Skip to content
Snippets Groups Projects
  1. Jan 09, 2020
    • Greg Kroah-Hartman's avatar
      Linux 4.14.163 · b0cdffaa
      Greg Kroah-Hartman authored
      v4.14.163
      b0cdffaa
    • Alexander Shishkin's avatar
      perf/x86/intel/bts: Fix the use of page_private() · c8b4d608
      Alexander Shishkin authored
      
      [ Upstream commit ff61541c ]
      
      Commit
      
        8062382c ("perf/x86/intel/bts: Add BTS PMU driver")
      
      brought in a warning with the BTS buffer initialization
      that is easily tripped with (assuming KPTI is disabled):
      
      instantly throwing:
      
      > ------------[ cut here ]------------
      > WARNING: CPU: 2 PID: 326 at arch/x86/events/intel/bts.c:86 bts_buffer_setup_aux+0x117/0x3d0
      > Modules linked in:
      > CPU: 2 PID: 326 Comm: perf Not tainted 5.4.0-rc8-00291-gceb9e77324fa #904
      > RIP: 0010:bts_buffer_setup_aux+0x117/0x3d0
      > Call Trace:
      >  rb_alloc_aux+0x339/0x550
      >  perf_mmap+0x607/0xc70
      >  mmap_region+0x76b/0xbd0
      ...
      
      It appears to assume (for lost raisins) that PagePrivate() is set,
      while later it actually tests for PagePrivate() before using
      page_private().
      
      Make it consistent and always check PagePrivate() before using
      page_private().
      
      Fixes: 8062382c ("perf/x86/intel/bts: Add BTS PMU driver")
      Signed-off-by: default avatarAlexander Shishkin <alexander.shishkin@linux.intel.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Vince Weaver <vincent.weaver@maine.edu>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Link: https://lkml.kernel.org/r/20191205142853.28894-2-alexander.shishkin@linux.intel.com
      
      
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      c8b4d608
    • SeongJae Park's avatar
      xen/blkback: Avoid unmapping unmapped grant pages · 3cc5cbcc
      SeongJae Park authored
      
      [ Upstream commit f9bd84a8 ]
      
      For each I/O request, blkback first maps the foreign pages for the
      request to its local pages.  If an allocation of a local page for the
      mapping fails, it should unmap every mapping already made for the
      request.
      
      However, blkback's handling mechanism for the allocation failure does
      not mark the remaining foreign pages as unmapped.  Therefore, the unmap
      function merely tries to unmap every valid grant page for the request,
      including the pages not mapped due to the allocation failure.  On a
      system that fails the allocation frequently, this problem leads to
      following kernel crash.
      
        [  372.012538] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
        [  372.012546] IP: [<ffffffff814071ac>] gnttab_unmap_refs.part.7+0x1c/0x40
        [  372.012557] PGD 16f3e9067 PUD 16426e067 PMD 0
        [  372.012562] Oops: 0002 [#1] SMP
        [  372.012566] Modules linked in: act_police sch_ingress cls_u32
        ...
        [  372.012746] Call Trace:
        [  372.012752]  [<ffffffff81407204>] gnttab_unmap_refs+0x34/0x40
        [  372.012759]  [<ffffffffa0335ae3>] xen_blkbk_unmap+0x83/0x150 [xen_blkback]
        ...
        [  372.012802]  [<ffffffffa0336c50>] dispatch_rw_block_io+0x970/0x980 [xen_blkback]
        ...
        Decompressing Linux... Parsing ELF... done.
        Booting the kernel.
        [    0.000000] Initializing cgroup subsys cpuset
      
      This commit fixes this problem by marking the grant pages of the given
      request that didn't mapped due to the allocation failure as invalid.
      
      Fixes: c6cc142d ("xen-blkback: use balloon pages for all mappings")
      
      Reviewed-by: default avatarDavid Woodhouse <dwmw@amazon.de>
      Reviewed-by: default avatarMaximilian Heyne <mheyne@amazon.de>
      Reviewed-by: default avatarPaul Durrant <pdurrant@amazon.co.uk>
      Reviewed-by: default avatarRoger Pau Monné <roger.pau@citrix.com>
      Signed-off-by: default avatarSeongJae Park <sjpark@amazon.de>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      3cc5cbcc
    • Heiko Carstens's avatar
      s390/smp: fix physical to logical CPU map for SMT · 26752e31
      Heiko Carstens authored
      
      [ Upstream commit 72a81ad9 ]
      
      If an SMT capable system is not IPL'ed from the first CPU the setup of
      the physical to logical CPU mapping is broken: the IPL core gets CPU
      number 0, but then the next core gets CPU number 1. Correct would be
      that all SMT threads of CPU 0 get the subsequent logical CPU numbers.
      
      This is important since a lot of code (like e.g. the CPU topology
      code) assumes that CPU maps are setup like this. If the mapping is
      broken the system will not IPL due to broken topology masks:
      
      [    1.716341] BUG: arch topology broken
      [    1.716342]      the SMT domain not a subset of the MC domain
      [    1.716343] BUG: arch topology broken
      [    1.716344]      the MC domain not a subset of the BOOK domain
      
      This scenario can usually not happen since LPARs are always IPL'ed
      from CPU 0 and also re-IPL is intiated from CPU 0. However older
      kernels did initiate re-IPL on an arbitrary CPU. If therefore a re-IPL
      from an old kernel into a new kernel is initiated this may lead to
      crash.
      
      Fix this by setting up the physical to logical CPU mapping correctly.
      
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      26752e31
    • Eric Dumazet's avatar
      net: add annotations on hh->hh_len lockless accesses · 33e1cea2
      Eric Dumazet authored
      
      [ Upstream commit c305c6ae ]
      
      KCSAN reported a data-race [1]
      
      While we can use READ_ONCE() on the read sides,
      we need to make sure hh->hh_len is written last.
      
      [1]
      
      BUG: KCSAN: data-race in eth_header_cache / neigh_resolve_output
      
      write to 0xffff8880b9dedcb8 of 4 bytes by task 29760 on cpu 0:
       eth_header_cache+0xa9/0xd0 net/ethernet/eth.c:247
       neigh_hh_init net/core/neighbour.c:1463 [inline]
       neigh_resolve_output net/core/neighbour.c:1480 [inline]
       neigh_resolve_output+0x415/0x470 net/core/neighbour.c:1470
       neigh_output include/net/neighbour.h:511 [inline]
       ip6_finish_output2+0x7a2/0xec0 net/ipv6/ip6_output.c:116
       __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
       __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
       ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
       NF_HOOK_COND include/linux/netfilter.h:294 [inline]
       ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
       dst_output include/net/dst.h:436 [inline]
       NF_HOOK include/linux/netfilter.h:305 [inline]
       ndisc_send_skb+0x459/0x5f0 net/ipv6/ndisc.c:505
       ndisc_send_ns+0x207/0x430 net/ipv6/ndisc.c:647
       rt6_probe_deferred+0x98/0xf0 net/ipv6/route.c:615
       process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
       worker_thread+0xa0/0x800 kernel/workqueue.c:2415
       kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352
      
      read to 0xffff8880b9dedcb8 of 4 bytes by task 29572 on cpu 1:
       neigh_resolve_output net/core/neighbour.c:1479 [inline]
       neigh_resolve_output+0x113/0x470 net/core/neighbour.c:1470
       neigh_output include/net/neighbour.h:511 [inline]
       ip6_finish_output2+0x7a2/0xec0 net/ipv6/ip6_output.c:116
       __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
       __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
       ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
       NF_HOOK_COND include/linux/netfilter.h:294 [inline]
       ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
       dst_output include/net/dst.h:436 [inline]
       NF_HOOK include/linux/netfilter.h:305 [inline]
       ndisc_send_skb+0x459/0x5f0 net/ipv6/ndisc.c:505
       ndisc_send_ns+0x207/0x430 net/ipv6/ndisc.c:647
       rt6_probe_deferred+0x98/0xf0 net/ipv6/route.c:615
       process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
       worker_thread+0xa0/0x800 kernel/workqueue.c:2415
       kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352
      
      Reported by Kernel Concurrency Sanitizer on:
      CPU: 1 PID: 29572 Comm: kworker/1:4 Not tainted 5.4.0-rc6+ #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Workqueue: events rt6_probe_deferred
      
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      33e1cea2
    • Anand Moon's avatar
      arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed warning · 55db26f2
      Anand Moon authored
      
      [ Upstream commit 72c9b5f6 ]
      
      usb_otg bus needs to get initialize from the u-boot to be configured
      to used as power source to SBC or usb otg port will get configured
      as host device. Right now this support is missing in the u-boot and
      phy driver so to avoid power failed warning, we would disable this
      feature  until proper fix is found.
      
      [    2.716048] phy phy-c0000000.phy.0: USB ID detect failed!
      [    2.720186] phy phy-c0000000.phy.0: phy poweron failed --> -22
      [    2.726001] ------------[ cut here ]------------
      [    2.730583] WARNING: CPU: 0 PID: 12 at drivers/regulator/core.c:2039 _regulator_put+0x3c/0xe8
      [    2.738983] Modules linked in:
      [    2.742005] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.9-1-ARCH #1
      [    2.748643] Hardware name: Hardkernel ODROID-C2 (DT)
      [    2.753566] Workqueue: events deferred_probe_work_func
      [    2.758649] pstate: 60000005 (nZCv daif -PAN -UAO)
      [    2.763394] pc : _regulator_put+0x3c/0xe8
      [    2.767361] lr : _regulator_put+0x3c/0xe8
      [    2.771326] sp : ffff000011aa3a50
      [    2.774604] x29: ffff000011aa3a50 x28: ffff80007ed1b600
      [    2.779865] x27: ffff80007f7036a8 x26: ffff80007f7036a8
      [    2.785126] x25: 0000000000000000 x24: ffff000011a44458
      [    2.790387] x23: ffff000011344218 x22: 0000000000000009
      [    2.795649] x21: ffff000011aa3b68 x20: ffff80007ed1b500
      [    2.800910] x19: ffff80007ed1b500 x18: 0000000000000010
      [    2.806171] x17: 000000005be5943c x16: 00000000f1c73b29
      [    2.811432] x15: ffffffffffffffff x14: ffff0000117396c8
      [    2.816694] x13: ffff000091aa37a7 x12: ffff000011aa37af
      [    2.821955] x11: ffff000011763000 x10: ffff000011aa3730
      [    2.827216] x9 : 00000000ffffffd0 x8 : ffff000010871760
      [    2.832477] x7 : 00000000000000d0 x6 : ffff0000119d151b
      [    2.837739] x5 : 000000000000000f x4 : 0000000000000000
      [    2.843000] x3 : 0000000000000000 x2 : 38104b2678c20100
      [    2.848261] x1 : 0000000000000000 x0 : 0000000000000024
      [    2.853523] Call trace:
      [    2.855940]  _regulator_put+0x3c/0xe8
      [    2.859562]  regulator_put+0x34/0x48
      [    2.863098]  regulator_bulk_free+0x40/0x58
      [    2.867153]  devm_regulator_bulk_release+0x24/0x30
      [    2.871896]  release_nodes+0x1f0/0x2e0
      [    2.875604]  devres_release_all+0x64/0xa4
      [    2.879571]  really_probe+0x1c8/0x3e0
      [    2.883194]  driver_probe_device+0xe4/0x138
      [    2.887334]  __device_attach_driver+0x90/0x110
      [    2.891733]  bus_for_each_drv+0x8c/0xd8
      [    2.895527]  __device_attach+0xdc/0x160
      [    2.899322]  device_initial_probe+0x24/0x30
      [    2.903463]  bus_probe_device+0x9c/0xa8
      [    2.907258]  deferred_probe_work_func+0xa0/0xf0
      [    2.911745]  process_one_work+0x1b4/0x408
      [    2.915711]  worker_thread+0x54/0x4b8
      [    2.919334]  kthread+0x12c/0x130
      [    2.922526]  ret_from_fork+0x10/0x1c
      [    2.926060] ---[ end trace 51a68f4c0035d6c0 ]---
      [    2.930691] ------------[ cut here ]------------
      [    2.935242] WARNING: CPU: 0 PID: 12 at drivers/regulator/core.c:2039 _regulator_put+0x3c/0xe8
      [    2.943653] Modules linked in:
      [    2.946675] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G        W         5.2.9-1-ARCH #1
      [    2.954694] Hardware name: Hardkernel ODROID-C2 (DT)
      [    2.959613] Workqueue: events deferred_probe_work_func
      [    2.964700] pstate: 60000005 (nZCv daif -PAN -UAO)
      [    2.969445] pc : _regulator_put+0x3c/0xe8
      [    2.973412] lr : _regulator_put+0x3c/0xe8
      [    2.977377] sp : ffff000011aa3a50
      [    2.980655] x29: ffff000011aa3a50 x28: ffff80007ed1b600
      [    2.985916] x27: ffff80007f7036a8 x26: ffff80007f7036a8
      [    2.991177] x25: 0000000000000000 x24: ffff000011a44458
      [    2.996439] x23: ffff000011344218 x22: 0000000000000009
      [    3.001700] x21: ffff000011aa3b68 x20: ffff80007ed1bd00
      [    3.006961] x19: ffff80007ed1bd00 x18: 0000000000000010
      [    3.012222] x17: 000000005be5943c x16: 00000000f1c73b29
      [    3.017484] x15: ffffffffffffffff x14: ffff0000117396c8
      [    3.022745] x13: ffff000091aa37a7 x12: ffff000011aa37af
      [    3.028006] x11: ffff000011763000 x10: ffff000011aa3730
      [    3.033267] x9 : 00000000ffffffd0 x8 : ffff000010871760
      [    3.038528] x7 : 00000000000000fd x6 : ffff0000119d151b
      [    3.043790] x5 : 000000000000000f x4 : 0000000000000000
      [    3.049051] x3 : 0000000000000000 x2 : 38104b2678c20100
      [    3.054312] x1 : 0000000000000000 x0 : 0000000000000024
      [    3.059574] Call trace:
      [    3.061991]  _regulator_put+0x3c/0xe8
      [    3.065613]  regulator_put+0x34/0x48
      [    3.069149]  regulator_bulk_free+0x40/0x58
      [    3.073203]  devm_regulator_bulk_release+0x24/0x30
      [    3.077947]  release_nodes+0x1f0/0x2e0
      [    3.081655]  devres_release_all+0x64/0xa4
      [    3.085622]  really_probe+0x1c8/0x3e0
      [    3.089245]  driver_probe_device+0xe4/0x138
      [    3.093385]  __device_attach_driver+0x90/0x110
      [    3.097784]  bus_for_each_drv+0x8c/0xd8
      [    3.101578]  __device_attach+0xdc/0x160
      [    3.105373]  device_initial_probe+0x24/0x30
      [    3.109514]  bus_probe_device+0x9c/0xa8
      [    3.113309]  deferred_probe_work_func+0xa0/0xf0
      [    3.117796]  process_one_work+0x1b4/0x408
      [    3.121762]  worker_thread+0x54/0x4b8
      [    3.125384]  kthread+0x12c/0x130
      [    3.128575]  ret_from_fork+0x10/0x1c
      [    3.132110] ---[ end trace 51a68f4c0035d6c1 ]---
      [    3.136753] dwc2: probe of c9000000.usb failed with error -22
      
      Fixes: 5a0803bd ("ARM64: dts: meson-gxbb-odroidc2: Enable USB Nodes")
      Cc: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
      Cc: Jerome Brunet <jbrunet@baylibre.com>
      Cc: Neil Armstrong <narmstrong@baylibre.com>
      Acked-by: default avatarMartin Blumenstingl <martin.blumenstingl@googlemail.com>
      Signed-off-by: default avatarAnand Moon <linux.amoon@gmail.com>
      Signed-off-by: default avatarKevin Hilman <khilman@baylibre.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      55db26f2
    • Masashi Honma's avatar
      ath9k_htc: Discard undersized packets · a6c433bf
      Masashi Honma authored
      
      [ Upstream commit cd486e62 ]
      
      Sometimes the hardware will push small packets that trigger a WARN_ON
      in mac80211. Discard them early to avoid this issue.
      
      This patch ports 2 patches from ath9k to ath9k_htc.
      commit 3c0efb74 "ath9k: discard
      undersized packets".
      commit df5c4150 "ath9k: correctly
      handle short radar pulses".
      
      [  112.835889] ------------[ cut here ]------------
      [  112.835971] WARNING: CPU: 5 PID: 0 at net/mac80211/rx.c:804 ieee80211_rx_napi+0xaac/0xb40 [mac80211]
      [  112.835973] Modules linked in: ath9k_htc ath9k_common ath9k_hw ath mac80211 cfg80211 libarc4 nouveau snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_hda_codec video snd_hda_core ttm snd_hwdep drm_kms_helper snd_pcm crct10dif_pclmul snd_seq_midi drm snd_seq_midi_event crc32_pclmul snd_rawmidi ghash_clmulni_intel snd_seq aesni_intel aes_x86_64 crypto_simd cryptd snd_seq_device glue_helper snd_timer sch_fq_codel i2c_algo_bit fb_sys_fops snd input_leds syscopyarea sysfillrect sysimgblt intel_cstate mei_me intel_rapl_perf soundcore mxm_wmi lpc_ich mei kvm_intel kvm mac_hid irqbypass parport_pc ppdev lp parport ip_tables x_tables autofs4 hid_generic usbhid hid raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear e1000e ahci libahci wmi
      [  112.836022] CPU: 5 PID: 0 Comm: swapper/5 Not tainted 5.3.0-wt #1
      [  112.836023] Hardware name: MouseComputer Co.,Ltd. X99-S01/X99-S01, BIOS 1.0C-W7 04/01/2015
      [  112.836056] RIP: 0010:ieee80211_rx_napi+0xaac/0xb40 [mac80211]
      [  112.836059] Code: 00 00 66 41 89 86 b0 00 00 00 e9 c8 fa ff ff 4c 89 b5 40 ff ff ff 49 89 c6 e9 c9 fa ff ff 48 c7 c7 e0 a2 a5 c0 e8 47 41 b0 e9 <0f> 0b 48 89 df e8 5a 94 2d ea e9 02 f9 ff ff 41 39 c1 44 89 85 60
      [  112.836060] RSP: 0018:ffffaa6180220da8 EFLAGS: 00010286
      [  112.836062] RAX: 0000000000000024 RBX: ffff909a20eeda00 RCX: 0000000000000000
      [  112.836064] RDX: 0000000000000000 RSI: ffff909a2f957448 RDI: ffff909a2f957448
      [  112.836065] RBP: ffffaa6180220e78 R08: 00000000000006e9 R09: 0000000000000004
      [  112.836066] R10: 000000000000000a R11: 0000000000000001 R12: 0000000000000000
      [  112.836068] R13: ffff909a261a47a0 R14: 0000000000000000 R15: 0000000000000004
      [  112.836070] FS:  0000000000000000(0000) GS:ffff909a2f940000(0000) knlGS:0000000000000000
      [  112.836071] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  112.836073] CR2: 00007f4e3ffffa08 CR3: 00000001afc0a006 CR4: 00000000001606e0
      [  112.836074] Call Trace:
      [  112.836076]  <IRQ>
      [  112.836083]  ? finish_td+0xb3/0xf0
      [  112.836092]  ? ath9k_rx_prepare.isra.11+0x22f/0x2a0 [ath9k_htc]
      [  112.836099]  ath9k_rx_tasklet+0x10b/0x1d0 [ath9k_htc]
      [  112.836105]  tasklet_action_common.isra.22+0x63/0x110
      [  112.836108]  tasklet_action+0x22/0x30
      [  112.836115]  __do_softirq+0xe4/0x2da
      [  112.836118]  irq_exit+0xae/0xb0
      [  112.836121]  do_IRQ+0x86/0xe0
      [  112.836125]  common_interrupt+0xf/0xf
      [  112.836126]  </IRQ>
      [  112.836130] RIP: 0010:cpuidle_enter_state+0xa9/0x440
      [  112.836133] Code: 3d bc 20 38 55 e8 f7 1d 84 ff 49 89 c7 0f 1f 44 00 00 31 ff e8 28 29 84 ff 80 7d d3 00 0f 85 e6 01 00 00 fb 66 0f 1f 44 00 00 <45> 85 ed 0f 89 ff 01 00 00 41 c7 44 24 10 00 00 00 00 48 83 c4 18
      [  112.836134] RSP: 0018:ffffaa61800e3e48 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde
      [  112.836136] RAX: ffff909a2f96b340 RBX: ffffffffabb58200 RCX: 000000000000001f
      [  112.836137] RDX: 0000001a458adc5d RSI: 0000000026c9b581 RDI: 0000000000000000
      [  112.836139] RBP: ffffaa61800e3e88 R08: 0000000000000002 R09: 000000000002abc0
      [  112.836140] R10: ffffaa61800e3e18 R11: 000000000000002d R12: ffffca617fb40b00
      [  112.836141] R13: 0000000000000002 R14: ffffffffabb582d8 R15: 0000001a458adc5d
      [  112.836145]  ? cpuidle_enter_state+0x98/0x440
      [  112.836149]  ? menu_select+0x370/0x600
      [  112.836151]  cpuidle_enter+0x2e/0x40
      [  112.836154]  call_cpuidle+0x23/0x40
      [  112.836156]  do_idle+0x204/0x280
      [  112.836159]  cpu_startup_entry+0x1d/0x20
      [  112.836164]  start_secondary+0x167/0x1c0
      [  112.836169]  secondary_startup_64+0xa4/0xb0
      [  112.836173] ---[ end trace 9f4cd18479cc5ae5 ]---
      
      Signed-off-by: default avatarMasashi Honma <masashi.honma@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      a6c433bf
    • Masashi Honma's avatar
      ath9k_htc: Modify byte order for an error message · a0758704
      Masashi Honma authored
      
      [ Upstream commit e01fddc1 ]
      
      rs_datalen is be16 so we need to convert it before printing.
      
      Signed-off-by: default avatarMasashi Honma <masashi.honma@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      a0758704
    • David Howells's avatar
      rxrpc: Fix possible NULL pointer access in ICMP handling · 85aa8f87
      David Howells authored
      
      [ Upstream commit f0308fb0 ]
      
      If an ICMP packet comes in on the UDP socket backing an AF_RXRPC socket as
      the UDP socket is being shut down, rxrpc_error_report() may get called to
      deal with it after sk_user_data on the UDP socket has been cleared, leading
      to a NULL pointer access when this local endpoint record gets accessed.
      
      Fix this by just returning immediately if sk_user_data was NULL.
      
      The oops looks like the following:
      
      #PF: supervisor read access in kernel mode
      #PF: error_code(0x0000) - not-present page
      ...
      RIP: 0010:rxrpc_error_report+0x1bd/0x6a9
      ...
      Call Trace:
       ? sock_queue_err_skb+0xbd/0xde
       ? __udp4_lib_err+0x313/0x34d
       __udp4_lib_err+0x313/0x34d
       icmp_unreach+0x1ee/0x207
       icmp_rcv+0x25b/0x28f
       ip_protocol_deliver_rcu+0x95/0x10e
       ip_local_deliver+0xe9/0x148
       __netif_receive_skb_one_core+0x52/0x6e
       process_backlog+0xdc/0x177
       net_rx_action+0xf9/0x270
       __do_softirq+0x1b6/0x39a
       ? smpboot_register_percpu_thread+0xce/0xce
       run_ksoftirqd+0x1d/0x42
       smpboot_thread_fn+0x19e/0x1b3
       kthread+0xf1/0xf6
       ? kthread_delayed_work_timer_fn+0x83/0x83
       ret_from_fork+0x24/0x30
      
      Fixes: 17926a79 ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
      Reported-by: default avatar <syzbot+611164843bd48cc2190c@syzkaller.appspotmail.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      85aa8f87
    • Florian Westphal's avatar
      selftests: rtnetlink: add addresses with fixed life time · 544d4b9f
      Florian Westphal authored
      
      [ Upstream commit 3cfa1488 ]
      
      This exercises kernel code path that deal with addresses that have
      a limited lifetime.
      
      Without previous fix, this triggers following crash on net-next:
       BUG: KASAN: null-ptr-deref in check_lifetime+0x403/0x670
       Read of size 8 at addr 0000000000000010 by task kworker [..]
      
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      544d4b9f
    • Daniel Axtens's avatar
      powerpc/pseries/hvconsole: Fix stack overread via udbg · 72e77ea7
      Daniel Axtens authored
      
      [ Upstream commit 934bda59 ]
      
      While developing KASAN for 64-bit book3s, I hit the following stack
      over-read.
      
      It occurs because the hypercall to put characters onto the terminal
      takes 2 longs (128 bits/16 bytes) of characters at a time, and so
      hvc_put_chars() would unconditionally copy 16 bytes from the argument
      buffer, regardless of supplied length. However, udbg_hvc_putc() can
      call hvc_put_chars() with a single-byte buffer, leading to the error.
      
        ==================================================================
        BUG: KASAN: stack-out-of-bounds in hvc_put_chars+0xdc/0x110
        Read of size 8 at addr c0000000023e7a90 by task swapper/0
      
        CPU: 0 PID: 0 Comm: swapper Not tainted 5.2.0-rc2-next-20190528-02824-g048a6ab4835b #113
        Call Trace:
          dump_stack+0x104/0x154 (unreliable)
          print_address_description+0xa0/0x30c
          __kasan_report+0x20c/0x224
          kasan_report+0x18/0x30
          __asan_report_load8_noabort+0x24/0x40
          hvc_put_chars+0xdc/0x110
          hvterm_raw_put_chars+0x9c/0x110
          udbg_hvc_putc+0x154/0x200
          udbg_write+0xf0/0x240
          console_unlock+0x868/0xd30
          register_console+0x970/0xe90
          register_early_udbg_console+0xf8/0x114
          setup_arch+0x108/0x790
          start_kernel+0x104/0x784
          start_here_common+0x1c/0x534
      
        Memory state around the buggy address:
         c0000000023e7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         c0000000023e7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
        >c0000000023e7a80: f1 f1 01 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
                                 ^
         c0000000023e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         c0000000023e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        ==================================================================
      
      Document that a 16-byte buffer is requred, and provide it in udbg.
      
      Signed-off-by: default avatarDaniel Axtens <dja@axtens.net>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      72e77ea7
    • Imre Deak's avatar
      drm/mst: Fix MST sideband up-reply failure handling · d3f3d399
      Imre Deak authored
      
      [ Upstream commit d8fd3722 ]
      
      Fix the breakage resulting in the stacktrace below, due to tx queue
      being full when trying to send an up-reply. txmsg->seqno is -1 in this
      case leading to a corruption of the mstb object by
      
      	txmsg->dst->tx_slots[txmsg->seqno] = NULL;
      
      in process_single_up_tx_qlock().
      
      [  +0,005162] [drm:process_single_tx_qlock [drm_kms_helper]] set_hdr_from_dst_qlock: failed to find slot
      [  +0,000015] [drm:drm_dp_send_up_ack_reply.constprop.19 [drm_kms_helper]] failed to send msg in q -11
      [  +0,000939] BUG: kernel NULL pointer dereference, address: 00000000000005a0
      [  +0,006982] #PF: supervisor write access in kernel mode
      [  +0,005223] #PF: error_code(0x0002) - not-present page
      [  +0,005135] PGD 0 P4D 0
      [  +0,002581] Oops: 0002 [#1] PREEMPT SMP NOPTI
      [  +0,004359] CPU: 1 PID: 1200 Comm: kworker/u16:3 Tainted: G     U            5.2.0-rc1+ #410
      [  +0,008433] Hardware name: Intel Corporation Ice Lake Client Platform/IceLake U DDR4 SODIMM PD RVP, BIOS ICLSFWR1.R00.3175.A00.1904261428 04/26/2019
      [  +0,013323] Workqueue: i915-dp i915_digport_work_func [i915]
      [  +0,005676] RIP: 0010:queue_work_on+0x19/0x70
      [  +0,004372] Code: ff ff ff 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 41 56 49 89 f6 41 55 41 89 fd 41 54 55 53 48 89 d3 9c 5d fa e8 e7 81 0c 00 <f0> 48 0f ba 2b 00 73 31 45 31 e4 f7 c5 00 02 00 00 74 13 e8 cf 7f
      [  +0,018750] RSP: 0018:ffffc900007dfc50 EFLAGS: 00010006
      [  +0,005222] RAX: 0000000000000046 RBX: 00000000000005a0 RCX: 0000000000000001
      [  +0,007133] RDX: 000000000001b608 RSI: 0000000000000000 RDI: ffffffff82121972
      [  +0,007129] RBP: 0000000000000202 R08: 0000000000000000 R09: 0000000000000001
      [  +0,007129] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88847bfa5096
      [  +0,007131] R13: 0000000000000010 R14: ffff88849c08f3f8 R15: 0000000000000000
      [  +0,007128] FS:  0000000000000000(0000) GS:ffff88849dc80000(0000) knlGS:0000000000000000
      [  +0,008083] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  +0,005749] CR2: 00000000000005a0 CR3: 0000000005210006 CR4: 0000000000760ee0
      [  +0,007128] PKRU: 55555554
      [  +0,002722] Call Trace:
      [  +0,002458]  drm_dp_mst_handle_up_req+0x517/0x540 [drm_kms_helper]
      [  +0,006197]  ? drm_dp_mst_hpd_irq+0x5b/0x9c0 [drm_kms_helper]
      [  +0,005764]  drm_dp_mst_hpd_irq+0x5b/0x9c0 [drm_kms_helper]
      [  +0,005623]  ? intel_dp_hpd_pulse+0x205/0x370 [i915]
      [  +0,005018]  intel_dp_hpd_pulse+0x205/0x370 [i915]
      [  +0,004836]  i915_digport_work_func+0xbb/0x140 [i915]
      [  +0,005108]  process_one_work+0x245/0x610
      [  +0,004027]  worker_thread+0x37/0x380
      [  +0,003684]  ? process_one_work+0x610/0x610
      [  +0,004184]  kthread+0x119/0x130
      [  +0,003240]  ? kthread_park+0x80/0x80
      [  +0,003668]  ret_from_fork+0x24/0x50
      
      Cc: Lyude Paul <lyude@redhat.com>
      Cc: Dave Airlie <airlied@redhat.com>
      Signed-off-by: default avatarImre Deak <imre.deak@intel.com>
      Reviewed-by: default avatarLyude Paul <lyude@redhat.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20190523212433.9058-1-imre.deak@intel.com
      
      
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      d3f3d399
    • Chad Dupuis's avatar
      scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails · 0f6ecead
      Chad Dupuis authored
      
      [ Upstream commit f1c43590 ]
      
      If we cannot allocate an ELS middlepath request, simply fail instead of
      trying to delay and then reallocate.  This delay logic is causing soft
      lockup messages:
      
      NMI watchdog: BUG: soft lockup - CPU#2 stuck for 22s! [kworker/2:1:7639]
      Modules linked in: xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun devlink ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter dm_service_time vfat fat rpcrdma sunrpc ib_isert iscsi_target_mod ib_iser libiscsi scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm sb_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm
      irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd iTCO_wdt iTCO_vendor_support qedr(OE) ib_core joydev ipmi_ssif pcspkr hpilo hpwdt sg ipmi_si ipmi_devintf ipmi_msghandler ioatdma shpchp lpc_ich wmi dca acpi_power_meter dm_multipath ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic qedf(OE) libfcoe mgag200 libfc i2c_algo_bit drm_kms_helper scsi_transport_fc qede(OE) syscopyarea sysfillrect sysimgblt fb_sys_fops ttm qed(OE) drm crct10dif_pclmul e1000e crct10dif_common crc32c_intel scsi_tgt hpsa i2c_core ptp scsi_transport_sas pps_core dm_mirror dm_region_hash dm_log dm_mod
      CPU: 2 PID: 7639 Comm: kworker/2:1 Kdump: loaded Tainted: G           OEL ------------   3.10.0-861.el7.x86_64 #1
      Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 07/21/2016
      Workqueue: qedf_2_dpc qedf_handle_rrq [qedf]
      task: ffff959edd628fd0 ti: ffff959ed6f08000 task.ti: ffff959ed6f08000
      RIP: 0010:[<ffffffff8355913a>]  [<ffffffff8355913a>] delay_tsc+0x3a/0x60
      RSP: 0018:ffff959ed6f0bd30  EFLAGS: 00000246
      RAX: 000000008ef5f791 RBX: 5f646d635f666465 RCX: 0000025b8ededa2f
      RDX: 000000000000025b RSI: 0000000000000002 RDI: 0000000000217d1e
      RBP: ffff959ed6f0bd30 R08: ffffffffc079aae8 R09: 0000000000000200
      R10: ffffffffc07952c6 R11: 0000000000000000 R12: 6c6c615f66646571
      R13: ffff959ed6f0bcc8 R14: ffff959ed6f0bd08 R15: ffff959e00000028
      FS:  0000000000000000(0000) GS:ffff959eff480000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007f4117fa1eb0 CR3: 0000002039e66000 CR4: 00000000003607e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
      [<ffffffff8355907d>] __const_udelay+0x2d/0x30
      [<ffffffffc079444a>] qedf_initiate_els+0x13a/0x450 [qedf]
      [<ffffffffc0794210>] ? qedf_srr_compl+0x2a0/0x2a0 [qedf]
      [<ffffffffc0795337>] qedf_send_rrq+0x127/0x230 [qedf]
      [<ffffffffc078ed55>] qedf_handle_rrq+0x15/0x20 [qedf]
      [<ffffffff832b2dff>] process_one_work+0x17f/0x440
      [<ffffffff832b3ac6>] worker_thread+0x126/0x3c0
      [<ffffffff832b39a0>] ? manage_workers.isra.24+0x2a0/0x2a0
      [<ffffffff832bae31>] kthread+0xd1/0xe0
      [<ffffffff832bad60>] ? insert_kthread_work+0x40/0x40
      [<ffffffff8391f637>] ret_from_fork_nospec_begin+0x21/0x21
      [<ffffffff832bad60>] ? insert_kthread_work+0x40/0x40
      
      Signed-off-by: default avatarChad Dupuis <cdupuis@marvell.com>
      Signed-off-by: default avatarSaurav Kashyap <skashyap@marvell.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      0f6ecead
    • Al Viro's avatar
      fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP · 973536f0
      Al Viro authored
      
      commit 6b2daec1 upstream.
      
      Unlike FICLONE, all of those take a pointer argument; they do need
      compat_ptr() applied to arg.
      
      Fixes: d79bdd52 ("vfs: wire up compat ioctl for CLONE/CLONE_RANGE")
      Fixes: 54dbc151 ("vfs: hoist the btrfs deduplication ioctl to the vfs")
      Fixes: ceac204e ("fs: make fiemap work from compat_ioctl")
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      973536f0
    • Leo Yan's avatar
      tty: serial: msm_serial: Fix lockup for sysrq and oops · ee21b594
      Leo Yan authored
      
      commit 0e4f7f92 upstream.
      
      As the commit 677fe555 ("serial: imx: Fix recursive locking bug")
      has mentioned the uart driver might cause recursive locking between
      normal printing and the kernel debugging facilities (e.g. sysrq and
      oops).  In the commit it gave out suggestion for fixing recursive
      locking issue: "The solution is to avoid locking in the sysrq case
      and trylock in the oops_in_progress case."
      
      This patch follows the suggestion (also used the exactly same code with
      other serial drivers, e.g. amba-pl011.c) to fix the recursive locking
      issue, this can avoid stuck caused by deadlock and print out log for
      sysrq and oops.
      
      Fixes: 04896a77 ("msm_serial: serial driver for MSM7K onboard serial peripheral.")
      Signed-off-by: default avatarLeo Yan <leo.yan@linaro.org>
      Reviewed-by: default avatarJeffrey Hugo <jeffrey.l.hugo@gmail.com>
      Link: https://lore.kernel.org/r/20191127141544.4277-2-leo.yan@linaro.org
      
      
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ee21b594
    • Geert Uytterhoeven's avatar
      dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example · 08bb799e
      Geert Uytterhoeven authored
      
      commit 830dbce7 upstream.
      
      The documented compatible value for R-Car H3 is
      "renesas,r8a7795-rcar-usb2-clock-sel", not
      "renesas,r8a77950-rcar-usb2-clock-sel".
      
      Fixes: 311accb6 ("clk: renesas: rcar-usb2-clock-sel: Add R-Car USB 2.0 clock selector PHY")
      Signed-off-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      Reviewed-by: default avatarYoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
      Acked-by: default avatarRob Herring <robh@kernel.org>
      Link: https://lore.kernel.org/r/20191016145650.30003-1-geert+renesas@glider.be
      
      
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      08bb799e
    • Navid Emamdoost's avatar
      media: usb: fix memory leak in af9005_identify_state · 2d7c2795
      Navid Emamdoost authored
      
      commit 2289adbf upstream.
      
      In af9005_identify_state when returning -EIO the allocated buffer should
      be released. Replace the "return -EIO" with assignment into ret and move
      deb_info() under a check.
      
      Fixes: af4e067e ("V4L/DVB (5625): Add support for the AF9005 demodulator from Afatech")
      Signed-off-by: default avatarNavid Emamdoost <navid.emamdoost@gmail.com>
      Signed-off-by: default avatarHans Verkuil <hverkuil-cisco@xs4all.nl>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2d7c2795
    • Stephan Gerhold's avatar
      regulator: ab8500: Remove AB8505 USB regulator · 09023165
      Stephan Gerhold authored
      
      commit 99c4f70d upstream.
      
      The USB regulator was removed for AB8500 in
      commit 41a06aa7 ("regulator: ab8500: Remove USB regulator").
      It was then added for AB8505 in
      commit 547f384f ("regulator: ab8500: add support for ab8505").
      
      However, there was never an entry added for it in
      ab8505_regulator_match. This causes all regulators after it
      to be initialized with the wrong device tree data, eventually
      leading to an out-of-bounds array read.
      
      Given that it is not used anywhere in the kernel, it seems
      likely that similar arguments against supporting it exist for
      AB8505 (it is controlled by hardware).
      
      Therefore, simply remove it like for AB8500 instead of adding
      an entry in ab8505_regulator_match.
      
      Fixes: 547f384f ("regulator: ab8500: add support for ab8505")
      Cc: Linus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarStephan Gerhold <stephan@gerhold.net>
      Reviewed-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Link: https://lore.kernel.org/r/20191106173125.14496-1-stephan@gerhold.net
      
      
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      09023165
    • Colin Ian King's avatar
      media: flexcop-usb: ensure -EIO is returned on error condition · 6b74fc79
      Colin Ian King authored
      
      commit 74a96b51 upstream.
      
      An earlier commit hard coded a return 0 to function flexcop_usb_i2c_req
      even though the an -EIO was intended to be returned in the case where
      ret != buflen.  Fix this by replacing the return 0 with the return of
      ret to return the error return code.
      
      Addresses-Coverity: ("Unused value")
      
      Fixes: b430eaba ("[media] flexcop-usb: don't use stack for DMA")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarSean Young <sean@mess.org>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6b74fc79
    • Navid Emamdoost's avatar
      Bluetooth: Fix memory leak in hci_connect_le_scan · f3cb0d22
      Navid Emamdoost authored
      
      commit d088337c upstream.
      
      In the implementation of hci_connect_le_scan() when conn is added via
      hci_conn_add(), if hci_explicit_conn_params_set() fails the allocated
      memory for conn is leaked. Use hci_conn_del() to release it.
      
      Fixes: f75113a2 ("Bluetooth: add hci_connect_le_scan")
      Signed-off-by: default avatarNavid Emamdoost <navid.emamdoost@gmail.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f3cb0d22
    • Dan Carpenter's avatar
      Bluetooth: delete a stray unlock · bb5a3cc0
      Dan Carpenter authored
      
      commit df66499a upstream.
      
      We used to take a lock in amp_physical_cfm() but then we moved it to
      the caller function.  Unfortunately the unlock on this error path was
      overlooked so it leads to a double unlock.
      
      Fixes: a514b17f ("Bluetooth: Refactor locking in amp_physical_cfm")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      bb5a3cc0
    • Oliver Neukum's avatar
      Bluetooth: btusb: fix PM leak in error case of setup · 29ea30c0
      Oliver Neukum authored
      
      commit 3d44a6fd upstream.
      
      If setup() fails a reference for runtime PM has already
      been taken. Proper use of the error handling in btusb_open()is needed.
      You cannot just return.
      
      Fixes: ace31982 ("Bluetooth: btusb: Add setup callback for chip init on USB")
      Signed-off-by: default avatarOliver Neukum <oneukum@suse.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      29ea30c0
    • Michael Haener's avatar
      platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table · 4d445d3e
      Michael Haener authored
      
      commit e8796c6c upstream.
      
      The CONNECT X300 uses the PMC clock for on-board components and gets
      stuck during boot if the clock is disabled. Therefore, add this
      device to the critical systems list.
      Tested on CONNECT X300.
      
      Fixes: 648e9218 ("clk: x86: Stop marking clocks as CLK_IS_CRITICAL")
      Signed-off-by: default avatarMichael Haener <michael.haener@siemens.com>
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4d445d3e
    • Omar Sandoval's avatar
      xfs: don't check for AG deadlock for realtime files in bunmapi · fb7b53ce
      Omar Sandoval authored
      
      commit 69ffe596 upstream.
      
      Commit 5b094d6d ("xfs: fix multi-AG deadlock in xfs_bunmapi") added
      a check in __xfs_bunmapi() to stop early if we would touch multiple AGs
      in the wrong order. However, this check isn't applicable for realtime
      files. In most cases, it just makes us do unnecessary commits. However,
      without the fix from the previous commit ("xfs: fix realtime file data
      space leak"), if the last and second-to-last extents also happen to have
      different "AG numbers", then the break actually causes __xfs_bunmapi()
      to return without making any progress, which sends
      xfs_itruncate_extents_flags() into an infinite loop.
      
      Fixes: 5b094d6d ("xfs: fix multi-AG deadlock in xfs_bunmapi")
      Signed-off-by: default avatarOmar Sandoval <osandov@fb.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      fb7b53ce
    • Roman Bolshakov's avatar
      scsi: qla2xxx: Drop superfluous INIT_WORK of del_work · 35ddeb36
      Roman Bolshakov authored
      commit 600954e6 upstream.
      
      del_work is already initialized inside qla2x00_alloc_fcport, there's no
      need to overwrite it. Indeed, it might prevent complete traversal of
      workqueue list.
      
      Fixes: a01c77d2 ("scsi: qla2xxx: Move session delete to driver work queue")
      Cc: Quinn Tran <qutran@marvell.com>
      Link: https://lore.kernel.org/r/20191125165702.1013-5-r.bolshakov@yadro.com
      
      
      Acked-by: default avatarHimanshu Madhani <hmadhani@marvell.com>
      Reviewed-by: default avatarHannes Reinecke <hare@suse.de>
      Tested-by: default avatarHannes Reinecke <hare@suse.de>
      Reviewed-by: default avatarBart Van Assche <bvanassche@acm.org>
      Signed-off-by: default avatarRoman Bolshakov <r.bolshakov@yadro.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      35ddeb36
    • Scott Mayhew's avatar
      nfsd4: fix up replay_matches_cache() · 46a3c4fb
      Scott Mayhew authored
      
      commit 6e73e92b upstream.
      
      When running an nfs stress test, I see quite a few cached replies that
      don't match up with the actual request.  The first comment in
      replay_matches_cache() makes sense, but the code doesn't seem to
      match... fix it.
      
      This isn't exactly a bugfix, as the server isn't required to catch every
      case of a false retry.  So, we may as well do this, but if this is
      fixing a problem then that suggests there's a client bug.
      
      Fixes: 53da6a53 ("nfsd4: catch some false session retries")
      Signed-off-by: default avatarScott Mayhew <smayhew@redhat.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      46a3c4fb
    • Leonard Crestez's avatar
      PM / devfreq: Check NULL governor in available_governors_show · 05c3fa01
      Leonard Crestez authored
      
      commit d68adc8f upstream.
      
      The governor is initialized after sysfs attributes become visible so in
      theory the governor field can be NULL here.
      
      Fixes: bcf23c79 ("PM / devfreq: Fix available_governor sysfs")
      Signed-off-by: default avatarLeonard Crestez <leonard.crestez@nxp.com>
      Reviewed-by: default avatarMatthias Kaehlcke <mka@chromium.org>
      Reviewed-by: default avatarChanwoo Choi <cw00.choi@samsung.com>
      Signed-off-by: default avatarChanwoo Choi <cw00.choi@samsung.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      05c3fa01
    • Catalin Marinas's avatar
      arm64: Revert support for execute-only user mappings · d9c64efb
      Catalin Marinas authored
      
      commit 24cecc37 upstream.
      
      The ARMv8 64-bit architecture supports execute-only user permissions by
      clearing the PTE_USER and PTE_UXN bits, practically making it a mostly
      privileged mapping but from which user running at EL0 can still execute.
      
      The downside, however, is that the kernel at EL1 inadvertently reading
      such mapping would not trip over the PAN (privileged access never)
      protection.
      
      Revert the relevant bits from commit cab15ce6 ("arm64: Introduce
      execute-only page access permissions") so that PROT_EXEC implies
      PROT_READ (and therefore PTE_USER) until the architecture gains proper
      support for execute-only user mappings.
      
      Fixes: cab15ce6 ("arm64: Introduce execute-only page access permissions")
      Cc: <stable@vger.kernel.org> # 4.9.x-
      Acked-by: default avatarWill Deacon <will@kernel.org>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: Greg...
      d9c64efb
    • Wen Yang's avatar
      ftrace: Avoid potential division by zero in function profiler · 7650b4b1
      Wen Yang authored
      commit e31f7939 upstream.
      
      The ftrace_profile->counter is unsigned long and
      do_div truncates it to 32 bits, which means it can test
      non-zero and be truncated to zero for division.
      Fix this issue by using div64_ul() instead.
      
      Link: http://lkml.kernel.org/r/20200103030248.14516-1-wenyang@linux.alibaba.com
      
      
      
      Cc: stable@vger.kernel.org
      Fixes: e330b3bc ("tracing: Show sample std dev in function profiling")
      Fixes: 34886c8b ("tracing: add average time in function to function profiler")
      Signed-off-by: default avatarWen Yang <wenyang@linux.alibaba.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7650b4b1
    • chenqiwu's avatar
      exit: panic before exit_mm() on global init exit · 66a10703
      chenqiwu authored
      
      commit 43cf75d9 upstream.
      
      Currently, when global init and all threads in its thread-group have exited
      we panic via:
      do_exit()
      -> exit_notify()
         -> forget_original_parent()
            -> find_child_reaper()
      This makes it hard to extract a useable coredump for global init from a
      kernel crashdump because by the time we panic exit_mm() will have already
      released global init's mm.
      This patch moves the panic futher up before exit_mm() is called. As was the
      case previously, we only panic when global init and all its threads in the
      thread-group have exited.
      
      Signed-off-by: default avatarchenqiwu <chenqiwu@xiaomi.com>
      Acked-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
      Acked-by: default avatarOleg Nesterov <oleg@redhat.com>
      [christian.brauner@ubuntu.com: fix typo, rewrite commit message]
      Link: https://lore.kernel.org/r/1576736993-10121-1-git-send-email-qiwuchen55@gmail.com
      
      
      Signed-off-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      66a10703
    • Takashi Iwai's avatar
      ALSA: firewire-motu: Correct a typo in the clock proc string · 8d70c0d5
      Takashi Iwai authored
      
      commit 0929249e upstream.
      
      Just fix a typo of "S/PDIF" in the clock name string.
      
      Fixes: 4638ec6e ("ALSA: firewire-motu: add proc node to show current statuc of clock and packet formats")
      Acked-by: default avatarTakashi Sakamoto <o-takashi@sakamocchi.jp>
      Link: https://lore.kernel.org/r/20191030100921.3826-1-tiwai@suse.de
      
      
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8d70c0d5
    • Colin Ian King's avatar
      ALSA: cs4236: fix error return comparison of an unsigned integer · d7867fbb
      Colin Ian King authored
      
      commit d60229d8 upstream.
      
      The return from pnp_irq is an unsigned integer type resource_size_t
      and hence the error check for a positive non-error code is always
      going to be true.  A check for a non-failure return from pnp_irq
      should in fact be for (resource_size_t)-1 rather than >= 0.
      
      Addresses-Coverity: ("Unsigned compared against 0")
      Fixes: a9824c86 ("[ALSA] Add CS4232 PnP BIOS support")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Link: https://lore.kernel.org/r/20191122131354.58042-1-colin.king@canonical.com
      
      
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d7867fbb
    • Steven Rostedt (VMware)'s avatar
      tracing: Have the histogram compare functions convert to u64 first · bc5e8a8a
      Steven Rostedt (VMware) authored
      commit 106f41f5 upstream.
      
      The compare functions of the histogram code would be specific for the size
      of the value being compared (byte, short, int, long long). It would
      reference the value from the array via the type of the compare, but the
      value was stored in a 64 bit number. This is fine for little endian
      machines, but for big endian machines, it would end up comparing zeros or
      all ones (depending on the sign) for anything but 64 bit numbers.
      
      To fix this, first derference the value as a u64 then convert it to the type
      being compared.
      
      Link: http://lkml.kernel.org/r/20191211103557.7bed6928@gandalf.local.home
      
      
      
      Cc: stable@vger.kernel.org
      Fixes: 08d43a5f ("tracing: Add lock-free tracing_map")
      Acked-by: default avatarTom Zanussi <zanussi@kernel.org>
      Reported-by: default avatarSven Schnelle <svens@stackframe.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      bc5e8a8a
    • Prateek Sood's avatar
      tracing: Fix lock inversion in trace_event_enable_tgid_record() · af247192
      Prateek Sood authored
      commit 3a53acf1 upstream.
      
             Task T2                             Task T3
      trace_options_core_write()            subsystem_open()
      
       mutex_lock(trace_types_lock)           mutex_lock(event_mutex)
      
       set_tracer_flag()
      
         trace_event_enable_tgid_record()       mutex_lock(trace_types_lock)
      
          mutex_lock(event_mutex)
      
      This gives a circular dependency deadlock between trace_types_lock and
      event_mutex. To fix this invert the usage of trace_types_lock and
      event_mutex in trace_options_core_write(). This keeps the sequence of
      lock usage consistent.
      
      Link: http://lkml.kernel.org/r/0101016eef175e38-8ca71caf-a4eb-480d-a1e6-6f0bbc015495-000000@us-west-2.amazonses.com
      
      
      
      Cc: stable@vger.kernel.org
      Fixes: d914ba37 ("tracing: Add support for recording tgid of tasks")
      Signed-off-by: default avatarPrateek Sood <prsood@codeaurora.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      af247192
    • Russell King's avatar
      gpiolib: fix up emulated open drain outputs · 3444204d
      Russell King authored
      
      commit 256efaea upstream.
      
      gpiolib has a corner case with open drain outputs that are emulated.
      When such outputs are outputting a logic 1, emulation will set the
      hardware to input mode, which will cause gpiod_get_direction() to
      report that it is in input mode. This is different from the behaviour
      with a true open-drain output.
      
      Unify the semantics here.
      
      Cc: <stable@vger.kernel.org>
      Suggested-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarBartosz Golaszewski <bgolaszewski@baylibre.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3444204d
    • Florian Fainelli's avatar
      ata: ahci_brcm: Fix AHCI resources management · ea0b4277
      Florian Fainelli authored
      
      commit c0cdf2ac upstream.
      
      The AHCI resources management within ahci_brcm.c is a little
      convoluted, largely because it historically had a dedicated clock that
      was managed within this file in the downstream tree. Once brough
      upstream though, the clock was left to be managed by libahci_platform.c
      which is entirely appropriate.
      
      This patch series ensures that the AHCI resources are fetched and
      enabled before any register access is done, thus avoiding bus errors on
      platforms which clock gate the controller by default.
      
      As a result we need to re-arrange the suspend() and resume() functions
      in order to avoid accessing registers after the clocks have been turned
      off respectively before the clocks have been turned on. Finally, we can
      refactor brcm_ahci_get_portmask() in order to fetch the number of ports
      from hpriv->mmio which is now accessible without jumping through hoops
      like we used to do.
      
      The commit pointed in the Fixes tag is both old and new enough not to
      require major headaches for backporting of this patch.
      
      Fixes: eba68f82 ("ata: ahci_brcmstb: rename to support across Broadcom SoC's")
      Cc: stable@vger.kernel.org
      Reviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ea0b4277
    • Florian Fainelli's avatar
      ata: ahci_brcm: Allow optional reset controller to be used · 0cbbbcda
      Florian Fainelli authored
      
      commit 2b2c47d9 upstream.
      
      On BCM63138, we need to reset the AHCI core prior to start utilizing it,
      grab the reset controller device cookie and do that.
      
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0cbbbcda
    • Florian Fainelli's avatar
      ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys() · eb3f6286
      Florian Fainelli authored
      
      commit 84b032db upstream.
      
      This reverts commit 6bb86fef
      ("libahci_platform: Staticize ahci_platform_<en/dis>able_phys()") we are
      going to need ahci_platform_{enable,disable}_phys() in a subsequent
      commit for ahci_brcm.c in order to properly control the PHY
      initialization order.
      
      Also make sure the function prototypes are declared in
      include/linux/ahci_platform.h as a result.
      
      Cc: stable@vger.kernel.org
      Reviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      eb3f6286
    • Arnd Bergmann's avatar
      compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE · 238d4e74
      Arnd Bergmann authored
      
      commit 673bdf8c upstream.
      
      These were added to blkdev_ioctl() but not blkdev_compat_ioctl,
      so add them now.
      
      Cc: <stable@vger.kernel.org> # v4.10+
      Fixes: 3ed05a98 ("blk-zoned: implement ioctls")
      Reviewed-by: default avatarDamien Le Moal <damien.lemoal@wdc.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      238d4e74
    • Arnd Bergmann's avatar
      compat_ioctl: block: handle Persistent Reservations · 77d19c9c
      Arnd Bergmann authored
      
      commit b2c0fcd2 upstream.
      
      These were added to blkdev_ioctl() in linux-5.5 but not
      blkdev_compat_ioctl, so add them now.
      
      Cc: <stable@vger.kernel.org> # v4.4+
      Fixes: bbd3e064 ("block: add an API for Persistent Reservations")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      Fold in followup patch from Arnd with missing pr.h header include.
      
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      77d19c9c