linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 4.19 000/113] 4.19.63-stable review
@ 2019-07-29 19:21 Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 001/113] hvsock: fix epollout hang from race condition Greg Kroah-Hartman
                   ` (118 more replies)
  0 siblings, 119 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

This is the start of the stable review cycle for the 4.19.63 release.
There are 113 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Wed 31 Jul 2019 07:05:01 PM UTC.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.63-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 4.19.63-rc1

Linus Torvalds <torvalds@linux-foundation.org>
    access: avoid the RCU grace period for the temporary subjective credentials

Dan Williams <dan.j.williams@intel.com>
    libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()

Michael Neuling <mikey@neuling.org>
    powerpc/tm: Fix oops on sigreturn on systems without TM

Gautham R. Shenoy <ego@linux.vnet.ibm.com>
    powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask()

Hui Wang <hui.wang@canonical.com>
    ALSA: hda - Add a conexant codec entry to let mute led work

Kai-Heng Feng <kai.heng.feng@canonical.com>
    ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1

Ding Xiang <dingxiang@cmss.chinamobile.com>
    ALSA: ac97: Fix double free of ac97_codec_device

Kefeng Wang <wangkefeng.wang@huawei.com>
    hpet: Fix division by zero in hpet_time_div()

Alexander Usyskin <alexander.usyskin@intel.com>
    mei: me: add mule creek canyon (EHL) device ids

YueHaibing <yuehaibing@huawei.com>
    fpga-manager: altera-ps-spi: Fix build error

Hridya Valsaraju <hridya@google.com>
    binder: prevent transactions to context manager from its own process.

Zhenzhong Duan <zhenzhong.duan@oracle.com>
    x86/speculation/mds: Apply more accurate check on hypervisor platform

Hans de Goede <hdegoede@redhat.com>
    x86/sysfb_efi: Add quirks for some devices with swapped width and height

Qu Wenruo <wqu@suse.com>
    btrfs: inode: Don't compress if NODATASUM or NODATACOW set

Ryan Kennedy <ryan5544@gmail.com>
    usb: pci-quirks: Correct AMD PLL quirk detection

Phong Tran <tranmanphong@gmail.com>
    usb: wusbcore: fix unbalanced get/put cluster_id

Arnd Bergmann <arnd@arndb.de>
    locking/lockdep: Hide unused 'class' variable

Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
    mm: use down_read_killable for locking mmap_sem in access_remote_vm

Yuyang Du <duyuyang@gmail.com>
    locking/lockdep: Fix lock used or unused stats error

Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
    proc: use down_read_killable mmap_sem for /proc/pid/maps

Arnd Bergmann <arnd@arndb.de>
    cxgb4: reduce kernel stack usage in cudbg_collect_mem_region()

Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
    proc: use down_read_killable mmap_sem for /proc/pid/map_files

Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
    proc: use down_read_killable mmap_sem for /proc/pid/clear_refs

Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
    proc: use down_read_killable mmap_sem for /proc/pid/pagemap

Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
    proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup

Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
    mm/mmu_notifier: use hlist_add_head_rcu()

Shakeel Butt <shakeelb@google.com>
    memcg, fsnotify: no oom-kill for remote memcg charging

Andy Lutomirski <luto@kernel.org>
    mm/gup.c: remove some BUG_ONs from get_gate_page()

Guenter Roeck <linux@roeck-us.net>
    mm/gup.c: mark undo_dev_pagemap as __maybe_unused

Christoph Hellwig <hch@lst.de>
    9p: pass the correct prototype to read_cache_page

Dmitry Vyukov <dvyukov@google.com>
    mm/kmemleak.c: fix check for softirq context

Sam Ravnborg <sam@ravnborg.org>
    sh: prevent warnings when using iounmap

Wenwen Wang <wenwen@cs.uga.edu>
    block/bio-integrity: fix a memory leak bug

Oliver O'Halloran <oohall@gmail.com>
    powerpc/eeh: Handle hugepages in ioremap space

David Windsor <dwindsor@redhat.com>
    dlm: check if workqueues are NULL before flushing/destroying

morten petersen <morten_bp@live.dk>
    mailbox: handle failed named mailbox channel request

Ocean Chen <oceanchen@google.com>
    f2fs: avoid out-of-range memory access

Josef Bacik <josef@toxicpanda.com>
    block: init flush rq ref count to 1

Masahiro Yamada <yamada.masahiro@socionext.com>
    powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h

YueHaibing <yuehaibing@huawei.com>
    PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB

Konstantin Taranov <konstantin.taranov@inf.ethz.ch>
    RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM

Leo Yan <leo.yan@linaro.org>
    perf hists browser: Fix potential NULL pointer dereference found by the smatch tool

Leo Yan <leo.yan@linaro.org>
    perf annotate: Fix dereferencing freed memory found by the smatch tool

Leo Yan <leo.yan@linaro.org>
    perf session: Fix potential NULL pointer dereference found by the smatch tool

Leo Yan <leo.yan@linaro.org>
    perf top: Fix potential NULL pointer dereference detected by the smatch tool

Leo Yan <leo.yan@linaro.org>
    perf stat: Fix use-after-freed pointer detected by the smatch tool

Numfor Mbiziwo-Tiapo <nums@google.com>
    perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning

Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
    PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions

Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
    PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers

Vasily Gorbik <gor@linux.ibm.com>
    kallsyms: exclude kasan local symbols on s390

Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
    PCI: mobiveil: Fix the Class Code field

Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
    PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows

James Morse <james.morse@arm.com>
    arm64: assembler: Switch ESB-instruction with a vanilla nop if !ARM64_HAS_RAS

Valentine Fatiev <valentinef@mellanox.com>
    IB/ipoib: Add child to parent list only if device initialized

Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
    powerpc/mm: Handle page table allocation failures

Parav Pandit <parav@mellanox.com>
    IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE

Geert Uytterhoeven <geert+renesas@glider.be>
    serial: sh-sci: Fix TX DMA buffer flushing and workqueue races

Geert Uytterhoeven <geert+renesas@glider.be>
    serial: sh-sci: Terminate TX DMA during buffer flushing

Liu, Changcheng <changcheng.liu@intel.com>
    RDMA/i40iw: Set queue pair state when being queried

Christian Lamparter <chunkeey@gmail.com>
    powerpc/4xx/uic: clear pending interrupt after irq type/pol change

Johannes Berg <johannes.berg@intel.com>
    um: Silence lockdep complaint about mmap_sem

Ira Weiny <ira.weiny@intel.com>
    mm/swap: fix release_pages() when releasing devmap pages

Axel Lin <axel.lin@ingics.com>
    mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk

Arnd Bergmann <arnd@arndb.de>
    mfd: arizona: Fix undefined behavior

Robert Hancock <hancock@sedsystems.ca>
    mfd: core: Set fwnode for created devices

Daniel Gomez <dagmcr@gmail.com>
    mfd: madera: Add missing of table registration

Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
    recordmcount: Fix spurious mcount entries on powerpc

Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
    powerpc/xmon: Fix disabling tracing while in xmon

Qian Cai <cai@lca.pw>
    powerpc/cacheflush: fix variable set but not used

Bastien Nocera <hadess@hadess.net>
    iio: iio-utils: Fix possible incorrect mask calculation

Bharat Kumar Gogada <bharat.kumar.gogada@xilinx.com>
    PCI: xilinx-nwl: Fix Multi MSI data programming

Will Deacon <will.deacon@arm.com>
    genksyms: Teach parser about 128-bit built-in types

Nathan Chancellor <natechancellor@gmail.com>
    kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS

Fabrice Gasnier <fabrice.gasnier@st.com>
    i2c: stm32f7: fix the get_irq error cases

Marek Vasut <marek.vasut+renesas@gmail.com>
    PCI: sysfs: Ignore lockdep for remove attribute

Stefan Roese <sr@denx.de>
    serial: mctrl_gpio: Check if GPIO property exisits before requesting it

Sean Paul <seanpaul@chromium.org>
    drm/msm: Depopulate platform on probe failure

Alexey Kardashevskiy <aik@ozlabs.ru>
    powerpc/pci/of: Fix OF flags parsing for 64bit BARs

Raul E Rangel <rrangel@chromium.org>
    mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width

Andrzej Pietrasiewicz <andrzej.p@collabora.com>
    usb: gadget: Zero ffs_io_data

Serge Semin <fancer.lancer@gmail.com>
    tty: serial_core: Set port active bit in uart_port_activate

Sergey Organov <sorganov@gmail.com>
    serial: imx: fix locking in set_termios()

Douglas Anderson <dianders@chromium.org>
    drm/rockchip: Properly adjust to a true clock in adjusted_mode

Nathan Lynch <nathanl@linux.ibm.com>
    powerpc/pseries/mobility: prevent cpu hotplug during DT update

Hariprasad Kelam <hariprasad.kelam@gmail.com>
    drm/amd/display: fix compilation error

Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
    phy: renesas: rcar-gen2: Fix memory leak at error paths

David Riley <davidriley@chromium.org>
    drm/virtio: Add memory barriers for capset cache.

Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
    drm/amd/display: Always allocate initial connector state state

Rautkoski Kimmo EXT <ext-kimmo.rautkoski@vaisala.com>
    serial: 8250: Fix TX interrupt handling condition

Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
    tty: serial: msm_serial: avoid system lockup condition

Kefeng Wang <wangkefeng.wang@huawei.com>
    tty/serial: digicolor: Fix digicolor-usart already registered warning

Wang Hai <wanghai26@huawei.com>
    memstick: Fix error cleanup path of memstick_init

Daniel Vetter <daniel.vetter@ffwll.ch>
    drm/crc-debugfs: Also sprinkle irqrestore over early exits

Daniel Vetter <daniel.vetter@ffwll.ch>
    drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry

Thierry Reding <treding@nvidia.com>
    gpu: host1x: Increase maximum DMA segment size

Jyri Sarha <jsarha@ti.com>
    drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz

Tomi Valkeinen <tomi.valkeinen@ti.com>
    drm/bridge: tc358767: read display_props in get_modes()

Alex Williamson <alex.williamson@redhat.com>
    PCI: Return error if cannot probe VF

Gen Zhang <blackgod016574@gmail.com>
    drm/edid: Fix a missing-check bug in drm_load_edid_firmware()

Oak Zeng <Oak.Zeng@amd.com>
    drm/amdkfd: Fix sdma queue map issue

Oak Zeng <ozeng@amd.com>
    drm/amdkfd: Fix a potential memory leak

Paul Hsieh <paul.hsieh@amd.com>
    drm/amd/display: Disable ABM before destroy ABM struct

Tiecheng Zhou <Tiecheng.Zhou@amd.com>
    drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE

Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
    drm/amd/display: Fill prescale_params->scale for RGB565

Christophe Leroy <christophe.leroy@c-s.fr>
    tty: serial: cpm_uart - fix init when SMC is relocated

Wen Yang <wen.yang99@zte.com.cn>
    pinctrl: rockchip: fix leaked of_node references

Serge Semin <fancer.lancer@gmail.com>
    tty: max310x: Fix invalid baudrate divisors calculator

Thinh Nguyen <Thinh.Nguyen@synopsys.com>
    usb: core: hub: Disable hub-initiated U1/U2

Quentin Deslandes <quentin.deslandes@itdev.co.uk>
    staging: vt6656: use meaningful error code during buffer allocation

Fabien Dessenne <fabien.dessenne@st.com>
    iio: adc: stm32-dfsdm: missing error case during probe

Fabien Dessenne <fabien.dessenne@st.com>
    iio: adc: stm32-dfsdm: manage the get_irq error case

Peter Ujfalusi <peter.ujfalusi@ti.com>
    drm/panel: simple: Fix panel_simple_dsi_probe

Sunil Muthuswamy <sunilmut@microsoft.com>
    hvsock: fix epollout hang from race condition


-------------

Diffstat:

 Makefile                                           |  5 +-
 arch/arm64/include/asm/assembler.h                 |  4 +
 arch/powerpc/boot/xz_config.h                      | 20 +++++
 arch/powerpc/include/asm/cacheflush.h              |  7 +-
 arch/powerpc/kernel/eeh.c                          | 15 +++-
 arch/powerpc/kernel/pci_of_scan.c                  |  2 +
 arch/powerpc/kernel/signal_32.c                    |  3 +
 arch/powerpc/kernel/signal_64.c                    |  5 ++
 arch/powerpc/mm/hugetlbpage.c                      |  8 ++
 arch/powerpc/platforms/4xx/uic.c                   |  1 +
 arch/powerpc/platforms/pseries/mobility.c          |  9 ++
 arch/powerpc/sysdev/xive/common.c                  |  7 +-
 arch/powerpc/xmon/xmon.c                           |  6 +-
 arch/sh/include/asm/io.h                           |  6 +-
 arch/um/include/asm/mmu_context.h                  |  2 +-
 arch/x86/kernel/cpu/bugs.c                         |  2 +-
 arch/x86/kernel/sysfb_efi.c                        | 46 +++++++++++
 block/bio-integrity.c                              |  8 +-
 block/blk-core.c                                   |  1 +
 drivers/android/binder.c                           |  2 +-
 drivers/char/hpet.c                                |  3 +-
 drivers/fpga/Kconfig                               |  1 +
 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c              |  3 +
 .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c  | 21 +++--
 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c    |  5 +-
 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c  | 10 ++-
 drivers/gpu/drm/amd/display/dc/dce/dce_abm.c       |  2 +
 .../amd/display/dc/dce110/dce110_hw_sequencer.c    |  3 +
 .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c  |  1 +
 drivers/gpu/drm/bridge/sii902x.c                   |  5 +-
 drivers/gpu/drm/bridge/tc358767.c                  |  7 ++
 drivers/gpu/drm/drm_debugfs_crc.c                  |  9 +-
 drivers/gpu/drm/drm_edid_load.c                    |  2 +
 drivers/gpu/drm/msm/msm_drv.c                      | 14 +++-
 drivers/gpu/drm/panel/panel-simple.c               |  9 +-
 drivers/gpu/drm/rockchip/rockchip_drm_vop.c        |  3 +-
 drivers/gpu/drm/virtio/virtgpu_ioctl.c             |  3 +
 drivers/gpu/drm/virtio/virtgpu_vq.c                |  2 +
 drivers/gpu/host1x/bus.c                           |  3 +
 drivers/i2c/busses/i2c-stm32f7.c                   | 26 +++---
 drivers/iio/adc/stm32-dfsdm-adc.c                  |  6 ++
 drivers/iio/adc/stm32-dfsdm-core.c                 |  8 +-
 drivers/infiniband/hw/i40iw/i40iw_verbs.c          |  2 +
 drivers/infiniband/hw/mlx5/mad.c                   | 60 ++++++++------
 drivers/infiniband/sw/rxe/rxe_resp.c               |  5 +-
 drivers/infiniband/sw/rxe/rxe_verbs.h              |  1 +
 drivers/infiniband/ulp/ipoib/ipoib_main.c          | 34 ++++----
 drivers/mailbox/mailbox.c                          |  6 +-
 drivers/memstick/core/memstick.c                   | 13 ++-
 drivers/mfd/arizona-core.c                         |  2 +-
 drivers/mfd/hi655x-pmic.c                          |  2 +
 drivers/mfd/madera-core.c                          |  1 +
 drivers/mfd/mfd-core.c                             |  1 +
 drivers/misc/mei/hw-me-regs.h                      |  3 +
 drivers/misc/mei/pci-me.c                          |  3 +
 drivers/mmc/host/sdhci-pci-o2micro.c               | 12 ++-
 drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c     | 19 +++--
 drivers/nvdimm/bus.c                               | 96 +++++++++++++---------
 drivers/nvdimm/nd-core.h                           |  3 +-
 drivers/pci/controller/dwc/pci-dra7xx.c            |  1 +
 drivers/pci/controller/pcie-mobiveil.c             | 22 +++--
 drivers/pci/controller/pcie-xilinx-nwl.c           | 11 ++-
 drivers/pci/pci-driver.c                           | 13 +--
 drivers/pci/pci-sysfs.c                            |  2 +-
 drivers/phy/renesas/phy-rcar-gen2.c                |  2 +
 drivers/pinctrl/pinctrl-rockchip.c                 |  1 +
 drivers/staging/vt6656/main_usb.c                  | 42 ++++++----
 drivers/tty/serial/8250/8250_port.c                |  3 +-
 drivers/tty/serial/cpm_uart/cpm_uart_core.c        | 17 ++--
 drivers/tty/serial/digicolor-usart.c               |  6 +-
 drivers/tty/serial/imx.c                           | 23 +++---
 drivers/tty/serial/max310x.c                       | 51 +++++++-----
 drivers/tty/serial/msm_serial.c                    |  4 +
 drivers/tty/serial/serial_core.c                   |  7 +-
 drivers/tty/serial/serial_mctrl_gpio.c             | 14 ++++
 drivers/tty/serial/sh-sci.c                        | 33 ++++++--
 drivers/usb/core/hub.c                             | 28 ++++---
 drivers/usb/gadget/function/f_fs.c                 |  6 +-
 drivers/usb/host/hwa-hc.c                          |  2 +-
 drivers/usb/host/pci-quirks.c                      | 31 ++++---
 fs/9p/vfs_addr.c                                   |  6 +-
 fs/btrfs/inode.c                                   | 24 +++++-
 fs/dlm/lowcomms.c                                  | 18 ++--
 fs/f2fs/segment.c                                  |  5 ++
 fs/notify/fanotify/fanotify.c                      |  5 +-
 fs/notify/inotify/inotify_fsnotify.c               |  8 +-
 fs/open.c                                          | 19 +++++
 fs/proc/base.c                                     | 28 +++++--
 fs/proc/task_mmu.c                                 | 23 ++++--
 fs/proc/task_nommu.c                               |  6 +-
 include/linux/cred.h                               |  7 +-
 include/linux/host1x.h                             |  2 +
 kernel/cred.c                                      | 21 ++++-
 kernel/locking/lockdep_proc.c                      |  8 +-
 mm/gup.c                                           | 12 ++-
 mm/kmemleak.c                                      |  2 +-
 mm/memory.c                                        |  4 +-
 mm/mmu_notifier.c                                  |  2 +-
 mm/nommu.c                                         |  3 +-
 mm/swap.c                                          | 13 ++-
 net/vmw_vsock/hyperv_transport.c                   | 44 +++-------
 scripts/genksyms/keywords.c                        |  4 +
 scripts/genksyms/parse.y                           |  2 +
 scripts/kallsyms.c                                 |  3 +
 scripts/recordmcount.h                             |  3 +-
 sound/ac97/bus.c                                   | 13 +--
 sound/pci/hda/patch_conexant.c                     |  1 +
 sound/usb/line6/podhd.c                            |  2 +-
 tools/iio/iio_utils.c                              |  4 +-
 tools/perf/builtin-stat.c                          |  2 +-
 tools/perf/builtin-top.c                           |  8 +-
 tools/perf/tests/mmap-thread-lookup.c              |  2 +-
 tools/perf/ui/browsers/hists.c                     | 15 +++-
 tools/perf/util/annotate.c                         |  6 +-
 tools/perf/util/session.c                          |  3 +
 115 files changed, 856 insertions(+), 359 deletions(-)



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 001/113] hvsock: fix epollout hang from race condition
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 002/113] drm/panel: simple: Fix panel_simple_dsi_probe Greg Kroah-Hartman
                   ` (117 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sunil Muthuswamy, Dexuan Cui,
	David S. Miller, Sasha Levin

[ Upstream commit cb359b60416701c8bed82fec79de25a144beb893 ]

Currently, hvsock can enter into a state where epoll_wait on EPOLLOUT will
not return even when the hvsock socket is writable, under some race
condition. This can happen under the following sequence:
- fd = socket(hvsocket)
- fd_out = dup(fd)
- fd_in = dup(fd)
- start a writer thread that writes data to fd_out with a combination of
  epoll_wait(fd_out, EPOLLOUT) and
- start a reader thread that reads data from fd_in with a combination of
  epoll_wait(fd_in, EPOLLIN)
- On the host, there are two threads that are reading/writing data to the
  hvsocket

stack:
hvs_stream_has_space
hvs_notify_poll_out
vsock_poll
sock_poll
ep_poll

Race condition:
check for epollout from ep_poll():
	assume no writable space in the socket
	hvs_stream_has_space() returns 0
check for epollin from ep_poll():
	assume socket has some free space < HVS_PKT_LEN(HVS_SEND_BUF_SIZE)
	hvs_stream_has_space() will clear the channel pending send size
	host will not notify the guest because the pending send size has
		been cleared and so the hvsocket will never mark the
		socket writable

Now, the EPOLLOUT will never return even if the socket write buffer is
empty.

The fix is to set the pending size to the default size and never change it.
This way the host will always notify the guest whenever the writable space
is bigger than the pending size. The host is already optimized to *only*
notify the guest when the pending size threshold boundary is crossed and
not everytime.

This change also reduces the cpu usage somewhat since hv_stream_has_space()
is in the hotpath of send:
vsock_stream_sendmsg()->hv_stream_has_space()
Earlier hv_stream_has_space was setting/clearing the pending size on every
call.

Signed-off-by: Sunil Muthuswamy <sunilmut@microsoft.com>
Reviewed-by: Dexuan Cui <decui@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/vmw_vsock/hyperv_transport.c | 44 ++++++++------------------------
 1 file changed, 11 insertions(+), 33 deletions(-)

diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transport.c
index a827547aa102..b131561a9469 100644
--- a/net/vmw_vsock/hyperv_transport.c
+++ b/net/vmw_vsock/hyperv_transport.c
@@ -217,18 +217,6 @@ static void hvs_set_channel_pending_send_size(struct vmbus_channel *chan)
 	set_channel_pending_send_size(chan,
 				      HVS_PKT_LEN(HVS_SEND_BUF_SIZE));
 
-	/* See hvs_stream_has_space(): we must make sure the host has seen
-	 * the new pending send size, before we can re-check the writable
-	 * bytes.
-	 */
-	virt_mb();
-}
-
-static void hvs_clear_channel_pending_send_size(struct vmbus_channel *chan)
-{
-	set_channel_pending_send_size(chan, 0);
-
-	/* Ditto */
 	virt_mb();
 }
 
@@ -298,9 +286,6 @@ static void hvs_channel_cb(void *ctx)
 	if (hvs_channel_readable(chan))
 		sk->sk_data_ready(sk);
 
-	/* See hvs_stream_has_space(): when we reach here, the writable bytes
-	 * may be already less than HVS_PKT_LEN(HVS_SEND_BUF_SIZE).
-	 */
 	if (hv_get_bytes_to_write(&chan->outbound) > 0)
 		sk->sk_write_space(sk);
 }
@@ -328,8 +313,9 @@ static void hvs_open_connection(struct vmbus_channel *chan)
 
 	struct sockaddr_vm addr;
 	struct sock *sk, *new = NULL;
-	struct vsock_sock *vnew;
-	struct hvsock *hvs, *hvs_new;
+	struct vsock_sock *vnew = NULL;
+	struct hvsock *hvs = NULL;
+	struct hvsock *hvs_new = NULL;
 	int ret;
 
 	if_type = &chan->offermsg.offer.if_type;
@@ -388,6 +374,13 @@ static void hvs_open_connection(struct vmbus_channel *chan)
 	set_per_channel_state(chan, conn_from_host ? new : sk);
 	vmbus_set_chn_rescind_callback(chan, hvs_close_connection);
 
+	/* Set the pending send size to max packet size to always get
+	 * notifications from the host when there is enough writable space.
+	 * The host is optimized to send notifications only when the pending
+	 * size boundary is crossed, and not always.
+	 */
+	hvs_set_channel_pending_send_size(chan);
+
 	if (conn_from_host) {
 		new->sk_state = TCP_ESTABLISHED;
 		sk->sk_ack_backlog++;
@@ -651,23 +644,8 @@ static s64 hvs_stream_has_data(struct vsock_sock *vsk)
 static s64 hvs_stream_has_space(struct vsock_sock *vsk)
 {
 	struct hvsock *hvs = vsk->trans;
-	struct vmbus_channel *chan = hvs->chan;
-	s64 ret;
-
-	ret = hvs_channel_writable_bytes(chan);
-	if (ret > 0)  {
-		hvs_clear_channel_pending_send_size(chan);
-	} else {
-		/* See hvs_channel_cb() */
-		hvs_set_channel_pending_send_size(chan);
-
-		/* Re-check the writable bytes to avoid race */
-		ret = hvs_channel_writable_bytes(chan);
-		if (ret > 0)
-			hvs_clear_channel_pending_send_size(chan);
-	}
 
-	return ret;
+	return hvs_channel_writable_bytes(hvs->chan);
 }
 
 static u64 hvs_stream_rcvhiwat(struct vsock_sock *vsk)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 002/113] drm/panel: simple: Fix panel_simple_dsi_probe
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 001/113] hvsock: fix epollout hang from race condition Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 003/113] iio: adc: stm32-dfsdm: manage the get_irq error case Greg Kroah-Hartman
                   ` (116 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Peter Ujfalusi, Thierry Reding, Sasha Levin

[ Upstream commit 7ad9db66fafb0f0ad53fd2a66217105da5ddeffe ]

In case mipi_dsi_attach() fails remove the registered panel to avoid added
panel without corresponding device.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190226081153.31334-1-peter.ujfalusi@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/panel/panel-simple.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c
index 97964f7f2ace..b1d41c4921dd 100644
--- a/drivers/gpu/drm/panel/panel-simple.c
+++ b/drivers/gpu/drm/panel/panel-simple.c
@@ -2803,7 +2803,14 @@ static int panel_simple_dsi_probe(struct mipi_dsi_device *dsi)
 	dsi->format = desc->format;
 	dsi->lanes = desc->lanes;
 
-	return mipi_dsi_attach(dsi);
+	err = mipi_dsi_attach(dsi);
+	if (err) {
+		struct panel_simple *panel = dev_get_drvdata(&dsi->dev);
+
+		drm_panel_remove(&panel->base);
+	}
+
+	return err;
 }
 
 static int panel_simple_dsi_remove(struct mipi_dsi_device *dsi)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 003/113] iio: adc: stm32-dfsdm: manage the get_irq error case
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 001/113] hvsock: fix epollout hang from race condition Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 002/113] drm/panel: simple: Fix panel_simple_dsi_probe Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 004/113] iio: adc: stm32-dfsdm: missing error case during probe Greg Kroah-Hartman
                   ` (115 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Fabien Dessenne, Fabrice Gasnier,
	Jonathan Cameron, Sasha Levin

[ Upstream commit 3e53ef91f826957dec013c47707ffc1bb42b42d7 ]

During probe, check the "get_irq" error value.

Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iio/adc/stm32-dfsdm-adc.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/iio/adc/stm32-dfsdm-adc.c b/drivers/iio/adc/stm32-dfsdm-adc.c
index fcd4a1c00ca0..15a115210108 100644
--- a/drivers/iio/adc/stm32-dfsdm-adc.c
+++ b/drivers/iio/adc/stm32-dfsdm-adc.c
@@ -1144,6 +1144,12 @@ static int stm32_dfsdm_adc_probe(struct platform_device *pdev)
 	 * So IRQ associated to filter instance 0 is dedicated to the Filter 0.
 	 */
 	irq = platform_get_irq(pdev, 0);
+	if (irq < 0) {
+		if (irq != -EPROBE_DEFER)
+			dev_err(dev, "Failed to get IRQ: %d\n", irq);
+		return irq;
+	}
+
 	ret = devm_request_irq(dev, irq, stm32_dfsdm_irq,
 			       0, pdev->name, adc);
 	if (ret < 0) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 004/113] iio: adc: stm32-dfsdm: missing error case during probe
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 003/113] iio: adc: stm32-dfsdm: manage the get_irq error case Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 005/113] staging: vt6656: use meaningful error code during buffer allocation Greg Kroah-Hartman
                   ` (114 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Fabien Dessenne, Fabrice Gasnier,
	Jonathan Cameron, Sasha Levin

[ Upstream commit d2fc0156963cae8f1eec8e2dd645fbbf1e1c1c8e ]

During probe, check the devm_ioremap_resource() error value.
Also return the devm_clk_get() error value instead of -EINVAL.

Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iio/adc/stm32-dfsdm-core.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/iio/adc/stm32-dfsdm-core.c b/drivers/iio/adc/stm32-dfsdm-core.c
index bf089f5d6225..941630615e88 100644
--- a/drivers/iio/adc/stm32-dfsdm-core.c
+++ b/drivers/iio/adc/stm32-dfsdm-core.c
@@ -213,6 +213,8 @@ static int stm32_dfsdm_parse_of(struct platform_device *pdev,
 	}
 	priv->dfsdm.phys_base = res->start;
 	priv->dfsdm.base = devm_ioremap_resource(&pdev->dev, res);
+	if (IS_ERR(priv->dfsdm.base))
+		return PTR_ERR(priv->dfsdm.base);
 
 	/*
 	 * "dfsdm" clock is mandatory for DFSDM peripheral clocking.
@@ -222,8 +224,10 @@ static int stm32_dfsdm_parse_of(struct platform_device *pdev,
 	 */
 	priv->clk = devm_clk_get(&pdev->dev, "dfsdm");
 	if (IS_ERR(priv->clk)) {
-		dev_err(&pdev->dev, "No stm32_dfsdm_clk clock found\n");
-		return -EINVAL;
+		ret = PTR_ERR(priv->clk);
+		if (ret != -EPROBE_DEFER)
+			dev_err(&pdev->dev, "Failed to get clock (%d)\n", ret);
+		return ret;
 	}
 
 	priv->aclk = devm_clk_get(&pdev->dev, "audio");
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 005/113] staging: vt6656: use meaningful error code during buffer allocation
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 004/113] iio: adc: stm32-dfsdm: missing error case during probe Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 006/113] usb: core: hub: Disable hub-initiated U1/U2 Greg Kroah-Hartman
                   ` (113 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Quentin Deslandes, Sasha Levin

[ Upstream commit d8c2869300ab5f7a19bf6f5a04fe473c5c9887e3 ]

Check on called function's returned value for error and return 0 on
success or a negative errno value on error instead of a boolean value.

Signed-off-by: Quentin Deslandes <quentin.deslandes@itdev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/vt6656/main_usb.c | 42 ++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/drivers/staging/vt6656/main_usb.c b/drivers/staging/vt6656/main_usb.c
index ccafcc2c87ac..70433f756d8e 100644
--- a/drivers/staging/vt6656/main_usb.c
+++ b/drivers/staging/vt6656/main_usb.c
@@ -402,16 +402,19 @@ static void vnt_free_int_bufs(struct vnt_private *priv)
 	kfree(priv->int_buf.data_buf);
 }
 
-static bool vnt_alloc_bufs(struct vnt_private *priv)
+static int vnt_alloc_bufs(struct vnt_private *priv)
 {
+	int ret = 0;
 	struct vnt_usb_send_context *tx_context;
 	struct vnt_rcb *rcb;
 	int ii;
 
 	for (ii = 0; ii < priv->num_tx_context; ii++) {
 		tx_context = kmalloc(sizeof(*tx_context), GFP_KERNEL);
-		if (!tx_context)
+		if (!tx_context) {
+			ret = -ENOMEM;
 			goto free_tx;
+		}
 
 		priv->tx_context[ii] = tx_context;
 		tx_context->priv = priv;
@@ -419,16 +422,20 @@ static bool vnt_alloc_bufs(struct vnt_private *priv)
 
 		/* allocate URBs */
 		tx_context->urb = usb_alloc_urb(0, GFP_KERNEL);
-		if (!tx_context->urb)
+		if (!tx_context->urb) {
+			ret = -ENOMEM;
 			goto free_tx;
+		}
 
 		tx_context->in_use = false;
 	}
 
 	for (ii = 0; ii < priv->num_rcb; ii++) {
 		priv->rcb[ii] = kzalloc(sizeof(*priv->rcb[ii]), GFP_KERNEL);
-		if (!priv->rcb[ii])
+		if (!priv->rcb[ii]) {
+			ret = -ENOMEM;
 			goto free_rx_tx;
+		}
 
 		rcb = priv->rcb[ii];
 
@@ -436,39 +443,46 @@ static bool vnt_alloc_bufs(struct vnt_private *priv)
 
 		/* allocate URBs */
 		rcb->urb = usb_alloc_urb(0, GFP_KERNEL);
-		if (!rcb->urb)
+		if (!rcb->urb) {
+			ret = -ENOMEM;
 			goto free_rx_tx;
+		}
 
 		rcb->skb = dev_alloc_skb(priv->rx_buf_sz);
-		if (!rcb->skb)
+		if (!rcb->skb) {
+			ret = -ENOMEM;
 			goto free_rx_tx;
+		}
 
 		rcb->in_use = false;
 
 		/* submit rx urb */
-		if (vnt_submit_rx_urb(priv, rcb))
+		ret = vnt_submit_rx_urb(priv, rcb);
+		if (ret)
 			goto free_rx_tx;
 	}
 
 	priv->interrupt_urb = usb_alloc_urb(0, GFP_KERNEL);
-	if (!priv->interrupt_urb)
+	if (!priv->interrupt_urb) {
+		ret = -ENOMEM;
 		goto free_rx_tx;
+	}
 
 	priv->int_buf.data_buf = kmalloc(MAX_INTERRUPT_SIZE, GFP_KERNEL);
 	if (!priv->int_buf.data_buf) {
-		usb_free_urb(priv->interrupt_urb);
-		goto free_rx_tx;
+		ret = -ENOMEM;
+		goto free_rx_tx_urb;
 	}
 
-	return true;
+	return 0;
 
+free_rx_tx_urb:
+	usb_free_urb(priv->interrupt_urb);
 free_rx_tx:
 	vnt_free_rx_bufs(priv);
-
 free_tx:
 	vnt_free_tx_bufs(priv);
-
-	return false;
+	return ret;
 }
 
 static void vnt_tx_80211(struct ieee80211_hw *hw,
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 006/113] usb: core: hub: Disable hub-initiated U1/U2
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 005/113] staging: vt6656: use meaningful error code during buffer allocation Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 007/113] tty: max310x: Fix invalid baudrate divisors calculator Greg Kroah-Hartman
                   ` (112 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thinh Nguyen, Sasha Levin

[ Upstream commit 561759292774707b71ee61aecc07724905bb7ef1 ]

If the device rejects the control transfer to enable device-initiated
U1/U2 entry, then the device will not initiate U1/U2 transition. To
improve the performance, the downstream port should not initate
transition to U1/U2 to avoid the delay from the device link command
response (no packet can be transmitted while waiting for a response from
the device). If the device has some quirks and does not implement U1/U2,
it may reject all the link state change requests, and the downstream
port may resend and flood the bus with more requests. This will affect
the device performance even further. This patch disables the
hub-initated U1/U2 if the device-initiated U1/U2 entry fails.

Reference: USB 3.2 spec 7.2.4.2.3

Signed-off-by: Thinh Nguyen <thinhn@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/core/hub.c | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index f4e8e869649a..8018f813972e 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -3961,6 +3961,9 @@ static int usb_set_lpm_timeout(struct usb_device *udev,
  * control transfers to set the hub timeout or enable device-initiated U1/U2
  * will be successful.
  *
+ * If the control transfer to enable device-initiated U1/U2 entry fails, then
+ * hub-initiated U1/U2 will be disabled.
+ *
  * If we cannot set the parent hub U1/U2 timeout, we attempt to let the xHCI
  * driver know about it.  If that call fails, it should be harmless, and just
  * take up more slightly more bus bandwidth for unnecessary U1/U2 exit latency.
@@ -4015,23 +4018,24 @@ static void usb_enable_link_state(struct usb_hcd *hcd, struct usb_device *udev,
 		 * host know that this link state won't be enabled.
 		 */
 		hcd->driver->disable_usb3_lpm_timeout(hcd, udev, state);
-	} else {
-		/* Only a configured device will accept the Set Feature
-		 * U1/U2_ENABLE
-		 */
-		if (udev->actconfig)
-			usb_set_device_initiated_lpm(udev, state, true);
+		return;
+	}
 
-		/* As soon as usb_set_lpm_timeout(timeout) returns 0, the
-		 * hub-initiated LPM is enabled. Thus, LPM is enabled no
-		 * matter the result of usb_set_device_initiated_lpm().
-		 * The only difference is whether device is able to initiate
-		 * LPM.
-		 */
+	/* Only a configured device will accept the Set Feature
+	 * U1/U2_ENABLE
+	 */
+	if (udev->actconfig &&
+	    usb_set_device_initiated_lpm(udev, state, true) == 0) {
 		if (state == USB3_LPM_U1)
 			udev->usb3_lpm_u1_enabled = 1;
 		else if (state == USB3_LPM_U2)
 			udev->usb3_lpm_u2_enabled = 1;
+	} else {
+		/* Don't request U1/U2 entry if the device
+		 * cannot transition to U1/U2.
+		 */
+		usb_set_lpm_timeout(udev, state, 0);
+		hcd->driver->disable_usb3_lpm_timeout(hcd, udev, state);
 	}
 }
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 007/113] tty: max310x: Fix invalid baudrate divisors calculator
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 006/113] usb: core: hub: Disable hub-initiated U1/U2 Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 008/113] pinctrl: rockchip: fix leaked of_node references Greg Kroah-Hartman
                   ` (111 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Serge Semin, Sasha Levin

[ Upstream commit 35240ba26a932b279a513f66fa4cabfd7af55221 ]

Current calculator doesn't do it' job quite correct. First of all the
max310x baud-rates generator supports the divisor being less than 16.
In this case the x2/x4 modes can be used to double or quadruple
the reference frequency. But the current baud-rate setter function
just filters all these modes out by the first condition and setups
these modes only if there is a clocks-baud division remainder. The former
doesn't seem right at all, since enabling the x2/x4 modes causes the line
noise tolerance reduction and should be only used as a last resort to
enable a requested too high baud-rate.

Finally the fraction is supposed to be calculated from D = Fref/(c*baud)
formulae, but not from D % 16, which causes the precision loss. So to speak
the current baud-rate calculator code works well only if the baud perfectly
fits to the uart reference input frequency.

Lets fix the calculator by implementing the algo fully compliant with
the fractional baud-rate generator described in the datasheet:
D = Fref / (c*baud), where c={16,8,4} is the x1/x2/x4 rate mode
respectively, Fref - reference input frequency. The divisor fraction is
calculated from the same formulae, but making sure it is found with a
resolution of 0.0625 (four bits).

Signed-off-by: Serge Semin <fancer.lancer@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/max310x.c | 51 ++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 20 deletions(-)

diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c
index 38c48a02b920..bd3e6cf81af5 100644
--- a/drivers/tty/serial/max310x.c
+++ b/drivers/tty/serial/max310x.c
@@ -491,37 +491,48 @@ static bool max310x_reg_precious(struct device *dev, unsigned int reg)
 
 static int max310x_set_baud(struct uart_port *port, int baud)
 {
-	unsigned int mode = 0, clk = port->uartclk, div = clk / baud;
+	unsigned int mode = 0, div = 0, frac = 0, c = 0, F = 0;
 
-	/* Check for minimal value for divider */
-	if (div < 16)
-		div = 16;
-
-	if (clk % baud && (div / 16) < 0x8000) {
+	/*
+	 * Calculate the integer divisor first. Select a proper mode
+	 * in case if the requested baud is too high for the pre-defined
+	 * clocks frequency.
+	 */
+	div = port->uartclk / baud;
+	if (div < 8) {
+		/* Mode x4 */
+		c = 4;
+		mode = MAX310X_BRGCFG_4XMODE_BIT;
+	} else if (div < 16) {
 		/* Mode x2 */
+		c = 8;
 		mode = MAX310X_BRGCFG_2XMODE_BIT;
-		clk = port->uartclk * 2;
-		div = clk / baud;
-
-		if (clk % baud && (div / 16) < 0x8000) {
-			/* Mode x4 */
-			mode = MAX310X_BRGCFG_4XMODE_BIT;
-			clk = port->uartclk * 4;
-			div = clk / baud;
-		}
+	} else {
+		c = 16;
 	}
 
-	max310x_port_write(port, MAX310X_BRGDIVMSB_REG, (div / 16) >> 8);
-	max310x_port_write(port, MAX310X_BRGDIVLSB_REG, div / 16);
-	max310x_port_write(port, MAX310X_BRGCFG_REG, (div % 16) | mode);
+	/* Calculate the divisor in accordance with the fraction coefficient */
+	div /= c;
+	F = c*baud;
+
+	/* Calculate the baud rate fraction */
+	if (div > 0)
+		frac = (16*(port->uartclk % F)) / F;
+	else
+		div = 1;
+
+	max310x_port_write(port, MAX310X_BRGDIVMSB_REG, div >> 8);
+	max310x_port_write(port, MAX310X_BRGDIVLSB_REG, div);
+	max310x_port_write(port, MAX310X_BRGCFG_REG, frac | mode);
 
-	return DIV_ROUND_CLOSEST(clk, div);
+	/* Return the actual baud rate we just programmed */
+	return (16*port->uartclk) / (c*(16*div + frac));
 }
 
 static int max310x_update_best_err(unsigned long f, long *besterr)
 {
 	/* Use baudrate 115200 for calculate error */
-	long err = f % (115200 * 16);
+	long err = f % (460800 * 16);
 
 	if ((*besterr < 0) || (*besterr > err)) {
 		*besterr = err;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 008/113] pinctrl: rockchip: fix leaked of_node references
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 007/113] tty: max310x: Fix invalid baudrate divisors calculator Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 009/113] tty: serial: cpm_uart - fix init when SMC is relocated Greg Kroah-Hartman
                   ` (110 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wen Yang, Linus Walleij,
	Heiko Stuebner, linux-gpio, linux-rockchip, Sasha Levin

[ Upstream commit 3c89c70634bb0b6f48512de873e7a45c7e1fbaa5 ]

The call to of_parse_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.

Detected by coccinelle with the following warnings:
./drivers/pinctrl/pinctrl-rockchip.c:3221:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 3196, but without a corresponding object release within this function.
./drivers/pinctrl/pinctrl-rockchip.c:3223:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 3196, but without a corresponding object release within this function.

Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Heiko Stuebner <heiko@sntech.de>
Cc: linux-gpio@vger.kernel.org
Cc: linux-rockchip@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pinctrl/pinctrl-rockchip.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/pinctrl/pinctrl-rockchip.c b/drivers/pinctrl/pinctrl-rockchip.c
index f4a61429e06e..8d83817935da 100644
--- a/drivers/pinctrl/pinctrl-rockchip.c
+++ b/drivers/pinctrl/pinctrl-rockchip.c
@@ -3172,6 +3172,7 @@ static int rockchip_get_bank_data(struct rockchip_pin_bank *bank,
 						    base,
 						    &rockchip_regmap_config);
 		}
+		of_node_put(node);
 	}
 
 	bank->irq = irq_of_parse_and_map(bank->of_node, 0);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 009/113] tty: serial: cpm_uart - fix init when SMC is relocated
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 008/113] pinctrl: rockchip: fix leaked of_node references Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 010/113] drm/amd/display: Fill prescale_params->scale for RGB565 Greg Kroah-Hartman
                   ` (109 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Sasha Levin

[ Upstream commit 06aaa3d066db87e8478522d910285141d44b1e58 ]

SMC relocation can also be activated earlier by the bootloader,
so the driver's behaviour cannot rely on selected kernel config.

When the SMC is relocated, CPM_CR_INIT_TRX cannot be used.

But the only thing CPM_CR_INIT_TRX does is to clear the
rstate and tstate registers, so this can be done manually,
even when SMC is not relocated.

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Fixes: 9ab921201444 ("cpm_uart: fix non-console port startup bug")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/cpm_uart/cpm_uart_core.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/drivers/tty/serial/cpm_uart/cpm_uart_core.c b/drivers/tty/serial/cpm_uart/cpm_uart_core.c
index e5389591bb4f..ad40c75bb58f 100644
--- a/drivers/tty/serial/cpm_uart/cpm_uart_core.c
+++ b/drivers/tty/serial/cpm_uart/cpm_uart_core.c
@@ -407,7 +407,16 @@ static int cpm_uart_startup(struct uart_port *port)
 			clrbits16(&pinfo->sccp->scc_sccm, UART_SCCM_RX);
 		}
 		cpm_uart_initbd(pinfo);
-		cpm_line_cr_cmd(pinfo, CPM_CR_INIT_TRX);
+		if (IS_SMC(pinfo)) {
+			out_be32(&pinfo->smcup->smc_rstate, 0);
+			out_be32(&pinfo->smcup->smc_tstate, 0);
+			out_be16(&pinfo->smcup->smc_rbptr,
+				 in_be16(&pinfo->smcup->smc_rbase));
+			out_be16(&pinfo->smcup->smc_tbptr,
+				 in_be16(&pinfo->smcup->smc_tbase));
+		} else {
+			cpm_line_cr_cmd(pinfo, CPM_CR_INIT_TRX);
+		}
 	}
 	/* Install interrupt handler. */
 	retval = request_irq(port->irq, cpm_uart_int, 0, "cpm_uart", port);
@@ -861,16 +870,14 @@ static void cpm_uart_init_smc(struct uart_cpm_port *pinfo)
 	         (u8 __iomem *)pinfo->tx_bd_base - DPRAM_BASE);
 
 /*
- *  In case SMC1 is being relocated...
+ *  In case SMC is being relocated...
  */
-#if defined (CONFIG_I2C_SPI_SMC1_UCODE_PATCH)
 	out_be16(&up->smc_rbptr, in_be16(&pinfo->smcup->smc_rbase));
 	out_be16(&up->smc_tbptr, in_be16(&pinfo->smcup->smc_tbase));
 	out_be32(&up->smc_rstate, 0);
 	out_be32(&up->smc_tstate, 0);
 	out_be16(&up->smc_brkcr, 1);              /* number of break chars */
 	out_be16(&up->smc_brkec, 0);
-#endif
 
 	/* Set up the uart parameters in the
 	 * parameter ram.
@@ -884,8 +891,6 @@ static void cpm_uart_init_smc(struct uart_cpm_port *pinfo)
 	out_be16(&up->smc_brkec, 0);
 	out_be16(&up->smc_brkcr, 1);
 
-	cpm_line_cr_cmd(pinfo, CPM_CR_INIT_TRX);
-
 	/* Set UART mode, 8 bit, no parity, one stop.
 	 * Enable receive and transmit.
 	 */
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 010/113] drm/amd/display: Fill prescale_params->scale for RGB565
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 009/113] tty: serial: cpm_uart - fix init when SMC is relocated Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 011/113] drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE Greg Kroah-Hartman
                   ` (108 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nicholas Kazlauskas, Roman Li,
	Bhawanpreet Lakha, Alex Deucher, Sasha Levin

[ Upstream commit 1352c779cb74d427f4150cbe779a2f7886f70cae ]

[Why]
An assertion is thrown when using SURFACE_PIXEL_FORMAT_GRPH_RGB565
formats on DCE since the prescale_params->scale wasn't being filled.

Found by a dmesg-fail when running the
igt@kms_plane@pixel-format-pipe-a-planes test on Baffin.

[How]
Fill in the scale parameter.

Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Roman Li <Roman.Li@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
index 53ccacf99eca..c3ad2bbec1a5 100644
--- a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
@@ -242,6 +242,9 @@ static void build_prescale_params(struct ipp_prescale_params *prescale_params,
 	prescale_params->mode = IPP_PRESCALE_MODE_FIXED_UNSIGNED;
 
 	switch (plane_state->format) {
+	case SURFACE_PIXEL_FORMAT_GRPH_RGB565:
+		prescale_params->scale = 0x2082;
+		break;
 	case SURFACE_PIXEL_FORMAT_GRPH_ARGB8888:
 	case SURFACE_PIXEL_FORMAT_GRPH_ABGR8888:
 		prescale_params->scale = 0x2020;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 011/113] drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 010/113] drm/amd/display: Fill prescale_params->scale for RGB565 Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 012/113] drm/amd/display: Disable ABM before destroy ABM struct Greg Kroah-Hartman
                   ` (107 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Emily Deng, Tiecheng Zhou,
	Christian König, Alex Deucher, Sasha Levin

[ Upstream commit fe2b5323d2c3cedaa3bf943dc7a0d233c853c914 ]

it requires to initialize HDP_NONSURFACE_BASE, so as to avoid
using the value left by a previous VM under sriov scenario.

v2: it should not hurt baremetal, generalize it for both sriov
and baremetal

Signed-off-by: Emily Deng <Emily.Deng@amd.com>
Signed-off-by: Tiecheng Zhou <Tiecheng.Zhou@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c
index 72f8018fa2a8..ede27dab675f 100644
--- a/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c
@@ -1037,6 +1037,9 @@ static int gmc_v9_0_gart_enable(struct amdgpu_device *adev)
 	tmp = RREG32_SOC15(HDP, 0, mmHDP_HOST_PATH_CNTL);
 	WREG32_SOC15(HDP, 0, mmHDP_HOST_PATH_CNTL, tmp);
 
+	WREG32_SOC15(HDP, 0, mmHDP_NONSURFACE_BASE, (adev->gmc.vram_start >> 8));
+	WREG32_SOC15(HDP, 0, mmHDP_NONSURFACE_BASE_HI, (adev->gmc.vram_start >> 40));
+
 	/* After HDP is initialized, flush HDP.*/
 	adev->nbio_funcs->hdp_flush(adev, NULL);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 012/113] drm/amd/display: Disable ABM before destroy ABM struct
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 011/113] drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 013/113] drm/amdkfd: Fix a potential memory leak Greg Kroah-Hartman
                   ` (106 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Paul Hsieh, Anthony Koo,
	Bhawanpreet Lakha, Alex Deucher, Sasha Levin

[ Upstream commit 1090d58d4815b1fcd95a80987391006c86398b4c ]

[Why]
When disable driver, OS will set backlight optimization
then do stop device.  But this flag will cause driver to
enable ABM when driver disabled.

[How]
Send ABM disable command before destroy ABM construct

Signed-off-by: Paul Hsieh <paul.hsieh@amd.com>
Reviewed-by: Anthony Koo <Anthony.Koo@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/display/dc/dce/dce_abm.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_abm.c b/drivers/gpu/drm/amd/display/dc/dce/dce_abm.c
index 29294db1a96b..070ab56a8aca 100644
--- a/drivers/gpu/drm/amd/display/dc/dce/dce_abm.c
+++ b/drivers/gpu/drm/amd/display/dc/dce/dce_abm.c
@@ -474,6 +474,8 @@ void dce_abm_destroy(struct abm **abm)
 {
 	struct dce_abm *abm_dce = TO_DCE_ABM(*abm);
 
+	abm_dce->base.funcs->set_abm_immediate_disable(*abm);
+
 	kfree(abm_dce);
 	*abm = NULL;
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 013/113] drm/amdkfd: Fix a potential memory leak
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 012/113] drm/amd/display: Disable ABM before destroy ABM struct Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 014/113] drm/amdkfd: Fix sdma queue map issue Greg Kroah-Hartman
                   ` (105 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Oak Zeng, Felix Kuehling,
	Alex Deucher, Sasha Levin

[ Upstream commit e73390d181103a19e1111ec2f25559a0570e9fe0 ]

Free mqd_mem_obj it GTT buffer allocation for MQD+control stack fails.

Signed-off-by: Oak Zeng <ozeng@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c
index 0cedb37cf513..985bebde5a34 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c
@@ -75,6 +75,7 @@ static int init_mqd(struct mqd_manager *mm, void **mqd,
 	struct v9_mqd *m;
 	struct kfd_dev *kfd = mm->dev;
 
+	*mqd_mem_obj = NULL;
 	/* From V9,  for CWSR, the control stack is located on the next page
 	 * boundary after the mqd, we will use the gtt allocation function
 	 * instead of sub-allocation function.
@@ -92,8 +93,10 @@ static int init_mqd(struct mqd_manager *mm, void **mqd,
 	} else
 		retval = kfd_gtt_sa_allocate(mm->dev, sizeof(struct v9_mqd),
 				mqd_mem_obj);
-	if (retval != 0)
+	if (retval) {
+		kfree(*mqd_mem_obj);
 		return -ENOMEM;
+	}
 
 	m = (struct v9_mqd *) (*mqd_mem_obj)->cpu_ptr;
 	addr = (*mqd_mem_obj)->gpu_addr;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 014/113] drm/amdkfd: Fix sdma queue map issue
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 013/113] drm/amdkfd: Fix a potential memory leak Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 015/113] drm/edid: Fix a missing-check bug in drm_load_edid_firmware() Greg Kroah-Hartman
                   ` (104 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Oak Zeng, Felix Kuehling,
	Alex Deucher, Sasha Levin

[ Upstream commit 065e4bdfa1f3ab2884c110394d8b7e7ebe3b988c ]

Previous codes assumes there are two sdma engines.
This is not true e.g., Raven only has 1 SDMA engine.
Fix the issue by using sdma engine number info in
device_info.

Signed-off-by: Oak Zeng <Oak.Zeng@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../drm/amd/amdkfd/kfd_device_queue_manager.c | 21 +++++++++++--------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
index 4f22e745df51..189212cb3547 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
@@ -1268,12 +1268,17 @@ int amdkfd_fence_wait_timeout(unsigned int *fence_addr,
 	return 0;
 }
 
-static int unmap_sdma_queues(struct device_queue_manager *dqm,
-				unsigned int sdma_engine)
+static int unmap_sdma_queues(struct device_queue_manager *dqm)
 {
-	return pm_send_unmap_queue(&dqm->packets, KFD_QUEUE_TYPE_SDMA,
-			KFD_UNMAP_QUEUES_FILTER_DYNAMIC_QUEUES, 0, false,
-			sdma_engine);
+	int i, retval = 0;
+
+	for (i = 0; i < dqm->dev->device_info->num_sdma_engines; i++) {
+		retval = pm_send_unmap_queue(&dqm->packets, KFD_QUEUE_TYPE_SDMA,
+			KFD_UNMAP_QUEUES_FILTER_DYNAMIC_QUEUES, 0, false, i);
+		if (retval)
+			return retval;
+	}
+	return retval;
 }
 
 /* dqm->lock mutex has to be locked before calling this function */
@@ -1312,10 +1317,8 @@ static int unmap_queues_cpsch(struct device_queue_manager *dqm,
 	pr_debug("Before destroying queues, sdma queue count is : %u\n",
 		dqm->sdma_queue_count);
 
-	if (dqm->sdma_queue_count > 0) {
-		unmap_sdma_queues(dqm, 0);
-		unmap_sdma_queues(dqm, 1);
-	}
+	if (dqm->sdma_queue_count > 0)
+		unmap_sdma_queues(dqm);
 
 	retval = pm_send_unmap_queue(&dqm->packets, KFD_QUEUE_TYPE_COMPUTE,
 			filter, filter_param, false, 0);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 015/113] drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 014/113] drm/amdkfd: Fix sdma queue map issue Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 016/113] PCI: Return error if cannot probe VF Greg Kroah-Hartman
                   ` (103 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Gen Zhang, Jani Nikula, Sasha Levin

[ Upstream commit 9f1f1a2dab38d4ce87a13565cf4dc1b73bef3a5f ]

In drm_load_edid_firmware(), fwstr is allocated by kstrdup(). And fwstr
is dereferenced in the following codes. However, memory allocation
functions such as kstrdup() may fail and returns NULL. Dereferencing
this null pointer may cause the kernel go wrong. Thus we should check
this kstrdup() operation.
Further, if kstrdup() returns NULL, we should return ERR_PTR(-ENOMEM) to
the caller site.

Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190524023222.GA5302@zhanggen-UX430UQ
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/drm_edid_load.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/drm_edid_load.c b/drivers/gpu/drm/drm_edid_load.c
index a4915099aaa9..a0e107abc40d 100644
--- a/drivers/gpu/drm/drm_edid_load.c
+++ b/drivers/gpu/drm/drm_edid_load.c
@@ -290,6 +290,8 @@ struct edid *drm_load_edid_firmware(struct drm_connector *connector)
 	 * the last one found one as a fallback.
 	 */
 	fwstr = kstrdup(edid_firmware, GFP_KERNEL);
+	if (!fwstr)
+		return ERR_PTR(-ENOMEM);
 	edidstr = fwstr;
 
 	while ((edidname = strsep(&edidstr, ","))) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 016/113] PCI: Return error if cannot probe VF
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 015/113] drm/edid: Fix a missing-check bug in drm_load_edid_firmware() Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 017/113] drm/bridge: tc358767: read display_props in get_modes() Greg Kroah-Hartman
                   ` (102 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alex Williamson, Bjorn Helgaas, Sasha Levin

[ Upstream commit 76002d8b48c4b08c9bd414517dd295e132ad910b ]

Commit 0e7df22401a3 ("PCI: Add sysfs sriov_drivers_autoprobe to control
VF driver binding") allows the user to specify that drivers for VFs of
a PF should not be probed, but it actually causes pci_device_probe() to
return success back to the driver core in this case.  Therefore by all
sysfs appearances the device is bound to a driver, the driver link from
the device exists as does the device link back from the driver, yet the
driver's probe function is never called on the device.  We also fail to
do any sort of cleanup when we're prohibited from probing the device,
the IRQ setup remains in place and we even hold a device reference.

Instead, abort with errno before any setup or references are taken when
pci_device_can_probe() prevents us from trying to probe the device.

Link: https://lore.kernel.org/lkml/155672991496.20698.4279330795743262888.stgit@gimli.home
Fixes: 0e7df22401a3 ("PCI: Add sysfs sriov_drivers_autoprobe to control VF driver binding")
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/pci-driver.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c
index 33f3f475e5c6..956ee7527d2c 100644
--- a/drivers/pci/pci-driver.c
+++ b/drivers/pci/pci-driver.c
@@ -414,6 +414,9 @@ static int pci_device_probe(struct device *dev)
 	struct pci_dev *pci_dev = to_pci_dev(dev);
 	struct pci_driver *drv = to_pci_driver(dev->driver);
 
+	if (!pci_device_can_probe(pci_dev))
+		return -ENODEV;
+
 	pci_assign_irq(pci_dev);
 
 	error = pcibios_alloc_irq(pci_dev);
@@ -421,12 +424,10 @@ static int pci_device_probe(struct device *dev)
 		return error;
 
 	pci_dev_get(pci_dev);
-	if (pci_device_can_probe(pci_dev)) {
-		error = __pci_device_probe(drv, pci_dev);
-		if (error) {
-			pcibios_free_irq(pci_dev);
-			pci_dev_put(pci_dev);
-		}
+	error = __pci_device_probe(drv, pci_dev);
+	if (error) {
+		pcibios_free_irq(pci_dev);
+		pci_dev_put(pci_dev);
 	}
 
 	return error;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 017/113] drm/bridge: tc358767: read display_props in get_modes()
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 016/113] PCI: Return error if cannot probe VF Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 018/113] drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz Greg Kroah-Hartman
                   ` (101 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tomi Valkeinen, Andrzej Hajda, Sasha Levin

[ Upstream commit 3231573065ad4f4ecc5c9147b24f29f846dc0c2f ]

We need to know the link bandwidth to filter out modes we cannot
support, so we need to have read the display props before doing the
filtering.

To ensure we have up to date display props, call tc_get_display_props()
in the beginning of tc_connector_get_modes().

Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Reviewed-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190528082747.3631-22-tomi.valkeinen@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/bridge/tc358767.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/gpu/drm/bridge/tc358767.c b/drivers/gpu/drm/bridge/tc358767.c
index 391547358756..aaca5248da07 100644
--- a/drivers/gpu/drm/bridge/tc358767.c
+++ b/drivers/gpu/drm/bridge/tc358767.c
@@ -1149,6 +1149,13 @@ static int tc_connector_get_modes(struct drm_connector *connector)
 	struct tc_data *tc = connector_to_tc(connector);
 	struct edid *edid;
 	unsigned int count;
+	int ret;
+
+	ret = tc_get_display_props(tc);
+	if (ret < 0) {
+		dev_err(tc->dev, "failed to read display props: %d\n", ret);
+		return 0;
+	}
 
 	if (tc->panel && tc->panel->funcs && tc->panel->funcs->get_modes) {
 		count = tc->panel->funcs->get_modes(tc->panel);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 018/113] drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 017/113] drm/bridge: tc358767: read display_props in get_modes() Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 019/113] gpu: host1x: Increase maximum DMA segment size Greg Kroah-Hartman
                   ` (100 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jyri Sarha, Andrzej Hajda,
	Laurent Pinchart, Sasha Levin

[ Upstream commit 8dbfc5b65023b67397aca28e8adb25c819f6398c ]

The pixel clock unit in the first two registers (0x00 and 0x01) of
sii9022 is 10kHz, not 1kHz as in struct drm_display_mode. Division by
10 fixes the issue.

Signed-off-by: Jyri Sarha <jsarha@ti.com>
Reviewed-by: Andrzej Hajda <a.hajda@samsung.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1a2a8eae0b9d6333e7a5841026bf7fd65c9ccd09.1558964241.git.jsarha@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/bridge/sii902x.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/bridge/sii902x.c b/drivers/gpu/drm/bridge/sii902x.c
index e59a13542333..0cc6dbbcddcf 100644
--- a/drivers/gpu/drm/bridge/sii902x.c
+++ b/drivers/gpu/drm/bridge/sii902x.c
@@ -261,10 +261,11 @@ static void sii902x_bridge_mode_set(struct drm_bridge *bridge,
 	struct regmap *regmap = sii902x->regmap;
 	u8 buf[HDMI_INFOFRAME_SIZE(AVI)];
 	struct hdmi_avi_infoframe frame;
+	u16 pixel_clock_10kHz = adj->clock / 10;
 	int ret;
 
-	buf[0] = adj->clock;
-	buf[1] = adj->clock >> 8;
+	buf[0] = pixel_clock_10kHz & 0xff;
+	buf[1] = pixel_clock_10kHz >> 8;
 	buf[2] = adj->vrefresh;
 	buf[3] = 0x00;
 	buf[4] = adj->hdisplay;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 019/113] gpu: host1x: Increase maximum DMA segment size
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 018/113] drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 020/113] drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry Greg Kroah-Hartman
                   ` (99 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thierry Reding, Sasha Levin

[ Upstream commit 1e390478cfb527e34c9ab89ba57212cb05c33c51 ]

Recent versions of the DMA API debug code have started to warn about
violations of the maximum DMA segment size. This is because the segment
size defaults to 64 KiB, which can easily be exceeded in large buffer
allocations such as used in DRM/KMS for framebuffers.

Technically the Tegra SMMU and ARM SMMU don't have a maximum segment
size (they map individual pages irrespective of whether they are
contiguous or not), so the choice of 4 MiB is a bit arbitrary here. The
maximum segment size is a 32-bit unsigned integer, though, so we can't
set it to the correct maximum size, which would be the size of the
aperture.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/host1x/bus.c | 3 +++
 include/linux/host1x.h   | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/drivers/gpu/host1x/bus.c b/drivers/gpu/host1x/bus.c
index 815bdb42e3f0..0121fe7a4548 100644
--- a/drivers/gpu/host1x/bus.c
+++ b/drivers/gpu/host1x/bus.c
@@ -423,6 +423,9 @@ static int host1x_device_add(struct host1x *host1x,
 
 	of_dma_configure(&device->dev, host1x->dev->of_node, true);
 
+	device->dev.dma_parms = &device->dma_parms;
+	dma_set_max_seg_size(&device->dev, SZ_4M);
+
 	err = host1x_device_parse_dt(device, driver);
 	if (err < 0) {
 		kfree(device);
diff --git a/include/linux/host1x.h b/include/linux/host1x.h
index 89110d896d72..aef6e2f73802 100644
--- a/include/linux/host1x.h
+++ b/include/linux/host1x.h
@@ -310,6 +310,8 @@ struct host1x_device {
 	struct list_head clients;
 
 	bool registered;
+
+	struct device_dma_parameters dma_parms;
 };
 
 static inline struct host1x_device *to_host1x_device(struct device *dev)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 020/113] drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 019/113] gpu: host1x: Increase maximum DMA segment size Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 021/113] drm/crc-debugfs: Also sprinkle irqrestore over early exits Greg Kroah-Hartman
                   ` (98 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Rodrigo Siqueira, Tomeu Vizoso,
	Emil Velikov, Benjamin Gaignard, Ville Syrjälä,
	Daniel Vetter, Sasha Levin

[ Upstream commit 1882018a70e06376234133e69ede9dd743b4dbd9 ]

We can be called from any context, we need to be prepared.

Noticed this while hacking on vkms, which calls this function from a
normal worker. Which really upsets lockdep.

Cc: Rodrigo Siqueira <rodrigosiqueiramelo@gmail.com>
Cc: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Cc: Emil Velikov <emil.velikov@collabora.com>
Cc: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Reviewed-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190605194556.16744-1-daniel.vetter@ffwll.ch
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/drm_debugfs_crc.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/drm_debugfs_crc.c b/drivers/gpu/drm/drm_debugfs_crc.c
index 99961192bf03..a334a82fcb36 100644
--- a/drivers/gpu/drm/drm_debugfs_crc.c
+++ b/drivers/gpu/drm/drm_debugfs_crc.c
@@ -379,8 +379,9 @@ int drm_crtc_add_crc_entry(struct drm_crtc *crtc, bool has_frame,
 	struct drm_crtc_crc *crc = &crtc->crc;
 	struct drm_crtc_crc_entry *entry;
 	int head, tail;
+	unsigned long flags;
 
-	spin_lock(&crc->lock);
+	spin_lock_irqsave(&crc->lock, flags);
 
 	/* Caller may not have noticed yet that userspace has stopped reading */
 	if (!crc->entries) {
@@ -411,7 +412,7 @@ int drm_crtc_add_crc_entry(struct drm_crtc *crtc, bool has_frame,
 	head = (head + 1) & (DRM_CRC_ENTRIES_NR - 1);
 	crc->head = head;
 
-	spin_unlock(&crc->lock);
+	spin_unlock_irqrestore(&crc->lock, flags);
 
 	wake_up_interruptible(&crc->wq);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 021/113] drm/crc-debugfs: Also sprinkle irqrestore over early exits
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 020/113] drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 022/113] memstick: Fix error cleanup path of memstick_init Greg Kroah-Hartman
                   ` (97 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Rodrigo Siqueira, Tomeu Vizoso,
	Emil Velikov, Benjamin Gaignard, Ville Syrjälä,
	Daniel Vetter, Sasha Levin

[ Upstream commit d99004d7201aa653658ff2390d6e516567c96ebc ]

I. was. blind.

Caught with vkms, which has some really slow crc computation function.

Fixes: 1882018a70e0 ("drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry")
Cc: Rodrigo Siqueira <rodrigosiqueiramelo@gmail.com>
Cc: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Cc: Emil Velikov <emil.velikov@collabora.com>
Cc: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190606211544.5389-1-daniel.vetter@ffwll.ch
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/drm_debugfs_crc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/drm_debugfs_crc.c b/drivers/gpu/drm/drm_debugfs_crc.c
index a334a82fcb36..c88e5ff41add 100644
--- a/drivers/gpu/drm/drm_debugfs_crc.c
+++ b/drivers/gpu/drm/drm_debugfs_crc.c
@@ -385,7 +385,7 @@ int drm_crtc_add_crc_entry(struct drm_crtc *crtc, bool has_frame,
 
 	/* Caller may not have noticed yet that userspace has stopped reading */
 	if (!crc->entries) {
-		spin_unlock(&crc->lock);
+		spin_unlock_irqrestore(&crc->lock, flags);
 		return -EINVAL;
 	}
 
@@ -396,7 +396,7 @@ int drm_crtc_add_crc_entry(struct drm_crtc *crtc, bool has_frame,
 		bool was_overflow = crc->overflow;
 
 		crc->overflow = true;
-		spin_unlock(&crc->lock);
+		spin_unlock_irqrestore(&crc->lock, flags);
 
 		if (!was_overflow)
 			DRM_ERROR("Overflow of CRC buffer, userspace reads too slow.\n");
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 022/113] memstick: Fix error cleanup path of memstick_init
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 021/113] drm/crc-debugfs: Also sprinkle irqrestore over early exits Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 023/113] tty/serial: digicolor: Fix digicolor-usart already registered warning Greg Kroah-Hartman
                   ` (96 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Hai, Ulf Hansson,
	Sasha Levin

[ Upstream commit 65f1a0d39c289bb6fc85635528cd36c4b07f560e ]

If bus_register fails. On its error handling path, it has cleaned up
what it has done. There is no need to call bus_unregister again.
Otherwise, if bus_unregister is called, issues such as null-ptr-deref
will arise.

Syzkaller report this:

kobject_add_internal failed for memstick (error: -12 parent: bus)
BUG: KASAN: null-ptr-deref in sysfs_remove_file_ns+0x1b/0x40 fs/sysfs/file.c:467
Read of size 8 at addr 0000000000000078 by task syz-executor.0/4460

Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa9/0x10e lib/dump_stack.c:113
 __kasan_report+0x171/0x18d mm/kasan/report.c:321
 kasan_report+0xe/0x20 mm/kasan/common.c:614
 sysfs_remove_file_ns+0x1b/0x40 fs/sysfs/file.c:467
 sysfs_remove_file include/linux/sysfs.h:519 [inline]
 bus_remove_file+0x6c/0x90 drivers/base/bus.c:145
 remove_probe_files drivers/base/bus.c:599 [inline]
 bus_unregister+0x6e/0x100 drivers/base/bus.c:916 ? 0xffffffffc1590000
 memstick_init+0x7a/0x1000 [memstick]
 do_one_initcall+0xb9/0x3b5 init/main.c:914
 do_init_module+0xe0/0x330 kernel/module.c:3468
 load_module+0x38eb/0x4270 kernel/module.c:3819
 __do_sys_finit_module+0x162/0x190 kernel/module.c:3909
 do_syscall_64+0x72/0x2a0 arch/x86/entry/common.c:298
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: baf8532a147d ("memstick: initial commit for Sony MemoryStick support")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai26@huawei.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/memstick/core/memstick.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c
index 1246d69ba187..b1564cacd19e 100644
--- a/drivers/memstick/core/memstick.c
+++ b/drivers/memstick/core/memstick.c
@@ -629,13 +629,18 @@ static int __init memstick_init(void)
 		return -ENOMEM;
 
 	rc = bus_register(&memstick_bus_type);
-	if (!rc)
-		rc = class_register(&memstick_host_class);
+	if (rc)
+		goto error_destroy_workqueue;
 
-	if (!rc)
-		return 0;
+	rc = class_register(&memstick_host_class);
+	if (rc)
+		goto error_bus_unregister;
+
+	return 0;
 
+error_bus_unregister:
 	bus_unregister(&memstick_bus_type);
+error_destroy_workqueue:
 	destroy_workqueue(workqueue);
 
 	return rc;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 023/113] tty/serial: digicolor: Fix digicolor-usart already registered warning
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 022/113] memstick: Fix error cleanup path of memstick_init Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 024/113] tty: serial: msm_serial: avoid system lockup condition Greg Kroah-Hartman
                   ` (95 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hulk Robot, Kefeng Wang,
	Baruch Siach, Sasha Levin

[ Upstream commit c7ad9ba0611c53cfe194223db02e3bca015f0674 ]

When modprobe/rmmod/modprobe module, if platform_driver_register() fails,
the kernel complained,

  proc_dir_entry 'driver/digicolor-usart' already registered
  WARNING: CPU: 1 PID: 5636 at fs/proc/generic.c:360 proc_register+0x19d/0x270

Fix this by adding uart_unregister_driver() when platform_driver_register() fails.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/digicolor-usart.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/tty/serial/digicolor-usart.c b/drivers/tty/serial/digicolor-usart.c
index f460cca139e2..13ac36e2da4f 100644
--- a/drivers/tty/serial/digicolor-usart.c
+++ b/drivers/tty/serial/digicolor-usart.c
@@ -541,7 +541,11 @@ static int __init digicolor_uart_init(void)
 	if (ret)
 		return ret;
 
-	return platform_driver_register(&digicolor_uart_platform);
+	ret = platform_driver_register(&digicolor_uart_platform);
+	if (ret)
+		uart_unregister_driver(&digicolor_uart);
+
+	return ret;
 }
 module_init(digicolor_uart_init);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 024/113] tty: serial: msm_serial: avoid system lockup condition
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 023/113] tty/serial: digicolor: Fix digicolor-usart already registered warning Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-31 19:05   ` Pavel Machek
  2019-07-29 19:21 ` [PATCH 4.19 025/113] serial: 8250: Fix TX interrupt handling condition Greg Kroah-Hartman
                   ` (94 subsequent siblings)
  118 siblings, 1 reply; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jorge Ramirez-Ortiz, Sasha Levin

[ Upstream commit ba3684f99f1b25d2a30b6956d02d339d7acb9799 ]

The function msm_wait_for_xmitr can be taken with interrupts
disabled. In order to avoid a potential system lockup - demonstrated
under stress testing conditions on SoC QCS404/5 - make sure we wait
for a bounded amount of time.

Tested on SoC QCS404.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/msm_serial.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
index 0f41b936da03..310bbae515b0 100644
--- a/drivers/tty/serial/msm_serial.c
+++ b/drivers/tty/serial/msm_serial.c
@@ -383,10 +383,14 @@ static void msm_request_rx_dma(struct msm_port *msm_port, resource_size_t base)
 
 static inline void msm_wait_for_xmitr(struct uart_port *port)
 {
+	unsigned int timeout = 500000;
+
 	while (!(msm_read(port, UART_SR) & UART_SR_TX_EMPTY)) {
 		if (msm_read(port, UART_ISR) & UART_ISR_TX_READY)
 			break;
 		udelay(1);
+		if (!timeout--)
+			break;
 	}
 	msm_write(port, UART_CR_CMD_RESET_TX_READY, UART_CR);
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 025/113] serial: 8250: Fix TX interrupt handling condition
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 024/113] tty: serial: msm_serial: avoid system lockup condition Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 026/113] drm/amd/display: Always allocate initial connector state state Greg Kroah-Hartman
                   ` (93 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kimmo Rautkoski, Sasha Levin

[ Upstream commit db1b5bc047b3cadaedab3826bba82c3d9e023c4b ]

Interrupt handler checked THRE bit (transmitter holding register
empty) in LSR to detect if TX fifo is empty.
In case when there is only receive interrupts the TX handling
got called because THRE bit in LSR is set when there is no
transmission (FIFO empty). TX handling caused TX stop, which in
RS-485 half-duplex mode actually resets receiver FIFO. This is not
desired during reception because of possible data loss.

The fix is to check if THRI is set in IER in addition of the TX
fifo status. THRI in IER is set when TX is started and cleared
when TX is stopped.
This ensures that TX handling is only called when there is really
transmission on going and an interrupt for THRE and not when there
are only RX interrupts.

Signed-off-by: Kimmo Rautkoski <ext-kimmo.rautkoski@vaisala.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/8250/8250_port.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index e26d87b6ffc5..aa4de6907f77 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -1874,7 +1874,8 @@ int serial8250_handle_irq(struct uart_port *port, unsigned int iir)
 			status = serial8250_rx_chars(up, status);
 	}
 	serial8250_modem_status(up);
-	if ((!up->dma || up->dma->tx_err) && (status & UART_LSR_THRE))
+	if ((!up->dma || up->dma->tx_err) && (status & UART_LSR_THRE) &&
+		(up->ier & UART_IER_THRI))
 		serial8250_tx_chars(up);
 
 	spin_unlock_irqrestore(&port->lock, flags);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 026/113] drm/amd/display: Always allocate initial connector state state
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 025/113] serial: 8250: Fix TX interrupt handling condition Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 027/113] drm/virtio: Add memory barriers for capset cache Greg Kroah-Hartman
                   ` (92 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nicholas Kazlauskas, Leo Li,
	Alex Deucher, Sasha Levin

[ Upstream commit f04bee34d6e35df26cbb2d65e801adfd0d8fe20d ]

[Why]
Unlike our regular connectors, MST connectors don't start off with
an initial connector state. This causes a NULL pointer dereference to
occur when attaching the bpc property since it tries to modify the
connector state.

We need an initial connector state on the connector to avoid the crash.

[How]
Use our reset helper to allocate an initial state and reset the values
to their defaults. We were already doing this before, just not for
MST connectors.

Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index dac7978f5ee1..221de241535a 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -3644,6 +3644,13 @@ void amdgpu_dm_connector_init_helper(struct amdgpu_display_manager *dm,
 {
 	struct amdgpu_device *adev = dm->ddev->dev_private;
 
+	/*
+	 * Some of the properties below require access to state, like bpc.
+	 * Allocate some default initial connector state with our reset helper.
+	 */
+	if (aconnector->base.funcs->reset)
+		aconnector->base.funcs->reset(&aconnector->base);
+
 	aconnector->connector_id = link_index;
 	aconnector->dc_link = link;
 	aconnector->base.interlace_allowed = false;
@@ -3811,9 +3818,6 @@ static int amdgpu_dm_connector_init(struct amdgpu_display_manager *dm,
 			&aconnector->base,
 			&amdgpu_dm_connector_helper_funcs);
 
-	if (aconnector->base.funcs->reset)
-		aconnector->base.funcs->reset(&aconnector->base);
-
 	amdgpu_dm_connector_init_helper(
 		dm,
 		aconnector,
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 027/113] drm/virtio: Add memory barriers for capset cache.
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 026/113] drm/amd/display: Always allocate initial connector state state Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 028/113] phy: renesas: rcar-gen2: Fix memory leak at error paths Greg Kroah-Hartman
                   ` (91 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, David Riley, Gerd Hoffmann, Sasha Levin

[ Upstream commit 9ff3a5c88e1f1ab17a31402b96d45abe14aab9d7 ]

After data is copied to the cache entry, atomic_set is used indicate
that the data is the entry is valid without appropriate memory barriers.
Similarly the read side was missing the corresponding memory barriers.

Signed-off-by: David Riley <davidriley@chromium.org>
Link: http://patchwork.freedesktop.org/patch/msgid/20190610211810.253227-5-davidriley@chromium.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/virtio/virtgpu_ioctl.c | 3 +++
 drivers/gpu/drm/virtio/virtgpu_vq.c    | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
index 7bdf6f0e58a5..8d2f5ded86d6 100644
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -528,6 +528,9 @@ static int virtio_gpu_get_caps_ioctl(struct drm_device *dev,
 	if (!ret)
 		return -EBUSY;
 
+	/* is_valid check must proceed before copy of the cache entry. */
+	smp_rmb();
+
 	ptr = cache_ent->caps_cache;
 
 copy_exit:
diff --git a/drivers/gpu/drm/virtio/virtgpu_vq.c b/drivers/gpu/drm/virtio/virtgpu_vq.c
index 020070d483d3..c8a581b1f4c4 100644
--- a/drivers/gpu/drm/virtio/virtgpu_vq.c
+++ b/drivers/gpu/drm/virtio/virtgpu_vq.c
@@ -588,6 +588,8 @@ static void virtio_gpu_cmd_capset_cb(struct virtio_gpu_device *vgdev,
 		    cache_ent->id == le32_to_cpu(cmd->capset_id)) {
 			memcpy(cache_ent->caps_cache, resp->capset_data,
 			       cache_ent->size);
+			/* Copy must occur before is_valid is signalled. */
+			smp_wmb();
 			atomic_set(&cache_ent->is_valid, 1);
 			break;
 		}
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 028/113] phy: renesas: rcar-gen2: Fix memory leak at error paths
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 027/113] drm/virtio: Add memory barriers for capset cache Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 029/113] drm/amd/display: fix compilation error Greg Kroah-Hartman
                   ` (90 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Julia Lawall, Yoshihiro Shimoda,
	Geert Uytterhoeven, Kishon Vijay Abraham I, Sasha Levin

[ Upstream commit d4a36e82924d3305a17ac987a510f3902df5a4b2 ]

This patch fixes memory leak at error paths of the probe function.
In for_each_child_of_node, if the loop returns, the driver should
call of_put_node() before returns.

Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Fixes: 1233f59f745b237 ("phy: Renesas R-Car Gen2 PHY driver")
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/phy/renesas/phy-rcar-gen2.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/phy/renesas/phy-rcar-gen2.c b/drivers/phy/renesas/phy-rcar-gen2.c
index 97d4dd6ea924..aa02b19b7e0e 100644
--- a/drivers/phy/renesas/phy-rcar-gen2.c
+++ b/drivers/phy/renesas/phy-rcar-gen2.c
@@ -288,6 +288,7 @@ static int rcar_gen2_phy_probe(struct platform_device *pdev)
 		error = of_property_read_u32(np, "reg", &channel_num);
 		if (error || channel_num > 2) {
 			dev_err(dev, "Invalid \"reg\" property\n");
+			of_node_put(np);
 			return error;
 		}
 		channel->select_mask = select_mask[channel_num];
@@ -303,6 +304,7 @@ static int rcar_gen2_phy_probe(struct platform_device *pdev)
 						   &rcar_gen2_phy_ops);
 			if (IS_ERR(phy->phy)) {
 				dev_err(dev, "Failed to create PHY\n");
+				of_node_put(np);
 				return PTR_ERR(phy->phy);
 			}
 			phy_set_drvdata(phy->phy, phy);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 029/113] drm/amd/display: fix compilation error
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 028/113] phy: renesas: rcar-gen2: Fix memory leak at error paths Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 030/113] powerpc/pseries/mobility: prevent cpu hotplug during DT update Greg Kroah-Hartman
                   ` (89 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hariprasad Kelam, Alex Deucher, Sasha Levin

[ Upstream commit 88099f53cc3717437f5fc9cf84205c5b65118377 ]

this patch fixes below compilation error

drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_hw_sequencer.c: In
function ‘dcn10_apply_ctx_for_surface’:
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_hw_sequencer.c:2378:3:
error: implicit declaration of function ‘udelay’
[-Werror=implicit-function-declaration]
   udelay(underflow_check_delay_us);

Signed-off-by: Hariprasad Kelam <hariprasad.kelam@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index 7736ef123e9b..ead221ccb93e 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -23,6 +23,7 @@
  *
  */
 
+#include <linux/delay.h>
 #include "dm_services.h"
 #include "core_types.h"
 #include "resource.h"
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 030/113] powerpc/pseries/mobility: prevent cpu hotplug during DT update
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 029/113] drm/amd/display: fix compilation error Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 031/113] drm/rockchip: Properly adjust to a true clock in adjusted_mode Greg Kroah-Hartman
                   ` (88 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nathan Lynch, Gautham R. Shenoy,
	Michael Ellerman, Sasha Levin

[ Upstream commit e59a175faa8df9d674247946f2a5a9c29c835725 ]

CPU online/offline code paths are sensitive to parts of the device
tree (various cpu node properties, cache nodes) that can be changed as
a result of a migration.

Prevent CPU hotplug while the device tree potentially is inconsistent.

Fixes: 410bccf97881 ("powerpc/pseries: Partition migration in the kernel")
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Reviewed-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/platforms/pseries/mobility.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c
index f0e30dc94988..7b60fcf04dc4 100644
--- a/arch/powerpc/platforms/pseries/mobility.c
+++ b/arch/powerpc/platforms/pseries/mobility.c
@@ -9,6 +9,7 @@
  * 2 as published by the Free Software Foundation.
  */
 
+#include <linux/cpu.h>
 #include <linux/kernel.h>
 #include <linux/kobject.h>
 #include <linux/smp.h>
@@ -344,11 +345,19 @@ void post_mobility_fixup(void)
 	if (rc)
 		printk(KERN_ERR "Post-mobility activate-fw failed: %d\n", rc);
 
+	/*
+	 * We don't want CPUs to go online/offline while the device
+	 * tree is being updated.
+	 */
+	cpus_read_lock();
+
 	rc = pseries_devicetree_update(MIGRATION_SCOPE);
 	if (rc)
 		printk(KERN_ERR "Post-mobility device tree update "
 			"failed: %d\n", rc);
 
+	cpus_read_unlock();
+
 	/* Possibly switch to a new RFI flush type */
 	pseries_setup_rfi_flush();
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 031/113] drm/rockchip: Properly adjust to a true clock in adjusted_mode
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 030/113] powerpc/pseries/mobility: prevent cpu hotplug during DT update Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:21 ` [PATCH 4.19 032/113] serial: imx: fix locking in set_termios() Greg Kroah-Hartman
                   ` (87 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Douglas Anderson, Sean Paul,
	Yakir Yang, Heiko Stuebner, Sasha Levin

[ Upstream commit 99b9683f2142b20bad78e61f7f829e8714e45685 ]

When fixing up the clock in vop_crtc_mode_fixup() we're not doing it
quite correctly.  Specifically if we've got the true clock 266666667 Hz,
we'll perform this calculation:
   266666667 / 1000 => 266666

Later when we try to set the clock we'll do clk_set_rate(266666 *
1000).  The common clock framework won't actually pick the proper clock
in this case since it always wants clocks <= the specified one.

Let's solve this by using DIV_ROUND_UP.

Fixes: b59b8de31497 ("drm/rockchip: return a true clock rate to adjusted_mode")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Reviewed-by: Yakir Yang <ykk@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20190614224730.98622-1-dianders@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
index f8f9ae6622eb..873624a11ce8 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
@@ -880,7 +880,8 @@ static bool vop_crtc_mode_fixup(struct drm_crtc *crtc,
 	struct vop *vop = to_vop(crtc);
 
 	adjusted_mode->clock =
-		clk_round_rate(vop->dclk, mode->clock * 1000) / 1000;
+		DIV_ROUND_UP(clk_round_rate(vop->dclk, mode->clock * 1000),
+			     1000);
 
 	return true;
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 032/113] serial: imx: fix locking in set_termios()
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 031/113] drm/rockchip: Properly adjust to a true clock in adjusted_mode Greg Kroah-Hartman
@ 2019-07-29 19:21 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 033/113] tty: serial_core: Set port active bit in uart_port_activate Greg Kroah-Hartman
                   ` (86 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sergey Organov, Sasha Levin

[ Upstream commit 4e828c3e09201512be5ee162393f334321f7cf01 ]

imx_uart_set_termios() called imx_uart_rts_active(), or
imx_uart_rts_inactive() before taking port->port.lock.

As a consequence, sport->port.mctrl that these functions modify
could have been changed without holding port->port.lock.

Moved locking of port->port.lock above the calls to fix the issue.

Signed-off-by: Sergey Organov <sorganov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/imx.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c
index 0f67197a3783..105de92b0b3b 100644
--- a/drivers/tty/serial/imx.c
+++ b/drivers/tty/serial/imx.c
@@ -382,6 +382,7 @@ static void imx_uart_ucrs_restore(struct imx_port *sport,
 }
 #endif
 
+/* called with port.lock taken and irqs caller dependent */
 static void imx_uart_rts_active(struct imx_port *sport, u32 *ucr2)
 {
 	*ucr2 &= ~(UCR2_CTSC | UCR2_CTS);
@@ -390,6 +391,7 @@ static void imx_uart_rts_active(struct imx_port *sport, u32 *ucr2)
 	mctrl_gpio_set(sport->gpios, sport->port.mctrl);
 }
 
+/* called with port.lock taken and irqs caller dependent */
 static void imx_uart_rts_inactive(struct imx_port *sport, u32 *ucr2)
 {
 	*ucr2 &= ~UCR2_CTSC;
@@ -399,6 +401,7 @@ static void imx_uart_rts_inactive(struct imx_port *sport, u32 *ucr2)
 	mctrl_gpio_set(sport->gpios, sport->port.mctrl);
 }
 
+/* called with port.lock taken and irqs caller dependent */
 static void imx_uart_rts_auto(struct imx_port *sport, u32 *ucr2)
 {
 	*ucr2 |= UCR2_CTSC;
@@ -1554,6 +1557,16 @@ imx_uart_set_termios(struct uart_port *port, struct ktermios *termios,
 		old_csize = CS8;
 	}
 
+	del_timer_sync(&sport->timer);
+
+	/*
+	 * Ask the core to calculate the divisor for us.
+	 */
+	baud = uart_get_baud_rate(port, termios, old, 50, port->uartclk / 16);
+	quot = uart_get_divisor(port, baud);
+
+	spin_lock_irqsave(&sport->port.lock, flags);
+
 	if ((termios->c_cflag & CSIZE) == CS8)
 		ucr2 = UCR2_WS | UCR2_SRST | UCR2_IRTS;
 	else
@@ -1597,16 +1610,6 @@ imx_uart_set_termios(struct uart_port *port, struct ktermios *termios,
 			ucr2 |= UCR2_PROE;
 	}
 
-	del_timer_sync(&sport->timer);
-
-	/*
-	 * Ask the core to calculate the divisor for us.
-	 */
-	baud = uart_get_baud_rate(port, termios, old, 50, port->uartclk / 16);
-	quot = uart_get_divisor(port, baud);
-
-	spin_lock_irqsave(&sport->port.lock, flags);
-
 	sport->port.read_status_mask = 0;
 	if (termios->c_iflag & INPCK)
 		sport->port.read_status_mask |= (URXD_FRMERR | URXD_PRERR);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 033/113] tty: serial_core: Set port active bit in uart_port_activate
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2019-07-29 19:21 ` [PATCH 4.19 032/113] serial: imx: fix locking in set_termios() Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 034/113] usb: gadget: Zero ffs_io_data Greg Kroah-Hartman
                   ` (85 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Serge Semin, Sasha Levin

[ Upstream commit 13b18d35909707571af9539f7731389fbf0feb31 ]

A bug was introduced by commit b3b576461864 ("tty: serial_core: convert
uart_open to use tty_port_open"). It caused a constant warning printed
into the system log regarding the tty and port counter mismatch:

[   21.644197] ttyS ttySx: tty_port_close_start: tty->count = 1 port count = 2

in case if session hangup was detected so the warning is printed starting
from the second open-close iteration.

Particularly the problem was discovered in situation when there is a
serial tty device without hardware back-end being setup. It is considered
by the tty-serial subsystems as a hardware problem with session hang up.
In this case uart_startup() will return a positive value with TTY_IO_ERROR
flag set in corresponding tty_struct instance. The same value will get
passed to be returned from the activate() callback and then being returned
from tty_port_open(). But since in this case tty_port_block_til_ready()
isn't called the TTY_PORT_ACTIVE flag isn't set (while the method had been
called before tty_port_open conversion was introduced and the rest of the
subsystem code expected the bit being set in this case), which prevents the
uart_hangup() method to perform any cleanups including the tty port
counter setting to zero. So the next attempt to open/close the tty device
will discover the counters mismatch.

In order to fix the problem we need to manually set the TTY_PORT_ACTIVE
flag in case if uart_startup() returned a positive value. In this case
the hang up procedure will perform a full set of cleanup actions including
the port ref-counter resetting.

Fixes: b3b576461864 "tty: serial_core: convert uart_open to use tty_port_open"
Signed-off-by: Serge Semin <fancer.lancer@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/serial_core.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
index 8dbeb14a1e3a..fe9261ffe3db 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -1738,6 +1738,7 @@ static int uart_port_activate(struct tty_port *port, struct tty_struct *tty)
 {
 	struct uart_state *state = container_of(port, struct uart_state, port);
 	struct uart_port *uport;
+	int ret;
 
 	uport = uart_port_check(state);
 	if (!uport || uport->flags & UPF_DEAD)
@@ -1748,7 +1749,11 @@ static int uart_port_activate(struct tty_port *port, struct tty_struct *tty)
 	/*
 	 * Start up the serial port.
 	 */
-	return uart_startup(tty, state, 0);
+	ret = uart_startup(tty, state, 0);
+	if (ret > 0)
+		tty_port_set_active(port, 1);
+
+	return ret;
 }
 
 static const char *uart_type(struct uart_port *port)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 034/113] usb: gadget: Zero ffs_io_data
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 033/113] tty: serial_core: Set port active bit in uart_port_activate Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 035/113] mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width Greg Kroah-Hartman
                   ` (84 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrzej Pietrasiewicz, Felipe Balbi,
	Sasha Levin

[ Upstream commit 508595515f4bcfe36246e4a565cf280937aeaade ]

In some cases the "Allocate & copy" block in ffs_epfile_io() is not
executed. Consequently, in such a case ffs_alloc_buffer() is never called
and struct ffs_io_data is not initialized properly. This in turn leads to
problems when ffs_free_buffer() is called at the end of ffs_epfile_io().

This patch uses kzalloc() instead of kmalloc() in the aio case and memset()
in non-aio case to properly initialize struct ffs_io_data.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/gadget/function/f_fs.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index aa15593a3ac4..2050993fb58b 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1101,11 +1101,12 @@ static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
 	ENTER();
 
 	if (!is_sync_kiocb(kiocb)) {
-		p = kmalloc(sizeof(io_data), GFP_KERNEL);
+		p = kzalloc(sizeof(io_data), GFP_KERNEL);
 		if (unlikely(!p))
 			return -ENOMEM;
 		p->aio = true;
 	} else {
+		memset(p, 0, sizeof(*p));
 		p->aio = false;
 	}
 
@@ -1137,11 +1138,12 @@ static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
 	ENTER();
 
 	if (!is_sync_kiocb(kiocb)) {
-		p = kmalloc(sizeof(io_data), GFP_KERNEL);
+		p = kzalloc(sizeof(io_data), GFP_KERNEL);
 		if (unlikely(!p))
 			return -ENOMEM;
 		p->aio = true;
 	} else {
+		memset(p, 0, sizeof(*p));
 		p->aio = false;
 	}
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 035/113] mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 034/113] usb: gadget: Zero ffs_io_data Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 036/113] powerpc/pci/of: Fix OF flags parsing for 64bit BARs Greg Kroah-Hartman
                   ` (83 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Raul E Rangel, Adrian Hunter,
	Ulf Hansson, Sasha Levin

[ Upstream commit de23f0b757766d9fae59df97da6e8bdc5b231351 ]

The O2 controller supports 8-bit EMMC access.

JESD84-B51 section A.6.3.a defines the bus testing procedure that
`mmc_select_bus_width()` implements. This is used to determine the actual
bus width of the eMMC.

Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/host/sdhci-pci-o2micro.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/drivers/mmc/host/sdhci-pci-o2micro.c b/drivers/mmc/host/sdhci-pci-o2micro.c
index fa8d9da2ab7f..e248d7945c06 100644
--- a/drivers/mmc/host/sdhci-pci-o2micro.c
+++ b/drivers/mmc/host/sdhci-pci-o2micro.c
@@ -290,11 +290,21 @@ int sdhci_pci_o2_probe_slot(struct sdhci_pci_slot *slot)
 {
 	struct sdhci_pci_chip *chip;
 	struct sdhci_host *host;
-	u32 reg;
+	u32 reg, caps;
 	int ret;
 
 	chip = slot->chip;
 	host = slot->host;
+
+	caps = sdhci_readl(host, SDHCI_CAPABILITIES);
+
+	/*
+	 * mmc_select_bus_width() will test the bus to determine the actual bus
+	 * width.
+	 */
+	if (caps & SDHCI_CAN_DO_8BIT)
+		host->mmc->caps |= MMC_CAP_8_BIT_DATA;
+
 	switch (chip->pdev->device) {
 	case PCI_DEVICE_ID_O2_SDS0:
 	case PCI_DEVICE_ID_O2_SEABIRD0:
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 036/113] powerpc/pci/of: Fix OF flags parsing for 64bit BARs
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 035/113] mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 037/113] drm/msm: Depopulate platform on probe failure Greg Kroah-Hartman
                   ` (82 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexey Kardashevskiy, Sam Bobroff,
	Oliver OHalloran, Shawn Anastasio, Michael Ellerman, Sasha Levin

[ Upstream commit df5be5be8735ef2ae80d5ae1f2453cd81a035c4b ]

When the firmware does PCI BAR resource allocation, it passes the assigned
addresses and flags (prefetch/64bit/...) via the "reg" property of
a PCI device device tree node so the kernel does not need to do
resource allocation.

The flags are stored in resource::flags - the lower byte stores
PCI_BASE_ADDRESS_SPACE/etc bits and the other bytes are IORESOURCE_IO/etc.
Some flags from PCI_BASE_ADDRESS_xxx and IORESOURCE_xxx are duplicated,
such as PCI_BASE_ADDRESS_MEM_PREFETCH/PCI_BASE_ADDRESS_MEM_TYPE_64/etc.
When parsing the "reg" property, we copy the prefetch flag but we skip
on PCI_BASE_ADDRESS_MEM_TYPE_64 which leaves the flags out of sync.

The missing IORESOURCE_MEM_64 flag comes into play under 2 conditions:
1. we remove PCI_PROBE_ONLY for pseries (by hacking pSeries_setup_arch()
or by passing "/chosen/linux,pci-probe-only");
2. we request resource alignment (by passing pci=resource_alignment=
via the kernel cmd line to request PAGE_SIZE alignment or defining
ppc_md.pcibios_default_alignment which returns anything but 0). Note that
the alignment requests are ignored if PCI_PROBE_ONLY is enabled.

With 1) and 2), the generic PCI code in the kernel unconditionally
decides to:
- reassign the BARs in pci_specified_resource_alignment() (works fine)
- write new BARs to the device - this fails for 64bit BARs as the generic
code looks at IORESOURCE_MEM_64 (not set) and writes only lower 32bits
of the BAR and leaves the upper 32bit unmodified which breaks BAR mapping
in the hypervisor.

This fixes the issue by copying the flag. This is useful if we want to
enforce certain BAR alignment per platform as handling subpage sized BARs
is proven to cause problems with hotplug (SLOF already aligns BARs to 64k).

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Sam Bobroff <sbobroff@linux.ibm.com>
Reviewed-by: Oliver O'Halloran <oohall@gmail.com>
Reviewed-by: Shawn Anastasio <shawn@anastas.io>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/kernel/pci_of_scan.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/powerpc/kernel/pci_of_scan.c b/arch/powerpc/kernel/pci_of_scan.c
index 98f04725def7..c101b321dece 100644
--- a/arch/powerpc/kernel/pci_of_scan.c
+++ b/arch/powerpc/kernel/pci_of_scan.c
@@ -45,6 +45,8 @@ unsigned int pci_parse_of_flags(u32 addr0, int bridge)
 	if (addr0 & 0x02000000) {
 		flags = IORESOURCE_MEM | PCI_BASE_ADDRESS_SPACE_MEMORY;
 		flags |= (addr0 >> 22) & PCI_BASE_ADDRESS_MEM_TYPE_64;
+		if (flags & PCI_BASE_ADDRESS_MEM_TYPE_64)
+			flags |= IORESOURCE_MEM_64;
 		flags |= (addr0 >> 28) & PCI_BASE_ADDRESS_MEM_TYPE_1M;
 		if (addr0 & 0x40000000)
 			flags |= IORESOURCE_PREFETCH
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 037/113] drm/msm: Depopulate platform on probe failure
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 036/113] powerpc/pci/of: Fix OF flags parsing for 64bit BARs Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 038/113] serial: mctrl_gpio: Check if GPIO property exisits before requesting it Greg Kroah-Hartman
                   ` (81 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Rob Clark, Sean Paul, Sasha Levin

[ Upstream commit 4368a1539c6b41ac3cddc06f5a5117952998804c ]

add_display_components() calls of_platform_populate, and we depopluate
on pdev remove, but not when probe fails. So if we get a probe deferral
in one of the components, we won't depopulate the platform. This causes
the core to keep references to devices which should be destroyed, which
causes issues when those same devices try to re-initialize on the next
probe attempt.

I think this is the reason we had issues with the gmu's device-managed
resources on deferral (worked around in commit 94e3a17f33a5).

Reviewed-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20190617201301.133275-3-sean@poorly.run
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/msm/msm_drv.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
index c1abad8a8612..ed9a3a1e50ef 100644
--- a/drivers/gpu/drm/msm/msm_drv.c
+++ b/drivers/gpu/drm/msm/msm_drv.c
@@ -1321,16 +1321,24 @@ static int msm_pdev_probe(struct platform_device *pdev)
 
 	ret = add_gpu_components(&pdev->dev, &match);
 	if (ret)
-		return ret;
+		goto fail;
 
 	/* on all devices that I am aware of, iommu's which can map
 	 * any address the cpu can see are used:
 	 */
 	ret = dma_set_mask_and_coherent(&pdev->dev, ~0);
 	if (ret)
-		return ret;
+		goto fail;
+
+	ret = component_master_add_with_match(&pdev->dev, &msm_drm_ops, match);
+	if (ret)
+		goto fail;
 
-	return component_master_add_with_match(&pdev->dev, &msm_drm_ops, match);
+	return 0;
+
+fail:
+	of_platform_depopulate(&pdev->dev);
+	return ret;
 }
 
 static int msm_pdev_remove(struct platform_device *pdev)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 038/113] serial: mctrl_gpio: Check if GPIO property exisits before requesting it
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 037/113] drm/msm: Depopulate platform on probe failure Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-31 18:19   ` Pavel Machek
  2019-07-29 19:22 ` [PATCH 4.19 039/113] PCI: sysfs: Ignore lockdep for remove attribute Greg Kroah-Hartman
                   ` (80 subsequent siblings)
  118 siblings, 1 reply; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Stefan Roese, Mika Westerberg,
	Andy Shevchenko, Yegor Yefremov, Giulio Benetti, Sasha Levin

[ Upstream commit d99482673f950817b30caf3fcdfb31179b050ce1 ]

This patch adds a check for the GPIOs property existence, before the
GPIO is requested. This fixes an issue seen when the 8250 mctrl_gpio
support is added (2nd patch in this patch series) on x86 platforms using
ACPI.

Here Mika's comments from 2016-08-09:

"
I noticed that with v4.8-rc1 serial console of some of our Broxton
systems does not work properly anymore. I'm able to see output but input
does not work.

I bisected it down to commit 4ef03d328769eddbfeca1f1c958fdb181a69c341
("tty/serial/8250: use mctrl_gpio helpers").

The reason why it fails is that in ACPI we do not have names for GPIOs
(except when _DSD is used) so we use the "idx" to index into _CRS GPIO
resources. Now mctrl_gpio_init_noauto() goes through a list of GPIOs
calling devm_gpiod_get_index_optional() passing "idx" of 0 for each. The
UART device in Broxton has following (simplified) ACPI description:

    Device (URT4)
    {
        ...
        Name (_CRS, ResourceTemplate () {
            GpioIo (Exclusive, PullDefault, 0x0000, 0x0000, IoRestrictionOutputOnly,
                    "\\_SB.GPO0", 0x00, ResourceConsumer)
            {
                0x003A
            }
            GpioIo (Exclusive, PullDefault, 0x0000, 0x0000, IoRestrictionOutputOnly,
                    "\\_SB.GPO0", 0x00, ResourceConsumer)
            {
                0x003D
            }
        })

In this case it finds the first GPIO (0x003A which happens to be RX pin
for that UART), turns it into GPIO which then breaks input for the UART
device. This also breaks systems with bluetooth connected to UART (those
typically have some GPIOs in their _CRS).

Any ideas how to fix this?

We cannot just drop the _CRS index lookup fallback because that would
break many existing machines out there so maybe we can limit this to
only DT enabled machines. Or alternatively probe if the property first
exists before trying to acquire the GPIOs (using
device_property_present()).
"

This patch implements the fix suggested by Mika in his statement above.

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Tested-by: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/serial_mctrl_gpio.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/drivers/tty/serial/serial_mctrl_gpio.c b/drivers/tty/serial/serial_mctrl_gpio.c
index 1c06325beaca..07f318603e74 100644
--- a/drivers/tty/serial/serial_mctrl_gpio.c
+++ b/drivers/tty/serial/serial_mctrl_gpio.c
@@ -12,6 +12,7 @@
 #include <linux/termios.h>
 #include <linux/serial_core.h>
 #include <linux/module.h>
+#include <linux/property.h>
 
 #include "serial_mctrl_gpio.h"
 
@@ -115,6 +116,19 @@ struct mctrl_gpios *mctrl_gpio_init_noauto(struct device *dev, unsigned int idx)
 
 	for (i = 0; i < UART_GPIO_MAX; i++) {
 		enum gpiod_flags flags;
+		char *gpio_str;
+		bool present;
+
+		/* Check if GPIO property exists and continue if not */
+		gpio_str = kasprintf(GFP_KERNEL, "%s-gpios",
+				     mctrl_gpios_desc[i].name);
+		if (!gpio_str)
+			continue;
+
+		present = device_property_present(dev, gpio_str);
+		kfree(gpio_str);
+		if (!present)
+			continue;
 
 		if (mctrl_gpios_desc[i].dir_out)
 			flags = GPIOD_OUT_LOW;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 039/113] PCI: sysfs: Ignore lockdep for remove attribute
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 038/113] serial: mctrl_gpio: Check if GPIO property exisits before requesting it Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 040/113] i2c: stm32f7: fix the get_irq error cases Greg Kroah-Hartman
                   ` (79 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Marek Vasut, Bjorn Helgaas,
	Geert Uytterhoeven, Phil Edworthy, Simon Horman, Tejun Heo,
	Wolfram Sang, Sasha Levin

[ Upstream commit dc6b698a86fe40a50525433eb8e92a267847f6f9 ]

With CONFIG_PROVE_LOCKING=y, using sysfs to remove a bridge with a device
below it causes a lockdep warning, e.g.,

  # echo 1 > /sys/class/pci_bus/0000:00/device/0000:00:00.0/remove
  ============================================
  WARNING: possible recursive locking detected
  ...
  pci_bus 0000:01: busn_res: [bus 01] is released

The remove recursively removes the subtree below the bridge.  Each call
uses a different lock so there's no deadlock, but the locks were all
created with the same lockdep key so the lockdep checker can't tell them
apart.

Mark the "remove" sysfs attribute with __ATTR_IGNORE_LOCKDEP() as it is
safe to ignore the lockdep check between different "remove" kernfs
instances.

There's discussion about a similar issue in USB at [1], which resulted in
356c05d58af0 ("sysfs: get rid of some lockdep false positives") and
e9b526fe7048 ("i2c: suppress lockdep warning on delete_device"), which do
basically the same thing for USB "remove" and i2c "delete_device" files.

[1] https://lore.kernel.org/r/Pine.LNX.4.44L0.1204251436140.1206-100000@iolanthe.rowland.org
Link: https://lore.kernel.org/r/20190526225151.3865-1-marek.vasut@gmail.com
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
[bhelgaas: trim commit log, details at above links]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Phil Edworthy <phil.edworthy@renesas.com>
Cc: Simon Horman <horms+renesas@verge.net.au>
Cc: Tejun Heo <tj@kernel.org>
Cc: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/pci-sysfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 9ecfe13157c0..1edf5a1836ea 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -478,7 +478,7 @@ static ssize_t remove_store(struct device *dev, struct device_attribute *attr,
 		pci_stop_and_remove_bus_device_locked(to_pci_dev(dev));
 	return count;
 }
-static struct device_attribute dev_remove_attr = __ATTR(remove,
+static struct device_attribute dev_remove_attr = __ATTR_IGNORE_LOCKDEP(remove,
 							(S_IWUSR|S_IWGRP),
 							NULL, remove_store);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 040/113] i2c: stm32f7: fix the get_irq error cases
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 039/113] PCI: sysfs: Ignore lockdep for remove attribute Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 041/113] kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS Greg Kroah-Hartman
                   ` (78 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Pierre-Yves MORDRET, Fabien Dessenne,
	Fabrice Gasnier, Wolfram Sang, Sasha Levin

[ Upstream commit 79b4499524ed659fb76323efc30f3dc03967c88f ]

During probe, return the "get_irq" error value instead of -EINVAL which
allows the driver to be deferred probed if needed.
Fix also the case where of_irq_get() returns a negative value.
Note :
On failure of_irq_get() returns 0 or a negative value while
platform_get_irq() returns a negative value.

Fixes: aeb068c57214 ("i2c: i2c-stm32f7: add driver")
Reviewed-by: Pierre-Yves MORDRET <pierre-yves.mordret@st.com>
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/i2c/busses/i2c-stm32f7.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/drivers/i2c/busses/i2c-stm32f7.c b/drivers/i2c/busses/i2c-stm32f7.c
index a492da9fd0d3..ac9c9486b834 100644
--- a/drivers/i2c/busses/i2c-stm32f7.c
+++ b/drivers/i2c/busses/i2c-stm32f7.c
@@ -24,7 +24,6 @@
 #include <linux/module.h>
 #include <linux/of.h>
 #include <linux/of_address.h>
-#include <linux/of_irq.h>
 #include <linux/of_platform.h>
 #include <linux/platform_device.h>
 #include <linux/reset.h>
@@ -1782,15 +1781,14 @@ static struct i2c_algorithm stm32f7_i2c_algo = {
 
 static int stm32f7_i2c_probe(struct platform_device *pdev)
 {
-	struct device_node *np = pdev->dev.of_node;
 	struct stm32f7_i2c_dev *i2c_dev;
 	const struct stm32f7_i2c_setup *setup;
 	struct resource *res;
-	u32 irq_error, irq_event, clk_rate, rise_time, fall_time;
+	u32 clk_rate, rise_time, fall_time;
 	struct i2c_adapter *adap;
 	struct reset_control *rst;
 	dma_addr_t phy_addr;
-	int ret;
+	int irq_error, irq_event, ret;
 
 	i2c_dev = devm_kzalloc(&pdev->dev, sizeof(*i2c_dev), GFP_KERNEL);
 	if (!i2c_dev)
@@ -1802,16 +1800,20 @@ static int stm32f7_i2c_probe(struct platform_device *pdev)
 		return PTR_ERR(i2c_dev->base);
 	phy_addr = (dma_addr_t)res->start;
 
-	irq_event = irq_of_parse_and_map(np, 0);
-	if (!irq_event) {
-		dev_err(&pdev->dev, "IRQ event missing or invalid\n");
-		return -EINVAL;
+	irq_event = platform_get_irq(pdev, 0);
+	if (irq_event <= 0) {
+		if (irq_event != -EPROBE_DEFER)
+			dev_err(&pdev->dev, "Failed to get IRQ event: %d\n",
+				irq_event);
+		return irq_event ? : -ENOENT;
 	}
 
-	irq_error = irq_of_parse_and_map(np, 1);
-	if (!irq_error) {
-		dev_err(&pdev->dev, "IRQ error missing or invalid\n");
-		return -EINVAL;
+	irq_error = platform_get_irq(pdev, 1);
+	if (irq_error <= 0) {
+		if (irq_error != -EPROBE_DEFER)
+			dev_err(&pdev->dev, "Failed to get IRQ error: %d\n",
+				irq_error);
+		return irq_error ? : -ENOENT;
 	}
 
 	i2c_dev->clk = devm_clk_get(&pdev->dev, NULL);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 041/113] kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 040/113] i2c: stm32f7: fix the get_irq error cases Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 042/113] genksyms: Teach parser about 128-bit built-in types Greg Kroah-Hartman
                   ` (77 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Peter Smith, Nathan Chancellor,
	Nick Desaulniers, Masahiro Yamada, Sasha Levin

[ Upstream commit 589834b3a0097a4908f4112eac0ca2feb486fa32 ]

In commit ebcc5928c5d9 ("arm64: Silence gcc warnings about arch ABI
drift"), the arm64 Makefile added -Wno-psabi to KBUILD_CFLAGS, which is
a GCC only option so clang rightfully complains:

warning: unknown warning option '-Wno-psabi' [-Wunknown-warning-option]

https://clang.llvm.org/docs/DiagnosticsReference.html#wunknown-warning-option

However, by default, this is merely a warning so the build happily goes
on with a slew of these warnings in the process.

Commit c3f0d0bc5b01 ("kbuild, LLVMLinux: Add -Werror to cc-option to
support clang") worked around this behavior in cc-option by adding
-Werror so that unknown flags cause an error. However, this all happens
silently and when an unknown flag is added to the build unconditionally
like -Wno-psabi, cc-option will always fail because there is always an
unknown flag in the list of flags. This manifested as link time failures
in the arm64 libstub because -fno-stack-protector didn't get added to
KBUILD_CFLAGS.

To avoid these weird cryptic failures in the future, make clang behave
like gcc and immediately error when it encounters an unknown flag by
adding -Werror=unknown-warning-option to CLANG_FLAGS. This can be added
unconditionally for clang because it is supported by at least 3.0.0,
according to godbolt [1] and 4.0.0, according to its documentation [2],
which is far earlier than we typically support.

[1]: https://godbolt.org/z/7F7rm3
[2]: https://releases.llvm.org/4.0.0/tools/clang/docs/DiagnosticsReference.html#wunknown-warning-option

Link: https://github.com/ClangBuiltLinux/linux/issues/511
Link: https://github.com/ClangBuiltLinux/linux/issues/517
Suggested-by: Peter Smith <peter.smith@linaro.org>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index a4463d880ae2..c1f38f4107d9 100644
--- a/Makefile
+++ b/Makefile
@@ -491,6 +491,7 @@ ifneq ($(GCC_TOOLCHAIN),)
 CLANG_FLAGS	+= --gcc-toolchain=$(GCC_TOOLCHAIN)
 endif
 CLANG_FLAGS	+= -no-integrated-as
+CLANG_FLAGS	+= -Werror=unknown-warning-option
 KBUILD_CFLAGS	+= $(CLANG_FLAGS)
 KBUILD_AFLAGS	+= $(CLANG_FLAGS)
 export CLANG_FLAGS
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 042/113] genksyms: Teach parser about 128-bit built-in types
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 041/113] kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 043/113] PCI: xilinx-nwl: Fix Multi MSI data programming Greg Kroah-Hartman
                   ` (76 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Will Deacon,
	Masahiro Yamada, Sasha Levin

[ Upstream commit a222061b85234d8a44486a46bd4df7e2cda52385 ]

__uint128_t crops up in a few files that export symbols to modules, so
teach genksyms about it and the other GCC built-in 128-bit integer types
so that we don't end up skipping the CRC generation for some symbols due
to the parser failing to spot them:

  | WARNING: EXPORT symbol "kernel_neon_begin" [vmlinux] version
  |          generation failed, symbol will not be versioned.
  | ld: arch/arm64/kernel/fpsimd.o: relocation R_AARCH64_ABS32 against
  |     `__crc_kernel_neon_begin' can not be used when making a shared
  |     object
  | ld: arch/arm64/kernel/fpsimd.o:(.data+0x0): dangerous relocation:
  |     unsupported relocation

Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 scripts/genksyms/keywords.c | 4 ++++
 scripts/genksyms/parse.y    | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/scripts/genksyms/keywords.c b/scripts/genksyms/keywords.c
index 9f40bcd17d07..f6956aa41366 100644
--- a/scripts/genksyms/keywords.c
+++ b/scripts/genksyms/keywords.c
@@ -24,6 +24,10 @@ static struct resword {
 	{ "__volatile__", VOLATILE_KEYW },
 	{ "__builtin_va_list", VA_LIST_KEYW },
 
+	{ "__int128", BUILTIN_INT_KEYW },
+	{ "__int128_t", BUILTIN_INT_KEYW },
+	{ "__uint128_t", BUILTIN_INT_KEYW },
+
 	// According to rth, c99 defines "_Bool", __restrict", __restrict__", "restrict".  KAO
 	{ "_Bool", BOOL_KEYW },
 	{ "_restrict", RESTRICT_KEYW },
diff --git a/scripts/genksyms/parse.y b/scripts/genksyms/parse.y
index 00a6d7e54971..1ebcf52cd0f9 100644
--- a/scripts/genksyms/parse.y
+++ b/scripts/genksyms/parse.y
@@ -76,6 +76,7 @@ static void record_compound(struct string_list **keyw,
 %token ATTRIBUTE_KEYW
 %token AUTO_KEYW
 %token BOOL_KEYW
+%token BUILTIN_INT_KEYW
 %token CHAR_KEYW
 %token CONST_KEYW
 %token DOUBLE_KEYW
@@ -263,6 +264,7 @@ simple_type_specifier:
 	| VOID_KEYW
 	| BOOL_KEYW
 	| VA_LIST_KEYW
+	| BUILTIN_INT_KEYW
 	| TYPE			{ (*$1)->tag = SYM_TYPEDEF; $$ = $1; }
 	;
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 043/113] PCI: xilinx-nwl: Fix Multi MSI data programming
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 042/113] genksyms: Teach parser about 128-bit built-in types Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 044/113] iio: iio-utils: Fix possible incorrect mask calculation Greg Kroah-Hartman
                   ` (75 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Bharat Kumar Gogada,
	Lorenzo Pieralisi, Sasha Levin

[ Upstream commit 181fa434d0514e40ebf6e9721f2b72700287b6e2 ]

According to the PCI Local Bus specification Revision 3.0,
section 6.8.1.3 (Message Control for MSI), endpoints that
are Multiple Message Capable as defined by bits [3:1] in
the Message Control for MSI can request a number of vectors
that is power of two aligned.

As specified in section 6.8.1.6 "Message data for MSI", the Multiple
Message Enable field (bits [6:4] of the Message Control register)
defines the number of low order message data bits the function is
permitted to modify to generate its system software allocated
vectors.

The MSI controller in the Xilinx NWL PCIe controller supports a number
of MSI vectors specified through a bitmap and the hwirq number for an
MSI, that is the value written in the MSI data TLP is determined by
the bitmap allocation.

For instance, in a situation where two endpoints sitting on
the PCI bus request the following MSI configuration, with
the current PCI Xilinx bitmap allocation code (that does not
align MSI vector allocation on a power of two boundary):

Endpoint #1: Requesting 1 MSI vector - allocated bitmap bits 0
Endpoint #2: Requesting 2 MSI vectors - allocated bitmap bits [1,2]

The bitmap value(s) corresponds to the hwirq number that is programmed
into the Message Data for MSI field in the endpoint MSI capability
and is detected by the root complex to fire the corresponding
MSI irqs. The value written in Message Data for MSI field corresponds
to the first bit allocated in the bitmap for Multi MSI vectors.

The current Xilinx NWL MSI allocation code allows a bitmap allocation
that is not a power of two boundaries, so endpoint #2, is allowed to
toggle Message Data bit[0] to differentiate between its two vectors
(meaning that the MSI data will be respectively 0x0 and 0x1 for the two
vectors allocated to endpoint #2).

This clearly aliases with the Endpoint #1 vector allocation, resulting
in a broken Multi MSI implementation.

Update the code to allocate MSI bitmap ranges with a power of two
alignment, fixing the bug.

Fixes: ab597d35ef11 ("PCI: xilinx-nwl: Add support for Xilinx NWL PCIe Host Controller")
Suggested-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Bharat Kumar Gogada <bharat.kumar.gogada@xilinx.com>
[lorenzo.pieralisi@arm.com: updated commit log]
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/pcie-xilinx-nwl.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c
index fb32840ce8e6..4850a1b8eec1 100644
--- a/drivers/pci/controller/pcie-xilinx-nwl.c
+++ b/drivers/pci/controller/pcie-xilinx-nwl.c
@@ -483,15 +483,13 @@ static int nwl_irq_domain_alloc(struct irq_domain *domain, unsigned int virq,
 	int i;
 
 	mutex_lock(&msi->lock);
-	bit = bitmap_find_next_zero_area(msi->bitmap, INT_PCI_MSI_NR, 0,
-					 nr_irqs, 0);
-	if (bit >= INT_PCI_MSI_NR) {
+	bit = bitmap_find_free_region(msi->bitmap, INT_PCI_MSI_NR,
+				      get_count_order(nr_irqs));
+	if (bit < 0) {
 		mutex_unlock(&msi->lock);
 		return -ENOSPC;
 	}
 
-	bitmap_set(msi->bitmap, bit, nr_irqs);
-
 	for (i = 0; i < nr_irqs; i++) {
 		irq_domain_set_info(domain, virq + i, bit + i, &nwl_irq_chip,
 				domain->host_data, handle_simple_irq,
@@ -509,7 +507,8 @@ static void nwl_irq_domain_free(struct irq_domain *domain, unsigned int virq,
 	struct nwl_msi *msi = &pcie->msi;
 
 	mutex_lock(&msi->lock);
-	bitmap_clear(msi->bitmap, data->hwirq, nr_irqs);
+	bitmap_release_region(msi->bitmap, data->hwirq,
+			      get_count_order(nr_irqs));
 	mutex_unlock(&msi->lock);
 }
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 044/113] iio: iio-utils: Fix possible incorrect mask calculation
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 043/113] PCI: xilinx-nwl: Fix Multi MSI data programming Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-30 18:51   ` Pavel Machek
  2019-07-29 19:22 ` [PATCH 4.19 045/113] powerpc/cacheflush: fix variable set but not used Greg Kroah-Hartman
                   ` (74 subsequent siblings)
  118 siblings, 1 reply; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Bastien Nocera, Jonathan Cameron,
	Sasha Levin

[ Upstream commit 208a68c8393d6041a90862992222f3d7943d44d6 ]

On some machines, iio-sensor-proxy was returning all 0's for IIO sensor
values. It turns out that the bits_used for this sensor is 32, which makes
the mask calculation:

*mask = (1 << 32) - 1;

If the compiler interprets the 1 literals as 32-bit ints, it generates
undefined behavior depending on compiler version and optimization level.
On my system, it optimizes out the shift, so the mask value becomes

*mask = (1) - 1;

With a mask value of 0, iio-sensor-proxy will always return 0 for every axis.

Avoid incorrect 0 values caused by compiler optimization.

See original fix by Brett Dutro <brett.dutro@gmail.com> in
iio-sensor-proxy:
https://github.com/hadess/iio-sensor-proxy/commit/9615ceac7c134d838660e209726cd86aa2064fd3

Signed-off-by: Bastien Nocera <hadess@hadess.net>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/iio/iio_utils.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/iio/iio_utils.c b/tools/iio/iio_utils.c
index 7a6d61c6c012..55272fef3b50 100644
--- a/tools/iio/iio_utils.c
+++ b/tools/iio/iio_utils.c
@@ -159,9 +159,9 @@ int iioutils_get_type(unsigned *is_signed, unsigned *bytes, unsigned *bits_used,
 			*be = (endianchar == 'b');
 			*bytes = padint / 8;
 			if (*bits_used == 64)
-				*mask = ~0;
+				*mask = ~(0ULL);
 			else
-				*mask = (1ULL << *bits_used) - 1;
+				*mask = (1ULL << *bits_used) - 1ULL;
 
 			*is_signed = (signchar == 's');
 			if (fclose(sysfsfp)) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 045/113] powerpc/cacheflush: fix variable set but not used
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (43 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 044/113] iio: iio-utils: Fix possible incorrect mask calculation Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 046/113] powerpc/xmon: Fix disabling tracing while in xmon Greg Kroah-Hartman
                   ` (73 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Qian Cai, Michael Ellerman, Sasha Levin

[ Upstream commit 04db3ede40ae4fc23a5c4237254c4a53bbe4c1f2 ]

The powerpc's flush_cache_vmap() is defined as a macro and never use
both of its arguments, so it will generate a compilation warning,

lib/ioremap.c: In function 'ioremap_page_range':
lib/ioremap.c:203:16: warning: variable 'start' set but not used
[-Wunused-but-set-variable]

Fix it by making it an inline function.

Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/include/asm/cacheflush.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/include/asm/cacheflush.h b/arch/powerpc/include/asm/cacheflush.h
index d5a8d7bf0759..b189f7aee222 100644
--- a/arch/powerpc/include/asm/cacheflush.h
+++ b/arch/powerpc/include/asm/cacheflush.h
@@ -32,9 +32,12 @@
  * not expect this type of fault. flush_cache_vmap is not exactly the right
  * place to put this, but it seems to work well enough.
  */
-#define flush_cache_vmap(start, end)		do { asm volatile("ptesync" ::: "memory"); } while (0)
+static inline void flush_cache_vmap(unsigned long start, unsigned long end)
+{
+	asm volatile("ptesync" ::: "memory");
+}
 #else
-#define flush_cache_vmap(start, end)		do { } while (0)
+static inline void flush_cache_vmap(unsigned long start, unsigned long end) { }
 #endif
 
 #define ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE 1
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 046/113] powerpc/xmon: Fix disabling tracing while in xmon
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (44 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 045/113] powerpc/cacheflush: fix variable set but not used Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 047/113] recordmcount: Fix spurious mcount entries on powerpc Greg Kroah-Hartman
                   ` (72 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Naveen N. Rao, Michael Ellerman, Sasha Levin

[ Upstream commit aaf06665f7ea3ee9f9754e16c1a507a89f1de5b1 ]

Commit ed49f7fd6438d ("powerpc/xmon: Disable tracing when entering
xmon") added code to disable recording trace entries while in xmon. The
commit introduced a variable 'tracing_enabled' to record if tracing was
enabled on xmon entry, and used this to conditionally enable tracing
during exit from xmon.

However, we are not checking the value of 'fromipi' variable in
xmon_core() when setting 'tracing_enabled'. Due to this, when secondary
cpus enter xmon, they will see tracing as being disabled already and
tracing won't be re-enabled on exit. Fix the same.

Fixes: ed49f7fd6438d ("powerpc/xmon: Disable tracing when entering xmon")
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/xmon/xmon.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c
index dd6badc31f45..74cfc1be04d6 100644
--- a/arch/powerpc/xmon/xmon.c
+++ b/arch/powerpc/xmon/xmon.c
@@ -466,8 +466,10 @@ static int xmon_core(struct pt_regs *regs, int fromipi)
 	local_irq_save(flags);
 	hard_irq_disable();
 
-	tracing_enabled = tracing_is_on();
-	tracing_off();
+	if (!fromipi) {
+		tracing_enabled = tracing_is_on();
+		tracing_off();
+	}
 
 	bp = in_breakpoint_table(regs->nip, &offset);
 	if (bp != NULL) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 047/113] recordmcount: Fix spurious mcount entries on powerpc
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (45 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 046/113] powerpc/xmon: Fix disabling tracing while in xmon Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 048/113] mfd: madera: Add missing of table registration Greg Kroah-Hartman
                   ` (71 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Naveen N. Rao,
	Steven Rostedt (VMware),
	Satheesh Rajendran, Michael Ellerman, Sasha Levin

[ Upstream commit 80e5302e4bc85a6b685b7668c36c6487b5f90e9a ]

An impending change to enable HAVE_C_RECORDMCOUNT on powerpc leads to
warnings such as the following:

  # modprobe kprobe_example
  ftrace-powerpc: Not expected bl: opcode is 3c4c0001
  WARNING: CPU: 0 PID: 227 at kernel/trace/ftrace.c:2001 ftrace_bug+0x90/0x318
  Modules linked in:
  CPU: 0 PID: 227 Comm: modprobe Not tainted 5.2.0-rc6-00678-g1c329100b942 #2
  NIP:  c000000000264318 LR: c00000000025d694 CTR: c000000000f5cd30
  REGS: c000000001f2b7b0 TRAP: 0700   Not tainted  (5.2.0-rc6-00678-g1c329100b942)
  MSR:  900000010282b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE,TM[E]>  CR: 28228222  XER: 00000000
  CFAR: c0000000002642fc IRQMASK: 0
  <snip>
  NIP [c000000000264318] ftrace_bug+0x90/0x318
  LR [c00000000025d694] ftrace_process_locs+0x4f4/0x5e0
  Call Trace:
  [c000000001f2ba40] [0000000000000004] 0x4 (unreliable)
  [c000000001f2bad0] [c00000000025d694] ftrace_process_locs+0x4f4/0x5e0
  [c000000001f2bb90] [c00000000020ff10] load_module+0x25b0/0x30c0
  [c000000001f2bd00] [c000000000210cb0] sys_finit_module+0xc0/0x130
  [c000000001f2be20] [c00000000000bda4] system_call+0x5c/0x70
  Instruction dump:
  419e0018 2f83ffff 419e00bc 2f83ffea 409e00cc 4800001c 0fe00000 3c62ff96
  39000001 39400000 386386d0 480000c4 <0fe00000> 3ce20003 39000001 3c62ff96
  ---[ end trace 4c438d5cebf78381 ]---
  ftrace failed to modify
  [<c0080000012a0008>] 0xc0080000012a0008
   actual:   01:00:4c:3c
  Initializing ftrace call sites
  ftrace record flags: 2000000
   (0)
   expected tramp: c00000000006af4c

Looking at the relocation records in __mcount_loc shows a few spurious
entries:

  RELOCATION RECORDS FOR [__mcount_loc]:
  OFFSET           TYPE              VALUE
  0000000000000000 R_PPC64_ADDR64    .text.unlikely+0x0000000000000008
  0000000000000008 R_PPC64_ADDR64    .text.unlikely+0x0000000000000014
  0000000000000010 R_PPC64_ADDR64    .text.unlikely+0x0000000000000060
  0000000000000018 R_PPC64_ADDR64    .text.unlikely+0x00000000000000b4
  0000000000000020 R_PPC64_ADDR64    .init.text+0x0000000000000008
  0000000000000028 R_PPC64_ADDR64    .init.text+0x0000000000000014

The first entry in each section is incorrect. Looking at the
relocation records, the spurious entries correspond to the
R_PPC64_ENTRY records:

  RELOCATION RECORDS FOR [.text.unlikely]:
  OFFSET           TYPE              VALUE
  0000000000000000 R_PPC64_REL64     .TOC.-0x0000000000000008
  0000000000000008 R_PPC64_ENTRY     *ABS*
  0000000000000014 R_PPC64_REL24     _mcount
  <snip>

The problem is that we are not validating the return value from
get_mcountsym() in sift_rel_mcount(). With this entry, mcountsym is 0,
but Elf_r_sym(relp) also ends up being 0. Fix this by ensuring
mcountsym is valid before processing the entry.

Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 scripts/recordmcount.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/recordmcount.h b/scripts/recordmcount.h
index 2e7793735e14..ccfbfde61556 100644
--- a/scripts/recordmcount.h
+++ b/scripts/recordmcount.h
@@ -326,7 +326,8 @@ static uint_t *sift_rel_mcount(uint_t *mlocp,
 		if (!mcountsym)
 			mcountsym = get_mcountsym(sym0, relp, str0);
 
-		if (mcountsym == Elf_r_sym(relp) && !is_fake_mcount(relp)) {
+		if (mcountsym && mcountsym == Elf_r_sym(relp) &&
+				!is_fake_mcount(relp)) {
 			uint_t const addend =
 				_w(_w(relp->r_offset) - recval + mcount_adjust);
 			mrelp->r_offset = _w(offbase
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 048/113] mfd: madera: Add missing of table registration
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (46 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 047/113] recordmcount: Fix spurious mcount entries on powerpc Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 049/113] mfd: core: Set fwnode for created devices Greg Kroah-Hartman
                   ` (70 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Javier Martinez Canillas,
	Daniel Gomez, Lee Jones, Sasha Levin

[ Upstream commit 5aa3709c0a5c026735b0ddd4ec80810a23d65f5b ]

MODULE_DEVICE_TABLE(of, <of_match_table>) should be called to complete DT
OF mathing mechanism and register it.

Before this patch:
modinfo ./drivers/mfd/madera.ko | grep alias

After this patch:
modinfo ./drivers/mfd/madera.ko | grep alias
alias:          of:N*T*Ccirrus,wm1840C*
alias:          of:N*T*Ccirrus,wm1840
alias:          of:N*T*Ccirrus,cs47l91C*
alias:          of:N*T*Ccirrus,cs47l91
alias:          of:N*T*Ccirrus,cs47l90C*
alias:          of:N*T*Ccirrus,cs47l90
alias:          of:N*T*Ccirrus,cs47l85C*
alias:          of:N*T*Ccirrus,cs47l85
alias:          of:N*T*Ccirrus,cs47l35C*
alias:          of:N*T*Ccirrus,cs47l35

Reported-by: Javier Martinez Canillas <javier@dowhile0.org>
Signed-off-by: Daniel Gomez <dagmcr@gmail.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mfd/madera-core.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/mfd/madera-core.c b/drivers/mfd/madera-core.c
index 8cfea969b060..45c7d8b97349 100644
--- a/drivers/mfd/madera-core.c
+++ b/drivers/mfd/madera-core.c
@@ -278,6 +278,7 @@ const struct of_device_id madera_of_match[] = {
 	{ .compatible = "cirrus,wm1840", .data = (void *)WM1840 },
 	{}
 };
+MODULE_DEVICE_TABLE(of, madera_of_match);
 EXPORT_SYMBOL_GPL(madera_of_match);
 
 static int madera_get_reset_gpio(struct madera *madera)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 049/113] mfd: core: Set fwnode for created devices
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (47 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 048/113] mfd: madera: Add missing of table registration Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 050/113] mfd: arizona: Fix undefined behavior Greg Kroah-Hartman
                   ` (69 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Robert Hancock, Lee Jones, Sasha Levin

[ Upstream commit c176c6d7e932662668bcaec2d763657096589d85 ]

The logic for setting the of_node on devices created by mfd did not set
the fwnode pointer to match, which caused fwnode-based APIs to
malfunction on these devices since the fwnode pointer was null. Fix
this.

Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mfd/mfd-core.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/mfd/mfd-core.c b/drivers/mfd/mfd-core.c
index 94e3f32ce935..182973df1aed 100644
--- a/drivers/mfd/mfd-core.c
+++ b/drivers/mfd/mfd-core.c
@@ -179,6 +179,7 @@ static int mfd_add_device(struct device *parent, int id,
 		for_each_child_of_node(parent->of_node, np) {
 			if (of_device_is_compatible(np, cell->of_compatible)) {
 				pdev->dev.of_node = np;
+				pdev->dev.fwnode = &np->fwnode;
 				break;
 			}
 		}
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 050/113] mfd: arizona: Fix undefined behavior
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (48 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 049/113] mfd: core: Set fwnode for created devices Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 051/113] mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk Greg Kroah-Hartman
                   ` (68 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Nathan Chancellor,
	Charles Keepax, Lee Jones, Sasha Levin

[ Upstream commit 5da6cbcd2f395981aa9bfc571ace99f1c786c985 ]

When the driver is used with a subdevice that is disabled in the
kernel configuration, clang gets a little confused about the
control flow and fails to notice that n_subdevs is only
uninitialized when subdevs is NULL, and we check for that,
leading to a false-positive warning:

drivers/mfd/arizona-core.c:1423:19: error: variable 'n_subdevs' is uninitialized when used here
      [-Werror,-Wuninitialized]
                              subdevs, n_subdevs, NULL, 0, NULL);
                                       ^~~~~~~~~
drivers/mfd/arizona-core.c:999:15: note: initialize the variable 'n_subdevs' to silence this warning
        int n_subdevs, ret, i;
                     ^
                      = 0

Ideally, we would rearrange the code to avoid all those early
initializations and have an explicit exit in each disabled case,
but it's much easier to chicken out and add one more initialization
here to shut up the warning.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mfd/arizona-core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/mfd/arizona-core.c b/drivers/mfd/arizona-core.c
index 5f1e37d23943..47d6d40f41cd 100644
--- a/drivers/mfd/arizona-core.c
+++ b/drivers/mfd/arizona-core.c
@@ -996,7 +996,7 @@ int arizona_dev_init(struct arizona *arizona)
 	unsigned int reg, val;
 	int (*apply_patch)(struct arizona *) = NULL;
 	const struct mfd_cell *subdevs = NULL;
-	int n_subdevs, ret, i;
+	int n_subdevs = 0, ret, i;
 
 	dev_set_drvdata(arizona->dev, arizona);
 	mutex_init(&arizona->clk_lock);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 051/113] mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (49 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 050/113] mfd: arizona: Fix undefined behavior Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 052/113] mm/swap: fix release_pages() when releasing devmap pages Greg Kroah-Hartman
                   ` (67 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Axel Lin, Chen Feng, Lee Jones, Sasha Levin

[ Upstream commit 7efd105c27fd2323789b41b64763a0e33ed79c08 ]

Since devm_regmap_init_mmio_clk can fail, add return value checking.

Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Chen Feng <puck.chen@hisilicon.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mfd/hi655x-pmic.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/mfd/hi655x-pmic.c b/drivers/mfd/hi655x-pmic.c
index 96c07fa1802a..6693f74aa6ab 100644
--- a/drivers/mfd/hi655x-pmic.c
+++ b/drivers/mfd/hi655x-pmic.c
@@ -112,6 +112,8 @@ static int hi655x_pmic_probe(struct platform_device *pdev)
 
 	pmic->regmap = devm_regmap_init_mmio_clk(dev, NULL, base,
 						 &hi655x_regmap_config);
+	if (IS_ERR(pmic->regmap))
+		return PTR_ERR(pmic->regmap);
 
 	regmap_read(pmic->regmap, HI655X_BUS_ADDR(HI655X_VER_REG), &pmic->ver);
 	if ((pmic->ver < PMU_VER_START) || (pmic->ver > PMU_VER_END)) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 052/113] mm/swap: fix release_pages() when releasing devmap pages
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (50 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 051/113] mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 053/113] um: Silence lockdep complaint about mmap_sem Greg Kroah-Hartman
                   ` (66 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jérôme Glisse,
	Michal Hocko, Dan Williams, John Hubbard, Ira Weiny,
	Jason Gunthorpe, Sasha Levin

[ Upstream commit c5d6c45e90c49150670346967971e14576afd7f1 ]

release_pages() is an optimized version of a loop around put_page().
Unfortunately for devmap pages the logic is not entirely correct in
release_pages().  This is because device pages can be more than type
MEMORY_DEVICE_PUBLIC.  There are in fact 4 types, private, public, FS DAX,
and PCI P2PDMA.  Some of these have specific needs to "put" the page while
others do not.

This logic to handle any special needs is contained in
put_devmap_managed_page().  Therefore all devmap pages should be processed
by this function where we can contain the correct logic for a page put.

Handle all device type pages within release_pages() by calling
put_devmap_managed_page() on all devmap pages.  If
put_devmap_managed_page() returns true the page has been put and we
continue with the next page.  A false return of put_devmap_managed_page()
means the page did not require special processing and should fall to
"normal" processing.

This was found via code inspection while determining if release_pages()
and the new put_user_pages() could be interchangeable.[1]

[1] https://lkml.kernel.org/r/20190523172852.GA27175@iweiny-DESK2.sc.intel.com

Link: https://lkml.kernel.org/r/20190605214922.17684-1-ira.weiny@intel.com
Cc: Jérôme Glisse <jglisse@redhat.com>
Cc: Michal Hocko <mhocko@suse.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/swap.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/mm/swap.c b/mm/swap.c
index a3fc028e338e..45fdbfb6b2a6 100644
--- a/mm/swap.c
+++ b/mm/swap.c
@@ -740,15 +740,20 @@ void release_pages(struct page **pages, int nr)
 		if (is_huge_zero_page(page))
 			continue;
 
-		/* Device public page can not be huge page */
-		if (is_device_public_page(page)) {
+		if (is_zone_device_page(page)) {
 			if (locked_pgdat) {
 				spin_unlock_irqrestore(&locked_pgdat->lru_lock,
 						       flags);
 				locked_pgdat = NULL;
 			}
-			put_devmap_managed_page(page);
-			continue;
+			/*
+			 * ZONE_DEVICE pages that return 'false' from
+			 * put_devmap_managed_page() do not require special
+			 * processing, and instead, expect a call to
+			 * put_page_testzero().
+			 */
+			if (put_devmap_managed_page(page))
+				continue;
 		}
 
 		page = compound_head(page);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 053/113] um: Silence lockdep complaint about mmap_sem
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (51 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 052/113] mm/swap: fix release_pages() when releasing devmap pages Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 054/113] powerpc/4xx/uic: clear pending interrupt after irq type/pol change Greg Kroah-Hartman
                   ` (65 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Johannes Berg, Richard Weinberger,
	Sasha Levin

[ Upstream commit 80bf6ceaf9310b3f61934c69b382d4912deee049 ]

When we get into activate_mm(), lockdep complains that we're doing
something strange:

    WARNING: possible circular locking dependency detected
    5.1.0-10252-gb00152307319-dirty #121 Not tainted
    ------------------------------------------------------
    inside.sh/366 is trying to acquire lock:
    (____ptrval____) (&(&p->alloc_lock)->rlock){+.+.}, at: flush_old_exec+0x703/0x8d7

    but task is already holding lock:
    (____ptrval____) (&mm->mmap_sem){++++}, at: flush_old_exec+0x6c5/0x8d7

    which lock already depends on the new lock.

    the existing dependency chain (in reverse order) is:

    -> #1 (&mm->mmap_sem){++++}:
           [...]
           __lock_acquire+0x12ab/0x139f
           lock_acquire+0x155/0x18e
           down_write+0x3f/0x98
           flush_old_exec+0x748/0x8d7
           load_elf_binary+0x2ca/0xddb
           [...]

    -> #0 (&(&p->alloc_lock)->rlock){+.+.}:
           [...]
           __lock_acquire+0x12ab/0x139f
           lock_acquire+0x155/0x18e
           _raw_spin_lock+0x30/0x83
           flush_old_exec+0x703/0x8d7
           load_elf_binary+0x2ca/0xddb
           [...]

    other info that might help us debug this:

     Possible unsafe locking scenario:

           CPU0                    CPU1
           ----                    ----
      lock(&mm->mmap_sem);
                                   lock(&(&p->alloc_lock)->rlock);
                                   lock(&mm->mmap_sem);
      lock(&(&p->alloc_lock)->rlock);

     *** DEADLOCK ***

    2 locks held by inside.sh/366:
     #0: (____ptrval____) (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file+0x12d/0x869
     #1: (____ptrval____) (&mm->mmap_sem){++++}, at: flush_old_exec+0x6c5/0x8d7

    stack backtrace:
    CPU: 0 PID: 366 Comm: inside.sh Not tainted 5.1.0-10252-gb00152307319-dirty #121
    Stack:
     [...]
    Call Trace:
     [<600420de>] show_stack+0x13b/0x155
     [<6048906b>] dump_stack+0x2a/0x2c
     [<6009ae64>] print_circular_bug+0x332/0x343
     [<6009c5c6>] check_prev_add+0x669/0xdad
     [<600a06b4>] __lock_acquire+0x12ab/0x139f
     [<6009f3d0>] lock_acquire+0x155/0x18e
     [<604a07e0>] _raw_spin_lock+0x30/0x83
     [<60151e6a>] flush_old_exec+0x703/0x8d7
     [<601a8eb8>] load_elf_binary+0x2ca/0xddb
     [...]

I think it's because in exec_mmap() we have

	down_read(&old_mm->mmap_sem);
...
        task_lock(tsk);
...
	activate_mm(active_mm, mm);
	(which does down_write(&mm->mmap_sem))

I'm not really sure why lockdep throws in the whole knowledge
about the task lock, but it seems that old_mm and mm shouldn't
ever be the same (and it doesn't deadlock) so tell lockdep that
they're different.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/um/include/asm/mmu_context.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/um/include/asm/mmu_context.h b/arch/um/include/asm/mmu_context.h
index fca34b2177e2..129fb1d1f1c5 100644
--- a/arch/um/include/asm/mmu_context.h
+++ b/arch/um/include/asm/mmu_context.h
@@ -53,7 +53,7 @@ static inline void activate_mm(struct mm_struct *old, struct mm_struct *new)
 	 * when the new ->mm is used for the first time.
 	 */
 	__switch_mm(&new->context.id);
-	down_write(&new->mmap_sem);
+	down_write_nested(&new->mmap_sem, 1);
 	uml_setup_stubs(new);
 	up_write(&new->mmap_sem);
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 054/113] powerpc/4xx/uic: clear pending interrupt after irq type/pol change
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (52 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 053/113] um: Silence lockdep complaint about mmap_sem Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 055/113] RDMA/i40iw: Set queue pair state when being queried Greg Kroah-Hartman
                   ` (64 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christian Lamparter,
	Michael Ellerman, Sasha Levin

[ Upstream commit 3ab3a0689e74e6aa5b41360bc18861040ddef5b1 ]

When testing out gpio-keys with a button, a spurious
interrupt (and therefore a key press or release event)
gets triggered as soon as the driver enables the irq
line for the first time.

This patch clears any potential bogus generated interrupt
that was caused by the switching of the associated irq's
type and polarity.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/platforms/4xx/uic.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/powerpc/platforms/4xx/uic.c b/arch/powerpc/platforms/4xx/uic.c
index 8b4dd0da0839..9e27cfe27026 100644
--- a/arch/powerpc/platforms/4xx/uic.c
+++ b/arch/powerpc/platforms/4xx/uic.c
@@ -158,6 +158,7 @@ static int uic_set_irq_type(struct irq_data *d, unsigned int flow_type)
 
 	mtdcr(uic->dcrbase + UIC_PR, pr);
 	mtdcr(uic->dcrbase + UIC_TR, tr);
+	mtdcr(uic->dcrbase + UIC_SR, ~mask);
 
 	raw_spin_unlock_irqrestore(&uic->lock, flags);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 055/113] RDMA/i40iw: Set queue pair state when being queried
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (53 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 054/113] powerpc/4xx/uic: clear pending interrupt after irq type/pol change Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 056/113] serial: sh-sci: Terminate TX DMA during buffer flushing Greg Kroah-Hartman
                   ` (63 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Changcheng Liu, Shiraz Saleem,
	Jason Gunthorpe, Sasha Levin

[ Upstream commit 2e67e775845373905d2c2aecb9062c2c4352a535 ]

The API for ib_query_qp requires the driver to set qp_state and
cur_qp_state on return, add the missing sets.

Fixes: d37498417947 ("i40iw: add files for iwarp interface")
Signed-off-by: Changcheng Liu <changcheng.liu@aliyun.com>
Acked-by: Shiraz Saleem <shiraz.saleem@intel.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/infiniband/hw/i40iw/i40iw_verbs.c b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
index e2e6c74a7452..a5e3349b8a7c 100644
--- a/drivers/infiniband/hw/i40iw/i40iw_verbs.c
+++ b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
@@ -806,6 +806,8 @@ static int i40iw_query_qp(struct ib_qp *ibqp,
 	struct i40iw_qp *iwqp = to_iwqp(ibqp);
 	struct i40iw_sc_qp *qp = &iwqp->sc_qp;
 
+	attr->qp_state = iwqp->ibqp_state;
+	attr->cur_qp_state = attr->qp_state;
 	attr->qp_access_flags = 0;
 	attr->cap.max_send_wr = qp->qp_uk.sq_size;
 	attr->cap.max_recv_wr = qp->qp_uk.rq_size;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 056/113] serial: sh-sci: Terminate TX DMA during buffer flushing
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (54 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 055/113] RDMA/i40iw: Set queue pair state when being queried Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 057/113] serial: sh-sci: Fix TX DMA buffer flushing and workqueue races Greg Kroah-Hartman
                   ` (62 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Eugeniu Rosca,
	Sasha Levin

[ Upstream commit 775b7ffd7d6d5db320d99b0a485c51e04dfcf9f1 ]

While the .flush_buffer() callback clears sci_port.tx_dma_len since
commit 1cf4a7efdc71cab8 ("serial: sh-sci: Fix race condition causing
garbage during shutdown"), it does not terminate a transmit DMA
operation that may be in progress.

Fix this by terminating any pending DMA operations, and resetting the
corresponding cookie.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Tested-by: Eugeniu Rosca <erosca@de.adit-jv.com>

Link: https://lore.kernel.org/r/20190624123540.20629-3-geert+renesas@glider.be
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/sh-sci.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
index 040832635a64..71f12601e693 100644
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -1633,11 +1633,18 @@ static void sci_free_dma(struct uart_port *port)
 
 static void sci_flush_buffer(struct uart_port *port)
 {
+	struct sci_port *s = to_sci_port(port);
+
 	/*
 	 * In uart_flush_buffer(), the xmit circular buffer has just been
-	 * cleared, so we have to reset tx_dma_len accordingly.
+	 * cleared, so we have to reset tx_dma_len accordingly, and stop any
+	 * pending transfers
 	 */
-	to_sci_port(port)->tx_dma_len = 0;
+	s->tx_dma_len = 0;
+	if (s->chan_tx) {
+		dmaengine_terminate_async(s->chan_tx);
+		s->cookie_tx = -EINVAL;
+	}
 }
 #else /* !CONFIG_SERIAL_SH_SCI_DMA */
 static inline void sci_request_dma(struct uart_port *port)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 057/113] serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (55 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 056/113] serial: sh-sci: Terminate TX DMA during buffer flushing Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 058/113] IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE Greg Kroah-Hartman
                   ` (61 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eugeniu Rosca, Yoshihiro Shimoda,
	Geert Uytterhoeven, Sasha Levin

[ Upstream commit 8493eab02608b0e82f67b892aa72882e510c31d0 ]

When uart_flush_buffer() is called, the .flush_buffer() callback zeroes
the tx_dma_len field.  This may race with the work queue function
handling transmit DMA requests:

  1. If the buffer is flushed before the first DMA API call,
     dmaengine_prep_slave_single() may be called with a zero length,
     causing the DMA request to never complete, leading to messages
     like:

        rcar-dmac e7300000.dma-controller: Channel Address Error happen

     and, with debug enabled:

	sh-sci e6e88000.serial: sci_dma_tx_work_fn: ffff800639b55000: 0...0, cookie 126

     and DMA timeouts.

  2. If the buffer is flushed after the first DMA API call, but before
     the second, dma_sync_single_for_device() may be called with a zero
     length, causing the transmit data not to be flushed to RAM, and
     leading to stale data being output.

Fix this by:
  1. Letting sci_dma_tx_work_fn() return immediately if the transmit
     buffer is empty,
  2. Extending the critical section to cover all DMA preparational work,
     so tx_dma_len stays consistent for all of it,
  3. Using local copies of circ_buf.head and circ_buf.tail, to make sure
     they match the actual operation above.

Reported-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Suggested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Tested-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Link: https://lore.kernel.org/r/20190624123540.20629-2-geert+renesas@glider.be
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/sh-sci.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
index 71f12601e693..5550289e6678 100644
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -1376,6 +1376,7 @@ static void work_fn_tx(struct work_struct *work)
 	struct circ_buf *xmit = &port->state->xmit;
 	unsigned long flags;
 	dma_addr_t buf;
+	int head, tail;
 
 	/*
 	 * DMA is idle now.
@@ -1385,16 +1386,23 @@ static void work_fn_tx(struct work_struct *work)
 	 * consistent xmit buffer state.
 	 */
 	spin_lock_irq(&port->lock);
-	buf = s->tx_dma_addr + (xmit->tail & (UART_XMIT_SIZE - 1));
+	head = xmit->head;
+	tail = xmit->tail;
+	buf = s->tx_dma_addr + (tail & (UART_XMIT_SIZE - 1));
 	s->tx_dma_len = min_t(unsigned int,
-		CIRC_CNT(xmit->head, xmit->tail, UART_XMIT_SIZE),
-		CIRC_CNT_TO_END(xmit->head, xmit->tail, UART_XMIT_SIZE));
-	spin_unlock_irq(&port->lock);
+		CIRC_CNT(head, tail, UART_XMIT_SIZE),
+		CIRC_CNT_TO_END(head, tail, UART_XMIT_SIZE));
+	if (!s->tx_dma_len) {
+		/* Transmit buffer has been flushed */
+		spin_unlock_irq(&port->lock);
+		return;
+	}
 
 	desc = dmaengine_prep_slave_single(chan, buf, s->tx_dma_len,
 					   DMA_MEM_TO_DEV,
 					   DMA_PREP_INTERRUPT | DMA_CTRL_ACK);
 	if (!desc) {
+		spin_unlock_irq(&port->lock);
 		dev_warn(port->dev, "Failed preparing Tx DMA descriptor\n");
 		goto switch_to_pio;
 	}
@@ -1402,18 +1410,18 @@ static void work_fn_tx(struct work_struct *work)
 	dma_sync_single_for_device(chan->device->dev, buf, s->tx_dma_len,
 				   DMA_TO_DEVICE);
 
-	spin_lock_irq(&port->lock);
 	desc->callback = sci_dma_tx_complete;
 	desc->callback_param = s;
-	spin_unlock_irq(&port->lock);
 	s->cookie_tx = dmaengine_submit(desc);
 	if (dma_submit_error(s->cookie_tx)) {
+		spin_unlock_irq(&port->lock);
 		dev_warn(port->dev, "Failed submitting Tx DMA descriptor\n");
 		goto switch_to_pio;
 	}
 
+	spin_unlock_irq(&port->lock);
 	dev_dbg(port->dev, "%s: %p: %d...%d, cookie %d\n",
-		__func__, xmit->buf, xmit->tail, xmit->head, s->cookie_tx);
+		__func__, xmit->buf, tail, head, s->cookie_tx);
 
 	dma_async_issue_pending(chan);
 	return;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 058/113] IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (56 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 057/113] serial: sh-sci: Fix TX DMA buffer flushing and workqueue races Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 059/113] powerpc/mm: Handle page table allocation failures Greg Kroah-Hartman
                   ` (60 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Parav Pandit, Daniel Jurgens,
	Leon Romanovsky, Jason Gunthorpe, Sasha Levin

[ Upstream commit 2f40cf30c8644360d37287861d5288f00eab35e5 ]

Currently during dual port IB device registration in below code flow,

ib_register_device()
  ib_device_register_sysfs()
    ib_setup_port_attrs()
      add_port()
        get_counter_table()
          get_perf_mad()
            process_mad()
              mlx5_ib_process_mad()

mlx5_ib_process_mad() fails on 2nd port when both the ports are not fully
setup at the device level (because 2nd port is unaffiliated).

As a result, get_perf_mad() registers different PMA counter group for 1st
and 2nd port, namely pma_counter_ext and pma_counter. However both ports
have the same capability and counter offsets.

Due to this when counters are read by the user via sysfs in below code
flow, counters are queried from wrong location from the device mainly from
PPCNT instead of VPORT counters.

show_pma_counter()
  get_perf_mad()
    process_mad()
      mlx5_ib_process_mad()
        process_pma_cmd()

This shows all zero counters for 2nd port.

To overcome this, process_pma_cmd() is invoked, and when unaffiliated port
is not yet setup during device registration phase, make the query on the
first port.  while at it, only process_pma_cmd() needs to work on the
native port number and underlying mdev, so shift the get, put calls to
where its needed inside process_pma_cmd().

Fixes: 212f2a87b74f ("IB/mlx5: Route MADs for dual port RoCE")
Signed-off-by: Parav Pandit <parav@mellanox.com>
Reviewed-by: Daniel Jurgens <danielj@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/infiniband/hw/mlx5/mad.c | 60 +++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 24 deletions(-)

diff --git a/drivers/infiniband/hw/mlx5/mad.c b/drivers/infiniband/hw/mlx5/mad.c
index 32a9e9228b13..cdf6e26ebc87 100644
--- a/drivers/infiniband/hw/mlx5/mad.c
+++ b/drivers/infiniband/hw/mlx5/mad.c
@@ -197,19 +197,33 @@ static void pma_cnt_assign(struct ib_pma_portcounters *pma_cnt,
 			     vl_15_dropped);
 }
 
-static int process_pma_cmd(struct mlx5_core_dev *mdev, u8 port_num,
+static int process_pma_cmd(struct mlx5_ib_dev *dev, u8 port_num,
 			   const struct ib_mad *in_mad, struct ib_mad *out_mad)
 {
-	int err;
+	struct mlx5_core_dev *mdev;
+	bool native_port = true;
+	u8 mdev_port_num;
 	void *out_cnt;
+	int err;
 
+	mdev = mlx5_ib_get_native_port_mdev(dev, port_num, &mdev_port_num);
+	if (!mdev) {
+		/* Fail to get the native port, likely due to 2nd port is still
+		 * unaffiliated. In such case default to 1st port and attached
+		 * PF device.
+		 */
+		native_port = false;
+		mdev = dev->mdev;
+		mdev_port_num = 1;
+	}
 	/* Declaring support of extended counters */
 	if (in_mad->mad_hdr.attr_id == IB_PMA_CLASS_PORT_INFO) {
 		struct ib_class_port_info cpi = {};
 
 		cpi.capability_mask = IB_PMA_CLASS_CAP_EXT_WIDTH;
 		memcpy((out_mad->data + 40), &cpi, sizeof(cpi));
-		return IB_MAD_RESULT_SUCCESS | IB_MAD_RESULT_REPLY;
+		err = IB_MAD_RESULT_SUCCESS | IB_MAD_RESULT_REPLY;
+		goto done;
 	}
 
 	if (in_mad->mad_hdr.attr_id == IB_PMA_PORT_COUNTERS_EXT) {
@@ -218,11 +232,13 @@ static int process_pma_cmd(struct mlx5_core_dev *mdev, u8 port_num,
 		int sz = MLX5_ST_SZ_BYTES(query_vport_counter_out);
 
 		out_cnt = kvzalloc(sz, GFP_KERNEL);
-		if (!out_cnt)
-			return IB_MAD_RESULT_FAILURE;
+		if (!out_cnt) {
+			err = IB_MAD_RESULT_FAILURE;
+			goto done;
+		}
 
 		err = mlx5_core_query_vport_counter(mdev, 0, 0,
-						    port_num, out_cnt, sz);
+						    mdev_port_num, out_cnt, sz);
 		if (!err)
 			pma_cnt_ext_assign(pma_cnt_ext, out_cnt);
 	} else {
@@ -231,20 +247,23 @@ static int process_pma_cmd(struct mlx5_core_dev *mdev, u8 port_num,
 		int sz = MLX5_ST_SZ_BYTES(ppcnt_reg);
 
 		out_cnt = kvzalloc(sz, GFP_KERNEL);
-		if (!out_cnt)
-			return IB_MAD_RESULT_FAILURE;
+		if (!out_cnt) {
+			err = IB_MAD_RESULT_FAILURE;
+			goto done;
+		}
 
-		err = mlx5_core_query_ib_ppcnt(mdev, port_num,
+		err = mlx5_core_query_ib_ppcnt(mdev, mdev_port_num,
 					       out_cnt, sz);
 		if (!err)
 			pma_cnt_assign(pma_cnt, out_cnt);
-		}
-
+	}
 	kvfree(out_cnt);
-	if (err)
-		return IB_MAD_RESULT_FAILURE;
-
-	return IB_MAD_RESULT_SUCCESS | IB_MAD_RESULT_REPLY;
+	err = err ? IB_MAD_RESULT_FAILURE :
+		    IB_MAD_RESULT_SUCCESS | IB_MAD_RESULT_REPLY;
+done:
+	if (native_port)
+		mlx5_ib_put_native_port_mdev(dev, port_num);
+	return err;
 }
 
 int mlx5_ib_process_mad(struct ib_device *ibdev, int mad_flags, u8 port_num,
@@ -256,8 +275,6 @@ int mlx5_ib_process_mad(struct ib_device *ibdev, int mad_flags, u8 port_num,
 	struct mlx5_ib_dev *dev = to_mdev(ibdev);
 	const struct ib_mad *in_mad = (const struct ib_mad *)in;
 	struct ib_mad *out_mad = (struct ib_mad *)out;
-	struct mlx5_core_dev *mdev;
-	u8 mdev_port_num;
 	int ret;
 
 	if (WARN_ON_ONCE(in_mad_size != sizeof(*in_mad) ||
@@ -266,19 +283,14 @@ int mlx5_ib_process_mad(struct ib_device *ibdev, int mad_flags, u8 port_num,
 
 	memset(out_mad->data, 0, sizeof(out_mad->data));
 
-	mdev = mlx5_ib_get_native_port_mdev(dev, port_num, &mdev_port_num);
-	if (!mdev)
-		return IB_MAD_RESULT_FAILURE;
-
-	if (MLX5_CAP_GEN(mdev, vport_counters) &&
+	if (MLX5_CAP_GEN(dev->mdev, vport_counters) &&
 	    in_mad->mad_hdr.mgmt_class == IB_MGMT_CLASS_PERF_MGMT &&
 	    in_mad->mad_hdr.method == IB_MGMT_METHOD_GET) {
-		ret = process_pma_cmd(mdev, mdev_port_num, in_mad, out_mad);
+		ret = process_pma_cmd(dev, port_num, in_mad, out_mad);
 	} else {
 		ret =  process_mad(ibdev, mad_flags, port_num, in_wc, in_grh,
 				   in_mad, out_mad);
 	}
-	mlx5_ib_put_native_port_mdev(dev, port_num);
 	return ret;
 }
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 059/113] powerpc/mm: Handle page table allocation failures
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (57 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 058/113] IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 060/113] IB/ipoib: Add child to parent list only if device initialized Greg Kroah-Hartman
                   ` (59 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Aneesh Kumar K.V, Michael Ellerman,
	Sasha Levin

[ Upstream commit 2230ebf6e6dd0b7751e2921b40f6cfe34f09bb16 ]

This fixes kernel crash that arises due to not handling page table allocation
failures while allocating hugetlb page table.

Fixes: e2b3d202d1db ("powerpc: Switch 16GB and 16MB explicit hugepages to a different page table format")
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/mm/hugetlbpage.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/powerpc/mm/hugetlbpage.c b/arch/powerpc/mm/hugetlbpage.c
index 7296a42eb62e..cef0b7ee1024 100644
--- a/arch/powerpc/mm/hugetlbpage.c
+++ b/arch/powerpc/mm/hugetlbpage.c
@@ -150,6 +150,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, unsigned long addr, unsigned long sz
 	} else {
 		pdshift = PUD_SHIFT;
 		pu = pud_alloc(mm, pg, addr);
+		if (!pu)
+			return NULL;
 		if (pshift == PUD_SHIFT)
 			return (pte_t *)pu;
 		else if (pshift > PMD_SHIFT) {
@@ -158,6 +160,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, unsigned long addr, unsigned long sz
 		} else {
 			pdshift = PMD_SHIFT;
 			pm = pmd_alloc(mm, pu, addr);
+			if (!pm)
+				return NULL;
 			if (pshift == PMD_SHIFT)
 				/* 16MB hugepage */
 				return (pte_t *)pm;
@@ -174,12 +178,16 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, unsigned long addr, unsigned long sz
 	} else {
 		pdshift = PUD_SHIFT;
 		pu = pud_alloc(mm, pg, addr);
+		if (!pu)
+			return NULL;
 		if (pshift >= PUD_SHIFT) {
 			ptl = pud_lockptr(mm, pu);
 			hpdp = (hugepd_t *)pu;
 		} else {
 			pdshift = PMD_SHIFT;
 			pm = pmd_alloc(mm, pu, addr);
+			if (!pm)
+				return NULL;
 			ptl = pmd_lockptr(mm, pm);
 			hpdp = (hugepd_t *)pm;
 		}
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 060/113] IB/ipoib: Add child to parent list only if device initialized
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (58 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 059/113] powerpc/mm: Handle page table allocation failures Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 061/113] arm64: assembler: Switch ESB-instruction with a vanilla nop if !ARM64_HAS_RAS Greg Kroah-Hartman
                   ` (58 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Valentine Fatiev, Feras Daoud,
	Leon Romanovsky, Jason Gunthorpe, Sasha Levin

[ Upstream commit 91b01061fef9c57d2f5b712a6322ef51061f4efd ]

Despite failure in ipoib_dev_init() we continue with initialization flow
and creation of child device. It causes to the situation where this child
device is added too early to parent device list.

Change the logic, so in case of failure we properly return error from
ipoib_dev_init() and add child only in success path.

Fixes: eaeb39842508 ("IB/ipoib: Move init code to ndo_init")
Signed-off-by: Valentine Fatiev <valentinef@mellanox.com>
Reviewed-by: Feras Daoud <ferasda@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/infiniband/ulp/ipoib/ipoib_main.c | 34 +++++++++++++----------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c
index 009615499b37..78dd36daac00 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
@@ -1892,12 +1892,6 @@ static void ipoib_child_init(struct net_device *ndev)
 	struct ipoib_dev_priv *priv = ipoib_priv(ndev);
 	struct ipoib_dev_priv *ppriv = ipoib_priv(priv->parent);
 
-	dev_hold(priv->parent);
-
-	down_write(&ppriv->vlan_rwsem);
-	list_add_tail(&priv->list, &ppriv->child_intfs);
-	up_write(&ppriv->vlan_rwsem);
-
 	priv->max_ib_mtu = ppriv->max_ib_mtu;
 	set_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags);
 	memcpy(priv->dev->dev_addr, ppriv->dev->dev_addr, INFINIBAND_ALEN);
@@ -1940,6 +1934,17 @@ static int ipoib_ndo_init(struct net_device *ndev)
 	if (rc) {
 		pr_warn("%s: failed to initialize device: %s port %d (ret = %d)\n",
 			priv->ca->name, priv->dev->name, priv->port, rc);
+		return rc;
+	}
+
+	if (priv->parent) {
+		struct ipoib_dev_priv *ppriv = ipoib_priv(priv->parent);
+
+		dev_hold(priv->parent);
+
+		down_write(&ppriv->vlan_rwsem);
+		list_add_tail(&priv->list, &ppriv->child_intfs);
+		up_write(&ppriv->vlan_rwsem);
 	}
 
 	return 0;
@@ -1957,6 +1962,14 @@ static void ipoib_ndo_uninit(struct net_device *dev)
 	 */
 	WARN_ON(!list_empty(&priv->child_intfs));
 
+	if (priv->parent) {
+		struct ipoib_dev_priv *ppriv = ipoib_priv(priv->parent);
+
+		down_write(&ppriv->vlan_rwsem);
+		list_del(&priv->list);
+		up_write(&ppriv->vlan_rwsem);
+	}
+
 	ipoib_neigh_hash_uninit(dev);
 
 	ipoib_ib_dev_cleanup(dev);
@@ -1968,15 +1981,8 @@ static void ipoib_ndo_uninit(struct net_device *dev)
 		priv->wq = NULL;
 	}
 
-	if (priv->parent) {
-		struct ipoib_dev_priv *ppriv = ipoib_priv(priv->parent);
-
-		down_write(&ppriv->vlan_rwsem);
-		list_del(&priv->list);
-		up_write(&ppriv->vlan_rwsem);
-
+	if (priv->parent)
 		dev_put(priv->parent);
-	}
 }
 
 static int ipoib_set_vf_link_state(struct net_device *dev, int vf, int link_state)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 061/113] arm64: assembler: Switch ESB-instruction with a vanilla nop if !ARM64_HAS_RAS
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (59 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 060/113] IB/ipoib: Add child to parent list only if device initialized Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 062/113] PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows Greg Kroah-Hartman
                   ` (57 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Julien Thierry, James Morse,
	Marc Zyngier, Sasha Levin

[ Upstream commit 2b68a2a963a157f024c67c0697b16f5f792c8a35 ]

The ESB-instruction is a nop on CPUs that don't implement the RAS
extensions. This lets us use it in places like the vectors without
having to use alternatives.

If someone disables CONFIG_ARM64_RAS_EXTN, this instruction still has
its RAS extensions behaviour, but we no longer read DISR_EL1 as this
register does depend on alternatives.

This could go wrong if we want to synchronize an SError from a KVM
guest. On a CPU that has the RAS extensions, but the KConfig option
was disabled, we consume the pending SError with no chance of ever
reading it.

Hide the ESB-instruction behind the CONFIG_ARM64_RAS_EXTN option,
outputting a regular nop if the feature has been disabled.

Reported-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/include/asm/assembler.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h
index f90f5d83b228..5a97ac853168 100644
--- a/arch/arm64/include/asm/assembler.h
+++ b/arch/arm64/include/asm/assembler.h
@@ -112,7 +112,11 @@
  * RAS Error Synchronization barrier
  */
 	.macro  esb
+#ifdef CONFIG_ARM64_RAS_EXTN
 	hint    #16
+#else
+	nop
+#endif
 	.endm
 
 /*
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 062/113] PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (60 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 061/113] arm64: assembler: Switch ESB-instruction with a vanilla nop if !ARM64_HAS_RAS Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 063/113] PCI: mobiveil: Fix the Class Code field Greg Kroah-Hartman
                   ` (56 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hou Zhiqiang, Lorenzo Pieralisi,
	Minghuan Lian, Subrahmanya Lingappa, Sasha Levin

[ Upstream commit f99536e9d2f55996038158a6559d4254a7cc1693 ]

The outbound memory windows PCI base addresses should be taken
from the 'ranges' property of DT node to setup MEM/IO outbound
windows decoding correctly instead of being hardcoded to zero.

Update the code to retrieve the PCI base address for each range
and use it to program the outbound windows address decoders

Fixes: 9af6bcb11e12 ("PCI: mobiveil: Add Mobiveil PCIe Host Bridge IP driver")
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Minghuan Lian <Minghuan.Lian@nxp.com>
Reviewed-by: Subrahmanya Lingappa <l.subrahmanya@mobiveil.co.in>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/pcie-mobiveil.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/pci/controller/pcie-mobiveil.c b/drivers/pci/controller/pcie-mobiveil.c
index a939e8d31735..d9f2d0f2d602 100644
--- a/drivers/pci/controller/pcie-mobiveil.c
+++ b/drivers/pci/controller/pcie-mobiveil.c
@@ -559,8 +559,9 @@ static int mobiveil_host_init(struct mobiveil_pcie *pcie)
 		if (type) {
 			/* configure outbound translation window */
 			program_ob_windows(pcie, pcie->ob_wins_configured,
-				win->res->start, 0, type,
-				resource_size(win->res));
+					   win->res->start,
+					   win->res->start - win->offset,
+					   type, resource_size(win->res));
 		}
 	}
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 063/113] PCI: mobiveil: Fix the Class Code field
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (61 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 062/113] PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 064/113] kallsyms: exclude kasan local symbols on s390 Greg Kroah-Hartman
                   ` (55 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hou Zhiqiang, Lorenzo Pieralisi,
	Minghuan Lian, Subrahmanya Lingappa, Sasha Levin

[ Upstream commit 0122af0a08243f344a438f924e5c2486486555b3 ]

Fix up the Class Code field in PCI configuration space and set it to
PCI_CLASS_BRIDGE_PCI.

Move the Class Code fixup to function mobiveil_host_init() where
it belongs.

Fixes: 9af6bcb11e12 ("PCI: mobiveil: Add Mobiveil PCIe Host Bridge IP driver")
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Minghuan Lian <Minghuan.Lian@nxp.com>
Reviewed-by: Subrahmanya Lingappa <l.subrahmanya@mobiveil.co.in>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/pcie-mobiveil.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/pci/controller/pcie-mobiveil.c b/drivers/pci/controller/pcie-mobiveil.c
index d9f2d0f2d602..3e81e68b5ce0 100644
--- a/drivers/pci/controller/pcie-mobiveil.c
+++ b/drivers/pci/controller/pcie-mobiveil.c
@@ -565,6 +565,12 @@ static int mobiveil_host_init(struct mobiveil_pcie *pcie)
 		}
 	}
 
+	/* fixup for PCIe class register */
+	value = csr_readl(pcie, PAB_INTP_AXI_PIO_CLASS);
+	value &= 0xff;
+	value |= (PCI_CLASS_BRIDGE_PCI << 16);
+	csr_writel(pcie, value, PAB_INTP_AXI_PIO_CLASS);
+
 	/* setup MSI hardware registers */
 	mobiveil_pcie_enable_msi(pcie);
 
@@ -805,9 +811,6 @@ static int mobiveil_pcie_probe(struct platform_device *pdev)
 		goto error;
 	}
 
-	/* fixup for PCIe class register */
-	csr_writel(pcie, 0x060402ab, PAB_INTP_AXI_PIO_CLASS);
-
 	/* initialize the IRQ domains */
 	ret = mobiveil_pcie_init_irq_domain(pcie);
 	if (ret) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 064/113] kallsyms: exclude kasan local symbols on s390
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (62 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 063/113] PCI: mobiveil: Fix the Class Code field Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 065/113] PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers Greg Kroah-Hartman
                   ` (54 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vasily Gorbik, Masahiro Yamada, Sasha Levin

[ Upstream commit 33177f01ca3fe550146bb9001bec2fd806b2f40c ]

gcc asan instrumentation emits the following sequence to store frame pc
when the kernel is built with CONFIG_RELOCATABLE:
debug/vsprintf.s:
        .section        .data.rel.ro.local,"aw"
        .align  8
.LC3:
        .quad   .LASANPC4826@GOTOFF
.text
        .align  8
        .type   number, @function
number:
.LASANPC4826:

and in case reloc is issued for LASANPC label it also gets into .symtab
with the same address as actual function symbol:
$ nm -n vmlinux | grep 0000000001397150
0000000001397150 t .LASANPC4826
0000000001397150 t number

In the end kernel backtraces are almost unreadable:
[  143.748476] Call Trace:
[  143.748484] ([<000000002da3e62c>] .LASANPC2671+0x114/0x190)
[  143.748492]  [<000000002eca1a58>] .LASANPC2612+0x110/0x160
[  143.748502]  [<000000002de9d830>] print_address_description+0x80/0x3b0
[  143.748511]  [<000000002de9dd64>] __kasan_report+0x15c/0x1c8
[  143.748521]  [<000000002ecb56d4>] strrchr+0x34/0x60
[  143.748534]  [<000003ff800a9a40>] kasan_strings+0xb0/0x148 [test_kasan]
[  143.748547]  [<000003ff800a9bba>] kmalloc_tests_init+0xe2/0x528 [test_kasan]
[  143.748555]  [<000000002da2117c>] .LASANPC4069+0x354/0x748
[  143.748563]  [<000000002dbfbb16>] do_init_module+0x136/0x3b0
[  143.748571]  [<000000002dbff3f4>] .LASANPC3191+0x2164/0x25d0
[  143.748580]  [<000000002dbffc4c>] .LASANPC3196+0x184/0x1b8
[  143.748587]  [<000000002ecdf2ec>] system_call+0xd8/0x2d8

Since LASANPC labels are not even unique and get into .symtab only due
to relocs filter them out in kallsyms.

Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 scripts/kallsyms.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
index 0c9c54b57515..31ed7f3f0e15 100644
--- a/scripts/kallsyms.c
+++ b/scripts/kallsyms.c
@@ -152,6 +152,9 @@ static int read_symbol(FILE *in, struct sym_entry *s)
 	/* exclude debugging symbols */
 	else if (stype == 'N' || stype == 'n')
 		return -1;
+	/* exclude s390 kasan local symbols */
+	else if (!strncmp(sym, ".LASANPC", 8))
+		return -1;
 
 	/* include the type field in the symbol name, so that it gets
 	 * compressed together */
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 065/113] PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (63 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 064/113] kallsyms: exclude kasan local symbols on s390 Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 066/113] PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions Greg Kroah-Hartman
                   ` (53 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hou Zhiqiang, Lorenzo Pieralisi,
	Minghuan Lian, Subrahmanya Lingappa, Sasha Levin

[ Upstream commit 6f3ab451aa5c2cbff33197d82fe8489cbd55ad91 ]

The reset value of Primary, Secondary and Subordinate bus numbers is
zero which is a broken setup.

Program a sensible default value for Primary/Secondary/Subordinate
bus numbers.

Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Minghuan Lian <Minghuan.Lian@nxp.com>
Reviewed-by: Subrahmanya Lingappa <l.subrahmanya@mobiveil.co.in>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/pcie-mobiveil.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/pci/controller/pcie-mobiveil.c b/drivers/pci/controller/pcie-mobiveil.c
index 3e81e68b5ce0..2fe7ebdad2d2 100644
--- a/drivers/pci/controller/pcie-mobiveil.c
+++ b/drivers/pci/controller/pcie-mobiveil.c
@@ -508,6 +508,12 @@ static int mobiveil_host_init(struct mobiveil_pcie *pcie)
 		return err;
 	}
 
+	/* setup bus numbers */
+	value = csr_readl(pcie, PCI_PRIMARY_BUS);
+	value &= 0xff000000;
+	value |= 0x00ff0100;
+	csr_writel(pcie, value, PCI_PRIMARY_BUS);
+
 	/*
 	 * program Bus Master Enable Bit in Command Register in PAB Config
 	 * Space
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 066/113] PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (64 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 065/113] PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 067/113] perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning Greg Kroah-Hartman
                   ` (52 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hou Zhiqiang, Lorenzo Pieralisi,
	Minghuan Lian, Subrahmanya Lingappa, Sasha Levin

[ Upstream commit f7fee1b42fe4f8171a4b1cad05c61907c33c53f6 ]

The inbound and outbound windows have completely separate control
registers sets in the host controller MMIO space. Windows control
register are accessed through an MMIO base address and an offset
that depends on the window index.

Since inbound and outbound windows control registers are completely
separate there is no real need to use different window indexes in the
inbound/outbound windows initialization routines to prevent clashing.

To fix this inconsistency, change the MEM inbound window index to 0,
mirroring the outbound window set-up.

Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
[lorenzo.pieralisi@arm.com: update commit log]
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Minghuan Lian <Minghuan.Lian@nxp.com>
Reviewed-by: Subrahmanya Lingappa <l.subrahmanya@mobiveil.co.in>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/pcie-mobiveil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/pci/controller/pcie-mobiveil.c b/drivers/pci/controller/pcie-mobiveil.c
index 2fe7ebdad2d2..a2d1e89d4867 100644
--- a/drivers/pci/controller/pcie-mobiveil.c
+++ b/drivers/pci/controller/pcie-mobiveil.c
@@ -553,7 +553,7 @@ static int mobiveil_host_init(struct mobiveil_pcie *pcie)
 			resource_size(pcie->ob_io_res));
 
 	/* memory inbound translation window */
-	program_ib_windows(pcie, WIN_NUM_1, 0, MEM_WINDOW_TYPE, IB_WIN_SIZE);
+	program_ib_windows(pcie, WIN_NUM_0, 0, MEM_WINDOW_TYPE, IB_WIN_SIZE);
 
 	/* Get the I/O and memory ranges from DT */
 	resource_list_for_each_entry_safe(win, tmp, &pcie->resources) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 067/113] perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (65 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 066/113] PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 068/113] perf stat: Fix use-after-freed pointer detected by the smatch tool Greg Kroah-Hartman
                   ` (51 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Numfor Mbiziwo-Tiapo,
	Alexander Shishkin, Ian Rogers, Jiri Olsa, Mark Drayton,
	Namhyung Kim, Peter Zijlstra, Song Liu, Stephane Eranian,
	Arnaldo Carvalho de Melo, Sasha Levin

[ Upstream commit 4e4cf62b37da5ff45c904a3acf242ab29ed5881d ]

Running the 'perf test' command after building perf with a memory
sanitizer causes a warning that says:

  WARNING: MemorySanitizer: use-of-uninitialized-value... in mmap-thread-lookup.c

Initializing the go variable to 0 silences this harmless warning.

Committer warning:

This was harmless, just a simple test writing whatever was at that
sizeof(int) memory area just to signal another thread blocked reading
that file created with pipe(). Initialize it tho so that we don't get
this warning.

Signed-off-by: Numfor Mbiziwo-Tiapo <nums@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Drayton <mbd@fb.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lkml.kernel.org/r/20190702173716.181223-1-nums@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/tests/mmap-thread-lookup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/tests/mmap-thread-lookup.c b/tools/perf/tests/mmap-thread-lookup.c
index b1af2499a3c9..7a9b123c7bfc 100644
--- a/tools/perf/tests/mmap-thread-lookup.c
+++ b/tools/perf/tests/mmap-thread-lookup.c
@@ -52,7 +52,7 @@ static void *thread_fn(void *arg)
 {
 	struct thread_data *td = arg;
 	ssize_t ret;
-	int go;
+	int go = 0;
 
 	if (thread_init(td))
 		return NULL;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 068/113] perf stat: Fix use-after-freed pointer detected by the smatch tool
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (66 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 067/113] perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 069/113] perf top: Fix potential NULL pointer dereference " Greg Kroah-Hartman
                   ` (50 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Leo Yan, Jiri Olsa, Adrian Hunter,
	Alexander Shishkin, Alexey Budankov, Alexios Zavras, Andi Kleen,
	Changbin Du, Davidlohr Bueso, David S. Miller,
	Eric Saint-Etienne, Jin Yao, Konstantin Khlebnikov,
	linux-arm-kernel, Mathieu Poirier, Namhyung Kim, Peter Zijlstra,
	Rasmus Villemoes, Song Liu, Suzuki Poulouse, Thomas Gleixner,
	Thomas Richter, Arnaldo Carvalho de Melo, Sasha Levin

[ Upstream commit c74b05030edb3b52f4208d8415b8c933bc509a29 ]

Based on the following report from Smatch, fix the use-after-freed
pointer.

  tools/perf/builtin-stat.c:1353
  add_default_attributes() warn: passing freed memory 'str'.

The pointer 'str' has been freed but later it is still passed into the
function parse_events_print_error().  This patch fixes this
use-after-freed issue.

Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Alexios Zavras <alexios.zavras@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Changbin Du <changbin.du@intel.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: David S. Miller <davem@davemloft.net>
Cc: Eric Saint-Etienne <eric.saint.etienne@oracle.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Song Liu <songliubraving@fb.com>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Link: http://lkml.kernel.org/r/20190702103420.27540-3-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/builtin-stat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/builtin-stat.c b/tools/perf/builtin-stat.c
index 40720150ccd8..789962565c9c 100644
--- a/tools/perf/builtin-stat.c
+++ b/tools/perf/builtin-stat.c
@@ -2497,8 +2497,8 @@ static int add_default_attributes(void)
 				fprintf(stderr,
 					"Cannot set up top down events %s: %d\n",
 					str, err);
-				free(str);
 				parse_events_print_error(&errinfo, str);
+				free(str);
 				return -1;
 			}
 		} else {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 069/113] perf top: Fix potential NULL pointer dereference detected by the smatch tool
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (67 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 068/113] perf stat: Fix use-after-freed pointer detected by the smatch tool Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 070/113] perf session: Fix potential NULL pointer dereference found " Greg Kroah-Hartman
                   ` (49 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Leo Yan, Jiri Olsa, Adrian Hunter,
	Alexander Shishkin, Alexey Budankov, Alexios Zavras, Andi Kleen,
	Changbin Du, David S. Miller, Davidlohr Bueso,
	Eric Saint-Etienne, Jin Yao, Konstantin Khlebnikov,
	Mathieu Poirier, Namhyung Kim, Peter Zijlstra, Rasmus Villemoes,
	Song Liu, Suzuki Poulouse, Thomas Gleixner, Thomas Richter,
	linux-arm-kernel, Arnaldo Carvalho de Melo, Sasha Levin

[ Upstream commit 111442cfc8abdeaa7ec1407f07ef7b3e5f76654e ]

Based on the following report from Smatch, fix the potential NULL
pointer dereference check.

  tools/perf/builtin-top.c:109
  perf_top__parse_source() warn: variable dereferenced before check 'he'
  (see line 103)

  tools/perf/builtin-top.c:233
  perf_top__show_details() warn: variable dereferenced before check 'he'
  (see line 228)

  tools/perf/builtin-top.c
  101 static int perf_top__parse_source(struct perf_top *top, struct hist_entry *he)
  102 {
  103         struct perf_evsel *evsel = hists_to_evsel(he->hists);
                                                        ^^^^
  104         struct symbol *sym;
  105         struct annotation *notes;
  106         struct map *map;
  107         int err = -1;
  108
  109         if (!he || !he->ms.sym)
  110                 return -1;

This patch moves the values assignment after validating pointer 'he'.

Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Alexios Zavras <alexios.zavras@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Changbin Du <changbin.du@intel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Eric Saint-Etienne <eric.saint.etienne@oracle.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Song Liu <songliubraving@fb.com>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/20190702103420.27540-4-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/builtin-top.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tools/perf/builtin-top.c b/tools/perf/builtin-top.c
index 33eefc33e0ea..d0733251a386 100644
--- a/tools/perf/builtin-top.c
+++ b/tools/perf/builtin-top.c
@@ -99,7 +99,7 @@ static void perf_top__resize(struct perf_top *top)
 
 static int perf_top__parse_source(struct perf_top *top, struct hist_entry *he)
 {
-	struct perf_evsel *evsel = hists_to_evsel(he->hists);
+	struct perf_evsel *evsel;
 	struct symbol *sym;
 	struct annotation *notes;
 	struct map *map;
@@ -108,6 +108,8 @@ static int perf_top__parse_source(struct perf_top *top, struct hist_entry *he)
 	if (!he || !he->ms.sym)
 		return -1;
 
+	evsel = hists_to_evsel(he->hists);
+
 	sym = he->ms.sym;
 	map = he->ms.map;
 
@@ -224,7 +226,7 @@ static void perf_top__record_precise_ip(struct perf_top *top,
 static void perf_top__show_details(struct perf_top *top)
 {
 	struct hist_entry *he = top->sym_filter_entry;
-	struct perf_evsel *evsel = hists_to_evsel(he->hists);
+	struct perf_evsel *evsel;
 	struct annotation *notes;
 	struct symbol *symbol;
 	int more;
@@ -232,6 +234,8 @@ static void perf_top__show_details(struct perf_top *top)
 	if (!he)
 		return;
 
+	evsel = hists_to_evsel(he->hists);
+
 	symbol = he->ms.sym;
 	notes = symbol__annotation(symbol);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 070/113] perf session: Fix potential NULL pointer dereference found by the smatch tool
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (68 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 069/113] perf top: Fix potential NULL pointer dereference " Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 071/113] perf annotate: Fix dereferencing freed memory " Greg Kroah-Hartman
                   ` (48 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Leo Yan, Jiri Olsa, Adrian Hunter,
	Alexander Shishkin, Alexey Budankov, Alexios Zavras, Andi Kleen,
	Changbin Du, David S. Miller, Davidlohr Bueso,
	Eric Saint-Etienne, Jin Yao, Konstantin Khlebnikov,
	Mathieu Poirier, Namhyung Kim, Peter Zijlstra, Rasmus Villemoes,
	Song Liu, Suzuki Poulouse, Thomas Gleixner, Thomas Richter,
	linux-arm-kernel, Arnaldo Carvalho de Melo, Sasha Levin

[ Upstream commit f3c8d90757724982e5f07cd77d315eb64ca145ac ]

Based on the following report from Smatch, fix the potential
NULL pointer dereference check.

  tools/perf/util/session.c:1252
  dump_read() error: we previously assumed 'evsel' could be null
  (see line 1249)

  tools/perf/util/session.c
  1240 static void dump_read(struct perf_evsel *evsel, union perf_event *event)
  1241 {
  1242         struct read_event *read_event = &event->read;
  1243         u64 read_format;
  1244
  1245         if (!dump_trace)
  1246                 return;
  1247
  1248         printf(": %d %d %s %" PRIu64 "\n", event->read.pid, event->read.tid,
  1249                evsel ? perf_evsel__name(evsel) : "FAIL",
  1250                event->read.value);
  1251
  1252         read_format = evsel->attr.read_format;
                             ^^^^^^^

'evsel' could be NULL pointer, for this case this patch directly bails
out without dumping read_event.

Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Alexios Zavras <alexios.zavras@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Changbin Du <changbin.du@intel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Eric Saint-Etienne <eric.saint.etienne@oracle.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Song Liu <songliubraving@fb.com>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/20190702103420.27540-9-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/util/session.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index 11086097fc9f..f016d1b330e5 100644
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -1141,6 +1141,9 @@ static void dump_read(struct perf_evsel *evsel, union perf_event *event)
 	       evsel ? perf_evsel__name(evsel) : "FAIL",
 	       event->read.value);
 
+	if (!evsel)
+		return;
+
 	read_format = evsel->attr.read_format;
 
 	if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 071/113] perf annotate: Fix dereferencing freed memory found by the smatch tool
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (69 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 070/113] perf session: Fix potential NULL pointer dereference found " Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 072/113] perf hists browser: Fix potential NULL pointer dereference " Greg Kroah-Hartman
                   ` (47 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Leo Yan, Jiri Olsa, Adrian Hunter,
	Alexander Shishkin, Alexey Budankov, Alexios Zavras, Andi Kleen,
	Changbin Du, David S. Miller, Davidlohr Bueso,
	Eric Saint-Etienne, Jin Yao, Konstantin Khlebnikov,
	Mathieu Poirier, Namhyung Kim, Peter Zijlstra, Rasmus Villemoes,
	Song Liu, Suzuki Poulouse, Thomas Gleixner, Thomas Richter,
	linux-arm-kernel, Arnaldo Carvalho de Melo, Sasha Levin

[ Upstream commit 600c787dbf6521d8d07ee717ab7606d5070103ea ]

Based on the following report from Smatch, fix the potential
dereferencing freed memory check.

  tools/perf/util/annotate.c:1125
  disasm_line__parse() error: dereferencing freed memory 'namep'

  tools/perf/util/annotate.c
  1100 static int disasm_line__parse(char *line, const char **namep, char **rawp)
  1101 {
  1102         char tmp, *name = ltrim(line);

  [...]

  1114         *namep = strdup(name);
  1115
  1116         if (*namep == NULL)
  1117                 goto out_free_name;

  [...]

  1124 out_free_name:
  1125         free((void *)namep);
                            ^^^^^
  1126         *namep = NULL;
               ^^^^^^
  1127         return -1;
  1128 }

If strdup() fails to allocate memory space for *namep, we don't need to
free memory with pointer 'namep', which is resident in data structure
disasm_line::ins::name; and *namep is NULL pointer for this failure, so
it's pointless to assign NULL to *namep again.

Committer note:

Freeing namep, which is the address of the first entry of the 'struct
ins' that is the first member of struct disasm_line would in fact free
that disasm_line instance, if it was allocated via malloc/calloc, which,
later, would a dereference of freed memory.

Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Alexios Zavras <alexios.zavras@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Changbin Du <changbin.du@intel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Eric Saint-Etienne <eric.saint.etienne@oracle.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Song Liu <songliubraving@fb.com>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/20190702103420.27540-5-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/util/annotate.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index c357051dd2b6..daea1fdf7385 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1079,16 +1079,14 @@ static int disasm_line__parse(char *line, const char **namep, char **rawp)
 	*namep = strdup(name);
 
 	if (*namep == NULL)
-		goto out_free_name;
+		goto out;
 
 	(*rawp)[0] = tmp;
 	*rawp = ltrim(*rawp);
 
 	return 0;
 
-out_free_name:
-	free((void *)namep);
-	*namep = NULL;
+out:
 	return -1;
 }
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 072/113] perf hists browser: Fix potential NULL pointer dereference found by the smatch tool
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (70 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 071/113] perf annotate: Fix dereferencing freed memory " Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 073/113] RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM Greg Kroah-Hartman
                   ` (46 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Leo Yan, Jiri Olsa, Adrian Hunter,
	Alexander Shishkin, Andi Kleen, Mathieu Poirier, Namhyung Kim,
	Suzuki Poulouse, linux-arm-kernel, Arnaldo Carvalho de Melo,
	Sasha Levin

[ Upstream commit ceb75476db1617a88cc29b09839acacb69aa076e ]

Based on the following report from Smatch, fix the potential
NULL pointer dereference check.

  tools/perf/ui/browsers/hists.c:641
  hist_browser__run() error: we previously assumed 'hbt' could be
  null (see line 625)

  tools/perf/ui/browsers/hists.c:3088
  perf_evsel__hists_browse() error: we previously assumed
  'browser->he_selection' could be null (see line 2902)

  tools/perf/ui/browsers/hists.c:3272
  perf_evsel_menu__run() error: we previously assumed 'hbt' could be
  null (see line 3260)

This patch firstly validating the pointers before access them, so can
fix potential NULL pointer dereference.

Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/20190708143937.7722-2-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/ui/browsers/hists.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/tools/perf/ui/browsers/hists.c b/tools/perf/ui/browsers/hists.c
index a96f62ca984a..692d2fa31c35 100644
--- a/tools/perf/ui/browsers/hists.c
+++ b/tools/perf/ui/browsers/hists.c
@@ -633,7 +633,11 @@ int hist_browser__run(struct hist_browser *browser, const char *help,
 		switch (key) {
 		case K_TIMER: {
 			u64 nr_entries;
-			hbt->timer(hbt->arg);
+
+			WARN_ON_ONCE(!hbt);
+
+			if (hbt)
+				hbt->timer(hbt->arg);
 
 			if (hist_browser__has_filter(browser) ||
 			    symbol_conf.report_hierarchy)
@@ -2707,7 +2711,7 @@ static int perf_evsel__hists_browse(struct perf_evsel *evsel, int nr_events,
 {
 	struct hists *hists = evsel__hists(evsel);
 	struct hist_browser *browser = perf_evsel_browser__new(evsel, hbt, env, annotation_opts);
-	struct branch_info *bi;
+	struct branch_info *bi = NULL;
 #define MAX_OPTIONS  16
 	char *options[MAX_OPTIONS];
 	struct popup_action actions[MAX_OPTIONS];
@@ -2973,7 +2977,9 @@ static int perf_evsel__hists_browse(struct perf_evsel *evsel, int nr_events,
 			goto skip_annotation;
 
 		if (sort__mode == SORT_MODE__BRANCH) {
-			bi = browser->he_selection->branch_info;
+
+			if (browser->he_selection)
+				bi = browser->he_selection->branch_info;
 
 			if (bi == NULL)
 				goto skip_annotation;
@@ -3144,7 +3150,8 @@ static int perf_evsel_menu__run(struct perf_evsel_menu *menu,
 
 		switch (key) {
 		case K_TIMER:
-			hbt->timer(hbt->arg);
+			if (hbt)
+				hbt->timer(hbt->arg);
 
 			if (!menu->lost_events_warned &&
 			    menu->lost_events &&
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 073/113] RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (71 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 072/113] perf hists browser: Fix potential NULL pointer dereference " Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 074/113] PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB Greg Kroah-Hartman
                   ` (45 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Konstantin Taranov, Jason Gunthorpe,
	Sasha Levin

[ Upstream commit bdce1290493caa3f8119f24b5dacc3fb7ca27389 ]

Calculate the correct byte_len on the receiving side when a work
completion is generated with IB_WC_RECV_RDMA_WITH_IMM opcode.

According to the IBA byte_len must indicate the number of written bytes,
whereas it was always equal to zero for the IB_WC_RECV_RDMA_WITH_IMM
opcode, even though data was transferred.

Fixes: 8700e3e7c485 ("Soft RoCE driver")
Signed-off-by: Konstantin Taranov <konstantin.taranov@inf.ethz.ch>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/infiniband/sw/rxe/rxe_resp.c  | 5 ++++-
 drivers/infiniband/sw/rxe/rxe_verbs.h | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/infiniband/sw/rxe/rxe_resp.c b/drivers/infiniband/sw/rxe/rxe_resp.c
index 4111b798fd3c..681d8e0913d0 100644
--- a/drivers/infiniband/sw/rxe/rxe_resp.c
+++ b/drivers/infiniband/sw/rxe/rxe_resp.c
@@ -435,6 +435,7 @@ static enum resp_states check_rkey(struct rxe_qp *qp,
 			qp->resp.va = reth_va(pkt);
 			qp->resp.rkey = reth_rkey(pkt);
 			qp->resp.resid = reth_len(pkt);
+			qp->resp.length = reth_len(pkt);
 		}
 		access = (pkt->mask & RXE_READ_MASK) ? IB_ACCESS_REMOTE_READ
 						     : IB_ACCESS_REMOTE_WRITE;
@@ -859,7 +860,9 @@ static enum resp_states do_complete(struct rxe_qp *qp,
 				pkt->mask & RXE_WRITE_MASK) ?
 					IB_WC_RECV_RDMA_WITH_IMM : IB_WC_RECV;
 		wc->vendor_err = 0;
-		wc->byte_len = wqe->dma.length - wqe->dma.resid;
+		wc->byte_len = (pkt->mask & RXE_IMMDT_MASK &&
+				pkt->mask & RXE_WRITE_MASK) ?
+					qp->resp.length : wqe->dma.length - wqe->dma.resid;
 
 		/* fields after byte_len are different between kernel and user
 		 * space
diff --git a/drivers/infiniband/sw/rxe/rxe_verbs.h b/drivers/infiniband/sw/rxe/rxe_verbs.h
index 332a16dad2a7..3b731c7682e5 100644
--- a/drivers/infiniband/sw/rxe/rxe_verbs.h
+++ b/drivers/infiniband/sw/rxe/rxe_verbs.h
@@ -212,6 +212,7 @@ struct rxe_resp_info {
 	struct rxe_mem		*mr;
 	u32			resid;
 	u32			rkey;
+	u32			length;
 	u64			atomic_orig;
 
 	/* SRQ only */
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 074/113] PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (72 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 073/113] RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 075/113] powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h Greg Kroah-Hartman
                   ` (44 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hulk Robot, YueHaibing,
	Lorenzo Pieralisi, Kishon Vijay Abraham I, Sasha Levin

[ Upstream commit 381ed79c8655a40268ee7391f716edd90c5c3a97 ]

If CONFIG_GPIOLIB is not selected the compilation results in the
following build errors:

drivers/pci/controller/dwc/pci-dra7xx.c:
 In function dra7xx_pcie_probe:
drivers/pci/controller/dwc/pci-dra7xx.c:777:10:
 error: implicit declaration of function devm_gpiod_get_optional;
 did you mean devm_regulator_get_optional? [-Werror=implicit-function-declaration]

  reset = devm_gpiod_get_optional(dev, NULL, GPIOD_OUT_HIGH);

drivers/pci/controller/dwc/pci-dra7xx.c:778:45: error: ‘GPIOD_OUT_HIGH’
undeclared (first use in this function); did you mean ‘GPIOF_INIT_HIGH’?
  reset = devm_gpiod_get_optional(dev, NULL, GPIOD_OUT_HIGH);
                                             ^~~~~~~~~~~~~~
                                             GPIOF_INIT_HIGH

Fix them by including the appropriate header file.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
[lorenzo.pieralisi@arm.com: commit log]
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Acked-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/dwc/pci-dra7xx.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/pci/controller/dwc/pci-dra7xx.c b/drivers/pci/controller/dwc/pci-dra7xx.c
index a32d6dde7a57..412524aa1fde 100644
--- a/drivers/pci/controller/dwc/pci-dra7xx.c
+++ b/drivers/pci/controller/dwc/pci-dra7xx.c
@@ -26,6 +26,7 @@
 #include <linux/types.h>
 #include <linux/mfd/syscon.h>
 #include <linux/regmap.h>
+#include <linux/gpio/consumer.h>
 
 #include "../../pci.h"
 #include "pcie-designware.h"
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 075/113] powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (73 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 074/113] PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 076/113] block: init flush rq ref count to 1 Greg Kroah-Hartman
                   ` (43 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, Michael Ellerman,
	Sasha Levin

[ Upstream commit 9e005b761e7ad153dcf40a6cba1d681fe0830ac6 ]

The next commit will make the way of passing CONFIG options more robust.
Unfortunately, it would uncover another hidden issue; without this
commit, skiroot_defconfig would be broken like this:

|   WRAP    arch/powerpc/boot/zImage.pseries
| arch/powerpc/boot/wrapper.a(decompress.o): In function `bcj_powerpc.isra.10':
| decompress.c:(.text+0x720): undefined reference to `get_unaligned_be32'
| decompress.c:(.text+0x7a8): undefined reference to `put_unaligned_be32'
| make[1]: *** [arch/powerpc/boot/Makefile;383: arch/powerpc/boot/zImage.pseries] Error 1
| make: *** [arch/powerpc/Makefile;295: zImage] Error 2

skiroot_defconfig is the only defconfig that enables CONFIG_KERNEL_XZ
for ppc, which has never been correctly built before.

I figured out the root cause in lib/decompress_unxz.c:

| #ifdef CONFIG_PPC
| #      define XZ_DEC_POWERPC
| #endif

CONFIG_PPC is undefined here in the ppc bootwrapper because autoconf.h
is not included except by arch/powerpc/boot/serial.c

XZ_DEC_POWERPC is not defined, therefore, bcj_powerpc() is not compiled
for the bootwrapper.

With the next commit passing CONFIG_PPC correctly, we would realize that
{get,put}_unaligned_be32 was missing.

Unlike the other decompressors, the ppc bootwrapper duplicates all the
necessary helpers in arch/powerpc/boot/.

The other architectures define __KERNEL__ and pull in helpers for
building the decompressors.

If ppc bootwrapper had defined __KERNEL__, lib/xz/xz_private.h would
have included <asm/unaligned.h>:

| #ifdef __KERNEL__
| #       include <linux/xz.h>
| #       include <linux/kernel.h>
| #       include <asm/unaligned.h>

However, doing so would cause tons of definition conflicts since the
bootwrapper has duplicated everything.

I just added copies of {get,put}_unaligned_be32, following the
bootwrapper coding convention.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190705100144.28785-1-yamada.masahiro@socionext.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/boot/xz_config.h | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/arch/powerpc/boot/xz_config.h b/arch/powerpc/boot/xz_config.h
index e22e5b3770dd..ebfadd39e192 100644
--- a/arch/powerpc/boot/xz_config.h
+++ b/arch/powerpc/boot/xz_config.h
@@ -20,10 +20,30 @@ static inline uint32_t swab32p(void *p)
 
 #ifdef __LITTLE_ENDIAN__
 #define get_le32(p) (*((uint32_t *) (p)))
+#define cpu_to_be32(x) swab32(x)
+static inline u32 be32_to_cpup(const u32 *p)
+{
+	return swab32p((u32 *)p);
+}
 #else
 #define get_le32(p) swab32p(p)
+#define cpu_to_be32(x) (x)
+static inline u32 be32_to_cpup(const u32 *p)
+{
+	return *p;
+}
 #endif
 
+static inline uint32_t get_unaligned_be32(const void *p)
+{
+	return be32_to_cpup(p);
+}
+
+static inline void put_unaligned_be32(u32 val, void *p)
+{
+	*((u32 *)p) = cpu_to_be32(val);
+}
+
 #define memeq(a, b, size) (memcmp(a, b, size) == 0)
 #define memzero(buf, size) memset(buf, 0, size)
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 076/113] block: init flush rq ref count to 1
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (74 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 075/113] powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 077/113] f2fs: avoid out-of-range memory access Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Josef Bacik, Jens Axboe, Sasha Levin

[ Upstream commit b554db147feea39617b533ab6bca247c91c6198a ]

We discovered a problem in newer kernels where a disconnect of a NBD
device while the flush request was pending would result in a hang.  This
is because the blk mq timeout handler does

        if (!refcount_inc_not_zero(&rq->ref))
                return true;

to determine if it's ok to run the timeout handler for the request.
Flush_rq's don't have a ref count set, so we'd skip running the timeout
handler for this request and it would just sit there in limbo forever.

Fix this by always setting the refcount of any request going through
blk_init_rq() to 1.  I tested this with a nbd-server that dropped flush
requests to verify that it hung, and then tested with this patch to
verify I got the timeout as expected and the error handling kicked in.
Thanks,

Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 block/blk-core.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/blk-core.c b/block/blk-core.c
index 682bc561b77b..9ca703bcfe3b 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -198,6 +198,7 @@ void blk_rq_init(struct request_queue *q, struct request *rq)
 	rq->internal_tag = -1;
 	rq->start_time_ns = ktime_get_ns();
 	rq->part = NULL;
+	refcount_set(&rq->ref, 1);
 }
 EXPORT_SYMBOL(blk_rq_init);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 077/113] f2fs: avoid out-of-range memory access
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (75 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 076/113] block: init flush rq ref count to 1 Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-31 19:11   ` Pavel Machek
  2019-07-29 19:22 ` [PATCH 4.19 078/113] mailbox: handle failed named mailbox channel request Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  118 siblings, 1 reply; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ocean Chen, Chao Yu, Jaegeuk Kim,
	Sasha Levin

[ Upstream commit 56f3ce675103e3fb9e631cfb4131fc768bc23e9a ]

blkoff_off might over 512 due to fs corrupt or security
vulnerability. That should be checked before being using.

Use ENTRIES_IN_SUM to protect invalid value in cur_data_blkoff.

Signed-off-by: Ocean Chen <oceanchen@google.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/segment.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 8fc3edb6760c..92f72bb5aff4 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -3261,6 +3261,11 @@ static int read_compacted_summaries(struct f2fs_sb_info *sbi)
 		seg_i = CURSEG_I(sbi, i);
 		segno = le32_to_cpu(ckpt->cur_data_segno[i]);
 		blk_off = le16_to_cpu(ckpt->cur_data_blkoff[i]);
+		if (blk_off > ENTRIES_IN_SUM) {
+			f2fs_bug_on(sbi, 1);
+			f2fs_put_page(page, 1);
+			return -EFAULT;
+		}
 		seg_i->next_segno = segno;
 		reset_curseg(sbi, i, 0);
 		seg_i->alloc_type = ckpt->alloc_type[i];
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 078/113] mailbox: handle failed named mailbox channel request
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (76 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 077/113] f2fs: avoid out-of-range memory access Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 079/113] dlm: check if workqueues are NULL before flushing/destroying Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Morten Borup Petersen, Jassi Brar,
	Sasha Levin

[ Upstream commit 25777e5784a7b417967460d4fcf9660d05a0c320 ]

Previously, if mbox_request_channel_byname was used with a name
which did not exist in the "mbox-names" property of a mailbox
client, the mailbox corresponding to the last entry in the
"mbox-names" list would be incorrectly selected.
With this patch, -EINVAL is returned if the named mailbox is
not found.

Signed-off-by: Morten Borup Petersen <morten_bp@live.dk>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mailbox/mailbox.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c
index 674b35f402f5..055c90b8253c 100644
--- a/drivers/mailbox/mailbox.c
+++ b/drivers/mailbox/mailbox.c
@@ -391,11 +391,13 @@ struct mbox_chan *mbox_request_channel_byname(struct mbox_client *cl,
 
 	of_property_for_each_string(np, "mbox-names", prop, mbox_name) {
 		if (!strncmp(name, mbox_name, strlen(name)))
-			break;
+			return mbox_request_channel(cl, index);
 		index++;
 	}
 
-	return mbox_request_channel(cl, index);
+	dev_err(cl->dev, "%s() could not locate channel named \"%s\"\n",
+		__func__, name);
+	return ERR_PTR(-EINVAL);
 }
 EXPORT_SYMBOL_GPL(mbox_request_channel_byname);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 079/113] dlm: check if workqueues are NULL before flushing/destroying
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (77 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 078/113] mailbox: handle failed named mailbox channel request Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 080/113] powerpc/eeh: Handle hugepages in ioremap space Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, David Windsor, David Teigland, Sasha Levin

[ Upstream commit b355516f450703c9015316e429b66a93dfff0e6f ]

If the DLM lowcomms stack is shut down before any DLM
traffic can be generated, flush_workqueue() and
destroy_workqueue() can be called on empty send and/or recv
workqueues.

Insert guard conditionals to only call flush_workqueue()
and destroy_workqueue() on workqueues that are not NULL.

Signed-off-by: David Windsor <dwindsor@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/dlm/lowcomms.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c
index a5e4a221435c..a93ebffe84b3 100644
--- a/fs/dlm/lowcomms.c
+++ b/fs/dlm/lowcomms.c
@@ -1630,8 +1630,10 @@ static void clean_writequeues(void)
 
 static void work_stop(void)
 {
-	destroy_workqueue(recv_workqueue);
-	destroy_workqueue(send_workqueue);
+	if (recv_workqueue)
+		destroy_workqueue(recv_workqueue);
+	if (send_workqueue)
+		destroy_workqueue(send_workqueue);
 }
 
 static int work_start(void)
@@ -1691,13 +1693,17 @@ static void work_flush(void)
 	struct hlist_node *n;
 	struct connection *con;
 
-	flush_workqueue(recv_workqueue);
-	flush_workqueue(send_workqueue);
+	if (recv_workqueue)
+		flush_workqueue(recv_workqueue);
+	if (send_workqueue)
+		flush_workqueue(send_workqueue);
 	do {
 		ok = 1;
 		foreach_conn(stop_conn);
-		flush_workqueue(recv_workqueue);
-		flush_workqueue(send_workqueue);
+		if (recv_workqueue)
+			flush_workqueue(recv_workqueue);
+		if (send_workqueue)
+			flush_workqueue(send_workqueue);
 		for (i = 0; i < CONN_HASH_SIZE && ok; i++) {
 			hlist_for_each_entry_safe(con, n,
 						  &connection_hash[i], list) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 080/113] powerpc/eeh: Handle hugepages in ioremap space
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (78 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 079/113] dlm: check if workqueues are NULL before flushing/destroying Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 081/113] block/bio-integrity: fix a memory leak bug Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sachin Sant, Oliver OHalloran,
	Michael Ellerman, Sasha Levin

[ Upstream commit 33439620680be5225c1b8806579a291e0d761ca0 ]

In commit 4a7b06c157a2 ("powerpc/eeh: Handle hugepages in ioremap
space") support for using hugepages in the vmalloc and ioremap areas was
enabled for radix. Unfortunately this broke EEH MMIO error checking.

Detection works by inserting a hook which checks the results of the
ioreadXX() set of functions.  When a read returns a 0xFFs response we
need to check for an error which we do by mapping the (virtual) MMIO
address back to a physical address, then mapping physical address to a
PCI device via an interval tree.

When translating virt -> phys we currently assume the ioremap space is
only populated by PAGE_SIZE mappings. If a hugepage mapping is found we
emit a WARN_ON(), but otherwise handles the check as though a normal
page was found. In pathalogical cases such as copying a buffer
containing a lot of 0xFFs from BAR memory this can result in the system
not booting because it's too busy printing WARN_ON()s.

There's no real reason to assume huge pages can't be present and we're
prefectly capable of handling them, so do that.

Fixes: 4a7b06c157a2 ("powerpc/eeh: Handle hugepages in ioremap space")
Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190710150517.27114-1-oohall@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/kernel/eeh.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c
index c72767a5327a..fe3c6f3bd3b6 100644
--- a/arch/powerpc/kernel/eeh.c
+++ b/arch/powerpc/kernel/eeh.c
@@ -360,10 +360,19 @@ static inline unsigned long eeh_token_to_phys(unsigned long token)
 	ptep = find_init_mm_pte(token, &hugepage_shift);
 	if (!ptep)
 		return token;
-	WARN_ON(hugepage_shift);
-	pa = pte_pfn(*ptep) << PAGE_SHIFT;
 
-	return pa | (token & (PAGE_SIZE-1));
+	pa = pte_pfn(*ptep);
+
+	/* On radix we can do hugepage mappings for io, so handle that */
+	if (hugepage_shift) {
+		pa <<= hugepage_shift;
+		pa |= token & ((1ul << hugepage_shift) - 1);
+	} else {
+		pa <<= PAGE_SHIFT;
+		pa |= token & (PAGE_SIZE - 1);
+	}
+
+	return pa;
 }
 
 /*
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 081/113] block/bio-integrity: fix a memory leak bug
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (79 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 080/113] powerpc/eeh: Handle hugepages in ioremap space Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 082/113] sh: prevent warnings when using iounmap Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ming Lei, Martin K. Petersen,
	Wenwen Wang, Jens Axboe, Sasha Levin

[ Upstream commit e7bf90e5afe3aa1d1282c1635a49e17a32c4ecec ]

In bio_integrity_prep(), a kernel buffer is allocated through kmalloc() to
hold integrity metadata. Later on, the buffer will be attached to the bio
structure through bio_integrity_add_page(), which returns the number of
bytes of integrity metadata attached. Due to unexpected situations,
bio_integrity_add_page() may return 0. As a result, bio_integrity_prep()
needs to be terminated with 'false' returned to indicate this error.
However, the allocated kernel buffer is not freed on this execution path,
leading to a memory leak.

To fix this issue, free the allocated buffer before returning from
bio_integrity_prep().

Reviewed-by: Ming Lei <ming.lei@redhat.com>
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 block/bio-integrity.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/block/bio-integrity.c b/block/bio-integrity.c
index 67b5fb861a51..5bd90cd4b51e 100644
--- a/block/bio-integrity.c
+++ b/block/bio-integrity.c
@@ -291,8 +291,12 @@ bool bio_integrity_prep(struct bio *bio)
 		ret = bio_integrity_add_page(bio, virt_to_page(buf),
 					     bytes, offset);
 
-		if (ret == 0)
-			return false;
+		if (ret == 0) {
+			printk(KERN_ERR "could not attach integrity payload\n");
+			kfree(buf);
+			status = BLK_STS_RESOURCE;
+			goto err_end_io;
+		}
 
 		if (ret < bytes)
 			break;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 082/113] sh: prevent warnings when using iounmap
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (80 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 081/113] block/bio-integrity: fix a memory leak bug Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 083/113] mm/kmemleak.c: fix check for softirq context Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sam Ravnborg, Geert Uytterhoeven,
	Yoshinori Sato, Rich Felker, Will Deacon, Mark Brown, Inki Dae,
	Krzysztof Kozlowski, Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit 733f0025f0fb43e382b84db0930ae502099b7e62 ]

When building drm/exynos for sh, as part of an allmodconfig build, the
following warning triggered:

  exynos7_drm_decon.c: In function `decon_remove':
  exynos7_drm_decon.c:769:24: warning: unused variable `ctx'
    struct decon_context *ctx = dev_get_drvdata(&pdev->dev);

The ctx variable is only used as argument to iounmap().

In sh - allmodconfig CONFIG_MMU is not defined
so it ended up in:

\#define __iounmap(addr)	do { } while (0)
\#define iounmap		__iounmap

Fix the warning by introducing a static inline function for iounmap.

This is similar to several other architectures.

Link: http://lkml.kernel.org/r/20190622114208.24427-1-sam@ravnborg.org
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Rich Felker <dalias@libc.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Inki Dae <inki.dae@samsung.com>
Cc: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/sh/include/asm/io.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/sh/include/asm/io.h b/arch/sh/include/asm/io.h
index 98cb8c802b1a..0ae60d680000 100644
--- a/arch/sh/include/asm/io.h
+++ b/arch/sh/include/asm/io.h
@@ -371,7 +371,11 @@ static inline int iounmap_fixed(void __iomem *addr) { return -EINVAL; }
 
 #define ioremap_nocache	ioremap
 #define ioremap_uc	ioremap
-#define iounmap		__iounmap
+
+static inline void iounmap(void __iomem *addr)
+{
+	__iounmap(addr);
+}
 
 /*
  * Convert a physical pointer to a virtual kernel pointer for /dev/mem
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 083/113] mm/kmemleak.c: fix check for softirq context
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (81 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 082/113] sh: prevent warnings when using iounmap Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 084/113] 9p: pass the correct prototype to read_cache_page Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dmitry Vyukov, Catalin Marinas,
	Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit 6ef9056952532c3b746de46aa10d45b4d7797bd8 ]

in_softirq() is a wrong predicate to check if we are in a softirq
context.  It also returns true if we have BH disabled, so objects are
falsely stamped with "softirq" comm.  The correct predicate is
in_serving_softirq().

If user does cat from /sys/kernel/debug/kmemleak previously they would
see this, which is clearly wrong, this is system call context (see the
comm):

unreferenced object 0xffff88805bd661c0 (size 64):
  comm "softirq", pid 0, jiffies 4294942959 (age 12.400s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000007dcb30c>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
    [<0000000007dcb30c>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<0000000007dcb30c>] slab_alloc mm/slab.c:3326 [inline]
    [<0000000007dcb30c>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<00000000969722b7>] kmalloc include/linux/slab.h:547 [inline]
    [<00000000969722b7>] kzalloc include/linux/slab.h:742 [inline]
    [<00000000969722b7>] ip_mc_add1_src net/ipv4/igmp.c:1961 [inline]
    [<00000000969722b7>] ip_mc_add_src+0x36b/0x400 net/ipv4/igmp.c:2085
    [<00000000a4134b5f>] ip_mc_msfilter+0x22d/0x310 net/ipv4/igmp.c:2475
    [<00000000d20248ad>] do_ip_setsockopt.isra.0+0x19fe/0x1c00 net/ipv4/ip_sockglue.c:957
    [<000000003d367be7>] ip_setsockopt+0x3b/0xb0 net/ipv4/ip_sockglue.c:1246
    [<000000003c7c76af>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2616
    [<000000000c1aeb23>] sock_common_setsockopt+0x3e/0x50 net/core/sock.c:3130
    [<000000000157b92b>] __sys_setsockopt+0x9e/0x120 net/socket.c:2078
    [<00000000a9f3d058>] __do_sys_setsockopt net/socket.c:2089 [inline]
    [<00000000a9f3d058>] __se_sys_setsockopt net/socket.c:2086 [inline]
    [<00000000a9f3d058>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2086
    [<000000001b8da885>] do_syscall_64+0x7c/0x1a0 arch/x86/entry/common.c:301
    [<00000000ba770c62>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

now they will see this:

unreferenced object 0xffff88805413c800 (size 64):
  comm "syz-executor.4", pid 8960, jiffies 4294994003 (age 14.350s)
  hex dump (first 32 bytes):
    00 7a 8a 57 80 88 ff ff e0 00 00 01 00 00 00 00  .z.W............
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000c5d3be64>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
    [<00000000c5d3be64>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000c5d3be64>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000c5d3be64>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<0000000023865be2>] kmalloc include/linux/slab.h:547 [inline]
    [<0000000023865be2>] kzalloc include/linux/slab.h:742 [inline]
    [<0000000023865be2>] ip_mc_add1_src net/ipv4/igmp.c:1961 [inline]
    [<0000000023865be2>] ip_mc_add_src+0x36b/0x400 net/ipv4/igmp.c:2085
    [<000000003029a9d4>] ip_mc_msfilter+0x22d/0x310 net/ipv4/igmp.c:2475
    [<00000000ccd0a87c>] do_ip_setsockopt.isra.0+0x19fe/0x1c00 net/ipv4/ip_sockglue.c:957
    [<00000000a85a3785>] ip_setsockopt+0x3b/0xb0 net/ipv4/ip_sockglue.c:1246
    [<00000000ec13c18d>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2616
    [<0000000052d748e3>] sock_common_setsockopt+0x3e/0x50 net/core/sock.c:3130
    [<00000000512f1014>] __sys_setsockopt+0x9e/0x120 net/socket.c:2078
    [<00000000181758bc>] __do_sys_setsockopt net/socket.c:2089 [inline]
    [<00000000181758bc>] __se_sys_setsockopt net/socket.c:2086 [inline]
    [<00000000181758bc>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2086
    [<00000000d4b73623>] do_syscall_64+0x7c/0x1a0 arch/x86/entry/common.c:301
    [<00000000c1098bec>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

Link: http://lkml.kernel.org/r/20190517171507.96046-1-dvyukov@gmail.com
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/kmemleak.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index 72e3fb3bb037..6c94b6865ac2 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -576,7 +576,7 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size,
 	if (in_irq()) {
 		object->pid = 0;
 		strncpy(object->comm, "hardirq", sizeof(object->comm));
-	} else if (in_softirq()) {
+	} else if (in_serving_softirq()) {
 		object->pid = 0;
 		strncpy(object->comm, "softirq", sizeof(object->comm));
 	} else {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 084/113] 9p: pass the correct prototype to read_cache_page
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (82 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 083/113] mm/kmemleak.c: fix check for softirq context Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 085/113] mm/gup.c: mark undo_dev_pagemap as __maybe_unused Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Kees Cook,
	Sami Tolvanen, Nick Desaulniers, Andrew Morton, Linus Torvalds,
	Sasha Levin

[ Upstream commit f053cbd4366051d7eb6ba1b8d529d20f719c2963 ]

Fix the callback 9p passes to read_cache_page to actually have the
proper type expected.  Casting around function pointers can easily
hide typing bugs, and defeats control flow protection.

Link: http://lkml.kernel.org/r/20190520055731.24538-5-hch@lst.de
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Sami Tolvanen <samitolvanen@google.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/9p/vfs_addr.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/9p/vfs_addr.c b/fs/9p/vfs_addr.c
index e1cbdfdb7c68..197069303510 100644
--- a/fs/9p/vfs_addr.c
+++ b/fs/9p/vfs_addr.c
@@ -50,8 +50,9 @@
  * @page: structure to page
  *
  */
-static int v9fs_fid_readpage(struct p9_fid *fid, struct page *page)
+static int v9fs_fid_readpage(void *data, struct page *page)
 {
+	struct p9_fid *fid = data;
 	struct inode *inode = page->mapping->host;
 	struct bio_vec bvec = {.bv_page = page, .bv_len = PAGE_SIZE};
 	struct iov_iter to;
@@ -122,7 +123,8 @@ static int v9fs_vfs_readpages(struct file *filp, struct address_space *mapping,
 	if (ret == 0)
 		return ret;
 
-	ret = read_cache_pages(mapping, pages, (void *)v9fs_vfs_readpage, filp);
+	ret = read_cache_pages(mapping, pages, v9fs_fid_readpage,
+			filp->private_data);
 	p9_debug(P9_DEBUG_VFS, "  = %d\n", ret);
 	return ret;
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 085/113] mm/gup.c: mark undo_dev_pagemap as __maybe_unused
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (83 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 084/113] 9p: pass the correct prototype to read_cache_page Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 086/113] mm/gup.c: remove some BUG_ONs from get_gate_page() Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Andrew Morton,
	Stephen Rothwell, Robin Murphy, Kirill A. Shutemov,
	Linus Torvalds, Sasha Levin

[ Upstream commit 790c73690c2bbecb3f6f8becbdb11ddc9bcff8cc ]

Several mips builds generate the following build warning.

  mm/gup.c:1788:13: warning: 'undo_dev_pagemap' defined but not used

The function is declared unconditionally but only called from behind
various ifdefs. Mark it __maybe_unused.

Link: http://lkml.kernel.org/r/1562072523-22311-1-git-send-email-linux@roeck-us.net
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/gup.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mm/gup.c b/mm/gup.c
index caadd31714a5..43c71397c7ca 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -1367,7 +1367,8 @@ static inline pte_t gup_get_pte(pte_t *ptep)
 }
 #endif
 
-static void undo_dev_pagemap(int *nr, int nr_start, struct page **pages)
+static void __maybe_unused undo_dev_pagemap(int *nr, int nr_start,
+					    struct page **pages)
 {
 	while ((*nr) - nr_start) {
 		struct page *page = pages[--(*nr)];
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 086/113] mm/gup.c: remove some BUG_ONs from get_gate_page()
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (84 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 085/113] mm/gup.c: mark undo_dev_pagemap as __maybe_unused Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 087/113] memcg, fsnotify: no oom-kill for remote memcg charging Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andy Lutomirski, Kees Cook,
	Andrew Morton, Florian Weimer, Jann Horn, Linus Torvalds,
	Sasha Levin

[ Upstream commit b5d1c39f34d1c9bca0c4b9ae2e339fbbe264a9c7 ]

If we end up without a PGD or PUD entry backing the gate area, don't BUG
-- just fail gracefully.

It's not entirely implausible that this could happen some day on x86.  It
doesn't right now even with an execute-only emulated vsyscall page because
the fixmap shares the PUD, but the core mm code shouldn't rely on that
particular detail to avoid OOPSing.

Link: http://lkml.kernel.org/r/a1d9f4efb75b9d464e59fd6af00104b21c58f6f7.1561610798.git.luto@kernel.org
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/gup.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/mm/gup.c b/mm/gup.c
index 43c71397c7ca..f3088d25bd92 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -458,11 +458,14 @@ static int get_gate_page(struct mm_struct *mm, unsigned long address,
 		pgd = pgd_offset_k(address);
 	else
 		pgd = pgd_offset_gate(mm, address);
-	BUG_ON(pgd_none(*pgd));
+	if (pgd_none(*pgd))
+		return -EFAULT;
 	p4d = p4d_offset(pgd, address);
-	BUG_ON(p4d_none(*p4d));
+	if (p4d_none(*p4d))
+		return -EFAULT;
 	pud = pud_offset(p4d, address);
-	BUG_ON(pud_none(*pud));
+	if (pud_none(*pud))
+		return -EFAULT;
 	pmd = pmd_offset(pud, address);
 	if (!pmd_present(*pmd))
 		return -EFAULT;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 087/113] memcg, fsnotify: no oom-kill for remote memcg charging
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (85 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 086/113] mm/gup.c: remove some BUG_ONs from get_gate_page() Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 088/113] mm/mmu_notifier: use hlist_add_head_rcu() Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Shakeel Butt, Roman Gushchin,
	Jan Kara, Johannes Weiner, Vladimir Davydov, Michal Hocko,
	Amir Goldstein, Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit ec165450968b26298bd1c373de37b0ab6d826b33 ]

Commit d46eb14b735b ("fs: fsnotify: account fsnotify metadata to
kmemcg") added remote memcg charging for fanotify and inotify event
objects.  The aim was to charge the memory to the listener who is
interested in the events but without triggering the OOM killer.
Otherwise there would be security concerns for the listener.

At the time, oom-kill trigger was not in the charging path.  A parallel
work added the oom-kill back to charging path i.e.  commit 29ef680ae7c2
("memcg, oom: move out_of_memory back to the charge path").  So to not
trigger oom-killer in the remote memcg, explicitly add
__GFP_RETRY_MAYFAIL to the fanotigy and inotify event allocations.

Link: http://lkml.kernel.org/r/20190514212259.156585-2-shakeelb@google.com
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Roman Gushchin <guro@fb.com>
Acked-by: Jan Kara <jack@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/notify/fanotify/fanotify.c        | 5 ++++-
 fs/notify/inotify/inotify_fsnotify.c | 8 ++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
index 29dee9630eec..a18b8d7a3075 100644
--- a/fs/notify/fanotify/fanotify.c
+++ b/fs/notify/fanotify/fanotify.c
@@ -148,10 +148,13 @@ struct fanotify_event_info *fanotify_alloc_event(struct fsnotify_group *group,
 	/*
 	 * For queues with unlimited length lost events are not expected and
 	 * can possibly have security implications. Avoid losing events when
-	 * memory is short.
+	 * memory is short. For the limited size queues, avoid OOM killer in the
+	 * target monitoring memcg as it may have security repercussion.
 	 */
 	if (group->max_events == UINT_MAX)
 		gfp |= __GFP_NOFAIL;
+	else
+		gfp |= __GFP_RETRY_MAYFAIL;
 
 	/* Whoever is interested in the event, pays for the allocation. */
 	memalloc_use_memcg(group->memcg);
diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c
index f4184b4f3815..16b8702af0e7 100644
--- a/fs/notify/inotify/inotify_fsnotify.c
+++ b/fs/notify/inotify/inotify_fsnotify.c
@@ -99,9 +99,13 @@ int inotify_handle_event(struct fsnotify_group *group,
 	i_mark = container_of(inode_mark, struct inotify_inode_mark,
 			      fsn_mark);
 
-	/* Whoever is interested in the event, pays for the allocation. */
+	/*
+	 * Whoever is interested in the event, pays for the allocation. Do not
+	 * trigger OOM killer in the target monitoring memcg as it may have
+	 * security repercussion.
+	 */
 	memalloc_use_memcg(group->memcg);
-	event = kmalloc(alloc_len, GFP_KERNEL_ACCOUNT);
+	event = kmalloc(alloc_len, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL);
 	memalloc_unuse_memcg();
 
 	if (unlikely(!event)) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 088/113] mm/mmu_notifier: use hlist_add_head_rcu()
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (86 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 087/113] memcg, fsnotify: no oom-kill for remote memcg charging Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 089/113] proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jean-Philippe Brucker,
	Jérôme Glisse, Michal Hocko, Andrew Morton,
	Linus Torvalds, Sasha Levin

[ Upstream commit 543bdb2d825fe2400d6e951f1786d92139a16931 ]

Make mmu_notifier_register() safer by issuing a memory barrier before
registering a new notifier.  This fixes a theoretical bug on weakly
ordered CPUs.  For example, take this simplified use of notifiers by a
driver:

	my_struct->mn.ops = &my_ops; /* (1) */
	mmu_notifier_register(&my_struct->mn, mm)
		...
		hlist_add_head(&mn->hlist, &mm->mmu_notifiers); /* (2) */
		...

Once mmu_notifier_register() releases the mm locks, another thread can
invalidate a range:

	mmu_notifier_invalidate_range()
		...
		hlist_for_each_entry_rcu(mn, &mm->mmu_notifiers, hlist) {
			if (mn->ops->invalidate_range)

The read side relies on the data dependency between mn and ops to ensure
that the pointer is properly initialized.  But the write side doesn't have
any dependency between (1) and (2), so they could be reordered and the
readers could dereference an invalid mn->ops.  mmu_notifier_register()
does take all the mm locks before adding to the hlist, but those have
acquire semantics which isn't sufficient.

By calling hlist_add_head_rcu() instead of hlist_add_head() we update the
hlist using a store-release, ensuring that readers see prior
initialization of my_struct.  This situation is better illustated by
litmus test MP+onceassign+derefonce.

Link: http://lkml.kernel.org/r/20190502133532.24981-1-jean-philippe.brucker@arm.com
Fixes: cddb8a5c14aa ("mmu-notifiers: core")
Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Cc: Jérôme Glisse <jglisse@redhat.com>
Cc: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/mmu_notifier.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/mmu_notifier.c b/mm/mmu_notifier.c
index 82bb1a939c0e..06dedb175572 100644
--- a/mm/mmu_notifier.c
+++ b/mm/mmu_notifier.c
@@ -316,7 +316,7 @@ static int do_mmu_notifier_register(struct mmu_notifier *mn,
 	 * thanks to mm_take_all_locks().
 	 */
 	spin_lock(&mm->mmu_notifier_mm->lock);
-	hlist_add_head(&mn->hlist, &mm->mmu_notifier_mm->list);
+	hlist_add_head_rcu(&mn->hlist, &mm->mmu_notifier_mm->list);
 	spin_unlock(&mm->mmu_notifier_mm->lock);
 
 	mm_drop_all_locks(mm);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 089/113] proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (87 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 088/113] mm/mmu_notifier: use hlist_add_head_rcu() Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 090/113] proc: use down_read_killable mmap_sem for /proc/pid/pagemap Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov,
	Roman Gushchin, Cyrill Gorcunov, Kirill Tkhai, Michal Hocko,
	Alexey Dobriyan, Al Viro, Matthew Wilcox, Michal Koutný,
	Oleg Nesterov, Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit a26a97815548574213fd37f29b4b78ccc6d9ed20 ]

Do not remain stuck forever if something goes wrong.  Using a killable
lock permits cleanup of stuck tasks and simplifies investigation.

Link: http://lkml.kernel.org/r/156007493429.3335.14666825072272692455.stgit@buzz
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Reviewed-by: Roman Gushchin <guro@fb.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michal Koutný <mkoutny@suse.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/proc/task_mmu.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index c5819baee35c..b2010055180e 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -826,7 +826,10 @@ static int show_smaps_rollup(struct seq_file *m, void *v)
 
 	memset(&mss, 0, sizeof(mss));
 
-	down_read(&mm->mmap_sem);
+	ret = down_read_killable(&mm->mmap_sem);
+	if (ret)
+		goto out_put_mm;
+
 	hold_task_mempolicy(priv);
 
 	for (vma = priv->mm->mmap; vma; vma = vma->vm_next) {
@@ -843,8 +846,9 @@ static int show_smaps_rollup(struct seq_file *m, void *v)
 
 	release_task_mempolicy(priv);
 	up_read(&mm->mmap_sem);
-	mmput(mm);
 
+out_put_mm:
+	mmput(mm);
 out_put_task:
 	put_task_struct(priv->task);
 	priv->task = NULL;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 090/113] proc: use down_read_killable mmap_sem for /proc/pid/pagemap
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (88 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 089/113] proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 091/113] proc: use down_read_killable mmap_sem for /proc/pid/clear_refs Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov,
	Roman Gushchin, Cyrill Gorcunov, Kirill Tkhai, Michal Hocko,
	Alexey Dobriyan, Al Viro, Matthew Wilcox, Michal Koutný,
	Oleg Nesterov, Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit ad80b932c57d85fd6377f97f359b025baf179a87 ]

Do not remain stuck forever if something goes wrong.  Using a killable
lock permits cleanup of stuck tasks and simplifies investigation.

Link: http://lkml.kernel.org/r/156007493638.3335.4872164955523928492.stgit@buzz
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Reviewed-by: Roman Gushchin <guro@fb.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michal Koutný <mkoutny@suse.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/proc/task_mmu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index b2010055180e..74965e17ffd5 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -1535,7 +1535,9 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
 		/* overflow ? */
 		if (end < start_vaddr || end > end_vaddr)
 			end = end_vaddr;
-		down_read(&mm->mmap_sem);
+		ret = down_read_killable(&mm->mmap_sem);
+		if (ret)
+			goto out_free;
 		ret = walk_page_range(start_vaddr, end, &pagemap_walk);
 		up_read(&mm->mmap_sem);
 		start_vaddr = end;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 091/113] proc: use down_read_killable mmap_sem for /proc/pid/clear_refs
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (89 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 090/113] proc: use down_read_killable mmap_sem for /proc/pid/pagemap Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:22 ` [PATCH 4.19 092/113] proc: use down_read_killable mmap_sem for /proc/pid/map_files Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov,
	Roman Gushchin, Cyrill Gorcunov, Kirill Tkhai, Michal Hocko,
	Alexey Dobriyan, Al Viro, Matthew Wilcox, Michal Koutný,
	Oleg Nesterov, Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit c46038017fbdcac627b670c9d4176f1d0c2f5fa3 ]

Do not remain stuck forever if something goes wrong.  Using a killable
lock permits cleanup of stuck tasks and simplifies investigation.

Replace the only unkillable mmap_sem lock in clear_refs_write().

Link: http://lkml.kernel.org/r/156007493826.3335.5424884725467456239.stgit@buzz
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Reviewed-by: Roman Gushchin <guro@fb.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michal Koutný <mkoutny@suse.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/proc/task_mmu.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 74965e17ffd5..195fbbaf77d4 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -1131,7 +1131,10 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf,
 			goto out_mm;
 		}
 
-		down_read(&mm->mmap_sem);
+		if (down_read_killable(&mm->mmap_sem)) {
+			count = -EINTR;
+			goto out_mm;
+		}
 		tlb_gather_mmu(&tlb, mm, 0, -1);
 		if (type == CLEAR_REFS_SOFT_DIRTY) {
 			for (vma = mm->mmap; vma; vma = vma->vm_next) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 092/113] proc: use down_read_killable mmap_sem for /proc/pid/map_files
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (90 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 091/113] proc: use down_read_killable mmap_sem for /proc/pid/clear_refs Greg Kroah-Hartman
@ 2019-07-29 19:22 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 093/113] cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:22 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov,
	Roman Gushchin, Cyrill Gorcunov, Kirill Tkhai, Michal Hocko,
	Alexey Dobriyan, Al Viro, Matthew Wilcox, Michal Koutný,
	Oleg Nesterov, Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit cd9e2bb8271c971d9f37c722be2616c7f8ba0664 ]

Do not remain stuck forever if something goes wrong.  Using a killable
lock permits cleanup of stuck tasks and simplifies investigation.

It seems ->d_revalidate() could return any error (except ECHILD) to abort
validation and pass error as result of lookup sequence.

[akpm@linux-foundation.org: fix proc_map_files_lookup() return value, per Andrei]
Link: http://lkml.kernel.org/r/156007493995.3335.9595044802115356911.stgit@buzz
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Reviewed-by: Roman Gushchin <guro@fb.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michal Koutný <mkoutny@suse.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/proc/base.c | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index f999e8bd3771..a7fbda72afeb 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1960,9 +1960,12 @@ static int map_files_d_revalidate(struct dentry *dentry, unsigned int flags)
 		goto out;
 
 	if (!dname_to_vma_addr(dentry, &vm_start, &vm_end)) {
-		down_read(&mm->mmap_sem);
-		exact_vma_exists = !!find_exact_vma(mm, vm_start, vm_end);
-		up_read(&mm->mmap_sem);
+		status = down_read_killable(&mm->mmap_sem);
+		if (!status) {
+			exact_vma_exists = !!find_exact_vma(mm, vm_start,
+							    vm_end);
+			up_read(&mm->mmap_sem);
+		}
 	}
 
 	mmput(mm);
@@ -2008,8 +2011,11 @@ static int map_files_get_link(struct dentry *dentry, struct path *path)
 	if (rc)
 		goto out_mmput;
 
+	rc = down_read_killable(&mm->mmap_sem);
+	if (rc)
+		goto out_mmput;
+
 	rc = -ENOENT;
-	down_read(&mm->mmap_sem);
 	vma = find_exact_vma(mm, vm_start, vm_end);
 	if (vma && vma->vm_file) {
 		*path = vma->vm_file->f_path;
@@ -2105,7 +2111,11 @@ static struct dentry *proc_map_files_lookup(struct inode *dir,
 	if (!mm)
 		goto out_put_task;
 
-	down_read(&mm->mmap_sem);
+	result = ERR_PTR(-EINTR);
+	if (down_read_killable(&mm->mmap_sem))
+		goto out_put_mm;
+
+	result = ERR_PTR(-ENOENT);
 	vma = find_exact_vma(mm, vm_start, vm_end);
 	if (!vma)
 		goto out_no_vma;
@@ -2116,6 +2126,7 @@ static struct dentry *proc_map_files_lookup(struct inode *dir,
 
 out_no_vma:
 	up_read(&mm->mmap_sem);
+out_put_mm:
 	mmput(mm);
 out_put_task:
 	put_task_struct(task);
@@ -2157,7 +2168,12 @@ proc_map_files_readdir(struct file *file, struct dir_context *ctx)
 	mm = get_task_mm(task);
 	if (!mm)
 		goto out_put_task;
-	down_read(&mm->mmap_sem);
+
+	ret = down_read_killable(&mm->mmap_sem);
+	if (ret) {
+		mmput(mm);
+		goto out_put_task;
+	}
 
 	nr_files = 0;
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 093/113] cxgb4: reduce kernel stack usage in cudbg_collect_mem_region()
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (91 preceding siblings ...)
  2019-07-29 19:22 ` [PATCH 4.19 092/113] proc: use down_read_killable mmap_sem for /proc/pid/map_files Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 094/113] proc: use down_read_killable mmap_sem for /proc/pid/maps Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, David S. Miller, Sasha Levin

[ Upstream commit 752c2ea2d8e7c23b0f64e2e7d4337f3604d44c9f ]

The cudbg_collect_mem_region() and cudbg_read_fw_mem() both use several
hundred kilobytes of kernel stack space. One gets inlined into the other,
which causes the stack usage to be combined beyond the warning limit
when building with clang:

drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c:1057:12: error: stack frame size of 1244 bytes in function 'cudbg_collect_mem_region' [-Werror,-Wframe-larger-than=]

Restructuring cudbg_collect_mem_region() lets clang do the same
optimization that gcc does and reuse the stack slots as it can
see that the large variables are never used together.

A better fix might be to avoid using cudbg_meminfo on the stack
altogether, but that requires a larger rewrite.

Fixes: a1c69520f785 ("cxgb4: collect MC memory dump")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../net/ethernet/chelsio/cxgb4/cudbg_lib.c    | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c b/drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c
index d97e0d7e541a..b766362031c3 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c
@@ -1065,14 +1065,12 @@ static void cudbg_t4_fwcache(struct cudbg_init *pdbg_init,
 	}
 }
 
-static int cudbg_collect_mem_region(struct cudbg_init *pdbg_init,
-				    struct cudbg_buffer *dbg_buff,
-				    struct cudbg_error *cudbg_err,
-				    u8 mem_type)
+static unsigned long cudbg_mem_region_size(struct cudbg_init *pdbg_init,
+					   struct cudbg_error *cudbg_err,
+					   u8 mem_type)
 {
 	struct adapter *padap = pdbg_init->adap;
 	struct cudbg_meminfo mem_info;
-	unsigned long size;
 	u8 mc_idx;
 	int rc;
 
@@ -1086,7 +1084,16 @@ static int cudbg_collect_mem_region(struct cudbg_init *pdbg_init,
 	if (rc)
 		return rc;
 
-	size = mem_info.avail[mc_idx].limit - mem_info.avail[mc_idx].base;
+	return mem_info.avail[mc_idx].limit - mem_info.avail[mc_idx].base;
+}
+
+static int cudbg_collect_mem_region(struct cudbg_init *pdbg_init,
+				    struct cudbg_buffer *dbg_buff,
+				    struct cudbg_error *cudbg_err,
+				    u8 mem_type)
+{
+	unsigned long size = cudbg_mem_region_size(pdbg_init, cudbg_err, mem_type);
+
 	return cudbg_read_fw_mem(pdbg_init, dbg_buff, mem_type, size,
 				 cudbg_err);
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 094/113] proc: use down_read_killable mmap_sem for /proc/pid/maps
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (92 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 093/113] cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 095/113] locking/lockdep: Fix lock used or unused stats error Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov,
	Roman Gushchin, Cyrill Gorcunov, Kirill Tkhai, Michal Hocko,
	Alexey Dobriyan, Al Viro, Matthew Wilcox, Michal Koutný,
	Oleg Nesterov, Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit 8a713e7df3352b8d9392476e9cf29e4e185dac32 ]

Do not remain stuck forever if something goes wrong.  Using a killable
lock permits cleanup of stuck tasks and simplifies investigation.

This function is also used for /proc/pid/smaps.

Link: http://lkml.kernel.org/r/156007493160.3335.14447544314127417266.stgit@buzz
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Reviewed-by: Roman Gushchin <guro@fb.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michal Koutný <mkoutny@suse.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/proc/task_mmu.c   | 6 +++++-
 fs/proc/task_nommu.c | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 195fbbaf77d4..71aba44c4fa6 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -166,7 +166,11 @@ static void *m_start(struct seq_file *m, loff_t *ppos)
 	if (!mm || !mmget_not_zero(mm))
 		return NULL;
 
-	down_read(&mm->mmap_sem);
+	if (down_read_killable(&mm->mmap_sem)) {
+		mmput(mm);
+		return ERR_PTR(-EINTR);
+	}
+
 	hold_task_mempolicy(priv);
 	priv->tail_vma = get_gate_vma(mm);
 
diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
index 0b63d68dedb2..5161894a6d62 100644
--- a/fs/proc/task_nommu.c
+++ b/fs/proc/task_nommu.c
@@ -211,7 +211,11 @@ static void *m_start(struct seq_file *m, loff_t *pos)
 	if (!mm || !mmget_not_zero(mm))
 		return NULL;
 
-	down_read(&mm->mmap_sem);
+	if (down_read_killable(&mm->mmap_sem)) {
+		mmput(mm);
+		return ERR_PTR(-EINTR);
+	}
+
 	/* start from the Nth VMA */
 	for (p = rb_first(&mm->mm_rb); p; p = rb_next(p))
 		if (n-- == 0)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 095/113] locking/lockdep: Fix lock used or unused stats error
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (93 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 094/113] proc: use down_read_killable mmap_sem for /proc/pid/maps Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 096/113] mm: use down_read_killable for locking mmap_sem in access_remote_vm Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Qian Cai, Yuyang Du,
	Peter Zijlstra (Intel),
	Andrew Morton, Linus Torvalds, Paul E. McKenney, Thomas Gleixner,
	Will Deacon, arnd, frederic, Ingo Molnar, Sasha Levin

[ Upstream commit 68d41d8c94a31dfb8233ab90b9baf41a2ed2da68 ]

The stats variable nr_unused_locks is incremented every time a new lock
class is register and decremented when the lock is first used in
__lock_acquire(). And after all, it is shown and checked in lockdep_stats.

However, under configurations that either CONFIG_TRACE_IRQFLAGS or
CONFIG_PROVE_LOCKING is not defined:

The commit:

  091806515124b20 ("locking/lockdep: Consolidate lock usage bit initialization")

missed marking the LOCK_USED flag at IRQ usage initialization because
as mark_usage() is not called. And the commit:

  886532aee3cd42d ("locking/lockdep: Move mark_lock() inside CONFIG_TRACE_IRQFLAGS && CONFIG_PROVE_LOCKING")

further made mark_lock() not defined such that the LOCK_USED cannot be
marked at all when the lock is first acquired.

As a result, we fix this by not showing and checking the stats under such
configurations for lockdep_stats.

Reported-by: Qian Cai <cai@lca.pw>
Signed-off-by: Yuyang Du <duyuyang@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: arnd@arndb.de
Cc: frederic@kernel.org
Link: https://lkml.kernel.org/r/20190709101522.9117-1-duyuyang@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/locking/lockdep_proc.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/locking/lockdep_proc.c b/kernel/locking/lockdep_proc.c
index 3dd980dfba2d..6cf288eef670 100644
--- a/kernel/locking/lockdep_proc.c
+++ b/kernel/locking/lockdep_proc.c
@@ -210,6 +210,7 @@ static int lockdep_stats_show(struct seq_file *m, void *v)
 		      nr_hardirq_read_safe = 0, nr_hardirq_read_unsafe = 0,
 		      sum_forward_deps = 0;
 
+#ifdef CONFIG_PROVE_LOCKING
 	list_for_each_entry(class, &all_lock_classes, lock_entry) {
 
 		if (class->usage_mask == 0)
@@ -241,12 +242,12 @@ static int lockdep_stats_show(struct seq_file *m, void *v)
 		if (class->usage_mask & LOCKF_ENABLED_HARDIRQ_READ)
 			nr_hardirq_read_unsafe++;
 
-#ifdef CONFIG_PROVE_LOCKING
 		sum_forward_deps += lockdep_count_forward_deps(class);
-#endif
 	}
 #ifdef CONFIG_DEBUG_LOCKDEP
 	DEBUG_LOCKS_WARN_ON(debug_atomic_read(nr_unused_locks) != nr_unused);
+#endif
+
 #endif
 	seq_printf(m, " lock-classes:                  %11lu [max: %lu]\n",
 			nr_lock_classes, MAX_LOCKDEP_KEYS);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 096/113] mm: use down_read_killable for locking mmap_sem in access_remote_vm
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (94 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 095/113] locking/lockdep: Fix lock used or unused stats error Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 097/113] locking/lockdep: Hide unused class variable Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov,
	Michal Koutný,
	Oleg Nesterov, Michal Hocko, Alexey Dobriyan, Matthew Wilcox,
	Cyrill Gorcunov, Kirill Tkhai, Al Viro, Roman Gushchin,
	Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit 1e426fe28261b03f297992e89da3320b42816f4e ]

This function is used by ptrace and proc files like /proc/pid/cmdline and
/proc/pid/environ.

Access_remote_vm never returns error codes, all errors are ignored and
only size of successfully read data is returned.  So, if current task was
killed we'll simply return 0 (bytes read).

Mmap_sem could be locked for a long time or forever if something goes
wrong.  Using a killable lock permits cleanup of stuck tasks and
simplifies investigation.

Link: http://lkml.kernel.org/r/156007494202.3335.16782303099589302087.stgit@buzz
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Cyrill Gorcunov <gorcunov@gmail.com>
Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Roman Gushchin <guro@fb.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/memory.c | 4 +++-
 mm/nommu.c  | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/mm/memory.c b/mm/memory.c
index e0010cb870e0..fb5655b518c9 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -4491,7 +4491,9 @@ int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
 	void *old_buf = buf;
 	int write = gup_flags & FOLL_WRITE;
 
-	down_read(&mm->mmap_sem);
+	if (down_read_killable(&mm->mmap_sem))
+		return 0;
+
 	/* ignore errors, just check how much was successfully transferred */
 	while (len) {
 		int bytes, ret, offset;
diff --git a/mm/nommu.c b/mm/nommu.c
index e4aac33216ae..1d63ecfc98c5 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -1779,7 +1779,8 @@ int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
 	struct vm_area_struct *vma;
 	int write = gup_flags & FOLL_WRITE;
 
-	down_read(&mm->mmap_sem);
+	if (down_read_killable(&mm->mmap_sem))
+		return 0;
 
 	/* the access must start within one of the target process's mappings */
 	vma = find_vma(mm, addr);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 097/113] locking/lockdep: Hide unused class variable
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (95 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 096/113] mm: use down_read_killable for locking mmap_sem in access_remote_vm Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 098/113] usb: wusbcore: fix unbalanced get/put cluster_id Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Peter Zijlstra (Intel),
	Andrew Morton, Bart Van Assche, Linus Torvalds, Paul E. McKenney,
	Qian Cai, Thomas Gleixner, Waiman Long, Will Deacon, Will Deacon,
	Yuyang Du, frederic, Ingo Molnar, Sasha Levin

[ Upstream commit 68037aa78208f34bda4e5cd76c357f718b838cbb ]

The usage is now hidden in an #ifdef, so we need to move
the variable itself in there as well to avoid this warning:

  kernel/locking/lockdep_proc.c:203:21: error: unused variable 'class' [-Werror,-Wunused-variable]

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Qian Cai <cai@lca.pw>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Waiman Long <longman@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Yuyang Du <duyuyang@gmail.com>
Cc: frederic@kernel.org
Fixes: 68d41d8c94a3 ("locking/lockdep: Fix lock used or unused stats error")
Link: https://lkml.kernel.org/r/20190715092809.736834-1-arnd@arndb.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/locking/lockdep_proc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/locking/lockdep_proc.c b/kernel/locking/lockdep_proc.c
index 6cf288eef670..6fcc4650f0c4 100644
--- a/kernel/locking/lockdep_proc.c
+++ b/kernel/locking/lockdep_proc.c
@@ -200,7 +200,6 @@ static void lockdep_stats_debug_show(struct seq_file *m)
 
 static int lockdep_stats_show(struct seq_file *m, void *v)
 {
-	struct lock_class *class;
 	unsigned long nr_unused = 0, nr_uncategorized = 0,
 		      nr_irq_safe = 0, nr_irq_unsafe = 0,
 		      nr_softirq_safe = 0, nr_softirq_unsafe = 0,
@@ -211,6 +210,8 @@ static int lockdep_stats_show(struct seq_file *m, void *v)
 		      sum_forward_deps = 0;
 
 #ifdef CONFIG_PROVE_LOCKING
+	struct lock_class *class;
+
 	list_for_each_entry(class, &all_lock_classes, lock_entry) {
 
 		if (class->usage_mask == 0)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 098/113] usb: wusbcore: fix unbalanced get/put cluster_id
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (96 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 097/113] locking/lockdep: Hide unused class variable Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 099/113] usb: pci-quirks: Correct AMD PLL quirk detection Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+fd2bd7df88c606eea4ef, Phong Tran

From: Phong Tran <tranmanphong@gmail.com>

commit f90bf1ece48a736097ea224430578fe586a9544c upstream.

syzboot reported that
https://syzkaller.appspot.com/bug?extid=fd2bd7df88c606eea4ef

There is not consitency parameter in cluste_id_get/put calling.
In case of getting the id with result is failure, the wusbhc->cluster_id
will not be updated and this can not be used for wusb_cluster_id_put().

Tested report
https://groups.google.com/d/msg/syzkaller-bugs/0znZopp3-9k/oxOrhLkLEgAJ

Reproduce and gdb got the details:

139		addr = wusb_cluster_id_get();
(gdb) n
140		if (addr == 0)
(gdb) print addr
$1 = 254 '\376'
(gdb) n
142		result = __hwahc_set_cluster_id(hwahc, addr);
(gdb) print result
$2 = -71
(gdb) break wusb_cluster_id_put
Breakpoint 3 at 0xffffffff836e3f20: file drivers/usb/wusbcore/wusbhc.c, line 384.
(gdb) s
Thread 2 hit Breakpoint 3, wusb_cluster_id_put (id=0 '\000') at drivers/usb/wusbcore/wusbhc.c:384
384		id = 0xff - id;
(gdb) n
385		BUG_ON(id >= CLUSTER_IDS);
(gdb) print id
$3 = 255 '\377'

Reported-by: syzbot+fd2bd7df88c606eea4ef@syzkaller.appspotmail.com
Signed-off-by: Phong Tran <tranmanphong@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20190724020601.15257-1-tranmanphong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/host/hwa-hc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/host/hwa-hc.c
+++ b/drivers/usb/host/hwa-hc.c
@@ -159,7 +159,7 @@ out:
 	return result;
 
 error_set_cluster_id:
-	wusb_cluster_id_put(wusbhc->cluster_id);
+	wusb_cluster_id_put(addr);
 error_cluster_id_get:
 	goto out;
 



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 099/113] usb: pci-quirks: Correct AMD PLL quirk detection
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (97 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 098/113] usb: wusbcore: fix unbalanced get/put cluster_id Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 100/113] btrfs: inode: Dont compress if NODATASUM or NODATACOW set Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ryan Kennedy, Alan Stern

From: Ryan Kennedy <ryan5544@gmail.com>

commit f3dccdaade4118070a3a47bef6b18321431f9ac6 upstream.

The AMD PLL USB quirk is incorrectly enabled on newer Ryzen
chipsets. The logic in usb_amd_find_chipset_info currently checks
for unaffected chipsets rather than affected ones. This broke
once a new chipset was added in e788787ef. It makes more sense
to reverse the logic so it won't need to be updated as new
chipsets are added. Note that the core of the workaround in
usb_amd_quirk_pll does correctly check the chipset.

Signed-off-by: Ryan Kennedy <ryan5544@gmail.com>
Fixes: e788787ef4f9 ("usb:xhci:Add quirk for Certain failing HP keyboard on reset after resume")
Cc: stable <stable@vger.kernel.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20190704153529.9429-2-ryan5544@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/host/pci-quirks.c |   31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

--- a/drivers/usb/host/pci-quirks.c
+++ b/drivers/usb/host/pci-quirks.c
@@ -205,7 +205,7 @@ int usb_amd_find_chipset_info(void)
 {
 	unsigned long flags;
 	struct amd_chipset_info info;
-	int ret;
+	int need_pll_quirk = 0;
 
 	spin_lock_irqsave(&amd_lock, flags);
 
@@ -219,21 +219,28 @@ int usb_amd_find_chipset_info(void)
 	spin_unlock_irqrestore(&amd_lock, flags);
 
 	if (!amd_chipset_sb_type_init(&info)) {
-		ret = 0;
 		goto commit;
 	}
 
-	/* Below chipset generations needn't enable AMD PLL quirk */
-	if (info.sb_type.gen == AMD_CHIPSET_UNKNOWN ||
-			info.sb_type.gen == AMD_CHIPSET_SB600 ||
-			info.sb_type.gen == AMD_CHIPSET_YANGTZE ||
-			(info.sb_type.gen == AMD_CHIPSET_SB700 &&
-			info.sb_type.rev > 0x3b)) {
+	switch (info.sb_type.gen) {
+	case AMD_CHIPSET_SB700:
+		need_pll_quirk = info.sb_type.rev <= 0x3B;
+		break;
+	case AMD_CHIPSET_SB800:
+	case AMD_CHIPSET_HUDSON2:
+	case AMD_CHIPSET_BOLTON:
+		need_pll_quirk = 1;
+		break;
+	default:
+		need_pll_quirk = 0;
+		break;
+	}
+
+	if (!need_pll_quirk) {
 		if (info.smbus_dev) {
 			pci_dev_put(info.smbus_dev);
 			info.smbus_dev = NULL;
 		}
-		ret = 0;
 		goto commit;
 	}
 
@@ -252,7 +259,7 @@ int usb_amd_find_chipset_info(void)
 		}
 	}
 
-	ret = info.probe_result = 1;
+	need_pll_quirk = info.probe_result = 1;
 	printk(KERN_DEBUG "QUIRK: Enable AMD PLL fix\n");
 
 commit:
@@ -263,7 +270,7 @@ commit:
 
 		/* Mark that we where here */
 		amd_chipset.probe_count++;
-		ret = amd_chipset.probe_result;
+		need_pll_quirk = amd_chipset.probe_result;
 
 		spin_unlock_irqrestore(&amd_lock, flags);
 
@@ -277,7 +284,7 @@ commit:
 		spin_unlock_irqrestore(&amd_lock, flags);
 	}
 
-	return ret;
+	return need_pll_quirk;
 }
 EXPORT_SYMBOL_GPL(usb_amd_find_chipset_info);
 



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 100/113] btrfs: inode: Dont compress if NODATASUM or NODATACOW set
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (98 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 099/113] usb: pci-quirks: Correct AMD PLL quirk detection Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 101/113] x86/sysfb_efi: Add quirks for some devices with swapped width and height Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Harvey, Qu Wenruo, David Sterba

From: Qu Wenruo <wqu@suse.com>

commit 42c16da6d684391db83788eb680accd84f6c2083 upstream.

As btrfs(5) specified:

	Note
	If nodatacow or nodatasum are enabled, compression is disabled.

If NODATASUM or NODATACOW set, we should not compress the extent.

Normally NODATACOW is detected properly in run_delalloc_range() so
compression won't happen for NODATACOW.

However for NODATASUM we don't have any check, and it can cause
compressed extent without csum pretty easily, just by:
  mkfs.btrfs -f $dev
  mount $dev $mnt -o nodatasum
  touch $mnt/foobar
  mount -o remount,datasum,compress $mnt
  xfs_io -f -c "pwrite 0 128K" $mnt/foobar

And in fact, we have a bug report about corrupted compressed extent
without proper data checksum so even RAID1 can't recover the corruption.
(https://bugzilla.kernel.org/show_bug.cgi?id=199707)

Running compression without proper checksum could cause more damage when
corruption happens, as compressed data could make the whole extent
unreadable, so there is no need to allow compression for
NODATACSUM.

The fix will refactor the inode compression check into two parts:

- inode_can_compress()
  As the hard requirement, checked at btrfs_run_delalloc_range(), so no
  compression will happen for NODATASUM inode at all.

- inode_need_compress()
  As the soft requirement, checked at btrfs_run_delalloc_range() and
  compress_file_range().

Reported-by: James Harvey <jamespharvey20@gmail.com>
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/btrfs/inode.c |   24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -388,10 +388,31 @@ static noinline int add_async_extent(str
 	return 0;
 }
 
+/*
+ * Check if the inode has flags compatible with compression
+ */
+static inline bool inode_can_compress(struct inode *inode)
+{
+	if (BTRFS_I(inode)->flags & BTRFS_INODE_NODATACOW ||
+	    BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)
+		return false;
+	return true;
+}
+
+/*
+ * Check if the inode needs to be submitted to compression, based on mount
+ * options, defragmentation, properties or heuristics.
+ */
 static inline int inode_need_compress(struct inode *inode, u64 start, u64 end)
 {
 	struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb);
 
+	if (!inode_can_compress(inode)) {
+		WARN(IS_ENABLED(CONFIG_BTRFS_DEBUG),
+			KERN_ERR "BTRFS: unexpected compression for ino %llu\n",
+			btrfs_ino(BTRFS_I(inode)));
+		return 0;
+	}
 	/* force compress */
 	if (btrfs_test_opt(fs_info, FORCE_COMPRESS))
 		return 1;
@@ -1596,7 +1617,8 @@ static int run_delalloc_range(void *priv
 	} else if (BTRFS_I(inode)->flags & BTRFS_INODE_PREALLOC && !force_cow) {
 		ret = run_delalloc_nocow(inode, locked_page, start, end,
 					 page_started, 0, nr_written);
-	} else if (!inode_need_compress(inode, start, end)) {
+	} else if (!inode_can_compress(inode) ||
+		   !inode_need_compress(inode, start, end)) {
 		ret = cow_file_range(inode, locked_page, start, end, end,
 				      page_started, nr_written, 1, NULL);
 	} else {



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 101/113] x86/sysfb_efi: Add quirks for some devices with swapped width and height
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (99 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 100/113] btrfs: inode: Dont compress if NODATASUM or NODATACOW set Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 102/113] x86/speculation/mds: Apply more accurate check on hypervisor platform Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Thomas Gleixner

From: Hans de Goede <hdegoede@redhat.com>

commit d02f1aa39189e0619c3525d5cd03254e61bf606a upstream.

Some Lenovo 2-in-1s with a detachable keyboard have a portrait screen but
advertise a landscape resolution and pitch, resulting in a messed up
display if the kernel tries to show anything on the efifb (because of the
wrong pitch).

Fix this by adding a new DMI match table for devices which need to have
their width and height swapped.

At first it was tried to use the existing table for overriding some of the
efifb parameters, but some of the affected devices have variants with
different LCD resolutions which will not work with hardcoded override
values.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1730783
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20190721152418.11644-1-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/sysfb_efi.c |   46 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

--- a/arch/x86/kernel/sysfb_efi.c
+++ b/arch/x86/kernel/sysfb_efi.c
@@ -231,9 +231,55 @@ static const struct dmi_system_id efifb_
 	{},
 };
 
+/*
+ * Some devices have a portrait LCD but advertise a landscape resolution (and
+ * pitch). We simply swap width and height for these devices so that we can
+ * correctly deal with some of them coming with multiple resolutions.
+ */
+static const struct dmi_system_id efifb_dmi_swap_width_height[] __initconst = {
+	{
+		/*
+		 * Lenovo MIIX310-10ICR, only some batches have the troublesome
+		 * 800x1280 portrait screen. Luckily the portrait version has
+		 * its own BIOS version, so we match on that.
+		 */
+		.matches = {
+			DMI_EXACT_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+			DMI_EXACT_MATCH(DMI_PRODUCT_VERSION, "MIIX 310-10ICR"),
+			DMI_EXACT_MATCH(DMI_BIOS_VERSION, "1HCN44WW"),
+		},
+	},
+	{
+		/* Lenovo MIIX 320-10ICR with 800x1280 portrait screen */
+		.matches = {
+			DMI_EXACT_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+			DMI_EXACT_MATCH(DMI_PRODUCT_VERSION,
+					"Lenovo MIIX 320-10ICR"),
+		},
+	},
+	{
+		/* Lenovo D330 with 800x1280 or 1200x1920 portrait screen */
+		.matches = {
+			DMI_EXACT_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+			DMI_EXACT_MATCH(DMI_PRODUCT_VERSION,
+					"Lenovo ideapad D330-10IGM"),
+		},
+	},
+	{},
+};
+
 __init void sysfb_apply_efi_quirks(void)
 {
 	if (screen_info.orig_video_isVGA != VIDEO_TYPE_EFI ||
 	    !(screen_info.capabilities & VIDEO_CAPABILITY_SKIP_QUIRKS))
 		dmi_check_system(efifb_dmi_system_table);
+
+	if (screen_info.orig_video_isVGA == VIDEO_TYPE_EFI &&
+	    dmi_check_system(efifb_dmi_swap_width_height)) {
+		u16 temp = screen_info.lfb_width;
+
+		screen_info.lfb_width = screen_info.lfb_height;
+		screen_info.lfb_height = temp;
+		screen_info.lfb_linelength = 4 * screen_info.lfb_width;
+	}
 }



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 102/113] x86/speculation/mds: Apply more accurate check on hypervisor platform
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (100 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 101/113] x86/sysfb_efi: Add quirks for some devices with swapped width and height Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 103/113] binder: prevent transactions to context manager from its own process Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhenzhong Duan, Thomas Gleixner

From: Zhenzhong Duan <zhenzhong.duan@oracle.com>

commit 517c3ba00916383af6411aec99442c307c23f684 upstream.

X86_HYPER_NATIVE isn't accurate for checking if running on native platform,
e.g. CONFIG_HYPERVISOR_GUEST isn't set or "nopv" is enabled.

Checking the CPU feature bit X86_FEATURE_HYPERVISOR to determine if it's
running on native platform is more accurate.

This still doesn't cover the platforms on which X86_FEATURE_HYPERVISOR is
unsupported, e.g. VMware, but there is nothing which can be done about this
scenario.

Fixes: 8a4b06d391b0 ("x86/speculation/mds: Add sysfs reporting for MDS")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/1564022349-17338-1-git-send-email-zhenzhong.duan@oracle.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/cpu/bugs.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1196,7 +1196,7 @@ static ssize_t l1tf_show_state(char *buf
 
 static ssize_t mds_show_state(char *buf)
 {
-	if (!hypervisor_is_type(X86_HYPER_NATIVE)) {
+	if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
 		return sprintf(buf, "%s; SMT Host state unknown\n",
 			       mds_strings[mds_mitigation]);
 	}



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 103/113] binder: prevent transactions to context manager from its own process.
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (101 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 102/113] x86/speculation/mds: Apply more accurate check on hypervisor platform Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 104/113] fpga-manager: altera-ps-spi: Fix build error Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+8b3c354d33c4ac78bfad,
	Hridya Valsaraju, Todd Kjos

From: Hridya Valsaraju <hridya@google.com>

commit 49ed96943a8e0c62cc5a9b0a6cfc88be87d1fcec upstream.

Currently, a transaction to context manager from its own process
is prevented by checking if its binder_proc struct is the same as
that of the sender. However, this would not catch cases where the
process opens the binder device again and uses the new fd to send
a transaction to the context manager.

Reported-by: syzbot+8b3c354d33c4ac78bfad@syzkaller.appspotmail.com
Signed-off-by: Hridya Valsaraju <hridya@google.com>
Acked-by: Todd Kjos <tkjos@google.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20190715191804.112933-1-hridya@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/android/binder.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2838,7 +2838,7 @@ static void binder_transaction(struct bi
 			else
 				return_error = BR_DEAD_REPLY;
 			mutex_unlock(&context->context_mgr_node_lock);
-			if (target_node && target_proc == proc) {
+			if (target_node && target_proc->pid == proc->pid) {
 				binder_user_error("%d:%d got transaction to context manager from process owning it\n",
 						  proc->pid, thread->pid);
 				return_error = BR_FAILED_REPLY;



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 104/113] fpga-manager: altera-ps-spi: Fix build error
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (102 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 103/113] binder: prevent transactions to context manager from its own process Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 105/113] mei: me: add mule creek canyon (EHL) device ids Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hulk Robot, YueHaibing, Moritz Fischer

From: YueHaibing <yuehaibing@huawei.com>

commit 3d139703d397f6281368047ba7ad1c8bf95aa8ab upstream.

If BITREVERSE is m and FPGA_MGR_ALTERA_PS_SPI is y,
build fails:

drivers/fpga/altera-ps-spi.o: In function `altera_ps_write':
altera-ps-spi.c:(.text+0x4ec): undefined reference to `byte_rev_table'

Select BITREVERSE to fix this.

Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: fcfe18f885f6 ("fpga-manager: altera-ps-spi: use bitrev8x4")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Cc: stable <stable@vger.kernel.org>
Acked-by: Moritz Fischer <mdf@kernel.org>
Link: https://lore.kernel.org/r/20190708071356.50928-1-yuehaibing@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/fpga/Kconfig |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/fpga/Kconfig
+++ b/drivers/fpga/Kconfig
@@ -39,6 +39,7 @@ config ALTERA_PR_IP_CORE_PLAT
 config FPGA_MGR_ALTERA_PS_SPI
 	tristate "Altera FPGA Passive Serial over SPI"
 	depends on SPI
+	select BITREVERSE
 	help
 	  FPGA manager driver support for Altera Arria/Cyclone/Stratix
 	  using the passive serial interface over SPI.



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 105/113] mei: me: add mule creek canyon (EHL) device ids
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (103 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 104/113] fpga-manager: altera-ps-spi: Fix build error Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 106/113] hpet: Fix division by zero in hpet_time_div() Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Usyskin, Tomas Winkler

From: Alexander Usyskin <alexander.usyskin@intel.com>

commit 1be8624a0cbef720e8da39a15971e01abffc865b upstream.

Add Mule Creek Canyon (PCH) MEI device ids for Elkhart Lake (EHL) Platform.

Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20190712095814.20746-1-tomas.winkler@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/misc/mei/hw-me-regs.h |    3 +++
 drivers/misc/mei/pci-me.c     |    3 +++
 2 files changed, 6 insertions(+)

--- a/drivers/misc/mei/hw-me-regs.h
+++ b/drivers/misc/mei/hw-me-regs.h
@@ -141,6 +141,9 @@
 
 #define MEI_DEV_ID_ICP_LP     0x34E0  /* Ice Lake Point LP */
 
+#define MEI_DEV_ID_MCC        0x4B70  /* Mule Creek Canyon (EHL) */
+#define MEI_DEV_ID_MCC_4      0x4B75  /* Mule Creek Canyon 4 (EHL) */
+
 /*
  * MEI HW Section
  */
--- a/drivers/misc/mei/pci-me.c
+++ b/drivers/misc/mei/pci-me.c
@@ -107,6 +107,9 @@ static const struct pci_device_id mei_me
 
 	{MEI_PCI_DEVICE(MEI_DEV_ID_ICP_LP, MEI_ME_PCH12_CFG)},
 
+	{MEI_PCI_DEVICE(MEI_DEV_ID_MCC, MEI_ME_PCH12_CFG)},
+	{MEI_PCI_DEVICE(MEI_DEV_ID_MCC_4, MEI_ME_PCH8_CFG)},
+
 	/* required last entry */
 	{0, }
 };



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 106/113] hpet: Fix division by zero in hpet_time_div()
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (104 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 105/113] mei: me: add mule creek canyon (EHL) device ids Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 107/113] ALSA: ac97: Fix double free of ac97_codec_device Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kefeng Wang, Zhang HongJun, Arnd Bergmann

From: Kefeng Wang <wangkefeng.wang@huawei.com>

commit 0c7d37f4d9b8446956e97b7c5e61173cdb7c8522 upstream.

The base value in do_div() called by hpet_time_div() is truncated from
unsigned long to uint32_t, resulting in a divide-by-zero exception.

UBSAN: Undefined behaviour in ../drivers/char/hpet.c:572:2
division by zero
CPU: 1 PID: 23682 Comm: syz-executor.3 Not tainted 4.4.184.x86_64+ #4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
 0000000000000000 b573382df1853d00 ffff8800a3287b98 ffffffff81ad7561
 ffff8800a3287c00 ffffffff838b35b0 ffffffff838b3860 ffff8800a3287c20
 0000000000000000 ffff8800a3287bb0 ffffffff81b8f25e ffffffff838b35a0
Call Trace:
 [<ffffffff81ad7561>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81ad7561>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff81b8f25e>] ubsan_epilogue+0x12/0x8d lib/ubsan.c:166
 [<ffffffff81b900cb>] __ubsan_handle_divrem_overflow+0x282/0x2c8 lib/ubsan.c:262
 [<ffffffff823560dd>] hpet_time_div drivers/char/hpet.c:572 [inline]
 [<ffffffff823560dd>] hpet_ioctl_common drivers/char/hpet.c:663 [inline]
 [<ffffffff823560dd>] hpet_ioctl_common.cold+0xa8/0xad drivers/char/hpet.c:577
 [<ffffffff81e63d56>] hpet_ioctl+0xc6/0x180 drivers/char/hpet.c:676
 [<ffffffff81711590>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff81711590>] file_ioctl fs/ioctl.c:470 [inline]
 [<ffffffff81711590>] do_vfs_ioctl+0x6e0/0xf70 fs/ioctl.c:605
 [<ffffffff81711eb4>] SYSC_ioctl fs/ioctl.c:622 [inline]
 [<ffffffff81711eb4>] SyS_ioctl+0x94/0xc0 fs/ioctl.c:613
 [<ffffffff82846003>] tracesys_phase2+0x90/0x95

The main C reproducer autogenerated by syzkaller,

  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  memcpy((void*)0x20000100, "/dev/hpet\000", 10);
  syscall(__NR_openat, 0xffffffffffffff9c, 0x20000100, 0, 0);
  syscall(__NR_ioctl, r[0], 0x40086806, 0x40000000000000);

Fix it by using div64_ul().

Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Zhang HongJun <zhanghongjun2@huawei.com>
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20190711132757.130092-1-wangkefeng.wang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/char/hpet.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/char/hpet.c
+++ b/drivers/char/hpet.c
@@ -570,8 +570,7 @@ static inline unsigned long hpet_time_di
 	unsigned long long m;
 
 	m = hpets->hp_tick_freq + (dis >> 1);
-	do_div(m, dis);
-	return (unsigned long)m;
+	return div64_ul(m, dis);
 }
 
 static int



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 107/113] ALSA: ac97: Fix double free of ac97_codec_device
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (105 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 106/113] hpet: Fix division by zero in hpet_time_div() Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 108/113] ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ding Xiang, Takashi Iwai

From: Ding Xiang <dingxiang@cmss.chinamobile.com>

commit 607975b30db41aad6edc846ed567191aa6b7d893 upstream.

put_device will call ac97_codec_release to free
ac97_codec_device and other resources, so remove the kfree
and other redundant code.

Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus")
Signed-off-by: Ding Xiang <dingxiang@cmss.chinamobile.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/ac97/bus.c |   13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

--- a/sound/ac97/bus.c
+++ b/sound/ac97/bus.c
@@ -125,17 +125,12 @@ static int ac97_codec_add(struct ac97_co
 						      vendor_id);
 
 	ret = device_add(&codec->dev);
-	if (ret)
-		goto err_free_codec;
+	if (ret) {
+		put_device(&codec->dev);
+		return ret;
+	}
 
 	return 0;
-err_free_codec:
-	of_node_put(codec->dev.of_node);
-	put_device(&codec->dev);
-	kfree(codec);
-	ac97_ctrl->codecs[idx] = NULL;
-
-	return ret;
 }
 
 unsigned int snd_ac97_bus_scan_one(struct ac97_controller *adrv,



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 108/113] ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (106 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 107/113] ALSA: ac97: Fix double free of ac97_codec_device Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 109/113] ALSA: hda - Add a conexant codec entry to let mute led work Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Takashi Iwai

From: Kai-Heng Feng <kai.heng.feng@canonical.com>

commit 70256b42caaf3e13c2932c2be7903a73fbe8bb8b upstream.

Commit 7b9584fa1c0b ("staging: line6: Move altsetting to properties")
set a wrong altsetting for LINE6_PODHD500_1 during refactoring.

Set the correct altsetting number to fix the issue.

BugLink: https://bugs.launchpad.net/bugs/1790595
Fixes: 7b9584fa1c0b ("staging: line6: Move altsetting to properties")
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/usb/line6/podhd.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/sound/usb/line6/podhd.c
+++ b/sound/usb/line6/podhd.c
@@ -417,7 +417,7 @@ static const struct line6_properties pod
 		.name = "POD HD500",
 		.capabilities	= LINE6_CAP_PCM
 				| LINE6_CAP_HWMON,
-		.altsetting = 1,
+		.altsetting = 0,
 		.ep_ctrl_r = 0x81,
 		.ep_ctrl_w = 0x01,
 		.ep_audio_r = 0x86,



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 109/113] ALSA: hda - Add a conexant codec entry to let mute led work
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (107 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 108/113] ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 110/113] powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hui Wang, Takashi Iwai

From: Hui Wang <hui.wang@canonical.com>

commit 3f8809499bf02ef7874254c5e23fc764a47a21a0 upstream.

This conexant codec isn't in the supported codec list yet, the hda
generic driver can drive this codec well, but on a Lenovo machine
with mute/mic-mute leds, we need to apply CXT_FIXUP_THINKPAD_ACPI
to make the leds work. After adding this codec to the list, the
driver patch_conexant.c will apply THINKPAD_ACPI to this machine.

Cc: stable@vger.kernel.org
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/pci/hda/patch_conexant.c |    1 +
 1 file changed, 1 insertion(+)

--- a/sound/pci/hda/patch_conexant.c
+++ b/sound/pci/hda/patch_conexant.c
@@ -1096,6 +1096,7 @@ static int patch_conexant_auto(struct hd
  */
 
 static const struct hda_device_id snd_hda_id_conexant[] = {
+	HDA_CODEC_ENTRY(0x14f11f86, "CX8070", patch_conexant_auto),
 	HDA_CODEC_ENTRY(0x14f12008, "CX8200", patch_conexant_auto),
 	HDA_CODEC_ENTRY(0x14f15045, "CX20549 (Venice)", patch_conexant_auto),
 	HDA_CODEC_ENTRY(0x14f15047, "CX20551 (Waikiki)", patch_conexant_auto),



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 110/113] powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask()
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (108 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 109/113] ALSA: hda - Add a conexant codec entry to let mute led work Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 111/113] powerpc/tm: Fix oops on sigreturn on systems without TM Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Indira P. Joga, Gautham R. Shenoy,
	Michael Ellerman

From: Gautham R. Shenoy <ego@linux.vnet.ibm.com>

commit 4d202c8c8ed3822327285747db1765967110b274 upstream.

xive_find_target_in_mask() has the following for(;;) loop which has a
bug when @first == cpumask_first(@mask) and condition 1 fails to hold
for every CPU in @mask. In this case we loop forever in the for-loop.

  first = cpu;
  for (;;) {
  	  if (cpu_online(cpu) && xive_try_pick_target(cpu)) // condition 1
		  return cpu;
	  cpu = cpumask_next(cpu, mask);
	  if (cpu == first) // condition 2
		  break;

	  if (cpu >= nr_cpu_ids) // condition 3
		  cpu = cpumask_first(mask);
  }

This is because, when @first == cpumask_first(@mask), we never hit the
condition 2 (cpu == first) since prior to this check, we would have
executed "cpu = cpumask_next(cpu, mask)" which will set the value of
@cpu to a value greater than @first or to nr_cpus_ids. When this is
coupled with the fact that condition 1 is not met, we will never exit
this loop.

This was discovered by the hard-lockup detector while running LTP test
concurrently with SMT switch tests.

 watchdog: CPU 12 detected hard LOCKUP on other CPUs 68
 watchdog: CPU 12 TB:85587019220796, last SMP heartbeat TB:85578827223399 (15999ms ago)
 watchdog: CPU 68 Hard LOCKUP
 watchdog: CPU 68 TB:85587019361273, last heartbeat TB:85576815065016 (19930ms ago)
 CPU: 68 PID: 45050 Comm: hxediag Kdump: loaded Not tainted 4.18.0-100.el8.ppc64le #1
 NIP:  c0000000006f5578 LR: c000000000cba9ec CTR: 0000000000000000
 REGS: c000201fff3c7d80 TRAP: 0100   Not tainted  (4.18.0-100.el8.ppc64le)
 MSR:  9000000002883033 <SF,HV,VEC,VSX,FP,ME,IR,DR,RI,LE>  CR: 24028424  XER: 00000000
 CFAR: c0000000006f558c IRQMASK: 1
 GPR00: c0000000000afc58 c000201c01c43400 c0000000015ce500 c000201cae26ec18
 GPR04: 0000000000000800 0000000000000540 0000000000000800 00000000000000f8
 GPR08: 0000000000000020 00000000000000a8 0000000080000000 c00800001a1beed8
 GPR12: c0000000000b1410 c000201fff7f4c00 0000000000000000 0000000000000000
 GPR16: 0000000000000000 0000000000000000 0000000000000540 0000000000000001
 GPR20: 0000000000000048 0000000010110000 c00800001a1e3780 c000201cae26ed18
 GPR24: 0000000000000000 c000201cae26ed8c 0000000000000001 c000000001116bc0
 GPR28: c000000001601ee8 c000000001602494 c000201cae26ec18 000000000000001f
 NIP [c0000000006f5578] find_next_bit+0x38/0x90
 LR [c000000000cba9ec] cpumask_next+0x2c/0x50
 Call Trace:
 [c000201c01c43400] [c000201cae26ec18] 0xc000201cae26ec18 (unreliable)
 [c000201c01c43420] [c0000000000afc58] xive_find_target_in_mask+0x1b8/0x240
 [c000201c01c43470] [c0000000000b0228] xive_pick_irq_target.isra.3+0x168/0x1f0
 [c000201c01c435c0] [c0000000000b1470] xive_irq_startup+0x60/0x260
 [c000201c01c43640] [c0000000001d8328] __irq_startup+0x58/0xf0
 [c000201c01c43670] [c0000000001d844c] irq_startup+0x8c/0x1a0
 [c000201c01c436b0] [c0000000001d57b0] __setup_irq+0x9f0/0xa90
 [c000201c01c43760] [c0000000001d5aa0] request_threaded_irq+0x140/0x220
 [c000201c01c437d0] [c00800001a17b3d4] bnx2x_nic_load+0x188c/0x3040 [bnx2x]
 [c000201c01c43950] [c00800001a187c44] bnx2x_self_test+0x1fc/0x1f70 [bnx2x]
 [c000201c01c43a90] [c000000000adc748] dev_ethtool+0x11d8/0x2cb0
 [c000201c01c43b60] [c000000000b0b61c] dev_ioctl+0x5ac/0xa50
 [c000201c01c43bf0] [c000000000a8d4ec] sock_do_ioctl+0xbc/0x1b0
 [c000201c01c43c60] [c000000000a8dfb8] sock_ioctl+0x258/0x4f0
 [c000201c01c43d20] [c0000000004c9704] do_vfs_ioctl+0xd4/0xa70
 [c000201c01c43de0] [c0000000004ca274] sys_ioctl+0xc4/0x160
 [c000201c01c43e30] [c00000000000b388] system_call+0x5c/0x70
 Instruction dump:
 78aad182 54a806be 3920ffff 78a50664 794a1f24 7d294036 7d43502a 7d295039
 4182001c 48000034 78a9d182 79291f24 <7d23482a> 2fa90000 409e0020 38a50040

To fix this, move the check for condition 2 after the check for
condition 3, so that we are able to break out of the loop soon after
iterating through all the CPUs in the @mask in the problem case. Use
do..while() to achieve this.

Fixes: 243e25112d06 ("powerpc/xive: Native exploitation of the XIVE interrupt controller")
Cc: stable@vger.kernel.org # v4.12+
Reported-by: Indira P. Joga <indira.priya@in.ibm.com>
Signed-off-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1563359724-13931-1-git-send-email-ego@linux.vnet.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/sysdev/xive/common.c |    7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

--- a/arch/powerpc/sysdev/xive/common.c
+++ b/arch/powerpc/sysdev/xive/common.c
@@ -483,7 +483,7 @@ static int xive_find_target_in_mask(cons
 	 * Now go through the entire mask until we find a valid
 	 * target.
 	 */
-	for (;;) {
+	do {
 		/*
 		 * We re-check online as the fallback case passes us
 		 * an untested affinity mask
@@ -491,12 +491,11 @@ static int xive_find_target_in_mask(cons
 		if (cpu_online(cpu) && xive_try_pick_target(cpu))
 			return cpu;
 		cpu = cpumask_next(cpu, mask);
-		if (cpu == first)
-			break;
 		/* Wrap around */
 		if (cpu >= nr_cpu_ids)
 			cpu = cpumask_first(mask);
-	}
+	} while (cpu != first);
+
 	return -1;
 }
 



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 111/113] powerpc/tm: Fix oops on sigreturn on systems without TM
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (109 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 110/113] powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-29 19:23 ` [PATCH 4.19 112/113] libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Praveen Pandey, Michael Neuling,
	Michael Ellerman

From: Michael Neuling <mikey@neuling.org>

commit f16d80b75a096c52354c6e0a574993f3b0dfbdfe upstream.

On systems like P9 powernv where we have no TM (or P8 booted with
ppc_tm=off), userspace can construct a signal context which still has
the MSR TS bits set. The kernel tries to restore this context which
results in the following crash:

  Unexpected TM Bad Thing exception at c0000000000022fc (msr 0x8000000102a03031) tm_scratch=800000020280f033
  Oops: Unrecoverable exception, sig: 6 [#1]
  LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
  Modules linked in:
  CPU: 0 PID: 1636 Comm: sigfuz Not tainted 5.2.0-11043-g0a8ad0ffa4 #69
  NIP:  c0000000000022fc LR: 00007fffb2d67e48 CTR: 0000000000000000
  REGS: c00000003fffbd70 TRAP: 0700   Not tainted  (5.2.0-11045-g7142b497d8)
  MSR:  8000000102a03031 <SF,VEC,VSX,FP,ME,IR,DR,LE,TM[E]>  CR: 42004242  XER: 00000000
  CFAR: c0000000000022e0 IRQMASK: 0
  GPR00: 0000000000000072 00007fffb2b6e560 00007fffb2d87f00 0000000000000669
  GPR04: 00007fffb2b6e728 0000000000000000 0000000000000000 00007fffb2b6f2a8
  GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  GPR12: 0000000000000000 00007fffb2b76900 0000000000000000 0000000000000000
  GPR16: 00007fffb2370000 00007fffb2d84390 00007fffea3a15ac 000001000a250420
  GPR20: 00007fffb2b6f260 0000000010001770 0000000000000000 0000000000000000
  GPR24: 00007fffb2d843a0 00007fffea3a14a0 0000000000010000 0000000000800000
  GPR28: 00007fffea3a14d8 00000000003d0f00 0000000000000000 00007fffb2b6e728
  NIP [c0000000000022fc] rfi_flush_fallback+0x7c/0x80
  LR [00007fffb2d67e48] 0x7fffb2d67e48
  Call Trace:
  Instruction dump:
  e96a0220 e96a02a8 e96a0330 e96a03b8 394a0400 4200ffdc 7d2903a6 e92d0c00
  e94d0c08 e96d0c10 e82d0c18 7db242a6 <4c000024> 7db243a6 7db142a6 f82d0c18

The problem is the signal code assumes TM is enabled when
CONFIG_PPC_TRANSACTIONAL_MEM is enabled. This may not be the case as
with P9 powernv or if `ppc_tm=off` is used on P8.

This means any local user can crash the system.

Fix the problem by returning a bad stack frame to the user if they try
to set the MSR TS bits with sigreturn() on systems where TM is not
supported.

Found with sigfuz kernel selftest on P9.

This fixes CVE-2019-13648.

Fixes: 2b0a576d15e0 ("powerpc: Add new transactional memory state to the signal context")
Cc: stable@vger.kernel.org # v3.9
Reported-by: Praveen Pandey <Praveen.Pandey@in.ibm.com>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190719050502.405-1-mikey@neuling.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/kernel/signal_32.c |    3 +++
 arch/powerpc/kernel/signal_64.c |    5 +++++
 2 files changed, 8 insertions(+)

--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
@@ -1202,6 +1202,9 @@ SYSCALL_DEFINE0(rt_sigreturn)
 			goto bad;
 
 		if (MSR_TM_ACTIVE(msr_hi<<32)) {
+			/* Trying to start TM on non TM system */
+			if (!cpu_has_feature(CPU_FTR_TM))
+				goto bad;
 			/* We only recheckpoint on return if we're
 			 * transaction.
 			 */
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c
@@ -750,6 +750,11 @@ SYSCALL_DEFINE0(rt_sigreturn)
 	if (MSR_TM_ACTIVE(msr)) {
 		/* We recheckpoint on return. */
 		struct ucontext __user *uc_transact;
+
+		/* Trying to start TM on non TM system */
+		if (!cpu_has_feature(CPU_FTR_TM))
+			goto badframe;
+
 		if (__get_user(uc_transact, &uc->uc_link))
 			goto badframe;
 		if (restore_tm_sigcontexts(current, &uc->uc_mcontext,



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 112/113] libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (110 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 111/113] powerpc/tm: Fix oops on sigreturn on systems without TM Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-31 18:14   ` Pavel Machek
  2019-07-29 19:23 ` [PATCH 4.19 113/113] access: avoid the RCU grace period for the temporary subjective credentials Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  118 siblings, 1 reply; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vishal Verma, Jane Chu, Dan Williams

From: Dan Williams <dan.j.williams@intel.com>

commit b70d31d054ee3a6fc1034b9d7fc0ae1e481aa018 upstream.

In preparation for fixing a deadlock between wait_for_bus_probe_idle()
and the nvdimm_bus_list_mutex arrange for __nd_ioctl() without
nvdimm_bus_list_mutex held. This also unifies the 'dimm' and 'bus' level
ioctls into a common nd_ioctl() preamble implementation.

Marked for -stable as it is a pre-requisite for a follow-on fix.

Cc: <stable@vger.kernel.org>
Fixes: bf9bccc14c05 ("libnvdimm: pmem label sets and namespace instantiation")
Cc: Vishal Verma <vishal.l.verma@intel.com>
Tested-by: Jane Chu <jane.chu@oracle.com>
Link: https://lore.kernel.org/r/156341209518.292348.7183897251740665198.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/nvdimm/bus.c     |   94 ++++++++++++++++++++++++++++-------------------
 drivers/nvdimm/nd-core.h |    3 +
 2 files changed, 59 insertions(+), 38 deletions(-)

--- a/drivers/nvdimm/bus.c
+++ b/drivers/nvdimm/bus.c
@@ -86,7 +86,7 @@ static void nvdimm_bus_probe_end(struct
 {
 	nvdimm_bus_lock(&nvdimm_bus->dev);
 	if (--nvdimm_bus->probe_active == 0)
-		wake_up(&nvdimm_bus->probe_wait);
+		wake_up(&nvdimm_bus->wait);
 	nvdimm_bus_unlock(&nvdimm_bus->dev);
 }
 
@@ -348,7 +348,7 @@ struct nvdimm_bus *nvdimm_bus_register(s
 		return NULL;
 	INIT_LIST_HEAD(&nvdimm_bus->list);
 	INIT_LIST_HEAD(&nvdimm_bus->mapping_list);
-	init_waitqueue_head(&nvdimm_bus->probe_wait);
+	init_waitqueue_head(&nvdimm_bus->wait);
 	nvdimm_bus->id = ida_simple_get(&nd_ida, 0, 0, GFP_KERNEL);
 	mutex_init(&nvdimm_bus->reconfig_mutex);
 	badrange_init(&nvdimm_bus->badrange);
@@ -418,6 +418,9 @@ static int nd_bus_remove(struct device *
 	list_del_init(&nvdimm_bus->list);
 	mutex_unlock(&nvdimm_bus_list_mutex);
 
+	wait_event(nvdimm_bus->wait,
+			atomic_read(&nvdimm_bus->ioctl_active) == 0);
+
 	nd_synchronize();
 	device_for_each_child(&nvdimm_bus->dev, NULL, child_unregister);
 
@@ -838,7 +841,7 @@ void wait_nvdimm_bus_probe_idle(struct d
 		if (nvdimm_bus->probe_active == 0)
 			break;
 		nvdimm_bus_unlock(&nvdimm_bus->dev);
-		wait_event(nvdimm_bus->probe_wait,
+		wait_event(nvdimm_bus->wait,
 				nvdimm_bus->probe_active == 0);
 		nvdimm_bus_lock(&nvdimm_bus->dev);
 	} while (true);
@@ -1068,24 +1071,10 @@ static int __nd_ioctl(struct nvdimm_bus
 	return rc;
 }
 
-static long nd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
-{
-	long id = (long) file->private_data;
-	int rc = -ENXIO, ro;
-	struct nvdimm_bus *nvdimm_bus;
-
-	ro = ((file->f_flags & O_ACCMODE) == O_RDONLY);
-	mutex_lock(&nvdimm_bus_list_mutex);
-	list_for_each_entry(nvdimm_bus, &nvdimm_bus_list, list) {
-		if (nvdimm_bus->id == id) {
-			rc = __nd_ioctl(nvdimm_bus, NULL, ro, cmd, arg);
-			break;
-		}
-	}
-	mutex_unlock(&nvdimm_bus_list_mutex);
-
-	return rc;
-}
+enum nd_ioctl_mode {
+	BUS_IOCTL,
+	DIMM_IOCTL,
+};
 
 static int match_dimm(struct device *dev, void *data)
 {
@@ -1100,31 +1089,62 @@ static int match_dimm(struct device *dev
 	return 0;
 }
 
-static long nvdimm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+static long nd_ioctl(struct file *file, unsigned int cmd, unsigned long arg,
+		enum nd_ioctl_mode mode)
+
 {
-	int rc = -ENXIO, ro;
-	struct nvdimm_bus *nvdimm_bus;
+	struct nvdimm_bus *nvdimm_bus, *found = NULL;
+	long id = (long) file->private_data;
+	struct nvdimm *nvdimm = NULL;
+	int rc, ro;
 
 	ro = ((file->f_flags & O_ACCMODE) == O_RDONLY);
 	mutex_lock(&nvdimm_bus_list_mutex);
 	list_for_each_entry(nvdimm_bus, &nvdimm_bus_list, list) {
-		struct device *dev = device_find_child(&nvdimm_bus->dev,
-				file->private_data, match_dimm);
-		struct nvdimm *nvdimm;
+		if (mode == DIMM_IOCTL) {
+			struct device *dev;
 
-		if (!dev)
-			continue;
+			dev = device_find_child(&nvdimm_bus->dev,
+					file->private_data, match_dimm);
+			if (!dev)
+				continue;
+			nvdimm = to_nvdimm(dev);
+			found = nvdimm_bus;
+		} else if (nvdimm_bus->id == id) {
+			found = nvdimm_bus;
+		}
 
-		nvdimm = to_nvdimm(dev);
-		rc = __nd_ioctl(nvdimm_bus, nvdimm, ro, cmd, arg);
-		put_device(dev);
-		break;
+		if (found) {
+			atomic_inc(&nvdimm_bus->ioctl_active);
+			break;
+		}
 	}
 	mutex_unlock(&nvdimm_bus_list_mutex);
 
+	if (!found)
+		return -ENXIO;
+
+	nvdimm_bus = found;
+	rc = __nd_ioctl(nvdimm_bus, nvdimm, ro, cmd, arg);
+
+	if (nvdimm)
+		put_device(&nvdimm->dev);
+	if (atomic_dec_and_test(&nvdimm_bus->ioctl_active))
+		wake_up(&nvdimm_bus->wait);
+
 	return rc;
 }
 
+static long bus_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+{
+	return nd_ioctl(file, cmd, arg, BUS_IOCTL);
+}
+
+static long dimm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+{
+	return nd_ioctl(file, cmd, arg, DIMM_IOCTL);
+}
+
 static int nd_open(struct inode *inode, struct file *file)
 {
 	long minor = iminor(inode);
@@ -1136,16 +1156,16 @@ static int nd_open(struct inode *inode,
 static const struct file_operations nvdimm_bus_fops = {
 	.owner = THIS_MODULE,
 	.open = nd_open,
-	.unlocked_ioctl = nd_ioctl,
-	.compat_ioctl = nd_ioctl,
+	.unlocked_ioctl = bus_ioctl,
+	.compat_ioctl = bus_ioctl,
 	.llseek = noop_llseek,
 };
 
 static const struct file_operations nvdimm_fops = {
 	.owner = THIS_MODULE,
 	.open = nd_open,
-	.unlocked_ioctl = nvdimm_ioctl,
-	.compat_ioctl = nvdimm_ioctl,
+	.unlocked_ioctl = dimm_ioctl,
+	.compat_ioctl = dimm_ioctl,
 	.llseek = noop_llseek,
 };
 
--- a/drivers/nvdimm/nd-core.h
+++ b/drivers/nvdimm/nd-core.h
@@ -25,10 +25,11 @@ extern int nvdimm_major;
 
 struct nvdimm_bus {
 	struct nvdimm_bus_descriptor *nd_desc;
-	wait_queue_head_t probe_wait;
+	wait_queue_head_t wait;
 	struct list_head list;
 	struct device dev;
 	int id, probe_active;
+	atomic_t ioctl_active;
 	struct list_head mapping_list;
 	struct mutex reconfig_mutex;
 	struct badrange badrange;



^ permalink raw reply	[flat|nested] 130+ messages in thread

* [PATCH 4.19 113/113] access: avoid the RCU grace period for the temporary subjective credentials
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (111 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 112/113] libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() Greg Kroah-Hartman
@ 2019-07-29 19:23 ` Greg Kroah-Hartman
  2019-07-30  2:34 ` [PATCH 4.19 000/113] 4.19.63-stable review kernelci.org bot
                   ` (5 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-07-29 19:23 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
	Eric Dumazet, Paul E. McKenney, Oleg Nesterov, Jan Glauber,
	Jiri Kosina, Jayachandran Chandrasekharan Nair, Greg KH,
	Kees Cook, David Howells, Miklos Szeredi, Al Viro,
	Linus Torvalds

From: Linus Torvalds <torvalds@linux-foundation.org>

commit d7852fbd0f0423937fa287a598bfde188bb68c22 upstream.

It turns out that 'access()' (and 'faccessat()') can cause a lot of RCU
work because it installs a temporary credential that gets allocated and
freed for each system call.

The allocation and freeing overhead is mostly benign, but because
credentials can be accessed under the RCU read lock, the freeing
involves a RCU grace period.

Which is not a huge deal normally, but if you have a lot of access()
calls, this causes a fair amount of seconday damage: instead of having a
nice alloc/free patterns that hits in hot per-CPU slab caches, you have
all those delayed free's, and on big machines with hundreds of cores,
the RCU overhead can end up being enormous.

But it turns out that all of this is entirely unnecessary.  Exactly
because access() only installs the credential as the thread-local
subjective credential, the temporary cred pointer doesn't actually need
to be RCU free'd at all.  Once we're done using it, we can just free it
synchronously and avoid all the RCU overhead.

So add a 'non_rcu' flag to 'struct cred', which can be set by users that
know they only use it in non-RCU context (there are other potential
users for this).  We can make it a union with the rcu freeing list head
that we need for the RCU case, so this doesn't need any extra storage.

Note that this also makes 'get_current_cred()' clear the new non_rcu
flag, in case we have filesystems that take a long-term reference to the
cred and then expect the RCU delayed freeing afterwards.  It's not
entirely clear that this is required, but it makes for clear semantics:
the subjective cred remains non-RCU as long as you only access it
synchronously using the thread-local accessors, but you _can_ use it as
a generic cred if you want to.

It is possible that we should just remove the whole RCU markings for
->cred entirely.  Only ->real_cred is really supposed to be accessed
through RCU, and the long-term cred copies that nfs uses might want to
explicitly re-enable RCU freeing if required, rather than have
get_current_cred() do it implicitly.

But this is a "minimal semantic changes" change for the immediate
problem.

Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Paul E. McKenney <paulmck@linux.ibm.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Jan Glauber <jglauber@marvell.com>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Jayachandran Chandrasekharan Nair <jnair@marvell.com>
Cc: Greg KH <greg@kroah.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: David Howells <dhowells@redhat.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/open.c            |   19 +++++++++++++++++++
 include/linux/cred.h |    7 ++++++-
 kernel/cred.c        |   21 +++++++++++++++++++--
 3 files changed, 44 insertions(+), 3 deletions(-)

--- a/fs/open.c
+++ b/fs/open.c
@@ -373,6 +373,25 @@ long do_faccessat(int dfd, const char __
 				override_cred->cap_permitted;
 	}
 
+	/*
+	 * The new set of credentials can *only* be used in
+	 * task-synchronous circumstances, and does not need
+	 * RCU freeing, unless somebody then takes a separate
+	 * reference to it.
+	 *
+	 * NOTE! This is _only_ true because this credential
+	 * is used purely for override_creds() that installs
+	 * it as the subjective cred. Other threads will be
+	 * accessing ->real_cred, not the subjective cred.
+	 *
+	 * If somebody _does_ make a copy of this (using the
+	 * 'get_current_cred()' function), that will clear the
+	 * non_rcu field, because now that other user may be
+	 * expecting RCU freeing. But normal thread-synchronous
+	 * cred accesses will keep things non-RCY.
+	 */
+	override_cred->non_rcu = 1;
+
 	old_cred = override_creds(override_cred);
 retry:
 	res = user_path_at(dfd, filename, lookup_flags, &path);
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -150,7 +150,11 @@ struct cred {
 	struct user_struct *user;	/* real user ID subscription */
 	struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */
 	struct group_info *group_info;	/* supplementary groups for euid/fsgid */
-	struct rcu_head	rcu;		/* RCU deletion hook */
+	/* RCU deletion */
+	union {
+		int non_rcu;			/* Can we skip RCU deletion? */
+		struct rcu_head	rcu;		/* RCU deletion hook */
+	};
 } __randomize_layout;
 
 extern void __put_cred(struct cred *);
@@ -248,6 +252,7 @@ static inline const struct cred *get_cre
 {
 	struct cred *nonconst_cred = (struct cred *) cred;
 	validate_creds(cred);
+	nonconst_cred->non_rcu = 0;
 	return get_new_cred(nonconst_cred);
 }
 
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -147,7 +147,10 @@ void __put_cred(struct cred *cred)
 	BUG_ON(cred == current->cred);
 	BUG_ON(cred == current->real_cred);
 
-	call_rcu(&cred->rcu, put_cred_rcu);
+	if (cred->non_rcu)
+		put_cred_rcu(&cred->rcu);
+	else
+		call_rcu(&cred->rcu, put_cred_rcu);
 }
 EXPORT_SYMBOL(__put_cred);
 
@@ -258,6 +261,7 @@ struct cred *prepare_creds(void)
 	old = task->cred;
 	memcpy(new, old, sizeof(struct cred));
 
+	new->non_rcu = 0;
 	atomic_set(&new->usage, 1);
 	set_cred_subscribers(new, 0);
 	get_group_info(new->group_info);
@@ -537,7 +541,19 @@ const struct cred *override_creds(const
 
 	validate_creds(old);
 	validate_creds(new);
-	get_cred(new);
+
+	/*
+	 * NOTE! This uses 'get_new_cred()' rather than 'get_cred()'.
+	 *
+	 * That means that we do not clear the 'non_rcu' flag, since
+	 * we are only installing the cred into the thread-synchronous
+	 * '->cred' pointer, not the '->real_cred' pointer that is
+	 * visible to other threads under RCU.
+	 *
+	 * Also note that we did validate_creds() manually, not depending
+	 * on the validation in 'get_cred()'.
+	 */
+	get_new_cred((struct cred *)new);
 	alter_cred_subscribers(new, 1);
 	rcu_assign_pointer(current->cred, new);
 	alter_cred_subscribers(old, -1);
@@ -620,6 +636,7 @@ struct cred *prepare_kernel_cred(struct
 	validate_creds(old);
 
 	*new = *old;
+	new->non_rcu = 0;
 	atomic_set(&new->usage, 1);
 	set_cred_subscribers(new, 0);
 	get_uid(new->user);



^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 000/113] 4.19.63-stable review
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (112 preceding siblings ...)
  2019-07-29 19:23 ` [PATCH 4.19 113/113] access: avoid the RCU grace period for the temporary subjective credentials Greg Kroah-Hartman
@ 2019-07-30  2:34 ` kernelci.org bot
  2019-07-30  9:11 ` Naresh Kamboju
                   ` (4 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: kernelci.org bot @ 2019-07-30  2:34 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

stable-rc/linux-4.19.y boot: 111 boots: 1 failed, 70 passed with 40 offline (v4.19.62-114-g0c75526c53c7)

Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.19.y/kernel/v4.19.62-114-g0c75526c53c7/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.19.y/kernel/v4.19.62-114-g0c75526c53c7/

Tree: stable-rc
Branch: linux-4.19.y
Git Describe: v4.19.62-114-g0c75526c53c7
Git Commit: 0c75526c53c7c911b415119a86ace13c9d3e1724
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 64 unique boards, 26 SoC families, 17 builds out of 206

Boot Failure Detected:

arc:
    hsdk_defconfig:
        gcc-8:
            hsdk: 1 failed lab

Offline Platforms:

arm64:

    defconfig:
        gcc-8
            meson-axg-s400: 1 offline lab
            meson-gxbb-odroidc2: 1 offline lab
            meson-gxl-s905d-p230: 1 offline lab
            meson-gxl-s905x-libretech-cc: 1 offline lab
            meson-gxl-s905x-nexbox-a95x: 1 offline lab
            meson-gxl-s905x-p212: 1 offline lab
            meson-gxm-nexbox-a1: 1 offline lab
            rk3399-firefly: 1 offline lab
            sun50i-a64-pine64-plus: 1 offline lab

mips:

    pistachio_defconfig:
        gcc-8
            pistachio_marduk: 1 offline lab

arm:

    exynos_defconfig:
        gcc-8
            exynos5250-arndale: 1 offline lab
            exynos5420-arndale-octa: 1 offline lab
            exynos5800-peach-pi: 1 offline lab

    multi_v7_defconfig:
        gcc-8
            exynos5250-arndale: 1 offline lab
            exynos5420-arndale-octa: 1 offline lab
            exynos5800-peach-pi: 1 offline lab
            imx6dl-wandboard_dual: 1 offline lab
            imx6dl-wandboard_solo: 1 offline lab
            imx6q-wandboard: 1 offline lab
            imx7s-warp: 1 offline lab
            meson8b-odroidc1: 1 offline lab
            omap3-beagle: 1 offline lab
            omap4-panda: 1 offline lab
            qcom-apq8064-ifc6410: 1 offline lab
            stih410-b2120: 1 offline lab
            sun4i-a10-cubieboard: 1 offline lab
            sun7i-a20-bananapi: 1 offline lab
            vf610-colibri-eval-v3: 1 offline lab

    omap2plus_defconfig:
        gcc-8
            omap3-beagle: 1 offline lab
            omap4-panda: 1 offline lab

    qcom_defconfig:
        gcc-8
            qcom-apq8064-ifc6410: 1 offline lab

    davinci_all_defconfig:
        gcc-8
            da850-evm: 1 offline lab
            dm365evm,legacy: 1 offline lab

    imx_v6_v7_defconfig:
        gcc-8
            imx6dl-wandboard_dual: 1 offline lab
            imx6dl-wandboard_solo: 1 offline lab
            imx6q-wandboard: 1 offline lab
            imx7s-warp: 1 offline lab
            vf610-colibri-eval-v3: 1 offline lab

    sunxi_defconfig:
        gcc-8
            sun4i-a10-cubieboard: 1 offline lab
            sun7i-a20-bananapi: 1 offline lab

---
For more info write to <info@kernelci.org>

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 000/113] 4.19.63-stable review
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (113 preceding siblings ...)
  2019-07-30  2:34 ` [PATCH 4.19 000/113] 4.19.63-stable review kernelci.org bot
@ 2019-07-30  9:11 ` Naresh Kamboju
  2019-07-30 14:00 ` shuah
                   ` (3 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: Naresh Kamboju @ 2019-07-30  9:11 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: open list, Linus Torvalds, Andrew Morton, Guenter Roeck,
	Shuah Khan, patches, Ben Hutchings, lkft-triage, linux- stable

On Tue, 30 Jul 2019 at 01:11, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 4.19.63 release.
> There are 113 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed 31 Jul 2019 07:05:01 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
>         https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.63-rc1.gz
> or in the git tree and branch at:
>         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h

Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.

Summary
------------------------------------------------------------------------

kernel: 4.19.63-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.19.y
git commit: 0c75526c53c7c911b415119a86ace13c9d3e1724
git describe: v4.19.62-114-g0c75526c53c7
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.19-oe/build/v4.19.62-114-g0c75526c53c7

No regressions (compared to build v4.19.62)

No fixes (compared to build v4.19.62)

Ran 23472 total tests in the following environments and test suites.

Environments
--------------
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- i386
- juno-r2 - arm64
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15 - arm
- x86_64

Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* libgpiod
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-timers-tests
* network-basic-tests
* perf
* spectre-meltdown-checker-test
* v4l2-compliance
* ltp-open-posix-tests
* kvm-unit-tests
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none

-- 
Linaro LKFT
https://lkft.linaro.org

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 000/113] 4.19.63-stable review
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (114 preceding siblings ...)
  2019-07-30  9:11 ` Naresh Kamboju
@ 2019-07-30 14:00 ` shuah
  2019-07-30 18:42 ` Guenter Roeck
                   ` (2 subsequent siblings)
  118 siblings, 0 replies; 130+ messages in thread
From: shuah @ 2019-07-30 14:00 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
	stable, shuah

On 7/29/19 1:21 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.63 release.
> There are 113 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed 31 Jul 2019 07:05:01 PM UTC.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.63-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

thanks,
-- Shuah

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 000/113] 4.19.63-stable review
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (115 preceding siblings ...)
  2019-07-30 14:00 ` shuah
@ 2019-07-30 18:42 ` Guenter Roeck
  2019-07-31  5:30 ` Kelsey Skunberg
  2019-07-31  9:35 ` Jon Hunter
  118 siblings, 0 replies; 130+ messages in thread
From: Guenter Roeck @ 2019-07-30 18:42 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
	lkft-triage, stable

On Mon, Jul 29, 2019 at 09:21:27PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.63 release.
> There are 113 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed 31 Jul 2019 07:05:01 PM UTC.
> Anything received after that time might be too late.
> 

Build results:
	total: 156 pass: 156 fail: 0
Qemu test results:
	total: 364 pass: 364 fail: 0

Guenter

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 044/113] iio: iio-utils: Fix possible incorrect mask calculation
  2019-07-29 19:22 ` [PATCH 4.19 044/113] iio: iio-utils: Fix possible incorrect mask calculation Greg Kroah-Hartman
@ 2019-07-30 18:51   ` Pavel Machek
  0 siblings, 0 replies; 130+ messages in thread
From: Pavel Machek @ 2019-07-30 18:51 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Bastien Nocera, Jonathan Cameron, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

Hi!

> [ Upstream commit 208a68c8393d6041a90862992222f3d7943d44d6 ]
> 
> On some machines, iio-sensor-proxy was returning all 0's for IIO sensor
> values. It turns out that the bits_used for this sensor is 32, which makes
> the mask calculation:
> 
> *mask = (1 << 32) - 1;
> 
> If the compiler interprets the 1 literals as 32-bit ints, it generates
> undefined behavior depending on compiler version and optimization
> level.

Ok, it would be problem if code was like that. But it is not:

> @@ -159,9 +159,9 @@ int iioutils_get_type(unsigned *is_signed, unsigned *bytes, unsigned *bits_used,
>  			*be = (endianchar == 'b');
>  			*bytes = padint / 8;
>  			if (*bits_used == 64)
> -				*mask = ~0;
> +				*mask = ~(0ULL);
>  			else
> -				*mask = (1ULL << *bits_used) - 1;
> +				*mask = (1ULL << *bits_used) - 1ULL;
>  

Note 1ULL already being there before the change. AFAICT this does not
change anything; 1ULL << foo will already have long long type, so
substraction will be long long too.

AFAICT this does not change the binary code at all, so it can't fix a
bug...

Best regards,

									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 000/113] 4.19.63-stable review
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (116 preceding siblings ...)
  2019-07-30 18:42 ` Guenter Roeck
@ 2019-07-31  5:30 ` Kelsey Skunberg
  2019-07-31  9:35 ` Jon Hunter
  118 siblings, 0 replies; 130+ messages in thread
From: Kelsey Skunberg @ 2019-07-31  5:30 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

On Mon, Jul 29, 2019 at 09:21:27PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.63 release.
> There are 113 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed 31 Jul 2019 07:05:01 PM UTC.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.63-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

Compiled and booted with no regressions on my system.

Cheers,
Kelsey 

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 000/113] 4.19.63-stable review
  2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
                   ` (117 preceding siblings ...)
  2019-07-31  5:30 ` Kelsey Skunberg
@ 2019-07-31  9:35 ` Jon Hunter
  118 siblings, 0 replies; 130+ messages in thread
From: Jon Hunter @ 2019-07-31  9:35 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
	lkft-triage, stable, linux-tegra


On 29/07/2019 20:21, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.63 release.
> There are 113 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed 31 Jul 2019 07:05:01 PM UTC.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.63-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

All tests passing for Tegra ...

Test results for stable-v4.19:
    12 builds:	12 pass, 0 fail
    22 boots:	22 pass, 0 fail
    32 tests:	32 pass, 0 fail

Linux version:	4.19.63-rc1-g0c75526c53c7
Boards tested:	tegra124-jetson-tk1, tegra186-p2771-0000,
                tegra194-p2972-0000, tegra20-ventana,
                tegra210-p2371-2180, tegra30-cardhu-a04

Cheers
Jon

-- 
nvpublic

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 112/113] libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
  2019-07-29 19:23 ` [PATCH 4.19 112/113] libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() Greg Kroah-Hartman
@ 2019-07-31 18:14   ` Pavel Machek
  2019-07-31 19:31     ` Dan Williams
  0 siblings, 1 reply; 130+ messages in thread
From: Pavel Machek @ 2019-07-31 18:14 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Vishal Verma, Jane Chu, Dan Williams

[-- Attachment #1: Type: text/plain, Size: 1019 bytes --]

On Mon 2019-07-29 21:23:19, Greg Kroah-Hartman wrote:
> From: Dan Williams <dan.j.williams@intel.com>
> 
> commit b70d31d054ee3a6fc1034b9d7fc0ae1e481aa018 upstream.
> 
> In preparation for fixing a deadlock between wait_for_bus_probe_idle()
> and the nvdimm_bus_list_mutex arrange for __nd_ioctl() without
> nvdimm_bus_list_mutex held. This also unifies the 'dimm' and 'bus' level
> ioctls into a common nd_ioctl() preamble implementation.

Ok, so this is a preparation patch, not a fix...

> Marked for -stable as it is a pre-requisite for a follow-on fix.

...but follow-on fixes are going to be applied for 5.2 but not
4.19. So perhaps this one should not be in 4.19, either?

Best regards,
								Pavel

(Plus its quite complex).
>  drivers/nvdimm/bus.c     |   94 ++++++++++++++++++++++++++++-------------------
>  drivers/nvdimm/nd-core.h |    3 +

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 038/113] serial: mctrl_gpio: Check if GPIO property exisits before requesting it
  2019-07-29 19:22 ` [PATCH 4.19 038/113] serial: mctrl_gpio: Check if GPIO property exisits before requesting it Greg Kroah-Hartman
@ 2019-07-31 18:19   ` Pavel Machek
  0 siblings, 0 replies; 130+ messages in thread
From: Pavel Machek @ 2019-07-31 18:19 UTC (permalink / raw)
  To: pavel
  Cc: linux-kernel, Stefan Roese, Mika Westerberg, Andy Shevchenko,
	Yegor Yefremov, Giulio Benetti, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1346 bytes --]

Hi!

> This patch implements the fix suggested by Mika in his statement above.

> @@ -12,6 +12,7 @@
>  #include <linux/termios.h>
>  #include <linux/serial_core.h>
>  #include <linux/module.h>
> +#include <linux/property.h>
>  
>  #include "serial_mctrl_gpio.h"
>  
> @@ -115,6 +116,19 @@ struct mctrl_gpios *mctrl_gpio_init_noauto(struct device *dev, unsigned int idx)
>  
>  	for (i = 0; i < UART_GPIO_MAX; i++) {
>  		enum gpiod_flags flags;
> +		char *gpio_str;
> +		bool present;
> +
> +		/* Check if GPIO property exists and continue if not */
> +		gpio_str = kasprintf(GFP_KERNEL, "%s-gpios",
> +				     mctrl_gpios_desc[i].name);
> +		if (!gpio_str)
> +			continue;

So if this fails, we'll let the system boot in different configuration
than usual. I guess GFP_KERNEL allocation failures are really rare,
but would it be worth a message? Or maybe buffer on the stack so we
don't do allocations in a loop, and so that allocation can't fail?

Thanks,
								Pavel

> +		present = device_property_present(dev, gpio_str);
> +		kfree(gpio_str);
> +		if (!present)
> +			continue;
>  
>  		if (mctrl_gpios_desc[i].dir_out)
>  			flags = GPIOD_OUT_LOW;

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 024/113] tty: serial: msm_serial: avoid system lockup condition
  2019-07-29 19:21 ` [PATCH 4.19 024/113] tty: serial: msm_serial: avoid system lockup condition Greg Kroah-Hartman
@ 2019-07-31 19:05   ` Pavel Machek
  2019-07-31 20:34     ` Jorge Ramirez
  0 siblings, 1 reply; 130+ messages in thread
From: Pavel Machek @ 2019-07-31 19:05 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Jorge Ramirez-Ortiz, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1499 bytes --]

Hi!

> [ Upstream commit ba3684f99f1b25d2a30b6956d02d339d7acb9799 ]
> 
> The function msm_wait_for_xmitr can be taken with interrupts
> disabled. In order to avoid a potential system lockup - demonstrated
> under stress testing conditions on SoC QCS404/5 - make sure we wait
> for a bounded amount of time.
> 
> Tested on SoC QCS404.

How long did it take to timeout?

Because... this is supposed to loop for 0.5 second with interrupts
disabled, but 500000*udelay(1) is probably going to wait for more than
that.

Is 500msec reasonable with interrupts disabled?

Should it use something like 5000*udelay(100), instead, as that has
chance to result in closer-to-500msec wait?

> +++ b/drivers/tty/serial/msm_serial.c
> @@ -383,10 +383,14 @@ static void msm_request_rx_dma(struct msm_port *msm_port, resource_size_t base)
>  
>  static inline void msm_wait_for_xmitr(struct uart_port *port)
>  {
> +	unsigned int timeout = 500000;
> +
>  	while (!(msm_read(port, UART_SR) & UART_SR_TX_EMPTY)) {
>  		if (msm_read(port, UART_ISR) & UART_ISR_TX_READY)
>  			break;
>  		udelay(1);
> +		if (!timeout--)
> +			break;
>  	}
>  	msm_write(port, UART_CR_CMD_RESET_TX_READY, UART_CR);
>  }

Plus, should it do some kind of dev_err() to let users know that
something went very wrong with their serial?

Thanks,
								Pavel

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 077/113] f2fs: avoid out-of-range memory access
  2019-07-29 19:22 ` [PATCH 4.19 077/113] f2fs: avoid out-of-range memory access Greg Kroah-Hartman
@ 2019-07-31 19:11   ` Pavel Machek
  2019-08-01  1:19     ` Chao Yu
  0 siblings, 1 reply; 130+ messages in thread
From: Pavel Machek @ 2019-07-31 19:11 UTC (permalink / raw)
  To: pavel; +Cc: linux-kernel, Ocean Chen, Chao Yu, Jaegeuk Kim, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1429 bytes --]

Hi!

> [ Upstream commit 56f3ce675103e3fb9e631cfb4131fc768bc23e9a ]
> 
> blkoff_off might over 512 due to fs corrupt or security
> vulnerability. That should be checked before being using.
> 
> Use ENTRIES_IN_SUM to protect invalid value in cur_data_blkoff.
> 
> Signed-off-by: Ocean Chen <oceanchen@google.com>
> Reviewed-by: Chao Yu <yuchao0@huawei.com>
> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
>  fs/f2fs/segment.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
> index 8fc3edb6760c..92f72bb5aff4 100644
> --- a/fs/f2fs/segment.c
> +++ b/fs/f2fs/segment.c
> @@ -3261,6 +3261,11 @@ static int read_compacted_summaries(struct f2fs_sb_info *sbi)
>  		seg_i = CURSEG_I(sbi, i);
>  		segno = le32_to_cpu(ckpt->cur_data_segno[i]);
>  		blk_off = le16_to_cpu(ckpt->cur_data_blkoff[i]);
> +		if (blk_off > ENTRIES_IN_SUM) {
> +			f2fs_bug_on(sbi, 1);
> +			f2fs_put_page(page, 1);
> +			return -EFAULT;
> +		}
>  		seg_i->next_segno = segno;

We normally use -EUCLEAN to signal filesystem corruption. Plus, it is
good idea to report it to the syslog and mark filesystem as "needing
fsck" if filesystem can do that.

Thanks,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 112/113] libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
  2019-07-31 18:14   ` Pavel Machek
@ 2019-07-31 19:31     ` Dan Williams
  2019-08-01  8:47       ` Greg Kroah-Hartman
  0 siblings, 1 reply; 130+ messages in thread
From: Dan Williams @ 2019-07-31 19:31 UTC (permalink / raw)
  To: Pavel Machek
  Cc: Greg Kroah-Hartman, Linux Kernel Mailing List, stable,
	Vishal Verma, Jane Chu

On Wed, Jul 31, 2019 at 11:15 AM Pavel Machek <pavel@denx.de> wrote:
>
> On Mon 2019-07-29 21:23:19, Greg Kroah-Hartman wrote:
> > From: Dan Williams <dan.j.williams@intel.com>
> >
> > commit b70d31d054ee3a6fc1034b9d7fc0ae1e481aa018 upstream.
> >
> > In preparation for fixing a deadlock between wait_for_bus_probe_idle()
> > and the nvdimm_bus_list_mutex arrange for __nd_ioctl() without
> > nvdimm_bus_list_mutex held. This also unifies the 'dimm' and 'bus' level
> > ioctls into a common nd_ioctl() preamble implementation.
>
> Ok, so this is a preparation patch, not a fix...
>
> > Marked for -stable as it is a pre-requisite for a follow-on fix.
>
> ...but follow-on fixes are going to be applied for 5.2 but not
> 4.19. So perhaps this one should not be in 4.19, either?

I plan to follow up with a backport of the series for 4.19. I have no
problem with v4.19 carrying this in the meantime, but if you want to
kick it out and wait for the backport, that's fine too.

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 024/113] tty: serial: msm_serial: avoid system lockup condition
  2019-07-31 19:05   ` Pavel Machek
@ 2019-07-31 20:34     ` Jorge Ramirez
  2019-08-15  7:07       ` Pavel Machek
  0 siblings, 1 reply; 130+ messages in thread
From: Jorge Ramirez @ 2019-07-31 20:34 UTC (permalink / raw)
  To: Pavel Machek, Greg Kroah-Hartman; +Cc: linux-kernel, stable, Sasha Levin

On 7/31/19 21:05, Pavel Machek wrote:
> Hi!

hi Pavel,

> 
>> [ Upstream commit ba3684f99f1b25d2a30b6956d02d339d7acb9799 ]
>>
>> The function msm_wait_for_xmitr can be taken with interrupts
>> disabled. In order to avoid a potential system lockup - demonstrated
>> under stress testing conditions on SoC QCS404/5 - make sure we wait
>> for a bounded amount of time.
>>
>> Tested on SoC QCS404.
> 
> How long did it take to timeout?
> 
> Because... this is supposed to loop for 0.5 second with interrupts
> disabled, but 500000*udelay(1) is probably going to wait for more than
> that.
> 
> Is 500msec reasonable with interrupts disabled?

considering the original unbounded definition, it is hard to determine
what would be a good amount of time to wait (msm_serial can be used for
BT comms and I am not sure how critical that link might be for different
clients..and I didnt want to create a regression hence the half a second
delay).

yeah, I don't think disabling interrupts for half a second is a good
idea on most systems hence why I chose it that big.

> 
> Should it use something like 5000*udelay(100), instead, as that has
> chance to result in closer-to-500msec wait?

the half a second timeout didnt mean to be accurate but a worst case
scenario...I am not sure accuracy matters.

> 
>> +++ b/drivers/tty/serial/msm_serial.c
>> @@ -383,10 +383,14 @@ static void msm_request_rx_dma(struct msm_port *msm_port, resource_size_t base)
>>  
>>  static inline void msm_wait_for_xmitr(struct uart_port *port)
>>  {
>> +	unsigned int timeout = 500000;
>> +
>>  	while (!(msm_read(port, UART_SR) & UART_SR_TX_EMPTY)) {
>>  		if (msm_read(port, UART_ISR) & UART_ISR_TX_READY)
>>  			break;
>>  		udelay(1);
>> +		if (!timeout--)
>> +			break;
>>  	}
>>  	msm_write(port, UART_CR_CMD_RESET_TX_READY, UART_CR);
>>  }
> 
> Plus, should it do some kind of dev_err() to let users know that
> something went very wrong with their serial?

I did consider this but then I thought that 1/2 second without
interrupts on the core should not go unnoticed. But I might be wrong.

> 
> Thanks,
> 								Pavel
> 


^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 077/113] f2fs: avoid out-of-range memory access
  2019-07-31 19:11   ` Pavel Machek
@ 2019-08-01  1:19     ` Chao Yu
  0 siblings, 0 replies; 130+ messages in thread
From: Chao Yu @ 2019-08-01  1:19 UTC (permalink / raw)
  To: Pavel Machek, pavel; +Cc: linux-kernel, Ocean Chen, Jaegeuk Kim, Sasha Levin

On 2019/8/1 3:11, Pavel Machek wrote:
> Hi!
> 
>> [ Upstream commit 56f3ce675103e3fb9e631cfb4131fc768bc23e9a ]
>>
>> blkoff_off might over 512 due to fs corrupt or security
>> vulnerability. That should be checked before being using.
>>
>> Use ENTRIES_IN_SUM to protect invalid value in cur_data_blkoff.
>>
>> Signed-off-by: Ocean Chen <oceanchen@google.com>
>> Reviewed-by: Chao Yu <yuchao0@huawei.com>
>> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>> ---
>>  fs/f2fs/segment.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
>> index 8fc3edb6760c..92f72bb5aff4 100644
>> --- a/fs/f2fs/segment.c
>> +++ b/fs/f2fs/segment.c
>> @@ -3261,6 +3261,11 @@ static int read_compacted_summaries(struct f2fs_sb_info *sbi)
>>  		seg_i = CURSEG_I(sbi, i);
>>  		segno = le32_to_cpu(ckpt->cur_data_segno[i]);
>>  		blk_off = le16_to_cpu(ckpt->cur_data_blkoff[i]);
>> +		if (blk_off > ENTRIES_IN_SUM) {
>> +			f2fs_bug_on(sbi, 1);
>> +			f2fs_put_page(page, 1);
>> +			return -EFAULT;
>> +		}
>>  		seg_i->next_segno = segno;
> 
> We normally use -EUCLEAN to signal filesystem corruption. Plus, it is
> good idea to report it to the syslog and mark filesystem as "needing
> fsck" if filesystem can do that.

Thanks for pointing out this, I missed that restriction during review, since at
that time, my focus is on how that case happen...

Look at this again, I think we also need to add unlikely() keyword hint to
compiler to indicate this should never happen.

Thanks,

> 
> Thanks,
> 									Pavel
> 

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 112/113] libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
  2019-07-31 19:31     ` Dan Williams
@ 2019-08-01  8:47       ` Greg Kroah-Hartman
  0 siblings, 0 replies; 130+ messages in thread
From: Greg Kroah-Hartman @ 2019-08-01  8:47 UTC (permalink / raw)
  To: Dan Williams
  Cc: Pavel Machek, Linux Kernel Mailing List, stable, Vishal Verma, Jane Chu

On Wed, Jul 31, 2019 at 12:31:07PM -0700, Dan Williams wrote:
> On Wed, Jul 31, 2019 at 11:15 AM Pavel Machek <pavel@denx.de> wrote:
> >
> > On Mon 2019-07-29 21:23:19, Greg Kroah-Hartman wrote:
> > > From: Dan Williams <dan.j.williams@intel.com>
> > >
> > > commit b70d31d054ee3a6fc1034b9d7fc0ae1e481aa018 upstream.
> > >
> > > In preparation for fixing a deadlock between wait_for_bus_probe_idle()
> > > and the nvdimm_bus_list_mutex arrange for __nd_ioctl() without
> > > nvdimm_bus_list_mutex held. This also unifies the 'dimm' and 'bus' level
> > > ioctls into a common nd_ioctl() preamble implementation.
> >
> > Ok, so this is a preparation patch, not a fix...
> >
> > > Marked for -stable as it is a pre-requisite for a follow-on fix.
> >
> > ...but follow-on fixes are going to be applied for 5.2 but not
> > 4.19. So perhaps this one should not be in 4.19, either?
> 
> I plan to follow up with a backport of the series for 4.19. I have no
> problem with v4.19 carrying this in the meantime, but if you want to
> kick it out and wait for the backport, that's fine too.

I didn't mean to include this, I was going to go and remove it, my fault
for keeping it in.  But, if you are going to send the series backported,
I'll leave this in for now as that will make your work easier.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 130+ messages in thread

* Re: [PATCH 4.19 024/113] tty: serial: msm_serial: avoid system lockup condition
  2019-07-31 20:34     ` Jorge Ramirez
@ 2019-08-15  7:07       ` Pavel Machek
  0 siblings, 0 replies; 130+ messages in thread
From: Pavel Machek @ 2019-08-15  7:07 UTC (permalink / raw)
  To: Jorge Ramirez; +Cc: Greg Kroah-Hartman, linux-kernel, stable, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1224 bytes --]

Hi!

> >> [ Upstream commit ba3684f99f1b25d2a30b6956d02d339d7acb9799 ]

> > Should it use something like 5000*udelay(100), instead, as that has
> > chance to result in closer-to-500msec wait?
> 
> the half a second timeout didnt mean to be accurate but a worst case
> scenario...I am not sure accuracy matters.

Well, I'd be afraid that it would wait 5 seconds, not half a
second. udelay(1) may be very inaccurate.

> >>  	while (!(msm_read(port, UART_SR) & UART_SR_TX_EMPTY)) {
> >>  		if (msm_read(port, UART_ISR) & UART_ISR_TX_READY)
> >>  			break;
> >>  		udelay(1);
> >> +		if (!timeout--)
> >> +			break;
> >>  	}
> >>  	msm_write(port, UART_CR_CMD_RESET_TX_READY, UART_CR);
> >>  }
> > 
> > Plus, should it do some kind of dev_err() to let users know that
> > something went very wrong with their serial?
> 
> I did consider this but then I thought that 1/2 second without
> interrupts on the core should not go unnoticed. But I might be wrong.

Well, maybe it will be noticed, but user will have no idea what caused
it.

								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 130+ messages in thread

end of thread, other threads:[~2019-08-15  7:07 UTC | newest]

Thread overview: 130+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-29 19:21 [PATCH 4.19 000/113] 4.19.63-stable review Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 001/113] hvsock: fix epollout hang from race condition Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 002/113] drm/panel: simple: Fix panel_simple_dsi_probe Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 003/113] iio: adc: stm32-dfsdm: manage the get_irq error case Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 004/113] iio: adc: stm32-dfsdm: missing error case during probe Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 005/113] staging: vt6656: use meaningful error code during buffer allocation Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 006/113] usb: core: hub: Disable hub-initiated U1/U2 Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 007/113] tty: max310x: Fix invalid baudrate divisors calculator Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 008/113] pinctrl: rockchip: fix leaked of_node references Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 009/113] tty: serial: cpm_uart - fix init when SMC is relocated Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 010/113] drm/amd/display: Fill prescale_params->scale for RGB565 Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 011/113] drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 012/113] drm/amd/display: Disable ABM before destroy ABM struct Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 013/113] drm/amdkfd: Fix a potential memory leak Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 014/113] drm/amdkfd: Fix sdma queue map issue Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 015/113] drm/edid: Fix a missing-check bug in drm_load_edid_firmware() Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 016/113] PCI: Return error if cannot probe VF Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 017/113] drm/bridge: tc358767: read display_props in get_modes() Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 018/113] drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 019/113] gpu: host1x: Increase maximum DMA segment size Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 020/113] drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 021/113] drm/crc-debugfs: Also sprinkle irqrestore over early exits Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 022/113] memstick: Fix error cleanup path of memstick_init Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 023/113] tty/serial: digicolor: Fix digicolor-usart already registered warning Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 024/113] tty: serial: msm_serial: avoid system lockup condition Greg Kroah-Hartman
2019-07-31 19:05   ` Pavel Machek
2019-07-31 20:34     ` Jorge Ramirez
2019-08-15  7:07       ` Pavel Machek
2019-07-29 19:21 ` [PATCH 4.19 025/113] serial: 8250: Fix TX interrupt handling condition Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 026/113] drm/amd/display: Always allocate initial connector state state Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 027/113] drm/virtio: Add memory barriers for capset cache Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 028/113] phy: renesas: rcar-gen2: Fix memory leak at error paths Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 029/113] drm/amd/display: fix compilation error Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 030/113] powerpc/pseries/mobility: prevent cpu hotplug during DT update Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 031/113] drm/rockchip: Properly adjust to a true clock in adjusted_mode Greg Kroah-Hartman
2019-07-29 19:21 ` [PATCH 4.19 032/113] serial: imx: fix locking in set_termios() Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 033/113] tty: serial_core: Set port active bit in uart_port_activate Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 034/113] usb: gadget: Zero ffs_io_data Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 035/113] mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 036/113] powerpc/pci/of: Fix OF flags parsing for 64bit BARs Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 037/113] drm/msm: Depopulate platform on probe failure Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 038/113] serial: mctrl_gpio: Check if GPIO property exisits before requesting it Greg Kroah-Hartman
2019-07-31 18:19   ` Pavel Machek
2019-07-29 19:22 ` [PATCH 4.19 039/113] PCI: sysfs: Ignore lockdep for remove attribute Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 040/113] i2c: stm32f7: fix the get_irq error cases Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 041/113] kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 042/113] genksyms: Teach parser about 128-bit built-in types Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 043/113] PCI: xilinx-nwl: Fix Multi MSI data programming Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 044/113] iio: iio-utils: Fix possible incorrect mask calculation Greg Kroah-Hartman
2019-07-30 18:51   ` Pavel Machek
2019-07-29 19:22 ` [PATCH 4.19 045/113] powerpc/cacheflush: fix variable set but not used Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 046/113] powerpc/xmon: Fix disabling tracing while in xmon Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 047/113] recordmcount: Fix spurious mcount entries on powerpc Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 048/113] mfd: madera: Add missing of table registration Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 049/113] mfd: core: Set fwnode for created devices Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 050/113] mfd: arizona: Fix undefined behavior Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 051/113] mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 052/113] mm/swap: fix release_pages() when releasing devmap pages Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 053/113] um: Silence lockdep complaint about mmap_sem Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 054/113] powerpc/4xx/uic: clear pending interrupt after irq type/pol change Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 055/113] RDMA/i40iw: Set queue pair state when being queried Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 056/113] serial: sh-sci: Terminate TX DMA during buffer flushing Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 057/113] serial: sh-sci: Fix TX DMA buffer flushing and workqueue races Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 058/113] IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 059/113] powerpc/mm: Handle page table allocation failures Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 060/113] IB/ipoib: Add child to parent list only if device initialized Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 061/113] arm64: assembler: Switch ESB-instruction with a vanilla nop if !ARM64_HAS_RAS Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 062/113] PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 063/113] PCI: mobiveil: Fix the Class Code field Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 064/113] kallsyms: exclude kasan local symbols on s390 Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 065/113] PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 066/113] PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 067/113] perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 068/113] perf stat: Fix use-after-freed pointer detected by the smatch tool Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 069/113] perf top: Fix potential NULL pointer dereference " Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 070/113] perf session: Fix potential NULL pointer dereference found " Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 071/113] perf annotate: Fix dereferencing freed memory " Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 072/113] perf hists browser: Fix potential NULL pointer dereference " Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 073/113] RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 074/113] PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 075/113] powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 076/113] block: init flush rq ref count to 1 Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 077/113] f2fs: avoid out-of-range memory access Greg Kroah-Hartman
2019-07-31 19:11   ` Pavel Machek
2019-08-01  1:19     ` Chao Yu
2019-07-29 19:22 ` [PATCH 4.19 078/113] mailbox: handle failed named mailbox channel request Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 079/113] dlm: check if workqueues are NULL before flushing/destroying Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 080/113] powerpc/eeh: Handle hugepages in ioremap space Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 081/113] block/bio-integrity: fix a memory leak bug Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 082/113] sh: prevent warnings when using iounmap Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 083/113] mm/kmemleak.c: fix check for softirq context Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 084/113] 9p: pass the correct prototype to read_cache_page Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 085/113] mm/gup.c: mark undo_dev_pagemap as __maybe_unused Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 086/113] mm/gup.c: remove some BUG_ONs from get_gate_page() Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 087/113] memcg, fsnotify: no oom-kill for remote memcg charging Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 088/113] mm/mmu_notifier: use hlist_add_head_rcu() Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 089/113] proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 090/113] proc: use down_read_killable mmap_sem for /proc/pid/pagemap Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 091/113] proc: use down_read_killable mmap_sem for /proc/pid/clear_refs Greg Kroah-Hartman
2019-07-29 19:22 ` [PATCH 4.19 092/113] proc: use down_read_killable mmap_sem for /proc/pid/map_files Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 093/113] cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 094/113] proc: use down_read_killable mmap_sem for /proc/pid/maps Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 095/113] locking/lockdep: Fix lock used or unused stats error Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 096/113] mm: use down_read_killable for locking mmap_sem in access_remote_vm Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 097/113] locking/lockdep: Hide unused class variable Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 098/113] usb: wusbcore: fix unbalanced get/put cluster_id Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 099/113] usb: pci-quirks: Correct AMD PLL quirk detection Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 100/113] btrfs: inode: Dont compress if NODATASUM or NODATACOW set Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 101/113] x86/sysfb_efi: Add quirks for some devices with swapped width and height Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 102/113] x86/speculation/mds: Apply more accurate check on hypervisor platform Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 103/113] binder: prevent transactions to context manager from its own process Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 104/113] fpga-manager: altera-ps-spi: Fix build error Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 105/113] mei: me: add mule creek canyon (EHL) device ids Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 106/113] hpet: Fix division by zero in hpet_time_div() Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 107/113] ALSA: ac97: Fix double free of ac97_codec_device Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 108/113] ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 109/113] ALSA: hda - Add a conexant codec entry to let mute led work Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 110/113] powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 111/113] powerpc/tm: Fix oops on sigreturn on systems without TM Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 112/113] libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() Greg Kroah-Hartman
2019-07-31 18:14   ` Pavel Machek
2019-07-31 19:31     ` Dan Williams
2019-08-01  8:47       ` Greg Kroah-Hartman
2019-07-29 19:23 ` [PATCH 4.19 113/113] access: avoid the RCU grace period for the temporary subjective credentials Greg Kroah-Hartman
2019-07-30  2:34 ` [PATCH 4.19 000/113] 4.19.63-stable review kernelci.org bot
2019-07-30  9:11 ` Naresh Kamboju
2019-07-30 14:00 ` shuah
2019-07-30 18:42 ` Guenter Roeck
2019-07-31  5:30 ` Kelsey Skunberg
2019-07-31  9:35 ` Jon Hunter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).