop_core_clks_disable(struct vop *vop)
+{
+	clk_disable(vop->aclk);
+	clk_disable(vop->hclk);
+}
+
 static int vop_enable(struct drm_crtc *crtc)
 {
 	struct vop *vop = to_vop(crtc);
@@ -497,17 +522,13 @@ static int vop_enable(struct drm_crtc *c
 		return ret;
 	}
 
-	ret = clk_enable(vop->hclk);
+	ret = vop_core_clks_enable(vop);
 	if (WARN_ON(ret < 0))
 		goto err_put_pm_runtime;
 
 	ret = clk_enable(vop->dclk);
 	if (WARN_ON(ret < 0))
-		goto err_disable_hclk;
-
-	ret = clk_enable(vop->aclk);
-	if (WARN_ON(ret < 0))
-		goto err_disable_dclk;
+		goto err_disable_core;
 
 	/*
 	 * Slave iommu shares power, irq and clock with vop.  It was associated
@@ -519,7 +540,7 @@ static int vop_enable(struct drm_crtc *c
 	if (ret) {
 		DRM_DEV_ERROR(vop->dev,
 			      "failed to attach dma mapping, %d\n", ret);
-		goto err_disable_aclk;
+		goto err_disable_dclk;
 	}
 
 	spin_lock(&vop->reg_lock);
@@ -558,12 +579,10 @@ static int vop_enable(struct drm_crtc *c
 
 	return 0;
 
-err_disable_aclk:
-	clk_disable(vop->aclk);
 err_disable_dclk:
 	clk_disable(vop->dclk);
-err_disable_hclk:
-	clk_disable(vop->hclk);
+err_disable_core:
+	vop_core_clks_disable(vop);
 err_put_pm_runtime:
 	pm_runtime_put_sync(vop->dev);
 	return ret;
@@ -609,8 +628,7 @@ static void vop_crtc_atomic_disable(stru
 	rockchip_drm_dma_detach_device(vop->drm_dev, vop->dev);
 
 	clk_disable(vop->dclk);
-	clk_disable(vop->aclk);
-	clk_disable(vop->hclk);
+	vop_core_clks_disable(vop);
 	pm_runtime_put(vop->dev);
 	mutex_unlock(&vop->vop_lock);
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 171/197] drm/rockchip: vop: fix irq disabled after vop driver probed
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (169 preceding siblings ...)
  2018-09-13 13:31 ` [PATCH 4.18 170/197] drm/rockchip: vop: split out core clock enablement into separate functions Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 172/197] drm/amd/display: Pass connector id when executing VBIOS CT Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sandy Huang, Heiko Stuebner,
	Ezequiel Garcia, Tomasz Figa, Marc Zyngier

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sandy Huang <hjc@rock-chips.com>

commit 6456314ff1de246414a43e3132075b70b3e050ac upstream.

The vop irq is shared between vop and iommu and irq probing in the
iommu driver moved to the probe function recently. This can in some
cases lead to a stall if the irq is triggered while the vop driver
still has it disabled, but the vop irq handler gets called.

But there is no real need to disable the irq, as the vop can simply
also track its enabled state and ignore irqs in that case.
For this we can simply check the power-domain state of the vop,
similar to how the iommu driver does it.

So remove the enable/disable handling and add appropriate condition
to the irq handler.

changes in v2:
- move to just check the power-domain state
- add clock handling
changes in v3:
- clarify comment to speak of runtime-pm not power-domain
changes in v4:
- address Marc's comments (clk-enable WARN_ON and style improvement)

Fixes: d0b912bd4c23 ("iommu/rockchip: Request irqs in rk_iommu_probe()")
Cc: stable@vger.kernel.org
Signed-off-by: Sandy Huang <hjc@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Ezequiel Garcia <ezequiel@collabora.com>
Reviewed-by: Tomasz Figa <tfiga@chromium.org>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180612132028.27490-3-heiko@sntech.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/rockchip/rockchip_drm_vop.c |   25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
@@ -573,8 +573,6 @@ static int vop_enable(struct drm_crtc *c
 
 	spin_unlock(&vop->reg_lock);
 
-	enable_irq(vop->irq);
-
 	drm_crtc_vblank_on(crtc);
 
 	return 0;
@@ -618,8 +616,6 @@ static void vop_crtc_atomic_disable(stru
 
 	vop_dsp_hold_valid_irq_disable(vop);
 
-	disable_irq(vop->irq);
-
 	vop->is_enabled = false;
 
 	/*
@@ -1196,6 +1192,18 @@ static irqreturn_t vop_isr(int irq, void
 	int ret = IRQ_NONE;
 
 	/*
+	 * The irq is shared with the iommu. If the runtime-pm state of the
+	 * vop-device is disabled the irq has to be targeted at the iommu.
+	 */
+	if (!pm_runtime_get_if_in_use(vop->dev))
+		return IRQ_NONE;
+
+	if (vop_core_clks_enable(vop)) {
+		DRM_DEV_ERROR_RATELIMITED(vop->dev, "couldn't enable clocks\n");
+		goto out;
+	}
+
+	/*
 	 * interrupt register has interrupt status, enable and clear bits, we
 	 * must hold irq_lock to avoid a race with enable/disable_vblank().
 	*/
@@ -1210,7 +1218,7 @@ static irqreturn_t vop_isr(int irq, void
 
 	/* This is expected for vop iommu irqs, since the irq is shared */
 	if (!active_irqs)
-		return IRQ_NONE;
+		goto out_disable;
 
 	if (active_irqs & DSP_HOLD_VALID_INTR) {
 		complete(&vop->dsp_hold_completion);
@@ -1236,6 +1244,10 @@ static irqreturn_t vop_isr(int irq, void
 		DRM_DEV_ERROR(vop->dev, "Unknown VOP IRQs: %#02x\n",
 			      active_irqs);
 
+out_disable:
+	vop_core_clks_disable(vop);
+out:
+	pm_runtime_put(vop->dev);
 	return ret;
 }
 
@@ -1614,9 +1626,6 @@ static int vop_bind(struct device *dev,
 	if (ret)
 		goto err_disable_pm_runtime;
 
-	/* IRQ is initially disabled; it gets enabled in power_on */
-	disable_irq(vop->irq);
-
 	return 0;
 
 err_disable_pm_runtime:



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 172/197] drm/amd/display: Pass connector id when executing VBIOS CT
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (170 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 171/197] drm/rockchip: vop: fix irq disabled after vop driver probed Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 173/197] drm/amd/display: Check if clock source in use before disabling Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mikita Lipski, Hersen Wu, Leo Li,
	Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mikita Lipski <mikita.lipski@amd.com>

commit 433149130c31de3f63b17b4ce08b45dab208f7e8 upstream.

[why]
Older ASICs require both phys_id and connector_id
to execute bios command table. If we are not passing the
right connector_id - it can lead to a black screen.

[how]
Set connector_obj_id when executing vbios command table

Signed-off-by: Mikita Lipski <mikita.lipski@amd.com>
Reviewed-by: Hersen Wu <hersenxs.wu@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/display/dc/dce/dce_link_encoder.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/gpu/drm/amd/display/dc/dce/dce_link_encoder.c
+++ b/drivers/gpu/drm/amd/display/dc/dce/dce_link_encoder.c
@@ -919,7 +919,7 @@ void dce110_link_encoder_enable_tmds_out
 	enum bp_result result;
 
 	/* Enable the PHY */
-
+	cntl.connector_obj_id = enc110->base.connector;
 	cntl.action = TRANSMITTER_CONTROL_ENABLE;
 	cntl.engine_id = enc->preferred_engine;
 	cntl.transmitter = enc110->base.transmitter;
@@ -961,7 +961,7 @@ void dce110_link_encoder_enable_dp_outpu
 	 * We need to set number of lanes manually.
 	 */
 	configure_encoder(enc110, link_settings);
-
+	cntl.connector_obj_id = enc110->base.connector;
 	cntl.action = TRANSMITTER_CONTROL_ENABLE;
 	cntl.engine_id = enc->preferred_engine;
 	cntl.transmitter = enc110->base.transmitter;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 173/197] drm/amd/display: Check if clock source in use before disabling
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (171 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 172/197] drm/amd/display: Pass connector id when executing VBIOS CT Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 174/197] drm/amdgpu: update tmr mc address Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mikita Lipski, Harry Wentland,
	Leo Li, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mikita Lipski <mikita.lipski@amd.com>

commit ad8960a6cb06c446d0a391ce095f6f28edf36aff upstream.

[why]
We are disabling clock source while other pipes are still using
it, because we don't verify the number of pipes that share it.

[how]
- Adding a function in resources to return the number of pipes
sharing the clock source.
- Checking that no one is sharing the clock source before disabling

Signed-off-by: Mikita Lipski <mikita.lipski@amd.com>
Reviewed-by: Harry Wentland <Harry.Wentland@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/display/dc/core/dc_resource.c           |   46 ++++++++----
 drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c |    4 -
 drivers/gpu/drm/amd/display/dc/inc/resource.h               |    5 +
 3 files changed, 40 insertions(+), 15 deletions(-)

--- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
@@ -268,24 +268,30 @@ bool resource_construct(
 
 	return true;
 }
+static int find_matching_clock_source(
+		const struct resource_pool *pool,
+		struct clock_source *clock_source)
+{
 
+	int i;
+
+	for (i = 0; i < pool->clk_src_count; i++) {
+		if (pool->clock_sources[i] == clock_source)
+			return i;
+	}
+	return -1;
+}
 
 void resource_unreference_clock_source(
 		struct resource_context *res_ctx,
 		const struct resource_pool *pool,
 		struct clock_source *clock_source)
 {
-	int i;
-
-	for (i = 0; i < pool->clk_src_count; i++) {
-		if (pool->clock_sources[i] != clock_source)
-			continue;
+	int i = find_matching_clock_source(pool, clock_source);
 
+	if (i > -1)
 		res_ctx->clock_source_ref_count[i]--;
 
-		break;
-	}
-
 	if (pool->dp_clock_source == clock_source)
 		res_ctx->dp_clock_source_ref_count--;
 }
@@ -295,19 +301,31 @@ void resource_reference_clock_source(
 		const struct resource_pool *pool,
 		struct clock_source *clock_source)
 {
-	int i;
-	for (i = 0; i < pool->clk_src_count; i++) {
-		if (pool->clock_sources[i] != clock_source)
-			continue;
+	int i = find_matching_clock_source(pool, clock_source);
 
+	if (i > -1)
 		res_ctx->clock_source_ref_count[i]++;
-		break;
-	}
 
 	if (pool->dp_clock_source == clock_source)
 		res_ctx->dp_clock_source_ref_count++;
 }
 
+int resource_get_clock_source_reference(
+		struct resource_context *res_ctx,
+		const struct resource_pool *pool,
+		struct clock_source *clock_source)
+{
+	int i = find_matching_clock_source(pool, clock_source);
+
+	if (i > -1)
+		return res_ctx->clock_source_ref_count[i];
+
+	if (pool->dp_clock_source == clock_source)
+		return res_ctx->dp_clock_source_ref_count;
+
+	return -1;
+}
+
 bool resource_are_streams_timing_synchronizable(
 	struct dc_stream_state *stream1,
 	struct dc_stream_state *stream2)
--- a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
@@ -1939,7 +1939,9 @@ static void dce110_reset_hw_ctx_wrap(
 			pipe_ctx_old->plane_res.mi->funcs->free_mem_input(
 					pipe_ctx_old->plane_res.mi, dc->current_state->stream_count);
 
-			if (old_clk)
+			if (old_clk && 0 == resource_get_clock_source_reference(&context->res_ctx,
+										dc->res_pool,
+										old_clk))
 				old_clk->funcs->cs_power_down(old_clk);
 
 			dc->hwss.disable_plane(dc, pipe_ctx_old);
--- a/drivers/gpu/drm/amd/display/dc/inc/resource.h
+++ b/drivers/gpu/drm/amd/display/dc/inc/resource.h
@@ -102,6 +102,11 @@ void resource_reference_clock_source(
 		const struct resource_pool *pool,
 		struct clock_source *clock_source);
 
+int resource_get_clock_source_reference(
+		struct resource_context *res_ctx,
+		const struct resource_pool *pool,
+		struct clock_source *clock_source);
+
 bool resource_are_streams_timing_synchronizable(
 		struct dc_stream_state *stream1,
 		struct dc_stream_state *stream2);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 174/197] drm/amdgpu: update tmr mc address
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (172 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 173/197] drm/amd/display: Check if clock source in use before disabling Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 175/197] drm/amdgpu:add tmr mc address into amdgpu_firmware_info Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Zhu, Alex Deucher, Huang Rui,
	Likun Gao

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: James Zhu <jzhums@gmail.com>

commit 435198f33b56d7b875a8173a0227ddf0de285aa1 upstream.

Update tmr mc address with firmware loading address
which is returned from PSP firmware

Signed-off-by: James Zhu <James.Zhu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Huang Rui <ray.huang@amd.com>
Reviewed-by: Likun Gao <Likun.Gao@amd.com>
Signed-off-by: Likun Gao <Likun.Gao@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
@@ -131,6 +131,11 @@ psp_cmd_submit_buf(struct psp_context *p
 		msleep(1);
 	}
 
+	if (ucode) {
+		ucode->tmr_mc_addr_lo = psp->cmd_buf_mem->resp.fw_addr_lo;
+		ucode->tmr_mc_addr_hi = psp->cmd_buf_mem->resp.fw_addr_hi;
+	}
+
 	return ret;
 }
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 175/197] drm/amdgpu:add tmr mc address into amdgpu_firmware_info
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (173 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 174/197] drm/amdgpu: update tmr mc address Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 176/197] drm/amdgpu:add new firmware id for VCN Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Zhu, Alex Deucher, Huang Rui,
	Likun Gao, Likun Gao

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: James Zhu <jzhums@gmail.com>

commit abf412b3efb2f943d9b98a489e9aca836be21333 upstream.

amdgpu IP blocks booting need Trust Memory Region(tmr) mc address
of its firmware which is loaded by PSP

Signed-off-by: James Zhu <James.Zhu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Huang Rui <ray.huang@amd.com>
Reviewed-by: Likun Gao <likun.gao@amd.com>
Signed-off-by: Likun Gao <Likun.Gao@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h
@@ -226,6 +226,9 @@ struct amdgpu_firmware_info {
 	void *kaddr;
 	/* ucode_size_bytes */
 	uint32_t ucode_size;
+	/* starting tmr mc address */
+	uint32_t tmr_mc_addr_lo;
+	uint32_t tmr_mc_addr_hi;
 };
 
 void amdgpu_ucode_print_mc_hdr(const struct common_firmware_header *hdr);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 176/197] drm/amdgpu:add new firmware id for VCN
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (174 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 175/197] drm/amdgpu:add tmr mc address into amdgpu_firmware_info Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 177/197] drm/amdgpu:add VCN support in PSP driver Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Zhu, Alex Deucher, Huang Rui,
	Likun Gao

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Likun Gao <Likun.Gao@amd.com>

commit c9ca989696ff28ffb015cc2b7c5577938ef2626c upstream.

Add the new firmware id for VCN into the enum

Signed-off-by: James Zhu <James.Zhu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Huang Rui <ray.huang@amd.com>
Reviewed-by: Likun Gao <Likun.Gao@amd.com>
Signed-off-by: Likun Gao <Likun.Gao@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h
@@ -194,6 +194,7 @@ enum AMDGPU_UCODE_ID {
 	AMDGPU_UCODE_ID_SMC,
 	AMDGPU_UCODE_ID_UVD,
 	AMDGPU_UCODE_ID_VCE,
+	AMDGPU_UCODE_ID_VCN,
 	AMDGPU_UCODE_ID_MAXIMUM,
 };
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 177/197] drm/amdgpu:add VCN support in PSP driver
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (175 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 176/197] drm/amdgpu:add new firmware id for VCN Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 178/197] drm/amdgpu:add VCN booting with firmware loaded by PSP Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Zhu, Alex Deucher, Huang Rui,
	Likun Gao

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Likun Gao <Likun.Gao@amd.com>

commit 235ac9de625a0a586093ad81b3de6f7d7ab913ed upstream.

Add VCN support in PSP driver

Signed-off-by: James Zhu <James.Zhu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Huang Rui <ray.huang@amd.com>
Reviewed-by: Likun Gao <Likun.Gao@amd.com>
Signed-off-by: Likun Gao <Likun.Gao@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/psp_v10_0.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/gpu/drm/amd/amdgpu/psp_v10_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/psp_v10_0.c
@@ -88,6 +88,9 @@ psp_v10_0_get_fw_type(struct amdgpu_firm
 	case AMDGPU_UCODE_ID_VCE:
 		*type = GFX_FW_TYPE_VCE;
 		break;
+	case AMDGPU_UCODE_ID_VCN:
+		*type = GFX_FW_TYPE_VCN;
+		break;
 	case AMDGPU_UCODE_ID_MAXIMUM:
 	default:
 		return -EINVAL;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 178/197] drm/amdgpu:add VCN booting with firmware loaded by PSP
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (176 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 177/197] drm/amdgpu:add VCN support in PSP driver Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 179/197] drm/amdgpu: fix incorrect use of fcheck Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Zhu, Alex Deucher, Huang Rui,
	Likun Gao

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Likun Gao <Likun.Gao@amd.com>

commit 4d77c0f676e910fb1f1870738aa4bd168f253621 upstream.

Setup psp firmware loading for VCN, and make VCN block
booting from tmr mac address.

Signed-off-by: James Zhu <James.Zhu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Huang Rui <ray.huang@amd.com>
Reviewed-by: Likun Gao <Likun.Gao@amd.com>
Signed-off-by: Likun Gao <Likun.Gao@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c |   17 ++++++++------
 drivers/gpu/drm/amd/amdgpu/vcn_v1_0.c   |   38 +++++++++++++++++++++++++-------
 2 files changed, 40 insertions(+), 15 deletions(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c
@@ -111,9 +111,10 @@ int amdgpu_vcn_sw_init(struct amdgpu_dev
 			version_major, version_minor, family_id);
 	}
 
-	bo_size = AMDGPU_GPU_PAGE_ALIGN(le32_to_cpu(hdr->ucode_size_bytes) + 8)
-		  +  AMDGPU_VCN_STACK_SIZE + AMDGPU_VCN_HEAP_SIZE
+	bo_size = AMDGPU_VCN_STACK_SIZE + AMDGPU_VCN_HEAP_SIZE
 		  +  AMDGPU_VCN_SESSION_SIZE * 40;
+	if (adev->firmware.load_type != AMDGPU_FW_LOAD_PSP)
+		bo_size += AMDGPU_GPU_PAGE_ALIGN(le32_to_cpu(hdr->ucode_size_bytes) + 8);
 	r = amdgpu_bo_create_kernel(adev, bo_size, PAGE_SIZE,
 				    AMDGPU_GEM_DOMAIN_VRAM, &adev->vcn.vcpu_bo,
 				    &adev->vcn.gpu_addr, &adev->vcn.cpu_addr);
@@ -187,11 +188,13 @@ int amdgpu_vcn_resume(struct amdgpu_devi
 		unsigned offset;
 
 		hdr = (const struct common_firmware_header *)adev->vcn.fw->data;
-		offset = le32_to_cpu(hdr->ucode_array_offset_bytes);
-		memcpy_toio(adev->vcn.cpu_addr, adev->vcn.fw->data + offset,
-			    le32_to_cpu(hdr->ucode_size_bytes));
-		size -= le32_to_cpu(hdr->ucode_size_bytes);
-		ptr += le32_to_cpu(hdr->ucode_size_bytes);
+		if (adev->firmware.load_type != AMDGPU_FW_LOAD_PSP) {
+			offset = le32_to_cpu(hdr->ucode_array_offset_bytes);
+			memcpy_toio(adev->vcn.cpu_addr, adev->vcn.fw->data + offset,
+				    le32_to_cpu(hdr->ucode_size_bytes));
+			size -= le32_to_cpu(hdr->ucode_size_bytes);
+			ptr += le32_to_cpu(hdr->ucode_size_bytes);
+		}
 		memset_io(ptr, 0, size);
 	}
 
--- a/drivers/gpu/drm/amd/amdgpu/vcn_v1_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/vcn_v1_0.c
@@ -90,6 +90,16 @@ static int vcn_v1_0_sw_init(void *handle
 	if (r)
 		return r;
 
+	if (adev->firmware.load_type == AMDGPU_FW_LOAD_PSP) {
+		const struct common_firmware_header *hdr;
+		hdr = (const struct common_firmware_header *)adev->vcn.fw->data;
+		adev->firmware.ucode[AMDGPU_UCODE_ID_VCN].ucode_id = AMDGPU_UCODE_ID_VCN;
+		adev->firmware.ucode[AMDGPU_UCODE_ID_VCN].fw = adev->vcn.fw;
+		adev->firmware.fw_size +=
+			ALIGN(le32_to_cpu(hdr->ucode_size_bytes), PAGE_SIZE);
+		DRM_INFO("PSP loading VCN firmware\n");
+	}
+
 	r = amdgpu_vcn_resume(adev);
 	if (r)
 		return r;
@@ -241,26 +251,38 @@ static int vcn_v1_0_resume(void *handle)
 static void vcn_v1_0_mc_resume(struct amdgpu_device *adev)
 {
 	uint32_t size = AMDGPU_GPU_PAGE_ALIGN(adev->vcn.fw->size + 4);
+	uint32_t offset;
 
-	WREG32_SOC15(UVD, 0, mmUVD_LMI_VCPU_CACHE_64BIT_BAR_LOW,
+	if (adev->firmware.load_type == AMDGPU_FW_LOAD_PSP) {
+		WREG32_SOC15(UVD, 0, mmUVD_LMI_VCPU_CACHE_64BIT_BAR_LOW,
+			     (adev->firmware.ucode[AMDGPU_UCODE_ID_VCN].tmr_mc_addr_lo));
+		WREG32_SOC15(UVD, 0, mmUVD_LMI_VCPU_CACHE_64BIT_BAR_HIGH,
+			     (adev->firmware.ucode[AMDGPU_UCODE_ID_VCN].tmr_mc_addr_hi));
+		WREG32_SOC15(UVD, 0, mmUVD_VCPU_CACHE_OFFSET0, 0);
+		offset = 0;
+	} else {
+		WREG32_SOC15(UVD, 0, mmUVD_LMI_VCPU_CACHE_64BIT_BAR_LOW,
 			lower_32_bits(adev->vcn.gpu_addr));
-	WREG32_SOC15(UVD, 0, mmUVD_LMI_VCPU_CACHE_64BIT_BAR_HIGH,
+		WREG32_SOC15(UVD, 0, mmUVD_LMI_VCPU_CACHE_64BIT_BAR_HIGH,
 			upper_32_bits(adev->vcn.gpu_addr));
-	WREG32_SOC15(UVD, 0, mmUVD_VCPU_CACHE_OFFSET0,
-				AMDGPU_UVD_FIRMWARE_OFFSET >> 3);
+		offset = size;
+		WREG32_SOC15(UVD, 0, mmUVD_VCPU_CACHE_OFFSET0,
+			     AMDGPU_UVD_FIRMWARE_OFFSET >> 3);
+	}
+
 	WREG32_SOC15(UVD, 0, mmUVD_VCPU_CACHE_SIZE0, size);
 
 	WREG32_SOC15(UVD, 0, mmUVD_LMI_VCPU_CACHE1_64BIT_BAR_LOW,
-			lower_32_bits(adev->vcn.gpu_addr + size));
+		     lower_32_bits(adev->vcn.gpu_addr + offset));
 	WREG32_SOC15(UVD, 0, mmUVD_LMI_VCPU_CACHE1_64BIT_BAR_HIGH,
-			upper_32_bits(adev->vcn.gpu_addr + size));
+		     upper_32_bits(adev->vcn.gpu_addr + offset));
 	WREG32_SOC15(UVD, 0, mmUVD_VCPU_CACHE_OFFSET1, 0);
 	WREG32_SOC15(UVD, 0, mmUVD_VCPU_CACHE_SIZE1, AMDGPU_VCN_HEAP_SIZE);
 
 	WREG32_SOC15(UVD, 0, mmUVD_LMI_VCPU_CACHE2_64BIT_BAR_LOW,
-			lower_32_bits(adev->vcn.gpu_addr + size + AMDGPU_VCN_HEAP_SIZE));
+		     lower_32_bits(adev->vcn.gpu_addr + offset + AMDGPU_VCN_HEAP_SIZE));
 	WREG32_SOC15(UVD, 0, mmUVD_LMI_VCPU_CACHE2_64BIT_BAR_HIGH,
-			upper_32_bits(adev->vcn.gpu_addr + size + AMDGPU_VCN_HEAP_SIZE));
+		     upper_32_bits(adev->vcn.gpu_addr + offset + AMDGPU_VCN_HEAP_SIZE));
 	WREG32_SOC15(UVD, 0, mmUVD_VCPU_CACHE_OFFSET2, 0);
 	WREG32_SOC15(UVD, 0, mmUVD_VCPU_CACHE_SIZE2,
 			AMDGPU_VCN_STACK_SIZE + (AMDGPU_VCN_SESSION_SIZE * 40));



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 179/197] drm/amdgpu: fix incorrect use of fcheck
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (177 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 178/197] drm/amdgpu:add VCN booting with firmware loaded by PSP Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 180/197] drm/amdgpu: fix incorrect use of drm_file->pid Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christian König, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Christian König <christian.koenig@amd.com>

commit bce31d4c1ae8865d6382e3a27b07b4bb8e020ade upstream.

The usage isn't RCU protected.

Signed-off-by: Christian König <christian.koenig@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
CC: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c
@@ -53,7 +53,7 @@ static int amdgpu_sched_process_priority
 						  int fd,
 						  enum drm_sched_priority priority)
 {
-	struct file *filp = fcheck(fd);
+	struct file *filp = fget(fd);
 	struct drm_file *file;
 	struct pid *pid;
 	struct amdgpu_fpriv *fpriv;
@@ -78,6 +78,8 @@ static int amdgpu_sched_process_priority
 
 	put_pid(pid);
 
+	fput(filp);
+
 	return 0;
 }
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 180/197] drm/amdgpu: fix incorrect use of drm_file->pid
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (178 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 179/197] drm/amdgpu: fix incorrect use of fcheck Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 181/197] drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse" Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christian König, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Christian König <christian.koenig@amd.com>

commit c4aed87630d41ee54e2ee23d4583c3dd423296dd upstream.

That's the PID of the creator of the file (usually the X server) and not
the end user of the file.

Signed-off-by: Christian König <christian.koenig@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
CC: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c |   19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c
@@ -55,7 +55,6 @@ static int amdgpu_sched_process_priority
 {
 	struct file *filp = fget(fd);
 	struct drm_file *file;
-	struct pid *pid;
 	struct amdgpu_fpriv *fpriv;
 	struct amdgpu_ctx *ctx;
 	uint32_t id;
@@ -63,20 +62,10 @@ static int amdgpu_sched_process_priority
 	if (!filp)
 		return -EINVAL;
 
-	pid = get_pid(((struct drm_file *)filp->private_data)->pid);
-
-	mutex_lock(&adev->ddev->filelist_mutex);
-	list_for_each_entry(file, &adev->ddev->filelist, lhead) {
-		if (file->pid != pid)
-			continue;
-
-		fpriv = file->driver_priv;
-		idr_for_each_entry(&fpriv->ctx_mgr.ctx_handles, ctx, id)
-				amdgpu_ctx_priority_override(ctx, priority);
-	}
-	mutex_unlock(&adev->ddev->filelist_mutex);
-
-	put_pid(pid);
+	file = filp->private_data;
+	fpriv = file->driver_priv;
+	idr_for_each_entry(&fpriv->ctx_mgr.ctx_handles, ctx, id)
+		amdgpu_ctx_priority_override(ctx, priority);
 
 	fput(filp);
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 181/197] drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse"
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (179 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 180/197] drm/amdgpu: fix incorrect use of drm_file->pid Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 182/197] uapi/linux/keyctl.h: dont use C++ reserved keyword as a struct member name Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lyude Paul, Jan-Marek Glogowski,
	Rodrigo Vivi

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jan-Marek Glogowski <glogow@fbihome.de>

commit 399334708b4f07b107094e5db4a390f0f25d2d4f upstream.

This re-applies the workaround for "some DP sinks, [which] are a
little nuts" from commit 1a36147bb939 ("drm/i915: Perform link
quality check unconditionally during long pulse").
It makes the secondary AOC E2460P monitor connected via DP to an
acer Veriton N4640G usable again.

This hunk was dropped in commit c85d200e8321 ("drm/i915: Move SST
DP link retraining into the ->post_hotplug() hook")

Fixes: c85d200e8321 ("drm/i915: Move SST DP link retraining into the ->post_hotplug() hook")
[Cleaned up commit message, added stable cc]
Signed-off-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Jan-Marek Glogowski <glogow@fbihome.de>
Cc: stable@vger.kernel.org
Link: https://patchwork.freedesktop.org/patch/msgid/20180825191035.3945-1-lyude@redhat.com
(cherry picked from commit 3cf71bc9904d7ee4a25a822c5dcb54c7804ea388)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/intel_dp.c |   33 +++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

--- a/drivers/gpu/drm/i915/intel_dp.c
+++ b/drivers/gpu/drm/i915/intel_dp.c
@@ -4293,18 +4293,6 @@ intel_dp_needs_link_retrain(struct intel
 	return !drm_dp_channel_eq_ok(link_status, intel_dp->lane_count);
 }
 
-/*
- * If display is now connected check links status,
- * there has been known issues of link loss triggering
- * long pulse.
- *
- * Some sinks (eg. ASUS PB287Q) seem to perform some
- * weird HPD ping pong during modesets. So we can apparently
- * end up with HPD going low during a modeset, and then
- * going back up soon after. And once that happens we must
- * retrain the link to get a picture. That's in case no
- * userspace component reacted to intermittent HPD dip.
- */
 int intel_dp_retrain_link(struct intel_encoder *encoder,
 			  struct drm_modeset_acquire_ctx *ctx)
 {
@@ -4794,7 +4782,8 @@ intel_dp_unset_edid(struct intel_dp *int
 }
 
 static int
-intel_dp_long_pulse(struct intel_connector *connector)
+intel_dp_long_pulse(struct intel_connector *connector,
+		    struct drm_modeset_acquire_ctx *ctx)
 {
 	struct drm_i915_private *dev_priv = to_i915(connector->base.dev);
 	struct intel_dp *intel_dp = intel_attached_dp(&connector->base);
@@ -4853,6 +4842,22 @@ intel_dp_long_pulse(struct intel_connect
 		 */
 		status = connector_status_disconnected;
 		goto out;
+	} else {
+		/*
+		 * If display is now connected check links status,
+		 * there has been known issues of link loss triggering
+		 * long pulse.
+		 *
+		 * Some sinks (eg. ASUS PB287Q) seem to perform some
+		 * weird HPD ping pong during modesets. So we can apparently
+		 * end up with HPD going low during a modeset, and then
+		 * going back up soon after. And once that happens we must
+		 * retrain the link to get a picture. That's in case no
+		 * userspace component reacted to intermittent HPD dip.
+		 */
+		struct intel_encoder *encoder = &dp_to_dig_port(intel_dp)->base;
+
+		intel_dp_retrain_link(encoder, ctx);
 	}
 
 	/*
@@ -4914,7 +4919,7 @@ intel_dp_detect(struct drm_connector *co
 				return ret;
 		}
 
-		status = intel_dp_long_pulse(intel_dp->attached_connector);
+		status = intel_dp_long_pulse(intel_dp->attached_connector, ctx);
 	}
 
 	intel_dp->detect_done = false;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 182/197] uapi/linux/keyctl.h: dont use C++ reserved keyword as a struct member name
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (180 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 181/197] drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse" Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 183/197] mm: respect arch_dup_mmap() return value Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Andrew Morton,
	David Howells, James Morris, Serge E. Hallyn, Mat Martineau,
	Linus Torvalds

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Randy Dunlap <rdunlap@infradead.org>

commit 8a2336e549d385bb0b46880435b411df8d8200e8 upstream.

Since this header is in "include/uapi/linux/", apparently people want to
use it in userspace programs -- even in C++ ones.  However, the header
uses a C++ reserved keyword ("private"), so change that to "dh_private"
instead to allow the header file to be used in C++ userspace.

Fixes https://bugzilla.kernel.org/show_bug.cgi?id=191051
Link: http://lkml.kernel.org/r/0db6c314-1ef4-9bfa-1baa-7214dd2ee061@infradead.org
Fixes: ddbb41148724 ("KEYS: Add KEYCTL_DH_COMPUTE command")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Mat Martineau <mathew.j.martineau@linux.intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/uapi/linux/keyctl.h |    2 +-
 security/keys/dh.c          |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- a/include/uapi/linux/keyctl.h
+++ b/include/uapi/linux/keyctl.h
@@ -65,7 +65,7 @@
 
 /* keyctl structures */
 struct keyctl_dh_params {
-	__s32 private;
+	__s32 dh_private;
 	__s32 prime;
 	__s32 base;
 };
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -300,7 +300,7 @@ long __keyctl_dh_compute(struct keyctl_d
 	}
 	dh_inputs.g_size = dlen;
 
-	dlen = dh_data_from_key(pcopy.private, &dh_inputs.key);
+	dlen = dh_data_from_key(pcopy.dh_private, &dh_inputs.key);
 	if (dlen < 0) {
 		ret = dlen;
 		goto out2;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 183/197] mm: respect arch_dup_mmap() return value
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (181 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 182/197] uapi/linux/keyctl.h: dont use C++ reserved keyword as a struct member name Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 184/197] drm/i915: set DP Main Stream Attribute for color range on DDI platforms Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nadav Amit, Michal Hocko,
	Andrew Morton, Linus Torvalds

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Nadav Amit <namit@vmware.com>

commit 1ed0cc5a01a4d868d9907ce96468c4b4c6709556 upstream.

Commit d70f2a14b72a ("include/linux/sched/mm.h: uninline mmdrop_async(),
etc") ignored the return value of arch_dup_mmap(). As a result, on x86,
a failure to duplicate the LDT (e.g. due to memory allocation error)
would leave the duplicated memory mapping in an inconsistent state.

Fix by using the return value, as it was before the change.

Link: http://lkml.kernel.org/r/20180823051229.211856-1-namit@vmware.com
Fixes: d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc")
Signed-off-by: Nadav Amit <namit@vmware.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

---
 kernel/fork.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -549,8 +549,7 @@ static __latent_entropy int dup_mmap(str
 			goto out;
 	}
 	/* a new mm has just been created */
-	arch_dup_mmap(oldmm, mm);
-	retval = 0;
+	retval = arch_dup_mmap(oldmm, mm);
 out:
 	up_write(&mm->mmap_sem);
 	flush_tlb_mm(oldmm);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 184/197] drm/i915: set DP Main Stream Attribute for color range on DDI platforms
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (182 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 183/197] mm: respect arch_dup_mmap() return value Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 185/197] x86/tsc: Prevent result truncation on 32bit Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Michał Kopeć, N. W.,
	Nicholas Stommel, Tom Yan, Paulo Zanoni, Rodrigo Vivi,
	Ville Syrjälä,
	Jani Nikula

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jani Nikula <jani.nikula@intel.com>

commit 6209c285e7a5e68dbcdf8fd2456c6dd68433806b upstream.

Since Haswell we have no color range indication either in the pipe or
port registers for DP. Instead, there's a separate register for setting
the DP Main Stream Attributes (MSA) directly. The MSA register
definition makes no references to colorimetry, just a vague reference to
the DP spec. The connection to the color range was lost.

Apparently we've failed to set the proper MSA bit for limited, or CEA,
range ever since the first DDI platforms. We've started setting other
MSA parameters since commit dae847991a43 ("drm/i915: add
intel_ddi_set_pipe_settings").

Without the crucial bit of information, the DP sink has no way of
knowing the source is actually transmitting limited range RGB, leading
to "washed out" colors. With the colorimetry information, compliant
sinks should be able to handle the limited range properly. Native
(i.e. non-LSPCON) HDMI was not affected because we do pass the color
range via AVI infoframes.

Though not the root cause, the problem was made worse for DDI platforms
with commit 55bc60db5988 ("drm/i915: Add "Automatic" mode for the
"Broadcast RGB" property"), which selects limited range RGB
automatically based on the mode, as per the DP, HDMI and CEA specs.

After all these years, the fix boils down to flipping one bit.

[Per testing reports, this fixes DP sinks, but not the LSPCON. My
 educated guess is that the LSPCON fails to turn the CEA range MSA into
 AVI infoframes for HDMI.]

Reported-by: Michał Kopeć <mkopec12@gmail.com>
Reported-by: N. W. <nw9165-3201@yahoo.com>
Reported-by: Nicholas Stommel <nicholas.stommel@gmail.com>
Reported-by: Tom Yan <tom.ty89@gmail.com>
Tested-by: Nicholas Stommel <nicholas.stommel@gmail.com>
References: https://bugs.freedesktop.org/show_bug.cgi?id=100023
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107476
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=94921
Cc: Paulo Zanoni <paulo.r.zanoni@intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: <stable@vger.kernel.org> # v3.9+
Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180814060001.18224-1-jani.nikula@intel.com
(cherry picked from commit dc5977da99ea28094b8fa4e9bacbd29bedc41de5)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/i915_reg.h  |    1 +
 drivers/gpu/drm/i915/intel_ddi.c |    4 ++++
 2 files changed, 5 insertions(+)

--- a/drivers/gpu/drm/i915/i915_reg.h
+++ b/drivers/gpu/drm/i915/i915_reg.h
@@ -8825,6 +8825,7 @@ enum skl_power_gate {
 #define  TRANS_MSA_10_BPC		(2<<5)
 #define  TRANS_MSA_12_BPC		(3<<5)
 #define  TRANS_MSA_16_BPC		(4<<5)
+#define  TRANS_MSA_CEA_RANGE		(1<<3)
 
 /* LCPLL Control */
 #define LCPLL_CTL			_MMIO(0x130040)
--- a/drivers/gpu/drm/i915/intel_ddi.c
+++ b/drivers/gpu/drm/i915/intel_ddi.c
@@ -1659,6 +1659,10 @@ void intel_ddi_set_pipe_settings(const s
 	WARN_ON(transcoder_is_dsi(cpu_transcoder));
 
 	temp = TRANS_MSA_SYNC_CLK;
+
+	if (crtc_state->limited_color_range)
+		temp |= TRANS_MSA_CEA_RANGE;
+
 	switch (crtc_state->pipe_bpp) {
 	case 18:
 		temp |= TRANS_MSA_6_BPC;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 185/197] x86/tsc: Prevent result truncation on 32bit
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (183 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 184/197] drm/i915: set DP Main Stream Attribute for color range on DDI platforms Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 186/197] drm/amdgpu: Keep track of amount of pinned CPU visible VRAM Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chuanhua Lei, Thomas Gleixner,
	yixin.zhu, H. Peter Anvin, Peter Zijlstra, Len Brown,
	Pavel Tatashin, Rajvi Jingar, Dou Liyang

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Chuanhua Lei <chuanhua.lei@linux.intel.com>

commit 17f6bac2249356c795339e03a0742cd79be3cab8 upstream.

Loops per jiffy is calculated by multiplying tsc_khz with 1e3 and then
dividing it by HZ.

Both tsc_khz and the temporary variable holding the multiplication result
are of type unsigned long, so on 32bit the result is truncated to the lower
32bit.

Use u64 as type for the temporary variable and cast tsc_khz to it before
multiplying.

[ tglx: Massaged changelog and removed pointless braces ]

[ tglx: Backport to stable. Due to massive code changes is the upstream
  	commit not applicable anymore. The issue has gone unnoticed in
  	kernels pre 4.19 because the bogus LPJ value gets fixed up in a
  	later stage of early boot, but it still might cause subtle and hard
  	to debug issues between these two points. ]

Fixes: cf7a63ef4e02 ("x86/tsc: Calibrate tsc only once")
Signed-off-by: Chuanhua Lei <chuanhua.lei@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: yixin.zhu@linux.intel.com
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Len Brown <len.brown@intel.com>
Cc: Pavel Tatashin <pasha.tatashin@microsoft.com>
Cc: Rajvi Jingar <rajvi.jingar@intel.com>
Cc: Dou Liyang <douly.fnst@cn.fujitsu.com>
Link: https://lkml.kernel.org/r/1536228203-18701-1-git-send-email-chuanhua.lei@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/tsc.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -1343,7 +1343,7 @@ device_initcall(init_tsc_clocksource);
 
 void __init tsc_early_delay_calibrate(void)
 {
-	unsigned long lpj;
+	u64 lpj;
 
 	if (!boot_cpu_has(X86_FEATURE_TSC))
 		return;
@@ -1355,7 +1355,7 @@ void __init tsc_early_delay_calibrate(vo
 	if (!tsc_khz)
 		return;
 
-	lpj = tsc_khz * 1000;
+	lpj = (u64)tsc_khz * 1000;
 	do_div(lpj, HZ);
 	loops_per_jiffy = lpj;
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 186/197] drm/amdgpu: Keep track of amount of pinned CPU visible VRAM
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (184 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 185/197] x86/tsc: Prevent result truncation on 32bit Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 187/197] drm/amdgpu: Make pin_size values atomic Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christian König,
	Michel Dänzer, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michel Dänzer <michel.daenzer@amd.com>

commit ddc21af4d0f37f42b33c54cb69b215997fe5b082 upstream.

Instead of CPU invisible VRAM. Preparation for the following, no
functional change intended.

v2:
* Also change amdgpu_vram_mgr_bo_invisible_size to
  amdgpu_vram_mgr_bo_visible_size, allowing further simplification
  (Christian König)

Cc: stable@vger.kernel.org
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


---
 drivers/gpu/drm/amd/amdgpu/amdgpu.h          |    2 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c      |    5 ++---
 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c   |    4 ++--
 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h      |    2 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c |   20 ++++++++------------
 5 files changed, 14 insertions(+), 19 deletions(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
@@ -1580,7 +1580,7 @@ struct amdgpu_device {
 
 	/* tracking pinned memory */
 	u64 vram_pin_size;
-	u64 invisible_pin_size;
+	u64 visible_pin_size;
 	u64 gart_pin_size;
 
 	/* amdkfd interface */
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
@@ -497,7 +497,7 @@ static int amdgpu_info_ioctl(struct drm_
 		vram_gtt.vram_size = adev->gmc.real_vram_size;
 		vram_gtt.vram_size -= adev->vram_pin_size;
 		vram_gtt.vram_cpu_accessible_size = adev->gmc.visible_vram_size;
-		vram_gtt.vram_cpu_accessible_size -= (adev->vram_pin_size - adev->invisible_pin_size);
+		vram_gtt.vram_cpu_accessible_size -= adev->visible_pin_size;
 		vram_gtt.gtt_size = adev->mman.bdev.man[TTM_PL_TT].size;
 		vram_gtt.gtt_size *= PAGE_SIZE;
 		vram_gtt.gtt_size -= adev->gart_pin_size;
@@ -518,8 +518,7 @@ static int amdgpu_info_ioctl(struct drm_
 		mem.cpu_accessible_vram.total_heap_size =
 			adev->gmc.visible_vram_size;
 		mem.cpu_accessible_vram.usable_heap_size =
-			adev->gmc.visible_vram_size -
-			(adev->vram_pin_size - adev->invisible_pin_size);
+			adev->gmc.visible_vram_size - adev->visible_pin_size;
 		mem.cpu_accessible_vram.heap_usage =
 			amdgpu_vram_mgr_vis_usage(&adev->mman.bdev.man[TTM_PL_VRAM]);
 		mem.cpu_accessible_vram.max_allocation =
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
@@ -762,7 +762,7 @@ int amdgpu_bo_pin_restricted(struct amdg
 	domain = amdgpu_mem_type_to_domain(bo->tbo.mem.mem_type);
 	if (domain == AMDGPU_GEM_DOMAIN_VRAM) {
 		adev->vram_pin_size += amdgpu_bo_size(bo);
-		adev->invisible_pin_size += amdgpu_vram_mgr_bo_invisible_size(bo);
+		adev->visible_pin_size += amdgpu_vram_mgr_bo_visible_size(bo);
 	} else if (domain == AMDGPU_GEM_DOMAIN_GTT) {
 		adev->gart_pin_size += amdgpu_bo_size(bo);
 	}
@@ -792,7 +792,7 @@ int amdgpu_bo_unpin(struct amdgpu_bo *bo
 
 	if (bo->tbo.mem.mem_type == TTM_PL_VRAM) {
 		adev->vram_pin_size -= amdgpu_bo_size(bo);
-		adev->invisible_pin_size -= amdgpu_vram_mgr_bo_invisible_size(bo);
+		adev->visible_pin_size -= amdgpu_vram_mgr_bo_visible_size(bo);
 	} else if (bo->tbo.mem.mem_type == TTM_PL_TT) {
 		adev->gart_pin_size -= amdgpu_bo_size(bo);
 	}
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h
@@ -73,7 +73,7 @@ bool amdgpu_gtt_mgr_has_gart_addr(struct
 uint64_t amdgpu_gtt_mgr_usage(struct ttm_mem_type_manager *man);
 int amdgpu_gtt_mgr_recover(struct ttm_mem_type_manager *man);
 
-u64 amdgpu_vram_mgr_bo_invisible_size(struct amdgpu_bo *bo);
+u64 amdgpu_vram_mgr_bo_visible_size(struct amdgpu_bo *bo);
 uint64_t amdgpu_vram_mgr_usage(struct ttm_mem_type_manager *man);
 uint64_t amdgpu_vram_mgr_vis_usage(struct ttm_mem_type_manager *man);
 
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c
@@ -97,33 +97,29 @@ static u64 amdgpu_vram_mgr_vis_size(stru
 }
 
 /**
- * amdgpu_vram_mgr_bo_invisible_size - CPU invisible BO size
+ * amdgpu_vram_mgr_bo_visible_size - CPU visible BO size
  *
  * @bo: &amdgpu_bo buffer object (must be in VRAM)
  *
  * Returns:
- * How much of the given &amdgpu_bo buffer object lies in CPU invisible VRAM.
+ * How much of the given &amdgpu_bo buffer object lies in CPU visible VRAM.
  */
-u64 amdgpu_vram_mgr_bo_invisible_size(struct amdgpu_bo *bo)
+u64 amdgpu_vram_mgr_bo_visible_size(struct amdgpu_bo *bo)
 {
 	struct amdgpu_device *adev = amdgpu_ttm_adev(bo->tbo.bdev);
 	struct ttm_mem_reg *mem = &bo->tbo.mem;
 	struct drm_mm_node *nodes = mem->mm_node;
 	unsigned pages = mem->num_pages;
-	u64 usage = 0;
+	u64 usage;
 
 	if (adev->gmc.visible_vram_size == adev->gmc.real_vram_size)
-		return 0;
+		return amdgpu_bo_size(bo);
 
 	if (mem->start >= adev->gmc.visible_vram_size >> PAGE_SHIFT)
-		return amdgpu_bo_size(bo);
+		return 0;
 
-	while (nodes && pages) {
-		usage += nodes->size << PAGE_SHIFT;
-		usage -= amdgpu_vram_mgr_vis_size(adev, nodes);
-		pages -= nodes->size;
-		++nodes;
-	}
+	for (usage = 0; nodes && pages; pages -= nodes->size, nodes++)
+		usage += amdgpu_vram_mgr_vis_size(adev, nodes);
 
 	return usage;
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 187/197] drm/amdgpu: Make pin_size values atomic
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (185 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 186/197] drm/amdgpu: Keep track of amount of pinned CPU visible VRAM Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 188/197] drm/amdgpu: Warn and update pin_size values when destroying a pinned BO Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christian König,
	Michel Dänzer, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michel Dänzer <michel.daenzer@amd.com>

commit a5ccfe5c20740f2fbf00291490cdf8d2373ec255 upstream.

Concurrent execution of the non-atomic arithmetic could result in
completely bogus values.

v2:
* Rebased on v2 of the previous patch

Cc: stable@vger.kernel.org
Bugzilla: https://bugs.freedesktop.org/106872
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu.h        |    6 +++---
 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c     |    2 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c    |   22 +++++++++++-----------
 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c |   14 ++++++++------
 4 files changed, 23 insertions(+), 21 deletions(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
@@ -1579,9 +1579,9 @@ struct amdgpu_device {
 	DECLARE_HASHTABLE(mn_hash, 7);
 
 	/* tracking pinned memory */
-	u64 vram_pin_size;
-	u64 visible_pin_size;
-	u64 gart_pin_size;
+	atomic64_t vram_pin_size;
+	atomic64_t visible_pin_size;
+	atomic64_t gart_pin_size;
 
 	/* amdkfd interface */
 	struct kfd_dev          *kfd;
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -257,7 +257,7 @@ static void amdgpu_cs_get_threshold_for_
 		return;
 	}
 
-	total_vram = adev->gmc.real_vram_size - adev->vram_pin_size;
+	total_vram = adev->gmc.real_vram_size - atomic64_read(&adev->vram_pin_size);
 	used_vram = amdgpu_vram_mgr_usage(&adev->mman.bdev.man[TTM_PL_VRAM]);
 	free_vram = used_vram >= total_vram ? 0 : total_vram - used_vram;
 
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
@@ -494,13 +494,13 @@ static int amdgpu_info_ioctl(struct drm_
 	case AMDGPU_INFO_VRAM_GTT: {
 		struct drm_amdgpu_info_vram_gtt vram_gtt;
 
-		vram_gtt.vram_size = adev->gmc.real_vram_size;
-		vram_gtt.vram_size -= adev->vram_pin_size;
-		vram_gtt.vram_cpu_accessible_size = adev->gmc.visible_vram_size;
-		vram_gtt.vram_cpu_accessible_size -= adev->visible_pin_size;
+		vram_gtt.vram_size = adev->gmc.real_vram_size -
+			atomic64_read(&adev->vram_pin_size);
+		vram_gtt.vram_cpu_accessible_size = adev->gmc.visible_vram_size -
+			atomic64_read(&adev->visible_pin_size);
 		vram_gtt.gtt_size = adev->mman.bdev.man[TTM_PL_TT].size;
 		vram_gtt.gtt_size *= PAGE_SIZE;
-		vram_gtt.gtt_size -= adev->gart_pin_size;
+		vram_gtt.gtt_size -= atomic64_read(&adev->gart_pin_size);
 		return copy_to_user(out, &vram_gtt,
 				    min((size_t)size, sizeof(vram_gtt))) ? -EFAULT : 0;
 	}
@@ -509,16 +509,16 @@ static int amdgpu_info_ioctl(struct drm_
 
 		memset(&mem, 0, sizeof(mem));
 		mem.vram.total_heap_size = adev->gmc.real_vram_size;
-		mem.vram.usable_heap_size =
-			adev->gmc.real_vram_size - adev->vram_pin_size;
+		mem.vram.usable_heap_size = adev->gmc.real_vram_size -
+			atomic64_read(&adev->vram_pin_size);
 		mem.vram.heap_usage =
 			amdgpu_vram_mgr_usage(&adev->mman.bdev.man[TTM_PL_VRAM]);
 		mem.vram.max_allocation = mem.vram.usable_heap_size * 3 / 4;
 
 		mem.cpu_accessible_vram.total_heap_size =
 			adev->gmc.visible_vram_size;
-		mem.cpu_accessible_vram.usable_heap_size =
-			adev->gmc.visible_vram_size - adev->visible_pin_size;
+		mem.cpu_accessible_vram.usable_heap_size = adev->gmc.visible_vram_size -
+			atomic64_read(&adev->visible_pin_size);
 		mem.cpu_accessible_vram.heap_usage =
 			amdgpu_vram_mgr_vis_usage(&adev->mman.bdev.man[TTM_PL_VRAM]);
 		mem.cpu_accessible_vram.max_allocation =
@@ -526,8 +526,8 @@ static int amdgpu_info_ioctl(struct drm_
 
 		mem.gtt.total_heap_size = adev->mman.bdev.man[TTM_PL_TT].size;
 		mem.gtt.total_heap_size *= PAGE_SIZE;
-		mem.gtt.usable_heap_size = mem.gtt.total_heap_size
-			- adev->gart_pin_size;
+		mem.gtt.usable_heap_size = mem.gtt.total_heap_size -
+			atomic64_read(&adev->gart_pin_size);
 		mem.gtt.heap_usage =
 			amdgpu_gtt_mgr_usage(&adev->mman.bdev.man[TTM_PL_TT]);
 		mem.gtt.max_allocation = mem.gtt.usable_heap_size * 3 / 4;
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
@@ -761,10 +761,11 @@ int amdgpu_bo_pin_restricted(struct amdg
 
 	domain = amdgpu_mem_type_to_domain(bo->tbo.mem.mem_type);
 	if (domain == AMDGPU_GEM_DOMAIN_VRAM) {
-		adev->vram_pin_size += amdgpu_bo_size(bo);
-		adev->visible_pin_size += amdgpu_vram_mgr_bo_visible_size(bo);
+		atomic64_add(amdgpu_bo_size(bo), &adev->vram_pin_size);
+		atomic64_add(amdgpu_vram_mgr_bo_visible_size(bo),
+			     &adev->visible_pin_size);
 	} else if (domain == AMDGPU_GEM_DOMAIN_GTT) {
-		adev->gart_pin_size += amdgpu_bo_size(bo);
+		atomic64_add(amdgpu_bo_size(bo), &adev->gart_pin_size);
 	}
 
 error:
@@ -791,10 +792,11 @@ int amdgpu_bo_unpin(struct amdgpu_bo *bo
 		return 0;
 
 	if (bo->tbo.mem.mem_type == TTM_PL_VRAM) {
-		adev->vram_pin_size -= amdgpu_bo_size(bo);
-		adev->visible_pin_size -= amdgpu_vram_mgr_bo_visible_size(bo);
+		atomic64_sub(amdgpu_bo_size(bo), &adev->vram_pin_size);
+		atomic64_sub(amdgpu_vram_mgr_bo_visible_size(bo),
+			     &adev->visible_pin_size);
 	} else if (bo->tbo.mem.mem_type == TTM_PL_TT) {
-		adev->gart_pin_size -= amdgpu_bo_size(bo);
+		atomic64_sub(amdgpu_bo_size(bo), &adev->gart_pin_size);
 	}
 
 	for (i = 0; i < bo->placement.num_placement; i++) {



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 188/197] drm/amdgpu: Warn and update pin_size values when destroying a pinned BO
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (186 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 187/197] drm/amdgpu: Make pin_size values atomic Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 189/197] drm/amdgpu: Dont warn on " Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christian König,
	Michel Dänzer, Alex Deucher

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michel Dänzer <michel.daenzer@amd.com>

commit 15e6b76880e65be24250e30986084b5569b7a06f upstream.

This shouldn't happen, but if it does, we'll get a backtrace of the
caller, and update the pin_size values as needed.

v2:
* Check bo->pin_count instead of placement flags (Christian König)

Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c |   32 ++++++++++++++++++++++-------
 1 file changed, 25 insertions(+), 7 deletions(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
@@ -50,11 +50,35 @@ static bool amdgpu_need_backup(struct am
 	return true;
 }
 
+/**
+ * amdgpu_bo_subtract_pin_size - Remove BO from pin_size accounting
+ *
+ * @bo: &amdgpu_bo buffer object
+ *
+ * This function is called when a BO stops being pinned, and updates the
+ * &amdgpu_device pin_size values accordingly.
+ */
+static void amdgpu_bo_subtract_pin_size(struct amdgpu_bo *bo)
+{
+	struct amdgpu_device *adev = amdgpu_ttm_adev(bo->tbo.bdev);
+
+	if (bo->tbo.mem.mem_type == TTM_PL_VRAM) {
+		atomic64_sub(amdgpu_bo_size(bo), &adev->vram_pin_size);
+		atomic64_sub(amdgpu_vram_mgr_bo_visible_size(bo),
+			     &adev->visible_pin_size);
+	} else if (bo->tbo.mem.mem_type == TTM_PL_TT) {
+		atomic64_sub(amdgpu_bo_size(bo), &adev->gart_pin_size);
+	}
+}
+
 static void amdgpu_ttm_bo_destroy(struct ttm_buffer_object *tbo)
 {
 	struct amdgpu_device *adev = amdgpu_ttm_adev(tbo->bdev);
 	struct amdgpu_bo *bo = ttm_to_amdgpu_bo(tbo);
 
+	if (WARN_ON_ONCE(bo->pin_count > 0))
+		amdgpu_bo_subtract_pin_size(bo);
+
 	if (bo->kfd_bo)
 		amdgpu_amdkfd_unreserve_system_memory_limit(bo);
 
@@ -791,13 +815,7 @@ int amdgpu_bo_unpin(struct amdgpu_bo *bo
 	if (bo->pin_count)
 		return 0;
 
-	if (bo->tbo.mem.mem_type == TTM_PL_VRAM) {
-		atomic64_sub(amdgpu_bo_size(bo), &adev->vram_pin_size);
-		atomic64_sub(amdgpu_vram_mgr_bo_visible_size(bo),
-			     &adev->visible_pin_size);
-	} else if (bo->tbo.mem.mem_type == TTM_PL_TT) {
-		atomic64_sub(amdgpu_bo_size(bo), &adev->gart_pin_size);
-	}
+	amdgpu_bo_subtract_pin_size(bo);
 
 	for (i = 0; i < bo->placement.num_placement; i++) {
 		bo->placements[i].lpfn = 0;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 189/197] drm/amdgpu: Dont warn on destroying a pinned BO
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (187 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 188/197] drm/amdgpu: Warn and update pin_size values when destroying a pinned BO Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 190/197] debugobjects: Make stack check warning more informative Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alex Deucher, Mike Lothian,
	Michel Dänzer

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michel Dänzer <michel.daenzer@amd.com>

commit 456607d816d89a442a3d5ec98b02c8bc950b5228 upstream.

The warning turned out to be not so useful, as BO destruction tends to
be deferred to a workqueue.

Also, we should be preventing any damage from this now, so not really
important anymore to fix code doing this.

Acked-by: Alex Deucher <alexander.deucher@amd.com>
Tested-by: Mike Lothian <mike@fireburn.co.uk>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
@@ -76,7 +76,7 @@ static void amdgpu_ttm_bo_destroy(struct
 	struct amdgpu_device *adev = amdgpu_ttm_adev(tbo->bdev);
 	struct amdgpu_bo *bo = ttm_to_amdgpu_bo(tbo);
 
-	if (WARN_ON_ONCE(bo->pin_count > 0))
+	if (bo->pin_count > 0)
 		amdgpu_bo_subtract_pin_size(bo);
 
 	if (bo->kfd_bo)



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 190/197] debugobjects: Make stack check warning more informative
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (188 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 189/197] drm/amdgpu: Dont warn on " Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 191/197] x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Joel Fernandes (Google),
	Thomas Gleixner, Waiman Long, Yang Shi, kernel-team,
	Arnd Bergmann, astrachan

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Joel Fernandes (Google) <joel@joelfernandes.org>

commit fc91a3c4c27acdca0bc13af6fbb68c35cfd519f2 upstream.

While debugging an issue debugobject tracking warned about an annotation
issue of an object on stack. It turned out that the issue was due to the
object in concern being on a different stack which was due to another
issue.

Thomas suggested to print the pointers and the location of the stack for
the currently running task. This helped to figure out that the object was
on the wrong stack.

As this is general useful information for debugging similar issues, make
the error message more informative by printing the pointers.

[ tglx: Massaged changelog ]

Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Waiman Long <longman@redhat.com>
Acked-by: Yang Shi <yang.shi@linux.alibaba.com>
Cc: kernel-team@android.com
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: astrachan@google.com
Link: https://lkml.kernel.org/r/20180723212531.202328-1-joel@joelfernandes.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 lib/debugobjects.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -360,9 +360,12 @@ static void debug_object_is_on_stack(voi
 
 	limit++;
 	if (is_on_stack)
-		pr_warn("object is on stack, but not annotated\n");
+		pr_warn("object %p is on stack %p, but NOT annotated.\n", addr,
+			 task_stack_page(current));
 	else
-		pr_warn("object is not on stack, but annotated\n");
+		pr_warn("object %p is NOT on stack %p, but annotated.\n", addr,
+			 task_stack_page(current));
+
 	WARN_ON(1);
 }
 



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 191/197] x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (189 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 190/197] debugobjects: Make stack check warning more informative Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 192/197] x86/xen: dont write ptes directly in 32-bit PV guests Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Juergen Gross, Thomas Gleixner,
	Jan Beulich, Jason Andryuk, Boris Ostrovsky

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Juergen Gross <jgross@suse.com>

commit b2d7a075a1ccef2fb321d595802190c8e9b39004 upstream.

Using only 32-bit writes for the pte will result in an intermediate
L1TF vulnerable PTE. When running as a Xen PV guest this will at once
switch the guest to shadow mode resulting in a loss of performance.

Use arch_atomic64_xchg() instead which will perform the requested
operation atomically with all 64 bits.

Some performance considerations according to:

https://software.intel.com/sites/default/files/managed/ad/dc/Intel-Xeon-Scalable-Processor-throughput-latency.pdf

The main number should be the latency, as there is no tight loop around
native_ptep_get_and_clear().

"lock cmpxchg8b" has a latency of 20 cycles, while "lock xchg" (with a
memory operand) isn't mentioned in that document. "lock xadd" (with xadd
having 3 cycles less latency than xchg) has a latency of 11, so we can
assume a latency of 14 for "lock xchg".

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/include/asm/pgtable-3level.h |    7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

--- a/arch/x86/include/asm/pgtable-3level.h
+++ b/arch/x86/include/asm/pgtable-3level.h
@@ -2,6 +2,8 @@
 #ifndef _ASM_X86_PGTABLE_3LEVEL_H
 #define _ASM_X86_PGTABLE_3LEVEL_H
 
+#include <asm/atomic64_32.h>
+
 /*
  * Intel Physical Address Extension (PAE) Mode - three-level page
  * tables on PPro+ CPUs.
@@ -147,10 +149,7 @@ static inline pte_t native_ptep_get_and_
 {
 	pte_t res;
 
-	/* xchg acts as a barrier before the setting of the high bits */
-	res.pte_low = xchg(&ptep->pte_low, 0);
-	res.pte_high = ptep->pte_high;
-	ptep->pte_high = 0;
+	res.pte = (pteval_t)arch_atomic64_xchg((atomic64_t *)ptep, 0);
 
 	return res;
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 192/197] x86/xen: dont write ptes directly in 32-bit PV guests
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (190 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 191/197] x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 193/197] kbuild: make missing $DEPMOD a Warning instead of an Error Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Juergen Gross, Jan Beulich, Boris Ostrovsky

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Juergen Gross <jgross@suse.com>

commit f7c90c2aa4004808dff777ba6ae2c7294dd06851 upstream.

In some cases 32-bit PAE PV guests still write PTEs directly instead of
using hypercalls. This is especially bad when clearing a PTE as this is
done via 32-bit writes which will produce intermediate L1TF attackable
PTEs.

Change the code to use hypercalls instead.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/xen/mmu_pv.c |    7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

--- a/arch/x86/xen/mmu_pv.c
+++ b/arch/x86/xen/mmu_pv.c
@@ -434,14 +434,13 @@ static void xen_set_pud(pud_t *ptr, pud_
 static void xen_set_pte_atomic(pte_t *ptep, pte_t pte)
 {
 	trace_xen_mmu_set_pte_atomic(ptep, pte);
-	set_64bit((u64 *)ptep, native_pte_val(pte));
+	__xen_set_pte(ptep, pte);
 }
 
 static void xen_pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
 {
 	trace_xen_mmu_pte_clear(mm, addr, ptep);
-	if (!xen_batched_set_pte(ptep, native_make_pte(0)))
-		native_pte_clear(mm, addr, ptep);
+	__xen_set_pte(ptep, native_make_pte(0));
 }
 
 static void xen_pmd_clear(pmd_t *pmdp)
@@ -1571,7 +1570,7 @@ static void __init xen_set_pte_init(pte_
 		pte = __pte_ma(((pte_val_ma(*ptep) & _PAGE_RW) | ~_PAGE_RW) &
 			       pte_val_ma(pte));
 #endif
-	native_set_pte(ptep, pte);
+	__xen_set_pte(ptep, pte);
 }
 
 /* Early in boot, while setting up the initial pagetable, assume



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 193/197] kbuild: make missing $DEPMOD a Warning instead of an Error
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (191 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 192/197] x86/xen: dont write ptes directly in 32-bit PV guests Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 194/197] kvm: x86: Set highest physical address bits in non-present/reserved SPTEs Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Randy Dunlap, H. Nikolaus Schaller,
	Lucas De Marchi, Lucas De Marchi, Michal Marek, Jessica Yu,
	Chih-Wei Huang, Masahiro Yamada

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Randy Dunlap <rdunlap@infradead.org>

commit 914b087ff9e0e9a399a4927fa30793064afc0178 upstream.

When $DEPMOD is not found, only print a warning instead of exiting
with an error message and error status:

Warning: 'make modules_install' requires /sbin/depmod. Please install it.
This is probably in the kmod package.

Change the Error to a Warning because "not all build hosts for cross
compiling Linux are Linux systems and are able to provide a working
port of depmod, especially at the file patch /sbin/depmod."

I.e., "make modules_install" may be used to copy/install the
loadable modules files to a target directory on a build system and
then transferred to an embedded device where /sbin/depmod is run
instead of it being run on the build system.

Fixes: 934193a654c1 ("kbuild: verify that $DEPMOD is installed")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: H. Nikolaus Schaller <hns@goldelico.com>
Cc: stable@vger.kernel.org
Cc: Lucas De Marchi <lucas.demarchi@profusion.mobi>
Cc: Lucas De Marchi <lucas.de.marchi@gmail.com>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: Jessica Yu <jeyu@kernel.org>
Cc: Chih-Wei Huang <cwhuang@linux.org.tw>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 scripts/depmod.sh |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/scripts/depmod.sh
+++ b/scripts/depmod.sh
@@ -15,9 +15,9 @@ if ! test -r System.map ; then
 fi
 
 if [ -z $(command -v $DEPMOD) ]; then
-	echo "'make modules_install' requires $DEPMOD. Please install it." >&2
+	echo "Warning: 'make modules_install' requires $DEPMOD. Please install it." >&2
 	echo "This is probably in the kmod package." >&2
-	exit 1
+	exit 0
 fi
 
 # older versions of depmod require the version string to start with three



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 194/197] kvm: x86: Set highest physical address bits in non-present/reserved SPTEs
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (192 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 193/197] kbuild: make missing $DEPMOD a Warning instead of an Error Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 195/197] x86: kvm: avoid unused variable warning Greg Kroah-Hartman
                   ` (4 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Junaid Shahid, Paolo Bonzini

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Junaid Shahid <junaids@google.com>

commit 28a1f3ac1d0c8558ee4453d9634dad891a6e922e upstream.

Always set the 5 upper-most supported physical address bits to 1 for SPTEs
that are marked as non-present or reserved, to make them unusable for
L1TF attacks from the guest. Currently, this just applies to MMIO SPTEs.
(We do not need to mark PTEs that are completely 0 as physical page 0
is already reserved.)

This allows mitigation of L1TF without disabling hyper-threading by using
shadow paging mode instead of EPT.

Signed-off-by: Junaid Shahid <junaids@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/mmu.c |   43 ++++++++++++++++++++++++++++++++++++++-----
 arch/x86/kvm/x86.c |    8 ++++++--
 2 files changed, 44 insertions(+), 7 deletions(-)

--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -221,6 +221,17 @@ static const u64 shadow_acc_track_saved_
 						    PT64_EPT_EXECUTABLE_MASK;
 static const u64 shadow_acc_track_saved_bits_shift = PT64_SECOND_AVAIL_BITS_SHIFT;
 
+/*
+ * This mask must be set on all non-zero Non-Present or Reserved SPTEs in order
+ * to guard against L1TF attacks.
+ */
+static u64 __read_mostly shadow_nonpresent_or_rsvd_mask;
+
+/*
+ * The number of high-order 1 bits to use in the mask above.
+ */
+static const u64 shadow_nonpresent_or_rsvd_mask_len = 5;
+
 static void mmu_spte_set(u64 *sptep, u64 spte);
 
 void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask, u64 mmio_value)
@@ -308,9 +319,13 @@ static void mark_mmio_spte(struct kvm_vc
 {
 	unsigned int gen = kvm_current_mmio_generation(vcpu);
 	u64 mask = generation_mmio_spte_mask(gen);
+	u64 gpa = gfn << PAGE_SHIFT;
 
 	access &= ACC_WRITE_MASK | ACC_USER_MASK;
-	mask |= shadow_mmio_value | access | gfn << PAGE_SHIFT;
+	mask |= shadow_mmio_value | access;
+	mask |= gpa | shadow_nonpresent_or_rsvd_mask;
+	mask |= (gpa & shadow_nonpresent_or_rsvd_mask)
+		<< shadow_nonpresent_or_rsvd_mask_len;
 
 	trace_mark_mmio_spte(sptep, gfn, access, gen);
 	mmu_spte_set(sptep, mask);
@@ -323,8 +338,14 @@ static bool is_mmio_spte(u64 spte)
 
 static gfn_t get_mmio_spte_gfn(u64 spte)
 {
-	u64 mask = generation_mmio_spte_mask(MMIO_GEN_MASK) | shadow_mmio_mask;
-	return (spte & ~mask) >> PAGE_SHIFT;
+	u64 mask = generation_mmio_spte_mask(MMIO_GEN_MASK) | shadow_mmio_mask |
+		   shadow_nonpresent_or_rsvd_mask;
+	u64 gpa = spte & ~mask;
+
+	gpa |= (spte >> shadow_nonpresent_or_rsvd_mask_len)
+	       & shadow_nonpresent_or_rsvd_mask;
+
+	return gpa >> PAGE_SHIFT;
 }
 
 static unsigned get_mmio_spte_access(u64 spte)
@@ -381,7 +402,7 @@ void kvm_mmu_set_mask_ptes(u64 user_mask
 }
 EXPORT_SYMBOL_GPL(kvm_mmu_set_mask_ptes);
 
-static void kvm_mmu_clear_all_pte_masks(void)
+static void kvm_mmu_reset_all_pte_masks(void)
 {
 	shadow_user_mask = 0;
 	shadow_accessed_mask = 0;
@@ -391,6 +412,18 @@ static void kvm_mmu_clear_all_pte_masks(
 	shadow_mmio_mask = 0;
 	shadow_present_mask = 0;
 	shadow_acc_track_mask = 0;
+
+	/*
+	 * If the CPU has 46 or less physical address bits, then set an
+	 * appropriate mask to guard against L1TF attacks. Otherwise, it is
+	 * assumed that the CPU is not vulnerable to L1TF.
+	 */
+	if (boot_cpu_data.x86_phys_bits <
+	    52 - shadow_nonpresent_or_rsvd_mask_len)
+		shadow_nonpresent_or_rsvd_mask =
+			rsvd_bits(boot_cpu_data.x86_phys_bits -
+				  shadow_nonpresent_or_rsvd_mask_len,
+				  boot_cpu_data.x86_phys_bits - 1);
 }
 
 static int is_cpuid_PSE36(void)
@@ -5500,7 +5533,7 @@ int kvm_mmu_module_init(void)
 {
 	int ret = -ENOMEM;
 
-	kvm_mmu_clear_all_pte_masks();
+	kvm_mmu_reset_all_pte_masks();
 
 	pte_list_desc_cache = kmem_cache_create("pte_list_desc",
 					    sizeof(struct pte_list_desc),
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6506,8 +6506,12 @@ static void kvm_set_mmio_spte_mask(void)
 	 * Set the reserved bits and the present bit of an paging-structure
 	 * entry to generate page fault with PFER.RSV = 1.
 	 */
-	 /* Mask the reserved physical address bits. */
-	mask = rsvd_bits(maxphyaddr, 51);
+
+	/*
+	 * Mask the uppermost physical address bit, which would be reserved as
+	 * long as the supported physical address width is less than 52.
+	 */
+	mask = 1ull << 51;
 
 	/* Set the present bit. */
 	mask |= 1ull;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 195/197] x86: kvm: avoid unused variable warning
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (193 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 194/197] kvm: x86: Set highest physical address bits in non-present/reserved SPTEs Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 196/197] HID: redragon: fix num lock and caps lock LEDs Greg Kroah-Hartman
                   ` (3 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Paolo Bonzini

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@arndb.de>

commit 7288bde1f9df6c1475675419bdd7725ce84dec56 upstream.

Removing one of the two accesses of the maxphyaddr variable led to
a harmless warning:

arch/x86/kvm/x86.c: In function 'kvm_set_mmio_spte_mask':
arch/x86/kvm/x86.c:6563:6: error: unused variable 'maxphyaddr' [-Werror=unused-variable]

Removing the #ifdef seems to be the nicest workaround, as it
makes the code look cleaner than adding another #ifdef.

Fixes: 28a1f3ac1d0c ("kvm: x86: Set highest physical address bits in non-present/reserved SPTEs")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: stable@vger.kernel.org # L1TF
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/x86.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6516,14 +6516,12 @@ static void kvm_set_mmio_spte_mask(void)
 	/* Set the present bit. */
 	mask |= 1ull;
 
-#ifdef CONFIG_X86_64
 	/*
 	 * If reserved bit is not supported, clear the present bit to disable
 	 * mmio page fault.
 	 */
-	if (maxphyaddr == 52)
+	if (IS_ENABLED(CONFIG_X86_64) && maxphyaddr == 52)
 		mask &= ~1ull;
-#endif
 
 	kvm_mmu_set_mmio_spte_mask(mask, mask);
 }



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 196/197] HID: redragon: fix num lock and caps lock LEDs
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (194 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 195/197] x86: kvm: avoid unused variable warning Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-13 13:32 ` [PATCH 4.18 197/197] ASoC: wm8994: Fix missing break in switch Greg Kroah-Hartman
                   ` (2 subsequent siblings)
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robert Munteanu, Jiri Kosina

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Robert Munteanu <rombert@apache.org>

commit dc9b8e85ed95cbe7e3ad0eabb5b48d617bbc365e upstream.

The redragon asura keyboard registers two input devices. The initial commit
85455dd906d5 ("HID: redragon: Fix modifier keys for Redragon Asura Keyboard")
considered this an error and prevented one of the devices from registering.
However, once this is done the num lock and caps lock leds no longer toggle on
and off, although the key functionality is not affected.

This commit removes the code that prevents the input device
registration and restores the num lock and caps lock LEDs.

Fixes: 85455dd906d5 ("HID: redragon: Fix modifier keys for Redragon Asura Keyboard")
Signed-off-by: Robert Munteanu <rombert@apache.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hid/hid-redragon.c |   26 +-------------------------
 1 file changed, 1 insertion(+), 25 deletions(-)

--- a/drivers/hid/hid-redragon.c
+++ b/drivers/hid/hid-redragon.c
@@ -44,29 +44,6 @@ static __u8 *redragon_report_fixup(struc
 	return rdesc;
 }
 
-static int redragon_probe(struct hid_device *dev,
-	const struct hid_device_id *id)
-{
-	int ret;
-
-	ret = hid_parse(dev);
-	if (ret) {
-		hid_err(dev, "parse failed\n");
-		return ret;
-	}
-
-	/* do not register unused input device */
-	if (dev->maxapplication == 1)
-		return 0;
-
-	ret = hid_hw_start(dev, HID_CONNECT_DEFAULT);
-	if (ret) {
-		hid_err(dev, "hw start failed\n");
-		return ret;
-	}
-
-	return 0;
-}
 static const struct hid_device_id redragon_devices[] = {
 	{HID_USB_DEVICE(USB_VENDOR_ID_JESS, USB_DEVICE_ID_REDRAGON_ASURA)},
 	{}
@@ -77,8 +54,7 @@ MODULE_DEVICE_TABLE(hid, redragon_device
 static struct hid_driver redragon_driver = {
 	.name = "redragon",
 	.id_table = redragon_devices,
-	.report_fixup = redragon_report_fixup,
-	.probe = redragon_probe
+	.report_fixup = redragon_report_fixup
 };
 
 module_hid_driver(redragon_driver);



^ permalink raw reply	[flat|nested] 205+ messages in thread

* [PATCH 4.18 197/197] ASoC: wm8994: Fix missing break in switch
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (195 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 196/197] HID: redragon: fix num lock and caps lock LEDs Greg Kroah-Hartman
@ 2018-09-13 13:32 ` Greg Kroah-Hartman
  2018-09-14 12:27 ` [PATCH 4.18 000/197] 4.18.8-stable review Naresh Kamboju
  2018-09-14 14:48 ` Guenter Roeck
  198 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-13 13:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Valdis Kletnieks,
	Gustavo A. R. Silva, Charles Keepax, Mark Brown

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Gustavo A. R. Silva <gustavo@embeddedor.com>

commit ad0eaee6195db1db1749dd46b9e6f4466793d178 upstream.

Add missing break statement in order to prevent the code from falling
through to the default case.

Addresses-Coverity-ID: 115050 ("Missing break in switch")
Reported-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
[Gustavo: Backported to 3.16..4.18 - Remove code comment removal]
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/soc/codecs/wm8994.c |    1 +
 1 file changed, 1 insertion(+)

--- a/sound/soc/codecs/wm8994.c
+++ b/sound/soc/codecs/wm8994.c
@@ -2432,6 +2432,7 @@ static int wm8994_set_dai_sysclk(struct
 			snd_soc_component_update_bits(component, WM8994_POWER_MANAGEMENT_2,
 					    WM8994_OPCLK_ENA, 0);
 		}
+		break;
 
 	default:
 		return -EINVAL;



^ permalink raw reply	[flat|nested] 205+ messages in thread

* Re: [PATCH 4.18 000/197] 4.18.8-stable review
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (196 preceding siblings ...)
  2018-09-13 13:32 ` [PATCH 4.18 197/197] ASoC: wm8994: Fix missing break in switch Greg Kroah-Hartman
@ 2018-09-14 12:27 ` Naresh Kamboju
  2018-09-14 13:02   ` Greg Kroah-Hartman
  2018-09-14 14:48 ` Guenter Roeck
  198 siblings, 1 reply; 205+ messages in thread
From: Naresh Kamboju @ 2018-09-14 12:27 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: open list, Linus Torvalds, Andrew Morton, Guenter Roeck,
	Shuah Khan, patches, Ben Hutchings, lkft-triage, linux- stable

On 13 September 2018 at 18:59, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 4.18.8 release.
> There are 197 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat Sep 15 13:17:57 UTC 2018.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
>         https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.8-rc1.gz
> or in the git tree and branch at:
>         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h

Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64 and i386.


Summary
------------------------------------------------------------------------

kernel: 4.18.8-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.18.y
git commit: ae285c20144a3ff94c31498fe34ca1decb2f0b4c
git describe: v4.18.7-198-gae285c20144a
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.18-oe/build/v4.18.7-198-gae285c20144a

No regressions (compared to build v4.18.7)


Ran 20231 total tests in the following environments and test suites.

Environments
--------------
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- i386
- juno-r2 - arm64
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15 - arm
- x86_64

Test Suites
-----------
* boot
* kselftest
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-containers-tests
* ltp-cve-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-timers-tests
* ltp-open-posix-tests
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none

-- 
Linaro LKFT
https://lkft.linaro.org

^ permalink raw reply	[flat|nested] 205+ messages in thread

* Re: [PATCH 4.18 000/197] 4.18.8-stable review
  2018-09-14 12:27 ` [PATCH 4.18 000/197] 4.18.8-stable review Naresh Kamboju
@ 2018-09-14 13:02   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-14 13:02 UTC (permalink / raw)
  To: Naresh Kamboju
  Cc: open list, Linus Torvalds, Andrew Morton, Guenter Roeck,
	Shuah Khan, patches, Ben Hutchings, lkft-triage, linux- stable

On Fri, Sep 14, 2018 at 05:57:07PM +0530, Naresh Kamboju wrote:
> On 13 September 2018 at 18:59, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> > This is the start of the stable review cycle for the 4.18.8 release.
> > There are 197 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat Sep 15 13:17:57 UTC 2018.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> >         https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.8-rc1.gz
> > or in the git tree and branch at:
> >         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
> 
> Results from Linaro’s test farm.
> No regressions on arm64, arm, x86_64 and i386.
> 

Wonderful, thanks for testing all of these and letting me know.

greg k-h

^ permalink raw reply	[flat|nested] 205+ messages in thread

* Re: [PATCH 4.18 000/197] 4.18.8-stable review
  2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
                   ` (197 preceding siblings ...)
  2018-09-14 12:27 ` [PATCH 4.18 000/197] 4.18.8-stable review Naresh Kamboju
@ 2018-09-14 14:48 ` Guenter Roeck
  2018-09-14 14:50   ` Guenter Roeck
  198 siblings, 1 reply; 205+ messages in thread
From: Guenter Roeck @ 2018-09-14 14:48 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
	lkft-triage, stable

On Thu, Sep 13, 2018 at 03:29:09PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.18.8 release.
> There are 197 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sat Sep 15 13:17:57 UTC 2018.
> Anything received after that time might be too late.
> 

Build results:
	total: 139 pass: 139 fail: 0
Qemu test results:
	total: 221 pass: 221 fail: 0

Details are available at https://kerneltests.org/builders/.

Guenter

^ permalink raw reply	[flat|nested] 205+ messages in thread

* Re: [PATCH 4.18 000/197] 4.18.8-stable review
  2018-09-14 14:48 ` Guenter Roeck
@ 2018-09-14 14:50   ` Guenter Roeck
  2018-09-14 18:25     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 205+ messages in thread
From: Guenter Roeck @ 2018-09-14 14:50 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
	lkft-triage, stable

On Fri, Sep 14, 2018 at 07:48:48AM -0700, Guenter Roeck wrote:
> On Thu, Sep 13, 2018 at 03:29:09PM +0200, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.18.8 release.
> > There are 197 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Sat Sep 15 13:17:57 UTC 2018.
> > Anything received after that time might be too late.
> > 
> 
> Build results:
> 	total: 139 pass: 139 fail: 0
> Qemu test results:
> 	total: 221 pass: 221 fail: 0
> 
No wait that was 3.18. Here are the results for 4.18:

Build results:
	total: 137 pass: 137 fail: 0
Qemu test results:
	total: 318 pass: 318 fail: 0

Sorry for the confusion.

Guenter

^ permalink raw reply	[flat|nested] 205+ messages in thread

* Re: [PATCH 4.18 000/197] 4.18.8-stable review
  2018-09-14 14:50   ` Guenter Roeck
@ 2018-09-14 18:25     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-14 18:25 UTC (permalink / raw)
  To: Guenter Roeck
  Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
	lkft-triage, stable

On Fri, Sep 14, 2018 at 07:50:54AM -0700, Guenter Roeck wrote:
> On Fri, Sep 14, 2018 at 07:48:48AM -0700, Guenter Roeck wrote:
> > On Thu, Sep 13, 2018 at 03:29:09PM +0200, Greg Kroah-Hartman wrote:
> > > This is the start of the stable review cycle for the 4.18.8 release.
> > > There are 197 patches in this series, all will be posted as a response
> > > to this one.  If anyone has any issues with these being applied, please
> > > let me know.
> > > 
> > > Responses should be made by Sat Sep 15 13:17:57 UTC 2018.
> > > Anything received after that time might be too late.
> > > 
> > 
> > Build results:
> > 	total: 139 pass: 139 fail: 0
> > Qemu test results:
> > 	total: 221 pass: 221 fail: 0

I was wondering what caused the numbers to drop :)

> No wait that was 3.18. Here are the results for 4.18:
> 
> Build results:
> 	total: 137 pass: 137 fail: 0
> Qemu test results:
> 	total: 318 pass: 318 fail: 0
> 
> Sorry for the confusion.

No problem at all.  Thanks for testing all of these and letting me know.

greg k-h

^ permalink raw reply	[flat|nested] 205+ messages in thread

* Re: [PATCH 4.18 082/197] block: dont warn for flush on read-only device
  2018-09-13 13:30 ` [PATCH 4.18 082/197] block: dont warn for flush on read-only device Greg Kroah-Hartman
@ 2018-09-17  4:04   ` Stefan Agner
  2018-09-17  4:57     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 205+ messages in thread
From: Stefan Agner @ 2018-09-17  4:04 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Jens Axboe, Sasha Levin

Hi Greg,

The follow up patch 8b2ded1c94c0 ("block: don't warn when doing fsync on read-only devices") should get applied too, since it correctly fixes what this patch tried to fix.

--
Stefan

On 13.09.2018 06:30, Greg Kroah-Hartman wrote:
> 4.18-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Jens Axboe <axboe@kernel.dk>
> 
> [ Upstream commit b089cfd95d32638335c551651a8e00fd2c4edb0b ]
> 
> Don't warn for a flush issued to a read-only device. It's not strictly
> a writable command, as it doesn't change any on-media data by itself.
> 
> Reported-by: Stefan Agner <stefan@agner.ch>
> Fixes: 721c7fc701c7 ("block: fail op_is_write() requests to read-only partitions")
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  block/blk-core.c |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> --- a/block/blk-core.c
> +++ b/block/blk-core.c
> @@ -2159,7 +2159,9 @@ static inline bool should_fail_request(s
>  
>  static inline bool bio_check_ro(struct bio *bio, struct hd_struct *part)
>  {
> -	if (part->policy && op_is_write(bio_op(bio))) {
> +	const int op = bio_op(bio);
> +
> +	if (part->policy && (op_is_write(op) && !op_is_flush(op))) {
>  		char b[BDEVNAME_SIZE];
>  
>  		WARN_ONCE(1,

^ permalink raw reply	[flat|nested] 205+ messages in thread

* Re: [PATCH 4.18 082/197] block: dont warn for flush on read-only device
  2018-09-17  4:04   ` Stefan Agner
@ 2018-09-17  4:57     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 205+ messages in thread
From: Greg Kroah-Hartman @ 2018-09-17  4:57 UTC (permalink / raw)
  To: Stefan Agner; +Cc: linux-kernel, stable, Jens Axboe, Sasha Levin

On Sun, Sep 16, 2018 at 09:04:04PM -0700, Stefan Agner wrote:
> Hi Greg,
> 
> The follow up patch 8b2ded1c94c0 ("block: don't warn when doing fsync
> on read-only devices") should get applied too, since it correctly
> fixes what this patch tried to fix.

Already queueud up, thanks!

greg k-h

^ permalink raw reply	[flat|nested] 205+ messages in thread

end of thread, other threads:[~2018-09-17  4:57 UTC | newest]

Thread overview: 205+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-13 13:29 [PATCH 4.18 000/197] 4.18.8-stable review Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 001/197] act_ife: fix a potential use-after-free Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 002/197] ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 003/197] net: bcmgenet: use MAC link status for fixed phy Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 004/197] net: macb: do not disable MDIO bus at open/close time Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 005/197] net: sched: Fix memory exposure from short TCA_U32_SEL Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 006/197] qlge: Fix netdev features configuration Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 007/197] r8152: disable RX aggregation on new Dell TB16 dock Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 008/197] r8169: add support for NCube 8168 network card Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 009/197] tcp: do not restart timewait timer on rst reception Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 010/197] vti6: remove !skb->ignore_df check from vti6_xmit() Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 011/197] act_ife: move tcfa_lock down to where necessary Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 012/197] act_ife: fix a potential deadlock Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 013/197] net: sched: action_ife: take reference to meta module Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 014/197] bnxt_en: Clean up unused functions Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 015/197] bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 016/197] net/sched: act_pedit: fix dump of extended layered op Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 017/197] tipc: fix a missing rhashtable_walk_exit() Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 018/197] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 019/197] tipc: fix the big/little endian issue in tipc_dest Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 020/197] sctp: remove useless start_fail from sctp_ht_iter in proc Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 021/197] erspan: set erspan_ver to 1 by default when adding an erspan dev Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 022/197] net: macb: Fix regression breaking non-MDIO fixed-link PHYs Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 023/197] ipv6: dont get lwtstate twice in ip6_rt_copy_init() Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 024/197] net/ipv6: init ip6 anycast rt->dst.input as ip6_input Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 025/197] net/ipv6: Only update MTU metric if it set Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 026/197] net/ipv6: Put lwtstate when destroying fib6_info Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 027/197] net/mlx5: Fix SQ offset in QPs with small RQ Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 028/197] r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 029/197] Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit" Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 030/197] ip6_vti: fix creating fallback tunnel device for vti6 Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 031/197] ip6_vti: fix a null pointer deference when destroy vti6 tunnel Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 032/197] nfp: wait for posted reconfigs when disabling the device Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 033/197] sctp: hold transport before accessing its asoc in sctp_transport_get_next Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 034/197] mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 035/197] vhost: correctly check the iova range when waking virtqueue Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 036/197] hv_netvsc: ignore devices that are not PCI Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 037/197] cifs: check if SMB2 PDU size has been padded and suppress the warning Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 038/197] hfsplus: dont return 0 when fill_super() failed Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 039/197] hfs: prevent crash on exit from failed search Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 040/197] sunrpc: Dont use stack buffer with scatterlist Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 041/197] fork: dont copy inconsistent signal handler state to child Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 042/197] fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 043/197] reiserfs: change j_timestamp type to time64_t Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 044/197] iommu/rockchip: Handle errors returned from PM framework Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 045/197] hfsplus: fix NULL dereference in hfsplus_lookup() Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 046/197] iommu/rockchip: Move irq request past pm_runtime_enable Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 047/197] fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 048/197] fat: validate ->i_start before using Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 049/197] workqueue: skip lockdep wq dependency in cancel_work_sync() Greg Kroah-Hartman
2018-09-13 13:29 ` [PATCH 4.18 050/197] workqueue: re-add lockdep dependencies for flushing Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 051/197] scripts: modpost: check memory allocation results Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 052/197] apparmor: fix an error code in __aa_create_ns() Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 053/197] virtio: pci-legacy: Validate queue pfn Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 054/197] x86/mce: Add notifier_block forward declaration Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 055/197] i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 056/197] IB/hfi1: Invalid NUMA node information can cause a divide by zero Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 057/197] pwm: meson: Fix mux clock names Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 058/197] powerpc/topology: Get topology for shared processors at boot Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 059/197] mm/fadvise.c: fix signed overflow UBSAN complaint Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 060/197] mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 061/197] fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 062/197] platform/x86: intel_punit_ipc: fix build errors Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 063/197] bpf, sockmap: fix map elem deletion race with smap_stop_sock Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 064/197] tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 065/197] bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 066/197] net/xdp: Fix suspicious RCU usage warning Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 067/197] bpf, sockmap: fix leakage of smap_psock_map_entry Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 068/197] samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 069/197] netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 070/197] s390/kdump: Fix memleak in nt_vmcoreinfo Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 071/197] ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 072/197] mfd: sm501: Set coherent_dma_mask when creating subdevices Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 073/197] netfilter: x_tables: do not fail xt_alloc_table_info too easilly Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 074/197] platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 075/197] netfilter: fix memory leaks on netlink_dump_start error Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 076/197] tcp, ulp: add alias for all ulp modules Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 077/197] ubi: Initialize Fastmap checkmapping correctly Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 078/197] RDMA/hns: Fix usage of bitmap allocation functions return values Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 079/197] ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 080/197] perf arm spe: Fix uninitialized record error variable Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 081/197] net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 082/197] block: dont warn for flush on read-only device Greg Kroah-Hartman
2018-09-17  4:04   ` Stefan Agner
2018-09-17  4:57     ` Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 083/197] net: hns3: Fix for phy link issue when using marvell phy driver Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 084/197] PCI: Match Root Ports MPS to endpoints MPSS as necessary Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 085/197] drm/amd/display: Guard against null crtc in CRC IRQ Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 086/197] coccicheck: return proper error code on fail Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 087/197] perf tools: Check for null when copying nsinfo Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 088/197] f2fs: avoid race between zero_range and background GC Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 089/197] f2fs: fix avoid race between truncate " Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 090/197] RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 091/197] irqchip/stm32: Fix init error handling Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 092/197] irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 093/197] net/9p/trans_fd.c: fix race by holding the lock Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 094/197] net/9p: fix error path of p9_virtio_probe Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 095/197] f2fs: fix to clear PG_checked flag in set_page_dirty() Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 096/197] pinctrl: axp209: Fix NULL pointer dereference after allocation Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 097/197] bpf: fix bpffs non-array map seq_show issue Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 098/197] powerpc/uaccess: Enable get_user(u64, *p) on 32-bit Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 099/197] powerpc: Fix size calculation using resource_size() Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 100/197] perf probe powerpc: Fix trace event post-processing Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 101/197] block: bvec_nr_vecs() returns value for wrong slab Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 102/197] brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 103/197] s390/dasd: fix hanging offline processing due to canceled worker Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 104/197] s390/dasd: fix panic for failed online processing Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 105/197] ACPI / scan: Initialize status to ACPI_STA_DEFAULT Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 106/197] blk-mq: count the hctx as active before allocating tag Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 107/197] scsi: aic94xx: fix an error code in aic94xx_init() Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 108/197] NFSv4: Fix error handling in nfs4_sp4_select_mode() Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 109/197] Input: do not use WARN() in input_alloc_absinfo() Greg Kroah-Hartman
2018-09-13 13:30 ` [PATCH 4.18 110/197] xen/balloon: fix balloon initialization for PVH Dom0 Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 111/197] PCI: mvebu: Fix I/O space end address calculation Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 112/197] dm kcopyd: avoid softlockup in run_complete_job Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 113/197] staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 114/197] ASoC: rt5677: Fix initialization of rt5677_of_match.data Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 115/197] iommu/omap: Fix cache flushes on L2 table entries Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 116/197] selftests/powerpc: Kill child processes on SIGINT Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 117/197] selinux: cleanup dentry and inodes on error in selinuxfs Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 118/197] RDS: IB: fix passing zero to ERR_PTR() warning Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 119/197] cfq: Suppress compiler warnings about comparisons Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 120/197] smb3: fix reset of bytes read and written stats Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 121/197] CIFS: fix memory leak and remove dead code Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 122/197] SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 123/197] smb3: if server does not support posix do not allow posix mount option Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 124/197] powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 125/197] powerpc/64s: Make rfi_flush_fallback a little more robust Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 126/197] um: fix parallel building with O= option Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 127/197] powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 128/197] clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 129/197] drm/amd/display: Read back max backlight value at boot Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 130/197] KVM: vmx: track host_state.loaded using a loaded_vmcs pointer Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 131/197] kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 132/197] drm/etnaviv: fix crash in GPU suspend when init failed due to buffer placement Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 133/197] btrfs: Exit gracefully when chunk map cannot be inserted to the tree Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 134/197] btrfs: replace: Reset on-disk dev stats value after replace Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 135/197] btrfs: fix in-memory value of total_devices after seed device deletion Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 136/197] btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 137/197] btrfs: tree-checker: Detect invalid and empty essential trees Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 138/197] btrfs: check-integrity: Fix NULL pointer dereference for degraded mount Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 139/197] btrfs: lift uuid_mutex to callers of btrfs_open_devices Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 140/197] btrfs: Dont remove block group that still has pinned down bytes Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 141/197] btrfs: Fix a C compliance issue Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 142/197] arm64: rockchip: Force CONFIG_PM on Rockchip systems Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 143/197] ARM: " Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 144/197] btrfs: do btrfs_free_stale_devices outside of device_list_add Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 145/197] btrfs: extend locked section when adding a new device in device_list_add Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 146/197] btrfs: rename local devices for fs_devices in btrfs_free_stale_devices( Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 147/197] btrfs: use device_list_mutex when removing stale devices Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 148/197] btrfs: lift uuid_mutex to callers of btrfs_scan_one_device Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 149/197] btrfs: lift uuid_mutex to callers of btrfs_parse_early_options Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 150/197] btrfs: reorder initialization before the mount locks uuid_mutex Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 151/197] btrfs: fix mount and ioctl device scan ioctl race Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 152/197] drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 153/197] drm/i915: Nuke the LVDS lid notifier Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 154/197] drm/i915: Increase LSPCON timeout Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 155/197] drm/i915: Free write_buf that we allocated with kzalloc Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 156/197] drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 157/197] drm/amdgpu: fix a reversed condition Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 158/197] drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 159/197] drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 160/197] drm/amd/powerplay: fixed uninitialized value Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 161/197] drm/amd/pp/Polaris12: Fix a chunk of registers missed to program Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 162/197] drm/edid: Quirk Vive Pro VR headset non-desktop Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 163/197] drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 164/197] drm/amd/display: fix type of variable Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 165/197] drm/amd/display: Dont share clk source between DP and HDMI Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 166/197] drm/amd/display: update clk for various HDMI color depths Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 167/197] drm/amd/display: Use requested HDMI aspect ratio Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 168/197] drm/amd/display: Report non-DP display as disconnected without EDID Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 169/197] drm/rockchip: lvds: add missing of_node_put Greg Kroah-Hartman
2018-09-13 13:31 ` [PATCH 4.18 170/197] drm/rockchip: vop: split out core clock enablement into separate functions Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 171/197] drm/rockchip: vop: fix irq disabled after vop driver probed Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 172/197] drm/amd/display: Pass connector id when executing VBIOS CT Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 173/197] drm/amd/display: Check if clock source in use before disabling Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 174/197] drm/amdgpu: update tmr mc address Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 175/197] drm/amdgpu:add tmr mc address into amdgpu_firmware_info Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 176/197] drm/amdgpu:add new firmware id for VCN Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 177/197] drm/amdgpu:add VCN support in PSP driver Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 178/197] drm/amdgpu:add VCN booting with firmware loaded by PSP Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 179/197] drm/amdgpu: fix incorrect use of fcheck Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 180/197] drm/amdgpu: fix incorrect use of drm_file->pid Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 181/197] drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse" Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 182/197] uapi/linux/keyctl.h: dont use C++ reserved keyword as a struct member name Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 183/197] mm: respect arch_dup_mmap() return value Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 184/197] drm/i915: set DP Main Stream Attribute for color range on DDI platforms Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 185/197] x86/tsc: Prevent result truncation on 32bit Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 186/197] drm/amdgpu: Keep track of amount of pinned CPU visible VRAM Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 187/197] drm/amdgpu: Make pin_size values atomic Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 188/197] drm/amdgpu: Warn and update pin_size values when destroying a pinned BO Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 189/197] drm/amdgpu: Dont warn on " Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 190/197] debugobjects: Make stack check warning more informative Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 191/197] x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 192/197] x86/xen: dont write ptes directly in 32-bit PV guests Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 193/197] kbuild: make missing $DEPMOD a Warning instead of an Error Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 194/197] kvm: x86: Set highest physical address bits in non-present/reserved SPTEs Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 195/197] x86: kvm: avoid unused variable warning Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 196/197] HID: redragon: fix num lock and caps lock LEDs Greg Kroah-Hartman
2018-09-13 13:32 ` [PATCH 4.18 197/197] ASoC: wm8994: Fix missing break in switch Greg Kroah-Hartman
2018-09-14 12:27 ` [PATCH 4.18 000/197] 4.18.8-stable review Naresh Kamboju
2018-09-14 13:02   ` Greg Kroah-Hartman
2018-09-14 14:48 ` Guenter Roeck
2018-09-14 14:50   ` Guenter Roeck
2018-09-14 18:25     ` Greg Kroah-Hartman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).